diff --git a/.flake8 b/.flake8
new file mode 100644
index 0000000000000000000000000000000000000000..4dbcc0f56f7ebf92d2a5e5b4ba1bc38a2c9d2a66
--- /dev/null
+++ b/.flake8
@@ -0,0 +1,4 @@
+[flake8]
+per-file-ignores =
+ tests/*: D103
+max-line-length = 99
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000000000000000000000000000000000000..af21f9244361403233e217c87557792567af16f5
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+.cache
+.yardoc
+.deps.mk
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000000000000000000000000000000000000..e867d37bfb242b3afa55c2b9b5750d1171a92977
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,23 @@
+.PHONY: all check test
+
+CACHE_DIR = .cache
+
+$(shell mkdir -p $(CACHE_DIR))
+
+include .deps.mk
+
+$(CACHE_DIR)/output.json:
+ ./merge-json.py --out $@ $^
+
+$(CACHE_DIR)/%.json:
+ cd $< && puppet strings generate --format json --out $(CURDIR)/$@
+
+index.html: $(CACHE_DIR)/output.json
+ python3 main.py $< > $@
+
+check:
+ flake8 *.py
+ mypy *.py
+
+test:
+ python -m pytest
diff --git a/README.md b/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..fb065a56079aa84b088bc8992dd2b80a47d7c130
--- /dev/null
+++ b/README.md
@@ -0,0 +1,13 @@
+Puppet Docs
+===========
+
+Utility for building hyperlinked and pretty doc from Puppet modules and
+environments.
+
+Usage
+-----
+
+```bash
+./configure --env ${PATH_TO_ENVIRONMENT}/modules
+make index.html
+```
diff --git a/cache.py b/cache.py
new file mode 100644
index 0000000000000000000000000000000000000000..53be5aabc8ce74aaac2b066e1b98169e87553bef
--- /dev/null
+++ b/cache.py
@@ -0,0 +1,37 @@
+"""
+Run puppet parse if files have changed.
+
+Non-changed file are fetched from the cache.
+(Cache currently implemneted on redis).
+"""
+
+import hashlib
+import json
+import subprocess
+import redis
+from typing import Any
+
+r = redis.Redis(host='localhost')
+
+
+def parse_puppet_for_real(s: str) -> bytes:
+ """Parse the given puppetstring into a json representation."""
+ cmd = subprocess.run('puppet parser dump --format json'.split(' '),
+ input=s.encode('UTF-8'),
+ check=True,
+ capture_output=True)
+ return cmd.stdout
+
+
+def parse_puppet(s: str) -> dict[str, Any]:
+ """Parse the given puppet string into a json representation, but use a cache."""
+ hash = hashlib.sha256(s.encode('UTF-8'))
+ digest = hash.hexdigest()
+ if record := r.get(digest):
+ return json.loads(record)
+ else:
+ almost_data = parse_puppet_for_real(s)
+ hash = hashlib.sha256(almost_data)
+ r.set(digest, almost_data)
+ data = json.loads(almost_data)
+ return data
diff --git a/configure b/configure
new file mode 100755
index 0000000000000000000000000000000000000000..795bad7c7eb3a9ef133a9a0c43414fa4ad2f0ad4
--- /dev/null
+++ b/configure
@@ -0,0 +1,29 @@
+#!/usr/bin/env python3
+
+import argparse
+import os
+import os.path
+
+parser = argparse.ArgumentParser(
+ prog='puppet-doc configure',
+ description='Sets up puppet doc')
+
+parser.add_argument('--env', action='store')
+
+args = parser.parse_args()
+
+env = args.env or '/etc/puppetlabs/code/modules'
+
+entries = []
+
+f = open('.deps.mk', 'w')
+
+for entry in os.scandir(env):
+ name = entry.name
+ path = os.path.join(env, entry)
+ print(f'.cache/{name}.json: {path}', file=f)
+ entries.append(f'.cache/{name}.json')
+
+print('.cache/output.json: ' + ' '.join(entries), file=f)
+
+f.close()
diff --git a/main.py b/main.py
new file mode 100644
index 0000000000000000000000000000000000000000..80b40caf6fbc5b5233d5d9959f9b3fee3cb40a16
--- /dev/null
+++ b/main.py
@@ -0,0 +1,865 @@
+from cache import parse_puppet
+from commonmark import commonmark
+from reflow import traverse
+from subprocess import CalledProcessError
+import html
+import json
+import sys
+
+
+match sys.argv:
+ case [_, d, *_]:
+ filename = d
+ case [_]:
+ filename = 'output.json'
+
+with open(filename) as f:
+ info = json.load(f)
+
+data = info
+
+param_doc: dict[str, str] = {}
+
+
+def print_hash(hash, indent=0):
+ if not hash:
+ return
+ # namelen = 0
+ for item in hash:
+ match item:
+ case ['=>', key, value]:
+ print(' '*indent*2, end='')
+ parse(key, indent=indent)
+ # print(' => ', end='')
+ print(' ⇒ ', end='')
+ parse(value, indent=indent)
+ case ['splat-hash', value]:
+ print(' '*indent*2, end='')
+ print('* => ', end='')
+ parse(value, indent=indent)
+ case _:
+ print(f'<span class="parse-error">[|[{item}]|]</span>')
+ print(',')
+
+
+def ops_namelen(ops):
+ namelen = 0
+ for item in ops:
+ match item:
+ case ['=>', key, _]:
+ namelen = max(namelen, len(key))
+ case ['+>', key, _]:
+ namelen = max(namelen, len(key))
+ case ['splat-hash', _]:
+ namelen = max(namelen, 1)
+ case _:
+ raise Exception("Unexpected item in resource:", item)
+ return namelen
+
+
+def print_array(arr, indent=0):
+ if not arr:
+ print('[]', end='')
+ return
+ print('[')
+ for item in arr:
+ print(' '*(indent+1)*2, end='')
+ parse(item)
+ print(',')
+ print(' '*indent*2 + ']', end='')
+
+
+def print_var(x, dollar=True):
+ dol = '$' if dollar else ''
+ if doc := param_doc.get(x):
+ print(f'<span class="var">{dol}{x}<div class="documentation">{doc}</div></span>',
+ end='')
+ else:
+ print(f'<span class="var">{dol}{x}</span>', end='')
+
+# TODO strip leading colons when looking up documentation
+
+# TODO context
+# - in heredoc (for strings)
+# - if variable is in string
+
+
+symbols: dict[str, str] = {
+ '=>': '⇒',
+ '!': '¬',
+ '!=': '≠',
+ '*': '×',
+ '>=': '≥',
+ '<=': '≤',
+ '~>': '⤳',
+ '->': '→',
+ '==': '≡',
+ '!~': '≁',
+}
+
+
+def parse(form, indent=0):
+ # Sorted per `sort -V`
+ match form:
+ case None:
+ print('<span class="undef">undef</span>', end='')
+
+ case True:
+ print('<span class="true">true</span>', end='')
+
+ case False:
+ print('<span class="false">false</span>', end='')
+
+ case ['access', how, *args]:
+ print('<span class="compound-type">', end='')
+ parse(how, indent=indent)
+ print('[', end='')
+ first = True
+ for arg in args:
+ if not first:
+ print(', ', end='')
+ # TODO newlines?
+ parse(arg, indent=indent)
+ first = False
+ print(']', end='')
+ print('</span>', end='')
+
+ case ['and', a, b]:
+ parse(a, indent=indent)
+ print(' and ', end='')
+ parse(b, indent=indent)
+
+ case ['array', *items]:
+ print_array(items, indent=indent+1)
+
+ case ['call', {'functor': func,
+ 'args': args}]:
+ print('<span class="call">', end='')
+ parse(func, indent=indent)
+ print('(', end='')
+ first = True
+ for arg in args:
+ if not first:
+ print(', ', end='')
+ first = False
+ parse(arg, indent=indent)
+ print(')', end='')
+ print('</span>', end='')
+
+ case ['call-method', func]:
+ print('<span class="call-method">', end='')
+ parse(func['functor'], indent=indent)
+
+ first = True
+ if not ('block' in func and func['args'] == []):
+ print('(', end='')
+ for x in func['args']:
+ if not first:
+ print(', ', end='')
+ first = False
+ parse(x, indent=indent)
+ # print(', '.join(parse(x, indent=indent) for x in func['args']), end='')
+ print(')', end='')
+
+ if 'block' in func:
+ parse(func['block'], indent=indent+1)
+
+ print('</span>', end='')
+
+ # print()
+
+ case ['case', test, forms]:
+ print('case ', end='')
+ parse(test, indent=indent)
+ print(' {')
+ for form in forms:
+ when = form['when']
+ then = form['then']
+ print(' '*(indent+1)*2, end='')
+ # print('{', end='')
+ cases = []
+ first = True
+ for item in when:
+ if not first:
+ print(', ', end='')
+ first = False
+ parse(item, indent=indent+1)
+ print(': {')
+ for item in then:
+ print(' '*(indent+2)*2, end='')
+ parse(item, indent=indent+2)
+ print()
+ print(' '*(indent+1)*2+'},')
+ print(' '*indent*2+'}', end='')
+
+ case ['class', {'name': name,
+ 'body': body,
+ **rest}]:
+ print(' '*indent*2 +
+ f'<span class="class">class</span> <span class="name">{name}</span> ', end='')
+ if 'params' in rest:
+ print('(')
+ for name, data in rest['params'].items():
+ print(' '*(indent+1)*2, end='')
+ if 'type' in data:
+ print('<span class="type">', end='')
+ parse(data['type'], indent=indent)
+ print('</span> ', end='')
+ print(f'<span class="var">${name}</span>', end='')
+ if 'value' in data:
+ print(' = ', end='')
+ parse(data.get('value'), indent=indent)
+ print(',', end='')
+ print()
+ print(' '*indent*2 + ') {')
+ else:
+ print('{')
+
+ for entry in body:
+ print(' '*(indent+1)*2, end='')
+ parse(entry, indent=indent+1)
+ print()
+
+ print(' '*indent*2+'}')
+
+ case ['concat', *args]:
+ print('<span class="string">"', end='')
+ for item in args:
+ match item:
+ case ['str', thingy]:
+ print('<span class="str-var">${', end='')
+ # print_var(x, dollar=False)
+ parse(thingy, indent=indent)
+ print('}</span>', end='')
+ case s:
+ # print(s, file=sys.stderr)
+ print(s
+ .replace('"', '\\"')
+ .replace('\n', '\\n'),
+ end='')
+
+ print('"</span>', end='')
+
+ case ['collect', {'type': t,
+ 'query': q}]:
+ parse(t, indent=indent)
+ print(' ', end='')
+ parse(q, indent=indent)
+
+ case ['default']:
+ print('<span class="default">default</span>', end='')
+
+ case ['define', {'name': name,
+ 'body': body,
+ **rest}]:
+ print(' '*indent*2 +
+ f'<span class="define">define</span> <span class="name">{name}</span> ', end='')
+
+ if params := rest.get('params'):
+ print('(')
+ for name, data in params.items():
+ print(' '*(indent+1)*2, end='')
+ if 'type' in data:
+ print('<span class="type">', end='')
+ parse(data['type'], indent=indent)
+ print('</span> ', end='')
+ # print(f'<span class="var">${name}</span>', end='')
+ print_var(name)
+ if 'value' in data:
+ print(' = ', end='')
+ parse(data.get('value'), indent=indent)
+ print(',', end='')
+ print()
+
+ print(' '*indent*2 + ') ', end='')
+ print('{')
+
+ for entry in body:
+ print(' '*(indent+1)*2, end='')
+ parse(entry, indent=indent+1)
+ print()
+
+ print(' '*indent*2 + '}', end='')
+
+ case ['exported-query']:
+ print('<<| |>>', end='')
+
+ case ['exported-query', arg]:
+ print('<<| ', end='')
+ parse(arg, indent=indent)
+ print(' |>>', end='')
+
+ case ['function', {'name': name,
+ 'body': body,
+ **rest}]:
+ print(f'function {name} (')
+ if 'params' in rest:
+ for name, attributes in rest['params'].items():
+ print(' '*(indent+1)*2, end='')
+ if 'type' in attributes:
+ parse(attributes['type'])
+ print(' ', end='')
+ print(f'${name}', end='')
+ if 'value' in attributes:
+ print(' = ', end='')
+ parse(attributes['value'])
+ print(',')
+ print(')', end='')
+ if 'returns' in rest:
+ print(' >> ', end='')
+ parse(rest['returns'])
+ print(' {')
+ for item in body:
+ print(' '*(indent+1)*2, end='')
+ parse(item, indent=indent+1)
+ print()
+ print('}')
+
+ case ['hash', *hash]:
+ if not hash:
+ print('{}', end='')
+ else:
+ print('{')
+ print_hash(hash, indent=indent+1)
+ print(' '*indent*2, end='')
+ print('}', end='')
+
+ case ['heredoc', {'text': text}]:
+ print('@("EOF")')
+ parse(text, indent=indent)
+ print(' '*indent*2 + '|')
+
+ case ['if', {'test': test,
+ **rest}]:
+ print('if ', end='')
+ parse(test, indent=indent)
+ print(' {')
+ if 'then' in rest:
+ for item in rest['then']:
+ print(' '*(indent+1)*2, end='')
+ parse(item, indent=indent+1)
+ print()
+ print(' '*indent*2 + '} ', end='')
+
+ if 'else' in rest:
+ match rest['else']:
+ case [['if', *rest]]:
+ print('els', end='')
+ parse(['if', *rest], indent=indent)
+ case el:
+ print('else {')
+ for item in el:
+ print(' '*(indent+1)*2, end='')
+ parse(item, indent=indent+1)
+ print()
+ print(' '*indent*2+'}', end='')
+
+ case ['in', needle, stack]:
+ parse(needle, indent=indent)
+ print(' in ', end='')
+ parse(stack, indent=indent)
+
+ case ['invoke', {'functor': func,
+ 'args': args}]:
+ print('<span class="invoke">', end='')
+ parse(func)
+ print(' ', end='')
+ if len(args) == 1:
+ parse(args[0], indent=indent+1)
+ else:
+ print(args)
+ print('(', end='')
+ first = True
+ for arg in args:
+ if not first:
+ print(', ', end='')
+ first = False
+ parse(arg, indent=indent+1)
+ # print(' '*indent*2, end='')
+ print(')', end='')
+ # print()
+ print('</span>', end='')
+
+ case ['nop']:
+ # print()
+ pass
+
+ case ['lambda', {'params': params,
+ 'body': body}]:
+ print('<span class="lambda">', end='')
+ args = ', '.join(f'${x}' for x in params.keys())
+ print(f' |{args}| {{')
+ for entry in body:
+ print(' '*indent*2, end='')
+ parse(entry, indent=indent)
+ print()
+ print(' '*(indent-1)*2 + '}', end='')
+ print('</span>', end='')
+ case ['and', a, b]:
+ parse(a, indent=indent)
+ print(' and ', end='')
+ parse(b, indent=indent)
+
+ case ['or', a, b]:
+ parse(a, indent=indent)
+ print(' or ', end='')
+ parse(b, indent=indent)
+
+ case ['paren', *forms]:
+ print('(', end='')
+ for form in forms:
+ parse(form, indent=indent+1)
+ print(')', end='')
+
+ # Qualified name?
+ case ['qn', x]:
+ print(f'<span class="qn">{x}</span>', end='')
+
+ # Qualified resource?
+ case ['qr', x]:
+ print(f'<span class="qr">{x}</span>', end='')
+
+ case ['regexp', s]:
+ print(f'<span class="regex">/<span class="regex-body">{s}</span>/</span>',
+ end='')
+
+ case ['resource', {'type': t,
+ 'bodies': [body]}]:
+ parse(t, indent=indent)
+ print(' { ', end='')
+ parse(body['title'])
+ print(':')
+ ops = body['ops']
+
+ namelen = ops_namelen(ops)
+
+ for item in ops:
+ match item:
+ case ['=>', key, value]:
+ print(' '*(indent+1)*2, end='')
+ pad = namelen - len(key)
+ print(f'<span class="parameter">{key}</span>', end='')
+ # print(' '*pad + ' => ', end='')
+ print(' '*pad + ' ⇒ ', end='')
+ parse(value, indent=indent+1)
+ print(',')
+
+ case ['splat-hash', value]:
+ print(' '*(indent+1)*2, end='')
+ print('<span class="parameter splat">*</span>', end='')
+ # print(' '*(namelen - 1) + ' => ', end='')
+ print(' '*(namelen - 1) + ' ⇒ ', end='')
+ parse(value, indent=indent+1)
+ print(',')
+
+ case _:
+ raise Exception("Unexpected item in resource:", item)
+ print(' '*indent*2+'}', end='')
+
+ case ['resource', {'type': t,
+ 'bodies': bodies}]:
+ parse(t, indent=indent)
+ print(' {')
+ for body in bodies:
+ print(' '*(indent+1)*2, end='')
+ parse(body['title'])
+ print(':')
+ ops = body['ops']
+
+ namelen = ops_namelen(ops)
+
+ for item in ops:
+ match item:
+ case ['=>', key, value]:
+ print(' '*(indent+2)*2, end='')
+ pad = namelen - len(key)
+ print(f'<span class="parameter">{key}</span>', end='')
+ # print(' '*pad + ' => ', end='')
+ print(' '*pad + ' ⇒ ', end='')
+ parse(value, indent=indent+2)
+ print(',')
+
+ case ['splat-hash', value]:
+ print(' '*(indent+2)*2, end='')
+ print('<span class="parameter splat">*</span>', end='')
+ # print(' '*(namelen - 1) + ' => ', end='')
+ print(' '*(namelen - 1) + ' ⇒ ', end='')
+ parse(value, indent=indent+2)
+ print(',')
+
+ case _:
+ raise Exception("Unexpected item in resource:", item)
+
+ print(' '*(indent+1)*2 + ';')
+ print(' '*indent*2+'}', end='')
+
+ case ['resource-defaults', {'type': t,
+ 'ops': ops}]:
+ parse(t, indent=indent)
+ print(' {')
+ namelen = ops_namelen(ops)
+ for op in ops:
+ match op:
+ case ['=>', key, value]:
+ print(' '*(indent+1)*2, end='')
+ pad = namelen - len(key)
+ print(f'<span class="parameter">{key}</span>', end='')
+ # print(' '*pad + ' => ', end='')
+ print(' '*pad + ' ⇒ ', end='')
+ parse(value, indent=indent+3)
+ print(',')
+
+ case ['splat-hash', value]:
+ print(' '*(indent+1)*2, end='')
+ pad = namelen - 1
+ print('<span class="parameter splat">*</span>', end=' '*pad)
+ print(' '*(namelen - 1) + ' ⇒ ', end='')
+ parse(value, indent=indent+2)
+ print(',')
+
+ case x:
+ raise Exception('Unexpected item in resource defaults:', x)
+ print(' '*indent*2 + '}', end='')
+
+ case ['resource-override', {'resources': resources,
+ 'ops': ops}]:
+ parse(resources, indent=indent)
+ print(' {')
+ namelen = ops_namelen(ops)
+ for op in ops:
+ match op:
+ case ['=>', key, value]:
+ print(' '*(indent+1)*2, end='')
+ pad = namelen - len(key)
+ print(f'<span class="parameter">{key}</span>', end='')
+ # print(' '*pad + ' => ', end='')
+ print(' '*pad + ' ⇒ ', end='')
+ parse(value, indent=indent+3)
+ print(',')
+
+ case ['+>', key, value]:
+ print(' '*(indent+2)*2, end='')
+ pad = namelen - len(key)
+ print(f'<span class="parameter">{key}</span>', end='')
+ # print(' '*pad + ' => ', end='')
+ print(' '*pad + ' +> ', end='')
+ parse(value, indent=indent+2)
+ print(',')
+
+ case ['splat-hash', value]:
+ print(' '*(indent+1)*2, end='')
+ pad = namelen - 1
+ print('<span class="parameter splat">*</span>', end=' '*pad)
+ print(' '*(namelen - 1) + ' ⇒ ', end='')
+ parse(value, indent=indent+2)
+ print(',')
+
+ case _:
+ raise Exception('Unexpected item in resource override:',
+ op)
+ print(' '*indent*2 + '}', end='')
+
+ case ['unless', {'test': test,
+ 'then': then}]:
+ print('unless ', end='')
+ parse(test, indent=indent)
+ print(' {')
+ for item in then:
+ print(' '*(indent+1)*2, end='')
+ parse(item, indent=indent+1)
+ print()
+
+ print(' '*indent*2 + '}', end='')
+
+ case ['var', x]:
+ print_var(x)
+
+ case ['virtual-query', q]:
+ print('<| ', end='')
+ parse(q)
+ print(' |>', end='')
+
+ case ['virtual-query']:
+ print('<| |>', end='')
+
+ # TODO unary splat
+
+ case ['!', x]:
+ # print('! ', end='')
+ print('¬ ', end='')
+ parse(x, indent=indent)
+
+ case ['!=', a, b]:
+ parse(a, indent=indent)
+ # print(' != ', end='')
+ print(' ≠ ', end='')
+ parse(b, indent=indent)
+
+ case ['+', a, b]:
+ parse(a, indent=indent)
+ print(' + ', end='')
+ parse(b, indent=indent)
+
+ case ['-', a, b]:
+ parse(a, indent=indent)
+ print(' - ', end='')
+ parse(b, indent=indent)
+
+ case ['-', a]:
+ print('- ', end='')
+ parse(a)
+
+ case ['*', a, b]:
+ parse(a, indent=indent)
+ print(' × ', end='')
+ parse(b, indent=indent)
+
+ case ['%', a, b]:
+ parse(a, indent=indent)
+ print(' % ', end='')
+ parse(b, indent=indent)
+
+ case ['<<', a, b]:
+ parse(a, indent=indent)
+ print(' << ', end='')
+ parse(b, indent=indent)
+
+ case ['>>', a, b]:
+ parse(a, indent=indent)
+ print(' >> ', end='')
+ parse(b, indent=indent)
+
+ case ['>=', a, b]:
+ parse(a, indent=indent)
+ print(' ≥ ', end='')
+ parse(b, indent=indent)
+
+ case ['<=', a, b]:
+ parse(a, indent=indent)
+ print(' ≤ ', end='')
+ parse(b, indent=indent)
+
+ case ['>', a, b]:
+ parse(a, indent=indent)
+ print(' > ', end='')
+ parse(b, indent=indent)
+
+ case ['<', a, b]:
+ parse(a, indent=indent)
+ print(' < ', end='')
+ parse(b, indent=indent)
+
+ case ['~>', left, right]:
+ parse(left, indent=indent)
+ print(f'\n{" "*indent*2}⤳ ', end='')
+ # print(f'\n{" "*indent*2}~> ', end='')
+ parse(right, indent=indent)
+
+ case ['->', left, right]:
+ parse(left, indent=indent)
+ # print(f'\n{" "*indent*2}-> ', end='')
+ print(f'\n{" "*indent*2}→ ', end='')
+ parse(right, indent=indent)
+
+ case ['.', left, right]:
+ parse(left, indent=indent)
+ print()
+ print(' '*indent*2, end='.')
+ parse(right, indent=indent+1)
+
+ case ['/', a, b]:
+ parse(a, indent=indent)
+ print(' / ', end='')
+ parse(b, indent=indent)
+
+ case ['=', field, value]:
+ # print(' ', end='')
+ parse(field, indent=indent)
+ print(' = ', end='')
+ parse(value, indent=indent)
+
+ case ['==', a, b]:
+ parse(a, indent=indent)
+ # print(' == ', end='')
+ print(' ≡ ', end='')
+ parse(b, indent=indent)
+
+ case ['=~', a, b]:
+ parse(a, indent=indent)
+ print(' =~ ', end='')
+ parse(b, indent=indent)
+
+ case ['!~', a, b]:
+ parse(a, indent=indent)
+ print(' ≁ ', end='')
+ parse(b, indent=indent)
+
+ case ['?', condition, cases]:
+ print('<span class="case">', end='')
+ parse(condition, indent=indent)
+ print(' ? {')
+ print_hash(cases, indent=indent+1)
+ print(' '*indent*2 + '}', end='')
+ print('</span>', end='')
+
+ case form:
+ if type(form) == str:
+ s = form.replace('\n', r'\n')
+ print(f"<span class=\"string\">'{s}'</span>", end='')
+ elif type(form) == int or type(form) == float:
+ print(f'<span class="number">{form}</span>', end='')
+ else:
+ print(f'<span class="parse-error">[|[{form}]|]</span>', end='')
+
+
+def print_docstring(docstring):
+ if 'tags' in docstring:
+ param_doc = {tag['name']: tag.get('text') or ''
+ for tag in docstring['tags']
+ if tag['tag_name'] == 'param'}
+ tags = docstring['tags']
+ else:
+ param_doc = {}
+ tags = []
+
+ # print(param_doc, file=sys.stderr)
+
+ # param_defaults = d_type['defaults']
+
+ print(f'<h2><code>{name}</code></h2>')
+
+ for tag in tags:
+ text = html.escape(tag.get('text') or '')
+ if tag['tag_name'] == 'summary':
+ print('<em class="summary">', end='')
+ print(text)
+ print('</em>')
+
+ for tag in tags:
+ text = html.escape(tag.get('text') or '')
+ if tag['tag_name'] == 'example':
+ print(f'<h3>{tag["name"]}</h3>')
+ print(f'<pre><code class="puppet">{text}</code></pre>')
+
+ if 'text' in docstring:
+ print('<div>')
+ print(commonmark(docstring['text']))
+ print('</div>')
+
+
+print('''<!doctype html>
+<html>
+ <head>
+ <meta charset="UTF-8">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
+ <link type="text/css" rel="stylesheet" href="style.css"/>
+ </head>
+ <body>
+''')
+
+print('<h1>Puppet Classes</h1>')
+for d_type in data['puppet_classes']:
+ name = d_type['name']
+ print(name, file=sys.stderr)
+ print_docstring(d_type['docstring'])
+
+ print('<pre><code class="puppet">')
+ tree = parse_puppet(d_type['source'])
+ t = traverse(tree)
+ parse(t)
+ print('</code></pre>')
+
+ print('<hr/>')
+
+
+print('<h1>Data Types</h1>')
+
+# TODO
+
+print('<h1>Data Type Aliases</h1>')
+for d_type in data['data_type_aliases']:
+ name = d_type['name']
+ print(name, file=sys.stderr)
+ print_docstring(d_type['docstring'])
+ print('<pre><code class="puppet">')
+ tree = parse_puppet(d_type['alias_of'])
+ t = traverse(tree)
+ parse(t)
+ print('</code></pre>')
+
+ print('<hr/>')
+
+
+print('<h1>Defined Types</h1>')
+for d_type in data['defined_types']:
+ name = d_type['name']
+ print(name, file=sys.stderr)
+ print_docstring(d_type['docstring'])
+
+ print('<pre><code class="puppet">')
+ tree = parse_puppet(d_type['source'])
+ t = traverse(tree)
+ parse(t)
+ print('</code></pre>')
+
+ print('<hr/>')
+
+
+print('<h1>Resource Types</h1>')
+for r_type in data['resource_types']:
+ name = r_type['name']
+ print(f'<h2>{name}</h2>')
+ print(r_type['docstring'])
+ if 'properties' in r_type:
+ print('<h3>Properties</h3>')
+ print('<ul>')
+ for property in r_type['properties']:
+ print(f'<li>{property["name"]}</li>')
+ # description, values, default
+ print('</ul>')
+
+ print('<h3>Parameters</h3>')
+ print('<ul>')
+ for parameter in r_type['parameters']:
+ print(f'<li>{parameter["name"]}</li>')
+ # description
+ # Optional[isnamevar]
+ print('</ul>')
+
+ if 'providers' in r_type:
+ print('<h3>Providers</h3>')
+ for provider in r_type['providers']:
+ print(f'<h4>{provider["name"]}</h4>')
+ # TODO
+
+print('<h1>Puppet Functions</h1>')
+for function in data['puppet_functions']:
+ name = function['name']
+ print(f'<h2>{name}</h2>')
+ t = function['type']
+ # docstring = function['docstring']
+ for signature in function['signatures']:
+ signature['signature']
+ signature['docstring']
+ if t in ['ruby3x', 'ruby4x']:
+ print(f'<pre><code class="ruby">{function["source"]}</code></pre>')
+ elif t == 'puppet':
+ print('<pre><code class="puppet">')
+ try:
+ tree = parse_puppet(function['source'])
+ t = traverse(tree)
+ parse(t)
+ except CalledProcessError as e:
+ print(e)
+ print('</code></pre>')
+
+print('<h1>Puppet Tasks</h1>')
+# TODO
+print('<h1>Puppet Plans</h1>')
+# TODO
+
+
+print('</body></html>')
+
+
+# TODO apache::*
diff --git a/merge-json.py b/merge-json.py
new file mode 100755
index 0000000000000000000000000000000000000000..65831da2012c87ef9de2cdc78d3e891fd62d58e6
--- /dev/null
+++ b/merge-json.py
@@ -0,0 +1,56 @@
+#!/usr/bin/env python3
+
+"""
+Merges json objects.
+
+Assumes that the root is an object, and that each key contains a list.
+"""
+
+import json
+
+from typing import Any
+
+
+def merge_dicts(objects: list[str]) -> dict[Any, list]:
+ """
+ Merge a list of dictionaries of lists.
+
+ Takes a list of python dictionaries, and return a single (merged)
+ dictionary. All key from any of the dictionaries will be present
+ in the output. If the same key appears in multiple input
+ dictionaries, then their contents will be concatenated in the
+ order they appear.
+
+ :param: objects
+ A list of dictionaries
+ :return:
+ the merged dictionary
+ """
+ merged: dict[str, list[str]] = {}
+
+ for entry in objects:
+ with open(entry) as f:
+ data: dict[str, list] = json.load(f)
+
+ for key, value in data.items():
+ merged[key] = (merged.get(key) or []) + value
+
+ return merged
+
+
+def __main():
+ import argparse
+ parser = argparse.ArgumentParser()
+ parser.add_argument('--out', action='store')
+ parser.add_argument('input', nargs=argparse.REMAINDER)
+ args = parser.parse_args()
+ out = args.out or 'output.json'
+
+ merged = merge_dicts(args.input)
+
+ with open(out, 'w') as f:
+ json.dump(merged, f)
+
+
+if __name__ == '__main__':
+ __main()
diff --git a/output.json b/output.json
new file mode 100644
index 0000000000000000000000000000000000000000..bc05a99686856526bc805a8b4da66ad0edf8134f
--- /dev/null
+++ b/output.json
@@ -0,0 +1 @@
+{"puppet_classes": [{"name": "letsencrypt", "file": "manifests/init.pp", "line": 15, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Contact email sent to letsencrypt", "types": ["String"], "name": "email"}, {"tag_name": "param", "text": "Should the certbot package resource be managed by this class", "types": ["Boolean"], "name": "manage_package"}, {"tag_name": "param", "text": "Name of the certbot package. Should be automatically set through hiera.", "types": ["String"], "name": "certbot_package"}, {"tag_name": "param", "text": "Server providing ACME challenge", "types": ["String"], "name": "server"}, {"tag_name": "param", "text": "Service responsible for periodically renewing the certificate", "types": ["Letsencrypt::Renewal_provider"], "name": "renewal_provider"}, {"tag_name": "param", "text": "Default configuration values to pass to certbot. $server and\n$email is added here if not explicitly set. It's later merged with\na specific instance for each certificate.", "types": ["Hash[String, Any]"], "name": "config"}, {"tag_name": "summary", "text": "Sets up letsencrypt for other classes"}]}, "defaults": {"certbot_package": "'certbot'", "manage_package": "true", "server": "'https://acme-v02.api.letsencrypt.org/directory'", "config": "{}"}, "source": "class letsencrypt (\n String $email,\n Letsencrypt::Renewal_provider $renewal_provider, # hiera\n String $certbot_package = 'certbot',\n Boolean $manage_package = true,\n String $server = 'https://acme-v02.api.letsencrypt.org/directory',\n Hash[String, Any] $config = {},\n) {\n # if $default_cert {\n # letsencrypt::cert { $default_cert_name:\n # ensure => present,\n # }\n # }\n\n # These are internal instead of parameters, since certbot appears to\n # not accept them in other places. This might prove wrong (BSD?), in\n # that case: make them parameters again, and resolve the few remaining\n # instances where they are hard coded.\n $config_dir = '/etc/letsencrypt'\n $cert_dir = \"${config_dir}/live\"\n\n # Used by letsencrypt::cert\n $config_ = {\n 'server' => $server,\n 'email' => $email,\n } + $config\n\n file { $config_dir:\n ensure => directory,\n }\n\n include letsencrypt::renew::setup\n\n if $manage_package {\n package { $certbot_package:\n ensure => installed,\n }\n }\n}"}, {"name": "letsencrypt::authenticator::nginx", "file": "manifests/authenticator/nginx.pp", "line": 10, "docstring": {"text": "Sets up nginx specific configuration, and provides access to\nvariables for enterpolating into nginx configurations\n\nThese use the default cert name", "tags": [{"tag_name": "param", "text": "Name of the system package providing this plugin.\nPopulated through hiera.", "types": ["String"], "name": "certbot_plugin_package"}, {"tag_name": "param", "text": "If this class should manage the package.", "types": ["Boolean"], "name": "manage_package"}]}, "defaults": {"manage_package": "true"}, "source": "class letsencrypt::authenticator::nginx (\n String $certbot_plugin_package,\n Boolean $manage_package = true,\n) {\n if $manage_package {\n ensure_packages([$certbot_plugin_package])\n }\n}"}, {"name": "letsencrypt::renew::cron::setup", "file": "manifests/renew/cron/setup.pp", "line": 3, "docstring": {"text": "Handles renewal certificates through CRON", "tags": [{"tag_name": "api", "text": "private"}]}, "source": "class letsencrypt::renew::cron::setup (\n) {\n fail('Not yet implemented')\n}"}, {"name": "letsencrypt::renew::setup", "file": "manifests/renew/setup.pp", "line": 5, "docstring": {"text": "Sets up timers for automatically renewing certificates", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "param", "text": "How the renewal should be managed.", "types": ["Letsencrypt::Renewal_provider"], "name": "provider"}]}, "defaults": {"provider": "$letsencrypt::renewal_provider"}, "source": "class letsencrypt::renew::setup (\n Letsencrypt::Renewal_provider $provider = $letsencrypt::renewal_provider,\n) {\n include \"::letsencrypt::renew::${provider}::setup\"\n\n # also used by letsencrypt::cert\n $renew_script = \"${letsencrypt::config_dir}/renew_cert\"\n\n file { $renew_script:\n source => \"puppet:///modules/${module_name}/run_certbot.py\",\n mode => '0555',\n }\n}"}, {"name": "letsencrypt::renew::systemd::setup", "file": "manifests/renew/systemd/setup.pp", "line": 5, "docstring": {"text": "Handles renewal certificates through systemd timers", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "param", "text": "Target name of the service file", "types": ["String"], "name": "service_name"}, {"tag_name": "param", "text": "Where the service file should be installed", "types": ["String"], "name": "service_path"}]}, "defaults": {"service_name": "'letsencrypt-renew'", "service_path": "'/etc/systemd/system'"}, "source": "class letsencrypt::renew::systemd::setup (\n String $service_name = 'letsencrypt-renew',\n String $service_path = '/etc/systemd/system',\n) {\n file { \"${service_path}/${service_name}@.service\":\n source => \"puppet:///modules/${module_name}/letsencrypt-renew.service\",\n notify => Exec['systemctl daemon-reload'],\n }\n\n file { \"${service_path}/${service_name}@.timer\":\n source => \"puppet:///modules/${module_name}/letsencrypt-renew.timer\",\n notify => Exec['systemctl daemon-reload'],\n }\n\n exec { 'systemctl daemon-reload':\n refreshonly => true,\n provider => shell,\n }\n}"}, {"name": "pacman", "file": "manifests/init.pp", "line": 21, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Path for puppet added hooks", "types": ["String"], "name": "hooks_path"}, {"tag_name": "param", "text": "Path for pacman configuration", "types": ["String"], "name": "conf_path"}, {"tag_name": "param", "text": "It's a secret to everybody.", "types": ["Boolean"], "name": "ilovecandy"}, {"tag_name": "param", "types": ["Optional[Integer]"], "name": "parallel_downloads"}, {"tag_name": "param", "text": "Contents of default mirrorlist file.\nMutually exclusive with $mirrorlist_content.", "types": ["Optional[String]"], "name": "mirrorlist_source"}, {"tag_name": "param", "text": "Source url of default mirrorlist file.\nMutually exclusive with $mirrorlist_source.", "types": ["Optional[String]"], "name": "mirrorlist_content"}, {"tag_name": "param", "text": "Path to default mirrorlist file.", "types": ["String"], "name": "mirrorlist_file"}, {"tag_name": "param", "text": "Should 'pacman -Sy' be run after changes to the configuration?", "types": ["Boolean"], "name": "update"}, {"tag_name": "param", "text": "Should Archlinux' regular repositories be included", "types": ["Boolean"], "name": "include_default"}, {"tag_name": "summary", "text": "Configures the Pacman package manager"}]}, "defaults": {"hooks_path": "'/etc/pacman.d/hooks-puppet'", "conf_path": "'/etc/pacman.conf'", "ilovecandy": "false", "parallel_downloads": "undef", "mirrorlist_source": "undef", "mirrorlist_content": "undef", "mirrorlist_file": "'/etc/pacman.d/mirrorlist'", "update": "false", "include_default": "true"}, "source": "class pacman (\n String $hooks_path = '/etc/pacman.d/hooks-puppet',\n String $conf_path = '/etc/pacman.conf',\n Boolean $ilovecandy = false,\n Optional[Integer] $parallel_downloads = undef,\n Optional[String] $mirrorlist_source = undef,\n Optional[String] $mirrorlist_content = undef,\n String $mirrorlist_file = '/etc/pacman.d/mirrorlist',\n Boolean $update = false,\n Boolean $include_default = true,\n) {\n $hooks_ = [$hooks_path]\n $parallel_downloads_ = if versioncmp($facts['pacman-version'], '6.0.0') != -1 {\n $parallel_downloads\n } else {\n false\n }\n\n include pacman::setup\n\n if $update {\n exec { 'pacman -Sy':\n command => ['pacman', '-Sy'],\n path => ['/bin', '/usr/bin'],\n refreshonly => true,\n subscribe => Concat[$conf_path],\n }\n }\n\n concat::fragment { 'pacman.conf header':\n target => $conf_path,\n source => \"puppet:///modules/${module_name}/header\",\n order => 0,\n }\n\n concat::fragment { 'pacman.conf options':\n target => $conf_path,\n order => 1,\n content => epp(\"${module_name}/pacman.conf.epp\"),\n }\n\n file { $hooks_path:\n ensure => directory,\n recurse => true,\n purge => true,\n }\n\n if $mirrorlist_source == undef and $mirrorlist_content == undef {\n file { $mirrorlist_file:\n backup => true,\n source => \"puppet:///modules/${module_name}/mirrorlist\",\n }\n } else {\n file { $mirrorlist_file:\n backup => true,\n source => $mirrorlist_source,\n content => $mirrorlist_content,\n }\n }\n\n if $include_default {\n pacman::repo { ['core', 'extra', 'community']:\n include => $mirrorlist_file,\n }\n }\n}"}, {"name": "pacman::makepkg", "file": "manifests/makepkg.pp", "line": 48, "docstring": {"text": "Complete configuration of makepkg.conf(5)", "tags": [{"tag_name": "param", "types": ["Hash[String, String]"], "name": "dlagents"}, {"tag_name": "param", "types": ["Hash[String,String]"], "name": "vcsclients"}, {"tag_name": "param", "types": ["String"], "name": "carch"}, {"tag_name": "param", "types": ["String"], "name": "chost"}, {"tag_name": "param", "types": ["Optional[String]"], "name": "cppflags"}, {"tag_name": "param", "types": ["String"], "name": "cflags"}, {"tag_name": "param", "types": ["String"], "name": "cxxflags"}, {"tag_name": "param", "types": ["String"], "name": "ldflags"}, {"tag_name": "param", "types": ["Optional[String]"], "name": "rustflags"}, {"tag_name": "param", "types": ["Optional[String]"], "name": "makeflags"}, {"tag_name": "param", "types": ["String"], "name": "debug_cflags"}, {"tag_name": "param", "types": ["String"], "name": "debug_cxxflags"}, {"tag_name": "param", "types": ["Optional[String]"], "name": "debug_rustflags"}, {"tag_name": "param", "types": ["Pacman::Buildenv"], "name": "buildenv"}, {"tag_name": "param", "types": ["Optional[String]"], "name": "distcc_hosts"}, {"tag_name": "param", "types": ["Optional[String]"], "name": "builddir"}, {"tag_name": "param", "types": ["Pacman::PackageOptions"], "name": "options"}, {"tag_name": "param", "types": ["Array[Pacman::ChecksumTypes]"], "name": "integrity_check"}, {"tag_name": "param", "types": ["String"], "name": "strip_binaries"}, {"tag_name": "param", "types": ["String"], "name": "strip_shared"}, {"tag_name": "param", "types": ["String"], "name": "strip_static"}, {"tag_name": "param", "types": ["Array[String]"], "name": "man_dirs"}, {"tag_name": "param", "types": ["Array[String]"], "name": "doc_dirs"}, {"tag_name": "param", "types": ["Array[String]"], "name": "purge_targets"}, {"tag_name": "param", "types": ["String"], "name": "dbgsrcdir"}, {"tag_name": "param", "types": ["Optional[String]"], "name": "pkgdest"}, {"tag_name": "param", "types": ["Optional[String]"], "name": "srcdest"}, {"tag_name": "param", "types": ["Optional[String]"], "name": "srcpkgdest"}, {"tag_name": "param", "types": ["Optional[String]"], "name": "logdest"}, {"tag_name": "param", "types": ["Optional[String]"], "name": "packager"}, {"tag_name": "param", "types": ["Optional[String]"], "name": "gpgkey"}, {"tag_name": "param", "types": ["String"], "name": "compressgz"}, {"tag_name": "param", "types": ["String"], "name": "compressbz2"}, {"tag_name": "param", "types": ["String"], "name": "compressxz"}, {"tag_name": "param", "types": ["String"], "name": "compresszst"}, {"tag_name": "param", "types": ["String"], "name": "compresslrz"}, {"tag_name": "param", "types": ["String"], "name": "compresslzo"}, {"tag_name": "param", "types": ["String"], "name": "compressz"}, {"tag_name": "param", "types": ["String"], "name": "compresslz4"}, {"tag_name": "param", "types": ["String"], "name": "compresslz"}, {"tag_name": "param", "types": ["String"], "name": "pkgext"}, {"tag_name": "param", "types": ["String"], "name": "srcext"}, {"tag_name": "param", "types": ["Optional[String]"], "name": "pacman_auth"}, {"tag_name": "summary", "text": "Arch makepkg configuration"}]}, "defaults": {"dlagents": "{\n 'file' => '/usr/bin/curl -gqC - -o %o %u',\n 'ftp' => '/usr/bin/curl -gqfC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %u',\n 'http' => '/usr/bin/curl -gqb \"\" -fLC - --retry 3 --retry-delay 3 -o %o %u',\n 'https' => '/usr/bin/curl -gqb \"\" -fLC - --retry 3 --retry-delay 3 -o %o %u',\n 'rsync' => '/usr/bin/rsync --no-motd -z %u %o',\n 'scp' => '/usr/bin/scp -C %u %o',\n }", "vcsclients": "{\n 'bzr' => 'bzr',\n 'git' => 'git',\n 'hg' => 'mercurial',\n 'svn' => 'subversion',\n }", "carch": "'x86_64'", "chost": "'x86_64-pc-linux-gnu'", "cppflags": "undef", "cflags": "'-march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions\n -Wp,-D_FORTIFY_SOURCE=2\n -Wformat -Werror=format-security\n -fstack-clash-protection -fcf-protection'", "cxxflags": "'$CFLAGS -Wp,-D_GLIBCXX_ASSERTIONS'", "ldflags": "'-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now'", "rustflags": "undef", "makeflags": "undef", "debug_cflags": "'-g -fvar-tracking-assignments'", "debug_cxxflags": "'-g -fvar-tracking-assignments'", "debug_rustflags": "undef", "buildenv": "{\n distcc => false,\n color => true,\n ccache => false,\n check => true,\n sign => false,\n }", "distcc_hosts": "undef", "builddir": "undef", "options": "{\n string => true,\n docs => true,\n libtool => false,\n staticlibs => false,\n emptydirs => true,\n zipman => true,\n purge => true,\n debug => false,\n lto => false, # This is fairly new...\n }", "integrity_check": "['sha256']", "strip_binaries": "'--strip-all'", "strip_shared": "'--strip-unneeded'", "strip_static": "'--strip-debug'", "man_dirs": "['{usr{,/local}{,/share},opt/*}/{man,info}']", "doc_dirs": "['usr/{,local/}{,share/}{doc,gtk-doc}', 'opt/*/{doc,gtk-doc}']", "purge_targets": "['usr/{,share}/info/dir', '.packlist', '*.pod']", "dbgsrcdir": "'/usr/src/debug'", "pkgdest": "undef", "srcdest": "undef", "srcpkgdest": "undef", "logdest": "undef", "packager": "undef", "gpgkey": "undef", "compressgz": "'gzip -c -f -n'", "compressbz2": "'bzip2 -c -f'", "compressxz": "'xz -c -z -'", "compresszst": "'zstd -c -z -q -'", "compresslrz": "'lrzip -q'", "compresslzo": "'lzop -q'", "compressz": "'compress -c -f'", "compresslz4": "'lz4 -q'", "compresslz": "'lzip -c -f'", "pkgext": "'.pkg.tar.zst'", "srcext": "'.src.tar.gz'", "pacman_auth": "undef"}, "source": "class pacman::makepkg (\n # protocol: agent\n Hash[String, String] $dlagents = {\n 'file' => '/usr/bin/curl -gqC - -o %o %u',\n 'ftp' => '/usr/bin/curl -gqfC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %u',\n 'http' => '/usr/bin/curl -gqb \"\" -fLC - --retry 3 --retry-delay 3 -o %o %u',\n 'https' => '/usr/bin/curl -gqb \"\" -fLC - --retry 3 --retry-delay 3 -o %o %u',\n 'rsync' => '/usr/bin/rsync --no-motd -z %u %o',\n 'scp' => '/usr/bin/scp -C %u %o',\n },\n # protocol: package\n Hash[String,String] $vcsclients = {\n 'bzr' => 'bzr',\n 'git' => 'git',\n 'hg' => 'mercurial',\n 'svn' => 'subversion',\n },\n String $carch = 'x86_64',\n String $chost = 'x86_64-pc-linux-gnu',\n Optional[String] $cppflags = undef, # ''\n String $cflags = '-march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions\n -Wp,-D_FORTIFY_SOURCE=2\n -Wformat -Werror=format-security\n -fstack-clash-protection -fcf-protection',\n String $cxxflags = '$CFLAGS -Wp,-D_GLIBCXX_ASSERTIONS',\n String $ldflags = '-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now',\n Optional[String] $rustflags = undef, # '-C opt-level=2',\n Optional[String] $makeflags = undef, # '-j2'\n String $debug_cflags = '-g -fvar-tracking-assignments',\n String $debug_cxxflags = '-g -fvar-tracking-assignments',\n Optional[String] $debug_rustflags = undef, # '-C debuginfo=2'\n Pacman::Buildenv $buildenv = {\n distcc => false,\n color => true,\n ccache => false,\n check => true,\n sign => false,\n },\n Optional[String] $distcc_hosts = undef, # ''\n Optional[String] $builddir = undef, # '/tmp/makepkg'\n Pacman::PackageOptions $options = {\n string => true,\n docs => true,\n libtool => false,\n staticlibs => false,\n emptydirs => true,\n zipman => true,\n purge => true,\n debug => false,\n lto => false, # This is fairly new...\n },\n Array[Pacman::ChecksumTypes] $integrity_check = ['sha256'],\n String $strip_binaries = '--strip-all',\n String $strip_shared = '--strip-unneeded',\n String $strip_static = '--strip-debug',\n Array[String] $man_dirs = ['{usr{,/local}{,/share},opt/*}/{man,info}'],\n Array[String] $doc_dirs = ['usr/{,local/}{,share/}{doc,gtk-doc}', 'opt/*/{doc,gtk-doc}'],\n Array[String] $purge_targets = ['usr/{,share}/info/dir', '.packlist', '*.pod'],\n String $dbgsrcdir = '/usr/src/debug',\n Optional[String] $pkgdest = undef, # /home/packages\n Optional[String] $srcdest = undef, # /home/soruces\n Optional[String] $srcpkgdest = undef, # /home/srcpackages\n Optional[String] $logdest = undef, # /home/makepkglogs\n Optional[String] $packager = undef, # John Doe <john@doe.com>\n Optional[String] $gpgkey = undef, # \"\"\n String $compressgz = 'gzip -c -f -n',\n String $compressbz2 = 'bzip2 -c -f',\n String $compressxz = 'xz -c -z -',\n String $compresszst = 'zstd -c -z -q -',\n String $compresslrz = 'lrzip -q',\n String $compresslzo = 'lzop -q',\n String $compressz = 'compress -c -f',\n String $compresslz4 = 'lz4 -q',\n String $compresslz = 'lzip -c -f',\n String $pkgext = '.pkg.tar.zst',\n String $srcext = '.src.tar.gz',\n Optional[String] $pacman_auth = undef, # ''\n) {\n file { '/etc/makepkg.conf':\n content => epp('pacman/makepkg.conf.epp'),\n }\n}"}, {"name": "pacman::setup", "file": "manifests/setup.pp", "line": 2, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}]}, "source": "class pacman::setup (\n) {\n concat { $pacman::conf_path:\n ensure => present,\n order => 'numeric',\n backup => true,\n }\n}"}, {"name": "puppet", "file": "manifests/init.pp", "line": 568, "inherits": "puppet::params", "docstring": {"text": "== Class: puppet\n\nThis class installs and configures the puppet agent.\n\n=== Parameters:\n\n$show_diff:: Show and report changed files with diff output\n\n$ca_server:: Use a different ca server. Should be either\n a string with the location of the ca_server\n or 'false'.\n\n== Advanced puppet parameters\n\n$version:: Specify a specific version of a package to\n install. The version should be the exact\n match for your distro.\n You can also use certain values like 'latest'.\n Note that when you specify exact versions you\n should also override $server_version since\n that defaults to $version.\n\n$manage_packages:: Should this module install packages or not.\n Can also install only server packages with value\n of 'server' or only agent packages with 'agent'.\n\n$port:: Override the port of the master we connect to.\n\n$splay:: Switch to enable a random amount of time\n to sleep before each run.\n\n$splaylimit:: The maximum time to delay before runs.\n Defaults to being the same as the run interval.\n This setting can be a time interval in seconds\n (30 or 30s), minutes (30m), hours (6h), days (2d),\n or years (5y).\n\n$runinterval:: Set up the interval (in seconds) to run\n the puppet agent.\n\n$autosign:: If set to a boolean, autosign is enabled or disabled\n for all incoming requests. Otherwise this has to be\n set to the full file path of an autosign.conf file or\n an autosign script. If this is set to a script, make\n sure that script considers the content of autosign.conf\n as otherwise Foreman functionality might be broken.\n\n$autosign_entries:: A list of certnames or domain name globs\n whose certificate requests will automatically be signed.\n Defaults to an empty Array.\n\n$autosign_mode:: mode of the autosign file/script\n\n$autosign_content:: If set, write the autosign file content\n using the value of this parameter.\n Cannot be used at the same time as autosign_entries\n For example, could be a string, or\n file('another_module/autosign.sh') or\n template('another_module/autosign.sh.erb')\n\n$autosign_source:: If set, use this as the source for the autosign file,\n instead of autosign_content.\n\n$usecacheonfailure:: Switch to enable use of cached catalog on\n failure of run.\n\n$runmode:: Select the mode to setup the puppet agent.\n\n$run_hour:: The hour at which to run the puppet agent\n when runmode is cron or systemd.timer.\n\n$run_minute:: The minute at which to run the puppet agent\n when runmode is cron or systemd.timer.\n\n$cron_cmd:: Specify command to launch when runmode is\n set 'cron'.\n\n$systemd_cmd:: Specify command to launch when runmode is\n set 'systemd.timer'.\n\n$systemd_randomizeddelaysec:: Adds a random delay between 0 and this value\n (in seconds) to the timer. Only relevant when\n runmode is 'systemd.timer'.\n\n$module_repository:: Use a different puppet module repository\n\n$ca_port:: Puppet CA port\n\n$ca_crl_filepath:: Path to CA CRL file, dynamically resolves based on\n $::server_ca status.\n\n$dns_alt_names:: Use additional DNS names when generating a\n certificate. Defaults to an empty Array.\n\n$hiera_config:: The hiera configuration file.\n\n$syslogfacility:: Facility name to use when logging to syslog\n\n$use_srv_records:: Whether DNS SRV records will be used to resolve\n the Puppet master\n\n$srv_domain:: Search domain for SRV records\n\n$additional_settings:: A hash of additional main settings.\n\n$http_connect_timeout:: The maximum amount of time an agent waits\n when establishing an HTTP connection.\n\n$http_read_timeout:: The time an agent waits for one block to be\n read from an HTTP connection. If nothing is\n read after the elapsed interval then the\n connection will be closed.\n\n$user:: Override the name of the puppet user.\n\n$group:: Override the name of the puppet group.\n\n$dir:: Override the puppet directory.\n\n$codedir:: Override the puppet code directory.\n\n$vardir:: Override the puppet var directory.\n\n$logdir:: Override the log directory.\n\n$rundir:: Override the PID directory.\n\n$ssldir:: Override where SSL certificates are kept.\n\n$sharedir:: Override the system data directory.\n\n$package_provider:: The provider used to install the agent.\n Defaults to chocolatey on Windows\n Defaults to undef elsewhere\n\n$package_source:: The location of the file to be used by the\n agent's package resource.\n Defaults to undef. If 'windows' or 'msi' are\n used as the provider then this setting is\n required.\n$package_install_options:: Flags that should be passed to the package manager\n during installation. Defaults to undef. May be\n a string, an array or a hash, see Puppet Package resource\n documentation for the provider matching your package manager\n\n$unavailable_runmodes:: Runmodes that are not available for the\n current system. This module will not try\n to disable these modes. Default is []\n on Linux, ['cron', 'systemd.timer'] on\n Windows and ['systemd.timer'] on other\n systems.\n\n$auth_template:: Use a custom template for /etc/puppetlabs/puppet/auth.conf\n\n$pluginsource:: URL to retrieve Puppet plugins from during pluginsync\n\n$pluginfactsource:: URL to retrieve Puppet facts from during pluginsync\n\n$classfile:: The file in which puppet agent stores a list\n of the classes associated with the retrieved\n configuration.\n\n== puppet::agent parameters\n\n$agent:: Should a puppet agent be installed\n\n$agent_noop:: Run the agent in noop mode.\n\n$puppetmaster:: Hostname of your puppetmaster (server\n directive in puppet.conf)\n\n$prerun_command:: A command which gets excuted before each Puppet run\n\n$postrun_command:: A command which gets excuted after each Puppet run\n\n$environment:: Default environment of the Puppet agent\n\n$agent_additional_settings:: A hash of additional agent settings.\n Example: {stringify_facts => true}\n\n$client_certname:: The node's certificate name, and the unique\n identifier it uses when requesting catalogs.\n\n$report:: Send reports to the Puppet Master\n\n== advanced agent parameters\n\n$service_name:: The name of the puppet agent service.\n\n$agent_restart_command:: The command which gets excuted on puppet service restart\n\n$client_package:: Install a custom package to provide\n the puppet client\n\n$systemd_unit_name:: The name of the puppet systemd units.\n\n$dir_owner:: Owner of the base puppet directory, used when\n puppet::server is false.\n\n$dir_group:: Group of the base puppet directory, used when\n puppet::server is false.\n\n== puppet::server parameters\n\n$server:: Should a puppet master be installed as well as the client\n\n$server_ip:: Bind ip address of the puppetmaster\n\n$server_port:: Puppet master port\n\n$server_ca:: Provide puppet CA\n\n$server_ca_crl_sync:: Sync puppet CA crl file to compile masters, Puppet CA Must be the Puppetserver\n for the compile masters. Defaults to false.\n\n$server_crl_enable:: Turn on crl checking. Defaults to true when server_ca is true. Otherwise\n Defaults to false. Note unless you are using an external CA. It is recommended\n to set this to true. See $server_ca_crl_sync to enable syncing from CA Puppet Master\n\n$server_reports:: List of report types to include on the puppetmaster\n\n$server_external_nodes:: External nodes classifier executable\n\n$server_trusted_external_command:: The external trusted facts script to use.\n\n$server_git_repo:: Use git repository as a source of modules\n\n$server_environments_owner:: The owner of the environments directory\n\n$server_environments_group:: The group owning the environments directory\n\n$server_environments_mode:: Environments directory mode.\n\n$server_common_modules_path:: Common modules paths\n\n$server_git_repo_path:: Git repository path\n\n$server_git_repo_mode:: Git repository mode\n\n$server_git_repo_group:: Git repository group\n\n$server_git_repo_user:: Git repository user\n\n$server_git_branch_map:: Git branch to puppet env mapping for the\n default post receive hook\n\n$server_storeconfigs:: Whether to enable storeconfigs\n\n$server_certname:: The name to use when handling certificates.\n\n=== Advanced server parameters:\n\n$server_strict_variables:: if set to true, it will throw parse errors\n when accessing undeclared variables.\n\n$server_additional_settings:: A hash of additional settings.\n Example: {trusted_node_data => true, ordering => 'manifest'}\n\n$server_manage_user:: Whether to manage the server user resource\n\n$server_user:: Name of the puppetmaster user.\n\n$server_group:: Name of the puppetmaster group.\n\n$server_dir:: Puppet configuration directory\n\n$server_http:: Should the puppet master listen on HTTP as well as HTTPS.\n Useful for load balancer or reverse proxy scenarios.\n\n$server_http_port:: Puppet master HTTP port; defaults to 8139.\n\n$server_foreman_facts:: Should foreman receive facts from puppet\n\n$server_foreman:: Should foreman integration be installed\n\n$server_foreman_url:: Foreman URL\n\n$server_foreman_ssl_ca:: SSL CA of the Foreman server\n\n$server_foreman_ssl_cert:: Client certificate for authenticating against Foreman server\n\n$server_foreman_ssl_key:: Key for authenticating against Foreman server\n\n$server_puppet_basedir:: Where is the puppet code base located\n\n$server_request_timeout:: Timeout in node.rb script for fetching\n catalog from Foreman (in seconds).\n\n$server_environment_timeout:: Timeout for cached compiled catalogs (10s, 5m, ...)\n\n$server_envs_dir:: List of directories which hold puppet environments\n\n$server_envs_target:: Indicates that $envs_dir should be\n a symbolic link to this target\n\n$server_jvm_java_bin:: Set the default java to use.\n\n$server_jvm_config:: Specify the puppetserver jvm configuration file.\n\n$server_jvm_min_heap_size:: Specify the minimum jvm heap space.\n\n$server_jvm_max_heap_size:: Specify the maximum jvm heap space.\n\n$server_jvm_extra_args:: Additional java options to pass through.\n This can be used for Java versions prior to\n Java 8 to specify the max perm space to use:\n For example: '-XX:MaxPermSize=128m'.\n\n$server_jvm_cli_args:: Java options to use when using puppetserver\n subcommands (eg puppetserver gem).\n\n$server_jruby_gem_home:: Where jruby gems are located for puppetserver\n\n$server_environment_vars:: A hash of environment variables and their values\n which the puppetserver is allowed to see.\n To define literal values double quotes should be used:\n {'MYVAR': '\"MYVALUE\"'}. Omitting the inner quotes\n might lead to unexpected results since the HOCON\n format does not allow characters like $,\n curly/square brackets or = in unquoted strings.\n Multi line strings are also allowed as long as they are\n triple quoted: {'MYVAR': \"\\\"\\\"\\\"MY\\nMULTI\\nLINE\\nVALUE\\\"\\\"\\\"\"}\n To pass an existing variable use substitutions: {'MYVAR': '${MYVAR}'}.\n\n$allow_any_crl_auth:: Allow any authentication for the CRL. This\n is needed on the puppet CA to accept clients\n from a the puppet CA proxy.\n\n$auth_allowed:: An array of authenticated nodes allowed to\n access all catalog and node endpoints.\n default to ['$1']\n\n$server_default_manifest:: Toggle if default_manifest setting should\n be added to the [main] section\n\n$server_default_manifest_path:: A string setting the path to the default_manifest\n\n$server_default_manifest_content:: A string to set the content of the default_manifest\n If set to '' it will not manage the file\n\n$server_package:: Custom package name for puppet master\n\n$server_version:: Custom package version for puppet master\n\n$server_ssl_dir:: SSL directory\n\n$server_ssl_dir_manage:: Toggle if ssl_dir should be added to the [master]\n configuration section. This is necessary to\n disable in case CA is delegated to a separate instance\n\n$server_ssl_key_manage:: Toggle if \"private_keys/${::puppet::server::certname}.pem\"\n should be created with default user and group. This is used in\n the default Forman setup to reuse the key for TLS communication.\n\n$server_puppetserver_vardir:: The path of the puppetserver var dir\n\n$server_puppetserver_rundir:: The path of the puppetserver run dir\n\n$server_puppetserver_logdir:: The path of the puppetserver log dir\n\n$server_puppetserver_dir:: The path of the puppetserver config dir\n\n$server_puppetserver_version:: The version of puppetserver installed (or being installed)\n Unfortunately, different versions of puppetserver need\n configuring differently. The default is derived from the\n installed puppet version. Generally it's not needed to\n override this but when upgrading it might be.\n\n$server_max_active_instances:: Max number of active jruby instances. Defaults to\n processor count\n\n$server_max_requests_per_instance:: Max number of requests a jruby instances will handle. Defaults to 0 (disabled)\n\n$server_max_queued_requests:: The maximum number of requests that may be queued waiting to borrow a\n JRuby from the pool.\n Defaults to 0 (disabled).\n\n$server_max_retry_delay:: Sets the upper limit for the random sleep set as a Retry-After header on\n 503 responses returned when max-queued-requests is enabled.\n Defaults to 1800.\n\n$server_multithreaded:: Use multithreaded jruby. Defaults to false.\n\n$server_idle_timeout:: How long the server will wait for a response on an existing connection\n\n$server_connect_timeout:: How long the server will wait for a response to a connection attempt\n\n$server_ssl_protocols:: Array of SSL protocols to use.\n Defaults to [ 'TLSv1.2' ]\n\n$server_ssl_chain_filepath:: Path to certificate chain for puppetserver\n Only used when $ca is true\n Defaults to \"${ssl_dir}/ca/ca_crt.pem\"\n\n$server_cipher_suites:: List of SSL ciphers to use in negotiation\n Defaults to [ 'TLS_RSA_WITH_AES_256_CBC_SHA256', 'TLS_RSA_WITH_AES_256_CBC_SHA',\n 'TLS_RSA_WITH_AES_128_CBC_SHA256', 'TLS_RSA_WITH_AES_128_CBC_SHA', ]\n\n$server_ruby_load_paths:: List of ruby paths\n Defaults based on $::puppetversion\n\n$server_ca_client_whitelist:: The whitelist of client certificates that\n can query the certificate-status endpoint\n Defaults to [ '127.0.0.1', '::1', $::ipaddress ]\n\n$server_custom_trusted_oid_mapping:: A hash of custom trusted oid mappings. Defaults to undef\n Example: { 1.3.6.1.4.1.34380.1.2.1.1 => { shortname => 'myshortname' } }\n\n$server_admin_api_whitelist:: The whitelist of clients that\n can query the puppet-admin-api endpoint\n Defaults to [ '127.0.0.1', '::1', $::ipaddress ]\n\n$server_ca_auth_required:: Whether client certificates are needed to access the puppet-admin api\n Defaults to true\n\n$server_ca_client_self_delete:: Adds a rule to auth.conf, that allows a client to delete its own certificate\n Defaults to false\n\n$server_use_legacy_auth_conf:: Should the puppetserver use the legacy puppet auth.conf?\n Defaults to false (the puppetserver will use its own conf.d/auth.conf)\n Note that Puppetserver 7 has dropped this option.\n\n$server_check_for_updates:: Should the puppetserver phone home to check for available updates?\n Defaults to true\n\n$server_post_hook_content:: Which template to use for git post hook\n\n$server_post_hook_name:: Name of a git hook\n\n$server_environment_class_cache_enabled:: Enable environment class cache in conjunction with the use of the\n environment_classes API.\n Defaults to false\n\n$server_allow_header_cert_info:: Enable client authentication over HTTP Headers\n Defaults to false, is also activated by the $server_http setting\n\n$server_web_idle_timeout:: Time in ms that Jetty allows a socket to be idle, after processing has\n completed.\n Defaults to 30000, using the Jetty default of 30s\n\n$server_puppetserver_metrics:: Enable puppetserver http-client metrics\n Defaults to true, matching defaults in Puppetserver 5+.\n\n$server_puppetserver_profiler:: Enable JRuby profiling.\n Defaults to true, matching defaults in Puppetserver 5+.\n If set to false, compiler and function metrics will not be available, (eg. when enabling graphite metrics)\n\n$server_puppetserver_telemetry:: Enable Dropsonde telemetry.\n Defaults to true, matching defaults in Puppetserver 7.\n If set to false, will disable module metrics submission via Dropsonde.\n Note that is only valid since Puppetserver 7.\n\n$server_metrics_jmx_enable:: Enable or disable JMX metrics reporter. Defaults to true\n\n$server_metrics_graphite_enable:: Enable or disable Graphite metrics reporter. Defaults to false\n\n$server_metrics_graphite_host:: Graphite server host. Defaults to \"127.0.0.1\"\n\n$server_metrics_graphite_port:: Graphite server port. Defaults to 2003\n\n$server_metrics_server_id:: A server id that will be used as part of the namespace for metrics produced\n Defaults to $fqdn\n\n$server_metrics_graphite_interval:: How often to send metrics to graphite (in seconds)\n Defaults to 5\n\n$server_metrics_allowed:: Specify metrics to allow in addition to those in the default list\n Defaults to undef\n\n$server_puppetserver_experimental:: Enable the /puppet/experimental route? Defaults to true\n\n$server_puppetserver_auth_template:: Template for generating /etc/puppetlabs/puppetserver/conf.d/auth.conf\n\n$server_puppetserver_trusted_agents:: Certificate names of puppet agents that are allowed to fetch *all* catalogs\n Defaults to [] and all agents are only allowed to fetch their own catalogs.\n\n$server_puppetserver_trusted_certificate_extensions:: An array of hashes of certificate extensions and values to be used in auth.conf\n A puppet client certificate containing valid extension(s) will be allowed to fetch\n *any* catalog.\n Defaults to [] and no certificate extensions are recognised as being allowed\n to fetch *any* catalog.\n Example: [{ 'pp_authorization' => 'catalog' }]\n Any client certificate containing the `pp_authorization` extension with value `catalog`\n will be permitted to fetch any catalog.\n Complicated example: [\n { '1.3.6.1.4.1.34380.1.3.1' => 'catalog' },\n { '1.3.6.1.4.1.34380.1.1.13' => 'jenkins_server', '1.3.6.1.4.1.34380.1.1.24' => 'prod' }\n ]\n Clients presenting a certificate with `pp_authorization = catalog` *or* with `pp_role`\n *and* `pp_apptier` extensions set\n correctly will be authorized to fetch any catalog.\n NB. If server_ca == false, use oids instead of extension shortnames.\n See https://tickets.puppetlabs.com/browse/SERVER-1689\n\n$server_compile_mode:: Used to control JRuby's \"CompileMode\", which may improve performance.\n Defaults to undef (off).\n\n$server_parser:: Sets the parser to use. Valid options are 'current' or 'future'.\n Defaults to 'current'.\n\n$server_acceptor_threads:: This sets the number of threads that the webserver will dedicate to accepting\n socket connections for unencrypted HTTP traffic. If not provided, the webserver\n defaults to the number of virtual cores on the host divided by 8, with a minimum\n of 1 and maximum of 4.\n\n$server_selector_threads:: This sets the number of selectors that the webserver will dedicate to processing\n events on connected sockets for unencrypted HTTPS traffic. If not provided,\n the webserver defaults to the minimum of: virtual cores on the host divided by 2\n or max-threads divided by 16, with a minimum of 1.\n\n$server_max_threads:: This sets the maximum number of threads assigned to responding to HTTP and/or\n HTTPS requests for a single webserver, effectively changing how many\n concurrent requests can be made at one time. If not provided, the\n webserver defaults to 200.\n\n$server_ssl_acceptor_threads:: This sets the number of threads that the webserver will dedicate to accepting\n socket connections for encrypted HTTPS traffic. If not provided, defaults to\n the number of virtual cores on the host divided by 8, with a minimum of 1 and maximum of 4.\n\n$server_ssl_selector_threads:: This sets the number of selectors that the webserver will dedicate to processing\n events on connected sockets for encrypted HTTPS traffic. Defaults to the number of\n virtual cores on the host divided by 2, with a minimum of 1 and maximum of 4.\n The number of selector threads actually used by Jetty is twice the number of selectors\n requested. For example, if a value of 3 is specified for the ssl-selector-threads setting,\n Jetty will actually use 6 selector threads.\n\n$server_ca_allow_sans:: Allow CA to sign certificate requests that have Subject Alternative Names\n Defaults to false\n\n$server_ca_allow_auth_extensions:: Allow CA to sign certificate requests that have authorization extensions\n Defaults to false\n\n$server_ca_enable_infra_crl:: Enable the separate CRL for Puppet infrastructure nodes\n Defaults to false\n\n$server_max_open_files:: Increase the max open files limit for Puppetserver.\n Defaults to undef\n\n$server_versioned_code_id:: The path to an executable script that Puppet Server invokes to generate a code_id\n Defaults to undef\n\n$server_versioned_code_content:: Contains the path to an executable script that Puppet Server\n invokes when on static_file_content requests.\n Defaults to undef\n\n$server_jolokia_metrics_whitelist:: The whitelist of clients that\n can query the jolokia /metrics/v2 endpoint\n\n=== Usage:\n\n* Simple usage:\n\n include puppet\n\n* Installing a puppetmaster\n\n class {'puppet':\n server => true,\n }\n\n* Advanced usage:\n\n class {'puppet':\n agent_noop => true,\n version => '6.15.0-1',\n }", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "version"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "user"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "group"}, {"tag_name": "param", "text": "", "types": ["Stdlib::Absolutepath"], "name": "dir"}, {"tag_name": "param", "text": "", "types": ["Stdlib::Absolutepath"], "name": "codedir"}, {"tag_name": "param", "text": "", "types": ["Stdlib::Absolutepath"], "name": "vardir"}, {"tag_name": "param", "text": "", "types": ["Stdlib::Absolutepath"], "name": "logdir"}, {"tag_name": "param", "text": "", "types": ["Stdlib::Absolutepath"], "name": "rundir"}, {"tag_name": "param", "text": "", "types": ["Stdlib::Absolutepath"], "name": "ssldir"}, {"tag_name": "param", "text": "", "types": ["Stdlib::Absolutepath"], "name": "sharedir"}, {"tag_name": "param", "text": "", "types": ["Variant[Boolean, Enum['server', 'agent']]"], "name": "manage_packages"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "dir_owner"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "dir_group"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "package_provider"}, {"tag_name": "param", "text": "", "types": ["Optional[Variant[String,Hash,Array]]"], "name": "package_install_options"}, {"tag_name": "param", "text": "", "types": ["Optional[Variant[Stdlib::Absolutepath, Stdlib::HTTPUrl]]"], "name": "package_source"}, {"tag_name": "param", "text": "", "types": ["Integer[0, 65535]"], "name": "port"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "splay"}, {"tag_name": "param", "text": "", "types": ["Variant[Integer[0],Pattern[/^\\d+[smhdy]?$/]]"], "name": "splaylimit"}, {"tag_name": "param", "text": "", "types": ["Variant[Boolean, Stdlib::Absolutepath]"], "name": "autosign"}, {"tag_name": "param", "text": "", "types": ["Array[String]"], "name": "autosign_entries"}, {"tag_name": "param", "text": "", "types": ["Pattern[/^[0-9]{3,4}$/]"], "name": "autosign_mode"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "autosign_content"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "autosign_source"}, {"tag_name": "param", "text": "", "types": ["Variant[Integer[0],Pattern[/^\\d+[smhdy]?$/]]"], "name": "runinterval"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "usecacheonfailure"}, {"tag_name": "param", "text": "", "types": ["Enum['cron', 'service', 'systemd.timer', 'none', 'unmanaged']"], "name": "runmode"}, {"tag_name": "param", "text": "", "types": ["Optional[Integer[0,23]]"], "name": "run_hour"}, {"tag_name": "param", "text": "", "types": ["Variant[Integer[0,59], Array[Integer[0,59]], Undef]"], "name": "run_minute"}, {"tag_name": "param", "text": "", "types": ["Array[Enum['cron', 'service', 'systemd.timer', 'none']]"], "name": "unavailable_runmodes"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "cron_cmd"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "systemd_cmd"}, {"tag_name": "param", "text": "", "types": ["Integer[0]"], "name": "systemd_randomizeddelaysec"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "agent_noop"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "show_diff"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::HTTPUrl]"], "name": "module_repository"}, {"tag_name": "param", "text": "", "types": ["Optional[Integer[0]]"], "name": "http_connect_timeout"}, {"tag_name": "param", "text": "", "types": ["Optional[Integer[0]]"], "name": "http_read_timeout"}, {"tag_name": "param", "text": "", "types": ["Optional[Variant[String, Boolean]]"], "name": "ca_server"}, {"tag_name": "param", "text": "", "types": ["Optional[Integer[0, 65535]]"], "name": "ca_port"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "ca_crl_filepath"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "prerun_command"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "postrun_command"}, {"tag_name": "param", "text": "", "types": ["Array[String]"], "name": "dns_alt_names"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "use_srv_records"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "srv_domain"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "pluginsource"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "pluginfactsource"}, {"tag_name": "param", "text": "", "types": ["Hash[String, Data]"], "name": "additional_settings"}, {"tag_name": "param", "text": "", "types": ["Hash[String, Data]"], "name": "agent_additional_settings"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "agent_restart_command"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "classfile"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "hiera_config"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "auth_template"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "allow_any_crl_auth"}, {"tag_name": "param", "text": "", "types": ["Array[String]"], "name": "auth_allowed"}, {"tag_name": "param", "text": "", "types": ["Variant[String, Array[String]]"], "name": "client_package"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "agent"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "report"}, {"tag_name": "param", "text": "", "types": ["Variant[String, Boolean]"], "name": "client_certname"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "puppetmaster"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "systemd_unit_name"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "service_name"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "syslogfacility"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "environment"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "server"}, {"tag_name": "param", "text": "", "types": ["Array[String]"], "name": "server_admin_api_whitelist"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "server_manage_user"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "server_user"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "server_group"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "server_dir"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "server_ip"}, {"tag_name": "param", "text": "", "types": ["Integer"], "name": "server_port"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "server_ca"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "server_ca_crl_sync"}, {"tag_name": "param", "text": "", "types": ["Optional[Boolean]"], "name": "server_crl_enable"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "server_ca_auth_required"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "server_ca_client_self_delete"}, {"tag_name": "param", "text": "", "types": ["Array[String]"], "name": "server_ca_client_whitelist"}, {"tag_name": "param", "text": "", "types": ["Optional[Puppet::Custom_trusted_oid_mapping]"], "name": "server_custom_trusted_oid_mapping"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "server_http"}, {"tag_name": "param", "text": "", "types": ["Integer"], "name": "server_http_port"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "server_reports"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::Absolutepath]"], "name": "server_puppetserver_dir"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::Absolutepath]"], "name": "server_puppetserver_vardir"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::Absolutepath]"], "name": "server_puppetserver_rundir"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::Absolutepath]"], "name": "server_puppetserver_logdir"}, {"tag_name": "param", "text": "", "types": ["Optional[Pattern[/^[\\d]\\.[\\d]+\\.[\\d]+$/]]"], "name": "server_puppetserver_version"}, {"tag_name": "param", "text": "", "types": ["Variant[Undef, String[0], Stdlib::Absolutepath]"], "name": "server_external_nodes"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::Absolutepath]"], "name": "server_trusted_external_command"}, {"tag_name": "param", "text": "", "types": ["Array[String]"], "name": "server_cipher_suites"}, {"tag_name": "param", "text": "", "types": ["Integer[0]"], "name": "server_connect_timeout"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "server_git_repo"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "server_default_manifest"}, {"tag_name": "param", "text": "", "types": ["Stdlib::Absolutepath"], "name": "server_default_manifest_path"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "server_default_manifest_content"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "server_environments_owner"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "server_environments_group"}, {"tag_name": "param", "text": "", "types": ["Pattern[/^[0-9]{3,4}$/]"], "name": "server_environments_mode"}, {"tag_name": "param", "text": "", "types": ["Array[Stdlib::Absolutepath, 1]"], "name": "server_envs_dir"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::Absolutepath]"], "name": "server_envs_target"}, {"tag_name": "param", "text": "", "types": ["Variant[Undef, String[0], Array[Stdlib::Absolutepath]]"], "name": "server_common_modules_path"}, {"tag_name": "param", "text": "", "types": ["Pattern[/^[0-9]{3,4}$/]"], "name": "server_git_repo_mode"}, {"tag_name": "param", "text": "", "types": ["Stdlib::Absolutepath"], "name": "server_git_repo_path"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "server_git_repo_group"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "server_git_repo_user"}, {"tag_name": "param", "text": "", "types": ["Hash[String, String]"], "name": "server_git_branch_map"}, {"tag_name": "param", "text": "", "types": ["Integer[0]"], "name": "server_idle_timeout"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "server_post_hook_content"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "server_post_hook_name"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "server_storeconfigs"}, {"tag_name": "param", "text": "", "types": ["Array[Stdlib::Absolutepath]"], "name": "server_ruby_load_paths"}, {"tag_name": "param", "text": "", "types": ["Stdlib::Absolutepath"], "name": "server_ssl_dir"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "server_ssl_dir_manage"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "server_ssl_key_manage"}, {"tag_name": "param", "text": "", "types": ["Array[String]"], "name": "server_ssl_protocols"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::Absolutepath]"], "name": "server_ssl_chain_filepath"}, {"tag_name": "param", "text": "", "types": ["Optional[Variant[String, Array[String]]]"], "name": "server_package"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "server_version"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "server_certname"}, {"tag_name": "param", "text": "", "types": ["Integer[0]"], "name": "server_request_timeout"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "server_strict_variables"}, {"tag_name": "param", "text": "", "types": ["Hash[String, Data]"], "name": "server_additional_settings"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "server_foreman"}, {"tag_name": "param", "text": "", "types": ["Stdlib::HTTPUrl"], "name": "server_foreman_url"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::Absolutepath]"], "name": "server_foreman_ssl_ca"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::Absolutepath]"], "name": "server_foreman_ssl_cert"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::Absolutepath]"], "name": "server_foreman_ssl_key"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "server_foreman_facts"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::Absolutepath]"], "name": "server_puppet_basedir"}, {"tag_name": "param", "text": "", "types": ["Enum['current', 'future']"], "name": "server_parser"}, {"tag_name": "param", "text": "", "types": ["Variant[Undef, Enum['unlimited'], Pattern[/^\\d+[smhdy]?$/]]"], "name": "server_environment_timeout"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "server_jvm_java_bin"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "server_jvm_config"}, {"tag_name": "param", "text": "", "types": ["Pattern[/^[0-9]+[kKmMgG]$/]"], "name": "server_jvm_min_heap_size"}, {"tag_name": "param", "text": "", "types": ["Pattern[/^[0-9]+[kKmMgG]$/]"], "name": "server_jvm_max_heap_size"}, {"tag_name": "param", "text": "", "types": ["Optional[Variant[String,Array[String]]]"], "name": "server_jvm_extra_args"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "server_jvm_cli_args"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::Absolutepath]"], "name": "server_jruby_gem_home"}, {"tag_name": "param", "text": "", "types": ["Hash[String, String]"], "name": "server_environment_vars"}, {"tag_name": "param", "text": "", "types": ["Integer[1]"], "name": "server_max_active_instances"}, {"tag_name": "param", "text": "", "types": ["Integer[0]"], "name": "server_max_requests_per_instance"}, {"tag_name": "param", "text": "", "types": ["Integer[0]"], "name": "server_max_queued_requests"}, {"tag_name": "param", "text": "", "types": ["Integer[0]"], "name": "server_max_retry_delay"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "server_multithreaded"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "server_use_legacy_auth_conf"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "server_check_for_updates"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "server_environment_class_cache_enabled"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "server_allow_header_cert_info"}, {"tag_name": "param", "text": "", "types": ["Integer[0]"], "name": "server_web_idle_timeout"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "server_puppetserver_metrics"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "server_puppetserver_profiler"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "server_puppetserver_telemetry"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "server_metrics_jmx_enable"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "server_metrics_graphite_enable"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "server_metrics_graphite_host"}, {"tag_name": "param", "text": "", "types": ["Integer"], "name": "server_metrics_graphite_port"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "server_metrics_server_id"}, {"tag_name": "param", "text": "", "types": ["Integer"], "name": "server_metrics_graphite_interval"}, {"tag_name": "param", "text": "", "types": ["Optional[Array]"], "name": "server_metrics_allowed"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "server_puppetserver_experimental"}, {"tag_name": "param", "text": "", "types": ["Optional[String[1]]"], "name": "server_puppetserver_auth_template"}, {"tag_name": "param", "text": "", "types": ["Array[String]"], "name": "server_puppetserver_trusted_agents"}, {"tag_name": "param", "text": "", "types": ["Array[Hash]"], "name": "server_puppetserver_trusted_certificate_extensions"}, {"tag_name": "param", "text": "", "types": ["Optional[Enum['off', 'jit', 'force']]"], "name": "server_compile_mode"}, {"tag_name": "param", "text": "", "types": ["Optional[Integer[1]]"], "name": "server_acceptor_threads"}, {"tag_name": "param", "text": "", "types": ["Optional[Integer[1]]"], "name": "server_selector_threads"}, {"tag_name": "param", "text": "", "types": ["Optional[Integer[1]]"], "name": "server_ssl_acceptor_threads"}, {"tag_name": "param", "text": "", "types": ["Optional[Integer[1]]"], "name": "server_ssl_selector_threads"}, {"tag_name": "param", "text": "", "types": ["Optional[Integer[1]]"], "name": "server_max_threads"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "server_ca_allow_sans"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "server_ca_allow_auth_extensions"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "server_ca_enable_infra_crl"}, {"tag_name": "param", "text": "", "types": ["Optional[Integer[1]]"], "name": "server_max_open_files"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::Absolutepath]"], "name": "server_versioned_code_id"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::Absolutepath]"], "name": "server_versioned_code_content"}, {"tag_name": "param", "text": "", "types": ["Array[String[1]]"], "name": "server_jolokia_metrics_whitelist"}]}, "defaults": {"version": "$puppet::params::version", "user": "$puppet::params::user", "group": "$puppet::params::group", "dir": "$puppet::params::dir", "codedir": "$puppet::params::codedir", "vardir": "$puppet::params::vardir", "logdir": "$puppet::params::logdir", "rundir": "$puppet::params::rundir", "ssldir": "$puppet::params::ssldir", "sharedir": "$puppet::params::sharedir", "manage_packages": "$puppet::params::manage_packages", "dir_owner": "$puppet::params::dir_owner", "dir_group": "$puppet::params::dir_group", "package_provider": "$puppet::params::package_provider", "package_install_options": "$puppet::params::package_install_options", "package_source": "$puppet::params::package_source", "port": "$puppet::params::port", "splay": "$puppet::params::splay", "splaylimit": "$puppet::params::splaylimit", "autosign": "$puppet::params::autosign", "autosign_entries": "$puppet::params::autosign_entries", "autosign_mode": "$puppet::params::autosign_mode", "autosign_content": "$puppet::params::autosign_content", "autosign_source": "$puppet::params::autosign_source", "runinterval": "$puppet::params::runinterval", "usecacheonfailure": "$puppet::params::usecacheonfailure", "runmode": "$puppet::params::runmode", "run_hour": "undef", "run_minute": "undef", "unavailable_runmodes": "$puppet::params::unavailable_runmodes", "cron_cmd": "$puppet::params::cron_cmd", "systemd_cmd": "$puppet::params::systemd_cmd", "systemd_randomizeddelaysec": "$puppet::params::systemd_randomizeddelaysec", "agent_noop": "$puppet::params::agent_noop", "show_diff": "$puppet::params::show_diff", "module_repository": "$puppet::params::module_repository", "http_connect_timeout": "$puppet::params::http_connect_timeout", "http_read_timeout": "$puppet::params::http_read_timeout", "ca_server": "$puppet::params::ca_server", "ca_port": "$puppet::params::ca_port", "ca_crl_filepath": "$puppet::params::ca_crl_filepath", "prerun_command": "$puppet::params::prerun_command", "postrun_command": "$puppet::params::postrun_command", "dns_alt_names": "$puppet::params::dns_alt_names", "use_srv_records": "$puppet::params::use_srv_records", "srv_domain": "$puppet::params::srv_domain", "pluginsource": "$puppet::params::pluginsource", "pluginfactsource": "$puppet::params::pluginfactsource", "additional_settings": "$puppet::params::additional_settings", "agent_additional_settings": "$puppet::params::agent_additional_settings", "agent_restart_command": "$puppet::params::agent_restart_command", "classfile": "$puppet::params::classfile", "hiera_config": "$puppet::params::hiera_config", "auth_template": "$puppet::params::auth_template", "allow_any_crl_auth": "$puppet::params::allow_any_crl_auth", "auth_allowed": "$puppet::params::auth_allowed", "client_package": "$puppet::params::client_package", "agent": "$puppet::params::agent", "report": "$puppet::params::report", "client_certname": "$puppet::params::client_certname", "puppetmaster": "$puppet::params::puppetmaster", "systemd_unit_name": "$puppet::params::systemd_unit_name", "service_name": "$puppet::params::service_name", "syslogfacility": "$puppet::params::syslogfacility", "environment": "$puppet::params::environment", "server": "$puppet::params::server", "server_admin_api_whitelist": "$puppet::params::server_admin_api_whitelist", "server_manage_user": "$puppet::params::manage_user", "server_user": "$puppet::params::user", "server_group": "$puppet::params::group", "server_dir": "$puppet::params::dir", "server_ip": "$puppet::params::ip", "server_port": "$puppet::params::port", "server_ca": "$puppet::params::server_ca", "server_ca_crl_sync": "$puppet::params::server_ca_crl_sync", "server_crl_enable": "$puppet::params::server_crl_enable", "server_ca_auth_required": "$puppet::params::server_ca_auth_required", "server_ca_client_self_delete": "$puppet::params::server_ca_client_self_delete", "server_ca_client_whitelist": "$puppet::params::server_ca_client_whitelist", "server_custom_trusted_oid_mapping": "$puppet::params::server_custom_trusted_oid_mapping", "server_http": "$puppet::params::server_http", "server_http_port": "$puppet::params::server_http_port", "server_reports": "$puppet::params::server_reports", "server_puppetserver_dir": "$puppet::params::server_puppetserver_dir", "server_puppetserver_vardir": "$puppet::params::server_puppetserver_vardir", "server_puppetserver_rundir": "$puppet::params::server_puppetserver_rundir", "server_puppetserver_logdir": "$puppet::params::server_puppetserver_logdir", "server_puppetserver_version": "$puppet::params::server_puppetserver_version", "server_external_nodes": "$puppet::params::server_external_nodes", "server_trusted_external_command": "$puppet::params::server_trusted_external_command", "server_cipher_suites": "$puppet::params::server_cipher_suites", "server_connect_timeout": "$puppet::params::server_connect_timeout", "server_git_repo": "$puppet::params::server_git_repo", "server_default_manifest": "$puppet::params::server_default_manifest", "server_default_manifest_path": "$puppet::params::server_default_manifest_path", "server_default_manifest_content": "$puppet::params::server_default_manifest_content", "server_environments_owner": "$puppet::params::server_environments_owner", "server_environments_group": "$puppet::params::server_environments_group", "server_environments_mode": "$puppet::params::server_environments_mode", "server_envs_dir": "$puppet::params::server_envs_dir", "server_envs_target": "$puppet::params::server_envs_target", "server_common_modules_path": "$puppet::params::server_common_modules_path", "server_git_repo_mode": "$puppet::params::server_git_repo_mode", "server_git_repo_path": "$puppet::params::server_git_repo_path", "server_git_repo_group": "$puppet::params::server_git_repo_group", "server_git_repo_user": "$puppet::params::server_git_repo_user", "server_git_branch_map": "$puppet::params::server_git_branch_map", "server_idle_timeout": "$puppet::params::server_idle_timeout", "server_post_hook_content": "$puppet::params::server_post_hook_content", "server_post_hook_name": "$puppet::params::server_post_hook_name", "server_storeconfigs": "$puppet::params::server_storeconfigs", "server_ruby_load_paths": "$puppet::params::server_ruby_load_paths", "server_ssl_dir": "$puppet::params::server_ssl_dir", "server_ssl_dir_manage": "$puppet::params::server_ssl_dir_manage", "server_ssl_key_manage": "$puppet::params::server_ssl_key_manage", "server_ssl_protocols": "$puppet::params::server_ssl_protocols", "server_ssl_chain_filepath": "$puppet::params::server_ssl_chain_filepath", "server_package": "$puppet::params::server_package", "server_version": "$puppet::params::server_version", "server_certname": "$puppet::params::server_certname", "server_request_timeout": "$puppet::params::server_request_timeout", "server_strict_variables": "$puppet::params::server_strict_variables", "server_additional_settings": "$puppet::params::server_additional_settings", "server_foreman": "$puppet::params::server_foreman", "server_foreman_url": "$puppet::params::server_foreman_url", "server_foreman_ssl_ca": "$puppet::params::server_foreman_ssl_ca", "server_foreman_ssl_cert": "$puppet::params::server_foreman_ssl_cert", "server_foreman_ssl_key": "$puppet::params::server_foreman_ssl_key", "server_foreman_facts": "$puppet::params::server_foreman_facts", "server_puppet_basedir": "$puppet::params::server_puppet_basedir", "server_parser": "$puppet::params::server_parser", "server_environment_timeout": "$puppet::params::server_environment_timeout", "server_jvm_java_bin": "$puppet::params::server_jvm_java_bin", "server_jvm_config": "$puppet::params::server_jvm_config", "server_jvm_min_heap_size": "$puppet::params::server_jvm_min_heap_size", "server_jvm_max_heap_size": "$puppet::params::server_jvm_max_heap_size", "server_jvm_extra_args": "$puppet::params::server_jvm_extra_args", "server_jvm_cli_args": "$puppet::params::server_jvm_cli_args", "server_jruby_gem_home": "$puppet::params::server_jruby_gem_home", "server_environment_vars": "$puppet::params::server_environment_vars", "server_max_active_instances": "$puppet::params::server_max_active_instances", "server_max_requests_per_instance": "$puppet::params::server_max_requests_per_instance", "server_max_queued_requests": "$puppet::params::server_max_queued_requests", "server_max_retry_delay": "$puppet::params::server_max_retry_delay", "server_multithreaded": "$puppet::params::server_multithreaded", "server_use_legacy_auth_conf": "$puppet::params::server_use_legacy_auth_conf", "server_check_for_updates": "$puppet::params::server_check_for_updates", "server_environment_class_cache_enabled": "$puppet::params::server_environment_class_cache_enabled", "server_allow_header_cert_info": "$puppet::params::server_allow_header_cert_info", "server_web_idle_timeout": "$puppet::params::server_web_idle_timeout", "server_puppetserver_metrics": "true", "server_puppetserver_profiler": "true", "server_puppetserver_telemetry": "true", "server_metrics_jmx_enable": "$puppet::params::server_metrics_jmx_enable", "server_metrics_graphite_enable": "$puppet::params::server_metrics_graphite_enable", "server_metrics_graphite_host": "$puppet::params::server_metrics_graphite_host", "server_metrics_graphite_port": "$puppet::params::server_metrics_graphite_port", "server_metrics_server_id": "$puppet::params::server_metrics_server_id", "server_metrics_graphite_interval": "$puppet::params::server_metrics_graphite_interval", "server_metrics_allowed": "$puppet::params::server_metrics_allowed", "server_puppetserver_experimental": "$puppet::params::server_puppetserver_experimental", "server_puppetserver_auth_template": "$puppet::params::server_puppetserver_auth_template", "server_puppetserver_trusted_agents": "$puppet::params::server_puppetserver_trusted_agents", "server_puppetserver_trusted_certificate_extensions": "$puppet::params::server_puppetserver_trusted_certificate_extensions", "server_compile_mode": "$puppet::params::server_compile_mode", "server_acceptor_threads": "undef", "server_selector_threads": "undef", "server_ssl_acceptor_threads": "undef", "server_ssl_selector_threads": "undef", "server_max_threads": "undef", "server_ca_allow_sans": "$puppet::params::server_ca_allow_sans", "server_ca_allow_auth_extensions": "$puppet::params::server_ca_allow_auth_extensions", "server_ca_enable_infra_crl": "$puppet::params::server_ca_enable_infra_crl", "server_max_open_files": "$puppet::params::server_max_open_files", "server_versioned_code_id": "undef", "server_versioned_code_content": "undef", "server_jolokia_metrics_whitelist": "[]"}, "source": "class puppet (\n String $version = $puppet::params::version,\n String $user = $puppet::params::user,\n String $group = $puppet::params::group,\n Stdlib::Absolutepath $dir = $puppet::params::dir,\n Stdlib::Absolutepath $codedir = $puppet::params::codedir,\n Stdlib::Absolutepath $vardir = $puppet::params::vardir,\n Stdlib::Absolutepath $logdir = $puppet::params::logdir,\n Stdlib::Absolutepath $rundir = $puppet::params::rundir,\n Stdlib::Absolutepath $ssldir = $puppet::params::ssldir,\n Stdlib::Absolutepath $sharedir = $puppet::params::sharedir,\n Variant[Boolean, Enum['server', 'agent']] $manage_packages = $puppet::params::manage_packages,\n Optional[String] $dir_owner = $puppet::params::dir_owner,\n Optional[String] $dir_group = $puppet::params::dir_group,\n Optional[String] $package_provider = $puppet::params::package_provider,\n Optional[Variant[String,Hash,Array]] $package_install_options = $puppet::params::package_install_options,\n Optional[Variant[Stdlib::Absolutepath, Stdlib::HTTPUrl]] $package_source = $puppet::params::package_source,\n Integer[0, 65535] $port = $puppet::params::port,\n Boolean $splay = $puppet::params::splay,\n Variant[Integer[0],Pattern[/^\\d+[smhdy]?$/]] $splaylimit = $puppet::params::splaylimit,\n Variant[Boolean, Stdlib::Absolutepath] $autosign = $puppet::params::autosign,\n Array[String] $autosign_entries = $puppet::params::autosign_entries,\n Pattern[/^[0-9]{3,4}$/] $autosign_mode = $puppet::params::autosign_mode,\n Optional[String] $autosign_content = $puppet::params::autosign_content,\n Optional[String] $autosign_source = $puppet::params::autosign_source,\n Variant[Integer[0],Pattern[/^\\d+[smhdy]?$/]] $runinterval = $puppet::params::runinterval,\n Boolean $usecacheonfailure = $puppet::params::usecacheonfailure,\n Enum['cron', 'service', 'systemd.timer', 'none', 'unmanaged'] $runmode = $puppet::params::runmode,\n Optional[Integer[0,23]] $run_hour = undef,\n Variant[Integer[0,59], Array[Integer[0,59]], Undef] $run_minute = undef,\n Array[Enum['cron', 'service', 'systemd.timer', 'none']] $unavailable_runmodes = $puppet::params::unavailable_runmodes,\n Optional[String] $cron_cmd = $puppet::params::cron_cmd,\n Optional[String] $systemd_cmd = $puppet::params::systemd_cmd,\n Integer[0] $systemd_randomizeddelaysec = $puppet::params::systemd_randomizeddelaysec,\n Boolean $agent_noop = $puppet::params::agent_noop,\n Boolean $show_diff = $puppet::params::show_diff,\n Optional[Stdlib::HTTPUrl] $module_repository = $puppet::params::module_repository,\n Optional[Integer[0]] $http_connect_timeout = $puppet::params::http_connect_timeout,\n Optional[Integer[0]] $http_read_timeout = $puppet::params::http_read_timeout,\n Optional[Variant[String, Boolean]] $ca_server = $puppet::params::ca_server,\n Optional[Integer[0, 65535]] $ca_port = $puppet::params::ca_port,\n Optional[String] $ca_crl_filepath = $puppet::params::ca_crl_filepath,\n Optional[String] $prerun_command = $puppet::params::prerun_command,\n Optional[String] $postrun_command = $puppet::params::postrun_command,\n Array[String] $dns_alt_names = $puppet::params::dns_alt_names,\n Boolean $use_srv_records = $puppet::params::use_srv_records,\n Optional[String] $srv_domain = $puppet::params::srv_domain,\n String $pluginsource = $puppet::params::pluginsource,\n String $pluginfactsource = $puppet::params::pluginfactsource,\n Hash[String, Data] $additional_settings = $puppet::params::additional_settings,\n Hash[String, Data] $agent_additional_settings = $puppet::params::agent_additional_settings,\n Optional[String] $agent_restart_command = $puppet::params::agent_restart_command,\n String $classfile = $puppet::params::classfile,\n String $hiera_config = $puppet::params::hiera_config,\n String $auth_template = $puppet::params::auth_template,\n Boolean $allow_any_crl_auth = $puppet::params::allow_any_crl_auth,\n Array[String] $auth_allowed = $puppet::params::auth_allowed,\n Variant[String, Array[String]] $client_package = $puppet::params::client_package,\n Boolean $agent = $puppet::params::agent,\n Boolean $report = $puppet::params::report,\n Variant[String, Boolean] $client_certname = $puppet::params::client_certname,\n Optional[String] $puppetmaster = $puppet::params::puppetmaster,\n String $systemd_unit_name = $puppet::params::systemd_unit_name,\n String $service_name = $puppet::params::service_name,\n Optional[String] $syslogfacility = $puppet::params::syslogfacility,\n String $environment = $puppet::params::environment,\n Boolean $server = $puppet::params::server,\n Array[String] $server_admin_api_whitelist = $puppet::params::server_admin_api_whitelist,\n Boolean $server_manage_user = $puppet::params::manage_user,\n String $server_user = $puppet::params::user,\n String $server_group = $puppet::params::group,\n String $server_dir = $puppet::params::dir,\n String $server_ip = $puppet::params::ip,\n Integer $server_port = $puppet::params::port,\n Boolean $server_ca = $puppet::params::server_ca,\n Boolean $server_ca_crl_sync = $puppet::params::server_ca_crl_sync,\n Optional[Boolean] $server_crl_enable = $puppet::params::server_crl_enable,\n Boolean $server_ca_auth_required = $puppet::params::server_ca_auth_required,\n Boolean $server_ca_client_self_delete = $puppet::params::server_ca_client_self_delete,\n Array[String] $server_ca_client_whitelist = $puppet::params::server_ca_client_whitelist,\n Optional[Puppet::Custom_trusted_oid_mapping] $server_custom_trusted_oid_mapping = $puppet::params::server_custom_trusted_oid_mapping,\n Boolean $server_http = $puppet::params::server_http,\n Integer $server_http_port = $puppet::params::server_http_port,\n String $server_reports = $puppet::params::server_reports,\n Optional[Stdlib::Absolutepath] $server_puppetserver_dir = $puppet::params::server_puppetserver_dir,\n Optional[Stdlib::Absolutepath] $server_puppetserver_vardir = $puppet::params::server_puppetserver_vardir,\n Optional[Stdlib::Absolutepath] $server_puppetserver_rundir = $puppet::params::server_puppetserver_rundir,\n Optional[Stdlib::Absolutepath] $server_puppetserver_logdir = $puppet::params::server_puppetserver_logdir,\n Optional[Pattern[/^[\\d]\\.[\\d]+\\.[\\d]+$/]] $server_puppetserver_version = $puppet::params::server_puppetserver_version,\n Variant[Undef, String[0], Stdlib::Absolutepath] $server_external_nodes = $puppet::params::server_external_nodes,\n Optional[Stdlib::Absolutepath] $server_trusted_external_command = $puppet::params::server_trusted_external_command,\n Array[String] $server_cipher_suites = $puppet::params::server_cipher_suites,\n Integer[0] $server_connect_timeout = $puppet::params::server_connect_timeout,\n Boolean $server_git_repo = $puppet::params::server_git_repo,\n Boolean $server_default_manifest = $puppet::params::server_default_manifest,\n Stdlib::Absolutepath $server_default_manifest_path = $puppet::params::server_default_manifest_path,\n String $server_default_manifest_content = $puppet::params::server_default_manifest_content,\n String $server_environments_owner = $puppet::params::server_environments_owner,\n Optional[String] $server_environments_group = $puppet::params::server_environments_group,\n Pattern[/^[0-9]{3,4}$/] $server_environments_mode = $puppet::params::server_environments_mode,\n Array[Stdlib::Absolutepath, 1] $server_envs_dir = $puppet::params::server_envs_dir,\n Optional[Stdlib::Absolutepath] $server_envs_target = $puppet::params::server_envs_target,\n Variant[Undef, String[0], Array[Stdlib::Absolutepath]] $server_common_modules_path = $puppet::params::server_common_modules_path,\n Pattern[/^[0-9]{3,4}$/] $server_git_repo_mode = $puppet::params::server_git_repo_mode,\n Stdlib::Absolutepath $server_git_repo_path = $puppet::params::server_git_repo_path,\n String $server_git_repo_group = $puppet::params::server_git_repo_group,\n String $server_git_repo_user = $puppet::params::server_git_repo_user,\n Hash[String, String] $server_git_branch_map = $puppet::params::server_git_branch_map,\n Integer[0] $server_idle_timeout = $puppet::params::server_idle_timeout,\n String $server_post_hook_content = $puppet::params::server_post_hook_content,\n String $server_post_hook_name = $puppet::params::server_post_hook_name,\n Boolean $server_storeconfigs = $puppet::params::server_storeconfigs,\n Array[Stdlib::Absolutepath] $server_ruby_load_paths = $puppet::params::server_ruby_load_paths,\n Stdlib::Absolutepath $server_ssl_dir = $puppet::params::server_ssl_dir,\n Boolean $server_ssl_dir_manage = $puppet::params::server_ssl_dir_manage,\n Boolean $server_ssl_key_manage = $puppet::params::server_ssl_key_manage,\n Array[String] $server_ssl_protocols = $puppet::params::server_ssl_protocols,\n Optional[Stdlib::Absolutepath] $server_ssl_chain_filepath = $puppet::params::server_ssl_chain_filepath,\n Optional[Variant[String, Array[String]]] $server_package = $puppet::params::server_package,\n Optional[String] $server_version = $puppet::params::server_version,\n String $server_certname = $puppet::params::server_certname,\n Integer[0] $server_request_timeout = $puppet::params::server_request_timeout,\n Boolean $server_strict_variables = $puppet::params::server_strict_variables,\n Hash[String, Data] $server_additional_settings = $puppet::params::server_additional_settings,\n Boolean $server_foreman = $puppet::params::server_foreman,\n Stdlib::HTTPUrl $server_foreman_url = $puppet::params::server_foreman_url,\n Optional[Stdlib::Absolutepath] $server_foreman_ssl_ca = $puppet::params::server_foreman_ssl_ca,\n Optional[Stdlib::Absolutepath] $server_foreman_ssl_cert = $puppet::params::server_foreman_ssl_cert,\n Optional[Stdlib::Absolutepath] $server_foreman_ssl_key = $puppet::params::server_foreman_ssl_key,\n Boolean $server_foreman_facts = $puppet::params::server_foreman_facts,\n Optional[Stdlib::Absolutepath] $server_puppet_basedir = $puppet::params::server_puppet_basedir,\n Enum['current', 'future'] $server_parser = $puppet::params::server_parser,\n Variant[Undef, Enum['unlimited'], Pattern[/^\\d+[smhdy]?$/]] $server_environment_timeout = $puppet::params::server_environment_timeout,\n String $server_jvm_java_bin = $puppet::params::server_jvm_java_bin,\n String $server_jvm_config = $puppet::params::server_jvm_config,\n Pattern[/^[0-9]+[kKmMgG]$/] $server_jvm_min_heap_size = $puppet::params::server_jvm_min_heap_size,\n Pattern[/^[0-9]+[kKmMgG]$/] $server_jvm_max_heap_size = $puppet::params::server_jvm_max_heap_size,\n Optional[Variant[String,Array[String]]] $server_jvm_extra_args = $puppet::params::server_jvm_extra_args,\n Optional[String] $server_jvm_cli_args = $puppet::params::server_jvm_cli_args,\n Optional[Stdlib::Absolutepath] $server_jruby_gem_home = $puppet::params::server_jruby_gem_home,\n Hash[String, String] $server_environment_vars = $puppet::params::server_environment_vars,\n Integer[1] $server_max_active_instances = $puppet::params::server_max_active_instances,\n Integer[0] $server_max_requests_per_instance = $puppet::params::server_max_requests_per_instance,\n Integer[0] $server_max_queued_requests = $puppet::params::server_max_queued_requests,\n Integer[0] $server_max_retry_delay = $puppet::params::server_max_retry_delay,\n Boolean $server_multithreaded = $puppet::params::server_multithreaded,\n Boolean $server_use_legacy_auth_conf = $puppet::params::server_use_legacy_auth_conf,\n Boolean $server_check_for_updates = $puppet::params::server_check_for_updates,\n Boolean $server_environment_class_cache_enabled = $puppet::params::server_environment_class_cache_enabled,\n Boolean $server_allow_header_cert_info = $puppet::params::server_allow_header_cert_info,\n Integer[0] $server_web_idle_timeout = $puppet::params::server_web_idle_timeout,\n Boolean $server_puppetserver_metrics = true,\n Boolean $server_puppetserver_profiler = true,\n Boolean $server_puppetserver_telemetry = true,\n Boolean $server_metrics_jmx_enable = $puppet::params::server_metrics_jmx_enable,\n Boolean $server_metrics_graphite_enable = $puppet::params::server_metrics_graphite_enable,\n String $server_metrics_graphite_host = $puppet::params::server_metrics_graphite_host,\n Integer $server_metrics_graphite_port = $puppet::params::server_metrics_graphite_port,\n String $server_metrics_server_id = $puppet::params::server_metrics_server_id,\n Integer $server_metrics_graphite_interval = $puppet::params::server_metrics_graphite_interval,\n Optional[Array] $server_metrics_allowed = $puppet::params::server_metrics_allowed,\n Boolean $server_puppetserver_experimental = $puppet::params::server_puppetserver_experimental,\n Optional[String[1]] $server_puppetserver_auth_template = $puppet::params::server_puppetserver_auth_template,\n Array[String] $server_puppetserver_trusted_agents = $puppet::params::server_puppetserver_trusted_agents,\n Array[Hash] $server_puppetserver_trusted_certificate_extensions = $puppet::params::server_puppetserver_trusted_certificate_extensions,\n Optional[Enum['off', 'jit', 'force']] $server_compile_mode = $puppet::params::server_compile_mode,\n Optional[Integer[1]] $server_acceptor_threads = undef,\n Optional[Integer[1]] $server_selector_threads = undef,\n Optional[Integer[1]] $server_ssl_acceptor_threads = undef,\n Optional[Integer[1]] $server_ssl_selector_threads = undef,\n Optional[Integer[1]] $server_max_threads = undef,\n Boolean $server_ca_allow_sans = $puppet::params::server_ca_allow_sans,\n Boolean $server_ca_allow_auth_extensions = $puppet::params::server_ca_allow_auth_extensions,\n Boolean $server_ca_enable_infra_crl = $puppet::params::server_ca_enable_infra_crl,\n Optional[Integer[1]] $server_max_open_files = $puppet::params::server_max_open_files,\n Optional[Stdlib::Absolutepath] $server_versioned_code_id = undef,\n Optional[Stdlib::Absolutepath] $server_versioned_code_content = undef,\n Array[String[1]] $server_jolokia_metrics_whitelist = [],\n) inherits puppet::params {\n contain puppet::config\n\n if $agent == true {\n contain puppet::agent\n }\n\n if $server == true {\n contain puppet::server\n }\n\n # Ensure the server is running before the agent needs it, and that\n # certificates are generated in the server config (if enabled)\n if $server == true and $agent == true {\n Class['puppet::server'] -> Class['puppet::agent::service']\n }\n}"}, {"name": "puppet::agent", "file": "manifests/agent.pp", "line": 3, "docstring": {"text": "Puppet agent", "tags": [{"tag_name": "api", "text": "private"}]}, "source": "class puppet::agent {\n contain puppet::agent::install\n contain puppet::agent::config\n contain puppet::agent::service\n\n Class['puppet::agent::install'] ~> Class['puppet::agent::config', 'puppet::agent::service']\n Class['puppet::config', 'puppet::agent::config'] ~> Class['puppet::agent::service']\n}"}, {"name": "puppet::agent::config", "file": "manifests/agent/config.pp", "line": 3, "inherits": "puppet::config", "docstring": {"text": "Puppet agent configuration", "tags": [{"tag_name": "api", "text": "private"}]}, "source": "class puppet::agent::config inherits puppet::config {\n puppet::config::agent{\n 'classfile': value => $puppet::classfile;\n 'localconfig': value => '$vardir/localconfig';\n 'default_schedules': value => false;\n 'report': value => $puppet::report;\n 'masterport': value => $puppet::port;\n 'environment': value => $puppet::environment;\n 'splay': value => $puppet::splay;\n 'splaylimit': value => $puppet::splaylimit;\n 'runinterval': value => $puppet::runinterval;\n 'noop': value => $puppet::agent_noop;\n 'usecacheonfailure': value => $puppet::usecacheonfailure;\n }\n if $puppet::http_connect_timeout != undef {\n puppet::config::agent {\n 'http_connect_timeout': value => $puppet::http_connect_timeout;\n }\n }\n if $puppet::http_read_timeout != undef {\n puppet::config::agent {\n 'http_read_timeout': value => $puppet::http_read_timeout;\n }\n }\n if $puppet::prerun_command {\n puppet::config::agent {\n 'prerun_command': value => $puppet::prerun_command;\n }\n }\n if $puppet::postrun_command {\n puppet::config::agent {\n 'postrun_command': value => $puppet::postrun_command;\n }\n }\n\n $puppet::agent_additional_settings.each |$key,$value| {\n puppet::config::agent { $key: value => $value }\n }\n}"}, {"name": "puppet::agent::install", "file": "manifests/agent/install.pp", "line": 3, "docstring": {"text": "Install the puppet agent package", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "manage_packages"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "package_name"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "package_version"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "package_provider"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "package_install_options"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "package_source"}]}, "defaults": {"manage_packages": "$puppet::manage_packages", "package_name": "$puppet::client_package", "package_version": "$puppet::version", "package_provider": "$puppet::package_provider", "package_install_options": "$puppet::package_install_options", "package_source": "$puppet::package_source"}, "source": "class puppet::agent::install(\n $manage_packages = $puppet::manage_packages,\n $package_name = $puppet::client_package,\n $package_version = $puppet::version,\n $package_provider = $puppet::package_provider,\n $package_install_options = $puppet::package_install_options,\n $package_source = $puppet::package_source,\n) {\n if $manage_packages == true or $manage_packages == 'agent' {\n package { $package_name:\n ensure => $package_version,\n provider => $package_provider,\n install_options => $package_install_options,\n source => $package_source,\n }\n }\n}"}, {"name": "puppet::agent::service", "file": "manifests/agent/service.pp", "line": 3, "docstring": {"text": "Set up the puppet agent as a service", "tags": [{"tag_name": "api", "text": "private"}]}, "source": "class puppet::agent::service {\n\n case $puppet::runmode {\n 'service': {\n $service_enabled = true\n $cron_enabled = false\n $systemd_enabled = false\n }\n 'cron': {\n $service_enabled = false\n $cron_enabled = true\n $systemd_enabled = false\n }\n 'systemd.timer': {\n $service_enabled = false\n $cron_enabled = false\n $systemd_enabled = true\n }\n 'none', 'unmanaged': {\n $service_enabled = false\n $cron_enabled = false\n $systemd_enabled = false\n }\n default: {\n fail(\"Runmode of ${puppet::runmode} not supported by puppet::agent::config!\")\n }\n }\n\n if $puppet::runmode in $puppet::unavailable_runmodes {\n fail(\"Runmode of ${puppet::runmode} not supported on ${::kernel} operating systems!\")\n }\n\n class { 'puppet::agent::service::daemon':\n enabled => $service_enabled,\n }\n contain puppet::agent::service::daemon\n\n class { 'puppet::agent::service::systemd':\n enabled => $systemd_enabled,\n hour => $puppet::run_hour,\n minute => $puppet::run_minute,\n }\n contain puppet::agent::service::systemd\n\n class { 'puppet::agent::service::cron':\n enabled => $cron_enabled,\n hour => $puppet::run_hour,\n minute => $puppet::run_minute,\n }\n contain puppet::agent::service::cron\n}"}, {"name": "puppet::agent::service::cron", "file": "manifests/agent/service/cron.pp", "line": 3, "docstring": {"text": "Set up running the agent via cron", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "enabled"}, {"tag_name": "param", "text": "", "types": ["Optional[Integer[0,23]]"], "name": "hour"}, {"tag_name": "param", "text": "", "types": ["Variant[Integer[0,59], Array[Integer[0,59]], Undef]"], "name": "minute"}]}, "defaults": {"enabled": "false", "hour": "undef", "minute": "undef"}, "source": "class puppet::agent::service::cron (\n Boolean $enabled = false,\n Optional[Integer[0,23]] $hour = undef,\n Variant[Integer[0,59], Array[Integer[0,59]], Undef] $minute = undef,\n) {\n unless $puppet::runmode == 'unmanaged' or 'cron' in $puppet::unavailable_runmodes {\n if $enabled {\n $command = pick($puppet::cron_cmd, \"${puppet::puppet_cmd} agent --config ${puppet::dir}/puppet.conf --onetime --no-daemonize\")\n $times = extlib::ip_to_cron($puppet::runinterval)\n\n $_hour = pick($hour, $times[0])\n $_minute = pick($minute, $times[1])\n\n cron { 'puppet':\n command => $command,\n user => root,\n hour => $_hour,\n minute => $_minute,\n }\n } else{\n cron { 'puppet':\n ensure => absent,\n }\n }\n }\n}"}, {"name": "puppet::agent::service::daemon", "file": "manifests/agent/service/daemon.pp", "line": 3, "docstring": {"text": "Set up running the agent as a daemon", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "enabled"}]}, "defaults": {"enabled": "false"}, "source": "class puppet::agent::service::daemon (\n Boolean $enabled = false,\n) {\n unless $puppet::runmode == 'unmanaged' or 'service' in $puppet::unavailable_runmodes {\n if $enabled {\n service {'puppet':\n ensure => running,\n name => $puppet::service_name,\n hasstatus => true,\n hasrestart => $puppet::agent_restart_command != undef,\n enable => true,\n restart => $puppet::agent_restart_command,\n }\n } else {\n service {'puppet':\n ensure => stopped,\n name => $puppet::service_name,\n hasstatus => true,\n enable => false,\n }\n }\n }\n}"}, {"name": "puppet::agent::service::systemd", "file": "manifests/agent/service/systemd.pp", "line": 3, "docstring": {"text": "Set up running the agent via a systemd timer", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "enabled"}, {"tag_name": "param", "text": "", "types": ["Optional[Integer[0,23]]"], "name": "hour"}, {"tag_name": "param", "text": "", "types": ["Variant[Integer[0,59], Array[Integer[0,59]], Undef]"], "name": "minute"}]}, "defaults": {"enabled": "false", "hour": "undef", "minute": "undef"}, "source": "class puppet::agent::service::systemd (\n Boolean $enabled = false,\n Optional[Integer[0,23]] $hour = undef,\n Variant[Integer[0,59], Array[Integer[0,59]], Undef] $minute = undef,\n) {\n unless $puppet::runmode == 'unmanaged' or 'systemd.timer' in $puppet::unavailable_runmodes {\n # Use the same times as for cron\n $times = extlib::ip_to_cron($puppet::runinterval)\n\n # But only if they are not explicitly specified\n $_hour = pick($hour, $times[0])\n $_minute = pick($minute, $times[1])\n\n $command = pick($puppet::systemd_cmd, \"${puppet::puppet_cmd} agent --config ${puppet::dir}/puppet.conf --onetime --no-daemonize --detailed-exitcode --no-usecacheonfailure\")\n $randomizeddelaysec = $puppet::systemd_randomizeddelaysec\n\n systemd::timer { \"${puppet::systemd_unit_name}.timer\":\n ensure => bool2str($enabled, 'present', 'absent'),\n active => $enabled,\n enable => $enabled,\n timer_content => template('puppet/agent/systemd.puppet-run.timer.erb'),\n service_content => template('puppet/agent/systemd.puppet-run.service.erb'),\n }\n }\n}"}, {"name": "puppet::config", "file": "manifests/config.pp", "line": 3, "docstring": {"text": "Set up the puppet config", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "allow_any_crl_auth"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "auth_allowed"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "auth_template"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ca_server"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ca_port"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "dns_alt_names"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "module_repository"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "pluginsource"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "pluginfactsource"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "puppet_dir"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "puppetmaster"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "syslogfacility"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "srv_domain"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "use_srv_records"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "additional_settings"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "client_certname"}]}, "defaults": {"allow_any_crl_auth": "$puppet::allow_any_crl_auth", "auth_allowed": "$puppet::auth_allowed", "auth_template": "$puppet::auth_template", "ca_server": "$puppet::ca_server", "ca_port": "$puppet::ca_port", "dns_alt_names": "$puppet::dns_alt_names", "module_repository": "$puppet::module_repository", "pluginsource": "$puppet::pluginsource", "pluginfactsource": "$puppet::pluginfactsource", "puppet_dir": "$puppet::dir", "puppetmaster": "$puppet::puppetmaster", "syslogfacility": "$puppet::syslogfacility", "srv_domain": "$puppet::srv_domain", "use_srv_records": "$puppet::use_srv_records", "additional_settings": "$puppet::additional_settings", "client_certname": "$puppet::client_certname"}, "source": "class puppet::config(\n $allow_any_crl_auth = $puppet::allow_any_crl_auth,\n $auth_allowed = $puppet::auth_allowed,\n $auth_template = $puppet::auth_template,\n $ca_server = $puppet::ca_server,\n $ca_port = $puppet::ca_port,\n $dns_alt_names = $puppet::dns_alt_names,\n $module_repository = $puppet::module_repository,\n $pluginsource = $puppet::pluginsource,\n $pluginfactsource = $puppet::pluginfactsource,\n $puppet_dir = $puppet::dir,\n $puppetmaster = $puppet::puppetmaster,\n $syslogfacility = $puppet::syslogfacility,\n $srv_domain = $puppet::srv_domain,\n $use_srv_records = $puppet::use_srv_records,\n $additional_settings = $puppet::additional_settings,\n $client_certname = $puppet::client_certname,\n) {\n puppet::config::main{\n 'vardir': value => $puppet::vardir;\n 'logdir': value => $puppet::logdir;\n 'rundir': value => $puppet::rundir;\n 'ssldir': value => $puppet::ssldir;\n 'privatekeydir': value => '$ssldir/private_keys { group = service }';\n 'hostprivkey': value => '$privatekeydir/$certname.pem { mode = 640 }';\n 'show_diff': value => $puppet::show_diff;\n 'codedir': value => $puppet::codedir;\n }\n\n if $module_repository and !empty($module_repository) {\n puppet::config::main{'module_repository': value => $module_repository; }\n }\n if $ca_server and !empty($ca_server) {\n puppet::config::main{'ca_server': value => $ca_server; }\n }\n if $ca_port {\n puppet::config::main{'ca_port': value => $ca_port; }\n }\n if $dns_alt_names and !empty($dns_alt_names) {\n puppet::config::main{'dns_alt_names': value => $dns_alt_names; }\n }\n if $use_srv_records {\n unless $srv_domain {\n fail('$::domain fact found to be undefined and $srv_domain is undefined')\n }\n puppet::config::main{\n 'use_srv_records': value => true;\n 'srv_domain': value => $srv_domain;\n }\n } else {\n puppet::config::main {\n 'server': value => pick($puppetmaster, $facts['networking']['fqdn']);\n }\n }\n if $pluginsource {\n puppet::config::main{'pluginsource': value => $pluginsource; }\n }\n if $pluginfactsource {\n puppet::config::main{'pluginfactsource': value => $pluginfactsource; }\n }\n if $syslogfacility and !empty($syslogfacility) {\n puppet::config::main{'syslogfacility': value => $syslogfacility; }\n }\n if $client_certname {\n puppet::config::main {\n 'certname': value => $client_certname;\n }\n }\n\n $additional_settings.each |$key,$value| {\n puppet::config::main { $key: value => $value }\n }\n\n concat::fragment { 'puppet.conf_comment':\n target => \"${puppet_dir}/puppet.conf\",\n content => '# file managed by puppet',\n order => '0_comment',\n }\n\n file { $puppet_dir:\n ensure => directory,\n owner => $puppet::dir_owner,\n group => $puppet::dir_group,\n }\n -> case $facts['os']['family'] {\n 'Windows': {\n concat { \"${puppet_dir}/puppet.conf\":\n mode => '0674',\n }\n }\n\n default: {\n concat { \"${puppet_dir}/puppet.conf\":\n owner => 'root',\n group => $puppet::params::root_group,\n mode => '0644',\n }\n }\n }\n\n if versioncmp($facts['puppetversion'], '7.0.0') >= 0 {\n file { \"${puppet_dir}/auth.conf\":\n ensure => absent,\n }\n } else {\n file { \"${puppet_dir}/auth.conf\":\n ensure => file,\n content => template($auth_template),\n }\n }\n}"}, {"name": "puppet::params", "file": "manifests/params.pp", "line": 3, "docstring": {"text": "Default parameters", "tags": [{"tag_name": "api", "text": "private"}]}, "source": "class puppet::params {\n\n # Basic config\n $version = 'present'\n $manage_user = true\n $user = 'puppet'\n $group = 'puppet'\n $ip = '0.0.0.0'\n $port = 8140\n $splay = false\n $splaylimit = 1800\n $runinterval = 1800\n $runmode = 'service'\n $report = true\n\n # Not defined here as the commands depend on module parameter \"dir\"\n $cron_cmd = undef\n $systemd_cmd = undef\n\n $agent_noop = false\n $show_diff = false\n $module_repository = undef\n $hiera_config = '$confdir/hiera.yaml'\n $usecacheonfailure = true\n $ca_server = undef\n $ca_port = undef\n $ca_crl_filepath = undef\n $server_crl_enable = undef\n $prerun_command = undef\n $postrun_command = undef\n $server_compile_mode = undef\n $dns_alt_names = []\n $use_srv_records = false\n\n if defined('$::domain') {\n $srv_domain = $facts['networking']['domain']\n } else {\n $srv_domain = undef\n }\n\n # lint:ignore:puppet_url_without_modules\n $pluginsource = 'puppet:///plugins'\n $pluginfactsource = 'puppet:///pluginfacts'\n # lint:endignore\n $classfile = '$statedir/classes.txt'\n $syslogfacility = undef\n $environment = $::environment\n\n # aio_agent_version is a core fact that's empty on non-AIO\n $aio_package = fact('aio_agent_version') =~ String[1]\n\n $systemd_randomizeddelaysec = 0\n\n case $facts['os']['family'] {\n 'Windows' : {\n # Windows prefixes normal paths with the Data Directory's path and leaves 'puppet' off the end\n $dir_prefix = 'C:/ProgramData/PuppetLabs/puppet'\n $dir = \"${dir_prefix}/etc\"\n $codedir = \"${dir_prefix}/etc\"\n $logdir = \"${dir_prefix}/var/log\"\n $rundir = \"${dir_prefix}/var/run\"\n $ssldir = \"${dir_prefix}/etc/ssl\"\n $vardir = \"${dir_prefix}/var\"\n $sharedir = \"${dir_prefix}/share\"\n $bindir = \"${dir_prefix}/bin\"\n $root_group = undef\n $server_puppetserver_dir = undef\n $server_puppetserver_vardir = undef\n $server_puppetserver_rundir = undef\n $server_puppetserver_logdir = undef\n $server_ruby_load_paths = []\n $server_jruby_gem_home = undef\n }\n\n /^(FreeBSD|DragonFly)$/ : {\n $dir = '/usr/local/etc/puppet'\n $codedir = '/usr/local/etc/puppet'\n $logdir = '/var/log/puppet'\n $rundir = '/var/run/puppet'\n $ssldir = '/var/puppet/ssl'\n $vardir = '/var/puppet'\n $sharedir = '/usr/local/share/puppet'\n $bindir = '/usr/local/bin'\n $root_group = undef\n $server_puppetserver_dir = '/usr/local/etc/puppetserver'\n $server_puppetserver_vardir = '/var/puppet/server/data/puppetserver'\n $server_puppetserver_rundir = '/var/run/puppetserver'\n $server_puppetserver_logdir = '/var/log/puppetserver'\n if fact('ruby') {\n $ruby_gem_dir = regsubst($facts['ruby']['version'], '^(\\d+\\.\\d+).*$', '/usr/local/lib/ruby/gems/\\1/gems')\n $server_ruby_load_paths = [$facts['ruby']['sitedir'], \"${ruby_gem_dir}/facter-${facts['facterversion']}/lib\"]\n } else {\n # On FreeBSD 11 the ruby fact doesn't resolve - at least in facterdb\n # lint:ignore:legacy_facts\n $ruby_gem_dir = regsubst($facts['rubyversion'], '^(\\d+\\.\\d+).*$', '/usr/local/lib/ruby/gems/\\1/gems')\n $server_ruby_load_paths = [$facts['rubysitedir'], \"${ruby_gem_dir}/facter-${facts['facterversion']}/lib\"]\n # lint:endignore\n }\n $server_jruby_gem_home = '/var/puppet/server/data/puppetserver/jruby-gems'\n }\n\n 'Archlinux' : {\n $dir = '/etc/puppetlabs/puppet'\n $codedir = '/etc/puppetlabs/code'\n $logdir = '/var/log/puppetlabs/puppet'\n $rundir = '/var/run/puppetlabs'\n $ssldir = '/etc/puppetlabs/puppet/ssl'\n $vardir = '/opt/puppetlabs/puppet/cache'\n $sharedir = '/opt/puppetlabs/puppet'\n $bindir = '/usr/bin'\n $root_group = undef\n $server_puppetserver_dir = undef\n $server_puppetserver_vardir = undef\n $server_puppetserver_rundir = undef\n $server_puppetserver_logdir = undef\n $server_ruby_load_paths = []\n $server_jruby_gem_home = undef\n }\n\n default : {\n if $aio_package {\n $dir = '/etc/puppetlabs/puppet'\n $codedir = '/etc/puppetlabs/code'\n $logdir = '/var/log/puppetlabs/puppet'\n $rundir = '/var/run/puppetlabs'\n $ssldir = '/etc/puppetlabs/puppet/ssl'\n $vardir = '/opt/puppetlabs/puppet/cache'\n $sharedir = '/opt/puppetlabs/puppet'\n $bindir = '/opt/puppetlabs/bin'\n $server_puppetserver_dir = '/etc/puppetlabs/puppetserver'\n $server_puppetserver_vardir = '/opt/puppetlabs/server/data/puppetserver'\n $server_puppetserver_rundir = '/var/run/puppetlabs/puppetserver'\n $server_puppetserver_logdir = '/var/log/puppetlabs/puppetserver'\n $server_ruby_load_paths = ['/opt/puppetlabs/puppet/lib/ruby/vendor_ruby']\n $server_jruby_gem_home = '/opt/puppetlabs/server/data/puppetserver/jruby-gems'\n } else {\n $dir = '/etc/puppet'\n $codedir = $facts['os']['family'] ? {\n 'Debian' => '/etc/puppet/code',\n default => '/etc/puppet',\n }\n $logdir = '/var/log/puppet'\n $rundir = '/var/run/puppet'\n $ssldir = '/var/lib/puppet/ssl'\n $vardir = '/var/lib/puppet'\n $sharedir = '/usr/share/puppet'\n $bindir = '/usr/bin'\n $server_puppetserver_dir = '/etc/puppetserver'\n $server_puppetserver_vardir = $vardir\n $server_puppetserver_rundir = undef\n $server_puppetserver_logdir = undef\n $server_ruby_load_paths = []\n $server_jruby_gem_home = '/var/lib/puppet/jruby-gems'\n }\n $root_group = undef\n }\n }\n\n $http_connect_timeout = undef\n $http_read_timeout = undef\n\n $autosign = \"${dir}/autosign.conf\"\n $autosign_entries = []\n $autosign_mode = '0664'\n $autosign_content = undef\n $autosign_source = undef\n\n $puppet_cmd = \"${bindir}/puppet\"\n $puppetserver_cmd = \"${bindir}/puppetserver\"\n\n $manage_packages = true\n\n if $facts['os']['family'] == 'Windows' {\n $dir_owner = undef\n $dir_group = undef\n } else {\n $dir_owner = 'root'\n $dir_group = $root_group\n }\n\n $package_provider = $facts['os']['family'] ? {\n 'windows' => 'chocolatey',\n default => undef,\n }\n\n $package_source = undef\n $package_install_options = undef\n\n # Need your own config templates? Specify here:\n $auth_template = 'puppet/auth.conf.erb'\n\n # Allow any to the CRL. Needed in case of puppet CA proxy\n $allow_any_crl_auth = false\n\n # Authenticated nodes to allow\n $auth_allowed = ['$1']\n\n # Will this host be a puppet agent ?\n $agent = true\n $client_certname = $::clientcert\n\n if defined('$::puppetmaster') {\n $puppetmaster = $::puppetmaster\n } else {\n $puppetmaster = undef\n }\n\n # Hashes containing additional settings\n $additional_settings = {}\n $agent_additional_settings = {}\n $server_additional_settings = {}\n\n # Will this host be a puppetmaster?\n $server = false\n $server_ca = true\n $server_ca_crl_sync = false\n $server_reports = 'foreman'\n $server_external_nodes = \"${dir}/node.rb\"\n $server_trusted_external_command = undef\n $server_request_timeout = 60\n $server_certname = $::clientcert\n $server_strict_variables = false\n $server_http = false\n $server_http_port = 8139\n\n # Need a new master template for the server?\n $server_template = 'puppet/server/puppet.conf.erb'\n # Template for server settings in [main]\n $server_main_template = 'puppet/server/puppet.conf.main.erb'\n\n # Set 'false' for static environments, or 'true' for git-based workflow\n $server_git_repo = false\n # Git branch to puppet env mapping for the post receive hook\n $server_git_branch_map = {}\n\n # Owner of the environments dir: for cases external service needs write\n # access to manage it.\n $server_environments_owner = $user\n $server_environments_group = $root_group\n $server_environments_mode = '0755'\n # Where we store our puppet environments\n $server_envs_dir = [\"${codedir}/environments\"]\n $server_envs_target = undef\n # Modules in this directory would be shared across all environments\n $server_common_modules_path = unique([\"${server_envs_dir[0]}/common\", \"${codedir}/modules\", \"${sharedir}/modules\", '/usr/share/puppet/modules'])\n\n # Dynamic environments config, ignore if the git_repo is 'false'\n # Path to the repository\n $server_git_repo_path = \"${vardir}/puppet.git\"\n # mode of the repository\n $server_git_repo_mode = '0755'\n # user of the repository\n $server_git_repo_user = $user\n # group of the repository\n $server_git_repo_group = $user\n # Override these if you need your own hooks\n $server_post_hook_content = 'puppet/server/post-receive.erb'\n $server_post_hook_name = 'post-receive'\n $server_custom_trusted_oid_mapping = undef\n\n $server_storeconfigs = false\n\n $puppet_major = regsubst($::puppetversion, '^(\\d+)\\..*$', '\\1')\n\n if ($facts['os']['family'] =~ /(FreeBSD|DragonFly)/) {\n $server_package = \"puppetserver${puppet_major}\"\n } else {\n $server_package = undef\n }\n\n $server_ssl_dir = $ssldir\n $server_version = undef\n\n if $aio_package {\n $client_package = ['puppet-agent']\n } elsif ($facts['os']['family'] =~ /(FreeBSD|DragonFly)/) {\n $client_package = [\"puppet${puppet_major}\"]\n } else {\n $client_package = ['puppet']\n }\n\n # Puppet service name\n $service_name = 'puppet'\n\n # Puppet onedshot systemd service and timer name\n $systemd_unit_name = 'puppet-run'\n # Mechanisms to manage and reload/restart the agent\n # If supported on the OS, reloading is prefered since it does not kill a currently active puppet run\n if $facts['service_provider'] == 'systemd' {\n $agent_restart_command = \"/bin/systemctl reload-or-restart ${service_name}\"\n $unavailable_runmodes = $facts['os']['family'] ? {\n 'Archlinux' => ['cron'],\n default => [],\n }\n } else {\n case $facts['os']['family'] {\n 'Debian': {\n $agent_restart_command = \"/usr/sbin/service ${service_name} reload\"\n $unavailable_runmodes = ['systemd.timer']\n }\n 'RedHat': {\n $agent_restart_command = \"/sbin/service ${service_name} reload\"\n $unavailable_runmodes = ['systemd.timer']\n }\n 'Windows': {\n $agent_restart_command = undef\n $unavailable_runmodes = ['cron', 'systemd.timer']\n }\n default : {\n $agent_restart_command = undef\n $unavailable_runmodes = ['systemd.timer']\n }\n }\n }\n\n # Foreman parameters\n $lower_fqdn = downcase($facts['networking']['fqdn'])\n $server_foreman = true\n $server_foreman_facts = true\n $server_puppet_basedir = $aio_package ? {\n true => '/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet',\n false => undef,\n }\n $server_foreman_url = \"https://${lower_fqdn}\"\n $server_foreman_ssl_ca = undef\n $server_foreman_ssl_cert = undef\n $server_foreman_ssl_key = undef\n\n # Which Parser do we want to use? https://docs.puppetlabs.com/references/latest/configuration.html#parser\n $server_parser = 'current'\n\n # Timeout for cached environments, changed in puppet 3.7.x\n $server_environment_timeout = undef\n\n # puppet server configuration file\n $server_jvm_config = $facts['os']['family'] ? {\n 'RedHat' => '/etc/sysconfig/puppetserver',\n 'Debian' => '/etc/default/puppetserver',\n default => '/etc/default/puppetserver',\n }\n\n $server_jvm_java_bin = '/usr/bin/java'\n $server_jvm_extra_args = undef\n $server_jvm_cli_args = undef\n\n # This is some very trivial \"tuning\". See the puppet reference:\n # https://docs.puppet.com/puppetserver/latest/tuning_guide.html\n $mem_in_mb = $facts['memory']['system']['total_bytes'] / 1024 / 1024\n if $mem_in_mb >= 3072 {\n $server_jvm_min_heap_size = '2G'\n $server_jvm_max_heap_size = '2G'\n $server_max_active_instances = min(abs($facts['processors']['count']), 4)\n } elsif $mem_in_mb >= 1024 {\n $server_max_active_instances = 1\n $server_jvm_min_heap_size = '1G'\n $server_jvm_max_heap_size = '1G'\n } else {\n # VMs with 1GB RAM and a crash kernel enabled usually have an effective 992MB RAM\n $server_max_active_instances = 1\n $server_jvm_min_heap_size = '768m'\n $server_jvm_max_heap_size = '768m'\n }\n\n $server_ssl_dir_manage = true\n $server_ssl_key_manage = true\n $server_default_manifest = false\n $server_default_manifest_path = '/etc/puppet/manifests/default_manifest.pp'\n $server_default_manifest_content = '' # lint:ignore:empty_string_assignment\n $server_max_requests_per_instance = 0\n $server_max_queued_requests = 0\n $server_max_retry_delay = 1800\n $server_multithreaded = false\n $server_idle_timeout = 1200000\n $server_web_idle_timeout = 30000\n $server_connect_timeout = 120000\n $server_ca_auth_required = true\n $server_ca_client_self_delete = false\n $server_admin_api_whitelist = [ 'localhost', $lower_fqdn ]\n $server_ca_client_whitelist = [ 'localhost', $lower_fqdn ]\n $server_cipher_suites = [\n 'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256',\n 'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384',\n 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256',\n 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384',\n 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256',\n 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384',\n ]\n $server_ssl_protocols = [ 'TLSv1.2' ]\n $server_ssl_chain_filepath = undef\n $server_check_for_updates = true\n $server_environment_class_cache_enabled = false\n $server_allow_header_cert_info = false\n $server_ca_allow_sans = false\n $server_ca_allow_auth_extensions = false\n $server_ca_enable_infra_crl = false\n $server_max_open_files = undef\n $server_environment_vars = {}\n\n $server_puppetserver_version = undef\n\n # Which auth.conf shall we use?\n $server_use_legacy_auth_conf = false\n\n # Puppetserver metrics shipping\n $server_metrics_jmx_enable = true\n $server_metrics_graphite_enable = false\n $server_metrics_graphite_host = '127.0.0.1'\n $server_metrics_graphite_port = 2003\n $server_metrics_server_id = $lower_fqdn\n $server_metrics_graphite_interval = 5\n $server_metrics_allowed = undef\n\n # Should the /puppet/experimental route be enabled?\n $server_puppetserver_experimental = true\n\n # For custom auth.conf settings allow passing in a template\n $server_puppetserver_auth_template = undef\n\n # Normally agents can only fetch their own catalogs. If you want some nodes to be able to fetch *any* catalog, add them here.\n $server_puppetserver_trusted_agents = []\n $server_puppetserver_trusted_certificate_extensions = []\n}"}, {"name": "puppet::server", "file": "manifests/server.pp", "line": 341, "docstring": {"text": "== Class: puppet::server\n\nSets up a puppet master.\n\n== puppet::server parameters\n\n$autosign:: If set to a boolean, autosign is enabled or disabled\n for all incoming requests. Otherwise this has to be\n set to the full file path of an autosign.conf file or\n an autosign script. If this is set to a script, make\n sure that script considers the content of autosign.conf\n as otherwise Foreman functionality might be broken.\n\n$autosign_entries:: A list of certnames or domain name globs\n whose certificate requests will automatically be signed.\n Defaults to an empty Array.\n\n$autosign_mode:: mode of the autosign file/script\n\n$autosign_content:: If set, write the autosign file content\n using the value of this parameter.\n Cannot be used at the same time as autosign_entries\n For example, could be a string, or\n file('another_module/autosign.sh') or\n template('another_module/autosign.sh.erb')\n\n$autosign_source:: If set, use this as the source for the autosign file,\n instead of autosign_content.\n\n$hiera_config:: The hiera configuration file.\n\n$manage_user:: Whether to manage the puppet user resource\n\n$user:: Name of the puppetmaster user.\n\n$group:: Name of the puppetmaster group.\n\n$dir:: Puppet configuration directory\n\n$ip:: Bind ip address of the puppetmaster\n\n$port:: Puppet master port\n\n$ca:: Provide puppet CA\n\n$ca_crl_filepath:: Path to ca_crl file\n\n$ca_crl_sync:: Sync the puppet ca crl to compile masters. Requires compile masters to\n be agents of the CA master (MOM) defaults to false\n\n$crl_enable:: Enable CRL processing, defaults to true when $ca is true else defaults\n to false\n\n$http:: Should the puppet master listen on HTTP as well as HTTPS.\n Useful for load balancer or reverse proxy scenarios.\n\n$http_port:: Puppet master HTTP port; defaults to 8139.\n\n$reports:: List of report types to include on the puppetmaster\n\n$external_nodes:: External nodes classifier executable\n\n$trusted_external_command:: The external trusted facts script to use.\n\n$git_repo:: Use git repository as a source of modules\n\n$environments_owner:: The owner of the environments directory\n\n$environments_group:: The group owning the environments directory\n\n$environments_mode:: Environments directory mode.\n\n$envs_dir:: List of directories that hold puppet environments\n All listed directories will be created and attributes managed,\n but only the first listed path will be used to populate\n environments from git repo branches.\n\n$envs_target:: Indicates that $envs_dir should be\n a symbolic link to this target\n\n$common_modules_path:: Common modules paths\n\n$git_repo_path:: Git repository path\n\n$git_repo_mode:: Git repository mode\n\n$git_repo_group:: Git repository group\n\n$git_repo_user:: Git repository user\n\n$git_branch_map:: Git branch to puppet env mapping for the\n default post receive hook\n\n$post_hook_content:: Which template to use for git post hook\n\n$post_hook_name:: Name of a git hook\n\n$storeconfigs:: Whether to enable storeconfigs\n\n$ssl_dir:: SSL directory\n\n$package:: Custom package name for puppet master\n\n$version:: Custom package version for puppet master\n\n$certname:: The name to use when handling certificates.\n\n$strict_variables:: if set to true, it will throw parse errors\n when accessing undeclared variables.\n\n$additional_settings:: A hash of additional settings.\n Example: {trusted_node_data => true, ordering => 'manifest'}\n\n$parser:: Sets the parser to use. Valid options are 'current' or 'future'.\n Defaults to 'current'.\n\n$max_open_files:: Increase the max open files limit for Puppetserver.\n\n\n=== Advanced server parameters:\n\n$codedir:: Override the puppet code directory.\n\n$server_foreman_facts:: Should foreman receive facts from puppet\n\n$foreman:: Should foreman integration be installed\n\n$foreman_url:: Foreman URL\n\n$foreman_ssl_ca:: SSL CA of the Foreman server\n\n$foreman_ssl_cert:: Client certificate for authenticating against Foreman server\n\n$foreman_ssl_key:: Key for authenticating against Foreman server\n\n$puppet_basedir:: Where is the puppet code base located\n\n$compile_mode:: Used to control JRuby's \"CompileMode\", which may improve performance.\n\n\n$request_timeout:: Timeout in node.rb script for fetching\n catalog from Foreman (in seconds).\n\n$environment_timeout:: Timeout for cached compiled catalogs (10s, 5m, ...)\n\n$jvm_java_bin:: Set the default java to use.\n\n$jvm_config:: Specify the puppetserver jvm configuration file.\n\n$jvm_min_heap_size:: Specify the minimum jvm heap space.\n\n$jvm_max_heap_size:: Specify the maximum jvm heap space.\n\n$jvm_extra_args:: Additional java options to pass through.\n This can be used for Java versions prior to\n Java 8 to specify the max perm space to use:\n For example: '-XX:MaxPermSize=128m'.\n\n$jvm_cli_args:: Java options to use when using puppetserver\n subcommands (eg puppetserver gem).\n\n$jruby_gem_home:: Where jruby gems are located for puppetserver\n\n$server_environment_vars:: A hash of environment variables and their values\n which the puppetserver is allowed to see.\n To pass an existing variable use {'MYVAR': '${MYVAR}'}.\n\n$default_manifest:: Toggle if default_manifest setting should\n be added to the [main] section\n\n$default_manifest_path:: A string setting the path to the default_manifest\n\n$default_manifest_content:: A string to set the content of the default_manifest\n If set to '' it will not manage the file\n\n$ssl_dir_manage:: Toggle if ssl_dir should be added to the [master]\n configuration section. This is necessary to\n disable in case CA is delegated to a separate instance\n\n$ssl_key_manage:: Toggle if \"private_keys/${::puppet::server::certname}.pem\"\n should be created with default user and group. This is used in\n the default Forman setup to reuse the key for TLS communication.\n\n$puppetserver_vardir:: The path of the puppetserver var dir\n\n$puppetserver_rundir:: The path of the puppetserver run dir\n\n$puppetserver_logdir:: The path of the puppetserver log dir\n\n$puppetserver_dir:: The path of the puppetserver config dir\n\n$puppetserver_version:: The version of puppetserver installed (or being installed)\n Unfortunately, different versions of puppetserver need configuring differently.\n By default we attempt to derive the version from the puppet version itself but\n can be overriden if you're installing an older version.\n\n$max_active_instances:: Max number of active jruby instances. Defaults to\n processor count\n\n$max_requests_per_instance:: Max number of requests per jruby instance. Defaults to 0 (disabled)\n\n$max_queued_requests:: The maximum number of requests that may be queued waiting to borrow a\n JRuby from the pool.\n Defaults to 0 (disabled).\n\n$max_retry_delay:: Sets the upper limit for the random sleep set as a Retry-After header on\n 503 responses returned when max-queued-requests is enabled.\n Defaults to 1800 for\n\n$multithreaded:: Use multithreaded jruby. Defaults to false.\n\n$idle_timeout:: How long the server will wait for a response on an existing connection\n\n$connect_timeout:: How long the server will wait for a response to a connection attempt\n\n$web_idle_timeout:: Time in ms that Jetty allows a socket to be idle, after processing has completed.\n Defaults to the Jetty default of 30s\n\n$ssl_protocols:: Array of SSL protocols to use.\n Defaults to [ 'TLSv1.2' ]\n\n$ssl_chain_filepath:: Path to certificate chain for puppetserver\n Defaults to \"${ssl_dir}/ca/ca_crt.pem\"\n\n$cipher_suites:: List of SSL ciphers to use in negotiation\n Defaults to [ 'TLS_RSA_WITH_AES_256_CBC_SHA256', 'TLS_RSA_WITH_AES_256_CBC_SHA',\n 'TLS_RSA_WITH_AES_128_CBC_SHA256', 'TLS_RSA_WITH_AES_128_CBC_SHA', ]\n\n$ruby_load_paths:: List of ruby paths\n Defaults based on $::puppetversion\n\n$ca_client_whitelist:: The whitelist of client certificates that\n can query the certificate-status endpoint\n Defaults to [ '127.0.0.1', '::1', $::ipaddress ]\n\n$custom_trusted_oid_mapping:: A hash of custom trusted oid mappings.\n Example: { 1.3.6.1.4.1.34380.1.2.1.1 => { shortname => 'myshortname' } }\n\n$admin_api_whitelist:: The whitelist of clients that\n can query the puppet-admin-api endpoint\n Defaults to [ '127.0.0.1', '::1', $::ipaddress ]\n\n$ca_auth_required:: Whether client certificates are needed to access the puppet-admin api\n Defaults to true\n\n$ca_client_self_delete:: Adds a rule to auth.conf, that allows a client to self delete its own certificate\n Defaults to false\n\n$use_legacy_auth_conf:: Should the puppetserver use the legacy puppet auth.conf?\n Defaults to false (the puppetserver will use its own conf.d/auth.conf)\n Note that Puppetserver 7 has dropped support for this.\n\n$check_for_updates:: Should the puppetserver phone home to check for available updates?\n\n$environment_class_cache_enabled:: Enable environment class cache in conjunction with the use of the\n environment_classes API.\n\n\n$allow_header_cert_info:: Allow client authentication over HTTP Headers\n Defaults to false, is also activated by the $http setting\n\n$puppetserver_metrics:: Enable puppetserver http-client metrics\n Defaults to false because that's the Puppet Inc. default behaviour.\n\n$puppetserver_profiler:: Enable JRuby profiling.\n Defaults to false because that's the Puppet Inc. default behaviour.\n\n$puppetserver_telemetry:: Enable Dropsonde telemetry.\n Valid on puppetserver >= 7\n Defaults to true because that's the Puppet Inc. default behaviour since puppet 7\n\n$metrics_jmx_enable:: Enable or disable JMX metrics reporter. Defaults to true\n\n$metrics_graphite_enable:: Enable or disable Graphite metrics reporter. Defaults to false\n\n$metrics_graphite_host:: Graphite server host. Defaults to \"127.0.0.1\"\n\n$metrics_graphite_port:: Graphite server port. Defaults to 2003\n\n$metrics_server_id:: A server id that will be used as part of the namespace for metrics produced\n Defaults to $fqdn\n\n$metrics_graphite_interval:: How often to send metrics to graphite (in seconds)\n Defaults to 5\n\n$metrics_allowed:: Specify metrics to allow in addition to those in the default list\n Defaults to undef\n\n$puppetserver_experimental:: Enable the /puppet/experimental route? Defaults to true\n\n$puppetserver_auth_template:: Template for generating /etc/puppetlabs/puppetserver/conf.d/auth.conf\n\n$puppetserver_trusted_agents:: Certificate names of agents that are allowed to fetch *all* catalogs. Defaults to empty array\n\n$puppetserver_trusted_certificate_extensions:: An array of hashes of certificate extensions and values.\n Example: [{ 'pp_authorization' => 'catalog' }]\n\n$ca_allow_sans:: Allow CA to sign certificate requests that have Subject Alternative Names\n Defaults to false\n\n$ca_allow_auth_extensions:: Allow CA to sign certificate requests that have authorization extensions\n Defaults to false\n\n$ca_enable_infra_crl:: Enable the separate CRL for Puppet infrastructure nodes\n Defaults to false\n\n$acceptor_threads:: This sets the number of threads that the webserver will dedicate to accepting\n socket connections for unencrypted HTTP traffic. If not provided, the webserver\n defaults to the number of virtual cores on the host divided by 8, with a minimum\n of 1 and maximum of 4.\n\n$selector_threads:: This sets the number of selectors that the webserver will dedicate to processing\n events on connected sockets for unencrypted HTTPS traffic. If not provided,\n the webserver defaults to the minimum of: virtual cores on the host divided by 2\n or max-threads divided by 16, with a minimum of 1.\n\n$max_threads:: This sets the maximum number of threads assigned to responding to HTTP and/or\n HTTPS requests for a single webserver, effectively changing how many\n concurrent requests can be made at one time. If not provided, the\n webserver defaults to 200.\n\n$ssl_acceptor_threads:: This sets the number of threads that the webserver will dedicate to accepting\n socket connections for encrypted HTTPS traffic. If not provided, defaults to\n the number of virtual cores on the host divided by 8, with a minimum of 1 and maximum of 4.\n\n$ssl_selector_threads:: This sets the number of selectors that the webserver will dedicate to processing\n events on connected sockets for encrypted HTTPS traffic. Defaults to the number of\n virtual cores on the host divided by 2, with a minimum of 1 and maximum of 4.\n The number of selector threads actually used by Jetty is twice the number of selectors\n requested. For example, if a value of 3 is specified for the ssl-selector-threads setting,\n Jetty will actually use 6 selector threads.\n\n$versioned_code_id:: The path to an executable script that Puppet Server invokes to generate a code_id\n\n$versioned_code_content:: Contains the path to an executable script that Puppet Server invokes when an agent makes\n a static_file_content API request for the contents of a file resource that\n has a source attribute with a puppet:/// URI value.\n\n$jolokia_metrics_whitelist:: The whitelist of clients that\n can query the jolokia /metrics/v2 endpoint", "tags": [{"tag_name": "param", "text": "", "types": ["Variant[Boolean, Stdlib::Absolutepath]"], "name": "autosign"}, {"tag_name": "param", "text": "", "types": ["Array[String]"], "name": "autosign_entries"}, {"tag_name": "param", "text": "", "types": ["Pattern[/^[0-9]{3,4}$/]"], "name": "autosign_mode"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "autosign_content"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "autosign_source"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "hiera_config"}, {"tag_name": "param", "text": "", "types": ["Array[String]"], "name": "admin_api_whitelist"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "manage_user"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "user"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "group"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "dir"}, {"tag_name": "param", "text": "", "types": ["Stdlib::Absolutepath"], "name": "codedir"}, {"tag_name": "param", "text": "", "types": ["Integer"], "name": "port"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "ip"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "ca"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "ca_crl_filepath"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "ca_crl_sync"}, {"tag_name": "param", "text": "", "types": ["Optional[Boolean]"], "name": "crl_enable"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "ca_auth_required"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "ca_client_self_delete"}, {"tag_name": "param", "text": "", "types": ["Array[String]"], "name": "ca_client_whitelist"}, {"tag_name": "param", "text": "", "types": ["Optional[Puppet::Custom_trusted_oid_mapping]"], "name": "custom_trusted_oid_mapping"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "http"}, {"tag_name": "param", "text": "", "types": ["Integer"], "name": "http_port"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "reports"}, {"tag_name": "param", "text": "", "types": ["Stdlib::Absolutepath"], "name": "puppetserver_vardir"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::Absolutepath]"], "name": "puppetserver_rundir"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::Absolutepath]"], "name": "puppetserver_logdir"}, {"tag_name": "param", "text": "", "types": ["Stdlib::Absolutepath"], "name": "puppetserver_dir"}, {"tag_name": "param", "text": "", "types": ["Optional[Pattern[/^[\\d]\\.[\\d]+\\.[\\d]+$/]]"], "name": "puppetserver_version"}, {"tag_name": "param", "text": "", "types": ["Variant[Undef, String[0], Stdlib::Absolutepath]"], "name": "external_nodes"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::Absolutepath]"], "name": "trusted_external_command"}, {"tag_name": "param", "text": "", "types": ["Array[String]"], "name": "cipher_suites"}, {"tag_name": "param", "text": "", "types": ["Integer[0]"], "name": "connect_timeout"}, {"tag_name": "param", "text": "", "types": ["Integer[0]"], "name": "web_idle_timeout"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "git_repo"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "default_manifest"}, {"tag_name": "param", "text": "", "types": ["Stdlib::Absolutepath"], "name": "default_manifest_path"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "default_manifest_content"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "environments_owner"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "environments_group"}, {"tag_name": "param", "text": "", "types": ["Pattern[/^[0-9]{3,4}$/]"], "name": "environments_mode"}, {"tag_name": "param", "text": "", "types": ["Array[Stdlib::Absolutepath, 1]"], "name": "envs_dir"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::Absolutepath]"], "name": "envs_target"}, {"tag_name": "param", "text": "", "types": ["Variant[Undef, String[0], Array[Stdlib::Absolutepath]]"], "name": "common_modules_path"}, {"tag_name": "param", "text": "", "types": ["Pattern[/^[0-9]{3,4}$/]"], "name": "git_repo_mode"}, {"tag_name": "param", "text": "", "types": ["Stdlib::Absolutepath"], "name": "git_repo_path"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "git_repo_group"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "git_repo_user"}, {"tag_name": "param", "text": "", "types": ["Hash[String, String]"], "name": "git_branch_map"}, {"tag_name": "param", "text": "", "types": ["Integer[0]"], "name": "idle_timeout"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "post_hook_content"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "post_hook_name"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "storeconfigs"}, {"tag_name": "param", "text": "", "types": ["Array[Stdlib::Absolutepath]"], "name": "ruby_load_paths"}, {"tag_name": "param", "text": "", "types": ["Stdlib::Absolutepath"], "name": "ssl_dir"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "ssl_dir_manage"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "ssl_key_manage"}, {"tag_name": "param", "text": "", "types": ["Array[String]"], "name": "ssl_protocols"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::Absolutepath]"], "name": "ssl_chain_filepath"}, {"tag_name": "param", "text": "", "types": ["Optional[Variant[String, Array[String]]]"], "name": "package"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "version"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "certname"}, {"tag_name": "param", "text": "", "types": ["Integer[0]"], "name": "request_timeout"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "strict_variables"}, {"tag_name": "param", "text": "", "types": ["Hash[String, Data]"], "name": "additional_settings"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "foreman"}, {"tag_name": "param", "text": "", "types": ["Stdlib::HTTPUrl"], "name": "foreman_url"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::Absolutepath]"], "name": "foreman_ssl_ca"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::Absolutepath]"], "name": "foreman_ssl_cert"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::Absolutepath]"], "name": "foreman_ssl_key"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "server_foreman_facts"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::Absolutepath]"], "name": "puppet_basedir"}, {"tag_name": "param", "text": "", "types": ["Enum['current', 'future']"], "name": "parser"}, {"tag_name": "param", "text": "", "types": ["Variant[Undef, Enum['unlimited'], Pattern[/^\\d+[smhdy]?$/]]"], "name": "environment_timeout"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "jvm_java_bin"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "jvm_config"}, {"tag_name": "param", "text": "", "types": ["Pattern[/^[0-9]+[kKmMgG]$/]"], "name": "jvm_min_heap_size"}, {"tag_name": "param", "text": "", "types": ["Pattern[/^[0-9]+[kKmMgG]$/]"], "name": "jvm_max_heap_size"}, {"tag_name": "param", "text": "", "types": ["Optional[Variant[String,Array[String]]]"], "name": "jvm_extra_args"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "jvm_cli_args"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::Absolutepath]"], "name": "jruby_gem_home"}, {"tag_name": "param", "text": "", "types": ["Hash[String, String]"], "name": "server_environment_vars"}, {"tag_name": "param", "text": "", "types": ["Integer[1]"], "name": "max_active_instances"}, {"tag_name": "param", "text": "", "types": ["Integer[0]"], "name": "max_requests_per_instance"}, {"tag_name": "param", "text": "", "types": ["Integer[0]"], "name": "max_queued_requests"}, {"tag_name": "param", "text": "", "types": ["Integer[0]"], "name": "max_retry_delay"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "multithreaded"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "use_legacy_auth_conf"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "check_for_updates"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "environment_class_cache_enabled"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "allow_header_cert_info"}, {"tag_name": "param", "text": "", "types": ["Optional[Boolean]"], "name": "puppetserver_metrics"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "puppetserver_profiler"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "puppetserver_telemetry"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "metrics_jmx_enable"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "metrics_graphite_enable"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "metrics_graphite_host"}, {"tag_name": "param", "text": "", "types": ["Integer"], "name": "metrics_graphite_port"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "metrics_server_id"}, {"tag_name": "param", "text": "", "types": ["Integer"], "name": "metrics_graphite_interval"}, {"tag_name": "param", "text": "", "types": ["Variant[Undef, Array]"], "name": "metrics_allowed"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "puppetserver_experimental"}, {"tag_name": "param", "text": "", "types": ["Optional[String[1]]"], "name": "puppetserver_auth_template"}, {"tag_name": "param", "text": "", "types": ["Array[String]"], "name": "puppetserver_trusted_agents"}, {"tag_name": "param", "text": "", "types": ["Array[Hash]"], "name": "puppetserver_trusted_certificate_extensions"}, {"tag_name": "param", "text": "", "types": ["Optional[Enum['off', 'jit', 'force']]"], "name": "compile_mode"}, {"tag_name": "param", "text": "", "types": ["Optional[Integer[1]]"], "name": "selector_threads"}, {"tag_name": "param", "text": "", "types": ["Optional[Integer[1]]"], "name": "acceptor_threads"}, {"tag_name": "param", "text": "", "types": ["Optional[Integer[1]]"], "name": "ssl_selector_threads"}, {"tag_name": "param", "text": "", "types": ["Optional[Integer[1]]"], "name": "ssl_acceptor_threads"}, {"tag_name": "param", "text": "", "types": ["Optional[Integer[1]]"], "name": "max_threads"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "ca_allow_sans"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "ca_allow_auth_extensions"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "ca_enable_infra_crl"}, {"tag_name": "param", "text": "", "types": ["Optional[Integer[1]]"], "name": "max_open_files"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::Absolutepath]"], "name": "versioned_code_id"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::Absolutepath]"], "name": "versioned_code_content"}, {"tag_name": "param", "text": "", "types": ["Array[String[1]]"], "name": "jolokia_metrics_whitelist"}]}, "defaults": {"autosign": "$puppet::autosign", "autosign_entries": "$puppet::autosign_entries", "autosign_mode": "$puppet::autosign_mode", "autosign_content": "$puppet::autosign_content", "autosign_source": "$puppet::autosign_source", "hiera_config": "$puppet::hiera_config", "admin_api_whitelist": "$puppet::server_admin_api_whitelist", "manage_user": "$puppet::server_manage_user", "user": "$puppet::server_user", "group": "$puppet::server_group", "dir": "$puppet::server_dir", "codedir": "$puppet::codedir", "port": "$puppet::server_port", "ip": "$puppet::server_ip", "ca": "$puppet::server_ca", "ca_crl_filepath": "$puppet::ca_crl_filepath", "ca_crl_sync": "$puppet::server_ca_crl_sync", "crl_enable": "$puppet::server_crl_enable", "ca_auth_required": "$puppet::server_ca_auth_required", "ca_client_self_delete": "$puppet::server_ca_client_self_delete", "ca_client_whitelist": "$puppet::server_ca_client_whitelist", "custom_trusted_oid_mapping": "$puppet::server_custom_trusted_oid_mapping", "http": "$puppet::server_http", "http_port": "$puppet::server_http_port", "reports": "$puppet::server_reports", "puppetserver_vardir": "$puppet::server_puppetserver_vardir", "puppetserver_rundir": "$puppet::server_puppetserver_rundir", "puppetserver_logdir": "$puppet::server_puppetserver_logdir", "puppetserver_dir": "$puppet::server_puppetserver_dir", "puppetserver_version": "$puppet::server_puppetserver_version", "external_nodes": "$puppet::server_external_nodes", "trusted_external_command": "$puppet::server_trusted_external_command", "cipher_suites": "$puppet::server_cipher_suites", "connect_timeout": "$puppet::server_connect_timeout", "web_idle_timeout": "$puppet::server_web_idle_timeout", "git_repo": "$puppet::server_git_repo", "default_manifest": "$puppet::server_default_manifest", "default_manifest_path": "$puppet::server_default_manifest_path", "default_manifest_content": "$puppet::server_default_manifest_content", "environments_owner": "$puppet::server_environments_owner", "environments_group": "$puppet::server_environments_group", "environments_mode": "$puppet::server_environments_mode", "envs_dir": "$puppet::server_envs_dir", "envs_target": "$puppet::server_envs_target", "common_modules_path": "$puppet::server_common_modules_path", "git_repo_mode": "$puppet::server_git_repo_mode", "git_repo_path": "$puppet::server_git_repo_path", "git_repo_group": "$puppet::server_git_repo_group", "git_repo_user": "$puppet::server_git_repo_user", "git_branch_map": "$puppet::server_git_branch_map", "idle_timeout": "$puppet::server_idle_timeout", "post_hook_content": "$puppet::server_post_hook_content", "post_hook_name": "$puppet::server_post_hook_name", "storeconfigs": "$puppet::server_storeconfigs", "ruby_load_paths": "$puppet::server_ruby_load_paths", "ssl_dir": "$puppet::server_ssl_dir", "ssl_dir_manage": "$puppet::server_ssl_dir_manage", "ssl_key_manage": "$puppet::server_ssl_key_manage", "ssl_protocols": "$puppet::server_ssl_protocols", "ssl_chain_filepath": "$puppet::server_ssl_chain_filepath", "package": "$puppet::server_package", "version": "$puppet::server_version", "certname": "$puppet::server_certname", "request_timeout": "$puppet::server_request_timeout", "strict_variables": "$puppet::server_strict_variables", "additional_settings": "$puppet::server_additional_settings", "foreman": "$puppet::server_foreman", "foreman_url": "$puppet::server_foreman_url", "foreman_ssl_ca": "$puppet::server_foreman_ssl_ca", "foreman_ssl_cert": "$puppet::server_foreman_ssl_cert", "foreman_ssl_key": "$puppet::server_foreman_ssl_key", "server_foreman_facts": "$puppet::server_foreman_facts", "puppet_basedir": "$puppet::server_puppet_basedir", "parser": "$puppet::server_parser", "environment_timeout": "$puppet::server_environment_timeout", "jvm_java_bin": "$puppet::server_jvm_java_bin", "jvm_config": "$puppet::server_jvm_config", "jvm_min_heap_size": "$puppet::server_jvm_min_heap_size", "jvm_max_heap_size": "$puppet::server_jvm_max_heap_size", "jvm_extra_args": "$puppet::server_jvm_extra_args", "jvm_cli_args": "$puppet::server_jvm_cli_args", "jruby_gem_home": "$puppet::server_jruby_gem_home", "server_environment_vars": "$puppet::server_environment_vars", "max_active_instances": "$puppet::server_max_active_instances", "max_requests_per_instance": "$puppet::server_max_requests_per_instance", "max_queued_requests": "$puppet::server_max_queued_requests", "max_retry_delay": "$puppet::server_max_retry_delay", "multithreaded": "$puppet::server_multithreaded", "use_legacy_auth_conf": "$puppet::server_use_legacy_auth_conf", "check_for_updates": "$puppet::server_check_for_updates", "environment_class_cache_enabled": "$puppet::server_environment_class_cache_enabled", "allow_header_cert_info": "$puppet::server_allow_header_cert_info", "puppetserver_metrics": "$puppet::server_puppetserver_metrics", "puppetserver_profiler": "$puppet::server_puppetserver_profiler", "puppetserver_telemetry": "$puppet::server_puppetserver_telemetry", "metrics_jmx_enable": "$puppet::server_metrics_jmx_enable", "metrics_graphite_enable": "$puppet::server_metrics_graphite_enable", "metrics_graphite_host": "$puppet::server_metrics_graphite_host", "metrics_graphite_port": "$puppet::server_metrics_graphite_port", "metrics_server_id": "$puppet::server_metrics_server_id", "metrics_graphite_interval": "$puppet::server_metrics_graphite_interval", "metrics_allowed": "$puppet::server_metrics_allowed", "puppetserver_experimental": "$puppet::server_puppetserver_experimental", "puppetserver_auth_template": "$puppet::server_puppetserver_auth_template", "puppetserver_trusted_agents": "$puppet::server_puppetserver_trusted_agents", "puppetserver_trusted_certificate_extensions": "$puppet::server_puppetserver_trusted_certificate_extensions", "compile_mode": "$puppet::server_compile_mode", "selector_threads": "$puppet::server_selector_threads", "acceptor_threads": "$puppet::server_acceptor_threads", "ssl_selector_threads": "$puppet::server_ssl_selector_threads", "ssl_acceptor_threads": "$puppet::server_ssl_acceptor_threads", "max_threads": "$puppet::server_max_threads", "ca_allow_sans": "$puppet::server_ca_allow_sans", "ca_allow_auth_extensions": "$puppet::server_ca_allow_auth_extensions", "ca_enable_infra_crl": "$puppet::server_ca_enable_infra_crl", "max_open_files": "$puppet::server_max_open_files", "versioned_code_id": "$puppet::server_versioned_code_id", "versioned_code_content": "$puppet::server_versioned_code_content", "jolokia_metrics_whitelist": "$puppet::server_jolokia_metrics_whitelist"}, "source": "class puppet::server(\n Variant[Boolean, Stdlib::Absolutepath] $autosign = $puppet::autosign,\n Array[String] $autosign_entries = $puppet::autosign_entries,\n Pattern[/^[0-9]{3,4}$/] $autosign_mode = $puppet::autosign_mode,\n Optional[String] $autosign_content = $puppet::autosign_content,\n Optional[String] $autosign_source = $puppet::autosign_source,\n String $hiera_config = $puppet::hiera_config,\n Array[String] $admin_api_whitelist = $puppet::server_admin_api_whitelist,\n Boolean $manage_user = $puppet::server_manage_user,\n String $user = $puppet::server_user,\n String $group = $puppet::server_group,\n String $dir = $puppet::server_dir,\n Stdlib::Absolutepath $codedir = $puppet::codedir,\n Integer $port = $puppet::server_port,\n String $ip = $puppet::server_ip,\n Boolean $ca = $puppet::server_ca,\n Optional[String] $ca_crl_filepath = $puppet::ca_crl_filepath,\n Boolean $ca_crl_sync = $puppet::server_ca_crl_sync,\n Optional[Boolean] $crl_enable = $puppet::server_crl_enable,\n Boolean $ca_auth_required = $puppet::server_ca_auth_required,\n Boolean $ca_client_self_delete = $puppet::server_ca_client_self_delete,\n Array[String] $ca_client_whitelist = $puppet::server_ca_client_whitelist,\n Optional[Puppet::Custom_trusted_oid_mapping] $custom_trusted_oid_mapping = $puppet::server_custom_trusted_oid_mapping,\n Boolean $http = $puppet::server_http,\n Integer $http_port = $puppet::server_http_port,\n String $reports = $puppet::server_reports,\n Stdlib::Absolutepath $puppetserver_vardir = $puppet::server_puppetserver_vardir,\n Optional[Stdlib::Absolutepath] $puppetserver_rundir = $puppet::server_puppetserver_rundir,\n Optional[Stdlib::Absolutepath] $puppetserver_logdir = $puppet::server_puppetserver_logdir,\n Stdlib::Absolutepath $puppetserver_dir = $puppet::server_puppetserver_dir,\n Optional[Pattern[/^[\\d]\\.[\\d]+\\.[\\d]+$/]] $puppetserver_version = $puppet::server_puppetserver_version,\n Variant[Undef, String[0], Stdlib::Absolutepath] $external_nodes = $puppet::server_external_nodes,\n Optional[Stdlib::Absolutepath] $trusted_external_command = $puppet::server_trusted_external_command,\n Array[String] $cipher_suites = $puppet::server_cipher_suites,\n Integer[0] $connect_timeout = $puppet::server_connect_timeout,\n Integer[0] $web_idle_timeout = $puppet::server_web_idle_timeout,\n Boolean $git_repo = $puppet::server_git_repo,\n Boolean $default_manifest = $puppet::server_default_manifest,\n Stdlib::Absolutepath $default_manifest_path = $puppet::server_default_manifest_path,\n String $default_manifest_content = $puppet::server_default_manifest_content,\n String $environments_owner = $puppet::server_environments_owner,\n Optional[String] $environments_group = $puppet::server_environments_group,\n Pattern[/^[0-9]{3,4}$/] $environments_mode = $puppet::server_environments_mode,\n Array[Stdlib::Absolutepath, 1] $envs_dir = $puppet::server_envs_dir,\n Optional[Stdlib::Absolutepath] $envs_target = $puppet::server_envs_target,\n Variant[Undef, String[0], Array[Stdlib::Absolutepath]] $common_modules_path = $puppet::server_common_modules_path,\n Pattern[/^[0-9]{3,4}$/] $git_repo_mode = $puppet::server_git_repo_mode,\n Stdlib::Absolutepath $git_repo_path = $puppet::server_git_repo_path,\n String $git_repo_group = $puppet::server_git_repo_group,\n String $git_repo_user = $puppet::server_git_repo_user,\n Hash[String, String] $git_branch_map = $puppet::server_git_branch_map,\n Integer[0] $idle_timeout = $puppet::server_idle_timeout,\n String $post_hook_content = $puppet::server_post_hook_content,\n String $post_hook_name = $puppet::server_post_hook_name,\n Boolean $storeconfigs = $puppet::server_storeconfigs,\n Array[Stdlib::Absolutepath] $ruby_load_paths = $puppet::server_ruby_load_paths,\n Stdlib::Absolutepath $ssl_dir = $puppet::server_ssl_dir,\n Boolean $ssl_dir_manage = $puppet::server_ssl_dir_manage,\n Boolean $ssl_key_manage = $puppet::server_ssl_key_manage,\n Array[String] $ssl_protocols = $puppet::server_ssl_protocols,\n Optional[Stdlib::Absolutepath] $ssl_chain_filepath = $puppet::server_ssl_chain_filepath,\n Optional[Variant[String, Array[String]]] $package = $puppet::server_package,\n Optional[String] $version = $puppet::server_version,\n String $certname = $puppet::server_certname,\n Integer[0] $request_timeout = $puppet::server_request_timeout,\n Boolean $strict_variables = $puppet::server_strict_variables,\n Hash[String, Data] $additional_settings = $puppet::server_additional_settings,\n Boolean $foreman = $puppet::server_foreman,\n Stdlib::HTTPUrl $foreman_url = $puppet::server_foreman_url,\n Optional[Stdlib::Absolutepath] $foreman_ssl_ca = $puppet::server_foreman_ssl_ca,\n Optional[Stdlib::Absolutepath] $foreman_ssl_cert = $puppet::server_foreman_ssl_cert,\n Optional[Stdlib::Absolutepath] $foreman_ssl_key = $puppet::server_foreman_ssl_key,\n Boolean $server_foreman_facts = $puppet::server_foreman_facts,\n Optional[Stdlib::Absolutepath] $puppet_basedir = $puppet::server_puppet_basedir,\n Enum['current', 'future'] $parser = $puppet::server_parser,\n Variant[Undef, Enum['unlimited'], Pattern[/^\\d+[smhdy]?$/]] $environment_timeout = $puppet::server_environment_timeout,\n String $jvm_java_bin = $puppet::server_jvm_java_bin,\n String $jvm_config = $puppet::server_jvm_config,\n Pattern[/^[0-9]+[kKmMgG]$/] $jvm_min_heap_size = $puppet::server_jvm_min_heap_size,\n Pattern[/^[0-9]+[kKmMgG]$/] $jvm_max_heap_size = $puppet::server_jvm_max_heap_size,\n Optional[Variant[String,Array[String]]] $jvm_extra_args = $puppet::server_jvm_extra_args,\n Optional[String] $jvm_cli_args = $puppet::server_jvm_cli_args,\n Optional[Stdlib::Absolutepath] $jruby_gem_home = $puppet::server_jruby_gem_home,\n Hash[String, String] $server_environment_vars = $puppet::server_environment_vars,\n Integer[1] $max_active_instances = $puppet::server_max_active_instances,\n Integer[0] $max_requests_per_instance = $puppet::server_max_requests_per_instance,\n Integer[0] $max_queued_requests = $puppet::server_max_queued_requests,\n Integer[0] $max_retry_delay = $puppet::server_max_retry_delay,\n Boolean $multithreaded = $puppet::server_multithreaded,\n Boolean $use_legacy_auth_conf = $puppet::server_use_legacy_auth_conf,\n Boolean $check_for_updates = $puppet::server_check_for_updates,\n Boolean $environment_class_cache_enabled = $puppet::server_environment_class_cache_enabled,\n Boolean $allow_header_cert_info = $puppet::server_allow_header_cert_info,\n Optional[Boolean] $puppetserver_metrics = $puppet::server_puppetserver_metrics,\n Boolean $puppetserver_profiler = $puppet::server_puppetserver_profiler,\n Boolean $puppetserver_telemetry = $puppet::server_puppetserver_telemetry,\n Boolean $metrics_jmx_enable = $puppet::server_metrics_jmx_enable,\n Boolean $metrics_graphite_enable = $puppet::server_metrics_graphite_enable,\n String $metrics_graphite_host = $puppet::server_metrics_graphite_host,\n Integer $metrics_graphite_port = $puppet::server_metrics_graphite_port,\n String $metrics_server_id = $puppet::server_metrics_server_id,\n Integer $metrics_graphite_interval = $puppet::server_metrics_graphite_interval,\n Variant[Undef, Array] $metrics_allowed = $puppet::server_metrics_allowed,\n Boolean $puppetserver_experimental = $puppet::server_puppetserver_experimental,\n Optional[String[1]] $puppetserver_auth_template = $puppet::server_puppetserver_auth_template,\n Array[String] $puppetserver_trusted_agents = $puppet::server_puppetserver_trusted_agents,\n Array[Hash] $puppetserver_trusted_certificate_extensions = $puppet::server_puppetserver_trusted_certificate_extensions,\n Optional[Enum['off', 'jit', 'force']] $compile_mode = $puppet::server_compile_mode,\n Optional[Integer[1]] $selector_threads = $puppet::server_selector_threads,\n Optional[Integer[1]] $acceptor_threads = $puppet::server_acceptor_threads,\n Optional[Integer[1]] $ssl_selector_threads = $puppet::server_ssl_selector_threads,\n Optional[Integer[1]] $ssl_acceptor_threads = $puppet::server_ssl_acceptor_threads,\n Optional[Integer[1]] $max_threads = $puppet::server_max_threads,\n Boolean $ca_allow_sans = $puppet::server_ca_allow_sans,\n Boolean $ca_allow_auth_extensions = $puppet::server_ca_allow_auth_extensions,\n Boolean $ca_enable_infra_crl = $puppet::server_ca_enable_infra_crl,\n Optional[Integer[1]] $max_open_files = $puppet::server_max_open_files,\n Optional[Stdlib::Absolutepath] $versioned_code_id = $puppet::server_versioned_code_id,\n Optional[Stdlib::Absolutepath] $versioned_code_content = $puppet::server_versioned_code_content,\n Array[String[1]] $jolokia_metrics_whitelist = $puppet::server_jolokia_metrics_whitelist,\n) {\n # For Puppetserver, certain configuration parameters are version specific. We\n # assume a particular version here.\n if $puppetserver_version {\n $real_puppetserver_version = $puppetserver_version\n } elsif versioncmp($facts['puppetversion'], '7.0.0') >= 0 {\n $real_puppetserver_version = '7.0.0'\n } else {\n $real_puppetserver_version = '6.15.0'\n }\n\n if versioncmp($real_puppetserver_version, '7.0.0') >= 0 {\n $cadir = \"${puppetserver_dir}/ca\"\n } else {\n $cadir = \"${ssl_dir}/ca\"\n }\n\n if $ca {\n $ssl_ca_cert = \"${cadir}/ca_crt.pem\"\n $ssl_ca_crl = \"${cadir}/ca_crl.pem\"\n $ssl_chain = pick($ssl_chain_filepath, \"${cadir}/ca_crt.pem\")\n $crl_enable_real = pick($crl_enable, true)\n } else {\n $ssl_ca_cert = \"${ssl_dir}/certs/ca.pem\"\n $ssl_ca_crl = pick($ca_crl_filepath, \"${ssl_dir}/crl.pem\")\n $ssl_chain = false\n $crl_enable_real = pick($crl_enable, false)\n }\n\n $ssl_cert = \"${ssl_dir}/certs/${certname}.pem\"\n $ssl_cert_key = \"${ssl_dir}/private_keys/${certname}.pem\"\n\n if versioncmp($real_puppetserver_version, '7.0.0') >= 0 {\n if $use_legacy_auth_conf {\n fail('The jruby-puppet.use-legacy-auth-conf setting is removed in Puppetserver 7')\n }\n }\n\n if $jvm_extra_args {\n $real_jvm_extra_args = $jvm_extra_args\n } else {\n $real_jvm_extra_args = '-Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger'\n }\n\n contain puppet::server::install\n contain puppet::server::config\n contain puppet::server::service\n\n Class['puppet::server::install'] ~> Class['puppet::server::config']\n Class['puppet::config', 'puppet::server::config'] ~> Class['puppet::server::service']\n}"}, {"name": "puppet::server::config", "file": "manifests/server/config.pp", "line": 3, "inherits": "puppet::config", "docstring": {"text": "Set up the puppet server config", "tags": [{"tag_name": "api", "text": "private"}]}, "source": "class puppet::server::config inherits puppet::config {\n contain 'puppet::server::puppetserver'\n unless empty($puppet::server::puppetserver_vardir) {\n puppet::config::master {\n 'vardir': value => $puppet::server::puppetserver_vardir;\n }\n }\n unless empty($puppet::server::puppetserver_rundir) {\n puppet::config::master {\n 'rundir': value => $puppet::server::puppetserver_rundir;\n }\n }\n unless empty($puppet::server::puppetserver_logdir) {\n puppet::config::master {\n 'logdir': value => $puppet::server::puppetserver_logdir;\n }\n }\n\n # Mirror the relationship, as defined() is parse-order dependent\n # Ensures puppetmasters certs are generated before the proxy is needed\n if defined(Class['foreman_proxy::config']) and $foreman_proxy::ssl {\n Class['puppet::server::config'] ~> Class['foreman_proxy::config']\n Class['puppet::server::config'] ~> Class['foreman_proxy::service']\n }\n\n # And before Foreman's cert-using service needs it\n if defined(Class['foreman::service']) and $foreman::ssl {\n Class['puppet::server::config'] -> Class['foreman::service']\n }\n\n ## General configuration\n $ca_server = $puppet::ca_server\n $ca_port = $puppet::ca_port\n $server_external_nodes = $puppet::server::external_nodes\n $server_environment_timeout = $puppet::server::environment_timeout\n $trusted_external_command = $puppet::server::trusted_external_command\n $primary_envs_dir = $puppet::server::envs_dir[0]\n\n if $server_external_nodes and $server_external_nodes != '' {\n class{ 'puppet::server::enc':\n enc_path => $server_external_nodes,\n }\n }\n\n if $trusted_external_command {\n puppet::config::master {\n 'trusted_external_command': value => $trusted_external_command,\n }\n }\n\n $autosign = ($puppet::server::autosign =~ Boolean)? {\n true => $puppet::server::autosign,\n false => \"${puppet::server::autosign} { mode = ${puppet::server::autosign_mode} }\"\n }\n\n puppet::config::main {\n 'reports': value => $puppet::server::reports;\n 'environmentpath': value => $puppet::server::envs_dir.join(':');\n }\n if $puppet::server::hiera_config and !empty($puppet::server::hiera_config){\n puppet::config::main {\n 'hiera_config': value => $puppet::server::hiera_config;\n }\n }\n if $puppet::server::common_modules_path and !empty($puppet::server::common_modules_path) {\n puppet::config::main {\n 'basemodulepath': value => $puppet::server::common_modules_path, joiner => ':';\n }\n }\n if $puppet::server::default_manifest {\n puppet::config::main {\n 'default_manifest': value => $puppet::server::default_manifest_path;\n }\n }\n\n puppet::config::master {\n 'autosign': value => $autosign;\n 'ca': value => $puppet::server::ca;\n 'certname': value => $puppet::server::certname;\n 'parser': value => $puppet::server::parser;\n 'strict_variables': value => $puppet::server::strict_variables;\n 'storeconfigs': value => $puppet::server::storeconfigs;\n }\n\n if $puppet::server::ssl_dir_manage {\n puppet::config::master {\n 'ssldir': value => $puppet::server::ssl_dir;\n }\n }\n if $server_environment_timeout {\n puppet::config::master {\n 'environment_timeout': value => $server_environment_timeout;\n }\n }\n\n $puppet::server_additional_settings.each |$key,$value| {\n puppet::config::master { $key: value => $value }\n }\n\n file { \"${puppet::vardir}/reports\":\n ensure => directory,\n owner => $puppet::server::user,\n group => $puppet::server::group,\n mode => '0750',\n }\n\n if '/usr/share/puppet/modules' in $puppet::server::common_modules_path {\n # Create Foreman share dir which does not depend on Puppet version\n exec { 'mkdir -p /usr/share/puppet/modules':\n creates => '/usr/share/puppet/modules',\n path => ['/usr/bin', '/bin'],\n }\n }\n\n ## SSL and CA configuration\n # Open read permissions to private keys to puppet group for foreman, proxy etc.\n file { \"${puppet::server::ssl_dir}/private_keys\":\n ensure => directory,\n owner => $puppet::server::user,\n group => $puppet::server::group,\n mode => '0750',\n require => Exec['puppet_server_config-create_ssl_dir'],\n }\n\n if $puppet::server::ssl_key_manage {\n file { \"${puppet::server::ssl_dir}/private_keys/${puppet::server::certname}.pem\":\n owner => $puppet::server::user,\n group => $puppet::server::group,\n mode => '0640',\n }\n }\n\n if $puppet::server::custom_trusted_oid_mapping {\n $_custom_trusted_oid_mapping = {\n oid_mapping => $puppet::server::custom_trusted_oid_mapping,\n }\n file { \"${puppet::dir}/custom_trusted_oid_mapping.yaml\":\n ensure => file,\n owner => 'root',\n group => $puppet::params::root_group,\n mode => '0644',\n content => to_yaml($_custom_trusted_oid_mapping),\n }\n }\n\n # If the ssl dir is not the default dir, it needs to be created before running\n # the generate ca cert or it will fail.\n exec {'puppet_server_config-create_ssl_dir':\n creates => $puppet::server::ssl_dir,\n command => \"/bin/mkdir -p ${puppet::server::ssl_dir}\",\n umask => '0022',\n }\n\n # Generate a new CA and host cert if our host cert doesn't exist\n if $puppet::server::ca {\n exec {'puppet_server_config-generate_ca_cert':\n creates => $puppet::server::ssl_ca_cert,\n command => \"${puppet::puppetserver_cmd} ca setup\",\n umask => '0022',\n require => [\n Concat[\"${puppet::server::dir}/puppet.conf\"],\n Exec['puppet_server_config-create_ssl_dir'],\n ],\n }\n\n # In Puppet 7 the cadir was changed from $ssldir/ca to $puppetserver_dir/ca\n # This migrates the directory if it was in the old location\n # The migration command leaves a symlink in place\n if versioncmp($puppet::server::real_puppetserver_version, '7.0') > 0 {\n exec { 'migrate Puppetserver cadir':\n command => \"${puppet::puppetserver_cmd} ca migrate\",\n creates => $puppet::server::cadir,\n onlyif => \"test -d '${puppet::server::ssl_dir}/ca' && ! test -L '${puppet::server::ssl_dir}'\",\n path => $::path,\n before => Exec['puppet_server_config-generate_ca_cert'],\n }\n }\n } elsif $puppet::server::ca_crl_sync {\n # If not a ca AND sync the crl from the ca master\n if defined('$::servername') {\n file { $puppet::server::ssl_ca_crl:\n ensure => file,\n owner => $puppet::server::user,\n group => $puppet::server::group,\n mode => '0644',\n content => file($::settings::cacrl, $::settings::hostcrl, '/dev/null'),\n }\n }\n }\n\n # autosign file\n if $puppet::server_ca and !($puppet::server::autosign =~ Boolean) {\n if $puppet::server::autosign_content or $puppet::server::autosign_source {\n if !empty($puppet::server::autosign_entries) {\n fail('Cannot set both autosign_content/autosign_source and autosign_entries')\n }\n $autosign_content = $puppet::server::autosign_content\n } elsif !empty($puppet::server::autosign_entries) {\n $autosign_content = template('puppet/server/autosign.conf.erb')\n } else {\n $autosign_content = undef\n }\n file { $puppet::server::autosign:\n ensure => file,\n owner => $puppet::server::user,\n group => $puppet::server::group,\n mode => $puppet::server::autosign_mode,\n content => $autosign_content,\n source => $puppet::server::autosign_source,\n }\n }\n\n # only manage this file if we provide content\n if $puppet::server::default_manifest and $puppet::server::default_manifest_content != '' {\n file { $puppet::server::default_manifest_path:\n ensure => file,\n owner => $puppet::user,\n group => $puppet::group,\n mode => '0644',\n content => $puppet::server::default_manifest_content,\n }\n }\n\n ## Environments\n # location where our puppet environments are located\n if $puppet::server::envs_target and $puppet::server::envs_target != '' {\n $ensure = 'link'\n } else {\n $ensure = 'directory'\n }\n\n file { $puppet::server::envs_dir:\n ensure => $ensure,\n owner => $puppet::server::environments_owner,\n group => $puppet::server::environments_group,\n mode => $puppet::server::environments_mode,\n target => $puppet::server::envs_target,\n force => true,\n }\n\n if $puppet::server::git_repo {\n include git\n\n if $puppet::server::manage_user {\n Class['git'] -> User[$puppet::server::user]\n }\n\n file { $puppet::vardir:\n ensure => directory,\n owner => 'puppet',\n group => 'puppet',\n }\n\n git::repo { 'puppet_repo':\n bare => true,\n target => $puppet::server::git_repo_path,\n mode => $puppet::server::git_repo_mode,\n user => $puppet::server::git_repo_user,\n group => $puppet::server::git_repo_group,\n require => File[$puppet::vardir, $primary_envs_dir],\n }\n\n $git_branch_map = $puppet::server::git_branch_map\n # git post hook to auto generate an environment per branch\n file { \"${puppet::server::git_repo_path}/hooks/${puppet::server::post_hook_name}\":\n content => template($puppet::server::post_hook_content),\n owner => $puppet::server::git_repo_user,\n group => $puppet::server::git_repo_group,\n mode => $puppet::server::git_repo_mode,\n require => Git::Repo['puppet_repo'],\n }\n }\n\n file { $puppet::sharedir:\n ensure => directory,\n }\n\n if $puppet::server::common_modules_path and !empty($puppet::server::common_modules_path) {\n file { $puppet::server::common_modules_path:\n ensure => directory,\n owner => $puppet::server_environments_owner,\n group => $puppet::server_environments_group,\n mode => $puppet::server_environments_mode,\n }\n }\n\n ## Foreman\n if $puppet::server::foreman {\n # Include foreman components for the puppetmaster\n # ENC script, reporting script etc.\n class { 'puppetserver_foreman':\n foreman_url => $puppet::server::foreman_url,\n enc_upload_facts => $puppet::server::server_foreman_facts,\n enc_timeout => $puppet::server::request_timeout,\n puppet_home => $puppet::server::puppetserver_vardir,\n puppet_basedir => $puppet::server::puppet_basedir,\n puppet_etcdir => $puppet::dir,\n ssl_ca => pick($puppet::server::foreman_ssl_ca, $puppet::server::ssl_ca_cert),\n ssl_cert => pick($puppet::server::foreman_ssl_cert, $puppet::server::ssl_cert),\n ssl_key => pick($puppet::server::foreman_ssl_key, $puppet::server::ssl_cert_key),\n }\n contain puppetserver_foreman\n }\n}"}, {"name": "puppet::server::enc", "file": "manifests/server/enc.pp", "line": 3, "docstring": {"text": "Set up the ENC config", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "enc_path"}]}, "defaults": {"enc_path": "$puppet::server::external_nodes"}, "source": "class puppet::server::enc(\n $enc_path = $puppet::server::external_nodes\n) {\n puppet::config::master {\n 'external_nodes': value => $enc_path;\n 'node_terminus': value => 'exec';\n }\n}"}, {"name": "puppet::server::install", "file": "manifests/server/install.pp", "line": 3, "docstring": {"text": "Install the puppet server", "tags": [{"tag_name": "api", "text": "private"}]}, "source": "class puppet::server::install {\n\n # Mirror the relationship, as defined() is parse-order dependent\n # Ensures 'puppet' user group is present before managing users\n if defined(Class['foreman_proxy::config']) {\n Class['puppet::server::install'] -> Class['foreman_proxy::config']\n }\n if defined(Class['foreman::config']) {\n Class['puppet::server::install'] -> Class['foreman::config']\n }\n\n if $puppet::server::manage_user {\n $shell = $puppet::server::git_repo ? {\n true => $facts['os']['family'] ? {\n /^(FreeBSD|DragonFly)$/ => '/usr/local/bin/git-shell',\n default => '/usr/bin/git-shell'\n },\n default => undef,\n }\n\n user { $puppet::server::user:\n shell => $shell,\n }\n }\n\n if $puppet::manage_packages == true or $puppet::manage_packages == 'server' {\n $server_package = pick($puppet::server::package, 'puppetserver')\n $server_version = pick($puppet::server::version, $puppet::version)\n\n package { $server_package:\n ensure => $server_version,\n install_options => $puppet::package_install_options,\n }\n\n if $puppet::server::manage_user {\n Package[$server_package] -> User[$puppet::server::user]\n }\n }\n}"}, {"name": "puppet::server::puppetdb", "file": "manifests/server/puppetdb.pp", "line": 26, "docstring": {"text": "This class relies on the puppetlabs/puppetdb and essentially wraps\npuppetdb::master::config with the proper resource chaining.\n\nNote that this doesn't manage the server itself.", "tags": [{"tag_name": "example", "text": "class { 'puppet':\n server => true,\n server_reports => 'puppetdb,foreman',\n server_storeconfigs => true,\n}\nclass { 'puppet::server::puppetdb':\n server => 'mypuppetdb.example.com',\n}", "name": ""}, {"tag_name": "param", "text": "The PuppetDB server", "types": ["Stdlib::Host"], "name": "server"}, {"tag_name": "param", "text": "The PuppetDB port", "types": ["Stdlib::Port"], "name": "port"}, {"tag_name": "param", "text": "Whether to enable soft write failure", "types": ["Boolean"], "name": "soft_write_failure"}, {"tag_name": "summary", "text": "PuppetDB integration"}]}, "defaults": {"server": "undef", "port": "8081", "soft_write_failure": "false"}, "source": "class puppet::server::puppetdb (\n Stdlib::Host $server = undef,\n Stdlib::Port $port = 8081,\n Boolean $soft_write_failure = false,\n) {\n class { 'puppetdb::master::config':\n puppetdb_server => $server,\n puppetdb_port => $port,\n puppetdb_soft_write_failure => $soft_write_failure,\n manage_storeconfigs => false,\n restart_puppet => false,\n }\n Class['puppetdb::master::puppetdb_conf'] ~> Class['puppet::server::service']\n}"}, {"name": "puppet::server::puppetserver", "file": "manifests/server/puppetserver.pp", "line": 75, "docstring": {"text": "Configures the puppetserver jvm configuration file using augeas.", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "example", "text": "\n# configure memory for java < 8\nclass {'::puppet::server::puppetserver':\n jvm_min_heap_size => '1G',\n jvm_max_heap_size => '3G',\n jvm_extra_args => '-XX:MaxPermSize=256m',\n}", "name": ""}, {"tag_name": "param", "text": "Path to the java executable to use", "types": ["Any"], "name": "java_bin"}, {"tag_name": "param", "text": "Path to the jvm configuration file.\nThis file is usually either /etc/default/puppetserver or\n/etc/sysconfig/puppetserver depending on your *nix flavor.", "types": ["Any"], "name": "config"}, {"tag_name": "param", "text": "Translates into the -Xms option and is added to the JAVA_ARGS", "types": ["Any"], "name": "jvm_min_heap_size"}, {"tag_name": "param", "text": "Translates into the -Xmx option and is added to the JAVA_ARGS", "types": ["Any"], "name": "jvm_max_heap_size"}, {"tag_name": "param", "text": "Custom options to pass through to the java binary. These get added to\nthe end of the JAVA_ARGS variable", "types": ["Any"], "name": "jvm_extra_args"}, {"tag_name": "param", "text": "Custom options to pass through to the java binary when using a\npuppetserver subcommand, (eg puppetserver gem). These get used\nin the JAVA_ARGS_CLI variable.", "types": ["Any"], "name": "jvm_cli_args"}, {"tag_name": "param", "text": "Puppetserver config directory", "types": ["Any"], "name": "server_puppetserver_dir"}, {"tag_name": "param", "text": "Puppetserver var directory", "types": ["Any"], "name": "server_puppetserver_vardir"}, {"tag_name": "param", "text": "Puppetserver jruby gemhome", "types": ["Any"], "name": "server_jruby_gem_home"}, {"tag_name": "param", "text": "Puppetserver hash of environment vars", "types": ["Any"], "name": "server_environment_vars"}, {"tag_name": "param", "text": "Puppetserver array of acceptable ciphers", "types": ["Any"], "name": "server_cipher_suites"}, {"tag_name": "param", "text": "Puppetserver array of acceptable ssl protocols", "types": ["Any"], "name": "server_ssl_protocols"}, {"tag_name": "param", "text": "Puppetserver number of max jruby instances", "types": ["Any"], "name": "server_max_active_instances"}, {"tag_name": "param", "text": "Puppetserver number of max requests per jruby instance", "types": ["Any"], "name": "server_max_requests_per_instance"}, {"tag_name": "param", "text": "The maximum number of requests that may be queued waiting\nto borrow a JRuby from the pool.", "types": ["Any"], "name": "server_max_queued_requests"}, {"tag_name": "param", "text": "Sets the upper limit for the random sleep set as a Retry-After\nheader on 503 responses returned when max-queued-requests is enabled.", "types": ["Any"], "name": "server_max_retry_delay"}, {"tag_name": "param", "text": "Configures the puppetserver to use multithreaded jruby.", "types": ["Any"], "name": "server_multithreaded"}, {"tag_name": "param", "text": "Disables FIPS support within the JVM", "types": ["Any"], "name": "disable_fips"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "server_puppetserver_rundir"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "server_puppetserver_logdir"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "server_ruby_load_paths"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "server_ssl_ca_crl"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "server_ssl_ca_cert"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "server_ssl_cert"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "server_ssl_cert_key"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "server_ssl_chain"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "server_crl_enable"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "server_ip"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "server_port"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "server_http"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "server_http_port"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "server_ca"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "server_dir"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "codedir"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "server_idle_timeout"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "server_web_idle_timeout"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "server_connect_timeout"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "server_ca_auth_required"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "server_ca_client_self_delete"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "server_ca_client_whitelist"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "server_admin_api_whitelist"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "server_puppetserver_version"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "server_use_legacy_auth_conf"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "server_check_for_updates"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "server_environment_class_cache_enabled"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "server_metrics"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "server_profiler"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "server_telemetry"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "metrics_jmx_enable"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "metrics_graphite_enable"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "metrics_graphite_host"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "metrics_graphite_port"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "metrics_server_id"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "metrics_graphite_interval"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "metrics_allowed"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "server_experimental"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "server_auth_template"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "server_trusted_agents"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "server_trusted_certificate_extensions"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "allow_header_cert_info"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "compile_mode"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "acceptor_threads"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "selector_threads"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ssl_acceptor_threads"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ssl_selector_threads"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "max_threads"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ca_allow_sans"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ca_allow_auth_extensions"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ca_enable_infra_crl"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "max_open_files"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "versioned_code_id"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "versioned_code_content"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "jolokia_metrics_whitelist"}]}, "defaults": {"config": "$puppet::server::jvm_config", "java_bin": "$puppet::server::jvm_java_bin", "jvm_extra_args": "$puppet::server::real_jvm_extra_args", "jvm_cli_args": "$puppet::server::jvm_cli_args", "jvm_min_heap_size": "$puppet::server::jvm_min_heap_size", "jvm_max_heap_size": "$puppet::server::jvm_max_heap_size", "server_puppetserver_dir": "$puppet::server::puppetserver_dir", "server_puppetserver_vardir": "$puppet::server::puppetserver_vardir", "server_puppetserver_rundir": "$puppet::server::puppetserver_rundir", "server_puppetserver_logdir": "$puppet::server::puppetserver_logdir", "server_jruby_gem_home": "$puppet::server::jruby_gem_home", "server_environment_vars": "$puppet::server::server_environment_vars", "server_ruby_load_paths": "$puppet::server::ruby_load_paths", "server_cipher_suites": "$puppet::server::cipher_suites", "server_max_active_instances": "$puppet::server::max_active_instances", "server_max_requests_per_instance": "$puppet::server::max_requests_per_instance", "server_max_queued_requests": "$puppet::server::max_queued_requests", "server_max_retry_delay": "$puppet::server::max_retry_delay", "server_multithreaded": "$puppet::server::multithreaded", "server_ssl_protocols": "$puppet::server::ssl_protocols", "server_ssl_ca_crl": "$puppet::server::ssl_ca_crl", "server_ssl_ca_cert": "$puppet::server::ssl_ca_cert", "server_ssl_cert": "$puppet::server::ssl_cert", "server_ssl_cert_key": "$puppet::server::ssl_cert_key", "server_ssl_chain": "$puppet::server::ssl_chain", "server_crl_enable": "$puppet::server::crl_enable_real", "server_ip": "$puppet::server::ip", "server_port": "$puppet::server::port", "server_http": "$puppet::server::http", "server_http_port": "$puppet::server::http_port", "server_ca": "$puppet::server::ca", "server_dir": "$puppet::server::dir", "codedir": "$puppet::server::codedir", "server_idle_timeout": "$puppet::server::idle_timeout", "server_web_idle_timeout": "$puppet::server::web_idle_timeout", "server_connect_timeout": "$puppet::server::connect_timeout", "server_ca_auth_required": "$puppet::server::ca_auth_required", "server_ca_client_self_delete": "$puppet::server::ca_client_self_delete", "server_ca_client_whitelist": "$puppet::server::ca_client_whitelist", "server_admin_api_whitelist": "$puppet::server::admin_api_whitelist", "server_puppetserver_version": "$puppet::server::real_puppetserver_version", "server_use_legacy_auth_conf": "$puppet::server::use_legacy_auth_conf", "server_check_for_updates": "$puppet::server::check_for_updates", "server_environment_class_cache_enabled": "$puppet::server::environment_class_cache_enabled", "server_metrics": "$puppet::server::puppetserver_metrics", "server_profiler": "$puppet::server::puppetserver_profiler", "server_telemetry": "$puppet::server::puppetserver_telemetry", "metrics_jmx_enable": "$puppet::server::metrics_jmx_enable", "metrics_graphite_enable": "$puppet::server::metrics_graphite_enable", "metrics_graphite_host": "$puppet::server::metrics_graphite_host", "metrics_graphite_port": "$puppet::server::metrics_graphite_port", "metrics_server_id": "$puppet::server::metrics_server_id", "metrics_graphite_interval": "$puppet::server::metrics_graphite_interval", "metrics_allowed": "$puppet::server::metrics_allowed", "server_experimental": "$puppet::server::puppetserver_experimental", "server_auth_template": "$puppet::server::puppetserver_auth_template", "server_trusted_agents": "$puppet::server::puppetserver_trusted_agents", "server_trusted_certificate_extensions": "$puppet::server::puppetserver_trusted_certificate_extensions", "allow_header_cert_info": "$puppet::server::allow_header_cert_info", "compile_mode": "$puppet::server::compile_mode", "acceptor_threads": "$puppet::server::acceptor_threads", "selector_threads": "$puppet::server::selector_threads", "ssl_acceptor_threads": "$puppet::server::ssl_acceptor_threads", "ssl_selector_threads": "$puppet::server::ssl_selector_threads", "max_threads": "$puppet::server::max_threads", "ca_allow_sans": "$puppet::server::ca_allow_sans", "ca_allow_auth_extensions": "$puppet::server::ca_allow_auth_extensions", "ca_enable_infra_crl": "$puppet::server::ca_enable_infra_crl", "max_open_files": "$puppet::server::max_open_files", "versioned_code_id": "$puppet::server::versioned_code_id", "versioned_code_content": "$puppet::server::versioned_code_content", "disable_fips": "$facts['os']['family'] == 'RedHat' and $facts['os']['release']['major'] == '8'", "jolokia_metrics_whitelist": "$puppet::server::jolokia_metrics_whitelist"}, "source": "class puppet::server::puppetserver (\n $config = $puppet::server::jvm_config,\n $java_bin = $puppet::server::jvm_java_bin,\n $jvm_extra_args = $puppet::server::real_jvm_extra_args,\n $jvm_cli_args = $puppet::server::jvm_cli_args,\n $jvm_min_heap_size = $puppet::server::jvm_min_heap_size,\n $jvm_max_heap_size = $puppet::server::jvm_max_heap_size,\n $server_puppetserver_dir = $puppet::server::puppetserver_dir,\n $server_puppetserver_vardir = $puppet::server::puppetserver_vardir,\n $server_puppetserver_rundir = $puppet::server::puppetserver_rundir,\n $server_puppetserver_logdir = $puppet::server::puppetserver_logdir,\n $server_jruby_gem_home = $puppet::server::jruby_gem_home,\n $server_environment_vars = $puppet::server::server_environment_vars,\n $server_ruby_load_paths = $puppet::server::ruby_load_paths,\n $server_cipher_suites = $puppet::server::cipher_suites,\n $server_max_active_instances = $puppet::server::max_active_instances,\n $server_max_requests_per_instance = $puppet::server::max_requests_per_instance,\n $server_max_queued_requests = $puppet::server::max_queued_requests,\n $server_max_retry_delay = $puppet::server::max_retry_delay,\n $server_multithreaded = $puppet::server::multithreaded,\n $server_ssl_protocols = $puppet::server::ssl_protocols,\n $server_ssl_ca_crl = $puppet::server::ssl_ca_crl,\n $server_ssl_ca_cert = $puppet::server::ssl_ca_cert,\n $server_ssl_cert = $puppet::server::ssl_cert,\n $server_ssl_cert_key = $puppet::server::ssl_cert_key,\n $server_ssl_chain = $puppet::server::ssl_chain,\n $server_crl_enable = $puppet::server::crl_enable_real,\n $server_ip = $puppet::server::ip,\n $server_port = $puppet::server::port,\n $server_http = $puppet::server::http,\n $server_http_port = $puppet::server::http_port,\n $server_ca = $puppet::server::ca,\n $server_dir = $puppet::server::dir,\n $codedir = $puppet::server::codedir,\n $server_idle_timeout = $puppet::server::idle_timeout,\n $server_web_idle_timeout = $puppet::server::web_idle_timeout,\n $server_connect_timeout = $puppet::server::connect_timeout,\n $server_ca_auth_required = $puppet::server::ca_auth_required,\n $server_ca_client_self_delete = $puppet::server::ca_client_self_delete,\n $server_ca_client_whitelist = $puppet::server::ca_client_whitelist,\n $server_admin_api_whitelist = $puppet::server::admin_api_whitelist,\n $server_puppetserver_version = $puppet::server::real_puppetserver_version,\n $server_use_legacy_auth_conf = $puppet::server::use_legacy_auth_conf,\n $server_check_for_updates = $puppet::server::check_for_updates,\n $server_environment_class_cache_enabled = $puppet::server::environment_class_cache_enabled,\n $server_metrics = $puppet::server::puppetserver_metrics,\n $server_profiler = $puppet::server::puppetserver_profiler,\n $server_telemetry = $puppet::server::puppetserver_telemetry,\n $metrics_jmx_enable = $puppet::server::metrics_jmx_enable,\n $metrics_graphite_enable = $puppet::server::metrics_graphite_enable,\n $metrics_graphite_host = $puppet::server::metrics_graphite_host,\n $metrics_graphite_port = $puppet::server::metrics_graphite_port,\n $metrics_server_id = $puppet::server::metrics_server_id,\n $metrics_graphite_interval = $puppet::server::metrics_graphite_interval,\n $metrics_allowed = $puppet::server::metrics_allowed,\n $server_experimental = $puppet::server::puppetserver_experimental,\n $server_auth_template = $puppet::server::puppetserver_auth_template,\n $server_trusted_agents = $puppet::server::puppetserver_trusted_agents,\n $server_trusted_certificate_extensions = $puppet::server::puppetserver_trusted_certificate_extensions,\n $allow_header_cert_info = $puppet::server::allow_header_cert_info,\n $compile_mode = $puppet::server::compile_mode,\n $acceptor_threads = $puppet::server::acceptor_threads,\n $selector_threads = $puppet::server::selector_threads,\n $ssl_acceptor_threads = $puppet::server::ssl_acceptor_threads,\n $ssl_selector_threads = $puppet::server::ssl_selector_threads,\n $max_threads = $puppet::server::max_threads,\n $ca_allow_sans = $puppet::server::ca_allow_sans,\n $ca_allow_auth_extensions = $puppet::server::ca_allow_auth_extensions,\n $ca_enable_infra_crl = $puppet::server::ca_enable_infra_crl,\n $max_open_files = $puppet::server::max_open_files,\n $versioned_code_id = $puppet::server::versioned_code_id,\n $versioned_code_content = $puppet::server::versioned_code_content,\n $disable_fips = $facts['os']['family'] == 'RedHat' and $facts['os']['release']['major'] == '8',\n $jolokia_metrics_whitelist = $puppet::server::jolokia_metrics_whitelist,\n) {\n include puppet::server\n\n if versioncmp($server_puppetserver_version, '6.15.0') < 0 {\n fail('puppetserver <6.15.0 is not supported by this module version')\n }\n\n $puppetserver_package = pick($puppet::server::package, 'puppetserver')\n\n $jvm_heap_arr = [\"-Xms${jvm_min_heap_size}\", \"-Xmx${jvm_max_heap_size}\"]\n if $disable_fips {\n $jvm_cmd_arr = $jvm_heap_arr + ['-Dcom.redhat.fips=false', $jvm_extra_args]\n } else {\n $jvm_cmd_arr = $jvm_heap_arr + [$jvm_extra_args]\n }\n $jvm_cmd = strip(join(flatten($jvm_cmd_arr), ' '))\n\n if $facts['os']['family'] == 'FreeBSD' {\n $server_gem_paths = [ '${jruby-puppet.gem-home}', \"\\\"${server_puppetserver_vardir}/vendored-jruby-gems\\\"\", ] # lint:ignore:single_quote_string_with_variables\n augeas { 'puppet::server::puppetserver::jvm':\n context => '/files/etc/rc.conf',\n changes => [ \"set puppetserver_java_opts '\\\"${jvm_cmd}\\\"'\" ],\n }\n } else {\n if $jvm_cli_args {\n $changes = [\n \"set JAVA_ARGS '\\\"${jvm_cmd}\\\"'\",\n \"set JAVA_BIN ${java_bin}\",\n \"set JAVA_ARGS_CLI '\\\"${jvm_cli_args}\\\"'\",\n ]\n } else {\n $changes = [\n \"set JAVA_ARGS '\\\"${jvm_cmd}\\\"'\",\n \"set JAVA_BIN ${java_bin}\",\n ]\n }\n augeas { 'puppet::server::puppetserver::jvm':\n lens => 'Shellvars.lns',\n incl => $config,\n context => \"/files${config}\",\n changes => $changes,\n }\n\n $bootstrap_paths = \"${server_puppetserver_dir}/services.d/,/opt/puppetlabs/server/apps/puppetserver/config/services.d/\"\n\n $server_gem_paths = [ '${jruby-puppet.gem-home}', \"\\\"${server_puppetserver_vardir}/vendored-jruby-gems\\\"\", \"\\\"/opt/puppetlabs/puppet/lib/ruby/vendor_gems\\\"\"] # lint:ignore:single_quote_string_with_variables\n\n augeas { 'puppet::server::puppetserver::bootstrap':\n lens => 'Shellvars.lns',\n incl => $config,\n context => \"/files${config}\",\n changes => \"set BOOTSTRAP_CONFIG '\\\"${bootstrap_paths}\\\"'\",\n }\n\n augeas { 'puppet::server::puppetserver::jruby_jar':\n lens => 'Shellvars.lns',\n incl => $config,\n context => \"/files${config}\",\n changes => 'rm JRUBY_JAR',\n }\n\n $ensure_max_open_files = $max_open_files ? {\n undef => 'absent',\n default => 'present',\n }\n if $facts['service_provider'] == 'systemd' {\n systemd::dropin_file { 'puppetserver.service-limits.conf':\n ensure => $ensure_max_open_files,\n filename => 'limits.conf',\n unit => 'puppetserver.service',\n content => \"[Service]\\nLimitNOFILE=${max_open_files}\\n\",\n }\n } else {\n file_line { 'puppet::server::puppetserver::max_open_files':\n ensure => $ensure_max_open_files,\n path => $config,\n line => \"ulimit -n ${max_open_files}\",\n match => '^ulimit\\ -n',\n }\n }\n }\n\n $servicesd = \"${server_puppetserver_dir}/services.d\"\n file { $servicesd:\n ensure => directory,\n }\n file { \"${servicesd}/ca.cfg\":\n ensure => file,\n content => template('puppet/server/puppetserver/services.d/ca.cfg.erb'),\n }\n\n unless $facts['os']['family'] == 'FreeBSD' {\n file { '/opt/puppetlabs/server/apps/puppetserver/config':\n ensure => directory,\n }\n file { '/opt/puppetlabs/server/apps/puppetserver/config/services.d':\n ensure => directory,\n }\n }\n\n file { \"${server_puppetserver_dir}/conf.d/ca.conf\":\n ensure => file,\n content => template('puppet/server/puppetserver/conf.d/ca.conf.erb'),\n }\n\n file { \"${server_puppetserver_dir}/conf.d/puppetserver.conf\":\n ensure => file,\n content => template('puppet/server/puppetserver/conf.d/puppetserver.conf.erb'),\n }\n\n $auth_template = pick($server_auth_template, 'puppet/server/puppetserver/conf.d/auth.conf.erb')\n file { \"${server_puppetserver_dir}/conf.d/auth.conf\":\n ensure => file,\n content => template($auth_template),\n }\n\n file { \"${server_puppetserver_dir}/conf.d/webserver.conf\":\n ensure => file,\n content => template('puppet/server/puppetserver/conf.d/webserver.conf.erb'),\n }\n\n file { \"${server_puppetserver_dir}/conf.d/product.conf\":\n ensure => file,\n content => template('puppet/server/puppetserver/conf.d/product.conf.erb'),\n }\n\n file { \"${server_puppetserver_dir}/conf.d/metrics.conf\":\n ensure => 'file',\n content => template('puppet/server/puppetserver/conf.d/metrics.conf.erb'),\n }\n}"}, {"name": "puppet::server::service", "file": "manifests/server/service.pp", "line": 7, "docstring": {"text": "Set up the puppet server as a service", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "param", "text": "Whether to enable the service or not", "name": "$enable"}, {"tag_name": "param", "text": "The service name to manage", "name": "$service_name"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "enable"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "service_name"}]}, "defaults": {"enable": "true", "service_name": "'puppetserver'"}, "source": "class puppet::server::service(\n Boolean $enable = true,\n String $service_name = 'puppetserver',\n) {\n service { $service_name:\n ensure => $enable,\n enable => $enable,\n }\n}"}, {"name": "dns", "file": "manifests/init.pp", "line": 137, "inherits": "dns::params", "docstring": {"text": "Manage an ISC BIND nameserver", "tags": [{"tag_name": "param", "text": "Path of the named config", "types": ["Stdlib::Absolutepath"], "name": "namedconf_path"}, {"tag_name": "param", "text": "Directory holding the named configs", "types": ["Stdlib::Absolutepath"], "name": "dnsdir"}, {"tag_name": "param", "text": "Name of the package to install", "types": ["String"], "name": "dns_server_package"}, {"tag_name": "param", "text": "Path of the RNDC key", "types": ["Stdlib::Absolutepath"], "name": "rndckeypath"}, {"tag_name": "param", "text": "Path of the named options", "types": ["Stdlib::Absolutepath"], "name": "optionspath"}, {"tag_name": "param", "text": "Path of the config file holding all the zones", "types": ["Stdlib::Absolutepath"], "name": "publicviewpath"}, {"tag_name": "param", "text": "Directory holding the variable or working files", "types": ["Stdlib::Absolutepath"], "name": "vardir"}, {"tag_name": "param", "text": "Directory holding the log files for named", "types": ["Stdlib::Absolutepath"], "name": "logdir"}, {"tag_name": "param", "text": "Should this module manage the Unix system group under which BIND runs (see\ndns::params)? Defaults to true. Set to false if you want to manage the\nsystem group yourself.", "types": ["Boolean"], "name": "group_manage"}, {"tag_name": "param", "text": "Should this module manage the dns service?\nThis only applies to the service management (running, stopped) and not to\nwhether the service should be installed or not.\nIMPORTANT: this will not reload the service after a config change, you'll\nhave to do that manually or via a separate call to notify", "types": ["Boolean"], "name": "manage_service"}, {"tag_name": "param", "text": "Name of the service", "types": ["String"], "name": "namedservicename"}, {"tag_name": "param", "text": "Directory containing zone files", "types": ["Stdlib::Absolutepath"], "name": "zonefilepath"}, {"tag_name": "param", "text": "File holding local zones like RFC1912 or RFC1918 files. The special value\n'unmanaged' can be used if one plans to create custom RFC1912/RFC1918 zones\nvia dns, where the inclusion of package-shipped zone files is not desired.", "types": ["Variant[Enum['unmanaged'], Stdlib::Absolutepath]"], "name": "localzonepath"}, {"tag_name": "param", "text": "File holding some RFC1912 zone includes on systems like Debian.\nThe special value 'unmanaged' can be used if one plans to create custom\nzones via dns, where the inclusion of package-shipped zone files is not\ndesired.", "types": ["Variant[Enum['unmanaged'], Stdlib::Absolutepath]"], "name": "defaultzonepath"}, {"tag_name": "param", "text": "The forward option", "types": ["Optional[Enum['only', 'first']]"], "name": "forward"}, {"tag_name": "param", "text": "The forwarders option", "types": ["Array[String]"], "name": "forwarders"}, {"tag_name": "param", "text": "The listen-on-v6 option", "types": ["Optional[Variant[String, Boolean]]"], "name": "listen_on_v6"}, {"tag_name": "param", "text": "The recursion option", "types": ["Enum['yes', 'no']"], "name": "recursion"}, {"tag_name": "param", "text": "The allow-recursion option", "types": ["Array[String]"], "name": "allow_recursion"}, {"tag_name": "param", "text": "The allow-query option", "types": ["Array[String]"], "name": "allow_query"}, {"tag_name": "param", "text": "The empty-zones-enable option", "types": ["Enum['yes', 'no']"], "name": "empty_zones_enable"}, {"tag_name": "param", "text": "The notify option in named.conf", "types": ["Optional[Enum['yes', 'no', 'explicit']]"], "name": "dns_notify"}, {"tag_name": "param", "text": "The dnssec-enable option", "types": ["Enum['yes', 'no']"], "name": "dnssec_enable"}, {"tag_name": "param", "text": "The dnssec-validation option", "types": ["Enum['yes', 'no', 'auto']"], "name": "dnssec_validation"}, {"tag_name": "param", "text": "The template to be used for named.conf", "types": ["String"], "name": "namedconf_template"}, {"tag_name": "param", "text": "Specify a hash of ACLs. Each key is the name of a network, and its value is\nan array of subnet strings.", "types": ["Hash[String, Array[String]]"], "name": "acls"}, {"tag_name": "param", "text": "The template to be used for options.conf", "types": ["String"], "name": "optionsconf_template"}, {"tag_name": "param", "text": "Path to the sysconfig or default file used to set startup options for\nnamed. Under Debian this is /etc/default/bind9, under RedHat this is\n/etc/sysconfig/named. FreeBSD/DragonFly and ArchLinux do not feature such\nfiles, thus the sysconfig parameters are not relevant for these operating\nsystems.", "types": ["Optional[Stdlib::Absolutepath]"], "name": "sysconfig_file"}, {"tag_name": "param", "text": "The template used to model /etc/default/bind9 or /etc/sysconfig/named.\nDefault is \"dns/sysconfig.${facts[osfamily]}.erb\" for Debian and RedHat,\nand undef for others.", "types": ["Optional[String]"], "name": "sysconfig_template"}, {"tag_name": "param", "text": "Startup options for the `named` process, rendered as the `OPTIONS` string\nin the sysconfig file (see above). Use this to set commandline flags and\noptions for `named`. For example, to use IPv4 only and disable IPv6 support\nin named on Debian set this parameter to `-u bind -4`. The default value\ndepends on the underlying OS.", "types": ["Optional[String]"], "name": "sysconfig_startup_options"}, {"tag_name": "param", "text": "Should named integrate with resolvconf upon startup? Default is false, and\nthis only pertains to the Debian OS family.", "types": ["Optional[Boolean]"], "name": "sysconfig_resolvconf_integration"}, {"tag_name": "param", "text": "Should zone checking be disabled upon named startup? Default is undef, and\nthis only pertains to the RedHat OS family.", "types": ["Optional[Boolean]"], "name": "sysconfig_disable_zone_checking"}, {"tag_name": "param", "text": "Additional settings to add to the sysconfig file. This is a simple hash of\nkey-value strings that will be rendered as `KEY=\"value\"` in the sysconfig\nfile. Use this to add custom (environment) variables relevant for named.\nDefault is empty.", "types": ["Optional[Hash[String[1], String]]"], "name": "sysconfig_additional_settings"}, {"tag_name": "param", "text": "Specify a hash of controls. Each key is the name of a network, and its\nvalue is a hash containing 'port' => integer, 'keys' => array and\n'allowed_addresses' => array", "types": ["Hash[String, Hash[String, Data]]"], "name": "controls"}, {"tag_name": "param", "text": "The ensure attribute on the service", "types": ["Variant[Enum['running', 'stopped'], Boolean]"], "name": "service_ensure"}, {"tag_name": "param", "text": "Whether to enable the service (start at boot)", "types": ["Boolean"], "name": "service_enable"}, {"tag_name": "param", "text": "Custom command to use when the service will be restarted (notified by\nconfiguration changes). Will be passed directly to the restart parameter of\nthe contained service resource. This is useful when you want BIND to reload\nits configuration instead of restarting the whole process, for example by\nsetting `service_restart_command` to `/usr/sbin/service bind9 reload` or\n`/usr/sbin/rndc reload` or even `/usr/bin/systemctl try-reload-or-restart bind9`.\nDefault is 'undef' so the service resource default is used.", "types": ["Optional[String[1]]"], "name": "service_restart_command"}, {"tag_name": "param", "text": "Should this module run configuration checks before putting new configurations in\nplace? Defaults to true. Set to false if you don't want configuration checks when\nconfig files are changed.", "types": ["Boolean"], "name": "config_check"}, {"tag_name": "param", "text": "Additional options", "types": ["Hash[String, Data]"], "name": "additional_options"}, {"tag_name": "param", "text": "Additional directives. These are free form strings that allow for full\ncustomization. Use with caution.", "types": ["Array[String]"], "name": "additional_directives"}, {"tag_name": "param", "text": "Flag to indicate bind views support. Will remove global zone configuration\nlike localzonepath inclusion.", "types": ["Boolean"], "name": "enable_views"}, {"tag_name": "param", "text": "A hash of zones to be created. See dns::zone for options.", "types": ["Hash[String, Hash]"], "name": "zones"}, {"tag_name": "param", "text": "A hash of keys to be created. See dns::key for options.", "types": ["Hash[String, Hash]"], "name": "keys"}, {"tag_name": "param", "text": "A hash of logging categories to be created. See dns::logging::category for options.", "types": ["Hash[String, Hash]"], "name": "logging_categories"}, {"tag_name": "param", "text": "A hash of logging channels to be created. See dns::logging::channel for options.", "types": ["Hash[String, Hash]"], "name": "logging_channels"}, {"tag_name": "see", "name": "dns::zone"}, {"tag_name": "see", "name": "dns::key"}, {"tag_name": "see", "name": "dns::logging::category"}, {"tag_name": "see", "name": "dns::logging::channel"}]}, "defaults": {"namedconf_path": "$dns::params::namedconf_path", "dnsdir": "$dns::params::dnsdir", "dns_server_package": "$dns::params::dns_server_package", "rndckeypath": "$dns::params::rndckeypath", "optionspath": "$dns::params::optionspath", "publicviewpath": "$dns::params::publicviewpath", "vardir": "$dns::params::vardir", "logdir": "'/var/log/named'", "group_manage": "true", "manage_service": "true", "namedservicename": "$dns::params::namedservicename", "zonefilepath": "$dns::params::zonefilepath", "localzonepath": "$dns::params::localzonepath", "defaultzonepath": "$dns::params::defaultzonepath", "forward": "undef", "forwarders": "[]", "listen_on_v6": "'any'", "recursion": "'yes'", "allow_recursion": "['localnets', 'localhost']", "allow_query": "['any']", "empty_zones_enable": "'yes'", "dns_notify": "undef", "dnssec_enable": "'yes'", "dnssec_validation": "'yes'", "namedconf_template": "'dns/named.conf.erb'", "acls": "{}", "optionsconf_template": "'dns/options.conf.erb'", "sysconfig_file": "$dns::params::sysconfig_file", "sysconfig_template": "$dns::params::sysconfig_template", "sysconfig_startup_options": "$dns::params::sysconfig_startup_options", "sysconfig_resolvconf_integration": "$dns::params::sysconfig_resolvconf_integration", "sysconfig_disable_zone_checking": "$dns::params::sysconfig_disable_zone_checking", "sysconfig_additional_settings": "{}", "controls": "$dns::params::controls", "service_ensure": "'running'", "service_enable": "true", "service_restart_command": "undef", "config_check": "true", "additional_options": "{}", "additional_directives": "[]", "enable_views": "false", "zones": "{}", "keys": "{}", "logging_categories": "{}", "logging_channels": "{}"}, "source": "class dns (\n Stdlib::Absolutepath $namedconf_path = $dns::params::namedconf_path,\n Stdlib::Absolutepath $dnsdir = $dns::params::dnsdir,\n String $dns_server_package = $dns::params::dns_server_package,\n Stdlib::Absolutepath $rndckeypath = $dns::params::rndckeypath,\n Stdlib::Absolutepath $optionspath = $dns::params::optionspath,\n Stdlib::Absolutepath $publicviewpath = $dns::params::publicviewpath,\n Stdlib::Absolutepath $vardir = $dns::params::vardir,\n Stdlib::Absolutepath $logdir = '/var/log/named',\n Boolean $group_manage = true,\n Boolean $manage_service = true,\n String $namedservicename = $dns::params::namedservicename,\n Stdlib::Absolutepath $zonefilepath = $dns::params::zonefilepath,\n Variant[Enum['unmanaged'], Stdlib::Absolutepath] $localzonepath = $dns::params::localzonepath,\n Variant[Enum['unmanaged'], Stdlib::Absolutepath] $defaultzonepath = $dns::params::defaultzonepath,\n Optional[Enum['only', 'first']] $forward = undef,\n Array[String] $forwarders = [],\n Optional[Variant[String, Boolean]] $listen_on_v6 = 'any',\n Enum['yes', 'no'] $recursion = 'yes',\n Array[String] $allow_recursion = ['localnets', 'localhost'],\n Array[String] $allow_query = ['any'],\n Enum['yes', 'no'] $empty_zones_enable = 'yes',\n Optional[Enum['yes', 'no', 'explicit']] $dns_notify = undef,\n Enum['yes', 'no'] $dnssec_enable = 'yes',\n Enum['yes', 'no', 'auto'] $dnssec_validation = 'yes',\n String $namedconf_template = 'dns/named.conf.erb',\n Hash[String, Array[String]] $acls = {},\n String $optionsconf_template = 'dns/options.conf.erb',\n Optional[Stdlib::Absolutepath] $sysconfig_file = $dns::params::sysconfig_file,\n Optional[String] $sysconfig_template = $dns::params::sysconfig_template,\n Optional[String] $sysconfig_startup_options = $dns::params::sysconfig_startup_options,\n Optional[Boolean] $sysconfig_resolvconf_integration = $dns::params::sysconfig_resolvconf_integration,\n Optional[Boolean] $sysconfig_disable_zone_checking = $dns::params::sysconfig_disable_zone_checking,\n Optional[Hash[String[1], String]] $sysconfig_additional_settings = {},\n Hash[String, Hash[String, Data]] $controls = $dns::params::controls,\n Variant[Enum['running', 'stopped'], Boolean] $service_ensure = 'running',\n Boolean $service_enable = true,\n Optional[String[1]] $service_restart_command = undef,\n Boolean $config_check = true,\n Hash[String, Data] $additional_options = {},\n Array[String] $additional_directives = [],\n Boolean $enable_views = false,\n Hash[String, Hash] $zones = {},\n Hash[String, Hash] $keys = {},\n Hash[String, Hash] $logging_categories = {},\n Hash[String, Hash] $logging_channels = {},\n) inherits dns::params {\n\n include dns::install\n include dns::config\n contain dns::service\n\n Class['dns::install'] ~> Class['dns::config'] ~> Class['dns::service']\n\n create_resources('dns::key', $keys)\n create_resources('dns::zone', $zones)\n create_resources('dns::logging::category', $logging_categories)\n create_resources('dns::logging::channel', $logging_channels)\n}"}, {"name": "dns::config", "file": "manifests/config.pp", "line": 3, "docstring": {"text": "Configure dns", "tags": [{"tag_name": "api", "text": "private"}]}, "source": "class dns::config {\n if $dns::config_check {\n $validate_cmd = \"${dns::named_checkconf} %\"\n } else {\n $validate_cmd = undef\n }\n\n concat { $dns::publicviewpath:\n owner => root,\n group => $dns::params::group,\n mode => '0640',\n validate_cmd => $validate_cmd,\n }\n\n if $dns::enable_views {\n file { $dns::viewconfigpath:\n ensure => directory,\n owner => root,\n group => $dns::params::group,\n mode => '0755',\n }\n }\n\n concat::fragment { 'dns_zones+01-header.dns':\n target => $dns::publicviewpath,\n content => ' ',\n order => '01',\n }\n\n concat { $dns::namedconf_path:\n owner => 'root',\n group => $dns::params::group,\n mode => '0640',\n require => Concat[$dns::optionspath],\n validate_cmd => $validate_cmd,\n }\n\n # This file cannot be checked by named-checkconf because its content is only\n # valid inside an \"options { };\" directive.\n concat { $dns::optionspath:\n owner => 'root',\n group => $dns::params::group,\n mode => '0640',\n }\n\n concat::fragment { 'named.conf+10-main.dns':\n target => $dns::namedconf_path,\n content => template($dns::namedconf_template),\n order => '10',\n }\n\n concat::fragment { 'options.conf+10-main.dns':\n target => $dns::optionspath,\n content => template($dns::optionsconf_template),\n order => '10',\n }\n\n file { $dns::zonefilepath:\n ensure => directory,\n owner => $dns::params::user,\n group => $dns::params::group,\n mode => '0640',\n }\n\n exec { 'create-rndc.key':\n command => \"${dns::rndcconfgen} -a -c ${dns::rndckeypath}\",\n creates => $dns::rndckeypath,\n }\n -> file { $dns::rndckeypath:\n owner => 'root',\n group => $dns::params::group,\n mode => '0640',\n }\n\n # Only Debian and RedHat OS provide a sysconfig or default file where we can\n # set startup options and other environment settings for named. In FreeBSD\n # such settings must be set in the global, common /etc/rc.conf file and under\n # ArchLinux we must use systemd override files to change the startup\n # commandline. These cases are outside of this module's scope.\n if $facts['os']['family'] in ['Debian', 'RedHat'] {\n file { $dns::sysconfig_file:\n owner => 'root',\n group => 'root',\n mode => '0644',\n content => template($dns::sysconfig_template),\n }\n }\n}"}, {"name": "dns::install", "file": "manifests/install.pp", "line": 3, "docstring": {"text": "Install dns service", "tags": [{"tag_name": "api", "text": "private"}]}, "source": "class dns::install {\n if ! empty($dns::dns_server_package) {\n ensure_packages([$dns::dns_server_package])\n $pkg_req = Package[$dns::dns_server_package]\n } else {\n $pkg_req = undef\n }\n\n if $dns::group_manage {\n group { $dns::group:\n require => $pkg_req,\n }\n }\n}"}, {"name": "dns::logging", "file": "manifests/logging.pp", "line": 3, "docstring": {"text": "Enable logging for named", "tags": [{"tag_name": "api", "text": "private"}]}, "source": "class dns::logging {\n file { $dns::logdir:\n ensure => directory,\n owner => $dns::params::user,\n group => $dns::params::group,\n mode => '0755',\n }\n\n concat::fragment { 'named.conf+50-logging-header.dns':\n target => $dns::namedconf_path,\n content => \"logging {\\n\",\n order => 50,\n }\n\n concat::fragment { 'named.conf+60-logging-footer.dns':\n target => $dns::namedconf_path,\n content => \"};\\n\",\n order => 60,\n }\n}"}, {"name": "dns::params", "file": "manifests/params.pp", "line": 3, "docstring": {"text": "Default parameters", "tags": [{"tag_name": "api", "text": "private"}]}, "source": "class dns::params {\n case $facts['os']['family'] {\n 'Debian': {\n $dnsdir = '/etc/bind'\n $vardir = '/var/cache/bind'\n $optionspath = \"${dnsdir}/named.conf.options\"\n $zonefilepath = \"${vardir}/zones\"\n $localzonepath = \"${dnsdir}/zones.rfc1918\"\n $defaultzonepath = \"${dnsdir}/named.conf.default-zones\"\n $publicviewpath = \"${dnsdir}/zones.conf\"\n $viewconfigpath = \"${dnsdir}/views\"\n $dns_server_package = 'bind9'\n $namedservicename = 'bind9'\n $user = 'bind'\n $group = 'bind'\n $rndcconfgen = '/usr/sbin/rndc-confgen'\n $named_checkconf = '/usr/sbin/named-checkconf'\n $sysconfig_file = '/etc/default/bind9'\n $sysconfig_template = \"dns/sysconfig.${facts['os']['family']}.erb\"\n $sysconfig_startup_options = '-u bind'\n $sysconfig_resolvconf_integration = false\n\n # This option is not relevant for Debian\n $sysconfig_disable_zone_checking = undef\n }\n 'RedHat': {\n $dnsdir = '/etc'\n $vardir = '/var/named'\n $optionspath = '/etc/named/options.conf'\n $zonefilepath = \"${vardir}/dynamic\"\n $localzonepath = \"${dnsdir}/named.rfc1912.zones\"\n $defaultzonepath = 'unmanaged'\n $publicviewpath = \"${dnsdir}/named/zones.conf\"\n $viewconfigpath = \"${dnsdir}/named/views\"\n $dns_server_package = 'bind'\n $namedservicename = 'named'\n $user = 'named'\n $group = 'named'\n $rndcconfgen = '/usr/sbin/rndc-confgen'\n $named_checkconf = '/usr/sbin/named-checkconf'\n $sysconfig_file = '/etc/sysconfig/named'\n $sysconfig_template = \"dns/sysconfig.${facts['os']['family']}.erb\"\n $sysconfig_startup_options = undef\n $sysconfig_disable_zone_checking = undef\n\n # This option is not relevant for RedHat\n $sysconfig_resolvconf_integration = undef\n }\n /^(FreeBSD|DragonFly)$/: {\n $dnsdir = '/usr/local/etc/namedb'\n $vardir = '/usr/local/etc/namedb/working'\n $optionspath = '/usr/local/etc/namedb/options.conf'\n $zonefilepath = \"${dnsdir}/dynamic\"\n $localzonepath = 'unmanaged' # \"${dnsdir}/master/empty.db\"\n $defaultzonepath = 'unmanaged'\n $publicviewpath = \"${dnsdir}/zones.conf\"\n $viewconfigpath = \"${dnsdir}/named/views\"\n $dns_server_package = 'bind916'\n $namedservicename = 'named'\n $user = 'bind'\n $group = 'bind'\n $rndcconfgen = '/usr/local/sbin/rndc-confgen'\n $named_checkconf = '/usr/local/sbin/named-checkconf'\n # The sysconfig settings are not relevant for FreeBSD\n $sysconfig_file = undef\n $sysconfig_template = undef\n $sysconfig_startup_options = undef\n $sysconfig_disable_zone_checking = undef\n $sysconfig_resolvconf_integration = undef\n }\n 'Archlinux': {\n $dnsdir = '/etc'\n $vardir = '/var/named'\n $optionspath = \"${dnsdir}/named.options.conf\"\n $zonefilepath = \"${vardir}/dynamic\"\n $localzonepath = 'unmanaged' # \"${dnsdir}/named.local.conf\"\n $defaultzonepath = 'unmanaged'\n $publicviewpath = \"${dnsdir}/zones.conf\"\n $viewconfigpath = \"${dnsdir}/views\"\n $dns_server_package = 'bind'\n $namedservicename = 'named'\n $user = 'named'\n $group = 'named'\n $rndcconfgen = '/usr/sbin/rndc-confgen'\n $named_checkconf = '/usr/sbin/named-checkconf'\n # The sysconfig settings are not relevant for ArchLinux\n $sysconfig_file = undef\n $sysconfig_template = undef\n $sysconfig_startup_options = undef\n $sysconfig_disable_zone_checking = undef\n $sysconfig_resolvconf_integration = undef\n }\n default: {\n fail (\"Unsupported operating system family ${facts['os']['family']}\")\n }\n }\n\n $namedconf_path = \"${dnsdir}/named.conf\"\n\n #pertaining to rndc\n $rndckeypath = \"${dnsdir}/rndc.key\"\n\n $controls = {\n '127.0.0.1' => {\n 'port' => 953,\n 'allowed_addresses' => [ '127.0.0.1' ],\n 'keys' => [ 'rndc-key' ],\n },\n }\n}"}, {"name": "dns::service", "file": "manifests/service.pp", "line": 3, "docstring": {"text": "Enable and start dns service", "tags": [{"tag_name": "api", "text": "private"}]}, "source": "class dns::service {\n if $dns::manage_service {\n service { $dns::namedservicename:\n ensure => $dns::service_ensure,\n enable => $dns::service_enable,\n hasstatus => true,\n hasrestart => true,\n restart => $dns::service_restart_command,\n }\n }\n}"}, {"name": "website_blog_2", "file": "manifests/init.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "blog_root"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "domain"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "certname"}, {"tag_name": "param", "text": "", "types": ["Hash[String,Hash]"], "name": "blogs"}, {"tag_name": "param", "text": "", "types": ["Optional[Array[String]]"], "name": "domain_aliases"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "blog_server_name"}]}, "defaults": {"certname": "$domain", "blogs": "{}", "domain_aliases": "undef", "blog_server_name": "'blog-server'"}, "source": "class website_blog_2 (\n String $blog_root,\n String $domain,\n String $certname = $domain,\n Hash[String,Hash] $blogs = {},\n Optional[Array[String]] $domain_aliases = undef,\n String $blog_server_name = 'blog-server',\n) {\n\n ensure_packages(['website-blog-2', 'php-fpm'])\n\n file { '/var/website-blog-2':\n ensure => directory,\n }\n file { '/var/website-blog-2/.workdirs':\n ensure => directory,\n }\n\n letsencrypt::cert { $certname:\n include_self => false,\n domains => $domain_aliases << $domain,\n authenticator => 'nginx',\n }\n\n $default = {\n access_log => 'absent',\n error_log => 'absent',\n use_default_location => false,\n } + letsencrypt::conf::nginx($domain)\n\n include ::nginx\n\n nginx::resource::server { $blog_server_name:\n * => $default,\n server_name => [ $domain, ],\n index_files => [ 'index.php', 'index.html', 'index.htm', ],\n www_root => $blog_root,\n }\n\n if $domain_aliases {\n nginx::resource::server { \"${blog_server_name}-aliases\":\n * => $default,\n server_name => $domain_aliases,\n server_cfg_append => {\n 'return' => \"301 \\$scheme://${domain}\\$request_uri\",\n },\n }\n }\n\n create_resources(website_blog_2::instance, $blogs)\n}"}, {"name": "cgit", "file": "manifests/init.pp", "line": 51, "docstring": {"text": "Many of these options maps directly to cgit's options (replace\nunderscore with dash).\n\nAlso see cgitrc(5).", "tags": [{"tag_name": "param", "text": "Top title of webpage", "types": ["String"], "name": "root_title"}, {"tag_name": "param", "text": "Description under title on web page", "types": ["String"], "name": "root_desc"}, {"tag_name": "param", "text": "Directory to scan for git repos", "types": ["String"], "name": "scan_path"}, {"tag_name": "param", "text": "List of", "types": ["Array[String]"], "name": "clone_url"}, {"tag_name": "param", "text": "Webroot, media files and similar will be placed here", "types": ["String"], "name": "root"}, {"tag_name": "param", "text": "Where filter files shouldbe placed", "types": ["String"], "name": "filterpath"}, {"tag_name": "param", "text": "Source attribute passed along to puppet's file for the global\nsummary page. Mutually exclusive with root_readme_content.", "types": ["String"], "name": "root_readme_source"}, {"tag_name": "param", "text": "Content attribute passed along to puppet's file for the global\nsummary page. Mutually exclusive with root_readme_source.", "types": ["Optional[String]"], "name": "root_readme_content"}, {"tag_name": "param", "text": "SHA256 sum of root_readme_{source,content}", "types": ["Optional[String]"], "name": "root_readme_sha256"}, {"tag_name": "param", "text": "Optional extension of file. Useful if ones \"about\" filter checks\nfilename to determine rendering.", "types": ["String"], "name": "root_readme_extension"}, {"tag_name": "param", "text": "Enable cgit's built in dump HTTP clone entdpoint.", "types": ["Boolean"], "name": "enable_http_clone"}, {"tag_name": "param", "text": "A list of repos under scan_path which should be public. Used if\nmanage_server is set to nginx, and is also dumped to the file\n/usr/local/var/public-repos, for use by custom filters.", "types": ["Array[String]"], "name": "public_repos"}, {"tag_name": "param", "text": "Used for basic auth by nginx, if manage_server is true.", "types": ["Array[Struct[{\n name => String,\n pass => String,\n }]]"], "name": "users"}, {"tag_name": "param", "text": "Should a webserver be managed by us. Currently only nginx is\nsupported.", "types": ["Variant[Boolean, Enum['nginx']]"], "name": "manage_server"}, {"tag_name": "param", "text": "Passed to nginx::resource::server's server_name.", "types": ["Optional[String]"], "name": "server_name"}, {"tag_name": "param", "text": "Path to htpasswd file used by nginx's basic auth.", "types": ["String"], "name": "htpasswd"}, {"tag_name": "param", "text": "Path to system cgitrc file.", "types": ["String"], "name": "cgitrc"}, {"tag_name": "param", "text": "CGIT filters to be managed.\n@see cgit::filter", "types": ["Hash[String, Hash]"], "name": "filters"}, {"tag_name": "summary", "text": "Manages a cgit server"}]}, "defaults": {"clone_url": "[]", "root": "'/var/www/cgit'", "filterpath": "'/usr/lib/cgit/puppet-controlled-filters'", "root_readme_source": "\"puppet:///modules/${module_name}/root_readme\"", "root_readme_content": "undef", "root_readme_sha256": "undef", "root_readme_extension": "''", "enable_http_clone": "false", "public_repos": "[]", "users": "[]", "manage_server": "false", "server_name": "undef", "htpasswd": "'/var/lib/nginx/cgit-htpasswd'", "cgitrc": "'/etc/cgitrc'", "filters": "{}"}, "source": "class cgit (\n String $root_title,\n String $root_desc,\n String $scan_path,\n Array[String] $clone_url = [],\n String $root = '/var/www/cgit',\n String $filterpath = '/usr/lib/cgit/puppet-controlled-filters',\n String $root_readme_source = \"puppet:///modules/${module_name}/root_readme\",\n Optional[String] $root_readme_content = undef,\n Optional[String] $root_readme_sha256 = undef,\n String $root_readme_extension = '', # lint:ignore:params_empty_string_assignment\n Boolean $enable_http_clone = false,\n Array[String] $public_repos = [],\n Array[Struct[{\n name => String,\n pass => String,\n }]] $users = [],\n Variant[Boolean, Enum['nginx']] $manage_server = false,\n Optional[String] $server_name = undef,\n String $htpasswd = '/var/lib/nginx/cgit-htpasswd',\n String $cgitrc = '/etc/cgitrc',\n Hash[String, Hash] $filters = {},\n) {\n # TODO figure out where CSS comes from\n\n ensure_packages([\n 'git',\n 'cgit',\n ], { ensure => installed })\n\n # Cgit::Filter <| |> -> Concat[$cgitrc]\n\n concat { $cgitrc:\n ensure => present,\n }\n\n concat::fragment { 'cgit config upper half':\n order => 0,\n content => epp('cgit/upper.epp'),\n target => $cgitrc,\n }\n\n concat::fragment { 'cgit config lower half':\n order => 99,\n content => epp('cgit/lower.epp'),\n target => $cgitrc,\n }\n\n create_resources(cgit::filter, $filters)\n\n file { \"${root}/logo\":\n ensure => directory,\n }\n\n file { \"${root}/logo/logo.png\":\n ensure => file,\n source => 'puppet:///modules/cgit/logo.png',\n }\n\n file { \"${root}/logo/logo_large.png\":\n ensure => file,\n source => 'puppet:///modules/cgit/logo_large.png',\n }\n\n $chksum = if $root_readme_sha256 != undef {\n {\n 'checksum' => 'sha256',\n 'checksum_value' => $root_readme_sha256,\n }\n } else {\n {}\n }\n\n $readme = \"${root}/README${root_readme_extension}\"\n if $root_readme_content {\n file { $readme:\n ensure => file,\n content => $root_readme_content,\n * => $chksum,\n }\n } else {\n file { $readme:\n ensure => file,\n source => $root_readme_source,\n * => $chksum,\n }\n }\n\n file { ['/usr/local', '/usr/local/var']:\n ensure => directory,\n }\n\n file { '/usr/local/var/public-repos':\n ensure => file,\n content => ($public_repos << '').join(\"\\n\"),\n }\n\n if $manage_server {\n if $server_name == undef {\n fail('server_name must be set if manage_server is set')\n }\n }\n\n case $manage_server {\n 'nginx': {\n include cgit::nginx\n }\n default: {\n }\n }\n}"}, {"name": "cgit::filter_setup", "file": "manifests/filter_setup.pp", "line": 5, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "param", "text": "Where in the filesystem filters should be kept.", "types": ["String"], "name": "filterpath"}, {"tag_name": "summary", "text": "Basework for filters on system"}]}, "defaults": {"filterpath": "$cgit::filterpath"}, "source": "class cgit::filter_setup (\n String $filterpath = $cgit::filterpath,\n) {\n file { dirname($filterpath):\n ensure => directory,\n }\n\n file { $filterpath:\n ensure => directory,\n }\n}"}, {"name": "cgit::nginx", "file": "manifests/nginx.pp", "line": 3, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "summary", "text": "Manages nginx resources for cgit"}]}, "source": "class cgit::nginx {\n nginx::resource::server { 'cgit':\n server_name => [$cgit::server_name],\n access_log => 'absent',\n error_log => 'absent',\n index_files => [],\n try_files => ['$uri', '@cgit'],\n use_default_location => true,\n www_root => $cgit::root,\n * => letsencrypt::conf::nginx($cgit::server_name),\n }\n\n nginx::resource::location { '@cgit':\n fastcgi_params => 'fastcgi_params',\n fastcgi_param => {\n 'SCRIPT_FILENAME' => '/usr/lib/cgit/cgit.cgi',\n 'PATH_INFO' => '$fastcgi_script_name',\n 'QUERY_STRING' => '$args',\n },\n * => letsencrypt::conf::nginx::location($cgit::server_name),\n fastcgi => 'unix:/run/fcgiwrap.socket',\n server => [\n 'cgit',\n ],\n }\n\n file { $cgit::htpasswd:\n ensure => file,\n content => $cgit::users.map |$user| {\n [$user['name'], $user['pass']].join(':')\n }.join(\"\\n\"),\n }\n\n # TODO each repo name should be regex-escaped\n $re = $cgit::public_repos.join('|')\n\n nginx::resource::location { \"~ ^(/(${re})\\\\.git/.*)\" :\n * => letsencrypt::conf::nginx::location($cgit::server_name),\n server => 'cgit',\n priority => 450,\n fastcgi => 'unix:/run/fcgiwrap.socket',\n fastcgi_params => 'fastcgi_params',\n fastcgi_param => {\n 'SCRIPT_FILENAME' => '/usr/lib/git-core/git-http-backend',\n 'GIT_PROJECT_ROOT' => $cgit::scan_path,\n 'GIT_HTTP_EXPORT_ALL' => '\"\"',\n 'PATH_INFO' => '$1',\n },\n }\n\n nginx::resource::location { '~ (.*\\.git/.*)':\n * => letsencrypt::conf::nginx::location($cgit::server_name),\n server => 'cgit',\n location_cfg_append => {\n auth_basic => '\"CGit login\"',\n auth_basic_user_file => $cgit::htpasswd,\n },\n fastcgi => 'unix:/run/fcgiwrap.socket',\n fastcgi_params => 'fastcgi_params',\n fastcgi_param => {\n 'SCRIPT_FILENAME' => '/usr/lib/git-core/git-http-backend',\n 'GIT_PROJECT_ROOT' => $cgit::scan_path,\n 'GIT_HTTP_EXPORT_ALL' => '\"\"',\n 'PATH_INFO' => '$1',\n },\n }\n}"}, {"name": "networking", "file": "manifests/init.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Optional[Enum['systemd']]"], "name": "provider"}, {"tag_name": "param", "text": "", "types": ["Hash[String,Hash]"], "name": "items"}]}, "defaults": {"provider": "undef", "items": "{}"}, "source": "class networking (\n Optional[Enum['systemd']] $provider = undef,\n Hash[String,Hash] $items = {},\n) {\n\n # TODO choose a sensible provider here\n\n case $provider {\n 'systemd', undef: {\n include ::networking::networkd\n create_resources(networking::networkd_instance, $items)\n }\n default: {\n }\n }\n}"}, {"name": "networking::networkd", "file": "manifests/networkd.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Boolean"], "name": "notify_"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "manage_directory"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "path"}]}, "defaults": {"notify_": "true", "manage_directory": "true", "path": "'/etc/systemd/network'"}, "source": "class networking::networkd (\n Boolean $notify_ = true,\n Boolean $manage_directory = true,\n String $path = '/etc/systemd/network',\n) {\n if $manage_directory {\n file { $path:\n ensure => directory,\n purge => true,\n recurse => true,\n }\n }\n\n # Why this instead of `networkctl reload`?\n if $notify_ {\n exec { 'reload networkd':\n command => 'systemctl reload-or-restart systemd-networkd',\n path => ['/bin', '/usr/bin',],\n refreshonly => true,\n }\n }\n\n service { 'systemd-networkd':\n ensure => running,\n enable => true,\n }\n}"}, {"name": "nspawn", "file": "manifests/init.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "machine_dir"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "template_dir"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "puppet_server"}, {"tag_name": "param", "text": "", "types": ["Hash[String,Hash]"], "name": "templates"}, {"tag_name": "param", "text": "", "types": ["Hash[String,Hash]"], "name": "machines"}]}, "defaults": {"machine_dir": "'/var/lib/machines'", "template_dir": "'/var/lib/machines'", "puppet_server": "'puppet'"}, "source": "class nspawn (\n String $machine_dir = '/var/lib/machines',\n String $template_dir = '/var/lib/machines',\n String $puppet_server = 'puppet',\n Hash[String,Hash] $templates,\n Hash[String,Hash] $machines,\n) {\n create_resources(nspawn::machine, $machines)\n create_resources(nspawn::template, $templates)\n}"}, {"name": "nspawn::setup", "file": "manifests/setup.pp", "line": 1, "docstring": {"text": ""}, "source": "class nspawn::setup {\n\n # TODO find better file to use for containers\n\n file { '/usr/lib/systemd/resolv.conf':\n ensure => file,\n content => @(EOF)\n # File /usr/lib/systemd/resolv.conf managed by puppet\n # Local changes will be overwritten\n nameserver 10.0.0.40\n search adrift.space\n | EOF\n }\n\n service { 'machines.target':\n enable => true,\n }\n\n Nspawn::Template <| |> -> Nspawn::Machine <| |>\n\n}"}, {"name": "nsupdate", "file": "manifests/init.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Hash[String,Hash]"], "name": "instances"}, {"tag_name": "param", "text": "", "types": ["Hash[String,Hash]"], "name": "secrets"}]}, "source": "class nsupdate (\n Hash[String,Hash] $instances,\n Hash[String,Hash] $secrets,\n) {\n create_resources(nsupdate::instance, $instances)\n}"}, {"name": "nsupdate::setup", "file": "manifests/setup.pp", "line": 1, "docstring": {"text": ""}, "source": "class nsupdate::setup (\n) {\n\tfile { '/usr/libexec/nsupdate':\n\t ensure => directory,\n\t}\n\n\tfile { '/var/lib/nsupdate':\n\t ensure => directory,\n\t}\n\n\tensure_packages(['bind9-dnsutils'], {\n\t\tensure => installed,\n\t})\n}"}, {"name": "profiles::arch_builder", "file": "manifests/arch_builder.pp", "line": 4, "docstring": {"text": "Sets up an arch system for running my arch-builder script, which\nperiodically fetches a list of packages, and builds them for\ninclusion in an arch repo.", "tags": [{"tag_name": "param", "text": "", "types": ["Hash"], "name": "conf"}, {"tag_name": "param", "text": "", "types": ["Array"], "name": "package_list"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "package_list_file"}]}, "defaults": {"package_list_file": "'/usr/local/aur/aur-packages.yaml'"}, "source": "class profiles::arch_builder (\n Hash $conf,\n Array $package_list,\n String $package_list_file = '/usr/local/aur/aur-packages.yaml',\n) {\n include ::profiles::repo\n include ::profiles::sudo\n\n ensure_packages([\n 'base',\n 'base-devel',\n 'python',\n 'python-yaml',\n 'python-pip',\n # Note that auracle git is NOT in the standard repos, and needs to\n # be manually bootstraped to work\n 'auracle-git',\n ])\n\n\n ensure_packages([\n 'coloredlogs',\n 'graypy',\n ], { provider => 'pip', })\n\n $aur_builder = 'aur-builder'\n $aur_home = '/usr/local/aur'\n\n user { $aur_builder:\n system => true,\n home => $aur_home,\n shell => '/usr/bin/nologin',\n }\n\n file { '/etc/sudoers.d/aur_builder':\n content => \"${aur_builder} ALL=(ALL) NOPASSWD: /usr/bin/pacman\\n\",\n validate_cmd => '/usr/bin/visudo -cf %',\n }\n\n $conf_override = {\n 'package-list' => $package_list_file,\n }\n\n $yaml_settings = {\n 'header' => '# This file is controlled by Puppet',\n }\n\n file { '/etc/xdg/aur-runner':\n ensure => directory,\n } -> file { '/etc/xdg/aur-runner/config.yaml':\n content => hash2yaml($conf + $conf_override, $yaml_settings),\n }\n\n file { $package_list_file:\n ensure => file,\n force => true,\n content => hash2yaml({ 'packages' => $package_list }, $yaml_settings),\n }\n\n # TODO fetch actuall aur-runner...\n # https://git.hornquist.se/aur-runner/\n\n\n systemd::timer { 'aur-builder.timer':\n timer_source => 'puppet:///modules/profiles/arch_builder.timer',\n service_source => 'puppet:///modules/profiles/arch_builder.service',\n enable => true,\n }\n\n\n class { 'pacman::makepkg':\n makeflags => '-j4',\n packager => 'Hugo H\u00f6rnquist (automatically) <>',\n dlagents => {\n # Defaluts, but with --silent added\n 'file' => '/usr/bin/curl --silent -gqC - -o %o %u',\n 'ftp' => '/usr/bin/curl --silent -gqfC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %u',\n 'http' => '/usr/bin/curl --silent -gqb \"\" -fLC - --retry 3 --retry-delay 3 -o %o %u',\n 'https' => '/usr/bin/curl --silent -gqb \"\" -fLC - --retry 3 --retry-delay 3 -o %o %u',\n # Defaults, but needed since partial overrides aren't currently\n # supported\n 'rsync' => '/usr/bin/rsync --no-motd -z %u %o',\n 'scp' => '/usr/bin/scp -C %u %o',\n }\n\n }\n}"}, {"name": "profiles::arch_ports", "file": "manifests/arch_ports.pp", "line": 4, "docstring": {"text": "\"ports\" tree for arch linux, providing all PKGBUILD sources for the\npublic repos.\nhttps://archlinux.org/svn/", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "location"}]}, "defaults": {"location": "'/usr/local/arch'"}, "source": "class profiles::arch_ports (\n String $location = '/usr/local/arch',\n) {\n\n [ 'packages', 'community' ].each |$repo| {\n vcsrepo { \"${location}/${repo}\":\n ensure => present,\n provider => 'git',\n source => \"https://github.com/archlinux/svntogit-${repo}\",\n }\n }\n}"}, {"name": "profiles::archlinux::multilib", "file": "manifests/archlinux/multilib.pp", "line": 2, "docstring": {"text": "Enables the Archlinux multilib (read x86) repositories", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "repo_name"}, {"tag_name": "param", "text": "", "types": ["Enum['present', 'absent']"], "name": "ensure"}]}, "defaults": {"repo_name": "'multilib'", "ensure": "'present'"}, "source": "class profiles::archlinux::multilib (\n String $repo_name = 'multilib',\n Enum['present', 'absent'] $ensure = 'present',\n) {\n pacman::repo { $repo_name:\n ensure => $ensure,\n include => '/etc/pacman.d/mirrorlist',\n }\n}"}, {"name": "profiles::backlight", "file": "manifests/backlight.pp", "line": 2, "docstring": {"text": "Manage permissions for backlight devices"}, "source": "class profiles::backlight {\n group { 'backlight':\n system => true,\n }\n\n $rule = [\n 'ACTION==\"change\"',\n 'SUBSYSTEM==\"backlight\"',\n 'RUN+=\"/bin/chgrp backlight /sys/class/backlight/%k/brightness\"',\n 'RUN+=\"/bin/chmod g+w /sys/class/backlight/%k/brightness\"',\n ].join(', ')\n\n file { '/etc/udev/rules.d/backlight.rules':\n content => @(\"EOF\")\n # File managed by Puppet, local changes WILL get overwritten\n $rule\n | EOF\n }\n}"}, {"name": "profiles::certificate", "file": "manifests/certificate.pp", "line": 4, "docstring": {"text": "Sets up a certificate for this machine.\nShould preferably be included before a letsencrypt::domain resource\nis declared.", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "cert_name"}, {"tag_name": "param", "text": "", "types": ["Letsencrypt::Authenticator"], "name": "authenticator"}, {"tag_name": "param", "text": "", "types": ["Hash[String,Any]"], "name": "config"}]}, "defaults": {"cert_name": "$::fqdn", "authenticator": "'nginx'", "config": "{\n # more portable than 'systemctl reload nginx'\n 'post-hook' => 'nginx -s reload',\n }"}, "source": "class profiles::certificate (\n String $cert_name = $::fqdn,\n Letsencrypt::Authenticator $authenticator = 'nginx',\n Hash[String,Any] $config = {\n # more portable than 'systemctl reload nginx'\n 'post-hook' => 'nginx -s reload',\n },\n) {\n include ::letsencrypt\n\n letsencrypt::cert { $cert_name:\n domains => [ $::fqdn, ],\n authenticator => $authenticator,\n config => $config,\n }\n}"}, {"name": "profiles::cgit", "file": "manifests/cgit.pp", "line": 1, "docstring": {"text": ""}, "source": "class profiles::cgit (\n) {\n $filters = {\n 'about' => {\n source => 'https://git.hornquist.se/cgit-filters/plain/hugo-pre.sh',\n },\n 'auth' => {\n type => 'lua',\n source => [\n 'https://git.hornquist.se/cgit-filters/plain/hugo-authentication.lua',\n 'puppet:///modules/cgit/filters/auth-deny-all.lua',\n ],\n },\n 'source' => {\n source => 'puppet:///modules/cgit/filters/highlight.sh',\n },\n }\n\n include ::profiles::certificate\n letsencrypt::domain { 'git.hornquist.se':\n cert_name => $profiles::certificate::cert_name,\n }\n\n class { '::cgit':\n root_title => 'H\u00f6rnquist Git Repositories',\n root_desc => '\u16cf\u16a8\u16be\u16de\u16d6\u16cb\u16eb\u16d6\u16be\u16de\u16a8\u16cb\u16cf\u16eb\u16d7\u16df\u16cf\u16eb\u16da\u16a8\u16de\u16a8\u16be\u16cb\u16eb\u16c8\u16da\u16a8\u16be',\n scan_path => '/home/git/git',\n filters => $filters,\n manage_server => 'nginx',\n server_name => 'git.hornquist.se',\n root_readme_source => 'https://wiki.hornquist.se/gitserver-documentation.html',\n clone_url => [\n 'https://git.hornquist.se/$CGIT_REPO_URL.git',\n 'ssh://git@git.hornquist.se:git/$CGIT_REPO_URL.git',\n ],\n }\n}"}, {"name": "profiles::common", "file": "manifests/common.pp", "line": 2, "docstring": {"text": "Common settings which all hosts should have applied", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "timezone"}, {"tag_name": "param", "text": "", "types": ["Array[String]"], "name": "locales"}]}, "defaults": {"timezone": "'UTC'", "locales": "[ 'en_US.UTF-8', ]"}, "source": "class profiles::common (\n String $timezone = 'UTC',\n Array[String] $locales = [ 'en_US.UTF-8', ],\n) {\n\n $os_fam = $facts['os']['family'].downcase()\n if defined(\"profiles::common::${os_fam}\") {\n include \"profiles::common::${os_fam}\"\n }\n\n file { '/etc/hostname':\n content => \"${::hostname}\\n\",\n }\n\n file_line { 'hosts ourself':\n ensure => present,\n line => \"::1\\t${::fqdn}\\t${::hostname}\",\n match => $::fqdn,\n path => '/etc/hosts',\n }\n\n file { '/etc/localtime':\n ensure => link,\n target => \"/usr/share/zoneinfo/${timezone}\",\n }\n\n if $facts['os']['name'] == 'Debian' {\n ensure_packages (['locales'], {\n before => Exec['locale-gen'],\n })\n }\n\n # TODO possibly check in /usr/share/i18n/locales if file exists\n # there\n\n $fixed_locales = ($locales.map |$locale| {\n if $locale =~ /^[^.]*\\.(.*)$/ {\n \"${locale} ${1}\"\n } else {\n \"${locale} UTF-8\"\n }\n } + [ '' ])\n\n file { '/etc/locale.gen':\n content => $fixed_locales.join(\"\\n\")\n } ~> exec { 'locale-gen':\n path => [ '/bin', '/usr/bin', '/usr/sbin', ],\n refreshonly => true,\n }\n\n file { 'Default locales':\n path => '/etc/locale.conf',\n content => @(EOF)\n LANG=en_US.UTF-8\n LC_TIME=sv_SE.UTF-8\n | EOF\n }\n\n # Min priority, so it can still be overwritten\n file { '/etc/profile.d/00-terminal-name.sh':\n source => 'puppet:///modules/profiles/terminal-name.sh',\n }\n\n if $facts['virtual'] == 'systemd_nspawn' {\n include ::profiles::nspawned\n }\n\n ensure_packages([\n 'tree',\n 'lsof',\n 'unzip',\n ])\n\n ensure_packages(['nano'], { ensure => absent })\n\n file { '/etc/ld.so.conf.d/usr-local.conf':\n content => \"/usr/local/lib\\n\",\n }\n}"}, {"name": "profiles::common::archlinux", "file": "manifests/common/archlinux.pp", "line": 1, "docstring": {"text": ""}, "source": "class profiles::common::archlinux {\n ensure_packages([\n 'inetutils',\n ])\n\n class { 'pacman':\n parallel_downloads => ceiling($facts['processorcount'] / 2),\n update => true,\n }\n}"}, {"name": "profiles::common::debian", "file": "manifests/common/debian.pp", "line": 1, "docstring": {"text": ""}, "source": "class profiles::common::debian {\n $codename = $facts['os']['distro']['codename']\n file { '/etc/apt/sources.list.d/puppet7.list':\n content => @(\"EOF\")\n # Puppet 7 ${codename} Repository\n deb http://apt.puppetlabs.com ${codename} puppet7\n | EOF\n }\n\n # ensure_packages(['python3'])\n}"}, {"name": "profiles::common::redhat", "file": "manifests/common/redhat.pp", "line": 1, "docstring": {"text": ""}, "source": "class profiles::common::redhat {\n ensure_packages([\n 'hostname',\n 'iproute',\n 'iputils',\n 'python3',\n 'wget',\n ])\n}"}, {"name": "profiles::cowsay", "file": "manifests/cowsay.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Array[String]"], "name": "cowpath"}]}, "defaults": {"cowpath": "[\n '/usr/share/cows',\n '/usr/local/share/cows',\n ]"}, "source": "class profiles::cowsay (\n Array[String] $cowpath = [\n '/usr/share/cows',\n '/usr/local/share/cows',\n ],\n) {\n ensure_packages(['cowsay'])\n\n envvar { 'COWPATH':\n value => $cowpath.join(':'),\n }\n}"}, {"name": "profiles::dhcpd", "file": "manifests/dhcpd.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "dns_key_path"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "dns_key_name"}]}, "defaults": {"dns_key_path": "undef", "dns_key_name": "'dhcp'"}, "source": "class profiles::dhcpd (\n Optional[String] $dns_key_path = undef,\n Optional[String] $dns_key_name = 'dhcp',\n) {\n\n $menu = 'Raspberry Pi Boot'\n $menu_len = length($menu)\n\n class { 'dhcp':\n service_ensure => running,\n manage_service => false,\n dnsdomain => [\n 'dynamic.adrift.space',\n '1.0.10.in-addr.arpa',\n ],\n dnssearchdomains => [\n 'adrift.space',\n ],\n nameservers => [ '10.0.0.40', ],\n nameservers_ipv6 => [ '2001:9b1:eff:a600:2d8:61ff:fe51:d925', ],\n interfaces => [ $facts['networking']['primary'], ],\n dnsupdatekey => \"${dns_key_path}/${dns_key_name}.key\",\n dnskeyname => $dns_key_name,\n globaloptions => [\n # Declare vendor extension PXEClient\n 'space PXEClient',\n 'PXEClient.discovery-control code 6 = unsigned integer 8',\n 'PXEClient.menu-prompt code 10 = { unsigned integer 8, text }',\n 'PXEClient.boot-menu code 9 = { unsigned integer 16, unsigned integer 8, text }',\n\n # Instanciate vendor extension PXEClient\n 'PXEClient.discovery-control 3',\n 'PXEClient.menu-prompt 0 \"PXE\"',\n \"PXEClient.boot-menu 0 ${menu_len} \\\"${menu}\\\"\",\n ],\n # extra_config => [\n # 'allow booting',\n # 'allow bootp',\n # ],\n }\n\n dhcp::dhcp_class { 'vendor-classes':\n parameters => [\n 'match option vendor-class-identifier',\n ]\n }\n\n dhcp::pool { 'pool':\n network => '10.0.0.0',\n mask => '255.255.254.0',\n range => [ '10.0.1.10 10.0.1.250', ],\n gateway => '10.0.0.1',\n pxeserver => '10.0.0.40',\n options => [\n 'vendor-class-identifier \"PXEClient\"',\n ],\n parameters => [\n 'vendor-option-space PXEClient',\n ],\n }\n\n if defined('$dns::group') {\n user { 'dhcp':\n membership => 'minimum',\n groups => [ $dns::group, ],\n }\n }\n}"}, {"name": "profiles::dns_zones", "file": "manifests/dns_zones.pp", "line": 3, "docstring": {"text": "Sets up our dns-server, assumes that all zone information comes from\nhiera.", "tags": [{"tag_name": "param", "text": "", "types": ["Hash"], "name": "zones"}, {"tag_name": "param", "text": "", "types": ["Hash"], "name": "default"}, {"tag_name": "param", "text": "", "types": ["Optional[Hash]"], "name": "views"}, {"tag_name": "param", "text": "", "types": ["Hash"], "name": "view_defaults"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "default_view"}, {"tag_name": "param", "text": "", "types": ["Hash"], "name": "zonedata_default"}, {"tag_name": "param", "text": "", "types": ["Hash[String,Hash]"], "name": "zonedata"}, {"tag_name": "param", "text": "", "types": ["Hash[String,Array[Hash]]"], "name": "records"}]}, "defaults": {"default": "{}", "views": "undef", "view_defaults": "{}", "default_view": "'_GLOBAL_'", "zonedata_default": "{}", "zonedata": "{}", "records": "{}"}, "source": "class profiles::dns_zones (\n Hash $zones,\n Hash $default = {},\n Optional[Hash] $views = undef,\n Hash $view_defaults = {},\n String $default_view = '_GLOBAL_',\n Hash $zonedata_default = {},\n Hash[String,Hash] $zonedata = {},\n Hash[String,Array[Hash]] $records = {},\n) {\n\n if $views != undef {\n class { 'dns':\n enable_views => true,\n }\n create_resources(dns::view, $views, $view_defaults)\n } else {\n include ::dns\n }\n\n create_resources(dns::zone, $zones, $default)\n\n create_resources(dns_zone, $zonedata, $zonedata_default)\n\n $zonedata.each |$zone, $_| {\n Dns_record <<| zone == $zone |>>\n\n # This breaks if views are used\n # \"rndc reload $zone IN $view\" works, but then we have too loop\n # somehow\n exec { \"reload ${zone}\":\n command => ['rndc' ,'reload', $zone],\n path => ['/usr/bin', '/usr/sbin'],\n refreshonly => true,\n subscribe => Dns_zone[$zone],\n }\n }\n\n $records.each |$zone, $record_entries| {\n $zone_hash = $record_entries.map |$d| {\n $type = $d['type']\n $key = $d['key']\n $value = $d['value']\n [\"${zone} ${type} ${key} ${value}\", $d]\n }\n\n create_resources(dns_record, Hash($zone_hash), {\n 'zone' => $zone,\n })\n\n }\n\n\n}"}, {"name": "profiles::dolphin", "file": "manifests/dolphin.pp", "line": 2, "docstring": {"text": "Configure the file manager dolphin"}, "source": "class profiles::dolphin {\n ensure_packages ([\n 'dolphin',\n 'kde-cli-tools',\n 'ffmpegthumbs',\n 'kdegraphics-thumbnailers',\n 'konsole',\n 'breeze-icons',\n ], { ensure => installed })\n\n\n $dolphin_settings = {\n 'General' => {\n 'BrowseThroughArchives' => 'true',\n 'GlobalViewProps' => 'false',\n 'HomeUrl' => '/usr/net/video',\n 'OpenExternallyCalledFolderInNewTab' => 'false',\n 'RememberOpenedTabs' => 'false',\n 'ShowFullPath' => 'true',\n },\n 'MainWindow' => {\n 'MenuBar' => 'Disabled',\n 'ToolBarsMovable' => 'Disabled',\n },\n 'VersionControl' => {\n 'enabledPlugins' => [\n 'Dropbox',\n 'Git',\n ]\n },\n 'PreviewSettings' => {\n 'Plugins' => [\n 'appimagethumbnail',\n 'audiothumbnail',\n 'blenderthumbnail',\n 'comicbookthumbnail',\n 'djvuthumbnail',\n 'ebookthumbnail',\n 'exrthumbnail',\n 'directorythumbnail',\n 'fontthumbnail',\n 'imagethumbnail',\n 'jpegthumbnail',\n 'kraorathumbnail',\n 'windowsexethumbnail',\n 'windowsimagethumbnail',\n 'opendocumentthumbnail',\n 'gsthumbnail',\n 'svgthumbnail',\n 'textthumbnail',\n 'ffmpegthumbs',\n ]\n }\n }\n\n $dolphin_settings.map |$category, $group| {\n $group.map |$setting, $value| {\n ini_setting { \"Dolphin [${category}].${setting}\":\n path => '/etc/xdg/dolphinrc',\n section => $category,\n setting => $setting,\n value => $value ? {\n Array => $value.join(','),\n String => $value,\n }\n }\n }\n }\n}"}, {"name": "profiles::elasticsearch", "file": "manifests/elasticsearch.pp", "line": 1, "docstring": {"text": ""}, "source": "class profiles::elasticsearch (\n) {\n include ::java\n\n class { 'elasticsearch':\n restart_on_change => true,\n api_host => '0.0.0.0',\n }\n}"}, {"name": "profiles::fcgiwrap", "file": "manifests/fcgiwrap.pp", "line": 2, "docstring": {"text": "Sets up fciwrap, probably to be used in conjunction with nginx"}, "source": "class profiles::fcgiwrap {\n ensure_packages(['fcgiwrap'])\n\n service { 'fcgiwrap.socket':\n ensure => running,\n enable => true,\n }\n}"}, {"name": "profiles::firewall", "file": "manifests/firewall.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Enum['accept','drop','queue','return']"], "name": "policy"}]}, "defaults": {"policy": "'drop'"}, "source": "class profiles::firewall (\n Enum['accept','drop','queue','return'] $policy = 'drop',\n) {\n\tensure_packages ([\n\t\t'fail2ban',\n\t], { ensure => installed })\n\n firewallchain { ['INPUT:filter:IPv4', 'INPUT:filter:IPv6']:\n purge => true,\n policy => $policy,\n ignore => [\n 'f2b-ssh',\n ]\n }\n\n firewallchain { [\n 'f2b-sshd:filter:IPv4',\n 'f2b-sshd:filter:IPv6',\n 'f2b-sshlongterm:filter:IPv4',\n 'f2b-sshlongterm:filter:IPv6',\n ]:\n purge => false,\n }\n\n firewall { '000 accept all icmp':\n proto => icmp,\n action => accept,\n }\n\n firewall { '001 accept all loopback':\n proto => all,\n iniface => 'lo',\n action => accept,\n }\n\n firewall { '002 accept related and established':\n proto => all,\n state => ['RELATED', 'ESTABLISHED',],\n action => accept,\n }\n\n firewall { '000 accept all icmp IPv6':\n proto => icmp,\n action => accept,\n provider => 'ip6tables',\n }\n\n firewall { '001 accept all loopback IPv6':\n proto => all,\n iniface => 'lo',\n action => accept,\n provider => 'ip6tables',\n }\n\n firewall { '002 accept related and established IPv6':\n proto => all,\n state => ['RELATED', 'ESTABLISHED',],\n action => accept,\n provider => 'ip6tables'\n }\n\n firewall { '922 allow ssh':\n proto => tcp,\n dport => 'ssh',\n action => accept,\n }\n\n firewall { '922 allow ssh IPv6':\n proto => tcp,\n dport => 'ssh',\n action => accept,\n provider => 'ip6tables',\n }\n\n\tservice { 'fail2ban':\n\t\tensure => running,\n\t\tenable => true,\n\t}\n\n}"}, {"name": "profiles::group_profile", "file": "manifests/group_profile.pp", "line": 2, "docstring": {"text": "Set up profile.d/group.d, for group specific configurations."}, "source": "class profiles::group_profile {\n file { '/etc/profile.d/group-env.sh':\n ensure => 'file',\n content => @(EOF)\n for group in $(groups $(id -nu))\n do\n f=\"/etc/profile.d/group.d/${group}\"\n test -f \"$f\" && . $f\n done\n | EOF\n }\n\n file { '/etc/profile.d/group.d':\n ensure => 'directory',\n }\n}"}, {"name": "profiles::imagemagick", "file": "manifests/imagemagick.pp", "line": 2, "docstring": {"text": "Imagemagick configuration"}, "source": "class profiles::imagemagick {\n ensure_packages([\n 'imagemagick',\n ])\n\n # Allows handling of pdf:s\n file { '/etc/ImageMagick-7/policy.xml':\n content => epp('profiles/imagemagick-policy.xml', {\n policies => [\n { \n domain => 'coder',\n rights => 'read | write',\n pattern => 'PDF'\n },\n ]\n }),\n }\n}"}, {"name": "profiles::intel_backlight", "file": "manifests/backlight/intel.pp", "line": 3, "docstring": {"text": "udev(7)", "tags": [{"tag_name": "private", "text": ""}]}, "source": "class profiles::intel_backlight {\n\n rules = [\n 'ACTION==\"add\"',\n 'KERNEL==\"intel_backlight\"',\n 'SUBSYSTEM==\"backlight\"',\n 'GROUP=\"backlight\"',\n # TODO is this correct since some items are directories?\n 'MODE=\"0664\"',\n ]\n\n file { '/etc/udev/rules.d/50-intel_backlight.rules':\n content => $rules.join(', ')\n }\n}"}, {"name": "profiles::jenkins", "file": "manifests/jenkins.pp", "line": 6, "docstring": {"text": "https://www.jenkins.io/doc/book/system-administration/reverse-proxy-configuration-with-jenkins/reverse-proxy-configuration-nginx/", "tags": [{"tag_name": "param", "text": "The fully qualified domain name where jenkins should be found", "types": ["String"], "name": "server_name"}, {"tag_name": "param", "text": "The local port revproxied to", "types": ["Stdlib::Port"], "name": "jenkins_port"}]}, "defaults": {"jenkins_port": "8090"}, "source": "class profiles::jenkins (\n String $server_name,\n Stdlib::Port $jenkins_port = 8090,\n) {\n include ::nginx\n include ::profiles::certificate\n\n letsencrypt::domain { $server_name:\n cert_name => $profiles::certificate::cert_name,\n }\n\n nginx::resource::server { $server_name:\n ipv6_enable => true,\n ipv6_listen_options => '',\n www_root => '/var/run/jenkins/war/',\n use_default_location => false,\n access_log => absent,\n error_log => absent,\n * => letsencrypt::conf::nginx($server_name),\n }\n\n @@dns_record { $server_name:\n type => 'CNAME',\n zone => $facts['domain'],\n # TODO key should be $server_name local to domain name of host.\n key => 'jenkins',\n value => 'adrift.space.'\n }\n\n if $facts['letsencrypt_directory'][$server_name] {\n nginx::resource::location {\n default:\n server => $server_name,\n ;\n 'jenkins static':\n location => '~ \"^/static/[0-9a-fA-F]{8}\\/(.*)$\"',\n rewrite_rules => ['\"^/static/[0-9a-fA-F]{8}\\/(.*)\" /$1 last'],\n ;\n 'jenkins /userContent':\n location => '/userContent',\n www_root => '/var/lib/jenkins/',\n raw_append => @(EOF)\n if (!-f $request_filename) {\n rewrite (.*) /$1 last;\n break;\n }\n | EOF\n ;\n 'jenkins /':\n location => '/',\n proxy => \"http://[::]:${jenkins_port}\",\n index_files => [],\n ssl => true,\n ssl_only => true,\n }\n }\n}"}, {"name": "profiles::kibana", "file": "manifests/kibana.pp", "line": 1, "docstring": {"text": ""}, "source": "class profiles::kibana (\n) {\n\n class { 'kibana':\n config => {\n 'server.host' => '::',\n 'server.publicBaseUrl' => \"http://${::fqdn}\",\n }\n }\n\n}"}, {"name": "profiles::letsencrypt", "file": "manifests/letsencrypt.pp", "line": 2, "docstring": {"text": "Sets up letsencrypt for this host", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "certname"}, {"tag_name": "param", "text": "", "types": ["Array[String]"], "name": "domains"}, {"tag_name": "param", "text": "", "types": ["Enum['nginx','apache']"], "name": "provider"}]}, "defaults": {"certname": "$::fqdn", "domains": "[ $::fqdn, ]"}, "source": "class profiles::letsencrypt (\n String $certname = $::fqdn,\n Array[String] $domains = [ $::fqdn, ],\n Enum['nginx','apache'] $provider,\n) {\n\n include ::letsencrypt\n\n # TODO general restart comman\n $plugin = $provider\n $post_hook = $provider ? {\n 'nginx' => 'systemctl restart nginx.service',\n 'apache' => 'systemctl restart apache2.service',\n }\n\n case $facts['os']['family'] {\n 'Debian': {\n $nginx_plugin = 'python3-certbot-nginx'\n $apache_plugin = 'python3-certbot-apache'\n }\n 'RedHat': {\n if $facts['os']['name'] == 'Fedora' {\n $nginx_plugin = 'python3-certbot-nginx'\n $apache_plugin = 'python3-certbot-apache'\n } else {\n case $facts['os']['release']['major'] {\n '7': {\n $nginx_plugin = 'python2-certbot-nginx'\n $apache_plugin = 'python2-certbot-apache'\n }\n '8': {\n $nginx_plugin = 'python3-certbot-nginx'\n $apache_plugin = 'python3-certbot-apache'\n }\n }\n }\n }\n 'Archlinux': {\n $nginx_plugin = 'certbot-nginx'\n $apache_plugin = 'certbot-apache'\n }\n 'FreeBSD': {\n $nginx_plugin = 'py38-certbot-nginx'\n $apache_plugin = 'py38-certbot-apache'\n }\n }\n\n\n # TODO this requires that we have the webserver in question started.\n # TODO we also have the bootstrap problem, which I should find a\n # common solution for\n\n letsencrypt::certonly { $certname:\n ensure => present,\n domains => $domains,\n manage_cron => true,\n plugin => $plugin,\n additional_args => [ '--quiet', ],\n post_hook_commands => [ $post_hook, ],\n }\n}"}, {"name": "profiles::lightdm", "file": "manifests/lightdm.pp", "line": 1, "docstring": {"text": ""}, "source": "class profiles::lightdm {\n include ::lightdm\n include ::lightdm::config\n include ::lightdm::greeter::gtk\n\n lightdm::seat { '*':\n greeter_session => 'lightdm-gtk-greeter',\n greeter_show_manual_login => true,\n allow_user_switching => true,\n }\n}"}, {"name": "profiles::logging", "file": "manifests/logging.pp", "line": 2, "docstring": {"text": "Send system log to logserver", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "logserver"}]}, "source": "class profiles::logging (\n String $logserver,\n) {\n # arch\n # ensure_packages(['syslog-ng'])\n\n # service { 'syslog-ng@default':\n # }\n\n file { '/etc/rsyslog.d':\n ensure => directory,\n }\n\n file { '/etc/rsyslog.d/graylog.conf':\n content => \"*.* @${logserver}\\n\",\n }\n\n}"}, {"name": "profiles::mailserver", "file": "manifests/mailserver.pp", "line": 1, "docstring": {"text": ""}, "source": "class profiles::mailserver (\n) {\n class { '::postfix':\n inet_protocols => 'all',\n smtp_listen => 'all',\n }\n\n $destinations = [\n 'adrift.space',\n 'hornquist.se',\n 'localhost',\n 'localhost.localdomain',\n ]\n\n postfix::config { \n default: ensure => present ;\n 'mydomain': value => 'adrift.space' ;\n 'mydestination': value => $destinations.join(', ') ;\n }\n}"}, {"name": "profiles::mounts", "file": "manifests/mounts.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Hash[String,Hash]"], "name": "mounts"}]}, "defaults": {"mounts": "{}"}, "source": "class profiles::mounts (\n Hash[String,Hash] $mounts = {},\n) {\n\n case $facts['os']['family'] {\n 'Archlinux': {\n ensure_packages(['nfs-utils'])\n }\n 'Debian': {\n ensure_packages(['nfs-common'])\n }\n }\n\n create_resources(profiles::mounts::instance, $mounts)\n}"}, {"name": "profiles::mu4web", "file": "manifests/mu4web.pp", "line": 19, "docstring": {"text": "Instanciates an nginx server, and a gunicorn instance.", "tags": [{"tag_name": "param", "text": "Name of system package for mu4web", "types": ["String"], "name": "package_name"}, {"tag_name": "param", "text": "Where mu4web should be made available\nTODO Will currently CNAME that domain to gandalf.adrift.space", "types": ["String"], "name": "server_name"}, {"tag_name": "param", "text": "Address to use for wsgi (gunicorn) instance", "types": ["String"], "name": "wsgi_server"}, {"tag_name": "param", "text": "Port to use for wsgi (gunicorn) instance", "types": ["Stdlib::Port"], "name": "wsgi_port"}, {"tag_name": "param", "text": "*Actuall* address used by wsgi instance. Should be possible to\nchange this to a unix socket.", "types": ["String"], "name": "wsgi_address"}, {"tag_name": "param", "text": "Secret key for flask instance.", "types": ["Sensitive[String]"], "name": "secret_key"}, {"tag_name": "summary", "text": "Sets up mu4web"}]}, "defaults": {"package_name": "'mu4web'", "server_name": "'mail.adrift.space'", "wsgi_server": "'localhost'", "wsgi_port": "8095", "wsgi_address": "\"${wsgi_server}:${wsgi_port}\"", "secret_key": "Sensitive(extlib::cache_data('mu4web', 'mu4web_secret_key', extlib::random_password(24)))"}, "source": "class profiles::mu4web (\n String $package_name = 'mu4web',\n String $server_name = 'mail.adrift.space',\n String $wsgi_server = 'localhost',\n Stdlib::Port $wsgi_port = 8095,\n String $wsgi_address = \"${wsgi_server}:${wsgi_port}\",\n Sensitive[String] $secret_key = Sensitive(extlib::cache_data('mu4web', 'mu4web_secret_key', extlib::random_password(24))),\n) {\n include ::nginx\n include ::profiles::certificate\n\n letsencrypt::domain { $server_name:\n cert_name => $profiles::certificate::cert_name,\n }\n\n ensure_packages([$package_name])\n\n gunicorn::instance { 'mu4web':\n app => 'mu4web.main:app',\n # TODO generalize this.\n user => 'hugo',\n group => 'nobody',\n address => $wsgi_address,\n }\n\n # https://flask.palletsprojects.com/en/2.2.x/config/#instance-folders\n # TODO directories\n file { '/usr/var/mu4web.main-instance/settings.py':\n content => epp(\"${module_name}/mu4web.py.epp\"),\n }\n\n nginx::resource::server { $server_name:\n ipv6_enable => true,\n ipv6_listen_options => '',\n www_root => '/',\n use_default_location => false,\n access_log => absent,\n error_log => absent,\n * => letsencrypt::conf::nginx($server_name),\n }\n\n # TODO generalize this\n @@dns_record { $server_name:\n key => 'mail',\n value => 'gandalf',\n type => 'CNAME',\n zone => $facts['domain'],\n }\n\n if $facts['letsencrypt_directory'][$server_name] {\n nginx::resource::location {\n default:\n server => $server_name,\n ssl => true,\n ssl_only => true,\n index_files => [],\n ;\n \"${server_name} - mu4web /\":\n location => '/',\n try_files => ['$uri', '@gunicorn',],\n ;\n \"${server_name} - mu4web @gunicorn\":\n location => '@gunicorn',\n proxy => \"http://${wsgi_address}\",\n }\n }\n}"}, {"name": "profiles::mysql", "file": "manifests/mysql.pp", "line": 1, "docstring": {"text": ""}, "source": "class profiles::mysql {\n require ::mysql::server\n\n mysql_user { 'root@localhost':\n ensure => present,\n plugin => 'unix_socket',\n }\n}"}, {"name": "profiles::nginx", "file": "manifests/nginx.pp", "line": 1, "docstring": {"text": ""}, "source": "class profiles::nginx {\n include ::nginx\n\n firewall { '100 allow HTTP':\n proto => 'tcp',\n dport => [ 'http', 'https', ],\n action => accept,\n }\n\n firewall { '100 allow HTTP IPv6':\n proto => 'tcp',\n dport => [ 'http', 'https', ],\n action => accept,\n provider => 'ip6tables',\n }\n}"}, {"name": "profiles::nginx_userdir", "file": "manifests/nginx_userdir.pp", "line": 3, "docstring": {"text": "Configures nginx locations for user specific directories, where the\nusername is a subdomain.", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "servername"}]}, "defaults": {"servername": "$::fqdn"}, "source": "class profiles::nginx_userdir (\n $servername = $::fqdn,\n) {\n include ::nginx\n\n # TODO wildcard certificate\n $_servername = regsubst($servername, '[.]', '\\.', 'G', 'N')\n nginx::resource::server { \"userdir ${servername}\":\n server_name => [\"~^(?P<uname>[a-z][-a-z0-9]*)\\\\.${_servername}\"],\n use_default_location => false,\n www_root => '/home/$uname/.public',\n ssl => false,\n # * => letsencrypt::conf::nginx($servername),\n index_files => [\n 'index.cgi',\n 'index.php',\n 'index.html',\n 'index.htm',\n ],\n }\n\n $nginx_defaults = {\n server => \"userdir ${servername}\",\n ssl => false,\n ssl_only => false,\n index_files => [],\n }\n\n nginx::resource::location { \"userdir.${servername} /\":\n location => '/',\n autoindex => 'on',\n try_files => [\n '$uri',\n '$uri/',\n '=404',\n ],\n * => $nginx_defaults,\n }\n\n include ::profiles::fcgiwrap\n nginx::resource::location { \"userdir.${servername} cgi\":\n location => '~ \\.cgi$',\n fastcgi => 'unix:/run/fcgiwrap.socket',\n # TODO isn't socket name os dependant\n fastcgi_param => {\n 'PATH_INFO' => '$fastcgi_script_name',\n 'QUERY_STRING' => '$args',\n },\n * => $nginx_defaults,\n }\n\n include ::profiles::phpfpm\n # TODO doesn't socket location depend on both os and php version\n nginx::resource::location { \"userdir.${servername} php\":\n location => '~ \\.php$',\n fastcgi => 'unix:/run/php/php-fpm.sock',\n fastcgi_params => \"${nginx::conf_dir}/snippets/fastcgi-php.conf\",\n * => $nginx_defaults,\n }\n\n nginx::resource::location { \"userdir.${servername} deny .ht\":\n location => '~ /\\.ht',\n location_deny => ['all'],\n * => $nginx_defaults,\n }\n \n}"}, {"name": "profiles::nonlaptop", "file": "manifests/nonlaptop.pp", "line": 2, "docstring": {"text": "For laptops which now work as stationary workstations/servers", "tags": [{"tag_name": "param", "text": "", "types": ["Boolean"], "name": "dock"}]}, "defaults": {"dock": "false"}, "source": "class profiles::nonlaptop (\n Boolean $dock = false,\n) {\n ini_setting { 'Disable lid switch':\n ensure => present,\n path => '/etc/systemd/logind.conf',\n section => 'Login',\n setting => 'HandleLidSwitch',\n value => if $dock { 'suspend' } else { 'ignore' },\n }\n\n if ($dock) {\n ini_setting { 'Disable lid switch when docked':\n ensure => present,\n path => '/etc/systemd/logind.conf',\n section => 'Login',\n setting => 'HandleLidSwitchDocked',\n value => 'ignore',\n }\n }\n\n}"}, {"name": "profiles::nosol", "file": "manifests/nosol.pp", "line": 2, "docstring": {"text": "Ensure aisleriot isn't installed"}, "source": "class profiles::nosol {\n $pkgs = [\n 'aisleriot',\n 'kmines',\n 'gnome-mines',\n ]\n\n ensure_packages($pkgs, {\n ensure => absent,\n uninstall_options => ['--cascade'],\n })\n}"}, {"name": "profiles::nspawn_master", "file": "manifests/nspawn_master.pp", "line": 3, "docstring": {"text": "Various setup for machines which are expected to \"host\" other\nmachines through systemd-nspawned."}, "source": "class profiles::nspawn_master {\n file { '/var/lib/machines':\n ensure => directory,\n mode => 'o=rwx,g=x',\n }\n\n # TODO possibly include my helper script from gandalf:code/machines\n}"}, {"name": "profiles::nspawned", "file": "manifests/nspawned.pp", "line": 2, "docstring": {"text": "For machines managed through systemd-nspawn"}, "source": "class profiles::nspawned {\n case $facts['os']['family'] {\n 'Debian': {\n ensure_packages(['dbus', 'systemd-container'])\n }\n 'RedHat': {\n # Only tested on rocky\n ensure_packages(['dbus', 'systemd-container'])\n }\n 'Arch': {\n # Technicly pulled in through base -> systemd -> dbus, but this\n # is explicit.\n ensure_packages(['dbus'])\n }\n default: {\n }\n }\n\n service { 'dbus.socket':\n ensure => running,\n }\n\n}"}, {"name": "profiles::ntp", "file": "manifests/ntp.pp", "line": 2, "docstring": {"text": "Configures NTP"}, "source": "class profiles::ntp {\n\n ensure_packages([\n 'chrony'\n ])\n\n service { 'chronyd':\n ensure => running,\n enable => true,\n }\n}"}, {"name": "profiles::phpfpm", "file": "manifests/phpfpm.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "version"}]}, "defaults": {"version": "'7.4'"}, "source": "class profiles::phpfpm (\n String $version = '7.4',\n) {\n\n # The packageg php-fpm also exists, which simply pulls in php7.4-fpm\n\n ensure_packages([\"php${version}-fpm\"])\n\n service { \"php${version}-fpm\":\n ensure => running,\n enable => true,\n }\n\n systemd::dropin_file { 'runtime-dir.conf':\n unit => \"php${version}-fpm.service\",\n content => @(EOF)\n [Service]\n RuntimeDirectory=php\n | EOF\n }\n}"}, {"name": "profiles::phpldapadmin", "file": "manifests/phpldapadmin.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "nginx_server"}]}, "source": "class profiles::phpldapadmin (\n String $nginx_server,\n) {\n\n # TODO\n # include ::profiles::phpfpm\n\n class { 'phpldapadmin':\n auth_type => 'cookie',\n }\n\n # TODO do this better.\n # Debian gives this file through nginx-common, but I can't find it\n # for arch.\n file { '/etc/nginx/snippets/fastcgi-php.conf':\n content => @(EOF)\n # regex to split $uri to $fastcgi_script_name and $fastcgi_path\n fastcgi_split_path_info ^(.+?\\.php)(/.*)$;\n\n # Check that the PHP script exists before passing it\n try_files $fastcgi_script_name =404;\n\n # Bypass the fact that try_files resets $fastcgi_path_info\n # see: http://trac.nginx.org/nginx/ticket/321\n set $path_info $fastcgi_path_info;\n fastcgi_param PATH_INFO $path_info;\n\n fastcgi_index index.php;\n include fastcgi.conf;\n | EOF\n }\n\n nginx::resource::location { 'phpldapadmin':\n location => '~ \\.php$',\n server => $nginx_server,\n fastcgi_params => 'snippets/fastcgi-php.conf',\n fastcgi => 'unix:/run/php-fpm7/php-fpm.sock',\n ssl => true,\n ssl_only => true,\n www_root => '/usr/share/webapps/phpldapadmin',\n location_allow => [\n '127.0.0.1',\n '::1',\n \"${facts['network6']}/${extlib::netmask_to_cidr($facts['netmask6'])}\",\n \"${facts['network']}/${extlib::netmask_to_cidr($facts['netmask'])}\",\n ],\n location_deny => [\n 'all',\n ],\n }\n\n}"}, {"name": "profiles::publish_dns", "file": "manifests/publish_dns.pp", "line": 1, "docstring": {"text": ""}, "source": "class profiles::publish_dns (\n) {\n\n if fact('ipaddress6') {\n\n @@dns_record { \"AAAA automatic ${::fqdn}\":\n type => 'AAAA',\n zone => $facts['domain'],\n key => $facts['hostname'],\n value => $facts['ipaddress6'],\n }\n\n\n [$record, $zone] = dns_record::rev_record(\n $facts['networking']['ip6'],\n $facts['networking']['netmask6'])\n\n @@dns_record { \"PTR automatic ${::fqdn}\":\n type => 'PTR',\n zone => $zone,\n key => $record,\n value => \"${::fqdn}.\",\n }\n }\n\n}"}, {"name": "profiles::pulseaudio", "file": "manifests/pulseaudio.pp", "line": 1, "docstring": {"text": ""}, "source": "class profiles::pulseaudio {\n ensure_packages([\n 'pavucontrol',\n 'pulseaudio',\n ])\n}"}, {"name": "profiles::puppet_after_master", "file": "manifests/puppet_after_master.pp", "line": 1, "docstring": {"text": ""}, "source": "class profiles::puppet_after_master {\n file { '/etc/systemd/system/puppet.service.requires':\n ensure => directory,\n }\n\n file { '/etc/systemd/system/puppet.service.requires/systemd-nspawn@busting.service':\n ensure => link,\n target => '/usr/lib/systemd/system/systemd-nspawn@.service',\n }\n}"}, {"name": "profiles::puppetagent", "file": "manifests/puppetagent.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Hash"], "name": "extra_args"}]}, "defaults": {"extra_args": "{}"}, "source": "class profiles::puppetagent (\n Hash $extra_args = {},\n) {\n if defined(Class['profiles::puppetserver']) {\n fail('Can only either be puppetagent or puppetserver (which is also a puppetagent), not both')\n }\n\n case $facts['os']['family'] {\n 'RedHat': {\n ensure_packages(['cronie'])\n }\n }\n\n class { 'puppet':\n server => false,\n agent => true,\n show_diff => true,\n puppetmaster => $facts['extlib__puppet_config']['main']['server'],\n * => $extra_args,\n }\n\n}"}, {"name": "profiles::puppetboard", "file": "manifests/puppetboard.pp", "line": 1, "docstring": {"text": ""}, "source": "class profiles::puppetboard {\n # https://forge.puppet.com/modules/puppet/puppetboard/readme\n # Configure Apache\n class { 'apache':\n default_vhost => false,\n purge_configs => true,\n }\n\n $wsgi = $facts['os']['family'] ? {\n 'Debian' => {\n package_name => 'libapache2-mod-wsgi-py3',\n mod_path => '/usr/lib/apache2/modules/mod_wsgi.so',\n },\n default => {}\n }\n\n class { 'apache::mod::wsgi':\n * => $wsgi,\n }\n\n # Configure puppetboard\n\n class { 'puppetboard':\n manage_git => true,\n manage_virtualenv => true,\n require => Class['puppetdb'],\n puppetdb_port => 8080,\n # Required for /metrics/ to work\n puppetdb_host => '127.0.0.1',\n enable_catalog => true,\n python_loglevel => 'info',\n offline_mode => true,\n default_environment => '*',\n }\n\n class { '::profiles::letsencrypt':\n provider => apache,\n }\n\n # Only set up TLS if we are ready. This allows us to bootstrap\n # ourselves the next run.\n $certname = lookup('certname')\n if $certname and $facts['letsencrypt_directory'][$certname] {\n class { 'puppetboard::apache::vhost':\n vhost_name => $::fqdn,\n port => 443,\n ssl => true,\n ssl_cert => \"/etc/letsencrypt/live/${certname}/cert.pem\",\n ssl_key => \"/etc/letsencrypt/live/${certname}/privkey.pem\",\n ssl_chain => \"/etc/letsencrypt/live/${certname}/fullchain.pem\",\n }\n\n apache::vhost { \"http-redirect\":\n servername => $::fqdn,\n port => 80,\n redirect_source => ['/'],\n redirect_dest => [\"https://${::fqdn}/\"],\n redirect_status => ['permanent'],\n docroot => false,\n }\n } else {\n class { 'puppetboard::apache::vhost':\n vhost_name => $::fqdn,\n port => 80,\n ssl => false,\n }\n }\n}"}, {"name": "profiles::puppetdb", "file": "manifests/puppetdb.pp", "line": 1, "docstring": {"text": ""}, "source": "class profiles::puppetdb {\n exec { '/opt/puppetlabs/bin/puppetdb ssl-setup':\n creates => '/etc/puppetlabs/puppetdb/ssl/ca.pem'\n }\n\n class { 'puppetdb':\n listen_address => '::', # Just accept insecure connections\n disable_ssl => false,\n # This sohuld in theory allow full access to the database, but it\n # doesn't seem to do that. See [AUTH]\n certificate_whitelist => [ $::servername, ],\n }\n\n # [AUTH] Innstead, in /etc/puppetlabs/puppetdb/conf.d/auth.conf\n # i changed the rule\n # match-request: /metrics\n # to allow anything:\n # - allow: \"*\"\n # + allow-unauthenticated: true\n\n # This is \"requried\", and is recommended to be included in this way\n # (presumably to later allow setting parameters)\n class { 'puppetdb::master::config':\n # Puppetdb sets up the puppetserver resource, to be able to\n # trigger a refresh, and contains a defined(Service[$puppet_service_name])\n # check beforehand, but for some reason it just doesn't work. So\n # we just disable it expliticly, and assume that\n # profiles::puppetserver is also pulled in.\n create_puppet_service_resource => false,\n }\n}"}, {"name": "profiles::puppetserver", "file": "manifests/puppetserver.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Hash"], "name": "hiera"}]}, "defaults": {"hiera": "{\n 'version' => 5,\n 'defaults' => {\n 'datadir' => '/puppet',\n },\n 'hierarchy' => [\n {\n 'name' => 'Data',\n 'data_hash' => 'yaml_data',\n 'paths' => [\n 'nodes/%{trusted.certname}.yaml',\n 'os/name/%{facts.os.name}.yaml',\n 'os/family/%{facts.os.family}.yaml',\n 'common.yaml',\n ],\n }\n ]\n }"}, "source": "class profiles::puppetserver (\n Hash $hiera = {\n 'version' => 5,\n 'defaults' => {\n 'datadir' => '/puppet',\n },\n 'hierarchy' => [\n {\n 'name' => 'Data',\n 'data_hash' => 'yaml_data',\n 'paths' => [\n 'nodes/%{trusted.certname}.yaml',\n 'os/name/%{facts.os.name}.yaml',\n 'os/family/%{facts.os.family}.yaml',\n 'common.yaml',\n ],\n }\n ]\n },\n) {\n\n if defined(Class['profiles::puppetagent']) {\n fail('Can only either be puppetagent or puppetserver (which is also a puppetagent), not both')\n }\n\n # required for the git hook\n ensure_packages(['ruby'])\n\n file { '/usr/libexec':\n ensure => directory,\n }\n\n ensure_packages(['python3-yaml'])\n\n inifile::create_ini_settings(\n { common => { \n node_fmt => yaml,\n nodes => '/puppet/nodes.yaml',\n },\n },\n { \n path => '/etc/node-classifier.ini',\n }\n )\n\n file { '/usr/libexec/external-node-classifier':\n mode => '0555',\n source => 'puppet:///modules/profiles/node-classifier.py',\n }\n\n class { 'puppet':\n server => true,\n show_diff => true,\n server_foreman => false,\n server_reports => 'puppetdb',\n server_storeconfigs => true,\n server_git_repo => true,\n server_git_repo_path => '/var/lib/puppet.git',\n server_external_nodes => '/usr/libexec/external-node-classifier',\n server_strict_variables => true,\n autosign_entries => [\n '*.adrift.space',\n ],\n }\n\n # This is the default value, and shouldn't have to be set (which is\n # why theforeman-puppet module doesnt), but puppetlabs-puppetdb\n # does, which forecus us into an infinite restart loop since\n # the main config is constantly changed\n if ! defined(Puppet::Config::Master['storeconfigs_backend']) {\n puppet::config::master { 'storeconfigs_backend':\n value => 'puppetdb',\n }\n }\n\n # TODO\n # apt install puppetdb-termini\n\n file { \"/etc/puppetlabs/puppet/hiera.yaml\":\n ensure => file,\n content => hash2yaml($hiera, {\n 'header' => '# This file is managed by puppet',\n }),\n }\n}"}, {"name": "profiles::raspberry_builder", "file": "manifests/raspberry_builder.pp", "line": 2, "docstring": {"text": "Sets up a machine for building raspberry pi images"}, "source": "class profiles::raspberry_builder {\n ensure_packages([\n 'debootstrap',\n 'qemu-user-static',\n 'parted',\n 'dosfstools', # mkfs.fat\n 'e2fsprogs', # mkfs.ext4\n ])\n\n service { 'binfmt-support':\n enable => true,\n subscribe => Package['qemu-user-static'],\n }\n}"}, {"name": "profiles::remarkable", "file": "manifests/remarkable.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "iface"}]}, "defaults": {"iface": "'usb0'"}, "source": "class profiles::remarkable (\n String $iface = 'usb0',\n) {\n\n file_line { 'remarkable usb':\n ensure => present,\n path => '/etc/hosts',\n line => '10.11.99.1 remarkable.usb remarkable',\n }\n\n networking::networkd_instance { 'remarkable-usb':\n content => {\n 'Match' => {\n 'Name' => $iface,\n },\n 'Network' => {\n 'Description' => 'Remarkable USB connection',\n 'DHCP' => 'ipv4',\n },\n },\n }\n}"}, {"name": "profiles::repo", "file": "manifests/repo.pp", "line": 2, "docstring": {"text": "Configure private custom repo for those dists that support it", "tags": [{"tag_name": "param", "text": "", "types": ["Enum['present', 'absent']"], "name": "ensure"}]}, "defaults": {"ensure": "'present'"}, "source": "class profiles::repo (\n Enum['present', 'absent'] $ensure = 'present',\n) {\n case $facts['osfamily'] {\n 'Archlinux': {\n pacman::repo { 'adrift-space':\n ensure => $ensure,\n server => 'https://repo.adrift.space/arch',\n siglevel => 'Optional',\n }\n }\n 'Debian': {\n $cn = $facts['os']['distro']['codename']\n $content = @(\"EOF\")\n # File managed by Puppet\n # Local changes WILL be overwritten\n deb [trusted=yes] https://repo.adrift.space/debian ${cn} main\n deb-src [trusted=yes] https://repo.adrift.space/debian ${cn} main\n | EOF\n file { '/etc/apt/sources.list.d/adrift-space.list':\n ensure => if $ensure == 'present' { 'file' } else { 'absent' },\n content => $content,\n }\n }\n }\n}"}, {"name": "profiles::repomaster", "file": "manifests/repomaster.pp", "line": 2, "docstring": {"text": "Configures web server for serving package repo.", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "directory"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "hostname"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "publish_dns"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "dns_zone"}]}, "defaults": {"hostname": "\"repo.${::fqdn}\"", "publish_dns": "false", "dns_zone": "undef"}, "source": "class profiles::repomaster (\n String $directory,\n String $hostname = \"repo.${::fqdn}\",\n Boolean $publish_dns = false,\n Optional[String] $dns_zone = undef,\n) {\n\n include ::profiles::nginx\n\n include ::profiles::certificate\n letsencrypt::domain { $hostname:\n cert_name => $profiles::certificate::cert_name,\n }\n\n nginx::resource::server { $hostname:\n www_root => $directory,\n autoindex => 'on',\n use_default_location => true,\n ipv6_enable => true,\n ipv6_listen_options => '',\n listen_options => '',\n * => letsencrypt::conf::nginx($hostname),\n }\n\n if $publish_dns {\n # TODO Separate toggles for ipv4 and ipv6\n # Since ipv4 might be internal and shouldn't be exported.\n # @@dns_record { \"${hostname} A\":\n # type => 'A',\n # zone => $dns_zone,\n # key => $hostname,\n # value => $facts['ipaddress'],\n # }\n\n @@dns_record { \"${hostname} AAAA\":\n type => 'AAAA',\n zone => $dns_zone,\n key => $hostname,\n value => $facts['ipaddress6'],\n }\n }\n}"}, {"name": "profiles::resolv", "file": "manifests/resolv.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Array[String]"], "name": "nameservers"}, {"tag_name": "param", "text": "", "types": ["Array[String]"], "name": "search"}]}, "defaults": {"search": "[]"}, "source": "class profiles::resolv (\n Array[String] $nameservers,\n Array[String] $search = [],\n) {\n\n $lines = ['# File managed by Puppet']\n + $nameservers.map |$n| { \"nameserver ${n}\" } \n + if $search != [] { [ \"search ${search.join(' ')}\" ] } else { [] }\n + [\"\"] # for trailing newline\n\n file { '/etc/resolv.conf':\n ensure => file,\n content => $lines.join(\"\\n\"),\n }\n\n}"}, {"name": "profiles::shiori", "file": "manifests/shiori.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "server_name"}, {"tag_name": "param", "text": "", "types": ["Array[String]"], "name": "group_members"}, {"tag_name": "param", "text": "", "types": ["Stdlib::Port"], "name": "port"}]}, "defaults": {"group_members": "[]", "port": "8080"}, "source": "class profiles::shiori (\n String $server_name,\n Array[String] $group_members = [],\n Stdlib::Port $port = 8080,\n) {\n\n class { 'shiori':\n port => $port,\n }\n\n group { 'shiori':\n ensure => present,\n members => $group_members,\n }\n\n include ::profiles::group_profile\n\n file { '/etc/profile.d/group.d/shiori':\n ensure => file,\n content => \"export SHIORI_DIR=${shiori::dir}\\n\",\n }\n\n include ::nginx\n\n include ::profiles::certificate\n letsencrypt::domain { $server_name:\n cert_name => $profiles::certificate::cert_name,\n }\n\n nginx::resource::server { $server_name:\n ipv6_enable => true,\n ipv6_listen_options => '',\n www_root => $shiori::dir,\n use_default_location => false,\n access_log => absent,\n error_log => absent,\n * => letsencrypt::conf::nginx($server_name),\n }\n\n if $facts['letsencrypt_directory'][$server_name] {\n nginx::resource::location { 'shiori /':\n location => '/',\n proxy => \"http://[::]:$port\",\n index_files => [],\n ssl => true,\n ssl_only => true,\n server => $server_name,\n add_header => {\n 'Access-Control-Allow-Origin' => 'https://lysator.liu.se',\n }\n }\n }\n}"}, {"name": "profiles::ssh", "file": "manifests/ssh.pp", "line": 1, "docstring": {"text": ""}, "source": "class profiles::ssh {\n include ::ssh\n\n $authorized_keys = lookup('ssh_authorized_keys', Array[Hash], undef, [])\n\n ssh::client::config::user { 'root':\n user_home_dir => '/root'\n }\n\n $authorized_keys.each |$key| {\n ssh_authorized_key { $key['name']:\n user => $key['user'],\n type => $key['type'],\n key => $key['key'],\n }\n }\n}"}, {"name": "profiles::sudo", "file": "manifests/sudo.pp", "line": 1, "docstring": {"text": ""}, "source": "class profiles::sudo {\n file { '/etc/sudoers':\n validate_cmd => '/usr/bin/visudo -cf %',\n content => @(EOF)\n Defaults insults\n root ALL=(ALL) ALL\n %root ALL=(ALL) ALL\n %wheel ALL=(ALL) ALL\n\n @includedir /etc/sudoers.d\n | EOF\n }\n\n file { '/etc/sudoers.d':\n ensure => directory,\n }\n}"}, {"name": "profiles::syncthing", "file": "manifests/syncthing.pp", "line": 5, "docstring": {"text": "Sets up a syncthing node, available to the net.\nDoesn't configure reverse proxies or firewalls.\nAlso doesn't manage devices or folders in the instance. Those are\ncurrently seen as program state", "tags": [{"tag_name": "param", "text": "", "types": ["Array[String]"], "name": "enable_for"}]}, "defaults": {"enable_for": "[]"}, "source": "class profiles::syncthing (\n Array[String] $enable_for = [],\n) {\n\n class { 'syncthing':\n manage_repo => $::osfamily == 'Debian',\n service_type => 'systemd',\n }\n\n\n systemd::dropin_file { 'nospam.conf':\n ensure => absent,\n unit => 'syncthing@.service',\n content => @(EOF)\n [Service]\n ExecStart=\n ExecStart=/bin/bash -c 'set -o pipefail; /usr/bin/syncthing -no-browser -no-restart -logflags=0 | grep -v \"INFO: \"'\n | EOF\n }\n\n $enable_for.map |$user| {\n\n # TODO create deferred function returning passwd entries\n # {{{ruby\n # require 'etc'\n # Etc.getpwnam('hugo')\n # }}}\n # {{{\n # => #<struct Etc::Passwd name=\"hugo\", passwd=\"x\", \n # uid=1000, gid=1000, \n # gecos=\"Hugo H\u00f6rnquist\",\n # dir=\"/home/hugo\", shell=\"/bin/bash\">\n # }}}\n $home = \"/home/${user}\"\n\n $conf_dir = \"/home/${user}/.config/syncthing\"\n\n syncthing::instance { $user:\n home_path => $conf_dir,\n daemon_uid => $user,\n gui => true,\n gui_tls => false,\n gui_address => '[::]',\n # TODO ldap\n gui_port => 8384,\n options => {\n 'startBrowser' => 'false',\n }\n # defaults\n }\n\n # ensure_packages(['syncthing-gtk-python3'])\n }\n}"}, {"name": "profiles::synth", "file": "manifests/synth.pp", "line": 1, "docstring": {"text": ""}, "source": "class profiles::synth {\n\n ensure_packages([\n 'freepats-general-midi',\n ])\n\n file { '/etc/conf.d/fluidsynth':\n content => @(EOF)\n SOUND_FONT=/usr/share/soundfonts/freepats-general-midi.sf2\n OTHER_OPTS='-a alsa'\n | EOF\n }\n\n # TODO pull in aur package from \n # https://git.hornquist.se/archpkg/aconnect-service/\n\n # TODO setup the rest\n\n # - template:\n # dest: ~/.config/aconnect/impact\n # source: aconnect\n # vars:\n # input_unit: Impact LX25\n # output_unit: FLUID Synth\n # \n # - systemd:\n # name: aconnect@{{ impact }}\n # scope: user\n # enabled: yes\n # become: yes\n # become_user: hugo\n\n}"}, {"name": "profiles::tex", "file": "manifests/tex.pp", "line": 1, "docstring": {"text": ""}, "source": "class profiles::tex {\n ensure_packages([\n 'texlive-core',\n 'texlive-fontsextra',\n 'texlive-latexextra',\n 'texlive-pictures',\n ])\n}"}, {"name": "profiles::tftp", "file": "manifests/tftp.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "tftp_root"}]}, "defaults": {"tftp_root": "'/srv/tftp'"}, "source": "class profiles::tftp (\n String $tftp_root = '/srv/tftp',\n) {\n ensure_packages(['tftp-hpa'])\n\n file { '/etc/conf.d/tftpd':\n content => \"TFTPD_ARGS=\\\"--secure ${tftp_root}\\\"\\n\",\n notify => Service['tftpd'],\n }\n\n # Here to accept notify\n service { 'tftpd':\n }\n\n # What we actually want to start\n service { 'tftpd.socket':\n ensure => true,\n enable => true,\n }\n\n}"}, {"name": "profiles::transmission", "file": "manifests/transmission.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "nginx_server"}, {"tag_name": "param", "text": "", "types": ["Enum['None', 'Error', 'Info', 'Debug']"], "name": "msg_level"}]}, "defaults": {"nginx_server": "undef", "msg_level": "'Error'"}, "source": "class profiles::transmission (\n Optional[String] $nginx_server = undef,\n Enum['None', 'Error', 'Info', 'Debug'] $msg_level = 'Error',\n) {\n\n $transmission_url = '/transmission'\n $transmission_port = 9091\n\n if ($nginx_server) {\n require ::nginx\n\n nginx::resource::location { $transmission_url:\n proxy => \"http://localhost:${transmission_port}${transmission_url}\",\n proxy_set_header => [],\n server => $nginx_server,\n ssl => true,\n ssl_only => true,\n }\n }\n\n ensure_packages(['transmission-cli'],\n { ensure => installed })\n\n systemd::dropin_file { 'transmission-after.conf':\n unit => 'transmission.service',\n content => @(EOF)\n [Unit]\n After=network-online.target\n | EOF\n }\n\n systemd::dropin_file { 'transmission-flags.conf':\n unit => 'transmission.service',\n content => @(EOF)\n [Service]\n ExecStart=\n ExecStart=/usr/bin/transmission-daemon -f\n | EOF\n }\n\n # TODO whitelists are currently disabled, since they don't seem to\n # work. Possibly turn them on again some day.\n\n file { [\n '/var/lib/transmission',\n '/var/lib/transmission/.config',\n '/var/lib/transmission/.config/transmission-daemon',\n ]:\n ensure => directory,\n }\n\n # https://github.com/transmission/transmission/wiki/Editing-Configuration-File\n file { '/var/lib/transmission/.config/transmission-daemon/settings.json':\n notify => Service['transmission'],\n content => epp('profiles/transmission.json.epp', {\n rpc_username => 'hugo',\n # '{' + sha1(password + salt)\n # But I don't know how I managed to generate it, since\n # transmission rolls its own crypto\n rpc_password => '{eb43101d3b9aa02223466d7f98c5329c841c7967/Zr2tFpn',\n download_dir => '/usr/net/',\n rpc_whitelist => ['127.0.0.1', '::1'],\n rpc_port => $transmission_port,\n rpc_url => \"${transmission_url}/\",\n msg_level => case $msg_level {\n 'None': { 0 }\n 'Error': { 1 }\n 'Info': { 2 }\n 'Debug': { 3 }\n },\n }),\n }\n\n service { 'transmission':\n ensure => 'running',\n enable => true,\n }\n}"}, {"name": "profiles::webdav", "file": "manifests/webdav.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Hash[String,Hash]"], "name": "servers"}, {"tag_name": "param", "text": "", "types": ["Array[Array[String,2,2]]"], "name": "users"}]}, "source": "class profiles::webdav (\n Hash[String,Hash] $servers,\n Array[Array[String,2,2]] $users,\n) {\n create_resources(webdav_server, $servers, {\n users => $users\n })\n}"}, {"name": "profiles::webserver", "file": "manifests/webserver.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "servername"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "www_root"}]}, "defaults": {"servername": "$::fqdn", "www_root": "\"/var/www/${servername}\""}, "source": "class profiles::webserver (\n String $servername = $::fqdn,\n String $www_root = \"/var/www/${servername}\",\n) {\n include ::profiles::nginx\n include ::profiles::certificate\n letsencrypt::domain { $servername:\n cert_name => $profiles::certificate::cert_name,\n }\n\n nginx::resource::server { $servername:\n www_root => $www_root,\n listen_options => 'default_server',\n ipv6_enable => true,\n ipv6_listen_options => '',\n autoindex => 'on',\n use_default_location => true,\n index_files => [\n 'index.html',\n ],\n try_files => [\n '$uri',\n '$uri/',\n '=404',\n ],\n * => letsencrypt::conf::nginx($servername),\n }\n}"}, {"name": "profiles::website_blog_2", "file": "manifests/website_blog_2.pp", "line": 1, "docstring": {"text": ""}, "source": "class profiles::website_blog_2 {\n class { 'website_blog_2':\n blog_root => '/var/www/blog',\n domain => 'blog.hornquist.se',\n domain_aliases => [\n 'blogg.hornquist.se',\n ],\n }\n\n website_blog_2::instance { 'hugo':\n author => 'Hugo H\u00f6rnquist',\n blog_title => 'HugoNikanors blogg\u203d',\n subtitle => 'A blog about nothing, but mostly itself.',\n # vcs_repo => 'https://git.hornquist.se/blog-entries.git',\n }\n\n nginx::resource::location { \"${website_blog_2::blog_server_name} /\":\n server => $website_blog_2::blog_server_name,\n location => '= /',\n location_cfg_append => {\n 'return' => '307 /hugo',\n },\n * => letsencrypt::conf::nginx::location($website_blog_2::domain),\n }\n}"}, {"name": "profiles::wiki", "file": "manifests/wiki.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "wwwroot"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "server_name"}]}, "defaults": {"wwwroot": "'/var/www/wiki/'", "server_name": "\"wiki.${::fqdn}\""}, "source": "class profiles::wiki (\n String $wwwroot = '/var/www/wiki/',\n String $server_name = \"wiki.${::fqdn}\",\n) {\n\n ensure_packages([\n 'vimwiki-scripts',\n 'xapian-omega',\n ])\n\n include ::profiles::nginx\n include ::profiles::certificate\n letsencrypt::domain { $server_name:\n cert_name => $profiles::certificate::cert_name,\n }\n\n nginx::resource::server { $server_name:\n ipv6_enable => true,\n ipv6_listen_options => '',\n www_root => $wwwroot,\n use_default_location => false,\n autoindex => 'on',\n * => letsencrypt::conf::nginx($server_name),\n server_cfg_append => {\n charset => 'UTF-8',\n },\n }\n\n $auth_basic = {\n auth_basic => '\"Please log in\"',\n auth_basic_user_file => '\"/var/tmp/htpasswd\"',\n }\n\n nginx::resource::location {\n default:\n server => $server_name,\n * => letsencrypt::conf::nginx::location($server_name),\n ;\n 'wiki /search':\n location => '/search',\n fastcgi_params => 'fastcgi_params',\n fastcgi_param => {\n 'SCRIPT_FILENAME' => '/usr/lib/cgi-bin/omega/omega',\n },\n # TODO build fastcgi module, since this path changes between distros\n fastcgi => 'unix:/run/fcgiwrap.socket',\n location_cfg_append => $auth_basic,\n ;\n 'wiki /private':\n location => '/private',\n location_cfg_append => $auth_basic,\n ;\n 'wiki /':\n location => '/',\n ;\n }\n}"}, {"name": "profiles::wine", "file": "manifests/wine.pp", "line": 2, "docstring": {"text": "Installs Wine (is not an emulator)"}, "source": "class profiles::wine (\n) {\n $os_name = $facts['os']['family'].downcase()\n include \"profiles::wine::${os_name}\"\n}"}, {"name": "profiles::wine::archlinux", "file": "manifests/wine/archlinux.pp", "line": 2, "docstring": {"text": "See profiles::wine"}, "source": "class profiles::wine::archlinux {\n require profiles::archlinux::multilib\n\n ensure_packages([\n 'wine',\n 'wine-mono',\n ])\n}"}, {"name": "profiles::wireguard", "file": "manifests/wireguard.pp", "line": 2, "docstring": {"text": "qrencode -t ansiutf8 < tunnel.conf", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "port"}]}, "defaults": {"port": "51871"}, "source": "class profiles::wireguard (\n $port = 51871,\n) {\n ensure_packages ([\n 'wireguard-tools', # userspace utilities\n ])\n\n # TODO Where are these currently set in puppet?\n # sysctl -w net.ipv4.ip_forward=1\n # sysctl -w net.ipv6.conf.all.forwarding=1\n\n\n\n\n}"}, {"name": "profiles::wireguard_peer", "file": "manifests/wireguard_peer.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Variant[String,Sensitive[String]]"], "name": "private_key"}, {"tag_name": "param", "text": "", "types": ["Array[Hash]"], "name": "peers"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "ifname"}]}, "defaults": {"ifname": "'wg0'"}, "source": "class profiles::wireguard_peer (\n Variant[String,Sensitive[String]] $private_key,\n Array[Hash] $peers,\n String $ifname = 'wg0',\n) {\n include ::profiles::wireguard\n\n networking::networkd_instance { $ifname:\n type => 'netdev',\n content => {\n 'NetDev' => {\n 'Name' => $ifname,\n 'Kind' => 'wireguard',\n 'Description' => \"WireGuard tunnel ${ifname}\"\n },\n 'WireGuard' => {\n 'PrivateKey' => $private_key,\n },\n 'WireGuardPeer' => $peers,\n }\n }\n\n networking::networkd_instance { \"${ifname}-network\":\n type => 'network',\n content => {\n 'Match' => {\n 'Name' => $ifname,\n },\n 'Network' => {\n 'Address' => '2001:9b1:eff:a600:22cf:30ff:fe45:629e/128',\n },\n }\n }\n}"}, {"name": "profiles::wireguard_server", "file": "manifests/wireguard_server.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Variant[String,Sensitive[String]]"], "name": "private_key"}, {"tag_name": "param", "text": "", "types": ["Array[Hash]"], "name": "peers"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "ifname"}]}, "defaults": {"ifname": "'wg0'"}, "source": "class profiles::wireguard_server (\n Variant[String,Sensitive[String]] $private_key,\n Array[Hash] $peers,\n String $ifname = 'wg0',\n) {\n include ::profiles::wireguard\n\n networking::networkd_instance { $ifname:\n type => 'netdev',\n content => {\n 'NetDev' => {\n 'Name' => $ifname,\n 'Kind' => 'wireguard',\n 'Description' => \"Wireguard tunnel ${ifname}\",\n },\n 'WireGuard' => {\n 'ListenPort' => $profiles::wireguard::port,\n 'PrivateKey' => $private_key,\n },\n 'WireGuardPeer' => $peers,\n }\n }\n\n networking::networkd_instance { \"${ifname}-network\":\n type => 'network',\n content => {\n 'Match' => {\n 'Name' => $ifname,\n },\n 'Route' => {\n 'Destination' => '2001:9b1:eff:a600:22cf:30ff:fe45:629e/128',\n }\n }\n }\n\n firewall { '100 Forward wireguard to network':\n table => 'nat',\n chain => 'POSTROUTING',\n jump => 'MASQUERADE',\n outiface => 'br0',\n proto => 'all',\n provider => 'ip6tables',\n }\n\n # -A FORWARD -p udp -m udp --dport 51871 --destination $(dig +short gandalf.adrift.space AAAA)\n @@firewall { '100 Allow IPv6 traffic to wiregaurd':\n provider => 'ip6tables',\n proto => 'udp',\n dport => $profiles::wireguard::port,\n destination => $facts['ipaddress6'],\n tag => [ 'router', ],\n }\n\n # -A VSERVER -p udp -m udp --dport 51871 -j DNAT --to-destination 10.0.0.40\n @@firewall { '100 PortForward to wiregaurd server':\n provider => 'iptables',\n proto => 'udp',\n chain => 'VSERVER',\n dport => $profiles::wireguard::port,\n goto => 'DNAT',\n destination => $facts['ipaddress'],\n tag => [ 'router', ],\n }\n}"}, {"name": "profiles::workstation", "file": "manifests/workstation.pp", "line": 2, "docstring": {"text": "Workstation setup, for non graphical environmentns"}, "source": "class profiles::workstation (\n) {\n $os_name = $facts['os']['name'].downcase()\n if defined($os_name) {\n include \"::profiles::workstation::name::${os_name}\"\n }\n\n $os_fam = $facts['os']['family'].downcase()\n if defined($os_fam) {\n include \"::profiles::workstation::family::${os_fam}\"\n }\n\n include ::profiles::group_profile\n\n include ::profiles::repo\n\n if ($facts['systemd']) {\n file { 'User ssh-agent service':\n path => '/etc/systemd/user/ssh-agent.service',\n source => \"puppet:///modules/profiles/ssh-agent.service\",\n }\n }\n\n # NOTE Hard coding checksums here kind of defeats the point of\n # pulling in data from above (since we no longer get updates),\n # but since GitHub doesn't send checksum headers the files gets\n # updated every time otherwise, which creates noise.\n\n file { 'Dvorak A6 TTY keyboard layout':\n ensure => file,\n path => '/usr/share/kbd/keymaps/i386/dvorak/dvorak-sv-a6.map',\n checksum => 'md5',\n checksum_value => '96be6c1aa81522db46673c0f68e3336a',\n source => 'https://raw.githubusercontent.com/HugoNikanor/keymaps/master/linux-tty/dvorak-sv-a6.map',\n }\n\n file { 'Setup console':\n ensure => file,\n path => '/etc/vconsole.conf',\n content => epp('profiles/keyvalue.epp', { 'values' => {\n 'KEYMAP' => 'dvorak-sv-a6',\n 'FONT' => 'lat9v-12',\n }}),\n }\n\n # Packages I almost certainly want\n ensure_packages([\n 'bash-completion',\n 'cloc',\n 'ctags',\n 'ed',\n 'git',\n 'htop',\n 'moreutils',\n 'vi',\n 'wget',\n 'curl',\n ])\n\n # Packages I want for most system\n ensure_packages([\n 'direnv',\n 'elinks',\n 'ghc-libs',\n 'highlight',\n 'isync',\n 'mpc',\n 'mutt',\n 'ncmpc',\n 'nmap',\n 'pass',\n 'pass-otp',\n 'python-pip', # version depending on system?\n 'ranger',\n 'sshuttle',\n 'valgrind',\n 'weechat',\n ])\n\n\n include ::profiles::imagemagick\n include ::profiles::cowsay\n include ::profiles::tex\n include ::profiles::sudo\n include ::profiles::mounts\n}"}, {"name": "profiles::workstation::family::archlinux", "file": "manifests/workstation/family/archlinux.pp", "line": 1, "docstring": {"text": ""}, "source": "class profiles::workstation::family::archlinux {\n\n pacman::hook { 'systemd daemon-reload':\n description => 'Reload systemd user daemon',\n exec => '/bin/sudo systemctl --machine=hugo@.host --user daemon-reload',\n when => 'PostTransaction',\n trigger => {\n operation => 'Upgrade',\n type => 'Path',\n target => 'usr/lib/systemd/user/*',\n },\n }\n\n package { 'kernel-modules-hook':\n ensure => installed,\n } -> service { 'linux-modules-cleanup':\n enable => true,\n }\n\n $cpus = $facts['processors']['count'] - 1\n file_line { 'Makepkg paralell':\n path => '/etc/makepkg.conf',\n after => '^#-- Make flags',\n line => \"MAKEFLAGS='-j${cpus}'\"\n }\n\n ensure_packgaes ([\n 'inetutils',\n 'man-pages',\n 'man-pages-sv',\n 'net-tools',\n 'pkgfile',\n ])\n\n # remove\n # - netctl\n\n # aur-packages\n# - pacaur\n# - ansible-aur-git\n# - cyrus-sasl-xoauth2-git\n# - todotxt\n# - effitask\n# - getmail\n# - mu\n# # - pacaur\n# - pandoc-bin\n# - tlclient\n# # backups old modules on kernel update\n# - kernel-modules-hook\n\n\n}"}, {"name": "profiles::workstation::family::debian", "file": "manifests/workstation/family/debian.pp", "line": 1, "docstring": {"text": ""}, "source": "class profiles::workstation::family::debian {\n file { '/root/.selected-editor':\n ensure => file,\n replace => true, # basically force\n content => @(EOF)\n # Generated by puppet\n SELECTED_EDITOR=\"/usr/bin/vim.tiny\"\n | EOF\n }\n}"}, {"name": "profiles::workstation_x", "file": "manifests/workstation_x.pp", "line": 2, "docstring": {"text": "Workstation setup, for environments with X", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "xkb_layout"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "xkb_variant"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "xkb_options"}]}, "defaults": {"xkb_layout": "'planck'", "xkb_variant": "'dvorak_a6'", "xkb_options": "'compose:caps'"}, "source": "class profiles::workstation_x (\n String $xkb_layout = 'planck',\n String $xkb_variant = 'dvorak_a6',\n String $xkb_options = 'compose:caps',\n) {\n include ::profiles::workstation\n\n file { 'Dvorak A6 X11 keyboard layout':\n ensure => file,\n path => '/usr/share/X11/xkb/symbols/planck',\n checksum => 'md5',\n checksum_value => '1f1023f6958916de592695cedbc94e5c',\n source => 'https://raw.githubusercontent.com/HugoNikanor/keymaps/master/X11/planck',\n }\n\n file { '/etc/X11/xorg.conf.d':\n ensure => directory,\n recurse => false,\n }\n\n\n file { 'X11 Raise max clients':\n ensure => file,\n path => '/etc/X11/xorg.conf.d/99-maxclients.conf',\n content => @(EOF)\n Section \"ServerFlags\"\n Option \"MaxClients\" \"2048\"\n EndSection\n | EOF\n }\n\n file { 'Default X11 keymap':\n ensure => file,\n path => '/etc/X11/xorg.conf.d/00-keyboard.conf',\n content => @(\"EOF\")\n Section \"InputClass\"\n Identifier \"system-keyboard\"\n MatchIsKeyboard \"on\"\n Option \"XkbLayout\" \"${xkb_layout}\"\n Option \"XkbModel\" \"pc105\"\n Option \"XkbVariant\" \"${xkb_variant}\"\n Option \"XkbOptions\" \"${xkb_options}\"\n EndSection\n | EOF\n }\n\n file { 'Model M X11 keymap':\n ensure => file,\n path => '/etc/X11/xorg.conf.d/01-model-m.conf',\n content => @(EOF)\n Section \"InputClass\"\n Identifier \"Model M\"\n MatchUSBID \"17f6:0822\"\n Option \"XkbLayout\" \"us\"\n Option \"XkbVariant\" \"dvorak\"\n EndSection\n | EOF\n }\n\n\n file { 'Passmenu with OTP support':\n path => '/usr/local/bin/passmenu',\n mode => '0555',\n source => 'puppet:///modules/profiles/passmenu',\n }\n\n ensure_packages([\n 'alacritty',\n 'emacs',\n 'firefox',\n # TODO this fails if another conflicting vim is already installed\n 'gvim', # Arch specific name?\n 'otf-fira-mono',\n 'scrot',\n 'transmission-remote-gtk',\n 'ttf-fira-mono',\n 'xclip',\n 'xorg',\n 'xorg-xinit',\n 'xorg-fonts-misc',\n 'arandr',\n 'xterm',\n 'zathura',\n 'zathura-pdf-mupdf',\n 'zathura-ps',\n ])\n\n include ::profiles::pulseaudio\n include ::profiles::xmonad\n}"}, {"name": "profiles::xandikos", "file": "manifests/xandikos.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "sock"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "server_name"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "user_file"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "user"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "group"}]}, "defaults": {"server_name": "\"xandikos.${::fqdn}\"", "user_file": "'/etc/xandikos/htpasswd'", "user": "'xandikos'", "group": "'www-data'"}, "source": "class profiles::xandikos (\n String $sock,\n String $server_name = \"xandikos.${::fqdn}\",\n String $user_file = '/etc/xandikos/htpasswd',\n String $user = 'xandikos',\n String $group = 'www-data',\n) {\n ensure_packages(['xandikos'])\n\n user { $user:\n system => true,\n }\n\n systemd::unit_file { 'xandikos.service':\n content => @(\"EOF\")\n [Unit]\n Description=Xandikos CalDAV/CardDAV server\n After=network.target\n\n [Service]\n ExecStart=/usr/bin/xandikos -d /var/lib/xandikos --route-prefix=/dav --current-user-principal=/jelmer -l /run/sock\n User=${user}\n Group=${group}\n Restart=on-failure\n KillSignal=SIGQUIT\n Type=simple\n NotifyAccess=all\n | EOF\n }\n\n $certname = lookup('certname')\n $cert_dir = $facts['letsencrypt_directory'][$certname]\n\n nginx::resource::server { $server_name:\n ipv6_enable => true,\n ipv6_listen_options => '',\n ssl => true,\n ssl_redirect => true,\n use_default_location => false,\n ssl_cert => \"${cert_dir}/fullchain.pem\",\n ssl_key => \"${cert_dir}/privkey.pem\",\n }\n\n nginx::resource::location {\n default:\n server => $server_name,\n ssl => true,\n ssl_only => true,\n ;\n '/.well-known/caldav':\n location_cfg_append => { 'return' =>'307 $scheme://$host/users/calendars' },\n ;\n '/.well-known/cardav':\n location_cfg_append => { 'return' => '307 $scheme://$host/user/contacts' },\n ;\n 'xandikos /':\n location => '/',\n proxy => \"http://unix:${sock}\",\n auth_basic => 'Login Required',\n auth_basic_user_file => $user_file,\n ;\n }\n\n}"}, {"name": "profiles::xmonad", "file": "manifests/xmonad.pp", "line": 2, "docstring": {"text": "Setup xmonad, only tested on arch linux"}, "source": "class profiles::xmonad {\n ensure_packages ([\n 'xmonad',\n 'xmonad-contrib',\n # apparently really needed by xmonad\n 'xorg-fonts-misc',\n 'ghc',\n 'xorg-xmessage',\n 'dzen2',\n 'dmenu',\n 'rofi',\n 'haskell-dbus',\n 'haskell-old-locale',\n ], { ensure => installed })\n\n # Rebuilt my local xmonad config after an upgrade to xmonad.\n # It's required, I think due to something with dynamic linking.\n # It's actually pretty ugly that I'm hardcoded in here, but\n # something had to be done.\n pacman::hook { 'xmonad':\n ensure => 'absent',\n description => 'Rebuild local xmonad config.',\n when => 'PostTransaction',\n exec => '/bin/sudo -Hu hugo xmonad --recompile',\n trigger => {\n type => 'Package',\n operation => ['Upgrade', 'Install'],\n target => 'xmonad*',\n },\n }\n}"}, {"name": "shiori", "file": "manifests/init.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "port"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "dir"}, {"tag_name": "param", "text": "", "types": ["Enum['sqlite', 'mysql', 'postgresql']"], "name": "database"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "manage_db"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "db_pass"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "db_addr"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "db_user"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "db_name"}]}, "defaults": {"port": "8080", "dir": "'/var/www/shiori'", "database": "'sqlite'", "manage_db": "true", "db_pass": "undef", "db_addr": "undef", "db_user": "'shiori'", "db_name": "'shiori'"}, "source": "class shiori (\n $port = 8080,\n $dir = '/var/www/shiori',\n Enum['sqlite', 'mysql', 'postgresql'] $database = 'sqlite',\n Boolean $manage_db = true,\n Optional[String] $db_pass = undef,\n Optional[String] $db_addr = undef,\n String $db_user = 'shiori',\n String $db_name = 'shiori',\n) {\n\n # on arch this is available through the aur\n package { 'shiori-bin':\n ensure => installed,\n }\n\n user { 'shiori':\n ensure => present,\n system => true,\n home => $dir,\n }\n\n file { $dir:\n ensure => directory,\n owner => shiori,\n group => shiori,\n mode => '0750',\n }\n\n file { [\n \"${dir}/archive\",\n \"${dir}/thumb\",\n ] :\n ensure => directory,\n owner => shiori,\n group => shiori,\n mode => '0770',\n }\n\n file { \"${dir}/shiori.db\":\n owner => 'shiori',\n group => 'shiori',\n mode => '0660',\n }\n\n file { '/etc/systemd/system/shiori.service':\n ensure => file,\n source => 'puppet:///modules/shiori/shiori.service',\n }\n\n case $database {\n 'sqlite': {\n }\n 'mysql': {\n $extra_config = {\n 'SHIORI_DBMS' => 'mysql',\n 'SHIORI_MYSQL_USER' => '',\n }\n if ($manage_db) {\n error(\"Can't managae MySQL\")\n }\n }\n 'postgresql': {\n $extra_config = {\n 'SHIORI_DBMS' => 'postgresql',\n 'SHIORI_PG_USER' => '',\n 'SHIORI_PG_PASS' => '',\n 'SHIORI_PG_NAME' => '',\n 'SHIORI_PG_HOST' => '',\n 'SHIORI_PG_PORT' => '',\n }\n if ($manage_db) {\n # create database\n # create database user\n }\n }\n }\n\n file { '/etc/conf.d/shiori':\n ensure => 'file',\n content => @(\"EOF\")\n # This file is managed by Puppet.\n PORT=${port}\n SHIORI_DIR=${dir}\n | EOF\n }\n\n service { 'shiori':\n ensure => running,\n enable => true,\n require => [\n File['/etc/systemd/system/shiori.service'],\n File['/etc/conf.d/shiori'],\n ],\n }\n\n # Users could be managed here, through shioris HTTP API\n}"}, {"name": "syslinux", "file": "manifests/init.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "kernel"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "efi_root"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "bootentry"}, {"tag_name": "param", "text": "", "types": ["Hash[String,Syslinux::Bootentry,1]"], "name": "boot_entries"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "default_boot_entry"}]}, "defaults": {"kernel": "'linux'", "efi_root": "'/boot/efi'", "bootentry": "'syslinux'", "default_boot_entry": "$boot_entries.map |$k, $_| { $k }[0]"}, "source": "class syslinux (\n String $kernel = 'linux',\n String $efi_root = '/boot/efi',\n String $bootentry = 'syslinux',\n\n Hash[String,Syslinux::Bootentry,1] $boot_entries,\n String $default_boot_entry = $boot_entries.map |$k, $_| { $k }[0],\n) {\n\n $efi_dev = $facts['mountpoints'][$efi_root]\n if ! $efi_dev {\n fail(\"A device needs to be mounted on efi_root [${efi_root}]\")\n }\n # $efi_dev['device']\n\n ensure_packages ([\n $kernel,\n mkinitcpio,\n syslinux,\n efibootmgr,\n ], {\n ensure => installed,\n })\n\n file { \"/etc/mkinitcpio.d/${kernel}.preset\":\n ensure => file,\n source => \"puppet:///modules/${module_name}/mkinitcpio.${kernel}\",\n }\n\n # cp -r /usr/lib/syslinux/efi64 ${efi_root}/EFI/syslinux\n\n $device = $facts['mountpoints']['/']['device']\n $partuuid = $facts['blkid'][$device]['PARTUUID']\n\n\n $cpus = $facts['processors']['models']\n $has_amd = $cpus.any |$i| { $i =~ /AMD/ }\n $has_intel = $cpus.any |$i| { $i =~ /Intel/ }\n\n if $has_amd { ensure_packages(['amd-ucode']) }\n if $has_intel { ensure_packages(['intel-ucode']) }\n\n $entries = $boot_entries.map |$key, $entry| {\n case $entry['type'] {\n 'linux': {\n $extra_args = $entry['extra_args']\n $initrd = $entry['initrd']\n $initrd_multi = [\n if $has_amd { '../amd-ucode.img' },\n if $has_intel { '../intel-ucode.img' },\n \"../arch/${initrd}\",\n ].filter |$i| { $i != undef }.join(',')\n $hash = {\n 'APPEND' => \"root=PARTUUID=${partuuid} rw ${extra_args}\",\n 'INITRD' => $initrd_multi,\n 'LINUX' => \"../arch/vmlinuz-${kernel}\",\n }\n }\n 'com': {\n $com = $entry['com']\n $hash = {\n 'COM32' => \"${com}.c32\",\n }\n }\n }\n\n $common = { 'MENU LABEL' => $entry['label'], }\n [$key, $common + $hash]\n }.convert_to(Hash)\n\n file { \"${efi_root}/EFI/syslinux/syslinux.cfg\":\n content => epp(\"${module_name}/syslinux.cfg.epp\", {\n 'default' => $default_boot_entry,\n 'entries' => $entries,\n })\n }\n\n file { \"${efi_root}/EFI/arch\":\n ensure => directory,\n }\n\n $has_syslinux = $facts['efi']['boots'].any |$_, $value| {\n $value == $bootentry\n }\n\n $partition = $facts['partinfo'][basename($efi_dev['device'])]\n\n if ! $has_syslinux {\n $efi_device = $partition['device']\n $partid = $partition['partid']\n exec { \"efibootmgr --disk '/dev/${efi_device}' --part ${partid} --create --label '${bootentry}' --loader /EFI/syslinux/syslinux.efi\":\n path => [ '/usr/bin', '/bin', ],\n }\n }\n\n file { '/usr/libexec':\n ensure => directory,\n }\n\n file { '/usr/libexec/move-kernel':\n ensure => file,\n mode => '0555',\n content => @(\"EOF\"/$)\n #!/bin/sh\n # File managed by Puppet\n IFS='\\n' read data\n cp \"/\\$data\" \"${efi_root}/EFI/arch/vmlinuz-${kernel}\"\n | EOF\n }\n\n file { '/usr/libexec/move-ucode':\n ensure => file,\n mode => '0555',\n content => @(\"EOF\"/$)\n #!/bin/sh\n # File managed by Puppet\n IFS='\\n' read data\n cp \"/\\$data\" \"${efi_root}/EFI/\"\n | EOF\n }\n\n pacman::hook { 'install-kernel':\n priority => 60, # something less than /usr/share/libalpm/hooks/90-mkinitcpio-install.hook\n trigger => {\n type => 'Path',\n operation => [ 'Install', 'Upgrade' ],\n target => [ 'usr/lib/modules/*/vmlinuz', ],\n },\n description => 'Moving kernel to EFI',\n when => 'PostTransaction',\n exec => '/usr/libexec/move-kernel',\n needsTargets => true ,\n }\n\n\n pacman::hook { 'install-ucode-initrd':\n priority => 60,\n trigger => {\n type => 'Path',\n operation => [ 'Install', 'Upgrade' ],\n target => [ 'boot/*-ucode.img', ],\n },\n description => 'Moving \u00b5Code-updates to EFI',\n when => 'PostTransaction',\n exec => '/usr/libexec/move-ucode',\n needsTargets => true ,\n }\n}"}, {"name": "uwsgi::emperor", "file": "manifests/emperor.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "path"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "listen"}]}, "defaults": {"path": "'/etc/uwsgi/vassals'", "listen": "undef"}, "source": "class uwsgi::emperor (\n String $path = '/etc/uwsgi/vassals',\n # TODO this should always be set, so other modules can use $uwsgi::emperor::address\n Optional[String] $listen = undef,\n) {\n\n # TODO user, and group\n # arch package created group uwsgi (with hardcoded gid 53)\n #\n # TODO master?\n\n include ::uwsgi::package\n\n file { $path:\n ensure => directory,\n }\n\n file { '/etc/uwsgi/emperor.ini':\n content => epp(\"${module_name}/emperor.ini.epp\"),\n }\n\n if $listen != undef {\n systemd::dropin_file { 'emperor.uwsgi.socket':\n content => @(\"EOF\")\n ListenStream=\n ListenStream=${listen}\n | EOF\n }\n }\n\n service { 'emperor.uwsgi.socket':\n ensure => running,\n enable => true,\n }\n}"}, {"name": "uwsgi::package", "file": "manifests/package.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Boolean"], "name": "manage_package"}]}, "defaults": {"manage_package": "true"}, "source": "class uwsgi::package (\n Boolean $manage_package = true,\n) {\n if ($manage_package) {\n ensure_packages(['uwsgi'])\n }\n}"}, {"name": "wpa_supplicant", "file": "manifests/init.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Hash[String,Hash]"], "name": "interfaces"}, {"tag_name": "param", "text": "", "types": ["Hash[String,Hash]"], "name": "networks"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "ctrl_interface"}]}, "defaults": {"ctrl_interface": "'/run/wpa_supplicant'"}, "source": "class wpa_supplicant (\n # Hash[String,Hash] $interfaces,\n Hash[String,Hash] $interfaces,\n Hash[String,Hash] $networks,\n String $ctrl_interface = '/run/wpa_supplicant',\n) {\n\n create_resources(wpa_supplicant::interface, $interfaces)\n}"}, {"name": "envvar::setup", "file": "manifests/setup.pp", "line": 1, "docstring": {"text": ""}, "source": "class envvar::setup (\n) {\n concat { '/etc/environment':\n ensure => 'present',\n }\n\n concat::fragment { '000 header':\n target => '/etc/environment',\n content => @(EOF)\n # File managed by Puppet\n # Local changes will get overwritten.\n | EOF\n }\n\n lookup('environment', undef, 'hash', {}).map |$key, $value| {\n envvar{ $key:\n value => $value,\n }\n }\n \n}"}, {"name": "phpldapadmin", "file": "manifests/init.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "servername"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "server_uri"}, {"tag_name": "param", "text": "", "types": ["Integer[0, 65535]"], "name": "port"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "debug_mode"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "tmpdir"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "timezone"}, {"tag_name": "param", "text": "", "types": ["Hash[String, String]"], "name": "friendly_attrs"}, {"tag_name": "param", "text": "", "types": ["Enum['cookie', 'session', 'http', 'config', 'sasl', 'sasl_external']"], "name": "auth_type"}]}, "defaults": {"servername": "'My LDAP Server'", "server_uri": "'127.0.0.1'", "port": "389", "debug_mode": "false", "tmpdir": "'/tmp'", "timezone": "undef", "friendly_attrs": "{\n 'facsimileTelephoneNumber' => 'Fax',\n 'gid' => 'Group',\n 'mail' => 'Email',\n 'telephoneNumber' => 'Telephone',\n 'uid' => 'User Name',\n 'userPassword' => 'Password',\n }", "auth_type": "'session'"}, "source": "class phpldapadmin (\n String $servername = 'My LDAP Server',\n String $server_uri = '127.0.0.1',\n Integer[0, 65535] $port = 389,\n Boolean $debug_mode = false,\n String $tmpdir = '/tmp',\n Optional[String] $timezone = undef,\n Hash[String, String] $friendly_attrs = {\n 'facsimileTelephoneNumber' => 'Fax',\n 'gid' => 'Group',\n 'mail' => 'Email',\n 'telephoneNumber' => 'Telephone',\n 'uid' => 'User Name',\n 'userPassword' => 'Password',\n },\n Enum['cookie', 'session', 'http', 'config', 'sasl', 'sasl_external'] $auth_type = 'session',\n) {\n ensure_packages(['phpldapadmin'])\n\n # TODO also ensure writable by web server\n file { $tmpdir:\n ensure => directory,\n }\n\n file { '/etc/webapps/phpldapadmin/config.php':\n content => epp(\"${module_name}/config.php.epp\"),\n }\n\n}"}, {"name": "lightdm", "file": "manifests/init.pp", "line": 9, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Package containing lightdm", "types": ["String"], "name": "package_name"}, {"tag_name": "param", "text": "Name of service to enable", "types": ["String"], "name": "service_name"}, {"tag_name": "param", "text": "Should account service be used in place of users.conf\nTODO This is currently not implemented.", "types": ["Boolean"], "name": "use_account_service"}, {"tag_name": "summary", "text": "Configures LightDM"}]}, "defaults": {"package_name": "'lightdm'", "service_name": "'lightdm'", "use_account_service": "false"}, "source": "class lightdm (\n String $package_name = 'lightdm',\n String $service_name = 'lightdm',\n Boolean $use_account_service = false,\n) {\n ensure_packages([$package_name])\n\n service { $service_name:\n enable => true,\n }\n\n file { '/etc/lightdm/lightdm.conf':\n }\n\n if $use_account_service {\n } else {\n $users = {\n 'UserList' => {\n 'minimum-uid' => 1000, # Minimum UID required to be show in greeter\n # NOTE These lists should be space delimited inline\n # TODO remove above comment:w\n 'hidden-users' => ['nobody', 'nobody4', 'noaccess'], # Users that are shown to the user\n 'hidden-shells' => ['/bin/false', '/usr/bin/nologin', '/bin/nologin', '/sbin/nologin'],\n },\n }\n file { '/etc/lightdm/users.conf':\n }\n }\n\n $keys = {\n 'keyring' => {\n 'a' => '0x0123456789ABCD',\n 'b' => 'secret',\n },\n }\n file { '/etc/lightdm/keys.conf':\n }\n\n # file { '/etc/lightdm/Xsession':\n # mode => '+x',\n # }\n}"}, {"name": "lightdm::config", "file": "manifests/config.pp", "line": 45, "docstring": {"text": "--------------------------------------------------", "tags": [{"tag_name": "param", "text": "File containing the lightdm config", "types": ["String"], "name": "filename"}, {"tag_name": "param", "text": "Minimum value for range of seat configuration.\nThis defines the interval in which seats can be allocated. You\nmight need to increase the interval if you have MANY seats.\nThe XDMCP and VLC server are configured to always be placed just\nafter all seats.", "types": ["Integer[2]"], "name": "seat_fragment_min"}, {"tag_name": "param", "text": "Maximum value for range of seat configuration. See\nseat_fragment_min", "types": ["Integer"], "name": "seat_fragment_max"}, {"tag_name": "param", "text": "True to always start one seat if none are defined in the configuration", "types": ["Optional[Boolean]"], "name": "start_default_seat"}, {"tag_name": "param", "text": "User to run greeter as", "types": ["Optional[String]"], "name": "greeter_user"}, {"tag_name": "param", "text": "Minimum display number to use for X servers", "types": ["Optional[Integer]"], "name": "minimum_display_number"}, {"tag_name": "param", "text": "First VT to run displays on", "types": ["Optional[Integer]"], "name": "minimum_vt"}, {"tag_name": "param", "text": "True to prevent memory from being paged to disk", "types": ["Optional[Boolean]"], "name": "lock_memory"}, {"tag_name": "param", "text": "True if session authority should be in the system location", "types": ["Optional[Boolean]"], "name": "user_authority_in_system_dir"}, {"tag_name": "param", "text": "Script to be run to setup guest account", "types": ["Optional[String]"], "name": "guest_account_script"}, {"tag_name": "param", "text": "True to on start seats that are marked as graphical by logind", "types": ["Optional[Boolean]"], "name": "logind_check_graphical"}, {"tag_name": "param", "text": "Directory to log information to", "types": ["Optional[Stdlib::Absolutepath]"], "name": "log_directory"}, {"tag_name": "param", "text": "Directory to put running state in", "types": ["Optional[Stdlib::Absolutepath]"], "name": "run_directory"}, {"tag_name": "param", "text": "Directory to cache to", "types": ["Optional[Stdlib::Absolutepath]"], "name": "cache_directory"}, {"tag_name": "param", "text": "Directory to find sessions", "types": ["Optional[Variant[Stdlib::Absolutepath, Array[Stdlib::Absolutepath]]]"], "name": "sessions_directory"}, {"tag_name": "param", "text": "Directory to find remote sessions", "types": ["Optional[Stdlib::Absolutepath]"], "name": "remote_sessions_directory"}, {"tag_name": "param", "text": "Directory to find greeters", "types": ["Optional[Variant[String, Array[String]]]"], "name": "greeters_directory"}, {"tag_name": "param", "text": "True to move add a .old suffix to old log files when opening new ones", "types": ["Optional[Boolean]"], "name": "backup_logs"}, {"tag_name": "param", "text": "True if LightDM provides a D-Bus service to control it", "types": ["Optional[Boolean]"], "name": "dbus_service"}]}, "defaults": {"start_default_seat": "undef", "greeter_user": "undef", "minimum_display_number": "undef", "minimum_vt": "undef", "lock_memory": "undef", "user_authority_in_system_dir": "undef", "guest_account_script": "undef", "logind_check_graphical": "undef", "log_directory": "undef", "run_directory": "undef", "cache_directory": "undef", "sessions_directory": "undef", "remote_sessions_directory": "undef", "greeters_directory": "undef", "backup_logs": "undef", "dbus_service": "undef", "seat_fragment_min": "20", "seat_fragment_max": "40", "filename": "'/etc/lightdm/lightdm.conf'"}, "source": "class lightdm::config (\n Optional[Boolean] $start_default_seat = undef,\n Optional[String] $greeter_user = undef,\n Optional[Integer] $minimum_display_number = undef,\n Optional[Integer] $minimum_vt = undef,\n Optional[Boolean] $lock_memory = undef,\n Optional[Boolean] $user_authority_in_system_dir = undef,\n Optional[String] $guest_account_script = undef,\n Optional[Boolean] $logind_check_graphical = undef,\n Optional[Stdlib::Absolutepath] $log_directory = undef,\n Optional[Stdlib::Absolutepath] $run_directory = undef,\n Optional[Stdlib::Absolutepath] $cache_directory = undef,\n Optional[Variant[Stdlib::Absolutepath, Array[Stdlib::Absolutepath]]] $sessions_directory = undef,\n Optional[Stdlib::Absolutepath] $remote_sessions_directory = undef,\n Optional[Variant[String, Array[String]]] $greeters_directory = undef,\n Optional[Boolean] $backup_logs = undef,\n Optional[Boolean] $dbus_service = undef,\n\n Integer[2] $seat_fragment_min = 20,\n Integer $seat_fragment_max = 40,\n String $filename = '/etc/lightdm/lightdm.conf',\n) {\n concat { $filename:\n order => 'numeric',\n }\n\n $lightdm_conf = {\n 'start-default-seat' => $start_default_seat,\n 'greeter-user' => $greeter_user,\n 'minimum-display-number' => $minimum_display_number,\n 'minimum-vt' => $minimum_vt,\n 'lock-memory' => $lock_memory,\n 'user-authority-in-system-dir' => $user_authority_in_system_dir,\n 'guest-account-script' => $guest_account_script,\n 'logind-check-graphical' => $logind_check_graphical,\n 'log-directory' => $log_directory,\n 'run-directory' => $run_directory,\n 'cache-directory' => $cache_directory,\n 'sessions-directory' => $sessions_directory,\n 'remote-sessions-directory' => $remote_sessions_directory,\n 'greeters-directory' => $greeters_directory,\n 'backup-logs' => $backup_logs,\n 'dbus-service' => $dbus_service,\n }\n\n concat::fragment { 'lightdm - config - header':\n target => $filename,\n content => \"# File managed by Puppet\\n\",\n order => 0,\n }\n\n concat::fragment { 'lightdm - config - main':\n target => $filename,\n order => 1,\n content => epp(\"${module_name}/ini.epp\", {\n sections => { 'LightDM' => $lightdm_conf },\n }),\n }\n}"}, {"name": "lightdm::greeter::gtk", "file": "manifests/greeter/gtk.pp", "line": 8, "docstring": {"text": "Adds LightDM's GTK greeter to the set of available greeters, and\nconfigures it.", "tags": [{"tag_name": "param", "text": "Package providing the gtk greeter", "types": ["String"], "name": "package_name"}, {"tag_name": "summary", "text": "Adds the GTK greeter to the set of available greeters."}]}, "defaults": {"package_name": "'lightdm-gtk-greeter'"}, "source": "class lightdm::greeter::gtk (\n String $package_name = 'lightdm-gtk-greeter',\n) {\n ensure_packages([$package_name])\n\n # file { '/etc/lightdm/lightdm-gtk-greeter.conf':\n # }\n}"}, {"name": "lightdm::vncserver", "file": "manifests/vncserver.pp", "line": 17, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "True if VNC connections should be allowed", "types": ["Boolean"], "name": "enabled"}, {"tag_name": "param", "text": "Command to run Xvnc server with", "types": ["Optional[String]"], "name": "command"}, {"tag_name": "param", "text": "TCP/IP port to listen for connections on", "types": ["Optional[Stdlib::Port]"], "name": "port"}, {"tag_name": "param", "text": "Host/address to listen for VNC connections (use all addresses if not present)", "types": ["Optional[String]"], "name": "listen_address"}, {"tag_name": "param", "text": "Width of display to use", "types": ["Optional[Integer[0]]"], "name": "width"}, {"tag_name": "param", "text": "Height of display to use", "types": ["Optional[Integer[0]]"], "name": "height"}, {"tag_name": "param", "text": "Color depth of display to use", "types": ["Optional[Integer[0]]"], "name": "depth"}, {"tag_name": "summary", "text": "VNC Server configuration"}]}, "defaults": {"enabled": "false", "command": "undef", "port": "undef", "listen_address": "undef", "width": "undef", "height": "undef", "depth": "undef"}, "source": "class lightdm::vncserver (\n Boolean $enabled = false,\n Optional[String] $command = undef,\n Optional[Stdlib::Port] $port = undef,\n Optional[String] $listen_address = undef,\n Optional[Integer[0]] $width = undef,\n Optional[Integer[0]] $height = undef,\n Optional[Integer[0]] $depth = undef,\n) {\n $conf = {\n 'enabled' => $enabled,\n 'command' => $command,\n 'port' => $port,\n 'listen-address' => $listen_address,\n 'width' => $width,\n 'height' => $height,\n 'depth' => $depth,\n }\n\n concat::fragment { 'lightdm - config - vncserver':\n target => $lightdm::config::filename,\n order => $lightdm::conf::seat_fragment_min + 2,\n content => {\n sections => { 'VNCServer' => $conf },\n },\n }\n}"}, {"name": "lightdm::xdmcpserver", "file": "manifests/xdmcpserver.pp", "line": 17, "docstring": {"text": "The authentication key is a 56 bit DES key specified in hex as 0xnnnnnnnnnnnnnn. Alternatively\nit can be a word and the first 7 characters are used as the key.", "tags": [{"tag_name": "param", "text": "True if XDMCP connections should be allowed", "types": ["Boolean"], "name": "enabled"}, {"tag_name": "param", "text": "UDP/IP port to listen for connections on", "types": ["Stdlib::Port"], "name": "port"}, {"tag_name": "param", "text": "Host/address to listen for XDMCP connections (use all addresses if not present)", "types": ["Optional[String]"], "name": "listen_address"}, {"tag_name": "param", "text": "Authentication key to use for XDM-AUTHENTICATION-1 or blank to not\nuse authentication (stored in keys.conf)", "types": ["Optional[String]"], "name": "key"}, {"tag_name": "param", "text": "Hostname to report to XDMCP clients (defaults to system hostname if unset)", "types": ["Optional[String]"], "name": "hostname"}, {"tag_name": "summary", "text": "XDMCP Server configuration"}]}, "defaults": {"enabled": "true", "port": "177", "listen_address": "undef", "key": "undef", "hostname": "undef"}, "source": "class lightdm::xdmcpserver (\n Boolean $enabled = true,\n # getent services xdmcp\n Stdlib::Port $port = 177,\n Optional[String] $listen_address = undef,\n Optional[String] $key = undef,\n Optional[String] $hostname = undef,\n) {\n $conf = {\n 'enabled' => $enabled,\n 'port' => $port,\n 'listen-address' => $listen_address,\n 'key' => $key,\n 'hostname' => $hostname,\n }\n\n concat::fragment { 'lightdm - config - xdmcpserver':\n target => $lightdm::config::filename,\n order => $lightdm::conf::seat_fragment_min + 1,\n content => {\n sections => { 'XDMCPServer' => $conf },\n },\n }\n}"}, {"name": "xorg", "file": "manifests/init.pp", "line": 4, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Where puppet generated configuration files should be placed.", "types": ["String"], "name": "conf_dir"}, {"tag_name": "summary", "text": "Prepares for configuring xorg"}]}, "defaults": {"conf_dir": "'/etc/X11/xorg.conf.d'"}, "source": "class xorg (\n String $conf_dir = '/etc/X11/xorg.conf.d'\n) {\n file { $conf_dir:\n ensure => directory,\n recurse => false,\n }\n}"}, {"name": "gunicorn::setup", "file": "manifests/setup.pp", "line": 13, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Name of system package", "types": ["String"], "name": "package_name"}, {"tag_name": "param", "text": "Where instance configuration files should be plced\nShould currently not be changed, since it's hard-coded in the\nservice file.", "types": ["String"], "name": "instance_dir"}, {"tag_name": "param", "text": "Default user to use for each instance.", "types": ["Variant[String, Integer]"], "name": "user"}, {"tag_name": "param", "text": "Default group to use for each instance.", "types": ["Variant[String, Integer]"], "name": "group"}, {"tag_name": "summary", "text": "General configuration of gunicorn"}]}, "defaults": {"package_name": "'gunicorn'", "instance_dir": "'/var/lib/gunicorn'", "user": "'gunicorn'", "group": "'gunicorn'"}, "source": "class gunicorn::setup (\n String $package_name = 'gunicorn',\n String $instance_dir = '/var/lib/gunicorn',\n Variant[String, Integer] $user = 'gunicorn',\n Variant[String, Integer] $group = 'gunicorn',\n) {\n ensure_packages([\n $package_name,\n ])\n\n # python-setproctitle\n\n file { $instance_dir:\n ensure => directory,\n }\n\n systemd::unit_file { 'gunicorn@.service':\n source => \"puppet:///modules/${module_name}/gunicorn@.service\",\n enable => false,\n active => false,\n }\n}"}, {"name": "stdlib", "file": "manifests/init.pp", "line": 10, "docstring": {"text": "Most of stdlib's features are automatically loaded by Puppet, but this class should be\ndeclared in order to use the standardized run stages.\n\nDeclares all other classes in the stdlib module. Currently, this consists\nof stdlib::stages.", "tags": [{"tag_name": "summary", "text": "This module manages stdlib."}]}, "source": "class stdlib {\n include stdlib::stages\n}"}, {"name": "stdlib::stages", "file": "manifests/stages.pp", "line": 24, "docstring": {"text": "Declares various run-stages for deploying infrastructure,\nlanguage runtimes, and application layers.\n\nThe high level stages are (in order):\n * setup\n * main\n * runtime\n * setup_infra\n * deploy_infra\n * setup_app\n * deploy_app\n * deploy", "tags": [{"tag_name": "example", "text": "node default {\n include ::stdlib\n class { java: stage => 'runtime' }\n}", "name": ""}, {"tag_name": "summary", "text": "This class manages a standard set of run stages for Puppet. It is managed by\nthe stdlib class, and should not be declared independently."}]}, "source": "class stdlib::stages {\n stage { 'setup': before => Stage['main'] }\n stage { 'runtime': require => Stage['main'] }\n -> stage { 'setup_infra': }\n -> stage { 'deploy_infra': }\n -> stage { 'setup_app': }\n -> stage { 'deploy_app': }\n -> stage { 'deploy': }\n}"}, {"name": "apt", "file": "manifests/init.pp", "line": 118, "inherits": "apt::params", "docstring": {"text": "", "tags": [{"tag_name": "option", "opt_name": ":location", "opt_text": "See apt::backports for documentation.", "opt_types": ["String"], "parent": "backports", "name": "backports"}, {"tag_name": "option", "opt_name": ":repos", "opt_text": "See apt::backports for documentation.", "opt_types": ["String"], "parent": "backports", "name": "backports"}, {"tag_name": "option", "opt_name": ":key", "opt_text": "See apt::backports for documentation.", "opt_types": ["String"], "parent": "backports", "name": "backports"}, {"tag_name": "option", "opt_name": ":frequency", "opt_text": "Specifies how often to run `apt-get update`. If the exec resource `apt_update` is notified, `apt-get update` runs regardless of this value.\nValid options: 'always' (at every Puppet run); 'daily' (if the value of `apt_update_last_success` is less than current epoch time minus 86400);\n'weekly' (if the value of `apt_update_last_success` is less than current epoch time minus 604800); and 'reluctantly' (only if the exec resource\n`apt_update` is notified). Default: 'reluctantly'.", "opt_types": ["String"], "parent": "update", "name": "update"}, {"tag_name": "option", "opt_name": ":loglevel", "opt_text": "Specifies the log level of logs outputted to the console. Default: undef.", "opt_types": ["Integer"], "parent": "update", "name": "update"}, {"tag_name": "option", "opt_name": ":timeout", "opt_text": "Specifies how long to wait for the update to complete before canceling it. Valid options: an integer, in seconds. Default: undef.", "opt_types": ["Integer"], "parent": "update", "name": "update"}, {"tag_name": "option", "opt_name": ":tries", "opt_text": "Specifies how many times to retry the update after receiving a DNS or HTTP error. Default: undef.", "opt_types": ["Integer"], "parent": "update", "name": "update"}, {"tag_name": "option", "opt_name": ":sources.list", "opt_text": "Specifies whether to purge any unmanaged entries from sources.list. Default false.", "opt_types": ["Boolean"], "parent": "purge", "name": "purge"}, {"tag_name": "option", "opt_name": ":sources.list.d", "opt_text": "Specifies whether to purge any unmanaged entries from sources.list.d. Default false.", "opt_types": ["Boolean"], "parent": "purge", "name": "purge"}, {"tag_name": "option", "opt_name": ":preferences", "opt_text": "Specifies whether to purge any unmanaged entries from preferences. Default false.", "opt_types": ["Boolean"], "parent": "purge", "name": "purge"}, {"tag_name": "option", "opt_name": ":preferences.d.", "opt_text": "Specifies whether to purge any unmanaged entries from preferences.d. Default false.", "opt_types": ["Boolean"], "parent": "purge", "name": "purge"}, {"tag_name": "param", "text": "Specifies the provider that should be used by apt::update.", "types": ["String"], "name": "provider"}, {"tag_name": "param", "text": "Specifies a keyserver to provide the GPG key. Valid options: a string containing a domain name or a full URL (http://, https://, or\nhkp://).", "types": ["String"], "name": "keyserver"}, {"tag_name": "param", "text": "Supplies options to be passed to the `add-apt-repository` command.", "types": ["Optional[String]"], "name": "ppa_options"}, {"tag_name": "param", "text": "Names the package that provides the `apt-add-repository` command.", "types": ["Optional[String]"], "name": "ppa_package"}, {"tag_name": "param", "text": "Specifies some of the default parameters used by apt::backports. Valid options: a hash made up from the following keys:", "types": ["Optional[Hash]"], "name": "backports"}, {"tag_name": "param", "text": "Creates new `apt::conf` resources. Valid options: a hash to be passed to the create_resources function linked above.", "types": ["Hash"], "name": "confs"}, {"tag_name": "param", "text": "Configures various update settings. Valid options: a hash made up from the following keys:", "types": ["Hash"], "name": "update"}, {"tag_name": "param", "text": "Specifies whether to purge any existing settings that aren't managed by Puppet. Valid options: a hash made up from the following keys:", "types": ["Hash"], "name": "purge"}, {"tag_name": "param", "text": "Configures Apt to connect to a proxy server. Valid options: a hash matching the locally defined type apt::proxy.", "types": ["Apt::Proxy"], "name": "proxy"}, {"tag_name": "param", "text": "Creates new `apt::source` resources. Valid options: a hash to be passed to the create_resources function linked above.", "types": ["Hash"], "name": "sources"}, {"tag_name": "param", "text": "Creates new `apt::key` resources. Valid options: a hash to be passed to the create_resources function linked above.", "types": ["Hash"], "name": "keys"}, {"tag_name": "param", "text": "Creates new `apt::ppa` resources. Valid options: a hash to be passed to the create_resources function linked above.", "types": ["Hash"], "name": "ppas"}, {"tag_name": "param", "text": "Creates new `apt::pin` resources. Valid options: a hash to be passed to the create_resources function linked above.", "types": ["Hash"], "name": "pins"}, {"tag_name": "param", "text": "Creates new `apt::setting` resources. Valid options: a hash to be passed to the create_resources function linked above.", "types": ["Hash"], "name": "settings"}, {"tag_name": "param", "text": "Specifies whether to manage the /etc/apt/auth.conf file. When true, the file will be overwritten with the entries specified in\nthe auth_conf_entries parameter. When false, the file will be ignored (note that this does not set the file to absent.", "types": ["Boolean"], "name": "manage_auth_conf"}, {"tag_name": "param", "text": "An optional array of login configuration settings (hashes) that are recorded in the file /etc/apt/auth.conf. This file has a netrc-like\nformat (similar to what curl uses) and contains the login configuration for APT sources and proxies that require authentication. See\nhttps://manpages.debian.org/testing/apt/apt_auth.conf.5.en.html for details. If specified each hash must contain the keys machine, login and\npassword and no others. Specifying manage_auth_conf and not specifying this parameter will set /etc/apt/auth.conf to absent.", "types": ["Array[Apt::Auth_conf_entry]"], "name": "auth_conf_entries"}, {"tag_name": "param", "text": "The owner of the file /etc/apt/auth.conf. Default: '_apt' or 'root' on old releases.", "types": ["String"], "name": "auth_conf_owner"}, {"tag_name": "param", "text": "Specifies root directory of Apt executable.", "types": ["String"], "name": "root"}, {"tag_name": "param", "text": "Specifies the path of the sources_list file to use.", "types": ["String"], "name": "sources_list"}, {"tag_name": "param", "text": "Specifies the path of the sources_list.d file to use.", "types": ["String"], "name": "sources_list_d"}, {"tag_name": "param", "text": "Specifies the path of the conf.d file to use.", "types": ["String"], "name": "conf_d"}, {"tag_name": "param", "text": "Specifies the path of the preferences file to use.", "types": ["String"], "name": "preferences"}, {"tag_name": "param", "text": "Specifies the path of the preferences.d file to use.", "types": ["String"], "name": "preferences_d"}, {"tag_name": "param", "text": "A hash made up of the various configuration files used by Apt.", "types": ["Hash"], "name": "config_files"}, {"tag_name": "param", "text": "", "types": ["Hash"], "name": "update_defaults"}, {"tag_name": "param", "text": "", "types": ["Hash"], "name": "purge_defaults"}, {"tag_name": "param", "text": "", "types": ["Hash"], "name": "proxy_defaults"}, {"tag_name": "param", "text": "", "types": ["Hash"], "name": "include_defaults"}, {"tag_name": "param", "text": "", "types": ["Hash"], "name": "source_key_defaults"}, {"tag_name": "see", "text": "for the create resource function", "name": "https://docs.puppetlabs.com/references/latest/function.html#createresources"}, {"tag_name": "summary", "text": "Main class, includes all other classes."}]}, "defaults": {"update_defaults": "$apt::params::update_defaults", "purge_defaults": "$apt::params::purge_defaults", "proxy_defaults": "$apt::params::proxy_defaults", "include_defaults": "$apt::params::include_defaults", "provider": "$apt::params::provider", "keyserver": "$apt::params::keyserver", "ppa_options": "$apt::params::ppa_options", "ppa_package": "$apt::params::ppa_package", "backports": "$apt::params::backports", "confs": "$apt::params::confs", "update": "$apt::params::update", "purge": "$apt::params::purge", "proxy": "$apt::params::proxy", "sources": "$apt::params::sources", "keys": "$apt::params::keys", "ppas": "$apt::params::ppas", "pins": "$apt::params::pins", "settings": "$apt::params::settings", "manage_auth_conf": "$apt::params::manage_auth_conf", "auth_conf_entries": "$apt::params::auth_conf_entries", "auth_conf_owner": "$apt::params::auth_conf_owner", "root": "$apt::params::root", "sources_list": "$apt::params::sources_list", "sources_list_d": "$apt::params::sources_list_d", "conf_d": "$apt::params::conf_d", "preferences": "$apt::params::preferences", "preferences_d": "$apt::params::preferences_d", "config_files": "$apt::params::config_files", "source_key_defaults": "$apt::params::source_key_defaults"}, "source": "class apt (\n Hash $update_defaults = $apt::params::update_defaults,\n Hash $purge_defaults = $apt::params::purge_defaults,\n Hash $proxy_defaults = $apt::params::proxy_defaults,\n Hash $include_defaults = $apt::params::include_defaults,\n String $provider = $apt::params::provider,\n String $keyserver = $apt::params::keyserver,\n Optional[String] $ppa_options = $apt::params::ppa_options,\n Optional[String] $ppa_package = $apt::params::ppa_package,\n Optional[Hash] $backports = $apt::params::backports,\n Hash $confs = $apt::params::confs,\n Hash $update = $apt::params::update,\n Hash $purge = $apt::params::purge,\n Apt::Proxy $proxy = $apt::params::proxy,\n Hash $sources = $apt::params::sources,\n Hash $keys = $apt::params::keys,\n Hash $ppas = $apt::params::ppas,\n Hash $pins = $apt::params::pins,\n Hash $settings = $apt::params::settings,\n Boolean $manage_auth_conf = $apt::params::manage_auth_conf,\n Array[Apt::Auth_conf_entry]\n $auth_conf_entries = $apt::params::auth_conf_entries,\n String $auth_conf_owner = $apt::params::auth_conf_owner,\n String $root = $apt::params::root,\n String $sources_list = $apt::params::sources_list,\n String $sources_list_d = $apt::params::sources_list_d,\n String $conf_d = $apt::params::conf_d,\n String $preferences = $apt::params::preferences,\n String $preferences_d = $apt::params::preferences_d,\n Hash $config_files = $apt::params::config_files,\n Hash $source_key_defaults = $apt::params::source_key_defaults,\n) inherits apt::params {\n\n if $facts['osfamily'] != 'Debian' {\n fail(translate('This module only works on Debian or derivatives like Ubuntu'))\n }\n\n if $update['frequency'] {\n assert_type(\n Enum['always','daily','weekly','reluctantly'],\n $update['frequency'],\n )\n }\n if $update['timeout'] {\n assert_type(Integer, $update['timeout'])\n }\n if $update['tries'] {\n assert_type(Integer, $update['tries'])\n }\n\n $_update = merge($::apt::update_defaults, $update)\n include ::apt::update\n\n if $purge['sources.list'] {\n assert_type(Boolean, $purge['sources.list'])\n }\n if $purge['sources.list.d'] {\n assert_type(Boolean, $purge['sources.list.d'])\n }\n if $purge['preferences'] {\n assert_type(Boolean, $purge['preferences'])\n }\n if $purge['preferences.d'] {\n assert_type(Boolean, $purge['preferences.d'])\n }\n\n $_purge = merge($::apt::purge_defaults, $purge)\n $_proxy = merge($apt::proxy_defaults, $proxy)\n\n $confheadertmp = epp('apt/_conf_header.epp')\n $proxytmp = epp('apt/proxy.epp', {'proxies' => $_proxy})\n $updatestamptmp = epp('apt/15update-stamp.epp')\n\n if $_proxy['ensure'] == 'absent' or $_proxy['host'] {\n apt::setting { 'conf-proxy':\n ensure => $_proxy['ensure'],\n priority => '01',\n content => \"${confheadertmp}${proxytmp}\",\n }\n }\n\n $sources_list_content = $_purge['sources.list'] ? {\n true => \"# Repos managed by puppet.\\n\",\n default => undef,\n }\n\n $preferences_ensure = $_purge['preferences'] ? {\n true => absent,\n default => file,\n }\n\n if $_update['frequency'] == 'always' {\n Exec <| title=='apt_update' |> {\n refreshonly => false,\n }\n }\n\n apt::setting { 'conf-update-stamp':\n priority => 15,\n content => \"${confheadertmp}${updatestamptmp}\",\n }\n\n file { 'sources.list':\n ensure => file,\n path => $::apt::sources_list,\n owner => root,\n group => root,\n mode => '0644',\n content => $sources_list_content,\n notify => Class['apt::update'],\n }\n\n file { 'sources.list.d':\n ensure => directory,\n path => $::apt::sources_list_d,\n owner => root,\n group => root,\n mode => '0644',\n purge => $_purge['sources.list.d'],\n recurse => $_purge['sources.list.d'],\n notify => Class['apt::update'],\n }\n\n file { 'preferences':\n ensure => $preferences_ensure,\n path => $::apt::preferences,\n owner => root,\n group => root,\n mode => '0644',\n notify => Class['apt::update'],\n }\n\n file { 'preferences.d':\n ensure => directory,\n path => $::apt::preferences_d,\n owner => root,\n group => root,\n mode => '0644',\n purge => $_purge['preferences.d'],\n recurse => $_purge['preferences.d'],\n notify => Class['apt::update'],\n }\n\n if $confs {\n create_resources('apt::conf', $confs)\n }\n # manage sources if present\n if $sources {\n create_resources('apt::source', $sources)\n }\n # manage keys if present\n if $keys {\n create_resources('apt::key', $keys)\n }\n # manage ppas if present\n if $ppas {\n create_resources('apt::ppa', $ppas)\n }\n # manage settings if present\n if $settings {\n create_resources('apt::setting', $settings)\n }\n\n if $manage_auth_conf {\n $auth_conf_ensure = $auth_conf_entries ? {\n [] => 'absent',\n default => 'present',\n }\n\n $auth_conf_tmp = epp('apt/auth_conf.epp')\n\n file { '/etc/apt/auth.conf':\n ensure => $auth_conf_ensure,\n owner => $auth_conf_owner,\n group => 'root',\n mode => '0600',\n content => \"${confheadertmp}${auth_conf_tmp}\",\n notify => Class['apt::update'],\n }\n }\n\n # manage pins if present\n if $pins {\n create_resources('apt::pin', $pins)\n }\n\n # required for adding GPG keys on Debian 9 (and derivatives)\n ensure_packages(['dirmngr'])\n}"}, {"name": "apt::backports", "file": "manifests/backports.pp", "line": 48, "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "apt::backports { 'qiana':\n location => 'http://us.archive.ubuntu.com/ubuntu',\n release => 'trusty-backports',\n repos => 'main universe multiverse restricted',\n key => {\n id => '630239CC130E1A7FD81A27B140976EAF437D05B5',\n server => 'hkps.pool.sks-keyservers.net',\n },\n}", "name": "Set up a backport for linuxmint qiana"}, {"tag_name": "param", "text": "Specifies an Apt repository containing the backports to manage. Valid options: a string containing a URL. Default value for Debian and\nUbuntu varies:\n\n- Debian: 'http://deb.debian.org/debian'\n\n- Ubuntu: 'http://archive.ubuntu.com/ubuntu'", "types": ["Optional[String]"], "name": "location"}, {"tag_name": "param", "text": "Specifies a distribution of the Apt repository containing the backports to manage. Used in populating the `source.list` configuration file.\nDefault: on Debian and Ubuntu, '${lsbdistcodename}-backports'. We recommend keeping this default, except on other operating\nsystems.", "types": ["Optional[String]"], "name": "release"}, {"tag_name": "param", "text": "Specifies a component of the Apt repository containing the backports to manage. Used in populating the `source.list` configuration file.\nDefault value for Debian and Ubuntu varies:\n\n- Debian: 'main contrib non-free'\n\n- Ubuntu: 'main universe multiverse restricted'", "types": ["Optional[String]"], "name": "repos"}, {"tag_name": "param", "text": "Specifies a key to authenticate the backports. Valid options: a string to be passed to the id parameter of the apt::key defined type, or a\nhash of parameter => value pairs to be passed to apt::key's id, server, content, source, and/or options parameters. Default value\nfor Debian and Ubuntu varies:\n\n- Debian: 'A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553'\n\n- Ubuntu: '630239CC130E1A7FD81A27B140976EAF437D05B5'", "types": ["Optional[Variant[String, Hash]]"], "name": "key"}, {"tag_name": "param", "text": "Specifies a pin priority for the backports. Valid options: a number or string to be passed to the `id` parameter of the `apt::pin` defined\ntype, or a hash of `parameter => value` pairs to be passed to `apt::pin`'s corresponding parameters.", "types": ["Optional[Variant[Integer, String, Hash]]"], "name": "pin"}, {"tag_name": "summary", "text": "Manages backports."}]}, "defaults": {"location": "undef", "release": "undef", "repos": "undef", "key": "undef", "pin": "200"}, "source": "class apt::backports (\n Optional[String] $location = undef,\n Optional[String] $release = undef,\n Optional[String] $repos = undef,\n Optional[Variant[String, Hash]] $key = undef,\n Optional[Variant[Integer, String, Hash]] $pin = 200,\n){\n if $location {\n $_location = $location\n }\n if $release {\n $_release = $release\n }\n if $repos {\n $_repos = $repos\n }\n if $key {\n $_key = $key\n }\n if (!($facts['lsbdistid'] == 'Debian' or $facts['lsbdistid'] == 'Ubuntu')) {\n unless $location and $release and $repos and $key {\n fail(translate('If not on Debian or Ubuntu, you must explicitly pass location, release, repos, and key'))\n }\n }\n unless $location {\n $_location = $::apt::backports['location']\n }\n unless $release {\n $_release = \"${facts['lsbdistcodename']}-backports\"\n }\n unless $repos {\n $_repos = $::apt::backports['repos']\n }\n unless $key {\n $_key = $::apt::backports['key']\n }\n\n if $pin =~ Hash {\n $_pin = $pin\n } elsif $pin =~ Numeric or $pin =~ String {\n # apt::source defaults to pinning to origin, but we should pin to release\n # for backports\n $_pin = {\n 'priority' => $pin,\n 'release' => $_release,\n }\n } else {\n fail(translate('pin must be either a string, number or hash'))\n }\n\n apt::source { 'backports':\n location => $_location,\n release => $_release,\n repos => $_repos,\n key => $_key,\n pin => $_pin,\n }\n}"}, {"name": "apt::params", "file": "manifests/params.pp", "line": 5, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "summary", "text": "Provides defaults for the Apt module parameters."}]}, "source": "class apt::params {\n\n if $::osfamily != 'Debian' {\n fail(translate('This module only works on Debian or derivatives like Ubuntu'))\n }\n\n $root = '/etc/apt'\n $provider = '/usr/bin/apt-get'\n $sources_list = \"${root}/sources.list\"\n $sources_list_d = \"${root}/sources.list.d\"\n $trusted_gpg_d = \"${root}/trusted.gpg.d\"\n $conf_d = \"${root}/apt.conf.d\"\n $preferences = \"${root}/preferences\"\n $preferences_d = \"${root}/preferences.d\"\n $keyserver = 'keyserver.ubuntu.com'\n $confs = {}\n $update = {}\n $purge = {}\n $proxy = {}\n $sources = {}\n $keys = {}\n $ppas = {}\n $pins = {}\n $settings = {}\n $manage_auth_conf = true\n $auth_conf_entries = []\n\n $config_files = {\n 'conf' => {\n 'path' => $conf_d,\n 'ext' => '',\n },\n 'pref' => {\n 'path' => $preferences_d,\n 'ext' => '.pref',\n },\n 'list' => {\n 'path' => $sources_list_d,\n 'ext' => '.list',\n }\n }\n\n $update_defaults = {\n 'frequency' => 'reluctantly',\n 'loglevel' => undef,\n 'timeout' => undef,\n 'tries' => undef,\n }\n\n $proxy_defaults = {\n 'ensure' => undef,\n 'host' => undef,\n 'port' => 8080,\n 'https' => false,\n 'direct' => false,\n }\n\n $purge_defaults = {\n 'sources.list' => false,\n 'sources.list.d' => false,\n 'preferences' => false,\n 'preferences.d' => false,\n }\n\n $source_key_defaults = {\n 'server' => $keyserver,\n 'options' => undef,\n 'content' => undef,\n 'source' => undef,\n }\n\n $include_defaults = {\n 'deb' => true,\n 'src' => false,\n }\n\n case $facts['os']['name']{\n 'Debian': {\n $backports = {\n 'location' => 'http://deb.debian.org/debian',\n 'key' => 'A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553',\n 'repos' => 'main contrib non-free',\n }\n $ppa_options = undef\n $ppa_package = undef\n if versioncmp($facts['os']['release']['major'], '9') >= 0 {\n $auth_conf_owner = '_apt'\n } else {\n $auth_conf_owner = 'root'\n }\n }\n 'Ubuntu': {\n $backports = {\n 'location' => 'http://archive.ubuntu.com/ubuntu',\n 'key' => '630239CC130E1A7FD81A27B140976EAF437D05B5',\n 'repos' => 'main universe multiverse restricted',\n }\n $ppa_options = '-y'\n $ppa_package = 'software-properties-common'\n if versioncmp($facts['os']['release']['full'], '16.04') >= 0 {\n $auth_conf_owner = '_apt'\n } else {\n $auth_conf_owner = 'root'\n }\n }\n undef: {\n fail(translate('Unable to determine value for fact os[\\\"name\\\"]'))\n }\n default: {\n $ppa_options = undef\n $ppa_package = undef\n $backports = undef\n $auth_conf_owner = 'root'\n }\n }\n}"}, {"name": "apt::update", "file": "manifests/update.pp", "line": 5, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "summary", "text": "Updates the list of available packages using apt-get update."}]}, "source": "class apt::update {\n assert_private()\n\n #TODO: to catch if $::apt_update_last_success has the value of -1 here. If we\n #opt to do this, a info/warn would likely be all you'd need likely to happen\n #on the first run, but if it's not run in awhile something is likely borked\n #with apt and we'd want to know about it.\n\n case $::apt::_update['frequency'] {\n 'always': {\n $_kick_apt = true\n }\n 'daily': {\n #compare current date with the apt_update_last_success fact to determine\n #if we should kick apt_update.\n $daily_threshold = (Integer(Timestamp().strftime('%s')) - 86400)\n if $::apt_update_last_success {\n if $::apt_update_last_success + 0 < $daily_threshold {\n $_kick_apt = true\n } else {\n $_kick_apt = false\n }\n } else {\n #if apt-get update has not successfully run, we should kick apt_update\n $_kick_apt = true\n }\n }\n 'weekly':{\n #compare current date with the apt_update_last_success fact to determine\n #if we should kick apt_update.\n $weekly_threshold = (Integer(Timestamp().strftime('%s')) - 604800)\n if $::apt_update_last_success {\n if ( $::apt_update_last_success + 0 < $weekly_threshold ) {\n $_kick_apt = true\n } else {\n $_kick_apt = false\n }\n } else {\n #if apt-get update has not successfully run, we should kick apt_update\n $_kick_apt = true\n }\n }\n default: {\n #catches 'reluctantly', and any other value (which should not occur).\n #do nothing.\n $_kick_apt = false\n }\n }\n\n if $_kick_apt {\n $_refresh = false\n } else {\n $_refresh = true\n }\n exec { 'apt_update':\n command => \"${::apt::provider} update\",\n loglevel => $::apt::_update['loglevel'],\n logoutput => 'on_failure',\n refreshonly => $_refresh,\n timeout => $::apt::_update['timeout'],\n tries => $::apt::_update['tries'],\n try_sleep => 1\n }\n}"}, {"name": "yum", "file": "manifests/init.pp", "line": 97, "docstring": {"text": "A class to install and manage Yum configuration.", "tags": [{"tag_name": "example", "text": "---\nyum::manage_os_default_repos: true", "name": "Enable management of the default repos for a supported OS:"}, {"tag_name": "example", "text": "---\nyum::manage_os_default_repos: true\nyum::repo_exclusions:\n - 'base'", "name": "Add Hiera data to disable *management* of the CentOS Base repo:"}, {"tag_name": "example", "text": "---\nyum::manage_os_default_repos: true\nyum::repos:\n base:\n ensure: 'absent'", "name": "Ensure the CentOS base repo is removed from the agent system(s):"}, {"tag_name": "example", "text": "---\nyum::managed_repos:\n - 'example_repo'\nyum::repos:\n example_repo:\n ensure: 'present'\n enabled: true\n descr: 'Example Repo'\n baseurl: 'https://repos.example.com/example/'\n gpgcheck: true\n gpgkey: 'file:///etc/pki/gpm-gpg/RPM-GPG-KEY-Example'\n target: '/etc/yum.repos.d/example.repo'", "name": "Add a custom repo:"}, {"tag_name": "example", "text": "---\nyum::manage_os_default_repos: true\nyum::repos:\n base:\n baseurl: 'https://repos.example.com/CentOS/base/'\n mirrorlist: '--'", "name": "Use a custom `baseurl` for the CentOS Base repo:"}, {"tag_name": "param", "text": "Whether or not to purge old kernel version beyond the `keeponly_limit`.", "types": ["Boolean"], "name": "clean_old_kernels"}, {"tag_name": "param", "text": "Whether or not to keep kernel devel packages on old kernel purge.", "types": ["Boolean"], "name": "keep_kernel_devel"}, {"tag_name": "param", "text": "A Hash where keys are the names of `Yum::Config` resources and the values\nare either the direct `ensure` value, or a Hash of the resource's attributes.\n\n@note Boolean parameter values will be converted to either a `1` or `0`; use a quoted string to\n get a literal `true` or `false`. Sensitive value will disable the `show_diff`.", "types": ["Hash[String, Variant[String, Integer, Boolean, Sensitive[String], Hash[String, Variant[String, Integer, Boolean, Sensitive[String]]]]]"], "name": "config_options"}, {"tag_name": "param", "text": "A hash where keys are the names of `Yumrepo` resources and each value represents its respective\nYumrepo's resource parameters. This is used in conjunction with the `managed_repos` parameter\nto create `Yumrepo` resources en masse. Some default data is provided for this using module\ndata. It is configured to deep merge with a `knockout_prefix` of `--` by default, so individual\nparameters may be overriden or removed via global or environment Hiera data.\n\n@note Boolean parameter values will be converted to either a `1` or `0`; use a quoted string to\n get a literal `true` or `false`.", "types": ["Hash[String, Optional[Hash[String, Variant[String, Integer, Boolean]]]]"], "name": "repos"}, {"tag_name": "param", "text": "An array of first-level keys from the `repos` hash to include in the catalog. The module uses\nthis list to select `Yumrepo` resources from the `repos` hash for instantiation. Defaults are\nset in the module's Hiera data.\n\n@note This only indicates the *managed* state of the repos, the `ensure` state must be managed\n in the `repos` data.", "types": ["Array[String]"], "name": "managed_repos"}, {"tag_name": "param", "text": "Whether or not to add an operating system's default repos to the `managed_repos` array.\n\n@note This only works for operating systems with data in the module's data directory. Currently\n the module only contains data for for CentOS 6 & 7.", "types": ["Boolean"], "name": "manage_os_default_repos"}, {"tag_name": "param", "text": "A list of default repos to add to `managed_repos` if `manage_os_default_repos` is enabled.\nNormally this should not be modified.", "types": ["Array[String]"], "name": "os_default_repos"}, {"tag_name": "param", "text": "An array of first-level keys from the `repos` hash to exclude from management via this module.\nValues in this array will be subtracted from the `managed_repos` array as a last step before\ninstantiation.", "types": ["Array[String]"], "name": "repo_exclusions"}, {"tag_name": "param", "text": "A hash of yum::gpgkey types, which will be automatically included if they\nare referenced by a managed_repo. This will use the same merging behavior\nas repos.", "types": ["Hash[String, Hash[String, String]]"], "name": "gpgkeys"}, {"tag_name": "param", "text": "Name of the utils package, e.g. 'yum-utils', or 'dnf-utils'.", "types": ["String"], "name": "utils_package_name"}]}, "defaults": {"clean_old_kernels": "true", "keep_kernel_devel": "false", "config_options": "{}", "repos": "{}", "managed_repos": "[]", "manage_os_default_repos": "false", "os_default_repos": "[]", "repo_exclusions": "[]", "gpgkeys": "{}", "utils_package_name": "'yum-utils'"}, "source": "class yum (\n Boolean $clean_old_kernels = true,\n Boolean $keep_kernel_devel = false,\n Hash[String, Variant[String, Integer, Boolean, Sensitive[String], Hash[String, Variant[String, Integer, Boolean, Sensitive[String]]]]] $config_options = {},\n Hash[String, Optional[Hash[String, Variant[String, Integer, Boolean]]]] $repos = {},\n Array[String] $managed_repos = [],\n Boolean $manage_os_default_repos = false,\n Array[String] $os_default_repos = [],\n Array[String] $repo_exclusions = [],\n Hash[String, Hash[String, String]] $gpgkeys = {},\n String $utils_package_name = 'yum-utils',\n) {\n $module_metadata = load_module_metadata($module_name)\n $supported_operatingsystems = $module_metadata['operatingsystem_support']\n $supported_os_names = $supported_operatingsystems.map |$os| {\n $os['operatingsystem']\n }\n\n unless member($supported_os_names, $facts['os']['name']) {\n fail(\"${facts['os']['name']} not supported\")\n }\n\n $_managed_repos = $manage_os_default_repos ? {\n true => $managed_repos + $os_default_repos,\n default => $managed_repos,\n }\n\n unless empty($_managed_repos) or empty($repos) {\n $_managed_repos_minus_exclusions = $_managed_repos - $repo_exclusions\n $normalized_repos = yum::bool2num_hash_recursive($repos)\n\n $normalized_repos.each |$yumrepo, $attributes| {\n if member($_managed_repos_minus_exclusions, $yumrepo) {\n yumrepo { $yumrepo:\n * => $attributes,\n }\n # Handle GPG Key\n if ('gpgkey' in $attributes) {\n $matches = $attributes['gpgkey'].split(/\\s/).match('^file://(.*)$')\n $matches.each |$match| {\n if $match {\n $gpgkey = $match[1]\n if $gpgkey =~ Stdlib::AbsolutePath and $gpgkey in $gpgkeys {\n if !defined(Yum::Gpgkey[$gpgkey]) {\n yum::gpgkey { $gpgkey:\n * => $gpgkeys[$gpgkey],\n before => Package[$utils_package_name],\n # GPG Keys for any managed repository need to be installed before we attempt to install any packages.\n }\n } # end if Yum::Gpgkey[$gpgkey] is not defined\n } # end if $gpgkey exists in gpgkeys\n } # end if gpgkey is a file:// resource\n } # end each matches\n } # end if $attributes has a gpgkey\n }\n }\n }\n\n unless empty($config_options) {\n if ('installonly_limit' in $config_options) {\n assert_type(Variant[Integer, Hash[String, Integer]], $config_options['installonly_limit']) |$expected, $actual| {\n fail(\"The value or ensure for `\\$yum::config_options[installonly_limit]` must be an Integer, but it is not.\")\n }\n }\n\n $_normalized_config_options = $config_options.map |$key, $attrs| {\n $_ensure = $attrs ? {\n Hash => $attrs[ensure],\n default => $attrs,\n }\n\n $_normalized_ensure = $_ensure ? {\n Boolean => Hash({ 'ensure' => bool2num($_ensure) }),\n default => Hash({ ensure => $_ensure }), # lint:ignore:unquoted_string_in_selector\n }\n\n $_normalized_attrs = $attrs ? {\n Hash => merge($attrs, $_normalized_ensure),\n default => $_normalized_ensure,\n }\n\n Hash({ $key => $_normalized_attrs })\n }.reduce |$memo, $cfg_opt_hash| {\n merge($memo, $cfg_opt_hash)\n }\n\n $_normalized_config_options.each |$config, $attributes| {\n yum::config { $config:\n * => $attributes,\n }\n }\n }\n\n unless defined(Yum::Config['installonly_limit']) {\n yum::config { 'installonly_limit': ensure => '3' }\n }\n\n $_clean_old_kernels_subscribe = $clean_old_kernels ? {\n true => Yum::Config['installonly_limit'],\n default => undef,\n }\n\n # cleanup old kernels\n ensure_packages([$utils_package_name])\n\n $_real_installonly_limit = $config_options['installonly_limit'] ? {\n Variant[String, Integer] => $config_options['installonly_limit'],\n Hash => $config_options['installonly_limit']['ensure'],\n default => '3',\n }\n\n $_pc_cmd = [\n '/usr/bin/package-cleanup',\n '--oldkernels',\n \"--count=${_real_installonly_limit}\",\n '-y',\n $keep_kernel_devel ? {\n true => '--keepdevel',\n default => undef,\n },\n ].filter |$val| { $val =~ NotUndef }\n\n exec { 'package-cleanup_oldkernels':\n command => shellquote($_pc_cmd),\n refreshonly => true,\n require => Package[$utils_package_name],\n subscribe => $_clean_old_kernels_subscribe,\n }\n}"}, {"name": "yum::clean", "file": "manifests/clean.pp", "line": 2, "docstring": {"text": "A $(yum clean all) Exec to be notified if desired."}, "source": "class yum::clean {\n exec { 'yum_clean_all':\n command => '/usr/bin/yum clean all',\n refreshonly => true,\n }\n}"}, {"name": "yum::plugin::post_transaction_actions", "file": "manifests/plugin/post_transaction_actions.pp", "line": 12, "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "class{'yum::plugin::post_transaction_actions':\n ensure => present,\n}", "name": "Enable post_transaction_action plugin"}, {"tag_name": "param", "text": "Should the post_transaction actions plugin be installed", "types": ["Enum['present', 'absent']"], "name": "ensure"}, {"tag_name": "see", "text": "DNF Post Transaction Items", "name": "https://dnf-plugins-core.readthedocs.io/en/latest/post-transaction-actions.html"}, {"tag_name": "summary", "text": "Class to install post_transaction plugin"}]}, "defaults": {"ensure": "'present'"}, "source": "class yum::plugin::post_transaction_actions (\n Enum['present', 'absent'] $ensure = 'present',\n) {\n if $facts['package_provider'] == 'yum' {\n $_pkg_prefix = undef\n $_actionfile = '/etc/yum/post-actions/puppet_maintained.action'\n } else {\n $_pkg_prefix = 'python3-dnf-plugin'\n $_actionfile = '/etc/dnf/plugins/post-transaction-actions.d/puppet_maintained.action'\n }\n\n yum::plugin { 'post-transaction-actions':\n ensure => $ensure,\n pkg_prefix => $_pkg_prefix,\n }\n\n if $ensure == 'present' {\n concat { 'puppet_actions':\n ensure => present,\n path => $_actionfile,\n owner => root,\n group => root,\n mode => '0644',\n }\n\n concat::fragment { 'action_header':\n target => 'puppet_actions',\n content => \"# Puppet maintained actions\\n# \\$key:\\$state:\\$command\\n\\n\",\n order => '01',\n }\n }\n}"}, {"name": "yum::plugin::versionlock", "file": "manifests/plugin/versionlock.pp", "line": 13, "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "class { 'yum::plugin::versionlock':\n ensure => present,\n}", "name": "Sample usage:"}, {"tag_name": "param", "text": "specifies if versionlock should be present or absent", "types": ["Enum['present', 'absent']"], "name": "ensure"}, {"tag_name": "param", "text": "specifies if yum clean all should be called after edits. Defaults false.", "types": ["Boolean"], "name": "clean"}, {"tag_name": "param", "text": "filepath for the versionlock.list, default based on your system.", "types": ["String"], "name": "path"}, {"tag_name": "summary", "text": "This class installs versionlock plugin"}]}, "defaults": {"ensure": "'present'", "clean": "false"}, "source": "class yum::plugin::versionlock (\n String $path,\n Enum['present', 'absent'] $ensure = 'present',\n Boolean $clean = false,\n) {\n $pkg_prefix = $facts['package_provider'] ? {\n 'dnf' => 'python3-dnf-plugin',\n 'yum' => 'yum-plugin',\n default => '',\n }\n\n yum::plugin { 'versionlock':\n ensure => $ensure,\n pkg_prefix => $pkg_prefix,\n }\n\n if $ensure == 'present' {\n include yum::clean\n $_clean_notify = $clean ? {\n true => Exec['yum_clean_all'],\n false => undef,\n }\n\n concat { $path:\n mode => '0644',\n owner => 'root',\n group => 'root',\n notify => $_clean_notify,\n }\n\n concat::fragment { 'versionlock_header':\n target => $path,\n content => \"# File managed by puppet\\n\",\n order => '01',\n }\n }\n}"}, {"name": "archive", "file": "manifests/init.pp", "line": 39, "inherits": "archive::params", "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "include archive", "name": "On Windows, ensure 7zip is installed using the default `chocolatey` provider."}, {"tag_name": "example", "text": "class { 'archive':\n seven_zip_name => '7-Zip 9.20 (x64 edition)',\n seven_zip_source => 'C:/Windows/Temp/7z920-x64.msi',\n seven_zip_provider => 'windows',\n}", "name": "On Windows, install a 7zip MSI with the native `windows` package provider."}, {"tag_name": "example", "text": "class { 'archive':\n aws_cli_install => true,\n}", "name": "Install the AWS CLI tool. (Not supported on Windows)."}, {"tag_name": "example", "text": "class { 'archive':\n archives => { '/tmp/jta-1.1.jar' => {\n 'ensure' => 'present',\n 'source' => 'http://central.maven.org/maven2/javax/transaction/jta/1.1/jta-1.1.jar',\n }, }\n}", "name": "Deploy a specific archive"}, {"tag_name": "param", "text": "7zip package name. This parameter only applies to Windows.", "types": ["Optional[String[1]]"], "name": "seven_zip_name"}, {"tag_name": "param", "text": "7zip package provider. This parameter only applies to Windows where it defaults to `chocolatey`. Can be set to an empty string, (or `undef` via hiera), if you don't want this module to manage 7zip.", "types": ["Optional[Enum['chocolatey','windows','']]"], "name": "seven_zip_provider"}, {"tag_name": "param", "text": "Alternative package source for 7zip. This parameter only applies to Windows.", "types": ["Optional[String[1]]"], "name": "seven_zip_source"}, {"tag_name": "param", "text": "Installs the AWS CLI command needed for downloading from S3 buckets. This parameter is currently not implemented on Windows.", "types": ["Boolean"], "name": "aws_cli_install"}, {"tag_name": "param", "text": "Installs the GSUtil CLI command needed for downloading from GS buckets. This parameter is currently not implemented on Windows.", "types": ["Boolean"], "name": "gsutil_install"}, {"tag_name": "param", "text": "A hash of archive resources this module should create.", "types": ["Hash"], "name": "archives"}, {"tag_name": "summary", "text": "Manages archive module's dependencies."}]}, "defaults": {"seven_zip_name": "$archive::params::seven_zip_name", "seven_zip_provider": "$archive::params::seven_zip_provider", "seven_zip_source": "undef", "aws_cli_install": "false", "gsutil_install": "false", "archives": "{}"}, "source": "class archive (\n Optional[String[1]] $seven_zip_name = $archive::params::seven_zip_name,\n Optional[Enum['chocolatey','windows','']] $seven_zip_provider = $archive::params::seven_zip_provider,\n Optional[String[1]] $seven_zip_source = undef,\n Boolean $aws_cli_install = false,\n Boolean $gsutil_install = false,\n Hash $archives = {},\n) inherits archive::params {\n if $facts['os']['family'] == 'Windows' and !($seven_zip_provider in ['', undef]) {\n package { '7zip':\n ensure => present,\n name => $seven_zip_name,\n source => $seven_zip_source,\n provider => $seven_zip_provider,\n }\n }\n\n if $aws_cli_install {\n # TODO: Windows support.\n if $facts['os']['family'] != 'Windows' {\n # Using bundled install option:\n # http://docs.aws.amazon.com/cli/latest/userguide/installing.html#install-bundle-other-os\n\n file { '/opt/awscli-bundle':\n ensure => 'directory',\n }\n\n archive { 'awscli-bundle.zip':\n ensure => present,\n path => '/opt/awscli-bundle/awscli-bundle.zip',\n source => 'https://s3.amazonaws.com/aws-cli/awscli-bundle.zip',\n extract => true,\n extract_path => '/opt',\n creates => '/opt/awscli-bundle/install',\n cleanup => true,\n }\n\n exec { 'install_aws_cli':\n command => '/opt/awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/aws',\n refreshonly => true,\n subscribe => Archive['awscli-bundle.zip'],\n }\n }\n }\n\n if $gsutil_install {\n # TODO: Windows support.\n if $facts['os']['family'] != 'Windows' {\n # Using bundled install option:\n # https://cloud.google.com/storage/docs/quickstart-gsutil\n\n file { '/opt/gsutil-bundle':\n ensure => 'directory',\n }\n\n archive { 'gsutil.zip':\n ensure => present,\n path => '/opt/gsutil-bundle/gsutil.zip',\n source => 'https://storage.googleapis.com/pub/gsutil.zip',\n extract => true,\n extract_path => '/opt',\n creates => '/opt/gsutil-bundle/gsutil',\n cleanup => true,\n }\n\n exec { 'install_gsutil':\n command => '/opt/gsutil-bundle/gsutil/setup.py install -q',\n refreshonly => true,\n subscribe => Archive['gsutil.zip'],\n }\n }\n }\n\n $archives.each |$archive_name, $archive_settings| {\n archive { $archive_name:\n * => $archive_settings,\n }\n }\n}"}, {"name": "archive::params", "file": "manifests/params.pp", "line": 3, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "summary", "text": "OS specific `archive` settings such as default user and file mode."}]}, "source": "class archive::params {\n case $facts['os']['family'] {\n 'Windows': {\n $path = $facts['archive_windir']\n $owner = 'S-1-5-32-544' # Adminstrators\n $group = 'S-1-5-18' # SYSTEM\n $mode = '0640'\n $seven_zip_name = '7zip'\n $seven_zip_provider = 'chocolatey'\n }\n default: {\n $path = '/opt/staging'\n $owner = '0'\n $group = '0'\n $mode = '0640'\n $seven_zip_name = undef\n $seven_zip_provider = undef\n }\n }\n}"}, {"name": "archive::staging", "file": "manifests/staging.pp", "line": 13, "inherits": "archive::params", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Absolute path of staging directory to create", "types": ["String"], "name": "path"}, {"tag_name": "param", "text": "Username of directory owner", "types": ["String"], "name": "owner"}, {"tag_name": "param", "text": "Group of directory owner", "types": ["String"], "name": "group"}, {"tag_name": "param", "text": "Mode (permissions) on staging directory", "types": ["String"], "name": "mode"}, {"tag_name": "summary", "text": "Backwards-compatibility class for staging module"}]}, "defaults": {"path": "$archive::params::path", "owner": "$archive::params::owner", "group": "$archive::params::group", "mode": "$archive::params::mode"}, "source": "class archive::staging (\n String $path = $archive::params::path,\n String $owner = $archive::params::owner,\n String $group = $archive::params::group,\n String $mode = $archive::params::mode,\n) inherits archive::params {\n include 'archive'\n\n if !defined(File[$path]) {\n file { $path:\n ensure => directory,\n owner => $owner,\n group => $group,\n mode => $mode,\n }\n }\n}"}, {"name": "postgresql::client", "file": "manifests/client.pp", "line": 14, "inherits": "postgresql::params", "docstring": {"text": "", "tags": [{"tag_name": "note", "text": "Make sure to add any necessary yum or apt repositories if specifying a custom version."}, {"tag_name": "param", "text": "Ensure the connection validation script is present", "types": ["Enum['file', 'absent']"], "name": "file_ensure"}, {"tag_name": "param", "text": "Optional. Absolute path for the postgresql connection validation script.", "types": ["Stdlib::Absolutepath"], "name": "validcon_script_path"}, {"tag_name": "param", "text": "Sets the name of the PostgreSQL client package.", "types": ["String[1]"], "name": "package_name"}, {"tag_name": "param", "text": "Ensure the client package is installed", "types": ["String[1]"], "name": "package_ensure"}, {"tag_name": "summary", "text": "Installs PostgreSQL client software. Set the following parameters if you have a custom version you would like to install."}]}, "defaults": {"file_ensure": "'file'", "validcon_script_path": "$postgresql::params::validcon_script_path", "package_name": "$postgresql::params::client_package_name", "package_ensure": "'present'"}, "source": "class postgresql::client (\n Enum['file', 'absent'] $file_ensure = 'file',\n Stdlib::Absolutepath $validcon_script_path = $postgresql::params::validcon_script_path,\n String[1] $package_name = $postgresql::params::client_package_name,\n String[1] $package_ensure = 'present'\n) inherits postgresql::params {\n if $package_name != 'UNSET' {\n package { 'postgresql-client':\n ensure => $package_ensure,\n name => $package_name,\n tag => 'puppetlabs-postgresql',\n }\n }\n\n file { $validcon_script_path:\n ensure => $file_ensure,\n content => file('postgresql/validate_postgresql_connection.sh'),\n owner => 0,\n group => 0,\n mode => '0755',\n }\n}"}, {"name": "postgresql::dnfmodule", "file": "manifests/dnfmodule.pp", "line": 8, "docstring": {"text": "On EL8 and Fedora DNF can manage modules. This is a method of providing\nmultiple versions on the same OS. Only one DNF module can be active at the\nsame time.", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "param", "text": "", "types": ["String[1]"], "name": "ensure"}, {"tag_name": "param", "text": "", "types": ["String[1]"], "name": "module"}, {"tag_name": "summary", "text": "Manage the DNF module"}]}, "defaults": {"ensure": "'installed'", "module": "'postgresql'"}, "source": "class postgresql::dnfmodule (\n String[1] $ensure = 'installed',\n String[1] $module = 'postgresql',\n) {\n package { 'postgresql dnf module':\n ensure => $ensure,\n name => $module,\n enable_only => true,\n provider => 'dnfmodule',\n }\n\n Package['postgresql dnf module'] -> Package<|tag == 'puppetlabs-postgresql'|>\n}"}, {"name": "postgresql::globals", "file": "manifests/globals.pp", "line": 97, "docstring": {"text": "", "tags": [{"tag_name": "note", "text": "Most server-specific defaults should be overridden in the postgresql::server class.\nThis class should be used only if you are using a non-standard OS, or if you are changing elements that can only be changed here, such as version or manage_package_repo."}, {"tag_name": "param", "text": "Overrides the default PostgreSQL client package name.", "types": ["Any"], "name": "client_package_name"}, {"tag_name": "param", "text": "Overrides the default PostgreSQL server package name.", "types": ["Any"], "name": "server_package_name"}, {"tag_name": "param", "text": "Overrides the default PostgreSQL contrib package name.", "types": ["Any"], "name": "contrib_package_name"}, {"tag_name": "param", "text": "Overrides the default PostgreSQL devel package name.", "types": ["Any"], "name": "devel_package_name"}, {"tag_name": "param", "text": "Overrides the default PostgreSQL java package name.", "types": ["Any"], "name": "java_package_name"}, {"tag_name": "param", "text": "Overrides the default PostgreSQL docs package name.", "types": ["Any"], "name": "docs_package_name"}, {"tag_name": "param", "text": "Overrides the default PostgreSQL Perl package name.", "types": ["Any"], "name": "perl_package_name"}, {"tag_name": "param", "text": "Overrides the default PostgreSQL PL/Perl package name.", "types": ["Any"], "name": "plperl_package_name"}, {"tag_name": "param", "text": "Overrides the default PostgreSQL PL/Python package name.", "types": ["Any"], "name": "plpython_package_name"}, {"tag_name": "param", "text": "Overrides the default PostgreSQL Python package name.", "types": ["Any"], "name": "python_package_name"}, {"tag_name": "param", "text": "Overrides the default PostgreSQL PostGIS package name.", "types": ["Any"], "name": "postgis_package_name"}, {"tag_name": "param", "text": "Overrides the default PostgreSQL service name.", "types": ["Any"], "name": "service_name"}, {"tag_name": "param", "text": "Overrides the default PostgreSQL service provider.", "types": ["Any"], "name": "service_provider"}, {"tag_name": "param", "text": "Overrides the default status check command for your PostgreSQL service.", "types": ["Any"], "name": "service_status"}, {"tag_name": "param", "text": "Specifies the name of the default database to connect with.", "types": ["Any"], "name": "default_database"}, {"tag_name": "param", "text": "Scipt path for the connection validation check.", "types": ["Any"], "name": "validcon_script_path"}, {"tag_name": "param", "text": "Path to the initdb command.", "types": ["Any"], "name": "initdb_path"}, {"tag_name": "param", "text": "Deprecated. Path to the createdb command.", "types": ["Any"], "name": "createdb_path"}, {"tag_name": "param", "text": "Sets the path to the psql command.", "types": ["Any"], "name": "psql_path"}, {"tag_name": "param", "text": "Specifies the path to your pg_hba.conf file.", "types": ["Any"], "name": "pg_hba_conf_path"}, {"tag_name": "param", "text": "Specifies the path to your pg_ident.conf file.", "types": ["Any"], "name": "pg_ident_conf_path"}, {"tag_name": "param", "text": "Sets the path to your postgresql.conf file.", "types": ["Any"], "name": "postgresql_conf_path"}, {"tag_name": "param", "text": "Sets the mode of your postgresql.conf file. Only relevant if manage_postgresql_conf_perms is true.", "types": ["Optional[Stdlib::Filemode]"], "name": "postgresql_conf_mode"}, {"tag_name": "param", "text": "Path to your recovery.conf file.", "types": ["Any"], "name": "recovery_conf_path"}, {"tag_name": "param", "text": "Default connection settings.", "types": ["Any"], "name": "default_connect_settings"}, {"tag_name": "param", "text": "Disables the defaults supplied with the module for pg_hba.conf if set to false.", "types": ["Any"], "name": "pg_hba_conf_defaults"}, {"tag_name": "param", "text": "Overrides the default PostgreSQL data directory for the target platform.\nChanging the datadir after installation causes the server to come to a full stop before making the change.\nFor Red Hat systems, the data directory must be labeled appropriately for SELinux.\nOn Ubuntu, you must explicitly set needs_initdb = true to allow Puppet to initialize the database in the new datadir (needs_initdb defaults to true on other systems).\nWarning! If datadir is changed from the default, Puppet does not manage purging of the original data directory, which causes it to fail if the data directory is changed back to the original", "types": ["Any"], "name": "datadir"}, {"tag_name": "param", "text": "Overrides the default PostgreSQL configuration directory for the target platform.", "types": ["Any"], "name": "confdir"}, {"tag_name": "param", "text": "Overrides the default PostgreSQL binaries directory for the target platform.", "types": ["Any"], "name": "bindir"}, {"tag_name": "param", "text": "Overrides the default PostgreSQL xlog directory.", "types": ["Any"], "name": "xlogdir"}, {"tag_name": "param", "text": "Overrides the default PostgreSQL log directory.", "types": ["Any"], "name": "logdir"}, {"tag_name": "param", "text": "Overrides the default PostgreSQL log prefix.", "types": ["Any"], "name": "log_line_prefix"}, {"tag_name": "param", "text": "Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system.", "types": ["Any"], "name": "user"}, {"tag_name": "param", "text": "Overrides the default postgres user group to be used for related files in the file system.", "types": ["Any"], "name": "group"}, {"tag_name": "param", "text": "The version of PostgreSQL to install and manage.", "types": ["Any"], "name": "version"}, {"tag_name": "param", "text": "Defines the version of PostGIS to install, if you install PostGIS.", "types": ["Any"], "name": "postgis_version"}, {"tag_name": "param", "text": "Sets the proxy option for the official PostgreSQL yum-repositories only.", "types": ["Any"], "name": "repo_proxy"}, {"tag_name": "param", "text": "Sets the baseurl for the PostgreSQL repository. Useful if you host your own mirror of the repository.", "types": ["Any"], "name": "repo_baseurl"}, {"tag_name": "param", "text": "Sets the url for the PostgreSQL common Yum repository. Useful if you host your own mirror of the YUM repository.", "types": ["Any"], "name": "yum_repo_commonurl"}, {"tag_name": "param", "text": "Explicitly calls the initdb operation after the server package is installed and before the PostgreSQL service is started.", "types": ["Any"], "name": "needs_initdb"}, {"tag_name": "param", "text": "Sets the default encoding for all databases created with this module.\nOn certain operating systems, this is also used during the template1 initialization, so it becomes a default outside of the module as well.", "types": ["Any"], "name": "encoding"}, {"tag_name": "param", "text": "Sets the default database locale for all databases created with this module.\nOn certain operating systems, this is also used during the template1 initialization, so it becomes a default outside of the module as well.\nOn Debian, you'll need to ensure that the 'locales-all' package is installed for full functionality of PostgreSQL.", "types": ["Any"], "name": "locale"}, {"tag_name": "param", "text": "Use checksums on data pages to help detect corruption by the I/O system that would otherwise be silent.\nWarning: This option is used during initialization by initdb, and cannot be changed later.", "types": ["Any"], "name": "data_checksums"}, {"tag_name": "param", "text": "Sets the default timezone of the postgresql server. The postgresql built-in default is taking the systems timezone information.", "types": ["Any"], "name": "timezone"}, {"tag_name": "param", "text": "Allow Puppet to manage the pg_hba.conf file.", "types": ["Any"], "name": "manage_pg_hba_conf"}, {"tag_name": "param", "text": "Allow Puppet to manage the pg_ident.conf file.", "types": ["Any"], "name": "manage_pg_ident_conf"}, {"tag_name": "param", "text": "Allow Puppet to manage the recovery.conf file.", "types": ["Any"], "name": "manage_recovery_conf"}, {"tag_name": "param", "text": "Whether to manage the postgresql conf file permissions. This means owner,\ngroup and mode. Contents are not managed but should be managed through\npostgresql::server::config_entry.", "types": ["Any"], "name": "manage_postgresql_conf_perms"}, {"tag_name": "param", "text": "Set to false if you have file{ $datadir: } already defined", "types": ["Any"], "name": "manage_datadir"}, {"tag_name": "param", "text": "Set to false if you have file{ $logdir: } already defined", "types": ["Any"], "name": "manage_logdir"}, {"tag_name": "param", "text": "Set to false if you have file{ $xlogdir: } already defined", "types": ["Any"], "name": "manage_xlogdir"}, {"tag_name": "param", "text": "Sets up official PostgreSQL repositories on your host if set to true.", "types": ["Any"], "name": "manage_package_repo"}, {"tag_name": "param", "text": "Manage the DNF module. This only makes sense on distributions that use DNF\npackage manager, such as EL8 or Fedora. It also requires Puppet 5.5.20+ or\nPuppet 6.15.0+ since they ship the dnfmodule provider.", "types": ["Boolean"], "name": "manage_dnf_module"}, {"tag_name": "param", "text": "Specifies working directory under which the psql command should be executed. May need to specify if '/tmp' is on volume mounted with noexec option.", "types": ["Any"], "name": "module_workdir"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "manage_selinux"}, {"tag_name": "summary", "text": "Class for setting cross-class global overrides."}]}, "defaults": {"client_package_name": "undef", "server_package_name": "undef", "contrib_package_name": "undef", "devel_package_name": "undef", "java_package_name": "undef", "docs_package_name": "undef", "perl_package_name": "undef", "plperl_package_name": "undef", "plpython_package_name": "undef", "python_package_name": "undef", "postgis_package_name": "undef", "service_name": "undef", "service_provider": "undef", "service_status": "undef", "default_database": "undef", "validcon_script_path": "undef", "initdb_path": "undef", "createdb_path": "undef", "psql_path": "undef", "pg_hba_conf_path": "undef", "pg_ident_conf_path": "undef", "postgresql_conf_path": "undef", "postgresql_conf_mode": "undef", "recovery_conf_path": "undef", "default_connect_settings": "{}", "pg_hba_conf_defaults": "undef", "datadir": "undef", "confdir": "undef", "bindir": "undef", "xlogdir": "undef", "logdir": "undef", "log_line_prefix": "undef", "manage_datadir": "undef", "manage_logdir": "undef", "manage_xlogdir": "undef", "user": "undef", "group": "undef", "version": "undef", "postgis_version": "undef", "repo_proxy": "undef", "repo_baseurl": "undef", "yum_repo_commonurl": "undef", "needs_initdb": "undef", "encoding": "undef", "locale": "undef", "data_checksums": "undef", "timezone": "undef", "manage_pg_hba_conf": "undef", "manage_pg_ident_conf": "undef", "manage_recovery_conf": "undef", "manage_postgresql_conf_perms": "undef", "manage_selinux": "undef", "manage_package_repo": "undef", "manage_dnf_module": "false", "module_workdir": "undef"}, "source": "class postgresql::globals (\n $client_package_name = undef,\n $server_package_name = undef,\n $contrib_package_name = undef,\n $devel_package_name = undef,\n $java_package_name = undef,\n $docs_package_name = undef,\n $perl_package_name = undef,\n $plperl_package_name = undef,\n $plpython_package_name = undef,\n $python_package_name = undef,\n $postgis_package_name = undef,\n\n $service_name = undef,\n $service_provider = undef,\n $service_status = undef,\n $default_database = undef,\n\n $validcon_script_path = undef,\n\n $initdb_path = undef,\n $createdb_path = undef,\n $psql_path = undef,\n $pg_hba_conf_path = undef,\n $pg_ident_conf_path = undef,\n $postgresql_conf_path = undef,\n Optional[Stdlib::Filemode] $postgresql_conf_mode = undef,\n $recovery_conf_path = undef,\n $default_connect_settings = {},\n\n $pg_hba_conf_defaults = undef,\n\n $datadir = undef,\n $confdir = undef,\n $bindir = undef,\n $xlogdir = undef,\n $logdir = undef,\n $log_line_prefix = undef,\n $manage_datadir = undef,\n $manage_logdir = undef,\n $manage_xlogdir = undef,\n\n $user = undef,\n $group = undef,\n\n $version = undef,\n $postgis_version = undef,\n $repo_proxy = undef,\n $repo_baseurl = undef,\n $yum_repo_commonurl = undef,\n\n $needs_initdb = undef,\n\n $encoding = undef,\n $locale = undef,\n $data_checksums = undef,\n $timezone = undef,\n\n $manage_pg_hba_conf = undef,\n $manage_pg_ident_conf = undef,\n $manage_recovery_conf = undef,\n $manage_postgresql_conf_perms = undef,\n $manage_selinux = undef,\n\n $manage_package_repo = undef,\n Boolean $manage_dnf_module = false,\n $module_workdir = undef,\n) {\n # We are determining this here, because it is needed by the package repo\n # class.\n $default_version = $facts['os']['family'] ? {\n /^(RedHat|Linux)/ => $facts['os']['name'] ? {\n 'Fedora' => $facts['os']['release']['major'] ? {\n /^(34)$/ => '13',\n /^(32|33)$/ => '12',\n /^(31)$/ => '11.6',\n /^(30)$/ => '11.2',\n /^(29)$/ => '10.6',\n /^(28)$/ => '10.4',\n /^(26|27)$/ => '9.6',\n /^(24|25)$/ => '9.5',\n /^(22|23)$/ => '9.4',\n /^(21)$/ => '9.3',\n /^(18|19|20)$/ => '9.2',\n /^(17)$/ => '9.1',\n default => undef,\n },\n 'Amazon' => '9.2',\n default => $facts['os']['release']['major'] ? {\n '8' => '10',\n '7' => '9.2',\n '6' => '8.4',\n '5' => '8.1',\n default => undef,\n },\n },\n 'Debian' => $facts['os']['name'] ? {\n 'Debian' => $facts['os']['release']['major'] ? {\n '8' => '9.4',\n '9' => '9.6',\n '10' => '11',\n '11' => '13',\n default => undef,\n },\n 'Ubuntu' => $facts['os']['release']['major'] ? {\n /^(14.04)$/ => '9.3',\n /^(14.10|15.04|15.10)$/ => '9.4',\n /^(16.04|16.10)$/ => '9.5',\n /^(17.04|17.10)$/ => '9.6',\n /^(18.04)$/ => '10',\n /^(20.04)$/ => '12',\n default => undef,\n },\n default => undef,\n },\n 'Archlinux' => '9.2',\n 'Gentoo' => '9.5',\n 'FreeBSD' => '12',\n 'OpenBSD' => $facts['os']['release']['full'] ? {\n /5\\.6/ => '9.3',\n /5\\.[7-9]/ => '9.4',\n /6\\.[0-9]/ => '9.5',\n },\n 'Suse' => $facts['os']['name'] ? {\n 'SLES' => $facts['os']['release']['full'] ? {\n /11\\.[0-3]/ => '91',\n /11\\.4/ => '94',\n /12\\.0/ => '93',\n /12\\.[1-3]/ => '94',\n /12\\.[4-5]/ => '10',\n /15\\.[0-9]/ => '10',\n default => '96',\n },\n 'OpenSuSE' => $facts['os']['release']['full'] ? {\n /42\\.[1-2]/ => '94',\n default => '96',\n },\n default => undef,\n },\n default => undef,\n }\n $globals_version = pick($version, $default_version, 'unknown')\n if($globals_version == 'unknown') {\n fail('No preferred version defined or automatically detected.')\n }\n\n $default_postgis_version = $globals_version ? {\n '8.1' => '1.3.6',\n '8.4' => '2.0',\n '9.0' => '2.1',\n '9.1' => '2.1',\n '91' => '2.1',\n '9.2' => '2.3',\n '9.3' => '2.3',\n '93' => '2.3',\n '9.4' => '2.3',\n '9.5' => '2.3',\n '9.6' => '2.3',\n '10' => '2.4',\n '11' => '3.0',\n '12' => '3.0',\n default => undef,\n }\n $globals_postgis_version = $postgis_version ? {\n undef => $default_postgis_version,\n default => $postgis_version,\n }\n\n # Setup of the repo only makes sense globally, so we are doing this here.\n if($manage_package_repo) {\n class { 'postgresql::repo':\n version => $globals_version,\n proxy => $repo_proxy,\n baseurl => $repo_baseurl,\n commonurl => $yum_repo_commonurl,\n }\n }\n\n if $manage_dnf_module {\n class { 'postgresql::dnfmodule':\n ensure => $globals_version,\n }\n }\n}"}, {"name": "postgresql::lib::devel", "file": "manifests/lib/devel.pp", "line": 11, "inherits": "postgresql::params", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Override devel package name", "types": ["String"], "name": "package_name"}, {"tag_name": "param", "text": "Ensure the development libraries are installed", "types": ["String[1]"], "name": "package_ensure"}, {"tag_name": "param", "text": "If the bin directory used by the PostgreSQL page is not /usr/bin or /usr/local/bin, symlinks pg_config from the package's bin dir into usr/bin (not applicable to Debian systems). Set to false to disable this behavior.", "types": ["Boolean"], "name": "link_pg_config"}, {"tag_name": "summary", "text": "This class installs postgresql development libraries."}]}, "defaults": {"package_name": "$postgresql::params::devel_package_name", "package_ensure": "'present'", "link_pg_config": "$postgresql::params::link_pg_config"}, "source": "class postgresql::lib::devel (\n String $package_name = $postgresql::params::devel_package_name,\n String[1] $package_ensure = 'present',\n Boolean $link_pg_config = $postgresql::params::link_pg_config\n) inherits postgresql::params {\n if $facts['os']['family'] == 'Gentoo' {\n fail('osfamily Gentoo does not have a separate \"devel\" package, postgresql::lib::devel is not supported')\n }\n\n package { 'postgresql-devel':\n ensure => $package_ensure,\n name => $package_name,\n tag => 'puppetlabs-postgresql',\n }\n\n if $link_pg_config {\n if ( $postgresql::params::bindir != '/usr/bin' and $postgresql::params::bindir != '/usr/local/bin') {\n file { '/usr/bin/pg_config':\n ensure => link,\n target => \"${postgresql::params::bindir}/pg_config\",\n }\n }\n }\n}"}, {"name": "postgresql::lib::docs", "file": "manifests/lib/docs.pp", "line": 12, "inherits": "postgresql::params", "docstring": {"text": "", "tags": [{"tag_name": "note", "text": "Make sure to add any necessary yum or apt repositories if specifying a custom version."}, {"tag_name": "param", "text": "Specifies the name of the PostgreSQL docs package.", "types": ["String"], "name": "package_name"}, {"tag_name": "param", "text": "Whether the PostgreSQL docs package resource should be present.", "types": ["String[1]"], "name": "package_ensure"}, {"tag_name": "summary", "text": "Installs PostgreSQL bindings for Postgres-Docs. Set the following parameters if you have a custom version you would like to install."}]}, "defaults": {"package_name": "$postgresql::params::docs_package_name", "package_ensure": "'present'"}, "source": "class postgresql::lib::docs (\n String $package_name = $postgresql::params::docs_package_name,\n String[1] $package_ensure = 'present',\n) inherits postgresql::params {\n package { 'postgresql-docs':\n ensure => $package_ensure,\n name => $package_name,\n tag => 'puppetlabs-postgresql',\n }\n}"}, {"name": "postgresql::lib::java", "file": "manifests/lib/java.pp", "line": 11, "inherits": "postgresql::params", "docstring": {"text": "", "tags": [{"tag_name": "note", "text": "Make sure to add any necessary yum or apt repositories if specifying a custom version."}, {"tag_name": "param", "text": "Specifies the name of the PostgreSQL java package.", "types": ["String"], "name": "package_name"}, {"tag_name": "param", "text": "Specifies whether the package is present.", "types": ["String[1]"], "name": "package_ensure"}, {"tag_name": "summary", "text": "This class installs the postgresql jdbc connector."}]}, "defaults": {"package_name": "$postgresql::params::java_package_name", "package_ensure": "'present'"}, "source": "class postgresql::lib::java (\n String $package_name = $postgresql::params::java_package_name,\n String[1] $package_ensure = 'present'\n) inherits postgresql::params {\n package { 'postgresql-jdbc':\n ensure => $package_ensure,\n name => $package_name,\n tag => 'puppetlabs-postgresql',\n }\n}"}, {"name": "postgresql::lib::perl", "file": "manifests/lib/perl.pp", "line": 8, "inherits": "postgresql::params", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Specifies the name of the PostgreSQL perl package to install.", "types": ["String"], "name": "package_name"}, {"tag_name": "param", "text": "Ensure the perl libs for postgresql are installed.", "types": ["String[1]"], "name": "package_ensure"}, {"tag_name": "summary", "text": "This class installs the perl libs for postgresql."}]}, "defaults": {"package_name": "$postgresql::params::perl_package_name", "package_ensure": "'present'"}, "source": "class postgresql::lib::perl (\n String $package_name = $postgresql::params::perl_package_name,\n String[1] $package_ensure = 'present'\n) inherits postgresql::params {\n package { 'perl-DBD-Pg':\n ensure => $package_ensure,\n name => $package_name,\n tag => 'puppetlabs-postgresql',\n }\n}"}, {"name": "postgresql::lib::python", "file": "manifests/lib/python.pp", "line": 8, "inherits": "postgresql::params", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The name of the PostgreSQL Python package.", "types": ["String[1]"], "name": "package_name"}, {"tag_name": "param", "text": "Ensure the python libs for postgresql are installed.", "types": ["String[1]"], "name": "package_ensure"}, {"tag_name": "summary", "text": "This class installs the python libs for postgresql."}]}, "defaults": {"package_name": "$postgresql::params::python_package_name", "package_ensure": "'present'"}, "source": "class postgresql::lib::python (\n String[1] $package_name = $postgresql::params::python_package_name,\n String[1] $package_ensure = 'present'\n) inherits postgresql::params {\n package { 'python-psycopg2':\n ensure => $package_ensure,\n name => $package_name,\n tag => 'puppetlabs-postgresql',\n }\n}"}, {"name": "postgresql::params", "file": "manifests/params.pp", "line": 2, "inherits": "postgresql::globals", "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}]}, "source": "class postgresql::params inherits postgresql::globals {\n $version = $postgresql::globals::globals_version\n $postgis_version = $postgresql::globals::globals_postgis_version\n $listen_addresses = undef\n $port = 5432\n $log_line_prefix = undef\n $ip_mask_deny_postgres_user = '0.0.0.0/0'\n $ip_mask_allow_all_users = '127.0.0.1/32'\n $ipv4acls = []\n $ipv6acls = []\n $encoding = $postgresql::globals::encoding\n $locale = $postgresql::globals::locale\n $data_checksums = $postgresql::globals::data_checksums\n $timezone = $postgresql::globals::timezone\n $service_ensure = 'running'\n $service_enable = true\n $service_manage = true\n $service_restart_on_change = true\n $service_provider = $postgresql::globals::service_provider\n $manage_pg_hba_conf = pick($manage_pg_hba_conf, true)\n $manage_pg_ident_conf = pick($manage_pg_ident_conf, true)\n $manage_recovery_conf = pick($manage_recovery_conf, false)\n $manage_postgresql_conf_perms = pick($manage_postgresql_conf_perms, true)\n $manage_selinux = pick($manage_selinux, false)\n $package_ensure = 'present'\n $module_workdir = pick($module_workdir,'/tmp')\n $password_encryption = undef\n $extra_systemd_config = ''\n $manage_datadir = true\n $manage_logdir = true\n $manage_xlogdir = true\n\n # Amazon Linux's OS Family is 'Linux', operating system 'Amazon'.\n case $facts['os']['family'] {\n 'RedHat', 'Linux': {\n $link_pg_config = true\n $user = pick($user, 'postgres')\n $group = pick($group, 'postgres')\n $needs_initdb = pick($needs_initdb, true)\n $version_parts = split($version, '[.]')\n $package_version = \"${version_parts[0]}${version_parts[1]}\"\n\n if $version == $postgresql::globals::default_version and $facts['os']['name'] != 'Amazon' or $postgresql::globals::manage_dnf_module {\n $client_package_name = pick($client_package_name, 'postgresql')\n $server_package_name = pick($server_package_name, 'postgresql-server')\n $contrib_package_name = pick($contrib_package_name,'postgresql-contrib')\n $devel_package_name = pick($devel_package_name, 'postgresql-devel')\n $java_package_name = pick($java_package_name, 'postgresql-jdbc')\n $docs_package_name = pick($docs_package_name, 'postgresql-docs')\n $plperl_package_name = pick($plperl_package_name, 'postgresql-plperl')\n $plpython_package_name = pick($plpython_package_name, 'postgresql-plpython')\n $service_name = pick($service_name, 'postgresql')\n $bindir = pick($bindir, '/usr/bin')\n $datadir = $facts['os']['name'] ? {\n 'Amazon' => pick($datadir, \"/var/lib/pgsql${package_version}/data\"),\n default => pick($datadir, '/var/lib/pgsql/data'),\n }\n $confdir = pick($confdir, $datadir)\n } else {\n $client_package_name = pick($client_package_name, \"postgresql${package_version}\")\n $server_package_name = pick($server_package_name, \"postgresql${package_version}-server\")\n $contrib_package_name = pick($contrib_package_name,\"postgresql${package_version}-contrib\")\n $devel_package_name = pick($devel_package_name, \"postgresql${package_version}-devel\")\n $java_package_name = pick($java_package_name, \"postgresql${package_version}-jdbc\")\n $docs_package_name = pick($docs_package_name, \"postgresql${package_version}-docs\")\n $plperl_package_name = pick($plperl_package_name, \"postgresql${package_version}-plperl\")\n $plpython_package_name = pick($plpython_package_name, \"postgresql${package_version}-plpython\")\n $service_name = $facts['os']['name'] ? {\n 'Amazon' => pick($service_name, \"postgresql${version_parts[0]}${version_parts[1]}\"),\n default => pick($service_name, \"postgresql-${version}\"),\n }\n $bindir = $facts['os']['name'] ? {\n 'Amazon' => pick($bindir, '/usr/bin'),\n default => pick($bindir, \"/usr/pgsql-${version}/bin\"),\n }\n $datadir = $facts['os']['name'] ? {\n 'Amazon' => pick($datadir, \"/var/lib/pgsql${package_version}/data\"),\n default => pick($datadir, \"/var/lib/pgsql/${version}/data\"),\n }\n $confdir = pick($confdir, $datadir)\n $postgresql_conf_mode = pick($postgresql_conf_mode, '0600')\n }\n\n case $facts['os']['name'] {\n 'Amazon': {\n $service_reload = \"service ${service_name} reload\"\n $service_status = \"service ${service_name} status\"\n }\n\n # RHEL 5 uses SysV init, RHEL 6 uses upstart. RHEL 7 and 8 both use systemd.\n 'RedHat', 'CentOS', 'Scientific', 'OracleLinux': {\n if $facts['os']['release']['major'] in ['7', '8'] {\n $service_reload = \"systemctl reload ${service_name}\"\n $service_status = \"systemctl status ${service_name}\"\n } else {\n $service_reload = \"service ${service_name} reload\"\n $service_status = \"service ${service_name} status\"\n }\n }\n\n # Default will catch Fedora which uses systemd\n default: {\n $service_reload = \"systemctl reload ${service_name}\"\n $service_status = \"systemctl status ${service_name}\"\n }\n }\n\n $psql_path = pick($psql_path, \"${bindir}/psql\")\n\n $perl_package_name = pick($perl_package_name, 'perl-DBD-Pg')\n $python_package_name = pick($python_package_name, 'python-psycopg2')\n\n if $postgresql::globals::postgis_package_name {\n $postgis_package_name = $postgresql::globals::postgis_package_name\n } elsif $facts['os']['release']['major'] == '5' {\n $postgis_package_name = 'postgis'\n } elsif $postgis_version and versioncmp($postgis_version, '2') < 0 {\n $postgis_package_name = \"postgis${package_version}\"\n } else {\n $postgis_package_name = \"postgis2_${package_version}\"\n }\n }\n\n 'Archlinux': {\n $link_pg_config = true\n $needs_initdb = pick($needs_initdb, true)\n $user = pick($user, 'postgres')\n $group = pick($group, 'postgres')\n\n # Archlinux doesn't have a client-package but has a libs package which\n # pulls in postgresql server\n $client_package_name = pick($client_package_name, 'postgresql')\n $server_package_name = pick($server_package_name, 'postgresql-libs')\n $java_package_name = pick($java_package_name, 'postgresql-jdbc')\n # Archlinux doesn't have develop packages\n $devel_package_name = pick($devel_package_name, 'postgresql-devel')\n # Archlinux does have postgresql-contrib but it isn't maintained\n $contrib_package_name = pick($contrib_package_name,'undef')\n # Archlinux postgresql package provides plperl\n $plperl_package_name = pick($plperl_package_name, 'undef')\n $plpython_package_name = pick($plpython_package_name, 'undef')\n $service_name = pick($service_name, 'postgresql')\n $bindir = pick($bindir, '/usr/bin')\n $datadir = pick($datadir, '/var/lib/postgres/data')\n $confdir = pick($confdir, $datadir)\n $psql_path = pick($psql_path, \"${bindir}/psql\")\n\n $service_status = $service_status\n $service_reload = \"systemctl reload ${service_name}\"\n $python_package_name = pick($python_package_name, 'python-psycopg2')\n # Archlinux does not have a perl::DBD::Pg package\n $perl_package_name = pick($perl_package_name, 'undef')\n }\n\n 'Debian': {\n $link_pg_config = false\n $user = pick($user, 'postgres')\n $group = pick($group, 'postgres')\n\n if $postgresql::globals::manage_package_repo == true {\n $needs_initdb = pick($needs_initdb, true)\n $service_name = pick($service_name, 'postgresql')\n } else {\n $needs_initdb = pick($needs_initdb, false)\n $service_name = $facts['os']['name'] ? {\n 'Debian' => pick($service_name, 'postgresql'),\n 'Ubuntu' => $::lsbmajdistrelease ? {\n /^10/ => pick($service_name, \"postgresql-${version}\"),\n default => pick($service_name, 'postgresql'),\n },\n default => undef\n }\n }\n\n $client_package_name = pick($client_package_name, \"postgresql-client-${version}\")\n $server_package_name = pick($server_package_name, \"postgresql-${version}\")\n if $facts['os']['name'] == 'Debian' and $facts['os']['release']['major'] == '10' and $postgresql::globals::manage_package_repo != true {\n $contrib_package_name = pick($contrib_package_name, 'postgresql-contrib')\n } else {\n $contrib_package_name = pick($contrib_package_name, \"postgresql-contrib-${version}\")\n }\n if $postgis_version and versioncmp($postgis_version, '2') < 0 {\n $postgis_package_name = pick($postgis_package_name, \"postgresql-${version}-postgis\")\n } elsif $postgis_version and versioncmp($postgis_version, '3') >= 0 {\n $postgis_package_name = pick($postgis_package_name, \"postgresql-${version}-postgis-3\")\n } else {\n $postgis_package_name = pick($postgis_package_name, \"postgresql-${version}-postgis-${postgis_version}\")\n }\n $devel_package_name = pick($devel_package_name, 'libpq-dev')\n $java_package_name = $facts['os']['name'] ? {\n 'Debian' => $facts['os']['release']['major'] ? {\n '6' => pick($java_package_name, 'libpg-java'),\n default => pick($java_package_name, 'libpostgresql-jdbc-java'),\n },\n default => pick($java_package_name, 'libpostgresql-jdbc-java'),\n }\n $perl_package_name = pick($perl_package_name, 'libdbd-pg-perl')\n $plperl_package_name = pick($plperl_package_name, \"postgresql-plperl-${version}\")\n $plpython_package_name = pick($plpython_package_name, \"postgresql-plpython-${version}\")\n $python_package_name = pick($python_package_name, 'python-psycopg2')\n\n $bindir = pick($bindir, \"/usr/lib/postgresql/${version}/bin\")\n $datadir = pick($datadir, \"/var/lib/postgresql/${version}/main\")\n $confdir = pick($confdir, \"/etc/postgresql/${version}/main\")\n if $facts['os']['name'] == 'Debian' and versioncmp($facts['os']['release']['major'], '8') >= 0 {\n # Jessie uses systemd\n $service_status = pick($service_status, \"/usr/sbin/service ${service_name}@*-main status\")\n } elsif $facts['os']['name'] == 'Ubuntu' and versioncmp($facts['os']['release']['major'], '15.04') >= 0 {\n # Ubuntu releases since vivid use systemd\n $service_status = pick($service_status, \"/usr/sbin/service ${service_name} status\")\n } else {\n $service_status = pick($service_status, \"/etc/init.d/${service_name} status | /bin/egrep -q 'Running clusters: .+|online'\")\n }\n $service_reload = \"service ${service_name} reload\"\n $psql_path = pick($psql_path, '/usr/bin/psql')\n $postgresql_conf_mode = pick($postgresql_conf_mode, '0644')\n }\n\n 'Gentoo': {\n $user = pick($user, 'postgres')\n $group = pick($group, 'postgres')\n\n $client_package_name = pick($client_package_name, 'UNSET')\n $server_package_name = pick($server_package_name, 'postgresql')\n $contrib_package_name = pick_default($contrib_package_name, undef)\n $devel_package_name = pick_default($devel_package_name, undef)\n $java_package_name = pick($java_package_name, 'jdbc-postgresql')\n $perl_package_name = pick($perl_package_name, 'DBD-Pg')\n $plperl_package_name = undef\n $python_package_name = pick($python_package_name, 'psycopg')\n\n $service_name = pick($service_name, \"postgresql-${version}\")\n $bindir = pick($bindir, \"/usr/lib/postgresql-${version}/bin\")\n $datadir = pick($datadir, \"/var/lib/postgresql/${version}_data\")\n $confdir = pick($confdir, \"/etc/postgresql-${version}\")\n $service_status = pick($service_status, \"systemctl status ${service_name}\")\n $service_reload = \"systemctl reload ${service_name}\"\n $psql_path = pick($psql_path, \"${bindir}/psql\")\n\n $needs_initdb = pick($needs_initdb, true)\n }\n\n 'FreeBSD': {\n case $version {\n '94', '95': {\n $user = pick($user, 'pgsql')\n $group = pick($group, 'pgsql')\n $datadir = pick($datadir, '/usr/local/pgsql/data')\n }\n default: {\n $user = pick($user, 'postgres')\n $group = pick($group, 'postgres')\n $datadir = pick($datadir, \"/var/db/postgres/data${version}\")\n }\n }\n\n $link_pg_config = true\n $client_package_name = pick($client_package_name, \"databases/postgresql${version}-client\")\n $server_package_name = pick($server_package_name, \"databases/postgresql${version}-server\")\n $contrib_package_name = pick($contrib_package_name, \"databases/postgresql${version}-contrib\")\n $devel_package_name = pick($devel_package_name, 'databases/postgresql-libpqxx3')\n $java_package_name = pick($java_package_name, 'databases/postgresql-jdbc')\n $perl_package_name = pick($plperl_package_name, 'databases/p5-DBD-Pg')\n $plperl_package_name = pick($plperl_package_name, \"databases/postgresql${version}-plperl\")\n $python_package_name = pick($python_package_name, 'databases/py-psycopg2')\n\n $service_name = pick($service_name, 'postgresql')\n $bindir = pick($bindir, '/usr/local/bin')\n $confdir = pick($confdir, $datadir)\n $service_status = pick($service_status, \"/usr/local/etc/rc.d/${service_name} onestatus\")\n $service_reload = \"service ${service_name} reload\"\n $psql_path = pick($psql_path, \"${bindir}/psql\")\n\n $needs_initdb = pick($needs_initdb, true)\n }\n\n 'OpenBSD': {\n $user = pick($user, '_postgresql')\n $group = pick($group, '_postgresql')\n\n $client_package_name = pick($client_package_name, 'postgresql-client')\n $server_package_name = pick($server_package_name, 'postgresql-server')\n $contrib_package_name = pick($contrib_package_name, 'postgresql-contrib')\n $devel_package_name = pick($devel_package_name, 'postgresql-client')\n $java_package_name = pick($java_package_name, 'postgresql-jdbc')\n $perl_package_name = pick($perl_package_name, 'databases/p5-DBD-Pg')\n $plperl_package_name = undef\n $python_package_name = pick($python_package_name, 'py-psycopg2')\n\n $service_name = pick($service_name, 'postgresql')\n $bindir = pick($bindir, '/usr/local/bin')\n $datadir = pick($datadir, '/var/postgresql/data')\n $confdir = pick($confdir, $datadir)\n $service_status = pick($service_status, \"/etc/rc.d/${service_name} check\")\n $service_reload = \"/etc/rc.d/${service_name} reload\"\n $psql_path = pick($psql_path, \"${bindir}/psql\")\n\n $needs_initdb = pick($needs_initdb, true)\n }\n\n 'Suse': {\n $link_pg_config = true\n $user = pick($user, 'postgres')\n $group = pick($group, 'postgres')\n\n $client_package_name = pick($client_package_name, \"postgresql${version}\")\n $server_package_name = pick($server_package_name, \"postgresql${version}-server\")\n $contrib_package_name = pick($contrib_package_name, \"postgresql${version}-contrib\")\n $devel_package_name = pick($devel_package_name, \"postgresql${version}-devel\")\n $java_package_name = pick($java_package_name, \"postgresql${version}-jdbc\")\n $perl_package_name = pick($plperl_package_name, 'perl-DBD-Pg')\n $plperl_package_name = pick($plperl_package_name, \"postgresql${version}-plperl\")\n $python_package_name = pick($python_package_name, 'python-psycopg2')\n\n $service_name = pick($service_name, 'postgresql')\n $bindir = pick($bindir, \"/usr/lib/postgresql${version}/bin\")\n $datadir = pick($datadir, '/var/lib/pgsql/data')\n $confdir = pick($confdir, $datadir)\n if $facts['os']['name'] == 'SLES' and versioncmp($facts['os']['release']['full'], '11.4') <= 0 {\n $service_status = pick($service_status, \"/etc/init.d/${service_name} status\")\n $service_reload = \"/etc/init.d/${service_name} reload\"\n } else {\n $service_status = pick($service_status, \"systemctl status ${service_name}\")\n $service_reload = \"systemctl reload ${service_name}\"\n }\n $psql_path = pick($psql_path, \"${bindir}/psql\")\n\n $needs_initdb = pick($needs_initdb, true)\n }\n\n default: {\n $link_pg_config = true\n $psql_path = pick($psql_path, \"${bindir}/psql\")\n\n # Since we can't determine defaults on our own, we rely on users setting\n # parameters with the postgresql::globals class. Here we are checking\n # that the mandatory minimum is set for the module to operate.\n $err_prefix = \"Module ${module_name} does not provide defaults for osfamily: ${facts['os']['family']} operatingsystem: ${facts['os']['name']}; please specify a value for ${module_name}::globals::\"\n if ($needs_initdb == undef) { fail(\"${err_prefix}needs_initdb\") }\n if ($service_name == undef) { fail(\"${err_prefix}service_name\") }\n if ($client_package_name == undef) { fail(\"${err_prefix}client_package_name\") }\n if ($server_package_name == undef) { fail(\"${err_prefix}server_package_name\") }\n if ($bindir == undef) { fail(\"${err_prefix}bindir\") }\n if ($datadir == undef) { fail(\"${err_prefix}datadir\") }\n if ($confdir == undef) { fail(\"${err_prefix}confdir\") }\n }\n }\n\n if($data_checksums and versioncmp($version, '9.3') < 0) {\n fail('data_checksums require version 9.3 or greater')\n }\n\n $validcon_script_path = pick($validcon_script_path, '/usr/local/bin/validate_postgresql_connection.sh')\n $initdb_path = pick($initdb_path, \"${bindir}/initdb\")\n $pg_hba_conf_path = pick($pg_hba_conf_path, \"${confdir}/pg_hba.conf\")\n $pg_hba_conf_defaults = pick($pg_hba_conf_defaults, true)\n $pg_ident_conf_path = pick($pg_ident_conf_path, \"${confdir}/pg_ident.conf\")\n $postgresql_conf_path = pick($postgresql_conf_path, \"${confdir}/postgresql.conf\")\n $recovery_conf_path = pick($recovery_conf_path, \"${datadir}/recovery.conf\")\n $default_database = pick($default_database, 'postgres')\n}"}, {"name": "postgresql::repo", "file": "manifests/repo.pp", "line": 2, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "version"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "proxy"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "baseurl"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "commonurl"}]}, "defaults": {"version": "undef", "proxy": "undef", "baseurl": "undef", "commonurl": "undef"}, "source": "class postgresql::repo (\n $version = undef,\n $proxy = undef,\n $baseurl = undef,\n $commonurl = undef,\n) {\n case $facts['os']['family'] {\n 'RedHat', 'Linux': {\n if $version == undef {\n fail(\"The parameter 'version' for 'postgresql::repo' is undefined. You must always define it when osfamily == Redhat or Linux\")\n }\n class { 'postgresql::repo::yum_postgresql_org': }\n }\n\n 'Debian': {\n class { 'postgresql::repo::apt_postgresql_org': }\n }\n\n default: {\n fail(\"Unsupported managed repository for osfamily: ${facts['os']['family']}, operatingsystem: ${facts['os']['name']}, module ${module_name} currently only supports managing repos for osfamily RedHat and Debian\")\n }\n }\n}"}, {"name": "postgresql::repo::apt_postgresql_org", "file": "manifests/repo/apt_postgresql_org.pp", "line": 2, "inherits": "postgresql::repo", "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}]}, "source": "class postgresql::repo::apt_postgresql_org inherits postgresql::repo {\n include apt\n\n # Here we have tried to replicate the instructions on the PostgreSQL site:\n #\n # http://www.postgresql.org/download/linux/debian/\n #\n $default_baseurl = 'https://apt.postgresql.org/pub/repos/apt/'\n\n $_baseurl = pick($postgresql::repo::baseurl, $default_baseurl)\n\n apt::pin { 'apt_postgresql_org':\n originator => 'apt.postgresql.org',\n priority => 500,\n }\n -> apt::source { 'apt.postgresql.org':\n location => $_baseurl,\n release => \"${facts['os']['distro']['codename']}-pgdg\",\n repos => 'main',\n key => {\n id => 'B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8',\n source => 'https://www.postgresql.org/media/keys/ACCC4CF8.asc',\n },\n include => {\n src => false,\n },\n }\n\n Apt::Source['apt.postgresql.org']->Package<|tag == 'puppetlabs-postgresql'|>\n Class['Apt::Update'] -> Package<|tag == 'puppetlabs-postgresql'|>\n}"}, {"name": "postgresql::repo::yum_postgresql_org", "file": "manifests/repo/yum_postgresql_org.pp", "line": 2, "inherits": "postgresql::repo", "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}]}, "source": "class postgresql::repo::yum_postgresql_org inherits postgresql::repo {\n $version_parts = split($postgresql::repo::version, '[.]')\n $package_version = \"${version_parts[0]}${version_parts[1]}\"\n $gpg_key_path = \"/etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-${package_version}\"\n\n file { $gpg_key_path:\n content => file('postgresql/RPM-GPG-KEY-PGDG'),\n owner => 'root',\n group => 'root',\n mode => '0644',\n before => Yumrepo['yum.postgresql.org'],\n }\n\n if($facts['os']['name'] == 'Fedora') {\n $label1 = 'fedora'\n $label2 = $label1\n } else {\n $label1 = 'redhat'\n $label2 = 'rhel'\n }\n $default_baseurl = \"https://download.postgresql.org/pub/repos/yum/${postgresql::repo::version}/${label1}/${label2}-\\$releasever-\\$basearch\"\n $default_commonurl = \"https://download.postgresql.org/pub/repos/yum/common/${label1}/${label2}-\\$releasever-\\$basearch\"\n\n $_baseurl = pick($postgresql::repo::baseurl, $default_baseurl)\n $_commonurl = pick($postgresql::repo::commonurl, $default_commonurl)\n\n yumrepo { 'yum.postgresql.org':\n descr => \"PostgreSQL ${postgresql::repo::version} \\$releasever - \\$basearch\",\n baseurl => $_baseurl,\n enabled => 1,\n gpgcheck => 1,\n gpgkey => \"file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-${package_version}\",\n proxy => $postgresql::repo::proxy,\n }\n\n yumrepo { 'pgdg-common':\n descr => \"PostgreSQL common RPMs \\$releasever - \\$basearch\",\n baseurl => $_commonurl,\n enabled => 1,\n gpgcheck => 1,\n gpgkey => \"file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-${package_version}\",\n proxy => $postgresql::repo::proxy,\n }\n\n Yumrepo['yum.postgresql.org'] -> Package<|tag == 'puppetlabs-postgresql'|>\n}"}, {"name": "postgresql::server", "file": "manifests/server.pp", "line": 85, "inherits": "postgresql::params", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Sets the password for the postgres user to your specified value. By default, this setting uses the superuser account in the Postgres database, with a user called postgres and no password.", "types": ["Optional[Variant[String[1], Sensitive[String[1]], Integer]]"], "name": "postgres_password"}, {"tag_name": "param", "text": "Specifies the name of the package to use for installing the server software.", "types": ["Any"], "name": "package_name"}, {"tag_name": "param", "text": "Passes a value through to the package resource when creating the server instance.", "types": ["Any"], "name": "package_ensure"}, {"tag_name": "param", "text": "Sets the default package name for the PL/Perl extension.", "types": ["Any"], "name": "plperl_package_name"}, {"tag_name": "param", "text": "Sets the default package name for the PL/Python extension.", "types": ["Any"], "name": "plpython_package_name"}, {"tag_name": "param", "text": "Ensure service is installed", "types": ["Any"], "name": "service_ensure"}, {"tag_name": "param", "text": "Enable the PostgreSQL service", "types": ["Any"], "name": "service_enable"}, {"tag_name": "param", "text": "Defines whether or not Puppet should manage the service.", "types": ["Any"], "name": "service_manage"}, {"tag_name": "param", "text": "Overrides the default PostgreSQL service name.", "types": ["Any"], "name": "service_name"}, {"tag_name": "param", "text": "Overrides the default behavior to restart your PostgreSQL service when a config entry has been changed that requires a service restart to become active.", "types": ["Any"], "name": "service_restart_on_change"}, {"tag_name": "param", "text": "Overrides the default PostgreSQL service provider.", "types": ["Any"], "name": "service_provider"}, {"tag_name": "param", "text": "Overrides the default reload command for your PostgreSQL service.", "types": ["Any"], "name": "service_reload"}, {"tag_name": "param", "text": "Overrides the default status check command for your PostgreSQL service.", "types": ["Any"], "name": "service_status"}, {"tag_name": "param", "text": "Specifies the name of the default database to connect with. On most systems this is 'postgres'.", "types": ["Any"], "name": "default_database"}, {"tag_name": "param", "text": "Specifies a hash of environment variables used when connecting to a remote server. Becomes the default for other defined types, such as postgresql::server::role.", "types": ["Any"], "name": "default_connect_settings"}, {"tag_name": "param", "text": "Address list on which the PostgreSQL service will listen", "types": ["Any"], "name": "listen_addresses"}, {"tag_name": "param", "text": "Specifies the port for the PostgreSQL server to listen on. Note: The same port number is used for all IP addresses the server listens on. Also, for Red Hat systems and early Debian systems, changing the port causes the server to come to a full stop before being able to make the change.\nDefault value: 5432. Meaning the Postgres server listens on TCP port 5432.", "types": ["Any"], "name": "port"}, {"tag_name": "param", "text": "Specifies the IP mask from which remote connections should be denied for the postgres superuser.\nDefault value: '0.0.0.0/0', which denies any remote connection.", "types": ["Any"], "name": "ip_mask_deny_postgres_user"}, {"tag_name": "param", "text": "Overrides PostgreSQL defaults for remote connections. By default, PostgreSQL does not allow database user accounts to connect via TCP from remote machines. If you'd like to allow this, you can override this setting.\nSet to '0.0.0.0/0' to allow database users to connect from any remote machine, or '192.168.0.0/1' to allow connections from any machine on your local '192.168' subnet.\nDefault value: '127.0.0.1/32'.", "types": ["Any"], "name": "ip_mask_allow_all_users"}, {"tag_name": "param", "text": "Lists strings for access control for connection method, users, databases, IPv4 addresses;", "types": ["Array[String[1]]"], "name": "ipv4acls"}, {"tag_name": "param", "text": "Lists strings for access control for connection method, users, databases, IPv6 addresses.", "types": ["Array[String[1]]"], "name": "ipv6acls"}, {"tag_name": "param", "text": "Specifies the path to the initdb command.", "types": ["Any"], "name": "initdb_path"}, {"tag_name": "param", "text": "Deprecated. Specifies the path to the createdb command.", "types": ["Any"], "name": "createdb_path"}, {"tag_name": "param", "text": "Specifies the path to the psql command.", "types": ["Any"], "name": "psql_path"}, {"tag_name": "param", "text": "Specifies the path to your pg_hba.conf file.", "types": ["Any"], "name": "pg_hba_conf_path"}, {"tag_name": "param", "text": "Specifies the path to your pg_ident.conf file.", "types": ["Any"], "name": "pg_ident_conf_path"}, {"tag_name": "param", "text": "Specifies the path to your postgresql.conf file.", "types": ["Any"], "name": "postgresql_conf_path"}, {"tag_name": "param", "text": "Sets the mode of your postgresql.conf file. Only relevant if manage_postgresql_conf_perms is true.", "types": ["Optional[Stdlib::Filemode]"], "name": "postgresql_conf_mode"}, {"tag_name": "param", "text": "Specifies the path to your recovery.conf file.", "types": ["Any"], "name": "recovery_conf_path"}, {"tag_name": "param", "text": "PostgreSQL data directory", "types": ["Any"], "name": "datadir"}, {"tag_name": "param", "text": "PostgreSQL xlog directory", "types": ["Any"], "name": "xlogdir"}, {"tag_name": "param", "text": "PostgreSQL log directory", "types": ["Any"], "name": "logdir"}, {"tag_name": "param", "text": "PostgreSQL log line prefix", "types": ["Any"], "name": "log_line_prefix"}, {"tag_name": "param", "text": "If false, disables the defaults supplied with the module for pg_hba.conf. This is useful if you disagree with the defaults and wish to override them yourself. Be sure that your changes of course align with the rest of the module, as some access is required to perform basic psql operations for example.", "types": ["Any"], "name": "pg_hba_conf_defaults"}, {"tag_name": "param", "text": "Overrides the default PostgreSQL super user and owner of PostgreSQL related files in the file system.", "types": ["Any"], "name": "user"}, {"tag_name": "param", "text": "Overrides the default postgres user group to be used for related files in the file system.", "types": ["Any"], "name": "group"}, {"tag_name": "param", "text": "Explicitly calls the initdb operation after server package is installed, and before the PostgreSQL service is started.", "types": ["Any"], "name": "needs_initdb"}, {"tag_name": "param", "text": "Sets the default encoding for all databases created with this module. On certain operating systems this is also used during the template1 initialization, so it becomes a default outside of the module as well.", "types": ["Any"], "name": "encoding"}, {"tag_name": "param", "text": "Sets the default database locale for all databases created with this module. On certain operating systems this is used during the template1 initialization as well, so it becomes a default outside of the module.", "types": ["Any"], "name": "locale"}, {"tag_name": "param", "text": "Boolean. Use checksums on data pages to help detect corruption by the I/O system that would otherwise be silent.\nWarning: This option is used during initialization by initdb, and cannot be changed later. If set, checksums are calculated for all objects, in all databases.", "types": ["Any"], "name": "data_checksums"}, {"tag_name": "param", "text": "Set timezone for the PostgreSQL instance", "types": ["Any"], "name": "timezone"}, {"tag_name": "param", "text": "Boolean. Whether to manage the pg_hba.conf.", "types": ["Any"], "name": "manage_pg_hba_conf"}, {"tag_name": "param", "text": "Boolean. Overwrites the pg_ident.conf file.", "types": ["Any"], "name": "manage_pg_ident_conf"}, {"tag_name": "param", "text": "Boolean. Specifies whether or not manage the recovery.conf.", "types": ["Any"], "name": "manage_recovery_conf"}, {"tag_name": "param", "text": "Whether to manage the postgresql conf file permissions. This means owner,\ngroup and mode. Contents are not managed but should be managed through\npostgresql::server::config_entry.", "types": ["Boolean"], "name": "manage_postgresql_conf_perms"}, {"tag_name": "param", "text": "Working directory for the PostgreSQL module", "types": ["Any"], "name": "module_workdir"}, {"tag_name": "param", "text": "Set to false if you have file{ $datadir: } already defined", "types": ["Any"], "name": "manage_datadir"}, {"tag_name": "param", "text": "Set to false if you have file{ $logdir: } already defined", "types": ["Any"], "name": "manage_logdir"}, {"tag_name": "param", "text": "Set to false if you have file{ $xlogdir: } already defined", "types": ["Any"], "name": "manage_xlogdir"}, {"tag_name": "param", "text": "Specifies a hash from which to generate postgresql::server::role resources.", "types": ["Hash[String, Hash]"], "name": "roles"}, {"tag_name": "param", "text": "Specifies a hash from which to generate postgresql::server::config_entry resources.", "types": ["Hash[String, Any]"], "name": "config_entries"}, {"tag_name": "param", "text": "Specifies a hash from which to generate postgresql::server::pg_hba_rule resources.", "types": ["Hash[String, Hash]"], "name": "pg_hba_rules"}, {"tag_name": "param", "text": "Deprecated. Use postgresql::globals instead. Sets PostgreSQL version", "types": ["Any"], "name": "version"}, {"tag_name": "param", "text": "Adds extra config to systemd config file, can for instance be used to add extra openfiles. This can be a multi line string", "types": ["Any"], "name": "extra_systemd_config"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "manage_selinux"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "password_encryption"}, {"tag_name": "summary", "text": "This installs a PostgreSQL server"}]}, "defaults": {"postgres_password": "undef", "package_name": "$postgresql::params::server_package_name", "package_ensure": "$postgresql::params::package_ensure", "plperl_package_name": "$postgresql::params::plperl_package_name", "plpython_package_name": "$postgresql::params::plpython_package_name", "service_ensure": "$postgresql::params::service_ensure", "service_enable": "$postgresql::params::service_enable", "service_manage": "$postgresql::params::service_manage", "service_name": "$postgresql::params::service_name", "service_restart_on_change": "$postgresql::params::service_restart_on_change", "service_provider": "$postgresql::params::service_provider", "service_reload": "$postgresql::params::service_reload", "service_status": "$postgresql::params::service_status", "default_database": "$postgresql::params::default_database", "default_connect_settings": "$postgresql::globals::default_connect_settings", "listen_addresses": "$postgresql::params::listen_addresses", "port": "$postgresql::params::port", "ip_mask_deny_postgres_user": "$postgresql::params::ip_mask_deny_postgres_user", "ip_mask_allow_all_users": "$postgresql::params::ip_mask_allow_all_users", "ipv4acls": "$postgresql::params::ipv4acls", "ipv6acls": "$postgresql::params::ipv6acls", "initdb_path": "$postgresql::params::initdb_path", "createdb_path": "$postgresql::params::createdb_path", "psql_path": "$postgresql::params::psql_path", "pg_hba_conf_path": "$postgresql::params::pg_hba_conf_path", "pg_ident_conf_path": "$postgresql::params::pg_ident_conf_path", "postgresql_conf_path": "$postgresql::params::postgresql_conf_path", "postgresql_conf_mode": "$postgresql::params::postgresql_conf_mode", "recovery_conf_path": "$postgresql::params::recovery_conf_path", "datadir": "$postgresql::params::datadir", "xlogdir": "$postgresql::params::xlogdir", "logdir": "$postgresql::params::logdir", "log_line_prefix": "$postgresql::params::log_line_prefix", "pg_hba_conf_defaults": "$postgresql::params::pg_hba_conf_defaults", "user": "$postgresql::params::user", "group": "$postgresql::params::group", "needs_initdb": "$postgresql::params::needs_initdb", "encoding": "$postgresql::params::encoding", "locale": "$postgresql::params::locale", "data_checksums": "$postgresql::params::data_checksums", "timezone": "$postgresql::params::timezone", "manage_pg_hba_conf": "$postgresql::params::manage_pg_hba_conf", "manage_pg_ident_conf": "$postgresql::params::manage_pg_ident_conf", "manage_recovery_conf": "$postgresql::params::manage_recovery_conf", "manage_postgresql_conf_perms": "$postgresql::params::manage_postgresql_conf_perms", "manage_selinux": "$postgresql::params::manage_selinux", "module_workdir": "$postgresql::params::module_workdir", "manage_datadir": "$postgresql::params::manage_datadir", "manage_logdir": "$postgresql::params::manage_logdir", "manage_xlogdir": "$postgresql::params::manage_xlogdir", "password_encryption": "$postgresql::params::password_encryption", "extra_systemd_config": "$postgresql::params::extra_systemd_config", "roles": "{}", "config_entries": "{}", "pg_hba_rules": "{}", "version": "undef"}, "source": "class postgresql::server (\n Optional[Variant[String[1], Sensitive[String[1]], Integer]] $postgres_password = undef,\n\n $package_name = $postgresql::params::server_package_name,\n $package_ensure = $postgresql::params::package_ensure,\n\n $plperl_package_name = $postgresql::params::plperl_package_name,\n $plpython_package_name = $postgresql::params::plpython_package_name,\n\n $service_ensure = $postgresql::params::service_ensure,\n $service_enable = $postgresql::params::service_enable,\n $service_manage = $postgresql::params::service_manage,\n $service_name = $postgresql::params::service_name,\n $service_restart_on_change = $postgresql::params::service_restart_on_change,\n $service_provider = $postgresql::params::service_provider,\n $service_reload = $postgresql::params::service_reload,\n $service_status = $postgresql::params::service_status,\n $default_database = $postgresql::params::default_database,\n $default_connect_settings = $postgresql::globals::default_connect_settings,\n $listen_addresses = $postgresql::params::listen_addresses,\n $port = $postgresql::params::port,\n $ip_mask_deny_postgres_user = $postgresql::params::ip_mask_deny_postgres_user,\n $ip_mask_allow_all_users = $postgresql::params::ip_mask_allow_all_users,\n Array[String[1]] $ipv4acls = $postgresql::params::ipv4acls,\n Array[String[1]] $ipv6acls = $postgresql::params::ipv6acls,\n\n $initdb_path = $postgresql::params::initdb_path,\n $createdb_path = $postgresql::params::createdb_path,\n $psql_path = $postgresql::params::psql_path,\n $pg_hba_conf_path = $postgresql::params::pg_hba_conf_path,\n $pg_ident_conf_path = $postgresql::params::pg_ident_conf_path,\n $postgresql_conf_path = $postgresql::params::postgresql_conf_path,\n Optional[Stdlib::Filemode] $postgresql_conf_mode = $postgresql::params::postgresql_conf_mode,\n $recovery_conf_path = $postgresql::params::recovery_conf_path,\n\n $datadir = $postgresql::params::datadir,\n $xlogdir = $postgresql::params::xlogdir,\n $logdir = $postgresql::params::logdir,\n\n $log_line_prefix = $postgresql::params::log_line_prefix,\n\n $pg_hba_conf_defaults = $postgresql::params::pg_hba_conf_defaults,\n\n $user = $postgresql::params::user,\n $group = $postgresql::params::group,\n\n $needs_initdb = $postgresql::params::needs_initdb,\n\n $encoding = $postgresql::params::encoding,\n $locale = $postgresql::params::locale,\n $data_checksums = $postgresql::params::data_checksums,\n $timezone = $postgresql::params::timezone,\n\n $manage_pg_hba_conf = $postgresql::params::manage_pg_hba_conf,\n $manage_pg_ident_conf = $postgresql::params::manage_pg_ident_conf,\n $manage_recovery_conf = $postgresql::params::manage_recovery_conf,\n Boolean $manage_postgresql_conf_perms = $postgresql::params::manage_postgresql_conf_perms,\n Boolean $manage_selinux = $postgresql::params::manage_selinux,\n $module_workdir = $postgresql::params::module_workdir,\n\n $manage_datadir = $postgresql::params::manage_datadir,\n $manage_logdir = $postgresql::params::manage_logdir,\n $manage_xlogdir = $postgresql::params::manage_xlogdir,\n $password_encryption = $postgresql::params::password_encryption,\n $extra_systemd_config = $postgresql::params::extra_systemd_config,\n\n Hash[String, Hash] $roles = {},\n Hash[String, Any] $config_entries = {},\n Hash[String, Hash] $pg_hba_rules = {},\n\n #Deprecated\n $version = undef,\n) inherits postgresql::params {\n if $version != undef {\n warning('Passing \"version\" to postgresql::server is deprecated; please use postgresql::globals instead.')\n $_version = $version\n } else {\n $_version = $postgresql::params::version\n }\n\n if $createdb_path != undef {\n warning('Passing \"createdb_path\" to postgresql::server is deprecated, it can be removed safely for the same behaviour')\n }\n\n # Reload has its own ordering, specified by other defines\n class { 'postgresql::server::reload':\n require => Class['postgresql::server::install'],\n }\n\n contain postgresql::server::install\n contain postgresql::server::initdb\n contain postgresql::server::config\n contain postgresql::server::service\n contain postgresql::server::passwd\n\n Class['postgresql::server::install']\n -> Class['postgresql::server::initdb']\n -> Class['postgresql::server::config']\n -> Class['postgresql::server::service']\n -> Class['postgresql::server::passwd']\n\n $roles.each |$rolename, $role| {\n postgresql::server::role { $rolename:\n * => $role,\n }\n }\n\n $config_entries.each |$entry, $value| {\n postgresql::server::config_entry { $entry:\n ensure => bool2str($value =~ Undef, 'absent', 'present'),\n value => $value,\n }\n }\n\n $pg_hba_rules.each |$rule_name, $rule| {\n postgresql::server::pg_hba_rule { $rule_name:\n * => $rule,\n }\n }\n}"}, {"name": "postgresql::server::config", "file": "manifests/server/config.pp", "line": 2, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}]}, "source": "class postgresql::server::config {\n $ip_mask_deny_postgres_user = $postgresql::server::ip_mask_deny_postgres_user\n $ip_mask_allow_all_users = $postgresql::server::ip_mask_allow_all_users\n $listen_addresses = $postgresql::server::listen_addresses\n $port = $postgresql::server::port\n $ipv4acls = $postgresql::server::ipv4acls\n $ipv6acls = $postgresql::server::ipv6acls\n $pg_hba_conf_path = $postgresql::server::pg_hba_conf_path\n $pg_ident_conf_path = $postgresql::server::pg_ident_conf_path\n $postgresql_conf_path = $postgresql::server::postgresql_conf_path\n $postgresql_conf_mode = $postgresql::server::postgresql_conf_mode\n $recovery_conf_path = $postgresql::server::recovery_conf_path\n $pg_hba_conf_defaults = $postgresql::server::pg_hba_conf_defaults\n $user = $postgresql::server::user\n $group = $postgresql::server::group\n $version = $postgresql::server::_version\n $manage_pg_hba_conf = $postgresql::server::manage_pg_hba_conf\n $manage_pg_ident_conf = $postgresql::server::manage_pg_ident_conf\n $manage_recovery_conf = $postgresql::server::manage_recovery_conf\n $manage_postgresql_conf_perms = $postgresql::server::manage_postgresql_conf_perms\n $datadir = $postgresql::server::datadir\n $logdir = $postgresql::server::logdir\n $service_name = $postgresql::server::service_name\n $log_line_prefix = $postgresql::server::log_line_prefix\n $timezone = $postgresql::server::timezone\n $password_encryption = $postgresql::server::password_encryption\n $extra_systemd_config = $postgresql::server::extra_systemd_config\n\n if ($manage_pg_hba_conf == true) {\n # Prepare the main pg_hba file\n concat { $pg_hba_conf_path:\n owner => $user,\n group => $group,\n mode => '0640',\n warn => true,\n notify => Class['postgresql::server::reload'],\n }\n\n if $pg_hba_conf_defaults {\n Postgresql::Server::Pg_hba_rule {\n database => 'all',\n user => 'all',\n }\n\n # Lets setup the base rules\n $local_auth_option = $version ? {\n '8.1' => 'sameuser',\n default => undef,\n }\n\n postgresql::server::pg_hba_rule {\n 'local access as postgres user':\n type => 'local',\n user => $user,\n auth_method => 'ident',\n auth_option => $local_auth_option,\n order => 1,\n ;\n\n 'local access to database with same name':\n type => 'local',\n auth_method => 'ident',\n auth_option => $local_auth_option,\n order => 2,\n ;\n\n 'allow localhost TCP access to postgresql user':\n type => 'host',\n user => $user,\n address => '127.0.0.1/32',\n auth_method => 'md5',\n order => 3,\n ;\n\n 'deny access to postgresql user':\n type => 'host',\n user => $user,\n address => $ip_mask_deny_postgres_user,\n auth_method => 'reject',\n order => 4,\n ;\n\n 'allow access to all users':\n type => 'host',\n address => $ip_mask_allow_all_users,\n auth_method => 'md5',\n order => 100,\n ;\n\n 'allow access to ipv6 localhost':\n type => 'host',\n address => '::1/128',\n auth_method => 'md5',\n order => 101,\n ;\n }\n }\n\n # $ipv4acls and $ipv6acls are arrays of rule strings\n # They are converted into hashes we can iterate over to create postgresql::server::pg_hba_rule resources.\n (\n postgresql::postgresql_acls_to_resources_hash($ipv4acls, 'ipv4acls', 10) +\n postgresql::postgresql_acls_to_resources_hash($ipv6acls, 'ipv6acls', 102)\n ).each | String $key, Hash $attrs| {\n postgresql::server::pg_hba_rule { $key:\n * => $attrs,\n }\n }\n }\n\n if $manage_postgresql_conf_perms {\n file { $postgresql_conf_path:\n ensure => file,\n owner => $user,\n group => $group,\n mode => $postgresql_conf_mode,\n }\n }\n\n if $listen_addresses {\n postgresql::server::config_entry { 'listen_addresses':\n value => $listen_addresses,\n }\n }\n\n # ensure that SELinux has a proper label for the port defined\n if $postgresql::server::manage_selinux == true and $facts['os']['selinux']['enabled'] == true {\n case $facts['os']['family'] {\n 'RedHat', 'Linux': {\n if $facts['os']['name'] == 'Amazon' {\n $package_name = 'policycoreutils'\n }\n else {\n $package_name = $facts['os']['release']['major'] ? {\n '5' => 'policycoreutils',\n '6' => 'policycoreutils-python',\n '7' => 'policycoreutils-python',\n default => 'policycoreutils-python-utils',\n }\n }\n }\n default: {\n $package_name = 'policycoreutils'\n }\n }\n\n ensure_packages([$package_name])\n\n exec { \"/usr/sbin/semanage port -a -t postgresql_port_t -p tcp ${port}\":\n unless => \"/usr/sbin/semanage port -l | grep -qw ${port}\",\n before => Postgresql::Server::Config_entry['port'],\n require => Package[$package_name],\n }\n }\n\n postgresql::server::config_entry { 'port':\n value => $port,\n }\n\n if ($password_encryption) and (versioncmp($version, '10') >= 0) {\n postgresql::server::config_entry { 'password_encryption':\n value => $password_encryption,\n }\n }\n\n postgresql::server::config_entry { 'data_directory':\n value => $datadir,\n }\n if $timezone {\n postgresql::server::config_entry { 'timezone':\n value => $timezone,\n }\n }\n if $logdir {\n postgresql::server::config_entry { 'log_directory':\n value => $logdir,\n }\n }\n # Allow timestamps in log by default\n if $log_line_prefix {\n postgresql::server::config_entry { 'log_line_prefix':\n value => $log_line_prefix,\n }\n }\n\n # RedHat-based systems hardcode some PG* variables in the init script, and need to be overriden\n # in /etc/sysconfig/pgsql/postgresql. Create a blank file so we can manage it with augeas later.\n if ($facts['os']['family'] == 'RedHat') and ($facts['os']['release']['major'] !~ /^(7|8)$/) and ($facts['os']['name'] != 'Fedora') {\n file { '/etc/sysconfig/pgsql/postgresql':\n ensure => file,\n replace => false,\n }\n\n # The init script from the packages of the postgresql.org repository\n # sources an alternate sysconfig file.\n # I. e. /etc/sysconfig/pgsql/postgresql-9.3 for PostgreSQL 9.3\n # Link to the sysconfig file set by this puppet module\n file { \"/etc/sysconfig/pgsql/postgresql-${version}\":\n ensure => link,\n target => '/etc/sysconfig/pgsql/postgresql',\n require => File['/etc/sysconfig/pgsql/postgresql'],\n }\n }\n\n if ($manage_pg_ident_conf == true) {\n concat { $pg_ident_conf_path:\n owner => $user,\n group => $group,\n mode => '0640',\n warn => true,\n notify => Class['postgresql::server::reload'],\n }\n }\n\n # RHEL 7 and 8 both support drop-in files for systemd units. The old include directive is deprecated and may be removed in future systemd releases.\n # Gentoo also supports drop-in files.\n if $facts['os']['family'] in ['RedHat', 'Gentoo'] and $facts['service_provider'] == 'systemd' {\n # While Puppet 6.1 and newer can do a daemon-reload if needed, systemd\n # doesn't appear to report that correctly in all cases.\n # One such case seems to be when an overriding unit file is removed from /etc\n # and the original one from /lib *should* be used again.\n #\n # This can be removed when Puppet < 6.1 support is dropped *and* the file\n # old-systemd-override is removed.\n exec { 'restart-systemd':\n command => 'systemctl daemon-reload',\n refreshonly => true,\n path => '/bin:/usr/bin:/usr/local/bin',\n before => Class['postgresql::server::service'],\n }\n\n file {\n default:\n ensure => file,\n owner => root,\n group => root,\n notify => [Exec['restart-systemd'], Class['postgresql::server::service']],\n before => Class['postgresql::server::reload'],\n ;\n\n 'systemd-conf-dir':\n ensure => directory,\n path => \"/etc/systemd/system/${service_name}.service.d\",\n ;\n\n # Template uses:\n # - $facts['os']['name']\n # - $facts['os']['release']['major']\n # - $service_name\n # - $port\n # - $datadir\n # - $extra_systemd_config\n 'systemd-override':\n path => \"/etc/systemd/system/${service_name}.service.d/${service_name}.conf\",\n content => template('postgresql/systemd-override.erb'),\n require => File['systemd-conf-dir'],\n ;\n\n # Remove old unit file to avoid conflicts\n 'old-systemd-override':\n ensure => absent,\n path => \"/etc/systemd/system/${service_name}.service\",\n ;\n }\n }\n}"}, {"name": "postgresql::server::contrib", "file": "manifests/server/contrib.pp", "line": 7, "inherits": "postgresql::params", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The name of the PostgreSQL contrib package.", "types": ["String"], "name": "package_name"}, {"tag_name": "param", "text": "Ensure the contrib package is installed.", "types": ["String[1]"], "name": "package_ensure"}, {"tag_name": "summary", "text": "Install the contrib postgresql packaging."}]}, "defaults": {"package_name": "$postgresql::params::contrib_package_name", "package_ensure": "'present'"}, "source": "class postgresql::server::contrib (\n String $package_name = $postgresql::params::contrib_package_name,\n String[1] $package_ensure = 'present'\n) inherits postgresql::params {\n if $facts['os']['family'] == 'Gentoo' {\n fail('osfamily Gentoo does not have a separate \"contrib\" package, postgresql::server::contrib is not supported.')\n }\n\n package { 'postgresql-contrib':\n ensure => $package_ensure,\n name => $package_name,\n tag => 'puppetlabs-postgresql',\n }\n\n anchor { 'postgresql::server::contrib::start': }\n -> Class['postgresql::server::install']\n -> Package['postgresql-contrib']\n -> Class['postgresql::server::service']\n anchor { 'postgresql::server::contrib::end': }\n}"}, {"name": "postgresql::server::initdb", "file": "manifests/server/initdb.pp", "line": 2, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}]}, "source": "class postgresql::server::initdb {\n $needs_initdb = $postgresql::server::needs_initdb\n $initdb_path = $postgresql::server::initdb_path\n $datadir = $postgresql::server::datadir\n $xlogdir = $postgresql::server::xlogdir\n $logdir = $postgresql::server::logdir\n $manage_datadir = $postgresql::server::manage_datadir\n $manage_logdir = $postgresql::server::manage_logdir\n $manage_xlogdir = $postgresql::server::manage_xlogdir\n $encoding = $postgresql::server::encoding\n $locale = $postgresql::server::locale\n $data_checksums = $postgresql::server::data_checksums\n $group = $postgresql::server::group\n $user = $postgresql::server::user\n $module_workdir = $postgresql::server::module_workdir\n\n if $facts['os']['family'] == 'RedHat' and $facts['os']['selinux']['enabled'] == true {\n $seltype = 'postgresql_db_t'\n $logdir_type = 'postgresql_log_t'\n }\n\n else {\n $seltype = undef\n $logdir_type = undef\n }\n\n if($manage_datadir) {\n # Make sure the data directory exists, and has the correct permissions.\n file { $datadir:\n ensure => directory,\n owner => $user,\n group => $group,\n mode => '0700',\n seltype => $seltype,\n }\n } else {\n # changes an already defined datadir\n File <| title == $datadir |> {\n ensure => directory,\n owner => $user,\n group => $group,\n mode => '0700',\n seltype => $seltype,\n }\n }\n\n if($xlogdir) {\n if($manage_xlogdir) {\n # Make sure the xlog directory exists, and has the correct permissions.\n file { $xlogdir:\n ensure => directory,\n owner => $user,\n group => $group,\n mode => '0700',\n seltype => $seltype,\n }\n } else {\n # changes an already defined xlogdir\n File <| title == $xlogdir |> {\n ensure => directory,\n owner => $user,\n group => $group,\n mode => '0700',\n seltype => $seltype,\n }\n }\n }\n\n if($logdir) {\n if($manage_logdir) {\n # Make sure the log directory exists, and has the correct permissions.\n file { $logdir:\n ensure => directory,\n owner => $user,\n group => $group,\n seltype => $logdir_type,\n }\n } else {\n # changes an already defined logdir\n File <| title == $logdir |> {\n ensure => directory,\n owner => $user,\n group => $group,\n seltype => $logdir_type,\n }\n }\n }\n\n if($needs_initdb) {\n # Build up the initdb command.\n #\n # We optionally add the locale switch if specified. Older versions of the\n # initdb command don't accept this switch. So if the user didn't pass the\n # parameter, lets not pass the switch at all.\n $ic_base = \"${initdb_path} --pgdata '${datadir}'\"\n $ic_xlog = $xlogdir ? {\n undef => $ic_base,\n default => \"${ic_base} -X '${xlogdir}'\"\n }\n\n # The xlogdir need to be present before initdb runs.\n # If xlogdir is default it's created by package installer\n if($xlogdir) {\n $require_before_initdb = [$datadir, $xlogdir]\n } else {\n $require_before_initdb = [$datadir]\n }\n\n # PostgreSQL 11 no longer allows empty encoding\n $ic_encoding = $encoding ? {\n undef => $ic_xlog,\n default => \"${ic_xlog} --encoding '${encoding}'\"\n }\n\n $ic_locale = $locale ? {\n undef => $ic_encoding,\n default => \"${ic_encoding} --locale '${locale}'\"\n }\n\n $initdb_command = $data_checksums ? {\n undef => $ic_locale,\n false => $ic_locale,\n default => \"${ic_locale} --data-checksums\"\n }\n\n # This runs the initdb command, we use the existance of the PG_VERSION\n # file to ensure we don't keep running this command.\n exec { 'postgresql_initdb':\n command => $initdb_command,\n creates => \"${datadir}/PG_VERSION\",\n user => $user,\n group => $group,\n logoutput => on_failure,\n require => File[$require_before_initdb],\n cwd => $module_workdir,\n }\n } elsif $encoding != undef {\n include postgresql::server::late_initdb\n }\n}"}, {"name": "postgresql::server::install", "file": "manifests/server/install.pp", "line": 2, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}]}, "source": "class postgresql::server::install {\n $package_ensure = $postgresql::server::package_ensure\n $package_name = $postgresql::server::package_name\n\n $_package_ensure = $package_ensure ? {\n true => 'present',\n false => 'purged',\n 'absent' => 'purged',\n default => $package_ensure,\n }\n\n package { 'postgresql-server':\n ensure => $_package_ensure,\n name => $package_name,\n\n # This is searched for to create relationships with the package repos, be\n # careful about its removal\n tag => 'puppetlabs-postgresql',\n }\n}"}, {"name": "postgresql::server::late_initdb", "file": "manifests/server/late_initdb.pp", "line": 4, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "summary", "text": "Manage the default encoding when database initialization is managed by the package"}]}, "source": "class postgresql::server::late_initdb {\n assert_private()\n\n $encoding = $postgresql::server::encoding\n $user = $postgresql::server::user\n $group = $postgresql::server::group\n $psql_path = $postgresql::server::psql_path\n $port = $postgresql::server::port\n $module_workdir = $postgresql::server::module_workdir\n\n # Set the defaults for the postgresql_psql resource\n Postgresql_psql {\n psql_user => $user,\n psql_group => $group,\n psql_path => $psql_path,\n port => $port,\n cwd => $module_workdir,\n }\n\n # [workaround]\n # by default pg_createcluster encoding derived from locale\n # but it do does not work by installing postgresql via puppet because puppet\n # always override LANG to 'C'\n postgresql_psql { \"Set template1 encoding to ${encoding}\":\n command => \"UPDATE pg_database\n SET datistemplate = FALSE\n WHERE datname = 'template1'\n ;\n UPDATE pg_database\n SET encoding = pg_char_to_encoding('${encoding}'), datistemplate = TRUE\n WHERE datname = 'template1'\",\n unless => \"SELECT datname FROM pg_database WHERE\n datname = 'template1' AND encoding = pg_char_to_encoding('${encoding}')\",\n before => Anchor['postgresql::server::service::end']\n }\n}"}, {"name": "postgresql::server::passwd", "file": "manifests/server/passwd.pp", "line": 2, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}]}, "source": "class postgresql::server::passwd {\n $postgres_password = if $postgresql::server::postgres_password =~ Sensitive {\n $postgresql::server::postgres_password.unwrap\n } else {\n $postgresql::server::postgres_password\n }\n\n $user = $postgresql::server::user\n $group = $postgresql::server::group\n $psql_path = $postgresql::server::psql_path\n $port = $postgresql::server::port\n $database = $postgresql::server::default_database\n $module_workdir = $postgresql::server::module_workdir\n\n # psql will default to connecting as $user if you don't specify name\n $_datbase_user_same = $database == $user\n $_dboption = $_datbase_user_same ? {\n false => \" --dbname ${database}\",\n default => ''\n }\n\n if $postgres_password {\n # NOTE: this password-setting logic relies on the pg_hba.conf being\n # configured to allow the postgres system user to connect via psql\n # without specifying a password ('ident' or 'trust' security). This is\n # the default for pg_hba.conf.\n $escaped = postgresql::postgresql_escape($postgres_password)\n exec { 'set_postgres_postgrespw':\n # This command works w/no password because we run it as postgres system\n # user\n command => \"${psql_path}${_dboption} -c \\\"ALTER ROLE \\\\\\\"${user}\\\\\\\" PASSWORD \\${NEWPASSWD_ESCAPED}\\\"\",\n user => $user,\n group => $group,\n logoutput => true,\n cwd => $module_workdir,\n environment => [\n \"PGPASSWORD=${postgres_password}\",\n \"PGPORT=${port}\",\n \"NEWPASSWD_ESCAPED=${escaped}\",\n ],\n # With this command we're passing -h to force TCP authentication, which\n # does require a password. We specify the password via the PGPASSWORD\n # environment variable. If the password is correct (current), this\n # command will exit with an exit code of 0, which will prevent the main\n # command from running.\n unless => \"${psql_path} -h localhost -p ${port} -c 'select 1' > /dev/null\",\n path => '/usr/bin:/usr/local/bin:/bin',\n }\n }\n}"}, {"name": "postgresql::server::plperl", "file": "manifests/server/plperl.pp", "line": 5, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The ensure parameter passed on to PostgreSQL PL/Perl package resource.", "types": ["Any"], "name": "package_ensure"}, {"tag_name": "param", "text": "The name of the PostgreSQL PL/Perl package.", "types": ["Any"], "name": "package_name"}, {"tag_name": "summary", "text": "This class installs the PL/Perl procedural language for postgresql."}]}, "defaults": {"package_ensure": "'present'", "package_name": "$postgresql::server::plperl_package_name"}, "source": "class postgresql::server::plperl (\n $package_ensure = 'present',\n $package_name = $postgresql::server::plperl_package_name\n) {\n package { 'postgresql-plperl':\n ensure => $package_ensure,\n name => $package_name,\n tag => 'puppetlabs-postgresql',\n }\n\n anchor { 'postgresql::server::plperl::start': }\n -> Class['postgresql::server::install']\n -> Package['postgresql-plperl']\n -> Class['postgresql::server::service']\n anchor { 'postgresql::server::plperl::end': }\n}"}, {"name": "postgresql::server::plpython", "file": "manifests/server/plpython.pp", "line": 7, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Specifies whether the package is present.", "types": ["Any"], "name": "package_ensure"}, {"tag_name": "param", "text": "Specifies the name of the postgresql PL/Python package.", "types": ["Any"], "name": "package_name"}, {"tag_name": "summary", "text": "This class installs the PL/Python procedural language for postgresql."}]}, "defaults": {"package_ensure": "'present'", "package_name": "$postgresql::server::plpython_package_name"}, "source": "class postgresql::server::plpython (\n $package_ensure = 'present',\n $package_name = $postgresql::server::plpython_package_name,\n) {\n package { 'postgresql-plpython':\n ensure => $package_ensure,\n name => $package_name,\n tag => 'puppetlabs-postgresql',\n }\n\n anchor { 'postgresql::server::plpython::start': }\n -> Class['postgresql::server::install']\n -> Package['postgresql-plpython']\n -> Class['postgresql::server::service']\n -> anchor { 'postgresql::server::plpython::end': }\n}"}, {"name": "postgresql::server::postgis", "file": "manifests/server/postgis.pp", "line": 5, "inherits": "postgresql::params", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Sets the package name.", "types": ["String"], "name": "package_name"}, {"tag_name": "param", "text": "Specifies if the package is present or not.", "types": ["String[1]"], "name": "package_ensure"}, {"tag_name": "summary", "text": "Install the postgis postgresql packaging."}]}, "defaults": {"package_name": "$postgresql::params::postgis_package_name", "package_ensure": "'present'"}, "source": "class postgresql::server::postgis (\n String $package_name = $postgresql::params::postgis_package_name,\n String[1] $package_ensure = 'present'\n) inherits postgresql::params {\n package { 'postgresql-postgis':\n ensure => $package_ensure,\n name => $package_name,\n tag => 'puppetlabs-postgresql',\n }\n\n anchor { 'postgresql::server::postgis::start': }\n -> Class['postgresql::server::install']\n -> Package['postgresql-postgis']\n -> Class['postgresql::server::service']\n -> anchor { 'postgresql::server::postgis::end': }\n\n if $postgresql::globals::manage_package_repo {\n Class['postgresql::repo']\n -> Package['postgresql-postgis']\n }\n}"}, {"name": "postgresql::server::reload", "file": "manifests/server/reload.pp", "line": 2, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}]}, "source": "class postgresql::server::reload {\n $service_name = $postgresql::server::service_name\n $service_status = $postgresql::server::service_status\n $service_reload = $postgresql::server::service_reload\n\n exec { 'postgresql_reload':\n path => '/usr/bin:/usr/sbin:/bin:/sbin',\n command => $service_reload,\n onlyif => $service_status,\n refreshonly => true,\n require => Class['postgresql::server::service'],\n }\n}"}, {"name": "postgresql::server::service", "file": "manifests/server/service.pp", "line": 2, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}]}, "source": "class postgresql::server::service {\n $service_ensure = $postgresql::server::service_ensure\n $service_enable = $postgresql::server::service_enable\n $service_manage = $postgresql::server::service_manage\n $service_name = $postgresql::server::service_name\n $service_provider = $postgresql::server::service_provider\n $service_status = $postgresql::server::service_status\n $user = $postgresql::server::user\n $port = $postgresql::server::port\n $default_database = $postgresql::server::default_database\n $psql_path = $postgresql::server::psql_path\n $connect_settings = $postgresql::server::default_connect_settings\n\n anchor { 'postgresql::server::service::begin': }\n\n if $service_manage {\n service { 'postgresqld':\n ensure => $service_ensure,\n enable => $service_enable,\n name => $service_name,\n provider => $service_provider,\n hasstatus => true,\n status => $service_status,\n }\n\n if $service_ensure in ['running', true] {\n # This blocks the class before continuing if chained correctly, making\n # sure the service really is 'up' before continuing.\n #\n # Without it, we may continue doing more work before the database is\n # prepared leading to a nasty race condition.\n postgresql_conn_validator { 'validate_service_is_running':\n run_as => $user,\n db_name => $default_database,\n port => $port,\n connect_settings => $connect_settings,\n sleep => 1,\n tries => 60,\n psql_path => $psql_path,\n require => Service['postgresqld'],\n before => Anchor['postgresql::server::service::end'],\n }\n Postgresql::Server::Database <| title == $default_database |> -> Postgresql_conn_validator['validate_service_is_running']\n }\n }\n\n anchor { 'postgresql::server::service::end': }\n}"}, {"name": "firewall", "file": "manifests/init.pp", "line": 33, "inherits": "::firewall::params", "docstring": {"text": "Performs the basic setup tasks required for using the firewall resources.\n\nAt the moment this takes care of:\n\niptables-persistent package installation\nInclude the firewall class for nodes that need to use the resources in this module:", "tags": [{"tag_name": "example", "text": "class { 'firewall': }", "name": ""}, {"tag_name": "param", "text": "Controls the state of the ipv4 iptables service on your system. Valid options: 'running' or 'stopped'.", "types": ["Any"], "name": "ensure"}, {"tag_name": "param", "text": "Controls the state of the ipv6 iptables service on your system. Valid options: 'running' or 'stopped'.", "types": ["Any"], "name": "ensure_v6"}, {"tag_name": "param", "text": "Controls the state of the iptables package on your system. Valid options: 'present' or 'latest'.", "types": ["Any"], "name": "pkg_ensure"}, {"tag_name": "param", "text": "Specify the name of the IPv4 iptables service.", "types": ["Any"], "name": "service_name"}, {"tag_name": "param", "text": "Specify the name of the IPv6 iptables service.", "types": ["Any"], "name": "service_name_v6"}, {"tag_name": "param", "text": "Specify the platform-specific package(s) to install.", "types": ["Any"], "name": "package_name"}, {"tag_name": "param", "text": "Controls whether puppet manages the ebtables package or not. If managed, the package will use the value of pkg_ensure.", "types": ["Any"], "name": "ebtables_manage"}, {"tag_name": "summary", "text": ""}]}, "defaults": {"ensure": "running", "ensure_v6": "undef", "pkg_ensure": "present", "service_name": "$firewall::params::service_name", "service_name_v6": "$firewall::params::service_name_v6", "package_name": "$firewall::params::package_name", "ebtables_manage": "false"}, "source": "class firewall (\n $ensure = running,\n $ensure_v6 = undef,\n $pkg_ensure = present,\n $service_name = $firewall::params::service_name,\n $service_name_v6 = $firewall::params::service_name_v6,\n $package_name = $firewall::params::package_name,\n $ebtables_manage = false,\n) inherits ::firewall::params {\n $_ensure_v6 = pick($ensure_v6, $ensure)\n\n case $ensure {\n /^(running|stopped)$/: {\n # Do nothing.\n }\n default: {\n fail(\"${title}: Ensure value '${ensure}' is not supported\")\n }\n }\n\n if $ensure_v6 {\n case $ensure_v6 {\n /^(running|stopped)$/: {\n # Do nothing.\n }\n default: {\n fail(\"${title}: ensure_v6 value '${ensure_v6}' is not supported\")\n }\n }\n }\n\n case $::kernel {\n 'Linux': {\n class { \"${title}::linux\":\n ensure => $ensure,\n ensure_v6 => $_ensure_v6,\n pkg_ensure => $pkg_ensure,\n service_name => $service_name,\n service_name_v6 => $service_name_v6,\n package_name => $package_name,\n ebtables_manage => $ebtables_manage,\n }\n contain \"${title}::linux\"\n }\n 'FreeBSD', 'windows': {\n }\n default: {\n fail(\"${title}: Kernel '${::kernel}' is not currently supported\")\n }\n }\n}"}, {"name": "firewall::linux", "file": "manifests/linux.pp", "line": 26, "inherits": "::firewall::params", "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "param", "text": "Controls the state of the ipv4 iptables service on your system. Valid options: 'running' or 'stopped'. Defaults to 'running'.", "types": ["Any"], "name": "ensure"}, {"tag_name": "param", "text": "Controls the state of the ipv6 iptables service on your system. Valid options: 'running' or 'stopped'. Defaults to 'running'.", "types": ["Any"], "name": "ensure_v6"}, {"tag_name": "param", "text": "Controls the state of the iptables package on your system. Valid options: 'installed' or 'latest'. Defaults to 'latest'.", "types": ["Any"], "name": "pkg_ensure"}, {"tag_name": "param", "text": "Specify the name of the IPv4 iptables service. Defaults defined in firewall::params.", "types": ["Any"], "name": "service_name"}, {"tag_name": "param", "text": "Specify the name of the IPv6 iptables service. Defaults defined in firewall::params.", "types": ["Any"], "name": "service_name_v6"}, {"tag_name": "param", "text": "Specify the platform-specific package(s) to install. Defaults defined in firewall::params.", "types": ["Any"], "name": "package_name"}, {"tag_name": "param", "text": "Controls whether puppet manages the ebtables package or not. If managed, the package will use the value of pkg_ensure.", "types": ["Any"], "name": "ebtables_manage"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "iptables_name"}, {"tag_name": "summary", "text": "Main linux class, includes all other classes"}]}, "defaults": {"ensure": "running", "ensure_v6": "undef", "pkg_ensure": "installed", "service_name": "$firewall::params::service_name", "service_name_v6": "$firewall::params::service_name_v6", "package_name": "$firewall::params::package_name", "ebtables_manage": "false", "iptables_name": "$firewall::params::iptables_name"}, "source": "class firewall::linux (\n $ensure = running,\n $ensure_v6 = undef,\n $pkg_ensure = installed,\n $service_name = $firewall::params::service_name,\n $service_name_v6 = $firewall::params::service_name_v6,\n $package_name = $firewall::params::package_name,\n $ebtables_manage = false,\n $iptables_name = $firewall::params::iptables_name,\n) inherits ::firewall::params {\n $enable = $ensure ? {\n 'running' => true,\n 'stopped' => false,\n }\n\n $_ensure_v6 = pick($ensure_v6, $ensure)\n\n $_enable_v6 = $_ensure_v6 ? {\n 'running' => true,\n 'stopped' => false,\n }\n\n package { 'iptables':\n name => $iptables_name,\n ensure => $pkg_ensure,\n }\n\n if $ebtables_manage {\n package { 'ebtables':\n ensure => $pkg_ensure,\n }\n }\n\n case $::operatingsystem {\n 'RedHat', 'CentOS', 'Fedora', 'Scientific', 'SL', 'SLC', 'Ascendos',\n 'CloudLinux', 'PSBM', 'OracleLinux', 'OVS', 'OEL', 'Amazon', 'XenServer',\n 'VirtuozzoLinux', 'Rocky', 'AlmaLinux': {\n class { \"${title}::redhat\":\n ensure => $ensure,\n ensure_v6 => $_ensure_v6,\n enable => $enable,\n enable_v6 => $_enable_v6,\n package_name => $package_name,\n service_name => $service_name,\n service_name_v6 => $service_name_v6,\n require => Package['iptables'],\n }\n }\n 'Debian', 'Ubuntu': {\n class { \"${title}::debian\":\n ensure => $ensure,\n enable => $enable,\n package_name => $package_name,\n service_name => $service_name,\n require => Package['iptables'],\n }\n }\n 'Archlinux': {\n class { \"${title}::archlinux\":\n ensure => $ensure,\n enable => $enable,\n package_name => $package_name,\n service_name => $service_name,\n require => Package['iptables'],\n }\n }\n 'Gentoo': {\n class { \"${title}::gentoo\":\n ensure => $ensure,\n enable => $enable,\n package_name => $package_name,\n service_name => $service_name,\n require => Package['iptables'],\n }\n }\n default: {}\n }\n}"}, {"name": "firewall::linux::archlinux", "file": "manifests/linux/archlinux.pp", "line": 21, "inherits": "::firewall::params", "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "param", "text": "Ensure parameter passed onto Service[] resources. Valid options: 'running' or 'stopped'. Defaults to 'running'.", "types": ["Any"], "name": "ensure"}, {"tag_name": "param", "text": "Enable parameter passed onto Service[] resources. Defaults to 'true'.", "types": ["Any"], "name": "enable"}, {"tag_name": "param", "text": "Specify the name of the IPv4 iptables service. Defaults defined in firewall::params.", "types": ["Any"], "name": "service_name"}, {"tag_name": "param", "text": "Specify the platform-specific package(s) to install. Defaults defined in firewall::params.", "types": ["Any"], "name": "package_name"}, {"tag_name": "param", "text": "Controls the state of the iptables package on your system. Valid options: 'present' or 'latest'. Defaults to 'latest'.", "types": ["Any"], "name": "package_ensure"}, {"tag_name": "summary", "text": "Manages `iptables` and `ip6tables` services, and creates files used for persistence, on Arch Linux systems."}]}, "defaults": {"ensure": "'running'", "enable": "true", "service_name": "$firewall::params::service_name", "package_name": "$firewall::params::package_name", "package_ensure": "$firewall::params::package_ensure"}, "source": "class firewall::linux::archlinux (\n $ensure = 'running',\n $enable = true,\n $service_name = $firewall::params::service_name,\n $package_name = $firewall::params::package_name,\n $package_ensure = $firewall::params::package_ensure,\n) inherits ::firewall::params {\n if $package_name {\n package { $package_name:\n ensure => $package_ensure,\n }\n }\n\n service { $service_name:\n ensure => $ensure,\n enable => $enable,\n hasstatus => true,\n }\n\n file { '/etc/iptables/iptables.rules':\n ensure => file,\n before => Service[$service_name],\n }\n\n file { '/etc/iptables/ip6tables.rules':\n ensure => file,\n before => Service[$service_name],\n }\n}"}, {"name": "firewall::linux::debian", "file": "manifests/linux/debian.pp", "line": 21, "inherits": "::firewall::params", "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "param", "text": "Ensure parameter passed onto Service[] resources. Valid options: 'running' or 'stopped'. Defaults to 'running'.", "types": ["Any"], "name": "ensure"}, {"tag_name": "param", "text": "Enable parameter passed onto Service[] resources. Defaults to 'true'.", "types": ["Any"], "name": "enable"}, {"tag_name": "param", "text": "Specify the name of the IPv4 iptables service. Defaults defined in firewall::params.", "types": ["Any"], "name": "service_name"}, {"tag_name": "param", "text": "Specify the platform-specific package(s) to install. Defaults defined in firewall::params.", "types": ["Any"], "name": "package_name"}, {"tag_name": "param", "text": "Controls the state of the iptables package on your system. Valid options: 'present' or 'latest'. Defaults to 'latest'.", "types": ["Any"], "name": "package_ensure"}, {"tag_name": "summary", "text": "Installs the `iptables-persistent` package for Debian-alike systems. This allows rules to be stored to file and restored on boot."}]}, "defaults": {"ensure": "running", "enable": "true", "service_name": "$firewall::params::service_name", "package_name": "$firewall::params::package_name", "package_ensure": "$firewall::params::package_ensure"}, "source": "class firewall::linux::debian (\n $ensure = running,\n $enable = true,\n $service_name = $firewall::params::service_name,\n $package_name = $firewall::params::package_name,\n $package_ensure = $firewall::params::package_ensure,\n) inherits ::firewall::params {\n if $package_name {\n #Fixes hang while installing iptables-persistent on debian 8\n exec { 'iptables-persistent-debconf':\n command => \"/bin/echo \\\"${package_name} ${package_name}/autosave_v4 boolean false\\\" |\n /usr/bin/debconf-set-selections && /bin/echo \\\"${package_name} ${package_name}/autosave_v6 boolean false\\\" |\n /usr/bin/debconf-set-selections\",\n\n refreshonly => true,\n }\n ensure_packages([$package_name],{\n ensure => $package_ensure,\n require => Exec['iptables-persistent-debconf']\n })\n }\n\n if($::operatingsystemrelease =~ /^6\\./ and $enable == true and $::iptables_persistent_version\n and versioncmp($::iptables_persistent_version, '0.5.0') < 0) {\n # This fixes a bug in the iptables-persistent LSB headers in 6.x, without it\n # we lose idempotency\n exec { 'iptables-persistent-enable':\n logoutput => on_failure,\n command => '/usr/sbin/update-rc.d iptables-persistent enable',\n unless => '/usr/bin/test -f /etc/rcS.d/S*iptables-persistent',\n require => Package[$package_name],\n }\n } else {\n # This isn't a real service/daemon. The start action loads rules, so just\n # needs to be called on system boot.\n service { $service_name:\n ensure => undef,\n enable => $enable,\n hasstatus => true,\n require => Package[$package_name],\n }\n }\n}"}, {"name": "firewall::linux::gentoo", "file": "manifests/linux/gentoo.pp", "line": 21, "inherits": "::firewall::params", "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "param", "text": "Ensure parameter passed onto Service[] resources. Valid options: 'running' or 'stopped'. Defaults to 'running'.", "types": ["Any"], "name": "ensure"}, {"tag_name": "param", "text": "Enable parameter passed onto Service[] resources. Defaults to 'true'.", "types": ["Any"], "name": "enable"}, {"tag_name": "param", "text": "Specify the name of the IPv4 iptables service. Defaults defined in firewall::params.", "types": ["Any"], "name": "service_name"}, {"tag_name": "param", "text": "Specify the platform-specific package(s) to install. Defaults defined in firewall::params.", "types": ["Any"], "name": "package_name"}, {"tag_name": "param", "text": "Controls the state of the iptables package on your system. Valid options: 'present' or 'latest'. Defaults to 'latest'.", "types": ["Any"], "name": "package_ensure"}, {"tag_name": "summary", "text": "Manages `iptables` and `ip6tables` services, and creates files used for persistence, on Gentoo Linux systems."}]}, "defaults": {"ensure": "'running'", "enable": "true", "service_name": "$firewall::params::service_name", "package_name": "$firewall::params::package_name", "package_ensure": "$firewall::params::package_ensure"}, "source": "class firewall::linux::gentoo (\n $ensure = 'running',\n $enable = true,\n $service_name = $firewall::params::service_name,\n $package_name = $firewall::params::package_name,\n $package_ensure = $firewall::params::package_ensure,\n) inherits ::firewall::params {\n if $package_name {\n package { $package_name:\n ensure => $package_ensure,\n }\n }\n\n service { $service_name:\n ensure => $ensure,\n enable => $enable,\n hasstatus => true,\n }\n\n file { '/var/lib/iptables/rules-save':\n ensure => file,\n before => Service[$service_name],\n }\n\n file { '/var/lib/iptables/rules-save6':\n ensure => file,\n before => Service[$service_name],\n }\n}"}, {"name": "firewall::linux::redhat", "file": "manifests/linux/redhat.pp", "line": 34, "inherits": "::firewall::params", "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "param", "text": "Ensure parameter passed onto Service[] resources. Valid options: 'running' or 'stopped'. Defaults to 'running'.", "types": ["Any"], "name": "ensure"}, {"tag_name": "param", "text": "Ensure parameter passed onto Service[] resources. Valid options: 'running' or 'stopped'. Defaults to 'undef'.", "types": ["Any"], "name": "ensure_v6"}, {"tag_name": "param", "text": "Enable parameter passed onto Service[] resources. Defaults to 'true'.", "types": ["Any"], "name": "enable"}, {"tag_name": "param", "text": "Enable parameter passed onto Service[] resources. Defaults to 'undef'.", "types": ["Any"], "name": "enable_v6"}, {"tag_name": "param", "text": "Specify the name of the IPv4 iptables service. Defaults defined in firewall::params.", "types": ["Any"], "name": "service_name"}, {"tag_name": "param", "text": "Specify the name of the IPv4 iptables service. Defaults defined in firewall::params.", "types": ["Any"], "name": "service_name_v6"}, {"tag_name": "param", "text": "Specify the platform-specific package(s) to install. Defaults defined in firewall::params.", "types": ["Any"], "name": "package_name"}, {"tag_name": "param", "text": "Controls the state of the iptables package on your system. Valid options: 'present' or 'latest'. Defaults to 'latest'.", "types": ["Any"], "name": "package_ensure"}, {"tag_name": "param", "text": "Enable sysconfig configuration for iptables/ip6tables files. Defaults defined in firewall::params.\nThis is disabled for RedHat/CentOS 8+.", "types": ["Any"], "name": "sysconfig_manage"}, {"tag_name": "summary", "text": "Manages the `iptables` service on RedHat-alike systems."}]}, "defaults": {"ensure": "running", "ensure_v6": "undef", "enable": "true", "enable_v6": "undef", "service_name": "$firewall::params::service_name", "service_name_v6": "$firewall::params::service_name_v6", "package_name": "$firewall::params::package_name", "package_ensure": "$firewall::params::package_ensure", "sysconfig_manage": "$firewall::params::sysconfig_manage"}, "source": "class firewall::linux::redhat (\n $ensure = running,\n $ensure_v6 = undef,\n $enable = true,\n $enable_v6 = undef,\n $service_name = $firewall::params::service_name,\n $service_name_v6 = $firewall::params::service_name_v6,\n $package_name = $firewall::params::package_name,\n $package_ensure = $firewall::params::package_ensure,\n $sysconfig_manage = $firewall::params::sysconfig_manage,\n) inherits ::firewall::params {\n $_ensure_v6 = pick($ensure_v6, $ensure)\n $_enable_v6 = pick($enable_v6, $enable)\n\n # RHEL 7 / CentOS 7 and later and Fedora 15 and later require the iptables-services\n # package, which provides the /usr/libexec/iptables/iptables.init used by\n # lib/puppet/util/firewall.rb.\n if ($::operatingsystem != 'Amazon')\n and (($::operatingsystem != 'Fedora' and versioncmp($::operatingsystemrelease, '7.0') >= 0)\n or ($::operatingsystem == 'Fedora' and versioncmp($::operatingsystemrelease, '15') >= 0)) {\n service { 'firewalld':\n ensure => stopped,\n enable => false,\n before => [Package[$package_name], Service[$service_name]],\n }\n }\n\n # in RHEL 8 / CentOS 8 nftables provides a replacement iptables cli\n # but there is no nftables specific for ipv6 so throw a warning\n if !$service_name_v6 and ($ensure_v6 or $enable_v6) {\n warning('No v6 service available, $ensure_v6 and $enable_v6 are ignored')\n }\n\n if $package_name {\n ensure_packages($package_name, {\n 'ensure' => $package_ensure,\n 'before' => Service[$service_name] }\n )\n }\n\n if ($::operatingsystem != 'Amazon')\n and (($::operatingsystem != 'Fedora' and versioncmp($::operatingsystemrelease, '7.0') >= 0)\n or ($::operatingsystem == 'Fedora' and versioncmp($::operatingsystemrelease, '15') >= 0)) {\n if $ensure == 'running' {\n exec { '/usr/bin/systemctl daemon-reload':\n require => Package[$package_name],\n before => Service[$service_name, $service_name_v6],\n subscribe => Package[$package_name],\n refreshonly => true,\n }\n }\n }\n\n if ($::operatingsystem == 'Amazon') and (versioncmp($::operatingsystemmajrelease, '4') >= 0)\n or ($::operatingsystem == 'Amazon') and (versioncmp($::operatingsystemmajrelease, '2') >= 0) {\n service { $service_name:\n ensure => $ensure,\n enable => $enable,\n hasstatus => true,\n provider => systemd,\n }\n if $service_name_v6 {\n service { $service_name_v6:\n ensure => $_ensure_v6,\n enable => $_enable_v6,\n hasstatus => true,\n provider => systemd,\n }\n }\n } else {\n service { $service_name:\n ensure => $ensure,\n enable => $enable,\n hasstatus => true,\n }\n if $service_name_v6 {\n service { $service_name_v6:\n ensure => $_ensure_v6,\n enable => $_enable_v6,\n hasstatus => true,\n }\n }\n }\n\n if $sysconfig_manage {\n file { \"/etc/sysconfig/${service_name}\":\n ensure => file,\n owner => 'root',\n group => 'root',\n mode => '0600',\n }\n if $service_name_v6 {\n file { \"/etc/sysconfig/${service_name_v6}\":\n ensure => file,\n owner => 'root',\n group => 'root',\n mode => '0600',\n }\n }\n\n # Before puppet 4, the autobefore on the firewall type does not work - therefore\n # we need to keep this workaround here\n if versioncmp($::puppetversion, '4.0') <= 0 {\n File<| title == \"/etc/sysconfig/${service_name}\" |> -> Service<| title == $service_name |>\n File<| title == \"/etc/sysconfig/${service_name_v6}\" |> -> Service<| title == $service_name_v6 |>\n }\n\n # Redhat 7 selinux user context for /etc/sysconfig/iptables is set to system_u\n # Redhat 7 selinux type context for /etc/sysconfig/iptables is set to system_conf_t\n case $::selinux {\n #lint:ignore:quoted_booleans\n 'true',true: {\n case $::operatingsystem {\n 'CentOS': {\n case $::operatingsystemrelease {\n /^5\\..*/: {\n $seluser = 'system_u'\n $seltype = 'etc_t'\n }\n\n /^6\\..*/: {\n $seluser = 'unconfined_u'\n $seltype = 'system_conf_t'\n }\n\n /^7\\..*/: {\n $seluser = 'system_u'\n $seltype = 'system_conf_t'\n }\n\n default : {\n $seluser = 'unconfined_u'\n $seltype = 'etc_t'\n }\n }\n File<| title == \"/etc/sysconfig/${service_name}\" |> { seluser => $seluser, seltype => $seltype }\n File<| title == \"/etc/sysconfig/${service_name_v6}\" |> { seluser => $seluser, seltype => $seltype }\n }\n\n # Fedora uses the same SELinux context as Redhat\n 'Fedora': {\n $seluser = 'system_u'\n $seltype = 'system_conf_t'\n File<| title == \"/etc/sysconfig/${service_name}\" |> { seluser => $seluser, seltype => $seltype }\n File<| title == \"/etc/sysconfig/${service_name_v6}\" |> { seluser => $seluser, seltype => $seltype }\n }\n\n default: {}\n }\n }\n default: {}\n #lint:endignore\n }\n }\n}"}, {"name": "firewall::params", "file": "manifests/params.pp", "line": 5, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "summary", "text": "Provides defaults for the Apt module parameters."}]}, "source": "class firewall::params {\n $package_ensure = 'present'\n case $::osfamily {\n 'RedHat': {\n case $::operatingsystem {\n 'Amazon': {\n $service_name = 'iptables'\n $service_name_v6 = 'ip6tables'\n $package_name = undef\n $iptables_name = 'iptables'\n $sysconfig_manage = true\n }\n 'Fedora': {\n $service_name = 'iptables'\n $service_name_v6 = 'ip6tables'\n if versioncmp($::operatingsystemrelease, '34') >= 0 {\n $package_name = 'iptables-services'\n $iptables_name = 'iptables-compat'\n } elsif versioncmp($::operatingsystemrelease, '15') >= 0 {\n $package_name = 'iptables-services'\n $iptables_name = 'iptables'\n } else {\n $iptables_name = 'iptables'\n $package_name = undef\n }\n $sysconfig_manage = true\n }\n default: {\n if versioncmp($::operatingsystemrelease, '8.0') >= 0 {\n $service_name = ['iptables', 'nftables']\n $service_name_v6 = 'ip6tables'\n $package_name = ['iptables-services', 'nftables']\n $iptables_name = 'iptables'\n $sysconfig_manage = false\n } elsif versioncmp($::operatingsystemrelease, '7.0') >= 0 {\n $service_name = 'iptables'\n $service_name_v6 = 'ip6tables'\n $package_name = 'iptables-services'\n $iptables_name = 'iptables'\n $sysconfig_manage = true\n } else {\n $service_name = 'iptables'\n $service_name_v6 = 'ip6tables'\n $package_name = 'iptables-ipv6'\n $iptables_name = 'iptables'\n $sysconfig_manage = true\n }\n }\n }\n }\n 'Debian': {\n $service_name_v6 = undef\n $iptables_name = 'iptables'\n case $::operatingsystem {\n 'Debian': {\n if versioncmp($::operatingsystemrelease, 'unstable') >= 0 {\n $service_name = 'netfilter-persistent'\n $package_name = 'netfilter-persistent'\n } elsif versioncmp($::operatingsystemrelease, '8.0') >= 0 {\n $service_name = 'netfilter-persistent'\n $package_name = 'iptables-persistent'\n } else {\n $service_name = 'iptables-persistent'\n $package_name = 'iptables-persistent'\n }\n }\n 'Ubuntu': {\n if versioncmp($::operatingsystemrelease, '14.10') >= 0 {\n $service_name = 'netfilter-persistent'\n $package_name = 'iptables-persistent'\n } else {\n $service_name = 'iptables-persistent'\n $package_name = 'iptables-persistent'\n }\n }\n default: {\n $service_name = 'iptables-persistent'\n $package_name = 'iptables-persistent'\n }\n }\n }\n 'Gentoo': {\n $service_name = ['iptables','ip6tables']\n $service_name_v6 = undef\n $package_name = 'net-firewall/iptables'\n }\n default: {\n $iptables_name = 'iptables'\n $service_name_v6 = undef\n case $::operatingsystem {\n 'Archlinux': {\n $service_name = ['iptables','ip6tables']\n $package_name = undef\n }\n default: {\n $service_name = 'iptables'\n $package_name = undef\n }\n }\n }\n }\n}"}, {"name": "systemd", "file": "manifests/init.pp", "line": 143, "docstring": {"text": "This module allows triggering systemd commands once for all modules", "tags": [{"tag_name": "param", "text": "May be passed a resource hash suitable for passing directly into the\n``create_resources()`` function as called on ``systemd::service_limits``", "types": ["Hash[String[1],Hash[String[1], Any]]"], "name": "service_limits"}, {"tag_name": "param", "text": "Hash of `systemd::network` resources", "types": ["Hash[String[1],Hash[String[1], Any]]"], "name": "networks"}, {"tag_name": "param", "text": "Hash of `systemd::timer` resources", "types": ["Hash[String[1],Hash[String[1], Any]]"], "name": "timers"}, {"tag_name": "param", "text": "Hash of `systemd::tmpfile` resources", "types": ["Hash[String[1],Hash[String[1], Any]]"], "name": "tmpfiles"}, {"tag_name": "param", "text": "Hash of `systemd::unit_file` resources", "types": ["Hash[String[1],Hash[String[1], Any]]"], "name": "unit_files"}, {"tag_name": "param", "text": "Manage the systemd resolver", "types": ["Boolean"], "name": "manage_resolved"}, {"tag_name": "param", "text": "The state that the ``resolved`` service should be in", "types": ["Enum['stopped','running']"], "name": "resolved_ensure"}, {"tag_name": "param", "text": "A space-separated list of IPv4 and IPv6 addresses to use as system DNS servers.\nDNS requests are sent to one of the listed DNS servers in parallel to suitable\nper-link DNS servers acquired from systemd-networkd.service(8) or set at runtime\nby external applications. requires puppetlabs-inifile", "types": ["Optional[Variant[Array[String],String]]"], "name": "dns"}, {"tag_name": "param", "text": "A space-separated list of IPv4 and IPv6 addresses to use as the fallback DNS\nservers. Any per-link DNS servers obtained from systemd-networkd take\nprecedence over this setting. requires puppetlabs-inifile", "types": ["Optional[Variant[Array[String],String]]"], "name": "fallback_dns"}, {"tag_name": "param", "text": "A space-separated list of domains host names or IP addresses to be used\nsystemd-resolved take precedence over this setting.", "types": ["Optional[Variant[Array[String],String]]"], "name": "domains"}, {"tag_name": "param", "text": "Takes a boolean argument or \"resolve\".", "types": ["Optional[Variant[Boolean,Enum['resolve']]]"], "name": "llmnr"}, {"tag_name": "param", "text": "Takes a boolean argument or \"resolve\".", "types": ["Optional[Variant[Boolean,Enum['resolve']]]"], "name": "multicast_dns"}, {"tag_name": "param", "text": "Takes a boolean argument or \"allow-downgrade\".", "types": ["Optional[Variant[Boolean,Enum['allow-downgrade']]]"], "name": "dnssec"}, {"tag_name": "param", "text": "Takes a boolean argument or one of \"yes\", \"opportunistic\" or \"no\". \"true\" corresponds to\n\"opportunistic\" and \"false\" (default) to \"no\".", "types": ["Variant[Boolean,Enum['yes', 'opportunistic', 'no']]"], "name": "dnsovertls"}, {"tag_name": "param", "text": "Takes a boolean argument or \"no-negative\".", "types": ["Variant[Boolean,Enum['no-negative']]"], "name": "cache"}, {"tag_name": "param", "text": "Takes a boolean argument or one of \"udp\" and \"tcp\".", "types": ["Optional[Variant[Boolean,Enum['udp','tcp']]]"], "name": "dns_stub_listener"}, {"tag_name": "param", "text": "Takes a boolean argument. When \"false\" (default) it uses /run/systemd/resolve/resolv.conf\nas /etc/resolv.conf. When \"true\", it uses /run/systemd/resolve/stub-resolv.conf", "types": ["Boolean"], "name": "use_stub_resolver"}, {"tag_name": "param", "text": "Manage the systemd network daemon", "types": ["Boolean"], "name": "manage_networkd"}, {"tag_name": "param", "text": "The state that the ``networkd`` service should be in", "types": ["Enum['stopped','running']"], "name": "networkd_ensure"}, {"tag_name": "param", "text": "Manage the systemd tiemsyncd daemon", "types": ["Boolean"], "name": "manage_timesyncd"}, {"tag_name": "param", "text": "The state that the ``timesyncd`` service should be in", "types": ["Enum['stopped','running']"], "name": "timesyncd_ensure"}, {"tag_name": "param", "text": "comma separated list of ntp servers, will be combined with interface specific\naddresses from systemd-networkd. requires puppetlabs-inifile", "types": ["Optional[Variant[Array,String]]"], "name": "ntp_server"}, {"tag_name": "param", "text": "A space-separated list of NTP server host names or IP addresses to be used\nas the fallback NTP servers. Any per-interface NTP servers obtained from\nsystemd-networkd take precedence over this setting. requires puppetlabs-inifile", "types": ["Optional[Variant[Array,String]]"], "name": "fallback_ntp_server"}, {"tag_name": "param", "text": "Manage the systemd journald", "types": ["Boolean"], "name": "manage_journald"}, {"tag_name": "param", "text": "Config Hash that is used to configure settings in journald.conf", "types": ["Systemd::JournaldSettings"], "name": "journald_settings"}, {"tag_name": "param", "text": "Manage the systemd udev daemon", "types": ["Boolean"], "name": "manage_udevd"}, {"tag_name": "param", "text": "The value of /etc/udev/udev.conf udev_log", "types": ["Optional[Variant[Integer,String]]"], "name": "udev_log"}, {"tag_name": "param", "text": "The value of /etc/udev/udev.conf children_max", "types": ["Optional[Integer]"], "name": "udev_children_max"}, {"tag_name": "param", "text": "The value of /etc/udev/udev.conf exec_delay", "types": ["Optional[Integer]"], "name": "udev_exec_delay"}, {"tag_name": "param", "text": "The value of /etc/udev/udev.conf event_timeout", "types": ["Optional[Integer]"], "name": "udev_event_timeout"}, {"tag_name": "param", "text": "The value of /etc/udev/udev.conf resolve_names", "types": ["Optional[Enum['early', 'late', 'never']]"], "name": "udev_resolve_names"}, {"tag_name": "param", "text": "The value of /etc/udev/udev.conf timeout_signal", "types": ["Optional[Variant[Integer,String]]"], "name": "udev_timeout_signal"}, {"tag_name": "param", "text": "Config Hash that is used to generate instances of our\n`udev::rule` define.", "types": ["Hash"], "name": "udev_rules"}, {"tag_name": "param", "text": "Manage the systemd logind", "types": ["Boolean"], "name": "manage_logind"}, {"tag_name": "param", "text": "Config Hash that is used to configure settings in logind.conf", "types": ["Systemd::LogindSettings"], "name": "logind_settings"}, {"tag_name": "param", "text": "Config Hash that is used to generate instances of our type\n`loginctl_user`.", "types": ["Hash"], "name": "loginctl_users"}, {"tag_name": "param", "text": "Configure dropin files via hiera with factory pattern", "types": ["Hash"], "name": "dropin_files"}, {"tag_name": "param", "types": ["Boolean"], "name": "manage_all_network_files"}, {"tag_name": "param", "text": "where all networkd files are placed in", "types": ["Stdlib::Absolutepath"], "name": "network_path"}, {"tag_name": "param", "text": "when enabled, the different accounting options (network traffic, IO, CPU util...) are enabled for units", "types": ["Boolean"], "name": "manage_accounting"}, {"tag_name": "param", "text": "Hash of the different accounting options. This highly depends on the used systemd version. The module provides sane defaults per operating system using Hiera.", "types": ["Hash[String,String]"], "name": "accounting"}, {"tag_name": "param", "text": "When enabled, unused directories for dropin files will be purged", "types": ["Boolean"], "name": "purge_dropin_dirs"}]}, "defaults": {"accounting": "{}", "service_limits": "{}", "networks": "{}", "timers": "{}", "tmpfiles": "{}", "unit_files": "{}", "manage_resolved": "false", "resolved_ensure": "'running'", "dns": "undef", "fallback_dns": "undef", "domains": "undef", "llmnr": "undef", "multicast_dns": "undef", "dnssec": "undef", "dnsovertls": "false", "cache": "false", "dns_stub_listener": "undef", "use_stub_resolver": "false", "manage_networkd": "false", "networkd_ensure": "'running'", "manage_timesyncd": "false", "timesyncd_ensure": "'running'", "ntp_server": "undef", "fallback_ntp_server": "undef", "manage_accounting": "false", "purge_dropin_dirs": "true", "manage_journald": "true", "journald_settings": "{}", "manage_udevd": "false", "udev_log": "undef", "udev_children_max": "undef", "udev_exec_delay": "undef", "udev_event_timeout": "undef", "udev_resolve_names": "undef", "udev_timeout_signal": "undef", "manage_logind": "false", "logind_settings": "{}", "manage_all_network_files": "false", "network_path": "'/etc/systemd/network'", "loginctl_users": "{}", "dropin_files": "{}", "udev_rules": "{}"}, "source": "class systemd (\n Hash[String,String] $accounting = {},\n Hash[String[1],Hash[String[1], Any]] $service_limits = {},\n Hash[String[1],Hash[String[1], Any]] $networks = {},\n Hash[String[1],Hash[String[1], Any]] $timers = {},\n Hash[String[1],Hash[String[1], Any]] $tmpfiles = {},\n Hash[String[1],Hash[String[1], Any]] $unit_files = {},\n Boolean $manage_resolved = false,\n Enum['stopped','running'] $resolved_ensure = 'running',\n Optional[Variant[Array[String],String]] $dns = undef,\n Optional[Variant[Array[String],String]] $fallback_dns = undef,\n Optional[Variant[Array[String],String]] $domains = undef,\n Optional[Variant[Boolean,Enum['resolve']]] $llmnr = undef,\n Optional[Variant[Boolean,Enum['resolve']]] $multicast_dns = undef,\n Optional[Variant[Boolean,Enum['allow-downgrade']]] $dnssec = undef,\n Variant[Boolean,Enum['yes', 'opportunistic', 'no']] $dnsovertls = false,\n Variant[Boolean,Enum['no-negative']] $cache = false,\n Optional[Variant[Boolean,Enum['udp','tcp']]] $dns_stub_listener = undef,\n Boolean $use_stub_resolver = false,\n Boolean $manage_networkd = false,\n Enum['stopped','running'] $networkd_ensure = 'running',\n Boolean $manage_timesyncd = false,\n Enum['stopped','running'] $timesyncd_ensure = 'running',\n Optional[Variant[Array,String]] $ntp_server = undef,\n Optional[Variant[Array,String]] $fallback_ntp_server = undef,\n Boolean $manage_accounting = false,\n Boolean $purge_dropin_dirs = true,\n Boolean $manage_journald = true,\n Systemd::JournaldSettings $journald_settings = {},\n Boolean $manage_udevd = false,\n Optional[Variant[Integer,String]] $udev_log = undef,\n Optional[Integer] $udev_children_max = undef,\n Optional[Integer] $udev_exec_delay = undef,\n Optional[Integer] $udev_event_timeout = undef,\n Optional[Enum['early', 'late', 'never']] $udev_resolve_names = undef,\n Optional[Variant[Integer,String]] $udev_timeout_signal = undef,\n Boolean $manage_logind = false,\n Systemd::LogindSettings $logind_settings = {},\n Boolean $manage_all_network_files = false,\n Stdlib::Absolutepath $network_path = '/etc/systemd/network',\n Hash $loginctl_users = {},\n Hash $dropin_files = {},\n Hash $udev_rules = {},\n) {\n $service_limits.each |$service_limit, $service_limit_data| {\n systemd::service_limits { $service_limit:\n * => $service_limit_data,\n }\n }\n $networks.each |$network, $network_data| {\n systemd::network { $network:\n * => $network_data,\n }\n }\n $timers.each |$timer, $timer_data| {\n systemd::timer { $timer:\n * => $timer_data,\n }\n }\n $tmpfiles.each |$tmpfile, $tmpfile_data| {\n systemd::tmpfile { $tmpfile:\n * => $tmpfile_data,\n }\n }\n $unit_files.each |$unit_file, $unit_file_data| {\n systemd::unit_file { $unit_file:\n * => $unit_file_data,\n }\n }\n\n if $manage_resolved and $facts['systemd_internal_services'] and $facts['systemd_internal_services']['systemd-resolved.service'] {\n contain systemd::resolved\n }\n\n if $manage_networkd and $facts['systemd_internal_services'] and $facts['systemd_internal_services']['systemd-networkd.service'] {\n contain systemd::networkd\n }\n\n if $manage_timesyncd and $facts['systemd_internal_services'] and $facts['systemd_internal_services']['systemd-timesyncd.service'] {\n contain systemd::timesyncd\n }\n\n if $manage_udevd {\n contain systemd::udevd\n }\n\n if $manage_accounting {\n contain systemd::system\n }\n\n if $manage_journald {\n contain systemd::journald\n }\n\n if $manage_logind {\n contain systemd::logind\n }\n\n $dropin_files.each |$name, $resource| {\n systemd::dropin_file { $name:\n * => $resource,\n }\n }\n}"}, {"name": "systemd::journald", "file": "manifests/journald.pp", "line": 4, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "see", "name": "https://www.freedesktop.org/software/systemd/man/journald.conf.html"}, {"tag_name": "summary", "text": "This class manages and configures journald."}]}, "source": "class systemd::journald {\n assert_private()\n\n service { 'systemd-journald':\n ensure => running,\n }\n $systemd::journald_settings.each |$option, $value| {\n ini_setting {\n $option:\n path => '/etc/systemd/journald.conf',\n section => 'Journal',\n setting => $option,\n notify => Service['systemd-journald'],\n }\n if $value =~ Hash {\n Ini_setting[$option] {\n * => $value,\n }\n } else {\n Ini_setting[$option] {\n value => $value,\n }\n }\n }\n}"}, {"name": "systemd::logind", "file": "manifests/logind.pp", "line": 4, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "see", "name": "https://www.freedesktop.org/software/systemd/man/logind.conf.html"}, {"tag_name": "summary", "text": "This class manages systemd's login manager configuration."}]}, "source": "class systemd::logind {\n assert_private()\n\n service { 'systemd-logind':\n ensure => running,\n }\n $systemd::logind_settings.each |$option, $value| {\n ini_setting {\n $option:\n path => '/etc/systemd/logind.conf',\n section => 'Login',\n setting => $option,\n notify => Service['systemd-logind'],\n }\n if $value =~ Hash {\n Ini_setting[$option] {\n * => $value,\n }\n } elsif $value =~ Array {\n Ini_setting[$option] {\n value => join($value, ' '),\n }\n } else {\n Ini_setting[$option] {\n value => $value,\n }\n }\n }\n\n $systemd::loginctl_users.each |$loginctl_name, $loginctl_settings| {\n loginctl_user { $loginctl_name:\n * => $loginctl_settings,\n }\n }\n}"}, {"name": "systemd::networkd", "file": "manifests/networkd.pp", "line": 8, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "param", "text": "The state that the ``networkd`` service should be in", "types": ["Enum['stopped','running']"], "name": "ensure"}, {"tag_name": "param", "text": "path where all networkd files are placed in", "types": ["Stdlib::Absolutepath"], "name": "path"}, {"tag_name": "param", "text": "if enabled, all networkd files that aren't managed by puppet will be purged", "types": ["Boolean"], "name": "manage_all_network_files"}, {"tag_name": "summary", "text": "This class provides an abstract way to trigger systemd-networkd"}]}, "defaults": {"ensure": "$systemd::networkd_ensure", "path": "$systemd::network_path", "manage_all_network_files": "$systemd::manage_all_network_files"}, "source": "class systemd::networkd (\n Enum['stopped','running'] $ensure = $systemd::networkd_ensure,\n Stdlib::Absolutepath $path = $systemd::network_path,\n Boolean $manage_all_network_files = $systemd::manage_all_network_files,\n) {\n assert_private()\n\n $_enable_networkd = $ensure ? {\n 'stopped' => false,\n 'running' => true,\n default => $ensure,\n }\n\n service { 'systemd-networkd':\n ensure => $ensure,\n enable => $_enable_networkd,\n }\n # this directory is created by systemd\n # we define it here to purge non-managed files\n if $manage_all_network_files {\n file { $path:\n ensure => 'directory',\n recurse => true,\n purge => true,\n notify => Service['systemd-networkd'],\n }\n }\n}"}, {"name": "systemd::resolved", "file": "manifests/resolved.pp", "line": 48, "docstring": {"text": "Each parameters correspond to resolved.conf(5)", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "param", "text": "The state that the ``resolved`` service should be in", "types": ["Enum['stopped','running']"], "name": "ensure"}, {"tag_name": "param", "text": "A space-separated list of IPv4 and IPv6 addresses to use as system DNS servers.\nDNS requests are sent to one of the listed DNS servers in parallel to suitable\nper-link DNS servers acquired from systemd-networkd.service(8) or set at runtime\nby external applications. requires puppetlabs-inifile", "types": ["Optional[Variant[Array[String],String]]"], "name": "dns"}, {"tag_name": "param", "text": "A space-separated list of IPv4 and IPv6 addresses to use as the fallback DNS\nservers. Any per-link DNS servers obtained from systemd-networkd take\nprecedence over this setting. requires puppetlabs-inifile", "types": ["Optional[Variant[Array[String],String]]"], "name": "fallback_dns"}, {"tag_name": "param", "text": "A space-separated list of domains host names or IP addresses to be used\nsystemd-resolved take precedence over this setting.", "types": ["Optional[Variant[Array[String],String]]"], "name": "domains"}, {"tag_name": "param", "text": "Takes a boolean argument or \"resolve\".", "types": ["Optional[Variant[Boolean,Enum['resolve']]]"], "name": "llmnr"}, {"tag_name": "param", "text": "Takes a boolean argument or \"resolve\".", "types": ["Optional[Variant[Boolean,Enum['resolve']]]"], "name": "multicast_dns"}, {"tag_name": "param", "text": "Takes a boolean argument or \"allow-downgrade\".", "types": ["Optional[Variant[Boolean,Enum['allow-downgrade']]]"], "name": "dnssec"}, {"tag_name": "param", "text": "Takes a boolean argument or one of \"yes\", \"opportunistic\" or \"no\". \"true\" corresponds to\n\"opportunistic\" and \"false\" (default) to \"no\".", "types": ["Optional[Variant[Boolean,Enum['yes', 'opportunistic', 'no']]]"], "name": "dnsovertls"}, {"tag_name": "param", "text": "Takes a boolean argument or \"no-negative\".", "types": ["Optional[Variant[Boolean,Enum['no-negative']]]"], "name": "cache"}, {"tag_name": "param", "text": "Takes a boolean argument or one of \"udp\" and \"tcp\".", "types": ["Optional[Variant[Boolean,Enum['udp', 'tcp']]]"], "name": "dns_stub_listener"}, {"tag_name": "param", "text": "Takes a boolean argument. When \"false\" (default) it uses /run/systemd/resolve/resolv.conf\nas /etc/resolv.conf. When \"true\", it uses /run/systemd/resolve/stub-resolv.conf", "types": ["Boolean"], "name": "use_stub_resolver"}, {"tag_name": "see", "name": "https://www.freedesktop.org/software/systemd/man/resolved.conf.html"}, {"tag_name": "summary", "text": "This class provides an abstract way to trigger resolved."}]}, "defaults": {"ensure": "$systemd::resolved_ensure", "dns": "$systemd::dns", "fallback_dns": "$systemd::fallback_dns", "domains": "$systemd::domains", "llmnr": "$systemd::llmnr", "multicast_dns": "$systemd::multicast_dns", "dnssec": "$systemd::dnssec", "dnsovertls": "$systemd::dnsovertls", "cache": "$systemd::cache", "dns_stub_listener": "$systemd::dns_stub_listener", "use_stub_resolver": "$systemd::use_stub_resolver"}, "source": "class systemd::resolved (\n Enum['stopped','running'] $ensure = $systemd::resolved_ensure,\n Optional[Variant[Array[String],String]] $dns = $systemd::dns,\n Optional[Variant[Array[String],String]] $fallback_dns = $systemd::fallback_dns,\n Optional[Variant[Array[String],String]] $domains = $systemd::domains,\n Optional[Variant[Boolean,Enum['resolve']]] $llmnr = $systemd::llmnr,\n Optional[Variant[Boolean,Enum['resolve']]] $multicast_dns = $systemd::multicast_dns,\n Optional[Variant[Boolean,Enum['allow-downgrade']]] $dnssec = $systemd::dnssec,\n Optional[Variant[Boolean,Enum['yes', 'opportunistic', 'no']]] $dnsovertls = $systemd::dnsovertls,\n Optional[Variant[Boolean,Enum['no-negative']]] $cache = $systemd::cache,\n Optional[Variant[Boolean,Enum['udp', 'tcp']]] $dns_stub_listener = $systemd::dns_stub_listener,\n Boolean $use_stub_resolver = $systemd::use_stub_resolver,\n) {\n assert_private()\n\n $_enable_resolved = $ensure ? {\n 'stopped' => false,\n 'running' => true,\n default => $ensure,\n }\n\n service { 'systemd-resolved':\n ensure => $ensure,\n enable => $_enable_resolved,\n }\n\n $_resolv_conf_target = $use_stub_resolver ? {\n true => '/run/systemd/resolve/stub-resolv.conf',\n default => '/run/systemd/resolve/resolv.conf',\n }\n file { '/etc/resolv.conf':\n ensure => 'symlink',\n target => $_resolv_conf_target,\n require => Service['systemd-resolved'],\n }\n\n if $dns {\n if $dns =~ String {\n $_dns = $dns\n } else {\n $_dns = join($dns, ' ')\n }\n ini_setting { 'dns':\n ensure => 'present',\n value => $_dns,\n setting => 'DNS',\n section => 'Resolve',\n path => '/etc/systemd/resolved.conf',\n notify => Service['systemd-resolved'],\n }\n }\n\n if $fallback_dns {\n if $fallback_dns =~ String {\n $_fallback_dns = $fallback_dns\n } else {\n $_fallback_dns = join($fallback_dns, ' ')\n }\n ini_setting { 'fallback_dns':\n ensure => 'present',\n value => $_fallback_dns,\n setting => 'FallbackDNS',\n section => 'Resolve',\n path => '/etc/systemd/resolved.conf',\n notify => Service['systemd-resolved'],\n }\n }\n\n if $domains {\n if $domains =~ String {\n $_domains = $domains\n } else {\n $_domains = join($domains, ' ')\n }\n ini_setting { 'domains':\n ensure => 'present',\n value => $_domains,\n setting => 'Domains',\n section => 'Resolve',\n path => '/etc/systemd/resolved.conf',\n notify => Service['systemd-resolved'],\n }\n }\n\n $_llmnr = $llmnr ? {\n true => 'yes',\n false => 'no',\n default => $llmnr,\n }\n\n if $_llmnr {\n ini_setting { 'llmnr':\n ensure => 'present',\n value => $_llmnr,\n setting => 'LLMNR',\n section => 'Resolve',\n path => '/etc/systemd/resolved.conf',\n notify => Service['systemd-resolved'],\n }\n }\n\n $_multicast_dns = $multicast_dns ? {\n true => 'yes',\n false => 'no',\n default => $multicast_dns,\n }\n\n if $_multicast_dns {\n ini_setting { 'multicast_dns':\n ensure => 'present',\n value => $_multicast_dns,\n setting => 'MulticastDNS',\n section => 'Resolve',\n path => '/etc/systemd/resolved.conf',\n notify => Service['systemd-resolved'],\n }\n }\n\n $_dnssec = $dnssec ? {\n true => 'yes',\n false => 'no',\n default => $dnssec,\n }\n\n if $_dnssec {\n ini_setting { 'dnssec':\n ensure => 'present',\n value => $_dnssec,\n setting => 'DNSSEC',\n section => 'Resolve',\n path => '/etc/systemd/resolved.conf',\n notify => Service['systemd-resolved'],\n }\n }\n\n $_dnsovertls = $dnsovertls ? {\n 'yes' => true,\n true => 'opportunistic',\n false => false,\n default => $dnsovertls,\n }\n\n if $_dnsovertls {\n ini_setting { 'dnsovertls':\n ensure => 'present',\n value => $_dnsovertls,\n setting => 'DNSOverTLS',\n section => 'Resolve',\n path => '/etc/systemd/resolved.conf',\n notify => Service['systemd-resolved'],\n }\n }\n\n $_cache = $cache ? {\n true => 'yes',\n false => 'no',\n default => $cache,\n }\n\n if $cache {\n ini_setting { 'cache':\n ensure => 'present',\n value => $_cache,\n setting => 'Cache',\n section => 'Resolve',\n path => '/etc/systemd/resolved.conf',\n notify => Service['systemd-resolved'],\n }\n }\n\n $_dns_stub_listener = $dns_stub_listener ? {\n true => 'yes',\n false => 'no',\n default => $dns_stub_listener,\n }\n\n if $_dns_stub_listener {\n ini_setting { 'dns_stub_listener':\n ensure => 'present',\n value => $_dns_stub_listener,\n setting => 'DNSStubListener',\n section => 'Resolve',\n path => '/etc/systemd/resolved.conf',\n notify => Service['systemd-resolved'],\n }\n }\n}"}, {"name": "systemd::system", "file": "manifests/system.pp", "line": 5, "docstring": {"text": "This class provides a solution to enable accounting", "tags": [{"tag_name": "api", "text": "private"}]}, "source": "class systemd::system {\n assert_private()\n\n $systemd::accounting.each |$option, $value| {\n ini_setting { $option:\n ensure => 'present',\n path => '/etc/systemd/system.conf',\n section => 'Manager',\n setting => $option,\n value => $value,\n }\n }\n}"}, {"name": "systemd::timesyncd", "file": "manifests/timesyncd.pp", "line": 16, "docstring": {"text": "This class provides an abstract way to trigger systemd-timesyncd", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "param", "text": "The state that the ``networkd`` service should be in", "types": ["Enum['stopped','running']"], "name": "ensure"}, {"tag_name": "param", "text": "A space-separated list of NTP servers, will be combined with interface specific\naddresses from systemd-networkd. requires puppetlabs-inifile", "types": ["Optional[Variant[Array,String]]"], "name": "ntp_server"}, {"tag_name": "param", "text": "A space-separated list of NTP server host names or IP addresses to be used\nas the fallback NTP servers. Any per-interface NTP servers obtained from\nsystemd-networkd take precedence over this setting. requires puppetlabs-inifile", "types": ["Optional[Variant[Array,String]]"], "name": "fallback_ntp_server"}]}, "defaults": {"ensure": "$systemd::timesyncd_ensure", "ntp_server": "$systemd::ntp_server", "fallback_ntp_server": "$systemd::fallback_ntp_server"}, "source": "class systemd::timesyncd (\n Enum['stopped','running'] $ensure = $systemd::timesyncd_ensure,\n Optional[Variant[Array,String]] $ntp_server = $systemd::ntp_server,\n Optional[Variant[Array,String]] $fallback_ntp_server = $systemd::fallback_ntp_server,\n) {\n assert_private()\n\n $_enable_timesyncd = $ensure ? {\n 'stopped' => false,\n 'running' => true,\n default => $ensure,\n }\n\n service { 'systemd-timesyncd':\n ensure => $ensure,\n enable => $_enable_timesyncd,\n }\n\n if $ntp_server {\n if $ntp_server =~ String {\n $_ntp_server = $ntp_server\n } else {\n $_ntp_server = join($ntp_server, ' ')\n }\n $setting = $facts['os']['family'] ? {\n 'Debian' => $facts['os']['release']['major'] ? {\n '8' => 'Servers',\n default => 'NTP',\n },\n default => 'NTP',\n }\n ini_setting { 'ntp_server':\n ensure => 'present',\n value => $_ntp_server,\n setting => $setting,\n section => 'Time',\n path => '/etc/systemd/timesyncd.conf',\n notify => Service['systemd-timesyncd'],\n }\n }\n\n if $fallback_ntp_server {\n if $fallback_ntp_server =~ String {\n $_fallback_ntp_server = $fallback_ntp_server\n } else {\n $_fallback_ntp_server = join($fallback_ntp_server, ' ')\n }\n ini_setting { 'fallback_ntp_server':\n ensure => 'present',\n value => $_fallback_ntp_server,\n setting => 'FallbackNTP',\n section => 'Time',\n path => '/etc/systemd/timesyncd.conf',\n notify => Service['systemd-timesyncd'],\n }\n }\n}"}, {"name": "systemd::tmpfiles", "file": "manifests/tmpfiles.pp", "line": 13, "docstring": {"text": "Update the systemd temp files", "tags": [{"tag_name": "param", "text": "The operations to perform on the systemd tempfiles\n\n* All operations may be combined but you'll probably only ever want to\n use ``create``", "types": ["Array[Enum['create','clean','remove']]"], "name": "operations"}, {"tag_name": "see", "name": "systemd-tmpfiles(8)"}]}, "defaults": {"operations": "['create']"}, "source": "class systemd::tmpfiles (\n Array[Enum['create','clean','remove']] $operations = ['create']\n) {\n $_ops = join(prefix($operations, '--'), ' ')\n\n exec { 'systemd-tmpfiles':\n command => \"systemd-tmpfiles ${_ops}\",\n refreshonly => true,\n path => $facts['path'],\n }\n}"}, {"name": "systemd::udevd", "file": "manifests/udevd.pp", "line": 4, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "see", "name": "https://www.freedesktop.org/software/systemd/man/udev.conf.html"}, {"tag_name": "summary", "text": "This class manages systemd's udev config"}]}, "source": "class systemd::udevd {\n assert_private()\n\n service { 'systemd-udevd':\n ensure => running,\n enable => true,\n }\n\n file { '/etc/udev/udev.conf':\n ensure => 'file',\n owner => 'root',\n group => 'root',\n mode => '0444',\n content => epp(\"${module_name}/udev_conf.epp\", {\n 'udev_log' => $systemd::udev_log,\n 'udev_children_max' => $systemd::udev_children_max,\n 'udev_exec_delay' => $systemd::udev_exec_delay,\n 'udev_event_timeout' => $systemd::udev_event_timeout,\n 'udev_resolve_names' => $systemd::udev_resolve_names,\n 'udev_timeout_signal' => $systemd::udev_timeout_signal,\n }),\n notify => Service['systemd-udevd'],\n }\n\n $systemd::udev_rules.each |$udev_rule_name, $udev_rule| {\n systemd::udev::rule { $udev_rule_name:\n * => $udev_rule,\n }\n }\n}"}, {"name": "ssh", "file": "manifests/init.pp", "line": 100, "inherits": "ssh::params", "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "class { 'ssh':\n storeconfigs_enabled => false,\n server_options => {\n 'Match User www-data' => {\n 'ChrootDirectory' => '%h',\n 'ForceCommand' => 'internal-sftp',\n 'PasswordAuthentication' => 'yes',\n 'AllowTcpForwarding' => 'no',\n 'X11Forwarding' => 'no',\n },\n 'Port' => [22, 2222, 2288],\n },\n client_options => {\n 'Host *.amazonaws.com' => {\n 'User' => 'ec2-user',\n },\n },\n users_client_options => {\n 'bob' => {\n options => {\n 'Host *.alice.fr' => {\n 'User' => 'alice',\n },\n },\n },\n },\n}", "name": "Puppet usage"}, {"tag_name": "example", "text": "ssh::storeconfigs_enabled: true\n\nssh::server_options:\n Protocol: '2'\n ListenAddress:\n - '127.0.0.0'\n - '%{::hostname}'\n PasswordAuthentication: 'yes'\n SyslogFacility: 'AUTHPRIV'\n UsePAM: 'yes'\n X11Forwarding: 'yes'\n\nssh::server::match_block:\n filetransfer:\n type: group\n options:\n ChrootDirectory: /home/sftp\n ForceCommand: internal-sftp\n\nssh::client_options:\n 'Host *':\n SendEnv: 'LANG LC_*'\n ForwardX11Trusted: 'yes'\n ServerAliveInterval: '10'\n\nssh::users_client_options:\n 'bob':\n 'options':\n 'Host *.alice.fr':\n 'User': 'alice'\n 'PasswordAuthentication': 'no'", "name": "hiera usage"}, {"tag_name": "param", "text": "Add dynamic options for ssh server config", "types": ["Hash"], "name": "server_options"}, {"tag_name": "param", "text": "Add match block for ssh server config", "types": ["Hash"], "name": "server_match_block"}, {"tag_name": "param", "text": "Add dynamic options for ssh client config", "types": ["Hash"], "name": "client_options"}, {"tag_name": "param", "text": "Add users options for ssh client config", "types": ["Hash"], "name": "users_client_options"}, {"tag_name": "param", "text": "Define package version (package ressource)", "types": ["String"], "name": "version"}, {"tag_name": "param", "text": "Default value for storeconfigs_enabled (client and server)", "types": ["Boolean"], "name": "storeconfigs_enabled"}, {"tag_name": "param", "text": "Default value for validate_sshd_file (server)", "types": ["Boolean"], "name": "validate_sshd_file"}, {"tag_name": "param", "text": "Default value to use augeas (client and server)", "types": ["Boolean"], "name": "use_augeas"}, {"tag_name": "param", "text": "List of options to remove for server config (augeas only)", "types": ["Array"], "name": "server_options_absent"}, {"tag_name": "param", "text": "List of options to remove for client config (augeas only)", "types": ["Array"], "name": "client_options_absent"}, {"tag_name": "param", "text": "Use issue_net header", "types": ["Boolean"], "name": "use_issue_net"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "purge_unmanaged_sshkeys"}, {"tag_name": "summary", "text": "This class manages ssh client and server"}]}, "defaults": {"server_options": "{}", "server_match_block": "{}", "client_options": "{}", "users_client_options": "{}", "version": "'present'", "storeconfigs_enabled": "true", "validate_sshd_file": "$ssh::params::validate_sshd_file", "use_augeas": "false", "server_options_absent": "[]", "client_options_absent": "[]", "use_issue_net": "false", "purge_unmanaged_sshkeys": "true"}, "source": "class ssh (\n Hash $server_options = {},\n Hash $server_match_block = {},\n Hash $client_options = {},\n Hash $users_client_options = {},\n String $version = 'present',\n Boolean $storeconfigs_enabled = true,\n Boolean $validate_sshd_file = $ssh::params::validate_sshd_file,\n Boolean $use_augeas = false,\n Array $server_options_absent = [],\n Array $client_options_absent = [],\n Boolean $use_issue_net = false,\n Boolean $purge_unmanaged_sshkeys = true,\n) inherits ssh::params {\n # Merge hashes from multiple layer of hierarchy in hiera\n $hiera_server_options = lookup(\"${module_name}::server_options\", Optional[Hash], 'deep', {})\n $hiera_server_match_block = lookup(\"${module_name}::server_match_block\", Optional[Hash], 'deep', {})\n $hiera_client_options = lookup(\"${module_name}::client_options\", Optional[Hash], 'deep', {})\n $hiera_users_client_options = lookup(\"${module_name}::users_client_options\", Optional[Hash], 'deep', {})\n\n $fin_server_options = deep_merge($hiera_server_options, $server_options)\n $fin_server_match_block = deep_merge($hiera_server_match_block, $server_match_block)\n $fin_client_options = deep_merge($hiera_client_options, $client_options)\n $fin_users_client_options = deep_merge($hiera_users_client_options, $users_client_options)\n\n class { 'ssh::server':\n ensure => $version,\n storeconfigs_enabled => $storeconfigs_enabled,\n options => $fin_server_options,\n validate_sshd_file => $validate_sshd_file,\n use_augeas => $use_augeas,\n options_absent => $server_options_absent,\n use_issue_net => $use_issue_net,\n }\n\n class { 'ssh::client':\n ensure => $version,\n storeconfigs_enabled => $storeconfigs_enabled,\n options => $fin_client_options,\n use_augeas => $use_augeas,\n options_absent => $client_options_absent,\n }\n\n # If host keys are being managed, optionally purge unmanaged ones as well.\n if ($storeconfigs_enabled and $purge_unmanaged_sshkeys) {\n resources { 'sshkey':\n purge => true,\n }\n }\n\n create_resources('ssh::client::config::user', $fin_users_client_options)\n create_resources('ssh::server::match_block', $fin_server_match_block)\n}"}, {"name": "ssh::client", "file": "manifests/client.pp", "line": 23, "inherits": "ssh::params", "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "class { 'ssh::client':\n ensure => present,\n storeconfigs_enabled => true,\n use_augeas => false,\n}", "name": "Puppet usage"}, {"tag_name": "param", "text": "Ensurable param to ssh client", "types": ["String"], "name": "ensure"}, {"tag_name": "param", "text": "Collected host keys from servers will be written to known_hosts unless storeconfigs_enabled is false", "types": ["Boolean"], "name": "storeconfigs_enabled"}, {"tag_name": "param", "text": "Dynamic hash for openssh client options", "types": ["Hash"], "name": "options"}, {"tag_name": "param", "text": "Remove options (with augeas style)", "types": ["Array"], "name": "options_absent"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "use_augeas"}, {"tag_name": "summary", "text": "This class add ssh client management"}]}, "defaults": {"ensure": "present", "storeconfigs_enabled": "true", "options": "{}", "use_augeas": "false", "options_absent": "[]"}, "source": "class ssh::client (\n String $ensure = present,\n Boolean $storeconfigs_enabled = true,\n Hash $options = {},\n Boolean $use_augeas = false,\n Array $options_absent = [],\n) inherits ssh::params {\n # Merge hashes from multiple layer of hierarchy in hiera\n $hiera_options = lookup(\"${module_name}::client::options\", Optional[Hash], 'deep', {})\n\n $fin_options = deep_merge($hiera_options, $options)\n\n if $use_augeas {\n $merged_options = sshclient_options_to_augeas_ssh_config($fin_options, $options_absent, { 'target' => $ssh::params::ssh_config })\n } else {\n $merged_options = merge($fin_options, delete($ssh::params::ssh_default_options, keys($fin_options)))\n }\n\n include ssh::client::install\n include ssh::client::config\n\n # Provide option to *not* use storeconfigs/puppetdb, which means not managing\n # hostkeys and knownhosts\n if ($storeconfigs_enabled) {\n include ssh::knownhosts\n\n Class['ssh::client::install']\n -> Class['ssh::client::config']\n -> Class['ssh::knownhosts']\n } else {\n Class['ssh::client::install']\n -> Class['ssh::client::config']\n }\n}"}, {"name": "ssh::client::config", "file": "manifests/client/config.pp", "line": 1, "docstring": {"text": ""}, "source": "class ssh::client::config {\n $options = $ssh::client::merged_options\n $use_augeas = $ssh::client::use_augeas\n\n if $use_augeas {\n create_resources('ssh_config', $options)\n } else {\n file { $ssh::params::ssh_config:\n ensure => file,\n owner => '0',\n group => '0',\n mode => '0644',\n content => template(\"${module_name}/ssh_config.erb\"),\n require => Class['ssh::client::install'],\n }\n }\n}"}, {"name": "ssh::client::install", "file": "manifests/client/install.pp", "line": 1, "docstring": {"text": ""}, "source": "class ssh::client::install {\n if $ssh::params::client_package_name {\n ensure_packages([\n $ssh::params::client_package_name,\n ], {\n 'ensure' => $ssh::client::ensure,\n })\n }\n}"}, {"name": "ssh::hostkeys", "file": "manifests/hostkeys.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "export_ipaddresses"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "storeconfigs_group"}, {"tag_name": "param", "text": "", "types": ["Array"], "name": "extra_aliases"}, {"tag_name": "param", "text": "", "types": ["Array"], "name": "exclude_interfaces"}, {"tag_name": "param", "text": "", "types": ["Array"], "name": "exclude_ipaddresses"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "use_trusted_facts"}, {"tag_name": "summary", "text": "This class manages hostkeys"}]}, "defaults": {"export_ipaddresses": "true", "storeconfigs_group": "undef", "extra_aliases": "[]", "exclude_interfaces": "[]", "exclude_ipaddresses": "[]", "use_trusted_facts": "false"}, "source": "class ssh::hostkeys (\n Boolean $export_ipaddresses = true,\n Optional[String] $storeconfigs_group = undef,\n Array $extra_aliases = [],\n Array $exclude_interfaces = [],\n Array $exclude_ipaddresses = [],\n Boolean $use_trusted_facts = false,\n) {\n if $use_trusted_facts {\n $fqdn_real = $trusted['certname']\n $hostname_real = $trusted['hostname']\n } else {\n # stick to legacy facts for older versions of facter\n $fqdn_real = $facts['networking']['fqdn']\n $hostname_real = $facts['networking']['hostname']\n }\n\n if $export_ipaddresses == true {\n $ipaddresses = ssh::ipaddresses($exclude_interfaces)\n $ipaddresses_real = $ipaddresses - $exclude_ipaddresses\n $host_aliases = sort(unique(flatten([$fqdn_real, $hostname_real, $extra_aliases, $ipaddresses_real])))\n } else {\n $host_aliases = sort(unique(flatten([$fqdn_real, $hostname_real, $extra_aliases])))\n }\n\n if $storeconfigs_group {\n tag 'hostkey_all', \"hostkey_${storeconfigs_group}\"\n }\n\n ['dsa', 'rsa', 'ecdsa', 'ed25519'].each |String $key_type| {\n # can be removed as soon as we drop support for puppet 4\n # see https://tickets.puppetlabs.com/browse/FACT-1377?jql=project%20%3D%20FACT%20AND%20fixVersion%20%3D%20%22FACT%203.12.0%22\n if $key_type == 'ecdsa' {\n $key_type_real = 'ecdsa-sha2-nistp256'\n } else {\n $key_type_real = $key_type\n }\n\n if $key_type in $facts['ssh'] {\n @@sshkey { \"${fqdn_real}_${key_type}\":\n ensure => present,\n host_aliases => $host_aliases,\n type => $key_type_real,\n key => $facts['ssh'][$key_type]['key'],\n }\n } else {\n @@sshkey { \"${fqdn_real}_${key_type}\":\n ensure => absent,\n type => $key_type_real,\n }\n }\n }\n}"}, {"name": "ssh::knownhosts", "file": "manifests/knownhosts.pp", "line": 10, "inherits": "ssh::params", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Enable collection", "types": ["Boolean"], "name": "collect_enabled"}, {"tag_name": "param", "text": "Define the hostkeys group storage", "types": ["Optional[String]"], "name": "storeconfigs_group"}, {"tag_name": "summary", "text": "This class manages knownhosts if collection is enabled."}]}, "defaults": {"collect_enabled": "$ssh::params::collect_enabled", "storeconfigs_group": "undef"}, "source": "class ssh::knownhosts (\n Boolean $collect_enabled = $ssh::params::collect_enabled,\n Optional[String] $storeconfigs_group = undef,\n) inherits ssh::params {\n if ($collect_enabled) {\n if $storeconfigs_group {\n Sshkey <<| tag == \"hostkey_${storeconfigs_group}\" |>>\n } else {\n Sshkey <<| |>>\n }\n }\n}"}, {"name": "ssh::params", "file": "manifests/params.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "summary", "text": "Params class"}]}, "source": "class ssh::params {\n case $facts['os']['family'] {\n 'Debian': {\n $server_package_name = 'openssh-server'\n $client_package_name = 'openssh-client'\n $sshd_dir = '/etc/ssh'\n $sshd_config = '/etc/ssh/sshd_config'\n $ssh_config = '/etc/ssh/ssh_config'\n $ssh_known_hosts = '/etc/ssh/ssh_known_hosts'\n $service_name = 'ssh'\n $sftp_server_path = '/usr/lib/openssh/sftp-server'\n $host_priv_key_group = 0\n }\n 'RedHat': {\n $server_package_name = 'openssh-server'\n $client_package_name = 'openssh-clients'\n $sshd_dir = '/etc/ssh'\n $sshd_config = '/etc/ssh/sshd_config'\n $ssh_config = '/etc/ssh/ssh_config'\n $ssh_known_hosts = '/etc/ssh/ssh_known_hosts'\n $service_name = 'sshd'\n $sftp_server_path = '/usr/libexec/openssh/sftp-server'\n if versioncmp($facts['os']['release']['major'], '7') >= 0 {\n $host_priv_key_group = 'ssh_keys'\n } else {\n $host_priv_key_group = 0\n }\n }\n 'FreeBSD', 'DragonFly': {\n $server_package_name = undef\n $client_package_name = undef\n $sshd_dir = '/etc/ssh'\n $sshd_config = '/etc/ssh/sshd_config'\n $ssh_config = '/etc/ssh/ssh_config'\n $ssh_known_hosts = '/etc/ssh/ssh_known_hosts'\n $service_name = 'sshd'\n $sftp_server_path = '/usr/libexec/sftp-server'\n $host_priv_key_group = 0\n }\n 'OpenBSD': {\n $server_package_name = undef\n $client_package_name = undef\n $sshd_dir = '/etc/ssh'\n $sshd_config = '/etc/ssh/sshd_config'\n $ssh_config = '/etc/ssh/ssh_config'\n $ssh_known_hosts = '/etc/ssh/ssh_known_hosts'\n $service_name = 'sshd'\n $sftp_server_path = '/usr/libexec/sftp-server'\n $host_priv_key_group = 0\n }\n 'Darwin': {\n $server_package_name = undef\n $client_package_name = undef\n $sshd_dir = '/etc/ssh'\n $sshd_config = '/etc/ssh/sshd_config'\n $ssh_config = '/etc/ssh/ssh_config'\n $ssh_known_hosts = '/etc/ssh/ssh_known_hosts'\n $service_name = 'com.openssh.sshd'\n $sftp_server_path = '/usr/libexec/sftp-server'\n $host_priv_key_group = 0\n }\n 'ArchLinux': {\n $server_package_name = 'openssh'\n $client_package_name = 'openssh'\n $sshd_dir = '/etc/ssh'\n $sshd_config = '/etc/ssh/sshd_config'\n $ssh_config = '/etc/ssh/ssh_config'\n $ssh_known_hosts = '/etc/ssh/ssh_known_hosts'\n $service_name = 'sshd.service'\n $sftp_server_path = '/usr/lib/ssh/sftp-server'\n $host_priv_key_group = 0\n }\n 'Suse': {\n $server_package_name = 'openssh'\n $client_package_name = 'openssh'\n $sshd_dir = '/etc/ssh'\n $sshd_config = '/etc/ssh/sshd_config'\n $ssh_config = '/etc/ssh/ssh_config'\n $ssh_known_hosts = '/etc/ssh/ssh_known_hosts'\n $host_priv_key_group = 0\n case $facts['os']['name'] {\n 'SLES': {\n $service_name = 'sshd'\n case $facts['os']['release']['full'] {\n /^10\\./, /^11\\./: {\n if ($facts['os']['architecture'] == 'x86_64') {\n $sftp_server_path = '/usr/lib64/ssh/sftp-server'\n } else {\n $sftp_server_path = '/usr/lib/ssh/sftp-server'\n }\n }\n default: {\n $sftp_server_path = '/usr/lib/ssh/sftp-server'\n }\n }\n }\n 'OpenSuse': {\n $service_name = 'sshd'\n $sftp_server_path = '/usr/lib/ssh/sftp-server'\n }\n default: {\n fail(\"Unsupported platform: ${facts['os']['family']}/${facts['os']['name']}\")\n }\n }\n }\n 'Solaris': {\n case $facts['os']['name'] {\n 'SmartOS': {\n $server_package_name = undef\n $client_package_name = undef\n $sshd_dir = '/etc/ssh'\n $sshd_config = '/etc/ssh/sshd_config'\n $ssh_config = '/etc/ssh/ssh_config'\n $ssh_known_hosts = '/etc/ssh/ssh_known_hosts'\n $service_name = 'svc:/network/ssh:default'\n $sftp_server_path = 'internal-sftp'\n $host_priv_key_group = 0\n }\n default: {\n $sshd_dir = '/etc/ssh'\n $sshd_config = '/etc/ssh/sshd_config'\n $ssh_config = '/etc/ssh/ssh_config'\n $ssh_known_hosts = '/etc/ssh/ssh_known_hosts'\n $service_name = 'svc:/network/ssh:default'\n $sftp_server_path = 'internal-sftp'\n $host_priv_key_group = 0\n case versioncmp($facts['kernelrelease'], '5.10') {\n 1: {\n # Solaris 11 and later\n $server_package_name = '/service/network/ssh'\n $client_package_name = '/network/ssh'\n }\n 0: {\n # Solaris 10\n $server_package_name = 'SUNWsshdu'\n $client_package_name = 'SUNWsshu'\n }\n default: {\n # Solaris 9 and earlier not supported\n fail(\"Unsupported platform: ${facts['os']['family']}/${facts['kernelrelease']}\")\n }\n }\n }\n }\n }\n default: {\n case $facts['os']['name'] {\n 'Gentoo': {\n $server_package_name = 'openssh'\n $client_package_name = 'openssh'\n $sshd_dir = '/etc/ssh'\n $sshd_config = '/etc/ssh/sshd_config'\n $ssh_config = '/etc/ssh/ssh_config'\n $ssh_known_hosts = '/etc/ssh/ssh_known_hosts'\n $service_name = 'sshd'\n $sftp_server_path = '/usr/lib64/misc/sftp-server'\n $host_priv_key_group = 0\n }\n 'Amazon': {\n $server_package_name = 'openssh-server'\n $client_package_name = 'openssh-clients'\n $sshd_dir = '/etc/ssh'\n $sshd_config = '/etc/ssh/sshd_config'\n $ssh_config = '/etc/ssh/ssh_config'\n $ssh_known_hosts = '/etc/ssh/ssh_known_hosts'\n $service_name = 'sshd'\n $sftp_server_path = '/usr/libexec/openssh/sftp-server'\n $host_priv_key_group = 0\n }\n default: {\n fail(\"Unsupported platform: ${facts['os']['family']}/${facts['os']['name']}\")\n }\n }\n }\n }\n\n # ssh & sshd default options:\n # - OpenBSD doesn't know about UsePAM\n # - Sun_SSH doesn't know about UsePAM & AcceptEnv; SendEnv & HashKnownHosts\n case $facts['os']['family'] {\n 'OpenBSD': {\n $sshd_default_options = {\n 'ChallengeResponseAuthentication' => 'no',\n 'X11Forwarding' => 'yes',\n 'PrintMotd' => 'no',\n 'AcceptEnv' => 'LANG LC_*',\n 'Subsystem' => \"sftp ${sftp_server_path}\",\n }\n $ssh_default_options = {\n 'Host *' => {\n 'SendEnv' => 'LANG LC_*',\n 'HashKnownHosts' => 'yes',\n },\n }\n }\n 'Solaris': {\n $sshd_default_options = {\n 'ChallengeResponseAuthentication' => 'no',\n 'X11Forwarding' => 'yes',\n 'PrintMotd' => 'no',\n 'Subsystem' => \"sftp ${sftp_server_path}\",\n 'HostKey' => [\n \"${sshd_dir}/ssh_host_rsa_key\",\n \"${sshd_dir}/ssh_host_dsa_key\",\n ],\n }\n $ssh_default_options = {\n }\n }\n default: {\n $sshd_default_options = {\n 'ChallengeResponseAuthentication' => 'no',\n 'X11Forwarding' => 'yes',\n 'PrintMotd' => 'no',\n 'AcceptEnv' => 'LANG LC_*',\n 'Subsystem' => \"sftp ${sftp_server_path}\",\n 'UsePAM' => 'yes',\n }\n $ssh_default_options = {\n 'Host *' => {\n 'SendEnv' => 'LANG LC_*',\n 'HashKnownHosts' => 'yes',\n },\n }\n }\n }\n\n $validate_sshd_file = false\n $user_ssh_directory_default_mode = '0700'\n $user_ssh_config_default_mode = '0600'\n $collect_enabled = true # Collect sshkey resources\n $issue_net = '/etc/issue.net'\n}"}, {"name": "ssh::server", "file": "manifests/server.pp", "line": 35, "inherits": "ssh::params", "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "class { 'ssh::server':\n ensure => present,\n storeconfigs_enabled => true,\n use_issue_net => false,\n}", "name": "Puppet usage"}, {"tag_name": "param", "text": "Ensurable param to ssh server", "types": ["String"], "name": "ensure"}, {"tag_name": "param", "text": "Host keys will be collected and distributed unless storeconfigs_enabled is false.", "types": ["Boolean"], "name": "storeconfigs_enabled"}, {"tag_name": "param", "text": "Dynamic hash for openssh server option", "types": ["Hash"], "name": "options"}, {"tag_name": "param", "text": "Add sshd file validate cmd", "types": ["Boolean"], "name": "validate_sshd_file"}, {"tag_name": "param", "text": "Use augeas for configuration (default concat)", "types": ["Boolean"], "name": "use_augeas"}, {"tag_name": "param", "text": "Remove options (with augeas style)", "types": ["Array"], "name": "options_absent"}, {"tag_name": "param", "text": "Add sshd match_block (with concat)", "types": ["Hash"], "name": "match_block"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "use_issue_net"}, {"tag_name": "summary", "text": "This class managed ssh server"}]}, "defaults": {"ensure": "present", "storeconfigs_enabled": "true", "options": "{}", "validate_sshd_file": "false", "use_augeas": "false", "options_absent": "[]", "match_block": "{}", "use_issue_net": "false"}, "source": "class ssh::server (\n String $ensure = present,\n Boolean $storeconfigs_enabled = true,\n Hash $options = {},\n Boolean $validate_sshd_file = false,\n Boolean $use_augeas = false,\n Array $options_absent = [],\n Hash $match_block = {},\n Boolean $use_issue_net = false\n) inherits ssh::params {\n # Merge hashes from multiple layer of hierarchy in hiera\n $hiera_options = lookup(\"${module_name}::server::options\", Optional[Hash], 'deep', {})\n $hiera_match_block = lookup(\"${module_name}::server::match_block\", Optional[Hash], 'deep', {})\n\n $fin_options = deep_merge($hiera_options, $options)\n $fin_match_block = deep_merge($hiera_match_block, $match_block)\n\n if $use_augeas {\n $merged_options = sshserver_options_to_augeas_sshd_config($fin_options, $options_absent, { 'target' => $ssh::params::sshd_config })\n } else {\n $merged_options = deep_merge($ssh::params::sshd_default_options, $fin_options)\n }\n\n include ssh::server::install\n include ssh::server::config\n include ssh::server::service\n\n # Provide option to *not* use storeconfigs/puppetdb, which means not managing\n # hostkeys and knownhosts\n if ($storeconfigs_enabled) {\n include ssh::hostkeys\n include ssh::knownhosts\n\n Class['ssh::server::install']\n -> Class['ssh::server::config']\n ~> Class['ssh::server::service']\n -> Class['ssh::hostkeys']\n -> Class['ssh::knownhosts']\n } else {\n Class['ssh::server::install']\n -> Class['ssh::server::config']\n ~> Class['ssh::server::service']\n }\n\n create_resources('ssh::server::match_block', $fin_match_block)\n}"}, {"name": "ssh::server::config", "file": "manifests/server/config.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "summary", "text": "Managed ssh server configuration"}]}, "source": "class ssh::server::config {\n $options = $ssh::server::merged_options\n\n case $ssh::server::validate_sshd_file {\n true: {\n $sshd_validate_cmd = '/usr/sbin/sshd -tf %'\n }\n default: {\n $sshd_validate_cmd = undef\n }\n }\n\n if $ssh::server::use_augeas {\n create_resources('sshd_config', $options)\n } else {\n concat { $ssh::params::sshd_config:\n ensure => present,\n owner => 0,\n group => 0,\n mode => '0600',\n validate_cmd => $sshd_validate_cmd,\n notify => Service[$ssh::params::service_name],\n }\n\n concat::fragment { 'global config':\n target => $ssh::params::sshd_config,\n content => template(\"${module_name}/sshd_config.erb\"),\n order => '00',\n }\n }\n\n if $ssh::server::use_issue_net {\n file { $ssh::params::issue_net:\n ensure => file,\n owner => 0,\n group => 0,\n mode => '0644',\n content => template(\"${module_name}/issue.net.erb\"),\n notify => Service[$ssh::params::service_name],\n }\n\n concat::fragment { 'banner file':\n target => $ssh::params::sshd_config,\n content => \"Banner ${ssh::params::issue_net}\\n\",\n order => '01',\n }\n }\n}"}, {"name": "ssh::server::install", "file": "manifests/server/install.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "summary", "text": "Install ssh server package"}]}, "source": "class ssh::server::install {\n include ssh::params\n if $ssh::params::server_package_name {\n ensure_packages ([\n $ssh::params::server_package_name,\n ], {\n 'ensure' => $ssh::server::ensure,\n })\n }\n}"}, {"name": "ssh::server::service", "file": "manifests/server/service.pp", "line": 10, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Ensurable service param", "types": ["String"], "name": "ensure"}, {"tag_name": "param", "text": "Define if service is enable", "types": ["Boolean"], "name": "enable"}, {"tag_name": "summary", "text": "This class managed ssh server service"}]}, "defaults": {"ensure": "'running'", "enable": "true"}, "source": "class ssh::server::service (\n String $ensure = 'running',\n Boolean $enable = true\n) {\n include ssh::params\n include ssh::server\n\n service { $ssh::params::service_name:\n ensure => $ssh::server::service::ensure,\n hasstatus => true,\n hasrestart => true,\n enable => $ssh::server::service::enable,\n require => Class['ssh::server::config'],\n }\n}"}, {"name": "elastic_stack::repo", "file": "manifests/repo.pp", "line": 14, "docstring": {"text": "elastic_stack::repo", "tags": [{"tag_name": "example", "text": "include elastic_stack::repo", "name": ""}, {"tag_name": "param", "text": "Whether to use the purely open source (i.e., bundled without X-Pack) repository", "types": ["Boolean"], "name": "oss"}, {"tag_name": "param", "text": "Whether to use a repo for prerelease versions, like \"6.0.0-rc2\"", "types": ["Boolean"], "name": "prerelease"}, {"tag_name": "param", "text": "A numeric priority for the repo, passed to the package management system", "types": ["Optional[Integer]"], "name": "priority"}, {"tag_name": "param", "text": "The URL of a HTTP proxy to use for package downloads (YUM only)", "types": ["String"], "name": "proxy"}, {"tag_name": "param", "text": "The (major) version of the Elastic Stack for which to configure the repo", "types": ["Integer"], "name": "version"}, {"tag_name": "param", "text": "The base url for the repo path", "types": ["Optional[String]"], "name": "base_repo_url"}, {"tag_name": "summary", "text": "Set up the package repository for Elastic Stack components"}]}, "defaults": {"oss": "false", "prerelease": "false", "priority": "undef", "proxy": "'absent'", "version": "7", "base_repo_url": "undef"}, "source": "class elastic_stack::repo (\n Boolean $oss = false,\n Boolean $prerelease = false,\n Optional[Integer] $priority = undef,\n String $proxy = 'absent',\n Integer $version = 7,\n Optional[String] $base_repo_url = undef,\n) {\n if $prerelease {\n $version_suffix = '.x-prerelease'\n } else {\n $version_suffix = '.x'\n }\n\n if $oss {\n $version_prefix = 'oss-'\n } else {\n $version_prefix = ''\n }\n\n if $version > 2 { # lint:ignore:version_comparison\n $_repo_url = $base_repo_url ? {\n undef => 'https://artifacts.elastic.co/packages',\n default => $base_repo_url,\n }\n case $facts['os']['family'] {\n 'Debian': {\n $_repo_path = 'apt'\n }\n default: {\n $_repo_path = 'yum'\n }\n }\n } else {\n $_repo_url = $base_repo_url ? {\n undef => 'https://packages.elastic.co/elasticsearch',\n default => $base_repo_url,\n }\n case $facts['os']['family'] {\n 'Debian': {\n $_repo_path = 'debian'\n }\n default: {\n $_repo_path = 'centos'\n }\n }\n }\n\n $base_url = \"${_repo_url}/${version_prefix}${version}${version_suffix}/${_repo_path}\"\n $key_id='46095ACC8548582C1A2699A9D27D666CD88E42B4'\n $key_source='https://artifacts.elastic.co/GPG-KEY-elasticsearch'\n $description='Elastic package repository.'\n\n case $facts['os']['family'] {\n 'Debian': {\n include apt\n\n apt::source { 'elastic':\n ensure => 'present',\n comment => $description,\n location => $base_url,\n release => 'stable',\n repos => 'main',\n key => {\n 'id' => $key_id,\n 'source' => $key_source,\n },\n include => {\n 'deb' => true,\n 'src' => false,\n },\n pin => $priority,\n }\n }\n 'RedHat', 'Linux': {\n yumrepo { 'elastic':\n descr => $description,\n baseurl => $base_url,\n gpgcheck => 1,\n gpgkey => $key_source,\n enabled => 1,\n proxy => $proxy,\n priority => $priority,\n }\n ~> exec { 'elastic_yumrepo_yum_clean':\n command => 'yum clean metadata expire-cache --disablerepo=\"*\" --enablerepo=\"elastic\"',\n refreshonly => true,\n returns => [0, 1],\n path => ['/bin', '/usr/bin', '/usr/local/bin'],\n cwd => '/',\n }\n }\n 'Suse': {\n # Older versions of SLES do not ship with rpmkeys\n if $facts['os']['name'] == 'SLES' and versioncmp($facts['os']['release']['major'], '11') <= 0 {\n $_import_cmd = \"rpm --import ${key_source}\"\n }\n else {\n $_import_cmd = \"rpmkeys --import ${key_source}\"\n }\n\n exec { 'elastic_suse_import_gpg':\n command => $_import_cmd,\n unless => \"test $(rpm -qa gpg-pubkey | grep -i 'D88E42B4' | wc -l) -eq 1\",\n notify => Zypprepo['elastic'],\n path => ['/bin', '/usr/bin', '/usr/local/bin'],\n cwd => '/',\n }\n\n zypprepo { 'elastic':\n baseurl => $base_url,\n enabled => 1,\n autorefresh => 1,\n name => 'elastic',\n gpgcheck => 1,\n gpgkey => $key_source,\n type => 'yum',\n priority => $priority,\n }\n ~> exec { 'elastic_zypper_refresh_elastic':\n command => 'zypper refresh elastic',\n refreshonly => true,\n path => ['/bin', '/usr/bin', '/usr/local/bin'],\n cwd => '/',\n }\n }\n default: {\n fail(\"\\\"${module_name}\\\" provides no repository information for OSfamily \\\"${facts['os']['family']}\\\"\")\n }\n }\n}"}, {"name": "java", "file": "manifests/init.pp", "line": 38, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The java distribution to install. Can be one of \"jdk\" or \"jre\",\nor other platform-specific options where there are multiple\nimplementations available (eg: OpenJDK vs Oracle JDK).", "types": ["String"], "name": "distribution"}, {"tag_name": "param", "text": "The version of java to install. By default, this module simply ensures\nthat java is present, and does not require a specific version.", "types": ["Pattern[/present|installed|latest|^[.+_0-9a-zA-Z:~-]+$/]"], "name": "version"}, {"tag_name": "param", "text": "The name of the java package. This is configurable in case a non-standard\njava package is desired.", "types": ["Optional[String]"], "name": "package"}, {"tag_name": "param", "text": "Array of strings to pass installation options to the 'package' Puppet resource.\nOptions available depend on the 'package' provider for the target OS.", "types": ["Optional[Array]"], "name": "package_options"}, {"tag_name": "param", "text": "The name of the java alternative to use on Debian systems.\n\"update-java-alternatives -l\" will show which choices are available.\nIf you specify a particular package, you will almost always also\nwant to specify which java_alternative to choose. If you set\nthis, you also need to set the path below.", "types": ["Optional[String]"], "name": "java_alternative"}, {"tag_name": "param", "text": "The path to the \"java\" command on Debian systems. Since the\nalternatives system makes it difficult to verify which\nalternative is actually enabled, this is required to ensure the\ncorrect JVM is enabled.", "types": ["Optional[String]"], "name": "java_alternative_path"}, {"tag_name": "param", "text": "The path to where the JRE is installed. This will be set as an\nenvironment variable.", "types": ["Optional[String]"], "name": "java_home"}, {"tag_name": "summary", "text": "This module manages the Java runtime package"}]}, "defaults": {"distribution": "'jdk'", "version": "'present'", "package": "undef", "package_options": "undef", "java_alternative": "undef", "java_alternative_path": "undef", "java_home": "undef"}, "source": "class java (\n String $distribution = 'jdk',\n Pattern[/present|installed|latest|^[.+_0-9a-zA-Z:~-]+$/] $version = 'present',\n Optional[String] $package = undef,\n Optional[Array] $package_options = undef,\n Optional[String] $java_alternative = undef,\n Optional[String] $java_alternative_path = undef,\n Optional[String] $java_home = undef\n) {\n include ::java::params\n\n $default_package_name = has_key($java::params::java, $distribution) ? {\n false => undef,\n default => $java::params::java[$distribution]['package'],\n }\n\n $use_java_package_name = $package ? {\n undef => $default_package_name,\n default => $package,\n }\n\n ## Weird logic........\n ## If $java_alternative is set, use that.\n ## Elsif the DEFAULT package is being used, then use $default_alternative.\n ## Else undef\n $use_java_alternative = $java_alternative ? {\n undef => $use_java_package_name ? {\n $default_package_name => has_key($java::params::java, $distribution) ? {\n default => $java::params::java[$distribution]['alternative'],\n false => undef,\n },\n default => undef,\n },\n default => $java_alternative,\n }\n\n ## Same logic as $java_alternative above.\n $use_java_alternative_path = $java_alternative_path ? {\n undef => $use_java_package_name ? {\n $default_package_name => has_key($java::params::java, $distribution) ? {\n default => $java::params::java[$distribution]['alternative_path'],\n false => undef,\n },\n default => undef,\n },\n default => $java_alternative_path,\n }\n\n $use_java_home = $java_home ? {\n undef => $use_java_package_name ? {\n $default_package_name => has_key($java::params::java, $distribution) ? {\n default => $java::params::java[$distribution]['java_home'],\n false => undef,\n },\n default => undef,\n },\n default => $java_home,\n }\n\n ## This should only be required if we did not override all the information we need.\n # One of the defaults is missing and its not intentional:\n if ((\n $use_java_package_name == undef or $use_java_alternative == undef or\n $use_java_alternative_path == undef or $use_java_home == undef\n ) and (\n ! has_key($java::params::java, $distribution)\n )) {\n fail(\"Java distribution ${distribution} is not supported. Missing default values.\")\n }\n\n $jre_flag = $use_java_package_name ? {\n /headless/ => '--jre-headless',\n default => '--jre'\n }\n\n if $facts['os']['family'] == 'Debian' {\n # Needed for update-java-alternatives\n package { 'java-common':\n ensure => present,\n before => Class['java::config'],\n }\n }\n\n anchor { 'java::begin:': }\n -> package { 'java':\n ensure => $version,\n install_options => $package_options,\n name => $use_java_package_name,\n }\n -> class { 'java::config': }\n -> anchor { 'java::end': }\n}"}, {"name": "java::config", "file": "manifests/config.pp", "line": 2, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}]}, "source": "class java::config ( ) {\n case $facts['os']['family'] {\n 'Debian': {\n if $java::use_java_alternative != undef and $java::use_java_alternative_path != undef {\n exec { 'update-java-alternatives':\n path => '/usr/bin:/usr/sbin:/bin:/sbin',\n command => \"update-java-alternatives --set ${java::use_java_alternative} ${java::jre_flag}\",\n unless => \"test /etc/alternatives/java -ef '${java::use_java_alternative_path}'\",\n }\n }\n if $java::use_java_home != undef {\n file_line { 'java-home-environment':\n path => '/etc/environment',\n line => \"JAVA_HOME=${$java::use_java_home}\",\n match => 'JAVA_HOME=',\n }\n }\n }\n 'RedHat': {\n if $java::use_java_alternative != undef and $java::use_java_alternative_path != undef {\n # The standard packages install alternatives, custom packages do not\n # For the stanard packages java::params needs these added.\n if $java::use_java_package_name != $java::default_package_name {\n exec { 'create-java-alternatives':\n path => '/usr/bin:/usr/sbin:/bin:/sbin',\n command => \"alternatives --install /usr/bin/java java ${$java::use_java_alternative_path} 20000\" ,\n unless => \"alternatives --display java | grep -q ${$java::use_java_alternative_path}\",\n before => Exec['update-java-alternatives'],\n }\n }\n\n exec { 'update-java-alternatives':\n path => '/usr/bin:/usr/sbin',\n command => \"alternatives --set java ${$java::use_java_alternative_path}\" ,\n unless => \"test /etc/alternatives/java -ef '${java::use_java_alternative_path}'\",\n }\n }\n if $java::use_java_home != undef {\n file_line { 'java-home-environment':\n path => '/etc/environment',\n line => \"JAVA_HOME=${$java::use_java_home}\",\n match => 'JAVA_HOME=',\n }\n }\n }\n 'Suse': {\n if $java::use_java_home != undef {\n file_line { 'java-home-environment':\n path => '/etc/environment',\n line => \"JAVA_HOME=${$java::use_java_home}\",\n match => 'JAVA_HOME=',\n }\n }\n }\n 'FreeBSD': {\n if $java::use_java_home != undef {\n file_line { 'java-home-environment-profile':\n path => '/etc/profile',\n line => \"JAVA_HOME=${$java::use_java_home}; export JAVA_HOME\",\n match => 'JAVA_HOME=',\n }\n file_line { 'java-home-environment-cshrc':\n path => '/etc/csh.login',\n line => \"setenv JAVA_HOME ${$java::use_java_home}\",\n match => 'setenv JAVA_HOME',\n }\n }\n }\n 'Solaris': {\n if $java::use_java_home != undef {\n file_line { 'java-home-environment':\n path => '/etc/profile',\n line => \"JAVA_HOME=${$java::use_java_home}\",\n match => 'JAVA_HOME=',\n }\n }\n }\n 'Archlinux': {\n if $java::use_java_home != undef {\n file_line { 'java-home-environment':\n path => '/etc/profile',\n line => \"JAVA_HOME=${$java::use_java_home}\",\n match => 'JAVA_HOME=',\n }\n }\n }\n default: {\n # Do nothing.\n }\n }\n}"}, {"name": "java::params", "file": "manifests/params.pp", "line": 7, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "summary", "text": "This class builds a hash of JDK/JRE packages and (for Debian)\nalternatives. For wheezy/precise, we provide Oracle JDK/JRE\noptions, even though those are not in the package repositories."}]}, "source": "class java::params {\n case $facts['os']['family'] {\n 'RedHat': {\n case $facts['os']['name'] {\n 'AlmaLinux', 'Rocky', 'RedHat', 'CentOS', 'OracleLinux', 'Scientific', 'OEL', 'SLC', 'CloudLinux': {\n if (versioncmp($facts['os']['release']['full'], '5.0') < 0) {\n $jdk_package = 'java-1.6.0-sun-devel'\n $jre_package = 'java-1.6.0-sun'\n $java_home = '/usr/lib/jvm/java-1.6.0-sun/jre/'\n }\n # See cde7046 for why >= 5.0 < 6.3\n elsif (versioncmp($facts['os']['release']['full'], '6.3') < 0) {\n $jdk_package = 'java-1.6.0-openjdk-devel'\n $jre_package = 'java-1.6.0-openjdk'\n $java_home = '/usr/lib/jvm/java-1.6.0/'\n }\n # See PR#160 / c8e46b5 for why >= 6.3 < 7.1\n elsif (versioncmp($facts['os']['release']['full'], '7.1') < 0) {\n $jdk_package = 'java-1.7.0-openjdk-devel'\n $jre_package = 'java-1.7.0-openjdk'\n $java_home = '/usr/lib/jvm/java-1.7.0/'\n }\n else {\n $jdk_package = 'java-1.8.0-openjdk-devel'\n $jre_package = 'java-1.8.0-openjdk'\n $java_home = '/usr/lib/jvm/java-1.8.0/'\n }\n }\n 'Fedora': {\n if (versioncmp($facts['os']['release']['full'], '21') < 0) {\n $jdk_package = 'java-1.7.0-openjdk-devel'\n $jre_package = 'java-1.7.0-openjdk'\n $java_home = \"/usr/lib/jvm/java-1.7.0-openjdk-${facts['os']['architecture']}/\"\n }\n else {\n $jdk_package = 'java-1.8.0-openjdk-devel'\n $jre_package = 'java-1.8.0-openjdk'\n $java_home = \"/usr/lib/jvm/java-1.8.0-openjdk-${facts['os']['architecture']}/\"\n }\n }\n 'Amazon': {\n $jdk_package = 'java-1.7.0-openjdk-devel'\n $jre_package = 'java-1.7.0-openjdk'\n $java_home = \"/usr/lib/jvm/java-1.7.0-openjdk-${facts['os']['architecture']}/\"\n }\n default: { fail(\"unsupported os ${facts['os']['name']}\") }\n }\n $java = {\n 'jdk' => {\n 'package' => $jdk_package,\n 'java_home' => $java_home,\n },\n 'jre' => {\n 'package' => $jre_package,\n 'java_home' => $java_home,\n },\n }\n }\n 'Debian': {\n $oracle_architecture = $facts['os']['architecture'] ? {\n 'amd64' => 'x64',\n default => $facts['os']['architecture']\n }\n $openjdk_architecture = $facts['os']['architecture'] ? {\n 'aarch64' => 'arm64',\n 'armv7l' => 'armhf',\n default => $facts['os']['architecture']\n }\n case $facts['os']['release']['major'] {\n '9': {\n $java = {\n 'jdk' => {\n 'package' => 'openjdk-8-jdk',\n 'alternative' => \"java-1.8.0-openjdk-${openjdk_architecture}\",\n 'alternative_path' => \"/usr/lib/jvm/java-1.8.0-openjdk-${openjdk_architecture}/bin/java\",\n 'java_home' => \"/usr/lib/jvm/java-1.8.0-openjdk-${openjdk_architecture}/\",\n },\n 'jre' => {\n 'package' => 'openjdk-8-jre-headless',\n 'alternative' => \"java-1.8.0-openjdk-${openjdk_architecture}\",\n 'alternative_path' => \"/usr/lib/jvm/java-1.8.0-openjdk-${openjdk_architecture}/bin/java\",\n 'java_home' => \"/usr/lib/jvm/java-1.8.0-openjdk-${openjdk_architecture}/\",\n },\n }\n }\n '10', '11', '18.04', '18.10', '19.04', '19.10', '20.04', '22.04': {\n $java = {\n 'jdk' => {\n 'package' => 'openjdk-11-jdk',\n 'alternative' => \"java-1.11.0-openjdk-${openjdk_architecture}\",\n 'alternative_path' => \"/usr/lib/jvm/java-1.11.0-openjdk-${openjdk_architecture}/bin/java\",\n 'java_home' => \"/usr/lib/jvm/java-1.11.0-openjdk-${openjdk_architecture}/\",\n },\n 'jre' => {\n 'package' => 'openjdk-11-jre-headless',\n 'alternative' => \"java-1.11.0-openjdk-${openjdk_architecture}\",\n 'alternative_path' => \"/usr/lib/jvm/java-1.11.0-openjdk-${openjdk_architecture}/bin/java\",\n 'java_home' => \"/usr/lib/jvm/java-1.11.0-openjdk-${openjdk_architecture}/\",\n },\n }\n }\n default: { fail(\"unsupported release ${facts['os']['release']['major']}\") }\n }\n }\n 'OpenBSD': {\n $java = {\n 'jdk' => {\n 'package' => 'jdk',\n 'java_home' => '/usr/local/jdk/',\n },\n 'jre' => {\n 'package' => 'jre',\n 'java_home' => '/usr/local/jdk/',\n },\n }\n }\n 'FreeBSD': {\n $java = {\n 'jdk' => {\n 'package' => 'openjdk',\n 'java_home' => '/usr/local/openjdk7/',\n },\n 'jre' => {\n 'package' => 'openjdk-jre',\n 'java_home' => '/usr/local/openjdk7/',\n },\n }\n }\n 'Solaris': {\n $java = {\n 'jdk' => {\n 'package' => 'developer/java/jdk-7',\n 'java_home' => '/usr/jdk/instances/jdk1.7.0/',\n },\n 'jre' => {\n 'package' => 'runtime/java/jre-7',\n 'java_home' => '/usr/jdk/instances/jdk1.7.0/',\n },\n }\n }\n 'Suse': {\n case $facts['os']['name'] {\n 'SLES': {\n if (versioncmp($facts['os']['release']['full'], '12.1') >= 0) {\n $jdk_package = 'java-1_8_0-openjdk-devel'\n $jre_package = 'java-1_8_0-openjdk'\n $java_home = '/usr/lib64/jvm/java-1.8.0-openjdk-1.8.0/'\n } elsif (versioncmp($facts['os']['release']['full'], '12') >= 0) {\n $jdk_package = 'java-1_7_0-openjdk-devel'\n $jre_package = 'java-1_7_0-openjdk'\n $java_home = '/usr/lib64/jvm/java-1.7.0-openjdk-1.7.0/'\n } elsif (versioncmp($facts['os']['release']['full'], '11.4') >= 0) {\n $jdk_package = 'java-1_7_1-ibm-devel'\n $jre_package = 'java-1_7_1-ibm'\n $java_home = '/usr/lib64/jvm/java-1.7.1-ibm-1.7.1/'\n } else {\n $jdk_package = 'java-1_6_0-ibm-devel'\n $jre_package = 'java-1_6_0-ibm'\n $java_home = '/usr/lib64/jvm/java-1.6.0-ibm-1.6.0/'\n }\n }\n 'OpenSuSE': {\n $jdk_package = 'java-1_7_0-openjdk-devel'\n $jre_package = 'java-1_7_0-openjdk'\n $java_home = '/usr/lib64/jvm/java-1.7.0-openjdk-1.7.0/'\n }\n default: {\n $jdk_package = 'java-1_6_0-ibm-devel'\n $jre_package = 'java-1_6_0-ibm'\n $java_home = '/usr/lib64/jvm/java-1.6.0-ibd-1.6.0/'\n }\n }\n $java = {\n 'jdk' => {\n 'package' => $jdk_package,\n 'java_home' => $java_home,\n },\n 'jre' => {\n 'package' => $jre_package,\n 'java_home' => $java_home,\n },\n }\n }\n 'Archlinux': {\n $jdk_package = 'jdk8-openjdk'\n $jre_package = 'jre8-openjdk'\n $java_home = '/usr/lib/jvm/java-8-openjdk/jre/'\n $java = {\n 'jdk' => {\n 'package' => $jdk_package,\n 'java_home' => $java_home,\n },\n 'jre' => {\n 'package' => $jre_package,\n 'java_home' => $java_home,\n },\n }\n }\n default: { fail(\"unsupported platform ${facts['os']['family']}\") }\n }\n}"}, {"name": "java_ks::config", "file": "manifests/config.pp", "line": 7, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "A hash containing the parameters required for the java config.", "types": ["Hash"], "name": "params"}, {"tag_name": "summary", "text": "java_ks configuration"}]}, "defaults": {"params": "{}"}, "source": "class java_ks::config (\n Hash $params = {},\n) {\n create_resources('java_ks', $params )\n}"}, {"name": "nginx", "file": "manifests/init.pp", "line": 41, "inherits": "nginx::params", "docstring": {"text": "Packaged NGINX\n - RHEL: EPEL or custom package\n - Debian/Ubuntu: Default Install or custom package\n - SuSE: Default Install or custom package", "tags": [{"tag_name": "example", "text": "include nginx", "name": "Use the sensible defaults"}, {"tag_name": "param", "text": "When set, nginx will include module configurations files installed in the\n/etc/nginx/modules-enabled directory.", "types": ["Boolean"], "name": "include_modules_enabled"}, {"tag_name": "param", "text": "The name of the package to install in order for the passenger module of\nnginx being usable.", "types": ["String[1]"], "name": "passenger_package_name"}, {"tag_name": "param", "text": "The version of nginx installed (or being installed).\nUnfortunately, different versions of nginx may need configuring\ndifferently. The default is derived from the version of nginx\nalready installed. If the fact is unavailable, it defaults to '1.6.0'.\nYou may need to set this manually to get a working and idempotent\nconfiguration.", "types": ["String[1]"], "name": "nginx_version"}, {"tag_name": "param", "text": "Configures nginx `debug_connection` lines in the `events` section of the nginx config.\nSee http://nginx.org/en/docs/ngx_core_module.html#debug_connection", "types": ["Array[Nginx::DebugConnection]"], "name": "debug_connections"}, {"tag_name": "param", "text": "whether to en- or disable the config check via nginx -t on config changes", "types": ["Boolean"], "name": "service_config_check"}, {"tag_name": "param", "text": "Command to execute to validate the generated configuration.", "types": ["String"], "name": "service_config_check_command"}, {"tag_name": "param", "text": "Enables or disables resetting timed out connections and connections closed\nwith the non-standard code 444.", "types": ["Optional[Enum['on', 'off']]"], "name": "reset_timedout_connection"}, {"tag_name": "param", "text": "", "types": ["Variant[Stdlib::Absolutepath, Boolean]"], "name": "client_body_temp_path"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "confd_only"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "confd_purge"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "conf_dir"}, {"tag_name": "param", "text": "", "types": ["Optional[Enum['on', 'off']]"], "name": "daemon"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "daemon_user"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "daemon_group"}, {"tag_name": "param", "text": "", "types": ["Array[String]"], "name": "dynamic_modules"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "global_owner"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "global_group"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "global_mode"}, {"tag_name": "param", "text": "", "types": ["Optional[Variant[String[1], Array[String[1]]]]"], "name": "limit_req_zone"}, {"tag_name": "param", "text": "", "types": ["Stdlib::Absolutepath"], "name": "log_dir"}, {"tag_name": "param", "text": "", "types": ["String[1]"], "name": "log_user"}, {"tag_name": "param", "text": "", "types": ["String[1]"], "name": "log_group"}, {"tag_name": "param", "text": "", "types": ["Stdlib::Filemode"], "name": "log_mode"}, {"tag_name": "param", "text": "", "types": ["Variant[String, Array[String]]"], "name": "http_access_log"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "http_format_log"}, {"tag_name": "param", "text": "", "types": ["Variant[String, Array[String]]"], "name": "nginx_error_log"}, {"tag_name": "param", "text": "", "types": ["Nginx::ErrorLogSeverity"], "name": "nginx_error_log_severity"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "pid"}, {"tag_name": "param", "text": "", "types": ["Variant[Stdlib::Absolutepath, Boolean]"], "name": "proxy_temp_path"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "root_group"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "run_dir"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "sites_available_owner"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "sites_available_group"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "sites_available_mode"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "super_user"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "temp_dir"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "server_purge"}, {"tag_name": "param", "text": "", "types": ["String[1]"], "name": "conf_template"}, {"tag_name": "param", "text": "", "types": ["String[1]"], "name": "fastcgi_conf_template"}, {"tag_name": "param", "text": "", "types": ["String[1]"], "name": "uwsgi_params_template"}, {"tag_name": "param", "text": "", "types": ["Optional[Enum['on', 'off']]"], "name": "absolute_redirect"}, {"tag_name": "param", "text": "", "types": ["Enum['on', 'off']"], "name": "accept_mutex"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "accept_mutex_delay"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "client_body_buffer_size"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "client_max_body_size"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "client_body_timeout"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "send_timeout"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "lingering_timeout"}, {"tag_name": "param", "text": "", "types": ["Optional[Enum['on','off','always']]"], "name": "lingering_close"}, {"tag_name": "param", "text": "", "types": ["Optional[String[1]]"], "name": "lingering_time"}, {"tag_name": "param", "text": "", "types": ["Optional[Enum['on', 'off']]"], "name": "etag"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "events_use"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "fastcgi_cache_inactive"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "fastcgi_cache_key"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "fastcgi_cache_keys_zone"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "fastcgi_cache_levels"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "fastcgi_cache_max_size"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "fastcgi_cache_path"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "fastcgi_cache_use_stale"}, {"tag_name": "param", "text": "", "types": ["Enum['on', 'off']"], "name": "gzip"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "gzip_buffers"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "gzip_comp_level"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "gzip_disable"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "gzip_min_length"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "gzip_http_version"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "gzip_proxied"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "gzip_types"}, {"tag_name": "param", "text": "", "types": ["Enum['on', 'off']"], "name": "gzip_vary"}, {"tag_name": "param", "text": "", "types": ["Optional[Enum['on', 'off', 'always']]"], "name": "gzip_static"}, {"tag_name": "param", "text": "", "types": ["Optional[Variant[Hash, Array]]"], "name": "http_cfg_prepend"}, {"tag_name": "param", "text": "", "types": ["Optional[Variant[Hash, Array]]"], "name": "http_cfg_append"}, {"tag_name": "param", "text": "", "types": ["Optional[Variant[Array[String], String]]"], "name": "http_raw_prepend"}, {"tag_name": "param", "text": "", "types": ["Optional[Variant[Array[String], String]]"], "name": "http_raw_append"}, {"tag_name": "param", "text": "", "types": ["Enum['on', 'off']"], "name": "http_tcp_nodelay"}, {"tag_name": "param", "text": "", "types": ["Enum['on', 'off']"], "name": "http_tcp_nopush"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "keepalive_timeout"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "keepalive_requests"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "log_format"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "mail"}, {"tag_name": "param", "text": "", "types": ["Variant[String, Boolean]"], "name": "mime_types_path"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "stream"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "multi_accept"}, {"tag_name": "param", "text": "", "types": ["Integer"], "name": "names_hash_bucket_size"}, {"tag_name": "param", "text": "", "types": ["Integer"], "name": "names_hash_max_size"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "nginx_cfg_prepend"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "proxy_buffers"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "proxy_buffer_size"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "proxy_cache_inactive"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "proxy_cache_keys_zone"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "proxy_cache_levels"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "proxy_cache_max_size"}, {"tag_name": "param", "text": "", "types": ["Optional[Variant[Hash, String]]"], "name": "proxy_cache_path"}, {"tag_name": "param", "text": "", "types": ["Optional[Integer]"], "name": "proxy_cache_loader_files"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "proxy_cache_loader_sleep"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "proxy_cache_loader_threshold"}, {"tag_name": "param", "text": "", "types": ["Optional[Enum['on', 'off']]"], "name": "proxy_use_temp_path"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "proxy_connect_timeout"}, {"tag_name": "param", "text": "", "types": ["Integer"], "name": "proxy_headers_hash_bucket_size"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "proxy_http_version"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "proxy_read_timeout"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "proxy_redirect"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "proxy_send_timeout"}, {"tag_name": "param", "text": "", "types": ["Array"], "name": "proxy_set_header"}, {"tag_name": "param", "text": "", "types": ["Array"], "name": "proxy_hide_header"}, {"tag_name": "param", "text": "", "types": ["Array"], "name": "proxy_pass_header"}, {"tag_name": "param", "text": "", "types": ["Array"], "name": "proxy_ignore_header"}, {"tag_name": "param", "text": "", "types": ["Optional[Nginx::Size]"], "name": "proxy_max_temp_file_size"}, {"tag_name": "param", "text": "", "types": ["Optional[Nginx::Size]"], "name": "proxy_busy_buffers_size"}, {"tag_name": "param", "text": "", "types": ["Enum['on', 'off']"], "name": "sendfile"}, {"tag_name": "param", "text": "", "types": ["Enum['on', 'off']"], "name": "server_tokens"}, {"tag_name": "param", "text": "", "types": ["Enum['on', 'off']"], "name": "spdy"}, {"tag_name": "param", "text": "", "types": ["Enum['on', 'off']"], "name": "http2"}, {"tag_name": "param", "text": "", "types": ["Enum['on', 'off']"], "name": "ssl_stapling"}, {"tag_name": "param", "text": "", "types": ["Enum['on', 'off']"], "name": "ssl_stapling_verify"}, {"tag_name": "param", "text": "", "types": ["Stdlib::Absolutepath"], "name": "snippets_dir"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "manage_snippets_dir"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "types_hash_bucket_size"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "types_hash_max_size"}, {"tag_name": "param", "text": "", "types": ["Integer"], "name": "worker_connections"}, {"tag_name": "param", "text": "", "types": ["Enum['on', 'off']"], "name": "ssl_prefer_server_ciphers"}, {"tag_name": "param", "text": "", "types": ["Variant[Integer, Enum['auto']]"], "name": "worker_processes"}, {"tag_name": "param", "text": "", "types": ["Integer"], "name": "worker_rlimit_nofile"}, {"tag_name": "param", "text": "", "types": ["Optional[Enum['on', 'off']]"], "name": "pcre_jit"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "ssl_protocols"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "ssl_ciphers"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::Unixpath]"], "name": "ssl_dhparam"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "ssl_ecdh_curve"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "ssl_session_cache"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "ssl_session_timeout"}, {"tag_name": "param", "text": "", "types": ["Optional[Enum['on', 'off']]"], "name": "ssl_session_tickets"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::Absolutepath]"], "name": "ssl_session_ticket_key"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "ssl_buffer_size"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::Absolutepath]"], "name": "ssl_crl"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::Absolutepath]"], "name": "ssl_stapling_file"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "ssl_stapling_responder"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::Absolutepath]"], "name": "ssl_trusted_certificate"}, {"tag_name": "param", "text": "", "types": ["Optional[Integer]"], "name": "ssl_verify_depth"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::Absolutepath]"], "name": "ssl_password_file"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "package_ensure"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "package_name"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "package_source"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "package_flavor"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "manage_repo"}, {"tag_name": "param", "text": "", "types": ["Hash[String[1], String[1]]"], "name": "mime_types"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "mime_types_preserve_defaults"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "repo_release"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "passenger_package_ensure"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::HTTPUrl]"], "name": "repo_source"}, {"tag_name": "param", "text": "", "types": ["Stdlib::Ensure::Service"], "name": "service_ensure"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "service_enable"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "service_flags"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "service_restart"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "service_name"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "service_manage"}, {"tag_name": "param", "text": "", "types": ["Hash"], "name": "geo_mappings"}, {"tag_name": "param", "text": "", "types": ["Hash"], "name": "geo_mappings_defaults"}, {"tag_name": "param", "text": "", "types": ["Hash"], "name": "string_mappings"}, {"tag_name": "param", "text": "", "types": ["Hash"], "name": "string_mappings_defaults"}, {"tag_name": "param", "text": "", "types": ["Hash"], "name": "nginx_locations"}, {"tag_name": "param", "text": "", "types": ["Hash"], "name": "nginx_locations_defaults"}, {"tag_name": "param", "text": "", "types": ["Hash"], "name": "nginx_mailhosts"}, {"tag_name": "param", "text": "", "types": ["Hash"], "name": "nginx_mailhosts_defaults"}, {"tag_name": "param", "text": "", "types": ["Hash"], "name": "nginx_servers"}, {"tag_name": "param", "text": "", "types": ["Hash"], "name": "nginx_servers_defaults"}, {"tag_name": "param", "text": "", "types": ["Hash"], "name": "nginx_streamhosts"}, {"tag_name": "param", "text": "", "types": ["Hash"], "name": "nginx_streamhosts_defaults"}, {"tag_name": "param", "text": "", "types": ["Hash"], "name": "nginx_upstreams"}, {"tag_name": "param", "text": "", "types": ["Nginx::UpstreamDefaults"], "name": "nginx_upstreams_defaults"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "purge_passenger_repo"}, {"tag_name": "summary", "text": "Manage NGINX"}]}, "defaults": {"client_body_temp_path": "$nginx::params::client_body_temp_path", "confd_only": "false", "confd_purge": "false", "conf_dir": "$nginx::params::conf_dir", "daemon": "undef", "daemon_user": "$nginx::params::daemon_user", "daemon_group": "undef", "dynamic_modules": "[]", "global_owner": "$nginx::params::global_owner", "global_group": "$nginx::params::global_group", "global_mode": "$nginx::params::global_mode", "limit_req_zone": "undef", "log_dir": "$nginx::params::log_dir", "log_user": "$nginx::params::log_user", "log_group": "$nginx::params::log_group", "log_mode": "$nginx::params::log_mode", "http_access_log": "\"${log_dir}/${nginx::params::http_access_log_file}\"", "http_format_log": "undef", "nginx_error_log": "\"${log_dir}/${nginx::params::nginx_error_log_file}\"", "nginx_error_log_severity": "'error'", "pid": "$nginx::params::pid", "proxy_temp_path": "$nginx::params::proxy_temp_path", "root_group": "$nginx::params::root_group", "run_dir": "$nginx::params::run_dir", "sites_available_owner": "$nginx::params::sites_available_owner", "sites_available_group": "$nginx::params::sites_available_group", "sites_available_mode": "$nginx::params::sites_available_mode", "super_user": "$nginx::params::super_user", "temp_dir": "$nginx::params::temp_dir", "server_purge": "false", "include_modules_enabled": "$nginx::params::include_modules_enabled", "conf_template": "'nginx/conf.d/nginx.conf.erb'", "fastcgi_conf_template": "'nginx/server/fastcgi.conf.erb'", "uwsgi_params_template": "'nginx/server/uwsgi_params.erb'", "absolute_redirect": "undef", "accept_mutex": "'on'", "accept_mutex_delay": "'500ms'", "client_body_buffer_size": "'128k'", "client_max_body_size": "'10m'", "client_body_timeout": "'60s'", "send_timeout": "'60s'", "lingering_timeout": "'5s'", "lingering_close": "undef", "lingering_time": "undef", "etag": "undef", "events_use": "undef", "debug_connections": "[]", "fastcgi_cache_inactive": "'20m'", "fastcgi_cache_key": "undef", "fastcgi_cache_keys_zone": "'d3:100m'", "fastcgi_cache_levels": "'1'", "fastcgi_cache_max_size": "'500m'", "fastcgi_cache_path": "undef", "fastcgi_cache_use_stale": "undef", "gzip": "'off'", "gzip_buffers": "undef", "gzip_comp_level": "1", "gzip_disable": "'msie6'", "gzip_min_length": "20", "gzip_http_version": "1.1", "gzip_proxied": "'off'", "gzip_types": "undef", "gzip_vary": "'off'", "gzip_static": "undef", "http_cfg_prepend": "undef", "http_cfg_append": "undef", "http_raw_prepend": "undef", "http_raw_append": "undef", "http_tcp_nodelay": "'on'", "http_tcp_nopush": "'off'", "keepalive_timeout": "'65s'", "keepalive_requests": "'100'", "log_format": "{}", "mail": "false", "mime_types_path": "'mime.types'", "stream": "false", "multi_accept": "'off'", "names_hash_bucket_size": "64", "names_hash_max_size": "512", "nginx_cfg_prepend": "false", "proxy_buffers": "'32 4k'", "proxy_buffer_size": "'8k'", "proxy_cache_inactive": "'20m'", "proxy_cache_keys_zone": "'d2:100m'", "proxy_cache_levels": "'1'", "proxy_cache_max_size": "'500m'", "proxy_cache_path": "undef", "proxy_cache_loader_files": "undef", "proxy_cache_loader_sleep": "undef", "proxy_cache_loader_threshold": "undef", "proxy_use_temp_path": "undef", "proxy_connect_timeout": "'90s'", "proxy_headers_hash_bucket_size": "64", "proxy_http_version": "undef", "proxy_read_timeout": "'90s'", "proxy_redirect": "undef", "proxy_send_timeout": "'90s'", "proxy_set_header": "[\n 'Host $host',\n 'X-Real-IP $remote_addr',\n 'X-Forwarded-For $proxy_add_x_forwarded_for',\n 'X-Forwarded-Proto $scheme',\n 'Proxy \"\"',\n ]", "proxy_hide_header": "[]", "proxy_pass_header": "[]", "proxy_ignore_header": "[]", "proxy_max_temp_file_size": "undef", "proxy_busy_buffers_size": "undef", "sendfile": "'on'", "server_tokens": "'on'", "spdy": "'off'", "http2": "'off'", "ssl_stapling": "'off'", "ssl_stapling_verify": "'off'", "snippets_dir": "$nginx::params::snippets_dir", "manage_snippets_dir": "true", "types_hash_bucket_size": "'512'", "types_hash_max_size": "'1024'", "worker_connections": "1024", "ssl_prefer_server_ciphers": "'on'", "worker_processes": "'auto'", "worker_rlimit_nofile": "1024", "pcre_jit": "undef", "ssl_protocols": "'TLSv1 TLSv1.1 TLSv1.2'", "ssl_ciphers": "'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'", "ssl_dhparam": "undef", "ssl_ecdh_curve": "undef", "ssl_session_cache": "'shared:SSL:10m'", "ssl_session_timeout": "'5m'", "ssl_session_tickets": "undef", "ssl_session_ticket_key": "undef", "ssl_buffer_size": "undef", "ssl_crl": "undef", "ssl_stapling_file": "undef", "ssl_stapling_responder": "undef", "ssl_trusted_certificate": "undef", "ssl_verify_depth": "undef", "ssl_password_file": "undef", "reset_timedout_connection": "undef", "package_ensure": "present", "package_name": "$nginx::params::package_name", "package_source": "'nginx'", "package_flavor": "undef", "manage_repo": "$nginx::params::manage_repo", "mime_types": "$nginx::params::mime_types", "mime_types_preserve_defaults": "false", "repo_release": "undef", "passenger_package_ensure": "'present'", "passenger_package_name": "$nginx::params::passenger_package_name", "repo_source": "undef", "service_ensure": "'running'", "service_enable": "true", "service_flags": "undef", "service_restart": "undef", "service_name": "'nginx'", "service_manage": "true", "service_config_check": "false", "service_config_check_command": "'nginx -t'", "geo_mappings": "{}", "geo_mappings_defaults": "{}", "string_mappings": "{}", "string_mappings_defaults": "{}", "nginx_locations": "{}", "nginx_locations_defaults": "{}", "nginx_mailhosts": "{}", "nginx_mailhosts_defaults": "{}", "nginx_servers": "{}", "nginx_servers_defaults": "{}", "nginx_streamhosts": "{}", "nginx_streamhosts_defaults": "{}", "nginx_upstreams": "{}", "nginx_upstreams_defaults": "{}", "purge_passenger_repo": "true", "nginx_version": "pick(fact('nginx_version'), '1.6.0')"}, "source": "class nginx (\n ### START Nginx Configuration ###\n Variant[Stdlib::Absolutepath, Boolean] $client_body_temp_path = $nginx::params::client_body_temp_path,\n Boolean $confd_only = false,\n Boolean $confd_purge = false,\n $conf_dir = $nginx::params::conf_dir,\n Optional[Enum['on', 'off']] $daemon = undef,\n $daemon_user = $nginx::params::daemon_user,\n $daemon_group = undef,\n Array[String] $dynamic_modules = [],\n $global_owner = $nginx::params::global_owner,\n $global_group = $nginx::params::global_group,\n $global_mode = $nginx::params::global_mode,\n Optional[Variant[String[1], Array[String[1]]]] $limit_req_zone = undef,\n Stdlib::Absolutepath $log_dir = $nginx::params::log_dir,\n String[1] $log_user = $nginx::params::log_user,\n String[1] $log_group = $nginx::params::log_group,\n Stdlib::Filemode $log_mode = $nginx::params::log_mode,\n Variant[String, Array[String]] $http_access_log = \"${log_dir}/${nginx::params::http_access_log_file}\",\n Optional[String] $http_format_log = undef,\n Variant[String, Array[String]] $nginx_error_log = \"${log_dir}/${nginx::params::nginx_error_log_file}\",\n Nginx::ErrorLogSeverity $nginx_error_log_severity = 'error',\n $pid = $nginx::params::pid,\n Variant[Stdlib::Absolutepath, Boolean] $proxy_temp_path = $nginx::params::proxy_temp_path,\n $root_group = $nginx::params::root_group,\n $run_dir = $nginx::params::run_dir,\n $sites_available_owner = $nginx::params::sites_available_owner,\n $sites_available_group = $nginx::params::sites_available_group,\n $sites_available_mode = $nginx::params::sites_available_mode,\n Boolean $super_user = $nginx::params::super_user,\n $temp_dir = $nginx::params::temp_dir,\n Boolean $server_purge = false,\n Boolean $include_modules_enabled = $nginx::params::include_modules_enabled,\n\n # Primary Templates\n String[1] $conf_template = 'nginx/conf.d/nginx.conf.erb',\n String[1] $fastcgi_conf_template = 'nginx/server/fastcgi.conf.erb',\n String[1] $uwsgi_params_template = 'nginx/server/uwsgi_params.erb',\n\n ### START Nginx Configuration ###\n Optional[Enum['on', 'off']] $absolute_redirect = undef,\n Enum['on', 'off'] $accept_mutex = 'on',\n $accept_mutex_delay = '500ms',\n $client_body_buffer_size = '128k',\n String $client_max_body_size = '10m',\n $client_body_timeout = '60s',\n $send_timeout = '60s',\n $lingering_timeout = '5s',\n Optional[Enum['on','off','always']] $lingering_close = undef,\n Optional[String[1]] $lingering_time = undef,\n Optional[Enum['on', 'off']] $etag = undef,\n Optional[String] $events_use = undef,\n Array[Nginx::DebugConnection] $debug_connections = [],\n String $fastcgi_cache_inactive = '20m',\n Optional[String] $fastcgi_cache_key = undef,\n String $fastcgi_cache_keys_zone = 'd3:100m',\n String $fastcgi_cache_levels = '1',\n String $fastcgi_cache_max_size = '500m',\n Optional[String] $fastcgi_cache_path = undef,\n Optional[String] $fastcgi_cache_use_stale = undef,\n Enum['on', 'off'] $gzip = 'off',\n $gzip_buffers = undef,\n $gzip_comp_level = 1,\n $gzip_disable = 'msie6',\n $gzip_min_length = 20,\n $gzip_http_version = 1.1,\n $gzip_proxied = 'off',\n $gzip_types = undef,\n Enum['on', 'off'] $gzip_vary = 'off',\n Optional[Enum['on', 'off', 'always']] $gzip_static = undef,\n Optional[Variant[Hash, Array]] $http_cfg_prepend = undef,\n Optional[Variant[Hash, Array]] $http_cfg_append = undef,\n Optional[Variant[Array[String], String]] $http_raw_prepend = undef,\n Optional[Variant[Array[String], String]] $http_raw_append = undef,\n Enum['on', 'off'] $http_tcp_nodelay = 'on',\n Enum['on', 'off'] $http_tcp_nopush = 'off',\n $keepalive_timeout = '65s',\n $keepalive_requests = '100',\n $log_format = {},\n Boolean $mail = false,\n Variant[String, Boolean] $mime_types_path = 'mime.types',\n Boolean $stream = false,\n String $multi_accept = 'off',\n Integer $names_hash_bucket_size = 64,\n Integer $names_hash_max_size = 512,\n $nginx_cfg_prepend = false,\n String $proxy_buffers = '32 4k',\n String $proxy_buffer_size = '8k',\n String $proxy_cache_inactive = '20m',\n String $proxy_cache_keys_zone = 'd2:100m',\n String $proxy_cache_levels = '1',\n String $proxy_cache_max_size = '500m',\n Optional[Variant[Hash, String]] $proxy_cache_path = undef,\n Optional[Integer] $proxy_cache_loader_files = undef,\n Optional[String] $proxy_cache_loader_sleep = undef,\n Optional[String] $proxy_cache_loader_threshold = undef,\n Optional[Enum['on', 'off']] $proxy_use_temp_path = undef,\n $proxy_connect_timeout = '90s',\n Integer $proxy_headers_hash_bucket_size = 64,\n Optional[String] $proxy_http_version = undef,\n $proxy_read_timeout = '90s',\n $proxy_redirect = undef,\n $proxy_send_timeout = '90s',\n Array $proxy_set_header = [\n 'Host $host',\n 'X-Real-IP $remote_addr',\n 'X-Forwarded-For $proxy_add_x_forwarded_for',\n 'X-Forwarded-Proto $scheme',\n 'Proxy \"\"',\n ],\n Array $proxy_hide_header = [],\n Array $proxy_pass_header = [],\n Array $proxy_ignore_header = [],\n Optional[Nginx::Size] $proxy_max_temp_file_size = undef,\n Optional[Nginx::Size] $proxy_busy_buffers_size = undef,\n Enum['on', 'off'] $sendfile = 'on',\n Enum['on', 'off'] $server_tokens = 'on',\n Enum['on', 'off'] $spdy = 'off',\n Enum['on', 'off'] $http2 = 'off',\n Enum['on', 'off'] $ssl_stapling = 'off',\n Enum['on', 'off'] $ssl_stapling_verify = 'off',\n Stdlib::Absolutepath $snippets_dir = $nginx::params::snippets_dir,\n Boolean $manage_snippets_dir = true,\n $types_hash_bucket_size = '512',\n $types_hash_max_size = '1024',\n Integer $worker_connections = 1024,\n Enum['on', 'off'] $ssl_prefer_server_ciphers = 'on',\n Variant[Integer, Enum['auto']] $worker_processes = 'auto',\n Integer $worker_rlimit_nofile = 1024,\n Optional[Enum['on', 'off']] $pcre_jit = undef,\n String $ssl_protocols = 'TLSv1 TLSv1.1 TLSv1.2',\n String $ssl_ciphers = 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS', # lint:ignore:140chars\n Optional[Stdlib::Unixpath] $ssl_dhparam = undef,\n Optional[String] $ssl_ecdh_curve = undef,\n String $ssl_session_cache = 'shared:SSL:10m',\n String $ssl_session_timeout = '5m',\n Optional[Enum['on', 'off']] $ssl_session_tickets = undef,\n Optional[Stdlib::Absolutepath] $ssl_session_ticket_key = undef,\n Optional[String] $ssl_buffer_size = undef,\n Optional[Stdlib::Absolutepath] $ssl_crl = undef,\n Optional[Stdlib::Absolutepath] $ssl_stapling_file = undef,\n Optional[String] $ssl_stapling_responder = undef,\n Optional[Stdlib::Absolutepath] $ssl_trusted_certificate = undef,\n Optional[Integer] $ssl_verify_depth = undef,\n Optional[Stdlib::Absolutepath] $ssl_password_file = undef,\n Optional[Enum['on', 'off']] $reset_timedout_connection = undef,\n\n ### START Package Configuration ###\n $package_ensure = present,\n $package_name = $nginx::params::package_name,\n $package_source = 'nginx',\n $package_flavor = undef,\n Boolean $manage_repo = $nginx::params::manage_repo,\n Hash[String[1], String[1]] $mime_types = $nginx::params::mime_types,\n Boolean $mime_types_preserve_defaults = false,\n Optional[String] $repo_release = undef,\n $passenger_package_ensure = 'present',\n String[1] $passenger_package_name = $nginx::params::passenger_package_name,\n Optional[Stdlib::HTTPUrl] $repo_source = undef,\n ### END Package Configuration ###\n\n ### START Service Configuation ###\n Stdlib::Ensure::Service $service_ensure = 'running',\n $service_enable = true,\n $service_flags = undef,\n $service_restart = undef,\n $service_name = 'nginx',\n $service_manage = true,\n Boolean $service_config_check = false,\n String $service_config_check_command = 'nginx -t',\n ### END Service Configuration ###\n\n ### START Hiera Lookups ###\n Hash $geo_mappings = {},\n Hash $geo_mappings_defaults = {},\n Hash $string_mappings = {},\n Hash $string_mappings_defaults = {},\n Hash $nginx_locations = {},\n Hash $nginx_locations_defaults = {},\n Hash $nginx_mailhosts = {},\n Hash $nginx_mailhosts_defaults = {},\n Hash $nginx_servers = {},\n Hash $nginx_servers_defaults = {},\n Hash $nginx_streamhosts = {},\n Hash $nginx_streamhosts_defaults = {},\n Hash $nginx_upstreams = {},\n Nginx::UpstreamDefaults $nginx_upstreams_defaults = {},\n Boolean $purge_passenger_repo = true,\n String[1] $nginx_version = pick(fact('nginx_version'), '1.6.0'),\n\n ### END Hiera Lookups ###\n) inherits nginx::params {\n contain 'nginx::package'\n contain 'nginx::config'\n contain 'nginx::service'\n\n create_resources( 'nginx::resource::geo', $geo_mappings, $geo_mappings_defaults )\n create_resources( 'nginx::resource::location', $nginx_locations, $nginx_locations_defaults )\n create_resources( 'nginx::resource::mailhost', $nginx_mailhosts, $nginx_mailhosts_defaults )\n create_resources( 'nginx::resource::map', $string_mappings, $string_mappings_defaults )\n create_resources( 'nginx::resource::server', $nginx_servers, $nginx_servers_defaults )\n create_resources( 'nginx::resource::streamhost', $nginx_streamhosts, $nginx_streamhosts_defaults )\n create_resources( 'nginx::resource::upstream', $nginx_upstreams, $nginx_upstreams_defaults )\n\n # Allow the end user to establish relationships to the \"main\" class\n # and preserve the relationship to the implementation classes through\n # a transitive relationship to the composite class.\n Class['nginx::package'] -> Class['nginx::config'] ~> Class['nginx::service']\n Class['nginx::package'] ~> Class['nginx::service']\n}"}, {"name": "nginx::config", "file": "manifests/config.pp", "line": 3, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "summary", "text": "Manage NGINX bootstrap and configuration"}]}, "source": "class nginx::config {\n assert_private()\n\n $client_body_temp_path = $nginx::client_body_temp_path\n $confd_only = $nginx::confd_only\n $confd_purge = $nginx::confd_purge\n $conf_dir = $nginx::conf_dir\n $daemon = $nginx::daemon\n $daemon_user = $nginx::daemon_user\n $daemon_group = $nginx::daemon_group\n $dynamic_modules = $nginx::dynamic_modules\n $global_owner = $nginx::global_owner\n $global_group = $nginx::global_group\n $global_mode = $nginx::global_mode\n $limit_req_zone = $nginx::limit_req_zone\n $log_dir = $nginx::log_dir\n $log_user = $nginx::log_user\n $log_group = $nginx::log_group\n $log_mode = $nginx::log_mode\n $http_access_log = $nginx::http_access_log\n $http_format_log = $nginx::http_format_log\n $nginx_error_log = $nginx::nginx_error_log\n $nginx_error_log_severity = $nginx::nginx_error_log_severity\n $pid = $nginx::pid\n $proxy_temp_path = $nginx::proxy_temp_path\n $root_group = $nginx::root_group\n $run_dir = $nginx::run_dir\n $sites_available_owner = $nginx::sites_available_owner\n $sites_available_group = $nginx::sites_available_group\n $sites_available_mode = $nginx::sites_available_mode\n $super_user = $nginx::super_user\n $temp_dir = $nginx::temp_dir\n $server_purge = $nginx::server_purge\n $absolute_redirect = $nginx::absolute_redirect\n $accept_mutex = $nginx::accept_mutex\n $accept_mutex_delay = $nginx::accept_mutex_delay\n $client_body_buffer_size = $nginx::client_body_buffer_size\n $client_max_body_size = $nginx::client_max_body_size\n $client_body_timeout = $nginx::client_body_timeout\n $send_timeout = $nginx::send_timeout\n $lingering_timeout = $nginx::lingering_timeout\n $lingering_close = $nginx::lingering_close\n $lingering_time = $nginx::lingering_time\n $reset_timedout_connection = $nginx::reset_timedout_connection\n $etag = $nginx::etag\n $events_use = $nginx::events_use\n $debug_connections = $nginx::debug_connections\n $fastcgi_cache_inactive = $nginx::fastcgi_cache_inactive\n $fastcgi_cache_key = $nginx::fastcgi_cache_key\n $fastcgi_cache_keys_zone = $nginx::fastcgi_cache_keys_zone\n $fastcgi_cache_levels = $nginx::fastcgi_cache_levels\n $fastcgi_cache_max_size = $nginx::fastcgi_cache_max_size\n $fastcgi_cache_path = $nginx::fastcgi_cache_path\n $fastcgi_cache_use_stale = $nginx::fastcgi_cache_use_stale\n $gzip = $nginx::gzip\n $gzip_buffers = $nginx::gzip_buffers\n $gzip_comp_level = $nginx::gzip_comp_level\n $gzip_disable = $nginx::gzip_disable\n $gzip_min_length = $nginx::gzip_min_length\n $gzip_http_version = $nginx::gzip_http_version\n $gzip_proxied = $nginx::gzip_proxied\n $gzip_types = $nginx::gzip_types\n $gzip_vary = $nginx::gzip_vary\n $gzip_static = $nginx::gzip_static\n $http_raw_prepend = $nginx::http_raw_prepend\n $http_raw_append = $nginx::http_raw_append\n $http_cfg_prepend = $nginx::http_cfg_prepend\n $http_cfg_append = $nginx::http_cfg_append\n $http_tcp_nodelay = $nginx::http_tcp_nodelay\n $http_tcp_nopush = $nginx::http_tcp_nopush\n $keepalive_timeout = $nginx::keepalive_timeout\n $keepalive_requests = $nginx::keepalive_requests\n $log_format = $nginx::log_format\n $mail = $nginx::mail\n $mime_types_path = $nginx::mime_types_path\n $stream = $nginx::stream\n $mime_types = $nginx::mime_types_preserve_defaults ? {\n true => merge($nginx::params::mime_types,$nginx::mime_types),\n default => $nginx::mime_types,\n }\n $multi_accept = $nginx::multi_accept\n $names_hash_bucket_size = $nginx::names_hash_bucket_size\n $names_hash_max_size = $nginx::names_hash_max_size\n $nginx_cfg_prepend = $nginx::nginx_cfg_prepend\n $proxy_buffers = $nginx::proxy_buffers\n $proxy_buffer_size = $nginx::proxy_buffer_size\n $proxy_busy_buffers_size = $nginx::proxy_busy_buffers_size\n $proxy_cache_inactive = $nginx::proxy_cache_inactive\n $proxy_cache_keys_zone = $nginx::proxy_cache_keys_zone\n $proxy_cache_levels = $nginx::proxy_cache_levels\n $proxy_cache_max_size = $nginx::proxy_cache_max_size\n $proxy_cache_path = $nginx::proxy_cache_path\n $proxy_cache_loader_files = $nginx::proxy_cache_loader_files\n $proxy_cache_loader_sleep = $nginx::proxy_cache_loader_sleep\n $proxy_cache_loader_threshold = $nginx::proxy_cache_loader_threshold\n $proxy_use_temp_path = $nginx::proxy_use_temp_path\n $proxy_connect_timeout = $nginx::proxy_connect_timeout\n $proxy_headers_hash_bucket_size = $nginx::proxy_headers_hash_bucket_size\n $proxy_http_version = $nginx::proxy_http_version\n $proxy_max_temp_file_size = $nginx::proxy_max_temp_file_size\n $proxy_read_timeout = $nginx::proxy_read_timeout\n $proxy_redirect = $nginx::proxy_redirect\n $proxy_send_timeout = $nginx::proxy_send_timeout\n $proxy_set_header = $nginx::proxy_set_header\n $proxy_hide_header = $nginx::proxy_hide_header\n $proxy_pass_header = $nginx::proxy_pass_header\n $sendfile = $nginx::sendfile\n $server_tokens = $nginx::server_tokens\n $spdy = $nginx::spdy\n $http2 = $nginx::http2\n $ssl_buffer_size = $nginx::ssl_buffer_size\n $ssl_ciphers = $nginx::ssl_ciphers\n $ssl_crl = $nginx::ssl_crl\n $ssl_dhparam = $nginx::ssl_dhparam\n $ssl_ecdh_curve = $nginx::ssl_ecdh_curve\n $ssl_session_cache = $nginx::ssl_session_cache\n $ssl_session_timeout = $nginx::ssl_session_timeout\n $ssl_session_tickets = $nginx::ssl_session_tickets\n $ssl_session_ticket_key = $nginx::ssl_session_ticket_key\n $ssl_stapling = $nginx::ssl_stapling\n $ssl_stapling_file = $nginx::ssl_stapling_file\n $ssl_stapling_responder = $nginx::ssl_stapling_responder\n $ssl_stapling_verify = $nginx::ssl_stapling_verify\n $ssl_trusted_certificate = $nginx::ssl_trusted_certificate\n $ssl_password_file = $nginx::ssl_password_file\n $ssl_prefer_server_ciphers = $nginx::ssl_prefer_server_ciphers\n $ssl_protocols = $nginx::ssl_protocols\n $ssl_verify_depth = $nginx::ssl_verify_depth\n $types_hash_bucket_size = $nginx::types_hash_bucket_size\n $types_hash_max_size = $nginx::types_hash_max_size\n $worker_connections = $nginx::worker_connections\n $worker_processes = $nginx::worker_processes\n $worker_rlimit_nofile = $nginx::worker_rlimit_nofile\n $pcre_jit = $nginx::pcre_jit\n $include_modules_enabled = $nginx::include_modules_enabled\n\n # Non-configurable settings\n $conf_template = 'nginx/conf.d/nginx.conf.erb'\n $mime_template = 'nginx/conf.d/mime.types.epp'\n $proxy_conf_template = undef\n\n File {\n owner => $global_owner,\n group => $global_group,\n mode => $global_mode,\n }\n\n file { $conf_dir:\n ensure => directory,\n }\n\n file { \"${conf_dir}/conf.stream.d\":\n ensure => directory,\n }\n\n file { \"${conf_dir}/conf.d\":\n ensure => directory,\n }\n\n if $confd_purge {\n # Err on the side of caution - make sure *both* $server_purge and\n # $confd_purge are set if $confd_only is set, before purging files\n # ${conf_dir}/conf.d\n if (($confd_only and $server_purge) or !$confd_only) {\n File[\"${conf_dir}/conf.d\"] {\n purge => true,\n recurse => true,\n notify => Class['nginx::service'],\n }\n\n File[\"${conf_dir}/conf.stream.d\"] {\n purge => true,\n recurse => true,\n notify => Class['nginx::service'],\n }\n }\n }\n\n file { \"${conf_dir}/conf.mail.d\":\n ensure => directory,\n }\n\n if $confd_purge == true {\n File[\"${conf_dir}/conf.mail.d\"] {\n purge => true,\n recurse => true,\n }\n }\n\n file { $run_dir:\n ensure => directory,\n mode => '0644',\n }\n\n if $nginx::manage_snippets_dir {\n file { $nginx::snippets_dir:\n ensure => directory,\n }\n }\n\n file { $log_dir:\n ensure => directory,\n mode => $log_mode,\n owner => $log_user,\n group => $log_group,\n }\n\n if $client_body_temp_path {\n file { $client_body_temp_path:\n ensure => directory,\n owner => $daemon_user,\n mode => '0700',\n }\n }\n\n if $proxy_temp_path {\n file { $proxy_temp_path:\n ensure => directory,\n owner => $daemon_user,\n mode => '0700',\n }\n }\n\n unless $confd_only {\n file { \"${conf_dir}/sites-available\":\n ensure => directory,\n owner => $sites_available_owner,\n group => $sites_available_group,\n mode => $sites_available_mode,\n }\n\n file { \"${conf_dir}/sites-enabled\":\n ensure => directory,\n owner => $sites_available_owner,\n group => $sites_available_group,\n mode => $sites_available_mode,\n }\n\n if $server_purge {\n File[\"${conf_dir}/sites-available\"] {\n purge => true,\n recurse => true,\n }\n\n File[\"${conf_dir}/sites-enabled\"] {\n purge => true,\n recurse => true,\n }\n }\n\n # No real reason not to make these even if $stream is not enabled.\n file { \"${conf_dir}/streams-enabled\":\n ensure => directory,\n owner => $sites_available_owner,\n group => $sites_available_group,\n mode => $sites_available_mode,\n }\n\n file { \"${conf_dir}/streams-available\":\n ensure => directory,\n owner => $sites_available_owner,\n group => $sites_available_group,\n mode => $sites_available_mode,\n }\n\n if $server_purge {\n File[\"${conf_dir}/streams-enabled\"] {\n purge => true,\n recurse => true,\n }\n }\n }\n\n file { \"${conf_dir}/nginx.conf\":\n ensure => file,\n content => template($conf_template),\n tag => 'nginx_config_file',\n }\n\n file { \"${conf_dir}/mime.types\":\n ensure => file,\n content => epp($mime_template),\n tag => 'nginx_config_file',\n }\n\n file { \"${temp_dir}/nginx.d\":\n ensure => absent,\n purge => true,\n recurse => true,\n force => true,\n }\n\n file { \"${temp_dir}/nginx.mail.d\":\n ensure => absent,\n purge => true,\n recurse => true,\n force => true,\n }\n}"}, {"name": "nginx::package", "file": "manifests/package.pp", "line": 3, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "summary", "text": "Manage NGINX package installation"}]}, "source": "class nginx::package {\n $package_name = $nginx::package_name\n $package_source = $nginx::package_source\n $package_ensure = $nginx::package_ensure\n $package_flavor = $nginx::package_flavor\n $passenger_package_ensure = $nginx::passenger_package_ensure\n $manage_repo = $nginx::manage_repo\n\n assert_private()\n\n case $facts['os']['family'] {\n 'redhat': {\n contain nginx::package::redhat\n }\n 'debian': {\n contain nginx::package::debian\n }\n 'Solaris': {\n # $package_name needs to be specified. SFEnginx,CSWnginx depending on\n # where you get it.\n if $package_name == undef {\n fail('You must supply a value for $package_name on Solaris')\n }\n\n package { 'nginx':\n ensure => $package_ensure,\n name => $package_name,\n source => $package_source,\n }\n }\n 'OpenBSD': {\n package { $package_name:\n ensure => $package_ensure,\n flavor => $package_flavor,\n }\n }\n default: {\n package { $package_name:\n ensure => $package_ensure,\n }\n }\n }\n}"}, {"name": "nginx::package::debian", "file": "manifests/package/debian.pp", "line": 3, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "summary", "text": "Manage NGINX package installation on debian based systems"}]}, "source": "class nginx::package::debian {\n $package_name = $nginx::package_name\n $package_source = $nginx::package_source\n $package_ensure = $nginx::package_ensure\n $package_flavor = $nginx::package_flavor\n $passenger_package_ensure = $nginx::passenger_package_ensure\n $passenger_package_name = $nginx::passenger_package_name\n $manage_repo = $nginx::manage_repo\n $release = $nginx::repo_release\n $repo_source = $nginx::repo_source\n\n $distro = downcase($facts['os']['name'])\n\n package { 'nginx':\n ensure => $package_ensure,\n name => $package_name,\n }\n\n if $manage_repo {\n include 'apt'\n Exec['apt_update'] -> Package['nginx']\n\n case $package_source {\n 'nginx', 'nginx-stable': {\n $stable_repo_source = $repo_source ? {\n undef => \"https://nginx.org/packages/${distro}\",\n default => $repo_source,\n }\n apt::source { 'nginx':\n location => $stable_repo_source,\n repos => 'nginx',\n key => { 'id' => '573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62' },\n release => $release,\n }\n }\n 'nginx-mainline': {\n $mainline_repo_source = $repo_source ? {\n undef => \"https://nginx.org/packages/mainline/${distro}\",\n default => $repo_source,\n }\n apt::source { 'nginx':\n location => $mainline_repo_source,\n repos => 'nginx',\n key => { 'id' => '573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62' },\n release => $release,\n }\n }\n 'passenger': {\n $passenger_repo_source = $repo_source ? {\n undef => 'https://oss-binaries.phusionpassenger.com/apt/passenger',\n default => $repo_source,\n }\n apt::source { 'nginx':\n location => $passenger_repo_source,\n repos => 'main',\n key => { 'id' => '16378A33A6EF16762922526E561F9B9CAC40B2F7' },\n }\n\n package { $passenger_package_name:\n ensure => $passenger_package_ensure,\n require => Exec['apt_update'],\n }\n\n if $package_name != 'nginx-extras' {\n warning('You must set $package_name to \"nginx-extras\" to enable Passenger')\n }\n }\n default: {\n fail(\"\\$package_source must be 'nginx-stable', 'nginx-mainline' or 'passenger'. It was set to '${package_source}'\")\n }\n }\n }\n}"}, {"name": "nginx::package::redhat", "file": "manifests/package/redhat.pp", "line": 3, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "summary", "text": "Manage NGINX package installation on RedHat based systems"}]}, "source": "class nginx::package::redhat {\n $package_name = $nginx::package_name\n $package_source = $nginx::package_source\n $package_ensure = $nginx::package_ensure\n $package_flavor = $nginx::package_flavor\n $passenger_package_ensure = $nginx::passenger_package_ensure\n $passenger_package_name = $nginx::passenger_package_name\n $manage_repo = $nginx::manage_repo\n $purge_passenger_repo = $nginx::purge_passenger_repo\n\n #Install the CentOS-specific packages on that OS, otherwise assume it's a RHEL\n #clone and provide the Red Hat-specific package. This comes into play when not\n #on RHEL or CentOS and $manage_repo is set manually to 'true'.\n $_os = $facts['os']['name'] ? {\n 'centos' => 'centos',\n 'VirtuozzoLinux' => 'centos',\n default => 'rhel'\n }\n\n if $manage_repo {\n case $package_source {\n 'nginx', 'nginx-stable': {\n yumrepo { 'nginx-release':\n baseurl => \"https://nginx.org/packages/${_os}/${facts['os']['release']['major']}/\\$basearch/\",\n descr => 'nginx repo',\n enabled => '1',\n gpgcheck => '1',\n priority => '1',\n gpgkey => 'https://nginx.org/keys/nginx_signing.key',\n before => Package['nginx'],\n }\n\n if $purge_passenger_repo {\n yumrepo { 'passenger':\n ensure => absent,\n before => Package['nginx'],\n }\n }\n }\n 'nginx-mainline': {\n yumrepo { 'nginx-release':\n baseurl => \"https://nginx.org/packages/mainline/${_os}/${facts['os']['release']['major']}/\\$basearch/\",\n descr => 'nginx repo',\n enabled => '1',\n gpgcheck => '1',\n priority => '1',\n gpgkey => 'https://nginx.org/keys/nginx_signing.key',\n before => Package['nginx'],\n }\n\n if $purge_passenger_repo {\n yumrepo { 'passenger':\n ensure => absent,\n before => Package['nginx'],\n }\n }\n }\n 'passenger': {\n if ($facts['os']['name'] in ['RedHat', 'CentOS', 'VirtuozzoLinux']) and ($facts['os']['release']['major'] in ['6', '7']) {\n # 2019-11: Passenger changed their gpg key from: `https://packagecloud.io/phusion/passenger/gpgkey`\n # to: `https://oss-binaries.phusionpassenger.com/auto-software-signing-gpg-key.txt`\n # Find the latest key by opening: https://oss-binaries.phusionpassenger.com/yum/definitions/el-passenger.repo\n\n # Also note: Since 6.0.5 there are no nginx packages in the phusion EL7 repository, and nginx packages are expected to come from epel instead\n yumrepo { 'passenger':\n baseurl => \"https://oss-binaries.phusionpassenger.com/yum/passenger/el/${facts['os']['release']['major']}/\\$basearch\",\n descr => 'passenger repo',\n enabled => '1',\n gpgcheck => '0',\n repo_gpgcheck => '1',\n priority => '1',\n gpgkey => 'https://oss-binaries.phusionpassenger.com/auto-software-signing-gpg-key.txt',\n before => Package['nginx'],\n }\n\n yumrepo { 'nginx-release':\n ensure => absent,\n before => Package['nginx'],\n }\n\n package { $passenger_package_name:\n ensure => $passenger_package_ensure,\n require => Yumrepo['passenger'],\n }\n } else {\n fail(\"${facts['os']['name']} version ${facts['os']['release']['major']} is unsupported with \\$package_source 'passenger'\")\n }\n }\n default: {\n fail(\"\\$package_source must be 'nginx-stable', 'nginx-mainline', or 'passenger'. It was set to '${package_source}'\")\n }\n }\n }\n\n package { 'nginx':\n ensure => $package_ensure,\n name => $package_name,\n }\n}"}, {"name": "nginx::params", "file": "manifests/params.pp", "line": 3, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "summary", "text": "default settings and according to operating system"}]}, "source": "class nginx::params {\n ### Operating System Configuration\n ## This is my hacky... no hiera system. Oh well. :)\n $_module_defaults = {\n 'conf_dir' => '/etc/nginx',\n 'daemon_user' => 'nginx',\n 'pid' => '/var/run/nginx.pid',\n 'root_group' => 'root',\n 'log_dir' => '/var/log/nginx',\n 'log_user' => 'nginx',\n 'log_group' => 'root',\n 'log_mode' => '0750',\n 'run_dir' => '/var/nginx',\n 'package_name' => 'nginx',\n 'passenger_package_name' => 'passenger',\n 'manage_repo' => false,\n 'include_modules_enabled' => false,\n 'mime_types' => {\n 'text/html' => 'html htm shtml',\n 'text/css' => 'css',\n 'text/xml' => 'xml',\n 'image/gif' => 'gif',\n 'image/jpeg' => 'jpeg jpg',\n 'application/javascript' => 'js',\n 'application/atom+xml' => 'atom',\n 'application/rss+xml' => 'rss',\n 'text/mathml' => 'mml',\n 'text/plain' => 'txt',\n 'text/vnd.sun.j2me.app-descriptor' => 'jad',\n 'text/vnd.wap.wml' => 'wml',\n 'text/x-component' => 'htc',\n 'image/png' => 'png',\n 'image/tiff' => 'tif tiff',\n 'image/vnd.wap.wbmp' => 'wbmp',\n 'image/x-icon' => 'ico',\n 'image/x-jng' => 'jng',\n 'image/x-ms-bmp' => 'bmp',\n 'image/svg+xml' => 'svg svgz',\n 'image/webp' => 'webp',\n 'application/font-woff' => 'woff',\n 'application/java-archive' => 'jar war ear',\n 'application/json' => 'json',\n 'application/mac-binhex40' => 'hqx',\n 'application/msword' => 'doc',\n 'application/pdf' => 'pdf',\n 'application/postscript' => 'ps eps ai',\n 'application/rtf' => 'rtf',\n 'application/vnd.apple.mpegurl' => 'm3u8',\n 'application/vnd.ms-excel' => 'xls',\n 'application/vnd.ms-fontobject' => 'eot',\n 'application/vnd.ms-powerpoint' => 'ppt',\n 'application/vnd.wap.wmlc' => 'wmlc',\n 'application/vnd.google-earth.kml+xml' => 'kml',\n 'application/vnd.google-earth.kmz' => 'kmz',\n 'application/x-7z-compressed' => '7z',\n 'application/x-cocoa' => 'cco',\n 'application/x-java-archive-diff' => 'jardiff',\n 'application/x-java-jnlp-file' => 'jnlp',\n 'application/x-makeself' => 'run',\n 'application/x-perl' => 'pl pm',\n 'application/x-pilot' => 'prc pdb',\n 'application/x-rar-compressed' => 'rar',\n 'application/x-redhat-package-manager' => 'rpm',\n 'application/x-sea' => 'sea',\n 'application/x-shockwave-flash' => 'swf',\n 'application/x-stuffit' => 'sit',\n 'application/x-tcl' => 'tcl tk',\n 'application/x-x509-ca-cert' => 'der pem crt',\n 'application/x-xpinstall' => 'xpi',\n 'application/xhtml+xml' => 'xhtml',\n 'application/xspf+xml' => 'xspf',\n 'application/zip' => 'zip',\n 'application/octet-stream' => 'bin exe dll deb dmg iso img msi msp msm',\n 'application/vnd.openxmlformats-officedocument.wordprocessingml.document' => 'docx',\n 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet' => 'xlsx',\n 'application/vnd.openxmlformats-officedocument.presentationml.presentation' => 'pptx',\n 'audio/midi' => 'mid midi kar',\n 'audio/mpeg' => 'mp3',\n 'audio/ogg' => 'ogg',\n 'audio/x-m4a' => 'm4a',\n 'audio/x-realaudio' => 'ra',\n 'video/3gpp' => '3gpp 3gp',\n 'video/mp2t' => 'ts',\n 'video/mp4' => 'mp4',\n 'video/mpeg' => 'mpeg mpg',\n 'video/quicktime' => 'mov',\n 'video/webm' => 'webm',\n 'video/x-flv' => 'flv',\n 'video/x-m4v' => 'm4v',\n 'video/x-mng' => 'mng',\n 'video/x-ms-asf' => 'asx asf',\n 'video/x-ms-wmv' => 'wmv',\n 'video/x-msvideo' => 'avi',\n },\n }\n case $facts['os']['family'] {\n 'ArchLinux': {\n $_module_os_overrides = {\n 'pid' => false,\n 'daemon_user' => 'http',\n 'log_user' => 'http',\n 'log_group' => 'log',\n 'package_name' => 'nginx-mainline',\n }\n }\n 'Debian': {\n if ($facts['os']['name'] == 'ubuntu' and $facts['os']['distro']['codename'] == 'xenial') {\n $_module_os_overrides = {\n 'manage_repo' => true,\n 'daemon_user' => 'www-data',\n 'log_user' => 'root',\n 'log_group' => 'adm',\n 'log_mode' => '0755',\n 'run_dir' => '/run/nginx',\n }\n # The following was designed/tested on Ubuntu 18 and Debian 9/10 but probably works on newer versions as well\n } else {\n $_module_os_overrides = {\n 'manage_repo' => true,\n 'daemon_user' => 'www-data',\n 'log_user' => 'root',\n 'log_group' => 'adm',\n 'log_mode' => '0755',\n 'run_dir' => '/run/nginx',\n 'passenger_package_name' => 'libnginx-mod-http-passenger',\n 'include_modules_enabled' => true,\n }\n }\n }\n 'DragonFly', 'FreeBSD': {\n $_module_os_overrides = {\n 'conf_dir' => '/usr/local/etc/nginx',\n 'daemon_user' => 'www',\n 'root_group' => 'wheel',\n 'log_group' => 'wheel',\n 'log_user' => 'root',\n }\n }\n 'Gentoo': {\n $_module_os_overrides = {\n 'package_name' => 'www-servers/nginx',\n }\n }\n 'RedHat': {\n if ($facts['os']['name'] in ['RedHat', 'CentOS', 'Oracle', 'virtuozzolinux'] and $facts['os']['release']['major'] in ['6', '7']) {\n $_module_os_overrides = {\n 'manage_repo' => true,\n 'log_group' => 'nginx',\n }\n } else {\n $_module_os_overrides = {\n 'log_group' => 'nginx',\n }\n }\n }\n 'Solaris': {\n case $facts['os']['name'] {\n 'SmartOS': {\n $_module_os_overrides = {\n 'conf_dir' => '/opt/local/etc/nginx',\n 'daemon_user' => 'www',\n 'log_user' => 'www',\n 'log_group' => 'root',\n }\n }\n default: {\n $_module_os_overrides = {\n 'daemon_user' => 'webservd',\n 'package_name' => undef,\n }\n }\n }\n }\n 'OpenBSD': {\n $_module_os_overrides = {\n 'daemon_user' => 'www',\n 'root_group' => 'wheel',\n 'log_dir' => '/var/www/logs',\n 'log_user' => 'www',\n 'log_group' => 'wheel',\n 'run_dir' => '/var/www',\n }\n }\n 'AIX': {\n $_module_os_overrides = {\n 'daemon_user' => 'nginx',\n 'root_group' => 'system',\n 'conf_dir' => '/opt/freeware/etc/nginx/',\n 'log_dir' => '/opt/freeware/var/log/nginx/',\n 'log_group' => 'system',\n 'run_dir' => '/opt/freeware/share/nginx/html',\n }\n }\n default: {\n ## For cases not covered in $::osfamily\n case $facts['os']['name'] {\n default: { $_module_os_overrides = {} }\n }\n }\n }\n\n $_module_parameters = merge($_module_defaults, $_module_os_overrides)\n ### END Operating System Configuration\n\n ### Referenced Variables\n $conf_dir = $_module_parameters['conf_dir']\n $snippets_dir = \"${conf_dir}/snippets\"\n $log_dir = $_module_parameters['log_dir']\n $log_user = $_module_parameters['log_user']\n $log_group = $_module_parameters['log_group']\n $log_mode = $_module_parameters['log_mode']\n $run_dir = $_module_parameters['run_dir']\n $temp_dir = '/tmp'\n $pid = $_module_parameters['pid']\n $include_modules_enabled = $_module_parameters['include_modules_enabled']\n\n $client_body_temp_path = \"${run_dir}/client_body_temp\"\n $daemon_user = $_module_parameters['daemon_user']\n $global_owner = 'root'\n $global_group = $_module_parameters['root_group']\n $global_mode = '0644'\n $http_access_log_file = 'access.log'\n $manage_repo = $_module_parameters['manage_repo']\n $mime_types = $_module_parameters['mime_types']\n $nginx_error_log_file = 'error.log'\n $root_group = $_module_parameters['root_group']\n $package_name = $_module_parameters['package_name']\n $passenger_package_name = $_module_parameters['passenger_package_name']\n $proxy_temp_path = \"${run_dir}/proxy_temp\"\n $sites_available_owner = 'root'\n $sites_available_group = $_module_parameters['root_group']\n $sites_available_mode = '0644'\n $super_user = true\n ### END Referenced Variables\n}"}, {"name": "nginx::service", "file": "manifests/service.pp", "line": 5, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "summary", "text": "Manage NGINX service management"}]}, "source": "class nginx::service {\n assert_private()\n\n if $nginx::service_config_check {\n exec { 'nginx_config_check':\n command => $nginx::service_config_check_command,\n refreshonly => true,\n path => [\n '/usr/local/sbin',\n '/usr/local/bin',\n '/usr/sbin',\n '/usr/bin',\n '/sbin',\n '/bin',\n ],\n }\n\n File <| tag == 'nginx_config_file' |> ~> Exec['nginx_config_check']\n Concat <| tag == 'nginx_config_file' |> ~> Exec['nginx_config_check']\n }\n\n if $nginx::service_manage {\n $service_require = $nginx::service_config_check ? {\n true => Exec['nginx_config_check'],\n false => undef,\n }\n\n service { $nginx::service_name:\n ensure => $nginx::service_ensure,\n enable => $nginx::service_enable,\n flags => $nginx::service_flags,\n restart => $nginx::service_restart,\n require => $service_require,\n }\n }\n}"}, {"name": "apache", "file": "manifests/init.pp", "line": 463, "inherits": "::apache::params", "docstring": {"text": "When this class is declared with the default options, Puppet:\n- Installs the appropriate Apache software package and [required Apache modules](#default_mods) for your operating system.\n- Places the required configuration files in a directory, with the [default location](#conf_dir) determined by your operating system.\n- Configures the server with a default virtual host and standard port (`80`) and address (`\\*`) bindings.\n- Creates a document root directory determined by your operating system, typically `/var/www`.\n- Starts the Apache service.\n\nIf an ldaps:// URL is specified, the mode becomes SSL and the setting of LDAPTrustedMode is ignored.", "tags": [{"tag_name": "example", "text": "class { 'apache': }", "name": ""}, {"tag_name": "param", "text": "Sets the server default for the `AllowEncodedSlashes` declaration, which modifies the\nresponses to URLs containing '\\' and '/' characters. If not specified, this parameter omits\nthe declaration from the server's configuration and uses Apache's default setting of 'off'.", "types": ["Optional[Enum['on', 'off', 'nodecode']]"], "name": "allow_encoded_slashes"}, {"tag_name": "param", "text": "Configures module template behavior, package names, and default Apache modules by defining\nthe version of Apache to use. We do not recommend manually configuring this parameter\nwithout reason.", "types": ["Any"], "name": "apache_version"}, {"tag_name": "param", "text": "Sets the directory where the Apache server's main configuration file is located.", "types": ["Any"], "name": "conf_dir"}, {"tag_name": "param", "text": "Defines the template used for the main Apache configuration file. Modifying this\nparameter is potentially risky, as the apache module is designed to use a minimal\nconfiguration file customized by `conf.d` entries.", "types": ["Any"], "name": "conf_template"}, {"tag_name": "param", "text": "Sets the location of the Apache server's custom configuration directory.", "types": ["Any"], "name": "confd_dir"}, {"tag_name": "param", "text": "Used as the `AddDefaultCharset` directive in the main configuration file.", "types": ["Any"], "name": "default_charset"}, {"tag_name": "param", "text": "Determines whether Puppet generates a default set of includable Apache configuration files\nin the directory defined by the `confd_dir` parameter. These configuration files\ncorrespond to what is typically installed with the Apache package on the server's\noperating system.", "types": ["Boolean"], "name": "default_confd_files"}, {"tag_name": "param", "text": "Determines whether to configure and enable a set of default Apache modules depending on\nyour operating system.<br />\nIf `false`, Puppet includes only the Apache modules required to make the HTTP daemon work\non your operating system, and you can declare any other modules separately using the\n`apache::mod::<MODULE NAME>` class or `apache::mod` defined type.<br />\nIf `true`, Puppet installs additional modules, depending on the operating system and\nthe values of `apache_version` and `mpm_module` parameters. Because these lists of\nmodules can change frequently, consult the Puppet module's code for up-to-date lists.<br />\nIf this parameter contains an array, Puppet instead enables all passed Apache modules.", "types": ["Any"], "name": "default_mods"}, {"tag_name": "param", "text": "Sets the default certificate authority for the Apache server.<br />\nAlthough the default value results in a functioning Apache server, you **must** update\nthis parameter with your certificate authority information before deploying this server in\na production environment.", "types": ["Any"], "name": "default_ssl_ca"}, {"tag_name": "param", "text": "Sets the SSL encryption certificate location.<br />\nAlthough the default value results in a functioning Apache server, you **must** update this\nparameter with your certificate location before deploying this server in a production environment.", "types": ["Any"], "name": "default_ssl_cert"}, {"tag_name": "param", "text": "Sets the default SSL chain location.<br />\nAlthough this default value results in a functioning Apache server, you **must** update\nthis parameter with your SSL chain before deploying this server in a production environment.", "types": ["Any"], "name": "default_ssl_chain"}, {"tag_name": "param", "text": "Sets the path of the default certificate revocation list (CRL) file to use.<br />\nAlthough this default value results in a functioning Apache server, you **must** update\nthis parameter with the CRL file path before deploying this server in a production\nenvironment. You can use this parameter with or in place of the `default_ssl_crl_path`.", "types": ["Any"], "name": "default_ssl_crl"}, {"tag_name": "param", "text": "Sets the server's certificate revocation list path, which contains your CRLs.<br />\nAlthough this default value results in a functioning Apache server, you **must** update\nthis parameter with the CRL file path before deploying this server in a production environment.", "types": ["Any"], "name": "default_ssl_crl_path"}, {"tag_name": "param", "text": "Sets the default certificate revocation check level via the `SSLCARevocationCheck` directive.\nThis parameter applies only to Apache 2.4 or higher and is ignored on older versions.<br />\nAlthough this default value results in a functioning Apache server, you **must** specify\nthis parameter when using certificate revocation lists in a production environment.", "types": ["Any"], "name": "default_ssl_crl_check"}, {"tag_name": "param", "text": "Sets the SSL certificate key file location.\nAlthough the default values result in a functioning Apache server, you **must** update\nthis parameter with your SSL key's location before deploying this server in a production\nenvironment.", "types": ["Any"], "name": "default_ssl_key"}, {"tag_name": "param", "text": "Enable reloading of apache if the content of ssl files have changed.", "types": ["Boolean"], "name": "default_ssl_reload_on_change"}, {"tag_name": "param", "text": "Configures a default SSL virtual host.\nIf `true`, Puppet automatically configures the following virtual host using the\n`apache::vhost` defined type:\n```puppet\napache::vhost { 'default-ssl':\n port => 443,\n ssl => true,\n docroot => $docroot,\n scriptalias => $scriptalias,\n serveradmin => $serveradmin,\n access_log_file => \"ssl_${access_log_file}\",\n}\n```\n**Note**: SSL virtual hosts only respond to HTTPS queries.", "types": ["Boolean"], "name": "default_ssl_vhost"}, {"tag_name": "param", "text": "_Apache 2.2 only_. Sets the MIME `content-type` sent if the server cannot otherwise\ndetermine an appropriate `content-type`. This directive is deprecated in Apache 2.4 and\nnewer, and is only for backwards compatibility in configuration files.", "types": ["Any"], "name": "default_type"}, {"tag_name": "param", "text": "Configures a default virtual host when the class is declared.<br />\nTo configure customized virtual hosts, set this parameter's\nvalue to `false`.<br />\n> **Note**: Apache will not start without at least one virtual host. If you set this\nto `false` you must configure a virtual host elsewhere.", "types": ["Boolean"], "name": "default_vhost"}, {"tag_name": "param", "text": "Configures a specific dev package to use.<br />\nFor example, using httpd 2.4 from the IUS yum repo:<br />\n``` puppet\ninclude ::apache::dev\nclass { 'apache':\n apache_name => 'httpd24u',\n dev_packages => 'httpd24u-devel',\n}\n```", "types": ["Any"], "name": "dev_packages"}, {"tag_name": "param", "text": "Sets the default `DocumentRoot` location.", "types": ["Any"], "name": "docroot"}, {"tag_name": "param", "text": "Determines whether to enable [custom error documents](https://httpd.apache.org/docs/current/custom-error.html) on the Apache server.", "types": ["Any"], "name": "error_documents"}, {"tag_name": "param", "text": "Sets the group ID that owns any Apache processes spawned to answer requests.<br />\nBy default, Puppet attempts to manage this group as a resource under the `apache`\nclass, determining the group based on the operating system as detected by the\n`apache::params` class. To prevent the group resource from being created and use a group\ncreated by another Puppet module, set the `manage_group` parameter's value to `false`.<br />\n> **Note**: Modifying this parameter only changes the group ID that Apache uses to spawn\nchild processes to access resources. It does not change the user that owns the parent server\nprocess.", "types": ["Any"], "name": "group"}, {"tag_name": "param", "text": "Sets the Apache server's base configuration directory. This is useful for specially\nrepackaged Apache server builds but might have unintended consequences when combined\nwith the default distribution packages.", "types": ["Any"], "name": "httpd_dir"}, {"tag_name": "param", "text": "Specifies the strictness of HTTP protocol checks.<br />\nValid options: any sequence of the following alternative values: `Strict` or `Unsafe`,\n`RegisteredMethods` or `LenientMethods`, and `Allow0.9` or `Require1.0`.", "types": ["Any"], "name": "http_protocol_options"}, {"tag_name": "param", "text": "Determines whether to enable persistent HTTP connections with the `KeepAlive` directive.\nIf you set this to `On`, use the `keepalive_timeout` and `max_keepalive_requests` parameters\nto set relevant options.<br />", "types": ["Any"], "name": "keepalive"}, {"tag_name": "param", "text": "Sets the `KeepAliveTimeout` directive, which determines the amount of time the Apache\nserver waits for subsequent requests on a persistent HTTP connection. This parameter is\nonly relevant if the `keepalive` parameter is enabled.", "types": ["Any"], "name": "keepalive_timeout"}, {"tag_name": "param", "text": "Limits the number of requests allowed per connection when the `keepalive` parameter is enabled.", "types": ["Any"], "name": "max_keepalive_requests"}, {"tag_name": "param", "text": "This directive enables DNS lookups so that host names can be logged and passed to\nCGIs/SSIs in REMOTE_HOST.<br />\n> **Note**: If enabled, it impacts performance significantly.", "types": ["Enum['Off', 'On', 'Double', 'off', 'on', 'double']"], "name": "hostname_lookups"}, {"tag_name": "param", "text": "The following modes are supported:\n\n NONE - no encryption\n SSL - ldaps:// encryption on default port 636\n TLS - STARTTLS encryption on default port 389\nNot all LDAP toolkits support all the above modes. An error message will be logged at\nruntime if a mode is not supported, and the connection to the LDAP server will fail.", "types": ["Any"], "name": "ldap_trusted_mode"}, {"tag_name": "param", "text": "Specifies whether to force the verification of a server certificate when establishing an SSL\nconnection to the LDAP server.\nOn|Off", "types": ["Any"], "name": "ldap_verify_server_cert"}, {"tag_name": "param", "text": "Specifies the location whereApache module files are stored.<br />\n> **Note**: Do not configure this parameter manually without special reason.", "types": ["Any"], "name": "lib_path"}, {"tag_name": "param", "text": "Configures the apache [LogLevel](https://httpd.apache.org/docs/current/mod/core.html#loglevel) directive\nwhich adjusts the verbosity of the messages recorded in the error logs.", "types": ["Apache::LogLevel"], "name": "log_level"}, {"tag_name": "param", "text": "Define additional `LogFormat` directives. Values: A hash, such as:\n``` puppet\n$log_formats = { vhost_common => '%v %h %l %u %t \\\"%r\\\" %>s %b' }\n```\n There are a number of predefined `LogFormats` in the `httpd.conf` that Puppet creates:\n``` httpd\n LogFormat \"%h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\"\" combined\n LogFormat \"%h %l %u %t \\\"%r\\\" %>s %b\" common\n LogFormat \"%{Referer}i -> %U\" referer\n LogFormat \"%{User-agent}i\" agent\n LogFormat \"%{X-Forwarded-For}i %l %u %t \\\"%r\\\" %s %b \\\"%{Referer}i\\\" \\\"%{User-agent}i\\\"\" forwarded\n```\nIf your `log_formats` parameter contains one of those, it will be overwritten with **your** definition.", "types": ["Any"], "name": "log_formats"}, {"tag_name": "param", "text": "Changes the directory of Apache log files for the virtual host.", "types": ["Any"], "name": "logroot"}, {"tag_name": "param", "text": "Overrides the default `logroot` directory's mode.<br />\n> **Note**: Do _not_ grant write access to the directory where the logs are stored\nwithout being aware of the consequences. See the [Apache documentation](https://httpd.apache.org/docs/current/logs.html#security)\nfor details.", "types": ["Any"], "name": "logroot_mode"}, {"tag_name": "param", "text": "When `false`, stops Puppet from creating the group resource.<br />\nIf you have a group created from another Puppet module that you want to use to run Apache,\nset this to `false`. Without this parameter, attempting to use a previously established\ngroup results in a duplicate resource error.", "types": ["Boolean"], "name": "manage_group"}, {"tag_name": "param", "text": "A list of groups to which the user belongs. These groups are in addition to the primary group.<br />\nNotice: This option only has an effect when `manage_user` is set to true.", "types": ["Any"], "name": "supplementary_groups"}, {"tag_name": "param", "text": "When `false`, stops Puppet from creating the user resource.<br />\nThis is for instances when you have a user, created from another Puppet module, you want\nto use to run Apache. Without this parameter, attempting to use a previously established\nuser would result in a duplicate resource error.", "types": ["Boolean"], "name": "manage_user"}, {"tag_name": "param", "text": "Sets where Puppet places configuration files for your Apache modules.", "types": ["Any"], "name": "mod_dir"}, {"tag_name": "param", "text": "Allows the user to override default module library names.\n```puppet\ninclude apache::params\nclass { 'apache':\n mod_libs => merge($::apache::params::mod_libs, {\n 'wsgi' => 'mod_wsgi_python3.so',\n })\n}\n```", "types": ["Any"], "name": "mod_libs"}, {"tag_name": "param", "text": "Allows the user to override default module package names.\n```puppet\ninclude apache::params\nclass { 'apache':\n mod_packages => merge($::apache::params::mod_packages, {\n 'auth_kerb' => 'httpd24-mod_auth_kerb',\n })\n}\n```", "types": ["Any"], "name": "mod_packages"}, {"tag_name": "param", "text": "Determines which [multi-processing module](https://httpd.apache.org/docs/current/mpm.html) (MPM) is loaded and configured for the\nHTTPD process. Valid values are: `event`, `itk`, `peruser`, `prefork`, `worker` or `false`.<br />\nYou must set this to `false` to explicitly declare the following classes with custom parameters:\n- `apache::mod::event`\n- `apache::mod::itk`\n- `apache::mod::peruser`\n- `apache::mod::prefork`\n- `apache::mod::worker`", "types": ["Any"], "name": "mpm_module"}, {"tag_name": "param", "text": "Controls the `package` resource's `ensure` attribute. Valid values are: `absent`, `installed`\n(or equivalent `present`), or a version string.", "types": ["Any"], "name": "package_ensure"}, {"tag_name": "param", "text": "Allows settting a custom location for the pid file. Useful if using a custom-built Apache rpm.", "types": ["Any"], "name": "pidfile"}, {"tag_name": "param", "text": "Sets the path to the file containing Apache ports configuration.", "types": ["Any"], "name": "ports_file"}, {"tag_name": "param", "text": "Sets the [Protocols](https://httpd.apache.org/docs/current/en/mod/core.html#protocols)\ndirective, which lists available protocols for the server.", "types": ["Array[Enum['h2', 'h2c', 'http/1.1']]"], "name": "protocols"}, {"tag_name": "param", "text": "Sets the [ProtocolsHonorOrder](https://httpd.apache.org/docs/current/en/mod/core.html#protocolshonororder)\ndirective which determines whether the order of Protocols sets precedence during negotiation.", "types": ["Optional[Boolean]"], "name": "protocols_honor_order"}, {"tag_name": "param", "text": "Removes all other Apache configs and virtual hosts.<br />\nSetting this to `false` is a stopgap measure to allow the apache module to coexist with\nexisting or unmanaged configurations. We recommend moving your configuration to resources\nwithin this module. For virtual host configurations, see `purge_vhost_dir`.", "types": ["Any"], "name": "purge_configs"}, {"tag_name": "param", "text": "If the `vhost_dir` parameter's value differs from the `confd_dir` parameter's, this parameter\ndetermines whether Puppet removes any configurations inside `vhost_dir` that are _not_ managed\nby Puppet.<br />\nSetting `purge_vhost_dir` to `false` is a stopgap measure to allow the apache module to\ncoexist with existing or otherwise unmanaged configurations within `vhost_dir`.", "types": ["Any"], "name": "purge_vhost_dir"}, {"tag_name": "param", "text": "Allows setting a custom location for a rewrite lock - considered best practice if using\na RewriteMap of type prg in the `rewrites` parameter of your virtual host. This parameter\nonly applies to Apache version 2.2 or lower and is ignored on newer versions.", "types": ["Optional[Stdlib::Absolutepath]"], "name": "rewrite_lock"}, {"tag_name": "param", "text": "Forces Apache to use the Linux kernel's `sendfile` support to serve static files, via the\n`EnableSendfile` directive.", "types": ["Enum['On', 'Off', 'on', 'off']"], "name": "sendfile"}, {"tag_name": "param", "text": "Sets the Apache server administrator's contact information via Apache's `ServerAdmin` directive.", "types": ["Any"], "name": "serveradmin"}, {"tag_name": "param", "text": "Sets the Apache server name via Apache's `ServerName` directive.\nSetting to `false` will not set ServerName at all.", "types": ["Any"], "name": "servername"}, {"tag_name": "param", "text": "Sets the Apache server's root directory via Apache's `ServerRoot` directive.", "types": ["Any"], "name": "server_root"}, {"tag_name": "param", "text": "Configures a trailing footer line to display at the bottom of server-generated documents,\nsuch as error documents and output of certain Apache modules, via Apache's `ServerSignature`\ndirective. Valid values are: `On` or `Off`.", "types": ["Any"], "name": "server_signature"}, {"tag_name": "param", "text": "Controls how much information Apache sends to the browser about itself and the operating\nsystem, via Apache's `ServerTokens` directive.", "types": ["Any"], "name": "server_tokens"}, {"tag_name": "param", "text": "Determines whether Puppet enables the Apache HTTPD service when the system is booted.", "types": ["Boolean"], "name": "service_enable"}, {"tag_name": "param", "text": "Determines whether Puppet should make sure the service is running.\nValid values are: `true` (or `running`) or `false` (or `stopped`).<br />\nThe `false` or `stopped` values set the 'httpd' service resource's `ensure` parameter\nto `false`, which is useful when you want to let the service be managed by another\napplication, such as Pacemaker.<br />", "types": ["Any"], "name": "service_ensure"}, {"tag_name": "param", "text": "Sets the name of the Apache service.", "types": ["Any"], "name": "service_name"}, {"tag_name": "param", "text": "Determines whether Puppet manages the HTTPD service's state.", "types": ["Boolean"], "name": "service_manage"}, {"tag_name": "param", "text": "Determines whether Puppet should use a specific command to restart the HTTPD service.\nValues: a command to restart the Apache service.", "types": ["Any"], "name": "service_restart"}, {"tag_name": "param", "text": "Sets Apache's `TimeOut` directive, which defines the number of seconds Apache waits for\ncertain events before failing a request.", "types": ["Any"], "name": "timeout"}, {"tag_name": "param", "text": "Controls how Apache handles `TRACE` requests (per RFC 2616) via the `TraceEnable` directive.", "types": ["Any"], "name": "trace_enable"}, {"tag_name": "param", "text": "Controls Apache's `UseCanonicalName` directive which controls how Apache handles\nself-referential URLs. If not specified, this parameter omits the declaration from the\nserver's configuration and uses Apache's default setting of 'off'.", "types": ["Optional[Enum['On', 'on', 'Off', 'off', 'DNS', 'dns']]"], "name": "use_canonical_name"}, {"tag_name": "param", "text": "Controls whether the systemd module should be installed on Centos 7 servers, this is\nespecially useful if using custom-built RPMs.", "types": ["Any"], "name": "use_systemd"}, {"tag_name": "param", "text": "Sets the desired permissions mode for config files.\nValid values are: a string, with permissions mode in symbolic or numeric notation.", "types": ["Any"], "name": "file_mode"}, {"tag_name": "param", "text": "Array of the desired options for the `/` directory in httpd.conf.", "types": ["Any"], "name": "root_directory_options"}, {"tag_name": "param", "text": "Sets the default access policy for the `/` directory in httpd.conf. A value of `false`\nallows access to all resources that are missing a more specific access policy. A value of\n`true` denies access to all resources by default. If `true`, more specific rules must be\nused to allow access to these resources (for example, in a directory block using the\n`directories` parameter).", "types": ["Boolean"], "name": "root_directory_secured"}, {"tag_name": "param", "text": "Changes your virtual host configuration files' location.", "types": ["Any"], "name": "vhost_dir"}, {"tag_name": "param", "text": "Defines the pattern for files included from the `vhost_dir`.\nIf set to a value like `[^.#]\\*.conf[^~]` to make sure that files accidentally created in\nthis directory (such as files created by version control systems or editor backups) are\n*not* included in your server configuration.<br />\nSome operating systems use a value of `*.conf`. By default, this module creates configuration\nfiles ending in `.conf`.", "types": ["Any"], "name": "vhost_include_pattern"}, {"tag_name": "param", "text": "Changes the user that Apache uses to answer requests. Apache's parent process continues\nto run as root, but child processes access resources as the user defined by this parameter.\nTo prevent Puppet from managing the user, set the `manage_user` parameter to `false`.", "types": ["Any"], "name": "user"}, {"tag_name": "param", "text": "The name of the Apache package to install. If you are using a non-standard Apache package\nyou might need to override the default setting.<br />\nFor CentOS/RHEL Software Collections (SCL), you can also use `apache::version::scl_httpd_version`.", "types": ["Any"], "name": "apache_name"}, {"tag_name": "param", "text": "The name of the error log file for the main server instance. If the string starts with\n`/`, `|`, or `syslog`: the full path is set. Otherwise, the filename is prefixed with\n`$logroot`.", "types": ["Any"], "name": "error_log"}, {"tag_name": "param", "text": "Directory to use for global script alias", "types": ["Any"], "name": "scriptalias"}, {"tag_name": "param", "text": "The name of the access log file for the main server instance.", "types": ["Any"], "name": "access_log_file"}, {"tag_name": "param", "text": "The `limitreqfields` parameter sets the maximum number of request header fields in\nan HTTP request. This directive gives the server administrator greater control over\nabnormal client request behavior, which may be useful for avoiding some forms of\ndenial-of-service attacks. The value should be increased if normal clients see an error\nresponse from the server that indicates too many fields were sent in the request.", "types": ["Any"], "name": "limitreqfields"}, {"tag_name": "param", "text": "The `limitreqfieldsize` parameter sets the maximum ammount of _bytes_ that will\nbe allowed within a request header.", "types": ["Any"], "name": "limitreqfieldsize"}, {"tag_name": "param", "text": "Specifies the ip address", "types": ["Any"], "name": "ip"}, {"tag_name": "param", "text": "Removes all other Apache configs and virtual hosts.<br />\n> **Note**: This parameter is deprecated in favor of the `purge_config` parameter.<br />", "types": ["Any"], "name": "purge_vdir"}, {"tag_name": "param", "text": "Whether the additional config files in `/etc/apache2/conf-enabled` should be managed.", "types": ["Any"], "name": "conf_enabled"}, {"tag_name": "param", "text": "Set's whether the vhost definitions will be stored in sites-availible and if\nthey will be symlinked to and from sites-enabled.", "types": ["Any"], "name": "vhost_enable_dir"}, {"tag_name": "param", "text": "Set's whether the mods-enabled directory should be managed.", "types": ["Any"], "name": "mod_enable_dir"}, {"tag_name": "param", "text": "This parameter allows you to set an ssl.conf file to be managed in order to implement\nan SSL Certificate.", "types": ["Any"], "name": "ssl_file"}, {"tag_name": "param", "text": "Sets the server default for the `FileETag` declaration, which modifies the response header\nfield for static files.", "types": ["Any"], "name": "file_e_tag"}, {"tag_name": "param", "text": "Specifies whether Apache uses the `IncludeOptional` directive instead of `Include` for\n`additional_includes` in Apache 2.4 or newer.", "types": ["Boolean"], "name": "use_optional_includes"}, {"tag_name": "param", "text": "Specifies any idditional Internet media (mime) types that you wish to be configured.", "types": ["Any"], "name": "mime_types_additional"}, {"tag_name": "summary", "text": "Guides the basic setup and installation of Apache on your system."}]}, "defaults": {"apache_name": "$apache::params::apache_name", "service_name": "$apache::params::service_name", "default_mods": "true", "default_vhost": "true", "default_charset": "undef", "default_confd_files": "true", "default_ssl_vhost": "false", "default_ssl_cert": "$apache::params::default_ssl_cert", "default_ssl_key": "$apache::params::default_ssl_key", "default_ssl_chain": "undef", "default_ssl_ca": "undef", "default_ssl_crl_path": "undef", "default_ssl_crl": "undef", "default_ssl_crl_check": "undef", "default_ssl_reload_on_change": "false", "default_type": "'none'", "dev_packages": "$apache::params::dev_packages", "ip": "undef", "service_enable": "true", "service_manage": "true", "service_ensure": "'running'", "service_restart": "undef", "purge_configs": "true", "purge_vhost_dir": "undef", "purge_vdir": "false", "serveradmin": "'root@localhost'", "sendfile": "'On'", "ldap_verify_server_cert": "undef", "ldap_trusted_mode": "undef", "error_documents": "false", "timeout": "'60'", "httpd_dir": "$apache::params::httpd_dir", "server_root": "$apache::params::server_root", "conf_dir": "$apache::params::conf_dir", "confd_dir": "$apache::params::confd_dir", "hostname_lookups": "$apache::params::hostname_lookups", "conf_enabled": "$apache::params::conf_enabled", "vhost_dir": "$apache::params::vhost_dir", "vhost_enable_dir": "$apache::params::vhost_enable_dir", "mod_libs": "$apache::params::mod_libs", "mod_packages": "$apache::params::mod_packages", "vhost_include_pattern": "$apache::params::vhost_include_pattern", "mod_dir": "$apache::params::mod_dir", "mod_enable_dir": "$apache::params::mod_enable_dir", "mpm_module": "$apache::params::mpm_module", "lib_path": "$apache::params::lib_path", "conf_template": "$apache::params::conf_template", "servername": "$apache::params::servername", "pidfile": "$apache::params::pidfile", "rewrite_lock": "undef", "manage_user": "true", "manage_group": "true", "user": "$apache::params::user", "group": "$apache::params::group", "http_protocol_options": "$apache::params::http_protocol_options", "supplementary_groups": "[]", "keepalive": "$apache::params::keepalive", "keepalive_timeout": "$apache::params::keepalive_timeout", "max_keepalive_requests": "$apache::params::max_keepalive_requests", "limitreqfieldsize": "'8190'", "limitreqfields": "'100'", "logroot": "$apache::params::logroot", "logroot_mode": "$apache::params::logroot_mode", "log_level": "$apache::params::log_level", "log_formats": "{}", "ssl_file": "undef", "ports_file": "$apache::params::ports_file", "docroot": "$apache::params::docroot", "apache_version": "$apache::version::default", "server_tokens": "'Prod'", "server_signature": "'On'", "trace_enable": "'On'", "allow_encoded_slashes": "undef", "file_e_tag": "undef", "use_canonical_name": "undef", "package_ensure": "'installed'", "use_optional_includes": "$apache::params::use_optional_includes", "use_systemd": "$apache::params::use_systemd", "mime_types_additional": "$apache::params::mime_types_additional", "file_mode": "$apache::params::file_mode", "root_directory_options": "$apache::params::root_directory_options", "root_directory_secured": "false", "error_log": "$apache::params::error_log", "scriptalias": "$apache::params::scriptalias", "access_log_file": "$apache::params::access_log_file", "protocols": "[]", "protocols_honor_order": "undef"}, "source": "class apache (\n $apache_name = $apache::params::apache_name,\n $service_name = $apache::params::service_name,\n $default_mods = true,\n Boolean $default_vhost = true,\n $default_charset = undef,\n Boolean $default_confd_files = true,\n Boolean $default_ssl_vhost = false,\n $default_ssl_cert = $apache::params::default_ssl_cert,\n $default_ssl_key = $apache::params::default_ssl_key,\n $default_ssl_chain = undef,\n $default_ssl_ca = undef,\n $default_ssl_crl_path = undef,\n $default_ssl_crl = undef,\n $default_ssl_crl_check = undef,\n Boolean $default_ssl_reload_on_change = false,\n $default_type = 'none',\n $dev_packages = $apache::params::dev_packages,\n $ip = undef,\n Boolean $service_enable = true,\n Boolean $service_manage = true,\n $service_ensure = 'running',\n $service_restart = undef,\n $purge_configs = true,\n $purge_vhost_dir = undef,\n $purge_vdir = false,\n $serveradmin = 'root@localhost',\n Enum['On', 'Off', 'on', 'off'] $sendfile = 'On',\n $ldap_verify_server_cert = undef,\n $ldap_trusted_mode = undef,\n $error_documents = false,\n $timeout = '60',\n $httpd_dir = $apache::params::httpd_dir,\n $server_root = $apache::params::server_root,\n $conf_dir = $apache::params::conf_dir,\n $confd_dir = $apache::params::confd_dir,\n Enum['Off', 'On', 'Double', 'off', 'on', 'double'] $hostname_lookups = $apache::params::hostname_lookups,\n $conf_enabled = $apache::params::conf_enabled,\n $vhost_dir = $apache::params::vhost_dir,\n $vhost_enable_dir = $apache::params::vhost_enable_dir,\n $mod_libs = $apache::params::mod_libs,\n $mod_packages = $apache::params::mod_packages,\n $vhost_include_pattern = $apache::params::vhost_include_pattern,\n $mod_dir = $apache::params::mod_dir,\n $mod_enable_dir = $apache::params::mod_enable_dir,\n $mpm_module = $apache::params::mpm_module,\n $lib_path = $apache::params::lib_path,\n $conf_template = $apache::params::conf_template,\n $servername = $apache::params::servername,\n $pidfile = $apache::params::pidfile,\n Optional[Stdlib::Absolutepath] $rewrite_lock = undef,\n Boolean $manage_user = true,\n Boolean $manage_group = true,\n $user = $apache::params::user,\n $group = $apache::params::group,\n $http_protocol_options = $apache::params::http_protocol_options,\n $supplementary_groups = [],\n $keepalive = $apache::params::keepalive,\n $keepalive_timeout = $apache::params::keepalive_timeout,\n $max_keepalive_requests = $apache::params::max_keepalive_requests,\n $limitreqfieldsize = '8190',\n $limitreqfields = '100',\n $logroot = $apache::params::logroot,\n $logroot_mode = $apache::params::logroot_mode,\n Apache::LogLevel $log_level = $apache::params::log_level,\n $log_formats = {},\n $ssl_file = undef,\n $ports_file = $apache::params::ports_file,\n $docroot = $apache::params::docroot,\n $apache_version = $apache::version::default,\n $server_tokens = 'Prod',\n $server_signature = 'On',\n $trace_enable = 'On',\n Optional[Enum['on', 'off', 'nodecode']] $allow_encoded_slashes = undef,\n $file_e_tag = undef,\n Optional[Enum['On', 'on', 'Off', 'off', 'DNS', 'dns']]\n $use_canonical_name = undef,\n $package_ensure = 'installed',\n Boolean $use_optional_includes = $apache::params::use_optional_includes,\n $use_systemd = $apache::params::use_systemd,\n $mime_types_additional = $apache::params::mime_types_additional,\n $file_mode = $apache::params::file_mode,\n $root_directory_options = $apache::params::root_directory_options,\n Boolean $root_directory_secured = false,\n $error_log = $apache::params::error_log,\n $scriptalias = $apache::params::scriptalias,\n $access_log_file = $apache::params::access_log_file,\n Array[Enum['h2', 'h2c', 'http/1.1']] $protocols = [],\n Optional[Boolean] $protocols_honor_order = undef,\n) inherits ::apache::params {\n $valid_mpms_re = $apache_version ? {\n '2.4' => '(event|itk|peruser|prefork|worker)',\n default => '(event|itk|prefork|worker)'\n }\n\n if $::osfamily == 'RedHat' and $facts['operatingsystemmajrelease'] == '7' {\n # On redhat 7 the ssl.conf lives in /etc/httpd/conf.d (the confd_dir)\n # when all other module configs live in /etc/httpd/conf.modules.d (the\n # mod_dir). On all other platforms and versions, ssl.conf lives in the\n # mod_dir. This should maintain the expected location of ssl.conf\n $_ssl_file = $ssl_file ? {\n undef => \"${apache::confd_dir}/ssl.conf\",\n default => $ssl_file\n }\n } else {\n $_ssl_file = $ssl_file ? {\n undef => \"${apache::mod_dir}/ssl.conf\",\n default => $ssl_file\n }\n }\n\n if $mpm_module and $mpm_module != 'false' { # lint:ignore:quoted_booleans\n assert_type(Pattern[$valid_mpms_re], $mpm_module)\n }\n\n # NOTE: on FreeBSD it's mpm module's responsibility to install httpd package.\n # NOTE: the same strategy may be introduced for other OSes. For this, you\n # should delete the 'if' block below and modify all MPM modules' manifests\n # such that they include apache::package class (currently event.pp, itk.pp,\n # peruser.pp, prefork.pp, worker.pp).\n if $::osfamily != 'FreeBSD' {\n package { 'httpd':\n ensure => $package_ensure,\n name => $apache_name,\n notify => Class['Apache::Service'],\n }\n }\n\n # declare the web server user and group\n # Note: requiring the package means the package ought to create them and not puppet\n if $manage_user {\n user { $user:\n ensure => present,\n gid => $group,\n groups => $supplementary_groups,\n require => Package['httpd'],\n }\n }\n if $manage_group {\n group { $group:\n ensure => present,\n require => Package['httpd'],\n }\n }\n\n class { 'apache::service':\n service_name => $service_name,\n service_enable => $service_enable,\n service_manage => $service_manage,\n service_ensure => $service_ensure,\n service_restart => $service_restart,\n }\n\n # Deprecated backwards-compatibility\n if $purge_vdir {\n warning('Class[\\'apache\\'] parameter purge_vdir is deprecated in favor of purge_configs')\n $purge_confd = $purge_vdir\n } else {\n $purge_confd = $purge_configs\n }\n\n # Set purge vhostd appropriately\n if $purge_vhost_dir == undef {\n $purge_vhostd = $purge_confd\n } else {\n $purge_vhostd = $purge_vhost_dir\n }\n\n Exec {\n path => '/bin:/sbin:/usr/bin:/usr/sbin',\n }\n\n exec { \"mkdir ${confd_dir}\":\n creates => $confd_dir,\n require => Package['httpd'],\n }\n file { $confd_dir:\n ensure => directory,\n recurse => true,\n purge => $purge_confd,\n force => $purge_confd,\n notify => Class['Apache::Service'],\n require => Package['httpd'],\n }\n\n if $conf_enabled and ! defined(File[$conf_enabled]) {\n file { $conf_enabled:\n ensure => directory,\n recurse => true,\n purge => $purge_confd,\n force => $purge_confd,\n notify => Class['Apache::Service'],\n require => Package['httpd'],\n }\n }\n\n if ! defined(File[$mod_dir]) {\n exec { \"mkdir ${mod_dir}\":\n creates => $mod_dir,\n require => Package['httpd'],\n }\n # Don't purge available modules if an enable dir is used\n $purge_mod_dir = $purge_configs and !$mod_enable_dir\n file { $mod_dir:\n ensure => directory,\n recurse => true,\n purge => $purge_mod_dir,\n notify => Class['Apache::Service'],\n require => Package['httpd'],\n before => Anchor['::apache::modules_set_up'],\n }\n }\n\n if $mod_enable_dir and ! defined(File[$mod_enable_dir]) {\n $mod_load_dir = $mod_enable_dir\n exec { \"mkdir ${mod_enable_dir}\":\n creates => $mod_enable_dir,\n require => Package['httpd'],\n }\n file { $mod_enable_dir:\n ensure => directory,\n recurse => true,\n purge => $purge_configs,\n notify => Class['Apache::Service'],\n require => Package['httpd'],\n }\n } else {\n $mod_load_dir = $mod_dir\n }\n\n if ! defined(File[$vhost_dir]) {\n exec { \"mkdir ${vhost_dir}\":\n creates => $vhost_dir,\n require => Package['httpd'],\n }\n file { $vhost_dir:\n ensure => directory,\n recurse => true,\n purge => $purge_vhostd,\n notify => Class['Apache::Service'],\n require => Package['httpd'],\n }\n }\n\n if $vhost_enable_dir and ! defined(File[$vhost_enable_dir]) {\n $vhost_load_dir = $vhost_enable_dir\n exec { \"mkdir ${vhost_load_dir}\":\n creates => $vhost_load_dir,\n require => Package['httpd'],\n }\n file { $vhost_enable_dir:\n ensure => directory,\n recurse => true,\n purge => $purge_vhostd,\n notify => Class['Apache::Service'],\n require => Package['httpd'],\n }\n } else {\n $vhost_load_dir = $vhost_dir\n }\n\n concat { $ports_file:\n ensure => present,\n owner => 'root',\n group => $apache::params::root_group,\n mode => $apache::file_mode,\n notify => Class['Apache::Service'],\n require => Package['httpd'],\n }\n concat::fragment { 'Apache ports header':\n target => $ports_file,\n content => template('apache/ports_header.erb'),\n }\n\n if $apache::conf_dir and $apache::params::conf_file {\n if $::osfamily == 'gentoo' {\n $error_documents_path = '/usr/share/apache2/error'\n if $default_mods =~ Array {\n if versioncmp($apache_version, '2.4') >= 0 {\n if defined('apache::mod::ssl') {\n ::portage::makeconf { 'apache2_modules':\n content => concat($default_mods, ['authz_core', 'socache_shmcb']),\n }\n } else {\n ::portage::makeconf { 'apache2_modules':\n content => concat($default_mods, 'authz_core'),\n }\n }\n } else {\n ::portage::makeconf { 'apache2_modules':\n content => $default_mods,\n }\n }\n }\n\n file { [\n '/etc/apache2/modules.d/.keep_www-servers_apache-2',\n '/etc/apache2/vhosts.d/.keep_www-servers_apache-2',\n ]:\n ensure => absent,\n require => Package['httpd'],\n }\n }\n\n $apxs_workaround = $::osfamily ? {\n 'freebsd' => true,\n default => false\n }\n\n # Template uses:\n # - $pidfile\n # - $user\n # - $group\n # - $logroot\n # - $error_log\n # - $sendfile\n # - $mod_dir\n # - $ports_file\n # - $confd_dir\n # - $vhost_dir\n # - $error_documents\n # - $error_documents_path\n # - $apxs_workaround\n # - $http_protocol_options\n # - $keepalive\n # - $keepalive_timeout\n # - $max_keepalive_requests\n # - $server_root\n # - $server_tokens\n # - $server_signature\n # - $trace_enable\n # - $rewrite_lock\n # - $root_directory_secured\n file { \"${apache::conf_dir}/${apache::params::conf_file}\":\n ensure => file,\n mode => $apache::file_mode,\n content => template($conf_template),\n notify => Class['Apache::Service'],\n require => [Package['httpd'], Concat[$ports_file]],\n }\n\n # preserve back-wards compatibility to the times when default_mods was\n # only a boolean value. Now it can be an array (too)\n if $default_mods =~ Array {\n class { 'apache::default_mods':\n all => false,\n mods => $default_mods,\n }\n } else {\n class { 'apache::default_mods':\n all => $default_mods,\n }\n }\n class { 'apache::default_confd_files':\n all => $default_confd_files,\n }\n if $mpm_module and $mpm_module != 'false' { # lint:ignore:quoted_booleans\n include \"::apache::mod::${mpm_module}\"\n }\n\n $default_vhost_ensure = $default_vhost ? {\n true => 'present',\n false => 'absent'\n }\n $default_ssl_vhost_ensure = $default_ssl_vhost ? {\n true => 'present',\n false => 'absent'\n }\n\n ::apache::vhost { 'default':\n ensure => $default_vhost_ensure,\n port => '80',\n docroot => $docroot,\n scriptalias => $scriptalias,\n serveradmin => $serveradmin,\n access_log_file => $access_log_file,\n priority => '15',\n ip => $ip,\n logroot_mode => $logroot_mode,\n manage_docroot => $default_vhost,\n use_servername_for_filenames => true,\n use_port_for_filenames => true,\n }\n $ssl_access_log_file = $::osfamily ? {\n 'freebsd' => $access_log_file,\n default => \"ssl_${access_log_file}\",\n }\n ::apache::vhost { 'default-ssl':\n ensure => $default_ssl_vhost_ensure,\n port => '443',\n ssl => true,\n docroot => $docroot,\n scriptalias => $scriptalias,\n serveradmin => $serveradmin,\n access_log_file => $ssl_access_log_file,\n priority => '15',\n ip => $ip,\n logroot_mode => $logroot_mode,\n manage_docroot => $default_ssl_vhost,\n use_servername_for_filenames => true,\n use_port_for_filenames => true,\n }\n }\n\n # This anchor can be used as a reference point for things that need to happen *after*\n # all modules have been put in place.\n anchor { '::apache::modules_set_up': }\n}"}, {"name": "apache::confd::no_accf", "file": "manifests/confd/no_accf.pp", "line": 5, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "summary", "text": "Manages the `no-accf.conf` file."}]}, "source": "class apache::confd::no_accf {\n # Template uses no variables\n file { 'no-accf.conf':\n ensure => 'file',\n path => \"${apache::confd_dir}/no-accf.conf\",\n content => template('apache/confd/no-accf.conf.erb'),\n require => Exec[\"mkdir ${apache::confd_dir}\"],\n before => File[$apache::confd_dir],\n }\n}"}, {"name": "apache::default_confd_files", "file": "manifests/default_confd_files.pp", "line": 5, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "all"}, {"tag_name": "summary", "text": "Helper for setting up default conf.d files."}]}, "defaults": {"all": "true"}, "source": "class apache::default_confd_files (\n $all = true,\n) {\n # The rest of the conf.d/* files only get loaded if we want them\n if $all {\n case $::osfamily {\n 'freebsd': {\n include apache::confd::no_accf\n }\n default: {\n # do nothing\n }\n }\n }\n}"}, {"name": "apache::default_mods", "file": "manifests/default_mods.pp", "line": 5, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "all"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "mods"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "apache_version"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "use_systemd"}, {"tag_name": "summary", "text": "Installs and congfigures default mods for Apache"}]}, "defaults": {"all": "true", "mods": "undef", "apache_version": "$apache::apache_version", "use_systemd": "$apache::use_systemd"}, "source": "class apache::default_mods (\n $all = true,\n $mods = undef,\n $apache_version = $apache::apache_version,\n $use_systemd = $apache::use_systemd,\n) {\n # These are modules required to run the default configuration.\n # They are not configurable at this time, so we just include\n # them to make sure it works.\n case $::osfamily {\n 'redhat': {\n ::apache::mod { 'log_config': }\n if versioncmp($apache_version, '2.4') >= 0 {\n # Lets fork it\n # Do not try to load mod_systemd on RHEL/CentOS 6 SCL.\n if ( !($::osfamily == 'redhat' and versioncmp($::operatingsystemmajrelease, '7') == -1) and !($::operatingsystem == 'Amazon') ) {\n if ($use_systemd) {\n ::apache::mod { 'systemd': }\n }\n }\n if ($::operatingsystem == 'Amazon' and $::operatingsystemrelease == '2') {\n ::apache::mod { 'systemd': }\n }\n ::apache::mod { 'unixd': }\n }\n }\n 'freebsd': {\n ::apache::mod { 'log_config': }\n ::apache::mod { 'unixd': }\n }\n 'Suse': {\n ::apache::mod { 'log_config': }\n }\n default: {}\n }\n case $::osfamily {\n 'gentoo': {}\n default: {\n ::apache::mod { 'authz_host': }\n }\n }\n # The rest of the modules only get loaded if we want all modules enabled\n if $all {\n case $::osfamily {\n 'debian': {\n include apache::mod::authn_core\n include apache::mod::reqtimeout\n if versioncmp($apache_version, '2.4') < 0 {\n ::apache::mod { 'authn_alias': }\n }\n }\n 'redhat': {\n include apache::mod::actions\n include apache::mod::authn_core\n include apache::mod::cache\n include apache::mod::ext_filter\n include apache::mod::mime\n include apache::mod::mime_magic\n include apache::mod::rewrite\n include apache::mod::speling\n include apache::mod::suexec\n include apache::mod::version\n include apache::mod::vhost_alias\n ::apache::mod { 'auth_digest': }\n ::apache::mod { 'authn_anon': }\n ::apache::mod { 'authn_dbm': }\n ::apache::mod { 'authz_dbm': }\n ::apache::mod { 'authz_owner': }\n ::apache::mod { 'expires': }\n ::apache::mod { 'include': }\n ::apache::mod { 'logio': }\n ::apache::mod { 'substitute': }\n ::apache::mod { 'usertrack': }\n\n if versioncmp($apache_version, '2.4') < 0 {\n ::apache::mod { 'authn_alias': }\n ::apache::mod { 'authn_default': }\n }\n }\n 'freebsd': {\n include apache::mod::actions\n include apache::mod::authn_core\n include apache::mod::cache\n include apache::mod::disk_cache\n include apache::mod::headers\n include apache::mod::info\n include apache::mod::mime_magic\n include apache::mod::reqtimeout\n include apache::mod::rewrite\n include apache::mod::userdir\n include apache::mod::version\n include apache::mod::vhost_alias\n include apache::mod::speling\n include apache::mod::filter\n\n ::apache::mod { 'asis': }\n ::apache::mod { 'auth_digest': }\n ::apache::mod { 'auth_form': }\n ::apache::mod { 'authn_anon': }\n ::apache::mod { 'authn_dbm': }\n ::apache::mod { 'authn_socache': }\n ::apache::mod { 'authz_dbd': }\n ::apache::mod { 'authz_dbm': }\n ::apache::mod { 'authz_owner': }\n ::apache::mod { 'dumpio': }\n ::apache::mod { 'expires': }\n ::apache::mod { 'file_cache': }\n ::apache::mod { 'imagemap': }\n ::apache::mod { 'include': }\n ::apache::mod { 'logio': }\n ::apache::mod { 'request': }\n ::apache::mod { 'session': }\n ::apache::mod { 'unique_id': }\n }\n default: {}\n }\n case $apache::mpm_module {\n 'prefork': {\n include apache::mod::cgi\n }\n 'worker': {\n include apache::mod::cgid\n }\n default: {\n # do nothing\n }\n }\n include apache::mod::alias\n include apache::mod::authn_file\n include apache::mod::autoindex\n include apache::mod::dav\n include apache::mod::dav_fs\n include apache::mod::deflate\n include apache::mod::dir\n include apache::mod::mime\n include apache::mod::negotiation\n include apache::mod::setenvif\n ::apache::mod { 'auth_basic': }\n\n if versioncmp($apache_version, '2.4') >= 0 {\n # filter is needed by mod_deflate\n include apache::mod::filter\n\n # authz_core is needed for 'Require' directive\n ::apache::mod { 'authz_core':\n id => 'authz_core_module',\n }\n\n # lots of stuff seems to break without access_compat\n ::apache::mod { 'access_compat': }\n } else {\n include apache::mod::authz_default\n }\n\n include apache::mod::authz_user\n\n ::apache::mod { 'authz_groupfile': }\n include apache::mod::env\n } elsif $mods {\n ::apache::default_mods::load { $mods: }\n\n if versioncmp($apache_version, '2.4') >= 0 {\n # authz_core is needed for 'Require' directive\n ::apache::mod { 'authz_core':\n id => 'authz_core_module',\n }\n\n # filter is needed by mod_deflate\n include apache::mod::filter\n }\n } else {\n if versioncmp($apache_version, '2.4') >= 0 {\n # authz_core is needed for 'Require' directive\n ::apache::mod { 'authz_core':\n id => 'authz_core_module',\n }\n\n # filter is needed by mod_deflate\n include apache::mod::filter\n }\n }\n}"}, {"name": "apache::dev", "file": "manifests/dev.pp", "line": 10, "docstring": {"text": "The libraries installed depends on the `dev_packages` parameter of the `apache::params`\nclass, based on your operating system:\n- **Debian** : `libaprutil1-dev`, `libapr1-dev`; `apache2-dev`\n- **FreeBSD**: `undef`; on FreeBSD, you must declare the `apache::package` or `apache` classes before declaring `apache::dev`.\n- **Gentoo**: `undef`.\n- **Red Hat**: `httpd-devel`.", "tags": [{"tag_name": "summary", "text": "Installs Apache development libraries."}]}, "source": "class apache::dev {\n if ! defined(Class['apache']) {\n fail('You must include the apache base class before using any apache defined resources')\n }\n\n $packages = $apache::dev_packages\n if $packages { # FreeBSD doesn't have dev packages to install\n package { $packages:\n ensure => present,\n require => Package['httpd'],\n }\n }\n}"}, {"name": "apache::mod::actions", "file": "manifests/mod/actions.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_actions.html"}, {"tag_name": "summary", "text": "Installs Apache mod_actions"}]}, "source": "class apache::mod::actions {\n apache::mod { 'actions': }\n}"}, {"name": "apache::mod::alias", "file": "manifests/mod/alias.pp", "line": 23, "inherits": "::apache::params", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The version of Apache, if not set will be retrieved from the init class.", "types": ["Any"], "name": "apache_version"}, {"tag_name": "param", "text": "Disables directory listings for the icons directory, via Apache [Options](https://httpd.apache.org/docs/current/mod/core.html#options)\ndirective.", "types": ["Any"], "name": "icons_options"}, {"tag_name": "param", "text": "Sets the local path for an /icons/ Alias. Default depends on operating system:\n- Debian: /usr/share/apache2/icons\n- FreeBSD: /usr/local/www/apache24/icons\n- Gentoo: /var/www/icons\n- Red Hat: /var/www/icons, except on Apache 2.4, where it's /usr/share/httpd/icons", "types": ["Any"], "name": "icons_path"}, {"tag_name": "param", "text": "Change the alias for /icons/.", "name": "icons_path"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "icons_prefix"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_alias.html"}, {"tag_name": "summary", "text": "Installs and configures `mod_alias`."}]}, "defaults": {"apache_version": "undef", "icons_options": "'Indexes MultiViews'", "icons_path": "$apache::params::alias_icons_path", "icons_prefix": "$apache::params::icons_prefix"}, "source": "class apache::mod::alias (\n $apache_version = undef,\n $icons_options = 'Indexes MultiViews',\n # set icons_path to false to disable the alias\n $icons_path = $apache::params::alias_icons_path,\n $icons_prefix = $apache::params::icons_prefix\n) inherits ::apache::params {\n include apache\n $_apache_version = pick($apache_version, $apache::apache_version)\n apache::mod { 'alias': }\n\n # Template uses $icons_path, $_apache_version\n if $icons_path {\n file { 'alias.conf':\n ensure => file,\n path => \"${apache::mod_dir}/alias.conf\",\n mode => $apache::file_mode,\n content => template('apache/mod/alias.conf.erb'),\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n }\n}"}, {"name": "apache::mod::apreq2", "file": "manifests/mod/apreq2.pp", "line": 7, "docstring": {"text": "", "tags": [{"tag_name": "note", "text": "Unsupported platforms: CentOS: all; Debian: 8; OracleLinux: all; RedHat: all; Scientific: all; SLES: all; Ubuntu: all"}, {"tag_name": "see", "text": "for additional documentation.", "name": "http://httpd.apache.org/apreq/docs/libapreq2/group__mod__apreq2.html"}, {"tag_name": "summary", "text": "Installs `mod_apreq2`."}]}, "source": "class apache::mod::apreq2 {\n ::apache::mod { 'apreq2':\n id => 'apreq_module',\n }\n}"}, {"name": "apache::mod::auth_basic", "file": "manifests/mod/auth_basic.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_auth_basic.html"}, {"tag_name": "summary", "text": "Installs `mod_auth_basic`"}]}, "source": "class apache::mod::auth_basic {\n ::apache::mod { 'auth_basic': }\n}"}, {"name": "apache::mod::auth_cas", "file": "manifests/mod/auth_cas.pp", "line": 84, "inherits": "::apache::params", "docstring": {"text": "", "tags": [{"tag_name": "note", "text": "The auth_cas module isn't available on RH/CentOS without providing dependency packages provided by EPEL."}, {"tag_name": "param", "text": "Sets the URL to which the module redirects users when they attempt to access a\nCAS-protected resource and don't have an active session.", "types": ["String"], "name": "cas_login_url"}, {"tag_name": "param", "text": "Sets the URL to use when validating a client-presented ticket in an HTTP query string.", "types": ["String"], "name": "cas_validate_url"}, {"tag_name": "param", "text": "Sets the location where information on the current session should be stored. This should\nbe writable by the web server only.", "types": ["String"], "name": "cas_cookie_path"}, {"tag_name": "param", "text": "The mode of cas_cookie_path.", "types": ["Any"], "name": "cas_cookie_path_mode"}, {"tag_name": "param", "text": "The version of the CAS protocol to adhere to.", "types": ["Any"], "name": "cas_version"}, {"tag_name": "param", "text": "Whether to enable or disable debug mode.", "types": ["Any"], "name": "cas_debug"}, {"tag_name": "param", "text": "Whether to validate the presented certificate. This has been deprecated and\nremoved from Version 1.1-RC1 onward.", "types": ["Any"], "name": "cas_validate_server"}, {"tag_name": "param", "text": "The maximum depth for chained certificate validation.", "name": "cas_validatedepth"}, {"tag_name": "param", "text": "The URL to use when performing a proxy validation.", "types": ["Any"], "name": "cas_proxy_validate_url"}, {"tag_name": "param", "text": "Sets the URL end users see when access to this Apache server is proxied per vhost.\nThis URL should not include a trailing slash.", "types": ["Any"], "name": "cas_root_proxied_as"}, {"tag_name": "param", "text": "When creating a local session, this many random bytes are used to create a unique\nsession identifier.", "types": ["Any"], "name": "cas_cookie_entropy"}, {"tag_name": "param", "text": "The hard limit, in seconds, for a mod_auth_cas session.", "types": ["Any"], "name": "cas_timeout"}, {"tag_name": "param", "text": "The limit, in seconds, of how long a mod_auth_cas session can be idle.", "types": ["Any"], "name": "cas_idle_timeout"}, {"tag_name": "param", "text": "The minimum amount of time that must pass inbetween cache cleanings.", "types": ["Any"], "name": "cas_cache_clean_interval"}, {"tag_name": "param", "text": "The value for the 'Domain=' parameter in the Set-Cookie header.", "types": ["Any"], "name": "cas_cookie_domain"}, {"tag_name": "param", "text": "Setting this flag prevents the mod_auth_cas cookies from being accessed by\nclient side Javascript.", "types": ["Any"], "name": "cas_cookie_http_only"}, {"tag_name": "param", "text": "Determines whether an optional authorization directive is authoritative and thus binding.", "types": ["Any"], "name": "cas_authoritative"}, {"tag_name": "param", "text": "Parse response from CAS server for SAML.", "types": ["Any"], "name": "cas_validate_saml"}, {"tag_name": "param", "text": "Enables experimental support for single sign out (may mangle POST data).", "types": ["Any"], "name": "cas_sso_enabled"}, {"tag_name": "param", "text": "Adds a header with the value of this header being the attribute values when SAML\nvalidation is enabled.", "types": ["Any"], "name": "cas_attribute_prefix"}, {"tag_name": "param", "text": "Sets the delimiter between attribute values in the header created by `cas_attribute_prefix`.", "types": ["Any"], "name": "cas_attribute_delimiter"}, {"tag_name": "param", "text": "Remove inbound request headers that may have special meaning within mod_auth_cas.", "types": ["Any"], "name": "cas_scrub_request_headers"}, {"tag_name": "param", "text": "Suppress warning about being on RedHat (mod_auth_cas package is now available in epel-testing repo).", "types": ["Any"], "name": "suppress_warning"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "cas_validate_depth"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "cas_certificate_path"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://github.com/apereo/mod_auth_cas"}, {"tag_name": "summary", "text": "Installs and configures `mod_auth_cas`."}]}, "defaults": {"cas_cookie_path": "$apache::params::cas_cookie_path", "cas_cookie_path_mode": "'0750'", "cas_version": "2", "cas_debug": "'Off'", "cas_validate_server": "undef", "cas_validate_depth": "undef", "cas_certificate_path": "undef", "cas_proxy_validate_url": "undef", "cas_root_proxied_as": "undef", "cas_cookie_entropy": "undef", "cas_timeout": "undef", "cas_idle_timeout": "undef", "cas_cache_clean_interval": "undef", "cas_cookie_domain": "undef", "cas_cookie_http_only": "undef", "cas_authoritative": "undef", "cas_validate_saml": "undef", "cas_sso_enabled": "undef", "cas_attribute_prefix": "undef", "cas_attribute_delimiter": "undef", "cas_scrub_request_headers": "undef", "suppress_warning": "false"}, "source": "class apache::mod::auth_cas (\n String $cas_login_url,\n String $cas_validate_url,\n String $cas_cookie_path = $apache::params::cas_cookie_path,\n $cas_cookie_path_mode = '0750',\n $cas_version = 2,\n $cas_debug = 'Off',\n $cas_validate_server = undef,\n $cas_validate_depth = undef,\n $cas_certificate_path = undef,\n $cas_proxy_validate_url = undef,\n $cas_root_proxied_as = undef,\n $cas_cookie_entropy = undef,\n $cas_timeout = undef,\n $cas_idle_timeout = undef,\n $cas_cache_clean_interval = undef,\n $cas_cookie_domain = undef,\n $cas_cookie_http_only = undef,\n $cas_authoritative = undef,\n $cas_validate_saml = undef,\n $cas_sso_enabled = undef,\n $cas_attribute_prefix = undef,\n $cas_attribute_delimiter = undef,\n $cas_scrub_request_headers = undef,\n $suppress_warning = false,\n) inherits ::apache::params {\n if $::osfamily == 'RedHat' and ! $suppress_warning {\n warning('RedHat distributions do not have Apache mod_auth_cas in their default package repositories.')\n }\n\n include apache\n ::apache::mod { 'auth_cas': }\n\n file { $cas_cookie_path:\n ensure => directory,\n before => File['auth_cas.conf'],\n mode => $cas_cookie_path_mode,\n owner => $apache::user,\n group => $apache::group,\n }\n\n # Template uses\n # - All variables beginning with cas_\n file { 'auth_cas.conf':\n ensure => file,\n path => \"${apache::mod_dir}/auth_cas.conf\",\n mode => $apache::file_mode,\n content => template('apache/mod/auth_cas.conf.erb'),\n require => [Exec[\"mkdir ${apache::mod_dir}\"],],\n before => File[$apache::mod_dir],\n notify => Class['Apache::Service'],\n }\n}"}, {"name": "apache::mod::auth_gssapi", "file": "manifests/mod/auth_gssapi.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "see", "text": "for additional documentation.", "name": "https://github.com/modauthgssapi/mod_auth_gssapi"}, {"tag_name": "summary", "text": "Installs `mod_auth_gsappi`."}]}, "source": "class apache::mod::auth_gssapi {\n include apache\n include apache::mod::authn_core\n apache::mod { 'auth_gssapi': }\n}"}, {"name": "apache::mod::auth_kerb", "file": "manifests/mod/auth_kerb.pp", "line": 5, "docstring": {"text": "", "tags": [{"tag_name": "see", "text": "for additional documentation.", "name": "http://modauthkerb.sourceforge.net"}, {"tag_name": "summary", "text": "Installs `mod_auth_kerb`"}]}, "source": "class apache::mod::auth_kerb {\n include apache\n include apache::mod::authn_core\n ::apache::mod { 'auth_kerb': }\n}"}, {"name": "apache::mod::auth_mellon", "file": "manifests/mod/auth_mellon.pp", "line": 27, "inherits": "::apache::params", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Maximum number of sessions which can be active at once.", "types": ["Any"], "name": "mellon_cache_size"}, {"tag_name": "param", "text": "Full path to a file used for synchronizing access to the session data.", "types": ["Any"], "name": "mellon_lock_file"}, {"tag_name": "param", "text": "Full path of a directory where POST requests are saved during authentication.", "types": ["Any"], "name": "mellon_post_directory"}, {"tag_name": "param", "text": "Maximum size for a single session entry in bytes.", "types": ["Any"], "name": "mellon_cache_entry_size"}, {"tag_name": "param", "text": "Delay in seconds before a saved POST request can be flushed.", "types": ["Any"], "name": "mellon_post_ttl"}, {"tag_name": "param", "text": "Maximum size for saved POST requests.", "types": ["Any"], "name": "mellon_post_size"}, {"tag_name": "param", "text": "Maximum amount of saved POST requests.", "types": ["Any"], "name": "mellon_post_count"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://github.com/Uninett/mod_auth_mellon"}, {"tag_name": "summary", "text": "Installs and configures `mod_auth_mellon`."}]}, "defaults": {"mellon_cache_size": "$apache::params::mellon_cache_size", "mellon_lock_file": "$apache::params::mellon_lock_file", "mellon_post_directory": "$apache::params::mellon_post_directory", "mellon_cache_entry_size": "undef", "mellon_post_ttl": "undef", "mellon_post_size": "undef", "mellon_post_count": "undef"}, "source": "class apache::mod::auth_mellon (\n $mellon_cache_size = $apache::params::mellon_cache_size,\n $mellon_lock_file = $apache::params::mellon_lock_file,\n $mellon_post_directory = $apache::params::mellon_post_directory,\n $mellon_cache_entry_size = undef,\n $mellon_post_ttl = undef,\n $mellon_post_size = undef,\n $mellon_post_count = undef\n) inherits ::apache::params {\n include apache\n ::apache::mod { 'auth_mellon': }\n\n # Template uses\n # - All variables beginning with mellon_\n file { 'auth_mellon.conf':\n ensure => file,\n path => \"${apache::mod_dir}/auth_mellon.conf\",\n mode => $apache::file_mode,\n content => template('apache/mod/auth_mellon.conf.erb'),\n require => [Exec[\"mkdir ${apache::mod_dir}\"],],\n before => File[$apache::mod_dir],\n notify => Class['Apache::Service'],\n }\n}"}, {"name": "apache::mod::auth_openidc", "file": "manifests/mod/auth_openidc.pp", "line": 6, "inherits": "::apache::params", "docstring": {"text": "", "tags": [{"tag_name": "see", "text": "for additional documentation.", "name": "https://github.com/zmartzone/mod_auth_openidc"}, {"tag_name": "summary", "text": "Installs and configures `mod_auth_openidc`."}]}, "source": "class apache::mod::auth_openidc (\n) inherits ::apache::params {\n include apache\n include apache::mod::authz_user\n apache::mod { 'auth_openidc': }\n}"}, {"name": "apache::mod::authn_core", "file": "manifests/mod/authn_core.pp", "line": 9, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The version of apache being run.", "types": ["Any"], "name": "apache_version"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_authn_core.html"}, {"tag_name": "summary", "text": "Installs `mod_authn_core`."}]}, "defaults": {"apache_version": "$apache::apache_version"}, "source": "class apache::mod::authn_core (\n $apache_version = $apache::apache_version\n) {\n if versioncmp($apache_version, '2.4') >= 0 {\n ::apache::mod { 'authn_core': }\n }\n}"}, {"name": "apache::mod::authn_dbd", "file": "manifests/mod/authn_dbd.pp", "line": 30, "inherits": "::apache::params", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The params needed for the mod to function.", "types": ["Any"], "name": "authn_dbd_params"}, {"tag_name": "param", "text": "Selects an apr_dbd driver by name.", "types": ["Any"], "name": "authn_dbd_dbdriver"}, {"tag_name": "param", "types": ["Any"], "name": "authn_dbd_query"}, {"tag_name": "param", "text": "Set the minimum number of connections per process.", "types": ["Any"], "name": "authn_dbd_min"}, {"tag_name": "param", "text": "Set the maximum number of connections per process.", "types": ["Any"], "name": "authn_dbd_max"}, {"tag_name": "param", "text": "Set the maximum number of connections per process to be sustained.", "types": ["Any"], "name": "authn_dbd_keep"}, {"tag_name": "param", "text": "Set the time to keep idle connections alive when the number of\nconnections specified in DBDKeep has been exceeded.", "types": ["Any"], "name": "authn_dbd_exptime"}, {"tag_name": "param", "text": "Sets an alias for `AuthnProvider.", "types": ["Any"], "name": "authn_dbd_alias"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_authn_dbd.html"}, {"tag_name": "summary", "text": "Installs `mod_authn_dbd`."}]}, "defaults": {"authn_dbd_dbdriver": "'mysql'", "authn_dbd_query": "undef", "authn_dbd_min": "'4'", "authn_dbd_max": "'20'", "authn_dbd_keep": "'8'", "authn_dbd_exptime": "'300'", "authn_dbd_alias": "undef"}, "source": "class apache::mod::authn_dbd (\n $authn_dbd_params,\n $authn_dbd_dbdriver = 'mysql',\n $authn_dbd_query = undef,\n $authn_dbd_min = '4',\n $authn_dbd_max = '20',\n $authn_dbd_keep = '8',\n $authn_dbd_exptime = '300',\n $authn_dbd_alias = undef,\n) inherits ::apache::params {\n include apache\n include apache::mod::dbd\n ::apache::mod { 'authn_dbd': }\n\n if $authn_dbd_alias {\n include apache::mod::authn_core\n }\n\n # Template uses\n # - All variables beginning with authn_dbd\n file { 'authn_dbd.conf':\n ensure => file,\n path => \"${apache::mod_dir}/authn_dbd.conf\",\n mode => $apache::file_mode,\n content => template('apache/mod/authn_dbd.conf.erb'),\n require => [Exec[\"mkdir ${apache::mod_dir}\"],],\n before => File[$apache::mod_dir],\n notify => Class['Apache::Service'],\n }\n}"}, {"name": "apache::mod::authn_file", "file": "manifests/mod/authn_file.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/2.4/mod/mod_authn_file.html"}, {"tag_name": "summary", "text": "Installs `mod_authn_file`."}]}, "source": "class apache::mod::authn_file {\n ::apache::mod { 'authn_file': }\n}"}, {"name": "apache::mod::authnz_ldap", "file": "manifests/mod/authnz_ldap.pp", "line": 12, "docstring": {"text": "", "tags": [{"tag_name": "note", "text": "Unsupported platforms: RedHat: 6, 8; CentOS: 6, 8; OracleLinux: 6, 8; Ubuntu: all; Debian: all; SLES: all"}, {"tag_name": "param", "text": "Whether to force te verification of a server cert or not.", "types": ["Boolean"], "name": "verify_server_cert"}, {"tag_name": "param", "text": "The name of the ldap package.", "types": ["Any"], "name": "package_name"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html"}, {"tag_name": "summary", "text": "Installs `mod_authnz_ldap`."}]}, "defaults": {"verify_server_cert": "true", "package_name": "undef"}, "source": "class apache::mod::authnz_ldap (\n Boolean $verify_server_cert = true,\n $package_name = undef,\n) {\n include apache\n include 'apache::mod::ldap'\n ::apache::mod { 'authnz_ldap':\n package => $package_name,\n }\n\n # Template uses:\n # - $verify_server_cert\n file { 'authnz_ldap.conf':\n ensure => file,\n path => \"${apache::mod_dir}/authnz_ldap.conf\",\n mode => $apache::file_mode,\n content => template('apache/mod/authnz_ldap.conf.erb'),\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n}"}, {"name": "apache::mod::authnz_pam", "file": "manifests/mod/authnz_pam.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "see", "text": "for additional documentation.", "name": "https://www.adelton.com/apache/mod_authnz_pam"}, {"tag_name": "summary", "text": "Installs `mod_authnz_pam`."}]}, "source": "class apache::mod::authnz_pam {\n include apache\n ::apache::mod { 'authnz_pam': }\n}"}, {"name": "apache::mod::authz_default", "file": "manifests/mod/authz_default.pp", "line": 9, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Version of Apache to install module on.", "types": ["Any"], "name": "apache_version"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_authz_default.html"}, {"tag_name": "summary", "text": "Installs and configures `mod_authz_default`."}]}, "defaults": {"apache_version": "$apache::apache_version"}, "source": "class apache::mod::authz_default (\n $apache_version = $apache::apache_version\n) {\n if versioncmp($apache_version, '2.4') >= 0 {\n warning('apache::mod::authz_default has been removed in Apache 2.4')\n } else {\n ::apache::mod { 'authz_default': }\n }\n}"}, {"name": "apache::mod::authz_user", "file": "manifests/mod/authz_user.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_authz_user.html"}, {"tag_name": "summary", "text": "Installs `mod_authz_user`"}]}, "source": "class apache::mod::authz_user {\n ::apache::mod { 'authz_user': }\n}"}, {"name": "apache::mod::autoindex", "file": "manifests/mod/autoindex.pp", "line": 6, "inherits": "::apache::params", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "icons_prefix"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_autoindex.html"}, {"tag_name": "summary", "text": "Installs `mod_autoindex`"}]}, "defaults": {"icons_prefix": "$apache::params::icons_prefix"}, "source": "class apache::mod::autoindex (\n $icons_prefix = $apache::params::icons_prefix\n) inherits ::apache::params {\n include apache\n ::apache::mod { 'autoindex': }\n\n # Determine icon filename suffix for autoindex.conf.erb\n case $::operatingsystem {\n 'Debian', 'Ubuntu': {\n $icon_suffix = '-20x22'\n }\n default: {\n $icon_suffix = ''\n }\n }\n\n file { 'autoindex.conf':\n ensure => file,\n path => \"${apache::mod_dir}/autoindex.conf\",\n mode => $apache::file_mode,\n content => template('apache/mod/autoindex.conf.erb'),\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n}"}, {"name": "apache::mod::cache", "file": "manifests/mod/cache.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_cache.html"}, {"tag_name": "summary", "text": "Installs `mod_cache`"}]}, "source": "class apache::mod::cache {\n ::apache::mod { 'cache': }\n}"}, {"name": "apache::mod::cgi", "file": "manifests/mod/cgi.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_cgi.html"}, {"tag_name": "summary", "text": "Installs `mod_cgi`."}]}, "source": "class apache::mod::cgi {\n include apache\n case $::osfamily {\n 'FreeBSD': {}\n default: {\n if defined(Class['::apache::mod::itk']) {\n Class['::apache::mod::itk'] -> Class['::apache::mod::cgi']\n } elsif defined(Class['::apache::mod::peruser']) {\n Class['::apache::mod::peruser'] -> Class['::apache::mod::cgi']\n } else {\n Class['::apache::mod::prefork'] -> Class['::apache::mod::cgi']\n }\n }\n }\n\n if $::osfamily == 'Suse' {\n ::apache::mod { 'cgi':\n lib_path => '/usr/lib64/apache2-prefork',\n }\n } else {\n ::apache::mod { 'cgi': }\n }\n}"}, {"name": "apache::mod::cgid", "file": "manifests/mod/cgid.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "see", "name": "https://httpd.apache.org/docs/current/mod/mod_cgid.html"}, {"tag_name": "summary", "text": "Installs `mod_cgid`."}]}, "source": "class apache::mod::cgid {\n include apache\n case $::osfamily {\n 'FreeBSD': {}\n default: {\n if defined(Class['::apache::mod::event']) {\n Class['::apache::mod::event'] -> Class['::apache::mod::cgid']\n } else {\n Class['::apache::mod::worker'] -> Class['::apache::mod::cgid']\n }\n }\n }\n\n # Debian specifies it's cgid sock path, but RedHat uses the default value\n # with no config file\n $cgisock_path = $::osfamily ? {\n 'debian' => \"\\${APACHE_RUN_DIR}/cgisock\",\n 'freebsd' => 'cgisock',\n default => undef,\n }\n\n if $::osfamily == 'Suse' {\n ::apache::mod { 'cgid':\n lib_path => '/usr/lib64/apache2-worker',\n }\n } else {\n ::apache::mod { 'cgid': }\n }\n\n if $cgisock_path {\n # Template uses $cgisock_path\n file { 'cgid.conf':\n ensure => file,\n path => \"${apache::mod_dir}/cgid.conf\",\n mode => $apache::file_mode,\n content => template('apache/mod/cgid.conf.erb'),\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n }\n}"}, {"name": "apache::mod::cluster", "file": "manifests/mod/cluster.pp", "line": 51, "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "class { '::apache::mod::cluster':\n ip => '172.17.0.1',\n allowed_network => '172.17.0.',\n balancer_name => 'mycluster',\n version => '1.3.1'\n}", "name": ""}, {"tag_name": "note", "text": "There is no official package available for mod_cluster, so you must make it available outside of the apache module.\nBinaries can be found [here](https://modcluster.io/)."}, {"tag_name": "param", "text": "Balanced members network.", "types": ["Any"], "name": "allowed_network"}, {"tag_name": "param", "text": "Name of balancer.", "types": ["Any"], "name": "balancer_name"}, {"tag_name": "param", "text": "Specifies the IP address to listen to.", "types": ["Any"], "name": "ip"}, {"tag_name": "param", "text": "Specifies the mod_cluster version. Version 1.3.0 or greater is required for httpd 2.4.", "types": ["Any"], "name": "version"}, {"tag_name": "param", "text": "Whether MCPM should be enabled.", "types": ["Any"], "name": "enable_mcpm_receive"}, {"tag_name": "param", "text": "mod_cluster listen port.", "types": ["Any"], "name": "port"}, {"tag_name": "param", "text": "Specifies how long Apache should wait for a request, in seconds.", "types": ["Any"], "name": "keep_alive_timeout"}, {"tag_name": "param", "text": "Whether to allow the network to access the mod_cluster_manager.", "types": ["Any"], "name": "manager_allowed_network"}, {"tag_name": "param", "text": "Maximum number of requests kept alive.", "types": ["Any"], "name": "max_keep_alive_requests"}, {"tag_name": "param", "text": "Whether the server should advertise.", "types": ["Any"], "name": "server_advertise"}, {"tag_name": "param", "text": "Sets the interval between advertise messages in seconds.", "types": ["Any"], "name": "advertise_frequency"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://modcluster.io/"}, {"tag_name": "summary", "text": "Installs `mod_cluster`."}]}, "defaults": {"enable_mcpm_receive": "true", "port": "'6666'", "keep_alive_timeout": "60", "manager_allowed_network": "'127.0.0.1'", "max_keep_alive_requests": "0", "server_advertise": "true", "advertise_frequency": "undef"}, "source": "class apache::mod::cluster (\n $allowed_network,\n $balancer_name,\n $ip,\n $version,\n $enable_mcpm_receive = true,\n $port = '6666',\n $keep_alive_timeout = 60,\n $manager_allowed_network = '127.0.0.1',\n $max_keep_alive_requests = 0,\n $server_advertise = true,\n $advertise_frequency = undef,\n) {\n include apache\n\n ::apache::mod { 'proxy': }\n ::apache::mod { 'proxy_ajp': }\n ::apache::mod { 'manager': }\n ::apache::mod { 'proxy_cluster': }\n ::apache::mod { 'advertise': }\n\n if (versioncmp($version, '1.3.0') >= 0 ) {\n ::apache::mod { 'cluster_slotmem': }\n } else {\n ::apache::mod { 'slotmem': }\n }\n\n file { 'cluster.conf':\n ensure => file,\n path => \"${apache::mod_dir}/cluster.conf\",\n mode => $apache::file_mode,\n content => template('apache/mod/cluster.conf.erb'),\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n}"}, {"name": "apache::mod::data", "file": "manifests/mod/data.pp", "line": 9, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Version of Apache to install module on.", "types": ["Any"], "name": "apache_version"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_data.html"}, {"tag_name": "summary", "text": "Installs and configures `mod_data`."}]}, "defaults": {"apache_version": "undef"}, "source": "class apache::mod::data (\n $apache_version = undef,\n) {\n include apache\n $_apache_version = pick($apache_version, $apache::apache_version)\n if versioncmp($_apache_version, '2.3') < 0 {\n fail('mod_data is only available in Apache 2.3 and later')\n }\n ::apache::mod { 'data': }\n}"}, {"name": "apache::mod::dav", "file": "manifests/mod/dav.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_dav.html"}, {"tag_name": "summary", "text": "Installs `mod_dav`."}]}, "source": "class apache::mod::dav {\n ::apache::mod { 'dav': }\n}"}, {"name": "apache::mod::dav_fs", "file": "manifests/mod/dav_fs.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_dav_fs.html"}, {"tag_name": "summary", "text": "Installs `mod_dav_fs`."}]}, "source": "class apache::mod::dav_fs {\n include apache\n $dav_lock = $::osfamily ? {\n 'debian' => \"\\${APACHE_LOCK_DIR}/DAVLock\",\n 'freebsd' => '/usr/local/var/DavLock',\n default => '/var/lib/dav/lockdb',\n }\n\n Class['::apache::mod::dav'] -> Class['::apache::mod::dav_fs']\n ::apache::mod { 'dav_fs': }\n\n # Template uses: $dav_lock\n file { 'dav_fs.conf':\n ensure => file,\n path => \"${apache::mod_dir}/dav_fs.conf\",\n mode => $apache::file_mode,\n content => template('apache/mod/dav_fs.conf.erb'),\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n}"}, {"name": "apache::mod::dav_svn", "file": "manifests/mod/dav_svn.pp", "line": 9, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Specifies whether to install Apache mod_authz_svn", "types": ["Any"], "name": "authz_svn_enabled"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_dav_svn.html"}, {"tag_name": "summary", "text": "Installs and configures `mod_dav_svn`."}]}, "defaults": {"authz_svn_enabled": "false"}, "source": "class apache::mod::dav_svn (\n $authz_svn_enabled = false,\n) {\n Class['::apache::mod::dav'] -> Class['::apache::mod::dav_svn']\n include apache\n include apache::mod::dav\n if($::operatingsystem == 'SLES' and versioncmp($::operatingsystemmajrelease, '12') < 0) {\n package { 'subversion-server':\n ensure => 'installed',\n provider => 'zypper',\n }\n }\n\n ::apache::mod { 'dav_svn': }\n\n if $authz_svn_enabled {\n ::apache::mod { 'authz_svn':\n # authz_svn depends on symbols from the dav_svn module,\n # therefore, make sure authz_svn is loaded after dav_svn.\n loadfile_name => 'dav_svn_authz_svn.load',\n require => Apache::Mod['dav_svn'],\n }\n }\n}"}, {"name": "apache::mod::dbd", "file": "manifests/mod/dbd.pp", "line": 9, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Used to verify that the Apache version you have requested is compatible with the module.", "name": "apache_version"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_dbd.html"}, {"tag_name": "summary", "text": "Installs `mod_dbd`."}]}, "source": "class apache::mod::dbd {\n ::apache::mod { 'dbd': }\n}"}, {"name": "apache::mod::deflate", "file": "manifests/mod/deflate.pp", "line": 12, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "An array of MIME types to be deflated. See https://www.iana.org/assignments/media-types/media-types.xhtml.", "types": ["Any"], "name": "types"}, {"tag_name": "param", "text": "A Hash where the key represents the type and the value represents the note name.", "types": ["Any"], "name": "notes"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_deflate.html"}, {"tag_name": "summary", "text": "Installs and configures `mod_deflate`."}]}, "defaults": {"types": "[\n 'text/html text/plain text/xml',\n 'text/css',\n 'application/x-javascript application/javascript application/ecmascript',\n 'application/rss+xml',\n 'application/json',\n ]", "notes": "{\n 'Input' => 'instream',\n 'Output' => 'outstream',\n 'Ratio' => 'ratio',\n }"}, "source": "class apache::mod::deflate (\n $types = [\n 'text/html text/plain text/xml',\n 'text/css',\n 'application/x-javascript application/javascript application/ecmascript',\n 'application/rss+xml',\n 'application/json',\n ],\n $notes = {\n 'Input' => 'instream',\n 'Output' => 'outstream',\n 'Ratio' => 'ratio',\n }\n) {\n include apache\n ::apache::mod { 'deflate': }\n\n file { 'deflate.conf':\n ensure => file,\n path => \"${apache::mod_dir}/deflate.conf\",\n mode => $apache::file_mode,\n content => template('apache/mod/deflate.conf.erb'),\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n}"}, {"name": "apache::mod::dev", "file": "manifests/mod/dev.pp", "line": 7, "docstring": {"text": "", "tags": [{"tag_name": "note", "text": "This module is deprecated. Please use `apache::dev`."}, {"tag_name": "summary", "text": "Installs `mod_dev`."}]}, "source": "class apache::mod::dev {\n # Development packages are not apache modules\n warning('apache::mod::dev is deprecated; please use apache::dev')\n include apache::dev\n}"}, {"name": "apache::mod::dir", "file": "manifests/mod/dir.pp", "line": 16, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Specifies the text-based content types to compress.", "name": "types"}, {"tag_name": "param", "text": "Provides a string for the DirectoryIndex directive", "types": ["Array[String]"], "name": "indexes"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "dir"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_dir.html"}, {"tag_name": "summary", "text": "Installs and configures `mod_dir`."}, {"tag_name": "todo", "text": "This sets the global DirectoryIndex directive, so it may be necessary to consider being able to modify the apache::vhost to declare\nDirectoryIndex statements in a vhost configuration"}]}, "defaults": {"dir": "'public_html'", "indexes": "['index.html','index.html.var','index.cgi','index.pl','index.php','index.xhtml']"}, "source": "class apache::mod::dir (\n $dir = 'public_html',\n Array[String] $indexes = ['index.html','index.html.var','index.cgi','index.pl','index.php','index.xhtml'],\n) {\n include apache\n ::apache::mod { 'dir': }\n\n # Template uses\n # - $indexes\n file { 'dir.conf':\n ensure => file,\n path => \"${apache::mod_dir}/dir.conf\",\n mode => $apache::file_mode,\n content => template('apache/mod/dir.conf.erb'),\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n}"}, {"name": "apache::mod::disk_cache", "file": "manifests/mod/disk_cache.pp", "line": 25, "docstring": {"text": "", "tags": [{"tag_name": "note", "text": "Apache 2.2, mod_disk_cache installed. On Apache 2.4, mod_cache_disk installed."}, {"tag_name": "param", "text": "Defines the name of the directory on the disk to contain cache files.\nDefault depends on the Apache version and operating system:\n- Debian: /var/cache/apache2/mod_cache_disk\n- FreeBSD: /var/cache/mod_cache_disk\n- Red Hat, Apache 2.4: /var/cache/httpd/proxy\n- Red Hat, Apache 2.2: /var/cache/mod_proxy", "types": ["Any"], "name": "cache_root"}, {"tag_name": "param", "text": "Specifies HTTP header(s) that should not be stored in the cache.", "types": ["Any"], "name": "cache_ignore_headers"}, {"tag_name": "param", "text": "Default value is true, which enables \"CacheEnable disk /\" in disk_cache.conf for the webserver. This would cache\nevery request to apache by default for every vhost. If set to false the default cache all behaviour is supressed.\nYou can then control this behaviour in individual vhosts by explicitly defining CacheEnable.", "types": ["Boolean"], "name": "default_cache_enable"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/2.2/mod/mod_disk_cache.html"}, {"tag_name": "summary", "text": "Installs and configures `mod_disk_cache`."}]}, "defaults": {"cache_root": "undef", "cache_ignore_headers": "undef", "default_cache_enable": "true"}, "source": "class apache::mod::disk_cache (\n $cache_root = undef,\n $cache_ignore_headers = undef,\n Boolean $default_cache_enable = true,\n) {\n include apache\n if $cache_root {\n $_cache_root = $cache_root\n }\n elsif versioncmp($apache::apache_version, '2.4') >= 0 {\n $_cache_root = $::osfamily ? {\n 'debian' => '/var/cache/apache2/mod_cache_disk',\n 'redhat' => '/var/cache/httpd/proxy',\n 'freebsd' => '/var/cache/mod_cache_disk',\n }\n }\n else {\n $_cache_root = $::osfamily ? {\n 'debian' => '/var/cache/apache2/mod_disk_cache',\n 'redhat' => '/var/cache/mod_proxy',\n 'freebsd' => '/var/cache/mod_disk_cache',\n }\n }\n\n if versioncmp($apache::apache_version, '2.4') >= 0 {\n apache::mod { 'cache_disk': }\n }\n else {\n apache::mod { 'disk_cache': }\n }\n\n Class['::apache::mod::cache'] -> Class['::apache::mod::disk_cache']\n\n # Template uses $_cache_root\n file { 'disk_cache.conf':\n ensure => file,\n path => \"${apache::mod_dir}/disk_cache.conf\",\n mode => $apache::file_mode,\n content => template('apache/mod/disk_cache.conf.erb'),\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n}"}, {"name": "apache::mod::dumpio", "file": "manifests/mod/dumpio.pp", "line": 22, "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "class{'apache':\n default_mods => false,\n log_level => 'dumpio:trace7',\n}\nclass{'apache::mod::dumpio':\n dump_io_input => 'On',\n dump_io_output => 'Off',\n}", "name": ""}, {"tag_name": "param", "text": "Dump all input data to the error log", "types": ["Enum['Off', 'On', 'off', 'on']"], "name": "dump_io_input"}, {"tag_name": "param", "text": "Dump all output data to the error log", "types": ["Enum['Off', 'On', 'off', 'on']"], "name": "dump_io_output"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_dumpio.html"}, {"tag_name": "summary", "text": "Installs and configures `mod_dumpio`."}]}, "defaults": {"dump_io_input": "'Off'", "dump_io_output": "'Off'"}, "source": "class apache::mod::dumpio (\n Enum['Off', 'On', 'off', 'on'] $dump_io_input = 'Off',\n Enum['Off', 'On', 'off', 'on'] $dump_io_output = 'Off',\n) {\n include apache\n\n ::apache::mod { 'dumpio': }\n file { 'dumpio.conf':\n ensure => file,\n path => \"${apache::mod_dir}/dumpio.conf\",\n mode => $apache::file_mode,\n content => template('apache/mod/dumpio.conf.erb'),\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n}"}, {"name": "apache::mod::env", "file": "manifests/mod/env.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_env.html"}, {"tag_name": "summary", "text": "Installs `mod_env`."}]}, "source": "class apache::mod::env {\n ::apache::mod { 'env': }\n}"}, {"name": "apache::mod::event", "file": "manifests/mod/event.pp", "line": 49, "docstring": {"text": "", "tags": [{"tag_name": "note", "text": "You cannot include apache::mod::event with apache::mod::itk, apache::mod::peruser, apache::mod::prefork, or\napache::mod::worker on the same server."}, {"tag_name": "note", "text": "Unsupported platforms: SLES: all"}, {"tag_name": "param", "text": "Sets the number of child server processes created at startup, via the module's `StartServers` directive. Setting this to `false`\nremoves the parameter.", "types": ["Any"], "name": "startservers"}, {"tag_name": "param", "text": "Apache 2.3.12 or older alias for the `MaxRequestWorkers` directive.", "types": ["Any"], "name": "maxclients"}, {"tag_name": "param", "text": "Sets the maximum number of connections Apache can simultaneously process, via the module's `MaxRequestWorkers` directive. Setting\nthese to `false` removes the parameters.", "types": ["Any"], "name": "maxrequestworkers"}, {"tag_name": "param", "text": "Sets the minimum number of idle threads, via the `MinSpareThreads` directive. Setting this to `false` removes the parameters.", "types": ["Any"], "name": "minsparethreads"}, {"tag_name": "param", "text": "Sets the maximum number of idle threads, via the `MaxSpareThreads` directive. Setting this to `false` removes the parameters.", "types": ["Any"], "name": "maxsparethreads"}, {"tag_name": "param", "text": "Number of threads created by each child process.", "types": ["Any"], "name": "threadsperchild"}, {"tag_name": "param", "text": "Apache 2.3.8 or older alias for the `MaxConnectionsPerChild` directive.", "types": ["Any"], "name": "maxrequestsperchild"}, {"tag_name": "param", "text": "Limit on the number of connections that an individual child server will handle during its life.", "types": ["Any"], "name": "maxconnectionsperchild"}, {"tag_name": "param", "text": "Limits the configurable number of processes via the `ServerLimit` directive. Setting this to `false` removes the parameter.", "types": ["Any"], "name": "serverlimit"}, {"tag_name": "param", "text": "Version of Apache to install module on.", "types": ["Any"], "name": "apache_version"}, {"tag_name": "param", "text": "Limits the number of event threads via the module's `ThreadLimit` directive. Setting this to `false` removes the parameter.", "types": ["Any"], "name": "threadlimit"}, {"tag_name": "param", "text": "Sets the maximum length of the pending connections queue via the module's `ListenBackLog` directive. Setting this to `false` removes\nthe parameter.", "types": ["Any"], "name": "listenbacklog"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/event.html"}, {"tag_name": "summary", "text": "Installs and configures `mod_event`."}]}, "defaults": {"startservers": "'2'", "maxclients": "'150'", "maxrequestworkers": "undef", "minsparethreads": "'25'", "maxsparethreads": "'75'", "threadsperchild": "'25'", "maxrequestsperchild": "'0'", "maxconnectionsperchild": "undef", "serverlimit": "'25'", "apache_version": "undef", "threadlimit": "'64'", "listenbacklog": "'511'"}, "source": "class apache::mod::event (\n $startservers = '2',\n $maxclients = '150',\n $maxrequestworkers = undef,\n $minsparethreads = '25',\n $maxsparethreads = '75',\n $threadsperchild = '25',\n $maxrequestsperchild = '0',\n $maxconnectionsperchild = undef,\n $serverlimit = '25',\n $apache_version = undef,\n $threadlimit = '64',\n $listenbacklog = '511',\n) {\n include apache\n\n $_apache_version = pick($apache_version, $apache::apache_version)\n\n if defined(Class['apache::mod::itk']) {\n fail('May not include both apache::mod::event and apache::mod::itk on the same node')\n }\n if defined(Class['apache::mod::peruser']) {\n fail('May not include both apache::mod::event and apache::mod::peruser on the same node')\n }\n if defined(Class['apache::mod::prefork']) {\n fail('May not include both apache::mod::event and apache::mod::prefork on the same node')\n }\n if defined(Class['apache::mod::worker']) {\n fail('May not include both apache::mod::event and apache::mod::worker on the same node')\n }\n File {\n owner => 'root',\n group => $apache::params::root_group,\n mode => $apache::file_mode,\n }\n\n # Template uses:\n # - $startservers\n # - $maxclients\n # - $minsparethreads\n # - $maxsparethreads\n # - $threadsperchild\n # - $maxrequestsperchild\n # - $serverlimit\n file { \"${apache::mod_dir}/event.conf\":\n ensure => file,\n mode => $apache::file_mode,\n content => template('apache/mod/event.conf.erb'),\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n\n case $::osfamily {\n 'redhat': {\n if versioncmp($_apache_version, '2.4') >= 0 {\n apache::mpm { 'event':\n apache_version => $_apache_version,\n }\n }\n }\n 'debian','freebsd' : {\n apache::mpm { 'event':\n apache_version => $_apache_version,\n }\n }\n 'gentoo': {\n ::portage::makeconf { 'apache2_mpms':\n content => 'event',\n }\n }\n default: {\n fail(\"Unsupported osfamily ${::osfamily}\")\n }\n }\n}"}, {"name": "apache::mod::expires", "file": "manifests/mod/expires.pp", "line": 17, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Enables generation of Expires headers.", "types": ["Any"], "name": "expires_active"}, {"tag_name": "param", "text": "Specifies the default algorithm for calculating expiration time using ExpiresByType syntax or interval syntax.", "types": ["Any"], "name": "expires_default"}, {"tag_name": "param", "text": "Describes a set of [MIME content-types](https://www.iana.org/assignments/media-types/media-types.xhtml) and their expiration\ntimes. This should be used as an array of Hashes, with each Hash's key a valid MIME content-type (i.e. 'text/json') and its\nvalue following valid interval syntax.", "types": ["Any"], "name": "expires_by_type"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_expires.html"}, {"tag_name": "summary", "text": "Installs and configures `mod_expires`."}]}, "defaults": {"expires_active": "true", "expires_default": "undef", "expires_by_type": "undef"}, "source": "class apache::mod::expires (\n $expires_active = true,\n $expires_default = undef,\n $expires_by_type = undef,\n) {\n include apache\n ::apache::mod { 'expires': }\n\n # Template uses\n # $expires_active\n # $expires_default\n # $expires_by_type\n file { 'expires.conf':\n ensure => file,\n path => \"${apache::mod_dir}/expires.conf\",\n mode => $apache::file_mode,\n content => template('apache/mod/expires.conf.erb'),\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n}"}, {"name": "apache::mod::ext_filter", "file": "manifests/mod/ext_filter.pp", "line": 17, "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "class { 'apache::mod::ext_filter':\n ext_filter_define => {\n 'slowdown' => 'mode=output cmd=/bin/cat preservescontentlength',\n 'puppetdb-strip' => 'mode=output outtype=application/json cmd=\"pdb-resource-filter\"',\n },\n}", "name": ""}, {"tag_name": "param", "text": "Hash of filter names and their parameters.", "types": ["Optional[Hash]"], "name": "ext_filter_define"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_ext_filter.html"}, {"tag_name": "summary", "text": "Installs and configures `mod_ext_filter`."}]}, "defaults": {"ext_filter_define": "undef"}, "source": "class apache::mod::ext_filter (\n Optional[Hash] $ext_filter_define = undef\n) {\n include apache\n\n ::apache::mod { 'ext_filter': }\n\n # Template uses\n # -$ext_filter_define\n\n if $ext_filter_define {\n file { 'ext_filter.conf':\n ensure => file,\n path => \"${apache::mod_dir}/ext_filter.conf\",\n mode => $apache::file_mode,\n content => template('apache/mod/ext_filter.conf.erb'),\n require => [Exec[\"mkdir ${apache::mod_dir}\"],],\n before => File[$apache::mod_dir],\n notify => Class['Apache::Service'],\n }\n }\n}"}, {"name": "apache::mod::fastcgi", "file": "manifests/mod/fastcgi.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "see", "text": "for additional documentation.", "name": "https://github.com/FastCGI-Archives/mod_fastcgi"}, {"tag_name": "summary", "text": "Installs `mod_fastcgi`."}]}, "source": "class apache::mod::fastcgi {\n include apache\n if ($::osfamily == 'Redhat' and versioncmp($::operatingsystemmajrelease, '7') >= 0) {\n fail('mod_fastcgi is no longer supported on el7 and above.')\n }\n if ($facts['os']['name'] == 'Ubuntu' and versioncmp($facts['os']['release']['major'], '18.04') >= 0) {\n fail('mod_fastcgi is no longer supported on Ubuntu 18.04 and above. Please use mod_proxy_fcgi')\n }\n # Debian specifies it's fastcgi lib path, but RedHat uses the default value\n # with no config file\n $fastcgi_lib_path = $apache::params::fastcgi_lib_path\n\n ::apache::mod { 'fastcgi': }\n\n if $fastcgi_lib_path {\n # Template uses:\n # - $fastcgi_server\n # - $fastcgi_socket\n # - $fastcgi_dir\n file { 'fastcgi.conf':\n ensure => file,\n path => \"${apache::mod_dir}/fastcgi.conf\",\n mode => $apache::file_mode,\n content => template('apache/mod/fastcgi.conf.erb'),\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n }\n}"}, {"name": "apache::mod::fcgid", "file": "manifests/mod/fcgid.pp", "line": 38, "docstring": {"text": "loaded first; Puppet will not automatically enable it if you set the fcgiwrapper parameter in apache::vhost.\n include apache::mod::fcgid\n\n apache::vhost { 'example.org':\n docroot => '/var/www/html',\n directories => {\n path => '/var/www/html',\n fcgiwrapper => {\n command => '/usr/local/bin/fcgiwrapper',\n }\n },\n }", "tags": [{"tag_name": "example", "text": "class { 'apache::mod::fcgid':\n options => {\n 'FcgidIPCDir' => '/var/run/fcgidsock',\n 'SharememPath' => '/var/run/fcgid_shm',\n 'AddHandler' => 'fcgid-script .fcgi',\n },\n}", "name": "The class does not individually parameterize all available options. Instead, configure mod_fcgid using the options hash."}, {"tag_name": "example", "text": "", "name": "If you include apache::mod::fcgid, you can set the [FcgidWrapper][] per directory, per virtual host. The module must be"}, {"tag_name": "param", "text": "Enables generation of Expires headers.", "name": "expires_active"}, {"tag_name": "param", "text": "Default algorithm for calculating expiration time.", "name": "expires_default"}, {"tag_name": "param", "text": "Value of the Expires header configured by MIME type.", "name": "expires_by_type"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "options"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_fcgid.html"}, {"tag_name": "summary", "text": "Installs and configures `mod_fcgid`."}]}, "defaults": {"options": "{}"}, "source": "class apache::mod::fcgid (\n $options = {},\n) {\n include apache\n if ($::osfamily == 'RedHat' and $::operatingsystemmajrelease >= '7') or $::osfamily == 'FreeBSD' {\n $loadfile_name = 'unixd_fcgid.load'\n $conf_name = 'unixd_fcgid.conf'\n } else {\n $loadfile_name = undef\n $conf_name = 'fcgid.conf'\n }\n\n ::apache::mod { 'fcgid':\n loadfile_name => $loadfile_name,\n }\n\n # Template uses:\n # - $options\n file { $conf_name:\n ensure => file,\n path => \"${apache::mod_dir}/${conf_name}\",\n mode => $apache::file_mode,\n content => template('apache/mod/fcgid.conf.erb'),\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n}"}, {"name": "apache::mod::filter", "file": "manifests/mod/filter.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_filter.html"}, {"tag_name": "summary", "text": "Installs `mod_filter`."}]}, "source": "class apache::mod::filter {\n ::apache::mod { 'filter': }\n}"}, {"name": "apache::mod::geoip", "file": "manifests/mod/geoip.pp", "line": 30, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Toggles whether to enable geoip.", "types": ["Any"], "name": "enable"}, {"tag_name": "param", "text": "Path to database for GeoIP to use.", "types": ["Any"], "name": "db_file"}, {"tag_name": "param", "text": "Caching directive to use. Values: 'CheckCache', 'IndexCache', 'MemoryCache', 'Standard'.", "types": ["Any"], "name": "flag"}, {"tag_name": "param", "text": "Output variable locations. Values: 'All', 'Env', 'Request', 'Notes'.", "types": ["Any"], "name": "output"}, {"tag_name": "param", "text": "Changes the output from ISO88591 (Latin1) to UTF8.", "types": ["Any"], "name": "enable_utf8"}, {"tag_name": "param", "text": "Enables the GeoIPScanProxyHeaders option.", "types": ["Any"], "name": "scan_proxy_headers"}, {"tag_name": "param", "text": "Specifies the header mod_geoip uses to determine the client's IP address.", "name": "scan_proxy_headers_field"}, {"tag_name": "param", "text": "Determines whether to use the first or last IP address for the client's IP in a comma-separated list of IP addresses is found.", "types": ["Any"], "name": "use_last_xforwarededfor_ip"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "scan_proxy_header_field"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://dev.maxmind.com/geoip/legacy/mod_geoip2"}, {"tag_name": "summary", "text": "Installs and configures `mod_geoip`."}]}, "defaults": {"enable": "false", "db_file": "'/usr/share/GeoIP/GeoIP.dat'", "flag": "'Standard'", "output": "'All'", "enable_utf8": "undef", "scan_proxy_headers": "undef", "scan_proxy_header_field": "undef", "use_last_xforwarededfor_ip": "undef"}, "source": "class apache::mod::geoip (\n $enable = false,\n $db_file = '/usr/share/GeoIP/GeoIP.dat',\n $flag = 'Standard',\n $output = 'All',\n $enable_utf8 = undef,\n $scan_proxy_headers = undef,\n $scan_proxy_header_field = undef,\n $use_last_xforwarededfor_ip = undef,\n) {\n include apache\n ::apache::mod { 'geoip': }\n\n # Template uses:\n # - enable\n # - db_file\n # - flag\n # - output\n # - enable_utf8\n # - scan_proxy_headers\n # - scan_proxy_header_field\n # - use_last_xforwarededfor_ip\n file { 'geoip.conf':\n ensure => file,\n path => \"${apache::mod_dir}/geoip.conf\",\n mode => $apache::file_mode,\n content => template('apache/mod/geoip.conf.erb'),\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n}"}, {"name": "apache::mod::headers", "file": "manifests/mod/headers.pp", "line": 9, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Version of Apache to install module on.", "name": "apache_version"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_headers.html"}, {"tag_name": "summary", "text": "Installs and configures `mod_headers`."}]}, "source": "class apache::mod::headers {\n ::apache::mod { 'headers': }\n}"}, {"name": "apache::mod::http2", "file": "manifests/mod/http2.pp", "line": 68, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Determine file handling in responses.", "types": ["Optional[Boolean]"], "name": "h2_copy_files"}, {"tag_name": "param", "text": "H2 Direct Protocol Switch.", "types": ["Optional[Boolean]"], "name": "h2_direct"}, {"tag_name": "param", "text": "Determine sending of 103 status codes.", "types": ["Optional[Boolean]"], "name": "h2_early_hints"}, {"tag_name": "param", "text": "Sets maximum number of active streams per HTTP/2 session.", "types": ["Optional[Integer]"], "name": "h2_max_session_streams"}, {"tag_name": "param", "text": "Sets maximum number of seconds h2 workers remain idle until shut down.", "types": ["Optional[Integer]"], "name": "h2_max_worker_idle_seconds"}, {"tag_name": "param", "text": "Sets maximum number of worker threads to use per child process.", "types": ["Optional[Integer]"], "name": "h2_max_workers"}, {"tag_name": "param", "text": "Sets minimal number of worker threads to use per child process.", "types": ["Optional[Integer]"], "name": "h2_min_workers"}, {"tag_name": "param", "text": "Toggles the security checks on HTTP/2 connections in TLS mode", "types": ["Optional[Boolean]"], "name": "h2_modern_tls_only"}, {"tag_name": "param", "text": "Toggles the usage of the HTTP/2 server push protocol feature.", "types": ["Optional[Boolean]"], "name": "h2_push"}, {"tag_name": "param", "text": "Sets maximum number of HTTP/2 server pushes that are remembered per HTTP/2 connection.", "types": ["Optional[Integer]"], "name": "h2_push_diary_size"}, {"tag_name": "param", "text": "Require HTTP/2 connections to be \"modern TLS\" only", "name": "h2_priority"}, {"tag_name": "param", "text": "When added to a directory/location, HTTP/2 PUSHes will be attempted for all paths added\nvia this directive", "types": ["Array[String]"], "name": "h2_push_resource"}, {"tag_name": "param", "text": "Toggles if HTTP/2 requests shall be serialized in HTTP/1.1 format for processing by httpd\ncore or if received binary data shall be passed into the request_recs directly.", "types": ["Optional[Boolean]"], "name": "h2_serialize_headers"}, {"tag_name": "param", "text": "Sets the maximum number of outgoing data bytes buffered in memory for an active streams.", "types": ["Optional[Integer]"], "name": "h2_stream_max_mem_size"}, {"tag_name": "param", "text": "Sets the number of seconds of idle time on a TLS connection before the TLS write size falls\nback to small (~1300 bytes) length.", "types": ["Optional[Integer]"], "name": "h2_tls_cool_down_secs"}, {"tag_name": "param", "text": "Sets the number of bytes to be sent in small TLS records (~1300 bytes) until doing maximum\nsized writes (16k) on https: HTTP/2 connections.", "types": ["Optional[Integer]"], "name": "h2_tls_warm_up_size"}, {"tag_name": "param", "text": "Toggles the usage of the HTTP/1.1 Upgrade method for switching to HTTP/2.", "types": ["Optional[Boolean]"], "name": "h2_upgrade"}, {"tag_name": "param", "text": "Sets the size of the window that is used for flow control from client to server and limits\nthe amount of data the server has to buffer.", "types": ["Optional[Integer]"], "name": "h2_window_size"}, {"tag_name": "param", "text": "Version of Apache to install module on.", "types": ["Optional[String]"], "name": "apache_version"}, {"tag_name": "param", "text": "", "types": ["Array[String]"], "name": "h2_push_priority"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_http2.html"}, {"tag_name": "summary", "text": "Installs and configures `mod_http2`."}]}, "defaults": {"h2_copy_files": "undef", "h2_direct": "undef", "h2_early_hints": "undef", "h2_max_session_streams": "undef", "h2_max_worker_idle_seconds": "undef", "h2_max_workers": "undef", "h2_min_workers": "undef", "h2_modern_tls_only": "undef", "h2_push": "undef", "h2_push_diary_size": "undef", "h2_push_priority": "[]", "h2_push_resource": "[]", "h2_serialize_headers": "undef", "h2_stream_max_mem_size": "undef", "h2_tls_cool_down_secs": "undef", "h2_tls_warm_up_size": "undef", "h2_upgrade": "undef", "h2_window_size": "undef", "apache_version": "undef"}, "source": "class apache::mod::http2 (\n Optional[Boolean] $h2_copy_files = undef,\n Optional[Boolean] $h2_direct = undef,\n Optional[Boolean] $h2_early_hints = undef,\n Optional[Integer] $h2_max_session_streams = undef,\n Optional[Integer] $h2_max_worker_idle_seconds = undef,\n Optional[Integer] $h2_max_workers = undef,\n Optional[Integer] $h2_min_workers = undef,\n Optional[Boolean] $h2_modern_tls_only = undef,\n Optional[Boolean] $h2_push = undef,\n Optional[Integer] $h2_push_diary_size = undef,\n Array[String] $h2_push_priority = [],\n Array[String] $h2_push_resource = [],\n Optional[Boolean] $h2_serialize_headers = undef,\n Optional[Integer] $h2_stream_max_mem_size = undef,\n Optional[Integer] $h2_tls_cool_down_secs = undef,\n Optional[Integer] $h2_tls_warm_up_size = undef,\n Optional[Boolean] $h2_upgrade = undef,\n Optional[Integer] $h2_window_size = undef,\n Optional[String] $apache_version = undef,\n) {\n include apache\n apache::mod { 'http2': }\n\n $_apache_version = pick($apache_version, $apache::apache_version)\n\n file { 'http2.conf':\n ensure => file,\n content => template('apache/mod/http2.conf.erb'),\n mode => $apache::file_mode,\n path => \"${apache::mod_dir}/http2.conf\",\n owner => $apache::params::user,\n group => $apache::params::group,\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n}"}, {"name": "apache::mod::include", "file": "manifests/mod/include.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_include.html"}, {"tag_name": "summary", "text": "Installs `mod_include`."}]}, "source": "class apache::mod::include {\n ::apache::mod { 'include': }\n}"}, {"name": "apache::mod::info", "file": "manifests/mod/info.pp", "line": 19, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Allowlist of IPv4 or IPv6 addresses or ranges that can access the info path.", "types": ["Any"], "name": "allow_from"}, {"tag_name": "param", "text": "Version of Apache to install module on.", "types": ["Any"], "name": "apache_version"}, {"tag_name": "param", "text": "Toggles whether to restrict access to info path. If `false`, the `allow_from` allowlist is ignored and any IP address can\naccess the info path.", "types": ["Any"], "name": "restrict_access"}, {"tag_name": "param", "text": "Path on server to file containing server configuration information.", "types": ["Any"], "name": "info_path"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_info.html"}, {"tag_name": "summary", "text": "Installs and configures `mod_info`."}]}, "defaults": {"allow_from": "['127.0.0.1','::1']", "apache_version": "undef", "restrict_access": "true", "info_path": "'/server-info'"}, "source": "class apache::mod::info (\n $allow_from = ['127.0.0.1','::1'],\n $apache_version = undef,\n $restrict_access = true,\n $info_path = '/server-info',\n) {\n include apache\n $_apache_version = pick($apache_version, $apache::apache_version)\n\n if $::osfamily == 'Suse' {\n if defined(Class['::apache::mod::worker']) {\n $suse_path = '/usr/lib64/apache2-worker'\n } else {\n $suse_path = '/usr/lib64/apache2-prefork'\n }\n ::apache::mod { 'info':\n lib_path => $suse_path,\n }\n } else {\n ::apache::mod { 'info': }\n }\n\n # Template uses $allow_from, $_apache_version\n file { 'info.conf':\n ensure => file,\n path => \"${apache::mod_dir}/info.conf\",\n mode => $apache::file_mode,\n content => template('apache/mod/info.conf.erb'),\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n}"}, {"name": "apache::mod::intercept_form_submit", "file": "manifests/mod/intercept_form_submit.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "see", "text": "for additional documentation.", "name": "https://www.adelton.com/apache/mod_intercept_form_submit"}, {"tag_name": "summary", "text": "Installs `mod_intercept_form_submit`."}]}, "source": "class apache::mod::intercept_form_submit {\n include apache\n ::apache::mod { 'intercept_form_submit': }\n}"}, {"name": "apache::mod::itk", "file": "manifests/mod/itk.pp", "line": 32, "docstring": {"text": "", "tags": [{"tag_name": "note", "text": "Unsupported platforms: CentOS: 8; RedHat: 8; SLES: all"}, {"tag_name": "param", "text": "Number of child server processes created on startup.", "types": ["Any"], "name": "startservers"}, {"tag_name": "param", "text": "Minimum number of idle child server processes.", "types": ["Any"], "name": "minspareservers"}, {"tag_name": "param", "text": "Maximum number of idle child server processes.", "types": ["Any"], "name": "maxspareservers"}, {"tag_name": "param", "text": "Maximum configured value for `MaxRequestWorkers` for the lifetime of the Apache httpd process.", "types": ["Any"], "name": "serverlimit"}, {"tag_name": "param", "text": "Limit on the number of simultaneous requests that will be served.", "types": ["Any"], "name": "maxclients"}, {"tag_name": "param", "text": "Limit on the number of connections that an individual child server process will handle.", "types": ["Any"], "name": "maxrequestsperchild"}, {"tag_name": "param", "text": "Drop most root capabilities in the parent process, and instead run as the user given by the User/Group directives with some extra\ncapabilities (in particular setuid). Somewhat more secure, but can cause problems when serving from filesystems that do not honor\ncapabilities, such as NFS.", "types": ["Any"], "name": "enablecapabilities"}, {"tag_name": "param", "text": "Used to verify that the Apache version you have requested is compatible with the module.", "types": ["Any"], "name": "apache_version"}, {"tag_name": "see", "text": "for additional documentation.", "name": "http://mpm-itk.sesse.net"}, {"tag_name": "summary", "text": "Installs MPM `mod_itk`."}]}, "defaults": {"startservers": "'8'", "minspareservers": "'5'", "maxspareservers": "'20'", "serverlimit": "'256'", "maxclients": "'256'", "maxrequestsperchild": "'4000'", "enablecapabilities": "undef", "apache_version": "undef"}, "source": "class apache::mod::itk (\n $startservers = '8',\n $minspareservers = '5',\n $maxspareservers = '20',\n $serverlimit = '256',\n $maxclients = '256',\n $maxrequestsperchild = '4000',\n $enablecapabilities = undef,\n $apache_version = undef,\n) {\n include apache\n\n $_apache_version = pick($apache_version, $apache::apache_version)\n\n if defined(Class['apache::mod::event']) {\n fail('May not include both apache::mod::itk and apache::mod::event on the same node')\n }\n if defined(Class['apache::mod::peruser']) {\n fail('May not include both apache::mod::itk and apache::mod::peruser on the same node')\n }\n if versioncmp($_apache_version, '2.4') < 0 {\n if defined(Class['apache::mod::prefork']) {\n fail('May not include both apache::mod::itk and apache::mod::prefork on the same node')\n }\n } else {\n # prefork is a requirement for itk in 2.4; except on FreeBSD and Gentoo, which are special\n if $::osfamily =~ /^(FreeBSD|Gentoo)/ {\n if defined(Class['apache::mod::prefork']) {\n fail('May not include both apache::mod::itk and apache::mod::prefork on the same node')\n }\n } else {\n if ! defined(Class['apache::mod::prefork']) {\n include apache::mod::prefork\n }\n }\n }\n if defined(Class['apache::mod::worker']) {\n fail('May not include both apache::mod::itk and apache::mod::worker on the same node')\n }\n File {\n owner => 'root',\n group => $apache::params::root_group,\n mode => $apache::file_mode,\n }\n\n # Template uses:\n # - $startservers\n # - $minspareservers\n # - $maxspareservers\n # - $serverlimit\n # - $maxclients\n # - $maxrequestsperchild\n file { \"${apache::mod_dir}/itk.conf\":\n ensure => file,\n mode => $apache::file_mode,\n content => template('apache/mod/itk.conf.erb'),\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n\n case $::osfamily {\n 'redhat': {\n package { 'httpd-itk':\n ensure => present,\n }\n if versioncmp($_apache_version, '2.4') >= 0 {\n ::apache::mpm { 'itk':\n apache_version => $_apache_version,\n }\n }\n else {\n file_line { '/etc/sysconfig/httpd itk enable':\n ensure => present,\n path => '/etc/sysconfig/httpd',\n line => 'HTTPD=/usr/sbin/httpd.itk',\n match => '#?HTTPD=/usr/sbin/httpd.itk',\n require => Package['httpd'],\n notify => Class['apache::service'],\n }\n }\n }\n 'debian', 'freebsd': {\n apache::mpm { 'itk':\n apache_version => $_apache_version,\n }\n }\n 'gentoo': {\n ::portage::makeconf { 'apache2_mpms':\n content => 'itk',\n }\n }\n default: {\n fail(\"Unsupported osfamily ${::osfamily}\")\n }\n }\n}"}, {"name": "apache::mod::jk", "file": "manifests/mod/jk.pp", "line": 244, "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "class { '::apache::mod::jk':\n ip => '192.168.2.15',\n workers_file => 'conf/workers.properties',\n mount_file => 'conf/uriworkermap.properties',\n shm_file => 'run/jk.shm',\n shm_size => '50M',\n workers_file_content => {\n <Content>\n },\n}", "name": ""}, {"tag_name": "note", "text": "shm_file and log_file\nDepending on how these files are specified, the class creates their final path differently:\n\nRelative path: prepends supplied path with logroot (see below)\nAbsolute path or pipe: uses supplied path as-is\n\n```\nshm_file => 'shm_file'\n# Ends up in\n$shm_path = '/var/log/httpd/shm_file'\n\nshm_file => '/run/shm_file'\n# Ends up in\n$shm_path = '/run/shm_file'\n\nshm_file => '\"|rotatelogs /var/log/httpd/mod_jk.log.%Y%m%d 86400 -180\"'\n# Ends up in\n$shm_path = '\"|rotatelogs /var/log/httpd/mod_jk.log.%Y%m%d 86400 -180\"'\n```"}, {"tag_name": "note", "text": "All parameters are optional. When undefined, some receive default values, while others cause an optional\ndirective to be absent\n\nAdditionally, There is no official package available for mod_jk and thus it must be made available by means outside of the control of the\napache module. Binaries can be found at Apache Tomcat Connectors download page"}, {"tag_name": "param", "text": "IP for binding to mod_jk. Useful when the binding address is not the primary network interface IP.", "types": ["Optional[String]"], "name": "ip"}, {"tag_name": "param", "text": "Port for binding to mod_jk. Useful when something else, like a reverse proxy or cache, is receiving requests at port 80, then\nneeds to forward them to Apache at a different port.", "types": ["Integer"], "name": "port"}, {"tag_name": "param", "text": "Defines if a Listen directive according to parameters ip and port (see below), so that Apache listens to the IP/port combination\nand redirect to mod_jk. Useful when another Listen directive, like Listen *:<Port> or Listen <Port>, can conflict with the one\nnecessary for mod_jk binding.", "types": ["Boolean"], "name": "add_listen"}, {"tag_name": "param", "text": "The name of a worker file for the Tomcat servlet containers.", "types": ["Any"], "name": "workers_file"}, {"tag_name": "param", "text": "Enables setting worker properties inside Apache configuration file.", "types": ["Any"], "name": "worker_property"}, {"tag_name": "param", "text": "The base directory for shm_file and log_file is determined by the logroot parameter. If unspecified, defaults to\napache::params::logroot. The default logroot is sane enough therefore it is not recommended to override it.", "types": ["Any"], "name": "logroot"}, {"tag_name": "param", "text": "Shared memory file name.", "types": ["Any"], "name": "shm_file"}, {"tag_name": "param", "text": "Size of the shared memory file name.", "types": ["Any"], "name": "shm_size"}, {"tag_name": "param", "text": "File containing multiple mappings from a context to a Tomcat worker.", "types": ["Any"], "name": "mount_file"}, {"tag_name": "param", "text": "This directive configures the reload check interval in seconds.", "types": ["Any"], "name": "mount_file_reload"}, {"tag_name": "param", "text": "A mount point from a context to a Tomcat worker.", "types": ["Any"], "name": "mount"}, {"tag_name": "param", "text": "An exclusion mount point from a context to a Tomcat worker.", "types": ["Any"], "name": "un_mount"}, {"tag_name": "param", "text": "Automatically Alias webapp context directories into the Apache document space", "types": ["Any"], "name": "auto_alias"}, {"tag_name": "param", "text": "If this directive is set to \"On\" in some virtual server, the mounts from the global server will be copied\nto this virtual server, more precisely all mounts defined by JkMount or JkUnMount.", "types": ["Any"], "name": "mount_copy"}, {"tag_name": "param", "text": "Name of the Apache environment variable that can be used to set worker names in combination with SetHandler\njakarta-servlet.", "types": ["Any"], "name": "worker_indicator"}, {"tag_name": "param", "text": "This directive configures the watchdog thread interval in seconds.", "types": ["Any"], "name": "watchdog_interval"}, {"tag_name": "param", "text": "Full or server relative path to the mod_jk log file.", "types": ["Any"], "name": "log_file"}, {"tag_name": "param", "text": "The mod_jk log level, can be debug, info, warn error or trace.", "types": ["Any"], "name": "log_level"}, {"tag_name": "param", "text": "The mod_jk date log format, using an extended strftime syntax.", "types": ["Any"], "name": "log_stamp_format"}, {"tag_name": "param", "text": "Request log format string.", "types": ["Any"], "name": "request_log_format"}, {"tag_name": "param", "text": "Turns on SSL processing and information gathering by mod_jk.", "types": ["Any"], "name": "extract_ssl"}, {"tag_name": "param", "text": "Name of the Apache environment variable that contains SSL indication.", "types": ["Any"], "name": "https_indicator"}, {"tag_name": "param", "text": "Name of the Apache environment variable that contains the SSL protocol name.", "types": ["Any"], "name": "sslprotocol_indicator"}, {"tag_name": "param", "text": "Name of the Apache environment variable that contains SSL client certificates.", "types": ["Any"], "name": "certs_indicator"}, {"tag_name": "param", "text": "Name of the Apache environment variable that contains SSL client cipher.", "types": ["Any"], "name": "cipher_indicator"}, {"tag_name": "param", "text": "Name of the Apache environment (prefix) that contains SSL client chain certificates.", "types": ["Any"], "name": "certchain_prefix"}, {"tag_name": "param", "text": "Name of the Apache environment variable that contains SSL session.", "types": ["Any"], "name": "session_indicator"}, {"tag_name": "param", "text": "Name of the Apache environment variable that contains SSL key size in use.", "types": ["Any"], "name": "keysize_indicator"}, {"tag_name": "param", "text": "Name of the Apache environment variable which can be used to overwrite the forwarded local name.", "types": ["Any"], "name": "local_name_indicator"}, {"tag_name": "param", "text": "Name of the Apache environment variable which forces to ignore an existing Content-Length request header.", "types": ["Any"], "name": "ignore_cl_indicator"}, {"tag_name": "param", "text": "Name of the Apache environment variable which can be used to overwrite the forwarded local IP address.", "types": ["Any"], "name": "local_addr_indicator"}, {"tag_name": "param", "text": "Name of the Apache environment variable which can be used to overwrite the forwarded local port.", "types": ["Any"], "name": "local_port_indicator"}, {"tag_name": "param", "text": "Name of the Apache environment variable which can be used to overwrite the forwarded remote (client) host name.", "types": ["Any"], "name": "remote_host_indicator"}, {"tag_name": "param", "text": "Name of the Apache environment variable which can be used to overwrite the forwarded remote (client) IP address.", "types": ["Any"], "name": "remote_addr_indicator"}, {"tag_name": "param", "text": "Name of the Apache environment variable which can be used to overwrite the forwarded remote (client) IP address.", "types": ["Any"], "name": "remote_port_indicator"}, {"tag_name": "param", "text": "Name of the Apache environment variable which can be used to overwrite the forwarded user name.", "types": ["Any"], "name": "remote_user_indicator"}, {"tag_name": "param", "text": "Name of the Apache environment variable which can be used to overwrite the forwarded authentication type.", "types": ["Any"], "name": "auth_type_indicator"}, {"tag_name": "param", "text": "Set one of more options to configure the mod_jk module.", "types": ["Any"], "name": "options"}, {"tag_name": "param", "text": "Adds a name and an optional default value of environment variable that should be sent to servlet-engine as a request attribute.", "types": ["Any"], "name": "env_var"}, {"tag_name": "param", "text": "If this directive is set to On in some virtual server, the session IDs ;jsessionid=... will be removed for URLs which are not\nforwarded but instead are handled by the local server.", "types": ["Any"], "name": "strip_session"}, {"tag_name": "param", "text": "Each directive has the format worker.<Worker name>.<Property>=<Value>. This maps as a hash of hashes, where the outer hash specifies\nworkers, and each inner hash specifies each worker properties and values. Plus, there are two global directives, 'worker.list' and\n'worker.maintain' For example, the workers file below should be parameterized as follows:\n\nWorker file:\n```\nworker.list = status\nworker.list = some_name,other_name\n\nworker.maintain = 60\n\n# Optional comment\nworker.some_name.type=ajp13\nworker.some_name.socket_keepalive=true\n\n# I just like comments\nworker.other_name.type=ajp12 (why would you?)\nworker.other_name.socket_keepalive=false\n```\n\nPuppet file:\n```\n$workers_file_content = {\n worker_lists => ['status', 'some_name,other_name'],\n worker_maintain => '60',\n some_name => {\n comment => 'Optional comment',\n type => 'ajp13',\n socket_keepalive => 'true',\n },\n other_name => {\n comment => 'I just like comments',\n type => 'ajp12',\n socket_keepalive => 'false',\n },\n}\n```", "types": ["Any"], "name": "workers_file_content"}, {"tag_name": "param", "text": "Each directive has the format <URI> = <Worker name>. This maps as a hash of hashes, where the outer hash specifies workers, and\neach inner hash contains two items:\n- uri_list-an array with URIs to be mapped to the worker\n- comment-an optional string with a comment for the worker. For example, the mount file below should be parameterized as Figure 2:\n\nWorker file:\n```\n# Worker 1\n/context_1/ = worker_1\n/context_1/* = worker_1\n\n# Worker 2\n/ = worker_2\n/context_2/ = worker_2\n/context_2/* = worker_2\n```\n\nPuppet file:\n```\n$mount_file_content = {\n worker_1 => {\n uri_list => ['/context_1/', '/context_1/*'],\n comment => 'Worker 1',\n },\n worker_2 => {\n uri_list => ['/context_2/', '/context_2/*'],\n comment => 'Worker 2',\n },\n},\n```", "types": ["Any"], "name": "mount_file_content"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "location_list"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://tomcat.apache.org/connectors-doc/reference/apache.html"}, {"tag_name": "summary", "text": "Installs `mod_jk`."}]}, "defaults": {"ip": "undef", "port": "80", "add_listen": "true", "workers_file": "undef", "worker_property": "{}", "logroot": "undef", "shm_file": "'jk-runtime-status'", "shm_size": "undef", "mount_file": "undef", "mount_file_reload": "undef", "mount": "{}", "un_mount": "{}", "auto_alias": "undef", "mount_copy": "undef", "worker_indicator": "undef", "watchdog_interval": "undef", "log_file": "'mod_jk.log'", "log_level": "undef", "log_stamp_format": "undef", "request_log_format": "undef", "extract_ssl": "undef", "https_indicator": "undef", "sslprotocol_indicator": "undef", "certs_indicator": "undef", "cipher_indicator": "undef", "certchain_prefix": "undef", "session_indicator": "undef", "keysize_indicator": "undef", "local_name_indicator": "undef", "ignore_cl_indicator": "undef", "local_addr_indicator": "undef", "local_port_indicator": "undef", "remote_host_indicator": "undef", "remote_addr_indicator": "undef", "remote_port_indicator": "undef", "remote_user_indicator": "undef", "auth_type_indicator": "undef", "options": "[]", "env_var": "{}", "strip_session": "undef", "location_list": "[]", "workers_file_content": "{}", "mount_file_content": "{}"}, "source": "class apache::mod::jk (\n # Binding to mod_jk\n Optional[String] $ip = undef,\n Integer $port = 80,\n Boolean $add_listen = true,\n # Conf file content\n $workers_file = undef,\n $worker_property = {},\n $logroot = undef,\n $shm_file = 'jk-runtime-status',\n $shm_size = undef,\n $mount_file = undef,\n $mount_file_reload = undef,\n $mount = {},\n $un_mount = {},\n $auto_alias = undef,\n $mount_copy = undef,\n $worker_indicator = undef,\n $watchdog_interval = undef,\n $log_file = 'mod_jk.log',\n $log_level = undef,\n $log_stamp_format = undef,\n $request_log_format = undef,\n $extract_ssl = undef,\n $https_indicator = undef,\n $sslprotocol_indicator = undef,\n $certs_indicator = undef,\n $cipher_indicator = undef,\n $certchain_prefix = undef,\n $session_indicator = undef,\n $keysize_indicator = undef,\n $local_name_indicator = undef,\n $ignore_cl_indicator = undef,\n $local_addr_indicator = undef,\n $local_port_indicator = undef,\n $remote_host_indicator = undef,\n $remote_addr_indicator = undef,\n $remote_port_indicator = undef,\n $remote_user_indicator = undef,\n $auth_type_indicator = undef,\n $options = [],\n $env_var = {},\n $strip_session = undef,\n # Location list\n # See comments in template mod/jk.conf.erb\n $location_list = [],\n # Workers file content\n # See comments in template mod/jk/workers.properties.erb\n $workers_file_content = {},\n # Mount file content\n # See comments in template mod/jk/uriworkermap.properties.erb\n $mount_file_content = {},\n) {\n # Provides important variables\n include apache\n # Manages basic module config\n ::apache::mod { 'jk': }\n\n # Ensure that we are not using variables with the typo fixed by MODULES-6225\n # anymore:\n if !empty($workers_file_content) and has_key($workers_file_content, 'worker_mantain') {\n fail('Please replace $workers_file_content[\\'worker_mantain\\'] by $workers_file_content[\\'worker_maintain\\']. See MODULES-6225 for details.')\n }\n\n # Binding to mod_jk\n if $add_listen {\n $_ip = $ip ? {\n undef => $facts['ipaddress'],\n default => $ip,\n }\n ensure_resource('apache::listen', \"${_ip}:${port}\", {})\n }\n\n # File resource common parameters\n File {\n ensure => file,\n mode => $apache::file_mode,\n notify => Class['apache::service'],\n }\n\n # Shared memory and log paths\n # If logroot unspecified, use default\n $log_dir = $logroot ? {\n undef => $apache::logroot,\n default => $logroot,\n }\n # If absolute path or pipe, use as-is\n # If relative path, prepend with log directory\n # If unspecified, use default\n $shm_path = $shm_file ? {\n undef => \"${log_dir}/jk-runtime-status\",\n /^\\\"?[|\\/]/ => $shm_file,\n default => \"${log_dir}/${shm_file}\",\n }\n $log_path = $log_file ? {\n undef => \"${log_dir}/mod_jk.log\",\n /^\\\"?[|\\/]/ => $log_file,\n default => \"${log_dir}/${log_file}\",\n }\n\n # Main config file\n $mod_dir = $apache::mod_dir\n file { 'jk.conf':\n path => \"${mod_dir}/jk.conf\",\n content => template('apache/mod/jk.conf.erb'),\n require => [\n Exec[\"mkdir ${mod_dir}\"],\n File[$mod_dir],\n ],\n }\n\n # Workers file\n if $workers_file != undef {\n $workers_path = $workers_file ? {\n /^\\// => $workers_file,\n default => \"${apache::httpd_dir}/${workers_file}\",\n }\n file { $workers_path:\n content => template('apache/mod/jk/workers.properties.erb'),\n require => Package['httpd'],\n }\n }\n\n # Mount file\n if $mount_file != undef {\n $mount_path = $mount_file ? {\n /^\\// => $mount_file,\n default => \"${apache::httpd_dir}/${mount_file}\",\n }\n file { $mount_path:\n content => template('apache/mod/jk/uriworkermap.properties.erb'),\n require => Package['httpd'],\n }\n }\n}"}, {"name": "apache::mod::ldap", "file": "manifests/mod/ldap.pp", "line": 51, "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "class { 'apache::mod::ldap':\n ldap_trusted_global_cert_file => '/etc/pki/tls/certs/ldap-trust.crt',\n ldap_trusted_global_cert_type => 'CA_DER',\n ldap_trusted_mode => 'TLS',\n ldap_shared_cache_size => '500000',\n ldap_cache_entries => '1024',\n ldap_cache_ttl => '600',\n ldap_opcache_entries => '1024',\n ldap_opcache_ttl => '600',\n}", "name": ""}, {"tag_name": "note", "text": "Unsupported platforms: CentOS: 8; RedHat: 8"}, {"tag_name": "param", "text": "Used to verify that the Apache version you have requested is compatible with the module.", "types": ["Any"], "name": "apache_version"}, {"tag_name": "param", "text": "Specifies the custom package name.", "types": ["Any"], "name": "package_name"}, {"tag_name": "param", "text": "Sets the file or database containing global trusted Certificate Authority or global client certificates.", "types": ["Any"], "name": "ldap_trusted_global_cert_file"}, {"tag_name": "param", "text": "Sets the certificate parameter of the global trusted Certificate Authority or global client certificates.", "types": ["Optional[String]"], "name": "ldap_trusted_global_cert_type"}, {"tag_name": "param", "text": "Size in bytes of the shared-memory cache", "types": ["Any"], "name": "ldap_shared_cache_size"}, {"tag_name": "param", "text": "Maximum number of entries in the primary LDAP cache", "types": ["Any"], "name": "ldap_cache_entries"}, {"tag_name": "param", "text": "Time that cached items remain valid (in seconds).", "types": ["Any"], "name": "ldap_cache_ttl"}, {"tag_name": "param", "text": "Number of entries used to cache LDAP compare operations", "types": ["Any"], "name": "ldap_opcache_entries"}, {"tag_name": "param", "text": "Time that entries in the operation cache remain valid (in seconds).", "types": ["Any"], "name": "ldap_opcache_ttl"}, {"tag_name": "param", "text": "Specifies the SSL/TLS mode to be used when connecting to an LDAP server.", "types": ["Any"], "name": "ldap_trusted_mode"}, {"tag_name": "param", "text": "The server location of the ldap status page.", "types": ["String"], "name": "ldap_path"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_ldap.html"}, {"tag_name": "summary", "text": "Installs and configures `mod_ldap`."}]}, "defaults": {"apache_version": "undef", "package_name": "undef", "ldap_trusted_global_cert_file": "undef", "ldap_trusted_global_cert_type": "'CA_BASE64'", "ldap_shared_cache_size": "undef", "ldap_cache_entries": "undef", "ldap_cache_ttl": "undef", "ldap_opcache_entries": "undef", "ldap_opcache_ttl": "undef", "ldap_trusted_mode": "undef", "ldap_path": "'/ldap-status'"}, "source": "class apache::mod::ldap (\n $apache_version = undef,\n $package_name = undef,\n $ldap_trusted_global_cert_file = undef,\n Optional[String] $ldap_trusted_global_cert_type = 'CA_BASE64',\n $ldap_shared_cache_size = undef,\n $ldap_cache_entries = undef,\n $ldap_cache_ttl = undef,\n $ldap_opcache_entries = undef,\n $ldap_opcache_ttl = undef,\n $ldap_trusted_mode = undef,\n String $ldap_path = '/ldap-status',\n) {\n include apache\n $_apache_version = pick($apache_version, $apache::apache_version)\n ::apache::mod { 'ldap':\n package => $package_name,\n }\n # Template uses $_apache_version\n file { 'ldap.conf':\n ensure => file,\n path => \"${apache::mod_dir}/ldap.conf\",\n mode => $apache::file_mode,\n content => template('apache/mod/ldap.conf.erb'),\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n}"}, {"name": "apache::mod::lookup_identity", "file": "manifests/mod/lookup_identity.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "see", "text": "for additional documentation.", "name": "https://www.adelton.com/apache/mod_lookup_identity"}, {"tag_name": "summary", "text": "Installs `mod_lookup_identity`"}]}, "source": "class apache::mod::lookup_identity {\n include apache\n ::apache::mod { 'lookup_identity': }\n}"}, {"name": "apache::mod::macro", "file": "manifests/mod/macro.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_macro.html"}, {"tag_name": "summary", "text": "Installs `mod_macro`."}]}, "source": "class apache::mod::macro {\n include apache\n ::apache::mod { 'macro': }\n}"}, {"name": "apache::mod::md", "file": "manifests/mod/md.pp", "line": 95, "docstring": {"text": "", "tags": [{"tag_name": "note", "text": "Unsupported platforms: CentOS: 6, 7; Debian: 8, 9; OracleLinux: all; RedHat: 6, 7; Scientific: all; SLES: all; Ubuntu: 14, 16, 18"}, {"tag_name": "param", "text": "-", "types": ["Optional[String]"], "name": "md_activation_delay"}, {"tag_name": "param", "text": "Control if base server may be managed or only virtual hosts.", "types": ["Optional[Enum['on', 'off']]"], "name": "md_base_server"}, {"tag_name": "param", "text": "Type of ACME challenge used to prove domain ownership.", "types": ["Optional[Array[Enum['dns-01', 'http-01', 'tls-alpn-01']]]"], "name": "md_ca_challenges"}, {"tag_name": "param", "text": "You confirm that you accepted the Terms of Service of the Certificate\nAuthority.", "types": ["Optional[Enum['accepted']]"], "name": "md_certificate_agreement"}, {"tag_name": "param", "text": "The URL of the ACME Certificate Authority service.", "types": ["Optional[Stdlib::HTTPUrl]"], "name": "md_certificate_authority"}, {"tag_name": "param", "text": "-", "types": ["Optional[String]"], "name": "md_certificate_check"}, {"tag_name": "param", "text": "The URL of a certificate log monitor.", "types": ["Optional[String]"], "name": "md_certificate_monitor"}, {"tag_name": "param", "text": "The protocol to use with the Certificate Authority.", "types": ["Optional[Enum['ACME']]"], "name": "md_certificate_protocol"}, {"tag_name": "param", "text": "Exposes public certificate information in JSON.", "types": ["Optional[Enum['on', 'off']]"], "name": "md_certificate_status"}, {"tag_name": "param", "text": "Define a program to be called when the `dns-01` challenge needs to be\nsetup/torn down.", "types": ["Optional[Stdlib::Absolutepath]"], "name": "md_challenge_dns01"}, {"tag_name": "param", "text": "The ACME protocol requires you to give a contact url when you sign up.", "types": ["Optional[String]"], "name": "md_contact_email"}, {"tag_name": "param", "text": "Define a proxy for outgoing connections.", "types": ["Optional[Stdlib::HTTPUrl]"], "name": "md_http_proxy"}, {"tag_name": "param", "text": "Control if the alias domain names are automatically added.", "types": ["Optional[Enum['auto', 'manual']]"], "name": "md_members"}, {"tag_name": "param", "text": "Handle events for Manage Domains.", "types": ["Optional[Stdlib::Absolutepath]"], "name": "md_message_cmd"}, {"tag_name": "param", "text": "Control if new certificates carry the OCSP Must Staple flag.", "types": ["Optional[Enum['on', 'off']]"], "name": "md_must_staple"}, {"tag_name": "param", "text": "Run a program when a Managed Domain is ready.", "types": ["Optional[Stdlib::Absolutepath]"], "name": "md_notify_cmd"}, {"tag_name": "param", "text": "Map external to internal ports for domain ownership verification.", "types": ["Optional[String]"], "name": "md_port_map"}, {"tag_name": "param", "text": "Set type and size of the private keys generated.", "types": ["Optional[String]"], "name": "md_private_keys"}, {"tag_name": "param", "text": "Controls if certificates shall be renewed.", "types": ["Optional[Enum['always', 'auto', 'manual']]"], "name": "md_renew_mode"}, {"tag_name": "param", "text": "Control when a certificate will be renewed.", "types": ["Optional[String]"], "name": "md_renew_window"}, {"tag_name": "param", "text": "Redirects http: traffic to https: for Managed Domains.\nAn http: Virtual Host must nevertheless be setup for that domain.", "types": ["Optional[Enum['off', 'permanent', 'temporary']]"], "name": "md_require_https"}, {"tag_name": "param", "text": "Control if Managed Domain information is added to server-status.", "types": ["Optional[Enum['on', 'off']]"], "name": "md_server_status"}, {"tag_name": "param", "text": "Enable stapling for certificates not managed by mod_md.", "types": ["Optional[Enum['on', 'off']]"], "name": "md_staple_others"}, {"tag_name": "param", "text": "Enable stapling for all or a particular MDomain.", "types": ["Optional[Enum['on', 'off']]"], "name": "md_stapling"}, {"tag_name": "param", "text": "Controls when old responses should be removed.", "types": ["Optional[String]"], "name": "md_stapling_keep_response"}, {"tag_name": "param", "text": "Control when the stapling responses will be renewed.", "types": ["Optional[String]"], "name": "md_stapling_renew_window"}, {"tag_name": "param", "text": "Path on the local file system to store the Managed Domains data.", "types": ["Optional[Stdlib::Absolutepath]"], "name": "md_store_dir"}, {"tag_name": "param", "text": "Define the time window when you want to be warned about an expiring\ncertificate.", "types": ["Optional[String]"], "name": "md_warn_window"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_md.html"}, {"tag_name": "summary", "text": "Installs and configures `mod_md`."}]}, "defaults": {"md_activation_delay": "undef", "md_base_server": "undef", "md_ca_challenges": "undef", "md_certificate_agreement": "undef", "md_certificate_authority": "undef", "md_certificate_check": "undef", "md_certificate_monitor": "undef", "md_certificate_protocol": "undef", "md_certificate_status": "undef", "md_challenge_dns01": "undef", "md_contact_email": "undef", "md_http_proxy": "undef", "md_members": "undef", "md_message_cmd": "undef", "md_must_staple": "undef", "md_notify_cmd": "undef", "md_port_map": "undef", "md_private_keys": "undef", "md_renew_mode": "undef", "md_renew_window": "undef", "md_require_https": "undef", "md_server_status": "undef", "md_staple_others": "undef", "md_stapling": "undef", "md_stapling_keep_response": "undef", "md_stapling_renew_window": "undef", "md_store_dir": "undef", "md_warn_window": "undef"}, "source": "class apache::mod::md (\n Optional[String] $md_activation_delay = undef,\n Optional[Enum['on', 'off']] $md_base_server = undef,\n Optional[Array[Enum['dns-01', 'http-01', 'tls-alpn-01']]] $md_ca_challenges = undef,\n Optional[Enum['accepted']] $md_certificate_agreement = undef,\n Optional[Stdlib::HTTPUrl] $md_certificate_authority = undef,\n Optional[String] $md_certificate_check = undef, # undocumented\n Optional[String] $md_certificate_monitor = undef,\n Optional[Enum['ACME']] $md_certificate_protocol = undef,\n Optional[Enum['on', 'off']] $md_certificate_status = undef,\n Optional[Stdlib::Absolutepath] $md_challenge_dns01 = undef,\n Optional[String] $md_contact_email = undef,\n Optional[Stdlib::HTTPUrl] $md_http_proxy = undef,\n Optional[Enum['auto', 'manual']] $md_members = undef,\n Optional[Stdlib::Absolutepath] $md_message_cmd = undef,\n Optional[Enum['on', 'off']] $md_must_staple = undef,\n Optional[Stdlib::Absolutepath] $md_notify_cmd = undef,\n Optional[String] $md_port_map = undef,\n Optional[String] $md_private_keys = undef,\n Optional[Enum['always', 'auto', 'manual']] $md_renew_mode = undef,\n Optional[String] $md_renew_window = undef,\n Optional[Enum['off', 'permanent', 'temporary']] $md_require_https = undef,\n Optional[Enum['on', 'off']] $md_server_status = undef,\n Optional[Enum['on', 'off']] $md_staple_others = undef,\n Optional[Enum['on', 'off']] $md_stapling = undef,\n Optional[String] $md_stapling_keep_response = undef,\n Optional[String] $md_stapling_renew_window = undef,\n Optional[Stdlib::Absolutepath] $md_store_dir = undef,\n Optional[String] $md_warn_window = undef,\n) {\n include apache\n include apache::mod::watchdog\n\n apache::mod { 'md':\n }\n\n file { 'md.conf':\n ensure => file,\n path => \"${apache::mod_dir}/md.conf\",\n mode => $apache::file_mode,\n content => epp('apache/mod/md.conf.epp'),\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n}"}, {"name": "apache::mod::mime", "file": "manifests/mod/mime.pp", "line": 15, "inherits": "::apache::params", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Name of the MIME package to be installed.", "types": ["Any"], "name": "mime_support_package"}, {"tag_name": "param", "text": "The location of the mime.types file.", "types": ["Any"], "name": "mime_types_config"}, {"tag_name": "param", "text": "List of additional MIME types to include.", "types": ["Any"], "name": "mime_types_additional"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_mime.html"}, {"tag_name": "summary", "text": "Installs and configures `mod_mime`."}]}, "defaults": {"mime_support_package": "$apache::params::mime_support_package", "mime_types_config": "$apache::params::mime_types_config", "mime_types_additional": "undef"}, "source": "class apache::mod::mime (\n $mime_support_package = $apache::params::mime_support_package,\n $mime_types_config = $apache::params::mime_types_config,\n $mime_types_additional = undef,\n) inherits ::apache::params {\n include apache\n $_mime_types_additional = pick($mime_types_additional, $apache::mime_types_additional)\n apache::mod { 'mime': }\n # Template uses $_mime_types_config\n file { 'mime.conf':\n ensure => file,\n path => \"${apache::mod_dir}/mime.conf\",\n mode => $apache::file_mode,\n content => template('apache/mod/mime.conf.erb'),\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n if $mime_support_package {\n package { $mime_support_package:\n ensure => 'installed',\n before => File['mime.conf'],\n }\n }\n}"}, {"name": "apache::mod::mime_magic", "file": "manifests/mod/mime_magic.pp", "line": 9, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Enable MIME-type determination based on file contents using the specified magic file.", "types": ["Any"], "name": "magic_file"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_mime_magic.html"}, {"tag_name": "summary", "text": "Installs and configures `mod_mime_magic`."}]}, "defaults": {"magic_file": "undef"}, "source": "class apache::mod::mime_magic (\n $magic_file = undef,\n) {\n include apache\n $_magic_file = pick($magic_file, \"${apache::conf_dir}/magic\")\n apache::mod { 'mime_magic': }\n # Template uses $magic_file\n file { 'mime_magic.conf':\n ensure => file,\n path => \"${apache::mod_dir}/mime_magic.conf\",\n mode => $apache::file_mode,\n content => template('apache/mod/mime_magic.conf.erb'),\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n}"}, {"name": "apache::mod::negotiation", "file": "manifests/mod/negotiation.pp", "line": 12, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Action to take if a single acceptable document is not found.", "types": ["Variant[Array[String], String]"], "name": "force_language_priority"}, {"tag_name": "param", "text": "The precedence of language variants for cases where the client does not express a preference.", "types": ["Variant[Array[String], String]"], "name": "language_priority"}, {"tag_name": "see", "text": "for additional documentation.", "name": "[https://httpd.apache.org/docs/current/mod/mod_negotiation.html"}, {"tag_name": "summary", "text": "Installs and configures `mod_negotiation`."}]}, "defaults": {"force_language_priority": "'Prefer Fallback'", "language_priority": "['en', 'ca', 'cs', 'da', 'de', 'el', 'eo', 'es', 'et',\n 'fr', 'he', 'hr', 'it', 'ja', 'ko', 'ltz', 'nl', 'nn',\n 'no', 'pl', 'pt', 'pt-BR', 'ru', 'sv', 'zh-CN',\n 'zh-TW']"}, "source": "class apache::mod::negotiation (\n Variant[Array[String], String] $force_language_priority = 'Prefer Fallback',\n Variant[Array[String], String] $language_priority = ['en', 'ca', 'cs', 'da', 'de', 'el', 'eo', 'es', 'et',\n 'fr', 'he', 'hr', 'it', 'ja', 'ko', 'ltz', 'nl', 'nn',\n 'no', 'pl', 'pt', 'pt-BR', 'ru', 'sv', 'zh-CN',\n 'zh-TW'],\n) {\n include apache\n\n ::apache::mod { 'negotiation': }\n # Template uses no variables\n file { 'negotiation.conf':\n ensure => file,\n mode => $apache::file_mode,\n path => \"${apache::mod_dir}/negotiation.conf\",\n content => template('apache/mod/negotiation.conf.erb'),\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n}"}, {"name": "apache::mod::nss", "file": "manifests/mod/nss.pp", "line": 18, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Path to `access.log`.", "types": ["Any"], "name": "transfer_log"}, {"tag_name": "param", "text": "Path to `error.log`", "name": "error_Log"}, {"tag_name": "param", "text": "Path to file containing token passwords used for NSSPassPhraseDialog.", "types": ["Any"], "name": "passwd_file"}, {"tag_name": "param", "text": "Sets the SSL port that should be used by mod_nss.", "types": ["Any"], "name": "port"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "error_log"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://pagure.io/mod_nss"}, {"tag_name": "summary", "text": "Installs and configures `mod_nss`."}]}, "defaults": {"transfer_log": "\"${apache::params::logroot}/access.log\"", "error_log": "\"${apache::params::logroot}/error.log\"", "passwd_file": "undef", "port": "8443"}, "source": "class apache::mod::nss (\n $transfer_log = \"${apache::params::logroot}/access.log\",\n $error_log = \"${apache::params::logroot}/error.log\",\n $passwd_file = undef,\n $port = 8443,\n) {\n include apache\n include apache::mod::mime\n\n apache::mod { 'nss': }\n\n $httpd_dir = $apache::httpd_dir\n\n # Template uses:\n # $transfer_log\n # $error_log\n # $http_dir\n # passwd_file\n file { 'nss.conf':\n ensure => file,\n path => \"${apache::mod_dir}/nss.conf\",\n mode => $apache::file_mode,\n content => template('apache/mod/nss.conf.erb'),\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n}"}, {"name": "apache::mod::pagespeed", "file": "manifests/mod/pagespeed.pp", "line": 16, "docstring": {"text": "Although this apache module requires the mod-pagespeed-stable package, Puppet does not manage the software repositories required to\nautomatically install the package. If you declare this class when the package is either not installed or not available to your\npackage manager, your Puppet run will fail.", "tags": [{"tag_name": "note", "text": "Verify that your system is compatible with the latest Google Pagespeed requirements."}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "inherit_vhost_config"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "filter_xhtml"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "cache_path"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "log_dir"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "memcache_servers"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "rewrite_level"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "disable_filters"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "enable_filters"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "forbid_filters"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "rewrite_deadline_per_flush_ms"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "additional_domains"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "file_cache_size_kb"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "file_cache_clean_interval_ms"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "lru_cache_per_process"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "lru_cache_byte_limit"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "css_flatten_max_bytes"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "css_inline_max_bytes"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "css_image_inline_max_bytes"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "image_inline_max_bytes"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "js_inline_max_bytes"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "css_outline_min_bytes"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "js_outline_min_bytes"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "inode_limit"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "image_max_rewrites_at_once"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "num_rewrite_threads"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "num_expensive_rewrite_threads"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "collect_statistics"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "statistics_logging"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "allow_view_stats"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "allow_pagespeed_console"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "allow_pagespeed_message"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "message_buffer_size"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "additional_configuration"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "apache_version"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "package_ensure"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://developers.google.com/speed/pagespeed/module/"}, {"tag_name": "summary", "text": "Installs and configures `mod_pagespeed`."}, {"tag_name": "todo", "text": "Add docs"}]}, "defaults": {"inherit_vhost_config": "'on'", "filter_xhtml": "false", "cache_path": "'/var/cache/mod_pagespeed/'", "log_dir": "'/var/log/pagespeed'", "memcache_servers": "[]", "rewrite_level": "'CoreFilters'", "disable_filters": "[]", "enable_filters": "[]", "forbid_filters": "[]", "rewrite_deadline_per_flush_ms": "10", "additional_domains": "undef", "file_cache_size_kb": "102400", "file_cache_clean_interval_ms": "3600000", "lru_cache_per_process": "1024", "lru_cache_byte_limit": "16384", "css_flatten_max_bytes": "2048", "css_inline_max_bytes": "2048", "css_image_inline_max_bytes": "2048", "image_inline_max_bytes": "2048", "js_inline_max_bytes": "2048", "css_outline_min_bytes": "3000", "js_outline_min_bytes": "3000", "inode_limit": "500000", "image_max_rewrites_at_once": "8", "num_rewrite_threads": "4", "num_expensive_rewrite_threads": "4", "collect_statistics": "'on'", "statistics_logging": "'on'", "allow_view_stats": "[]", "allow_pagespeed_console": "[]", "allow_pagespeed_message": "[]", "message_buffer_size": "100000", "additional_configuration": "{}", "apache_version": "undef", "package_ensure": "undef"}, "source": "class apache::mod::pagespeed (\n $inherit_vhost_config = 'on',\n $filter_xhtml = false,\n $cache_path = '/var/cache/mod_pagespeed/',\n $log_dir = '/var/log/pagespeed',\n $memcache_servers = [],\n $rewrite_level = 'CoreFilters',\n $disable_filters = [],\n $enable_filters = [],\n $forbid_filters = [],\n $rewrite_deadline_per_flush_ms = 10,\n $additional_domains = undef,\n $file_cache_size_kb = 102400,\n $file_cache_clean_interval_ms = 3600000,\n $lru_cache_per_process = 1024,\n $lru_cache_byte_limit = 16384,\n $css_flatten_max_bytes = 2048,\n $css_inline_max_bytes = 2048,\n $css_image_inline_max_bytes = 2048,\n $image_inline_max_bytes = 2048,\n $js_inline_max_bytes = 2048,\n $css_outline_min_bytes = 3000,\n $js_outline_min_bytes = 3000,\n $inode_limit = 500000,\n $image_max_rewrites_at_once = 8,\n $num_rewrite_threads = 4,\n $num_expensive_rewrite_threads = 4,\n $collect_statistics = 'on',\n $statistics_logging = 'on',\n $allow_view_stats = [],\n $allow_pagespeed_console = [],\n $allow_pagespeed_message = [],\n $message_buffer_size = 100000,\n $additional_configuration = {},\n $apache_version = undef,\n $package_ensure = undef,\n) {\n include apache\n $_apache_version = pick($apache_version, $apache::apache_version)\n $_lib = $_apache_version ? {\n '2.4' => 'mod_pagespeed_ap24.so',\n default => undef\n }\n\n apache::mod { 'pagespeed':\n lib => $_lib,\n package_ensure => $package_ensure,\n }\n\n # Template uses $_apache_version\n file { 'pagespeed.conf':\n ensure => file,\n path => \"${apache::mod_dir}/pagespeed.conf\",\n mode => $apache::file_mode,\n content => template('apache/mod/pagespeed.conf.erb'),\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n}"}, {"name": "apache::mod::passenger", "file": "manifests/mod/passenger.pp", "line": 306, "inherits": "::apache::params", "docstring": {"text": "The current set of server configurations settings were taken directly from the Passenger Reference. To enable deprecation warnings\nand removal failure messages, set the passenger_installed_version to the version number installed on the server.\n\nChange Log:\n - As of 08/13/2017 there are 84 available/deprecated/removed settings.\n - Around 08/20/2017 UnionStation was discontinued options were removed.\n - As of 08/20/2017 there are 77 available/deprecated/removed settings.", "tags": [{"tag_name": "note", "text": "In Passenger source code you can strip out what are all the available options by looking in\n - src/apache2_module/Configuration.cpp\n - src/apache2_module/ConfigurationCommands.cpp\nThere are also several undocumented settings."}, {"tag_name": "note", "text": "For Red Hat based systems, ensure that you meet the minimum requirements described in the passenger docs."}, {"tag_name": "param", "text": "Toggle whether to manage yum repo if on a RedHat node.", "types": ["Any"], "name": "manage_repo"}, {"tag_name": "param", "text": "Specifies the package id.", "types": ["Any"], "name": "mod_id"}, {"tag_name": "param", "text": "Defines the module's shared object name. Do not configure manually without special reason.", "types": ["Any"], "name": "mod_lib"}, {"tag_name": "param", "text": "Specifies a path to the module's libraries. Do not manually set this parameter without special reason. The `path` parameter overrides\nthis value.", "types": ["Any"], "name": "mod_lib_path"}, {"tag_name": "param", "text": "Name of the module package to install.", "types": ["Any"], "name": "mod_package"}, {"tag_name": "param", "text": "Determines whether Puppet ensures the module should be installed.", "types": ["Any"], "name": "mod_package_ensure"}, {"tag_name": "param", "text": "Specifies a path to the module. Do not manually set this parameter without a special reason.", "types": ["Any"], "name": "mod_path"}, {"tag_name": "param", "text": "Toggle whether URLs with encoded slashes (%2f) can be used (by default Apache does not support this).", "types": ["Any"], "name": "passenger_allow_encoded_slashes"}, {"tag_name": "param", "text": "This option sets, for the current application, the value of the following environment variables:\n- RAILS_ENV\n- RACK_ENV\n- WSGI_ENV\n- NODE_ENV\n- PASSENGER_APP_ENV", "types": ["Any"], "name": "passenger_app_env"}, {"tag_name": "param", "text": "Sets the name of the application group that the current application should belong to.", "types": ["Any"], "name": "passenger_app_group_name"}, {"tag_name": "param", "text": "Path to the application root which allows access independent from the DocumentRoot.", "types": ["Any"], "name": "passenger_app_root"}, {"tag_name": "param", "text": "Specifies the type of the application. If you set this option, then you must also set PassengerAppRoot, otherwise Passenger will\nnot properly recognize your application.", "types": ["Any"], "name": "passenger_app_type"}, {"tag_name": "param", "text": "Used to specify that the given URI is an distinct application that should be served by Passenger.", "types": ["Any"], "name": "passenger_base_uri"}, {"tag_name": "param", "text": "Toggle whether application-generated responses are buffered by Apache. Buffering will happen in memory.", "types": ["Any"], "name": "passenger_buffer_response"}, {"tag_name": "param", "text": "Toggle whether HTTP client request bodies are buffered before they are sent to the application.", "types": ["Any"], "name": "passenger_buffer_upload"}, {"tag_name": "param", "text": "Specifies the I/O concurrency model that should be used for Ruby application processes.", "types": ["Any"], "name": "passenger_concurrency_model"}, {"tag_name": "param", "types": ["Any"], "name": "passenger_conf_file"}, {"tag_name": "param", "types": ["Any"], "name": "passenger_conf_package_file"}, {"tag_name": "param", "text": "Specifies the directory in which to store data buffers.", "types": ["Any"], "name": "passenger_data_buffer_dir"}, {"tag_name": "param", "types": ["Any"], "name": "passenger_debug_log_file"}, {"tag_name": "param", "text": "Turns support for Ruby application debugging on or off.", "types": ["Any"], "name": "passenger_debugger"}, {"tag_name": "param", "text": "Allows you to specify the group that applications must run as, if user switching fails or is disabled.", "types": ["Any"], "name": "passenger_default_group"}, {"tag_name": "param", "text": "File path to desired ruby interpreter to use by default.", "types": ["Any"], "name": "passenger_default_ruby"}, {"tag_name": "param", "text": "Allows you to specify the user that applications must run as, if user switching fails or is disabled.", "types": ["Any"], "name": "passenger_default_user"}, {"tag_name": "param", "text": "Allows disabling the Passenger security update check, a daily check with https://securitycheck.phusionpassenger.com for important\nsecurity updates that might be available.", "types": ["Any"], "name": "passenger_disable_security_update_check"}, {"tag_name": "param", "text": "Toggles whether Passenger should be enabled for that particular context.", "types": ["Any"], "name": "passenger_enabled"}, {"tag_name": "param", "text": "Toggles whether Apache will intercept and handle responses with HTTP status codes of 400 and higher.", "types": ["Any"], "name": "passenger_error_override"}, {"tag_name": "param", "text": "Log file descriptor debug tracing messages to the given file.", "types": ["Any"], "name": "passenger_file_descriptor_log_file"}, {"tag_name": "param", "text": "Enables the Flying Passenger mode, and configures Apache to connect to the Flying Passenger daemon that's listening on the\ngiven socket filename.", "types": ["Any"], "name": "passenger_fly_with"}, {"tag_name": "param", "text": "Use this option to tell Passenger how many concurrent requests the application can handle per process.", "types": ["Any"], "name": "passenger_force_max_concurrent_requests_per_process"}, {"tag_name": "param", "text": "Toggles whether Passenger should display friendly error pages whenever an application fails to start.", "types": ["Any"], "name": "passenger_friendly_error_pages"}, {"tag_name": "param", "text": "Allows you to override that behavior and explicitly set a group to run the web application as, regardless of the ownership of the\nstartup file.", "types": ["Any"], "name": "passenger_group"}, {"tag_name": "param", "text": "Toggles whether to enable PassengerHighPerformance which will make Passenger will be a little faster, in return for reduced\ncompatibility with other Apache modules.", "types": ["Any"], "name": "passenger_high_performance"}, {"tag_name": "param", "types": ["Any"], "name": "passenger_installed_version"}, {"tag_name": "param", "text": "Specifies the directory that Passenger should use for registering its current instance.", "types": ["Any"], "name": "passenger_instance_registry_dir"}, {"tag_name": "param", "text": "Enables or disables the loading of shell environment variables before spawning the application.", "types": ["Any"], "name": "passenger_load_shell_envvars"}, {"tag_name": "param", "text": "File path to log file. By default Passenger log messages are written to the Apache global error log.", "types": ["Optional[Stdlib::Absolutepath]"], "name": "passenger_log_file"}, {"tag_name": "param", "text": "Specifies how much information Passenger should log to its log file. A higher log level value means that more\ninformation will be logged.", "types": ["Any"], "name": "passenger_log_level"}, {"tag_name": "param", "text": "When using Passenger on a LVE-enabled kernel, a security check (enter) is run for spawning application processes. This options\ntells the check to only allow processes with UIDs equal to, or higher than, the specified value.", "types": ["Any"], "name": "passenger_lve_min_uid"}, {"tag_name": "param", "text": "The maximum number of application processes that may simultaneously exist for an application.", "types": ["Any"], "name": "passenger_max_instances"}, {"tag_name": "param", "text": "The maximum number of application processes that may simultaneously exist for a single application.", "types": ["Any"], "name": "passenger_max_instances_per_app"}, {"tag_name": "param", "text": "The maximum number of application processes that may simultaneously exist.", "types": ["Any"], "name": "passenger_max_pool_size"}, {"tag_name": "param", "text": "Set the preloader's idle timeout, in seconds. A value of 0 means that it should never idle timeout.", "types": ["Any"], "name": "passenger_max_preloader_idle_time"}, {"tag_name": "param", "text": "Specifies the maximum size for the queue of all incoming requests.", "types": ["Any"], "name": "passenger_max_request_queue_size"}, {"tag_name": "param", "text": "The maximum amount of time, in seconds, that an application process may take to process a request.", "types": ["Any"], "name": "passenger_max_request_time"}, {"tag_name": "param", "text": "The maximum number of requests an application process will process.", "types": ["Any"], "name": "passenger_max_requests"}, {"tag_name": "param", "text": "The maximum amount of memory that an application process may use, in megabytes.", "types": ["Any"], "name": "passenger_memory_limit"}, {"tag_name": "param", "text": "When using a Meteor application in non-bundled mode, use this option to specify a JSON file with settings for the application.", "types": ["Any"], "name": "passenger_meteor_app_settings"}, {"tag_name": "param", "text": "Specifies the minimum number of application processes that should exist for a given application.", "types": ["Any"], "name": "passenger_min_instances"}, {"tag_name": "param", "text": "Specifies the Node.js command to use for serving Node.js web applications.", "types": ["Any"], "name": "passenger_nodejs"}, {"tag_name": "param", "text": "The maximum number of seconds that an application process may be idle.", "types": ["Any"], "name": "passenger_pool_idle_time"}, {"tag_name": "param", "text": "URL of the web application you want to pre-start.", "types": ["Optional[Variant[String,Array[String]]]"], "name": "passenger_pre_start"}, {"tag_name": "param", "text": "Specifies the Python interpreter to use for serving Python web applications.", "types": ["Any"], "name": "passenger_python"}, {"tag_name": "param", "text": "Enables or disables resistance against deployment errors.", "types": ["Any"], "name": "passenger_resist_deployment_errors"}, {"tag_name": "param", "text": "This option is no longer available in version 5.2.0. Switch to PassengerAppRoot if you are setting the application root via a\ndocument root containing symlinks.", "types": ["Any"], "name": "passenger_resolve_symlinks_in_document_root"}, {"tag_name": "param", "text": "Configures the maximum size of the real-time disk-backed response buffering system.", "types": ["Any"], "name": "passenger_response_buffer_high_watermark"}, {"tag_name": "param", "text": "Path to directory containing restart.txt file. Can be either absolute or relative.", "types": ["Any"], "name": "passenger_restart_dir"}, {"tag_name": "param", "text": "Enables or disables support for zero-downtime application restarts through restart.txt.", "types": ["Any"], "name": "passenger_rolling_restarts"}, {"tag_name": "param", "text": "Refers to the location to the Passenger root directory, or to a location configuration file.", "types": ["Any"], "name": "passenger_root"}, {"tag_name": "param", "text": "Specifies the Ruby interpreter to use for serving Ruby web applications.", "types": ["Any"], "name": "passenger_ruby"}, {"tag_name": "param", "text": "Allows use of an intermediate proxy for the Passenger security update check.", "types": ["Any"], "name": "passenger_security_update_check_proxy"}, {"tag_name": "param", "text": "Toggle whether Passenger will output its version number in the X-Powered-By header in all Passenger-served requests:", "types": ["Any"], "name": "passenger_show_version_in_header"}, {"tag_name": "param", "text": "This option can be raised if Apache manages to overflow the backlog queue.", "types": ["Any"], "name": "passenger_socket_backlog"}, {"tag_name": "param", "text": "Controls whether Passenger spawns applications directly, or using a prefork copy-on-write mechanism.", "types": ["Optional[Enum['smart', 'direct', 'smart-lv2', 'conservative']]"], "name": "passenger_spawn_method"}, {"tag_name": "param", "text": "Specifies a timeout for the startup of application processes.", "types": ["Any"], "name": "passenger_start_timeout"}, {"tag_name": "param", "text": "Specifies the startup file that Passenger should use when loading the application.", "types": ["Any"], "name": "passenger_startup_file"}, {"tag_name": "param", "text": "Setting this option to a value of x means that certain filesystem checks will be performed at most once every x seconds.", "types": ["Any"], "name": "passenger_stat_throttle_rate"}, {"tag_name": "param", "text": "Toggles whether all requests that a client sends will be routed to the same originating application process, whenever possible.", "types": ["Any"], "name": "passenger_sticky_sessions"}, {"tag_name": "param", "text": "Sets the name of the sticky sessions cookie.", "types": ["Any"], "name": "passenger_sticky_sessions_cookie_name"}, {"tag_name": "param", "text": "Specifies the number of threads that Passenger should spawn per Ruby application process.", "types": ["Any"], "name": "passenger_thread_count"}, {"tag_name": "param", "text": "N/A.", "types": ["Any"], "name": "passenger_use_global_queue"}, {"tag_name": "param", "text": "Allows you to override that behavior and explicitly set a user to run the web application as, regardless of the ownership of the\nstartup file.", "types": ["Any"], "name": "passenger_user"}, {"tag_name": "param", "text": "Toggles whether to attempt to enable user account sandboxing, also known as user switching.", "types": ["Any"], "name": "passenger_user_switching"}, {"tag_name": "param", "text": "This option has been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.", "types": ["Any"], "name": "rack_auto_detect"}, {"tag_name": "param", "text": "This option has been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.", "types": ["Any"], "name": "rack_autodetect"}, {"tag_name": "param", "text": "Deprecated in 3.0.0 in favor of PassengerBaseURI.", "types": ["Any"], "name": "rack_base_uri"}, {"tag_name": "param", "text": "Alias for PassengerAppEnv.", "types": ["Any"], "name": "rack_env"}, {"tag_name": "param", "text": "This option doesn't do anything anymore since version 4.0.0.", "types": ["Any"], "name": "rails_allow_mod_rewrite"}, {"tag_name": "param", "text": "This option has been removed in version 4.0.0, and replaced with PassengerMaxPreloaderIdleTime.", "types": ["Any"], "name": "rails_app_spawner_idle_time"}, {"tag_name": "param", "text": "This option has been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.", "types": ["Any"], "name": "rails_auto_detect"}, {"tag_name": "param", "text": "This option has been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.", "types": ["Any"], "name": "rails_autodetect"}, {"tag_name": "param", "text": "Deprecated in 3.0.0 in favor of PassengerBaseURI.", "types": ["Any"], "name": "rails_base_uri"}, {"tag_name": "param", "text": "Deprecated in 3.0.0 in favor of PassengerDefaultUser", "types": ["Any"], "name": "rails_default_user"}, {"tag_name": "param", "text": "Alias for PassengerAppEnv.", "types": ["Any"], "name": "rails_env"}, {"tag_name": "param", "text": "This option is no longer available in version 4.0.0. There is no alternative because framework spawning has been removed\naltogether. You should use smart spawning instead.", "types": ["Any"], "name": "rails_framework_spawner_idle_time"}, {"tag_name": "param", "text": "Deprecated in 3.0.0 in favor of PassengerRuby.", "types": ["Any"], "name": "rails_ruby"}, {"tag_name": "param", "text": "Deprecated in 3.0.0 in favor of PassengerSpawnMethod.", "types": ["Any"], "name": "rails_spawn_method"}, {"tag_name": "param", "text": "Deprecated in 3.0.0 in favor of PassengerUserSwitching.", "types": ["Any"], "name": "rails_user_switching"}, {"tag_name": "param", "text": "This option has been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.", "types": ["Any"], "name": "wsgi_auto_detect"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "passenger_anonymous_telemetry_proxy"}, {"tag_name": "param", "text": "", "types": ["Optional[Boolean]"], "name": "passenger_disable_anonymous_telemetry"}, {"tag_name": "param", "text": "", "types": ["Optional[Boolean]"], "name": "passenger_disable_log_prefix"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "passenger_spawn_dir"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "passenger_sticky_sessions_cookie_attributes"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://www.phusionpassenger.com/docs/references/config_reference/apache/"}, {"tag_name": "summary", "text": "Installs `mod_pasenger`."}]}, "defaults": {"manage_repo": "true", "mod_id": "undef", "mod_lib": "undef", "mod_lib_path": "undef", "mod_package": "undef", "mod_package_ensure": "undef", "mod_path": "undef", "passenger_allow_encoded_slashes": "undef", "passenger_anonymous_telemetry_proxy": "undef", "passenger_app_env": "undef", "passenger_app_group_name": "undef", "passenger_app_root": "undef", "passenger_app_type": "undef", "passenger_base_uri": "undef", "passenger_buffer_response": "undef", "passenger_buffer_upload": "undef", "passenger_concurrency_model": "undef", "passenger_conf_file": "$apache::params::passenger_conf_file", "passenger_conf_package_file": "$apache::params::passenger_conf_package_file", "passenger_data_buffer_dir": "undef", "passenger_debug_log_file": "undef", "passenger_debugger": "undef", "passenger_default_group": "undef", "passenger_default_ruby": "$apache::params::passenger_default_ruby", "passenger_default_user": "undef", "passenger_disable_anonymous_telemetry": "undef", "passenger_disable_log_prefix": "undef", "passenger_disable_security_update_check": "undef", "passenger_enabled": "undef", "passenger_error_override": "undef", "passenger_file_descriptor_log_file": "undef", "passenger_fly_with": "undef", "passenger_force_max_concurrent_requests_per_process": "undef", "passenger_friendly_error_pages": "undef", "passenger_group": "undef", "passenger_high_performance": "undef", "passenger_installed_version": "undef", "passenger_instance_registry_dir": "undef", "passenger_load_shell_envvars": "undef", "passenger_log_file": "undef", "passenger_log_level": "undef", "passenger_lve_min_uid": "undef", "passenger_max_instances": "undef", "passenger_max_instances_per_app": "undef", "passenger_max_pool_size": "undef", "passenger_max_preloader_idle_time": "undef", "passenger_max_request_queue_size": "undef", "passenger_max_request_time": "undef", "passenger_max_requests": "undef", "passenger_memory_limit": "undef", "passenger_meteor_app_settings": "undef", "passenger_min_instances": "undef", "passenger_nodejs": "undef", "passenger_pool_idle_time": "undef", "passenger_pre_start": "undef", "passenger_python": "undef", "passenger_resist_deployment_errors": "undef", "passenger_resolve_symlinks_in_document_root": "undef", "passenger_response_buffer_high_watermark": "undef", "passenger_restart_dir": "undef", "passenger_rolling_restarts": "undef", "passenger_root": "$apache::params::passenger_root", "passenger_ruby": "$apache::params::passenger_ruby", "passenger_security_update_check_proxy": "undef", "passenger_show_version_in_header": "undef", "passenger_socket_backlog": "undef", "passenger_spawn_dir": "undef", "passenger_spawn_method": "undef", "passenger_start_timeout": "undef", "passenger_startup_file": "undef", "passenger_stat_throttle_rate": "undef", "passenger_sticky_sessions": "undef", "passenger_sticky_sessions_cookie_name": "undef", "passenger_sticky_sessions_cookie_attributes": "undef", "passenger_thread_count": "undef", "passenger_use_global_queue": "undef", "passenger_user": "undef", "passenger_user_switching": "undef", "rack_auto_detect": "undef", "rack_autodetect": "undef", "rack_base_uri": "undef", "rack_env": "undef", "rails_allow_mod_rewrite": "undef", "rails_app_spawner_idle_time": "undef", "rails_auto_detect": "undef", "rails_autodetect": "undef", "rails_base_uri": "undef", "rails_default_user": "undef", "rails_env": "undef", "rails_framework_spawner_idle_time": "undef", "rails_ruby": "undef", "rails_spawn_method": "undef", "rails_user_switching": "undef", "wsgi_auto_detect": "undef"}, "source": "class apache::mod::passenger (\n $manage_repo = true,\n $mod_id = undef,\n $mod_lib = undef,\n $mod_lib_path = undef,\n $mod_package = undef,\n $mod_package_ensure = undef,\n $mod_path = undef,\n $passenger_allow_encoded_slashes = undef,\n Optional[String] $passenger_anonymous_telemetry_proxy = undef,\n $passenger_app_env = undef,\n $passenger_app_group_name = undef,\n $passenger_app_root = undef,\n $passenger_app_type = undef,\n $passenger_base_uri = undef,\n $passenger_buffer_response = undef,\n $passenger_buffer_upload = undef,\n $passenger_concurrency_model = undef,\n $passenger_conf_file = $apache::params::passenger_conf_file,\n $passenger_conf_package_file = $apache::params::passenger_conf_package_file,\n $passenger_data_buffer_dir = undef,\n $passenger_debug_log_file = undef,\n $passenger_debugger = undef,\n $passenger_default_group = undef,\n $passenger_default_ruby = $apache::params::passenger_default_ruby,\n $passenger_default_user = undef,\n Optional[Boolean] $passenger_disable_anonymous_telemetry = undef,\n Optional[Boolean] $passenger_disable_log_prefix = undef,\n $passenger_disable_security_update_check = undef,\n $passenger_enabled = undef,\n $passenger_error_override = undef,\n $passenger_file_descriptor_log_file = undef,\n $passenger_fly_with = undef,\n $passenger_force_max_concurrent_requests_per_process = undef,\n $passenger_friendly_error_pages = undef,\n $passenger_group = undef,\n $passenger_high_performance = undef,\n $passenger_installed_version = undef,\n $passenger_instance_registry_dir = undef,\n $passenger_load_shell_envvars = undef,\n Optional[Stdlib::Absolutepath] $passenger_log_file = undef,\n $passenger_log_level = undef,\n $passenger_lve_min_uid = undef,\n $passenger_max_instances = undef,\n $passenger_max_instances_per_app = undef,\n $passenger_max_pool_size = undef,\n $passenger_max_preloader_idle_time = undef,\n $passenger_max_request_queue_size = undef,\n $passenger_max_request_time = undef,\n $passenger_max_requests = undef,\n $passenger_memory_limit = undef,\n $passenger_meteor_app_settings = undef,\n $passenger_min_instances = undef,\n $passenger_nodejs = undef,\n $passenger_pool_idle_time = undef,\n Optional[Variant[String,Array[String]]] $passenger_pre_start = undef,\n $passenger_python = undef,\n $passenger_resist_deployment_errors = undef,\n $passenger_resolve_symlinks_in_document_root = undef,\n $passenger_response_buffer_high_watermark = undef,\n $passenger_restart_dir = undef,\n $passenger_rolling_restarts = undef,\n $passenger_root = $apache::params::passenger_root,\n $passenger_ruby = $apache::params::passenger_ruby,\n $passenger_security_update_check_proxy = undef,\n $passenger_show_version_in_header = undef,\n $passenger_socket_backlog = undef,\n Optional[String] $passenger_spawn_dir = undef,\n Optional[Enum['smart', 'direct', 'smart-lv2', 'conservative']] $passenger_spawn_method = undef,\n $passenger_start_timeout = undef,\n $passenger_startup_file = undef,\n $passenger_stat_throttle_rate = undef,\n $passenger_sticky_sessions = undef,\n $passenger_sticky_sessions_cookie_name = undef,\n Optional[String] $passenger_sticky_sessions_cookie_attributes = undef,\n $passenger_thread_count = undef,\n $passenger_use_global_queue = undef,\n $passenger_user = undef,\n $passenger_user_switching = undef,\n $rack_auto_detect = undef,\n $rack_autodetect = undef,\n $rack_base_uri = undef,\n $rack_env = undef,\n $rails_allow_mod_rewrite = undef,\n $rails_app_spawner_idle_time = undef,\n $rails_auto_detect = undef,\n $rails_autodetect = undef,\n $rails_base_uri = undef,\n $rails_default_user = undef,\n $rails_env = undef,\n $rails_framework_spawner_idle_time = undef,\n $rails_ruby = undef,\n $rails_spawn_method = undef,\n $rails_user_switching = undef,\n $wsgi_auto_detect = undef,\n) inherits ::apache::params {\n include apache\n if $passenger_installed_version {\n if $passenger_allow_encoded_slashes {\n if (versioncmp($passenger_installed_version, '4.0.0') < 0) {\n fail(\"Passenger config option :: passenger_allow_encoded_slashes is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_anonymous_telemetry_proxy {\n if (versioncmp($passenger_installed_version, '6.0.0') < 0) {\n fail(\"Passenger config option :: passenger_anonymous_telemetry_proxy is not introduced until version 6.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_app_env {\n if (versioncmp($passenger_installed_version, '4.0.0') < 0) {\n fail(\"Passenger config option :: passenger_app_env is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_app_group_name {\n if (versioncmp($passenger_installed_version, '4.0.0') < 0) {\n fail(\"Passenger config option :: passenger_app_group_name is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_app_root {\n if (versioncmp($passenger_installed_version, '4.0.0') < 0) {\n fail(\"Passenger config option :: passenger_app_root is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_app_type {\n if (versioncmp($passenger_installed_version, '4.0.25') < 0) {\n fail(\"Passenger config option :: passenger_app_type is not introduced until version 4.0.25 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_base_uri {\n if (versioncmp($passenger_installed_version, '4.0.0') < 0) {\n fail(\"Passenger config option :: passenger_base_uri is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_buffer_response {\n if (versioncmp($passenger_installed_version, '4.0.0') < 0) {\n fail(\"Passenger config option :: passenger_buffer_response is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_buffer_upload {\n if (versioncmp($passenger_installed_version, '4.0.26') < 0) {\n fail(\"Passenger config option :: passenger_buffer_upload is not introduced until version 4.0.26 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_concurrency_model {\n if (versioncmp($passenger_installed_version, '4.0.0') < 0) {\n fail(\"Passenger config option :: passenger_concurrency_model is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_data_buffer_dir {\n if (versioncmp($passenger_installed_version, '5.0.0') < 0) {\n fail(\"Passenger config option :: passenger_data_buffer_dir is not introduced until version 5.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_debug_log_file {\n if (versioncmp($passenger_installed_version, '5.0.5') > 0) {\n warning('DEPRECATED PASSENGER OPTION :: passenger_debug_log_file :: This option has been renamed in version 5.0.5 to PassengerLogFile.')\n }\n }\n if $passenger_debugger {\n if (versioncmp($passenger_installed_version, '3.0.0') < 0) {\n fail(\"Passenger config option :: passenger_debugger is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_default_group {\n if (versioncmp($passenger_installed_version, '3.0.0') < 0) {\n fail(\"Passenger config option :: passenger_default_group is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_default_ruby {\n if (versioncmp($passenger_installed_version, '4.0.0') < 0) {\n fail(\"Passenger config option :: passenger_default_ruby is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_default_user {\n if (versioncmp($passenger_installed_version, '3.0.0') < 0) {\n fail(\"Passenger config option :: passenger_default_user is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_disable_anonymous_telemetry {\n if (versioncmp($passenger_installed_version, '6.0.0') < 0) {\n fail(\"Passenger config option :: passenger_disable_anonymous_telemetry is not introduced until version 6.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_disable_log_prefix {\n if (versioncmp($passenger_installed_version, '6.0.2') < 0) {\n fail(\"Passenger config option :: passenger_disable_log_prefix is not introduced until version 6.0.2 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_disable_security_update_check {\n if (versioncmp($passenger_installed_version, '5.1.0') < 0) {\n fail(\"Passenger config option :: passenger_disable_security_update_check is not introduced until version 5.1.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_enabled {\n if (versioncmp($passenger_installed_version, '4.0.0') < 0) {\n fail(\"Passenger config option :: passenger_enabled is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_error_override {\n if (versioncmp($passenger_installed_version, '4.0.24') < 0) {\n fail(\"Passenger config option :: passenger_error_override is not introduced until version 4.0.24 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_file_descriptor_log_file {\n if (versioncmp($passenger_installed_version, '5.0.5') < 0) {\n fail(\"Passenger config option :: passenger_file_descriptor_log_file is not introduced until version 5.0.5 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_fly_with {\n if (versioncmp($passenger_installed_version, '4.0.45') < 0) {\n fail(\"Passenger config option :: passenger_fly_with is not introduced until version 4.0.45 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_force_max_concurrent_requests_per_process {\n if (versioncmp($passenger_installed_version, '5.0.22') < 0) {\n fail(\"Passenger config option :: passenger_force_max_concurrent_requests_per_process is not introduced until version 5.0.22 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_friendly_error_pages {\n if (versioncmp($passenger_installed_version, '4.0.42') < 0) {\n fail(\"Passenger config option :: passenger_friendly_error_pages is not introduced until version 4.0.42 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_group {\n if (versioncmp($passenger_installed_version, '4.0.0') < 0) {\n fail(\"Passenger config option :: passenger_group is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_high_performance {\n if (versioncmp($passenger_installed_version, '2.0.0') < 0) {\n fail(\"Passenger config option :: passenger_high_performance is not introduced until version 2.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_instance_registry_dir {\n if (versioncmp($passenger_installed_version, '5.0.0') < 0) {\n fail(\"Passenger config option :: passenger_instance_registry_dir is not introduced until version 5.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_load_shell_envvars {\n if (versioncmp($passenger_installed_version, '4.0.20') < 0) {\n fail(\"Passenger config option :: passenger_load_shell_envvars is not introduced until version 4.0.20 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_log_file {\n if (versioncmp($passenger_installed_version, '5.0.5') < 0) {\n fail(\"Passenger config option :: passenger_log_file is not introduced until version 5.0.5 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_log_level {\n if (versioncmp($passenger_installed_version, '3.0.0') < 0) {\n fail(\"Passenger config option :: passenger_log_level is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_lve_min_uid {\n if (versioncmp($passenger_installed_version, '5.0.28') < 0) {\n fail(\"Passenger config option :: passenger_lve_min_uid is not introduced until version 5.0.28 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_max_instances {\n if (versioncmp($passenger_installed_version, '3.0.0') < 0) {\n fail(\"Passenger config option :: passenger_max_instances is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_max_instances_per_app {\n if (versioncmp($passenger_installed_version, '3.0.0') < 0) {\n fail(\"Passenger config option :: passenger_max_instances_per_app is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_max_pool_size {\n if (versioncmp($passenger_installed_version, '1.0.0') < 0) {\n fail(\"Passenger config option :: passenger_max_pool_size is not introduced until version 1.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_max_preloader_idle_time {\n if (versioncmp($passenger_installed_version, '4.0.0') < 0) {\n fail(\"Passenger config option :: passenger_max_preloader_idle_time is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_max_request_queue_size {\n if (versioncmp($passenger_installed_version, '4.0.15') < 0) {\n fail(\"Passenger config option :: passenger_max_request_queue_size is not introduced until version 4.0.15 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_max_request_time {\n if (versioncmp($passenger_installed_version, '3.0.0') < 0) {\n fail(\"Passenger config option :: passenger_max_request_time is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_max_requests {\n if (versioncmp($passenger_installed_version, '3.0.0') < 0) {\n fail(\"Passenger config option :: passenger_max_requests is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_memory_limit {\n if (versioncmp($passenger_installed_version, '3.0.0') < 0) {\n fail(\"Passenger config option :: passenger_memory_limit is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_meteor_app_settings {\n if (versioncmp($passenger_installed_version, '5.0.7') < 0) {\n fail(\"Passenger config option :: passenger_meteor_app_settings is not introduced until version 5.0.7 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_min_instances {\n if (versioncmp($passenger_installed_version, '3.0.0') < 0) {\n fail(\"Passenger config option :: passenger_min_instances is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_nodejs {\n if (versioncmp($passenger_installed_version, '4.0.24') < 0) {\n fail(\"Passenger config option :: passenger_nodejs is not introduced until version 4.0.24 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_pool_idle_time {\n if (versioncmp($passenger_installed_version, '1.0.0') < 0) {\n fail(\"Passenger config option :: passenger_pool_idle_time is not introduced until version 1.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_pre_start {\n if (versioncmp($passenger_installed_version, '3.0.0') < 0) {\n fail(\"Passenger config option :: passenger_pre_start is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_python {\n if (versioncmp($passenger_installed_version, '4.0.0') < 0) {\n fail(\"Passenger config option :: passenger_python is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_resist_deployment_errors {\n if (versioncmp($passenger_installed_version, '3.0.0') < 0) {\n fail(\"Passenger config option :: passenger_resist_deployment_errors is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_resolve_symlinks_in_document_root {\n if (versioncmp($passenger_installed_version, '3.0.0') < 0) {\n fail(\"Passenger config option :: passenger_resolve_symlinks_in_document_root is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_response_buffer_high_watermark {\n if (versioncmp($passenger_installed_version, '5.0.0') < 0) {\n fail(\"Passenger config option :: passenger_response_buffer_high_watermark is not introduced until version 5.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_restart_dir {\n if (versioncmp($passenger_installed_version, '3.0.0') < 0) {\n fail(\"Passenger config option :: passenger_restart_dir is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_rolling_restarts {\n if (versioncmp($passenger_installed_version, '3.0.0') < 0) {\n fail(\"Passenger config option :: passenger_rolling_restarts is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_root {\n if (versioncmp($passenger_installed_version, '1.0.0') < 0) {\n fail(\"Passenger config option :: passenger_root is not introduced until version 1.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_ruby {\n if (versioncmp($passenger_installed_version, '4.0.0') < 0) {\n fail(\"Passenger config option :: passenger_ruby is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_security_update_check_proxy {\n if (versioncmp($passenger_installed_version, '5.1.0') < 0) {\n fail(\"Passenger config option :: passenger_security_update_check_proxy is not introduced until version 5.1.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_show_version_in_header {\n if (versioncmp($passenger_installed_version, '5.1.0') < 0) {\n fail(\"Passenger config option :: passenger_show_version_in_header is not introduced until version 5.1.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_socket_backlog {\n if (versioncmp($passenger_installed_version, '5.0.24') < 0) {\n fail(\"Passenger config option :: passenger_socket_backlog is not introduced until version 5.0.24 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_spawn_dir {\n if (versioncmp($passenger_installed_version, '6.0.3') < 0) {\n fail(\"Passenger config option :: passenger_spawn_dir is not introduced until version 6.0.3 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_spawn_method {\n if (versioncmp($passenger_installed_version, '2.0.0') < 0) {\n fail(\"Passenger config option :: passenger_spawn_method is not introduced until version 2.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_start_timeout {\n if (versioncmp($passenger_installed_version, '4.0.15') < 0) {\n fail(\"Passenger config option :: passenger_start_timeout is not introduced until version 4.0.15 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_startup_file {\n if (versioncmp($passenger_installed_version, '4.0.25') < 0) {\n fail(\"Passenger config option :: passenger_startup_file is not introduced until version 4.0.25 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_stat_throttle_rate {\n if (versioncmp($passenger_installed_version, '2.2.0') < 0) {\n fail(\"Passenger config option :: passenger_stat_throttle_rate is not introduced until version 2.2.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_sticky_sessions {\n if (versioncmp($passenger_installed_version, '4.0.45') < 0) {\n fail(\"Passenger config option :: passenger_sticky_sessions is not introduced until version 4.0.45 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_sticky_sessions_cookie_name {\n if (versioncmp($passenger_installed_version, '4.0.45') < 0) {\n fail(\"Passenger config option :: passenger_sticky_sessions_cookie_name is not introduced until version 4.0.45 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_sticky_sessions_cookie_attributes {\n if (versioncmp($passenger_installed_version, '6.0.5') < 0) {\n fail(\"Passenger config option :: passenger_sticky_sessions_cookie_attributes is not introduced until version 6.0.5 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_thread_count {\n if (versioncmp($passenger_installed_version, '4.0.0') < 0) {\n fail(\"Passenger config option :: passenger_thread_count is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_use_global_queue {\n if (versioncmp($passenger_installed_version, '4.0.0') > 0) {\n fail('REMOVED PASSENGER OPTION :: passenger_use_global_queue :: -- no message on the current passenger reference webpage -- ')\n }\n if (versioncmp($passenger_installed_version, '2.0.4') < 0) {\n fail(\"Passenger config option :: passenger_use_global_queue is not introduced until version 2.0.4 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_user {\n if (versioncmp($passenger_installed_version, '4.0.0') < 0) {\n fail(\"Passenger config option :: passenger_user is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $passenger_user_switching {\n if (versioncmp($passenger_installed_version, '3.0.0') < 0) {\n fail(\"Passenger config option :: passenger_user_switching is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if ($rack_auto_detect or $rack_autodetect) {\n if (versioncmp($passenger_installed_version, '4.0.0') > 0) {\n fail('REMOVED PASSENGER OPTION :: rack_auto_detect :: These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.')\n }\n }\n if $rack_base_uri {\n if (versioncmp($passenger_installed_version, '3.0.0') > 0) {\n warning('DEPRECATED PASSENGER OPTION :: rack_base_uri :: Deprecated in 3.0.0 in favor of PassengerBaseURI.')\n }\n }\n if $rack_env {\n if (versioncmp($passenger_installed_version, '2.0.0') < 0) {\n fail(\"Passenger config option :: rack_env is not introduced until version 2.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $rails_allow_mod_rewrite {\n if (versioncmp($passenger_installed_version, '4.0.0') > 0) {\n warning(\"DEPRECATED PASSENGER OPTION :: rails_allow_mod_rewrite :: This option doesn't do anything anymore in since version 4.0.0.\")\n }\n }\n if $rails_app_spawner_idle_time {\n if (versioncmp($passenger_installed_version, '4.0.0') > 0) {\n fail('REMOVED PASSENGER OPTION :: rails_app_spawner_idle_time :: This option has been removed in version 4.0.0, and replaced with PassengerMaxPreloaderIdleTime.')\n }\n }\n if ($rails_auto_detect or $rails_autodetect) {\n if (versioncmp($passenger_installed_version, '4.0.0') > 0) {\n fail('REMOVED PASSENGER OPTION :: rails_auto_detect :: These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.')\n }\n }\n if $rails_base_uri {\n if (versioncmp($passenger_installed_version, '3.0.0') > 0) {\n warning('DEPRECATED PASSENGER OPTION :: rails_base_uri :: Deprecated in 3.0.0 in favor of PassengerBaseURI.')\n }\n }\n if $rails_default_user {\n if (versioncmp($passenger_installed_version, '3.0.0') > 0) {\n warning('DEPRECATED PASSENGER OPTION :: rails_default_user :: Deprecated in 3.0.0 in favor of PassengerDefaultUser.')\n }\n }\n if $rails_env {\n if (versioncmp($passenger_installed_version, '2.0.0') < 0) {\n fail(\"Passenger config option :: rails_env is not introduced until version 2.0.0 :: ${passenger_installed_version} is the version reported\")\n }\n }\n if $rails_framework_spawner_idle_time {\n if (versioncmp($passenger_installed_version, '4.0.0') > 0) {\n fail('REMOVED PASSENGER OPTION :: rails_framework_spawner_idle_time :: This option is no longer available in version 4.0.0. There is no alternative because framework spawning has been removed altogether. You should use smart spawning instead.')\n }\n }\n if $rails_ruby {\n if (versioncmp($passenger_installed_version, '3.0.0') > 0) {\n warning('DEPRECATED PASSENGER OPTION :: rails_ruby :: Deprecated in 3.0.0 in favor of PassengerRuby.')\n }\n }\n if $rails_spawn_method {\n if (versioncmp($passenger_installed_version, '3.0.0') > 0) {\n warning('DEPRECATED PASSENGER OPTION :: rails_spawn_method :: Deprecated in 3.0.0 in favor of PassengerSpawnMethod.')\n }\n }\n if $rails_user_switching {\n if (versioncmp($passenger_installed_version, '3.0.0') > 0) {\n warning('DEPRECATED PASSENGER OPTION :: rails_user_switching :: Deprecated in 3.0.0 in favor of PassengerUserSwitching.')\n }\n }\n if $wsgi_auto_detect {\n if (versioncmp($passenger_installed_version, '4.0.0') > 0) {\n fail('REMOVED PASSENGER OPTION :: wsgi_auto_detect :: These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.')\n }\n }\n }\n # Managed by the package, but declare it to avoid purging\n if $passenger_conf_package_file {\n file { 'passenger_package.conf':\n path => \"${apache::confd_dir}/${passenger_conf_package_file}\",\n }\n }\n\n $_package = $mod_package\n $_package_ensure = $mod_package_ensure\n $_lib = $mod_lib\n if $::osfamily == 'FreeBSD' {\n if $mod_lib_path {\n $_lib_path = $mod_lib_path\n } else {\n $_lib_path = \"${passenger_root}/buildout/apache2\"\n }\n } else {\n $_lib_path = $mod_lib_path\n }\n\n if $::osfamily == 'RedHat' and $manage_repo {\n if $::operatingsystem == 'Amazon' {\n if $::operatingsystemmajrelease == '2' {\n $baseurl = 'https://oss-binaries.phusionpassenger.com/yum/passenger/el/7/$basearch'\n } else {\n $baseurl = 'https://oss-binaries.phusionpassenger.com/yum/passenger/el/6/$basearch'\n }\n } else {\n $baseurl = 'https://oss-binaries.phusionpassenger.com/yum/passenger/el/$releasever/$basearch'\n }\n\n yumrepo { 'passenger':\n ensure => 'present',\n baseurl => $baseurl,\n descr => 'passenger',\n enabled => '1',\n gpgcheck => '0',\n gpgkey => 'https://oss-binaries.phusionpassenger.com/auto-software-signing-gpg-key.txt',\n repo_gpgcheck => '1',\n sslcacert => '/etc/pki/tls/certs/ca-bundle.crt',\n sslverify => '1',\n before => Apache::Mod['passenger'],\n }\n }\n\n unless ($::operatingsystem == 'SLES') {\n $_id = $mod_id\n $_path = $mod_path\n ::apache::mod { 'passenger':\n package => $_package,\n package_ensure => $_package_ensure,\n lib => $_lib,\n lib_path => $_lib_path,\n id => $_id,\n path => $_path,\n loadfile_name => 'zpassenger.load',\n }\n }\n\n # Template uses:\n # - $passenger_allow_encoded_slashes : since 4.0.0.\n # - $passenger_app_env : since 4.0.0.\n # - $passenger_app_group_name : since 4.0.0.\n # - $passenger_app_root : since 4.0.0.\n # - $passenger_app_type : since 4.0.25.\n # - $passenger_base_uri : since 4.0.0.\n # - $passenger_buffer_response : since 4.0.0.\n # - $passenger_buffer_upload : since 4.0.26.\n # - $passenger_concurrency_model : since 4.0.0.\n # - $passenger_data_buffer_dir : since 5.0.0.\n # - $passenger_debug_log_file : since unkown. Deprecated in 5.0.5.\n # - $passenger_debugger : since 3.0.0.\n # - $passenger_default_group : since 3.0.0.\n # - $passenger_default_ruby : since 4.0.0.\n # - $passenger_default_user : since 3.0.0.\n # - $passenger_disable_security_update_check : since 5.1.0.\n # - $passenger_enabled : since 4.0.0.\n # - $passenger_error_override : since 4.0.24.\n # - $passenger_file_descriptor_log_file : since 5.0.5.\n # - $passenger_fly_with : since 4.0.45.\n # - $passenger_force_max_concurrent_requests_per_process : since 5.0.22.\n # - $passenger_friendly_error_pages : since 4.0.42.\n # - $passenger_group : since 4.0.0.\n # - $passenger_high_performance : since 2.0.0.\n # - $passenger_instance_registry_dir : since 5.0.0.\n # - $passenger_load_shell_envvars : since 4.0.20.\n # - $passenger_log_file : since 5.0.5.\n # - $passenger_log_level : since 3.0.0.\n # - $passenger_lve_min_uid : since 5.0.28.\n # - $passenger_max_instances : since 3.0.0.\n # - $passenger_max_instances_per_app : since 3.0.0.\n # - $passenger_max_pool_size : since 1.0.0.\n # - $passenger_max_preloader_idle_time : since 4.0.0.\n # - $passenger_max_request_queue_size : since 4.0.15.\n # - $passenger_max_request_time : since 3.0.0.\n # - $passenger_max_requests : since 3.0.0.\n # - $passenger_memory_limit : since 3.0.0.\n # - $passenger_meteor_app_settings : since 5.0.7.\n # - $passenger_min_instances : since 3.0.0.\n # - $passenger_nodejs : since 4.0.24.\n # - $passenger_pool_idle_time : since 1.0.0.\n # - $passenger_pre_start : since 3.0.0.\n # - $passenger_python : since 4.0.0.\n # - $passenger_resist_deployment_errors : since 3.0.0.\n # - $passenger_resolve_symlinks_in_document_root : since 3.0.0.\n # - $passenger_response_buffer_high_watermark : since 5.0.0.\n # - $passenger_restart_dir : since 3.0.0.\n # - $passenger_rolling_restarts : since 3.0.0.\n # - $passenger_root : since 1.0.0.\n # - $passenger_ruby : since 4.0.0.\n # - $passenger_security_update_check_proxy : since 5.1.0.\n # - $passenger_show_version_in_header : since 5.1.0.\n # - $passenger_socket_backlog : since 5.0.24.\n # - $passenger_spawn_method : since 2.0.0.\n # - $passenger_start_timeout : since 4.0.15.\n # - $passenger_startup_file : since 4.0.25.\n # - $passenger_stat_throttle_rate : since 2.2.0.\n # - $passenger_sticky_sessions : since 4.0.45.\n # - $passenger_sticky_sessions_cookie_name : since 4.0.45.\n # - $passenger_thread_count : since 4.0.0.\n # - $passenger_use_global_queue : since 2.0.4.Deprecated in 4.0.0.\n # - $passenger_user : since 4.0.0.\n # - $passenger_user_switching : since 3.0.0.\n # - $rack_auto_detect : since unkown. Deprecated in 4.0.0.\n # - $rack_base_uri : since unkown. Deprecated in 3.0.0.\n # - $rack_env : since 2.0.0.\n # - $rails_allow_mod_rewrite : since unkown. Deprecated in 4.0.0.\n # - $rails_app_spawner_idle_time : since unkown. Deprecated in 4.0.0.\n # - $rails_auto_detect : since unkown. Deprecated in 4.0.0.\n # - $rails_base_uri : since unkown. Deprecated in 3.0.0.\n # - $rails_default_user : since unkown. Deprecated in 3.0.0.\n # - $rails_env : since 2.0.0.\n # - $rails_framework_spawner_idle_time : since unkown. Deprecated in 4.0.0.\n # - $rails_ruby : since unkown. Deprecated in 3.0.0.\n # - $rails_spawn_method : since unkown. Deprecated in 3.0.0.\n # - $rails_user_switching : since unkown. Deprecated in 3.0.0.\n # - $wsgi_auto_detect : since unkown. Deprecated in 4.0.0.\n # - $rails_autodetect : this options is only for backward compatiblity with older versions of this class\n # - $rack_autodetect : this options is only for backward compatiblity with older versions of this class\n file { 'passenger.conf':\n ensure => file,\n path => \"${apache::mod_dir}/${passenger_conf_file}\",\n content => template('apache/mod/passenger.conf.erb'),\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n}"}, {"name": "apache::mod::perl", "file": "manifests/mod/perl.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "see", "text": "for additional documentation.", "name": "https://perl.apache.org"}, {"tag_name": "summary", "text": "Installs `mod_perl`."}]}, "source": "class apache::mod::perl {\n include apache\n ::apache::mod { 'perl': }\n}"}, {"name": "apache::mod::peruser", "file": "manifests/mod/peruser.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "minspareprocessors"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "minprocessors"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "maxprocessors"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "maxclients"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "maxrequestsperchild"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "idletimeout"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "expiretimeout"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "keepalive"}, {"tag_name": "summary", "text": "Installs `mod_peruser`."}, {"tag_name": "todo", "text": "Add docs"}]}, "defaults": {"minspareprocessors": "'2'", "minprocessors": "'2'", "maxprocessors": "'10'", "maxclients": "'150'", "maxrequestsperchild": "'1000'", "idletimeout": "'120'", "expiretimeout": "'120'", "keepalive": "'Off'"}, "source": "class apache::mod::peruser (\n $minspareprocessors = '2',\n $minprocessors = '2',\n $maxprocessors = '10',\n $maxclients = '150',\n $maxrequestsperchild = '1000',\n $idletimeout = '120',\n $expiretimeout = '120',\n $keepalive = 'Off',\n) {\n include apache\n case $::osfamily {\n 'freebsd' : {\n fail(\"Unsupported osfamily ${::osfamily}\")\n }\n default: {\n if $::osfamily == 'gentoo' {\n ::portage::makeconf { 'apache2_mpms':\n content => 'peruser',\n }\n }\n\n if defined(Class['apache::mod::event']) {\n fail('May not include both apache::mod::peruser and apache::mod::event on the same node')\n }\n if defined(Class['apache::mod::itk']) {\n fail('May not include both apache::mod::peruser and apache::mod::itk on the same node')\n }\n if defined(Class['apache::mod::prefork']) {\n fail('May not include both apache::mod::peruser and apache::mod::prefork on the same node')\n }\n if defined(Class['apache::mod::worker']) {\n fail('May not include both apache::mod::peruser and apache::mod::worker on the same node')\n }\n File {\n owner => 'root',\n group => $apache::params::root_group,\n mode => $apache::file_mode,\n }\n\n $mod_dir = $apache::mod_dir\n\n # Template uses:\n # - $minspareprocessors\n # - $minprocessors\n # - $maxprocessors\n # - $maxclients\n # - $maxrequestsperchild\n # - $idletimeout\n # - $expiretimeout\n # - $keepalive\n # - $mod_dir\n file { \"${apache::mod_dir}/peruser.conf\":\n ensure => file,\n mode => $apache::file_mode,\n content => template('apache/mod/peruser.conf.erb'),\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n file { \"${apache::mod_dir}/peruser\":\n ensure => directory,\n require => File[$apache::mod_dir],\n }\n file { \"${apache::mod_dir}/peruser/multiplexers\":\n ensure => directory,\n require => File[\"${apache::mod_dir}/peruser\"],\n }\n file { \"${apache::mod_dir}/peruser/processors\":\n ensure => directory,\n require => File[\"${apache::mod_dir}/peruser\"],\n }\n\n ::apache::peruser::multiplexer { '01-default': }\n }\n }\n}"}, {"name": "apache::mod::php", "file": "manifests/mod/php.pp", "line": 6, "inherits": "apache::params", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "package_name"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "package_ensure"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "path"}, {"tag_name": "param", "text": "", "types": ["Array"], "name": "extensions"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "content"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "template"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "source"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "root_group"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "php_version"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "libphp_prefix"}, {"tag_name": "summary", "text": "Installs `mod_php`."}, {"tag_name": "todo", "text": "Add docs"}]}, "defaults": {"package_name": "undef", "package_ensure": "'present'", "path": "undef", "extensions": "['.php']", "content": "undef", "template": "'apache/mod/php.conf.erb'", "source": "undef", "root_group": "$apache::params::root_group", "php_version": "$apache::params::php_version", "libphp_prefix": "'libphp'"}, "source": "class apache::mod::php (\n $package_name = undef,\n $package_ensure = 'present',\n $path = undef,\n Array $extensions = ['.php'],\n $content = undef,\n $template = 'apache/mod/php.conf.erb',\n $source = undef,\n $root_group = $apache::params::root_group,\n $php_version = $apache::params::php_version,\n $libphp_prefix = 'libphp'\n) inherits apache::params {\n include apache\n if (versioncmp($php_version, '8') < 0) {\n $mod = \"php${php_version}\"\n } else {\n $mod = 'php'\n }\n\n if $apache::version::scl_httpd_version == undef and $apache::version::scl_php_version != undef {\n fail('If you define apache::version::scl_php_version, you also need to specify apache::version::scl_httpd_version')\n }\n if defined(Class['::apache::mod::prefork']) {\n Class['::apache::mod::prefork']->File[\"${mod}.conf\"]\n }\n elsif defined(Class['::apache::mod::itk']) {\n Class['::apache::mod::itk']->File[\"${mod}.conf\"]\n }\n else {\n fail('apache::mod::php requires apache::mod::prefork or apache::mod::itk; please enable mpm_module => \\'prefork\\' or mpm_module => \\'itk\\' on Class[\\'apache\\']')\n }\n\n if $source and ($content or $template != 'apache/mod/php.conf.erb') {\n warning('source and content or template parameters are provided. source parameter will be used')\n } elsif $content and $template != 'apache/mod/php.conf.erb' {\n warning('content and template parameters are provided. content parameter will be used')\n }\n\n $manage_content = $source ? {\n undef => $content ? {\n undef => template($template),\n default => $content,\n },\n default => undef,\n }\n\n # Determine if we have a package\n $mod_packages = $apache::mod_packages\n if $package_name {\n $_package_name = $package_name\n } elsif has_key($mod_packages, $mod) { # 2.6 compatibility hack\n $_package_name = $mod_packages[$mod]\n } elsif has_key($mod_packages, 'phpXXX') { # 2.6 compatibility hack\n $_package_name = regsubst($mod_packages['phpXXX'], 'XXX', $php_version)\n } else {\n $_package_name = undef\n }\n\n $_php_major = regsubst($php_version, '^(\\d+)\\..*$', '\\1')\n $_php_version_no_dot = regsubst($php_version, '\\.', '')\n if $apache::version::scl_httpd_version {\n $_lib = \"librh-php${_php_version_no_dot}-php${_php_major}.so\"\n } else {\n # Controls php version and libphp prefix\n $_lib = $_php_major ? {\n '8' => \"${libphp_prefix}.so\",\n default => \"${libphp_prefix}${php_version}.so\",\n }\n }\n $_module_id = $_php_major ? {\n '5' => 'php5_module',\n '7' => 'php7_module',\n default => 'php_module',\n }\n\n if $::operatingsystem == 'SLES' {\n ::apache::mod { $mod:\n package => $_package_name,\n package_ensure => $package_ensure,\n lib => \"mod_${mod}.so\",\n id => $_module_id,\n path => \"${apache::lib_path}/mod_${mod}.so\",\n }\n } else {\n ::apache::mod { $mod:\n package => $_package_name,\n package_ensure => $package_ensure,\n lib => $_lib,\n id => $_module_id,\n path => $path,\n }\n }\n\n include apache::mod::mime\n include apache::mod::dir\n Class['::apache::mod::mime'] -> Class['::apache::mod::dir'] -> Class['::apache::mod::php']\n\n # Template uses $extensions\n file { \"${mod}.conf\":\n ensure => file,\n path => \"${apache::mod_dir}/${mod}.conf\",\n owner => 'root',\n group => $root_group,\n mode => $apache::file_mode,\n content => $manage_content,\n source => $source,\n require => [\n Exec[\"mkdir ${apache::mod_dir}\"],\n ],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n}"}, {"name": "apache::mod::prefork", "file": "manifests/mod/prefork.pp", "line": 36, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Number of child server processes created at startup.", "types": ["Any"], "name": "startservers"}, {"tag_name": "param", "text": "Minimum number of idle child server processes.", "types": ["Any"], "name": "minspareservers"}, {"tag_name": "param", "text": "Maximum number of idle child server processes.", "types": ["Any"], "name": "maxspareservers"}, {"tag_name": "param", "text": "Upper limit on configurable number of processes.", "types": ["Any"], "name": "serverlimit"}, {"tag_name": "param", "text": "Old alias for MaxRequestWorkers.", "types": ["Any"], "name": "maxclients"}, {"tag_name": "param", "text": "Maximum number of connections that will be processed simultaneously.", "types": ["Any"], "name": "maxrequestworkers"}, {"tag_name": "param", "text": "Old alias for MaxConnectionsPerChild.", "types": ["Any"], "name": "maxrequestsperchild"}, {"tag_name": "param", "text": "Limit on the number of connections that an individual child server will handle during its life.", "types": ["Any"], "name": "maxconnectionsperchild"}, {"tag_name": "param", "text": "Used to verify that the Apache version you have requested is compatible with the module.", "types": ["Any"], "name": "apache_version"}, {"tag_name": "param", "text": "Maximum length of the queue of pending connections.", "types": ["Any"], "name": "listenbacklog"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/prefork.html"}, {"tag_name": "summary", "text": "Installs and configures MPM `prefork`."}]}, "defaults": {"startservers": "'8'", "minspareservers": "'5'", "maxspareservers": "'20'", "serverlimit": "'256'", "maxclients": "'256'", "maxrequestworkers": "undef", "maxrequestsperchild": "'4000'", "maxconnectionsperchild": "undef", "apache_version": "undef", "listenbacklog": "'511'"}, "source": "class apache::mod::prefork (\n $startservers = '8',\n $minspareservers = '5',\n $maxspareservers = '20',\n $serverlimit = '256',\n $maxclients = '256',\n $maxrequestworkers = undef,\n $maxrequestsperchild = '4000',\n $maxconnectionsperchild = undef,\n $apache_version = undef,\n $listenbacklog = '511'\n) {\n include apache\n $_apache_version = pick($apache_version, $apache::apache_version)\n if defined(Class['apache::mod::event']) {\n fail('May not include both apache::mod::prefork and apache::mod::event on the same node')\n }\n if versioncmp($_apache_version, '2.4') < 0 {\n if defined(Class['apache::mod::itk']) {\n fail('May not include both apache::mod::prefork and apache::mod::itk on the same node')\n }\n }\n if defined(Class['apache::mod::peruser']) {\n fail('May not include both apache::mod::prefork and apache::mod::peruser on the same node')\n }\n if defined(Class['apache::mod::worker']) {\n fail('May not include both apache::mod::prefork and apache::mod::worker on the same node')\n }\n\n if versioncmp($_apache_version, '2.3.13') < 0 {\n if $maxrequestworkers == undef {\n warning(\"For newer versions of Apache, \\$maxclients is deprecated, please use \\$maxrequestworkers.\")\n } elsif $maxconnectionsperchild == undef {\n warning(\"For newer versions of Apache, \\$maxrequestsperchild is deprecated, please use \\$maxconnectionsperchild.\")\n }\n }\n\n File {\n owner => 'root',\n group => $apache::params::root_group,\n mode => $apache::file_mode,\n }\n\n # Template uses:\n # - $startservers\n # - $minspareservers\n # - $maxspareservers\n # - $serverlimit\n # - $maxclients\n # - $maxrequestworkers\n # - $maxrequestsperchild\n # - $maxconnectionsperchild\n file { \"${apache::mod_dir}/prefork.conf\":\n ensure => file,\n content => template('apache/mod/prefork.conf.erb'),\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n\n case $::osfamily {\n 'redhat': {\n if versioncmp($_apache_version, '2.4') >= 0 {\n ::apache::mpm { 'prefork':\n apache_version => $_apache_version,\n }\n }\n else {\n file_line { '/etc/sysconfig/httpd prefork enable':\n ensure => present,\n path => '/etc/sysconfig/httpd',\n line => '#HTTPD=/usr/sbin/httpd.worker',\n match => '#?HTTPD=/usr/sbin/httpd.worker',\n require => Package['httpd'],\n notify => Class['apache::service'],\n }\n }\n }\n 'debian', 'freebsd': {\n ::apache::mpm { 'prefork':\n apache_version => $_apache_version,\n }\n }\n 'Suse': {\n ::apache::mpm { 'prefork':\n apache_version => $apache_version,\n lib_path => '/usr/lib64/apache2-prefork',\n }\n }\n 'gentoo': {\n ::portage::makeconf { 'apache2_mpms':\n content => 'prefork',\n }\n }\n default: {\n fail(\"Unsupported osfamily ${::osfamily}\")\n }\n }\n}"}, {"name": "apache::mod::proxy", "file": "manifests/mod/proxy.pp", "line": 27, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Enables forward (standard) proxy requests.", "types": ["Any"], "name": "proxy_requests"}, {"tag_name": "param", "text": "List of IPs allowed to access proxy.", "types": ["Any"], "name": "allow_from"}, {"tag_name": "param", "text": "Used to verify that the Apache version you have requested is compatible with the module.", "types": ["Any"], "name": "apache_version"}, {"tag_name": "param", "text": "Name of the proxy package to install.", "types": ["Any"], "name": "package_name"}, {"tag_name": "param", "text": "Set local IP address for outgoing proxy connections.", "types": ["Any"], "name": "proxy_via"}, {"tag_name": "param", "text": "Network timeout for proxied requests.", "types": ["Any"], "name": "proxy_timeout"}, {"tag_name": "param", "text": "Set the size of internal data throughput buffer", "types": ["Any"], "name": "proxy_iobuffersize"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_proxy.html"}, {"tag_name": "summary", "text": "Installs and configures `mod_proxy`."}]}, "defaults": {"proxy_requests": "'Off'", "allow_from": "undef", "apache_version": "undef", "package_name": "undef", "proxy_via": "'On'", "proxy_timeout": "undef", "proxy_iobuffersize": "undef"}, "source": "class apache::mod::proxy (\n $proxy_requests = 'Off',\n $allow_from = undef,\n $apache_version = undef,\n $package_name = undef,\n $proxy_via = 'On',\n $proxy_timeout = undef,\n $proxy_iobuffersize = undef,\n) {\n include apache\n $_proxy_timeout = $apache::timeout\n $_apache_version = pick($apache_version, $apache::apache_version)\n ::apache::mod { 'proxy':\n package => $package_name,\n }\n # Template uses $proxy_requests, $_apache_version\n file { 'proxy.conf':\n ensure => file,\n path => \"${apache::mod_dir}/proxy.conf\",\n mode => $apache::file_mode,\n content => template('apache/mod/proxy.conf.erb'),\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n}"}, {"name": "apache::mod::proxy_ajp", "file": "manifests/mod/proxy_ajp.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_proxy_ajp.html"}, {"tag_name": "summary", "text": "Installs `mod_proxy_ajp`."}]}, "source": "class apache::mod::proxy_ajp {\n Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_ajp']\n ::apache::mod { 'proxy_ajp': }\n}"}, {"name": "apache::mod::proxy_balancer", "file": "manifests/mod/proxy_balancer.pp", "line": 18, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Toggle whether to enable balancer manager support.", "types": ["Boolean"], "name": "manager"}, {"tag_name": "param", "text": "Server relative path to balancer manager.", "name": "maanger_path"}, {"tag_name": "param", "text": "List of IPs from which the balancer manager can be accessed.", "types": ["Array"], "name": "allow_from"}, {"tag_name": "param", "text": "Version of Apache to install module on.", "types": ["Any"], "name": "apache_version"}, {"tag_name": "param", "text": "", "types": ["Stdlib::Absolutepath"], "name": "manager_path"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html"}, {"tag_name": "summary", "text": "Installs and configures `mod_proxy_balancer`."}]}, "defaults": {"manager": "false", "manager_path": "'/balancer-manager'", "allow_from": "['127.0.0.1','::1']", "apache_version": "$apache::apache_version"}, "source": "class apache::mod::proxy_balancer (\n Boolean $manager = false,\n Stdlib::Absolutepath $manager_path = '/balancer-manager',\n Array $allow_from = ['127.0.0.1','::1'],\n $apache_version = $apache::apache_version,\n) {\n include apache::mod::proxy\n include apache::mod::proxy_http\n if versioncmp($apache_version, '2.4') >= 0 {\n ::apache::mod { 'slotmem_shm': }\n }\n\n Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_balancer']\n Class['::apache::mod::proxy_http'] -> Class['::apache::mod::proxy_balancer']\n ::apache::mod { 'proxy_balancer': }\n if $manager {\n include apache::mod::status\n file { 'proxy_balancer.conf':\n ensure => file,\n path => \"${apache::mod_dir}/proxy_balancer.conf\",\n mode => $apache::file_mode,\n content => template('apache/mod/proxy_balancer.conf.erb'),\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n }\n}"}, {"name": "apache::mod::proxy_connect", "file": "manifests/mod/proxy_connect.pp", "line": 9, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Used to verify that the Apache version you have requested is compatible with the module.", "types": ["Any"], "name": "apache_version"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_proxy_connect.html"}, {"tag_name": "summary", "text": "Installs `mod_proxy_connect`."}]}, "defaults": {"apache_version": "undef"}, "source": "class apache::mod::proxy_connect (\n $apache_version = undef,\n) {\n include apache\n $_apache_version = pick($apache_version, $apache::apache_version)\n if versioncmp($_apache_version, '2.2') >= 0 {\n Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_connect']\n ::apache::mod { 'proxy_connect': }\n }\n}"}, {"name": "apache::mod::proxy_fcgi", "file": "manifests/mod/proxy_fcgi.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_proxy_fcgi.html"}, {"tag_name": "summary", "text": "Installs `mod_proxy_fcgi`."}]}, "source": "class apache::mod::proxy_fcgi {\n Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_fcgi']\n ::apache::mod { 'proxy_fcgi': }\n}"}, {"name": "apache::mod::proxy_html", "file": "manifests/mod/proxy_html.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_proxy_html.html"}, {"tag_name": "summary", "text": "Installs `mod_proxy_html`."}]}, "source": "class apache::mod::proxy_html {\n include apache\n Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_html']\n Class['::apache::mod::proxy_http'] -> Class['::apache::mod::proxy_html']\n\n # Add libxml2\n case $::osfamily {\n /RedHat|FreeBSD|Gentoo|Suse/: {\n ::apache::mod { 'xml2enc': }\n $loadfiles = undef\n }\n 'Debian': {\n $gnu_path = $::hardwaremodel ? {\n 'i686' => 'i386',\n default => $::hardwaremodel,\n }\n case $::operatingsystem {\n 'Ubuntu': {\n $loadfiles = $facts['operatingsystemmajrelease'] ? {\n '10' => ['/usr/lib/libxml2.so.2'],\n default => [\"/usr/lib/${gnu_path}-linux-gnu/libxml2.so.2\"],\n }\n }\n 'Debian': {\n $loadfiles = $facts['operatingsystemmajrelease'] ? {\n '6' => ['/usr/lib/libxml2.so.2'],\n default => [\"/usr/lib/${gnu_path}-linux-gnu/libxml2.so.2\"],\n }\n }\n default: {\n $loadfiles = [\"/usr/lib/${gnu_path}-linux-gnu/libxml2.so.2\"]\n }\n }\n if versioncmp($apache::apache_version, '2.4') >= 0 {\n ::apache::mod { 'xml2enc': }\n }\n }\n default: {}\n }\n\n ::apache::mod { 'proxy_html':\n loadfiles => $loadfiles,\n }\n\n # Template uses $icons_path\n file { 'proxy_html.conf':\n ensure => file,\n path => \"${apache::mod_dir}/proxy_html.conf\",\n mode => $apache::file_mode,\n content => template('apache/mod/proxy_html.conf.erb'),\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n}"}, {"name": "apache::mod::proxy_http", "file": "manifests/mod/proxy_http.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_proxy_http.html"}, {"tag_name": "summary", "text": "Installs `mod_proxy_http`."}]}, "source": "class apache::mod::proxy_http {\n Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_http']\n ::apache::mod { 'proxy_http': }\n}"}, {"name": "apache::mod::proxy_wstunnel", "file": "manifests/mod/proxy_wstunnel.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_proxy_wstunnel.html"}, {"tag_name": "summary", "text": "Installs `mod_proxy_wstunnel`."}]}, "source": "class apache::mod::proxy_wstunnel {\n include apache, apache::mod::proxy\n Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_wstunnel']\n ::apache::mod { 'proxy_wstunnel': }\n}"}, {"name": "apache::mod::python", "file": "manifests/mod/python.pp", "line": 9, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Sets the name of the configuration file that is used to load the python module.", "types": ["Optional[String]"], "name": "loadfile_name"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://github.com/grisha/mod_python"}, {"tag_name": "summary", "text": "Installs and configures `mod_python`."}]}, "defaults": {"loadfile_name": "undef"}, "source": "class apache::mod::python (\n Optional[String] $loadfile_name = undef,\n) {\n include apache\n ::apache::mod { 'python':\n loadfile_name => $loadfile_name,\n }\n}"}, {"name": "apache::mod::remoteip", "file": "manifests/mod/remoteip.pp", "line": 56, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The header field in which `mod_remoteip` will look for the useragent IP.", "types": ["String"], "name": "header"}, {"tag_name": "param", "text": "A list of IP addresses, IP blocks or hostname that are trusted to set a\nvalid value inside specified header. Unlike the `$trusted_proxy_ips`\nparameter, any IP address (including private addresses) presented by these\nproxies will trusted by `mod_remoteip`.", "types": ["Optional[Array[Variant[Stdlib::Host,Stdlib::IP::Address]]]"], "name": "internal_proxy"}, {"tag_name": "param", "text": "*Deprecated*: use `$internal_proxy` instead.", "types": ["Optional[Array[Variant[Stdlib::Host,Stdlib::IP::Address]]]"], "name": "proxy_ips"}, {"tag_name": "param", "text": "The path to a file containing a list of IP addresses, IP blocks or hostname\nthat are trusted to set a valid value inside the specified header. See\n`$internal_proxy` for details.", "types": ["Optional[Stdlib::Absolutepath]"], "name": "internal_proxy_list"}, {"tag_name": "param", "text": "A header into which `mod_remoteip` will collect a list of all of the\nintermediate client IP addresses trusted to resolve the useragent IP of the\nrequest (e.g. `X-Forwarded-By`).", "types": ["Optional[String]"], "name": "proxies_header"}, {"tag_name": "param", "text": "Wether or not to enable the PROXY protocol header handling. If enabled\nupstream clients must set the header every time they open a connection.", "types": ["Boolean"], "name": "proxy_protocol"}, {"tag_name": "param", "text": "A list of IP address or IP blocks that are not required to use the PROXY\nprotocol.", "types": ["Optional[Array[Variant[Stdlib::Host,Stdlib::IP::Address]]]"], "name": "proxy_protocol_exceptions"}, {"tag_name": "param", "text": "A list of IP addresses, IP blocks or hostname that are trusted to set a\nvalid value inside the specified header. Unlike the `$proxy_ips` parameter,\nany private IP presented by these proxies will be disgarded by\n`mod_remoteip`.", "types": ["Optional[Array[Stdlib::Host]]"], "name": "trusted_proxy"}, {"tag_name": "param", "text": "*Deprecated*: use `$trusted_proxy` instead.", "types": ["Optional[Array[Stdlib::Host]]"], "name": "trusted_proxy_ips"}, {"tag_name": "param", "text": "The path to a file containing a list of IP addresses, IP blocks or hostname\nthat are trusted to set a valid value inside the specified header. See\n`$trusted_proxy` for details.", "types": ["Optional[Stdlib::Absolutepath]"], "name": "trusted_proxy_list"}, {"tag_name": "param", "text": "A version string used to validate that your apache version supports\n`mod_remoteip`. If not specified, `$::apache::apache_version` is used.", "types": ["Optional[String]"], "name": "apache_version"}, {"tag_name": "see", "name": "https://httpd.apache.org/docs/current/mod/mod_remoteip.html"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_remoteip.html"}, {"tag_name": "summary", "text": "Installs and configures `mod_remoteip`."}]}, "defaults": {"header": "'X-Forwarded-For'", "internal_proxy": "undef", "proxy_ips": "undef", "internal_proxy_list": "undef", "proxies_header": "undef", "proxy_protocol": "false", "proxy_protocol_exceptions": "undef", "trusted_proxy": "undef", "trusted_proxy_ips": "undef", "trusted_proxy_list": "undef", "apache_version": "undef"}, "source": "class apache::mod::remoteip (\n String $header = 'X-Forwarded-For',\n Optional[Array[Variant[Stdlib::Host,Stdlib::IP::Address]]] $internal_proxy = undef,\n Optional[Array[Variant[Stdlib::Host,Stdlib::IP::Address]]] $proxy_ips = undef,\n Optional[Stdlib::Absolutepath] $internal_proxy_list = undef,\n Optional[String] $proxies_header = undef,\n Boolean $proxy_protocol = false,\n Optional[Array[Variant[Stdlib::Host,Stdlib::IP::Address]]] $proxy_protocol_exceptions = undef,\n Optional[Array[Stdlib::Host]] $trusted_proxy = undef,\n Optional[Array[Stdlib::Host]] $trusted_proxy_ips = undef,\n Optional[Stdlib::Absolutepath] $trusted_proxy_list = undef,\n Optional[String] $apache_version = undef,\n) {\n include apache\n\n $_apache_version = pick($apache_version, $apache::apache_version)\n if versioncmp($_apache_version, '2.4') < 0 {\n fail('mod_remoteip is only available in Apache 2.4')\n }\n\n if $proxy_ips {\n deprecation('apache::mod::remoteip::proxy_ips', 'This parameter is deprecated, please use `internal_proxy`.')\n $_internal_proxy = $proxy_ips\n } elsif $internal_proxy {\n $_internal_proxy = $internal_proxy\n } else {\n $_internal_proxy = ['127.0.0.1']\n }\n\n if $trusted_proxy_ips {\n deprecation('apache::mod::remoteip::trusted_proxy_ips', 'This parameter is deprecated, please use `trusted_proxy`.')\n $_trusted_proxy = $trusted_proxy_ips\n } else {\n $_trusted_proxy = $trusted_proxy\n }\n\n ::apache::mod { 'remoteip': }\n\n $template_parameters = {\n header => $header,\n internal_proxy => $_internal_proxy,\n internal_proxy_list => $internal_proxy_list,\n proxies_header => $proxies_header,\n proxy_protocol => $proxy_protocol,\n proxy_protocol_exceptions => $proxy_protocol_exceptions,\n trusted_proxy => $_trusted_proxy,\n trusted_proxy_list => $trusted_proxy_list,\n }\n\n file { 'remoteip.conf':\n ensure => file,\n path => \"${apache::mod_dir}/remoteip.conf\",\n mode => $apache::file_mode,\n content => epp('apache/mod/remoteip.conf.epp', $template_parameters),\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n}"}, {"name": "apache::mod::reqtimeout", "file": "manifests/mod/reqtimeout.pp", "line": 9, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "List of timeouts and data rates for receiving requests.", "types": ["Any"], "name": "timeouts"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_reqtimeout.html"}, {"tag_name": "summary", "text": "Installs and configures `mod_reqtimeout`."}]}, "defaults": {"timeouts": "['header=20-40,minrate=500', 'body=10,minrate=500']"}, "source": "class apache::mod::reqtimeout (\n $timeouts = ['header=20-40,minrate=500', 'body=10,minrate=500']\n) {\n include apache\n ::apache::mod { 'reqtimeout': }\n # Template uses no variables\n file { 'reqtimeout.conf':\n ensure => file,\n path => \"${apache::mod_dir}/reqtimeout.conf\",\n mode => $apache::file_mode,\n content => template('apache/mod/reqtimeout.conf.erb'),\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n}"}, {"name": "apache::mod::rewrite", "file": "manifests/mod/rewrite.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_rewrite.html"}, {"tag_name": "summary", "text": "Installs `mod_rewrite`."}]}, "source": "class apache::mod::rewrite {\n include apache::params\n ::apache::mod { 'rewrite': }\n}"}, {"name": "apache::mod::rpaf", "file": "manifests/mod/rpaf.pp", "line": 18, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Toggles whether to update vhost name so ServerName and ServerAlias work.", "types": ["Any"], "name": "sethostname"}, {"tag_name": "param", "text": "List of IPs & bitmasked subnets to adjust requests for", "types": ["Any"], "name": "proxy_ips"}, {"tag_name": "param", "text": "Header to use for the real IP address.", "types": ["Any"], "name": "header"}, {"tag_name": "param", "text": "Path to template to use for configuring mod_rpaf.", "types": ["Any"], "name": "template"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://github.com/gnif/mod_rpaf"}, {"tag_name": "summary", "text": "Installs and configures `mod_rpaf`."}]}, "defaults": {"sethostname": "true", "proxy_ips": "['127.0.0.1']", "header": "'X-Forwarded-For'", "template": "'apache/mod/rpaf.conf.erb'"}, "source": "class apache::mod::rpaf (\n $sethostname = true,\n $proxy_ips = ['127.0.0.1'],\n $header = 'X-Forwarded-For',\n $template = 'apache/mod/rpaf.conf.erb'\n) {\n include apache\n ::apache::mod { 'rpaf': }\n\n # Template uses:\n # - $sethostname\n # - $proxy_ips\n # - $header\n file { 'rpaf.conf':\n ensure => file,\n path => \"${apache::mod_dir}/rpaf.conf\",\n mode => $apache::file_mode,\n content => template($template),\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n}"}, {"name": "apache::mod::security", "file": "manifests/mod/security.pp", "line": 95, "inherits": "::apache::params", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Manage mod_security or mod_security2", "types": ["Any"], "name": "version"}, {"tag_name": "param", "text": "Configures the location of audit and debug logs.", "types": ["Any"], "name": "logroot"}, {"tag_name": "param", "text": "Name of package that installs CRS rules.", "types": ["Any"], "name": "crs_package"}, {"tag_name": "param", "text": "An array of rules from the modsec_crs_path or absolute to activate via symlinks.", "types": ["Any"], "name": "activated_rules"}, {"tag_name": "param", "text": "Defines the path where Puppet installs the modsec configuration and activated rules links.", "types": ["Any"], "name": "modsec_dir"}, {"tag_name": "param", "text": "Configures the rules engine.", "types": ["Any"], "name": "modsec_secruleengine"}, {"tag_name": "param", "text": "Configures which response status code is to be considered relevant for the purpose of audit logging.", "types": ["Any"], "name": "audit_log_relevant_status"}, {"tag_name": "param", "text": "Defines which parts of each transaction are going to be recorded in the audit log. Each part is assigned a single letter; when a\nletter appears in the list then the equivalent part will be recorded.", "types": ["Any"], "name": "audit_log_parts"}, {"tag_name": "param", "text": "Defines the type of audit logging mechanism to be used.", "types": ["Any"], "name": "audit_log_type"}, {"tag_name": "param", "text": "Defines the directory where concurrent audit log entries are to be stored. This directive is only needed when concurrent audit logging is used.", "types": ["Any"], "name": "audit_log_storage_dir"}, {"tag_name": "param", "text": "Sets the match limit in the PCRE library.", "types": ["Any"], "name": "secpcrematchlimit"}, {"tag_name": "param", "text": "Sets the match limit recursion in the PCRE library.", "types": ["Any"], "name": "secpcrematchlimitrecursion"}, {"tag_name": "param", "text": "A space-separated list of allowed HTTP methods.", "types": ["Any"], "name": "allowed_methods"}, {"tag_name": "param", "text": "A list of one or more allowed MIME types.", "types": ["Any"], "name": "content_types"}, {"tag_name": "param", "text": "A space-sparated list of prohibited file extensions.", "types": ["Any"], "name": "restricted_extensions"}, {"tag_name": "param", "text": "A list of restricted headers separated by slashes and spaces.", "types": ["Any"], "name": "restricted_headers"}, {"tag_name": "param", "text": "Defines the default list of actions, which will be inherited by the rules in the same configuration context.", "types": ["Any"], "name": "secdefaultaction"}, {"tag_name": "param", "text": "Activates or deactivates the Collaborative Detection Blocking of the OWASP ModSecurity Core Rule Set.", "types": ["Any"], "name": "anomaly_score_blocking"}, {"tag_name": "param", "text": "Sets the scoring threshold level of the inbound blocking rules for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set.", "types": ["Any"], "name": "inbound_anomaly_threshold"}, {"tag_name": "param", "text": "Sets the scoring threshold level of the outbound blocking rules for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set.", "types": ["Any"], "name": "outbound_anomaly_threshold"}, {"tag_name": "param", "text": "Sets the Anomaly Score for rules assigned with a critical severity.", "types": ["Any"], "name": "critical_anomaly_score"}, {"tag_name": "param", "text": "Sets the Anomaly Score for rules assigned with a error severity.", "types": ["Any"], "name": "error_anomaly_score"}, {"tag_name": "param", "text": "Sets the Anomaly Score for rules assigned with a warning severity.", "types": ["Any"], "name": "warning_anomaly_score"}, {"tag_name": "param", "text": "Sets the Anomaly Score for rules assigned with a notice severity.", "types": ["Any"], "name": "notice_anomaly_score"}, {"tag_name": "param", "text": "Sets the maximum number of arguments in the request.", "types": ["Any"], "name": "secrequestmaxnumargs"}, {"tag_name": "param", "text": "Sets the maximum request body size ModSecurity will accept for buffering.", "types": ["Any"], "name": "secrequestbodylimit"}, {"tag_name": "param", "text": "Configures the maximum request body size ModSecurity will accept for buffering, excluding the size of any files being transported\nin the request.", "types": ["Any"], "name": "secrequestbodynofileslimit"}, {"tag_name": "param", "text": "Configures the maximum request body size that ModSecurity will store in memory.", "types": ["Any"], "name": "secrequestbodyinmemorylimit"}, {"tag_name": "param", "text": "Toggles whether to manage ModSecurity Core Rule Set", "types": ["Any"], "name": "manage_security_crs"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "custom_rules"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "custom_rules_set"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://github.com/SpiderLabs/ModSecurity/wiki"}, {"tag_name": "summary", "text": "Installs and configures `mod_security`."}]}, "defaults": {"logroot": "$apache::params::logroot", "version": "$apache::params::modsec_version", "crs_package": "$apache::params::modsec_crs_package", "activated_rules": "$apache::params::modsec_default_rules", "custom_rules": "$apache::params::modsec_custom_rules", "custom_rules_set": "$apache::params::modsec_custom_rules_set", "modsec_dir": "$apache::params::modsec_dir", "modsec_secruleengine": "$apache::params::modsec_secruleengine", "audit_log_relevant_status": "'^(?:5|4(?!04))'", "audit_log_parts": "$apache::params::modsec_audit_log_parts", "audit_log_type": "$apache::params::modsec_audit_log_type", "audit_log_storage_dir": "undef", "secpcrematchlimit": "$apache::params::secpcrematchlimit", "secpcrematchlimitrecursion": "$apache::params::secpcrematchlimitrecursion", "allowed_methods": "'GET HEAD POST OPTIONS'", "content_types": "'application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf'", "restricted_extensions": "'.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/'", "restricted_headers": "'/Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/'", "secdefaultaction": "'deny'", "anomaly_score_blocking": "'off'", "inbound_anomaly_threshold": "'5'", "outbound_anomaly_threshold": "'4'", "critical_anomaly_score": "'5'", "error_anomaly_score": "'4'", "warning_anomaly_score": "'3'", "notice_anomaly_score": "'2'", "secrequestmaxnumargs": "'255'", "secrequestbodylimit": "'13107200'", "secrequestbodynofileslimit": "'131072'", "secrequestbodyinmemorylimit": "'131072'", "manage_security_crs": "true"}, "source": "class apache::mod::security (\n $logroot = $apache::params::logroot,\n $version = $apache::params::modsec_version,\n $crs_package = $apache::params::modsec_crs_package,\n $activated_rules = $apache::params::modsec_default_rules,\n $custom_rules = $apache::params::modsec_custom_rules,\n $custom_rules_set = $apache::params::modsec_custom_rules_set,\n $modsec_dir = $apache::params::modsec_dir,\n $modsec_secruleengine = $apache::params::modsec_secruleengine,\n $audit_log_relevant_status = '^(?:5|4(?!04))',\n $audit_log_parts = $apache::params::modsec_audit_log_parts,\n $audit_log_type = $apache::params::modsec_audit_log_type,\n $audit_log_storage_dir = undef,\n $secpcrematchlimit = $apache::params::secpcrematchlimit,\n $secpcrematchlimitrecursion = $apache::params::secpcrematchlimitrecursion,\n $allowed_methods = 'GET HEAD POST OPTIONS',\n $content_types = 'application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf',\n $restricted_extensions = '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/',\n $restricted_headers = '/Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/',\n $secdefaultaction = 'deny',\n $anomaly_score_blocking = 'off',\n $inbound_anomaly_threshold = '5',\n $outbound_anomaly_threshold = '4',\n $critical_anomaly_score = '5',\n $error_anomaly_score = '4',\n $warning_anomaly_score = '3',\n $notice_anomaly_score = '2',\n $secrequestmaxnumargs = '255',\n $secrequestbodylimit = '13107200',\n $secrequestbodynofileslimit = '131072',\n $secrequestbodyinmemorylimit = '131072',\n $manage_security_crs = true,\n) inherits ::apache::params {\n include apache\n\n $_secdefaultaction = $secdefaultaction ? {\n /log/ => $secdefaultaction, # it has log or nolog,auditlog or log,noauditlog\n default => \"${secdefaultaction},log\",\n }\n\n if $::osfamily == 'FreeBSD' {\n fail('FreeBSD is not currently supported')\n }\n\n if ($::osfamily == 'Suse' and versioncmp($::operatingsystemrelease, '11') < 0) {\n fail('SLES 10 is not currently supported.')\n }\n\n case $version {\n 1: {\n $mod_name = 'security'\n $mod_conf_name = 'security.conf'\n }\n 2: {\n $mod_name = 'security2'\n $mod_conf_name = 'security2.conf'\n }\n default: {\n fail('Unsuported version for mod security')\n }\n }\n ::apache::mod { $mod_name:\n id => 'security2_module',\n lib => 'mod_security2.so',\n }\n\n ::apache::mod { 'unique_id_module':\n id => 'unique_id_module',\n lib => 'mod_unique_id.so',\n }\n\n if $crs_package {\n package { $crs_package:\n ensure => 'installed',\n before => [\n File[$apache::confd_dir],\n File[$modsec_dir],\n ],\n }\n }\n\n # Template uses:\n # - logroot\n # - $modsec_dir\n # - $audit_log_parts\n # - $audit_log_type\n # - $audit_log_storage_dir\n # - secpcrematchlimit\n # - secpcrematchlimitrecursion\n # - secrequestbodylimit\n # - secrequestbodynofileslimit\n # - secrequestbodyinmemorylimit\n file { 'security.conf':\n ensure => file,\n content => template('apache/mod/security.conf.erb'),\n mode => $apache::file_mode,\n path => \"${apache::mod_dir}/${mod_conf_name}\",\n owner => $apache::params::user,\n group => $apache::params::group,\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n\n file { $modsec_dir:\n ensure => directory,\n owner => 'root',\n group => 'root',\n mode => '0755',\n purge => true,\n force => true,\n recurse => true,\n require => Package['httpd'],\n }\n\n file { \"${modsec_dir}/activated_rules\":\n ensure => directory,\n owner => $apache::params::user,\n group => $apache::params::group,\n mode => '0555',\n purge => true,\n force => true,\n recurse => true,\n notify => Class['apache::service'],\n }\n\n if $custom_rules {\n # Template to add custom rule and included in security configuration\n file {\"${modsec_dir}/custom_rules\":\n ensure => directory,\n owner => $apache::params::user,\n group => $apache::params::group,\n mode => $apache::file_mode,\n require => File[$modsec_dir],\n }\n\n file { \"${modsec_dir}/custom_rules/custom_01_rules.conf\":\n ensure => file,\n owner => $apache::params::user,\n group => $apache::params::group,\n mode => $apache::file_mode,\n content => template('apache/mod/security_custom.conf.erb'),\n require => File[\"${modsec_dir}/custom_rules\"],\n notify => Class['apache::service'],\n }\n }\n\n if $manage_security_crs {\n # Template uses:\n # - $_secdefaultaction\n # - $critical_anomaly_score\n # - $error_anomaly_score\n # - $warning_anomaly_score\n # - $notice_anomaly_score\n # - $inbound_anomaly_threshold\n # - $outbound_anomaly_threshold\n # - $anomaly_score_blocking\n # - $allowed_methods\n # - $content_types\n # - $restricted_extensions\n # - $restricted_headers\n # - $secrequestmaxnumargs\n file { \"${modsec_dir}/security_crs.conf\":\n ensure => file,\n content => template('apache/mod/security_crs.conf.erb'),\n require => File[$modsec_dir],\n notify => Class['apache::service'],\n }\n\n # Debian 9 has a different rule setup\n unless $::operatingsystem == 'SLES' or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9') >= 0) or ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '18.04') >= 0) {\n apache::security::rule_link { $activated_rules: }\n }\n }\n}"}, {"name": "apache::mod::setenvif", "file": "manifests/mod/setenvif.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_setenvif.html"}, {"tag_name": "summary", "text": "Installs `mod_setenvif`."}]}, "source": "class apache::mod::setenvif {\n include apache\n ::apache::mod { 'setenvif': }\n # Template uses no variables\n file { 'setenvif.conf':\n ensure => file,\n path => \"${apache::mod_dir}/setenvif.conf\",\n mode => $apache::file_mode,\n content => template('apache/mod/setenvif.conf.erb'),\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n}"}, {"name": "apache::mod::shib", "file": "manifests/mod/shib.pp", "line": 26, "docstring": {"text": "This class installs and configures only the Apache components of a web application that consumes Shibboleth SSO identities. You\ncan manage the Shibboleth configuration manually, with Puppet, or using a [Shibboleth Puppet Module](https://github.com/aethylred/puppet-shibboleth).", "tags": [{"tag_name": "note", "text": "The Shibboleth module isn't available on RH/CentOS without providing dependency packages provided by Shibboleth's repositories.\nSee the [Shibboleth Service Provider Installation Guide](http://wiki.aaf.edu.au/tech-info/sp-install-guide)."}, {"tag_name": "note", "text": "Unsupported platforms: RedHat: all; CentOS: all; Scientific: all; SLES: all; Debian: 7, 8; Ubuntu: all; OracleLinux: all"}, {"tag_name": "param", "text": "Toggles whether to trigger warning on RedHat nodes.", "types": ["Any"], "name": "suppress_warning"}, {"tag_name": "param", "text": "Specifies a path to the module. Do not manually set this parameter without a special reason.", "types": ["Any"], "name": "mod_full_path"}, {"tag_name": "param", "text": "Name of the Shibboleth package to be installed.", "types": ["Any"], "name": "package_name"}, {"tag_name": "param", "text": "Specifies a path to the module's libraries. Do not manually set this parameter without special reason. The `path` parameter\noverrides this value.", "types": ["Any"], "name": "mod_lib"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig"}, {"tag_name": "summary", "text": "Installs and configures `mod_shib`."}]}, "defaults": {"suppress_warning": "false", "mod_full_path": "undef", "package_name": "undef", "mod_lib": "undef"}, "source": "class apache::mod::shib (\n $suppress_warning = false,\n $mod_full_path = undef,\n $package_name = undef,\n $mod_lib = undef,\n) {\n include apache\n if $::osfamily == 'RedHat' and ! $suppress_warning {\n warning('RedHat distributions do not have Apache mod_shib in their default package repositories.')\n }\n\n $mod_shib = 'shib2'\n\n apache::mod { $mod_shib:\n id => 'mod_shib',\n path => $mod_full_path,\n package => $package_name,\n lib => $mod_lib,\n }\n}"}, {"name": "apache::mod::socache_shmcb", "file": "manifests/mod/socache_shmcb.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_socache_shmcb.html"}, {"tag_name": "summary", "text": "Installs `mod_socache_shmcb`."}]}, "source": "class apache::mod::socache_shmcb {\n ::apache::mod { 'socache_shmcb': }\n}"}, {"name": "apache::mod::speling", "file": "manifests/mod/speling.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_speling.html"}, {"tag_name": "summary", "text": "Installs `mod_spelling`."}]}, "source": "class apache::mod::speling {\n include apache\n ::apache::mod { 'speling': }\n}"}, {"name": "apache::mod::ssl", "file": "manifests/mod/ssl.pp", "line": 82, "inherits": "::apache::params", "docstring": {"text": "On most operating systems, the ssl.conf is placed in the module configuration directory. On Red Hat based operating systems, this\nfile is placed in /etc/httpd/conf.d, the same location in which the RPM stores the configuration.\n\nTo use SSL with a virtual host, you must either set the default_ssl_vhost parameter in ::apache to true or the ssl parameter in\napache::vhost to true.", "tags": [{"tag_name": "param", "text": "Enable compression on the SSL level.", "types": ["Boolean"], "name": "ssl_compression"}, {"tag_name": "param", "text": "Enable use of a cryptographic hardware accelerator.", "types": ["Any"], "name": "ssl_cryptodevice"}, {"tag_name": "param", "text": "Configure various SSL engine run-time options.", "types": ["Any"], "name": "ssl_options"}, {"tag_name": "param", "text": "Configure OpenSSL parameters through its SSL_CONF API.", "types": ["Any"], "name": "ssl_openssl_conf_cmd"}, {"tag_name": "param", "text": "Path to server PEM-encoded X.509 certificate data file.", "types": ["Optional[String]"], "name": "ssl_cert"}, {"tag_name": "param", "text": "Path to server PEM-encoded private key file", "types": ["Optional[String]"], "name": "ssl_key"}, {"tag_name": "param", "text": "File of concatenated PEM-encoded CA Certificates for Client Auth.", "types": ["Any"], "name": "ssl_ca"}, {"tag_name": "param", "text": "Cipher Suite available for negotiation in SSL handshake.", "types": ["Any"], "name": "ssl_cipher"}, {"tag_name": "param", "text": "Option to prefer the server's cipher preference order.", "types": ["Variant[Boolean, Enum['on', 'off']]"], "name": "ssl_honorcipherorder"}, {"tag_name": "param", "text": "Configure usable SSL/TLS protocol versions.\nDefault based on the OS:\n- RedHat 8: [ 'all' ].\n- Other Platforms: [ 'all', '-SSLv2', '-SSLv3' ].", "types": ["Any"], "name": "ssl_protocol"}, {"tag_name": "param", "text": "Configure usable SSL protocol flavors for proxy usage.", "types": ["Array"], "name": "ssl_proxy_protocol"}, {"tag_name": "param", "text": "Type of pass phrase dialog for encrypted private keys.", "types": ["Any"], "name": "ssl_pass_phrase_dialog"}, {"tag_name": "param", "text": "Pseudo Random Number Generator (PRNG) seeding source.", "types": ["Any"], "name": "ssl_random_seed_bytes"}, {"tag_name": "param", "text": "Configures the storage type of the global/inter-process SSL Session Cache", "types": ["String"], "name": "ssl_sessioncache"}, {"tag_name": "param", "text": "Number of seconds before an SSL session expires in the Session Cache.", "types": ["Any"], "name": "ssl_sessioncachetimeout"}, {"tag_name": "param", "text": "Enable stapling of OCSP responses in the TLS handshake.", "types": ["Boolean"], "name": "ssl_stapling"}, {"tag_name": "param", "text": "Pass stapling related OCSP errors on to client.", "types": ["Optional[Boolean]"], "name": "ssl_stapling_return_errors"}, {"tag_name": "param", "text": "Configures mutex mechanism and lock file directory for all or specified mutexes.\nDefault based on the OS and/or Apache version:\n- RedHat/FreeBSD/Suse/Gentoo: 'default'.\n- Debian/Ubuntu + Apache >= 2.4: 'default'.\n- Debian/Ubuntu + Apache < 2.4: 'file:${APACHE_RUN_DIR}/ssl_mutex'.", "types": ["Any"], "name": "ssl_mutex"}, {"tag_name": "param", "text": "Enable reloading of apache if the content of ssl files have changed. It only affects ssl files configured here and not vhost ones.", "types": ["Boolean"], "name": "ssl_reload_on_change"}, {"tag_name": "param", "text": "Used to verify that the Apache version you have requested is compatible with the module.", "types": ["Any"], "name": "apache_version"}, {"tag_name": "param", "text": "Name of ssl package to install.", "types": ["Any"], "name": "package_name"}, {"tag_name": "param", "text": "", "types": ["Optional[Boolean]"], "name": "ssl_sessiontickets"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "stapling_cache"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_ssl.html"}, {"tag_name": "summary", "text": "Installs `mod_ssl`."}]}, "defaults": {"ssl_compression": "false", "ssl_sessiontickets": "undef", "ssl_cryptodevice": "'builtin'", "ssl_options": "['StdEnvVars']", "ssl_openssl_conf_cmd": "undef", "ssl_cert": "undef", "ssl_key": "undef", "ssl_ca": "undef", "ssl_cipher": "'HIGH:MEDIUM:!aNULL:!MD5:!RC4:!3DES'", "ssl_honorcipherorder": "true", "ssl_protocol": "$apache::params::ssl_protocol", "ssl_proxy_protocol": "[]", "ssl_pass_phrase_dialog": "'builtin'", "ssl_random_seed_bytes": "'512'", "ssl_sessioncache": "$apache::params::ssl_sessioncache", "ssl_sessioncachetimeout": "'300'", "ssl_stapling": "false", "stapling_cache": "undef", "ssl_stapling_return_errors": "undef", "ssl_mutex": "undef", "ssl_reload_on_change": "false", "apache_version": "undef", "package_name": "undef"}, "source": "class apache::mod::ssl (\n Boolean $ssl_compression = false,\n Optional[Boolean] $ssl_sessiontickets = undef,\n $ssl_cryptodevice = 'builtin',\n $ssl_options = ['StdEnvVars'],\n $ssl_openssl_conf_cmd = undef,\n Optional[String] $ssl_cert = undef,\n Optional[String] $ssl_key = undef,\n $ssl_ca = undef,\n $ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5:!RC4:!3DES',\n Variant[Boolean, Enum['on', 'off']] $ssl_honorcipherorder = true,\n $ssl_protocol = $apache::params::ssl_protocol,\n Array $ssl_proxy_protocol = [],\n $ssl_pass_phrase_dialog = 'builtin',\n $ssl_random_seed_bytes = '512',\n String $ssl_sessioncache = $apache::params::ssl_sessioncache,\n $ssl_sessioncachetimeout = '300',\n Boolean $ssl_stapling = false,\n Optional[String] $stapling_cache = undef,\n Optional[Boolean] $ssl_stapling_return_errors = undef,\n $ssl_mutex = undef,\n Boolean $ssl_reload_on_change = false,\n $apache_version = undef,\n $package_name = undef,\n) inherits ::apache::params {\n include apache\n include apache::mod::mime\n $_apache_version = pick($apache_version, $apache::apache_version)\n if $ssl_mutex {\n $_ssl_mutex = $ssl_mutex\n } else {\n case $::osfamily {\n 'debian': {\n if versioncmp($_apache_version, '2.4') >= 0 {\n $_ssl_mutex = 'default'\n } else {\n $_ssl_mutex = \"file:\\${APACHE_RUN_DIR}/ssl_mutex\"\n }\n }\n 'redhat': {\n $_ssl_mutex = 'default'\n }\n 'freebsd': {\n $_ssl_mutex = 'default'\n }\n 'gentoo': {\n $_ssl_mutex = 'default'\n }\n 'Suse': {\n $_ssl_mutex = 'default'\n }\n default: {\n fail(\"Unsupported osfamily ${::osfamily}, please explicitly pass in \\$ssl_mutex\")\n }\n }\n }\n\n if $ssl_honorcipherorder =~ Boolean {\n $_ssl_honorcipherorder = $ssl_honorcipherorder\n } else {\n $_ssl_honorcipherorder = $ssl_honorcipherorder ? {\n 'on' => true,\n 'off' => false,\n default => true,\n }\n }\n\n if $stapling_cache =~ Undef {\n $_stapling_cache = $::osfamily ? {\n 'debian' => \"\\${APACHE_RUN_DIR}/ocsp(32768)\",\n 'redhat' => '/run/httpd/ssl_stapling(32768)',\n 'freebsd' => '/var/run/ssl_stapling(32768)',\n 'gentoo' => '/var/run/ssl_stapling(32768)',\n 'Suse' => '/var/lib/apache2/ssl_stapling(32768)',\n }\n } else {\n $_stapling_cache = $stapling_cache\n }\n\n if $::osfamily == 'Suse' {\n if defined(Class['::apache::mod::worker']) {\n $suse_path = '/usr/lib64/apache2-worker'\n } else {\n $suse_path = '/usr/lib64/apache2-prefork'\n }\n ::apache::mod { 'ssl':\n package => $package_name,\n lib_path => $suse_path,\n }\n } else {\n ::apache::mod { 'ssl':\n package => $package_name,\n }\n }\n\n if versioncmp($_apache_version, '2.4') >= 0 {\n include apache::mod::socache_shmcb\n }\n\n if $ssl_reload_on_change {\n [$ssl_cert, $ssl_key, $ssl_ca].each |$ssl_file| {\n if $ssl_file {\n include apache::mod::ssl::reload\n $_ssl_file_copy = regsubst($ssl_file, '/', '_', 'G')\n file { $_ssl_file_copy:\n path => \"${apache::params::puppet_ssl_dir}/${_ssl_file_copy}\",\n source => \"file://${ssl_file}\",\n owner => 'root',\n group => $apache::params::root_group,\n mode => '0640',\n seltype => 'cert_t',\n notify => Class['apache::service'],\n }\n }\n }\n }\n\n # Template uses\n #\n # $ssl_compression\n # $ssl_sessiontickets\n # $ssl_cryptodevice\n # $ssl_ca\n # $ssl_cipher\n # $ssl_honorcipherorder\n # $ssl_options\n # $ssl_openssl_conf_cmd\n # $ssl_sessioncache\n # $_stapling_cache\n # $ssl_mutex\n # $ssl_random_seed_bytes\n # $ssl_sessioncachetimeout\n # $_apache_version\n file { 'ssl.conf':\n ensure => file,\n path => $apache::_ssl_file,\n mode => $apache::file_mode,\n content => template('apache/mod/ssl.conf.erb'),\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n}"}, {"name": "apache::mod::ssl::reload", "file": "manifests/mod/ssl/reload.pp", "line": 5, "inherits": "::apache::params", "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "summary", "text": "Manages the puppet_ssl folder for ssl file copies, which is needed to track changes for reloading service on changes"}]}, "source": "class apache::mod::ssl::reload () inherits ::apache::params {\n file { $apache::params::puppet_ssl_dir:\n ensure => directory,\n purge => true,\n recurse => true,\n require => Package['httpd'],\n }\n file { 'README.txt':\n path => \"${apache::params::puppet_ssl_dir}/README.txt\",\n content => 'This directory contains puppet managed copies of ssl files, so it can track changes and reload apache on changes.',\n seltype => 'etc_t',\n }\n}"}, {"name": "apache::mod::status", "file": "manifests/mod/status.pp", "line": 41, "inherits": "::apache::params", "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "# Simple usage allowing access from localhost and a private subnet\nclass { 'apache::mod::status':\n $allow_from => ['127.0.0.1', '10.10.10.10/24'],\n}", "name": ""}, {"tag_name": "param", "text": "Array of hosts, ip addresses, partial network numbers or networks, in CIDR notation specifying what hosts can view the special\n/server-status URL. Defaults to ['127.0.0.1', '::1'].\n> Creates Apache < 2.4 directive \"Allow from\".", "types": ["Optional[Array]"], "name": "allow_from"}, {"tag_name": "param", "text": "A Variant type that can be:\n- String with:\n - '' or 'unmanaged' - Host auth control done elsewhere\n - 'ip <List of IPs>' - Allowed IPs/ranges\n - 'host <List of names>' - Allowed names/domains\n - 'all [granted|denied]'\n- Array of strings with ip or host as above\n- Hash with following keys:\n - 'requires' - Value => Array as above\n - 'enforce' - Value => String 'Any', 'All' or 'None'\n This encloses \"Require\" directives in \"<Require(Any|All|None)>\" block\n Optional - If unspecified, \"Require\" directives follow current flow\n> Creates Apache >= 2.4 directives \"Require\"", "types": ["Optional[Variant[String, Array, Hash]]"], "name": "requires"}, {"tag_name": "param", "text": "Determines whether to track extended status information for each request, via the ExtendedStatus directive.", "types": ["Enum['On', 'Off', 'on', 'off']"], "name": "extended_status"}, {"tag_name": "param", "text": "Path assigned to the Location directive which defines the URL to access the server status.", "types": ["Any"], "name": "status_path"}, {"tag_name": "param", "text": "Used to verify that the Apache version you have requested is compatible with the module.", "types": ["Any"], "name": "apache_version"}, {"tag_name": "see", "text": "for additional documentation.", "name": "http://httpd.apache.org/docs/current/mod/mod_status.html"}, {"tag_name": "summary", "text": "Installs and configures `mod_status`."}]}, "defaults": {"allow_from": "undef", "requires": "undef", "extended_status": "'On'", "apache_version": "undef", "status_path": "'/server-status'"}, "source": "class apache::mod::status (\n Optional[Array] $allow_from = undef,\n Optional[Variant[String, Array, Hash]] $requires = undef,\n Enum['On', 'Off', 'on', 'off'] $extended_status = 'On',\n $apache_version = undef,\n $status_path = '/server-status',\n) inherits ::apache::params {\n include apache\n $_apache_version = pick($apache_version, $apache::apache_version)\n ::apache::mod { 'status': }\n\n # Defaults for \"Allow from\" or \"Require\" directives\n $allow_defaults = ['127.0.0.1','::1']\n $requires_defaults = 'ip 127.0.0.1 ::1'\n\n # Template uses $allow_from, $extended_status, $_apache_version, $status_path\n file { 'status.conf':\n ensure => file,\n path => \"${apache::mod_dir}/status.conf\",\n mode => $apache::file_mode,\n content => template('apache/mod/status.conf.erb'),\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n}"}, {"name": "apache::mod::suexec", "file": "manifests/mod/suexec.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_suexec.html"}, {"tag_name": "summary", "text": "Installs `mod_suexec`."}]}, "source": "class apache::mod::suexec {\n ::apache::mod { 'suexec': }\n}"}, {"name": "apache::mod::suphp", "file": "manifests/mod/suphp.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "see", "text": "for additional documentation.", "name": "https://www.suphp.org/DocumentationView.html?file=apache/INSTALL"}, {"tag_name": "summary", "text": "Installs `mod_suphp`."}]}, "source": "class apache::mod::suphp (\n) {\n if $facts['os']['family'] == 'Debian' {\n fail(\"suphp was declared EOL by it's creators as of 2013 and so is no longer supported on Ubuntu 15.10/Debian 8 and above. Please use php-fpm\")\n }\n include apache\n ::apache::mod { 'suphp': }\n\n file { 'suphp.conf':\n ensure => file,\n path => \"${apache::mod_dir}/suphp.conf\",\n mode => $apache::file_mode,\n content => template('apache/mod/suphp.conf.erb'),\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n}"}, {"name": "apache::mod::userdir", "file": "manifests/mod/userdir.pp", "line": 36, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "*Deprecated* Path to system home directory.", "types": ["Any"], "name": "home"}, {"tag_name": "param", "text": "*Deprecated* Path from user's home directory to public directory.", "types": ["Any"], "name": "dir"}, {"tag_name": "param", "text": "Path or directory name to be used as the UserDir.", "types": ["Optional[String[1]]"], "name": "userdir"}, {"tag_name": "param", "text": "Toggles whether to allow use of root directory.", "types": ["Any"], "name": "disable_root"}, {"tag_name": "param", "text": "Used to verify that the Apache version you have requested is compatible with the module.", "types": ["Any"], "name": "apache_version"}, {"tag_name": "param", "text": "Path to directory or pattern from which to find user-specific directories.", "types": ["Any"], "name": "path"}, {"tag_name": "param", "text": "Array of directives that are allowed in .htaccess files.", "types": ["Any"], "name": "overrides"}, {"tag_name": "param", "text": "Configures what features are available in a particular directory.", "types": ["Any"], "name": "options"}, {"tag_name": "param", "text": "Toggles whether to manage path in userdir.conf", "types": ["Any"], "name": "unmanaged_path"}, {"tag_name": "param", "text": "Custom configuration to be added to userdir.conf", "types": ["Any"], "name": "custom_fragment"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_userdir.html"}, {"tag_name": "summary", "text": "Installs and configures `mod_userdir`."}]}, "defaults": {"home": "undef", "dir": "undef", "userdir": "undef", "disable_root": "true", "apache_version": "undef", "path": "'/home/*/public_html'", "overrides": "['FileInfo', 'AuthConfig', 'Limit', 'Indexes']", "options": "['MultiViews', 'Indexes', 'SymLinksIfOwnerMatch', 'IncludesNoExec']", "unmanaged_path": "false", "custom_fragment": "undef"}, "source": "class apache::mod::userdir (\n $home = undef,\n $dir = undef,\n Optional[String[1]] $userdir = undef,\n $disable_root = true,\n $apache_version = undef,\n $path = '/home/*/public_html',\n $overrides = ['FileInfo', 'AuthConfig', 'Limit', 'Indexes'],\n $options = ['MultiViews', 'Indexes', 'SymLinksIfOwnerMatch', 'IncludesNoExec'],\n $unmanaged_path = false,\n $custom_fragment = undef,\n) {\n include apache\n $_apache_version = pick($apache_version, $apache::apache_version)\n\n if $home or $dir {\n $_home = $home ? {\n undef => '/home',\n default => $home,\n }\n $_dir = $dir ? {\n undef => 'public_html',\n default => $dir,\n }\n warning('home and dir are deprecated; use path instead')\n $_path = \"${_home}/*/${_dir}\"\n } else {\n $_path = $path\n }\n\n $_userdir = pick($userdir, $_path)\n\n ::apache::mod { 'userdir': }\n\n # Template uses $home, $dir, $disable_root, $_apache_version\n file { 'userdir.conf':\n ensure => file,\n path => \"${apache::mod_dir}/userdir.conf\",\n mode => $apache::file_mode,\n content => template('apache/mod/userdir.conf.erb'),\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n}"}, {"name": "apache::mod::version", "file": "manifests/mod/version.pp", "line": 9, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Used to verify that the Apache version you have requested is compatible with the module.", "types": ["Any"], "name": "apache_version"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_version.html"}, {"tag_name": "summary", "text": "Installs `mod_version`."}]}, "defaults": {"apache_version": "$apache::apache_version"}, "source": "class apache::mod::version (\n $apache_version = $apache::apache_version\n) {\n if ($::osfamily == 'debian' and versioncmp($apache_version, '2.4') >= 0) {\n warning(\"${module_name}: module version_module is built-in and can't be loaded\")\n } else {\n ::apache::mod { 'version': }\n }\n}"}, {"name": "apache::mod::vhost_alias", "file": "manifests/mod/vhost_alias.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_vhost_alias.html"}, {"tag_name": "summary", "text": "Installs Apache `mod_vhost_alias`."}]}, "source": "class apache::mod::vhost_alias {\n ::apache::mod { 'vhost_alias': }\n}"}, {"name": "apache::mod::watchdog", "file": "manifests/mod/watchdog.pp", "line": 8, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Sets the interval at which the watchdog_step hook runs.", "types": ["Optional[Integer]"], "name": "watchdog_interval"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/mod_watchdog.html"}, {"tag_name": "summary", "text": "Installs and configures `mod_watchdog`."}]}, "defaults": {"watchdog_interval": "undef"}, "source": "class apache::mod::watchdog (\n Optional[Integer] $watchdog_interval = undef,\n) {\n include apache\n\n $module_builtin = $facts['os']['family'] in ['Debian']\n\n unless $module_builtin {\n apache::mod { 'watchdog':\n }\n }\n\n if $watchdog_interval {\n file { 'watchdog.conf':\n ensure => file,\n path => \"${apache::mod_dir}/watchdog.conf\",\n mode => $apache::file_mode,\n content => \"WatchdogInterval ${watchdog_interval}\\n\",\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n }\n}"}, {"name": "apache::mod::worker", "file": "manifests/mod/worker.pp", "line": 45, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The number of child server processes created on startup", "types": ["Any"], "name": "startservers"}, {"tag_name": "param", "text": "The max number of simultaneous requests that will be served.\nThis is the old name and is still supported. The new name is\nMaxRequestWorkers as of 2.3.13.", "types": ["Any"], "name": "maxclients"}, {"tag_name": "param", "text": "Minimum number of idle threads to handle request spikes.", "types": ["Any"], "name": "minsparethreads"}, {"tag_name": "param", "text": "Maximum number of idle threads.", "types": ["Any"], "name": "maxsparethreads"}, {"tag_name": "param", "text": "The number of threads created by each child process.", "types": ["Any"], "name": "threadsperchild"}, {"tag_name": "param", "text": "Limit on the number of connectiojns an individual child server\nprocess will handle. This is the old name and is still supported. The new\nname is MaxConnectionsPerChild as of 2.3.9+.", "types": ["Any"], "name": "maxrequestsperchild"}, {"tag_name": "param", "text": "With worker, use this directive only if your MaxRequestWorkers\nand ThreadsPerChild settings require more than 16 server processes\n(default). Do not set the value of this directive any higher than the\nnumber of server processes required by what you may want for\nMaxRequestWorkers and ThreadsPerChild.", "types": ["Any"], "name": "serverlimit"}, {"tag_name": "param", "text": "This directive sets the maximum configured value for\nThreadsPerChild for the lifetime of the Apache httpd process.", "types": ["Any"], "name": "threadlimit"}, {"tag_name": "param", "text": "Maximum length of the queue of pending connections.", "types": ["Any"], "name": "listenbacklog"}, {"tag_name": "param", "text": "Used to verify that the Apache version you have requested is compatible with the module.", "types": ["Any"], "name": "apache_version"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://httpd.apache.org/docs/current/mod/worker.html"}, {"tag_name": "summary", "text": "Installs and manages the MPM `worker`."}]}, "defaults": {"startservers": "'2'", "maxclients": "'150'", "minsparethreads": "'25'", "maxsparethreads": "'75'", "threadsperchild": "'25'", "maxrequestsperchild": "'0'", "serverlimit": "'25'", "threadlimit": "'64'", "listenbacklog": "'511'", "apache_version": "undef"}, "source": "class apache::mod::worker (\n $startservers = '2',\n $maxclients = '150',\n $minsparethreads = '25',\n $maxsparethreads = '75',\n $threadsperchild = '25',\n $maxrequestsperchild = '0',\n $serverlimit = '25',\n $threadlimit = '64',\n $listenbacklog = '511',\n $apache_version = undef,\n) {\n include apache\n $_apache_version = pick($apache_version, $apache::apache_version)\n\n if defined(Class['apache::mod::event']) {\n fail('May not include both apache::mod::worker and apache::mod::event on the same node')\n }\n if defined(Class['apache::mod::itk']) {\n fail('May not include both apache::mod::worker and apache::mod::itk on the same node')\n }\n if defined(Class['apache::mod::peruser']) {\n fail('May not include both apache::mod::worker and apache::mod::peruser on the same node')\n }\n if defined(Class['apache::mod::prefork']) {\n fail('May not include both apache::mod::worker and apache::mod::prefork on the same node')\n }\n File {\n owner => 'root',\n group => $apache::params::root_group,\n mode => $apache::file_mode,\n }\n\n # Template uses:\n # - $startservers\n # - $maxclients\n # - $minsparethreads\n # - $maxsparethreads\n # - $threadsperchild\n # - $maxrequestsperchild\n # - $serverlimit\n # - $threadLimit\n # - $listenbacklog\n file { \"${apache::mod_dir}/worker.conf\":\n ensure => file,\n content => template('apache/mod/worker.conf.erb'),\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n\n case $::osfamily {\n 'redhat': {\n if versioncmp($_apache_version, '2.4') >= 0 {\n ::apache::mpm { 'worker':\n apache_version => $_apache_version,\n }\n }\n else {\n file_line { '/etc/sysconfig/httpd worker enable':\n ensure => present,\n path => '/etc/sysconfig/httpd',\n line => 'HTTPD=/usr/sbin/httpd.worker',\n match => '#?HTTPD=/usr/sbin/httpd.worker',\n require => Package['httpd'],\n notify => Class['apache::service'],\n }\n }\n }\n\n 'debian', 'freebsd': {\n ::apache::mpm { 'worker':\n apache_version => $_apache_version,\n }\n }\n 'Suse': {\n ::apache::mpm { 'worker':\n apache_version => $apache_version,\n lib_path => '/usr/lib64/apache2-worker',\n }\n }\n\n 'gentoo': {\n ::portage::makeconf { 'apache2_mpms':\n content => 'worker',\n }\n }\n default: {\n fail(\"Unsupported osfamily ${::osfamily}\")\n }\n }\n}"}, {"name": "apache::mod::wsgi", "file": "manifests/mod/wsgi.pp", "line": 30, "inherits": "::apache::params", "docstring": {"text": "", "tags": [{"tag_name": "note", "text": "Unsupported platforms: SLES: all; RedHat: all; CentOS: all; OracleLinux: all; Scientific: all"}, {"tag_name": "param", "text": "Enable restrictions on use of embedded mode.", "types": ["Any"], "name": "wsgi_restrict_embedded"}, {"tag_name": "param", "text": "Configure directory to use for daemon sockets.", "types": ["Any"], "name": "wsgi_socket_prefix"}, {"tag_name": "param", "text": "Additional directories to search for Python modules.", "types": ["Any"], "name": "wsgi_python_path"}, {"tag_name": "param", "text": "Absolute path to Python prefix/exec_prefix directories.", "types": ["Any"], "name": "wsgi_python_home"}, {"tag_name": "param", "text": "Enables basic Python optimisation features.", "types": ["Any"], "name": "wsgi_python_optimize"}, {"tag_name": "param", "text": "Sets which application group WSGI application belongs to.", "types": ["Any"], "name": "wsgi_application_group"}, {"tag_name": "param", "text": "Names of package that installs mod_wsgi.", "types": ["Any"], "name": "package_name"}, {"tag_name": "param", "text": "Defines the path to the mod_wsgi shared object (.so) file.", "types": ["Any"], "name": "mod_path"}, {"tag_name": "see", "text": "for additional documentation.", "name": "https://github.com/GrahamDumpleton/mod_wsgi"}, {"tag_name": "summary", "text": "Installs and configures `mod_wsgi`."}]}, "defaults": {"wsgi_restrict_embedded": "undef", "wsgi_socket_prefix": "$apache::params::wsgi_socket_prefix", "wsgi_python_path": "undef", "wsgi_python_home": "undef", "wsgi_python_optimize": "undef", "wsgi_application_group": "undef", "package_name": "undef", "mod_path": "undef"}, "source": "class apache::mod::wsgi (\n $wsgi_restrict_embedded = undef,\n $wsgi_socket_prefix = $apache::params::wsgi_socket_prefix,\n $wsgi_python_path = undef,\n $wsgi_python_home = undef,\n $wsgi_python_optimize = undef,\n $wsgi_application_group = undef,\n $package_name = undef,\n $mod_path = undef,\n) inherits ::apache::params {\n include apache\n if ($package_name != undef and $mod_path == undef) or ($package_name == undef and $mod_path != undef) {\n fail('apache::mod::wsgi - both package_name and mod_path must be specified!')\n }\n\n if $package_name != undef {\n if $mod_path =~ /\\// {\n $_mod_path = $mod_path\n } else {\n $_mod_path = \"${apache::lib_path}/${mod_path}\"\n }\n ::apache::mod { 'wsgi':\n package => $package_name,\n path => $_mod_path,\n }\n }\n else {\n ::apache::mod { 'wsgi': }\n }\n\n # Template uses:\n # - $wsgi_restrict_embedded\n # - $wsgi_socket_prefix\n # - $wsgi_python_path\n # - $wsgi_python_home\n file { 'wsgi.conf':\n ensure => file,\n path => \"${apache::mod_dir}/wsgi.conf\",\n mode => $apache::file_mode,\n content => template('apache/mod/wsgi.conf.erb'),\n require => Exec[\"mkdir ${apache::mod_dir}\"],\n before => File[$apache::mod_dir],\n notify => Class['apache::service'],\n }\n}"}, {"name": "apache::mod::xsendfile", "file": "manifests/mod/xsendfile.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "see", "text": "for additional documentation.", "name": "https://tn123.org/mod_xsendfile/"}, {"tag_name": "summary", "text": "Installs `mod_xsendfile`."}]}, "source": "class apache::mod::xsendfile {\n include apache::params\n ::apache::mod { 'xsendfile': }\n}"}, {"name": "apache::mpm::disable_mpm_event", "file": "manifests/mpm/disable_mpm_event.pp", "line": 1, "docstring": {"text": ""}, "source": "class apache::mpm::disable_mpm_event {\n exec { '/usr/sbin/a2dismod event':\n onlyif => \"/usr/bin/test -e ${apache::mod_enable_dir}/event.load\",\n require => Package['httpd'],\n before => Class['apache::service'],\n }\n exec { 'remove distribution event load file':\n command => \"/bin/rm ${apache::mod_enable_dir}/mpm_event.load\",\n onlyif => \"/usr/bin/test -e ${apache::mod_enable_dir}/mpm_event.load\",\n require => Package['httpd'],\n before => Class['apache::service'],\n }\n exec { 'remove distribution event conf file':\n command => \"/bin/rm ${apache::mod_enable_dir}/mpm_event.conf\",\n onlyif => \"/usr/bin/test -e ${apache::mod_enable_dir}/mpm_event.conf\",\n require => Package['httpd'],\n before => Class['apache::service'],\n }\n}"}, {"name": "apache::mpm::disable_mpm_prefork", "file": "manifests/mpm/disable_mpm_prefork.pp", "line": 1, "docstring": {"text": ""}, "source": "class apache::mpm::disable_mpm_prefork {\n exec { '/usr/sbin/a2dismod prefork':\n onlyif => \"/usr/bin/test -e ${apache::mod_enable_dir}/prefork.load\",\n require => Package['httpd'],\n before => Class['apache::service'],\n }\n}"}, {"name": "apache::mpm::disable_mpm_worker", "file": "manifests/mpm/disable_mpm_worker.pp", "line": 1, "docstring": {"text": ""}, "source": "class apache::mpm::disable_mpm_worker {\n exec { '/usr/sbin/a2dismod worker':\n onlyif => \"/usr/bin/test -e ${apache::mod_enable_dir}/worker.load\",\n require => Package['httpd'],\n before => Class['apache::service'],\n }\n}"}, {"name": "apache::package", "file": "manifests/package.pp", "line": 5, "inherits": "::apache::params", "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ensure"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "mpm_module"}, {"tag_name": "summary", "text": "Installs an Apache MPM."}]}, "defaults": {"ensure": "'present'", "mpm_module": "$apache::params::mpm_module"}, "source": "class apache::package (\n $ensure = 'present',\n $mpm_module = $apache::params::mpm_module,\n) inherits ::apache::params {\n # The base class must be included first because it is used by parameter defaults\n if ! defined(Class['apache']) {\n fail('You must include the apache base class before using any apache defined resources')\n }\n\n case $::osfamily {\n 'FreeBSD': {\n case $mpm_module {\n 'prefork': {\n }\n 'worker': {\n }\n 'event': {\n }\n 'itk': {\n package { 'www/mod_mpm_itk':\n ensure => installed,\n }\n }\n default: { fail(\"MPM module ${mpm_module} not supported on FreeBSD\") }\n }\n }\n default: {\n }\n }\n\n package { 'httpd':\n ensure => $ensure,\n name => $apache::apache_name,\n notify => Class['Apache::Service'],\n }\n}"}, {"name": "apache::params", "file": "manifests/params.pp", "line": 5, "inherits": "::apache::version", "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "summary", "text": "This class manages Apache parameters"}]}, "source": "class apache::params inherits ::apache::version {\n if($::fqdn) {\n $servername = $::fqdn\n } else {\n $servername = $::hostname\n }\n\n # The default error log level\n $log_level = 'warn'\n $use_optional_includes = false\n\n # Default mime types settings\n $mime_types_additional = {\n 'AddHandler' => { 'type-map' => 'var', },\n 'AddType' => { 'text/html' => '.shtml', },\n 'AddOutputFilter' => { 'INCLUDES' => '.shtml', },\n }\n\n # should we use systemd module?\n $use_systemd = true\n\n # Default mode for files\n $file_mode = '0644'\n\n # The default value for host hame lookup\n $hostname_lookups = 'Off'\n\n # Default options for / directory\n $root_directory_options = ['FollowSymLinks']\n\n $vhost_include_pattern = '*'\n\n $modsec_audit_log_parts = 'ABIJDEFHZ'\n $modsec_audit_log_type = 'Serial'\n $modsec_custom_rules = false\n $modsec_custom_rules_set = undef\n\n # no client certs should be trusted for auth by default.\n $ssl_certs_dir = undef\n\n # Allow overriding the autoindex alias location\n $icons_prefix = 'icons'\n\n if ($apache::version::scl_httpd_version) {\n if $apache::version::scl_php_version == undef {\n fail('If you define apache::version::scl_httpd_version, you also need to specify apache::version::scl_php_version')\n }\n $_scl_httpd_version_nodot = regsubst($apache::version::scl_httpd_version, '\\.', '')\n $_scl_httpd_name = \"httpd${_scl_httpd_version_nodot}\"\n\n $_scl_php_version_no_dot = regsubst($apache::version::scl_php_version, '\\.', '')\n $user = 'apache'\n $group = 'apache'\n $root_group = 'root'\n $apache_name = \"${_scl_httpd_name}-httpd\"\n $service_name = \"${_scl_httpd_name}-httpd\"\n $httpd_root = \"/opt/rh/${_scl_httpd_name}/root\"\n $httpd_dir = \"${httpd_root}/etc/httpd\"\n $server_root = \"${httpd_root}/etc/httpd\"\n $conf_dir = \"${httpd_dir}/conf\"\n $confd_dir = \"${httpd_dir}/conf.d\"\n $puppet_ssl_dir = \"${httpd_dir}/puppet_ssl\"\n $mod_dir = $facts['operatingsystemmajrelease'] ? {\n '7' => \"${httpd_dir}/conf.modules.d\",\n default => \"${httpd_dir}/conf.d\",\n }\n $mod_enable_dir = undef\n $vhost_dir = \"${httpd_dir}/conf.d\"\n $vhost_enable_dir = undef\n $conf_file = 'httpd.conf'\n $conf_enabled = undef\n $ports_file = \"${conf_dir}/ports.conf\"\n $pidfile = 'run/httpd.pid'\n $logroot = \"/var/log/${_scl_httpd_name}\"\n $logroot_mode = undef\n $lib_path = 'modules'\n $mpm_module = 'prefork'\n $dev_packages = \"${_scl_httpd_name}-httpd-devel\"\n $default_ssl_cert = '/etc/pki/tls/certs/localhost.crt'\n $default_ssl_key = '/etc/pki/tls/private/localhost.key'\n $ssl_sessioncache = '/var/cache/mod_ssl/scache(512000)'\n $passenger_conf_file = 'passenger_extra.conf'\n $passenger_conf_package_file = 'passenger.conf'\n $passenger_root = undef\n $passenger_ruby = undef\n $passenger_default_ruby = undef\n $suphp_addhandler = 'php5-script'\n $suphp_engine = 'off'\n $suphp_configpath = undef\n $php_version = $apache::version::scl_php_version\n $mod_packages = {\n 'authnz_ldap' => \"${_scl_httpd_name}-mod_ldap\",\n 'ldap' => \"${_scl_httpd_name}-mod_ldap\",\n \"php${apache::version::scl_php_version}\" => \"rh-php${_scl_php_version_no_dot}-php\",\n 'ssl' => \"${_scl_httpd_name}-mod_ssl\",\n }\n $mod_libs = {\n 'nss' => 'libmodnss.so',\n }\n $conf_template = 'apache/httpd.conf.erb'\n $http_protocol_options = undef\n $keepalive = 'On'\n $keepalive_timeout = 15\n $max_keepalive_requests = 100\n $fastcgi_lib_path = undef\n $mime_support_package = 'mailcap'\n $mime_types_config = '/etc/mime.types'\n $docroot = \"${httpd_root}/var/www/html\"\n $alias_icons_path = $facts['operatingsystemmajrelease'] ? {\n '7' => \"${httpd_root}/usr/share/httpd/icons\",\n default => '/var/www/icons',\n }\n $error_documents_path = $facts['operatingsystemmajrelease'] ? {\n '7' => \"${httpd_root}/usr/share/httpd/error\",\n default => '/var/www/error'\n }\n if $::osfamily == 'RedHat' {\n $wsgi_socket_prefix = '/var/run/wsgi'\n } else {\n $wsgi_socket_prefix = undef\n }\n $cas_cookie_path = '/var/cache/mod_auth_cas/'\n $mellon_lock_file = '/run/mod_auth_mellon/lock'\n $mellon_cache_size = 100\n $mellon_post_directory = undef\n $modsec_version = 1\n $modsec_crs_package = 'mod_security_crs'\n $modsec_crs_path = '/usr/lib/modsecurity.d'\n $modsec_dir = '/etc/httpd/modsecurity.d'\n $secpcrematchlimit = 1500\n $secpcrematchlimitrecursion = 1500\n $modsec_secruleengine = 'On'\n $modsec_default_rules = [\n 'base_rules/modsecurity_35_bad_robots.data',\n 'base_rules/modsecurity_35_scanners.data',\n 'base_rules/modsecurity_40_generic_attacks.data',\n 'base_rules/modsecurity_50_outbound.data',\n 'base_rules/modsecurity_50_outbound_malware.data',\n 'base_rules/modsecurity_crs_20_protocol_violations.conf',\n 'base_rules/modsecurity_crs_21_protocol_anomalies.conf',\n 'base_rules/modsecurity_crs_23_request_limits.conf',\n 'base_rules/modsecurity_crs_30_http_policy.conf',\n 'base_rules/modsecurity_crs_35_bad_robots.conf',\n 'base_rules/modsecurity_crs_40_generic_attacks.conf',\n 'base_rules/modsecurity_crs_41_sql_injection_attacks.conf',\n 'base_rules/modsecurity_crs_41_xss_attacks.conf',\n 'base_rules/modsecurity_crs_42_tight_security.conf',\n 'base_rules/modsecurity_crs_45_trojans.conf',\n 'base_rules/modsecurity_crs_47_common_exceptions.conf',\n 'base_rules/modsecurity_crs_49_inbound_blocking.conf',\n 'base_rules/modsecurity_crs_50_outbound.conf',\n 'base_rules/modsecurity_crs_59_outbound_blocking.conf',\n 'base_rules/modsecurity_crs_60_correlation.conf',\n ]\n $error_log = 'error_log'\n $scriptalias = \"${httpd_root}/var/www/cgi-bin\"\n $access_log_file = 'access_log'\n }\n elsif $::osfamily == 'RedHat' or $::operatingsystem =~ /^[Aa]mazon$/ {\n $user = 'apache'\n $group = 'apache'\n $root_group = 'root'\n $apache_name = 'httpd'\n $service_name = 'httpd'\n $httpd_dir = '/etc/httpd'\n $server_root = '/etc/httpd'\n $conf_dir = \"${httpd_dir}/conf\"\n $confd_dir = \"${httpd_dir}/conf.d\"\n $puppet_ssl_dir = \"${httpd_dir}/puppet_ssl\"\n $conf_enabled = undef\n if $::operatingsystem =~ /^[Aa]mazon$/ and $::operatingsystemmajrelease == '2' {\n # Amazon Linux 2 uses the /conf.modules.d/ dir\n $mod_dir = \"${httpd_dir}/conf.modules.d\"\n } else {\n $mod_dir = $facts['operatingsystemmajrelease'] ? {\n '6' => \"${httpd_dir}/conf.d\",\n default => \"${httpd_dir}/conf.modules.d\",\n }\n }\n $mod_enable_dir = undef\n $vhost_dir = \"${httpd_dir}/conf.d\"\n $vhost_enable_dir = undef\n $conf_file = 'httpd.conf'\n $ports_file = \"${conf_dir}/ports.conf\"\n $pidfile = 'run/httpd.pid'\n $logroot = '/var/log/httpd'\n $logroot_mode = undef\n $lib_path = 'modules'\n $mpm_module = 'prefork'\n $dev_packages = 'httpd-devel'\n $default_ssl_cert = '/etc/pki/tls/certs/localhost.crt'\n $default_ssl_key = '/etc/pki/tls/private/localhost.key'\n $ssl_sessioncache = '/var/cache/mod_ssl/scache(512000)'\n $passenger_conf_file = 'passenger_extra.conf'\n $passenger_conf_package_file = 'passenger.conf'\n $passenger_root = undef\n $passenger_ruby = undef\n $passenger_default_ruby = undef\n $suphp_addhandler = 'php5-script'\n $suphp_engine = 'off'\n $suphp_configpath = undef\n $php_version = $facts['operatingsystemmajrelease'] ? {\n '8' => '7', # RedHat8\n default => '5', # RedHat5, RedHat6, RedHat7\n }\n $mod_packages = {\n # NOTE: The auth_cas module isn't available on RH/CentOS without providing dependency packages provided by EPEL.\n 'auth_cas' => 'mod_auth_cas',\n 'auth_kerb' => 'mod_auth_kerb',\n 'auth_gssapi' => 'mod_auth_gssapi',\n 'auth_mellon' => 'mod_auth_mellon',\n 'auth_openidc' => 'mod_auth_openidc',\n 'authnz_ldap' => $facts['operatingsystemmajrelease'] ? {\n '6' => 'mod_authz_ldap',\n default => 'mod_ldap',\n },\n 'authnz_pam' => 'mod_authnz_pam',\n 'fastcgi' => $facts['operatingsystemmajrelease'] ? {\n '5' => 'mod_fastcgi',\n '6' => 'mod_fastcgi',\n default => undef,\n },\n 'fcgid' => 'mod_fcgid',\n 'geoip' => 'mod_geoip',\n 'intercept_form_submit' => 'mod_intercept_form_submit',\n 'ldap' => $facts['operatingsystemmajrelease'] ? {\n '5' => undef,\n '6' => undef,\n default => 'mod_ldap',\n },\n 'lookup_identity' => 'mod_lookup_identity',\n 'md' => 'mod_md',\n 'pagespeed' => 'mod-pagespeed-stable',\n # NOTE: The passenger module isn't available on RH/CentOS without\n # providing dependency packages provided by EPEL and passenger\n # repositories. See\n # https://www.phusionpassenger.com/library/install/apache/install/oss/el7/\n 'passenger' => 'mod_passenger',\n 'perl' => 'mod_perl',\n 'php5' => $facts['operatingsystemmajrelease'] ? {\n '5' => 'php53',\n default => 'php',\n },\n 'phpXXX' => 'php',\n 'proxy_html' => 'mod_proxy_html',\n 'python' => 'mod_python',\n 'security' => 'mod_security',\n # NOTE: The module for Shibboleth is not available on RH/CentOS without\n # providing dependency packages provided by Shibboleth's repositories.\n # See http://wiki.aaf.edu.au/tech-info/sp-install-guide\n 'shibboleth' => 'shibboleth',\n 'ssl' => 'mod_ssl',\n 'wsgi' => $facts['operatingsystemmajrelease'] ? {\n '6' => 'mod_wsgi', # RedHat6\n '7' => 'mod_wsgi', # RedHat7\n default => 'python3-mod_wsgi', # RedHat8+\n },\n 'dav_svn' => 'mod_dav_svn',\n 'suphp' => 'mod_suphp',\n 'xsendfile' => 'mod_xsendfile',\n 'nss' => 'mod_nss',\n 'shib2' => 'shibboleth',\n }\n $mod_libs = {\n 'nss' => 'libmodnss.so',\n 'wsgi' => $facts['operatingsystemmajrelease'] ? {\n '6' => 'mod_wsgi.so',\n '7' => 'mod_wsgi.so',\n default => 'mod_wsgi_python3.so',\n },\n }\n $conf_template = 'apache/httpd.conf.erb'\n $http_protocol_options = undef\n $keepalive = 'On'\n $keepalive_timeout = 15\n $max_keepalive_requests = 100\n $fastcgi_lib_path = undef\n $mime_support_package = 'mailcap'\n $mime_types_config = '/etc/mime.types'\n $docroot = '/var/www/html'\n $alias_icons_path = $facts['operatingsystemmajrelease'] ? {\n '6' => '/var/www/icons',\n default => '/usr/share/httpd/icons',\n }\n $error_documents_path = $facts['operatingsystemmajrelease'] ? {\n '6' => '/var/www/error',\n default => '/usr/share/httpd/error',\n }\n if $::osfamily == 'RedHat' {\n $wsgi_socket_prefix = '/var/run/wsgi'\n } else {\n $wsgi_socket_prefix = undef\n }\n $cas_cookie_path = '/var/cache/mod_auth_cas/'\n $mellon_lock_file = '/run/mod_auth_mellon/lock'\n $mellon_cache_size = 100\n $mellon_post_directory = undef\n $modsec_version = 1\n $modsec_crs_package = 'mod_security_crs'\n $modsec_crs_path = '/usr/lib/modsecurity.d'\n $modsec_dir = '/etc/httpd/modsecurity.d'\n $secpcrematchlimit = 1500\n $secpcrematchlimitrecursion = 1500\n $modsec_secruleengine = 'On'\n $modsec_default_rules = [\n 'base_rules/modsecurity_35_bad_robots.data',\n 'base_rules/modsecurity_35_scanners.data',\n 'base_rules/modsecurity_40_generic_attacks.data',\n 'base_rules/modsecurity_50_outbound.data',\n 'base_rules/modsecurity_50_outbound_malware.data',\n 'base_rules/modsecurity_crs_20_protocol_violations.conf',\n 'base_rules/modsecurity_crs_21_protocol_anomalies.conf',\n 'base_rules/modsecurity_crs_23_request_limits.conf',\n 'base_rules/modsecurity_crs_30_http_policy.conf',\n 'base_rules/modsecurity_crs_35_bad_robots.conf',\n 'base_rules/modsecurity_crs_40_generic_attacks.conf',\n 'base_rules/modsecurity_crs_41_sql_injection_attacks.conf',\n 'base_rules/modsecurity_crs_41_xss_attacks.conf',\n 'base_rules/modsecurity_crs_42_tight_security.conf',\n 'base_rules/modsecurity_crs_45_trojans.conf',\n 'base_rules/modsecurity_crs_47_common_exceptions.conf',\n 'base_rules/modsecurity_crs_49_inbound_blocking.conf',\n 'base_rules/modsecurity_crs_50_outbound.conf',\n 'base_rules/modsecurity_crs_59_outbound_blocking.conf',\n 'base_rules/modsecurity_crs_60_correlation.conf',\n ]\n $error_log = 'error_log'\n $scriptalias = '/var/www/cgi-bin'\n $access_log_file = 'access_log'\n } elsif $::osfamily == 'Debian' {\n $user = 'www-data'\n $group = 'www-data'\n $root_group = 'root'\n $apache_name = 'apache2'\n $service_name = 'apache2'\n $httpd_dir = '/etc/apache2'\n $server_root = '/etc/apache2'\n $conf_dir = $httpd_dir\n $confd_dir = \"${httpd_dir}/conf.d\"\n # Overwrite conf_enabled causes errors with Shibboleth when enabled on Ubuntu 18.04\n $conf_enabled = undef #\"${httpd_dir}/conf-enabled.d\"\n $puppet_ssl_dir = \"${httpd_dir}/puppet_ssl\"\n $mod_dir = \"${httpd_dir}/mods-available\"\n $mod_enable_dir = \"${httpd_dir}/mods-enabled\"\n $vhost_dir = \"${httpd_dir}/sites-available\"\n $vhost_enable_dir = \"${httpd_dir}/sites-enabled\"\n $conf_file = 'apache2.conf'\n $ports_file = \"${conf_dir}/ports.conf\"\n $pidfile = \"\\${APACHE_PID_FILE}\"\n $logroot = '/var/log/apache2'\n $logroot_mode = undef\n $lib_path = '/usr/lib/apache2/modules'\n $mpm_module = 'worker'\n $default_ssl_cert = '/etc/ssl/certs/ssl-cert-snakeoil.pem'\n $default_ssl_key = '/etc/ssl/private/ssl-cert-snakeoil.key'\n $ssl_sessioncache = \"\\${APACHE_RUN_DIR}/ssl_scache(512000)\"\n $suphp_addhandler = 'x-httpd-php'\n $suphp_engine = 'off'\n $suphp_configpath = '/etc/php5/apache2'\n if ($::operatingsystem == 'Ubuntu') or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemmajrelease, '11') < 0) {\n $php_version = $facts['operatingsystemmajrelease'] ? {\n '9' => '7.0', # Debian Stretch\n '16.04' => '7.0', # Ubuntu Xenial\n '10' => '7.3', # Debian Buster\n '20.04' => '7.4', # Ubuntu Foccal Fossal\n default => '7.2', # Ubuntu Bionic, Cosmic and Disco\n }\n $mod_packages = {\n 'apreq2' => 'libapache2-mod-apreq2',\n 'auth_cas' => 'libapache2-mod-auth-cas',\n 'auth_kerb' => 'libapache2-mod-auth-kerb',\n 'auth_openidc' => 'libapache2-mod-auth-openidc',\n 'auth_gssapi' => 'libapache2-mod-auth-gssapi',\n 'auth_mellon' => 'libapache2-mod-auth-mellon',\n 'authnz_pam' => 'libapache2-mod-authnz-pam',\n 'dav_svn' => 'libapache2-mod-svn',\n 'fastcgi' => 'libapache2-mod-fastcgi',\n 'fcgid' => 'libapache2-mod-fcgid',\n 'geoip' => 'libapache2-mod-geoip',\n 'intercept_form_submit' => 'libapache2-mod-intercept-form-submit',\n 'jk' => 'libapache2-mod-jk',\n 'lookup_identity' => 'libapache2-mod-lookup-identity',\n 'nss' => 'libapache2-mod-nss',\n 'pagespeed' => 'mod-pagespeed-stable',\n 'passenger' => 'libapache2-mod-passenger',\n 'perl' => 'libapache2-mod-perl2',\n 'phpXXX' => 'libapache2-mod-phpXXX',\n 'python' => 'libapache2-mod-python',\n 'rpaf' => 'libapache2-mod-rpaf',\n 'security' => 'libapache2-mod-security2',\n 'shib2' => 'libapache2-mod-shib2',\n 'wsgi' => 'libapache2-mod-wsgi',\n 'xsendfile' => 'libapache2-mod-xsendfile',\n }\n } else {\n $php_version = $facts['operatingsystemmajrelease'] ? {\n default => '7.4', # Debian Bullseye\n }\n $mod_packages = {\n 'apreq2' => 'libapache2-mod-apreq2',\n 'auth_cas' => 'libapache2-mod-auth-cas',\n 'auth_kerb' => 'libapache2-mod-auth-kerb',\n 'auth_openidc' => 'libapache2-mod-auth-openidc',\n 'auth_gssapi' => 'libapache2-mod-auth-gssapi',\n 'auth_mellon' => 'libapache2-mod-auth-mellon',\n 'authnz_pam' => 'libapache2-mod-authnz-pam',\n 'dav_svn' => 'libapache2-mod-svn',\n 'fastcgi' => 'libapache2-mod-fastcgi',\n 'fcgid' => 'libapache2-mod-fcgid',\n 'geoip' => 'libapache2-mod-geoip',\n 'intercept_form_submit' => 'libapache2-mod-intercept-form-submit',\n 'jk' => 'libapache2-mod-jk',\n 'lookup_identity' => 'libapache2-mod-lookup-identity',\n 'nss' => 'libapache2-mod-nss',\n 'pagespeed' => 'mod-pagespeed-stable',\n 'passenger' => 'libapache2-mod-passenger',\n 'perl' => 'libapache2-mod-perl2',\n 'phpXXX' => 'libapache2-mod-phpXXX',\n 'python' => 'libapache2-mod-python',\n 'rpaf' => 'libapache2-mod-rpaf',\n 'security' => 'libapache2-mod-security2',\n 'shib2' => 'libapache2-mod-shib',\n 'wsgi' => 'libapache2-mod-wsgi-py3',\n 'xsendfile' => 'libapache2-mod-xsendfile',\n }\n }\n\n $error_log = 'error.log'\n $scriptalias = '/usr/lib/cgi-bin'\n $access_log_file = 'access.log'\n if ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '19.04') < 0) or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '10') < 0) {\n $shib2_lib = 'mod_shib2.so'\n } else {\n $shib2_lib = 'mod_shib.so'\n }\n $mod_libs = {\n 'shib2' => $shib2_lib,\n }\n $conf_template = 'apache/httpd.conf.erb'\n $http_protocol_options = undef\n $keepalive = 'On'\n $keepalive_timeout = 15\n $max_keepalive_requests = 100\n $fastcgi_lib_path = '/var/lib/apache2/fastcgi'\n $mime_support_package = 'mime-support'\n $mime_types_config = '/etc/mime.types'\n $docroot = '/var/www/html'\n $cas_cookie_path = '/var/cache/apache2/mod_auth_cas/'\n $mellon_lock_file = undef\n $mellon_cache_size = undef\n $mellon_post_directory = '/var/cache/apache2/mod_auth_mellon/'\n $modsec_version = 1\n $modsec_crs_package = 'modsecurity-crs'\n $modsec_crs_path = '/usr/share/modsecurity-crs'\n $modsec_dir = '/etc/modsecurity'\n $secpcrematchlimit = 1500\n $secpcrematchlimitrecursion = 1500\n $modsec_secruleengine = 'On'\n if ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9') >= 0) or ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '18.04') >= 0) {\n $modsec_default_rules = [\n 'crawlers-user-agents.data',\n 'iis-errors.data',\n 'java-code-leakages.data',\n 'java-errors.data',\n 'lfi-os-files.data',\n 'php-config-directives.data',\n 'php-errors.data',\n 'php-function-names-933150.data',\n 'php-function-names-933151.data',\n 'php-variables.data',\n 'restricted-files.data',\n 'scanners-headers.data',\n 'scanners-urls.data',\n 'scanners-user-agents.data',\n 'scripting-user-agents.data',\n 'sql-errors.data',\n 'sql-function-names.data',\n 'unix-shell.data',\n 'windows-powershell-commands.data',\n ]\n } else {\n $modsec_default_rules = [\n 'base_rules/modsecurity_35_bad_robots.data',\n 'base_rules/modsecurity_35_scanners.data',\n 'base_rules/modsecurity_40_generic_attacks.data',\n 'base_rules/modsecurity_50_outbound.data',\n 'base_rules/modsecurity_50_outbound_malware.data',\n 'base_rules/modsecurity_crs_20_protocol_violations.conf',\n 'base_rules/modsecurity_crs_21_protocol_anomalies.conf',\n 'base_rules/modsecurity_crs_23_request_limits.conf',\n 'base_rules/modsecurity_crs_30_http_policy.conf',\n 'base_rules/modsecurity_crs_35_bad_robots.conf',\n 'base_rules/modsecurity_crs_40_generic_attacks.conf',\n 'base_rules/modsecurity_crs_41_sql_injection_attacks.conf',\n 'base_rules/modsecurity_crs_41_xss_attacks.conf',\n 'base_rules/modsecurity_crs_42_tight_security.conf',\n 'base_rules/modsecurity_crs_45_trojans.conf',\n 'base_rules/modsecurity_crs_47_common_exceptions.conf',\n 'base_rules/modsecurity_crs_49_inbound_blocking.conf',\n 'base_rules/modsecurity_crs_50_outbound.conf',\n 'base_rules/modsecurity_crs_59_outbound_blocking.conf',\n 'base_rules/modsecurity_crs_60_correlation.conf',\n ]\n }\n $alias_icons_path = '/usr/share/apache2/icons'\n $error_documents_path = '/usr/share/apache2/error'\n $dev_packages = ['libaprutil1-dev', 'libapr1-dev', 'apache2-dev']\n\n #\n # Passenger-specific settings\n #\n\n $passenger_conf_file = 'passenger.conf'\n $passenger_conf_package_file = undef\n $passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini'\n $passenger_ruby = undef\n $passenger_default_ruby = '/usr/bin/ruby'\n $wsgi_socket_prefix = undef\n } elsif $::osfamily == 'FreeBSD' {\n $user = 'www'\n $group = 'www'\n $root_group = 'wheel'\n $apache_name = 'apache24'\n $service_name = 'apache24'\n $httpd_dir = '/usr/local/etc/apache24'\n $server_root = '/usr/local'\n $conf_dir = $httpd_dir\n $confd_dir = \"${httpd_dir}/Includes\"\n $conf_enabled = undef\n $puppet_ssl_dir = \"${httpd_dir}/puppet_ssl\"\n $mod_dir = \"${httpd_dir}/Modules\"\n $mod_enable_dir = undef\n $vhost_dir = \"${httpd_dir}/Vhosts\"\n $vhost_enable_dir = undef\n $conf_file = 'httpd.conf'\n $ports_file = \"${conf_dir}/ports.conf\"\n $pidfile = '/var/run/httpd.pid'\n $logroot = '/var/log/apache24'\n $logroot_mode = undef\n $lib_path = '/usr/local/libexec/apache24'\n $mpm_module = 'prefork'\n $dev_packages = undef\n $default_ssl_cert = '/usr/local/etc/apache24/server.crt'\n $default_ssl_key = '/usr/local/etc/apache24/server.key'\n $ssl_sessioncache = '/var/run/ssl_scache(512000)'\n $passenger_conf_file = 'passenger.conf'\n $passenger_conf_package_file = undef\n $passenger_root = '/usr/local/lib/ruby/gems/2.0/gems/passenger-4.0.58'\n $passenger_ruby = '/usr/local/bin/ruby'\n $passenger_default_ruby = undef\n $suphp_addhandler = 'php5-script'\n $suphp_engine = 'off'\n $suphp_configpath = undef\n $php_version = '5'\n $mod_packages = {\n # NOTE: I list here only modules that are not included in www/apache24\n # NOTE: 'passenger' needs to enable APACHE_SUPPORT in make config\n # NOTE: 'php' needs to enable APACHE option in make config\n # NOTE: 'dav_svn' needs to enable MOD_DAV_SVN make config\n # NOTE: not sure where the shibboleth should come from\n 'auth_kerb' => 'www/mod_auth_kerb2',\n 'auth_gssapi' => 'www/mod_auth_gssapi',\n 'auth_openidc'=> 'www/mod_auth_openidc',\n 'fcgid' => 'www/mod_fcgid',\n 'passenger' => 'www/rubygem-passenger',\n 'perl' => 'www/mod_perl2',\n 'phpXXX' => 'www/mod_phpXXX',\n 'proxy_html' => 'www/mod_proxy_html',\n 'python' => 'www/mod_python3',\n 'wsgi' => 'www/mod_wsgi',\n 'dav_svn' => 'devel/subversion',\n 'xsendfile' => 'www/mod_xsendfile',\n 'rpaf' => 'www/mod_rpaf2',\n 'shib2' => 'security/shibboleth2-sp',\n }\n $mod_libs = {\n }\n $conf_template = 'apache/httpd.conf.erb'\n $http_protocol_options = undef\n $keepalive = 'On'\n $keepalive_timeout = 15\n $max_keepalive_requests = 100\n $fastcgi_lib_path = undef # TODO: revisit\n $mime_support_package = 'misc/mime-support'\n $mime_types_config = '/usr/local/etc/mime.types'\n $wsgi_socket_prefix = undef\n $docroot = '/usr/local/www/apache24/data'\n $alias_icons_path = '/usr/local/www/apache24/icons'\n $error_documents_path = '/usr/local/www/apache24/error'\n $error_log = 'httpd-error.log'\n $scriptalias = '/usr/local/www/apache24/cgi-bin'\n $access_log_file = 'httpd-access.log'\n } elsif $::osfamily == 'Gentoo' {\n $user = 'apache'\n $group = 'apache'\n $root_group = 'wheel'\n $apache_name = 'www-servers/apache'\n $service_name = 'apache2'\n $httpd_dir = '/etc/apache2'\n $server_root = '/var/www'\n $conf_dir = $httpd_dir\n $confd_dir = \"${httpd_dir}/conf.d\"\n $conf_enabled = undef\n $puppet_ssl_dir = \"${httpd_dir}/puppet_ssl\"\n $mod_dir = \"${httpd_dir}/modules.d\"\n $mod_enable_dir = undef\n $vhost_dir = \"${httpd_dir}/vhosts.d\"\n $vhost_enable_dir = undef\n $conf_file = 'httpd.conf'\n $ports_file = \"${conf_dir}/ports.conf\"\n $logroot = '/var/log/apache2'\n $logroot_mode = undef\n $lib_path = '/usr/lib/apache2/modules'\n $mpm_module = 'prefork'\n $dev_packages = undef\n $default_ssl_cert = '/etc/ssl/apache2/server.crt'\n $default_ssl_key = '/etc/ssl/apache2/server.key'\n $ssl_sessioncache = '/var/run/ssl_scache(512000)'\n $passenger_root = '/usr'\n $passenger_ruby = '/usr/bin/ruby'\n $passenger_conf_file = 'passenger.conf'\n $passenger_conf_package_file = undef\n $passenger_default_ruby = undef\n $suphp_addhandler = 'x-httpd-php'\n $suphp_engine = 'off'\n $suphp_configpath = '/etc/php5/apache2'\n $php_version = '5'\n $mod_packages = {\n # NOTE: I list here only modules that are not included in www-servers/apache\n 'auth_kerb' => 'www-apache/mod_auth_kerb',\n 'auth_gssapi' => 'www-apache/mod_auth_gssapi',\n 'authnz_external' => 'www-apache/mod_authnz_external',\n 'fcgid' => 'www-apache/mod_fcgid',\n 'passenger' => 'www-apache/passenger',\n 'perl' => 'www-apache/mod_perl',\n 'phpXXX' => 'dev-lang/php',\n 'proxy_html' => 'www-apache/mod_proxy_html',\n 'proxy_fcgi' => 'www-apache/mod_proxy_fcgi',\n 'python' => 'www-apache/mod_python',\n 'wsgi' => 'www-apache/mod_wsgi',\n 'dav_svn' => 'dev-vcs/subversion',\n 'xsendfile' => 'www-apache/mod_xsendfile',\n 'rpaf' => 'www-apache/mod_rpaf',\n 'xml2enc' => 'www-apache/mod_xml2enc',\n }\n $mod_libs = {\n }\n $conf_template = 'apache/httpd.conf.erb'\n $http_protocol_options = undef\n $keepalive = 'On'\n $keepalive_timeout = 15\n $max_keepalive_requests = 100\n $fastcgi_lib_path = undef # TODO: revisit\n $mime_support_package = 'app-misc/mime-types'\n $mime_types_config = '/etc/mime.types'\n $wsgi_socket_prefix = undef\n $docroot = '/var/www/localhost/htdocs'\n $alias_icons_path = '/usr/share/apache2/icons'\n $error_documents_path = '/usr/share/apache2/error'\n $pidfile = '/var/run/apache2.pid'\n $error_log = 'error.log'\n $scriptalias = '/var/www/localhost/cgi-bin'\n $access_log_file = 'access.log'\n } elsif $::osfamily == 'Suse' {\n $user = 'wwwrun'\n $group = 'www'\n $root_group = 'root'\n $apache_name = 'apache2'\n $service_name = 'apache2'\n $httpd_dir = '/etc/apache2'\n $server_root = '/etc/apache2'\n $conf_dir = $httpd_dir\n $confd_dir = \"${httpd_dir}/conf.d\"\n $conf_enabled = undef\n $puppet_ssl_dir = \"${httpd_dir}/puppet_ssl\"\n $mod_dir = \"${httpd_dir}/mods-available\"\n $mod_enable_dir = \"${httpd_dir}/mods-enabled\"\n $vhost_dir = \"${httpd_dir}/sites-available\"\n $vhost_enable_dir = \"${httpd_dir}/sites-enabled\"\n $conf_file = 'httpd.conf'\n $ports_file = \"${conf_dir}/ports.conf\"\n $pidfile = '/var/run/httpd2.pid'\n $logroot = '/var/log/apache2'\n $logroot_mode = undef\n $lib_path = '/usr/lib64/apache2' #changes for some modules based on mpm\n $mpm_module = 'prefork'\n if versioncmp($::operatingsystemrelease, '15') < 0 {\n $default_ssl_cert = '/etc/apache2/ssl.crt/server.crt'\n $default_ssl_key = '/etc/apache2/ssl.key/server.key'\n $php_version = '5'\n } else {\n $default_ssl_cert = '/etc/apache2/ssl.crt/default-server.crt'\n $default_ssl_key = '/etc/apache2/ssl.key/default-server.key'\n $php_version = '7'\n }\n $suphp_configpath = \"/etc/php${php_version}/apache2\"\n $ssl_sessioncache = '/var/lib/apache2/ssl_scache(512000)'\n $suphp_addhandler = 'x-httpd-php'\n $suphp_engine = 'off'\n if versioncmp($::operatingsystemrelease, '11') < 0 or versioncmp($::operatingsystemrelease, '12') >= 0 {\n $mod_packages = {\n 'auth_kerb' => 'apache2-mod_auth_kerb',\n 'auth_gssapi' => 'apache2-mod_auth_gssapi',\n 'dav_svn' => 'subversion-server',\n 'perl' => 'apache2-mod_perl',\n 'php5' => 'apache2-mod_php5',\n 'php7' => 'apache2-mod_php7',\n 'python' => 'apache2-mod_python',\n 'security' => 'apache2-mod_security2',\n 'worker' => 'apache2-worker',\n }\n } else {\n $mod_packages = {\n 'auth_kerb' => 'apache2-mod_auth_kerb',\n 'auth_gssapi' => 'apache2-mod_auth_gssapi',\n 'dav_svn' => 'subversion-server',\n 'perl' => 'apache2-mod_perl',\n 'php5' => 'apache2-mod_php53',\n 'python' => 'apache2-mod_python',\n 'security' => 'apache2-mod_security2',\n }\n }\n $mod_libs = {\n 'security' => '/usr/lib64/apache2/mod_security2.so',\n 'php53' => '/usr/lib64/apache2/mod_php5.so',\n }\n $conf_template = 'apache/httpd.conf.erb'\n $http_protocol_options = undef\n $keepalive = 'On'\n $keepalive_timeout = 15\n $max_keepalive_requests = 100\n $fastcgi_lib_path = '/var/lib/apache2/fastcgi'\n $mime_support_package = 'aaa_base'\n $mime_types_config = '/etc/mime.types'\n $docroot = '/srv/www'\n $cas_cookie_path = '/var/cache/apache2/mod_auth_cas/'\n $mellon_lock_file = undef\n $mellon_cache_size = undef\n $mellon_post_directory = undef\n $alias_icons_path = '/usr/share/apache2/icons'\n $error_documents_path = '/usr/share/apache2/error'\n $dev_packages = ['libapr-util1-devel', 'libapr1-devel', 'libcurl-devel']\n $modsec_version = 1\n $modsec_crs_package = undef\n $modsec_crs_path = undef\n $modsec_default_rules = undef\n $modsec_dir = '/etc/apache2/modsecurity'\n $secpcrematchlimit = 1500\n $secpcrematchlimitrecursion = 1500\n $modsec_secruleengine = 'On'\n $error_log = 'error.log'\n $scriptalias = '/usr/lib/cgi-bin'\n $access_log_file = 'access.log'\n\n #\n # Passenger-specific settings\n #\n\n $passenger_conf_file = 'passenger.conf'\n $passenger_conf_package_file = undef\n\n $passenger_root = '/usr/lib64/ruby/gems/1.8/gems/passenger-5.0.30'\n $passenger_ruby = '/usr/bin/ruby'\n $passenger_default_ruby = '/usr/bin/ruby'\n $wsgi_socket_prefix = undef\n } else {\n fail(\"Class['apache::params']: Unsupported osfamily: ${::osfamily}\")\n }\n\n if $::operatingsystem == 'SLES' {\n $verify_command = '/usr/sbin/apache2ctl -t'\n } elsif $::operatingsystem == 'FreeBSD' {\n $verify_command = '/usr/local/sbin/apachectl -t'\n } elsif ($apache::version::scl_httpd_version) {\n $verify_command = \"/opt/rh/${_scl_httpd_name}/root/usr/sbin/apachectl -t\"\n } else {\n $verify_command = '/usr/sbin/apachectl -t'\n }\n\n if $::osfamily == 'RedHat' and versioncmp($facts['operatingsystemmajrelease'], '8') >= 0 {\n $ssl_protocol = ['all'] # Implementations of the SSLv2 and SSLv3 protocol versions have been removed from OpenSSL (and hence mod_ssl) because these are no longer considered secure. For additional documentation https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/deploying_different_types_of_servers/setting-apache-web-server_deploying-different-types-of-servers\n } else {\n $ssl_protocol = ['all', '-SSLv2', '-SSLv3']\n }\n}"}, {"name": "apache::php", "file": "manifests/php.pp", "line": 8, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "note", "text": "This class is deprecated."}, {"tag_name": "summary", "text": "This class installs PHP for Apache."}]}, "source": "class apache::php {\n warning('apache::php is deprecated; please use apache::mod::php')\n include apache::mod::php\n}"}, {"name": "apache::proxy", "file": "manifests/proxy.pp", "line": 8, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "note", "text": "This class is deprecated."}, {"tag_name": "summary", "text": "This class enabled the proxy module for Apache."}]}, "source": "class apache::proxy {\n warning('apache::proxy is deprecated; please use apache::mod::proxy')\n include apache::mod::proxy\n}"}, {"name": "apache::python", "file": "manifests/python.pp", "line": 15, "docstring": {"text": "Parameters:\n- $php_package\n\nActions:\n - Install Apache Python package\n\nRequires:\n\nSample Usage:", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "summary", "text": "This class installs Python for Apache"}]}, "source": "class apache::python {\n warning('apache::python is deprecated; please use apache::mod::python')\n include apache::mod::python\n}"}, {"name": "apache::service", "file": "manifests/service.pp", "line": 5, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "service_name"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "service_enable"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "service_ensure"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "service_manage"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "service_restart"}, {"tag_name": "summary", "text": "Installs and configures Apache service."}]}, "defaults": {"service_name": "$apache::params::service_name", "service_enable": "true", "service_ensure": "'running'", "service_manage": "true", "service_restart": "undef"}, "source": "class apache::service (\n $service_name = $apache::params::service_name,\n Boolean $service_enable = true,\n $service_ensure = 'running',\n Boolean $service_manage = true,\n $service_restart = undef\n) {\n # The base class must be included first because parameter defaults depend on it\n if ! defined(Class['apache::params']) {\n fail('You must include the apache::params class before using any apache defined resources')\n }\n case $service_ensure {\n true, false, 'running', 'stopped': {\n $_service_ensure = $service_ensure\n }\n default: {\n $_service_ensure = undef\n }\n }\n\n $service_hasrestart = $service_restart == undef\n\n if $service_manage {\n service { 'httpd':\n ensure => $_service_ensure,\n name => $service_name,\n enable => $service_enable,\n restart => $service_restart,\n hasrestart => $service_hasrestart,\n }\n }\n}"}, {"name": "apache::ssl", "file": "manifests/ssl.pp", "line": 8, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "note", "text": "This class is deprecated."}, {"tag_name": "summary", "text": "This class installs Apache SSL capabilities"}]}, "source": "class apache::ssl {\n warning('apache::ssl is deprecated; please use apache::mod::ssl')\n include apache::mod::ssl\n}"}, {"name": "apache::version", "file": "manifests/version.pp", "line": 5, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "scl_httpd_version"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "scl_php_version"}, {"tag_name": "summary", "text": "Try to automatically detect the version by OS"}]}, "defaults": {"scl_httpd_version": "undef", "scl_php_version": "undef"}, "source": "class apache::version (\n Optional[String] $scl_httpd_version = undef,\n Optional[String] $scl_php_version = undef,\n) {\n case $::osfamily {\n 'RedHat': {\n if $scl_httpd_version {\n $default = $scl_httpd_version\n }\n elsif ($::operatingsystem == 'Amazon' and $::operatingsystemmajrelease == '2') {\n $default = '2.4'\n } elsif ($::operatingsystem == 'Fedora' and versioncmp($facts['operatingsystemmajrelease'], '18') >= 0) or ($::operatingsystem != 'Fedora' and versioncmp($facts['operatingsystemmajrelease'], '7') >= 0) {\n $default = '2.4'\n } else {\n $default = '2.2'\n }\n }\n 'Debian': {\n $default = '2.4'\n }\n 'FreeBSD': {\n $default = '2.4'\n }\n 'Gentoo': {\n $default = '2.4'\n }\n 'Suse': {\n if ($::operatingsystem == 'SLES' and versioncmp($facts['operatingsystemmajrelease'], '12') >= 0) or ($::operatingsystem == 'OpenSuSE' and versioncmp($facts['operatingsystemmajrelease'], '42') >= 0) {\n $default = '2.4'\n } else {\n $default = '2.2'\n }\n }\n default: {\n fail(\"Class['apache::version']: Unsupported osfamily: ${::osfamily}\")\n }\n }\n}"}, {"name": "apache::vhosts", "file": "manifests/vhosts.pp", "line": 21, "docstring": {"text": "host parameters or Configuring virtual hosts in the README section.", "tags": [{"tag_name": "example", "text": "class { 'apache::vhosts':\n vhosts => {\n 'custom_vhost_1' => {\n 'docroot' => '/var/www/custom_vhost_1',\n 'port' => '81',\n },\n },\n}", "name": "To create a [name-based virtual host](https://httpd.apache.org/docs/current/vhosts/name-based.html) `custom_vhost_1`"}, {"tag_name": "note", "text": "See the `apache::vhost` defined type's reference for a list of all virtual"}, {"tag_name": "param", "text": "A hash, where the key represents the name and the value represents a hash of\n`apache::vhost` defined type's parameters.", "types": ["Any"], "name": "vhosts"}, {"tag_name": "summary", "text": "Creates `apache::vhost` defined types."}]}, "defaults": {"vhosts": "{}"}, "source": "class apache::vhosts (\n $vhosts = {},\n) {\n include apache\n create_resources('apache::vhost', $vhosts)\n}"}, {"name": "mysql::backup::mysqlbackup", "file": "manifests/backup/mysqlbackup.pp", "line": 6, "inherits": "mysql::params", "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "backupuser"}, {"tag_name": "param", "text": "", "types": ["Variant[String, Sensitive[String]]"], "name": "backuppassword"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "maxallowedpacket"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "backupdir"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "backupdirmode"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "backupdirowner"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "backupdirgroup"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "backupcompress"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "backuprotate"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "backupmethod"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "backup_success_file_path"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ignore_events"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "delete_before_dump"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "backupdatabases"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "file_per_database"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "include_triggers"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "include_routines"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ensure"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "time"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "prescript"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "postscript"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "execpath"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "optional_args"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "incremental_backups"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "install_cron"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "compression_command"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "compression_extension"}, {"tag_name": "summary", "text": "Manage the mysqlbackup client."}]}, "defaults": {"backupuser": "''", "backuppassword": "''", "maxallowedpacket": "'1M'", "backupdir": "''", "backupdirmode": "'0700'", "backupdirowner": "'root'", "backupdirgroup": "$mysql::params::root_group", "backupcompress": "true", "backuprotate": "30", "backupmethod": "''", "backup_success_file_path": "undef", "ignore_events": "true", "delete_before_dump": "false", "backupdatabases": "[]", "file_per_database": "false", "include_triggers": "true", "include_routines": "false", "ensure": "'present'", "time": "['23', '5']", "prescript": "false", "postscript": "false", "execpath": "'/usr/bin:/usr/sbin:/bin:/sbin'", "optional_args": "[]", "incremental_backups": "false", "install_cron": "true", "compression_command": "undef", "compression_extension": "undef"}, "source": "class mysql::backup::mysqlbackup (\n $backupuser = '',\n Variant[String, Sensitive[String]] $backuppassword = '',\n $maxallowedpacket = '1M',\n $backupdir = '',\n $backupdirmode = '0700',\n $backupdirowner = 'root',\n $backupdirgroup = $mysql::params::root_group,\n $backupcompress = true,\n $backuprotate = 30,\n $backupmethod = '',\n $backup_success_file_path = undef,\n $ignore_events = true,\n $delete_before_dump = false,\n $backupdatabases = [],\n $file_per_database = false,\n $include_triggers = true,\n $include_routines = false,\n $ensure = 'present',\n $time = ['23', '5'],\n $prescript = false,\n $postscript = false,\n $execpath = '/usr/bin:/usr/sbin:/bin:/sbin',\n $optional_args = [],\n $incremental_backups = false,\n $install_cron = true,\n $compression_command = undef,\n $compression_extension = undef,\n) inherits mysql::params {\n $backuppassword_unsensitive = if $backuppassword =~ Sensitive {\n $backuppassword.unwrap\n } else {\n $backuppassword\n }\n mysql_user { \"${backupuser}@localhost\":\n ensure => $ensure,\n password_hash => mysql::password($backuppassword),\n require => Class['mysql::server::root_password'],\n }\n\n package { 'meb':\n ensure => $ensure,\n }\n\n # http://dev.mysql.com/doc/mysql-enterprise-backup/3.11/en/mysqlbackup.privileges.html\n mysql_grant { \"${backupuser}@localhost/*.*\":\n ensure => $ensure,\n user => \"${backupuser}@localhost\",\n table => '*.*',\n privileges => ['RELOAD', 'SUPER', 'REPLICATION CLIENT'],\n require => Mysql_user[\"${backupuser}@localhost\"],\n }\n\n mysql_grant { \"${backupuser}@localhost/mysql.backup_progress\":\n ensure => $ensure,\n user => \"${backupuser}@localhost\",\n table => 'mysql.backup_progress',\n privileges => ['CREATE', 'INSERT', 'DROP', 'UPDATE'],\n require => Mysql_user[\"${backupuser}@localhost\"],\n }\n\n mysql_grant { \"${backupuser}@localhost/mysql.backup_history\":\n ensure => $ensure,\n user => \"${backupuser}@localhost\",\n table => 'mysql.backup_history',\n privileges => ['CREATE', 'INSERT', 'SELECT', 'DROP', 'UPDATE'],\n require => Mysql_user[\"${backupuser}@localhost\"],\n }\n\n if $install_cron {\n if $::osfamily == 'RedHat' {\n ensure_packages('cronie')\n } elsif $::osfamily != 'FreeBSD' {\n ensure_packages('cron')\n }\n }\n\n cron { 'mysqlbackup-weekly':\n ensure => $ensure,\n command => 'mysqlbackup backup',\n user => 'root',\n hour => $time[0],\n minute => $time[1],\n weekday => '0',\n require => Package['meb'],\n }\n\n cron { 'mysqlbackup-daily':\n ensure => $ensure,\n command => 'mysqlbackup --incremental backup',\n user => 'root',\n hour => $time[0],\n minute => $time[1],\n weekday => '1-6',\n require => Package['meb'],\n }\n\n $default_options = {\n 'mysqlbackup' => {\n 'backup-dir' => $backupdir,\n 'with-timestamp' => true,\n 'incremental_base' => 'history:last_backup',\n 'incremental_backup_dir' => $backupdir,\n 'user' => $backupuser,\n 'password' => $backuppassword_unsensitive\n },\n }\n $options = mysql::normalise_and_deepmerge($default_options, $mysql::server::override_options)\n\n file { 'mysqlbackup-config-file':\n path => '/etc/mysql/conf.d/meb.cnf',\n content => template('mysql/meb.cnf.erb'),\n mode => '0600',\n }\n\n file { $backupdir:\n ensure => 'directory',\n mode => $backupdirmode,\n owner => $backupdirowner,\n group => $backupdirgroup,\n }\n}"}, {"name": "mysql::backup::mysqldump", "file": "manifests/backup/mysqldump.pp", "line": 5, "inherits": "mysql::params", "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "backupuser"}, {"tag_name": "param", "text": "", "types": ["Variant[String, Sensitive[String]]"], "name": "backuppassword"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "backupdir"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "maxallowedpacket"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "backupdirmode"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "backupdirowner"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "backupdirgroup"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "backupcompress"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "backuprotate"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "backupmethod"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "backup_success_file_path"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ignore_events"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "delete_before_dump"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "backupdatabases"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "file_per_database"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "include_triggers"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "include_routines"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ensure"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "time"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "prescript"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "postscript"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "execpath"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "optional_args"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "mysqlbackupdir_ensure"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "mysqlbackupdir_target"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "incremental_backups"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "install_cron"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "compression_command"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "compression_extension"}, {"tag_name": "summary", "text": "\"Provider\" for mysqldump"}]}, "defaults": {"backupuser": "''", "backuppassword": "''", "backupdir": "''", "maxallowedpacket": "'1M'", "backupdirmode": "'0700'", "backupdirowner": "'root'", "backupdirgroup": "$mysql::params::root_group", "backupcompress": "true", "backuprotate": "30", "backupmethod": "'mysqldump'", "backup_success_file_path": "undef", "ignore_events": "true", "delete_before_dump": "false", "backupdatabases": "[]", "file_per_database": "false", "include_triggers": "false", "include_routines": "false", "ensure": "'present'", "time": "['23', '5']", "prescript": "false", "postscript": "false", "execpath": "'/usr/bin:/usr/sbin:/bin:/sbin'", "optional_args": "[]", "mysqlbackupdir_ensure": "'directory'", "mysqlbackupdir_target": "undef", "incremental_backups": "false", "install_cron": "true", "compression_command": "'bzcat -zc'", "compression_extension": "'.bz2'"}, "source": "class mysql::backup::mysqldump (\n $backupuser = '',\n Variant[String, Sensitive[String]] $backuppassword = '',\n $backupdir = '',\n $maxallowedpacket = '1M',\n $backupdirmode = '0700',\n $backupdirowner = 'root',\n $backupdirgroup = $mysql::params::root_group,\n $backupcompress = true,\n $backuprotate = 30,\n $backupmethod = 'mysqldump',\n $backup_success_file_path = undef,\n $ignore_events = true,\n $delete_before_dump = false,\n $backupdatabases = [],\n $file_per_database = false,\n $include_triggers = false,\n $include_routines = false,\n $ensure = 'present',\n $time = ['23', '5'],\n $prescript = false,\n $postscript = false,\n $execpath = '/usr/bin:/usr/sbin:/bin:/sbin',\n $optional_args = [],\n $mysqlbackupdir_ensure = 'directory',\n $mysqlbackupdir_target = undef,\n $incremental_backups = false,\n $install_cron = true,\n $compression_command = 'bzcat -zc',\n $compression_extension = '.bz2'\n) inherits mysql::params {\n $backuppassword_unsensitive = if $backuppassword =~ Sensitive {\n $backuppassword.unwrap\n } else {\n $backuppassword\n }\n\n unless $::osfamily == 'FreeBSD' {\n if $backupcompress and $compression_command == 'bzcat -zc' {\n ensure_packages(['bzip2'])\n Package['bzip2'] -> File['mysqlbackup.sh']\n }\n }\n\n mysql_user { \"${backupuser}@localhost\":\n ensure => $ensure,\n password_hash => mysql::password($backuppassword),\n require => Class['mysql::server::root_password'],\n }\n\n if $include_triggers {\n $privs = ['SELECT', 'RELOAD', 'LOCK TABLES', 'SHOW VIEW', 'PROCESS', 'TRIGGER']\n } else {\n $privs = ['SELECT', 'RELOAD', 'LOCK TABLES', 'SHOW VIEW', 'PROCESS']\n }\n\n mysql_grant { \"${backupuser}@localhost/*.*\":\n ensure => $ensure,\n user => \"${backupuser}@localhost\",\n table => '*.*',\n privileges => $privs,\n require => Mysql_user[\"${backupuser}@localhost\"],\n }\n\n if $install_cron {\n if $::osfamily == 'RedHat' {\n ensure_packages('cronie')\n } elsif $::osfamily != 'FreeBSD' {\n ensure_packages('cron')\n }\n }\n\n cron { 'mysql-backup':\n ensure => $ensure,\n command => '/usr/local/sbin/mysqlbackup.sh',\n user => 'root',\n hour => $time[0],\n minute => $time[1],\n monthday => $time[2],\n month => $time[3],\n weekday => $time[4],\n require => File['mysqlbackup.sh'],\n }\n\n # TODO: use EPP instead of ERB, as EPP can handle Data of Type Sensitive without further ado\n file { 'mysqlbackup.sh':\n ensure => $ensure,\n path => '/usr/local/sbin/mysqlbackup.sh',\n mode => '0700',\n owner => 'root',\n group => $mysql::params::root_group,\n content => template('mysql/mysqlbackup.sh.erb'),\n }\n\n if $mysqlbackupdir_target {\n file { $backupdir:\n ensure => $mysqlbackupdir_ensure,\n target => $mysqlbackupdir_target,\n mode => $backupdirmode,\n owner => $backupdirowner,\n group => $backupdirgroup,\n }\n } else {\n file { $backupdir:\n ensure => $mysqlbackupdir_ensure,\n mode => $backupdirmode,\n owner => $backupdirowner,\n group => $backupdirgroup,\n }\n }\n}"}, {"name": "mysql::backup::xtrabackup", "file": "manifests/backup/xtrabackup.pp", "line": 5, "inherits": "mysql::params", "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "xtrabackup_package_name"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "backupuser"}, {"tag_name": "param", "text": "", "types": ["Optional[Variant[String, Sensitive[String]]]"], "name": "backuppassword"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "backupdir"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "maxallowedpacket"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "backupmethod"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "backupdirmode"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "backupdirowner"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "backupdirgroup"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "backupcompress"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "backuprotate"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "backupscript_template"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "backup_success_file_path"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ignore_events"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "delete_before_dump"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "backupdatabases"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "file_per_database"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "include_triggers"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "include_routines"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ensure"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "time"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "prescript"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "postscript"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "execpath"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "optional_args"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "additional_cron_args"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "incremental_backups"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "install_cron"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "compression_command"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "compression_extension"}, {"tag_name": "summary", "text": "\"Provider\" for Percona XtraBackup/MariaBackup"}]}, "defaults": {"xtrabackup_package_name": "$mysql::params::xtrabackup_package_name", "backupuser": "undef", "backuppassword": "undef", "backupdir": "''", "maxallowedpacket": "'1M'", "backupmethod": "'xtrabackup'", "backupdirmode": "'0700'", "backupdirowner": "'root'", "backupdirgroup": "$mysql::params::root_group", "backupcompress": "true", "backuprotate": "30", "backupscript_template": "'mysql/xtrabackup.sh.erb'", "backup_success_file_path": "undef", "ignore_events": "true", "delete_before_dump": "false", "backupdatabases": "[]", "file_per_database": "false", "include_triggers": "true", "include_routines": "false", "ensure": "'present'", "time": "['23', '5']", "prescript": "false", "postscript": "false", "execpath": "'/usr/bin:/usr/sbin:/bin:/sbin'", "optional_args": "[]", "additional_cron_args": "'--backup'", "incremental_backups": "true", "install_cron": "true", "compression_command": "undef", "compression_extension": "undef"}, "source": "class mysql::backup::xtrabackup (\n $xtrabackup_package_name = $mysql::params::xtrabackup_package_name,\n $backupuser = undef,\n Optional[Variant[String, Sensitive[String]]] $backuppassword = undef,\n $backupdir = '',\n $maxallowedpacket = '1M',\n $backupmethod = 'xtrabackup',\n $backupdirmode = '0700',\n $backupdirowner = 'root',\n $backupdirgroup = $mysql::params::root_group,\n $backupcompress = true,\n $backuprotate = 30,\n $backupscript_template = 'mysql/xtrabackup.sh.erb',\n $backup_success_file_path = undef,\n $ignore_events = true,\n $delete_before_dump = false,\n $backupdatabases = [],\n $file_per_database = false,\n $include_triggers = true,\n $include_routines = false,\n $ensure = 'present',\n $time = ['23', '5'],\n $prescript = false,\n $postscript = false,\n $execpath = '/usr/bin:/usr/sbin:/bin:/sbin',\n $optional_args = [],\n $additional_cron_args = '--backup',\n $incremental_backups = true,\n $install_cron = true,\n $compression_command = undef,\n $compression_extension = undef,\n) inherits mysql::params {\n ensure_packages($xtrabackup_package_name)\n\n $backuppassword_unsensitive = if $backuppassword =~ Sensitive {\n $backuppassword.unwrap\n } else {\n $backuppassword\n }\n\n if $backupuser and $backuppassword {\n mysql_user { \"${backupuser}@localhost\":\n ensure => $ensure,\n password_hash => mysql::password($backuppassword),\n require => Class['mysql::server::root_password'],\n }\n\n mysql_grant { \"${backupuser}@localhost/*.*\":\n ensure => $ensure,\n user => \"${backupuser}@localhost\",\n table => '*.*',\n privileges => ['RELOAD', 'PROCESS', 'LOCK TABLES', 'REPLICATION CLIENT'],\n require => Mysql_user[\"${backupuser}@localhost\"],\n }\n }\n\n if $install_cron {\n if $::osfamily == 'RedHat' {\n ensure_packages('cronie')\n } elsif $::osfamily != 'FreeBSD' {\n ensure_packages('cron')\n }\n }\n\n if $incremental_backups {\n # Warn if old backups are removed too soon. Incremental backups will fail\n # if the full backup is no longer available.\n if ($backuprotate.convert_to(Integer) < 7) {\n warning('The value for `backuprotate` is too low, it must be set to at least 7 days when using incremental backups.')\n }\n\n # The --target-dir uses a more predictable value for the full backup so\n # that it can easily be calculated and used in incremental backup jobs.\n # Besides that it allows to have multiple full backups.\n cron { 'xtrabackup-weekly':\n ensure => $ensure,\n command => \"/usr/local/sbin/xtrabackup.sh --target-dir=${backupdir}/$(date +\\\\%F)_full ${additional_cron_args}\",\n user => 'root',\n hour => $time[0],\n minute => $time[1],\n weekday => '0',\n require => Package[$xtrabackup_package_name],\n }\n }\n\n # Wether to use GNU or BSD date format.\n case $::osfamily {\n 'FreeBSD','OpenBSD': {\n $dateformat = '$(date -v-sun +\\\\%F)_full'\n }\n default: {\n $dateformat = '$(date -d \"last sunday\" +\\\\%F)_full'\n }\n }\n\n $daily_cron_data = ($incremental_backups) ? {\n true => {\n 'directories' => \"--incremental-basedir=${backupdir}/${dateformat} --target-dir=${backupdir}/$(date +\\\\%F_\\\\%H-\\\\%M-\\\\%S)\",\n 'weekday' => '1-6',\n },\n false => {\n 'directories' => \"--target-dir=${backupdir}/$(date +\\\\%F_\\\\%H-\\\\%M-\\\\%S)\",\n 'weekday' => '*',\n },\n }\n\n cron { 'xtrabackup-daily':\n ensure => $ensure,\n command => \"/usr/local/sbin/xtrabackup.sh ${daily_cron_data['directories']} ${additional_cron_args}\",\n user => 'root',\n hour => $time[0],\n minute => $time[1],\n weekday => $daily_cron_data['weekday'],\n require => Package[$xtrabackup_package_name],\n }\n\n file { $backupdir:\n ensure => 'directory',\n mode => $backupdirmode,\n owner => $backupdirowner,\n group => $backupdirgroup,\n }\n\n # TODO: use EPP instead of ERB, as EPP can handle Data of Type Sensitive without further ado\n file { 'xtrabackup.sh':\n ensure => $ensure,\n path => '/usr/local/sbin/xtrabackup.sh',\n mode => '0700',\n owner => 'root',\n group => $mysql::params::root_group,\n content => template($backupscript_template),\n }\n}"}, {"name": "mysql::bindings", "file": "manifests/bindings.pp", "line": 70, "inherits": "mysql::params", "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "class { 'mysql::bindings':\n ruby_enable => true,\n ruby_package_ensure => 'present',\n ruby_package_name => 'ruby-mysql-2.7.1-1mdv2007.0.sparc.rpm',\n ruby_package_provider => 'rpm',\n}", "name": "Install Ruby language bindings"}, {"tag_name": "param", "text": "Passes `install_options` array to managed package resources. You must pass the [appropriate options](https://docs.puppetlabs.com/references/latest/type.html#package-attribute-install_options) for the package manager(s).", "types": ["Any"], "name": "install_options"}, {"tag_name": "param", "text": "Specifies whether `::mysql::bindings::java` should be included. Valid values are `true`, `false`.", "types": ["Any"], "name": "java_enable"}, {"tag_name": "param", "text": "Specifies whether `mysql::bindings::perl` should be included. Valid values are `true`, `false`.", "types": ["Any"], "name": "perl_enable"}, {"tag_name": "param", "text": "Specifies whether `mysql::bindings::php` should be included. Valid values are `true`, `false`.", "types": ["Any"], "name": "php_enable"}, {"tag_name": "param", "text": "Specifies whether `mysql::bindings::python` should be included. Valid values are `true`, `false`.", "types": ["Any"], "name": "python_enable"}, {"tag_name": "param", "text": "Specifies whether `mysql::bindings::ruby` should be included. Valid values are `true`, `false`.", "types": ["Any"], "name": "ruby_enable"}, {"tag_name": "param", "text": "Specifies whether `::mysql::bindings::client_dev` should be included. Valid values are `true`', `false`.", "types": ["Any"], "name": "client_dev"}, {"tag_name": "param", "text": "Specifies whether `::mysql::bindings::daemon_dev` should be included. Valid values are `true`, `false`.", "types": ["Any"], "name": "daemon_dev"}, {"tag_name": "param", "text": "Whether the package should be present, absent, or a specific version. Valid values are 'present', 'absent', or 'x.y.z'. Only applies if `java_enable => true`.", "types": ["Any"], "name": "java_package_ensure"}, {"tag_name": "param", "text": "The name of the Java package to install. Only applies if `java_enable => true`.", "types": ["Any"], "name": "java_package_name"}, {"tag_name": "param", "text": "The provider to use to install the Java package. Only applies if `java_enable => true`.", "types": ["Any"], "name": "java_package_provider"}, {"tag_name": "param", "text": "Whether the package should be present, absent, or a specific version. Valid values are 'present', 'absent', or 'x.y.z'. Only applies if `perl_enable => true`.", "types": ["Any"], "name": "perl_package_ensure"}, {"tag_name": "param", "text": "The name of the Perl package to install. Only applies if `perl_enable => true`.", "types": ["Any"], "name": "perl_package_name"}, {"tag_name": "param", "text": "The provider to use to install the Perl package. Only applies if `perl_enable => true`.", "types": ["Any"], "name": "perl_package_provider"}, {"tag_name": "param", "text": "Whether the package should be present, absent, or a specific version. Valid values are 'present', 'absent', or 'x.y.z'. Only applies if `php_enable => true`.", "types": ["Any"], "name": "php_package_ensure"}, {"tag_name": "param", "text": "The name of the PHP package to install. Only applies if `php_enable => true`.", "types": ["Any"], "name": "php_package_name"}, {"tag_name": "param", "text": "The provider to use to install the PHP package. Only applies if `php_enable => true`.", "types": ["Any"], "name": "php_package_provider"}, {"tag_name": "param", "text": "Whether the package should be present, absent, or a specific version. Valid values are 'present', 'absent', or 'x.y.z'. Only applies if `python_enable => true`.", "types": ["Any"], "name": "python_package_ensure"}, {"tag_name": "param", "text": "The name of the Python package to install. Only applies if `python_enable => true`.", "types": ["Any"], "name": "python_package_name"}, {"tag_name": "param", "text": "The provider to use to install the Python package. Only applies if `python_enable => true`.", "types": ["Any"], "name": "python_package_provider"}, {"tag_name": "param", "text": "Whether the package should be present, absent, or a specific version. Valid values are 'present', 'absent', or 'x.y.z'. Only applies if `ruby_enable => true`.", "types": ["Any"], "name": "ruby_package_ensure"}, {"tag_name": "param", "text": "The name of the Ruby package to install. Only applies if `ruby_enable => true`.", "types": ["Any"], "name": "ruby_package_name"}, {"tag_name": "param", "text": "What provider should be used to install the package.", "types": ["Any"], "name": "ruby_package_provider"}, {"tag_name": "param", "text": "Whether the package should be present, absent, or a specific version. Valid values are 'present', 'absent', or 'x.y.z'. Only applies if `client_dev => true`.", "types": ["Any"], "name": "client_dev_package_ensure"}, {"tag_name": "param", "text": "The name of the client_dev package to install. Only applies if `client_dev => true`.", "types": ["Any"], "name": "client_dev_package_name"}, {"tag_name": "param", "text": "The provider to use to install the client_dev package. Only applies if `client_dev => true`.", "types": ["Any"], "name": "client_dev_package_provider"}, {"tag_name": "param", "text": "Whether the package should be present, absent, or a specific version. Valid values are 'present', 'absent', or 'x.y.z'. Only applies if `daemon_dev => true`.", "types": ["Any"], "name": "daemon_dev_package_ensure"}, {"tag_name": "param", "text": "The name of the daemon_dev package to install. Only applies if `daemon_dev => true`.", "types": ["Any"], "name": "daemon_dev_package_name"}, {"tag_name": "param", "text": "The provider to use to install the daemon_dev package. Only applies if `daemon_dev => true`.", "types": ["Any"], "name": "daemon_dev_package_provider"}, {"tag_name": "summary", "text": "Parent class for MySQL bindings."}]}, "defaults": {"install_options": "undef", "java_enable": "false", "perl_enable": "false", "php_enable": "false", "python_enable": "false", "ruby_enable": "false", "client_dev": "false", "daemon_dev": "false", "java_package_ensure": "$mysql::params::java_package_ensure", "java_package_name": "$mysql::params::java_package_name", "java_package_provider": "$mysql::params::java_package_provider", "perl_package_ensure": "$mysql::params::perl_package_ensure", "perl_package_name": "$mysql::params::perl_package_name", "perl_package_provider": "$mysql::params::perl_package_provider", "php_package_ensure": "$mysql::params::php_package_ensure", "php_package_name": "$mysql::params::php_package_name", "php_package_provider": "$mysql::params::php_package_provider", "python_package_ensure": "$mysql::params::python_package_ensure", "python_package_name": "$mysql::params::python_package_name", "python_package_provider": "$mysql::params::python_package_provider", "ruby_package_ensure": "$mysql::params::ruby_package_ensure", "ruby_package_name": "$mysql::params::ruby_package_name", "ruby_package_provider": "$mysql::params::ruby_package_provider", "client_dev_package_ensure": "$mysql::params::client_dev_package_ensure", "client_dev_package_name": "$mysql::params::client_dev_package_name", "client_dev_package_provider": "$mysql::params::client_dev_package_provider", "daemon_dev_package_ensure": "$mysql::params::daemon_dev_package_ensure", "daemon_dev_package_name": "$mysql::params::daemon_dev_package_name", "daemon_dev_package_provider": "$mysql::params::daemon_dev_package_provider"}, "source": "class mysql::bindings (\n $install_options = undef,\n # Boolean to determine if we should include the classes.\n $java_enable = false,\n $perl_enable = false,\n $php_enable = false,\n $python_enable = false,\n $ruby_enable = false,\n $client_dev = false,\n $daemon_dev = false,\n # Settings for the various classes.\n $java_package_ensure = $mysql::params::java_package_ensure,\n $java_package_name = $mysql::params::java_package_name,\n $java_package_provider = $mysql::params::java_package_provider,\n $perl_package_ensure = $mysql::params::perl_package_ensure,\n $perl_package_name = $mysql::params::perl_package_name,\n $perl_package_provider = $mysql::params::perl_package_provider,\n $php_package_ensure = $mysql::params::php_package_ensure,\n $php_package_name = $mysql::params::php_package_name,\n $php_package_provider = $mysql::params::php_package_provider,\n $python_package_ensure = $mysql::params::python_package_ensure,\n $python_package_name = $mysql::params::python_package_name,\n $python_package_provider = $mysql::params::python_package_provider,\n $ruby_package_ensure = $mysql::params::ruby_package_ensure,\n $ruby_package_name = $mysql::params::ruby_package_name,\n $ruby_package_provider = $mysql::params::ruby_package_provider,\n $client_dev_package_ensure = $mysql::params::client_dev_package_ensure,\n $client_dev_package_name = $mysql::params::client_dev_package_name,\n $client_dev_package_provider = $mysql::params::client_dev_package_provider,\n $daemon_dev_package_ensure = $mysql::params::daemon_dev_package_ensure,\n $daemon_dev_package_name = $mysql::params::daemon_dev_package_name,\n $daemon_dev_package_provider = $mysql::params::daemon_dev_package_provider\n) inherits mysql::params {\n case $::osfamily {\n 'Archlinux': {\n if $java_enable { fail(\"::mysql::bindings::java cannot be managed by puppet on ${::facts['os']['family']}\n as it is not in official repositories. Please disable java mysql binding.\") }\n if $perl_enable { include 'mysql::bindings::perl' }\n if $php_enable { warning(\"::mysql::bindings::php does not need to be managed by puppet on ${::facts['os']['family']}\n as it is included in mysql package by default.\") }\n if $python_enable { include 'mysql::bindings::python' }\n if $ruby_enable { fail(\"::mysql::bindings::ruby cannot be managed by puppet on %{::facts['os']['family']}\n as it is not in official repositories. Please disable ruby mysql binding.\") }\n }\n\n default: {\n if $java_enable { include 'mysql::bindings::java' }\n if $perl_enable { include 'mysql::bindings::perl' }\n if $php_enable { include 'mysql::bindings::php' }\n if $python_enable { include 'mysql::bindings::python' }\n if $ruby_enable { include 'mysql::bindings::ruby' }\n }\n }\n\n if $client_dev { include 'mysql::bindings::client_dev' }\n if $daemon_dev { include 'mysql::bindings::daemon_dev' }\n}"}, {"name": "mysql::bindings::client_dev", "file": "manifests/bindings/client_dev.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "summary", "text": "Private class for installing client development bindings"}]}, "source": "class mysql::bindings::client_dev {\n if $mysql::bindings::client_dev_package_name {\n package { 'mysql-client_dev':\n ensure => $mysql::bindings::client_dev_package_ensure,\n install_options => $mysql::bindings::install_options,\n name => $mysql::bindings::client_dev_package_name,\n provider => $mysql::bindings::client_dev_package_provider,\n }\n } else {\n warning(\"No MySQL client development package configured for ${::facts['os']['family']}.\")\n }\n}"}, {"name": "mysql::bindings::daemon_dev", "file": "manifests/bindings/daemon_dev.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "summary", "text": "Private class for installing daemon development bindings"}]}, "source": "class mysql::bindings::daemon_dev {\n if $mysql::bindings::daemon_dev_package_name {\n package { 'mysql-daemon_dev':\n ensure => $mysql::bindings::daemon_dev_package_ensure,\n install_options => $mysql::bindings::install_options,\n name => $mysql::bindings::daemon_dev_package_name,\n provider => $mysql::bindings::daemon_dev_package_provider,\n }\n } else {\n warning(\"No MySQL daemon development package configured for ${::facts['os']['family']}.\")\n }\n}"}, {"name": "mysql::bindings::java", "file": "manifests/bindings/java.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "summary", "text": "Private class for installing java language bindings."}]}, "source": "class mysql::bindings::java {\n package { 'mysql-connector-java':\n ensure => $mysql::bindings::java_package_ensure,\n install_options => $mysql::bindings::install_options,\n name => $mysql::bindings::java_package_name,\n provider => $mysql::bindings::java_package_provider,\n }\n}"}, {"name": "mysql::bindings::perl", "file": "manifests/bindings/perl.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "summary", "text": "Private class for installing perl language bindings."}]}, "source": "class mysql::bindings::perl {\n package { 'perl_mysql':\n ensure => $mysql::bindings::perl_package_ensure,\n install_options => $mysql::bindings::install_options,\n name => $mysql::bindings::perl_package_name,\n provider => $mysql::bindings::perl_package_provider,\n }\n}"}, {"name": "mysql::bindings::php", "file": "manifests/bindings/php.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "summary", "text": "Private class for installing php language bindings"}]}, "source": "class mysql::bindings::php {\n package { 'php-mysql':\n ensure => $mysql::bindings::php_package_ensure,\n install_options => $mysql::bindings::install_options,\n name => $mysql::bindings::php_package_name,\n provider => $mysql::bindings::php_package_provider,\n }\n}"}, {"name": "mysql::bindings::python", "file": "manifests/bindings/python.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "summary", "text": "Private class for installing python language bindings"}]}, "source": "class mysql::bindings::python {\n package { 'python-mysqldb':\n ensure => $mysql::bindings::python_package_ensure,\n install_options => $mysql::bindings::install_options,\n name => $mysql::bindings::python_package_name,\n provider => $mysql::bindings::python_package_provider,\n }\n}"}, {"name": "mysql::bindings::ruby", "file": "manifests/bindings/ruby.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "summary", "text": "Private class for installing ruby language bindings"}]}, "source": "class mysql::bindings::ruby {\n package { 'ruby_mysql':\n ensure => $mysql::bindings::ruby_package_ensure,\n install_options => $mysql::bindings::install_options,\n name => $mysql::bindings::ruby_package_name,\n provider => $mysql::bindings::ruby_package_provider,\n }\n}"}, {"name": "mysql::client", "file": "manifests/client.pp", "line": 22, "inherits": "mysql::params", "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "class {'::mysql::client':\n package_name => 'mysql-client',\n package_ensure => 'present',\n bindings_enable => true,\n}", "name": "Install the MySQL client"}, {"tag_name": "param", "text": "Whether to automatically install all bindings. Valid values are `true`, `false`. Default to `false`.", "types": ["Any"], "name": "bindings_enable"}, {"tag_name": "param", "text": "Array of install options for managed package resources. You must pass the appropriate options for the package manager.", "types": ["Any"], "name": "install_options"}, {"tag_name": "param", "text": "Whether the MySQL package should be present, absent, or a specific version. Valid values are 'present', 'absent', or 'x.y.z'.", "types": ["Any"], "name": "package_ensure"}, {"tag_name": "param", "text": "Whether to manage the MySQL client package. Defaults to `true`.", "types": ["Any"], "name": "package_manage"}, {"tag_name": "param", "text": "The name of the MySQL client package to install.", "types": ["Any"], "name": "package_name"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "package_provider"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "package_source"}, {"tag_name": "summary", "text": "Installs and configures the MySQL client."}]}, "defaults": {"bindings_enable": "$mysql::params::bindings_enable", "install_options": "undef", "package_ensure": "$mysql::params::client_package_ensure", "package_manage": "$mysql::params::client_package_manage", "package_name": "$mysql::params::client_package_name", "package_provider": "undef", "package_source": "undef"}, "source": "class mysql::client (\n $bindings_enable = $mysql::params::bindings_enable,\n $install_options = undef,\n $package_ensure = $mysql::params::client_package_ensure,\n $package_manage = $mysql::params::client_package_manage,\n $package_name = $mysql::params::client_package_name,\n $package_provider = undef,\n $package_source = undef,\n) inherits mysql::params {\n include 'mysql::client::install'\n\n if $bindings_enable {\n class { 'mysql::bindings':\n java_enable => true,\n perl_enable => true,\n php_enable => true,\n python_enable => true,\n ruby_enable => true,\n }\n }\n\n # Anchor pattern workaround to avoid resources of mysql::client::install to\n # \"float off\" outside mysql::client\n anchor { 'mysql::client::start': }\n -> Class['mysql::client::install']\n -> anchor { 'mysql::client::end': }\n}"}, {"name": "mysql::client::install", "file": "manifests/client/install.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "summary", "text": "Private class for MySQL client install."}]}, "source": "class mysql::client::install {\n if $mysql::client::package_manage {\n package { 'mysql_client':\n ensure => $mysql::client::package_ensure,\n install_options => $mysql::client::install_options,\n name => $mysql::client::package_name,\n provider => $mysql::client::package_provider,\n source => $mysql::client::package_source,\n }\n }\n}"}, {"name": "mysql::params", "file": "manifests/params.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "summary", "text": "Params class."}]}, "source": "class mysql::params {\n $manage_config_file = true\n $config_file_mode = '0644'\n $purge_conf_dir = false\n $restart = false\n $root_password = 'UNSET'\n $install_secret_file = '/.mysql_secret'\n $server_package_ensure = 'present'\n $server_package_manage = true\n $server_service_manage = true\n $server_service_enabled = true\n $client_package_ensure = 'present'\n $client_package_manage = true\n $create_root_user = true\n $create_root_my_cnf = true\n $create_root_login_file = false\n $login_file = undef\n $exec_path = ''\n # mysql::bindings\n $bindings_enable = false\n $java_package_ensure = 'present'\n $java_package_provider = undef\n $perl_package_ensure = 'present'\n $perl_package_provider = undef\n $php_package_ensure = 'present'\n $php_package_provider = undef\n $python_package_ensure = 'present'\n $python_package_provider = undef\n $ruby_package_ensure = 'present'\n $ruby_package_provider = undef\n $client_dev_package_ensure = 'present'\n $client_dev_package_provider = undef\n $daemon_dev_package_ensure = 'present'\n $daemon_dev_package_provider = undef\n $xtrabackup_package_name_default = 'percona-xtrabackup'\n\n case $::osfamily {\n 'RedHat': {\n case $::operatingsystem {\n 'Fedora': {\n if versioncmp($::operatingsystemrelease, '19') >= 0 or $::operatingsystemrelease == 'Rawhide' {\n $provider = 'mariadb'\n } else {\n $provider = 'mysql'\n }\n $python_package_name = 'MySQL-python'\n }\n 'Amazon': {\n if versioncmp($::operatingsystemrelease, '2') >= 0 {\n $provider = 'mariadb'\n } else {\n $provider = 'mysql'\n }\n }\n /^(RedHat|Rocky|CentOS|Scientific|OracleLinux)$/: {\n if versioncmp($::operatingsystemmajrelease, '7') >= 0 {\n $provider = 'mariadb'\n if versioncmp($::operatingsystemmajrelease, '8') >= 0 {\n $xtrabackup_package_name_override = 'percona-xtrabackup-24'\n }\n } else {\n $provider = 'mysql'\n $xtrabackup_package_name_override = 'percona-xtrabackup-20'\n }\n if versioncmp($::operatingsystemmajrelease, '8') >= 0 {\n $java_package_name = 'mariadb-java-client'\n $python_package_name = 'python3-PyMySQL'\n } else {\n $java_package_name = 'mysql-connector-java'\n $python_package_name = 'MySQL-python'\n }\n }\n default: {\n $provider = 'mysql'\n }\n }\n\n if $provider == 'mariadb' {\n $client_package_name = 'mariadb'\n $server_package_name = 'mariadb-server'\n $server_service_name = 'mariadb'\n $log_error = '/var/log/mariadb/mariadb.log'\n $config_file = '/etc/my.cnf.d/server.cnf'\n # mariadb package by default has !includedir set in my.cnf to /etc/my.cnf.d\n $includedir = undef\n $pidfile = '/var/run/mariadb/mariadb.pid'\n $daemon_dev_package_name = 'mariadb-devel'\n } else {\n $client_package_name = 'mysql'\n $server_package_name = 'mysql-server'\n $server_service_name = 'mysqld'\n $log_error = '/var/log/mysqld.log'\n $config_file = '/etc/my.cnf'\n $includedir = '/etc/my.cnf.d'\n $pidfile = '/var/run/mysqld/mysqld.pid'\n $daemon_dev_package_name = 'mysql-devel'\n }\n\n $basedir = '/usr'\n $datadir = '/var/lib/mysql'\n $root_group = 'root'\n $mysql_group = 'mysql'\n $mycnf_owner = undef\n $mycnf_group = undef\n $socket = '/var/lib/mysql/mysql.sock'\n $ssl_ca = '/etc/mysql/cacert.pem'\n $ssl_cert = '/etc/mysql/server-cert.pem'\n $ssl_key = '/etc/mysql/server-key.pem'\n $tmpdir = '/tmp'\n $managed_dirs = undef\n # mysql::bindings\n $perl_package_name = 'perl-DBD-MySQL'\n $php_package_name = 'php-mysql'\n $ruby_package_name = 'ruby-mysql'\n $client_dev_package_name = undef\n }\n\n 'Suse': {\n case $::operatingsystem {\n 'OpenSuSE': {\n $socket = '/var/run/mysql/mysql.sock'\n $log_error = '/var/log/mysql/mysqld.log'\n $pidfile = '/var/run/mysql/mysqld.pid'\n $ruby_package_name = 'rubygem-mysql'\n $client_package_name = 'mariadb-client'\n $server_package_name = 'mariadb'\n # First service start fails if this is set. Runs fine without\n # it being set, in any case. Leaving it as-is for the mysql.\n $basedir = undef\n }\n 'SLES','SLED': {\n $socket = '/run/mysql/mysql.sock'\n $log_error = '/var/log/mysqld.log'\n $pidfile = '/var/lib/mysql/mysqld.pid'\n $ruby_package_name = 'ruby-mysql'\n $client_package_name = 'mariadb-client'\n $server_package_name = 'mariadb'\n $basedir = undef\n }\n default: {\n fail(\"Unsupported platform: puppetlabs-${module_name} currently doesn\\'t support ${::operatingsystem}.\")\n }\n }\n $config_file = '/etc/my.cnf'\n $includedir = '/etc/my.cnf.d'\n $datadir = '/var/lib/mysql'\n $root_group = 'root'\n $mysql_group = 'mysql'\n $mycnf_owner = undef\n $mycnf_group = undef\n $server_service_name = 'mysql'\n $xtrabackup_package_name_override = 'xtrabackup'\n\n $ssl_ca = '/etc/mysql/cacert.pem'\n $ssl_cert = '/etc/mysql/server-cert.pem'\n $ssl_key = '/etc/mysql/server-key.pem'\n $tmpdir = '/tmp'\n $managed_dirs = undef\n # mysql::bindings\n $java_package_name = 'mysql-connector-java'\n $perl_package_name = 'perl-DBD-mysql'\n $php_package_name = 'apache2-mod_php53'\n $python_package_name = 'python-mysql'\n $client_dev_package_name = 'libmysqlclient-devel'\n $daemon_dev_package_name = 'mysql-devel'\n }\n\n 'Debian': {\n if $::operatingsystem == 'Debian' {\n $provider = 'mariadb'\n } else { # Ubuntu\n $provider = 'mysql'\n }\n if $provider == 'mariadb' {\n $client_package_name = 'mariadb-client'\n $server_package_name = 'mariadb-server'\n $server_service_name = 'mariadb'\n $client_dev_package_name = 'libmariadbclient-dev'\n $daemon_dev_package_name = 'libmariadbd-dev'\n } else {\n $client_package_name = 'mysql-client'\n $server_package_name = 'mysql-server'\n $server_service_name = 'mysql'\n $client_dev_package_name = 'libmysqlclient-dev'\n $daemon_dev_package_name = 'libmysqld-dev'\n }\n\n $basedir = '/usr'\n $config_file = '/etc/mysql/my.cnf'\n $includedir = '/etc/mysql/conf.d'\n $datadir = '/var/lib/mysql'\n $log_error = '/var/log/mysql/error.log'\n $pidfile = '/var/run/mysqld/mysqld.pid'\n $root_group = 'root'\n $mysql_group = 'adm'\n $mycnf_owner = undef\n $mycnf_group = undef\n $socket = '/var/run/mysqld/mysqld.sock'\n $ssl_ca = '/etc/mysql/cacert.pem'\n $ssl_cert = '/etc/mysql/server-cert.pem'\n $ssl_key = '/etc/mysql/server-key.pem'\n $tmpdir = '/tmp'\n $managed_dirs = ['tmpdir','basedir','datadir','innodb_data_home_dir','innodb_log_group_home_dir','innodb_undo_directory','innodb_tmpdir']\n\n # mysql::bindings\n if ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '10') >= 0) or\n ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '20.04') >= 0) {\n $java_package_name = 'libmariadb-java'\n } else {\n $java_package_name = 'libmysql-java'\n }\n $perl_package_name = 'libdbd-mysql-perl'\n if ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '16.04') >= 0) or\n ($::operatingsystem == 'Debian') {\n $php_package_name = 'php-mysql'\n } else {\n $php_package_name = 'php5-mysql'\n }\n if ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '16.04') < 0) or\n ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '20.04') >= 0) or\n ($::operatingsystem == 'Debian') {\n $xtrabackup_package_name_override = 'percona-xtrabackup-24'\n }\n if ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '20.04') >= 0) or\n ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '11') >= 0){\n $python_package_name = 'python3-mysqldb'\n } else {\n $python_package_name = 'python-mysqldb'\n }\n\n $ruby_package_name = $facts['os']['release']['major'] ? {\n '9' => 'ruby-mysql2', # stretch\n '10' => 'ruby-mysql2', # buster\n '16.04' => 'ruby-mysql', # xenial\n '18.04' => 'ruby-mysql2', # bionic\n '20.04' => 'ruby-mysql2', # focal\n default => 'libmysql-ruby',\n }\n }\n\n 'Archlinux': {\n $daemon_dev_package_name = undef\n $client_dev_package_name = undef\n $includedir = undef\n $client_package_name = 'mariadb-clients'\n $server_package_name = 'mariadb'\n $basedir = '/usr'\n $config_file = '/etc/mysql/my.cnf'\n $datadir = '/var/lib/mysql'\n $log_error = '/var/log/mysqld.log'\n $pidfile = '/var/run/mysqld/mysqld.pid'\n $root_group = 'root'\n $mysql_group = 'mysql'\n $mycnf_owner = undef\n $mycnf_group = undef\n $server_service_name = 'mysqld'\n $socket = '/var/lib/mysql/mysql.sock'\n $ssl_ca = '/etc/mysql/cacert.pem'\n $ssl_cert = '/etc/mysql/server-cert.pem'\n $ssl_key = '/etc/mysql/server-key.pem'\n $tmpdir = '/tmp'\n $managed_dirs = undef\n # mysql::bindings\n $java_package_name = 'mysql-connector-java'\n $perl_package_name = 'perl-dbd-mysql'\n $php_package_name = undef\n $python_package_name = 'mysql-python'\n $ruby_package_name = 'mysql-ruby'\n }\n\n 'Gentoo': {\n $client_package_name = 'virtual/mysql'\n $includedir = undef\n $server_package_name = 'virtual/mysql'\n $basedir = '/usr'\n $config_file = '/etc/mysql/my.cnf'\n $datadir = '/var/lib/mysql'\n $log_error = '/var/log/mysql/mysqld.err'\n $pidfile = '/run/mysqld/mysqld.pid'\n $root_group = 'root'\n $mysql_group = 'mysql'\n $mycnf_owner = undef\n $mycnf_group = undef\n $server_service_name = 'mysql'\n $socket = '/run/mysqld/mysqld.sock'\n $ssl_ca = '/etc/mysql/cacert.pem'\n $ssl_cert = '/etc/mysql/server-cert.pem'\n $ssl_key = '/etc/mysql/server-key.pem'\n $tmpdir = '/tmp'\n $managed_dirs = undef\n # mysql::bindings\n $java_package_name = 'dev-java/jdbc-mysql'\n $perl_package_name = 'dev-perl/DBD-mysql'\n $php_package_name = undef\n $python_package_name = 'dev-python/mysql-python'\n $ruby_package_name = 'dev-ruby/mysql-ruby'\n }\n\n 'FreeBSD': {\n $client_package_name = 'databases/mysql57-client'\n $server_package_name = 'databases/mysql57-server'\n $basedir = '/usr/local'\n $config_file = '/usr/local/etc/my.cnf'\n $includedir = '/usr/local/etc/my.cnf.d'\n $datadir = '/var/db/mysql'\n $log_error = '/var/log/mysqld.log'\n $pidfile = '/var/run/mysql.pid'\n $root_group = 'wheel'\n $mysql_group = 'mysql'\n $mycnf_owner = undef\n $mycnf_group = undef\n $server_service_name = 'mysql-server'\n $socket = '/var/db/mysql/mysql.sock'\n $ssl_ca = undef\n $ssl_cert = undef\n $ssl_key = undef\n $tmpdir = '/tmp'\n $managed_dirs = undef\n # mysql::bindings\n $java_package_name = 'databases/mysql-connector-java'\n $perl_package_name = 'p5-DBD-mysql'\n $php_package_name = 'php5-mysql'\n $python_package_name = 'databases/py-MySQLdb'\n $ruby_package_name = 'databases/ruby-mysql'\n # The libraries installed by these packages are included in client and server packages, no installation required.\n $client_dev_package_name = undef\n $daemon_dev_package_name = undef\n }\n\n 'OpenBSD': {\n $client_package_name = 'mariadb-client'\n $server_package_name = 'mariadb-server'\n $basedir = '/usr/local'\n $config_file = '/etc/my.cnf'\n $includedir = undef\n $datadir = '/var/mysql'\n $log_error = \"/var/mysql/${::hostname}.err\"\n $pidfile = '/var/mysql/mysql.pid'\n $root_group = 'wheel'\n $mysql_group = '_mysql'\n $mycnf_owner = undef\n $mycnf_group = undef\n $server_service_name = 'mysqld'\n $socket = '/var/run/mysql/mysql.sock'\n $ssl_ca = undef\n $ssl_cert = undef\n $ssl_key = undef\n $tmpdir = '/tmp'\n $managed_dirs = undef\n # mysql::bindings\n $java_package_name = undef\n $perl_package_name = 'p5-DBD-mysql'\n $php_package_name = 'php-mysql'\n $python_package_name = 'py-mysql'\n $ruby_package_name = 'ruby-mysql'\n # The libraries installed by these packages are included in client and server packages, no installation required.\n $client_dev_package_name = undef\n $daemon_dev_package_name = undef\n }\n\n 'Solaris': {\n $client_package_name = 'database/mysql-55/client'\n $server_package_name = 'database/mysql-55'\n $basedir = undef\n $config_file = '/etc/mysql/5.5/my.cnf'\n $datadir = '/var/mysql/5.5/data'\n $log_error = \"/var/mysql/5.5/data/${::hostname}.err\"\n $pidfile = \"/var/mysql/5.5/data/${::hostname}.pid\"\n $root_group = 'bin'\n $server_service_name = 'application/database/mysql:version_55'\n $socket = '/tmp/mysql.sock'\n $ssl_ca = undef\n $ssl_cert = undef\n $ssl_key = undef\n $tmpdir = '/tmp'\n $managed_dirs = undef\n # mysql::bindings\n $java_package_name = undef\n $perl_package_name = undef\n $php_package_name = 'web/php-53/extension/php-mysql'\n $python_package_name = 'library/python/python-mysql'\n $ruby_package_name = undef\n # The libraries installed by these packages are included in client and server packages, no installation required.\n $client_dev_package_name = undef\n $daemon_dev_package_name = undef\n }\n\n default: {\n case $::operatingsystem {\n 'Alpine': {\n $client_package_name = 'mariadb-client'\n $server_package_name = 'mariadb'\n $basedir = '/usr'\n $config_file = '/etc/mysql/my.cnf'\n $datadir = '/var/lib/mysql'\n $log_error = '/var/log/mysqld.log'\n $pidfile = '/run/mysqld/mysqld.pid'\n $root_group = 'root'\n $mysql_group = 'mysql'\n $mycnf_owner = undef\n $mycnf_group = undef\n $server_service_name = 'mariadb'\n $socket = '/run/mysqld/mysqld.sock'\n $ssl_ca = '/etc/mysql/cacert.pem'\n $ssl_cert = '/etc/mysql/server-cert.pem'\n $ssl_key = '/etc/mysql/server-key.pem'\n $tmpdir = '/tmp'\n $managed_dirs = undef\n $java_package_name = undef\n $perl_package_name = 'perl-dbd-mysql'\n $php_package_name = 'php7-mysqlnd'\n $python_package_name = 'py-mysqldb'\n $ruby_package_name = undef\n $client_dev_package_name = undef\n $daemon_dev_package_name = undef\n }\n 'Amazon': {\n $client_package_name = 'mysql'\n $server_package_name = 'mysql-server'\n $basedir = '/usr'\n $config_file = '/etc/my.cnf'\n $includedir = '/etc/my.cnf.d'\n $datadir = '/var/lib/mysql'\n $log_error = '/var/log/mysqld.log'\n $pidfile = '/var/run/mysqld/mysqld.pid'\n $root_group = 'root'\n $mysql_group = 'mysql'\n $mycnf_owner = undef\n $mycnf_group = undef\n $server_service_name = 'mysqld'\n $socket = '/var/lib/mysql/mysql.sock'\n $ssl_ca = '/etc/mysql/cacert.pem'\n $ssl_cert = '/etc/mysql/server-cert.pem'\n $ssl_key = '/etc/mysql/server-key.pem'\n $tmpdir = '/tmp'\n $managed_dirs = undef\n # mysql::bindings\n $java_package_name = 'mysql-connector-java'\n $perl_package_name = 'perl-DBD-MySQL'\n $php_package_name = 'php-mysql'\n $python_package_name = 'MySQL-python'\n $ruby_package_name = 'ruby-mysql'\n # The libraries installed by these packages are included in client and server packages, no installation required.\n $client_dev_package_name = undef\n $daemon_dev_package_name = undef\n }\n\n default: {\n fail(\"Unsupported platform: puppetlabs-${module_name} currently doesn\\'t support ${::osfamily} or ${::operatingsystem}.\")\n }\n }\n }\n }\n\n case $::operatingsystem {\n 'Ubuntu': {\n $server_service_provider = 'systemd'\n }\n 'Alpine': {\n $server_service_provider = 'rc-service'\n }\n 'FreeBSD': {\n $server_service_provider = 'freebsd'\n }\n default: {\n $server_service_provider = undef\n }\n }\n\n $default_options = {\n 'client' => {\n 'port' => '3306',\n 'socket' => $mysql::params::socket,\n },\n 'mysqld_safe' => {\n 'nice' => '0',\n 'log-error' => $mysql::params::log_error,\n 'socket' => $mysql::params::socket,\n },\n 'mysqld-5.0' => {\n 'myisam-recover' => 'BACKUP',\n },\n 'mysqld-5.1' => {\n 'myisam-recover' => 'BACKUP',\n },\n 'mysqld-5.5' => {\n 'myisam-recover' => 'BACKUP',\n 'query_cache_limit' => '1M',\n 'query_cache_size' => '16M',\n },\n 'mysqld-5.6' => {\n 'myisam-recover-options' => 'BACKUP',\n 'query_cache_limit' => '1M',\n 'query_cache_size' => '16M',\n },\n 'mysqld-5.7' => {\n 'myisam-recover-options' => 'BACKUP',\n 'query_cache_limit' => '1M',\n 'query_cache_size' => '16M',\n },\n 'mysqld' => {\n 'basedir' => $mysql::params::basedir,\n 'bind-address' => '127.0.0.1',\n 'datadir' => $mysql::params::datadir,\n 'expire_logs_days' => '10',\n 'key_buffer_size' => '16M',\n 'log-error' => $mysql::params::log_error,\n 'max_allowed_packet' => '16M',\n 'max_binlog_size' => '100M',\n 'max_connections' => '151',\n 'pid-file' => $mysql::params::pidfile,\n 'port' => '3306',\n 'skip-external-locking' => true,\n 'socket' => $mysql::params::socket,\n 'ssl' => false,\n 'ssl-ca' => $mysql::params::ssl_ca,\n 'ssl-cert' => $mysql::params::ssl_cert,\n 'ssl-key' => $mysql::params::ssl_key,\n 'ssl-disable' => false,\n 'thread_cache_size' => '8',\n 'thread_stack' => '256K',\n 'tmpdir' => $mysql::params::tmpdir,\n 'user' => 'mysql',\n },\n 'mysqldump' => {\n 'max_allowed_packet' => '16M',\n 'quick' => true,\n 'quote-names' => true,\n },\n 'isamchk' => {\n 'key_buffer_size' => '16M',\n },\n }\n\n if defined('$xtrabackup_package_name_override') {\n $xtrabackup_package_name = pick($xtrabackup_package_name_override, $xtrabackup_package_name_default)\n } else {\n $xtrabackup_package_name = $xtrabackup_package_name_default\n }\n\n ## Additional graceful failures\n if $::osfamily == 'RedHat' and $::operatingsystemmajrelease == '4' and $::operatingsystem != 'Amazon' {\n fail(\"Unsupported platform: puppetlabs-${module_name} only supports RedHat 6.0 and beyond.\")\n }\n}"}, {"name": "mysql::server", "file": "manifests/server.pp", "line": 79, "inherits": "mysql::params", "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "class { '::mysql::server':\n package_name => 'mysql-server',\n package_ensure => '5.7.1+mysql~trusty',\n root_password => 'strongpassword',\n remove_default_accounts => true,\n}", "name": "Install MySQL Server"}, {"tag_name": "param", "text": "The location, as a path, of the MySQL configuration file.", "types": ["Any"], "name": "config_file"}, {"tag_name": "param", "text": "The MySQL configuration file's permissions mode.", "types": ["Any"], "name": "config_file_mode"}, {"tag_name": "param", "text": "The location, as a path, of !includedir for custom configuration overrides.", "types": ["Any"], "name": "includedir"}, {"tag_name": "param", "text": "Passes [install_options](https://docs.puppetlabs.com/references/latest/type.html#package-attribute-install_options) array to managed package resources. You must pass the appropriate options for the specified package manager", "types": ["Any"], "name": "install_options"}, {"tag_name": "param", "text": "Path to secret file containing temporary root password.", "types": ["Any"], "name": "install_secret_file"}, {"tag_name": "param", "text": "Whether the MySQL configuration file should be managed. Valid values are `true`, `false`. Defaults to `true`.", "types": ["Any"], "name": "manage_config_file"}, {"tag_name": "param", "text": "A hash of options structured like the override_options, but not merged with the default options. Use this if you don't want your options merged with the default options.", "types": ["Mysql::Options"], "name": "options"}, {"tag_name": "param", "text": "Specifies override options to pass into MySQL. Structured like a hash in the my.cnf file: See above for usage details.", "types": ["Any"], "name": "override_options"}, {"tag_name": "param", "text": "Whether the package exists or should be a specific version. Valid values are 'present', 'absent', or 'x.y.z'. Defaults to 'present'.", "types": ["Any"], "name": "package_ensure"}, {"tag_name": "param", "text": "Whether to manage the MySQL server package. Defaults to `true`.", "types": ["Any"], "name": "package_manage"}, {"tag_name": "param", "text": "The name of the MySQL server package to install.", "types": ["Any"], "name": "package_name"}, {"tag_name": "param", "text": "Define a specific provider for package install.", "types": ["Any"], "name": "package_provider"}, {"tag_name": "param", "text": "The location of the package source (require for some package provider)", "types": ["Any"], "name": "package_source"}, {"tag_name": "param", "text": "Whether the `includedir` directory should be purged. Valid values are `true`, `false`. Defaults to `false`.", "types": ["Any"], "name": "purge_conf_dir"}, {"tag_name": "param", "text": "Specifies whether to automatically include `mysql::server::account_security`. Valid values are `true`, `false`. Defaults to `false`.", "types": ["Any"], "name": "remove_default_accounts"}, {"tag_name": "param", "text": "Whether the service should be restarted when things change. Valid values are `true`, `false`. Defaults to `false`.", "types": ["Any"], "name": "restart"}, {"tag_name": "param", "text": "The name of the group used for root. Can be a group name or a group ID. See more about the [group](https://docs.puppetlabs.com/references/latest/type.html#file-attribute-group).", "types": ["Any"], "name": "root_group"}, {"tag_name": "param", "text": "The name of the group of the MySQL daemon user. Can be a group name or a group ID. See more about the [group](https://docs.puppetlabs.com/references/latest/type.html#file-attribute-group).", "types": ["Any"], "name": "mysql_group"}, {"tag_name": "param", "text": "Name or user-id who owns the mysql-config-file.", "types": ["Any"], "name": "mycnf_owner"}, {"tag_name": "param", "text": "Name or group-id which owns the mysql-config-file.", "types": ["Any"], "name": "mycnf_group"}, {"tag_name": "param", "text": "The MySQL root password. Puppet attempts to set the root password and update `/root/.my.cnf` with it. This is required if `create_root_user` or `create_root_my_cnf` are true. If `root_password` is 'UNSET', then `create_root_user` and `create_root_my_cnf` are assumed to be false --- that is, the MySQL root user and `/root/.my.cnf` are not created. Password changes are supported; however, the old password must be set in `/root/.my.cnf`. Effectively, Puppet uses the old password, configured in `/root/my.cnf`, to set the new password in MySQL, and then updates `/root/.my.cnf` with the new password.", "types": ["Variant[String, Sensitive[String]]"], "name": "root_password"}, {"tag_name": "param", "text": "Specifies whether the service should be enabled. Valid values are `true`, `false`. Defaults to `true`.", "types": ["Any"], "name": "service_enabled"}, {"tag_name": "param", "text": "Specifies whether the service should be managed. Valid values are `true`, `false`. Defaults to `true`.", "types": ["Any"], "name": "service_manage"}, {"tag_name": "param", "text": "The name of the MySQL server service. Defaults are OS dependent, defined in 'params.pp'.", "types": ["Any"], "name": "service_name"}, {"tag_name": "param", "text": "The provider to use to manage the service. For Ubuntu, defaults to 'upstart'; otherwise, default is undefined.", "types": ["Any"], "name": "service_provider"}, {"tag_name": "param", "text": "Whether root user should be created. Valid values are `true`, `false`. Defaults to `true`. This is useful for a cluster setup with Galera. The root user has to be created only once. You can set this parameter true on one node and set it to false on the remaining nodes.", "types": ["Any"], "name": "create_root_user"}, {"tag_name": "param", "text": "Whether to create `/root/.my.cnf`. Valid values are `true`, `false`. Defaults to `true`. `create_root_my_cnf` allows creation of `/root/.my.cnf` independently of `create_root_user`. You can use this for a cluster setup with Galera where you want `/root/.my.cnf` to exist on all nodes.", "types": ["Any"], "name": "create_root_my_cnf"}, {"tag_name": "param", "text": "Optional hash of users to create, which are passed to [mysql_user](#mysql_user).", "types": ["Any"], "name": "users"}, {"tag_name": "param", "text": "Optional hash of grants, which are passed to [mysql_grant](#mysql_grant).", "types": ["Any"], "name": "grants"}, {"tag_name": "param", "text": "Optional hash of databases to create, which are passed to [mysql_database](#mysql_database).", "types": ["Any"], "name": "databases"}, {"tag_name": "param", "text": "_Deprecated_", "types": ["Any"], "name": "enabled"}, {"tag_name": "param", "text": "_Deprecated_", "types": ["Any"], "name": "manage_service"}, {"tag_name": "param", "text": "This parameter no longer does anything. It exists only for backwards compatibility. See the `root_password` parameter above for details on changing the root password.", "types": ["Any"], "name": "old_root_password"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "managed_dirs"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "create_root_login_file"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "login_file"}, {"tag_name": "summary", "text": "Installs and configures the MySQL server."}]}, "defaults": {"config_file": "$mysql::params::config_file", "config_file_mode": "$mysql::params::config_file_mode", "includedir": "$mysql::params::includedir", "install_options": "undef", "install_secret_file": "$mysql::params::install_secret_file", "manage_config_file": "$mysql::params::manage_config_file", "options": "{}", "override_options": "{}", "package_ensure": "$mysql::params::server_package_ensure", "package_manage": "$mysql::params::server_package_manage", "package_name": "$mysql::params::server_package_name", "package_provider": "undef", "package_source": "undef", "purge_conf_dir": "$mysql::params::purge_conf_dir", "remove_default_accounts": "false", "restart": "$mysql::params::restart", "root_group": "$mysql::params::root_group", "managed_dirs": "$mysql::params::managed_dirs", "mysql_group": "$mysql::params::mysql_group", "mycnf_owner": "$mysql::params::mycnf_owner", "mycnf_group": "$mysql::params::mycnf_group", "root_password": "$mysql::params::root_password", "service_enabled": "$mysql::params::server_service_enabled", "service_manage": "$mysql::params::server_service_manage", "service_name": "$mysql::params::server_service_name", "service_provider": "$mysql::params::server_service_provider", "create_root_user": "$mysql::params::create_root_user", "create_root_my_cnf": "$mysql::params::create_root_my_cnf", "create_root_login_file": "$mysql::params::create_root_login_file", "login_file": "$mysql::params::login_file", "users": "{}", "grants": "{}", "databases": "{}", "enabled": "undef", "manage_service": "undef", "old_root_password": "undef"}, "source": "class mysql::server (\n $config_file = $mysql::params::config_file,\n $config_file_mode = $mysql::params::config_file_mode,\n $includedir = $mysql::params::includedir,\n $install_options = undef,\n $install_secret_file = $mysql::params::install_secret_file,\n $manage_config_file = $mysql::params::manage_config_file,\n Mysql::Options $options = {},\n $override_options = {},\n $package_ensure = $mysql::params::server_package_ensure,\n $package_manage = $mysql::params::server_package_manage,\n $package_name = $mysql::params::server_package_name,\n $package_provider = undef,\n $package_source = undef,\n $purge_conf_dir = $mysql::params::purge_conf_dir,\n $remove_default_accounts = false,\n $restart = $mysql::params::restart,\n $root_group = $mysql::params::root_group,\n $managed_dirs = $mysql::params::managed_dirs,\n $mysql_group = $mysql::params::mysql_group,\n $mycnf_owner = $mysql::params::mycnf_owner,\n $mycnf_group = $mysql::params::mycnf_group,\n Variant[String, Sensitive[String]] $root_password = $mysql::params::root_password,\n $service_enabled = $mysql::params::server_service_enabled,\n $service_manage = $mysql::params::server_service_manage,\n $service_name = $mysql::params::server_service_name,\n $service_provider = $mysql::params::server_service_provider,\n $create_root_user = $mysql::params::create_root_user,\n $create_root_my_cnf = $mysql::params::create_root_my_cnf,\n $create_root_login_file = $mysql::params::create_root_login_file,\n $login_file = $mysql::params::login_file,\n $users = {},\n $grants = {},\n $databases = {},\n # Deprecated parameters\n $enabled = undef,\n $manage_service = undef,\n $old_root_password = undef\n) inherits mysql::params {\n # Deprecated parameters.\n if $enabled {\n crit('This parameter has been renamed to service_enabled.')\n $real_service_enabled = $enabled\n } else {\n $real_service_enabled = $service_enabled\n }\n if $manage_service {\n crit('This parameter has been renamed to service_manage.')\n $real_service_manage = $manage_service\n } else {\n $real_service_manage = $service_manage\n }\n if $old_root_password {\n warning('The `old_root_password` attribute is no longer used and will be removed in a future release.')\n }\n\n if ! empty($options) and ! empty($override_options) {\n fail('You can\\'t specify $options and $override_options simultaneously, see the README section \\'Customize server options\\'!')\n }\n\n # If override_options are set, create a merged together set of options. Rightmost hashes win over left.\n # If options are set, just use them.\n $_options = empty($options) ? {\n true => mysql::normalise_and_deepmerge($mysql::params::default_options, $override_options),\n false => $options,\n }\n\n Class['mysql::server::root_password'] -> Mysql::Db <| |>\n\n include 'mysql::server::config'\n include 'mysql::server::install'\n include 'mysql::server::managed_dirs'\n include 'mysql::server::installdb'\n include 'mysql::server::service'\n include 'mysql::server::root_password'\n include 'mysql::server::providers'\n\n if $remove_default_accounts {\n class { 'mysql::server::account_security':\n require => Anchor['mysql::server::end'],\n }\n }\n\n anchor { 'mysql::server::start': }\n anchor { 'mysql::server::end': }\n\n if $restart {\n Class['mysql::server::config']\n ~> Class['mysql::server::service']\n }\n\n Anchor['mysql::server::start']\n -> Class['mysql::server::config']\n -> Class['mysql::server::install']\n -> Class['mysql::server::managed_dirs']\n -> Class['mysql::server::installdb']\n -> Class['mysql::server::service']\n -> Class['mysql::server::root_password']\n -> Class['mysql::server::providers']\n-> Anchor['mysql::server::end'] }"}, {"name": "mysql::server::account_security", "file": "manifests/server/account_security.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "summary", "text": "Private class for ensuring localhost accounts do not exist"}]}, "source": "class mysql::server::account_security {\n mysql_user {\n ['root@127.0.0.1',\n 'root@::1',\n '@localhost',\n '@%']:\n ensure => 'absent',\n require => Anchor['mysql::server::end'],\n }\n if ($::fqdn != 'localhost.localdomain') {\n mysql_user {\n ['root@localhost.localdomain',\n '@localhost.localdomain']:\n ensure => 'absent',\n require => Anchor['mysql::server::end'],\n }\n }\n if ($::fqdn and $::fqdn != 'localhost') {\n mysql_user {\n [\"root@${::fqdn}\",\n \"@${::fqdn}\"]:\n ensure => 'absent',\n require => Anchor['mysql::server::end'],\n }\n }\n if ($::fqdn != $::hostname) {\n if ($::hostname != 'localhost') {\n mysql_user { [\"root@${::hostname}\", \"@${::hostname}\"]:\n ensure => 'absent',\n require => Anchor['mysql::server::end'],\n }\n }\n }\n mysql_database { 'test':\n ensure => 'absent',\n require => Anchor['mysql::server::end'],\n }\n}"}, {"name": "mysql::server::backup", "file": "manifests/server/backup.pp", "line": 75, "inherits": "mysql::params", "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "class { 'mysql::server':\n root_password => 'password'\n}\nclass { 'mysql::server::backup':\n backupuser => 'myuser',\n backuppassword => 'mypassword',\n backupdir => '/tmp/backups',\n}\nclass { 'mysql::server::backup':\n backupmethod => 'mariabackup',\n provider => 'xtrabackup',\n backupdir => '/tmp/backups',\n}", "name": "Create a basic MySQL backup:"}, {"tag_name": "param", "text": "MySQL user to create with backup administrator privileges.", "types": ["Any"], "name": "backupuser"}, {"tag_name": "param", "text": "Password to create for `backupuser`.", "types": ["Optional[Variant[String, Sensitive[String]]]"], "name": "backuppassword"}, {"tag_name": "param", "text": "Directory to store backup.", "types": ["Any"], "name": "backupdir"}, {"tag_name": "param", "text": "Permissions applied to the backup directory. This parameter is passed directly to the file resource.", "types": ["Any"], "name": "backupdirmode"}, {"tag_name": "param", "text": "Owner for the backup directory. This parameter is passed directly to the file resource.", "types": ["Any"], "name": "backupdirowner"}, {"tag_name": "param", "text": "Group owner for the backup directory. This parameter is passed directly to the file resource.", "types": ["Any"], "name": "backupdirgroup"}, {"tag_name": "param", "text": "Whether or not to compress the backup (when using the mysqldump or xtrabackup provider)", "types": ["Any"], "name": "backupcompress"}, {"tag_name": "param", "text": "The execution binary for backing up. ex. mysqldump, xtrabackup, mariabackup", "types": ["Any"], "name": "backupmethod"}, {"tag_name": "param", "text": "Specify a path where upon successfull backup a file should be created for checking purposes.", "types": ["Any"], "name": "backup_success_file_path"}, {"tag_name": "param", "text": "Backup rotation interval in 24 hour periods.", "types": ["Any"], "name": "backuprotate"}, {"tag_name": "param", "text": "Ignore the mysql.event table.", "types": ["Any"], "name": "ignore_events"}, {"tag_name": "param", "text": "Whether to delete old .sql files before backing up. Setting to true deletes old files before backing up, while setting to false deletes them after backup.", "types": ["Any"], "name": "delete_before_dump"}, {"tag_name": "param", "text": "Databases to backup (required if using xtrabackup provider). By default `[]` will back up all databases.", "types": ["Any"], "name": "backupdatabases"}, {"tag_name": "param", "text": "Use file per database mode creating one file per database backup.", "types": ["Any"], "name": "file_per_database"}, {"tag_name": "param", "text": "Dump stored routines (procedures and functions) from dumped databases when doing a `file_per_database` backup.", "types": ["Any"], "name": "include_routines"}, {"tag_name": "param", "text": "Dump triggers for each dumped table when doing a `file_per_database` backup.", "types": ["Any"], "name": "include_triggers"}, {"tag_name": "param", "text": "A flag to activate/deactivate incremental backups. Currently only supported by the xtrabackup provider.", "types": ["Any"], "name": "incremental_backups"}, {"tag_name": "param", "types": ["Any"], "name": "ensure"}, {"tag_name": "param", "text": "An array of two elements to set the backup time. Allows ['23', '5'] (i.e., 23:05) or ['3', '45'] (i.e., 03:45) for HH:MM times.", "types": ["Any"], "name": "time"}, {"tag_name": "param", "text": "A script that is executed before the backup begins.", "types": ["Any"], "name": "prescript"}, {"tag_name": "param", "text": "A script that is executed when the backup is finished. This could be used to sync the backup to a central store. This script can be either a single line that is directly executed or a number of lines supplied as an array. It could also be one or more externally managed (executable) files.", "types": ["Any"], "name": "postscript"}, {"tag_name": "param", "text": "Allows you to set a custom PATH should your MySQL installation be non-standard places. Defaults to `/usr/bin:/usr/sbin:/bin:/sbin`.", "types": ["Any"], "name": "execpath"}, {"tag_name": "param", "text": "Sets the server backup implementation. Valid values are:", "types": ["Any"], "name": "provider"}, {"tag_name": "param", "text": "Defines the maximum SQL statement size for the backup dump script. The default value is 1MB, as this is the default MySQL Server value.", "types": ["Any"], "name": "maxallowedpacket"}, {"tag_name": "param", "text": "Specifies an array of optional arguments which should be passed through to the backup tool. (Supported by the xtrabackup and mysqldump providers.)", "types": ["Any"], "name": "optional_args"}, {"tag_name": "param", "text": "Manage installation of cron package", "types": ["Any"], "name": "install_cron"}, {"tag_name": "param", "text": "Configure the command used to compress the backup (when using the mysqldump provider). Make sure the command exists\non the target system. Packages for it are NOT automatically installed.", "types": ["Any"], "name": "compression_command"}, {"tag_name": "param", "text": "Configure the file extension for the compressed backup (when using the mysqldump provider)", "types": ["Any"], "name": "compression_extension"}, {"tag_name": "summary", "text": "Create and manage a MySQL backup."}]}, "defaults": {"backupuser": "undef", "backuppassword": "undef", "backupdir": "undef", "backupdirmode": "'0700'", "backupdirowner": "'root'", "backupdirgroup": "$mysql::params::root_group", "backupcompress": "true", "backuprotate": "30", "backupmethod": "undef", "backup_success_file_path": "'/tmp/mysqlbackup_success'", "ignore_events": "true", "delete_before_dump": "false", "backupdatabases": "[]", "file_per_database": "false", "include_routines": "false", "include_triggers": "false", "ensure": "'present'", "time": "['23', '5']", "prescript": "false", "postscript": "false", "execpath": "'/usr/bin:/usr/sbin:/bin:/sbin'", "provider": "'mysqldump'", "maxallowedpacket": "'1M'", "optional_args": "[]", "incremental_backups": "true", "install_cron": "true", "compression_command": "undef", "compression_extension": "undef"}, "source": "class mysql::server::backup (\n $backupuser = undef,\n Optional[Variant[String, Sensitive[String]]] $backuppassword = undef,\n $backupdir = undef,\n $backupdirmode = '0700',\n $backupdirowner = 'root',\n $backupdirgroup = $mysql::params::root_group,\n $backupcompress = true,\n $backuprotate = 30,\n $backupmethod = undef,\n $backup_success_file_path = '/tmp/mysqlbackup_success',\n $ignore_events = true,\n $delete_before_dump = false,\n $backupdatabases = [],\n $file_per_database = false,\n $include_routines = false,\n $include_triggers = false,\n $ensure = 'present',\n $time = ['23', '5'],\n $prescript = false,\n $postscript = false,\n $execpath = '/usr/bin:/usr/sbin:/bin:/sbin',\n $provider = 'mysqldump',\n $maxallowedpacket = '1M',\n $optional_args = [],\n $incremental_backups = true,\n $install_cron = true,\n $compression_command = undef,\n $compression_extension = undef\n) inherits mysql::params {\n if $prescript and $provider =~ /(mysqldump|mysqlbackup)/ {\n warning(\"The 'prescript' option is not currently implemented for the ${provider} backup provider.\")\n }\n\n create_resources('class', {\n \"mysql::backup::${provider}\" => {\n 'backupuser' => $backupuser,\n 'backuppassword' => $backuppassword,\n 'backupdir' => $backupdir,\n 'backupdirmode' => $backupdirmode,\n 'backupdirowner' => $backupdirowner,\n 'backupdirgroup' => $backupdirgroup,\n 'backupcompress' => $backupcompress,\n 'backuprotate' => $backuprotate,\n 'backupmethod' => $backupmethod,\n 'backup_success_file_path' => $backup_success_file_path,\n 'ignore_events' => $ignore_events,\n 'delete_before_dump' => $delete_before_dump,\n 'backupdatabases' => $backupdatabases,\n 'file_per_database' => $file_per_database,\n 'include_routines' => $include_routines,\n 'include_triggers' => $include_triggers,\n 'ensure' => $ensure,\n 'time' => $time,\n 'prescript' => $prescript,\n 'postscript' => $postscript,\n 'execpath' => $execpath,\n 'maxallowedpacket' => $maxallowedpacket,\n 'optional_args' => $optional_args,\n 'incremental_backups' => $incremental_backups,\n 'install_cron' => $install_cron,\n 'compression_command' => $compression_command,\n 'compression_extension' => $compression_extension,\n }\n })\n}"}, {"name": "mysql::server::config", "file": "manifests/server/config.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "summary", "text": "Private class for MySQL server configuration."}]}, "source": "class mysql::server::config {\n $options = $mysql::server::_options\n $includedir = $mysql::server::includedir\n $managed_dirs = $mysql::server::managed_dirs\n\n File {\n owner => 'root',\n group => $mysql::server::root_group,\n mode => '0400',\n }\n\n if $includedir and $includedir != '' {\n file { $includedir:\n ensure => directory,\n mode => '0755',\n recurse => $mysql::server::purge_conf_dir,\n purge => $mysql::server::purge_conf_dir,\n }\n\n # on some systems this is /etc/my.cnf.d, while Debian has /etc/mysql/conf.d and FreeBSD something in /usr/local. For the latter systems,\n # managing this basedir is also required, to have it available before the package is installed.\n $includeparentdir = dirname($includedir)\n if $includeparentdir != '/' and $includeparentdir != '/etc' {\n file { $includeparentdir:\n ensure => directory,\n mode => '0755',\n }\n }\n }\n\n #Debian: Creating world readable directories before installing.\n case $::operatingsystem {\n 'Debian': {\n if $managed_dirs {\n $managed_dirs.each | $entry | {\n $dir = $options['mysqld'][\"${entry}\"]\n if ( $dir and $dir != '/usr' and $dir != '/tmp' ) {\n exec { \"${entry}-managed_dir-mkdir\":\n command => \"/bin/mkdir -p ${dir}\",\n unless => \"/usr/bin/dpkg -s ${mysql::server::package_name}\",\n notify => Exec[\"${entry}-managed_dir-chmod\"],\n }\n exec { \"${entry}-managed_dir-chmod\":\n command => \"/bin/chmod 777 ${dir}\",\n refreshonly => true,\n }\n }\n }\n }\n }\n default: {}\n }\n\n if $mysql::server::manage_config_file {\n file { 'mysql-config-file':\n path => $mysql::server::config_file,\n content => template('mysql/my.cnf.erb'),\n mode => $mysql::server::config_file_mode,\n owner => $mysql::server::mycnf_owner,\n group => $mysql::server::mycnf_group,\n selinux_ignore_defaults => true,\n }\n\n # on mariadb systems, $includedir is not defined, but /etc/my.cnf.d has\n # to be managed to place the server.cnf there\n $configparentdir = dirname($mysql::server::config_file)\n # Before setting $configparentdir we first check to make sure that it's value is valid\n if $configparentdir != '/' and $configparentdir != '/etc' {\n # We then check that the value of $includedir is either undefined or that different from $configparentdir\n # We first check that it is undefined due to dirname throwing an error when given undef/empty strings\n if $includedir == undef or $includedir == '' or\n ($configparentdir != $includedir and $configparentdir != dirname($includedir)) {\n file { $configparentdir:\n ensure => directory,\n mode => '0755',\n }\n }\n }\n }\n\n if $options['mysqld']['ssl-disable'] {\n notify { 'ssl-disable':\n message => 'Disabling SSL is evil! You should never ever do this except\n if you are forced to use a mysql version compiled without SSL support',\n }\n }\n}"}, {"name": "mysql::server::install", "file": "manifests/server/install.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "summary", "text": "Private class for managing MySQL package."}]}, "source": "class mysql::server::install {\n if $mysql::server::package_manage {\n package { 'mysql-server':\n ensure => $mysql::server::package_ensure,\n install_options => $mysql::server::install_options,\n name => $mysql::server::package_name,\n provider => $mysql::server::package_provider,\n source => $mysql::server::package_source,\n }\n }\n}"}, {"name": "mysql::server::installdb", "file": "manifests/server/installdb.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "summary", "text": "Builds initial databases on installation."}]}, "source": "class mysql::server::installdb {\n $options = $mysql::server::_options\n\n if $mysql::server::package_manage {\n # Build the initial databases.\n $mysqluser = $mysql::server::_options['mysqld']['user']\n $datadir = $mysql::server::_options['mysqld']['datadir']\n $basedir = $mysql::server::_options['mysqld']['basedir']\n $config_file = $mysql::server::config_file\n $log_error = $mysql::server::_options['mysqld']['log-error']\n\n if $mysql::server::manage_config_file and $config_file != $mysql::params::config_file {\n $_config_file=$config_file\n } else {\n $_config_file=undef\n }\n\n if $options['mysqld']['log-error'] {\n file { $options['mysqld']['log-error']:\n ensure => file,\n owner => $mysqluser,\n group => $mysql::server::mysql_group,\n mode => 'u+rw',\n before => Mysql_datadir[$datadir],\n }\n }\n\n mysql_datadir { $datadir:\n ensure => 'present',\n datadir => $datadir,\n basedir => $basedir,\n user => $mysqluser,\n log_error => $log_error,\n defaults_extra_file => $_config_file,\n }\n\n if $mysql::server::restart {\n Mysql_datadir[$datadir] {\n notify => Class['mysql::server::service'],\n }\n }\n }\n}"}, {"name": "mysql::server::managed_dirs", "file": "manifests/server/managed_dirs.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "summary", "text": "Binary log configuration requires the mysql user to be present. This must be done after package install."}]}, "source": "class mysql::server::managed_dirs {\n $options = $mysql::server::_options\n $includedir = $mysql::server::includedir\n $managed_dirs = $mysql::server::managed_dirs\n\n #Debian: Fix permission on directories\n if $managed_dirs {\n $managed_dirs_path = $managed_dirs.map |$path| { $options['mysqld'][\"${path}\"] }\n $managed_dirs.each | $entry | {\n $dir = $options['mysqld'][\"${entry}\"]\n if ( $dir and $dir != '/usr' and $dir != '/tmp' ) {\n file { \"${entry}-managed_dir\":\n ensure => directory,\n path => $dir,\n mode => '0700',\n owner => $options['mysqld']['user'],\n group => $options['mysqld']['user'],\n }\n }\n }\n } else {\n $managed_dirs_path = []\n }\n\n $logbin = pick($options['mysqld']['log-bin'], $options['mysqld']['log_bin'], false)\n\n if $logbin {\n $logbindir = dirname($logbin)\n\n #Stop puppet from managing directory if just a filename/prefix is specified or is not already managed\n if (!($logbindir == '.' or $logbindir in $managed_dirs_path)) {\n file { $logbindir:\n ensure => directory,\n mode => '0700',\n owner => $options['mysqld']['user'],\n group => $options['mysqld']['user'],\n }\n }\n }\n}"}, {"name": "mysql::server::providers", "file": "manifests/server/providers.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "summary", "text": "Convenience class to call each of the three providers with the corresponding hashes provided in mysql::server."}]}, "source": "class mysql::server::providers {\n create_resources('mysql_user', $mysql::server::users)\n create_resources('mysql_grant', $mysql::server::grants)\n create_resources('mysql_database', $mysql::server::databases)\n}"}, {"name": "mysql::server::root_password", "file": "manifests/server/root_password.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "summary", "text": "Private class for managing the root password"}]}, "source": "class mysql::server::root_password {\n if $mysql::server::root_password =~ Sensitive {\n $root_password = $mysql::server::root_password.unwrap\n } else {\n $root_password = $mysql::server::root_password\n }\n if $root_password == 'UNSET' {\n $root_password_set = false\n } else {\n $root_password_set = true\n }\n\n $options = $mysql::server::_options\n $secret_file = $mysql::server::install_secret_file\n $login_file = $mysql::server::login_file\n\n # New installations of MySQL will configure a default random password for the root user\n # with an expiration. No actions can be performed until this password is changed. The\n # below exec will remove this default password. If the user has supplied a root\n # password it will be set further down with the mysql_user resource.\n $rm_pass_cmd = join([\n \"mysqladmin -u root --password=\\$(grep -o '[^ ]\\\\+\\$' ${secret_file}) password ''\",\n \"rm -f ${secret_file}\",\n ], ' && ')\n exec { 'remove install pass':\n command => $rm_pass_cmd,\n onlyif => \"test -f ${secret_file}\",\n path => '/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin',\n }\n\n # manage root password if it is set\n if $mysql::server::create_root_user and $root_password_set {\n mysql_user { 'root@localhost':\n ensure => present,\n password_hash => mysql::password($mysql::server::root_password),\n require => Exec['remove install pass'],\n }\n }\n\n if $mysql::server::create_root_my_cnf and $root_password_set {\n # TODO: use EPP instead of ERB, as EPP can handle Data of Type Sensitive without further ado\n file { \"${::root_home}/.my.cnf\":\n content => template('mysql/my.cnf.pass.erb'),\n owner => 'root',\n mode => '0600',\n }\n\n # show_diff was added with puppet 3.0\n if versioncmp($::puppetversion, '3.0') >= 0 {\n File[\"${::root_home}/.my.cnf\"] { show_diff => false }\n }\n if $mysql::server::create_root_user {\n Mysql_user['root@localhost'] -> File[\"${::root_home}/.my.cnf\"]\n }\n }\n\n if $mysql::server::create_root_login_file and $root_password_set {\n file { \"${::root_home}/.mylogin.cnf\":\n source => $login_file,\n owner => 'root',\n mode => '0600',\n }\n }\n}"}, {"name": "mysql::server::service", "file": "manifests/server/service.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "summary", "text": "Private class for managing the MySQL service"}]}, "source": "class mysql::server::service {\n $options = $mysql::server::_options\n\n if $mysql::server::real_service_manage {\n if $mysql::server::real_service_enabled {\n $service_ensure = 'running'\n } else {\n $service_ensure = 'stopped'\n }\n } else {\n $service_ensure = undef\n }\n\n if $mysql::server::override_options and $mysql::server::override_options['mysqld']\n and $mysql::server::override_options['mysqld']['user'] {\n $mysqluser = $mysql::server::override_options['mysqld']['user']\n } else {\n $mysqluser = $options['mysqld']['user']\n }\n\n if $mysql::server::real_service_manage {\n service { 'mysqld':\n ensure => $service_ensure,\n name => $mysql::server::service_name,\n enable => $mysql::server::real_service_enabled,\n provider => $mysql::server::service_provider,\n }\n\n # only establish ordering between service and package if\n # we're managing the package.\n if $mysql::server::package_manage {\n Service['mysqld'] {\n require => Package['mysql-server'],\n }\n }\n\n # only establish ordering between config file and service if\n # we're managing the config file.\n if $mysql::server::manage_config_file {\n File['mysql-config-file'] -> Service['mysqld']\n }\n\n if $mysql::server::override_options and $mysql::server::override_options['mysqld']\n and $mysql::server::override_options['mysqld']['socket'] {\n $mysqlsocket = $mysql::server::override_options['mysqld']['socket']\n } else {\n $mysqlsocket = $options['mysqld']['socket']\n }\n\n if $service_ensure != 'stopped' {\n exec { 'wait_for_mysql_socket_to_open':\n command => \"test -S ${mysqlsocket}\",\n unless => \"test -S ${mysqlsocket}\",\n tries => '3',\n try_sleep => '10',\n require => Service['mysqld'],\n path => '/bin:/usr/bin',\n }\n }\n }\n}"}, {"name": "puppetdb", "file": "manifests/init.pp", "line": 3, "inherits": "puppetdb::params", "docstring": {"text": "All in one class for setting up a PuppetDB instance. See README.md for more\ndetails.", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "listen_address"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "listen_port"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "disable_cleartext"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "open_listen_port"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ssl_listen_address"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ssl_listen_port"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "disable_ssl"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "open_ssl_listen_port"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ssl_dir"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ssl_set_cert_paths"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ssl_cert_path"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ssl_key_path"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ssl_key_pk8_path"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ssl_ca_cert_path"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ssl_deploy_certs"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ssl_key"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ssl_cert"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ssl_ca_cert"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ssl_protocols"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "postgresql_ssl_on"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "postgresql_ssl_folder"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "postgresql_ssl_cert_path"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "postgresql_ssl_key_path"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "postgresql_ssl_ca_cert_path"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "cipher_suites"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "migrate"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "manage_dbserver"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "manage_database"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "manage_package_repo"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "postgres_version"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database_host"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database_port"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database_username"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database_password"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database_name"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "manage_db_password"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "jdbc_ssl_properties"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database_listen_address"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database_validate"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database_embedded_path"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "node_ttl"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "node_purge_ttl"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "report_ttl"}, {"tag_name": "param", "text": "", "types": ["Optional[Array]"], "name": "facts_blacklist"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "gc_interval"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "node_purge_gc_batch_limit"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "log_slow_statements"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "conn_max_age"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "conn_keep_alive"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "conn_lifetime"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "puppetdb_package"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "puppetdb_service"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "puppetdb_service_status"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "puppetdb_user"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "puppetdb_group"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "puppetdb_server"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "read_database"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "read_database_host"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "read_database_port"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "read_database_username"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "read_database_password"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "read_database_name"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "manage_read_db_password"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "read_database_jdbc_ssl_properties"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "read_database_validate"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "read_log_slow_statements"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "read_conn_max_age"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "read_conn_keep_alive"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "read_conn_lifetime"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "confdir"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "vardir"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "manage_firewall"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "java_args"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "merge_default_java_args"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "max_threads"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "command_threads"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "concurrent_writes"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "store_usage"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "temp_usage"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "disable_update_checking"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "certificate_whitelist_file"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "certificate_whitelist"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database_max_pool_size"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "read_database_max_pool_size"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "automatic_dlo_cleanup"}, {"tag_name": "param", "text": "", "types": ["String[1]"], "name": "cleanup_timer_interval"}, {"tag_name": "param", "text": "", "types": ["Integer[1]"], "name": "dlo_max_age"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::Absolutepath]"], "name": "java_bin"}]}, "defaults": {"listen_address": "$puppetdb::params::listen_address", "listen_port": "$puppetdb::params::listen_port", "disable_cleartext": "$puppetdb::params::disable_cleartext", "open_listen_port": "$puppetdb::params::open_listen_port", "ssl_listen_address": "$puppetdb::params::ssl_listen_address", "ssl_listen_port": "$puppetdb::params::ssl_listen_port", "disable_ssl": "$puppetdb::params::disable_ssl", "open_ssl_listen_port": "$puppetdb::params::open_ssl_listen_port", "ssl_dir": "$puppetdb::params::ssl_dir", "ssl_set_cert_paths": "$puppetdb::params::ssl_set_cert_paths", "ssl_cert_path": "$puppetdb::params::ssl_cert_path", "ssl_key_path": "$puppetdb::params::ssl_key_path", "ssl_key_pk8_path": "$puppetdb::params::ssl_key_pk8_path", "ssl_ca_cert_path": "$puppetdb::params::ssl_ca_cert_path", "ssl_deploy_certs": "$puppetdb::params::ssl_deploy_certs", "ssl_key": "$puppetdb::params::ssl_key", "ssl_cert": "$puppetdb::params::ssl_cert", "ssl_ca_cert": "$puppetdb::params::ssl_ca_cert", "ssl_protocols": "$puppetdb::params::ssl_protocols", "postgresql_ssl_on": "$puppetdb::params::postgresql_ssl_on", "postgresql_ssl_folder": "$puppetdb::params::postgresql_ssl_folder", "postgresql_ssl_cert_path": "$puppetdb::params::postgresql_ssl_cert_path", "postgresql_ssl_key_path": "$puppetdb::params::postgresql_ssl_key_path", "postgresql_ssl_ca_cert_path": "$puppetdb::params::postgresql_ssl_ca_cert_path", "cipher_suites": "$puppetdb::params::cipher_suites", "migrate": "$puppetdb::params::migrate", "manage_dbserver": "$puppetdb::params::manage_dbserver", "manage_database": "$puppetdb::params::manage_database", "manage_package_repo": "$puppetdb::params::manage_pg_repo", "postgres_version": "$puppetdb::params::postgres_version", "database": "$puppetdb::params::database", "database_host": "$puppetdb::params::database_host", "database_port": "$puppetdb::params::database_port", "database_username": "$puppetdb::params::database_username", "database_password": "$puppetdb::params::database_password", "database_name": "$puppetdb::params::database_name", "manage_db_password": "$puppetdb::params::manage_db_password", "jdbc_ssl_properties": "$puppetdb::params::jdbc_ssl_properties", "database_listen_address": "$puppetdb::params::postgres_listen_addresses", "database_validate": "$puppetdb::params::database_validate", "database_embedded_path": "$puppetdb::params::database_embedded_path", "node_ttl": "$puppetdb::params::node_ttl", "node_purge_ttl": "$puppetdb::params::node_purge_ttl", "report_ttl": "$puppetdb::params::report_ttl", "facts_blacklist": "$puppetdb::params::facts_blacklist", "gc_interval": "$puppetdb::params::gc_interval", "node_purge_gc_batch_limit": "$puppetdb::params::node_purge_gc_batch_limit", "log_slow_statements": "$puppetdb::params::log_slow_statements", "conn_max_age": "$puppetdb::params::conn_max_age", "conn_keep_alive": "$puppetdb::params::conn_keep_alive", "conn_lifetime": "$puppetdb::params::conn_lifetime", "puppetdb_package": "$puppetdb::params::puppetdb_package", "puppetdb_service": "$puppetdb::params::puppetdb_service", "puppetdb_service_status": "$puppetdb::params::puppetdb_service_status", "puppetdb_user": "$puppetdb::params::puppetdb_user", "puppetdb_group": "$puppetdb::params::puppetdb_group", "puppetdb_server": "$puppetdb::params::puppetdb_server", "read_database": "$puppetdb::params::read_database", "read_database_host": "$puppetdb::params::read_database_host", "read_database_port": "$puppetdb::params::read_database_port", "read_database_username": "$puppetdb::params::read_database_username", "read_database_password": "$puppetdb::params::read_database_password", "read_database_name": "$puppetdb::params::read_database_name", "manage_read_db_password": "$puppetdb::params::manage_read_db_password", "read_database_jdbc_ssl_properties": "$puppetdb::params::read_database_jdbc_ssl_properties", "read_database_validate": "$puppetdb::params::read_database_validate", "read_log_slow_statements": "$puppetdb::params::read_log_slow_statements", "read_conn_max_age": "$puppetdb::params::read_conn_max_age", "read_conn_keep_alive": "$puppetdb::params::read_conn_keep_alive", "read_conn_lifetime": "$puppetdb::params::read_conn_lifetime", "confdir": "$puppetdb::params::confdir", "vardir": "$puppetdb::params::vardir", "manage_firewall": "$puppetdb::params::manage_firewall", "java_args": "$puppetdb::params::java_args", "merge_default_java_args": "$puppetdb::params::merge_default_java_args", "max_threads": "$puppetdb::params::max_threads", "command_threads": "$puppetdb::params::command_threads", "concurrent_writes": "$puppetdb::params::concurrent_writes", "store_usage": "$puppetdb::params::store_usage", "temp_usage": "$puppetdb::params::temp_usage", "disable_update_checking": "$puppetdb::params::disable_update_checking", "certificate_whitelist_file": "$puppetdb::params::certificate_whitelist_file", "certificate_whitelist": "$puppetdb::params::certificate_whitelist", "database_max_pool_size": "$puppetdb::params::database_max_pool_size", "read_database_max_pool_size": "$puppetdb::params::read_database_max_pool_size", "automatic_dlo_cleanup": "$puppetdb::params::automatic_dlo_cleanup", "cleanup_timer_interval": "$puppetdb::params::cleanup_timer_interval", "dlo_max_age": "$puppetdb::params::dlo_max_age", "java_bin": "$puppetdb::params::java_bin"}, "source": "class puppetdb (\n $listen_address = $puppetdb::params::listen_address,\n $listen_port = $puppetdb::params::listen_port,\n $disable_cleartext = $puppetdb::params::disable_cleartext,\n $open_listen_port = $puppetdb::params::open_listen_port,\n $ssl_listen_address = $puppetdb::params::ssl_listen_address,\n $ssl_listen_port = $puppetdb::params::ssl_listen_port,\n $disable_ssl = $puppetdb::params::disable_ssl,\n $open_ssl_listen_port = $puppetdb::params::open_ssl_listen_port,\n $ssl_dir = $puppetdb::params::ssl_dir,\n $ssl_set_cert_paths = $puppetdb::params::ssl_set_cert_paths,\n $ssl_cert_path = $puppetdb::params::ssl_cert_path,\n $ssl_key_path = $puppetdb::params::ssl_key_path,\n $ssl_key_pk8_path = $puppetdb::params::ssl_key_pk8_path,\n $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path,\n $ssl_deploy_certs = $puppetdb::params::ssl_deploy_certs,\n $ssl_key = $puppetdb::params::ssl_key,\n $ssl_cert = $puppetdb::params::ssl_cert,\n $ssl_ca_cert = $puppetdb::params::ssl_ca_cert,\n $ssl_protocols = $puppetdb::params::ssl_protocols,\n $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on,\n $postgresql_ssl_folder = $puppetdb::params::postgresql_ssl_folder,\n $postgresql_ssl_cert_path = $puppetdb::params::postgresql_ssl_cert_path,\n $postgresql_ssl_key_path = $puppetdb::params::postgresql_ssl_key_path,\n $postgresql_ssl_ca_cert_path = $puppetdb::params::postgresql_ssl_ca_cert_path,\n $cipher_suites = $puppetdb::params::cipher_suites,\n $migrate = $puppetdb::params::migrate,\n $manage_dbserver = $puppetdb::params::manage_dbserver,\n $manage_database = $puppetdb::params::manage_database,\n $manage_package_repo = $puppetdb::params::manage_pg_repo,\n $postgres_version = $puppetdb::params::postgres_version,\n $database = $puppetdb::params::database,\n $database_host = $puppetdb::params::database_host,\n $database_port = $puppetdb::params::database_port,\n $database_username = $puppetdb::params::database_username,\n $database_password = $puppetdb::params::database_password,\n $database_name = $puppetdb::params::database_name,\n $manage_db_password = $puppetdb::params::manage_db_password,\n $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties,\n $database_listen_address = $puppetdb::params::postgres_listen_addresses,\n $database_validate = $puppetdb::params::database_validate,\n $database_embedded_path = $puppetdb::params::database_embedded_path,\n $node_ttl = $puppetdb::params::node_ttl,\n $node_purge_ttl = $puppetdb::params::node_purge_ttl,\n $report_ttl = $puppetdb::params::report_ttl,\n Optional[Array] $facts_blacklist = $puppetdb::params::facts_blacklist,\n $gc_interval = $puppetdb::params::gc_interval,\n $node_purge_gc_batch_limit = $puppetdb::params::node_purge_gc_batch_limit,\n $log_slow_statements = $puppetdb::params::log_slow_statements,\n $conn_max_age = $puppetdb::params::conn_max_age,\n $conn_keep_alive = $puppetdb::params::conn_keep_alive,\n $conn_lifetime = $puppetdb::params::conn_lifetime,\n $puppetdb_package = $puppetdb::params::puppetdb_package,\n $puppetdb_service = $puppetdb::params::puppetdb_service,\n $puppetdb_service_status = $puppetdb::params::puppetdb_service_status,\n $puppetdb_user = $puppetdb::params::puppetdb_user,\n $puppetdb_group = $puppetdb::params::puppetdb_group,\n $puppetdb_server = $puppetdb::params::puppetdb_server,\n $read_database = $puppetdb::params::read_database,\n $read_database_host = $puppetdb::params::read_database_host,\n $read_database_port = $puppetdb::params::read_database_port,\n $read_database_username = $puppetdb::params::read_database_username,\n $read_database_password = $puppetdb::params::read_database_password,\n $read_database_name = $puppetdb::params::read_database_name,\n $manage_read_db_password = $puppetdb::params::manage_read_db_password,\n $read_database_jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties,\n $read_database_validate = $puppetdb::params::read_database_validate,\n $read_log_slow_statements = $puppetdb::params::read_log_slow_statements,\n $read_conn_max_age = $puppetdb::params::read_conn_max_age,\n $read_conn_keep_alive = $puppetdb::params::read_conn_keep_alive,\n $read_conn_lifetime = $puppetdb::params::read_conn_lifetime,\n $confdir = $puppetdb::params::confdir,\n $vardir = $puppetdb::params::vardir,\n $manage_firewall = $puppetdb::params::manage_firewall,\n $java_args = $puppetdb::params::java_args,\n $merge_default_java_args = $puppetdb::params::merge_default_java_args,\n $max_threads = $puppetdb::params::max_threads,\n $command_threads = $puppetdb::params::command_threads,\n $concurrent_writes = $puppetdb::params::concurrent_writes,\n $store_usage = $puppetdb::params::store_usage,\n $temp_usage = $puppetdb::params::temp_usage,\n $disable_update_checking = $puppetdb::params::disable_update_checking,\n $certificate_whitelist_file = $puppetdb::params::certificate_whitelist_file,\n $certificate_whitelist = $puppetdb::params::certificate_whitelist,\n $database_max_pool_size = $puppetdb::params::database_max_pool_size,\n $read_database_max_pool_size = $puppetdb::params::read_database_max_pool_size,\n Boolean $automatic_dlo_cleanup = $puppetdb::params::automatic_dlo_cleanup,\n String[1] $cleanup_timer_interval = $puppetdb::params::cleanup_timer_interval,\n Integer[1] $dlo_max_age = $puppetdb::params::dlo_max_age,\n Optional[Stdlib::Absolutepath] $java_bin = $puppetdb::params::java_bin,\n) inherits puppetdb::params {\n\n class { '::puppetdb::server':\n listen_address => $listen_address,\n listen_port => $listen_port,\n disable_cleartext => $disable_cleartext,\n open_listen_port => $open_listen_port,\n ssl_listen_address => $ssl_listen_address,\n ssl_listen_port => $ssl_listen_port,\n disable_ssl => $disable_ssl,\n open_ssl_listen_port => $open_ssl_listen_port,\n ssl_dir => $ssl_dir,\n ssl_set_cert_paths => $ssl_set_cert_paths,\n ssl_cert_path => $ssl_cert_path,\n ssl_key_path => $ssl_key_path,\n ssl_key_pk8_path => $ssl_key_pk8_path,\n ssl_ca_cert_path => $ssl_ca_cert_path,\n ssl_deploy_certs => $ssl_deploy_certs,\n ssl_key => $ssl_key,\n ssl_cert => $ssl_cert,\n ssl_ca_cert => $ssl_ca_cert,\n ssl_protocols => $ssl_protocols,\n postgresql_ssl_on => $postgresql_ssl_on,\n cipher_suites => $cipher_suites,\n migrate => $migrate,\n database => $database,\n database_host => $database_host,\n database_port => $database_port,\n database_username => $database_username,\n database_password => $database_password,\n database_name => $database_name,\n manage_db_password => $manage_db_password,\n jdbc_ssl_properties => $jdbc_ssl_properties,\n database_validate => $database_validate,\n database_embedded_path => $database_embedded_path,\n node_ttl => $node_ttl,\n node_purge_ttl => $node_purge_ttl,\n report_ttl => $report_ttl,\n facts_blacklist => $facts_blacklist,\n gc_interval => $gc_interval,\n node_purge_gc_batch_limit => $node_purge_gc_batch_limit,\n log_slow_statements => $log_slow_statements,\n conn_max_age => $conn_max_age,\n conn_keep_alive => $conn_keep_alive,\n conn_lifetime => $conn_lifetime,\n puppetdb_package => $puppetdb_package,\n puppetdb_service => $puppetdb_service,\n puppetdb_service_status => $puppetdb_service_status,\n confdir => $confdir,\n vardir => $vardir,\n java_args => $java_args,\n merge_default_java_args => $merge_default_java_args,\n max_threads => $max_threads,\n read_database => $read_database,\n read_database_host => $read_database_host,\n read_database_port => $read_database_port,\n read_database_username => $read_database_username,\n read_database_password => $read_database_password,\n read_database_name => $read_database_name,\n manage_read_db_password => $manage_read_db_password,\n read_database_jdbc_ssl_properties => $read_database_jdbc_ssl_properties,\n read_database_validate => $read_database_validate,\n read_log_slow_statements => $read_log_slow_statements,\n read_conn_max_age => $read_conn_max_age,\n read_conn_keep_alive => $read_conn_keep_alive,\n read_conn_lifetime => $read_conn_lifetime,\n puppetdb_user => $puppetdb_user,\n puppetdb_group => $puppetdb_group,\n manage_firewall => $manage_firewall,\n manage_database => $manage_database,\n command_threads => $command_threads,\n concurrent_writes => $concurrent_writes,\n store_usage => $store_usage,\n temp_usage => $temp_usage,\n disable_update_checking => $disable_update_checking,\n certificate_whitelist_file => $certificate_whitelist_file,\n certificate_whitelist => $certificate_whitelist,\n database_max_pool_size => $database_max_pool_size,\n read_database_max_pool_size => $read_database_max_pool_size,\n automatic_dlo_cleanup => $automatic_dlo_cleanup,\n cleanup_timer_interval => $cleanup_timer_interval,\n dlo_max_age => $dlo_max_age,\n java_bin => $java_bin,\n }\n\n if ($database == 'postgres') {\n\n $database_before = str2bool($database_validate) ? {\n false => Class['::puppetdb::server'],\n default => [Class['::puppetdb::server'],\n Class['::puppetdb::server::validate_db']],\n }\n\n class { '::puppetdb::database::postgresql':\n listen_addresses => $database_listen_address,\n database_name => $database_name,\n puppetdb_server => $puppetdb_server,\n database_username => $database_username,\n database_password => $database_password,\n database_port => $database_port,\n manage_server => $manage_dbserver,\n manage_database => $manage_database,\n manage_package_repo => $manage_package_repo,\n postgres_version => $postgres_version,\n postgresql_ssl_on => $postgresql_ssl_on,\n postgresql_ssl_key_path => $postgresql_ssl_key_path,\n postgresql_ssl_cert_path => $postgresql_ssl_cert_path,\n postgresql_ssl_ca_cert_path => $postgresql_ssl_ca_cert_path,\n read_database_username => $read_database_username,\n read_database_password => $read_database_password,\n read_database_host => $read_database_host,\n before => $database_before\n }\n }\n}"}, {"name": "puppetdb::database::postgresql", "file": "manifests/database/postgresql.pp", "line": 3, "inherits": "puppetdb::params", "docstring": {"text": "Class for creating the PuppetDB postgresql database. See README.md for more\ninformation.", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "listen_addresses"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "puppetdb_server"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database_name"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database_username"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database_password"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database_port"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "manage_database"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "manage_server"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "manage_package_repo"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "postgres_version"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "postgresql_ssl_on"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "postgresql_ssl_key_path"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "postgresql_ssl_cert_path"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "postgresql_ssl_ca_cert_path"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "read_database_username"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "read_database_password"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "read_database_host"}]}, "defaults": {"listen_addresses": "$puppetdb::params::database_host", "puppetdb_server": "$puppetdb::params::puppetdb_server", "database_name": "$puppetdb::params::database_name", "database_username": "$puppetdb::params::database_username", "database_password": "$puppetdb::params::database_password", "database_port": "$puppetdb::params::database_port", "manage_database": "$puppetdb::params::manage_database", "manage_server": "$puppetdb::params::manage_dbserver", "manage_package_repo": "$puppetdb::params::manage_pg_repo", "postgres_version": "$puppetdb::params::postgres_version", "postgresql_ssl_on": "$puppetdb::params::postgresql_ssl_on", "postgresql_ssl_key_path": "$puppetdb::params::postgresql_ssl_key_path", "postgresql_ssl_cert_path": "$puppetdb::params::postgresql_ssl_cert_path", "postgresql_ssl_ca_cert_path": "$puppetdb::params::postgresql_ssl_ca_cert_path", "read_database_username": "$puppetdb::params::read_database_username", "read_database_password": "$puppetdb::params::read_database_password", "read_database_host": "$puppetdb::params::read_database_host"}, "source": "class puppetdb::database::postgresql (\n $listen_addresses = $puppetdb::params::database_host,\n $puppetdb_server = $puppetdb::params::puppetdb_server,\n $database_name = $puppetdb::params::database_name,\n $database_username = $puppetdb::params::database_username,\n $database_password = $puppetdb::params::database_password,\n $database_port = $puppetdb::params::database_port,\n $manage_database = $puppetdb::params::manage_database,\n $manage_server = $puppetdb::params::manage_dbserver,\n $manage_package_repo = $puppetdb::params::manage_pg_repo,\n $postgres_version = $puppetdb::params::postgres_version,\n $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on,\n $postgresql_ssl_key_path = $puppetdb::params::postgresql_ssl_key_path,\n $postgresql_ssl_cert_path = $puppetdb::params::postgresql_ssl_cert_path,\n $postgresql_ssl_ca_cert_path = $puppetdb::params::postgresql_ssl_ca_cert_path,\n $read_database_username = $puppetdb::params::read_database_username,\n $read_database_password = $puppetdb::params::read_database_password,\n $read_database_host = $puppetdb::params::read_database_host\n) inherits puppetdb::params {\n\n if $manage_server {\n class { '::postgresql::globals':\n manage_package_repo => $manage_package_repo,\n version => $postgres_version,\n }\n # get the pg server up and running\n class { '::postgresql::server':\n ip_mask_allow_all_users => '0.0.0.0/0',\n listen_addresses => $listen_addresses,\n port => scanf($database_port, '%i')[0],\n }\n\n # We need to create the ssl connection for the read user, when\n # manage_database is set to true, or when read_database_host is defined.\n # Otherwise we don't create it.\n if $manage_database or $read_database_host != undef{\n $create_read_user_rule = true\n } else {\n $create_read_user_rule = false\n }\n\n # configure PostgreSQL communication with Puppet Agent SSL certificates if\n # postgresql_ssl_on is set to true\n if $postgresql_ssl_on {\n class { 'puppetdb::database::ssl_configuration':\n database_name => $database_name,\n database_username => $database_username,\n read_database_username => $read_database_username,\n puppetdb_server => $puppetdb_server,\n postgresql_ssl_key_path => $postgresql_ssl_key_path,\n postgresql_ssl_cert_path => $postgresql_ssl_cert_path,\n postgresql_ssl_ca_cert_path => $postgresql_ssl_ca_cert_path,\n create_read_user_rule => $create_read_user_rule\n }\n }\n\n # Only install pg_trgm extension, if database it is actually managed by the module\n if $manage_database {\n\n # get the pg contrib to use pg_trgm extension\n class { '::postgresql::server::contrib': }\n\n postgresql::server::extension { 'pg_trgm':\n database => $database_name,\n require => Postgresql::Server::Db[$database_name],\n }\n }\n }\n\n if $manage_database {\n # create the puppetdb database\n postgresql::server::db { $database_name:\n user => $database_username,\n password => $database_password,\n grant => 'all',\n }\n\n -> postgresql_psql { 'revoke all access on public schema':\n db => $database_name,\n command => 'REVOKE CREATE ON SCHEMA public FROM public',\n unless => \"SELECT * FROM\n (SELECT has_schema_privilege('public', 'public', 'create') can_create) privs\n WHERE privs.can_create=false\",\n }\n\n -> postgresql_psql { \"grant all permissions to ${database_username}\":\n db => $database_name,\n command => \"GRANT CREATE ON SCHEMA public TO \\\"${database_username}\\\"\",\n unless => \"SELECT * FROM\n (SELECT has_schema_privilege('${database_username}', 'public', 'create') can_create) privs\n WHERE privs.can_create=true\",\n }\n\n -> puppetdb::database::read_only_user { $read_database_username:\n read_database_username => $read_database_username,\n database_name => $database_name,\n password_hash => postgresql::postgresql_password($read_database_username, $read_database_password),\n database_owner => $database_username\n }\n }\n}"}, {"name": "puppetdb::database::ssl_configuration", "file": "manifests/database/ssl_configuration.pp", "line": 3, "inherits": "puppetdb::params", "docstring": {"text": "Class for configuring SSL connection for the PuppetDB postgresql database. See README.md for more\ninformation.", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "database_name"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database_username"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "read_database_username"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "read_database_host"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "puppetdb_server"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "postgresql_ssl_key_path"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "postgresql_ssl_cert_path"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "postgresql_ssl_ca_cert_path"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "create_read_user_rule"}]}, "defaults": {"database_name": "$puppetdb::params::database_name", "database_username": "$puppetdb::params::database_username", "read_database_username": "$puppetdb::params::read_database_username", "read_database_host": "$puppetdb::params::read_database_host", "puppetdb_server": "$puppetdb::params::puppetdb_server", "postgresql_ssl_key_path": "$puppetdb::params::postgresql_ssl_key_path", "postgresql_ssl_cert_path": "$puppetdb::params::postgresql_ssl_cert_path", "postgresql_ssl_ca_cert_path": "$puppetdb::params::postgresql_ssl_ca_cert_path", "create_read_user_rule": "false"}, "source": "class puppetdb::database::ssl_configuration (\n $database_name = $puppetdb::params::database_name,\n $database_username = $puppetdb::params::database_username,\n $read_database_username = $puppetdb::params::read_database_username,\n $read_database_host = $puppetdb::params::read_database_host,\n $puppetdb_server = $puppetdb::params::puppetdb_server,\n $postgresql_ssl_key_path = $puppetdb::params::postgresql_ssl_key_path,\n $postgresql_ssl_cert_path = $puppetdb::params::postgresql_ssl_cert_path,\n $postgresql_ssl_ca_cert_path = $puppetdb::params::postgresql_ssl_ca_cert_path,\n $create_read_user_rule = false,\n) inherits puppetdb::params {\n File {\n ensure => present,\n owner => 'postgres',\n mode => '0600',\n require => Package['postgresql-server'],\n }\n\n file { 'postgres private key':\n path => \"${postgresql::server::datadir}/server.key\",\n source => $postgresql_ssl_key_path,\n }\n\n file { 'postgres public key':\n path => \"${postgresql::server::datadir}/server.crt\",\n source => $postgresql_ssl_cert_path,\n }\n\n postgresql::server::config_entry { 'ssl':\n ensure => present,\n value => 'on',\n require => [File['postgres private key'], File['postgres public key']]\n }\n\n postgresql::server::config_entry { 'ssl_cert_file':\n ensure => present,\n value => \"${postgresql::server::datadir}/server.crt\",\n require => [File['postgres private key'], File['postgres public key']]\n }\n\n postgresql::server::config_entry { 'ssl_key_file':\n ensure => present,\n value => \"${postgresql::server::datadir}/server.key\",\n require => [File['postgres private key'], File['postgres public key']]\n }\n\n postgresql::server::config_entry { 'ssl_ca_file':\n ensure => present,\n value => $postgresql_ssl_ca_cert_path,\n require => [File['postgres private key'], File['postgres public key']]\n }\n\n puppetdb::database::postgresql_ssl_rules { \"Configure postgresql ssl rules for ${database_username}\":\n database_name => $database_name,\n database_username => $database_username,\n puppetdb_server => $puppetdb_server,\n }\n\n if $create_read_user_rule {\n puppetdb::database::postgresql_ssl_rules { \"Configure postgresql ssl rules for ${read_database_username}\":\n database_name => $database_name,\n database_username => $read_database_username,\n puppetdb_server => $puppetdb_server,\n }\n }\n}"}, {"name": "puppetdb::globals", "file": "manifests/globals.pp", "line": 2, "docstring": {"text": "Global configuration class for PuppetDB. See README.md for more details.", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "version"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database"}]}, "defaults": {"version": "'present'", "database": "'postgres'"}, "source": "class puppetdb::globals (\n $version = 'present',\n $database = 'postgres',\n ) {\n\n if !($::osfamily in ['RedHat', 'Suse', 'Archlinux', 'Debian', 'OpenBSD', 'FreeBSD']) {\n fail(\"${module_name} does not support your osfamily ${::osfamily}\")\n }\n\n}"}, {"name": "puppetdb::master::config", "file": "manifests/master/config.pp", "line": 2, "inherits": "puppetdb::params", "docstring": {"text": "Manage puppet configuration. See README.md for more details.", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "puppetdb_server"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "puppetdb_port"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "puppetdb_disable_ssl"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "masterless"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "puppetdb_soft_write_failure"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "manage_routes"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "manage_storeconfigs"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "enable_storeconfigs"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "manage_report_processor"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "manage_config"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "create_puppet_service_resource"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "strict_validation"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "enable_reports"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "puppet_confdir"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "puppet_conf"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "terminus_package"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "puppet_service_name"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "puppetdb_startup_timeout"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "test_url"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "restart_puppet"}]}, "defaults": {"puppetdb_server": "$::fqdn", "puppetdb_port": "defined(Class['puppetdb']) ? {\n true => $::puppetdb::disable_ssl ? {\n true => 8080,\n default => 8081,\n },\n default => 8081", "puppetdb_disable_ssl": "defined(Class['puppetdb']) ? {\n true => $::puppetdb::disable_ssl,\n default => false", "masterless": "$puppetdb::params::masterless", "puppetdb_soft_write_failure": "false", "manage_routes": "true", "manage_storeconfigs": "true", "enable_storeconfigs": "true", "manage_report_processor": "false", "manage_config": "true", "create_puppet_service_resource": "true", "strict_validation": "true", "enable_reports": "false", "puppet_confdir": "$puppetdb::params::puppet_confdir", "puppet_conf": "$puppetdb::params::puppet_conf", "terminus_package": "$puppetdb::params::terminus_package", "puppet_service_name": "$puppetdb::params::puppet_service_name", "puppetdb_startup_timeout": "$puppetdb::params::puppetdb_startup_timeout", "test_url": "$puppetdb::params::test_url", "restart_puppet": "true"}, "source": "class puppetdb::master::config (\n $puppetdb_server = $::fqdn,\n $puppetdb_port = defined(Class['puppetdb']) ? {\n true => $::puppetdb::disable_ssl ? {\n true => 8080,\n default => 8081,\n },\n default => 8081,\n },\n $puppetdb_disable_ssl = defined(Class['puppetdb']) ? {\n true => $::puppetdb::disable_ssl,\n default => false,\n },\n $masterless = $puppetdb::params::masterless,\n $puppetdb_soft_write_failure = false,\n $manage_routes = true,\n $manage_storeconfigs = true,\n $enable_storeconfigs = true,\n $manage_report_processor = false,\n $manage_config = true,\n $create_puppet_service_resource = true,\n $strict_validation = true,\n $enable_reports = false,\n $puppet_confdir = $puppetdb::params::puppet_confdir,\n $puppet_conf = $puppetdb::params::puppet_conf,\n $terminus_package = $puppetdb::params::terminus_package,\n $puppet_service_name = $puppetdb::params::puppet_service_name,\n $puppetdb_startup_timeout = $puppetdb::params::puppetdb_startup_timeout,\n $test_url = $puppetdb::params::test_url,\n $restart_puppet = true,\n) inherits puppetdb::params {\n\n # **WARNING**: Ugly hack to work around a yum bug with metadata parsing. This\n # should not be copied, replicated or even looked at. In short, never rename\n # your packages...\n #\n # With `yum` we can't have the termini package override the terminus package\n # because that would prevent users from installing v2.3 of the terminus in\n # PC1. We tried using a dummy terminus-3 metadata package which pulled in\n # termini-3.latest as a dependency and put a requires terminus >= 3, <4. The\n # idea was that doing `yum install puppetdb-termini-3.x.y-1.el7` would pull up\n # the terminus package to the dummy 3 version, but `yum` has a bug which\n # requires that both the dummy package and termini be installed in the same\n # transaction, i.e. `yum install puppetdb-termini-3.x.y-1.el7\n # puppetdb-terminus-3` which is impossible to do via Puppet.\n #\n # This will orphan some old terminus files (from pre-puppet-agent, i.e. puppet\n # 3.x) that are orphaned as part of the Puppet 3 to Puppet 4 upgrade anyways\n # and some of the new terminus files temporarily. If this exec fails all you\n # need to do is reinstall whatever 2.3 version of the terminus was already\n # installed to revert the change.\n if !($puppetdb::params::puppetdb_version in ['present','absent'])\n and versioncmp($puppetdb::params::puppetdb_version, '3.0.0') >= 0\n and $::osfamily in ['RedHat','Suse'] {\n exec { 'Remove puppetdb-terminus metadata for upgrade':\n command => 'rpm -e --justdb puppetdb-terminus',\n path => '/sbin/:/bin/',\n onlyif => 'rpm -q puppetdb-terminus',\n before => Package[$terminus_package],\n }\n }\n\n package { $terminus_package:\n ensure => $puppetdb::params::puppetdb_version,\n }\n\n if ($strict_validation) {\n\n # Validate the puppetdb connection. If we can't connect to puppetdb then we\n # *must* not perform the other configuration steps, or else\n\n $conn_puppetdb_server = $manage_config ? {\n true => $puppetdb_server,\n default => undef,\n }\n $conn_puppetdb_port = $manage_config ? {\n true => $puppetdb_port,\n default => undef,\n }\n $conn_puppetdb_ssl = $puppetdb_disable_ssl ? {\n true => false,\n default => true,\n }\n\n puppetdb_conn_validator { 'puppetdb_conn':\n puppetdb_server => $conn_puppetdb_server,\n puppetdb_port => $conn_puppetdb_port,\n use_ssl => $conn_puppetdb_ssl,\n timeout => $puppetdb_startup_timeout,\n require => Package[$terminus_package],\n test_url => $test_url,\n }\n\n # This is a bit of puppet chicanery that allows us to create a\n # conditional dependency. Basically, we're saying that \"if the PuppetDB\n # service is being managed in this same catalog, it needs to come before\n # this validator.\"\n Service<|title == $puppetdb::params::puppetdb_service|> -> Puppetdb_conn_validator['puppetdb_conn']\n }\n\n # Conditionally manage the `routes.yaml` file. Restart the puppet service\n # if changes are made.\n if ($manage_routes) {\n $routes_require = $strict_validation ? {\n true => Puppetdb_conn_validator['puppetdb_conn'],\n default => Package[$terminus_package],\n }\n\n class { 'puppetdb::master::routes':\n puppet_confdir => $puppet_confdir,\n masterless => $masterless,\n require => $routes_require,\n }\n }\n\n # Conditionally manage the storeconfigs settings in `puppet.conf`. We don't\n # need to trigger a restart of the puppet master service for this one, because\n # it polls it automatically.\n if ($manage_storeconfigs) {\n $storeconfigs_require = $strict_validation ? {\n true => Puppetdb_conn_validator['puppetdb_conn'],\n default => Package[$terminus_package],\n }\n\n class { 'puppetdb::master::storeconfigs':\n puppet_conf => $puppet_conf,\n masterless => $masterless,\n enable => $enable_storeconfigs,\n require => $storeconfigs_require,\n }\n }\n\n # Conditionally manage the puppetdb report processor setting in `puppet.conf`.\n # We don't need to trigger a restart of the puppet master service for this one,\n # because it polls it automatically.\n if ($manage_report_processor) {\n $report_processor_require = $strict_validation ? {\n true => Puppetdb_conn_validator['puppetdb_conn'],\n default => Package[$terminus_package],\n }\n\n class { 'puppetdb::master::report_processor':\n puppet_conf => $puppet_conf,\n masterless => $masterless,\n enable => $enable_reports,\n require => $report_processor_require,\n }\n }\n\n if ($manage_config) {\n # Manage the `puppetdb.conf` file. Restart the puppet service if changes\n # are made.\n $puppetdb_conf_require = $strict_validation ? {\n true => Puppetdb_conn_validator['puppetdb_conn'],\n default => Package[$terminus_package],\n }\n\n class { 'puppetdb::master::puppetdb_conf':\n server => $puppetdb_server,\n port => $puppetdb_port,\n soft_write_failure => $puppetdb_soft_write_failure,\n puppet_confdir => $puppet_confdir,\n legacy_terminus => $puppetdb::params::terminus_package == 'puppetdb-terminus',\n require => $puppetdb_conf_require,\n }\n }\n\n if ($restart_puppet) {\n # We will need to restart the puppet master service if certain config\n # files are changed, so here we make sure it's in the catalog. This is\n # parse-order dependent and could prevent another part of the code from\n # declaring the service, so set $create_puppet_service_resource to false if you\n # are absolutely sure you're declaring Service[$puppet_service_name] in\n # some other way.\n if $create_puppet_service_resource and ! defined(Service[$puppet_service_name]) {\n service { $puppet_service_name:\n ensure => running,\n enable => true,\n }\n }\n\n if ($manage_config) {\n Class['puppetdb::master::puppetdb_conf'] ~> Service[$puppet_service_name]\n }\n\n if ($manage_routes) {\n Class['puppetdb::master::routes'] ~> Service[$puppet_service_name]\n }\n\n if ($manage_report_processor) {\n Class['puppetdb::master::report_processor'] ~> Service[$puppet_service_name]\n }\n }\n\n}"}, {"name": "puppetdb::master::puppetdb_conf", "file": "manifests/master/puppetdb_conf.pp", "line": 3, "inherits": "puppetdb::params", "docstring": {"text": "Manage the puppetdb.conf file on the puppeet master. See README.md for more\ndetails.", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "server"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "port"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "soft_write_failure"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "puppet_confdir"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "legacy_terminus"}]}, "defaults": {"server": "'localhost'", "port": "'8081'", "soft_write_failure": "$puppetdb::disable_ssl ? {\n true => true,\n default => false", "puppet_confdir": "$puppetdb::params::puppet_confdir", "legacy_terminus": "$puppetdb::params::terminus_package ? {\n /(puppetdb-terminus)/ => true,\n default => false"}, "source": "class puppetdb::master::puppetdb_conf (\n $server = 'localhost',\n $port = '8081',\n $soft_write_failure = $puppetdb::disable_ssl ? {\n true => true,\n default => false,\n },\n $puppet_confdir = $puppetdb::params::puppet_confdir,\n $legacy_terminus = $puppetdb::params::terminus_package ? {\n /(puppetdb-terminus)/ => true,\n default => false,\n },\n ) inherits puppetdb::params {\n\n Ini_setting {\n ensure => present,\n section => 'main',\n path => \"${puppet_confdir}/puppetdb.conf\",\n }\n\n if $legacy_terminus {\n ini_setting { 'puppetdbserver':\n setting => 'server',\n value => $server,\n }\n ini_setting { 'puppetdbport':\n setting => 'port',\n value => $port,\n }\n } else {\n ini_setting { 'puppetdbserver_urls':\n setting => 'server_urls',\n value => \"https://${server}:${port}/\",\n }\n }\n\n ini_setting { 'soft_write_failure':\n setting => 'soft_write_failure',\n value => $soft_write_failure,\n }\n}"}, {"name": "puppetdb::master::report_processor", "file": "manifests/master/report_processor.pp", "line": 3, "inherits": "puppetdb::params", "docstring": {"text": "Manage the installation of the report processor on the master. See README.md\nfor more details.", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "puppet_conf"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "masterless"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "enable"}]}, "defaults": {"puppet_conf": "$puppetdb::params::puppet_conf", "masterless": "$puppetdb::params::masterless", "enable": "false"}, "source": "class puppetdb::master::report_processor (\n $puppet_conf = $puppetdb::params::puppet_conf,\n $masterless = $puppetdb::params::masterless,\n $enable = false\n) inherits puppetdb::params {\n\n if $masterless {\n $puppet_conf_section = 'main'\n } else {\n $puppet_conf_section = 'master'\n }\n\n $puppetdb_ensure = $enable ? {\n true => present,\n default => absent,\n }\n\n ini_subsetting { 'puppet.conf/reports/puppetdb':\n ensure => $puppetdb_ensure,\n path => $puppet_conf,\n section => $puppet_conf_section,\n setting => 'reports',\n subsetting => 'puppetdb',\n subsetting_separator => ',',\n }\n}"}, {"name": "puppetdb::master::routes", "file": "manifests/master/routes.pp", "line": 3, "inherits": "puppetdb::params", "docstring": {"text": "Manages the routes configuration file on the master. See README.md for more\ndetails.", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "puppet_confdir"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "masterless"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "routes"}]}, "defaults": {"puppet_confdir": "$puppetdb::params::puppet_confdir", "masterless": "$puppetdb::params::masterless", "routes": "undef"}, "source": "class puppetdb::master::routes (\n $puppet_confdir = $puppetdb::params::puppet_confdir,\n $masterless = $puppetdb::params::masterless,\n $routes = undef,\n) inherits puppetdb::params {\n\n if $masterless {\n $routes_real = {\n 'apply' => {\n 'catalog' => {\n 'terminus' => 'compiler',\n 'cache' => 'puppetdb',\n },\n 'facts' => {\n 'terminus' => 'facter',\n 'cache' => 'puppetdb_apply',\n }\n }\n }\n } elsif $routes {\n $routes_real = $routes\n } else {\n if (defined('$serverversion')) and (versioncmp($serverversion, '7.0') >= 0) {\n $default_fact_cache = 'json'\n } else {\n $default_fact_cache = 'yaml'\n }\n $routes_real = {\n 'master' => {\n 'facts' => {\n 'terminus' => 'puppetdb',\n 'cache' => $default_fact_cache,\n }\n }\n }\n }\n\n # TODO: this will overwrite any existing routes.yaml;\n # to handle this properly we should just be ensuring\n # that the proper settings exist, but to do that we'd need\n # to parse the yaml file and rewrite it, dealing with indentation issues etc\n # I don't think there is currently a puppet module or an augeas lens for\n # this.\n file { \"${puppet_confdir}/routes.yaml\":\n ensure => file,\n content => template('puppetdb/routes.yaml.erb'),\n mode => '0644',\n }\n}"}, {"name": "puppetdb::master::storeconfigs", "file": "manifests/master/storeconfigs.pp", "line": 3, "inherits": "puppetdb::params", "docstring": {"text": "This class configures the puppet master to enable storeconfigs and to use\npuppetdb as the storeconfigs backend. See README.md for more details.", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "puppet_conf"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "masterless"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "enable"}]}, "defaults": {"puppet_conf": "$puppetdb::params::puppet_conf", "masterless": "$puppetdb::params::masterless", "enable": "true"}, "source": "class puppetdb::master::storeconfigs (\n $puppet_conf = $puppetdb::params::puppet_conf,\n $masterless = $puppetdb::params::masterless,\n $enable = true,\n) inherits puppetdb::params {\n\n if $masterless {\n $puppet_conf_section = 'main'\n } else {\n $puppet_conf_section = 'master'\n }\n\n $storeconfigs_ensure = $enable ? {\n true => present,\n default => absent,\n }\n\n Ini_setting {\n section => $puppet_conf_section,\n path => $puppet_conf,\n ensure => $storeconfigs_ensure,\n }\n\n ini_setting { \"puppet.conf/${puppet_conf_section}/storeconfigs\":\n setting => 'storeconfigs',\n value => true,\n }\n\n ini_setting { \"puppet.conf/${puppet_conf_section}/storeconfigs_backend\":\n setting => 'storeconfigs_backend',\n value => 'puppetdb',\n }\n}"}, {"name": "puppetdb::params", "file": "manifests/params.pp", "line": 4, "inherits": "puppetdb::globals", "docstring": {"text": "PRIVATE CLASS - do not use directly\n\nThe puppetdb default configuration settings."}, "source": "class puppetdb::params inherits puppetdb::globals {\n $listen_address = 'localhost'\n $listen_port = '8080'\n $disable_cleartext = false\n $open_listen_port = false\n $ssl_listen_address = '0.0.0.0'\n $ssl_listen_port = '8081'\n $ssl_protocols = undef\n $disable_ssl = false\n $cipher_suites = undef\n $open_ssl_listen_port = undef\n $postgres_listen_addresses = 'localhost'\n\n $puppetdb_version = $puppetdb::globals::version\n $database = $puppetdb::globals::database\n $manage_dbserver = true\n $manage_database = true\n\n if $::osfamily =~ /RedHat|Debian/ {\n $manage_pg_repo = true\n } else {\n $manage_pg_repo = false\n }\n\n if $puppetdb_version in ['latest','present'] or versioncmp($puppetdb_version, '7.0.0') >= 0 {\n $postgres_version = '11'\n } else {\n $postgres_version = '9.6'\n }\n\n # The remaining database settings are not used for an embedded database\n $database_host = 'localhost'\n $database_port = '5432'\n $database_name = 'puppetdb'\n $database_username = 'puppetdb'\n $database_password = 'puppetdb'\n $manage_db_password = true\n $jdbc_ssl_properties = ''\n $database_validate = true\n $database_max_pool_size = undef\n $puppetdb_server = $::fqdn\n\n # These settings manage the various auto-deactivation and auto-purge settings\n $node_ttl = '7d'\n $node_purge_ttl = '14d'\n $report_ttl = '14d'\n\n $facts_blacklist = undef\n\n $gc_interval = '60'\n $node_purge_gc_batch_limit = '25'\n\n $log_slow_statements = '10'\n $conn_max_age = '60'\n $conn_keep_alive = '45'\n $conn_lifetime = '0'\n\n $max_threads = undef\n $migrate = true\n\n # These settings are for the read database\n $read_database = 'postgres'\n $read_database_host = undef\n $read_database_port = '5432'\n $read_database_name = 'puppetdb'\n $read_database_username = 'puppetdb-read'\n $read_database_password = 'puppetdb-read'\n $manage_read_db_password = true\n $read_database_jdbc_ssl_properties = ''\n $read_database_validate = true\n $read_log_slow_statements = '10'\n $read_conn_max_age = '60'\n $read_conn_keep_alive = '45'\n $read_conn_lifetime = '0'\n $read_database_max_pool_size = undef\n\n $manage_firewall = true\n $java_args = {}\n $merge_default_java_args = true\n\n $puppetdb_package = 'puppetdb'\n $puppetdb_service = 'puppetdb'\n $masterless = false\n\n if !($puppetdb_version in ['latest','present','absent']) and versioncmp($puppetdb_version, '3.0.0') < 0 {\n case $::osfamily {\n 'RedHat', 'Suse', 'Archlinux','Debian': {\n $etcdir = '/etc/puppetdb'\n $vardir = '/var/lib/puppetdb'\n $database_embedded_path = \"${vardir}/db/db\"\n $puppet_confdir = pick($settings::confdir,'/etc/puppet')\n $puppet_service_name = 'puppetmaster'\n }\n 'OpenBSD': {\n $etcdir = '/etc/puppetdb'\n $vardir = '/var/db/puppetdb'\n $database_embedded_path = \"${vardir}/db/db\"\n $puppet_confdir = pick($settings::confdir,'/etc/puppet')\n $puppet_service_name = 'puppetmasterd'\n }\n 'FreeBSD': {\n $etcdir = '/usr/local/etc/puppetdb'\n $vardir = '/var/db/puppetdb'\n $database_embedded_path = \"${vardir}/db/db\"\n $puppet_confdir = pick($settings::confdir,'/usr/local/etc/puppet')\n $puppet_service_name = 'puppetmaster'\n }\n default: {\n fail(\"The fact 'osfamily' is set to ${::osfamily} which is not supported by the puppetdb module.\")\n }\n }\n $terminus_package = 'puppetdb-terminus'\n $test_url = '/v3/version'\n } else {\n case $::osfamily {\n 'RedHat', 'Suse', 'Archlinux','Debian': {\n $etcdir = '/etc/puppetlabs/puppetdb'\n $puppet_confdir = pick($settings::confdir,'/etc/puppetlabs/puppet')\n $puppet_service_name = 'puppetserver'\n }\n 'OpenBSD': {\n $etcdir = '/etc/puppetlabs/puppetdb'\n $puppet_confdir = pick($settings::confdir,'/etc/puppetlabs/puppet')\n $puppet_service_name = undef\n }\n 'FreeBSD': {\n $etcdir = '/usr/local/etc/puppetlabs/puppetdb'\n $puppet_confdir = pick($settings::confdir,'/usr/local/etc/puppetlabs/puppet')\n $puppet_service_name = undef\n }\n default: {\n fail(\"The fact 'osfamily' is set to ${::osfamily} which is not supported by the puppetdb module.\")\n }\n }\n $terminus_package = 'puppetdb-termini'\n $test_url = '/pdb/meta/v1/version'\n $vardir = '/opt/puppetlabs/server/data/puppetdb'\n $database_embedded_path = \"${vardir}/db/db\"\n }\n\n $confdir = \"${etcdir}/conf.d\"\n $ssl_dir = \"${etcdir}/ssl\"\n\n case $::osfamily {\n 'RedHat', 'Suse', 'Archlinux': {\n $puppetdb_user = 'puppetdb'\n $puppetdb_group = 'puppetdb'\n $puppetdb_initconf = '/etc/sysconfig/puppetdb'\n }\n 'Debian': {\n $puppetdb_user = 'puppetdb'\n $puppetdb_group = 'puppetdb'\n $puppetdb_initconf = '/etc/default/puppetdb'\n }\n 'OpenBSD': {\n $puppetdb_user = '_puppetdb'\n $puppetdb_group = '_puppetdb'\n $puppetdb_initconf = undef\n }\n 'FreeBSD': {\n $puppetdb_user = 'puppetdb'\n $puppetdb_group = 'puppetdb'\n $puppetdb_initconf = undef\n }\n default: {\n fail(\"The fact 'osfamily' is set to ${::osfamily} which is not supported by the puppetdb module.\")\n }\n }\n\n $puppet_conf = \"${puppet_confdir}/puppet.conf\"\n $puppetdb_startup_timeout = 120\n $puppetdb_service_status = 'running'\n\n $command_threads = undef\n $concurrent_writes = undef\n $store_usage = undef\n $temp_usage = undef\n $disable_update_checking = undef\n\n # reports of failed actions: https://puppet.com/docs/puppetdb/5.2/maintain_and_tune.html#clean-up-the-dead-letter-office\n $automatic_dlo_cleanup = true\n # any value for a systemd timer is valid: https://www.freedesktop.org/software/systemd/man/systemd.time.html\n $cleanup_timer_interval = \"*-*-* ${fqdn_rand(24)}:${fqdn_rand(60)}:00\"\n $dlo_max_age = 90\n\n # certificats used for PostgreSQL SSL configuration. Puppet certificates are used\n $postgresql_ssl_on = false\n $postgresql_ssl_folder = \"${puppet_confdir}/ssl\"\n $postgresql_ssl_cert_path = \"${postgresql_ssl_folder}/certs/${trusted['certname']}.pem\"\n $postgresql_ssl_key_path = \"${postgresql_ssl_folder}/private_keys/${trusted['certname']}.pem\"\n $postgresql_ssl_ca_cert_path = \"${postgresql_ssl_folder}/certs/ca.pem\"\n\n # certificats used for Jetty configuration\n $ssl_set_cert_paths = false\n $ssl_cert_path = \"${ssl_dir}/public.pem\"\n $ssl_key_path = \"${ssl_dir}/private.pem\"\n $ssl_ca_cert_path = \"${ssl_dir}/ca.pem\"\n $ssl_deploy_certs = false\n $ssl_key = undef\n $ssl_cert = undef\n $ssl_ca_cert = undef\n\n # certificate used by PuppetDB SSL Configuration\n $ssl_key_pk8_path = regsubst($ssl_key_path, '.pem', '.pk8')\n\n $certificate_whitelist_file = \"${etcdir}/certificate-whitelist\"\n # the default is free access for now\n $certificate_whitelist = [ ]\n # change to this to only allow access by the puppet master by default:\n #$certificate_whitelist = [ $::servername ]\n\n # Get the parameter name for the database connection pool tuning\n if $puppetdb_version in ['latest','present'] or versioncmp($puppetdb_version, '4.0.0') >= 0 {\n $database_max_pool_size_setting_name = 'maximum-pool-size'\n } elsif versioncmp($puppetdb_version, '2.8.0') >= 0 {\n $database_max_pool_size_setting_name = 'partition-conn-max'\n } else {\n $database_max_pool_size_setting_name = undef\n }\n\n # java binary path for PuppetDB. If undef, default will be used.\n $java_bin = undef\n}"}, {"name": "puppetdb::server", "file": "manifests/server.pp", "line": 2, "inherits": "puppetdb::params", "docstring": {"text": "Class to configure a PuppetDB server. See README.md for more details.", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "listen_address"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "listen_port"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "disable_cleartext"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "open_listen_port"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ssl_listen_address"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ssl_listen_port"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "disable_ssl"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "open_ssl_listen_port"}, {"tag_name": "param", "text": "", "types": ["Stdlib::Absolutepath"], "name": "ssl_dir"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "ssl_set_cert_paths"}, {"tag_name": "param", "text": "", "types": ["Stdlib::Absolutepath"], "name": "ssl_cert_path"}, {"tag_name": "param", "text": "", "types": ["Stdlib::Absolutepath"], "name": "ssl_key_path"}, {"tag_name": "param", "text": "", "types": ["Stdlib::Absolutepath"], "name": "ssl_key_pk8_path"}, {"tag_name": "param", "text": "", "types": ["Stdlib::Absolutepath"], "name": "ssl_ca_cert_path"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "ssl_deploy_certs"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ssl_key"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ssl_cert"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ssl_ca_cert"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ssl_protocols"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "postgresql_ssl_on"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "cipher_suites"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "migrate"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database_host"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database_port"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database_username"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database_password"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database_name"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "manage_db_password"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "jdbc_ssl_properties"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database_validate"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database_embedded_path"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "node_ttl"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "node_purge_ttl"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "report_ttl"}, {"tag_name": "param", "text": "", "types": ["Optional[Array]"], "name": "facts_blacklist"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "gc_interval"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "node_purge_gc_batch_limit"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "log_slow_statements"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "conn_max_age"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "conn_keep_alive"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "conn_lifetime"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "puppetdb_package"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "puppetdb_service"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "puppetdb_service_status"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "puppetdb_user"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "puppetdb_group"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "read_database"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "read_database_host"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "read_database_port"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "read_database_username"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "read_database_password"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "read_database_name"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "manage_read_db_password"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "read_database_jdbc_ssl_properties"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "read_database_validate"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "read_log_slow_statements"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "read_conn_max_age"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "read_conn_keep_alive"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "read_conn_lifetime"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "confdir"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "vardir"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "manage_firewall"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "manage_database"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "java_args"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "merge_default_java_args"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "max_threads"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "command_threads"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "concurrent_writes"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "store_usage"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "temp_usage"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "disable_update_checking"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "certificate_whitelist_file"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "certificate_whitelist"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database_max_pool_size"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "read_database_max_pool_size"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "automatic_dlo_cleanup"}, {"tag_name": "param", "text": "", "types": ["String[1]"], "name": "cleanup_timer_interval"}, {"tag_name": "param", "text": "", "types": ["Integer[1]"], "name": "dlo_max_age"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::Absolutepath]"], "name": "java_bin"}]}, "defaults": {"listen_address": "$puppetdb::params::listen_address", "listen_port": "$puppetdb::params::listen_port", "disable_cleartext": "$puppetdb::params::disable_cleartext", "open_listen_port": "$puppetdb::params::open_listen_port", "ssl_listen_address": "$puppetdb::params::ssl_listen_address", "ssl_listen_port": "$puppetdb::params::ssl_listen_port", "disable_ssl": "$puppetdb::params::disable_ssl", "open_ssl_listen_port": "$puppetdb::params::open_ssl_listen_port", "ssl_dir": "$puppetdb::params::ssl_dir", "ssl_set_cert_paths": "$puppetdb::params::ssl_set_cert_paths", "ssl_cert_path": "$puppetdb::params::ssl_cert_path", "ssl_key_path": "$puppetdb::params::ssl_key_path", "ssl_key_pk8_path": "$puppetdb::params::ssl_key_pk8_path", "ssl_ca_cert_path": "$puppetdb::params::ssl_ca_cert_path", "ssl_deploy_certs": "$puppetdb::params::ssl_deploy_certs", "ssl_key": "$puppetdb::params::ssl_key", "ssl_cert": "$puppetdb::params::ssl_cert", "ssl_ca_cert": "$puppetdb::params::ssl_ca_cert", "ssl_protocols": "$puppetdb::params::ssl_protocols", "postgresql_ssl_on": "$puppetdb::params::postgresql_ssl_on", "cipher_suites": "$puppetdb::params::cipher_suites", "migrate": "$puppetdb::params::migrate", "database": "$puppetdb::params::database", "database_host": "$puppetdb::params::database_host", "database_port": "$puppetdb::params::database_port", "database_username": "$puppetdb::params::database_username", "database_password": "$puppetdb::params::database_password", "database_name": "$puppetdb::params::database_name", "manage_db_password": "$puppetdb::params::manage_db_password", "jdbc_ssl_properties": "$puppetdb::params::jdbc_ssl_properties", "database_validate": "$puppetdb::params::database_validate", "database_embedded_path": "$puppetdb::params::database_embedded_path", "node_ttl": "$puppetdb::params::node_ttl", "node_purge_ttl": "$puppetdb::params::node_purge_ttl", "report_ttl": "$puppetdb::params::report_ttl", "facts_blacklist": "$puppetdb::params::facts_blacklist", "gc_interval": "$puppetdb::params::gc_interval", "node_purge_gc_batch_limit": "$puppetdb::params::node_purge_gc_batch_limit", "log_slow_statements": "$puppetdb::params::log_slow_statements", "conn_max_age": "$puppetdb::params::conn_max_age", "conn_keep_alive": "$puppetdb::params::conn_keep_alive", "conn_lifetime": "$puppetdb::params::conn_lifetime", "puppetdb_package": "$puppetdb::params::puppetdb_package", "puppetdb_service": "$puppetdb::params::puppetdb_service", "puppetdb_service_status": "$puppetdb::params::puppetdb_service_status", "puppetdb_user": "$puppetdb::params::puppetdb_user", "puppetdb_group": "$puppetdb::params::puppetdb_group", "read_database": "$puppetdb::params::read_database", "read_database_host": "$puppetdb::params::read_database_host", "read_database_port": "$puppetdb::params::read_database_port", "read_database_username": "$puppetdb::params::read_database_username", "read_database_password": "$puppetdb::params::read_database_password", "read_database_name": "$puppetdb::params::read_database_name", "manage_read_db_password": "$puppetdb::params::manage_read_db_password", "read_database_jdbc_ssl_properties": "$puppetdb::params::read_database_jdbc_ssl_properties", "read_database_validate": "$puppetdb::params::read_database_validate", "read_log_slow_statements": "$puppetdb::params::read_log_slow_statements", "read_conn_max_age": "$puppetdb::params::read_conn_max_age", "read_conn_keep_alive": "$puppetdb::params::read_conn_keep_alive", "read_conn_lifetime": "$puppetdb::params::read_conn_lifetime", "confdir": "$puppetdb::params::confdir", "vardir": "$puppetdb::params::vardir", "manage_firewall": "$puppetdb::params::manage_firewall", "manage_database": "$puppetdb::params::manage_database", "java_args": "$puppetdb::params::java_args", "merge_default_java_args": "$puppetdb::params::merge_default_java_args", "max_threads": "$puppetdb::params::max_threads", "command_threads": "$puppetdb::params::command_threads", "concurrent_writes": "$puppetdb::params::concurrent_writes", "store_usage": "$puppetdb::params::store_usage", "temp_usage": "$puppetdb::params::temp_usage", "disable_update_checking": "$puppetdb::params::disable_update_checking", "certificate_whitelist_file": "$puppetdb::params::certificate_whitelist_file", "certificate_whitelist": "$puppetdb::params::certificate_whitelist", "database_max_pool_size": "$puppetdb::params::database_max_pool_size", "read_database_max_pool_size": "$puppetdb::params::read_database_max_pool_size", "automatic_dlo_cleanup": "$puppetdb::params::automatic_dlo_cleanup", "cleanup_timer_interval": "$puppetdb::params::cleanup_timer_interval", "dlo_max_age": "$puppetdb::params::dlo_max_age", "java_bin": "$puppetdb::params::java_bin"}, "source": "class puppetdb::server (\n $listen_address = $puppetdb::params::listen_address,\n $listen_port = $puppetdb::params::listen_port,\n $disable_cleartext = $puppetdb::params::disable_cleartext,\n $open_listen_port = $puppetdb::params::open_listen_port,\n $ssl_listen_address = $puppetdb::params::ssl_listen_address,\n $ssl_listen_port = $puppetdb::params::ssl_listen_port,\n $disable_ssl = $puppetdb::params::disable_ssl,\n $open_ssl_listen_port = $puppetdb::params::open_ssl_listen_port,\n Stdlib::Absolutepath $ssl_dir = $puppetdb::params::ssl_dir,\n Boolean $ssl_set_cert_paths = $puppetdb::params::ssl_set_cert_paths,\n Stdlib::Absolutepath $ssl_cert_path = $puppetdb::params::ssl_cert_path,\n Stdlib::Absolutepath $ssl_key_path = $puppetdb::params::ssl_key_path,\n Stdlib::Absolutepath $ssl_key_pk8_path = $puppetdb::params::ssl_key_pk8_path,\n Stdlib::Absolutepath $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path,\n Boolean $ssl_deploy_certs = $puppetdb::params::ssl_deploy_certs,\n $ssl_key = $puppetdb::params::ssl_key,\n $ssl_cert = $puppetdb::params::ssl_cert,\n $ssl_ca_cert = $puppetdb::params::ssl_ca_cert,\n $ssl_protocols = $puppetdb::params::ssl_protocols,\n $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on,\n $cipher_suites = $puppetdb::params::cipher_suites,\n $migrate = $puppetdb::params::migrate,\n $database = $puppetdb::params::database,\n $database_host = $puppetdb::params::database_host,\n $database_port = $puppetdb::params::database_port,\n $database_username = $puppetdb::params::database_username,\n $database_password = $puppetdb::params::database_password,\n $database_name = $puppetdb::params::database_name,\n $manage_db_password = $puppetdb::params::manage_db_password,\n $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties,\n $database_validate = $puppetdb::params::database_validate,\n $database_embedded_path = $puppetdb::params::database_embedded_path,\n $node_ttl = $puppetdb::params::node_ttl,\n $node_purge_ttl = $puppetdb::params::node_purge_ttl,\n $report_ttl = $puppetdb::params::report_ttl,\n Optional[Array] $facts_blacklist = $puppetdb::params::facts_blacklist,\n $gc_interval = $puppetdb::params::gc_interval,\n $node_purge_gc_batch_limit = $puppetdb::params::node_purge_gc_batch_limit,\n $log_slow_statements = $puppetdb::params::log_slow_statements,\n $conn_max_age = $puppetdb::params::conn_max_age,\n $conn_keep_alive = $puppetdb::params::conn_keep_alive,\n $conn_lifetime = $puppetdb::params::conn_lifetime,\n $puppetdb_package = $puppetdb::params::puppetdb_package,\n $puppetdb_service = $puppetdb::params::puppetdb_service,\n $puppetdb_service_status = $puppetdb::params::puppetdb_service_status,\n $puppetdb_user = $puppetdb::params::puppetdb_user,\n $puppetdb_group = $puppetdb::params::puppetdb_group,\n $read_database = $puppetdb::params::read_database,\n $read_database_host = $puppetdb::params::read_database_host,\n $read_database_port = $puppetdb::params::read_database_port,\n $read_database_username = $puppetdb::params::read_database_username,\n $read_database_password = $puppetdb::params::read_database_password,\n $read_database_name = $puppetdb::params::read_database_name,\n $manage_read_db_password = $puppetdb::params::manage_read_db_password,\n $read_database_jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties,\n $read_database_validate = $puppetdb::params::read_database_validate,\n $read_log_slow_statements = $puppetdb::params::read_log_slow_statements,\n $read_conn_max_age = $puppetdb::params::read_conn_max_age,\n $read_conn_keep_alive = $puppetdb::params::read_conn_keep_alive,\n $read_conn_lifetime = $puppetdb::params::read_conn_lifetime,\n $confdir = $puppetdb::params::confdir,\n $vardir = $puppetdb::params::vardir,\n $manage_firewall = $puppetdb::params::manage_firewall,\n $manage_database = $puppetdb::params::manage_database,\n $java_args = $puppetdb::params::java_args,\n $merge_default_java_args = $puppetdb::params::merge_default_java_args,\n $max_threads = $puppetdb::params::max_threads,\n $command_threads = $puppetdb::params::command_threads,\n $concurrent_writes = $puppetdb::params::concurrent_writes,\n $store_usage = $puppetdb::params::store_usage,\n $temp_usage = $puppetdb::params::temp_usage,\n $disable_update_checking = $puppetdb::params::disable_update_checking,\n $certificate_whitelist_file = $puppetdb::params::certificate_whitelist_file,\n $certificate_whitelist = $puppetdb::params::certificate_whitelist,\n $database_max_pool_size = $puppetdb::params::database_max_pool_size,\n $read_database_max_pool_size = $puppetdb::params::read_database_max_pool_size,\n Boolean $automatic_dlo_cleanup = $puppetdb::params::automatic_dlo_cleanup,\n String[1] $cleanup_timer_interval = $puppetdb::params::cleanup_timer_interval,\n Integer[1] $dlo_max_age = $puppetdb::params::dlo_max_age,\n Optional[Stdlib::Absolutepath] $java_bin = $puppetdb::params::java_bin,\n) inherits puppetdb::params {\n\n # Apply necessary suffix if zero is specified.\n # Can we drop this in the next major release?\n if $node_ttl == '0' {\n $_node_ttl_real = '0s'\n } else {\n $_node_ttl_real = downcase($node_ttl)\n }\n\n # Validate node_ttl\n $node_ttl_real = assert_type(Puppetdb::Ttl, $_node_ttl_real)\n\n # Apply necessary suffix if zero is specified.\n # Can we drop this in the next major release?\n if $node_purge_ttl == '0' {\n $_node_purge_ttl_real = '0s'\n } else {\n $_node_purge_ttl_real = downcase($node_purge_ttl)\n }\n\n # Validate node_purge_ttl\n $node_purge_ttl_real = assert_type(Puppetdb::Ttl, $_node_purge_ttl_real)\n\n # Apply necessary suffix if zero is specified.\n # Can we drop this in the next major release?\n if $report_ttl == '0' {\n $_report_ttl_real = '0s'\n } else {\n $_report_ttl_real = downcase($report_ttl)\n }\n\n # Validate report_ttl\n $repor_ttl_real = assert_type(Puppetdb::Ttl, $_report_ttl_real)\n\n # Validate puppetdb_service_status\n $service_enabled = $puppetdb_service_status ? {\n /(running|true)/ => true,\n /(stopped|false)/ => false,\n default => fail(\"puppetdb_service_status valid values are 'true', 'running', 'false', and 'stopped'. You provided '${puppetdb_service_status}'\"),\n }\n\n # Validate database type (Currently only postgres and embedded are supported)\n if !($database in ['postgres', 'embedded']) {\n fail(\"database must must be 'postgres' or 'embedded'. You provided '${database}'\")\n }\n\n # Validate read-database type (Currently only postgres is supported)\n if !($read_database in ['postgres']) {\n fail(\"read_database must be 'postgres'. You provided '${read_database}'\")\n }\n\n package { $puppetdb_package:\n ensure => $puppetdb::params::puppetdb_version,\n notify => Service[$puppetdb_service],\n }\n\n if $manage_firewall {\n class { 'puppetdb::server::firewall':\n http_port => $listen_port,\n open_http_port => $open_listen_port,\n ssl_port => $ssl_listen_port,\n open_ssl_port => $open_ssl_listen_port,\n }\n }\n\n class { 'puppetdb::server::global':\n vardir => $vardir,\n confdir => $confdir,\n puppetdb_user => $puppetdb_user,\n puppetdb_group => $puppetdb_group,\n notify => Service[$puppetdb_service],\n }\n\n class { 'puppetdb::server::command_processing':\n command_threads => $command_threads,\n concurrent_writes => $concurrent_writes,\n store_usage => $store_usage,\n temp_usage => $temp_usage,\n confdir => $confdir,\n notify => Service[$puppetdb_service],\n }\n\n class { 'puppetdb::server::database':\n database => $database,\n database_host => $database_host,\n database_port => $database_port,\n database_username => $database_username,\n database_password => $database_password,\n database_name => $database_name,\n manage_db_password => $manage_db_password,\n postgresql_ssl_on => $postgresql_ssl_on,\n ssl_key_pk8_path => $ssl_key_pk8_path,\n ssl_cert_path => $ssl_cert_path,\n ssl_ca_cert_path => $ssl_ca_cert_path,\n database_max_pool_size => $database_max_pool_size,\n jdbc_ssl_properties => $jdbc_ssl_properties,\n database_validate => $database_validate,\n database_embedded_path => $database_embedded_path,\n node_ttl => $node_ttl,\n node_purge_ttl => $node_purge_ttl,\n report_ttl => $report_ttl,\n facts_blacklist => $facts_blacklist,\n gc_interval => $gc_interval,\n node_purge_gc_batch_limit => $node_purge_gc_batch_limit,\n log_slow_statements => $log_slow_statements,\n conn_max_age => $conn_max_age,\n conn_keep_alive => $conn_keep_alive,\n conn_lifetime => $conn_lifetime,\n confdir => $confdir,\n puppetdb_user => $puppetdb_user,\n puppetdb_group => $puppetdb_group,\n migrate => $migrate,\n notify => Service[$puppetdb_service],\n }\n\n if $manage_database and $read_database_host == undef {\n $real_database_host = $database_host\n $real_database_port = $database_port\n $real_database_name = $database_name\n } else {\n $real_database_host = $read_database_host\n $real_database_port = $read_database_port\n $real_database_name = $read_database_name\n }\n\n class { 'puppetdb::server::read_database':\n read_database => $read_database,\n read_database_host => $real_database_host,\n read_database_port => $real_database_port,\n read_database_username => $read_database_username,\n read_database_password => $read_database_password,\n read_database_name => $real_database_name,\n manage_db_password => $manage_read_db_password,\n postgresql_ssl_on => $postgresql_ssl_on,\n ssl_key_pk8_path => $ssl_key_pk8_path,\n ssl_cert_path => $ssl_cert_path,\n ssl_ca_cert_path => $ssl_ca_cert_path,\n jdbc_ssl_properties => $read_database_jdbc_ssl_properties,\n database_validate => $read_database_validate,\n log_slow_statements => $read_log_slow_statements,\n conn_max_age => $read_conn_max_age,\n conn_keep_alive => $read_conn_keep_alive,\n conn_lifetime => $read_conn_lifetime,\n confdir => $confdir,\n puppetdb_user => $puppetdb_user,\n puppetdb_group => $puppetdb_group,\n notify => Service[$puppetdb_service],\n database_max_pool_size => $read_database_max_pool_size,\n }\n\n if $ssl_deploy_certs {\n file {\n $ssl_dir:\n ensure => directory,\n owner => $puppetdb_user,\n group => $puppetdb_group,\n mode => '0700';\n $ssl_key_path:\n ensure => file,\n content => $ssl_key,\n owner => $puppetdb_user,\n group => $puppetdb_group,\n mode => '0600',\n notify => Service[$puppetdb_service];\n $ssl_cert_path:\n ensure => file,\n content => $ssl_cert,\n owner => $puppetdb_user,\n group => $puppetdb_group,\n mode => '0600',\n notify => Service[$puppetdb_service];\n $ssl_ca_cert_path:\n ensure => file,\n content => $ssl_ca_cert,\n owner => $puppetdb_user,\n group => $puppetdb_group,\n mode => '0600',\n notify => Service[$puppetdb_service];\n }\n }\n\n if $postgresql_ssl_on {\n exec { $ssl_key_pk8_path:\n path => [ '/opt/puppetlabs/puppet/bin', $facts['path'] ],\n command => \"openssl pkcs8 -topk8 -inform PEM -outform DER -in ${ssl_key_path} -out ${ssl_key_pk8_path} -nocrypt\",\n # Generate a .pk8 key if one doesn't exist or is older than the .pem input.\n # NOTE: bash file time checks, like -ot, can't always discern sub-second\n # differences.\n onlyif => \"test ! -e '${ssl_key_pk8_path}' -o '${ssl_key_pk8_path}' -ot '${ssl_key_path}'\",\n before => File[$ssl_key_pk8_path]\n }\n\n file { $ssl_key_pk8_path:\n ensure => present,\n owner => $puppetdb_user,\n group => $puppetdb_group,\n mode => '0600',\n notify => Service[$puppetdb_service]\n }\n }\n\n class { 'puppetdb::server::jetty':\n listen_address => $listen_address,\n listen_port => $listen_port,\n disable_cleartext => $disable_cleartext,\n ssl_listen_address => $ssl_listen_address,\n ssl_listen_port => $ssl_listen_port,\n ssl_set_cert_paths => $ssl_set_cert_paths,\n ssl_key_path => $ssl_key_path,\n ssl_cert_path => $ssl_cert_path,\n ssl_ca_cert_path => $ssl_ca_cert_path,\n ssl_protocols => $ssl_protocols,\n cipher_suites => $cipher_suites,\n disable_ssl => $disable_ssl,\n confdir => $confdir,\n max_threads => $max_threads,\n notify => Service[$puppetdb_service],\n puppetdb_user => $puppetdb_user,\n puppetdb_group => $puppetdb_group,\n }\n\n class { 'puppetdb::server::puppetdb':\n certificate_whitelist_file => $certificate_whitelist_file,\n certificate_whitelist => $certificate_whitelist,\n disable_update_checking => $disable_update_checking,\n confdir => $confdir,\n puppetdb_user => $puppetdb_user,\n puppetdb_group => $puppetdb_group,\n notify => Service[$puppetdb_service],\n }\n\n if !empty($java_args) {\n if $merge_default_java_args {\n create_resources(\n 'ini_subsetting',\n puppetdb::create_subsetting_resource_hash(\n $java_args, {\n ensure => present,\n section => '',\n key_val_separator => '=',\n path => $puppetdb::params::puppetdb_initconf,\n setting => 'JAVA_ARGS',\n require => Package[$puppetdb_package],\n notify => Service[$puppetdb_service],\n }))\n } else {\n ini_setting { 'java_args':\n ensure => present,\n section => '',\n path => $puppetdb::params::puppetdb_initconf,\n setting => 'JAVA_ARGS',\n require => Package[$puppetdb_package],\n notify => Service[$puppetdb_service],\n value => puppetdb::flatten_java_args($java_args),\n }\n }\n }\n\n # java binary path for PuppetDB. If undef, default will be used.\n if $java_bin {\n ini_setting { 'java':\n ensure => 'present',\n section => '',\n path => $puppetdb::params::puppetdb_initconf,\n setting => 'JAVA_BIN',\n require => Package[$puppetdb_package],\n notify => Service[$puppetdb_service],\n value => $java_bin,\n }\n }\n\n if $automatic_dlo_cleanup {\n if $facts['systemd'] {\n # deploy a systemd timer + service to cleanup old reports\n # https://puppet.com/docs/puppetdb/5.2/maintain_and_tune.html#clean-up-the-dead-letter-office\n systemd::unit_file { 'puppetdb-dlo-cleanup.service':\n content => epp(\"${module_name}/puppetdb-DLO-cleanup.service.epp\", {\n 'puppetdb_user' => $puppetdb_user,\n 'puppetdb_group' => $puppetdb_group,\n 'vardir' => $vardir,\n 'dlo_max_age' => $dlo_max_age\n }),\n }\n -> systemd::unit_file { 'puppetdb-dlo-cleanup.timer':\n content => epp(\"${module_name}/puppetdb-DLO-cleanup.timer.epp\", {'cleanup_timer_interval' => $cleanup_timer_interval }),\n enable => true,\n active => true,\n }\n } else {\n cron { 'puppetdb-dlo-cleanup':\n ensure => 'present',\n minute => fqdn_rand(60),\n hour => fqdn_rand(24),\n monthday => '*',\n month => '*',\n weekday => '*',\n command => \"/usr/bin/find ${vardir}/stockpile/discard/ -type f -mtime ${dlo_max_age} -delete\",\n user => $puppetdb_user,\n }\n }\n }\n\n service { $puppetdb_service:\n ensure => $puppetdb_service_status,\n enable => $service_enabled,\n }\n\n if $manage_firewall {\n Package[$puppetdb_package]\n -> Class['puppetdb::server::firewall']\n -> Class['puppetdb::server::global']\n -> Class['puppetdb::server::command_processing']\n -> Class['puppetdb::server::database']\n -> Class['puppetdb::server::read_database']\n -> Class['puppetdb::server::jetty']\n -> Class['puppetdb::server::puppetdb']\n -> Service[$puppetdb_service]\n } else {\n Package[$puppetdb_package]\n -> Class['puppetdb::server::global']\n -> Class['puppetdb::server::command_processing']\n -> Class['puppetdb::server::database']\n -> Class['puppetdb::server::read_database']\n -> Class['puppetdb::server::jetty']\n -> Class['puppetdb::server::puppetdb']\n -> Service[$puppetdb_service]\n }\n}"}, {"name": "puppetdb::server::command_processing", "file": "manifests/server/command_processing.pp", "line": 2, "inherits": "puppetdb::params", "docstring": {"text": "PRIVATE CLASS - do not use directly", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "command_threads"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "concurrent_writes"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "store_usage"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "temp_usage"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "confdir"}]}, "defaults": {"command_threads": "$puppetdb::params::command_threads", "concurrent_writes": "$puppetdb::params::concurrent_writes", "store_usage": "$puppetdb::params::store_usage", "temp_usage": "$puppetdb::params::temp_usage", "confdir": "$puppetdb::params::confdir"}, "source": "class puppetdb::server::command_processing (\n $command_threads = $puppetdb::params::command_threads,\n $concurrent_writes = $puppetdb::params::concurrent_writes,\n $store_usage = $puppetdb::params::store_usage,\n $temp_usage = $puppetdb::params::temp_usage,\n $confdir = $puppetdb::params::confdir,\n) inherits puppetdb::params {\n\n $config_ini = \"${confdir}/config.ini\"\n\n # Set the defaults\n Ini_setting {\n path => $config_ini,\n ensure => 'present',\n section => 'command-processing',\n require => File[$config_ini],\n }\n\n if $command_threads {\n ini_setting { 'puppetdb_command_processing_threads':\n setting => 'threads',\n value => $command_threads,\n }\n } else {\n ini_setting { 'puppetdb_command_processing_threads':\n ensure => 'absent',\n setting => 'threads',\n }\n }\n\n if $concurrent_writes {\n ini_setting { 'puppetdb_command_processing_concurrent_writes':\n setting => 'concurrent-writes',\n value => $concurrent_writes,\n }\n } else {\n ini_setting { 'puppetdb_command_processing_concurrent_writes':\n ensure => 'absent',\n setting => 'concurrent-writes',\n }\n }\n\n if $store_usage {\n ini_setting { 'puppetdb_command_processing_store_usage':\n setting => 'store-usage',\n value => $store_usage,\n }\n } else {\n ini_setting { 'puppetdb_command_processing_store_usage':\n ensure => 'absent',\n setting => 'store-usage',\n }\n }\n\n if $temp_usage {\n ini_setting { 'puppetdb_command_processing_temp_usage':\n setting => 'temp-usage',\n value => $temp_usage,\n }\n } else {\n ini_setting { 'puppetdb_command_processing_temp_usage':\n ensure => 'absent',\n setting => 'temp-usage',\n }\n }\n}"}, {"name": "puppetdb::server::database", "file": "manifests/server/database.pp", "line": 2, "inherits": "puppetdb::params", "docstring": {"text": "PRIVATE CLASS - do not use directly", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "database"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database_host"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database_port"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database_username"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database_password"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database_name"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "manage_db_password"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "jdbc_ssl_properties"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database_validate"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database_embedded_path"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "node_ttl"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "node_purge_ttl"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "report_ttl"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "facts_blacklist"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "gc_interval"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "node_purge_gc_batch_limit"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "log_slow_statements"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "conn_max_age"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "conn_keep_alive"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "conn_lifetime"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "confdir"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "puppetdb_user"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "puppetdb_group"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database_max_pool_size"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "migrate"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "postgresql_ssl_on"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ssl_cert_path"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ssl_key_pk8_path"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ssl_ca_cert_path"}]}, "defaults": {"database": "$puppetdb::params::database", "database_host": "$puppetdb::params::database_host", "database_port": "$puppetdb::params::database_port", "database_username": "$puppetdb::params::database_username", "database_password": "$puppetdb::params::database_password", "database_name": "$puppetdb::params::database_name", "manage_db_password": "$puppetdb::params::manage_db_password", "jdbc_ssl_properties": "$puppetdb::params::jdbc_ssl_properties", "database_validate": "$puppetdb::params::database_validate", "database_embedded_path": "$puppetdb::params::database_embedded_path", "node_ttl": "$puppetdb::params::node_ttl", "node_purge_ttl": "$puppetdb::params::node_purge_ttl", "report_ttl": "$puppetdb::params::report_ttl", "facts_blacklist": "$puppetdb::params::facts_blacklist", "gc_interval": "$puppetdb::params::gc_interval", "node_purge_gc_batch_limit": "$puppetdb::params::node_purge_gc_batch_limit", "log_slow_statements": "$puppetdb::params::log_slow_statements", "conn_max_age": "$puppetdb::params::conn_max_age", "conn_keep_alive": "$puppetdb::params::conn_keep_alive", "conn_lifetime": "$puppetdb::params::conn_lifetime", "confdir": "$puppetdb::params::confdir", "puppetdb_user": "$puppetdb::params::puppetdb_user", "puppetdb_group": "$puppetdb::params::puppetdb_group", "database_max_pool_size": "$puppetdb::params::database_max_pool_size", "migrate": "$puppetdb::params::migrate", "postgresql_ssl_on": "$puppetdb::params::postgresql_ssl_on", "ssl_cert_path": "$puppetdb::params::ssl_cert_path", "ssl_key_pk8_path": "$puppetdb::params::ssl_key_pk8_path", "ssl_ca_cert_path": "$puppetdb::params::ssl_ca_cert_path"}, "source": "class puppetdb::server::database (\n $database = $puppetdb::params::database,\n $database_host = $puppetdb::params::database_host,\n $database_port = $puppetdb::params::database_port,\n $database_username = $puppetdb::params::database_username,\n $database_password = $puppetdb::params::database_password,\n $database_name = $puppetdb::params::database_name,\n $manage_db_password = $puppetdb::params::manage_db_password,\n $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties,\n $database_validate = $puppetdb::params::database_validate,\n $database_embedded_path = $puppetdb::params::database_embedded_path,\n $node_ttl = $puppetdb::params::node_ttl,\n $node_purge_ttl = $puppetdb::params::node_purge_ttl,\n $report_ttl = $puppetdb::params::report_ttl,\n $facts_blacklist = $puppetdb::params::facts_blacklist,\n $gc_interval = $puppetdb::params::gc_interval,\n $node_purge_gc_batch_limit = $puppetdb::params::node_purge_gc_batch_limit,\n $log_slow_statements = $puppetdb::params::log_slow_statements,\n $conn_max_age = $puppetdb::params::conn_max_age,\n $conn_keep_alive = $puppetdb::params::conn_keep_alive,\n $conn_lifetime = $puppetdb::params::conn_lifetime,\n $confdir = $puppetdb::params::confdir,\n $puppetdb_user = $puppetdb::params::puppetdb_user,\n $puppetdb_group = $puppetdb::params::puppetdb_group,\n $database_max_pool_size = $puppetdb::params::database_max_pool_size,\n $migrate = $puppetdb::params::migrate,\n $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on,\n $ssl_cert_path = $puppetdb::params::ssl_cert_path,\n $ssl_key_pk8_path = $puppetdb::params::ssl_key_pk8_path,\n $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path\n) inherits puppetdb::params {\n\n if str2bool($database_validate) {\n # Validate the database connection. If we can't connect, we want to fail\n # and skip the rest of the configuration, so that we don't leave puppetdb\n # in a broken state.\n #\n # NOTE:\n # Because of a limitation in the postgres module this will break with\n # a duplicate declaration if read and write database host+name are the\n # same.\n class { 'puppetdb::server::validate_db':\n database => $database,\n database_host => $database_host,\n database_port => $database_port,\n database_username => $database_username,\n database_password => $database_password,\n database_name => $database_name,\n }\n }\n\n $database_ini = \"${confdir}/database.ini\"\n\n file { $database_ini:\n ensure => file,\n owner => $puppetdb_user,\n group => $puppetdb_group,\n mode => '0600',\n }\n\n $file_require = File[$database_ini]\n $ini_setting_require = str2bool($database_validate) ? {\n false => $file_require,\n default => [$file_require, Class['puppetdb::server::validate_db']],\n }\n # Set the defaults\n Ini_setting {\n path => $database_ini,\n ensure => present,\n section => 'database',\n require => $ini_setting_require\n }\n\n if $database == 'embedded' {\n\n $classname = 'org.hsqldb.jdbcDriver'\n $subprotocol = 'hsqldb'\n $subname = \"file:${database_embedded_path};hsqldb.tx=mvcc;sql.syntax_pgs=true\"\n\n } elsif $database == 'postgres' {\n $classname = 'org.postgresql.Driver'\n $subprotocol = 'postgresql'\n\n if !empty($jdbc_ssl_properties) {\n $database_suffix = $jdbc_ssl_properties\n }\n else {\n $database_suffix = ''\n }\n\n $subname_default = \"//${database_host}:${database_port}/${database_name}${database_suffix}\"\n\n if $postgresql_ssl_on and !empty($jdbc_ssl_properties)\n {\n fail(\"Variables 'postgresql_ssl_on' and 'jdbc_ssl_properties' can not be used at the same time!\")\n }\n\n if $postgresql_ssl_on {\n $subname = @(\"EOT\"/L)\n ${subname_default}?\\\n ssl=true&sslfactory=org.postgresql.ssl.LibPQFactory&\\\n sslmode=verify-full&sslrootcert=${ssl_ca_cert_path}&\\\n sslkey=${ssl_key_pk8_path}&sslcert=${ssl_cert_path}\\\n | EOT\n } else {\n $subname = $subname_default\n }\n\n ##Only setup for postgres\n ini_setting { 'puppetdb_psdatabase_username':\n setting => 'username',\n value => $database_username,\n }\n\n if $database_password != undef and $manage_db_password {\n ini_setting { 'puppetdb_psdatabase_password':\n setting => 'password',\n value => $database_password,\n }\n }\n }\n\n ini_setting { 'puppetdb_classname':\n setting => 'classname',\n value => $classname,\n }\n\n ini_setting { 'puppetdb_subprotocol':\n setting => 'subprotocol',\n value => $subprotocol,\n }\n\n ini_setting { 'puppetdb_pgs':\n setting => 'syntax_pgs',\n value => true,\n }\n\n ini_setting { 'puppetdb_subname':\n setting => 'subname',\n value => $subname,\n }\n\n ini_setting { 'puppetdb_gc_interval':\n setting => 'gc-interval',\n value => $gc_interval,\n }\n\n ini_setting { 'puppetdb_node_purge_gc_batch_limit':\n setting => 'node-purge-gc-batch-limit',\n value => $node_purge_gc_batch_limit,\n }\n\n ini_setting { 'puppetdb_node_ttl':\n setting => 'node-ttl',\n value => $node_ttl,\n }\n\n ini_setting { 'puppetdb_node_purge_ttl':\n setting => 'node-purge-ttl',\n value => $node_purge_ttl,\n }\n\n ini_setting { 'puppetdb_report_ttl':\n setting => 'report-ttl',\n value => $report_ttl,\n }\n\n ini_setting { 'puppetdb_log_slow_statements':\n setting => 'log-slow-statements',\n value => $log_slow_statements,\n }\n\n ini_setting { 'puppetdb_conn_max_age':\n setting => 'conn-max-age',\n value => $conn_max_age,\n }\n\n ini_setting { 'puppetdb_conn_keep_alive':\n setting => 'conn-keep-alive',\n value => $conn_keep_alive,\n }\n\n ini_setting { 'puppetdb_conn_lifetime':\n setting => 'conn-lifetime',\n value => $conn_lifetime,\n }\n\n ini_setting { 'puppetdb_migrate':\n setting => 'migrate',\n value => $migrate,\n }\n\n if $puppetdb::params::database_max_pool_size_setting_name != undef {\n if $database_max_pool_size == 'absent' {\n ini_setting { 'puppetdb_database_max_pool_size':\n ensure => absent,\n setting => $puppetdb::params::database_max_pool_size_setting_name,\n }\n } elsif $database_max_pool_size != undef {\n ini_setting { 'puppetdb_database_max_pool_size':\n setting => $puppetdb::params::database_max_pool_size_setting_name,\n value => $database_max_pool_size,\n }\n }\n }\n\n if ($facts_blacklist) and length($facts_blacklist) != 0 {\n $joined_facts_blacklist = join($facts_blacklist, ', ')\n ini_setting { 'puppetdb_facts_blacklist':\n setting => 'facts-blacklist',\n value => $joined_facts_blacklist,\n }\n } else {\n ini_setting { 'puppetdb_facts_blacklist':\n ensure => absent,\n setting => 'facts-blacklist',\n }\n }\n}"}, {"name": "puppetdb::server::firewall", "file": "manifests/server/firewall.pp", "line": 2, "inherits": "puppetdb::params", "docstring": {"text": "PRIVATE CLASS - do not use directly", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "http_port"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "open_http_port"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ssl_port"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "open_ssl_port"}]}, "defaults": {"http_port": "$puppetdb::params::listen_port", "open_http_port": "$puppetdb::params::open_listen_port", "ssl_port": "$puppetdb::params::ssl_listen_port", "open_ssl_port": "$puppetdb::params::open_ssl_listen_port"}, "source": "class puppetdb::server::firewall (\n $http_port = $puppetdb::params::listen_port,\n $open_http_port = $puppetdb::params::open_listen_port,\n $ssl_port = $puppetdb::params::ssl_listen_port,\n $open_ssl_port = $puppetdb::params::open_ssl_listen_port,\n) inherits puppetdb::params {\n include firewall\n\n if ($open_http_port) {\n firewall { \"${http_port} accept - puppetdb\":\n dport => $http_port,\n proto => 'tcp',\n action => 'accept',\n }\n }\n\n if ($open_ssl_port) {\n firewall { \"${ssl_port} accept - puppetdb\":\n dport => $ssl_port,\n proto => 'tcp',\n action => 'accept',\n }\n }\n}"}, {"name": "puppetdb::server::global", "file": "manifests/server/global.pp", "line": 2, "inherits": "puppetdb::params", "docstring": {"text": "PRIVATE CLASS - do not use directly", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "vardir"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "confdir"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "puppetdb_user"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "puppetdb_group"}]}, "defaults": {"vardir": "$puppetdb::params::vardir", "confdir": "$puppetdb::params::confdir", "puppetdb_user": "$puppetdb::params::puppetdb_user", "puppetdb_group": "$puppetdb::params::puppetdb_group"}, "source": "class puppetdb::server::global (\n $vardir = $puppetdb::params::vardir,\n $confdir = $puppetdb::params::confdir,\n $puppetdb_user = $puppetdb::params::puppetdb_user,\n $puppetdb_group = $puppetdb::params::puppetdb_group,\n) inherits puppetdb::params {\n\n $config_ini = \"${confdir}/config.ini\"\n\n file { $config_ini:\n ensure => file,\n owner => $puppetdb_user,\n group => $puppetdb_group,\n mode => '0600',\n }\n\n # Set the defaults\n Ini_setting {\n path => $config_ini,\n ensure => 'present',\n section => 'global',\n require => File[$config_ini],\n }\n\n if $vardir {\n ini_setting { 'puppetdb_global_vardir':\n setting => 'vardir',\n value => $vardir,\n }\n }\n}"}, {"name": "puppetdb::server::jetty", "file": "manifests/server/jetty.pp", "line": 2, "inherits": "puppetdb::params", "docstring": {"text": "PRIVATE CLASS - do not use directly", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "listen_address"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "listen_port"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "disable_cleartext"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ssl_listen_address"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ssl_listen_port"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "disable_ssl"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "ssl_set_cert_paths"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ssl_cert_path"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ssl_key_path"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ssl_ca_cert_path"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "ssl_protocols"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "cipher_suites"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "confdir"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "max_threads"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "puppetdb_user"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "puppetdb_group"}]}, "defaults": {"listen_address": "$puppetdb::params::listen_address", "listen_port": "$puppetdb::params::listen_port", "disable_cleartext": "$puppetdb::params::disable_cleartext", "ssl_listen_address": "$puppetdb::params::ssl_listen_address", "ssl_listen_port": "$puppetdb::params::ssl_listen_port", "disable_ssl": "$puppetdb::params::disable_ssl", "ssl_set_cert_paths": "$puppetdb::params::ssl_set_cert_paths", "ssl_cert_path": "$puppetdb::params::ssl_cert_path", "ssl_key_path": "$puppetdb::params::ssl_key_path", "ssl_ca_cert_path": "$puppetdb::params::ssl_ca_cert_path", "ssl_protocols": "$puppetdb::params::ssl_protocols", "cipher_suites": "$puppetdb::params::cipher_suites", "confdir": "$puppetdb::params::confdir", "max_threads": "$puppetdb::params::max_threads", "puppetdb_user": "$puppetdb::params::puppetdb_user", "puppetdb_group": "$puppetdb::params::puppetdb_group"}, "source": "class puppetdb::server::jetty (\n $listen_address = $puppetdb::params::listen_address,\n $listen_port = $puppetdb::params::listen_port,\n $disable_cleartext = $puppetdb::params::disable_cleartext,\n $ssl_listen_address = $puppetdb::params::ssl_listen_address,\n $ssl_listen_port = $puppetdb::params::ssl_listen_port,\n $disable_ssl = $puppetdb::params::disable_ssl,\n Boolean $ssl_set_cert_paths = $puppetdb::params::ssl_set_cert_paths,\n $ssl_cert_path = $puppetdb::params::ssl_cert_path,\n $ssl_key_path = $puppetdb::params::ssl_key_path,\n $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path,\n Optional[String] $ssl_protocols = $puppetdb::params::ssl_protocols,\n Optional[String] $cipher_suites = $puppetdb::params::cipher_suites,\n $confdir = $puppetdb::params::confdir,\n $max_threads = $puppetdb::params::max_threads,\n $puppetdb_user = $puppetdb::params::puppetdb_user,\n $puppetdb_group = $puppetdb::params::puppetdb_group,\n) inherits puppetdb::params {\n\n $jetty_ini = \"${confdir}/jetty.ini\"\n\n file { $jetty_ini:\n ensure => file,\n owner => $puppetdb_user,\n group => $puppetdb_group,\n mode => '0600',\n }\n\n # Set the defaults\n Ini_setting {\n path => $jetty_ini,\n ensure => present,\n section => 'jetty',\n require => File[$jetty_ini],\n }\n\n $cleartext_setting_ensure = $disable_cleartext ? {\n true => 'absent',\n default => 'present',\n }\n\n ini_setting { 'puppetdb_host':\n ensure => $cleartext_setting_ensure,\n setting => 'host',\n value => $listen_address,\n }\n\n ini_setting { 'puppetdb_port':\n ensure => $cleartext_setting_ensure,\n setting => 'port',\n value => $listen_port,\n }\n\n $ssl_setting_ensure = $disable_ssl ? {\n true => 'absent',\n default => 'present',\n }\n\n ini_setting { 'puppetdb_sslhost':\n ensure => $ssl_setting_ensure,\n setting => 'ssl-host',\n value => $ssl_listen_address,\n }\n\n ini_setting { 'puppetdb_sslport':\n ensure => $ssl_setting_ensure,\n setting => 'ssl-port',\n value => $ssl_listen_port,\n }\n\n if $ssl_protocols {\n\n ini_setting { 'puppetdb_sslprotocols':\n ensure => $ssl_setting_ensure,\n setting => 'ssl-protocols',\n value => $ssl_protocols,\n }\n }\n\n if $cipher_suites {\n\n ini_setting { 'puppetdb_cipher-suites':\n ensure => $ssl_setting_ensure,\n setting => 'cipher-suites',\n value => $cipher_suites,\n }\n }\n\n if $ssl_set_cert_paths {\n # assume paths have been validated in calling class\n ini_setting { 'puppetdb_ssl_key':\n ensure => present,\n setting => 'ssl-key',\n value => $ssl_key_path,\n }\n ini_setting { 'puppetdb_ssl_cert':\n ensure => present,\n setting => 'ssl-cert',\n value => $ssl_cert_path,\n }\n ini_setting { 'puppetdb_ssl_ca_cert':\n ensure => present,\n setting => 'ssl-ca-cert',\n value => $ssl_ca_cert_path,\n }\n }\n\n if ($max_threads) {\n ini_setting { 'puppetdb_max_threads':\n setting => 'max-threads',\n value => $max_threads,\n }\n } else {\n ini_setting { 'puppetdb_max_threads':\n ensure => absent,\n setting => 'max-threads',\n }\n }\n}"}, {"name": "puppetdb::server::puppetdb", "file": "manifests/server/puppetdb.pp", "line": 2, "inherits": "puppetdb::params", "docstring": {"text": "PRIVATE CLASS - do not use directly", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "certificate_whitelist_file"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "certificate_whitelist"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "disable_update_checking"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "confdir"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "puppetdb_user"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "puppetdb_group"}]}, "defaults": {"certificate_whitelist_file": "$puppetdb::params::certificate_whitelist_file", "certificate_whitelist": "$puppetdb::params::certificate_whitelist", "disable_update_checking": "$puppetdb::params::disable_update_checking", "confdir": "$puppetdb::params::confdir", "puppetdb_user": "$puppetdb::params::puppetdb_user", "puppetdb_group": "$puppetdb::params::puppetdb_group"}, "source": "class puppetdb::server::puppetdb (\n $certificate_whitelist_file = $puppetdb::params::certificate_whitelist_file,\n $certificate_whitelist = $puppetdb::params::certificate_whitelist,\n $disable_update_checking = $puppetdb::params::disable_update_checking,\n $confdir = $puppetdb::params::confdir,\n $puppetdb_user = $puppetdb::params::puppetdb_user,\n $puppetdb_group = $puppetdb::params::puppetdb_group,\n) inherits puppetdb::params {\n\n $puppetdb_ini = \"${confdir}/puppetdb.ini\"\n\n file { $puppetdb_ini:\n ensure => file,\n owner => $puppetdb_user,\n group => $puppetdb_group,\n mode => '0600',\n }\n\n # Set the defaults\n Ini_setting {\n path => $puppetdb_ini,\n ensure => present,\n section => 'puppetdb',\n require => File[$puppetdb_ini],\n }\n\n $certificate_whitelist_setting_ensure = empty($certificate_whitelist) ? {\n true => 'absent',\n default => 'present',\n }\n\n # accept connections only from puppet master\n ini_setting {'puppetdb-connections-from-master-only':\n ensure => $certificate_whitelist_setting_ensure,\n section => 'puppetdb',\n setting => 'certificate-whitelist',\n value => $certificate_whitelist_file,\n }\n\n file { $certificate_whitelist_file:\n ensure => $certificate_whitelist_setting_ensure,\n content => template('puppetdb/certificate-whitelist.erb'),\n mode => '0644',\n owner => 0,\n group => 0,\n }\n\n if $disable_update_checking {\n ini_setting { 'puppetdb_disable_update_checking':\n setting => 'disable-update-checking',\n value => $disable_update_checking,\n }\n } else {\n ini_setting { 'puppetdb_disable_update_checking':\n ensure => 'absent',\n setting => 'disable-update-checking',\n }\n }\n}"}, {"name": "puppetdb::server::read_database", "file": "manifests/server/read_database.pp", "line": 2, "inherits": "puppetdb::params", "docstring": {"text": "PRIVATE CLASS - do not use directly", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "read_database"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "read_database_host"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "read_database_port"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "read_database_username"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "read_database_password"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "read_database_name"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "manage_db_password"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "jdbc_ssl_properties"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database_validate"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "log_slow_statements"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "conn_max_age"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "conn_keep_alive"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "conn_lifetime"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "confdir"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "puppetdb_user"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "puppetdb_group"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database_max_pool_size"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "postgresql_ssl_on"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ssl_cert_path"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ssl_key_pk8_path"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ssl_ca_cert_path"}]}, "defaults": {"read_database": "$puppetdb::params::read_database", "read_database_host": "$puppetdb::params::read_database_host", "read_database_port": "$puppetdb::params::read_database_port", "read_database_username": "$puppetdb::params::read_database_username", "read_database_password": "$puppetdb::params::read_database_password", "read_database_name": "$puppetdb::params::read_database_name", "manage_db_password": "$puppetdb::params::manage_read_db_password", "jdbc_ssl_properties": "$puppetdb::params::read_database_jdbc_ssl_properties", "database_validate": "$puppetdb::params::read_database_validate", "log_slow_statements": "$puppetdb::params::read_log_slow_statements", "conn_max_age": "$puppetdb::params::read_conn_max_age", "conn_keep_alive": "$puppetdb::params::read_conn_keep_alive", "conn_lifetime": "$puppetdb::params::read_conn_lifetime", "confdir": "$puppetdb::params::confdir", "puppetdb_user": "$puppetdb::params::puppetdb_user", "puppetdb_group": "$puppetdb::params::puppetdb_group", "database_max_pool_size": "$puppetdb::params::read_database_max_pool_size", "postgresql_ssl_on": "$puppetdb::params::postgresql_ssl_on", "ssl_cert_path": "$puppetdb::params::ssl_cert_path", "ssl_key_pk8_path": "$puppetdb::params::ssl_key_pk8_path", "ssl_ca_cert_path": "$puppetdb::params::ssl_ca_cert_path"}, "source": "class puppetdb::server::read_database (\n $read_database = $puppetdb::params::read_database,\n $read_database_host = $puppetdb::params::read_database_host,\n $read_database_port = $puppetdb::params::read_database_port,\n $read_database_username = $puppetdb::params::read_database_username,\n $read_database_password = $puppetdb::params::read_database_password,\n $read_database_name = $puppetdb::params::read_database_name,\n $manage_db_password = $puppetdb::params::manage_read_db_password,\n $jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties,\n $database_validate = $puppetdb::params::read_database_validate,\n $log_slow_statements = $puppetdb::params::read_log_slow_statements,\n $conn_max_age = $puppetdb::params::read_conn_max_age,\n $conn_keep_alive = $puppetdb::params::read_conn_keep_alive,\n $conn_lifetime = $puppetdb::params::read_conn_lifetime,\n $confdir = $puppetdb::params::confdir,\n $puppetdb_user = $puppetdb::params::puppetdb_user,\n $puppetdb_group = $puppetdb::params::puppetdb_group,\n $database_max_pool_size = $puppetdb::params::read_database_max_pool_size,\n $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on,\n $ssl_cert_path = $puppetdb::params::ssl_cert_path,\n $ssl_key_pk8_path = $puppetdb::params::ssl_key_pk8_path,\n $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path\n) inherits puppetdb::params {\n\n if $read_database_host != undef {\n if str2bool($database_validate) {\n # Validate the database connection. If we can't connect, we want to fail\n # and skip the rest of the configuration, so that we don't leave puppetdb\n # in a broken state.\n #\n # NOTE:\n # Because of a limitation in the postgres module this will break with\n # a duplicate declaration if read and write database host+name are the\n # same.\n class { 'puppetdb::server::validate_read_db':\n database => $read_database,\n database_host => $read_database_host,\n database_port => $read_database_port,\n database_username => $read_database_username,\n database_password => $read_database_password,\n database_name => $read_database_name,\n }\n }\n\n $read_database_ini = \"${confdir}/read_database.ini\"\n\n file { $read_database_ini:\n ensure => file,\n owner => $puppetdb_user,\n group => $puppetdb_group,\n mode => '0600',\n }\n\n $file_require = File[$read_database_ini]\n $ini_setting_require = str2bool($database_validate) ? {\n false => $file_require,\n default => [$file_require, Class['puppetdb::server::validate_read_db']],\n }\n # Set the defaults\n Ini_setting {\n path => $read_database_ini,\n ensure => present,\n section => 'read-database',\n require => $ini_setting_require,\n }\n\n if $read_database == 'postgres' {\n $classname = 'org.postgresql.Driver'\n $subprotocol = 'postgresql'\n\n if !empty($jdbc_ssl_properties) {\n $database_suffix = $jdbc_ssl_properties\n }\n else {\n $database_suffix = ''\n }\n\n $subname_default = \"//${read_database_host}:${read_database_port}/${read_database_name}${database_suffix}\"\n\n if $postgresql_ssl_on and !empty($jdbc_ssl_properties)\n {\n fail(\"Variables 'postgresql_ssl_on' and 'jdbc_ssl_properties' can not be used at the same time!\")\n }\n\n if $postgresql_ssl_on {\n $subname = @(\"EOT\"/L)\n ${subname_default}?\\\n ssl=true&sslfactory=org.postgresql.ssl.LibPQFactory&\\\n sslmode=verify-full&sslrootcert=${ssl_ca_cert_path}&\\\n sslkey=${ssl_key_pk8_path}&sslcert=${ssl_cert_path}\\\n | EOT\n } else {\n $subname = $subname_default\n }\n\n ini_setting { 'puppetdb_read_database_username':\n setting => 'username',\n value => $read_database_username,\n }\n\n if $read_database_password != undef and $manage_db_password {\n ini_setting { 'puppetdb_read_database_password':\n setting => 'password',\n value => $read_database_password,\n }\n }\n }\n\n ini_setting { 'puppetdb_read_classname':\n setting => 'classname',\n value => $classname,\n }\n\n ini_setting { 'puppetdb_read_subprotocol':\n setting => 'subprotocol',\n value => $subprotocol,\n }\n\n ini_setting { 'puppetdb_read_pgs':\n setting => 'syntax_pgs',\n value => true,\n }\n\n ini_setting { 'puppetdb_read_subname':\n setting => 'subname',\n value => $subname,\n }\n\n ini_setting { 'puppetdb_read_log_slow_statements':\n setting => 'log-slow-statements',\n value => $log_slow_statements,\n }\n\n ini_setting { 'puppetdb_read_conn_max_age':\n setting => 'conn-max-age',\n value => $conn_max_age,\n }\n\n ini_setting { 'puppetdb_read_conn_keep_alive':\n setting => 'conn-keep-alive',\n value => $conn_keep_alive,\n }\n\n ini_setting { 'puppetdb_read_conn_lifetime':\n setting => 'conn-lifetime',\n value => $conn_lifetime,\n }\n\n if $puppetdb::params::database_max_pool_size_setting_name != undef {\n if $database_max_pool_size == 'absent' {\n ini_setting { 'puppetdb_read_database_max_pool_size':\n ensure => absent,\n setting => $puppetdb::params::database_max_pool_size_setting_name,\n }\n } elsif $database_max_pool_size != undef {\n ini_setting { 'puppetdb_read_database_max_pool_size':\n setting => $puppetdb::params::database_max_pool_size_setting_name,\n value => $database_max_pool_size,\n }\n }\n } else {\n file { \"${confdir}/read_database.ini\":\n ensure => absent,\n }\n }\n } else {\n file { \"${confdir}/read_database.ini\":\n ensure => absent,\n }\n }\n}"}, {"name": "puppetdb::server::validate_db", "file": "manifests/server/validate_db.pp", "line": 2, "inherits": "puppetdb::params", "docstring": {"text": "This validates a database connection. See README.md for more details.", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "database"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database_host"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database_port"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database_username"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database_password"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database_name"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "jdbc_ssl_properties"}]}, "defaults": {"database": "$puppetdb::params::database", "database_host": "$puppetdb::params::database_host", "database_port": "$puppetdb::params::database_port", "database_username": "$puppetdb::params::database_username", "database_password": "$puppetdb::params::database_password", "database_name": "$puppetdb::params::database_name", "jdbc_ssl_properties": "$puppetdb::params::jdbc_ssl_properties"}, "source": "class puppetdb::server::validate_db (\n $database = $puppetdb::params::database,\n $database_host = $puppetdb::params::database_host,\n $database_port = $puppetdb::params::database_port,\n $database_username = $puppetdb::params::database_username,\n $database_password = $puppetdb::params::database_password,\n $database_name = $puppetdb::params::database_name,\n $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties,\n) inherits puppetdb::params {\n\n # We don't need any validation for the embedded database, presumably.\n if (\n $database == 'postgres' and\n ($database_password != undef and $jdbc_ssl_properties == false)\n ) {\n postgresql::validate_db_connection { 'validate puppetdb postgres connection':\n database_host => $database_host,\n database_port => $database_port,\n database_username => $database_username,\n database_password => $database_password,\n database_name => $database_name,\n }\n }\n}"}, {"name": "puppetdb::server::validate_read_db", "file": "manifests/server/validate_read_db.pp", "line": 2, "inherits": "puppetdb::params", "docstring": {"text": "This validates a database connection. See README.md for more details.", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "database"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database_host"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database_port"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database_username"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database_password"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "database_name"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "jdbc_ssl_properties"}]}, "defaults": {"database": "$puppetdb::params::database", "database_host": "$puppetdb::params::database_host", "database_port": "$puppetdb::params::database_port", "database_username": "$puppetdb::params::database_username", "database_password": "$puppetdb::params::database_password", "database_name": "$puppetdb::params::database_name", "jdbc_ssl_properties": "$puppetdb::params::jdbc_ssl_properties"}, "source": "class puppetdb::server::validate_read_db (\n $database = $puppetdb::params::database,\n $database_host = $puppetdb::params::database_host,\n $database_port = $puppetdb::params::database_port,\n $database_username = $puppetdb::params::database_username,\n $database_password = $puppetdb::params::database_password,\n $database_name = $puppetdb::params::database_name,\n $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties,\n) inherits puppetdb::params {\n\n # Currently we only support postgres\n if (\n $database == 'postgres' and\n ($database_password != undef and $jdbc_ssl_properties == false)\n ) {\n postgresql::validate_db_connection { 'validate puppetdb postgres (read) connection':\n database_host => $database_host,\n database_port => $database_port,\n database_username => $database_username,\n database_password => $database_password,\n database_name => $database_name,\n }\n }\n}"}, {"name": "syncthing", "file": "manifests/init.pp", "line": 1, "inherits": "::syncthing::params", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "binpath"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "instancespath"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "package_version"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "manage_repo"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "package_name"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "instances"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "devices"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "folders"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "create_home_path"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "service_type"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "daemon_uid"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "daemon_gid"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "daemon_umask"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "daemon_nice"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "daemon_debug"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "gui"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "gui_tls"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "gui_address"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "gui_port"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "gui_apikey"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "gui_user"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "gui_password"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "gui_options"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "instance_options"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "device_compression"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "device_introducer"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "device_options"}]}, "defaults": {"binpath": "$::syncthing::params::binpath", "instancespath": "$::syncthing::params::instancespath", "package_version": "$::syncthing::params::package_version", "manage_repo": "$::syncthing::params::manage_repo", "package_name": "$::syncthing::params::package_name", "instances": "$::syncthing::params::default_instances", "devices": "$::syncthing::params::default_devices", "folders": "$::syncthing::params::default_folders", "create_home_path": "$::syncthing::params::create_home_path", "service_type": "$::syncthing::params::service_type", "daemon_uid": "$::syncthing::params::daemon_uid", "daemon_gid": "$::syncthing::params::daemon_gid", "daemon_umask": "$::syncthing::params::daemon_umask", "daemon_nice": "$::syncthing::params::daemon_nice", "daemon_debug": "$::syncthing::params::daemon_debug", "gui": "$::syncthing::params::gui", "gui_tls": "$::syncthing::params::gui_tls", "gui_address": "$::syncthing::params::gui_address", "gui_port": "$::syncthing::params::gui_port", "gui_apikey": "$::syncthing::params::gui_apikey", "gui_user": "$::syncthing::params::gui_user", "gui_password": "$::syncthing::params::gui_password", "gui_options": "$::syncthing::params::gui_options", "instance_options": "$::syncthing::params::instance_options", "device_compression": "$::syncthing::params::device_compression", "device_introducer": "$::syncthing::params::device_introducer", "device_options": "$::syncthing::params::device_options"}, "source": "class syncthing\n(\n $binpath = $::syncthing::params::binpath,\n $instancespath = $::syncthing::params::instancespath,\n $package_version = $::syncthing::params::package_version,\n $manage_repo = $::syncthing::params::manage_repo,\n $package_name = $::syncthing::params::package_name,\n\n $instances = $::syncthing::params::default_instances,\n $devices = $::syncthing::params::default_devices,\n $folders = $::syncthing::params::default_folders,\n\n $create_home_path = $::syncthing::params::create_home_path,\n\n $service_type = $::syncthing::params::service_type,\n\n $daemon_uid = $::syncthing::params::daemon_uid,\n $daemon_gid = $::syncthing::params::daemon_gid,\n $daemon_umask = $::syncthing::params::daemon_umask,\n $daemon_nice = $::syncthing::params::daemon_nice,\n $daemon_debug = $::syncthing::params::daemon_debug,\n $gui = $::syncthing::params::gui,\n $gui_tls = $::syncthing::params::gui_tls,\n $gui_address = $::syncthing::params::gui_address,\n $gui_port = $::syncthing::params::gui_port,\n $gui_apikey = $::syncthing::params::gui_apikey,\n $gui_user = $::syncthing::params::gui_user,\n $gui_password = $::syncthing::params::gui_password,\n $gui_options = $::syncthing::params::gui_options,\n $instance_options = $::syncthing::params::instance_options,\n\n $device_compression = $::syncthing::params::device_compression,\n $device_introducer = $::syncthing::params::device_introducer,\n $device_options = $::syncthing::params::device_options,\n)\ninherits ::syncthing::params\n{\n class { '::syncthing::repo': }\n\n -> class { '::syncthing::install_package': }\n\n -> class { '::syncthing::service': }\n\n create_resources( ::syncthing::instance, $instances )\n create_resources( ::syncthing::device, $devices )\n create_resources( ::syncthing::folder, $folders )\n}"}, {"name": "syncthing::install_package", "file": "manifests/install_package.pp", "line": 1, "docstring": {"text": ""}, "source": "class syncthing::install_package {\n package { $::syncthing::package_name:\n ensure => $::syncthing::package_version,\n }\n\n Package[$::syncthing::package_name]\n\n ~> Exec <| tag == 'syncthing_package_instance_service' and tag == 'syncthing_instance_service_restart' |>\n}"}, {"name": "syncthing::params", "file": "manifests/params.pp", "line": 1, "docstring": {"text": ""}, "source": "class syncthing::params {\n $binpath = '/usr/bin/syncthing'\n $instancespath = '/etc/syncthing'\n\n $package_version = 'latest'\n\n $manage_repo = true\n $package_name = 'syncthing'\n\n $default_instances = {}\n $default_devices = {}\n $default_folders = {}\n\n $create_home_path = true\n\n # Determine service provider to manage files for\n # Perhaps we can make use of the service_provider fact?\n if ($::service_provider) {\n if ($::service_provider == 'systemd') {\n $service_type = 'systemd'\n } elsif ($::service_provider == 'upstart') {\n $service_type = 'initd'\n }\n }\n\n # No service_provider fact or no useful answer (https://tickets.puppetlabs.com/browse/PUP-6065)\n # Guess.\n if (!$service_type) {\n if ($::operatingsystem == 'Ubuntu') {\n if ($::lsbmajdistrelease + 0 >= 15) {\n $service_type = 'systemd'\n } else {\n $service_type = 'initd'\n }\n } elsif ($::operatingsystem == 'Debian') {\n if ($::lsbmajdistrelease + 0 >= 8) {\n $service_type = 'systemd'\n } else {\n $service_type = 'initd'\n }\n }\n }\n\n\n $daemon_uid = 'root'\n\n # These will only be used when $service_type is \"initd\"\n $daemon_gid = 'root'\n $daemon_umask = '0002'\n $daemon_nice = undef\n $daemon_debug = undef\n\n $gui = true\n $gui_tls = true\n $gui_address = '0.0.0.0'\n $gui_port = '8080'\n $gui_apikey = undef\n $gui_user = undef\n $gui_password = undef\n $gui_password_salt = undef\n $gui_options = {}\n\n $instance_options = {}\n\n $device_compression = false\n $device_introducer = false\n $device_options = {}\n}"}, {"name": "syncthing::repo", "file": "manifests/repo.pp", "line": 1, "docstring": {"text": ""}, "source": "class syncthing::repo {\n if $::syncthing::manage_repo {\n $release_key = '37C84554E7E0A261E4F76E1ED26E6ED000654A3E'\n\n case $::osfamily {\n 'Debian': {\n include ::apt\n\n ::apt::key { $release_key:\n ensure => present,\n source => 'https://syncthing.net/release-key.txt',\n }\n\n ::apt::source { 'syncthing':\n location => 'http://apt.syncthing.net',\n release => 'syncthing',\n repos => 'release',\n include => {\n 'src' => false,\n },\n require => Apt::Key[$release_key],\n before => [\n Package[$::syncthing::package_name],\n ],\n }\n }\n default: {\n fail \"Unsupported OS family: ${::osfamily}\"\n }\n }\n }\n}"}, {"name": "syncthing::service", "file": "manifests/service.pp", "line": 1, "docstring": {"text": ""}, "source": "class syncthing::service {\n if ! defined(Class['syncthing']) {\n fail('You must include the syncthing base class before using any syncthing defined resources')\n }\n\n if ($::syncthing::service_type == 'initd') {\n file { '/etc/default/syncthing':\n content => template('syncthing/default.erb'),\n owner => 'root',\n group => 'root',\n mode => '0744',\n }\n\n file { $::syncthing::instancespath:\n ensure => directory,\n owner => 'root',\n group => 'root',\n mode => '0755',\n }\n\n file { '/etc/init.d/syncthing':\n content => template('syncthing/init.d.erb'),\n owner => 'root',\n group => 'root',\n mode => '0755',\n require => [\n File['/etc/default/syncthing'],\n File[$::syncthing::instancespath],\n ],\n }\n } else {\n file { '/etc/default/syncthing':\n ensure => absent,\n }\n\n file { '/etc/init.d/syncthing':\n ensure => absent,\n }\n }\n\n# if ($::syncthing::service_type == 'systemd') {\n# } else {\n# }\n\n# service { 'syncthing':\n# ensure => running,\n# enable => true,\n# require => [\n# File['/etc/init.d/syncthing']\n# ],\n# }\n}"}, {"name": "dhcp", "file": "manifests/init.pp", "line": 3, "inherits": "dhcp::params", "docstring": {"text": "== Class: dhcp", "tags": [{"tag_name": "param", "text": "", "types": ["Optional[Array[String[1]]]"], "name": "dnsdomain"}, {"tag_name": "param", "text": "", "types": ["Array[Stdlib::IP::Address::V4]"], "name": "nameservers"}, {"tag_name": "param", "text": "", "types": ["Array[Stdlib::IP::Address::V6]"], "name": "nameservers_ipv6"}, {"tag_name": "param", "text": "", "types": ["Array[Variant[Stdlib::Fqdn,Stdlib::IP::Address]]"], "name": "ntpservers"}, {"tag_name": "param", "text": "", "types": ["Array[String[1]]"], "name": "dnssearchdomains"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "dhcp_conf_header"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "dhcp_conf_ddns"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "dhcp_conf_ntp"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "dhcp_conf_pxe"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "dhcp_conf_extra"}, {"tag_name": "param", "text": "", "types": ["Hash[String[1], Hash[String[1], String[1]]]"], "name": "dhcp_conf_fragments"}, {"tag_name": "param", "text": "", "types": ["Optional[Array[String[1]]]"], "name": "interfaces"}, {"tag_name": "param", "text": "", "types": ["String[1]"], "name": "interface"}, {"tag_name": "param", "text": "", "types": ["Optional[String[1]]"], "name": "dnsupdatekey"}, {"tag_name": "param", "text": "", "types": ["String[1]"], "name": "ddns_update_style"}, {"tag_name": "param", "text": "", "types": ["Optional[String[1]]"], "name": "dnskeyname"}, {"tag_name": "param", "text": "", "types": ["String[1]"], "name": "ddns_update_static"}, {"tag_name": "param", "text": "", "types": ["String[1]"], "name": "ddns_update_optimize"}, {"tag_name": "param", "text": "", "types": ["Enum['allow', 'deny']"], "name": "ddns_client_updates"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::Host]"], "name": "pxeserver"}, {"tag_name": "param", "text": "", "types": ["Optional[String[1]]"], "name": "pxefilename"}, {"tag_name": "param", "text": "", "types": ["Optional[Integer[1]]"], "name": "mtu"}, {"tag_name": "param", "text": "", "types": ["Optional[String[1]]"], "name": "ipxe_filename"}, {"tag_name": "param", "text": "", "types": ["Optional[String[1]]"], "name": "ipxe_bootstrap"}, {"tag_name": "param", "text": "", "types": ["Dhcp::Syslogfacility"], "name": "logfacility"}, {"tag_name": "param", "text": "", "types": ["Integer[-1]"], "name": "default_lease_time"}, {"tag_name": "param", "text": "", "types": ["Integer[-1]"], "name": "max_lease_time"}, {"tag_name": "param", "text": "", "types": ["Stdlib::Ensure::Service"], "name": "service_ensure"}, {"tag_name": "param", "text": "", "types": ["Variant[String,Array[String[1]]]"], "name": "globaloptions"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::Port]"], "name": "omapi_port"}, {"tag_name": "param", "text": "", "types": ["Optional[String[1]]"], "name": "omapi_name"}, {"tag_name": "param", "text": "", "types": ["String[1]"], "name": "omapi_algorithm"}, {"tag_name": "param", "text": "", "types": ["Optional[String[1]]"], "name": "omapi_key"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "authoritative"}, {"tag_name": "param", "text": "", "types": ["Variant[Array[String[1]],String[1]]"], "name": "extra_config"}, {"tag_name": "param", "text": "", "types": ["Stdlib::Absolutepath"], "name": "dhcp_dir"}, {"tag_name": "param", "text": "", "types": ["String[1]"], "name": "dhcpd_conf_filename"}, {"tag_name": "param", "text": "", "types": ["String[1]"], "name": "packagename"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "manage_package"}, {"tag_name": "param", "text": "", "types": ["Variant[String[1],Array[String[1]]]"], "name": "servicename"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "manage_service"}, {"tag_name": "param", "text": "", "types": ["Optional[String[1]]"], "name": "package_provider"}, {"tag_name": "param", "text": "", "types": ["Stdlib::Port"], "name": "ldap_port"}, {"tag_name": "param", "text": "", "types": ["String[1]"], "name": "ldap_server"}, {"tag_name": "param", "text": "", "types": ["String[1]"], "name": "ldap_username"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "ldap_password"}, {"tag_name": "param", "text": "", "types": ["String[1]"], "name": "ldap_base_dn"}, {"tag_name": "param", "text": "", "types": ["Enum['dynamic', 'static']"], "name": "ldap_method"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::Absolutepath]"], "name": "ldap_debug_file"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "use_ldap"}, {"tag_name": "param", "text": "", "types": ["String[1]"], "name": "option_code150_label"}, {"tag_name": "param", "text": "", "types": ["String[1]"], "name": "option_code150_value"}, {"tag_name": "param", "text": "", "types": ["Hash[String[1], Hash]"], "name": "dhcp_classes"}, {"tag_name": "param", "text": "", "types": ["Hash[String[1], Hash]"], "name": "hosts"}, {"tag_name": "param", "text": "", "types": ["Hash[String, Hash]"], "name": "ignoredsubnets"}, {"tag_name": "param", "text": "", "types": ["Hash[String, Hash]"], "name": "pools"}, {"tag_name": "param", "text": "", "types": ["Hash[String, Hash]"], "name": "pools6"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::Absolutepath]"], "name": "dhcpd_binary"}]}, "defaults": {"dnsdomain": "undef", "nameservers": "[]", "nameservers_ipv6": "[]", "ntpservers": "[]", "dnssearchdomains": "[]", "dhcp_conf_header": "'INTERNAL_TEMPLATE'", "dhcp_conf_ddns": "'INTERNAL_TEMPLATE'", "dhcp_conf_ntp": "'INTERNAL_TEMPLATE'", "dhcp_conf_pxe": "'INTERNAL_TEMPLATE'", "dhcp_conf_extra": "'INTERNAL_TEMPLATE'", "dhcp_conf_fragments": "{}", "interfaces": "undef", "interface": "'NOTSET'", "dnsupdatekey": "undef", "ddns_update_style": "'interim'", "dnskeyname": "undef", "ddns_update_static": "'on'", "ddns_update_optimize": "'on'", "ddns_client_updates": "'allow'", "pxeserver": "undef", "pxefilename": "undef", "mtu": "undef", "ipxe_filename": "undef", "ipxe_bootstrap": "undef", "logfacility": "'daemon'", "default_lease_time": "43200", "max_lease_time": "86400", "service_ensure": "'running'", "globaloptions": "''", "omapi_port": "undef", "omapi_name": "undef", "omapi_algorithm": "'HMAC-MD5'", "omapi_key": "undef", "authoritative": "true", "extra_config": "[]", "dhcp_dir": "$dhcp::params::dhcp_dir", "dhcpd_conf_filename": "'dhcpd.conf'", "packagename": "$dhcp::params::packagename", "manage_package": "true", "servicename": "$dhcp::params::servicename", "manage_service": "true", "package_provider": "$dhcp::params::package_provider", "ldap_port": "389", "ldap_server": "'localhost'", "ldap_username": "'cn=root, dc=example, dc=com'", "ldap_password": "''", "ldap_base_dn": "'dc=example, dc=com'", "ldap_method": "'dynamic'", "ldap_debug_file": "undef", "use_ldap": "false", "option_code150_label": "'pxegrub'", "option_code150_value": "'text'", "dhcp_classes": "{}", "hosts": "{}", "ignoredsubnets": "{}", "pools": "{}", "pools6": "{}", "dhcpd_binary": "$dhcp::params::dhcpd_binary"}, "source": "class dhcp (\n Optional[Array[String[1]]] $dnsdomain = undef,\n Array[Stdlib::IP::Address::V4] $nameservers = [],\n Array[Stdlib::IP::Address::V6] $nameservers_ipv6 = [],\n Array[Variant[Stdlib::Fqdn,Stdlib::IP::Address]] $ntpservers = [],\n Array[String[1]] $dnssearchdomains = [],\n String $dhcp_conf_header = 'INTERNAL_TEMPLATE',\n String $dhcp_conf_ddns = 'INTERNAL_TEMPLATE',\n String $dhcp_conf_ntp = 'INTERNAL_TEMPLATE',\n String $dhcp_conf_pxe = 'INTERNAL_TEMPLATE',\n String $dhcp_conf_extra = 'INTERNAL_TEMPLATE',\n Hash[String[1], Hash[String[1], String[1]]] $dhcp_conf_fragments = {},\n Optional[Array[String[1]]] $interfaces = undef,\n String[1] $interface = 'NOTSET',\n Optional[String[1]] $dnsupdatekey = undef,\n String[1] $ddns_update_style = 'interim',\n Optional[String[1]] $dnskeyname = undef,\n String[1] $ddns_update_static = 'on',\n String[1] $ddns_update_optimize = 'on',\n Enum['allow', 'deny'] $ddns_client_updates = 'allow',\n Optional[Stdlib::Host] $pxeserver = undef,\n Optional[String[1]] $pxefilename = undef,\n Optional[Integer[1]] $mtu = undef,\n Optional[String[1]] $ipxe_filename = undef,\n Optional[String[1]] $ipxe_bootstrap = undef,\n Dhcp::Syslogfacility $logfacility = 'daemon',\n Integer[-1] $default_lease_time = 43200,\n Integer[-1] $max_lease_time = 86400,\n Stdlib::Ensure::Service $service_ensure = 'running',\n Variant[String,Array[String[1]]] $globaloptions = '',\n Optional[Stdlib::Port] $omapi_port = undef,\n Optional[String[1]] $omapi_name = undef,\n String[1] $omapi_algorithm = 'HMAC-MD5',\n Optional[String[1]] $omapi_key = undef,\n Boolean $authoritative = true,\n Variant[Array[String[1]],String[1]] $extra_config = [],\n Stdlib::Absolutepath $dhcp_dir = $dhcp::params::dhcp_dir,\n String[1] $dhcpd_conf_filename = 'dhcpd.conf',\n String[1] $packagename = $dhcp::params::packagename,\n Boolean $manage_package = true,\n Variant[String[1],Array[String[1]]] $servicename = $dhcp::params::servicename,\n Boolean $manage_service = true,\n Optional[String[1]] $package_provider = $dhcp::params::package_provider,\n Stdlib::Port $ldap_port = 389,\n String[1] $ldap_server = 'localhost',\n String[1] $ldap_username = 'cn=root, dc=example, dc=com',\n String $ldap_password = '',\n String[1] $ldap_base_dn = 'dc=example, dc=com',\n Enum['dynamic', 'static'] $ldap_method = 'dynamic',\n Optional[Stdlib::Absolutepath] $ldap_debug_file = undef,\n Boolean $use_ldap = false,\n String[1] $option_code150_label = 'pxegrub',\n String[1] $option_code150_value = 'text',\n Hash[String[1], Hash] $dhcp_classes = {},\n Hash[String[1], Hash] $hosts = {},\n Hash[String, Hash] $ignoredsubnets = {},\n Hash[String, Hash] $pools = {},\n Hash[String, Hash] $pools6 = {},\n Optional[Stdlib::Absolutepath] $dhcpd_binary = $dhcp::params::dhcpd_binary\n) inherits dhcp::params {\n # check if extra_config is a string, if so convert it to an array\n if $extra_config =~ String {\n $extra_config_real = [$extra_config]\n } else {\n $extra_config_real = $extra_config\n }\n\n if $dnsdomain {\n $dnsdomain_real = $dnsdomain\n } else {\n if $facts['networking']['domain'] {\n $dnsdomain_real = [$facts['networking']['domain']]\n } else {\n fail('dhcp::dnsdomain must be set and domain fact is missing to use as a default value.')\n }\n }\n\n if $pxeserver or $pxefilename {\n if ! $pxeserver or ! $pxefilename {\n fail( '$pxeserver and $pxefilename are required when enabling pxe' )\n }\n }\n\n if $ipxe_filename or $ipxe_bootstrap {\n if ! $ipxe_filename or ! $ipxe_bootstrap {\n fail( '$ipxe_filename and $ipxe_bootstrap are required when enabling ipxe' )\n }\n }\n\n if $omapi_name or $omapi_key {\n if !$omapi_port or ! $omapi_name or ! $omapi_key or ! $omapi_algorithm {\n fail('$omapi_port, $omapi_name, $omapi_key and $omapi_algorithm are required when defining an OMAPI key')\n }\n }\n\n # Incase people set interface instead of interfaces work around\n # that. If they set both, use interfaces and the user is a unwise\n # and deserves what they get.\n if $interface != 'NOTSET' and $interfaces == undef {\n $dhcp_interfaces = [$interface]\n } elsif $interface == 'NOTSET' and $interfaces == undef {\n fail (\"You need to set \\$interfaces in ${module_name}\")\n } else {\n $dhcp_interfaces = $interfaces\n }\n\n if $dnsupdatekey {\n $_dnsupdatekey_split = split($dnsupdatekey, '[/]')\n $_dnsupdatekey_basename = $_dnsupdatekey_split[-1]\n $_dnskeyname = pick($dnskeyname, $_dnsupdatekey_basename)\n } else {\n $_dnskeyname = $dnskeyname\n }\n\n # JJM Decide where to pull the fragment content from. Either this module, or\n # from the end user. This makes the module much more re-usable by 3rd\n # parties without modifying the module itself.\n #\n # NOTE: These templates should be evaluated after all other local variables\n # have been set.\n $dhcp_conf_header_real = $dhcp_conf_header ? {\n 'INTERNAL_TEMPLATE' => template('dhcp/dhcpd.conf-header.erb'),\n default => $dhcp_conf_header,\n }\n $dhcp_conf_ntp_real = $dhcp_conf_ntp ? {\n 'INTERNAL_TEMPLATE' => template('dhcp/dhcpd.conf.ntp.erb'),\n default => $dhcp_conf_ntp,\n }\n $dhcp_conf_ddns_real = $dhcp_conf_ddns ? {\n 'INTERNAL_TEMPLATE' => template('dhcp/dhcpd.conf.ddns.erb'),\n default => $dhcp_conf_ddns,\n }\n $dhcp_conf_pxe_real = $dhcp_conf_pxe ? {\n 'INTERNAL_TEMPLATE' => template('dhcp/dhcpd.conf.pxe.erb'),\n default => $dhcp_conf_pxe,\n }\n $dhcp_conf_extra_real = $dhcp_conf_extra ? {\n 'INTERNAL_TEMPLATE' => template('dhcp/dhcpd.conf-extra.erb'),\n default => $dhcp_conf_extra,\n }\n\n # Notify service only if manage_service is true\n $service_notify_real = $manage_service ? {\n true => Service[$servicename],\n default => undef,\n }\n\n if $manage_package {\n package { $packagename:\n ensure => installed,\n provider => $package_provider,\n }\n }\n\n file { $dhcp_dir:\n mode => '0755',\n require => Package[$packagename],\n }\n\n case $facts['os']['family'] {\n 'RedHat': {\n if $facts['os']['release']['major'] =~ /(7|8)/ {\n $use_systemd_service_file = true\n } else {\n $use_systemd_service_file = false\n }\n }\n 'ArchLinux': {\n $use_systemd_service_file = true\n }\n default: {\n $use_systemd_service_file = false\n }\n }\n\n if $use_systemd_service_file {\n file { '/etc/systemd/system/dhcpd.service':\n ensure => file,\n owner => 'root',\n group => 'root',\n mode => '0644',\n notify => $service_notify_real,\n content => template('dhcp/dhcpd.service'),\n }\n } else {\n # Only debian and ubuntu have this style of defaults for startup.\n case $facts['os']['family'] {\n 'Debian': {\n file { '/etc/default/isc-dhcp-server':\n ensure => file,\n owner => 'root',\n group => 'root',\n mode => '0644',\n before => Package[$packagename],\n notify => $service_notify_real,\n content => template('dhcp/debian/default_isc-dhcp-server'),\n }\n }\n 'RedHat': {\n file { '/etc/sysconfig/dhcpd':\n ensure => file,\n owner => 'root',\n group => 'root',\n mode => '0644',\n before => Package[$packagename],\n notify => $service_notify_real,\n content => template('dhcp/redhat/sysconfig-dhcpd'),\n }\n }\n /^(FreeBSD|DragonFly)$/: {\n $interfaces_line = join($dhcp_interfaces, ' ')\n augeas { 'set listen interfaces':\n context => '/files/etc/rc.conf',\n changes => \"set dhcpd_ifaces '\\\"${interfaces_line}\\\"'\",\n before => Package[$packagename],\n notify => $service_notify_real,\n }\n }\n default: {}\n }\n }\n\n Concat { require => Package[$packagename],\n notify => $service_notify_real,\n }\n\n # dhcpd.conf\n concat { \"${dhcp_dir}/${dhcpd_conf_filename}\": }\n concat::fragment { 'dhcp-conf-header':\n target => \"${dhcp_dir}/${dhcpd_conf_filename}\",\n content => $dhcp_conf_header_real,\n order => '01',\n }\n concat::fragment { 'dhcp-conf-ntp':\n target => \"${dhcp_dir}/${dhcpd_conf_filename}\",\n content => $dhcp_conf_ntp_real,\n order => '02',\n }\n concat::fragment { 'dhcp-conf-ddns':\n target => \"${dhcp_dir}/${dhcpd_conf_filename}\",\n content => $dhcp_conf_ddns_real,\n order => '10',\n }\n concat::fragment { 'dhcp-conf-pxe':\n target => \"${dhcp_dir}/${dhcpd_conf_filename}\",\n content => $dhcp_conf_pxe_real,\n order => '20',\n }\n concat::fragment { 'dhcp-conf-extra':\n target => \"${dhcp_dir}/${dhcpd_conf_filename}\",\n content => $dhcp_conf_extra_real,\n order => '99',\n }\n\n # Any additional dhcpd.conf fragments the user passed in as a hash for\n # create_resources. This allows the end user almost total control over the\n # DHCP server without modifying this module at all.\n\n # JJM This is commented out because the create_resources in PE does not\n # support the third option.\n # $fragment_defaults = {\n # content => \"# Managed by Puppet\\n\",\n # target => \"${dhcp_dir}/dhcpd.conf\",\n # order => '80',\n # }\n create_resources('concat::fragment', $dhcp_conf_fragments)\n\n # dhcpd.pool\n concat { \"${dhcp_dir}/dhcpd.pools\": }\n concat::fragment { 'dhcp-pools-header':\n target => \"${dhcp_dir}/dhcpd.pools\",\n content => \"# DHCP Pools\\n\",\n order => '01',\n }\n\n # dhcpd.ignoredsubnets\n concat { \"${dhcp_dir}/dhcpd.ignoredsubnets\": }\n concat::fragment { 'dhcp-ignoredsubnets-header':\n target => \"${dhcp_dir}/dhcpd.ignoredsubnets\",\n content => \"# DHCP Subnets (ignored)\\n\",\n order => '01',\n }\n\n # dhcpd.hosts\n concat { \"${dhcp_dir}/dhcpd.hosts\": }\n concat::fragment { 'dhcp-hosts-header':\n target => \"${dhcp_dir}/dhcpd.hosts\",\n content => \"# static DHCP hosts\\n\",\n order => '01',\n }\n\n # Create any DHCP classes requested\n create_resources('dhcp::dhcp_class', $dhcp_classes)\n\n # Create any DHCP hosts requested\n create_resources('dhcp::host', $hosts)\n\n # Ignore any DHCP subnets requested\n create_resources('dhcp::ignoredsubnet', $ignoredsubnets)\n\n # Setup any DHCP pools for IPv6\n create_resources('dhcp::pool6', $pools6)\n\n # Setup any DHCP pools for IPv4\n create_resources('dhcp::pool', $pools)\n\n # check if this is really a bool\n if $use_ldap {\n if ($ldap_password == '') {\n fail('you must set $ldap_password')\n }\n if ($ldap_server == '') {\n fail('you must set $ldap_server')\n }\n if ($ldap_username == '') {\n fail('you must set $ldap_username')\n }\n if ($ldap_base_dn == '') {\n fail('you must set $ldap_username')\n }\n concat::fragment { 'dhcp-conf-ldap':\n target => \"${dhcp_dir}/${dhcpd_conf_filename}\",\n content => template('dhcp/dhcpd.conf-ldap.erb'),\n order => '90',\n }\n }\n\n if $manage_service {\n service { $servicename:\n ensure => $service_ensure,\n enable => true,\n hasstatus => true,\n require => Package[$packagename],\n }\n }\n}"}, {"name": "dhcp::disable", "file": "manifests/disable.pp", "line": 4, "inherits": "dhcp::params", "docstring": {"text": "----------\nRemove and Disable the DHCP server\n----------", "tags": [{"tag_name": "param", "text": "", "types": ["String[1]"], "name": "packagename"}, {"tag_name": "param", "text": "", "types": ["String[1]"], "name": "servicename"}]}, "defaults": {"packagename": "$dhcp::params::packagename", "servicename": "$dhcp::params::servicename"}, "source": "class dhcp::disable (\n String[1] $packagename = $dhcp::params::packagename,\n String[1] $servicename = $dhcp::params::servicename,\n) inherits dhcp::params {\n package { $packagename:\n ensure => absent,\n }\n\n service { $servicename:\n ensure => stopped,\n enable => false,\n hasstatus => true,\n require => Package[$packagename],\n }\n}"}, {"name": "dhcp::failover", "file": "manifests/failover.pp", "line": 3, "docstring": {"text": "== Class: dhcp::failover", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "peer_address"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "role"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "address"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "port"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "max_response_delay"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "max_unacked_updates"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "mclt"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "load_split"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "load_balance"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "omapi_key"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "dhcp_dir"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "dhcpd_conf_filename"}]}, "defaults": {"role": "'primary'", "address": "$facts['networking']['ip']", "port": "'519'", "max_response_delay": "'30'", "max_unacked_updates": "'10'", "mclt": "'300'", "load_split": "'128'", "load_balance": "'3'", "omapi_key": "''", "dhcp_dir": "$dhcp::dhcp_dir", "dhcpd_conf_filename": "$dhcp::dhcpd_conf_filename"}, "source": "class dhcp::failover (\n $peer_address,\n $role = 'primary',\n $address = $facts['networking']['ip'],\n $port = '519',\n $max_response_delay = '30',\n $max_unacked_updates = '10',\n $mclt = '300',\n $load_split = '128',\n $load_balance = '3',\n $omapi_key = '',\n $dhcp_dir = $dhcp::dhcp_dir,\n $dhcpd_conf_filename = $dhcp::dhcpd_conf_filename,\n) {\n concat::fragment { 'dhcp-conf-failover':\n target => \"${dhcp_dir}/${dhcpd_conf_filename}\",\n content => template('dhcp/dhcpd.conf.failover.erb'),\n }\n}"}, {"name": "dhcp::params", "file": "manifests/params.pp", "line": 3, "docstring": {"text": "== Class: dhcp::params"}, "source": "class dhcp::params {\n case $facts['os']['family'] {\n 'Debian': {\n if ( $facts['os']['name'] == 'Ubuntu' ) {\n if (versioncmp($facts['os']['release']['full'], '12.04') >= 0) {\n $dhcp_dir = '/etc/dhcp'\n } else {\n $dhcp_dir = '/etc/dhcp3'\n }\n } else {\n $dhcp_dir = '/etc/dhcp'\n }\n $packagename = 'isc-dhcp-server'\n $servicename = 'isc-dhcp-server'\n $package_provider = undef\n $dhcpd_binary = undef\n }\n 'Darwin': {\n $dhcp_dir = '/opt/local/etc/dhcp'\n $packagename = 'dhcp'\n $servicename = 'org.macports.dhcpd'\n $package_provider = 'macports'\n $dhcpd_binary = undef\n }\n 'FreeBSD': {\n $dhcp_dir = '/usr/local/etc'\n $packagename = 'net/isc-dhcp44-server'\n $servicename = 'isc-dhcpd'\n $package_provider = undef\n $dhcpd_binary = undef\n }\n 'RedHat': {\n $dhcp_dir = '/etc/dhcp'\n if $facts['os']['release']['major'] == '8' {\n $packagename = 'dhcp-server'\n } else {\n $packagename = 'dhcp'\n }\n $servicename = 'dhcpd'\n $package_provider = undef\n $dhcpd_binary = '/usr/sbin/dhcpd'\n }\n 'Archlinux': {\n $dhcp_dir = '/etc'\n $packagename = 'dhcp'\n # we currently do not manage the dhcpd6 config\n #$servicename = ['dhcpd4.service', 'dhcpd6.service']\n $servicename = ['dhcpd4.service']\n $package_provider = 'pacman'\n $dhcpd_binary = '/usr/bin/dhcpd'\n }\n 'Solaris': {\n if ( $facts['os']['name'] != 'SmartOS' ) {\n fail('Only SmartOS variant of Solaris is supported.')\n }\n $dhcp_dir = '/opt/local/etc/dhcp'\n $packagename = 'isc-dhcpd'\n $servicename = 'isc-dhcpd'\n $package_provider = undef\n $dhcpd_binary = undef\n }\n default: {\n fail('dhcp is supported on the following OS\\'s: Debian, Ubuntu, Darwin, FreeBSD, RedHat, Fedora, and CentOS.')\n }\n }\n}"}, {"name": "git", "file": "manifests/init.pp", "line": 16, "docstring": {"text": "Sets up requirements for git", "tags": [{"tag_name": "example", "text": "class { 'git':\n package_ensure => '2.1.0',\n}", "name": "Override the git version"}, {"tag_name": "param", "text": "The path to the git binary", "types": ["Any"], "name": "bin"}, {"tag_name": "param", "text": "Override the name of the git package(s) to include.", "types": ["Any"], "name": "package"}, {"tag_name": "param", "text": "Override the git package ensure", "types": ["Any"], "name": "package_ensure"}, {"tag_name": "see", "text": "on how to use this module.", "name": "git::repo"}]}, "defaults": {"bin": "undef", "package": "undef", "package_ensure": "undef"}, "source": "class git (\n $bin = undef,\n $package = undef,\n $package_ensure = undef,\n) {\n ensure_packages([$package], {'ensure' => $package_ensure})\n}"}, {"name": "borg", "file": "manifests/init.pp", "line": 134, "docstring": {"text": "Main class, includes all other classes.", "tags": [{"tag_name": "param", "text": "Name of the borg package", "types": ["Variant[String[1],Array[String[1]]]"], "name": "package_name"}, {"tag_name": "param", "text": "Enable a postrun command to create prometheus compatible metrics about all backups", "types": ["Boolean"], "name": "create_prometheus_metrics"}, {"tag_name": "param", "text": "Enable to upstream reporter (see create_prometheus_metrics param) or our vendored version", "types": ["Boolean"], "name": "use_upstream_reporter"}, {"tag_name": "param", "text": "Enable the restore helper from Florian 'Bluewind' Pritz (https://metacpan.org/release/App-BorgRestore) as another postrun command (see also the install_restore_script parameter)", "types": ["Boolean"], "name": "update_borg_restore_db_after_backuprun"}, {"tag_name": "param", "text": "Enable management of backup prunes. If this is set to `false` all `keep_*` parameters are ignored.", "types": ["Boolean"], "name": "manage_prune"}, {"tag_name": "param", "text": "For how many years should we keep our backups?", "types": ["Integer[0]"], "name": "keep_yearly"}, {"tag_name": "param", "text": "For how many months should we keep our backups?", "types": ["Integer[0]"], "name": "keep_monthly"}, {"tag_name": "param", "text": "For how many weeks should we keep our backups?", "types": ["Integer[0]"], "name": "keep_weekly"}, {"tag_name": "param", "text": "For how many days should we keep our backups?", "types": ["Integer[0]"], "name": "keep_daily"}, {"tag_name": "param", "text": "For how many days should we keep all backups we have?", "types": ["Integer[0]"], "name": "keep_within"}, {"tag_name": "param", "text": "Compression method and level to use. See the output of `borg help compression` for available options.", "types": ["String[1]"], "name": "compression"}, {"tag_name": "param", "text": "The working directory from where the backup should be created.", "types": ["Stdlib::Absolutepath"], "name": "working_directory"}, {"tag_name": "param", "text": "A list of relative or absolute paths to backup.", "types": ["Array[String[1]]"], "name": "source_paths"}, {"tag_name": "param", "text": "list of default mountpoints that should be excluded from backups. Every mountpoint needs to be explicitly excluded or included. See also the additional_excludes parameter.", "types": ["Array[Stdlib::Absolutepath]"], "name": "excludes"}, {"tag_name": "param", "text": "list of default mountpoints that should be included from backups. Every mountpoint needs to be explicitly excluded or included. See also the additional_includes parameter.", "types": ["Array[Stdlib::Absolutepath]"], "name": "includes"}, {"tag_name": "param", "text": "FQDN for the remote server. Will be written into the local ssh client configuration file.", "types": ["String[1]"], "name": "backupserver"}, {"tag_name": "param", "text": "Install the restore helper via cpanm.", "types": ["Boolean"], "name": "install_restore_script"}, {"tag_name": "param", "text": "The path to the restore helper.", "types": ["Stdlib::Absolutepath"], "name": "restore_script_path"}, {"tag_name": "param", "text": "The path on the remote server where the backups should be written to. $username will be prepended", "types": ["String[1]"], "name": "backupdestdir"}, {"tag_name": "param", "text": "The path where additional backup data should be stored.", "types": ["Stdlib::Absolutepath"], "name": "backupdatadir"}, {"tag_name": "param", "text": "By defaults, backups will be written on the remote host to $username/$backupdestdir. if $absolutebackupdestdir is set this will be used instead", "types": ["Optional[String[1]]"], "name": "absolutebackupdestdir"}, {"tag_name": "param", "text": "A Boolean that enables/disables repository management. Only true on Ubuntu 16.04 at the moment", "types": ["Boolean"], "name": "manage_repository"}, {"tag_name": "param", "text": "We currently support excludes/includes for mountpoints. borg supports also a list of shell glob/regex pattern to filter for files.", "types": ["Array[String[1]]"], "name": "exclude_pattern"}, {"tag_name": "param", "text": "Another array of patterns to extend the modules built-in list (`exclude_pattern` parameter).", "types": ["Array[String[1]]"], "name": "additional_exclude_pattern"}, {"tag_name": "param", "text": "A list of dependencies for the restore helper.", "types": ["Array[String[1]]"], "name": "restore_dependencies"}, {"tag_name": "param", "text": "Ensure state for the borg package.", "types": ["String[1]"], "name": "package_ensure"}, {"tag_name": "param", "text": "Another array of mountpoints to extend the modules built-in list (`excludes` parameter).", "types": ["Array[Stdlib::Absolutepath]"], "name": "additional_excludes"}, {"tag_name": "param", "text": "Another array of mountpoints to extend to modules built-in list (`includes` parameter).", "types": ["Array[Stdlib::Absolutepath]"], "name": "additional_includes"}, {"tag_name": "param", "text": "The ssh username to connect to the remote borg service.", "types": ["String[1]"], "name": "username"}, {"tag_name": "param", "text": "SSH port for the remote server (default: 22). Will be written into the local ssh client configuration file.", "types": ["Stdlib::Port"], "name": "ssh_port"}, {"tag_name": "param", "text": "Version for the perl script App::BorgRestore. change this version and the module will upgrade/downgrade it", "types": ["Pattern[/^\\d*\\.\\d*\\.\\d*$/]"], "name": "borg_restore_version"}, {"tag_name": "param", "text": "cpanm is required on systems where we want to have App::BorgRestore. Legacy systems ship a too old cpanm version. For those operating systems we can install the upstream version.", "types": ["Boolean"], "name": "install_fatpacked_cpanm"}, {"tag_name": "param", "text": "configue a network proxy *type* for the archive resources in this module. You also need to set `proxy_server` if you need a proxy.", "types": ["Optional[Enum['none', 'ftp','http','https']]"], "name": "proxy_type"}, {"tag_name": "param", "text": "Configurea network proxy for the archive resources in this module. By default no proxy will be used", "types": ["Optional[String[1]]"], "name": "proxy_server"}, {"tag_name": "param", "text": "Enable/Disable management of the actual borg package. People on legacy OS or isolated environments can disable this and manage the binary in their profile.", "types": ["Boolean"], "name": "manage_package"}, {"tag_name": "param", "text": "configure your most favourite ssh key type. This will be used to connect to the remote borg server.", "types": ["Enum['rsa', 'ed25519']"], "name": "ssh_key_type"}, {"tag_name": "param", "text": "Configure the name of each backupjob and the time of that job.", "types": ["Hash[String[1],String[1]]"], "name": "backuptime"}, {"tag_name": "param", "text": "Configure possible bastionhosts for the connection.", "types": ["Optional[String[1]]"], "name": "ssh_proxyjump"}, {"tag_name": "param", "text": "Array of units where the borg-backup service should depend on", "types": ["Array[String[1]]"], "name": "wants"}, {"tag_name": "param", "text": "Array of units which the borg-backup service should require", "types": ["Array[String[1]]"], "name": "requires"}, {"tag_name": "param", "text": "Array of units that should be started before the borg-backup service", "types": ["Array[String[1]]"], "name": "after"}, {"tag_name": "param", "text": "BASH code to be executed before the backup job starts. If you wish to use snapshots, create them here.", "types": ["Optional[String[1]]"], "name": "pre_backup_script"}, {"tag_name": "param", "text": "BASH code to be executed after the backup job has finished. If you need to perform any cleanup do so here.", "types": ["Optional[String[1]]"], "name": "post_backup_script"}, {"tag_name": "see", "name": "https://metacpan.org/pod/App::BorgRestore"}]}, "defaults": {"create_prometheus_metrics": "true", "use_upstream_reporter": "false", "update_borg_restore_db_after_backuprun": "true", "manage_prune": "true", "keep_yearly": "3", "keep_monthly": "24", "keep_weekly": "36", "keep_daily": "60", "keep_within": "30", "compression": "'lz4'", "working_directory": "'/'", "source_paths": "['/']", "excludes": "['/tmp', '/sys', '/dev', '/proc', '/run', '/media', '/var/lib/nfs/rpc_pipefs']", "includes": "['/', '/boot', '/boot/efi', '/boot/EFI', '/var/log']", "backupdestdir": "'borg'", "backupdatadir": "'/root/backup-data/'", "absolutebackupdestdir": "undef", "exclude_pattern": "['sh:/home/*/.cache/*', 'sh:/root/.cache/*', 'sh:/var/cache/pacman/pkg/*']", "additional_exclude_pattern": "[]", "restore_dependencies": "[]", "package_ensure": "present", "additional_excludes": "[]", "additional_includes": "[]", "username": "$facts['networking']['hostname']", "ssh_port": "22", "borg_restore_version": "'3.4.4'", "proxy_type": "undef", "proxy_server": "undef", "manage_package": "true", "ssh_key_type": "'ed25519'", "backuptime": "{ 'default' => '18:30:00' }", "ssh_proxyjump": "undef", "wants": "['network-online.target']", "requires": "[]", "after": "['network-online.target']", "pre_backup_script": "undef", "post_backup_script": "undef"}, "source": "class borg (\n Variant[String[1],Array[String[1]]] $package_name,\n String[1] $backupserver,\n Boolean $install_restore_script,\n Stdlib::Absolutepath $restore_script_path,\n Boolean $manage_repository,\n Boolean $install_fatpacked_cpanm,\n Boolean $create_prometheus_metrics = true,\n Boolean $use_upstream_reporter = false,\n Boolean $update_borg_restore_db_after_backuprun = true,\n Boolean $manage_prune = true,\n Integer[0] $keep_yearly = 3,\n Integer[0] $keep_monthly = 24,\n Integer[0] $keep_weekly = 36,\n Integer[0] $keep_daily = 60,\n Integer[0] $keep_within = 30,\n String[1] $compression = 'lz4',\n Stdlib::Absolutepath $working_directory = '/',\n Array[String[1]] $source_paths = ['/'],\n Array[Stdlib::Absolutepath] $excludes = ['/tmp', '/sys', '/dev', '/proc', '/run', '/media', '/var/lib/nfs/rpc_pipefs'],\n Array[Stdlib::Absolutepath] $includes = ['/', '/boot', '/boot/efi', '/boot/EFI', '/var/log'],\n String[1] $backupdestdir = 'borg',\n Stdlib::Absolutepath $backupdatadir = '/root/backup-data/',\n Optional[String[1]] $absolutebackupdestdir = undef,\n Array[String[1]] $exclude_pattern = ['sh:/home/*/.cache/*', 'sh:/root/.cache/*', 'sh:/var/cache/pacman/pkg/*'],\n Array[String[1]] $additional_exclude_pattern = [],\n Array[String[1]] $restore_dependencies = [],\n String[1] $package_ensure = present,\n Array[Stdlib::Absolutepath] $additional_excludes = [],\n Array[Stdlib::Absolutepath] $additional_includes = [],\n String[1] $username = $facts['networking']['hostname'],\n Stdlib::Port $ssh_port = 22,\n Pattern[/^\\d*\\.\\d*\\.\\d*$/] $borg_restore_version = '3.4.4',\n Optional[Enum['none', 'ftp','http','https']] $proxy_type = undef,\n Optional[String[1]] $proxy_server = undef,\n Boolean $manage_package = true,\n Enum['rsa', 'ed25519'] $ssh_key_type = 'ed25519',\n Hash[String[1],String[1]] $backuptime = { 'default' => '18:30:00' },\n Optional[String[1]] $ssh_proxyjump = undef,\n Array[String[1]] $wants = ['network-online.target'],\n Array[String[1]] $requires = [],\n Array[String[1]] $after = ['network-online.target'],\n Optional[String[1]] $pre_backup_script = undef,\n Optional[String[1]] $post_backup_script = undef,\n) {\n contain borg::install\n contain borg::config\n contain borg::service\n\n Class['borg::install']\n -> Class['borg::config']\n ~> Class['borg::service']\n}"}, {"name": "borg::config", "file": "manifests/config.pp", "line": 2, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}]}, "source": "class borg::config {\n assert_private()\n\n $backupdestdir = $borg::absolutebackupdestdir ? {\n Undef => \"${borg::username}/${borg::backupdestdir}\",\n default => $borg::absolutebackupdestdir,\n }\n $numeric = versioncmp(pick(fact('borgbackup.version'), '1.2.0'), '1.2.0') ? {\n -1 => '--numeric-owner',\n default => '--numeric-ids',\n }\n\n # script to run the backup\n file { '/usr/local/bin/borg-backup':\n ensure => 'file',\n content => epp(\"${module_name}/borg-backup.sh.epp\",\n {\n 'manage_prune' => $borg::manage_prune,\n 'keep_within' => $borg::keep_within,\n 'keep_daily' => $borg::keep_daily,\n 'keep_weekly' => $borg::keep_weekly,\n 'keep_monthly' => $borg::keep_monthly,\n 'keep_yearly' => $borg::keep_yearly,\n 'compression' => $borg::compression,\n 'working_directory' => $borg::working_directory,\n 'backupdestdir' => $backupdestdir,\n 'backupdatadir' => $borg::backupdatadir,\n 'pre_backup_script' => $borg::pre_backup_script,\n 'post_backup_script' => $borg::post_backup_script,\n 'numeric' => $numeric,\n }),\n mode => '0755',\n owner => 'root',\n group => 'root',\n }\n\n $ensure = $facts['os']['name'] ? {\n 'Archlinux' => 'absent',\n default => 'file'\n }\n\n # setup the config for the restore script\n file { '/etc/borg-restore.cfg':\n ensure => 'file',\n content => epp(\"${module_name}/borg-restore.cfg.epp\", { 'backupdestdir' => $backupdestdir, }),\n }\n # config file is deprecated and should be absent\n file { '/etc/backup-sh-conf.sh':\n ensure => 'absent',\n }\n # create the backup key for a user\n ssh_keygen { 'root_borg':\n type => $borg::ssh_key_type,\n filename => \"/root/.ssh/id_${borg::ssh_key_type}_borg\",\n home => '/root',\n user => 'root',\n }\n\n # /root/.ssh/config entry for the backup server\n if $borg::ssh_proxyjump {\n ssh::client::config::user { 'root':\n ensure => present,\n user_home_dir => '/root',\n options => {\n 'Host backup' => {\n 'User' => $borg::username,\n 'IdentityFile' => \"~/.ssh/id_${borg::ssh_key_type}_borg\",\n 'Hostname' => $borg::backupserver,\n 'Port' => $borg::ssh_port,\n 'ProxyJump' => $borg::ssh_proxyjump,\n },\n },\n }\n } else {\n ssh::client::config::user { 'root':\n ensure => present,\n user_home_dir => '/root',\n options => {\n 'Host backup' => {\n 'User' => $borg::username,\n 'IdentityFile' => \"~/.ssh/id_${borg::ssh_key_type}_borg\",\n 'Hostname' => $borg::backupserver,\n 'Port' => $borg::ssh_port,\n },\n },\n }\n }\n}"}, {"name": "borg::install", "file": "manifests/install.pp", "line": 3, "docstring": {"text": "This class handles the installation. Avoid modifying private classes.", "tags": [{"tag_name": "api", "text": "private"}]}, "source": "class borg::install {\n assert_private()\n\n if $facts['os']['osfamily'] == 'FreeBSD' {\n $real_package_provider = 'portsng'\n } else {\n $real_package_provider = undef\n }\n\n # ports and portupgrade provider are not available providers on FreeBSD 11\n if $borg::manage_package {\n package { $borg::package_name:\n ensure => $borg::package_ensure,\n provider => $real_package_provider,\n }\n $dependency = Package[$borg::package_name]\n } else {\n $dependency = undef\n }\n\n # at the moment, we only support Ubuntu\n if $borg::manage_repository {\n include apt\n apt::ppa { 'ppa:costamagnagianfranco/borgbackup':\n package_manage => true,\n before => $dependency,\n }\n }\n\n if $borg::install_restore_script {\n if $borg::install_fatpacked_cpanm {\n archive { '/opt/Menlo-Legacy-1.9022.tar.gz':\n extract_path => '/opt',\n extract => true,\n creates => '/opt/cpanminus-Menlo-Legacy-1.9022',\n source => 'https://github.com/miyagawa/cpanminus/archive/Menlo-Legacy-1.9022.tar.gz',\n checksum => '2765ec98c48f85d7652b346d671a0fb3f5cfe4bd',\n checksum_type => 'sha1',\n proxy_type => $borg::proxy_type,\n proxy_server => $borg::proxy_server,\n }\n ~> file { '/usr/local/bin/cpanm':\n ensure => 'file',\n source => '/opt/cpanminus-Menlo-Legacy-1.9022/App-cpanminus/cpanm',\n owner => 'root',\n group => 'root',\n mode => '0755',\n before => Exec['install_borg_restore'],\n }\n }\n $venv_directory = '/opt/BorgRestore'\n ensure_packages($borg::restore_dependencies, { before => Exec['install_borg_restore'] })\n $basic_env_vars = [\"PERL_MB_OPT='--install_base ${venv_directory}'\", \"PERL_MM_OPT='INSTALL_BASE=${venv_directory}'\", \"PERL5LIB='${venv_directory}/lib/perl5'\", \"PERL_LOCAL_LIB_ROOT=${venv_directory}\", 'HOME=/root']\n\n $env_vars = $borg::proxy_server ? {\n Undef => $basic_env_vars,\n default => $basic_env_vars + [\"${borg::proxy_type}_proxy=${borg::proxy_server}\"],\n }\n file { $venv_directory:\n ensure => 'directory',\n }\n -> exec { 'install_borg_restore':\n command => \"cpanm --local-lib-contained ${venv_directory} App::BorgRestore@${borg::borg_restore_version}\",\n unless => \"perl -T -I /opt/BorgRestore/lib/perl5/ -MApp::BorgRestore -E 'exit (\\\"\\$App::BorgRestore::VERSION\\\" ne \\\"${borg::borg_restore_version}\\\")'\",\n path => \"${$venv_directory}/bin:/usr/local/bin:/usr/local/sbin:/usr/sbin:/usr/bin:/sbin:/bin\",\n environment => $env_vars,\n timeout => 1200,\n cwd => '/root',\n require => $dependency,\n }\n file { '/usr/local/bin/borg-restore.pl':\n ensure => 'file',\n content => epp(\"${module_name}/borg-restore.pl\"),\n owner => 'root',\n group => 'root',\n mode => '0755',\n }\n }\n\n $backupdestdir = $borg::absolutebackupdestdir ? {\n Undef => \"${borg::username}/${borg::backupdestdir}\",\n default => $borg::absolutebackupdestdir,\n }\n\n # we're now switching to rh-perl524 from centos-sclo-rh (which comes from the foreman module?)\n if $borg::create_prometheus_metrics {\n if $borg::use_upstream_reporter {\n archive { '/opt/0.1.1.tar.gz':\n extract_path => '/opt',\n creates => '/opt/prometheus-borg-exporter-0.1.1/borg_exporter',\n source => 'https://github.com/teemow/prometheus-borg-exporter/archive/0.1.1.tar.gz',\n extract => true,\n checksum => '307432be6453d83825b18537e105d1180f2d13fa',\n checksum_type => 'sha1',\n proxy_type => $borg::proxy_type,\n proxy_server => $borg::proxy_server,\n }\n ~> file { '/usr/local/bin/borg_exporter':\n ensure => 'file',\n source => '/opt/prometheus-borg-exporter-0.1.1/borg_exporter',\n owner => 'root',\n group => 'root',\n mode => '0755',\n }\n } else {\n file { '/usr/local/bin/borg_exporter':\n ensure => 'file',\n content => epp(\"${module_name}/borg_exporter.sh.epp\"),\n owner => 'root',\n group => 'root',\n mode => '0755',\n }\n }\n file { '/etc/borg':\n ensure => 'file',\n content => epp(\"${module_name}/borg.epp\", {\n 'backupdestdir' => $backupdestdir,\n }),\n }\n }\n\n # setup a profile to export the backup server/path. Otherwise the CLI tooles don't work\n file { '/etc/profile.d/borg.sh':\n ensure => 'file',\n content => epp(\"${module_name}/borg.sh.epp\", {\n 'backupdestdir' => $backupdestdir,\n }),\n }\n}"}, {"name": "borg::service", "file": "manifests/service.pp", "line": 2, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}]}, "source": "class borg::service {\n assert_private()\n\n # there isn't any real service\n # borg runs via a systemd timer\n # You don't have systemd? GO AWAY!\n\n if $facts['systemd'] {\n systemd::unit_file { 'borg-backup.service':\n content => epp(\"${module_name}/borg-backup.service.epp\", {\n 'create_prometheus_metrics' => $borg::create_prometheus_metrics,\n 'restore_script_path' => $borg::restore_script_path,\n 'use_upstream_reporter' => $borg::use_upstream_reporter,\n 'update_borg_restore_db_after_backuprun' => $borg::update_borg_restore_db_after_backuprun,\n 'after' => $borg::after,\n 'wants' => $borg::wants,\n 'requires' => $borg::requires,\n }\n ),\n }\n -> systemd::unit_file { 'borg-backup.timer':\n content => epp(\"${module_name}/borg-backup.timer.epp\",\n backuptime => $borg::backuptime\n ),\n enable => true,\n active => true,\n }\n }\n}"}, {"name": "sysctl::base", "file": "manifests/base.pp", "line": 5, "inherits": "::sysctl::params", "docstring": {"text": "Class: sysctl::base\n\nCommon part for the sysctl definition. Not meant to be used on its own.", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "purge"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "values"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "hiera_merge_values"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "symlink99"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "sysctl_dir"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "sysctl_dir_path"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "sysctl_dir_owner"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "sysctl_dir_group"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "sysctl_dir_mode"}]}, "defaults": {"purge": "false", "values": "undef", "hiera_merge_values": "false", "symlink99": "$::sysctl::params::symlink99", "sysctl_dir": "$::sysctl::params::sysctl_dir", "sysctl_dir_path": "$::sysctl::params::sysctl_dir_path", "sysctl_dir_owner": "$::sysctl::params::sysctl_dir_owner", "sysctl_dir_group": "$::sysctl::params::sysctl_dir_group", "sysctl_dir_mode": "$::sysctl::params::sysctl_dir_mode"}, "source": "class sysctl::base (\n $purge = false,\n $values = undef,\n $hiera_merge_values = false,\n $symlink99 = $::sysctl::params::symlink99,\n $sysctl_dir = $::sysctl::params::sysctl_dir,\n $sysctl_dir_path = $::sysctl::params::sysctl_dir_path,\n $sysctl_dir_owner = $::sysctl::params::sysctl_dir_owner,\n $sysctl_dir_group = $::sysctl::params::sysctl_dir_group,\n $sysctl_dir_mode = $::sysctl::params::sysctl_dir_mode,\n) inherits ::sysctl::params {\n\n # Hiera support\n if $hiera_merge_values == true {\n $values_real = hiera_hash('sysctl::base::values', {})\n } else {\n $values_real = $values\n }\n if $values_real != undef {\n create_resources(sysctl,$values_real)\n }\n\n if $sysctl_dir {\n if $purge {\n $recurse = true\n } else {\n $recurse = false\n }\n file { $sysctl_dir_path:\n ensure => 'directory',\n owner => $sysctl_dir_owner,\n group => $sysctl_dir_group,\n mode => $sysctl_dir_mode,\n # Magic hidden here\n purge => $purge,\n recurse => $recurse,\n }\n if $symlink99 and $sysctl_dir_path =~ /^\\/etc\\/[^\\/]+$/ {\n file { \"${sysctl_dir_path}/99-sysctl.conf\":\n ensure => link,\n owner => $sysctl_dir_owner,\n group => $sysctl_dir_group,\n target => '../sysctl.conf',\n }\n }\n }\n\n}"}, {"name": "sysctl::params", "file": "manifests/params.pp", "line": 1, "docstring": {"text": ""}, "source": "class sysctl::params {\n\n # Keep the original symlink if we purge, to avoid ping-pong with initscripts\n if ($::osfamily == 'RedHat' and\n versioncmp($::operatingsystemmajrelease, '7') >= 0) or\n ($::osfamily == 'Debian' and\n versioncmp($::operatingsystemmajrelease, '8') >= 0) {\n $symlink99 = true\n } else {\n $symlink99 = false\n }\n\n case $::osfamily {\n 'FreeBSD': {\n $sysctl_dir = false\n }\n default: {\n $sysctl_dir = true\n $sysctl_dir_path = '/etc/sysctl.d'\n $sysctl_dir_owner = 'root'\n $sysctl_dir_group = 'root'\n $sysctl_dir_mode = '0755'\n }\n }\n\n}"}, {"name": "elasticsearch", "file": "manifests/init.pp", "line": 338, "docstring": {"text": "Top-level Elasticsearch class which may manage installation of the\nElasticsearch package, package repository, and other\nglobal options and parameters.", "tags": [{"tag_name": "author", "text": "Richard Pijnenburg <richard.pijnenburg@elasticsearch.com>"}, {"tag_name": "author", "text": "Tyler Langlois <tyler.langlois@elastic.co>"}, {"tag_name": "author", "text": "Gavin Williams <gavin.williams@elastic.co>"}, {"tag_name": "example", "text": "class { 'elasticsearch': }", "name": "install Elasticsearch"}, {"tag_name": "example", "text": "class { 'elasticsearch':\n ensure => 'absent',\n}", "name": "removal and decommissioning"}, {"tag_name": "example", "text": "class { 'elasticsearch':\n status => 'disabled',\n}", "name": "install everything but disable service(s) afterwards"}, {"tag_name": "param", "text": "Controls if the managed resources shall be `present` or `absent`.\nIf set to `absent`, the managed software packages will be uninstalled, and\nany traces of the packages will be purged as well as possible, possibly\nincluding existing configuration files.\nSystem modifications (if any) will be reverted as well as possible (e.g.\nremoval of created users, services, changed log settings, and so on).\nThis is a destructive parameter and should be used with care.", "types": ["Enum['absent', 'present']"], "name": "ensure"}, {"tag_name": "param", "text": "Defines the default REST basic auth password for API authentication.", "types": ["Optional[String]"], "name": "api_basic_auth_password"}, {"tag_name": "param", "text": "Defines the default REST basic auth username for API authentication.", "types": ["Optional[String]"], "name": "api_basic_auth_username"}, {"tag_name": "param", "text": "Path to a CA file which will be used to validate server certs when\ncommunicating with the Elasticsearch API over HTTPS.", "types": ["Optional[String]"], "name": "api_ca_file"}, {"tag_name": "param", "text": "Path to a directory with CA files which will be used to validate server\ncerts when communicating with the Elasticsearch API over HTTPS.", "types": ["Optional[String]"], "name": "api_ca_path"}, {"tag_name": "param", "text": "Default host to use when accessing Elasticsearch APIs.", "types": ["String"], "name": "api_host"}, {"tag_name": "param", "text": "Default port to use when accessing Elasticsearch APIs.", "types": ["Integer[0, 65535]"], "name": "api_port"}, {"tag_name": "param", "text": "Default protocol to use when accessing Elasticsearch APIs.", "types": ["Enum['http', 'https']"], "name": "api_protocol"}, {"tag_name": "param", "text": "Default timeout (in seconds) to use when accessing Elasticsearch APIs.", "types": ["Integer"], "name": "api_timeout"}, {"tag_name": "param", "text": "If set to `true`, any managed package will be upgraded on each Puppet run\nwhen the package provider is able to find a newer version than the present\none. The exact behavior is provider dependent (see\n{package, \"upgradeable\"}[http://j.mp/xbxmNP] in the Puppet documentation).", "types": ["Boolean"], "name": "autoupgrade"}, {"tag_name": "param", "text": "Path to the trusted CA certificate to add to this node's Java keystore.", "types": ["Optional[Stdlib::Absolutepath]"], "name": "ca_certificate"}, {"tag_name": "param", "text": "Path to the certificate for this node signed by the CA listed in\nca_certificate.", "types": ["Optional[Stdlib::Absolutepath]"], "name": "certificate"}, {"tag_name": "param", "text": "Elasticsearch configuration hash.", "types": ["Hash"], "name": "config"}, {"tag_name": "param", "text": "Directory containing the elasticsearch configuration.\nUse this setting if your packages deviate from the norm (`/etc/elasticsearch`)", "types": ["Stdlib::Absolutepath"], "name": "configdir"}, {"tag_name": "param", "text": "Dictates how deeply the file copy recursion logic should descend when\ncopying files from the `configdir` to instance `configdir`s.", "types": ["Integer"], "name": "configdir_recurselimit"}, {"tag_name": "param", "text": "File pattern for the file appender log when file_rolling_type is 'dailyRollingFile'.", "types": ["String"], "name": "daily_rolling_date_pattern"}, {"tag_name": "param", "text": "Allows you to set the data directory of Elasticsearch.", "types": ["Elasticsearch::Multipath"], "name": "datadir"}, {"tag_name": "param", "text": "Default logging level for Elasticsearch.", "types": ["String"], "name": "default_logging_level"}, {"tag_name": "param", "text": "Absolute path to directory containing init defaults file.", "types": ["Optional[Stdlib::Absolutepath]"], "name": "defaults_location"}, {"tag_name": "param", "text": "Whether to enable deprecation logging. If enabled, deprecation logs will be\nsaved to ${cluster.name}_deprecation.log in the Elasticsearch log folder.", "types": ["Boolean"], "name": "deprecation_logging"}, {"tag_name": "param", "text": "Default deprecation logging level for Elasticsearch.", "types": ["String"], "name": "deprecation_logging_level"}, {"tag_name": "param", "text": "Command-line invocation with which to retrieve an optional package_url.", "types": ["Optional[String]"], "name": "download_tool"}, {"tag_name": "param", "text": "Command-line invocation with which to retrieve an optional package_url when\ncertificate verification should be ignored.", "types": ["Optional[String]"], "name": "download_tool_insecure"}, {"tag_name": "param", "text": "Whether or not to verify SSL/TLS certificates when retrieving package files\nusing a download tool instead of a package management provider.", "types": ["Boolean"], "name": "download_tool_verify_certificates"}, {"tag_name": "param", "text": "The group Elasticsearch should run as. This also sets file group\npermissions.", "types": ["String"], "name": "elasticsearch_group"}, {"tag_name": "param", "text": "The user Elasticsearch should run as. This also sets file ownership.", "types": ["String"], "name": "elasticsearch_user"}, {"tag_name": "param", "text": "Configuration for the file appender rotation. It can be 'dailyRollingFile',\n'rollingFile' or 'file'. The first rotates by name, the second one by size\nor third don't rotate automatically.", "types": ["Enum['dailyRollingFile', 'rollingFile', 'file']"], "name": "file_rolling_type"}, {"tag_name": "param", "text": "Directory where the elasticsearch installation's files are kept (plugins, etc.)", "types": ["Stdlib::Absolutepath"], "name": "homedir"}, {"tag_name": "param", "text": "Define indices via a hash. This is mainly used with Hiera's auto binding.", "types": ["Hash"], "name": "indices"}, {"tag_name": "param", "text": "Defaults file content in hash representation.", "types": ["Hash"], "name": "init_defaults"}, {"tag_name": "param", "text": "Defaults file as puppet resource.", "types": ["Optional[String]"], "name": "init_defaults_file"}, {"tag_name": "param", "text": "Service file as a template.", "types": ["String"], "name": "init_template"}, {"tag_name": "param", "text": "Array of options to set in jvm_options.", "types": ["Array[String]"], "name": "jvm_options"}, {"tag_name": "param", "text": "Password to encrypt this node's Java keystore.", "types": ["Optional[String]"], "name": "keystore_password"}, {"tag_name": "param", "text": "Custom path to the Java keystore file. This parameter is optional.", "types": ["Optional[Stdlib::Absolutepath]"], "name": "keystore_path"}, {"tag_name": "param", "text": "Optional Elasticsearch license in hash or string form.", "types": ["Optional[Variant[String, Hash]]"], "name": "license"}, {"tag_name": "param", "text": "Directory that will be used for Elasticsearch logging.", "types": ["Stdlib::Absolutepath"], "name": "logdir"}, {"tag_name": "param", "text": "Mode directory that will be used for Elasticsearch logging (default 2750).", "types": ["Stdlib::Filemode"], "name": "logdir_mode"}, {"tag_name": "param", "text": "Representation of information to be included in the log4j.properties file.", "types": ["Hash"], "name": "logging_config"}, {"tag_name": "param", "text": "Instead of a hash, you may supply a `puppet://` file source for the\nlog4j.properties file.", "types": ["Optional[String]"], "name": "logging_file"}, {"tag_name": "param", "text": "Default logging level for Elasticsearch.", "types": ["String"], "name": "logging_level"}, {"tag_name": "param", "text": "Use a custom logging template - just supply the relative path, i.e.\n`$module/elasticsearch/logging.yml.erb`", "types": ["Optional[String]"], "name": "logging_template"}, {"tag_name": "param", "text": "Enable datadir management (default true).", "types": ["Boolean"], "name": "manage_datadir"}, {"tag_name": "param", "text": "Enable logdir management (default true).", "types": ["Boolean"], "name": "manage_logdir"}, {"tag_name": "param", "text": "Enable repo management by enabling official Elastic repositories.", "types": ["Boolean"], "name": "manage_repo"}, {"tag_name": "param", "text": "Whether to use the purely open source Elasticsearch package distribution.", "types": ["Boolean"], "name": "oss"}, {"tag_name": "param", "text": "Directory where packages are downloaded to.", "types": ["Stdlib::Absolutepath"], "name": "package_dir"}, {"tag_name": "param", "text": "For http, https, and ftp downloads, you may set how long the exec resource\nmay take.", "types": ["Integer"], "name": "package_dl_timeout"}, {"tag_name": "param", "text": "Name Of the package to install.", "types": ["String"], "name": "package_name"}, {"tag_name": "param", "text": "Method to install the packages, currently only `package` is supported.", "types": ["Enum['package']"], "name": "package_provider"}, {"tag_name": "param", "text": "URL of the package to download.\nThis can be an http, https, or ftp resource for remote packages, or a\n`puppet://` resource or `file:/` for local packages", "types": ["Optional[String]"], "name": "package_url"}, {"tag_name": "param", "text": "Directory where the elasticsearch process should write out its PID.", "types": ["Optional[Stdlib::Absolutepath]"], "name": "pid_dir"}, {"tag_name": "param", "text": "Define pipelines via a hash. This is mainly used with Hiera's auto binding.", "types": ["Hash"], "name": "pipelines"}, {"tag_name": "param", "text": "Directory containing elasticsearch plugins.\nUse this setting if your packages deviate from the norm (/usr/share/elasticsearch/plugins)", "types": ["Optional[Stdlib::Absolutepath]"], "name": "plugindir"}, {"tag_name": "param", "text": "Define plugins via a hash. This is mainly used with Hiera's auto binding.", "types": ["Hash"], "name": "plugins"}, {"tag_name": "param", "text": "Path to the key associated with this node's certificate.", "types": ["Optional[Stdlib::Absolutepath]"], "name": "private_key"}, {"tag_name": "param", "text": "The type of the private key. Usually the private key is of type RSA key but it can also be an Elliptic Curve key (EC) or DSA.", "types": ["Enum['rsa','dsa','ec']"], "name": "private_key_type"}, {"tag_name": "param", "text": "For http and https downloads, you may set a proxy server to use. By default,\nno proxy is used.\nFormat: `proto://[user:pass@]server[:port]/`", "types": ["Optional[Stdlib::HTTPUrl]"], "name": "proxy_url"}, {"tag_name": "param", "text": "Purge the config directory of any unmanaged files.", "types": ["Boolean"], "name": "purge_configdir"}, {"tag_name": "param", "text": "Purge package directory on removal", "types": ["Boolean"], "name": "purge_package_dir"}, {"tag_name": "param", "text": "Whether or not keys present in the keystore will be removed if they are not\npresent in the specified secrets hash.", "types": ["Boolean"], "name": "purge_secrets"}, {"tag_name": "param", "text": "Use stdlib stage setup for managing the repo instead of relationship\nordering.", "types": ["Variant[Boolean, String]"], "name": "repo_stage"}, {"tag_name": "param", "text": "Determines if the application should be automatically restarted\nwhenever the configuration, package, or plugins change. Enabling this\nsetting will cause Elasticsearch to restart whenever there is cause to\nre-read configuration files, load new plugins, or start the service using an\nupdated/changed executable. This may be undesireable in highly available\nenvironments. If all other restart_* parameters are left unset, the value of\n`restart_on_change` is used for all other restart_*_change defaults.", "types": ["Boolean"], "name": "restart_on_change"}, {"tag_name": "param", "text": "Determines if the application should be automatically restarted\nwhenever the configuration changes. This includes the Elasticsearch\nconfiguration file, any service files, and defaults files.\nDisabling automatic restarts on config changes may be desired in an\nenvironment where you need to ensure restarts occur in a controlled/rolling\nmanner rather than during a Puppet run.", "types": ["Boolean"], "name": "restart_config_change"}, {"tag_name": "param", "text": "Determines if the application should be automatically restarted\nwhenever the package (or package version) for Elasticsearch changes.\nDisabling automatic restarts on package changes may be desired in an\nenvironment where you need to ensure restarts occur in a controlled/rolling\nmanner rather than during a Puppet run.", "types": ["Boolean"], "name": "restart_package_change"}, {"tag_name": "param", "text": "Determines if the application should be automatically restarted whenever\nplugins are installed or removed.\nDisabling automatic restarts on plugin changes may be desired in an\nenvironment where you need to ensure restarts occur in a controlled/rolling\nmanner rather than during a Puppet run.", "types": ["Boolean"], "name": "restart_plugin_change"}, {"tag_name": "param", "text": "Define roles via a hash. This is mainly used with Hiera's auto binding.", "types": ["Hash"], "name": "roles"}, {"tag_name": "param", "text": "Max number of logs to store whern file_rolling_type is 'rollingFile'", "types": ["Integer"], "name": "rolling_file_max_backup_index"}, {"tag_name": "param", "text": "Max log file size when file_rolling_type is 'rollingFile'", "types": ["String"], "name": "rolling_file_max_file_size"}, {"tag_name": "param", "text": "Define scripts via a hash. This is mainly used with Hiera's auto binding.", "types": ["Hash"], "name": "scripts"}, {"tag_name": "param", "text": "Optional default configuration hash of key/value pairs to store in the\nElasticsearch keystore file. If unset, the keystore is left unmanaged.", "types": ["Optional[Hash]"], "name": "secrets"}, {"tag_name": "param", "text": "File content for x-pack logging configuration file (will be placed\ninto log4j2.properties file).", "types": ["Optional[String]"], "name": "security_logging_content"}, {"tag_name": "param", "text": "File source for x-pack logging configuration file (will be placed\ninto log4j2.properties).", "types": ["Optional[String]"], "name": "security_logging_source"}, {"tag_name": "param", "text": "Elasticsearch service name", "types": ["String"], "name": "service_name"}, {"tag_name": "param", "text": "The service resource type provider to use when managing elasticsearch instances.", "types": ["Enum['init', 'openbsd', 'openrc', 'systemd']"], "name": "service_provider"}, {"tag_name": "param", "text": "Define snapshot repositories via a hash. This is mainly used with Hiera's auto binding.", "types": ["Hash"], "name": "snapshot_repositories"}, {"tag_name": "param", "text": "Whether to manage TLS certificates. Requires the ca_certificate,\ncertificate, private_key and keystore_password parameters to be set.", "types": ["Boolean"], "name": "ssl"}, {"tag_name": "param", "text": "To define the status of the service. If set to `enabled`, the service will\nbe run and will be started at boot time. If set to `disabled`, the service\nis stopped and will not be started at boot time. If set to `running`, the\nservice will be run but will not be started at boot time. You may use this\nto start a service on the first Puppet run instead of the system startup.\nIf set to `unmanaged`, the service will not be started at boot time and Puppet\ndoes not care whether the service is running or not. For example, this may\nbe useful if a cluster management software is used to decide when to start\nthe service plus assuring it is running on the desired node.", "types": ["Elasticsearch::Status"], "name": "status"}, {"tag_name": "param", "text": "Source for the x-pack system key. Valid values are any that are\nsupported for the file resource `source` parameter.", "types": ["Optional[String]"], "name": "system_key"}, {"tag_name": "param", "text": "Path to the directory in which to install systemd service units.", "types": ["Stdlib::Absolutepath"], "name": "systemd_service_path"}, {"tag_name": "param", "text": "Define templates via a hash. This is mainly used with Hiera's auto binding.", "types": ["Hash"], "name": "templates"}, {"tag_name": "param", "text": "Define templates via a hash. This is mainly used with Hiera's auto binding.", "types": ["Hash"], "name": "users"}, {"tag_name": "param", "text": "Enable TLS/SSL validation on API calls.", "types": ["Boolean"], "name": "validate_tls"}, {"tag_name": "param", "text": "To set the specific version you want to install.", "types": ["Variant[String, Boolean]"], "name": "version"}, {"tag_name": "summary", "text": "Manages the installation of Elasticsearch and related options."}]}, "defaults": {"ca_certificate": "undef", "certificate": "undef", "default_logging_level": "$logging_level", "keystore_password": "undef", "keystore_path": "undef", "private_key": "undef", "private_key_type": "'rsa'", "restart_config_change": "$restart_on_change", "restart_package_change": "$restart_on_change", "restart_plugin_change": "$restart_on_change", "logdir_mode": "'2750'"}, "source": "class elasticsearch (\n Enum['absent', 'present'] $ensure,\n Optional[String] $api_basic_auth_password,\n Optional[String] $api_basic_auth_username,\n Optional[String] $api_ca_file,\n Optional[String] $api_ca_path,\n String $api_host,\n Integer[0, 65535] $api_port,\n Enum['http', 'https'] $api_protocol,\n Integer $api_timeout,\n Boolean $autoupgrade,\n Hash $config,\n Stdlib::Absolutepath $configdir,\n Integer $configdir_recurselimit,\n String $daily_rolling_date_pattern,\n Elasticsearch::Multipath $datadir,\n Optional[Stdlib::Absolutepath] $defaults_location,\n Boolean $deprecation_logging,\n String $deprecation_logging_level,\n Optional[String] $download_tool,\n Optional[String] $download_tool_insecure,\n Boolean $download_tool_verify_certificates,\n String $elasticsearch_group,\n String $elasticsearch_user,\n Enum['dailyRollingFile', 'rollingFile', 'file'] $file_rolling_type,\n Stdlib::Absolutepath $homedir,\n Hash $indices,\n Hash $init_defaults,\n Optional[String] $init_defaults_file,\n String $init_template,\n Array[String] $jvm_options,\n Optional[Variant[String, Hash]] $license,\n Stdlib::Absolutepath $logdir,\n Hash $logging_config,\n Optional[String] $logging_file,\n String $logging_level,\n Optional[String] $logging_template,\n Boolean $manage_datadir,\n Boolean $manage_logdir,\n Boolean $manage_repo,\n Boolean $oss,\n Stdlib::Absolutepath $package_dir,\n Integer $package_dl_timeout,\n String $package_name,\n Enum['package'] $package_provider,\n Optional[String] $package_url,\n Optional[Stdlib::Absolutepath] $pid_dir,\n Hash $pipelines,\n Optional[Stdlib::Absolutepath] $plugindir,\n Hash $plugins,\n Optional[Stdlib::HTTPUrl] $proxy_url,\n Boolean $purge_configdir,\n Boolean $purge_package_dir,\n Boolean $purge_secrets,\n Variant[Boolean, String] $repo_stage,\n Boolean $restart_on_change,\n Hash $roles,\n Integer $rolling_file_max_backup_index,\n String $rolling_file_max_file_size,\n Hash $scripts,\n Optional[Hash] $secrets,\n Optional[String] $security_logging_content,\n Optional[String] $security_logging_source,\n String $service_name,\n Enum['init', 'openbsd', 'openrc', 'systemd'] $service_provider,\n Hash $snapshot_repositories,\n Boolean $ssl,\n Elasticsearch::Status $status,\n Optional[String] $system_key,\n Stdlib::Absolutepath $systemd_service_path,\n Hash $templates,\n Hash $users,\n Boolean $validate_tls,\n Variant[String, Boolean] $version,\n Optional[Stdlib::Absolutepath] $ca_certificate = undef,\n Optional[Stdlib::Absolutepath] $certificate = undef,\n String $default_logging_level = $logging_level,\n Optional[String] $keystore_password = undef,\n Optional[Stdlib::Absolutepath] $keystore_path = undef,\n Optional[Stdlib::Absolutepath] $private_key = undef,\n Enum['rsa','dsa','ec'] $private_key_type = 'rsa',\n Boolean $restart_config_change = $restart_on_change,\n Boolean $restart_package_change = $restart_on_change,\n Boolean $restart_plugin_change = $restart_on_change,\n Stdlib::Filemode $logdir_mode = '2750',\n) {\n #### Validate parameters\n\n if ($package_url != undef and $version != false) {\n fail('Unable to set the version number when using package_url option.')\n }\n\n if ($version != false) {\n case $facts['os']['family'] {\n 'RedHat', 'Linux', 'Suse': {\n if ($version =~ /.+-\\d/) {\n $pkg_version = $version\n } else {\n $pkg_version = \"${version}-1\"\n }\n }\n default: {\n $pkg_version = $version\n }\n }\n }\n\n # This value serves as an unchanging default for platforms as a default for\n # init scripts to fallback on.\n $_datadir_default = $facts['kernel'] ? {\n 'Linux' => '/var/lib/elasticsearch',\n 'OpenBSD' => '/var/elasticsearch/data',\n default => undef,\n }\n\n # The OSS package distribution's package appends `-oss` to the end of the\n # canonical package name.\n $_package_name = $oss ? {\n true => \"${package_name}-oss\",\n default => $package_name,\n }\n\n # Set the plugin path variable for use later in the module.\n if $plugindir == undef {\n $real_plugindir = \"${homedir}/plugins\"\n } else {\n $real_plugindir = $plugindir\n }\n\n # Should we restart Elasticsearch on config change?\n $_notify_service = $elasticsearch::restart_config_change ? {\n true => Service[$elasticsearch::service_name],\n false => undef,\n }\n\n #### Manage actions\n\n contain elasticsearch::package\n contain elasticsearch::config\n contain elasticsearch::service\n\n create_resources('elasticsearch::index', $elasticsearch::indices)\n create_resources('elasticsearch::pipeline', $elasticsearch::pipelines)\n create_resources('elasticsearch::plugin', $elasticsearch::plugins)\n create_resources('elasticsearch::role', $elasticsearch::roles)\n create_resources('elasticsearch::script', $elasticsearch::scripts)\n create_resources('elasticsearch::snapshot_repository', $elasticsearch::snapshot_repositories)\n create_resources('elasticsearch::template', $elasticsearch::templates)\n create_resources('elasticsearch::user', $elasticsearch::users)\n\n if ($manage_repo == true) {\n if ($repo_stage == false) {\n # Use normal relationship ordering\n contain elastic_stack::repo\n\n Class['elastic_stack::repo']\n -> Class['elasticsearch::package']\n } else {\n # Use staging for ordering\n if !(defined(Stage[$repo_stage])) {\n stage { $repo_stage: before => Stage['main'] }\n }\n\n include elastic_stack::repo\n Class<|title == 'elastic_stack::repo'|> {\n stage => $repo_stage,\n }\n }\n }\n\n if ($license != undef) {\n contain elasticsearch::license\n }\n\n #### Manage relationships\n #\n # Note that many of these overly verbose declarations work around\n # https://tickets.puppetlabs.com/browse/PUP-1410\n # which means clean arrow order chaining won't work if someone, say,\n # doesn't declare any plugins.\n #\n # forgive me for what you're about to see\n\n if defined(Class['java']) { Class['java'] -> Class['elasticsearch::config'] }\n\n if $ensure == 'present' {\n # Installation, configuration and service\n Class['elasticsearch::package']\n -> Class['elasticsearch::config']\n\n if $restart_config_change {\n Class['elasticsearch::config'] ~> Class['elasticsearch::service']\n } else {\n Class['elasticsearch::config'] -> Class['elasticsearch::service']\n }\n\n # Top-level ordering bindings for resources.\n Class['elasticsearch::config']\n -> Elasticsearch::Plugin <| ensure == 'present' or ensure == 'installed' |>\n Elasticsearch::Plugin <| ensure == 'absent' |>\n -> Class['elasticsearch::config']\n Class['elasticsearch::config']\n -> Elasticsearch::User <| ensure == 'present' |>\n # Elasticsearch::User <| ensure == 'absent' |>\n # -> Class['elasticsearch::config']\n # Class['elasticsearch::config']\n # -> Elasticsearch::Role <| |>\n Class['elasticsearch::config']\n -> Elasticsearch::Template <| |>\n Class['elasticsearch::config']\n -> Elasticsearch::Pipeline <| |>\n Class['elasticsearch::config']\n -> Elasticsearch::Index <| |>\n Class['elasticsearch::config']\n -> Elasticsearch::Snapshot_repository <| |>\n } else {\n # Absent; remove configuration before the package.\n Class['elasticsearch::config']\n -> Class['elasticsearch::package']\n\n # Top-level ordering bindings for resources.\n Elasticsearch::Plugin <| |>\n -> Class['elasticsearch::config']\n Elasticsearch::User <| |>\n -> Class['elasticsearch::config']\n Elasticsearch::Role <| |>\n -> Class['elasticsearch::config']\n Elasticsearch::Template <| |>\n -> Class['elasticsearch::config']\n Elasticsearch::Pipeline <| |>\n -> Class['elasticsearch::config']\n Elasticsearch::Index <| |>\n -> Class['elasticsearch::config']\n Elasticsearch::Snapshot_repository <| |>\n -> Class['elasticsearch::config']\n }\n\n # Install plugins before managing users/roles\n Elasticsearch::Plugin <| ensure == 'present' or ensure == 'installed' |>\n -> Elasticsearch::User <| |>\n Elasticsearch::Plugin <| ensure == 'present' or ensure == 'installed' |>\n -> Elasticsearch::Role <| |>\n\n # Remove plugins after managing users/roles\n Elasticsearch::User <| |>\n -> Elasticsearch::Plugin <| ensure == 'absent' |>\n Elasticsearch::Role <| |>\n -> Elasticsearch::Plugin <| ensure == 'absent' |>\n\n # Ensure roles are defined before managing users that reference roles\n Elasticsearch::Role <| |>\n -> Elasticsearch::User <| ensure == 'present' |>\n # Ensure users are removed before referenced roles are managed\n Elasticsearch::User <| ensure == 'absent' |>\n -> Elasticsearch::Role <| |>\n\n # Ensure users and roles are managed before calling out to REST resources\n Elasticsearch::Role <| |>\n -> Elasticsearch::Template <| |>\n Elasticsearch::User <| |>\n -> Elasticsearch::Template <| |>\n Elasticsearch::Role <| |>\n -> Elasticsearch::Pipeline <| |>\n Elasticsearch::User <| |>\n -> Elasticsearch::Pipeline <| |>\n Elasticsearch::Role <| |>\n -> Elasticsearch::Index <| |>\n Elasticsearch::User <| |>\n -> Elasticsearch::Index <| |>\n Elasticsearch::Role <| |>\n -> Elasticsearch::Snapshot_repository <| |>\n Elasticsearch::User <| |>\n -> Elasticsearch::Snapshot_repository <| |>\n\n # Ensure that any command-line based user changes are performed before the\n # file is modified\n Elasticsearch_user <| |>\n -> Elasticsearch_user_file <| |>\n}"}, {"name": "elasticsearch::config", "file": "manifests/config.pp", "line": 14, "docstring": {"text": "This class exists to coordinate all configuration related actions,\nfunctionality and logical units in a central place.\n\nIt is not intended to be used directly by external resources like node\ndefinitions or other modules.\n\n\u00a0@author Gavin Williams <gavin.williams@elastic.co>", "tags": [{"tag_name": "author", "text": "Richard Pijnenburg <richard.pijnenburg@elasticsearch.com>"}, {"tag_name": "author", "text": "Tyler Langlois <tyler.langlois@elastic.co>"}, {"tag_name": "example", "text": "class { 'elasticsearch::config': }", "name": "importing this class into other classes to use its functionality:"}]}, "source": "class elasticsearch::config {\n #### Configuration\n\n Exec {\n path => ['/bin', '/usr/bin', '/usr/local/bin'],\n cwd => '/',\n }\n\n $init_defaults = {\n 'MAX_OPEN_FILES' => '65535',\n }.merge($elasticsearch::init_defaults)\n\n if ($elasticsearch::ensure == 'present') {\n file {\n $elasticsearch::homedir:\n ensure => 'directory',\n group => $elasticsearch::elasticsearch_group,\n owner => $elasticsearch::elasticsearch_user;\n $elasticsearch::configdir:\n ensure => 'directory',\n group => $elasticsearch::elasticsearch_group,\n owner => $elasticsearch::elasticsearch_user,\n mode => '2750';\n $elasticsearch::real_plugindir:\n ensure => 'directory',\n group => $elasticsearch::elasticsearch_group,\n owner => $elasticsearch::elasticsearch_user,\n mode => 'o+Xr';\n \"${elasticsearch::homedir}/lib\":\n ensure => 'directory',\n group => '0',\n owner => 'root',\n mode => '0755',\n recurse => true;\n }\n if $elasticsearch::manage_datadir {\n file { $elasticsearch::datadir:\n ensure => 'directory',\n group => $elasticsearch::elasticsearch_group,\n owner => $elasticsearch::elasticsearch_user,\n mode => '2750',\n }\n }\n if $elasticsearch::manage_logdir {\n file { $elasticsearch::logdir:\n ensure => 'directory',\n group => $elasticsearch::elasticsearch_group,\n owner => $elasticsearch::elasticsearch_user,\n mode => $elasticsearch::logdir_mode,\n }\n }\n\n # Defaults file, either from file source or from hash to augeas commands\n if ($elasticsearch::init_defaults_file != undef) {\n file { \"${elasticsearch::defaults_location}/elasticsearch\":\n ensure => $elasticsearch::ensure,\n source => $elasticsearch::init_defaults_file,\n owner => 'root',\n group => $elasticsearch::elasticsearch_group,\n mode => '0660',\n before => Service[$elasticsearch::service_name],\n notify => $elasticsearch::_notify_service,\n }\n } else {\n augeas { \"${elasticsearch::defaults_location}/elasticsearch\":\n incl => \"${elasticsearch::defaults_location}/elasticsearch\",\n lens => 'Shellvars.lns',\n changes => template(\"${module_name}/etc/sysconfig/defaults.erb\"),\n before => Service[$elasticsearch::service_name],\n notify => $elasticsearch::_notify_service,\n }\n }\n\n # Generate config file\n $_config = deep_implode($elasticsearch::config)\n\n # Generate SSL config\n if $elasticsearch::ssl {\n if ($elasticsearch::keystore_password == undef) {\n fail('keystore_password required')\n }\n\n if ($elasticsearch::keystore_path == undef) {\n $_keystore_path = \"${elasticsearch::configdir}/elasticsearch.ks\"\n } else {\n $_keystore_path = $elasticsearch::keystore_path\n }\n\n # Set the correct xpack. settings based on ES version\n if ($elasticsearch::version != false and versioncmp($elasticsearch::version, '7') >= 0) {\n $_tls_config = {\n 'xpack.security.http.ssl.enabled' => true,\n 'xpack.security.http.ssl.keystore.path' => $_keystore_path,\n 'xpack.security.http.ssl.keystore.password' => $elasticsearch::keystore_password,\n 'xpack.security.transport.ssl.enabled' => true,\n 'xpack.security.transport.ssl.keystore.path' => $_keystore_path,\n 'xpack.security.transport.ssl.keystore.password' => $elasticsearch::keystore_password,\n }\n }\n else {\n $_tls_config = {\n 'xpack.security.transport.ssl.enabled' => true,\n 'xpack.security.http.ssl.enabled' => true,\n 'xpack.ssl.keystore.path' => $_keystore_path,\n 'xpack.ssl.keystore.password' => $elasticsearch::keystore_password,\n }\n }\n\n # Trust CA Certificate\n java_ks { 'elasticsearch_ca':\n ensure => 'latest',\n certificate => $elasticsearch::ca_certificate,\n target => $_keystore_path,\n password => $elasticsearch::keystore_password,\n trustcacerts => true,\n }\n\n # Load node certificate and private key\n java_ks { 'elasticsearch_node':\n ensure => 'latest',\n certificate => $elasticsearch::certificate,\n private_key => $elasticsearch::private_key,\n private_key_type => $elasticsearch::private_key_type,\n target => $_keystore_path,\n password => $elasticsearch::keystore_password,\n }\n } else {\n $_tls_config = {}\n }\n\n # # Logging file or hash\n # if ($elasticsearch::logging_file != undef) {\n # $_log4j_content = undef\n # } else {\n # if ($elasticsearch::logging_template != undef ) {\n # $_log4j_content = template($elasticsearch::logging_template)\n # } else {\n # $_log4j_content = template(\"${module_name}/etc/elasticsearch/log4j2.properties.erb\")\n # }\n # $_logging_source = undef\n # }\n # file {\n # \"${elasticsearch::configdir}/log4j2.properties\":\n # ensure => file,\n # content => $_log4j_content,\n # source => $_logging_source,\n # mode => '0644',\n # notify => $elasticsearch::_notify_service,\n # require => Class['elasticsearch::package'],\n # before => Class['elasticsearch::service'],\n # }\n\n # Generate Elasticsearch config\n $data = merge(\n $elasticsearch::config,\n { 'path.data' => $elasticsearch::datadir },\n { 'path.logs' => $elasticsearch::logdir },\n $_tls_config\n )\n\n file { \"${elasticsearch::configdir}/elasticsearch.yml\":\n ensure => 'file',\n content => template(\"${module_name}/etc/elasticsearch/elasticsearch.yml.erb\"),\n notify => $elasticsearch::_notify_service,\n require => Class['elasticsearch::package'],\n owner => $elasticsearch::elasticsearch_user,\n group => $elasticsearch::elasticsearch_group,\n mode => '0440',\n }\n\n if ($elasticsearch::version != false and versioncmp($elasticsearch::version, '7.7.0') >= 0) {\n # https://www.elastic.co/guide/en/elasticsearch/reference/master/advanced-configuration.html#set-jvm-options\n # https://github.com/elastic/elasticsearch/pull/51882\n # >> \"Do not modify the root jvm.options file. Use files in jvm.options.d/ instead.\"\n $_epp_hash = {\n sorted_jvm_options => sort(unique($elasticsearch::jvm_options)),\n }\n file { \"${elasticsearch::configdir}/jvm.options.d/jvm.options\":\n ensure => 'file',\n content => epp(\"${module_name}/etc/elasticsearch/jvm.options.d/jvm.options.epp\", $_epp_hash),\n owner => $elasticsearch::elasticsearch_user,\n group => $elasticsearch::elasticsearch_group,\n mode => '0640',\n notify => $elasticsearch::_notify_service,\n }\n }\n else {\n # Add any additional JVM options\n $elasticsearch::jvm_options.each |String $jvm_option| {\n $split_jvm_option = split($jvm_option, '=')\n file_line { \"jvm_option_${jvm_option}\":\n ensure => present,\n path => \"${elasticsearch::configdir}/jvm.options\",\n match => $split_jvm_option.length ? { 2 => \"^${split_jvm_option[0]}=\", default => undef, },\n line => $jvm_option,\n notify => $elasticsearch::_notify_service,\n }\n }\n }\n\n if $elasticsearch::system_key != undef {\n file { \"${elasticsearch::configdir}/system_key\":\n ensure => 'file',\n source => $elasticsearch::system_key,\n mode => '0400',\n }\n }\n\n # Add secrets to keystore\n if $elasticsearch::secrets != undef {\n elasticsearch_keystore { 'elasticsearch_secrets':\n configdir => $elasticsearch::configdir,\n purge => $elasticsearch::purge_secrets,\n settings => $elasticsearch::secrets,\n notify => $elasticsearch::_notify_service,\n }\n }\n } elsif ( $elasticsearch::ensure == 'absent' ) {\n file { $elasticsearch::real_plugindir:\n ensure => 'absent',\n force => true,\n backup => false,\n }\n\n file { \"${elasticsearch::defaults_location}/elasticsearch\":\n ensure => 'absent',\n subscribe => Service[$elasticsearch::service_name],\n }\n }\n}"}, {"name": "elasticsearch::license", "file": "manifests/license.pp", "line": 44, "docstring": {"text": "A defined type to control Elasticsearch licenses.", "tags": [{"tag_name": "author", "text": "Tyler Langlois <tyler.langlois@elastic.co>"}, {"tag_name": "param", "text": "Controls whether the named pipeline should be present or absent in\nthe cluster.", "types": ["Enum['absent', 'present']"], "name": "ensure"}, {"tag_name": "param", "text": "HTTP basic auth password to use when communicating over the Elasticsearch\nAPI.", "types": ["Optional[String]"], "name": "api_basic_auth_password"}, {"tag_name": "param", "text": "HTTP basic auth username to use when communicating over the Elasticsearch\nAPI.", "types": ["Optional[String]"], "name": "api_basic_auth_username"}, {"tag_name": "param", "text": "Path to a CA file which will be used to validate server certs when\ncommunicating with the Elasticsearch API over HTTPS.", "types": ["Optional[Stdlib::Absolutepath]"], "name": "api_ca_file"}, {"tag_name": "param", "text": "Path to a directory with CA files which will be used to validate server\ncerts when communicating with the Elasticsearch API over HTTPS.", "types": ["Optional[Stdlib::Absolutepath]"], "name": "api_ca_path"}, {"tag_name": "param", "text": "Host name or IP address of the ES instance to connect to.", "types": ["String"], "name": "api_host"}, {"tag_name": "param", "text": "Port number of the ES instance to connect to", "types": ["Integer[0, 65535]"], "name": "api_port"}, {"tag_name": "param", "text": "Protocol that should be used to connect to the Elasticsearch API.", "types": ["Enum['http', 'https']"], "name": "api_protocol"}, {"tag_name": "param", "text": "Timeout period (in seconds) for the Elasticsearch API.", "types": ["Integer"], "name": "api_timeout"}, {"tag_name": "param", "text": "License content in hash or string form.", "types": ["Variant[String, Hash]"], "name": "content"}, {"tag_name": "param", "text": "Determines whether the validity of SSL/TLS certificates received from the\nElasticsearch API should be verified or ignored.", "types": ["Boolean"], "name": "validate_tls"}]}, "defaults": {"ensure": "'present'", "api_basic_auth_password": "$elasticsearch::api_basic_auth_password", "api_basic_auth_username": "$elasticsearch::api_basic_auth_username", "api_ca_file": "$elasticsearch::api_ca_file", "api_ca_path": "$elasticsearch::api_ca_path", "api_host": "$elasticsearch::api_host", "api_port": "$elasticsearch::api_port", "api_protocol": "$elasticsearch::api_protocol", "api_timeout": "$elasticsearch::api_timeout", "content": "$elasticsearch::license", "validate_tls": "$elasticsearch::validate_tls"}, "source": "class elasticsearch::license (\n Enum['absent', 'present'] $ensure = 'present',\n Optional[String] $api_basic_auth_password = $elasticsearch::api_basic_auth_password,\n Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username,\n Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file,\n Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path,\n String $api_host = $elasticsearch::api_host,\n Integer[0, 65535] $api_port = $elasticsearch::api_port,\n Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol,\n Integer $api_timeout = $elasticsearch::api_timeout,\n Variant[String, Hash] $content = $elasticsearch::license,\n Boolean $validate_tls = $elasticsearch::validate_tls,\n) {\n if $content =~ String {\n $_content = parsejson($content)\n } else {\n $_content = $content\n }\n\n if $ensure == 'present' {\n Elasticsearch::Role <| |>\n -> Class['elasticsearch::license']\n Elasticsearch::User <| |>\n -> Class['elasticsearch::license']\n }\n\n es_instance_conn_validator { 'license-conn-validator':\n server => $api_host,\n port => $api_port,\n timeout => $api_timeout,\n }\n -> elasticsearch_license { 'xpack':\n ensure => $ensure,\n content => $_content,\n protocol => $api_protocol,\n host => $api_host,\n port => $api_port,\n timeout => $api_timeout,\n username => $api_basic_auth_username,\n password => $api_basic_auth_password,\n ca_file => $api_ca_file,\n ca_path => $api_ca_path,\n validate_tls => $validate_tls,\n }\n}"}, {"name": "elasticsearch::package", "file": "manifests/package.pp", "line": 13, "docstring": {"text": "This class exists to coordinate all software package management related\nactions, functionality and logical units in a central place.\n\nIt is not intended to be used directly by external resources like node\ndefinitions or other modules.", "tags": [{"tag_name": "author", "text": "Richard Pijnenburg <richard.pijnenburg@elasticsearch.com>"}, {"tag_name": "author", "text": "Tyler Langlois <tyler.langlois@elastic.co>"}, {"tag_name": "example", "text": "class { 'elasticsearch::package': }", "name": "importing this class by other classes to use its functionality:"}]}, "source": "class elasticsearch::package {\n Exec {\n path => ['/bin', '/usr/bin', '/usr/local/bin'],\n cwd => '/',\n tries => 3,\n try_sleep => 10,\n }\n\n if $elasticsearch::ensure == 'present' {\n if $elasticsearch::restart_package_change {\n Package['elasticsearch'] ~> Class['elasticsearch::service']\n }\n Package['elasticsearch'] ~> Exec['remove_plugin_dir']\n\n # Create directory to place the package file\n $package_dir = $elasticsearch::package_dir\n exec { 'create_package_dir_elasticsearch':\n cwd => '/',\n path => ['/usr/bin', '/bin'],\n command => \"mkdir -p ${package_dir}\",\n creates => $package_dir,\n }\n\n file { $package_dir:\n ensure => 'directory',\n purge => $elasticsearch::purge_package_dir,\n force => $elasticsearch::purge_package_dir,\n backup => false,\n require => Exec['create_package_dir_elasticsearch'],\n }\n\n # Check if we want to install a specific version or not\n if $elasticsearch::version == false {\n $package_ensure = $elasticsearch::autoupgrade ? {\n true => 'latest',\n false => 'present',\n }\n } else {\n # install specific version\n $package_ensure = $elasticsearch::pkg_version\n }\n\n # action\n if ($elasticsearch::package_url != undef) {\n case $elasticsearch::package_provider {\n 'package': { $before = Package['elasticsearch'] }\n default: { fail(\"software provider \\\"${elasticsearch::package_provider}\\\".\") }\n }\n\n $filename_array = split($elasticsearch::package_url, '/')\n $basefilename = $filename_array[-1]\n\n $source_array = split($elasticsearch::package_url, ':')\n $protocol_type = $source_array[0]\n\n $ext_array = split($basefilename, '\\.')\n $ext = $ext_array[-1]\n\n $pkg_source = \"${package_dir}/${basefilename}\"\n\n case $protocol_type {\n 'puppet': {\n file { $pkg_source:\n ensure => file,\n source => $elasticsearch::package_url,\n require => File[$package_dir],\n backup => false,\n before => $before,\n }\n }\n 'ftp', 'https', 'http': {\n if $elasticsearch::proxy_url != undef {\n $exec_environment = [\n 'use_proxy=yes',\n \"http_proxy=${elasticsearch::proxy_url}\",\n \"https_proxy=${elasticsearch::proxy_url}\",\n ]\n } else {\n $exec_environment = []\n }\n\n case $elasticsearch::download_tool {\n String: {\n $_download_command = if $elasticsearch::download_tool_verify_certificates {\n $elasticsearch::download_tool\n } else {\n $elasticsearch::download_tool_insecure\n }\n\n exec { 'download_package_elasticsearch':\n command => \"${_download_command} ${pkg_source} ${elasticsearch::package_url} 2> /dev/null\",\n creates => $pkg_source,\n environment => $exec_environment,\n timeout => $elasticsearch::package_dl_timeout,\n require => File[$package_dir],\n before => $before,\n }\n }\n default: {\n fail(\"no \\$elasticsearch::download_tool defined for ${facts['os']['family']}\")\n }\n }\n }\n 'file': {\n $source_path = $source_array[1]\n file { $pkg_source:\n ensure => file,\n source => $source_path,\n require => File[$package_dir],\n backup => false,\n before => $before,\n }\n }\n default: {\n fail(\"Protocol must be puppet, file, http, https, or ftp. You have given \\\"${protocol_type}\\\"\")\n }\n }\n\n if ($elasticsearch::package_provider == 'package') {\n case $ext {\n 'deb': { Package { provider => 'dpkg', source => $pkg_source } }\n 'rpm': { Package { provider => 'rpm', source => $pkg_source } }\n default: { fail(\"Unknown file extention \\\"${ext}\\\".\") }\n }\n }\n } else {\n if ($elasticsearch::manage_repo and $facts['os']['family'] == 'Debian') {\n Class['apt::update'] -> Package['elasticsearch']\n }\n }\n } else {\n # Package removal\n if ($facts['os']['family'] == 'Suse') {\n Package {\n provider => 'rpm',\n }\n $package_ensure = 'absent'\n } else {\n $package_ensure = 'purged'\n }\n }\n\n if ($elasticsearch::package_provider == 'package') {\n package { 'elasticsearch':\n ensure => $package_ensure,\n name => $elasticsearch::_package_name,\n }\n\n exec { 'remove_plugin_dir':\n refreshonly => true,\n command => \"rm -rf ${elasticsearch::real_plugindir}\",\n }\n } else {\n fail(\"\\\"${elasticsearch::package_provider}\\\" is not supported\")\n }\n}"}, {"name": "elasticsearch::service", "file": "manifests/service.pp", "line": 12, "docstring": {"text": "This class exists to coordinate all service management related actions,\nfunctionality and logical units in a central place.\n\n*Note*: \"service\" is the Puppet term and type for background processes\nin general and is used in a platform-independent way. E.g. \"service\" means\n\"daemon\" in relation to Unix-like systems.", "tags": [{"tag_name": "author", "text": "Richard Pijnenburg <richard.pijnenburg@elasticsearch.com>"}, {"tag_name": "author", "text": "Tyler Langlois <tyler.langlois@elastic.co>"}, {"tag_name": "author", "text": "Gavin Williams <gavin.williams@elastic.co>"}]}, "source": "class elasticsearch::service {\n #### Service management\n\n if $elasticsearch::ensure == 'present' {\n case $elasticsearch::status {\n # make sure service is currently running, start it on boot\n 'enabled': {\n $_service_ensure = 'running'\n $_service_enable = true\n }\n # make sure service is currently stopped, do not start it on boot\n 'disabled': {\n $_service_ensure = 'stopped'\n $_service_enable = false\n }\n # make sure service is currently running, do not start it on boot\n 'running': {\n $_service_ensure = 'running'\n $_service_enable = false\n }\n # do not start service on boot, do not care whether currently running\n # or not\n 'unmanaged': {\n $_service_ensure = undef\n $_service_enable = false\n }\n default: {\n }\n }\n } else {\n # make sure the service is stopped and disabled (the removal itself will be\n # done by package.pp)\n $_service_ensure = 'stopped'\n $_service_enable = false\n }\n\n service { $elasticsearch::service_name:\n ensure => $_service_ensure,\n enable => $_service_enable,\n }\n}"}, {"name": "kibana", "file": "manifests/init.pp", "line": 28, "docstring": {"text": "", "tags": [{"tag_name": "author", "text": "Tyler Langlois <tyler.langlois@elastic.co>"}, {"tag_name": "example", "text": "class { 'kibana' : }", "name": "Basic installation"}, {"tag_name": "example", "text": "class { 'kibana' : ensure => absent }", "name": "Module removal"}, {"tag_name": "example", "text": "class { 'kibana' : ensure => '5.2.1' }", "name": "Installing a specific version"}, {"tag_name": "example", "text": "class { 'kibana' : ensure => 'latest' }", "name": "Keep latest version of Kibana installed"}, {"tag_name": "example", "text": "class { 'kibana' : config => { 'server.port' => 5602 } }", "name": "Setting a configuration file value"}, {"tag_name": "param", "text": "State of Kibana on the system (simple present/absent/latest\nor version number).", "types": ["Variant[Enum['present', 'absent', 'latest'], Pattern[/^\\d([.]\\d+)*(-[\\d\\w]+)?$/]]"], "name": "ensure"}, {"tag_name": "param", "text": "Hash of key-value pairs for Kibana's configuration file", "types": ["Hash[String[1], Variant[String, Integer, Boolean, Array, Hash]]"], "name": "config"}, {"tag_name": "param", "text": "whether to manage OSS packages", "types": ["Boolean"], "name": "oss"}, {"tag_name": "param", "text": "Local path to package file for file (not repo) based installation", "types": ["Optional[String]"], "name": "package_source"}, {"tag_name": "param", "text": "Whether to manage the package manager repository", "types": ["Boolean"], "name": "manage_repo"}, {"tag_name": "param", "text": "Service status", "types": ["Kibana::Status"], "name": "status"}, {"tag_name": "summary", "text": "The top-level kibana class that declares child classes for managing kibana."}]}, "source": "class kibana (\n Variant[Enum['present', 'absent', 'latest'], Pattern[/^\\d([.]\\d+)*(-[\\d\\w]+)?$/]] $ensure,\n Hash[String[1], Variant[String, Integer, Boolean, Array, Hash]] $config,\n Boolean $manage_repo,\n Boolean $oss,\n Optional[String] $package_source,\n Kibana::Status $status,\n) {\n contain kibana::install\n contain kibana::config\n contain kibana::service\n\n if $manage_repo {\n contain elastic_stack::repo\n\n Class['elastic_stack::repo']\n -> Class['kibana::install']\n }\n\n # Catch absent values, otherwise default to present/installed ordering\n case $ensure {\n 'absent': {\n Class['kibana::service']\n -> Class['kibana::config']\n -> Class['kibana::install']\n }\n default: {\n Class['kibana::install']\n -> Class['kibana::config']\n ~> Class['kibana::service']\n }\n }\n}"}, {"name": "kibana::config", "file": "manifests/config.pp", "line": 7, "docstring": {"text": "This class is called from kibana to configure the daemon's configuration\nfile.\nIt is not meant to be called directly.", "tags": [{"tag_name": "author", "text": "Tyler Langlois <tyler.langlois@elastic.co>"}]}, "source": "class kibana::config {\n $_ensure = $kibana::ensure ? {\n 'absent' => $kibana::ensure,\n default => 'file',\n }\n $config = $kibana::config\n\n file { '/etc/kibana/kibana.yml':\n ensure => $_ensure,\n content => template(\"${module_name}/etc/kibana/kibana.yml.erb\"),\n owner => 'kibana',\n group => 'kibana',\n mode => '0660',\n }\n}"}, {"name": "kibana::install", "file": "manifests/install.pp", "line": 6, "docstring": {"text": "This class is called from the kibana class to manage installation.\nIt is not meant to be called directly.", "tags": [{"tag_name": "author", "text": "Tyler Langlois <tyler.langlois@elastic.co>"}]}, "source": "class kibana::install {\n if $kibana::manage_repo {\n if $facts['os']['family'] == 'Debian' {\n include apt\n Class['apt::update'] -> Package['kibana']\n }\n }\n\n if $kibana::package_source != undef {\n case $facts['os']['family'] {\n 'Debian': { Package['kibana'] { provider => 'dpkg' } }\n 'RedHat': { Package['kibana'] { provider => 'rpm' } }\n default: { fail(\"unsupported parameter 'source' set for osfamily ${facts['os']['family']}\") }\n }\n }\n\n $_package_name = $kibana::oss ? {\n true => 'kibana-oss',\n default => 'kibana',\n }\n\n package { 'kibana':\n ensure => $kibana::ensure,\n name => $_package_name,\n source => $kibana::package_source,\n }\n}"}, {"name": "kibana::service", "file": "manifests/service.pp", "line": 7, "docstring": {"text": "This class is meant to be called from kibana.\nIt ensure the service is running.\nIt is not meant to be called directly.", "tags": [{"tag_name": "author", "text": "Tyler Langlois <tyler.langlois@elastic.co>"}]}, "source": "class kibana::service {\n if $kibana::ensure != 'absent' {\n case $kibana::status {\n # Stop service and disable on boot\n 'disabled': {\n $_ensure = false\n $_enable = false\n }\n # Start service and enable on boot\n 'enabled': {\n $_ensure = true\n $_enable = true\n }\n # Start service and disable on boot\n 'running': {\n $_ensure = true\n $_enable = false\n }\n # Ignore current state and disable on boot\n 'unmanaged': {\n $_ensure = undef\n $_enable = false\n }\n # Unknown status\n default: {\n fail('Invalid value for status')\n }\n }\n } else {\n # The package will be removed\n $_ensure = false\n $_enable = false\n }\n\n service { 'kibana':\n ensure => $_ensure,\n enable => $_enable,\n }\n}"}], "data_types": [], "data_type_aliases": [{"name": "Letsencrypt::Authenticator", "file": "types/authenticator.pp", "line": 2, "docstring": {"text": "", "tags": [{"tag_name": "summary", "text": "Known authenticator types"}]}, "alias_of": "Enum['nginx']"}, {"name": "Letsencrypt::Renewal_provider", "file": "types/renewal_provider.pp", "line": 3, "docstring": {"text": "Known backends which can keep track of when to issue renewal\nrequests."}, "alias_of": "Enum['systemd', 'cron']"}, {"name": "Letsencrypt::Ssl_conf::Nginx", "file": "types/ssl_conf/nginx.pp", "line": 4, "docstring": {"text": "Will either have ssl set to false, or ssl set to true, along with\nappropriate ssl parameters.", "tags": [{"tag_name": "summary", "text": "SSL configuration hash for nginx"}]}, "alias_of": "Variant[Struct[{\n ssl => Boolean,\n }], Struct[{\n ssl => Boolean,\n ssl_redirect => Boolean,\n ssl_cert => String,\n ssl_key => String,\n }]]"}, {"name": "Letsencrypt::Ssl_conf::Nginx::Location", "file": "types/ssl_conf/nginx/location.pp", "line": 2, "docstring": {"text": "SSL configuration for a single nginx location."}, "alias_of": "Variant[Struct[{\n ssl => Boolean,\n }], Struct[{\n ssl => Boolean,\n ssl_only => Boolean,\n }]]"}, {"name": "Pacman::Buildenv", "file": "types/buildenv.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Struct[{\n distcc => Boolean,\n color => Boolean,\n ccache => Boolean,\n check => Boolean,\n sign => Boolean,\n}]"}, {"name": "Pacman::ChecksumTypes", "file": "types/checksumtypes.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Enum['md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512', 'b2']"}, {"name": "Pacman::Operation", "file": "types/operation.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Enum['Install', 'Upgrade', 'Remove']"}, {"name": "Pacman::PackageOptions", "file": "types/packageoptions.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Struct[{\n string => Boolean,\n docs => Boolean,\n libtool => Boolean,\n staticlibs => Boolean,\n emptydirs => Boolean,\n zipman => Boolean,\n purge => Boolean,\n debug => Boolean,\n lto => Boolean,\n}]"}, {"name": "Pacman::Trigger", "file": "types/trigger.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Struct[{\n type => Enum['Path', 'Package'],\n operation => Variant[Pacman::Operation, Array[Pacman::Operation, 1]],\n target => Variant[String, Array[String, 1]],\n}]"}, {"name": "Puppet::Custom_trusted_oid_mapping", "file": "types/custom_trusted_oid_mapping.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Hash[String, Struct[{ shortname => String, longname => Optional[String], }]]"}, {"name": "Dns::Dnssec_policy_key", "file": "types/dnssec_policy_key.pp", "line": 2, "docstring": {"text": "Validate dnssec-policy parameter"}, "alias_of": "Struct[{\n type => Enum['csk', 'ksk', 'zsk'],\n directory => Optional[Enum['key-directory']],\n lifetime => String[1],\n algorithm => Variant[String[1], Integer],\n size => Optional[Integer],\n }]"}, {"name": "Dns::UpdatePolicy", "file": "types/updatepolicy.pp", "line": 2, "docstring": {"text": "Validate update-policy parameter"}, "alias_of": "Variant[Enum['local'], Hash[\n String,\n Struct[{\n Optional[action] => Enum['deny', 'grant'],\n Optional[tname] => String,\n rr => String,\n matchtype => Enum[\n '6to4-self',\n 'external',\n 'krb5-self',\n 'krb5-selfsub',\n 'krb5-subdomain',\n 'ms-self',\n 'ms-selfsub',\n 'ms-subdomain',\n 'name',\n 'self',\n 'selfsub',\n 'selfwild',\n 'subdomain',\n 'tcp-self',\n 'wildcard',\n 'zonesub',\n ],\n }],\n ]]"}, {"name": "Cgit::Filter_types", "file": "types/filter_types.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Enum['about', 'auth', 'commit', 'email', 'owner', 'source']"}, {"name": "NSUpdate::Record", "file": "types/record.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Struct[{\n\tdomain => String,\n\ttype => NSUpdate::RecordType,\n\tttl => Integer,\n}]"}, {"name": "NSUpdate::RecordType", "file": "types/recordtype.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Enum['A']"}, {"name": "Syslinux::Bootentry", "file": "types/bootentry.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Struct[{\n 'label' => String,\n 'type' => Enum['linux','com'],\n # linux specific\n 'extra_args' => Optional[String],\n 'initrd' => Optional[String],\n # com specific\n 'com' => Optional[String],\n}]"}, {"name": "Xorg::Value", "file": "types/value.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Any"}, {"name": "Stdlib::Absolutepath", "file": "types/absolutepath.pp", "line": 2, "docstring": {"text": "A strict absolutepath type"}, "alias_of": "Variant[Stdlib::Windowspath, Stdlib::Unixpath]"}, {"name": "Stdlib::Base32", "file": "types/base32.pp", "line": 2, "docstring": {"text": "Type to match base32 String"}, "alias_of": "Pattern[/\\A[a-z2-7]+={,6}\\z/, /\\A[A-Z2-7]+={,6}\\z/]"}, {"name": "Stdlib::Base64", "file": "types/base64.pp", "line": 2, "docstring": {"text": "Type to match base64 String"}, "alias_of": "Pattern[/\\A[a-zA-Z0-9\\/\\+]+={,2}\\z/]"}, {"name": "Stdlib::Compat::Absolute_path", "file": "types/compat/absolute_path.pp", "line": 7, "docstring": {"text": "Emulate the is_absolute_path and validate_absolute_path functions\n\nThe first pattern is originally from is_absolute_path, which had it from 2.7.x's lib/puppet/util.rb Puppet::Util.absolute_path?\nslash = '[\\\\\\\\/]'\nname = '[^\\\\\\\\/]+'\n%r!^(([A-Z]:#{slash})|(#{slash}#{slash}#{name}#{slash}#{name})|(#{slash}#{slash}\\?#{slash}#{name}))!i,"}, "alias_of": "Variant[Pattern[/^(([a-zA-Z]:[\\\\\\/])|([\\\\\\/][\\\\\\/][^\\\\\\/]+[\\\\\\/][^\\\\\\/]+)|([\\\\\\/][\\\\\\/]\\?[\\\\\\/][^\\\\\\/]+))/], Pattern[/^\\//]]"}, {"name": "Stdlib::Compat::Array", "file": "types/compat/array.pp", "line": 2, "docstring": {"text": "Emulate the is_array and validate_array functions"}, "alias_of": "Array[Any]"}, {"name": "Stdlib::Compat::Bool", "file": "types/compat/bool.pp", "line": 2, "docstring": {"text": "Emulate the is_bool and validate_bool functions"}, "alias_of": "Boolean"}, {"name": "Stdlib::Compat::Float", "file": "types/compat/float.pp", "line": 19, "docstring": {"text": "Emulate the is_float function\nThe regex is what's currently used in is_float\nTo keep your development moving forward, you can also add a deprecation warning using the Integer type:\n\n```class example($value) { validate_float($value,) }```\n\nwould turn into\n\n```\nclass example(Stdlib::Compat::Float $value) {\n validate_float($value, 10, 0)\n assert_type(Integer[0, 10], $value) |$expected, $actual| {\n warning(\"The 'value' parameter for the 'ntp' class has type ${actual}, but should be ${expected}.\")\n }\n}\n```\n\nThis allows you to find all places where a consumers of your code call it with unexpected values."}, "alias_of": "Variant[Float, Pattern[/^-?(?:(?:[1-9]\\d*)|0)(?:\\.\\d+)(?:[eE]-?\\d+)?$/]]"}, {"name": "Stdlib::Compat::Hash", "file": "types/compat/hash.pp", "line": 2, "docstring": {"text": "Emulate the is_hash and validate_hash functions"}, "alias_of": "Hash[Any, Any]"}, {"name": "Stdlib::Compat::Integer", "file": "types/compat/integer.pp", "line": 23, "docstring": {"text": "Emulate the is_integer and validate_integer functions\nThe regex is what's currently used in is_integer\nvalidate_numeric also allows range checking, which cannot be mapped to the string parsing inside the function.\nFor full backwards compatibility, you will need to keep the validate_numeric call around to catch everything.\nTo keep your development moving forward, you can also add a deprecation warning using the Integer type:\n\n```class example($value) { validate_integer($value, 10, 0) }```\n\nwould turn into\n\n```\nclass example(Stdlib::Compat::Integer $value) {\n validate_numeric($value, 10, 0)\n assert_type(Integer[0, 10], $value) |$expected, $actual| {\n warning(\"The 'value' parameter for the 'ntp' class has type ${actual}, but should be ${expected}.\")\n }\n}\n```\n\n> Note that you need to use Variant[Integer[0, 10], Float[0, 10]] if you want to match both integers and floating point numbers.\n\nThis allows you to find all places where a consumers of your code call it with unexpected values."}, "alias_of": "Variant[Integer, Pattern[/^-?(?:(?:[1-9]\\d*)|0)$/], Array[Variant[Integer, Pattern[/^-?(?:(?:[1-9]\\d*)|0)$/]]]]"}, {"name": "Stdlib::Compat::Ip_address", "file": "types/compat/ip_address.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Variant[Stdlib::Compat::Ipv4, Stdlib::Compat::Ipv6]"}, {"name": "Stdlib::Compat::Ipv4", "file": "types/compat/ipv4.pp", "line": 2, "docstring": {"text": "Emulate the validate_ipv4_address and is_ipv4_address functions"}, "alias_of": "Pattern[/^((([0-9](?!\\d)|[1-9][0-9](?!\\d)|1[0-9]{2}(?!\\d)|2[0-4][0-9](?!\\d)|25[0-5](?!\\d))[.]){3}([0-9](?!\\d)|[1-9][0-9](?!\\d)|1[0-9]{2}(?!\\d)|2[0-4][0-9](?!\\d)|25[0-5](?!\\d)))(\\/((([0-9](?!\\d)|[1-9][0-9](?!\\d)|1[0-9]{2}(?!\\d)|2[0-4][0-9](?!\\d)|25[0-5](?!\\d))[.]){3}([0-9](?!\\d)|[1-9][0-9](?!\\d)|1[0-9]{2}(?!\\d)|2[0-4][0-9](?!\\d)|25[0-5](?!\\d))|[0-9]+))?$/]"}, {"name": "Stdlib::Compat::Ipv6", "file": "types/compat/ipv6.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Pattern[/\\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:)))(%.+)?\\s*$/]"}, {"name": "Stdlib::Compat::Numeric", "file": "types/compat/numeric.pp", "line": 23, "docstring": {"text": "Emulate the is_numeric and validate_numeric functions\nThe regex is what's currently used in is_numeric\nvalidate_numeric also allows range checking, which cannot be mapped to the string parsing inside the function.\nFor full backwards compatibility, you will need to keep the validate_numeric call around to catch everything.\nTo keep your development moving forward, you can also add a deprecation warning using the Integer type:\n\n```class example($value) { validate_numeric($value, 10, 0) }```\n\nwould turn into\n\n```\nclass example(Stdlib::Compat::Numeric $value) {\n validate_numeric($value, 10, 0)\n assert_type(Integer[0, 10], $value) |$expected, $actual| {\n warning(\"The 'value' parameter for the 'ntp' class has type ${actual}, but should be ${expected}.\")\n }\n}\n```\n\n> Note that you need to use Variant[Integer[0, 10], Float[0, 10]] if you want to match both integers and floating point numbers.\n\nThis allows you to find all places where a consumers of your code call it with unexpected values."}, "alias_of": "Variant[Numeric, Pattern[/^-?(?:(?:[1-9]\\d*)|0)(?:\\.\\d+)?(?:[eE]-?\\d+)?$/], Array[Variant[Numeric, Pattern[/^-?(?:(?:[1-9]\\d*)|0)(?:\\.\\d+)?(?:[eE]-?\\d+)?$/]]]]"}, {"name": "Stdlib::Compat::String", "file": "types/compat/string.pp", "line": 2, "docstring": {"text": "Emulate the is_string and validate_string functions"}, "alias_of": "Optional[String]"}, {"name": "Stdlib::Datasize", "file": "types/datasize.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Pattern[/^\\d+(?i:[kmgt]b?|b)$/]"}, {"name": "Stdlib::Email", "file": "types/email.pp", "line": 3, "docstring": {"text": "https://html.spec.whatwg.org/multipage/input.html#valid-e-mail-address\nlint:ignore:140chars"}, "alias_of": "Pattern[/\\A[a-zA-Z0-9.!#$%&'*+\\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*\\z/]"}, {"name": "Stdlib::Ensure::File", "file": "types/ensure/file.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Enum['present', 'file', 'directory', 'link', 'absent']"}, {"name": "Stdlib::Ensure::File::Directory", "file": "types/ensure/file/directory.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Enum['directory', 'absent']"}, {"name": "Stdlib::Ensure::File::File", "file": "types/ensure/file/file.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Enum['file', 'absent']"}, {"name": "Stdlib::Ensure::File::Link", "file": "types/ensure/file/link.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Enum['link', 'absent']"}, {"name": "Stdlib::Ensure::Service", "file": "types/ensure/service.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Enum['stopped', 'running']"}, {"name": "Stdlib::Filemode", "file": "types/filemode.pp", "line": 3, "docstring": {"text": "See `man chmod.1` for the regular expression for symbolic mode\nlint:ignore:140chars"}, "alias_of": "Pattern[/\\A(([0-7]{1,4})|(([ugoa]*([-+=]([rwxXst]*|[ugo]))+|[-+=][0-7]+)(,([ugoa]*([-+=]([rwxXst]*|[ugo]))+|[-+=][0-7]+))*))\\z/]"}, {"name": "Stdlib::Filesource", "file": "types/filesource.pp", "line": 2, "docstring": {"text": "Validate the source parameter on file types"}, "alias_of": "Variant[Stdlib::Absolutepath, Stdlib::HTTPUrl, Pattern[\n /\\Afile:\\/\\/\\/([^\\n\\/\\0]+(\\/)?)+\\z/,\n /\\Apuppet:\\/\\/(([\\w-]+\\.?)+)?\\/([^\\n\\/\\0]+(\\/)?)+\\z/,\n ]]"}, {"name": "Stdlib::Fqdn", "file": "types/fqdn.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Pattern[/\\A(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9])\\z/]"}, {"name": "Stdlib::HTTPSUrl", "file": "types/httpsurl.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Pattern[/(?i:\\Ahttps:\\/\\/.*\\z)/]"}, {"name": "Stdlib::HTTPUrl", "file": "types/httpurl.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Pattern[/(?i:\\Ahttps?:\\/\\/.*\\z)/]"}, {"name": "Stdlib::Host", "file": "types/host.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Variant[Stdlib::Fqdn, Stdlib::Compat::Ip_address]"}, {"name": "Stdlib::HttpStatus", "file": "types/httpstatus.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Integer[100, 599]"}, {"name": "Stdlib::IP::Address", "file": "types/ip/address.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Variant[Stdlib::IP::Address::V4, Stdlib::IP::Address::V6]"}, {"name": "Stdlib::IP::Address::Nosubnet", "file": "types/ip/address/nosubnet.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Variant[Stdlib::IP::Address::V4::Nosubnet, Stdlib::IP::Address::V6::Nosubnet]"}, {"name": "Stdlib::IP::Address::V4", "file": "types/ip/address/v4.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Variant[Stdlib::IP::Address::V4::CIDR, Stdlib::IP::Address::V4::Nosubnet]"}, {"name": "Stdlib::IP::Address::V4::CIDR", "file": "types/ip/address/v4/cidr.pp", "line": 2, "docstring": {"text": "lint:ignore:140chars"}, "alias_of": "Pattern[/\\A([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}\\/([0-9]|[12][0-9]|3[0-2])\\z/]"}, {"name": "Stdlib::IP::Address::V4::Nosubnet", "file": "types/ip/address/v4/nosubnet.pp", "line": 2, "docstring": {"text": "lint:ignore:140chars"}, "alias_of": "Pattern[/\\A([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}\\z/]"}, {"name": "Stdlib::IP::Address::V6", "file": "types/ip/address/v6.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Variant[Stdlib::IP::Address::V6::Full, Stdlib::IP::Address::V6::Compressed, Stdlib::IP::Address::V6::Alternative, Stdlib::IP::Address::V6::Nosubnet]"}, {"name": "Stdlib::IP::Address::V6::Alternative", "file": "types/ip/address/v6/alternative.pp", "line": 2, "docstring": {"text": "lint:ignore:140chars"}, "alias_of": "Pattern[/\\A([[:xdigit:]]{1,4}:){6}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}(\\/(1([01][0-9]|2[0-8])|[1-9][0-9]|[0-9]))?\\z/, /\\A([[:xdigit:]]{1,4}:){5}:([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}(\\/(1([01][0-9]|2[0-8])|[1-9][0-9]|[0-9]))?\\z/, /\\A([[:xdigit:]]{1,4}:){4}(:[[:xdigit:]]{1,4}){0,1}:([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}(\\/(1([01][0-9]|2[0-8])|[1-9][0-9]|[0-9]))?\\z/, /\\A([[:xdigit:]]{1,4}:){3}(:[[:xdigit:]]{1,4}){0,2}:([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}(\\/(1([01][0-9]|2[0-8])|[1-9][0-9]|[0-9]))?\\z/, /\\A([[:xdigit:]]{1,4}:){2}(:[[:xdigit:]]{1,4}){0,3}:([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}(\\/(1([01][0-9]|2[0-8])|[1-9][0-9]|[0-9]))?\\z/, /\\A([[:xdigit:]]{1,4}:){1}(:[[:xdigit:]]{1,4}){0,4}:([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}(\\/(1([01][0-9]|2[0-8])|[1-9][0-9]|[0-9]))?\\z/, /\\A:(:[[:xdigit:]]{1,4}){0,5}:([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}(\\/(1([01][0-9]|2[0-8])|[1-9][0-9]|[0-9]))?\\z/]"}, {"name": "Stdlib::IP::Address::V6::CIDR", "file": "types/ip/address/v6/cidr.pp", "line": 2, "docstring": {"text": "lint:ignore:140chars"}, "alias_of": "Pattern[/\\A((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*\\/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])?\\z/]"}, {"name": "Stdlib::IP::Address::V6::Compressed", "file": "types/ip/address/v6/compressed.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Pattern[/\\A:(:|(:[[:xdigit:]]{1,4}){1,7})(\\/(1([01][0-9]|2[0-8])|[1-9][0-9]|[0-9]))?\\z/, /\\A([[:xdigit:]]{1,4}:){1}(:|(:[[:xdigit:]]{1,4}){1,6})(\\/(1([01][0-9]|2[0-8])|[1-9][0-9]|[0-9]))?\\z/, /\\A([[:xdigit:]]{1,4}:){2}(:|(:[[:xdigit:]]{1,4}){1,5})(\\/(1([01][0-9]|2[0-8])|[1-9][0-9]|[0-9]))?\\z/, /\\A([[:xdigit:]]{1,4}:){3}(:|(:[[:xdigit:]]{1,4}){1,4})(\\/(1([01][0-9]|2[0-8])|[1-9][0-9]|[0-9]))?\\z/, /\\A([[:xdigit:]]{1,4}:){4}(:|(:[[:xdigit:]]{1,4}){1,3})(\\/(1([01][0-9]|2[0-8])|[1-9][0-9]|[0-9]))?\\z/, /\\A([[:xdigit:]]{1,4}:){5}(:|(:[[:xdigit:]]{1,4}){1,2})(\\/(1([01][0-9]|2[0-8])|[1-9][0-9]|[0-9]))?\\z/, /\\A([[:xdigit:]]{1,4}:){6}(:|(:[[:xdigit:]]{1,4}){1,1})(\\/(1([01][0-9]|2[0-8])|[1-9][0-9]|[0-9]))?\\z/, /\\A([[:xdigit:]]{1,4}:){7}:(\\/(1([01][0-9]|2[0-8])|[1-9][0-9]|[0-9]))?\\z/]"}, {"name": "Stdlib::IP::Address::V6::Full", "file": "types/ip/address/v6/full.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Pattern[/\\A[[:xdigit:]]{1,4}(:[[:xdigit:]]{1,4}){7}(\\/(1([01][0-9]|2[0-8])|[1-9][0-9]|[0-9]))?\\z/]"}, {"name": "Stdlib::IP::Address::V6::Nosubnet", "file": "types/ip/address/v6/nosubnet.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Variant[Stdlib::IP::Address::V6::Nosubnet::Full, Stdlib::IP::Address::V6::Nosubnet::Compressed, Stdlib::IP::Address::V6::Nosubnet::Alternative]"}, {"name": "Stdlib::IP::Address::V6::Nosubnet::Alternative", "file": "types/ip/address/v6/nosubnet/alternative.pp", "line": 2, "docstring": {"text": "lint:ignore:140chars"}, "alias_of": "Pattern[/\\A([[:xdigit:]]{1,4}:){6}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}\\z/, /\\A([[:xdigit:]]{1,4}:){5}:([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}\\z/, /\\A([[:xdigit:]]{1,4}:){4}(:[[:xdigit:]]{1,4}){0,1}:([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}\\z/, /\\A([[:xdigit:]]{1,4}:){3}(:[[:xdigit:]]{1,4}){0,2}:([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}\\z/, /\\A([[:xdigit:]]{1,4}:){2}(:[[:xdigit:]]{1,4}){0,3}:([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}\\z/, /\\A([[:xdigit:]]{1,4}:){1}(:[[:xdigit:]]{1,4}){0,4}:([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}\\z/, /\\A:(:[[:xdigit:]]{1,4}){0,5}:([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}\\z/]"}, {"name": "Stdlib::IP::Address::V6::Nosubnet::Compressed", "file": "types/ip/address/v6/nosubnet/compressed.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Pattern[/\\A:(:|(:[[:xdigit:]]{1,4}){1,7})\\z/, /\\A([[:xdigit:]]{1,4}:){1}(:|(:[[:xdigit:]]{1,4}){1,6})\\z/, /\\A([[:xdigit:]]{1,4}:){2}(:|(:[[:xdigit:]]{1,4}){1,5})\\z/, /\\A([[:xdigit:]]{1,4}:){3}(:|(:[[:xdigit:]]{1,4}){1,4})\\z/, /\\A([[:xdigit:]]{1,4}:){4}(:|(:[[:xdigit:]]{1,4}){1,3})\\z/, /\\A([[:xdigit:]]{1,4}:){5}(:|(:[[:xdigit:]]{1,4}){1,2})\\z/, /\\A([[:xdigit:]]{1,4}:){6}(:|(:[[:xdigit:]]{1,4}){1,1})\\z/, /\\A([[:xdigit:]]{1,4}:){7}:\\z/]"}, {"name": "Stdlib::IP::Address::V6::Nosubnet::Full", "file": "types/ip/address/v6/nosubnet/full.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Pattern[/\\A[[:xdigit:]]{1,4}(:[[:xdigit:]]{1,4}){7}\\z/]"}, {"name": "Stdlib::MAC", "file": "types/mac.pp", "line": 2, "docstring": {"text": "A type for a MAC address"}, "alias_of": "Pattern[/\\A([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})\\z/, /\\A([0-9A-Fa-f]{2}[:-]){19}([0-9A-Fa-f]{2})\\z/]"}, {"name": "Stdlib::ObjectStore", "file": "types/objectstore.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Variant[Stdlib::ObjectStore::GSUri, Stdlib::ObjectStore::S3Uri]"}, {"name": "Stdlib::ObjectStore::GSUri", "file": "types/objectstore/gsuri.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Pattern[/\\Ags:\\/\\/.*\\z/]"}, {"name": "Stdlib::ObjectStore::S3Uri", "file": "types/objectstore/s3uri.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Pattern[/\\As3:\\/\\/.*\\z/]"}, {"name": "Stdlib::Port", "file": "types/port.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Integer[0, 65535]"}, {"name": "Stdlib::Port::Dynamic", "file": "types/port/dynamic.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Integer[49152, 65535]"}, {"name": "Stdlib::Port::Ephemeral", "file": "types/port/ephemeral.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Stdlib::Port::Dynamic"}, {"name": "Stdlib::Port::Privileged", "file": "types/port/privileged.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Integer[1, 1023]"}, {"name": "Stdlib::Port::Registered", "file": "types/port/registered.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Stdlib::Port::User"}, {"name": "Stdlib::Port::Unprivileged", "file": "types/port/unprivileged.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Integer[1024, 65535]"}, {"name": "Stdlib::Port::User", "file": "types/port/user.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Integer[1024, 49151]"}, {"name": "Stdlib::Syslogfacility", "file": "types/syslogfacility.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Enum['kern', 'user', 'mail', 'daemon', 'auth', 'syslog', 'lpr', 'news', 'uucp', 'cron', 'authpriv', 'ftp', 'ntp', 'security', 'console', 'solaris-cron', 'local0', 'local1', 'local2', 'local3', 'local4', 'local5', 'local6', 'local7']"}, {"name": "Stdlib::Unixpath", "file": "types/unixpath.pp", "line": 2, "docstring": {"text": "this regex rejects any path component that does not start with \"/\" or is NUL"}, "alias_of": "Pattern[/\\A\\/([^\\n\\/\\0]+\\/*)*\\z/]"}, {"name": "Stdlib::Windowspath", "file": "types/windowspath.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Pattern[/\\A(([a-zA-Z]:[\\\\\\/])|([\\\\\\/][\\\\\\/][^\\\\\\/]+[\\\\\\/][^\\\\\\/]+)|([\\\\\\/][\\\\\\/]\\?[\\\\\\/][^\\\\\\/]+)).*\\z/]"}, {"name": "Stdlib::Yes_no", "file": "types/yes_no.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Pattern[/\\A(?i:(yes|no))\\z/]"}, {"name": "Apt::Auth_conf_entry", "file": "types/auth_conf_entry.pp", "line": 14, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Hostname of machine to connect to.", "name": "machine"}, {"tag_name": "param", "text": "Specifies the username to connect with.", "name": "login"}, {"tag_name": "param", "text": "Specifies the password to connect with.", "name": "password"}, {"tag_name": "see", "text": "for more information", "name": "https://manpages.debian.org/testing/apt/apt_auth.conf.5.en.html"}, {"tag_name": "summary", "text": "Login configuration settings that are recorded in the file `/etc/apt/auth.conf`."}]}, "alias_of": "Struct[{\n machine => String[1],\n login => String,\n password => String\n }]"}, {"name": "Apt::Proxy", "file": "types/proxy.pp", "line": 18, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Specifies whether the proxy should exist. Valid options: 'file', 'present', and 'absent'. Prefer 'file' over 'present'.", "name": "ensure"}, {"tag_name": "param", "text": "Specifies a proxy host to be stored in `/etc/apt/apt.conf.d/01proxy`. Valid options: a string containing a hostname.", "name": "host"}, {"tag_name": "param", "text": "Specifies a proxy port to be stored in `/etc/apt/apt.conf.d/01proxy`. Valid options: an integer containing a port number.", "name": "port"}, {"tag_name": "param", "text": "Specifies whether to enable https proxies.", "name": "https"}, {"tag_name": "param", "text": "Specifies whether or not to use a `DIRECT` https proxy if http proxy is used but https is not.", "name": "direct"}, {"tag_name": "summary", "text": "Configures Apt to connect to a proxy server."}]}, "alias_of": "Struct[{\n ensure => Optional[Enum['file', 'present', 'absent']],\n host => Optional[String],\n port => Optional[Integer[0, 65535]],\n https => Optional[Boolean],\n direct => Optional[Boolean],\n }]"}, {"name": "Yum::RpmArch", "file": "types/rpmarch.pp", "line": 4, "docstring": {"text": "Output of `rpm -q --queryformat '%{arch}\\n' package`", "tags": [{"tag_name": "see", "name": "https://github.com/rpm-software-management/rpm/blob/master/rpmrc.in"}, {"tag_name": "summary", "text": "Valid rpm architectures."}]}, "alias_of": "Enum['noarch', 'x86_64', 'i386', 'aarch64', 'arm', 'ppc64', 'ppc64le', 'sparc64', 'ia64', 'alpha', 'ip', 'm68k', 'mips', 'mipsel', 'mk68k', 'mint', 'ppc', 'rs6000', 's390', 's390x', 'sh', 'sparc', 'xtensa']"}, {"name": "Yum::RpmName", "file": "types/rpmname.pp", "line": 5, "docstring": {"text": "Can be alphanumeric or contain `.` `_` `+` `%` `{` `}` `-`.\nOutput of `rpm -q --queryformat '%{name}\\n package`\nExamples python36-foobar, netscape", "tags": [{"tag_name": "summary", "text": "Valid rpm name."}]}, "alias_of": "Pattern[/\\A([0-9a-zA-Z\\._\\+%\\{\\}-]+)\\z/]"}, {"name": "Yum::RpmNameGlob", "file": "types/rpmnameglob.pp", "line": 4, "docstring": {"text": "Can be alphanumeric or contain `.` `_` `+` `%` `{` `}` `-` `*`.\nExamples python36-*, *netscape", "tags": [{"tag_name": "summary", "text": "Valid rpm name with globs."}]}, "alias_of": "Pattern[/\\A([*0-9a-zA-Z\\._\\+%\\{\\}-]+)\\z/]"}, {"name": "Yum::RpmRelease", "file": "types/rpmrelease.pp", "line": 6, "docstring": {"text": "It may not contain a dash.\nOutput of `rpm -q --queryformat '%{release}\\n' package`.\nExamples 3.4 3.4.el6, 3.4.el6_2", "tags": [{"tag_name": "see", "name": "http://ftp.rpm.org/max-rpm/ch-rpm-file-format.html"}, {"tag_name": "summary", "text": "Valid rpm release fields."}]}, "alias_of": "Pattern[/\\A([^-]+)\\z/]"}, {"name": "Yum::RpmVersion", "file": "types/rpmversion.pp", "line": 6, "docstring": {"text": "It may not contain a dash.\nOutput of `rpm -q --queryformat '%{version}\\n' package`.\nExamples 3.4, 2.5.alpha6", "tags": [{"tag_name": "see", "name": "http://ftp.rpm.org/max-rpm/ch-rpm-file-format.html"}, {"tag_name": "summary", "text": "Valid rpm version fields."}]}, "alias_of": "Pattern[/\\A([^-]+)\\z/]"}, {"name": "Yum::VersionlockString", "file": "types/versionlockstring.pp", "line": 48, "docstring": {"text": "This type matches strings appropriate for use with yum-versionlock.\nIts basic format, using the `rpm(8)` query string format, is\n`%{EPOCH}:%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}`. As a Regex, it\nbreaks down into five distinct parts, plus the seperators.\n\n EPOCH: An unsigned integer\n type Yum::PackageEpoch = Regexp[/[0-9]\\*]+/]\n\n NAME: Any valid package name (see https://github.com/rpm-software-management/rpm/blob/master/doc/manual/spec)\n type Yum::PackageName = Regexp[/[0-9a-zA-Z\\._\\+%\\{\\}\\*-]+/]\n\n VERSION: Any valid version string. The only limitation here, according to the RPM manual, is that it may not contain a dash (`-`).\n type Yum::PackageVersion = Regexp[/[^-]+/]\n\n RELEASE: Any valid release string. Only limitation is that it is not a dash (`-`)\n type Yum::PackageRelease = Regexp[/[^-]+/]\n\nlint:ignore:140chars\n ARCH: Matches a string such as `el7.x86_64`. This is actuall two sub-expressions. See below.\n type Yum::PackageArch = Regexp[/([0-9a-zZ-Z_\\*]+)(?:\\.(noarch|x86_64|i386|arm|ppc64|ppc64le|sparc64|ia64|alpha|ip|m68k|mips|mipsel|mk68k|mint|ppc|rs6000|s390|s390x|sh|sparc|xtensa|\\*))?/]\nlint:endignore\n\nThe `%{ARCH}` sub-expression is composed of two sub-expressions\nseparated by a dot (`.`), where the second part is optional. The RPM\nspecification calls the first field the `DistTag`, and the second the\n`BuildArch`.\n\n DistTag: Any string consiting of only letters, numbers, or an underscore, e.g., `el6`, `sl7`, or `fc24`.\n type Yum::PackageDistTag = Regexp[/[0-9a-zZ-Z_\\*]+/]\n\nlint:ignore:140chars\n BuildArch: Any string from the list at https://github.com/rpm-software-management/rpm/blob/master/rpmrc.in. Strings are roughly listed from most common to least common to improve performance.\n type Yum::PackageBuildArch = Regexp[/noarch|x86_64|i386|arm|ppc64|ppc64le|sparc64|ia64|alpha|ip|m68k|mips|mipsel|mk68k|mint|ppc|rs6000|s390|s390x|sh|sparc|xtensa/]\nlint:endignore\n\nwildcard characters may not span the fields, may not cover the\nseperators. This is an undocumented but tested limitation of\nyum-versionlock.\n\nlint:ignore:140chars", "tags": [{"tag_name": "example", "text": "", "name": "A complete, well-formed string: `0:bash-4.1.2-9.el6_2.x86_64'"}, {"tag_name": "example", "text": "", "name": "A well-formed string that has dropped the optional BuildArch sub-field: `0:bash-4.1.2-9.el6_2`"}, {"tag_name": "example", "text": "", "name": "A well-formed string using wildcards: `*0:bash*-4.*-*.*`"}, {"tag_name": "example", "text": "", "name": "An invalid string (wildcard spans the VERSION and RELEASE fields): `0:bash-4.*-el6.x86_64"}, {"tag_name": "example", "text": "", "name": "An invlaid string (wildcard spans the VERSION, RELEASE, and ARCH fields): `0:bash-*`"}, {"tag_name": "note", "text": "Each field may contain wildcard characters (`*`), but the"}]}, "alias_of": "Pattern[/^([0-9\\*]+):([0-9a-zA-Z\\._\\+%\\{\\}\\*-]+)-([^-]+)-([^-]+)\\.(([0-9a-zZ-Z_\\*]+)(?:\\.(noarch|x86_64|i386|arm|ppc64|ppc64le|sparc64|ia64|alpha|ip|m68k|mips|mipsel|mk68k|mint|ppc|rs6000|s390|s390x|sh|sparc|xtensa|\\*))?)$/]"}, {"name": "Systemd::Dropin", "file": "types/dropin.pp", "line": 2, "docstring": {"text": "", "tags": [{"tag_name": "summary", "text": "custom datatype that validates filenames/paths for valid systemd dropin files"}]}, "alias_of": "Pattern['^[^/]+\\.conf$']"}, {"name": "Systemd::JournaldSettings", "file": "types/journaldsettings.pp", "line": 2, "docstring": {"text": "Matches Systemd journald config Struct"}, "alias_of": "Struct[{\n Optional['Storage'] => Variant[Enum['volatile','persistent','auto','none'],Systemd::JournaldSettings::Ensure],\n Optional['Compress'] => Variant[Enum['yes','no'], Pattern[/^[0-9]+(K|M|G)?$/],Systemd::JournaldSettings::Ensure],\n Optional['Seal'] => Variant[Enum['yes','no'],Systemd::JournaldSettings::Ensure],\n Optional['SplitMode'] => Variant[Enum['uid','none'],Systemd::JournaldSettings::Ensure],\n Optional['RateLimitInterval'] => Variant[Pattern[/^[0-9]+(s|min|h|ms|us)?$/],Systemd::JournaldSettings::Ensure],\n Optional['RateLimitIntervalSec'] => Variant[Pattern[/^[0-9]+(s|min|h|ms|us)?$/],Systemd::JournaldSettings::Ensure],\n Optional['RateLimitBurst'] => Variant[Integer[0], Pattern[/^[0-9]+$/],Systemd::JournaldSettings::Ensure],\n Optional['SystemMaxUse'] => Variant[Pattern[/^[0-9]+(K|M|G|T|P|E)?$/],Systemd::JournaldSettings::Ensure],\n Optional['SystemKeepFree'] => Variant[Pattern[/^[0-9]+(K|M|G|T|P|E)?$/],Systemd::JournaldSettings::Ensure],\n Optional['SystemMaxFileSize'] => Variant[Pattern[/^[0-9]+(K|M|G|T|P|E)?$/],Systemd::JournaldSettings::Ensure],\n Optional['SystemMaxFiles'] => Variant[Integer[0], Pattern[/^[0-9]+$/],Systemd::JournaldSettings::Ensure],\n Optional['RuntimeMaxUse'] => Variant[Pattern[/^[0-9]+(K|M|G|T|P|E)?$/],Systemd::JournaldSettings::Ensure],\n Optional['RuntimeKeepFree'] => Variant[Pattern[/^[0-9]+(K|M|G|T|P|E)?$/],Systemd::JournaldSettings::Ensure],\n Optional['RuntimeMaxFileSize'] => Variant[Pattern[/^[0-9]+(K|M|G|T|P|E)?$/],Systemd::JournaldSettings::Ensure],\n Optional['RuntimeMaxFiles'] => Variant[Integer[0], Pattern[/^[0-9]+$/],Systemd::JournaldSettings::Ensure],\n Optional['MaxFileSec'] => Variant[Pattern[/^[0-9]+(year|month|week|day|h|m)?$/],Systemd::JournaldSettings::Ensure],\n Optional['MaxRetentionSec'] => Variant[Pattern[/^[0-9]+(year|month|week|day|h|m)?$/],Systemd::JournaldSettings::Ensure],\n Optional['SyncIntervalSec'] => Variant[Pattern[/^[0-9]+(year|month|week|day|h|m)?$/],Systemd::JournaldSettings::Ensure],\n Optional['ForwardToSyslog'] => Variant[Enum['yes','no'],Systemd::JournaldSettings::Ensure],\n Optional['ForwardToKMsg'] => Variant[Enum['yes','no'],Systemd::JournaldSettings::Ensure],\n Optional['ForwardToConsole'] => Variant[Enum['yes','no'],Systemd::JournaldSettings::Ensure],\n Optional['ForwardToWall'] => Variant[Enum['yes','no'],Systemd::JournaldSettings::Ensure],\n Optional['MaxLevelStore'] => Variant[Enum['emerg','alert','crit','err','warning','notice','info','debug'],Integer[0,7],Systemd::JournaldSettings::Ensure],\n Optional['MaxLevelSyslog'] => Variant[Enum['emerg','alert','crit','err','warning','notice','info','debug'],Integer[0,7],Systemd::JournaldSettings::Ensure],\n Optional['MaxLevelKMsg'] => Variant[Enum['emerg','alert','crit','err','warning','notice','info','debug'],Integer[0,7],Systemd::JournaldSettings::Ensure],\n Optional['MaxLevelConsole'] => Variant[Enum['emerg','alert','crit','err','warning','notice','info','debug'],Integer[0,7],Systemd::JournaldSettings::Ensure],\n Optional['MaxLevelWall'] => Variant[Enum['emerg','alert','crit','err','warning','notice','info','debug'],Integer[0,7],Systemd::JournaldSettings::Ensure],\n Optional['ReadKMsg'] => Variant[Enum['yes','no'],Systemd::JournaldSettings::Ensure],\n Optional['TTYPath'] => Variant[Stdlib::Absolutepath,Systemd::JournaldSettings::Ensure],\n Optional['LineMax'] => Variant[Pattern[/^[0-9]+(K|M|G|T)?$/],Systemd::JournaldSettings::Ensure],\n }]"}, {"name": "Systemd::JournaldSettings::Ensure", "file": "types/journaldsettings/ensure.pp", "line": 2, "docstring": {"text": "", "tags": [{"tag_name": "summary", "text": "defines allowed ensure states for systemd-journald settings"}]}, "alias_of": "Struct[{ 'ensure' => Enum['present','absent'] }]"}, {"name": "Systemd::LogindSettings", "file": "types/logindsettings.pp", "line": 2, "docstring": {"text": "Matches Systemd Login Manager Struct"}, "alias_of": "Struct[{\n Optional['HandleHibernateKey'] => Variant[Enum['ignore','poweroff','reboot','halt','kexec','suspend','hibernate','hybrid-sleep','suspend-then-hibernate','lock'],Systemd::LogindSettings::Ensure],\n Optional['HandleLidSwitch'] => Variant[Enum['ignore','poweroff','reboot','halt','kexec','suspend','hibernate','hybrid-sleep','suspend-then-hibernate','lock'],Systemd::LogindSettings::Ensure],\n Optional['HandleLidSwitchDocked'] => Variant[Enum['ignore','poweroff','reboot','halt','kexec','suspend','hibernate','hybrid-sleep','suspend-then-hibernate','lock'],Systemd::LogindSettings::Ensure],\n Optional['HandleLidSwitchExternalPower'] => Variant[Enum['ignore','poweroff','reboot','halt','kexec','suspend','hibernate','hybrid-sleep','suspend-then-hibernate','lock'],Systemd::LogindSettings::Ensure],\n Optional['HandlePowerKey'] => Variant[Enum['ignore','poweroff','reboot','halt','kexec','suspend','hibernate','hybrid-sleep','suspend-then-hibernate','lock'],Systemd::LogindSettings::Ensure],\n Optional['HandleSuspendKey'] => Variant[Enum['ignore','poweroff','reboot','halt','kexec','suspend','hibernate','hybrid-sleep','suspend-then-hibernate','lock'],Systemd::LogindSettings::Ensure],\n Optional['HibernateKeyIgnoreInhibited'] => Variant[Enum['yes','no'],Systemd::LogindSettings::Ensure],\n Optional['HoldoffTimeoutSec'] => Variant[Integer,Systemd::LogindSettings::Ensure],\n Optional['IdleAction'] => Variant[Enum['ignore','poweroff','reboot','halt','kexec','suspend','hibernate','hybrid-sleep','suspend-then-hibernate','lock'],Systemd::LogindSettings::Ensure],\n Optional['IdleActionSec'] => Variant[Integer,Systemd::LogindSettings::Ensure],\n Optional['InhibitDelayMaxSec'] => Variant[Integer,Systemd::LogindSettings::Ensure],\n Optional['InhibitorsMax'] => Variant[Integer,Systemd::LogindSettings::Ensure],\n Optional['KillExcludeUsers'] => Variant[Array[String],Systemd::LogindSettings::Ensure],\n Optional['KillOnlyUsers'] => Variant[Array[String],Systemd::LogindSettings::Ensure],\n Optional['KillUserProcesses'] => Variant[Enum['yes','no'],Systemd::LogindSettings::Ensure],\n Optional['LidSwitchIgnoreInhibited'] => Variant[Enum['yes','no'],Systemd::LogindSettings::Ensure],\n Optional['NAutoVTs'] => Variant[Integer,Systemd::LogindSettings::Ensure],\n Optional['PowerKeyIgnoreInhibited'] => Variant[Enum['yes','no'],Systemd::LogindSettings::Ensure],\n Optional['RemoveIPC'] => Variant[Enum['yes','no'],Systemd::LogindSettings::Ensure],\n Optional['ReserveVT'] => Variant[Integer,Systemd::LogindSettings::Ensure],\n Optional['RuntimeDirectorySize'] => Variant[Integer,Pattern['^(\\d+(K|M|G|T|P|E|%)?)$'],Systemd::LogindSettings::Ensure],\n Optional['SessionsMax'] => Variant[Integer,Pattern['^(infinity|(\\d+(K|M|G|T|P|E|%)?))$'],Systemd::LogindSettings::Ensure],\n Optional['SuspendKeyIgnoreInhibited'] => Variant[Enum['yes','no'],Systemd::LogindSettings::Ensure],\n Optional['UserTasksMax'] => Variant[Integer,Pattern['^(infinity|(\\d+(K|M|G|T|P|E|%)?))$'],Systemd::LogindSettings::Ensure]\n }]"}, {"name": "Systemd::LogindSettings::Ensure", "file": "types/logindsettings/ensure.pp", "line": 2, "docstring": {"text": "", "tags": [{"tag_name": "summary", "text": "defines allowed ensure states for systemd-logind settings"}]}, "alias_of": "Struct[{ 'ensure' => Enum['present','absent'] }]"}, {"name": "Systemd::ServiceLimits", "file": "types/servicelimits.pp", "line": 2, "docstring": {"text": "Matches Systemd Service Limit Struct"}, "alias_of": "Struct[{\n Optional['LimitCPU'] => Pattern['^\\d+(s|m|h|d|w|M|y)?(:\\d+(s|m|h|d|w|M|y)?)?$'],\n Optional['LimitFSIZE'] => Pattern['^(infinity|((\\d+(K|M|G|T|P|E)(:\\d+(K|M|G|T|P|E))?)))$'],\n Optional['LimitDATA'] => Pattern['^(infinity|((\\d+(K|M|G|T|P|E)(:\\d+(K|M|G|T|P|E))?)))$'],\n Optional['LimitSTACK'] => Pattern['^(infinity|((\\d+(K|M|G|T|P|E)(:\\d+(K|M|G|T|P|E))?)))$'],\n Optional['LimitCORE'] => Pattern['^(infinity|((\\d+(K|M|G|T|P|E)(:\\d+(K|M|G|T|P|E))?)))$'],\n Optional['LimitRSS'] => Pattern['^(infinity|((\\d+(K|M|G|T|P|E)(:\\d+(K|M|G|T|P|E))?)))$'],\n Optional['LimitNOFILE'] => Variant[Integer[-1],Pattern['^(infinity|\\d+(:(infinity|\\d+))?)$']],\n Optional['LimitAS'] => Pattern['^(infinity|((\\d+(K|M|G|T|P|E)(:\\d+(K|M|G|T|P|E))?)))$'],\n Optional['LimitNPROC'] => Variant[Integer[-1],Pattern['^(infinity|\\d+(:(infinity|\\d+))?)$']],\n Optional['LimitMEMLOCK'] => Pattern['^(infinity|((\\d+(K|M|G|T|P|E)(:\\d+(K|M|G|T|P|E))?)))$'],\n Optional['LimitLOCKS'] => Integer[1],\n Optional['LimitSIGPENDING'] => Integer[1],\n Optional['LimitMSGQUEUE'] => Pattern['^(infinity|((\\d+(K|M|G|T|P|E)(:\\d+(K|M|G|T|P|E))?)))$'],\n Optional['LimitNICE'] => Variant[Integer[0,40], Pattern['^(-\\+([0-1]?[0-9]|20))|([0-3]?[0-9]|40)$']],\n Optional['LimitRTPRIO'] => Integer[0],\n Optional['LimitRTTIME'] => Pattern['^\\d+(ms|s|m|h|d|w|M|y)?(:\\d+(ms|s|m|h|d|w|M|y)?)?$'],\n Optional['CPUAccounting'] => Boolean,\n Optional['CPUShares'] => Integer[2,262144],\n Optional['StartupCPUShares'] => Integer[2,262144],\n Optional['CPUQuota'] => Pattern['^([1-9][0-9]*)%$'],\n Optional['MemoryAccounting'] => Boolean,\n Optional['MemoryLow'] => Pattern['^(\\d+(K|M|G|T)?)$'],\n Optional['MemoryHigh'] => Pattern['^(\\d+(K|M|G|T)?)$'],\n Optional['MemoryMax'] => Pattern['^(\\d+(K|M|G|T)?)$'],\n Optional['MemoryLimit'] => Pattern['^(\\d+(K|M|G|T)?)$'],\n Optional['TasksAccounting'] => Boolean,\n Optional['TasksMax'] => Variant[Integer[1],Pattern['^(infinity|([1-9][0-9]?$|^100)%)$']],\n Optional['IOAccounting'] => Boolean,\n Optional['IOWeight'] => Integer[1,10000],\n Optional['StartupIOWeight'] => Integer[1,10000],\n Optional['IODeviceWeight'] => Array[Hash[Stdlib::Absolutepath, Integer[1,10000], 1, 1]],\n Optional['IOReadBandwidthMax'] => Array[Hash[Stdlib::Absolutepath, Pattern['^(\\d+(K|M|G|T)?)$'], 1, 1]],\n Optional['IOWriteBandwidthMax'] => Array[Hash[Stdlib::Absolutepath, Pattern['^(\\d+(K|M|G|T)?)$'], 1, 1]],\n Optional['IOReadIOPSMax'] => Array[Hash[Stdlib::Absolutepath, Pattern['^(\\d+(K|M|G|T)?)$'], 1, 1]],\n Optional['IOWriteIOPSMax'] => Array[Hash[Stdlib::Absolutepath, Pattern['^(\\d+(K|M|G|T)?)$'], 1, 1]],\n Optional['DeviceAllow'] => String[1],\n Optional['DevicePolicy'] => Enum['auto','closed','strict'],\n Optional['Slice'] => String[1],\n Optional['Delegate'] => Boolean,\n Optional['OOMScoreAdjust'] => Integer[-1000,1000]\n }]"}, {"name": "Systemd::Unit", "file": "types/unit.pp", "line": 2, "docstring": {"text": "", "tags": [{"tag_name": "summary", "text": "custom datatype that validates different filenames for systemd units"}]}, "alias_of": "Pattern['^[^/]+\\.(service|socket|device|mount|automount|swap|target|path|timer|slice|scope)$']"}, {"name": "Nginx::DebugConnection", "file": "types/debugconnection.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Variant[Stdlib::Host, Stdlib::IP::Address, Enum['unix:']]"}, {"name": "Nginx::ErrorLogSeverity", "file": "types/errorlogseverity.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Enum['debug', 'info', 'notice', 'warn', 'error', 'crit', 'alert', 'emerg']"}, {"name": "Nginx::Size", "file": "types/size.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Pattern[/^\\d+[k|K|m|M]?$/]"}, {"name": "Nginx::Time", "file": "types/time.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Pattern[/^\\d+(ms|s|m|h|d|w|M|y)?$/]"}, {"name": "Nginx::UpstreamCustomParameters", "file": "types/upstreamcustomparameters.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Hash[String[1], Variant[\n String[1],\n Integer,\n Array[\n Variant[\n String[1],\n Integer\n ]\n ],\n Hash[String[1],\n Variant[\n String[1],\n Integer,\n Array[\n Variant[\n String[1],\n Integer,\n ]\n ]\n ]\n ]\n ]]"}, {"name": "Nginx::UpstreamDefaults", "file": "types/upstreamdefaults.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Struct[{\n context => Optional[Enum['http', 'stream']],\n member_defaults => Optional[Nginx::UpstreamMemberDefaults],\n hash => Optional[String],\n ip_hash => Optional[Boolean],\n keepalive => Optional[Integer[1]],\n kepalive_requests => Optional[Integer[1]],\n keepalive_timeout => Optional[Nginx::Time],\n least_conn => Optional[Boolean],\n least_time => Optional[Nginx::UpstreamLeastTime],\n ntlm => Optional[Boolean],\n queue_max => Optional[Integer],\n queue_timeout => Optional[Nginx::Time],\n random => Optional[String],\n statefile => Optional[Stdlib::Unixpath],\n sticky => Optional[Nginx::UpstreamSticky],\n zone => Optional[Nginx::UpstreamZone],\n cfg_append => Optional[Hash],\n cfg_prepend => Optional[Hash],\n}]"}, {"name": "Nginx::UpstreamLeastTime", "file": "types/upstreamleasttime.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Variant[Nginx::UpstreamLeastTimeHttp, Nginx::UpstreamLeastTimeStream]"}, {"name": "Nginx::UpstreamLeastTimeHttp", "file": "types/upstreamleasttimehttp.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Enum['header', 'header inflight', 'last_byte', 'last_byte inflight']"}, {"name": "Nginx::UpstreamLeastTimeStream", "file": "types/upstreamleasttimestream.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Enum['connect', 'connect inflight', 'first_byte', 'first_byte inflight', 'last_byte', 'last_byte inflight']"}, {"name": "Nginx::UpstreamMember", "file": "types/upstreammember.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Struct[{\n server => Optional[Nginx::UpstreamMemberServer],\n port => Optional[Stdlib::Port],\n weight => Optional[Integer[1]],\n max_conns => Optional[Integer[1]],\n max_fails => Optional[Integer[0]],\n fail_timeout => Optional[Nginx::Time],\n backup => Optional[Boolean],\n resolve => Optional[Boolean],\n route => Optional[String],\n service => Optional[String],\n slow_start => Optional[Nginx::Time],\n state => Optional[Enum['drain','down']],\n params_prepend => Optional[String],\n params_append => Optional[String],\n comment => Optional[String],\n}]"}, {"name": "Nginx::UpstreamMemberDefaults", "file": "types/upstreammemberdefaults.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Struct[{\n server => Optional[Nginx::UpstreamMemberServer],\n port => Optional[Stdlib::Port],\n weight => Optional[Integer[1]],\n max_conns => Optional[Integer[1]],\n max_fails => Optional[Integer[0]],\n fail_timeout => Optional[Nginx::Time],\n backup => Optional[Boolean],\n resolve => Optional[Boolean],\n route => Optional[String],\n service => Optional[String],\n slow_start => Optional[Nginx::Time],\n state => Optional[Enum['drain','down']],\n params_prepend => Optional[String],\n params_append => Optional[String],\n}]"}, {"name": "Nginx::UpstreamMemberServer", "file": "types/upstreammemberserver.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Variant[Stdlib::Host, Pattern[/^unix:\\/([^\\/\\0]+\\/*)[^:]*$/]]"}, {"name": "Nginx::UpstreamMembers", "file": "types/upstreammembers.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Hash[String, Nginx::UpstreamMember]"}, {"name": "Nginx::UpstreamSticky", "file": "types/upstreamsticky.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Variant[Hash[\n Enum['cookie'],\n Struct[{\n name => String,\n expires => Optional[Variant[Nginx::Time,Enum['max']]],\n domain => Optional[String],\n httponly => Optional[Boolean],\n secure => Optional[Boolean],\n path => Optional[String],\n }]\n ], Hash[\n Enum['route'],\n String\n ], Hash[\n Enum['learn'],\n Struct[{\n create => String,\n lookup => String,\n zone => Nginx::UpstreamStickyZone,\n timeout => Optional[Nginx::Time],\n header => Optional[Boolean],\n sync => Optional[Boolean],\n }]\n ]]"}, {"name": "Nginx::UpstreamStickyZone", "file": "types/upstreamstickyzone.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Pattern[/^[-_\\.A-Za-z0-9]*:\\d+[k|K|m|M]$/]"}, {"name": "Nginx::UpstreamZone", "file": "types/upstreamzone.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Pattern[/^[-_\\.A-Za-z0-9]* \\d+[k|K|m|M]$/]"}, {"name": "Apache::LogLevel", "file": "types/loglevel.pp", "line": 27, "docstring": {"text": "A string that conforms to the Apache `LogLevel` syntax.\nDifferent levels can be specified for individual apache modules.\n\nie. `[module:]level [module:level] ...`\n\nThe levels are (in order of decreasing significance):\n* `emerg`\n* `alert`\n* `crit`\n* `error`\n* `warn`\n* `notice`\n* `info`\n* `debug`\n* `trace1`\n* `trace2`\n* `trace3`\n* `trace4`\n* `trace5`\n* `trace6`\n* `trace7`\n* `trace8`", "tags": [{"tag_name": "see", "name": "https://httpd.apache.org/docs/current/mod/core.html#loglevel"}, {"tag_name": "summary", "text": "A string that conforms to the Apache `LogLevel` syntax."}]}, "alias_of": "Pattern[/(emerg|alert|crit|error|warn|notice|info|debug|trace[1-8])/]"}, {"name": "Apache::OIDCSettings", "file": "types/oidcsettings.pp", "line": 2, "docstring": {"text": "https://github.com/zmartzone/mod_auth_openidc/blob/master/auth_openidc.conf"}, "alias_of": "Struct[{\n Optional['RedirectURI'] => Variant[Stdlib::HTTPSUrl,Stdlib::HttpUrl,Pattern[/^\\/[A-Za-z0-9\\-\\._%\\/]*$/]],\n Optional['CryptoPassphrase'] => String,\n Optional['MetadataDir'] => String,\n Optional['ProviderMetadataURL'] => Stdlib::HTTPSUrl,\n Optional['ProviderIssuer'] => String,\n Optional['ProviderAuthorizationEndpoint'] => Stdlib::HTTPSUrl,\n Optional['ProviderJwksUri'] => Stdlib::HTTPSUrl,\n Optional['ProviderTokenEndpoint'] => Stdlib::HTTPSUrl,\n Optional['ProviderTokenEndpointAuth'] => Enum['client_secret_basic','client_secret_post','client_secret_jwt','private_key_jwt','none'],\n Optional['ProviderTokenEndpointParams'] => Pattern[/^[A-Za-z0-9\\-\\._%]+=[A-Za-z0-9\\-\\._%]+(&[A-Za-z0-9\\-\\._%]+=[A-Za-z0-9\\-\\._%]+)*$/],\n Optional['ProviderUserInfoEndpoint'] => Stdlib::HTTPSUrl,\n Optional['ProviderCheckSessionIFrame'] => Stdlib::HTTPSUrl,\n Optional['ProviderEndSessionEndpoint'] => Stdlib::HTTPSUrl,\n Optional['ProviderRevocationEndpoint'] => Stdlib::HTTPSUrl,\n Optional['ProviderBackChannelLogoutSupported'] => Enum['On','Off'],\n Optional['ProviderRegistrationEndpointJson'] => String,\n Optional['Scope'] => Pattern[/^[A-Za-z0-9\\-\\._\\s]+$/],\n Optional['AuthRequestParams'] => Pattern[/^[A-Za-z0-9\\-\\._%]+=[A-Za-z0-9\\-\\._%]+(&[A-Za-z0-9\\-\\._%]+=[A-Za-z0-9\\-\\._%]+)*$/],\n Optional['SSLValidateServer'] => Enum['On','Off'],\n Optional['UserInfoRefreshInterval'] => Integer,\n Optional['JWKSRefreshInterval'] => Integer,\n Optional['UserInfoTokenMethod'] => Enum['authz_header','post_param'],\n Optional['ProviderAuthRequestMethod'] => Enum['GET','POST'],\n Optional['PublicKeyFiles'] => String,\n Optional['ResponseType'] => Enum['code','id_token','id_token token','code id_token','code token','code id_token token'],\n Optional['ResponseMode'] => Enum['fragment','query','form_post'],\n Optional['ClientID'] => String,\n Optional['ClientSecret'] => String,\n Optional['ClientTokenEndpointCert'] => String,\n Optional['ClientTokenEndpointKey'] => String,\n Optional['ClientName'] => String,\n Optional['ClientContact'] => String,\n Optional['PKCDMethod'] => Enum['plain','S256','referred_tb'],\n Optional['TokenBindingPolicy'] => Enum['disabled','optional','required','enforced'],\n Optional['ClientJwksUri'] => Stdlib::HTTPSUrl,\n Optional['IDTokenSignedResponseAlg'] => Enum['RS256','RS384','RS512','PS256','PS384','PS512','HS256','HS384','HS512','ES256','ES384','ES512'],\n Optional['IDTokenEncryptedResponseAlg'] => Enum['RSA1_5','A128KW','A256KW','RSA-OAEP'],\n Optional['IDTokenEncryptedResponseAlg'] => Enum['A128CBC-HS256','A256CBC-HS512','A256GCM'],\n Optional['UserInfoSignedResposeAlg'] => Enum['RS256','RS384','RS512','PS256','PS384','PS512','HS256','HS384','HS512','ES256','ES384','ES512'],\n Optional['UserInfoEncryptedResponseAlg'] => Enum['RSA1_5','A128KW','A256KW','RSA-OAEP'],\n Optional['UserInfoEncryptedResponseEnc'] => Enum['A128CBC-HS256','A256CBC-HS512','A256GCM'],\n Optional['OAuthServerMetadataURL'] => Stdlib::HTTPSUrl,\n Optional['AuthIntrospectionEndpoint'] => Stdlib::HTTPSUrl,\n Optional['OAuthClientID'] => String,\n Optional['OAuthClientSecret'] => String,\n Optional['OAuthIntrospectionEndpointAuth'] => Enum['client_secret_basic','client_secret_post','client_secret_jwt','private_key_jwt','bearer_access_token','none'],\n Optional['OAuthIntrospectionClientAuthBearerToken'] => String,\n Optional['OAuthIntrospectionEndpointCert'] => String,\n Optional['OAuthIntrospectionEndpointKey'] => String,\n Optional['OAuthIntrospectionEndpointMethod'] => Enum['POST','GET'],\n Optional['OAuthIntrospectionEndpointParams'] => Pattern[/^[A-Za-z0-9\\-\\._%]+=[A-Za-z0-9\\-\\._%]+(&[A-Za-z0-9\\-\\._%]+=[A-Za-z0-9\\-\\._%]+)*$/],\n Optional['OAuthIntrospectionTokenParamName'] => String,\n Optional['OAuthTokenExpiryClaim'] => Pattern[/^[A-Za-z0-9\\-\\._]+\\s(absolute|relative)\\s(mandatory|optional)$/],\n Optional['OAuthSSLValidateServer'] => Enum['On','Off'],\n Optional['OAuthVerifySharedKeys'] => String,\n Optional['OAuthVerifyCertFiles'] => String,\n Optional['OAuthVerifyJwksUri'] => Stdlib::HTTPSUrl,\n Optional['OAuthRemoteUserClaim'] => String,\n Optional['OAuthAcceptTokenAs'] => Pattern[/^((header|post|query|cookie\\:[A-Za-z0-9\\-\\._]+|basic)\\s?)+$/],\n Optional['OAuthAccessTokenBindingPolicy'] => Enum['disabled','optional','required','enforced'],\n Optional['Cookie'] => String,\n Optional['SessionCookieChunkSize'] => Integer,\n Optional['CookieHTTPOnly'] => Enum['On','Off'],\n Optional['CookieSameSite'] => Enum['On','Off'],\n Optional['PassCookies'] => String,\n Optional['StripCookies'] => String,\n Optional['StateMaxNumberOfCookies'] => Pattern[/^[0-9]+\\s(false|true)$/],\n Optional['SessionInactivityTimeout'] => Integer,\n Optional['SessionMaxDuration'] => Integer,\n Optional['SessionType'] => Pattern[/^(server-cache(:persistent)?|client-cookie(:persistent)?)$/],\n Optional['SessionCacheFallbackToCookie'] => Enum['On','Off'],\n Optional['CacheType'] => Enum['shm','memcache','file','redis'],\n Optional['CacheEncrypt'] => Enum['On','Off'],\n Optional['CacheShmMax'] => Integer,\n Optional['CacheShmEntrySizeMax'] => Integer,\n Optional['CacheFileCleanInterval'] => Integer,\n Optional['MemCacheServers'] => String,\n Optional['RedisCacheServer'] => String,\n Optional['RedisCachePassword'] => String,\n Optional['DiscoverURL'] => Variant[Stdlib::HTTPSUrl,Stdlib::HttpUrl],\n Optional['HTMLErrorTemplate'] => String,\n Optional['DefaultURL'] => Variant[Stdlib::HTTPSUrl,Stdlib::HttpUrl],\n Optional['PathScope'] => Pattern[/^[A-Za-z0-9\\-\\._\\s]+$/],\n Optional['PathAuthRequestParams'] => Pattern[/^[A-Za-z0-9\\-\\._%]+=[A-Za-z0-9\\-\\._%]+(&[A-Za-z0-9\\-\\._%]+=[A-Za-z0-9\\-\\._%]+)*$/],\n Optional['IDTokenIatSlack'] => Integer,\n Optional['ClaimPrefix'] => String,\n Optional['ClaimDelimiter'] => Pattern[/^.$/],\n Optional['RemoteUserClaim'] => String,\n Optional['PassIDTokenAs'] => Pattern[/^((claims|payload|serialized)\\s?)+$/],\n Optional['PassUserInfoAs'] => Pattern[/^((claims|json|jwt)\\s?)+$/],\n Optional['PassClaimsAs'] => Enum['none','headers','environment','both'],\n Optional['AuthNHeader'] => String,\n Optional['HTTPTimeoutLong'] => Integer,\n Optional['HTTPTimeoutShort'] => Integer,\n Optional['StateTimeout'] => Integer,\n Optional['ScrubRequestHeaders'] => Enum['On','Off'],\n Optional['OutgoingProxy'] => String,\n Optional['UnAuthAction'] => Enum['auth','pass','401','410'],\n Optional['UnAuthzAction'] => Enum['401','403','auth'],\n Optional['PreservePost'] => Enum['On','Off'],\n Optional['PassRefreshToken'] => Enum['On','Off'],\n Optional['RequestObject'] => String,\n Optional['ProviderMetadataRefreshInterval'] => Integer,\n Optional['InfoHook'] => Pattern[/^((iat|access_token|access_token_expires|id_token|userinfo|refresh_token|session)\\s?)+$/],\n Optional['BlackListedClaims'] => String,\n Optional['WhiteListedClaims'] => String,\n Optional['RefreshAccessTokenBeforeExpiry'] => Pattern[/^[0-9]+(\\slogout_on_error)?$/],\n }]"}, {"name": "Mysql::Options", "file": "types/options.pp", "line": 3, "docstring": {"text": "Use this if you don\u2019t want your options merged with the default options.", "tags": [{"tag_name": "summary", "text": "A hash of options structured like the override_options, but not merged with the default options."}]}, "alias_of": "Hash[String, Hash]"}, {"name": "Puppetdb::Ttl", "file": "types/ttl.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Pattern[/^\\d+(d|h|m|s|ms)$/]"}, {"name": "Dhcp::Mac", "file": "types/mac.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Pattern[/^[0-9A-Fa-f]{1,2}(:[0-9A-Fa-f]{1,2}){5}$/]"}, {"name": "Dhcp::Syslogfacility", "file": "types/syslogfacility.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Enum['user', 'mail', 'daemon', 'auth', 'syslog', 'lpr', 'news', 'uucp', 'cron', 'authpriv', 'ftp', 'ntp', 'security', 'console', 'solaris-cron', 'local0', 'local1', 'local2', 'local3', 'local4', 'local5', 'local6', 'local7']"}, {"name": "Elasticsearch::Multipath", "file": "types/multipath.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Variant[Array[Stdlib::Absolutepath], Stdlib::Absolutepath]"}, {"name": "Elasticsearch::Status", "file": "types/status.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Enum['enabled', 'disabled', 'running', 'unmanaged']"}, {"name": "Kibana::Status", "file": "types/status.pp", "line": 1, "docstring": {"text": ""}, "alias_of": "Enum['disabled', 'enabled', 'running', 'unmanaged']"}], "defined_types": [{"name": "letsencrypt::cert", "file": "manifests/cert.pp", "line": 13, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Name of the certificate, can be anything, but $::fqdn is recommended", "types": ["String"], "name": "cert_name"}, {"tag_name": "param", "text": "Present or absent (currently does nothing)", "types": ["Enum['present', 'absent']"], "name": "ensure"}, {"tag_name": "param", "text": "Should the certificates name be one of its domains?", "types": ["Boolean"], "name": "include_self"}, {"tag_name": "param", "text": "How should the challenge be handled.", "types": ["Letsencrypt::Authenticator"], "name": "authenticator"}, {"tag_name": "param", "text": "List of domains to add to certificate", "types": ["Array[String]"], "name": "domains"}, {"tag_name": "param", "text": "Additional config for this entry", "types": ["Hash[String, Any]"], "name": "config"}, {"tag_name": "summary", "text": "A single certificate"}]}, "defaults": {"cert_name": "$name", "ensure": "'present'", "include_self": "true", "domains": "[]", "config": "{}"}, "source": "define letsencrypt::cert (\n Letsencrypt::Authenticator $authenticator,\n String $cert_name = $name,\n Enum['present', 'absent'] $ensure = 'present',\n Boolean $include_self = true,\n Array[String] $domains = [],\n Hash[String, Any] $config = {},\n) {\n $conf_file = \"${letsencrypt::config_dir}/${cert_name}.ini\"\n $domain_file = \"${letsencrypt::config_dir}/${cert_name}.domains\"\n\n include \"::letsencrypt::authenticator::${authenticator}\"\n\n $local_conf = {\n 'cert-name' => $cert_name,\n 'rsa-key-size' => 4096,\n 'authenticator' => $authenticator,\n 'agree-tos' => true,\n 'quiet' => true,\n 'keep-until-expiring' => true,\n 'non-interactive' => true,\n }\n\n $conf = $letsencrypt::config_ + $local_conf + $config\n\n file { $conf_file:\n ensure => file,\n content => epp(\"${module_name}/ini.epp\", { 'values' => $conf }),\n }\n\n concat { $domain_file:\n ensure_newline => true,\n warn => true,\n }\n\n ensure_resource('letsencrypt::domain', $domains, {\n cert_name => $cert_name,\n })\n if $include_self and ! $cert_name in $domains {\n ensure_resource('letsencrypt::domain', $cert_name, {\n cert_name => $cert_name,\n })\n }\n\n letsencrypt::renew { $cert_name:\n }\n\n if ! $cert_name in $facts['letsencrypt_bycertname'] {\n exec { \"letsencrypt - get initial ${cert_name}\":\n creates => \"${letsencrypt::cert_dir}/${cert_name}\",\n command => [$letsencrypt::renew::setup::renew_script, $cert_name],\n require => [\n Concat[$domain_file],\n File[$conf_file],\n File[$letsencrypt::renew::setup::renew_script],\n ],\n }\n }\n\n exec { \"letsencrypt - refresh ${cert_name}\":\n command => [$letsencrypt::renew::setup::renew_script, $cert_name],\n subscribe => [File[$conf_file], Concat[$domain_file]],\n refreshonly => true,\n require => [\n Concat[$domain_file],\n File[$conf_file],\n File[$letsencrypt::renew::setup::renew_script],\n ],\n }\n}"}, {"name": "letsencrypt::domain", "file": "manifests/domain.pp", "line": 7, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Which certificate this domain name belongs to", "types": ["String"], "name": "cert_name"}, {"tag_name": "param", "text": "The domain name to be added", "types": ["String"], "name": "domain_name"}, {"tag_name": "summary", "text": "A single domain name which should be part of a certificate"}]}, "defaults": {"domain_name": "$name"}, "source": "define letsencrypt::domain (\n String $cert_name,\n String $domain_name = $name,\n) {\n concat::fragment { \"Letsencrypt::Domain - ${cert_name} - ${domain_name}\":\n target => \"${letsencrypt::config_dir}/${cert_name}.domains\",\n content => $domain_name,\n }\n}"}, {"name": "letsencrypt::renew", "file": "manifests/renew.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "param", "text": "which certificate to renew. A letsencrypt::cert of the same name\nmust exists.", "types": ["String"], "name": "cert_name"}, {"tag_name": "summary", "text": "Configures automatic renewal for the given certificate"}]}, "defaults": {"cert_name": "$name"}, "source": "define letsencrypt::renew (\n String $cert_name = $name,\n) {\n Resource[\"letsencrypt::renew::${letsencrypt::renew::setup::provider}\"] { $cert_name:\n cert_name => $cert_name,\n }\n}"}, {"name": "letsencrypt::renew::systemd", "file": "manifests/renew/systemd.pp", "line": 2, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "cert_name"}]}, "defaults": {"cert_name": "$name"}, "source": "define letsencrypt::renew::systemd (\n String $cert_name = $name\n) {\n require letsencrypt::renew::systemd::setup\n $service = $letsencrypt::renew::systemd::setup::service_name\n service { \"${service}@${cert_name}.timer\":\n ensure => 'running',\n enable => true,\n }\n}"}, {"name": "pacman::hook", "file": "manifests/hook.pp", "line": 12, "docstring": {"text": "", "tags": [{"tag_name": "param", "types": ["Enum['present', 'absent']"], "name": "ensure"}, {"tag_name": "param", "types": ["Integer"], "name": "priority"}, {"tag_name": "param", "types": ["Optional[String]"], "name": "description"}, {"tag_name": "param", "types": ["Enum['PreTransation', 'PostTransaction']"], "name": "when"}, {"tag_name": "param", "types": ["String"], "name": "exec"}, {"tag_name": "param", "types": ["Optional[Variant[String, Array[String, 1]]]"], "name": "depends"}, {"tag_name": "param", "types": ["Boolean"], "name": "abort_on_fail"}, {"tag_name": "param", "types": ["Boolean"], "name": "needs_targets"}, {"tag_name": "param", "types": ["Variant[Pacman::Trigger, Array[Pacman::Trigger, 1]]"], "name": "trigger"}]}, "defaults": {"ensure": "'present'", "priority": "50", "description": "undef", "depends": "undef", "abort_on_fail": "false", "needs_targets": "false"}, "source": "define pacman::hook (\n Enum['PreTransation', 'PostTransaction'] $when,\n String $exec,\n Variant[Pacman::Trigger, Array[Pacman::Trigger, 1]] $trigger,\n Enum['present', 'absent'] $ensure = 'present',\n Integer $priority = 50,\n Optional[String] $description = undef,\n Optional[Variant[String, Array[String, 1]]] $depends = undef,\n Boolean $abort_on_fail = false, # only for PreTransation\n Boolean $needs_targets = false,\n) {\n require pacman\n\n if ($abort_on_fail and $when != 'PreTransation') {\n fail('abort_on_fail only valid when \"when\" => \"PreTransation\"')\n }\n\n # Normalize triggers to list\n $triggers = ($trigger ? {\n Array => $trigger,\n default => [$trigger],\n }).map |$trigger| {\n # Normalize contents of each trigger, making\n {\n type => $trigger['type'],\n operation => $trigger['operation'] ? {\n Array => $trigger['operation'],\n default => [$trigger['operation']],\n },\n target => $trigger['target'] ? {\n Array => $trigger['target'],\n default => [$trigger['target']],\n }\n }\n }\n\n $triggers.each |$trigger| {\n if $trigger['type'] == 'Path' {\n $trigger['target'].each |$target| {\n if $target[0] == '/' {\n fail(\"Target paths shouldn't start with '/' ${target} in trigger ${name}\")\n }\n }\n }\n }\n\n $str = epp('pacman/hook.epp', {\n description => $description,\n depends => $depends ? {\n Optional => [],\n Array => $depends,\n default => [$depends],\n },\n triggers => $triggers,\n exec => $exec,\n when => $when,\n abort_on_fail => $abort_on_fail,\n needs_targets => $needs_targets,\n })\n\n $chksum = $str.md5()\n\n file { $chksum:\n ensure => $ensure,\n content => $str,\n path => \"${pacman::hooks_path}/${priority}-${name}.hook\",\n checksum => 'md5',\n checksum_value => $chksum,\n }\n}"}, {"name": "pacman::repo", "file": "manifests/repo.pp", "line": 19, "docstring": {"text": "", "tags": [{"tag_name": "param", "types": ["Enum['present', 'absent']"], "name": "ensure"}, {"tag_name": "param", "text": "Name of repo, exposed to mirrorlists as $repo", "types": ["String"], "name": "repo_name"}, {"tag_name": "param", "types": ["Optional[Enum['Never', 'Optional', 'Required']]"], "name": "siglevel"}, {"tag_name": "param", "types": ["Optional[Enum['Sync', 'Search', 'Install', 'Upgrade', 'All']]"], "name": "usage"}, {"tag_name": "param", "text": "A repolist to include, mutually exclusive with $server and $source", "types": ["Optional[String]"], "name": "include"}, {"tag_name": "param", "text": "A direct server to use, mutually exclusive with $include and $source", "types": ["Optional[String]"], "name": "server"}, {"tag_name": "param", "text": "A complete list of sources to pull from.\nShould be a list of strings on the form \"Include = ${include}\" or\n\"Server = ${server}\". Where include is a path to a mirrorlist, and\nserver is a direct url.\n\nMutually exclusive with $include and $server.", "types": ["Optional[Array[String,1]]"], "name": "source"}, {"tag_name": "summary", "text": "A Pacman repo"}]}, "defaults": {"ensure": "'present'", "repo_name": "$name", "siglevel": "undef", "usage": "undef", "include": "undef", "server": "undef", "source": "undef"}, "source": "define pacman::repo (\n Enum['present', 'absent'] $ensure = 'present',\n String $repo_name = $name,\n Optional[Enum['Never', 'Optional', 'Required']] $siglevel = undef,\n Optional[Enum['Sync', 'Search', 'Install', 'Upgrade', 'All']] $usage = undef,\n Optional[String] $include = undef,\n Optional[String] $server = undef,\n Optional[Array[String,1]] $source = undef,\n) {\n require pacman::setup\n\n if $repo_name == 'local' {\n fail('Repo name \"local\" is reserved by Pacman')\n }\n\n # Check that at mots one of the following are defined\n # At least one is required, but that is checked bellow.\n if [$include, $server, $source].filter |$x| { $x =~ NotUndef }.length > 1 {\n fail('$include, $server, and $source mutually exclusive')\n }\n\n $source_ = if $source {\n $source\n } elsif $server {\n [\"Server = ${server}\"]\n } elsif $include {\n [\"Include = ${include}\"]\n } else {\n fail('$source, $include, or $server required')\n }\n\n concat::fragment { \"pacman.conf - repo - ${repo_name}\":\n target => $pacman::conf_path,\n content => epp(\"${module_name}/repo.epp\", {\n 'name' => $repo_name,\n 'siglevel' => $siglevel,\n 'usage' => $usage,\n 'source' => $source_,\n }),\n }\n}"}, {"name": "puppet::config::agent", "file": "manifests/config/agent.pp", "line": 9, "docstring": {"text": "Set a config entry in the [agent] section", "tags": [{"tag_name": "param", "text": "The value for the config entry", "types": ["Variant[Array[String], Boolean, String, Integer]"], "name": "value"}, {"tag_name": "param", "text": "The key of the config entry", "types": ["String"], "name": "key"}, {"tag_name": "param", "text": "How to join an array value into a string", "types": ["String"], "name": "joiner"}]}, "defaults": {"key": "$name", "joiner": "','"}, "source": "define puppet::config::agent (\n Variant[Array[String], Boolean, String, Integer] $value,\n String $key = $name,\n String $joiner = ','\n) {\n puppet::config::entry{\"agent_${name}\":\n key => $key,\n value => $value,\n joiner => $joiner,\n section => 'agent',\n sectionorder => 2,\n }\n}"}, {"name": "puppet::config::entry", "file": "manifests/config/entry.pp", "line": 14, "docstring": {"text": "Set a config entry", "tags": [{"tag_name": "param", "text": "The key of the config entry", "types": ["String"], "name": "key"}, {"tag_name": "param", "text": "The value for the config entry", "types": ["Variant[Array[String], Boolean, String, Integer]"], "name": "value"}, {"tag_name": "param", "text": "The section for the config entry", "types": ["String"], "name": "section"}, {"tag_name": "param", "text": "How to order the section. This is only used on the first definition of the\nsection via ensure_resource.", "types": ["Variant[Integer[0], String]"], "name": "sectionorder"}, {"tag_name": "param", "text": "How to join an array value into a string", "types": ["String"], "name": "joiner"}]}, "defaults": {"sectionorder": "5", "joiner": "','"}, "source": "define puppet::config::entry (\n String $key,\n Variant[Array[String], Boolean, String, Integer] $value,\n String $section,\n Variant[Integer[0], String] $sectionorder = 5,\n String $joiner = ',',\n) {\n if ($value =~ Array) {\n $_value = join(flatten($value), $joiner)\n } elsif ($value =~ Boolean) {\n $_value = bool2str($value)\n } else {\n $_value = $value\n }\n\n # note the spaces at he end of the 'order' parameters,\n # they make sure that '1_main ' is ordered before '1_main_*'\n ensure_resource('concat::fragment', \"puppet.conf_${section}\", {\n target => \"${puppet::dir}/puppet.conf\",\n content => \"\\n[${section}]\",\n order => \"${sectionorder}_${section} \",\n })\n ensure_resource('concat::fragment', \"puppet.conf_${section}_end\", {\n target => \"${puppet::dir}/puppet.conf\",\n content => \"\\n\",\n order => \"${sectionorder}_${section}~end\",\n })\n\n # this adds the '$key =' for the first value,\n # otherwise it just appends it with the joiner to separate it from the previous value.\n if (!defined(Concat::Fragment[\"puppet.conf_${section}_${key}\"])){\n concat::fragment{\"puppet.conf_${section}_${key}\":\n target => \"${puppet::dir}/puppet.conf\",\n content => \"\\n ${key} = ${_value}\",\n order => \"${sectionorder}_${section}_${key} \",\n }\n } else {\n concat::fragment{\"puppet.conf_${section}_${key}_${name}\":\n target => \"${puppet::dir}/puppet.conf\",\n content => \"${joiner}${_value}\",\n order => \"${sectionorder}_${section}_${key}_${name} \",\n }\n }\n}"}, {"name": "puppet::config::main", "file": "manifests/config/main.pp", "line": 9, "docstring": {"text": "Set a config entry in the [main] section", "tags": [{"tag_name": "param", "text": "The value for the config entry", "types": ["Variant[Array[String], Boolean, String, Integer]"], "name": "value"}, {"tag_name": "param", "text": "The key of the config entry", "types": ["String"], "name": "key"}, {"tag_name": "param", "text": "How to join an array value into a string", "types": ["String"], "name": "joiner"}]}, "defaults": {"key": "$name", "joiner": "','"}, "source": "define puppet::config::main (\n Variant[Array[String], Boolean, String, Integer] $value,\n String $key = $name,\n String $joiner = ','\n) {\n puppet::config::entry{\"main${name}\":\n key => $key,\n value => $value,\n joiner => $joiner,\n section => 'main',\n sectionorder => 1,\n }\n}"}, {"name": "puppet::config::master", "file": "manifests/config/master.pp", "line": 9, "docstring": {"text": "Set a config entry in the [master] section", "tags": [{"tag_name": "param", "text": "The value for the config entry", "types": ["Variant[Array[String], Boolean, String, Integer]"], "name": "value"}, {"tag_name": "param", "text": "The key of the config entry", "types": ["String"], "name": "key"}, {"tag_name": "param", "text": "How to join an array value into a string", "types": ["String"], "name": "joiner"}]}, "defaults": {"key": "$name", "joiner": "','"}, "source": "define puppet::config::master (\n Variant[Array[String], Boolean, String, Integer] $value,\n String $key = $name,\n String $joiner = ','\n) {\n puppet::config::entry{\"master_${name}\":\n key => $key,\n value => $value,\n joiner => $joiner,\n section => 'master',\n sectionorder => 3,\n }\n}"}, {"name": "dns::dnssec_policy", "file": "manifests/dnssec_policy.pp", "line": 41, "docstring": {"text": "Manage custom DNSSEC policies", "tags": [{"tag_name": "param", "text": "This indicates the TTL to use when generating DNSKEY resource records.", "types": ["Optional[Integer]"], "name": "dnskey_ttl"}, {"tag_name": "param", "text": "This is a list specifying the algorithms and roles to use when generating\nkeys and signing the zone. Entries in this list do not represent specific\nDNSSEC keys, which may be changed on a regular basis, but the roles that\nkeys play in the signing policy.", "types": ["Array[Dns::Dnssec_policy_key]"], "name": "keys"}, {"tag_name": "param", "text": "This specifies the maximum permissible TTL value in seconds for the zone.", "types": ["Optional[Integer]"], "name": "max_zone_ttl"}, {"tag_name": "param", "text": "This is the TTL of the DS RRset that the parent zone uses.", "types": ["Optional[Integer]"], "name": "parent_ds_ttl"}, {"tag_name": "param", "text": "This is the expected propagation delay from the time when the parent zone is\nupdated to the time when the new version is served by all of the parent\nzone\u2019s name servers.", "types": ["Optional[String[1]]"], "name": "parent_propagation_delay"}, {"tag_name": "param", "text": "This is a margin that is added to the pre-publication interval in rollover\ntiming calculations, to give some extra time to cover unforeseen events.\nThis increases the time between when keys are published and they become\nactive.", "types": ["Optional[String[1]]"], "name": "publish_safety"}, {"tag_name": "param", "text": "This is a margin that is added to the post-publication interval in rollover\ntiming calculations, to give some extra time to cover unforeseen events.\nThis increases the time a key remains published after it is no longer\nactive.", "types": ["Optional[String[1]]"], "name": "retire_safety"}, {"tag_name": "param", "text": "This determines how frequently an RRSIG record needs to be refreshed. The\nsignature is renewed when the time until the expiration time is closer than\nthe specified interval.", "types": ["Optional[String[1]]"], "name": "signatures_refresh"}, {"tag_name": "param", "text": "This indicates the validity period of an RRSIG record (subject to inception\noffset and jitter).", "types": ["Optional[String[1]]"], "name": "signatures_validity"}, {"tag_name": "param", "text": "This is similar to signatures-validity, but for DNSKEY records.", "types": ["Optional[String[1]]"], "name": "signatures_validity_dnskey"}, {"tag_name": "param", "text": "This is the expected propagation delay from the time when a zone is first\nupdated to the time when the new version of the zone is served by all\nsecondary servers.", "types": ["Optional[String[1]]"], "name": "zone_propagation_delay"}]}, "defaults": {"dnskey_ttl": "undef", "keys": "[]", "max_zone_ttl": "undef", "parent_ds_ttl": "undef", "parent_propagation_delay": "undef", "publish_safety": "undef", "retire_safety": "undef", "signatures_refresh": "undef", "signatures_validity": "undef", "signatures_validity_dnskey": "undef", "zone_propagation_delay": "undef"}, "source": "define dns::dnssec_policy (\n Optional[Integer] $dnskey_ttl = undef,\n Array[Dns::Dnssec_policy_key] $keys = [],\n Optional[Integer] $max_zone_ttl = undef,\n Optional[Integer] $parent_ds_ttl = undef,\n Optional[String[1]] $parent_propagation_delay = undef,\n Optional[String[1]] $publish_safety = undef,\n Optional[String[1]] $retire_safety = undef,\n Optional[String[1]] $signatures_refresh = undef,\n Optional[String[1]] $signatures_validity = undef,\n Optional[String[1]] $signatures_validity_dnskey = undef,\n Optional[String[1]] $zone_propagation_delay = undef,\n) {\n if $name == 'none' or $name == 'default' {\n fail(\"The name \\\"${name}\\\" is reserved and cannot be used\")\n }\n\n concat::fragment { \"dnssec-policy-${name}\":\n target => $dns::publicviewpath,\n order => '0',\n content => epp('dns/named.dnssec_policy.epp',\n {\n name => $name,\n keys => $keys,\n options => {\n 'dnskey-ttl' => $dnskey_ttl,\n 'max-zone-ttl' => $max_zone_ttl,\n 'parent-ds-ttl' => $parent_ds_ttl,\n 'parent-propagation-delay' => $parent_propagation_delay,\n 'publish-safety' => $publish_safety,\n 'retire-safety' => $retire_safety,\n 'signatures-refresh' => $signatures_refresh,\n 'signatures-validity' => $signatures_validity,\n 'signatures-validity-dnskey' => $signatures_validity_dnskey,\n 'zone-propagation-delay' => $zone_propagation_delay,\n },\n }\n ),\n }\n}"}, {"name": "dns::key", "file": "manifests/key.pp", "line": 20, "docstring": {"text": "Generate a new key for the dns", "tags": [{"tag_name": "param", "text": "The algorithm used to generate the secret key", "types": ["String"], "name": "algorithm"}, {"tag_name": "param", "text": "The filename to store the key. This is placed in the key directory.", "types": ["String"], "name": "filename"}, {"tag_name": "param", "text": "This is the secret to be place inside the keyfile, if left empty the key\nwill be generated", "types": ["Optional[String]"], "name": "secret"}, {"tag_name": "param", "text": "The directory to store the key in. Inherited from the main dns class by default.", "types": ["Stdlib::Absolutepath"], "name": "keydir"}, {"tag_name": "param", "text": "The size of the key to generate. Only used when generating the key. It's\nignored if when a key is specified.", "types": ["Integer"], "name": "keysize"}]}, "defaults": {"algorithm": "'hmac-md5'", "filename": "\"${name}.key\"", "secret": "undef", "keydir": "$dns::dnsdir", "keysize": "512"}, "source": "define dns::key(\n String $algorithm = 'hmac-md5',\n String $filename = \"${name}.key\",\n Optional[String] $secret = undef,\n Stdlib::Absolutepath $keydir = $dns::dnsdir,\n Integer $keysize = 512,\n) {\n $keyfilename = \"${keydir}/${filename}\"\n\n if $secret {\n file {$keyfilename:\n ensure => file,\n owner => $dns::user,\n group => $dns::group,\n mode => '0640',\n content => template('dns/key.erb'),\n before => Class['dns::config'],\n notify => Class['dns::service'],\n }\n } else {\n exec { \"create-${filename}\":\n command => \"${dns::rndcconfgen} -a -c ${keyfilename} -b ${keysize} -k ${name}\",\n creates => $keyfilename,\n before => Class['dns::config'],\n notify => Class['dns::service'],\n }-> file { $keyfilename:\n owner => 'root',\n group => $dns::params::group,\n mode => '0640',\n }\n }\n\n concat::fragment { \"named.conf+20-key-${name}.dns\":\n target => $dns::namedconf_path,\n content => \"include \\\"${keyfilename}\\\";\\n\",\n order => '20',\n }\n}"}, {"name": "dns::logging::category", "file": "manifests/logging/category.pp", "line": 8, "docstring": {"text": "Define new category for logging", "tags": [{"tag_name": "param", "text": "The array of channels to attach to the category", "types": ["Array"], "name": "channels"}, {"tag_name": "param", "text": "The order of the category in the configuration file", "types": ["Integer[51, 59]"], "name": "order"}]}, "defaults": {"order": "55"}, "source": "define dns::logging::category (\n Array $channels,\n Integer[51, 59] $order = 55,\n) {\n include dns::logging\n\n $category_name = $title\n\n concat::fragment { \"named.conf-logging-category-${title}.dns\":\n target => $dns::namedconf_path,\n content => template('dns/log.category.conf.erb'),\n order => $order,\n }\n}"}, {"name": "dns::logging::channel", "file": "manifests/logging/channel.pp", "line": 32, "docstring": {"text": "Define new channel for logging", "tags": [{"tag_name": "param", "text": "The path to the log file", "types": ["Optional[Stdlib::Absolutepath]"], "name": "file_path"}, {"tag_name": "param", "text": "The maximum size the log file is allowed to reach", "types": ["Optional[String]"], "name": "file_size"}, {"tag_name": "param", "text": "The number of log files to keep when rotating", "types": ["Optional[Integer]"], "name": "file_versions"}, {"tag_name": "param", "text": "The destination type for the log (file, stderr, syslog, or \"null\")", "types": ["Enum['file', 'null', 'stderr', 'syslog']"], "name": "log_type"}, {"tag_name": "param", "text": "The order of the channel in the configuration file", "types": ["Integer[51, 59]"], "name": "order"}, {"tag_name": "param", "text": "Decide whether to log the category in the log message", "types": ["Optional[Enum['no', 'yes']]"], "name": "print_category"}, {"tag_name": "param", "text": "Decide whether to log the severity in the log message", "types": ["Optional[Enum['no', 'yes']]"], "name": "print_severity"}, {"tag_name": "param", "text": "Decide whether to log the time in the log message", "types": ["Optional[Enum['no', 'yes']]"], "name": "print_time"}, {"tag_name": "param", "text": "The severity of messages to log", "types": ["Optional[String]"], "name": "severity"}, {"tag_name": "param", "text": "The syslog facility to use when logging to a syslog log_type", "types": ["Optional[String]"], "name": "syslog_facility"}]}, "defaults": {"file_path": "undef", "file_size": "undef", "file_versions": "undef", "log_type": "undef", "order": "51", "print_category": "undef", "print_severity": "undef", "print_time": "undef", "severity": "undef", "syslog_facility": "undef"}, "source": "define dns::logging::channel (\n Optional[Stdlib::Absolutepath] $file_path = undef,\n Optional[String] $file_size = undef,\n Optional[Integer] $file_versions = undef,\n Enum['file', 'null', 'stderr', 'syslog'] $log_type = undef,\n Integer[51, 59] $order = 51,\n Optional[Enum['no', 'yes']] $print_category = undef,\n Optional[Enum['no', 'yes']] $print_severity = undef,\n Optional[Enum['no', 'yes']] $print_time = undef,\n Optional[String] $severity = undef,\n Optional[String] $syslog_facility = undef,\n) {\n include dns::logging\n\n $channel_name = $title\n\n if $log_type == 'syslog' {\n if empty($syslog_facility) {\n fail('dns::logging::channel: \"syslog_faility\" needs to be set with log type syslog')\n }\n }\n\n if $log_type == 'file' {\n if empty($file_path) {\n fail('dns::logging::channel: \"file_path\" needs to be set with log type file')\n }\n if empty($file_size) {\n fail('dns::logging::channel: \"file_size\" needs to be set with log type file')\n }\n if empty($file_versions) {\n fail('dns::logging::channel: \"file_versions\" needs to be set with log type file')\n }\n }\n\n concat::fragment { \"named.conf-logging-channel-${title}.dns\":\n target => $dns::namedconf_path,\n content => template('dns/log.channel.conf.erb'),\n order => $order,\n }\n}"}, {"name": "dns::view", "file": "manifests/view.pp", "line": 42, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The value for match-clients in the view definition", "types": ["Array[String]"], "name": "match_clients"}, {"tag_name": "param", "text": "The value for match-destinations in the view definition", "types": ["Array[String]"], "name": "match_destinations"}, {"tag_name": "param", "text": "The value for match-recursive-only in the view definition", "types": ["Optional[Enum['yes','no']]"], "name": "match_recursive_only"}, {"tag_name": "param", "text": "The value for allow-transfer in the view definition", "types": ["Array[String]"], "name": "allow_transfer"}, {"tag_name": "param", "text": "The value for allow-recursion in the view definition", "types": ["Array[String]"], "name": "allow_recursion"}, {"tag_name": "param", "text": "The value for allow-query in the view definition", "types": ["Array[String]"], "name": "allow_query"}, {"tag_name": "param", "text": "The value for allow-query-cache in the view definition", "types": ["Array[String]"], "name": "allow_query_cache"}, {"tag_name": "param", "text": "The value for also-notify in the view definition", "types": ["Array[String]"], "name": "also_notify"}, {"tag_name": "param", "text": "The value for forwarders in the view definition", "types": ["Array[String]"], "name": "forwarders"}, {"tag_name": "param", "text": "The value for forward in the view definition. Only used if forwarders is\nnot empty.", "types": ["Optional[Enum['only','first']]"], "name": "forward"}, {"tag_name": "param", "text": "The value for recursion in the view definition", "types": ["Optional[Enum['yes','no']]"], "name": "recursion"}, {"tag_name": "param", "text": "The value for dnssec-enable in the view definition", "types": ["Optional[Enum['yes','no']]"], "name": "dnssec_enable"}, {"tag_name": "param", "text": "The value for dnssec-validation in the view definition", "types": ["Optional[Enum['yes','no']]"], "name": "dnssec_validation"}, {"tag_name": "param", "text": "The value for notify in the view definition", "types": ["Optional[Enum['yes','no','explicit']]"], "name": "dns_notify"}, {"tag_name": "param", "text": "Whether to include the local zones or not. Requires dns::localzonepath not\nto be unmanaged to be effective.", "types": ["Boolean"], "name": "include_localzones"}, {"tag_name": "param", "text": "Whether to include the default zones or not. Requires dns::defaultzonepath\nnot to be unmanaged to be effective.", "types": ["Boolean"], "name": "include_defaultzones"}, {"tag_name": "param", "text": "The order parameter to the concat fragment.", "types": ["String"], "name": "order"}, {"tag_name": "see", "name": "https://kb.isc.org/docs/aa-00851"}, {"tag_name": "summary", "text": "Define new view for the dns"}]}, "defaults": {"match_clients": "[]", "match_destinations": "[]", "match_recursive_only": "undef", "allow_transfer": "[]", "allow_recursion": "[]", "allow_query": "[]", "allow_query_cache": "[]", "also_notify": "[]", "forwarders": "[]", "forward": "undef", "recursion": "undef", "dnssec_enable": "undef", "dnssec_validation": "undef", "dns_notify": "undef", "include_localzones": "true", "include_defaultzones": "true", "order": "'-'"}, "source": "define dns::view (\n Array[String] $match_clients = [],\n Array[String] $match_destinations = [],\n Optional[Enum['yes','no']] $match_recursive_only = undef,\n Array[String] $allow_transfer = [],\n Array[String] $allow_recursion = [],\n Array[String] $allow_query = [],\n Array[String] $allow_query_cache = [],\n Array[String] $also_notify = [],\n Array[String] $forwarders = [],\n Optional[Enum['only','first']] $forward = undef,\n Optional[Enum['yes','no']] $recursion = undef,\n Optional[Enum['yes','no']] $dnssec_enable = undef,\n Optional[Enum['yes','no']] $dnssec_validation = undef,\n Optional[Enum['yes','no','explicit']] $dns_notify = undef,\n Boolean $include_localzones = true,\n Boolean $include_defaultzones = true,\n String $order = '-',\n) {\n\n unless $dns::enable_views {\n fail('Must set $dns::enable_views to true in order to use dns::view')\n }\n\n $viewconfigfile = \"${dns::viewconfigpath}/${title}.conf\"\n\n concat::fragment { \"dns_view_include_${title}.dns\":\n target => $dns::publicviewpath,\n content => \"include \\\"${viewconfigfile}\\\";\\n\",\n order => $order,\n }\n\n concat { $viewconfigfile:\n owner => root,\n group => $dns::params::group,\n mode => '0640',\n notify => Class['dns::service'],\n before => Concat[$dns::publicviewpath],\n }\n\n concat::fragment { \"dns_view_header_${title}.dns\":\n target => $viewconfigfile,\n content => template('dns/named.view_header.erb'),\n order => \"${title}-10\",\n }\n concat::fragment { \"dns_view_footer_${title}.dns\":\n target => $viewconfigfile,\n content => \"};\\n\",\n order => \"${title}-14\",\n }\n\n}"}, {"name": "dns::zone", "file": "manifests/zone.pp", "line": 54, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The IP address for the SOA. If `reverse` is false, an A record will be\ncreated pointing to this IP address for `$soa`. This only makes sense if\n`$soa` is withing this zone and needs glue records.", "types": ["Optional[Stdlib::IP::Address::V4]"], "name": "soaip"}, {"tag_name": "param", "text": "The IPv6 address for the SOA. If `reverse` is false, an AAAA record will be\ncreated pointing to this IP address for `$soa`. This only makes sense if\n`$soa` is withing this zone and needs glue records.", "types": ["Optional[Stdlib::IP::Address::V6]"], "name": "soaipv6"}, {"tag_name": "param", "text": "Whether the manage the file resource. When true $manage_file_name is implied.", "types": ["Boolean"], "name": "manage_file"}, {"tag_name": "param", "text": "Whether to set the file parameter in the zone file.", "types": ["Boolean"], "name": "manage_file_name"}, {"tag_name": "param", "text": "This can be used to specifiy additional update policy rules in the\nfollowing format\n{ '<KEY_NAME' => {'matchtype' => '<VALUE>', 'tname' => '<VALUE>', 'rr' => 'VALUE' } }\nExample {'foreman_key' => {'matchtype' => 'zonesub', 'rr' => 'ANY'}}\ntname and rr are optional", "types": ["Optional[Dns::UpdatePolicy]"], "name": "update_policy"}, {"tag_name": "param", "types": ["Array[String]"], "name": "target_views"}, {"tag_name": "param", "types": ["String"], "name": "zonetype"}, {"tag_name": "param", "types": ["String"], "name": "soa"}, {"tag_name": "param", "types": ["Boolean"], "name": "reverse"}, {"tag_name": "param", "types": ["String"], "name": "ttl"}, {"tag_name": "param", "types": ["Integer"], "name": "refresh"}, {"tag_name": "param", "types": ["Integer"], "name": "update_retry"}, {"tag_name": "param", "types": ["Integer"], "name": "expire"}, {"tag_name": "param", "types": ["Integer"], "name": "negttl"}, {"tag_name": "param", "types": ["Integer"], "name": "serial"}, {"tag_name": "param", "types": ["Array"], "name": "masters"}, {"tag_name": "param", "types": ["Array"], "name": "allow_transfer"}, {"tag_name": "param", "types": ["Array"], "name": "allow_query"}, {"tag_name": "param", "types": ["Array"], "name": "also_notify"}, {"tag_name": "param", "types": ["String"], "name": "zone"}, {"tag_name": "param", "types": ["Optional[String]"], "name": "contact"}, {"tag_name": "param", "types": ["Stdlib::Absolutepath"], "name": "zonefilepath"}, {"tag_name": "param", "types": ["String"], "name": "filename"}, {"tag_name": "param", "types": ["Enum['first', 'only']"], "name": "forward"}, {"tag_name": "param", "types": ["Array"], "name": "forwarders"}, {"tag_name": "param", "types": ["Optional[Enum['yes', 'no', 'explicit']]"], "name": "dns_notify"}, {"tag_name": "param", "types": ["Optional[Stdlib::Absolutepath]"], "name": "key_directory"}, {"tag_name": "param", "types": ["Optional[Enum['yes', 'no']]"], "name": "inline_signing"}, {"tag_name": "param", "types": ["Optional[Enum['yes', 'no']]"], "name": "dnssec_secure_to_insecure"}, {"tag_name": "param", "types": ["Optional[Enum['allow', 'maintain', 'off']]"], "name": "auto_dnssec"}, {"tag_name": "param", "text": "Causes the zone to be signed and turns on automatic maintenance for the zone.", "types": ["Optional[String[1]]"], "name": "dnssec_policy"}, {"tag_name": "summary", "text": "Define new zone for the dns"}]}, "defaults": {"target_views": "[]", "zonetype": "'master'", "soa": "$fqdn", "reverse": "false", "ttl": "'10800'", "soaip": "undef", "soaipv6": "undef", "refresh": "86400", "update_retry": "3600", "expire": "604800", "negttl": "3600", "serial": "1", "masters": "[]", "allow_transfer": "[]", "allow_query": "[]", "also_notify": "[]", "zone": "$title", "contact": "undef", "zonefilepath": "$dns::zonefilepath", "filename": "\"db.${title}\"", "manage_file": "true", "manage_file_name": "false", "forward": "'first'", "forwarders": "[]", "dns_notify": "undef", "update_policy": "undef", "key_directory": "undef", "inline_signing": "undef", "dnssec_secure_to_insecure": "undef", "auto_dnssec": "undef", "dnssec_policy": "undef"}, "source": "define dns::zone (\n Array[String] $target_views = [],\n String $zonetype = 'master',\n String $soa = $fqdn,\n Boolean $reverse = false,\n String $ttl = '10800',\n Optional[Stdlib::IP::Address::V4] $soaip = undef,\n Optional[Stdlib::IP::Address::V6] $soaipv6 = undef,\n Integer $refresh = 86400,\n Integer $update_retry = 3600,\n Integer $expire = 604800,\n Integer $negttl = 3600,\n Integer $serial = 1,\n Array $masters = [],\n Array $allow_transfer = [],\n Array $allow_query = [],\n Array $also_notify = [],\n String $zone = $title,\n Optional[String] $contact = undef,\n Stdlib::Absolutepath $zonefilepath = $dns::zonefilepath,\n String $filename = \"db.${title}\",\n Boolean $manage_file = true,\n Boolean $manage_file_name = false,\n Enum['first', 'only'] $forward = 'first',\n Array $forwarders = [],\n Optional[Enum['yes', 'no', 'explicit']] $dns_notify = undef,\n Optional[Dns::UpdatePolicy] $update_policy = undef,\n Optional[Stdlib::Absolutepath] $key_directory = undef,\n Optional[Enum['yes', 'no']] $inline_signing = undef,\n Optional[Enum['yes', 'no']] $dnssec_secure_to_insecure = undef,\n Optional[Enum['allow', 'maintain', 'off']] $auto_dnssec = undef,\n Optional[String[1]] $dnssec_policy = undef,\n) {\n\n $_contact = pick($contact, \"root.${zone}.\")\n\n $zonefilename = \"${zonefilepath}/${filename}\"\n\n if $dns::enable_views {\n if $target_views == [] {\n warning('You seem to mix BIND views with global zones, which will probably fail')\n $_target_views = ['_GLOBAL_']\n } else {\n $_target_views = $target_views\n }\n } else {\n $_target_views = ['_GLOBAL_']\n }\n\n if $zonetype == 'slave' {\n $_dns_notify = pick($dns_notify, 'no')\n } else {\n $_dns_notify = $dns_notify\n }\n\n $_target_views.each |$view| {\n $target = $view ? {\n '_GLOBAL_' => $dns::publicviewpath,\n default => \"${dns::viewconfigpath}/${view}.conf\",\n }\n\n concat::fragment { \"dns_zones+10_${view}_${title}.dns\":\n target => $target,\n content => template('dns/named.zone.erb'),\n order => \"${view}-11-${zone}-1\",\n }\n\n unless ($view == '_GLOBAL_' or defined(Dns::View[$view])) {\n fail(\"Please define a dns::view '${view}' before using it as a dns::zone target\")\n }\n }\n\n if $manage_file {\n file { $zonefilename:\n ensure => file,\n owner => $dns::user,\n group => $dns::group,\n mode => '0644',\n content => template('dns/zone.header.erb'),\n replace => false,\n notify => Class['dns::service'],\n }\n }\n}"}, {"name": "website_blog_2::instance", "file": "manifests/instance.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "author"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "blog_title"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "has_comments"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "subtitle"}, {"tag_name": "param", "text": "", "types": ["Optional[Struct[{ url => String, ref => String}]]"], "name": "vcs_repo"}]}, "defaults": {"blog_title": "$name", "has_comments": "false", "subtitle": "''", "vcs_repo": "undef"}, "source": "define website_blog_2::instance (\n String $author,\n String $blog_title = $name,\n Boolean $has_comments = false,\n String $subtitle = '',\n Optional[Struct[{ url => String, ref => String}]] $vcs_repo = undef,\n) {\n\n $root = \"${website_blog_2::blog_root}/${title}\"\n $safe_title = base64('encode', $blog_title)\n\n $upperdir = \"/var/website-blog-2/${title}\"\n $workdir = \"/var/website-blog-2/.workdirs/${title}\"\n file { [ $upperdir, $workdir ]:\n ensure => directory,\n }\n\n mount { $root:\n ensure => mounted,\n atboot => true,\n device => 'overlay',\n fstype => 'overlay',\n options => [\n 'lowerdir=/usr/share/website-blog-2',\n \"upperdir=${upperdir}\",\n \"workdir=${workdir}\",\n ].join(',')\n }\n\n # Manage entries directory\n if $vcs_repo {\n vcsrepo { \"${root}/entries\":\n ensure => latest,\n provider => git,\n source => $vcs_repo['url'],\n revision => $vcs_repo['ref'],\n group => 'www-data',\n }\n } else {\n file { \"${root}/entries\":\n ensure => directory,\n }\n }\n\n file { \"${root}/settings.php\":\n ensure => file,\n content => epp(\"${module_name}/settings.php.epp\", {\n author => $author,\n title => $blog_title,\n subtitle => $subtitle,\n has_comments => $has_comments,\n }),\n }\n\n file { \"${root}/footnote\":\n ensure => directory,\n recurse => true,\n }\n\n $foot_files = [\n ['about.md', 'About'],\n ['contact.md', 'Contact'],\n ['legal.md', 'Legal'],\n ['qna.md', '\"Q&A\"'],\n ]\n\n $foot_files.each |$item| {\n file { \"${root}/footnote/${item[0]}\":\n source => \"puppet:///modules/${module_name}/footers/${item[0]}\",\n }\n }\n\n file { \"${root}/special-files.ini\":\n ensure => file,\n content => epp(\n \"${module_name}/special-files.ini.epp\",\n { foot_files => $foot_files, }),\n }\n $location_ssl = letsencrypt::conf::nginx::location($website_blog_2::domain)\n nginx::resource::location { \"${safe_title} - /\":\n location => '/',\n try_files => ['$uri', '$uri/', '=404'],\n index_files => [],\n autoindex => on,\n server => $website_blog_2::blog_server_name,\n * => $location_ssl,\n add_header => {\n 'Cache-Control' => \"no-cache\",\n },\n }\n\n nginx::resource::location { \"${safe_title} - css\":\n location => '~ \\.css$',\n try_files => [ '$uri', '=404' ],\n server => $website_blog_2::blog_server_name,\n expires => '1h',\n * => $location_ssl,\n add_header => {\n 'Cache-Control' => \"no-cache\",\n },\n }\n\n nginx::resource::location { \"${safe_title} - php\":\n location => '~ \\.php$',\n fastcgi_params => 'snippets/fastcgi-php.conf',\n fastcgi => 'unix:/run/php/php-fpm.sock',\n * => $location_ssl,\n server => $website_blog_2::blog_server_name,\n }\n\n nginx::resource::location { \"${safe_title} - ht\":\n location => '~ /\\.ht',\n location_cfg_append => { deny => 'all' },\n index_files => [],\n * => $location_ssl + { ssl_only => false },\n server => $website_blog_2::blog_server_name,\n }\n}"}, {"name": "cgit::filter", "file": "manifests/filter.pp", "line": 12, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Target filter.", "types": ["Cgit::Filter_types"], "name": "filtername"}, {"tag_name": "param", "text": "Soruce file of filter, mutually exclusive with content.", "types": ["Optional[Variant[String, Array[String]]]"], "name": "source"}, {"tag_name": "param", "text": "Contents of filter, mutually exclusive with source.", "types": ["Optional[String]"], "name": "content"}, {"tag_name": "param", "text": "Passed along to the file resource. Useful for checksums.", "types": ["Hash"], "name": "file_props"}, {"tag_name": "param", "text": "If it's a lua or exec filter. Inferred from source filename.", "types": ["Enum['lua', 'exec']"], "name": "type"}, {"tag_name": "summary", "text": "Manages a single cgit filter."}]}, "defaults": {"filtername": "$name", "source": "undef", "content": "undef", "file_props": "{}", "type": "$source ? {\n Undef => fail(\"Type must be explictly set when source isn't used.\"),\n Array => fail(\"Type can't be inferred from arrays.\"),\n String => stdlib::extname($source) ? {\n '.lua' => 'lua',\n default => 'exec'"}, "source": "define cgit::filter (\n Cgit::Filter_types $filtername = $name,\n Optional[Variant[String, Array[String]]] $source = undef,\n Optional[String] $content = undef,\n Hash $file_props = {},\n Enum['lua', 'exec'] $type = $source ? {\n Undef => fail(\"Type must be explictly set when source isn't used.\"),\n Array => fail(\"Type can't be inferred from arrays.\"),\n String => stdlib::extname($source) ? {\n '.lua' => 'lua',\n default => 'exec',\n },\n }\n) {\n include cgit::filter_setup\n\n $dest = \"${cgit::filterpath}/${filtername}-filter\"\n\n $mode = $type ? {\n 'lua' => '0444',\n 'exec' => '0555',\n }\n\n file { $dest:\n ensure => file,\n mode => $mode,\n source => $source,\n content => $content,\n * => $file_props,\n }\n\n concat::fragment { \"cgit config filter ${filtername}\":\n target => $cgit::cgitrc,\n content => \"${filtername}-filter=${type}:${dest}\\n\",\n require => File[$dest],\n }\n}"}, {"name": "networking::networkd_instance", "file": "manifests/networkd_instance.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Hash[String,Variant[Hash,Array[Hash]]]"], "name": "content"}, {"tag_name": "param", "text": "", "types": ["Enum['present','absent']"], "name": "ensure"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "path"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "filename"}, {"tag_name": "param", "text": "", "types": ["Integer"], "name": "priority"}, {"tag_name": "param", "text": "", "types": ["Enum['network', 'netdev', 'link']"], "name": "type"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "real_filename"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "file"}]}, "defaults": {"ensure": "'present'", "path": "$networking::networkd::path", "filename": "$name", "priority": "20", "type": "'network'", "real_filename": "\"${priority}-${filename}.${type}\"", "file": "\"${path}/${real_filename}\""}, "source": "define networking::networkd_instance (\n Hash[String,Variant[Hash,Array[Hash]]] $content,\n Enum['present','absent'] $ensure = 'present',\n String $path = $networking::networkd::path,\n String $filename = $name,\n Integer $priority = 20,\n Enum['network', 'netdev', 'link'] $type = 'network',\n String $real_filename = \"${priority}-${filename}.${type}\",\n String $file = \"${path}/${real_filename}\",\n) {\n\n file { $file:\n ensure => $ensure,\n owner => 'systemd-network',\n content => epp('networking/unit_file.epp', {\n # Keys are unit file sections\n # Values are list of section content, so\n # {\n # 'Section' => [\n # {\n # 'key': 'value',\n # 'mvalued': ['v1', 'v2'],\n # }\n # ]\n # }\n # [Section]\n # key=value\n # mvalued=v1\n # mvalued=v2\n data => networking::repack($content),\n }),\n notify => if $networking::networkd::notify_ { Exec['reload networkd'] } else { [] },\n }\n}"}, {"name": "nspawn::machine", "file": "manifests/machine.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "template"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "machine"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "enable"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "machine_dir"}, {"tag_name": "param", "text": "", "types": ["Hash"], "name": "nspawn_opts"}]}, "defaults": {"machine": "$name", "enable": "false", "machine_dir": "$nspawn::machine_dir", "nspawn_opts": "{}"}, "source": "define nspawn::machine (\n String $template,\n String $machine = $name,\n Boolean $enable = false,\n String $machine_dir = $nspawn::machine_dir,\n Hash $nspawn_opts = {},\n) {\n\n require ::nspawn::setup\n\n # TODO\n # gather fact from 'machinectl list-images', and check if one with\n # our name + '.base' exists\n\n $domain = $facts['domain']\n $root = \"${machine_dir}/${machine}\"\n\n exec { \"lvcreate -n vm-${machine} -V 100G --thinpool lvpoolData VolGroup\":\n creates => \"/dev/VolGroup/vm-${machine}\",\n path => ['/usr/bin',],\n } -> systemd_mount { \"/var/lib/machines/${machine}\":\n what => \"/dev/VolGroup/vm-${machine}\"\n }\n\n # Copies image to us\n # TODO does this actually do anything more than a deep copy?\n exec { \"Create ${machine} from template\":\n command => [ 'systemd-nspawn',\n \"--template=/var/lib/machines/${template}.base\",\n '--quiet',\n '-D', $machine,\n '/bin/true', # run some command so we don't get stuck on boot prompt\n ],\n path => ['/bin','/usr/bin'],\n cwd => $machine_dir,\n creates => \"${machine_dir}/${machine}\",\n }\n\n file { \"/var/lib/machines/${machine}/etc/hostname\":\n ensure => file,\n content => \"${machine}.${domain}\\n\",\n require => Exec[\"Create ${machine} from template\"],\n }\n\n # systemd-nspawn --quiet -M debby systemctl enable puppet\n\n $nspawn_data = {\n 'Exec' => {\n # 'Hostname' => \"${machine}.${domain}\",\n 'Boot' => 'true',\n 'ResolvConf' => 'copy-static', # /usr/lib/systemd/resolv.conf\n },\n 'Network' => {\n 'Bridge' => 'br0',\n }\n # TODO deep merge?\n } + $nspawn_opts\n\n file { \"/etc/systemd/nspawn/${machine}.nspawn\":\n ensure => file,\n content => epp('nspawn/unit_file.epp', {\n data => $nspawn_data,\n }),\n notify => Service[\"systemd-nspawn@${machine}.service\"],\n }\n\n service { \"systemd-nspawn@${machine}.service\":\n enable => $enable,\n require => File[\"/etc/systemd/nspawn/${machine}.nspawn\"],\n }\n\n}"}, {"name": "nspawn::os::arch", "file": "manifests/os/arch.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "template_name"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "template_dir"}]}, "defaults": {"template_name": "$name", "template_dir": "$nspawn::template_dir"}, "source": "define nspawn::os::arch (\n String $template_name = $name,\n String $template_dir = $nspawn::template_dir,\n) {\n\n ensure_packages(['arch-install-scripts'])\n\n $root = \"${template_dir}/${template_name}\"\n\n file { $root:\n ensure => directory,\n } -> exec { \"/usr/bin/pacstrap '${root}' base puppet\":\n creates => \"${root}/etc/os-release\",\n } -> nspawn::util::enable_networkd { $template_name: \n template_dir => $template_dir,\n }\n}"}, {"name": "nspawn::os::debian", "file": "manifests/os/debian.pp", "line": 2, "docstring": {"text": "TODO rename this to image-setup", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "os_version"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "template_name"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "template_dir"}]}, "defaults": {"template_name": "$name", "template_dir": "$nspawn::template_dir"}, "source": "define nspawn::os::debian (\n String $os_version,\n String $template_name = $name,\n String $template_dir = $nspawn::template_dir,\n) {\n\n $root = \"${template_dir}/${template_name}\"\n $pkg_pos = 'var/tmp'\n\n ensure_packages(['debootstrap'])\n\n exec { \"/usr/bin/deboostrap ${os_version} '${root}'\":\n creates => \"${root}/etc/os-release\",\n }\n\n $puppet_deb = \"puppet7-release-${os_version}.deb\"\n $puppet_deb_path = \"${root}/${pkg_pos}/${puppet_deb}\"\n\n file { $puppet_deb_path:\n ensure => file,\n source => \"https://apt.puppet.com/${puppet_deb}\"\n }\n\n $running = $facts['machined-info'][$template_name] != undef\n and $facts['machined-info'][$template_name]['State'] == 'running' \n\n if $running {\n # TODO\n notify { \"Notify skipping ${template_name} setup\":\n message => \"Skipping setup for ${template_name}, already running\",\n }\n } else {\n exec { \"Set up puppet repo for ${template_name}\":\n subscribe => File[$puppet_deb_path],\n refreshonly => true,\n command => [ '/usr/bin/systemd-nspawn',\n '-M', $template_name,\n '--quiet',\n '/bin/sh', '-c',\n \"dpkg -i '/${pkg_pos}/puppet7-release-${os_version}.deb' && apt update\"\n ],\n }\n\n exec { \"install puppet-agent on ${template_name}\":\n command => [ '/usr/bin/systemd-nspawn',\n '-M', $template_name,\n '--quiet',\n 'apt', 'install', 'puppet-agent',\n ],\n creates => \"${root}/opt/puppetlabs/bin/puppet\",\n }\n }\n\n nspawn::util::disable_networking { $template_name: \n template_dir => $template_dir,\n }\n nspawn::util::enable_networkd { $template_name: \n template_dir => $template_dir,\n }\n}"}, {"name": "nspawn::template", "file": "manifests/template.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "template_name"}, {"tag_name": "param", "text": "", "types": ["Enum['debian', 'arch']"], "name": "os"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "version"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "puppet_server"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "template_dir"}]}, "defaults": {"template_name": "$name", "os": "$template_name.split('-')[0]", "version": "undef", "puppet_server": "$nspawn::puppet_server", "template_dir": "$nspawn::template_dir"}, "source": "define nspawn::template (\n String $template_name = $name,\n Enum['debian', 'arch'] $os = $template_name.split('-')[0],\n Optional[String] $version = undef,\n String $puppet_server = $nspawn::puppet_server,\n String $template_dir = $nspawn::template_dir,\n) {\n\n $template = \"${template_name}.base\"\n $root = \"${template_dir}/${template}\"\n\n case $os {\n 'debian': {\n $real_version = if $version != undef {\n $version\n } else {\n # Oout of bounds indexing gives 'undef'\n $template_name.split('-')[1]\n }\n nspawn::os::debian { $template:\n os_version => $real_version,\n template_dir => $template_dir,\n before => Nspawn::Template_final[$template],\n }\n }\n 'arch': {\n nspawn::os::arch { $template:\n template_dir => $template_dir,\n before => Nspawn::Template_final[$template],\n }\n }\n }\n\n nspawn::template_final { $template:\n root => $root,\n puppet_server => $puppet_server,\n }\n\n}"}, {"name": "nspawn::template_final", "file": "manifests/template_final.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "root"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "puppet_server"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "template"}]}, "defaults": {"template": "$name"}, "source": "define nspawn::template_final (\n String $root,\n String $puppet_server,\n String $template = $name,\n) {\n exec { \"Enable puppet on ${template}\":\n command => [ '/usr/bin/systemd-nspawn',\n '-M', $template,\n '--quiet',\n 'systemctl', 'enable', 'puppet',\n ],\n creates => \"${root}/etc/systemd/system/multi-user.target.wants/puppet.service\",\n }\n\n file { \"${root}/etc/systemd/system/puppet.service.requires\":\n ensure => directory,\n }\n\n # This is nice in theory, but has the problem that\n # network-online.target is reached on our first IP-address, which\n # will probably be our static IPv4 address, and busting.adrift.space\n # isn't resolvable over IPv4...\n file { \"${root}/etc/systemd/system/puppet.service.requires/network-online.target\":\n ensure => link,\n # Debian requires /lib, arch accepts it\n target => '/lib/systemd/system/network-online.target'\n }\n\n file { [ \"${root}/etc/puppetlabs\",\n \"${root}/etc/puppetlabs/puppet\" ] :\n ensure => directory,\n }\n\n\n file { \"${root}/etc/puppetlabs/puppet/puppet.conf\":\n ensure => file,\n content => @(\"EOF\")\n [main]\n server = ${puppet_server}\n | EOF\n }\n}"}, {"name": "nspawn::util::disable_networking", "file": "manifests/util/disable_networking.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "template_name"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "template_dir"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "template_path"}]}, "defaults": {"template_name": "$name", "template_dir": "$nspawn::template_dir", "template_path": "\"${template_dir}/${template_name}\""}, "source": "define nspawn::util::disable_networking (\n String $template_name = $name,\n String $template_dir = $nspawn::template_dir,\n String $template_path = \"${template_dir}/${template_name}\",\n) {\n # Manually masking instead of trying to disable/mask it through\n # systemd, since this is MUCH easier to do whith puppet.\n file { \"${template_path}/etc/systemd/system/networking.service\":\n ensure => link,\n target => '/dev/null',\n }\n}"}, {"name": "nspawn::util::enable_networkd", "file": "manifests/util/enable_networkd.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "template_name"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "template_dir"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "root"}]}, "defaults": {"template_name": "$name", "template_dir": "$nspawn::template_dir", "root": "\"${template_dir}/${template_name}\""}, "source": "define nspawn::util::enable_networkd (\n String $template_name = $name,\n String $template_dir = $nspawn::template_dir,\n String $root = \"${template_dir}/${template_name}\",\n) {\n\n networking::networkd_instance { \"Initial networking on ${template_name}\":\n priority => 99,\n filename => 'puppet-initial',\n path => \"${root}/${networking::networkd::path}\",\n content => {\n 'Match' => {\n 'Name' => 'host0',\n },\n 'Network' => {\n 'DHCP' => 'ipv4',\n 'IPv6AcceptRA' => 1,\n },\n },\n }\n\n $running = $facts['machined-info'][$template_name] != undef \n and $facts['machined-info'][$template_name]['State'] == 'running' \n\n $cmd = if $running {\n [ 'systemctl', '-M', $template_name, 'enable', 'systemd-networkd' ]\n } else {\n [ 'systemd-nspawn', '-M', $template_name, '--quiet',\n 'systemctl', 'enable', 'systemd-networkd' ]\n }\n\n exec { \"Enable systemd-networkd on ${template_name}\":\n command => $cmd,\n path => [ '/bin', '/usr/bin', ],\n # among others\n creates => \"${root}/etc/systemd/system/multi-user.target.wants/systemd-networkd.service\",\n }\n\n}"}, {"name": "nsupdate::instance", "file": "manifests/instance.pp", "line": 4, "docstring": {"text": "Sets up a single instance of a reoccuring nsupdate.\nNote that nsupdate::secret.$keyname needs to be made available through hiera\n/etc/puppetlabs/code/environments/production/data/nodes/hornquist.se.yaml", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "nameserver"}, {"tag_name": "param", "text": "", "types": ["Array[NSUpdate::Record]"], "name": "records"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "iface"}, {"tag_name": "param", "text": "", "types": ["Enum['present', 'absent']"], "name": "ensure"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "keyname"}]}, "defaults": {"iface": "$facts['networking']['primary']", "ensure": "present", "keyname": "$name"}, "source": "define nsupdate::instance (\n String $nameserver,\n Array[NSUpdate::Record] $records,\n String $iface = $facts['networking']['primary'],\n Enum['present', 'absent'] $ensure = present,\n String $keyname = $name,\n) {\n\n require ::nsupdate::setup\n\n file { \"/usr/libexec/nsupdate/${name}\":\n\tensure => $ensure,\n\tmode => '0555',\n content => epp('nsupdate/nsupdate.epp', {\n\t\tiface => $iface,\n\t\tnameserver => $nameserver,\n\t\trecords => $records,\n\t\tkeyname => $keyname,\n\t})\n }\n\n $key = $nsupdate::secrets[$keyname]\n $secret = Sensitive($key['secret'])\n file { \"/var/lib/nsupdate/${keyname}.key\":\n\tensure => file,\n\tmode => '0400',\n\tshow_diff => false,\n content => @(\"EOF\")\n\tkey \"${keyname}\" {\n\t\talgorithm ${key['algorithm']};\n\t\tsecret \"${secret.unwrap}\";\n\t};\n\t| EOF\n }\n\n cron { \"nsupdate ${name}\":\n\t ensure => $ensure,\n\t command => \"/usr/libexec/nsupdate/${name}\",\n\t minute => 0,\n }\n}"}, {"name": "profiles::mounts::instance", "file": "manifests/mounts/instance.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "what"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "where"}, {"tag_name": "param", "text": "", "types": ["Array[String]"], "name": "options"}]}, "defaults": {"where": "$name", "options": "[]"}, "source": "define profiles::mounts::instance (\n String $what,\n String $where = $name,\n Array[String] $options = [],\n) {\n\n file { $where:\n ensure => directory,\n }\n\n systemd_mount { $where:\n what => $what,\n where => $where,\n wantedBy => 'remote-fs.target',\n automount => true,\n require => File[$where],\n options => $options,\n }\n}"}, {"name": "systemd_mount", "file": "manifests/init.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "what"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "where"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "automount"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "wantedBy"}, {"tag_name": "param", "text": "", "types": ["Array[String]"], "name": "options"}]}, "defaults": {"where": "$name", "automount": "false", "wantedBy": "'default.target'", "options": "[]"}, "source": "define systemd_mount (\n String $what, # elrond:/files\n String $where = $name, # /usr/net\n Boolean $automount = false,\n String $wantedBy = 'default.target',\n Array[String] $options = [],\n) {\n\n $mostly_fixed = $where.map |$c| {\n $c ? {\n '/' => '-',\n '-' => '\\\\x2d',\n default => $c,\n }\n }.join('')\n $fixed = if $mostly_fixed[0] == '-' {\n $mostly_fixed[1, -1] # drop first char\n } else {\n $mostly_fixed\n }\n\n systemd::unit_file { \"${fixed}.mount\":\n content => epp('systemd_mount/mount.epp', {\n what => $what,\n where => $where,\n options => $options,\n wantedby => if ($automount) { '' } else { \"WantedBy=${wantedBy}\" },\n }),\n }\n\n if ($automount) {\n systemd::unit_file { \"${fixed}.automount\":\n content => epp('systemd_mount/automount.epp', {\n where => $where,\n wantedBy => \"WantedBy=${wantedBy}\",\n }),\n }\n\n service { \"${fixed}.automount\":\n enable => true,\n ensure => running,\n }\n } else {\n service { \"${fixed}.mount\":\n enable => true,\n ensure => running,\n }\n }\n\n}"}, {"name": "uwsgi::vassal", "file": "manifests/vassal.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "path"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "vassal_name"}, {"tag_name": "param", "text": "", "types": ["Enum['ini', 'xml', 'json', 'yaml']"], "name": "type"}, {"tag_name": "param", "text": "", "types": ["Enum['present', 'absent']"], "name": "ensure"}]}, "defaults": {"vassal_name": "$name", "type": "stdlib::extname($path)", "ensure": "'present'"}, "source": "define uwsgi::vassal (\n String $path,\n String $vassal_name = $name,\n # https://uwsgi-docs.readthedocs.io/en/latest/Configuration.html#ini-files\n Enum['ini', 'xml', 'json', 'yaml'] $type = stdlib::extname($path), # TODO strip leading period, and handle empty string\n Enum['present', 'absent'] $ensure = 'present',\n) {\n include ::uwsgi::emperor\n file { \"${uwsgi::emperor::path}/${name}.${type}\":\n ensure => $ensure ? { 'present' => 'link', 'absent' => 'absent' },\n target => $path,\n }\n}"}, {"name": "webdav_server", "file": "manifests/init.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "nginx_server"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "file_path"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "location"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "passwd_file"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "owner"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "group"}, {"tag_name": "param", "text": "", "types": ["Array[Array[String,2,2]]"], "name": "users"}, {"tag_name": "param", "text": "", "types": ["Array[String]"], "name": "dav_methods"}, {"tag_name": "param", "text": "", "types": ["Array[String]"], "name": "dav_ext_methods"}, {"tag_name": "param", "text": "", "types": ["Hash[String,String]"], "name": "dav_access"}]}, "defaults": {"location": "$name", "passwd_file": "\"${file_path}/.htpasswd\"", "owner": "'http'", "group": "'share'", "users": "[]", "dav_methods": "['PUT', 'DELETE', 'MKCOL', 'COPY', 'MOVE']", "dav_ext_methods": "['PROPFIND', 'OPTIONS']", "dav_access": "{\n 'user' => 'rw',\n 'group' => 'rw',\n }"}, "source": "define webdav_server (\n String $nginx_server,\n String $file_path,\n String $location = $name,\n String $passwd_file = \"${file_path}/.htpasswd\",\n String $owner = 'http',\n String $group = 'share',\n Array[Array[String,2,2]] $users = [],\n Array[String] $dav_methods = ['PUT', 'DELETE', 'MKCOL', 'COPY', 'MOVE'],\n Array[String] $dav_ext_methods = ['PROPFIND', 'OPTIONS'],\n Hash[String,String] $dav_access = {\n 'user' => 'rw',\n 'group' => 'rw',\n }\n) {\n\n # ensure_packages(['nginx-mainline-mod-dav-ext'])\n\n require ::nginx\n\n $modname = 'ngx_http_dav_ext_module'\n # This assumes that the directory exists, and that\n # nginx::include_modules_enabled => true\n file { \"/etc/nginx/modules-enabled/${modname}.conf\":\n ensure => file,\n content => @(\"EOF\")\n load_module /usr/lib/nginx/modules/${modname}.so;\n | EOF\n }\n\n $lines = $users.map |$pair| { $pair.join(':') }.join(\"\\n\")\n\n file {\n default:\n owner => $owner,\n group => $group,\n ;\n $file_path:\n ensure => 'directory',\n mode => '0770',\n recurse => 'false',\n ;\n $passwd_file:\n ensure => 'file',\n mode => '0660',\n content => @(\"EOF\")\n # File managed by puppet\n ${lines}\n | EOF\n ;\n }\n\n nginx::resource::location { $location:\n server => $nginx_server,\n location_alias => $file_path,\n ssl => true,\n ssl_only => true,\n\n auth_basic => 'Enter password for dav access',\n auth_basic_user_file => $passwd_file,\n\n location_cfg_append => {\n 'dav_methods' => $dav_methods.join(' '),\n 'dav_ext_methods' => $dav_ext_methods.join(' '),\n 'dav_access' => $dav_access.map |$k, $v| { \"${k}:${v}\" }.join(' '),\n 'client_body_temp_path' => \"${file_path}/tmp\",\n 'create_full_put_path' => 'on',\n 'autoindex' => 'on',\n 'allow' => 'all',\n }\n }\n}"}, {"name": "wpa_supplicant::interface", "file": "manifests/interface.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "interface"}, {"tag_name": "param", "text": "", "types": ["String[2,2]"], "name": "country"}, {"tag_name": "param", "text": "", "types": ["Array[String]"], "name": "networks"}]}, "defaults": {"interface": "$name", "country": "'US'", "networks": "[]"}, "source": "define wpa_supplicant::interface (\n String $interface = $name,\n String[2,2] $country = 'US',\n Array[String] $networks = [],\n) {\n service { \"wpa_supplicant@${interface}.service\":\n ensure => running,\n enable => true,\n }\n\n $conf_file = \"/etc/wpa_supplicant/wpa_supplicant-${interface}.conf\"\n\n\n $network_items = $networks.map |$name| {\n { 'ssid' => \"\\\"${name}\\\"\" } + $wpa_supplicant::networks[$name]\n }\n\n\n file { $conf_file:\n ensure => file,\n content => epp('wpa_supplicant/wpa_supplicant.conf.epp', {\n country => $country,\n networks => $network_items,\n }),\n } ~> exec { \"Reload wpa_supplicant for ${interface}\":\n command => [ 'wpa_cli', 'reconfigure', '-i', $interface, ],\n path => [ '/bin', '/usr/bin', ],\n refreshonly => true,\n }\n}"}, {"name": "envvar", "file": "manifests/init.pp", "line": 2, "docstring": {"text": "Manage a single global environment variables.", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "value"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "key"}]}, "defaults": {"key": "$name"}, "source": "define envvar (\n $value,\n String $key = $name,\n) {\n include ::envvar::setup\n\n concat::fragment { \"User environment ${name}\":\n target => '/etc/environment',\n content => \"${key}=${value}\\n\",\n }\n}"}, {"name": "lightdm::seat", "file": "manifests/seat.pp", "line": 90, "docstring": {"text": "--------------------------------------------------", "tags": [{"tag_name": "param", "text": "Seat configuration is matched against the seat name glob in the\nsection, for example:\n- `[Seat:*]` matches all seats and is applied first.\n- `[Seat:seat0]` matches the seat named \"seat0\".\n- `[Seat:seat-thin-client*]` matches all seats that have names\n that start with \"seat-thin-client\".", "types": ["String"], "name": "seat_name"}, {"tag_name": "param", "text": "Order in resulting configuration file this should appear.\nProbably doesn't matter.", "types": ["Integer[0]"], "name": "order"}, {"tag_name": "param", "text": "Seat type (local, xremote)", "types": ["Enum['local', 'xremote']"], "name": "type"}, {"tag_name": "param", "text": "PAM service to use for login", "types": ["Optional[String]"], "name": "pam_service"}, {"tag_name": "param", "text": "PAM service to use for autologin", "types": ["Optional[String]"], "name": "pam_autologin_service"}, {"tag_name": "param", "text": "PAM service to use for greeters", "types": ["Optional[String]"], "name": "pam_greeter_service"}, {"tag_name": "param", "text": "X server command to run (can also contain arguments e.g. X -special-option)", "types": ["Optional[String]"], "name": "xserver_command"}, {"tag_name": "param", "text": "Xmir server command to run (can also contain arguments e.g. Xmir -special-option)", "types": ["Optional[String]"], "name": "xmir_command"}, {"tag_name": "param", "text": "Config file to pass to X server", "types": ["Optional[String]"], "name": "xserver_config"}, {"tag_name": "param", "text": "Layout to pass to X server", "types": ["Optional[String]"], "name": "xserver_layout"}, {"tag_name": "param", "text": "True if TCP/IP connections are allowed to this X server", "types": ["Optional[Boolean]"], "name": "xserver_allow_tcp"}, {"tag_name": "param", "text": "True if the X server is shared for both greeter and session", "types": ["Optional[Boolean]"], "name": "xserver_share"}, {"tag_name": "param", "text": "Hostname of X server (only for type=xremote)", "types": ["Optional[String]"], "name": "xserver_hostname"}, {"tag_name": "param", "text": "Display number of X server (only for type=xremote)", "types": ["Optional[Integer]"], "name": "xserver_display_number"}, {"tag_name": "param", "text": "XDMCP manager to connect to (implies xserver_allow_tcp=true)", "types": ["Optional[String]"], "name": "xdmcp_manager"}, {"tag_name": "param", "text": "XDMCP UDP/IP port to communicate on", "types": ["Optional[Stdlib::Port]"], "name": "xdmcp_port"}, {"tag_name": "param", "text": "Authentication key to use for XDM-AUTHENTICATION-1 (stored in keys.conf)", "types": ["Optional[String]"], "name": "xdmcp_key"}, {"tag_name": "param", "text": "Session to load for greeter", "types": ["Optional[String]"], "name": "greeter_session"}, {"tag_name": "param", "text": "True to hide the user list", "types": ["Optional[Boolean]"], "name": "greeter_hide_users"}, {"tag_name": "param", "text": "True if the greeter should show a guest login option", "types": ["Optional[Boolean]"], "name": "greeter_allow_guest"}, {"tag_name": "param", "text": "True if the greeter should offer a manual login option", "types": ["Optional[Boolean]"], "name": "greeter_show_manual_login"}, {"tag_name": "param", "text": "True if the greeter should offer a remote login option", "types": ["Optional[Boolean]"], "name": "greeter_show_remote_login"}, {"tag_name": "param", "text": "Session to load for users", "types": ["Optional[String]"], "name": "user_session"}, {"tag_name": "param", "text": "True if allowed to switch users", "types": ["Optional[Boolean]"], "name": "allow_user_switching"}, {"tag_name": "param", "text": "True if guest login is allowed", "types": ["Optional[Boolean]"], "name": "allow_guest"}, {"tag_name": "param", "text": "Session to load for guests (overrides user_session)", "types": ["Optional[String]"], "name": "guest_session"}, {"tag_name": "param", "text": "Wrapper script to run session with", "types": ["String"], "name": "session_wrapper"}, {"tag_name": "param", "text": "Wrapper script to run greeter with", "types": ["Optional[String]"], "name": "greeter_wrapper"}, {"tag_name": "param", "text": "Wrapper script to run guest sessions with", "types": ["Optional[String]"], "name": "guest_wrapper"}, {"tag_name": "param", "text": "Script to run when starting a greeter session (runs as root)", "types": ["Optional[String]"], "name": "display_setup_script"}, {"tag_name": "param", "text": "Script to run after stopping the display server (runs as root)", "types": ["Optional[String]"], "name": "display_stopped_script"}, {"tag_name": "param", "text": "Script to run when starting a greeter (runs as root)", "types": ["Optional[String]"], "name": "greeter_setup_script"}, {"tag_name": "param", "text": "Script to run when starting a user session (runs as root)", "types": ["Optional[String]"], "name": "session_setup_script"}, {"tag_name": "param", "text": "Script to run when quitting a user session (runs as root)", "types": ["Optional[String]"], "name": "session_cleanup_script"}, {"tag_name": "param", "text": "True to log in as guest by default", "types": ["Optional[Boolean]"], "name": "autologin_guest"}, {"tag_name": "param", "text": "User to log in with by default (overrides autologin_guest)", "types": ["Optional[String]"], "name": "autologin_user"}, {"tag_name": "param", "text": "Number of seconds to wait before loading default user", "types": ["Optional[Integer]"], "name": "autologin_user_timeout"}, {"tag_name": "param", "text": "Session to load for automatic login (overrides user_session)", "types": ["Optional[String]"], "name": "autologin_session"}, {"tag_name": "param", "text": "True if autologin session should not be immediately activated", "types": ["Optional[Boolean]"], "name": "autologin_in_background"}, {"tag_name": "param", "text": "True if the daemon should exit if this seat fails", "types": ["Optional[Boolean]"], "name": "exit_on_failure"}, {"tag_name": "summary", "text": "Seat configuration"}]}, "defaults": {"type": "'local'", "pam_service": "undef", "pam_autologin_service": "undef", "pam_greeter_service": "undef", "xserver_command": "undef", "xmir_command": "undef", "xserver_config": "undef", "xserver_layout": "undef", "xserver_allow_tcp": "undef", "xserver_share": "undef", "xserver_hostname": "undef", "xserver_display_number": "undef", "xdmcp_manager": "undef", "xdmcp_port": "undef", "xdmcp_key": "undef", "greeter_session": "undef", "greeter_hide_users": "undef", "greeter_allow_guest": "undef", "greeter_show_manual_login": "undef", "greeter_show_remote_login": "undef", "user_session": "undef", "allow_user_switching": "undef", "allow_guest": "undef", "guest_session": "undef", "session_wrapper": "'/etc/lightdm/Xsession'", "greeter_wrapper": "undef", "guest_wrapper": "undef", "display_setup_script": "undef", "display_stopped_script": "undef", "greeter_setup_script": "undef", "session_setup_script": "undef", "session_cleanup_script": "undef", "autologin_guest": "undef", "autologin_user": "undef", "autologin_user_timeout": "undef", "autologin_session": "undef", "autologin_in_background": "undef", "exit_on_failure": "undef", "seat_name": "$name", "order": "0"}, "source": "define lightdm::seat (\n Enum['local', 'xremote'] $type = 'local',\n Optional[String] $pam_service = undef,\n Optional[String] $pam_autologin_service = undef,\n Optional[String] $pam_greeter_service = undef,\n Optional[String] $xserver_command = undef,\n Optional[String] $xmir_command = undef,\n Optional[String] $xserver_config = undef,\n Optional[String] $xserver_layout = undef,\n Optional[Boolean] $xserver_allow_tcp = undef,\n Optional[Boolean] $xserver_share = undef,\n Optional[String] $xserver_hostname = undef,\n Optional[Integer] $xserver_display_number = undef,\n Optional[String] $xdmcp_manager = undef,\n Optional[Stdlib::Port] $xdmcp_port = undef,\n # TODO sensitive on this?\n Optional[String] $xdmcp_key = undef,\n Optional[String] $greeter_session = undef,\n Optional[Boolean] $greeter_hide_users = undef,\n Optional[Boolean] $greeter_allow_guest = undef,\n Optional[Boolean] $greeter_show_manual_login = undef,\n Optional[Boolean] $greeter_show_remote_login = undef,\n Optional[String] $user_session = undef,\n Optional[Boolean] $allow_user_switching = undef,\n Optional[Boolean] $allow_guest = undef,\n Optional[String] $guest_session = undef,\n String $session_wrapper = '/etc/lightdm/Xsession',\n Optional[String] $greeter_wrapper = undef,\n Optional[String] $guest_wrapper = undef,\n Optional[String] $display_setup_script = undef,\n Optional[String] $display_stopped_script = undef,\n Optional[String] $greeter_setup_script = undef,\n Optional[String] $session_setup_script = undef,\n Optional[String] $session_cleanup_script = undef,\n Optional[Boolean] $autologin_guest = undef,\n Optional[String] $autologin_user = undef,\n Optional[Integer] $autologin_user_timeout = undef,\n Optional[String] $autologin_session = undef,\n Optional[Boolean] $autologin_in_background = undef,\n Optional[Boolean] $exit_on_failure = undef,\n\n String $seat_name = $name,\n Integer[0] $order = 0,\n) {\n if $order > $lightdm::conf::seat_fragment_max - $lightdm::conf::seat_fragment_min {\n fail(\"order (${order}) outside allowed range\")\n }\n\n $conf = {\n 'type' => $type,\n 'pam-service' => $pam_service,\n 'pam-autologin-service' => $pam_autologin_service,\n 'pam-greeter-service' => $pam_greeter_service,\n 'xserver-command' => $xserver_command,\n 'xmir-command' => $xmir_command,\n 'xserver-config' => $xserver_config,\n 'xserver-layout' => $xserver_layout,\n 'xserver-allow-tcp' => $xserver_allow_tcp,\n 'xserver-share' => $xserver_share,\n 'xserver-hostname' => $xserver_hostname,\n 'xserver-display-number' => $xserver_display_number,\n 'xdmcp-manager' => $xdmcp_manager,\n 'xdmcp-port' => $xdmcp_port,\n 'xdmcp-key' => $xdmcp_key,\n 'greeter-session' => $greeter_session,\n 'greeter-hide-users' => $greeter_hide_users,\n 'greeter-allow-guest' => $greeter_allow_guest,\n 'greeter-show-manual-login' => $greeter_show_manual_login,\n 'greeter-show-remote-login' => $greeter_show_remote_login,\n 'user-session' => $user_session,\n 'allow-user-switching' => $allow_user_switching,\n 'allow-guest' => $allow_guest,\n 'guest-session' => $guest_session,\n 'session-wrapper' => $session_wrapper,\n 'greeter-wrapper' => $greeter_wrapper,\n 'guest-wrapper' => $guest_wrapper,\n 'display-setup-script' => $display_setup_script,\n 'display-stopped-script' => $display_stopped_script,\n 'greeter-setup-script' => $greeter_setup_script,\n 'session-setup-script' => $session_setup_script,\n 'session-cleanup-script' => $session_cleanup_script,\n 'autologin-guest' => $autologin_guest,\n 'autologin-user' => $autologin_user,\n 'autologin-user-timeout' => $autologin_user_timeout,\n 'autologin-session' => $autologin_session,\n 'autologin-in-background' => $autologin_in_background,\n 'exit-on-failure' => $exit_on_failure,\n }\n\n concat::fragment { \"lightdm - config - seat - ${seat_name}\":\n target => $lightdm::config::filename,\n order => 20 + $order,\n content => {\n sections => { \"Seat:${seat_name}\" => $conf },\n },\n }\n}"}, {"name": "xorg::config", "file": "manifests/config.pp", "line": 21, "docstring": {"text": "https://www.x.org/releases/current/doc/man/man5/xorg.conf.5.xhtml", "tags": [{"tag_name": "param", "text": "Which section, such as Montior, ...", "types": ["String"], "name": "section"}, {"tag_name": "param", "text": "Item used for the Identifier key in the section bolck", "types": ["String"], "name": "identifier"}, {"tag_name": "param", "text": "Set to true if the output shouldn't contain an identifier entry.", "types": ["Boolean"], "name": "no_identifier"}, {"tag_name": "param", "text": "What the output file should be called.\nTODO validate that this is a local part of a filename. Mostly that\n/ is forbidden.", "types": ["String"], "name": "filename"}, {"tag_name": "param", "text": "Option directives to xorg. A list of tuples instead of a hash\nuntil I figure out if the same option can be given multiple times.", "types": ["Array[Tuple[String, Xorg::Value]]"], "name": "options"}, {"tag_name": "param", "text": "Xorg entries.", "types": ["Hash[String, Xorg::Value]"], "name": "entries"}, {"tag_name": "param", "text": "Priority of this file compared to all other configuration files.", "types": ["Variant[String[2, 2], Integer[0, 99]]"], "name": "priority"}, {"tag_name": "summary", "text": "Configures specific Xorg section"}]}, "defaults": {"identifier": "$name", "no_identifier": "false", "filename": "xorg::normalize_filename($name)", "options": "[]", "entries": "{}", "priority": "'20'"}, "source": "define xorg::config (\n String $section,\n String $identifier = $name,\n Boolean $no_identifier = false,\n String $filename = xorg::normalize_filename($name),\n Array[Tuple[String, Xorg::Value]] $options = [],\n Hash[String, Xorg::Value] $entries = {},\n Variant[String[2, 2], Integer[0, 99]] $priority = '20',\n) {\n include xorg\n\n # Convert priority to 0-padded string of length 2\n $priority_ = $priority ? {\n String => $priority,\n Integer => if $priority < 10 {\n \"0${priority}\"\n } else {\n $priority\n }\n }\n\n # TODO possibly allow multiple entries to share files.\n # For example, all monitor settings could go in a single file\n file { \"${xorg::conf_dir}/${priority_}-${filename}.conf\":\n ensure => file,\n content => epp(\"${module_name}/xorg.conf.epp\", {\n 'identifier' => if $no_identifier { undef } else { $identifier },\n 'options' => $options,\n 'entries' => $entries,\n }),\n }\n}"}, {"name": "gunicorn::instance", "file": "manifests/instance.pp", "line": 16, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Name of the app, probably something like \"wsgi_module:app\"", "types": ["String"], "name": "app"}, {"tag_name": "param", "text": "Address to bind Gunicorn to", "types": ["String"], "name": "address"}, {"tag_name": "param", "text": "Name for this instance", "types": ["String"], "name": "instance_name"}, {"tag_name": "param", "text": "Workers used by this gunicorn instance. `$cpu_count * 2 + 1` is\ncopied from the Gunicorn manual.", "types": ["Integer"], "name": "workers"}, {"tag_name": "param", "text": "User to run this instance as.", "types": ["Variant[String, Integer]"], "name": "user"}, {"tag_name": "param", "text": "Group to run this instance as.", "types": ["Variant[String, Integer]"], "name": "group"}, {"tag_name": "summary", "text": "Sets up a single gunicorn instance"}]}, "defaults": {"instance_name": "$name", "workers": "$facts['processors']['count'] * 2 + 1", "user": "$gunicorn::setup::user", "group": "$gunicorn::setup::group"}, "source": "define gunicorn::instance (\n String $app,\n String $address,\n String $instance_name = $name,\n Integer $workers = $facts['processors']['count'] * 2 + 1,\n Variant[String, Integer] $user = $gunicorn::setup::user,\n Variant[String, Integer] $group = $gunicorn::setup::group,\n) {\n require gunicorn::setup\n $options = {\n 'address' => $address,\n 'proc_name' => $instance_name,\n 'workers' => $workers,\n 'wsgi_app' => $app,\n 'user' => $user,\n 'group' => $group,\n }\n\n file { \"${gunicorn::setup::instance_dir}/${instance_name}.conf.py\":\n content => epp(\"${module_name}/gunicorn.conf.py.epp\", $options),\n notify => Service[\"gunicorn@${instance_name}\"],\n }\n\n service { \"gunicorn@${instance_name}\":\n ensure => running,\n enable => true,\n }\n}"}, {"name": "concat", "file": "manifests/init.pp", "line": 85, "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "concat { '/tmp/concat':\n ensure => present,\n owner => 'root',\n group => 'root',\n mode => '0644',\n}", "name": ""}, {"tag_name": "param", "text": "Specifies whether (and how) to back up the destination file before overwriting it. Your value gets passed on to Puppet's native file\nresource for execution. Valid options: true, false, or a string representing either a target filebucket or a filename extension\nbeginning with \".\".", "types": ["Variant[Boolean, String]"], "name": "backup"}, {"tag_name": "param", "text": "Specifies whether the destination file should exist. Setting to 'absent' tells Puppet to delete the destination file if it exists, and\nnegates the effect of any other parameters.", "types": ["Enum['present', 'absent']"], "name": "ensure"}, {"tag_name": "param", "text": "Specifies whether to add a line break at the end of each fragment that doesn't already end in one.", "types": ["Boolean"], "name": "ensure_newline"}, {"tag_name": "param", "text": "Specify what data type to merge the fragments as. Valid options: 'plain', 'yaml', 'json', 'json-array', 'json-pretty',\n'json-array-pretty'.", "types": ["Enum['plain', 'yaml', 'json', 'json-array', 'json-pretty', 'json-array-pretty']"], "name": "format"}, {"tag_name": "param", "text": "Specifies whether to merge data structures, keeping the values with higher order. Used when format is specified as a value other than\n'plain'.", "types": ["Boolean"], "name": "force"}, {"tag_name": "param", "text": "Specifies a permissions group for the destination file. Valid options: a string containing a group name or integer containing a gid.", "types": ["Optional[Variant[String, Integer]]"], "name": "group"}, {"tag_name": "param", "text": "Specifies the permissions mode of the destination file. Valid options: a string containing a permission mode value in octal notation.", "types": ["String"], "name": "mode"}, {"tag_name": "param", "text": "Specifies a method for sorting your fragments by name within the destination file. You can override this setting for individual\nfragments by adjusting the order parameter in their concat::fragment declarations.", "types": ["Enum['alpha','numeric']"], "name": "order"}, {"tag_name": "param", "text": "Specifies the owner of the destination file. Valid options: a string containing a username or integer containing a uid.", "types": ["Optional[Variant[String, Integer]]"], "name": "owner"}, {"tag_name": "param", "text": "Specifies a destination file for the combined fragments.", "types": ["Stdlib::Absolutepath"], "name": "path"}, {"tag_name": "param", "text": "Specifies whether to overwrite the destination file if it already exists.", "types": ["Boolean"], "name": "replace"}, {"tag_name": "param", "text": "See the file type's selinux_ignore_defaults documentention:\nhttps://docs.puppetlabs.com/references/latest/type.html#file-attribute-selinux_ignore_defaults", "types": ["Optional[Boolean]"], "name": "selinux_ignore_defaults"}, {"tag_name": "param", "text": "See the file type's selrange documentention: https://docs.puppetlabs.com/references/latest/type.html#file-attribute-selrange", "types": ["Optional[String]"], "name": "selrange"}, {"tag_name": "param", "text": "See the file type's selrole documentention: https://docs.puppetlabs.com/references/latest/type.html#file-attribute-selrole", "types": ["Optional[String]"], "name": "selrole"}, {"tag_name": "param", "text": "See the file type's seltype documentention: https://docs.puppetlabs.com/references/latest/type.html#file-attribute-seltype", "types": ["Optional[String]"], "name": "seltype"}, {"tag_name": "param", "text": "See the file type's seluser documentention: https://docs.puppetlabs.com/references/latest/type.html#file-attribute-seluser", "types": ["Optional[String]"], "name": "seluser"}, {"tag_name": "param", "text": "Specifies whether to set the show_diff parameter for the file resource. Useful for hiding secrets stored in hiera from insecure\nreporting methods.", "types": ["Boolean"], "name": "show_diff"}, {"tag_name": "param", "text": "Specifies a validation command to apply to the destination file.", "types": ["Optional[String]"], "name": "validate_cmd"}, {"tag_name": "param", "text": "Specifies whether to add a header message at the top of the destination file. Valid options: the booleans true and false, or a string\nto serve as the header.\nIf you set 'warn' to true, concat adds the following line with an order of 0:\n`# This file is managed by Puppet. DO NOT EDIT.`\nBefore 2.0.0, this parameter would add a newline at the end of the warn message. To improve flexibilty, this was removed. Please add\nit explicitly if you need it.", "types": ["Variant[Boolean, String]"], "name": "warn"}, {"tag_name": "param", "text": "Specifies whether to create an empty file if no fragments are defined. Defaults to true.", "types": ["Boolean"], "name": "create_empty_file"}, {"tag_name": "summary", "text": "Manages a file, compiled from one or more text fragments."}]}, "defaults": {"ensure": "'present'", "path": "$name", "owner": "undef", "group": "undef", "mode": "'0644'", "warn": "false", "show_diff": "true", "backup": "'puppet'", "replace": "true", "order": "'alpha'", "ensure_newline": "false", "validate_cmd": "undef", "selinux_ignore_defaults": "undef", "selrange": "undef", "selrole": "undef", "seltype": "undef", "seluser": "undef", "force": "false", "create_empty_file": "true", "format": "'plain'"}, "source": "define concat (\n Enum['present', 'absent'] $ensure = 'present',\n Stdlib::Absolutepath $path = $name,\n Optional[Variant[String, Integer]] $owner = undef,\n Optional[Variant[String, Integer]] $group = undef,\n String $mode = '0644',\n Variant[Boolean, String] $warn = false,\n Boolean $show_diff = true,\n Variant[Boolean, String] $backup = 'puppet',\n Boolean $replace = true,\n Enum['alpha','numeric'] $order = 'alpha',\n Boolean $ensure_newline = false,\n Optional[String] $validate_cmd = undef,\n Optional[Boolean] $selinux_ignore_defaults = undef,\n Optional[String] $selrange = undef,\n Optional[String] $selrole = undef,\n Optional[String] $seltype = undef,\n Optional[String] $seluser = undef,\n Boolean $force = false,\n Boolean $create_empty_file = true,\n Enum['plain', 'yaml', 'json', 'json-array', 'json-pretty', 'json-array-pretty'] $format = 'plain',\n) {\n $safe_name = regsubst($name, '[\\\\\\\\/:~\\n\\s\\+\\*\\(\\)@]', '_', 'G')\n $default_warn_message = \"# This file is managed by Puppet. DO NOT EDIT.\\n\"\n\n case $warn {\n true: {\n $warn_message = $default_warn_message\n $_append_header = true\n }\n false: {\n $warn_message = ''\n $_append_header = false\n }\n default: {\n $warn_message = $warn\n $_append_header = true\n }\n }\n\n if $ensure == 'present' {\n concat_file { $name:\n tag => $safe_name,\n path => $path,\n owner => $owner,\n group => $group,\n mode => $mode,\n selinux_ignore_defaults => $selinux_ignore_defaults,\n selrange => $selrange,\n selrole => $selrole,\n seltype => $seltype,\n seluser => $seluser,\n replace => $replace,\n backup => $backup,\n show_diff => $show_diff,\n order => $order,\n ensure_newline => $ensure_newline,\n validate_cmd => $validate_cmd,\n format => $format,\n force => $force,\n create_empty_file => $create_empty_file,\n }\n\n if $_append_header {\n concat_fragment { \"${name}_header\":\n target => $name,\n tag => $safe_name,\n content => $warn_message,\n order => '0',\n }\n }\n } else {\n concat_file { $name:\n ensure => $ensure,\n tag => $safe_name,\n path => $path,\n backup => $backup,\n }\n }\n}"}, {"name": "concat::fragment", "file": "manifests/fragment.pp", "line": 19, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Supplies the content of the fragment. Note: You must supply either a content parameter or a source parameter.\nAllows a String or a Deferred function which returns a String.", "types": ["Optional[Variant[Sensitive[String], String, Deferred]]"], "name": "content"}, {"tag_name": "param", "text": "Reorders your fragments within the destination file. Fragments that share the same order number are ordered by name. The string\noption is recommended.", "types": ["Variant[String, Integer]"], "name": "order"}, {"tag_name": "param", "text": "Specifies a file to read into the content of the fragment. Note: You must supply either a content parameter or a source parameter.\nValid options: a string or an array, containing one or more Puppet URLs.", "types": ["Optional[Variant[String, Array]]"], "name": "source"}, {"tag_name": "param", "text": "Specifies the destination file of the fragment. Valid options: a string containing the path or title of the parent concat resource.", "types": ["String"], "name": "target"}, {"tag_name": "summary", "text": "Manages a fragment of text to be compiled into a file."}]}, "defaults": {"content": "undef", "source": "undef", "order": "'10'"}, "source": "define concat::fragment (\n String $target,\n Optional[Variant[Sensitive[String], String, Deferred]] $content = undef,\n Optional[Variant[String, Array]] $source = undef,\n Variant[String, Integer] $order = '10',\n) {\n $resource = 'Concat::Fragment'\n\n if ($order =~ String and $order =~ /[:\\n\\/]/) {\n fail(\"${resource}['${title}']: 'order' cannot contain '/', ':', or '\\\\n'.\")\n }\n\n if ! ($content or $source) {\n crit('No content, source or symlink specified')\n } elsif ($content and $source) {\n fail(\"${resource}['${title}']: Can't use 'source' and 'content' at the same time.\")\n }\n\n $safe_target_name = regsubst($target, '[\\\\\\\\/:~\\n\\s\\+\\*\\(\\)@]', '_', 'GM')\n\n concat_fragment { $name:\n target => $target,\n tag => $safe_target_name,\n order => $order,\n content => $content,\n source => $source,\n }\n}"}, {"name": "apt::conf", "file": "manifests/conf.pp", "line": 16, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Required unless `ensure` is set to 'absent'. Directly supplies content for the configuration file.", "types": ["Optional[String]"], "name": "content"}, {"tag_name": "param", "text": "Specifies whether the configuration file should exist. Valid options: 'present' and 'absent'.", "types": ["Enum['present', 'absent']"], "name": "ensure"}, {"tag_name": "param", "text": "Determines the order in which Apt processes the configuration file. Files with lower priority numbers are loaded first.\nValid options: a string containing an integer or an integer.", "types": ["Variant[String, Integer]"], "name": "priority"}, {"tag_name": "param", "text": "Specifies whether to trigger an `apt-get update` run.", "types": ["Optional[Boolean]"], "name": "notify_update"}, {"tag_name": "summary", "text": "Specifies a custom Apt configuration file."}]}, "defaults": {"content": "undef", "ensure": "present", "priority": "50", "notify_update": "undef"}, "source": "define apt::conf (\n Optional[String] $content = undef,\n Enum['present', 'absent'] $ensure = present,\n Variant[String, Integer] $priority = 50,\n Optional[Boolean] $notify_update = undef,\n) {\n\n unless $ensure == 'absent' {\n unless $content {\n fail(translate('Need to pass in content parameter'))\n }\n }\n\n $confheadertmp = epp('apt/_conf_header.epp')\n apt::setting { \"conf-${name}\":\n ensure => $ensure,\n priority => $priority,\n content => \"${confheadertmp}${content}\",\n notify_update => $notify_update,\n }\n}"}, {"name": "apt::key", "file": "manifests/key.pp", "line": 35, "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "apt::key { 'puppetlabs':\n id => '6F6B15509CF8E59E6E469F327F438280EF8D349F',\n server => 'hkps.pool.sks-keyservers.net',\n options => 'http-proxy=\"http://proxyuser:proxypass@example.org:3128\"',\n}", "name": "Declare Apt key for apt.puppetlabs.com source"}, {"tag_name": "note", "text": "The apt::key defined type makes use of the apt_key type, but includes extra functionality to help prevent duplicate keys."}, {"tag_name": "param", "text": "Specifies a GPG key to authenticate Apt package signatures. Valid options: a string containing a key ID (8 or 16 hexadecimal\ncharacters, optionally prefixed with \"0x\") or a full key fingerprint (40 hexadecimal characters).", "types": ["Pattern[/\\A(0x)?[0-9a-fA-F]{8}\\Z/, /\\A(0x)?[0-9a-fA-F]{16}\\Z/, /\\A(0x)?[0-9a-fA-F]{40}\\Z/]"], "name": "id"}, {"tag_name": "param", "text": "Specifies whether the key should exist. Valid options: 'present', 'absent' or 'refreshed'. Using 'refreshed' will make keys auto\nupdate when they have expired (assuming a new key exists on the key server).", "types": ["Enum['present', 'absent', 'refreshed']"], "name": "ensure"}, {"tag_name": "param", "text": "Supplies the entire GPG key. Useful in case the key can't be fetched from a remote location and using a file resource is inconvenient.", "types": ["Optional[String]"], "name": "content"}, {"tag_name": "param", "text": "Specifies the location of an existing GPG key file to copy. Valid options: a string containing a URL (ftp://, http://, or https://) or\nan absolute path.", "types": ["Optional[Pattern[/\\Ahttps?:\\/\\//, /\\Aftp:\\/\\//, /\\A\\/\\w+/]]"], "name": "source"}, {"tag_name": "param", "text": "Specifies a keyserver to provide the GPG key. Valid options: a string containing a domain name or a full URL (http://, https://,\nhkp:// or hkps://). The hkps:// protocol is currently only supported on Ubuntu 18.04.", "types": ["Pattern[/\\A((hkp|hkps|http|https):\\/\\/)?([a-z\\d])([a-z\\d-]{0,61}\\.)+[a-z\\d]+(:\\d{2,5})?$/]"], "name": "server"}, {"tag_name": "param", "text": "Passes additional options to `apt-key adv --keyserver-options`.", "types": ["Optional[String]"], "name": "options"}, {"tag_name": "summary", "text": "Manages the GPG keys that Apt uses to authenticate packages."}]}, "defaults": {"id": "$title", "ensure": "present", "content": "undef", "source": "undef", "server": "$::apt::keyserver", "options": "undef"}, "source": "define apt::key (\n Pattern[/\\A(0x)?[0-9a-fA-F]{8}\\Z/, /\\A(0x)?[0-9a-fA-F]{16}\\Z/, /\\A(0x)?[0-9a-fA-F]{40}\\Z/] $id = $title,\n Enum['present', 'absent', 'refreshed'] $ensure = present,\n Optional[String] $content = undef,\n Optional[Pattern[/\\Ahttps?:\\/\\//, /\\Aftp:\\/\\//, /\\A\\/\\w+/]] $source = undef,\n Pattern[/\\A((hkp|hkps|http|https):\\/\\/)?([a-z\\d])([a-z\\d-]{0,61}\\.)+[a-z\\d]+(:\\d{2,5})?$/] $server = $::apt::keyserver,\n Optional[String] $options = undef,\n ) {\n\n case $ensure {\n /^(refreshed|present)$/: {\n if defined(Anchor[\"apt_key ${id} absent\"]){\n fail(translate('key with id %{_id} already ensured as absent'), {'_id' => id})\n }\n\n if !defined(Anchor[\"apt_key ${id} present\"]) {\n apt_key { $title:\n ensure => present,\n refresh => $ensure == 'refreshed',\n id => $id,\n source => $source,\n content => $content,\n server => $server,\n options => $options,\n } -> anchor { \"apt_key ${id} present\": }\n\n case $facts['os']['name'] {\n 'Debian': {\n if versioncmp($facts['os']['release']['major'], '9') >= 0 {\n ensure_packages(['dirmngr'])\n Apt::Key<| title == $title |>\n }\n }\n 'Ubuntu': {\n if versioncmp($facts['os']['release']['full'], '17.04') >= 0 {\n ensure_packages(['dirmngr'])\n Apt::Key<| title == $title |>\n }\n }\n default: { }\n }\n }\n }\n\n absent: {\n if defined(Anchor[\"apt_key ${id} present\"]){\n fail(translate('key with id %{_id} already ensured as present', {'_id' => id}))\n }\n\n if !defined(Anchor[\"apt_key ${id} absent\"]){\n apt_key { $title:\n ensure => $ensure,\n id => $id,\n source => $source,\n content => $content,\n server => $server,\n options => $options,\n } -> anchor { \"apt_key ${id} absent\": }\n }\n }\n\n default: {\n fail translate('Invalid \\'ensure\\' value \\'%{_ensure}\\' for apt::key', {'_ensure' => ensure})\n }\n }\n}"}, {"name": "apt::pin", "file": "manifests/pin.pp", "line": 36, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Specifies whether the pin should exist. Valid options: 'file', 'present', and 'absent'.", "types": ["Optional[Enum['file', 'present', 'absent']]"], "name": "ensure"}, {"tag_name": "param", "text": "Supplies a comment to explain the pin. Default: \"${caller_module_name}: ${name}\".", "types": ["Optional[String]"], "name": "explanation"}, {"tag_name": "param", "text": "Determines the order in which Apt processes the pin file. Files with lower order numbers are loaded first.", "types": ["Variant[Integer]"], "name": "order"}, {"tag_name": "param", "text": "Specifies which package(s) to pin.", "types": ["Variant[String, Array]"], "name": "packages"}, {"tag_name": "param", "text": "Sets the priority of the package. If multiple versions of a given package are available, `apt-get` installs the one with the highest\npriority number (subject to dependency constraints). Valid options: an integer.", "types": ["Variant[Numeric, String]"], "name": "priority"}, {"tag_name": "param", "text": "Tells APT to prefer packages that support the specified release. Typical values include 'stable', 'testing', and 'unstable'.", "types": ["Optional[String]"], "name": "release"}, {"tag_name": "param", "text": "Tells APT to prefer packages that support the specified operating system release version (such as Debian release version 7).", "types": ["Optional[String]"], "name": "release_version"}, {"tag_name": "param", "text": "Names the licensing component associated with the packages in the directory tree of the Release file.", "types": ["Optional[String]"], "name": "component"}, {"tag_name": "param", "text": "Names the originator of the packages in the directory tree of the Release file.", "types": ["Optional[String]"], "name": "originator"}, {"tag_name": "param", "text": "Names the label of the packages in the directory tree of the Release file.", "types": ["Optional[String]"], "name": "label"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "origin"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "version"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "codename"}, {"tag_name": "see", "text": "for context on these parameters", "name": "http://linux.die.net/man/5/apt_preferences"}, {"tag_name": "summary", "text": "Manages Apt pins. Does not trigger an apt-get update run."}]}, "defaults": {"ensure": "present", "explanation": "undef", "order": "50", "packages": "'*'", "priority": "0", "release": "''", "origin": "''", "version": "''", "codename": "''", "release_version": "''", "component": "''", "originator": "''", "label": "''"}, "source": "define apt::pin(\n Optional[Enum['file', 'present', 'absent']] $ensure = present,\n Optional[String] $explanation = undef,\n Variant[Integer] $order = 50,\n Variant[String, Array] $packages = '*',\n Variant[Numeric, String] $priority = 0,\n Optional[String] $release = '', # a=\n Optional[String] $origin = '',\n Optional[String] $version = '',\n Optional[String] $codename = '', # n=\n Optional[String] $release_version = '', # v=\n Optional[String] $component = '', # c=\n Optional[String] $originator = '', # o=\n Optional[String] $label = '', # l=\n) {\n\n if $explanation {\n $_explanation = $explanation\n } else {\n if defined('$caller_module_name') { # strict vars check\n $_explanation = \"${caller_module_name}: ${name}\"\n } else {\n $_explanation = \": ${name}\"\n }\n }\n\n $pin_release_array = [\n $release,\n $codename,\n $release_version,\n $component,\n $originator,\n $label,\n ]\n $pin_release = join($pin_release_array, '')\n\n # Read the manpage 'apt_preferences(5)', especially the chapter\n # 'The Effect of APT Preferences' to understand the following logic\n # and the difference between specific and general form\n if $packages =~ Array {\n $packages_string = join($packages, ' ')\n } else {\n $packages_string = $packages\n }\n\n if $packages_string != '*' { # specific form\n if ( $pin_release != '' and ( $origin != '' or $version != '' )) or\n ( $version != '' and ( $pin_release != '' or $origin != '' )) {\n fail(translate('parameters release, origin, and version are mutually exclusive'))\n }\n } else { # general form\n if $version != '' {\n fail(translate('parameter version cannot be used in general form'))\n }\n if ( $pin_release != '' and $origin != '' ) {\n fail(translate('parameters release and origin are mutually exclusive'))\n }\n }\n\n # According to man 5 apt_preferences:\n # The files have either no or \"pref\" as filename extension\n # and only contain alphanumeric, hyphen (-), underscore (_) and period\n # (.) characters. Otherwise APT will print a notice that it has ignored a\n # file, unless that file matches a pattern in the\n # Dir::Ignore-Files-Silently configuration list - in which case it will\n # be silently ignored.\n $file_name = regsubst($title, '[^0-9a-z\\-_\\.]', '_', 'IG')\n\n $headertmp = epp('apt/_header.epp')\n\n $pinpreftmp = epp('apt/pin.pref.epp', {\n 'name' => $name,\n 'pin_release' => $pin_release,\n 'release' => $release,\n 'codename' => $codename,\n 'release_version' => $release_version,\n 'component' => $component,\n 'originator' => $originator,\n 'label' => $label,\n 'version' => $version,\n 'origin' => $origin,\n 'explanation' => $_explanation,\n 'packages_string' => $packages_string,\n 'priority' => $priority,\n })\n\n apt::setting { \"pref-${file_name}\":\n ensure => $ensure,\n priority => $order,\n content => \"${headertmp}${pinpreftmp}\",\n notify_update => false,\n }\n}"}, {"name": "apt::ppa", "file": "manifests/ppa.pp", "line": 22, "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "apt::ppa{ 'ppa:openstack-ppa/bleeding-edge': }", "name": "Example declaration of an Apt PPA"}, {"tag_name": "param", "text": "Specifies whether the PPA should exist. Valid options: 'present' and 'absent'.", "types": ["String"], "name": "ensure"}, {"tag_name": "param", "text": "Supplies options to be passed to the `add-apt-repository` command. Default: '-y'.", "types": ["Optional[String]"], "name": "options"}, {"tag_name": "param", "text": "Optional if lsb-release is installed (unless you're using a different release than indicated by lsb-release, e.g., Linux Mint).\nSpecifies the operating system of your node. Valid options: a string containing a valid LSB distribution codename.", "types": ["Optional[String]"], "name": "release"}, {"tag_name": "param", "text": "Names the package that provides the `apt-add-repository` command. Default: 'software-properties-common'.", "types": ["Optional[String]"], "name": "package_name"}, {"tag_name": "param", "text": "Specifies whether Puppet should manage the package that provides `apt-add-repository`.", "types": ["Boolean"], "name": "package_manage"}, {"tag_name": "summary", "text": "Manages PPA repositories using `add-apt-repository`. Not supported on Debian."}]}, "defaults": {"ensure": "'present'", "options": "$::apt::ppa_options", "release": "$facts['lsbdistcodename']", "package_name": "$::apt::ppa_package", "package_manage": "false"}, "source": "define apt::ppa(\n String $ensure = 'present',\n Optional[String] $options = $::apt::ppa_options,\n Optional[String] $release = $facts['lsbdistcodename'],\n Optional[String] $package_name = $::apt::ppa_package,\n Boolean $package_manage = false,\n) {\n unless $release {\n fail(translate('lsbdistcodename fact not available: release parameter required'))\n }\n\n if $facts['lsbdistid'] == 'Debian' {\n fail(translate('apt::ppa is not currently supported on Debian.'))\n }\n\n if versioncmp($facts['lsbdistrelease'], '14.10') >= 0 {\n $distid = downcase($facts['lsbdistid'])\n $dash_filename = regsubst($name, '^ppa:([^/]+)/(.+)$', \"\\\\1-${distid}-\\\\2\")\n $underscore_filename = regsubst($name, '^ppa:([^/]+)/(.+)$', \"\\\\1_${distid}_\\\\2\")\n } else {\n $dash_filename = regsubst($name, '^ppa:([^/]+)/(.+)$', \"\\\\1-\\\\2\")\n $underscore_filename = regsubst($name, '^ppa:([^/]+)/(.+)$', \"\\\\1_\\\\2\")\n }\n\n $dash_filename_no_slashes = regsubst($dash_filename, '/', '-', 'G')\n $dash_filename_no_specialchars = regsubst($dash_filename_no_slashes, '[\\.\\+]', '_', 'G')\n $underscore_filename_no_slashes = regsubst($underscore_filename, '/', '-', 'G')\n $underscore_filename_no_specialchars = regsubst($underscore_filename_no_slashes, '[\\.\\+]', '_', 'G')\n\n $sources_list_d_filename = \"${dash_filename_no_specialchars}-${release}.list\"\n\n if versioncmp($facts['lsbdistrelease'], '15.10') >= 0 {\n $trusted_gpg_d_filename = \"${underscore_filename_no_specialchars}.gpg\"\n } else {\n $trusted_gpg_d_filename = \"${dash_filename_no_specialchars}.gpg\"\n }\n\n if $ensure == 'present' {\n if $package_manage {\n ensure_packages($package_name)\n $_require = [File['sources.list.d'], Package[$package_name]]\n } else {\n $_require = File['sources.list.d']\n }\n\n $_proxy = $::apt::_proxy\n if $_proxy['host'] {\n if $_proxy['https'] {\n $_proxy_env = [\"http_proxy=http://${$_proxy['host']}:${$_proxy['port']}\", \"https_proxy=https://${$_proxy['host']}:${$_proxy['port']}\"]\n } else {\n $_proxy_env = [\"http_proxy=http://${$_proxy['host']}:${$_proxy['port']}\"]\n }\n } else {\n $_proxy_env = []\n }\n\n exec { \"add-apt-repository-${name}\":\n environment => $_proxy_env,\n command => \"/usr/bin/add-apt-repository ${options} ${name} || (rm ${::apt::sources_list_d}/${sources_list_d_filename} && false)\",\n unless => \"/usr/bin/test -f ${::apt::sources_list_d}/${sources_list_d_filename} && /usr/bin/test -f ${::apt::trusted_gpg_d}/${trusted_gpg_d_filename}\",\n user => 'root',\n logoutput => 'on_failure',\n notify => Class['apt::update'],\n require => $_require,\n }\n\n file { \"${::apt::sources_list_d}/${sources_list_d_filename}\":\n ensure => file,\n require => Exec[\"add-apt-repository-${name}\"],\n }\n }\n else {\n file { \"${::apt::sources_list_d}/${sources_list_d_filename}\":\n ensure => 'absent',\n notify => Class['apt::update'],\n }\n }\n}"}, {"name": "apt::setting", "file": "manifests/setting.pp", "line": 22, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Determines the order in which Apt processes the configuration file. Files with higher priority numbers are loaded first.", "types": ["Variant[String, Integer, Array]"], "name": "priority"}, {"tag_name": "param", "text": "Specifies whether the file should exist. Valid options: 'present', 'absent', and 'file'.", "types": ["Optional[Enum['file', 'present', 'absent']]"], "name": "ensure"}, {"tag_name": "param", "text": "Required, unless `content` is set. Specifies a source file to supply the content of the configuration file. Cannot be used in combination\nwith `content`. Valid options: see link above for Puppet's native file type source attribute.", "types": ["Optional[String]"], "name": "source"}, {"tag_name": "param", "text": "Required, unless `source` is set. Directly supplies content for the configuration file. Cannot be used in combination with `source`. Valid\noptions: see link above for Puppet's native file type content attribute.", "types": ["Optional[String]"], "name": "content"}, {"tag_name": "param", "text": "Specifies whether to trigger an `apt-get update` run.", "types": ["Boolean"], "name": "notify_update"}, {"tag_name": "see", "text": "for more information on source and content parameters", "name": "https://docs.puppetlabs.com/references/latest/type.html#file-attributes"}, {"tag_name": "summary", "text": "Manages Apt configuration files."}]}, "defaults": {"priority": "50", "ensure": "file", "source": "undef", "content": "undef", "notify_update": "true"}, "source": "define apt::setting (\n Variant[String, Integer, Array] $priority = 50,\n Optional[Enum['file', 'present', 'absent']] $ensure = file,\n Optional[String] $source = undef,\n Optional[String] $content = undef,\n Boolean $notify_update = true,\n) {\n\n if $content and $source {\n fail(translate('apt::setting cannot have both content and source'))\n }\n\n if !$content and !$source {\n fail(translate('apt::setting needs either of content or source'))\n }\n\n $title_array = split($title, '-')\n $setting_type = $title_array[0]\n $base_name = join(delete_at($title_array, 0), '-')\n\n assert_type(Pattern[/\\Aconf\\z/, /\\Apref\\z/, /\\Alist\\z/], $setting_type) |$a, $b| {\n fail(translate(\"apt::setting resource name/title must start with either 'conf-', 'pref-' or 'list-'\"))\n }\n\n if $priority !~ Integer {\n # need this to allow zero-padded priority.\n assert_type(Pattern[/^\\d+$/], $priority) |$a, $b| {\n fail(translate('apt::setting priority must be an integer or a zero-padded integer'))\n }\n }\n\n if ($setting_type == 'list') or ($setting_type == 'pref') {\n $_priority = ''\n } else {\n $_priority = $priority\n }\n\n $_path = $::apt::config_files[$setting_type]['path']\n $_ext = $::apt::config_files[$setting_type]['ext']\n\n if $notify_update {\n $_notify = Class['apt::update']\n } else {\n $_notify = undef\n }\n\n file { \"${_path}/${_priority}${base_name}${_ext}\":\n ensure => $ensure,\n owner => 'root',\n group => 'root',\n mode => '0644',\n content => $content,\n source => $source,\n notify => $_notify,\n }\n}"}, {"name": "apt::source", "file": "manifests/source.pp", "line": 57, "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "apt::source { 'puppetlabs':\n location => 'http://apt.puppetlabs.com',\n repos => 'main',\n key => {\n id => '6F6B15509CF8E59E6E469F327F438280EF8D349F',\n server => 'hkps.pool.sks-keyservers.net',\n },\n}", "name": "Install the puppetlabs apt source"}, {"tag_name": "option", "opt_name": ":deb", "opt_text": "Specifies whether to request the distribution's compiled binaries. Default true.", "opt_types": ["Boolean"], "parent": "include", "name": "include"}, {"tag_name": "option", "opt_name": ":src", "opt_text": "Specifies whether to request the distribution's uncompiled source code. Default false.", "opt_types": ["Boolean"], "parent": "include", "name": "include"}, {"tag_name": "param", "text": "Required, unless ensure is set to 'absent'. Specifies an Apt repository. Valid options: a string containing a repository URL.", "types": ["Optional[String]"], "name": "location"}, {"tag_name": "param", "text": "Supplies a comment for adding to the Apt source file.", "types": ["String"], "name": "comment"}, {"tag_name": "param", "text": "Specifies whether the Apt source file should exist. Valid options: 'present' and 'absent'.", "types": ["String"], "name": "ensure"}, {"tag_name": "param", "text": "Specifies a distribution of the Apt repository.", "types": ["Optional[String]"], "name": "release"}, {"tag_name": "param", "text": "Specifies a component of the Apt repository.", "types": ["String"], "name": "repos"}, {"tag_name": "param", "text": "Configures include options. Valid options: a hash of available keys.", "types": ["Optional[Variant[Hash]]"], "name": "include"}, {"tag_name": "param", "text": "Creates a declaration of the apt::key defined type. Valid options: a string to be passed to the `id` parameter of the `apt::key`\ndefined type, or a hash of `parameter => value` pairs to be passed to `apt::key`'s `id`, `server`, `content`, `source`, and/or\n`options` parameters.", "types": ["Optional[Variant[String, Hash]]"], "name": "key"}, {"tag_name": "param", "text": "Creates a declaration of the apt::pin defined type. Valid options: a number or string to be passed to the `id` parameter of the\n`apt::pin` defined type, or a hash of `parameter => value` pairs to be passed to `apt::pin`'s corresponding parameters.", "types": ["Optional[Variant[Hash, Numeric, String]]"], "name": "pin"}, {"tag_name": "param", "text": "Tells Apt to only download information for specified architectures. Valid options: a string containing one or more architecture names,\nseparated by commas (e.g., 'i386' or 'i386,alpha,powerpc'). Default: undef (if unspecified, Apt downloads information for all architectures\ndefined in the Apt::Architectures option).", "types": ["Optional[String]"], "name": "architecture"}, {"tag_name": "param", "text": "Specifies whether to authenticate packages from this release, even if the Release file is not signed or the signature can't be checked.", "types": ["Boolean"], "name": "allow_unsigned"}, {"tag_name": "param", "text": "Specifies whether to trigger an `apt-get update` run.", "types": ["Boolean"], "name": "notify_update"}, {"tag_name": "summary", "text": "Manages the Apt sources in /etc/apt/sources.list.d/."}]}, "defaults": {"location": "undef", "comment": "$name", "ensure": "present", "release": "undef", "repos": "'main'", "include": "{}", "key": "undef", "pin": "undef", "architecture": "undef", "allow_unsigned": "false", "notify_update": "true"}, "source": "define apt::source(\n Optional[String] $location = undef,\n String $comment = $name,\n String $ensure = present,\n Optional[String] $release = undef,\n String $repos = 'main',\n Optional[Variant[Hash]] $include = {},\n Optional[Variant[String, Hash]] $key = undef,\n Optional[Variant[Hash, Numeric, String]] $pin = undef,\n Optional[String] $architecture = undef,\n Boolean $allow_unsigned = false,\n Boolean $notify_update = true,\n) {\n\n include ::apt\n\n $_before = Apt::Setting[\"list-${title}\"]\n\n if !$release {\n if $facts['lsbdistcodename'] {\n $_release = $facts['lsbdistcodename']\n } else {\n fail(translate('lsbdistcodename fact not available: release parameter required'))\n }\n } else {\n $_release = $release\n }\n\n if $ensure == 'present' {\n if ! $location {\n fail(translate('cannot create a source entry without specifying a location'))\n }\n # Newer oses, do not need the package for HTTPS transport.\n $_transport_https_releases = [ 'wheezy', 'jessie', 'stretch', 'trusty', 'xenial' ]\n if ($_release in $_transport_https_releases or $facts['lsbdistcodename'] in $_transport_https_releases) and $location =~ /(?i:^https:\\/\\/)/ {\n ensure_packages('apt-transport-https')\n }\n }\n\n $includes = merge($::apt::include_defaults, $include)\n\n if $key {\n if $key =~ Hash {\n unless $key['id'] {\n fail(translate('key hash must contain at least an id entry'))\n }\n $_key = merge($::apt::source_key_defaults, $key)\n } else {\n $_key = { 'id' => assert_type(String[1], $key) }\n }\n }\n\n $header = epp('apt/_header.epp')\n\n $sourcelist = epp('apt/source.list.epp', {\n 'comment' => $comment,\n 'includes' => $includes,\n 'opt_architecture' => $architecture,\n 'allow_unsigned' => $allow_unsigned,\n 'location' => $location,\n 'release' => $_release,\n 'repos' => $repos,\n })\n\n apt::setting { \"list-${name}\":\n ensure => $ensure,\n content => \"${header}${sourcelist}\",\n notify_update => $notify_update,\n }\n\n if $pin {\n if $pin =~ Hash {\n $_pin = merge($pin, { 'ensure' => $ensure, 'before' => $_before })\n } elsif ($pin =~ Numeric or $pin =~ String) {\n $url_split = split($location, '[:\\/]+')\n $host = $url_split[1]\n $_pin = {\n 'ensure' => $ensure,\n 'priority' => $pin,\n 'before' => $_before,\n 'origin' => $host,\n }\n } else {\n fail(translate('Received invalid value for pin parameter'))\n }\n create_resources('apt::pin', { \"${name}\" => $_pin })\n }\n\n # We do not want to remove keys when the source is absent.\n if $key and ($ensure == 'present') {\n if $_key =~ Hash {\n if $_key['ensure'] != undef {\n $_ensure = $_key['ensure']\n } else {\n $_ensure = $ensure\n }\n\n apt::key { \"Add key: ${$_key['id']} from Apt::Source ${title}\":\n ensure => $_ensure,\n id => $_key['id'],\n server => $_key['server'],\n content => $_key['content'],\n source => $_key['source'],\n options => $_key['options'],\n before => $_before,\n }\n }\n }\n}"}, {"name": "yum::config", "file": "manifests/config.pp", "line": 17, "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "yum::config { 'installonly_limit':\n ensure => 2,\n}", "name": "configure installonly limit"}, {"tag_name": "example", "text": "yum::config { 'debuglevel':\n ensure => absent,\n}", "name": "remove a configuration"}, {"tag_name": "param", "text": "specifies value or absent keyword", "types": ["Variant[Boolean, Integer, Enum['absent'], String, Sensitive[String]]"], "name": "ensure"}, {"tag_name": "param", "text": "alternative conf. key (defaults to name)", "types": ["String"], "name": "key"}, {"tag_name": "summary", "text": "This definition manages yum.conf"}]}, "defaults": {"key": "$title"}, "source": "define yum::config (\n Variant[Boolean, Integer, Enum['absent'], String, Sensitive[String]] $ensure,\n String $key = $title,\n) {\n $_ensure = $ensure ? {\n Boolean => bool2num($ensure),\n Sensitive => $ensure.unwrap,\n default => $ensure,\n }\n\n $_changes = $ensure ? {\n 'absent' => \"rm ${key}\",\n default => \"set ${key} '${_ensure}'\",\n }\n\n $_show_diff = $ensure ? {\n Sensitive => false,\n default => true,\n }\n\n augeas { \"yum.conf_${key}\":\n incl => '/etc/yum.conf',\n lens => 'Yum.lns',\n context => '/files/etc/yum.conf/main/',\n changes => $_changes,\n show_diff => $_show_diff,\n }\n}"}, {"name": "yum::gpgkey", "file": "manifests/gpgkey.pp", "line": 21, "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "yum::gpgkey { '/etc/pki/rpm-gpg/RPM-GPG-KEY-puppet-smoketest1':\n ensure => 'present',\n content => '-----BEGIN PGP PUBLIC KEY BLOCK-----\n...\n-----END PGP PUBLIC KEY BLOCK-----';\n}", "name": "Sample usage:"}, {"tag_name": "param", "text": "alternative file location (defaults to name)", "types": ["String"], "name": "path"}, {"tag_name": "param", "text": "specifies if key should be present or absent", "types": ["Enum['present', 'absent']"], "name": "ensure"}, {"tag_name": "param", "text": "the actual file content", "types": ["Optional[String]"], "name": "content"}, {"tag_name": "param", "text": "source (e.g.: puppet:///)", "types": ["Optional[String]"], "name": "source"}, {"tag_name": "param", "text": "file owner", "types": ["String"], "name": "owner"}, {"tag_name": "param", "text": "file group", "types": ["String"], "name": "group"}, {"tag_name": "param", "text": "file mode", "types": ["String"], "name": "mode"}, {"tag_name": "summary", "text": "imports/deleted public GPG key for RPM. Key can be stored on Puppet's fileserver or as inline content."}]}, "defaults": {"path": "$name", "ensure": "'present'", "content": "undef", "source": "undef", "owner": "'root'", "group": "'root'", "mode": "'0644'"}, "source": "define yum::gpgkey (\n String $path = $name,\n Enum['present', 'absent'] $ensure = 'present',\n Optional[String] $content = undef,\n Optional[String] $source = undef,\n String $owner = 'root',\n String $group = 'root',\n String $mode = '0644'\n) {\n $_creators = [$content, $source]\n $_used_creators = $_creators.filter |$value| { !empty($value) }\n\n unless size($_used_creators) != 1 {\n File[$path] {\n content => $content,\n source => $source,\n }\n } else {\n case size($_used_creators) {\n 0: { fail('Missing params: $content or $source must be specified') }\n default: { fail('You cannot specify more than one of content, source') }\n }\n }\n\n file { $path:\n ensure => $ensure,\n owner => $owner,\n group => $group,\n mode => $mode,\n }\n\n $rpmname = \"gpg-pubkey-$(gpg --with-colons ${path} | \\\nhead -n 1 | \\\ncut -d: -f5 | \\\ncut -c9-16 | \\\ntr '[A-Z]' '[a-z]')\"\n\n case $ensure {\n 'present', default: {\n exec { \"rpm-import-${name}\":\n path => '/bin:/usr/bin:/sbin/:/usr/sbin',\n command => \"rpm --import ${path}\",\n unless => \"rpm -q ${rpmname}\",\n require => File[$path],\n }\n }\n\n 'absent': {\n exec { \"rpm-delete-${name}\":\n path => '/bin:/usr/bin:/sbin/:/usr/sbin',\n command => \"rpm -e ${rpmname}\",\n onlyif => [\"test -f ${path}\", \"rpm -q ${rpmname}\"],\n before => File[$path],\n }\n }\n }\n}"}, {"name": "yum::group", "file": "manifests/group.pp", "line": 13, "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "yum::group { 'X Window System':\n ensure => 'present',\n}", "name": "Sample usage:"}, {"tag_name": "param", "text": "specifies if package group should be present (installed) or absent (purged)", "types": ["Enum['present', 'installed', 'latest', 'absent', 'purged']"], "name": "ensure"}, {"tag_name": "param", "text": "exec timeout for yum groupinstall command", "types": ["Optional[Integer]"], "name": "timeout"}, {"tag_name": "param", "text": "options provided to yum groupinstall command", "types": ["Array[String[1]]"], "name": "install_options"}, {"tag_name": "summary", "text": "This definition installs or removes yum package group."}]}, "defaults": {"install_options": "[]", "ensure": "'present'", "timeout": "undef"}, "source": "define yum::group (\n Array[String[1]] $install_options = [],\n Enum['present', 'installed', 'latest', 'absent', 'purged'] $ensure = 'present',\n Optional[Integer] $timeout = undef,\n) {\n Exec {\n path => '/bin:/usr/bin:/sbin:/usr/sbin',\n environment => 'LC_ALL=C',\n }\n\n case $ensure {\n 'present', 'installed', default: {\n exec { \"yum-groupinstall-${name}\":\n command => join(concat([\"yum -y groupinstall '${name}'\"], $install_options), ' '),\n unless => \"yum grouplist hidden '${name}' | egrep -i '^Installed.+Groups:$'\",\n timeout => $timeout,\n }\n if $ensure == 'latest' {\n exec { \"yum-groupinstall-${name}-latest\":\n command => join(concat([\"yum -y groupinstall '${name}'\"], $install_options), ' '),\n onlyif => \"yum groupinfo '${name}' | egrep '\\\\s+\\\\+'\",\n timeout => $timeout,\n require => Exec[\"yum-groupinstall-${name}\"],\n }\n }\n }\n\n 'absent', 'purged': {\n exec { \"yum-groupremove-${name}\":\n command => \"yum -y groupremove '${name}'\",\n onlyif => \"yum grouplist hidden '${name}' | egrep -i '^Installed.+Groups:$'\",\n timeout => $timeout,\n }\n }\n }\n}"}, {"name": "yum::install", "file": "manifests/install.pp", "line": 17, "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "yum::install { 'epel-release':\n ensure => 'present',\n source => 'https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm',\n}", "name": "Sample usage:"}, {"tag_name": "note", "text": "This can be better than using just the rpm provider because it will pull all the dependencies."}, {"tag_name": "param", "text": "file or URL where RPM is available", "types": ["String"], "name": "source"}, {"tag_name": "param", "text": "the desired state of the package", "types": ["Enum['present', 'installed', 'absent', 'purged']"], "name": "ensure"}, {"tag_name": "param", "text": "optional timeout for the installation", "types": ["Optional[Integer]"], "name": "timeout"}, {"tag_name": "param", "text": "optional argument, will reinstall if rpm verify fails", "types": ["Boolean"], "name": "require_verify"}, {"tag_name": "summary", "text": "Installs/removes rpms from local file/URL via yum install command."}]}, "defaults": {"ensure": "'present'", "require_verify": "false", "timeout": "undef"}, "source": "define yum::install (\n String $source,\n Enum['present', 'installed', 'absent', 'purged'] $ensure = 'present',\n Boolean $require_verify = false,\n Optional[Integer] $timeout = undef,\n) {\n Exec {\n path => '/bin:/usr/bin:/sbin:/usr/sbin',\n environment => 'LC_ALL=C',\n }\n\n case $ensure {\n 'present', 'installed', default: {\n if $require_verify {\n exec { \"yum-reinstall-${name}\":\n command => \"yum -y reinstall '${source}'\",\n onlyif => \"rpm -q '${name}'\",\n unless => \"rpm -V '${name}'\",\n timeout => $timeout,\n before => Exec[\"yum-install-${name}\"],\n }\n }\n\n exec { \"yum-install-${name}\":\n command => \"yum -y install '${source}'\",\n unless => \"rpm -q '${name}'\",\n timeout => $timeout,\n }\n }\n\n 'absent', 'purged': {\n package { $name:\n ensure => $ensure,\n }\n }\n }\n}"}, {"name": "yum::plugin", "file": "manifests/plugin.pp", "line": 14, "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "yum::plugin { 'versionlock':\n ensure => 'present',\n}", "name": "Sample usage:"}, {"tag_name": "param", "text": "specifies if plugin should be present or absent", "types": ["Enum['present', 'absent']"], "name": "ensure"}, {"tag_name": "param", "text": "the package prefix for the plugins", "types": ["Optional[String]"], "name": "pkg_prefix"}, {"tag_name": "param", "text": "the actual package name", "types": ["Optional[String]"], "name": "pkg_name"}, {"tag_name": "summary", "text": "This definition installs Yum plugin."}]}, "defaults": {"ensure": "'present'", "pkg_prefix": "undef", "pkg_name": "undef"}, "source": "define yum::plugin (\n Enum['present', 'absent'] $ensure = 'present',\n Optional[String] $pkg_prefix = undef,\n Optional[String] $pkg_name = undef,\n) {\n if $pkg_prefix {\n $_pkg_prefix = $pkg_prefix\n } else {\n $_pkg_prefix = $facts['os']['release']['major'] ? {\n Variant[Integer[5,5], Enum['5']] => 'yum',\n default => 'yum-plugin',\n }\n }\n\n $_pkg_name = $pkg_name ? {\n Variant[Enum[''], Undef] => \"${_pkg_prefix}-${name}\",\n default => \"${_pkg_prefix}-${pkg_name}\",\n }\n\n package { $_pkg_name:\n ensure => $ensure,\n }\n\n if ! defined(Yum::Config['plugins']) {\n yum::config { 'plugins':\n ensure => 1,\n }\n }\n}"}, {"name": "yum::post_transaction_action", "file": "manifests/post_transaction_action.pp", "line": 19, "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "yum::post_transaction_action{'touch file on ssh package update':\n key => 'openssh-*',\n state => 'any',\n command => 'touch /tmp/openssh-installed',\n}", "name": "Touch a file when ssh is package is updated, installed or removed."}, {"tag_name": "param", "text": "Name variable a string to label the rule", "types": ["String[1]"], "name": "action"}, {"tag_name": "param", "text": "Package name, glob or file name file glob.", "types": ["Variant[Enum['*'],Yum::RpmNameGlob,Stdlib::Unixpath]"], "name": "key"}, {"tag_name": "param", "text": "Can be `install`, `update`, `remove` or `any` on YUM based systems.\nCan be `in`, `out` or `any` on DNF based systems.", "types": ["Enum['install', 'update', 'remove', 'any', 'in', 'out']"], "name": "state"}, {"tag_name": "param", "text": "The command to run", "types": ["String[1]"], "name": "command"}, {"tag_name": "see", "text": "DNF Post Transaction Items", "name": "https://dnf-plugins-core.readthedocs.io/en/latest/post-transaction-actions.html"}, {"tag_name": "summary", "text": "Creates post transaction configuratons for dnf or yum."}]}, "defaults": {"state": "'any'", "action": "$title"}, "source": "define yum::post_transaction_action (\n Variant[Enum['*'],Yum::RpmNameGlob,Stdlib::Unixpath] $key,\n String[1] $command,\n Enum['install', 'update', 'remove', 'any', 'in', 'out'] $state = 'any',\n String[1] $action = $title,\n) {\n #\n # The valid Enum is different for yum and dnf based systems.\n #\n if $facts['package_provider'] == 'yum' {\n assert_type(Enum['install','update','remove','any'],$state) |$expected, $actual| {\n fail(\"The state parameter on ${facts['package_provider']} based systems should be \\'${expected}\\' and not \\'${actual}\\'\")\n }\n } else {\n assert_type(Enum['in', 'out', 'any'],$state) |$expected, $actual| {\n fail(\"The state parameter on ${facts['package_provider']} based systems should be \\'${expected}\\' and not \\'${actual}\\'\")\n }\n }\n\n require yum::plugin::post_transaction_actions\n\n if $yum::plugin::post_transaction_actions::ensure == 'present' {\n concat::fragment { \"post_trans_${action}\":\n target => 'puppet_actions',\n content => \"# Action name: ${action}\\n${key}:${state}:${command}\\n\\n\",\n order => '10',\n }\n }\n}"}, {"name": "yum::versionlock", "file": "manifests/versionlock.pp", "line": 56, "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "yum::versionlock { '0:bash-4.1.2-9.el7.*':\n ensure => present,\n}", "name": "Sample usage on CentOS 7"}, {"tag_name": "example", "text": "yum::versionlock { 'bash':\n ensure => present,\n version => '4.1.2',\n release => '9.el8',\n epoch => 0,\n arch => 'noarch',\n}", "name": "Sample usage on CentOS 8"}, {"tag_name": "example", "text": "yum::versionlock { 'bash':\n ensure => present,\n version => '3.1.2',\n release => '9.el7',\n epoch => 0,\n arch => 'noarch',\n}", "name": "Sample usage on CentOS 7 with new style version, release, epoch, name parameters."}, {"tag_name": "note", "text": "The resource title must use the format\nBy default on CentOS 7 the following format is used.\n\"%{EPOCH}:%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}\". This can be retrieved via\nthe command `rpm -q --qf '%{EPOCH}:%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}'.\nIf \"%{EPOCH}\" returns as '(none)', it should be set to '0'. Wildcards may\nbe used within token slots, but must not cover seperators, e.g.,\n'0:b*sh-4.1.2-9.*' covers Bash version 4.1.2, revision 9 on all\narchitectures.\nBy default on CentOS 8 and newer the resource title to just set the\npackage name.\nIf a version is set on CentOS 7 then it behaves like CentOS 8"}, {"tag_name": "param", "text": "Specifies if versionlock should be `present`, `absent` or `exclude`.", "types": ["Enum['present', 'absent', 'exclude']"], "name": "ensure"}, {"tag_name": "param", "text": "Version of the package if CentOS 8 mechanism is used. This must be set for dnf based systems (e.g CentOS 8).\nIf version is set then the name var is assumed to a package name and not the full versionlock string.", "types": ["Optional[Yum::RpmVersion]"], "name": "version"}, {"tag_name": "param", "text": "Release of the package if CentOS 8 mechanism is used.", "types": ["Yum::RpmRelease"], "name": "release"}, {"tag_name": "param", "text": "Arch of the package if CentOS 8 mechanism is used.", "types": ["Variant[Yum::RpmArch, Enum['*']]"], "name": "arch"}, {"tag_name": "param", "text": "Epoch of the package if CentOS 8 mechanism is used.", "types": ["Integer[0]"], "name": "epoch"}, {"tag_name": "see", "name": "http://man7.org/linux/man-pages/man1/yum-versionlock.1.html"}, {"tag_name": "summary", "text": "Locks package from updates."}]}, "defaults": {"ensure": "'present'", "version": "undef", "release": "'*'", "epoch": "0", "arch": "'*'"}, "source": "define yum::versionlock (\n Enum['present', 'absent', 'exclude'] $ensure = 'present',\n Optional[Yum::RpmVersion] $version = undef,\n Yum::RpmRelease $release = '*',\n Integer[0] $epoch = 0,\n Variant[Yum::RpmArch, Enum['*']] $arch = '*',\n) {\n require yum::plugin::versionlock\n\n $line_prefix = $ensure ? {\n 'exclude' => '!',\n default => '',\n }\n\n if $facts['package_provider'] == 'yum' and $version =~ Undef {\n assert_type(Yum::VersionlockString, $name) |$_expected, $actual | {\n # lint:ignore:140chars\n fail(\"Package name must be formatted as %{EPOCH}:%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}, not \\'${actual}\\'. See Yum::Versionlock documentation for details.\")\n # lint:endignore\n }\n\n $_versionlock = \"${line_prefix}${name}\"\n } else {\n assert_type(Yum::RpmName, $name) |$_expected, $actual | {\n fail(\"Package name must be formatted as Yum::RpmName, not \\'${actual}\\'. See Yum::Rpmname documentation for details.\")\n }\n\n assert_type(Yum::RpmVersion, $version) |$_expected, $actual | {\n fail(\"Version must be formatted as Yum::RpmVersion, not \\'${actual}\\'. See Yum::RpmVersion documentation for details.\")\n }\n\n $_versionlock = $facts['package_provider'] ? {\n 'yum' => \"${line_prefix}${epoch}:${name}-${version}-${release}.${arch}\",\n default => \"${line_prefix}${name}-${epoch}:${version}-${release}.${arch}\",\n }\n }\n\n unless $ensure == 'absent' {\n concat::fragment { \"yum-versionlock-${name}\":\n content => \"${_versionlock}\\n\",\n target => $yum::plugin::versionlock::path,\n }\n }\n}"}, {"name": "archive::artifactory", "file": "manifests/artifactory.pp", "line": 53, "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "archive::artifactory { '/tmp/logo.png':\n url => 'https://repo.jfrog.org/artifactory/distributions/images/Artifactory_120x75.png',\n owner => 'root',\n group => 'root',\n mode => '0644',\n}", "name": ""}, {"tag_name": "example", "text": "$dirname = 'gradle-1.0-milestone-4-20110723151213+0300'\n$filename = \"${dirname}-bin.zip\"\n\narchive::artifactory { $filename:\n archive_path => '/tmp',\n url => \"http://repo.jfrog.org/artifactory/distributions/org/gradle/${filename}\",\n extract => true,\n extract_path => '/opt',\n creates => \"/opt/${dirname}\",\n cleanup => true,\n}", "name": ""}, {"tag_name": "param", "text": "artifactory download URL", "types": ["Stdlib::HTTPUrl"], "name": "url"}, {"tag_name": "param", "text": "HTTP header(s) to pass to source", "types": ["Array"], "name": "headers"}, {"tag_name": "param", "text": "absolute path for the download file (or use archive_path and only supply filename)", "types": ["String"], "name": "path"}, {"tag_name": "param", "text": "ensure download file present/absent", "types": ["Enum['present', 'absent']"], "name": "ensure"}, {"tag_name": "param", "text": "remove archive after file extraction", "types": ["Boolean"], "name": "cleanup"}, {"tag_name": "param", "text": "whether to extract the files", "types": ["Boolean"], "name": "extract"}, {"tag_name": "param", "text": "parent directory to download archive into", "types": ["Optional[Stdlib::Absolutepath]"], "name": "archive_path"}, {"tag_name": "param", "text": "the file created when the archive is extracted", "types": ["Optional[String]"], "name": "creates"}, {"tag_name": "param", "text": "absolute path to extract archive into", "types": ["Optional[String]"], "name": "extract_path"}, {"tag_name": "param", "text": "file group (see archive params for defaults)", "types": ["Optional[String]"], "name": "group"}, {"tag_name": "param", "text": "file mode (see archive params for defaults)", "types": ["Optional[String]"], "name": "mode"}, {"tag_name": "param", "text": "file owner (see archive params for defaults)", "types": ["Optional[String]"], "name": "owner"}, {"tag_name": "param", "text": "Password to authenticate with", "types": ["Optional[String]"], "name": "password"}, {"tag_name": "param", "text": "User to authenticate as", "types": ["Optional[String]"], "name": "username"}, {"tag_name": "summary", "text": "Archive wrapper for downloading files from artifactory"}]}, "defaults": {"headers": "[]", "cleanup": "false", "extract": "false", "ensure": "'present'", "path": "$name", "archive_path": "undef", "creates": "undef", "extract_path": "undef", "group": "undef", "mode": "undef", "owner": "undef", "password": "undef", "username": "undef"}, "source": "define archive::artifactory (\n Stdlib::HTTPUrl $url,\n Array $headers = [],\n Boolean $cleanup = false,\n Boolean $extract = false,\n Enum['present', 'absent'] $ensure = 'present',\n String $path = $name,\n Optional[Stdlib::Absolutepath] $archive_path = undef,\n Optional[String] $creates = undef,\n Optional[String] $extract_path = undef,\n Optional[String] $group = undef,\n Optional[String] $mode = undef,\n Optional[String] $owner = undef,\n Optional[String] $password = undef,\n Optional[String] $username = undef,\n) {\n include archive::params\n\n if $archive_path {\n $file_path = \"${archive_path}/${name}\"\n } else {\n $file_path = $path\n }\n\n assert_type(Stdlib::Absolutepath, $file_path) |$expected, $actual| {\n fail(\"archive::artifactory[${name}]: \\$name or \\$archive_path must be '${expected}', not '${actual}'\")\n }\n\n $maven2_data = archive::parse_artifactory_url($url)\n if $maven2_data and $maven2_data['folder_iteg_rev'] == 'SNAPSHOT' {\n # URL represents a SNAPSHOT version. eg 'http://artifactory.example.com/artifactory/repo/com/example/artifact/0.0.1-SNAPSHOT/artifact-0.0.1-SNAPSHOT.zip'\n # Only Artifactory Pro downloads this directly but the corresponding file endpoint (where the sha1 checksum is published) doesn't exist\n # This means we can't use the artifactory_sha1 function\n\n $latest_url_data = archive::artifactory_latest_url($url, $maven2_data)\n\n $file_url = $latest_url_data['url']\n $sha1 = $latest_url_data['sha1']\n } else {\n $file_url = $url\n $sha1 = archive::artifactory_checksum($url,'sha1')\n }\n\n archive { $file_path:\n ensure => $ensure,\n path => $file_path,\n extract => $extract,\n extract_path => $extract_path,\n headers => $headers,\n username => $username,\n password => $password,\n source => $file_url,\n checksum => $sha1,\n checksum_type => 'sha1',\n creates => $creates,\n cleanup => $cleanup,\n }\n\n $file_owner = pick($owner, $archive::params::owner)\n $file_group = pick($group, $archive::params::group)\n $file_mode = pick($mode, $archive::params::mode)\n\n file { $file_path:\n owner => $file_owner,\n group => $file_group,\n mode => $file_mode,\n require => Archive[$file_path],\n }\n}"}, {"name": "archive::download", "file": "manifests/download.pp", "line": 39, "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "archive::download {\"apache-tomcat-6.0.26.tar.gz\":\n ensure => present,\n url => \"http://archive.apache.org/dist/tomcat/tomcat-6/v6.0.26/bin/apache-tomcat-6.0.26.tar.gz\",\n}", "name": ""}, {"tag_name": "example", "text": "archive::download {\"apache-tomcat-6.0.26.tar.gz\":\n ensure => present,\n digest_string => \"f9eafa9bfd620324d1270ae8f09a8c89\",\n url => \"http://archive.apache.org/dist/tomcat/tomcat-6/v6.0.26/bin/apache-tomcat-6.0.26.tar.gz\",\n}", "name": ""}, {"tag_name": "param", "text": "source", "types": ["String"], "name": "url"}, {"tag_name": "param", "text": "HTTP (s) to pass to source", "types": ["Array"], "name": "headers"}, {"tag_name": "param", "text": "Allow self-signed certificate on source?", "types": ["Boolean"], "name": "allow_insecure"}, {"tag_name": "param", "text": "Should checksum be validated?", "types": ["Boolean"], "name": "checksum"}, {"tag_name": "param", "text": "Digest to use for calculating checksum", "types": ["Enum['none', 'md5', 'sha1', 'sha2','sha256', 'sha384', 'sha512']"], "name": "digest_type"}, {"tag_name": "param", "text": "ensure file present/absent", "types": ["Enum['present', 'absent']"], "name": "ensure"}, {"tag_name": "param", "text": "Absolute path to staging location", "types": ["Stdlib::Compat::Absolute_path"], "name": "src_target"}, {"tag_name": "param", "text": "Value expected checksum", "types": ["Optional[String]"], "name": "digest_string"}, {"tag_name": "param", "text": "URL expected checksum value", "types": ["Optional[String]"], "name": "digest_url"}, {"tag_name": "param", "text": "FQDN of proxy server", "types": ["Optional[String]"], "name": "proxy_server"}, {"tag_name": "param", "text": "User used to download the archive", "types": ["Optional[String]"], "name": "user"}, {"tag_name": "summary", "text": "Archive downloader with integrity verification"}]}, "defaults": {"headers": "[]", "allow_insecure": "false", "checksum": "true", "digest_type": "'md5'", "ensure": "'present'", "src_target": "'/usr/src'", "digest_string": "undef", "digest_url": "undef", "proxy_server": "undef", "user": "undef"}, "source": "define archive::download (\n String $url,\n Array $headers = [],\n Boolean $allow_insecure = false,\n Boolean $checksum = true,\n Enum['none', 'md5', 'sha1', 'sha2','sha256', 'sha384', 'sha512'] $digest_type = 'md5', # bad default!\n Enum['present', 'absent'] $ensure = 'present',\n Stdlib::Compat::Absolute_path $src_target = '/usr/src',\n Optional[String] $digest_string = undef,\n Optional[String] $digest_url = undef,\n Optional[String] $proxy_server = undef,\n Optional[String] $user = undef,\n) {\n $target = ($title =~ Stdlib::Compat::Absolute_path) ? {\n false => \"${src_target}/${title}\",\n default => $title,\n }\n\n archive { $target:\n ensure => $ensure,\n source => $url,\n checksum_verify => $checksum,\n checksum => $digest_string,\n checksum_type => $digest_type,\n checksum_url => $digest_url,\n proxy_server => $proxy_server,\n user => $user,\n headers => $headers,\n allow_insecure => $allow_insecure,\n }\n}"}, {"name": "archive::go", "file": "manifests/go.pp", "line": 2, "docstring": {"text": "download from go", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "server"}, {"tag_name": "param", "text": "", "types": ["Integer"], "name": "port"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "url_path"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "md5_url_path"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "username"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "password"}, {"tag_name": "param", "text": "", "types": ["Enum['present', 'absent']"], "name": "ensure"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "path"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "owner"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "group"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "mode"}, {"tag_name": "param", "text": "", "types": ["Optional[Boolean]"], "name": "extract"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "extract_path"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "creates"}, {"tag_name": "param", "text": "", "types": ["Optional[Boolean]"], "name": "cleanup"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::Compat::Absolute_path]"], "name": "archive_path"}]}, "defaults": {"ensure": "present", "path": "$name", "owner": "undef", "group": "undef", "mode": "undef", "extract": "undef", "extract_path": "undef", "creates": "undef", "cleanup": "undef", "archive_path": "undef"}, "source": "define archive::go (\n String $server,\n Integer $port,\n String $url_path,\n String $md5_url_path,\n String $username,\n String $password,\n Enum['present', 'absent'] $ensure = present,\n String $path = $name,\n Optional[String] $owner = undef,\n Optional[String] $group = undef,\n Optional[String] $mode = undef,\n Optional[Boolean] $extract = undef,\n Optional[String] $extract_path = undef,\n Optional[String] $creates = undef,\n Optional[Boolean] $cleanup = undef,\n Optional[Stdlib::Compat::Absolute_path] $archive_path = undef,\n) {\n include archive::params\n\n if $archive_path {\n $file_path = \"${archive_path}/${name}\"\n } else {\n $file_path = $path\n }\n\n if $file_path !~ Stdlib::Compat::Absolute_path {\n fail(\"archive::go[${name}]: \\$name or \\$archive_path must be an absolute path!\") # lint:ignore:trailing_comma\n }\n\n $go_url = \"http://${server}:${port}\"\n $file_url = \"${go_url}/${url_path}\"\n $md5_url = \"${go_url}/${md5_url_path}\"\n\n archive { $file_path:\n ensure => $ensure,\n path => $file_path,\n extract => $extract,\n extract_path => $extract_path,\n source => $file_url,\n checksum => archive::go_md5($username, $password, $name, $md5_url),\n checksum_type => 'md5',\n creates => $creates,\n cleanup => $cleanup,\n username => $username,\n password => $password,\n }\n\n $file_owner = pick($owner, $archive::params::owner)\n $file_group = pick($group, $archive::params::group)\n $file_mode = pick($mode, $archive::params::mode)\n\n file { $file_path:\n owner => $file_owner,\n group => $file_group,\n mode => $file_mode,\n require => Archive[$file_path],\n }\n}"}, {"name": "archive::nexus", "file": "manifests/nexus.pp", "line": 21, "docstring": {"text": "define: archive::nexus\n======================\n\narchive wrapper for downloading files from Nexus using REST API. Nexus API:\nhttps://repository.sonatype.org/nexus-restlet1x-plugin/default/docs/path__artifact_maven_content.html\n\nParameters\n----------\n\nExamples\n--------\n\narchive::nexus { '/tmp/jtstand-ui-0.98.jar':\n url => 'https://oss.sonatype.org',\n gav => 'org.codehaus.jtstand:jtstand-ui:0.98',\n repository => 'codehaus-releases',\n packaging => 'jar',\n extract => false,\n}", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "url"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "gav"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "repository"}, {"tag_name": "param", "text": "", "types": ["Enum['present', 'absent']"], "name": "ensure"}, {"tag_name": "param", "text": "", "types": ["Enum['none', 'md5', 'sha1', 'sha2','sha256', 'sha384', 'sha512']"], "name": "checksum_type"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "checksum_verify"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "packaging"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "use_nexus3_urls"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "classifier"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "extension"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "username"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "password"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "user"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "owner"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "group"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "mode"}, {"tag_name": "param", "text": "", "types": ["Optional[Boolean]"], "name": "extract"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "extract_path"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "extract_flags"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "extract_command"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "creates"}, {"tag_name": "param", "text": "", "types": ["Optional[Boolean]"], "name": "cleanup"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "proxy_server"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "proxy_type"}, {"tag_name": "param", "text": "", "types": ["Optional[Boolean]"], "name": "allow_insecure"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::Absolutepath]"], "name": "temp_dir"}]}, "defaults": {"ensure": "present", "checksum_type": "'md5'", "checksum_verify": "true", "packaging": "'jar'", "use_nexus3_urls": "false", "classifier": "undef", "extension": "undef", "username": "undef", "password": "undef", "user": "undef", "owner": "undef", "group": "undef", "mode": "undef", "extract": "undef", "extract_path": "undef", "extract_flags": "undef", "extract_command": "undef", "creates": "undef", "cleanup": "undef", "proxy_server": "undef", "proxy_type": "undef", "allow_insecure": "undef", "temp_dir": "undef"}, "source": "define archive::nexus (\n String $url,\n String $gav,\n String $repository,\n Enum['present', 'absent'] $ensure = present,\n Enum['none', 'md5', 'sha1', 'sha2','sha256', 'sha384', 'sha512'] $checksum_type = 'md5',\n Boolean $checksum_verify = true,\n String $packaging = 'jar',\n Boolean $use_nexus3_urls = false,\n Optional[String] $classifier = undef,\n Optional[String] $extension = undef,\n Optional[String] $username = undef,\n Optional[String] $password = undef,\n Optional[String] $user = undef,\n Optional[String] $owner = undef,\n Optional[String] $group = undef,\n Optional[String] $mode = undef,\n Optional[Boolean] $extract = undef,\n Optional[String] $extract_path = undef,\n Optional[String] $extract_flags = undef,\n Optional[String] $extract_command = undef,\n Optional[String] $creates = undef,\n Optional[Boolean] $cleanup = undef,\n Optional[String] $proxy_server = undef,\n Optional[String] $proxy_type = undef,\n Optional[Boolean] $allow_insecure = undef,\n Optional[Stdlib::Absolutepath] $temp_dir = undef,\n) {\n include archive::params\n\n $artifact_info = split($gav, ':')\n\n $group_id = $artifact_info[0]\n $artifact_id = $artifact_info[1]\n $version = $artifact_info[2]\n\n $query_params = {\n 'g' => $group_id,\n 'a' => $artifact_id,\n 'v' => $version,\n 'r' => $repository,\n 'p' => $packaging,\n 'c' => $classifier,\n 'e' => $extension,\n }.filter |$keys, $values| { $values != undef }\n\n if $use_nexus3_urls {\n if $classifier {\n $c = \"-${classifier}\"\n } else {\n $c = ''\n }\n\n $artifact_url = sprintf(\n '%s/repository/%s/%s/%s/%s/%s-%s%s.%s',\n $url,\n $repository,\n regsubst($group_id, '\\.', '/', 'G'),\n $artifact_id,\n $version,\n $artifact_id,\n $version,\n $c,\n $packaging\n )\n\n $checksum_url = sprintf('%s.%s', $artifact_url, $checksum_type)\n } else {\n $artifact_url = archive::assemble_nexus_url($url, $query_params)\n $checksum_url = regsubst($artifact_url, \"p=${packaging}\", \"p=${packaging}.${checksum_type}\")\n }\n archive { $name:\n ensure => $ensure,\n source => $artifact_url,\n username => $username,\n password => $password,\n checksum_url => $checksum_url,\n checksum_type => $checksum_type,\n checksum_verify => $checksum_verify,\n extract => $extract,\n extract_path => $extract_path,\n extract_flags => $extract_flags,\n extract_command => $extract_command,\n user => $user,\n group => $group,\n creates => $creates,\n cleanup => $cleanup,\n proxy_server => $proxy_server,\n proxy_type => $proxy_type,\n allow_insecure => $allow_insecure,\n temp_dir => $temp_dir,\n }\n\n $file_owner = pick($owner, $archive::params::owner)\n $file_group = pick($group, $archive::params::group)\n $file_mode = pick($mode, $archive::params::mode)\n\n file { $name:\n owner => $file_owner,\n group => $file_group,\n mode => $file_mode,\n require => Archive[$name],\n }\n}"}, {"name": "postgresql::server::config_entry", "file": "manifests/server/config_entry.pp", "line": 7, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Removes an entry if set to 'absent'.", "types": ["Enum['present', 'absent']"], "name": "ensure"}, {"tag_name": "param", "text": "Defines the value for the setting.", "types": ["Any"], "name": "value"}, {"tag_name": "param", "text": "Path for postgresql.conf", "types": ["Any"], "name": "path"}, {"tag_name": "summary", "text": "Manage a postgresql.conf entry."}]}, "defaults": {"ensure": "'present'", "value": "undef", "path": "false"}, "source": "define postgresql::server::config_entry (\n Enum['present', 'absent'] $ensure = 'present',\n $value = undef,\n $path = false\n) {\n $postgresql_conf_path = $postgresql::server::postgresql_conf_path\n\n $target = $path ? {\n false => $postgresql_conf_path,\n default => $path,\n }\n\n # Those are the variables that are marked as \"(change requires restart)\"\n # on postgresql.conf. Items are ordered as on postgresql.conf.\n #\n # XXX: This resource supports setting other variables without knowing\n # their names. Do not add them here.\n $requires_restart_until = {\n 'data_directory' => undef,\n 'hba_file' => undef,\n 'ident_file' => undef,\n 'external_pid_file' => undef,\n 'listen_addresses' => undef,\n 'port' => undef,\n 'max_connections' => undef,\n 'superuser_reserved_connections' => undef,\n 'unix_socket_directory' => '9.3', # Turned into \"unix_socket_directories\"\n 'unix_socket_directories' => undef,\n 'unix_socket_group' => undef,\n 'unix_socket_permissions' => undef,\n 'bonjour' => undef,\n 'bonjour_name' => undef,\n 'ssl' => '10',\n 'ssl_ciphers' => '10',\n 'ssl_prefer_server_ciphers' => '10', # New on 9.4\n 'ssl_ecdh_curve' => '10', # New on 9.4\n 'ssl_cert_file' => '10', # New on 9.2\n 'ssl_key_file' => '10', # New on 9.2\n 'ssl_ca_file' => '10', # New on 9.2\n 'ssl_crl_file' => '10', # New on 9.2\n 'shared_buffers' => undef,\n 'huge_pages' => undef, # New on 9.4\n 'max_prepared_transactions' => undef,\n 'max_files_per_process' => undef,\n 'shared_preload_libraries' => undef,\n 'max_worker_processes' => undef, # New on 9.4\n 'old_snapshot_threshold' => undef, # New on 9.6\n 'wal_level' => undef,\n 'wal_log_hints' => undef, # New on 9.4\n 'wal_buffers' => undef,\n 'archive_mode' => undef,\n 'max_wal_senders' => undef,\n 'max_replication_slots' => undef, # New on 9.4\n 'track_commit_timestamp' => undef, # New on 9.5\n 'hot_standby' => undef,\n 'logging_collector' => undef,\n 'cluster_name' => undef, # New on 9.5\n 'silent_mode' => '9.2', # Removed\n 'track_activity_query_size' => undef,\n 'autovacuum_max_workers' => undef,\n 'autovacuum_freeze_max_age' => undef,\n 'autovacuum_multixact_freeze_max_age' => undef, # New on 9.5\n 'max_locks_per_transaction' => undef,\n 'max_pred_locks_per_transaction' => undef,\n }\n\n Exec {\n logoutput => 'on_failure',\n }\n\n if ! ($name in $requires_restart_until and (\n ! $requires_restart_until[$name] or\n versioncmp($postgresql::server::_version, $requires_restart_until[$name]) < 0\n )) {\n Postgresql_conf {\n notify => Class['postgresql::server::reload'],\n }\n } elsif $postgresql::server::service_restart_on_change {\n Postgresql_conf {\n notify => Class['postgresql::server::service'],\n }\n } else {\n Postgresql_conf {\n before => Class['postgresql::server::service'],\n }\n }\n\n # We have to handle ports and the data directory in a weird and\n # special way. On early Debian and Ubuntu and RHEL we have to ensure\n # we stop the service completely. On RHEL 7 we either have to create\n # a systemd override for the port or update the sysconfig file, but this\n # is managed for us in postgresql::server::config.\n if $facts['os']['name'] == 'Debian' or $facts['os']['name'] == 'Ubuntu' {\n if $name == 'data_directory' {\n exec { \"postgresql_stop_${name}\":\n command => \"service ${postgresql::server::service_name} stop\",\n onlyif => \"service ${postgresql::server::service_name} status\",\n unless => \"grep \\\"data_directory = '${value}'\\\" ${postgresql::server::postgresql_conf_path}\",\n path => '/usr/sbin:/sbin:/bin:/usr/bin:/usr/local/bin',\n before => Postgresql_conf[$name],\n }\n }\n }\n if $facts['os']['family'] == 'RedHat' {\n if ! ($facts['os']['release']['major'] in ['7', '8'] or $facts['os']['name'] == 'Fedora') {\n if $name == 'port' {\n # We need to force postgresql to stop before updating the port\n # because puppet becomes confused and is unable to manage the\n # service appropriately.\n exec { \"postgresql_stop_${name}\":\n command => \"service ${postgresql::server::service_name} stop\",\n onlyif => \"service ${postgresql::server::service_name} status\",\n unless => \"grep 'PGPORT=${value}' /etc/sysconfig/pgsql/postgresql\",\n path => '/sbin:/bin:/usr/bin:/usr/local/bin',\n require => File['/etc/sysconfig/pgsql/postgresql'],\n }\n -> augeas { 'override PGPORT in /etc/sysconfig/pgsql/postgresql':\n lens => 'Shellvars.lns',\n incl => '/etc/sysconfig/pgsql/postgresql',\n context => '/files/etc/sysconfig/pgsql/postgresql',\n changes => \"set PGPORT ${value}\",\n require => File['/etc/sysconfig/pgsql/postgresql'],\n notify => Class['postgresql::server::service'],\n before => Class['postgresql::server::reload'],\n }\n } elsif $name == 'data_directory' {\n # We need to force postgresql to stop before updating the data directory\n # otherwise init script breaks\n exec { \"postgresql_${name}\":\n command => \"service ${postgresql::server::service_name} stop\",\n onlyif => \"service ${postgresql::server::service_name} status\",\n unless => \"grep 'PGDATA=${value}' /etc/sysconfig/pgsql/postgresql\",\n path => '/sbin:/bin:/usr/bin:/usr/local/bin',\n require => File['/etc/sysconfig/pgsql/postgresql'],\n }\n -> augeas { 'override PGDATA in /etc/sysconfig/pgsql/postgresql':\n lens => 'Shellvars.lns',\n incl => '/etc/sysconfig/pgsql/postgresql',\n context => '/files/etc/sysconfig/pgsql/postgresql',\n changes => \"set PGDATA ${value}\",\n require => File['/etc/sysconfig/pgsql/postgresql'],\n notify => Class['postgresql::server::service'],\n before => Class['postgresql::server::reload'],\n }\n }\n }\n }\n\n postgresql_conf { $name:\n ensure => $ensure,\n target => $target,\n value => $value,\n require => Class['postgresql::server::initdb'],\n }\n}"}, {"name": "postgresql::server::database", "file": "manifests/server/database.pp", "line": 12, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Sets a comment on the database.", "types": ["Any"], "name": "comment"}, {"tag_name": "param", "text": "Sets the name of the database.", "types": ["Any"], "name": "dbname"}, {"tag_name": "param", "text": "Sets name of the database owner.", "types": ["Any"], "name": "owner"}, {"tag_name": "param", "text": "Sets tablespace for where to create this database.", "types": ["Any"], "name": "tablespace"}, {"tag_name": "param", "text": "Specifies the name of the template database from which to build this database. Default value: 'template0'.", "types": ["Any"], "name": "template"}, {"tag_name": "param", "text": "Overrides the character set during creation of the database.", "types": ["Any"], "name": "encoding"}, {"tag_name": "param", "text": "Overrides the locale during creation of the database.", "types": ["Any"], "name": "locale"}, {"tag_name": "param", "text": "Defines the database as a template if set to true.", "types": ["Any"], "name": "istemplate"}, {"tag_name": "param", "text": "Specifies a hash of environment variables used when connecting to a remote server.", "types": ["Any"], "name": "connect_settings"}, {"tag_name": "summary", "text": "Define for creating a database."}]}, "defaults": {"comment": "undef", "dbname": "$title", "owner": "undef", "tablespace": "undef", "template": "'template0'", "encoding": "$postgresql::server::encoding", "locale": "$postgresql::server::locale", "istemplate": "false", "connect_settings": "$postgresql::server::default_connect_settings"}, "source": "define postgresql::server::database (\n $comment = undef,\n $dbname = $title,\n $owner = undef,\n $tablespace = undef,\n $template = 'template0',\n $encoding = $postgresql::server::encoding,\n $locale = $postgresql::server::locale,\n $istemplate = false,\n $connect_settings = $postgresql::server::default_connect_settings,\n) {\n $createdb_path = $postgresql::server::createdb_path\n $user = $postgresql::server::user\n $group = $postgresql::server::group\n $psql_path = $postgresql::server::psql_path\n $default_db = $postgresql::server::default_database\n\n # If possible use the version of the remote database, otherwise\n # fallback to our local DB version\n if $connect_settings != undef and has_key( $connect_settings, 'DBVERSION') {\n $version = $connect_settings['DBVERSION']\n } else {\n $version = $postgresql::server::_version\n }\n\n # If the connection settings do not contain a port, then use the local server port\n if $connect_settings != undef and has_key( $connect_settings, 'PGPORT') {\n $port = undef\n } else {\n $port = $postgresql::server::port\n }\n\n # Set the defaults for the postgresql_psql resource\n Postgresql_psql {\n db => $default_db,\n psql_user => $user,\n psql_group => $group,\n psql_path => $psql_path,\n port => $port,\n connect_settings => $connect_settings,\n }\n\n # Optionally set the locale switch. Older versions of createdb may not accept\n # --locale, so if the parameter is undefined its safer not to pass it.\n if ($version != '8.1') {\n $locale_option = $locale ? {\n undef => '',\n default => \"LC_COLLATE = '${locale}' LC_CTYPE = '${locale}'\",\n }\n $public_revoke_privilege = 'CONNECT'\n } else {\n $locale_option = ''\n $public_revoke_privilege = 'ALL'\n }\n\n $template_option = $template ? {\n undef => '',\n default => \"TEMPLATE = \\\"${template}\\\"\",\n }\n\n $encoding_option = $encoding ? {\n undef => '',\n default => \"ENCODING = '${encoding}'\",\n }\n\n $tablespace_option = $tablespace ? {\n undef => '',\n default => \"TABLESPACE \\\"${tablespace}\\\"\",\n }\n\n if $createdb_path != undef {\n warning('Passing \"createdb_path\" to postgresql::database is deprecated, it can be removed safely for the same behaviour')\n }\n\n postgresql_psql { \"CREATE DATABASE \\\"${dbname}\\\"\":\n command => \"CREATE DATABASE \\\"${dbname}\\\" WITH ${template_option} ${encoding_option} ${locale_option} ${tablespace_option}\",\n unless => \"SELECT 1 FROM pg_database WHERE datname = '${dbname}'\",\n require => Class['postgresql::server::service'],\n }\n\n # This will prevent users from connecting to the database unless they've been\n # granted privileges.\n ~> postgresql_psql { \"REVOKE ${public_revoke_privilege} ON DATABASE \\\"${dbname}\\\" FROM public\":\n refreshonly => true,\n }\n\n Postgresql_psql[\"CREATE DATABASE \\\"${dbname}\\\"\"]\n -> postgresql_psql { \"UPDATE pg_database SET datistemplate = ${istemplate} WHERE datname = '${dbname}'\":\n unless => \"SELECT 1 FROM pg_database WHERE datname = '${dbname}' AND datistemplate = ${istemplate}\",\n }\n\n if $comment {\n # The shobj_description function was only introduced with 8.2\n $comment_information_function = $version ? {\n '8.1' => 'obj_description',\n default => 'shobj_description',\n }\n Postgresql_psql[\"CREATE DATABASE \\\"${dbname}\\\"\"]\n -> postgresql_psql { \"COMMENT ON DATABASE \\\"${dbname}\\\" IS '${comment}'\":\n unless => \"SELECT 1 FROM pg_catalog.pg_database d WHERE datname = '${dbname}' AND pg_catalog.${comment_information_function}(d.oid, 'pg_database') = '${comment}'\",\n db => $dbname,\n }\n }\n\n if $owner {\n postgresql_psql { \"ALTER DATABASE \\\"${dbname}\\\" OWNER TO \\\"${owner}\\\"\":\n unless => \"SELECT 1 FROM pg_database JOIN pg_roles rol ON datdba = rol.oid WHERE datname = '${dbname}' AND rolname = '${owner}'\",\n require => Postgresql_psql[\"CREATE DATABASE \\\"${dbname}\\\"\"],\n }\n\n if defined(Postgresql::Server::Role[$owner]) {\n Postgresql::Server::Role[$owner]->Postgresql_psql[\"ALTER DATABASE \\\"${dbname}\\\" OWNER TO \\\"${owner}\\\"\"]\n }\n }\n\n if $tablespace {\n postgresql_psql { \"ALTER DATABASE \\\"${dbname}\\\" SET ${tablespace_option}\":\n unless => \"SELECT 1 FROM pg_database JOIN pg_tablespace spc ON dattablespace = spc.oid WHERE datname = '${dbname}' AND spcname = '${tablespace}'\",\n require => Postgresql_psql[\"CREATE DATABASE \\\"${dbname}\\\"\"],\n }\n\n if defined(Postgresql::Server::Tablespace[$tablespace]) {\n # The tablespace must be there, before we create the database.\n Postgresql::Server::Tablespace[$tablespace]->Postgresql_psql[\"CREATE DATABASE \\\"${dbname}\\\"\"]\n }\n }\n}"}, {"name": "postgresql::server::database_grant", "file": "manifests/server/database_grant.pp", "line": 10, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Specifies comma-separated list of privileges to grant. Valid options: 'ALL', 'CREATE', 'CONNECT', 'TEMPORARY', 'TEMP'.", "types": ["Any"], "name": "privilege"}, {"tag_name": "param", "text": "Specifies the database to which you are granting access.", "types": ["Any"], "name": "db"}, {"tag_name": "param", "text": "Specifies the role or user whom you are granting access to.", "types": ["Any"], "name": "role"}, {"tag_name": "param", "text": "Specifies whether to grant or revoke the privilege. Revoke or 'absent' works only in PostgreSQL version 9.1.24 or later.", "types": ["Any"], "name": "ensure"}, {"tag_name": "param", "text": "Defines the database to execute the grant against. This should not ordinarily be changed from the default", "types": ["Any"], "name": "psql_db"}, {"tag_name": "param", "text": "Specifies the OS user for running psql. Default value: The default user for the module, usually 'postgres'.", "types": ["Any"], "name": "psql_user"}, {"tag_name": "param", "text": "Specifies a hash of environment variables used when connecting to a remote server.", "types": ["Any"], "name": "connect_settings"}, {"tag_name": "summary", "text": "Manage a database grant."}]}, "defaults": {"ensure": "undef", "psql_db": "undef", "psql_user": "undef", "connect_settings": "undef"}, "source": "define postgresql::server::database_grant (\n $privilege,\n $db,\n $role,\n $ensure = undef,\n $psql_db = undef,\n $psql_user = undef,\n $connect_settings = undef,\n) {\n postgresql::server::grant { \"database:${name}\":\n ensure => $ensure,\n role => $role,\n db => $db,\n privilege => $privilege,\n object_type => 'DATABASE',\n object_name => $db,\n psql_db => $psql_db,\n psql_user => $psql_user,\n connect_settings => $connect_settings,\n }\n}"}, {"name": "postgresql::server::db", "file": "manifests/server/db.pp", "line": 14, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "User to create and assign access to the database upon creation. Mandatory.", "types": ["Any"], "name": "user"}, {"tag_name": "param", "text": "Required Sets the password for the created user.", "types": ["Variant[String, Sensitive[String]]"], "name": "password"}, {"tag_name": "param", "text": "Defines a comment to be stored about the database using the PostgreSQL COMMENT command.", "types": ["Any"], "name": "comment"}, {"tag_name": "param", "text": "Sets the name of the database to be created.", "types": ["Any"], "name": "dbname"}, {"tag_name": "param", "text": "Overrides the character set during creation of the database.", "types": ["Any"], "name": "encoding"}, {"tag_name": "param", "text": "Overrides the locale during creation of the database.", "types": ["Any"], "name": "locale"}, {"tag_name": "param", "text": "Specifies the permissions to grant during creation. Default value: 'ALL'.", "types": ["Any"], "name": "grant"}, {"tag_name": "param", "text": "Defines the name of the tablespace to allocate the created database to.", "types": ["Any"], "name": "tablespace"}, {"tag_name": "param", "text": "Specifies the name of the template database from which to build this database. Defaults value: template0.", "types": ["Any"], "name": "template"}, {"tag_name": "param", "text": "Specifies that the database is a template, if set to true.", "types": ["Any"], "name": "istemplate"}, {"tag_name": "param", "text": "Sets a user as the owner of the database.", "types": ["Any"], "name": "owner"}, {"tag_name": "summary", "text": "Define for conveniently creating a role, database and assigning the correctpermissions."}]}, "defaults": {"comment": "undef", "dbname": "$title", "encoding": "$postgresql::server::encoding", "locale": "$postgresql::server::locale", "grant": "'ALL'", "tablespace": "undef", "template": "'template0'", "istemplate": "false", "owner": "undef"}, "source": "define postgresql::server::db (\n $user,\n Variant[String, Sensitive[String]] $password,\n $comment = undef,\n $dbname = $title,\n $encoding = $postgresql::server::encoding,\n $locale = $postgresql::server::locale,\n $grant = 'ALL',\n $tablespace = undef,\n $template = 'template0',\n $istemplate = false,\n $owner = undef\n) {\n if ! defined(Postgresql::Server::Database[$dbname]) {\n postgresql::server::database { $dbname:\n comment => $comment,\n encoding => $encoding,\n tablespace => $tablespace,\n template => $template,\n locale => $locale,\n istemplate => $istemplate,\n owner => $owner,\n }\n }\n\n if ! defined(Postgresql::Server::Role[$user]) {\n postgresql::server::role { $user:\n password_hash => $password,\n before => Postgresql::Server::Database[$dbname],\n }\n }\n\n if ! defined(Postgresql::Server::Database_grant[\"GRANT ${user} - ${grant} - ${dbname}\"]) {\n postgresql::server::database_grant { \"GRANT ${user} - ${grant} - ${dbname}\":\n privilege => $grant,\n db => $dbname,\n role => $user,\n } -> Postgresql_conn_validator<| db_name == $dbname |>\n }\n\n if($tablespace != undef and defined(Postgresql::Server::Tablespace[$tablespace])) {\n Postgresql::Server::Tablespace[$tablespace]->Postgresql::Server::Database[$name]\n }\n}"}, {"name": "postgresql::server::default_privileges", "file": "manifests/server/default_privileges.pp", "line": 15, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Specifies whether to grant or revoke the privilege.", "types": ["Enum['present',\n 'absent'\n ]"], "name": "ensure"}, {"tag_name": "param", "text": "Specifies the role or user whom you are granting access to.", "types": ["String"], "name": "role"}, {"tag_name": "param", "text": "Specifies the database to which you are granting access.", "types": ["String"], "name": "db"}, {"tag_name": "param", "text": "Specify target object type: 'FUNCTIONS', 'ROUTINES', 'SEQUENCES', 'TABLES', 'TYPES'.", "types": ["Pattern[\n /(?i:^FUNCTIONS$)/,\n /(?i:^ROUTINES$)/,\n /(?i:^SEQUENCES$)/,\n /(?i:^TABLES$)/,\n /(?i:^TYPES$)/\n ]"], "name": "object_type"}, {"tag_name": "param", "text": "Specifies comma-separated list of privileges to grant. Valid options: depends on object type.", "types": ["String"], "name": "privilege"}, {"tag_name": "param", "text": "Target schema. Defaults to 'public'.", "types": ["String"], "name": "schema"}, {"tag_name": "param", "text": "Defines the database to execute the grant against. This should not ordinarily be changed from the default.", "types": ["String"], "name": "psql_db"}, {"tag_name": "param", "text": "Specifies the OS user for running psql. Default value: The default user for the module, usually 'postgres'.", "types": ["String"], "name": "psql_user"}, {"tag_name": "param", "text": "Specifies the OS user for running psql. Default value: The default user for the module, usually 'postgres'.", "types": ["String"], "name": "psql_path"}, {"tag_name": "param", "text": "Specifies the port to access the server. Default value: The default user for the module, usually '5432'.", "types": ["Integer"], "name": "port"}, {"tag_name": "param", "text": "Specifies a hash of environment variables used when connecting to a remote server.", "types": ["Hash"], "name": "connect_settings"}, {"tag_name": "param", "text": "Specifies the path to the psql command.", "name": "psql_path"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "group"}, {"tag_name": "summary", "text": "Manage a database defaults privileges. Only works with PostgreSQL version 9.6 and above."}]}, "defaults": {"schema": "'public'", "psql_db": "$postgresql::server::default_database", "psql_user": "$postgresql::server::user", "port": "$postgresql::server::port", "connect_settings": "$postgresql::server::default_connect_settings", "ensure": "'present'", "group": "$postgresql::server::group", "psql_path": "$postgresql::server::psql_path"}, "source": "define postgresql::server::default_privileges (\n String $role,\n String $db,\n String $privilege,\n Pattern[\n /(?i:^FUNCTIONS$)/,\n /(?i:^ROUTINES$)/,\n /(?i:^SEQUENCES$)/,\n /(?i:^TABLES$)/,\n /(?i:^TYPES$)/\n ] $object_type,\n String $schema = 'public',\n String $psql_db = $postgresql::server::default_database,\n String $psql_user = $postgresql::server::user,\n Integer $port = $postgresql::server::port,\n Hash $connect_settings = $postgresql::server::default_connect_settings,\n Enum['present',\n 'absent'\n ] $ensure = 'present',\n String $group = $postgresql::server::group,\n String $psql_path = $postgresql::server::psql_path,\n) {\n\n # If possible use the version of the remote database, otherwise\n # fallback to our local DB version\n if $connect_settings != undef and has_key( $connect_settings, 'DBVERSION') {\n $version = $connect_settings['DBVERSION']\n } else {\n $version = $postgresql::server::_version\n }\n\n if (versioncmp($version, '9.6') == -1) {\n fail 'Default_privileges is only useable with PostgreSQL >= 9.6'\n }\n\n case $ensure {\n default: {\n # default is 'present'\n $sql_command = 'ALTER DEFAULT PRIVILEGES IN SCHEMA %s GRANT %s ON %s TO \"%s\"'\n $unless_is = true\n }\n 'absent': {\n $sql_command = 'ALTER DEFAULT PRIVILEGES IN SCHEMA %s REVOKE %s ON %s FROM \"%s\"'\n $unless_is = false\n }\n }\n\n #\n # Port, order of precedence: $port parameter, $connect_settings[PGPORT], $postgresql::server::port\n #\n if $port != undef {\n $port_override = $port\n } elsif $connect_settings != undef and has_key( $connect_settings, 'PGPORT') {\n $port_override = undef\n } else {\n $port_override = $postgresql::server::port\n }\n\n ## Munge the input values\n $_object_type = upcase($object_type)\n $_privilege = upcase($privilege)\n\n case $_object_type {\n # Routines and functions ends up with the same definition\n Pattern[\n /^ROUTINES$/,\n /^FUNCTIONS$/,\n ]: {\n case $_privilege {\n Pattern[\n /^ALL$/,\n /^EXECUTE$/,\n ]: {\n $_check_privilege = 'X'\n }\n default: { fail('Illegal value for $privilege parameter') }\n }\n $_check_type = 'f'\n }\n 'SEQUENCES': {\n case $_privilege {\n /^(ALL)$/: { $_check_privilege = 'rwU' }\n /^SELECT$/: { $_check_privilege = 'r'}\n /^UPDATE$/: { $_check_privilege = 'w'}\n /^USAGE$/: { $_check_privilege = 'U'}\n default: { fail('Illegal value for $privilege parameter') }\n }\n $_check_type = 'S'\n }\n 'TABLES': {\n case $_privilege {\n /^ALL$/: { $_check_privilege = 'arwdDxt' }\n /^DELETE$/: { $_check_privilege = 'd' }\n /^INSERT$/: { $_check_privilege = 'a' }\n /^REFERENCES$/: { $_check_privilege = 'x' }\n /^SELECT$/: { $_check_privilege = 'r' }\n /^TRIGGER$/: { $_check_privilege = 'd' }\n /^TRUNCATE$/: { $_check_privilege = 'D' }\n /^UPDATE$/: { $_check_privilege = 'w' }\n default: { fail('Illegal value for $privilege parameter') }\n }\n $_check_type = 'r'\n }\n 'TYPES': {\n case $_privilege {\n /^(ALL|USAGE)$/: { $_check_privilege = 'U'}\n default: { fail('Illegal value for $privilege parameter') }\n }\n $_check_type = 'T'\n }\n default: {\n fail(\"Missing privilege validation for object type ${_object_type}\")\n }\n }\n\n $_unless = $ensure ? {\n 'absent' => \"SELECT 1 WHERE NOT EXISTS (SELECT * FROM pg_default_acl AS da JOIN pg_namespace AS n ON da.defaclnamespace = n.oid WHERE '%s=%s' = ANY (defaclacl) AND nspname = '%s' and defaclobjtype = '%s')\",\n default => \"SELECT 1 WHERE EXISTS (SELECT * FROM pg_default_acl AS da JOIN pg_namespace AS n ON da.defaclnamespace = n.oid WHERE '%s=%s' = ANY (defaclacl) AND nspname = '%s' and defaclobjtype = '%s')\"\n }\n\n $unless_cmd = sprintf($_unless, $role, $_check_privilege, $schema, $_check_type)\n $grant_cmd = sprintf($sql_command, $schema, $_privilege, $_object_type, $role)\n\n postgresql_psql { \"default_privileges:${name}\":\n command => $grant_cmd,\n db => $db,\n port => $port_override,\n connect_settings => $connect_settings,\n psql_user => $psql_user,\n psql_group => $group,\n psql_path => $psql_path,\n unless => $unless_cmd,\n environment => 'PGOPTIONS=--client-min-messages=error'\n }\n\n if($role != undef and defined(Postgresql::Server::Role[$role])) {\n Postgresql::Server::Role[$role]->Postgresql_psql[\"default_privileges:${name}\"]\n }\n\n if($db != undef and defined(Postgresql::Server::Database[$db])) {\n Postgresql::Server::Database[$db]->Postgresql_psql[\"default_privileges:${name}\"]\n }\n}"}, {"name": "postgresql::server::extension", "file": "manifests/server/extension.pp", "line": 19, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Specifies the database on which to activate the extension.", "types": ["Any"], "name": "database"}, {"tag_name": "param", "text": "Specifies the extension to activate. If left blank, uses the name of the resource.", "types": ["Any"], "name": "extension"}, {"tag_name": "param", "text": "Specifies the schema on which to activate the extension.", "types": ["Optional[String[1]]"], "name": "schema"}, {"tag_name": "param", "text": "Specifies the version of the extension which the database uses. When an extension package is updated, this does not automatically change the effective version in each database.\nThis needs be updated using the PostgreSQL-specific SQL ALTER EXTENSION...\nversion may be set to latest, in which case the SQL ALTER EXTENSION \"extension\" UPDATE is applied to this database (only).\nversion may be set to a specific version, in which case the extension is updated using ALTER EXTENSION \"extension\" UPDATE TO 'version'\neg. If extension is set to postgis and version is set to 2.3.3, this will apply the SQL ALTER EXTENSION \"postgis\" UPDATE TO '2.3.3' to this database only.\nversion may be omitted, in which case no ALTER EXTENSION... SQL is applied, and the version will be left unchanged.", "types": ["Optional[String[1]]"], "name": "version"}, {"tag_name": "param", "text": "Specifies whether to activate or deactivate the extension. Valid options: 'present' or 'absent'.", "types": ["String[1]"], "name": "ensure"}, {"tag_name": "param", "text": "Specifies a package to install prior to activating the extension.", "types": ["Any"], "name": "package_name"}, {"tag_name": "param", "text": "Overrides default package deletion behavior. By default, the package specified with package_name is installed when the extension is activated and removed when the extension is deactivated. To override this behavior, set the ensure value for the package.", "types": ["Any"], "name": "package_ensure"}, {"tag_name": "param", "text": "Port to use when connecting.", "types": ["Optional[Integer]"], "name": "port"}, {"tag_name": "param", "text": "Specifies a hash of environment variables used when connecting to a remote server.", "types": ["Any"], "name": "connect_settings"}, {"tag_name": "param", "text": "Specifies the resource name of the DB being managed. Defaults to the parameter $database, if left blank.", "types": ["Any"], "name": "database_resource_name"}, {"tag_name": "summary", "text": "Activate an extension on a postgresql database."}]}, "defaults": {"extension": "$name", "schema": "undef", "version": "undef", "ensure": "'present'", "package_name": "undef", "package_ensure": "undef", "port": "undef", "connect_settings": "postgresql::default('default_connect_settings')", "database_resource_name": "$database"}, "source": "define postgresql::server::extension (\n $database,\n $extension = $name,\n Optional[String[1]] $schema = undef,\n Optional[String[1]] $version = undef,\n String[1] $ensure = 'present',\n $package_name = undef,\n $package_ensure = undef,\n Optional[Integer] $port = undef,\n $connect_settings = postgresql::default('default_connect_settings'),\n $database_resource_name = $database,\n) {\n $user = postgresql::default('user')\n $group = postgresql::default('group')\n $psql_path = postgresql::default('psql_path')\n\n if( $database != 'postgres' ) {\n # The database postgres cannot managed by this module, so it is exempt from this dependency\n $default_psql_require = Postgresql::Server::Database[$database_resource_name]\n\n Postgresql_psql {\n require => $default_psql_require,\n }\n } else {\n $default_psql_require = undef\n }\n\n case $ensure {\n 'present': {\n $command = \"CREATE EXTENSION \\\"${extension}\\\"\"\n $unless_mod = undef\n $psql_cmd_require = $package_name ? {\n undef => $default_psql_require,\n default => [$default_psql_require, Package[$package_name]],\n }\n $psql_cmd_before = []\n }\n\n 'absent': {\n $command = \"DROP EXTENSION \\\"${extension}\\\"\"\n $unless_mod = 'NOT '\n $psql_cmd_require = $default_psql_require\n $psql_cmd_before = $package_name ? {\n undef => [],\n default => Package[$package_name],\n }\n }\n\n default: {\n fail(\"Unknown value for ensure '${ensure}'.\")\n }\n }\n\n #\n # Port, order of precedence: $port parameter, $connect_settings[PGPORT], $postgresql::server::port\n #\n if $port != undef {\n $port_override = $port\n } elsif $connect_settings != undef and has_key( $connect_settings, 'PGPORT') {\n $port_override = undef\n } else {\n $port_override = $postgresql::server::port\n }\n\n postgresql_psql { \"${database}: ${command}\":\n\n psql_user => $user,\n psql_group => $group,\n psql_path => $psql_path,\n connect_settings => $connect_settings,\n\n db => $database,\n port => $port_override,\n command => $command,\n unless => \"SELECT 1 WHERE ${unless_mod}EXISTS (SELECT 1 FROM pg_extension WHERE extname = '${extension}')\",\n require => $psql_cmd_require,\n before => $psql_cmd_before,\n }\n\n if $ensure == 'present' and $schema {\n $set_schema_command = \"ALTER EXTENSION \\\"${extension}\\\" SET SCHEMA \\\"${schema}\\\"\"\n\n postgresql_psql { \"${database}: ${set_schema_command}\":\n command => $set_schema_command,\n unless => @(\"END\")\n SELECT 1\n WHERE EXISTS (\n SELECT 1\n FROM pg_extension e\n JOIN pg_namespace n ON e.extnamespace = n.oid\n WHERE e.extname = '${extension}' AND\n n.nspname = '${schema}'\n )\n |-END\n ,\n psql_user => $user,\n psql_group => $group,\n psql_path => $psql_path,\n connect_settings => $connect_settings,\n db => $database,\n port => $port_override,\n require => Postgresql_psql[\"${database}: ${command}\"],\n }\n\n Postgresql::Server::Schema <| db == $database and schema == $schema |> -> Postgresql_psql[\"${database}: ${set_schema_command}\"]\n }\n\n if $package_name {\n $_package_ensure = $package_ensure ? {\n undef => $ensure,\n default => $package_ensure,\n }\n\n ensure_packages($package_name, {\n ensure => $_package_ensure,\n tag => 'puppetlabs-postgresql',\n })\n }\n if $version {\n if $version == 'latest' {\n $alter_extension_sql = \"ALTER EXTENSION \\\"${extension}\\\" UPDATE\"\n $update_unless = \"SELECT 1 FROM pg_available_extensions WHERE name = '${extension}' AND default_version = installed_version\"\n } else {\n $alter_extension_sql = \"ALTER EXTENSION \\\"${extension}\\\" UPDATE TO '${version}'\"\n $update_unless = \"SELECT 1 FROM pg_extension WHERE extname='${extension}' AND extversion='${version}'\"\n }\n postgresql_psql { \"${database}: ${alter_extension_sql}\":\n db => $database,\n port => $port_override,\n psql_user => $user,\n psql_group => $group,\n psql_path => $psql_path,\n connect_settings => $connect_settings,\n command => $alter_extension_sql,\n unless => $update_unless,\n }\n }\n}"}, {"name": "postgresql::server::grant", "file": "manifests/server/grant.pp", "line": 16, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Specifies the role or user whom you are granting access to.", "types": ["String"], "name": "role"}, {"tag_name": "param", "text": "Specifies the database to which you are granting access.", "types": ["String"], "name": "db"}, {"tag_name": "param", "text": "Specifies the privilege to grant. Valid options: 'ALL', 'ALL PRIVILEGES' or 'object_type' dependent string.", "types": ["String"], "name": "privilege"}, {"tag_name": "param", "text": "Specifies the type of object to which you are granting privileges. Valid options: 'DATABASE', 'SCHEMA', 'SEQUENCE', 'ALL SEQUENCES IN SCHEMA', 'TABLE' or 'ALL TABLES IN SCHEMA'.", "types": ["Pattern[#/(?i:^COLUMN$)/,\n /(?i:^ALL SEQUENCES IN SCHEMA$)/,\n /(?i:^ALL TABLES IN SCHEMA$)/,\n /(?i:^DATABASE$)/,\n #/(?i:^FOREIGN DATA WRAPPER$)/,\n #/(?i:^FOREIGN SERVER$)/,\n /(?i:^FUNCTION$)/,\n /(?i:^LANGUAGE$)/,\n #/(?i:^PROCEDURAL LANGUAGE$)/,\n /(?i:^TABLE$)/,\n #/(?i:^TABLESPACE$)/,\n /(?i:^SCHEMA$)/,\n /(?i:^SEQUENCE$)/\n #/(?i:^VIEW$)/\n ]"], "name": "object_type"}, {"tag_name": "param", "text": "Specifies name of object_type to which to grant access, can be either a string or a two element array. String: 'object_name' Array: ['schema_name', 'object_name']", "types": ["Optional[Variant[\n Array[String,2,2],\n String[1]]\n ]"], "name": "object_name"}, {"tag_name": "param", "text": "Specifies the database to execute the grant against. This should not ordinarily be changed from the default", "types": ["String"], "name": "psql_db"}, {"tag_name": "param", "text": "Sets the OS user to run psql.", "types": ["String"], "name": "psql_user"}, {"tag_name": "param", "text": "Port to use when connecting.", "types": ["Integer"], "name": "port"}, {"tag_name": "param", "text": "Create grant only if doesn't exist", "types": ["Boolean"], "name": "onlyif_exists"}, {"tag_name": "param", "text": "Specifies a hash of environment variables used when connecting to a remote server.", "types": ["Hash"], "name": "connect_settings"}, {"tag_name": "param", "text": "Specifies whether to grant or revoke the privilege. Default is to grant the privilege. Valid values: 'present', 'absent'.", "types": ["Enum['present',\n 'absent'\n ]"], "name": "ensure"}, {"tag_name": "param", "text": "Sets the OS group to run psql", "types": ["String"], "name": "group"}, {"tag_name": "param", "text": "Sets the path to psql command", "types": ["String"], "name": "psql_path"}, {"tag_name": "param", "text": "", "types": ["Array[String[1],0]"], "name": "object_arguments"}, {"tag_name": "summary", "text": "Define for granting permissions to roles."}]}, "defaults": {"privilege": "''", "object_type": "'database'", "object_name": "undef", "object_arguments": "[]", "psql_db": "$postgresql::server::default_database", "psql_user": "$postgresql::server::user", "port": "$postgresql::server::port", "onlyif_exists": "false", "connect_settings": "$postgresql::server::default_connect_settings", "ensure": "'present'", "group": "$postgresql::server::group", "psql_path": "$postgresql::server::psql_path"}, "source": "define postgresql::server::grant (\n String $role,\n String $db,\n String $privilege = '',\n Pattern[#/(?i:^COLUMN$)/,\n /(?i:^ALL SEQUENCES IN SCHEMA$)/,\n /(?i:^ALL TABLES IN SCHEMA$)/,\n /(?i:^DATABASE$)/,\n #/(?i:^FOREIGN DATA WRAPPER$)/,\n #/(?i:^FOREIGN SERVER$)/,\n /(?i:^FUNCTION$)/,\n /(?i:^LANGUAGE$)/,\n #/(?i:^PROCEDURAL LANGUAGE$)/,\n /(?i:^TABLE$)/,\n #/(?i:^TABLESPACE$)/,\n /(?i:^SCHEMA$)/,\n /(?i:^SEQUENCE$)/\n #/(?i:^VIEW$)/\n ] $object_type = 'database',\n Optional[Variant[\n Array[String,2,2],\n String[1]]\n ] $object_name = undef,\n Array[String[1],0]\n $object_arguments = [],\n String $psql_db = $postgresql::server::default_database,\n String $psql_user = $postgresql::server::user,\n Integer $port = $postgresql::server::port,\n Boolean $onlyif_exists = false,\n Hash $connect_settings = $postgresql::server::default_connect_settings,\n Enum['present',\n 'absent'\n ] $ensure = 'present',\n String $group = $postgresql::server::group,\n String $psql_path = $postgresql::server::psql_path,\n) {\n case $ensure {\n default: {\n # default is 'present'\n $sql_command = 'GRANT %s ON %s \"%s%s\" TO %s'\n $sql_command_unquoted = 'GRANT %s ON %s %s%s TO %s'\n $unless_is = true\n }\n 'absent': {\n $sql_command = 'REVOKE %s ON %s \"%s%s\" FROM %s'\n $sql_command_unquoted = 'REVOKE %s ON %s %s%s FROM %s'\n $unless_is = false\n }\n }\n\n # Quote the role if not PUBLIC\n $_query_role = $role ? {\n 'PUBLIC' => 'PUBLIC',\n default => \"\\\"${role}\\\"\"\n }\n\n if ! $object_name {\n $_object_name = $db\n } else {\n $_object_name = $object_name\n }\n\n #\n # Port, order of precedence: $port parameter, $connect_settings[PGPORT], $postgresql::server::port\n #\n if $port != undef {\n $port_override = $port\n } elsif $connect_settings != undef and has_key( $connect_settings, 'PGPORT') {\n $port_override = undef\n } else {\n $port_override = $postgresql::server::port\n }\n\n ## Munge the input values\n $_object_type = upcase($object_type)\n $_privilege = upcase($privilege)\n\n # You can use ALL TABLES IN SCHEMA by passing schema_name to object_name\n # You can use ALL SEQUENCES IN SCHEMA by passing schema_name to object_name\n\n ## Validate that the object type's privilege is acceptable\n # TODO: this is a terrible hack; if they pass \"ALL\" as the desired privilege,\n # we need a way to test for it--and has_database_privilege does not\n # recognize 'ALL' as a valid privilege name. So we probably need to\n # hard-code a mapping between 'ALL' and the list of actual privileges that\n # it entails, and loop over them to check them. That sort of thing will\n # probably need to wait until we port this over to ruby, so, for now, we're\n # just going to assume that if they have \"CREATE\" privileges on a database,\n # then they have \"ALL\". (I told you that it was terrible!)\n case $_object_type {\n 'DATABASE': {\n $unless_privilege = $_privilege ? {\n 'ALL' => 'CREATE',\n 'ALL PRIVILEGES' => 'CREATE',\n Pattern[\n /^$/,\n /^CONNECT$/,\n /^CREATE$/,\n /^TEMP$/,\n /^TEMPORARY$/,\n ] => $_privilege,\n default => fail('Illegal value for $privilege parameter'),\n }\n $unless_function = 'has_database_privilege'\n $on_db = $psql_db\n $onlyif_function = $ensure ? {\n default => undef,\n 'absent' => 'role_exists',\n }\n $arguments = ''\n $_enquote_object = true\n }\n 'SCHEMA': {\n $unless_privilege = $_privilege ? {\n 'ALL' => 'CREATE',\n 'ALL PRIVILEGES' => 'CREATE',\n Pattern[\n /^$/,\n /^CREATE$/,\n /^USAGE$/,\n ] => $_privilege,\n default => fail('Illegal value for $privilege parameter'),\n }\n $unless_function = 'has_schema_privilege'\n $on_db = $db\n $onlyif_function = undef\n $arguments = ''\n $_enquote_object = true\n }\n 'SEQUENCE': {\n $unless_privilege = $_privilege ? {\n 'ALL' => 'USAGE',\n Pattern[\n /^$/,\n /^ALL PRIVILEGES$/,\n /^SELECT$/,\n /^UPDATE$/,\n /^USAGE$/,\n ] => $_privilege,\n default => fail('Illegal value for $privilege parameter'),\n }\n $unless_function = 'has_sequence_privilege'\n $on_db = $db\n $onlyif_function = undef\n $arguments = ''\n $_enquote_object = true\n }\n 'ALL SEQUENCES IN SCHEMA': {\n case $_privilege {\n Pattern[\n /^$/,\n /^ALL$/,\n /^ALL PRIVILEGES$/,\n /^SELECT$/,\n /^UPDATE$/,\n /^USAGE$/,\n ]: {}\n default: { fail('Illegal value for $privilege parameter') }\n }\n $unless_function = 'custom'\n $on_db = $db\n $onlyif_function = undef\n $arguments = ''\n $_enquote_object = true\n\n $schema = $object_name\n\n $custom_privilege = $_privilege ? {\n 'ALL' => 'USAGE',\n 'ALL PRIVILEGES' => 'USAGE',\n default => $_privilege,\n }\n\n # This checks if there is a difference between the sequences in the\n # specified schema and the sequences for which the role has the specified\n # privilege. It uses the EXCEPT clause which computes the set of rows\n # that are in the result of the first SELECT statement but not in the\n # result of the second one. It then counts the number of rows from this\n # operation. If this number is zero then the role has the specified\n # privilege for all sequences in the schema and the whole query returns a\n # single row, which satisfies the `unless` parameter of Postgresql_psql.\n # If this number is not zero then there is at least one sequence for which\n # the role does not have the specified privilege, making it necessary to\n # execute the GRANT statement.\n if $ensure == 'present' {\n $custom_unless = \"SELECT 1 WHERE NOT EXISTS (\n SELECT sequence_name\n FROM information_schema.sequences\n WHERE sequence_schema='${schema}'\n EXCEPT DISTINCT\n SELECT object_name as sequence_name\n FROM (\n SELECT object_schema,\n object_name,\n grantee,\n CASE privs_split\n WHEN 'r' THEN 'SELECT'\n WHEN 'w' THEN 'UPDATE'\n WHEN 'U' THEN 'USAGE'\n END AS privilege_type\n FROM (\n SELECT DISTINCT\n object_schema,\n object_name,\n regexp_replace((regexp_split_to_array(regexp_replace(privs,E'/.*',''),'='))[1],'\\\"','','g') AS grantee,\n regexp_split_to_table((regexp_split_to_array(regexp_replace(privs,E'/.*',''),'='))[2],E'\\\\s*') AS privs_split\n FROM (\n SELECT n.nspname as object_schema,\n c.relname as object_name,\n regexp_split_to_table(array_to_string(c.relacl,','),',') AS privs\n FROM pg_catalog.pg_class c\n LEFT JOIN pg_catalog.pg_namespace n ON c.relnamespace = n.oid\n WHERE c.relkind = 'S'\n AND n.nspname NOT IN ( 'pg_catalog', 'information_schema' )\n ) P1\n ) P2\n ) P3\n WHERE grantee='${role}'\n AND object_schema='${schema}'\n AND privilege_type='${custom_privilege}'\n )\"\n } else {\n # ensure == absent\n $custom_unless = \"SELECT 1 WHERE NOT EXISTS (\n SELECT object_name as sequence_name\n FROM (\n SELECT object_schema,\n object_name,\n grantee,\n CASE privs_split\n WHEN 'r' THEN 'SELECT'\n WHEN 'w' THEN 'UPDATE'\n WHEN 'U' THEN 'USAGE'\n END AS privilege_type\n FROM (\n SELECT DISTINCT\n object_schema,\n object_name,\n regexp_replace((regexp_split_to_array(regexp_replace(privs,E'/.*',''),'='))[1],'\\\"','','g') AS grantee,\n regexp_split_to_table((regexp_split_to_array(regexp_replace(privs,E'/.*',''),'='))[2],E'\\\\s*') AS privs_split\n FROM (\n SELECT n.nspname as object_schema,\n c.relname as object_name,\n regexp_split_to_table(array_to_string(c.relacl,','),',') AS privs\n FROM pg_catalog.pg_class c\n LEFT JOIN pg_catalog.pg_namespace n ON c.relnamespace = n.oid\n WHERE c.relkind = 'S'\n AND n.nspname NOT IN ( 'pg_catalog', 'information_schema' )\n ) P1\n ) P2\n ) P3\n WHERE grantee='${role}'\n AND object_schema='${schema}'\n AND privilege_type='${custom_privilege}'\n )\"\n }\n }\n 'TABLE': {\n $unless_privilege = $_privilege ? {\n 'ALL' => 'INSERT',\n Pattern[\n /^$/,\n /^ALL$/,\n /^ALL PRIVILEGES$/,\n /^DELETE$/,\n /^INSERT$/,\n /^REFERENCES$/,\n /^SELECT$/,\n /^TRIGGER$/,\n /^TRUNCATE$/,\n /^UPDATE$/,\n ] => $_privilege,\n default => fail('Illegal value for $privilege parameter'),\n }\n $unless_function = 'has_table_privilege'\n $on_db = $db\n $onlyif_function = $onlyif_exists ? {\n true => 'table_exists',\n default => undef,\n }\n $arguments = ''\n $_enquote_object = true\n }\n 'ALL TABLES IN SCHEMA': {\n case $_privilege {\n Pattern[\n /^$/,\n /^ALL$/,\n /^ALL PRIVILEGES$/,\n /^DELETE$/,\n /^INSERT$/,\n /^REFERENCES$/,\n /^SELECT$/,\n /^TRIGGER$/,\n /^TRUNCATE$/,\n /^UPDATE$/,\n ]: {}\n default: { fail('Illegal value for $privilege parameter') }\n }\n $unless_function = 'custom'\n $on_db = $db\n $onlyif_function = undef\n $arguments = ''\n $_enquote_object = true\n\n $schema = $object_name\n\n # Again there seems to be no easy way in plain SQL to check if ALL\n # PRIVILEGES are granted on a table.\n # There are currently 7 possible priviliges:\n # ('SELECT','UPDATE','INSERT','DELETE','TRIGGER','REFERENCES','TRUNCATE')\n # This list is consistant from Postgresql 8.0\n #\n # There are 4 cases to cover, each with it's own distinct unless clause:\n # grant ALL\n # grant SELECT (or INSERT or DELETE ...)\n # revoke ALL\n # revoke SELECT (or INSERT or DELETE ...)\n\n if $ensure == 'present' {\n if $_privilege == 'ALL' or $_privilege == 'ALL PRIVILEGES' {\n # GRANT ALL\n $custom_unless = \"SELECT 1 WHERE NOT EXISTS\n ( SELECT 1 FROM\n ( SELECT t.tablename,count(privilege_type) AS priv_count FROM pg_catalog.pg_tables AS t\n LEFT JOIN information_schema.role_table_grants AS g ON t.tablename = g.table_name AND g.grantee = '${role}' AND g.table_schema = '${schema}'\n WHERE t.schemaname = '${schema}' AND\n ( g.grantee = '${role}' AND privilege_type IN ('SELECT','UPDATE','INSERT','DELETE','TRIGGER','REFERENCES','TRUNCATE') OR privilege_type IS NULL )\n GROUP BY t.tablename\n ) AS j WHERE j.priv_count < 7\n )\"\n } else {\n # GRANT $_privilege\n $custom_unless = \"SELECT 1 WHERE NOT EXISTS\n ( SELECT 1 FROM pg_catalog.pg_tables AS t\n LEFT JOIN information_schema.role_table_grants AS g ON t.tablename = g.table_name AND g.grantee = '${role}' AND g.table_schema = '${schema}' AND g.privilege_type = '${_privilege}'\n WHERE t.schemaname = '${schema}' AND g.table_name IS NULL\n )\"\n }\n } else {\n if $_privilege == 'ALL' or $_privilege == 'ALL PRIVILEGES' {\n # REVOKE ALL\n $custom_unless = \"SELECT 1 WHERE NOT EXISTS\n ( SELECT table_name FROM information_schema.role_table_grants\n WHERE grantee = '${role}' AND table_schema ='${schema}'\n )\"\n } else {\n # REVOKE $_privilege\n $custom_unless = \"SELECT 1 WHERE NOT EXISTS\n ( SELECT table_name FROM information_schema.role_table_grants\n WHERE grantee = '${role}' AND table_schema ='${schema}'\n AND privilege_type = '${_privilege}'\n )\"\n }\n }\n }\n 'LANGUAGE': {\n $unless_privilege = $_privilege ? {\n 'ALL' => 'USAGE',\n 'ALL PRIVILEGES' => 'USAGE',\n Pattern[\n /^$/,\n /^CREATE$/,\n /^USAGE$/,\n ] => $_privilege,\n default => fail('Illegal value for $privilege parameter'),\n }\n $unless_function = 'has_language_privilege'\n $on_db = $db\n $onlyif_function = $onlyif_exists ? {\n true => 'language_exists',\n default => undef,\n }\n $arguments = ''\n $_enquote_object = false\n }\n 'FUNCTION': {\n $unless_privilege = $_privilege ? {\n 'ALL' => 'EXECUTE',\n 'ALL PRIVILEGES' => 'EXECUTE',\n Pattern[\n /^$/,\n /^EXECUTE$/,\n ] => $_privilege,\n default => fail('Illegal value for $privilege parameter'),\n }\n $unless_function = 'has_function_privilege'\n $on_db = $db\n $onlyif_function = $onlyif_exists ? {\n true => 'function_exists',\n default => undef,\n }\n $_joined_args = join($object_arguments, ',')\n $arguments = \"(${_joined_args})\"\n $_enquote_object = false\n }\n\n default: {\n fail(\"Missing privilege validation for object type ${_object_type}\")\n }\n }\n\n # This is used to give grant to \"schemaname\".\"tablename\"\n # If you need such grant, use:\n # postgresql::grant { 'table:foo':\n # role => 'joe',\n # ...\n # object_type => 'TABLE',\n # object_name => [$schema, $table],\n # }\n case $_object_name {\n Array: {\n $_togrant_object = $_enquote_object ? {\n false => join($_object_name, '.'),\n default => join($_object_name, '\".\"'),\n }\n # Never put double quotes into has_*_privilege function\n $_granted_object = join($_object_name, '.')\n }\n default: {\n $_granted_object = $_object_name\n $_togrant_object = $_object_name\n }\n }\n\n # Function like has_database_privilege() refer the PUBLIC pseudo role as 'public'\n # So we need to replace 'PUBLIC' by 'public'.\n\n $_unless = $unless_function ? {\n false => undef,\n 'custom' => $custom_unless,\n default => $role ? {\n 'PUBLIC' => \"SELECT 1 WHERE ${unless_function}('public', '${_granted_object}${arguments}', '${unless_privilege}') = ${unless_is}\",\n default => \"SELECT 1 WHERE ${unless_function}('${role}', '${_granted_object}${arguments}', '${unless_privilege}') = ${unless_is}\",\n }\n }\n\n $_onlyif = $onlyif_function ? {\n 'table_exists' => \"SELECT true FROM pg_tables WHERE tablename = '${_togrant_object}'\",\n 'language_exists' => \"SELECT true from pg_language WHERE lanname = '${_togrant_object}'\",\n 'role_exists' => \"SELECT 1 FROM pg_roles WHERE rolname = '${role}' or '${role}' = 'PUBLIC'\",\n 'function_exists' => \"SELECT true FROM pg_proc WHERE (oid::regprocedure)::text = '${_togrant_object}${arguments}'\",\n default => undef,\n }\n\n $grant_cmd = $_enquote_object ? {\n false => sprintf($sql_command_unquoted, $_privilege, $_object_type, $_togrant_object, $arguments, $_query_role),\n default => sprintf($sql_command, $_privilege, $_object_type, $_togrant_object, $arguments, $_query_role),\n }\n\n postgresql_psql { \"grant:${name}\":\n command => $grant_cmd,\n db => $on_db,\n port => $port_override,\n connect_settings => $connect_settings,\n psql_user => $psql_user,\n psql_group => $group,\n psql_path => $psql_path,\n unless => $_unless,\n onlyif => $_onlyif,\n }\n\n if($role != undef and defined(Postgresql::Server::Role[$role])) {\n Postgresql::Server::Role[$role]->Postgresql_psql[\"grant:${name}\"]\n }\n\n if($db != undef and defined(Postgresql::Server::Database[$db])) {\n Postgresql::Server::Database[$db]->Postgresql_psql[\"grant:${name}\"]\n }\n}"}, {"name": "postgresql::server::grant_role", "file": "manifests/server/grant_role.pp", "line": 10, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Specifies the group role to which you are assigning a role.", "types": ["String[1]"], "name": "group"}, {"tag_name": "param", "text": "Specifies the role you want to assign to a group. If left blank, uses the name of the resource.", "types": ["String[1]"], "name": "role"}, {"tag_name": "param", "text": "Specifies whether to grant or revoke the membership. Valid options: 'present' or 'absent'.", "types": ["Enum['present', 'absent']"], "name": "ensure"}, {"tag_name": "param", "text": "Specifies the database to execute the grant against. This should not ordinarily be changed from the default", "types": ["Any"], "name": "psql_db"}, {"tag_name": "param", "text": "Sets the OS user to run psql.", "types": ["Any"], "name": "psql_user"}, {"tag_name": "param", "text": "Port to use when connecting.", "types": ["Any"], "name": "port"}, {"tag_name": "param", "text": "Specifies a hash of environment variables used when connecting to a remote server.", "types": ["Any"], "name": "connect_settings"}, {"tag_name": "summary", "text": "Define for granting membership to a role."}]}, "defaults": {"role": "$name", "ensure": "'present'", "psql_db": "$postgresql::server::default_database", "psql_user": "$postgresql::server::user", "port": "$postgresql::server::port", "connect_settings": "$postgresql::server::default_connect_settings"}, "source": "define postgresql::server::grant_role (\n String[1] $group,\n String[1] $role = $name,\n Enum['present', 'absent'] $ensure = 'present',\n $psql_db = $postgresql::server::default_database,\n $psql_user = $postgresql::server::user,\n $port = $postgresql::server::port,\n $connect_settings = $postgresql::server::default_connect_settings,\n) {\n case $ensure {\n 'present': {\n $command = \"GRANT \\\"${group}\\\" TO \\\"${role}\\\"\"\n $unless_comp = '='\n }\n 'absent': {\n $command = \"REVOKE \\\"${group}\\\" FROM \\\"${role}\\\"\"\n $unless_comp = '!='\n }\n default: {\n fail(\"Unknown value for ensure '${ensure}'.\")\n }\n }\n\n postgresql_psql { \"grant_role:${name}\":\n command => $command,\n unless => \"SELECT 1 WHERE EXISTS (SELECT 1 FROM pg_roles AS r_role JOIN pg_auth_members AS am ON r_role.oid = am.member JOIN pg_roles AS r_group ON r_group.oid = am.roleid WHERE r_group.rolname = '${group}' AND r_role.rolname = '${role}') ${unless_comp} true\",\n db => $psql_db,\n psql_user => $psql_user,\n port => $port,\n connect_settings => $connect_settings,\n }\n\n if ! $connect_settings or empty($connect_settings) {\n Class['postgresql::server']->Postgresql_psql[\"grant_role:${name}\"]\n }\n if defined(Postgresql::Server::Role[$role]) {\n Postgresql::Server::Role[$role]->Postgresql_psql[\"grant_role:${name}\"]\n }\n if defined(Postgresql::Server::Role[$group]) {\n Postgresql::Server::Role[$group]->Postgresql_psql[\"grant_role:${name}\"]\n }\n}"}, {"name": "postgresql::server::pg_hba_rule", "file": "manifests/server/pg_hba_rule.pp", "line": 14, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Sets the type of rule.\nEnum['local','host','hostssl','hostnossl','hostgssenc'].", "types": ["Enum['local', 'host', 'hostssl', 'hostnossl', 'hostgssenc']"], "name": "type"}, {"tag_name": "param", "text": "Sets a comma-separated list of databases that this rule matches.", "types": ["String"], "name": "database"}, {"tag_name": "param", "text": "Sets a comma-separated list of users that this rule matches.", "types": ["String"], "name": "user"}, {"tag_name": "param", "text": "Provides the method that is used for authentication for the connection that this rule matches. Described further in the PostgreSQL pg_hba.conf documentation.", "types": ["String"], "name": "auth_method"}, {"tag_name": "param", "text": "Sets a CIDR based address for this rule matching when the type is not 'local'.", "types": ["Optional[String]"], "name": "address"}, {"tag_name": "param", "text": "Defines a longer description for this rule, if required. This description is placed in the comments above the rule in pg_hba.conf. Default value: 'none'.", "types": ["String"], "name": "description"}, {"tag_name": "param", "text": "For certain auth_method settings there are extra options that can be passed. Consult the PostgreSQL pg_hba.conf documentation for further details.", "types": ["Optional[String]"], "name": "auth_option"}, {"tag_name": "param", "text": "Sets an order for placing the rule in pg_hba.conf. This can be either a string or an integer. If it is an integer, it will be converted to a string by zero-padding it to three digits. E.g. 42 will be zero-padded to the string '042'. The pg_hba_rule fragments are sorted using the alpha sorting order. Default value: 150.", "types": ["Variant[String, Integer]"], "name": "order"}, {"tag_name": "param", "text": "Provides the target for the rule, and is generally an internal only property. Use with caution.", "types": ["Stdlib::Absolutepath"], "name": "target"}, {"tag_name": "param", "text": "Manages pg_hba.conf without managing the entire PostgreSQL instance.", "types": ["String"], "name": "postgresql_version"}, {"tag_name": "summary", "text": "This resource manages an individual rule that applies to the file defined in target."}]}, "defaults": {"address": "undef", "description": "'none'", "auth_option": "undef", "order": "150", "target": "$postgresql::server::pg_hba_conf_path", "postgresql_version": "$postgresql::server::_version"}, "source": "define postgresql::server::pg_hba_rule (\n Enum['local', 'host', 'hostssl', 'hostnossl', 'hostgssenc'] $type,\n String $database,\n String $user,\n String $auth_method,\n Optional[String] $address = undef,\n String $description = 'none',\n Optional[String] $auth_option = undef,\n Variant[String, Integer] $order = 150,\n\n # Needed for testing primarily, support for multiple files is not really\n # working.\n Stdlib::Absolutepath $target = $postgresql::server::pg_hba_conf_path,\n String $postgresql_version = $postgresql::server::_version\n) {\n #Allow users to manage pg_hba.conf even if they are not managing the whole PostgreSQL instance\n if !defined( 'postgresql::server' ) {\n $manage_pg_hba_conf = true\n }\n else {\n $manage_pg_hba_conf = $postgresql::server::manage_pg_hba_conf\n }\n\n if $manage_pg_hba_conf == false {\n fail('postgresql::server::manage_pg_hba_conf has been disabled, so this resource is now unused and redundant, either enable that option or remove this resource from your manifests')\n } else {\n if($type =~ /^host/ and $address == undef) {\n fail('You must specify an address property when type is host based')\n }\n\n if $order =~ Integer {\n $_order = sprintf('%03d', $order)\n }\n else {\n $_order = $order\n }\n\n $allowed_auth_methods = $postgresql_version ? {\n '10' => ['trust', 'reject', 'scram-sha-256', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'bsd'],\n '9.6' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'bsd'],\n '9.5' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],\n '9.4' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],\n '9.3' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],\n '9.2' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],\n '9.1' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam'],\n '9.0' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'ldap', 'radius', 'cert', 'pam'],\n '8.4' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'ldap', 'cert', 'pam'],\n '8.3' => ['trust', 'reject', 'md5', 'crypt', 'password', 'gss', 'sspi', 'krb5', 'ident', 'ldap', 'pam'],\n '8.2' => ['trust', 'reject', 'md5', 'crypt', 'password', 'krb5', 'ident', 'ldap', 'pam'],\n '8.1' => ['trust', 'reject', 'md5', 'crypt', 'password', 'krb5', 'ident', 'pam'],\n default => ['trust', 'reject', 'scram-sha-256', 'md5', 'password', 'gss', 'sspi', 'krb5', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'crypt', 'bsd']\n }\n\n assert_type(Enum[$allowed_auth_methods], $auth_method)\n\n # Create a rule fragment\n $fragname = \"pg_hba_rule_${name}\"\n concat::fragment { $fragname:\n target => $target,\n content => template('postgresql/pg_hba_rule.conf'),\n order => $_order,\n }\n }\n}"}, {"name": "postgresql::server::pg_ident_rule", "file": "manifests/server/pg_ident_rule.pp", "line": 9, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Sets the name of the user map that is used to refer to this mapping in pg_hba.conf.", "types": ["Any"], "name": "map_name"}, {"tag_name": "param", "text": "Specifies the operating system user name (the user name used to connect to the database).", "types": ["Any"], "name": "system_username"}, {"tag_name": "param", "text": "Specifies the user name of the database user. The system_username is mapped to this user name.", "types": ["Any"], "name": "database_username"}, {"tag_name": "param", "text": "Sets a longer description for this rule if required. This description is placed in the comments above the rule in pg_ident.conf. Default value: 'none'.", "types": ["Any"], "name": "description"}, {"tag_name": "param", "text": "Defines an order for placing the mapping in pg_ident.conf. Default value: 150.", "types": ["Any"], "name": "order"}, {"tag_name": "param", "text": "Provides the target for the rule and is generally an internal only property. Use with caution.", "types": ["Any"], "name": "target"}, {"tag_name": "summary", "text": "This resource manages an individual rule that applies to the file defined in target."}]}, "defaults": {"description": "'none'", "order": "'150'", "target": "$postgresql::server::pg_ident_conf_path"}, "source": "define postgresql::server::pg_ident_rule (\n $map_name,\n $system_username,\n $database_username,\n $description = 'none',\n $order = '150',\n\n # Needed for testing primarily, support for multiple files is not really\n # working.\n $target = $postgresql::server::pg_ident_conf_path\n) {\n if $postgresql::server::manage_pg_ident_conf == false {\n fail('postgresql::server::manage_pg_ident_conf has been disabled, so this resource is now unused and redundant, either enable that option or remove this resource from your manifests')\n } else {\n # Create a rule fragment\n $fragname = \"pg_ident_rule_${name}\"\n concat::fragment { $fragname:\n target => $target,\n content => template('postgresql/pg_ident_rule.conf'),\n order => $order,\n }\n }\n}"}, {"name": "postgresql::server::reassign_owned_by", "file": "manifests/server/reassign_owned_by.pp", "line": 11, "docstring": {"text": "", "tags": [{"tag_name": "note", "text": "This enables us to force the a particular ownership for objects within a database"}, {"tag_name": "param", "text": "Specifies the role or user who is the current owner of the objects in the specified db", "types": ["String"], "name": "old_role"}, {"tag_name": "param", "text": "Specifies the role or user who will be the new owner of these objects", "types": ["String"], "name": "new_role"}, {"tag_name": "param", "text": "Specifies the database to which the 'REASSIGN OWNED' will be applied", "types": ["String"], "name": "db"}, {"tag_name": "param", "text": "Specifies the OS user for running psql.", "types": ["String"], "name": "psql_user"}, {"tag_name": "param", "text": "Port to use when connecting.", "types": ["Integer"], "name": "port"}, {"tag_name": "param", "text": "Specifies a hash of environment variables used when connecting to a remote server.", "types": ["Hash"], "name": "connect_settings"}, {"tag_name": "summary", "text": "Define for reassigning the ownership of objects within a database."}]}, "defaults": {"psql_user": "$postgresql::server::user", "port": "$postgresql::server::port", "connect_settings": "$postgresql::server::default_connect_settings"}, "source": "define postgresql::server::reassign_owned_by (\n String $old_role,\n String $new_role,\n String $db,\n String $psql_user = $postgresql::server::user,\n Integer $port = $postgresql::server::port,\n Hash $connect_settings = $postgresql::server::default_connect_settings,\n) {\n $sql_command = \"REASSIGN OWNED BY \\\"${old_role}\\\" TO \\\"${new_role}\\\"\"\n\n $group = $postgresql::server::group\n $psql_path = $postgresql::server::psql_path\n\n #\n # Port, order of precedence: $port parameter, $connect_settings[PGPORT], $postgresql::server::port\n #\n if $port != undef {\n $port_override = $port\n } elsif $connect_settings != undef and has_key( $connect_settings, 'PGPORT') {\n $port_override = undef\n } else {\n $port_override = $postgresql::server::port\n }\n\n $onlyif = \"SELECT tablename FROM pg_catalog.pg_tables WHERE\n schemaname NOT IN ('pg_catalog', 'information_schema') AND\n tableowner = '${old_role}'\n UNION ALL SELECT proname FROM pg_catalog.pg_proc WHERE\n pg_get_userbyid(proowner) = '${old_role}'\n UNION ALL SELECT viewname FROM pg_catalog.pg_views WHERE\n pg_views.schemaname NOT IN ('pg_catalog', 'information_schema') AND\n viewowner = '${old_role}'\n UNION ALL SELECT relname FROM pg_catalog.pg_class WHERE\n relkind='S' AND pg_get_userbyid(relowner) = '${old_role}'\"\n\n postgresql_psql { \"reassign_owned_by:${db}:${sql_command}\":\n command => $sql_command,\n db => $db,\n port => $port_override,\n connect_settings => $connect_settings,\n psql_user => $psql_user,\n psql_group => $group,\n psql_path => $psql_path,\n onlyif => $onlyif,\n }\n\n if($old_role != undef and defined(Postgresql::Server::Role[$old_role])) {\n Postgresql::Server::Role[$old_role]->Postgresql_psql[\"reassign_owned_by:${db}:${sql_command}\"]\n }\n if($new_role != undef and defined(Postgresql::Server::Role[$new_role])) {\n Postgresql::Server::Role[$new_role]->Postgresql_psql[\"reassign_owned_by:${db}:${sql_command}\"]\n }\n\n if($db != undef and defined(Postgresql::Server::Database[$db])) {\n Postgresql::Server::Database[$db]->Postgresql_psql[\"reassign_owned_by:${db}:${sql_command}\"]\n }\n}"}, {"name": "postgresql::server::recovery", "file": "manifests/server/recovery.pp", "line": 25, "docstring": {"text": "", "tags": [{"tag_name": "note", "text": "Allows you to create the content for recovery.conf. For more details see the usage example and the PostgreSQL documentation.\nEvery parameter value is a string set in the template except recovery_target_inclusive, pause_at_recovery_target, standby_mode and recovery_min_apply_delay.\nA detailed description of all listed parameters can be found in the PostgreSQL documentation.\nOnly the specified parameters are recognized in the template. The recovery.conf is only created if at least one parameter is set and manage_recovery_conf is set to true."}, {"tag_name": "param", "text": "The shell command to execute to retrieve an archived segment of the WAL file series.", "types": ["Any"], "name": "restore_command"}, {"tag_name": "param", "text": "This optional parameter specifies a shell command that will be executed at every restartpoint.", "types": ["Any"], "name": "archive_cleanup_command"}, {"tag_name": "param", "text": "This parameter specifies a shell command that will be executed once only at the end of recovery.", "types": ["Any"], "name": "recovery_end_command"}, {"tag_name": "param", "text": "This parameter specifies the named restore point (created with pg_create_restore_point()) to which recovery will proceed.", "types": ["Any"], "name": "recovery_target_name"}, {"tag_name": "param", "text": "This parameter specifies the time stamp up to which recovery will proceed.", "types": ["Any"], "name": "recovery_target_time"}, {"tag_name": "param", "text": "This parameter specifies the transaction ID up to which recovery will proceed.", "types": ["Any"], "name": "recovery_target_xid"}, {"tag_name": "param", "text": "Specifies whether to stop just after the specified recovery target (true), or just before the recovery target (false).", "types": ["Any"], "name": "recovery_target_inclusive"}, {"tag_name": "param", "text": "This parameter specifies that recovery should end as soon as a consistent state is reached, i.e. as early as possible.", "types": ["Any"], "name": "recovery_target"}, {"tag_name": "param", "text": "Specifies recovering into a particular timeline.", "types": ["Any"], "name": "recovery_target_timeline"}, {"tag_name": "param", "text": "Specifies whether recovery should pause when the recovery target is reached.", "types": ["Any"], "name": "pause_at_recovery_target"}, {"tag_name": "param", "text": "Specifies whether to start the PostgreSQL server as a standby.", "types": ["Any"], "name": "standby_mode"}, {"tag_name": "param", "text": "Specifies a connection string to be used for the standby server to connect with the primary.", "types": ["Any"], "name": "primary_conninfo"}, {"tag_name": "param", "text": "Optionally specifies an existing replication slot to be used when connecting to the primary via streaming replication to control resource removal on the upstream node.", "types": ["Any"], "name": "primary_slot_name"}, {"tag_name": "param", "text": "Specifies a trigger file whose presence ends recovery in the standby.", "types": ["Any"], "name": "trigger_file"}, {"tag_name": "param", "text": "This parameter allows you to delay recovery by a fixed period of time, measured in milliseconds if no unit is specified.", "types": ["Any"], "name": "recovery_min_apply_delay"}, {"tag_name": "param", "text": "Provides the target for the rule, and is generally an internal only property. Use with caution.", "types": ["Any"], "name": "target"}, {"tag_name": "summary", "text": "This resource manages the parameters that applies to the recovery.conf template."}]}, "defaults": {"restore_command": "undef", "archive_cleanup_command": "undef", "recovery_end_command": "undef", "recovery_target_name": "undef", "recovery_target_time": "undef", "recovery_target_xid": "undef", "recovery_target_inclusive": "undef", "recovery_target": "undef", "recovery_target_timeline": "undef", "pause_at_recovery_target": "undef", "standby_mode": "undef", "primary_conninfo": "undef", "primary_slot_name": "undef", "trigger_file": "undef", "recovery_min_apply_delay": "undef", "target": "$postgresql::server::recovery_conf_path"}, "source": "define postgresql::server::recovery (\n $restore_command = undef,\n $archive_cleanup_command = undef,\n $recovery_end_command = undef,\n $recovery_target_name = undef,\n $recovery_target_time = undef,\n $recovery_target_xid = undef,\n $recovery_target_inclusive = undef,\n $recovery_target = undef,\n $recovery_target_timeline = undef,\n $pause_at_recovery_target = undef,\n $standby_mode = undef,\n $primary_conninfo = undef,\n $primary_slot_name = undef,\n $trigger_file = undef,\n $recovery_min_apply_delay = undef,\n $target = $postgresql::server::recovery_conf_path\n) {\n if $postgresql::server::manage_recovery_conf == false {\n fail('postgresql::server::manage_recovery_conf has been disabled, so this resource is now unused and redundant, either enable that option or remove this resource from your manifests')\n } else {\n if($restore_command == undef and $archive_cleanup_command == undef and $recovery_end_command == undef\n and $recovery_target_name == undef and $recovery_target_time == undef and $recovery_target_xid == undef\n and $recovery_target_inclusive == undef and $recovery_target == undef and $recovery_target_timeline == undef\n and $pause_at_recovery_target == undef and $standby_mode == undef and $primary_conninfo == undef\n and $primary_slot_name == undef and $trigger_file == undef and $recovery_min_apply_delay == undef) {\n fail('postgresql::server::recovery use this resource but do not pass a parameter will avoid creating the recovery.conf, because it makes no sense.')\n }\n\n concat { $target:\n owner => $postgresql::server::config::user,\n group => $postgresql::server::config::group,\n force => true, # do not crash if there is no recovery conf file\n mode => '0640',\n warn => true,\n notify => Class['postgresql::server::reload'],\n }\n\n # Create the recovery.conf content\n concat::fragment { 'recovery.conf':\n target => $target,\n content => template('postgresql/recovery.conf.erb'),\n }\n }\n}"}, {"name": "postgresql::server::role", "file": "manifests/server/role.pp", "line": 21, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "If set to true, updates the password on changes. Set this to false to not modify the role's password after creation.", "types": ["Any"], "name": "update_password"}, {"tag_name": "param", "text": "Sets the hash to use during password creation.", "types": ["Variant[Boolean, String, Sensitive[String]]"], "name": "password_hash"}, {"tag_name": "param", "text": "Specifies whether to grant the ability to create new databases with this role.", "types": ["Any"], "name": "createdb"}, {"tag_name": "param", "text": "Specifies whether to grant the ability to create new roles with this role.", "types": ["Any"], "name": "createrole"}, {"tag_name": "param", "text": "Database used to connect to.", "types": ["Any"], "name": "db"}, {"tag_name": "param", "text": "Port to use when connecting.", "types": ["Any"], "name": "port"}, {"tag_name": "param", "text": "Specifies whether to grant login capability for the new role.", "types": ["Any"], "name": "login"}, {"tag_name": "param", "text": "Specifies whether to grant inherit capability for the new role.", "types": ["Any"], "name": "inherit"}, {"tag_name": "param", "text": "Specifies whether to grant super user capability for the new role.", "types": ["Any"], "name": "superuser"}, {"tag_name": "param", "text": "Provides provides replication capabilities for this role if set to true.", "types": ["Any"], "name": "replication"}, {"tag_name": "param", "text": "Specifies how many concurrent connections the role can make. Default value: '-1', meaning no limit.", "types": ["Any"], "name": "connection_limit"}, {"tag_name": "param", "text": "Defines the username of the role to create.", "types": ["Any"], "name": "username"}, {"tag_name": "param", "text": "Specifies a hash of environment variables used when connecting to a remote server.", "types": ["Any"], "name": "connect_settings"}, {"tag_name": "param", "text": "Specify whether to create or drop the role. Specifying 'present' creates the role. Specifying 'absent' drops the role.", "types": ["Enum['present', 'absent']"], "name": "ensure"}, {"tag_name": "param", "text": "Sets the OS user to run psql", "types": ["Any"], "name": "psql_user"}, {"tag_name": "param", "text": "Sets the OS group to run psql", "types": ["Any"], "name": "psql_group"}, {"tag_name": "param", "text": "Sets path to psql command", "types": ["Any"], "name": "psql_path"}, {"tag_name": "param", "text": "Specifies working directory under which the psql command should be executed. May need to specify if '/tmp' is on volume mounted with noexec option.", "types": ["Any"], "name": "module_workdir"}, {"tag_name": "summary", "text": "Define for creating a database role."}]}, "defaults": {"update_password": "true", "password_hash": "false", "createdb": "false", "createrole": "false", "db": "$postgresql::server::default_database", "port": "undef", "login": "true", "inherit": "true", "superuser": "false", "replication": "false", "connection_limit": "'-1'", "username": "$title", "connect_settings": "$postgresql::server::default_connect_settings", "psql_user": "$postgresql::server::user", "psql_group": "$postgresql::server::group", "psql_path": "$postgresql::server::psql_path", "module_workdir": "$postgresql::server::module_workdir", "ensure": "'present'"}, "source": "define postgresql::server::role (\n $update_password = true,\n Variant[Boolean, String, Sensitive[String]] $password_hash = false,\n $createdb = false,\n $createrole = false,\n $db = $postgresql::server::default_database,\n $port = undef,\n $login = true,\n $inherit = true,\n $superuser = false,\n $replication = false,\n $connection_limit = '-1',\n $username = $title,\n $connect_settings = $postgresql::server::default_connect_settings,\n $psql_user = $postgresql::server::user,\n $psql_group = $postgresql::server::group,\n $psql_path = $postgresql::server::psql_path,\n $module_workdir = $postgresql::server::module_workdir,\n Enum['present', 'absent'] $ensure = 'present',\n) {\n $password_hash_unsensitive = if $password_hash =~ Sensitive[String] {\n $password_hash.unwrap\n } else {\n $password_hash\n }\n #\n # Port, order of precedence: $port parameter, $connect_settings[PGPORT], $postgresql::server::port\n #\n if $port != undef {\n $port_override = $port\n } elsif $connect_settings != undef and has_key( $connect_settings, 'PGPORT') {\n $port_override = undef\n } else {\n $port_override = $postgresql::server::port\n }\n\n # If possible use the version of the remote database, otherwise\n # fallback to our local DB version\n if $connect_settings != undef and has_key( $connect_settings, 'DBVERSION') {\n $version = $connect_settings['DBVERSION']\n } else {\n $version = $postgresql::server::_version\n }\n\n Postgresql_psql {\n db => $db,\n port => $port_override,\n psql_user => $psql_user,\n psql_group => $psql_group,\n psql_path => $psql_path,\n connect_settings => $connect_settings,\n cwd => $module_workdir,\n require => Postgresql_psql[\"CREATE ROLE ${username} ENCRYPTED PASSWORD ****\"],\n }\n\n if $ensure == 'present' {\n $login_sql = $login ? { true => 'LOGIN', default => 'NOLOGIN' }\n $inherit_sql = $inherit ? { true => 'INHERIT', default => 'NOINHERIT' }\n $createrole_sql = $createrole ? { true => 'CREATEROLE', default => 'NOCREATEROLE' }\n $createdb_sql = $createdb ? { true => 'CREATEDB', default => 'NOCREATEDB' }\n $superuser_sql = $superuser ? { true => 'SUPERUSER', default => 'NOSUPERUSER' }\n $replication_sql = $replication ? { true => 'REPLICATION', default => '' }\n if ($password_hash_unsensitive != false) {\n $password_sql = \"ENCRYPTED PASSWORD '${password_hash_unsensitive}'\"\n } else {\n $password_sql = ''\n }\n\n postgresql_psql { \"CREATE ROLE ${username} ENCRYPTED PASSWORD ****\":\n command => Sensitive(\"CREATE ROLE \\\"${username}\\\" ${password_sql} ${login_sql} ${createrole_sql} ${createdb_sql} ${superuser_sql} ${replication_sql} CONNECTION LIMIT ${connection_limit}\"),\n unless => \"SELECT 1 FROM pg_roles WHERE rolname = '${username}'\",\n require => undef,\n sensitive => true,\n }\n\n postgresql_psql { \"ALTER ROLE \\\"${username}\\\" ${superuser_sql}\":\n unless => \"SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolsuper = ${superuser}\",\n }\n\n postgresql_psql { \"ALTER ROLE \\\"${username}\\\" ${createdb_sql}\":\n unless => \"SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolcreatedb = ${createdb}\",\n }\n\n postgresql_psql { \"ALTER ROLE \\\"${username}\\\" ${createrole_sql}\":\n unless => \"SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolcreaterole = ${createrole}\",\n }\n\n postgresql_psql { \"ALTER ROLE \\\"${username}\\\" ${login_sql}\":\n unless => \"SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolcanlogin = ${login}\",\n }\n\n postgresql_psql { \"ALTER ROLE \\\"${username}\\\" ${inherit_sql}\":\n unless => \"SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolinherit = ${inherit}\",\n }\n\n if(versioncmp($version, '9.1') >= 0) {\n if $replication_sql == '' {\n postgresql_psql { \"ALTER ROLE \\\"${username}\\\" NOREPLICATION\":\n unless => \"SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolreplication = ${replication}\",\n }\n } else {\n postgresql_psql { \"ALTER ROLE \\\"${username}\\\" ${replication_sql}\":\n unless => \"SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolreplication = ${replication}\",\n }\n }\n }\n\n postgresql_psql { \"ALTER ROLE \\\"${username}\\\" CONNECTION LIMIT ${connection_limit}\":\n unless => \"SELECT 1 FROM pg_roles WHERE rolname = '${username}' AND rolconnlimit = ${connection_limit}\",\n }\n\n if $password_hash_unsensitive and $update_password {\n if($password_hash_unsensitive =~ /^md5.+/) {\n $pwd_hash_sql = $password_hash_unsensitive\n } else {\n $pwd_md5 = md5(\"${password_hash_unsensitive}${username}\")\n $pwd_hash_sql = \"md5${pwd_md5}\"\n }\n postgresql_psql { \"ALTER ROLE ${username} ENCRYPTED PASSWORD ****\":\n command => Sensitive(\"ALTER ROLE \\\"${username}\\\" ${password_sql}\"),\n unless => Sensitive(\"SELECT 1 FROM pg_shadow WHERE usename = '${username}' AND passwd = '${pwd_hash_sql}'\"),\n sensitive => true,\n }\n }\n } else {\n # ensure == absent\n postgresql_psql { \"DROP ROLE \\\"${username}\\\"\":\n onlyif => \"SELECT 1 FROM pg_roles WHERE rolname = '${username}'\",\n require => undef,\n }\n }\n}"}, {"name": "postgresql::server::schema", "file": "manifests/server/schema.pp", "line": 15, "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "postgresql::server::schema {'private':\n db => 'template1',\n}", "name": ""}, {"tag_name": "note", "text": "The database must exist and the PostgreSQL user should have enough privileges"}, {"tag_name": "param", "text": "Required. Sets the name of the database in which to create this schema.", "types": ["Any"], "name": "db"}, {"tag_name": "param", "text": "Sets the default owner of the schema.", "types": ["Any"], "name": "owner"}, {"tag_name": "param", "text": "Sets the name of the schema.", "types": ["Any"], "name": "schema"}, {"tag_name": "param", "text": "Specifies a hash of environment variables used when connecting to a remote server.", "types": ["Any"], "name": "connect_settings"}, {"tag_name": "summary", "text": "Create a new schema."}]}, "defaults": {"db": "$postgresql::server::default_database", "owner": "undef", "schema": "$title", "connect_settings": "$postgresql::server::default_connect_settings"}, "source": "define postgresql::server::schema (\n $db = $postgresql::server::default_database,\n $owner = undef,\n $schema = $title,\n $connect_settings = $postgresql::server::default_connect_settings,\n) {\n $user = $postgresql::server::user\n $group = $postgresql::server::group\n $psql_path = $postgresql::server::psql_path\n $version = $postgresql::server::_version\n $module_workdir = $postgresql::server::module_workdir\n\n Postgresql::Server::Db <| dbname == $db |> -> Postgresql::Server::Schema[$name]\n\n # If the connection settings do not contain a port, then use the local server port\n if $connect_settings != undef and has_key( $connect_settings, 'PGPORT') {\n $port = undef\n } else {\n $port = $postgresql::server::port\n }\n\n Postgresql_psql {\n db => $db,\n psql_user => $user,\n psql_group => $group,\n psql_path => $psql_path,\n port => $port,\n cwd => $module_workdir,\n connect_settings => $connect_settings,\n }\n\n postgresql_psql { \"${db}: CREATE SCHEMA \\\"${schema}\\\"\":\n command => \"CREATE SCHEMA \\\"${schema}\\\"\",\n unless => \"SELECT 1 FROM pg_namespace WHERE nspname = '${schema}'\",\n require => Class['postgresql::server'],\n }\n\n if $owner {\n postgresql_psql { \"${db}: ALTER SCHEMA \\\"${schema}\\\" OWNER TO \\\"${owner}\\\"\":\n command => \"ALTER SCHEMA \\\"${schema}\\\" OWNER TO \\\"${owner}\\\"\",\n unless => \"SELECT 1 FROM pg_namespace JOIN pg_roles rol ON nspowner = rol.oid WHERE nspname = '${schema}' AND rolname = '${owner}'\",\n require => Postgresql_psql[\"${db}: CREATE SCHEMA \\\"${schema}\\\"\"],\n }\n\n if defined(Postgresql::Server::Role[$owner]) {\n Postgresql::Server::Role[$owner]->Postgresql_psql[\"${db}: ALTER SCHEMA \\\"${schema}\\\" OWNER TO \\\"${owner}\\\"\"]\n }\n }\n}"}, {"name": "postgresql::server::table_grant", "file": "manifests/server/table_grant.pp", "line": 13, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Specifies comma-separated list of privileges to grant. Valid options: 'ALL', 'SELECT', 'INSERT', 'UPDATE', 'DELETE', 'TRUNCATE', 'REFERENCES', 'TRIGGER'.", "types": ["Any"], "name": "privilege"}, {"tag_name": "param", "text": "Specifies the table to which you are granting access.", "types": ["Any"], "name": "table"}, {"tag_name": "param", "text": "Specifies which database the table is in.", "types": ["Any"], "name": "db"}, {"tag_name": "param", "text": "Specifies the role or user to whom you are granting access.", "types": ["Any"], "name": "role"}, {"tag_name": "param", "text": "Specifies whether to grant or revoke the privilege. Default is to grant the privilege.", "types": ["Any"], "name": "ensure"}, {"tag_name": "param", "text": "Port to use when connecting.", "types": ["Any"], "name": "port"}, {"tag_name": "param", "text": "Specifies the database to execute the grant against. This should not ordinarily be changed from the default.", "types": ["Any"], "name": "psql_db"}, {"tag_name": "param", "text": "Specifies the OS user for running psql.", "types": ["Any"], "name": "psql_user"}, {"tag_name": "param", "text": "Specifies a hash of environment variables used when connecting to a remote server.", "types": ["Any"], "name": "connect_settings"}, {"tag_name": "param", "text": "Create grant only if it doesn't exist.", "types": ["Any"], "name": "onlyif_exists"}, {"tag_name": "summary", "text": "This resource wraps the grant resource to manage table grants specifically."}]}, "defaults": {"ensure": "undef", "port": "undef", "psql_db": "undef", "psql_user": "undef", "connect_settings": "undef", "onlyif_exists": "false"}, "source": "define postgresql::server::table_grant (\n $privilege,\n $table,\n $db,\n $role,\n $ensure = undef,\n $port = undef,\n $psql_db = undef,\n $psql_user = undef,\n $connect_settings = undef,\n $onlyif_exists = false,\n) {\n postgresql::server::grant { \"table:${name}\":\n ensure => $ensure,\n role => $role,\n db => $db,\n port => $port,\n privilege => $privilege,\n object_type => 'TABLE',\n object_name => $table,\n psql_db => $psql_db,\n psql_user => $psql_user,\n onlyif_exists => $onlyif_exists,\n connect_settings => $connect_settings,\n }\n}"}, {"name": "postgresql::server::tablespace", "file": "manifests/server/tablespace.pp", "line": 8, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Specifies the path to locate this tablespace.", "types": ["Any"], "name": "location"}, {"tag_name": "param", "text": "Set to false if you have file{ $location: } already defined", "types": ["Any"], "name": "manage_location"}, {"tag_name": "param", "text": "Specifies the default owner of the tablespace.", "types": ["Any"], "name": "owner"}, {"tag_name": "param", "text": "Specifies the name of the tablespace.", "types": ["Any"], "name": "spcname"}, {"tag_name": "param", "text": "Specifies a hash of environment variables used when connecting to a remote server.", "types": ["Any"], "name": "connect_settings"}, {"tag_name": "summary", "text": "This module creates tablespace."}]}, "defaults": {"manage_location": "true", "owner": "undef", "spcname": "$title", "connect_settings": "$postgresql::server::default_connect_settings"}, "source": "define postgresql::server::tablespace (\n $location,\n $manage_location = true,\n $owner = undef,\n $spcname = $title,\n $connect_settings = $postgresql::server::default_connect_settings,\n) {\n $user = $postgresql::server::user\n $group = $postgresql::server::group\n $psql_path = $postgresql::server::psql_path\n $module_workdir = $postgresql::server::module_workdir\n\n # If the connection settings do not contain a port, then use the local server port\n if $connect_settings != undef and has_key( $connect_settings, 'PGPORT') {\n $port = undef\n } else {\n $port = $postgresql::server::port\n }\n\n Postgresql_psql {\n psql_user => $user,\n psql_group => $group,\n psql_path => $psql_path,\n port => $port,\n connect_settings => $connect_settings,\n cwd => $module_workdir,\n }\n\n if($manage_location) {\n file { $location:\n ensure => directory,\n owner => $user,\n group => $group,\n mode => '0700',\n seluser => 'system_u',\n selrole => 'object_r',\n seltype => 'postgresql_db_t',\n require => Class['postgresql::server'],\n }\n } else {\n File <| title == $location |> {\n ensure => directory,\n owner => $user,\n group => $group,\n mode => '0700',\n seluser => 'system_u',\n selrole => 'object_r',\n seltype => 'postgresql_db_t',\n require => Class['postgresql::server'],\n }\n }\n\n postgresql_psql { \"CREATE TABLESPACE \\\"${spcname}\\\"\":\n command => \"CREATE TABLESPACE \\\"${spcname}\\\" LOCATION '${location}'\",\n unless => \"SELECT 1 FROM pg_tablespace WHERE spcname = '${spcname}'\",\n require => File[$location],\n }\n\n if $owner {\n postgresql_psql { \"ALTER TABLESPACE \\\"${spcname}\\\" OWNER TO \\\"${owner}\\\"\":\n unless => \"SELECT 1 FROM pg_tablespace JOIN pg_roles rol ON spcowner = rol.oid WHERE spcname = '${spcname}' AND rolname = '${owner}'\",\n require => Postgresql_psql[\"CREATE TABLESPACE \\\"${spcname}\\\"\"],\n }\n\n if defined(Postgresql::Server::Role[$owner]) {\n Postgresql::Server::Role[$owner]->Postgresql_psql[\"ALTER TABLESPACE \\\"${spcname}\\\" OWNER TO \\\"${owner}\\\"\"]\n }\n }\n}"}, {"name": "postgresql::validate_db_connection", "file": "manifests/validate_db_connection.pp", "line": 20, "docstring": {"text": "This validated if the postgres connection can be established\nbetween the node on which this resource is run and a specified postgres\ninstance (host/port/user/password/database name).", "tags": [{"tag_name": "note", "text": ""}, {"tag_name": "param", "text": "Database host address", "types": ["Any"], "name": "database_host"}, {"tag_name": "param", "text": "Specifies the name of the database you wish to test.", "types": ["Any"], "name": "database_name"}, {"tag_name": "param", "text": "Specifies the password to connect with.", "types": ["Optional[Variant[String, Sensitive[String]]]"], "name": "database_password"}, {"tag_name": "param", "text": "Specifies the username to connect with.", "types": ["Any"], "name": "database_username"}, {"tag_name": "param", "text": "Defines the port to use when connecting.", "types": ["Any"], "name": "database_port"}, {"tag_name": "param", "text": "Specifies a hash of environment variables used when connecting to a remote server.", "types": ["Any"], "name": "connect_settings"}, {"tag_name": "param", "text": "Specifies the user to run the psql command as.", "types": ["Any"], "name": "run_as"}, {"tag_name": "param", "text": "Sets the number of seconds to sleep for before trying again after a failure.", "types": ["Any"], "name": "sleep"}, {"tag_name": "param", "text": "Sets the number of attempts after failure before giving up and failing the resource.", "types": ["Any"], "name": "tries"}, {"tag_name": "param", "text": "Creates the database when obtaining a successful connection.", "types": ["Any"], "name": "create_db_first"}, {"tag_name": "summary", "text": "This type validates that a successful postgres connection."}]}, "defaults": {"database_host": "undef", "database_name": "undef", "database_password": "undef", "database_username": "undef", "database_port": "undef", "connect_settings": "undef", "run_as": "undef", "sleep": "2", "tries": "10", "create_db_first": "true"}, "source": "define postgresql::validate_db_connection (\n $database_host = undef,\n $database_name = undef,\n Optional[Variant[String, Sensitive[String]]] $database_password = undef,\n $database_username = undef,\n $database_port = undef,\n $connect_settings = undef,\n $run_as = undef,\n $sleep = 2,\n $tries = 10,\n $create_db_first = true\n) {\n include postgresql::client\n include postgresql::params\n\n warning('postgresql::validate_db_connection is deprecated, please use postgresql_conn_validator.')\n\n $database_password_unsensitive = if $database_password =~ Sensitive[String] {\n $database_password.unwrap\n } else {\n $database_password\n }\n\n $psql_path = $postgresql::params::psql_path\n $module_workdir = $postgresql::params::module_workdir\n $validcon_script_path = $postgresql::client::validcon_script_path\n\n $cmd_init = \"${psql_path} --tuples-only --quiet \"\n $cmd_host = $database_host ? {\n undef => '',\n default => \"-h ${database_host} \",\n }\n $cmd_user = $database_username ? {\n undef => '',\n default => \"-U ${database_username} \",\n }\n $cmd_port = $database_port ? {\n undef => '',\n default => \"-p ${database_port} \",\n }\n $cmd_dbname = $database_name ? {\n undef => \"--dbname ${postgresql::params::default_database} \",\n default => \"--dbname ${database_name} \",\n }\n $pass_env = $database_password_unsensitive ? {\n undef => undef,\n default => \"PGPASSWORD=${database_password_unsensitive}\",\n }\n $cmd = join([$cmd_init, $cmd_host, $cmd_user, $cmd_port, $cmd_dbname], ' ')\n $validate_cmd = \"${validcon_script_path} ${sleep} ${tries} '${cmd}'\"\n\n # This is more of a safety valve, we add a little extra to compensate for the\n # time it takes to run each psql command.\n $timeout = (($sleep + 2) * $tries)\n\n # Combine $database_password_unsensitive and $connect_settings into an array of environment\n # variables, ensure $database_password_unsensitive is last, allowing it to override a password\n # from the $connect_settings hash\n if $connect_settings != undef {\n if $pass_env != undef {\n $env = concat(join_keys_to_values( $connect_settings, '='), $pass_env)\n } else {\n $env = join_keys_to_values( $connect_settings, '=')\n }\n } else {\n $env = $pass_env\n }\n\n $exec_name = \"validate postgres connection for ${database_username}@${database_host}:${database_port}/${database_name}\"\n\n exec { $exec_name:\n command => \"echo 'Unable to connect to defined database using: ${cmd}' && false\",\n unless => $validate_cmd,\n cwd => $module_workdir,\n environment => $env,\n logoutput => 'on_failure',\n user => $run_as,\n path => '/bin:/usr/bin:/usr/local/bin',\n timeout => $timeout,\n require => Class['postgresql::client'],\n }\n\n # This is a little bit of puppet magic. What we want to do here is make\n # sure that if the validation and the database instance creation are being\n # applied on the same machine, then the database resource is applied *before*\n # the validation resource. Otherwise, the validation is guaranteed to fail\n # on the first run.\n #\n # We accomplish this by using Puppet's resource collection syntax to search\n # for the Database resource in our current catalog; if it exists, the\n # appropriate relationship is created here.\n if($create_db_first) {\n Postgresql::Server::Database<|title == $database_name|> -> Exec[$exec_name]\n }\n}"}, {"name": "systemd::dropin_file", "file": "manifests/dropin_file.pp", "line": 21, "docstring": {"text": "Creates a drop-in file for a systemd unit", "tags": [{"tag_name": "param", "text": "the The target unit file to create, the value will be set to the `filename` parameter as well", "types": ["Systemd::Unit"], "name": "unit"}, {"tag_name": "param", "text": "The target unit file to create", "types": ["Systemd::Dropin"], "name": "filename"}, {"tag_name": "param", "text": "the state of this dropin file", "types": ["Enum['present', 'absent', 'file']"], "name": "ensure"}, {"tag_name": "param", "text": "The main systemd configuration path", "types": ["Stdlib::Absolutepath"], "name": "path"}, {"tag_name": "param", "text": "If Puppet should ignore the default SELinux labels.", "types": ["Boolean"], "name": "selinux_ignore_defaults"}, {"tag_name": "param", "text": "The full content of the unit file (Mutually exclusive with `$source`)", "types": ["Optional[Variant[String,Sensitive[String]]]"], "name": "content"}, {"tag_name": "param", "text": "The `File` resource compatible `source` Mutually exclusive with ``$content``", "types": ["Optional[String]"], "name": "source"}, {"tag_name": "param", "text": "If set, will force the file to be a symlink to the given target (Mutually exclusive with both `$source` and `$content`", "types": ["Optional[Stdlib::Absolutepath]"], "name": "target"}, {"tag_name": "param", "text": "The owner to set on the dropin file", "types": ["String"], "name": "owner"}, {"tag_name": "param", "text": "The group to set on the dropin file", "types": ["String"], "name": "group"}, {"tag_name": "param", "text": "The mode to set on the dropin file", "types": ["String"], "name": "mode"}, {"tag_name": "param", "text": "Whether to show the diff when updating dropin file", "types": ["Boolean"], "name": "show_diff"}, {"tag_name": "param", "text": "Notify a service for the unit, if it exists", "types": ["Boolean"], "name": "notify_service"}, {"tag_name": "see", "name": "systemd.unit(5)"}]}, "defaults": {"filename": "$name", "ensure": "'present'", "path": "'/etc/systemd/system'", "selinux_ignore_defaults": "false", "content": "undef", "source": "undef", "target": "undef", "owner": "'root'", "group": "'root'", "mode": "'0444'", "show_diff": "true", "notify_service": "false"}, "source": "define systemd::dropin_file (\n Systemd::Unit $unit,\n Systemd::Dropin $filename = $name,\n Enum['present', 'absent', 'file'] $ensure = 'present',\n Stdlib::Absolutepath $path = '/etc/systemd/system',\n Boolean $selinux_ignore_defaults = false,\n Optional[Variant[String,Sensitive[String]]] $content = undef,\n Optional[String] $source = undef,\n Optional[Stdlib::Absolutepath] $target = undef,\n String $owner = 'root',\n String $group = 'root',\n String $mode = '0444',\n Boolean $show_diff = true,\n Boolean $notify_service = false,\n) {\n include systemd\n\n if $target {\n $_ensure = 'link'\n } else {\n $_ensure = $ensure ? {\n 'present' => 'file',\n default => $ensure,\n }\n }\n\n $full_filename = \"${path}/${unit}.d/${filename}\"\n\n if $ensure != 'absent' {\n ensure_resource('file', dirname($full_filename), {\n ensure => directory,\n owner => 'root',\n group => 'root',\n recurse => $systemd::purge_dropin_dirs,\n purge => $systemd::purge_dropin_dirs,\n selinux_ignore_defaults => $selinux_ignore_defaults,\n })\n }\n\n file { $full_filename:\n ensure => $_ensure,\n content => $content,\n source => $source,\n target => $target,\n owner => $owner,\n group => $group,\n mode => $mode,\n selinux_ignore_defaults => $selinux_ignore_defaults,\n show_diff => $show_diff,\n }\n\n if $notify_service {\n File[$full_filename] ~> Service <| title == $unit or name == $unit |>\n if $unit =~ /\\.service$/ {\n $short_service_name = regsubst($unit, /\\.service$/, '')\n File[$full_filename] ~> Service <| title == $short_service_name or name == $short_service_name |>\n }\n }\n}"}, {"name": "systemd::network", "file": "manifests/network.pp", "line": 15, "docstring": {"text": "", "tags": [{"tag_name": "author", "text": "Tim Meusel <tim@bastelfreak.de>"}, {"tag_name": "param", "text": "configure if the file should be configured or deleted", "types": ["Enum['file', 'absent']"], "name": "ensure"}, {"tag_name": "param", "text": "directory where the network configs are stored", "types": ["Stdlib::Absolutepath"], "name": "path"}, {"tag_name": "param", "text": "the content of the file", "types": ["Optional[String]"], "name": "content"}, {"tag_name": "param", "text": "a path to a file that's used as source", "types": ["Optional[String]"], "name": "source"}, {"tag_name": "param", "text": "optional absolute path in case the file should be stored somewhere else", "types": ["Optional[Stdlib::Absolutepath]"], "name": "target"}, {"tag_name": "param", "text": "the user who owns the file", "types": ["String"], "name": "owner"}, {"tag_name": "param", "text": "the group that owns the file", "types": ["String"], "name": "group"}, {"tag_name": "param", "text": "the mode of the file", "types": ["String"], "name": "mode"}, {"tag_name": "param", "text": "whether the file diff should be shown on modifications", "types": ["Boolean"], "name": "show_diff"}, {"tag_name": "param", "text": "whether systemd-networkd should be restarted on changes, defaults to true. `$systemd::manage_networkd` needs to be true as well", "types": ["Boolean"], "name": "restart_service"}, {"tag_name": "summary", "text": "Creates network config for systemd-networkd"}]}, "defaults": {"ensure": "file", "path": "'/etc/systemd/network'", "content": "undef", "source": "undef", "target": "undef", "owner": "'root'", "group": "'root'", "mode": "'0444'", "show_diff": "true", "restart_service": "true"}, "source": "define systemd::network (\n Enum['file', 'absent'] $ensure = file,\n Stdlib::Absolutepath $path = '/etc/systemd/network',\n Optional[String] $content = undef,\n Optional[String] $source = undef,\n Optional[Stdlib::Absolutepath] $target = undef,\n String $owner = 'root',\n String $group = 'root',\n String $mode = '0444',\n Boolean $show_diff = true,\n Boolean $restart_service = true,\n) {\n include systemd\n\n if $restart_service and $systemd::manage_networkd {\n $notify = Service['systemd-networkd']\n } else {\n $notify = undef\n }\n\n if $ensure == 'file' {\n if $content =~ Undef and $source =~ Undef {\n fail('Either content or source must be set')\n }\n if $content =~ NotUndef and $source =~ NotUndef {\n fail('Either content or source must be set but not both')\n }\n }\n file { \"${path}/${name}\":\n ensure => $ensure,\n content => $content,\n source => $source,\n target => $target,\n owner => $owner,\n group => $group,\n mode => $mode,\n show_diff => $show_diff,\n notify => $notify,\n }\n}"}, {"name": "systemd::service_limits", "file": "manifests/service_limits.pp", "line": 32, "docstring": {"text": "Adds a set of custom limits to the service", "tags": [{"tag_name": "param", "text": "The name of the service that you will be modifying", "types": ["Pattern['^.+\\.(service|socket|mount|swap)$']"], "name": "name"}, {"tag_name": "param", "text": "Whether to drop a file or remove it", "types": ["Enum['present', 'absent', 'file']"], "name": "ensure"}, {"tag_name": "param", "text": "The path to the main systemd settings directory", "types": ["Stdlib::Absolutepath"], "name": "path"}, {"tag_name": "param", "text": "If Puppet should ignore the default SELinux labels.", "types": ["Boolean"], "name": "selinux_ignore_defaults"}, {"tag_name": "param", "text": "A Hash of service limits matching the settings in ``systemd.exec(5)``\n\n* Mutually exclusive with ``$source``", "types": ["Optional[Systemd::ServiceLimits]"], "name": "limits"}, {"tag_name": "param", "text": "A ``File`` resource compatible ``source``\n\n* Mutually exclusive with ``$limits``", "types": ["Optional[String]"], "name": "source"}, {"tag_name": "param", "text": "Restart the managed service after setting the limits", "types": ["Boolean"], "name": "restart_service"}, {"tag_name": "see", "name": "systemd.exec(5)"}]}, "defaults": {"ensure": "'present'", "path": "'/etc/systemd/system'", "selinux_ignore_defaults": "false", "limits": "undef", "source": "undef", "restart_service": "true"}, "source": "define systemd::service_limits (\n Enum['present', 'absent', 'file'] $ensure = 'present',\n Stdlib::Absolutepath $path = '/etc/systemd/system',\n Boolean $selinux_ignore_defaults = false,\n Optional[Systemd::ServiceLimits] $limits = undef,\n Optional[String] $source = undef,\n Boolean $restart_service = true\n) {\n include systemd\n\n if $name !~ Pattern['^.+\\.(service|socket|mount|swap)$'] {\n fail('$name must match Pattern[\"^.+\\.(service|socket|mount|swap)$\"]')\n }\n\n if $limits and !empty($limits) {\n $_content = template(\"${module_name}/limits.erb\")\n }\n else {\n $_content = undef\n }\n\n if $ensure != 'absent' {\n if ($limits and !empty($limits)) and $source {\n fail('You may not supply both limits and source parameters to systemd::service_limits')\n }\n elsif ($limits == undef or empty($limits)) and ($source == undef) {\n fail('You must supply either the limits or source parameter to systemd::service_limits')\n }\n }\n\n systemd::dropin_file { \"${name}-90-limits.conf\":\n ensure => $ensure,\n unit => $name,\n filename => '90-limits.conf',\n path => $path,\n selinux_ignore_defaults => $selinux_ignore_defaults,\n content => $_content,\n source => $source,\n }\n\n if $restart_service {\n exec { \"restart ${name} because limits\":\n command => \"systemctl restart ${name}\",\n path => $facts['path'],\n refreshonly => true,\n subscribe => File[\"${path}/${name}.d/90-limits.conf\"],\n }\n }\n}"}, {"name": "systemd::timer", "file": "manifests/timer.pp", "line": 61, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The target of the timer unit to create", "types": ["Pattern['^.+\\.timer$]"], "name": "name"}, {"tag_name": "param", "text": "The main systemd configuration path", "types": ["Stdlib::Absolutepath"], "name": "path"}, {"tag_name": "param", "text": "The full content of the timer unit file\n\n* Mutually exclusive with ``$timer_source``", "types": ["Optional[String[1]]"], "name": "timer_content"}, {"tag_name": "param", "text": "The ``File`` resource compatible ``source``\n\n* Mutually exclusive with ``$timer_content``", "types": ["Optional[String[1]]"], "name": "timer_source"}, {"tag_name": "param", "text": "The full content of the service unit file\n\n* Mutually exclusive with ``$service_source``", "types": ["Optional[String[1]]"], "name": "service_content"}, {"tag_name": "param", "text": "The ``File`` resource compatible ``source``\n\n* Mutually exclusive with ``$service_content``", "types": ["Optional[String[1]]"], "name": "service_source"}, {"tag_name": "param", "text": "The owner to set on the dropin file", "types": ["String[1]"], "name": "owner"}, {"tag_name": "param", "text": "The group to set on the dropin file", "types": ["String[1]"], "name": "group"}, {"tag_name": "param", "text": "The mode to set on the dropin file", "types": ["Stdlib::Filemode"], "name": "mode"}, {"tag_name": "param", "text": "Whether to show the diff when updating dropin file", "types": ["Boolean"], "name": "show_diff"}, {"tag_name": "param", "text": "If set then the service_unit will have this name.\nIf not set the service unit has the same name\nas the timer unit with s/.timer/.service/", "types": ["Optional[Systemd::Unit]"], "name": "service_unit"}, {"tag_name": "param", "text": "If set to true or false the timer service will be maintained.\nIf true the timer service will be running and enabled, if false it will\nexplictly stopped and disabled.", "types": ["Optional[Boolean]"], "name": "active"}, {"tag_name": "param", "text": "If set, will manage the state of the unit.", "types": ["Optional[Variant[Boolean, Enum['mask']]]"], "name": "enable"}, {"tag_name": "param", "text": "Defines the desired state of the timer", "types": ["Enum['present', 'absent', 'file']"], "name": "ensure"}, {"tag_name": "see", "text": "systemd.timer(5)", "name": "https://www.freedesktop.org/software/systemd/man/systemd.timer.html"}, {"tag_name": "summary", "text": "Create a timer and optionally a service unit to execute with the timer unit"}]}, "defaults": {"ensure": "'present'", "path": "'/etc/systemd/system'", "timer_content": "undef", "timer_source": "undef", "service_content": "undef", "service_source": "undef", "owner": "'root'", "group": "'root'", "mode": "'0444'", "service_unit": "undef", "show_diff": "true", "enable": "undef", "active": "undef"}, "source": "define systemd::timer (\n Enum['present', 'absent', 'file'] $ensure = 'present',\n Stdlib::Absolutepath $path = '/etc/systemd/system',\n Optional[String[1]] $timer_content = undef,\n Optional[String[1]] $timer_source = undef,\n Optional[String[1]] $service_content = undef,\n Optional[String[1]] $service_source = undef,\n String[1] $owner = 'root',\n String[1] $group = 'root',\n Stdlib::Filemode $mode = '0444',\n Optional[Systemd::Unit] $service_unit = undef,\n Boolean $show_diff = true,\n Optional[Variant[Boolean, Enum['mask']]] $enable = undef,\n Optional[Boolean] $active = undef,\n) {\n assert_type(Pattern['^.+\\.timer$'],$name)\n\n if $service_unit {\n $_service_unit = $service_unit\n } else {\n $_service_unit = \"${basename($name,'.timer')}.service\"\n }\n\n if $service_content or $service_source {\n systemd::unit_file { $_service_unit:\n ensure => $ensure,\n content => $service_content,\n source => $service_source,\n path => $path,\n owner => $owner,\n group => $group,\n mode => $mode,\n show_diff => $show_diff,\n }\n }\n\n systemd::unit_file { $name:\n ensure => $ensure,\n content => $timer_content,\n source => $timer_source,\n path => $path,\n owner => $owner,\n group => $group,\n mode => $mode,\n show_diff => $show_diff,\n enable => $enable,\n active => $active,\n }\n}"}, {"name": "systemd::tmpfile", "file": "manifests/tmpfile.pp", "line": 26, "docstring": {"text": "Creates a systemd tmpfile", "tags": [{"tag_name": "param", "text": "The name of the tmpfile to create", "types": ["Systemd::Dropin"], "name": "filename"}, {"tag_name": "param", "text": "Whether to drop a file or remove it", "types": ["Enum['present', 'absent', 'file']"], "name": "ensure"}, {"tag_name": "param", "text": "The path to the main systemd tmpfiles directory", "types": ["Stdlib::Absolutepath"], "name": "path"}, {"tag_name": "param", "text": "The literal content to write to the file\n\n* Mutually exclusive with ``$source``", "types": ["Optional[String]"], "name": "content"}, {"tag_name": "param", "text": "A ``File`` resource compatible ``source``\n\n* Mutually exclusive with ``$limits``", "types": ["Optional[String]"], "name": "source"}, {"tag_name": "see", "name": "systemd-tmpfiles(8)"}]}, "defaults": {"ensure": "'file'", "filename": "$name", "path": "'/etc/tmpfiles.d'", "content": "undef", "source": "undef"}, "source": "define systemd::tmpfile (\n Enum['present', 'absent', 'file'] $ensure = 'file',\n Systemd::Dropin $filename = $name,\n Stdlib::Absolutepath $path = '/etc/tmpfiles.d',\n Optional[String] $content = undef,\n Optional[String] $source = undef,\n) {\n include systemd::tmpfiles\n\n $_tmp_file_ensure = $ensure ? {\n 'present' => 'file',\n default => $ensure,\n }\n\n file { \"${path}/${filename}\":\n ensure => $_tmp_file_ensure,\n content => $content,\n source => $source,\n owner => 'root',\n group => 'root',\n mode => '0444',\n notify => Class['systemd::tmpfiles'],\n }\n}"}, {"name": "systemd::udev::rule", "file": "manifests/udev/rule.pp", "line": 25, "docstring": {"text": "Adds a custom udev rule", "tags": [{"tag_name": "param", "text": "The name of the udev rules to create", "types": ["Pattern['^.+\\.rules$']"], "name": "name"}, {"tag_name": "param", "text": "Whether to drop a file or remove it", "types": ["Enum['present', 'absent', 'file']"], "name": "ensure"}, {"tag_name": "param", "text": "The path to the main systemd settings directory", "types": ["Stdlib::Absolutepath"], "name": "path"}, {"tag_name": "param", "text": "If Puppet should ignore the default SELinux labels.", "types": ["Boolean"], "name": "selinux_ignore_defaults"}, {"tag_name": "param", "text": "List of services to notify when this rule is updated", "types": ["Variant[Array[String[1]], String[1]]"], "name": "notify_services"}, {"tag_name": "param", "text": "The literal udev rules you want to deploy", "types": ["Array"], "name": "rules"}, {"tag_name": "see", "name": "udev(7)"}]}, "defaults": {"ensure": "'present'", "path": "'/etc/udev/rules.d'", "notify_services": "[]", "selinux_ignore_defaults": "false"}, "source": "define systemd::udev::rule (\n Array $rules,\n Enum['present', 'absent', 'file'] $ensure = 'present',\n Stdlib::Absolutepath $path = '/etc/udev/rules.d',\n Variant[Array[String[1]], String[1]] $notify_services = [],\n Boolean $selinux_ignore_defaults = false,\n) {\n include systemd\n\n $filename = assert_type(Pattern['^.+\\.rules$'], $name) |$expected, $actual| {\n fail(\"The \\$name should match \\'${expected}\\', you passed \\'${actual}\\'\")\n }\n\n file { $filename:\n ensure => $ensure,\n owner => 'root',\n group => 'root',\n mode => '0444',\n path => join([$path, $name], '/'),\n notify => $notify_services,\n selinux_ignore_defaults => $selinux_ignore_defaults,\n content => epp(\"${module_name}/udev_rule.epp\", { 'rules' => $rules }),\n }\n}"}, {"name": "systemd::unit_file", "file": "manifests/unit_file.pp", "line": 52, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The target unit file to create", "types": ["Pattern['^[^/]+\\.(service|socket|device|mount|automount|swap|target|path|timer|slice|scope)$']"], "name": "name"}, {"tag_name": "param", "text": "The state of the unit file to ensure", "types": ["Enum['present', 'absent', 'file']"], "name": "ensure"}, {"tag_name": "param", "text": "The main systemd configuration path", "types": ["Stdlib::Absolutepath"], "name": "path"}, {"tag_name": "param", "text": "The full content of the unit file\n\n* Mutually exclusive with ``$source``", "types": ["Optional[Variant[String, Sensitive[String], Deferred]]"], "name": "content"}, {"tag_name": "param", "text": "The ``File`` resource compatible ``source``\n\n* Mutually exclusive with ``$content``", "types": ["Optional[String]"], "name": "source"}, {"tag_name": "param", "text": "If set, will force the file to be a symlink to the given target\n\n* Mutually exclusive with both ``$source`` and ``$content``", "types": ["Optional[Stdlib::Absolutepath]"], "name": "target"}, {"tag_name": "param", "text": "The owner to set on the unit file", "types": ["String"], "name": "owner"}, {"tag_name": "param", "text": "The group to set on the unit file", "types": ["String"], "name": "group"}, {"tag_name": "param", "text": "The mode to set on the unit file", "types": ["String"], "name": "mode"}, {"tag_name": "param", "text": "Whether to show the diff when updating unit file", "types": ["Boolean"], "name": "show_diff"}, {"tag_name": "param", "text": "If set, will manage the unit enablement status.", "types": ["Optional[Variant[Boolean, Enum['mask']]]"], "name": "enable"}, {"tag_name": "param", "text": "If set, will manage the state of the unit.", "types": ["Optional[Boolean]"], "name": "active"}, {"tag_name": "param", "text": "Specify a restart command manually. If left unspecified, a standard Puppet service restart happens.", "types": ["Optional[String]"], "name": "restart"}, {"tag_name": "see", "name": "systemd.unit(5)"}, {"tag_name": "summary", "text": "Creates a systemd unit file"}]}, "defaults": {"ensure": "'present'", "path": "'/etc/systemd/system'", "content": "undef", "source": "undef", "target": "undef", "owner": "'root'", "group": "'root'", "mode": "'0444'", "show_diff": "true", "enable": "undef", "active": "undef", "restart": "undef"}, "source": "define systemd::unit_file (\n Enum['present', 'absent', 'file'] $ensure = 'present',\n Stdlib::Absolutepath $path = '/etc/systemd/system',\n Optional[Variant[String, Sensitive[String], Deferred]] $content = undef,\n Optional[String] $source = undef,\n Optional[Stdlib::Absolutepath] $target = undef,\n String $owner = 'root',\n String $group = 'root',\n String $mode = '0444',\n Boolean $show_diff = true,\n Optional[Variant[Boolean, Enum['mask']]] $enable = undef,\n Optional[Boolean] $active = undef,\n Optional[String] $restart = undef,\n) {\n include systemd\n\n assert_type(Systemd::Unit, $name)\n\n if $enable == 'mask' {\n $_target = '/dev/null'\n } else {\n $_target = $target\n }\n\n if $_target {\n $_ensure = 'link'\n } else {\n $_ensure = $ensure ? {\n 'present' => 'file',\n default => $ensure,\n }\n }\n\n file { \"${path}/${name}\":\n ensure => $_ensure,\n content => $content,\n source => $source,\n target => $_target,\n owner => $owner,\n group => $group,\n mode => $mode,\n show_diff => $show_diff,\n }\n\n if $enable != undef or $active != undef {\n service { $name:\n ensure => $active,\n enable => $enable,\n restart => $restart,\n provider => 'systemd',\n }\n\n if $ensure == 'absent' {\n if $enable or $active {\n fail(\"Can't ensure the unit file is absent and activate/enable the service at the same time\")\n }\n Service[$name] -> File[\"${path}/${name}\"]\n } else {\n File[\"${path}/${name}\"] ~> Service[$name]\n }\n } else {\n # Work around https://tickets.puppetlabs.com/browse/PUP-9473\n # and react to changes on static unit files (ie: .service triggered by .timer)\n exec { \"${name}-systemctl-daemon-reload\":\n command => 'systemctl daemon-reload',\n refreshonly => true,\n path => $facts['path'],\n subscribe => File[\"${path}/${name}\"],\n }\n }\n}"}, {"name": "ssh::client::config::user", "file": "manifests/client/config/user.pp", "line": 6, "docstring": {"text": "Copyright (c) IN2P3 Computing Centre, IN2P3, CNRS\nContributor: Remi Ferrand <remi{dot}ferrand_at_cc(dot)in2p3.fr> (2015)\nContributor: Tim Meusel <tim@bastelfreak.de> (2017)", "tags": [{"tag_name": "param", "text": "", "types": ["Enum['present', 'absent']"], "name": "ensure"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::Absolutepath]"], "name": "target"}, {"tag_name": "param", "text": "", "types": ["Optional[Stdlib::Absolutepath]"], "name": "user_home_dir"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "manage_user_ssh_dir"}, {"tag_name": "param", "text": "", "types": ["Hash"], "name": "options"}, {"tag_name": "param", "text": "", "types": ["String[1]"], "name": "user"}]}, "defaults": {"ensure": "present", "target": "undef", "user_home_dir": "undef", "manage_user_ssh_dir": "true", "options": "{}", "user": "$name"}, "source": "define ssh::client::config::user (\n Enum['present', 'absent'] $ensure = present,\n Optional[Stdlib::Absolutepath] $target = undef,\n Optional[Stdlib::Absolutepath] $user_home_dir = undef,\n Boolean $manage_user_ssh_dir = true,\n Hash $options = {},\n String[1] $user = $name,\n) {\n include ssh::params\n\n # If a specific target file was specified,\n # it must have higher priority than any\n # other parameter.\n if ($target != undef) {\n $_target = $target\n } else {\n if ($user_home_dir == undef) {\n $_user_home_dir = \"/home/${user}\"\n } else {\n $_user_home_dir = $user_home_dir\n }\n\n $user_ssh_dir = \"${_user_home_dir}/.ssh\"\n $_target = \"${user_ssh_dir}/config\"\n\n if ($manage_user_ssh_dir == true) {\n unless defined(File[$user_ssh_dir]) {\n file { $user_ssh_dir:\n ensure => directory,\n owner => $user,\n mode => $ssh::params::user_ssh_directory_default_mode,\n before => Concat_file[$_target],\n }\n }\n }\n }\n\n unless defined(Concat_file[$_target]) {\n concat_file { $_target:\n ensure => $ensure,\n owner => $user,\n mode => $ssh::params::user_ssh_config_default_mode,\n tag => $name,\n }\n }\n concat_fragment { $name:\n tag => $name,\n content => template(\"${module_name}/ssh_config.erb\"),\n target => $_target,\n }\n}"}, {"name": "ssh::server::config::setting", "file": "manifests/server/config/setting.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "key"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "value"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "order"}, {"tag_name": "summary", "text": "Internal define to managed ssh server param"}]}, "defaults": {"order": "'10'"}, "source": "define ssh::server::config::setting (\n $key,\n $value,\n $order = '10'\n) {\n include ssh::params\n\n if is_bool($value) {\n $real_value = $value ? {\n true => 'yes',\n false => 'no',\n default => undef\n }\n } elsif is_array($value) {\n $real_value = join($value, ' ')\n } elsif is_hash($value) {\n fail('Hash values are not supported')\n } else {\n $real_value = $value\n }\n\n concat::fragment { \"ssh_setting_${name}_${key}\":\n target => $ssh::params::sshd_config,\n content => \"\\n# added by Ssh::Server::Config::Setting[${name}]\\n${key} ${real_value}\\n\",\n order => $order,\n }\n}"}, {"name": "ssh::server::host_key", "file": "manifests/server/host_key.pp", "line": 39, "docstring": {"text": "== Define: ssh::server::host_key\n\nThis module install a ssh host key in the server (basically, it is\na file resource but it also notifies to the ssh service)\n\nImportant! This define does not modify any option in sshd_config, so\nyou have to manually define the HostKey option in the server options\nif you haven't done yet.\n\n== Parameters\n\n[*ensure*]\n Set to 'absent' to remove host_key files\n\n[*public_key_source*]\n Sets the content of the source parameter for the public key file\n Note public_key_source and public_key_content are mutually exclusive.\n\n[*public_key_content*]\n Sets the content for the public key file.\n Note public_key_source and public_key_content are mutually exclusive.\n\n[*private_key_source*]\n Sets the content of the source parameter for the private key file\n Note private_key_source and private_key_content are mutually exclusive.\n\n[*private_key_content*]\n Sets the content for the private key file.\n Note private_key_source and private_key_content are mutually exclusive.\n\n[*certificate_source*]\n Sets the content of the source parameter for the host key certificate.\n Note certificate_source and certificate_content are mutually exclusive.\n\n[*certificate_content*]\n Sets the content for the host key certificate.\n Note certificate_source and certificate_content are mutually exclusive.", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "ensure"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "public_key_source"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "public_key_content"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "private_key_source"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "private_key_content"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "certificate_source"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "certificate_content"}]}, "defaults": {"ensure": "'present'", "public_key_source": "''", "public_key_content": "''", "private_key_source": "''", "private_key_content": "''", "certificate_source": "''", "certificate_content": "''"}, "source": "define ssh::server::host_key (\n $ensure = 'present',\n $public_key_source = '',\n $public_key_content = '',\n $private_key_source = '',\n $private_key_content = '',\n $certificate_source = '',\n $certificate_content = '',\n) {\n # Ensure the ssh::server class is included in the manifest\n include ssh::server\n\n if $public_key_source == '' and $public_key_content == '' and $ensure == 'present' {\n fail('You must provide either public_key_source or public_key_content parameter')\n }\n if $private_key_source == '' and $private_key_content == '' and $ensure == 'present' {\n fail('You must provide either private_key_source or private_key_content parameter')\n }\n\n $manage_pub_key_content = $public_key_source ? {\n '' => $public_key_content,\n default => undef,\n }\n $manage_pub_key_source = $public_key_source ? {\n '' => undef,\n default => $public_key_source,\n }\n\n $manage_priv_key_content = $private_key_source ? {\n '' => $private_key_content,\n default => undef,\n }\n $manage_priv_key_source = $private_key_source ? {\n '' => undef,\n default => $private_key_source,\n }\n\n $manage_cert_content = $certificate_source ? {\n '' => $certificate_content,\n default => undef,\n }\n $manage_cert_source = $certificate_source ? {\n '' => undef,\n default => $certificate_source,\n }\n\n if $ensure == 'present' {\n file { \"${name}_pub\":\n ensure => $ensure,\n owner => 0,\n group => 0,\n mode => '0644',\n path => \"${ssh::params::sshd_dir}/${name}.pub\",\n source => $manage_pub_key_source,\n content => $manage_pub_key_content,\n notify => Class['ssh::server::service'],\n }\n\n file { \"${name}_priv\":\n ensure => $ensure,\n owner => 0,\n group => $ssh::params::host_priv_key_group,\n mode => '0600',\n path => \"${ssh::params::sshd_dir}/${name}\",\n source => $manage_priv_key_source,\n content => $manage_priv_key_content,\n show_diff => false,\n notify => Class['ssh::server::service'],\n }\n } else {\n file { \"${name}_pub\":\n ensure => $ensure,\n owner => 0,\n group => 0,\n mode => '0644',\n path => \"${ssh::params::sshd_dir}/${name}.pub\",\n notify => Class['ssh::server::service'],\n }\n\n file { \"${name}_priv\":\n ensure => $ensure,\n owner => 0,\n group => $ssh::params::host_priv_key_group,\n mode => '0600',\n path => \"${ssh::params::sshd_dir}/${name}\",\n show_diff => false,\n notify => Class['ssh::server::service'],\n }\n }\n\n if !empty($certificate_source) or !empty($certificate_content) {\n if $ensure == 'present' {\n file { \"${name}_cert\":\n ensure => $ensure,\n owner => 0,\n group => 0,\n mode => '0644',\n path => \"${ssh::params::sshd_dir}/${name}-cert.pub\",\n source => $manage_cert_source,\n content => $manage_cert_content,\n notify => Class['ssh::server::service'],\n }\n } else {\n file { \"${name}_cert\":\n ensure => $ensure,\n owner => 0,\n group => 0,\n mode => '0644',\n path => \"${ssh::params::sshd_dir}/${name}-cert.pub\",\n notify => Class['ssh::server::service'],\n }\n }\n }\n}"}, {"name": "ssh::server::match_block", "file": "manifests/server/match_block.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "param", "text": "", "types": ["Hash"], "name": "options"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "type"}, {"tag_name": "param", "text": "", "types": ["Integer"], "name": "order"}, {"tag_name": "summary", "text": "Add match_block to ssh server config (concat needed)"}]}, "defaults": {"options": "{}", "type": "'user'", "order": "50"}, "source": "define ssh::server::match_block (\n Hash $options = {},\n String $type = 'user',\n Integer $order = 50,\n) {\n if $ssh::server::use_augeas {\n fail('ssh::server::match_block() define not supported with use_augeas = true')\n } else {\n concat::fragment { \"match_block ${name}\":\n target => $ssh::params::sshd_config,\n content => template(\"${module_name}/sshd_match_block.erb\"),\n order => 200+$order,\n }\n }\n}"}, {"name": "ssh::server::options", "file": "manifests/server/options.pp", "line": 6, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "param", "text": "", "types": ["Hash"], "name": "options"}, {"tag_name": "param", "text": "", "types": ["Integer"], "name": "order"}, {"tag_name": "summary", "text": "Managed ssh server options"}]}, "defaults": {"options": "{}", "order": "50"}, "source": "define ssh::server::options (\n Hash $options = {},\n Integer $order = 50\n) {\n concat::fragment { \"options ${name}\":\n target => $ssh::params::sshd_config,\n content => template(\"${module_name}/options.erb\"),\n order => 100+$order,\n }\n}"}, {"name": "ssh_keygen", "file": "manifests/init.pp", "line": 41, "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "ssh_keygen { 'john':\n type => 'dsa'\n}", "name": "Generate a dsa key"}, {"tag_name": "example", "text": "ssh_keygen { 'john':\n bits => 4096\n}", "name": "specify the bit length"}, {"tag_name": "example", "text": "ssh_keygen { 'root':\n filename => '/etc/ssh/ssh_host_rsa_key'\n}", "name": "Generate new host key"}, {"tag_name": "param", "text": "Username to create key for", "types": ["Optional[String]"], "name": "user"}, {"tag_name": "param", "text": "Type of key to create", "types": ["Enum['rsa', 'dsa', 'ecdsa', 'ed25519', 'rsa1']"], "name": "type"}, {"tag_name": "param", "text": "Number of bits in key", "types": ["Optional[Integer]"], "name": "bits"}, {"tag_name": "param", "text": "Home directory for user", "types": ["Optional[Stdlib::Absolutepath]"], "name": "home"}, {"tag_name": "param", "text": "Key filename", "types": ["Optional[Stdlib::Absolutepath]"], "name": "filename"}, {"tag_name": "param", "text": "Key comment", "types": ["Optional[String]"], "name": "comment"}, {"tag_name": "param", "text": "Additional options to pass on to ssh-keygen", "types": ["Optional[Array[String]]"], "name": "options"}]}, "defaults": {"user": "undef", "type": "'rsa'", "bits": "undef", "home": "undef", "filename": "undef", "comment": "undef", "options": "undef"}, "source": "define ssh_keygen (\n Optional[String] $user = undef,\n Enum['rsa', 'dsa', 'ecdsa', 'ed25519', 'rsa1'] $type = 'rsa',\n Optional[Integer] $bits = undef,\n Optional[Stdlib::Absolutepath] $home = undef,\n Optional[Stdlib::Absolutepath] $filename = undef,\n Optional[String] $comment = undef,\n Optional[Array[String]] $options = undef,\n) {\n Exec { path => '/bin:/usr/bin' }\n\n $_user = $user ? {\n undef => $name,\n default => $user,\n }\n\n $_home = $home ? {\n undef => $_user ? {\n 'root' => \"/${_user}\",\n default => \"/home/${_user}\",\n },\n default => $home,\n }\n\n $_filename = $filename ? {\n undef => \"${_home}/.ssh/id_${type}\",\n default => $filename,\n }\n\n $type_opt = shell_join(['-t', $type])\n\n $bits_opt = $bits ? {\n undef => undef,\n default => shell_join(['-b', $bits])\n }\n\n $filename_opt = shell_join(['-f', $_filename])\n $passphrase_opt = shell_join(['-N', ''])\n\n $comment_opt = $comment ? {\n undef => undef,\n default => shell_join(['-C', $comment])\n }\n\n $options_opt = $options ? {\n undef => undef,\n default => shell_join($options),\n }\n\n $command = delete_undef_values( [\n 'ssh-keygen',\n $type_opt,\n $bits_opt,\n $filename_opt,\n $passphrase_opt,\n $comment_opt,\n $options_opt,\n ]\n )\n\n exec { \"ssh_keygen-${name}\":\n command => join($command, ' '),\n user => $_user,\n creates => $_filename,\n }\n}"}, {"name": "java::adopt", "file": "manifests/adopt.pp", "line": 49, "docstring": {"text": "Defined Type java::adopt", "tags": [{"tag_name": "param", "text": "Install or remove the package.", "types": ["Any"], "name": "ensure"}, {"tag_name": "param", "text": "Version of Java to install, e.g. '8' or '9'. Default values for major and minor versions will be used.", "types": ["Any"], "name": "version"}, {"tag_name": "param", "text": "Major version which should be installed, e.g. '8u101' or '9.0.4'. Must be used together with version_minor.", "types": ["Any"], "name": "version_major"}, {"tag_name": "param", "text": "Minor version which should be installed, e.g. 'b12' (for version = '8') or '11' (for version != '8'). Must be used together with version_major.", "types": ["Any"], "name": "version_minor"}, {"tag_name": "param", "text": "Type of Java Standard Edition to install, jdk or jre.", "types": ["Any"], "name": "java"}, {"tag_name": "param", "text": "Specify a proxy server, with port number if needed. ie: https://example.com:8080. (passed to archive)", "types": ["Any"], "name": "proxy_server"}, {"tag_name": "param", "text": "Proxy server type (none|http|https|ftp). (passed to archive)", "types": ["Any"], "name": "proxy_type"}, {"tag_name": "param", "text": "Full URL", "types": ["Any"], "name": "url"}, {"tag_name": "param", "text": "Directory under which the installation will occur. If not set, defaults to\n/usr/lib/jvm for Debian and /usr/java for RedHat.", "types": ["Any"], "name": "basedir"}, {"tag_name": "param", "text": "Whether to manage the basedir directory. Defaults to false.\nNote: /usr/lib/jvm is managed for Debian by default, separate from this parameter.", "types": ["Any"], "name": "manage_basedir"}, {"tag_name": "param", "text": "Type of installation package for specified version of java_se. java_se 6 comes\nin a few installation package flavors and we need to account for them.\nOptional forced package types: rpm, rpmbin, tar.gz", "types": ["Any"], "name": "package_type"}, {"tag_name": "param", "text": "Whether to manage a symlink that points to the installation directory. Defaults to false.", "types": ["Any"], "name": "manage_symlink"}, {"tag_name": "param", "text": "The name for the optional symlink in the installation directory.", "types": ["Any"], "name": "symlink_name"}, {"tag_name": "summary", "text": "Install one or more versions of AdoptOpenJDK Java."}]}, "defaults": {"ensure": "'present'", "version": "'8'", "version_major": "undef", "version_minor": "undef", "java": "'jdk'", "proxy_server": "undef", "proxy_type": "undef", "url": "undef", "basedir": "undef", "manage_basedir": "true", "package_type": "undef", "manage_symlink": "false", "symlink_name": "undef"}, "source": "define java::adopt (\n $ensure = 'present',\n $version = '8',\n $version_major = undef,\n $version_minor = undef,\n $java = 'jdk',\n $proxy_server = undef,\n $proxy_type = undef,\n $url = undef,\n $basedir = undef,\n $manage_basedir = true,\n $package_type = undef,\n $manage_symlink = false,\n $symlink_name = undef,\n) {\n # archive module is used to download the java package\n include ::archive\n\n # validate java Standard Edition to download\n if $java !~ /(jre|jdk)/ {\n fail('java must be either jre or jdk.')\n }\n\n # determine AdoptOpenJDK Java major and minor version, and installation path\n if $version_major and $version_minor {\n $release_major = $version_major\n $release_minor = $version_minor\n\n if ( $version_major[0] == '8' or $version_major[0] == '9' ) {\n $_version = $version_major[0]\n } else {\n $_version = $version_major[0,2]\n }\n\n $_version_int = Numeric($_version)\n\n if ( $java == 'jre' ) {\n $_append_jre = '-jre'\n } else {\n $_append_jre = ''\n }\n\n # extracted folders look like this:\n # jdk8u202-b08\n # jdk-9.0.4+11\n # jdk-10.0.2+13\n # jdk-11.0.2+9\n # jdk-12.0.1+12\n # jdk8u202-b08-jre\n # jdk-9.0.4+11-jre\n # hence we need to check for the major version and build the install path according to it\n if ( $_version_int == 8 ) {\n $install_path = \"jdk${release_major}-${release_minor}${_append_jre}\"\n } elsif ( $_version_int > 8 ) {\n $install_path = \"jdk-${release_major}+${release_minor}${_append_jre}\"\n } else {\n fail (\"unsupported version ${_version}\")\n }\n } else {\n $_version = $version\n $_version_int = Numeric($_version)\n # use default versions if no specific major and minor version parameters are provided\n case $version {\n '8' : {\n $release_major = '8u202'\n $release_minor = 'b08'\n $install_path = \"${java}8u202-b08\"\n }\n '9' : {\n $release_major = '9.0.4'\n $release_minor = '11'\n $install_path = \"${java}-9.0.4+11\"\n }\n # minor release is given with +<number>, however package etc. works with underscore, so we use underscore here\n '10' : {\n $release_major = '10.0.2'\n $release_minor = '13'\n $install_path = \"${java}-10.0.2+13\"\n }\n '11' : {\n $release_major = '11.0.2'\n $release_minor = '9'\n $install_path = \"${java}-11.0.2+9\"\n }\n # minor release is given with +<number>, however package etc. works with underscore, so we use underscore here\n '12' : {\n $release_major = '12.0.1'\n $release_minor = '12'\n $install_path = \"${java}-12.0.1+12\"\n }\n default : {\n $release_major = '8u202'\n $release_minor = 'b08'\n $install_path = \"${java}8u202-b08\"\n }\n }\n }\n\n # determine package type (exe/tar/rpm), destination directory based on OS\n case $facts['kernel'] {\n 'Linux' : {\n case $facts['os']['family'] {\n 'RedHat', 'Amazon' : {\n if $package_type {\n $_package_type = $package_type\n } else {\n $_package_type = 'tar.gz'\n }\n if $basedir {\n $_basedir = $basedir\n } else {\n $_basedir = '/usr/java'\n }\n }\n 'Debian' : {\n if $package_type {\n $_package_type = $package_type\n } else {\n $_package_type = 'tar.gz'\n }\n if $basedir {\n $_basedir = $basedir\n } else {\n $_basedir = '/usr/lib/jvm'\n }\n }\n default : {\n fail (\"unsupported platform ${$facts['os']['name']}\")\n }\n }\n\n $creates_path = \"${_basedir}/${install_path}\"\n $os = 'linux'\n $destination_dir = '/tmp/'\n }\n default : {\n fail ( \"unsupported platform ${$facts['kernel']}\" )\n }\n }\n\n # set java architecture nomenclature\n $os_architecture = $facts['os']['architecture'] ? {\n undef => $facts['architecture'],\n default => $facts['os']['architecture']\n }\n\n case $os_architecture {\n 'i386' : { $arch = 'x86-32' }\n 'x86_64' : { $arch = 'x64' }\n 'amd64' : { $arch = 'x64' }\n default : {\n fail (\"unsupported platform ${$os_architecture}\")\n }\n }\n\n # package name and path for download from github\n #\n # following are build based on this real life example full URLs:\n #\n # https://github.com/AdoptOpenJDK/openjdk8-binaries/releases/download/jdk8u202-b08/OpenJDK8U-jdk_x64_linux_hotspot_8u202b08.tar.gz\n # https://github.com/AdoptOpenJDK/openjdk9-binaries/releases/download/jdk-9.0.4%2B11/OpenJDK9U-jdk_x64_linux_hotspot_9.0.4_11.tar.gz\n # https://github.com/AdoptOpenJDK/openjdk10-binaries/releases/download/jdk-10.0.2%2B13/OpenJDK10U-jdk_x64_linux_hotspot_10.0.2_13.tar.gz\n # https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.2%2B9/OpenJDK11U-jdk_x64_linux_hotspot_11.0.2_9.tar.gz\n # https://github.com/AdoptOpenJDK/openjdk12-binaries/releases/download/jdk-12.0.1%2B12/OpenJDK12U-jdk_x64_linux_hotspot_12.0.1_12.tar.gz\n # jre just replaces jdk with jre in the archive name, but not in the path name!\n # https://github.com/AdoptOpenJDK/openjdk9-binaries/releases/download/jdk-9.0.4%2B11/OpenJDK9U-jre_x64_linux_hotspot_9.0.4_11.tar.gz\n\n if ( $_version_int == 8 ) {\n $_release_minor_package_name = $release_minor\n } else {\n $_release_minor_package_name = \"_${release_minor}\"\n }\n\n case $_package_type {\n 'tar.gz': {\n $package_name = \"OpenJDK${_version}U-${java}_${arch}_${os}_hotspot_${release_major}${_release_minor_package_name}.tar.gz\"\n }\n default: {\n $package_name = \"OpenJDK${_version}U-${java}_${arch}_${os}_hotspot_${release_major}${_release_minor_package_name}.tar.gz\"\n }\n }\n\n # naming convention changed after major version 8, setting variables to consider that\n # download_folder_prefix always begins with \"jdk\", even for jre! see comments for package_name above\n if ( $_version_int == 8 ) {\n $spacer = '-'\n $download_folder_prefix = 'jdk'\n } else {\n $spacer = '%2B'\n $download_folder_prefix = 'jdk-'\n }\n\n # if complete URL is provided, use this value for source in archive resource\n if $url {\n $source = $url\n }\n else {\n $source = \"https://github.com/AdoptOpenJDK/openjdk${_version}-binaries/releases/download/${download_folder_prefix}${release_major}${spacer}${release_minor}/${package_name}\"\n notice (\"Default source url : ${source}\")\n }\n\n # full path to the installer\n $destination = \"${destination_dir}${package_name}\"\n notice (\"Destination is ${destination}\")\n\n case $_package_type {\n 'tar.gz' : {\n $install_command = \"tar -zxf ${destination} -C ${_basedir}\"\n }\n default : {\n $install_command = \"tar -zxf ${destination} -C ${_basedir}\"\n }\n }\n\n case $ensure {\n 'present' : {\n archive { $destination :\n ensure => present,\n source => $source,\n extract_path => '/tmp',\n cleanup => false,\n creates => $creates_path,\n proxy_server => $proxy_server,\n proxy_type => $proxy_type,\n }\n case $facts['kernel'] {\n 'Linux' : {\n case $facts['os']['family'] {\n 'Debian' : {\n ensure_resource('file', $_basedir, {\n ensure => directory,\n }\n )\n $install_requires = [Archive[$destination], File[$_basedir]]\n }\n default : {\n $install_requires = [Archive[$destination]]\n }\n }\n\n if $manage_basedir {\n if (!defined(File[$_basedir])) {\n file { $_basedir:\n ensure => 'directory',\n before => Exec[\"Install AdoptOpenJDK java ${java} ${_version} ${release_major} ${release_minor}\"],\n }\n }\n }\n\n exec { \"Install AdoptOpenJDK java ${java} ${_version} ${release_major} ${release_minor}\" :\n path => '/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin',\n command => $install_command,\n creates => $creates_path,\n require => $install_requires,\n }\n\n if ($manage_symlink and $symlink_name) {\n file { \"${_basedir}/${symlink_name}\":\n ensure => link,\n target => $creates_path,\n require => Exec[\"Install AdoptOpenJDK java ${java} ${_version} ${release_major} ${release_minor}\"],\n }\n }\n }\n default : {\n fail (\"unsupported platform ${$facts['kernel']}\")\n }\n }\n }\n default : {\n notice (\"Action ${ensure} not supported.\")\n }\n }\n}"}, {"name": "java::adoptium", "file": "manifests/adoptium.pp", "line": 44, "docstring": {"text": "Defined Type java::adoptium", "tags": [{"tag_name": "param", "text": "Install or remove the package.", "types": ["Any"], "name": "ensure"}, {"tag_name": "param", "text": "Major version which should be installed, e.g. '16' or '17'", "types": ["Any"], "name": "version_major"}, {"tag_name": "param", "text": "Minor version which should be installed, e.g. '0'", "types": ["Any"], "name": "version_minor"}, {"tag_name": "param", "text": "Minor version which should be installed, e.g. '2'", "types": ["Any"], "name": "version_patch"}, {"tag_name": "param", "text": "Build version which should be installed, e.g. '07'", "types": ["Any"], "name": "version_build"}, {"tag_name": "param", "text": "Specify a proxy server, with port number if needed. ie: https://example.com:8080. (passed to archive)", "types": ["Any"], "name": "proxy_server"}, {"tag_name": "param", "text": "Proxy server type (none|http|https|ftp). (passed to archive)", "types": ["Any"], "name": "proxy_type"}, {"tag_name": "param", "text": "Full URL", "types": ["Any"], "name": "url"}, {"tag_name": "param", "text": "Directory under which the installation will occur. If not set, defaults to\n/usr/lib/jvm for Debian and /usr/java for RedHat.", "types": ["Any"], "name": "basedir"}, {"tag_name": "param", "text": "Whether to manage the basedir directory. Defaults to false.\nNote: /usr/lib/jvm is managed for Debian by default, separate from this parameter.", "types": ["Any"], "name": "manage_basedir"}, {"tag_name": "param", "text": "Whether to manage a symlink that points to the installation directory. Defaults to false.", "types": ["Any"], "name": "manage_symlink"}, {"tag_name": "param", "text": "The name for the optional symlink in the installation directory.", "types": ["Any"], "name": "symlink_name"}, {"tag_name": "summary", "text": "Install one or more versions of Adoptium Temurin OpenJDK (former AdoptOpenJDK)."}]}, "defaults": {"ensure": "'present'", "version_major": "undef", "version_minor": "undef", "version_patch": "undef", "version_build": "undef", "proxy_server": "undef", "proxy_type": "undef", "url": "undef", "basedir": "undef", "manage_basedir": "true", "manage_symlink": "false", "symlink_name": "undef"}, "source": "define java::adoptium (\n $ensure = 'present',\n $version_major = undef,\n $version_minor = undef,\n $version_patch = undef,\n $version_build = undef,\n $proxy_server = undef,\n $proxy_type = undef,\n $url = undef,\n $basedir = undef,\n $manage_basedir = true,\n $manage_symlink = false,\n $symlink_name = undef,\n) {\n # archive module is used to download the java package\n include ::archive\n\n $install_path = \"jdk-${version_major}.${version_minor}.${version_patch}+${version_build}\"\n\n # determine package type (exe/tar/rpm), destination directory based on OS\n case $facts['kernel'] {\n 'Linux' : {\n case $facts['os']['family'] {\n 'RedHat', 'Amazon' : {\n if $basedir {\n $_basedir = $basedir\n } else {\n $_basedir = '/usr/java'\n }\n }\n 'Debian' : {\n if $basedir {\n $_basedir = $basedir\n } else {\n $_basedir = '/usr/lib/jvm'\n }\n }\n default : {\n fail (\"unsupported platform ${$facts['os']['name']}\")\n }\n }\n\n $creates_path = \"${_basedir}/${install_path}\"\n $os = 'linux_hotspot'\n }\n default : {\n fail ( \"unsupported platform ${$facts['kernel']}\" )\n }\n }\n\n # set java architecture nomenclature\n $os_architecture = $facts['os']['architecture'] ? {\n undef => $facts['architecture'],\n default => $facts['os']['architecture']\n }\n\n case $os_architecture {\n 'i386' : { $arch = 'x86-32' }\n 'x86_64' : { $arch = 'x64' }\n 'amd64' : { $arch = 'x64' }\n default : {\n fail (\"unsupported platform ${$os_architecture}\")\n }\n }\n\n # package name and path for download from github\n #\n # following are build based on this real life example full URLs:\n #\n # https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.1%2B12/OpenJDK17U-jdk_x64_linux_hotspot_17.0.1_12.tar.gz\n # https://github.com/adoptium/temurin16-binaries/releases/download/jdk-16.0.2%2B7/OpenJDK16U-jdk_x64_alpine-linux_hotspot_16.0.2_7.tar.gz\n\n $package_name = \"OpenJDK${version_major}U-jdk_${arch}_${os}_${version_major}.${version_minor}.${version_patch}_${version_build}.tar.gz\"\n\n # if complete URL is provided, use this value for source in archive resource\n if $url {\n $source = $url\n }\n else {\n $source = \"https://github.com/adoptium/temurin${version_major}-binaries/releases/download/jdk-${version_major}.${version_minor}.${version_patch}%2B${version_build}/${package_name}\"\n notice (\"Default source url : ${source}\")\n }\n\n # full path to the installer\n $destination = \"/tmp/${package_name}\"\n notice (\"Destination is ${destination}\")\n\n case $ensure {\n 'present' : {\n archive { $destination :\n ensure => present,\n source => $source,\n extract_path => '/tmp',\n cleanup => false,\n creates => $creates_path,\n proxy_server => $proxy_server,\n proxy_type => $proxy_type,\n }\n case $facts['kernel'] {\n 'Linux' : {\n case $facts['os']['family'] {\n 'Debian' : {\n ensure_resource('file', $_basedir, {\n ensure => directory,\n }\n )\n $install_requires = [Archive[$destination], File[$_basedir]]\n }\n default : {\n $install_requires = [Archive[$destination]]\n }\n }\n\n if $manage_basedir {\n if (!defined(File[$_basedir])) {\n file { $_basedir:\n ensure => 'directory',\n before => Exec[\"Install Adoptium Temurin java ${version_major} ${version_minor} ${version_patch} ${version_build}\"],\n }\n }\n }\n\n exec { \"Install Adoptium Temurin java ${version_major} ${version_minor} ${version_patch} ${version_build}\" :\n path => '/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin',\n command => \"tar -zxf ${destination} -C ${_basedir}\",\n creates => $creates_path,\n require => $install_requires,\n }\n\n if ($manage_symlink and $symlink_name) {\n file { \"${_basedir}/${symlink_name}\":\n ensure => link,\n target => $creates_path,\n require => Exec[\"Install Adoptium Temurin java ${version_major} ${version_minor} ${version_patch} ${version_build}\"],\n }\n }\n }\n default : {\n fail (\"unsupported platform ${$facts['kernel']}\")\n }\n }\n }\n default : {\n notice (\"Action ${ensure} not supported.\")\n }\n }\n}"}, {"name": "java::download", "file": "manifests/download.pp", "line": 56, "docstring": {"text": "Defined Type java::download", "tags": [{"tag_name": "param", "text": "Install or remove the package.", "types": ["Any"], "name": "ensure"}, {"tag_name": "param", "text": "Version of Java to install, e.g. '7' or '8'. Default values for major and minor versions will be used.", "types": ["Any"], "name": "version"}, {"tag_name": "param", "text": "Major version which should be installed, e.g. '8u101'. Must be used together with version_minor.", "types": ["Any"], "name": "version_major"}, {"tag_name": "param", "text": "Minor version which should be installed, e.g. 'b12'. Must be used together with version_major.", "types": ["Any"], "name": "version_minor"}, {"tag_name": "param", "text": "Type of Java Standard Edition to install, jdk or jre.", "types": ["Any"], "name": "java_se"}, {"tag_name": "param", "text": "Specify a proxy server, with port number if needed. ie: https://example.com:8080. (passed to archive)", "types": ["Any"], "name": "proxy_server"}, {"tag_name": "param", "text": "Proxy server type (none|http|https|ftp). (passed to archive)", "types": ["Any"], "name": "proxy_type"}, {"tag_name": "param", "text": "Full URL", "types": ["Any"], "name": "url"}, {"tag_name": "param", "text": "Install Oracles Java Cryptographic Extensions into the JRE or JDK", "types": ["Any"], "name": "jce"}, {"tag_name": "param", "text": "Full URL to the jce zip file", "types": ["Any"], "name": "jce_url"}, {"tag_name": "param", "text": "Directory under which the installation will occur. If not set, defaults to\n/usr/lib/jvm for Debian and /usr/java for RedHat.", "types": ["Any"], "name": "basedir"}, {"tag_name": "param", "text": "Whether to manage the basedir directory. Defaults to false.\nNote: /usr/lib/jvm is managed for Debian by default, separate from this parameter.", "types": ["Any"], "name": "manage_basedir"}, {"tag_name": "param", "text": "Type of installation package for specified version of java_se. java_se 6 comes\nin a few installation package flavors and we need to account for them.\nOptional forced package types: rpm, rpmbin, tar.gz", "types": ["Any"], "name": "package_type"}, {"tag_name": "param", "text": "Whether to manage a symlink that points to the installation directory. Defaults to false.", "types": ["Any"], "name": "manage_symlink"}, {"tag_name": "param", "text": "The name for the optional symlink in the installation directory.", "types": ["Any"], "name": "symlink_name"}, {"tag_name": "summary", "text": "Installs Java from a url location."}]}, "defaults": {"ensure": "'present'", "version": "'8'", "version_major": "undef", "version_minor": "undef", "java_se": "'jdk'", "proxy_server": "undef", "proxy_type": "undef", "url": "undef", "jce": "false", "jce_url": "undef", "basedir": "undef", "manage_basedir": "false", "package_type": "undef", "manage_symlink": "false", "symlink_name": "undef"}, "source": "define java::download (\n $ensure = 'present',\n $version = '8',\n $version_major = undef,\n $version_minor = undef,\n $java_se = 'jdk',\n $proxy_server = undef,\n $proxy_type = undef,\n $url = undef,\n $jce = false,\n $jce_url = undef,\n $basedir = undef,\n $manage_basedir = false,\n $package_type = undef,\n $manage_symlink = false,\n $symlink_name = undef,\n) {\n # archive module is used to download the java package\n include archive\n\n # validate java Standard Edition to download\n if $java_se !~ /(jre|jdk)/ {\n fail('Java SE must be either jre or jdk.')\n }\n\n if $jce {\n if $jce_url {\n $jce_download = $jce_url\n } else {\n fail('JCE URL must be specified')\n }\n }\n\n # determine Java major and minor version, and installation path\n if $version_major and $version_minor {\n $label = $version_major\n $release_major = $version_major\n $release_minor = $version_minor\n\n if $release_major =~ /(\\d+)u(\\d+)/ {\n # Required for CentOS systems where Java8 update number is >= 171 to ensure\n # the package is visible to Puppet. This is only true for installations that\n # don't use the tar.gz package type.\n if $facts['os']['family'] == 'RedHat' and Numeric($2) >= 171 and $package_type != 'tar.gz' {\n $install_path = \"${java_se}1.${1}.0_${2}-amd64\"\n } else {\n $install_path = \"${java_se}1.${1}.0_${2}\"\n }\n } else {\n $install_path = \"${java_se}${release_major}${release_minor}\"\n }\n } else {\n # use default versions if no specific major and minor version parameters are provided\n $label = $version\n case $version {\n '6' : {\n $release_major = '6u45'\n $release_minor = 'b06'\n $install_path = \"${java_se}1.6.0_45\"\n }\n '7' : {\n $release_major = '7u80'\n $release_minor = 'b15'\n $install_path = \"${java_se}1.7.0_80\"\n }\n '8' : {\n $release_major = '8u201'\n $release_minor = 'b09'\n $install_path = \"${java_se}1.8.0_201\"\n }\n default : {\n $release_major = '8u201'\n $release_minor = 'b09'\n $install_path = \"${java_se}1.8.0_201\"\n }\n }\n }\n\n # determine package type (exe/tar/rpm), destination directory based on OS\n case $facts['kernel'] {\n 'Linux' : {\n case $facts['os']['family'] {\n 'RedHat', 'Amazon' : {\n # Oracle Java 6 comes in a special rpmbin format\n if $package_type {\n $_package_type = $package_type\n } elsif $version == '6' {\n $_package_type = 'rpmbin'\n } else {\n $_package_type = 'rpm'\n }\n if $basedir {\n $_basedir = $basedir\n } else {\n $_basedir = '/usr/java'\n }\n }\n 'Debian' : {\n if $package_type {\n $_package_type = $package_type\n } else {\n $_package_type = 'tar.gz'\n }\n if $basedir {\n $_basedir = $basedir\n } else {\n $_basedir = '/usr/lib/jvm'\n }\n }\n default : {\n fail (\"unsupported platform ${$facts['os']['name']}\")\n }\n }\n\n $creates_path = \"${_basedir}/${install_path}\"\n $os = 'linux'\n $destination_dir = '/tmp/'\n }\n default : {\n fail ( \"unsupported platform ${$facts['kernel']}\" )\n }\n }\n\n # Install required unzip packages for jce\n if $jce {\n ensure_resource('package', 'unzip', { 'ensure' => 'present' })\n }\n\n # set java architecture nomenclature\n $os_architecture = $facts['os']['architecture'] ? {\n undef => $facts['os']['architecture'],\n default => $facts['os']['architecture']\n }\n\n case $os_architecture {\n 'i386' : { $arch = 'i586' }\n 'x86_64' : { $arch = 'x64' }\n 'amd64' : { $arch = 'x64' }\n 'aarch64' : { $arch = 'aarch64' }\n 'arm64' : { $arch = 'aarch64' }\n default : {\n fail (\"unsupported platform ${$os_architecture}\")\n }\n }\n\n # following are based on this example:\n # http://download.oracle.com/otn-pub/java/jdk/7u80-b15/jre-7u80-linux-i586.rpm\n #\n # JaveSE 6 distributed in .bin format\n # http://download.oracle.com/otn-pub/java/jdk/6u45-b06/jdk-6u45-linux-i586-rpm.bin\n # http://download.oracle.com/otn-pub/java/jdk/6u45-b06/jdk-6u45-linux-i586.bin\n # package name to use in destination directory for the installer\n case $_package_type {\n 'bin' : {\n $package_name = \"${java_se}-${release_major}-${os}-${arch}.bin\"\n }\n 'rpmbin' : {\n $package_name = \"${java_se}-${release_major}-${os}-${arch}-rpm.bin\"\n }\n 'rpm' : {\n $package_name = \"${java_se}-${release_major}-${os}-${arch}.rpm\"\n }\n 'tar.gz' : {\n $package_name = \"${java_se}-${release_major}-${os}-${arch}.tar.gz\"\n }\n default : {\n $package_name = \"${java_se}-${release_major}-${os}-${arch}.rpm\"\n }\n }\n\n # if complete URL is provided, use this value for source in archive resource\n if $url {\n $source = $url\n }\n else {\n fail('Url must be specified')\n }\n\n # full path to the installer\n $destination = \"${destination_dir}${package_name}\"\n notice (\"Destination is ${destination}\")\n\n case $_package_type {\n 'bin' : {\n $install_command = \"sh ${destination}\"\n }\n 'rpmbin' : {\n $install_command = \"sh ${destination} -x; rpm --force -iv sun*.rpm; rpm --force -iv ${java_se}*.rpm\"\n }\n 'rpm' : {\n $install_command = \"rpm --force -iv ${destination}\"\n }\n 'tar.gz' : {\n $install_command = \"tar -zxf ${destination} -C ${_basedir}\"\n }\n default : {\n $install_command = \"rpm -iv ${destination}\"\n }\n }\n\n case $ensure {\n 'present' : {\n archive { $destination :\n ensure => present,\n source => $source,\n extract_path => '/tmp',\n cleanup => false,\n creates => $creates_path,\n proxy_server => $proxy_server,\n proxy_type => $proxy_type,\n }\n case $facts['kernel'] {\n 'Linux' : {\n case $facts['os']['family'] {\n 'Debian' : {\n ensure_resource('file', $_basedir, {\n ensure => directory,\n }\n )\n $install_requires = [Archive[$destination], File[$_basedir]]\n }\n default : {\n $install_requires = [Archive[$destination]]\n }\n }\n\n if $manage_basedir {\n ensure_resource('file', $_basedir, { 'ensure' => 'directory', 'before' => Exec[\"Install Oracle java_se ${java_se} ${version} ${release_major} ${release_minor}\"] })\n }\n\n exec { \"Install Oracle java_se ${java_se} ${version} ${release_major} ${release_minor}\" :\n path => '/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin',\n command => $install_command,\n creates => $creates_path,\n require => $install_requires,\n }\n\n if ($manage_symlink and $symlink_name) {\n file { \"${_basedir}/${symlink_name}\":\n ensure => link,\n target => $creates_path,\n require => Exec[\"Install Oracle java_se ${java_se} ${version} ${release_major} ${release_minor}\"],\n }\n }\n\n if ($jce and $jce_download != undef) {\n $jce_path = $java_se ? {\n 'jre' => \"${creates_path}/lib/security\",\n 'jdk' => \"${creates_path}/jre/lib/security\"\n }\n archive { \"/tmp/jce-${version}.zip\":\n source => $jce_download,\n extract => true,\n extract_path => $jce_path,\n extract_flags => '-oj',\n creates => \"${jce_path}/US_export_policy.jar\",\n cleanup => false,\n proxy_server => $proxy_server,\n proxy_type => $proxy_type,\n require => [\n Package['unzip'],\n Exec[\"Install Oracle java_se ${java_se} ${version} ${release_major} ${release_minor}\"]\n ],\n }\n }\n }\n default : {\n fail (\"unsupported platform ${$facts['kernel']}\")\n }\n }\n }\n default : {\n notice (\"Action ${ensure} not supported.\")\n }\n }\n}"}, {"name": "java::sap", "file": "manifests/sap.pp", "line": 38, "docstring": {"text": "Defined Type java::sap", "tags": [{"tag_name": "param", "text": "Install or remove the package.", "types": ["Any"], "name": "ensure"}, {"tag_name": "param", "text": "Version of Java to install, e.g. '8' or '9'. Default values for full versions will be used.", "types": ["Any"], "name": "version"}, {"tag_name": "param", "text": "Major version which should be installed, e.g. '8.1.063' or '11.0.7'. If used, \"version\" parameter is ignored.", "types": ["Any"], "name": "version_full"}, {"tag_name": "param", "text": "Type of Java Edition to install, jdk or jre.", "types": ["Any"], "name": "java"}, {"tag_name": "param", "text": "Specify a proxy server, with port number if needed. ie: https://example.com:8080. (passed to archive)", "types": ["Any"], "name": "proxy_server"}, {"tag_name": "param", "text": "Proxy server type (none|http|https|ftp). (passed to archive)", "types": ["Any"], "name": "proxy_type"}, {"tag_name": "param", "text": "Directory under which the installation will occur. If not set, defaults to\n/usr/lib/jvm for Debian and /usr/java for RedHat.", "types": ["Any"], "name": "basedir"}, {"tag_name": "param", "text": "Whether to manage the basedir directory. Defaults to false.\nNote: /usr/lib/jvm is managed for Debian by default, separate from this parameter.", "types": ["Any"], "name": "manage_basedir"}, {"tag_name": "param", "text": "Whether to manage a symlink that points to the installation directory. Defaults to false.", "types": ["Any"], "name": "manage_symlink"}, {"tag_name": "param", "text": "The name for the optional symlink in the installation directory.", "types": ["Any"], "name": "symlink_name"}, {"tag_name": "summary", "text": "Install one or more versions of SAPJVM or Sapmachine"}]}, "defaults": {"ensure": "'present'", "version": "'8'", "version_full": "undef", "java": "'jdk'", "proxy_server": "undef", "proxy_type": "undef", "basedir": "undef", "manage_basedir": "true", "manage_symlink": "false", "symlink_name": "undef"}, "source": "define java::sap (\n $ensure = 'present',\n $version = '8',\n $version_full = undef,\n $java = 'jdk',\n $proxy_server = undef,\n $proxy_type = undef,\n $basedir = undef,\n $manage_basedir = true,\n $manage_symlink = false,\n $symlink_name = undef,\n) {\n # archive module is used to download the java package\n include ::archive\n\n # validate java edition to download\n if $java !~ /(jre|jdk)/ {\n fail('java must be either jre or jdk.')\n }\n\n # determine version and installation path\n if $version_full {\n $_version_array = $version_full.scanf('%i')\n $_version_int = $_version_array[0]\n $_version_full = $version_full\n } else {\n $_version = $version\n $_version_int = Numeric($_version)\n # use default versions if full version parameter is not provided\n case $version {\n '7' : {\n $_version_full = '7.1.072'\n if ($java != 'jdk') {\n fail('java parameter is not jdk. jre is not supported on version 7')\n }\n }\n '8' : {\n $_version_full = '8.1.065'\n if ($java != 'jdk') {\n fail('java parameter is not jdk. jre is not supported on version 8')\n }\n }\n '11' : {\n $_version_full = '11.0.7'\n }\n '14' : {\n $_version_full = '14.0.1'\n }\n default : {\n fail(\"${version} not yet supported by module\")\n }\n }\n }\n\n # extracted folders look like this:\n # sapjvm_8\n # sapmachine-jdk-11.0.7\n if ($_version_int == 7 or $_version_int == 8) {\n $_creates_folder = \"sapjvm_${_version_int}\"\n } else {\n $_creates_folder = \"sapmachine-${java}-${_version_full}\"\n }\n\n # determine destination directory based on OS\n case $facts['kernel'] {\n 'Linux' : {\n case $facts['os']['family'] {\n 'RedHat', 'Amazon' : {\n if $basedir {\n $_basedir = $basedir\n } else {\n $_basedir = '/usr/java'\n }\n }\n 'Debian' : {\n if $basedir {\n $_basedir = $basedir\n } else {\n $_basedir = '/usr/lib/jvm'\n }\n }\n default : {\n fail (\"unsupported os family ${$facts['os']['name']}\")\n }\n }\n $creates_path = \"${_basedir}/${_creates_folder}\"\n }\n default : {\n fail ( \"unsupported platform ${$facts['kernel']}\" )\n }\n }\n\n $_os_architecture = $facts['os']['architecture'] ? {\n undef => $facts['architecture'],\n default => $facts['os']['architecture']\n }\n\n if ($_os_architecture != 'x86_64' and $_os_architecture != 'amd64') {\n fail (\"unsupported platform ${_os_architecture}\")\n }\n\n # download links look like this (examples):\n # https://tools.hana.ondemand.com/additional/sapjvm-8.1.065-linux-x64.zip\n # https://github.com/SAP/SapMachine/releases/download/sapmachine-11.0.7/sapmachine-jre-11.0.7_linux-x64_bin.tar.gz\n # https://github.com/SAP/SapMachine/releases/download/sapmachine-11.0.7/sapmachine-jdk-11.0.7_linux-x64_bin.tar.gz\n # https://github.com/SAP/SapMachine/releases/download/sapmachine-14.0.1/sapmachine-jdk-14.0.1_linux-x64_bin.tar.gz\n\n # cookie is currently at version 3.1, but may be changed one day. It is only required for download at SAP.\n # by using this module you agree with the EULA presented at tools.hana.ondemand.com download page!\n # Github does not require it\n\n if ( $_version_int == 7 or $_version_int == 8 ) {\n # sapjvm download\n $archive_filename = \"sapjvm-${_version_full}-linux-x64.zip\"\n $source = \"https://tools.hana.ondemand.com/additional/${archive_filename}\"\n $cookie = 'eula_3_1_agreed=tools.hana.ondemand.com/developer-license-3_1.txt'\n\n if (!defined(Package['unzip'])) {\n package { 'unzip':\n ensure => 'present',\n before => Archive[\"/tmp/${archive_filename}\"],\n }\n }\n } else {\n $archive_filename = \"sapmachine-${java}-${_version_full}_linux-x64_bin.tar.gz\"\n $source = \"https://github.com/SAP/SapMachine/releases/download/sapmachine-${_version_full}/${archive_filename}\"\n $cookie = undef\n\n if (!defined(Package['tar'])) {\n package { 'tar':\n ensure => 'present',\n before => Archive[\"/tmp/${archive_filename}\"],\n }\n }\n if (!defined(Package['gzip'])) {\n package { 'gzip':\n ensure => 'present',\n before => Archive[\"/tmp/${archive_filename}\"],\n }\n }\n }\n\n case $ensure {\n 'present' : {\n case $facts['kernel'] {\n 'Linux' : {\n if ($manage_basedir or $facts['os']['family'] == 'Debian') {\n if (!defined(File[$_basedir])) {\n file { $_basedir:\n ensure => 'directory',\n before => Archive[\"/tmp/${archive_filename}\"],\n }\n }\n }\n\n archive { \"/tmp/${archive_filename}\" :\n ensure => present,\n source => $source,\n extract => true,\n extract_path => $_basedir,\n cleanup => false,\n creates => $creates_path,\n cookie => $cookie,\n proxy_server => $proxy_server,\n proxy_type => $proxy_type,\n }\n\n if ($manage_symlink and $symlink_name) {\n file { \"${_basedir}/${symlink_name}\":\n ensure => link,\n target => $creates_path,\n require => Archive[\"/tmp/${archive_filename}\"],\n }\n }\n }\n default : {\n fail (\"unsupported platform ${$facts['kernel']}\")\n }\n }\n }\n default : {\n notice (\"Action ${ensure} not supported.\")\n }\n }\n}"}, {"name": "nginx::resource::geo", "file": "manifests/resource/geo.pp", "line": 57, "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "nginx::resource::geo { 'client_network':\n ensure => present,\n ranges => false,\n default => extra,\n proxy_recursive => false,\n proxies => [ '192.168.99.99' ],\n networks => {\n '10.0.0.0/8' => 'intra',\n '172.16.0.0/12' => 'intra',\n '192.168.0.0/16' => 'intra',\n }\n}", "name": "Puppet usage"}, {"tag_name": "example", "text": "nginx::geo_mappings:\n client_network:\n ensure: present\n ranges: false\n default: 'extra'\n proxy_recursive: false\n proxies:\n - 192.168.99.99\n networks:\n '10.0.0.0/8': 'intra'\n '172.16.0.0/12': 'intra'\n '192.168.0.0/16': 'intra'", "name": "Hiera usage"}, {"tag_name": "param", "text": "Hash of geo lookup keys and resultant values", "types": ["Hash"], "name": "networks"}, {"tag_name": "param", "text": "Sets the resulting value if the source value fails to match any of the\nvariants.", "types": ["Optional[String]"], "name": "default"}, {"tag_name": "param", "text": "Enables or disables the specified location", "types": ["Enum['present', 'absent']"], "name": "ensure"}, {"tag_name": "param", "text": "Indicates that lookup keys (network addresses) are specified as ranges.", "types": ["Boolean"], "name": "ranges"}, {"tag_name": "param", "text": "Nginx defaults to using $remote_addr for testing. This allows you to\noverride that with another variable name (automatically prefixed with $)", "types": ["Optional[String]"], "name": "address"}, {"tag_name": "param", "text": "deletes the specified network (see: geo module docs)", "types": ["Optional[String]"], "name": "delete"}, {"tag_name": "param", "text": "Changes the behavior of address acquisition when specifying trusted\nproxies via 'proxies' directive", "types": ["Optional[Boolean]"], "name": "proxy_recursive"}, {"tag_name": "param", "text": "Hash of network->value mappings.", "types": ["Optional[Array]"], "name": "proxies"}, {"tag_name": "summary", "text": "Create a new geo mapping entry for NGINX"}]}, "defaults": {"default": "undef", "ensure": "'present'", "ranges": "false", "address": "undef", "delete": "undef", "proxies": "undef", "proxy_recursive": "undef"}, "source": "define nginx::resource::geo (\n Hash $networks,\n Optional[String] $default = undef,\n Enum['present', 'absent'] $ensure = 'present',\n Boolean $ranges = false,\n Optional[String] $address = undef,\n Optional[String] $delete = undef,\n Optional[Array] $proxies = undef,\n Optional[Boolean] $proxy_recursive = undef\n) {\n if ! defined(Class['nginx']) {\n fail('You must include the nginx base class before using any defined resources')\n }\n\n $root_group = $nginx::root_group\n $conf_dir = \"${nginx::conf_dir}/conf.d\"\n\n $ensure_real = $ensure ? {\n 'absent' => 'absent',\n default => 'file',\n }\n\n file { \"${conf_dir}/${name}-geo.conf\":\n ensure => $ensure_real,\n owner => 'root',\n group => $root_group,\n mode => $nginx::global_mode,\n content => template('nginx/conf.d/geo.erb'),\n notify => Class['nginx::service'],\n tag => 'nginx_config_file',\n }\n}"}, {"name": "nginx::resource::location", "file": "manifests/resource/location.pp", "line": 230, "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "nginx::resource::location { 'test2.local-bob':\n ensure => present,\n www_root => '/var/www/bob',\n location => '/bob',\n server => 'test2.local',\n}", "name": "Simple example"}, {"tag_name": "example", "text": "nginx::resource::location { 'test2.local-bob':\n ensure => present,\n www_root => '/var/www/bob',\n location => '/bob',\n server => ['test1.local','test2.local'],\n}", "name": "Use one location in multiple servers"}, {"tag_name": "example", "text": "$my_config = {\n 'access_log' => 'off',\n 'allow' => '127.0.0.1',\n 'deny' => 'all'\n}\nnginx::resource::location { 'test2.local-bob':\n ensure => present,\n www_root => '/var/www/bob',\n location => '/bob',\n server => 'test2.local',\n location_cfg_append => $my_config,\n}", "name": "Custom config example to limit location on localhost, create a hash with any extra custom config you want."}, {"tag_name": "example", "text": "nginx::resource::location { 'test2.local-bob':\n ensure => present,\n www_root => '/var/www/bob',\n location => '/bob',\n server => 'test2.local',\n fastcgi_param => {\n 'APP_ENV' => 'local',\n }\n}", "name": "Add Custom fastcgi_params"}, {"tag_name": "example", "text": "nginx::resource::location { 'test2.local-bob':\n ensure => present,\n www_root => '/var/www/bob',\n location => '/bob',\n server => 'test2.local',\n uwsgi_param => {\n 'APP_ENV' => 'local',\n }\n}", "name": "Add Custom uwsgi_params"}, {"tag_name": "param", "text": "Enables or disables the specified location\n(present|absent)", "types": ["Enum['present', 'absent']"], "name": "ensure"}, {"tag_name": "param", "text": "Indicates whether or not this location can be\nused for internal requests only. Default: false", "types": ["Boolean"], "name": "internal"}, {"tag_name": "param", "text": "Defines a server or list of servers that include this location", "types": ["Variant[String[1],Array[String[1],1]]"], "name": "server"}, {"tag_name": "param", "text": "Specifies the URI associated with this location\nentry", "types": ["String"], "name": "location"}, {"tag_name": "param", "text": "Allows access if all (all) or at least one (any) of the auth modules allow access.", "types": ["Optional[Enum['any', 'all']]"], "name": "location_satisfy"}, {"tag_name": "param", "text": "Locations to allow connections from.", "types": ["Optional[Array]"], "name": "location_allow"}, {"tag_name": "param", "text": "Locations to deny connections from.", "types": ["Optional[Array]"], "name": "location_deny"}, {"tag_name": "param", "text": "Specifies the location on disk for files to be read from. Cannot be set in\nconjunction with $proxy", "types": ["Optional[String]"], "name": "www_root"}, {"tag_name": "param", "text": "Set it on 'on' to activate autoindex directory listing.", "types": ["Optional[String]"], "name": "autoindex"}, {"tag_name": "param", "text": "Set it on 'on' or 'off' to activate/deactivate autoindex displaying exact\nfilesize, or rounded to kilobytes, megabytes and gigabytes.", "types": ["Optional[Enum['on', 'off']]"], "name": "autoindex_exact_size"}, {"tag_name": "param", "text": "Sets the format of a directory listing.", "types": ["Optional[Enum['html', 'xml', 'json', 'jsonp']]"], "name": "autoindex_format"}, {"tag_name": "param", "text": "Specifies whether times in the directory listing should be output in the\nlocal time zone or UTC.", "types": ["Optional[Enum['on', 'off']]"], "name": "autoindex_localtime"}, {"tag_name": "param", "text": "Default index files for NGINX to read when traversing a directory", "types": ["Array"], "name": "index_files"}, {"tag_name": "param", "text": "Proxy server(s) for a location to connect to. Accepts a single value, can\nbe used in conjunction with nginx::resource::upstream", "types": ["Optional[String]"], "name": "proxy"}, {"tag_name": "param", "text": "sets the text, which must be changed in response-header \"Location\" and\n\"Refresh\" in the response of the proxied server.", "types": ["Optional[String]"], "name": "proxy_redirect"}, {"tag_name": "param", "text": "Override the default the proxy read timeout value of 90 seconds", "types": ["String"], "name": "proxy_read_timeout"}, {"tag_name": "param", "text": "Override the default the proxy connect timeout value of 90 seconds", "types": ["String"], "name": "proxy_connect_timeout"}, {"tag_name": "param", "text": "Override the default the proxy send timeout\nvalue of 90 seconds", "types": ["String"], "name": "proxy_send_timeout"}, {"tag_name": "param", "text": "Array of server headers to set", "types": ["Array"], "name": "proxy_set_header"}, {"tag_name": "param", "text": "Array of server headers to hide", "types": ["Array"], "name": "proxy_hide_header"}, {"tag_name": "param", "text": "Array of server headers to pass", "types": ["Array"], "name": "proxy_pass_header"}, {"tag_name": "param", "text": "Array of server headers to ignore", "types": ["Array"], "name": "proxy_ignore_header"}, {"tag_name": "param", "text": "Specify cases a request should be passed to the next server in the upstream.", "types": ["Optional[String]"], "name": "proxy_next_upstream"}, {"tag_name": "param", "text": "location of fastcgi (host:port)", "types": ["Optional[String]"], "name": "fastcgi"}, {"tag_name": "param", "text": "Set additional custom fastcgi_params", "types": ["Optional[Hash]"], "name": "fastcgi_param"}, {"tag_name": "param", "text": "optional alternative fastcgi_params file to use", "types": ["String"], "name": "fastcgi_params"}, {"tag_name": "param", "text": "optional SCRIPT_FILE parameter", "types": ["Optional[String]"], "name": "fastcgi_script"}, {"tag_name": "param", "text": "Allows settings of fastcgi_split_path_info so that you can split the\nscript_name and path_info via regex", "types": ["Optional[String]"], "name": "fastcgi_split_path"}, {"tag_name": "param", "text": "location of uwsgi (host:port)", "types": ["Optional[String]"], "name": "uwsgi"}, {"tag_name": "param", "text": "Set additional custom uwsgi_params", "types": ["Optional[Hash]"], "name": "uwsgi_param"}, {"tag_name": "param", "text": "optional alternative uwsgi_params file to use", "types": ["String"], "name": "uwsgi_params"}, {"tag_name": "param", "text": "optional value for uwsgi_read_timeout", "types": ["Optional[String]"], "name": "uwsgi_read_timeout"}, {"tag_name": "param", "text": "Indicates whether to setup SSL bindings for this location.", "types": ["Boolean"], "name": "ssl"}, {"tag_name": "param", "text": "Required if the SSL and normal server have the same port.", "types": ["Boolean"], "name": "ssl_only"}, {"tag_name": "param", "text": "Path to be used as basis for serving requests for this location", "types": ["Optional[String]"], "name": "location_alias"}, {"tag_name": "param", "text": "If true it will point configure module stub_status to provide nginx stats\non location", "types": ["Optional[Boolean]"], "name": "stub_status"}, {"tag_name": "param", "text": "A single string, or an array of strings to prepend to the location\ndirective (after custom_cfg directives). NOTE: YOU are responsible for a\nsemicolon on each line that requires one.", "types": ["Optional[Variant[String, Array]]"], "name": "raw_prepend"}, {"tag_name": "param", "text": "A single string, or an array of strings to append to the location directive\n(after custom_cfg directives). NOTE: YOU are responsible for a semicolon on\neach line that requires one.", "types": ["Optional[Variant[String, Array]]"], "name": "raw_append"}, {"tag_name": "param", "text": "Apply a limit_req_zone to the location. Expects a string indicating a\npreviously defined limit_req_zone in the main nginx configuration", "types": ["Optional[String[1]]"], "name": "limit_zone"}, {"tag_name": "param", "text": "Expects a hash with custom directives, cannot be used with other location\ntypes (proxy, fastcgi, root, or stub_status)", "types": ["Optional[Hash]"], "name": "location_custom_cfg"}, {"tag_name": "param", "text": "Expects a hash with extra directives to put before anything else inside\nlocation (used with all other types except custom_cfg)", "types": ["Optional[Hash]"], "name": "location_cfg_prepend"}, {"tag_name": "param", "text": "Expects a array with extra directives to put before anything else inside\nlocation (used with all other types except custom_cfg). Used for logical\nstructures such as if.", "types": ["Optional[Hash]"], "name": "location_custom_cfg_prepend"}, {"tag_name": "param", "text": "Expects a array with extra directives to put after anything else inside\nlocation (used with all other types except custom_cfg). Used for logical\nstructures such as if.", "types": ["Optional[Hash]"], "name": "location_custom_cfg_append"}, {"tag_name": "param", "text": "Expects a hash with extra directives to put\nafter everything else inside location (used with all other types except\ncustom_cfg)", "types": ["Optional[Hash]"], "name": "location_cfg_append"}, {"tag_name": "param", "text": "An array of files to include for this location", "types": ["Optional[Array]"], "name": "include"}, {"tag_name": "param", "text": "An array of file locations to try", "types": ["Optional[Array]"], "name": "try_files"}, {"tag_name": "param", "text": "This directive sets name of zone for caching. The same zone can be used in\nmultiple places.", "types": ["Optional[String]"], "name": "proxy_cache"}, {"tag_name": "param", "text": "Override the default proxy_cache_key of $scheme$proxy_host$request_uri", "types": ["Optional[String]"], "name": "proxy_cache_key"}, {"tag_name": "param", "text": "Override the default proxy_cache_use_stale value of off.", "types": ["Optional[String]"], "name": "proxy_cache_use_stale"}, {"tag_name": "param", "text": "This directive sets the time for caching different replies.", "types": ["Optional[Variant[Array, String]]"], "name": "proxy_cache_valid"}, {"tag_name": "param", "text": "This directive sets the locking mechanism for pouplating cache.", "types": ["Optional[Enum['on', 'off']]"], "name": "proxy_cache_lock"}, {"tag_name": "param", "text": "Defines conditions which the response will not be cached", "types": ["Optional[Variant[Array, String]]"], "name": "proxy_cache_bypass"}, {"tag_name": "param", "text": "If defined, overrides the HTTP method of the request to be passed to the\nbackend.", "types": ["Optional[String]"], "name": "proxy_method"}, {"tag_name": "param", "text": "Sets the proxy http version", "types": ["Optional[String]"], "name": "proxy_http_version"}, {"tag_name": "param", "text": "If defined, sets the body passed to the backend.", "types": ["Optional[String]"], "name": "proxy_set_body"}, {"tag_name": "param", "text": "If defined, sets the proxy_buffering to the passed value.", "types": ["Optional[Enum['on', 'off']]"], "name": "proxy_buffering"}, {"tag_name": "param", "text": "If defined, sets the proxy_request_buffering to the passed value.", "types": ["Optional[Enum['on', 'off']]"], "name": "proxy_request_buffering"}, {"tag_name": "param", "text": "Sets the maximum size of the temporary buffer file.", "types": ["Optional[Nginx::Size]"], "name": "proxy_max_temp_file_size"}, {"tag_name": "param", "text": "Sets the total size of buffers that can be busy sending a response to the\nclient while the response is not yet fully read.", "types": ["Optional[Nginx::Size]"], "name": "proxy_busy_buffers_size"}, {"tag_name": "param", "text": "Enables or disables the absolute redirect functionality of nginx", "types": ["Optional[Enum['on', 'off']]"], "name": "absolute_redirect"}, {"tag_name": "param", "text": "This directive includes testing name and password with HTTP Basic\nAuthentication.", "types": ["Optional[String]"], "name": "auth_basic"}, {"tag_name": "param", "text": "This directive sets the htpasswd filename for the authentication realm.", "types": ["Optional[String]"], "name": "auth_basic_user_file"}, {"tag_name": "param", "text": "This allows you to specify a custom auth endpoint", "types": ["Optional[String]"], "name": "auth_request"}, {"tag_name": "param", "text": "Location priority. User priority 401-499, 501-599. If the priority is\nhigher than the default priority (500), the location will be defined after\nroot, or before root.", "types": ["Integer[401,599]"], "name": "priority"}, {"tag_name": "param", "text": "Indicates whether or not this loation can be\nused for mp4 streaming. Default: false", "types": ["Boolean"], "name": "mp4"}, {"tag_name": "param", "text": "Indicates whether or not this loation can be\nused for flv streaming. Default: false", "types": ["Boolean"], "name": "flv"}, {"tag_name": "param", "text": "Setup expires time for locations content", "types": ["Optional[String]"], "name": "expires"}, {"tag_name": "param", "text": "Adds headers to the location block. If any are specified, locations will\nno longer inherit headers from the parent server context", "types": ["Hash"], "name": "add_header"}, {"tag_name": "param", "text": "Defines gzip_static, nginx default is off", "types": ["Optional[Enum['on', 'off', 'always']]"], "name": "gzip_static"}, {"tag_name": "param", "text": "Enables or disables resetting timed out connections and connections closed\nwith the non-standard code 444.", "types": ["Optional[Enum['on', 'off']]"], "name": "reset_timedout_connection"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "fastcgi_index"}, {"tag_name": "param", "text": "", "types": ["Array"], "name": "rewrite_rules"}, {"tag_name": "summary", "text": "Create a new location entry within a virtual host"}]}, "defaults": {"ensure": "'present'", "internal": "false", "location": "$name", "server": "undef", "www_root": "undef", "autoindex": "undef", "autoindex_exact_size": "undef", "autoindex_format": "undef", "autoindex_localtime": "undef", "index_files": "[\n 'index.html',\n 'index.htm',\n 'index.php',\n ]", "proxy": "undef", "proxy_redirect": "$nginx::proxy_redirect", "proxy_read_timeout": "$nginx::proxy_read_timeout", "proxy_connect_timeout": "$nginx::proxy_connect_timeout", "proxy_send_timeout": "$nginx::proxy_send_timeout", "proxy_set_header": "$nginx::proxy_set_header", "proxy_hide_header": "$nginx::proxy_hide_header", "proxy_pass_header": "$nginx::proxy_pass_header", "proxy_ignore_header": "$nginx::proxy_ignore_header", "proxy_next_upstream": "undef", "fastcgi": "undef", "fastcgi_index": "undef", "fastcgi_param": "undef", "fastcgi_params": "\"${nginx::conf_dir}/fastcgi.conf\"", "fastcgi_script": "undef", "fastcgi_split_path": "undef", "uwsgi": "undef", "uwsgi_param": "undef", "uwsgi_params": "\"${nginx::config::conf_dir}/uwsgi_params\"", "uwsgi_read_timeout": "undef", "ssl": "false", "ssl_only": "false", "location_alias": "undef", "limit_zone": "undef", "location_satisfy": "undef", "location_allow": "undef", "location_deny": "undef", "stub_status": "undef", "raw_prepend": "undef", "raw_append": "undef", "location_custom_cfg": "undef", "location_cfg_prepend": "undef", "location_cfg_append": "undef", "location_custom_cfg_prepend": "undef", "location_custom_cfg_append": "undef", "include": "undef", "try_files": "undef", "proxy_cache": "undef", "proxy_cache_key": "undef", "proxy_cache_use_stale": "undef", "proxy_cache_lock": "undef", "proxy_cache_valid": "undef", "proxy_cache_bypass": "undef", "proxy_method": "undef", "proxy_http_version": "undef", "proxy_set_body": "undef", "proxy_buffering": "undef", "proxy_request_buffering": "undef", "proxy_max_temp_file_size": "undef", "proxy_busy_buffers_size": "undef", "absolute_redirect": "undef", "auth_basic": "undef", "auth_basic_user_file": "undef", "auth_request": "undef", "rewrite_rules": "[]", "priority": "500", "mp4": "false", "flv": "false", "expires": "undef", "add_header": "{}", "gzip_static": "undef", "reset_timedout_connection": "undef"}, "source": "define nginx::resource::location (\n Enum['present', 'absent'] $ensure = 'present',\n Boolean $internal = false,\n String $location = $name,\n Variant[String[1],Array[String[1],1]] $server = undef,\n Optional[String] $www_root = undef,\n Optional[String] $autoindex = undef,\n Optional[Enum['on', 'off']] $autoindex_exact_size = undef,\n Optional[Enum['html', 'xml', 'json', 'jsonp']] $autoindex_format = undef,\n Optional[Enum['on', 'off']] $autoindex_localtime = undef,\n Array $index_files = [\n 'index.html',\n 'index.htm',\n 'index.php',\n ],\n Optional[String] $proxy = undef,\n Optional[String] $proxy_redirect = $nginx::proxy_redirect,\n String $proxy_read_timeout = $nginx::proxy_read_timeout,\n String $proxy_connect_timeout = $nginx::proxy_connect_timeout,\n String $proxy_send_timeout = $nginx::proxy_send_timeout,\n Array $proxy_set_header = $nginx::proxy_set_header,\n Array $proxy_hide_header = $nginx::proxy_hide_header,\n Array $proxy_pass_header = $nginx::proxy_pass_header,\n Array $proxy_ignore_header = $nginx::proxy_ignore_header,\n Optional[String] $proxy_next_upstream = undef,\n Optional[String] $fastcgi = undef,\n Optional[String] $fastcgi_index = undef,\n Optional[Hash] $fastcgi_param = undef,\n String $fastcgi_params = \"${nginx::conf_dir}/fastcgi.conf\",\n Optional[String] $fastcgi_script = undef,\n Optional[String] $fastcgi_split_path = undef,\n Optional[String] $uwsgi = undef,\n Optional[Hash] $uwsgi_param = undef,\n String $uwsgi_params = \"${nginx::config::conf_dir}/uwsgi_params\",\n Optional[String] $uwsgi_read_timeout = undef,\n Boolean $ssl = false,\n Boolean $ssl_only = false,\n Optional[String] $location_alias = undef,\n Optional[String[1]] $limit_zone = undef,\n Optional[Enum['any', 'all']] $location_satisfy = undef,\n Optional[Array] $location_allow = undef,\n Optional[Array] $location_deny = undef,\n Optional[Boolean] $stub_status = undef,\n Optional[Variant[String, Array]] $raw_prepend = undef,\n Optional[Variant[String, Array]] $raw_append = undef,\n Optional[Hash] $location_custom_cfg = undef,\n Optional[Hash] $location_cfg_prepend = undef,\n Optional[Hash] $location_cfg_append = undef,\n Optional[Hash] $location_custom_cfg_prepend = undef,\n Optional[Hash] $location_custom_cfg_append = undef,\n Optional[Array] $include = undef,\n Optional[Array] $try_files = undef,\n Optional[String] $proxy_cache = undef,\n Optional[String] $proxy_cache_key = undef,\n Optional[String] $proxy_cache_use_stale = undef,\n Optional[Enum['on', 'off']] $proxy_cache_lock = undef,\n Optional[Variant[Array, String]] $proxy_cache_valid = undef,\n Optional[Variant[Array, String]] $proxy_cache_bypass = undef,\n Optional[String] $proxy_method = undef,\n Optional[String] $proxy_http_version = undef,\n Optional[String] $proxy_set_body = undef,\n Optional[Enum['on', 'off']] $proxy_buffering = undef,\n Optional[Enum['on', 'off']] $proxy_request_buffering = undef,\n Optional[Nginx::Size] $proxy_max_temp_file_size = undef,\n Optional[Nginx::Size] $proxy_busy_buffers_size = undef,\n Optional[Enum['on', 'off']] $absolute_redirect = undef,\n Optional[String] $auth_basic = undef,\n Optional[String] $auth_basic_user_file = undef,\n Optional[String] $auth_request = undef,\n Array $rewrite_rules = [],\n Integer[401,599] $priority = 500,\n Boolean $mp4 = false,\n Boolean $flv = false,\n Optional[String] $expires = undef,\n Hash $add_header = {},\n Optional[Enum['on', 'off', 'always']] $gzip_static = undef,\n Optional[Enum['on', 'off']] $reset_timedout_connection = undef,\n) {\n if ! defined(Class['nginx']) {\n fail('You must include the nginx base class before using any defined resources')\n }\n\n $root_group = $nginx::root_group\n\n File {\n owner => 'root',\n group => $root_group,\n mode => $nginx::global_mode,\n notify => Class['nginx::service'],\n }\n\n # # Shared Variables\n $ensure_real = $ensure ? {\n 'absent' => absent,\n default => file,\n }\n\n if ($www_root and $proxy) {\n fail(\"Cannot define both directory and proxy in ${server}:${title}\")\n }\n\n # Use proxy, fastcgi or uwsgi template if $proxy is defined, otherwise use directory template.\n # fastcgi_script is deprecated\n if ($fastcgi_script != undef) {\n warning('The $fastcgi_script parameter is deprecated; please use $fastcgi_param instead to define custom fastcgi_params!')\n }\n\n # Only try to manage these files if they're the default one (as you presumably\n # usually don't want the default template if you're using a custom file.\n\n if (\n $ensure == 'present' and\n $fastcgi != undef and\n !defined(File[$fastcgi_params]) and\n $fastcgi_params == \"${nginx::conf_dir}/fastcgi.conf\"\n ) {\n file { $fastcgi_params:\n ensure => 'file',\n mode => $nginx::global_mode,\n content => template($nginx::fastcgi_conf_template),\n tag => 'nginx_config_file',\n }\n }\n\n if $ensure == 'present' and $uwsgi != undef and !defined(File[$uwsgi_params]) and $uwsgi_params == \"${nginx::conf_dir}/uwsgi_params\" {\n file { $uwsgi_params:\n ensure => 'file',\n mode => $nginx::global_mode,\n content => template($nginx::uwsgi_params_template),\n tag => 'nginx_config_file',\n }\n }\n\n any2array($server).each |$s| {\n $server_sanitized = regsubst($s, ' ', '_', 'G')\n if $nginx::confd_only {\n $server_dir = \"${nginx::conf_dir}/conf.d\"\n } else {\n $server_dir = \"${nginx::conf_dir}/sites-available\"\n }\n\n $config_file = \"${server_dir}/${server_sanitized}.conf\"\n if $ensure == 'present' {\n ## Create stubs for server File Fragment Pattern\n $location_md5 = md5($location)\n if ($ssl_only != true) {\n concat::fragment { \"${server_sanitized}-${priority}-${location_md5}\":\n target => $config_file,\n content => template('nginx/server/location.erb'),\n order => $priority,\n }\n }\n\n ## Only create SSL Specific locations if $ssl is true.\n if ($ssl == true or $ssl_only == true) {\n $ssl_priority = $priority + 300\n\n concat::fragment { \"${server_sanitized}-${ssl_priority}-${location_md5}-ssl\":\n target => $config_file,\n content => template('nginx/server/location.erb'),\n order => $ssl_priority,\n }\n }\n }\n }\n}"}, {"name": "nginx::resource::mailhost", "file": "manifests/resource/mailhost.pp", "line": 128, "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "nginx::resource::mailhost { 'domain1.example':\n ensure => present,\n auth_http => 'server2.example/cgi-bin/auth',\n protocol => 'smtp',\n listen_port => 587,\n ssl_port => 465,\n starttls => 'only',\n xclient => 'off',\n ssl => true,\n ssl_cert => '/tmp/server.crt',\n ssl_key => '/tmp/server.pem',\n}", "name": "SMTP server definition"}, {"tag_name": "param", "text": "Enables or disables the specified mailhost", "types": ["Enum['absent', 'present']"], "name": "ensure"}, {"tag_name": "param", "text": "Default IP Address for NGINX to listen with this server on. Defaults to all interfaces (*)", "types": ["Variant[Array[String], String]"], "name": "listen_ip"}, {"tag_name": "param", "text": "Default IP Port for NGINX to listen with this server on.", "types": ["Stdlib::Port"], "name": "listen_port"}, {"tag_name": "param", "text": "Extra options for listen directive like 'default' to catchall.", "types": ["Optional[String]"], "name": "listen_options"}, {"tag_name": "param", "text": "value to enable/disable IPv6 support (false|true). Module will check to see\nif IPv6 support exists on your system before enabling.", "types": ["Boolean"], "name": "ipv6_enable"}, {"tag_name": "param", "text": "Default IPv6 Address for NGINX to listen with this server on. Defaults to\nall interfaces (::)", "types": ["Variant[Array[String], String]"], "name": "ipv6_listen_ip"}, {"tag_name": "param", "text": "Default IPv6 Port for NGINX to listen with this server on.", "types": ["Stdlib::Port"], "name": "ipv6_listen_port"}, {"tag_name": "param", "text": "Extra options for listen directive like 'default' to catchall. Template\nwill allways add ipv6only=on. While issue jfryman/puppet-nginx#30 is\ndiscussed, default value is 'default'.", "types": ["String"], "name": "ipv6_listen_options"}, {"tag_name": "param", "text": "Indicates whether to setup SSL bindings for this mailhost.", "types": ["Boolean"], "name": "ssl"}, {"tag_name": "param", "text": "Pre-generated SSL Certificate file to reference for SSL Support. This is\nnot generated by this module.", "types": ["Optional[String]"], "name": "ssl_cert"}, {"tag_name": "param", "text": "Override default SSL ciphers.", "types": ["String"], "name": "ssl_ciphers"}, {"tag_name": "param", "text": "Pre-generated SSL Certificate file to reference for client verify SSL\nSupport. This is not generated by this module.", "types": ["Optional[String]"], "name": "ssl_client_cert"}, {"tag_name": "param", "text": "String: Specifies CRL path in file system", "types": ["Optional[String]"], "name": "ssl_crl"}, {"tag_name": "param", "text": "This directive specifies a file containing Diffie-Hellman key agreement\nprotocol cryptographic parameters, in PEM format, utilized for exchanging\nsession keys between server and client.", "types": ["Optional[String]"], "name": "ssl_dhparam"}, {"tag_name": "param", "text": "This directive specifies a curve for ECDHE ciphers.", "types": ["Optional[String]"], "name": "ssl_ecdh_curve"}, {"tag_name": "param", "text": "Pre-generated SSL Key file to reference for SSL Support. This is not\ngenerated by this module.", "types": ["Optional[String]"], "name": "ssl_key"}, {"tag_name": "param", "text": "This directive specifies a file containing passphrases for secret keys.", "types": ["Optional[String]"], "name": "ssl_password_file"}, {"tag_name": "param", "text": "Default IP Port for NGINX to listen with this SSL server on.", "types": ["Optional[Stdlib::Port]"], "name": "ssl_port"}, {"tag_name": "param", "text": "Specifies that server ciphers should be preferred over client ciphers when\nusing the SSLv3 and TLS protocols.", "types": ["Enum['on', 'off']"], "name": "ssl_prefer_server_ciphers"}, {"tag_name": "param", "text": "SSL protocols enabled.", "types": ["String"], "name": "ssl_protocols"}, {"tag_name": "param", "text": "Sets the type and size of the session cache.", "types": ["Optional[String]"], "name": "ssl_session_cache"}, {"tag_name": "param", "text": "This directive specifies a file containing secret key used to encrypt and\ndecrypt TLS session tickets.", "types": ["Optional[String]"], "name": "ssl_session_ticket_key"}, {"tag_name": "param", "text": "Whether to enable or disable session resumption through TLS session tickets.", "types": ["Optional[String]"], "name": "ssl_session_tickets"}, {"tag_name": "param", "text": "Specifies a time during which a client may reuse the session parameters\nstored in a cache.", "types": ["String"], "name": "ssl_session_timeout"}, {"tag_name": "param", "text": "Specifies a file with trusted CA certificates in the PEM format used to\nverify client certificates and OCSP responses if ssl_stapling is enabled.", "types": ["Optional[String]"], "name": "ssl_trusted_cert"}, {"tag_name": "param", "text": "Sets the verification depth in the client certificates chain.", "types": ["Optional[Integer]"], "name": "ssl_verify_depth"}, {"tag_name": "param", "text": "Enable STARTTLS support", "types": ["Enum['on', 'off', 'only']"], "name": "starttls"}, {"tag_name": "param", "text": "Mail protocol to use", "types": ["Optional[Enum['imap', 'pop3', 'smtp']]"], "name": "protocol"}, {"tag_name": "param", "text": "With this directive you can set the URL to the external HTTP-like server\nfor authorization.", "types": ["Optional[String]"], "name": "auth_http"}, {"tag_name": "param", "text": "Whether to use xclient for smtp", "types": ["Enum['on', 'off']"], "name": "xclient"}, {"tag_name": "param", "text": "Sets permitted methods of authentication for IMAP clients.", "types": ["Optional[String]"], "name": "imap_auth"}, {"tag_name": "param", "text": "Sets the IMAP protocol extensions list that is passed to the client in\nresponse to the CAPA command.", "types": ["Optional[Array]"], "name": "imap_capabilities"}, {"tag_name": "param", "text": "Sets the IMAP commands read buffer size.", "types": ["Optional[String]"], "name": "imap_client_buffer"}, {"tag_name": "param", "text": "Sets permitted methods of authentication for POP3 clients.", "types": ["Optional[String]"], "name": "pop3_auth"}, {"tag_name": "param", "text": "Sets the POP3 protocol extensions list that is passed to the client in\nresponse to the CAPA command.", "types": ["Optional[Array]"], "name": "pop3_capabilities"}, {"tag_name": "param", "text": "Sets permitted methods of SASL authentication for SMTP clients.", "types": ["Optional[String]"], "name": "smtp_auth"}, {"tag_name": "param", "text": "Sets the SMTP protocol extensions list that is passed to the client in\nresponse to the EHLO command.", "types": ["Optional[Array]"], "name": "smtp_capabilities"}, {"tag_name": "param", "text": "Indicates whether to pass the error message obtained during the\nauthentication on the backend to the client.", "types": ["String"], "name": "proxy_pass_error_message"}, {"tag_name": "param", "text": "List of mailhostnames for which this mailhost will respond.", "types": ["Array"], "name": "server_name"}, {"tag_name": "param", "text": "A single string, or an array of strings to prepend to the server directive\n(after mailhost_cfg_prepend directive). NOTE: YOU are responsible for a\nsemicolon on each line that requires one.", "types": ["Optional[Variant[Array, String]]"], "name": "raw_prepend"}, {"tag_name": "param", "text": "A single string, or an array of strings to append to the server directive\n(after mailhost_cfg_append directive). NOTE: YOU are responsible for a\nsemicolon on each line that requires one.", "types": ["Optional[Variant[Array, String]]"], "name": "raw_append"}, {"tag_name": "param", "text": "It expects a hash with custom directives to put after everything else\ninside server", "types": ["Optional[Hash]"], "name": "mailhost_cfg_append"}, {"tag_name": "param", "text": "It expects a hash with custom directives to put before everything else\ninside server", "types": ["Optional[Hash]"], "name": "mailhost_cfg_prepend"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "auth_http_header"}, {"tag_name": "summary", "text": "Define a mailhost"}]}, "defaults": {"ensure": "'present'", "listen_ip": "'*'", "listen_options": "undef", "ipv6_enable": "false", "ipv6_listen_ip": "'::'", "ipv6_listen_port": "$listen_port", "ipv6_listen_options": "'default ipv6only=on'", "ssl": "false", "ssl_cert": "undef", "ssl_ciphers": "$nginx::ssl_ciphers", "ssl_client_cert": "undef", "ssl_crl": "undef", "ssl_dhparam": "$nginx::ssl_dhparam", "ssl_ecdh_curve": "undef", "ssl_key": "undef", "ssl_password_file": "undef", "ssl_port": "undef", "ssl_prefer_server_ciphers": "$nginx::ssl_prefer_server_ciphers", "ssl_protocols": "$nginx::ssl_protocols", "ssl_session_cache": "undef", "ssl_session_ticket_key": "undef", "ssl_session_tickets": "undef", "ssl_session_timeout": "'5m'", "ssl_trusted_cert": "undef", "ssl_verify_depth": "undef", "starttls": "'off'", "protocol": "undef", "auth_http": "undef", "auth_http_header": "undef", "xclient": "'on'", "imap_auth": "undef", "imap_capabilities": "undef", "imap_client_buffer": "undef", "pop3_auth": "undef", "pop3_capabilities": "undef", "smtp_auth": "undef", "smtp_capabilities": "undef", "raw_prepend": "undef", "raw_append": "undef", "mailhost_cfg_prepend": "undef", "mailhost_cfg_append": "undef", "proxy_pass_error_message": "'off'", "server_name": "[$name]"}, "source": "define nginx::resource::mailhost (\n Stdlib::Port $listen_port,\n Enum['absent', 'present'] $ensure = 'present',\n Variant[Array[String], String] $listen_ip = '*',\n Optional[String] $listen_options = undef,\n Boolean $ipv6_enable = false,\n Variant[Array[String], String] $ipv6_listen_ip = '::',\n Stdlib::Port $ipv6_listen_port = $listen_port,\n String $ipv6_listen_options = 'default ipv6only=on',\n Boolean $ssl = false,\n Optional[String] $ssl_cert = undef,\n String $ssl_ciphers = $nginx::ssl_ciphers,\n Optional[String] $ssl_client_cert = undef,\n Optional[String] $ssl_crl = undef,\n Optional[String] $ssl_dhparam = $nginx::ssl_dhparam,\n Optional[String] $ssl_ecdh_curve = undef,\n Optional[String] $ssl_key = undef,\n Optional[String] $ssl_password_file = undef,\n Optional[Stdlib::Port] $ssl_port = undef,\n Enum['on', 'off'] $ssl_prefer_server_ciphers = $nginx::ssl_prefer_server_ciphers,\n String $ssl_protocols = $nginx::ssl_protocols,\n Optional[String] $ssl_session_cache = undef,\n Optional[String] $ssl_session_ticket_key = undef,\n Optional[String] $ssl_session_tickets = undef,\n String $ssl_session_timeout = '5m',\n Optional[String] $ssl_trusted_cert = undef,\n Optional[Integer] $ssl_verify_depth = undef,\n Enum['on', 'off', 'only'] $starttls = 'off',\n Optional[Enum['imap', 'pop3', 'smtp']] $protocol = undef,\n Optional[String] $auth_http = undef,\n Optional[String] $auth_http_header = undef,\n Enum['on', 'off'] $xclient = 'on',\n Optional[String] $imap_auth = undef,\n Optional[Array] $imap_capabilities = undef,\n Optional[String] $imap_client_buffer = undef,\n Optional[String] $pop3_auth = undef,\n Optional[Array] $pop3_capabilities = undef,\n Optional[String] $smtp_auth = undef,\n Optional[Array] $smtp_capabilities = undef,\n Optional[Variant[Array, String]] $raw_prepend = undef,\n Optional[Variant[Array, String]] $raw_append = undef,\n Optional[Hash] $mailhost_cfg_prepend = undef,\n Optional[Hash] $mailhost_cfg_append = undef,\n String $proxy_pass_error_message = 'off',\n Array $server_name = [$name]\n) {\n if ! defined(Class['nginx']) {\n fail('You must include the nginx base class before using any defined resources')\n }\n\n # Add IPv6 Logic Check - Nginx service will not start if ipv6 is enabled\n # and support does not exist for it in the kernel.\n if ($ipv6_enable and !$facts['networking']['ip6']) {\n warning('nginx: IPv6 support is not enabled or configured properly')\n }\n\n # Check to see if SSL Certificates are properly defined.\n if ($ssl or $starttls == 'on' or $starttls == 'only') {\n if ($ssl_cert == undef) or ($ssl_key == undef) {\n fail('nginx: SSL certificate/key (ssl_cert/ssl_cert) and/or SSL Private must be defined and exist on the target system(s)')\n }\n }\n\n $config_dir = \"${nginx::conf_dir}/conf.mail.d\"\n $config_file = \"${config_dir}/${name}.conf\"\n\n concat { $config_file:\n ensure => $ensure,\n owner => 'root',\n group => $nginx::root_group,\n mode => $nginx::global_mode,\n notify => Class['nginx::service'],\n require => File[$config_dir],\n tag => 'nginx_config_file',\n }\n\n if $ssl_port == undef or $listen_port != $ssl_port {\n concat::fragment { \"${name}-header\":\n target => $config_file,\n content => template('nginx/mailhost/mailhost.erb'),\n order => '001',\n }\n }\n\n # Create SSL File Stubs if SSL is enabled\n if $ssl {\n concat::fragment { \"${name}-ssl\":\n target => $config_file,\n content => template('nginx/mailhost/mailhost_ssl.erb'),\n order => '700',\n }\n }\n}"}, {"name": "nginx::resource::map", "file": "manifests/resource/map.pp", "line": 66, "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "nginx::resource::map { 'backend_pool':\n ensure => present,\n hostnames => true,\n default => 'ny-pool-1,\n string => '$http_host',\n mappings => {\n '*.nyc.example.com' => 'ny-pool-1',\n '*.sf.example.com' => 'sf-pool-1',\n }\n}", "name": ""}, {"tag_name": "example", "text": "nginx::resource::map { 'backend_pool':\n ...\n mappings => [\n { 'key' => '*.sf.example.com', 'value' => 'sf-pool-1' },\n { 'key' => '*.nyc.example.com', 'value' => 'ny-pool-1' },\n ]\n}", "name": "Preserving input of order of mappings"}, {"tag_name": "example", "text": "nginx::resource::map { 'redirections':\n include_files => [ '/etc/nginx/conf.d/redirections.map']\n}", "name": "Using external include"}, {"tag_name": "example", "text": "nginx::string_mappings:\n client_network:\n ensure: present\n hostnames: true\n default: 'ny-pool-1'\n string: $http_host\n mappings:\n '*.nyc.example.com': 'ny-pool-1'\n '*.sf.example.com': 'sf-pool-1'", "name": "Hiera usage"}, {"tag_name": "example", "text": "nginx::string_mappings:\n client_network:\n ...\n mappings:\n - key: '*.sf.example.com'\n value: 'sf-pool-1'\n - key: '*.nyc.example.com'\n value: 'ny-pool-1'", "name": "Hiera usage: preserving input of order of mappings:"}, {"tag_name": "param", "text": "Enables or disables the specified location", "types": ["Enum['absent', 'present']"], "name": "ensure"}, {"tag_name": "param", "text": "Sets the resulting value if the source values fails to match any of the\nvariants.", "types": ["Optional[String]"], "name": "default"}, {"tag_name": "param", "text": "Source string or variable to provide mapping for", "types": ["String[2]"], "name": "string"}, {"tag_name": "param", "text": "Hash of map lookup keys and resultant values", "types": ["Variant[Array, Hash]"], "name": "mappings"}, {"tag_name": "param", "text": "Indicates that source values can be hostnames with a prefix or suffix mask.", "types": ["Boolean"], "name": "hostnames"}, {"tag_name": "param", "text": "An array of external files to include", "types": ["Array[String]"], "name": "include_files"}, {"tag_name": "param", "text": "Specify if mapping is for http or stream context", "types": ["Enum['http', 'stream']"], "name": "context"}, {"tag_name": "summary", "text": "Create a new mapping entry for NGINX"}]}, "defaults": {"default": "undef", "ensure": "'present'", "include_files": "[]", "hostnames": "false", "context": "'http'"}, "source": "define nginx::resource::map (\n String[2] $string,\n Variant[Array, Hash] $mappings,\n Optional[String] $default = undef,\n Enum['absent', 'present'] $ensure = 'present',\n Array[String] $include_files = [],\n Boolean $hostnames = false,\n Enum['http', 'stream'] $context = 'http',\n) {\n if ! defined(Class['nginx']) {\n fail('You must include the nginx base class before using any defined resources')\n }\n\n $root_group = $nginx::root_group\n\n $conf_dir = $context ? {\n 'stream' => \"${nginx::conf_dir}/conf.stream.d\",\n 'http' => \"${nginx::conf_dir}/conf.d\",\n }\n\n $ensure_real = $ensure ? {\n 'absent' => absent,\n default => 'file',\n }\n\n file { \"${conf_dir}/${name}-map.conf\":\n ensure => $ensure_real,\n owner => 'root',\n group => $root_group,\n mode => $nginx::global_mode,\n content => template('nginx/conf.d/map.erb'),\n notify => Class['nginx::service'],\n tag => 'nginx_config_file',\n }\n}"}, {"name": "nginx::resource::server", "file": "manifests/resource/server.pp", "line": 284, "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "nginx::resource::server { 'test2.local':\n ensure => present,\n www_root => '/var/www/nginx-default',\n ssl => true,\n ssl_cert => '/tmp/server.crt',\n ssl_key => '/tmp/server.pem',\n}", "name": ""}, {"tag_name": "param", "text": "Enables or disables the specified server", "types": ["Enum['absent', 'present']"], "name": "ensure"}, {"tag_name": "param", "text": "Default IP Address for NGINX to listen with this server on. Defaults to all\ninterfaces (*)", "types": ["Variant[Array, String]"], "name": "listen_ip"}, {"tag_name": "param", "text": "Default TCP Port for NGINX to listen with this server on.", "types": ["Stdlib::Port"], "name": "listen_port"}, {"tag_name": "param", "text": "Extra options for listen directive like 'default_server' to catchall.", "types": ["Optional[String]"], "name": "listen_options"}, {"tag_name": "param", "text": "value to enable/disable UNIX socket listening support.", "types": ["Boolean"], "name": "listen_unix_socket_enable"}, {"tag_name": "param", "text": "Default unix socket for NGINX to listen with this server on.", "types": ["Variant[Array[Stdlib::Absolutepath], Stdlib::Absolutepath]"], "name": "listen_unix_socket"}, {"tag_name": "param", "text": "Extra options for listen directive like 'default' to catchall.", "types": ["Optional[String]"], "name": "listen_unix_socket_options"}, {"tag_name": "param", "text": "Allows access if all (all) or at least one (any) of the auth modules allow\naccess.", "types": ["Optional[Enum['any', 'all']]"], "name": "location_satisfy"}, {"tag_name": "param", "text": "Locations to allow connections from.", "types": ["Array"], "name": "location_allow"}, {"tag_name": "param", "text": "Locations to deny connections from.", "types": ["Array"], "name": "location_deny"}, {"tag_name": "param", "text": "value to enable/disable IPv6 support (false|true). Module will check to see\nif IPv6 support exists on your system before enabling.", "types": ["Boolean"], "name": "ipv6_enable"}, {"tag_name": "param", "text": "Default IPv6 Address for NGINX to listen with this server on. Defaults to all interfaces (::)", "types": ["Variant[Array, String]"], "name": "ipv6_listen_ip"}, {"tag_name": "param", "text": "Default IPv6 Port for NGINX to listen with this server on. Defaults to TCP 80", "types": ["Stdlib::Port"], "name": "ipv6_listen_port"}, {"tag_name": "param", "text": "Extra options for listen directive like 'default' to catchall. Template\nwill allways add ipv6only=on. While issue jfryman/puppet-nginx#30 is\ndiscussed, default value is 'default'.", "types": ["String"], "name": "ipv6_listen_options"}, {"tag_name": "param", "text": "Adds headers to the HTTP response when response code is equal to 200, 204,\n301, 302 or 304.", "types": ["Hash"], "name": "add_header"}, {"tag_name": "param", "text": "Default index files for NGINX to read when traversing a directory", "types": ["Array"], "name": "index_files"}, {"tag_name": "param", "text": "Set it on 'on' or 'off 'to activate/deactivate autoindex directory listing.", "types": ["Optional[String]"], "name": "autoindex"}, {"tag_name": "param", "text": "Set it on 'on' or 'off' to activate/deactivate autoindex displaying exact\nfilesize, or rounded to kilobytes, megabytes and gigabytes.", "types": ["Optional[Enum['on', 'off']]"], "name": "autoindex_exact_size"}, {"tag_name": "param", "text": "Sets the format of a directory listing.", "types": ["Optional[Enum['html', 'xml', 'json', 'jsonp']]"], "name": "autoindex_format"}, {"tag_name": "param", "text": "Specifies whether times in the directory listing should be output in the\nlocal time zone or UTC.", "types": ["Optional[Enum['on', 'off']]"], "name": "autoindex_localtime"}, {"tag_name": "param", "text": "Enables or disables resetting timed out connections and connections closed\nwith the non-standard code 444.", "types": ["Optional[Enum['on', 'off']]"], "name": "reset_timedout_connection"}, {"tag_name": "param", "text": "Proxy server(s) for the root location to connect to. Accepts a single\nvalue, can be used in conjunction with nginx::resource::upstream", "types": ["Optional[String]"], "name": "proxy"}, {"tag_name": "param", "text": "Override the default proxy read timeout value of 90 seconds", "types": ["String"], "name": "proxy_read_timeout"}, {"tag_name": "param", "text": "Override the default proxy send timeout value of 90 seconds", "types": ["String"], "name": "proxy_send_timeout"}, {"tag_name": "param", "text": "Override the default proxy_redirect value of off.", "types": ["Optional[String]"], "name": "proxy_redirect"}, {"tag_name": "param", "text": "If defined, sets the proxy_buffering to the passed value.", "types": ["Optional[String]"], "name": "proxy_buffering"}, {"tag_name": "param", "text": "If defined, sets the proxy_request_buffering to the passed value.", "types": ["Optional[String]"], "name": "proxy_request_buffering"}, {"tag_name": "param", "text": "Sets the maximum size of the temporary buffer file.", "types": ["Optional[Nginx::Size]"], "name": "proxy_max_temp_file_size"}, {"tag_name": "param", "text": "Sets the total size of buffers that can be busy sending a response to the\nclient while the response is not yet fully read.", "types": ["Optional[Nginx::Size]"], "name": "proxy_busy_buffers_size"}, {"tag_name": "param", "text": "Configures name servers used to resolve names of upstream servers into addresses.", "types": ["Array"], "name": "resolver"}, {"tag_name": "param", "text": "location of fastcgi (host:port)", "types": ["Optional[String]"], "name": "fastcgi"}, {"tag_name": "param", "text": "Set additional custom fastcgi_params", "types": ["Any"], "name": "fastcgi_param"}, {"tag_name": "param", "text": "optional alternative fastcgi_params file to use", "types": ["String"], "name": "fastcgi_params"}, {"tag_name": "param", "text": "optional FastCGI index page", "types": ["Optional[String]"], "name": "fastcgi_index"}, {"tag_name": "param", "text": "optional SCRIPT_FILE parameter", "types": ["Optional[String]"], "name": "fastcgi_script"}, {"tag_name": "param", "text": "optional value for uwsgi_read_timeout", "types": ["Optional[String]"], "name": "uwsgi_read_timeout"}, {"tag_name": "param", "text": "Indicates whether to setup SSL bindings for this server.", "types": ["Boolean"], "name": "ssl"}, {"tag_name": "param", "text": "Pre-generated SSL Certificate file to reference for SSL Support. This is\nnot generated by this module. Set to `false` to inherit from the http\nsection, which improves performance by conserving memory.\nUse an array to add multiple SSL Certificates.", "types": ["Optional[Variant[String, Boolean, Array[String]]]"], "name": "ssl_cert"}, {"tag_name": "param", "text": "Pre-generated SSL Certificate file to reference for client verify SSL\nSupport. This is not generated by this module.", "types": ["Optional[String]"], "name": "ssl_client_cert"}, {"tag_name": "param", "text": "Enables verification of client certificates.", "types": ["String"], "name": "ssl_verify_client"}, {"tag_name": "param", "text": "Specifies CRL path in file system", "types": ["Optional[String]"], "name": "ssl_crl"}, {"tag_name": "param", "text": "This directive specifies a file containing Diffie-Hellman key agreement\nprotocol cryptographic parameters, in PEM format, utilized for exchanging\nsession keys between server and client.", "types": ["Optional[String]"], "name": "ssl_dhparam"}, {"tag_name": "param", "text": "This directive specifies a curve for ECDHE ciphers.", "types": ["Optional[String]"], "name": "ssl_ecdh_curve"}, {"tag_name": "param", "text": "String: Specifies that server ciphers should be preferred over client\nciphers when using the SSLv3 and TLS protocols.", "types": ["Optional[Enum['on', 'off']]"], "name": "ssl_prefer_server_ciphers"}, {"tag_name": "param", "text": "Adds a server directive and return statement to force ssl redirect. Will\nhonor ssl_port if it's set.", "types": ["Boolean"], "name": "ssl_redirect"}, {"tag_name": "param", "text": "Overrides $ssl_port in the SSL redirect set by ssl_redirect", "types": ["Optional[Integer]"], "name": "ssl_redirect_port"}, {"tag_name": "param", "text": "Pre-generated SSL Key file to reference for SSL Support. This is not\ngenerated by this module. Set to `false` to inherit from the http section,\nwhich improves performance by conserving memory.\nUse an array to add multiple SSL Keys.", "types": ["Optional[Variant[String, Boolean, Array[String]]]"], "name": "ssl_key"}, {"tag_name": "param", "text": "Default IP Port for NGINX to listen with this SSL server on.", "types": ["Integer"], "name": "ssl_port"}, {"tag_name": "param", "text": "SSL protocols enabled. Defaults to 'TLSv1 TLSv1.1 TLSv1.2'.", "types": ["Optional[String]"], "name": "ssl_protocols"}, {"tag_name": "param", "text": "Sets the size of the buffer used for sending data.", "types": ["Optional[String]"], "name": "ssl_buffer_size"}, {"tag_name": "param", "text": "SSL ciphers enabled.", "types": ["Optional[String]"], "name": "ssl_ciphers"}, {"tag_name": "param", "text": "Enables or disables stapling of OCSP responses by the server.", "types": ["Boolean"], "name": "ssl_stapling"}, {"tag_name": "param", "text": "When set, the stapled OCSP response will be taken from the specified file\ninstead of querying the OCSP responder specified in the server certificate.", "types": ["Optional[String]"], "name": "ssl_stapling_file"}, {"tag_name": "param", "text": "Overrides the URL of the OCSP responder specified in the Authority\nInformation Access certificate extension.", "types": ["Optional[String]"], "name": "ssl_stapling_responder"}, {"tag_name": "param", "text": "Enables or disables verification of OCSP responses by the server. Defaults to false.", "types": ["Boolean"], "name": "ssl_stapling_verify"}, {"tag_name": "param", "text": "Specifies a time during which a client may reuse the session parameters stored in a cache.\n Defaults to 5m.", "types": ["Optional[String]"], "name": "ssl_session_timeout"}, {"tag_name": "param", "text": "Enables or disables session resumption through TLS session tickets.", "types": ["Optional[Enum['on', 'off']]"], "name": "ssl_session_tickets"}, {"tag_name": "param", "text": "Sets a file with the secret key used to encrypt and decrypt TLS session tickets.", "types": ["Optional[String]"], "name": "ssl_session_ticket_key"}, {"tag_name": "param", "text": "Specifies a file with trusted CA certificates in the PEM format used to verify client\n certificates and OCSP responses if ssl_stapling is enabled.", "types": ["Optional[String]"], "name": "ssl_trusted_cert"}, {"tag_name": "param", "text": "Sets the verification depth in the client certificates chain.", "types": ["Optional[Integer]"], "name": "ssl_verify_depth"}, {"tag_name": "param", "text": "File containing the password for the SSL Key file.", "types": ["Optional[Stdlib::Absolutepath]"], "name": "ssl_password_file"}, {"tag_name": "param", "text": "Toggles SPDY protocol.", "types": ["Enum['on', 'off']"], "name": "spdy"}, {"tag_name": "param", "text": "Toggles HTTP/2 protocol.", "types": ["Enum['on', 'off']"], "name": "http2"}, {"tag_name": "param", "text": "List of servernames for which this server will respond. Default [$name].", "types": ["Array[String]"], "name": "server_name"}, {"tag_name": "param", "text": "Specifies the location on disk for files to be read from. Cannot be set in conjunction with $proxy", "types": ["Optional[String]"], "name": "www_root"}, {"tag_name": "param", "text": "Adds a server directive and rewrite rule to rewrite www.domain.com to domain.com in order to avoid\n duplicate content (SEO);", "types": ["Boolean"], "name": "rewrite_www_to_non_www"}, {"tag_name": "param", "text": "Adds a server directive and rewrite rule to rewrite domain.com to www.domain.com in order to avoid\n duplicate content (SEO);", "types": ["Boolean"], "name": "rewrite_non_www_to_www"}, {"tag_name": "param", "text": "Specifies the locations for files to be checked as an array. Cannot be used in conjuction with $proxy.", "types": ["Optional[Array[String]]"], "name": "try_files"}, {"tag_name": "param", "text": "This directive sets name of zone for caching. The same zone can be used in multiple places.", "types": ["Optional[String]"], "name": "proxy_cache"}, {"tag_name": "param", "text": "Override the default proxy_cache_key of $scheme$proxy_host$request_uri", "types": ["Optional[String]"], "name": "proxy_cache_key"}, {"tag_name": "param", "text": "Override the default proxy_cache_use_stale value of off.", "types": ["Optional[String]"], "name": "proxy_cache_use_stale"}, {"tag_name": "param", "text": "This directive sets the time for caching different replies.", "types": ["Optional[Variant[Array[String], String]]"], "name": "proxy_cache_valid"}, {"tag_name": "param", "text": "This directive sets the locking mechanism for pouplating cache.", "types": ["Optional[Enum['on', 'off']]"], "name": "proxy_cache_lock"}, {"tag_name": "param", "text": "Defines conditions which the response will not be cached", "types": ["Optional[Variant[Array[String], String]]"], "name": "proxy_cache_bypass"}, {"tag_name": "param", "text": "If defined, overrides the HTTP method of the request to be passed to the backend.", "types": ["Optional[String]"], "name": "proxy_method"}, {"tag_name": "param", "text": "Sets the proxy http version", "types": ["Optional[String]"], "name": "proxy_http_version"}, {"tag_name": "param", "text": "If defined, sets the body passed to the backend.", "types": ["Optional[String]"], "name": "proxy_set_body"}, {"tag_name": "param", "text": "Enables or disables the absolute redirect functionality of nginx", "types": ["Optional[Enum['on', 'off']]"], "name": "absolute_redirect"}, {"tag_name": "param", "text": "This directive includes testing name and password with HTTP Basic Authentication.", "types": ["Optional[String]"], "name": "auth_basic"}, {"tag_name": "param", "text": "This directive sets the htpasswd filename for the authentication realm.", "types": ["Optional[String]"], "name": "auth_basic_user_file"}, {"tag_name": "param", "text": "This allows you to specify a custom auth endpoint", "types": ["Optional[String]"], "name": "auth_request"}, {"tag_name": "param", "text": "This directive sets client_max_body_size.", "types": ["Any"], "name": "client_max_body_size"}, {"tag_name": "param", "text": "Sets how long the server will wait for a client body. Default is 60s", "types": ["Optional[String]"], "name": "client_body_timeout"}, {"tag_name": "param", "text": "Sets how long the server will wait for a client header. Default is 60s", "types": ["Optional[String]"], "name": "client_header_timeout"}, {"tag_name": "param", "text": "A single string, or an array of strings to prepend to the server directive\n(after cfg prepend directives). NOTE: YOU are responsible for a semicolon\non each line that requires one.", "types": ["Optional[Variant[Array[String], String]]"], "name": "raw_prepend"}, {"tag_name": "param", "text": "A single string, or an array of strings to append to the server directive\n(after cfg append directives). NOTE: YOU are responsible for a semicolon on\neach line that requires one.", "types": ["Optional[Variant[Array[String], String]]"], "name": "raw_append"}, {"tag_name": "param", "text": "A single string, or an array of strings to prepend to the location\ndirective (after custom_cfg directives). NOTE: YOU are responsible for a\nsemicolon on each line that requires one.", "types": ["Optional[Variant[Array[String], String]]"], "name": "location_raw_prepend"}, {"tag_name": "param", "text": "A single string, or an array of strings to append to the location directive\n(after custom_cfg directives). NOTE: YOU are responsible for a semicolon on\neach line that requires one.", "types": ["Optional[Variant[Array[String], String]]"], "name": "location_raw_append"}, {"tag_name": "param", "text": "It expects a hash with custom directives to put after everything else inside server", "types": ["Optional[Hash]"], "name": "server_cfg_append"}, {"tag_name": "param", "text": "It expects a hash with custom directives to put before everything else inside server", "types": ["Optional[Hash]"], "name": "server_cfg_prepend"}, {"tag_name": "param", "text": "It expects a hash with custom directives to put after everything else inside server ssl", "types": ["Optional[Hash]"], "name": "server_cfg_ssl_append"}, {"tag_name": "param", "text": "It expects a hash with custom directives to put before everything else inside server ssl", "types": ["Optional[Hash]"], "name": "server_cfg_ssl_prepend"}, {"tag_name": "param", "text": "Adds include files to server", "types": ["Optional[Array[String]]"], "name": "include_files"}, {"tag_name": "param", "text": "Where to write access log (log format can be set with $format_log). This\ncan be either a string or an array; in the latter case, multiple lines will\nbe created. Additionally, unlike the earlier behavior, setting it to\n'absent' in the server context will remove this directive entirely from the\nserver stanza, rather than setting a default. Can also be disabled for this\nserver with the string 'off'.", "types": ["Optional[Variant[String, Array]]"], "name": "access_log"}, {"tag_name": "param", "text": "Where to write error log. May add additional options like error level to\nthe end. May set to 'absent', in which case it will be omitted in this\nserver stanza (and default to nginx.conf setting)", "types": ["Optional[Variant[String, Array]]"], "name": "error_log"}, {"tag_name": "param", "text": "Allows one to define additional CGI environment variables to pass to the backend application", "types": ["Optional[Hash]"], "name": "passenger_cgi_param"}, {"tag_name": "param", "text": "Allows one to set headers to pass to the backend application (Passenger 5.0+)", "types": ["Optional[Hash]"], "name": "passenger_set_header"}, {"tag_name": "param", "text": "Allows one to set environment variables to pass to the backend application (Passenger 5.0+)", "types": ["Optional[Hash]"], "name": "passenger_env_var"}, {"tag_name": "param", "text": "Allows setting a URL to pre-warm the host. Per Passenger docs, the \"domain\npart of the URL\" must match a value of server_name. If this is an array,\nmultiple URLs can be specified.", "types": ["Optional[Variant[Array[String], String]]"], "name": "passenger_pre_start"}, {"tag_name": "param", "text": "Run the Lua source code inlined as the <lua-script-str> at the log request\nprocessing phase. This does not replace the current access logs, but runs\nafter.", "types": ["Optional[String]"], "name": "log_by_lua"}, {"tag_name": "param", "text": "Equivalent to log_by_lua, except that the file specified by\n<path-to-lua-script-file> contains the Lua code, or, as from the v0.5.0rc32\nrelease, the Lua/LuaJIT bytecode to be executed.", "types": ["Optional[String]"], "name": "log_by_lua_file"}, {"tag_name": "param", "text": "Defines gzip_types, nginx default is text/html", "types": ["Optional[String]"], "name": "gzip_types"}, {"tag_name": "param", "text": "Defines gzip_static, nginx default is off", "types": ["Optional[String]"], "name": "gzip_static"}, {"tag_name": "param", "text": "Defines owner of the .conf file", "types": ["String"], "name": "owner"}, {"tag_name": "param", "text": "Defines group of the .conf file", "types": ["String"], "name": "group"}, {"tag_name": "param", "text": "Defines mode of the .conf file", "types": ["String"], "name": "mode"}, {"tag_name": "param", "text": "A boolean value to set a server in maintenance", "types": ["Boolean"], "name": "maintenance"}, {"tag_name": "param", "text": "Value to return when maintenance is on.", "types": ["String"], "name": "maintenance_value"}, {"tag_name": "param", "text": "Setup errors pages, hash key is the http code and hash value the page", "types": ["Any"], "name": "error_pages"}, {"tag_name": "param", "text": "Hash of location resources used by this server", "types": ["Hash"], "name": "locations"}, {"tag_name": "param", "text": "Hash of location default settings", "types": ["Hash"], "name": "locations_defaults"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "ssl_listen_option"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "ssl_cache"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "proxy_connect_timeout"}, {"tag_name": "param", "text": "", "types": ["Array[String]"], "name": "proxy_set_header"}, {"tag_name": "param", "text": "", "types": ["Array[String]"], "name": "proxy_hide_header"}, {"tag_name": "param", "text": "", "types": ["Array[String]"], "name": "proxy_pass_header"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "uwsgi"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "uwsgi_params"}, {"tag_name": "param", "text": "", "types": ["Optional[Hash]"], "name": "location_custom_cfg"}, {"tag_name": "param", "text": "", "types": ["Optional[Hash]"], "name": "location_cfg_prepend"}, {"tag_name": "param", "text": "", "types": ["Optional[Hash]"], "name": "location_cfg_append"}, {"tag_name": "param", "text": "", "types": ["Optional[Hash]"], "name": "location_custom_cfg_prepend"}, {"tag_name": "param", "text": "", "types": ["Optional[Hash]"], "name": "location_custom_cfg_append"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "format_log"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "use_default_location"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "rewrite_rules"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "string_mappings"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "geo_mappings"}, {"tag_name": "summary", "text": "Create a virtual host"}]}, "defaults": {"ensure": "'present'", "listen_ip": "'*'", "listen_port": "80", "listen_options": "undef", "listen_unix_socket_enable": "false", "listen_unix_socket": "'/var/run/nginx.sock'", "listen_unix_socket_options": "undef", "location_satisfy": "undef", "location_allow": "[]", "location_deny": "[]", "ipv6_enable": "false", "ipv6_listen_ip": "'::'", "ipv6_listen_port": "$listen_port", "ipv6_listen_options": "'default ipv6only=on'", "add_header": "{}", "ssl": "false", "ssl_listen_option": "true", "ssl_cert": "undef", "ssl_client_cert": "undef", "ssl_verify_client": "'on'", "ssl_dhparam": "undef", "ssl_ecdh_curve": "undef", "ssl_redirect": "false", "ssl_redirect_port": "undef", "ssl_key": "undef", "ssl_port": "443", "ssl_prefer_server_ciphers": "undef", "ssl_protocols": "undef", "ssl_buffer_size": "undef", "ssl_ciphers": "undef", "ssl_cache": "undef", "ssl_crl": "undef", "ssl_stapling": "false", "ssl_stapling_file": "undef", "ssl_stapling_responder": "undef", "ssl_stapling_verify": "false", "ssl_session_timeout": "undef", "ssl_session_tickets": "undef", "ssl_session_ticket_key": "undef", "ssl_trusted_cert": "undef", "ssl_verify_depth": "undef", "ssl_password_file": "undef", "spdy": "$nginx::spdy", "http2": "$nginx::http2", "proxy": "undef", "proxy_redirect": "undef", "proxy_read_timeout": "$nginx::proxy_read_timeout", "proxy_send_timeout": "$nginx::proxy_send_timeout", "proxy_connect_timeout": "$nginx::proxy_connect_timeout", "proxy_set_header": "$nginx::proxy_set_header", "proxy_hide_header": "$nginx::proxy_hide_header", "proxy_pass_header": "$nginx::proxy_pass_header", "proxy_cache": "undef", "proxy_cache_key": "undef", "proxy_cache_use_stale": "undef", "proxy_cache_valid": "undef", "proxy_cache_lock": "undef", "proxy_cache_bypass": "undef", "proxy_method": "undef", "proxy_http_version": "undef", "proxy_set_body": "undef", "proxy_buffering": "undef", "proxy_request_buffering": "undef", "proxy_max_temp_file_size": "undef", "proxy_busy_buffers_size": "undef", "resolver": "[]", "fastcgi": "undef", "fastcgi_index": "undef", "fastcgi_param": "undef", "fastcgi_params": "\"${nginx::conf_dir}/fastcgi.conf\"", "fastcgi_script": "undef", "uwsgi": "undef", "uwsgi_params": "\"${nginx::config::conf_dir}/uwsgi_params\"", "uwsgi_read_timeout": "undef", "index_files": "[\n 'index.html',\n 'index.htm',\n 'index.php',\n ]", "autoindex": "undef", "autoindex_exact_size": "undef", "autoindex_format": "undef", "autoindex_localtime": "undef", "reset_timedout_connection": "undef", "server_name": "[$name]", "www_root": "undef", "rewrite_www_to_non_www": "false", "rewrite_non_www_to_www": "false", "location_custom_cfg": "undef", "location_cfg_prepend": "undef", "location_cfg_append": "undef", "location_custom_cfg_prepend": "undef", "location_custom_cfg_append": "undef", "try_files": "undef", "absolute_redirect": "undef", "auth_basic": "undef", "auth_basic_user_file": "undef", "auth_request": "undef", "client_body_timeout": "undef", "client_header_timeout": "undef", "client_max_body_size": "undef", "raw_prepend": "undef", "raw_append": "undef", "location_raw_prepend": "undef", "location_raw_append": "undef", "server_cfg_prepend": "undef", "server_cfg_append": "undef", "server_cfg_ssl_prepend": "undef", "server_cfg_ssl_append": "undef", "include_files": "undef", "access_log": "undef", "error_log": "undef", "format_log": "$nginx::http_format_log", "passenger_cgi_param": "undef", "passenger_set_header": "undef", "passenger_env_var": "undef", "passenger_pre_start": "undef", "log_by_lua": "undef", "log_by_lua_file": "undef", "use_default_location": "true", "rewrite_rules": "[]", "string_mappings": "{}", "geo_mappings": "{}", "gzip_types": "undef", "gzip_static": "undef", "owner": "$nginx::global_owner", "group": "$nginx::global_group", "mode": "$nginx::global_mode", "maintenance": "false", "maintenance_value": "'return 503'", "error_pages": "undef", "locations": "{}", "locations_defaults": "{}"}, "source": "define nginx::resource::server (\n Enum['absent', 'present'] $ensure = 'present',\n Variant[Array, String] $listen_ip = '*',\n Stdlib::Port $listen_port = 80,\n Optional[String] $listen_options = undef,\n Boolean $listen_unix_socket_enable = false,\n Variant[Array[Stdlib::Absolutepath], Stdlib::Absolutepath] $listen_unix_socket = '/var/run/nginx.sock',\n Optional[String] $listen_unix_socket_options = undef,\n Optional[Enum['any', 'all']] $location_satisfy = undef,\n Array $location_allow = [],\n Array $location_deny = [],\n Boolean $ipv6_enable = false,\n Variant[Array, String] $ipv6_listen_ip = '::',\n Stdlib::Port $ipv6_listen_port = $listen_port,\n String $ipv6_listen_options = 'default ipv6only=on',\n Hash $add_header = {},\n Boolean $ssl = false,\n Boolean $ssl_listen_option = true,\n Optional[Variant[String, Boolean, Array[String]]] $ssl_cert = undef,\n Optional[String] $ssl_client_cert = undef,\n String $ssl_verify_client = 'on',\n Optional[String] $ssl_dhparam = undef,\n Optional[String] $ssl_ecdh_curve = undef,\n Boolean $ssl_redirect = false,\n Optional[Integer] $ssl_redirect_port = undef,\n Optional[Variant[String, Boolean, Array[String]]] $ssl_key = undef,\n Integer $ssl_port = 443,\n Optional[Enum['on', 'off']] $ssl_prefer_server_ciphers = undef,\n Optional[String] $ssl_protocols = undef,\n Optional[String] $ssl_buffer_size = undef,\n Optional[String] $ssl_ciphers = undef,\n Optional[String] $ssl_cache = undef,\n Optional[String] $ssl_crl = undef,\n Boolean $ssl_stapling = false,\n Optional[String] $ssl_stapling_file = undef,\n Optional[String] $ssl_stapling_responder = undef,\n Boolean $ssl_stapling_verify = false,\n Optional[String] $ssl_session_timeout = undef,\n Optional[Enum['on', 'off']] $ssl_session_tickets = undef,\n Optional[String] $ssl_session_ticket_key = undef,\n Optional[String] $ssl_trusted_cert = undef,\n Optional[Integer] $ssl_verify_depth = undef,\n Optional[Stdlib::Absolutepath] $ssl_password_file = undef,\n Enum['on', 'off'] $spdy = $nginx::spdy,\n Enum['on', 'off'] $http2 = $nginx::http2,\n Optional[String] $proxy = undef,\n Optional[String] $proxy_redirect = undef,\n String $proxy_read_timeout = $nginx::proxy_read_timeout,\n String $proxy_send_timeout = $nginx::proxy_send_timeout,\n $proxy_connect_timeout = $nginx::proxy_connect_timeout,\n Array[String] $proxy_set_header = $nginx::proxy_set_header,\n Array[String] $proxy_hide_header = $nginx::proxy_hide_header,\n Array[String] $proxy_pass_header = $nginx::proxy_pass_header,\n Optional[String] $proxy_cache = undef,\n Optional[String] $proxy_cache_key = undef,\n Optional[String] $proxy_cache_use_stale = undef,\n Optional[Variant[Array[String], String]] $proxy_cache_valid = undef,\n Optional[Enum['on', 'off']] $proxy_cache_lock = undef,\n Optional[Variant[Array[String], String]] $proxy_cache_bypass = undef,\n Optional[String] $proxy_method = undef,\n Optional[String] $proxy_http_version = undef,\n Optional[String] $proxy_set_body = undef,\n Optional[String] $proxy_buffering = undef,\n Optional[String] $proxy_request_buffering = undef,\n Optional[Nginx::Size] $proxy_max_temp_file_size = undef,\n Optional[Nginx::Size] $proxy_busy_buffers_size = undef,\n Array $resolver = [],\n Optional[String] $fastcgi = undef,\n Optional[String] $fastcgi_index = undef,\n $fastcgi_param = undef,\n String $fastcgi_params = \"${nginx::conf_dir}/fastcgi.conf\",\n Optional[String] $fastcgi_script = undef,\n Optional[String] $uwsgi = undef,\n String $uwsgi_params = \"${nginx::config::conf_dir}/uwsgi_params\",\n Optional[String] $uwsgi_read_timeout = undef,\n Array $index_files = [\n 'index.html',\n 'index.htm',\n 'index.php',\n ],\n Optional[String] $autoindex = undef,\n Optional[Enum['on', 'off']] $autoindex_exact_size = undef,\n Optional[Enum['html', 'xml', 'json', 'jsonp']] $autoindex_format = undef,\n Optional[Enum['on', 'off']] $autoindex_localtime = undef,\n Optional[Enum['on', 'off']] $reset_timedout_connection = undef,\n Array[String] $server_name = [$name],\n Optional[String] $www_root = undef,\n Boolean $rewrite_www_to_non_www = false,\n Boolean $rewrite_non_www_to_www = false,\n Optional[Hash] $location_custom_cfg = undef,\n Optional[Hash] $location_cfg_prepend = undef,\n Optional[Hash] $location_cfg_append = undef,\n Optional[Hash] $location_custom_cfg_prepend = undef,\n Optional[Hash] $location_custom_cfg_append = undef,\n Optional[Array[String]] $try_files = undef,\n Optional[Enum['on', 'off']] $absolute_redirect = undef,\n Optional[String] $auth_basic = undef,\n Optional[String] $auth_basic_user_file = undef,\n Optional[String] $auth_request = undef,\n Optional[String] $client_body_timeout = undef,\n Optional[String] $client_header_timeout = undef,\n $client_max_body_size = undef,\n Optional[Variant[Array[String], String]] $raw_prepend = undef,\n Optional[Variant[Array[String], String]] $raw_append = undef,\n Optional[Variant[Array[String], String]] $location_raw_prepend = undef,\n Optional[Variant[Array[String], String]] $location_raw_append = undef,\n Optional[Hash] $server_cfg_prepend = undef,\n Optional[Hash] $server_cfg_append = undef,\n Optional[Hash] $server_cfg_ssl_prepend = undef,\n Optional[Hash] $server_cfg_ssl_append = undef,\n Optional[Array[String]] $include_files = undef,\n Optional[Variant[String, Array]] $access_log = undef,\n Optional[Variant[String, Array]] $error_log = undef,\n Optional[String] $format_log = $nginx::http_format_log,\n Optional[Hash] $passenger_cgi_param = undef,\n Optional[Hash] $passenger_set_header = undef,\n Optional[Hash] $passenger_env_var = undef,\n Optional[Variant[Array[String], String]] $passenger_pre_start = undef,\n Optional[String] $log_by_lua = undef,\n Optional[String] $log_by_lua_file = undef,\n $use_default_location = true,\n $rewrite_rules = [],\n $string_mappings = {},\n $geo_mappings = {},\n Optional[String] $gzip_types = undef,\n Optional[String] $gzip_static = undef,\n String $owner = $nginx::global_owner,\n String $group = $nginx::global_group,\n String $mode = $nginx::global_mode,\n Boolean $maintenance = false,\n String $maintenance_value = 'return 503',\n $error_pages = undef,\n Hash $locations = {},\n Hash $locations_defaults = {},\n) {\n if ! defined(Class['nginx']) {\n fail('You must include the nginx base class before using any defined resources')\n }\n\n if $rewrite_www_to_non_www == true and $rewrite_non_www_to_www == true {\n fail('You must not set both $rewrite_www_to_non_www and $rewrite_non_www_to_www to true')\n }\n\n # Variables\n if $nginx::confd_only {\n $server_dir = \"${nginx::conf_dir}/conf.d\"\n } else {\n $server_dir = \"${nginx::conf_dir}/sites-available\"\n $server_enable_dir = \"${nginx::conf_dir}/sites-enabled\"\n $server_symlink_ensure = $ensure ? {\n 'absent' => absent,\n default => 'link',\n }\n }\n\n $name_sanitized = regsubst($name, ' ', '_', 'G')\n $config_file = \"${server_dir}/${name_sanitized}.conf\"\n\n File {\n ensure => $ensure ? {\n 'absent' => absent,\n default => 'file',\n },\n notify => Class['nginx::service'],\n owner => $owner,\n group => $group,\n mode => $mode,\n }\n\n # Add IPv6 Logic Check - Nginx service will not start if ipv6 is enabled\n # and support does not exist for it in the kernel.\n if $ipv6_enable and !$ipv6_listen_ip {\n warning('nginx: IPv6 support is not enabled or configured properly')\n }\n\n # Check to see if SSL Certificates are properly defined.\n if $ssl {\n if $ssl_cert == undef {\n fail('nginx: ssl_cert must be set to false or to a fully qualified path')\n }\n if $ssl_key == undef {\n fail('nginx: ssl_key must be set to false or to a fully qualified path')\n }\n }\n\n # Try to error in the case where the user sets ssl_port == listen_port but\n # doesn't set ssl = true\n if !$ssl and $ssl_port == $listen_port {\n warning('nginx: ssl must be true if listen_port is the same as ssl_port')\n }\n\n concat { $config_file:\n ensure => $ensure,\n owner => $owner,\n group => $group,\n mode => $mode,\n notify => Class['nginx::service'],\n require => File[$server_dir],\n tag => 'nginx_config_file',\n }\n\n # This deals with a situation where the listen directive for SSL doesn't match\n # the port we want to force the SSL redirect to.\n if $ssl_redirect_port {\n $_ssl_redirect_port = $ssl_redirect_port\n } elsif $ssl_port {\n $_ssl_redirect_port = $ssl_port\n }\n\n # Suppress unneeded stuff in non-SSL location block when certain conditions are\n # met.\n $ssl_only = ($ssl and $ssl_port == $listen_port) or $ssl_redirect\n\n # If we're redirecting to SSL, the default location block is useless, *unless*\n # SSL is enabled for this server\n # either and ssl -> true\n # ssl redirect and no ssl -> false\n if (!$ssl_redirect or $ssl) and $use_default_location {\n # Create the default location reference for the server\n nginx::resource::location { \"${name_sanitized}-default\":\n ensure => $ensure,\n server => $name_sanitized,\n ssl => $ssl,\n ssl_only => $ssl_only,\n location => '/',\n location_satisfy => $location_satisfy,\n location_allow => $location_allow,\n location_deny => $location_deny,\n proxy => $proxy,\n proxy_redirect => $proxy_redirect,\n proxy_read_timeout => $proxy_read_timeout,\n proxy_send_timeout => $proxy_send_timeout,\n proxy_connect_timeout => $proxy_connect_timeout,\n proxy_cache => $proxy_cache,\n proxy_cache_key => $proxy_cache_key,\n proxy_cache_use_stale => $proxy_cache_use_stale,\n proxy_cache_valid => $proxy_cache_valid,\n proxy_method => $proxy_method,\n proxy_http_version => $proxy_http_version,\n proxy_set_header => $proxy_set_header,\n proxy_hide_header => $proxy_hide_header,\n proxy_pass_header => $proxy_pass_header,\n proxy_cache_lock => $proxy_cache_lock,\n proxy_set_body => $proxy_set_body,\n proxy_cache_bypass => $proxy_cache_bypass,\n proxy_buffering => $proxy_buffering,\n proxy_request_buffering => $proxy_request_buffering,\n proxy_busy_buffers_size => $proxy_busy_buffers_size,\n proxy_max_temp_file_size => $proxy_max_temp_file_size,\n fastcgi => $fastcgi,\n fastcgi_index => $fastcgi_index,\n fastcgi_param => $fastcgi_param,\n fastcgi_params => $fastcgi_params,\n fastcgi_script => $fastcgi_script,\n uwsgi => $uwsgi,\n uwsgi_params => $uwsgi_params,\n uwsgi_read_timeout => $uwsgi_read_timeout,\n try_files => $try_files,\n www_root => $www_root,\n autoindex => $autoindex,\n autoindex_exact_size => $autoindex_exact_size,\n autoindex_format => $autoindex_format,\n autoindex_localtime => $autoindex_localtime,\n index_files => $index_files,\n location_custom_cfg => $location_custom_cfg,\n location_cfg_prepend => $location_cfg_prepend,\n location_cfg_append => $location_cfg_append,\n location_custom_cfg_prepend => $location_custom_cfg_prepend,\n location_custom_cfg_append => $location_custom_cfg_append,\n rewrite_rules => $rewrite_rules,\n raw_prepend => $location_raw_prepend,\n raw_append => $location_raw_append,\n notify => Class['nginx::service'],\n }\n $root = undef\n } else {\n $root = $www_root\n }\n\n # Only try to manage these files if they're the default one (as you presumably\n # usually don't want the default template if you're using a custom file.\n\n if $fastcgi != undef and !defined(File[$fastcgi_params]) and $fastcgi_params == \"${nginx::conf_dir}/fastcgi.conf\" {\n file { $fastcgi_params:\n ensure => file,\n mode => $nginx::global_mode,\n content => template($nginx::fastcgi_conf_template),\n }\n }\n\n if $uwsgi != undef and !defined(File[$uwsgi_params]) and $uwsgi_params == \"${nginx::conf_dir}/uwsgi_params\" {\n file { $uwsgi_params:\n ensure => file,\n mode => $nginx::global_mode,\n content => template($nginx::uwsgi_params_template),\n }\n }\n\n if $listen_port != $ssl_port {\n concat::fragment { \"${name_sanitized}-header\":\n target => $config_file,\n content => template('nginx/server/server_header.erb'),\n order => '001',\n }\n\n # Create a proper file close stub.\n concat::fragment { \"${name_sanitized}-footer\":\n target => $config_file,\n content => template('nginx/server/server_footer.erb'),\n order => '699',\n }\n }\n\n # Create SSL File Stubs if SSL is enabled\n if $ssl {\n # Access and error logs are named differently in ssl template\n\n if $ssl_key {\n $ssl_key_real = $ssl_key.flatten\n $ssl_key_real.each | $key | {\n File <| title == $key or path == $key |> -> Concat::Fragment[\"${name_sanitized}-ssl-header\"]\n }\n }\n if $ssl_cert {\n $ssl_cert_real = $ssl_cert.flatten\n $ssl_cert_real.each | $cert | {\n File <| title == $cert or path == $cert |> -> Concat::Fragment[\"${name_sanitized}-ssl-header\"]\n }\n }\n concat::fragment { \"${name_sanitized}-ssl-header\":\n target => $config_file,\n content => template('nginx/server/server_ssl_header.erb'),\n order => '700',\n }\n concat::fragment { \"${name_sanitized}-ssl-footer\":\n target => $config_file,\n content => template('nginx/server/server_ssl_footer.erb'),\n order => '999',\n }\n }\n\n unless $nginx::confd_only {\n file { \"${name_sanitized}.conf symlink\":\n ensure => $server_symlink_ensure,\n path => \"${server_enable_dir}/${name_sanitized}.conf\",\n target => $config_file,\n require => [File[$server_dir], Concat[$config_file]],\n notify => Class['nginx::service'],\n }\n }\n\n create_resources('::nginx::resource::map', $string_mappings)\n create_resources('::nginx::resource::geo', $geo_mappings)\n create_resources('::nginx::resource::location', $locations, {\n ensure => $ensure,\n server => $name_sanitized,\n ssl => $ssl,\n ssl_only => $ssl_only,\n www_root => $www_root,\n } + $locations_defaults)\n}"}, {"name": "nginx::resource::snippet", "file": "manifests/resource/snippet.pp", "line": 14, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Enables or disables the specified snippet", "types": ["Enum['absent', 'present']"], "name": "ensure"}, {"tag_name": "param", "text": "Defines owner of the .conf file", "types": ["String"], "name": "owner"}, {"tag_name": "param", "text": "Defines group of the .conf file", "types": ["String"], "name": "group"}, {"tag_name": "param", "text": "Defines mode of the .conf file", "types": ["Stdlib::Filemode"], "name": "mode"}, {"tag_name": "param", "text": "Raw content that will be inserted into the snipped as-is", "types": ["String[1]"], "name": "raw_content"}, {"tag_name": "summary", "text": "Create a reusable config snippet that can be included by other resources"}]}, "defaults": {"ensure": "'present'", "owner": "$nginx::global_owner", "group": "$nginx::global_group", "mode": "$nginx::global_mode"}, "source": "define nginx::resource::snippet (\n String[1] $raw_content,\n Enum['absent', 'present'] $ensure = 'present',\n String $owner = $nginx::global_owner,\n String $group = $nginx::global_group,\n Stdlib::Filemode $mode = $nginx::global_mode,\n) {\n if ! defined(Class['nginx']) {\n fail('You must include the nginx base class before using any defined resources')\n }\n\n $name_sanitized = regsubst($name, ' ', '_', 'G')\n $config_file = \"${nginx::snippets_dir}/${name_sanitized}.conf\"\n\n concat { $config_file:\n ensure => $ensure,\n owner => $owner,\n group => $group,\n mode => $mode,\n notify => Class['nginx::service'],\n require => File[$nginx::snippets_dir],\n tag => 'nginx_config_file',\n }\n\n concat::fragment { \"snippet-${name_sanitized}-header\":\n target => $config_file,\n content => epp(\"${module_name}/snippet/snippet_header.epp\", { 'raw_content' => $raw_content }),\n order => '001',\n }\n}"}, {"name": "nginx::resource::streamhost", "file": "manifests/resource/streamhost.pp", "line": 52, "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "nginx::resource::streamhost { 'test2.local':\n ensure => present,\n}", "name": ""}, {"tag_name": "param", "text": "Enables or disables the specified streamhost", "types": ["Enum['absent', 'present']"], "name": "ensure"}, {"tag_name": "param", "text": "Default IP Address for NGINX to listen with this streamhost on. Defaults to\nall interfaces (*)", "types": ["Variant[Array, String]"], "name": "listen_ip"}, {"tag_name": "param", "text": "Default TCP Port for NGINX to listen with this streamhost on.", "types": ["Integer"], "name": "listen_port"}, {"tag_name": "param", "text": "Extra options for listen directive like 'default' to catchall.", "types": ["Optional[String]"], "name": "listen_options"}, {"tag_name": "param", "text": "Value to enable/disable IPv6 support Module will check to see if IPv6\nsupport exists on your system before enabling.", "types": ["Boolean"], "name": "ipv6_enable"}, {"tag_name": "param", "text": "Default IPv6 Address for NGINX to listen with this streamhost on. Defaults\nto all interfaces (::)", "types": ["Variant[Array, String]"], "name": "ipv6_listen_ip"}, {"tag_name": "param", "text": "Default IPv6 Port for NGINX to listen with this streamhost on.", "types": ["Integer"], "name": "ipv6_listen_port"}, {"tag_name": "param", "text": "Extra options for listen directive like 'default' to catchall. Template\nwill allways add ipv6only=on. While issue jfryman/puppet-nginx#30 is\ndiscussed, default value is 'default'.", "types": ["String"], "name": "ipv6_listen_options"}, {"tag_name": "param", "text": "Proxy server(s) for the root location to connect to. Accepts a single\nvalue, can be used in conjunction with nginx::resource::upstream", "types": ["Any"], "name": "proxy"}, {"tag_name": "param", "text": "Override the default the proxy read timeout value of 90 seconds", "types": ["String"], "name": "proxy_read_timeout"}, {"tag_name": "param", "text": "Configures name servers used to resolve names of upstream servers into\naddresses.", "types": ["Array"], "name": "resolver"}, {"tag_name": "param", "text": "A single string, or an array of strings to prepend to the server directive\n(after cfg prepend directives). NOTE: YOU are responsible for a semicolon\non each line that requires one.", "types": ["Variant[Array[String], String]"], "name": "raw_prepend"}, {"tag_name": "param", "text": "A single string, or an array of strings to append to the server directive\n(after cfg append directives). NOTE: YOU are responsible for a semicolon on\neach line that requires one.", "types": ["Variant[Array[String], String]"], "name": "raw_append"}, {"tag_name": "param", "text": "Defines owner of the .conf file", "types": ["String"], "name": "owner"}, {"tag_name": "param", "text": "Defines group of the .conf file", "types": ["String"], "name": "group"}, {"tag_name": "param", "text": "Defines mode of the .conf file Default to return 503", "types": ["String"], "name": "mode"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "proxy_connect_timeout"}, {"tag_name": "summary", "text": "Create a virtual steamhost"}]}, "defaults": {"ensure": "'present'", "listen_ip": "'*'", "listen_port": "80", "listen_options": "undef", "ipv6_enable": "false", "ipv6_listen_ip": "'::'", "ipv6_listen_port": "$listen_port", "ipv6_listen_options": "'default ipv6only=on'", "proxy": "undef", "proxy_read_timeout": "$nginx::proxy_read_timeout", "proxy_connect_timeout": "$nginx::proxy_connect_timeout", "resolver": "[]", "raw_prepend": "[]", "raw_append": "[]", "owner": "$nginx::global_owner", "group": "$nginx::global_group", "mode": "$nginx::global_mode"}, "source": "define nginx::resource::streamhost (\n Enum['absent', 'present'] $ensure = 'present',\n Variant[Array, String] $listen_ip = '*',\n Integer $listen_port = 80,\n Optional[String] $listen_options = undef,\n Boolean $ipv6_enable = false,\n Variant[Array, String] $ipv6_listen_ip = '::',\n Integer $ipv6_listen_port = $listen_port,\n String $ipv6_listen_options = 'default ipv6only=on',\n $proxy = undef,\n String $proxy_read_timeout = $nginx::proxy_read_timeout,\n $proxy_connect_timeout = $nginx::proxy_connect_timeout,\n Array $resolver = [],\n Variant[Array[String], String] $raw_prepend = [],\n Variant[Array[String], String] $raw_append = [],\n String $owner = $nginx::global_owner,\n String $group = $nginx::global_group,\n String $mode = $nginx::global_mode,\n) {\n if ! defined(Class['nginx']) {\n fail('You must include the nginx base class before using any defined resources')\n }\n\n # Variables\n if $nginx::confd_only {\n $streamhost_dir = \"${nginx::conf_dir}/conf.stream.d\"\n } else {\n $streamhost_dir = \"${nginx::conf_dir}/streams-available\"\n $streamhost_enable_dir = \"${nginx::conf_dir}/streams-enabled\"\n $streamhost_symlink_ensure = $ensure ? {\n 'absent' => absent,\n default => 'link',\n }\n }\n\n $name_sanitized = regsubst($name, ' ', '_', 'G')\n $config_file = \"${streamhost_dir}/${name_sanitized}.conf\"\n\n # Add IPv6 Logic Check - Nginx service will not start if ipv6 is enabled\n # and support does not exist for it in the kernel.\n if $ipv6_enable and !$facts['networking']['ip6'] {\n warning('nginx: IPv6 support is not enabled or configured properly')\n }\n\n concat { $config_file:\n ensure => $ensure,\n owner => $owner,\n group => $group,\n mode => $mode,\n notify => Class['nginx::service'],\n require => File[$streamhost_dir],\n tag => 'nginx_config_file',\n }\n\n concat::fragment { \"${name_sanitized}-header\":\n target => $config_file,\n content => template('nginx/streamhost/streamhost.erb'),\n order => '001',\n }\n\n unless $nginx::confd_only {\n file { \"${name_sanitized}.conf symlink\":\n ensure => $streamhost_symlink_ensure,\n path => \"${streamhost_enable_dir}/${name_sanitized}.conf\",\n target => $config_file,\n owner => $owner,\n group => $group,\n mode => $mode,\n require => Concat[$config_file],\n notify => Class['nginx::service'],\n }\n }\n}"}, {"name": "nginx::resource::upstream", "file": "manifests/resource/upstream.pp", "line": 105, "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "nginx::resource::upstream { 'proxypass':\n ensure => present,\n members => {\n 'localhost:3001' => {\n server => 'localhost',\n port => 3001,\n },\n 'localhost:3002' => {\n server => 'localhost',\n port => 3002,\n },\n 'localhost:3003' => {\n server => 'localhost',\n port => 3003,\n },\n },\n}", "name": ""}, {"tag_name": "example", "text": "nginx::resource::upstream { 'proxypass':\n ensure => present,\n members => {\n 'localhost:3001' => {\n server => 'localhost',\n port => 3001,\n },\n 'localhost:3002' => {\n server => 'localhost',\n port => 3002,\n },\n 'localhost:3003' => {\n server => 'localhost',\n port => 3003,\n },\n },\n ip_hash => true,\n keepalive => 20,\n}", "name": "Custom config example to use ip_hash, and 20 keepalive connections create a hash with any extra custom config you want."}, {"tag_name": "param", "text": "Enables or disables the specified location", "types": ["Enum['present', 'absent']"], "name": "ensure"}, {"tag_name": "param", "text": "Set the type of this upstream.", "types": ["Enum['http', 'stream']"], "name": "context"}, {"tag_name": "param", "text": "Hash of member URIs for NGINX to connect to. Must follow valid NGINX\nsyntax. If omitted, individual members should be defined with\nnginx::resource::upstream::member", "types": ["Nginx::UpstreamMembers"], "name": "members"}, {"tag_name": "param", "text": "Restrict collecting the exported members for this upstream with a tag.", "types": ["Optional[String[1]]"], "name": "members_tag"}, {"tag_name": "param", "text": "Specify default settings added to each member of this upstream.", "types": ["Nginx::UpstreamMemberDefaults"], "name": "member_defaults"}, {"tag_name": "param", "text": "Activate the hash load balancing method\n(https://nginx.org/en/docs/http/ngx_http_upstream_module.html#hash).", "types": ["Optional[String[1]]"], "name": "hash"}, {"tag_name": "param", "text": "Activate ip_hash for this upstream\n(https://nginx.org/en/docs/http/ngx_http_upstream_module.html#ip_hash).", "types": ["Boolean"], "name": "ip_hash"}, {"tag_name": "param", "text": "Set the maximum number of idle keepalive connections\n(https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive).", "types": ["Optional[Integer[1]]"], "name": "keepalive"}, {"tag_name": "param", "text": "Sets the maximum number of requests that can be served through one\nkeepalive connection\n(https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_requests).", "types": ["Optional[Integer[1]]"], "name": "keepalive_requests"}, {"tag_name": "param", "text": "Sets a timeout during which an idle keepalive connection to an upstream\nserver will stay open\n(https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_timeout).", "types": ["Optional[Nginx::Time]"], "name": "keepalive_timeout"}, {"tag_name": "param", "text": "Activate the least_conn load balancing method\n(https://nginx.org/en/docs/http/ngx_http_upstream_module.html#least_conn).", "types": ["Boolean"], "name": "least_conn"}, {"tag_name": "param", "text": "Activate the least_time load balancing method\n(https://nginx.org/en/docs/http/ngx_http_upstream_module.html#least_time).", "types": ["Optional[Nginx::UpstreamLeastTime]"], "name": "least_time"}, {"tag_name": "param", "text": "Allow NTLM authentication\n(https://nginx.org/en/docs/http/ngx_http_upstream_module.html#ntlm).", "types": ["Boolean"], "name": "ntlm"}, {"tag_name": "param", "text": "Set the maximum number of queued requests\n(https://nginx.org/en/docs/http/ngx_http_upstream_module.html#queue).", "types": ["Optional[Integer]"], "name": "queue_max"}, {"tag_name": "param", "text": "Set the timeout for the queue\n(https://nginx.org/en/docs/http/ngx_http_upstream_module.html#queue).", "types": ["Optional[Nginx::Time]"], "name": "queue_timeout"}, {"tag_name": "param", "text": "Activate the random load balancing method\n(https://nginx.org/en/docs/http/ngx_http_upstream_module.html#random).", "types": ["Optional[String[1]]"], "name": "random"}, {"tag_name": "param", "text": "Specifies a file that keeps the state of the dynamically configurable group\n(https://nginx.org/en/docs/http/ngx_http_upstream_module.html#state).", "types": ["Optional[Stdlib::Unixpath]"], "name": "statefile"}, {"tag_name": "param", "text": "Enables session affinity\n(https://nginx.org/en/docs/http/ngx_http_upstream_module.html#sticky).", "types": ["Optional[Nginx::UpstreamSticky]"], "name": "sticky"}, {"tag_name": "param", "text": "Defines the name and optional the size of the shared memory zone\n(https://nginx.org/en/docs/http/ngx_http_upstream_module.html#zone).", "types": ["Optional[Nginx::UpstreamZone]"], "name": "zone"}, {"tag_name": "param", "text": "Hash of custom directives to put after other directives in upstream", "types": ["Nginx::UpstreamCustomParameters"], "name": "cfg_append"}, {"tag_name": "param", "text": "It expects a hash with custom directives to put before anything else inside\nupstream", "types": ["Nginx::UpstreamCustomParameters"], "name": "cfg_prepend"}, {"tag_name": "summary", "text": "Create a new upstream proxy entry for NGINX"}]}, "defaults": {"ensure": "'present'", "context": "'http'", "members": "{}", "members_tag": "undef", "member_defaults": "{}", "hash": "undef", "ip_hash": "false", "keepalive": "undef", "keepalive_requests": "undef", "keepalive_timeout": "undef", "least_conn": "false", "least_time": "undef", "ntlm": "false", "queue_max": "undef", "queue_timeout": "undef", "random": "undef", "statefile": "undef", "sticky": "undef", "zone": "undef", "cfg_append": "{}", "cfg_prepend": "{}"}, "source": "define nginx::resource::upstream (\n Enum['present', 'absent'] $ensure = 'present',\n Enum['http', 'stream'] $context = 'http',\n Nginx::UpstreamMembers $members = {},\n Optional[String[1]] $members_tag = undef,\n Nginx::UpstreamMemberDefaults $member_defaults = {},\n Optional[String[1]] $hash = undef,\n Boolean $ip_hash = false,\n Optional[Integer[1]] $keepalive = undef,\n Optional[Integer[1]] $keepalive_requests = undef,\n Optional[Nginx::Time] $keepalive_timeout = undef,\n Boolean $least_conn = false,\n Optional[Nginx::UpstreamLeastTime] $least_time = undef,\n Boolean $ntlm = false,\n Optional[Integer] $queue_max = undef,\n Optional[Nginx::Time] $queue_timeout = undef,\n Optional[String[1]] $random = undef,\n Optional[Stdlib::Unixpath] $statefile = undef,\n Optional[Nginx::UpstreamSticky] $sticky = undef,\n Optional[Nginx::UpstreamZone] $zone = undef,\n Nginx::UpstreamCustomParameters $cfg_append = {},\n Nginx::UpstreamCustomParameters $cfg_prepend = {},\n) {\n if ! defined(Class['nginx']) {\n fail('You must include the nginx base class before using any defined resources')\n }\n\n if $least_time {\n if $context == 'http' and ! ($least_time =~ Nginx::UpstreamLeastTimeHttp) {\n fail('The parameter \"least_time\" does not match the datatype \"Nginx::UpstreamLeastTimeHttp\"')\n }\n if $context == 'stream' and ! ($least_time =~ Nginx::UpstreamLeastTimeStream) {\n fail('The parameter \"least_time\" does not match the datatype \"Nginx::UpstreamLeastTimeStream\"')\n }\n }\n\n $conf_dir = $context ? {\n 'stream' => \"${nginx::config::conf_dir}/conf.stream.d\",\n default => \"${nginx::config::conf_dir}/conf.d\",\n }\n\n Concat {\n owner => 'root',\n group => $nginx::root_group,\n mode => $nginx::global_mode,\n }\n\n concat { \"${conf_dir}/${name}-upstream.conf\":\n ensure => $ensure,\n notify => Class['nginx::service'],\n require => File[$conf_dir],\n tag => 'nginx_config_file',\n }\n\n concat::fragment { \"${name}_upstream_header\":\n target => \"${conf_dir}/${name}-upstream.conf\",\n order => '10',\n content => epp('nginx/upstream/upstream_header.epp', {\n cfg_prepend => $cfg_prepend,\n name => $name,\n }),\n }\n\n if ! empty($members) {\n $members.each |$member,$values| {\n $member_values = merge($member_defaults,$values,{ 'upstream' => $name,'context' => $context })\n\n if $context == 'stream' and $member_values['route'] {\n fail('The parameter \"route\" is not available for upstreams with context \"stream\"')\n }\n if $context == 'stream' and $member_values['state'] and $member_values['state'] == 'drain' {\n fail('The state \"drain\" is not available for upstreams with context \"stream\"')\n }\n\n nginx::resource::upstream::member { $member:\n * => $member_values,\n }\n }\n } else {\n # Collect exported members:\n if $members_tag {\n Nginx::Resource::Upstream::Member <<| upstream == $name and tag == $members_tag |>>\n } else {\n Nginx::Resource::Upstream::Member <<| upstream == $name |>>\n }\n }\n\n concat::fragment { \"${name}_upstream_footer\":\n target => \"${conf_dir}/${name}-upstream.conf\",\n order => '90',\n content => epp('nginx/upstream/upstream_footer.epp', {\n cfg_append => $cfg_append,\n hash => $hash,\n ip_hash => $ip_hash,\n keepalive => $keepalive,\n keepalive_requests => $keepalive_requests,\n keepalive_timeout => $keepalive_timeout,\n least_conn => $least_conn,\n least_time => $least_time,\n ntlm => $ntlm,\n queue_max => $queue_max,\n queue_timeout => $queue_timeout,\n random => $random,\n statefile => $statefile,\n sticky => $sticky,\n zone => $zone,\n }),\n }\n}"}, {"name": "nginx::resource::upstream::member", "file": "manifests/resource/upstream/member.pp", "line": 57, "docstring": {"text": "Export this resource in all upstream member servers and collect them on the\nNGINX server. Exporting resources requires storeconfigs on the Puppetserver\nto export and collect resources", "tags": [{"tag_name": "example", "text": "@@nginx::resource::upstream::member { $trusted['certname']:\n ensure => present,\n upstream => 'proxypass',\n server => $facts['networking']['ip'],\n port => 3000,\n}", "name": "Exporting the resource on a upstream member server:"}, {"tag_name": "example", "text": "nginx::resource::upstream { 'proxypass':\n ensure => present,\n}", "name": "Collecting the resource on the NGINX server:"}, {"tag_name": "param", "text": "The name of the upstream resource", "types": ["String[1]"], "name": "upstream"}, {"tag_name": "param", "text": "Enables or disables the specified member", "types": ["Enum['present', 'absent']"], "name": "ensure"}, {"tag_name": "param", "text": "Set the type of this upstream", "types": ["Enum['http', 'stream']"], "name": "context"}, {"tag_name": "param", "text": "Hostname or IP of the upstream member server", "types": ["Optional[Nginx::UpstreamMemberServer]"], "name": "server"}, {"tag_name": "param", "text": "Port of the listening service on the upstream member", "types": ["Stdlib::Port"], "name": "port"}, {"tag_name": "param", "text": "Set the weight for this upstream member", "types": ["Optional[Integer[1]]"], "name": "weight"}, {"tag_name": "param", "text": "Set the max_conns for this upstream member", "types": ["Optional[Integer[1]]"], "name": "max_conns"}, {"tag_name": "param", "text": "Set the max_fails for this upstream member", "types": ["Optional[Integer[0]]"], "name": "max_fails"}, {"tag_name": "param", "text": "Set the fail_timeout for this upstream member", "types": ["Optional[Nginx::Time]"], "name": "fail_timeout"}, {"tag_name": "param", "text": "Activate backup for this upstream member", "types": ["Boolean"], "name": "backup"}, {"tag_name": "param", "text": "Activate resolve for this upstream member", "types": ["Boolean"], "name": "resolve"}, {"tag_name": "param", "text": "Set the route for this upstream member", "types": ["Optional[String[1]]"], "name": "route"}, {"tag_name": "param", "text": "Set the service for this upstream member", "types": ["Optional[String[1]]"], "name": "service"}, {"tag_name": "param", "text": "Set the slow_start for this upstream member", "types": ["Optional[Nginx::Time]"], "name": "slow_start"}, {"tag_name": "param", "text": "Set the state for this upstream member", "types": ["Optional[Enum['drain','down']]"], "name": "state"}, {"tag_name": "param", "text": "prepend a parameter for this upstream member", "types": ["Optional[String[1]]"], "name": "params_prepend"}, {"tag_name": "param", "text": "append a paremeter for this upstream member", "types": ["Optional[String[1]]"], "name": "params_append"}, {"tag_name": "param", "text": "Add a comment for this upstream member", "types": ["Optional[String[1]]"], "name": "comment"}, {"tag_name": "summary", "text": "Create an upstream member inside the upstream block."}]}, "defaults": {"ensure": "'present'", "context": "'http'", "server": "$name", "port": "80", "weight": "undef", "max_conns": "undef", "max_fails": "undef", "fail_timeout": "undef", "backup": "false", "resolve": "false", "route": "undef", "service": "undef", "slow_start": "undef", "state": "undef", "params_prepend": "undef", "params_append": "undef", "comment": "undef"}, "source": "define nginx::resource::upstream::member (\n String[1] $upstream,\n Enum['present', 'absent'] $ensure = 'present',\n Enum['http', 'stream'] $context = 'http',\n Optional[Nginx::UpstreamMemberServer] $server = $name,\n Stdlib::Port $port = 80,\n Optional[Integer[1]] $weight = undef,\n Optional[Integer[1]] $max_conns = undef,\n Optional[Integer[0]] $max_fails = undef,\n Optional[Nginx::Time] $fail_timeout = undef,\n Boolean $backup = false,\n Boolean $resolve = false,\n Optional[String[1]] $route = undef,\n Optional[String[1]] $service = undef,\n Optional[Nginx::Time] $slow_start = undef,\n Optional[Enum['drain','down']] $state = undef,\n Optional[String[1]] $params_prepend = undef,\n Optional[String[1]] $params_append = undef,\n Optional[String[1]] $comment = undef,\n) {\n if ! defined(Class['nginx']) {\n fail('You must include the nginx base class before using any defined resources')\n }\n\n $conf_dir = $context ? {\n 'stream' => \"${nginx::config::conf_dir}/conf.stream.d\",\n default => \"${nginx::config::conf_dir}/conf.d\",\n }\n\n $_server = $server ? {\n Pattern[/^unix:\\/([^\\/\\0]+\\/*)*$/] => $server,\n Stdlib::IP::Address::V6 => \"[${server}]:${port}\", #lint:ignore:unquoted_string_in_selector\n default => \"${server}:${port}\",\n }\n\n concat::fragment { \"${upstream}_upstream_member_${name}\":\n target => \"${conf_dir}/${upstream}-upstream.conf\",\n order => 40,\n content => epp('nginx/upstream/upstream_member.epp', {\n server => $_server,\n backup => $backup,\n comment => $comment,\n fail_timeout => $fail_timeout,\n max_conns => $max_conns,\n max_fails => $max_fails,\n params_append => $params_append,\n params_prepend => $params_prepend,\n resolve => $resolve,\n route => $route,\n service => $service,\n slow_start => $slow_start,\n state => $state,\n weight => $weight,\n }),\n }\n}"}, {"name": "apache::balancer", "file": "manifests/balancer.pp", "line": 45, "docstring": {"text": "Each balancer cluster needs one or more balancer members (that can\nbe declared with the apache::balancermember defined resource type). Using\nstoreconfigs, you can export the apache::balancermember resources on all\nbalancer members, and then collect them on a single apache load balancer\nserver.", "tags": [{"tag_name": "example", "text": "apache::balancer { 'puppet00': }", "name": ""}, {"tag_name": "note", "text": "Currently requires the puppetlabs/concat module on the Puppet Forge and uses\nstoreconfigs on the Puppet Server to export/collect resources from all\nbalancer members."}, {"tag_name": "param", "text": "The namevar of the defined resource type is the balancer clusters name.<br />\nThis name is also used in the name of the conf.d file", "name": "name"}, {"tag_name": "param", "text": "Configures key-value pairs to be used as a ProxySet lines in the configuration.", "types": ["Any"], "name": "proxy_set"}, {"tag_name": "param", "text": "The path to the file the balancer definition will be written in.", "types": ["Any"], "name": "target"}, {"tag_name": "param", "text": "Determines whether to use exported resources.<br />\nIf you statically declare all of your backend servers, set this parameter to false to rely\non existing, declared balancer member resources. Also, use apache::balancermember with array\narguments.<br />\nTo dynamically declare backend servers via exported resources collected on a central node,\nset this parameter to true to collect the balancer member resources exported by the balancer\nmember nodes.<br />\nIf you don't use exported resources, a single Puppet run configures all balancer members. If\nyou use exported resources, Puppet has to run on the balanced nodes first, then run on the\nbalancer.", "types": ["Any"], "name": "collect_exported"}, {"tag_name": "param", "text": "Specifies an array of [options](https://httpd.apache.org/docs/current/mod/mod_proxy.html#balancermember)\nafter the balancer URL, and accepts any key-value pairs available to `ProxyPass`.", "types": ["Any"], "name": "options"}, {"tag_name": "summary", "text": "This type will create an apache balancer cluster file inside the conf.d\ndirectory."}]}, "defaults": {"proxy_set": "{}", "collect_exported": "true", "target": "undef", "options": "[]"}, "source": "define apache::balancer (\n $proxy_set = {},\n $collect_exported = true,\n $target = undef,\n $options = [],\n) {\n include apache::mod::proxy_balancer\n\n if versioncmp($apache::mod::proxy_balancer::apache_version, '2.4') >= 0 {\n $lbmethod = $proxy_set['lbmethod'] ? {\n undef => 'byrequests',\n default => $proxy_set['lbmethod'],\n }\n ensure_resource('apache::mod', \"lbmethod_${lbmethod}\", {\n 'loadfile_name' => \"proxy_balancer_lbmethod_${lbmethod}.load\"\n })\n }\n\n if $target {\n $_target = $target\n } else {\n $_target = \"${apache::confd_dir}/balancer_${name}.conf\"\n }\n\n if !empty($options) {\n $_options = \" ${join($options, ' ')}\"\n } else {\n $_options = ''\n }\n\n concat { \"apache_balancer_${name}\":\n owner => '0',\n group => '0',\n path => $_target,\n mode => $apache::file_mode,\n notify => Class['Apache::Service'],\n }\n\n concat::fragment { \"00-${name}-header\":\n target => \"apache_balancer_${name}\",\n order => '01',\n content => \"<Proxy balancer://${name}${_options}>\\n\",\n }\n\n if $collect_exported {\n Apache::Balancermember <<| balancer_cluster == $name |>>\n }\n # else: the resources have been created and they introduced their\n # concat fragments. We don't have to do anything about them.\n\n concat::fragment { \"01-${name}-proxyset\":\n target => \"apache_balancer_${name}\",\n order => '19',\n content => inline_template(\"<% @proxy_set.keys.sort.each do |key| %> Proxyset <%= key %>=<%= @proxy_set[key] %>\\n<% end %>\"),\n }\n\n concat::fragment { \"01-${name}-footer\":\n target => \"apache_balancer_${name}\",\n order => '20',\n content => \"</Proxy>\\n\",\n }\n}"}, {"name": "apache::balancermember", "file": "manifests/balancermember.pp", "line": 41, "docstring": {"text": "Sets up a balancer member inside a listening service configuration block in\nthe load balancer's `apache.cfg`.\n\nThis type will setup a balancer member inside a listening service\nconfiguration block in /etc/apache/apache.cfg on the load balancer.\nCurrently it only has the ability to specify the instance name, url and an\narray of options. More features can be added as needed. The best way to\nimplement this is to export this resource for all apache balancer member\nservers, and then collect them on the main apache load balancer.", "tags": [{"tag_name": "example", "text": "@@apache::balancermember { 'apache':\n balancer_cluster => 'puppet00',\n url => \"ajp://${::fqdn}:8009\"\n options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'],\n}", "name": ""}, {"tag_name": "note", "text": "Currently requires the puppetlabs/concat module on the Puppet Forge and\nuses storeconfigs on the Puppet Server to export/collect resources\nfrom all balancer members."}, {"tag_name": "param", "text": "The title of the resource is arbitrary and only utilized in the concat\nfragment name.", "name": "name"}, {"tag_name": "param", "text": "The apache service's instance name (or, the title of the apache::balancer\nresource). This must match up with a declared apache::balancer resource.", "types": ["Any"], "name": "balancer_cluster"}, {"tag_name": "param", "text": "The url used to contact the balancer member server.", "types": ["Any"], "name": "url"}, {"tag_name": "param", "text": "Specifies an array of [options](https://httpd.apache.org/docs/current/mod/mod_proxy.html#balancermember)\nafter the URL, and accepts any key-value pairs available to `ProxyPass`.", "types": ["Any"], "name": "options"}, {"tag_name": "summary", "text": "Defines members of `mod_proxy_balancer`"}]}, "defaults": {"url": "\"http://${::fqdn}/\"", "options": "[]"}, "source": "define apache::balancermember (\n $balancer_cluster,\n $url = \"http://${::fqdn}/\",\n $options = [],\n) {\n concat::fragment { \"BalancerMember ${name}\":\n target => \"apache_balancer_${balancer_cluster}\",\n content => inline_template(\" BalancerMember ${url} <%= @options.join ' ' %>\\n\"),\n }\n}"}, {"name": "apache::custom_config", "file": "manifests/custom_config.pp", "line": 51, "docstring": {"text": "If the file is invalid and this defined type's `verify_config` parameter's value is\n`true`, Puppet throws an error during a Puppet run.", "tags": [{"tag_name": "param", "text": "Specifies whether the configuration file should be present.", "types": ["Enum['absent', 'present']"], "name": "ensure"}, {"tag_name": "param", "text": "Sets the directory in which Puppet places configuration files.", "types": ["Any"], "name": "confdir"}, {"tag_name": "param", "text": "Sets the configuration file's content. The `content` and `source` parameters are exclusive\nof each other.", "types": ["Any"], "name": "content"}, {"tag_name": "param", "text": "Sets the name of the file under `confdir` in which Puppet stores the configuration.", "types": ["Any"], "name": "filename"}, {"tag_name": "param", "text": "Sets the configuration file's priority by prefixing its filename with this parameter's\nnumeric value, as Apache processes configuration files in alphanumeric order.<br />\nTo omit the priority prefix in the configuration file's name, set this parameter to `false`.", "types": ["Any"], "name": "priority"}, {"tag_name": "param", "text": "Points to the configuration file's source. The `content` and `source` parameters are\nexclusive of each other.", "types": ["Any"], "name": "source"}, {"tag_name": "param", "text": "Specifies the command Puppet uses to verify the configuration file. Use a fully qualified\ncommand.<br />\nThis parameter is used only if the `verify_config` parameter's value is `true`. If the\n`verify_command` fails, the Puppet run deletes the configuration file and raises an error,\nbut does not notify the Apache service.", "types": ["Any"], "name": "verify_command"}, {"tag_name": "param", "text": "Specifies whether to validate the configuration file before notifying the Apache service.", "types": ["Boolean"], "name": "verify_config"}, {"tag_name": "param", "text": "File owner of configuration file", "types": ["Any"], "name": "owner"}, {"tag_name": "param", "text": "File group of configuration file", "types": ["Any"], "name": "group"}, {"tag_name": "param", "text": "File mode of configuration file", "types": ["Any"], "name": "file_mode"}, {"tag_name": "param", "text": "show_diff property for configuration file resource", "types": ["Boolean"], "name": "show_diff"}, {"tag_name": "summary", "text": "Adds a custom configuration file to the Apache server's `conf.d` directory."}]}, "defaults": {"ensure": "'present'", "confdir": "$apache::confd_dir", "content": "undef", "priority": "'25'", "source": "undef", "verify_command": "$apache::params::verify_command", "verify_config": "true", "filename": "undef", "owner": "undef", "group": "undef", "file_mode": "undef", "show_diff": "true"}, "source": "define apache::custom_config (\n Enum['absent', 'present'] $ensure = 'present',\n $confdir = $apache::confd_dir,\n $content = undef,\n $priority = '25',\n $source = undef,\n $verify_command = $apache::params::verify_command,\n Boolean $verify_config = true,\n $filename = undef,\n $owner = undef,\n $group = undef,\n $file_mode = undef,\n Boolean $show_diff = true,\n) {\n if $content and $source {\n fail('Only one of $content and $source can be specified.')\n }\n\n if $ensure == 'present' and ! $content and ! $source {\n fail('One of $content and $source must be specified.')\n }\n\n if $filename {\n $_filename = $filename\n } else {\n if $priority {\n $priority_prefix = \"${priority}-\"\n } else {\n $priority_prefix = ''\n }\n\n ## Apache include does not always work with spaces in the filename\n $filename_middle = regsubst($name, ' ', '_', 'G')\n $_filename = \"${priority_prefix}${filename_middle}.conf\"\n }\n\n if ! $verify_config or $ensure == 'absent' {\n $notifies = Class['Apache::Service']\n } else {\n $notifies = undef\n }\n\n $_file_mode = pick($file_mode, $apache::file_mode)\n\n file { \"apache_${name}\":\n ensure => $ensure,\n path => \"${confdir}/${_filename}\",\n owner => $owner,\n group => $group,\n mode => $_file_mode,\n content => $content,\n source => $source,\n show_diff => $show_diff,\n require => Package['httpd'],\n notify => $notifies,\n }\n\n if $ensure == 'present' and $verify_config {\n exec { \"syntax verification for ${name}\":\n command => $verify_command,\n subscribe => File[\"apache_${name}\"],\n refreshonly => true,\n notify => Class['Apache::Service'],\n before => Exec[\"remove ${name} if invalid\"],\n require => Anchor['::apache::modules_set_up'],\n }\n\n exec { \"remove ${name} if invalid\":\n command => \"/bin/rm ${confdir}/${_filename}\",\n unless => $verify_command,\n subscribe => File[\"apache_${name}\"],\n refreshonly => true,\n }\n }\n}"}, {"name": "apache::default_mods::load", "file": "manifests/default_mods/load.pp", "line": 5, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "module"}, {"tag_name": "summary", "text": "Helper used by `apache::default_mods`"}]}, "defaults": {"module": "$title"}, "source": "define apache::default_mods::load ($module = $title) {\n if defined(\"apache::mod::${module}\") {\n include \"::apache::mod::${module}\"\n } else {\n ::apache::mod { $module: }\n }\n}"}, {"name": "apache::fastcgi::server", "file": "manifests/fastcgi/server.pp", "line": 31, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Determines the FastCGI's hostname or IP address and TCP port number (1-65535).", "types": ["Any"], "name": "host"}, {"tag_name": "param", "text": "Sets the number of seconds a [FastCGI](http://www.fastcgi.com/) application can be inactive before aborting the\nrequest and logging the event at the error LogLevel. The inactivity timer applies only as\nlong as a connection is pending with the FastCGI application. If a request is queued to an\napplication, but the application doesn't respond by writing and flushing within this period,\nthe request is aborted. If communication is complete with the application but incomplete with\nthe client (the response is buffered), the timeout does not apply.", "types": ["Any"], "name": "timeout"}, {"tag_name": "param", "text": "Forces `mod_fastcgi` to write to the client as data is received from the\napplication. By default, `mod_fastcgi` buffers data in order to free the application\nas quickly as possible.", "types": ["Any"], "name": "flush"}, {"tag_name": "param", "text": "Apache has FastCGI handle URIs that resolve to this filename. The path set in this\nparameter does not have to exist in the local filesystem.", "types": ["Any"], "name": "faux_path"}, {"tag_name": "param", "text": "Internally links actions with the FastCGI server. This alias must be unique.", "types": ["Any"], "name": "fcgi_alias"}, {"tag_name": "param", "text": "Sets the MIME `content-type` of the file to be processed by the FastCGI server.", "types": ["Any"], "name": "file_type"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "pass_header"}, {"tag_name": "summary", "text": "Defines one or more external FastCGI servers to handle specific file types. Use this\ndefined type with `mod_fastcgi`."}]}, "defaults": {"host": "'127.0.0.1:9000'", "timeout": "15", "flush": "false", "faux_path": "\"/var/www/${name}.fcgi\"", "fcgi_alias": "\"/${name}.fcgi\"", "file_type": "'application/x-httpd-php'", "pass_header": "undef"}, "source": "define apache::fastcgi::server (\n $host = '127.0.0.1:9000',\n $timeout = 15,\n $flush = false,\n $faux_path = \"/var/www/${name}.fcgi\",\n $fcgi_alias = \"/${name}.fcgi\",\n $file_type = 'application/x-httpd-php',\n $pass_header = undef,\n) {\n include apache::mod::fastcgi\n\n Apache::Mod['fastcgi'] -> Apache::Fastcgi::Server[$title]\n\n if $host =~ Stdlib::Absolutepath {\n $socket = $host\n }\n\n file { \"fastcgi-pool-${name}.conf\":\n ensure => file,\n path => \"${apache::confd_dir}/fastcgi-pool-${name}.conf\",\n owner => 'root',\n group => $apache::params::root_group,\n mode => $apache::file_mode,\n content => template('apache/fastcgi/server.erb'),\n require => Exec[\"mkdir ${apache::confd_dir}\"],\n before => File[$apache::confd_dir],\n notify => Class['apache::service'],\n }\n}"}, {"name": "apache::listen", "file": "manifests/listen.pp", "line": 7, "docstring": {"text": "The `apache::vhost` class uses this defined type, and titles take the form\n`<PORT>`, `<IPV4>:<PORT>`, or `<IPV6>:<PORT>`.", "tags": [{"tag_name": "summary", "text": "Adds `Listen` directives to `ports.conf` that define the\nApache server's or a virtual host's listening address and port."}]}, "source": "define apache::listen {\n $listen_addr_port = $name\n\n # Template uses: $listen_addr_port\n concat::fragment { \"Listen ${listen_addr_port}\":\n target => $apache::ports_file,\n content => template('apache/listen.erb'),\n }\n}"}, {"name": "apache::mod", "file": "manifests/mod.pp", "line": 35, "docstring": {"text": "Checks for or places the module's default configuration files in the Apache server's\n`module` and `enable` directories. The default locations depend on your operating system.", "tags": [{"tag_name": "param", "text": "**Required**.<br />\nNames the package Puppet uses to install the Apache module.", "types": ["Any"], "name": "package"}, {"tag_name": "param", "text": "Determines whether Puppet ensures the Apache module should be installed.", "types": ["Any"], "name": "package_ensure"}, {"tag_name": "param", "text": "Defines the module's shared object name. Do not configure manually without special reason.", "types": ["Any"], "name": "lib"}, {"tag_name": "param", "text": "Specifies a path to the module's libraries. Do not manually set this parameter\nwithout special reason. The `path` parameter overrides this value.", "types": ["Any"], "name": "lib_path"}, {"tag_name": "param", "text": "Sets the filename for the module's `LoadFile` directive, which can also set\nthe module load order as Apache processes them in alphanumeric order.", "types": ["Any"], "name": "loadfile_name"}, {"tag_name": "param", "text": "Specifies the package id", "types": ["Any"], "name": "id"}, {"tag_name": "param", "text": "Specifies an array of `LoadFile` directives.", "types": ["Any"], "name": "loadfiles"}, {"tag_name": "param", "text": "Specifies a path to the module. Do not manually set this parameter without a special reason.", "types": ["Any"], "name": "path"}, {"tag_name": "summary", "text": "Installs packages for an Apache module that doesn't have a corresponding\n`apache::mod::<MODULE NAME>` class."}]}, "defaults": {"package": "undef", "package_ensure": "'present'", "lib": "undef", "lib_path": "$apache::lib_path", "id": "undef", "path": "undef", "loadfile_name": "undef", "loadfiles": "undef"}, "source": "define apache::mod (\n $package = undef,\n $package_ensure = 'present',\n $lib = undef,\n $lib_path = $apache::lib_path,\n $id = undef,\n $path = undef,\n $loadfile_name = undef,\n $loadfiles = undef,\n) {\n if ! defined(Class['apache']) {\n fail('You must include the apache base class before using any apache defined resources')\n }\n\n $mod = $name\n #include apache #This creates duplicate resources in rspec-puppet\n $mod_dir = $apache::mod_dir\n\n # Determine if we have special lib\n $mod_libs = $apache::mod_libs\n if $lib {\n $_lib = $lib\n } elsif has_key($mod_libs, $mod) { # 2.6 compatibility hack\n $_lib = $mod_libs[$mod]\n } else {\n $_lib = \"mod_${mod}.so\"\n }\n\n # Determine if declaration specified a path to the module\n if $path {\n $_path = $path\n } else {\n $_path = \"${lib_path}/${_lib}\"\n }\n\n if $id {\n $_id = $id\n } else {\n $_id = \"${mod}_module\"\n }\n\n if $loadfile_name {\n $_loadfile_name = $loadfile_name\n } else {\n $_loadfile_name = \"${mod}.load\"\n }\n\n # Determine if we have a package\n $mod_packages = $apache::mod_packages\n if $package {\n $_package = $package\n } elsif has_key($mod_packages, $mod) { # 2.6 compatibility hack\n if ($apache::apache_version == '2.4' and $::operatingsystem =~ /^[Aa]mazon$/ and $::operatingsystemmajrelease != '2') {\n # On amazon linux we need to prefix our package name with mod24 instead of mod to support apache 2.4\n $_package = regsubst($mod_packages[$mod],'^(mod_)?(.*)','mod24_\\2')\n } else {\n $_package = $mod_packages[$mod]\n }\n } else {\n $_package = undef\n }\n if $_package and ! defined(Package[$_package]) {\n # note: FreeBSD/ports uses apxs tool to activate modules; apxs clutters\n # httpd.conf with 'LoadModule' directives; here, by proper resource\n # ordering, we ensure that our version of httpd.conf is reverted after\n # the module gets installed.\n $package_before = $::osfamily ? {\n 'freebsd' => [\n File[$_loadfile_name],\n File[\"${apache::conf_dir}/${apache::params::conf_file}\"]\n ],\n default => [\n File[$_loadfile_name],\n File[$apache::confd_dir],\n ],\n }\n # if there are any packages, they should be installed before the associated conf file\n Package[$_package] -> File<| title == \"${mod}.conf\" |>\n # $_package may be an array\n package { $_package:\n ensure => $package_ensure,\n require => Package['httpd'],\n before => $package_before,\n notify => Class['apache::service'],\n }\n }\n\n file { $_loadfile_name:\n ensure => file,\n path => \"${mod_dir}/${_loadfile_name}\",\n owner => 'root',\n group => $apache::params::root_group,\n mode => $apache::file_mode,\n content => template('apache/mod/load.erb'),\n require => [\n Package['httpd'],\n Exec[\"mkdir ${mod_dir}\"],\n ],\n before => File[$mod_dir],\n notify => Class['apache::service'],\n }\n\n if $::osfamily == 'Debian' {\n $enable_dir = $apache::mod_enable_dir\n file { \"${_loadfile_name} symlink\":\n ensure => link,\n path => \"${enable_dir}/${_loadfile_name}\",\n target => \"${mod_dir}/${_loadfile_name}\",\n owner => 'root',\n group => $apache::params::root_group,\n mode => $apache::file_mode,\n require => [\n File[$_loadfile_name],\n Exec[\"mkdir ${enable_dir}\"],\n ],\n before => File[$enable_dir],\n notify => Class['apache::service'],\n }\n # Each module may have a .conf file as well, which should be\n # defined in the class apache::mod::module\n # Some modules do not require this file.\n if defined(File[\"${mod}.conf\"]) {\n file { \"${mod}.conf symlink\":\n ensure => link,\n path => \"${enable_dir}/${mod}.conf\",\n target => \"${mod_dir}/${mod}.conf\",\n owner => 'root',\n group => $apache::params::root_group,\n mode => $apache::file_mode,\n require => [\n File[\"${mod}.conf\"],\n Exec[\"mkdir ${enable_dir}\"],\n ],\n before => File[$enable_dir],\n notify => Class['apache::service'],\n }\n }\n } elsif $::osfamily == 'Suse' {\n $enable_dir = $apache::mod_enable_dir\n file { \"${_loadfile_name} symlink\":\n ensure => link,\n path => \"${enable_dir}/${_loadfile_name}\",\n target => \"${mod_dir}/${_loadfile_name}\",\n owner => 'root',\n group => $apache::params::root_group,\n mode => $apache::file_mode,\n require => [\n File[$_loadfile_name],\n Exec[\"mkdir ${enable_dir}\"],\n ],\n before => File[$enable_dir],\n notify => Class['apache::service'],\n }\n # Each module may have a .conf file as well, which should be\n # defined in the class apache::mod::module\n # Some modules do not require this file.\n if defined(File[\"${mod}.conf\"]) {\n file { \"${mod}.conf symlink\":\n ensure => link,\n path => \"${enable_dir}/${mod}.conf\",\n target => \"${mod_dir}/${mod}.conf\",\n owner => 'root',\n group => $apache::params::root_group,\n mode => $apache::file_mode,\n require => [\n File[\"${mod}.conf\"],\n Exec[\"mkdir ${enable_dir}\"],\n ],\n before => File[$enable_dir],\n notify => Class['apache::service'],\n }\n }\n }\n\n Apache::Mod[$name] -> Anchor['::apache::modules_set_up']\n}"}, {"name": "apache::mpm", "file": "manifests/mpm.pp", "line": 4, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "lib_path"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "apache_version"}, {"tag_name": "summary", "text": "Enables the use of Apache MPMs."}]}, "defaults": {"lib_path": "$apache::lib_path", "apache_version": "$apache::apache_version"}, "source": "define apache::mpm (\n $lib_path = $apache::lib_path,\n $apache_version = $apache::apache_version,\n) {\n if ! defined(Class['apache']) {\n fail('You must include the apache base class before using any apache defined resources')\n }\n\n $mpm = $name\n $mod_dir = $apache::mod_dir\n\n $_lib = \"mod_mpm_${mpm}.so\"\n $_path = \"${lib_path}/${_lib}\"\n $_id = \"mpm_${mpm}_module\"\n\n if $::osfamily == 'Suse' {\n #mpms on Suse 12 don't use .so libraries so create a placeholder load file\n if versioncmp($apache_version, '2.4') >= 0 {\n file { \"${mod_dir}/${mpm}.load\":\n ensure => file,\n path => \"${mod_dir}/${mpm}.load\",\n content => '',\n require => [\n Package['httpd'],\n Exec[\"mkdir ${mod_dir}\"],\n ],\n before => File[$mod_dir],\n notify => Class['apache::service'],\n }\n }\n } else {\n if versioncmp($apache_version, '2.4') >= 0 {\n file { \"${mod_dir}/${mpm}.load\":\n ensure => file,\n path => \"${mod_dir}/${mpm}.load\",\n content => \"LoadModule ${_id} ${_path}\\n\",\n require => [\n Package['httpd'],\n Exec[\"mkdir ${mod_dir}\"],\n ],\n before => File[$mod_dir],\n notify => Class['apache::service'],\n }\n }\n }\n\n case $::osfamily {\n 'debian': {\n file { \"${apache::mod_enable_dir}/${mpm}.conf\":\n ensure => link,\n target => \"${apache::mod_dir}/${mpm}.conf\",\n require => Exec[\"mkdir ${apache::mod_enable_dir}\"],\n before => File[$apache::mod_enable_dir],\n notify => Class['apache::service'],\n }\n\n if versioncmp($apache_version, '2.4') >= 0 {\n file { \"${apache::mod_enable_dir}/${mpm}.load\":\n ensure => link,\n target => \"${apache::mod_dir}/${mpm}.load\",\n require => Exec[\"mkdir ${apache::mod_enable_dir}\"],\n before => File[$apache::mod_enable_dir],\n notify => Class['apache::service'],\n }\n\n if $mpm == 'itk' {\n file { \"${lib_path}/mod_mpm_itk.so\":\n ensure => link,\n target => \"${lib_path}/mpm_itk.so\",\n require => Package['httpd'],\n before => Class['apache::service'],\n }\n }\n } else {\n package { \"apache2-mpm-${mpm}\":\n ensure => present,\n before => [\n Class['apache::service'],\n File[$apache::mod_enable_dir],\n ],\n }\n }\n\n if $mpm == 'itk' {\n include apache::mpm::disable_mpm_event\n include apache::mpm::disable_mpm_worker\n\n package { 'libapache2-mpm-itk':\n ensure => present,\n before => [\n Class['apache::service'],\n File[$apache::mod_enable_dir],\n ],\n }\n }\n\n if $mpm == 'prefork' {\n if ( ( $::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease,'18.04') >= 0 ) or $::operatingsystem == 'Debian' ) {\n include apache::mpm::disable_mpm_event\n include apache::mpm::disable_mpm_worker\n }\n }\n\n if $mpm == 'worker' {\n if ( ( $::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease,'18.04') >= 0 ) or $::operatingsystem == 'Debian' ) {\n include apache::mpm::disable_mpm_event\n include apache::mpm::disable_mpm_prefork\n }\n }\n }\n\n 'freebsd': {\n class { 'apache::package':\n mpm_module => $mpm,\n }\n }\n 'gentoo': {\n # so we don't fail\n }\n 'redhat': {\n # so we don't fail\n }\n 'Suse': {\n file { \"${apache::mod_enable_dir}/${mpm}.conf\":\n ensure => link,\n target => \"${apache::mod_dir}/${mpm}.conf\",\n require => Exec[\"mkdir ${apache::mod_enable_dir}\"],\n before => File[$apache::mod_enable_dir],\n notify => Class['apache::service'],\n }\n\n if versioncmp($apache_version, '2.4') >= 0 {\n file { \"${apache::mod_enable_dir}/${mpm}.load\":\n ensure => link,\n target => \"${apache::mod_dir}/${mpm}.load\",\n require => Exec[\"mkdir ${apache::mod_enable_dir}\"],\n before => File[$apache::mod_enable_dir],\n notify => Class['apache::service'],\n }\n\n if $mpm == 'itk' {\n file { \"${lib_path}/mod_mpm_itk.so\":\n ensure => link,\n target => \"${lib_path}/mpm_itk.so\",\n }\n }\n }\n\n package { \"apache2-${mpm}\":\n ensure => present,\n }\n }\n default: {\n fail(\"Unsupported osfamily ${::osfamily}\")\n }\n }\n}"}, {"name": "apache::namevirtualhost", "file": "manifests/namevirtualhost.pp", "line": 7, "docstring": {"text": "Adds all related directives to the `ports.conf` file in the Apache HTTPD configuration\ndirectory. Titles can take the forms `\\*`, `\\*:\\<PORT\\>`, `\\_default\\_:\\<PORT\\>`,\n`\\<IP\\>`, or `\\<IP\\>:\\<PORT\\>`.", "tags": [{"tag_name": "summary", "text": "Enables name-based virtual hosts"}]}, "source": "define apache::namevirtualhost {\n $addr_port = $name\n\n # Template uses: $addr_port\n concat::fragment { \"NameVirtualHost ${addr_port}\":\n target => $apache::ports_file,\n content => template('apache/namevirtualhost.erb'),\n }\n}"}, {"name": "apache::peruser::multiplexer", "file": "manifests/peruser/multiplexer.pp", "line": 7, "docstring": {"text": "If Apache has a class, it includes that class. If it does not, it passes the module name to the `apache::mod` defined type.", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "user"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "group"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "file"}, {"tag_name": "summary", "text": "Checks if an Apache module has a class."}]}, "defaults": {"user": "$apache::user", "group": "$apache::group", "file": "undef"}, "source": "define apache::peruser::multiplexer (\n $user = $apache::user,\n $group = $apache::group,\n $file = undef,\n) {\n if ! $file {\n $filename = \"${name}.conf\"\n } else {\n $filename = $file\n }\n file { \"${apache::mod_dir}/peruser/multiplexers/${filename}\":\n ensure => file,\n content => \"Multiplexer ${user} ${group}\\n\",\n require => File[\"${apache::mod_dir}/peruser/multiplexers\"],\n notify => Class['apache::service'],\n }\n}"}, {"name": "apache::peruser::processor", "file": "manifests/peruser/processor.pp", "line": 5, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "user"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "group"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "file"}, {"tag_name": "summary", "text": "Enables the `Peruser` module for FreeBSD only."}]}, "defaults": {"file": "undef"}, "source": "define apache::peruser::processor (\n $user,\n $group,\n $file = undef,\n) {\n if ! $file {\n $filename = \"${name}.conf\"\n } else {\n $filename = $file\n }\n file { \"${apache::mod_dir}/peruser/processors/${filename}\":\n ensure => file,\n content => \"Processor ${user} ${group}\\n\",\n require => File[\"${apache::mod_dir}/peruser/processors\"],\n notify => Class['apache::service'],\n }\n}"}, {"name": "apache::security::rule_link", "file": "manifests/security/rule_link.pp", "line": 5, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "summary", "text": "Links the activated_rules from `apache::mod::security` to the respective CRS rules on disk."}]}, "source": "define apache::security::rule_link () {\n $parts = split($title, '/')\n $filename = $parts[-1]\n\n $target = $title ? {\n /^\\// => $title,\n default => \"${apache::params::modsec_crs_path}/${title}\",\n }\n\n file { $filename:\n ensure => 'link',\n path => \"${apache::mod::security::modsec_dir}/activated_rules/${filename}\",\n target => $target ,\n require => File[\"${apache::mod::security::modsec_dir}/activated_rules\"],\n notify => Class['apache::service'],\n }\n}"}, {"name": "apache::vhost", "file": "manifests/vhost.pp", "line": 1761, "docstring": {"text": "The apache module allows a lot of flexibility in the setup and configuration of virtual hosts.\nThis flexibility is due, in part, to `vhost` being a defined resource type, which allows Apache\nto evaluate it multiple times with different parameters.<br />\nThe `apache::vhost` defined type allows you to have specialized configurations for virtual hosts\nthat have requirements outside the defaults. You can set up a default virtual host within\nthe base `::apache` class, as well as set a customized virtual host as the default.\nCustomized virtual hosts have a lower numeric `priority` than the base class's, causing\nApache to process the customized virtual host first.<br />\nThe `apache::vhost` defined type uses `concat::fragment` to build the configuration file. To\ninject custom fragments for pieces of the configuration that the defined type doesn't\ninherently support, add a custom fragment.<br />\nFor the custom fragment's `order` parameter, the `apache::vhost` defined type uses multiples\nof 10, so any `order` that isn't a multiple of 10 should work.<br />\n> **Note:** When creating an `apache::vhost`, it cannot be named `default` or `default-ssl`,\nbecause vhosts with these titles are always managed by the module. This means that you cannot\noverride `Apache::Vhost['default']` or `Apache::Vhost['default-ssl]` resources. An optional\nworkaround is to create a vhost named something else, such as `my default`, and ensure that the\n`default` and `default_ssl` vhosts are set to `false`:", "tags": [{"tag_name": "example", "text": "class { 'apache':\n default_vhost => false,\n default_ssl_vhost => false,\n}", "name": ""}, {"tag_name": "param", "text": "Apache's version number as a string, such as '2.2' or '2.4'.", "types": ["Any"], "name": "apache_version"}, {"tag_name": "param", "text": "Determines whether to configure `*_access.log` directives (`*_file`,`*_pipe`, or `*_syslog`).", "types": ["Boolean"], "name": "access_log"}, {"tag_name": "param", "text": "Specifies that only requests with particular environment variables be logged.", "types": ["Any"], "name": "access_log_env_var"}, {"tag_name": "param", "text": "Sets the filename of the `*_access.log` placed in `logroot`. Given a virtual host ---for\ninstance, example.com--- it defaults to 'example.com_ssl.log' for\n[SSL-encrypted](https://httpd.apache.org/docs/current/ssl/index.html) virtual hosts and\n`example.com_access.log` for unencrypted virtual hosts.", "types": ["Any"], "name": "access_log_file"}, {"tag_name": "param", "text": "Specifies the use of either a `LogFormat` nickname or a custom-formatted string for the\naccess log.", "types": ["Any"], "name": "access_log_format"}, {"tag_name": "param", "text": "Specifies a pipe where Apache sends access log messages.", "types": ["Any"], "name": "access_log_pipe"}, {"tag_name": "param", "text": "Sends all access log messages to syslog.", "types": ["Any"], "name": "access_log_syslog"}, {"tag_name": "param", "text": "Allows you to give a hash that specifies the state of each of the `access_log_*`\ndirectives shown above, i.e. `access_log_pipe` and `access_log_syslog`.", "types": ["Optional[Array]"], "name": "access_logs"}, {"tag_name": "param", "text": "Sets a default media charset value for the `AddDefaultCharset` directive, which is\nadded to `text/plain` and `text/html` responses.", "types": ["Any"], "name": "add_default_charset"}, {"tag_name": "param", "text": "Determines whether the virtual host creates a `Listen` statement.<br />\nSetting `add_listen` to `false` prevents the virtual host from creating a `Listen`\nstatement. This is important when combining virtual hosts that aren't passed an `ip`\nparameter with those that are.", "types": ["Any"], "name": "add_listen"}, {"tag_name": "param", "text": "Specifies whether Apache uses the `IncludeOptional` directive instead of `Include` for\n`additional_includes` in Apache 2.4 or newer.", "types": ["Any"], "name": "use_optional_includes"}, {"tag_name": "param", "text": "Specifies paths to additional static, virtual host-specific Apache configuration files.\nYou can use this parameter to implement a unique, custom configuration not supported by\nthis module.", "types": ["Any"], "name": "additional_includes"}, {"tag_name": "param", "text": "Passes a list of [hashes][hash] to the virtual host to create `Alias`, `AliasMatch`,\n`ScriptAlias` or `ScriptAliasMatch` directives as per the `mod_alias` documentation.<br />\nFor example:\n``` puppet\naliases => [\n { aliasmatch => '^/image/(.*)\\.jpg$',\n path => '/files/jpg.images/$1.jpg',\n },\n { alias => '/image',\n path => '/ftp/pub/image',\n },\n { scriptaliasmatch => '^/cgi-bin(.*)',\n path => '/usr/local/share/cgi-bin$1',\n },\n { scriptalias => '/nagios/cgi-bin/',\n path => '/usr/lib/nagios/cgi-bin/',\n },\n { alias => '/nagios',\n path => '/usr/share/nagios/html',\n },\n],\n```\nFor the `alias`, `aliasmatch`, `scriptalias` and `scriptaliasmatch` keys to work, each needs\na corresponding context, such as `<Directory /path/to/directory>` or\n`<Location /some/location/here>`. Puppet creates the directives in the order specified in\nthe `aliases` parameter. As described in the `mod_alias` documentation, add more specific\n`alias`, `aliasmatch`, `scriptalias` or `scriptaliasmatch` parameters before the more\ngeneral ones to avoid shadowing.<BR />\n> **Note**: Use the `aliases` parameter instead of the `scriptaliases` parameter because\nyou can precisely control the order of various alias directives. Defining `ScriptAliases`\nusing the `scriptaliases` parameter means *all* `ScriptAlias` directives will come after\n*all* `Alias` directives, which can lead to `Alias` directives shadowing `ScriptAlias`\ndirectives. This often causes problems; for example, this could cause problems with Nagios.<BR />\nIf `apache::mod::passenger` is loaded and `PassengerHighPerformance` is `true`, the `Alias`\ndirective might not be able to honor the `PassengerEnabled => off` statement. See\n[this article](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) for details.", "types": ["Any"], "name": "aliases"}, {"tag_name": "param", "text": "Sets the `AllowEncodedSlashes` declaration for the virtual host, overriding the server\ndefault. This modifies the virtual host responses to URLs with `\\` and `/` characters. The\ndefault setting omits the declaration from the server configuration and selects the\nApache default setting of `Off`.", "types": ["Optional[Enum['on', 'off', 'nodecode']]"], "name": "allow_encoded_slashes"}, {"tag_name": "param", "text": "Specifies the list of things to which Apache blocks access. Valid options are: `scm` (which\nblocks web access to `.svn`), `.git`, and `.bzr` directories.", "types": ["Any"], "name": "block"}, {"tag_name": "param", "text": "Adds a header with the value of this header being the attribute values when SAML\nvalidation is enabled.", "types": ["Any"], "name": "cas_attribute_prefix"}, {"tag_name": "param", "text": "Sets the delimiter between attribute values in the header created by `cas_attribute_prefix`.", "types": ["Any"], "name": "cas_attribute_delimiter"}, {"tag_name": "param", "text": "Sets the URL to which the module redirects users when they attempt to access a\nCAS-protected resource and don't have an active session.", "types": ["Any"], "name": "cas_login_url"}, {"tag_name": "param", "text": "Sets the URL end users see when access to this Apache server is proxied per vhost.\nThis URL should not include a trailing slash.", "types": ["Any"], "name": "cas_root_proxied_as"}, {"tag_name": "param", "text": "Remove inbound request headers that may have special meaning within mod_auth_cas.", "types": ["Any"], "name": "cas_scrub_request_headers"}, {"tag_name": "param", "text": "Enables experimental support for single sign out (may mangle POST data).", "types": ["Any"], "name": "cas_sso_enabled"}, {"tag_name": "param", "text": "Parse response from CAS server for SAML.", "types": ["Any"], "name": "cas_validate_saml"}, {"tag_name": "param", "text": "Sets the URL to use when validating a client-presented ticket in an HTTP query string.", "types": ["Any"], "name": "cas_validate_url"}, {"tag_name": "param", "text": "Sets the location where information on the current session should be stored. This should\nbe writable by the web server only.", "types": ["Any"], "name": "cas_cookie_path"}, {"tag_name": "param", "text": "Adds comments to the header of the configuration file. Pass as string or an array of strings.\nFor example:\n``` puppet\ncomment => \"Account number: 123B\",\n```\nOr:\n``` puppet\ncomment => [\n \"Customer: X\",\n \"Frontend domain: x.example.org\",\n]\n```", "types": ["Optional[Variant[String,Array[String]]]"], "name": "comment"}, {"tag_name": "param", "text": "Passes a string of custom configuration directives to place at the end of the virtual\nhost configuration.", "types": ["Optional[String]"], "name": "custom_fragment"}, {"tag_name": "param", "text": "Sets a given `apache::vhost` defined type as the default to serve requests that do not\nmatch any other `apache::vhost` defined types.", "types": ["Boolean"], "name": "default_vhost"}, {"tag_name": "param", "text": "Sets the list of resources to look for when a client requests an index of the directory\nby specifying a '/' at the end of the directory name. See the `DirectoryIndex` directive\ndocumentation for details.", "types": ["Any"], "name": "directoryindex"}, {"tag_name": "param", "text": "**Required**.<br />\nSets the `DocumentRoot` location, from which Apache serves files.<br />\nIf `docroot` and `manage_docroot` are both set to `false`, no `DocumentRoot` will be set\nand the accompanying `<Directory /path/to/directory>` block will not be created.", "types": ["Variant[Boolean,String]"], "name": "docroot"}, {"tag_name": "param", "text": "Sets group access to the `docroot` directory.", "types": ["Any"], "name": "docroot_group"}, {"tag_name": "param", "text": "Sets individual user access to the `docroot` directory.", "types": ["Any"], "name": "docroot_owner"}, {"tag_name": "param", "text": "Sets access permissions for the `docroot` directory, in numeric notation.", "types": ["Any"], "name": "docroot_mode"}, {"tag_name": "param", "text": "Determines whether Puppet manages the `docroot` directory.", "types": ["Any"], "name": "manage_docroot"}, {"tag_name": "param", "text": "Specifies whether `*_error.log` directives should be configured.", "types": ["Boolean"], "name": "error_log"}, {"tag_name": "param", "text": "Points the virtual host's error logs to a `*_error.log` file. If this parameter is\nundefined, Puppet checks for values in `error_log_pipe`, then `error_log_syslog`.<br />\nIf none of these parameters is set, given a virtual host `example.com`, Puppet defaults\nto `$logroot/example.com_error_ssl.log` for SSL virtual hosts and\n`$logroot/example.com_error.log` for non-SSL virtual hosts.", "types": ["Any"], "name": "error_log_file"}, {"tag_name": "param", "text": "Specifies a pipe to send error log messages to.<br />\nThis parameter has no effect if the `error_log_file` parameter has a value. If neither\nthis parameter nor `error_log_file` has a value, Puppet then checks `error_log_syslog`.", "types": ["Any"], "name": "error_log_pipe"}, {"tag_name": "param", "text": "Determines whether to send all error log messages to syslog.\nThis parameter has no effect if either of the `error_log_file` or `error_log_pipe`\nparameters has a value. If none of these parameters has a value, given a virtual host\n`example.com`, Puppet defaults to `$logroot/example.com_error_ssl.log` for SSL virtual\nhosts and `$logroot/example.com_error.log` for non-SSL virtual hosts.", "types": ["Any"], "name": "error_log_syslog"}, {"tag_name": "param", "text": "Sets the [ErrorLogFormat](https://httpd.apache.org/docs/current/mod/core.html#errorlogformat)\nformat specification for error log entries inside virtual host\nFor example:\n``` puppet\napache::vhost { 'site.name.fdqn':\n ...\n error_log_format => [\n '[%{uc}t] [%-m:%-l] [R:%L] [C:%{C}L] %7F: %E: %M',\n { '[%{uc}t] [R:%L] Request %k on C:%{c}L pid:%P tid:%T' => 'request' },\n { \"[%{uc}t] [R:%L] UA:'%+{User-Agent}i'\" => 'request' },\n { \"[%{uc}t] [R:%L] Referer:'%+{Referer}i'\" => 'request' },\n { '[%{uc}t] [C:%{c}L] local\\ %a remote\\ %A' => 'connection' },\n ],\n}\n```", "types": ["Optional[\n Array[\n Variant[\n String,\n Hash[String, Enum['connection', 'request']]\n ]\n ]\n ]"], "name": "error_log_format"}, {"tag_name": "param", "text": "A list of hashes which can be used to override the\n[ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument)\nsettings for this virtual host.<br />\nFor example:\n``` puppet\napache::vhost { 'sample.example.net':\n error_documents => [\n { 'error_code' => '503', 'document' => '/service-unavail' },\n { 'error_code' => '407', 'document' => 'https://example.com/proxy/login' },\n ],\n}\n```", "types": ["Any"], "name": "error_documents"}, {"tag_name": "param", "text": "Specifies if the virtual host is present or absent.<br />", "types": ["Enum['absent', 'present']"], "name": "ensure"}, {"tag_name": "param", "text": "Sets the [FallbackResource](https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource)\ndirective, which specifies an action to take for any URL that doesn't map to anything in\nyour filesystem and would otherwise return 'HTTP 404 (Not Found)'. Values must either begin\nwith a `/` or be `disabled`.", "types": ["Optional[Variant[Stdlib::Absolutepath, Enum['disabled']]]"], "name": "fallbackresource"}, {"tag_name": "param", "text": "Specify an external FastCGI server to manage a connection to.", "types": ["Any"], "name": "fastcgi_server"}, {"tag_name": "param", "text": "Specify the socket that will be used to communicate with an external FastCGI server.", "types": ["Any"], "name": "fastcgi_socket"}, {"tag_name": "param", "text": "If using fastcgi, this option sets the timeout for the server to respond.", "types": ["Any"], "name": "fastcgi_idle_timeout"}, {"tag_name": "param", "text": "Specify an internal FastCGI directory that is to be managed.", "types": ["Any"], "name": "fastcgi_dir"}, {"tag_name": "param", "text": "[Filters](https://httpd.apache.org/docs/current/mod/mod_filter.html) enable smart,\ncontext-sensitive configuration of output content filters.\n``` puppet\napache::vhost { \"$::fqdn\":\n filters => [\n 'FilterDeclare COMPRESS',\n 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html',\n 'FilterChain COMPRESS',\n 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no',\n ],\n}\n```", "types": ["Any"], "name": "filters"}, {"tag_name": "param", "text": "Sets the [H2CopyFiles](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2copyfiles)\ndirective which influences how the requestion process pass files to the main connection.", "types": ["Optional[Boolean]"], "name": "h2_copy_files"}, {"tag_name": "param", "text": "Sets the [H2Direct](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2direct)\ndirective which toggles the usage of the HTTP/2 Direct Mode.", "types": ["Optional[Boolean]"], "name": "h2_direct"}, {"tag_name": "param", "text": "Sets the [H2EarlyHints](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2earlyhints)\ndirective which controls if HTTP status 103 interim responses are forwarded to\nthe client or not.", "types": ["Optional[Boolean]"], "name": "h2_early_hints"}, {"tag_name": "param", "text": "Sets the [H2MaxSessionStreams](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2maxsessionstreams)\ndirective which sets the maximum number of active streams per HTTP/2 session\nthat the server allows.", "types": ["Optional[Integer]"], "name": "h2_max_session_streams"}, {"tag_name": "param", "text": "Sets the [H2ModernTLSOnly](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2moderntlsonly)\ndirective which toggles the security checks on HTTP/2 connections in TLS mode.", "types": ["Optional[Boolean]"], "name": "h2_modern_tls_only"}, {"tag_name": "param", "text": "Sets the [H2Push](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2push)\ndirective which toggles the usage of the HTTP/2 server push protocol feature.", "types": ["Optional[Boolean]"], "name": "h2_push"}, {"tag_name": "param", "text": "Sets the [H2PushDiarySize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushdiarysize)\ndirective which toggles the maximum number of HTTP/2 server pushes that are\nremembered per HTTP/2 connection.", "types": ["Optional[Integer]"], "name": "h2_push_diary_size"}, {"tag_name": "param", "text": "Sets the [H2PushPriority](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushpriority)\ndirective which defines the priority handling of pushed responses based on the\ncontent-type of the response.", "types": ["Array[String]"], "name": "h2_push_priority"}, {"tag_name": "param", "text": "Sets the [H2PushResource](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushresource)\ndirective which declares resources for early pushing to the client.", "types": ["Array[String]"], "name": "h2_push_resource"}, {"tag_name": "param", "text": "Sets the [H2SerializeHeaders](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2serializeheaders)\ndirective which toggles if HTTP/2 requests are serialized in HTTP/1.1\nformat for processing by httpd core.", "types": ["Optional[Boolean]"], "name": "h2_serialize_headers"}, {"tag_name": "param", "text": "Sets the [H2StreamMaxMemSize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2streammaxmemsize)\ndirective which sets the maximum number of outgoing data bytes buffered in\nmemory for an active stream.", "types": ["Optional[Integer]"], "name": "h2_stream_max_mem_size"}, {"tag_name": "param", "text": "Sets the [H2TLSCoolDownSecs](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2tlscooldownsecs)\ndirective which sets the number of seconds of idle time on a TLS connection\nbefore the TLS write size falls back to a small (~1300 bytes) length.", "types": ["Optional[Integer]"], "name": "h2_tls_cool_down_secs"}, {"tag_name": "param", "text": "Sets the [H2TLSWarmUpSize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2tlswarmupsize)\ndirective which sets the number of bytes to be sent in small TLS records (~1300\nbytes) until doing maximum sized writes (16k) on https: HTTP/2 connections.", "types": ["Optional[Integer]"], "name": "h2_tls_warm_up_size"}, {"tag_name": "param", "text": "Sets the [H2Upgrade](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2upgrade)\ndirective which toggles the usage of the HTTP/1.1 Upgrade method for switching\nto HTTP/2.", "types": ["Optional[Boolean]"], "name": "h2_upgrade"}, {"tag_name": "param", "text": "Sets the [H2WindowSize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2windowsize)\ndirective which sets the size of the window that is used for flow control from\nclient to server and limits the amount of data the server has to buffer.", "types": ["Optional[Integer]"], "name": "h2_window_size"}, {"tag_name": "param", "text": "Adds lines to replace, merge, or remove response headers. See\n[Apache's mod_headers documentation](https://httpd.apache.org/docs/current/mod/mod_headers.html#header) for more information.", "types": ["Any"], "name": "headers"}, {"tag_name": "param", "text": "Sets the IP address the virtual host listens on. By default, uses Apache's default behavior\nof listening on all IPs.", "types": ["Any"], "name": "ip"}, {"tag_name": "param", "text": "Enables an [IP-based](https://httpd.apache.org/docs/current/vhosts/ip-based.html) virtual\nhost. This parameter inhibits the creation of a NameVirtualHost directive, since those are\nused to funnel requests to name-based virtual hosts.", "types": ["Boolean"], "name": "ip_based"}, {"tag_name": "param", "text": "Configures [ITK](http://mpm-itk.sesse.net/) in a hash.<br />\nUsage typically looks something like:\n``` puppet\napache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n itk => {\n user => 'someuser',\n group => 'somegroup',\n },\n}\n```\nValid values are: a hash, which can include the keys:\n* `user` + `group`\n* `assignuseridexpr`\n* `assigngroupidexpr`\n* `maxclientvhost`\n* `nice`\n* `limituidrange` (Linux 3.5.0 or newer)\n* `limitgidrange` (Linux 3.5.0 or newer)", "types": ["Optional[Hash]"], "name": "itk"}, {"tag_name": "param", "text": "Specifies whether you wish to configure mod_actions action directive which will\nactivate cgi-script when triggered by a request.", "types": ["Any"], "name": "action"}, {"tag_name": "param", "text": "Sets up a virtual host with `JkMount` and `JkUnMount` directives to handle the paths\nfor URL mapping between Tomcat and Apache.<br />\nThe parameter must be an array of hashes where each hash must contain the `worker`\nand either the `mount` or `unmount` keys.<br />\nUsage typically looks like:\n``` puppet\napache::vhost { 'sample.example.net':\n jk_mounts => [\n { mount => '/*', worker => 'tcnode1', },\n { unmount => '/*.jpg', worker => 'tcnode1', },\n ],\n}\n```", "types": ["Any"], "name": "jk_mounts"}, {"tag_name": "param", "text": "Specifies the strictness of HTTP protocol checks.", "types": ["Optional[Pattern[/^((Strict|Unsafe)?\\s*(\\b(Registered|Lenient)Methods)?\\s*(\\b(Allow0\\.9|Require1\\.0))?)$/]]"], "name": "http_protocol_options"}, {"tag_name": "param", "text": "Determines whether to enable persistent HTTP connections with the `KeepAlive` directive\nfor the virtual host. By default, the global, server-wide `KeepAlive` setting is in effect.<br />\nUse the `keepalive_timeout` and `max_keepalive_requests` parameters to set relevant options\nfor the virtual host.", "types": ["Optional[Enum['on', 'off']]"], "name": "keepalive"}, {"tag_name": "param", "text": "Sets the `KeepAliveTimeout` directive for the virtual host, which determines the amount\nof time to wait for subsequent requests on a persistent HTTP connection. By default, the\nglobal, server-wide `KeepAlive` setting is in effect.<br />\nThis parameter is only relevant if either the global, server-wide `keepalive` parameter or\nthe per-vhost `keepalive` parameter is enabled.", "types": ["Any"], "name": "keepalive_timeout"}, {"tag_name": "param", "text": "Limits the number of requests allowed per connection to the virtual host. By default,\nthe global, server-wide `KeepAlive` setting is in effect.<br />\nThis parameter is only relevant if either the global, server-wide `keepalive` parameter or\nthe per-vhost `keepalive` parameter is enabled.", "types": ["Any"], "name": "max_keepalive_requests"}, {"tag_name": "param", "text": "Enable `mod_auth_kerb` parameters for a virtual host.<br />\nUsage typically looks like:\n``` puppet\napache::vhost { 'sample.example.net':\n auth_kerb => `true`,\n krb_method_negotiate => 'on',\n krb_auth_realms => ['EXAMPLE.ORG'],\n krb_local_user_mapping => 'on',\n directories => {\n path => '/var/www/html',\n auth_name => 'Kerberos Login',\n auth_type => 'Kerberos',\n auth_require => 'valid-user',\n },\n}\n```", "types": ["Boolean"], "name": "auth_kerb"}, {"tag_name": "param", "text": "Determines whether to use the Negotiate method.", "types": ["Any"], "name": "krb_method_negotiate"}, {"tag_name": "param", "text": "Determines whether to use password-based authentication for Kerberos v5.", "types": ["Any"], "name": "krb_method_k5passwd"}, {"tag_name": "param", "text": "If set to `off`, authentication controls can be passed on to another module.", "types": ["Any"], "name": "krb_authoritative"}, {"tag_name": "param", "text": "Specifies an array of Kerberos realms to use for authentication.", "types": ["Any"], "name": "krb_auth_realms"}, {"tag_name": "param", "text": "Specifies the Kerberos v5 keytab file's location.", "types": ["Any"], "name": "krb_5keytab"}, {"tag_name": "param", "text": "Strips @REALM from usernames for further use.", "types": ["Any"], "name": "krb_local_user_mapping"}, {"tag_name": "param", "text": "This option can be used to disable the verification tickets against local keytab to prevent\nKDC spoofing attacks.", "types": ["Any"], "name": "krb_verify_kdc"}, {"tag_name": "param", "text": "Specifies the service name that will be used by Apache for authentication. Corresponding\nkey of this name must be stored in the keytab.", "types": ["Any"], "name": "krb_servicename"}, {"tag_name": "param", "text": "This option enables credential saving functionality.", "types": ["Any"], "name": "krb_save_credentials"}, {"tag_name": "param", "text": "Specifies the location of the virtual host's logfiles.", "types": ["Any"], "name": "logroot"}, {"tag_name": "param", "text": "Determines whether or not to remove the logroot directory for a virtual host.", "types": ["Enum['directory', 'absent']"], "name": "logroot_ensure"}, {"tag_name": "param", "text": "Overrides the mode the logroot directory is set to. Do *not* grant write access to the\ndirectory the logs are stored in without being aware of the consequences; for more\ninformation, see [Apache's log security documentation](https://httpd.apache.org/docs/2.4/logs.html#security).", "types": ["Any"], "name": "logroot_mode"}, {"tag_name": "param", "text": "Sets individual user access to the logroot directory.", "types": ["Any"], "name": "logroot_owner"}, {"tag_name": "param", "text": "Sets group access to the `logroot` directory.", "types": ["Any"], "name": "logroot_group"}, {"tag_name": "param", "text": "Specifies the verbosity of the error log.", "types": ["Optional[Apache::LogLevel]"], "name": "log_level"}, {"tag_name": "param", "text": "Configures the maximum request body size (in bytes) ModSecurity accepts for buffering.", "types": ["Any"], "name": "modsec_body_limit"}, {"tag_name": "param", "text": "Disables `mod_security` on a virtual host. Only valid if `apache::mod::security` is included.", "types": ["Any"], "name": "modsec_disable_vhost"}, {"tag_name": "param", "text": "Removes `mod_security` IDs from the virtual host.<br />\nAlso takes a hash allowing removal of an ID from a specific location.\n``` puppet\napache::vhost { 'sample.example.net':\n modsec_disable_ids => [ 90015, 90016 ],\n}\n```\n\n``` puppet\napache::vhost { 'sample.example.net':\n modsec_disable_ids => { '/location1' => [ 90015, 90016 ] },\n}\n```", "types": ["Optional[Variant[Hash, Array]]"], "name": "modsec_disable_ids"}, {"tag_name": "param", "text": "Specifies an array of IP addresses to exclude from `mod_security` rule matching.", "types": ["Any"], "name": "modsec_disable_ips"}, {"tag_name": "param", "text": "Array of mod_security Msgs to remove from the virtual host. Also takes a hash allowing\nremoval of an Msg from a specific location.\n``` puppet\napache::vhost { 'sample.example.net':\n modsec_disable_msgs => ['Blind SQL Injection Attack', 'Session Fixation Attack'],\n}\n```\n``` puppet\napache::vhost { 'sample.example.net':\n modsec_disable_msgs => { '/location1' => ['Blind SQL Injection Attack', 'Session Fixation Attack'] },\n}\n```", "types": ["Optional[Variant[Hash, Array]]"], "name": "modsec_disable_msgs"}, {"tag_name": "param", "text": "Array of mod_security Tags to remove from the virtual host. Also takes a hash allowing\nremoval of an Tag from a specific location.\n``` puppet\napache::vhost { 'sample.example.net':\n modsec_disable_tags => ['WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS'],\n}\n```\n``` puppet\napache::vhost { 'sample.example.net':\n modsec_disable_tags => { '/location1' => ['WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS'] },\n}\n```", "types": ["Optional[Variant[Hash, Array]]"], "name": "modsec_disable_tags"}, {"tag_name": "param", "text": "If set, it is relative to `logroot`.<br />\nOne of the parameters that determines how to send `mod_security` audit\nlog ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)).\nIf none of those parameters are set, the global audit log is used\n(`/var/log/httpd/modsec\\_audit.log`; Debian and derivatives: `/var/log/apache2/modsec\\_audit.log`; others: ).", "types": ["Any"], "name": "modsec_audit_log_file"}, {"tag_name": "param", "text": "If `modsec_audit_log_pipe` is set, it should start with a pipe. Example\n`|/path/to/mlogc /path/to/mlogc.conf`.<br />\nOne of the parameters that determines how to send `mod_security` audit\nlog ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)).\nIf none of those parameters are set, the global audit log is used\n(`/var/log/httpd/modsec\\_audit.log`; Debian and derivatives: `/var/log/apache2/modsec\\_audit.log`; others: ).", "types": ["Any"], "name": "modsec_audit_log_pipe"}, {"tag_name": "param", "text": "If `modsec_audit_log` is `true`, given a virtual host ---for instance, example.com--- it\ndefaults to `example.com\\_security\\_ssl.log` for SSL-encrypted virtual hosts\nand `example.com\\_security.log` for unencrypted virtual hosts.<br />\nOne of the parameters that determines how to send `mod_security` audit\nlog ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)).<br />\nIf none of those parameters are set, the global audit log is used\n(`/var/log/httpd/modsec\\_audit.log`; Debian and derivatives: `/var/log/apache2/modsec\\_audit.log`; others: ).", "types": ["Any"], "name": "modsec_audit_log"}, {"tag_name": "param", "text": "Specifies URLs you do not want to proxy. This parameter is meant to be used in combination\nwith [`proxy_dest`](#proxy_dest).", "types": ["Any"], "name": "no_proxy_uris"}, {"tag_name": "param", "text": "This directive is equivalent to `no_proxy_uris`, but takes regular expressions.", "types": ["Any"], "name": "no_proxy_uris_match"}, {"tag_name": "param", "text": "Sets the [ProxyPreserveHost Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypreservehost).<br />\nSetting this parameter to `true` enables the `Host:` line from an incoming request to be\nproxied to the host instead of hostname. Setting it to `false` sets this directive to 'Off'.", "types": ["Any"], "name": "proxy_preserve_host"}, {"tag_name": "param", "text": "Sets the [ProxyAddHeaders Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyaddheaders).<br />\nThis parameter controlls whether proxy-related HTTP headers (X-Forwarded-For,\nX-Forwarded-Host and X-Forwarded-Server) get sent to the backend server.", "types": ["Any"], "name": "proxy_add_headers"}, {"tag_name": "param", "text": "Sets the [ProxyErrorOverride Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyerroroverride).\nThis directive controls whether Apache should override error pages for proxied content.", "types": ["Any"], "name": "proxy_error_override"}, {"tag_name": "param", "text": "Sets the `Options` for the specified virtual host. For example:\n``` puppet\napache::vhost { 'site.name.fdqn':\n ...\n options => ['Indexes','FollowSymLinks','MultiViews'],\n}\n```\n> **Note**: If you use the `directories` parameter of `apache::vhost`, 'Options',\n'Override', and 'DirectoryIndex' are ignored because they are parameters within `directories`.", "types": ["Any"], "name": "options"}, {"tag_name": "param", "text": "Sets the overrides for the specified virtual host. Accepts an array of\n[AllowOverride](https://httpd.apache.org/docs/current/mod/core.html#allowoverride) arguments.", "types": ["Any"], "name": "override"}, {"tag_name": "param", "text": "Sets the value for the [PassengerEnabled](http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerEnabled)\ndirective to `on` or `off`. Requires `apache::mod::passenger` to be included.\n``` puppet\napache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [\n { path => '/path/to/directory',\n passenger_enabled => 'on',\n },\n ],\n}\n```\n> **Note:** There is an [issue](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html)\nusing the PassengerEnabled directive with the PassengerHighPerformance directive.", "types": ["Optional[Boolean]"], "name": "passenger_enabled"}, {"tag_name": "param", "text": "Sets [PassengerBaseURI](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerbase_rui),\n to specify that the given URI is a distinct application served by Passenger.", "types": ["Optional[String]"], "name": "passenger_base_uri"}, {"tag_name": "param", "text": "Sets [PassengerRuby](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerruby),\nspecifying the Ruby interpreter to use when serving the relevant web applications.", "types": ["Optional[Stdlib::Absolutepath]"], "name": "passenger_ruby"}, {"tag_name": "param", "text": "Sets [PassengerPython](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerpython),\nspecifying the Python interpreter to use when serving the relevant web applications.", "types": ["Optional[Stdlib::Absolutepath]"], "name": "passenger_python"}, {"tag_name": "param", "text": "Sets the [`PassengerNodejs`](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengernodejs),\nspecifying Node.js command to use when serving the relevant web applications.", "types": ["Optional[Stdlib::Absolutepath]"], "name": "passenger_nodejs"}, {"tag_name": "param", "text": "Sets [PassengerMeteorAppSettings](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermeteorappsettings),\nspecifying a JSON file with settings for the application when using a Meteor\napplication in non-bundled mode.", "types": ["Optional[String]"], "name": "passenger_meteor_app_settings"}, {"tag_name": "param", "text": "Sets [PassengerAppEnv](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerappenv),\nthe environment for the Passenger application. If not specified, defaults to the global\nsetting or 'production'.", "types": ["Optional[String]"], "name": "passenger_app_env"}, {"tag_name": "param", "text": "Sets [PassengerRoot](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerapproot),\nthe location of the Passenger application root if different from the DocumentRoot.", "types": ["Optional[Stdlib::Absolutepath]"], "name": "passenger_app_root"}, {"tag_name": "param", "text": "Sets [PassengerAppGroupName](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerappgroupname),\n the name of the application group that the current application should belong to.", "types": ["Optional[String]"], "name": "passenger_app_group_name"}, {"tag_name": "param", "text": "Sets [PassengerAppStartCommand](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerappstartcommand),\n how Passenger should start your app on a specific port.", "types": ["Optional[String]"], "name": "passenger_app_start_command"}, {"tag_name": "param", "text": "Sets [PassengerAppType](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerapptype),\n to force Passenger to recognize the application as a specific type.", "types": ["Optional[Enum['meteor', 'node', 'rack', 'wsgi']]"], "name": "passenger_app_type"}, {"tag_name": "param", "text": "Sets the [PassengerStartupFile](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerstartupfile),\npath. This path is relative to the application root.", "types": ["Optional[String]"], "name": "passenger_startup_file"}, {"tag_name": "param", "text": "Sets the [PassengerRestartDir](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerrestartdir),\n to customize the directory in which `restart.txt` is searched for.", "types": ["Optional[String]"], "name": "passenger_restart_dir"}, {"tag_name": "param", "text": "Sets [PassengerSpawnMethod](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerspawnmethod),\nwhether Passenger spawns applications directly, or using a prefork copy-on-write mechanism.", "types": ["Optional[Enum['direct', 'smart']]"], "name": "passenger_spawn_method"}, {"tag_name": "param", "text": "Sets [PassengerLoadShellEnvvars](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerloadshellenvvars),\nto enable or disable the loading of shell environment variables before spawning the application.", "types": ["Optional[Boolean]"], "name": "passenger_load_shell_envvars"}, {"tag_name": "param", "text": "Sets [PassengerRollingRestarts](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerrollingrestarts),\nto enable or disable support for zero-downtime application restarts through `restart.txt`.", "types": ["Optional[Boolean]"], "name": "passenger_rolling_restarts"}, {"tag_name": "param", "text": "Sets [PassengerResistDeploymentErrors](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerresistdeploymenterrors),\nto enable or disable resistance against deployment errors.", "types": ["Optional[Boolean]"], "name": "passenger_resist_deployment_errors"}, {"tag_name": "param", "text": "Sets [PassengerUser](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengeruser),\nthe running user for sandboxing applications.", "types": ["Optional[String]"], "name": "passenger_user"}, {"tag_name": "param", "text": "Sets [PassengerGroup](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengergroup),\nthe running group for sandboxing applications.", "types": ["Optional[String]"], "name": "passenger_group"}, {"tag_name": "param", "text": "Sets [PassengerFriendlyErrorPages](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerfriendlyerrorpages),\nwhich can display friendly error pages whenever an application fails to start. This\nfriendly error page presents the startup error message, some suggestions for solving\nthe problem, a backtrace and a dump of the environment variables.", "types": ["Optional[Boolean]"], "name": "passenger_friendly_error_pages"}, {"tag_name": "param", "text": "Sets [PassengerMinInstances](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermininstances),\nthe minimum number of application processes to run.", "types": ["Optional[Integer]"], "name": "passenger_min_instances"}, {"tag_name": "param", "text": "Sets [PassengerMaxInstances](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermaxinstances),\nthe maximum number of application processes to run.", "types": ["Optional[Integer]"], "name": "passenger_max_instances"}, {"tag_name": "param", "text": "Sets [PassengerMaxPreloaderIdleTime](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermaxpreloaderidletime),\nthe maximum amount of time the preloader waits before shutting down an idle process.", "types": ["Optional[Integer]"], "name": "passenger_max_preloader_idle_time"}, {"tag_name": "param", "text": "Sets [PassengerForceMaxConcurrentRequestsPerProcess](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerforcemaxconcurrentrequestsperprocess),\nthe maximum amount of concurrent requests the application can handle per process.", "types": ["Optional[Integer]"], "name": "passenger_force_max_concurrent_requests_per_process"}, {"tag_name": "param", "text": "Sets [PassengerStartTimeout](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerstarttimeout),\nthe timeout for the application startup.", "types": ["Optional[Integer]"], "name": "passenger_start_timeout"}, {"tag_name": "param", "text": "Sets [PassengerConcurrencyModel](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerconcurrencyodel),\nto specify the I/O concurrency model that should be used for Ruby application processes.\nPassenger supports two concurrency models:<br />\n* `process` - single-threaded, multi-processed I/O concurrency.\n* `thread` - multi-threaded, multi-processed I/O concurrency.", "types": ["Optional[Enum['process', 'thread']]"], "name": "passenger_concurrency_model"}, {"tag_name": "param", "text": "Sets [PassengerThreadCount](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerthreadcount),\nthe number of threads that Passenger should spawn per Ruby application process.<br />\nThis option only has effect if PassengerConcurrencyModel is `thread`.", "types": ["Optional[Integer]"], "name": "passenger_thread_count"}, {"tag_name": "param", "text": "Sets [PassengerMaxRequests](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermaxrequests),\nthe maximum number of requests an application process will process.", "types": ["Optional[Integer]"], "name": "passenger_max_requests"}, {"tag_name": "param", "text": "Sets [PassengerMaxRequestTime](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermaxrequesttime),\nthe maximum amount of time, in seconds, that an application process may take to\nprocess a request.", "types": ["Optional[Integer]"], "name": "passenger_max_request_time"}, {"tag_name": "param", "text": "Sets [PassengerMemoryLimit](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermemorylimit),\nthe maximum amount of memory that an application process may use, in megabytes.", "types": ["Optional[Integer]"], "name": "passenger_memory_limit"}, {"tag_name": "param", "text": "Sets [PassengerStatThrottleRate](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerstatthrottlerate),\nto set a limit, in seconds, on how often Passenger will perform it's filesystem checks.", "types": ["Optional[Integer]"], "name": "passenger_stat_throttle_rate"}, {"tag_name": "param", "text": "Sets [PassengerPreStart](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerprestart),\nthe URL of the application if pre-starting is required.", "types": ["Optional[Variant[String,Array[String]]]"], "name": "passenger_pre_start"}, {"tag_name": "param", "text": "Sets [PassengerHighPerformance](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerhighperformance),\nto enhance performance in return for reduced compatibility.", "types": ["Optional[Boolean]"], "name": "passenger_high_performance"}, {"tag_name": "param", "text": "Sets [PassengerBufferUpload](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerbufferupload),\nto buffer HTTP client request bodies before they are sent to the application.", "types": ["Optional[Boolean]"], "name": "passenger_buffer_upload"}, {"tag_name": "param", "text": "Sets [PassengerBufferResponse](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerbufferresponse),\nto buffer Happlication-generated responses.", "types": ["Optional[Boolean]"], "name": "passenger_buffer_response"}, {"tag_name": "param", "text": "Sets [PassengerErrorOverride](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengererroroverride),\nto specify whether Apache will intercept and handle response with HTTP status codes of\n400 and higher.", "types": ["Optional[Boolean]"], "name": "passenger_error_override"}, {"tag_name": "param", "text": "Sets [PassengerMaxRequestQueueSize](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermaxrequestqueuesize),\nto specify the maximum amount of requests that are allowed to queue whenever the maximum\nconcurrent request limit is reached. If the queue is already at this specified limit, then\nPassenger immediately sends a \"503 Service Unavailable\" error to any incoming requests.<br />\nA value of 0 means that the queue size is unbounded.", "types": ["Optional[Integer]"], "name": "passenger_max_request_queue_size"}, {"tag_name": "param", "text": "Sets [PassengerMaxRequestQueueTime](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengermaxrequestqueuetime),\nto specify the maximum amount of time that requests are allowed to stay in the queue\nwhenever the maximum concurrent request limit is reached. If a request reaches this specified\nlimit, then Passenger immeaditly sends a \"504 Gateway Timeout\" error for that request.<br />\nA value of 0 means that the queue time is unbounded.", "types": ["Optional[Integer]"], "name": "passenger_max_request_queue_time"}, {"tag_name": "param", "text": "Sets [PassengerStickySessions](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerstickysessions),\nto specify that, whenever possible, all requests sent by a client will be routed to the same\noriginating application process.", "types": ["Optional[Boolean]"], "name": "passenger_sticky_sessions"}, {"tag_name": "param", "text": "Sets [PassengerStickySessionsCookieName](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerstickysessionscookiename),\nto specify the name of the sticky sessions cookie.", "types": ["Optional[String]"], "name": "passenger_sticky_sessions_cookie_name"}, {"tag_name": "param", "text": "Sets [PassengerStickySessionsCookieAttributes](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerstickysessionscookieattributes),\nthe attributes of the sticky sessions cookie.", "types": ["Optional[String]"], "name": "passenger_sticky_sessions_cookie_attributes"}, {"tag_name": "param", "text": "Sets [PassengerAllowEncodedSlashes](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerallowencodedslashes),\nto allow URLs with encoded slashes. Please note that this feature will not work properly\nunless Apache's `AllowEncodedSlashes` is also enabled.", "types": ["Optional[Boolean]"], "name": "passenger_allow_encoded_slashes"}, {"tag_name": "param", "text": "Sets [PassengerAppLogFile](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerapplogfile),\napp specific messages logged to a different file in addition to Passenger log file.", "types": ["Optional[String]"], "name": "passenger_app_log_file"}, {"tag_name": "param", "text": "Sets [PassengerDebugger](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerdebugger),\nto turn support for Ruby application debugging on or off.", "types": ["Optional[Boolean]"], "name": "passenger_debugger"}, {"tag_name": "param", "text": "Sets [PassengerLveMinUid](https://www.phusionpassenger.com/docs/references/config_reference/apache/#passengerlveminuid),\nto only allow the spawning of application processes with UIDs equal to, or higher than, this\nspecified value on LVE-enabled kernels.", "types": ["Optional[Integer]"], "name": "passenger_lve_min_uid"}, {"tag_name": "param", "text": "Allows per-virtual host setting [`php_value`s](http://php.net/manual/en/configuration.changes.php).\nThese flags or values can be overwritten by a user or an application.\nWithin a vhost declaration:\n``` puppet\n php_values => [ 'include_path \".:/usr/local/example-app/include\"' ],\n```", "types": ["Any"], "name": "php_values"}, {"tag_name": "param", "text": "Allows per-virtual host setting [`php_flags\\``](http://php.net/manual/en/configuration.changes.php).\nThese flags or values can be overwritten by a user or an application.", "types": ["Any"], "name": "php_flags"}, {"tag_name": "param", "text": "Allows per-virtual host setting [`php_admin_value`](http://php.net/manual/en/configuration.changes.php).\nThese flags or values cannot be overwritten by a user or an application.", "types": ["Any"], "name": "php_admin_values"}, {"tag_name": "param", "text": "Allows per-virtual host setting [`php_admin_flag`](http://php.net/manual/en/configuration.changes.php).\nThese flags or values cannot be overwritten by a user or an application.", "types": ["Any"], "name": "php_admin_flags"}, {"tag_name": "param", "text": "Sets the port the host is configured on. The module's defaults ensure the host listens\non port 80 for non-SSL virtual hosts and port 443 for SSL virtual hosts. The host only\nlistens on the port set in this parameter.", "types": ["Any"], "name": "port"}, {"tag_name": "param", "text": "Sets the relative load-order for Apache HTTPD VirtualHost configuration files.<br />\nIf nothing matches the priority, the first name-based virtual host is used. Likewise,\npassing a higher priority causes the alphabetically first name-based virtual host to be\nused if no other names match.<br />\n> **Note:** You should not need to use this parameter. However, if you do use it, be\naware that the `default_vhost` parameter for `apache::vhost` passes a priority of '15'.<br />\nTo omit the priority prefix in file names, pass a priority of `false`.", "types": ["Any"], "name": "priority"}, {"tag_name": "param", "text": "Sets the [Protocols](https://httpd.apache.org/docs/current/en/mod/core.html#protocols)\ndirective, which lists available protocols for the virutal host.", "types": ["Array[Enum['h2', 'h2c', 'http/1.1']]"], "name": "protocols"}, {"tag_name": "param", "text": "Sets the [ProtocolsHonorOrder](https://httpd.apache.org/docs/current/en/mod/core.html#protocolshonororder)\ndirective which determines wether the order of Protocols sets precedence during negotiation.", "types": ["Optional[Boolean]"], "name": "protocols_honor_order"}, {"tag_name": "param", "text": "Specifies the destination address of a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration.", "types": ["Any"], "name": "proxy_dest"}, {"tag_name": "param", "text": "Specifies an array of `path => URI` values for a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass)\nconfiguration. Optionally, parameters can be added as an array.\n``` puppet\napache::vhost { 'site.name.fdqn':\n ...\n proxy_pass => [\n { 'path' => '/a', 'url' => 'http://backend-a/' },\n { 'path' => '/b', 'url' => 'http://backend-b/' },\n { 'path' => '/c', 'url' => 'http://backend-a/c', 'params' => {'max'=>20, 'ttl'=>120, 'retry'=>300}},\n { 'path' => '/l', 'url' => 'http://backend-xy',\n 'reverse_urls' => ['http://backend-x', 'http://backend-y'] },\n { 'path' => '/d', 'url' => 'http://backend-a/d',\n 'params' => { 'retry' => '0', 'timeout' => '5' }, },\n { 'path' => '/e', 'url' => 'http://backend-a/e',\n 'keywords' => ['nocanon', 'interpolate'] },\n { 'path' => '/f', 'url' => 'http://backend-f/',\n 'setenv' => ['proxy-nokeepalive 1','force-proxy-request-1.0 1']},\n { 'path' => '/g', 'url' => 'http://backend-g/',\n 'reverse_cookies' => [{'path' => '/g', 'url' => 'http://backend-g/',}, {'domain' => 'http://backend-g', 'url' => 'http:://backend-g',},], },\n { 'path' => '/h', 'url' => 'http://backend-h/h',\n 'no_proxy_uris' => ['/h/admin', '/h/server-status'] },\n ],\n}\n```\n* `reverse_urls`. *Optional.* This setting is useful when used with `mod_proxy_balancer`. Values: an array or string.\n* `reverse_cookies`. *Optional.* Sets `ProxyPassReverseCookiePath` and `ProxyPassReverseCookieDomain`.\n* `params`. *Optional.* Allows for ProxyPass key-value parameters, such as connection settings.\n* `setenv`. *Optional.* Sets [environment variables](https://httpd.apache.org/docs/current/mod/mod_proxy.html#envsettings) for the proxy directive. Values: array.", "types": ["Any"], "name": "proxy_pass"}, {"tag_name": "param", "text": "This directive is equivalent to `proxy_dest`, but takes regular expressions, see\n[ProxyPassMatch](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch)\nfor details.", "types": ["Any"], "name": "proxy_dest_match"}, {"tag_name": "param", "text": "Allows you to pass a ProxyPassReverse if `proxy_dest_match` is specified. See\n[ProxyPassReverse](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassreverse)\nfor details.", "types": ["Any"], "name": "proxy_dest_reverse_match"}, {"tag_name": "param", "text": "This directive is equivalent to `proxy_pass`, but takes regular expressions, see\n[ProxyPassMatch](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch)\nfor details.", "types": ["Any"], "name": "proxy_pass_match"}, {"tag_name": "param", "text": "Specifies the address to redirect to.", "types": ["Any"], "name": "redirect_dest"}, {"tag_name": "param", "text": "Specifies the source URIs that redirect to the destination specified in `redirect_dest`.\nIf more than one item for redirect is supplied, the source and destination must be the same\nlength, and the items are order-dependent.\n``` puppet\napache::vhost { 'site.name.fdqn':\n ...\n redirect_source => ['/images','/downloads'],\n redirect_dest => ['http://img.example.com/','http://downloads.example.com/'],\n}\n```", "types": ["Any"], "name": "redirect_source"}, {"tag_name": "param", "text": "Specifies the status to append to the redirect.\n``` puppet\n apache::vhost { 'site.name.fdqn':\n ...\n redirect_status => ['temp','permanent'],\n}\n```", "types": ["Any"], "name": "redirect_status"}, {"tag_name": "param", "text": "Determines which server status should be raised for a given regular expression\nand where to forward the user to. Entered as an array alongside redirectmatch_status\nand redirectmatch_dest.\n``` puppet\napache::vhost { 'site.name.fdqn':\n ...\n redirectmatch_status => ['404','404'],\n redirectmatch_regexp => ['\\.git(/.*|$)/','\\.svn(/.*|$)'],\n redirectmatch_dest => ['http://www.example.com/$1','http://www.example.com/$2'],\n}\n```", "types": ["Any"], "name": "redirectmatch_regexp"}, {"tag_name": "param", "text": "Determines which server status should be raised for a given regular expression\nand where to forward the user to. Entered as an array alongside redirectmatch_regexp\nand redirectmatch_dest.\n``` puppet\napache::vhost { 'site.name.fdqn':\n ...\n redirectmatch_status => ['404','404'],\n redirectmatch_regexp => ['\\.git(/.*|$)/','\\.svn(/.*|$)'],\n redirectmatch_dest => ['http://www.example.com/$1','http://www.example.com/$2'],\n}\n```", "types": ["Any"], "name": "redirectmatch_status"}, {"tag_name": "param", "text": "Determines which server status should be raised for a given regular expression\nand where to forward the user to. Entered as an array alongside redirectmatch_status\nand redirectmatch_regexp.\n``` puppet\napache::vhost { 'site.name.fdqn':\n ...\n redirectmatch_status => ['404','404'],\n redirectmatch_regexp => ['\\.git(/.*|$)/','\\.svn(/.*|$)'],\n redirectmatch_dest => ['http://www.example.com/$1','http://www.example.com/$2'],\n}\n```", "types": ["Any"], "name": "redirectmatch_dest"}, {"tag_name": "param", "text": "Modifies collected [request headers](https://httpd.apache.org/docs/current/mod/mod_headers.html#requestheader)\nin various ways, including adding additional request headers, removing request headers,\nand so on.\n``` puppet\napache::vhost { 'site.name.fdqn':\n ...\n request_headers => [\n 'append MirrorID \"mirror 12\"',\n 'unset MirrorID',\n ],\n}\n```", "types": ["Any"], "name": "request_headers"}, {"tag_name": "param", "text": "Creates URL rewrite rules. Expects an array of hashes.<br />\nValid Hash keys include `comment`, `rewrite_base`, `rewrite_cond`, `rewrite_rule`\nor `rewrite_map`.<br />\nFor example, you can specify that anyone trying to access index.html is served welcome.html\n``` puppet\napache::vhost { 'site.name.fdqn':\n ...\n rewrites => [ { rewrite_rule => ['^index\\.html$ welcome.html'] } ]\n}\n```\nThe parameter allows rewrite conditions that, when `true`, execute the associated rule.\nFor instance, if you wanted to rewrite URLs only if the visitor is using IE\n``` puppet\napache::vhost { 'site.name.fdqn':\n ...\n rewrites => [\n {\n comment => 'redirect IE',\n rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'],\n rewrite_rule => ['^index\\.html$ welcome.html'],\n },\n ],\n}\n```\nYou can also apply multiple conditions. For instance, rewrite index.html to welcome.html\nonly when the browser is Lynx or Mozilla (version 1 or 2)\n``` puppet\napache::vhost { 'site.name.fdqn':\n ...\n rewrites => [\n {\n comment => 'Lynx or Mozilla v1/2',\n rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'],\n rewrite_rule => ['^index\\.html$ welcome.html'],\n },\n ],\n}\n```\nMultiple rewrites and conditions are also possible\n``` puppet\napache::vhost { 'site.name.fdqn':\n ...\n rewrites => [\n {\n comment => 'Lynx or Mozilla v1/2',\n rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'],\n rewrite_rule => ['^index\\.html$ welcome.html'],\n },\n {\n comment => 'Internet Explorer',\n rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'],\n rewrite_rule => ['^index\\.html$ /index.IE.html [L]'],\n },\n {\n rewrite_base => /apps/,\n rewrite_rule => ['^index\\.cgi$ index.php', '^index\\.html$ index.php', '^index\\.asp$ index.html'],\n },\n { comment => 'Rewrite to lower case',\n rewrite_cond => ['%{REQUEST_URI} [A-Z]'],\n rewrite_map => ['lc int:tolower'],\n rewrite_rule => ['(.*) ${lc:$1} [R=301,L]'],\n },\n ],\n}\n```\nRefer to the [`mod_rewrite` documentation](https://httpd.apache.org/docs/2.4/mod/mod_rewrite.html)\nfor more details on what is possible with rewrite rules and conditions.<br />\n> **Note**: If you include rewrites in your directories, also include `apache::mod::rewrite`\nand consider setting the rewrites using the `rewrites` parameter in `apache::vhost` rather\nthan setting the rewrites in the virtual host's directories.", "types": ["Optional[Array]"], "name": "rewrites"}, {"tag_name": "param", "text": "The parameter [`rewrite_base`](https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritebase)\nspecifies the URL prefix to be used for per-directory (htaccess) RewriteRule directives\nthat substitue a relative path.", "types": ["Any"], "name": "rewrite_base"}, {"tag_name": "param", "text": "The parameter [`rewrite_rile`](https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewriterule)\nallows the user to define the rules that will be used by the rewrite engine.", "types": ["Any"], "name": "rewrite_rule"}, {"tag_name": "param", "text": "The parameter [`rewrite_cond`](https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritecond)\ndefines a rule condition, that when satisfied will implement that rule within the\nrewrite engine.", "types": ["Any"], "name": "rewrite_cond"}, {"tag_name": "param", "text": "Determines whether the virtual host inherits global rewrite rules.<br />\nRewrite rules may be specified globally (in `$conf_file` or `$confd_dir`) or\ninside the virtual host `.conf` file. By default, virtual hosts do not inherit\nglobal settings. To activate inheritance, specify the `rewrites` parameter and set\n`rewrite_inherit` parameter to `true`:\n``` puppet\napache::vhost { 'site.name.fdqn':\n ...\n rewrites => [\n <rules>,\n ],\n rewrite_inherit => `true`,\n}\n```\n> **Note**: The `rewrites` parameter is **required** for this to have effect<br />\nApache activates global `Rewrite` rules inheritance if the virtual host files contains\nthe following directives:\n``` ApacheConf\nRewriteEngine On\nRewriteOptions Inherit\n```\nRefer to the official [`mod_rewrite`](https://httpd.apache.org/docs/2.2/mod/mod_rewrite.html)\ndocumentation, section \"Rewriting in Virtual Hosts\".", "types": ["Any"], "name": "rewrite_inherit"}, {"tag_name": "param", "text": "Defines a directory of CGI scripts to be aliased to the path '/cgi-bin', such as\n'/usr/scripts'.", "types": ["Any"], "name": "scriptalias"}, {"tag_name": "param", "text": "> **Note**: This parameter is deprecated in favor of the `aliases` parameter.<br />\nPasses an array of hashes to the virtual host to create either ScriptAlias or\nScriptAliasMatch statements per the `mod_alias` documentation.\n``` puppet\nscriptaliases => [\n {\n alias => '/myscript',\n path => '/usr/share/myscript',\n },\n {\n aliasmatch => '^/foo(.*)',\n path => '/usr/share/fooscripts$1',\n },\n {\n aliasmatch => '^/bar/(.*)',\n path => '/usr/share/bar/wrapper.sh/$1',\n },\n {\n alias => '/neatscript',\n path => '/usr/share/neatscript',\n },\n]\n```\nThe ScriptAlias and ScriptAliasMatch directives are created in the order specified.\nAs with [Alias and AliasMatch](#aliases) directives, specify more specific aliases\nbefore more general ones to avoid shadowing.", "types": ["Any"], "name": "scriptaliases"}, {"tag_name": "param", "text": "Specifies the email address Apache displays when it renders one of its error pages.", "types": ["Any"], "name": "serveradmin"}, {"tag_name": "param", "text": "Sets the [ServerAliases](https://httpd.apache.org/docs/current/mod/core.html#serveralias)\nof the site.", "types": ["Any"], "name": "serveraliases"}, {"tag_name": "param", "text": "Sets the servername corresponding to the hostname you connect to the virtual host at.", "types": ["Any"], "name": "servername"}, {"tag_name": "param", "text": "Used by HTTPD to set environment variables for virtual hosts.<br />\nExample:\n``` puppet\napache::vhost { 'setenv.example.com':\n setenv => ['SPECIAL_PATH /foo/bin'],\n}\n```", "types": ["Any"], "name": "setenv"}, {"tag_name": "param", "text": "Used by HTTPD to conditionally set environment variables for virtual hosts.", "types": ["Any"], "name": "setenvif"}, {"tag_name": "param", "text": "Used by HTTPD to conditionally set environment variables for virtual hosts (caseless matching).", "types": ["Any"], "name": "setenvifnocase"}, {"tag_name": "param", "text": "Allows the spcification of user and group execution privileges for CGI programs through\ninclusion of the `mod_suexec` module.", "types": ["Optional[Pattern[/^[\\w-]+ [\\w-]+$/]]"], "name": "suexec_user_group"}, {"tag_name": "param", "text": "Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG)\nworking together with suphp_configpath and suphp_engine.<br />\nAn example virtual host configuration with suPHP:\n``` puppet\napache::vhost { 'suphp.example.com':\n port => '80',\n docroot => '/home/appuser/myphpapp',\n suphp_addhandler => 'x-httpd-php',\n suphp_engine => 'on',\n suphp_configpath => '/etc/php5/apache2',\n directories => { path => '/home/appuser/myphpapp',\n 'suphp' => { user => 'myappuser', group => 'myappgroup' },\n }\n}\n```", "types": ["Any"], "name": "suphp_addhandler"}, {"tag_name": "param", "text": "Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG)\nworking together with suphp_addhandler and suphp_engine.<br />\nAn example virtual host configuration with suPHP:\n``` puppet\napache::vhost { 'suphp.example.com':\n port => '80',\n docroot => '/home/appuser/myphpapp',\n suphp_addhandler => 'x-httpd-php',\n suphp_engine => 'on',\n suphp_configpath => '/etc/php5/apache2',\n directories => { path => '/home/appuser/myphpapp',\n 'suphp' => { user => 'myappuser', group => 'myappgroup' },\n }\n}\n```", "types": ["Any"], "name": "suphp_configpath"}, {"tag_name": "param", "text": "Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG)\nworking together with suphp_configpath and suphp_addhandler.<br />\nAn example virtual host configuration with suPHP:\n``` puppet\napache::vhost { 'suphp.example.com':\n port => '80',\n docroot => '/home/appuser/myphpapp',\n suphp_addhandler => 'x-httpd-php',\n suphp_engine => 'on',\n suphp_configpath => '/etc/php5/apache2',\n directories => { path => '/home/appuser/myphpapp',\n 'suphp' => { user => 'myappuser', group => 'myappgroup' },\n }\n}\n```", "types": ["Enum['on', 'off']"], "name": "suphp_engine"}, {"tag_name": "param", "text": "Enables name-based virtual hosting. If no IP is passed to the virtual host, but the\nvirtual host is assigned a port, then the virtual host name is `vhost_name:port`.\nIf the virtual host has no assigned IP or port, the virtual host name is set to the\ntitle of the resource.", "types": ["Any"], "name": "vhost_name"}, {"tag_name": "param", "text": "Sets up a virtual host with a wildcard alias subdomain mapped to a directory with the\nsame name. For example, `http://example.com` would map to `/var/www/example.com`.\nNote that the `DocumentRoot` directive will not be present even though there is a value\nset for `docroot` in the manifest. See [`virtual_use_default_docroot`](#virtual_use_default_docroot) to change this behavior.\n``` puppet\napache::vhost { 'subdomain.loc':\n vhost_name => '*',\n port => '80',\n virtual_docroot => '/var/www/%-2+',\n docroot => '/var/www',\n serveraliases => ['*.loc',],\n}\n```", "types": ["Any"], "name": "virtual_docroot"}, {"tag_name": "param", "text": "By default, when using `virtual_docroot`, the value of `docroot` is ignored. Setting this\nto `true` will mean both directives will be added to the configuration.\n``` puppet\napache::vhost { 'subdomain.loc':\n vhost_name => '*',\n port => '80',\n virtual_docroot => '/var/www/%-2+',\n docroot => '/var/www',\n virtual_use_default_docroot => true,\n serveraliases => ['*.loc',],\n}\n```", "types": ["Any"], "name": "virtual_use_default_docroot"}, {"tag_name": "param", "text": "Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside\nwsgi_daemon_process_options, wsgi_process_group,\nwsgi_script_aliases and wsgi_pass_authorization.<br />\nA hash that sets the name of the WSGI daemon, accepting\n[certain keys](http://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIDaemonProcess.html).<br />\nAn example virtual host configuration with WSGI:\n``` puppet\napache::vhost { 'wsgi.example.com':\n port => '80',\n docroot => '/var/www/pythonapp',\n wsgi_daemon_process => 'wsgi',\n wsgi_daemon_process_options =>\n { processes => '2',\n threads => '15',\n display-name => '%{GROUP}',\n },\n wsgi_process_group => 'wsgi',\n wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' },\n wsgi_chunked_request => 'On',\n}\n```", "types": ["Optional[Variant[String,Hash]]"], "name": "wsgi_daemon_process"}, {"tag_name": "param", "text": "Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside\nwsgi_daemon_process, wsgi_process_group,\nwsgi_script_aliases and wsgi_pass_authorization.<br />\nSets the group ID that the virtual host runs under.", "types": ["Optional[Hash]"], "name": "wsgi_daemon_process_options"}, {"tag_name": "param", "text": "Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside\nwsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group,\nand wsgi_pass_authorization.<br />\nThis parameter defines the [`WSGIApplicationGroup directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIApplicationGroup.html),\nthus allowing you to specify which application group the WSGI application belongs to,\nwith all WSGI applications within the same group executing within the context of the\nsame Python sub interpreter.", "types": ["Any"], "name": "wsgi_application_group"}, {"tag_name": "param", "text": "Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside\nwsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group,\nand wsgi_pass_authorization.<br />\nThis parameter defines the [`WSGIImportScript directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIImportScript.html),\nwhich can be used in order to specify a script file to be loaded upon a process starting.", "types": ["Any"], "name": "wsgi_import_script"}, {"tag_name": "param", "text": "Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside\nwsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group,\nand wsgi_pass_authorization.<br />\nThis parameter defines the [`WSGIImportScript directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIImportScript.html),\nwhich can be used in order to specify a script file to be loaded upon a process starting.<br />\nSpecifies the process and aplication groups of the script.", "types": ["Optional[Hash]"], "name": "wsgi_import_script_options"}, {"tag_name": "param", "text": "Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside\nwsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group,\nand wsgi_pass_authorization.<br />\nThis parameter defines the [`WSGIChunkedRequest directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIChunkedRequest.html),\nallowing you to enable support for chunked request content.<br />\nWSGI is technically incapable of supporting chunked request content without all chunked\nrequest content having first been read in and buffered.", "types": ["Any"], "name": "wsgi_chunked_request"}, {"tag_name": "param", "text": "Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside\nwsgi_daemon_process, wsgi_daemon_process_options,\nwsgi_script_aliases and wsgi_pass_authorization.<br />\nRequires a hash of web paths to filesystem `.wsgi paths/`.", "types": ["Any"], "name": "wsgi_process_group"}, {"tag_name": "param", "text": "Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside\nwsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group,\nand wsgi_pass_authorization.<br />\nUses the WSGI application to handle authorization instead of Apache when set to `On`.<br />\nFor more information, see mod_wsgi's [WSGIPassAuthorization documentation](https://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html).", "types": ["Optional[Hash]"], "name": "wsgi_script_aliases"}, {"tag_name": "param", "text": "Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside\nwsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group,\nand wsgi_pass_authorization.<br />\nUses the WSGI application to handle authorization instead of Apache when set to `On`.<br />\nThis directive is similar to `wsgi_script_aliases`, but makes use of regular expressions\nin place of simple prefix matching.<br />\nFor more information, see mod_wsgi's [WSGIPassAuthorization documentation](https://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html).", "types": ["Optional[Hash]"], "name": "wsgi_script_aliases_match"}, {"tag_name": "param", "text": "Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside\nwsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group and\nwsgi_script_aliases.<br />\nEnables support for chunked requests.", "types": ["Optional[Enum['on', 'off', 'On', 'Off']]"], "name": "wsgi_pass_authorization"}, {"tag_name": "param", "text": "The `directories` parameter within the `apache::vhost` class passes an array of hashes\nto the virtual host to create [Directory](https://httpd.apache.org/docs/current/mod/core.html#directory),\n[File](https://httpd.apache.org/docs/current/mod/core.html#files), and\n[Location](https://httpd.apache.org/docs/current/mod/core.html#location) directive blocks.\nThese blocks take the form, `< Directory /path/to/directory>...< /Directory>`.<br />\nThe `path` key sets the path for the directory, files, and location blocks. Its value\nmust be a path for the `directory`, `files`, and `location` providers, or a regex for\nthe `directorymatch`, `filesmatch`, or `locationmatch` providers. Each hash passed to\n`directories` **must** contain `path` as one of the keys.<br />\nThe `provider` key is optional. If missing, this key defaults to `directory`.\n Values: `directory`, `files`, `proxy`, `location`, `directorymatch`, `filesmatch`,\n`proxymatch` or `locationmatch`. If you set `provider` to `directorymatch`, it\nuses the keyword `DirectoryMatch` in the Apache config file.<br />\nAn example use of `directories`:\n``` puppet\napache::vhost { 'files.example.net':\n docroot => '/var/www/files',\n directories => [\n { 'path' => '/var/www/files',\n 'provider' => 'files',\n 'deny' => 'from all',\n },\n ],\n}\n```\n> **Note:** At least one directory should match the `docroot` parameter. After you\nstart declaring directories, `apache::vhost` assumes that all required Directory blocks\nwill be declared. If not defined, a single default Directory block is created that matches\nthe `docroot` parameter.<br />\nAvailable handlers, represented as keys, should be placed within the `directory`,\n`files`, or `location` hashes. This looks like\n``` puppet\napache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', handler => value } ],\n}\n```\nAny handlers you do not set in these hashes are considered `undefined` within Puppet and\nare not added to the virtual host, resulting in the module using their default values.", "types": ["Optional[Variant[Hash, Array[Variant[Array,Hash]]]]"], "name": "directories"}, {"tag_name": "param", "text": "Pass a string of custom configuration directives to be placed at the end of the directory\nconfiguration.\n``` puppet\napache::vhost { 'monitor':\n ...\n directories => [\n {\n path => '/path/to/directory',\n custom_fragment => '\n<Location /balancer-manager>\n SetHandler balancer-manager\n Order allow,deny\n Allow from all\n</Location>\n<Location /server-status>\n SetHandler server-status\n Order allow,deny\n Allow from all\n</Location>\nProxyStatus On',\n },\n ]\n}\n```", "name": "custom_fragment"}, {"tag_name": "param", "text": "An array of hashes used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument)\nsettings for the directory.\n``` puppet\napache::vhost { 'sample.example.net':\n directories => [\n { path => '/srv/www',\n error_documents => [\n { 'error_code' => '503',\n 'document' => '/service-unavail',\n },\n ],\n },\n ],\n}\n```", "name": "error_documents"}, {"tag_name": "param", "text": "Sets the [H2CopyFiles](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2copyfiles) directive.<br />\nNote that you must declare `class {'apache::mod::http2': }` before using this directive.", "name": "h2_copy_files"}, {"tag_name": "param", "text": "Sets the [H2PushResource](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushresource) directive.<br />\nNote that you must declare `class {'apache::mod::http2': }` before using this directive.", "name": "h2_push_resource"}, {"tag_name": "param", "text": "Adds lines for [Header](https://httpd.apache.org/docs/current/mod/mod_headers.html#header) directives.\n``` puppet\napache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => {\n path => '/path/to/directory',\n headers => 'Set X-Robots-Tag \"noindex, noarchive, nosnippet\"',\n },\n}\n```", "name": "headers"}, {"tag_name": "param", "text": "Lists the [Options](https://httpd.apache.org/docs/current/mod/core.html#options) for the\ngiven Directory block.\n``` puppet\napache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [\n { path => '/path/to/directory',\n options => ['Indexes','FollowSymLinks','MultiViews'],\n },\n ],\n}\n```", "name": "options"}, {"tag_name": "param", "text": "Default is Off, matching the behavior prior to this command's existence. Addresses a conflict\nwhen using Shibboleth in conjunction with other auth/auth modules by restoring `standard`\nApache behavior when processing the `valid-user` and `user` Require rules. See the\n[`mod_shib`documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions),\nand [NativeSPhtaccess](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPhtaccess)\ntopic for more details. This key is disabled if `apache::mod::shib` is not defined.", "types": ["Optional[String]"], "name": "shib_compat_valid_user"}, {"tag_name": "param", "text": "String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions),\nwhich configure SSL engine run-time options. This handler takes precedence over SSLOptions\nset in the parent block of the virtual host.\n``` puppet\napache::vhost { 'secure.example.net':\n docroot => '/path/to/directory',\n directories => [\n { path => '/path/to/directory',\n ssl_options => '+ExportCertData',\n },\n { path => '/path/to/different/dir',\n ssl_options => ['-StdEnvVars', '+ExportCertData'],\n },\n ],\n}\n```", "types": ["Any"], "name": "ssl_options"}, {"tag_name": "param", "text": "Specifies paths to additional static, specific Apache configuration files in virtual\nhost directories.\n``` puppet\napache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [\n { path => '/path/to/different/dir',\n additional_includes => ['/custom/path/includes', '/custom/path/another_includes',],\n },\n ],\n}\n```", "name": "additional_includes"}, {"tag_name": "param", "text": "Specfies mod_auth_gssapi parameters for particular directories in a virtual host directory\n```puppet\n include apache::mod::auth_gssapi\n apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [\n { path => '/path/to/different/dir',\n gssapi => {\n credstore => 'keytab:/foo/bar.keytab',\n localname => 'Off',\n sslonly => 'On',\n }\n },\n ],\n }\n ```", "name": "gssapi"}, {"tag_name": "param", "text": "Enables SSL for the virtual host. SSL virtual hosts only respond to HTTPS queries.", "types": ["Boolean"], "name": "ssl"}, {"tag_name": "param", "text": "Specifies the SSL certificate authority to be used to verify client certificates used\nfor authentication.", "types": ["Any"], "name": "ssl_ca"}, {"tag_name": "param", "text": "Specifies the SSL certification.", "types": ["Any"], "name": "ssl_cert"}, {"tag_name": "param", "text": "Specifies [SSLProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol).\nExpects an array or space separated string of accepted protocols.", "types": ["Any"], "name": "ssl_protocol"}, {"tag_name": "param", "text": "Specifies [SSLCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslciphersuite).", "types": ["Any"], "name": "ssl_cipher"}, {"tag_name": "param", "text": "Sets [SSLHonorCipherOrder](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslhonorcipherorder),\nto cause Apache to use the server's preferred order of ciphers rather than the client's\npreferred order.", "types": ["Variant[Boolean, Enum['on', 'On', 'off', 'Off'], Undef]"], "name": "ssl_honorcipherorder"}, {"tag_name": "param", "text": "Specifies the location of the SSL certification directory to verify client certs.", "types": ["Any"], "name": "ssl_certs_dir"}, {"tag_name": "param", "text": "Specifies the SSL chain. This default works out of the box, but it must be updated in\nthe base `apache` class with your specific certificate information before being used in\nproduction.", "types": ["Any"], "name": "ssl_chain"}, {"tag_name": "param", "text": "Specifies the certificate revocation list to use. (This default works out of the box but\nmust be updated in the base `apache` class with your specific certificate information\nbefore being used in production.)", "types": ["Any"], "name": "ssl_crl"}, {"tag_name": "param", "text": "Specifies the location of the certificate revocation list to verify certificates for\nclient authentication with. (This default works out of the box but must be updated in\nthe base `apache` class with your specific certificate information before being used in\nproduction.)", "types": ["Any"], "name": "ssl_crl_path"}, {"tag_name": "param", "text": "Sets the certificate revocation check level via the [SSLCARevocationCheck directive](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck)\nfor ssl client authentication. The default works out of the box but must be specified when\nusing CRLs in production. Only applicable to Apache 2.4 or higher; the value is ignored on\nolder versions.", "types": ["Any"], "name": "ssl_crl_check"}, {"tag_name": "param", "text": "Specifies the SSL key.<br />\nDefaults are based on your operating system. Default work out of the box but must be\nupdated in the base `apache` class with your specific certificate information before\nbeing used in production.", "types": ["Any"], "name": "ssl_key"}, {"tag_name": "param", "text": "Sets the [SSLVerifyClient](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifyclient)\ndirective, which sets the certificate verification level for client authentication.\n``` puppet\napache::vhost { 'sample.example.net':\n ...\n ssl_verify_client => 'optional',\n}\n```", "types": ["Optional[Enum['none', 'optional', 'require', 'optional_no_ca']]"], "name": "ssl_verify_client"}, {"tag_name": "param", "text": "Sets the [SSLVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifydepth)\ndirective, which specifies the maximum depth of CA certificates in client certificate\nverification. You must set `ssl_verify_client` for it to take effect.\n``` puppet\napache::vhost { 'sample.example.net':\n ...\n ssl_verify_client => 'require',\n ssl_verify_depth => 1,\n}\n```", "types": ["Any"], "name": "ssl_verify_depth"}, {"tag_name": "param", "text": "Sets the [SSLProxyProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyprotocol)\ndirective, which controls which SSL protocol flavors `mod_ssl` should use when establishing\nits server environment for proxy. It connects to servers using only one of the provided\nprotocols.", "types": ["Any"], "name": "ssl_proxy_protocol"}, {"tag_name": "param", "text": "Sets the [SSLProxyVerify](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverify)\ndirective, which configures certificate verification of the remote server when a proxy is\nconfigured to forward requests to a remote SSL server.", "types": ["Optional[Enum['none', 'optional', 'require', 'optional_no_ca']]"], "name": "ssl_proxy_verify"}, {"tag_name": "param", "text": "Sets the [SSLProxyVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverifydepth)\ndirective, which configures how deeply mod_ssl should verify before deciding that the\nremote server does not have a valid certificate.<br />\nA depth of 0 means that only self-signed remote server certificates are accepted,\nthe default depth of 1 means the remote server certificate can be self-signed or\nsigned by a CA that is directly known to the server.", "types": ["Optional[Integer[0]]"], "name": "ssl_proxy_verify_depth"}, {"tag_name": "param", "text": "Sets the [SSLProxyCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyciphersuite)\ndirective, which controls cipher suites supported for ssl proxy traffic.", "types": ["Any"], "name": "ssl_proxy_cipher_suite"}, {"tag_name": "param", "text": "Sets the [SSLProxyCACertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycacertificatefile)\ndirective, which specifies an all-in-one file where you can assemble the Certificates\nof Certification Authorities (CA) whose remote servers you deal with. These are used\nfor Remote Server Authentication. This file should be a concatenation of the PEM-encoded\ncertificate files in order of preference.", "types": ["Any"], "name": "ssl_proxy_ca_cert"}, {"tag_name": "param", "text": "Sets the [SSLProxyMachineCertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxymachinecertificatefile)\ndirective, which specifies an all-in-one file where you keep the certs and keys used\nfor this server to authenticate itself to remote servers. This file should be a\nconcatenation of the PEM-encoded certificate files in order of preference.\n``` puppet\napache::vhost { 'sample.example.net':\n ...\n ssl_proxy_machine_cert => '/etc/httpd/ssl/client_certificate.pem',\n}\n```", "types": ["Any"], "name": "ssl_proxy_machine_cert"}, {"tag_name": "param", "text": "Sets the [SSLProxyMachineCertificateChainFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxymachinecertificatechainfile)\ndirective, which specifies an all-in-one file where you keep the certificate chain for\nall of the client certs in use. This directive will be needed if the remote server\npresents a list of CA certificates that are not direct signers of one of the configured\nclient certificates. This referenced file is simply the concatenation of the various\nPEM-encoded certificate files. Upon startup, each client certificate configured will be\nexamined and a chain of trust will be constructed.", "types": ["Any"], "name": "ssl_proxy_machine_cert_chain"}, {"tag_name": "param", "text": "Sets the [SSLProxyCheckPeerCN](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeercn)\ndirective, which specifies whether the remote server certificate's CN field is compared\nagainst the hostname of the request URL.", "types": ["Optional[Enum['on', 'off']]"], "name": "ssl_proxy_check_peer_cn"}, {"tag_name": "param", "text": "Sets the [SSLProxyCheckPeerName](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeername)\ndirective, which specifies whether the remote server certificate's CN field is compared\nagainst the hostname of the request URL.", "types": ["Optional[Enum['on', 'off']]"], "name": "ssl_proxy_check_peer_name"}, {"tag_name": "param", "text": "Sets the [SSLProxyCheckPeerExpire](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeerexpire)\ndirective, which specifies whether the remote server certificate is checked for expiration\nor not.", "types": ["Optional[Enum['on', 'off']]"], "name": "ssl_proxy_check_peer_expire"}, {"tag_name": "param", "text": "Sets the [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions)\ndirective, which configures various SSL engine run-time options. This is the global\nsetting for the given virtual host and can be a string or an array.<br />\nA string:\n``` puppet\napache::vhost { 'sample.example.net':\n ...\n ssl_options => '+ExportCertData',\n}\n```\nAn array:\n``` puppet\napache::vhost { 'sample.example.net':\n ...\n ssl_options => ['+StrictRequire', '+ExportCertData'],\n}\n```", "name": "ssl_options"}, {"tag_name": "param", "text": "Sets the [SSLOpenSSLConfCmd](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslopensslconfcmd)\ndirective, which provides direct configuration of OpenSSL parameters.", "types": ["Any"], "name": "ssl_openssl_conf_cmd"}, {"tag_name": "param", "text": "Specifies whether or not to use [SSLProxyEngine](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyengine).", "types": ["Boolean"], "name": "ssl_proxyengine"}, {"tag_name": "param", "text": "Specifies whether or not to use [SSLUseStapling](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslusestapling).\nBy default, uses what is set globally.<br />\nThis parameter only applies to Apache 2.4 or higher and is ignored on older versions.", "types": ["Optional[Boolean]"], "name": "ssl_stapling"}, {"tag_name": "param", "text": "Can be used to set the [SSLStaplingResponderTimeout](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingrespondertimeout) directive.<br />\nThis parameter only applies to Apache 2.4 or higher and is ignored on older versions.", "types": ["Any"], "name": "ssl_stapling_timeout"}, {"tag_name": "param", "text": "Can be used to set the [SSLStaplingReturnResponderErrors](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingreturnrespondererrors) directive.<br />\nThis parameter only applies to Apache 2.4 or higher and is ignored on older versions.", "types": ["Any"], "name": "ssl_stapling_return_errors"}, {"tag_name": "param", "text": "Sets the [SSLUserName](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslusername) directive.", "types": ["Optional[String]"], "name": "ssl_user_name"}, {"tag_name": "param", "text": "Enable reloading of apache if the content of ssl files have changed.", "types": ["Boolean"], "name": "ssl_reload_on_change"}, {"tag_name": "param", "text": "Specifies whether to use the [`UseCanonicalName directive`](https://httpd.apache.org/docs/2.4/mod/core.html#usecanonicalname),\nwhich allows you to configure how the server determines it's own name and port.", "types": ["Optional[Enum['On', 'on', 'Off', 'off', 'DNS', 'dns']]"], "name": "use_canonical_name"}, {"tag_name": "param", "text": "this lets you define configuration variables inside a vhost using [`Define`](https://httpd.apache.org/docs/2.4/mod/core.html#define),\nthese can then be used to replace configuration values. All Defines are Undefined at the end of the VirtualHost.", "types": ["Hash"], "name": "define"}, {"tag_name": "param", "text": "Enable `mod_auth_openidc` parameters for OpenID Connect authentication.", "types": ["Boolean"], "name": "auth_oidc"}, {"tag_name": "param", "text": "An Apache::OIDCSettings Struct containing (mod_auth_openidc settings)[https://github.com/zmartzone/mod_auth_openidc/blob/master/auth_openidc.conf].", "types": ["Optional[Apache::OIDCSettings]"], "name": "oidc_settings"}, {"tag_name": "param", "text": "The `limitreqfields` parameter sets the maximum number of request header fields in\nan HTTP request. This directive gives the server administrator greater control over\nabnormal client request behavior, which may be useful for avoiding some forms of\ndenial-of-service attacks. The value should be increased if normal clients see an error\nresponse from the server that indicates too many fields were sent in the request.", "types": ["Optional[Integer]"], "name": "limitreqfields"}, {"tag_name": "param", "text": "The `limitreqfieldsize` parameter sets the maximum ammount of _bytes_ that will\nbe allowed within a request header.", "types": ["Optional[Integer]"], "name": "limitreqfieldsize"}, {"tag_name": "param", "text": "Limit the size of the HTTP request line that will be accepted from the client\nThis directive sets the number of bytes that will be allowed on the HTTP\nrequest-line. The LimitRequestLine directive allows the server administrator\nto set the limit on the allowed size of a client's HTTP request-line. Since\nthe request-line consists of the HTTP method, URI, and protocol version, the\nLimitRequestLine directive places a restriction on the length of a request-URI\nallowed for a request on the server. A server needs this value to be large\nenough to hold any of its resource names, including any information that might\nbe passed in the query part of a GET request.", "types": ["Optional[Integer]"], "name": "limitreqline"}, {"tag_name": "param", "text": "Restricts the total size of the HTTP request body sent from the client\nThe LimitRequestBody directive allows the user to set a limit on the allowed\nsize of an HTTP request message body within the context in which the\ndirective is given (server, per-directory, per-file or per-location). If the\nclient request exceeds that limit, the server will return an error response\ninstead of servicing the request.", "types": ["Optional[Integer]"], "name": "limitreqbody"}, {"tag_name": "param", "text": "When set to true, default log / config file names will be derived from the sanitized\nvalue of the $servername parameter.\nWhen set to false (default), the existing behaviour of using the $name parameter\nwill remain.", "name": "$use_servername_for_filenames"}, {"tag_name": "param", "text": "When set to true and use_servername_for_filenames is also set to true, default log /\nconfig file names will be derived from the sanitized value of both the $servername and\n$port parameters.\nWhen set to false (default), the port is not included in the file names and may lead to\nduplicate declarations if two virtual hosts use the same domain.", "name": "$use_port_for_filenames"}, {"tag_name": "param", "text": "All the names in the list are managed as one Managed Domain (MD). mod_md will request\none single certificate that is valid for all these names.", "name": "$mdomain"}, {"tag_name": "param", "text": "", "types": ["Optional[Boolean]"], "name": "use_servername_for_filenames"}, {"tag_name": "param", "text": "", "types": ["Optional[Boolean]"], "name": "use_port_for_filenames"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "proxy_requests"}, {"tag_name": "param", "text": "", "types": ["Optional[Variant[Boolean,String]]"], "name": "mdomain"}, {"tag_name": "summary", "text": "Allows specialised configurations for virtual hosts that possess requirements\noutside of the defaults."}]}, "defaults": {"manage_docroot": "true", "virtual_docroot": "false", "virtual_use_default_docroot": "false", "port": "undef", "ip": "undef", "ip_based": "false", "add_listen": "true", "docroot_owner": "'root'", "docroot_group": "$apache::params::root_group", "docroot_mode": "undef", "protocols": "[]", "protocols_honor_order": "undef", "serveradmin": "undef", "ssl": "false", "ssl_cert": "$apache::default_ssl_cert", "ssl_key": "$apache::default_ssl_key", "ssl_chain": "$apache::default_ssl_chain", "ssl_ca": "$apache::default_ssl_ca", "ssl_crl_path": "$apache::default_ssl_crl_path", "ssl_crl": "$apache::default_ssl_crl", "ssl_crl_check": "$apache::default_ssl_crl_check", "ssl_certs_dir": "$apache::params::ssl_certs_dir", "ssl_reload_on_change": "$apache::default_ssl_reload_on_change", "ssl_protocol": "undef", "ssl_cipher": "undef", "ssl_honorcipherorder": "undef", "ssl_verify_client": "undef", "ssl_verify_depth": "undef", "ssl_proxy_verify": "undef", "ssl_proxy_verify_depth": "undef", "ssl_proxy_ca_cert": "undef", "ssl_proxy_check_peer_cn": "undef", "ssl_proxy_check_peer_name": "undef", "ssl_proxy_check_peer_expire": "undef", "ssl_proxy_machine_cert": "undef", "ssl_proxy_machine_cert_chain": "undef", "ssl_proxy_cipher_suite": "undef", "ssl_proxy_protocol": "undef", "ssl_options": "undef", "ssl_openssl_conf_cmd": "undef", "ssl_proxyengine": "false", "ssl_stapling": "undef", "ssl_stapling_timeout": "undef", "ssl_stapling_return_errors": "undef", "ssl_user_name": "undef", "priority": "undef", "default_vhost": "false", "servername": "$name", "serveraliases": "[]", "options": "['Indexes','FollowSymLinks','MultiViews']", "override": "['None']", "directoryindex": "''", "vhost_name": "'*'", "logroot": "$apache::logroot", "logroot_ensure": "'directory'", "logroot_mode": "undef", "logroot_owner": "undef", "logroot_group": "undef", "log_level": "undef", "access_log": "true", "access_log_file": "false", "access_log_pipe": "false", "access_log_syslog": "false", "access_log_format": "false", "access_log_env_var": "false", "access_logs": "undef", "use_servername_for_filenames": "false", "use_port_for_filenames": "false", "aliases": "undef", "directories": "undef", "error_log": "true", "error_log_file": "undef", "error_log_pipe": "undef", "error_log_syslog": "undef", "error_log_format": "undef", "http_protocol_options": "undef", "modsec_audit_log": "undef", "modsec_audit_log_file": "undef", "modsec_audit_log_pipe": "undef", "error_documents": "[]", "fallbackresource": "undef", "scriptalias": "undef", "scriptaliases": "[]", "limitreqfieldsize": "undef", "limitreqfields": "undef", "limitreqline": "undef", "limitreqbody": "undef", "proxy_dest": "undef", "proxy_dest_match": "undef", "proxy_dest_reverse_match": "undef", "proxy_pass": "undef", "proxy_pass_match": "undef", "proxy_requests": "false", "suphp_addhandler": "$apache::params::suphp_addhandler", "suphp_engine": "$apache::params::suphp_engine", "suphp_configpath": "$apache::params::suphp_configpath", "php_flags": "{}", "php_values": "{}", "php_admin_flags": "{}", "php_admin_values": "{}", "no_proxy_uris": "[]", "no_proxy_uris_match": "[]", "proxy_preserve_host": "false", "proxy_add_headers": "undef", "proxy_error_override": "false", "redirect_source": "'/'", "redirect_dest": "undef", "redirect_status": "undef", "redirectmatch_status": "undef", "redirectmatch_regexp": "undef", "redirectmatch_dest": "undef", "headers": "undef", "request_headers": "undef", "filters": "undef", "rewrites": "undef", "rewrite_base": "undef", "rewrite_rule": "undef", "rewrite_cond": "undef", "rewrite_inherit": "false", "setenv": "[]", "setenvif": "[]", "setenvifnocase": "[]", "block": "[]", "ensure": "'present'", "wsgi_application_group": "undef", "wsgi_daemon_process": "undef", "wsgi_daemon_process_options": "undef", "wsgi_import_script": "undef", "wsgi_import_script_options": "undef", "wsgi_process_group": "undef", "wsgi_script_aliases_match": "undef", "wsgi_script_aliases": "undef", "wsgi_pass_authorization": "undef", "wsgi_chunked_request": "undef", "custom_fragment": "undef", "itk": "undef", "action": "undef", "fastcgi_server": "undef", "fastcgi_socket": "undef", "fastcgi_dir": "undef", "fastcgi_idle_timeout": "undef", "additional_includes": "[]", "use_optional_includes": "$apache::use_optional_includes", "apache_version": "$apache::apache_version", "allow_encoded_slashes": "undef", "suexec_user_group": "undef", "h2_copy_files": "undef", "h2_direct": "undef", "h2_early_hints": "undef", "h2_max_session_streams": "undef", "h2_modern_tls_only": "undef", "h2_push": "undef", "h2_push_diary_size": "undef", "h2_push_priority": "[]", "h2_push_resource": "[]", "h2_serialize_headers": "undef", "h2_stream_max_mem_size": "undef", "h2_tls_cool_down_secs": "undef", "h2_tls_warm_up_size": "undef", "h2_upgrade": "undef", "h2_window_size": "undef", "passenger_enabled": "undef", "passenger_base_uri": "undef", "passenger_ruby": "undef", "passenger_python": "undef", "passenger_nodejs": "undef", "passenger_meteor_app_settings": "undef", "passenger_app_env": "undef", "passenger_app_root": "undef", "passenger_app_group_name": "undef", "passenger_app_start_command": "undef", "passenger_app_type": "undef", "passenger_startup_file": "undef", "passenger_restart_dir": "undef", "passenger_spawn_method": "undef", "passenger_load_shell_envvars": "undef", "passenger_rolling_restarts": "undef", "passenger_resist_deployment_errors": "undef", "passenger_user": "undef", "passenger_group": "undef", "passenger_friendly_error_pages": "undef", "passenger_min_instances": "undef", "passenger_max_instances": "undef", "passenger_max_preloader_idle_time": "undef", "passenger_force_max_concurrent_requests_per_process": "undef", "passenger_start_timeout": "undef", "passenger_concurrency_model": "undef", "passenger_thread_count": "undef", "passenger_max_requests": "undef", "passenger_max_request_time": "undef", "passenger_memory_limit": "undef", "passenger_stat_throttle_rate": "undef", "passenger_pre_start": "undef", "passenger_high_performance": "undef", "passenger_buffer_upload": "undef", "passenger_buffer_response": "undef", "passenger_error_override": "undef", "passenger_max_request_queue_size": "undef", "passenger_max_request_queue_time": "undef", "passenger_sticky_sessions": "undef", "passenger_sticky_sessions_cookie_name": "undef", "passenger_sticky_sessions_cookie_attributes": "undef", "passenger_allow_encoded_slashes": "undef", "passenger_app_log_file": "undef", "passenger_debugger": "undef", "passenger_lve_min_uid": "undef", "add_default_charset": "undef", "modsec_disable_vhost": "undef", "modsec_disable_ids": "undef", "modsec_disable_ips": "undef", "modsec_disable_msgs": "undef", "modsec_disable_tags": "undef", "modsec_body_limit": "undef", "jk_mounts": "undef", "auth_kerb": "false", "krb_method_negotiate": "'on'", "krb_method_k5passwd": "'on'", "krb_authoritative": "'on'", "krb_auth_realms": "[]", "krb_5keytab": "undef", "krb_local_user_mapping": "undef", "krb_verify_kdc": "'on'", "krb_servicename": "'HTTP'", "krb_save_credentials": "'off'", "keepalive": "undef", "keepalive_timeout": "undef", "max_keepalive_requests": "undef", "cas_attribute_prefix": "undef", "cas_attribute_delimiter": "undef", "cas_root_proxied_as": "undef", "cas_scrub_request_headers": "undef", "cas_sso_enabled": "undef", "cas_login_url": "undef", "cas_validate_url": "undef", "cas_validate_saml": "undef", "cas_cookie_path": "undef", "shib_compat_valid_user": "undef", "use_canonical_name": "undef", "comment": "undef", "define": "{}", "auth_oidc": "false", "oidc_settings": "undef", "mdomain": "undef"}, "source": "define apache::vhost (\n Variant[Boolean,String] $docroot,\n $manage_docroot = true,\n $virtual_docroot = false,\n $virtual_use_default_docroot = false,\n $port = undef,\n $ip = undef,\n Boolean $ip_based = false,\n $add_listen = true,\n $docroot_owner = 'root',\n $docroot_group = $apache::params::root_group,\n $docroot_mode = undef,\n Array[Enum['h2', 'h2c', 'http/1.1']] $protocols = [],\n Optional[Boolean] $protocols_honor_order = undef,\n $serveradmin = undef,\n Boolean $ssl = false,\n $ssl_cert = $apache::default_ssl_cert,\n $ssl_key = $apache::default_ssl_key,\n $ssl_chain = $apache::default_ssl_chain,\n $ssl_ca = $apache::default_ssl_ca,\n $ssl_crl_path = $apache::default_ssl_crl_path,\n $ssl_crl = $apache::default_ssl_crl,\n $ssl_crl_check = $apache::default_ssl_crl_check,\n $ssl_certs_dir = $apache::params::ssl_certs_dir,\n Boolean $ssl_reload_on_change = $apache::default_ssl_reload_on_change,\n $ssl_protocol = undef,\n $ssl_cipher = undef,\n Variant[Boolean, Enum['on', 'On', 'off', 'Off'], Undef] $ssl_honorcipherorder = undef,\n Optional[Enum['none', 'optional', 'require', 'optional_no_ca']] $ssl_verify_client = undef,\n $ssl_verify_depth = undef,\n Optional[Enum['none', 'optional', 'require', 'optional_no_ca']] $ssl_proxy_verify = undef,\n Optional[Integer[0]] $ssl_proxy_verify_depth = undef,\n $ssl_proxy_ca_cert = undef,\n Optional[Enum['on', 'off']] $ssl_proxy_check_peer_cn = undef,\n Optional[Enum['on', 'off']] $ssl_proxy_check_peer_name = undef,\n Optional[Enum['on', 'off']] $ssl_proxy_check_peer_expire = undef,\n $ssl_proxy_machine_cert = undef,\n $ssl_proxy_machine_cert_chain = undef,\n $ssl_proxy_cipher_suite = undef,\n $ssl_proxy_protocol = undef,\n $ssl_options = undef,\n $ssl_openssl_conf_cmd = undef,\n Boolean $ssl_proxyengine = false,\n Optional[Boolean] $ssl_stapling = undef,\n $ssl_stapling_timeout = undef,\n $ssl_stapling_return_errors = undef,\n Optional[String] $ssl_user_name = undef,\n $priority = undef,\n Boolean $default_vhost = false,\n $servername = $name,\n $serveraliases = [],\n $options = ['Indexes','FollowSymLinks','MultiViews'],\n $override = ['None'],\n $directoryindex = '',\n $vhost_name = '*',\n $logroot = $apache::logroot,\n Enum['directory', 'absent'] $logroot_ensure = 'directory',\n $logroot_mode = undef,\n $logroot_owner = undef,\n $logroot_group = undef,\n Optional[Apache::LogLevel] $log_level = undef,\n Boolean $access_log = true,\n $access_log_file = false,\n $access_log_pipe = false,\n $access_log_syslog = false,\n $access_log_format = false,\n $access_log_env_var = false,\n Optional[Array] $access_logs = undef,\n Optional[Boolean] $use_servername_for_filenames = false,\n Optional[Boolean] $use_port_for_filenames = false,\n $aliases = undef,\n Optional[Variant[Hash, Array[Variant[Array,Hash]]]] $directories = undef,\n Boolean $error_log = true,\n $error_log_file = undef,\n $error_log_pipe = undef,\n $error_log_syslog = undef,\n Optional[\n Array[\n Variant[\n String,\n Hash[String, Enum['connection', 'request']]\n ]\n ]\n ] $error_log_format = undef,\n Optional[Pattern[/^((Strict|Unsafe)?\\s*(\\b(Registered|Lenient)Methods)?\\s*(\\b(Allow0\\.9|Require1\\.0))?)$/]] $http_protocol_options = undef,\n $modsec_audit_log = undef,\n $modsec_audit_log_file = undef,\n $modsec_audit_log_pipe = undef,\n $error_documents = [],\n Optional[Variant[Stdlib::Absolutepath, Enum['disabled']]] $fallbackresource = undef,\n $scriptalias = undef,\n $scriptaliases = [],\n Optional[Integer] $limitreqfieldsize = undef,\n Optional[Integer] $limitreqfields = undef,\n Optional[Integer] $limitreqline = undef,\n Optional[Integer] $limitreqbody = undef,\n $proxy_dest = undef,\n $proxy_dest_match = undef,\n $proxy_dest_reverse_match = undef,\n $proxy_pass = undef,\n $proxy_pass_match = undef,\n Boolean $proxy_requests = false,\n $suphp_addhandler = $apache::params::suphp_addhandler,\n Enum['on', 'off'] $suphp_engine = $apache::params::suphp_engine,\n $suphp_configpath = $apache::params::suphp_configpath,\n $php_flags = {},\n $php_values = {},\n $php_admin_flags = {},\n $php_admin_values = {},\n $no_proxy_uris = [],\n $no_proxy_uris_match = [],\n $proxy_preserve_host = false,\n $proxy_add_headers = undef,\n $proxy_error_override = false,\n $redirect_source = '/',\n $redirect_dest = undef,\n $redirect_status = undef,\n $redirectmatch_status = undef,\n $redirectmatch_regexp = undef,\n $redirectmatch_dest = undef,\n $headers = undef,\n $request_headers = undef,\n $filters = undef,\n Optional[Array] $rewrites = undef,\n $rewrite_base = undef,\n $rewrite_rule = undef,\n $rewrite_cond = undef,\n $rewrite_inherit = false,\n $setenv = [],\n $setenvif = [],\n $setenvifnocase = [],\n $block = [],\n Enum['absent', 'present'] $ensure = 'present',\n $wsgi_application_group = undef,\n Optional[Variant[String,Hash]] $wsgi_daemon_process = undef,\n Optional[Hash] $wsgi_daemon_process_options = undef,\n $wsgi_import_script = undef,\n Optional[Hash] $wsgi_import_script_options = undef,\n $wsgi_process_group = undef,\n Optional[Hash] $wsgi_script_aliases_match = undef,\n Optional[Hash] $wsgi_script_aliases = undef,\n Optional[Enum['on', 'off', 'On', 'Off']] $wsgi_pass_authorization = undef,\n $wsgi_chunked_request = undef,\n Optional[String] $custom_fragment = undef,\n Optional[Hash] $itk = undef,\n $action = undef,\n $fastcgi_server = undef,\n $fastcgi_socket = undef,\n $fastcgi_dir = undef,\n $fastcgi_idle_timeout = undef,\n $additional_includes = [],\n $use_optional_includes = $apache::use_optional_includes,\n $apache_version = $apache::apache_version,\n Optional[Enum['on', 'off', 'nodecode']] $allow_encoded_slashes = undef,\n Optional[Pattern[/^[\\w-]+ [\\w-]+$/]] $suexec_user_group = undef,\n\n Optional[Boolean] $h2_copy_files = undef,\n Optional[Boolean] $h2_direct = undef,\n Optional[Boolean] $h2_early_hints = undef,\n Optional[Integer] $h2_max_session_streams = undef,\n Optional[Boolean] $h2_modern_tls_only = undef,\n Optional[Boolean] $h2_push = undef,\n Optional[Integer] $h2_push_diary_size = undef,\n Array[String] $h2_push_priority = [],\n Array[String] $h2_push_resource = [],\n Optional[Boolean] $h2_serialize_headers = undef,\n Optional[Integer] $h2_stream_max_mem_size = undef,\n Optional[Integer] $h2_tls_cool_down_secs = undef,\n Optional[Integer] $h2_tls_warm_up_size = undef,\n Optional[Boolean] $h2_upgrade = undef,\n Optional[Integer] $h2_window_size = undef,\n\n Optional[Boolean] $passenger_enabled = undef,\n Optional[String] $passenger_base_uri = undef,\n Optional[Stdlib::Absolutepath] $passenger_ruby = undef,\n Optional[Stdlib::Absolutepath] $passenger_python = undef,\n Optional[Stdlib::Absolutepath] $passenger_nodejs = undef,\n Optional[String] $passenger_meteor_app_settings = undef,\n Optional[String] $passenger_app_env = undef,\n Optional[Stdlib::Absolutepath] $passenger_app_root = undef,\n Optional[String] $passenger_app_group_name = undef,\n Optional[String] $passenger_app_start_command = undef,\n Optional[Enum['meteor', 'node', 'rack', 'wsgi']] $passenger_app_type = undef,\n Optional[String] $passenger_startup_file = undef,\n Optional[String] $passenger_restart_dir = undef,\n Optional[Enum['direct', 'smart']] $passenger_spawn_method = undef,\n Optional[Boolean] $passenger_load_shell_envvars = undef,\n Optional[Boolean] $passenger_rolling_restarts = undef,\n Optional[Boolean] $passenger_resist_deployment_errors = undef,\n Optional[String] $passenger_user = undef,\n Optional[String] $passenger_group = undef,\n Optional[Boolean] $passenger_friendly_error_pages = undef,\n Optional[Integer] $passenger_min_instances = undef,\n Optional[Integer] $passenger_max_instances = undef,\n Optional[Integer] $passenger_max_preloader_idle_time = undef,\n Optional[Integer] $passenger_force_max_concurrent_requests_per_process = undef,\n Optional[Integer] $passenger_start_timeout = undef,\n Optional[Enum['process', 'thread']] $passenger_concurrency_model = undef,\n Optional[Integer] $passenger_thread_count = undef,\n Optional[Integer] $passenger_max_requests = undef,\n Optional[Integer] $passenger_max_request_time = undef,\n Optional[Integer] $passenger_memory_limit = undef,\n Optional[Integer] $passenger_stat_throttle_rate = undef,\n Optional[Variant[String,Array[String]]] $passenger_pre_start = undef,\n Optional[Boolean] $passenger_high_performance = undef,\n Optional[Boolean] $passenger_buffer_upload = undef,\n Optional[Boolean] $passenger_buffer_response = undef,\n Optional[Boolean] $passenger_error_override = undef,\n Optional[Integer] $passenger_max_request_queue_size = undef,\n Optional[Integer] $passenger_max_request_queue_time = undef,\n Optional[Boolean] $passenger_sticky_sessions = undef,\n Optional[String] $passenger_sticky_sessions_cookie_name = undef,\n Optional[String] $passenger_sticky_sessions_cookie_attributes = undef,\n Optional[Boolean] $passenger_allow_encoded_slashes = undef,\n Optional[String] $passenger_app_log_file = undef,\n Optional[Boolean] $passenger_debugger = undef,\n Optional[Integer] $passenger_lve_min_uid = undef,\n $add_default_charset = undef,\n $modsec_disable_vhost = undef,\n Optional[Variant[Hash, Array]] $modsec_disable_ids = undef,\n $modsec_disable_ips = undef,\n Optional[Variant[Hash, Array]] $modsec_disable_msgs = undef,\n Optional[Variant[Hash, Array]] $modsec_disable_tags = undef,\n $modsec_body_limit = undef,\n $jk_mounts = undef,\n Boolean $auth_kerb = false,\n $krb_method_negotiate = 'on',\n $krb_method_k5passwd = 'on',\n $krb_authoritative = 'on',\n $krb_auth_realms = [],\n $krb_5keytab = undef,\n $krb_local_user_mapping = undef,\n $krb_verify_kdc = 'on',\n $krb_servicename = 'HTTP',\n $krb_save_credentials = 'off',\n Optional[Enum['on', 'off']] $keepalive = undef,\n $keepalive_timeout = undef,\n $max_keepalive_requests = undef,\n $cas_attribute_prefix = undef,\n $cas_attribute_delimiter = undef,\n $cas_root_proxied_as = undef,\n $cas_scrub_request_headers = undef,\n $cas_sso_enabled = undef,\n $cas_login_url = undef,\n $cas_validate_url = undef,\n $cas_validate_saml = undef,\n $cas_cookie_path = undef,\n Optional[String] $shib_compat_valid_user = undef,\n Optional[Enum['On', 'on', 'Off', 'off', 'DNS', 'dns']] $use_canonical_name = undef,\n Optional[Variant[String,Array[String]]] $comment = undef,\n Hash $define = {},\n Boolean $auth_oidc = false,\n Optional[Apache::OIDCSettings] $oidc_settings = undef,\n Optional[Variant[Boolean,String]] $mdomain = undef,\n) {\n # The base class must be included first because it is used by parameter defaults\n if ! defined(Class['apache']) {\n fail('You must include the apache base class before using any apache defined resources')\n }\n\n $apache_name = $apache::apache_name\n\n if $rewrites {\n unless empty($rewrites) {\n $rewrites_flattened = delete_undef_values(flatten([$rewrites]))\n assert_type(Array[Hash], $rewrites_flattened)\n }\n }\n\n # Input validation begins\n\n if $access_log_file and $access_log_pipe {\n fail(\"Apache::Vhost[${name}]: 'access_log_file' and 'access_log_pipe' cannot be defined at the same time\")\n }\n\n if $error_log_file and $error_log_pipe {\n fail(\"Apache::Vhost[${name}]: 'error_log_file' and 'error_log_pipe' cannot be defined at the same time\")\n }\n\n if $modsec_audit_log_file and $modsec_audit_log_pipe {\n fail(\"Apache::Vhost[${name}]: 'modsec_audit_log_file' and 'modsec_audit_log_pipe' cannot be defined at the same time\")\n }\n\n # Input validation ends\n\n if $ssl and $ensure == 'present' {\n include apache::mod::ssl\n # Required for the AddType lines.\n include apache::mod::mime\n }\n\n if $ssl_honorcipherorder =~ Boolean or $ssl_honorcipherorder == undef {\n $_ssl_honorcipherorder = $ssl_honorcipherorder\n } else {\n $_ssl_honorcipherorder = $ssl_honorcipherorder ? {\n 'on' => true,\n 'On' => true,\n 'off' => false,\n 'Off' => false,\n default => true,\n }\n }\n\n if $auth_kerb and $ensure == 'present' {\n include apache::mod::auth_kerb\n }\n\n if $auth_oidc and $ensure == 'present' {\n include apache::mod::auth_openidc\n }\n\n if $virtual_docroot {\n include apache::mod::vhost_alias\n }\n\n if $wsgi_application_group or $wsgi_daemon_process or ($wsgi_import_script and $wsgi_import_script_options) or $wsgi_process_group or ($wsgi_script_aliases and ! empty($wsgi_script_aliases)) or $wsgi_pass_authorization {\n include apache::mod::wsgi\n }\n\n if $suexec_user_group {\n include apache::mod::suexec\n }\n\n if $passenger_enabled != undef or $passenger_start_timeout != undef or $passenger_ruby != undef or $passenger_python != undef or $passenger_nodejs != undef or $passenger_meteor_app_settings != undef or $passenger_app_env != undef or $passenger_app_root != undef or $passenger_app_group_name != undef or $passenger_app_start_command != undef or $passenger_app_type != undef or $passenger_startup_file != undef or $passenger_restart_dir != undef or $passenger_spawn_method != undef or $passenger_load_shell_envvars != undef or $passenger_rolling_restarts != undef or $passenger_resist_deployment_errors != undef or $passenger_min_instances != undef or $passenger_max_instances != undef or $passenger_max_preloader_idle_time != undef or $passenger_force_max_concurrent_requests_per_process != undef or $passenger_concurrency_model != undef or $passenger_thread_count != undef or $passenger_high_performance != undef or $passenger_max_request_queue_size != undef or $passenger_max_request_queue_time != undef or $passenger_user != undef or $passenger_group != undef or $passenger_friendly_error_pages != undef or $passenger_buffer_upload != undef or $passenger_buffer_response != undef or $passenger_allow_encoded_slashes != undef or $passenger_lve_min_uid != undef or $passenger_base_uri != undef or $passenger_error_override != undef or $passenger_sticky_sessions != undef or $passenger_sticky_sessions_cookie_name != undef or $passenger_sticky_sessions_cookie_attributes != undef or $passenger_app_log_file != undef or $passenger_debugger != undef or $passenger_max_requests != undef or $passenger_max_request_time != undef or $passenger_memory_limit != undef {\n include apache::mod::passenger\n }\n\n # Configure the defaultness of a vhost\n if $priority {\n $priority_real = \"${priority}-\"\n } elsif $priority == false {\n $priority_real = ''\n } elsif $default_vhost {\n $priority_real = '10-'\n } else {\n $priority_real = '25-'\n }\n\n # https://httpd.apache.org/docs/2.4/fr/mod/core.html#servername\n # Syntax:\tServerName [scheme://]domain-name|ip-address[:port]\n # Sometimes, the server runs behind a device that processes SSL, such as a reverse proxy, load balancer or SSL offload\n # appliance.\n # When this is the case, specify the https:// scheme and the port number to which the clients connect in the ServerName\n # directive to make sure that the server generates the correct self-referential URLs.\n $normalized_servername = regsubst($servername, '(https?:\\/\\/)?([a-z0-9\\/%_+.,#?!@&=-]+)(:?\\d+)?', '\\2', 'G')\n\n # IAC-1186: A number of configuration and log file names are generated using the $name parameter. It is possible for\n # the $name parameter to contain spaces, which could then be transferred to the log / config filenames. Although\n # POSIX compliant, this can be cumbersome.\n #\n # It seems more appropriate to use the $servername parameter to derive default log / config filenames from. We should\n # also perform some sanitiation on the $servername parameter to strip spaces from it, as it defaults to the value of\n # $name, should $servername NOT be defined.\n #\n # Because a single hostname may be use by multiple virtual hosts listening on different ports, the $port paramter can\n # optionaly be used to avoid duplicate resources.\n #\n # We will retain the default behaviour for filenames but allow the use of a sanitized version of $servername to be\n # used, using the new $use_servername_for_filenames and $use_port_for_filenames parameters.\n #\n # This will default to false until the next major release (v7.0.0), at which point, we will default this to true and\n # warn about it's imminent deprecation in the subsequent major release (v8.0.0)\n #\n # In v8.0.0, we will deprecate the $use_servername_for_filenames and $use_port_for_filenames parameters altogether\n # and use the sanitized value of $servername for default log / config filenames.\n $filename = $use_servername_for_filenames ? {\n true => $use_port_for_filenames ? {\n true => regsubst(\"${normalized_servername}-${port}\", ' ', '_', 'G'),\n false => regsubst($normalized_servername, ' ', '_', 'G'),\n },\n false => $name,\n }\n\n if ! $use_servername_for_filenames and $name != $normalized_servername {\n $use_servername_for_filenames_warn_msg = '\n It is possible for the $name parameter to be defined with spaces in it. Although supported on POSIX systems, this\n can lead to cumbersome file names. The $servername attribute has stricter conditions from Apache (i.e. no spaces)\n When $use_servername_for_filenames = true, the $servername parameter, sanitized, is used to construct log and config\n file names.\n\n From version v7.0.0 of the puppetlabs-apache module, this parameter will default to true. From version v8.0.0 of the\n module, the $use_servername_for_filenames will be removed and log/config file names will be derived from the\n sanitized $servername parameter when not explicitly defined.'\n warning($use_servername_for_filenames_warn_msg)\n } elsif ! $use_port_for_filenames {\n $use_port_for_filenames_warn_msg = '\n It is possible for multiple virtual hosts to be configured using the same $servername but a different port. When\n using $use_servername_for_filenames, this can lead to duplicate resource declarations.\n When $use_port_for_filenames = true, the $servername and $port parameters, sanitized, are used to construct log and\n config file names.\n\n From version v7.0.0 of the puppetlabs-apache module, this parameter will default to true. From version v8.0.0 of the\n module, the $use_port_for_filenames will be removed and log/config file names will be derived from the\n sanitized $servername parameter when not explicitly defined.'\n warning($use_port_for_filenames_warn_msg)\n }\n\n # This ensures that the docroot exists\n # But enables it to be specified across multiple vhost resources\n if $manage_docroot and $docroot and ! defined(File[$docroot]) {\n file { $docroot:\n ensure => directory,\n owner => $docroot_owner,\n group => $docroot_group,\n mode => $docroot_mode,\n require => Package['httpd'],\n before => Concat[\"${priority_real}${filename}.conf\"],\n }\n }\n\n # Same as above, but for logroot\n if ! defined(File[$logroot]) {\n file { $logroot:\n ensure => $logroot_ensure,\n owner => $logroot_owner,\n group => $logroot_group,\n mode => $logroot_mode,\n require => Package['httpd'],\n before => Concat[\"${priority_real}${filename}.conf\"],\n notify => Class['Apache::Service'],\n }\n }\n\n # Is apache::mod::shib enabled (or apache::mod['shib2'])\n $shibboleth_enabled = defined(Apache::Mod['shib2'])\n\n # Is apache::mod::cas enabled (or apache::mod['cas'])\n $cas_enabled = defined(Apache::Mod['auth_cas'])\n\n if $access_log and !$access_logs {\n $_access_logs = [{\n 'file' => $access_log_file,\n 'pipe' => $access_log_pipe,\n 'syslog' => $access_log_syslog,\n 'format' => $access_log_format,\n 'env' => $access_log_env_var\n }]\n } elsif $access_logs {\n $_access_logs = $access_logs\n }\n\n if $error_log_file {\n if $error_log_file =~ /^\\// {\n # Absolute path provided - don't prepend $logroot\n $error_log_destination = $error_log_file\n } else {\n $error_log_destination = \"${logroot}/${error_log_file}\"\n }\n } elsif $error_log_pipe {\n $error_log_destination = $error_log_pipe\n } elsif $error_log_syslog {\n $error_log_destination = $error_log_syslog\n } else {\n if $ssl {\n $error_log_destination = \"${logroot}/${filename}_error_ssl.log\"\n } else {\n $error_log_destination = \"${logroot}/${filename}_error.log\"\n }\n }\n\n if versioncmp($apache_version, '2.4') >= 0 {\n $error_log_format24 = $error_log_format\n }\n else {\n $error_log_format24 = undef\n }\n\n if $modsec_audit_log == false {\n $modsec_audit_log_destination = undef\n } elsif $modsec_audit_log_file {\n $modsec_audit_log_destination = \"${logroot}/${modsec_audit_log_file}\"\n } elsif $modsec_audit_log_pipe {\n $modsec_audit_log_destination = $modsec_audit_log_pipe\n } elsif $modsec_audit_log {\n if $ssl {\n $modsec_audit_log_destination = \"${logroot}/${filename}_security_ssl.log\"\n } else {\n $modsec_audit_log_destination = \"${logroot}/${filename}_security.log\"\n }\n } else {\n $modsec_audit_log_destination = undef\n }\n\n if $ip {\n $_ip = any2array(enclose_ipv6($ip))\n if $port {\n $_port = any2array($port)\n $listen_addr_port = split(inline_template(\"<%= @_ip.product(@_port).map {|x| x.join(':') }.join(',')%>\"), ',')\n $nvh_addr_port = split(inline_template(\"<%= @_ip.product(@_port).map {|x| x.join(':') }.join(',')%>\"), ',')\n } else {\n $listen_addr_port = undef\n $nvh_addr_port = $_ip\n if ! $servername and ! $ip_based {\n fail(\"Apache::Vhost[${name}]: must pass 'ip' and/or 'port' parameters for name-based vhosts\")\n }\n }\n } else {\n if $port {\n $listen_addr_port = $port\n $nvh_addr_port = prefix(any2array($port),\"${vhost_name}:\")\n } else {\n $listen_addr_port = undef\n $nvh_addr_port = $name\n if ! $servername and $servername != '' {\n fail(\"Apache::Vhost[${name}]: must pass 'ip' and/or 'port' parameters, and/or 'servername' parameter\")\n }\n }\n }\n\n if $add_listen {\n if $ip and defined(Apache::Listen[String($port)]) {\n fail(\"Apache::Vhost[${name}]: Mixing IP and non-IP Listen directives is not possible; check the add_listen parameter of the apache::vhost define to disable this\")\n }\n if $listen_addr_port and $ensure == 'present' {\n ensure_resource('apache::listen', $listen_addr_port)\n }\n }\n if ! $ip_based {\n if $ensure == 'present' and (versioncmp($apache_version, '2.4') < 0) {\n ensure_resource('apache::namevirtualhost', $nvh_addr_port)\n }\n }\n\n # Load mod_rewrite if needed and not yet loaded\n if $rewrites or $rewrite_cond {\n if ! defined(Class['apache::mod::rewrite']) {\n include apache::mod::rewrite\n }\n }\n\n # Load mod_alias if needed and not yet loaded\n if ($scriptalias or $scriptaliases != [])\n or ($aliases and $aliases != [])\n or ($redirect_source and $redirect_dest)\n or ($redirectmatch_regexp or $redirectmatch_status or $redirectmatch_dest) {\n if ! defined(Class['apache::mod::alias']) and ($ensure == 'present') {\n include apache::mod::alias\n }\n }\n\n # Load mod_proxy if needed and not yet loaded\n if ($proxy_dest or $proxy_pass or $proxy_pass_match or $proxy_dest_match) {\n if ! defined(Class['apache::mod::proxy']) {\n include apache::mod::proxy\n }\n if ! defined(Class['apache::mod::proxy_http']) {\n include apache::mod::proxy_http\n }\n }\n\n # Load mod_fastcgi if needed and not yet loaded\n if $fastcgi_server and $fastcgi_socket {\n if ! defined(Class['apache::mod::fastcgi']) {\n include apache::mod::fastcgi\n }\n }\n\n # Check if mod_headers is required to process $headers/$request_headers\n if $headers or $request_headers {\n if ! defined(Class['apache::mod::headers']) {\n include apache::mod::headers\n }\n }\n\n # Check if mod_filter is required to process $filters\n if $filters {\n if ! defined(Class['apache::mod::filter']) {\n include apache::mod::filter\n }\n }\n\n # Check if mod_env is required and not yet loaded.\n # create an expression to simplify the conditional check\n $use_env_mod = $setenv and ! empty($setenv)\n if ($use_env_mod) {\n if ! defined(Class['apache::mod::env']) {\n include apache::mod::env\n }\n }\n # Check if mod_setenvif is required and not yet loaded.\n # create an expression to simplify the conditional check\n $use_setenvif_mod = ($setenvif and ! empty($setenvif)) or ($setenvifnocase and ! empty($setenvifnocase))\n\n if ($use_setenvif_mod) {\n if ! defined(Class['apache::mod::setenvif']) {\n include apache::mod::setenvif\n }\n }\n\n ## Create a default directory list if none defined\n if $directories {\n $_directories = $directories\n } elsif $docroot {\n $_directory = {\n provider => 'directory',\n path => $docroot,\n options => $options,\n allow_override => $override,\n directoryindex => $directoryindex,\n }\n\n if versioncmp($apache_version, '2.4') >= 0 {\n $_directory_version = {\n require => 'all granted',\n }\n } else {\n $_directory_version = {\n order => 'allow,deny',\n allow => 'from all',\n }\n }\n\n $_directories = [merge($_directory, $_directory_version)]\n } else {\n $_directories = undef\n }\n\n ## Create a global LocationMatch if locations aren't defined\n if $modsec_disable_ids {\n if $modsec_disable_ids =~ Array {\n $_modsec_disable_ids = { '.*' => $modsec_disable_ids }\n } else {\n $_modsec_disable_ids = $modsec_disable_ids\n }\n }\n\n if $modsec_disable_msgs {\n if $modsec_disable_msgs =~ Array {\n $_modsec_disable_msgs = { '.*' => $modsec_disable_msgs }\n } else {\n $_modsec_disable_msgs = $modsec_disable_msgs\n }\n }\n\n if $modsec_disable_tags {\n if $modsec_disable_tags =~ Array {\n $_modsec_disable_tags = { '.*' => $modsec_disable_tags }\n } else {\n $_modsec_disable_tags = $modsec_disable_tags\n }\n }\n\n concat { \"${priority_real}${filename}.conf\":\n ensure => $ensure,\n path => \"${apache::vhost_dir}/${priority_real}${filename}.conf\",\n owner => 'root',\n group => $apache::params::root_group,\n mode => $apache::file_mode,\n order => 'numeric',\n require => Package['httpd'],\n notify => Class['apache::service'],\n }\n # NOTE(pabelanger): This code is duplicated in ::apache::vhost::custom and\n # needs to be converted into something generic.\n if $apache::vhost_enable_dir {\n $vhost_enable_dir = $apache::vhost_enable_dir\n $vhost_symlink_ensure = $ensure ? {\n 'present' => link,\n default => $ensure,\n }\n file { \"${priority_real}${filename}.conf symlink\":\n ensure => $vhost_symlink_ensure,\n path => \"${vhost_enable_dir}/${priority_real}${filename}.conf\",\n target => \"${apache::vhost_dir}/${priority_real}${filename}.conf\",\n owner => 'root',\n group => $apache::params::root_group,\n mode => $apache::file_mode,\n require => Concat[\"${priority_real}${filename}.conf\"],\n notify => Class['apache::service'],\n }\n }\n\n # Template uses:\n # - $comment\n # - $nvh_addr_port\n # - $servername\n # - $serveradmin\n # - $protocols\n # - $protocols_honor_order\n # - $apache_version\n concat::fragment { \"${name}-apache-header\":\n target => \"${priority_real}${filename}.conf\",\n order => 0,\n content => template('apache/vhost/_file_header.erb'),\n }\n\n # Template uses:\n # - $virtual_docroot\n # - $virtual_use_default_docroot\n # - $docroot\n if $docroot {\n concat::fragment { \"${name}-docroot\":\n target => \"${priority_real}${filename}.conf\",\n order => 10,\n content => template('apache/vhost/_docroot.erb'),\n }\n }\n\n # Template uses:\n # - $aliases\n if $aliases and ! empty($aliases) {\n concat::fragment { \"${name}-aliases\":\n target => \"${priority_real}${filename}.conf\",\n order => 20,\n content => template('apache/vhost/_aliases.erb'),\n }\n }\n\n # Template uses:\n # - $itk\n # - $::kernelversion\n if $itk and ! empty($itk) {\n concat::fragment { \"${name}-itk\":\n target => \"${priority_real}${filename}.conf\",\n order => 30,\n content => template('apache/vhost/_itk.erb'),\n }\n }\n\n # Template uses:\n # - $fallbackresource\n if $fallbackresource {\n concat::fragment { \"${name}-fallbackresource\":\n target => \"${priority_real}${filename}.conf\",\n order => 40,\n content => template('apache/vhost/_fallbackresource.erb'),\n }\n }\n\n # Template uses:\n # - $allow_encoded_slashes\n if $allow_encoded_slashes {\n concat::fragment { \"${name}-allow_encoded_slashes\":\n target => \"${priority_real}${filename}.conf\",\n order => 50,\n content => template('apache/vhost/_allow_encoded_slashes.erb'),\n }\n }\n\n # Template uses:\n # - $_directories\n # - $docroot\n # - $apache_version\n # - $suphp_engine\n # - $shibboleth_enabled\n if $_directories and ! empty($_directories) {\n concat::fragment { \"${name}-directories\":\n target => \"${priority_real}${filename}.conf\",\n order => 60,\n content => template('apache/vhost/_directories.erb'),\n }\n }\n\n # Template uses:\n # - $additional_includes\n if $additional_includes and ! empty($additional_includes) {\n concat::fragment { \"${name}-additional_includes\":\n target => \"${priority_real}${filename}.conf\",\n order => 70,\n content => template('apache/vhost/_additional_includes.erb'),\n }\n }\n\n # Template uses:\n # - $error_log\n # - $error_log_format24\n # - $log_level\n # - $error_log_destination\n # - $log_level\n if $error_log or $log_level {\n concat::fragment { \"${name}-logging\":\n target => \"${priority_real}${filename}.conf\",\n order => 80,\n content => template('apache/vhost/_logging.erb'),\n }\n }\n\n # Template uses no variables\n concat::fragment { \"${name}-serversignature\":\n target => \"${priority_real}${filename}.conf\",\n order => 90,\n content => template('apache/vhost/_serversignature.erb'),\n }\n\n # Template uses:\n # - $access_log\n # - $_access_log_env_var\n # - $access_log_destination\n # - $_access_log_format\n # - $_access_log_env_var\n # - $access_logs\n if $access_log or $access_logs {\n concat::fragment { \"${name}-access_log\":\n target => \"${priority_real}${filename}.conf\",\n order => 100,\n content => template('apache/vhost/_access_log.erb'),\n }\n }\n\n # Template uses:\n # - $action\n if $action {\n concat::fragment { \"${name}-action\":\n target => \"${priority_real}${filename}.conf\",\n order => 110,\n content => template('apache/vhost/_action.erb'),\n }\n }\n\n # Template uses:\n # - $block\n # - $apache_version\n if $block and ! empty($block) {\n concat::fragment { \"${name}-block\":\n target => \"${priority_real}${filename}.conf\",\n order => 120,\n content => template('apache/vhost/_block.erb'),\n }\n }\n\n # Template uses:\n # - $error_documents\n if $error_documents and ! empty($error_documents) {\n concat::fragment { \"${name}-error_document\":\n target => \"${priority_real}${filename}.conf\",\n order => 130,\n content => template('apache/vhost/_error_document.erb'),\n }\n }\n\n # Template uses:\n # - $headers\n if $headers and ! empty($headers) {\n concat::fragment { \"${name}-header\":\n target => \"${priority_real}${filename}.conf\",\n order => 140,\n content => template('apache/vhost/_header.erb'),\n }\n }\n\n # Template uses:\n # - $request_headers\n if $request_headers and ! empty($request_headers) {\n concat::fragment { \"${name}-requestheader\":\n target => \"${priority_real}${filename}.conf\",\n order => 150,\n content => template('apache/vhost/_requestheader.erb'),\n }\n }\n\n # Template uses:\n # - $ssl_proxyengine\n # - $ssl_proxy_verify\n # - $ssl_proxy_verify_depth\n # - $ssl_proxy_ca_cert\n # - $ssl_proxy_check_peer_cn\n # - $ssl_proxy_check_peer_name\n # - $ssl_proxy_check_peer_expire\n # - $ssl_proxy_machine_cert\n # - $ssl_proxy_machine_cert_chain\n # - $ssl_proxy_protocol\n if $ssl_proxyengine {\n concat::fragment { \"${name}-sslproxy\":\n target => \"${priority_real}${filename}.conf\",\n order => 160,\n content => template('apache/vhost/_sslproxy.erb'),\n }\n }\n\n # Template uses:\n # - $proxy_dest\n # - $proxy_pass\n # - $proxy_pass_match\n # - $proxy_preserve_host\n # - $proxy_add_headers\n # - $no_proxy_uris\n if $proxy_dest or $proxy_pass or $proxy_pass_match or $proxy_dest_match or $proxy_preserve_host {\n concat::fragment { \"${name}-proxy\":\n target => \"${priority_real}${filename}.conf\",\n order => 170,\n content => template('apache/vhost/_proxy.erb'),\n }\n }\n\n # Template uses:\n # - $redirect_source\n # - $redirect_dest\n # - $redirect_status\n # - $redirect_dest_a\n # - $redirect_source_a\n # - $redirect_status_a\n # - $redirectmatch_status\n # - $redirectmatch_regexp\n # - $redirectmatch_dest\n # - $redirectmatch_status_a\n # - $redirectmatch_regexp_a\n # - $redirectmatch_dest\n if ($redirect_source and $redirect_dest) or ($redirectmatch_regexp and $redirectmatch_dest) {\n concat::fragment { \"${name}-redirect\":\n target => \"${priority_real}${filename}.conf\",\n order => 180,\n content => template('apache/vhost/_redirect.erb'),\n }\n }\n\n # Template uses:\n # - $rewrites\n # - $rewrite_base\n # - $rewrite_rule\n # - $rewrite_cond\n # - $rewrite_map\n if $rewrites or $rewrite_rule {\n concat::fragment { \"${name}-rewrite\":\n target => \"${priority_real}${filename}.conf\",\n order => 190,\n content => template('apache/vhost/_rewrite.erb'),\n }\n }\n\n # Template uses:\n # - $scriptaliases\n # - $scriptalias\n if ( $scriptalias or $scriptaliases != []) {\n concat::fragment { \"${name}-scriptalias\":\n target => \"${priority_real}${filename}.conf\",\n order => 200,\n content => template('apache/vhost/_scriptalias.erb'),\n }\n }\n\n # Template uses:\n # - $serveraliases\n if $serveraliases and ! empty($serveraliases) {\n concat::fragment { \"${name}-serveralias\":\n target => \"${priority_real}${filename}.conf\",\n order => 210,\n content => template('apache/vhost/_serveralias.erb'),\n }\n }\n\n # Template uses:\n # - $setenv\n # - $setenvif\n if ($use_env_mod or $use_setenvif_mod) {\n concat::fragment { \"${name}-setenv\":\n target => \"${priority_real}${filename}.conf\",\n order => 220,\n content => template('apache/vhost/_setenv.erb'),\n }\n }\n\n # Template uses:\n # - $ssl\n # - $ssl_cert\n # - $ssl_key\n # - $ssl_chain\n # - $ssl_certs_dir\n # - $ssl_ca\n # - $ssl_crl_path\n # - $ssl_crl\n # - $ssl_crl_check\n # - $ssl_protocol\n # - $ssl_cipher\n # - $_ssl_honorcipherorder\n # - $ssl_verify_client\n # - $ssl_verify_depth\n # - $ssl_options\n # - $ssl_openssl_conf_cmd\n # - $ssl_stapling\n # - $apache_version\n if $ssl and $ensure == 'present' {\n concat::fragment { \"${name}-ssl\":\n target => \"${priority_real}${filename}.conf\",\n order => 230,\n content => template('apache/vhost/_ssl.erb'),\n }\n\n if $ssl_reload_on_change {\n [$ssl_cert, $ssl_key, $ssl_ca, $ssl_chain, $ssl_crl].each |$ssl_file| {\n if $ssl_file {\n include apache::mod::ssl::reload\n $_ssl_file_copy = regsubst($ssl_file, '/', '_', 'G')\n file { \"${filename}${_ssl_file_copy}\":\n path => \"${apache::params::puppet_ssl_dir}/${filename}${_ssl_file_copy}\",\n source => \"file://${ssl_file}\",\n owner => 'root',\n group => $apache::params::root_group,\n mode => '0640',\n seltype => 'cert_t',\n notify => Class['apache::service'],\n }\n }\n }\n }\n }\n\n # Template uses:\n # - $auth_kerb\n # - $krb_method_negotiate\n # - $krb_method_k5passwd\n # - $krb_authoritative\n # - $krb_auth_realms\n # - $krb_5keytab\n # - $krb_local_user_mapping\n if $auth_kerb {\n concat::fragment { \"${name}-auth_kerb\":\n target => \"${priority_real}${filename}.conf\",\n order => 230,\n content => template('apache/vhost/_auth_kerb.erb'),\n }\n }\n\n # Template uses:\n # - $suphp_engine\n # - $suphp_addhandler\n # - $suphp_configpath\n if $suphp_engine == 'on' {\n concat::fragment { \"${name}-suphp\":\n target => \"${priority_real}${filename}.conf\",\n order => 240,\n content => template('apache/vhost/_suphp.erb'),\n }\n }\n\n # Template uses:\n # - $php_values\n # - $php_flags\n if ($php_values and ! empty($php_values)) or ($php_flags and ! empty($php_flags)) {\n concat::fragment { \"${name}-php\":\n target => \"${priority_real}${filename}.conf\",\n order => 240,\n content => template('apache/vhost/_php.erb'),\n }\n }\n\n # Template uses:\n # - $php_admin_values\n # - $php_admin_flags\n if ($php_admin_values and ! empty($php_admin_values)) or ($php_admin_flags and ! empty($php_admin_flags)) {\n concat::fragment { \"${name}-php_admin\":\n target => \"${priority_real}${filename}.conf\",\n order => 250,\n content => template('apache/vhost/_php_admin.erb'),\n }\n }\n\n # Template uses:\n # - $wsgi_application_group\n # - $wsgi_daemon_process\n # - $wsgi_daemon_process_options\n # - $wsgi_import_script\n # - $wsgi_import_script_options\n # - $wsgi_process_group\n # - $wsgi_script_aliases\n # - $wsgi_pass_authorization\n if $wsgi_daemon_process_options {\n deprecation('apache::vhost::wsgi_daemon_process_options', 'This parameter is deprecated. Please add values inside Hash `wsgi_daemon_process`.')\n }\n if $wsgi_application_group or $wsgi_daemon_process or ($wsgi_import_script and $wsgi_import_script_options) or $wsgi_process_group or ($wsgi_script_aliases and ! empty($wsgi_script_aliases)) or $wsgi_pass_authorization {\n concat::fragment { \"${name}-wsgi\":\n target => \"${priority_real}${filename}.conf\",\n order => 260,\n content => template('apache/vhost/_wsgi.erb'),\n }\n }\n\n # Template uses:\n # - $custom_fragment\n if $custom_fragment {\n concat::fragment { \"${name}-custom_fragment\":\n target => \"${priority_real}${filename}.conf\",\n order => 270,\n content => template('apache/vhost/_custom_fragment.erb'),\n }\n }\n\n # Template uses:\n # - $fastcgi_server\n # - $fastcgi_socket\n # - $fastcgi_dir\n # - $fastcgi_idle_timeout\n # - $apache_version\n if $fastcgi_server or $fastcgi_dir {\n concat::fragment { \"${name}-fastcgi\":\n target => \"${priority_real}${filename}.conf\",\n order => 280,\n content => template('apache/vhost/_fastcgi.erb'),\n }\n }\n\n # Template uses:\n # - $suexec_user_group\n if $suexec_user_group {\n concat::fragment { \"${name}-suexec\":\n target => \"${priority_real}${filename}.conf\",\n order => 290,\n content => template('apache/vhost/_suexec.erb'),\n }\n }\n\n if $h2_copy_files != undef or $h2_direct != undef or $h2_early_hints != undef or $h2_max_session_streams != undef or $h2_modern_tls_only != undef or $h2_push != undef or $h2_push_diary_size != undef or $h2_push_priority != [] or $h2_push_resource != [] or $h2_serialize_headers != undef or $h2_stream_max_mem_size != undef or $h2_tls_cool_down_secs != undef or $h2_tls_warm_up_size != undef or $h2_upgrade != undef or $h2_window_size != undef {\n include apache::mod::http2\n\n concat::fragment { \"${name}-http2\":\n target => \"${priority_real}${filename}.conf\",\n order => 300,\n content => template('apache/vhost/_http2.erb'),\n }\n }\n\n if $mdomain {\n include apache::mod::md\n }\n\n # Template uses:\n # - $passenger_enabled\n # - $passenger_start_timeout\n # - $passenger_ruby\n # - $passenger_python\n # - $passenger_nodejs\n # - $passenger_meteor_app_settings\n # - $passenger_app_env\n # - $passenger_app_root\n # - $passenger_app_group_name\n # - $passenger_app_start_command\n # - $passenger_app_type\n # - $passenger_startup_file\n # - $passenger_restart_dir\n # - $passenger_spawn_method\n # - $passenger_load_shell_envvars\n # - $passenger_rolling_restarts\n # - $passenger_resist_deployment_errors\n # - $passenger_min_instances\n # - $passenger_max_instances\n # - $passenger_max_preloader_idle_time\n # - $passenger_force_max_concurrent_requests_per_process\n # - $passenger_concurrency_model\n # - $passenger_thread_count\n # - $passenger_high_performance\n # - $passenger_max_request_queue_size\n # - $passenger_max_request_queue_time\n # - $passenger_user\n # - $passenger_group\n # - $passenger_friendly_error_pages\n # - $passenger_buffer_upload\n # - $passenger_buffer_response\n # - $passenger_allow_encoded_slashes\n # - $passenger_lve_min_uid\n # - $passenger_base_uri\n # - $passenger_error_override\n # - $passenger_sticky_sessions\n # - $passenger_sticky_sessions_cookie_name\n # - $passenger_sticky_sessions_cookie_attributes\n # - $passenger_app_log_file\n # - $passenger_debugger\n # - $passenger_max_requests\n # - $passenger_max_request_time\n # - $passenger_memory_limit\n if $passenger_enabled != undef or $passenger_start_timeout != undef or $passenger_ruby != undef or $passenger_python != undef or $passenger_nodejs != undef or $passenger_meteor_app_settings != undef or $passenger_app_env != undef or $passenger_app_root != undef or $passenger_app_group_name != undef or $passenger_app_start_command != undef or $passenger_app_type != undef or $passenger_startup_file != undef or $passenger_restart_dir != undef or $passenger_spawn_method != undef or $passenger_load_shell_envvars != undef or $passenger_rolling_restarts != undef or $passenger_resist_deployment_errors != undef or $passenger_min_instances != undef or $passenger_max_instances != undef or $passenger_max_preloader_idle_time != undef or $passenger_force_max_concurrent_requests_per_process != undef or $passenger_concurrency_model != undef or $passenger_thread_count != undef or $passenger_high_performance != undef or $passenger_max_request_queue_size != undef or $passenger_max_request_queue_time != undef or $passenger_user != undef or $passenger_group != undef or $passenger_friendly_error_pages != undef or $passenger_buffer_upload != undef or $passenger_buffer_response != undef or $passenger_allow_encoded_slashes != undef or $passenger_lve_min_uid != undef or $passenger_base_uri != undef or $passenger_error_override != undef or $passenger_sticky_sessions != undef or $passenger_sticky_sessions_cookie_name != undef or $passenger_sticky_sessions_cookie_attributes != undef or $passenger_app_log_file != undef or $passenger_debugger != undef or $passenger_max_requests != undef or $passenger_max_request_time != undef or $passenger_memory_limit != undef {\n concat::fragment { \"${name}-passenger\":\n target => \"${priority_real}${filename}.conf\",\n order => 300,\n content => template('apache/vhost/_passenger.erb'),\n }\n }\n\n # Template uses:\n # - $add_default_charset\n if $add_default_charset {\n concat::fragment { \"${name}-charsets\":\n target => \"${priority_real}${filename}.conf\",\n order => 310,\n content => template('apache/vhost/_charsets.erb'),\n }\n }\n\n # Template uses:\n # - $modsec_disable_vhost\n # - $modsec_disable_ids\n # - $modsec_disable_ips\n # - $modsec_disable_msgs\n # - $modsec_disable_tags\n # - $modsec_body_limit\n # - $modsec_audit_log_destination\n if $modsec_disable_vhost or $modsec_disable_ids or $modsec_disable_ips or $modsec_disable_msgs or $modsec_disable_tags or $modsec_audit_log_destination {\n concat::fragment { \"${name}-security\":\n target => \"${priority_real}${filename}.conf\",\n order => 320,\n content => template('apache/vhost/_security.erb'),\n }\n }\n\n # Template uses:\n # - $filters\n if $filters and ! empty($filters) {\n concat::fragment { \"${name}-filters\":\n target => \"${priority_real}${filename}.conf\",\n order => 330,\n content => template('apache/vhost/_filters.erb'),\n }\n }\n\n # Template uses:\n # - $jk_mounts\n if $jk_mounts and ! empty($jk_mounts) {\n concat::fragment { \"${name}-jk_mounts\":\n target => \"${priority_real}${filename}.conf\",\n order => 340,\n content => template('apache/vhost/_jk_mounts.erb'),\n }\n }\n\n # Template uses:\n # - $keepalive\n # - $keepalive_timeout\n # - $max_keepalive_requests\n if $keepalive or $keepalive_timeout or $max_keepalive_requests {\n concat::fragment { \"${name}-keepalive_options\":\n target => \"${priority_real}${filename}.conf\",\n order => 350,\n content => template('apache/vhost/_keepalive_options.erb'),\n }\n }\n\n # Template uses:\n # - $cas_*\n if $cas_enabled {\n concat::fragment { \"${name}-auth_cas\":\n target => \"${priority_real}${filename}.conf\",\n order => 350,\n content => template('apache/vhost/_auth_cas.erb'),\n }\n }\n\n # Template uses:\n # - $http_protocol_options\n if $http_protocol_options {\n concat::fragment { \"${name}-http_protocol_options\":\n target => \"${priority_real}${filename}.conf\",\n order => 350,\n content => template('apache/vhost/_http_protocol_options.erb'),\n }\n }\n\n # Template uses:\n # - $auth_oidc\n # - $oidc_settings\n if $auth_oidc {\n concat::fragment { \"${name}-auth_oidc\":\n target => \"${priority_real}${filename}.conf\",\n order => 360,\n content => template('apache/vhost/_auth_oidc.erb'),\n }\n }\n\n # Template uses:\n # - $shib_compat_valid_user\n if $shibboleth_enabled {\n concat::fragment { \"${name}-shibboleth\":\n target => \"${priority_real}${filename}.conf\",\n order => 370,\n content => template('apache/vhost/_shib.erb'),\n }\n }\n\n # - $use_canonical_name\n if $use_canonical_name {\n concat::fragment { \"${name}-use_canonical_name\":\n target => \"${priority_real}${filename}.conf\",\n order => 360,\n content => template('apache/vhost/_use_canonical_name.erb'),\n }\n }\n\n # Template uses no variables\n concat::fragment { \"${name}-file_footer\":\n target => \"${priority_real}${filename}.conf\",\n order => 999,\n content => template('apache/vhost/_file_footer.erb'),\n }\n}"}, {"name": "apache::vhost::custom", "file": "manifests/vhost/custom.pp", "line": 18, "docstring": {"text": "The `apache::vhost::custom` defined type is a thin wrapper around the `apache::custom_config` defined type, and simply overrides some of its default settings specific to the virtual host directory in Apache.", "tags": [{"tag_name": "param", "text": "Sets the configuration file's content.", "types": ["Any"], "name": "content"}, {"tag_name": "param", "text": "Specifies if the virtual host file is present or absent.", "types": ["Any"], "name": "ensure"}, {"tag_name": "param", "text": "Sets the relative load order for Apache HTTPD VirtualHost configuration files.", "types": ["Any"], "name": "priority"}, {"tag_name": "param", "text": "Specifies whether to validate the configuration file before notifying the Apache service.", "types": ["Any"], "name": "verify_config"}, {"tag_name": "summary", "text": "A wrapper around the `apache::custom_config` defined type."}]}, "defaults": {"ensure": "'present'", "priority": "'25'", "verify_config": "true"}, "source": "define apache::vhost::custom (\n $content,\n $ensure = 'present',\n $priority = '25',\n $verify_config = true,\n) {\n include apache\n\n ## Apache include does not always work with spaces in the filename\n $filename = regsubst($name, ' ', '_', 'G')\n\n ::apache::custom_config { $filename:\n ensure => $ensure,\n confdir => $apache::vhost_dir,\n content => $content,\n priority => $priority,\n verify_config => $verify_config,\n }\n\n # NOTE(pabelanger): This code is duplicated in ::apache::vhost and needs to\n # converted into something generic.\n if $apache::vhost_enable_dir {\n $vhost_symlink_ensure = $ensure ? {\n 'present' => link,\n default => $ensure,\n }\n\n file { \"${priority}-${filename}.conf symlink\":\n ensure => $vhost_symlink_ensure,\n path => \"${apache::vhost_enable_dir}/${priority}-${filename}.conf\",\n target => \"${apache::vhost_dir}/${priority}-${filename}.conf\",\n owner => 'root',\n group => $apache::params::root_group,\n mode => $apache::file_mode,\n require => Apache::Custom_config[$filename],\n notify => Class['apache::service'],\n }\n }\n}"}, {"name": "apache::vhost::fragment", "file": "manifests/vhost/fragment.pp", "line": 56, "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "include apache\napache::vhost { 'myvhost':\n}\napache::vhost::fragment { 'myfragment':\n vhost => 'myvhost',\n content => '# Foo',\n}", "name": "With a vhost without priority"}, {"tag_name": "example", "text": "include apache\napache::vhost { 'myvhost':\n priority => '42',\n}\napache::vhost::fragment { 'myfragment':\n vhost => 'myvhost',\n priority => '42',\n content => '# Foo',\n}", "name": "With a vhost with priority"}, {"tag_name": "example", "text": "include apache\napache::vhost { 'myvhost':\n default_vhost => true,\n}\napache::vhost::fragment { 'myfragment':\n vhost => 'myvhost',\n priority => '10', # default_vhost implies priority 10\n content => '# Foo',\n}", "name": "With a vhost with default vhost"}, {"tag_name": "example", "text": "include apache\napache::vhost::fragment { 'myfragment':\n vhost => 'default',\n priority => '15',\n content => '# Foo',\n}", "name": "Adding a fragment to the built in default vhost"}, {"tag_name": "param", "text": "The title of the vhost resource to append to", "types": ["String[1]"], "name": "vhost"}, {"tag_name": "param", "text": "Set the priority to match the one `apache::vhost` sets. This must match the\none `apache::vhost` sets or else the concat fragment won't be found.", "types": ["Any"], "name": "priority"}, {"tag_name": "param", "text": "The content to put in the fragment. Only when it's non-empty the actual\nfragment will be created.", "types": ["Optional[String]"], "name": "content"}, {"tag_name": "param", "text": "The order to insert the fragment at", "types": ["Integer[0]"], "name": "order"}, {"tag_name": "param", "text": "", "types": ["Optional[Integer[0]]"], "name": "port"}, {"tag_name": "summary", "text": "Define a fragment within a vhost"}]}, "defaults": {"port": "undef", "priority": "undef", "content": "undef", "order": "900"}, "source": "define apache::vhost::fragment (\n String[1] $vhost,\n Optional[Integer[0]] $port = undef,\n $priority = undef,\n Optional[String] $content = undef,\n Integer[0] $order = 900,\n) {\n # This copies the logic from apache::vhost\n if $priority {\n $priority_real = \"${priority}-\"\n } elsif $priority == false {\n $priority_real = ''\n } else {\n $priority_real = '25-'\n }\n\n $filename = $port ? {\n Integer => regsubst(\"${vhost}-${port}\", ' ', '_', 'G'),\n Undef => regsubst($vhost, ' ', '_', 'G'),\n }\n\n if $content =~ String[1] {\n concat::fragment { \"${vhost}-${title}\":\n target => \"${priority_real}${filename}.conf\",\n order => $order,\n content => $content,\n }\n }\n}"}, {"name": "mysql::db", "file": "manifests/db.pp", "line": 41, "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "mysql::db { 'mydb':\n user => 'myuser',\n password => 'mypass',\n host => 'localhost',\n grant => ['SELECT', 'UPDATE'],\n}", "name": "Create a database"}, {"tag_name": "param", "text": "The user for the database you're creating.", "types": ["Any"], "name": "user"}, {"tag_name": "param", "text": "The password for $user for the database you're creating.", "types": ["Variant[String, Sensitive[String]]"], "name": "password"}, {"tag_name": "param", "text": "The tls_options for $user for the database you're creating.", "types": ["Any"], "name": "tls_options"}, {"tag_name": "param", "text": "The name of the database to create.", "types": ["Any"], "name": "dbname"}, {"tag_name": "param", "text": "The character set for the database.", "types": ["Any"], "name": "charset"}, {"tag_name": "param", "text": "The collation for the database.", "types": ["Any"], "name": "collate"}, {"tag_name": "param", "text": "The host to use as part of user@host for grants.", "types": ["Any"], "name": "host"}, {"tag_name": "param", "text": "The privileges to be granted for user@host on the database.", "types": ["Any"], "name": "grant"}, {"tag_name": "param", "text": "The grant_options for the grant for user@host on the database.", "types": ["Any"], "name": "grant_options"}, {"tag_name": "param", "text": "The path to the sqlfile you want to execute. This can be single file specified as string, or it can be an array of strings.", "types": ["Optional[Variant[Array, Hash, String]]"], "name": "sql"}, {"tag_name": "param", "text": "Specifies whether executing the sqlfiles should happen on every run. If set to false, sqlfiles only run once.", "types": ["Any"], "name": "enforce_sql"}, {"tag_name": "param", "text": "Specifies whether to create the database. Valid values are 'present', 'absent'. Defaults to 'present'.", "types": ["Enum['absent', 'present']"], "name": "ensure"}, {"tag_name": "param", "text": "Timeout, in seconds, for loading the sqlfiles. Defaults to 300.", "types": ["Any"], "name": "import_timeout"}, {"tag_name": "param", "text": "Command to read the sqlfile for importing the database. Useful for compressed sqlfiles. For example, you can use 'zcat' for .gz files.", "types": ["Any"], "name": "import_cat_cmd"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "mysql_exec_path"}, {"tag_name": "summary", "text": "Create and configure a MySQL database."}]}, "defaults": {"tls_options": "undef", "dbname": "$name", "charset": "'utf8'", "collate": "'utf8_general_ci'", "host": "'localhost'", "grant": "'ALL'", "grant_options": "undef", "sql": "undef", "enforce_sql": "false", "ensure": "'present'", "import_timeout": "300", "import_cat_cmd": "'cat'", "mysql_exec_path": "undef"}, "source": "define mysql::db (\n $user,\n Variant[String, Sensitive[String]] $password,\n $tls_options = undef,\n $dbname = $name,\n $charset = 'utf8',\n $collate = 'utf8_general_ci',\n $host = 'localhost',\n $grant = 'ALL',\n $grant_options = undef,\n Optional[Variant[Array, Hash, String]] $sql = undef,\n $enforce_sql = false,\n Enum['absent', 'present'] $ensure = 'present',\n $import_timeout = 300,\n $import_cat_cmd = 'cat',\n $mysql_exec_path = undef,\n) {\n $table = \"${dbname}.*\"\n\n $sql_inputs = join([$sql], ' ')\n\n include 'mysql::client'\n\n if ($mysql_exec_path) {\n $_mysql_exec_path = $mysql_exec_path\n } else {\n $_mysql_exec_path = $mysql::params::exec_path\n }\n\n $db_resource = {\n ensure => $ensure,\n charset => $charset,\n collate => $collate,\n provider => 'mysql',\n require => [Class['mysql::client']],\n }\n ensure_resource('mysql_database', $dbname, $db_resource)\n\n $user_resource = {\n ensure => $ensure,\n password_hash => mysql::password($password),\n tls_options => $tls_options,\n }\n ensure_resource('mysql_user', \"${user}@${host}\", $user_resource)\n\n if $ensure == 'present' {\n mysql_grant { \"${user}@${host}/${table}\":\n privileges => $grant,\n provider => 'mysql',\n user => \"${user}@${host}\",\n table => $table,\n options => $grant_options,\n require => [\n Mysql_database[$dbname],\n Mysql_user[\"${user}@${host}\"],\n ],\n }\n\n $refresh = ! $enforce_sql\n\n if $sql {\n exec { \"${dbname}-import\":\n command => \"${import_cat_cmd} ${sql_inputs} | mysql ${dbname}\",\n logoutput => true,\n environment => \"HOME=${::root_home}\",\n refreshonly => $refresh,\n path => \"/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:${_mysql_exec_path}\",\n require => Mysql_grant[\"${user}@${host}/${table}\"],\n subscribe => Mysql_database[$dbname],\n timeout => $import_timeout,\n }\n }\n }\n}"}, {"name": "puppetdb::database::default_read_grant", "file": "manifests/database/default_read_grant.pp", "line": 3, "docstring": {"text": "Private class. Grant read permissions to $database_read_only_username by default, for new tables created by\n$database_username.", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "database_name"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "schema"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "database_username"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "database_read_only_username"}]}, "source": "define puppetdb::database::default_read_grant(\n String $database_name,\n String $schema,\n String $database_username,\n String $database_read_only_username,\n) {\n postgresql_psql {\"grant default select permission for ${database_read_only_username}\":\n db => $database_name,\n command => \"ALTER DEFAULT PRIVILEGES\n FOR USER \\\"${database_username}\\\"\n IN SCHEMA \\\"${schema}\\\"\n GRANT SELECT ON TABLES\n TO \\\"${database_read_only_username}\\\"\",\n unless => \"SELECT\n ns.nspname,\n acl.defaclobjtype,\n acl.defaclacl\n FROM pg_default_acl acl\n JOIN pg_namespace ns ON acl.defaclnamespace=ns.oid\n WHERE acl.defaclacl::text ~ '.*\\\\\\\\\\\"${database_read_only_username}\\\\\\\\\\\"=r/${database_username}\\\\\\\".*'\n AND nspname = '${schema}'\",\n }\n\n postgresql_psql {\"grant default usage permission for ${database_read_only_username}\":\n db => $database_name,\n command => \"ALTER DEFAULT PRIVILEGES\n FOR USER \\\"${database_username}\\\"\n IN SCHEMA \\\"${schema}\\\"\n GRANT USAGE ON SEQUENCES\n TO \\\"${database_read_only_username}\\\"\",\n unless => \"SELECT\n ns.nspname,\n acl.defaclobjtype,\n acl.defaclacl\n FROM pg_default_acl acl\n JOIN pg_namespace ns ON acl.defaclnamespace=ns.oid\n WHERE acl.defaclacl::text ~ '.*\\\\\\\\\\\"${database_read_only_username}\\\\\\\\\\\"=U/${database_username}\\\\\\\".*'\n AND nspname = '${schema}'\",\n }\n\n postgresql_psql {\"grant default execute permission for ${database_read_only_username}\":\n db => $database_name,\n command => \"ALTER DEFAULT PRIVILEGES\n FOR USER \\\"${database_username}\\\"\n IN SCHEMA \\\"${schema}\\\"\n GRANT EXECUTE ON FUNCTIONS\n TO \\\"${database_read_only_username}\\\"\",\n unless => \"SELECT\n ns.nspname,\n acl.defaclobjtype,\n acl.defaclacl\n FROM pg_default_acl acl\n JOIN pg_namespace ns ON acl.defaclnamespace=ns.oid\n WHERE acl.defaclacl::text ~ '.*\\\\\\\\\\\"${database_read_only_username}\\\\\\\\\\\"=X/${database_username}\\\\\\\".*'\n AND nspname = '${schema}'\",\n }\n}"}, {"name": "puppetdb::database::postgresql_ssl_rules", "file": "manifests/database/postgresql_ssl_rules.pp", "line": 2, "docstring": {"text": "Private class for configuring the pg_ident.conf and pg_hba.conf files", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "database_name"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "database_username"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "puppetdb_server"}]}, "source": "define puppetdb::database::postgresql_ssl_rules (\n String $database_name,\n String $database_username,\n String $puppetdb_server,\n) {\n $identity_map_key = \"${database_name}-${database_username}-map\"\n\n postgresql::server::pg_hba_rule { \"Allow certificate mapped connections to ${database_name} as ${database_username} (ipv4)\":\n type => 'hostssl',\n database => $database_name,\n user => $database_username,\n address => '0.0.0.0/0',\n auth_method => 'cert',\n order => 0,\n auth_option => \"map=${identity_map_key} clientcert=1\"\n }\n\n postgresql::server::pg_hba_rule { \"Allow certificate mapped connections to ${database_name} as ${database_username} (ipv6)\":\n type => 'hostssl',\n database => $database_name,\n user => $database_username,\n address => '::0/0',\n auth_method => 'cert',\n order => 0,\n auth_option => \"map=${identity_map_key} clientcert=1\"\n }\n\n postgresql::server::pg_ident_rule { \"Map the SSL certificate of the server as a ${database_username} user\":\n map_name => $identity_map_key,\n system_username => $puppetdb_server,\n database_username => $database_username,\n }\n}"}, {"name": "puppetdb::database::read_grant", "file": "manifests/database/read_grant.pp", "line": 3, "docstring": {"text": "Private class. Grant read-only permissions to $database_read_only_username for all objects in $schema of\n$database_name", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "database_name"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "schema"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "database_read_only_username"}]}, "source": "define puppetdb::database::read_grant (\n String $database_name,\n String $schema,\n String $database_read_only_username,\n) {\n postgresql_psql { \"grant select permission for ${database_read_only_username}\":\n db => $database_name,\n command => \"GRANT SELECT\n ON ALL TABLES IN SCHEMA \\\"${schema}\\\"\n TO \\\"${database_read_only_username}\\\"\",\n unless => \"SELECT * FROM (\n SELECT COUNT(*)\n FROM pg_tables\n WHERE schemaname='public'\n AND has_table_privilege('${database_read_only_username}', schemaname || '.' || tablename, 'SELECT')=false\n ) x\n WHERE x.count=0\",\n }\n\n postgresql_psql { \"grant usage permission for ${database_read_only_username}\":\n db => $database_name,\n command => \"GRANT USAGE\n ON ALL SEQUENCES IN SCHEMA \\\"${schema}\\\"\n TO \\\"${database_read_only_username}\\\"\",\n unless => \"SELECT * FROM (\n SELECT COUNT(*)\n FROM information_schema.sequences\n WHERE sequence_schema='public'\n AND has_sequence_privilege('${database_read_only_username}', sequence_schema || '.' || sequence_name, 'USAGE')=false\n ) x\n WHERE x.count=0\",\n }\n\n postgresql_psql { \"grant execution permission for ${database_read_only_username}\":\n db => $database_name,\n command => \"GRANT EXECUTE\n ON ALL FUNCTIONS IN SCHEMA \\\"${schema}\\\"\n TO \\\"${database_read_only_username}\\\"\",\n unless => \"SELECT * FROM (\n SELECT COUNT(*)\n FROM pg_catalog.pg_proc p\n LEFT JOIN pg_catalog.pg_namespace n ON n.oid = p.pronamespace\n WHERE n.nspname='public'\n AND has_function_privilege('${database_read_only_username}', p.oid, 'EXECUTE')=false\n ) x\n WHERE x.count=0\",\n }\n}"}, {"name": "puppetdb::database::read_only_user", "file": "manifests/database/read_only_user.pp", "line": 14, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "read_database_username"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "database_name"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "database_owner"}, {"tag_name": "param", "text": "", "types": ["Variant[String, Boolean]"], "name": "password_hash"}]}, "defaults": {"password_hash": "false"}, "source": "define puppetdb::database::read_only_user (\n String $read_database_username,\n String $database_name,\n String $database_owner,\n Variant[String, Boolean] $password_hash = false,\n) {\n postgresql::server::role { $read_database_username:\n password_hash => $password_hash,\n }\n\n -> postgresql::server::database_grant { \"${database_name} grant connection permission to ${read_database_username}\":\n privilege => 'CONNECT',\n db => $database_name,\n role => $read_database_username,\n }\n\n -> puppetdb::database::default_read_grant {\n \"${database_name} grant read permission on new objects from ${database_owner} to ${read_database_username}\":\n database_username => $database_owner,\n database_read_only_username => $read_database_username,\n database_name => $database_name,\n schema => 'public',\n }\n\n -> puppetdb::database::read_grant {\n \"${database_name} grant read-only permission on existing objects to ${read_database_username}\":\n database_read_only_username => $read_database_username,\n database_name => $database_name,\n schema => 'public',\n }\n}"}, {"name": "syncthing::device", "file": "manifests/device.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "home_path"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "id"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "instance_name"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ensure"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "device_name"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "compression"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "introducer"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "address"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "options"}]}, "defaults": {"ensure": "'present'", "device_name": "$name", "compression": "$::syncthing::device_compression", "introducer": "$::syncthing::device_introducer", "address": "'dynamic'", "options": "$::syncthing::device_options"}, "source": "define syncthing::device\n(\n $home_path,\n $id,\n $instance_name,\n\n $ensure = 'present',\n\n $device_name = $name,\n $compression = $::syncthing::device_compression,\n $introducer = $::syncthing::device_introducer,\n $address = 'dynamic',\n\n $options = $::syncthing::device_options,\n)\n{\n if ! defined(Class['syncthing']) {\n fail('You must include the syncthing base class before using any syncthing defined resources')\n }\n\n $instance_config_xml_path = \"${home_path}/config.xml\"\n\n if $ensure == 'present' {\n $changes = parseyaml( template('syncthing/config_device-changes.yaml.erb') )\n } else {\n $changes = \"rm device[#attribute/id='${id}']\"\n }\n\n augeas { \"configure instance ${home_path} device ${id}\":\n incl => $instance_config_xml_path,\n lens => 'Xml.lns',\n context => \"/files${instance_config_xml_path}/configuration\",\n changes => $changes,\n\n notify => [\n# Service[\"syncthing ${instance_name}\"],\n Exec[\"restart syncthing instance ${instance_name}\"],\n ],\n\n require => [\n Exec[\"create syncthing instance ${home_path}\"],\n ],\n }\n}"}, {"name": "syncthing::folder", "file": "manifests/folder.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "home_path"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "instance_name"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "path"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "label"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ensure"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "id"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "type"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "rescan_interval_s"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ignore_perms"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "auto_normalize"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "options"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "devices"}]}, "defaults": {"label": "$name", "ensure": "'present'", "id": "$name", "type": "'readwrite'", "rescan_interval_s": "'60'", "ignore_perms": "false", "auto_normalize": "false", "options": "{}", "devices": "{}"}, "source": "define syncthing::folder\n(\n # Path to the config.xml file that should be edited. This serves\n # to identify the instance.\n $home_path,\n $instance_name,\n # Path to the folder\n $path,\n $label = $name,\n\n $ensure = 'present',\n\n $id = $name,\n\n $type = 'readwrite',\n $rescan_interval_s = '60',\n $ignore_perms = false,\n $auto_normalize = false,\n\n $options = {},\n\n # This is a hash containing pairs such as 'id' => 'absent/present'\n $devices = {},\n)\n{\n if ! defined(Class['syncthing']) {\n fail('You must include the syncthing base class before using any syncthing defined resources')\n }\n\n $instance_config_xml_path = \"${home_path}/config.xml\"\n\n if $ensure == 'present' {\n $changes = parseyaml( template('syncthing/config_folder-changes.yaml.erb') )\n } else {\n $changes = \"rm folder[#attribute/id='${id}']\"\n }\n\n augeas { \"configure instance ${home_path} folder ${id}\":\n incl => $instance_config_xml_path,\n lens => 'Xml.lns',\n context => \"/files${instance_config_xml_path}/configuration\",\n changes => $changes,\n\n notify => [\n # Service[\"syncthing ${instance_name}\"],\n Exec[\"restart syncthing instance ${instance_name}\"],\n ],\n\n require => [\n Exec[\"create syncthing instance ${home_path}\"],\n ],\n }\n}"}, {"name": "syncthing::folder_device", "file": "manifests/folder_device.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "home_path"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "instance_name"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "folder_id"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "device_id"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ensure"}]}, "defaults": {"ensure": "'present'"}, "source": "define syncthing::folder_device\n(\n $home_path,\n $instance_name,\n\n $folder_id,\n $device_id,\n\n $ensure = 'present',\n)\n{\n if ! defined(Class['syncthing']) {\n fail('You must include the syncthing base class before using any syncthing defined resources')\n }\n\n $instance_config_xml_path = \"${home_path}/config.xml\"\n\n if $ensure == 'present' {\n $changes = \"set folder[#attribute/id='${folder_id}']/device[#attribute/id='${device_id}']/#attribute/id ${device_id}\"\n } else {\n $changes = \"rm folder[#attribute/id='${folder_id}']/device[#attribute/id='${device_id}']\"\n }\n\n augeas { \"configure instance ${home_path} folder ${folder_id} device ${device_id}\":\n incl => $instance_config_xml_path,\n lens => 'Xml.lns',\n context => \"/files${instance_config_xml_path}/configuration\",\n changes => $changes,\n\n notify => [\n# Service[\"syncthing ${instance_name}\"],\n Exec[\"restart syncthing instance ${instance_name}\"],\n ],\n\n require => [\n Exec[\"create syncthing instance ${home_path}\"],\n ],\n }\n}"}, {"name": "syncthing::install_binary", "file": "manifests/install_binary.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "path"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "version"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "user"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "group"}]}, "source": "define syncthing::install_binary\n(\n $path,\n $version,\n $user,\n $group,\n) {\n $kernel = downcase($::kernel) ? {\n 'linux' => 'linux',\n default => 'linux',\n }\n # $facts['os']['architecture']\n $architecture = downcase($::architecture) ? {\n 'amd64' => 'amd64',\n 'x86_64' => 'amd64',\n 'x86' => '386',\n '386' => '386',\n 'i386' => '386',\n default => '386',\n }\n\n $download_url = strip(template('syncthing/download_url.erb'))\n $basename = regsubst(inline_template('<%- require \"uri\" -%><%= File.basename(URI.parse(@download_url).path) %>'), '(-v\\d+\\.\\d+\\.\\d+)[\\w\\.]+$', '\\1', '')\n\n# notify { \"${path}_${download_url}\": message => length($download_url)}\n\n exec { \"create binary folder for ${name}\":\n command => \"mkdir -p \\\"${path}\\\"\",\n path => $::path,\n user => $user,\n creates => $path,\n }\n\n -> file { $path:\n ensure => directory,\n owner => $user,\n group => $group,\n mode => '0770',\n }\n\n if length($download_url) > 0 {\n exec { \"download and unpack syncthing for ${name}\":\n cwd => $path,\n path => $::path,\n user => $user,\n command => \"wget -O - ${download_url} | tar xzf - --strip-components=1\",\n creates => \"${path}/syncthing\",\n require => [\n File[$path],\n ],\n }\n } else {\n notify { \"No download URL returned for syncthing binary for path ${path}. Perhaps the requested version is too old or there was an issue with the request to Github.\": }\n }\n}"}, {"name": "syncthing::instance", "file": "manifests/instance.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "home_path"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ensure"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "binary"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "binary_path"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "binary_version"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "create_home_path"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "daemon_uid"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "daemon_gid"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "daemon_umask"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "daemon_nice"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "daemon_debug"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "gui"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "gui_tls"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "gui_address"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "gui_port"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "gui_apikey"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "gui_user"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "gui_password"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "gui_password_salt"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "gui_options"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "options"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "devices"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "folders"}]}, "defaults": {"ensure": "'present'", "binary": "false", "binary_path": "false", "binary_version": "'latest'", "create_home_path": "$::syncthing::create_home_path", "daemon_uid": "$::syncthing::daemon_uid", "daemon_gid": "$::syncthing::daemon_gid", "daemon_umask": "$::syncthing::daemon_umask", "daemon_nice": "$::syncthing::daemon_nice", "daemon_debug": "$::syncthing::daemon_debug", "gui": "$::syncthing::gui", "gui_tls": "$::syncthing::gui_tls", "gui_address": "$::syncthing::gui_address", "gui_port": "$::syncthing::gui_port", "gui_apikey": "$::syncthing::gui_apikey", "gui_user": "$::syncthing::gui_user", "gui_password": "$::syncthing::gui_password", "gui_password_salt": "$::syncthing::gui_password_salt", "gui_options": "$::syncthing::gui_options", "options": "$::syncthing::instance_options", "devices": "{}", "folders": "{}"}, "source": "define syncthing::instance\n(\n $home_path,\n\n $ensure = 'present',\n\n # Download and use a separate syncthing binary instead of the package binary\n $binary = false,\n # Path to the binary\n $binary_path = false,\n # Version to download. Since syncthing automatically upgrades itself, no\n # binary will be downloaded if it already exists; only initially. This instance\n # will then rely on auto-upgrading or user-upgrading.\n $binary_version = 'latest',\n\n $create_home_path = $::syncthing::create_home_path,\n\n $daemon_uid = $::syncthing::daemon_uid,\n $daemon_gid = $::syncthing::daemon_gid,\n $daemon_umask = $::syncthing::daemon_umask,\n $daemon_nice = $::syncthing::daemon_nice,\n $daemon_debug = $::syncthing::daemon_debug,\n\n $gui = $::syncthing::gui,\n $gui_tls = $::syncthing::gui_tls,\n $gui_address = $::syncthing::gui_address,\n $gui_port = $::syncthing::gui_port,\n $gui_apikey = $::syncthing::gui_apikey,\n $gui_user = $::syncthing::gui_user,\n $gui_password = $::syncthing::gui_password,\n $gui_password_salt = $::syncthing::gui_password_salt,\n $gui_options = $::syncthing::gui_options,\n\n $options = $::syncthing::instance_options,\n\n $devices = {},\n $folders = {},\n)\n{\n if ! defined(Class['syncthing']) {\n fail('You must include the syncthing base class before using any syncthing defined resources')\n }\n\n validate_bool($gui)\n validate_hash($gui_options)\n validate_hash($options)\n\n if $gui_password_salt {\n validate_string($gui_password_salt)\n }\n\n# if $gui_password and !$gui_password_salt {\n# fail(\"When specifying a GUI password, a salt must be supplied (or else your instance will restart on every puppet run.\")\n# }\n\n $instance_config_path = \"${syncthing::instancespath}/${name}.conf\"\n $instance_config_xml_path = \"${home_path}/config.xml\"\n\n if $ensure == 'present' {\n if $binary {\n ::syncthing::install_binary { \"syncthing instance ${name} binary\":\n path => $binary_path,\n version => $binary_version,\n user => $daemon_uid,\n group => $daemon_gid,\n }\n\n $daemon = \"${binary_path}/syncthing\"\n\n if $create_home_path {\n ::Syncthing::Install_binary[\"syncthing instance ${name} binary\"] -> Exec[\"create syncthing instance ${home_path}\"]\n }\n\n ::syncthing::instance_service { $name:\n daemon => $daemon,\n home_path => $home_path,\n configpath => $instance_config_path,\n daemon_uid => $daemon_uid,\n daemon_gid => $daemon_gid,\n daemon_umask => $daemon_umask,\n daemon_nice => $daemon_nice,\n daemon_debug => $daemon_debug,\n tag => [\n 'syncthing_binary_instance_service',\n ],\n }\n } else {\n $daemon = $::syncthing::binpath\n\n if $create_home_path {\n Class['::syncthing::install_package'] -> Exec[\"create syncthing instance ${home_path}\"]\n }\n\n ::syncthing::instance_service { $name:\n daemon => $daemon,\n home_path => $home_path,\n configpath => $instance_config_path,\n daemon_uid => $daemon_uid,\n daemon_gid => $daemon_gid,\n daemon_umask => $daemon_umask,\n daemon_nice => $daemon_nice,\n daemon_debug => $daemon_debug,\n tag => [\n 'syncthing_binary_instance_service',\n ],\n }\n }\n\n if $create_home_path {\n exec { \"create syncthing instance ${name} home path\":\n command => \"sudo -u ${daemon_uid} mkdir -p \\\"${home_path}\\\"\",\n path => $::path,\n creates => $home_path,\n provider => shell,\n\n before => [\n Exec[\"create syncthing instance ${home_path}\"],\n ::Syncthing::Instance_service[$name],\n ]\n }\n\n exec { \"create syncthing instance ${home_path}\":\n path => $::path,\n command => \"${syncthing::binpath} -generate \\\"${home_path}\\\"\",\n environment => [ 'STNODEFAULTFOLDER=1', 'HOME=$HOME' ],\n user => $daemon_uid,\n group => $daemon_gid,\n creates => $instance_config_xml_path,\n provider => shell,\n\n before => [\n Exec[\"start syncthing instance ${name}\"],\n ],\n notify => [\n Exec[\"restart syncthing instance ${name}\"],\n ],\n }\n }\n\n if $gui_password_salt {\n $gui_password_hashed = syncthing_bcrypt($gui_password, $gui_password_salt)\n } else {\n $gui_password_hashed = undef\n }\n\n $changes = parseyaml( template('syncthing/config-changes.yaml.erb') )\n #notify { 'debug': message => $changes }\n\n augeas { \"syncthing ${name} basic config\":\n incl => $instance_config_xml_path,\n lens => 'Xml.lns',\n context => \"/files${instance_config_xml_path}/configuration\",\n changes => $changes,\n require => [\n Exec[\"create syncthing instance ${home_path}\"],\n ],\n before => [\n Exec[\"start syncthing instance ${name}\"],\n ],\n notify => [\n Exec[\"restart syncthing instance ${name}\"],\n ],\n }\n\n if (has_key($options, 'globalAnnounceServer')) {\n $changes_announce_server = parseyaml( template('syncthing/config_announce_server-changes.yaml.erb') )\n augeas {\"add custom globalAnnounceServer for instance ${name}\":\n incl => $instance_config_xml_path,\n lens => 'Xml.lns',\n context => \"/files${instance_config_xml_path}/configuration\",\n changes => $changes_announce_server,\n notify => Exec[\"restart syncthing instance ${name}\"],\n require => Augeas[\"syncthing ${name} basic config\"],\n onlyif => 'match options/globalAnnounceServer size == 1',\n before => [\n Exec[\"start syncthing instance ${name}\"],\n ],\n }\n }\n\n each($devices) |$device_name, $device_parameters| {\n create_resources(::syncthing::device, { \"instance ${name} device ${device_name}\" => $device_parameters }, {\n home_path => $home_path,\n instance_name => $name,\n device_name => $device_name,\n\n before => [\n Exec[\"start syncthing instance ${name}\"],\n ],\n require => [\n Augeas[\"syncthing ${name} basic config\"],\n ],\n })\n }\n\n each($folders) |$folder_name, $folder_parameters| {\n create_resources(::syncthing::folder, { \"instance ${name} folder ${folder_name}\" => $folder_parameters }, {\n home_path => $home_path,\n instance_name => $name,\n id => $folder_name,\n label => $folder_name,\n\n before => [\n Exec[\"start syncthing instance ${name}\"],\n ],\n require => [\n Augeas[\"syncthing ${name} basic config\"],\n ],\n })\n }\n } else {\n ::syncthing::instance_service { $name:\n ensure => absent,\n daemon_uid => $daemon_uid,\n tag => [\n 'syncthing_binary_instance_service',\n ],\n }\n }\n}"}, {"name": "syncthing::instance_service", "file": "manifests/instance_service.pp", "line": 1, "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "ensure"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "instance_name"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "daemon"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "daemon_uid"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "home_path"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "configpath"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "daemon_gid"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "daemon_umask"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "daemon_debug"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "daemon_nice"}]}, "defaults": {"ensure": "'present'", "instance_name": "$name", "daemon": "undef", "daemon_uid": "undef", "home_path": "undef", "configpath": "undef", "daemon_gid": "undef", "daemon_umask": "undef", "daemon_debug": "undef", "daemon_nice": "undef"}, "source": "define syncthing::instance_service\n(\n $ensure = 'present',\n $instance_name = $name,\n $daemon = undef,\n $daemon_uid = undef,\n $home_path = undef,\n\n # These are only relevant for initd services\n $configpath = undef,\n $daemon_gid = undef,\n $daemon_umask = undef,\n $daemon_debug = undef,\n $daemon_nice = undef,\n) {\n if ! defined(Class['syncthing']) {\n fail('You must include the syncthing base class before using any syncthing defined resources')\n }\n\n if ($::syncthing::service_type == 'initd') {\n if ($ensure == 'present') {\n file { $configpath:\n content => template('syncthing/instance.conf.erb'),\n owner => $daemon_uid,\n group => $daemon_gid,\n mode => '0600',\n\n before => [\n Exec[\"start syncthing instance ${name}\"],\n ],\n notify => [\n Exec[\"restart syncthing instance ${name}\"],\n ],\n }\n\n exec { \"restart syncthing instance ${instance_name}\":\n command => \"/usr/sbin/service syncthing restart \\\"${instance_name}\\\"\",\n provider => shell,\n refreshonly => true,\n before => [\n Exec[\"start syncthing instance ${name}\"],\n ],\n tag => [\n 'syncthing_instance_service_restart',\n ],\n }\n\n exec { \"start syncthing instance ${instance_name}\":\n command => \"/usr/sbin/service syncthing start \\\"${instance_name}\\\"\",\n provider => shell,\n unless => \"/usr/sbin/service syncthing status \\\"${instance_name}\\\"\",\n # Ensure service is always started\n # refreshonly => true,\n tag => [\n 'syncthing_instance_service_start',\n ],\n }\n\n exec { \"stop syncthing instance ${instance_name}\":\n command => \"/usr/sbin/service syncthing stop \\\"${instance_name}\\\"\",\n provider => shell,\n refreshonly => true,\n tag => [\n 'syncthing_instance_service_stop',\n ],\n }\n } elsif ($ensure == 'absent') {\n file { $configpath:\n ensure => absent,\n }\n\n -> exec { \"stop syncthing instance ${instance_name}\":\n command => \"/usr/sbin/service syncthing stop \\\"${instance_name}\\\"\",\n provider => shell,\n }\n }\n }\n\n if ($::syncthing::service_type == 'systemd') {\n if ($ensure == 'present') {\n file { \"/etc/systemd/system/syncthing@${daemon_uid}.service\":\n content => template('syncthing/systemd.service.erb'),\n owner => 'root',\n group => 'root',\n mode => '0644',\n notify => [\n Exec[\"reload systemd daemons after instance ${instance_name} modifications\"],\n ],\n }\n\n exec { \"enable systemd service for ${instance_name}\":\n command => \"/bin/systemctl enable syncthing@${daemon_uid}\",\n provider => shell,\n unless => \"/bin/systemctl is-enabled syncthing@${daemon_uid}\",\n require => [\n File[\"/etc/systemd/system/syncthing@${daemon_uid}.service\"],\n ],\n notify => [\n Exec[\"reload systemd daemons after instance ${instance_name} modifications\"],\n ],\n }\n\n exec { \"reload systemd daemons after instance ${instance_name} modifications\":\n command => '/bin/systemctl daemon-reload',\n provider => shell,\n refreshonly => true,\n notify => [\n Exec[\"restart syncthing instance ${instance_name}\"],\n ],\n }\n\n exec { \"restart syncthing instance ${instance_name}\":\n command => \"/usr/sbin/service syncthing@${daemon_uid} restart\",\n provider => shell,\n refreshonly => true,\n before => [\n Exec[\"start syncthing instance ${name}\"],\n ],\n tag => [\n 'syncthing_instance_service_restart',\n ],\n require => [\n File[\"/etc/systemd/system/syncthing@${daemon_uid}.service\"],\n Exec[\"reload systemd daemons after instance ${instance_name} modifications\"],\n ],\n }\n\n exec { \"start syncthing instance ${instance_name}\":\n command => \"/usr/sbin/service syncthing@${daemon_uid} start\",\n provider => shell,\n unless => \"/bin/systemctl is-active syncthing@${daemon_uid}\",\n # Ensure service is always starting\n # refreshonly => true,\n tag => [\n 'syncthing_instance_service_start',\n ],\n require => [\n File[\"/etc/systemd/system/syncthing@${daemon_uid}.service\"],\n Exec[\"reload systemd daemons after instance ${instance_name} modifications\"],\n ],\n }\n\n exec { \"stop syncthing instance ${instance_name}\":\n command => \"/usr/sbin/service syncthing@${daemon_uid} stop\",\n provider => shell,\n refreshonly => true,\n tag => [\n 'syncthing_instance_service_stop',\n ],\n require => [\n File[\"/etc/systemd/system/syncthing@${daemon_uid}.service\"],\n Exec[\"reload systemd daemons after instance ${instance_name} modifications\"],\n ],\n }\n } elsif ($ensure == 'absent') {\n exec { \"stop syncthing instance ${instance_name}\":\n command => \"/usr/sbin/service syncthing stop syncthing@${daemon_uid}\",\n provider => shell,\n }\n\n -> exec { \"enable systemd service for ${instance_name}\":\n command => \"/bin/systemctl disable syncthing@${daemon_uid}\",\n provider => shell,\n }\n\n -> file { \"/etc/systemd/system/syncthing@${daemon_uid}.service\":\n ensure => 'absent',\n }\n }\n } else {\n exec { \"disable systemd service for ${instance_name}\":\n command => \"/bin/systemctl disable syncthing@${daemon_uid}\",\n provider => shell,\n onlyif => \"[ -e /bin/systemctl ] && /bin/systemctl is-enabled syncthing@${daemon_uid}\",\n before => [\n File[\"/etc/systemd/system/syncthing@${daemon_uid}.service\"],\n ],\n }\n\n file { \"/etc/systemd/system/syncthing@${daemon_uid}.service\":\n ensure => absent,\n require => [\n Exec[\"disable systemd service for ${instance_name}\"],\n ],\n }\n }\n\n# service { \"syncthing ${instance_name}\":\n# name => 'syncthing',\n# ensure => running,\n# enable => true,\n# start => \"service syncthing start ${instance_name}\",\n# stop => \"service syncthing stop ${instance_name}\",\n# restart => \"service syncthing restart ${instance_name}\",\n# status => \"service syncthing status ${instance_name}\",\n# \n# require => [\n# File['/etc/init.d/syncthing'],\n# ],\n# }\n}"}, {"name": "dhcp::dhcp_class", "file": "manifests/dhcp_class.pp", "line": 3, "docstring": {"text": "== Define: dhcp::dhcp_class", "tags": [{"tag_name": "param", "text": "", "types": ["Variant[Array[String[1]], String[1]]"], "name": "parameters"}]}, "source": "define dhcp::dhcp_class (\n Variant[Array[String[1]], String[1]] $parameters,\n) {\n include dhcp::params\n\n $dhcp_dir = $dhcp::params::dhcp_dir\n\n concat::fragment { \"dhcp_class_${name}\":\n target => \"${dhcp_dir}/dhcpd.hosts\",\n content => template('dhcp/dhcpd.class.erb'),\n order => '50',\n }\n}"}, {"name": "dhcp::host", "file": "manifests/host.pp", "line": 3, "docstring": {"text": "== Define: dhcp::host", "tags": [{"tag_name": "param", "text": "", "types": ["Optional[Stdlib::IP::Address]"], "name": "ip"}, {"tag_name": "param", "text": "", "types": ["Dhcp::Mac"], "name": "mac"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "ddns_hostname"}, {"tag_name": "param", "text": "", "types": ["Hash"], "name": "options"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "comment"}, {"tag_name": "param", "text": "", "types": ["Boolean"], "name": "ignored"}, {"tag_name": "param", "text": "", "types": ["Optional[Integer]"], "name": "default_lease_time"}, {"tag_name": "param", "text": "", "types": ["Optional[Integer]"], "name": "max_lease_time"}, {"tag_name": "param", "text": "", "types": ["Array[String[1]]"], "name": "on_commit"}, {"tag_name": "param", "text": "", "types": ["Array[String[1]]"], "name": "on_release"}, {"tag_name": "param", "text": "", "types": ["Array[String[1]]"], "name": "on_expiry"}]}, "defaults": {"ip": "undef", "ddns_hostname": "$name", "options": "{}", "comment": "''", "ignored": "false", "default_lease_time": "undef", "max_lease_time": "undef", "on_commit": "[]", "on_release": "[]", "on_expiry": "[]"}, "source": "define dhcp::host (\n Optional[Stdlib::IP::Address] $ip = undef,\n Dhcp::Mac $mac,\n String $ddns_hostname = $name,\n Hash $options = {},\n String $comment = '',\n Boolean $ignored = false,\n Optional[Integer] $default_lease_time = undef,\n Optional[Integer] $max_lease_time = undef,\n Array[String[1]] $on_commit = [],\n Array[String[1]] $on_release = [],\n Array[String[1]] $on_expiry = [],\n) {\n $host = $name\n\n include dhcp::params\n\n $dhcp_dir = $dhcp::params::dhcp_dir\n\n concat::fragment { \"dhcp_host_${name}\":\n target => \"${dhcp_dir}/dhcpd.hosts\",\n content => template('dhcp/dhcpd.host.erb'),\n order => '10',\n }\n}"}, {"name": "dhcp::ignoredsubnet", "file": "manifests/ignoredsubnet.pp", "line": 3, "docstring": {"text": "== Define: dhcp::ignoredsubnet", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "network"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "mask"}]}, "source": "define dhcp::ignoredsubnet (\n $network,\n $mask,\n) {\n include dhcp::params\n\n $dhcp_dir = $dhcp::params::dhcp_dir\n\n concat::fragment { \"dhcp_ignoredsubnet_${name}\":\n target => \"${dhcp_dir}/dhcpd.ignoredsubnets\",\n content => template('dhcp/dhcpd.ignoredsubnet.erb'),\n }\n}"}, {"name": "dhcp::pool", "file": "manifests/pool.pp", "line": 3, "docstring": {"text": "== Define: dhcp::pool", "tags": [{"tag_name": "param", "text": "", "types": ["Stdlib::IP::Address::V4"], "name": "network"}, {"tag_name": "param", "text": "", "types": ["Stdlib::IP::Address::V4"], "name": "mask"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "gateway"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "range"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "failover"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "options"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "parameters"}, {"tag_name": "param", "text": "", "types": ["Optional[Array[String]]"], "name": "nameservers"}, {"tag_name": "param", "text": "", "types": ["Optional[Array[String]]"], "name": "nameservers_ipv6"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "pxeserver"}, {"tag_name": "param", "text": "", "types": ["Optional[Integer]"], "name": "mtu"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "domain_name"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ignore_unknown"}]}, "defaults": {"gateway": "''", "range": "''", "failover": "''", "options": "''", "parameters": "''", "nameservers": "undef", "nameservers_ipv6": "undef", "pxeserver": "undef", "mtu": "undef", "domain_name": "''", "ignore_unknown": "undef"}, "source": "define dhcp::pool (\n Stdlib::IP::Address::V4 $network,\n Stdlib::IP::Address::V4 $mask,\n $gateway = '',\n $range = '',\n $failover = '',\n $options = '',\n $parameters = '',\n Optional[Array[String]] $nameservers = undef,\n Optional[Array[String]] $nameservers_ipv6 = undef,\n Optional[String] $pxeserver = undef,\n Optional[Integer] $mtu = undef,\n String $domain_name = '',\n $ignore_unknown = undef,\n) {\n include dhcp::params\n\n $dhcp_dir = $dhcp::params::dhcp_dir\n\n concat::fragment { \"dhcp_pool_${name}\":\n target => \"${dhcp_dir}/dhcpd.pools\",\n content => template('dhcp/dhcpd.pool.erb'),\n }\n}"}, {"name": "dhcp::pool6", "file": "manifests/pool6.pp", "line": 3, "docstring": {"text": "== Define: dhcp::pool6", "tags": [{"tag_name": "param", "text": "", "types": ["Stdlib::IP::Address::V6"], "name": "network"}, {"tag_name": "param", "text": "", "types": ["Integer"], "name": "prefix"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "range"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "range_temp"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "failover"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "options"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "parameters"}, {"tag_name": "param", "text": "", "types": ["Optional[Array[String]]"], "name": "nameservers"}, {"tag_name": "param", "text": "", "types": ["Optional[Array[String]]"], "name": "nameservers_ipv6"}, {"tag_name": "param", "text": "", "types": ["Optional[String]"], "name": "pxeserver"}, {"tag_name": "param", "text": "", "types": ["Optional[Integer]"], "name": "mtu"}, {"tag_name": "param", "text": "", "types": ["String"], "name": "domain_name"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "ignore_unknown"}]}, "defaults": {"range": "''", "range_temp": "''", "failover": "''", "options": "''", "parameters": "''", "nameservers": "undef", "nameservers_ipv6": "undef", "pxeserver": "undef", "mtu": "undef", "domain_name": "''", "ignore_unknown": "undef"}, "source": "define dhcp::pool6 (\n Stdlib::IP::Address::V6 $network,\n Integer $prefix,\n String $range = '',\n String $range_temp = '',\n String $failover = '',\n String $options = '',\n String $parameters = '',\n Optional[Array[String]] $nameservers = undef,\n Optional[Array[String]] $nameservers_ipv6 = undef,\n Optional[String] $pxeserver = undef,\n Optional[Integer] $mtu = undef,\n String $domain_name = '',\n $ignore_unknown = undef,\n) {\n include dhcp::params\n\n $dhcp_dir = $dhcp::params::dhcp_dir\n\n concat::fragment { \"dhcp_pool_${name}\":\n target => \"${dhcp_dir}/dhcpd.pools\",\n content => template('dhcp/dhcpd.pool6.erb'),\n }\n}"}, {"name": "git::repo", "file": "manifests/repo.pp", "line": 41, "docstring": {"text": "Check out a git repository", "tags": [{"tag_name": "example", "text": "git::repo {'mygit':\n target => '/home/user/puppet-git',\n source => 'https://github.com/theforeman/puppet-git.git',\n user => 'user',\n}", "name": "Clone a git repository"}, {"tag_name": "param", "text": "Target folder", "types": ["String"], "name": "target"}, {"tag_name": "param", "text": "Create a bare repository", "types": ["Boolean"], "name": "bare"}, {"tag_name": "param", "text": "Source to clone from. If not specified, no remote will be used.", "types": ["Optional[Variant[String, Sensitive[String]]]"], "name": "source"}, {"tag_name": "param", "text": "Owner of the repository", "types": ["String"], "name": "user"}, {"tag_name": "param", "text": "Group of the repository", "types": ["String"], "name": "group"}, {"tag_name": "param", "text": "Mode of the repository root", "types": ["String"], "name": "mode"}, {"tag_name": "param", "text": "The working directory while executing git", "types": ["Stdlib::Absolutepath"], "name": "workdir"}, {"tag_name": "param", "text": "Optional arguments to the git command", "types": ["Optional[String]"], "name": "args"}, {"tag_name": "param", "text": "Optional Timeout in Seconds for the Git-Command to execute.\nPuppet's \"exec\" defaults to 300 Seconds", "types": ["Optional[Integer]"], "name": "timeout"}, {"tag_name": "param", "text": "Git binary", "types": ["String"], "name": "bin"}]}, "defaults": {"bare": "false", "source": "undef", "user": "'root'", "group": "'root'", "mode": "'0755'", "workdir": "'/tmp'", "args": "undef", "timeout": "undef", "bin": "$git::bin"}, "source": "define git::repo (\n String $target,\n Boolean $bare = false,\n Optional[Variant[String, Sensitive[String]]] $source = undef,\n String $user = 'root',\n String $group = 'root',\n String $mode = '0755',\n Stdlib::Absolutepath $workdir = '/tmp',\n Optional[String] $args = undef,\n Optional[Integer] $timeout = undef,\n String $bin = $git::bin,\n) {\n require git\n\n $args_real = $bare ? {\n true => \"${args} --bare\",\n false => $args,\n }\n\n if $source =~ Sensitive {\n $cmd = Sensitive.new(\"${bin} clone ${args_real} --recursive ${source.unwrap} ${target}\")\n } elsif $source {\n $cmd = \"${bin} clone ${args_real} --recursive ${source} ${target}\"\n } else {\n $cmd = \"${bin} init ${args_real} ${target}\"\n }\n\n $creates = $bare ? {\n true => \"${target}/objects\",\n false => \"${target}/.git\",\n }\n\n file { $target:\n ensure => directory,\n owner => $user,\n group => $group,\n mode => $mode,\n }\n -> exec { \"git_repo_for_${name}\":\n command => $cmd,\n creates => $creates,\n cwd => $workdir,\n timeout => $timeout,\n user => $user,\n }\n}"}, {"name": "sysctl", "file": "manifests/init.pp", "line": 17, "docstring": {"text": "Define: sysctl\n\nManage sysctl variable values.\n\nParameters:\n $value:\n The value for the sysctl parameter. Mandatory, unless $ensure is 'absent'.\n $prefix:\n Optional prefix for the sysctl.d file to be created. Default: none.\n $ensure:\n Whether the variable's value should be 'present' or 'absent'.\n Defaults to 'present'.\n\nSample Usage :\n sysctl { 'net.ipv6.bindv6only': value => '1' }", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "ensure"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "value"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "prefix"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "suffix"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "comment"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "content"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "source"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "enforce"}]}, "defaults": {"ensure": "undef", "value": "undef", "prefix": "undef", "suffix": "'.conf'", "comment": "undef", "content": "undef", "source": "undef", "enforce": "true"}, "source": "define sysctl (\n $ensure = undef,\n $value = undef,\n $prefix = undef,\n $suffix = '.conf',\n $comment = undef,\n $content = undef,\n $source = undef,\n $enforce = true,\n) {\n\n include '::sysctl::base'\n\n # If we have a prefix, then add the dash to it\n if $prefix {\n $_sysctl_d_file = \"${prefix}-${title}${suffix}\"\n } else {\n $_sysctl_d_file = \"${title}${suffix}\"\n }\n\n # Some sysctl keys contain a slash, which is not valid in a filename.\n # Most common at those on VLANs: net.ipv4.conf.eth0/1.arp_accept = 0\n $sysctl_d_file = regsubst($_sysctl_d_file, '[/ ]', '_', 'G')\n\n # If we have an explicit content or source, use them\n if $content or $source {\n $file_content = $content\n $file_source = $source\n } else {\n $file_content = template(\"${module_name}/sysctl.d-file.erb\")\n $file_source = undef\n }\n\n if $ensure != 'absent' {\n\n # Present\n\n # The permanent change\n file { \"/etc/sysctl.d/${sysctl_d_file}\":\n ensure => $ensure,\n owner => 'root',\n group => 'root',\n mode => '0644',\n content => $file_content,\n source => $file_source,\n notify => [\n Exec[\"sysctl-${title}\"],\n Exec[\"update-sysctl.conf-${title}\"],\n ],\n }\n\n # The immediate change + re-check on each run \"just in case\"\n exec { \"sysctl-${title}\":\n command => \"sysctl -p /etc/sysctl.d/${sysctl_d_file}\",\n path => [ '/usr/sbin', '/sbin', '/usr/bin', '/bin' ],\n refreshonly => true,\n require => File[\"/etc/sysctl.d/${sysctl_d_file}\"],\n }\n\n # For the few original values from the main file\n exec { \"update-sysctl.conf-${title}\":\n command => \"sed -i -e 's#^${title} *=.*#${title} = ${value}#' /etc/sysctl.conf\",\n path => [ '/usr/sbin', '/sbin', '/usr/bin', '/bin' ],\n refreshonly => true,\n onlyif => \"grep -E '^${title} *=' /etc/sysctl.conf\",\n }\n\n # Enforce configured value during each run (can't work with custom files)\n if $enforce and ! ( $content or $source ) {\n $qtitle = shellquote($title)\n # Value may contain '|' and others, we need to quote to be safe\n # Convert any numerical to expected string, 0 instead of '0' would fail\n # lint:ignore:only_variable_string Convert numerical to string\n $qvalue = shellquote(\"${value}\")\n # lint:endignore\n exec { \"enforce-sysctl-value-${qtitle}\":\n unless => \"/usr/bin/test \\\"$(/sbin/sysctl -n ${qtitle})\\\" = ${qvalue}\",\n command => \"/sbin/sysctl -w ${qtitle}=${qvalue}\",\n }\n }\n\n } else {\n\n # Absent\n # We cannot restore values, since defaults can not be known... reboot :-/\n\n file { \"/etc/sysctl.d/${sysctl_d_file}\":\n ensure => absent,\n }\n\n }\n\n}"}, {"name": "elasticsearch::index", "file": "manifests/index.pp", "line": 45, "docstring": {"text": "A defined type to control Elasticsearch index-level settings.", "tags": [{"tag_name": "author", "text": "Richard Pijnenburg <richard.pijnenburg@elasticsearch.com>"}, {"tag_name": "author", "text": "Tyler Langlois <tyler.langlois@elastic.co>"}, {"tag_name": "param", "text": "Controls whether the named pipeline should be present or absent in\nthe cluster.", "types": ["Enum['absent', 'present']"], "name": "ensure"}, {"tag_name": "param", "text": "HTTP basic auth password to use when communicating over the Elasticsearch\nAPI.", "types": ["Optional[String]"], "name": "api_basic_auth_password"}, {"tag_name": "param", "text": "HTTP basic auth username to use when communicating over the Elasticsearch\nAPI.", "types": ["Optional[String]"], "name": "api_basic_auth_username"}, {"tag_name": "param", "text": "Path to a CA file which will be used to validate server certs when\ncommunicating with the Elasticsearch API over HTTPS.", "types": ["Optional[Stdlib::Absolutepath]"], "name": "api_ca_file"}, {"tag_name": "param", "text": "Path to a directory with CA files which will be used to validate server\ncerts when communicating with the Elasticsearch API over HTTPS.", "types": ["Optional[Stdlib::Absolutepath]"], "name": "api_ca_path"}, {"tag_name": "param", "text": "Host name or IP address of the ES instance to connect to.", "types": ["String"], "name": "api_host"}, {"tag_name": "param", "text": "Port number of the ES instance to connect to", "types": ["Integer[0, 65535]"], "name": "api_port"}, {"tag_name": "param", "text": "Protocol that should be used to connect to the Elasticsearch API.", "types": ["Enum['http', 'https']"], "name": "api_protocol"}, {"tag_name": "param", "text": "Timeout period (in seconds) for the Elasticsearch API.", "types": ["Integer"], "name": "api_timeout"}, {"tag_name": "param", "text": "Index settings in hash form (typically nested).", "types": ["Hash"], "name": "settings"}, {"tag_name": "param", "text": "Determines whether the validity of SSL/TLS certificates received from the\nElasticsearch API should be verified or ignored.", "types": ["Boolean"], "name": "validate_tls"}]}, "defaults": {"ensure": "'present'", "api_basic_auth_password": "$elasticsearch::api_basic_auth_password", "api_basic_auth_username": "$elasticsearch::api_basic_auth_username", "api_ca_file": "$elasticsearch::api_ca_file", "api_ca_path": "$elasticsearch::api_ca_path", "api_host": "$elasticsearch::api_host", "api_port": "$elasticsearch::api_port", "api_protocol": "$elasticsearch::api_protocol", "api_timeout": "$elasticsearch::api_timeout", "settings": "{}", "validate_tls": "$elasticsearch::validate_tls"}, "source": "define elasticsearch::index (\n Enum['absent', 'present'] $ensure = 'present',\n Optional[String] $api_basic_auth_password = $elasticsearch::api_basic_auth_password,\n Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username,\n Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file,\n Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path,\n String $api_host = $elasticsearch::api_host,\n Integer[0, 65535] $api_port = $elasticsearch::api_port,\n Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol,\n Integer $api_timeout = $elasticsearch::api_timeout,\n Hash $settings = {},\n Boolean $validate_tls = $elasticsearch::validate_tls,\n) {\n es_instance_conn_validator { \"${name}-index-conn-validator\":\n server => $api_host,\n port => $api_port,\n timeout => $api_timeout,\n }\n -> elasticsearch_index { $name:\n ensure => $ensure,\n settings => $settings,\n protocol => $api_protocol,\n host => $api_host,\n port => $api_port,\n timeout => $api_timeout,\n username => $api_basic_auth_username,\n password => $api_basic_auth_password,\n ca_file => $api_ca_file,\n ca_path => $api_ca_path,\n validate_tls => $validate_tls,\n }\n}"}, {"name": "elasticsearch::pipeline", "file": "manifests/pipeline.pp", "line": 47, "docstring": {"text": "This define allows you to insert, update or delete Elasticsearch index\n ingestion pipelines.\n\n Pipeline content should be defined through the `content` parameter.", "tags": [{"tag_name": "author", "text": "Tyler Langlois <tyler.langlois@elastic.co>"}, {"tag_name": "param", "text": "Controls whether the named pipeline should be present or absent in\nthe cluster.", "types": ["Enum['absent', 'present']"], "name": "ensure"}, {"tag_name": "param", "text": "Contents of the pipeline in hash form.", "types": ["Hash"], "name": "content"}, {"tag_name": "param", "text": "HTTP basic auth password to use when communicating over the Elasticsearch\nAPI.", "types": ["Optional[String]"], "name": "api_basic_auth_password"}, {"tag_name": "param", "text": "HTTP basic auth username to use when communicating over the Elasticsearch\nAPI.", "types": ["Optional[String]"], "name": "api_basic_auth_username"}, {"tag_name": "param", "text": "Path to a CA file which will be used to validate server certs when\ncommunicating with the Elasticsearch API over HTTPS.", "types": ["Optional[Stdlib::Absolutepath]"], "name": "api_ca_file"}, {"tag_name": "param", "text": "Path to a directory with CA files which will be used to validate server\ncerts when communicating with the Elasticsearch API over HTTPS.", "types": ["Optional[Stdlib::Absolutepath]"], "name": "api_ca_path"}, {"tag_name": "param", "text": "Host name or IP address of the ES instance to connect to.", "types": ["String"], "name": "api_host"}, {"tag_name": "param", "text": "Port number of the ES instance to connect to", "types": ["Integer[0, 65535]"], "name": "api_port"}, {"tag_name": "param", "text": "Protocol that should be used to connect to the Elasticsearch API.", "types": ["Enum['http', 'https']"], "name": "api_protocol"}, {"tag_name": "param", "text": "Timeout period (in seconds) for the Elasticsearch API.", "types": ["Integer"], "name": "api_timeout"}, {"tag_name": "param", "text": "Determines whether the validity of SSL/TLS certificates received from the\nElasticsearch API should be verified or ignored.", "types": ["Boolean"], "name": "validate_tls"}]}, "defaults": {"ensure": "'present'", "api_basic_auth_password": "$elasticsearch::api_basic_auth_password", "api_basic_auth_username": "$elasticsearch::api_basic_auth_username", "api_ca_file": "$elasticsearch::api_ca_file", "api_ca_path": "$elasticsearch::api_ca_path", "api_host": "$elasticsearch::api_host", "api_port": "$elasticsearch::api_port", "api_protocol": "$elasticsearch::api_protocol", "api_timeout": "$elasticsearch::api_timeout", "content": "{}", "validate_tls": "$elasticsearch::validate_tls"}, "source": "define elasticsearch::pipeline (\n Enum['absent', 'present'] $ensure = 'present',\n Optional[String] $api_basic_auth_password = $elasticsearch::api_basic_auth_password,\n Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username,\n Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file,\n Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path,\n String $api_host = $elasticsearch::api_host,\n Integer[0, 65535] $api_port = $elasticsearch::api_port,\n Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol,\n Integer $api_timeout = $elasticsearch::api_timeout,\n Hash $content = {},\n Boolean $validate_tls = $elasticsearch::validate_tls,\n) {\n es_instance_conn_validator { \"${name}-ingest-pipeline\":\n server => $api_host,\n port => $api_port,\n timeout => $api_timeout,\n }\n -> elasticsearch_pipeline { $name:\n ensure => $ensure,\n content => $content,\n protocol => $api_protocol,\n host => $api_host,\n port => $api_port,\n timeout => $api_timeout,\n username => $api_basic_auth_username,\n password => $api_basic_auth_password,\n ca_file => $api_ca_file,\n ca_path => $api_ca_path,\n validate_tls => $validate_tls,\n }\n}"}, {"name": "elasticsearch::plugin", "file": "manifests/plugin.pp", "line": 58, "docstring": {"text": "This define allows you to install arbitrary Elasticsearch plugins\neither by using the default repositories or by specifying an URL", "tags": [{"tag_name": "author", "text": "Richard Pijnenburg <richard.pijnenburg@elasticsearch.com>"}, {"tag_name": "author", "text": "Matteo Sessa <matteo.sessa@catchoftheday.com.au>"}, {"tag_name": "author", "text": "Dennis Konert <dkonert@gmail.com>"}, {"tag_name": "author", "text": "Tyler Langlois <tyler.langlois@elastic.co>"}, {"tag_name": "author", "text": "Gavin Williams <gavin.williams@elastic.co>"}, {"tag_name": "example", "text": "elasticsearch::plugin {'mobz/elasticsearch-head': module_dir => 'head'}", "name": "install from official repository"}, {"tag_name": "example", "text": "elasticsearch::plugin { 'elasticsearch-jetty':\n module_dir => 'elasticsearch-jetty',\n url => 'https://oss-es-plugins.s3.amazonaws.com/elasticsearch-jetty/elasticsearch-jetty-0.90.0.zip',\n}", "name": "installation using a custom URL"}, {"tag_name": "param", "text": "Whether the plugin will be installed or removed.\nSet to 'absent' to ensure a plugin is not installed", "types": ["Enum['absent', 'present']"], "name": "ensure"}, {"tag_name": "param", "text": "Path to the elasticsearch configuration directory (ES_PATH_CONF)\nto which the plugin should be installed.", "types": ["Stdlib::Absolutepath"], "name": "configdir"}, {"tag_name": "param", "text": "Array of Java options to be passed to `ES_JAVA_OPTS`", "types": ["Array[String]"], "name": "java_opts"}, {"tag_name": "param", "text": "Path to JAVA_HOME, if Java is installed in a non-standard location.", "types": ["Optional[Stdlib::Absolutepath]"], "name": "java_home"}, {"tag_name": "param", "text": "Directory name where the module has been installed\nThis is automatically generated based on the module name\nSpecify a value here to override the auto generated value", "types": ["Optional[String]"], "name": "module_dir"}, {"tag_name": "param", "text": "Proxy host to use when installing the plugin", "types": ["Optional[String]"], "name": "proxy_host"}, {"tag_name": "param", "text": "Proxy auth password to use when installing the plugin", "types": ["Optional[String]"], "name": "proxy_password"}, {"tag_name": "param", "text": "Proxy port to use when installing the plugin", "types": ["Optional[Integer[0, 65535]]"], "name": "proxy_port"}, {"tag_name": "param", "text": "Proxy auth username to use when installing the plugin", "types": ["Optional[String]"], "name": "proxy_username"}, {"tag_name": "param", "text": "Specify the source of the plugin.\nThis will copy over the plugin to the node and use it for installation.\nUseful for offline installation", "types": ["Optional[String]"], "name": "source"}, {"tag_name": "param", "text": "Specify an URL where to download the plugin from.", "types": ["Optional[Stdlib::HTTPUrl]"], "name": "url"}]}, "defaults": {"ensure": "'present'", "configdir": "$elasticsearch::configdir", "java_opts": "[]", "java_home": "undef", "module_dir": "undef", "proxy_host": "undef", "proxy_password": "undef", "proxy_port": "undef", "proxy_username": "undef", "source": "undef", "url": "undef"}, "source": "define elasticsearch::plugin (\n Enum['absent', 'present'] $ensure = 'present',\n Stdlib::Absolutepath $configdir = $elasticsearch::configdir,\n Array[String] $java_opts = [],\n Optional[Stdlib::Absolutepath] $java_home = undef,\n Optional[String] $module_dir = undef,\n Optional[String] $proxy_host = undef,\n Optional[String] $proxy_password = undef,\n Optional[Integer[0, 65535]] $proxy_port = undef,\n Optional[String] $proxy_username = undef,\n Optional[String] $source = undef,\n Optional[Stdlib::HTTPUrl] $url = undef,\n) {\n include elasticsearch\n\n case $ensure {\n 'present': {\n $_file_ensure = 'directory'\n $_file_before = []\n }\n 'absent': {\n $_file_ensure = $ensure\n $_file_before = File[$elasticsearch::real_plugindir]\n }\n default: {\n }\n }\n\n # set proxy by override or parse and use proxy_url from\n # elasticsearch::proxy_url or use no proxy at all\n\n if ($proxy_host != undef and $proxy_port != undef) {\n if ($proxy_username != undef and $proxy_password != undef) {\n $_proxy_auth = \"${proxy_username}:${proxy_password}@\"\n } else {\n $_proxy_auth = undef\n }\n $_proxy = \"http://${_proxy_auth}${proxy_host}:${proxy_port}\"\n } elsif ($elasticsearch::proxy_url != undef) {\n $_proxy = $elasticsearch::proxy_url\n } else {\n $_proxy = undef\n }\n\n if ($source != undef) {\n $filename_array = split($source, '/')\n $basefilename = $filename_array[-1]\n\n $file_source = \"${elasticsearch::package_dir}/${basefilename}\"\n\n file { $file_source:\n ensure => 'file',\n source => $source,\n before => Elasticsearch_plugin[$name],\n }\n } else {\n $file_source = undef\n }\n\n $_module_dir = es_plugin_name($module_dir, $name)\n\n elasticsearch_plugin { $name:\n ensure => $ensure,\n configdir => $configdir,\n elasticsearch_package_name => 'elasticsearch',\n java_opts => $java_opts,\n java_home => $java_home,\n source => $file_source,\n url => $url,\n proxy => $_proxy,\n plugin_dir => $elasticsearch::real_plugindir,\n plugin_path => $module_dir,\n before => Service[$elasticsearch::service_name],\n }\n -> file { \"${elasticsearch::real_plugindir}/${_module_dir}\":\n ensure => $_file_ensure,\n mode => 'o+Xr',\n recurse => true,\n before => $_file_before,\n }\n\n if $elasticsearch::restart_plugin_change {\n Elasticsearch_plugin[$name] {\n notify +> Service[$elasticsearch::service_name],\n }\n }\n}"}, {"name": "elasticsearch::role", "file": "manifests/role.pp", "line": 30, "docstring": {"text": "Manage x-pack roles.", "tags": [{"tag_name": "author", "text": "Tyler Langlois <tyler.langlois@elastic.co>"}, {"tag_name": "author", "text": "Gavin Williams <gavin.williams@elastic.co>"}, {"tag_name": "example", "text": "elasticsearch::role { 'power_user':\n privileges => {\n 'cluster' => 'monitor',\n 'indices' => {\n '*' => 'all',\n },\n },\n mappings => [\n \"cn=users,dc=example,dc=com\",\n ],\n}", "name": "create and manage the role 'power_user' mapped to an LDAP group."}, {"tag_name": "param", "text": "Whether the role should be present or not.\nSet to 'absent' to ensure a role is not present.", "types": ["Enum['absent', 'present']"], "name": "ensure"}, {"tag_name": "param", "text": "A list of optional mappings defined for this role.", "types": ["Array"], "name": "mappings"}, {"tag_name": "param", "text": "A hash of permissions defined for the role. Valid privilege settings can\nbe found in the x-pack documentation.", "types": ["Hash"], "name": "privileges"}]}, "defaults": {"ensure": "'present'", "mappings": "[]", "privileges": "{}"}, "source": "define elasticsearch::role (\n Enum['absent', 'present'] $ensure = 'present',\n Array $mappings = [],\n Hash $privileges = {},\n) {\n #validate_slength($name, 40, 1)\n if ($name.length < 1 or $name.length > 40) {\n fail(\"Invalid length role name '${name}' must be between 1 and 40\")\n }\n\n if empty($privileges) or $ensure == 'absent' {\n $_role_ensure = 'absent'\n } else {\n $_role_ensure = $ensure\n }\n\n if empty($mappings) or $ensure == 'absent' {\n $_mapping_ensure = 'absent'\n } else {\n $_mapping_ensure = $ensure\n }\n\n elasticsearch_role { $name :\n ensure => $_role_ensure,\n privileges => $privileges,\n }\n\n elasticsearch_role_mapping { $name :\n ensure => $_mapping_ensure,\n mappings => $mappings,\n }\n}"}, {"name": "elasticsearch::script", "file": "manifests/script.pp", "line": 17, "docstring": {"text": "This define allows you to insert, update or delete scripts that are used\n within Elasticsearch.", "tags": [{"tag_name": "author", "text": "Richard Pijnenburg <richard.pijnenburg@elasticsearch.com>"}, {"tag_name": "author", "text": "Tyler Langlois <tyler.langlois@elastic.co>"}, {"tag_name": "param", "text": "Controls the state of the script file resource to manage.\nValues are simply passed through to the `file` resource.", "types": ["String"], "name": "ensure"}, {"tag_name": "param", "text": "Will be passed through to the script file resource.", "types": ["Optional[Variant[Boolean, Enum['remote']]]"], "name": "recurse"}, {"tag_name": "param", "text": "Puppet source of the script", "types": ["String"], "name": "source"}]}, "defaults": {"ensure": "'present'", "recurse": "undef"}, "source": "define elasticsearch::script (\n String $source,\n String $ensure = 'present',\n Optional[Variant[Boolean, Enum['remote']]] $recurse = undef,\n) {\n if ! defined(Class['elasticsearch']) {\n fail('You must include the elasticsearch base class before using defined resources')\n }\n\n $filename_array = split($source, '/')\n $basefilename = $filename_array[-1]\n\n file { \"${elasticsearch::homedir}/scripts/${basefilename}\":\n ensure => $ensure,\n source => $source,\n owner => $elasticsearch::elasticsearch_user,\n group => $elasticsearch::elasticsearch_group,\n recurse => $recurse,\n mode => '0644',\n }\n}"}, {"name": "elasticsearch::snapshot_repository", "file": "manifests/snapshot_repository.pp", "line": 62, "docstring": {"text": "This define allows you to insert, update or delete Elasticsearch snapshot\n repositories.", "tags": [{"tag_name": "author", "text": "Gavin Williams <fatmcgav@gmail.com>"}, {"tag_name": "author", "text": "Richard Pijnenburg <richard.pijnenburg@elasticsearch.com>"}, {"tag_name": "author", "text": "Tyler Langlois <tyler.langlois@elastic.co>"}, {"tag_name": "param", "text": "Controls whether the named index template should be present or absent in\nthe cluster.", "types": ["Enum['absent', 'present']"], "name": "ensure"}, {"tag_name": "param", "text": "HTTP basic auth password to use when communicating over the Elasticsearch\nAPI.", "types": ["Optional[String]"], "name": "api_basic_auth_password"}, {"tag_name": "param", "text": "HTTP basic auth username to use when communicating over the Elasticsearch\nAPI.", "types": ["Optional[String]"], "name": "api_basic_auth_username"}, {"tag_name": "param", "text": "Path to a CA file which will be used to validate server certs when\ncommunicating with the Elasticsearch API over HTTPS.", "types": ["Optional[Stdlib::Absolutepath]"], "name": "api_ca_file"}, {"tag_name": "param", "text": "Path to a directory with CA files which will be used to validate server\ncerts when communicating with the Elasticsearch API over HTTPS.", "types": ["Optional[Stdlib::Absolutepath]"], "name": "api_ca_path"}, {"tag_name": "param", "text": "Host name or IP address of the ES instance to connect to.", "types": ["String"], "name": "api_host"}, {"tag_name": "param", "text": "Port number of the ES instance to connect to", "types": ["Integer[0, 65535]"], "name": "api_port"}, {"tag_name": "param", "text": "Protocol that should be used to connect to the Elasticsearch API.", "types": ["Enum['http', 'https']"], "name": "api_protocol"}, {"tag_name": "param", "text": "Timeout period (in seconds) for the Elasticsearch API.", "types": ["Integer"], "name": "api_timeout"}, {"tag_name": "param", "text": "Snapshot repository type.", "types": ["Optional[String]"], "name": "repository_type"}, {"tag_name": "param", "text": "Location of snapshots. Mandatory", "types": ["String"], "name": "location"}, {"tag_name": "param", "text": "Compress the snapshot metadata files?", "types": ["Boolean"], "name": "compress"}, {"tag_name": "param", "text": "Chunk size to break big files down into.", "types": ["Optional[String]"], "name": "chunk_size"}, {"tag_name": "param", "text": "Throttle value for node restore rate.", "types": ["Optional[String]"], "name": "max_restore_rate"}, {"tag_name": "param", "text": "Throttle value for node snapshot rate.", "types": ["Optional[String]"], "name": "max_snapshot_rate"}, {"tag_name": "param", "text": "Determines whether the validity of SSL/TLS certificates received from the\nElasticsearch API should be verified or ignored.", "types": ["Boolean"], "name": "validate_tls"}]}, "defaults": {"ensure": "'present'", "api_basic_auth_password": "$elasticsearch::api_basic_auth_password", "api_basic_auth_username": "$elasticsearch::api_basic_auth_username", "api_ca_file": "$elasticsearch::api_ca_file", "api_ca_path": "$elasticsearch::api_ca_path", "api_host": "$elasticsearch::api_host", "api_port": "$elasticsearch::api_port", "api_protocol": "$elasticsearch::api_protocol", "api_timeout": "$elasticsearch::api_timeout", "compress": "true", "chunk_size": "undef", "max_restore_rate": "undef", "max_snapshot_rate": "undef", "repository_type": "undef", "validate_tls": "$elasticsearch::validate_tls"}, "source": "define elasticsearch::snapshot_repository (\n String $location,\n Enum['absent', 'present'] $ensure = 'present',\n Optional[String] $api_basic_auth_password = $elasticsearch::api_basic_auth_password,\n Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username,\n Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file,\n Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path,\n String $api_host = $elasticsearch::api_host,\n Integer[0, 65535] $api_port = $elasticsearch::api_port,\n Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol,\n Integer $api_timeout = $elasticsearch::api_timeout,\n Boolean $compress = true,\n Optional[String] $chunk_size = undef,\n Optional[String] $max_restore_rate = undef,\n Optional[String] $max_snapshot_rate = undef,\n Optional[String] $repository_type = undef,\n Boolean $validate_tls = $elasticsearch::validate_tls,\n) {\n es_instance_conn_validator { \"${name}-snapshot\":\n server => $api_host,\n port => $api_port,\n timeout => $api_timeout,\n }\n -> elasticsearch_snapshot_repository { $name:\n ensure => $ensure,\n chunk_size => $chunk_size,\n compress => $compress,\n location => $location,\n max_restore_rate => $max_restore_rate,\n max_snapshot_rate => $max_snapshot_rate,\n type => $repository_type,\n protocol => $api_protocol,\n host => $api_host,\n port => $api_port,\n timeout => $api_timeout,\n username => $api_basic_auth_username,\n password => $api_basic_auth_password,\n ca_file => $api_ca_file,\n ca_path => $api_ca_path,\n validate_tls => $validate_tls,\n }\n}"}, {"name": "elasticsearch::template", "file": "manifests/template.pp", "line": 55, "docstring": {"text": "This define allows you to insert, update or delete Elasticsearch index\n templates.\n\n Template content should be defined through either the `content` parameter\n (when passing a hash or json string) or the `source` parameter (when passing\n the puppet file URI to a template json file).", "tags": [{"tag_name": "author", "text": "Richard Pijnenburg <richard.pijnenburg@elasticsearch.com>"}, {"tag_name": "author", "text": "Tyler Langlois <tyler.langlois@elastic.co>"}, {"tag_name": "param", "text": "Controls whether the named index template should be present or absent in\nthe cluster.", "types": ["Enum['absent', 'present']"], "name": "ensure"}, {"tag_name": "param", "text": "HTTP basic auth password to use when communicating over the Elasticsearch\nAPI.", "types": ["Optional[String]"], "name": "api_basic_auth_password"}, {"tag_name": "param", "text": "HTTP basic auth username to use when communicating over the Elasticsearch\nAPI.", "types": ["Optional[String]"], "name": "api_basic_auth_username"}, {"tag_name": "param", "text": "Path to a CA file which will be used to validate server certs when\ncommunicating with the Elasticsearch API over HTTPS.", "types": ["Optional[Stdlib::Absolutepath]"], "name": "api_ca_file"}, {"tag_name": "param", "text": "Path to a directory with CA files which will be used to validate server\ncerts when communicating with the Elasticsearch API over HTTPS.", "types": ["Optional[Stdlib::Absolutepath]"], "name": "api_ca_path"}, {"tag_name": "param", "text": "Host name or IP address of the ES instance to connect to.", "types": ["String"], "name": "api_host"}, {"tag_name": "param", "text": "Port number of the ES instance to connect to", "types": ["Integer[0, 65535]"], "name": "api_port"}, {"tag_name": "param", "text": "Protocol that should be used to connect to the Elasticsearch API.", "types": ["Enum['http', 'https']"], "name": "api_protocol"}, {"tag_name": "param", "text": "Timeout period (in seconds) for the Elasticsearch API.", "types": ["Integer"], "name": "api_timeout"}, {"tag_name": "param", "text": "Contents of the template. Can be either a puppet hash or a string\ncontaining JSON.", "types": ["Optional[Variant[String, Hash]]"], "name": "content"}, {"tag_name": "param", "text": "Source path for the template file. Can be any value similar to `source`\nvalues for `file` resources.", "types": ["Optional[String]"], "name": "source"}, {"tag_name": "param", "text": "Determines whether the validity of SSL/TLS certificates received from the\nElasticsearch API should be verified or ignored.", "types": ["Boolean"], "name": "validate_tls"}]}, "defaults": {"ensure": "'present'", "api_basic_auth_password": "$elasticsearch::api_basic_auth_password", "api_basic_auth_username": "$elasticsearch::api_basic_auth_username", "api_ca_file": "$elasticsearch::api_ca_file", "api_ca_path": "$elasticsearch::api_ca_path", "api_host": "$elasticsearch::api_host", "api_port": "$elasticsearch::api_port", "api_protocol": "$elasticsearch::api_protocol", "api_timeout": "$elasticsearch::api_timeout", "content": "undef", "source": "undef", "validate_tls": "$elasticsearch::validate_tls"}, "source": "define elasticsearch::template (\n Enum['absent', 'present'] $ensure = 'present',\n Optional[String] $api_basic_auth_password = $elasticsearch::api_basic_auth_password,\n Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username,\n Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file,\n Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path,\n String $api_host = $elasticsearch::api_host,\n Integer[0, 65535] $api_port = $elasticsearch::api_port,\n Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol,\n Integer $api_timeout = $elasticsearch::api_timeout,\n Optional[Variant[String, Hash]] $content = undef,\n Optional[String] $source = undef,\n Boolean $validate_tls = $elasticsearch::validate_tls,\n) {\n if $content =~ String {\n $_content = parsejson($content)\n } else {\n $_content = $content\n }\n\n if $ensure == 'present' and $source == undef and $_content == undef {\n fail('one of \"file\" or \"content\" required.')\n } elsif $source != undef and $_content != undef {\n fail('\"file\" and \"content\" cannot be simultaneously defined.')\n }\n\n es_instance_conn_validator { \"${name}-template\":\n server => $api_host,\n port => $api_port,\n timeout => $api_timeout,\n }\n -> elasticsearch_template { $name:\n ensure => $ensure,\n content => $_content,\n source => $source,\n protocol => $api_protocol,\n host => $api_host,\n port => $api_port,\n timeout => $api_timeout,\n username => $api_basic_auth_username,\n password => $api_basic_auth_password,\n ca_file => $api_ca_file,\n ca_path => $api_ca_path,\n validate_tls => $validate_tls,\n }\n}"}, {"name": "elasticsearch::user", "file": "manifests/user.pp", "line": 25, "docstring": {"text": "Manages x-pack users.", "tags": [{"tag_name": "author", "text": "Tyler Langlois <tyler.langlois@elastic.co>"}, {"tag_name": "author", "text": "Gavin Williams <gavin.williams@elastic.co>"}, {"tag_name": "example", "text": "elasticsearch::user { 'bob':\n password => 'foobar',\n roles => ['logstash', 'kibana4'],\n}", "name": "creates and manage a user with membership in the 'logstash' and 'kibana4' roles."}, {"tag_name": "param", "text": "Whether the user should be present or not.\nSet to `absent` to ensure a user is not installed", "types": ["Enum['absent', 'present']"], "name": "ensure"}, {"tag_name": "param", "text": "Password for the given user. A plaintext password will be managed\nwith the esusers utility and requires a refresh to update, while\na hashed password from the esusers utility will be managed manually\nin the uses file.", "types": ["String"], "name": "password"}, {"tag_name": "param", "text": "A list of roles to which the user should belong.", "types": ["Array"], "name": "roles"}]}, "defaults": {"ensure": "'present'", "roles": "[]"}, "source": "define elasticsearch::user (\n String $password,\n Enum['absent', 'present'] $ensure = 'present',\n Array $roles = [],\n) {\n if $password =~ /^\\$2a\\$/ {\n elasticsearch_user_file { $name:\n ensure => $ensure,\n configdir => $elasticsearch::configdir,\n hashed_password => $password,\n before => Elasticsearch_user_roles[$name],\n }\n } else {\n elasticsearch_user { $name:\n ensure => $ensure,\n configdir => $elasticsearch::configdir,\n password => $password,\n before => Elasticsearch_user_roles[$name],\n }\n }\n\n elasticsearch_user_roles { $name:\n ensure => $ensure,\n roles => $roles,\n }\n}"}], "resource_types": [{"name": "dns_record", "file": "lib/puppet/type/dns_record.rb", "line": 1, "docstring": {"text": ""}, "properties": [{"name": "ensure", "description": "The basic property that the resource should be in.", "values": ["present", "absent"], "default": "present"}, {"name": "key", "description": "DNS Name"}, {"name": "ttl", "description": "Optional TTL for record"}, {"name": "type", "description": "DNS Record type, such as A, or TXT", "values": ["A", "AAAA", "CNAME", "PTR", "MX", "TXT"]}, {"name": "value", "description": "Record contents, valid value depend on type"}], "parameters": [{"name": "name", "description": "Hello", "isnamevar": true}, {"name": "provider", "description": "The specific backend to use for this `dns_record` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform."}, {"name": "zone", "description": "Zone which this record belongs to"}], "providers": [{"name": "zonefile", "type_name": "dns_record", "file": "lib/puppet/provider/dns_record/zonefile.rb", "line": 4, "docstring": {"text": ""}}]}, {"name": "dns_zone", "file": "lib/puppet/type/dns_zone.rb", "line": 1, "docstring": {"text": "Manage the zonefile /var/named/dynamic/db.${zone}, and its records.\n\nThe zone can still be edited by hand, but invalid record might cause\npuppet to do interesting things. Note that records directly on the\nzone MUST have @ as key (instead of blank).\n\nExisting $TTL directives in the zone are kept, but there is no way\nto set it through this library (due to limitations in the zonefile\nlibrary)."}, "properties": [{"name": "email", "description": "Email to the zone administrator"}, {"name": "ensure", "description": "Ensurable", "values": ["present", "absent", "true", "false"], "aliases": {"true": "present", "false": "absent"}, "default": "present"}, {"name": "expire", "description": "SOA expire, Number of seconds secondary servers should continue answer queries for this zone if the master dissapears", "values": ["/([0-9]+[SsMmHhDdWw]?)+/"], "default": "1000h"}, {"name": "negative_ttl", "description": "SOA negative_ttl, how long can clients cache a negative response", "values": ["/([0-9]+[SsMmHhDdWw]?)+/"], "default": "2d"}, {"name": "ns", "description": "Nameservers for this zone"}, {"name": "primary", "description": "Primary nameserver for this zone"}, {"name": "retry", "description": "SOA retry, number of seconds after which seconday name servers should retry to requeth the serial from the master, must be less than refresh", "values": ["/([0-9]+[SsMmHhDdWw]?)+/"], "default": "2h"}, {"name": "soa_refresh", "description": "SOA refresh, number of seconds after which secondary name servers should query the master for the SOA record", "values": ["/([0-9]+[SsMmHhDdWw]?)+/"], "default": "24h"}], "parameters": [{"name": "ns_ttl", "description": "TTL for NS records", "values": ["/([0-9]+[SsMmHhDdWw]?)+/"], "default": "1w"}, {"name": "provider", "description": "The specific backend to use for this `dns_zone` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform."}, {"name": "purge", "description": "Should all existing records be purged?"}, {"name": "zone", "values": ["/[^.]$/"]}], "providers": [{"name": "zonefile", "type_name": "dns_zone", "file": "lib/puppet/provider/dns_zone/zonefile.rb", "line": 4, "docstring": {"text": ""}}]}, {"name": "anchor", "file": "lib/puppet/type/anchor.rb", "line": 3, "docstring": {"text": "> Note: this has been replaced by core puppet `contain()` method. Please see https://puppet.com/docs/puppet/latest/lang_containment.html for more information.\n\nIn Puppet 2.6, when a class declares another class, the resources in the\ninterior class are not contained by the exterior class. This interacts badly\nwith the pattern of composing complex modules from smaller classes, as it\nmakes it impossible for end users to specify order relationships between the\nexterior class and other modules.\n\nThe anchor type lets you work around this. By sandwiching any interior\nclasses between two no-op resources that _are_ contained by the exterior\nclass, you can ensure that all resources in the module are contained.\n\n```\nclass ntp {\n # These classes will have the correct order relationship with each\n # other. However, without anchors, they won't have any order\n # relationship to Class['ntp'].\n class { 'ntp::package': }\n -> class { 'ntp::config': }\n -> class { 'ntp::service': }\n\n # These two resources \"anchor\" the composed classes within the ntp\n # class.\n anchor { 'ntp::begin': } -> Class['ntp::package']\n Class['ntp::service'] -> anchor { 'ntp::end': }\n}\n```\n\nThis allows the end user of the ntp module to establish require and before\nrelationships with Class['ntp']:\n\n```\nclass { 'ntp': } -> class { 'mcollective': }\nclass { 'mcollective': } -> class { 'ntp': }\n```", "tags": [{"tag_name": "summary", "text": "A simple resource type intended to be used as an anchor in a composite class."}]}, "parameters": [{"name": "name", "description": "The name of the anchor resource.", "isnamevar": true}]}, {"name": "file_line", "file": "lib/puppet/type/file_line.rb", "line": 3, "docstring": {"text": "The implementation matches the full line, including whitespace at the\nbeginning and end. If the line is not contained in the given file, Puppet\nwill append the line to the end of the file to ensure the desired state.\nMultiple resources may be declared to manage multiple lines in the same file.\n\n* Ensure Example\n```\nfile_line { 'sudo_rule':\n path => '/etc/sudoers',\n line => '%sudo ALL=(ALL) ALL',\n}\n\nfile_line { 'sudo_rule_nopw':\n path => '/etc/sudoers',\n line => '%sudonopw ALL=(ALL) NOPASSWD: ALL',\n}\n```\nIn this example, Puppet will ensure both of the specified lines are\ncontained in the file /etc/sudoers.\n\n* Match Example\n\n```\nfile_line { 'bashrc_proxy':\n ensure => present,\n path => '/etc/bashrc',\n line => 'export HTTP_PROXY=http://squid.puppetlabs.vm:3128',\n match => '^export\\ HTTP_PROXY\\=',\n}\n```\n\nIn this code example match will look for a line beginning with export\nfollowed by HTTP_PROXY and replace it with the value in line.\n\n* Examples With `ensure => absent`:\n\nThis type has two behaviors when `ensure => absent` is set.\n\nOne possibility is to set `match => ...` and `match_for_absence => true`,\nas in the following example:\n\n```\nfile_line { 'bashrc_proxy':\n ensure => absent,\n path => '/etc/bashrc',\n match => '^export\\ HTTP_PROXY\\=',\n match_for_absence => true,\n}\n```\n\nIn this code example match will look for a line beginning with export\nfollowed by HTTP_PROXY and delete it. If multiple lines match, an\nerror will be raised unless the `multiple => true` parameter is set.\n\nNote that the `line => ...` parameter would be accepted BUT IGNORED in\nthe above example.\n\nThe second way of using `ensure => absent` is to specify a `line => ...`,\nand no match:\n\n```\nfile_line { 'bashrc_proxy':\n ensure => absent,\n path => '/etc/bashrc',\n line => 'export HTTP_PROXY=http://squid.puppetlabs.vm:3128',\n}\n```\n\n> *Note:*\nWhen ensuring lines are absent this way, the default behavior\nthis time is to always remove all lines matching, and this behavior\ncan't be disabled.\n\n* Encoding example:\n\n```\nfile_line { \"XScreenSaver\":\n ensure => present,\n path => '/root/XScreenSaver',\n line => \"*lock: 10:00:00\",\n match => '^*lock:',\n encoding => \"iso-8859-1\",\n}\n```\n\nFiles with special characters that are not valid UTF-8 will give the\nerror message \"invalid byte sequence in UTF-8\". In this case, determine\nthe correct file encoding and specify the correct encoding using the\nencoding attribute, the value of which needs to be a valid Ruby character\nencoding.\n\n**Autorequires:** If Puppet is managing the file that will contain the line\nbeing managed, the file_line resource will autorequire that file.", "tags": [{"tag_name": "summary", "text": "Ensures that a given line is contained within a file."}]}, "properties": [{"name": "ensure", "description": "Manage the state of this type.", "values": ["present", "absent"], "default": "present"}, {"name": "line", "description": "The line to be appended to the file or used to replace matches found by the match attribute."}], "parameters": [{"name": "after", "description": "An optional value used to specify the line after which we will add any new lines. (Existing lines are added in place)\nThis is also takes a regex."}, {"name": "append_on_no_match", "description": "If true, append line if match is not found. If false, do not append line if a match is not found", "values": ["true", "false"], "default": "true"}, {"name": "encoding", "description": "For files that are not UTF-8 encoded, specify encoding such as iso-8859-1", "default": "UTF-8"}, {"name": "match", "description": "An optional ruby regular expression to run against existing lines in the file.\nIf a match is found, we replace that line rather than adding a new line.\nA regex comparison is performed against the line value and if it does not\nmatch an exception will be raised."}, {"name": "match_for_absence", "description": "An optional value to determine if match should be applied when ensure => absent.\nIf set to true and match is set, the line that matches match will be deleted.\nIf set to false (the default), match is ignored when ensure => absent.\nWhen `ensure => present`, match_for_absence is ignored.", "values": ["true", "false"], "default": "false"}, {"name": "multiple", "description": "An optional value to determine if match can change multiple lines.\nIf set to false, an exception will be raised if more than one line matches", "values": ["true", "false"]}, {"name": "name", "description": "An arbitrary name used as the identity of the resource.", "isnamevar": true}, {"name": "path", "description": "The file Puppet will ensure contains the line specified by the line parameter."}, {"name": "provider", "description": "The specific backend to use for this `file_line` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform."}, {"name": "replace", "description": "If true, replace line that matches. If false, do not write line if a match is found", "values": ["true", "false"], "default": "true"}, {"name": "replace_all_matches_not_matching_line", "description": "Configures the behavior of replacing all lines in a file which match the `match` parameter regular expression, regardless of whether the specified line is already present in the file.", "values": ["true", "false"], "default": "false"}], "providers": [{"name": "ruby", "type_name": "file_line", "file": "lib/puppet/provider/file_line/ruby.rb", "line": 3, "docstring": {"text": "The implementation matches the full line, including whitespace at the\nbeginning and end. If the line is not contained in the given file, Puppet\nwill append the line to the end of the file to ensure the desired state.\nMultiple resources may be declared to manage multiple lines in the same file.", "tags": [{"tag_name": "summary", "text": "This type allows puppet to manage small config files."}]}}]}, {"name": "concat_file", "file": "lib/puppet/type/concat_file.rb", "line": 8, "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "Concat_fragment <<| tag == 'unique_tag' |>>\n\nconcat_file { '/tmp/file':\n tag => 'unique_tag', # Optional. Default to undef\n path => '/tmp/file', # Optional. If given it overrides the resource name\n owner => 'root', # Optional. Default to undef\n group => 'root', # Optional. Default to undef\n mode => '0644' # Optional. Default to undef\n order => 'numeric' # Optional, Default to 'numeric'\n ensure_newline => false # Optional, Defaults to false\n}", "name": ""}, {"tag_name": "summary", "text": "Generates a file with content from fragments sharing a common unique tag."}]}, "properties": [{"name": "ensure", "description": "Specifies whether the destination file should exist. Setting to 'absent' tells Puppet to delete the destination file if it exists, and\nnegates the effect of any other parameters.", "values": ["present", "absent"], "default": "present"}], "parameters": [{"name": "backup", "description": "Specifies whether (and how) to back up the destination file before overwriting it. Your value gets passed on to Puppet's native file\nresource for execution. Valid options: true, false, or a string representing either a target filebucket or a filename extension\nbeginning with \".\".'"}, {"name": "create_empty_file", "description": "Specifies whether to create an empty file if no fragments are defined.", "values": ["true", "false", "yes", "no"], "default": "true"}, {"name": "ensure_newline", "description": "Specifies whether to add a line break at the end of each fragment that doesn't already end in one.", "values": ["true", "false", "yes", "no"], "default": "false"}, {"name": "force", "description": "Specifies whether to merge data structures, keeping the values with higher order.", "values": ["true", "false", "yes", "no"], "default": "false"}, {"name": "format", "description": "Specify what data type to merge the fragments as. Valid options: 'plain', 'yaml', 'json', 'json-array', 'json-pretty', 'json-array-pretty'.", "values": ["plain", "yaml", "json", "json-array", "json-pretty", "json-array-pretty"], "default": "plain"}, {"name": "group", "description": "Specifies a permissions group for the destination file. Valid options: a string containing a group name or integer containing a\ngid."}, {"name": "mode", "description": "Specifies the permissions mode of the destination file. Valid options: a string containing a permission mode value in octal notation."}, {"name": "order", "description": "Specifies a method for sorting your fragments by name within the destination file. You can override this setting for individual\nfragments by adjusting the order parameter in their concat::fragment declarations.", "values": ["alpha", "numeric"], "default": "numeric"}, {"name": "owner", "description": "Specifies the owner of the destination file. Valid options: a string containing a username or integer containing a uid."}, {"name": "path", "description": "Specifies a destination file for the combined fragments. Valid options: a string containing an absolute path. Default value: the\ntitle of your declared resource."}, {"name": "replace", "description": "Specifies whether to overwrite the destination file if it already exists.", "values": ["true", "false", "yes", "no"], "default": "true"}, {"name": "selinux_ignore_defaults", "description": "See the file type's selinux_ignore_defaults documentention:\nhttps://docs.puppetlabs.com/references/latest/type.html#file-attribute-selinux_ignore_defaults.", "values": ["true", "false", "yes", "no"]}, {"name": "selrange", "description": "See the file type's selrange documentation: https://docs.puppetlabs.com/references/latest/type.html#file-attribute-selrange"}, {"name": "selrole", "description": "See the file type's selrole documentation: https://docs.puppetlabs.com/references/latest/type.html#file-attribute-selrole"}, {"name": "seltype", "description": "See the file type's seltype documentation: https://docs.puppetlabs.com/references/latest/type.html#file-attribute-seltype"}, {"name": "seluser", "description": "See the file type's seluser documentation: https://docs.puppetlabs.com/references/latest/type.html#file-attribute-seluser"}, {"name": "show_diff", "description": "Specifies whether to set the show_diff parameter for the file resource. Useful for hiding secrets stored in hiera from insecure\nreporting methods.", "values": ["true", "false", "yes", "no"]}, {"name": "tag", "description": "Required. Specifies a unique tag reference to collect all concat_fragments with the same tag."}, {"name": "validate_cmd", "description": "Specifies a validation command to apply to the destination file. Requires Puppet version 3.5 or newer. Valid options: a string to\nbe passed to a file resource."}]}, {"name": "concat_fragment", "file": "lib/puppet/type/concat_fragment.rb", "line": 3, "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "# The example is based on exported resources.\n\nconcat_fragment { \"uniqe_name_${::fqdn}\":\n tag => 'unique_name',\n order => 10, # Optional. Default to 10\n content => 'some content' # OR\n # content => template('template.erb')\n source => 'puppet:///path/to/file'\n}", "name": ""}, {"tag_name": "summary", "text": "Manages the fragment."}]}, "parameters": [{"name": "content", "description": "Supplies the content of the fragment. Note: You must supply either a content parameter or a source parameter. Valid options: a string"}, {"name": "name", "description": "Name of resource.", "isnamevar": true}, {"name": "order", "description": "Reorders your fragments within the destination file. Fragments that share the same order number are ordered by name. The string\noption is recommended.", "default": "10"}, {"name": "source", "description": "Specifies a file to read into the content of the fragment. Note: You must supply either a content parameter or a source parameter.\nValid options: a string or an array, containing one or more Puppet URLs."}, {"name": "tag", "description": "Specifies a unique tag to be used by concat_file to reference and collect content."}, {"name": "target", "description": "Required. Specifies the destination file of the fragment. Valid options: a string containing the path or title of the parent\nconcat_file resource."}]}, {"name": "apt_key", "file": "lib/puppet/type/apt_key.rb", "line": 4, "docstring": {"text": "**Autorequires**\n\nIf Puppet is given the location of a key file which looks like an absolute\npath this type will autorequire that file.", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "example", "text": "apt_key { '6F6B15509CF8E59E6E469F327F438280EF8D349F':\n source => 'http://apt.puppetlabs.com/pubkey.gpg'\n}", "name": "Basic usage"}, {"tag_name": "summary", "text": "This type provides Puppet with the capabilities to manage GPG keys needed\nby apt to perform package validation. Apt has it's own GPG keyring that can\nbe manipulated through the `apt-key` command."}]}, "properties": [{"name": "created", "description": "Date the key was created.\n\nThis property is read-only."}, {"name": "ensure", "description": "The basic property that the resource should be in.", "values": ["present", "absent"], "default": "present"}, {"name": "expired", "description": "Indicates if the key has expired.\n\nThis property is read-only."}, {"name": "expiry", "description": "The date the key will expire, or nil if it has no expiry date.\n\nThis property is read-only."}, {"name": "fingerprint", "description": "The 40-digit hexadecimal fingerprint of the specified GPG key.\n\nThis property is read-only."}, {"name": "long", "description": "The 16-digit hexadecimal id of the specified GPG key.\n\nThis property is read-only."}, {"name": "short", "description": "The 8-digit hexadecimal id of the specified GPG key.\n\nThis property is read-only."}, {"name": "size", "description": "The key size, usually a multiple of 1024.\n\nThis property is read-only."}, {"name": "type", "description": "The key type, one of: rsa, dsa, ecc, ecdsa\n\nThis property is read-only."}], "parameters": [{"name": "content", "description": "The content of, or string representing, a GPG key."}, {"name": "id", "description": "The ID of the key you want to manage.", "values": ["%r{\\A(0x)?[0-9a-fA-F]{8}\\Z}", "%r{\\A(0x)?[0-9a-fA-F]{16}\\Z}", "%r{\\A(0x)?[0-9a-fA-F]{40}\\Z}"]}, {"name": "options", "description": "Additional options to pass to apt-key\\'s --keyserver-options."}, {"name": "provider", "description": "The specific backend to use for this `apt_key` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform."}, {"name": "refresh", "description": "When true, recreate an existing expired key", "values": ["true", "false", "yes", "no"], "default": "false"}, {"name": "server", "description": "The key server to fetch the key from based on the ID. It can either be a domain name or url.", "values": ["%r{\\A((hkp|hkps|http|https)://)?([a-z\\d])([a-z\\d-]{0,61}\\.)+[a-z\\d]+(:\\d{2,5})?$}"], "default": "keyserver.ubuntu.com"}, {"name": "source", "description": "Location of a GPG key file, /path/to/file, ftp://, http:// or https://", "values": ["%r{\\Ahttps?://}", "%r{\\Aftp://}", "%r{\\A/\\w+}"]}], "providers": [{"name": "apt_key", "type_name": "apt_key", "file": "lib/puppet/provider/apt_key/apt_key.rb", "line": 13, "docstring": {"text": "apt-key provider for apt_key resource"}, "confines": {"osfamily": "debian"}, "defaults": [[["osfamily", "debian"]]], "commands": {"apt_key": "apt-key", "gpg": "/usr/bin/gpg"}}]}, {"name": "ini_setting", "file": "lib/puppet/type/ini_setting.rb", "line": 6, "docstring": {"text": "ini_settings is used to manage a single setting in an INI file"}, "properties": [{"name": "ensure", "description": "Ensurable method handles modeling creation. It creates an ensure property", "values": ["present", "absent"], "default": "present"}, {"name": "value", "description": "The value of the setting to be defined."}], "parameters": [{"name": "force_new_section_creation", "description": "Create setting only if the section exists", "values": ["true", "false", "yes", "no"], "default": "true"}, {"name": "indent_char", "description": "The character to indent new settings with.", "default": " "}, {"name": "indent_width", "description": "The number of indent_chars to use to indent a new setting."}, {"name": "key_val_separator", "description": "The separator string to use between each setting name and value.", "default": " = "}, {"name": "name", "description": "An arbitrary name used as the identity of the resource.", "isnamevar": true}, {"name": "path", "description": "The ini file Puppet will ensure contains the specified setting."}, {"name": "provider", "description": "The specific backend to use for this `ini_setting` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform."}, {"name": "refreshonly", "description": "A flag indicating whether or not the ini_setting should be updated only when called as part of a refresh event", "values": ["true", "false", "yes", "no"], "default": "false"}, {"name": "section", "description": "The name of the section in the ini file in which the setting should be defined.", "default": "''"}, {"name": "section_prefix", "description": "The prefix to the section name\\'s header.", "default": "["}, {"name": "section_suffix", "description": "The suffix to the section name\\'s header.", "default": "]"}, {"name": "setting", "description": "The name of the setting to be defined."}, {"name": "show_diff", "description": "Whether to display differences when the setting changes.", "values": ["true", "md5", "false"], "default": "true"}], "providers": [{"name": "ruby", "type_name": "ini_setting", "file": "lib/puppet/provider/ini_setting/ruby.rb", "line": 5, "docstring": {"text": "Creates new ini_setting file, a specific config file with a provider that uses\nthis as its parent and implements the method\nself.file_path, and that will provide the value for the path to the\nini file."}}]}, {"name": "ini_subsetting", "file": "lib/puppet/type/ini_subsetting.rb", "line": 5, "docstring": {"text": "ini_subsettings is used to manage multiple values in a setting in an INI file"}, "properties": [{"name": "ensure", "description": "Ensurable method handles modeling creation. It creates an ensure property", "values": ["present", "absent"], "default": "present"}, {"name": "value", "description": "The value of the subsetting to be defined."}], "parameters": [{"name": "delete_if_empty", "description": "Set to true to delete the parent setting when the subsetting is empty instead of writing an empty string", "values": ["true", "false"], "default": "false"}, {"name": "insert_type", "description": "Where the new subsetting item should be inserted\n\n* :start - insert at the beginning of the line.\n* :end - insert at the end of the line (default).\n* :before - insert before the specified element if possible.\n* :after - insert after the specified element if possible.\n* :index - insert at the specified index number.", "values": ["start", "end", "before", "after", "index"], "default": "end"}, {"name": "insert_value", "description": "The value for the insert types which require one."}, {"name": "key_val_separator", "description": "The separator string to use between each setting name and value.", "default": " = "}, {"name": "name", "description": "An arbitrary name used as the identity of the resource.", "isnamevar": true}, {"name": "path", "description": "The ini file Puppet will ensure contains the specified setting."}, {"name": "provider", "description": "The specific backend to use for this `ini_subsetting` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform."}, {"name": "quote_char", "description": "The character used to quote the entire value of the setting. Valid values are '', '\\\"' and \\\"'\\\"", "default": "''"}, {"name": "section", "description": "The name of the section in the ini file in which the setting should be defined.", "default": "''"}, {"name": "setting", "description": "The name of the setting to be defined."}, {"name": "show_diff", "description": "Whether to display differences when the setting changes.", "values": ["true", "md5", "false"], "default": "true"}, {"name": "subsetting", "description": "The name of the subsetting to be defined."}, {"name": "subsetting_key_val_separator", "description": "The separator string between the subsetting name and its value. Defaults to the empty string.", "default": "''"}, {"name": "subsetting_separator", "description": "The separator string between subsettings. Defaults to the empty string.", "default": " "}, {"name": "use_exact_match", "description": "Set to true if your subsettings don\\'t have values and you want to use exact matches to determine if the subsetting exists.", "values": ["true", "false"], "default": "false"}], "providers": [{"name": "ruby", "type_name": "ini_subsetting", "file": "lib/puppet/provider/ini_subsetting/ruby.rb", "line": 6, "docstring": {"text": "Creates new ini_subsetting file, a specific config file with a provider that uses\nthis as its parent and implements the method\nself.file_path, and that will provide the value for the path to the\nini file."}}]}, {"name": "archive", "file": "lib/puppet/type/archive.rb", "line": 8, "docstring": {"text": "Manage archive file download, extraction, and cleanup."}, "properties": [{"name": "creates", "description": "if file/directory exists, will not download/extract archive."}, {"name": "ensure", "description": "whether archive file should be present/absent (default: present)", "values": ["present", "absent"], "default": "present"}], "parameters": [{"name": "allow_insecure", "description": "ignore HTTPS certificate errors", "values": ["true", "false", "yes", "no"], "default": "false"}, {"name": "checksum", "description": "archive file checksum (match checksum_type).", "values": ["%r{\\b[0-9a-f]{5,128}\\b}", "true", "false", "undef", "nil", "''"]}, {"name": "checksum_type", "description": "archive file checksum type (none|md5|sha1|sha2|sha256|sha384|sha512).", "values": ["none", "md5", "sha1", "sha2", "sha256", "sha384", "sha512"], "default": "none"}, {"name": "checksum_url", "description": "archive file checksum source (instead of specifying checksum)"}, {"name": "checksum_verify", "description": "whether checksum wil be verified (true|false).", "values": ["true", "false"], "default": "true"}, {"name": "cleanup", "description": "whether archive file will be removed after extraction (true|false).", "values": ["true", "false"], "default": "true"}, {"name": "cookie", "description": "archive file download cookie."}, {"name": "digest_string", "description": "archive file checksum (match checksum_type)\n(this parameter is for camptocamp/archive compatibility).", "values": ["%r{\\b[0-9a-f]{5,128}\\b}"]}, {"name": "digest_type", "description": "archive file checksum type (none|md5|sha1|sha2|sha256|sha384|sha512)\n(this parameter is camptocamp/archive compatibility).", "values": ["none", "md5", "sha1", "sha2", "sha256", "sha384", "sha512"]}, {"name": "digest_url", "description": "archive file checksum source (instead of specifying checksum)\n(this parameter is for camptocamp/archive compatibility)"}, {"name": "download_options", "description": "provider download options (affects curl, wget, gs, and only s3 downloads for ruby provider)"}, {"name": "extract", "description": "whether archive will be extracted after download (true|false).", "values": ["true", "false"], "default": "false"}, {"name": "extract_command", "description": "custom extraction command ('tar xvf example.tar.gz'), also support sprintf format ('tar xvf %s') which will be processed with the filename: sprintf('tar xvf %s', filename)"}, {"name": "extract_flags", "description": "custom extraction options, this replaces the default flags. A string such as 'xvf' for a tar file would replace the default xf flag. A hash is useful when custom flags are needed for different platforms. {'tar' => 'xzf', '7z' => 'x -aot'}.", "default": "undef"}, {"name": "extract_path", "description": "target folder path to extract archive."}, {"name": "filename", "description": "archive file name (derived from path)."}, {"name": "group", "description": "extract command group (using this option will configure the archive file permisison to 0644 so the user can read the file)."}, {"name": "headers", "description": "optional header(s) to pass."}, {"name": "password", "description": "password to download source file."}, {"name": "path", "description": "namevar, archive file fully qualified file path."}, {"name": "provider", "description": "The specific backend to use for this `archive` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform."}, {"name": "proxy_server", "description": "proxy address to use when accessing source"}, {"name": "proxy_type", "description": "proxy type (none|ftp|http|https)", "values": ["none", "ftp", "http", "https"]}, {"name": "source", "description": "archive file source, supports puppet|http|https|ftp|file|s3|gs uri."}, {"name": "target", "description": "target folder path to extract archive. (this parameter is for camptocamp/archive compatibility)"}, {"name": "temp_dir", "description": "Specify an alternative temporary directory to use for copying files, if unset then the operating system default will be used."}, {"name": "url", "description": "archive file source, supports http|https|ftp|file uri.\n(for camptocamp/archive compatibility)"}, {"name": "user", "description": "extract command user (using this option will configure the archive file permission to 0644 so the user can read the file)."}, {"name": "username", "description": "username to download source file."}], "providers": [{"name": "curl", "type_name": "archive", "file": "lib/puppet/provider/archive/curl.rb", "line": 6, "docstring": {"text": ""}, "defaults": [[["feature", "posix"]]], "commands": {"curl": "curl"}}, {"name": "ruby", "type_name": "archive", "file": "lib/puppet/provider/archive/ruby.rb", "line": 70, "docstring": {"text": "This provider implements a simple state-machine. The following attempts to #\ndocument it. In general, `def adjective?` implements a [state], while `def\nverb` implements an {action}.\nSome states are more complex, as they might depend on other states, or trigger\nactions. Since this implements an ad-hoc state-machine, many actions or states\nhave to guard themselves against being called out of order.\n\n[exists?]\n |\n v\n[extracted?] -> no -> [checksum?]\n |\n v\n yes\n |\n v\n[path.exists?] -> no -> {cleanup}\n | | |\n v v v\n[checksum?] yes. [extracted?] && [cleanup?]\n |\n v\n {destroy}\n\nNow, with [exists?] defined, we can define [ensure]\nBut that's just part of the standard puppet provider state-machine:\n\n[ensure] -> absent -> [exists?] -> no.\n | |\n v v\n present yes\n | |\n v v\n[exists?] {destroy}\n |\n v\n{create}\n\nHere's how we would extend archive for an `ensure => latest`:\n\n [exists?] -> no -> {create}\n |\n v\n yes\n |\n v\n [ttl?] -> expired -> {destroy} -> {create}\n |\n v\n valid."}, "defaults": [[["feature", "microsoft_windows"]]]}, {"name": "wget", "type_name": "archive", "file": "lib/puppet/provider/archive/wget.rb", "line": 3, "docstring": {"text": ""}, "commands": {"wget": "wget"}}]}, {"name": "postgresql_conf", "file": "lib/puppet/type/postgresql_conf.rb", "line": 3, "docstring": {"text": "This type allows puppet to manage postgresql.conf parameters."}, "properties": [{"name": "ensure", "description": "The basic property that the resource should be in.", "values": ["present", "absent"], "default": "present"}, {"name": "target", "description": "The path to postgresql.conf"}, {"name": "value", "description": "The value to set for this parameter."}], "parameters": [{"name": "name", "description": "The postgresql parameter name to manage.", "values": ["%r{^[\\w\\.]+$}"], "isnamevar": true}, {"name": "provider", "description": "The specific backend to use for this `postgresql_conf` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform."}], "providers": [{"name": "parsed", "type_name": "postgresql_conf", "file": "lib/puppet/provider/postgresql_conf/parsed.rb", "line": 5, "docstring": {"text": "Set key/values in postgresql.conf."}}]}, {"name": "postgresql_conn_validator", "file": "lib/puppet/type/postgresql_conn_validator.rb", "line": 3, "docstring": {"text": "Verify that a connection can be successfully established between a node\nand the PostgreSQL server. Its primary use is as a precondition to\nprevent configuration changes from being applied if the PostgreSQL\nserver cannot be reached, but it could potentially be used for other\npurposes such as monitoring.", "tags": [{"tag_name": "summary", "text": "Verify if a connection can be successfully established"}]}, "properties": [{"name": "ensure", "description": "Ensure connection validation", "values": ["present", "absent"], "default": "present"}], "parameters": [{"name": "command", "description": "Command to run against target database.", "default": "SELECT 1"}, {"name": "connect_settings", "description": "Hash of environment variables for connection to a db."}, {"name": "db_name", "description": "The name of the database you are trying to validate a connection with."}, {"name": "db_password", "description": "The password required to access the target PostgreSQL database."}, {"name": "db_username", "description": "A user that has access to the target PostgreSQL database."}, {"name": "host", "description": "The DNS name or IP address of the server where PostgreSQL should be running."}, {"name": "name", "description": "An arbitrary name used as the identity of the resource.", "isnamevar": true}, {"name": "port", "description": "The port that the PostgreSQL server should be listening on."}, {"name": "provider", "description": "The specific backend to use for this `postgresql_conn_validator` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform."}, {"name": "psql_path", "description": "Path to the psql command."}, {"name": "run_as", "description": "System user that will run the psql command."}, {"name": "sleep", "description": "The length of sleep time between connection tries.", "default": "2"}, {"name": "tries", "description": "The number of tries to validate the connection to the target PostgreSQL database.", "default": "10"}], "providers": [{"name": "ruby", "type_name": "postgresql_conn_validator", "file": "lib/puppet/provider/postgresql_conn_validator/ruby.rb", "line": 9, "docstring": {"text": "A provider for the resource type `postgresql_conn_validator`,\nwhich validates the PostgreSQL connection by attempting a query\nto the target PostgreSQL server."}}]}, {"name": "postgresql_psql", "file": "lib/puppet/type/postgresql_psql.rb", "line": 3, "docstring": {"text": "An arbitrary tag for your own reference; the name of the message."}, "properties": [{"name": "command", "description": "The SQL command to execute via psql."}], "parameters": [{"name": "connect_settings", "description": "Connection settings that will be used when connecting to postgres"}, {"name": "cwd", "description": "The working directory under which the psql command should be executed.", "default": "/tmp"}, {"name": "db", "description": "The name of the database to execute the SQL command against, this overrides any PGDATABASE value in connect_settings"}, {"name": "environment", "description": "Any additional environment variables you want to set for a\nSQL command. Multiple environment variables should be\nspecified as an array."}, {"name": "name", "description": "An arbitrary tag for your own reference; the name of the message.", "isnamevar": true}, {"name": "onlyif", "description": "An optional SQL command to execute prior to the main :command;\nthis is generally intended to be used for idempotency, to check\nfor the existence of an object in the database to determine whether\nor not the main SQL command needs to be executed at all."}, {"name": "port", "description": "The port of the database server to execute the SQL command against, this overrides any PGPORT value in connect_settings."}, {"name": "provider", "description": "The specific backend to use for this `postgresql_psql` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform."}, {"name": "psql_group", "description": "The system user group account under which the psql command should be executed.", "default": "postgres"}, {"name": "psql_path", "description": "The path to psql executable.", "default": "psql"}, {"name": "psql_user", "description": "The system user account under which the psql command should be executed.", "default": "postgres"}, {"name": "refreshonly", "description": "If 'true', then the SQL will only be executed via a notify/subscribe event.", "values": ["true", "false"], "default": "false"}, {"name": "search_path", "description": "The schema search path to use when executing the SQL command"}, {"name": "sensitive", "description": "If 'true', then the executed command will not be echoed into the log. Use this to protect sensitive information passing through.", "values": ["true", "false"], "default": "false"}, {"name": "unless", "description": "An optional SQL command to execute prior to the main :command;\nthis is generally intended to be used for idempotency, to check\nfor the existence of an object in the database to determine whether\nor not the main SQL command needs to be executed at all.'"}], "providers": [{"name": "ruby", "type_name": "postgresql_psql", "file": "lib/puppet/provider/postgresql_psql/ruby.rb", "line": 3, "docstring": {"text": "Postgres psql provider"}}]}, {"name": "postgresql_replication_slot", "file": "lib/puppet/type/postgresql_replication_slot.rb", "line": 3, "docstring": {"text": "This type allows to create and destroy replication slots\nto register warm standby replication on a Postgresql\nprimary server.", "tags": [{"tag_name": "summary", "text": "Manages Postgresql replication slots."}]}, "properties": [{"name": "ensure", "description": "The basic property that the resource should be in.", "values": ["present", "absent"], "default": "present"}], "parameters": [{"name": "name", "description": "The name of the slot to create. Must be a valid replication slot name.", "values": ["%r{^[a-z0-9_]+$}"], "isnamevar": true}, {"name": "provider", "description": "The specific backend to use for this `postgresql_replication_slot` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform."}], "providers": [{"name": "ruby", "type_name": "postgresql_replication_slot", "file": "lib/puppet/provider/postgresql_replication_slot/ruby.rb", "line": 3, "docstring": {"text": "For confinement"}, "commands": {"psql": "psql"}}]}, {"name": "firewall", "file": "lib/puppet/type/firewall.rb", "line": 14, "docstring": {"text": "**Autorequires:**\n\nIf Puppet is managing the iptables or ip6tables chains specified in the\n`chain` or `jump` parameters, the firewall resource will autorequire\nthose firewallchain resources.\n\nIf Puppet is managing the iptables, iptables-persistent, or iptables-services packages,\nand the provider is iptables or ip6tables, the firewall resource will\nautorequire those packages to ensure that any required binaries are\ninstalled.\n\n#### Providers\n Note: Not all features are available with all providers.\n\n * ip6tables: Ip6tables type provider\n\n * Required binaries: ip6tables-save, ip6tables.\n * Supported features: address_type, connection_limiting, conntrack, dnat, hop_limiting, icmp_match,\n interface_match, iprange, ipsec_dir, ipsec_policy, ipset, iptables, isfirstfrag,\n ishasmorefrags, islastfrag, length, log_level, log_prefix, log_uid,\n log_tcp_sequence, log_tcp_options, log_ip_options, mask, mss,\n owner, pkttype, queue_bypass, queue_num, rate_limiting, recent_limiting, reject_type,\n snat, socket, state_match, string_matching, tcp_flags, hashlimit, bpf.\n\n * iptables: Iptables type provider\n\n * Required binaries: iptables-save, iptables.\n * Default for kernel == linux.\n * Supported features: address_type, clusterip, connection_limiting, conntrack, dnat, icmp_match,\n interface_match, iprange, ipsec_dir, ipsec_policy, ipset, iptables, isfragment, length,\n log_level, log_prefix, log_uid, log_tcp_sequence, log_tcp_options, log_ip_options,\n mark, mask, mss, netmap, nflog_group, nflog_prefix,\n nflog_range, nflog_threshold, owner, pkttype, queue_bypass, queue_num, rate_limiting,\n recent_limiting, reject_type, snat, socket, state_match, string_matching, tcp_flags, bpf.\n\n#### Features\n * address_type: The ability to match on source or destination address type.\n\n * clusterip: Configure a simple cluster of nodes that share a certain IP and MAC address without an explicit load balancer in front of them.\n\n * condition: Match if a specific condition variable is (un)set (requires xtables-addons)\n\n * connection_limiting: Connection limiting features.\n\n * conntrack: Connection tracking features.\n\n * dnat: Destination NATing.\n\n * hop_limiting: Hop limiting features.\n\n * icmp_match: The ability to match ICMP types.\n\n * interface_match: Interface matching.\n\n * iprange: The ability to match on source or destination IP range.\n\n * ipsec_dir: The ability to match IPsec policy direction.\n\n * ipsec_policy: The ability to match IPsec policy.\n\n * iptables: The provider provides iptables features.\n\n * isfirstfrag: The ability to match the first fragment of a fragmented ipv6 packet.\n\n * isfragment: The ability to match fragments.\n\n * ishasmorefrags: The ability to match a non-last fragment of a fragmented ipv6 packet.\n\n * islastfrag: The ability to match the last fragment of an ipv6 packet.\n\n * length: The ability to match the length of the layer-3 payload.\n\n * log_level: The ability to control the log level.\n\n * log_prefix: The ability to add prefixes to log messages.\n\n * log_uid: The ability to log the userid of the process which generated the packet.\n\n * log_tcp_sequence: The ability to log TCP sequence numbers.\n\n * log_tcp_options: The ability to log TCP packet header.\n\n * log_ip_options: The ability to log IP/IPv6 packet header.\n\n * mark: The ability to match or set the netfilter mark value associated with the packet.\n\n * mask: The ability to match recent rules based on the ipv4 mask.\n\n * nflog_group: The ability to set the group number for NFLOG.\n\n * nflog_prefix: The ability to set a prefix for nflog messages.\n\n * nflog_range: The ability to set nflog_range.\n\n * nflog_threshold: The ability to set nflog_threshold.\n\n * owner: The ability to match owners.\n\n * pkttype: The ability to match a packet type.\n\n * rate_limiting: Rate limiting features.\n\n * recent_limiting: The netfilter recent module.\n\n * reject_type: The ability to control reject messages.\n\n * set_mss: Set the TCP MSS of a packet.\n\n * snat: Source NATing.\n\n * socket: The ability to match open sockets.\n\n * state_match: The ability to match stateful firewall states.\n\n * string_matching: The ability to match a given string by using some pattern matching strategy.\n\n * tcp_flags: The ability to match on particular TCP flag settings.\n\n * netmap: The ability to map entire subnets via source or destination nat rules.\n\n * hashlimit: The ability to use the hashlimit-module.\n\n * bpf: The ability to use Berkeley Paket Filter rules.\n\n * ipvs: The ability to match IP Virtual Server packets.\n\n * ct_target: The ability to set connection tracking parameters for a packet or its associated connection.\n\n * random_fully: The ability to use --random-fully flag.", "tags": [{"tag_name": "summary", "text": "This type provides the capability to manage firewall rules within puppet."}]}, "properties": [{"name": "action", "description": "This is the action to perform on a match. Can be one of:\n\n* accept - the packet is accepted\n* reject - the packet is rejected with a suitable ICMP response\n* drop - the packet is dropped\n\nIf you specify no value it will simply match the rule but perform no\naction unless you provide a provider specific parameter (such as *jump*).", "values": ["accept", "reject", "drop"]}, {"name": "burst", "description": "Rate limiting burst value (per second) before limit checks apply.", "values": ["%r{^\\d+$}"], "required_features": "rate_limiting"}, {"name": "bytecode", "description": "Match using Linux Socket Filter. Expects a BPF program in decimal format.\nThis is the format generated by the nfbpf_compile utility.", "required_features": "iptables"}, {"name": "cgroup", "description": "Matches against the net_cls cgroup ID of the packet."}, {"name": "chain", "description": "Name of the chain to use. Can be one of the built-ins:\n\n* INPUT\n* FORWARD\n* OUTPUT\n* PREROUTING\n* POSTROUTING\n\nOr you can provide a user-based chain.", "values": ["%r{^[a-zA-Z0-9\\-_]+$}"], "required_features": "iptables", "default": "INPUT"}, {"name": "checksum_fill", "description": "Compute and fill missing packet checksums.", "values": ["true", "false"], "required_features": "iptables"}, {"name": "clamp_mss_to_pmtu", "description": "Sets the clamp mss to pmtu flag.", "values": ["true", "false"], "required_features": "iptables"}, {"name": "clusterip_clustermac", "description": "Used with the CLUSTERIP jump target.\nSpecify the ClusterIP MAC address. Has to be a link-layer multicast address.", "values": ["%r{^([0-9a-f]{2}[:]){5}([0-9a-f]{2})$}i"], "required_features": "clusterip"}, {"name": "clusterip_hash_init", "description": "Used with the CLUSTERIP jump target.\nSpecify the random seed used for hash initialization.", "required_features": "clusterip"}, {"name": "clusterip_hashmode", "description": "Used with the CLUSTERIP jump target.\nSpecify the hashing mode.", "values": ["sourceip", "sourceip-sourceport", "sourceip-sourceport-destport"], "required_features": "clusterip"}, {"name": "clusterip_local_node", "description": "Used with the CLUSTERIP jump target.\nSpecify the random seed used for hash initialization.", "values": ["%r{\\d+}"], "required_features": "clusterip"}, {"name": "clusterip_new", "description": "Used with the CLUSTERIP jump target.\nCreate a new ClusterIP. You always have to set this on the first rule for a given ClusterIP.", "values": ["true", "false"], "required_features": "clusterip"}, {"name": "clusterip_total_nodes", "description": "Used with the CLUSTERIP jump target.\nNumber of total nodes within this cluster.", "values": ["%r{\\d+}"], "required_features": "clusterip"}, {"name": "condition", "description": "Match on boolean value (0/1) stored in /proc/net/nf_condition/name.", "required_features": "condition"}, {"name": "connlimit_above", "description": "Connection limiting value for matched connections above n.", "values": ["%r{^\\d+$}"], "required_features": "connection_limiting"}, {"name": "connlimit_mask", "description": "Connection limiting by subnet mask for matched connections.\nIPv4: 0-32\nIPv6: 0-128", "values": ["%r{^\\d+$}"], "required_features": "connection_limiting"}, {"name": "connmark", "description": "Match the Netfilter mark value associated with the packet. Accepts either of:\nmark/mask or mark. These will be converted to hex if they are not already.", "required_features": "mark"}, {"name": "ctdir", "description": "Matches a packet that is flowing in the specified direction using the\nconntrack module. If this flag is not specified at all, matches packets\nin both directions. Values can be:\n\n* REPLY\n* ORIGINAL", "values": ["REPLY", "ORIGINAL"], "required_features": "conntrack"}, {"name": "ctexpire", "description": "Matches a packet based on lifetime remaining in seconds or range of values\nusing the conntrack module. For example:\n\n ctexpire => '100:150'", "values": ["%r{^!?\\s?\\d+$|^!?\\s?\\d+\\:\\d+$}"], "required_features": "conntrack"}, {"name": "ctorigdst", "description": "The original destination address using the conntrack module. For example:\n\n ctorigdst => '192.168.2.0/24'\n\nYou can also negate a mask by putting ! in front. For example:\n\n ctorigdst => '! 192.168.2.0/24'\n\nThe ctorigdst can also be an IPv6 address if your provider supports it.", "required_features": "conntrack"}, {"name": "ctorigdstport", "description": "The original destination port to match for this filter using the conntrack module.\nFor example:\n\n ctorigdstport => '80'\n\nYou can also specify a port range: For example:\n\n ctorigdstport => '80:81'\n\nYou can also negate a port by putting ! in front. For example:\n\n ctorigdstport => '! 80'", "values": ["%r{^!?\\s?\\d+$|^!?\\s?\\d+\\:\\d+$}"], "required_features": "conntrack"}, {"name": "ctorigsrc", "description": "The original source address using the conntrack module. For example:\n\n ctorigsrc => '192.168.2.0/24'\n\nYou can also negate a mask by putting ! in front. For example:\n\n ctorigsrc => '! 192.168.2.0/24'\n\nThe ctorigsrc can also be an IPv6 address if your provider supports it.", "required_features": "conntrack"}, {"name": "ctorigsrcport", "description": "The original source port to match for this filter using the conntrack module.\nFor example:\n\n ctorigsrcport => '80'\n\nYou can also specify a port range: For example:\n\n ctorigsrcport => '80:81'\n\nYou can also negate a port by putting ! in front. For example:\n\n ctorigsrcport => '! 80'", "values": ["%r{^!?\\s?\\d+$|^!?\\s?\\d+\\:\\d+$}"], "required_features": "conntrack"}, {"name": "ctproto", "description": "The specific layer-4 protocol number to match for this rule using the\nconntrack module.", "values": ["%r{^!?\\s?\\d+$}"], "required_features": "conntrack"}, {"name": "ctrepldst", "description": "The reply destination address using the conntrack module. For example:\n\n ctrepldst => '192.168.2.0/24'\n\nYou can also negate a mask by putting ! in front. For example:\n\n ctrepldst => '! 192.168.2.0/24'\n\nThe ctrepldst can also be an IPv6 address if your provider supports it.", "required_features": "conntrack"}, {"name": "ctrepldstport", "description": "The reply destination port to match for this filter using the conntrack module.\nFor example:\n\n ctrepldstport => '80'\n\nYou can also specify a port range: For example:\n\n ctrepldstport => '80:81'\n\nYou can also negate a port by putting ! in front. For example:\n\n ctrepldstport => '! 80'", "values": ["%r{^!?\\s?\\d+$|^!?\\s?\\d+\\:\\d+$}"], "required_features": "conntrack"}, {"name": "ctreplsrc", "description": "The reply source address using the conntrack module. For example:\n\n ctreplsrc => '192.168.2.0/24'\n\nYou can also negate a mask by putting ! in front. For example:\n\n ctreplsrc => '! 192.168.2.0/24'\n\nThe ctreplsrc can also be an IPv6 address if your provider supports it.", "required_features": "conntrack"}, {"name": "ctreplsrcport", "description": "The reply source port to match for this filter using the conntrack module.\nFor example:\n\n ctreplsrcport => '80'\n\nYou can also specify a port range: For example:\n\n ctreplsrcport => '80:81'\n\nYou can also negate a port by putting ! in front. For example:\n\n ctreplsrcport => '! 80'", "values": ["%r{^!?\\s?\\d+$|^!?\\s?\\d+\\:\\d+$}"], "required_features": "conntrack"}, {"name": "ctstate", "description": "Matches a packet based on its state in the firewall stateful inspection\ntable, using the conntrack module. Values can be:\n\n* INVALID\n* ESTABLISHED\n* NEW\n* RELATED\n* UNTRACKED\n* SNAT\n* DNAT", "values": ["INVALID", "ESTABLISHED", "NEW", "RELATED", "UNTRACKED", "SNAT", "DNAT"], "required_features": "conntrack"}, {"name": "ctstatus", "description": "Matches a packet based on its status using the conntrack module. Values can be:\n\n* EXPECTED\n* SEEN_REPLY\n* ASSURED\n* CONFIRMED", "values": ["NONE", "EXPECTED", "SEEN_REPLY", "ASSURED", "CONFIRMED"], "required_features": "conntrack"}, {"name": "date_start", "description": "Only match during the given time, which must be in ISO 8601 \"T\" notation.\nThe possible time range is 1970-01-01T00:00:00 to 2038-01-19T04:17:07", "required_features": "iptables"}, {"name": "date_stop", "description": "Only match during the given time, which must be in ISO 8601 \"T\" notation.\nThe possible time range is 1970-01-01T00:00:00 to 2038-01-19T04:17:07", "required_features": "iptables"}, {"name": "destination", "description": "The destination address to match. For example:\n\n destination => '192.168.1.0/24'\n\nYou can also negate a mask by putting ! in front. For example:\n\n destination => '! 192.168.2.0/24'\n\nThe destination can also be an IPv6 address if your provider supports it."}, {"name": "dport", "description": "The destination port to match for this filter (if the protocol supports\nports). Will accept a single element or an array.\n\nFor some firewall providers you can pass a range of ports in the format:\n\n <start_number>-<ending_number>\n\nFor example:\n\n 1-1024\n\nThis would cover ports 1 to 1024."}, {"name": "dst_cc", "description": "dst attribute for the module geoip", "values": ["%r{^[A-Z]{2}(,[A-Z]{2})*$}"]}, {"name": "dst_range", "description": "The destination IP range. For example:\n\n dst_range => '192.168.1.1-192.168.1.10'\n\nThe destination IP range must be in 'IP1-IP2' format.", "required_features": "iprange"}, {"name": "dst_type", "description": "The destination address type. For example:\n\n dst_type => ['LOCAL']\n\nCan be one of:\n\n* UNSPEC - an unspecified address\n* UNICAST - a unicast address\n* LOCAL - a local address\n* BROADCAST - a broadcast address\n* ANYCAST - an anycast packet\n* MULTICAST - a multicast address\n* BLACKHOLE - a blackhole address\n* UNREACHABLE - an unreachable address\n* PROHIBIT - a prohibited address\n* THROW - undocumented\n* NAT - undocumented\n* XRESOLVE - undocumented\n\nIn addition, it accepts '--limit-iface-in' and '--limit-iface-out' flags, specified as:\n\n dst_type => ['LOCAL --limit-iface-in']\n\nIt can also be negated using '!':\n\n dst_type => ['! LOCAL']\n\nWill accept a single element or an array.", "values": ["[:UNSPEC, :UNICAST, :LOCAL, :BROADCAST, :ANYCAST, :MULTICAST,\n :BLACKHOLE, :UNREACHABLE, :PROHIBIT, :THROW, :NAT, :XRESOLVE].map { |address_type|\n [\n address_type,\n \"! #{address_type}\".to_sym,\n \"#{address_type} --limit-iface-in\".to_sym,\n \"#{address_type} --limit-iface-out\".to_sym,\n \"! #{address_type} --limit-iface-in\".to_sym,\n \"! #{address_type} --limit-iface-out\".to_sym,\n ]\n }.flatten"], "required_features": "address_type"}, {"name": "ensure", "description": "Manage the state of this rule.", "values": ["present", "absent"], "default": "present"}, {"name": "gateway", "description": "The TEE target will clone a packet and redirect this clone to another\nmachine on the local network segment. gateway is the target host's IP.", "required_features": "iptables"}, {"name": "gid", "description": "GID or Group owner matching rule. Accepts a string argument\nonly, as iptables does not accept multiple gid in a single\nstatement.", "required_features": "owner"}, {"name": "goto", "description": "The value for the iptables --goto parameter. Normal values are:\n\n* QUEUE\n* RETURN\n* DNAT\n* SNAT\n* LOG\n* MASQUERADE\n* REDIRECT\n* MARK\n\nBut any valid chain name is allowed.", "required_features": "iptables"}, {"name": "hashlimit_above", "description": "Match if the rate is above amount/quantum.\nThis parameter or hashlimit_upto is required.\nAllowed forms are '40','40/second','40/minute','40/hour','40/day'."}, {"name": "hashlimit_burst", "description": "Maximum initial number of packets to match: this number gets recharged by one every time the limit specified above is not reached, up to this number; the default is 5. When byte-based rate matching is requested, this option specifies the amount of bytes that can exceed the given rate. This option should be used with caution -- if the entry expires, the burst value is reset too.", "values": ["%r{^\\d+$}"]}, {"name": "hashlimit_dstmask", "description": "Like --hashlimit-srcmask, but for destination addresses."}, {"name": "hashlimit_htable_expire", "description": "After how many milliseconds do hash entries expire."}, {"name": "hashlimit_htable_gcinterval", "description": "How many milliseconds between garbage collection intervals."}, {"name": "hashlimit_htable_max", "description": "Maximum entries in the hash."}, {"name": "hashlimit_htable_size", "description": "The number of buckets of the hash table"}, {"name": "hashlimit_mode", "description": "A comma-separated list of objects to take into consideration. If no --hashlimit-mode option is given, hashlimit acts like limit, but at the expensive of doing the hash housekeeping.\nAllowed values are: srcip, srcport, dstip, dstport"}, {"name": "hashlimit_name", "description": "The name for the /proc/net/ipt_hashlimit/foo entry.\nThis parameter is required."}, {"name": "hashlimit_srcmask", "description": "When --hashlimit-mode srcip is used, all source addresses encountered will be grouped according to the given prefix length and the so-created subnet will be subject to hashlimit. prefix must be between (inclusive) 0 and 32. Note that --hashlimit-srcmask 0 is basically doing the same thing as not specifying srcip for --hashlimit-mode, but is technically more expensive."}, {"name": "hashlimit_upto", "description": "Match if the rate is below or equal to amount/quantum. It is specified either as a number, with an optional time quantum suffix (the default is 3/hour), or as amountb/second (number of bytes per second).\nThis parameter or hashlimit_above is required.\nAllowed forms are '40','40/second','40/minute','40/hour','40/day'."}, {"name": "helper", "description": "Invoke the nf_conntrack_xxx helper module for this packet.", "required_features": "ct_target"}, {"name": "hop_limit", "description": "Hop limiting value for matched packets.", "values": ["%r{^\\d+$}"], "required_features": "hop_limiting"}, {"name": "icmp", "description": "When matching ICMP packets, this is the type of ICMP packet to match.\n\nA value of \"any\" is not supported. To achieve this behaviour the\nparameter should simply be omitted or undefined.\nAn array of values is also not supported. To match against multiple ICMP\ntypes, please use separate rules for each ICMP type.", "required_features": "icmp_match"}, {"name": "iniface", "description": "Input interface to filter on. Supports interface alias like eth0:0.\nTo negate the match try this:\n\n iniface => '! lo',", "values": ["%r{^!?\\s?[a-zA-Z0-9\\-\\._\\+\\:@]+$}"], "required_features": "interface_match"}, {"name": "ipsec_dir", "description": "Sets the ipsec policy direction", "values": ["in", "out"], "required_features": "ipsec_dir"}, {"name": "ipsec_policy", "description": "Sets the ipsec policy type. May take a combination of arguments for any flags that can be passed to `--pol ipsec` such as: `--strict`, `--reqid 100`, `--next`, `--proto esp`, etc.", "values": ["none", "ipsec"], "required_features": "ipsec_policy"}, {"name": "ipset", "description": "Matches against the specified ipset list.\nRequires ipset kernel module. Will accept a single element or an array.\nThe value is the name of the blacklist, followed by a space, and then\n'src' and/or 'dst' separated by a comma.\nFor example: 'blacklist src,dst'", "required_features": "ipset"}, {"name": "ipvs", "description": "Indicates that the current packet belongs to an IPVS connection.", "values": ["true", "false"], "required_features": "ipvs"}, {"name": "isfirstfrag", "description": "If true, matches if the packet is the first fragment.\nSadly cannot be negated. ipv6.", "values": ["true", "false"], "required_features": "isfirstfrag"}, {"name": "isfragment", "description": "Set to true to match tcp fragments (requires type to be set to tcp)", "values": ["true", "false"], "required_features": "isfragment"}, {"name": "ishasmorefrags", "description": "If true, matches if the packet has it's 'more fragments' bit set. ipv6.", "values": ["true", "false"], "required_features": "ishasmorefrags"}, {"name": "islastfrag", "description": "If true, matches if the packet is the last fragment. ipv6.", "values": ["true", "false"], "required_features": "islastfrag"}, {"name": "jump", "description": "The value for the iptables --jump parameter. Normal values are:\n\n* QUEUE\n* RETURN\n* DNAT\n* SNAT\n* LOG\n* NFLOG\n* MASQUERADE\n* REDIRECT\n* MARK\n* CT\n\nBut any valid chain name is allowed.\n\nFor the values ACCEPT, DROP, and REJECT, you must use the generic\n'action' parameter. This is to enfore the use of generic parameters where\npossible for maximum cross-platform modelling.\n\nIf you set both 'accept' and 'jump' parameters, you will get an error as\nonly one of the options should be set.", "required_features": "iptables"}, {"name": "kernel_timezone", "description": "Use the kernel timezone instead of UTC to determine whether a packet meets the time regulations.", "values": ["true", "false"], "required_features": "iptables"}, {"name": "length", "description": "Sets the length of layer-3 payload to match.", "required_features": "length"}, {"name": "limit", "description": "Rate limiting value for matched packets. The format is:\nrate/[/second/|/minute|/hour|/day].\n\nExample values are: '50/sec', '40/min', '30/hour', '10/day'.\"", "required_features": "rate_limiting"}, {"name": "log_ip_options", "description": "When combined with jump => \"LOG\" logging of the TCP IP/IPv6\npacket header.", "values": ["true", "false"], "required_features": "log_ip_options"}, {"name": "log_level", "description": "When combined with jump => \"LOG\" specifies the system log level to log\nto.", "required_features": "log_level"}, {"name": "log_prefix", "description": "When combined with jump => \"LOG\" specifies the log prefix to use when\nlogging.", "required_features": "log_prefix"}, {"name": "log_tcp_options", "description": "When combined with jump => \"LOG\" logging of the TCP packet\nheader.", "values": ["true", "false"], "required_features": "log_tcp_options"}, {"name": "log_tcp_sequence", "description": "When combined with jump => \"LOG\" enables logging of the TCP sequence\nnumbers.", "values": ["true", "false"], "required_features": "log_tcp_sequence"}, {"name": "log_uid", "description": "When combined with jump => \"LOG\" specifies the uid of the process making\nthe connection.", "values": ["true", "false"], "required_features": "log_uid"}, {"name": "mac_source", "description": "MAC Source", "values": ["%r{^([0-9a-f]{2}[:]){5}([0-9a-f]{2})$}i"]}, {"name": "mask", "description": "Sets the mask to use when `recent` is enabled.", "required_features": "mask"}, {"name": "match_mark", "description": "Match the Netfilter mark value associated with the packet. Accepts either of:\nmark/mask or mark. These will be converted to hex if they are not already.", "required_features": "mark"}, {"name": "month_days", "description": "Only match on the given days of the month. Possible values are 1 to 31.\nNote that specifying 31 will of course not match on months which do not have a 31st day;\nthe same goes for 28- or 29-day February.", "required_features": "iptables"}, {"name": "mss", "description": "Match a given TCP MSS value or range."}, {"name": "nflog_group", "description": "Used with the jump target NFLOG.\nThe netlink group (0 - 2^16-1) to which packets are (only applicable\nfor nfnetlink_log). Defaults to 0.", "required_features": "nflog_group"}, {"name": "nflog_prefix", "description": "Used with the jump target NFLOG.\nA prefix string to include in the log message, up to 64 characters long,\nuseful for distinguishing messages in the logs.", "required_features": "nflog_prefix"}, {"name": "nflog_range", "description": "Used with the jump target NFLOG.\nThe number of bytes to be copied to userspace (only applicable for nfnetlink_log).\nnfnetlink_log instances may specify their own range, this option overrides it.", "required_features": "nflog_range"}, {"name": "nflog_threshold", "description": "Used with the jump target NFLOG.\nNumber of packets to queue inside the kernel before sending them to userspace\n(only applicable for nfnetlink_log). Higher values result in less overhead\nper packet, but increase delay until the packets reach userspace. Defaults to 1.", "required_features": "nflog_threshold"}, {"name": "notrack", "description": "Invoke the disable connection tracking for this packet.\nThis parameter can be used with iptables version >= 1.8.3", "values": ["true", "false"], "required_features": "ct_target"}, {"name": "outiface", "description": " Output interface to filter on. Supports interface alias like eth0:0.\nTo negate the match try this:\n\n outiface => '! lo',", "values": ["%r{^!?\\s?[a-zA-Z0-9\\-\\._\\+\\:@]+$}"], "required_features": "interface_match"}, {"name": "physdev_in", "description": "Match if the packet is entering a bridge from the given interface.", "values": ["%r{^[a-zA-Z0-9\\-\\._\\+]+$}"], "required_features": "iptables"}, {"name": "physdev_is_bridged", "description": "Match if the packet is transversing a bridge.", "values": ["true", "false"], "required_features": "iptables"}, {"name": "physdev_is_in", "description": "Matches if the packet has entered through a bridge interface.", "values": ["true", "false"], "required_features": "iptables"}, {"name": "physdev_is_out", "description": "Matches if the packet will leave through a bridge interface.", "values": ["true", "false"], "required_features": "iptables"}, {"name": "physdev_out", "description": "Match if the packet is leaving a bridge via the given interface.", "values": ["%r{^[a-zA-Z0-9\\-\\._\\+]+$}"], "required_features": "iptables"}, {"name": "pkttype", "description": "Sets the packet type to match.", "values": ["unicast", "broadcast", "multicast"], "required_features": "pkttype"}, {"name": "port", "description": "*note* This property has been DEPRECATED\n\nThe destination or source port to match for this filter (if the protocol\nsupports ports). Will accept a single element or an array.\n\nFor some firewall providers you can pass a range of ports in the format:\n\n <start_number>-<ending_number>\n\nFor example:\n\n 1-1024\n\nThis would cover ports 1 to 1024."}, {"name": "proto", "description": "The specific protocol to match for this rule.", "values": ["[:ip, :tcp, :udp, :icmp, :\"ipv6-icmp\", :esp, :ah, :vrrp, :carp, :igmp, :ipencap, :ipv4, :ipv6, :ospf, :gre, :cbt, :sctp, :pim, :all].map { |proto|\n [proto, \"! #{proto}\".to_sym]\n }.flatten"], "default": "tcp"}, {"name": "queue_bypass", "description": "Used with NFQUEUE jump target\nAllow packets to bypass :queue_num if userspace process is not listening", "values": ["true", "false"], "required_features": "queue_bypass"}, {"name": "queue_num", "description": "Used with NFQUEUE jump target.\nWhat queue number to send packets to", "required_features": "queue_num"}, {"name": "random", "description": "When using a jump value of \"MASQUERADE\", \"DNAT\", \"REDIRECT\", or \"SNAT\"\nthis boolean will enable randomized port mapping.", "values": ["true", "false"], "required_features": "dnat"}, {"name": "random_fully", "description": "When using a jump value of \"MASQUERADE\", \"DNAT\", \"REDIRECT\", or \"SNAT\"\nthis boolean will enable fully randomized port mapping.\n\n**NOTE** Requires Kernel >= 3.13 and iptables >= 1.6.2", "values": ["true", "false"], "required_features": "random_fully"}, {"name": "rdest", "description": "Recent module; add the destination IP address to the list.\nMust be boolean true.", "values": ["true", "false"], "required_features": "recent_limiting"}, {"name": "reap", "description": "Recent module; can only be used in conjunction with the `rseconds`\nattribute. When used, this will cause entries older than 'seconds' to be\npurged. Must be boolean true.", "values": ["true", "false"], "required_features": "recent_limiting"}, {"name": "recent", "description": "Enable the recent module. Takes as an argument one of set, update,\nrcheck or remove. For example:\n\n ```\n # If anyone's appeared on the 'badguy' blacklist within\n # the last 60 seconds, drop their traffic, and update the timestamp.\n firewall { '100 Drop badguy traffic':\n recent => 'update',\n rseconds => 60,\n rsource => true,\n rname => 'badguy',\n action => 'DROP',\n chain => 'FORWARD',\n }\n ```\n\n\n ```\n # No-one should be sending us traffic on eth0 from the\n # localhost, Blacklist them\n firewall { '101 blacklist strange traffic':\n recent => 'set',\n rsource => true,\n rname => 'badguy',\n destination => '127.0.0.0/8',\n iniface => 'eth0',\n action => 'DROP',\n chain => 'FORWARD',\n }\n ```", "values": ["set", "update", "rcheck", "remove"], "required_features": "recent_limiting"}, {"name": "reject", "description": "When combined with action => \"REJECT\" you can specify a different icmp\nresponse to be sent back to the packet sender.", "required_features": "reject_type"}, {"name": "rhitcount", "description": "Recent module; used in conjunction with `recent => 'update'` or `recent\n=> 'rcheck'. When used, this will narrow the match to only happen when\nthe address is in the list and packets had been received greater than or\nequal to the given value.", "required_features": "recent_limiting"}, {"name": "rname", "description": "Recent module; The name of the list. Takes a string argument.", "required_features": "recent_limiting"}, {"name": "rpfilter", "description": "Enable the rpfilter module.", "values": ["loose", "validmark", "accept-local", "invert"], "required_features": "rpfilter"}, {"name": "rseconds", "description": "Recent module; used in conjunction with one of `recent => 'rcheck'` or\n`recent => 'update'`. When used, this will narrow the match to only\nhappen when the address is in the list and was seen within the last given\nnumber of seconds.", "required_features": "recent_limiting"}, {"name": "rsource", "description": "Recent module; add the source IP address to the list.\nMust be boolean true.", "values": ["true", "false"], "required_features": "recent_limiting"}, {"name": "rttl", "description": "Recent module; may only be used in conjunction with one of `recent =>\n'rcheck'` or `recent => 'update'`. When used, this will narrow the match\nto only happen when the address is in the list and the TTL of the current\npacket matches that of the packet which hit the `recent => 'set'` rule.\nThis may be useful if you have problems with people faking their source\naddress in order to DoS you via this module by disallowing others access\nto your site by sending bogus packets to you. Must be boolean true.", "values": ["true", "false"], "required_features": "recent_limiting"}, {"name": "set_dscp", "description": "Set DSCP Markings.", "required_features": "iptables"}, {"name": "set_dscp_class", "description": "This sets the DSCP field according to a predefined DiffServ class.", "required_features": "iptables"}, {"name": "set_mark", "description": "Set the Netfilter mark value associated with the packet. Accepts either of:\nmark/mask or mark. These will be converted to hex if they are not already.", "required_features": "mark"}, {"name": "set_mss", "description": "Sets the TCP MSS value for packets.", "required_features": "iptables"}, {"name": "socket", "description": "If true, matches if an open socket can be found by doing a coket lookup\non the packet.", "values": ["true", "false"], "required_features": "socket"}, {"name": "source", "description": "The source address. For example:\n\n source => '192.168.2.0/24'\n\nYou can also negate a mask by putting ! in front. For example:\n\n source => '! 192.168.2.0/24'\n\nThe source can also be an IPv6 address if your provider supports it."}, {"name": "sport", "description": "The source port to match for this filter (if the protocol supports\nports). Will accept a single element or an array.\n\nFor some firewall providers you can pass a range of ports in the format:\n\n <start_number>-<ending_number>\n\nFor example:\n\n 1-1024\n\nThis would cover ports 1 to 1024."}, {"name": "src_cc", "description": "src attribute for the module geoip", "values": ["%r{^[A-Z]{2}(,[A-Z]{2})*$}"]}, {"name": "src_range", "description": "The source IP range. For example:\n\n src_range => '192.168.1.1-192.168.1.10'\n\nThe source IP range must be in 'IP1-IP2' format.", "required_features": "iprange"}, {"name": "src_type", "description": "The source address type. For example:\n\n src_type => ['LOCAL']\n\nCan be one of:\n\n* UNSPEC - an unspecified address\n* UNICAST - a unicast address\n* LOCAL - a local address\n* BROADCAST - a broadcast address\n* ANYCAST - an anycast packet\n* MULTICAST - a multicast address\n* BLACKHOLE - a blackhole address\n* UNREACHABLE - an unreachable address\n* PROHIBIT - a prohibited address\n* THROW - undocumented\n* NAT - undocumented\n* XRESOLVE - undocumented\n\nIn addition, it accepts '--limit-iface-in' and '--limit-iface-out' flags, specified as:\n\n src_type => ['LOCAL --limit-iface-in']\n\nIt can also be negated using '!':\n\n src_type => ['! LOCAL']\n\nWill accept a single element or an array.", "values": ["[:UNSPEC, :UNICAST, :LOCAL, :BROADCAST, :ANYCAST, :MULTICAST,\n :BLACKHOLE, :UNREACHABLE, :PROHIBIT, :THROW, :NAT, :XRESOLVE].map { |address_type|\n [\n address_type,\n \"! #{address_type}\".to_sym,\n \"#{address_type} --limit-iface-in\".to_sym,\n \"#{address_type} --limit-iface-out\".to_sym,\n \"! #{address_type} --limit-iface-in\".to_sym,\n \"! #{address_type} --limit-iface-out\".to_sym,\n ]\n }.flatten"], "required_features": "address_type"}, {"name": "stat_every", "description": "Match one packet every nth packet. Requires `stat_mode => 'nth'`"}, {"name": "stat_mode", "description": "Set the matching mode for statistic matching.", "values": ["nth", "random"]}, {"name": "stat_packet", "description": "Set the initial counter value for the nth mode. Must be between 0 and the value of `stat_every`. Defaults to 0. Requires `stat_mode => 'nth'`", "values": ["%r{^\\d+$}"]}, {"name": "stat_probability", "description": "Set the probability from 0 to 1 for a packet to be randomly matched. It works only with `stat_mode => 'random'`."}, {"name": "state", "description": "Matches a packet based on its state in the firewall stateful inspection\ntable. Values can be:\n\n* INVALID\n* ESTABLISHED\n* NEW\n* RELATED\n* UNTRACKED", "values": ["INVALID", "ESTABLISHED", "NEW", "RELATED", "UNTRACKED"], "required_features": "state_match"}, {"name": "string", "description": "String matching feature. Matches the packet against the pattern\ngiven as an argument.", "required_features": "string_matching"}, {"name": "string_algo", "description": "String matching feature, pattern matching strategy.", "values": ["bm", "kmp"], "required_features": "string_matching"}, {"name": "string_from", "description": "String matching feature, offset from which we start looking for any matching.", "required_features": "string_matching"}, {"name": "string_hex", "description": "String matching feature. Matches the package against the hex pattern\ngiven as an argument."}, {"name": "string_to", "description": "String matching feature, offset up to which we should scan.", "required_features": "string_matching"}, {"name": "table", "description": "Table to use. Can be one of:\n\n* nat\n* mangle\n* filter\n* raw\n* rawpost", "values": ["nat", "mangle", "filter", "raw", "rawpost"], "required_features": "iptables", "default": "filter"}, {"name": "tcp_flags", "description": "Match when the TCP flags are as specified.\nIs a string with a list of comma-separated flag names for the mask,\nthen a space, then a comma-separated list of flags that should be set.\nThe flags are: SYN ACK FIN RST URG PSH ALL NONE\nNote that you specify them in the order that iptables --list-rules\nwould list them to avoid having puppet think you changed the flags.\nExample: FIN,SYN,RST,ACK SYN matches packets with the SYN bit set and the\nACK,RST and FIN bits cleared. Such packets are used to request\nTCP connection initiation.", "required_features": "tcp_flags"}, {"name": "time_contiguous", "description": "When time_stop is smaller than time_start value, match this as a single time period instead distinct intervals.", "values": ["true", "false"], "required_features": "iptables"}, {"name": "time_start", "description": "Only match during the given daytime. The possible time range is 00:00:00 to 23:59:59.\nLeading zeroes are allowed (e.g. \"06:03\") and correctly interpreted as base-10.", "required_features": "iptables"}, {"name": "time_stop", "description": "Only match during the given daytime. The possible time range is 00:00:00 to 23:59:59.\nLeading zeroes are allowed (e.g. \"06:03\") and correctly interpreted as base-10.", "required_features": "iptables"}, {"name": "to", "description": "For NETMAP this will replace the destination IP", "required_features": "netmap"}, {"name": "todest", "description": "When using jump => \"DNAT\" you can specify the new destination address\nusing this paramter.", "required_features": "dnat"}, {"name": "toports", "description": "For DNAT this is the port that will replace the destination port.", "required_features": "dnat"}, {"name": "tosource", "description": "When using jump => \"SNAT\" you can specify the new source address using\nthis parameter.", "required_features": "snat"}, {"name": "uid", "description": "UID or Username owner matching rule. Accepts a string argument\nonly, as iptables does not accept multiple uid in a single\nstatement.", "required_features": "owner"}, {"name": "week_days", "description": "Only match on the given weekdays.", "values": ["Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun"], "required_features": "iptables"}, {"name": "zone", "description": "Assign this packet to zone id and only have lookups done in that zone.", "required_features": "ct_target"}], "parameters": [{"name": "line", "description": "Read-only property for caching the rule line."}, {"name": "name", "description": "The canonical name of the rule. This name is also used for ordering\nso make sure you prefix the rule with a number:\n\n 000 this runs first\n 999 this runs last\n\nDepending on the provider, the name of the rule can be stored using\nthe comment feature of the underlying firewall subsystem.", "values": ["%r{^\\d+[[:graph:][:space:]]+$}"], "isnamevar": true}, {"name": "provider", "description": "The specific backend to use for this `firewall` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform."}], "features": [{"name": "address_type", "description": "The ability match on source or destination address type"}, {"name": "bpf", "description": "Berkeley Paket Filter feature"}, {"name": "clusterip", "description": "Configure a simple cluster of nodes that share a certain IP and MAC address without an explicit load balancer in front of them."}, {"name": "condition", "description": "Match if a specific condition variable is (un)set."}, {"name": "connection_limiting", "description": "Connection limiting features."}, {"name": "conntrack", "description": "Connection tracking features."}, {"name": "ct_target", "description": "The ability to set connection tracking parameters for a packet or its associated connection"}, {"name": "dnat", "description": "Destination NATing"}, {"name": "hashlimit", "description": "Hashlimit features"}, {"name": "hop_limiting", "description": "Hop limiting features."}, {"name": "icmp_match", "description": "Matching ICMP types"}, {"name": "interface_match", "description": "Interface matching"}, {"name": "iprange", "description": "The ability match on source or destination IP range"}, {"name": "ipsec_dir", "description": "Match IPsec policy direction"}, {"name": "ipsec_policy", "description": "Match IPsec policy"}, {"name": "ipset", "description": "Match against specified ipset list"}, {"name": "iptables", "description": "The provider provides iptables features."}, {"name": "ipvs", "description": "Packet belongs to an IP Virtual Server connection"}, {"name": "isfirstfrag", "description": "Match the first fragment of a fragmented ipv6 packet"}, {"name": "isfragment", "description": "Match fragments"}, {"name": "ishasmorefrags", "description": "Match a non-last fragment of a fragmented ipv6 packet - might be first"}, {"name": "islastfrag", "description": "Match the last fragment of an ipv6 packet"}, {"name": "length", "description": "Match the length of layer-3 payload"}, {"name": "log_ip_options", "description": "Add IP/IPv6 packet header to log messages"}, {"name": "log_level", "description": "The ability to control the log level"}, {"name": "log_prefix", "description": "The ability to add prefixes to log messages"}, {"name": "log_tcp_options", "description": "Add TCP packet header to log messages"}, {"name": "log_tcp_sequence", "description": "Add TCP sequence numbers to log messages"}, {"name": "log_uid", "description": "Add UIDs to log messages"}, {"name": "mark", "description": "Match or Set the netfilter mark value associated with the packet"}, {"name": "mask", "description": "Ability to match recent rules based on the ipv4 mask"}, {"name": "mss", "description": "Match a given TCP MSS value or range."}, {"name": "netmap", "description": "NET MAPping"}, {"name": "nflog_group", "description": "netlink group to subscribe to for logging"}, {"name": "nflog_prefix", "description": "''"}, {"name": "nflog_range", "description": "''"}, {"name": "nflog_threshold", "description": "''"}, {"name": "owner", "description": "Matching owners"}, {"name": "pkttype", "description": "Match a packet type"}, {"name": "queue_bypass", "description": "If nothing is listening on queue_num, allow packets to bypass the queue"}, {"name": "queue_num", "description": "Which NFQUEUE to send packets to"}, {"name": "random_fully", "description": "The ability to use --random-fully flag"}, {"name": "rate_limiting", "description": "Rate limiting features."}, {"name": "recent_limiting", "description": "The netfilter recent module"}, {"name": "reject_type", "description": "The ability to control reject messages"}, {"name": "snat", "description": "Source NATing"}, {"name": "socket", "description": "Match open sockets"}, {"name": "state_match", "description": "Matching stateful firewall states"}, {"name": "string_matching", "description": "String matching features"}, {"name": "tcp_flags", "description": "The ability to match on particular TCP flag settings"}], "providers": [{"name": "ip6tables", "type_name": "firewall", "file": "lib/puppet/provider/firewall/ip6tables.rb", "line": 3, "docstring": {"text": "Ip6tables type provider"}, "confines": {"kernel": "linux"}, "features": ["iptables", "condition", "connection_limiting", "conntrack", "hop_limiting", "rate_limiting", "recent_limiting", "snat", "dnat", "interface_match", "icmp_match", "owner", "state_match", "reject_type", "log_level", "log_prefix", "log_uid", "log_tcp_sequence", "log_tcp_options", "log_ip_options", "mark", "mss", "nflog_group", "nflog_prefix", "nflog_range", "nflog_threshold", "tcp_flags", "pkttype", "ishasmorefrags", "islastfrag", "isfirstfrag", "socket", "address_type", "iprange", "ipsec_dir", "ipsec_policy", "mask", "ipset", "length", "string_matching", "queue_num", "queue_bypass", "ct_target", "rpfilter"]}, {"name": "iptables", "type_name": "firewall", "file": "lib/puppet/provider/firewall/iptables.rb", "line": 6, "docstring": {"text": "Iptables type provider"}, "confines": {"kernel": "linux"}, "features": ["iptables", "condition", "connection_limiting", "conntrack", "rate_limiting", "recent_limiting", "snat", "dnat", "netmap", "interface_match", "icmp_match", "owner", "state_match", "reject_type", "log_level", "log_prefix", "log_uid", "log_tcp_sequence", "log_tcp_options", "log_ip_options", "mark", "mss", "nflog_group", "nflog_prefix", "nflog_range", "nflog_threshold", "tcp_flags", "pkttype", "isfragment", "socket", "address_type", "iprange", "ipsec_dir", "ipsec_policy", "mask", "ipset", "clusterip", "length", "string_matching", "queue_num", "queue_bypass", "ipvs", "ct_target", "rpfilter"], "defaults": [[["kernel", "linux"]]]}]}, {"name": "firewallchain", "file": "lib/puppet/type/firewallchain.rb", "line": 12, "docstring": {"text": "Currently this supports only iptables, ip6tables and ebtables on Linux. And\nprovides support for setting the default policy on chains and tables that\nallow it.\n\n**Autorequires:**\nIf Puppet is managing the iptables, iptables-persistent, or iptables-services packages,\nand the provider is iptables_chain, the firewall resource will autorequire\nthose packages to ensure that any required binaries are installed.\n\n#### Providers\n * iptables_chain is the only provider that supports firewallchain.\n\n#### Features\n * iptables_chain: The provider provides iptables chain features.\n * policy: Default policy (inbuilt chains only).", "tags": [{"tag_name": "summary", "text": "This type provides the capability to manage rule chains for firewalls."}]}, "properties": [{"name": "ensure", "description": "The basic property that the resource should be in.", "values": ["present", "absent"], "default": "present"}, {"name": "policy", "description": "This is the action to when the end of the chain is reached.\nIt can only be set on inbuilt chains (INPUT, FORWARD, OUTPUT,\nPREROUTING, POSTROUTING) and can be one of:\n\n* accept - the packet is accepted\n* drop - the packet is dropped\n* queue - the packet is passed userspace\n* return - the packet is returned to calling (jump) queue\n or the default of inbuilt chains", "values": ["accept", "drop", "queue", "return"]}], "parameters": [{"name": "ignore", "description": "Regex to perform on firewall rules to exempt unmanaged rules from purging (when enabled).\nThis is matched against the output of `iptables-save`.\n\nThis can be a single regex, or an array of them.\nTo support flags, use the ruby inline flag mechanism.\nMeaning a regex such as\n /foo/i\ncan be written as\n '(?i)foo' or '(?i:foo)'\n\nFull example:\n```\nfirewallchain { 'INPUT:filter:IPv4':\n purge => true,\n ignore => [\n '-j fail2ban-ssh', # ignore the fail2ban jump rule\n '--comment \"[^\"]*(?i:ignore)[^\"]*\"', # ignore any rules with \"ignore\" (case insensitive) in the comment in the rule\n ],\n}\n```"}, {"name": "ignore_foreign", "description": "Ignore rules that do not match the puppet title pattern \"^\\d+[[:graph:][:space:]]\" when purging unmanaged firewall rules in this chain.\nThis can be used to ignore rules that were not put in by puppet. Beware that nothing keeps other systems from configuring firewall rules with a comment that starts with digits, and is indistinguishable from puppet-configured rules.", "values": ["false", "true"], "default": "false"}, {"name": "name", "description": "The canonical name of the chain.\n\nFor iptables the format must be {chain}:{table}:{protocol}.", "isnamevar": true}, {"name": "provider", "description": "The specific backend to use for this `firewallchain` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform."}, {"name": "purge", "description": "Purge unmanaged firewall rules in this chain", "values": ["false", "true"], "default": "false"}], "features": [{"name": "iptables_chain", "description": "The provider provides iptables chain features."}, {"name": "policy", "description": "Default policy (inbuilt chains only)"}], "providers": [{"name": "iptables_chain", "type_name": "firewallchain", "file": "lib/puppet/provider/firewallchain/iptables_chain.rb", "line": 3, "docstring": {"text": "Iptables chain provider"}, "confines": {"kernel": "linux"}, "features": ["iptables_chain", "policy"], "defaults": [[["kernel", "linux"]]]}]}, {"name": "loginctl_user", "file": "lib/puppet/type/loginctl_user.rb", "line": 5, "docstring": {"text": "An arbitrary name used as the identity of the resource."}, "properties": [{"name": "linger", "description": "Whether linger is enabled for the user.", "values": ["enabled", "disabled"], "default": "disabled"}], "parameters": [{"name": "name", "description": "An arbitrary name used as the identity of the resource.", "isnamevar": true}, {"name": "provider", "description": "The specific backend to use for this `loginctl_user` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform."}], "providers": [{"name": "ruby", "type_name": "loginctl_user", "file": "lib/puppet/provider/loginctl_user/ruby.rb", "line": 6, "docstring": {"text": "custom provider to manage systemd user sessions/linger"}, "commands": {"loginctl": "loginctl"}}]}, {"name": "vcsrepo", "file": "lib/puppet/type/vcsrepo.rb", "line": 6, "docstring": {"text": "A local version control repository"}, "properties": [{"name": "ensure", "description": "Ensure the version control repository.", "values": ["present", "bare", "mirror", "absent", "latest"]}, {"name": "includes", "description": "Paths to be included from the repository"}, {"name": "module", "description": "The repository module to manage"}, {"name": "revision", "description": "The revision of the repository", "values": ["%r{^\\S+$}"]}, {"name": "source", "description": "The source URI for the repository"}], "parameters": [{"name": "basic_auth_password", "description": "HTTP Basic Auth password"}, {"name": "basic_auth_username", "description": "HTTP Basic Auth username"}, {"name": "branch", "description": "The name of the branch to clone."}, {"name": "compression", "description": "Compression level"}, {"name": "configuration", "description": "The configuration directory to use"}, {"name": "conflict", "description": "The action to take if conflicts exist between repository and working copy"}, {"name": "cvs_rsh", "description": "The value to be used for the CVS_RSH environment variable."}, {"name": "depth", "description": "The value to be used to do a shallow clone."}, {"name": "excludes", "description": "Local paths which shouldn't be tracked by the repository"}, {"name": "force", "description": "Force repository creation, destroying any files on the path in the process.", "values": ["true", "false", "yes", "no"], "default": "false"}, {"name": "fstype", "description": "Filesystem type"}, {"name": "group", "description": "The group/gid that owns the repository files"}, {"name": "identity", "description": "SSH identity file"}, {"name": "keep_local_changes", "description": "Keep local changes on files tracked by the repository when changing revision", "values": ["true", "false"], "default": "false"}, {"name": "owner", "description": "The user/uid that owns the repository files"}, {"name": "p4config", "description": "The Perforce P4CONFIG environment."}, {"name": "path", "description": "Absolute path to repository", "isnamevar": true}, {"name": "provider", "description": "The specific backend to use for this `vcsrepo` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform."}, {"name": "remote", "description": "The remote repository to track", "default": "origin"}, {"name": "submodules", "description": "Initialize and update each submodule in the repository.", "values": ["true", "false"], "default": "true"}, {"name": "trust_server_cert", "description": "Trust server certificate", "values": ["true", "false"], "default": "false"}, {"name": "user", "description": "The user to run for repository operations"}], "features": [{"name": "bare_repositories", "description": "The provider differentiates between bare repositories and those with working copies"}, {"name": "basic_auth", "description": "The provider supports HTTP Basic Authentication"}, {"name": "branch", "description": "The name of the branch"}, {"name": "configuration", "description": "The configuration directory to use"}, {"name": "conflict", "description": "The provider supports automatic conflict resolution"}, {"name": "cvs_rsh", "description": "The provider understands the CVS_RSH environment variable"}, {"name": "depth", "description": "The provider can do shallow clones or set scope limit"}, {"name": "filesystem_types", "description": "The provider supports different filesystem types"}, {"name": "gzip_compression", "description": "The provider supports explicit GZip compression levels"}, {"name": "include_paths", "description": "The provider supports checking out only specific paths"}, {"name": "keep_local_changes", "description": "The provider supports keeping local changes on files tracked by the repository when changing revision"}, {"name": "modules", "description": "The repository contains modules that can be chosen of"}, {"name": "multiple_remotes", "description": "The repository tracks multiple remote repositories"}, {"name": "p4config", "description": "The provider understands Perforce Configuration"}, {"name": "reference_tracking", "description": "The provider supports tracking revision references that can change over time (eg, some VCS tags and branch names)"}, {"name": "ssh_identity", "description": "The provider supports a configurable SSH identity file"}, {"name": "submodules", "description": "The repository contains submodules which can be optionally initialized"}, {"name": "user", "description": "The provider can run as a different user"}], "providers": [{"name": "bzr", "type_name": "vcsrepo", "file": "lib/puppet/provider/vcsrepo/bzr.rb", "line": 5, "docstring": {"text": "Supports Bazaar repositories"}, "features": ["reference_tracking"], "commands": {"bzr": "bzr"}}, {"name": "cvs", "type_name": "vcsrepo", "file": "lib/puppet/provider/vcsrepo/cvs.rb", "line": 5, "docstring": {"text": "Supports CVS repositories/workspaces"}, "features": ["gzip_compression", "reference_tracking", "modules", "cvs_rsh", "user"], "commands": {"cvs": "cvs"}}, {"name": "dummy", "type_name": "vcsrepo", "file": "lib/puppet/provider/vcsrepo/dummy.rb", "line": 5, "docstring": {"text": "Dummy default provider"}, "defaults": [[["feature", "posix"]], [["operatingsystem", "windows"]]]}, {"name": "git", "type_name": "vcsrepo", "file": "lib/puppet/provider/vcsrepo/git.rb", "line": 5, "docstring": {"text": "Supports Git repositories"}, "features": ["bare_repositories", "reference_tracking", "ssh_identity", "multiple_remotes", "user", "depth", "branch", "submodules"]}, {"name": "hg", "type_name": "vcsrepo", "file": "lib/puppet/provider/vcsrepo/hg.rb", "line": 5, "docstring": {"text": "Supports Mercurial repositories"}, "features": ["reference_tracking", "ssh_identity", "user", "basic_auth"], "commands": {"hg": "hg"}}, {"name": "p4", "type_name": "vcsrepo", "file": "lib/puppet/provider/vcsrepo/p4.rb", "line": 5, "docstring": {"text": "Supports Perforce depots"}, "features": ["filesystem_types", "reference_tracking", "p4config"]}, {"name": "svn", "type_name": "vcsrepo", "file": "lib/puppet/provider/vcsrepo/svn.rb", "line": 5, "docstring": {"text": "Supports Subversion repositories"}, "features": ["filesystem_types", "reference_tracking", "basic_auth", "configuration", "conflict", "depth", "include_paths"], "commands": {"svn": "svn", "svnadmin": "svnadmin", "svnlook": "svnlook"}}]}, {"name": "java_ks", "file": "lib/puppet/type/java_ks.rb", "line": 3, "docstring": {"text": "Manages the entries in a java keystore, and uses composite namevars to\naccomplish the same alias spread across multiple target keystores."}, "properties": [{"name": "ensure", "description": "Has three states: present, absent, and latest. Latest\nwill compare the on disk SHA1 fingerprint of the certificate to that\nin keytool to determine if insync? returns true or false. We redefine\ninsync? for this parameter to accomplish this.", "values": ["present", "absent", "latest"], "default": "present"}, {"name": "password", "description": "The password used to protect the keystore. If private keys are\nsubsequently also protected this password will be used to attempt\nunlocking. Must be six or more characters in length. Cannot be used\ntogether with :password_file, but you must pass at least one of these parameters."}], "parameters": [{"name": "certificate", "description": "A file containing a server certificate, followed by zero or more intermediate certificate authorities.\nAll certificates will be placed in the keystore. This will autorequire the specified file."}, {"name": "certificate_content", "description": "A string containing a server certificate, followed by zero or more intermediate certificate authorities.\nAll certificates will be placed in the keystore."}, {"name": "chain", "description": "The intermediate certificate authorities, if they are to be taken\nfrom a file separate from the server certificate. This will autorequire the specified file."}, {"name": "destkeypass", "description": "The password used to protect the key in keystore."}, {"name": "keytool_timeout", "description": "Timeout for the keytool command in seconds.", "default": "120"}, {"name": "name", "description": "The alias that is used to identify the entry in the keystore. This will be\nconverted to lowercase.", "isnamevar": true}, {"name": "password_fail_reset", "description": "If the supplied password does not succeed in unlocking the\nkeystore file, then delete the keystore file and create a new one.\nDefault: false.", "values": ["true", "false"], "default": "false"}, {"name": "password_file", "description": "The path to a file containing the password used to protect the\nkeystore. This cannot be used together with :password, but you must pass at least one of these parameters."}, {"name": "path", "description": "The search path used for command (keytool, openssl) execution.\nPaths can be specified as an array or as a '"}, {"name": "private_key", "description": "If you want an application to be a server and encrypt traffic,\nyou will need a private key. Private key entries in a keystore must be\naccompanied by a signed certificate for the keytool provider. This parameter\nallows you to specify the file name containing the private key. This will autorequire\nthe specified file."}, {"name": "private_key_content", "description": "If you want an application to be a server and encrypt traffic,\nyou will need a private key. Private key entries in a keystore must be\naccompanied by a signed certificate for the keytool provider. This parameter allows you to specify the content\nof the private key."}, {"name": "private_key_type", "description": "The type of the private key. Usually the private key is of type RSA\nkey but it can also be an Elliptic Curve key (EC) or DSA.\nValid options: <rsa>, <dsa>, <ec>. Defaults to <rsa>", "values": ["rsa", "dsa", "ec"], "default": "rsa"}, {"name": "provider", "description": "The specific backend to use for this `java_ks` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform."}, {"name": "source_alias", "description": "The source certificate alias"}, {"name": "source_password", "description": "The source keystore password"}, {"name": "storetype", "description": "Optional storetype\nValid options: <jceks>, <pkcs12>, <jks>", "values": ["jceks", "pkcs12", "jks"]}, {"name": "target", "description": "Destination file for the keystore. This will autorequire the parent directory of the file.", "isnamevar": true}, {"name": "trustcacerts", "description": "Certificate authorities aren't by default trusted so if you are adding a CA you need to set this to true.\nDefaults to :false.", "values": ["true", "false"], "default": "false"}], "providers": [{"name": "keytool", "type_name": "java_ks", "file": "lib/puppet/provider/java_ks/keytool.rb", "line": 7, "docstring": {"text": "Uses a combination of openssl and keytool to manage Java keystores"}}]}, {"name": "a2mod", "file": "lib/puppet/type/a2mod.rb", "line": 3, "docstring": {"text": "Manage Apache 2 modules"}, "properties": [{"name": "ensure", "description": "The basic property that the resource should be in.", "values": ["present", "absent"], "default": "present"}], "parameters": [{"name": "identifier", "description": "Module identifier string used by LoadModule. Default: module-name_module"}, {"name": "lib", "description": "The name of the .so library to be loaded"}, {"name": "name", "description": "The name of the module to be managed", "isnamevar": true}, {"name": "provider", "description": "The specific backend to use for this `a2mod` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform."}], "providers": [{"name": "a2mod", "type_name": "a2mod", "file": "lib/puppet/provider/a2mod/a2mod.rb", "line": 5, "docstring": {"text": "Manage Apache 2 modules on Debian and Ubuntu"}, "confines": {"osfamily": "debian"}, "defaults": [[["operatingsystem", "[:debian, :ubuntu]"]]], "commands": {"apache2ctl": "apache2ctl"}}, {"name": "gentoo", "type_name": "a2mod", "file": "lib/puppet/provider/a2mod/gentoo.rb", "line": 4, "docstring": {"text": "Manage Apache 2 modules on Gentoo"}, "confines": {"operatingsystem": "gentoo"}, "defaults": [[["operatingsystem", "gentoo"]]]}, {"name": "modfix", "type_name": "a2mod", "file": "lib/puppet/provider/a2mod/modfix.rb", "line": 3, "docstring": {"text": "Dummy provider for A2mod.\nFake nil resources when there is no crontab binary available. Allows\npuppetd to run on a bootstrapped machine before a Cron package has been\ninstalled. Workaround for: http://projects.puppetlabs.com/issues/2384"}}, {"name": "redhat", "type_name": "a2mod", "file": "lib/puppet/provider/a2mod/redhat.rb", "line": 5, "docstring": {"text": "Manage Apache 2 modules on RedHat family OSs"}, "confines": {"osfamily": "redhat"}, "defaults": [[["osfamily", "redhat"]]], "commands": {"apachectl": "apachectl"}}]}, {"name": "mysql_database", "file": "lib/puppet/type/mysql_database.rb", "line": 3, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "summary", "text": "Manage a MySQL database."}]}, "properties": [{"name": "charset", "description": "The CHARACTER SET setting for the database", "values": ["%r{^\\S+$}"], "default": "utf8"}, {"name": "collate", "description": "The COLLATE setting for the database", "values": ["%r{^\\S+$}"], "default": "utf8_general_ci"}, {"name": "ensure", "description": "The basic property that the resource should be in.", "values": ["present", "absent"], "default": "present"}], "parameters": [{"name": "name", "description": "The name of the MySQL database to manage.", "isnamevar": true}, {"name": "provider", "description": "The specific backend to use for this `mysql_database` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform."}], "providers": [{"name": "mysql", "type_name": "mysql_database", "file": "lib/puppet/provider/mysql_database/mysql.rb", "line": 4, "docstring": {"text": "Manages MySQL databases."}, "commands": {"mysql_raw": "mysql"}}]}, {"name": "mysql_datadir", "file": "lib/puppet/type/mysql_datadir.rb", "line": 3, "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "summary", "text": "Manage MySQL datadirs with mysql_install_db OR mysqld (5.7.6 and above)."}]}, "properties": [{"name": "ensure", "description": "The basic property that the resource should be in.", "values": ["present", "absent"], "default": "present"}], "parameters": [{"name": "basedir", "description": "The basedir name, default /usr.", "values": ["%r{^/}"]}, {"name": "datadir", "description": "The datadir name"}, {"name": "defaults_extra_file", "description": "MySQL defaults-extra-file with absolute path (*.cnf).", "values": ["%r{^/.*\\.cnf$}"]}, {"name": "insecure", "description": "Insecure initialization (needed for 5.7.6++)."}, {"name": "log_error", "description": "The path to the mysqld error log file (used with the --log-error option)", "values": ["%r{^/}"]}, {"name": "provider", "description": "The specific backend to use for this `mysql_datadir` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform."}, {"name": "user", "description": "The user for the directory default mysql (name, not uid)."}], "providers": [{"name": "mysql", "type_name": "mysql_datadir", "file": "lib/puppet/provider/mysql_datadir/mysql.rb", "line": 4, "docstring": {"text": "manage data directories for mysql instances"}, "commands": {"mysqld": "mysqld"}}]}, {"name": "mysql_grant", "file": "lib/puppet/type/mysql_grant.rb", "line": 3, "docstring": {"text": "@summary\nManage a MySQL user's rights."}, "properties": [{"name": "ensure", "description": "The basic property that the resource should be in.", "values": ["present", "absent"], "default": "present"}, {"name": "options", "description": "Options to grant."}, {"name": "privileges", "description": "Privileges for user"}, {"name": "table", "description": "Table to apply privileges to.", "values": ["%r{.*\\..*}", "%r{^[0-9a-zA-Z$_]*@[\\w%\\.:\\-/]*$}"]}, {"name": "user", "description": "User to operate on."}], "parameters": [{"name": "name", "description": "Name to describe the grant.", "isnamevar": true}, {"name": "provider", "description": "The specific backend to use for this `mysql_grant` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform."}], "providers": [{"name": "mysql", "type_name": "mysql_grant", "file": "lib/puppet/provider/mysql_grant/mysql.rb", "line": 4, "docstring": {"text": "Set grants for users in MySQL."}, "commands": {"mysql_raw": "mysql"}}]}, {"name": "mysql_login_path", "file": "lib/puppet/type/mysql_login_path.rb", "line": 5, "docstring": {"text": "This type provides Puppet with the capabilities to store authentication credentials in an obfuscated login path file\nnamed .mylogin.cnf created with the mysql_config_editor utility. Supports only MySQL Community Edition > v5.6.6.", "tags": [{"tag_name": "example", "text": "mysql_login_path { 'local_socket':\n owner => 'root',\n host => 'localhost',\n user => 'root',\n password => Sensitive('secure'),\n socket => '/var/run/mysql/mysql.sock',\n ensure => present,\n}\n\nmysql_login_path { 'local_tcp':\n owner => 'root',\n host => '127.0.0.1',\n user => 'root',\n password => Sensitive('more_secure'),\n port => 3306,\n ensure => present,\n}", "name": ""}, {"tag_name": "see", "name": "https://dev.mysql.com/doc/refman/8.0/en/mysql-config-editor.html"}, {"tag_name": "summary", "text": "Manage a MySQL login path."}]}, "properties": [{"name": "ensure", "description": "Whether this resource should be present or absent on the target system.", "data_type": "Enum[present, absent]"}, {"name": "host", "description": "Host name to be entered into the login path.", "data_type": "Optional[String]"}, {"name": "password", "description": "Password to be entered into login path", "data_type": "Optional[Sensitive[String[1]]]"}, {"name": "port", "description": "Port number to be entered into login path.", "data_type": "Optional[Integer[0,65535]]"}, {"name": "socket", "description": "Socket path to be entered into login path", "data_type": "Optional[String]"}, {"name": "user", "description": "Username to be entered into the login path.", "data_type": "Optional[String]"}], "parameters": [{"name": "name", "description": "Name of the login path you want to manage.", "data_type": "String", "isnamevar": true}, {"name": "owner", "description": "The user to whom the logon path should belong.", "data_type": "String", "isnamevar": true, "default": "root"}]}, {"name": "mysql_plugin", "file": "lib/puppet/type/mysql_plugin.rb", "line": 3, "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "mysql_plugin { 'some_plugin':\n soname => 'some_pluginlib.so',\n}", "name": ""}, {"tag_name": "summary", "text": "Manage MySQL plugins."}]}, "properties": [{"name": "ensure", "description": "The basic property that the resource should be in.", "values": ["present", "absent"], "default": "present"}, {"name": "soname", "description": "The name of the library", "values": ["%r{^\\w+\\.\\w+$}"]}], "parameters": [{"name": "name", "description": "The name of the MySQL plugin to manage.", "isnamevar": true}, {"name": "provider", "description": "The specific backend to use for this `mysql_plugin` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform."}], "providers": [{"name": "mysql", "type_name": "mysql_plugin", "file": "lib/puppet/provider/mysql_plugin/mysql.rb", "line": 4, "docstring": {"text": "Manages MySQL plugins."}, "commands": {"mysql_raw": "mysql"}}]}, {"name": "mysql_user", "file": "lib/puppet/type/mysql_user.rb", "line": 4, "docstring": {"text": "@summary\nManage a MySQL user. This includes management of users password as well as privileges."}, "properties": [{"name": "ensure", "description": "The basic property that the resource should be in.", "values": ["present", "absent"], "default": "present"}, {"name": "max_connections_per_hour", "description": "Max connections per hour for the user. 0 means no (or global) limit.", "values": ["%r{\\d+}"]}, {"name": "max_queries_per_hour", "description": "Max queries per hour for the user. 0 means no (or global) limit.", "values": ["%r{\\d+}"]}, {"name": "max_updates_per_hour", "description": "Max updates per hour for the user. 0 means no (or global) limit.", "values": ["%r{\\d+}"]}, {"name": "max_user_connections", "description": "Max concurrent connections for the user. 0 means no (or global) limit.", "values": ["%r{\\d+}"]}, {"name": "password_hash", "description": "The password hash of the user. Use mysql::password() for creating such a hash.", "values": ["%r{\\w*}"]}, {"name": "plugin", "description": "The authentication plugin of the user.", "values": ["%r{\\w+}"]}, {"name": "tls_options", "description": "Options to that set the TLS-related REQUIRE attributes for the user."}], "parameters": [{"name": "name", "description": "The name of the user. This uses the 'username@hostname' or username@hostname.", "isnamevar": true}, {"name": "provider", "description": "The specific backend to use for this `mysql_user` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform."}], "providers": [{"name": "mysql", "type_name": "mysql_user", "file": "lib/puppet/provider/mysql_user/mysql.rb", "line": 4, "docstring": {"text": "manage users for a mysql database."}, "commands": {"mysql_raw": "mysql"}}]}, {"name": "puppetdb_conn_validator", "file": "lib/puppet/type/puppetdb_conn_validator.rb", "line": 1, "docstring": {"text": "Verify that a connection can be successfully established between a node\nand the puppetdb server. Its primary use is as a precondition to\nprevent configuration changes from being applied if the puppetdb\nserver cannot be reached, but it could potentially be used for other\npurposes such as monitoring."}, "properties": [{"name": "ensure", "description": "The basic property that the resource should be in.", "values": ["present", "absent"], "default": "present"}], "parameters": [{"name": "name", "description": "An arbitrary name used as the identity of the resource.", "isnamevar": true}, {"name": "provider", "description": "The specific backend to use for this `puppetdb_conn_validator` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform."}, {"name": "puppetdb_port", "description": "The port that the puppetdb server should be listening on."}, {"name": "puppetdb_server", "description": "The DNS name or IP address of the server where puppetdb should be running."}, {"name": "test_url", "description": "URL to use for testing if the PuppetDB database is up"}, {"name": "timeout", "description": "The max number of seconds that the validator should wait before giving up and deciding that puppetdb is not running; defaults to 15 seconds.", "default": "15"}, {"name": "use_ssl", "description": "Whether the connection will be attempted using https", "default": "true"}], "providers": [{"name": "puppet_https", "type_name": "puppetdb_conn_validator", "file": "lib/puppet/provider/puppetdb_conn_validator/puppet_https.rb", "line": 15, "docstring": {"text": "A provider for the resource type `puppetdb_conn_validator`,\nwhich validates the puppetdb connection by attempting an http(s)\nconnection to the puppetdb server. Uses the puppet SSL certificate\nsetup from the local puppet environment to authenticate if use_ssl\nis set to true."}}]}, {"name": "elasticsearch_index", "file": "lib/puppet/type/elasticsearch_index.rb", "line": 10, "docstring": {"text": "Manages Elasticsearch index settings."}, "properties": [{"name": "ensure", "description": "The basic property that the resource should be in.", "values": ["present", "absent"], "default": "present"}, {"name": "settings", "description": "Structured settings for the index in hash form."}], "parameters": [{"name": "name", "description": "Index name.", "isnamevar": true}, {"name": "provider", "description": "The specific backend to use for this `elasticsearch_index` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform."}], "providers": [{"name": "ruby", "type_name": "elasticsearch_index", "file": "lib/puppet/provider/elasticsearch_index/ruby.rb", "line": 10, "docstring": {"text": "A REST API based provider to manage Elasticsearch index settings."}}]}, {"name": "elasticsearch_keystore", "file": "lib/puppet/type/elasticsearch_keystore.rb", "line": 5, "docstring": {"text": "Manages an Elasticsearch keystore settings file."}, "properties": [{"name": "ensure", "description": "The basic property that the resource should be in.", "values": ["present", "absent"], "default": "present"}, {"name": "settings", "description": "A key/value hash of settings names and values."}], "parameters": [{"name": "configdir", "description": "Path to the elasticsearch configuration directory (ES_PATH_CONF).", "default": "/etc/elasticsearch"}, {"name": "instance", "description": "Elasticsearch instance this keystore belongs to."}, {"name": "provider", "description": "The specific backend to use for this `elasticsearch_keystore` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform."}, {"name": "purge", "description": "Whether to proactively remove settings that exist in the keystore but\nare not present in this resource's settings.", "values": ["true", "false", "yes", "no"], "default": "false"}], "providers": [{"name": "elasticsearch_keystore", "type_name": "elasticsearch_keystore", "file": "lib/puppet/provider/elasticsearch_keystore/ruby.rb", "line": 3, "docstring": {"text": "Provider for `elasticsearch-keystore` based secret management."}, "commands": {"keystore": "/bin/elasticsearch-keystore"}}]}, {"name": "elasticsearch_license", "file": "lib/puppet/type/elasticsearch_license.rb", "line": 10, "docstring": {"text": "Manages Elasticsearch licenses."}, "properties": [{"name": "content", "description": "Structured hash for license content data."}, {"name": "ensure", "description": "The basic property that the resource should be in.", "values": ["present", "absent"], "default": "present"}], "parameters": [{"name": "name", "description": "Pipeline name.", "isnamevar": true}, {"name": "provider", "description": "The specific backend to use for this `elasticsearch_license` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform."}], "providers": [{"name": "xpack", "type_name": "elasticsearch_license", "file": "lib/puppet/provider/elasticsearch_license/xpack.rb", "line": 5, "docstring": {"text": "A REST API based provider to manage Elasticsearch X-Pack licenses."}}]}, {"name": "elasticsearch_pipeline", "file": "lib/puppet/type/elasticsearch_pipeline.rb", "line": 9, "docstring": {"text": "Manages Elasticsearch ingest pipelines."}, "properties": [{"name": "content", "description": "Structured content of pipeline."}, {"name": "ensure", "description": "The basic property that the resource should be in.", "values": ["present", "absent"], "default": "present"}], "parameters": [{"name": "name", "description": "Pipeline name.", "isnamevar": true}, {"name": "provider", "description": "The specific backend to use for this `elasticsearch_pipeline` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform."}], "providers": [{"name": "ruby", "type_name": "elasticsearch_pipeline", "file": "lib/puppet/provider/elasticsearch_pipeline/ruby.rb", "line": 5, "docstring": {"text": "A REST API based provider to manage Elasticsearch ingest pipelines."}}]}, {"name": "elasticsearch_plugin", "file": "lib/puppet/type/elasticsearch_plugin.rb", "line": 3, "docstring": {"text": "Plugin installation type"}, "properties": [{"name": "ensure", "description": "The basic property that the resource should be in.", "values": ["present", "absent"], "default": "present"}], "parameters": [{"name": "configdir", "description": "Path to the elasticsearch configuration directory (ES_PATH_CONF).", "default": "/etc/elasticsearch"}, {"name": "elasticsearch_package_name", "description": "Name of the system Elasticsearch package."}, {"name": "java_home", "description": "Optional string to set the environment variable JAVA_HOME."}, {"name": "java_opts", "description": "Optional array of Java options for ES_JAVA_OPTS.", "default": "[]"}, {"name": "name", "description": "An arbitrary name used as the identity of the resource.", "isnamevar": true}, {"name": "plugin_dir", "description": "Path to the Plugins directory", "default": "/usr/share/elasticsearch/plugins"}, {"name": "plugin_path", "description": "Override name of the directory created for the plugin"}, {"name": "provider", "description": "The specific backend to use for this `elasticsearch_plugin` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform."}, {"name": "proxy", "description": "Proxy Host"}, {"name": "source", "description": "Source of the package. puppet:// or file:// resource"}, {"name": "url", "description": "Url of the package"}], "providers": [{"name": "elasticsearch_plugin", "type_name": "elasticsearch_plugin", "file": "lib/puppet/provider/elasticsearch_plugin/ruby.rb", "line": 5, "docstring": {"text": "Post-5.x provider for Elasticsearch bin/elasticsearch-plugin\ncommand operations.'"}}]}, {"name": "elasticsearch_role", "file": "lib/puppet/type/elasticsearch_role.rb", "line": 3, "docstring": {"text": "Type to model Elasticsearch roles."}, "properties": [{"name": "ensure", "description": "The basic property that the resource should be in.", "values": ["present", "absent"], "default": "present"}, {"name": "privileges", "description": "Security privileges of the given role."}], "parameters": [{"name": "name", "description": "Role name.", "values": ["%r{^[a-zA-Z_]{1}[-\\w@.$]{0,39}$}"], "isnamevar": true}, {"name": "provider", "description": "The specific backend to use for this `elasticsearch_role` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform."}], "providers": [{"name": "ruby", "type_name": "elasticsearch_role", "file": "lib/puppet/provider/elasticsearch_role/ruby.rb", "line": 5, "docstring": {"text": "Provider for X-Pack role resources."}}]}, {"name": "elasticsearch_role_mapping", "file": "lib/puppet/type/elasticsearch_role_mapping.rb", "line": 3, "docstring": {"text": "Type to model Elasticsearch role mappings."}, "properties": [{"name": "ensure", "description": "The basic property that the resource should be in.", "values": ["present", "absent"], "default": "present"}, {"name": "mappings", "description": "List of role mappings."}], "parameters": [{"name": "name", "description": "Role name.", "values": ["%r{^[a-zA-Z_]{1}[-\\w@.$]{0,39}$}"], "isnamevar": true}, {"name": "provider", "description": "The specific backend to use for this `elasticsearch_role_mapping` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform."}], "providers": [{"name": "ruby", "type_name": "elasticsearch_role_mapping", "file": "lib/puppet/provider/elasticsearch_role_mapping/ruby.rb", "line": 5, "docstring": {"text": "Provider for X-Pack role mappings."}}]}, {"name": "elasticsearch_snapshot_repository", "file": "lib/puppet/type/elasticsearch_snapshot_repository.rb", "line": 7, "docstring": {"text": "Manages Elasticsearch snapshot repositories."}, "properties": [{"name": "chunk_size", "description": "File chunk size"}, {"name": "compress", "description": "Compress the repository data", "default": "true"}, {"name": "ensure", "description": "The basic property that the resource should be in.", "values": ["present", "absent"], "default": "present"}, {"name": "location", "description": "Repository location"}, {"name": "max_restore_rate", "description": "Maximum Restore rate"}, {"name": "max_snapshot_rate", "description": "Maximum Snapshot rate"}], "parameters": [{"name": "name", "description": "Repository name.", "isnamevar": true}, {"name": "provider", "description": "The specific backend to use for this `elasticsearch_snapshot_repository` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform."}, {"name": "type", "description": "Repository type", "default": "fs"}], "providers": [{"name": "ruby", "type_name": "elasticsearch_snapshot_repository", "file": "lib/puppet/provider/elasticsearch_snapshot_repository/ruby.rb", "line": 7, "docstring": {"text": "A REST API based provider to manage Elasticsearch snapshot repositories."}}]}, {"name": "elasticsearch_template", "file": "lib/puppet/type/elasticsearch_template.rb", "line": 13, "docstring": {"text": "Manages Elasticsearch index templates."}, "properties": [{"name": "content", "description": "Structured content of template."}, {"name": "ensure", "description": "The basic property that the resource should be in.", "values": ["present", "absent"], "default": "present"}], "parameters": [{"name": "name", "description": "Template name.", "isnamevar": true}, {"name": "provider", "description": "The specific backend to use for this `elasticsearch_template` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform."}, {"name": "source", "description": "Puppet source to file containing template contents."}], "providers": [{"name": "ruby", "type_name": "elasticsearch_template", "file": "lib/puppet/provider/elasticsearch_template/ruby.rb", "line": 10, "docstring": {"text": "A REST API based provider to manage Elasticsearch templates."}}]}, {"name": "elasticsearch_user", "file": "lib/puppet/type/elasticsearch_user.rb", "line": 3, "docstring": {"text": "Type to model Elasticsearch users."}, "properties": [{"name": "ensure", "description": "The basic property that the resource should be in.", "values": ["present", "absent"], "default": "present"}], "parameters": [{"name": "configdir", "description": "Path to the elasticsearch configuration directory (ES_PATH_CONF)."}, {"name": "name", "description": "User name.", "isnamevar": true}, {"name": "password", "description": "Plaintext password for user.", "required_features": "manages_plaintext_passwords"}, {"name": "provider", "description": "The specific backend to use for this `elasticsearch_user` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform."}], "features": [{"name": "manages_plaintext_passwords", "description": "The provider can control the password in plaintext form."}], "providers": [{"name": "ruby", "type_name": "elasticsearch_user", "file": "lib/puppet/provider/elasticsearch_user/ruby.rb", "line": 5, "docstring": {"text": "Provider for X-Pack user resources."}, "features": ["manages_plaintext_passwords"], "commands": {"users_cli": "/bin/elasticsearch-users", "es": "/bin/elasticsearch"}}]}, {"name": "elasticsearch_user_file", "file": "lib/puppet/type/elasticsearch_user_file.rb", "line": 3, "docstring": {"text": "Type to model Elasticsearch users."}, "properties": [{"name": "ensure", "description": "The basic property that the resource should be in.", "values": ["present", "absent"], "default": "present"}, {"name": "hashed_password", "description": "Hashed password for user.", "values": ["%r{^[$]2a[$].{56}$}"], "required_features": "manages_encrypted_passwords"}], "parameters": [{"name": "configdir", "description": "Path to the elasticsearch configuration directory (ES_PATH_CONF)."}, {"name": "name", "description": "User name.", "isnamevar": true}, {"name": "provider", "description": "The specific backend to use for this `elasticsearch_user_file` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform."}], "features": [{"name": "manages_encrypted_passwords", "description": "The provider can control the password hash without a need to explicitly refresh."}], "providers": [{"name": "ruby", "type_name": "elasticsearch_user_file", "file": "lib/puppet/provider/elasticsearch_user_file/ruby.rb", "line": 5, "docstring": {"text": "Provider for X-Pack elasticsearch users using plain files."}, "features": ["manages_encrypted_passwords"]}]}, {"name": "elasticsearch_user_roles", "file": "lib/puppet/type/elasticsearch_user_roles.rb", "line": 3, "docstring": {"text": "Type to model Elasticsearch user roles."}, "properties": [{"name": "ensure", "description": "The basic property that the resource should be in.", "values": ["present", "absent"], "default": "present"}, {"name": "roles", "description": "Array of roles that the user should belong to."}], "parameters": [{"name": "name", "description": "User name.", "isnamevar": true}, {"name": "provider", "description": "The specific backend to use for this `elasticsearch_user_roles` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform."}], "providers": [{"name": "ruby", "type_name": "elasticsearch_user_roles", "file": "lib/puppet/provider/elasticsearch_user_roles/ruby.rb", "line": 5, "docstring": {"text": "Provider for X-Pack user roles (parsed file.)"}}]}, {"name": "es_instance_conn_validator", "file": "lib/puppet/type/es_instance_conn_validator.rb", "line": 3, "docstring": {"text": "Verify that a connection can be successfully established between a\nnode and Elasticsearch. It could potentially be used for other purposes\nsuch as monitoring."}, "properties": [{"name": "ensure", "description": "The basic property that the resource should be in.", "values": ["present", "absent"], "default": "present"}], "parameters": [{"name": "name", "description": "An arbitrary name used as the identity of the resource.", "isnamevar": true}, {"name": "port", "description": "The port that the Elasticsearch instance should be listening on.", "default": "9200"}, {"name": "provider", "description": "The specific backend to use for this `es_instance_conn_validator` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform."}, {"name": "server", "description": "DNS name or IP address of the server where Elasticsearch should be running.", "default": "localhost"}, {"name": "sleep_interval", "description": "The number of seconds that the validator should wait before retrying the connection to Elasticsearch; defaults to 10 seconds.", "default": "10"}, {"name": "timeout", "description": "The max number of seconds that the validator should wait before giving up and deciding that Elasticsearch is not running; defaults to 60 seconds.", "default": "60"}], "providers": [{"name": "tcp_port", "type_name": "es_instance_conn_validator", "file": "lib/puppet/provider/es_instance_conn_validator/tcp_port.rb", "line": 9, "docstring": {"text": "A provider for the resource type `es_instance_conn_validator`,\nwhich validates the connection by attempting an https\nconnection to Elasticsearch."}}]}, {"name": "kibana_plugin", "file": "lib/puppet/type/kibana_plugin.rb", "line": 3, "docstring": {"text": "Manages Kibana plugins."}, "properties": [{"name": "ensure", "description": "Whether the plugin should be present or absent.", "values": ["present", "absent"], "default": "present"}, {"name": "version", "description": "Installed plugin version."}], "parameters": [{"name": "name", "description": "Simple name of the Kibana plugin (not a URL or file path).", "isnamevar": true}, {"name": "organization", "description": "Plugin organization to use when installing 4.x-style plugins."}, {"name": "provider", "description": "The specific backend to use for this `kibana_plugin` resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform."}, {"name": "url", "description": "URL to use when fetching plugin for installation."}], "providers": [{"name": "kibana", "type_name": "kibana_plugin", "file": "lib/puppet/provider/kibana_plugin/kibana.rb", "line": 5, "docstring": {"text": "Native command-line provider for Kibana v4 plugins."}, "commands": {"plugin": "File.join(home_path, 'bin', 'kibana')"}}, {"name": "kibana_plugin", "type_name": "kibana_plugin", "file": "lib/puppet/provider/kibana_plugin/kibana_plugin.rb", "line": 5, "docstring": {"text": "Native command-line provider for Kibana v5 plugins."}, "commands": {"plugin": "File.join(home_path, 'bin', 'kibana-plugin')"}}]}], "providers": [{"name": "zonefile", "type_name": "dns_zone", "file": "lib/puppet/provider/dns_zone/zonefile.rb", "line": 4, "docstring": {"text": ""}}, {"name": "zonefile", "type_name": "dns_record", "file": "lib/puppet/provider/dns_record/zonefile.rb", "line": 4, "docstring": {"text": ""}}, {"name": "ruby", "type_name": "file_line", "file": "lib/puppet/provider/file_line/ruby.rb", "line": 3, "docstring": {"text": "The implementation matches the full line, including whitespace at the\nbeginning and end. If the line is not contained in the given file, Puppet\nwill append the line to the end of the file to ensure the desired state.\nMultiple resources may be declared to manage multiple lines in the same file.", "tags": [{"tag_name": "summary", "text": "This type allows puppet to manage small config files."}]}}, {"name": "apt_key", "type_name": "apt_key", "file": "lib/puppet/provider/apt_key/apt_key.rb", "line": 13, "docstring": {"text": "apt-key provider for apt_key resource"}, "confines": {"osfamily": "debian"}, "defaults": [[["osfamily", "debian"]]], "commands": {"apt_key": "apt-key", "gpg": "/usr/bin/gpg"}}, {"name": "ruby", "type_name": "ini_setting", "file": "lib/puppet/provider/ini_setting/ruby.rb", "line": 5, "docstring": {"text": "Creates new ini_setting file, a specific config file with a provider that uses\nthis as its parent and implements the method\nself.file_path, and that will provide the value for the path to the\nini file."}}, {"name": "ruby", "type_name": "ini_subsetting", "file": "lib/puppet/provider/ini_subsetting/ruby.rb", "line": 6, "docstring": {"text": "Creates new ini_subsetting file, a specific config file with a provider that uses\nthis as its parent and implements the method\nself.file_path, and that will provide the value for the path to the\nini file."}}, {"name": "curl", "type_name": "archive", "file": "lib/puppet/provider/archive/curl.rb", "line": 6, "docstring": {"text": ""}, "defaults": [[["feature", "posix"]]], "commands": {"curl": "curl"}}, {"name": "ruby", "type_name": "archive", "file": "lib/puppet/provider/archive/ruby.rb", "line": 70, "docstring": {"text": "This provider implements a simple state-machine. The following attempts to #\ndocument it. In general, `def adjective?` implements a [state], while `def\nverb` implements an {action}.\nSome states are more complex, as they might depend on other states, or trigger\nactions. Since this implements an ad-hoc state-machine, many actions or states\nhave to guard themselves against being called out of order.\n\n[exists?]\n |\n v\n[extracted?] -> no -> [checksum?]\n |\n v\n yes\n |\n v\n[path.exists?] -> no -> {cleanup}\n | | |\n v v v\n[checksum?] yes. [extracted?] && [cleanup?]\n |\n v\n {destroy}\n\nNow, with [exists?] defined, we can define [ensure]\nBut that's just part of the standard puppet provider state-machine:\n\n[ensure] -> absent -> [exists?] -> no.\n | |\n v v\n present yes\n | |\n v v\n[exists?] {destroy}\n |\n v\n{create}\n\nHere's how we would extend archive for an `ensure => latest`:\n\n [exists?] -> no -> {create}\n |\n v\n yes\n |\n v\n [ttl?] -> expired -> {destroy} -> {create}\n |\n v\n valid."}, "defaults": [[["feature", "microsoft_windows"]]]}, {"name": "wget", "type_name": "archive", "file": "lib/puppet/provider/archive/wget.rb", "line": 3, "docstring": {"text": ""}, "commands": {"wget": "wget"}}, {"name": "parsed", "type_name": "postgresql_conf", "file": "lib/puppet/provider/postgresql_conf/parsed.rb", "line": 5, "docstring": {"text": "Set key/values in postgresql.conf."}}, {"name": "ruby", "type_name": "postgresql_psql", "file": "lib/puppet/provider/postgresql_psql/ruby.rb", "line": 3, "docstring": {"text": "Postgres psql provider"}}, {"name": "ruby", "type_name": "postgresql_conn_validator", "file": "lib/puppet/provider/postgresql_conn_validator/ruby.rb", "line": 9, "docstring": {"text": "A provider for the resource type `postgresql_conn_validator`,\nwhich validates the PostgreSQL connection by attempting a query\nto the target PostgreSQL server."}}, {"name": "ruby", "type_name": "postgresql_replication_slot", "file": "lib/puppet/provider/postgresql_replication_slot/ruby.rb", "line": 3, "docstring": {"text": "For confinement"}, "commands": {"psql": "psql"}}, {"name": "ip6tables", "type_name": "firewall", "file": "lib/puppet/provider/firewall/ip6tables.rb", "line": 3, "docstring": {"text": "Ip6tables type provider"}, "confines": {"kernel": "linux"}, "features": ["iptables", "condition", "connection_limiting", "conntrack", "hop_limiting", "rate_limiting", "recent_limiting", "snat", "dnat", "interface_match", "icmp_match", "owner", "state_match", "reject_type", "log_level", "log_prefix", "log_uid", "log_tcp_sequence", "log_tcp_options", "log_ip_options", "mark", "mss", "nflog_group", "nflog_prefix", "nflog_range", "nflog_threshold", "tcp_flags", "pkttype", "ishasmorefrags", "islastfrag", "isfirstfrag", "socket", "address_type", "iprange", "ipsec_dir", "ipsec_policy", "mask", "ipset", "length", "string_matching", "queue_num", "queue_bypass", "ct_target", "rpfilter"]}, {"name": "iptables", "type_name": "firewall", "file": "lib/puppet/provider/firewall/iptables.rb", "line": 6, "docstring": {"text": "Iptables type provider"}, "confines": {"kernel": "linux"}, "features": ["iptables", "condition", "connection_limiting", "conntrack", "rate_limiting", "recent_limiting", "snat", "dnat", "netmap", "interface_match", "icmp_match", "owner", "state_match", "reject_type", "log_level", "log_prefix", "log_uid", "log_tcp_sequence", "log_tcp_options", "log_ip_options", "mark", "mss", "nflog_group", "nflog_prefix", "nflog_range", "nflog_threshold", "tcp_flags", "pkttype", "isfragment", "socket", "address_type", "iprange", "ipsec_dir", "ipsec_policy", "mask", "ipset", "clusterip", "length", "string_matching", "queue_num", "queue_bypass", "ipvs", "ct_target", "rpfilter"], "defaults": [[["kernel", "linux"]]]}, {"name": "iptables_chain", "type_name": "firewallchain", "file": "lib/puppet/provider/firewallchain/iptables_chain.rb", "line": 3, "docstring": {"text": "Iptables chain provider"}, "confines": {"kernel": "linux"}, "features": ["iptables_chain", "policy"], "defaults": [[["kernel", "linux"]]]}, {"name": "ruby", "type_name": "loginctl_user", "file": "lib/puppet/provider/loginctl_user/ruby.rb", "line": 6, "docstring": {"text": "custom provider to manage systemd user sessions/linger"}, "commands": {"loginctl": "loginctl"}}, {"name": "bzr", "type_name": "vcsrepo", "file": "lib/puppet/provider/vcsrepo/bzr.rb", "line": 5, "docstring": {"text": "Supports Bazaar repositories"}, "features": ["reference_tracking"], "commands": {"bzr": "bzr"}}, {"name": "cvs", "type_name": "vcsrepo", "file": "lib/puppet/provider/vcsrepo/cvs.rb", "line": 5, "docstring": {"text": "Supports CVS repositories/workspaces"}, "features": ["gzip_compression", "reference_tracking", "modules", "cvs_rsh", "user"], "commands": {"cvs": "cvs"}}, {"name": "dummy", "type_name": "vcsrepo", "file": "lib/puppet/provider/vcsrepo/dummy.rb", "line": 5, "docstring": {"text": "Dummy default provider"}, "defaults": [[["feature", "posix"]], [["operatingsystem", "windows"]]]}, {"name": "git", "type_name": "vcsrepo", "file": "lib/puppet/provider/vcsrepo/git.rb", "line": 5, "docstring": {"text": "Supports Git repositories"}, "features": ["bare_repositories", "reference_tracking", "ssh_identity", "multiple_remotes", "user", "depth", "branch", "submodules"]}, {"name": "hg", "type_name": "vcsrepo", "file": "lib/puppet/provider/vcsrepo/hg.rb", "line": 5, "docstring": {"text": "Supports Mercurial repositories"}, "features": ["reference_tracking", "ssh_identity", "user", "basic_auth"], "commands": {"hg": "hg"}}, {"name": "p4", "type_name": "vcsrepo", "file": "lib/puppet/provider/vcsrepo/p4.rb", "line": 5, "docstring": {"text": "Supports Perforce depots"}, "features": ["filesystem_types", "reference_tracking", "p4config"]}, {"name": "svn", "type_name": "vcsrepo", "file": "lib/puppet/provider/vcsrepo/svn.rb", "line": 5, "docstring": {"text": "Supports Subversion repositories"}, "features": ["filesystem_types", "reference_tracking", "basic_auth", "configuration", "conflict", "depth", "include_paths"], "commands": {"svn": "svn", "svnadmin": "svnadmin", "svnlook": "svnlook"}}, {"name": "keytool", "type_name": "java_ks", "file": "lib/puppet/provider/java_ks/keytool.rb", "line": 7, "docstring": {"text": "Uses a combination of openssl and keytool to manage Java keystores"}}, {"name": "a2mod", "type_name": "a2mod", "file": "lib/puppet/provider/a2mod/a2mod.rb", "line": 5, "docstring": {"text": "Manage Apache 2 modules on Debian and Ubuntu"}, "confines": {"osfamily": "debian"}, "defaults": [[["operatingsystem", "[:debian, :ubuntu]"]]], "commands": {"apache2ctl": "apache2ctl"}}, {"name": "gentoo", "type_name": "a2mod", "file": "lib/puppet/provider/a2mod/gentoo.rb", "line": 4, "docstring": {"text": "Manage Apache 2 modules on Gentoo"}, "confines": {"operatingsystem": "gentoo"}, "defaults": [[["operatingsystem", "gentoo"]]]}, {"name": "modfix", "type_name": "a2mod", "file": "lib/puppet/provider/a2mod/modfix.rb", "line": 3, "docstring": {"text": "Dummy provider for A2mod.\nFake nil resources when there is no crontab binary available. Allows\npuppetd to run on a bootstrapped machine before a Cron package has been\ninstalled. Workaround for: http://projects.puppetlabs.com/issues/2384"}}, {"name": "redhat", "type_name": "a2mod", "file": "lib/puppet/provider/a2mod/redhat.rb", "line": 5, "docstring": {"text": "Manage Apache 2 modules on RedHat family OSs"}, "confines": {"osfamily": "redhat"}, "defaults": [[["osfamily", "redhat"]]], "commands": {"apachectl": "apachectl"}}, {"name": "mysql", "type_name": "mysql_user", "file": "lib/puppet/provider/mysql_user/mysql.rb", "line": 4, "docstring": {"text": "manage users for a mysql database."}, "commands": {"mysql_raw": "mysql"}}, {"name": "mysql", "type_name": "mysql_grant", "file": "lib/puppet/provider/mysql_grant/mysql.rb", "line": 4, "docstring": {"text": "Set grants for users in MySQL."}, "commands": {"mysql_raw": "mysql"}}, {"name": "mysql", "type_name": "mysql_plugin", "file": "lib/puppet/provider/mysql_plugin/mysql.rb", "line": 4, "docstring": {"text": "Manages MySQL plugins."}, "commands": {"mysql_raw": "mysql"}}, {"name": "mysql", "type_name": "mysql_datadir", "file": "lib/puppet/provider/mysql_datadir/mysql.rb", "line": 4, "docstring": {"text": "manage data directories for mysql instances"}, "commands": {"mysqld": "mysqld"}}, {"name": "mysql", "type_name": "mysql_database", "file": "lib/puppet/provider/mysql_database/mysql.rb", "line": 4, "docstring": {"text": "Manages MySQL databases."}, "commands": {"mysql_raw": "mysql"}}, {"name": "puppet_https", "type_name": "puppetdb_conn_validator", "file": "lib/puppet/provider/puppetdb_conn_validator/puppet_https.rb", "line": 15, "docstring": {"text": "A provider for the resource type `puppetdb_conn_validator`,\nwhich validates the puppetdb connection by attempting an http(s)\nconnection to the puppetdb server. Uses the puppet SSL certificate\nsetup from the local puppet environment to authenticate if use_ssl\nis set to true."}}, {"name": "elasticsearch_keystore", "type_name": "elasticsearch_keystore", "file": "lib/puppet/provider/elasticsearch_keystore/ruby.rb", "line": 3, "docstring": {"text": "Provider for `elasticsearch-keystore` based secret management."}, "commands": {"keystore": "/bin/elasticsearch-keystore"}}, {"name": "elasticsearch_plugin", "type_name": "elasticsearch_plugin", "file": "lib/puppet/provider/elasticsearch_plugin/ruby.rb", "line": 5, "docstring": {"text": "Post-5.x provider for Elasticsearch bin/elasticsearch-plugin\ncommand operations.'"}}, {"name": "ruby", "type_name": "elasticsearch_role", "file": "lib/puppet/provider/elasticsearch_role/ruby.rb", "line": 5, "docstring": {"text": "Provider for X-Pack role resources."}}, {"name": "ruby", "type_name": "elasticsearch_user", "file": "lib/puppet/provider/elasticsearch_user/ruby.rb", "line": 5, "docstring": {"text": "Provider for X-Pack user resources."}, "features": ["manages_plaintext_passwords"], "commands": {"users_cli": "/bin/elasticsearch-users", "es": "/bin/elasticsearch"}}, {"name": "ruby", "type_name": "elasticsearch_index", "file": "lib/puppet/provider/elasticsearch_index/ruby.rb", "line": 10, "docstring": {"text": "A REST API based provider to manage Elasticsearch index settings."}}, {"name": "ruby", "type_name": "elasticsearch_pipeline", "file": "lib/puppet/provider/elasticsearch_pipeline/ruby.rb", "line": 5, "docstring": {"text": "A REST API based provider to manage Elasticsearch ingest pipelines."}}, {"name": "ruby", "type_name": "elasticsearch_template", "file": "lib/puppet/provider/elasticsearch_template/ruby.rb", "line": 10, "docstring": {"text": "A REST API based provider to manage Elasticsearch templates."}}, {"name": "ruby", "type_name": "elasticsearch_user_file", "file": "lib/puppet/provider/elasticsearch_user_file/ruby.rb", "line": 5, "docstring": {"text": "Provider for X-Pack elasticsearch users using plain files."}, "features": ["manages_encrypted_passwords"]}, {"name": "ruby", "type_name": "elasticsearch_user_roles", "file": "lib/puppet/provider/elasticsearch_user_roles/ruby.rb", "line": 5, "docstring": {"text": "Provider for X-Pack user roles (parsed file.)"}}, {"name": "ruby", "type_name": "elasticsearch_role_mapping", "file": "lib/puppet/provider/elasticsearch_role_mapping/ruby.rb", "line": 5, "docstring": {"text": "Provider for X-Pack role mappings."}}, {"name": "ruby", "type_name": "elasticsearch_snapshot_repository", "file": "lib/puppet/provider/elasticsearch_snapshot_repository/ruby.rb", "line": 7, "docstring": {"text": "A REST API based provider to manage Elasticsearch snapshot repositories."}}, {"name": "tcp_port", "type_name": "es_instance_conn_validator", "file": "lib/puppet/provider/es_instance_conn_validator/tcp_port.rb", "line": 9, "docstring": {"text": "A provider for the resource type `es_instance_conn_validator`,\nwhich validates the connection by attempting an https\nconnection to Elasticsearch."}}, {"name": "xpack", "type_name": "elasticsearch_license", "file": "lib/puppet/provider/elasticsearch_license/xpack.rb", "line": 5, "docstring": {"text": "A REST API based provider to manage Elasticsearch X-Pack licenses."}}, {"name": "kibana", "type_name": "kibana_plugin", "file": "lib/puppet/provider/kibana_plugin/kibana.rb", "line": 5, "docstring": {"text": "Native command-line provider for Kibana v4 plugins."}, "commands": {"plugin": "File.join(home_path, 'bin', 'kibana')"}}, {"name": "kibana_plugin", "type_name": "kibana_plugin", "file": "lib/puppet/provider/kibana_plugin/kibana_plugin.rb", "line": 5, "docstring": {"text": "Native command-line provider for Kibana v5 plugins."}, "commands": {"plugin": "File.join(home_path, 'bin', 'kibana-plugin')"}}], "puppet_functions": [{"name": "letsencrypt::conf::nginx", "file": "functions/conf/nginx.pp", "line": 6, "type": "puppet", "signatures": [{"signature": "letsencrypt::conf::nginx(String $cert_name)", "docstring": {"text": "Returns a hash to be merged into a nginx::resource::server resources\nparameters.", "tags": [{"tag_name": "param", "text": "name of the domain in question, NOT the local certificate name.", "types": ["String"], "name": "cert_name"}, {"tag_name": "return", "text": "hash usable with nginx::resource::server", "types": ["Letsencrypt::Ssl_conf::Nginx"]}]}}], "docstring": {"text": "Returns a hash to be merged into a nginx::resource::server resources\nparameters.", "tags": [{"tag_name": "param", "text": "name of the domain in question, NOT the local certificate name.", "types": ["String"], "name": "cert_name"}, {"tag_name": "return", "text": "hash usable with nginx::resource::server", "types": ["Letsencrypt::Ssl_conf::Nginx"]}]}, "source": "function letsencrypt::conf::nginx (\n String $cert_name,\n) >> Letsencrypt::Ssl_conf::Nginx {\n $cert_path = $facts['letsencrypt_directory'][$cert_name]\n if $cert_path == undef {\n {\n ssl => false,\n }\n } else {\n {\n ssl => true,\n ssl_redirect => true,\n ssl_cert => \"${cert_path}/fullchain.pem\",\n ssl_key => \"${cert_path}/privkey.pem\",\n }\n }\n}"}, {"name": "letsencrypt::conf::nginx::location", "file": "functions/conf/nginx/location.pp", "line": 6, "type": "puppet", "signatures": [{"signature": "letsencrypt::conf::nginx::location(String $cert_name)", "docstring": {"text": "Returns a hash to be merged into a nginx::resource::location resource.", "tags": [{"tag_name": "param", "text": "Domain for which we want the configuration.\nNOT the local certificate name.", "types": ["String"], "name": "cert_name"}, {"tag_name": "return", "text": "hash usable with nginx::resource::location", "types": ["Letsencrypt::Ssl_conf::Nginx::Location"]}]}}], "docstring": {"text": "Returns a hash to be merged into a nginx::resource::location resource.", "tags": [{"tag_name": "param", "text": "Domain for which we want the configuration.\nNOT the local certificate name.", "types": ["String"], "name": "cert_name"}, {"tag_name": "return", "text": "hash usable with nginx::resource::location", "types": ["Letsencrypt::Ssl_conf::Nginx::Location"]}]}, "source": "function letsencrypt::conf::nginx::location (\n String $cert_name,\n) >> Letsencrypt::Ssl_conf::Nginx::Location {\n $cert_path = $facts['letsencrypt_directory'][$cert_name]\n\n if $cert_path == undef {\n {\n ssl => false,\n }\n } else {\n {\n ssl => true,\n ssl_only => true,\n }\n }\n}"}, {"name": "date", "file": "lib/puppet/parser/functions/date.rb", "line": 2, "type": "ruby3x", "signatures": [{"signature": "date()", "docstring": {"text": "", "tags": [{"tag_name": "return", "text": "", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "return", "text": "", "types": ["Any"]}]}, "source": "newfunction(:date, :type => :rvalue) do \n Time.new.strftime('%s')\nend"}, {"name": "dns::reverse_dns", "file": "lib/puppet/functions/dns/reverse_dns.rb", "line": 4, "type": "ruby4x", "signatures": [{"signature": "dns::reverse_dns(Stdlib::IP::Address::Nosubnet $ip)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The IP address to get the reverse for", "types": ["Stdlib::IP::Address::Nosubnet"], "name": "ip"}, {"tag_name": "return", "text": "", "types": ["Stdlib::Fqdn"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The IP address to get the reverse for", "types": ["Stdlib::IP::Address::Nosubnet"], "name": "ip"}, {"tag_name": "return", "text": "", "types": ["Stdlib::Fqdn"]}, {"tag_name": "summary", "text": "Get the reverse DNS for an IP address"}]}, "source": "Puppet::Functions.create_function(:'dns::reverse_dns') do\n # @param ip\n # The IP address to get the reverse for\n dispatch :reverse do\n param 'Stdlib::IP::Address::Nosubnet', :ip\n return_type 'Stdlib::Fqdn'\n end\n\n def reverse(ip)\n IPAddr.new(ip).reverse\n end\nend"}, {"name": "get_in_addr_arpa", "file": "lib/puppet/functions/get_in_addr_arpa.rb", "line": 2, "type": "ruby4x", "signatures": [{"signature": "get_in_addr_arpa(Any *$args)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "", "types": ["Any"]}, {"tag_name": "summary", "text": "DEPRECATED. Use the [`dns::reverse_dns`](#dnsreverse_dns) function instead."}]}, "source": "Puppet::Functions.create_function(:get_in_addr_arpa) do\n dispatch :deprecation_gen do\n repeated_param 'Any', :args\n end\n def deprecation_gen(*args)\n call_function('deprecation', 'get_in_addr_arpa', 'This method is deprecated, please use dns::reverse_dns instead.')\n call_function('dns::reverse_dns', *args)\n end\nend"}, {"name": "dns_record::rev_record", "file": "lib/puppet/functions/dns_record/rev_record.rb", "line": 3, "type": "ruby4x", "signatures": [{"signature": "dns_record::rev_record(Stdlib::IP::Address::V6::Nosubnet $ip, Stdlib::IP::Address::V6::Nosubnet $netmask)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Stdlib::IP::Address::V6::Nosubnet"], "name": "ip"}, {"tag_name": "param", "text": "", "types": ["Stdlib::IP::Address::V6::Nosubnet"], "name": "netmask"}, {"tag_name": "return", "text": "", "types": ["Tuple[String,2]"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Stdlib::IP::Address::V6::Nosubnet"], "name": "ip"}, {"tag_name": "param", "text": "", "types": ["Stdlib::IP::Address::V6::Nosubnet"], "name": "netmask"}, {"tag_name": "return", "text": "", "types": ["Tuple[String,2]"]}]}, "source": "Puppet::Functions.create_function(:'dns_record::rev_record') do\n dispatch :rev_record do\n param 'Stdlib::IP::Address::V6::Nosubnet', :ip\n param 'Stdlib::IP::Address::V6::Nosubnet', :netmask\n return_type 'Tuple[String,2]'\n end\n\n def rev_record(ip, netmask)\n cidr = IPAddr.new(\"::/#{netmask}\").prefix\n addr = IPAddr.new ip\n parts = addr.ip6_arpa.split('.')\n\n [ parts.take(cidr/4).join('.'), \n parts.drop(cidr/4).join('.') ]\n end\nend"}, {"name": "networking::repack", "file": "functions/repack.pp", "line": 2, "type": "puppet", "signatures": [{"signature": "networking::repack(Hash[String,Variant[Hash, Array[Hash]]] $data)", "docstring": {"text": "Normalizes a hash or a list of hashes to a list of hashes", "tags": [{"tag_name": "param", "text": "", "types": ["Hash[String,Variant[Hash, Array[Hash]]]"], "name": "data"}, {"tag_name": "return", "text": "", "types": ["Hash[String, Array[Hash]]"]}]}}], "docstring": {"text": "Normalizes a hash or a list of hashes to a list of hashes", "tags": [{"tag_name": "param", "text": "", "types": ["Hash[String,Variant[Hash, Array[Hash]]]"], "name": "data"}, {"tag_name": "return", "text": "", "types": ["Hash[String, Array[Hash]]"]}]}, "source": "function networking::repack(Hash[String,Variant[Hash, Array[Hash]]] $data) >> Hash[String, Array[Hash]] {\n $data.map |$key, $body| {\n [$key, $body ? {\n Hash => [$body],\n default => $body,\n }]\n }.convert_to(Hash)\n}"}, {"name": "xorg::normalize_filename", "file": "functions/normalize_filename.pp", "line": 3, "type": "puppet", "signatures": [{"signature": "xorg::normalize_filename(String $name)", "docstring": {"text": "Should take any string, and replace all non-character letters with\ndashes, and downcase everything.", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "name"}, {"tag_name": "return", "text": "", "types": ["String"]}]}}], "docstring": {"text": "Should take any string, and replace all non-character letters with\ndashes, and downcase everything.", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "name"}, {"tag_name": "return", "text": "", "types": ["String"]}]}, "source": "function xorg::normalize_filename (\n String $name,\n) >> String {\n $name.downcase().regsubst(/[^a-z0-9]/, '-')\n}"}, {"name": "abs", "file": "lib/puppet/parser/functions/abs.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "abs()", "docstring": {"text": "For example -34.56 becomes 34.56.\nTakes a single integer or float value as an argument.\n\n> *Note:*\n **Deprected** from Puppet 6.0.0, the built-in\n ['abs'](https://puppet.com/docs/puppet/6.4/function.html#abs)function will be used instead.", "tags": [{"tag_name": "return", "text": "The absolute value of the given number if it was an Integer", "types": ["Any"]}]}}], "docstring": {"text": "For example -34.56 becomes 34.56.\nTakes a single integer or float value as an argument.\n\n> *Note:*\n **Deprected** from Puppet 6.0.0, the built-in\n ['abs'](https://puppet.com/docs/puppet/6.4/function.html#abs)function will be used instead.", "tags": [{"tag_name": "return", "text": "The absolute value of the given number if it was an Integer", "types": ["Any"]}, {"tag_name": "summary", "text": "**Deprecated:** Returns the absolute value of a number"}]}, "source": "newfunction(:abs, type: :rvalue, doc: <<-DOC\n @summary\n **Deprecated:** Returns the absolute value of a number\n\n For example -34.56 becomes 34.56.\n Takes a single integer or float value as an argument.\n\n > *Note:*\n **Deprected** from Puppet 6.0.0, the built-in\n ['abs'](https://puppet.com/docs/puppet/6.4/function.html#abs)function will be used instead.\n\n @return The absolute value of the given number if it was an Integer\n\n DOC\n) do |arguments|\n raise(Puppet::ParseError, \"abs(): Wrong number of arguments given (#{arguments.size} for 1)\") if arguments.empty?\n\n value = arguments[0]\n\n # Numbers in Puppet are often string-encoded which is troublesome ...\n if value.is_a?(String)\n if %r{^-?(?:\\d+)(?:\\.\\d+){1}$}.match?(value)\n value = value.to_f\n elsif %r{^-?\\d+$}.match?(value)\n value = value.to_i\n else\n raise(Puppet::ParseError, 'abs(): Requires float or integer to work with')\n end\n end\n\n # We have numeric value to handle ...\n result = value.abs\n\n return result\nend"}, {"name": "any2array", "file": "lib/puppet/parser/functions/any2array.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "any2array()", "docstring": {"text": "Empty argument lists are converted to an empty array. Arrays are left\nuntouched. Hashes are converted to arrays of alternating keys and values.\n\n> *Note:*\n since Puppet 5.0.0 it is possible to create new data types for almost any\n datatype using the type system and the built-in\n [`Array.new`](https://puppet.com/docs/puppet/latest/function.html#conversion-to-array-and-tuple)\n function is used to create a new Array..\n\n ```\n $hsh = {'key' => 42, 'another-key' => 100}\n notice(Array($hsh))\n ```\n\nWould notice `[['key', 42], ['another-key', 100]]`\n\nThe Array data type also has a special mode to \"create an array if not already an array\"\n\n ```\n notice(Array({'key' => 42, 'another-key' => 100}, true))\n ```\n\nWould notice `[{'key' => 42, 'another-key' => 100}]`, as the `true` flag prevents the hash from being\ntransformed into an array.", "tags": [{"tag_name": "return", "text": "The new array containing the given object", "types": ["Array"]}]}}], "docstring": {"text": "Empty argument lists are converted to an empty array. Arrays are left\nuntouched. Hashes are converted to arrays of alternating keys and values.\n\n> *Note:*\n since Puppet 5.0.0 it is possible to create new data types for almost any\n datatype using the type system and the built-in\n [`Array.new`](https://puppet.com/docs/puppet/latest/function.html#conversion-to-array-and-tuple)\n function is used to create a new Array..\n\n ```\n $hsh = {'key' => 42, 'another-key' => 100}\n notice(Array($hsh))\n ```\n\nWould notice `[['key', 42], ['another-key', 100]]`\n\nThe Array data type also has a special mode to \"create an array if not already an array\"\n\n ```\n notice(Array({'key' => 42, 'another-key' => 100}, true))\n ```\n\nWould notice `[{'key' => 42, 'another-key' => 100}]`, as the `true` flag prevents the hash from being\ntransformed into an array.", "tags": [{"tag_name": "return", "text": "The new array containing the given object", "types": ["Array"]}, {"tag_name": "summary", "text": "This converts any object to an array containing that object."}]}, "source": "newfunction(:any2array, type: :rvalue, doc: <<-DOC\n @summary\n This converts any object to an array containing that object.\n\n Empty argument lists are converted to an empty array. Arrays are left\n untouched. Hashes are converted to arrays of alternating keys and values.\n\n > *Note:*\n since Puppet 5.0.0 it is possible to create new data types for almost any\n datatype using the type system and the built-in\n [`Array.new`](https://puppet.com/docs/puppet/latest/function.html#conversion-to-array-and-tuple)\n function is used to create a new Array..\n\n ```\n $hsh = {'key' => 42, 'another-key' => 100}\n notice(Array($hsh))\n ```\n\n Would notice `[['key', 42], ['another-key', 100]]`\n\n The Array data type also has a special mode to \"create an array if not already an array\"\n\n ```\n notice(Array({'key' => 42, 'another-key' => 100}, true))\n ```\n\n Would notice `[{'key' => 42, 'another-key' => 100}]`, as the `true` flag prevents the hash from being\n transformed into an array.\n\n @return [Array] The new array containing the given object\nDOC\n) do |arguments|\n if arguments.empty?\n return []\n end\n\n return arguments unless arguments.length == 1\n return arguments[0] if arguments[0].is_a?(Array)\n return [] if arguments == ['']\n if arguments[0].is_a?(Hash)\n result = []\n arguments[0].each do |key, value|\n result << key << value\n end\n return result\n end\n return arguments\nend"}, {"name": "any2bool", "file": "lib/puppet/parser/functions/any2bool.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "any2bool()", "docstring": {"text": "In practise it does the following:\n* Strings such as Y,y,1,T,t,TRUE,yes,'true' will return true\n* Strings such as 0,F,f,N,n,FALSE,no,'false' will return false\n* Booleans will just return their original value\n* Number (or a string representation of a number) > 0 will return true, otherwise false\n* undef will return false\n* Anything else will return true\n\nAlso see the built-in [`Boolean.new`](https://puppet.com/docs/puppet/latest/function.html#conversion-to-boolean)\nfunction.", "tags": [{"tag_name": "return", "text": "The boolean value of the object that was given", "types": ["Boolean"]}]}}], "docstring": {"text": "In practise it does the following:\n* Strings such as Y,y,1,T,t,TRUE,yes,'true' will return true\n* Strings such as 0,F,f,N,n,FALSE,no,'false' will return false\n* Booleans will just return their original value\n* Number (or a string representation of a number) > 0 will return true, otherwise false\n* undef will return false\n* Anything else will return true\n\nAlso see the built-in [`Boolean.new`](https://puppet.com/docs/puppet/latest/function.html#conversion-to-boolean)\nfunction.", "tags": [{"tag_name": "return", "text": "The boolean value of the object that was given", "types": ["Boolean"]}, {"tag_name": "summary", "text": "Converts 'anything' to a boolean."}]}, "source": "newfunction(:any2bool, type: :rvalue, doc: <<-DOC\n @summary\n Converts 'anything' to a boolean.\n\n In practise it does the following:\n * Strings such as Y,y,1,T,t,TRUE,yes,'true' will return true\n * Strings such as 0,F,f,N,n,FALSE,no,'false' will return false\n * Booleans will just return their original value\n * Number (or a string representation of a number) > 0 will return true, otherwise false\n * undef will return false\n * Anything else will return true\n\n Also see the built-in [`Boolean.new`](https://puppet.com/docs/puppet/latest/function.html#conversion-to-boolean)\n function.\n\n @return [Boolean] The boolean value of the object that was given\nDOC\n) do |arguments|\n raise(Puppet::ParseError, \"any2bool(): Wrong number of arguments given (#{arguments.size} for 1)\") if arguments.empty?\n\n # If argument is already Boolean, return it\n if !!arguments[0] == arguments[0] # rubocop:disable Style/DoubleNegation : Could not find a better way to check if a boolean\n return arguments[0]\n end\n\n arg = arguments[0]\n\n if arg.nil?\n return false\n end\n\n if arg == :undef\n return false\n end\n\n valid_float = begin\n !!Float(arg) # rubocop:disable Style/DoubleNegation : Could not find a better way to check if a boolean\n rescue\n false\n end\n\n if arg.is_a?(Numeric)\n return function_num2bool([arguments[0]])\n end\n\n if arg.is_a?(String)\n return function_num2bool([arguments[0]]) if valid_float\n return function_str2bool([arguments[0]])\n end\n\n return true\nend"}, {"name": "assert_private", "file": "lib/puppet/parser/functions/assert_private.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "assert_private()", "docstring": {"text": "Calling the class or definition from outside the current module will fail.", "tags": [{"tag_name": "return", "text": "set the current class or definition as private.", "types": ["Any"]}]}}], "docstring": {"text": "Calling the class or definition from outside the current module will fail.", "tags": [{"tag_name": "return", "text": "set the current class or definition as private.", "types": ["Any"]}, {"tag_name": "summary", "text": "Sets the current class or definition as private."}]}, "source": "newfunction(:assert_private, doc: <<-DOC\n @summary\n Sets the current class or definition as private.\n\n @return\n set the current class or definition as private.\n\n Calling the class or definition from outside the current module will fail.\n DOC\n) do |args|\n raise(Puppet::ParseError, \"assert_private(): Wrong number of arguments given (#{args.size}}) for 0 or 1)\") if args.size > 1\n\n scope = self\n if scope.lookupvar('module_name') != scope.lookupvar('caller_module_name')\n message = nil\n if args[0]&.is_a?(String)\n message = args[0]\n else\n manifest_name = scope.source.name\n manifest_type = scope.source.type\n message = (manifest_type.to_s == 'hostclass') ? 'Class' : 'Definition'\n message += \" #{manifest_name} is private\"\n end\n raise(Puppet::ParseError, message)\n end\nend"}, {"name": "base64", "file": "lib/puppet/parser/functions/base64.rb", "line": 5, "type": "ruby3x", "signatures": [{"signature": "base64()", "docstring": {"text": "> **Note:*\n Since Puppet 4.8.0, the Binary data type can be used to produce base 64 encoded strings.\n See the `new()` function for the Binary and String types for documentation. Also see `binary_file()`\n function for reading a file with binary (non UTF-8) content.", "tags": [{"tag_name": "example", "text": "\nEncode and decode a string\n\n $encodestring = base64('encode', 'thestring')\n $decodestring = base64('decode', 'dGhlc3RyaW5n')\n\nExplicitly define encode/decode method: default, strict, urlsafe\n\n $method = 'default'\n $encodestring = base64('encode', 'thestring', $method)\n $decodestring = base64('decode', 'dGhlc3RyaW5n', $method)\n\nEncode a string as if it was binary\n\n $encodestring = String(Binary('thestring', '%s'))\n\nDecode a Binary assuming it is an UTF-8 String\n\n $decodestring = String(Binary(\"dGhlc3RyaW5n\"), \"%s\")", "name": "Example usage"}, {"tag_name": "return", "text": "The encoded/decoded va", "types": ["String"]}]}}], "docstring": {"text": "> **Note:*\n Since Puppet 4.8.0, the Binary data type can be used to produce base 64 encoded strings.\n See the `new()` function for the Binary and String types for documentation. Also see `binary_file()`\n function for reading a file with binary (non UTF-8) content.", "tags": [{"tag_name": "example", "text": "\nEncode and decode a string\n\n $encodestring = base64('encode', 'thestring')\n $decodestring = base64('decode', 'dGhlc3RyaW5n')\n\nExplicitly define encode/decode method: default, strict, urlsafe\n\n $method = 'default'\n $encodestring = base64('encode', 'thestring', $method)\n $decodestring = base64('decode', 'dGhlc3RyaW5n', $method)\n\nEncode a string as if it was binary\n\n $encodestring = String(Binary('thestring', '%s'))\n\nDecode a Binary assuming it is an UTF-8 String\n\n $decodestring = String(Binary(\"dGhlc3RyaW5n\"), \"%s\")", "name": "Example usage"}, {"tag_name": "return", "text": "The encoded/decoded va", "types": ["String"]}, {"tag_name": "summary", "text": "Base64 encode or decode a string based on the command and the string submitted"}]}, "source": "newfunction(:base64, type: :rvalue, doc: <<-DOC) do |args|\n @summary\n Base64 encode or decode a string based on the command and the string submitted\n\n @example Example usage\n\n Encode and decode a string\n\n $encodestring = base64('encode', 'thestring')\n $decodestring = base64('decode', 'dGhlc3RyaW5n')\n\n Explicitly define encode/decode method: default, strict, urlsafe\n\n $method = 'default'\n $encodestring = base64('encode', 'thestring', $method)\n $decodestring = base64('decode', 'dGhlc3RyaW5n', $method)\n\n Encode a string as if it was binary\n\n $encodestring = String(Binary('thestring', '%s'))\n\n Decode a Binary assuming it is an UTF-8 String\n\n $decodestring = String(Binary(\"dGhlc3RyaW5n\"), \"%s\")\n\n > **Note:*\n Since Puppet 4.8.0, the Binary data type can be used to produce base 64 encoded strings.\n See the `new()` function for the Binary and String types for documentation. Also see `binary_file()`\n function for reading a file with binary (non UTF-8) content.\n\n @return [String] The encoded/decoded value\n DOC\n\n require 'base64'\n\n raise Puppet::ParseError, \"base64(): Wrong number of arguments (#{args.length}; must be >= 2)\" unless args.length >= 2\n\n actions = ['encode', 'decode']\n\n unless actions.include?(args[0])\n raise Puppet::ParseError, \"base64(): the first argument must be one of 'encode' or 'decode'\"\n end\n\n unless args[1].is_a?(String)\n raise Puppet::ParseError, 'base64(): the second argument must be a string to base64'\n end\n\n method = ['default', 'strict', 'urlsafe']\n\n chosen_method = if args.length <= 2\n 'default'\n else\n args[2]\n end\n\n unless method.include?(chosen_method)\n raise Puppet::ParseError, \"base64(): the third argument must be one of 'default', 'strict', or 'urlsafe'\"\n end\n\n case args[0]\n when 'encode'\n case chosen_method\n when 'default'\n result = Base64.encode64(args[1])\n when 'strict'\n result = Base64.strict_encode64(args[1])\n when 'urlsafe'\n result = Base64.urlsafe_encode64(args[1])\n end\n when 'decode'\n case chosen_method\n when 'default'\n result = Base64.decode64(args[1])\n when 'strict'\n result = Base64.strict_decode64(args[1])\n when 'urlsafe'\n result = Base64.urlsafe_decode64(args[1])\n end\n end\n\n return result\nend"}, {"name": "basename", "file": "lib/puppet/parser/functions/basename.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "basename()", "docstring": {"text": "", "tags": [{"tag_name": "return", "text": "The stripped filename", "types": ["String"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "return", "text": "The stripped filename", "types": ["String"]}, {"tag_name": "summary", "text": "Strips directory (and optional suffix) from a filename"}]}, "source": "newfunction(:basename, type: :rvalue, doc: <<-DOC\n @summary\n Strips directory (and optional suffix) from a filename\n\n @return [String] The stripped filename\n DOC\n) do |arguments|\n raise(Puppet::ParseError, 'basename(): No arguments given') if arguments.empty?\n raise(Puppet::ParseError, \"basename(): Too many arguments given (#{arguments.size})\") if arguments.size > 2\n raise(Puppet::ParseError, 'basename(): Requires string as first argument') unless arguments[0].is_a?(String)\n\n rv = File.basename(arguments[0]) if arguments.size == 1\n if arguments.size == 2\n raise(Puppet::ParseError, 'basename(): Requires string as second argument') unless arguments[1].is_a?(String)\n rv = File.basename(arguments[0], arguments[1])\n end\n\n return rv\nend"}, {"name": "bool2num", "file": "lib/puppet/parser/functions/bool2num.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "bool2num()", "docstring": {"text": "Converts the values:\n ```\n false, f, 0, n, and no to 0\n true, t, 1, y, and yes to 1\n ```\nRequires a single boolean or string as an input.\n\n> *Note:*\n since Puppet 5.0.0 it is possible to create new data types for almost any\n datatype using the type system and the built-in\n [`Numeric.new`](https://puppet.com/docs/puppet/latest/function.html#conversion-to-numeric),\n [`Integer.new`](https://puppet.com/docs/puppet/latest/function.html#conversion-to-integer), and\n [`Float.new`](https://puppet.com/docs/puppet/latest/function.html#conversion-to-float)\n function are used to convert to numeric values.\n ```\n notice(Integer(false)) # Notices 0\n notice(Float(true)) # Notices 1.0\n ```", "tags": [{"tag_name": "return", "text": "The converted value as a number", "types": ["Integer"]}]}}], "docstring": {"text": "Converts the values:\n ```\n false, f, 0, n, and no to 0\n true, t, 1, y, and yes to 1\n ```\nRequires a single boolean or string as an input.\n\n> *Note:*\n since Puppet 5.0.0 it is possible to create new data types for almost any\n datatype using the type system and the built-in\n [`Numeric.new`](https://puppet.com/docs/puppet/latest/function.html#conversion-to-numeric),\n [`Integer.new`](https://puppet.com/docs/puppet/latest/function.html#conversion-to-integer), and\n [`Float.new`](https://puppet.com/docs/puppet/latest/function.html#conversion-to-float)\n function are used to convert to numeric values.\n ```\n notice(Integer(false)) # Notices 0\n notice(Float(true)) # Notices 1.0\n ```", "tags": [{"tag_name": "return", "text": "The converted value as a number", "types": ["Integer"]}, {"tag_name": "summary", "text": "Converts a boolean to a number."}]}, "source": "newfunction(:bool2num, type: :rvalue, doc: <<-DOC\n @summary\n Converts a boolean to a number.\n\n Converts the values:\n ```\n false, f, 0, n, and no to 0\n true, t, 1, y, and yes to 1\n ```\n Requires a single boolean or string as an input.\n\n > *Note:*\n since Puppet 5.0.0 it is possible to create new data types for almost any\n datatype using the type system and the built-in\n [`Numeric.new`](https://puppet.com/docs/puppet/latest/function.html#conversion-to-numeric),\n [`Integer.new`](https://puppet.com/docs/puppet/latest/function.html#conversion-to-integer), and\n [`Float.new`](https://puppet.com/docs/puppet/latest/function.html#conversion-to-float)\n function are used to convert to numeric values.\n ```\n notice(Integer(false)) # Notices 0\n notice(Float(true)) # Notices 1.0\n ```\n\n @return [Integer] The converted value as a number\n DOC\n) do |arguments|\n raise(Puppet::ParseError, \"bool2num(): Wrong number of arguments given (#{arguments.size} for 1)\") if arguments.empty?\n\n value = function_str2bool([arguments[0]])\n\n # We have real boolean values as well ...\n result = value ? 1 : 0\n\n return result\nend"}, {"name": "bool2str", "file": "lib/puppet/parser/functions/bool2str.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "bool2str()", "docstring": {"text": "The optional second and third arguments represent what true and false will be\nconverted to respectively. If only one argument is given, it will be\nconverted from a boolean to a string containing 'true' or 'false'.\n\n**Examples of usage**\n\n ```\n bool2str(true) => 'true'\n bool2str(true, 'yes', 'no') => 'yes'\n bool2str(false, 't', 'f') => 'f'\n ```\n\nRequires a single boolean as an input.\n\n> *Note:*\n since Puppet 5.0.0 it is possible to create new data types for almost any\n datatype using the type system and the built-in\n [`String.new`](https://puppet.com/docs/puppet/latest/function.html#boolean-to-string)\n function is used to convert to String with many different format options.\n\n ```\n notice(String(false)) # Notices 'false'\n notice(String(true)) # Notices 'true'\n notice(String(false, '%y')) # Notices 'yes'\n notice(String(true, '%y')) # Notices 'no'\n ```", "tags": [{"tag_name": "return", "text": "The converted value to string of the given Boolean", "types": ["Any"]}]}}], "docstring": {"text": "The optional second and third arguments represent what true and false will be\nconverted to respectively. If only one argument is given, it will be\nconverted from a boolean to a string containing 'true' or 'false'.\n\n**Examples of usage**\n\n ```\n bool2str(true) => 'true'\n bool2str(true, 'yes', 'no') => 'yes'\n bool2str(false, 't', 'f') => 'f'\n ```\n\nRequires a single boolean as an input.\n\n> *Note:*\n since Puppet 5.0.0 it is possible to create new data types for almost any\n datatype using the type system and the built-in\n [`String.new`](https://puppet.com/docs/puppet/latest/function.html#boolean-to-string)\n function is used to convert to String with many different format options.\n\n ```\n notice(String(false)) # Notices 'false'\n notice(String(true)) # Notices 'true'\n notice(String(false, '%y')) # Notices 'yes'\n notice(String(true, '%y')) # Notices 'no'\n ```", "tags": [{"tag_name": "return", "text": "The converted value to string of the given Boolean", "types": ["Any"]}, {"tag_name": "summary", "text": "Converts a boolean to a string using optionally supplied arguments."}]}, "source": "newfunction(:bool2str, type: :rvalue, doc: <<-DOC\n @summary\n Converts a boolean to a string using optionally supplied arguments.\n\n The optional second and third arguments represent what true and false will be\n converted to respectively. If only one argument is given, it will be\n converted from a boolean to a string containing 'true' or 'false'.\n\n @return\n The converted value to string of the given Boolean\n\n **Examples of usage**\n\n ```\n bool2str(true) => 'true'\n bool2str(true, 'yes', 'no') => 'yes'\n bool2str(false, 't', 'f') => 'f'\n ```\n\n Requires a single boolean as an input.\n\n > *Note:*\n since Puppet 5.0.0 it is possible to create new data types for almost any\n datatype using the type system and the built-in\n [`String.new`](https://puppet.com/docs/puppet/latest/function.html#boolean-to-string)\n function is used to convert to String with many different format options.\n\n ```\n notice(String(false)) # Notices 'false'\n notice(String(true)) # Notices 'true'\n notice(String(false, '%y')) # Notices 'yes'\n notice(String(true, '%y')) # Notices 'no'\n ```\n DOC\n) do |arguments|\n unless arguments.size == 1 || arguments.size == 3\n raise(Puppet::ParseError, \"bool2str(): Wrong number of arguments given (#{arguments.size} for 3)\")\n end\n\n value = arguments[0]\n true_string = arguments[1] || 'true'\n false_string = arguments[2] || 'false'\n klass = value.class\n\n # We can have either true or false, and nothing else\n unless [FalseClass, TrueClass].include?(klass)\n raise(Puppet::ParseError, 'bool2str(): Requires a boolean to work with')\n end\n\n unless [true_string, false_string].all? { |x| x.is_a?(String) }\n raise(Puppet::ParseError, 'bool2str(): Requires strings to convert to')\n end\n\n return value ? true_string : false_string\nend"}, {"name": "camelcase", "file": "lib/puppet/parser/functions/camelcase.rb", "line": 8, "type": "ruby3x", "signatures": [{"signature": "camelcase()", "docstring": {"text": "> *Note:*\n **Deprecated** from Puppet 6.0.0, this function has been replaced with\n a built-in [`camelcase`](https://puppet.com/docs/puppet/latest/function.html#camelcase)\n function.", "tags": [{"tag_name": "return", "text": "The converted String, if it was a String that was given", "types": ["String"]}, {"tag_name": "return", "text": "The converted Array, if it was a Array that was given", "types": ["Array[String]"]}]}}], "docstring": {"text": "> *Note:*\n **Deprecated** from Puppet 6.0.0, this function has been replaced with\n a built-in [`camelcase`](https://puppet.com/docs/puppet/latest/function.html#camelcase)\n function.", "tags": [{"tag_name": "return", "text": "The converted String, if it was a String that was given", "types": ["String"]}, {"tag_name": "return", "text": "The converted Array, if it was a Array that was given", "types": ["Array[String]"]}, {"tag_name": "summary", "text": "**Deprecated** Converts the case of a string or all strings in an array to camel case."}]}, "source": "newfunction(:camelcase, type: :rvalue, doc: <<-DOC\n @summary\n **Deprecated** Converts the case of a string or all strings in an array to camel case.\n\n > *Note:*\n **Deprecated** from Puppet 6.0.0, this function has been replaced with\n a built-in [`camelcase`](https://puppet.com/docs/puppet/latest/function.html#camelcase)\n function.\n\n @return [String] The converted String, if it was a String that was given\n @return [Array[String]] The converted Array, if it was a Array that was given\nDOC\n) do |arguments|\n raise(Puppet::ParseError, \"camelcase(): Wrong number of arguments given (#{arguments.size} for 1)\") if arguments.empty?\n\n value = arguments[0]\n klass = value.class\n\n unless [Array, String].include?(klass)\n raise(Puppet::ParseError, 'camelcase(): Requires either array or string to work with')\n end\n\n result = if value.is_a?(Array)\n # Numbers in Puppet are often string-encoded which is troublesome ...\n value.map { |i| i.is_a?(String) ? i.split('_').map { |e| e.capitalize }.join : i }\n else\n value.split('_').map { |e| e.capitalize }.join\n end\n\n return result\nend"}, {"name": "capitalize", "file": "lib/puppet/parser/functions/capitalize.rb", "line": 8, "type": "ruby3x", "signatures": [{"signature": "capitalize()", "docstring": {"text": "Requires either a single string or an array as an input.\n\n> *Note:*\n **Deprecated** from Puppet 6.0.0, yhis function has been replaced with a\n built-in [`capitalize`](https://puppet.com/docs/puppet/latest/function.html#capitalize)\n function.", "tags": [{"tag_name": "return", "text": "The converted String, if it was a String that was given", "types": ["String"]}, {"tag_name": "return", "text": "The converted Array, if it was a Array that was given", "types": ["Array[String]"]}]}}], "docstring": {"text": "Requires either a single string or an array as an input.\n\n> *Note:*\n **Deprecated** from Puppet 6.0.0, yhis function has been replaced with a\n built-in [`capitalize`](https://puppet.com/docs/puppet/latest/function.html#capitalize)\n function.", "tags": [{"tag_name": "return", "text": "The converted String, if it was a String that was given", "types": ["String"]}, {"tag_name": "return", "text": "The converted Array, if it was a Array that was given", "types": ["Array[String]"]}, {"tag_name": "summary", "text": "**Deprecated** Capitalizes the first letter of a string or array of strings."}]}, "source": "newfunction(:capitalize, type: :rvalue, doc: <<-DOC\n @summary\n **Deprecated** Capitalizes the first letter of a string or array of strings.\n\n Requires either a single string or an array as an input.\n\n > *Note:*\n **Deprecated** from Puppet 6.0.0, yhis function has been replaced with a\n built-in [`capitalize`](https://puppet.com/docs/puppet/latest/function.html#capitalize)\n function.\n\n @return [String] The converted String, if it was a String that was given\n @return [Array[String]] The converted Array, if it was a Array that was given\n DOC\n) do |arguments|\n raise(Puppet::ParseError, \"capitalize(): Wrong number of arguments given (#{arguments.size} for 1)\") if arguments.empty?\n\n value = arguments[0]\n\n unless value.is_a?(Array) || value.is_a?(String)\n raise(Puppet::ParseError, 'capitalize(): Requires either array or string to work with')\n end\n\n result = if value.is_a?(Array)\n # Numbers in Puppet are often string-encoded which is troublesome ...\n value.map { |i| i.is_a?(String) ? i.capitalize : i }\n else\n value.capitalize\n end\n\n return result\nend"}, {"name": "ceiling", "file": "lib/puppet/parser/functions/ceiling.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "ceiling()", "docstring": {"text": "Takes a single numeric value as an argument.\n\n> *Note:*\n **Deprecated** from Puppet 6.0.0, this function has been replaced with a\n built-in [`ceiling`](https://puppet.com/docs/puppet/latest/function.html#ceiling) function.", "tags": [{"tag_name": "return", "text": "The rounded value", "types": ["Integer"]}]}}], "docstring": {"text": "Takes a single numeric value as an argument.\n\n> *Note:*\n **Deprecated** from Puppet 6.0.0, this function has been replaced with a\n built-in [`ceiling`](https://puppet.com/docs/puppet/latest/function.html#ceiling) function.", "tags": [{"tag_name": "return", "text": "The rounded value", "types": ["Integer"]}, {"tag_name": "summary", "text": "**Deprecated** Returns the smallest integer greater or equal to the argument."}]}, "source": "newfunction(:ceiling, type: :rvalue, doc: <<-DOC\n @summary\n **Deprecated** Returns the smallest integer greater or equal to the argument.\n Takes a single numeric value as an argument.\n\n > *Note:*\n **Deprecated** from Puppet 6.0.0, this function has been replaced with a\n built-in [`ceiling`](https://puppet.com/docs/puppet/latest/function.html#ceiling) function.\n\n @return [Integer] The rounded value\n DOC\n) do |arguments|\n raise(Puppet::ParseError, \"ceiling(): Wrong number of arguments given (#{arguments.size} for 1)\") if arguments.size != 1\n\n begin\n arg = Float(arguments[0])\n rescue TypeError, ArgumentError => _e\n raise(Puppet::ParseError, \"ceiling(): Wrong argument type given (#{arguments[0]} for Numeric)\")\n end\n\n raise(Puppet::ParseError, \"ceiling(): Wrong argument type given (#{arg.class} for Numeric)\") if arg.is_a?(Numeric) == false\n\n arg.ceil\nend"}, {"name": "chomp", "file": "lib/puppet/parser/functions/chomp.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "chomp()", "docstring": {"text": "For example `hello\\n` becomes `hello`.\nRequires a single string or array as an input.\n\n> *Note:*\n **Deprecated** from Puppet 6.0.0, this function has been replaced with a\nbuilt-in [`chomp`](https://puppet.com/docs/puppet/latest/function.html#chomp) function.", "tags": [{"tag_name": "return", "text": "The converted String, if it was a String that was given", "types": ["String"]}, {"tag_name": "return", "text": "The converted Array, if it was a Array that was given", "types": ["Array[String]"]}]}}], "docstring": {"text": "For example `hello\\n` becomes `hello`.\nRequires a single string or array as an input.\n\n> *Note:*\n **Deprecated** from Puppet 6.0.0, this function has been replaced with a\nbuilt-in [`chomp`](https://puppet.com/docs/puppet/latest/function.html#chomp) function.", "tags": [{"tag_name": "return", "text": "The converted String, if it was a String that was given", "types": ["String"]}, {"tag_name": "return", "text": "The converted Array, if it was a Array that was given", "types": ["Array[String]"]}, {"tag_name": "summary", "text": "**Deprecated** Removes the record separator from the end of a string or an array of strings."}]}, "source": "newfunction(:chomp, type: :rvalue, doc: <<-DOC\n @summary\n **Deprecated** Removes the record separator from the end of a string or an array of strings.\n\n For example `hello\\n` becomes `hello`.\n Requires a single string or array as an input.\n\n > *Note:*\n **Deprecated** from Puppet 6.0.0, this function has been replaced with a\n built-in [`chomp`](https://puppet.com/docs/puppet/latest/function.html#chomp) function.\n\n @return [String] The converted String, if it was a String that was given\n @return [Array[String]] The converted Array, if it was a Array that was given\n DOC\n) do |arguments|\n raise(Puppet::ParseError, \"chomp(): Wrong number of arguments given (#{arguments.size} for 1)\") if arguments.empty?\n\n value = arguments[0]\n\n unless value.is_a?(Array) || value.is_a?(String)\n raise(Puppet::ParseError, 'chomp(): Requires either array or string to work with')\n end\n\n result = if value.is_a?(Array)\n # Numbers in Puppet are often string-encoded which is troublesome ...\n value.map { |i| i.is_a?(String) ? i.chomp : i }\n else\n value.chomp\n end\n\n return result\nend"}, {"name": "chop", "file": "lib/puppet/parser/functions/chop.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "chop()", "docstring": {"text": "If the string ends with `\\r\\n`, both characters are removed. Applying\nchop to an empty string returns an empty string. If you wish to merely\nremove record separators then you should use the `chomp` function.\nRequires a string or array of strings as input.\n\n> *Note:* **Deprecated** from Puppet 6.0.0, this function has been replaced with a\nbuilt-in [`chop`](https://puppet.com/docs/puppet/latest/function.html#chop) function.", "tags": [{"tag_name": "return", "text": "The given String, sans the last character.", "types": ["String"]}]}}], "docstring": {"text": "If the string ends with `\\r\\n`, both characters are removed. Applying\nchop to an empty string returns an empty string. If you wish to merely\nremove record separators then you should use the `chomp` function.\nRequires a string or array of strings as input.\n\n> *Note:* **Deprecated** from Puppet 6.0.0, this function has been replaced with a\nbuilt-in [`chop`](https://puppet.com/docs/puppet/latest/function.html#chop) function.", "tags": [{"tag_name": "return", "text": "The given String, sans the last character.", "types": ["String"]}, {"tag_name": "summary", "text": "**Deprecated** Returns a new string with the last character removed."}]}, "source": "newfunction(:chop, type: :rvalue, doc: <<-DOC\n @summary\n **Deprecated** Returns a new string with the last character removed.\n\n If the string ends with `\\r\\n`, both characters are removed. Applying\n chop to an empty string returns an empty string. If you wish to merely\n remove record separators then you should use the `chomp` function.\n Requires a string or array of strings as input.\n\n > *Note:* **Deprecated** from Puppet 6.0.0, this function has been replaced with a\n built-in [`chop`](https://puppet.com/docs/puppet/latest/function.html#chop) function.\n\n @return [String] The given String, sans the last character.\n DOC\n) do |arguments|\n raise(Puppet::ParseError, \"chop(): Wrong number of arguments given (#{arguments.size} for 1)\") if arguments.empty?\n\n value = arguments[0]\n\n unless value.is_a?(Array) || value.is_a?(String)\n raise(Puppet::ParseError, 'chop(): Requires either an array or string to work with')\n end\n\n result = if value.is_a?(Array)\n # Numbers in Puppet are often string-encoded which is troublesome ...\n value.map { |i| i.is_a?(String) ? i.chop : i }\n else\n value.chop\n end\n\n return result\nend"}, {"name": "clamp", "file": "lib/puppet/parser/functions/clamp.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "clamp()", "docstring": {"text": "Strings are converted and compared numerically. Arrays of values are flattened\ninto a list for further handling.\n\n> *Note:*\n From Puppet 6.0.0 this can be done with only core Puppet like this:\n `[$minval, $maxval, $value_to_clamp].sort[1]`", "tags": [{"tag_name": "example", "text": "\nclamp('24', [575, 187])` returns 187.\nclamp(16, 88, 661)` returns 88.\nclamp([4, 3, '99'])` returns 4.", "name": "Example usage"}, {"tag_name": "return", "text": "The sorted Array", "types": ["Array[Integer]"]}]}}], "docstring": {"text": "Strings are converted and compared numerically. Arrays of values are flattened\ninto a list for further handling.\n\n> *Note:*\n From Puppet 6.0.0 this can be done with only core Puppet like this:\n `[$minval, $maxval, $value_to_clamp].sort[1]`", "tags": [{"tag_name": "example", "text": "\nclamp('24', [575, 187])` returns 187.\nclamp(16, 88, 661)` returns 88.\nclamp([4, 3, '99'])` returns 4.", "name": "Example usage"}, {"tag_name": "return", "text": "The sorted Array", "types": ["Array[Integer]"]}, {"tag_name": "summary", "text": "Keeps value within the range [Min, X, Max] by sort based on integer value\n(parameter order doesn't matter)."}]}, "source": "newfunction(:clamp, type: :rvalue, arity: -2, doc: <<-DOC\n @summary\n Keeps value within the range [Min, X, Max] by sort based on integer value\n (parameter order doesn't matter).\n\n Strings are converted and compared numerically. Arrays of values are flattened\n into a list for further handling.\n\n @example Example usage\n\n clamp('24', [575, 187])` returns 187.\n clamp(16, 88, 661)` returns 88.\n clamp([4, 3, '99'])` returns 4.\n\n > *Note:*\n From Puppet 6.0.0 this can be done with only core Puppet like this:\n `[$minval, $maxval, $value_to_clamp].sort[1]`\n\n @return [Array[Integer]] The sorted Array\n DOC\n) do |args|\n args.flatten!\n\n raise(Puppet::ParseError, 'clamp(): Wrong number of arguments, need three to clamp') if args.size != 3\n\n # check values out\n args.each do |value|\n case [value.class]\n when [String]\n raise(Puppet::ParseError, \"clamp(): Required explicit numeric (#{value}:String)\") unless %r{^\\d+$}.match?(value)\n when [Hash]\n raise(Puppet::ParseError, \"clamp(): The Hash type is not allowed (#{value})\")\n end\n end\n\n # convert to numeric each element\n # then sort them and get a middle value\n args.map { |n| n.to_i }.sort[1]\nend"}, {"name": "concat", "file": "lib/puppet/parser/functions/concat.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "concat()", "docstring": {"text": "> *Note:*\n Since Puppet 4.0, you can use the `+`` operator for concatenation of arrays and\n merge of hashes, and the `<<`` operator for appending:\n\n`['1','2','3'] + ['4','5','6'] + ['7','8','9']` returns `['1','2','3','4','5','6','7','8','9']`\n`[1, 2, 3] << 4` returns `[1, 2, 3, 4]`\n`[1, 2, 3] << [4, 5]` returns `[1, 2, 3, [4, 5]]`", "tags": [{"tag_name": "example", "text": "\nconcat(['1','2','3'],'4') returns ['1','2','3','4']\nconcat(['1','2','3'],'4',['5','6','7']) returns ['1','2','3','4','5','6','7']", "name": "Example usage"}, {"tag_name": "return", "text": "The single concatenated array", "types": ["Array"]}]}}], "docstring": {"text": "> *Note:*\n Since Puppet 4.0, you can use the `+`` operator for concatenation of arrays and\n merge of hashes, and the `<<`` operator for appending:\n\n`['1','2','3'] + ['4','5','6'] + ['7','8','9']` returns `['1','2','3','4','5','6','7','8','9']`\n`[1, 2, 3] << 4` returns `[1, 2, 3, 4]`\n`[1, 2, 3] << [4, 5]` returns `[1, 2, 3, [4, 5]]`", "tags": [{"tag_name": "example", "text": "\nconcat(['1','2','3'],'4') returns ['1','2','3','4']\nconcat(['1','2','3'],'4',['5','6','7']) returns ['1','2','3','4','5','6','7']", "name": "Example usage"}, {"tag_name": "return", "text": "The single concatenated array", "types": ["Array"]}, {"tag_name": "summary", "text": "Appends the contents of multiple arrays into array 1."}]}, "source": "newfunction(:concat, type: :rvalue, doc: <<-DOC\n @summary\n Appends the contents of multiple arrays into array 1.\n\n @example Example usage\n\n concat(['1','2','3'],'4') returns ['1','2','3','4']\n concat(['1','2','3'],'4',['5','6','7']) returns ['1','2','3','4','5','6','7']\n\n > *Note:*\n Since Puppet 4.0, you can use the `+`` operator for concatenation of arrays and\n merge of hashes, and the `<<`` operator for appending:\n\n `['1','2','3'] + ['4','5','6'] + ['7','8','9']` returns `['1','2','3','4','5','6','7','8','9']`\n `[1, 2, 3] << 4` returns `[1, 2, 3, 4]`\n `[1, 2, 3] << [4, 5]` returns `[1, 2, 3, [4, 5]]`\n\n @return [Array] The single concatenated array\nDOC\n) do |arguments|\n # Check that more than 2 arguments have been given ...\n raise(Puppet::ParseError, \"concat(): Wrong number of arguments given (#{arguments.size} for < 2)\") if arguments.size < 2\n\n a = arguments[0]\n\n # Check that the first parameter is an array\n unless a.is_a?(Array)\n raise(Puppet::ParseError, 'concat(): Requires array to work with')\n end\n\n result = a\n arguments.shift\n\n arguments.each do |x|\n result += (x.is_a?(Array) ? x : [x])\n end\n\n return result\nend"}, {"name": "convert_base", "file": "lib/puppet/parser/functions/convert_base.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "convert_base()", "docstring": {"text": "convert_base(5, 2)` results in: `'101'`\nconvert_base('254', '16')` results in: `'fe'`\n\n> *Note:*\n Since Puppet 4.5.0 this can be done with the built-in\n [`String.new`](https://puppet.com/docs/puppet/latest/function.html#integer-to-string)\n function and its many formatting options:\n\n `$binary_repr = String(5, '%b')` return `\"101\"`\n `$hex_repr = String(254, \"%x\")` return `\"fe\"`\n `$hex_repr = String(254, \"%#x\")` return `\"0xfe\"`\n\n @return [String] The converted value as a Str", "tags": [{"tag_name": "example", "text": "", "name": "Example usage"}, {"tag_name": "return", "text": "converted value as a string", "types": ["Any"]}]}}], "docstring": {"text": "convert_base(5, 2)` results in: `'101'`\nconvert_base('254', '16')` results in: `'fe'`\n\n> *Note:*\n Since Puppet 4.5.0 this can be done with the built-in\n [`String.new`](https://puppet.com/docs/puppet/latest/function.html#integer-to-string)\n function and its many formatting options:\n\n `$binary_repr = String(5, '%b')` return `\"101\"`\n `$hex_repr = String(254, \"%x\")` return `\"fe\"`\n `$hex_repr = String(254, \"%#x\")` return `\"0xfe\"`\n\n @return [String] The converted value as a Str", "tags": [{"tag_name": "example", "text": "", "name": "Example usage"}, {"tag_name": "return", "text": "converted value as a string", "types": ["Any"]}, {"tag_name": "summary", "text": "Converts a given integer or base 10 string representing an integer to a\nspecified base, as a string."}]}, "source": "newfunction(:convert_base, type: :rvalue, arity: 2, doc: <<-'DOC') do |args|\n @summary\n Converts a given integer or base 10 string representing an integer to a\n specified base, as a string.\n\n @return\n converted value as a string\n\n @example Example usage\n\n convert_base(5, 2)` results in: `'101'`\n convert_base('254', '16')` results in: `'fe'`\n\n > *Note:*\n Since Puppet 4.5.0 this can be done with the built-in\n [`String.new`](https://puppet.com/docs/puppet/latest/function.html#integer-to-string)\n function and its many formatting options:\n\n `$binary_repr = String(5, '%b')` return `\"101\"`\n `$hex_repr = String(254, \"%x\")` return `\"fe\"`\n `$hex_repr = String(254, \"%#x\")` return `\"0xfe\"`\n\n @return [String] The converted value as a String\n DOC\n\n raise Puppet::ParseError, 'convert_base(): First argument must be either a string or an integer' unless args[0].is_a?(Integer) || args[0].is_a?(String)\n raise Puppet::ParseError, 'convert_base(): Second argument must be either a string or an integer' unless args[1].is_a?(Integer) || args[1].is_a?(String)\n\n if args[0].is_a?(String)\n raise Puppet::ParseError, 'convert_base(): First argument must be an integer or a string corresponding to an integer in base 10' unless %r{^[0-9]+$}.match?(args[0])\n end\n\n if args[1].is_a?(String)\n raise Puppet::ParseError, 'convert_base(): First argument must be an integer or a string corresponding to an integer in base 10' unless %r{^[0-9]+$}.match?(args[1])\n end\n\n number_to_convert = args[0]\n new_base = args[1]\n\n number_to_convert = number_to_convert.to_i\n new_base = new_base.to_i\n\n raise Puppet::ParseError, 'convert_base(): base must be at least 2 and must not be greater than 36' unless new_base >= 2 && new_base <= 36\n\n return number_to_convert.to_s(new_base)\nend"}, {"name": "count", "file": "lib/puppet/parser/functions/count.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "count()", "docstring": {"text": "Takes an array as first argument and an optional second argument. Counts the number of elements in array that is equal to the second argument.\nIf called with only an array, it counts the number of elements that are not nil/undef/empty-string.\n\n> *Note:*\n equality is tested with a Ruby method and it is therefore subject to what Ruby considers\n to be equal. For strings this means that equality is case sensitive.\n\nIn Puppet core, counting can be done in general by using a combination of the core functions\nfilter() (since Puppet 4.0.0) and length() (since Puppet 5.5.0, before that in stdlib).\n\nExample below shows counting values that are not undef.\n\n ```notice([42, \"hello\", undef].filter |$x| { $x =~ NotUndef }.length)```\n\nWould notice the value 2.", "tags": [{"tag_name": "return", "text": "The amount of elements counted within the array", "types": ["Integer"]}]}}], "docstring": {"text": "Takes an array as first argument and an optional second argument. Counts the number of elements in array that is equal to the second argument.\nIf called with only an array, it counts the number of elements that are not nil/undef/empty-string.\n\n> *Note:*\n equality is tested with a Ruby method and it is therefore subject to what Ruby considers\n to be equal. For strings this means that equality is case sensitive.\n\nIn Puppet core, counting can be done in general by using a combination of the core functions\nfilter() (since Puppet 4.0.0) and length() (since Puppet 5.5.0, before that in stdlib).\n\nExample below shows counting values that are not undef.\n\n ```notice([42, \"hello\", undef].filter |$x| { $x =~ NotUndef }.length)```\n\nWould notice the value 2.", "tags": [{"tag_name": "return", "text": "The amount of elements counted within the array", "types": ["Integer"]}, {"tag_name": "summary", "text": "Counts the number of elements in array."}]}, "source": "newfunction(:count, type: :rvalue, arity: -2, doc: <<-DOC\n @summary\n Counts the number of elements in array.\n\n Takes an array as first argument and an optional second argument. Counts the number of elements in array that is equal to the second argument.\n If called with only an array, it counts the number of elements that are not nil/undef/empty-string.\n\n > *Note:*\n equality is tested with a Ruby method and it is therefore subject to what Ruby considers\n to be equal. For strings this means that equality is case sensitive.\n\n In Puppet core, counting can be done in general by using a combination of the core functions\n filter() (since Puppet 4.0.0) and length() (since Puppet 5.5.0, before that in stdlib).\n\n Example below shows counting values that are not undef.\n\n ```notice([42, \"hello\", undef].filter |$x| { $x =~ NotUndef }.length)```\n\n Would notice the value 2.\n\n @return [Integer] The amount of elements counted within the array\nDOC\n) do |args|\n if args.size > 2\n raise(ArgumentError, \"count(): Wrong number of arguments given #{args.size} for 1 or 2.\")\n end\n\n collection, item = args\n\n if item\n collection.count item\n else\n collection.count { |obj| !obj.nil? && obj != :undef && obj != '' }\n end\nend"}, {"name": "deep_merge", "file": "lib/puppet/parser/functions/deep_merge.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "deep_merge()", "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "\n$hash1 = {'one' => 1, 'two' => 2, 'three' => { 'four' => 4 } }\n$hash2 = {'two' => 'dos', 'three' => { 'five' => 5 } }\n$merged_hash = deep_merge($hash1, $hash2)\n\nThe resulting hash is equivalent to:\n\n$merged_hash = { 'one' => 1, 'two' => 'dos', 'three' => { 'four' => 4, 'five' => 5 } }\n\nWhen there is a duplicate key that is a hash, they are recursively merged.\nWhen there is a duplicate key that is not a hash, the key in the rightmost hash will \"win.\"", "name": "Example usage"}, {"tag_name": "return", "text": "The merged h", "types": ["Hash"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "\n$hash1 = {'one' => 1, 'two' => 2, 'three' => { 'four' => 4 } }\n$hash2 = {'two' => 'dos', 'three' => { 'five' => 5 } }\n$merged_hash = deep_merge($hash1, $hash2)\n\nThe resulting hash is equivalent to:\n\n$merged_hash = { 'one' => 1, 'two' => 'dos', 'three' => { 'four' => 4, 'five' => 5 } }\n\nWhen there is a duplicate key that is a hash, they are recursively merged.\nWhen there is a duplicate key that is not a hash, the key in the rightmost hash will \"win.\"", "name": "Example usage"}, {"tag_name": "return", "text": "The merged h", "types": ["Hash"]}, {"tag_name": "summary", "text": "Recursively merges two or more hashes together and returns the resulting hash."}]}, "source": "newfunction(:deep_merge, type: :rvalue, doc: <<-'DOC') do |args|\n @summary\n Recursively merges two or more hashes together and returns the resulting hash.\n\n @example Example usage\n\n $hash1 = {'one' => 1, 'two' => 2, 'three' => { 'four' => 4 } }\n $hash2 = {'two' => 'dos', 'three' => { 'five' => 5 } }\n $merged_hash = deep_merge($hash1, $hash2)\n\n The resulting hash is equivalent to:\n\n $merged_hash = { 'one' => 1, 'two' => 'dos', 'three' => { 'four' => 4, 'five' => 5 } }\n\n When there is a duplicate key that is a hash, they are recursively merged.\n When there is a duplicate key that is not a hash, the key in the rightmost hash will \"win.\"\n\n @return [Hash] The merged hash\n DOC\n\n if args.length < 2\n raise Puppet::ParseError, \"deep_merge(): wrong number of arguments (#{args.length}; must be at least 2)\"\n end\n\n deep_merge = proc do |hash1, hash2|\n hash1.merge(hash2) do |_key, old_value, new_value|\n if old_value.is_a?(Hash) && new_value.is_a?(Hash)\n deep_merge.call(old_value, new_value)\n else\n new_value\n end\n end\n end\n\n result = {}\n args.each do |arg|\n next if arg.is_a?(String) && arg.empty? # empty string is synonym for puppet's undef\n # If the argument was not a hash, skip it.\n unless arg.is_a?(Hash)\n raise Puppet::ParseError, \"deep_merge: unexpected argument type #{arg.class}, only expects hash arguments\"\n end\n\n result = deep_merge.call(result, arg)\n end\n return(result)\nend"}, {"name": "defined_with_params", "file": "lib/puppet/parser/functions/defined_with_params.rb", "line": 6, "type": "ruby3x", "signatures": [{"signature": "defined_with_params()", "docstring": {"text": "", "tags": [{"tag_name": "return", "text": "", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "return", "text": "", "types": ["Any"]}]}, "source": "Puppet::Parser::Functions.newfunction(:defined_with_params,\n type: :rvalue,\n doc: <<-DOC,\n @summary\n Takes a resource reference and an optional hash of attributes.\n\n Returns `true` if a resource with the specified attributes has already been added\n to the catalog, and `false` otherwise.\n\n ```\n user { 'dan':\n ensure => present,\n }\n\n if ! defined_with_params(User[dan], {'ensure' => 'present' }) {\n user { 'dan': ensure => present, }\n }\n ```\n\n @return [Boolean]\n returns `true` or `false`\nDOC\n ) do |vals|\n reference, params = vals\n raise(ArgumentError, 'Must specify a reference') unless reference\n if !params || params == ''\n params = {}\n end\n ret = false\n\n if Puppet::Util::Package.versioncmp(Puppet.version, '4.6.0') >= 0\n # Workaround for PE-20308\n if reference.is_a?(String)\n type_name, title = Puppet::Resource.type_and_title(reference, nil)\n type = Puppet::Pops::Evaluator::Runtime3ResourceSupport.find_resource_type_or_class(find_global_scope, type_name.downcase)\n elsif reference.is_a?(Puppet::Resource)\n type = reference.type\n title = reference.title\n else\n raise(ArgumentError, \"Reference is not understood: '#{reference.class}'\")\n end\n # end workaround\n else\n type = reference.to_s\n title = nil\n end\n\n resources = if title.empty?\n catalog.resources.select { |r| r.type == type }\n else\n [findresource(type, title)]\n end\n\n resources.compact.each do |res|\n # If you call this from within a defined type, it will find itself\n next if res.to_s == resource.to_s\n\n matches = params.map do |key, value|\n # eql? avoids bugs caused by monkeypatching in puppet\n res_is_undef = res[key].eql?(:undef) || res[key].nil?\n value_is_undef = value.eql?(:undef) || value.nil?\n found_match = (res_is_undef && value_is_undef) || (res[key] == value)\n\n Puppet.debug(\"Matching resource is #{res}\") if found_match\n\n found_match\n end\n ret = params.empty? || !matches.include?(false)\n\n break if ret\n end\n\n Puppet.debug(\"Resource #{reference} was not determined to be defined\") unless ret\n\n ret\nend"}, {"name": "delete", "file": "lib/puppet/parser/functions/delete.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "delete()", "docstring": {"text": "> *Note:*\nFrom Puppet 4.0.0 the minus (-) operator deletes values from arrays and keys from a hash\n`{'a'=>1,'b'=>2,'c'=>3} - ['b','c'])`\n>\nA global delete from a string can be performed with the\n[`regsubst`](https://puppet.com/docs/puppet/latest/function.html#regsubst) function:\n`'abracadabra'.regsubst(/bra/, '', 'G')`\n\nIn general, the built-in [`filter`](https://puppet.com/docs/puppet/latest/function.html#filter)\nfunction can filter out entries from arrays and hashes based on keys and/or values.", "tags": [{"tag_name": "example", "text": "\ndelete(['a','b','c','b'], 'b')\nWould return: ['a','c']\n\ndelete({'a'=>1,'b'=>2,'c'=>3}, 'b')\nWould return: {'a'=>1,'c'=>3}\n\ndelete({'a'=>1,'b'=>2,'c'=>3}, ['b','c'])\nWould return: {'a'=>1}\n\ndelete('abracadabra', 'bra')\nWould return: 'acada'\n\n['a', 'b', 'c', 'b'] - 'b'\nWould return: ['a', 'c']\n\n{'a'=>1,'b'=>2,'c'=>3} - ['b','c'])\nWould return: {'a' => '1'}\n\n'abracadabra'.regsubst(/bra/, '', 'G')\nWould return: 'acada'", "name": "Example usage"}, {"tag_name": "return", "text": "The filtered String, if one was given.", "types": ["String"]}, {"tag_name": "return", "text": "The filtered Hash, if one was given.", "types": ["Hash"]}, {"tag_name": "return", "text": "The filtered Array, if one was given.", "types": ["Array"]}]}}], "docstring": {"text": "> *Note:*\nFrom Puppet 4.0.0 the minus (-) operator deletes values from arrays and keys from a hash\n`{'a'=>1,'b'=>2,'c'=>3} - ['b','c'])`\n>\nA global delete from a string can be performed with the\n[`regsubst`](https://puppet.com/docs/puppet/latest/function.html#regsubst) function:\n`'abracadabra'.regsubst(/bra/, '', 'G')`\n\nIn general, the built-in [`filter`](https://puppet.com/docs/puppet/latest/function.html#filter)\nfunction can filter out entries from arrays and hashes based on keys and/or values.", "tags": [{"tag_name": "example", "text": "\ndelete(['a','b','c','b'], 'b')\nWould return: ['a','c']\n\ndelete({'a'=>1,'b'=>2,'c'=>3}, 'b')\nWould return: {'a'=>1,'c'=>3}\n\ndelete({'a'=>1,'b'=>2,'c'=>3}, ['b','c'])\nWould return: {'a'=>1}\n\ndelete('abracadabra', 'bra')\nWould return: 'acada'\n\n['a', 'b', 'c', 'b'] - 'b'\nWould return: ['a', 'c']\n\n{'a'=>1,'b'=>2,'c'=>3} - ['b','c'])\nWould return: {'a' => '1'}\n\n'abracadabra'.regsubst(/bra/, '', 'G')\nWould return: 'acada'", "name": "Example usage"}, {"tag_name": "return", "text": "The filtered String, if one was given.", "types": ["String"]}, {"tag_name": "return", "text": "The filtered Hash, if one was given.", "types": ["Hash"]}, {"tag_name": "return", "text": "The filtered Array, if one was given.", "types": ["Array"]}, {"tag_name": "summary", "text": "Deletes all instances of a given element from an array, substring from a\nstring, or key from a hash."}]}, "source": "newfunction(:delete, type: :rvalue, doc: <<-DOC\n @summary\n Deletes all instances of a given element from an array, substring from a\n string, or key from a hash.\n\n @example Example usage\n\n delete(['a','b','c','b'], 'b')\n Would return: ['a','c']\n\n delete({'a'=>1,'b'=>2,'c'=>3}, 'b')\n Would return: {'a'=>1,'c'=>3}\n\n delete({'a'=>1,'b'=>2,'c'=>3}, ['b','c'])\n Would return: {'a'=>1}\n\n delete('abracadabra', 'bra')\n Would return: 'acada'\n\n ['a', 'b', 'c', 'b'] - 'b'\n Would return: ['a', 'c']\n\n {'a'=>1,'b'=>2,'c'=>3} - ['b','c'])\n Would return: {'a' => '1'}\n\n 'abracadabra'.regsubst(/bra/, '', 'G')\n Would return: 'acada'\n\n > *Note:*\n From Puppet 4.0.0 the minus (-) operator deletes values from arrays and keys from a hash\n `{'a'=>1,'b'=>2,'c'=>3} - ['b','c'])`\n >\n A global delete from a string can be performed with the\n [`regsubst`](https://puppet.com/docs/puppet/latest/function.html#regsubst) function:\n `'abracadabra'.regsubst(/bra/, '', 'G')`\n\n In general, the built-in [`filter`](https://puppet.com/docs/puppet/latest/function.html#filter)\n function can filter out entries from arrays and hashes based on keys and/or values.\n\n @return [String] The filtered String, if one was given.\n @return [Hash] The filtered Hash, if one was given.\n @return [Array] The filtered Array, if one was given.\nDOC\n) do |arguments|\n raise(Puppet::ParseError, \"delete(): Wrong number of arguments given #{arguments.size} for 2\") unless arguments.size == 2\n\n collection = arguments[0].dup\n Array(arguments[1]).each do |item|\n case collection\n when Array, Hash\n collection.delete item\n when String\n collection.gsub! item, ''\n else\n raise(TypeError, \"delete(): First argument must be an Array, String, or Hash. Given an argument of class #{collection.class}.\")\n end\n end\n collection\nend"}, {"name": "delete_at", "file": "lib/puppet/parser/functions/delete_at.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "delete_at()", "docstring": {"text": "For example\n ```delete_at(['a','b','c'], 1)```\n\nWould return: `['a','c']`\n\n> *Note:*\n Since Puppet 4 this can be done in general with the built-in\n [`filter`](https://puppet.com/docs/puppet/latest/function.html#filter) function:\n\n ```['a', 'b', 'c'].filter |$pos, $val | { $pos != 1 }```\n\nOr if a delete is wanted from the beginning or end of the array, by using the slice operator [ ]:\n ```\n $array[0, -1] # the same as all the values\n $array[2, -1] # all but the first 2 elements\n $array[0, -3] # all but the last 2 elements\n $array[1, -2] # all but the first and last element\n ```", "tags": [{"tag_name": "return", "text": "The given array, now missing the tar", "types": ["Array"]}]}}], "docstring": {"text": "For example\n ```delete_at(['a','b','c'], 1)```\n\nWould return: `['a','c']`\n\n> *Note:*\n Since Puppet 4 this can be done in general with the built-in\n [`filter`](https://puppet.com/docs/puppet/latest/function.html#filter) function:\n\n ```['a', 'b', 'c'].filter |$pos, $val | { $pos != 1 }```\n\nOr if a delete is wanted from the beginning or end of the array, by using the slice operator [ ]:\n ```\n $array[0, -1] # the same as all the values\n $array[2, -1] # all but the first 2 elements\n $array[0, -3] # all but the last 2 elements\n $array[1, -2] # all but the first and last element\n ```", "tags": [{"tag_name": "return", "text": "The given array, now missing the tar", "types": ["Array"]}, {"tag_name": "summary", "text": "Deletes a determined indexed value from an array."}]}, "source": "newfunction(:delete_at, type: :rvalue, doc: <<-DOC) do |arguments|\n @summary\n Deletes a determined indexed value from an array.\n\n For example\n ```delete_at(['a','b','c'], 1)```\n\n Would return: `['a','c']`\n\n > *Note:*\n Since Puppet 4 this can be done in general with the built-in\n [`filter`](https://puppet.com/docs/puppet/latest/function.html#filter) function:\n\n ```['a', 'b', 'c'].filter |$pos, $val | { $pos != 1 }```\n\n Or if a delete is wanted from the beginning or end of the array, by using the slice operator [ ]:\n ```\n $array[0, -1] # the same as all the values\n $array[2, -1] # all but the first 2 elements\n $array[0, -3] # all but the last 2 elements\n $array[1, -2] # all but the first and last element\n ```\n\n @return [Array] The given array, now missing the target value\n\nDOC\n\n raise(Puppet::ParseError, \"delete_at(): Wrong number of arguments given (#{arguments.size} for 2)\") if arguments.size < 2\n\n array = arguments[0]\n\n unless array.is_a?(Array)\n raise(Puppet::ParseError, 'delete_at(): Requires array to work with')\n end\n\n index = arguments[1]\n\n if index.is_a?(String) && !index.match(%r{^\\d+$})\n raise(Puppet::ParseError, 'delete_at(): You must provide non-negative numeric index')\n end\n\n result = array.clone\n\n # Numbers in Puppet are often string-encoded which is troublesome ...\n index = index.to_i\n\n if index > result.size - 1 # First element is at index 0 is it not?\n raise(Puppet::ParseError, 'delete_at(): Given index exceeds size of array given')\n end\n\n result.delete_at(index) # We ignore the element that got deleted ...\n\n return result\nend"}, {"name": "delete_regex", "file": "lib/puppet/parser/functions/delete_regex.rb", "line": 8, "type": "ruby3x", "signatures": [{"signature": "delete_regex()", "docstring": {"text": "Multiple regular expressions are assumed to be matched as an OR.\n\n> *Note:*\nSince Puppet 4 this can be done in general with the built-in\n[`filter`](https://puppet.com/docs/puppet/latest/function.html#filter) function:\n[\"aaa\", \"aba\", \"aca\"].filter |$val| { $val !~ /b/ }\nWould return: ['aaa', 'aca']", "tags": [{"tag_name": "example", "text": "\ndelete_regex(['a','b','c','b'], 'b')\nWould return: ['a','c']\n\ndelete_regex(['a','b','c','b'], ['b', 'c'])\nWould return: ['a']\n\ndelete_regex({'a'=>1,'b'=>2,'c'=>3}, 'b')\nWould return: {'a'=>1,'c'=>3}\n\ndelete_regex({'a'=>1,'b'=>2,'c'=>3}, '^a$')\nWould return: {'b'=>2,'c'=>3}", "name": "Example usage"}, {"tag_name": "return", "text": "The given array now missing all targeted values.", "types": ["Array"]}]}}], "docstring": {"text": "Multiple regular expressions are assumed to be matched as an OR.\n\n> *Note:*\nSince Puppet 4 this can be done in general with the built-in\n[`filter`](https://puppet.com/docs/puppet/latest/function.html#filter) function:\n[\"aaa\", \"aba\", \"aca\"].filter |$val| { $val !~ /b/ }\nWould return: ['aaa', 'aca']", "tags": [{"tag_name": "example", "text": "\ndelete_regex(['a','b','c','b'], 'b')\nWould return: ['a','c']\n\ndelete_regex(['a','b','c','b'], ['b', 'c'])\nWould return: ['a']\n\ndelete_regex({'a'=>1,'b'=>2,'c'=>3}, 'b')\nWould return: {'a'=>1,'c'=>3}\n\ndelete_regex({'a'=>1,'b'=>2,'c'=>3}, '^a$')\nWould return: {'b'=>2,'c'=>3}", "name": "Example usage"}, {"tag_name": "return", "text": "The given array now missing all targeted values.", "types": ["Array"]}, {"tag_name": "summary", "text": "Deletes all instances of a given element that match a regular expression\nfrom an array or key from a hash."}]}, "source": "newfunction(:delete_regex, type: :rvalue, doc: <<-DOC\n @summary\n Deletes all instances of a given element that match a regular expression\n from an array or key from a hash.\n\n Multiple regular expressions are assumed to be matched as an OR.\n\n @example Example usage\n\n delete_regex(['a','b','c','b'], 'b')\n Would return: ['a','c']\n\n delete_regex(['a','b','c','b'], ['b', 'c'])\n Would return: ['a']\n\n delete_regex({'a'=>1,'b'=>2,'c'=>3}, 'b')\n Would return: {'a'=>1,'c'=>3}\n\n delete_regex({'a'=>1,'b'=>2,'c'=>3}, '^a$')\n Would return: {'b'=>2,'c'=>3}\n\n > *Note:*\n Since Puppet 4 this can be done in general with the built-in\n [`filter`](https://puppet.com/docs/puppet/latest/function.html#filter) function:\n [\"aaa\", \"aba\", \"aca\"].filter |$val| { $val !~ /b/ }\n Would return: ['aaa', 'aca']\n\n @return [Array] The given array now missing all targeted values.\nDOC\n) do |arguments|\n raise(Puppet::ParseError, \"delete_regex(): Wrong number of arguments given #{arguments.size} for 2\") unless arguments.size == 2\n\n collection = arguments[0].dup\n Array(arguments[1]).each do |item|\n case collection\n when Array, Hash, String\n collection.reject! { |coll_item| (coll_item =~ %r{\\b#{item}\\b}) }\n else\n raise(TypeError, \"delete_regex(): First argument must be an Array, Hash, or String. Given an argument of class #{collection.class}.\")\n end\n end\n collection\nend"}, {"name": "delete_undef_values", "file": "lib/puppet/parser/functions/delete_undef_values.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "delete_undef_values()", "docstring": {"text": "> *Note:*\nSince Puppet 4.0.0 the equivalent can be performed with the built-in\n[`filter`](https://puppet.com/docs/puppet/latest/function.html#filter) function:\n$array.filter |$val| { $val =~ NotUndef }\n$hash.filter |$key, $val| { $val =~ NotUndef }", "tags": [{"tag_name": "example", "text": "\n$hash = delete_undef_values({a=>'A', b=>'', c=>undef, d => false})\nWould return: {a => 'A', b => '', d => false}\n\nWhile:\n$array = delete_undef_values(['A','',undef,false])\nWould return: ['A','',false]", "name": "Example usage"}, {"tag_name": "return", "text": "The given array now issing of undefined values.", "types": ["Array"]}]}}], "docstring": {"text": "> *Note:*\nSince Puppet 4.0.0 the equivalent can be performed with the built-in\n[`filter`](https://puppet.com/docs/puppet/latest/function.html#filter) function:\n$array.filter |$val| { $val =~ NotUndef }\n$hash.filter |$key, $val| { $val =~ NotUndef }", "tags": [{"tag_name": "example", "text": "\n$hash = delete_undef_values({a=>'A', b=>'', c=>undef, d => false})\nWould return: {a => 'A', b => '', d => false}\n\nWhile:\n$array = delete_undef_values(['A','',undef,false])\nWould return: ['A','',false]", "name": "Example usage"}, {"tag_name": "return", "text": "The given array now issing of undefined values.", "types": ["Array"]}, {"tag_name": "summary", "text": "Returns a copy of input hash or array with all undefs deleted."}]}, "source": "newfunction(:delete_undef_values, type: :rvalue, doc: <<-DOC\n @summary\n Returns a copy of input hash or array with all undefs deleted.\n\n @example Example usage\n\n $hash = delete_undef_values({a=>'A', b=>'', c=>undef, d => false})\n Would return: {a => 'A', b => '', d => false}\n\n While:\n $array = delete_undef_values(['A','',undef,false])\n Would return: ['A','',false]\n\n > *Note:*\n Since Puppet 4.0.0 the equivalent can be performed with the built-in\n [`filter`](https://puppet.com/docs/puppet/latest/function.html#filter) function:\n $array.filter |$val| { $val =~ NotUndef }\n $hash.filter |$key, $val| { $val =~ NotUndef }\n\n @return [Array] The given array now issing of undefined values.\n DOC\n) do |args|\n raise(Puppet::ParseError, \"delete_undef_values(): Wrong number of arguments given (#{args.size})\") if args.empty?\n\n unless args[0].is_a?(Array) || args[0].is_a?(Hash)\n raise(Puppet::ParseError, \"delete_undef_values(): expected an array or hash, got #{args[0]} type #{args[0].class} \")\n end\n result = args[0].dup\n if result.is_a?(Hash)\n result.delete_if { |_, val| val.equal?(:undef) || val.nil? }\n elsif result.is_a?(Array)\n result.delete :undef\n result.delete nil\n end\n result\nend"}, {"name": "delete_values", "file": "lib/puppet/parser/functions/delete_values.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "delete_values()", "docstring": {"text": "> *Note:*\nSince Puppet 4.0.0 the equivalent can be performed with the\nbuilt-in [`filter`](https://puppet.com/docs/puppet/latest/function.html#filter) function:\n$array.filter |$val| { $val != 'B' }\n$hash.filter |$key, $val| { $val != 'B' }", "tags": [{"tag_name": "example", "text": "\ndelete_values({'a'=>'A','b'=>'B','c'=>'C','B'=>'D'}, 'B')\nWould return: {'a'=>'A','c'=>'C','B'=>'D'}", "name": "Example usage"}, {"tag_name": "return", "text": "The given hash now missing all instances of the targeted value", "types": ["Hash"]}]}}], "docstring": {"text": "> *Note:*\nSince Puppet 4.0.0 the equivalent can be performed with the\nbuilt-in [`filter`](https://puppet.com/docs/puppet/latest/function.html#filter) function:\n$array.filter |$val| { $val != 'B' }\n$hash.filter |$key, $val| { $val != 'B' }", "tags": [{"tag_name": "example", "text": "\ndelete_values({'a'=>'A','b'=>'B','c'=>'C','B'=>'D'}, 'B')\nWould return: {'a'=>'A','c'=>'C','B'=>'D'}", "name": "Example usage"}, {"tag_name": "return", "text": "The given hash now missing all instances of the targeted value", "types": ["Hash"]}, {"tag_name": "summary", "text": "Deletes all instances of a given value from a hash."}]}, "source": "newfunction(:delete_values, type: :rvalue, doc: <<-DOC\n @summary\n Deletes all instances of a given value from a hash.\n\n @example Example usage\n\n delete_values({'a'=>'A','b'=>'B','c'=>'C','B'=>'D'}, 'B')\n Would return: {'a'=>'A','c'=>'C','B'=>'D'}\n\n > *Note:*\n Since Puppet 4.0.0 the equivalent can be performed with the\n built-in [`filter`](https://puppet.com/docs/puppet/latest/function.html#filter) function:\n $array.filter |$val| { $val != 'B' }\n $hash.filter |$key, $val| { $val != 'B' }\n\n @return [Hash] The given hash now missing all instances of the targeted value\n DOC\n) do |arguments|\n raise(Puppet::ParseError, \"delete_values(): Wrong number of arguments given (#{arguments.size} of 2)\") if arguments.size != 2\n\n hash, item = arguments\n\n unless hash.is_a?(Hash)\n raise(TypeError, \"delete_values(): First argument must be a Hash. Given an argument of class #{hash.class}.\")\n end\n hash.dup.delete_if { |_key, val| item == val }\nend"}, {"name": "deprecation", "file": "lib/puppet/functions/deprecation.rb", "line": 12, "type": "ruby4x", "signatures": [{"signature": "deprecation(String $key, String $message)", "docstring": {"text": "Function to print deprecation warnings, Logs a warning once for a given key.\n\nThe uniqueness key - can appear once.\nThe msg is the message text including any positional information that is formatted by the\nuser/caller of the method.\nIt is affected by the puppet setting 'strict', which can be set to :error\n(outputs as an error message), :off (no message / error is displayed) and :warning\n(default, outputs a warning) *Type*: String, String.", "tags": [{"tag_name": "param", "types": ["String"], "name": "key"}, {"tag_name": "param", "types": ["String"], "name": "message"}, {"tag_name": "return", "text": "deprecated warnings", "types": ["Any"]}]}}], "docstring": {"text": "Function to print deprecation warnings, Logs a warning once for a given key.\n\nThe uniqueness key - can appear once.\nThe msg is the message text including any positional information that is formatted by the\nuser/caller of the method.\nIt is affected by the puppet setting 'strict', which can be set to :error\n(outputs as an error message), :off (no message / error is displayed) and :warning\n(default, outputs a warning) *Type*: String, String.", "tags": [{"tag_name": "param", "types": ["String"], "name": "key"}, {"tag_name": "param", "types": ["String"], "name": "message"}, {"tag_name": "return", "text": "deprecated warnings", "types": ["Any"]}]}, "source": "Puppet::Functions.create_function(:deprecation) do\n # @param key\n # @param message\n # @return deprecated warnings\n dispatch :deprecation do\n param 'String', :key\n param 'String', :message\n end\n\n def deprecation(key, message)\n if defined? Puppet::Pops::PuppetStack.stacktrace\n stacktrace = Puppet::Pops::PuppetStack.stacktrace()\n file = stacktrace[0]\n line = stacktrace[1]\n message = \"#{message} at #{file}:#{line}\"\n end\n # depending on configuration setting of strict\n case Puppet.settings[:strict]\n when :off\n # do nothing\n when :error\n raise(\"deprecation. #{key}. #{message}\")\n else\n unless ENV['STDLIB_LOG_DEPRECATIONS'] == 'false'\n Puppet.deprecation_warning(message, key)\n end\n end\n end\nend"}, {"name": "deprecation", "file": "lib/puppet/parser/functions/deprecation.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "deprecation()", "docstring": {"text": "The uniqueness key - can appear once. The msg is the message text including any positional\ninformation that is formatted by the user/caller of the method.).", "tags": [{"tag_name": "return", "text": "return deprecation warnings", "types": ["String"]}]}}], "docstring": {"text": "The uniqueness key - can appear once. The msg is the message text including any positional\ninformation that is formatted by the user/caller of the method.).", "tags": [{"tag_name": "return", "text": "return deprecation warnings", "types": ["String"]}, {"tag_name": "summary", "text": "Function to print deprecation warnings (this is the 3.X version of it)."}]}, "source": "newfunction(:deprecation, doc: <<-DOC\n@summary\n Function to print deprecation warnings (this is the 3.X version of it).\n\nThe uniqueness key - can appear once. The msg is the message text including any positional\ninformation that is formatted by the user/caller of the method.).\n\n@return [String]\n return deprecation warnings\nDOC\n) do |arguments|\n raise(Puppet::ParseError, \"deprecation: Wrong number of arguments given (#{arguments.size} for 2)\") unless arguments.size == 2\n\n key = arguments[0]\n message = arguments[1]\n\n if ENV['STDLIB_LOG_DEPRECATIONS'] == 'true'\n warning(\"deprecation. #{key}. #{message}\")\n end\nend"}, {"name": "difference", "file": "lib/puppet/parser/functions/difference.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "difference()", "docstring": {"text": "The returned array is a copy of the original array, removing any items that\nalso appear in the second array.\n\n> *Note:*\nSince Puppet 4 the minus (-) operator in the Puppet language does the same thing:\n['a', 'b', 'c'] - ['b', 'c', 'd']\nWould return: `['a']`", "tags": [{"tag_name": "example", "text": "\ndifference([\"a\",\"b\",\"c\"],[\"b\",\"c\",\"d\"])\nWould return: `[\"a\"]`", "name": "Example usage"}, {"tag_name": "return", "text": "The difference between the two given arrays", "types": ["Array"]}]}}], "docstring": {"text": "The returned array is a copy of the original array, removing any items that\nalso appear in the second array.\n\n> *Note:*\nSince Puppet 4 the minus (-) operator in the Puppet language does the same thing:\n['a', 'b', 'c'] - ['b', 'c', 'd']\nWould return: `['a']`", "tags": [{"tag_name": "example", "text": "\ndifference([\"a\",\"b\",\"c\"],[\"b\",\"c\",\"d\"])\nWould return: `[\"a\"]`", "name": "Example usage"}, {"tag_name": "return", "text": "The difference between the two given arrays", "types": ["Array"]}, {"tag_name": "summary", "text": "This function returns the difference between two arrays."}]}, "source": "newfunction(:difference, type: :rvalue, doc: <<-DOC\n @summary\n This function returns the difference between two arrays.\n\n The returned array is a copy of the original array, removing any items that\n also appear in the second array.\n\n @example Example usage\n\n difference([\"a\",\"b\",\"c\"],[\"b\",\"c\",\"d\"])\n Would return: `[\"a\"]`\n\n > *Note:*\n Since Puppet 4 the minus (-) operator in the Puppet language does the same thing:\n ['a', 'b', 'c'] - ['b', 'c', 'd']\n Would return: `['a']`\n\n @return [Array]\n The difference between the two given arrays\n\n DOC\n) do |arguments|\n # Two arguments are required\n raise(Puppet::ParseError, \"difference(): Wrong number of arguments given (#{arguments.size} for 2)\") if arguments.size != 2\n\n first = arguments[0]\n second = arguments[1]\n\n unless first.is_a?(Array) && second.is_a?(Array)\n raise(Puppet::ParseError, 'difference(): Requires 2 arrays')\n end\n\n result = first - second\n\n return result\nend"}, {"name": "dig", "file": "lib/puppet/parser/functions/dig.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "dig()", "docstring": {"text": "In addition to the required path argument, the function accepts the default argument.\nIt is returned if the path is not correct, if no value was found, or if any other error\nhas occurred.\n\n ```ruby\n $data = {\n 'a' => {\n 'b' => [\n 'b1',\n 'b2',\n 'b3',\n ]\n }\n }\n\n $value = dig($data, ['a', 'b', 2])\n # $value = 'b3'\n\n # with all possible options\n $value = dig($data, ['a', 'b', 2], 'not_found')\n # $value = 'b3'\n\n # using the default value\n $value = dig($data, ['a', 'b', 'c', 'd'], 'not_found')\n # $value = 'not_found'\n ```\n\n 1. `$data` The data structure we are working with.\n 2. `['a', 'b', 2]` The path array.\n 3. `not_found` The default value. It is returned if nothing is found.\n\n> **Note:*\n **Deprecated** This function has been replaced with a built-in\n [`dig`](https://puppet.com/docs/puppet/latest/function.html#dig) function as of\n Puppet 4.5.0. Use [`dig44()`](#dig44) for backwards compatibility or use the new version.", "tags": [{"tag_name": "return", "text": "The function goes through the structure by each path component and tries to return\nthe value at the end of the path.", "types": ["Any"]}]}}], "docstring": {"text": "In addition to the required path argument, the function accepts the default argument.\nIt is returned if the path is not correct, if no value was found, or if any other error\nhas occurred.\n\n ```ruby\n $data = {\n 'a' => {\n 'b' => [\n 'b1',\n 'b2',\n 'b3',\n ]\n }\n }\n\n $value = dig($data, ['a', 'b', 2])\n # $value = 'b3'\n\n # with all possible options\n $value = dig($data, ['a', 'b', 2], 'not_found')\n # $value = 'b3'\n\n # using the default value\n $value = dig($data, ['a', 'b', 'c', 'd'], 'not_found')\n # $value = 'not_found'\n ```\n\n 1. `$data` The data structure we are working with.\n 2. `['a', 'b', 2]` The path array.\n 3. `not_found` The default value. It is returned if nothing is found.\n\n> **Note:*\n **Deprecated** This function has been replaced with a built-in\n [`dig`](https://puppet.com/docs/puppet/latest/function.html#dig) function as of\n Puppet 4.5.0. Use [`dig44()`](#dig44) for backwards compatibility or use the new version.", "tags": [{"tag_name": "return", "text": "The function goes through the structure by each path component and tries to return\nthe value at the end of the path.", "types": ["Any"]}, {"tag_name": "summary", "text": "**DEPRECATED** Retrieves a value within multiple layers of hashes and arrays via an\narray of keys containing a path."}]}, "source": "newfunction(:dig, type: :rvalue, doc: <<-DOC\n @summary\n **DEPRECATED** Retrieves a value within multiple layers of hashes and arrays via an\n array of keys containing a path.\n\n @return\n The function goes through the structure by each path component and tries to return\n the value at the end of the path.\n\n In addition to the required path argument, the function accepts the default argument.\n It is returned if the path is not correct, if no value was found, or if any other error\n has occurred.\n\n ```ruby\n $data = {\n 'a' => {\n 'b' => [\n 'b1',\n 'b2',\n 'b3',\n ]\n }\n }\n\n $value = dig($data, ['a', 'b', 2])\n # $value = 'b3'\n\n # with all possible options\n $value = dig($data, ['a', 'b', 2], 'not_found')\n # $value = 'b3'\n\n # using the default value\n $value = dig($data, ['a', 'b', 'c', 'd'], 'not_found')\n # $value = 'not_found'\n ```\n\n 1. `$data` The data structure we are working with.\n 2. `['a', 'b', 2]` The path array.\n 3. `not_found` The default value. It is returned if nothing is found.\n\n > **Note:*\n **Deprecated** This function has been replaced with a built-in\n [`dig`](https://puppet.com/docs/puppet/latest/function.html#dig) function as of\n Puppet 4.5.0. Use [`dig44()`](#dig44) for backwards compatibility or use the new version.\n DOC\n) do |arguments|\n warning('dig() DEPRECATED: This function has been replaced in Puppet 4.5.0, please use dig44() for backwards compatibility or use the new version.')\n unless Puppet::Parser::Functions.autoloader.loaded?(:dig44)\n Puppet::Parser::Functions.autoloader.load(:dig44)\n end\n function_dig44(arguments)\nend"}, {"name": "dig44", "file": "lib/puppet/parser/functions/dig44.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "dig44()", "docstring": {"text": "", "tags": [{"tag_name": "return", "text": "", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "return", "text": "", "types": ["Any"]}]}, "source": "newfunction(\n :dig44,\n type: :rvalue,\n arity: -2,\n doc: <<-DOC,\n @summary\n **DEPRECATED**: Looks up into a complex structure of arrays and hashes and returns a value\n or the default value if nothing was found.\n\n Key can contain slashes to describe path components. The function will go down\n the structure and try to extract the required value.\n\n ```\n $data = {\n 'a' => {\n 'b' => [\n 'b1',\n 'b2',\n 'b3',\n ]\n }\n }\n\n $value = dig44($data, ['a', 'b', 2])\n # $value = 'b3'\n\n # with all possible options\n $value = dig44($data, ['a', 'b', 2], 'not_found')\n # $value = 'b3'\n\n # using the default value\n $value = dig44($data, ['a', 'b', 'c', 'd'], 'not_found')\n # $value = 'not_found'\n ```\n\n > **Note:* **Deprecated** This function has been replaced with a built-in\n [`dig`](https://puppet.com/docs/puppet/latest/function.html#dig) function as of\n Puppet 4.5.0.\n\n @return [String] 'not_found' will be returned if nothing is found\n @return [Any] the value that was searched for\nDOC\n) do |arguments|\n # Two arguments are required\n raise(Puppet::ParseError, \"dig44(): Wrong number of arguments given (#{arguments.size} for at least 2)\") if arguments.size < 2\n\n data, path, default = *arguments\n\n raise(Puppet::ParseError, \"dig44(): first argument must be a hash or an array, given #{data.class.name}\") unless data.is_a?(Hash) || data.is_a?(Array)\n raise(Puppet::ParseError, \"dig44(): second argument must be an array, given #{path.class.name}\") unless path.is_a? Array\n\n value = path.reduce(data) do |structure, key|\n break unless structure.is_a?(Hash) || structure.is_a?(Array)\n if structure.is_a? Array\n begin\n key = Integer key\n rescue\n break\n end\n end\n break if structure[key].nil? || structure[key] == :undef\n structure[key]\n end\n value.nil? ? default : value\nend"}, {"name": "dirname", "file": "lib/puppet/parser/functions/dirname.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "dirname()", "docstring": {"text": "", "tags": [{"tag_name": "return", "text": "the given path's dirname", "types": ["String"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "return", "text": "the given path's dirname", "types": ["String"]}, {"tag_name": "summary", "text": "Returns the dirname of a path."}]}, "source": "newfunction(:dirname, type: :rvalue, doc: <<-DOC\n @summary\n Returns the dirname of a path.\n\n @return [String] the given path's dirname\n DOC\n) do |arguments|\n if arguments.empty?\n raise(Puppet::ParseError, 'dirname(): No arguments given')\n end\n if arguments.size > 1\n raise(Puppet::ParseError, \"dirname(): Too many arguments given (#{arguments.size})\")\n end\n unless arguments[0].is_a?(String)\n raise(Puppet::ParseError, 'dirname(): Requires string as argument')\n end\n # undef is converted to an empty string ''\n if arguments[0].empty?\n raise(Puppet::ParseError, 'dirname(): Requires a non-empty string as argument')\n end\n\n return File.dirname(arguments[0])\nend"}, {"name": "dos2unix", "file": "lib/puppet/parser/functions/dos2unix.rb", "line": 5, "type": "ruby3x", "signatures": [{"signature": "dos2unix()", "docstring": {"text": "Takes a single string argument.", "tags": [{"tag_name": "return", "text": "The retrieved version", "types": ["Any"]}]}}], "docstring": {"text": "Takes a single string argument.", "tags": [{"tag_name": "return", "text": "The retrieved version", "types": ["Any"]}, {"tag_name": "summary", "text": "Returns the Unix version of the given string."}]}, "source": "newfunction(:dos2unix, type: :rvalue, arity: 1, doc: <<-DOC\n @summary\n Returns the Unix version of the given string.\n\n Takes a single string argument.\n\n @return The retrieved version\n DOC\n) do |arguments|\n unless arguments[0].is_a?(String)\n raise(Puppet::ParseError, 'dos2unix(): Requires string as argument')\n end\n\n arguments[0].gsub(%r{\\r\\n}, \"\\n\")\nend"}, {"name": "downcase", "file": "lib/puppet/parser/functions/downcase.rb", "line": 8, "type": "ruby3x", "signatures": [{"signature": "downcase()", "docstring": {"text": "> *Note:* **Deprecated** from Puppet 6.0.0, this function has been replaced with a\nbuilt-in [`downcase`](https://puppet.com/docs/puppet/latest/function.html#downcase) function.\n>\nThis function is an implementation of a Ruby class and might not be UTF8 compatible.\nTo ensure compatibility, use this function with Ruby 2.4.0 or greater.", "tags": [{"tag_name": "return", "text": "The converted String, if it was a String that was given", "types": ["String"]}, {"tag_name": "return", "text": "The converted Array, if it was a Array that was given", "types": ["Array[String]"]}]}}], "docstring": {"text": "> *Note:* **Deprecated** from Puppet 6.0.0, this function has been replaced with a\nbuilt-in [`downcase`](https://puppet.com/docs/puppet/latest/function.html#downcase) function.\n>\nThis function is an implementation of a Ruby class and might not be UTF8 compatible.\nTo ensure compatibility, use this function with Ruby 2.4.0 or greater.", "tags": [{"tag_name": "return", "text": "The converted String, if it was a String that was given", "types": ["String"]}, {"tag_name": "return", "text": "The converted Array, if it was a Array that was given", "types": ["Array[String]"]}, {"tag_name": "summary", "text": "**Deprecated:** Converts the case of a string or all strings in an array to lower case."}]}, "source": "newfunction(:downcase, type: :rvalue, doc: <<-DOC\n @summary\n **Deprecated:** Converts the case of a string or all strings in an array to lower case.\n\n > *Note:* **Deprecated** from Puppet 6.0.0, this function has been replaced with a\n built-in [`downcase`](https://puppet.com/docs/puppet/latest/function.html#downcase) function.\n >\n This function is an implementation of a Ruby class and might not be UTF8 compatible.\n To ensure compatibility, use this function with Ruby 2.4.0 or greater.\n\n @return [String] The converted String, if it was a String that was given\n @return [Array[String]] The converted Array, if it was a Array that was given\nDOC\n) do |arguments|\n raise(Puppet::ParseError, \"downcase(): Wrong number of arguments given (#{arguments.size} for 1)\") if arguments.empty?\n\n value = arguments[0]\n\n unless value.is_a?(Array) || value.is_a?(String)\n raise(Puppet::ParseError, 'downcase(): Requires either array or string to work with')\n end\n\n result = if value.is_a?(Array)\n # Numbers in Puppet are often string-encoded which is troublesome ...\n value.map { |i| i.is_a?(String) ? i.downcase : i }\n else\n value.downcase\n end\n\n return result\nend"}, {"name": "empty", "file": "lib/puppet/parser/functions/empty.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "empty()", "docstring": {"text": "> *Note*: **Deprecated** from Puppet 5.5.0, the built-in\n[`empty`](https://puppet.com/docs/puppet/6.4/function.html#empty) function will be used instead.", "tags": [{"tag_name": "return", "text": "Returns `true` if the argument is an array or hash that contains no elements,\nor an empty string. Returns `false` when the argument is a numerical value.", "types": ["Any"]}]}}], "docstring": {"text": "> *Note*: **Deprecated** from Puppet 5.5.0, the built-in\n[`empty`](https://puppet.com/docs/puppet/6.4/function.html#empty) function will be used instead.", "tags": [{"tag_name": "return", "text": "Returns `true` if the argument is an array or hash that contains no elements,\nor an empty string. Returns `false` when the argument is a numerical value.", "types": ["Any"]}, {"tag_name": "summary", "text": "**Deprecated:** Returns true if the variable is empty."}]}, "source": "newfunction(:empty, type: :rvalue, doc: <<-DOC\n @summary\n **Deprecated:** Returns true if the variable is empty.\n\n @return\n Returns `true` if the argument is an array or hash that contains no elements,\n or an empty string. Returns `false` when the argument is a numerical value.\n\n > *Note*: **Deprecated** from Puppet 5.5.0, the built-in\n [`empty`](https://puppet.com/docs/puppet/6.4/function.html#empty) function will be used instead.\nDOC\n) do |arguments|\n raise(Puppet::ParseError, \"empty(): Wrong number of arguments given (#{arguments.size} for 1)\") if arguments.empty?\n value = arguments[0]\n\n unless value.is_a?(Array) || value.is_a?(Hash) || value.is_a?(String) || value.is_a?(Numeric)\n raise(Puppet::ParseError, 'empty(): Requires either array, hash, string or integer to work with')\n end\n\n return false if value.is_a?(Numeric)\n result = value.empty?\n return result\nend"}, {"name": "enclose_ipv6", "file": "lib/puppet/parser/functions/enclose_ipv6.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "enclose_ipv6()", "docstring": {"text": "", "tags": [{"tag_name": "return", "text": "encloses the ipv6 addresses with square brackets.", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "return", "text": "encloses the ipv6 addresses with square brackets.", "types": ["Any"]}, {"tag_name": "summary", "text": "Takes an array of ip addresses and encloses the ipv6 addresses with square brackets."}]}, "source": "newfunction(:enclose_ipv6, type: :rvalue, doc: <<-DOC\n @summary\n Takes an array of ip addresses and encloses the ipv6 addresses with square brackets.\n\n @return\n encloses the ipv6 addresses with square brackets.\n\nDOC\n) do |arguments|\n require 'ipaddr'\n\n rescuable_exceptions = [ArgumentError]\n if defined?(IPAddr::InvalidAddressError)\n rescuable_exceptions << IPAddr::InvalidAddressError\n end\n\n if arguments.size != 1\n raise(Puppet::ParseError, \"enclose_ipv6(): Wrong number of arguments given #{arguments.size} for 1\")\n end\n unless arguments[0].is_a?(String) || arguments[0].is_a?(Array)\n raise(Puppet::ParseError, \"enclose_ipv6(): Wrong argument type given #{arguments[0].class} expected String or Array\")\n end\n\n input = [arguments[0]].flatten.compact\n result = []\n\n input.each do |val|\n unless val == '*'\n begin\n ip = IPAddr.new(val)\n rescue *rescuable_exceptions\n raise(Puppet::ParseError, \"enclose_ipv6(): Wrong argument given #{val} is not an ip address.\")\n end\n val = \"[#{ip}]\" if ip.ipv6?\n end\n result << val\n end\n\n return result.uniq\nend"}, {"name": "ensure_packages", "file": "lib/puppet/parser/functions/ensure_packages.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "ensure_packages()", "docstring": {"text": "It optionally takes a hash as a second parameter that will be passed as the\nthird argument to the ensure_resource() function.", "tags": [{"tag_name": "return", "text": "install the passed packages", "types": ["Any"]}]}}], "docstring": {"text": "It optionally takes a hash as a second parameter that will be passed as the\nthird argument to the ensure_resource() function.", "tags": [{"tag_name": "return", "text": "install the passed packages", "types": ["Any"]}, {"tag_name": "summary", "text": "Takes a list of packages and only installs them if they don't already exist."}]}, "source": "newfunction(:ensure_packages, type: :statement, doc: <<-DOC\n @summary\n Takes a list of packages and only installs them if they don't already exist.\n\n It optionally takes a hash as a second parameter that will be passed as the\n third argument to the ensure_resource() function.\n\n @return\n install the passed packages\nDOC\n) do |arguments|\n raise(Puppet::ParseError, \"ensure_packages(): Wrong number of arguments given (#{arguments.size} for 1 or 2)\") if arguments.size > 2 || arguments.empty?\n raise(Puppet::ParseError, 'ensure_packages(): Requires second argument to be a Hash') if arguments.size == 2 && !arguments[1].is_a?(Hash)\n\n if arguments[0].is_a?(Hash)\n if arguments[1]\n defaults = { 'ensure' => 'installed' }.merge(arguments[1])\n if defaults['ensure'] == 'present'\n defaults['ensure'] = 'installed'\n end\n else\n defaults = { 'ensure' => 'installed' }\n end\n\n Puppet::Parser::Functions.function(:ensure_resources)\n function_ensure_resources(['package', arguments[0].dup, defaults])\n else\n packages = Array(arguments[0])\n\n if arguments[1]\n defaults = { 'ensure' => 'installed' }.merge(arguments[1])\n if defaults['ensure'] == 'present'\n defaults['ensure'] = 'installed'\n end\n else\n defaults = { 'ensure' => 'installed' }\n end\n\n Puppet::Parser::Functions.function(:ensure_resource)\n packages.each do |package_name|\n raise(Puppet::ParseError, 'ensure_packages(): Empty String provided for package name') if package_name.empty?\n function_ensure_resource(['package', package_name, defaults])\n end\n end\nend"}, {"name": "ensure_resource", "file": "lib/puppet/parser/functions/ensure_resource.rb", "line": 6, "type": "ruby3x", "signatures": [{"signature": "ensure_resource()", "docstring": {"text": "", "tags": [{"tag_name": "return", "text": "", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "return", "text": "", "types": ["Any"]}]}, "source": "Puppet::Parser::Functions.newfunction(:ensure_resource,\n type: :statement,\n doc: <<-DOC,\n @summary\n Takes a resource type, title, and a list of attributes that describe a\n resource.\n\n user { 'dan':\n ensure => present,\n }\n\n @return\n created or recreated the passed resource with the passed type and attributes\n\n @example Example usage\n\n Creates the resource if it does not already exist:\n\n ensure_resource('user', 'dan', {'ensure' => 'present' })\n\n If the resource already exists but does not match the specified parameters,\n this function will attempt to recreate the resource leading to a duplicate\n resource definition error.\n\n An array of resources can also be passed in and each will be created with\n the type and parameters specified if it doesn't already exist.\n\n ensure_resource('user', ['dan','alex'], {'ensure' => 'present'})\n\nDOC\n ) do |vals|\n type, title, params = vals\n raise(ArgumentError, 'Must specify a type') unless type\n raise(ArgumentError, 'Must specify a title') unless title\n params ||= {}\n\n items = [title].flatten\n\n items.each do |item|\n Puppet::Parser::Functions.function(:defined_with_params)\n if function_defined_with_params([\"#{type}[#{item}]\", params])\n Puppet.debug(\"Resource #{type}[#{item}] with params #{params} not created because it already exists\")\n else\n Puppet.debug(\"Create new resource #{type}[#{item}] with params #{params}\")\n Puppet::Parser::Functions.function(:create_resources)\n function_create_resources([type.capitalize, { item => params }])\n end\n end\nend"}, {"name": "ensure_resources", "file": "lib/puppet/parser/functions/ensure_resources.rb", "line": 5, "type": "ruby3x", "signatures": [{"signature": "ensure_resources()", "docstring": {"text": "", "tags": [{"tag_name": "return", "text": "", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "return", "text": "", "types": ["Any"]}]}, "source": "Puppet::Parser::Functions.newfunction(:ensure_resources,\n type: :statement,\n doc: <<-DOC,\n @summary\n Takes a resource type, title (only hash), and a list of attributes that describe a\n resource.\n\n @return\n created resources with the passed type and attributes\n\n @example Example usage\n\n user { 'dan':\n gid => 'mygroup',\n ensure => present,\n }\n\n An hash of resources should be passed in and each will be created with\n the type and parameters specified if it doesn't already exist.\n\n ensure_resources('user', {'dan' => { gid => 'mygroup', uid => '600' }, 'alex' => { gid => 'mygroup' }}, {'ensure' => 'present'})\n\n From Hiera Backend:\n\n userlist:\n dan:\n gid: 'mygroup'\n uid: '600'\n alex:\n gid: 'mygroup'\n\n Call:\n ensure_resources('user', hiera_hash('userlist'), {'ensure' => 'present'})\nDOC\n ) do |vals|\n type, title, params = vals\n raise(ArgumentError, 'Must specify a type') unless type\n raise(ArgumentError, 'Must specify a title') unless title\n params ||= {}\n\n raise(Puppet::ParseError, 'ensure_resources(): Requires second argument to be a Hash') unless title.is_a?(Hash)\n resource_hash = title.dup\n resources = resource_hash.keys\n\n Puppet::Parser::Functions.function(:ensure_resource)\n resources.each do |resource_name|\n params_merged = if resource_hash[resource_name]\n params.merge(resource_hash[resource_name])\n else\n params\n end\n function_ensure_resource([type, resource_name, params_merged])\n end\nend"}, {"name": "fact", "file": "lib/puppet/functions/fact.rb", "line": 19, "type": "ruby4x", "signatures": [{"signature": "fact(String $fact_name)", "docstring": {"text": "Supports the use of dot-notation for referring to structured facts. If a fact requested\ndoes not exist, returns Undef.", "tags": [{"tag_name": "example", "text": "fact('osfamily')\nfact('os.architecture')", "name": "Example usage:"}, {"tag_name": "example", "text": "fact('mountpoints.\"/dev\".options.1')", "name": "Array indexing:"}, {"tag_name": "example", "text": "fact('vmware.\"VRA.version\"')", "name": "Fact containing a \".\" in the name:"}, {"tag_name": "param", "text": "The name of the fact to check", "types": ["String"], "name": "fact_name"}, {"tag_name": "return", "text": "All information retrieved on the given fact_name", "types": ["Any"]}]}}], "docstring": {"text": "Supports the use of dot-notation for referring to structured facts. If a fact requested\ndoes not exist, returns Undef.", "tags": [{"tag_name": "example", "text": "fact('osfamily')\nfact('os.architecture')", "name": "Example usage:"}, {"tag_name": "example", "text": "fact('mountpoints.\"/dev\".options.1')", "name": "Array indexing:"}, {"tag_name": "example", "text": "fact('vmware.\"VRA.version\"')", "name": "Fact containing a \".\" in the name:"}, {"tag_name": "param", "text": "The name of the fact to check", "types": ["String"], "name": "fact_name"}, {"tag_name": "return", "text": "All information retrieved on the given fact_name", "types": ["Any"]}, {"tag_name": "summary", "text": "Digs into the facts hash using dot-notation"}]}, "source": "Puppet::Functions.create_function(:fact) do\n # @param fact_name\n # The name of the fact to check\n #\n # @return\n # All information retrieved on the given fact_name\n dispatch :fact do\n param 'String', :fact_name\n end\n\n def to_dot_syntax(array_path)\n array_path.map { |string|\n string.include?('.') ? %(\"#{string}\") : string\n }.join('.')\n end\n\n def fact(fact_name)\n facts = closure_scope['facts']\n\n # Transform the dot-notation string into an array of paths to walk. Make\n # sure to correctly extract double-quoted values containing dots as single\n # elements in the path.\n path = fact_name.scan(%r{([^.\"]+)|(?:\")([^\"]+)(?:\")}).map { |x| x.compact.first }\n\n walked_path = []\n path.reduce(facts) do |d, k|\n return nil if d.nil? || k.nil?\n\n if d.is_a?(Array)\n begin\n result = d[Integer(k)]\n rescue ArgumentError => e # rubocop:disable Lint/UselessAssignment : Causes errors if assigment is removed.\n Puppet.warning(\"fact request for #{fact_name} returning nil: '#{to_dot_syntax(walked_path)}' is an array; cannot index to '#{k}'\")\n result = nil\n end\n elsif d.is_a?(Hash)\n result = d[k]\n else\n Puppet.warning(\"fact request for #{fact_name} returning nil: '#{to_dot_syntax(walked_path)}' is not a collection; cannot walk to '#{k}'\")\n result = nil\n end\n\n walked_path << k\n result\n end\n end\nend"}, {"name": "flatten", "file": "lib/puppet/parser/functions/flatten.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "flatten()", "docstring": {"text": "> **Note:** **Deprecated** from Puppet 5.5.0, this function has been replaced with a\nbuilt-in [`flatten`](https://puppet.com/docs/puppet/latest/function.html#flatten) function.", "tags": [{"tag_name": "example", "text": "\nflatten(['a', ['b', ['c']]])` returns: `['a','b','c']", "name": "Example usage"}, {"tag_name": "return", "text": "convert nested arrays into a single flat array", "types": ["Any"]}]}}], "docstring": {"text": "> **Note:** **Deprecated** from Puppet 5.5.0, this function has been replaced with a\nbuilt-in [`flatten`](https://puppet.com/docs/puppet/latest/function.html#flatten) function.", "tags": [{"tag_name": "example", "text": "\nflatten(['a', ['b', ['c']]])` returns: `['a','b','c']", "name": "Example usage"}, {"tag_name": "return", "text": "convert nested arrays into a single flat array", "types": ["Any"]}, {"tag_name": "summary", "text": "This function flattens any deeply nested arrays and returns a single flat array\nas a result."}]}, "source": "newfunction(:flatten, type: :rvalue, doc: <<-DOC\n @summary\n This function flattens any deeply nested arrays and returns a single flat array\n as a result.\n\n @return\n convert nested arrays into a single flat array\n\n @example Example usage\n\n flatten(['a', ['b', ['c']]])` returns: `['a','b','c']\n\n > **Note:** **Deprecated** from Puppet 5.5.0, this function has been replaced with a\n built-in [`flatten`](https://puppet.com/docs/puppet/latest/function.html#flatten) function.\nDOC\n) do |arguments|\n raise(Puppet::ParseError, \"flatten(): Wrong number of arguments given (#{arguments.size} for 1)\") if arguments.size != 1\n\n array = arguments[0]\n\n unless array.is_a?(Array)\n raise(Puppet::ParseError, 'flatten(): Requires array to work with')\n end\n\n result = array.flatten\n\n return result\nend"}, {"name": "floor", "file": "lib/puppet/parser/functions/floor.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "floor()", "docstring": {"text": "Takes a single numeric value as an argument.\n\n> **Note:** **Deprecated** from Puppet 6.0.0, this function has been replaced with\na built-in [`floor`](https://puppet.com/docs/puppet/latest/function.html#floor) function.", "tags": [{"tag_name": "return", "text": "the largest integer less or equal to the argument.", "types": ["Any"]}]}}], "docstring": {"text": "Takes a single numeric value as an argument.\n\n> **Note:** **Deprecated** from Puppet 6.0.0, this function has been replaced with\na built-in [`floor`](https://puppet.com/docs/puppet/latest/function.html#floor) function.", "tags": [{"tag_name": "return", "text": "the largest integer less or equal to the argument.", "types": ["Any"]}, {"tag_name": "summary", "text": "Returns the largest integer less or equal to the argument."}]}, "source": "newfunction(:floor, type: :rvalue, doc: <<-DOC\n @summary\n Returns the largest integer less or equal to the argument.\n\n @return\n the largest integer less or equal to the argument.\n Takes a single numeric value as an argument.\n\n > **Note:** **Deprecated** from Puppet 6.0.0, this function has been replaced with\n a built-in [`floor`](https://puppet.com/docs/puppet/latest/function.html#floor) function.\n DOC\n) do |arguments|\n raise(Puppet::ParseError, \"floor(): Wrong number of arguments given (#{arguments.size} for 1)\") if arguments.size != 1\n\n begin\n arg = Float(arguments[0])\n rescue TypeError, ArgumentError => _e\n raise(Puppet::ParseError, \"floor(): Wrong argument type given (#{arguments[0]} for Numeric)\")\n end\n\n raise(Puppet::ParseError, \"floor(): Wrong argument type given (#{arg.class} for Numeric)\") if arg.is_a?(Numeric) == false\n\n arg.floor\nend"}, {"name": "fqdn_rand_string", "file": "lib/puppet/parser/functions/fqdn_rand_string.rb", "line": 3, "type": "ruby3x", "signatures": [{"signature": "fqdn_rand_string()", "docstring": {"text": "", "tags": [{"tag_name": "return", "text": "", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "return", "text": "", "types": ["Any"]}]}, "source": "Puppet::Parser::Functions.newfunction(\n :fqdn_rand_string,\n arity: -2,\n type: :rvalue,\n doc: <<-DOC,\n @summary\n Generates a random alphanumeric string. Combining the `$fqdn` fact and an\n optional seed for repeatable randomness.\n\n Optionally, you can specify a character set for the function (defaults to alphanumeric).\n\n Arguments\n * An integer, specifying the length of the resulting string.\n * Optionally, a string specifying the character set.\n * Optionally, a string specifying the seed for repeatable randomness.\n\n @return [String]\n\n @example Example Usage:\n fqdn_rand_string(10)\n fqdn_rand_string(10, 'ABCDEF!@$%^')\n fqdn_rand_string(10, '', 'custom seed')\n DOC\n) do |args|\n raise(ArgumentError, 'fqdn_rand_string(): wrong number of arguments (0 for 1)') if args.empty?\n Puppet::Parser::Functions.function('is_integer')\n raise(ArgumentError, 'fqdn_rand_string(): first argument must be a positive integer') unless function_is_integer([args[0]]) && args[0].to_i > 0\n raise(ArgumentError, 'fqdn_rand_string(): second argument must be undef or a string') unless args[1].nil? || args[1].is_a?(String)\n\n Puppet::Parser::Functions.function('fqdn_rand')\n\n length = args.shift.to_i\n charset = args.shift.to_s.chars.to_a\n\n charset = (0..9).map { |i| i.to_s } + ('A'..'Z').to_a + ('a'..'z').to_a if charset.empty?\n\n rand_string = ''\n for current in 1..length # rubocop:disable Style/For : An each loop would not work correctly in this circumstance\n rand_string += charset[function_fqdn_rand([charset.size, (args + [current.to_s]).join(':')]).to_i]\n end\n\n rand_string\nend"}, {"name": "fqdn_rotate", "file": "lib/puppet/parser/functions/fqdn_rotate.rb", "line": 6, "type": "ruby3x", "signatures": [{"signature": "fqdn_rotate()", "docstring": {"text": "fqdn_rotate.rb", "tags": [{"tag_name": "return", "text": "", "types": ["Any"]}]}}], "docstring": {"text": "fqdn_rotate.rb", "tags": [{"tag_name": "return", "text": "", "types": ["Any"]}]}, "source": "Puppet::Parser::Functions.newfunction(\n :fqdn_rotate,\n type: :rvalue,\n doc: <<-DOC,\n @summary\n Rotates an array or string a random number of times, combining the `$fqdn` fact\n and an optional seed for repeatable randomness.\n\n @return\n rotated array or string\n\n @example Example Usage:\n fqdn_rotate(['a', 'b', 'c', 'd'])\n fqdn_rotate('abcd')\n fqdn_rotate([1, 2, 3], 'custom seed')\n DOC\n) do |args|\n raise(Puppet::ParseError, \"fqdn_rotate(): Wrong number of arguments given (#{args.size} for 1)\") if args.empty?\n\n value = args.shift\n require 'digest/md5'\n\n unless value.is_a?(Array) || value.is_a?(String)\n raise(Puppet::ParseError, 'fqdn_rotate(): Requires either array or string to work with')\n end\n\n result = value.clone\n\n string = value.is_a?(String) ? true : false\n\n # Check whether it makes sense to rotate ...\n return result if result.size <= 1\n\n # We turn any string value into an array to be able to rotate ...\n result = string ? result.split('') : result\n\n elements = result.size\n\n seed = Digest::MD5.hexdigest([lookupvar('::fqdn'), args].join(':')).hex\n # deterministic_rand() was added in Puppet 3.2.0; reimplement if necessary\n if Puppet::Util.respond_to?(:deterministic_rand)\n offset = Puppet::Util.deterministic_rand(seed, elements).to_i\n else\n return offset = Random.new(seed).rand(elements) if defined?(Random) == 'constant' && Random.class == Class\n\n old_seed = srand(seed)\n offset = rand(elements)\n srand(old_seed)\n end\n offset.times do\n result.push result.shift\n end\n\n result = string ? result.join : result\n\n return result\nend"}, {"name": "fqdn_uuid", "file": "lib/puppet/parser/functions/fqdn_uuid.rb", "line": 8, "type": "ruby3x", "signatures": [{"signature": "fqdn_uuid()", "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "fqdn_uuid('puppetlabs.com') # Returns '9c70320f-6815-5fc5-ab0f-debe68bf764c'\nfqdn_uuid('google.com') # Returns '64ee70a4-8cc1-5d25-abf2-dea6c79a09", "name": "Example Usage:"}, {"tag_name": "return", "text": "Returns a [RFC 4122](https://tools.ietf.org/html/rfc4122) valid version 5 UUID", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "fqdn_uuid('puppetlabs.com') # Returns '9c70320f-6815-5fc5-ab0f-debe68bf764c'\nfqdn_uuid('google.com') # Returns '64ee70a4-8cc1-5d25-abf2-dea6c79a09", "name": "Example Usage:"}, {"tag_name": "return", "text": "Returns a [RFC 4122](https://tools.ietf.org/html/rfc4122) valid version 5 UUID", "types": ["Any"]}, {"tag_name": "summary", "text": "Returns a [RFC 4122](https://tools.ietf.org/html/rfc4122) valid version 5 UUID based\non an FQDN string under the DNS namespace"}]}, "source": "newfunction(:fqdn_uuid, type: :rvalue, doc: <<-DOC) do |args|\n @summary\n Returns a [RFC 4122](https://tools.ietf.org/html/rfc4122) valid version 5 UUID based\n on an FQDN string under the DNS namespace\n\n @return\n Returns a [RFC 4122](https://tools.ietf.org/html/rfc4122) valid version 5 UUID\n\n @example Example Usage:\n fqdn_uuid('puppetlabs.com') # Returns '9c70320f-6815-5fc5-ab0f-debe68bf764c'\n fqdn_uuid('google.com') # Returns '64ee70a4-8cc1-5d25-abf2-dea6c79a09c8'\n DOC\n\n raise(ArgumentError, 'fqdn_uuid: No arguments given') if args.empty?\n raise(ArgumentError, \"fqdn_uuid: Too many arguments given (#{args.length})\") unless args.length == 1\n fqdn = args[0]\n\n # Code lovingly taken from\n # https://github.com/puppetlabs/marionette-collective/blob/master/lib/mcollective/ssl.rb\n\n # This is the UUID version 5 type DNS name space which is as follows:\n #\n # 6ba7b810-9dad-11d1-80b4-00c04fd430c8\n #\n uuid_name_space_dns = [0x6b,\n 0xa7,\n 0xb8,\n 0x10,\n 0x9d,\n 0xad,\n 0x11,\n 0xd1,\n 0x80,\n 0xb4,\n 0x00,\n 0xc0,\n 0x4f,\n 0xd4,\n 0x30,\n 0xc8].map { |b| b.chr }.join\n\n sha1 = Digest::SHA1.new\n sha1.update(uuid_name_space_dns)\n sha1.update(fqdn)\n\n # first 16 bytes..\n bytes = sha1.digest[0, 16].bytes.to_a\n\n # version 5 adjustments\n bytes[6] &= 0x0f\n bytes[6] |= 0x50\n\n # variant is DCE 1.1\n bytes[8] &= 0x3f\n bytes[8] |= 0x80\n\n bytes = [4, 2, 2, 2, 6].map do |i|\n bytes.slice!(0, i).pack('C*').unpack('H*')\n end\n\n bytes.join('-')\nend"}, {"name": "get_module_path", "file": "lib/puppet/parser/functions/get_module_path.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "get_module_path()", "docstring": {"text": "> *Note:*\n that since Puppet 5.4.0 the built-in\n [`module_directory`](https://puppet.com/docs/puppet/latest/function.html#module_directory)\n function in Puppet does the same thing and will return the path to the first found module\n if given multiple values or an array.", "tags": [{"tag_name": "example", "text": "$module_path = get_module_path('stdlib')", "name": "Example Usage:"}, {"tag_name": "return", "text": "Returns the absolute path of the specified module for the current\nenvironment.", "types": ["Any"]}]}}], "docstring": {"text": "> *Note:*\n that since Puppet 5.4.0 the built-in\n [`module_directory`](https://puppet.com/docs/puppet/latest/function.html#module_directory)\n function in Puppet does the same thing and will return the path to the first found module\n if given multiple values or an array.", "tags": [{"tag_name": "example", "text": "$module_path = get_module_path('stdlib')", "name": "Example Usage:"}, {"tag_name": "return", "text": "Returns the absolute path of the specified module for the current\nenvironment.", "types": ["Any"]}, {"tag_name": "summary", "text": "Returns the absolute path of the specified module for the current\nenvironment."}]}, "source": "newfunction(:get_module_path, type: :rvalue, doc: <<-DOC\n @summary\n Returns the absolute path of the specified module for the current\n environment.\n\n @return\n Returns the absolute path of the specified module for the current\n environment.\n\n @example Example Usage:\n $module_path = get_module_path('stdlib')\n\n > *Note:*\n that since Puppet 5.4.0 the built-in\n [`module_directory`](https://puppet.com/docs/puppet/latest/function.html#module_directory)\n function in Puppet does the same thing and will return the path to the first found module\n if given multiple values or an array.\nDOC\n) do |args|\n raise(Puppet::ParseError, 'get_module_path(): Wrong number of arguments, expects one') unless args.size == 1\n module_path = Puppet::Module.find(args[0], compiler.environment.to_s)\n raise(Puppet::ParseError, \"Could not find module #{args[0]} in environment #{compiler.environment}\") unless module_path\n module_path.path\nend"}, {"name": "getparam", "file": "lib/puppet/parser/functions/getparam.rb", "line": 6, "type": "ruby3x", "signatures": [{"signature": "getparam()", "docstring": {"text": "", "tags": [{"tag_name": "return", "text": "", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "return", "text": "", "types": ["Any"]}]}, "source": "Puppet::Parser::Functions.newfunction(:getparam,\n type: :rvalue,\n doc: <<-'DOC',\n @summary\n Returns the value of a resource's parameter.\n\n @return\n value of a resource's parameter.\n\n Takes a resource reference and name of the parameter and\n returns value of resource's parameter. Note that user defined\n resource types are evaluated lazily.\n\n @example Example Usage:\n\n # define a resource type with a parameter\n define example_resource($param) {\n }\n\n # declare an instance of that type\n example_resource { \"example_resource_instance\":\n param => \"'the value we are getting in this example''\"\n }\n\n # Because of order of evaluation, a second definition is needed\n # that will be evaluated after the first resource has been declared\n #\n define example_get_param {\n # This will notice the value of the parameter\n notice(getparam(Example_resource[\"example_resource_instance\"], \"param\"))\n }\n\n # Declare an instance of the second resource type - this will call notice\n example_get_param { 'show_notify': }\n\n Would notice: 'the value we are getting in this example'\n\n > **Note** that since Puppet 4.0.0 it is possible to get a parameter value by using its data type\n and the [ ] operator. The example below is equivalent to a call to getparam():\n ```Example_resource['example_resource_instance']['param']``\n\n DOC\n ) do |vals|\n reference, param = vals\n raise(ArgumentError, 'Must specify a reference') unless reference\n raise(ArgumentError, 'Must specify name of a parameter') unless param&.instance_of?(String)\n\n return '' if param.empty?\n\n resource = findresource(reference.to_s)\n if resource\n return resource[param] unless resource[param].nil?\n end\n\n return ''\nend"}, {"name": "getvar", "file": "lib/puppet/parser/functions/getvar.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "getvar()", "docstring": {"text": "> **Note:** from Puppet 6.0.0, the compatible function with the same name in Puppet core\nwill be used instead of this function. The new function also has support for\ndigging into a structured value. See the built-in\n[`getvar`](https://puppet.com/docs/puppet/latest/function.html#getvar) funct", "tags": [{"tag_name": "example", "text": "$foo = getvar('site::data::foo') # Equivalent to $foo = $site::data::foo", "name": "Example usage"}, {"tag_name": "example", "text": "$datalocation = 'site::data'\n$bar = getvar(\"${datalocation}::bar\") # Equivalent to $bar = $site::data::bar", "name": "Where namespace is stored in a string"}, {"tag_name": "return", "text": "undef - if variable does not exist", "types": ["Any"]}]}}], "docstring": {"text": "> **Note:** from Puppet 6.0.0, the compatible function with the same name in Puppet core\nwill be used instead of this function. The new function also has support for\ndigging into a structured value. See the built-in\n[`getvar`](https://puppet.com/docs/puppet/latest/function.html#getvar) funct", "tags": [{"tag_name": "example", "text": "$foo = getvar('site::data::foo') # Equivalent to $foo = $site::data::foo", "name": "Example usage"}, {"tag_name": "example", "text": "$datalocation = 'site::data'\n$bar = getvar(\"${datalocation}::bar\") # Equivalent to $bar = $site::data::bar", "name": "Where namespace is stored in a string"}, {"tag_name": "return", "text": "undef - if variable does not exist", "types": ["Any"]}, {"tag_name": "summary", "text": "Lookup a variable in a given namespace."}]}, "source": "newfunction(:getvar, type: :rvalue, doc: <<-'DOC') do |args|\n @summary\n Lookup a variable in a given namespace.\n\n @return\n undef - if variable does not exist\n\n @example Example usage\n $foo = getvar('site::data::foo') # Equivalent to $foo = $site::data::foo\n\n @example Where namespace is stored in a string\n $datalocation = 'site::data'\n $bar = getvar(\"${datalocation}::bar\") # Equivalent to $bar = $site::data::bar\n\n > **Note:** from Puppet 6.0.0, the compatible function with the same name in Puppet core\n will be used instead of this function. The new function also has support for\n digging into a structured value. See the built-in\n [`getvar`](https://puppet.com/docs/puppet/latest/function.html#getvar) function\n DOC\n\n unless args.length == 1\n raise Puppet::ParseError, \"getvar(): wrong number of arguments (#{args.length}; must be 1)\"\n end\n\n begin\n result = nil\n catch(:undefined_variable) do\n result = lookupvar((args[0]).to_s)\n end\n\n # avoid relying on inconsistent behaviour around ruby return values from catch\n result\n rescue Puppet::ParseError\n end\nend"}, {"name": "glob", "file": "lib/puppet/parser/functions/glob.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "glob()", "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "$confs = glob(['/etc/**/*.conf', '/opt/**/*.conf'])", "name": "Example Usage:"}, {"tag_name": "return", "text": "Returns an Array of file entries of a directory or an Array of directories.", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "$confs = glob(['/etc/**/*.conf', '/opt/**/*.conf'])", "name": "Example Usage:"}, {"tag_name": "return", "text": "Returns an Array of file entries of a directory or an Array of directories.", "types": ["Any"]}, {"tag_name": "summary", "text": "Uses same patterns as Dir#glob."}]}, "source": "newfunction(:glob, type: :rvalue, doc: <<-DOC\n @summary\n Uses same patterns as Dir#glob.\n\n @return\n Returns an Array of file entries of a directory or an Array of directories.\n\n @example Example Usage:\n $confs = glob(['/etc/**/*.conf', '/opt/**/*.conf'])\n DOC\n) do |arguments|\n unless arguments.size == 1\n raise(Puppet::ParseError, 'glob(): Wrong number of arguments given ' \\\n \"(#{arguments.size} for 1)\")\n end\n\n pattern = arguments[0]\n\n unless pattern.is_a?(String) || pattern.is_a?(Array)\n raise(Puppet::ParseError, 'glob(): Requires either array or string ' \\\n 'to work')\n end\n\n Dir.glob(pattern)\nend"}, {"name": "grep", "file": "lib/puppet/parser/functions/grep.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "grep()", "docstring": {"text": "> **Note:** that since Puppet 4.0.0, the built-in\n[`filter`](https://puppet.com/docs/puppet/latest/function.html#filter) function does\nthe \"same\" - as any logic can be used to filter, as opposed to just regular expressions:\n```['aaa', 'bbb', 'ccc', 'aaaddd']. filter |$x| { $x =~ 'aaa' }```", "tags": [{"tag_name": "example", "text": "grep(['aaa','bbb','ccc','aaaddd'], 'aaa') # Returns ['aaa','aaaddd']", "name": "Example Usage:"}, {"tag_name": "return", "text": "array of elements that match the provided regular expression.", "types": ["Any"]}]}}], "docstring": {"text": "> **Note:** that since Puppet 4.0.0, the built-in\n[`filter`](https://puppet.com/docs/puppet/latest/function.html#filter) function does\nthe \"same\" - as any logic can be used to filter, as opposed to just regular expressions:\n```['aaa', 'bbb', 'ccc', 'aaaddd']. filter |$x| { $x =~ 'aaa' }```", "tags": [{"tag_name": "example", "text": "grep(['aaa','bbb','ccc','aaaddd'], 'aaa') # Returns ['aaa','aaaddd']", "name": "Example Usage:"}, {"tag_name": "return", "text": "array of elements that match the provided regular expression.", "types": ["Any"]}, {"tag_name": "summary", "text": "This function searches through an array and returns any elements that match\nthe provided regular expression."}]}, "source": "newfunction(:grep, type: :rvalue, doc: <<-DOC\n @summary\n This function searches through an array and returns any elements that match\n the provided regular expression.\n\n @return\n array of elements that match the provided regular expression.\n @example Example Usage:\n grep(['aaa','bbb','ccc','aaaddd'], 'aaa') # Returns ['aaa','aaaddd']\n\n > **Note:** that since Puppet 4.0.0, the built-in\n [`filter`](https://puppet.com/docs/puppet/latest/function.html#filter) function does\n the \"same\" - as any logic can be used to filter, as opposed to just regular expressions:\n ```['aaa', 'bbb', 'ccc', 'aaaddd']. filter |$x| { $x =~ 'aaa' }```\n DOC\n) do |arguments|\n if arguments.size != 2\n raise(Puppet::ParseError, \"grep(): Wrong number of arguments given #{arguments.size} for 2\")\n end\n\n a = arguments[0]\n pattern = Regexp.new(arguments[1])\n\n a.grep(pattern)\nend"}, {"name": "has_interface_with", "file": "lib/puppet/parser/functions/has_interface_with.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "has_interface_with()", "docstring": {"text": "Valid kinds are `macaddress`, `netmask`, `ipaddress` and `network`.", "tags": [{"tag_name": "example", "text": "has_interface_with(\"macaddress\", \"x:x:x:x:x:x\") # Returns `false`\nhas_interface_with(\"ipaddress\", \"127.0.0.1\") # Returns `true`", "name": "**Usage**"}, {"tag_name": "example", "text": "has_interface_with(\"lo\") # Returns `true`", "name": "If no \"kind\" is given, then the presence of the interface is checked:"}, {"tag_name": "return", "text": "boolean values `true` or `false`", "types": ["Any"]}]}}], "docstring": {"text": "Valid kinds are `macaddress`, `netmask`, `ipaddress` and `network`.", "tags": [{"tag_name": "example", "text": "has_interface_with(\"macaddress\", \"x:x:x:x:x:x\") # Returns `false`\nhas_interface_with(\"ipaddress\", \"127.0.0.1\") # Returns `true`", "name": "**Usage**"}, {"tag_name": "example", "text": "has_interface_with(\"lo\") # Returns `true`", "name": "If no \"kind\" is given, then the presence of the interface is checked:"}, {"tag_name": "return", "text": "boolean values `true` or `false`", "types": ["Any"]}, {"tag_name": "summary", "text": "Returns boolean based on kind and value."}]}, "source": "newfunction(:has_interface_with, type: :rvalue, doc: <<-DOC\n @summary\n Returns boolean based on kind and value.\n\n @return\n boolean values `true` or `false`\n\n Valid kinds are `macaddress`, `netmask`, `ipaddress` and `network`.\n\n @example **Usage**\n has_interface_with(\"macaddress\", \"x:x:x:x:x:x\") # Returns `false`\n has_interface_with(\"ipaddress\", \"127.0.0.1\") # Returns `true`\n\n @example If no \"kind\" is given, then the presence of the interface is checked:\n has_interface_with(\"lo\") # Returns `true`\n DOC\n) do |args|\n raise(Puppet::ParseError, \"has_interface_with(): Wrong number of arguments given (#{args.size} for 1 or 2)\") if args.empty? || args.size > 2\n\n interfaces = lookupvar('interfaces')\n\n # If we do not have any interfaces, then there are no requested attributes\n return false if interfaces == :undefined || interfaces.nil?\n\n interfaces = interfaces.split(',')\n\n if args.size == 1\n return interfaces.member?(args[0])\n end\n\n kind, value = args\n\n # Bug with 3.7.1 - 3.7.3 when using future parser throws :undefined_variable\n # https://tickets.puppetlabs.com/browse/PUP-3597\n factval = nil\n begin\n catch :undefined_variable do\n factval = lookupvar(kind)\n end\n rescue Puppet::ParseError\n end\n if factval == value\n return true\n end\n\n result = false\n interfaces.each do |iface|\n iface.downcase!\n factval = nil\n begin\n # Bug with 3.7.1 - 3.7.3 when using future parser throws :undefined_variable\n # https://tickets.puppetlabs.com/browse/PUP-3597\n catch :undefined_variable do\n factval = lookupvar(\"#{kind}_#{iface}\")\n end\n rescue Puppet::ParseError\n end\n if value == factval\n result = true\n break\n end\n end\n\n result\nend"}, {"name": "has_ip_address", "file": "lib/puppet/parser/functions/has_ip_address.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "has_ip_address()", "docstring": {"text": "This function iterates through the 'interfaces' fact and checks the\n'ipaddress_IFACE' facts, performing a simple string comparison.", "tags": [{"tag_name": "return", "text": "`true` or `false`", "types": ["Boolean"]}]}}], "docstring": {"text": "This function iterates through the 'interfaces' fact and checks the\n'ipaddress_IFACE' facts, performing a simple string comparison.", "tags": [{"tag_name": "return", "text": "`true` or `false`", "types": ["Boolean"]}, {"tag_name": "summary", "text": "Returns true if the client has the requested IP address on some interface."}]}, "source": "newfunction(:has_ip_address, type: :rvalue, doc: <<-DOC\n @summary\n Returns true if the client has the requested IP address on some interface.\n\n @return [Boolean]\n `true` or `false`\n\n This function iterates through the 'interfaces' fact and checks the\n 'ipaddress_IFACE' facts, performing a simple string comparison.\n DOC\n) do |args|\n raise(Puppet::ParseError, \"has_ip_address(): Wrong number of arguments given (#{args.size} for 1)\") if args.size != 1\n\n Puppet::Parser::Functions.autoloader.load(:has_interface_with) \\\n unless Puppet::Parser::Functions.autoloader.loaded?(:has_interface_with)\n\n function_has_interface_with(['ipaddress', args[0]])\nend"}, {"name": "has_ip_network", "file": "lib/puppet/parser/functions/has_ip_network.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "has_ip_network()", "docstring": {"text": "This function iterates through the 'interfaces' fact and checks the\n'network_IFACE' facts, performing a simple string comparision.", "tags": [{"tag_name": "return", "text": "Boolean value, `true` if the client has an IP address within the requested network.", "types": ["Any"]}]}}], "docstring": {"text": "This function iterates through the 'interfaces' fact and checks the\n'network_IFACE' facts, performing a simple string comparision.", "tags": [{"tag_name": "return", "text": "Boolean value, `true` if the client has an IP address within the requested network.", "types": ["Any"]}, {"tag_name": "summary", "text": "Returns true if the client has an IP address within the requested network."}]}, "source": "newfunction(:has_ip_network, type: :rvalue, doc: <<-DOC\n @summary\n Returns true if the client has an IP address within the requested network.\n\n @return\n Boolean value, `true` if the client has an IP address within the requested network.\n\n This function iterates through the 'interfaces' fact and checks the\n 'network_IFACE' facts, performing a simple string comparision.\n DOC\n) do |args|\n raise(Puppet::ParseError, \"has_ip_network(): Wrong number of arguments given (#{args.size} for 1)\") if args.size != 1\n\n Puppet::Parser::Functions.autoloader.load(:has_interface_with) \\\n unless Puppet::Parser::Functions.autoloader.loaded?(:has_interface_with)\n\n function_has_interface_with(['network', args[0]])\nend"}, {"name": "has_key", "file": "lib/puppet/parser/functions/has_key.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "has_key()", "docstring": {"text": "> **Note:** **Deprecated** since Puppet 4.0.0, this can now be achieved in the Puppet\nlanguage with the following equivalent expression:\n$my_hash = {'key_one' => 'value_one'}\nif 'key_one' in $my_hash {\n notice('this will be printed')", "tags": [{"tag_name": "example", "text": "\n$my_hash = {'key_one' => 'value_one'}\nif has_key($my_hash, 'key_two') {\n notice('we will not reach here')\n}\nif has_key($my_hash, 'key_one') {\n notice('this will be printed')\n}", "name": "Example Usage:"}, {"tag_name": "return", "text": "Boolean value", "types": ["Any"]}]}}], "docstring": {"text": "> **Note:** **Deprecated** since Puppet 4.0.0, this can now be achieved in the Puppet\nlanguage with the following equivalent expression:\n$my_hash = {'key_one' => 'value_one'}\nif 'key_one' in $my_hash {\n notice('this will be printed')", "tags": [{"tag_name": "example", "text": "\n$my_hash = {'key_one' => 'value_one'}\nif has_key($my_hash, 'key_two') {\n notice('we will not reach here')\n}\nif has_key($my_hash, 'key_one') {\n notice('this will be printed')\n}", "name": "Example Usage:"}, {"tag_name": "return", "text": "Boolean value", "types": ["Any"]}, {"tag_name": "summary", "text": "**Deprecated:** Determine if a hash has a certain key value."}]}, "source": "newfunction(:has_key, type: :rvalue, doc: <<-'DOC') do |args|\n @summary\n **Deprecated:** Determine if a hash has a certain key value.\n\n @return\n Boolean value\n\n @example Example Usage:\n\n $my_hash = {'key_one' => 'value_one'}\n if has_key($my_hash, 'key_two') {\n notice('we will not reach here')\n }\n if has_key($my_hash, 'key_one') {\n notice('this will be printed')\n }\n\n > **Note:** **Deprecated** since Puppet 4.0.0, this can now be achieved in the Puppet\n language with the following equivalent expression:\n $my_hash = {'key_one' => 'value_one'}\n if 'key_one' in $my_hash {\n notice('this will be printed')\n }\n\n DOC\n\n unless args.length == 2\n raise Puppet::ParseError, \"has_key(): wrong number of arguments (#{args.length}; must be 2)\"\n end\n unless args[0].is_a?(Hash)\n raise Puppet::ParseError, \"has_key(): expects the first argument to be a hash, got #{args[0].inspect} which is of type #{args[0].class}\"\n end\n args[0].key?(args[1])\nend"}, {"name": "hash", "file": "lib/puppet/parser/functions/hash.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "hash()", "docstring": {"text": "> **Note:** This function has been replaced with the built-in ability to create a new value of almost any\ndata type - see the built-in [`Hash.new`](https://puppet.com/docs/puppet/latest/function.html#conversion-to-hash-and-struct) function\nin Puppet.\nThis example shows the equivalent expression in the Puppet language:\n ```\n Hash(['a',1,'b',2,'c',3])\n Hash([['a',1],['b',2],['c',3]])\n ```", "tags": [{"tag_name": "example", "text": "hash(['a',1,'b',2,'c',3]) # Returns: {'a'=>1,'b'=>2,'c'=>3}", "name": "Example Usage:"}, {"tag_name": "return", "text": "the converted array as a hash", "types": ["Any"]}]}}], "docstring": {"text": "> **Note:** This function has been replaced with the built-in ability to create a new value of almost any\ndata type - see the built-in [`Hash.new`](https://puppet.com/docs/puppet/latest/function.html#conversion-to-hash-and-struct) function\nin Puppet.\nThis example shows the equivalent expression in the Puppet language:\n ```\n Hash(['a',1,'b',2,'c',3])\n Hash([['a',1],['b',2],['c',3]])\n ```", "tags": [{"tag_name": "example", "text": "hash(['a',1,'b',2,'c',3]) # Returns: {'a'=>1,'b'=>2,'c'=>3}", "name": "Example Usage:"}, {"tag_name": "return", "text": "the converted array as a hash", "types": ["Any"]}, {"tag_name": "summary", "text": "**Deprecated:** This function converts an array into a hash."}]}, "source": "newfunction(:hash, type: :rvalue, doc: <<-DOC\n @summary\n **Deprecated:** This function converts an array into a hash.\n\n @return\n the converted array as a hash\n @example Example Usage:\n hash(['a',1,'b',2,'c',3]) # Returns: {'a'=>1,'b'=>2,'c'=>3}\n\n > **Note:** This function has been replaced with the built-in ability to create a new value of almost any\n data type - see the built-in [`Hash.new`](https://puppet.com/docs/puppet/latest/function.html#conversion-to-hash-and-struct) function\n in Puppet.\n This example shows the equivalent expression in the Puppet language:\n ```\n Hash(['a',1,'b',2,'c',3])\n Hash([['a',1],['b',2],['c',3]])\n ```\n DOC\n) do |arguments|\n raise(Puppet::ParseError, \"hash(): Wrong number of arguments given (#{arguments.size} for 1)\") if arguments.empty?\n\n array = arguments[0]\n\n unless array.is_a?(Array)\n raise(Puppet::ParseError, 'hash(): Requires array to work with')\n end\n\n result = {}\n\n begin\n # This is to make it compatible with older version of Ruby ...\n array = array.flatten\n result = Hash[*array]\n rescue StandardError\n raise(Puppet::ParseError, 'hash(): Unable to compute hash from array given')\n end\n\n return result\nend"}, {"name": "intersection", "file": "lib/puppet/parser/functions/intersection.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "intersection()", "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "intersection([\"a\",\"b\",\"c\"],[\"b\",\"c\",\"d\"]) # returns [\"b\",\"c\"]\nintersection([\"a\",\"b\",\"c\"],[1,2,3,4]) # returns [] (true, when evaluated as a Boolean)", "name": "Example Usage:"}, {"tag_name": "return", "text": "an array of the intersection of two.", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "intersection([\"a\",\"b\",\"c\"],[\"b\",\"c\",\"d\"]) # returns [\"b\",\"c\"]\nintersection([\"a\",\"b\",\"c\"],[1,2,3,4]) # returns [] (true, when evaluated as a Boolean)", "name": "Example Usage:"}, {"tag_name": "return", "text": "an array of the intersection of two.", "types": ["Any"]}, {"tag_name": "summary", "text": "This function returns an array of the intersection of two."}]}, "source": "newfunction(:intersection, type: :rvalue, doc: <<-DOC\n @summary\n This function returns an array of the intersection of two.\n\n @return\n an array of the intersection of two.\n\n @example Example Usage:\n intersection([\"a\",\"b\",\"c\"],[\"b\",\"c\",\"d\"]) # returns [\"b\",\"c\"]\n intersection([\"a\",\"b\",\"c\"],[1,2,3,4]) # returns [] (true, when evaluated as a Boolean)\n DOC\n) do |arguments|\n # Two arguments are required\n raise(Puppet::ParseError, \"intersection(): Wrong number of arguments given (#{arguments.size} for 2)\") if arguments.size != 2\n\n first = arguments[0]\n second = arguments[1]\n\n unless first.is_a?(Array) && second.is_a?(Array)\n raise(Puppet::ParseError, \"intersection(): Requires 2 arrays, got #{first.class} and #{second.class}\")\n end\n\n result = first & second\n\n return result\nend"}, {"name": "is_a", "file": "lib/puppet/functions/is_a.rb", "line": 26, "type": "ruby4x", "signatures": [{"signature": "is_a(Any $value, Type $type)", "docstring": {"text": "See the documentation for \"The Puppet Type System\" for more information about types.\nSee the `assert_type()` function for flexible ways to assert the type of a value.", "tags": [{"tag_name": "example", "text": "# check a data type\n foo = 3\n $bar = [1,2,3]\n $baz = 'A string!'\n\n if $foo.is_a(Integer) {\n notify { 'foo!': }\n }\n if $bar.is_a(Array) {\n notify { 'bar!': }\n }\n if $baz.is_a(String) {\n notify { 'baz!': }\n }", "name": "Example Usage:"}, {"tag_name": "param", "text": "The value to be checked", "types": ["Any"], "name": "value"}, {"tag_name": "param", "text": "The expected type", "types": ["Type"], "name": "type"}, {"tag_name": "return", "text": "Return's `true` or `false`.", "types": ["Boolean"]}]}}], "docstring": {"text": "See the documentation for \"The Puppet Type System\" for more information about types.\nSee the `assert_type()` function for flexible ways to assert the type of a value.", "tags": [{"tag_name": "example", "text": "# check a data type\n foo = 3\n $bar = [1,2,3]\n $baz = 'A string!'\n\n if $foo.is_a(Integer) {\n notify { 'foo!': }\n }\n if $bar.is_a(Array) {\n notify { 'bar!': }\n }\n if $baz.is_a(String) {\n notify { 'baz!': }\n }", "name": "Example Usage:"}, {"tag_name": "param", "text": "The value to be checked", "types": ["Any"], "name": "value"}, {"tag_name": "param", "text": "The expected type", "types": ["Type"], "name": "type"}, {"tag_name": "return", "text": "Return's `true` or `false`.", "types": ["Boolean"]}, {"tag_name": "summary", "text": "Boolean check to determine whether a variable is of a given data type.\nThis is equivalent to the `=~` type checks."}]}, "source": "Puppet::Functions.create_function(:is_a) do\n # @param value\n # The value to be checked\n #\n # @param type\n # The expected type\n #\n # @return [Boolean]\n # Return's `true` or `false`.\n dispatch :is_a do\n param 'Any', :value\n param 'Type', :type\n end\n\n def is_a(value, type) # rubocop:disable Naming/PredicateName : Used in to many other places to rename at this time, attempting to refactor caused Rubocop to crash.\n # See puppet's lib/puppet/pops/evaluator/evaluator_impl.rb eval_MatchExpression\n Puppet::Pops::Types::TypeCalculator.instance?(type, value)\n end\nend"}, {"name": "is_absolute_path", "file": "lib/puppet/functions/is_absolute_path.rb", "line": 5, "type": "ruby4x", "signatures": [{"signature": "is_absolute_path(Any $scope, Any *$args)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the wrapped method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the wrapped method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "A boolean value returned from the called 3.x function.", "types": ["Boolea"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the wrapped method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the wrapped method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "A boolean value returned from the called 3.x function.", "types": ["Boolea"]}, {"tag_name": "summary", "text": "Wrapper that calls the Puppet 3.x function of the same name."}]}, "source": "Puppet::Functions.create_function(:is_absolute_path) do\n # @param scope\n # The main value that will be passed to the wrapped method\n #\n # @param args\n # Any additional values that are to be passed to the wrapped method\n #\n # @return [Boolea]\n # A boolean value returned from the called 3.x function.\n dispatch :deprecation_gen do\n param 'Any', :scope\n repeated_param 'Any', :args\n end\n # Workaround PUP-4438 (fixed: https://github.com/puppetlabs/puppet/commit/e01c4dc924cd963ff6630008a5200fc6a2023b08#diff\n # -c937cc584953271bb3d3b3c2cb141790R221) to support puppet < 4.1.0 and puppet < 3.8.1.\n def call(scope, *args)\n manipulated_args = [scope] + args\n self.class.dispatcher.dispatch(self, scope, manipulated_args)\n end\n\n def deprecation_gen(scope, *args)\n call_function('deprecation', 'is_absolute_path', 'This method is deprecated, please use match expressions with Stdlib::Compat::Absolute_Path instead. They are described at https://docs.puppet.com/puppet/latest/reference/lang_data_type.html#match-expressions.')\n scope.send('function_is_absolute_path', args)\n end\nend"}, {"name": "is_absolute_path", "file": "lib/puppet/parser/functions/is_absolute_path.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "is_absolute_path()", "docstring": {"text": "This function works for windows and unix style paths.\n\n> **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n[`validate_legacy`](#validate_leg", "tags": [{"tag_name": "example", "text": "$my_path = 'C:/Program Files (x86)/Puppet Labs/Puppet'\nis_absolute_path($my_path)\n$my_path2 = '/var/lib/puppet'\nis_absolute_path($my_path2)\n$my_path3 = ['C:/Program Files (x86)/Puppet Labs/Puppet']\nis_absolute_path($my_path3)\n$my_path4 = ['/var/lib/puppet']\nis_absolute_path($my_path4)", "name": "The following values will return true:"}, {"tag_name": "example", "text": "is_absolute_path(true)\nis_absolute_path('../var/lib/puppet')\nis_absolute_path('var/lib/puppet')\n$undefined = undef\nis_absolute_path($undefined)", "name": "The following values will return false:"}, {"tag_name": "return", "text": "Returns `true` or `false`", "types": ["Boolean"]}]}}], "docstring": {"text": "This function works for windows and unix style paths.\n\n> **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n[`validate_legacy`](#validate_leg", "tags": [{"tag_name": "example", "text": "$my_path = 'C:/Program Files (x86)/Puppet Labs/Puppet'\nis_absolute_path($my_path)\n$my_path2 = '/var/lib/puppet'\nis_absolute_path($my_path2)\n$my_path3 = ['C:/Program Files (x86)/Puppet Labs/Puppet']\nis_absolute_path($my_path3)\n$my_path4 = ['/var/lib/puppet']\nis_absolute_path($my_path4)", "name": "The following values will return true:"}, {"tag_name": "example", "text": "is_absolute_path(true)\nis_absolute_path('../var/lib/puppet')\nis_absolute_path('var/lib/puppet')\n$undefined = undef\nis_absolute_path($undefined)", "name": "The following values will return false:"}, {"tag_name": "return", "text": "Returns `true` or `false`", "types": ["Boolean"]}, {"tag_name": "summary", "text": "**Deprecated:** Returns boolean true if the string represents an absolute path in the filesystem."}]}, "source": "newfunction(:is_absolute_path, type: :rvalue, arity: 1, doc: <<-'DOC') do |args|\n @summary\n **Deprecated:** Returns boolean true if the string represents an absolute path in the filesystem.\n\n This function works for windows and unix style paths.\n\n @example The following values will return true:\n $my_path = 'C:/Program Files (x86)/Puppet Labs/Puppet'\n is_absolute_path($my_path)\n $my_path2 = '/var/lib/puppet'\n is_absolute_path($my_path2)\n $my_path3 = ['C:/Program Files (x86)/Puppet Labs/Puppet']\n is_absolute_path($my_path3)\n $my_path4 = ['/var/lib/puppet']\n is_absolute_path($my_path4)\n\n @example The following values will return false:\n is_absolute_path(true)\n is_absolute_path('../var/lib/puppet')\n is_absolute_path('var/lib/puppet')\n $undefined = undef\n is_absolute_path($undefined)\n\n @return [Boolean]\n Returns `true` or `false`\n\n > **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n [`validate_legacy`](#validate_legacy).\nDOC\n function_deprecation([:is_absolute_path, 'This method is deprecated, please use the stdlib validate_legacy function,\n with Stdlib::Compat::Absolute_path. There is further documentation for validate_legacy function in the README.'])\n require 'puppet/util'\n\n path = args[0]\n # This logic was borrowed from\n # [lib/puppet/file_serving/base.rb](https://github.com/puppetlabs/puppet/blob/main/lib/puppet/file_serving/base.rb)\n # Puppet 2.7 and beyond will have Puppet::Util.absolute_path? Fall back to a back-ported implementation otherwise.\n if Puppet::Util.respond_to?(:absolute_path?)\n value = (Puppet::Util.absolute_path?(path, :posix) || Puppet::Util.absolute_path?(path, :windows))\n else\n # This code back-ported from 2.7.x's lib/puppet/util.rb Puppet::Util.absolute_path?\n # Determine in a platform-specific way whether a path is absolute. This\n # defaults to the local platform if none is specified.\n # Escape once for the string literal, and once for the regex.\n slash = '[\\\\\\\\/]'\n name = '[^\\\\\\\\/]+'\n regexes = {\n windows: %r{^(([A-Z]:#{slash})|(#{slash}#{slash}#{name}#{slash}#{name})|(#{slash}#{slash}\\?#{slash}#{name}))}i,\n posix: %r{^/},\n }\n value = !!(path =~ regexes[:posix]) || !!(path =~ regexes[:windows]) # rubocop:disable Style/DoubleNegation : No alternative known\n end\n value\nend"}, {"name": "is_array", "file": "lib/puppet/functions/is_array.rb", "line": 5, "type": "ruby4x", "signatures": [{"signature": "is_array(Any $scope, Any *$args)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the wrapped method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the wrapped method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "A boolean value returned from the called 3.x function.", "types": ["Boolea"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the wrapped method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the wrapped method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "A boolean value returned from the called 3.x function.", "types": ["Boolea"]}, {"tag_name": "summary", "text": "Wrapper that calls the Puppet 3.x function of the same name."}]}, "source": "Puppet::Functions.create_function(:is_array) do\n # @param scope\n # The main value that will be passed to the wrapped method\n #\n # @param args\n # Any additional values that are to be passed to the wrapped method\n #\n # @return [Boolea]\n # A boolean value returned from the called 3.x function.\n dispatch :deprecation_gen do\n param 'Any', :scope\n repeated_param 'Any', :args\n end\n # Workaround PUP-4438 (fixed: https://github.com/puppetlabs/puppet/commit/e01c4dc924cd963ff6630008a5200fc6a2023b08#diff\n # -c937cc584953271bb3d3b3c2cb141790R221) to support puppet < 4.1.0 and puppet < 3.8.1.\n def call(scope, *args)\n manipulated_args = [scope] + args\n self.class.dispatcher.dispatch(self, scope, manipulated_args)\n end\n\n def deprecation_gen(scope, *args)\n call_function('deprecation', 'is_array', 'This method is deprecated, please use match expressions with Stdlib::Compat::Array instead. They are described at https://docs.puppet.com/puppet/latest/reference/lang_data_type.html#match-expressions.')\n scope.send('function_is_array', args)\n end\nend"}, {"name": "is_array", "file": "lib/puppet/parser/functions/is_array.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "is_array()", "docstring": {"text": "> **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n[`validate_legacy`](#validate_legacy).", "tags": [{"tag_name": "return", "text": "Returns `true` or `false`", "types": ["Boolean"]}]}}], "docstring": {"text": "> **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n[`validate_legacy`](#validate_legacy).", "tags": [{"tag_name": "return", "text": "Returns `true` or `false`", "types": ["Boolean"]}, {"tag_name": "summary", "text": "**Deprecated:** Returns true if the variable passed to this function is an array."}]}, "source": "newfunction(:is_array, type: :rvalue, doc: <<-DOC\n @summary\n **Deprecated:** Returns true if the variable passed to this function is an array.\n\n @return [Boolean]\n Returns `true` or `false`\n\n > **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n [`validate_legacy`](#validate_legacy).\n DOC\n) do |arguments|\n function_deprecation([:is_array, 'This method is deprecated, please use the stdlib validate_legacy function,\n with Stdlib::Compat::Array. There is further documentation for validate_legacy function in the README.'])\n\n raise(Puppet::ParseError, \"is_array(): Wrong number of arguments given (#{arguments.size} for 1)\") if arguments.empty?\n\n type = arguments[0]\n\n result = type.is_a?(Array)\n\n return result\nend"}, {"name": "is_bool", "file": "lib/puppet/functions/is_bool.rb", "line": 5, "type": "ruby4x", "signatures": [{"signature": "is_bool(Any $scope, Any *$args)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the wrapped method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the wrapped method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "A boolean value returned from the called 3.x function.", "types": ["Boolea"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the wrapped method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the wrapped method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "A boolean value returned from the called 3.x function.", "types": ["Boolea"]}, {"tag_name": "summary", "text": "Wrapper that calls the Puppet 3.x function of the same name."}]}, "source": "Puppet::Functions.create_function(:is_bool) do\n # @param scope\n # The main value that will be passed to the wrapped method\n #\n # @param args\n # Any additional values that are to be passed to the wrapped method\n #\n # @return [Boolea]\n # A boolean value returned from the called 3.x function.\n dispatch :deprecation_gen do\n param 'Any', :scope\n repeated_param 'Any', :args\n end\n # Workaround PUP-4438 (fixed: https://github.com/puppetlabs/puppet/commit/e01c4dc924cd963ff6630008a5200fc6a2023b08#diff\n # -c937cc584953271bb3d3b3c2cb141790R221) to support puppet < 4.1.0 and puppet < 3.8.1.\n def call(scope, *args)\n manipulated_args = [scope] + args\n self.class.dispatcher.dispatch(self, scope, manipulated_args)\n end\n\n def deprecation_gen(scope, *args)\n call_function('deprecation', 'is_bool', 'This method is deprecated, please use match expressions with Stdlib::Compat::Bool instead. They are described at https://docs.puppet.com/puppet/latest/reference/lang_data_type.html#match-expressions.')\n scope.send('function_is_bool', args)\n end\nend"}, {"name": "is_bool", "file": "lib/puppet/parser/functions/is_bool.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "is_bool()", "docstring": {"text": "> **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n[`validate_legacy`](#validate_legacy).", "tags": [{"tag_name": "return", "text": "Returns `true` or `false`", "types": ["Boolean"]}]}}], "docstring": {"text": "> **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n[`validate_legacy`](#validate_legacy).", "tags": [{"tag_name": "return", "text": "Returns `true` or `false`", "types": ["Boolean"]}, {"tag_name": "summary", "text": "**Deprecated:** Returns true if the variable passed to this function is a boolean."}]}, "source": "newfunction(:is_bool, type: :rvalue, doc: <<-DOC\n @summary\n **Deprecated:** Returns true if the variable passed to this function is a boolean.\n\n @return [Boolean]\n Returns `true` or `false`\n\n > **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n [`validate_legacy`](#validate_legacy).\n DOC\n) do |arguments|\n function_deprecation([:is_bool, 'This method is deprecated, please use the stdlib validate_legacy function,\n with Stdlib::Compat::Bool. There is further documentation for validate_legacy function in the README.'])\n\n raise(Puppet::ParseError, \"is_bool(): Wrong number of arguments given (#{arguments.size} for 1)\") if arguments.size != 1\n\n type = arguments[0]\n\n result = type.is_a?(TrueClass) || type.is_a?(FalseClass)\n\n return result\nend"}, {"name": "is_domain_name", "file": "lib/puppet/parser/functions/is_domain_name.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "is_domain_name()", "docstring": {"text": "> **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n[`validate_legacy`](#validate_legacy).", "tags": [{"tag_name": "return", "text": "Returns `true` or `false`", "types": ["Boolean"]}]}}], "docstring": {"text": "> **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n[`validate_legacy`](#validate_legacy).", "tags": [{"tag_name": "return", "text": "Returns `true` or `false`", "types": ["Boolean"]}, {"tag_name": "summary", "text": "**Deprecated:** Returns true if the string passed to this function is\na syntactically correct domain name."}]}, "source": "newfunction(:is_domain_name, type: :rvalue, doc: <<-DOC\n @summary\n **Deprecated:** Returns true if the string passed to this function is\n a syntactically correct domain name.\n\n @return [Boolean]\n Returns `true` or `false`\n\n > **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n [`validate_legacy`](#validate_legacy).\n DOC\n) do |arguments|\n if arguments.size != 1\n raise(Puppet::ParseError, \"is_domain_name(): Wrong number of arguments given #{arguments.size} for 1\")\n end\n\n # Only allow string types\n return false unless arguments[0].is_a?(String)\n\n domain = arguments[0].dup\n\n # Limits (rfc1035, 3.1)\n domain_max_length = 255\n label_min_length = 1\n label_max_length = 63\n\n # Allow \".\", it is the top level domain\n return true if domain == '.'\n\n # Remove the final dot, if present.\n domain.chomp!('.')\n\n # Check the whole domain\n return false if domain.empty?\n return false if domain.length > domain_max_length\n\n # The top level domain must be alphabetic if there are multiple labels.\n # See rfc1123, 2.1\n return false if domain.include?('.') && !%r{\\.[A-Za-z]+$}.match(domain)\n\n # Check each label in the domain\n labels = domain.split('.')\n vlabels = labels.each do |label|\n break if label.length < label_min_length\n break if label.length > label_max_length\n break if label[-1..-1] == '-'\n break if label[0..0] == '-'\n break unless %r{^[a-z\\d-]+$}i.match?(label)\n end\n return vlabels == labels\nend"}, {"name": "is_email_address", "file": "lib/puppet/parser/functions/is_email_address.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "is_email_address()", "docstring": {"text": "> **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n[`validate_legacy`](#validate_legacy).", "tags": [{"tag_name": "return", "text": "Returns `true` or `false`", "types": ["Boolean"]}]}}], "docstring": {"text": "> **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n[`validate_legacy`](#validate_legacy).", "tags": [{"tag_name": "return", "text": "Returns `true` or `false`", "types": ["Boolean"]}, {"tag_name": "summary", "text": "**Deprecated:** Returns true if the string passed to this function is a valid email address."}]}, "source": "newfunction(:is_email_address, type: :rvalue, doc: <<-DOC\n @summary\n **Deprecated:** Returns true if the string passed to this function is a valid email address.\n\n @return [Boolean]\n Returns `true` or `false`\n\n > **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n [`validate_legacy`](#validate_legacy).\n DOC\n) do |arguments|\n if arguments.size != 1\n raise(Puppet::ParseError, \"is_email_address(): Wrong number of arguments given #{arguments.size} for 1\")\n end\n\n # Taken from http://emailregex.com/ (simpler regex)\n valid_email_regex = %r{\\A([\\w+\\-].?)+@[a-z\\d\\-]+(\\.[a-z]+)*\\.[a-z]+\\z}\n return (arguments[0] =~ valid_email_regex) == 0\nend"}, {"name": "is_float", "file": "lib/puppet/functions/is_float.rb", "line": 5, "type": "ruby4x", "signatures": [{"signature": "is_float(Any $scope, Any *$args)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the wrapped method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the wrapped method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "A boolean value returned from the called 3.x function.", "types": ["Boolea"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the wrapped method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the wrapped method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "A boolean value returned from the called 3.x function.", "types": ["Boolea"]}, {"tag_name": "summary", "text": "Wrapper that calls the Puppet 3.x function of the same name."}]}, "source": "Puppet::Functions.create_function(:is_float) do\n # @param scope\n # The main value that will be passed to the wrapped method\n #\n # @param args\n # Any additional values that are to be passed to the wrapped method\n #\n # @return [Boolea]\n # A boolean value returned from the called 3.x function.\n dispatch :deprecation_gen do\n param 'Any', :scope\n repeated_param 'Any', :args\n end\n # Workaround PUP-4438 (fixed: https://github.com/puppetlabs/puppet/commit/e01c4dc924cd963ff6630008a5200fc6a2023b08#diff\n # -c937cc584953271bb3d3b3c2cb141790R221) to support puppet < 4.1.0 and puppet < 3.8.1.\n def call(scope, *args)\n manipulated_args = [scope] + args\n self.class.dispatcher.dispatch(self, scope, manipulated_args)\n end\n\n def deprecation_gen(scope, *args)\n call_function('deprecation', 'is_float', 'This method is deprecated, please use match expressions with Stdlib::Compat::Float instead. They are described at https://docs.puppet.com/puppet/latest/reference/lang_data_type.html#match-expressions.')\n scope.send('function_is_float', args)\n end\nend"}, {"name": "is_float", "file": "lib/puppet/parser/functions/is_float.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "is_float()", "docstring": {"text": "> **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n[`validate_legacy`](#validate_legacy).", "tags": [{"tag_name": "return", "text": "Returns `true` or `false`", "types": ["Boolean"]}]}}], "docstring": {"text": "> **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n[`validate_legacy`](#validate_legacy).", "tags": [{"tag_name": "return", "text": "Returns `true` or `false`", "types": ["Boolean"]}, {"tag_name": "summary", "text": "**Deprecated:** Returns true if the variable passed to this function is a float."}]}, "source": "newfunction(:is_float, type: :rvalue, doc: <<-DOC\n @summary\n **Deprecated:** Returns true if the variable passed to this function is a float.\n\n @return [Boolean]\n Returns `true` or `false`\n\n > **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n [`validate_legacy`](#validate_legacy).\n DOC\n) do |arguments|\n function_deprecation([:is_float, 'This method is deprecated, please use the stdlib validate_legacy function,\n with Stdlib::Compat::Float. There is further documentation for validate_legacy function in the README.'])\n\n if arguments.size != 1\n raise(Puppet::ParseError, \"is_float(): Wrong number of arguments given #{arguments.size} for 1\")\n end\n\n value = arguments[0]\n\n # Only allow Numeric or String types\n return false unless value.is_a?(Numeric) || value.is_a?(String)\n\n return false if value != value.to_f.to_s && !value.is_a?(Float)\n return true\nend"}, {"name": "is_function_available", "file": "lib/puppet/parser/functions/is_function_available.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "is_function_available()", "docstring": {"text": "This function accepts a string as an argument.\n\n> **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n[`validate_legacy`](#validate_legacy).", "tags": [{"tag_name": "return", "text": "Returns `true` or `false`", "types": ["Boolean"]}]}}], "docstring": {"text": "This function accepts a string as an argument.\n\n> **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n[`validate_legacy`](#validate_legacy).", "tags": [{"tag_name": "return", "text": "Returns `true` or `false`", "types": ["Boolean"]}, {"tag_name": "summary", "text": "**Deprecated:** Determines whether the Puppet runtime has access to a function by that name."}]}, "source": "newfunction(:is_function_available, type: :rvalue, doc: <<-DOC\n @summary\n **Deprecated:** Determines whether the Puppet runtime has access to a function by that name.\n\n This function accepts a string as an argument.\n\n @return [Boolean]\n Returns `true` or `false`\n\n > **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n [`validate_legacy`](#validate_legacy).\n DOC\n) do |arguments|\n if arguments.size != 1\n raise(Puppet::ParseError, \"is_function_available?(): Wrong number of arguments given #{arguments.size} for 1\")\n end\n\n # Only allow String types\n return false unless arguments[0].is_a?(String)\n\n function = Puppet::Parser::Functions.function(arguments[0].to_sym)\n function.is_a?(String) && !function.empty?\nend"}, {"name": "is_hash", "file": "lib/puppet/parser/functions/is_hash.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "is_hash()", "docstring": {"text": "> **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n[`validate_legacy`](#validate_legacy).", "tags": [{"tag_name": "return", "text": "Returns `true` or `false`", "types": ["Boolean"]}]}}], "docstring": {"text": "> **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n[`validate_legacy`](#validate_legacy).", "tags": [{"tag_name": "return", "text": "Returns `true` or `false`", "types": ["Boolean"]}, {"tag_name": "summary", "text": "**Deprecated:** Returns true if the variable passed to this function is a hash."}]}, "source": "newfunction(:is_hash, type: :rvalue, doc: <<-DOC\n @summary\n **Deprecated:** Returns true if the variable passed to this function is a hash.\n\n @return [Boolean]\n Returns `true` or `false`\n\n > **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n [`validate_legacy`](#validate_legacy).\n DOC\n) do |arguments|\n raise(Puppet::ParseError, \"is_hash(): Wrong number of arguments given (#{arguments.size} for 1)\") if arguments.size != 1\n\n type = arguments[0]\n\n result = type.is_a?(Hash)\n\n return result\nend"}, {"name": "is_integer", "file": "lib/puppet/parser/functions/is_integer.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "is_integer()", "docstring": {"text": "The string may start with a '-' (minus). A value of '0' is allowed, but a leading '0'\ndigit may not be followed by other digits as this indicates that the value is octal (base 8).\n\nIf given any other argument `false` is returned.\n\n> **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n[`validate_legacy`](#validate_legacy).", "tags": [{"tag_name": "return", "text": "Returns `true` or `false`", "types": ["Boolean"]}]}}], "docstring": {"text": "The string may start with a '-' (minus). A value of '0' is allowed, but a leading '0'\ndigit may not be followed by other digits as this indicates that the value is octal (base 8).\n\nIf given any other argument `false` is returned.\n\n> **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n[`validate_legacy`](#validate_legacy).", "tags": [{"tag_name": "return", "text": "Returns `true` or `false`", "types": ["Boolean"]}, {"tag_name": "summary", "text": "**Deprecated:** Returns true if the variable passed to this function is an Integer or\na decimal (base 10) integer in String form."}]}, "source": "newfunction(:is_integer, type: :rvalue, doc: <<-DOC\n @summary\n **Deprecated:** Returns true if the variable passed to this function is an Integer or\n a decimal (base 10) integer in String form.\n\n The string may start with a '-' (minus). A value of '0' is allowed, but a leading '0'\n digit may not be followed by other digits as this indicates that the value is octal (base 8).\n\n If given any other argument `false` is returned.\n\n @return [Boolean]\n Returns `true` or `false`\n\n > **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n [`validate_legacy`](#validate_legacy).\n DOC\n) do |arguments|\n function_deprecation([:is_integer, 'This method is deprecated, please use the stdlib validate_legacy function,\n with Stdlib::Compat::Integer. There is further documentation for validate_legacy function in the README.'])\n\n if arguments.size != 1\n raise(Puppet::ParseError, \"is_integer(): Wrong number of arguments given #{arguments.size} for 1\")\n end\n\n value = arguments[0]\n\n # Regex is taken from the lexer of puppet\n # puppet/pops/parser/lexer.rb but modified to match also\n # negative values and disallow numbers prefixed with multiple\n # 0's\n #\n # TODO these parameter should be a constant but I'm not sure\n # if there is no risk to declare it inside of the module\n # Puppet::Parser::Functions\n\n # Integer numbers like\n # -1234568981273\n # 47291\n numeric = %r{^-?(?:(?:[1-9]\\d*)|0)$}\n\n return true if value.is_a?(Integer) || (value.is_a?(String) && value.match(numeric))\n return false\nend"}, {"name": "is_ip_address", "file": "lib/puppet/functions/is_ip_address.rb", "line": 5, "type": "ruby4x", "signatures": [{"signature": "is_ip_address(Any $scope, Any *$args)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the wrapped method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the wrapped method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "A boolean value returned from the called 3.x function.", "types": ["Boolea"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the wrapped method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the wrapped method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "A boolean value returned from the called 3.x function.", "types": ["Boolea"]}, {"tag_name": "summary", "text": "Wrapper that calls the Puppet 3.x function of the same name."}]}, "source": "Puppet::Functions.create_function(:is_ip_address) do\n # @param scope\n # The main value that will be passed to the wrapped method\n #\n # @param args\n # Any additional values that are to be passed to the wrapped method\n #\n # @return [Boolea]\n # A boolean value returned from the called 3.x function.\n dispatch :deprecation_gen do\n param 'Any', :scope\n repeated_param 'Any', :args\n end\n # Workaround PUP-4438 (fixed: https://github.com/puppetlabs/puppet/commit/e01c4dc924cd963ff6630008a5200fc6a2023b08#diff\n # -c937cc584953271bb3d3b3c2cb141790R221) to support puppet < 4.1.0 and puppet < 3.8.1.\n def call(scope, *args)\n manipulated_args = [scope] + args\n self.class.dispatcher.dispatch(self, scope, manipulated_args)\n end\n\n def deprecation_gen(scope, *args)\n call_function('deprecation', 'is_ip_address', 'This method is deprecated, please use match expressions with Stdlib::Compat::Ip_address instead. They are described at https://docs.puppet.com/puppet/latest/reference/lang_data_type.html#match-expressions.')\n scope.send('function_is_ip_address', args)\n end\nend"}, {"name": "is_ip_address", "file": "lib/puppet/parser/functions/is_ip_address.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "is_ip_address()", "docstring": {"text": "> **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n[`validate_legacy`](#validate_legacy).", "tags": [{"tag_name": "return", "text": "Returns `true` or `false`", "types": ["Boolean"]}]}}], "docstring": {"text": "> **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n[`validate_legacy`](#validate_legacy).", "tags": [{"tag_name": "return", "text": "Returns `true` or `false`", "types": ["Boolean"]}, {"tag_name": "summary", "text": "**Deprecated:** Returns true if the string passed to this function is a valid IP address."}]}, "source": "newfunction(:is_ip_address, type: :rvalue, doc: <<-DOC\n @summary\n **Deprecated:** Returns true if the string passed to this function is a valid IP address.\n\n @return [Boolean]\n Returns `true` or `false`\n\n > **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n [`validate_legacy`](#validate_legacy).\n DOC\n) do |arguments|\n require 'ipaddr'\n\n function_deprecation([:is_ip_address, 'This method is deprecated, please use the stdlib validate_legacy function,\n with Stdlib::Compat::Ip_address. There is further documentation for validate_legacy function in the README.'])\n\n if arguments.size != 1\n raise(Puppet::ParseError, \"is_ip_address(): Wrong number of arguments given #{arguments.size} for 1\")\n end\n\n begin\n ip = IPAddr.new(arguments[0])\n rescue ArgumentError\n return false\n end\n\n return true if ip.ipv4? || ip.ipv6?\n return false\nend"}, {"name": "is_ipv4_address", "file": "lib/puppet/functions/is_ipv4_address.rb", "line": 5, "type": "ruby4x", "signatures": [{"signature": "is_ipv4_address(Any $scope, Any *$args)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the wrapped method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the wrapped method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "A boolean value returned from the called 3.x function.", "types": ["Boolea"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the wrapped method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the wrapped method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "A boolean value returned from the called 3.x function.", "types": ["Boolea"]}, {"tag_name": "summary", "text": "Wrapper that calls the Puppet 3.x function of the same name."}]}, "source": "Puppet::Functions.create_function(:is_ipv4_address) do\n # @param scope\n # The main value that will be passed to the wrapped method\n #\n # @param args\n # Any additional values that are to be passed to the wrapped method\n #\n # @return [Boolea]\n # A boolean value returned from the called 3.x function.\n dispatch :deprecation_gen do\n param 'Any', :scope\n repeated_param 'Any', :args\n end\n # Workaround PUP-4438 (fixed: https://github.com/puppetlabs/puppet/commit/e01c4dc924cd963ff6630008a5200fc6a2023b08#diff\n # -c937cc584953271bb3d3b3c2cb141790R221) to support puppet < 4.1.0 and puppet < 3.8.1.\n def call(scope, *args)\n manipulated_args = [scope] + args\n self.class.dispatcher.dispatch(self, scope, manipulated_args)\n end\n\n def deprecation_gen(scope, *args)\n call_function('deprecation', 'is_ipv4_address', 'This method is deprecated, please use match expressions with Stdlib::Compat::Ipv4 instead. They are described at https://docs.puppet.com/puppet/latest/reference/lang_data_type.html#match-expressions.')\n scope.send('function_is_ipv4_address', args)\n end\nend"}, {"name": "is_ipv4_address", "file": "lib/puppet/parser/functions/is_ipv4_address.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "is_ipv4_address()", "docstring": {"text": "> **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n[`validate_legacy`](#validate_legacy).", "tags": [{"tag_name": "return", "text": "Returns `true` or `false`", "types": ["Boolean"]}]}}], "docstring": {"text": "> **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n[`validate_legacy`](#validate_legacy).", "tags": [{"tag_name": "return", "text": "Returns `true` or `false`", "types": ["Boolean"]}, {"tag_name": "summary", "text": "**Deprecated:** Returns true if the string passed to this function is a valid IPv4 address."}]}, "source": "newfunction(:is_ipv4_address, type: :rvalue, doc: <<-DOC\n @summary\n **Deprecated:** Returns true if the string passed to this function is a valid IPv4 address.\n\n @return [Boolean]\n Returns `true` or `false`\n\n > **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n [`validate_legacy`](#validate_legacy).\n DOC\n) do |arguments|\n require 'ipaddr'\n\n function_deprecation([:is_ipv4_address, 'This method is deprecated, please use the stdlib validate_legacy function,\n with Stdlib::Compat::Ipv4. There is further documentation for validate_legacy function in the README.'])\n\n if arguments.size != 1\n raise(Puppet::ParseError, \"is_ipv4_address(): Wrong number of arguments given #{arguments.size} for 1\")\n end\n\n begin\n ip = IPAddr.new(arguments[0])\n rescue ArgumentError\n return false\n end\n\n return ip.ipv4?\nend"}, {"name": "is_ipv6_address", "file": "lib/puppet/functions/is_ipv6_address.rb", "line": 5, "type": "ruby4x", "signatures": [{"signature": "is_ipv6_address(Any $scope, Any *$args)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the wrapped method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the wrapped method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "A boolean value returned from the called 3.x function.", "types": ["Boolea"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the wrapped method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the wrapped method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "A boolean value returned from the called 3.x function.", "types": ["Boolea"]}, {"tag_name": "summary", "text": "Wrapper that calls the Puppet 3.x function of the same name."}]}, "source": "Puppet::Functions.create_function(:is_ipv6_address) do\n # @param scope\n # The main value that will be passed to the wrapped method\n #\n # @param args\n # Any additional values that are to be passed to the wrapped method\n #\n # @return [Boolea]\n # A boolean value returned from the called 3.x function.\n dispatch :deprecation_gen do\n param 'Any', :scope\n repeated_param 'Any', :args\n end\n # Workaround PUP-4438 (fixed: https://github.com/puppetlabs/puppet/commit/e01c4dc924cd963ff6630008a5200fc6a2023b08#diff\n # -c937cc584953271bb3d3b3c2cb141790R221) to support puppet < 4.1.0 and puppet < 3.8.1.\n def call(scope, *args)\n manipulated_args = [scope] + args\n self.class.dispatcher.dispatch(self, scope, manipulated_args)\n end\n\n def deprecation_gen(scope, *args)\n call_function('deprecation', 'is_ipv4_address', 'This method is deprecated, please use match expressions with Stdlib::Compat::Ipv6 instead. They are described at https://docs.puppet.com/puppet/latest/reference/lang_data_type.html#match-expressions.')\n scope.send('function_is_ipv6_address', args)\n end\nend"}, {"name": "is_ipv6_address", "file": "lib/puppet/parser/functions/is_ipv6_address.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "is_ipv6_address()", "docstring": {"text": "> **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n[`validate_legacy`](#validate_legacy).", "tags": [{"tag_name": "return", "text": "Returns `true` or `false`", "types": ["Boolean"]}]}}], "docstring": {"text": "> **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n[`validate_legacy`](#validate_legacy).", "tags": [{"tag_name": "return", "text": "Returns `true` or `false`", "types": ["Boolean"]}, {"tag_name": "summary", "text": "**Deprecated:** Returns true if the string passed to this function is a valid IPv6 address."}]}, "source": "newfunction(:is_ipv6_address, type: :rvalue, doc: <<-DOC\n @summary\n **Deprecated:** Returns true if the string passed to this function is a valid IPv6 address.\n\n @return [Boolean]\n Returns `true` or `false`\n\n > **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n [`validate_legacy`](#validate_legacy).\n DOC\n) do |arguments|\n function_deprecation([:is_ipv6_address, 'This method is deprecated, please use the stdlib validate_legacy function,\n with Stdlib::Compat::Ipv6. There is further documentation for validate_legacy function in the README.'])\n\n require 'ipaddr'\n\n if arguments.size != 1\n raise(Puppet::ParseError, \"is_ipv6_address(): Wrong number of arguments given #{arguments.size} for 1\")\n end\n\n begin\n ip = IPAddr.new(arguments[0])\n rescue ArgumentError\n return false\n end\n\n return ip.ipv6?\nend"}, {"name": "is_mac_address", "file": "lib/puppet/parser/functions/is_mac_address.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "is_mac_address()", "docstring": {"text": "> **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n[`validate_legacy`](#validate_legacy).", "tags": [{"tag_name": "return", "text": "Returns `true` or `false`", "types": ["Boolean"]}]}}], "docstring": {"text": "> **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n[`validate_legacy`](#validate_legacy).", "tags": [{"tag_name": "return", "text": "Returns `true` or `false`", "types": ["Boolean"]}, {"tag_name": "summary", "text": "**Deprecated:** Returns true if the string passed to this function is a valid mac address."}]}, "source": "newfunction(:is_mac_address, type: :rvalue, doc: <<-DOC\n @summary\n **Deprecated:** Returns true if the string passed to this function is a valid mac address.\n\n @return [Boolean]\n Returns `true` or `false`\n\n > **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n [`validate_legacy`](#validate_legacy).\n DOC\n) do |arguments|\n if arguments.size != 1\n raise(Puppet::ParseError, \"is_mac_address(): Wrong number of arguments given #{arguments.size} for 1\")\n end\n\n mac = arguments[0]\n\n return true if %r{^[a-f0-9]{1,2}(:[a-f0-9]{1,2}){5}$}i.match?(mac)\n return true if %r{^[a-f0-9]{1,2}(:[a-f0-9]{1,2}){19}$}i.match?(mac)\n return false\nend"}, {"name": "is_numeric", "file": "lib/puppet/functions/is_numeric.rb", "line": 5, "type": "ruby4x", "signatures": [{"signature": "is_numeric(Any $scope, Any *$args)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the wrapped method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the wrapped method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "A boolean value returned from the called 3.x function.", "types": ["Boolea"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the wrapped method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the wrapped method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "A boolean value returned from the called 3.x function.", "types": ["Boolea"]}, {"tag_name": "summary", "text": "Wrapper that calls the Puppet 3.x function of the same name."}]}, "source": "Puppet::Functions.create_function(:is_numeric) do\n # @param scope\n # The main value that will be passed to the wrapped method\n #\n # @param args\n # Any additional values that are to be passed to the wrapped method\n #\n # @return [Boolea]\n # A boolean value returned from the called 3.x function.\n dispatch :deprecation_gen do\n param 'Any', :scope\n repeated_param 'Any', :args\n end\n # Workaround PUP-4438 (fixed: https://github.com/puppetlabs/puppet/commit/e01c4dc924cd963ff6630008a5200fc6a2023b08#diff\n # -c937cc584953271bb3d3b3c2cb141790R221) to support puppet < 4.1.0 and puppet < 3.8.1.\n def call(scope, *args)\n manipulated_args = [scope] + args\n self.class.dispatcher.dispatch(self, scope, manipulated_args)\n end\n\n def deprecation_gen(scope, *args)\n call_function('deprecation', 'is_numeric', 'This method is deprecated, please use match expressions with Stdlib::Compat::Numeric instead. They are described at https://docs.puppet.com/puppet/latest/reference/lang_data_type.html#match-expressions.')\n scope.send('function_is_numeric', args)\n end\nend"}, {"name": "is_numeric", "file": "lib/puppet/parser/functions/is_numeric.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "is_numeric()", "docstring": {"text": "Returns true if the given argument is a Numeric (Integer or Float),\nor a String containing either a valid integer in decimal base 10 form, or\na valid floating point string representation.\n\nThe function recognizes only decimal (base 10) integers and float but not\nintegers in hex (base 16) or octal (base 8) form.\n\nThe string representation may start with a '-' (minus). If a decimal '.' is used,\nit must be followed by at least one digit.\n\n> **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n[`validate_legacy`](#validate_legacy).", "tags": [{"tag_name": "return", "text": "Returns `true` or `false`", "types": ["Boolean"]}]}}], "docstring": {"text": "Returns true if the given argument is a Numeric (Integer or Float),\nor a String containing either a valid integer in decimal base 10 form, or\na valid floating point string representation.\n\nThe function recognizes only decimal (base 10) integers and float but not\nintegers in hex (base 16) or octal (base 8) form.\n\nThe string representation may start with a '-' (minus). If a decimal '.' is used,\nit must be followed by at least one digit.\n\n> **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n[`validate_legacy`](#validate_legacy).", "tags": [{"tag_name": "return", "text": "Returns `true` or `false`", "types": ["Boolean"]}, {"tag_name": "summary", "text": "**Deprecated:** Returns true if the given value is numeric."}]}, "source": "newfunction(:is_numeric, type: :rvalue, doc: <<-DOC\n @summary\n **Deprecated:** Returns true if the given value is numeric.\n\n Returns true if the given argument is a Numeric (Integer or Float),\n or a String containing either a valid integer in decimal base 10 form, or\n a valid floating point string representation.\n\n The function recognizes only decimal (base 10) integers and float but not\n integers in hex (base 16) or octal (base 8) form.\n\n The string representation may start with a '-' (minus). If a decimal '.' is used,\n it must be followed by at least one digit.\n\n @return [Boolean]\n Returns `true` or `false`\n\n > **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n [`validate_legacy`](#validate_legacy).\n DOC\n) do |arguments|\n function_deprecation([:is_numeric, 'This method is deprecated, please use the stdlib validate_legacy function,\n with Stdlib::Compat::Numeric. There is further documentation for validate_legacy function in the README.'])\n\n if arguments.size != 1\n raise(Puppet::ParseError, \"is_numeric(): Wrong number of arguments given #{arguments.size} for 1\")\n end\n\n value = arguments[0]\n\n # Regex is taken from the lexer of puppet\n # puppet/pops/parser/lexer.rb but modified to match also\n # negative values and disallow invalid octal numbers or\n # numbers prefixed with multiple 0's (except in hex numbers)\n #\n # TODO these parameters should be constants but I'm not sure\n # if there is no risk to declare them inside of the module\n # Puppet::Parser::Functions\n\n # TODO: decide if this should be used\n # HEX numbers like\n # 0xaa230F\n # 0X1234009C\n # 0x0012\n # -12FcD\n # numeric_hex = %r{^-?0[xX][0-9A-Fa-f]+$}\n\n # TODO: decide if this should be used\n # OCTAL numbers like\n # 01234567\n # -045372\n # numeric_oct = %r{^-?0[1-7][0-7]*$}\n\n # Integer/Float numbers like\n # -0.1234568981273\n # 47291\n # 42.12345e-12\n numeric = %r{^-?(?:(?:[1-9]\\d*)|0)(?:\\.\\d+)?(?:[eE]-?\\d+)?$}\n\n if value.is_a?(Numeric) || (value.is_a?(String) &&\n value.match(numeric) # or\n # value.match(numeric_hex) or\n # value.match(numeric_oct)\n )\n return true\n else\n return false\n end\nend"}, {"name": "is_string", "file": "lib/puppet/functions/is_string.rb", "line": 5, "type": "ruby4x", "signatures": [{"signature": "is_string(Any $scope, Any *$args)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the wrapped method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the wrapped method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "A boolean value returned from the called 3.x function.", "types": ["Boolean"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the wrapped method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the wrapped method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "A boolean value returned from the called 3.x function.", "types": ["Boolean"]}, {"tag_name": "summary", "text": "Wrapper that calls the Puppet 3.x function of the same name."}]}, "source": "Puppet::Functions.create_function(:is_string) do\n # @param scope\n # The main value that will be passed to the wrapped method\n #\n # @param args\n # Any additional values that are to be passed to the wrapped method\n #\n # @return [Boolean]\n # A boolean value returned from the called 3.x function.\n dispatch :deprecation_gen do\n param 'Any', :scope\n repeated_param 'Any', :args\n end\n # Workaround PUP-4438 (fixed: https://github.com/puppetlabs/puppet/commit/e01c4dc924cd963ff6630008a5200fc6a2023b08#diff\n # -c937cc584953271bb3d3b3c2cb141790R221) to support puppet < 4.1.0 and puppet < 3.8.1.\n def call(scope, *args)\n manipulated_args = [scope] + args\n self.class.dispatcher.dispatch(self, scope, manipulated_args)\n end\n\n def deprecation_gen(scope, *args)\n call_function('deprecation', 'is_string', 'This method is deprecated, please use match expressions with Stdlib::Compat::String instead. They are described at https://docs.puppet.com/puppet/latest/reference/lang_data_type.html#match-expressions.')\n scope.send('function_is_string', args)\n end\nend"}, {"name": "is_string", "file": "lib/puppet/parser/functions/is_string.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "is_string()", "docstring": {"text": "> **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n[`validate_legacy`](#validate_legacy).", "tags": [{"tag_name": "return", "text": "Returns `true` or `false`", "types": ["Boolean"]}]}}], "docstring": {"text": "> **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n[`validate_legacy`](#validate_legacy).", "tags": [{"tag_name": "return", "text": "Returns `true` or `false`", "types": ["Boolean"]}, {"tag_name": "summary", "text": "**Deprecated:** Returns true if the variable passed to this function is a string."}]}, "source": "newfunction(:is_string, type: :rvalue, doc: <<-DOC\n @summary\n **Deprecated:** Returns true if the variable passed to this function is a string.\n\n @return [Boolean]\n Returns `true` or `false`\n\n > **Note:* **Deprecated** Will be removed in a future version of stdlib. See\n [`validate_legacy`](#validate_legacy).\n DOC\n) do |arguments|\n function_deprecation([:is_string, 'This method is deprecated, please use the stdlib validate_legacy function,\n with Stdlib::Compat::String. There is further documentation for validate_legacy function in the README.'])\n\n raise(Puppet::ParseError, \"is_string(): Wrong number of arguments given (#{arguments.size} for 1)\") if arguments.empty?\n\n type = arguments[0]\n\n # when called through the v4 API shim, undef gets translated to nil\n result = type.is_a?(String) || type.nil?\n\n if result && (type == type.to_f.to_s || type == type.to_i.to_s)\n return false\n end\n\n return result\nend"}, {"name": "join", "file": "lib/puppet/parser/functions/join.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "join()", "docstring": {"text": "> **Note:** **Deprecated** from Puppet 5.4.0 this function has been replaced\nwith a built-in [`join`](https://puppet.com/docs/puppet/latest/function.html#join) function.", "tags": [{"tag_name": "example", "text": "join(['a','b','c'], \",\") # Results in: \"a,b,c\"", "name": "Example Usage:"}, {"tag_name": "return", "text": "The String containing each of the array values", "types": ["String"]}]}}], "docstring": {"text": "> **Note:** **Deprecated** from Puppet 5.4.0 this function has been replaced\nwith a built-in [`join`](https://puppet.com/docs/puppet/latest/function.html#join) function.", "tags": [{"tag_name": "example", "text": "join(['a','b','c'], \",\") # Results in: \"a,b,c\"", "name": "Example Usage:"}, {"tag_name": "return", "text": "The String containing each of the array values", "types": ["String"]}, {"tag_name": "summary", "text": "**Deprecated:** This function joins an array into a string using a separator."}]}, "source": "newfunction(:join, type: :rvalue, doc: <<-DOC\n @summary\n **Deprecated:** This function joins an array into a string using a separator.\n\n @example Example Usage:\n join(['a','b','c'], \",\") # Results in: \"a,b,c\"\n\n @return [String]\n The String containing each of the array values\n\n > **Note:** **Deprecated** from Puppet 5.4.0 this function has been replaced\n with a built-in [`join`](https://puppet.com/docs/puppet/latest/function.html#join) function.\n DOC\n) do |arguments|\n # Technically we support two arguments but only first is mandatory ...\n raise(Puppet::ParseError, \"join(): Wrong number of arguments given (#{arguments.size} for 1)\") if arguments.empty?\n\n array = arguments[0]\n\n unless array.is_a?(Array)\n raise(Puppet::ParseError, 'join(): Requires array to work with')\n end\n\n suffix = arguments[1] if arguments[1]\n\n if suffix\n unless suffix.is_a?(String)\n raise(Puppet::ParseError, 'join(): Requires string to work with')\n end\n end\n\n result = suffix ? array.join(suffix) : array.join\n\n return result\nend"}, {"name": "join_keys_to_values", "file": "lib/puppet/parser/functions/join_keys_to_values.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "join_keys_to_values()", "docstring": {"text": "Keys are cast to strings. If values are arrays, multiple keys\nare added for each element. The return value is an array in\nwhich each element is one joined key/value pair.\n\n> **Note:** Since Puppet 5.0.0 - for more detailed control over the formatting (including indentations and\nline breaks, delimiters around arrays and hash entries, between key/values in hash entries, and individual\nformatting of values in the array) - see the `new` function for `String` and its formatting\noptions for `Array` and `Hash`.", "tags": [{"tag_name": "example", "text": "join_keys_to_values({'a'=>1,'b'=>2}, \" is \") # Results in: [\"a is 1\",\"b is 2\"]\njoin_keys_to_values({'a'=>1,'b'=>[2,3]}, \" is \") # Results in: [\"a is 1\",\"b is 2\",\"b is 3\"]", "name": "Example Usage:"}, {"tag_name": "return", "text": "The joined hash", "types": ["Hash"]}]}}], "docstring": {"text": "Keys are cast to strings. If values are arrays, multiple keys\nare added for each element. The return value is an array in\nwhich each element is one joined key/value pair.\n\n> **Note:** Since Puppet 5.0.0 - for more detailed control over the formatting (including indentations and\nline breaks, delimiters around arrays and hash entries, between key/values in hash entries, and individual\nformatting of values in the array) - see the `new` function for `String` and its formatting\noptions for `Array` and `Hash`.", "tags": [{"tag_name": "example", "text": "join_keys_to_values({'a'=>1,'b'=>2}, \" is \") # Results in: [\"a is 1\",\"b is 2\"]\njoin_keys_to_values({'a'=>1,'b'=>[2,3]}, \" is \") # Results in: [\"a is 1\",\"b is 2\",\"b is 3\"]", "name": "Example Usage:"}, {"tag_name": "return", "text": "The joined hash", "types": ["Hash"]}, {"tag_name": "summary", "text": "This function joins each key of a hash to that key's corresponding value with a\nseparator."}]}, "source": "newfunction(:join_keys_to_values, type: :rvalue, doc: <<-DOC\n @summary\n This function joins each key of a hash to that key's corresponding value with a\n separator.\n\n Keys are cast to strings. If values are arrays, multiple keys\n are added for each element. The return value is an array in\n which each element is one joined key/value pair.\n\n @example Example Usage:\n join_keys_to_values({'a'=>1,'b'=>2}, \" is \") # Results in: [\"a is 1\",\"b is 2\"]\n join_keys_to_values({'a'=>1,'b'=>[2,3]}, \" is \") # Results in: [\"a is 1\",\"b is 2\",\"b is 3\"]\n\n @return [Hash]\n The joined hash\n\n > **Note:** Since Puppet 5.0.0 - for more detailed control over the formatting (including indentations and\n line breaks, delimiters around arrays and hash entries, between key/values in hash entries, and individual\n formatting of values in the array) - see the `new` function for `String` and its formatting\n options for `Array` and `Hash`.\n DOC\n) do |arguments|\n # Validate the number of arguments.\n if arguments.size != 2\n raise(Puppet::ParseError, \"join_keys_to_values(): Takes exactly two arguments, but #{arguments.size} given.\")\n end\n\n # Validate the first argument.\n hash = arguments[0]\n unless hash.is_a?(Hash)\n raise(TypeError, \"join_keys_to_values(): The first argument must be a hash, but a #{hash.class} was given.\")\n end\n\n # Validate the second argument.\n separator = arguments[1]\n unless separator.is_a?(String)\n raise(TypeError, \"join_keys_to_values(): The second argument must be a string, but a #{separator.class} was given.\")\n end\n\n # Join the keys to their values.\n hash.map { |k, v|\n if v.is_a?(Array)\n v.map { |va| String(k) + separator + String(va) }\n elsif String(v) == 'undef'\n String(k)\n else\n String(k) + separator + String(v)\n end\n }.flatten\nend"}, {"name": "keys", "file": "lib/puppet/parser/functions/keys.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "keys()", "docstring": {"text": "> **Note:** **Deprecated** from Puppet 5.5.0, the built-in [`keys`](https://puppet.com/docs/puppet/latest/function.html#keys)\nfunction will be used instead of this function.", "tags": [{"tag_name": "return", "text": "An array containing each of the hashes key values.", "types": ["Array"]}]}}], "docstring": {"text": "> **Note:** **Deprecated** from Puppet 5.5.0, the built-in [`keys`](https://puppet.com/docs/puppet/latest/function.html#keys)\nfunction will be used instead of this function.", "tags": [{"tag_name": "return", "text": "An array containing each of the hashes key values.", "types": ["Array"]}, {"tag_name": "summary", "text": "**Deprecated:** Returns the keys of a hash as an array."}]}, "source": "newfunction(:keys, type: :rvalue, doc: <<-DOC\n @summary\n **Deprecated:** Returns the keys of a hash as an array.\n\n @return [Array]\n An array containing each of the hashes key values.\n\n > **Note:** **Deprecated** from Puppet 5.5.0, the built-in [`keys`](https://puppet.com/docs/puppet/latest/function.html#keys)\n function will be used instead of this function.\n DOC\n) do |arguments|\n raise(Puppet::ParseError, \"keys(): Wrong number of arguments given (#{arguments.size} for 1)\") if arguments.empty?\n\n hash = arguments[0]\n\n unless hash.is_a?(Hash)\n raise(Puppet::ParseError, 'keys(): Requires hash to work with')\n end\n\n result = hash.keys\n\n return result\nend"}, {"name": "length", "file": "lib/puppet/functions/length.rb", "line": 12, "type": "ruby4x", "signatures": [{"signature": "length(Variant[String,Array,Hash] $value)", "docstring": {"text": "The original size() function did not handle Puppets new type capabilities, so this function\nis a Puppet 4 compatible solution.\n\n> **Note:** **Deprecated** from Puppet 6.0.0, this function has been replaced with a\nbuilt-in [`length`](https://puppet.com/docs/puppet/latest/function.html#length) function.", "tags": [{"tag_name": "param", "text": "The value whose length is to be found", "types": ["Variant[String,Array,Hash]"], "name": "value"}, {"tag_name": "return", "text": "The length of the given object", "types": ["Integer"]}]}}], "docstring": {"text": "The original size() function did not handle Puppets new type capabilities, so this function\nis a Puppet 4 compatible solution.\n\n> **Note:** **Deprecated** from Puppet 6.0.0, this function has been replaced with a\nbuilt-in [`length`](https://puppet.com/docs/puppet/latest/function.html#length) function.", "tags": [{"tag_name": "param", "text": "The value whose length is to be found", "types": ["Variant[String,Array,Hash]"], "name": "value"}, {"tag_name": "return", "text": "The length of the given object", "types": ["Integer"]}, {"tag_name": "summary", "text": "**Deprecated:** A function to eventually replace the old size() function for stdlib"}]}, "source": "Puppet::Functions.create_function(:length) do\n # @param value\n # The value whose length is to be found\n #\n # @return [Integer]\n # The length of the given object\n dispatch :length do\n param 'Variant[String,Array,Hash]', :value\n end\n def length(value)\n if value.is_a?(String)\n result = value.length\n elsif value.is_a?(Array) || value.is_a?(Hash)\n result = value.size\n end\n result\n end\nend"}, {"name": "load_module_metadata", "file": "lib/puppet/parser/functions/load_module_metadata.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "load_module_metadata()", "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "$metadata = load_module_metadata('archive')\nnotify { $metadata['author']: }", "name": "Example USage:"}, {"tag_name": "return", "text": "The modules metadata", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "$metadata = load_module_metadata('archive')\nnotify { $metadata['author']: }", "name": "Example USage:"}, {"tag_name": "return", "text": "The modules metadata", "types": ["Any"]}, {"tag_name": "summary", "text": "This function loads the metadata of a given module."}]}, "source": "newfunction(:load_module_metadata, type: :rvalue, doc: <<-DOC\n @summary\n This function loads the metadata of a given module.\n\n @example Example USage:\n $metadata = load_module_metadata('archive')\n notify { $metadata['author']: }\n\n @return\n The modules metadata\nDOC\n) do |args|\n raise(Puppet::ParseError, 'load_module_metadata(): Wrong number of arguments, expects one or two') unless [1, 2].include?(args.size)\n mod = args[0]\n allow_empty_metadata = args[1]\n module_path = function_get_module_path([mod])\n metadata_json = File.join(module_path, 'metadata.json')\n\n metadata_exists = File.exists?(metadata_json) # rubocop:disable Lint/DeprecatedClassMethods : Changing to .exist? breaks the code\n if metadata_exists\n metadata = PSON.load(File.read(metadata_json))\n else\n metadata = {}\n raise(Puppet::ParseError, \"load_module_metadata(): No metadata.json file for module #{mod}\") unless allow_empty_metadata\n end\n\n return metadata\nend"}, {"name": "loadjson", "file": "lib/puppet/parser/functions/loadjson.rb", "line": 8, "type": "ruby3x", "signatures": [{"signature": "loadjson()", "docstring": {"text": "The first parameter can be a file path or a URL.\nThe second parameter is the default value. It will be returned if the file\nwas not found or could not be parsed.", "tags": [{"tag_name": "example", "text": "$myhash = loadjson('/etc/puppet/data/myhash.json')\n$myhash = loadjson('https://example.local/my_hash.json')\n$myhash = loadjson('https://username:password@example.local/my_hash.json')\n$myhash = loadjson('no-file.json', {'default' => 'val", "name": "Example Usage:"}, {"tag_name": "return", "text": "The data stored in the JSON file, the type depending on the type of data that was stored.", "types": ["Array|String|Hash"]}]}}], "docstring": {"text": "The first parameter can be a file path or a URL.\nThe second parameter is the default value. It will be returned if the file\nwas not found or could not be parsed.", "tags": [{"tag_name": "example", "text": "$myhash = loadjson('/etc/puppet/data/myhash.json')\n$myhash = loadjson('https://example.local/my_hash.json')\n$myhash = loadjson('https://username:password@example.local/my_hash.json')\n$myhash = loadjson('no-file.json', {'default' => 'val", "name": "Example Usage:"}, {"tag_name": "return", "text": "The data stored in the JSON file, the type depending on the type of data that was stored.", "types": ["Array|String|Hash"]}, {"tag_name": "summary", "text": "Load a JSON file containing an array, string, or hash, and return the data\nin the corresponding native data type."}]}, "source": "newfunction(:loadjson, type: :rvalue, arity: -2, doc: <<-'DOC') do |args|\n @summary\n Load a JSON file containing an array, string, or hash, and return the data\n in the corresponding native data type.\n\n The first parameter can be a file path or a URL.\n The second parameter is the default value. It will be returned if the file\n was not found or could not be parsed.\n\n @return [Array|String|Hash]\n The data stored in the JSON file, the type depending on the type of data that was stored.\n\n @example Example Usage:\n $myhash = loadjson('/etc/puppet/data/myhash.json')\n $myhash = loadjson('https://example.local/my_hash.json')\n $myhash = loadjson('https://username:password@example.local/my_hash.json')\n $myhash = loadjson('no-file.json', {'default' => 'value'})\nDOC\n\n raise ArgumentError, 'Wrong number of arguments. 1 or 2 arguments should be provided.' unless args.length >= 1\n require 'open-uri'\n begin\n if args[0].start_with?('http://', 'https://')\n username = ''\n password = ''\n if (match = args[0].match(%r{(http\\://|https\\://)(.*):(.*)@(.*)}))\n # If URL is in the format of https://username:password@example.local/my_hash.yaml\n protocol, username, password, path = match.captures\n url = \"#{protocol}#{path}\"\n elsif (match = args[0].match(%r{(http\\:\\/\\/|https\\:\\/\\/)(.*)@(.*)}))\n # If URL is in the format of https://username@example.local/my_hash.yaml\n protocol, username, path = match.captures\n url = \"#{protocol}#{path}\"\n else\n url = args[0]\n end\n begin\n contents = OpenURI.open_uri(url, http_basic_authentication: [username, password])\n rescue OpenURI::HTTPError => err\n res = err.io\n warning(\"Can't load '#{url}' HTTP Error Code: '#{res.status[0]}'\")\n args[1]\n end\n PSON.load(contents) || args[1]\n elsif File.exists?(args[0]) # rubocop:disable Lint/DeprecatedClassMethods : Changing to .exist? breaks the code\n content = File.read(args[0])\n PSON.load(content) || args[1]\n else\n warning(\"Can't load '#{args[0]}' File does not exist!\")\n args[1]\n end\n rescue StandardError => e\n raise e unless args[1]\n args[1]\n end\nend"}, {"name": "loadyaml", "file": "lib/puppet/parser/functions/loadyaml.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "loadyaml()", "docstring": {"text": "The first parameter can be a file path or a URL.\nThe second parameter is the default value. It will be returned if the file\nwas not found or could not be parsed.", "tags": [{"tag_name": "example", "text": "$myhash = loadyaml('/etc/puppet/data/myhash.yaml')\n$myhash = loadyaml('https://example.local/my_hash.yaml')\n$myhash = loadyaml('https://username:password@example.local/my_hash.yaml')\n$myhash = loadyaml('no-file.yaml', {'default' => 'val", "name": "Example Usage:"}, {"tag_name": "return", "text": "The data stored in the YAML file, the type depending on the type of data that was stored.", "types": ["Array|String|Hash"]}]}}], "docstring": {"text": "The first parameter can be a file path or a URL.\nThe second parameter is the default value. It will be returned if the file\nwas not found or could not be parsed.", "tags": [{"tag_name": "example", "text": "$myhash = loadyaml('/etc/puppet/data/myhash.yaml')\n$myhash = loadyaml('https://example.local/my_hash.yaml')\n$myhash = loadyaml('https://username:password@example.local/my_hash.yaml')\n$myhash = loadyaml('no-file.yaml', {'default' => 'val", "name": "Example Usage:"}, {"tag_name": "return", "text": "The data stored in the YAML file, the type depending on the type of data that was stored.", "types": ["Array|String|Hash"]}, {"tag_name": "summary", "text": "Load a YAML file containing an array, string, or hash, and return the data\nin the corresponding native data type."}]}, "source": "newfunction(:loadyaml, type: :rvalue, arity: -2, doc: <<-'DOC') do |args|\n @summary\n Load a YAML file containing an array, string, or hash, and return the data\n in the corresponding native data type.\n\n The first parameter can be a file path or a URL.\n The second parameter is the default value. It will be returned if the file\n was not found or could not be parsed.\n\n @return [Array|String|Hash]\n The data stored in the YAML file, the type depending on the type of data that was stored.\n\n @example Example Usage:\n $myhash = loadyaml('/etc/puppet/data/myhash.yaml')\n $myhash = loadyaml('https://example.local/my_hash.yaml')\n $myhash = loadyaml('https://username:password@example.local/my_hash.yaml')\n $myhash = loadyaml('no-file.yaml', {'default' => 'value'})\nDOC\n\n raise ArgumentError, 'Wrong number of arguments. 1 or 2 arguments should be provided.' unless args.length >= 1\n require 'yaml'\n require 'open-uri'\n begin\n if args[0].start_with?('http://', 'https://')\n username = ''\n password = ''\n if (match = args[0].match(%r{(http\\://|https\\://)(.*):(.*)@(.*)}))\n # If URL is in the format of https://username:password@example.local/my_hash.yaml\n protocol, username, password, path = match.captures\n url = \"#{protocol}#{path}\"\n elsif (match = args[0].match(%r{(http\\:\\/\\/|https\\:\\/\\/)(.*)@(.*)}))\n # If URL is in the format of https://username@example.local/my_hash.yaml\n protocol, username, path = match.captures\n url = \"#{protocol}#{path}\"\n else\n url = args[0]\n end\n begin\n contents = OpenURI.open_uri(url, http_basic_authentication: [username, password])\n rescue OpenURI::HTTPError => err\n res = err.io\n warning(\"Can't load '#{url}' HTTP Error Code: '#{res.status[0]}'\")\n args[1]\n end\n YAML.safe_load(contents) || args[1]\n elsif File.exists?(args[0]) # rubocop:disable Lint/DeprecatedClassMethods : Changing to .exist? breaks the code\n YAML.load_file(args[0]) || args[1]\n else\n warning(\"Can't load '#{args[0]}' File does not exist!\")\n args[1]\n end\n rescue StandardError => e\n raise e unless args[1]\n args[1]\n end\nend"}, {"name": "lstrip", "file": "lib/puppet/parser/functions/lstrip.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "lstrip()", "docstring": {"text": "> **Note:** **Deprecated** from Puppet 6.0.0, this function has been replaced with a\nbuilt-in [`lstrip`](https://puppet.com/docs/puppet/latest/function.html#lstrip) function.", "tags": [{"tag_name": "return", "text": "The stripped string", "types": ["String"]}]}}], "docstring": {"text": "> **Note:** **Deprecated** from Puppet 6.0.0, this function has been replaced with a\nbuilt-in [`lstrip`](https://puppet.com/docs/puppet/latest/function.html#lstrip) function.", "tags": [{"tag_name": "return", "text": "The stripped string", "types": ["String"]}, {"tag_name": "summary", "text": "**Deprecated:** Strips leading spaces to the left of a string."}]}, "source": "newfunction(:lstrip, type: :rvalue, doc: <<-DOC\n @summary\n **Deprecated:** Strips leading spaces to the left of a string.\n\n @return [String]\n The stripped string\n\n > **Note:** **Deprecated** from Puppet 6.0.0, this function has been replaced with a\n built-in [`lstrip`](https://puppet.com/docs/puppet/latest/function.html#lstrip) function.\n DOC\n) do |arguments|\n raise(Puppet::ParseError, \"lstrip(): Wrong number of arguments given (#{arguments.size} for 1)\") if arguments.empty?\n\n value = arguments[0]\n\n unless value.is_a?(Array) || value.is_a?(String)\n raise(Puppet::ParseError, 'lstrip(): Requires either array or string to work with')\n end\n\n result = if value.is_a?(Array)\n # Numbers in Puppet are often string-encoded which is troublesome ...\n value.map { |i| i.is_a?(String) ? i.lstrip : i }\n else\n value.lstrip\n end\n\n return result\nend"}, {"name": "max", "file": "lib/puppet/parser/functions/max.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "max()", "docstring": {"text": "Requires at least one argument.\n\n> **Note:** **Deprecated** from Puppet 6.0.0, this function has been replaced with a\nbuilt-in [`max`](https://puppet.com/docs/puppet/latest/function.html#max) function.", "tags": [{"tag_name": "return", "text": "The highest value among those passed in", "types": ["Any"]}]}}], "docstring": {"text": "Requires at least one argument.\n\n> **Note:** **Deprecated** from Puppet 6.0.0, this function has been replaced with a\nbuilt-in [`max`](https://puppet.com/docs/puppet/latest/function.html#max) function.", "tags": [{"tag_name": "return", "text": "The highest value among those passed in", "types": ["Any"]}, {"tag_name": "summary", "text": "**Deprecated:** Returns the highest value of all arguments."}]}, "source": "newfunction(:max, type: :rvalue, doc: <<-DOC\n @summary\n **Deprecated:** Returns the highest value of all arguments.\n\n Requires at least one argument.\n\n @return\n The highest value among those passed in\n\n > **Note:** **Deprecated** from Puppet 6.0.0, this function has been replaced with a\n built-in [`max`](https://puppet.com/docs/puppet/latest/function.html#max) function.\n DOC\n) do |args|\n raise(Puppet::ParseError, 'max(): Wrong number of arguments need at least one') if args.empty?\n\n # Sometimes we get numbers as numerics and sometimes as strings.\n # We try to compare them as numbers when possible\n return args.max do |a, b|\n if a.to_s =~ %r{\\A-?\\d+(.\\d+)?\\z} && b.to_s =~ %r{\\A-?\\d+(.\\d+)?\\z}\n a.to_f <=> b.to_f\n else\n a.to_s <=> b.to_s\n end\n end\nend"}, {"name": "member", "file": "lib/puppet/parser/functions/member.rb", "line": 9, "type": "ruby3x", "signatures": [{"signature": "member()", "docstring": {"text": "The variable can be a string, fixnum, or array.\n\n> **Note**: This function does not support nested arrays. If the first argument contains\nnested arrays, it will not recurse through them.\n\n> *Note:*\nSince Puppet 4.0.0 the same can be performed in the Puppet language.\nFor single values the operator `in` can be used:\n`'a' in ['a', 'b'] # true`\nFor arrays by using operator `-` to compute a diff:\n`['d', 'b'] - ['a', 'b', 'c'] == [] # false because 'd' is not subtracted`\n`['a', 'b'] - ['a', 'b', 'c'] == [] # true because both 'a' and 'b' are subtracted`\n\n> **Note** that since Puppet 5.2.0, the general form to test the content of an array or\nhash is to use the built-in [`any`](https://puppet.com/docs/puppet/latest/function.html#any)\nand [`all`](https://puppet.com/docs/puppet/latest/function.html#all) functions.", "tags": [{"tag_name": "example", "text": "member(['a','b'], 'b') # Returns: true\nmember(['a', 'b', 'c'], ['a', 'b']) # Returns: true\nmember(['a','b'], 'c') # Returns: false\nmember(['a', 'b', 'c'], ['d', 'b']) # Returns: false", "name": "**Usage**"}, {"tag_name": "return", "text": "Returns whether the given value was a member of the array", "types": ["Any"]}]}}], "docstring": {"text": "The variable can be a string, fixnum, or array.\n\n> **Note**: This function does not support nested arrays. If the first argument contains\nnested arrays, it will not recurse through them.\n\n> *Note:*\nSince Puppet 4.0.0 the same can be performed in the Puppet language.\nFor single values the operator `in` can be used:\n`'a' in ['a', 'b'] # true`\nFor arrays by using operator `-` to compute a diff:\n`['d', 'b'] - ['a', 'b', 'c'] == [] # false because 'd' is not subtracted`\n`['a', 'b'] - ['a', 'b', 'c'] == [] # true because both 'a' and 'b' are subtracted`\n\n> **Note** that since Puppet 5.2.0, the general form to test the content of an array or\nhash is to use the built-in [`any`](https://puppet.com/docs/puppet/latest/function.html#any)\nand [`all`](https://puppet.com/docs/puppet/latest/function.html#all) functions.", "tags": [{"tag_name": "example", "text": "member(['a','b'], 'b') # Returns: true\nmember(['a', 'b', 'c'], ['a', 'b']) # Returns: true\nmember(['a','b'], 'c') # Returns: false\nmember(['a', 'b', 'c'], ['d', 'b']) # Returns: false", "name": "**Usage**"}, {"tag_name": "return", "text": "Returns whether the given value was a member of the array", "types": ["Any"]}, {"tag_name": "summary", "text": "This function determines if a variable is a member of an array."}]}, "source": "newfunction(:member, type: :rvalue, doc: <<-DOC\n @summary\n This function determines if a variable is a member of an array.\n\n The variable can be a string, fixnum, or array.\n\n > **Note**: This function does not support nested arrays. If the first argument contains\n nested arrays, it will not recurse through them.\n\n @example **Usage**\n member(['a','b'], 'b') # Returns: true\n member(['a', 'b', 'c'], ['a', 'b']) # Returns: true\n member(['a','b'], 'c') # Returns: false\n member(['a', 'b', 'c'], ['d', 'b']) # Returns: false\n\n > *Note:*\n Since Puppet 4.0.0 the same can be performed in the Puppet language.\n For single values the operator `in` can be used:\n `'a' in ['a', 'b'] # true`\n For arrays by using operator `-` to compute a diff:\n `['d', 'b'] - ['a', 'b', 'c'] == [] # false because 'd' is not subtracted`\n `['a', 'b'] - ['a', 'b', 'c'] == [] # true because both 'a' and 'b' are subtracted`\n\n @return\n Returns whether the given value was a member of the array\n\n > **Note** that since Puppet 5.2.0, the general form to test the content of an array or\n hash is to use the built-in [`any`](https://puppet.com/docs/puppet/latest/function.html#any)\n and [`all`](https://puppet.com/docs/puppet/latest/function.html#all) functions.\n DOC\n) do |arguments|\n raise(Puppet::ParseError, \"member(): Wrong number of arguments given (#{arguments.size} for 2)\") if arguments.size < 2\n\n array = arguments[0]\n\n unless array.is_a?(Array)\n raise(Puppet::ParseError, 'member(): Requires array to work with')\n end\n\n unless arguments[1].is_a?(String) || arguments[1].is_a?(Integer) || arguments[1].is_a?(Array)\n raise(Puppet::ParseError, 'member(): Item to search for must be a string, fixnum, or array')\n end\n\n item = if arguments[1].is_a?(String) || arguments[1].is_a?(Integer)\n [arguments[1]]\n else\n arguments[1]\n end\n\n raise(Puppet::ParseError, 'member(): You must provide item to search for within array given') if item.respond_to?('empty?') && item.empty?\n\n result = (item - array).empty?\n\n return result\nend"}, {"name": "merge", "file": "lib/puppet/functions/merge.rb", "line": 36, "type": "ruby4x", "signatures": [{"signature": "merge(Variant[Hash[Scalar,Any], Undef, String[0,0]] *$args)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Repeated Param - The hashes that are to be merged", "types": ["Variant[Hash[Scalar,Any], Undef, String[0,0]]"], "name": "*args"}, {"tag_name": "return", "text": "The merged hash", "types": ["Hash[Scalar,Any]"]}]}}, {"signature": "merge(Iterable *$args, Callable[3,3] &$block)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Repeated Param - The hashes that are to be merged", "types": ["Iterable"], "name": "*args"}, {"tag_name": "param", "text": "A block placed on the repeatable param `args`", "types": ["Callable[3,3]"], "name": "&block"}, {"tag_name": "return", "text": "The merged hash", "types": ["Hash"]}]}}, {"signature": "merge(Iterable *$args, Callable[2,2] &$block)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Repeated Param - The hashes that are to be merged", "types": ["Iterable"], "name": "*args"}, {"tag_name": "param", "text": "A block placed on the repeatable param `args`", "types": ["Callable[2,2]"], "name": "&block"}, {"tag_name": "return", "text": "The merged hash", "types": ["Hash"]}]}}], "docstring": {"text": "When there is a duplicate key, the key in the rightmost hash will \"win.\"\n\nNote that since Puppet 4.0.0 the same merge can be achieved with the + operator.\n `$merged_hash = $hash1 + $hash2`\n\nIf merge is given a single Iterable (Array, Hash, etc.) it will call a given block with\nup to three parameters, and merge each resulting Hash into the accumulated result. All other types\nof values returned from the block (typically undef) are skipped (not merged).\n\nThe codeblock can take 2 or three parameters:\n* with two, it gets the current hash (as built to this point), and each value (for hash the value is a [key, value] tuple)\n* with three, it gets the current hash (as built to this point), the key/index of each value, and then the value\n\nIf the iterable is empty, or no hash was returned from the given block, an empty hash is returned. In the given block, a call to `next()`\nwill skip that entry, and a call to `break()` will end the iteration.\n\nThe iterative `merge()` has an advantage over doing the same with a general `reduce()` in that the constructed hash\ndoes not have to be copied in each iteration and thus will perform much better with large inputs.", "tags": [{"tag_name": "example", "text": "$hash1 = {'one' => 1, 'two', => 2}\n$hash2 = {'two' => 'dos', 'three', => 'tres'}\n$merged_hash = merge($hash1, $hash2) # $merged_hash = {'one' => 1, 'two' => 'dos', 'three' => 'tres'}", "name": "Using merge()"}, {"tag_name": "example", "text": "['a', 'b', 'c', 'c', 'd', 'b'].merge | $hsh, $v | { { $v => $hsh[$v].lest || { 0 } + 1 } } # results in { a => 1, b => 2, c => 2, d => 1 }", "name": "counting occurrences of strings in an array"}, {"tag_name": "example", "text": "['a', 'b', 'c', 'c', 'd', 'b', 'blah', 'blah'].merge | $hsh, $v | { if $v =~ String[1,1] { { $v => $hsh[$v].lest || { 0 } + 1 } } } # results in { a => 1, b => 2, c => 2, d => 1 }", "name": "skipping values for entries that are longer than 1 char"}, {"tag_name": "overload", "signature": "merge(Variant[Hash[Scalar,Any], Undef, String[0,0]] *$args)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Repeated Param - The hashes that are to be merged", "types": ["Variant[Hash[Scalar,Any], Undef, String[0,0]]"], "name": "*args"}, {"tag_name": "return", "text": "The merged hash", "types": ["Hash[Scalar,Any]"]}]}, "name": "merge"}, {"tag_name": "overload", "signature": "merge(Iterable *$args, Callable[3,3] &$block)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Repeated Param - The hashes that are to be merged", "types": ["Iterable"], "name": "*args"}, {"tag_name": "param", "text": "A block placed on the repeatable param `args`", "types": ["Callable[3,3]"], "name": "&block"}, {"tag_name": "return", "text": "The merged hash", "types": ["Hash"]}]}, "name": "merge"}, {"tag_name": "overload", "signature": "merge(Iterable *$args, Callable[2,2] &$block)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Repeated Param - The hashes that are to be merged", "types": ["Iterable"], "name": "*args"}, {"tag_name": "param", "text": "A block placed on the repeatable param `args`", "types": ["Callable[2,2]"], "name": "&block"}, {"tag_name": "return", "text": "The merged hash", "types": ["Hash"]}]}, "name": "merge"}, {"tag_name": "summary", "text": "Merges two or more hashes together or hashes resulting from iteration, and returns\nthe resulting hash."}]}, "source": "Puppet::Functions.create_function(:merge) do\n # @param args\n # Repeated Param - The hashes that are to be merged\n #\n # @return\n # The merged hash\n dispatch :merge2hashes do\n repeated_param 'Variant[Hash[Scalar,Any], Undef, String[0,0]]', :args # this strange type is backwards compatible\n return_type 'Hash[Scalar,Any]'\n end\n\n # @param args\n # Repeated Param - The hashes that are to be merged\n #\n # @param block\n # A block placed on the repeatable param `args`\n #\n # @return\n # The merged hash\n dispatch :merge_iterable3 do\n repeated_param 'Iterable', :args\n block_param 'Callable[3,3]', :block\n return_type 'Hash'\n end\n\n # @param args\n # Repeated Param - The hashes that are to be merged\n #\n # @param block\n # A block placed on the repeatable param `args`\n #\n # @return\n # The merged hash\n dispatch :merge_iterable2 do\n repeated_param 'Iterable', :args\n block_param 'Callable[2,2]', :block\n return_type 'Hash'\n end\n\n def merge2hashes(*hashes)\n accumulator = {}\n hashes.each { |h| accumulator.merge!(h) if h.is_a?(Hash) }\n accumulator\n end\n\n def merge_iterable2(iterable)\n accumulator = {}\n enum = Puppet::Pops::Types::Iterable.asserted_iterable(self, iterable)\n enum.each do |v|\n r = yield(accumulator, v)\n accumulator.merge!(r) if r.is_a?(Hash)\n end\n accumulator\n end\n\n def merge_iterable3(iterable)\n accumulator = {}\n enum = Puppet::Pops::Types::Iterable.asserted_iterable(self, iterable)\n if enum.hash_style?\n enum.each do |entry|\n r = yield(accumulator, *entry)\n accumulator.merge!(r) if r.is_a?(Hash)\n end\n else\n begin\n index = 0\n loop do\n r = yield(accumulator, index, enum.next)\n accumulator.merge!(r) if r.is_a?(Hash)\n index += 1\n end\n rescue StopIteration\n end\n end\n accumulator\n end\nend"}, {"name": "merge", "file": "lib/puppet/parser/functions/merge.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "merge()", "docstring": {"text": "When there is a duplicate key, the key in the rightmost hash will \"win.\"\n\nNote that since Puppet 4.0.0 the same merge can be achieved with the + operator.\n `$merged_hash = $hash1 + $has", "tags": [{"tag_name": "example", "text": "$hash1 = {'one' => 1, 'two', => 2}\n$hash2 = {'two' => 'dos', 'three', => 'tres'}\n$merged_hash = merge($hash1, $hash2) # $merged_hash = {'one' => 1, 'two' => 'dos', 'three' => 'tres'}", "name": "**Usage**"}, {"tag_name": "return", "text": "The merged hash", "types": ["Hash"]}]}}], "docstring": {"text": "When there is a duplicate key, the key in the rightmost hash will \"win.\"\n\nNote that since Puppet 4.0.0 the same merge can be achieved with the + operator.\n `$merged_hash = $hash1 + $has", "tags": [{"tag_name": "example", "text": "$hash1 = {'one' => 1, 'two', => 2}\n$hash2 = {'two' => 'dos', 'three', => 'tres'}\n$merged_hash = merge($hash1, $hash2) # $merged_hash = {'one' => 1, 'two' => 'dos', 'three' => 'tres'}", "name": "**Usage**"}, {"tag_name": "return", "text": "The merged hash", "types": ["Hash"]}, {"tag_name": "summary", "text": "Merges two or more hashes together and returns the resulting hash."}]}, "source": "newfunction(:merge, type: :rvalue, doc: <<-'DOC') do |args|\n @summary\n Merges two or more hashes together and returns the resulting hash.\n\n @example **Usage**\n $hash1 = {'one' => 1, 'two', => 2}\n $hash2 = {'two' => 'dos', 'three', => 'tres'}\n $merged_hash = merge($hash1, $hash2) # $merged_hash = {'one' => 1, 'two' => 'dos', 'three' => 'tres'}\n\n When there is a duplicate key, the key in the rightmost hash will \"win.\"\n\n @return [Hash]\n The merged hash\n\n Note that since Puppet 4.0.0 the same merge can be achieved with the + operator.\n `$merged_hash = $hash1 + $hash2`\n DOC\n\n if args.length < 2\n raise Puppet::ParseError, \"merge(): wrong number of arguments (#{args.length}; must be at least 2)\"\n end\n\n # The hash we accumulate into\n accumulator = {}\n # Merge into the accumulator hash\n args.each do |arg|\n next if arg.is_a?(String) && arg.empty? # empty string is synonym for puppet's undef\n unless arg.is_a?(Hash)\n raise Puppet::ParseError, \"merge: unexpected argument type #{arg.class}, only expects hash arguments\"\n end\n accumulator.merge!(arg)\n end\n # Return the fully merged hash\n accumulator\nend"}, {"name": "min", "file": "lib/puppet/parser/functions/min.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "min()", "docstring": {"text": "Requires at least one argument.\n\n> **Note:** **Deprecated** from Puppet 6.0.0, this function has been replaced with a\nbuilt-in [`min`](https://puppet.com/docs/puppet/latest/function.html#min) function.", "tags": [{"tag_name": "return", "text": "The lowest value among the given arguments", "types": ["Any"]}]}}], "docstring": {"text": "Requires at least one argument.\n\n> **Note:** **Deprecated** from Puppet 6.0.0, this function has been replaced with a\nbuilt-in [`min`](https://puppet.com/docs/puppet/latest/function.html#min) function.", "tags": [{"tag_name": "return", "text": "The lowest value among the given arguments", "types": ["Any"]}, {"tag_name": "summary", "text": "**Deprecated:** Returns the lowest value of all arguments."}]}, "source": "newfunction(:min, type: :rvalue, doc: <<-DOC\n @summary\n **Deprecated:** Returns the lowest value of all arguments.\n\n Requires at least one argument.\n\n @return\n The lowest value among the given arguments\n\n > **Note:** **Deprecated** from Puppet 6.0.0, this function has been replaced with a\n built-in [`min`](https://puppet.com/docs/puppet/latest/function.html#min) function.\n DOC\n) do |args|\n raise(Puppet::ParseError, 'min(): Wrong number of arguments need at least one') if args.empty?\n\n # Sometimes we get numbers as numerics and sometimes as strings.\n # We try to compare them as numbers when possible\n return args.min do |a, b|\n if a.to_s =~ %r{\\A^-?\\d+(.\\d+)?\\z} && b.to_s =~ %r{\\A-?\\d+(.\\d+)?\\z}\n a.to_f <=> b.to_f\n else\n a.to_s <=> b.to_s\n end\n end\nend"}, {"name": "num2bool", "file": "lib/puppet/parser/functions/num2bool.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "num2bool()", "docstring": {"text": "> *Note:* that since Puppet 5.0.0 the same can be achieved with the Puppet Type System.\nSee the new() function in Puppet for the many available type conversions.", "tags": [{"tag_name": "return", "text": "Boolean(0) # false for any zero or negative number\nBoolean(1) # true for any positive number", "types": ["Boolean"]}]}}], "docstring": {"text": "> *Note:* that since Puppet 5.0.0 the same can be achieved with the Puppet Type System.\nSee the new() function in Puppet for the many available type conversions.", "tags": [{"tag_name": "return", "text": "Boolean(0) # false for any zero or negative number\nBoolean(1) # true for any positive number", "types": ["Boolean"]}, {"tag_name": "summary", "text": "This function converts a number or a string representation of a number into a\ntrue boolean."}]}, "source": "newfunction(:num2bool, type: :rvalue, doc: <<-DOC\n @summary\n This function converts a number or a string representation of a number into a\n true boolean.\n\n > *Note:* that since Puppet 5.0.0 the same can be achieved with the Puppet Type System.\n See the new() function in Puppet for the many available type conversions.\n\n @return [Boolean]\n Boolean(0) # false for any zero or negative number\n Boolean(1) # true for any positive number\n DOC\n) do |arguments|\n raise(Puppet::ParseError, \"num2bool(): Wrong number of arguments given (#{arguments.size} for 1)\") if arguments.size != 1\n\n number = arguments[0]\n\n case number\n when Numeric\n # Yay, it's a number\n when String\n begin\n number = Float(number)\n rescue ArgumentError => ex\n raise(Puppet::ParseError, \"num2bool(): '#{number}' does not look like a number: #{ex.message}\")\n end\n else\n begin\n number = number.to_s\n rescue NoMethodError => ex\n raise(Puppet::ParseError, \"num2bool(): Unable to parse argument: #{ex.message}\")\n end\n end\n\n # Truncate Floats\n number = number.to_i\n\n # Return true for any positive number and false otherwise\n return number > 0\nend"}, {"name": "os_version_gte", "file": "lib/puppet/functions/os_version_gte.rb", "line": 11, "type": "ruby4x", "signatures": [{"signature": "os_version_gte(String[1] $os, String[1] $version)", "docstring": {"text": "> *Note:*\nOnly the major version is taken into account.", "tags": [{"tag_name": "example", "text": "if os_version_gte('Debian', '9') { }\nif os_version_gte('Ubuntu', '18.04') { }", "name": "Example usage:#"}, {"tag_name": "param", "text": "operating system", "types": ["String[1]"], "name": "os"}, {"tag_name": "param", "types": ["String[1]"], "name": "version"}, {"tag_name": "return", "text": "`true` or `false", "types": ["Boolean"]}]}}], "docstring": {"text": "> *Note:*\nOnly the major version is taken into account.", "tags": [{"tag_name": "example", "text": "if os_version_gte('Debian', '9') { }\nif os_version_gte('Ubuntu', '18.04') { }", "name": "Example usage:#"}, {"tag_name": "param", "text": "operating system", "types": ["String[1]"], "name": "os"}, {"tag_name": "param", "types": ["String[1]"], "name": "version"}, {"tag_name": "return", "text": "`true` or `false", "types": ["Boolean"]}, {"tag_name": "summary", "text": "Checks if the OS version is at least a certain version."}]}, "source": "Puppet::Functions.create_function(:os_version_gte) do\n # @param os operating system\n # @param version\n #\n # @return [Boolean] `true` or `false\n dispatch :os_version_gte do\n param 'String[1]', :os\n param 'String[1]', :version\n return_type 'Boolean'\n end\n\n def os_version_gte(os, version)\n facts = closure_scope['facts']\n (facts['operatingsystem'] == os &&\n Puppet::Util::Package.versioncmp(facts['operatingsystemmajrelease'], version) >= 0)\n end\nend"}, {"name": "parsehocon", "file": "lib/puppet/functions/parsehocon.rb", "line": 13, "type": "ruby4x", "signatures": [{"signature": "parsehocon(String $hocon_string, Optional[Any] $default)", "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "$data = parsehocon(\"{any valid hocon: string}\")", "name": "How to parse hocon"}, {"tag_name": "param", "text": "A valid HOCON string", "types": ["String"], "name": "hocon_string"}, {"tag_name": "param", "text": "An optional default to return if parsing hocon_string fails", "types": ["Optional[Any]"], "name": "default"}, {"tag_name": "return", "text": "", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "$data = parsehocon(\"{any valid hocon: string}\")", "name": "How to parse hocon"}, {"tag_name": "param", "text": "A valid HOCON string", "types": ["String"], "name": "hocon_string"}, {"tag_name": "param", "text": "An optional default to return if parsing hocon_string fails", "types": ["Optional[Any]"], "name": "default"}, {"tag_name": "return", "text": "", "types": ["Any"]}, {"tag_name": "summary", "text": "This function accepts HOCON as a string and converts it into the correct\nPuppet structure"}]}, "source": "Puppet::Functions.create_function(:parsehocon) do\n # @param hocon_string A valid HOCON string\n # @param default An optional default to return if parsing hocon_string fails\n dispatch :parsehocon do\n param 'String', :hocon_string\n optional_param 'Any', :default\n end\n\n def parsehocon(hocon_string, default = :no_default_provided)\n require 'hocon/config_factory'\n\n begin\n data = Hocon::ConfigFactory.parse_string(hocon_string)\n data.resolve.root.unwrapped\n rescue Hocon::ConfigError::ConfigParseError => err\n Puppet.debug(\"Parsing hocon failed with error: #{err.message}\")\n raise err if default == :no_default_provided\n default\n end\n end\nend"}, {"name": "parsejson", "file": "lib/puppet/parser/functions/parsejson.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "parsejson()", "docstring": {"text": "> *Note:*\n The optional second argument can be used to pass a default value that will\n be returned if the parsing of YAML string have failed.", "tags": [{"tag_name": "return", "text": "convert JSON into Puppet structure", "types": ["Any"]}]}}], "docstring": {"text": "> *Note:*\n The optional second argument can be used to pass a default value that will\n be returned if the parsing of YAML string have failed.", "tags": [{"tag_name": "return", "text": "convert JSON into Puppet structure", "types": ["Any"]}, {"tag_name": "summary", "text": "This function accepts JSON as a string and converts it into the correct\nPuppet structure."}]}, "source": "newfunction(:parsejson, type: :rvalue, doc: <<-DOC\n @summary\n This function accepts JSON as a string and converts it into the correct\n Puppet structure.\n\n @return\n convert JSON into Puppet structure\n\n > *Note:*\n The optional second argument can be used to pass a default value that will\n be returned if the parsing of YAML string have failed.\nDOC\n) do |arguments|\n raise ArgumentError, 'Wrong number of arguments. 1 or 2 arguments should be provided.' unless arguments.length >= 1\n\n begin\n PSON.load(arguments[0]) || arguments[1]\n rescue StandardError => e\n raise e unless arguments[1]\n arguments[1]\n end\nend"}, {"name": "parseyaml", "file": "lib/puppet/parser/functions/parseyaml.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "parseyaml()", "docstring": {"text": "> *Note:*\n The optional second argument can be used to pass a default value that will\n be returned if the parsing of YAML string have failed.", "tags": [{"tag_name": "return", "text": "converted YAML into Puppet structure", "types": ["Any"]}]}}], "docstring": {"text": "> *Note:*\n The optional second argument can be used to pass a default value that will\n be returned if the parsing of YAML string have failed.", "tags": [{"tag_name": "return", "text": "converted YAML into Puppet structure", "types": ["Any"]}, {"tag_name": "summary", "text": "This function accepts YAML as a string and converts it into the correct\nPuppet structure."}]}, "source": "newfunction(:parseyaml, type: :rvalue, doc: <<-DOC\n @summary\n This function accepts YAML as a string and converts it into the correct\n Puppet structure.\n\n @return\n converted YAML into Puppet structure\n\n > *Note:*\n The optional second argument can be used to pass a default value that will\n be returned if the parsing of YAML string have failed.\nDOC\n) do |arguments|\n raise ArgumentError, 'Wrong number of arguments. 1 or 2 arguments should be provided.' unless arguments.length >= 1\n require 'yaml'\n\n begin\n YAML.load(arguments[0]) || arguments[1] # rubocop:disable Security/YAMLLoad : using YAML.safe_load causes the code to break\n # in ruby 1.9.3 Psych::SyntaxError is a RuntimeException\n # this still needs to catch that and work also on rubies that\n # do not have Psych available.\n rescue StandardError, Psych::SyntaxError => e # rubocop:disable Lint/ShadowedException : See above\n raise e unless arguments[1]\n arguments[1]\n end\nend"}, {"name": "pick", "file": "lib/puppet/parser/functions/pick.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "pick()", "docstring": {"text": "Typically, this function is used to check for a value in the Puppet\nDashboard/Enterprise Console, and failover to a default value like the following:\n\n```$real_jenkins_version = pick($::jenkins_version, '1.449')```\n\n> *Note:*\n The value of $real_jenkins_version will first look for a top-scope variable\n called 'jenkins_version' (note that parameters set in the Puppet Dashboard/\n Enterprise Console are brought into Puppet as top-scope variables), and,\n failing that, will use a default value of 1.449.", "tags": [{"tag_name": "return", "text": "the first value in a list of values that is not undefined or an empty string.", "types": ["Any"]}]}}], "docstring": {"text": "Typically, this function is used to check for a value in the Puppet\nDashboard/Enterprise Console, and failover to a default value like the following:\n\n```$real_jenkins_version = pick($::jenkins_version, '1.449')```\n\n> *Note:*\n The value of $real_jenkins_version will first look for a top-scope variable\n called 'jenkins_version' (note that parameters set in the Puppet Dashboard/\n Enterprise Console are brought into Puppet as top-scope variables), and,\n failing that, will use a default value of 1.449.", "tags": [{"tag_name": "return", "text": "the first value in a list of values that is not undefined or an empty string.", "types": ["Any"]}, {"tag_name": "summary", "text": "This function is similar to a coalesce function in SQL in that it will return\nthe first value in a list of values that is not undefined or an empty string."}]}, "source": "newfunction(:pick, type: :rvalue, doc: <<-EOS\n @summary\n This function is similar to a coalesce function in SQL in that it will return\n the first value in a list of values that is not undefined or an empty string.\n\n @return\n the first value in a list of values that is not undefined or an empty string.\n\n Typically, this function is used to check for a value in the Puppet\n Dashboard/Enterprise Console, and failover to a default value like the following:\n\n ```$real_jenkins_version = pick($::jenkins_version, '1.449')```\n\n > *Note:*\n The value of $real_jenkins_version will first look for a top-scope variable\n called 'jenkins_version' (note that parameters set in the Puppet Dashboard/\n Enterprise Console are brought into Puppet as top-scope variables), and,\n failing that, will use a default value of 1.449.\nEOS\n) do |args|\n args = args.compact\n args.delete(:undef)\n args.delete(:undefined)\n args.delete('')\n raise Puppet::ParseError, 'pick(): must receive at least one non empty value' if args[0].to_s.empty?\n return args[0]\nend"}, {"name": "pick_default", "file": "lib/puppet/parser/functions/pick_default.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "pick_default()", "docstring": {"text": "Typically, this function is used to check for a value in the Puppet\nDashboard/Enterprise Console, and failover to a default value like the\nfollowing:\n\n $real_jenkins_version = pick_default($::jenkins_version, '1.449')\n\n> *Note:*\n The value of $real_jenkins_version will first look for a top-scope variable\n called 'jenkins_version' (note that parameters set in the Puppet Dashboard/\n Enterprise Console are brought into Puppet as top-scope variables), and,\n failing that, will use a default value of 1.449.\n\n Contrary to the pick() function, the pick_default does not fail if\n all arguments are empty. This allows pick_default to use an empty value as\n default.", "tags": [{"tag_name": "return", "text": "This function is similar to a coalesce function in SQL in that it will return\nthe first value in a list of values that is not undefined or an empty string\nIf no value is found, it will return the last argument.", "types": ["Any"]}]}}], "docstring": {"text": "Typically, this function is used to check for a value in the Puppet\nDashboard/Enterprise Console, and failover to a default value like the\nfollowing:\n\n $real_jenkins_version = pick_default($::jenkins_version, '1.449')\n\n> *Note:*\n The value of $real_jenkins_version will first look for a top-scope variable\n called 'jenkins_version' (note that parameters set in the Puppet Dashboard/\n Enterprise Console are brought into Puppet as top-scope variables), and,\n failing that, will use a default value of 1.449.\n\n Contrary to the pick() function, the pick_default does not fail if\n all arguments are empty. This allows pick_default to use an empty value as\n default.", "tags": [{"tag_name": "return", "text": "This function is similar to a coalesce function in SQL in that it will return\nthe first value in a list of values that is not undefined or an empty string\nIf no value is found, it will return the last argument.", "types": ["Any"]}, {"tag_name": "summary", "text": "This function will return the first value in a list of values that is not undefined or an empty string."}]}, "source": "newfunction(:pick_default, type: :rvalue, doc: <<-DOC\n @summary\n This function will return the first value in a list of values that is not undefined or an empty string.\n\n @return\n This function is similar to a coalesce function in SQL in that it will return\n the first value in a list of values that is not undefined or an empty string\n If no value is found, it will return the last argument.\n\n Typically, this function is used to check for a value in the Puppet\n Dashboard/Enterprise Console, and failover to a default value like the\n following:\n\n $real_jenkins_version = pick_default($::jenkins_version, '1.449')\n\n > *Note:*\n The value of $real_jenkins_version will first look for a top-scope variable\n called 'jenkins_version' (note that parameters set in the Puppet Dashboard/\n Enterprise Console are brought into Puppet as top-scope variables), and,\n failing that, will use a default value of 1.449.\n\n Contrary to the pick() function, the pick_default does not fail if\n all arguments are empty. This allows pick_default to use an empty value as\n default.\n DOC\n) do |args|\n raise 'Must receive at least one argument.' if args.empty?\n default = args.last\n args = args[0..-2].compact\n args.delete(:undef)\n args.delete(:undefined)\n args.delete('')\n args << default\n return args[0]\nend"}, {"name": "prefix", "file": "lib/puppet/parser/functions/prefix.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "prefix()", "docstring": {"text": "> *Note:* since Puppet 4.0.0 the general way to modify values is in array is by using the map\nfunction in Puppet. This example does the same as the example above:\n['a', 'b', 'c'].map |$x| { \"p${x}\" }", "tags": [{"tag_name": "example", "text": "\nprefix(['a','b','c'], 'p')\nWill return: ['pa','pb','pc']", "name": "**Usage**"}, {"tag_name": "return", "text": "or [Array] The passed values now contains the passed prefix", "types": ["Hash"]}]}}], "docstring": {"text": "> *Note:* since Puppet 4.0.0 the general way to modify values is in array is by using the map\nfunction in Puppet. This example does the same as the example above:\n['a', 'b', 'c'].map |$x| { \"p${x}\" }", "tags": [{"tag_name": "example", "text": "\nprefix(['a','b','c'], 'p')\nWill return: ['pa','pb','pc']", "name": "**Usage**"}, {"tag_name": "return", "text": "or [Array] The passed values now contains the passed prefix", "types": ["Hash"]}, {"tag_name": "summary", "text": "This function applies a prefix to all elements in an array or a hash."}]}, "source": "newfunction(:prefix, type: :rvalue, doc: <<-DOC\n @summary\n This function applies a prefix to all elements in an array or a hash.\n\n @example **Usage**\n\n prefix(['a','b','c'], 'p')\n Will return: ['pa','pb','pc']\n\n > *Note:* since Puppet 4.0.0 the general way to modify values is in array is by using the map\n function in Puppet. This example does the same as the example above:\n ['a', 'b', 'c'].map |$x| { \"p${x}\" }\n\n @return [Hash] or [Array] The passed values now contains the passed prefix\n DOC\n) do |arguments|\n # Technically we support two arguments but only first is mandatory ...\n raise(Puppet::ParseError, \"prefix(): Wrong number of arguments given (#{arguments.size} for 1)\") if arguments.empty?\n\n enumerable = arguments[0]\n\n unless enumerable.is_a?(Array) || enumerable.is_a?(Hash)\n raise Puppet::ParseError, \"prefix(): expected first argument to be an Array or a Hash, got #{enumerable.inspect}\"\n end\n\n prefix = arguments[1] if arguments[1]\n\n if prefix\n unless prefix.is_a?(String)\n raise Puppet::ParseError, \"prefix(): expected second argument to be a String, got #{prefix.inspect}\"\n end\n end\n\n result = if enumerable.is_a?(Array)\n # Turn everything into string same as join would do ...\n enumerable.map do |i|\n i = i.to_s\n prefix ? prefix + i : i\n end\n else\n Hash[enumerable.map do |k, v|\n k = k.to_s\n [prefix ? prefix + k : k, v]\n end]\n end\n\n return result\nend"}, {"name": "private", "file": "lib/puppet/parser/functions/private.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "private()", "docstring": {"text": "", "tags": [{"tag_name": "return", "text": "Sets the current class or definition as private", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "return", "text": "Sets the current class or definition as private", "types": ["Any"]}, {"tag_name": "summary", "text": "**Deprecated:** Sets the current class or definition as private.\nCalling the class or definition from outside the current module will fail."}]}, "source": "newfunction(:private, doc: <<-'DOC'\n @summary\n **Deprecated:** Sets the current class or definition as private.\n Calling the class or definition from outside the current module will fail.\n\n @return\n Sets the current class or definition as private\nDOC\n) do |args|\n warning(\"private() DEPRECATED: This function will cease to function on Puppet 4; please use assert_private() before upgrading to puppet 4 for backwards-compatibility, or migrate to the new parser's typing system.\") # rubocop:disable Layout/LineLength : Cannot shorten this line\n unless Puppet::Parser::Functions.autoloader.loaded?(:assert_private)\n Puppet::Parser::Functions.autoloader.load(:assert_private)\n end\n function_assert_private([(args[0] unless args.empty?)])\nend"}, {"name": "pry", "file": "lib/puppet/parser/functions/pry.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "pry()", "docstring": {"text": "This is useful for debugging manifest code at specific points during a compilation.", "tags": [{"tag_name": "example", "text": "\n`pry()`", "name": "**Usage**"}, {"tag_name": "return", "text": "debugging information", "types": ["Any"]}]}}], "docstring": {"text": "This is useful for debugging manifest code at specific points during a compilation.", "tags": [{"tag_name": "example", "text": "\n`pry()`", "name": "**Usage**"}, {"tag_name": "return", "text": "debugging information", "types": ["Any"]}, {"tag_name": "summary", "text": "This function invokes a pry debugging session in the current scope object."}]}, "source": "newfunction(:pry, type: :statement, doc: <<-DOC\n @summary\n This function invokes a pry debugging session in the current scope object.\n This is useful for debugging manifest code at specific points during a compilation.\n\n @return\n debugging information\n\n @example **Usage**\n\n `pry()`\n\n DOC\n) do |arguments|\n begin\n require 'pry'\n rescue LoadError\n raise(Puppet::Error, \"pry(): Requires the 'pry' rubygem to use, but it was not found\")\n end\n #\n ## Run `catalog` to see the contents currently compiling catalog\n ## Run `cd catalog` and `ls` to see catalog methods and instance variables\n ## Run `@resource_table` to see the current catalog resource table\n #\n if $stdout.isatty\n binding.pry # rubocop:disable Lint/Debugger\n else\n Puppet.warning 'pry(): cowardly refusing to start the debugger on a daemonized server'\n end\nend"}, {"name": "pw_hash", "file": "lib/puppet/parser/functions/pw_hash.rb", "line": 6, "type": "ruby3x", "signatures": [{"signature": "pw_hash()", "docstring": {"text": "Please note: This function is an implementation of a Ruby class and as such may not be entirely UTF8 compatible.\n To ensure compatibility please use this function with Ruby 2.4.0 or greater - https://bugs.ruby-lang.org/issues/10085.", "tags": [{"tag_name": "return", "text": "", "types": ["Any"]}]}}], "docstring": {"text": "Please note: This function is an implementation of a Ruby class and as such may not be entirely UTF8 compatible.\n To ensure compatibility please use this function with Ruby 2.4.0 or greater - https://bugs.ruby-lang.org/issues/10085.", "tags": [{"tag_name": "return", "text": "", "types": ["Any"]}]}, "source": "Puppet::Parser::Functions.newfunction(\n :pw_hash,\n type: :rvalue,\n arity: 3,\n doc: <<-DOC,\n @summary\n Hashes a password using the crypt function. Provides a hash usable\n on most POSIX systems.\n\n The first argument to this function is the password to hash. If it is\n undef or an empty string, this function returns undef.\n\n The second argument to this function is which hash algorithm to use. It\n will be converted into the appropriate crypt(3) hash specifier. Valid\n hash types are:\n\n |Hash type|Prefix|Note |\n |---------|------|---------------------|\n |MD5 |1 | |\n |SHA-256 |5 | |\n |SHA-512 |6 |Recommended |\n |bcrypt |2b | |\n |bcrypt-a |2a |bug compatible |\n |bcrypt-x |2x |bug compatible |\n |bcrypt-y |2y |historic alias for 2b|\n\n The third argument to this function is the salt to use.\n\n @return [String]\n Provides a crypt hash usable on most POSIX systems.\n\n > *Note:*: this uses the Puppet Server's implementation of crypt(3). If your\n environment contains several different operating systems, ensure that they\n are compatible before using this function.\n DOC\n) do |args|\n raise ArgumentError, \"pw_hash(): wrong number of arguments (#{args.size} for 3)\" if args.size != 3\n args.map! do |arg|\n if (defined? Puppet::Pops::Types::PSensitiveType::Sensitive) && (arg.is_a? Puppet::Pops::Types::PSensitiveType::Sensitive)\n arg.unwrap\n else\n arg\n end\n end\n\n hashes = {\n 'md5' => { prefix: '1' },\n 'sha-256' => { prefix: '5' },\n 'sha-512' => { prefix: '6' },\n 'bcrypt' => { prefix: '2b', salt: %r{^[0-9]{2}\\$[./A-Za-z0-9]{22}} },\n 'bcrypt-a' => { prefix: '2a', salt: %r{^[0-9]{2}\\$[./A-Za-z0-9]{22}} },\n 'bcrypt-x' => { prefix: '2x', salt: %r{^[0-9]{2}\\$[./A-Za-z0-9]{22}} },\n 'bcrypt-y' => { prefix: '2y', salt: %r{^[0-9]{2}\\$[./A-Za-z0-9]{22}} },\n }\n\n raise ArgumentError, 'pw_hash(): first argument must be a string' unless args[0].is_a?(String) || args[0].nil?\n raise ArgumentError, 'pw_hash(): second argument must be a string' unless args[1].is_a? String\n hash_type = hashes[args[1].downcase]\n raise ArgumentError, \"pw_hash(): #{args[1]} is not a valid hash type\" if hash_type.nil?\n raise ArgumentError, 'pw_hash(): third argument must be a string' unless args[2].is_a? String\n raise ArgumentError, 'pw_hash(): third argument must not be empty' if args[2].empty?\n salt_doc = hash_type.include?(:salt) ? \"match #{hash_type[:salt]}\" : 'be in the set [a-zA-Z0-9./]'\n salt_regex = hash_type.fetch(:salt, %r{\\A[a-zA-Z0-9./]+\\z})\n raise ArgumentError, \"pw_hash(): characters in salt must #{salt_doc}\" unless salt_regex.match?(args[2])\n\n password = args[0]\n return nil if password.nil? || password.empty?\n\n salt = \"$#{hash_type[:prefix]}$#{args[2]}\"\n\n # handle weak implementations of String#crypt\n # dup the string to get rid of frozen status for testing\n if ('test'.dup).crypt('$1$1') != '$1$1$Bp8CU9Oujr9SSEw53WV6G.'\n # JRuby < 1.7.17\n # MS Windows and other systems that don't support enhanced salts\n raise Puppet::ParseError, 'system does not support enhanced salts' unless RUBY_PLATFORM == 'java'\n # puppetserver bundles Apache Commons Codec\n org.apache.commons.codec.digest.Crypt.crypt(password.to_java_bytes, salt)\n else\n password.crypt(salt)\n end\nend"}, {"name": "range", "file": "lib/puppet/parser/functions/range.rb", "line": 8, "type": "ruby3x", "signatures": [{"signature": "range()", "docstring": {"text": "NB Be explicit in including trailing zeros. Otherwise the underlying ruby function will fail.\n\n> *Note:*\n Passing a third argument will cause the generated range to step by that\n interval, e.g.\n\nThe Puppet Language support Integer and Float ranges by using the type system. Those are suitable for\niterating a given number of times.\n\n Integer[0, 9].each |$x| { notice($x) } # notices 0, 1, 2, ... 9", "tags": [{"tag_name": "example", "text": "range(\"0\", \"9\")\nWill return: [0,1,2,3,4,5,6,7,8,9]\n\nrange(\"00\", \"09\")\nWill return: [0,1,2,3,4,5,6,7,8,9]\n(Zero padded strings are converted to integers automatically)\n\nrange(\"a\", \"c\")\nWill return: [\"a\",\"b\",\"c\"]\n\nrange(\"host01\", \"host10\")\nWill return: [\"host01\", \"host02\", ..., \"host09\", \"host10\"]\n\nrange(\"0\", \"9\", \"2\")\nWill return: [0,2,4,6,8]", "name": "**Usage**"}, {"tag_name": "return", "text": "the range is extrapolated as an array", "types": ["Any"]}]}}], "docstring": {"text": "NB Be explicit in including trailing zeros. Otherwise the underlying ruby function will fail.\n\n> *Note:*\n Passing a third argument will cause the generated range to step by that\n interval, e.g.\n\nThe Puppet Language support Integer and Float ranges by using the type system. Those are suitable for\niterating a given number of times.\n\n Integer[0, 9].each |$x| { notice($x) } # notices 0, 1, 2, ... 9", "tags": [{"tag_name": "example", "text": "range(\"0\", \"9\")\nWill return: [0,1,2,3,4,5,6,7,8,9]\n\nrange(\"00\", \"09\")\nWill return: [0,1,2,3,4,5,6,7,8,9]\n(Zero padded strings are converted to integers automatically)\n\nrange(\"a\", \"c\")\nWill return: [\"a\",\"b\",\"c\"]\n\nrange(\"host01\", \"host10\")\nWill return: [\"host01\", \"host02\", ..., \"host09\", \"host10\"]\n\nrange(\"0\", \"9\", \"2\")\nWill return: [0,2,4,6,8]", "name": "**Usage**"}, {"tag_name": "return", "text": "the range is extrapolated as an array", "types": ["Any"]}, {"tag_name": "see", "text": "step() function in Puppet for skipping values.", "name": "the"}, {"tag_name": "summary", "text": "When given range in the form of (start, stop) it will extrapolate a range as\nan array."}]}, "source": "newfunction(:range, type: :rvalue, doc: <<-DOC\n @summary\n When given range in the form of (start, stop) it will extrapolate a range as\n an array.\n\n @return\n the range is extrapolated as an array\n\n @example **Usage**\n range(\"0\", \"9\")\n Will return: [0,1,2,3,4,5,6,7,8,9]\n\n range(\"00\", \"09\")\n Will return: [0,1,2,3,4,5,6,7,8,9]\n (Zero padded strings are converted to integers automatically)\n\n range(\"a\", \"c\")\n Will return: [\"a\",\"b\",\"c\"]\n\n range(\"host01\", \"host10\")\n Will return: [\"host01\", \"host02\", ..., \"host09\", \"host10\"]\n\n range(\"0\", \"9\", \"2\")\n Will return: [0,2,4,6,8]\n\n NB Be explicit in including trailing zeros. Otherwise the underlying ruby function will fail.\n\n > *Note:*\n Passing a third argument will cause the generated range to step by that\n interval, e.g.\n\n The Puppet Language support Integer and Float ranges by using the type system. Those are suitable for\n iterating a given number of times.\n\n @see\n the step() function in Puppet for skipping values.\n\n Integer[0, 9].each |$x| { notice($x) } # notices 0, 1, 2, ... 9\n DOC\n) do |arguments|\n raise(Puppet::ParseError, 'range(): Wrong number of arguments given (0 for 1)') if arguments.empty?\n\n if arguments.size > 1\n start = arguments[0]\n stop = arguments[1]\n step = arguments[2].nil? ? 1 : arguments[2].to_i.abs\n\n raise(ArgumentError, 'range(): 3rd arg (step size) must be a non zero integer (e.g. 1 or -1)') if step.zero?\n\n type = '..' # Use the simplest type of Range available in Ruby\n\n else # arguments.size == 1\n value = arguments[0]\n\n m = value.match(%r{^(\\w+)(\\.\\.\\.?|\\-)(\\w+)$})\n if m\n start = m[1]\n stop = m[3]\n\n type = m[2]\n step = 1\n elsif %r{^.+$}.match?(value)\n raise(Puppet::ParseError, \"range(): Unable to compute range from the value: #{value}\")\n else\n raise(Puppet::ParseError, \"range(): Unknown range format: #{value}\")\n end\n end\n\n # If we were given an integer, ensure we work with one\n if %r{^\\d+$}.match?(start.to_s)\n start = start.to_i\n stop = stop.to_i\n else\n start = start.to_s\n stop = stop.to_s\n end\n\n range = case type\n when %r{^(..|-)$} then (start..stop)\n when '...' then (start...stop) # Exclusive of last element\n end\n\n result = range.step(step).first(1_000_000).to_a\n\n return result\nend"}, {"name": "regexpescape", "file": "lib/puppet/parser/functions/regexpescape.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "regexpescape()", "docstring": {"text": "", "tags": [{"tag_name": "return", "text": "A string of characters with metacharacters converted to their escaped form.", "types": ["String"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "return", "text": "A string of characters with metacharacters converted to their escaped form.", "types": ["String"]}, {"tag_name": "summary", "text": "Regexp escape a string or array of strings.\nRequires either a single string or an array as an input."}]}, "source": "newfunction(:regexpescape, type: :rvalue, doc: <<-DOC\n @summary\n Regexp escape a string or array of strings.\n Requires either a single string or an array as an input.\n @return [String]\n A string of characters with metacharacters converted to their escaped form.\n DOC\n) do |arguments|\n raise(Puppet::ParseError, \"regexpescape(): Wrong number of arguments given (#{arguments.size} for 1)\") if arguments.empty?\n\n value = arguments[0]\n\n unless value.is_a?(Array) || value.is_a?(String)\n raise(Puppet::ParseError, 'regexpescape(): Requires either array or string to work with')\n end\n\n result = if value.is_a?(Array)\n # Numbers in Puppet are often string-encoded which is troublesome ...\n value.map { |i| i.is_a?(String) ? Regexp.escape(i) : i }\n else\n Regexp.escape(value)\n end\n\n return result\nend"}, {"name": "reject", "file": "lib/puppet/parser/functions/reject.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "reject()", "docstring": {"text": "> *Note:*\nSince Puppet 4.0.0 the same is in general done with the filter function. Here is the equivalence of the reject() function:\n['aaa','bbb','ccc','aaaddd'].filter |$x| { $x !~", "tags": [{"tag_name": "example", "text": "\nreject(['aaa','bbb','ccc','aaaddd'], 'aaa')\n\nWould return: ['bbb','ccc']", "name": "**Usage**"}, {"tag_name": "return", "text": "an array containing all the elements which doesn'' match the provided regular expression", "types": ["Any"]}]}}], "docstring": {"text": "> *Note:*\nSince Puppet 4.0.0 the same is in general done with the filter function. Here is the equivalence of the reject() function:\n['aaa','bbb','ccc','aaaddd'].filter |$x| { $x !~", "tags": [{"tag_name": "example", "text": "\nreject(['aaa','bbb','ccc','aaaddd'], 'aaa')\n\nWould return: ['bbb','ccc']", "name": "**Usage**"}, {"tag_name": "return", "text": "an array containing all the elements which doesn'' match the provided regular expression", "types": ["Any"]}, {"tag_name": "summary", "text": "This function searches through an array and rejects all elements that match\nthe provided regular expression."}]}, "source": "newfunction(:reject, type: :rvalue, doc: <<-DOC) do |args|\n @summary\n This function searches through an array and rejects all elements that match\n the provided regular expression.\n\n @return\n an array containing all the elements which doesn'' match the provided regular expression\n\n @example **Usage**\n\n reject(['aaa','bbb','ccc','aaaddd'], 'aaa')\n\n Would return: ['bbb','ccc']\n\n > *Note:*\n Since Puppet 4.0.0 the same is in general done with the filter function. Here is the equivalence of the reject() function:\n ['aaa','bbb','ccc','aaaddd'].filter |$x| { $x !~ /aaa/ }\nDOC\n\n if args.size != 2\n raise Puppet::ParseError,\n \"reject(): Wrong number of arguments given #{args.size} for 2\"\n end\n\n ary = args[0]\n pattern = Regexp.new(args[1])\n\n ary.reject { |e| e =~ pattern }\nend"}, {"name": "reverse", "file": "lib/puppet/parser/functions/reverse.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "reverse()", "docstring": {"text": "> *Note:* that the same can be done with the reverse_each() function in Puppet.", "tags": [{"tag_name": "return", "text": "reversed string or array", "types": ["Any"]}]}}], "docstring": {"text": "> *Note:* that the same can be done with the reverse_each() function in Puppet.", "tags": [{"tag_name": "return", "text": "reversed string or array", "types": ["Any"]}, {"tag_name": "summary", "text": "Reverses the order of a string or array."}]}, "source": "newfunction(:reverse, type: :rvalue, doc: <<-DOC\n @summary\n Reverses the order of a string or array.\n\n @return\n reversed string or array\n\n > *Note:* that the same can be done with the reverse_each() function in Puppet.\n DOC\n) do |arguments|\n raise(Puppet::ParseError, \"reverse(): Wrong number of arguments given (#{arguments.size} for 1)\") if arguments.empty?\n\n value = arguments[0]\n\n unless value.is_a?(Array) || value.is_a?(String)\n raise(Puppet::ParseError, 'reverse(): Requires either array or string to work with')\n end\n\n result = value.reverse\n\n return result\nend"}, {"name": "round", "file": "lib/puppet/parser/functions/round.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "round()", "docstring": {"text": "```round(2.9)``` returns ```3```\n\n```round(2.4)``` returns ```2```\n\n> *Note:* from Puppet 6.0.0, the compatible function with the same name in Puppet core\n will be used instead of this function.", "tags": [{"tag_name": "return", "text": "the rounded value as integer", "types": ["Any"]}]}}], "docstring": {"text": "```round(2.9)``` returns ```3```\n\n```round(2.4)``` returns ```2```\n\n> *Note:* from Puppet 6.0.0, the compatible function with the same name in Puppet core\n will be used instead of this function.", "tags": [{"tag_name": "return", "text": "the rounded value as integer", "types": ["Any"]}, {"tag_name": "summary", "text": "Rounds a number to the nearest integer"}]}, "source": "newfunction(:round, type: :rvalue, doc: <<-DOC\n @summary\n Rounds a number to the nearest integer\n\n @return\n the rounded value as integer\n\n @example\n\n ```round(2.9)``` returns ```3```\n\n ```round(2.4)``` returns ```2```\n\n > *Note:* from Puppet 6.0.0, the compatible function with the same name in Puppet core\n will be used instead of this function.\nDOC\n) do |args|\n raise Puppet::ParseError, \"round(): Wrong number of arguments given #{args.size} for 1\" if args.size != 1\n raise Puppet::ParseError, \"round(): Expected a Numeric, got #{args[0].class}\" unless args[0].is_a? Numeric\n\n value = args[0]\n\n if value >= 0\n Integer(value + 0.5)\n else\n Integer(value - 0.5)\n end\nend"}, {"name": "rstrip", "file": "lib/puppet/parser/functions/rstrip.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "rstrip()", "docstring": {"text": "> *Note:* from Puppet 6.0.0, the compatible function with the same name in Puppet core\nwill be used instead of this function.", "tags": [{"tag_name": "return", "text": "the string with leading spaces removed", "types": ["Any"]}]}}], "docstring": {"text": "> *Note:* from Puppet 6.0.0, the compatible function with the same name in Puppet core\nwill be used instead of this function.", "tags": [{"tag_name": "return", "text": "the string with leading spaces removed", "types": ["Any"]}, {"tag_name": "summary", "text": "Strips leading spaces to the right of the string."}]}, "source": "newfunction(:rstrip, type: :rvalue, doc: <<-DOC\n @summary\n Strips leading spaces to the right of the string.\n\n @return\n the string with leading spaces removed\n\n > *Note:* from Puppet 6.0.0, the compatible function with the same name in Puppet core\n will be used instead of this function.\n DOC\n) do |arguments|\n raise(Puppet::ParseError, \"rstrip(): Wrong number of arguments given (#{arguments.size} for 1)\") if arguments.empty?\n\n value = arguments[0]\n\n unless value.is_a?(Array) || value.is_a?(String)\n raise(Puppet::ParseError, 'rstrip(): Requires either array or string to work with')\n end\n\n result = if value.is_a?(Array)\n value.map { |i| i.is_a?(String) ? i.rstrip : i }\n else\n value.rstrip\n end\n\n return result\nend"}, {"name": "seeded_rand", "file": "lib/puppet/parser/functions/seeded_rand.rb", "line": 6, "type": "ruby3x", "signatures": [{"signature": "seeded_rand()", "docstring": {"text": "seeded_rand.rb", "tags": [{"tag_name": "return", "text": "", "types": ["Any"]}]}}], "docstring": {"text": "seeded_rand.rb", "tags": [{"tag_name": "return", "text": "", "types": ["Any"]}]}, "source": "Puppet::Parser::Functions.newfunction(\n :seeded_rand,\n arity: 2,\n type: :rvalue,\n doc: <<-DOC,\n @summary\n Generates a random whole number greater than or equal to 0 and less than MAX, using the value of SEED for repeatable randomness.\n\n @return\n random number greater than or equal to 0 and less than MAX\n\n @example **Usage:**\n seeded_rand(MAX, SEED).\n MAX must be a positive integer; SEED is any string.\n\n Generates a random whole number greater than or equal to 0 and less\n than MAX, using the value of SEED for repeatable randomness. If SEED\n starts with \"$fqdn:\", this is behaves the same as `fqdn_rand`.\nDOC\n) do |args|\n require 'digest/md5'\n\n raise(ArgumentError, 'seeded_rand(): first argument must be a positive integer') unless function_is_integer([args[0]]) && args[0].to_i > 0\n raise(ArgumentError, 'seeded_rand(): second argument must be a string') unless args[1].is_a? String\n\n max = args[0].to_i\n seed = Digest::MD5.hexdigest(args[1]).hex\n Puppet::Util.deterministic_rand_int(seed, max)\nend"}, {"name": "seeded_rand_string", "file": "lib/puppet/functions/seeded_rand_string.rb", "line": 11, "type": "ruby4x", "signatures": [{"signature": "seeded_rand_string(Integer[1] $length, String $seed, Optional[String[2]] $charset)", "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "seeded_rand_string(8, \"${module_name}::redis_password\")", "name": "Generate a consistently random string of length 8 with a seed:"}, {"tag_name": "example", "text": "seeded_rand_string(5, '', 'abcdef')", "name": "Generate a random string from a specific set of characters:"}, {"tag_name": "param", "text": "Length of string to be generated.", "types": ["Integer[1]"], "name": "length"}, {"tag_name": "param", "text": "Seed string.", "types": ["String"], "name": "seed"}, {"tag_name": "param", "text": "String that contains characters to use for the random string.", "types": ["Optional[String[2]]"], "name": "charset"}, {"tag_name": "return", "text": "Random string.", "types": ["String"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "seeded_rand_string(8, \"${module_name}::redis_password\")", "name": "Generate a consistently random string of length 8 with a seed:"}, {"tag_name": "example", "text": "seeded_rand_string(5, '', 'abcdef')", "name": "Generate a random string from a specific set of characters:"}, {"tag_name": "param", "text": "Length of string to be generated.", "types": ["Integer[1]"], "name": "length"}, {"tag_name": "param", "text": "Seed string.", "types": ["String"], "name": "seed"}, {"tag_name": "param", "text": "String that contains characters to use for the random string.", "types": ["Optional[String[2]]"], "name": "charset"}, {"tag_name": "return", "text": "Random string.", "types": ["String"]}, {"tag_name": "summary", "text": "Generates a consistent random string of specific length based on provided seed."}]}, "source": "Puppet::Functions.create_function(:seeded_rand_string) do\n # @param length Length of string to be generated.\n # @param seed Seed string.\n # @param charset String that contains characters to use for the random string.\n #\n # @return [String] Random string.\n dispatch :rand_string do\n param 'Integer[1]', :length\n param 'String', :seed\n optional_param 'String[2]', :charset\n end\n\n def rand_string(length, seed, charset = nil)\n require 'digest/sha2'\n\n charset ||= '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'\n\n random_generator = Random.new(Digest::SHA256.hexdigest(seed).to_i(16))\n\n Array.new(length) { charset[random_generator.rand(charset.size)] }.join\n end\nend"}, {"name": "shell_escape", "file": "lib/puppet/parser/functions/shell_escape.rb", "line": 8, "type": "ruby3x", "signatures": [{"signature": "shell_escape()", "docstring": {"text": ">* Note:* that the resulting string should be used unquoted and is not intended for use in double quotes nor in single\nquotes.\n\nThis function behaves the same as ruby's Shellwords.shellescape() function.", "tags": [{"tag_name": "return", "text": "A string of characters with metacharacters converted to their escaped form.", "types": ["Any"]}]}}], "docstring": {"text": ">* Note:* that the resulting string should be used unquoted and is not intended for use in double quotes nor in single\nquotes.\n\nThis function behaves the same as ruby's Shellwords.shellescape() function.", "tags": [{"tag_name": "return", "text": "A string of characters with metacharacters converted to their escaped form.", "types": ["Any"]}, {"tag_name": "summary", "text": "Escapes a string so that it can be safely used in a Bourne shell command line."}]}, "source": "newfunction(:shell_escape, type: :rvalue, doc: <<-DOC\n @summary\n Escapes a string so that it can be safely used in a Bourne shell command line.\n\n @return\n A string of characters with metacharacters converted to their escaped form.\n\n >* Note:* that the resulting string should be used unquoted and is not intended for use in double quotes nor in single\n quotes.\n\n This function behaves the same as ruby's Shellwords.shellescape() function.\nDOC\n) do |arguments|\n raise(Puppet::ParseError, \"shell_escape(): Wrong number of arguments given (#{arguments.size} for 1)\") if arguments.size != 1\n\n # explicit conversion to string is required for ruby 1.9\n string = arguments[0].to_s\n\n result = Shellwords.shellescape(string)\n\n return result\nend"}, {"name": "shell_join", "file": "lib/puppet/parser/functions/shell_join.rb", "line": 8, "type": "ruby3x", "signatures": [{"signature": "shell_join()", "docstring": {"text": "Builds a command line string from the given array of strings.\nEach array item is escaped for Bourne shell. All items are then joined together, with a single space in between.\nThis function behaves the same as ruby's Shellwords.shelljoin() function", "tags": [{"tag_name": "return", "text": "a command line string", "types": ["Any"]}]}}], "docstring": {"text": "Builds a command line string from the given array of strings.\nEach array item is escaped for Bourne shell. All items are then joined together, with a single space in between.\nThis function behaves the same as ruby's Shellwords.shelljoin() function", "tags": [{"tag_name": "return", "text": "a command line string", "types": ["Any"]}, {"tag_name": "summary", "text": ""}]}, "source": "newfunction(:shell_join, type: :rvalue, doc: <<-DOC\n @summary\n Builds a command line string from the given array of strings.\n Each array item is escaped for Bourne shell. All items are then joined together, with a single space in between.\n This function behaves the same as ruby's Shellwords.shelljoin() function\n\n @return\n a command line string\nDOC\n) do |arguments|\n raise(Puppet::ParseError, \"shell_join(): Wrong number of arguments given (#{arguments.size} for 1)\") if arguments.size != 1\n\n array = arguments[0]\n\n raise Puppet::ParseError, \"First argument is not an Array: #{array.inspect}\" unless array.is_a?(Array)\n\n # explicit conversion to string is required for ruby 1.9\n array = array.map { |item| item.to_s }\n result = Shellwords.shelljoin(array)\n\n return result\nend"}, {"name": "shell_split", "file": "lib/puppet/parser/functions/shell_split.rb", "line": 8, "type": "ruby3x", "signatures": [{"signature": "shell_split()", "docstring": {"text": "This function behaves the same as ruby's Shellwords.shellsplit() function", "tags": [{"tag_name": "return", "text": "array of tokens", "types": ["Any"]}]}}], "docstring": {"text": "This function behaves the same as ruby's Shellwords.shellsplit() function", "tags": [{"tag_name": "return", "text": "array of tokens", "types": ["Any"]}, {"tag_name": "summary", "text": "Splits a string into an array of tokens in the same way the Bourne shell does."}]}, "source": "newfunction(:shell_split, type: :rvalue, doc: <<-DOC\n @summary\n Splits a string into an array of tokens in the same way the Bourne shell does.\n\n @return\n array of tokens\n\n This function behaves the same as ruby's Shellwords.shellsplit() function\nDOC\n) do |arguments|\n raise(Puppet::ParseError, \"shell_split(): Wrong number of arguments given (#{arguments.size} for 1)\") if arguments.size != 1\n\n string = arguments[0].to_s\n\n result = Shellwords.shellsplit(string)\n\n return result\nend"}, {"name": "shuffle", "file": "lib/puppet/parser/functions/shuffle.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "shuffle()", "docstring": {"text": "@summary\n Randomizes the order of a string or array elements.", "tags": [{"tag_name": "return", "text": "randomized string or array", "types": ["Any"]}]}}], "docstring": {"text": "@summary\n Randomizes the order of a string or array elements.", "tags": [{"tag_name": "return", "text": "randomized string or array", "types": ["Any"]}]}, "source": "newfunction(:shuffle, type: :rvalue, doc: <<-DOC\n@summary\n Randomizes the order of a string or array elements.\n\n @return\n randomized string or array\nDOC\n) do |arguments|\n raise(Puppet::ParseError, \"shuffle(): Wrong number of arguments given (#{arguments.size} for 1)\") if arguments.empty?\n\n value = arguments[0]\n\n unless value.is_a?(Array) || value.is_a?(String)\n raise(Puppet::ParseError, 'shuffle(): Requires either array or string to work with')\n end\n\n result = value.clone\n\n string = value.is_a?(String) ? true : false\n\n # Check whether it makes sense to shuffle ...\n return result if result.size <= 1\n\n # We turn any string value into an array to be able to shuffle ...\n result = string ? result.split('') : result\n\n elements = result.size\n\n # Simple implementation of Fisher\u2013Yates in-place shuffle ...\n elements.times do |i|\n j = rand(elements - i) + i\n result[j], result[i] = result[i], result[j]\n end\n\n result = string ? result.join : result\n\n return result\nend"}, {"name": "size", "file": "lib/puppet/parser/functions/size.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "size()", "docstring": {"text": "> *Note:* that since Puppet 5.4.0, the length() function in Puppet is preferred over this. For versions\nof Puppet < 5.4.0 use the stdlib length() function.", "tags": [{"tag_name": "return", "text": "the number of elements in a string, an array or a hash", "types": ["Any"]}]}}], "docstring": {"text": "> *Note:* that since Puppet 5.4.0, the length() function in Puppet is preferred over this. For versions\nof Puppet < 5.4.0 use the stdlib length() function.", "tags": [{"tag_name": "return", "text": "the number of elements in a string, an array or a hash", "types": ["Any"]}, {"tag_name": "summary", "text": "Returns the number of elements in a string, an array or a hash"}]}, "source": "newfunction(:size, type: :rvalue, doc: <<-DOC\n @summary\n Returns the number of elements in a string, an array or a hash\n\n @return\n the number of elements in a string, an array or a hash\n\n > *Note:* that since Puppet 5.4.0, the length() function in Puppet is preferred over this. For versions\n of Puppet < 5.4.0 use the stdlib length() function.\nDOC\n) do |arguments|\n raise(Puppet::ParseError, \"size(): Wrong number of arguments given (#{arguments.size} for 1)\") if arguments.empty?\n\n item = arguments[0]\n\n function_deprecation([:size, 'This method is going to be deprecated, please use the stdlib length function.'])\n\n if item.is_a?(String)\n\n begin\n #\n # Check whether your item is a numeric value or not ...\n # This will take care about positive and/or negative numbers\n # for both integer and floating-point values ...\n #\n # Please note that Puppet has no notion of hexadecimal\n # nor octal numbers for its DSL at this point in time ...\n #\n Float(item)\n\n raise(Puppet::ParseError, 'size(): Requires either string, array or hash to work with')\n rescue ArgumentError\n result = item.size\n end\n\n elsif item.is_a?(Array) || item.is_a?(Hash)\n result = item.size\n else\n raise(Puppet::ParseError, 'size(): Unknown type given')\n end\n\n return result\nend"}, {"name": "sort", "file": "lib/puppet/parser/functions/sort.rb", "line": 8, "type": "ruby3x", "signatures": [{"signature": "sort()", "docstring": {"text": "Note that from Puppet 6.0.0 the same function in Puppet will be used instead of this.", "tags": [{"tag_name": "return", "text": "sorted string or array", "types": ["Any"]}]}}], "docstring": {"text": "Note that from Puppet 6.0.0 the same function in Puppet will be used instead of this.", "tags": [{"tag_name": "return", "text": "sorted string or array", "types": ["Any"]}, {"tag_name": "summary", "text": "Sorts strings and arrays lexically."}]}, "source": "newfunction(:sort, type: :rvalue, doc: <<-DOC\n @summary\n Sorts strings and arrays lexically.\n\n @return\n sorted string or array\n\n Note that from Puppet 6.0.0 the same function in Puppet will be used instead of this.\nDOC\n) do |arguments|\n if arguments.size != 1\n raise(Puppet::ParseError, \"sort(): Wrong number of arguments given #{arguments.size} for 1\")\n end\n\n value = arguments[0]\n\n if value.is_a?(Array)\n value.sort\n elsif value.is_a?(String)\n value.split('').sort.join('')\n end\nend"}, {"name": "sprintf_hash", "file": "lib/puppet/functions/sprintf_hash.rb", "line": 21, "type": "ruby4x", "signatures": [{"signature": "sprintf_hash(String $format, Hash $arguments)", "docstring": {"text": "The first parameter is format string describing how the rest of the parameters in the hash\nshould be formatted. See the documentation for the `Kernel::sprintf` function in Ruby for\nall the details.\n\nIn the given argument hash with parameters, all keys are converted to symbols so they work\nwith the `sprintf` function.\n\nNote that since Puppet 4.10.10, and 5.3.4 this functionality is supported by the\n`sprintf` function in puppet core.", "tags": [{"tag_name": "example", "text": "$output = sprintf_hash('String: %<foo>s / number converted to binary: %<number>b',\n { 'foo' => 'a string', 'number' => 5 })\n# $output = 'String: a string / number converted to binary: 101'", "name": "Format a string and number"}, {"tag_name": "param", "text": "The format to use.", "types": ["String"], "name": "format"}, {"tag_name": "param", "text": "Hash with parameters.", "types": ["Hash"], "name": "arguments"}, {"tag_name": "return", "text": "The formatted string.", "types": ["Any"]}]}}], "docstring": {"text": "The first parameter is format string describing how the rest of the parameters in the hash\nshould be formatted. See the documentation for the `Kernel::sprintf` function in Ruby for\nall the details.\n\nIn the given argument hash with parameters, all keys are converted to symbols so they work\nwith the `sprintf` function.\n\nNote that since Puppet 4.10.10, and 5.3.4 this functionality is supported by the\n`sprintf` function in puppet core.", "tags": [{"tag_name": "example", "text": "$output = sprintf_hash('String: %<foo>s / number converted to binary: %<number>b',\n { 'foo' => 'a string', 'number' => 5 })\n# $output = 'String: a string / number converted to binary: 101'", "name": "Format a string and number"}, {"tag_name": "param", "text": "The format to use.", "types": ["String"], "name": "format"}, {"tag_name": "param", "text": "Hash with parameters.", "types": ["Hash"], "name": "arguments"}, {"tag_name": "return", "text": "The formatted string.", "types": ["Any"]}, {"tag_name": "summary", "text": "Uses sprintf with named references."}]}, "source": "Puppet::Functions.create_function(:sprintf_hash) do\n # @param format The format to use.\n # @param arguments Hash with parameters.\n # @return The formatted string.\n dispatch :sprintf_hash do\n param 'String', :format\n param 'Hash', :arguments\n # Disabled for now. This gives issues on puppet 4.7.1.\n # return_type 'String'\n end\n\n def sprintf_hash(format, arguments)\n call_function('deprecation', 'sprintf_hash', 'This method is deprecated. From Puppet 4.10.10/5.3.4 please use the built-in sprintf instead')\n\n Kernel.sprintf(format, Hash[arguments.map { |(k, v)| [k.to_sym, v] }])\n end\nend"}, {"name": "squeeze", "file": "lib/puppet/parser/functions/squeeze.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "squeeze()", "docstring": {"text": "", "tags": [{"tag_name": "return", "text": "a new string where runs of the same character that occur in this set are replaced by a single character.", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "return", "text": "a new string where runs of the same character that occur in this set are replaced by a single character.", "types": ["Any"]}, {"tag_name": "summary", "text": "Returns a new string where runs of the same character that occur in this set are replaced by a single character."}]}, "source": "newfunction(:squeeze, type: :rvalue, doc: <<-DOC\n @summary\n Returns a new string where runs of the same character that occur in this set are replaced by a single character.\n\n @return\n a new string where runs of the same character that occur in this set are replaced by a single character.\nDOC\n) do |arguments|\n if (arguments.size != 2) && (arguments.size != 1)\n raise(Puppet::ParseError, \"squeeze(): Wrong number of arguments given #{arguments.size} for 2 or 1\")\n end\n\n item = arguments[0]\n squeezeval = arguments[1]\n\n if item.is_a?(Array)\n if squeezeval\n item.map { |i| i.squeeze(squeezeval) }\n else\n item.map { |i| i.squeeze }\n end\n elsif squeezeval\n item.squeeze(squeezeval)\n else\n item.squeeze\n end\nend"}, {"name": "stdlib::end_with", "file": "lib/puppet/functions/stdlib/end_with.rb", "line": 6, "type": "ruby4x", "signatures": [{"signature": "stdlib::end_with(String $test_string, Variant[String[1],Array[String[1], 1]] $suffixes)", "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "'foobar'.stdlib::end_with('bar') => true\n'foobar'.stdlib::end_with('foo') => false\n'foobar'.stdlib::end_with(['foo', 'baz']) => false", "name": ""}, {"tag_name": "param", "text": "The string to check", "types": ["String"], "name": "test_string"}, {"tag_name": "param", "text": "The suffixes to check", "types": ["Variant[String[1],Array[String[1], 1]]"], "name": "suffixes"}, {"tag_name": "return", "text": "True or False", "types": ["Boolean"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "'foobar'.stdlib::end_with('bar') => true\n'foobar'.stdlib::end_with('foo') => false\n'foobar'.stdlib::end_with(['foo', 'baz']) => false", "name": ""}, {"tag_name": "param", "text": "The string to check", "types": ["String"], "name": "test_string"}, {"tag_name": "param", "text": "The suffixes to check", "types": ["Variant[String[1],Array[String[1], 1]]"], "name": "suffixes"}, {"tag_name": "return", "text": "True or False", "types": ["Boolean"]}, {"tag_name": "summary", "text": "Returns true if str ends with one of the prefixes given. Each of the prefixes should be a String."}]}, "source": "Puppet::Functions.create_function(:'stdlib::end_with') do\n # @param test_string The string to check\n # @param suffixes The suffixes to check\n # @example\n # 'foobar'.stdlib::end_with('bar') => true\n # 'foobar'.stdlib::end_with('foo') => false\n # 'foobar'.stdlib::end_with(['foo', 'baz']) => false\n # @return [Boolean] True or False\n dispatch :end_with do\n param 'String', :test_string\n param 'Variant[String[1],Array[String[1], 1]]', :suffixes\n return_type 'Boolean'\n end\n\n def end_with(test_string, suffixes)\n test_string.end_with?(*suffixes)\n end\nend"}, {"name": "stdlib::ensure", "file": "functions/ensure.pp", "line": 2, "type": "puppet", "signatures": [{"signature": "stdlib::ensure(Variant[Boolean, Enum['present', 'absent']] $ensure, Enum['directory', 'link', 'mounted', 'service', 'file', 'package'] $resource)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Variant[Boolean, Enum['present', 'absent']]"], "name": "ensure"}, {"tag_name": "param", "text": "", "types": ["Enum['directory', 'link', 'mounted', 'service', 'file', 'package']"], "name": "resource"}, {"tag_name": "return", "text": "", "types": ["String"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Variant[Boolean, Enum['present', 'absent']]"], "name": "ensure"}, {"tag_name": "param", "text": "", "types": ["Enum['directory', 'link', 'mounted', 'service', 'file', 'package']"], "name": "resource"}, {"tag_name": "return", "text": "", "types": ["String"]}, {"tag_name": "summary", "text": "function to cast ensure parameter to resource specific value"}]}, "source": "function stdlib::ensure(\n Variant[Boolean, Enum['present', 'absent']] $ensure,\n Enum['directory', 'link', 'mounted', 'service', 'file', 'package'] $resource,\n) >> String {\n $_ensure = $ensure ? {\n Boolean => $ensure.bool2str('present', 'absent'),\n default => $ensure,\n }\n case $resource {\n 'package': {\n $_ensure ? {\n 'present' => 'installed',\n default => 'absent',\n }\n }\n 'service': {\n $_ensure ? {\n 'present' => 'running',\n default => 'stopped',\n }\n }\n default: {\n $_ensure ? {\n 'present' => $resource,\n default => $_ensure,\n }\n }\n }\n}"}, {"name": "stdlib::extname", "file": "lib/puppet/functions/stdlib/extname.rb", "line": 12, "type": "ruby4x", "signatures": [{"signature": "stdlib::extname(String $filename)", "docstring": {"text": "If Path is a Dotfile, or starts with a Period, then the starting Dot is not\ndealt with the Start of the Extension.\n\nAn empty String will also be returned, when the Period is the last Character\nin Path.", "tags": [{"tag_name": "example", "text": "stdlib::extname('test.rb') => '.rb'\nstdlib::extname('a/b/d/test.rb') => '.rb'\nstdlib::extname('test') => ''\nstdlib::extname('.profile') => ''", "name": "Determining the Extension of a Filename"}, {"tag_name": "param", "text": "The Filename", "types": ["String"], "name": "filename"}, {"tag_name": "return", "text": "The Extension starting from the last Period", "types": ["String"]}]}}], "docstring": {"text": "If Path is a Dotfile, or starts with a Period, then the starting Dot is not\ndealt with the Start of the Extension.\n\nAn empty String will also be returned, when the Period is the last Character\nin Path.", "tags": [{"tag_name": "example", "text": "stdlib::extname('test.rb') => '.rb'\nstdlib::extname('a/b/d/test.rb') => '.rb'\nstdlib::extname('test') => ''\nstdlib::extname('.profile') => ''", "name": "Determining the Extension of a Filename"}, {"tag_name": "param", "text": "The Filename", "types": ["String"], "name": "filename"}, {"tag_name": "return", "text": "The Extension starting from the last Period", "types": ["String"]}, {"tag_name": "summary", "text": "Returns the Extension (the Portion of Filename in Path starting from the\nlast Period)."}]}, "source": "Puppet::Functions.create_function(:'stdlib::extname') do\n # @param filename The Filename\n # @return [String] The Extension starting from the last Period\n # @example Determining the Extension of a Filename\n # stdlib::extname('test.rb') => '.rb'\n # stdlib::extname('a/b/d/test.rb') => '.rb'\n # stdlib::extname('test') => ''\n # stdlib::extname('.profile') => ''\n dispatch :extname do\n param 'String', :filename\n return_type 'String'\n end\n\n def extname(filename)\n File.extname(filename)\n end\nend"}, {"name": "stdlib::ip_in_range", "file": "lib/puppet/functions/stdlib/ip_in_range.rb", "line": 8, "type": "ruby4x", "signatures": [{"signature": "stdlib::ip_in_range(String $ipaddress, Variant[String, Array] $range)", "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "stdlib::ip_in_range('10.10.10.53', '10.10.10.0/24') => true", "name": "ip_in_range(<IPv4 Address>, <IPv4 CIDR>)"}, {"tag_name": "param", "text": "The IP address to check", "types": ["String"], "name": "ipaddress"}, {"tag_name": "param", "text": "One CIDR or an array of CIDRs\ndefining the range(s) to check against", "types": ["Variant[String, Array]"], "name": "range"}, {"tag_name": "return", "text": "True or False", "types": ["Boolean"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "stdlib::ip_in_range('10.10.10.53', '10.10.10.0/24') => true", "name": "ip_in_range(<IPv4 Address>, <IPv4 CIDR>)"}, {"tag_name": "param", "text": "The IP address to check", "types": ["String"], "name": "ipaddress"}, {"tag_name": "param", "text": "One CIDR or an array of CIDRs\ndefining the range(s) to check against", "types": ["Variant[String, Array]"], "name": "range"}, {"tag_name": "return", "text": "True or False", "types": ["Boolean"]}, {"tag_name": "summary", "text": "Returns true if the ipaddress is within the given CIDRs"}]}, "source": "Puppet::Functions.create_function(:'stdlib::ip_in_range') do\n # @param ipaddress The IP address to check\n # @param range One CIDR or an array of CIDRs\n # defining the range(s) to check against\n #\n # @return [Boolean] True or False\n dispatch :ip_in_range do\n param 'String', :ipaddress\n param 'Variant[String, Array]', :range\n return_type 'Boolean'\n end\n\n require 'ipaddr'\n def ip_in_range(ipaddress, range)\n ip = IPAddr.new(ipaddress)\n\n if range.is_a? Array\n ranges = range.map { |r| IPAddr.new(r) }\n ranges.any? { |rng| rng.include?(ip) }\n elsif range.is_a? String\n ranges = IPAddr.new(range)\n ranges.include?(ip)\n end\n end\nend"}, {"name": "stdlib::start_with", "file": "lib/puppet/functions/stdlib/start_with.rb", "line": 6, "type": "ruby4x", "signatures": [{"signature": "stdlib::start_with(String $test_string, Variant[String[1],Array[String[1], 1]] $prefixes)", "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "'foobar'.stdlib::start_with('foo') => true\n'foobar'.stdlib::start_with('bar') => false\n'foObar'.stdlib::start_with(['bar', 'baz']) => false", "name": ""}, {"tag_name": "param", "text": "The string to check", "types": ["String"], "name": "test_string"}, {"tag_name": "param", "text": "The prefixes to check.", "types": ["Variant[String[1],Array[String[1], 1]]"], "name": "prefixes"}, {"tag_name": "return", "text": "True or False", "types": ["Boolean"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "'foobar'.stdlib::start_with('foo') => true\n'foobar'.stdlib::start_with('bar') => false\n'foObar'.stdlib::start_with(['bar', 'baz']) => false", "name": ""}, {"tag_name": "param", "text": "The string to check", "types": ["String"], "name": "test_string"}, {"tag_name": "param", "text": "The prefixes to check.", "types": ["Variant[String[1],Array[String[1], 1]]"], "name": "prefixes"}, {"tag_name": "return", "text": "True or False", "types": ["Boolean"]}, {"tag_name": "summary", "text": "Returns true if str starts with one of the prefixes given. Each of the prefixes should be a String."}]}, "source": "Puppet::Functions.create_function(:'stdlib::start_with') do\n # @param test_string The string to check\n # @param prefixes The prefixes to check.\n # @example\n # 'foobar'.stdlib::start_with('foo') => true\n # 'foobar'.stdlib::start_with('bar') => false\n # 'foObar'.stdlib::start_with(['bar', 'baz']) => false\n # @return [Boolean] True or False\n dispatch :start_with do\n param 'String', :test_string\n param 'Variant[String[1],Array[String[1], 1]]', :prefixes\n return_type 'Boolean'\n end\n\n def start_with(test_string, prefixes)\n test_string.start_with?(*prefixes)\n end\nend"}, {"name": "str2bool", "file": "lib/puppet/parser/functions/str2bool.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "str2bool()", "docstring": {"text": "> *Note:* that since Puppet 5.0.0 the Boolean data type can convert strings to a Boolean value.\nSee the function new() in Puppet for details what the Boolean data type supports.", "tags": [{"tag_name": "return", "text": "This attempt to convert to boolean strings that contain things like: Y,y, 1, T,t, TRUE,true to 'true' and strings that contain things\nlike: 0, F,f, N,n, false, FALSE, no to 'false'.", "types": ["Any"]}]}}], "docstring": {"text": "> *Note:* that since Puppet 5.0.0 the Boolean data type can convert strings to a Boolean value.\nSee the function new() in Puppet for details what the Boolean data type supports.", "tags": [{"tag_name": "return", "text": "This attempt to convert to boolean strings that contain things like: Y,y, 1, T,t, TRUE,true to 'true' and strings that contain things\nlike: 0, F,f, N,n, false, FALSE, no to 'false'.", "types": ["Any"]}, {"tag_name": "summary", "text": "This converts a string to a boolean."}]}, "source": "newfunction(:str2bool, type: :rvalue, doc: <<-DOC\n @summary\n This converts a string to a boolean.\n\n @return\n This attempt to convert to boolean strings that contain things like: Y,y, 1, T,t, TRUE,true to 'true' and strings that contain things\n like: 0, F,f, N,n, false, FALSE, no to 'false'.\n\n > *Note:* that since Puppet 5.0.0 the Boolean data type can convert strings to a Boolean value.\n See the function new() in Puppet for details what the Boolean data type supports.\nDOC\n) do |arguments|\n raise(Puppet::ParseError, \"str2bool(): Wrong number of arguments given (#{arguments.size} for 1)\") if arguments.empty?\n\n string = arguments[0]\n\n # If string is already Boolean, return it\n if !!string == string # rubocop:disable Style/DoubleNegation : No viable alternative\n return string\n end\n\n unless string.is_a?(String)\n raise(Puppet::ParseError, 'str2bool(): Requires string to work with')\n end\n\n # We consider all the yes, no, y, n and so on too ...\n result = case string\n #\n # This is how undef looks like in Puppet ...\n # We yield false in this case.\n #\n when %r{^$}, '' then false # Empty string will be false ...\n when %r{^(1|t|y|true|yes)$}i then true\n when %r{^(0|f|n|false|no)$}i then false\n when %r{^(undef|undefined)$} then false # This is not likely to happen ...\n else\n raise(Puppet::ParseError, 'str2bool(): Unknown type of boolean given')\n end\n\n return result\nend"}, {"name": "str2saltedpbkdf2", "file": "lib/puppet/parser/functions/str2saltedpbkdf2.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "str2saltedpbkdf2()", "docstring": {"text": "Convert a string into a salted SHA512 PBKDF2 password hash like requred for OS X / macOS 10.8+.\nNote, however, that Apple changes what's required periodically and this may not work for the latest\nversion of macOS. If that is the case you should get a helpful error message when Puppet tries to set\nthe pasword using the parameters you provide to the user resource.", "tags": [{"tag_name": "example", "text": "$pw_info = str2saltedpbkdf2('Pa55w0rd', 'Using s0m3 s@lt', 50000)\nuser { 'jdoe':\n ensure => present,\n iterations => $pw_info['interations'],\n password => $pw_info['password_hex'],\n salt => $pw_info['salt_hex'],\n}", "name": "Plain text password and salt"}, {"tag_name": "example", "text": "$pw = Sensitive.new('Pa55w0rd')\n$salt = Sensitive.new('Using s0m3 s@lt')\n$pw_info = Sensitive.new(str2saltedpbkdf2($pw, $salt, 50000))\nuser { 'jdoe':\n ensure => present,\n iterations => unwrap($pw_info)['interations'],\n password => unwrap($pw_info)['password_hex'],\n salt => unwrap($pw_info)['salt_hex'],\n}", "name": "Sensitive password and salt"}, {"tag_name": "return", "text": "Provides a hash containing the hex version of the password, the hex version of the salt, and iterations.", "types": ["Hash"]}]}}], "docstring": {"text": "Convert a string into a salted SHA512 PBKDF2 password hash like requred for OS X / macOS 10.8+.\nNote, however, that Apple changes what's required periodically and this may not work for the latest\nversion of macOS. If that is the case you should get a helpful error message when Puppet tries to set\nthe pasword using the parameters you provide to the user resource.", "tags": [{"tag_name": "example", "text": "$pw_info = str2saltedpbkdf2('Pa55w0rd', 'Using s0m3 s@lt', 50000)\nuser { 'jdoe':\n ensure => present,\n iterations => $pw_info['interations'],\n password => $pw_info['password_hex'],\n salt => $pw_info['salt_hex'],\n}", "name": "Plain text password and salt"}, {"tag_name": "example", "text": "$pw = Sensitive.new('Pa55w0rd')\n$salt = Sensitive.new('Using s0m3 s@lt')\n$pw_info = Sensitive.new(str2saltedpbkdf2($pw, $salt, 50000))\nuser { 'jdoe':\n ensure => present,\n iterations => unwrap($pw_info)['interations'],\n password => unwrap($pw_info)['password_hex'],\n salt => unwrap($pw_info)['salt_hex'],\n}", "name": "Sensitive password and salt"}, {"tag_name": "return", "text": "Provides a hash containing the hex version of the password, the hex version of the salt, and iterations.", "types": ["Hash"]}, {"tag_name": "summary", "text": "Convert a string into a salted SHA512 PBKDF2 password hash like requred for OS X / macOS 10.8+"}]}, "source": "newfunction(:str2saltedpbkdf2, type: :rvalue, doc: <<-DOC\n @summary Convert a string into a salted SHA512 PBKDF2 password hash like requred for OS X / macOS 10.8+\n\n Convert a string into a salted SHA512 PBKDF2 password hash like requred for OS X / macOS 10.8+.\n Note, however, that Apple changes what's required periodically and this may not work for the latest\n version of macOS. If that is the case you should get a helpful error message when Puppet tries to set\n the pasword using the parameters you provide to the user resource.\n\n @example Plain text password and salt\n $pw_info = str2saltedpbkdf2('Pa55w0rd', 'Using s0m3 s@lt', 50000)\n user { 'jdoe':\n ensure => present,\n iterations => $pw_info['interations'],\n password => $pw_info['password_hex'],\n salt => $pw_info['salt_hex'],\n }\n\n @example Sensitive password and salt\n $pw = Sensitive.new('Pa55w0rd')\n $salt = Sensitive.new('Using s0m3 s@lt')\n $pw_info = Sensitive.new(str2saltedpbkdf2($pw, $salt, 50000))\n user { 'jdoe':\n ensure => present,\n iterations => unwrap($pw_info)['interations'],\n password => unwrap($pw_info)['password_hex'],\n salt => unwrap($pw_info)['salt_hex'],\n }\n\n @return [Hash]\n Provides a hash containing the hex version of the password, the hex version of the salt, and iterations.\nDOC\n) do |args|\n require 'openssl'\n\n raise ArgumentError, \"str2saltedpbkdf2(): wrong number of arguments (#{args.size} for 3)\" if args.size != 3\n\n args.map! do |arg|\n if (defined? Puppet::Pops::Types::PSensitiveType::Sensitive) && (arg.is_a? Puppet::Pops::Types::PSensitiveType::Sensitive)\n arg.unwrap\n else\n arg\n end\n end\n\n raise ArgumentError, 'str2saltedpbkdf2(): first argument must be a string' unless args[0].is_a?(String)\n raise ArgumentError, 'str2saltedpbkdf2(): second argument must be a string' unless args[1].is_a?(String)\n raise ArgumentError, 'str2saltedpbkdf2(): second argument must be at least 8 bytes long' unless args[1].bytesize >= 8\n raise ArgumentError, 'str2saltedpbkdf2(): third argument must be an integer' unless args[2].is_a?(Integer)\n raise ArgumentError, 'str2saltedpbkdf2(): third argument must be between 40,000 and 70,000' unless args[2] > 40_000 && args[2] < 70_000\n\n password = args[0]\n salt = args[1]\n iterations = args[2]\n keylen = 128\n digest = OpenSSL::Digest::SHA512.new\n hash = OpenSSL::PKCS5.pbkdf2_hmac(password, salt, iterations, keylen, digest)\n\n {\n 'password_hex' => hash.unpack('H*').first,\n 'salt_hex' => salt.unpack('H*').first,\n 'iterations' => iterations,\n }\nend"}, {"name": "str2saltedsha512", "file": "lib/puppet/parser/functions/str2saltedsha512.rb", "line": 8, "type": "ruby3x", "signatures": [{"signature": "str2saltedsha512()", "docstring": {"text": "Given any simple string, you will get a hex version\nof a salted-SHA512 password hash that can be inserted into your Puppet\nmanifests as a valid password attribute.", "tags": [{"tag_name": "return", "text": "converted string as a hex version of a salted-SHA512 password hash", "types": ["Any"]}]}}], "docstring": {"text": "Given any simple string, you will get a hex version\nof a salted-SHA512 password hash that can be inserted into your Puppet\nmanifests as a valid password attribute.", "tags": [{"tag_name": "return", "text": "converted string as a hex version of a salted-SHA512 password hash", "types": ["Any"]}, {"tag_name": "summary", "text": "This converts a string to a salted-SHA512 password hash (which is used for\nOS X versions >= 10.7)."}]}, "source": "newfunction(:str2saltedsha512, type: :rvalue, doc: <<-DOC\n @summary\n This converts a string to a salted-SHA512 password hash (which is used for\n OS X versions >= 10.7).\n\n @return\n converted string as a hex version of a salted-SHA512 password hash\n\n Given any simple string, you will get a hex version\n of a salted-SHA512 password hash that can be inserted into your Puppet\n manifests as a valid password attribute.\n DOC\n) do |arguments|\n require 'digest/sha2'\n\n raise(Puppet::ParseError, \"str2saltedsha512(): Wrong number of arguments passed (#{arguments.size} but we require 1)\") if arguments.size != 1\n\n password = arguments[0]\n\n unless password.is_a?(String)\n raise(Puppet::ParseError, \"str2saltedsha512(): Requires a String argument, you passed: #{password.class}\")\n end\n\n seedint = rand(2**31 - 1)\n seedstring = Array(seedint).pack('L')\n saltedpass = Digest::SHA512.digest(seedstring + password)\n (seedstring + saltedpass).unpack('H*')[0]\nend"}, {"name": "strip", "file": "lib/puppet/parser/functions/strip.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "strip()", "docstring": {"text": "> *Note:*: from Puppet 6.0.0, the compatible function with the same name in Puppet core\nwill be used instead of this function.", "tags": [{"tag_name": "example", "text": "\nstrip(\" aaa \")\nWould result in: \"aaa\"", "name": "**Usage**"}, {"tag_name": "return", "text": "String or Array converted", "types": ["Any"]}]}}], "docstring": {"text": "> *Note:*: from Puppet 6.0.0, the compatible function with the same name in Puppet core\nwill be used instead of this function.", "tags": [{"tag_name": "example", "text": "\nstrip(\" aaa \")\nWould result in: \"aaa\"", "name": "**Usage**"}, {"tag_name": "return", "text": "String or Array converted", "types": ["Any"]}, {"tag_name": "summary", "text": "This function removes leading and trailing whitespace from a string or from\nevery string inside an array."}]}, "source": "newfunction(:strip, type: :rvalue, doc: <<-DOC\n @summary\n This function removes leading and trailing whitespace from a string or from\n every string inside an array.\n\n @return\n String or Array converted\n\n @example **Usage**\n\n strip(\" aaa \")\n Would result in: \"aaa\"\n\n > *Note:*: from Puppet 6.0.0, the compatible function with the same name in Puppet core\n will be used instead of this function.\n DOC\n) do |arguments|\n raise(Puppet::ParseError, \"strip(): Wrong number of arguments given (#{arguments.size} for 1)\") if arguments.empty?\n\n value = arguments[0]\n\n unless value.is_a?(Array) || value.is_a?(String)\n raise(Puppet::ParseError, 'strip(): Requires either array or string to work with')\n end\n\n result = if value.is_a?(Array)\n value.map { |i| i.is_a?(String) ? i.strip : i }\n else\n value.strip\n end\n\n return result\nend"}, {"name": "suffix", "file": "lib/puppet/parser/functions/suffix.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "suffix()", "docstring": {"text": "> *Note:* that since Puppet 4.0.0 the general way to modify values is in array is by using the map\nfunction in Puppet. This example does the same as the example above:\n\n```['a', 'b', 'c'].map |$x| { \"${x}p\" }```", "tags": [{"tag_name": "example", "text": "\nsuffix(['a','b','c'], 'p')\nWill return: ['ap','bp','cp']", "name": "**Usage**"}, {"tag_name": "return", "text": "Array or Hash with updated elements containing the passed suffix", "types": ["Any"]}]}}], "docstring": {"text": "> *Note:* that since Puppet 4.0.0 the general way to modify values is in array is by using the map\nfunction in Puppet. This example does the same as the example above:\n\n```['a', 'b', 'c'].map |$x| { \"${x}p\" }```", "tags": [{"tag_name": "example", "text": "\nsuffix(['a','b','c'], 'p')\nWill return: ['ap','bp','cp']", "name": "**Usage**"}, {"tag_name": "return", "text": "Array or Hash with updated elements containing the passed suffix", "types": ["Any"]}, {"tag_name": "summary", "text": "This function applies a suffix to all elements in an array, or to the keys\nin a hash."}]}, "source": "newfunction(:suffix, type: :rvalue, doc: <<-DOC\n @summary\n This function applies a suffix to all elements in an array, or to the keys\n in a hash.\n\n @return\n Array or Hash with updated elements containing the passed suffix\n\n @example **Usage**\n\n suffix(['a','b','c'], 'p')\n Will return: ['ap','bp','cp']\n\n > *Note:* that since Puppet 4.0.0 the general way to modify values is in array is by using the map\n function in Puppet. This example does the same as the example above:\n\n ```['a', 'b', 'c'].map |$x| { \"${x}p\" }```\n\n DOC\n) do |arguments|\n # Technically we support two arguments but only first is mandatory ...\n raise(Puppet::ParseError, \"suffix(): Wrong number of arguments given (#{arguments.size} for 1)\") if arguments.empty?\n\n enumerable = arguments[0]\n\n unless enumerable.is_a?(Array) || enumerable.is_a?(Hash)\n raise Puppet::ParseError, \"suffix(): expected first argument to be an Array or a Hash, got #{enumerable.inspect}\"\n end\n\n suffix = arguments[1] if arguments[1]\n\n if suffix\n unless suffix.is_a? String\n raise Puppet::ParseError, \"suffix(): expected second argument to be a String, got #{suffix.inspect}\"\n end\n end\n\n result = if enumerable.is_a?(Array)\n # Turn everything into string same as join would do ...\n enumerable.map do |i|\n i = i.to_s\n suffix ? i + suffix : i\n end\n else\n Hash[enumerable.map do |k, v|\n k = k.to_s\n [suffix ? k + suffix : k, v]\n end]\n end\n\n return result\nend"}, {"name": "swapcase", "file": "lib/puppet/parser/functions/swapcase.rb", "line": 8, "type": "ruby3x", "signatures": [{"signature": "swapcase()", "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "\nswapcase(\"aBcD\")\nWould result in: \"AbCd\"", "name": "**Usage**"}, {"tag_name": "return", "text": "string with uppercase alphabetic characters converted to lowercase and lowercase characters converted to uppercase", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "\nswapcase(\"aBcD\")\nWould result in: \"AbCd\"", "name": "**Usage**"}, {"tag_name": "return", "text": "string with uppercase alphabetic characters converted to lowercase and lowercase characters converted to uppercase", "types": ["Any"]}, {"tag_name": "summary", "text": "This function will swap the existing case of a string."}]}, "source": "newfunction(:swapcase, type: :rvalue, doc: <<-DOC\n @summary\n This function will swap the existing case of a string.\n\n @return\n string with uppercase alphabetic characters converted to lowercase and lowercase characters converted to uppercase\n\n @example **Usage**\n\n swapcase(\"aBcD\")\n Would result in: \"AbCd\"\n DOC\n) do |arguments|\n raise(Puppet::ParseError, \"swapcase(): Wrong number of arguments given (#{arguments.size} for 1)\") if arguments.empty?\n\n value = arguments[0]\n\n unless value.is_a?(Array) || value.is_a?(String)\n raise(Puppet::ParseError, 'swapcase(): Requires either array or string to work with')\n end\n\n result = if value.is_a?(Array)\n # Numbers in Puppet are often string-encoded which is troublesome ...\n value.map { |i| i.is_a?(String) ? i.swapcase : i }\n else\n value.swapcase\n end\n\n return result\nend"}, {"name": "time", "file": "lib/puppet/parser/functions/time.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "time()", "docstring": {"text": "> *Note:* that since Puppet 4.8.0 the Puppet language has the data types Timestamp (a point in time) and\nTimespan (a duration). The following example is equivalent to calling time() without\nany arguments:\n\n```Timestamp()```", "tags": [{"tag_name": "example", "text": "\ntime()\nWill return something like: 1311972653", "name": "**Usage**"}, {"tag_name": "return", "text": "the current time since epoch as an integer.", "types": ["Any"]}]}}], "docstring": {"text": "> *Note:* that since Puppet 4.8.0 the Puppet language has the data types Timestamp (a point in time) and\nTimespan (a duration). The following example is equivalent to calling time() without\nany arguments:\n\n```Timestamp()```", "tags": [{"tag_name": "example", "text": "\ntime()\nWill return something like: 1311972653", "name": "**Usage**"}, {"tag_name": "return", "text": "the current time since epoch as an integer.", "types": ["Any"]}, {"tag_name": "summary", "text": "This function will return the current time since epoch as an integer."}]}, "source": "newfunction(:time, type: :rvalue, doc: <<-DOC\n @summary\n This function will return the current time since epoch as an integer.\n\n @return\n the current time since epoch as an integer.\n\n @example **Usage**\n\n time()\n Will return something like: 1311972653\n\n > *Note:* that since Puppet 4.8.0 the Puppet language has the data types Timestamp (a point in time) and\n Timespan (a duration). The following example is equivalent to calling time() without\n any arguments:\n\n ```Timestamp()```\n\n DOC\n) do |arguments|\n # The Time Zone argument is optional ...\n time_zone = arguments[0] if arguments[0]\n\n if !arguments.empty? && (arguments.size != 1)\n raise(Puppet::ParseError, \"time(): Wrong number of arguments given #{arguments.size} for 0 or 1\")\n end\n\n time = Time.new\n\n # There is probably a better way to handle Time Zone ...\n if time_zone && !time_zone.empty?\n original_zone = ENV['TZ']\n\n local_time = time.clone\n local_time = local_time.utc\n\n ENV['TZ'] = time_zone\n\n result = local_time.localtime.strftime('%s')\n\n ENV['TZ'] = original_zone\n else\n result = time.localtime.strftime('%s')\n end\n\n # Calling Time#to_i on a receiver changes it. Trust me I am the Doctor.\n result = result.to_i\n\n return result\nend"}, {"name": "to_bytes", "file": "lib/puppet/parser/functions/to_bytes.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "to_bytes()", "docstring": {"text": "Takes a single string value as an argument.\nThese conversions reflect a layperson's understanding of\n1 MB = 1024 KB, when in fact 1 MB = 1000 KB, and 1 MiB = 1024 KiB.", "tags": [{"tag_name": "return", "text": "converted value into bytes", "types": ["Any"]}]}}], "docstring": {"text": "Takes a single string value as an argument.\nThese conversions reflect a layperson's understanding of\n1 MB = 1024 KB, when in fact 1 MB = 1000 KB, and 1 MiB = 1024 KiB.", "tags": [{"tag_name": "return", "text": "converted value into bytes", "types": ["Any"]}, {"tag_name": "summary", "text": "Converts the argument into bytes, for example 4 kB becomes 4096."}]}, "source": "newfunction(:to_bytes, type: :rvalue, doc: <<-DOC\n @summary\n Converts the argument into bytes, for example 4 kB becomes 4096.\n\n @return\n converted value into bytes\n\n Takes a single string value as an argument.\n These conversions reflect a layperson's understanding of\n 1 MB = 1024 KB, when in fact 1 MB = 1000 KB, and 1 MiB = 1024 KiB.\n DOC\n) do |arguments|\n raise(Puppet::ParseError, \"to_bytes(): Wrong number of arguments given (#{arguments.size} for 1)\") if arguments.size != 1\n\n arg = arguments[0]\n\n return arg if arg.is_a? Numeric\n\n value, prefix = *%r{([0-9.e+-]*)\\s*([^bB]?)}.match(arg)[1, 2]\n\n value = value.to_f\n case prefix\n when '' then return value.to_i\n when 'k' then return (value * (1 << 10)).to_i\n when 'M' then return (value * (1 << 20)).to_i\n when 'G' then return (value * (1 << 30)).to_i\n when 'T' then return (value * (1 << 40)).to_i\n when 'P' then return (value * (1 << 50)).to_i\n when 'E' then return (value * (1 << 60)).to_i\n else raise Puppet::ParseError, \"to_bytes(): Unknown prefix #{prefix}\"\n end\nend"}, {"name": "to_json", "file": "lib/puppet/functions/to_json.rb", "line": 14, "type": "ruby4x", "signatures": [{"signature": "to_json(Any $data)", "docstring": {"text": "}", "tags": [{"tag_name": "param", "text": "data structure which needs to be converted into JSON", "types": ["Any"], "name": "data"}, {"tag_name": "return", "text": "converted data to json", "types": ["Any"]}]}}], "docstring": {"text": "}", "tags": [{"tag_name": "param", "text": "data structure which needs to be converted into JSON", "types": ["Any"], "name": "data"}, {"tag_name": "return", "text": "converted data to json", "types": ["Any"]}]}, "source": "Puppet::Functions.create_function(:to_json) do\n # @param data\n # data structure which needs to be converted into JSON\n # @return converted data to json\n dispatch :to_json do\n param 'Any', :data\n end\n\n def to_json(data)\n data.to_json\n end\nend"}, {"name": "to_json_pretty", "file": "lib/puppet/functions/to_json_pretty.rb", "line": 35, "type": "ruby4x", "signatures": [{"signature": "to_json_pretty(Variant[Hash, Array] $data, Optional[Optional[Boolean]] $skip_undef, Optional[Struct[{\nindent => Optional[String],\nspace => Optional[String],\nspace_before => Optional[String],\nobject_nl => Optional[String],\narray_nl => Optional[String],\nallow_nan => Optional[Boolean],\nmax_nesting => Optional[Integer[-1,default]],\n}]] $opts)", "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "* how to output pretty JSON to file\n file { '/tmp/my.json':\n ensure => file,\n content => to_json_pretty($myhash),\n }\n\n* how to output pretty JSON skipping over keys with undef values\n file { '/tmp/my.json':\n ensure => file,\n content => to_json_pretty({\n param_one => 'value',\n param_two => undef,\n }, true),\n }\n\n* how to output pretty JSON using tabs for indentation\n file { '/tmp/my.json':\n ensure => file,\n content => to_json_pretty({\n param_one => 'value',\n param_two => {\n param_more => 42,\n },\n }, nil, {indent => ' '}),\n }", "name": "**Usage**"}, {"tag_name": "param", "text": "data structure which needs to be converted to pretty json", "types": ["Variant[Hash, Array]"], "name": "data"}, {"tag_name": "param", "text": "value `true` or `false`", "types": ["Optional[Optional[Boolean]]"], "name": "skip_undef"}, {"tag_name": "param", "text": "hash-map of settings passed to JSON.pretty_generate, see\nhttps://ruby-doc.org/stdlib-2.0.0/libdoc/json/rdoc/JSON.html#method-i-generate.\nNote that `max_nesting` doesn't take the value `false`; use `-1` instead.", "types": ["Optional[Struct[{\nindent => Optional[String],\nspace => Optional[String],\nspace_before => Optional[String],\nobject_nl => Optional[String],\narray_nl => Optional[String],\nallow_nan => Optional[Boolean],\nmax_nesting => Optional[Integer[-1,default]],\n}]]"], "name": "opts"}, {"tag_name": "return", "text": "converted data to pretty json", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "* how to output pretty JSON to file\n file { '/tmp/my.json':\n ensure => file,\n content => to_json_pretty($myhash),\n }\n\n* how to output pretty JSON skipping over keys with undef values\n file { '/tmp/my.json':\n ensure => file,\n content => to_json_pretty({\n param_one => 'value',\n param_two => undef,\n }, true),\n }\n\n* how to output pretty JSON using tabs for indentation\n file { '/tmp/my.json':\n ensure => file,\n content => to_json_pretty({\n param_one => 'value',\n param_two => {\n param_more => 42,\n },\n }, nil, {indent => ' '}),\n }", "name": "**Usage**"}, {"tag_name": "param", "text": "data structure which needs to be converted to pretty json", "types": ["Variant[Hash, Array]"], "name": "data"}, {"tag_name": "param", "text": "value `true` or `false`", "types": ["Optional[Optional[Boolean]]"], "name": "skip_undef"}, {"tag_name": "param", "text": "hash-map of settings passed to JSON.pretty_generate, see\nhttps://ruby-doc.org/stdlib-2.0.0/libdoc/json/rdoc/JSON.html#method-i-generate.\nNote that `max_nesting` doesn't take the value `false`; use `-1` instead.", "types": ["Optional[Struct[{\nindent => Optional[String],\nspace => Optional[String],\nspace_before => Optional[String],\nobject_nl => Optional[String],\narray_nl => Optional[String],\nallow_nan => Optional[Boolean],\nmax_nesting => Optional[Integer[-1,default]],\n}]]"], "name": "opts"}, {"tag_name": "return", "text": "converted data to pretty json", "types": ["Any"]}, {"tag_name": "summary", "text": "Convert data structure and output to pretty JSON"}]}, "source": "Puppet::Functions.create_function(:to_json_pretty) do\n # @param data\n # data structure which needs to be converted to pretty json\n # @param skip_undef\n # value `true` or `false`\n # @param opts\n # hash-map of settings passed to JSON.pretty_generate, see\n # https://ruby-doc.org/stdlib-2.0.0/libdoc/json/rdoc/JSON.html#method-i-generate.\n # Note that `max_nesting` doesn't take the value `false`; use `-1` instead.\n # @return\n # converted data to pretty json\n dispatch :to_json_pretty do\n param 'Variant[Hash, Array]', :data\n optional_param 'Optional[Boolean]', :skip_undef\n optional_param 'Struct[{\nindent => Optional[String],\nspace => Optional[String],\nspace_before => Optional[String],\nobject_nl => Optional[String],\narray_nl => Optional[String],\nallow_nan => Optional[Boolean],\nmax_nesting => Optional[Integer[-1,default]],\n}]', :opts\n end\n\n def to_json_pretty(data, skip_undef = false, opts = nil)\n # It's not possible to make an abstract type that can be either a boolean\n # false or an integer, so we use -1 as the falsey value\n if opts\n opts = Hash[opts.map { |k, v| [k.to_sym, v] }]\n\n if opts[:max_nesting] == -1\n opts[:max_nesting] = false\n end\n end\n\n if skip_undef\n if data.is_a? Array\n data = data.reject { |value| value.nil? }\n elsif data.is_a? Hash\n data = data.reject { |_, value| value.nil? }\n end\n end\n # Call ::JSON to ensure it references the JSON library from Ruby's standard library\n # instead of a random JSON namespace that might be in scope due to user code.\n ::JSON.pretty_generate(data, opts) << \"\\n\"\n end\nend"}, {"name": "to_python", "file": "lib/puppet/functions/to_python.rb", "line": 17, "type": "ruby4x", "signatures": [{"signature": "to_python(Any $object)", "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "# output Python to a file\n$listen = '0.0.0.0'\n$port = 8000\nfile { '/opt/acme/etc/settings.py':\n content => inline_epp(@(\"SETTINGS\")),\n LISTEN = <%= $listen.to_python %>\n PORT = <%= $mailserver.to_python %>\n | SETTINGS\n}", "name": "how to output Python"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "object"}, {"tag_name": "return", "text": "", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "# output Python to a file\n$listen = '0.0.0.0'\n$port = 8000\nfile { '/opt/acme/etc/settings.py':\n content => inline_epp(@(\"SETTINGS\")),\n LISTEN = <%= $listen.to_python %>\n PORT = <%= $mailserver.to_python %>\n | SETTINGS\n}", "name": "how to output Python"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "object"}, {"tag_name": "return", "text": "", "types": ["Any"]}, {"tag_name": "summary", "text": "Convert an object into a String containing its Python representation"}]}, "source": "Puppet::Functions.create_function(:to_python) do\n dispatch :to_python do\n param 'Any', :object\n end\n\n # @param object\n # The object to be converted\n #\n # @return [String]\n # The String representation of the object\n def to_python(object)\n case object\n when true then 'True'\n when false then 'False'\n when :undef then 'None'\n when Array then \"[#{object.map { |x| to_python(x) }.join(', ')}]\"\n when Hash then \"{#{object.map { |k, v| \"#{to_python(k)}: #{to_python(v)}\" }.join(', ')}}\"\n else object.inspect\n end\n end\nend"}, {"name": "to_ruby", "file": "lib/puppet/functions/to_ruby.rb", "line": 17, "type": "ruby4x", "signatures": [{"signature": "to_ruby(Any $object)", "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "# output Ruby to a file\n$listen = '0.0.0.0'\n$port = 8000\nfile { '/opt/acme/etc/settings.rb':\n content => inline_epp(@(\"SETTINGS\")),\n LISTEN = <%= $listen.to_ruby %>\n PORT = <%= $mailserver.to_ruby %>\n | SETTINGS\n}", "name": "how to output Ruby"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "object"}, {"tag_name": "return", "text": "", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "# output Ruby to a file\n$listen = '0.0.0.0'\n$port = 8000\nfile { '/opt/acme/etc/settings.rb':\n content => inline_epp(@(\"SETTINGS\")),\n LISTEN = <%= $listen.to_ruby %>\n PORT = <%= $mailserver.to_ruby %>\n | SETTINGS\n}", "name": "how to output Ruby"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "object"}, {"tag_name": "return", "text": "", "types": ["Any"]}, {"tag_name": "summary", "text": "Convert an object into a String containing its Ruby representation"}]}, "source": "Puppet::Functions.create_function(:to_ruby) do\n dispatch :to_ruby do\n param 'Any', :object\n end\n\n # @param object\n # The object to be converted\n #\n # @return [String]\n # The String representation of the object\n def to_ruby(object)\n case object\n when :undef then 'nil'\n when Array then \"[#{object.map { |x| to_ruby(x) }.join(', ')}]\"\n when Hash then \"{#{object.map { |k, v| \"#{to_ruby(k)} => #{to_ruby(v)}\" }.join(', ')}}\"\n else object.inspect\n end\n end\nend"}, {"name": "to_toml", "file": "lib/puppet/functions/to_toml.rb", "line": 6, "type": "ruby4x", "signatures": [{"signature": "to_toml(Hash $data)", "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "file { '/tmp/config.toml':\n ensure => file,\n content => to_toml($myhash),\n}", "name": "How to output TOML to a file"}, {"tag_name": "param", "text": "Data structure which needs to be converted into TOML", "types": ["Hash"], "name": "data"}, {"tag_name": "return", "text": "Converted data as TOML string", "types": ["String"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "file { '/tmp/config.toml':\n ensure => file,\n content => to_toml($myhash),\n}", "name": "How to output TOML to a file"}, {"tag_name": "param", "text": "Data structure which needs to be converted into TOML", "types": ["Hash"], "name": "data"}, {"tag_name": "return", "text": "Converted data as TOML string", "types": ["String"]}, {"tag_name": "summary", "text": "Convert a data structure and output to TOML."}]}, "source": "Puppet::Functions.create_function(:to_toml) do\n # @param data Data structure which needs to be converted into TOML\n # @return [String] Converted data as TOML string\n # @example How to output TOML to a file\n # file { '/tmp/config.toml':\n # ensure => file,\n # content => to_toml($myhash),\n # }\n dispatch :to_toml do\n required_param 'Hash', :data\n return_type 'String'\n end\n\n def to_toml(data)\n PuppetX::Stdlib::TomlDumper.new(data).toml_str\n end\nend"}, {"name": "to_yaml", "file": "lib/puppet/functions/to_yaml.rb", "line": 18, "type": "ruby4x", "signatures": [{"signature": "to_yaml(Any $data, Optional[Hash] $options)", "docstring": {"text": "}", "tags": [{"tag_name": "param", "types": ["Any"], "name": "data"}, {"tag_name": "param", "types": ["Optional[Hash]"], "name": "options"}, {"tag_name": "return", "text": "", "types": ["String"]}]}}], "docstring": {"text": "}", "tags": [{"tag_name": "param", "types": ["Any"], "name": "data"}, {"tag_name": "param", "types": ["Optional[Hash]"], "name": "options"}, {"tag_name": "return", "text": "", "types": ["String"]}]}, "source": "Puppet::Functions.create_function(:to_yaml) do\n # @param data\n # @param options\n #\n # @return [String]\n dispatch :to_yaml do\n param 'Any', :data\n optional_param 'Hash', :options\n end\n\n def to_yaml(data, options = {})\n data.to_yaml(options)\n end\nend"}, {"name": "try_get_value", "file": "lib/puppet/parser/functions/try_get_value.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "try_get_value()", "docstring": {"text": "", "tags": [{"tag_name": "return", "text": "", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "return", "text": "", "types": ["Any"]}]}, "source": "newfunction(\n :try_get_value,\n type: :rvalue,\n arity: -2,\n doc: <<-DOC,\n @summary\n **DEPRECATED:** this function is deprecated, please use dig() instead.\n\n @return\n Looks up into a complex structure of arrays and hashes and returns a value\n or the default value if nothing was found.\n\n Key can contain slashes to describe path components. The function will go down\n the structure and try to extract the required value.\n ``\n $data = {\n 'a' => {\n 'b' => [\n 'b1',\n 'b2',\n 'b3',\n ]\n }\n }\n\n $value = try_get_value($data, 'a/b/2', 'not_found', '/')\n => $value = 'b3'\n ```\n ```\n a -> first hash key\n b -> second hash key\n 2 -> array index starting with 0\n\n not_found -> (optional) will be returned if there is no value or the path did not match. Defaults to nil.\n / -> (optional) path delimiter. Defaults to '/'.\n ```\n\n In addition to the required \"key\" argument, \"try_get_value\" accepts default\n argument. It will be returned if no value was found or a path component is\n missing. And the fourth argument can set a variable path separator.\n DOC\n) do |args|\n warning('try_get_value() DEPRECATED: this function is deprecated, please use dig() instead.')\n data = args[0]\n path = args[1] || ''\n default = args[2]\n\n if !(data.is_a?(Hash) || data.is_a?(Array)) || path == ''\n return default || data\n end\n\n separator = args[3] || '/'\n path = path.split(separator).map { |key| (key =~ %r{^\\d+$}) ? key.to_i : key }\n function_dig([data, path, default])\nend"}, {"name": "type", "file": "lib/puppet/parser/functions/type.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "type()", "docstring": {"text": "please use type3x() before upgrading to Puppet 4 for backwards-compatibility, or migrate to the new parser's typing system.\n\n* string\n* array\n* hash\n* float\n* integer\n* boolean", "tags": [{"tag_name": "return", "text": "the type when passed a value. Type can be one of:", "types": ["Any"]}]}}], "docstring": {"text": "please use type3x() before upgrading to Puppet 4 for backwards-compatibility, or migrate to the new parser's typing system.\n\n* string\n* array\n* hash\n* float\n* integer\n* boolean", "tags": [{"tag_name": "return", "text": "the type when passed a value. Type can be one of:", "types": ["Any"]}, {"tag_name": "summary", "text": "**DEPRECATED:** This function will cease to function on Puppet 4;"}]}, "source": "newfunction(:type, type: :rvalue, doc: <<-DOC\n @summary\n **DEPRECATED:** This function will cease to function on Puppet 4;\n please use type3x() before upgrading to Puppet 4 for backwards-compatibility, or migrate to the new parser's typing system.\n\n @return the type when passed a value. Type can be one of:\n\n * string\n * array\n * hash\n * float\n * integer\n * boolean\nDOC\n) do |args|\n warning(\"type() DEPRECATED: This function will cease to function on Puppet 4; please use type3x() before upgrading to puppet 4 for backwards-compatibility, or migrate to the new parser's typing system.\") # rubocop:disable Layout/LineLength : Cannot reduce line length\n unless Puppet::Parser::Functions.autoloader.loaded?(:type3x)\n Puppet::Parser::Functions.autoloader.load(:type3x)\n end\n function_type3x(args)\nend"}, {"name": "type3x", "file": "lib/puppet/parser/functions/type3x.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "type3x()", "docstring": {"text": "* string\n* array\n* hash\n* float\n* integer\n* boolean", "tags": [{"tag_name": "return", "text": "the type when passed a value. Type can be one of:", "types": ["Any"]}]}}], "docstring": {"text": "* string\n* array\n* hash\n* float\n* integer\n* boolean", "tags": [{"tag_name": "return", "text": "the type when passed a value. Type can be one of:", "types": ["Any"]}, {"tag_name": "summary", "text": "**DEPRECATED:** This function will be removed when Puppet 3 support is dropped; please migrate to the new parser's typing system."}]}, "source": "newfunction(:type3x, type: :rvalue, doc: <<-DOC\n @summary\n **DEPRECATED:** This function will be removed when Puppet 3 support is dropped; please migrate to the new parser's typing system.\n\n @return the type when passed a value. Type can be one of:\n\n * string\n * array\n * hash\n * float\n * integer\n * boolean\nDOC\n) do |args|\n raise(Puppet::ParseError, \"type3x(): Wrong number of arguments given (#{args.size} for 1)\") unless args.size == 1\n\n value = args[0]\n\n klass = value.class\n\n unless [TrueClass, FalseClass, Array, Bignum, Fixnum, Float, Hash, String].include?(klass) # rubocop:disable Lint/UnifiedInteger\n raise(Puppet::ParseError, 'type3x(): Unknown type')\n end\n\n klass = klass.to_s # Ugly ...\n\n # We note that Integer is the parent to Bignum and Fixnum ...\n result = case klass\n when %r{^(?:Big|Fix)num$} then 'integer'\n when %r{^(?:True|False)Class$} then 'boolean'\n else klass\n end\n\n if result == 'String'\n if value == value.to_i.to_s\n result = 'Integer'\n elsif value == value.to_f.to_s\n result = 'Float'\n end\n end\n\n return result.downcase\nend"}, {"name": "type_of", "file": "lib/puppet/functions/type_of.rb", "line": 18, "type": "ruby4x", "signatures": [{"signature": "type_of(Any $value)", "docstring": {"text": "See the documentation for \"The Puppet Type System\" for more information about types.\nSee the `assert_type()` function for flexible ways to assert the type of a value.\n\nThe built-in type() function in puppet is generally preferred over this function\nthis function is provided for backwards compatibility.", "tags": [{"tag_name": "example", "text": "# compare the types of two values\nif type_of($first_value) != type_of($second_value) { fail(\"first_value and second_value are different types\") }", "name": "how to compare values' types"}, {"tag_name": "example", "text": "unless type_of($first_value) <= Numeric { fail(\"first_value must be Numeric\") }\nunless type_of{$first_value) <= Collection[1] { fail(\"first_value must be an Array or Hash, and contain at least one element\") }", "name": "how to compare against an abstract type"}, {"tag_name": "param", "types": ["Any"], "name": "value"}, {"tag_name": "return", "text": "the type of the passed value", "types": ["String"]}]}}], "docstring": {"text": "See the documentation for \"The Puppet Type System\" for more information about types.\nSee the `assert_type()` function for flexible ways to assert the type of a value.\n\nThe built-in type() function in puppet is generally preferred over this function\nthis function is provided for backwards compatibility.", "tags": [{"tag_name": "example", "text": "# compare the types of two values\nif type_of($first_value) != type_of($second_value) { fail(\"first_value and second_value are different types\") }", "name": "how to compare values' types"}, {"tag_name": "example", "text": "unless type_of($first_value) <= Numeric { fail(\"first_value must be Numeric\") }\nunless type_of{$first_value) <= Collection[1] { fail(\"first_value must be an Array or Hash, and contain at least one element\") }", "name": "how to compare against an abstract type"}, {"tag_name": "param", "types": ["Any"], "name": "value"}, {"tag_name": "return", "text": "the type of the passed value", "types": ["String"]}, {"tag_name": "summary", "text": "Returns the type of the passed value."}]}, "source": "Puppet::Functions.create_function(:type_of) do\n # @return [String]\n # the type of the passed value\n #\n # @param value\n def type_of(value)\n Puppet::Pops::Types::TypeCalculator.infer_set(value)\n end\nend"}, {"name": "union", "file": "lib/puppet/parser/functions/union.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "union()", "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "\nunion([\"a\",\"b\",\"c\"],[\"b\",\"c\",\"d\"])\nWould return: [\"a\",\"b\",\"c\",\"d\"]", "name": "**Usage**"}, {"tag_name": "return", "text": "a unionized array of two or more arrays", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "\nunion([\"a\",\"b\",\"c\"],[\"b\",\"c\",\"d\"])\nWould return: [\"a\",\"b\",\"c\",\"d\"]", "name": "**Usage**"}, {"tag_name": "return", "text": "a unionized array of two or more arrays", "types": ["Any"]}, {"tag_name": "summary", "text": "This function returns a union of two or more arrays."}]}, "source": "newfunction(:union, type: :rvalue, doc: <<-DOC\n @summary\n This function returns a union of two or more arrays.\n\n @return\n a unionized array of two or more arrays\n @example **Usage**\n\n union([\"a\",\"b\",\"c\"],[\"b\",\"c\",\"d\"])\n Would return: [\"a\",\"b\",\"c\",\"d\"]\n DOC\n) do |arguments|\n # Check that 2 or more arguments have been given ...\n raise(Puppet::ParseError, \"union(): Wrong number of arguments given (#{arguments.size} for < 2)\") if arguments.size < 2\n\n arguments.each do |argument|\n raise(Puppet::ParseError, 'union(): Every parameter must be an array') unless argument.is_a?(Array)\n end\n\n arguments.reduce(:|)\nend"}, {"name": "unique", "file": "lib/puppet/parser/functions/unique.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "unique()", "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "\nunique(\"aabbcc\")\nWill return: abc\n\nYou can also use this with arrays:\n\nunique([\"a\",\"a\",\"b\",\"b\",\"c\",\"c\"])\nThis returns: [\"a\",\"b\",\"c\"]", "name": "**Usage**"}, {"tag_name": "return", "text": "String or array with duplicates removed", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "\nunique(\"aabbcc\")\nWill return: abc\n\nYou can also use this with arrays:\n\nunique([\"a\",\"a\",\"b\",\"b\",\"c\",\"c\"])\nThis returns: [\"a\",\"b\",\"c\"]", "name": "**Usage**"}, {"tag_name": "return", "text": "String or array with duplicates removed", "types": ["Any"]}, {"tag_name": "summary", "text": "This function will remove duplicates from strings and arrays."}]}, "source": "newfunction(:unique, type: :rvalue, doc: <<-DOC\n @summary\n This function will remove duplicates from strings and arrays.\n\n @return\n String or array with duplicates removed\n\n @example **Usage**\n\n unique(\"aabbcc\")\n Will return: abc\n\n You can also use this with arrays:\n\n unique([\"a\",\"a\",\"b\",\"b\",\"c\",\"c\"])\n This returns: [\"a\",\"b\",\"c\"]\n\n DOC\n) do |arguments|\n if Puppet::Util::Package.versioncmp(Puppet.version, '5.0.0') >= 0\n function_deprecation([:unique, 'This method is deprecated, please use the core puppet unique function. There is further documentation for the function in the release notes of Puppet 5.0.'])\n end\n\n raise(Puppet::ParseError, \"unique(): Wrong number of arguments given (#{arguments.size} for 1)\") if arguments.empty?\n\n value = arguments[0]\n\n unless value.is_a?(Array) || value.is_a?(String)\n raise(Puppet::ParseError, 'unique(): Requires either array or string to work with')\n end\n\n result = value.clone\n\n string = value.is_a?(String) ? true : false\n\n # We turn any string value into an array to be able to shuffle ...\n result = string ? result.split('') : result\n result = result.uniq # Remove duplicates ...\n result = string ? result.join : result\n\n return result\nend"}, {"name": "unix2dos", "file": "lib/puppet/parser/functions/unix2dos.rb", "line": 5, "type": "ruby3x", "signatures": [{"signature": "unix2dos()", "docstring": {"text": "Takes a single string argument.", "tags": [{"tag_name": "return", "text": "the DOS version of the given string.", "types": ["Any"]}]}}], "docstring": {"text": "Takes a single string argument.", "tags": [{"tag_name": "return", "text": "the DOS version of the given string.", "types": ["Any"]}, {"tag_name": "summary", "text": "Returns the DOS version of the given string."}]}, "source": "newfunction(:unix2dos, type: :rvalue, arity: 1, doc: <<-DOC\n @summary\n Returns the DOS version of the given string.\n\n @return\n the DOS version of the given string.\n\n Takes a single string argument.\n DOC\n) do |arguments|\n unless arguments[0].is_a?(String)\n raise(Puppet::ParseError, 'unix2dos(): Requires string as argument')\n end\n\n arguments[0].gsub(%r{\\r*\\n}, \"\\r\\n\")\nend"}, {"name": "upcase", "file": "lib/puppet/parser/functions/upcase.rb", "line": 8, "type": "ruby3x", "signatures": [{"signature": "upcase()", "docstring": {"text": "> *Note:* from Puppet 6.0.0, the compatible function with the same name in Puppet core\nwill be used instead of this function.", "tags": [{"tag_name": "example", "text": "\nupcase(\"abcd\")\nWill return ABCD", "name": "**Usage**"}, {"tag_name": "return", "text": "converted string ot array of strings to uppercase", "types": ["Any"]}]}}], "docstring": {"text": "> *Note:* from Puppet 6.0.0, the compatible function with the same name in Puppet core\nwill be used instead of this function.", "tags": [{"tag_name": "example", "text": "\nupcase(\"abcd\")\nWill return ABCD", "name": "**Usage**"}, {"tag_name": "return", "text": "converted string ot array of strings to uppercase", "types": ["Any"]}, {"tag_name": "summary", "text": "Converts a string or an array of strings to uppercase."}]}, "source": "newfunction(:upcase, type: :rvalue, doc: <<-DOC\n @summary\n Converts a string or an array of strings to uppercase.\n\n @return\n converted string ot array of strings to uppercase\n\n @example **Usage**\n\n upcase(\"abcd\")\n Will return ABCD\n\n > *Note:* from Puppet 6.0.0, the compatible function with the same name in Puppet core\n will be used instead of this function.\nDOC\n) do |arguments|\n raise(Puppet::ParseError, \"upcase(): Wrong number of arguments given (#{arguments.size} for 1)\") if arguments.size != 1\n\n value = arguments[0]\n\n unless value.is_a?(Array) || value.is_a?(Hash) || value.respond_to?(:upcase)\n raise(Puppet::ParseError, 'upcase(): Requires an array, hash or object that responds to upcase in order to work')\n end\n\n if value.is_a?(Array)\n # Numbers in Puppet are often string-encoded which is troublesome ...\n result = value.map { |i| function_upcase([i]) }\n elsif value.is_a?(Hash)\n result = {}\n value.each_pair do |k, v|\n result[function_upcase([k])] = function_upcase([v])\n end\n else\n result = value.upcase\n end\n\n return result\nend"}, {"name": "uriescape", "file": "lib/puppet/parser/functions/uriescape.rb", "line": 9, "type": "ruby3x", "signatures": [{"signature": "uriescape()", "docstring": {"text": "", "tags": [{"tag_name": "return", "text": "a string that contains the converted value", "types": ["String"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "return", "text": "a string that contains the converted value", "types": ["String"]}, {"tag_name": "summary", "text": "Urlencodes a string or array of strings.\nRequires either a single string or an array as an input."}]}, "source": "newfunction(:uriescape, type: :rvalue, doc: <<-DOC\n @summary\n Urlencodes a string or array of strings.\n Requires either a single string or an array as an input.\n\n @return [String]\n a string that contains the converted value\n\n DOC\n) do |arguments|\n raise(Puppet::ParseError, \"uriescape(): Wrong number of arguments given (#{arguments.size} for 1)\") if arguments.empty?\n\n value = arguments[0]\n\n unless value.is_a?(Array) || value.is_a?(String)\n raise(Puppet::ParseError, 'uriescape(): Requires either array or string to work with')\n end\n\n result = if value.is_a?(Array)\n # Numbers in Puppet are often string-encoded which is troublesome ...\n value.map { |i| i.is_a?(String) ? URI::DEFAULT_PARSER.escape(i) : i }\n else\n URI::DEFAULT_PARSER.escape(value)\n end\n\n return result\nend"}, {"name": "validate_absolute_path", "file": "lib/puppet/functions/validate_absolute_path.rb", "line": 5, "type": "ruby4x", "signatures": [{"signature": "validate_absolute_path(Any $scope, Any *$args)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "A boolean value returned from the called function.", "types": ["Boolean"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "A boolean value returned from the called function.", "types": ["Boolean"]}, {"tag_name": "summary", "text": "Validate the string represents an absolute path in the filesystem."}]}, "source": "Puppet::Functions.create_function(:validate_absolute_path) do\n # @param scope\n # The main value that will be passed to the method\n #\n # @param args\n # Any additional values that are to be passed to the method\n #\n # @return [Boolean]\n # A boolean value returned from the called function.\n dispatch :deprecation_gen do\n param 'Any', :scope\n repeated_param 'Any', :args\n end\n # Workaround PUP-4438 (fixed: https://github.com/puppetlabs/puppet/commit/e01c4dc924cd963ff6630008a5200fc6a2023b08#diff\n # -c937cc584953271bb3d3b3c2cb141790R221) to support puppet < 4.1.0 and puppet < 3.8.1.\n def call(scope, *args)\n manipulated_args = [scope] + args\n self.class.dispatcher.dispatch(self, scope, manipulated_args)\n end\n\n def deprecation_gen(scope, *args)\n call_function('deprecation', 'validate_absolute_path', 'This method is deprecated, please use the stdlib validate_legacy function,\n with Stdlib::Compat::Absolute_Path. There is further documentation for validate_legacy function in the README.')\n scope.send('function_validate_absolute_path', args)\n end\nend"}, {"name": "validate_absolute_path", "file": "lib/puppet/parser/functions/validate_absolute_path.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "validate_absolute_path()", "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "\nThe following values will pass:\n\n $my_path = 'C:/Program Files (x86)/Puppet Labs/Puppet'\n validate_absolute_path($my_path)\n $my_path2 = '/var/lib/puppet'\n validate_absolute_path($my_path2)\n $my_path3 = ['C:/Program Files (x86)/Puppet Labs/Puppet','C:/Program Files/Puppet Labs/Puppet']\n validate_absolute_path($my_path3)\n $my_path4 = ['/var/lib/puppet','/usr/share/puppet']\n validate_absolute_path($my_path4)\n\nThe following values will fail, causing compilation to abort:\n\n validate_absolute_path(true)\n validate_absolute_path('../var/lib/puppet')\n validate_absolute_path('var/lib/puppet')\n validate_absolute_path([ 'var/lib/puppet', '/var/foo' ])\n validate_absolute_path([ '/var/lib/puppet', 'var/foo' ])\n $undefined = undef\n validate_absolute_path($undefin", "name": "**Usage**"}, {"tag_name": "return", "text": "passes when the string is an absolute path or raise an error when it is not and fails compilation", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "\nThe following values will pass:\n\n $my_path = 'C:/Program Files (x86)/Puppet Labs/Puppet'\n validate_absolute_path($my_path)\n $my_path2 = '/var/lib/puppet'\n validate_absolute_path($my_path2)\n $my_path3 = ['C:/Program Files (x86)/Puppet Labs/Puppet','C:/Program Files/Puppet Labs/Puppet']\n validate_absolute_path($my_path3)\n $my_path4 = ['/var/lib/puppet','/usr/share/puppet']\n validate_absolute_path($my_path4)\n\nThe following values will fail, causing compilation to abort:\n\n validate_absolute_path(true)\n validate_absolute_path('../var/lib/puppet')\n validate_absolute_path('var/lib/puppet')\n validate_absolute_path([ 'var/lib/puppet', '/var/foo' ])\n validate_absolute_path([ '/var/lib/puppet', 'var/foo' ])\n $undefined = undef\n validate_absolute_path($undefin", "name": "**Usage**"}, {"tag_name": "return", "text": "passes when the string is an absolute path or raise an error when it is not and fails compilation", "types": ["Any"]}, {"tag_name": "summary", "text": "Validate the string represents an absolute path in the filesystem. This function works\nfor windows and unix style paths."}]}, "source": "newfunction(:validate_absolute_path, doc: <<-DOC) do |args|\n @summary\n Validate the string represents an absolute path in the filesystem. This function works\n for windows and unix style paths.\n\n @return\n passes when the string is an absolute path or raise an error when it is not and fails compilation\n\n @example **Usage**\n\n The following values will pass:\n\n $my_path = 'C:/Program Files (x86)/Puppet Labs/Puppet'\n validate_absolute_path($my_path)\n $my_path2 = '/var/lib/puppet'\n validate_absolute_path($my_path2)\n $my_path3 = ['C:/Program Files (x86)/Puppet Labs/Puppet','C:/Program Files/Puppet Labs/Puppet']\n validate_absolute_path($my_path3)\n $my_path4 = ['/var/lib/puppet','/usr/share/puppet']\n validate_absolute_path($my_path4)\n\n The following values will fail, causing compilation to abort:\n\n validate_absolute_path(true)\n validate_absolute_path('../var/lib/puppet')\n validate_absolute_path('var/lib/puppet')\n validate_absolute_path([ 'var/lib/puppet', '/var/foo' ])\n validate_absolute_path([ '/var/lib/puppet', 'var/foo' ])\n $undefined = undef\n validate_absolute_path($undefined)\n DOC\n\n require 'puppet/util'\n\n if args.empty?\n raise Puppet::ParseError, \"validate_absolute_path(): wrong number of arguments (#{args.length}; must be > 0)\"\n end\n\n args.each do |arg|\n # put arg to candidate var to be able to replace it\n candidates = arg\n # if arg is just a string with a path to test, convert it to an array\n # to avoid test code duplication\n unless arg.is_a?(Array)\n candidates = Array.new(1, arg)\n end\n # iterate over all paths within the candidates array\n candidates.each do |path|\n unless function_is_absolute_path([path])\n raise Puppet::ParseError, \"#{path.inspect} is not an absolute path.\"\n end\n end\n end\nend"}, {"name": "validate_array", "file": "lib/puppet/functions/validate_array.rb", "line": 5, "type": "ruby4x", "signatures": [{"signature": "validate_array(Any $scope, Any *$args)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "A boolean value (`true` or `false`) returned from the called function.", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "A boolean value (`true` or `false`) returned from the called function.", "types": ["Any"]}, {"tag_name": "summary", "text": "Validate the passed value represents an array."}]}, "source": "Puppet::Functions.create_function(:validate_array) do\n # @param scope\n # The main value that will be passed to the method\n #\n # @param args\n # Any additional values that are to be passed to the method\n #\n # @return\n # A boolean value (`true` or `false`) returned from the called function.\n dispatch :deprecation_gen do\n param 'Any', :scope\n repeated_param 'Any', :args\n end\n # Workaround PUP-4438 (fixed: https://github.com/puppetlabs/puppet/commit/e01c4dc924cd963ff6630008a5200fc6a2023b08#diff\n # -c937cc584953271bb3d3b3c2cb141790R221) to support puppet < 4.1.0 and puppet < 3.8.1.\n def call(scope, *args)\n manipulated_args = [scope] + args\n self.class.dispatcher.dispatch(self, scope, manipulated_args)\n end\n\n def deprecation_gen(scope, *args)\n call_function('deprecation', 'validate_array', 'This method is deprecated, please use the stdlib validate_legacy function,\n with Stdlib::Compat::Array. There is further documentation for validate_legacy function in the README.')\n scope.send('function_validate_array', args)\n end\nend"}, {"name": "validate_array", "file": "lib/puppet/parser/functions/validate_array.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "validate_array()", "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "The following values will pass:\n\n $my_array = [ 'one', 'two' ]\n validate_array($my_array)\n\nThe following values will fail, causing compilation to abort:\n\n validate_array(true)\n validate_array('some_string')\n $undefined = undef\n validate_array($undefined", "name": "**Usage**"}, {"tag_name": "return", "text": "validate array", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "The following values will pass:\n\n $my_array = [ 'one', 'two' ]\n validate_array($my_array)\n\nThe following values will fail, causing compilation to abort:\n\n validate_array(true)\n validate_array('some_string')\n $undefined = undef\n validate_array($undefined", "name": "**Usage**"}, {"tag_name": "return", "text": "validate array", "types": ["Any"]}, {"tag_name": "summary", "text": "Validate that all passed values are array data structures. Abort catalog\ncompilation if any value fails this check."}]}, "source": "newfunction(:validate_array, doc: <<-DOC) do |args|\n @summary\n Validate that all passed values are array data structures. Abort catalog\n compilation if any value fails this check.\n\n @return\n validate array\n\n @example **Usage**\n The following values will pass:\n\n $my_array = [ 'one', 'two' ]\n validate_array($my_array)\n\n The following values will fail, causing compilation to abort:\n\n validate_array(true)\n validate_array('some_string')\n $undefined = undef\n validate_array($undefined)\n DOC\n\n function_deprecation([:validate_array, 'This method is deprecated, please use the stdlib validate_legacy function,\n with Stdlib::Compat::Array. There is further documentation for validate_legacy function in the README.'])\n\n if args.empty?\n raise Puppet::ParseError, \"validate_array(): wrong number of arguments (#{args.length}; must be > 0)\"\n end\n\n args.each do |arg|\n unless arg.is_a?(Array)\n raise Puppet::ParseError, \"#{arg.inspect} is not an Array. It looks to be a #{arg.class}\"\n end\n end\nend"}, {"name": "validate_augeas", "file": "lib/puppet/parser/functions/validate_augeas.rb", "line": 9, "type": "ruby3x", "signatures": [{"signature": "validate_augeas()", "docstring": {"text": "The first argument of this function should be a string to\ntest, and the second argument should be the name of the Augeas lens to use.\nIf Augeas fails to parse the string with the lens, the compilation will\nabort with a parse error.\n\nA third argument can be specified, listing paths which should\nnot be found in the file. The `$file` variable points to the location\nof the temporary file being tested in the Augeas tree.", "tags": [{"tag_name": "example", "text": "\nIf you want to make sure your passwd content never contains\na user `foo`, you could write:\n\n validate_augeas($passwdcontent, 'Passwd.lns', ['$file/foo'])\n\nIf you wanted to ensure that no users used the '/bin/barsh' shell,\nyou could use:\n\n validate_augeas($passwdcontent, 'Passwd.lns', ['$file/*[shell=\"/bin/barsh\"]']\n\nIf a fourth argument is specified, this will be the error message raised and\nseen by the user.\n\nA helpful error message can be returned like this:\n\n validate_augeas($sudoerscontent, 'Sudoers.lns', [], 'Failed to validate sudoers content with Augeas')", "name": "**Usage**"}, {"tag_name": "return", "text": "validate string using an Augeas lens", "types": ["Any"]}]}}], "docstring": {"text": "The first argument of this function should be a string to\ntest, and the second argument should be the name of the Augeas lens to use.\nIf Augeas fails to parse the string with the lens, the compilation will\nabort with a parse error.\n\nA third argument can be specified, listing paths which should\nnot be found in the file. The `$file` variable points to the location\nof the temporary file being tested in the Augeas tree.", "tags": [{"tag_name": "example", "text": "\nIf you want to make sure your passwd content never contains\na user `foo`, you could write:\n\n validate_augeas($passwdcontent, 'Passwd.lns', ['$file/foo'])\n\nIf you wanted to ensure that no users used the '/bin/barsh' shell,\nyou could use:\n\n validate_augeas($passwdcontent, 'Passwd.lns', ['$file/*[shell=\"/bin/barsh\"]']\n\nIf a fourth argument is specified, this will be the error message raised and\nseen by the user.\n\nA helpful error message can be returned like this:\n\n validate_augeas($sudoerscontent, 'Sudoers.lns', [], 'Failed to validate sudoers content with Augeas')", "name": "**Usage**"}, {"tag_name": "return", "text": "validate string using an Augeas lens", "types": ["Any"]}, {"tag_name": "summary", "text": "Perform validation of a string using an Augeas lens"}]}, "source": "newfunction(:validate_augeas, doc: <<-DOC\n @summary\n Perform validation of a string using an Augeas lens\n\n The first argument of this function should be a string to\n test, and the second argument should be the name of the Augeas lens to use.\n If Augeas fails to parse the string with the lens, the compilation will\n abort with a parse error.\n\n A third argument can be specified, listing paths which should\n not be found in the file. The `$file` variable points to the location\n of the temporary file being tested in the Augeas tree.\n\n @return\n validate string using an Augeas lens\n\n @example **Usage**\n\n If you want to make sure your passwd content never contains\n a user `foo`, you could write:\n\n validate_augeas($passwdcontent, 'Passwd.lns', ['$file/foo'])\n\n If you wanted to ensure that no users used the '/bin/barsh' shell,\n you could use:\n\n validate_augeas($passwdcontent, 'Passwd.lns', ['$file/*[shell=\"/bin/barsh\"]']\n\n If a fourth argument is specified, this will be the error message raised and\n seen by the user.\n\n A helpful error message can be returned like this:\n\n validate_augeas($sudoerscontent, 'Sudoers.lns', [], 'Failed to validate sudoers content with Augeas')\n\n DOC\n) do |args|\n unless Puppet.features.augeas?\n raise Puppet::ParseError, 'validate_augeas(): this function requires the augeas feature. See http://docs.puppetlabs.com/guides/augeas.html#pre-requisites for how to activate it.'\n end\n\n if (args.length < 2) || (args.length > 4)\n raise Puppet::ParseError, \"validate_augeas(): wrong number of arguments (#{args.length}; must be 2, 3, or 4)\"\n end\n\n msg = args[3] || \"validate_augeas(): Failed to validate content against #{args[1].inspect}\"\n\n require 'augeas'\n aug = Augeas.open(nil, nil, Augeas::NO_MODL_AUTOLOAD)\n begin\n content = args[0]\n\n # Test content in a temporary file\n tmpfile = Tempfile.new('validate_augeas')\n begin\n tmpfile.write(content)\n ensure\n tmpfile.close\n end\n\n # Check for syntax\n lens = args[1]\n aug.transform(\n lens: lens,\n name: 'Validate_augeas',\n incl: tmpfile.path,\n )\n aug.load!\n\n unless aug.match(\"/augeas/files#{tmpfile.path}//error\").empty?\n error = aug.get(\"/augeas/files#{tmpfile.path}//error/message\")\n msg += \" with error: #{error}\"\n raise Puppet::ParseError, msg\n end\n\n # Launch unit tests\n tests = args[2] || []\n aug.defvar('file', \"/files#{tmpfile.path}\")\n tests.each do |t|\n msg += \" testing path #{t}\"\n raise Puppet::ParseError, msg unless aug.match(t).empty?\n end\n ensure\n aug.close\n tmpfile.unlink\n end\nend"}, {"name": "validate_bool", "file": "lib/puppet/functions/validate_bool.rb", "line": 5, "type": "ruby4x", "signatures": [{"signature": "validate_bool(Any $scope, Any *$args)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "`true` or `false`\nA boolean value returned from the called function.", "types": ["Boolean"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "`true` or `false`\nA boolean value returned from the called function.", "types": ["Boolean"]}, {"tag_name": "summary", "text": "Validate the passed value represents a boolean."}]}, "source": "Puppet::Functions.create_function(:validate_bool) do\n # @param scope\n # The main value that will be passed to the method\n #\n # @param args\n # Any additional values that are to be passed to the method\n #\n # @return [Boolean] `true` or `false`\n # A boolean value returned from the called function.\n dispatch :deprecation_gen do\n param 'Any', :scope\n repeated_param 'Any', :args\n end\n # Workaround PUP-4438 (fixed: https://github.com/puppetlabs/puppet/commit/e01c4dc924cd963ff6630008a5200fc6a2023b08#diff\n # -c937cc584953271bb3d3b3c2cb141790R221) to support puppet < 4.1.0 and puppet < 3.8.1.\n def call(scope, *args)\n manipulated_args = [scope] + args\n self.class.dispatcher.dispatch(self, scope, manipulated_args)\n end\n\n def deprecation_gen(scope, *args)\n call_function('deprecation', 'validate_bool', 'This method is deprecated, please use the stdlib validate_legacy function,\n with Stdlib::Compat::Bool. There is further documentation for validate_legacy function in the README.')\n scope.send('function_validate_bool', args)\n end\nend"}, {"name": "validate_bool", "file": "lib/puppet/parser/functions/validate_bool.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "validate_bool()", "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "\nThe following values will pass:\n\n $iamtrue = true\n validate_bool(true)\n validate_bool(true, true, false, $iamtrue)\n\nThe following values will fail, causing compilation to abort:\n\n $some_array = [ true ]\n validate_bool(\"false\")\n validate_bool(\"true\")\n validate_bool($some_array)", "name": "**Usage**"}, {"tag_name": "return", "text": "validate boolean", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "\nThe following values will pass:\n\n $iamtrue = true\n validate_bool(true)\n validate_bool(true, true, false, $iamtrue)\n\nThe following values will fail, causing compilation to abort:\n\n $some_array = [ true ]\n validate_bool(\"false\")\n validate_bool(\"true\")\n validate_bool($some_array)", "name": "**Usage**"}, {"tag_name": "return", "text": "validate boolean", "types": ["Any"]}, {"tag_name": "summary", "text": "Validate that all passed values are either true or false. Abort catalog\ncompilation if any value fails this check."}]}, "source": "newfunction(:validate_bool, doc: <<-DOC\n @summary\n Validate that all passed values are either true or false. Abort catalog\n compilation if any value fails this check.\n\n @return\n validate boolean\n\n @example **Usage**\n\n The following values will pass:\n\n $iamtrue = true\n validate_bool(true)\n validate_bool(true, true, false, $iamtrue)\n\n The following values will fail, causing compilation to abort:\n\n $some_array = [ true ]\n validate_bool(\"false\")\n validate_bool(\"true\")\n validate_bool($some_array)\n DOC\n) do |args|\n if args.empty?\n raise Puppet::ParseError, \"validate_bool(): wrong number of arguments (#{args.length}; must be > 0)\"\n end\n\n args.each do |arg|\n unless function_is_bool([arg])\n raise Puppet::ParseError, \"#{arg.inspect} is not a boolean. It looks to be a #{arg.class}\"\n end\n end\nend"}, {"name": "validate_cmd", "file": "lib/puppet/parser/functions/validate_cmd.rb", "line": 10, "type": "ruby3x", "signatures": [{"signature": "validate_cmd()", "docstring": {"text": "The first argument of this function should be a string to\ntest, and the second argument should be a path to a test command\ntaking a % as a placeholder for the file path (will default to the end).\nIf the command, launched against a tempfile containing the passed string,\nreturns a non-null value, compilation will abort with a parse error.\nIf a third argument is specified, this will be the error message raised and\nseen by the user.\n\nA helpful error message can be returned like this:", "tags": [{"tag_name": "example", "text": "\nDefaults to end of path\n validate_cmd($sudoerscontent, '/usr/sbin/visudo -c -f', 'Visudo failed to validate sudoers content')\n\n% as file location\n validate_cmd($haproxycontent, '/usr/sbin/haproxy -f % -c', 'Haproxy failed to validate config content')", "name": "**Usage**"}, {"tag_name": "return", "text": "validate of a string with an external command", "types": ["Any"]}]}}], "docstring": {"text": "The first argument of this function should be a string to\ntest, and the second argument should be a path to a test command\ntaking a % as a placeholder for the file path (will default to the end).\nIf the command, launched against a tempfile containing the passed string,\nreturns a non-null value, compilation will abort with a parse error.\nIf a third argument is specified, this will be the error message raised and\nseen by the user.\n\nA helpful error message can be returned like this:", "tags": [{"tag_name": "example", "text": "\nDefaults to end of path\n validate_cmd($sudoerscontent, '/usr/sbin/visudo -c -f', 'Visudo failed to validate sudoers content')\n\n% as file location\n validate_cmd($haproxycontent, '/usr/sbin/haproxy -f % -c', 'Haproxy failed to validate config content')", "name": "**Usage**"}, {"tag_name": "return", "text": "validate of a string with an external command", "types": ["Any"]}, {"tag_name": "summary", "text": "Perform validation of a string with an external command."}]}, "source": "newfunction(:validate_cmd, doc: <<-DOC\n @summary\n Perform validation of a string with an external command.\n\n The first argument of this function should be a string to\n test, and the second argument should be a path to a test command\n taking a % as a placeholder for the file path (will default to the end).\n If the command, launched against a tempfile containing the passed string,\n returns a non-null value, compilation will abort with a parse error.\n If a third argument is specified, this will be the error message raised and\n seen by the user.\n\n @return\n validate of a string with an external command\n\n A helpful error message can be returned like this:\n\n @example **Usage**\n\n Defaults to end of path\n validate_cmd($sudoerscontent, '/usr/sbin/visudo -c -f', 'Visudo failed to validate sudoers content')\n\n % as file location\n validate_cmd($haproxycontent, '/usr/sbin/haproxy -f % -c', 'Haproxy failed to validate config content')\n\n DOC\n) do |args|\n if (args.length < 2) || (args.length > 3)\n raise Puppet::ParseError, \"validate_cmd(): wrong number of arguments (#{args.length}; must be 2 or 3)\"\n end\n\n msg = args[2] || \"validate_cmd(): failed to validate content with command #{args[1].inspect}\"\n\n content = args[0]\n checkscript = args[1]\n\n # Test content in a temporary file\n tmpfile = Tempfile.new('validate_cmd')\n begin\n tmpfile.write(content)\n tmpfile.close\n\n check_with_correct_location = if %r{\\s%(\\s|$)}.match?(checkscript)\n checkscript.gsub(%r{%}, tmpfile.path)\n else\n \"#{checkscript} #{tmpfile.path}\"\n end\n\n if Puppet::Util::Execution.respond_to?('execute')\n Puppet::Util::Execution.execute(check_with_correct_location)\n else\n Puppet::Util.execute(check_with_correct_location)\n end\n rescue Puppet::ExecutionFailure => detail\n msg += \"\\n#{detail}\"\n raise Puppet::ParseError, msg\n rescue StandardError => detail\n msg += \"\\n#{detail.class.name} #{detail}\"\n raise Puppet::ParseError, msg\n ensure\n tmpfile.unlink\n end\nend"}, {"name": "validate_domain_name", "file": "lib/puppet/parser/functions/validate_domain_name.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "validate_domain_name()", "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "\nThe following values will pass:\n\n $my_domain_name = 'server.domain.tld'\n validate_domain_name($my_domain_name)\n validate_domain_name('domain.tld', 'puppet.com', $my_domain_name)\n\nThe following values will fail, causing compilation to abort:\n\n validate_domain_name(1)\n validate_domain_name(true)\n validate_domain_name('invalid domain')\n validate_domain_name('-foo.example.com')\n validate_domain_name('www.example.2com')", "name": "**Usage**"}, {"tag_name": "return", "text": "passes when the given values are syntactically correct domain names or raise an error when they are not and fails compilation", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "\nThe following values will pass:\n\n $my_domain_name = 'server.domain.tld'\n validate_domain_name($my_domain_name)\n validate_domain_name('domain.tld', 'puppet.com', $my_domain_name)\n\nThe following values will fail, causing compilation to abort:\n\n validate_domain_name(1)\n validate_domain_name(true)\n validate_domain_name('invalid domain')\n validate_domain_name('-foo.example.com')\n validate_domain_name('www.example.2com')", "name": "**Usage**"}, {"tag_name": "return", "text": "passes when the given values are syntactically correct domain names or raise an error when they are not and fails compilation", "types": ["Any"]}, {"tag_name": "summary", "text": "Validate that all values passed are syntactically correct domain names.\nFail compilation if any value fails this check."}]}, "source": "newfunction(:validate_domain_name, doc: <<-DOC\n @summary\n Validate that all values passed are syntactically correct domain names.\n Fail compilation if any value fails this check.\n\n @return\n passes when the given values are syntactically correct domain names or raise an error when they are not and fails compilation\n\n @example **Usage**\n\n The following values will pass:\n\n $my_domain_name = 'server.domain.tld'\n validate_domain_name($my_domain_name)\n validate_domain_name('domain.tld', 'puppet.com', $my_domain_name)\n\n The following values will fail, causing compilation to abort:\n\n validate_domain_name(1)\n validate_domain_name(true)\n validate_domain_name('invalid domain')\n validate_domain_name('-foo.example.com')\n validate_domain_name('www.example.2com')\n DOC\n) do |args|\n rescuable_exceptions = [ArgumentError]\n\n if args.empty?\n raise Puppet::ParseError, \"validate_domain_name(): wrong number of arguments (#{args.length}; must be > 0)\"\n end\n\n args.each do |arg|\n raise Puppet::ParseError, \"#{arg.inspect} is not a string.\" unless arg.is_a?(String)\n\n begin\n raise Puppet::ParseError, \"#{arg.inspect} is not a syntactically correct domain name\" unless function_is_domain_name([arg])\n rescue *rescuable_exceptions\n raise Puppet::ParseError, \"#{arg.inspect} is not a syntactically correct domain name\"\n end\n end\nend"}, {"name": "validate_email_address", "file": "lib/puppet/parser/functions/validate_email_address.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "validate_email_address()", "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "\nThe following values will pass:\n\n $my_email = \"waldo@gmail.com\"\n validate_email_address($my_email)\n validate_email_address(\"bob@gmail.com\", \"alice@gmail.com\", $my_email)\n\nThe following values will fail, causing compilation to abort:\n\n $some_array = [ 'bad_email@/d/efdf.com' ]\n validate_email_address($some_array)", "name": "**Usage**"}, {"tag_name": "return", "text": "Fail compilation if any value fails this check.", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "\nThe following values will pass:\n\n $my_email = \"waldo@gmail.com\"\n validate_email_address($my_email)\n validate_email_address(\"bob@gmail.com\", \"alice@gmail.com\", $my_email)\n\nThe following values will fail, causing compilation to abort:\n\n $some_array = [ 'bad_email@/d/efdf.com' ]\n validate_email_address($some_array)", "name": "**Usage**"}, {"tag_name": "return", "text": "Fail compilation if any value fails this check.", "types": ["Any"]}, {"tag_name": "summary", "text": "Validate that all values passed are valid email addresses.\nFail compilation if any value fails this check."}]}, "source": "newfunction(:validate_email_address, doc: <<-DOC\n @summary\n Validate that all values passed are valid email addresses.\n Fail compilation if any value fails this check.\n\n @return\n Fail compilation if any value fails this check.\n\n @example **Usage**\n\n The following values will pass:\n\n $my_email = \"waldo@gmail.com\"\n validate_email_address($my_email)\n validate_email_address(\"bob@gmail.com\", \"alice@gmail.com\", $my_email)\n\n The following values will fail, causing compilation to abort:\n\n $some_array = [ 'bad_email@/d/efdf.com' ]\n validate_email_address($some_array)\n DOC\n) do |args|\n rescuable_exceptions = [ArgumentError]\n\n if args.empty?\n raise Puppet::ParseError, \"validate_email_address(): wrong number of arguments (#{args.length}; must be > 0)\"\n end\n\n args.each do |arg|\n raise Puppet::ParseError, \"#{arg.inspect} is not a string.\" unless arg.is_a?(String)\n\n begin\n raise Puppet::ParseError, \"#{arg.inspect} is not a valid email address\" unless function_is_email_address([arg])\n rescue *rescuable_exceptions\n raise Puppet::ParseError, \"#{arg.inspect} is not a valid email address\"\n end\n end\nend"}, {"name": "validate_hash", "file": "lib/puppet/functions/validate_hash.rb", "line": 5, "type": "ruby4x", "signatures": [{"signature": "validate_hash(Any $scope, Any *$args)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "A boolean value (`true` or `false`) returned from the called function.", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "A boolean value (`true` or `false`) returned from the called function.", "types": ["Any"]}, {"tag_name": "summary", "text": "Validate the passed value represents a hash."}]}, "source": "Puppet::Functions.create_function(:validate_hash) do\n # @param scope\n # The main value that will be passed to the method\n #\n # @param args\n # Any additional values that are to be passed to the method\n #\n # @return\n # A boolean value (`true` or `false`) returned from the called function.\n dispatch :deprecation_gen do\n param 'Any', :scope\n repeated_param 'Any', :args\n end\n # Workaround PUP-4438 (fixed: https://github.com/puppetlabs/puppet/commit/e01c4dc924cd963ff6630008a5200fc6a2023b08#diff\n # -c937cc584953271bb3d3b3c2cb141790R221) to support puppet < 4.1.0 and puppet < 3.8.1.\n def call(scope, *args)\n manipulated_args = [scope] + args\n self.class.dispatcher.dispatch(self, scope, manipulated_args)\n end\n\n def deprecation_gen(scope, *args)\n call_function('deprecation', 'validate_hash', 'This method is deprecated, please use the stdlib validate_legacy function,\n with Stdlib::Compat::Hash. There is further documentation for validate_legacy function in the README.')\n scope.send('function_validate_hash', args)\n end\nend"}, {"name": "validate_hash", "file": "lib/puppet/parser/functions/validate_hash.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "validate_hash()", "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "\nThe following values will pass:\n\n $my_hash = { 'one' => 'two' }\n validate_hash($my_hash)\n\nThe following values will fail, causing compilation to abort:\n\n validate_hash(true)\n validate_hash('some_string')\n $undefined = undef\n validate_hash($undefined)", "name": "**Usage**"}, {"tag_name": "return", "text": "validate hash", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "\nThe following values will pass:\n\n $my_hash = { 'one' => 'two' }\n validate_hash($my_hash)\n\nThe following values will fail, causing compilation to abort:\n\n validate_hash(true)\n validate_hash('some_string')\n $undefined = undef\n validate_hash($undefined)", "name": "**Usage**"}, {"tag_name": "return", "text": "validate hash", "types": ["Any"]}, {"tag_name": "summary", "text": "Validate that all passed values are hash data structures. Abort catalog\ncompilation if any value fails this check."}]}, "source": "newfunction(:validate_hash, doc: <<-DOC\n @summary\n Validate that all passed values are hash data structures. Abort catalog\n compilation if any value fails this check.\n\n @return\n validate hash\n\n @example **Usage**\n\n The following values will pass:\n\n $my_hash = { 'one' => 'two' }\n validate_hash($my_hash)\n\n The following values will fail, causing compilation to abort:\n\n validate_hash(true)\n validate_hash('some_string')\n $undefined = undef\n validate_hash($undefined)\n DOC\n) do |args|\n function_deprecation([:validate_hash, 'This method is deprecated, please use the stdlib validate_legacy function,\n with Stdlib::Compat::Hash. There is further documentation for validate_legacy function in the README.'])\n\n if args.empty?\n raise Puppet::ParseError, \"validate_hash(): wrong number of arguments (#{args.length}; must be > 0)\"\n end\n\n args.each do |arg|\n unless arg.is_a?(Hash)\n raise Puppet::ParseError, \"#{arg.inspect} is not a Hash. It looks to be a #{arg.class}\"\n end\n end\nend"}, {"name": "validate_integer", "file": "lib/puppet/functions/validate_integer.rb", "line": 5, "type": "ruby4x", "signatures": [{"signature": "validate_integer(Any $scope, Any *$args)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "`true` or `false`\nA boolean value returned from the called function.", "types": ["Boolean"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "`true` or `false`\nA boolean value returned from the called function.", "types": ["Boolean"]}, {"tag_name": "summary", "text": "Validate the passed value represents an integer."}]}, "source": "Puppet::Functions.create_function(:validate_integer) do\n # @param scope\n # The main value that will be passed to the method\n #\n # @param args\n # Any additional values that are to be passed to the method\n #\n # @return [Boolean] `true` or `false`\n # A boolean value returned from the called function.\n dispatch :deprecation_gen do\n param 'Any', :scope\n repeated_param 'Any', :args\n end\n # Workaround PUP-4438 (fixed: https://github.com/puppetlabs/puppet/commit/e01c4dc924cd963ff6630008a5200fc6a2023b08#diff\n # -c937cc584953271bb3d3b3c2cb141790R221) to support puppet < 4.1.0 and puppet < 3.8.1.\n def call(scope, *args)\n manipulated_args = [scope] + args\n self.class.dispatcher.dispatch(self, scope, manipulated_args)\n end\n\n def deprecation_gen(scope, *args)\n call_function('deprecation', 'validate_integer', 'This method is deprecated, please use the stdlib validate_legacy function,\n with Stdlib::Compat::Integer. There is further documentation for validate_legacy function in the README.')\n scope.send('function_validate_integer', args)\n end\nend"}, {"name": "validate_integer", "file": "lib/puppet/parser/functions/validate_integer.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "validate_integer()", "docstring": {"text": "The second argument is optional and passes a maximum. (All elements of) the first argument has to be less or equal to this max.\nThe third argument is optional and passes a minimum. (All elements of) the first argument has to be greater or equal to this min.\nIf, and only if, a minimum is given, the second argument may be an empty string or undef, which will be handled to just check\nif (all elements of) the first argument are greater or equal to the given minimum.\nIt will fail if the first argument is not an integer or array of integers, and if arg 2 and arg 3 are not convertable to an integer.", "tags": [{"tag_name": "example", "text": "\nThe following values will pass:\n\n validate_integer(1)\n validate_integer(1, 2)\n validate_integer(1, 1)\n validate_integer(1, 2, 0)\n validate_integer(2, 2, 2)\n validate_integer(2, '', 0)\n validate_integer(2, undef, 0)\n $foo = undef\n validate_integer(2, $foo, 0)\n validate_integer([1,2,3,4,5], 6)\n validate_integer([1,2,3,4,5], 6, 0)\n\nPlus all of the above, but any combination of values passed as strings ('1' or \"1\").\nPlus all of the above, but with (correct) combinations of negative integer values.\n\nThe following values will not:\n\n validate_integer(true)\n validate_integer(false)\n validate_integer(7.0)\n validate_integer({ 1 => 2 })\n $foo = undef\n validate_integer($foo)\n validate_integer($foobaridontexist)\n\n validate_integer(1, 0)\n validate_integer(1, true)\n validate_integer(1, '')\n validate_integer(1, undef)\n validate_integer(1, , 0)\n validate_integer(1, 2, 3)\n validate_integer(1, 3, 2)\n validate_integer(1, 3, true)\n\nPlus all of the above, but any combination of values passed as strings ('false' or \"false\").\nPlus all of the above, but with incorrect combinations of negative integer values.\nPlus all of the above, but with non-integer items in arrays or maximum / minimum argument.", "name": "**Usage**"}, {"tag_name": "return", "text": "Validate that the first argument is an integer (or an array of integers). Fail compilation if any of the checks fail.", "types": ["Any"]}]}}], "docstring": {"text": "The second argument is optional and passes a maximum. (All elements of) the first argument has to be less or equal to this max.\nThe third argument is optional and passes a minimum. (All elements of) the first argument has to be greater or equal to this min.\nIf, and only if, a minimum is given, the second argument may be an empty string or undef, which will be handled to just check\nif (all elements of) the first argument are greater or equal to the given minimum.\nIt will fail if the first argument is not an integer or array of integers, and if arg 2 and arg 3 are not convertable to an integer.", "tags": [{"tag_name": "example", "text": "\nThe following values will pass:\n\n validate_integer(1)\n validate_integer(1, 2)\n validate_integer(1, 1)\n validate_integer(1, 2, 0)\n validate_integer(2, 2, 2)\n validate_integer(2, '', 0)\n validate_integer(2, undef, 0)\n $foo = undef\n validate_integer(2, $foo, 0)\n validate_integer([1,2,3,4,5], 6)\n validate_integer([1,2,3,4,5], 6, 0)\n\nPlus all of the above, but any combination of values passed as strings ('1' or \"1\").\nPlus all of the above, but with (correct) combinations of negative integer values.\n\nThe following values will not:\n\n validate_integer(true)\n validate_integer(false)\n validate_integer(7.0)\n validate_integer({ 1 => 2 })\n $foo = undef\n validate_integer($foo)\n validate_integer($foobaridontexist)\n\n validate_integer(1, 0)\n validate_integer(1, true)\n validate_integer(1, '')\n validate_integer(1, undef)\n validate_integer(1, , 0)\n validate_integer(1, 2, 3)\n validate_integer(1, 3, 2)\n validate_integer(1, 3, true)\n\nPlus all of the above, but any combination of values passed as strings ('false' or \"false\").\nPlus all of the above, but with incorrect combinations of negative integer values.\nPlus all of the above, but with non-integer items in arrays or maximum / minimum argument.", "name": "**Usage**"}, {"tag_name": "return", "text": "Validate that the first argument is an integer (or an array of integers). Fail compilation if any of the checks fail.", "types": ["Any"]}, {"tag_name": "summary", "text": "Validate that the first argument is an integer (or an array of integers). Abort catalog compilation if any of the checks fail."}]}, "source": "newfunction(:validate_integer, doc: <<-DOC\n @summary\n Validate that the first argument is an integer (or an array of integers). Abort catalog compilation if any of the checks fail.\n\n The second argument is optional and passes a maximum. (All elements of) the first argument has to be less or equal to this max.\n The third argument is optional and passes a minimum. (All elements of) the first argument has to be greater or equal to this min.\n If, and only if, a minimum is given, the second argument may be an empty string or undef, which will be handled to just check\n if (all elements of) the first argument are greater or equal to the given minimum.\n It will fail if the first argument is not an integer or array of integers, and if arg 2 and arg 3 are not convertable to an integer.\n\n @return\n Validate that the first argument is an integer (or an array of integers). Fail compilation if any of the checks fail.\n\n @example **Usage**\n\n The following values will pass:\n\n validate_integer(1)\n validate_integer(1, 2)\n validate_integer(1, 1)\n validate_integer(1, 2, 0)\n validate_integer(2, 2, 2)\n validate_integer(2, '', 0)\n validate_integer(2, undef, 0)\n $foo = undef\n validate_integer(2, $foo, 0)\n validate_integer([1,2,3,4,5], 6)\n validate_integer([1,2,3,4,5], 6, 0)\n\n Plus all of the above, but any combination of values passed as strings ('1' or \"1\").\n Plus all of the above, but with (correct) combinations of negative integer values.\n\n The following values will not:\n\n validate_integer(true)\n validate_integer(false)\n validate_integer(7.0)\n validate_integer({ 1 => 2 })\n $foo = undef\n validate_integer($foo)\n validate_integer($foobaridontexist)\n\n validate_integer(1, 0)\n validate_integer(1, true)\n validate_integer(1, '')\n validate_integer(1, undef)\n validate_integer(1, , 0)\n validate_integer(1, 2, 3)\n validate_integer(1, 3, 2)\n validate_integer(1, 3, true)\n\n Plus all of the above, but any combination of values passed as strings ('false' or \"false\").\n Plus all of the above, but with incorrect combinations of negative integer values.\n Plus all of the above, but with non-integer items in arrays or maximum / minimum argument.\n\n DOC\n) do |args|\n function_deprecation([:validate_integer, 'This method is deprecated, please use the stdlib validate_legacy function,\n with Stdlib::Compat::Integer. There is further documentation for validate_legacy function in the README.'])\n\n # tell the user we need at least one, and optionally up to two other parameters\n raise Puppet::ParseError, \"validate_integer(): Wrong number of arguments; must be 1, 2 or 3, got #{args.length}\" unless !args.empty? && args.length < 4\n\n input, max, min = *args\n\n # check maximum parameter\n if args.length > 1\n max = max.to_s\n # allow max to be empty (or undefined) if we have a minimum set\n if args.length > 2 && max == ''\n max = nil\n else\n begin\n max = Integer(max)\n rescue TypeError, ArgumentError\n raise Puppet::ParseError, \"validate_integer(): Expected second argument to be unset or an Integer, got #{max}:#{max.class}\"\n end\n end\n else\n max = nil\n end\n\n # check minimum parameter\n if args.length > 2\n begin\n min = Integer(min.to_s)\n rescue TypeError, ArgumentError\n raise Puppet::ParseError, \"validate_integer(): Expected third argument to be unset or an Integer, got #{min}:#{min.class}\"\n end\n else\n min = nil\n end\n\n # ensure that min < max\n if min && max && min > max\n raise Puppet::ParseError, \"validate_integer(): Expected second argument to be larger than third argument, got #{max} < #{min}\"\n end\n\n # create lamba validator function\n validator = ->(num) do\n # check input < max\n if max && num > max\n raise Puppet::ParseError, \"validate_integer(): Expected #{input.inspect} to be smaller or equal to #{max}, got #{input.inspect}.\"\n end\n # check input > min (this will only be checked if no exception has been raised before)\n if min && num < min\n raise Puppet::ParseError, \"validate_integer(): Expected #{input.inspect} to be greater or equal to #{min}, got #{input.inspect}.\"\n end\n end\n\n # if this is an array, handle it.\n case input\n when Array\n # check every element of the array\n input.each_with_index do |arg, pos|\n begin\n raise TypeError if arg.is_a?(Hash)\n arg = Integer(arg.to_s)\n validator.call(arg)\n rescue TypeError, ArgumentError\n raise Puppet::ParseError, \"validate_integer(): Expected element at array position #{pos} to be an Integer, got #{arg.class}\"\n end\n end\n # for the sake of compatibility with ruby 1.8, we need extra handling of hashes\n when Hash\n raise Puppet::ParseError, \"validate_integer(): Expected first argument to be an Integer or Array, got #{input.class}\"\n # check the input. this will also fail any stuff other than pure, shiny integers\n else\n begin\n input = Integer(input.to_s)\n validator.call(input)\n rescue TypeError, ArgumentError\n raise Puppet::ParseError, \"validate_integer(): Expected first argument to be an Integer or Array, got #{input.class}\"\n end\n end\nend"}, {"name": "validate_ip_address", "file": "lib/puppet/functions/validate_ip_address.rb", "line": 5, "type": "ruby4x", "signatures": [{"signature": "validate_ip_address(Any $scope, Any *$args)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "`true` or `false`\nA boolean value returned from the called function.", "types": ["Boolean"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "`true` or `false`\nA boolean value returned from the called function.", "types": ["Boolean"]}, {"tag_name": "summary", "text": "Validate the passed value represents an ip_address."}]}, "source": "Puppet::Functions.create_function(:validate_ip_address) do\n # @param scope\n # The main value that will be passed to the method\n #\n # @param args\n # Any additional values that are to be passed to the method\n #\n # @return [Boolean] `true` or `false`\n # A boolean value returned from the called function.\n dispatch :deprecation_gen do\n param 'Any', :scope\n repeated_param 'Any', :args\n end\n # Workaround PUP-4438 (fixed: https://github.com/puppetlabs/puppet/commit/e01c4dc924cd963ff6630008a5200fc6a2023b08#diff\n # -c937cc584953271bb3d3b3c2cb141790R221) to support puppet < 4.1.0 and puppet < 3.8.1.\n def call(scope, *args)\n manipulated_args = [scope] + args\n self.class.dispatcher.dispatch(self, scope, manipulated_args)\n end\n\n def deprecation_gen(scope, *args)\n call_function('deprecation', 'validate_ip_address', 'This method is deprecated, please use the stdlib validate_legacy function,\n with Stdlib::Compat::Ip_Address. There is further documentation for validate_legacy function in the README.')\n scope.send('function_validate_ip_address', args)\n end\nend"}, {"name": "validate_ip_address", "file": "lib/puppet/parser/functions/validate_ip_address.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "validate_ip_address()", "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "The following values will pass:\n\n $my_ip = \"1.2.3.4\"\n validate_ip_address($my_ip)\n validate_ip_address(\"8.8.8.8\", \"172.16.0.1\", $my_ip)\n\n $my_ip = \"3ffe:505:2\"\n validate_ip_address(1)\n validate_ip_address($my_ip)\n validate_ip_address(\"fe80::baf6:b1ff:fe19:7507\", $my_ip)\n\nThe following values will fail, causing compilation to abort:\n\n $some_array = [ 1, true, false, \"garbage string\", \"3ffe:505:2\" ]\n validate_ip_address($some_array)", "name": "**Usage**"}, {"tag_name": "return", "text": "passes when the given values are valid IP addresses or raise an error when they are not and fails compilation", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "The following values will pass:\n\n $my_ip = \"1.2.3.4\"\n validate_ip_address($my_ip)\n validate_ip_address(\"8.8.8.8\", \"172.16.0.1\", $my_ip)\n\n $my_ip = \"3ffe:505:2\"\n validate_ip_address(1)\n validate_ip_address($my_ip)\n validate_ip_address(\"fe80::baf6:b1ff:fe19:7507\", $my_ip)\n\nThe following values will fail, causing compilation to abort:\n\n $some_array = [ 1, true, false, \"garbage string\", \"3ffe:505:2\" ]\n validate_ip_address($some_array)", "name": "**Usage**"}, {"tag_name": "return", "text": "passes when the given values are valid IP addresses or raise an error when they are not and fails compilation", "types": ["Any"]}, {"tag_name": "summary", "text": "Validate that all values passed are valid IP addresses,\nregardless they are IPv4 or IPv6\nFail compilation if any value fails this check."}]}, "source": "newfunction(:validate_ip_address, doc: <<-DOC\n @summary\n Validate that all values passed are valid IP addresses,\n regardless they are IPv4 or IPv6\n Fail compilation if any value fails this check.\n\n @return\n passes when the given values are valid IP addresses or raise an error when they are not and fails compilation\n\n @example **Usage**\n The following values will pass:\n\n $my_ip = \"1.2.3.4\"\n validate_ip_address($my_ip)\n validate_ip_address(\"8.8.8.8\", \"172.16.0.1\", $my_ip)\n\n $my_ip = \"3ffe:505:2\"\n validate_ip_address(1)\n validate_ip_address($my_ip)\n validate_ip_address(\"fe80::baf6:b1ff:fe19:7507\", $my_ip)\n\n The following values will fail, causing compilation to abort:\n\n $some_array = [ 1, true, false, \"garbage string\", \"3ffe:505:2\" ]\n validate_ip_address($some_array)\n DOC\n) do |args|\n require 'ipaddr'\n rescuable_exceptions = [ArgumentError]\n\n function_deprecation([:validate_ip_address, 'This method is deprecated, please use the stdlib validate_legacy function,\n with Stdlib::Compat::Ip_address. There is further documentation for validate_legacy function in the README.'])\n\n if defined?(IPAddr::InvalidAddressError)\n rescuable_exceptions << IPAddr::InvalidAddressError\n end\n\n if args.empty?\n raise Puppet::ParseError, \"validate_ip_address(): wrong number of arguments (#{args.length}; must be > 0)\"\n end\n\n args.each do |arg|\n unless arg.is_a?(String)\n raise Puppet::ParseError, \"#{arg.inspect} is not a string.\"\n end\n\n begin\n unless IPAddr.new(arg).ipv4? || IPAddr.new(arg).ipv6?\n raise Puppet::ParseError, \"#{arg.inspect} is not a valid IP address.\"\n end\n rescue *rescuable_exceptions\n raise Puppet::ParseError, \"#{arg.inspect} is not a valid IP address.\"\n end\n end\nend"}, {"name": "validate_ipv4_address", "file": "lib/puppet/functions/validate_ipv4_address.rb", "line": 5, "type": "ruby4x", "signatures": [{"signature": "validate_ipv4_address(Any $scope, Any *$args)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "`true` or `false`\nA boolean value returned from the called function.", "types": ["Boolean"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "`true` or `false`\nA boolean value returned from the called function.", "types": ["Boolean"]}, {"tag_name": "summary", "text": "Validate the passed value represents an ipv4_address."}]}, "source": "Puppet::Functions.create_function(:validate_ipv4_address) do\n # @param scope\n # The main value that will be passed to the method\n #\n # @param args\n # Any additional values that are to be passed to the method\n #\n # @return [Boolean] `true` or `false`\n # A boolean value returned from the called function.\n dispatch :deprecation_gen do\n param 'Any', :scope\n repeated_param 'Any', :args\n end\n # Workaround PUP-4438 (fixed: https://github.com/puppetlabs/puppet/commit/e01c4dc924cd963ff6630008a5200fc6a2023b08#diff\n # -c937cc584953271bb3d3b3c2cb141790R221) to support puppet < 4.1.0 and puppet < 3.8.1.\n def call(scope, *args)\n manipulated_args = [scope] + args\n self.class.dispatcher.dispatch(self, scope, manipulated_args)\n end\n\n def deprecation_gen(scope, *args)\n call_function('deprecation', 'validate_ipv4_address', 'This method is deprecated, please use the stdlib validate_legacy function,\n with Stdlib::Compat::Ipv4_Address. There is further documentation for validate_legacy function in the README.')\n scope.send('function_validate_ipv4_address', args)\n end\nend"}, {"name": "validate_ipv4_address", "file": "lib/puppet/parser/functions/validate_ipv4_address.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "validate_ipv4_address()", "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "The following values will pass:\n\n $my_ip = \"1.2.3.4\"\n validate_ipv4_address($my_ip)\n validate_ipv4_address(\"8.8.8.8\", \"172.16.0.1\", $my_ip)\n\nThe following values will fail, causing compilation to abort:\n\n $some_array = [ 1, true, false, \"garbage string\", \"3ffe:505:2\" ]\n validate_ipv4_address($some_array)", "name": "**Usage**"}, {"tag_name": "return", "text": "passes when the given values are valid IPv4 addresses or raise an error when they are not and fails compilation", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "The following values will pass:\n\n $my_ip = \"1.2.3.4\"\n validate_ipv4_address($my_ip)\n validate_ipv4_address(\"8.8.8.8\", \"172.16.0.1\", $my_ip)\n\nThe following values will fail, causing compilation to abort:\n\n $some_array = [ 1, true, false, \"garbage string\", \"3ffe:505:2\" ]\n validate_ipv4_address($some_array)", "name": "**Usage**"}, {"tag_name": "return", "text": "passes when the given values are valid IPv4 addresses or raise an error when they are not and fails compilation", "types": ["Any"]}, {"tag_name": "summary", "text": "Validate that all values passed are valid IPv4 addresses.\nFail compilation if any value fails this check."}]}, "source": "newfunction(:validate_ipv4_address, doc: <<-DOC\n @summary\n Validate that all values passed are valid IPv4 addresses.\n Fail compilation if any value fails this check.\n\n @return\n passes when the given values are valid IPv4 addresses or raise an error when they are not and fails compilation\n\n @example **Usage**\n The following values will pass:\n\n $my_ip = \"1.2.3.4\"\n validate_ipv4_address($my_ip)\n validate_ipv4_address(\"8.8.8.8\", \"172.16.0.1\", $my_ip)\n\n The following values will fail, causing compilation to abort:\n\n $some_array = [ 1, true, false, \"garbage string\", \"3ffe:505:2\" ]\n validate_ipv4_address($some_array)\n DOC\n) do |args|\n function_deprecation([:validate_ipv4_address, 'This method is deprecated, please use the stdlib validate_legacy function,\n with Stdlib::Compat::Ipv4. There is further documentation for validate_legacy function in the README.'])\n\n require 'ipaddr'\n rescuable_exceptions = [ArgumentError]\n\n if defined?(IPAddr::InvalidAddressError)\n rescuable_exceptions << IPAddr::InvalidAddressError\n end\n\n if args.empty?\n raise Puppet::ParseError, \"validate_ipv4_address(): wrong number of arguments (#{args.length}; must be > 0)\"\n end\n\n args.each do |arg|\n unless arg.is_a?(String)\n raise Puppet::ParseError, \"#{arg.inspect} is not a string.\"\n end\n\n begin\n unless IPAddr.new(arg).ipv4?\n raise Puppet::ParseError, \"#{arg.inspect} is not a valid IPv4 address.\"\n end\n rescue *rescuable_exceptions\n raise Puppet::ParseError, \"#{arg.inspect} is not a valid IPv4 address.\"\n end\n end\nend"}, {"name": "validate_ipv6_address", "file": "lib/puppet/functions/validate_ipv6_address.rb", "line": 5, "type": "ruby4x", "signatures": [{"signature": "validate_ipv6_address(Any $scope, Any *$args)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "`true` or `false`\nA boolean value returned from the called function.", "types": ["Boolean"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "`true` or `false`\nA boolean value returned from the called function.", "types": ["Boolean"]}, {"tag_name": "summary", "text": "Validate the passed value represents an ipv6_address."}]}, "source": "Puppet::Functions.create_function(:validate_ipv6_address) do\n # @param scope\n # The main value that will be passed to the method\n #\n # @param args\n # Any additional values that are to be passed to the method\n #\n # @return [Boolean] `true` or `false`\n # A boolean value returned from the called function.\n dispatch :deprecation_gen do\n param 'Any', :scope\n repeated_param 'Any', :args\n end\n # Workaround PUP-4438 (fixed: https://github.com/puppetlabs/puppet/commit/e01c4dc924cd963ff6630008a5200fc6a2023b08#diff\n # -c937cc584953271bb3d3b3c2cb141790R221) to support puppet < 4.1.0 and puppet < 3.8.1.\n def call(scope, *args)\n manipulated_args = [scope] + args\n self.class.dispatcher.dispatch(self, scope, manipulated_args)\n end\n\n def deprecation_gen(scope, *args)\n call_function('deprecation', 'validate_ipv6_address', 'This method is deprecated, please use the stdlib validate_legacy function,\n with Stdlib::Compat::Ipv6_address. There is further documentation for validate_legacy function in the README.')\n scope.send('function_validate_ipv6_address', args)\n end\nend"}, {"name": "validate_ipv6_address", "file": "lib/puppet/parser/functions/validate_ipv6_address.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "validate_ipv6_address()", "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "The following values will pass:\n\n $my_ip = \"3ffe:505:2\"\n validate_ipv6_address(1)\n validate_ipv6_address($my_ip)\n validate_bool(\"fe80::baf6:b1ff:fe19:7507\", $my_ip)\n\nThe following values will fail, causing compilation to abort:\n\n $some_array = [ true, false, \"garbage string\", \"1.2.3.4\" ]\n validate_ipv6_address($some_array)", "name": "**Usage**"}, {"tag_name": "return", "text": "passes when the given values are valid IPv6 addresses or raise an error when they are not and fails compilation", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "The following values will pass:\n\n $my_ip = \"3ffe:505:2\"\n validate_ipv6_address(1)\n validate_ipv6_address($my_ip)\n validate_bool(\"fe80::baf6:b1ff:fe19:7507\", $my_ip)\n\nThe following values will fail, causing compilation to abort:\n\n $some_array = [ true, false, \"garbage string\", \"1.2.3.4\" ]\n validate_ipv6_address($some_array)", "name": "**Usage**"}, {"tag_name": "return", "text": "passes when the given values are valid IPv6 addresses or raise an error when they are not and fails compilation", "types": ["Any"]}, {"tag_name": "summary", "text": "Validate that all values passed are valid IPv6 addresses.\nFail compilation if any value fails this check."}]}, "source": "newfunction(:validate_ipv6_address, doc: <<-DOC\n @summary\n Validate that all values passed are valid IPv6 addresses.\n Fail compilation if any value fails this check.\n\n @return\n passes when the given values are valid IPv6 addresses or raise an error when they are not and fails compilation\n\n @example **Usage**\n The following values will pass:\n\n $my_ip = \"3ffe:505:2\"\n validate_ipv6_address(1)\n validate_ipv6_address($my_ip)\n validate_bool(\"fe80::baf6:b1ff:fe19:7507\", $my_ip)\n\n The following values will fail, causing compilation to abort:\n\n $some_array = [ true, false, \"garbage string\", \"1.2.3.4\" ]\n validate_ipv6_address($some_array)\n\n DOC\n) do |args|\n function_deprecation([:validate_ipv6_address, 'This method is deprecated, please use the stdlib validate_legacy function,\n with Stdlib::Compat::Ipv6. There is further documentation for validate_legacy function in the README.'])\n\n require 'ipaddr'\n rescuable_exceptions = [ArgumentError]\n\n if defined?(IPAddr::InvalidAddressError)\n rescuable_exceptions << IPAddr::InvalidAddressError\n end\n\n if args.empty?\n raise Puppet::ParseError, \"validate_ipv6_address(): wrong number of arguments (#{args.length}; must be > 0)\"\n end\n\n args.each do |arg|\n unless arg.is_a?(String)\n raise Puppet::ParseError, \"#{arg.inspect} is not a string.\"\n end\n\n begin\n unless IPAddr.new(arg).ipv6?\n raise Puppet::ParseError, \"#{arg.inspect} is not a valid IPv6 address.\"\n end\n rescue *rescuable_exceptions\n raise Puppet::ParseError, \"#{arg.inspect} is not a valid IPv6 address.\"\n end\n end\nend"}, {"name": "validate_legacy", "file": "lib/puppet/functions/validate_legacy.rb", "line": 5, "type": "ruby4x", "signatures": [{"signature": "validate_legacy(Any $scope, Type $target_type, String $function_name, Any $value, Any *$args)", "docstring": {"text": "The function checks a value against both the target_type (new) and the previous_validation function (old).", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "types": ["Type"], "name": "target_type"}, {"tag_name": "param", "types": ["String"], "name": "function_name"}, {"tag_name": "param", "types": ["Any"], "name": "value"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "A boolean value (`true` or `false`) returned from the called function.", "types": ["Any"]}]}}, {"signature": "validate_legacy(Any $scope, String $type_string, String $function_name, Any $value, Any *$args)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "types": ["String"], "name": "type_string"}, {"tag_name": "param", "types": ["String"], "name": "function_name"}, {"tag_name": "param", "types": ["Any"], "name": "value"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "Legacy validation method", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "overload", "signature": "validate_legacy(Any $scope, Type $target_type, String $function_name, Any $value, Any *$args)", "docstring": {"text": "The function checks a value against both the target_type (new) and the previous_validation function (old).", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "types": ["Type"], "name": "target_type"}, {"tag_name": "param", "types": ["String"], "name": "function_name"}, {"tag_name": "param", "types": ["Any"], "name": "value"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "A boolean value (`true` or `false`) returned from the called function.", "types": ["Any"]}]}, "name": "validate_legacy"}, {"tag_name": "overload", "signature": "validate_legacy(Any $scope, String $type_string, String $function_name, Any $value, Any *$args)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "types": ["String"], "name": "type_string"}, {"tag_name": "param", "types": ["String"], "name": "function_name"}, {"tag_name": "param", "types": ["Any"], "name": "value"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "Legacy validation method", "types": ["Any"]}]}, "name": "validate_legacy"}, {"tag_name": "summary", "text": "Validate a value against both the target_type (new) and the previous_validation function (old)."}]}, "source": "Puppet::Functions.create_function(:validate_legacy) do\n # The function checks a value against both the target_type (new) and the previous_validation function (old).\n # @param scope\n # The main value that will be passed to the method\n # @param target_type\n # @param function_name\n # @param value\n # @param args\n # Any additional values that are to be passed to the method\n # @return\n # A boolean value (`true` or `false`) returned from the called function.\n dispatch :validate_legacy do\n param 'Any', :scope\n param 'Type', :target_type\n param 'String', :function_name\n param 'Any', :value\n repeated_param 'Any', :args\n end\n\n # @param scope\n # The main value that will be passed to the method\n # @param type_string\n # @param function_name\n # @param value\n # @param args Any additional values that are to be passed to the method\n # @return Legacy validation method\n #\n dispatch :validate_legacy_s do\n param 'Any', :scope\n param 'String', :type_string\n param 'String', :function_name\n param 'Any', :value\n repeated_param 'Any', :args\n end\n\n # Workaround PUP-4438 (fixed: https://github.com/puppetlabs/puppet/commit/e01c4dc924cd963ff6630008a5200fc6a2023b08#diff-\n # c937cc584953271bb3d3b3c2cb141790R221) to support puppet < 4.1.0 and puppet < 3.8.1.\n def call(scope, *args)\n manipulated_args = [scope] + args\n self.class.dispatcher.dispatch(self, scope, manipulated_args)\n end\n\n def validate_legacy_s(scope, type_string, *args)\n t = Puppet::Pops::Types::TypeParser.new.parse(type_string, scope)\n validate_legacy(scope, t, *args)\n end\n\n def validate_legacy(scope, target_type, function_name, value, *prev_args)\n if assert_type(target_type, value)\n if previous_validation(scope, function_name, value, *prev_args)\n # Silently passes\n else\n Puppet.notice(\"Accepting previously invalid value for target type '#{target_type}'\")\n end\n else\n inferred_type = Puppet::Pops::Types::TypeCalculator.infer_set(value)\n error_msg = Puppet::Pops::Types::TypeMismatchDescriber.new.describe_mismatch(\"validate_legacy(#{function_name})\", target_type, inferred_type)\n if previous_validation(scope, function_name, value, *prev_args)\n call_function('deprecation', 'validate_legacy', error_msg)\n else\n call_function('fail', error_msg)\n end\n end\n end\n\n def previous_validation(scope, function_name, value, *prev_args)\n # Call the previous validation function and catch any errors. Return true if no errors are thrown.\n\n scope.send(\"function_#{function_name}\".to_s, [value, *prev_args])\n true\n rescue Puppet::ParseError\n false\n end\n\n def assert_type(type, value)\n Puppet::Pops::Types::TypeCalculator.instance?(type, value)\n end\nend"}, {"name": "validate_numeric", "file": "lib/puppet/functions/validate_numeric.rb", "line": 5, "type": "ruby4x", "signatures": [{"signature": "validate_numeric(Any $scope, Any *$args)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "`true` or `false`\nA boolean value returned from the called function.", "types": ["Boolean"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "`true` or `false`\nA boolean value returned from the called function.", "types": ["Boolean"]}, {"tag_name": "summary", "text": "Validate the passed value represents a numeric value."}]}, "source": "Puppet::Functions.create_function(:validate_numeric) do\n # @param scope\n # The main value that will be passed to the method\n #\n # @param args\n # Any additional values that are to be passed to the method\n #\n # @return [Boolean] `true` or `false`\n # A boolean value returned from the called function.\n dispatch :deprecation_gen do\n param 'Any', :scope\n repeated_param 'Any', :args\n end\n # Workaround PUP-4438 (fixed: https://github.com/puppetlabs/puppet/commit/e01c4dc924cd963ff6630008a5200fc6a2023b08#diff-\n # c937cc584953271bb3d3b3c2cb141790R221) to support puppet < 4.1.0 and puppet < 3.8.1.\n def call(scope, *args)\n manipulated_args = [scope] + args\n self.class.dispatcher.dispatch(self, scope, manipulated_args)\n end\n\n def deprecation_gen(scope, *args)\n call_function('deprecation', 'validate_numeric', 'This method is deprecated, please use the stdlib validate_legacy function,\n with Stdlib::Compat::Numeric. There is further documentation for validate_legacy function in the README.')\n scope.send('function_validate_numeric', args)\n end\nend"}, {"name": "validate_numeric", "file": "lib/puppet/parser/functions/validate_numeric.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "validate_numeric()", "docstring": {"text": "The second argument is optional and passes a maximum. (All elements of) the first argument has to be less or equal to this max.\nThe third argument is optional and passes a minimum. (All elements of) the first argument has to be greater or equal to this min.\nIf, and only if, a minimum is given, the second argument may be an empty string or undef, which will be handled to just check\nif (all elements of) the first argument are greater or equal to the given minimum.\nIt will fail if the first argument is not a numeric (Integer or Float) or array of numerics, and if arg 2 and arg 3 are not convertable to a numeric.\n\nFor passing and failing usage, see `validate_integer()`. It is all the same for validate_numeric, yet now floating point values are allowed, too.", "tags": [{"tag_name": "return", "text": "Validate that the first argument is a numeric value (or an array of numeric values). Fail compilation if any of the checks fail.", "types": ["Any"]}]}}], "docstring": {"text": "The second argument is optional and passes a maximum. (All elements of) the first argument has to be less or equal to this max.\nThe third argument is optional and passes a minimum. (All elements of) the first argument has to be greater or equal to this min.\nIf, and only if, a minimum is given, the second argument may be an empty string or undef, which will be handled to just check\nif (all elements of) the first argument are greater or equal to the given minimum.\nIt will fail if the first argument is not a numeric (Integer or Float) or array of numerics, and if arg 2 and arg 3 are not convertable to a numeric.\n\nFor passing and failing usage, see `validate_integer()`. It is all the same for validate_numeric, yet now floating point values are allowed, too.", "tags": [{"tag_name": "return", "text": "Validate that the first argument is a numeric value (or an array of numeric values). Fail compilation if any of the checks fail.", "types": ["Any"]}, {"tag_name": "summary", "text": "Validate that the first argument is a numeric value (or an array of numeric values). Abort catalog compilation if any of the checks fail."}]}, "source": "newfunction(:validate_numeric, doc: <<-DOC\n @summary\n Validate that the first argument is a numeric value (or an array of numeric values). Abort catalog compilation if any of the checks fail.\n\n The second argument is optional and passes a maximum. (All elements of) the first argument has to be less or equal to this max.\n The third argument is optional and passes a minimum. (All elements of) the first argument has to be greater or equal to this min.\n If, and only if, a minimum is given, the second argument may be an empty string or undef, which will be handled to just check\n if (all elements of) the first argument are greater or equal to the given minimum.\n It will fail if the first argument is not a numeric (Integer or Float) or array of numerics, and if arg 2 and arg 3 are not convertable to a numeric.\n\n @return\n Validate that the first argument is a numeric value (or an array of numeric values). Fail compilation if any of the checks fail.\n\n For passing and failing usage, see `validate_integer()`. It is all the same for validate_numeric, yet now floating point values are allowed, too.\n\n DOC\n) do |args|\n function_deprecation([:validate_numeric, 'This method is deprecated, please use the stdlib validate_legacy function,\n with Stdlib::Compat::Numeric. There is further documentation for validate_legacy function in the README.'])\n\n # tell the user we need at least one, and optionally up to two other parameters\n raise Puppet::ParseError, \"validate_numeric(): Wrong number of arguments; must be 1, 2 or 3, got #{args.length}\" unless !args.empty? && args.length < 4\n\n input, max, min = *args\n\n # check maximum parameter\n if args.length > 1\n max = max.to_s\n # allow max to be empty (or undefined) if we have a minimum set\n if args.length > 2 && max == ''\n max = nil\n else\n begin\n max = Float(max)\n rescue TypeError, ArgumentError\n raise Puppet::ParseError, \"validate_numeric(): Expected second argument to be unset or a Numeric, got #{max}:#{max.class}\"\n end\n end\n else\n max = nil\n end\n\n # check minimum parameter\n if args.length > 2\n begin\n min = Float(min.to_s)\n rescue TypeError, ArgumentError\n raise Puppet::ParseError, \"validate_numeric(): Expected third argument to be unset or a Numeric, got #{min}:#{min.class}\"\n end\n else\n min = nil\n end\n\n # ensure that min < max\n if min && max && min > max\n raise Puppet::ParseError, \"validate_numeric(): Expected second argument to be larger than third argument, got #{max} < #{min}\"\n end\n\n # create lamba validator function\n validator = ->(num) do\n # check input < max\n if max && num > max\n raise Puppet::ParseError, \"validate_numeric(): Expected #{input.inspect} to be smaller or equal to #{max}, got #{input.inspect}.\"\n end\n # check input > min (this will only be checked if no exception has been raised before)\n if min && num < min\n raise Puppet::ParseError, \"validate_numeric(): Expected #{input.inspect} to be greater or equal to #{min}, got #{input.inspect}.\"\n end\n end\n\n # if this is an array, handle it.\n case input\n when Array\n # check every element of the array\n input.each_with_index do |arg, pos|\n begin\n raise TypeError if arg.is_a?(Hash)\n arg = Float(arg.to_s)\n validator.call(arg)\n rescue TypeError, ArgumentError\n raise Puppet::ParseError, \"validate_numeric(): Expected element at array position #{pos} to be a Numeric, got #{arg.class}\"\n end\n end\n # for the sake of compatibility with ruby 1.8, we need extra handling of hashes\n when Hash\n raise Puppet::ParseError, \"validate_integer(): Expected first argument to be a Numeric or Array, got #{input.class}\"\n # check the input. this will also fail any stuff other than pure, shiny integers\n else\n begin\n input = Float(input.to_s)\n validator.call(input)\n rescue TypeError, ArgumentError\n raise Puppet::ParseError, \"validate_numeric(): Expected first argument to be a Numeric or Array, got #{input.class}\"\n end\n end\nend"}, {"name": "validate_re", "file": "lib/puppet/functions/validate_re.rb", "line": 7, "type": "ruby4x", "signatures": [{"signature": "validate_re(Any $scope, Any *$args)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the method\nThe first argument of this function should be a string to\ntest, and the second argument should be a stringified regular expression\n(without the // delimiters) or an array of regular expressions", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "`true` or `false` returned from the called function.", "types": ["Boolean"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the method\nThe first argument of this function should be a string to\ntest, and the second argument should be a stringified regular expression\n(without the // delimiters) or an array of regular expressions", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "`true` or `false` returned from the called function.", "types": ["Boolean"]}, {"tag_name": "summary", "text": "Perform validation of a string against one or more regular\nexpressions."}]}, "source": "Puppet::Functions.create_function(:validate_re) do\n # @param scope\n # The main value that will be passed to the method\n #\n # @param args\n # Any additional values that are to be passed to the method\n # The first argument of this function should be a string to\n # test, and the second argument should be a stringified regular expression\n # (without the // delimiters) or an array of regular expressions\n #\n # @return [Boolean]\n # `true` or `false` returned from the called function.\n dispatch :deprecation_gen do\n param 'Any', :scope\n repeated_param 'Any', :args\n end\n # Workaround PUP-4438 (fixed: https://github.com/puppetlabs/puppet/commit/e01c4dc924cd963ff6630008a5200fc6a2023b08#diff-\n # c937cc584953271bb3d3b3c2cb141790R221) to support puppet < 4.1.0 and puppet < 3.8.1.\n def call(scope, *args)\n manipulated_args = [scope] + args\n self.class.dispatcher.dispatch(self, scope, manipulated_args)\n end\n\n def deprecation_gen(scope, *args)\n call_function('deprecation', 'validate_re', 'This method is deprecated, please use the stdlib validate_legacy function,\n with Pattern[]. There is further documentation for validate_legacy function in the README.')\n scope.send('function_validate_re', args)\n end\nend"}, {"name": "validate_re", "file": "lib/puppet/parser/functions/validate_re.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "validate_re()", "docstring": {"text": "The first argument of this function should be a string to\ntest, and the second argument should be a stringified regular expression\n(without the // delimiters) or an array of regular expressions. If none\nof the regular expressions match the string passed in, compilation will\nabort with a parse error.\nIf a third argument is specified, this will be the error message raised and\nseen by the user.\n\n> *Note:*\nCompilation will also abort, if the first argument is not a String. Always use\nquotes to force stringification:\nvalidate_re(\"${::operatingsystemmajrelease}\", '^[57]$')", "tags": [{"tag_name": "example", "text": "The following strings will validate against the regular expressions:\n\n validate_re('one', '^one$')\n validate_re('one', [ '^one', '^two' ])\n\nThe following strings will fail to validate, causing compilation to abort:\n\n validate_re('one', [ '^two', '^three' ])\n\nA helpful error message can be returned like this:\n\n validate_re($::puppetversion, '^2.7', 'The $puppetversion fact value does not match 2.7')", "name": "**Usage**"}, {"tag_name": "return", "text": "validation of a string against one or more regular expressions.", "types": ["Any"]}]}}], "docstring": {"text": "The first argument of this function should be a string to\ntest, and the second argument should be a stringified regular expression\n(without the // delimiters) or an array of regular expressions. If none\nof the regular expressions match the string passed in, compilation will\nabort with a parse error.\nIf a third argument is specified, this will be the error message raised and\nseen by the user.\n\n> *Note:*\nCompilation will also abort, if the first argument is not a String. Always use\nquotes to force stringification:\nvalidate_re(\"${::operatingsystemmajrelease}\", '^[57]$')", "tags": [{"tag_name": "example", "text": "The following strings will validate against the regular expressions:\n\n validate_re('one', '^one$')\n validate_re('one', [ '^one', '^two' ])\n\nThe following strings will fail to validate, causing compilation to abort:\n\n validate_re('one', [ '^two', '^three' ])\n\nA helpful error message can be returned like this:\n\n validate_re($::puppetversion, '^2.7', 'The $puppetversion fact value does not match 2.7')", "name": "**Usage**"}, {"tag_name": "return", "text": "validation of a string against one or more regular expressions.", "types": ["Any"]}, {"tag_name": "summary", "text": "Perform simple validation of a string against one or more regular\nexpressions."}]}, "source": "newfunction(:validate_re, doc: <<-DOC\n@summary\n Perform simple validation of a string against one or more regular\n expressions.\n\nThe first argument of this function should be a string to\ntest, and the second argument should be a stringified regular expression\n(without the // delimiters) or an array of regular expressions. If none\nof the regular expressions match the string passed in, compilation will\nabort with a parse error.\nIf a third argument is specified, this will be the error message raised and\nseen by the user.\n\n@return\n validation of a string against one or more regular expressions.\n\n@example **Usage**\n The following strings will validate against the regular expressions:\n\n validate_re('one', '^one$')\n validate_re('one', [ '^one', '^two' ])\n\n The following strings will fail to validate, causing compilation to abort:\n\n validate_re('one', [ '^two', '^three' ])\n\n A helpful error message can be returned like this:\n\n validate_re($::puppetversion, '^2.7', 'The $puppetversion fact value does not match 2.7')\n\n> *Note:*\nCompilation will also abort, if the first argument is not a String. Always use\nquotes to force stringification:\nvalidate_re(\"${::operatingsystemmajrelease}\", '^[57]$')\n DOC\n) do |args|\n function_deprecation([:validate_re, 'This method is deprecated, please use the stdlib validate_legacy function,\n with Stdlib::Compat::Re. There is further documentation for validate_legacy function in the README.'])\n\n if (args.length < 2) || (args.length > 3)\n raise Puppet::ParseError, \"validate_re(): wrong number of arguments (#{args.length}; must be 2 or 3)\"\n end\n\n raise Puppet::ParseError, \"validate_re(): input needs to be a String, not a #{args[0].class}\" unless args[0].is_a? String\n\n msg = args[2] || \"validate_re(): #{args[0].inspect} does not match #{args[1].inspect}\"\n\n # We're using a flattened array here because we can't call String#any? in\n # Ruby 1.9 like we can in Ruby 1.8\n raise Puppet::ParseError, msg unless [args[1]].flatten.any? do |re_str|\n args[0] =~ Regexp.compile(re_str)\n end\nend"}, {"name": "validate_slength", "file": "lib/puppet/functions/validate_slength.rb", "line": 4, "type": "ruby4x", "signatures": [{"signature": "validate_slength(Any $scope, Any *$args)", "docstring": {"text": "Validate that a passed string has length less/equal with the passed value", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "`true` or `false`\nA boolean value returned from the called function.", "types": ["Boolean"]}]}}], "docstring": {"text": "Validate that a passed string has length less/equal with the passed value", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "`true` or `false`\nA boolean value returned from the called function.", "types": ["Boolean"]}]}, "source": "Puppet::Functions.create_function(:validate_slength) do\n # @param scope\n # The main value that will be passed to the method\n #\n # @param args\n # Any additional values that are to be passed to the method\n #\n # @return [Boolean] `true` or `false`\n # A boolean value returned from the called function.\n dispatch :deprecation_gen do\n param 'Any', :scope\n repeated_param 'Any', :args\n end\n # Workaround PUP-4438 (fixed: https://github.com/puppetlabs/puppet/commit/e01c4dc924cd963ff6630008a5200fc6a2023b08#diff-\n # c937cc584953271bb3d3b3c2cb141790R221) to support puppet < 4.1.0 and puppet < 3.8.1.\n def call(scope, *args)\n manipulated_args = [scope] + args\n self.class.dispatcher.dispatch(self, scope, manipulated_args)\n end\n\n def deprecation_gen(scope, *args)\n call_function('deprecation', 'validate_slength', 'This method is deprecated, please use the stdlib validate_legacy function,\n with String[]. There is further documentation for validate_legacy function in the README.')\n scope.send('function_validate_slength', args)\n end\nend"}, {"name": "validate_slength", "file": "lib/puppet/parser/functions/validate_slength.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "validate_slength()", "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "The following values will pass:\n\n validate_slength(\"discombobulate\",17)\n validate_slength([\"discombobulate\",\"moo\"],17)\n validate_slength([\"discombobulate\",\"moo\"],17,3)\n\nThe following valueis will not:\n\n validate_slength(\"discombobulate\",1)\n validate_slength([\"discombobulate\",\"thermometer\"],5)\n validate_slength([\"discombobulate\",\"moo\"],17,10)", "name": "**Usage**"}, {"tag_name": "return", "text": "validate that the first argument is a string (or an array of strings), and less/equal to than the length of the second argument. Fail compilation if any of the checks fail.", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "The following values will pass:\n\n validate_slength(\"discombobulate\",17)\n validate_slength([\"discombobulate\",\"moo\"],17)\n validate_slength([\"discombobulate\",\"moo\"],17,3)\n\nThe following valueis will not:\n\n validate_slength(\"discombobulate\",1)\n validate_slength([\"discombobulate\",\"thermometer\"],5)\n validate_slength([\"discombobulate\",\"moo\"],17,10)", "name": "**Usage**"}, {"tag_name": "return", "text": "validate that the first argument is a string (or an array of strings), and less/equal to than the length of the second argument. Fail compilation if any of the checks fail.", "types": ["Any"]}, {"tag_name": "summary", "text": "Validate that the first argument is a string (or an array of strings), and less/equal to than the length of the second argument.\nAn optional third parameter can be given the minimum length. It fails if the first argument is not a string or array of strings,\nand if arg 2 and arg 3 are not convertable to a number."}]}, "source": "newfunction(:validate_slength, doc: <<-DOC\n @summary\n Validate that the first argument is a string (or an array of strings), and less/equal to than the length of the second argument.\n An optional third parameter can be given the minimum length. It fails if the first argument is not a string or array of strings,\n and if arg 2 and arg 3 are not convertable to a number.\n\n @return\n validate that the first argument is a string (or an array of strings), and less/equal to than the length of the second argument. Fail compilation if any of the checks fail.\n\n @example **Usage**\n The following values will pass:\n\n validate_slength(\"discombobulate\",17)\n validate_slength([\"discombobulate\",\"moo\"],17)\n validate_slength([\"discombobulate\",\"moo\"],17,3)\n\n The following valueis will not:\n\n validate_slength(\"discombobulate\",1)\n validate_slength([\"discombobulate\",\"thermometer\"],5)\n validate_slength([\"discombobulate\",\"moo\"],17,10)\n DOC\n) do |args|\n function_deprecation([:validate_slength, 'This method is deprecated, please use the stdlib validate_legacy function,\n with String[]. There is further documentation for validate_legacy function in the README.'])\n\n raise Puppet::ParseError, \"validate_slength(): Wrong number of arguments (#{args.length}; must be 2 or 3)\" unless args.length == 2 || args.length == 3\n\n input, max_length, min_length = *args\n\n begin\n max_length = Integer(max_length)\n raise ArgumentError if max_length <= 0\n rescue ArgumentError, TypeError\n raise Puppet::ParseError, \"validate_slength(): Expected second argument to be a positive Numeric, got #{max_length}:#{max_length.class}\"\n end\n\n if min_length\n begin\n min_length = Integer(min_length)\n raise ArgumentError if min_length < 0\n rescue ArgumentError, TypeError\n raise Puppet::ParseError, \"validate_slength(): Expected third argument to be unset or a positive Numeric, got #{min_length}:#{min_length.class}\"\n end\n else\n min_length = 0\n end\n\n raise Puppet::ParseError, 'validate_slength(): Expected second argument to be equal to or larger than third argument' unless max_length >= min_length\n\n validator = ->(str) do\n unless str.length <= max_length && str.length >= min_length\n raise Puppet::ParseError, \"validate_slength(): Expected length of #{input.inspect} to be between #{min_length} and #{max_length}, was #{input.length}\"\n end\n end\n\n case input\n when String\n validator.call(input)\n when Array\n input.each_with_index do |arg, pos|\n raise Puppet::ParseError, \"validate_slength(): Expected element at array position #{pos} to be a String, got #{arg.class}\" unless arg.is_a? String\n validator.call(arg)\n end\n else\n raise Puppet::ParseError, \"validate_slength(): Expected first argument to be a String or Array, got #{input.class}\"\n end\nend"}, {"name": "validate_string", "file": "lib/puppet/functions/validate_string.rb", "line": 5, "type": "ruby4x", "signatures": [{"signature": "validate_string(Any $scope, Any *$args)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "`true` or `false`\nA boolean value returned from the called function.", "types": ["Boolean"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The main value that will be passed to the method", "types": ["Any"], "name": "scope"}, {"tag_name": "param", "text": "Any additional values that are to be passed to the method", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "`true` or `false`\nA boolean value returned from the called function.", "types": ["Boolean"]}, {"tag_name": "summary", "text": "Validate that all passed values are string data structures."}]}, "source": "Puppet::Functions.create_function(:validate_string) do\n # @param scope\n # The main value that will be passed to the method\n #\n # @param args\n # Any additional values that are to be passed to the method\n #\n # @return [Boolean] `true` or `false`\n # A boolean value returned from the called function.\n dispatch :deprecation_gen do\n param 'Any', :scope\n repeated_param 'Any', :args\n end\n # Workaround PUP-4438 (fixed: https://github.com/puppetlabs/puppet/commit/e01c4dc924cd963ff6630008a5200fc6a2023b08#diff-\n # c937cc584953271bb3d3b3c2cb141790R221) to support puppet < 4.1.0 and puppet < 3.8.1.\n def call(scope, *args)\n manipulated_args = [scope] + args\n self.class.dispatcher.dispatch(self, scope, manipulated_args)\n end\n\n def deprecation_gen(scope, *args)\n call_function('deprecation', 'validate_string', 'This method is deprecated, please use the stdlib validate_legacy function,\n with Stdlib::Compat::String. There is further documentation for validate_legacy function in the README.')\n scope.send('function_validate_string', args)\n end\nend"}, {"name": "validate_string", "file": "lib/puppet/parser/functions/validate_string.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "validate_string()", "docstring": {"text": "> *Note:*\nValidate_string(undef) will not fail in this version of the\nfunctions API (incl. current and future parser). Instead, use:\n```\n if $var == undef {\n fail('...')\n }\n```", "tags": [{"tag_name": "example", "text": "The following values will pass:\n\n $my_string = \"one two\"\n validate_string($my_string, 'three')\n\nThe following values will fail, causing compilation to abort:\n\n validate_string(true)\n validate_string([ 'some', 'array' ])", "name": "**Usage**"}, {"tag_name": "return", "text": "Validate that all passed values are string data structures. Failed\ncompilation if any value fails this check.", "types": ["Any"]}]}}], "docstring": {"text": "> *Note:*\nValidate_string(undef) will not fail in this version of the\nfunctions API (incl. current and future parser). Instead, use:\n```\n if $var == undef {\n fail('...')\n }\n```", "tags": [{"tag_name": "example", "text": "The following values will pass:\n\n $my_string = \"one two\"\n validate_string($my_string, 'three')\n\nThe following values will fail, causing compilation to abort:\n\n validate_string(true)\n validate_string([ 'some', 'array' ])", "name": "**Usage**"}, {"tag_name": "return", "text": "Validate that all passed values are string data structures. Failed\ncompilation if any value fails this check.", "types": ["Any"]}, {"tag_name": "summary", "text": "Validate that all passed values are string data structures"}]}, "source": "newfunction(:validate_string, doc: <<-DOC\n @summary\n Validate that all passed values are string data structures\n\n @return\n Validate that all passed values are string data structures. Failed\n compilation if any value fails this check.\n\n @example **Usage**\n The following values will pass:\n\n $my_string = \"one two\"\n validate_string($my_string, 'three')\n\n The following values will fail, causing compilation to abort:\n\n validate_string(true)\n validate_string([ 'some', 'array' ])\n > *Note:*\n Validate_string(undef) will not fail in this version of the\n functions API (incl. current and future parser). Instead, use:\n ```\n if $var == undef {\n fail('...')\n }\n ```\n DOC\n) do |args|\n function_deprecation([:validate_string, 'This method is deprecated, please use the stdlib validate_legacy function,\n with Stdlib::Compat::String. There is further documentation for validate_legacy function in the README.'])\n\n if args.empty?\n raise Puppet::ParseError, \"validate_string(): wrong number of arguments (#{args.length}; must be > 0)\"\n end\n\n args.each do |arg|\n # when called through the v4 API shim, undef gets translated to nil\n unless arg.is_a?(String) || arg.nil?\n raise Puppet::ParseError, \"#{arg.inspect} is not a string. It looks to be a #{arg.class}\"\n end\n end\nend"}, {"name": "validate_x509_rsa_key_pair", "file": "lib/puppet/parser/functions/validate_x509_rsa_key_pair.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "validate_x509_rsa_key_pair()", "docstring": {"text": "```validate_x509_rsa_key_pair($cert, $key)```", "tags": [{"tag_name": "return", "text": "Fail compilation if any value fails this check.", "types": ["Any"]}]}}], "docstring": {"text": "```validate_x509_rsa_key_pair($cert, $key)```", "tags": [{"tag_name": "return", "text": "Fail compilation if any value fails this check.", "types": ["Any"]}, {"tag_name": "summary", "text": "Validates a PEM-formatted X.509 certificate and RSA private key using\nOpenSSL. Verifies that the certficate's signature was created from the\nsupplied key."}]}, "source": "newfunction(:validate_x509_rsa_key_pair, doc: <<-DOC\n @summary\n Validates a PEM-formatted X.509 certificate and RSA private key using\n OpenSSL. Verifies that the certficate's signature was created from the\n supplied key.\n\n @return\n Fail compilation if any value fails this check.\n\n ```validate_x509_rsa_key_pair($cert, $key)```\n\n DOC\n) do |args|\n require 'openssl'\n\n NUM_ARGS = 2 unless defined? NUM_ARGS\n\n unless args.length == NUM_ARGS\n raise Puppet::ParseError,\n \"validate_x509_rsa_key_pair(): wrong number of arguments (#{args.length}; must be #{NUM_ARGS})\"\n end\n\n args.each do |arg|\n unless arg.is_a?(String)\n raise Puppet::ParseError, \"#{arg.inspect} is not a string.\"\n end\n end\n\n begin\n cert = OpenSSL::X509::Certificate.new(args[0])\n rescue OpenSSL::X509::CertificateError => e\n raise Puppet::ParseError, \"Not a valid x509 certificate: #{e}\"\n end\n\n begin\n key = OpenSSL::PKey::RSA.new(args[1])\n rescue OpenSSL::PKey::RSAError => e\n raise Puppet::ParseError, \"Not a valid RSA key: #{e}\"\n end\n\n unless cert.verify(key)\n raise Puppet::ParseError, 'Certificate signature does not match supplied key'\n end\nend"}, {"name": "values", "file": "lib/puppet/parser/functions/values.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "values()", "docstring": {"text": "> *Note:*\nFrom Puppet 5.5.0, the compatible function with the same name in Puppet core\nwill be used instead of this function.", "tags": [{"tag_name": "example", "text": "$hash = {\n 'a' => 1,\n 'b' => 2,\n 'c' => 3,\n}\nvalues($hash)\n\nThis example would return: ```[1,2,3]```", "name": "**Usage**"}, {"tag_name": "return", "text": "array of values", "types": ["Any"]}]}}], "docstring": {"text": "> *Note:*\nFrom Puppet 5.5.0, the compatible function with the same name in Puppet core\nwill be used instead of this function.", "tags": [{"tag_name": "example", "text": "$hash = {\n 'a' => 1,\n 'b' => 2,\n 'c' => 3,\n}\nvalues($hash)\n\nThis example would return: ```[1,2,3]```", "name": "**Usage**"}, {"tag_name": "return", "text": "array of values", "types": ["Any"]}, {"tag_name": "summary", "text": "When given a hash this function will return the values of that hash."}]}, "source": "newfunction(:values, type: :rvalue, doc: <<-DOC\n @summary\n When given a hash this function will return the values of that hash.\n\n @return\n array of values\n\n @example **Usage**\n $hash = {\n 'a' => 1,\n 'b' => 2,\n 'c' => 3,\n }\n values($hash)\n\n This example would return: ```[1,2,3]```\n\n > *Note:*\n From Puppet 5.5.0, the compatible function with the same name in Puppet core\n will be used instead of this function.\n\nDOC\n) do |arguments|\n raise(Puppet::ParseError, \"values(): Wrong number of arguments given (#{arguments.size} for 1)\") if arguments.empty?\n\n hash = arguments[0]\n\n unless hash.is_a?(Hash)\n raise(Puppet::ParseError, 'values(): Requires hash to work with')\n end\n\n result = hash.values\n\n return result\nend"}, {"name": "values_at", "file": "lib/puppet/parser/functions/values_at.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "values_at()", "docstring": {"text": "The first argument is the array you want to analyze, and the second element can\nbe a combination of:\n\n* A single numeric index\n* A range in the form of 'start-stop' (eg. 4-9)\n* An array combining the above\n\n> *Note:*\nSince Puppet 4.0.0 it is possible to slice an array with index and count directly in the language.\nA negative value is taken to be \"from the end\" of the array:\n\n`['a', 'b', 'c', 'd'][1, 2]` results in `['b', 'c']`\n`['a', 'b', 'c', 'd'][2, -1]` results in `['c', 'd']`\n`['a', 'b', 'c', 'd'][1, -2]` results in `['b', 'c']`", "tags": [{"tag_name": "example", "text": "\nvalues_at(['a','b','c'], 2)\nWould return ['c']\n\nvalues_at(['a','b','c'], [\"0-1\"])\nWould return ['a','b']\n\nvalues_at(['a','b','c','d','e'], [0, \"2-3\"])\nWould return ['a','c','d']", "name": "**Usage**"}, {"tag_name": "return", "text": "an array of values identified by location", "types": ["Any"]}]}}], "docstring": {"text": "The first argument is the array you want to analyze, and the second element can\nbe a combination of:\n\n* A single numeric index\n* A range in the form of 'start-stop' (eg. 4-9)\n* An array combining the above\n\n> *Note:*\nSince Puppet 4.0.0 it is possible to slice an array with index and count directly in the language.\nA negative value is taken to be \"from the end\" of the array:\n\n`['a', 'b', 'c', 'd'][1, 2]` results in `['b', 'c']`\n`['a', 'b', 'c', 'd'][2, -1]` results in `['c', 'd']`\n`['a', 'b', 'c', 'd'][1, -2]` results in `['b', 'c']`", "tags": [{"tag_name": "example", "text": "\nvalues_at(['a','b','c'], 2)\nWould return ['c']\n\nvalues_at(['a','b','c'], [\"0-1\"])\nWould return ['a','b']\n\nvalues_at(['a','b','c','d','e'], [0, \"2-3\"])\nWould return ['a','c','d']", "name": "**Usage**"}, {"tag_name": "return", "text": "an array of values identified by location", "types": ["Any"]}, {"tag_name": "summary", "text": "Finds value inside an array based on location."}]}, "source": "newfunction(:values_at, type: :rvalue, doc: <<-DOC\n @summary\n Finds value inside an array based on location.\n\n The first argument is the array you want to analyze, and the second element can\n be a combination of:\n\n * A single numeric index\n * A range in the form of 'start-stop' (eg. 4-9)\n * An array combining the above\n\n @return\n an array of values identified by location\n\n @example **Usage**\n\n values_at(['a','b','c'], 2)\n Would return ['c']\n\n values_at(['a','b','c'], [\"0-1\"])\n Would return ['a','b']\n\n values_at(['a','b','c','d','e'], [0, \"2-3\"])\n Would return ['a','c','d']\n\n > *Note:*\n Since Puppet 4.0.0 it is possible to slice an array with index and count directly in the language.\n A negative value is taken to be \"from the end\" of the array:\n\n `['a', 'b', 'c', 'd'][1, 2]` results in `['b', 'c']`\n `['a', 'b', 'c', 'd'][2, -1]` results in `['c', 'd']`\n `['a', 'b', 'c', 'd'][1, -2]` results in `['b', 'c']`\n\n DOC\n) do |arguments|\n raise(Puppet::ParseError, \"values_at(): Wrong number of arguments given (#{arguments.size} for 2)\") if arguments.size < 2\n\n array = arguments.shift\n\n unless array.is_a?(Array)\n raise(Puppet::ParseError, 'values_at(): Requires array to work with')\n end\n\n indices = [arguments.shift].flatten # Get them all ... Pokemon ...\n\n if !indices || indices.empty?\n raise(Puppet::ParseError, 'values_at(): You must provide at least one positive index to collect')\n end\n\n indices_list = []\n\n indices.each do |i|\n i = i.to_s\n m = i.match(%r{^(\\d+)(\\.\\.\\.?|\\-)(\\d+)$})\n if m\n start = m[1].to_i\n stop = m[3].to_i\n\n type = m[2]\n\n raise(Puppet::ParseError, 'values_at(): Stop index in given indices range is smaller than the start index') if start > stop\n raise(Puppet::ParseError, 'values_at(): Stop index in given indices range exceeds array size') if stop > array.size - 1 # First element is at index 0 is it not?\n\n range = case type\n when %r{^(\\.\\.|\\-)$} then (start..stop)\n when %r{^(\\.\\.\\.)$} then (start...stop) # Exclusive of last element ...\n end\n\n range.each { |i| indices_list << i.to_i } # rubocop:disable Lint/ShadowingOuterLocalVariable : Value is meant to be shadowed\n else\n # Only positive numbers allowed in this case ...\n unless %r{^\\d+$}.match?(i)\n raise(Puppet::ParseError, 'values_at(): Unknown format of given index')\n end\n\n # In Puppet numbers are often string-encoded ...\n i = i.to_i\n\n if i > array.size - 1 # Same story. First element is at index 0 ...\n raise(Puppet::ParseError, 'values_at(): Given index exceeds array size')\n end\n\n indices_list << i\n end\n end\n\n # We remove nil values as they make no sense in Puppet DSL ...\n result = indices_list.map { |i| array[i] }.compact\n\n return result\nend"}, {"name": "zip", "file": "lib/puppet/parser/functions/zip.rb", "line": 7, "type": "ruby3x", "signatures": [{"signature": "zip()", "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "zip(['1','2','3'],['4','5','6'])\nWould result in: [\"1\", \"4\"], [\"2\", \"5\"], [\"3\", \"6\"]", "name": ""}, {"tag_name": "return", "text": "This generates a sequence of n-element arrays, where n is one more than the count of arguments.", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "zip(['1','2','3'],['4','5','6'])\nWould result in: [\"1\", \"4\"], [\"2\", \"5\"], [\"3\", \"6\"]", "name": ""}, {"tag_name": "return", "text": "This generates a sequence of n-element arrays, where n is one more than the count of arguments.", "types": ["Any"]}, {"tag_name": "summary", "text": "Takes one element from first array and merges corresponding elements from second array."}]}, "source": "newfunction(:zip, type: :rvalue, doc: <<-DOC\n @summary\n Takes one element from first array and merges corresponding elements from second array.\n\n @return\n This generates a sequence of n-element arrays, where n is one more than the count of arguments.\n\n @example\n zip(['1','2','3'],['4','5','6'])\n Would result in: [\"1\", \"4\"], [\"2\", \"5\"], [\"3\", \"6\"]\n DOC\n) do |arguments|\n # Technically we support three arguments but only first is mandatory ...\n raise(Puppet::ParseError, \"zip(): Wrong number of arguments given (#{arguments.size} for 2)\") if arguments.size < 2\n\n a = arguments[0]\n b = arguments[1]\n\n unless a.is_a?(Array) && b.is_a?(Array)\n raise(Puppet::ParseError, 'zip(): Requires array to work with')\n end\n\n flatten = function_str2bool([arguments[2]]) if arguments[2]\n\n result = a.zip(b)\n result = flatten ? result.flatten : result\n\n return result\nend"}, {"name": "translate", "file": "lib/puppet/functions/translate.rb", "line": 2, "type": "ruby4x", "signatures": [{"signature": "translate(String $message, Optional[Hash] $interpolation_values)", "docstring": {"text": "A function that calls the _() function in gettext. This is because _ is protected in the puppet language", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "message"}, {"tag_name": "param", "text": "", "types": ["Optional[Hash]"], "name": "interpolation_values"}, {"tag_name": "return", "text": "", "types": ["Any"]}]}}], "docstring": {"text": "A function that calls the _() function in gettext. This is because _ is protected in the puppet language", "tags": [{"tag_name": "param", "text": "", "types": ["String"], "name": "message"}, {"tag_name": "param", "text": "", "types": ["Optional[Hash]"], "name": "interpolation_values"}, {"tag_name": "return", "text": "", "types": ["Any"]}]}, "source": "Puppet::Functions.create_function(:translate) do\n dispatch :translate do\n param 'String', :message\n optional_param 'Hash', :interpolation_values\n end\n\n def translate(message, interpolation_values = nil)\n if interpolation_values.nil?\n _(message)\n else\n # convert keys to symbols\n interpolation_values = Hash[interpolation_values.map { |k, v| [k.to_sym, v] }]\n _(message) % interpolation_values\n end\n end\nend"}, {"name": "create_ini_settings", "file": "lib/puppet/functions/create_ini_settings.rb", "line": 4, "type": "ruby4x", "signatures": [{"signature": "create_ini_settings(Any *$args)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "", "types": ["Any"]}, {"tag_name": "summary", "text": "DEPRECATED. Use the namespaced function [`inifile::create_ini_settings`](#inifilecreate_ini_settings) instead."}]}, "source": "Puppet::Functions.create_function(:create_ini_settings) do\n dispatch :deprecation_gen do\n repeated_param 'Any', :args\n end\n def deprecation_gen(*args)\n call_function('deprecation', 'create_ini_settings', 'This method is deprecated, please use inifile::create_ini_settings instead.')\n call_function('inifile::create_ini_settings', *args)\n end\nend"}, {"name": "inifile::create_ini_settings", "file": "lib/puppet/functions/inifile/create_ini_settings.rb", "line": 4, "type": "ruby4x", "signatures": [{"signature": "inifile::create_ini_settings(Hash $settings, Optional[Hash] $defaults)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "A hash of settings you want to create ini_setting resources from", "types": ["Hash"], "name": "settings"}, {"tag_name": "param", "text": "A hash of defaults you would like to use in the ini_setting resources", "types": ["Optional[Hash]"], "name": "defaults"}, {"tag_name": "return", "text": "", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "A hash of settings you want to create ini_setting resources from", "types": ["Hash"], "name": "settings"}, {"tag_name": "param", "text": "A hash of defaults you would like to use in the ini_setting resources", "types": ["Optional[Hash]"], "name": "defaults"}, {"tag_name": "return", "text": "", "types": ["Any"]}, {"tag_name": "summary", "text": "This function is used to create a set of ini_setting resources from a hash"}]}, "source": "Puppet::Functions.create_function(:'inifile::create_ini_settings') do\n # @param settings\n # A hash of settings you want to create ini_setting resources from\n # @param defaults\n # A hash of defaults you would like to use in the ini_setting resources\n dispatch :default_impl do\n param 'Hash', :settings\n optional_param 'Hash', :defaults\n end\n\n def default_impl(settings, defaults = {})\n resources = settings.keys.each_with_object({}) do |section, res|\n unless settings[section].is_a?(Hash)\n raise(Puppet::ParseError,\n _('create_ini_settings(): Section %{section} must contain a Hash') % { section: section })\n end\n\n path = defaults.merge(settings)['path']\n raise Puppet::ParseError, _('create_ini_settings(): must pass the path parameter to the Ini_setting resource!') unless path\n\n settings[section].each do |setting, value|\n res[\"#{path} [#{section}] #{setting}\"] = {\n 'ensure' => 'present',\n 'section' => section,\n 'setting' => setting,\n }.merge(if value.is_a?(Hash)\n value\n else\n { 'value' => value }\n end)\n end\n end\n\n call_function('create_resources', 'ini_setting', resources, defaults)\n end\nend"}, {"name": "yum::bool2num_hash_recursive", "file": "functions/bool2num_hash_recursive.pp", "line": 29, "type": "puppet", "signatures": [{"signature": "yum::bool2num_hash_recursive(Hash $arg)", "docstring": {"text": "This functions converts the Boolean values of a Hash to Integers,\neither '0' or '1'. It does this recursively, decending as far as the\nlanguage implemenation will allow. Note that Structs and Arrays will\nbe ignored, even if they contain Hashes.", "tags": [{"tag_name": "example", "text": "\nHash $foo = {\n bar => { 'a' => true, 'b' => 'b' },\n baz => false,\n qux => [{ 'c' => true }, { 'd' => false }],\n}\n\nyum::bool2num_hash_recursive($foo)\n\nThe above would return:\n\n{\n bar => { 'a' => 1, 'b' => 'b' },\n baz => 0,\n qux => [{ 'c' => true }, { 'd' => false }],\n}", "name": "Usage"}, {"tag_name": "param", "text": "The hash on which to operate", "types": ["Hash"], "name": "arg"}, {"tag_name": "return", "text": "", "types": ["Hash"]}]}}], "docstring": {"text": "This functions converts the Boolean values of a Hash to Integers,\neither '0' or '1'. It does this recursively, decending as far as the\nlanguage implemenation will allow. Note that Structs and Arrays will\nbe ignored, even if they contain Hashes.", "tags": [{"tag_name": "example", "text": "\nHash $foo = {\n bar => { 'a' => true, 'b' => 'b' },\n baz => false,\n qux => [{ 'c' => true }, { 'd' => false }],\n}\n\nyum::bool2num_hash_recursive($foo)\n\nThe above would return:\n\n{\n bar => { 'a' => 1, 'b' => 'b' },\n baz => 0,\n qux => [{ 'c' => true }, { 'd' => false }],\n}", "name": "Usage"}, {"tag_name": "param", "text": "The hash on which to operate", "types": ["Hash"], "name": "arg"}, {"tag_name": "private", "text": ""}, {"tag_name": "return", "text": "", "types": ["Hash"]}]}, "source": "function yum::bool2num_hash_recursive($arg) {\n assert_type(Hash, $arg)\n $arg.map |$key, $value| {\n $return_value = $value ? {\n Boolean => bool2num($value),\n Hash => yum::bool2num_hash_recursive($value),\n default => $value,\n }\n # see the issue for the strange/asymetrical whitespace\n # https://github.com/kuleuven/puppet-lint-manifest_whitespace-check/issues/8\n Hash({ $key => $return_value })\n }.reduce |$attrs_memo, $kv| {\n merge($attrs_memo, $kv)\n }\n}"}, {"name": "archive::artifactory_checksum", "file": "lib/puppet/functions/archive/artifactory_checksum.rb", "line": 6, "type": "ruby4x", "signatures": [{"signature": "archive::artifactory_checksum(Stdlib::HTTPUrl $url, Optional[Enum['sha1','sha256','md5']] $checksum_type)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The URL of the artifact.", "types": ["Stdlib::HTTPUrl"], "name": "url"}, {"tag_name": "param", "text": "The checksum type.\nNote the function will raise an error if you ask for sha256 but your artifactory instance doesn't have the sha256 value calculated.", "types": ["Optional[Enum['sha1','sha256','md5']]"], "name": "checksum_type"}, {"tag_name": "return", "text": "Returns the checksum.", "types": ["String"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The URL of the artifact.", "types": ["Stdlib::HTTPUrl"], "name": "url"}, {"tag_name": "param", "text": "The checksum type.\nNote the function will raise an error if you ask for sha256 but your artifactory instance doesn't have the sha256 value calculated.", "types": ["Optional[Enum['sha1','sha256','md5']]"], "name": "checksum_type"}, {"tag_name": "return", "text": "Returns the checksum.", "types": ["String"]}, {"tag_name": "summary", "text": "A function that returns the checksum value of an artifact stored in Artifactory"}]}, "source": "Puppet::Functions.create_function(:'archive::artifactory_checksum') do\n # @summary A function that returns the checksum value of an artifact stored in Artifactory\n # @param url The URL of the artifact.\n # @param checksum_type The checksum type.\n # Note the function will raise an error if you ask for sha256 but your artifactory instance doesn't have the sha256 value calculated.\n # @return [String] Returns the checksum.\n dispatch :artifactory_checksum do\n param 'Stdlib::HTTPUrl', :url\n optional_param \"Enum['sha1','sha256','md5']\", :checksum_type\n return_type 'String'\n end\n\n def artifactory_checksum(url, checksum_type = 'sha1')\n uri = URI(url.sub('/artifactory/', '/artifactory/api/storage/'))\n\n response = PuppetX::Bodeco::Util.content(uri)\n content = JSON.parse(response)\n\n checksum = content['checksums'] && content['checksums'][checksum_type]\n raise(\"Could not parse #{checksum_type} from url: #{uri}\\nresponse: #{response.body}\") unless checksum =~ %r{\\b[0-9a-f]{5,64}\\b}\n\n checksum\n end\nend"}, {"name": "archive::artifactory_latest_url", "file": "lib/puppet/functions/archive/artifactory_latest_url.rb", "line": 6, "type": "ruby4x", "signatures": [{"signature": "archive::artifactory_latest_url(Variant[Stdlib::HTTPUrl, Stdlib::HTTPSUrl] $url, Hash $maven_data)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Variant[Stdlib::HTTPUrl, Stdlib::HTTPSUrl]"], "name": "url"}, {"tag_name": "param", "text": "", "types": ["Hash"], "name": "maven_data"}, {"tag_name": "return", "text": "", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Variant[Stdlib::HTTPUrl, Stdlib::HTTPSUrl]"], "name": "url"}, {"tag_name": "param", "text": "", "types": ["Hash"], "name": "maven_data"}, {"tag_name": "return", "text": "", "types": ["Any"]}]}, "source": "Puppet::Functions.create_function(:'archive::artifactory_latest_url') do\n dispatch :artifactory_latest_url do\n param 'Variant[Stdlib::HTTPUrl, Stdlib::HTTPSUrl]', :url\n param 'Hash', :maven_data\n end\n\n def artifactory_latest_url(url, maven_data)\n # Turn provided artifactory URL into the fileinfo API endpoint of the parent directory\n uri = URI(url.sub('/artifactory/', '/artifactory/api/storage/')[%r{^(.*)/.*$}, 1])\n\n response = PuppetX::Bodeco::Util.content(uri)\n content = JSON.parse(response)\n\n uris = if maven_data['classifier']\n content['children'].select do |child|\n child['uri'] =~ %r{^/#{maven_data['module']}-#{maven_data['base_rev']}-(SNAPSHOT|(?:(?:[0-9]{8}.[0-9]{6})-(?:[0-9]+)))-#{maven_data['classifier']}\\.#{maven_data['ext']}$} && !child['folder']\n end\n else\n content['children'].select do |child|\n child['uri'] =~ %r{^/#{maven_data['module']}-#{maven_data['base_rev']}-(SNAPSHOT|(?:(?:[0-9]{8}.[0-9]{6})-(?:[0-9]+)))\\.#{maven_data['ext']}$} && !child['folder']\n end\n end\n\n raise(\"Couldn't find any Artifactory artifacts\") if uris.empty?\n\n latest = uris.max_by { |x| x['uri'] }['uri']\n Puppet.debug(\"Latest artifact found for #{url} was #{latest}\")\n\n # Now GET the fileinfo endpoint of the resolved latest version file\n uri = URI(\"#{content['uri']}#{latest}\")\n response = PuppetX::Bodeco::Util.content(uri)\n content = JSON.parse(response)\n\n url = content['downloadUri']\n sha1 = content['checksums'] && content['checksums']['sha1']\n\n {\n 'url' => url,\n 'sha1' => sha1\n }\n end\nend"}, {"name": "archive::assemble_nexus_url", "file": "lib/puppet/functions/archive/assemble_nexus_url.rb", "line": 8, "type": "ruby4x", "signatures": [{"signature": "archive::assemble_nexus_url(Stdlib::HTTPUrl $nexus_url, Hash $params)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The base nexus URL", "types": ["Stdlib::HTTPUrl"], "name": "nexus_url"}, {"tag_name": "param", "text": "The query parameters as a hash", "types": ["Hash"], "name": "params"}, {"tag_name": "return", "text": "The assembled URL", "types": ["Stdlib::HTTPUrl"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "param", "text": "The base nexus URL", "types": ["Stdlib::HTTPUrl"], "name": "nexus_url"}, {"tag_name": "param", "text": "The query parameters as a hash", "types": ["Hash"], "name": "params"}, {"tag_name": "return", "text": "The assembled URL", "types": ["Stdlib::HTTPUrl"]}, {"tag_name": "summary", "text": "Assembles a complete nexus URL from the base url and query parameters"}]}, "source": "Puppet::Functions.create_function(:'archive::assemble_nexus_url') do\n # @param nexus_url\n # The base nexus URL\n # @param params\n # The query parameters as a hash\n #\n # @return [Stdlib::HTTPUrl]\n # The assembled URL\n dispatch :default_impl do\n param 'Stdlib::HTTPUrl', :nexus_url\n param 'Hash', :params\n return_type 'Stdlib::HTTPUrl'\n end\n\n def default_impl(nexus_url, params)\n service_relative_url = 'service/local/artifact/maven/content'\n\n query_string = params.to_a.map { |x| \"#{x[0]}=#{CGI.escape(x[1])}\" }.join('&')\n\n \"#{nexus_url}/#{service_relative_url}?#{query_string}\"\n end\nend"}, {"name": "archive::go_md5", "file": "lib/puppet/functions/archive/go_md5.rb", "line": 9, "type": "ruby4x", "signatures": [{"signature": "archive::go_md5(String $username, String $password, String[1] $file, Stdlib::HTTPUrl $url)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "GoCD username", "types": ["String"], "name": "username"}, {"tag_name": "param", "text": "GoCD password", "types": ["String"], "name": "password"}, {"tag_name": "param", "text": "GoCD filename", "types": ["String[1]"], "name": "file"}, {"tag_name": "param", "text": "The GoCD MD5 checkum URL", "types": ["Stdlib::HTTPUrl"], "name": "url"}, {"tag_name": "return", "text": "The MD5 string", "types": ["String"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "param", "text": "GoCD username", "types": ["String"], "name": "username"}, {"tag_name": "param", "text": "GoCD password", "types": ["String"], "name": "password"}, {"tag_name": "param", "text": "GoCD filename", "types": ["String[1]"], "name": "file"}, {"tag_name": "param", "text": "The GoCD MD5 checkum URL", "types": ["Stdlib::HTTPUrl"], "name": "url"}, {"tag_name": "return", "text": "The MD5 string", "types": ["String"]}, {"tag_name": "see", "name": "http://www.thoughtworks.com/products/docs/go/12.4/help/Artifacts_API.html"}, {"tag_name": "summary", "text": "Retrieves and returns specific file's md5 from GoCD server md5 checksum file"}]}, "source": "Puppet::Functions.create_function(:'archive::go_md5') do\n # @param username\n # GoCD username\n # @param password\n # GoCD password\n # @param file\n # GoCD filename\n # @param url\n # The GoCD MD5 checkum URL\n # @return [String]\n # The MD5 string\n dispatch :default_impl do\n param 'String', :username\n param 'String', :password\n param 'String[1]', :file\n param 'Stdlib::HTTPUrl', :url\n return_type 'String'\n end\n\n def default_impl(username, password, file, url)\n uri = URI(url)\n response = PuppetX::Bodeco::Util.content(uri, username: username, password: password)\n\n checksums = response.split(\"\\n\")\n line = checksums.find { |x| x =~ %r{#{file}=} }\n md5 = line.match(%r{\\b[0-9a-f]{5,40}\\b}) unless line.nil?\n raise(\"Could not parse md5 from url #{url} response: #{response}\") unless md5\n\n md5[0]\n end\nend"}, {"name": "archive::parse_artifactory_url", "file": "lib/puppet/functions/archive/parse_artifactory_url.rb", "line": 4, "type": "ruby4x", "signatures": [{"signature": "archive::parse_artifactory_url(Variant[Stdlib::HTTPUrl, Stdlib::HTTPSUrl] $url)", "docstring": {"text": "A function to parse an Artifactory maven 2 repository URL", "tags": [{"tag_name": "param", "text": "", "types": ["Variant[Stdlib::HTTPUrl, Stdlib::HTTPSUrl]"], "name": "url"}, {"tag_name": "return", "text": "", "types": ["Any"]}]}}], "docstring": {"text": "A function to parse an Artifactory maven 2 repository URL", "tags": [{"tag_name": "param", "text": "", "types": ["Variant[Stdlib::HTTPUrl, Stdlib::HTTPSUrl]"], "name": "url"}, {"tag_name": "return", "text": "", "types": ["Any"]}]}, "source": "Puppet::Functions.create_function(:'archive::parse_artifactory_url') do\n dispatch :parse_artifactory_url do\n param 'Variant[Stdlib::HTTPUrl, Stdlib::HTTPSUrl]', :url\n end\n\n def parse_artifactory_url(url)\n # Regex is for the 'maven-2-default Repository Layout'\n matchdata = url.match(%r{\n (?<base_url>.*/artifactory)\n /\n (?<repository>[^/]+)\n /\n (?<org_path>.+?)\n /\n (?<module>[^/]+)\n /\n (?<base_rev>[^/]+?)\n (?:-(?<folder_iteg_rev>SNAPSHOT))?\n /\n \\k<module>-\\k<base_rev>\n (?:-(?<file_iteg_rev>SNAPSHOT|(?:(?:[0-9]{8}.[0-9]{6})-(?:[0-9]+))))?\n (?:-(?<classifier>[^/]+?))?\n \\.\n (?<ext>(?:(?!\\d))[^\\-/]+|7z)\n }x)\n return nil unless matchdata\n\n matchdata.names.zip(matchdata.captures).to_h\n end\nend"}, {"name": "postgresql::default", "file": "functions/default.pp", "line": 6, "type": "puppet", "signatures": [{"signature": "postgresql::default(String $parameter_name)", "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "postgresql::default('variable')", "name": ""}, {"tag_name": "param", "text": "", "types": ["String"], "name": "parameter_name"}, {"tag_name": "return", "text": "", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "postgresql::default('variable')", "name": ""}, {"tag_name": "param", "text": "", "types": ["String"], "name": "parameter_name"}, {"tag_name": "return", "text": "", "types": ["Any"]}, {"tag_name": "summary", "text": "This function pull default values from the `params` class or `globals` class if the value is not present in `params`."}]}, "source": "function postgresql::default(\n String $parameter_name\n) {\n include postgresql::params\n\n #search for the variable name in params first\n #then fall back to globals if not found\n pick( getvar(\"postgresql::params::${parameter_name}\"),\n \"postgresql::globals::${parameter_name}\")\n}"}, {"name": "postgresql::postgresql_acls_to_resources_hash", "file": "lib/puppet/functions/postgresql/postgresql_acls_to_resources_hash.rb", "line": 5, "type": "ruby4x", "signatures": [{"signature": "postgresql::postgresql_acls_to_resources_hash(Array[String] $acls, String[1] $id, Integer[0] $offset)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "An array of strings that are pg_hba.conf rules.", "types": ["Array[String]"], "name": "acls"}, {"tag_name": "param", "text": "An identifier that will be included in the namevar to provide uniqueness.", "types": ["String[1]"], "name": "id"}, {"tag_name": "param", "text": "An order offset, so you can start the order at an arbitrary starting point.", "types": ["Integer[0]"], "name": "offset"}, {"tag_name": "return", "text": "A hash that can be fed into create_resources to create multiple individual pg_hba_rule resources.", "types": ["Hash"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "param", "text": "An array of strings that are pg_hba.conf rules.", "types": ["Array[String]"], "name": "acls"}, {"tag_name": "param", "text": "An identifier that will be included in the namevar to provide uniqueness.", "types": ["String[1]"], "name": "id"}, {"tag_name": "param", "text": "An order offset, so you can start the order at an arbitrary starting point.", "types": ["Integer[0]"], "name": "offset"}, {"tag_name": "return", "text": "A hash that can be fed into create_resources to create multiple individual pg_hba_rule resources.", "types": ["Hash"]}, {"tag_name": "summary", "text": "This internal function translates the ipv(4|6)acls format into a resource suitable for create_resources."}]}, "source": "Puppet::Functions.create_function(:'postgresql::postgresql_acls_to_resources_hash') do\n # @param acls\n # An array of strings that are pg_hba.conf rules.\n # @param id\n # An identifier that will be included in the namevar to provide uniqueness.\n # @param offset\n # An order offset, so you can start the order at an arbitrary starting point.\n #\n # @return [Hash]\n # A hash that can be fed into create_resources to create multiple individual pg_hba_rule resources.\n dispatch :default_impl do\n param 'Array[String]', :acls\n param 'String[1]', :id\n param 'Integer[0]', :offset\n end\n\n def default_impl(acls, id, offset)\n resources = {}\n acls.each do |acl|\n index = acls.index(acl)\n\n parts = acl.split\n\n unless parts.length >= 4\n raise(Puppet::ParseError, \"postgresql::postgresql_acls_to_resources_hash(): acl line #{index} does not \" \\\n 'have enough parts')\n end\n\n resource = {\n 'type' => parts[0],\n 'database' => parts[1],\n 'user' => parts[2],\n 'order' => '%03d' % (offset + index),\n }\n if parts[0] == 'local'\n resource['auth_method'] = parts[3]\n if parts.length > 4\n resource['auth_option'] = parts.last(parts.length - 4).join(' ')\n end\n elsif %r{^\\d}.match?(parts[4])\n resource['address'] = parts[3] + ' ' + parts[4]\n resource['auth_method'] = parts[5]\n\n resource['auth_option'] = parts.last(parts.length - 6).join(' ') if parts.length > 6\n else\n resource['address'] = parts[3]\n resource['auth_method'] = parts[4]\n\n resource['auth_option'] = parts.last(parts.length - 5).join(' ') if parts.length > 5\n end\n resources[\"postgresql class generated rule #{id} #{index}\"] = resource\n end\n resources\n end\nend"}, {"name": "postgresql::postgresql_escape", "file": "lib/puppet/functions/postgresql/postgresql_escape.rb", "line": 6, "type": "ruby4x", "signatures": [{"signature": "postgresql::postgresql_escape(String[1] $input_string)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The unescaped string you want to escape using `dollar quoting`", "types": ["String[1]"], "name": "input_string"}, {"tag_name": "return", "text": "A `Dollar Quoted` string", "types": ["String"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The unescaped string you want to escape using `dollar quoting`", "types": ["String[1]"], "name": "input_string"}, {"tag_name": "return", "text": "A `Dollar Quoted` string", "types": ["String"]}, {"tag_name": "summary", "text": "This function escapes a string using [Dollar Quoting](https://www.postgresql.org/docs/12/sql-syntax-lexical.html#SQL-SYNTAX-DOLLAR-QUOTING) using a randomly generated tag if required."}]}, "source": "Puppet::Functions.create_function(:'postgresql::postgresql_escape') do\n # @param input_string\n # The unescaped string you want to escape using `dollar quoting`\n #\n # @return [String]\n # A `Dollar Quoted` string\n dispatch :default_impl do\n param 'String[1]', :input_string\n end\n\n def default_impl(input_string)\n # Where allowed, just return the original string wrapped in `$$`\n return \"$$#{input_string}$$\" unless tag_needed?(input_string)\n\n # Keep generating possible values for tag until we find one that doesn't appear in the input string\n tag = Digest::MD5.hexdigest(input_string)[0..5].gsub(%r{\\d}, '')\n tag = Digest::MD5.hexdigest(tag)[0..5].gsub(%r{\\d}, '') until input_string !~ %r{#{tag}}\n\n \"$#{tag}$#{input_string}$#{tag}$\"\n end\n\n def tag_needed?(input_string)\n input_string.include?('$$') || input_string.end_with?('$')\n end\nend"}, {"name": "postgresql::postgresql_password", "file": "lib/puppet/functions/postgresql/postgresql_password.rb", "line": 4, "type": "ruby4x", "signatures": [{"signature": "postgresql::postgresql_password(Variant[String[1], Integer] $username, Variant[String[1], Sensitive[String[1]], Integer] $password, Optional[Boolean] $sensitive)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The clear text `username`", "types": ["Variant[String[1], Integer]"], "name": "username"}, {"tag_name": "param", "text": "The clear text `password`", "types": ["Variant[String[1], Sensitive[String[1]], Integer]"], "name": "password"}, {"tag_name": "param", "text": "If the Postgresql-Passwordhash should be of Datatype Sensitive[String]", "types": ["Optional[Boolean]"], "name": "sensitive"}, {"tag_name": "return", "text": "The postgresql password hash from the clear text username / password.", "types": ["Variant[String, Sensitive[String]]"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "The clear text `username`", "types": ["Variant[String[1], Integer]"], "name": "username"}, {"tag_name": "param", "text": "The clear text `password`", "types": ["Variant[String[1], Sensitive[String[1]], Integer]"], "name": "password"}, {"tag_name": "param", "text": "If the Postgresql-Passwordhash should be of Datatype Sensitive[String]", "types": ["Optional[Boolean]"], "name": "sensitive"}, {"tag_name": "return", "text": "The postgresql password hash from the clear text username / password.", "types": ["Variant[String, Sensitive[String]]"]}, {"tag_name": "summary", "text": "This function returns the postgresql password hash from the clear text username / password"}]}, "source": "Puppet::Functions.create_function(:'postgresql::postgresql_password') do\n # @param username\n # The clear text `username`\n # @param password\n # The clear text `password`\n # @param sensitive\n # If the Postgresql-Passwordhash should be of Datatype Sensitive[String]\n #\n # @return\n # The postgresql password hash from the clear text username / password.\n dispatch :default_impl do\n required_param 'Variant[String[1], Integer]', :username\n required_param 'Variant[String[1], Sensitive[String[1]], Integer]', :password\n optional_param 'Boolean', :sensitive\n return_type 'Variant[String, Sensitive[String]]'\n end\n\n def default_impl(username, password, sensitive = false)\n password = password.unwrap if password.respond_to?(:unwrap)\n result_string = 'md5' + Digest::MD5.hexdigest(password.to_s + username.to_s)\n if sensitive\n Puppet::Pops::Types::PSensitiveType::Sensitive.new(result_string)\n else\n result_string\n end\n end\nend"}, {"name": "postgresql_escape", "file": "lib/puppet/functions/postgresql_escape.rb", "line": 4, "type": "ruby4x", "signatures": [{"signature": "postgresql_escape(Any *$args)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "", "types": ["Any"]}, {"tag_name": "summary", "text": "DEPRECATED. Use the namespaced function [`postgresql::postgresql_escape`](#postgresqlpostgresql_escape) instead."}]}, "source": "Puppet::Functions.create_function(:postgresql_escape) do\n dispatch :deprecation_gen do\n repeated_param 'Any', :args\n end\n def deprecation_gen(*args)\n call_function('deprecation', 'postgresql_escape', 'This method is deprecated, please use postgresql::postgresql_escape instead.')\n call_function('postgresql::postgresql_escape', *args)\n end\nend"}, {"name": "postgresql_password", "file": "lib/puppet/functions/postgresql_password.rb", "line": 4, "type": "ruby4x", "signatures": [{"signature": "postgresql_password(Any *$args)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "", "types": ["Any"]}, {"tag_name": "summary", "text": "DEPRECATED. Use the namespaced function [`postgresql::postgresql_password`](#postgresqlpostgresql_password) instead."}]}, "source": "Puppet::Functions.create_function(:postgresql_password) do\n dispatch :deprecation_gen do\n repeated_param 'Any', :args\n end\n def deprecation_gen(*args)\n call_function('deprecation', 'postgresql_password', 'This method is deprecated, please use postgresql::postgresql_password instead.')\n call_function('postgresql::postgresql_password', *args)\n end\nend"}, {"name": "extlib::cache_data", "file": "lib/puppet/functions/extlib/cache_data.rb", "line": 20, "type": "ruby4x", "signatures": [{"signature": "extlib::cache_data(String[1] $namespace, String[1] $name, Any $initial_data)", "docstring": {"text": "Retrieves data from a cache file, or creates it with supplied data if the\nfile doesn't exist\n\nUseful for having data that's randomly generated once on the master side\n(e.g. a password), but then stays the same on subsequent runs. Because it's\nstored on the master on disk, it doesn't work when you use mulitple Puppet\nmasters that don't share their vardir.", "tags": [{"tag_name": "example", "text": "$password = cache_data('mysql', 'mysql_password', 'this_is_my_password')", "name": "Calling the function"}, {"tag_name": "example", "text": "$password = cache_data('mysql', 'mysql_password', random_password())", "name": "With a random password"}, {"tag_name": "param", "text": "Namespace for the cache", "types": ["String[1]"], "name": "namespace"}, {"tag_name": "param", "text": "Cache key within the namespace", "types": ["String[1]"], "name": "name"}, {"tag_name": "param", "text": "The data for when there is no cache yet", "types": ["Any"], "name": "initial_data"}, {"tag_name": "return", "text": "The cached value when it exists. The initial data when no cache exists", "types": ["Any"]}]}}], "docstring": {"text": "Retrieves data from a cache file, or creates it with supplied data if the\nfile doesn't exist\n\nUseful for having data that's randomly generated once on the master side\n(e.g. a password), but then stays the same on subsequent runs. Because it's\nstored on the master on disk, it doesn't work when you use mulitple Puppet\nmasters that don't share their vardir.", "tags": [{"tag_name": "example", "text": "$password = cache_data('mysql', 'mysql_password', 'this_is_my_password')", "name": "Calling the function"}, {"tag_name": "example", "text": "$password = cache_data('mysql', 'mysql_password', random_password())", "name": "With a random password"}, {"tag_name": "param", "text": "Namespace for the cache", "types": ["String[1]"], "name": "namespace"}, {"tag_name": "param", "text": "Cache key within the namespace", "types": ["String[1]"], "name": "name"}, {"tag_name": "param", "text": "The data for when there is no cache yet", "types": ["Any"], "name": "initial_data"}, {"tag_name": "return", "text": "The cached value when it exists. The initial data when no cache exists", "types": ["Any"]}, {"tag_name": "summary", "text": "Retrieves data from a cache file, or creates it with supplied data if the file doesn't exist"}]}, "source": "Puppet::Functions.create_function(:'extlib::cache_data') do\n # @param namespace Namespace for the cache\n # @param name Cache key within the namespace\n # @param initial_data The data for when there is no cache yet\n # @return The cached value when it exists. The initial data when no cache exists\n dispatch :cache_data do\n param 'String[1]', :namespace\n param 'String[1]', :name\n param 'Any', :initial_data\n return_type 'Any'\n end\n\n def cache_data(namespace, name, initial_data)\n cache_dir = File.join(Puppet[:vardir], namespace)\n cache = File.join(cache_dir, name)\n\n if File.exist? cache\n YAML.safe_load(File.read(cache))\n else\n FileUtils.mkdir_p(cache_dir)\n File.open(cache, 'w', 0o600) do |c|\n c.write(YAML.dump(initial_data))\n end\n File.chown(File.stat(Puppet[:vardir]).uid, nil, cache)\n File.chown(File.stat(Puppet[:vardir]).uid, nil, cache_dir)\n initial_data\n end\n end\nend"}, {"name": "extlib::cidr_to_netmask", "file": "lib/puppet/functions/extlib/cidr_to_netmask.rb", "line": 5, "type": "ruby4x", "signatures": [{"signature": "extlib::cidr_to_netmask(Variant[Stdlib::IP::Address::V4::CIDR,Stdlib::IP::Address::V6::CIDR] $ip)", "docstring": {"text": "Imported by Tim 'bastelfreak' Meusel into voxpupuli/extlib because Yelp/netstdlib got abandoned", "tags": [{"tag_name": "example", "text": "extlib::cidr_to_netmask('127.0.0.1/8')", "name": "calling the function"}, {"tag_name": "param", "text": "IPv6 or IPv4 address in CIDR notation", "types": ["Variant[Stdlib::IP::Address::V4::CIDR,Stdlib::IP::Address::V6::CIDR]"], "name": "ip"}, {"tag_name": "return", "text": "IPv6 or IPv4 netmask address", "types": ["Variant[Stdlib::IP::Address::V4::Nosubnet,Stdlib::IP::Address::V6::Nosubnet]"]}]}}], "docstring": {"text": "Imported by Tim 'bastelfreak' Meusel into voxpupuli/extlib because Yelp/netstdlib got abandoned", "tags": [{"tag_name": "example", "text": "extlib::cidr_to_netmask('127.0.0.1/8')", "name": "calling the function"}, {"tag_name": "param", "text": "IPv6 or IPv4 address in CIDR notation", "types": ["Variant[Stdlib::IP::Address::V4::CIDR,Stdlib::IP::Address::V6::CIDR]"], "name": "ip"}, {"tag_name": "return", "text": "IPv6 or IPv4 netmask address", "types": ["Variant[Stdlib::IP::Address::V4::Nosubnet,Stdlib::IP::Address::V6::Nosubnet]"]}, {"tag_name": "summary", "text": "Converts an CIDR address of the form 192.168.0.1/24 into its netmask."}]}, "source": "Puppet::Functions.create_function(:'extlib::cidr_to_netmask') do\n # @param ip IPv6 or IPv4 address in CIDR notation\n # @return IPv6 or IPv4 netmask address\n # @example calling the function\n # extlib::cidr_to_netmask('127.0.0.1/8')\n dispatch :cidr_to_netmask do\n param 'Variant[Stdlib::IP::Address::V4::CIDR,Stdlib::IP::Address::V6::CIDR]', :ip\n return_type 'Variant[Stdlib::IP::Address::V4::Nosubnet,Stdlib::IP::Address::V6::Nosubnet]'\n end\n\n def cidr_to_netmask(ip)\n # IPAddr has no getter for the subnetmask, but inspect() returns it\n IPAddr.new(ip).inspect.gsub(%r{.*\\/(.*)>}, '\\1')\n end\nend"}, {"name": "extlib::cidr_to_network", "file": "lib/puppet/functions/extlib/cidr_to_network.rb", "line": 5, "type": "ruby4x", "signatures": [{"signature": "extlib::cidr_to_network(Variant[Stdlib::IP::Address::V4::CIDR,Stdlib::IP::Address::V6::CIDR] $ip)", "docstring": {"text": "Imported by Tim 'bastelfreak' Meusel into voxpupuli/extlib because Yelp/netstdlib got abandoned", "tags": [{"tag_name": "example", "text": "extlib::cidr_to_network('2001:DB8::/32')", "name": "calling the function"}, {"tag_name": "param", "text": "IPv6 or IPv4 address in CIDR notation", "types": ["Variant[Stdlib::IP::Address::V4::CIDR,Stdlib::IP::Address::V6::CIDR]"], "name": "ip"}, {"tag_name": "return", "text": "IPv6 or IPv4 network/net address", "types": ["Variant[Stdlib::IP::Address::V4::Nosubnet,Stdlib::IP::Address::V6::Nosubnet]"]}]}}], "docstring": {"text": "Imported by Tim 'bastelfreak' Meusel into voxpupuli/extlib because Yelp/netstdlib got abandoned", "tags": [{"tag_name": "example", "text": "extlib::cidr_to_network('2001:DB8::/32')", "name": "calling the function"}, {"tag_name": "param", "text": "IPv6 or IPv4 address in CIDR notation", "types": ["Variant[Stdlib::IP::Address::V4::CIDR,Stdlib::IP::Address::V6::CIDR]"], "name": "ip"}, {"tag_name": "return", "text": "IPv6 or IPv4 network/net address", "types": ["Variant[Stdlib::IP::Address::V4::Nosubnet,Stdlib::IP::Address::V6::Nosubnet]"]}, {"tag_name": "summary", "text": "Converts a CIDR address of the form 2001:DB8::/32 or 192.0.2.0/24 into their network address (also known as net address)"}]}, "source": "Puppet::Functions.create_function(:'extlib::cidr_to_network') do\n # @param ip IPv6 or IPv4 address in CIDR notation\n # @return IPv6 or IPv4 network/net address\n # @example calling the function\n # extlib::cidr_to_network('2001:DB8::/32')\n dispatch :cidr_to_network do\n param 'Variant[Stdlib::IP::Address::V4::CIDR,Stdlib::IP::Address::V6::CIDR]', :ip\n return_type 'Variant[Stdlib::IP::Address::V4::Nosubnet,Stdlib::IP::Address::V6::Nosubnet]'\n end\n\n def cidr_to_network(ip)\n IPAddr.new(ip).to_range.first.to_s\n end\nend"}, {"name": "extlib::default_content", "file": "lib/puppet/functions/extlib/default_content.rb", "line": 2, "type": "ruby4x", "signatures": [{"signature": "extlib::default_content(Optional[String] $content, Optional[String] $template_name)", "docstring": {"text": "Takes an optional content and an optional template name and returns the contents of a file.", "tags": [{"tag_name": "example", "text": "$config_file_content = default_content($file_content, $template_location)\nfile { '/tmp/x':\n ensure => 'file',\n content => $config_file_content,\n}", "name": "Using the function with a file resource."}, {"tag_name": "param", "types": ["Optional[String]"], "name": "content"}, {"tag_name": "param", "text": "The path to an .erb or .epp template file or `undef`.", "types": ["Optional[String]"], "name": "template_name"}, {"tag_name": "return", "text": "Returns the value of the content parameter if it's a non empty string.\nOtherwise returns the rendered output from `template_name`.\nReturns `undef` if both `content` and `template_name` are `undef`.", "types": ["Optional[String]"]}]}}], "docstring": {"text": "Takes an optional content and an optional template name and returns the contents of a file.", "tags": [{"tag_name": "example", "text": "$config_file_content = default_content($file_content, $template_location)\nfile { '/tmp/x':\n ensure => 'file',\n content => $config_file_content,\n}", "name": "Using the function with a file resource."}, {"tag_name": "param", "types": ["Optional[String]"], "name": "content"}, {"tag_name": "param", "text": "The path to an .erb or .epp template file or `undef`.", "types": ["Optional[String]"], "name": "template_name"}, {"tag_name": "return", "text": "Returns the value of the content parameter if it's a non empty string.\nOtherwise returns the rendered output from `template_name`.\nReturns `undef` if both `content` and `template_name` are `undef`.", "types": ["Optional[String]"]}]}, "source": "Puppet::Functions.create_function(:'extlib::default_content') do\n # @param content\n # @param template_name\n # The path to an .erb or .epp template file or `undef`.\n # @return\n # Returns the value of the content parameter if it's a non empty string.\n # Otherwise returns the rendered output from `template_name`.\n # Returns `undef` if both `content` and `template_name` are `undef`.\n #\n # @example Using the function with a file resource.\n # $config_file_content = default_content($file_content, $template_location)\n # file { '/tmp/x':\n # ensure => 'file',\n # content => $config_file_content,\n # }\n dispatch :default_content do\n param 'Optional[String]', :content\n param 'Optional[String]', :template_name\n return_type 'Optional[String]'\n end\n\n def emptyish(x)\n x.nil? || x.empty? || x == :undef\n end\n\n def default_content(content = :undef, template_name = :undef)\n return content unless emptyish(content)\n\n unless emptyish(template_name)\n return call_function('template', template_name) unless template_name.end_with?('.epp')\n return call_function('epp', template_name)\n end\n\n :undef\n end\nend"}, {"name": "extlib::dir_clean", "file": "functions/dir_clean.pp", "line": 14, "type": "puppet", "signatures": [{"signature": "extlib::dir_clean(Variant[Stdlib::Absolutepath, Pattern[/\\A[a-zA-Z]:\\z/]] $dir)", "docstring": {"text": "Instead of having to deal with the different separators between Unix and Windows this\nfunction instead formats Windows paths a equivalent Unix like path.\n\n$dir is defined as a Variant to support cleaning 'c:' which is not a valid\nStdlib::Absolutepath", "tags": [{"tag_name": "example", "text": "extlib::dir_clean('/tmp/test/libs')", "name": "clean Unix paths to return `/tmp/test/libs` (i.e. noop)"}, {"tag_name": "example", "text": "extlib::dir_clean('c:\\\\'test\\\\libs')", "name": "Clean Windows paths to return `/c/test/libs`"}, {"tag_name": "param", "text": "The path to clean", "types": ["Variant[Stdlib::Absolutepath, Pattern[/\\A[a-zA-Z]:\\z/]]"], "name": "dir"}, {"tag_name": "return", "text": "Stdlib::Unixpath The cleaned path", "types": ["Stdlib::Unixpath"]}]}}], "docstring": {"text": "Instead of having to deal with the different separators between Unix and Windows this\nfunction instead formats Windows paths a equivalent Unix like path.\n\n$dir is defined as a Variant to support cleaning 'c:' which is not a valid\nStdlib::Absolutepath", "tags": [{"tag_name": "example", "text": "extlib::dir_clean('/tmp/test/libs')", "name": "clean Unix paths to return `/tmp/test/libs` (i.e. noop)"}, {"tag_name": "example", "text": "extlib::dir_clean('c:\\\\'test\\\\libs')", "name": "Clean Windows paths to return `/c/test/libs`"}, {"tag_name": "param", "text": "The path to clean", "types": ["Variant[Stdlib::Absolutepath, Pattern[/\\A[a-zA-Z]:\\z/]]"], "name": "dir"}, {"tag_name": "return", "text": "Stdlib::Unixpath The cleaned path", "types": ["Stdlib::Unixpath"]}, {"tag_name": "summary", "text": "Take a path and normalise it to its Unix form."}]}, "source": "function extlib::dir_clean(Variant[Stdlib::Absolutepath, Pattern[/\\A[a-zA-Z]:\\z/]] $dir) >> Stdlib::Unixpath {\n $dir ? {\n Stdlib::Windowspath => $dir.regsubst('^([a-zA-Z]):', '/\\\\1').regsubst('\\\\\\\\', '/', 'G'),\n Pattern[/\\A[a-z]:\\z/] => $dir.regsubst('^([a-zA-Z]):', '/\\\\1'),\n default => $dir,\n }\n}"}, {"name": "extlib::dir_split", "file": "functions/dir_split.pp", "line": 10, "type": "puppet", "signatures": [{"signature": "extlib::dir_split(Variant[Stdlib::Absolutepath, Array[Stdlib::Absolutepath]] $dirs)", "docstring": {"text": "Use this function when you need to split a absolute path into multiple absolute paths\nthat all descend from the given path.", "tags": [{"tag_name": "example", "text": "extlib::dir_split('/opt/puppetlabs') => ['/opt', '/opt/puppetlabs']", "name": "calling the function"}, {"tag_name": "param", "text": "- either an absolute path or a array of absolute paths.", "types": ["Variant[Stdlib::Absolutepath, Array[Stdlib::Absolutepath]]"], "name": "dirs"}, {"tag_name": "return", "text": "- an array of absolute paths after being cut into individual paths.", "types": ["Array[String]"]}]}}], "docstring": {"text": "Use this function when you need to split a absolute path into multiple absolute paths\nthat all descend from the given path.", "tags": [{"tag_name": "example", "text": "extlib::dir_split('/opt/puppetlabs') => ['/opt', '/opt/puppetlabs']", "name": "calling the function"}, {"tag_name": "param", "text": "- either an absolute path or a array of absolute paths.", "types": ["Variant[Stdlib::Absolutepath, Array[Stdlib::Absolutepath]]"], "name": "dirs"}, {"tag_name": "return", "text": "- an array of absolute paths after being cut into individual paths.", "types": ["Array[String]"]}, {"tag_name": "summary", "text": "Splits the given directory or directories into individual paths."}]}, "source": "function extlib::dir_split(Variant[Stdlib::Absolutepath, Array[Stdlib::Absolutepath]] *$dirs) >> Array[String] {\n [$dirs].flatten.unique.map | Stdlib::Absolutepath $dir | {\n extlib::dir_clean($dir).split('/').reduce([]) |Array $memo, $value | {\n empty($value) ? {\n true => $memo,\n default => $memo + \"${memo[-1]}/${value}\",\n }\n }\n }.flatten.unique\n}"}, {"name": "extlib::dump_args", "file": "lib/puppet/functions/extlib/dump_args.rb", "line": 10, "type": "ruby4x", "signatures": [{"signature": "extlib::dump_args(Any $args)", "docstring": {"text": "Prints the args to STDOUT in Pretty JSON format.\n\nUseful for debugging purposes only. Ideally you would use this in\nconjunction with a rspec-puppet unit test. Otherwise the output will\nbe shown during a puppet run when verbose/debug options are enabled.", "tags": [{"tag_name": "param", "text": "The data you want to dump as pretty JSON.", "types": ["Any"], "name": "args"}, {"tag_name": "return", "text": "Returns nothing.", "types": ["Undef"]}]}}], "docstring": {"text": "Prints the args to STDOUT in Pretty JSON format.\n\nUseful for debugging purposes only. Ideally you would use this in\nconjunction with a rspec-puppet unit test. Otherwise the output will\nbe shown during a puppet run when verbose/debug options are enabled.", "tags": [{"tag_name": "param", "text": "The data you want to dump as pretty JSON.", "types": ["Any"], "name": "args"}, {"tag_name": "return", "text": "Returns nothing.", "types": ["Undef"]}, {"tag_name": "summary", "text": "Prints the args to STDOUT in Pretty JSON format."}]}, "source": "Puppet::Functions.create_function(:'extlib::dump_args') do\n # @param args The data you want to dump as pretty JSON.\n # @return [Undef] Returns nothing.\n dispatch :dump_args do\n param 'Any', :args\n end\n\n def dump_args(args)\n puts JSON.pretty_generate(args)\n end\nend"}, {"name": "extlib::echo", "file": "lib/puppet/functions/extlib/echo.rb", "line": 31, "type": "ruby4x", "signatures": [{"signature": "extlib::echo(Any $value, Optional[String] $comment)", "docstring": {"text": "This function outputs the variable content and its type to the\ndebug log. It's similiar to the `notice` function but provides\na better output format useful to trace variable types and values\nin the manifests.\n\n```\n$v1 = 'test'\n$v2 = [\"1\", \"2\", \"3\"]\n$v3 = {\"a\"=>\"1\", \"b\"=>\"2\"}\n$v4 = true\n# $v5 is not defined\n$v6 = { \"b\" => { \"b\" => [1,2,3], \"c\" => true, \"d\" => { 'x' => 'y' }}, 'x' => 'y', 'z' => [1,2,3,4,5,6]}\n$v7 = 12345\n\necho($v1, 'My string')\necho($v2, 'My array')\necho($v3, 'My hash')\necho($v4, 'My boolean')\necho($v5, 'My undef')\necho($v6, 'My structure')\necho($v7) # no comment here\ndebug log output\nMy string (String) \"test\"\nMy array (Array) [\"1\", \"2\", \"3\"]\nMy hash (Hash) {\"a\"=>\"1\", \"b\"=>\"2\"}\nMy boolean (TrueClass) true\nMy undef (String) \"\"\nMy structure (Hash) {\"b\"=>{\"b\"=>[\"1\", \"2\", \"3\"], \"c\"=>true, \"d\"=>{\"x\"=>\"y\"}}, \"x\"=>\"y\", \"z\"=>[\"1\", \"2\", \"3\", \"4\", \"5\", \"6\"]}\n(String) \"12345\"\n```", "tags": [{"tag_name": "param", "text": "The value you want to inspect.", "types": ["Any"], "name": "value"}, {"tag_name": "param", "text": "An optional comment to prepend to the debug output.", "types": ["Optional[String]"], "name": "comment"}, {"tag_name": "return", "text": "Returns nothing.", "types": ["Undef"]}]}}], "docstring": {"text": "This function outputs the variable content and its type to the\ndebug log. It's similiar to the `notice` function but provides\na better output format useful to trace variable types and values\nin the manifests.\n\n```\n$v1 = 'test'\n$v2 = [\"1\", \"2\", \"3\"]\n$v3 = {\"a\"=>\"1\", \"b\"=>\"2\"}\n$v4 = true\n# $v5 is not defined\n$v6 = { \"b\" => { \"b\" => [1,2,3], \"c\" => true, \"d\" => { 'x' => 'y' }}, 'x' => 'y', 'z' => [1,2,3,4,5,6]}\n$v7 = 12345\n\necho($v1, 'My string')\necho($v2, 'My array')\necho($v3, 'My hash')\necho($v4, 'My boolean')\necho($v5, 'My undef')\necho($v6, 'My structure')\necho($v7) # no comment here\ndebug log output\nMy string (String) \"test\"\nMy array (Array) [\"1\", \"2\", \"3\"]\nMy hash (Hash) {\"a\"=>\"1\", \"b\"=>\"2\"}\nMy boolean (TrueClass) true\nMy undef (String) \"\"\nMy structure (Hash) {\"b\"=>{\"b\"=>[\"1\", \"2\", \"3\"], \"c\"=>true, \"d\"=>{\"x\"=>\"y\"}}, \"x\"=>\"y\", \"z\"=>[\"1\", \"2\", \"3\", \"4\", \"5\", \"6\"]}\n(String) \"12345\"\n```", "tags": [{"tag_name": "param", "text": "The value you want to inspect.", "types": ["Any"], "name": "value"}, {"tag_name": "param", "text": "An optional comment to prepend to the debug output.", "types": ["Optional[String]"], "name": "comment"}, {"tag_name": "return", "text": "Returns nothing.", "types": ["Undef"]}]}, "source": "Puppet::Functions.create_function(:'extlib::echo') do\n # @param value The value you want to inspect.\n # @param comment An optional comment to prepend to the debug output.\n # @return [Undef] Returns nothing.\n dispatch :echo do\n param 'Any', :value\n optional_param 'String', :comment\n end\n\n def echo(value, comment = nil)\n message = \"(#{value.class}) #{value.inspect}\"\n message = \"#{comment} #{message}\" if comment\n Puppet.debug message\n end\nend"}, {"name": "extlib::file_separator", "file": "functions/file_separator.pp", "line": 5, "type": "puppet", "signatures": [{"signature": "extlib::file_separator()", "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "extlib::file_separator() => '/'", "name": "Example of how to use"}, {"tag_name": "return", "text": "- The os specific path separator.", "types": ["String"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "extlib::file_separator() => '/'", "name": "Example of how to use"}, {"tag_name": "return", "text": "- The os specific path separator.", "types": ["String"]}, {"tag_name": "summary", "text": "Returns the os specific file path separator."}]}, "source": "function extlib::file_separator() >> String {\n ($::facts['kernel'] == 'windows' ) ? { true => \"\\\\\", false => '/' }\n}"}, {"name": "extlib::has_module", "file": "lib/puppet/functions/extlib/has_module.rb", "line": 4, "type": "ruby4x", "signatures": [{"signature": "extlib::has_module(Pattern[/\\A\\w+[-\\/]\\w+\\z/] $module_name)", "docstring": {"text": "A function that lets you know whether a specific module is on your modulepath.", "tags": [{"tag_name": "example", "text": "extlib::has_module('camptocamp/systemd')", "name": "Calling the function"}, {"tag_name": "param", "text": "The full name of the module you want to know exists or not.\nNamespace and modulename can be separated with either `-` or `/`.", "types": ["Pattern[/\\A\\w+[-\\/]\\w+\\z/]"], "name": "module_name"}, {"tag_name": "return", "text": "Returns `true` or `false`.", "types": ["Boolean"]}]}}], "docstring": {"text": "A function that lets you know whether a specific module is on your modulepath.", "tags": [{"tag_name": "example", "text": "extlib::has_module('camptocamp/systemd')", "name": "Calling the function"}, {"tag_name": "param", "text": "The full name of the module you want to know exists or not.\nNamespace and modulename can be separated with either `-` or `/`.", "types": ["Pattern[/\\A\\w+[-\\/]\\w+\\z/]"], "name": "module_name"}, {"tag_name": "return", "text": "Returns `true` or `false`.", "types": ["Boolean"]}]}, "source": "Puppet::Functions.create_function(:'extlib::has_module') do\n # @param module_name The full name of the module you want to know exists or not.\n # Namespace and modulename can be separated with either `-` or `/`.\n # @return Returns `true` or `false`.\n # @example Calling the function\n # extlib::has_module('camptocamp/systemd')\n dispatch :has_module do\n param 'Pattern[/\\A\\w+[-\\/]\\w+\\z/]', :module_name\n return_type 'Boolean'\n end\n\n def has_module(module_name) # rubocop:disable Style/PredicateName\n full_module_name = module_name.gsub(%r{/}, '-')\n module_name = full_module_name[%r{(?<=-).+}]\n begin\n module_path = call_function('get_module_path', module_name)\n rescue Puppet::ParseError\n # stdlib function get_module_path raises Puppet::ParseError if module isn't in your environment\n return false\n end\n\n metadata_json = File.join(module_path, 'metadata.json')\n\n return false unless File.exist?(metadata_json)\n\n metadata = JSON.parse(File.read(metadata_json))\n metadata['name'] == full_module_name\n end\nend"}, {"name": "extlib::ip_to_cron", "file": "lib/puppet/functions/extlib/ip_to_cron.rb", "line": 11, "type": "ruby4x", "signatures": [{"signature": "extlib::ip_to_cron(Optional[Integer[1]] $runinterval)", "docstring": {"text": "Provides a \"random\" value to cron based on the last bit of the machine IP address.\nused to avoid starting a certain cron job at the same time on all servers.\nTakes the runinterval in seconds as parameter and returns an array of [hour, minute]\n\nexample usage\n```\nip_to_cron(3600) - returns [ '*', one value between 0..59 ]\nip_to_cron(1800) - returns [ '*', an array of two values between 0..59 ]\nip_to_cron(7200) - returns [ an array of twelve values between 0..23, one value between 0..59 ]\n```", "tags": [{"tag_name": "param", "text": "The number of seconds to use as the run interval", "types": ["Optional[Integer[1]]"], "name": "runinterval"}, {"tag_name": "return", "text": "", "types": ["Array"]}]}}], "docstring": {"text": "Provides a \"random\" value to cron based on the last bit of the machine IP address.\nused to avoid starting a certain cron job at the same time on all servers.\nTakes the runinterval in seconds as parameter and returns an array of [hour, minute]\n\nexample usage\n```\nip_to_cron(3600) - returns [ '*', one value between 0..59 ]\nip_to_cron(1800) - returns [ '*', an array of two values between 0..59 ]\nip_to_cron(7200) - returns [ an array of twelve values between 0..23, one value between 0..59 ]\n```", "tags": [{"tag_name": "param", "text": "The number of seconds to use as the run interval", "types": ["Optional[Integer[1]]"], "name": "runinterval"}, {"tag_name": "return", "text": "", "types": ["Array"]}]}, "source": "Puppet::Functions.create_function(:'extlib::ip_to_cron') do\n # @param runinterval The number of seconds to use as the run interval\n # return [Array] Returns an array of the form `[hour, minute]`\n dispatch :ip_to_cron do\n optional_param 'Integer[1]', :runinterval\n return_type 'Array'\n end\n\n def ip_to_cron(runinterval = 1800)\n facts = closure_scope['facts']\n ip = facts['networking']['ip']\n ip_last_octet = ip.to_s.split('.')[3].to_i\n\n if runinterval <= 3600\n occurances = 3600 / runinterval\n scope = 60\n base = ip_last_octet % scope\n hour = '*'\n minute = (1..occurances).map { |i| (base - (scope / occurances * i)) % scope }.sort\n else\n occurances = 86_400 / runinterval\n scope = 24\n base = ip_last_octet % scope\n hour = (1..occurances).map { |i| (base - (scope / occurances * i)) % scope }.sort\n minute = ip_last_octet % 60\n end\n [hour, minute]\n end\nend"}, {"name": "extlib::last_in_cidr", "file": "lib/puppet/functions/extlib/last_in_cidr.rb", "line": 4, "type": "ruby4x", "signatures": [{"signature": "extlib::last_in_cidr(Variant[Stdlib::IP::Address::V4::CIDR,Stdlib::IP::Address::V6::CIDR] $ip)", "docstring": {"text": "Imported by Tim 'bastelfreak' Meusel into voxpupuli/extlib because Yelp/netstdlib got abandoned", "tags": [{"tag_name": "example", "text": "extlib::last_in_cidr('127.0.0.1/8')", "name": "calling the function"}, {"tag_name": "param", "text": "IP address in CIDR notation", "types": ["Variant[Stdlib::IP::Address::V4::CIDR,Stdlib::IP::Address::V6::CIDR]"], "name": "ip"}, {"tag_name": "return", "text": "last address in the network", "types": ["Variant[Stdlib::IP::Address::V4::Nosubnet,Stdlib::IP::Address::V6::Nosubnet]"]}]}}], "docstring": {"text": "Imported by Tim 'bastelfreak' Meusel into voxpupuli/extlib because Yelp/netstdlib got abandoned", "tags": [{"tag_name": "example", "text": "extlib::last_in_cidr('127.0.0.1/8')", "name": "calling the function"}, {"tag_name": "param", "text": "IP address in CIDR notation", "types": ["Variant[Stdlib::IP::Address::V4::CIDR,Stdlib::IP::Address::V6::CIDR]"], "name": "ip"}, {"tag_name": "return", "text": "last address in the network", "types": ["Variant[Stdlib::IP::Address::V4::Nosubnet,Stdlib::IP::Address::V6::Nosubnet]"]}, {"tag_name": "summary", "text": "Converts an IPv4 or IPv6 CIDR address of the form 192.0.2.1/24 or 2001:db8::1/64 into the last address in the network"}]}, "source": "Puppet::Functions.create_function(:'extlib::last_in_cidr') do\n # @param ip IP address in CIDR notation\n # @return last address in the network\n # @example calling the function\n # extlib::last_in_cidr('127.0.0.1/8')\n dispatch :last_in_cidr do\n param 'Variant[Stdlib::IP::Address::V4::CIDR,Stdlib::IP::Address::V6::CIDR]', :ip\n return_type 'Variant[Stdlib::IP::Address::V4::Nosubnet,Stdlib::IP::Address::V6::Nosubnet]'\n end\n\n def last_in_cidr(ip)\n IPAddr.new(ip).to_range.last.to_s\n end\nend"}, {"name": "extlib::mkdir_p", "file": "functions/mkdir_p.pp", "line": 13, "type": "puppet", "signatures": [{"signature": "extlib::mkdir_p(Variant[Stdlib::Absolutepath, Array[Stdlib::Absolutepath]] $dirs)", "docstring": {"text": "This creates file resources for all directories and utilizes the dir_split() function\nto get a list of all the descendant directories. You will have no control over any other parameters\nfor the file resource. If you wish to control the file resources you can use the dir_split() function\nand get an array of directories for use in your own code. Please note this does not use an exec resource.", "tags": [{"tag_name": "example", "text": "extlib::mkdir_p('/opt/puppetlabs/bin') => ['/opt', '/opt/puppetlabs', '/opt/puppetlabs/bin']", "name": "How to use"}, {"tag_name": "param", "text": "- the path(s) to create", "types": ["Variant[Stdlib::Absolutepath, Array[Stdlib::Absolutepath]]"], "name": "dirs"}, {"tag_name": "return", "text": "", "types": ["Array[Stdlib::Absolutepath]"]}]}}], "docstring": {"text": "This creates file resources for all directories and utilizes the dir_split() function\nto get a list of all the descendant directories. You will have no control over any other parameters\nfor the file resource. If you wish to control the file resources you can use the dir_split() function\nand get an array of directories for use in your own code. Please note this does not use an exec resource.", "tags": [{"tag_name": "example", "text": "extlib::mkdir_p('/opt/puppetlabs/bin') => ['/opt', '/opt/puppetlabs', '/opt/puppetlabs/bin']", "name": "How to use"}, {"tag_name": "note", "text": "splits the given directories into paths that are then created using file resources"}, {"tag_name": "note", "text": "if you wish to create the directories manually you can use the extlib::dir_split() function in the same manner"}, {"tag_name": "param", "text": "- the path(s) to create", "types": ["Variant[Stdlib::Absolutepath, Array[Stdlib::Absolutepath]]"], "name": "dirs"}, {"tag_name": "return", "text": "", "types": ["Array[Stdlib::Absolutepath]"]}, {"tag_name": "summary", "text": "Like the unix command mkdir_p except with puppet code."}]}, "source": "function extlib::mkdir_p(Variant[Stdlib::Absolutepath, Array[Stdlib::Absolutepath]] *$dirs) >> Array[Stdlib::Absolutepath] {\n $dirs_array = $dirs.flatten.unique.map |$dir| {\n extlib::dir_split($dir)\n }.flatten.unique.sort\n @file { $dirs_array:\n ensure => directory,\n }\n realize(File[$dirs_array])\n $dirs_array\n}"}, {"name": "extlib::netmask_to_cidr", "file": "lib/puppet/functions/extlib/netmask_to_cidr.rb", "line": 4, "type": "ruby4x", "signatures": [{"signature": "extlib::netmask_to_cidr(Stdlib::IP::Address::Nosubnet $netmask)", "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "extlib::netmask_to_cidr('255.0.0.0')", "name": "calling the function"}, {"tag_name": "param", "text": "IPv6 or IPv4 netmask in octet notation", "types": ["Stdlib::IP::Address::Nosubnet"], "name": "netmask"}, {"tag_name": "return", "text": "CIDR / prefix length", "types": ["Integer[0, 128]"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "extlib::netmask_to_cidr('255.0.0.0')", "name": "calling the function"}, {"tag_name": "param", "text": "IPv6 or IPv4 netmask in octet notation", "types": ["Stdlib::IP::Address::Nosubnet"], "name": "netmask"}, {"tag_name": "return", "text": "CIDR / prefix length", "types": ["Integer[0, 128]"]}, {"tag_name": "summary", "text": "Converts an octet netmask address of the form 255.255.255.0 into its CIDR variant.\nThus making it directly usable with the values from facter."}]}, "source": "Puppet::Functions.create_function(:'extlib::netmask_to_cidr') do\n # @param netmask IPv6 or IPv4 netmask in octet notation\n # @return CIDR / prefix length\n # @example calling the function\n # extlib::netmask_to_cidr('255.0.0.0')\n dispatch :netmask_to_cidr do\n param 'Stdlib::IP::Address::Nosubnet', :netmask\n return_type 'Integer[0, 128]'\n end\n\n def netmask_to_cidr(netmask)\n dummy_addr = IPAddr.new(netmask).ipv6? ? '::' : '0.0.0.0'\n IPAddr.new(\"#{dummy_addr}/#{netmask}\").prefix\n end\nend"}, {"name": "extlib::path_join", "file": "functions/path_join.pp", "line": 11, "type": "puppet", "signatures": [{"signature": "extlib::path_join(Variant[String, Array[String]] $dirs)", "docstring": {"text": "This function will format a windows paths into equivalent unix like paths.\nThis type of unix like path should work on windows.", "tags": [{"tag_name": "example", "text": "extlib::path_join(['/tmp', 'test', 'libs'])", "name": "Joining Unix paths to return `/tmp/test/libs`"}, {"tag_name": "example", "text": "extlib::path_join(['c:', 'test', 'libs'])", "name": "Joining Windows paths to return `/c/test/libs`"}, {"tag_name": "param", "text": "Joins two or more directories by file separator.", "types": ["Variant[String, Array[String]]"], "name": "dirs"}, {"tag_name": "return", "text": "The joined path", "types": ["Stdlib::Absolutepath"]}]}}], "docstring": {"text": "This function will format a windows paths into equivalent unix like paths.\nThis type of unix like path should work on windows.", "tags": [{"tag_name": "example", "text": "extlib::path_join(['/tmp', 'test', 'libs'])", "name": "Joining Unix paths to return `/tmp/test/libs`"}, {"tag_name": "example", "text": "extlib::path_join(['c:', 'test', 'libs'])", "name": "Joining Windows paths to return `/c/test/libs`"}, {"tag_name": "param", "text": "Joins two or more directories by file separator.", "types": ["Variant[String, Array[String]]"], "name": "dirs"}, {"tag_name": "return", "text": "The joined path", "types": ["Stdlib::Absolutepath"]}, {"tag_name": "summary", "text": "Take one or more paths and join them together"}]}, "source": "function extlib::path_join(Variant[String, Array[String]] *$dirs) >> Stdlib::Absolutepath {\n [$dirs].flatten.map |$index, $dir| {\n $index ? {\n # only allow paths in the first element (should we enforce this more strictly?)\n 0 => extlib::dir_clean($dir),\n default => $dir,\n }\n }.join('/')\n}"}, {"name": "extlib::random_password", "file": "lib/puppet/functions/extlib/random_password.rb", "line": 40, "type": "ruby4x", "signatures": [{"signature": "extlib::random_password(Integer[1] $length)", "docstring": {"text": "A function to return a string of arbitrary length that contains randomly selected characters.", "tags": [{"tag_name": "example", "text": "random_password(42)", "name": "Calling the function"}, {"tag_name": "param", "text": "The length of random password you want generated.", "types": ["Integer[1]"], "name": "length"}, {"tag_name": "return", "text": "The random string returned consists of alphanumeric characters excluding 'look-alike' characters.", "types": ["String"]}]}}], "docstring": {"text": "A function to return a string of arbitrary length that contains randomly selected characters.", "tags": [{"tag_name": "example", "text": "random_password(42)", "name": "Calling the function"}, {"tag_name": "param", "text": "The length of random password you want generated.", "types": ["Integer[1]"], "name": "length"}, {"tag_name": "return", "text": "The random string returned consists of alphanumeric characters excluding 'look-alike' characters.", "types": ["String"]}]}, "source": "Puppet::Functions.create_function(:'extlib::random_password') do\n # @param length The length of random password you want generated.\n # @return [String] The random string returned consists of alphanumeric characters excluding 'look-alike' characters.\n # @example Calling the function\n # random_password(42)\n dispatch :random_password do\n param 'Integer[1]', :length\n return_type 'String'\n end\n\n def random_password(length)\n # These are quite often confusing ...\n ambiguous_characters = %w[0 1 O I l]\n\n # Get allowed characters set ...\n set = ('a'..'z').to_a + ('A'..'Z').to_a + ('0'..'9').to_a\n set -= ambiguous_characters\n\n # Shuffle characters in the set at random and return desired number of them ...\n Array.new(length) do |_i|\n set[rand(set.length)]\n end.join\n end\nend"}, {"name": "extlib::read_url", "file": "lib/puppet/functions/extlib/read_url.rb", "line": 8, "type": "ruby4x", "signatures": [{"signature": "extlib::read_url(Stdlib::HTTPUrl $url)", "docstring": {"text": "Fetch a string from a URL (should only be used with 'small' remote files).\n\nThis function should only be used with trusted/internal sources.\nThis is especially important if using it in conjunction with `inline_template`\nor `inline_epp`.\nThe current implementation is also very basic. No thought has gone into timeouts,\nsupport for redirects, CA paths etc.", "tags": [{"tag_name": "example", "text": "extlib::read_url('https://example.com/sometemplate.epp')", "name": "Calling the function"}, {"tag_name": "param", "text": "The URL to read from", "types": ["Stdlib::HTTPUrl"], "name": "url"}, {"tag_name": "return", "text": "Returns the contents of the url as a string", "types": ["String"]}]}}], "docstring": {"text": "Fetch a string from a URL (should only be used with 'small' remote files).\n\nThis function should only be used with trusted/internal sources.\nThis is especially important if using it in conjunction with `inline_template`\nor `inline_epp`.\nThe current implementation is also very basic. No thought has gone into timeouts,\nsupport for redirects, CA paths etc.", "tags": [{"tag_name": "example", "text": "extlib::read_url('https://example.com/sometemplate.epp')", "name": "Calling the function"}, {"tag_name": "param", "text": "The URL to read from", "types": ["Stdlib::HTTPUrl"], "name": "url"}, {"tag_name": "return", "text": "Returns the contents of the url as a string", "types": ["String"]}]}, "source": "Puppet::Functions.create_function(:'extlib::read_url') do\n # @param url The URL to read from\n # @return Returns the contents of the url as a string\n # @example Calling the function\n # extlib::read_url('https://example.com/sometemplate.epp')\n dispatch :read_url do\n param 'Stdlib::HTTPUrl', :url\n return_type 'String'\n end\n\n def read_url(url)\n require 'open-uri'\n uri = URI.parse(url)\n uri.read\n end\nend"}, {"name": "extlib::resources_deep_merge", "file": "lib/puppet/functions/extlib/resources_deep_merge.rb", "line": 68, "type": "ruby4x", "signatures": [{"signature": "extlib::resources_deep_merge(Hash $resources, Hash $defaults)", "docstring": {"text": "Deeply merge a \"defaults\" hash into a \"resources\" hash like the ones expected by `create_resources()`.\n\nInternally calls the puppetlabs-stdlib function `deep_merge()`. In case of\nduplicate keys the `resources` hash keys win over the `defaults` hash keys.\n\nExample\n```puppet\n$defaults_hash = {\n 'one' => '1',\n 'two' => '2',\n 'three' => '3',\n 'four' => {\n 'five' => '5',\n 'six' => '6',\n 'seven' => '7',\n }\n}\n\n$numbers_hash = {\n 'german' => {\n 'one' => 'eins',\n 'three' => 'drei',\n 'four' => {\n 'six' => 'sechs',\n },\n },\n 'french' => {\n 'one' => 'un',\n 'two' => 'deux',\n 'four' => {\n 'five' => 'cinq',\n 'seven' => 'sept',\n },\n }\n}\n\n$result_hash = resources_deep_merge($numbers_hash, $defaults_hash)\n```\n\nThe $result_hash then looks like this:\n\n```puppet\n$result_hash = {\n 'german' => {\n 'one' => 'eins',\n 'two' => '2',\n 'three' => 'drei',\n 'four' => {\n 'five' => '5',\n 'six' => 'sechs',\n 'seven' => '7',\n }\n },\n 'french' => {\n 'one' => 'un',\n 'two' => 'deux',\n 'three' => '3',\n 'four' => {\n 'five' => 'cinq',\n 'six' => '6',\n 'seven' => 'sept',\n }\n }\n}\n```", "tags": [{"tag_name": "param", "text": "The hash of resources.", "types": ["Hash"], "name": "resources"}, {"tag_name": "param", "text": "The hash of defaults to merge.", "types": ["Hash"], "name": "defaults"}, {"tag_name": "return", "text": "Returns the merged hash.", "types": ["Hash"]}]}}], "docstring": {"text": "Deeply merge a \"defaults\" hash into a \"resources\" hash like the ones expected by `create_resources()`.\n\nInternally calls the puppetlabs-stdlib function `deep_merge()`. In case of\nduplicate keys the `resources` hash keys win over the `defaults` hash keys.\n\nExample\n```puppet\n$defaults_hash = {\n 'one' => '1',\n 'two' => '2',\n 'three' => '3',\n 'four' => {\n 'five' => '5',\n 'six' => '6',\n 'seven' => '7',\n }\n}\n\n$numbers_hash = {\n 'german' => {\n 'one' => 'eins',\n 'three' => 'drei',\n 'four' => {\n 'six' => 'sechs',\n },\n },\n 'french' => {\n 'one' => 'un',\n 'two' => 'deux',\n 'four' => {\n 'five' => 'cinq',\n 'seven' => 'sept',\n },\n }\n}\n\n$result_hash = resources_deep_merge($numbers_hash, $defaults_hash)\n```\n\nThe $result_hash then looks like this:\n\n```puppet\n$result_hash = {\n 'german' => {\n 'one' => 'eins',\n 'two' => '2',\n 'three' => 'drei',\n 'four' => {\n 'five' => '5',\n 'six' => 'sechs',\n 'seven' => '7',\n }\n },\n 'french' => {\n 'one' => 'un',\n 'two' => 'deux',\n 'three' => '3',\n 'four' => {\n 'five' => 'cinq',\n 'six' => '6',\n 'seven' => 'sept',\n }\n }\n}\n```", "tags": [{"tag_name": "param", "text": "The hash of resources.", "types": ["Hash"], "name": "resources"}, {"tag_name": "param", "text": "The hash of defaults to merge.", "types": ["Hash"], "name": "defaults"}, {"tag_name": "return", "text": "Returns the merged hash.", "types": ["Hash"]}, {"tag_name": "summary", "text": "Deeply merge a \"defaults\" hash into a \"resources\" hash like the ones expected by `create_resources()`."}]}, "source": "Puppet::Functions.create_function(:'extlib::resources_deep_merge') do\n # Deep-merges defaults into a resources hash\n # @param resources The hash of resources.\n # @param defaults The hash of defaults to merge.\n # @return Returns the merged hash.\n dispatch :resources_deep_merge do\n param 'Hash', :resources\n param 'Hash', :defaults\n return_type 'Hash'\n end\n\n def resources_deep_merge(resources, defaults)\n deep_merged_resources = {}\n resources.each do |title, params|\n deep_merged_resources[title] = call_function('deep_merge', defaults, params)\n end\n\n deep_merged_resources\n end\nend"}, {"name": "extlib::sort_by_version", "file": "lib/puppet/functions/extlib/sort_by_version.rb", "line": 2, "type": "ruby4x", "signatures": [{"signature": "extlib::sort_by_version(Array[String] $versions)", "docstring": {"text": "A function that sorts an array of version numbers.", "tags": [{"tag_name": "example", "text": "extlib::sort_by_version(['10.0.0b12', '10.0.0b3', '10.0.0a2', '9.0.10', '9.0.3'])", "name": "Calling the function"}, {"tag_name": "param", "text": "An array of version strings you want sorted.", "types": ["Array[String]"], "name": "versions"}, {"tag_name": "return", "text": "Returns the sorted array.", "types": ["Array[String]"]}]}}], "docstring": {"text": "A function that sorts an array of version numbers.", "tags": [{"tag_name": "example", "text": "extlib::sort_by_version(['10.0.0b12', '10.0.0b3', '10.0.0a2', '9.0.10', '9.0.3'])", "name": "Calling the function"}, {"tag_name": "param", "text": "An array of version strings you want sorted.", "types": ["Array[String]"], "name": "versions"}, {"tag_name": "return", "text": "Returns the sorted array.", "types": ["Array[String]"]}]}, "source": "Puppet::Functions.create_function(:'extlib::sort_by_version') do\n # @param versions An array of version strings you want sorted.\n # @return Returns the sorted array.\n # @example Calling the function\n # extlib::sort_by_version(['10.0.0b12', '10.0.0b3', '10.0.0a2', '9.0.10', '9.0.3'])\n dispatch :sort_by_version do\n param 'Array[String]', :versions\n return_type 'Array[String]'\n end\n\n def sort_by_version(versions)\n versions.sort_by { |v| Gem::Version.new(v) }\n end\nend"}, {"name": "systemd::escape", "file": "functions/escape.pp", "line": 9, "type": "puppet", "signatures": [{"signature": "systemd::escape(String[1] $input, Boolean $path = false)", "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "$result = systemd::escape('foo::bar')", "name": "Escaping a string"}, {"tag_name": "example", "text": "$result = systemd::escape('/mnt/foobar',true)", "name": "Escaping a path"}, {"tag_name": "param", "text": "Input string", "types": ["String[1]"], "name": "input"}, {"tag_name": "param", "text": "Use path (-p) ornon-path style escaping.", "types": ["Boolean"], "name": "path"}, {"tag_name": "return", "text": "String", "types": ["String"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "$result = systemd::escape('foo::bar')", "name": "Escaping a string"}, {"tag_name": "example", "text": "$result = systemd::escape('/mnt/foobar',true)", "name": "Escaping a path"}, {"tag_name": "param", "text": "Input string", "types": ["String[1]"], "name": "input"}, {"tag_name": "param", "text": "Use path (-p) ornon-path style escaping.", "types": ["Boolean"], "name": "path"}, {"tag_name": "return", "text": "String", "types": ["String"]}, {"tag_name": "summary", "text": "Escape strings as systemd-escape does."}]}, "defaults": {"path": "false"}, "source": "function systemd::escape(String[1] $input, Boolean $path = false) >> String {\n # Escape method is defined\n # https://www.freedesktop.org/software/systemd/man/systemd.unit.html\n\n # fail path if . on end.\n if $path and $input[-1] == '.' {\n fail('A path can not end in a \\'.\\'')\n }\n\n # De-duplicate any `/` and prefix,suffix `/` if file\n if $path {\n $_chomped = $input.regsubst('/+$','').regsubst('^/+','').regsubst('//+','/')\n } else {\n $_chomped = $input\n }\n\n # Docs talk of escaping `:` also but seems not to be the case in reality.\n #\n $_output = $_chomped.map |$_i, $_token | {\n case $_token {\n '.': {\n $_escaped = $_i ? {\n 0 => '\\x2e',\n default => $_token,\n }\n }\n '/': { $_escaped = '-' }\n ',': { $_escaped = '\\x2c' }\n default: { $_escaped = $_token }\n }\n $_escaped\n }.join\n\n return $_output\n}"}, {"name": "ssh::ipaddresses", "file": "lib/puppet/functions/ssh/ipaddresses.rb", "line": 6, "type": "ruby4x", "signatures": [{"signature": "ssh::ipaddresses(Optional[Array[String[1]]] $excluded_interfaces)", "docstring": {"text": "Returns all ip addresses of network interfaces (except lo) found by facter.\nSpecial network interfaces (e.g. docker0) can be excluded by an exclude list.", "tags": [{"tag_name": "param", "text": "", "types": ["Optional[Array[String[1]]]"], "name": "excluded_interfaces"}, {"tag_name": "return", "text": "", "types": ["Array[Stdlib::IP::Address]"]}]}}], "docstring": {"text": "Returns all ip addresses of network interfaces (except lo) found by facter.\nSpecial network interfaces (e.g. docker0) can be excluded by an exclude list.", "tags": [{"tag_name": "api", "text": "private"}, {"tag_name": "param", "text": "", "types": ["Optional[Array[String[1]]]"], "name": "excluded_interfaces"}, {"tag_name": "return", "text": "", "types": ["Array[Stdlib::IP::Address]"]}, {"tag_name": "summary", "text": "Returns ip addresses of network interfaces (except lo) found by facter."}]}, "source": "Puppet::Functions.create_function(:'ssh::ipaddresses') do\n dispatch :ipaddresses do\n # @param excluded_interfaces An array of interface names to be excluded.\n # @return The IP addresses found.\n optional_param 'Array[String[1]]', :excluded_interfaces\n return_type 'Array[Stdlib::IP::Address]'\n end\n\n def ipaddresses(excluded_interfaces = [])\n facts = closure_scope['facts']\n\n # always exclude loopback interface\n excluded_interfaces += ['lo']\n\n if !facts['networking'].nil? && !facts['networking'].empty?\n interfaces = facts['networking']['interfaces']\n else\n interfaces = {}\n facts['interfaces'].split(',').each do |iface|\n next if facts[\"ipaddress_#{iface}\"].nil? && facts[\"ipaddress6_#{iface}\"].nil?\n interfaces[iface] = {}\n if !facts[\"ipaddress_#{iface}\"].nil? && !facts[\"ipaddress_#{iface}\"].empty?\n interfaces[iface]['bindings'] = [{ 'address' => facts[\"ipaddress_#{iface}\"] }]\n end\n if !facts[\"ipaddress6_#{iface}\"].nil? && !facts[\"ipaddress6_#{iface}\"].empty?\n interfaces[iface]['bindings6'] = [{ 'address' => facts[\"ipaddress6_#{iface}\"] }]\n end\n end\n end\n\n result = []\n interfaces.each do |iface, data|\n # skip excluded interfaces\n next if excluded_interfaces.include?(iface)\n\n %w[bindings bindings6].each do |binding_type|\n next unless data.key?(binding_type)\n data[binding_type].each do |binding|\n next unless binding.key?('address')\n result << binding['address']\n end\n end\n end\n\n # Throw away any v6 link-local addresses\n fe8064 = IPAddr.new('fe80::/64')\n result.delete_if { |ip| fe8064.include? IPAddr.new(ip) }\n\n result.uniq\n end\nend"}, {"name": "sshclient_options_to_augeas_ssh_config", "file": "lib/puppet/parser/functions/sshclient_options_to_augeas_ssh_config.rb", "line": 2, "type": "ruby3x", "signatures": [{"signature": "sshclient_options_to_augeas_ssh_config()", "docstring": {"text": "This function will convert a key-value hash to a format understandable by the augeas sshd_config provider\nIt will also optionally deal with keys that should be absent, and inject static parameters if supplied.\n\nUsage: sshclient_options_to_augeas_ssh_config($options_present, $options_absent, $other_parameters)\n- $options_hash is mandatory and must be a hash.\n- $options_absent is optional and can be either a single value or an array.\n- $other_parameters is optional and must be a hash.\n\nExample:\n$options = {\n 'Host *.example.com' => {\n 'ForwardAgent' => 'yes',\n 'BatchMode' => 'yes',\n },\n 'ForwardAgent' => 'no',\n 'BatchMode' => 'no',\n 'StrictHostKeyChecking' => 'no',\n }\n$options_absent = ['StrictHostKeyChecking','NoneField']\n$other_parameters = { 'target' => '/etc/ssh/ssh_config' }\n\n$options_final_augeas = sshclient_options_to_augeas_ssh_config($options, $options_absent, $other_parameters)\n\nIn this case, the value of $options_final_augeas would be:\n\n'ForwardAgent *.example.com' => {\n 'ensure' => 'present',\n 'host' => '*.example.com',\n 'key' => 'ForwardAgent',\n 'value' => 'yes',\n 'target' => '/etc/ssh/ssh_config',\n }\n'BatchMode *.example.com' => {\n 'ensure' => 'present',\n 'host' => '*.example.com',\n 'key' => 'BatchMode',\n 'value' => 'yes',\n 'target' => '/etc/ssh/ssh_config',\n }\n'ForwardAgent' => {\n 'ensure' => 'present',\n 'key' => 'ForwardAgent',\n 'value' => 'yes',\n 'target' => '/etc/ssh/ssh_config',\n }\n'BatchMode' => {\n 'ensure' => 'present',\n 'key' => 'BatchMode',\n 'value' => 'yes',\n 'target' => '/etc/ssh/ssh_config',\n }\n'StrictHostKeyChecking' => {\n 'ensure' => 'absent',\n 'key' => 'StrictHostKeyChecking',\n 'target' => '/etc/ssh/ssh_config',\n }\n 'NoneField' => {\n 'ensure' => 'absent',\n 'key' => 'NoneField',\n 'target' => '/etc/ssh/ssh_config',\n }\n\nNote how the word \"Host\" is stripped a", "tags": [{"tag_name": "return", "text": "", "types": ["Any"]}]}}], "docstring": {"text": "This function will convert a key-value hash to a format understandable by the augeas sshd_config provider\nIt will also optionally deal with keys that should be absent, and inject static parameters if supplied.\n\nUsage: sshclient_options_to_augeas_ssh_config($options_present, $options_absent, $other_parameters)\n- $options_hash is mandatory and must be a hash.\n- $options_absent is optional and can be either a single value or an array.\n- $other_parameters is optional and must be a hash.\n\nExample:\n$options = {\n 'Host *.example.com' => {\n 'ForwardAgent' => 'yes',\n 'BatchMode' => 'yes',\n },\n 'ForwardAgent' => 'no',\n 'BatchMode' => 'no',\n 'StrictHostKeyChecking' => 'no',\n }\n$options_absent = ['StrictHostKeyChecking','NoneField']\n$other_parameters = { 'target' => '/etc/ssh/ssh_config' }\n\n$options_final_augeas = sshclient_options_to_augeas_ssh_config($options, $options_absent, $other_parameters)\n\nIn this case, the value of $options_final_augeas would be:\n\n'ForwardAgent *.example.com' => {\n 'ensure' => 'present',\n 'host' => '*.example.com',\n 'key' => 'ForwardAgent',\n 'value' => 'yes',\n 'target' => '/etc/ssh/ssh_config',\n }\n'BatchMode *.example.com' => {\n 'ensure' => 'present',\n 'host' => '*.example.com',\n 'key' => 'BatchMode',\n 'value' => 'yes',\n 'target' => '/etc/ssh/ssh_config',\n }\n'ForwardAgent' => {\n 'ensure' => 'present',\n 'key' => 'ForwardAgent',\n 'value' => 'yes',\n 'target' => '/etc/ssh/ssh_config',\n }\n'BatchMode' => {\n 'ensure' => 'present',\n 'key' => 'BatchMode',\n 'value' => 'yes',\n 'target' => '/etc/ssh/ssh_config',\n }\n'StrictHostKeyChecking' => {\n 'ensure' => 'absent',\n 'key' => 'StrictHostKeyChecking',\n 'target' => '/etc/ssh/ssh_config',\n }\n 'NoneField' => {\n 'ensure' => 'absent',\n 'key' => 'NoneField',\n 'target' => '/etc/ssh/ssh_config',\n }\n\nNote how the word \"Host\" is stripped a", "tags": [{"tag_name": "return", "text": "", "types": ["Any"]}]}, "source": "newfunction(:sshclient_options_to_augeas_ssh_config, type: :rvalue, doc: <<-'DOC') do |args|\nThis function will convert a key-value hash to a format understandable by the augeas sshd_config provider\nIt will also optionally deal with keys that should be absent, and inject static parameters if supplied.\n\nUsage: sshclient_options_to_augeas_ssh_config($options_present, $options_absent, $other_parameters)\n- $options_hash is mandatory and must be a hash.\n- $options_absent is optional and can be either a single value or an array.\n- $other_parameters is optional and must be a hash.\n\nExample:\n$options = {\n 'Host *.example.com' => {\n 'ForwardAgent' => 'yes',\n 'BatchMode' => 'yes',\n },\n 'ForwardAgent' => 'no',\n 'BatchMode' => 'no',\n 'StrictHostKeyChecking' => 'no',\n }\n$options_absent = ['StrictHostKeyChecking','NoneField']\n$other_parameters = { 'target' => '/etc/ssh/ssh_config' }\n\n$options_final_augeas = sshclient_options_to_augeas_ssh_config($options, $options_absent, $other_parameters)\n\nIn this case, the value of $options_final_augeas would be:\n\n'ForwardAgent *.example.com' => {\n 'ensure' => 'present',\n 'host' => '*.example.com',\n 'key' => 'ForwardAgent',\n 'value' => 'yes',\n 'target' => '/etc/ssh/ssh_config',\n }\n'BatchMode *.example.com' => {\n 'ensure' => 'present',\n 'host' => '*.example.com',\n 'key' => 'BatchMode',\n 'value' => 'yes',\n 'target' => '/etc/ssh/ssh_config',\n }\n'ForwardAgent' => {\n 'ensure' => 'present',\n 'key' => 'ForwardAgent',\n 'value' => 'yes',\n 'target' => '/etc/ssh/ssh_config',\n }\n'BatchMode' => {\n 'ensure' => 'present',\n 'key' => 'BatchMode',\n 'value' => 'yes',\n 'target' => '/etc/ssh/ssh_config',\n }\n'StrictHostKeyChecking' => {\n 'ensure' => 'absent',\n 'key' => 'StrictHostKeyChecking',\n 'target' => '/etc/ssh/ssh_config',\n }\n 'NoneField' => {\n 'ensure' => 'absent',\n 'key' => 'NoneField',\n 'target' => '/etc/ssh/ssh_config',\n }\n\nNote how the word \"Host\" is stripped away.\n\nDOC\n\n if args.empty?\n raise Puppet::ParseError, 'sshclient_options_to_augeas_ssh_config: expects at least one argument'\n end\n\n options = args[0]\n unless options.is_a?(Hash)\n raise Puppet::ParseError, 'sshclient_options_to_augeas_ssh_config: first argument must be a hash'\n end\n\n options_absent = args[1] if args[1]\n other_parameters = args[2] if args[2]\n if options_absent\n unless options_absent.is_a?(Array) || options_absent.is_a?(String)\n raise Puppet::ParseError, 'sshclient_options_to_augeas_ssh_config: second argument, if supplied, must be an array or a string'\n end\n end\n if other_parameters\n unless other_parameters.is_a?(Hash)\n raise Puppet::ParseError, 'sshclient_options_to_augeas_ssh_config: third argument, if supplied, must be a hash'\n end\n end\n\n options_final_augeas = {}\n options.each do |key1, value1|\n if value1.is_a?(Hash)\n value1.each do |key2, value2|\n v = { 'ensure' => 'present' }.merge('host' => key1.gsub('Host ', '')).merge('key' => key2, 'value' => value2)\n options_final_augeas[\"#{key2} #{key1.gsub('Host ', '')}\"] = v.merge(other_parameters)\n end\n else\n options_final_augeas[key1] = { 'ensure' => 'present' }.merge('key' => key1, 'value' => value1).merge(other_parameters)\n end\n end\n options_absent.each do |value|\n options_final_augeas[value] = { 'ensure' => 'absent' }.merge('key' => value).merge(other_parameters)\n end\n return options_final_augeas\nend"}, {"name": "sshserver_options_to_augeas_sshd_config", "file": "lib/puppet/parser/functions/sshserver_options_to_augeas_sshd_config.rb", "line": 2, "type": "ruby3x", "signatures": [{"signature": "sshserver_options_to_augeas_sshd_config()", "docstring": {"text": "This function will convert a key-value hash to a format understandable by the augeas sshd_config provider\nIt will also optionally deal with keys that should be absent, and inject static parameters if supplied.\n\nUsage: sshserver_options_to_augeas_sshd_config($options_present, $options_absent, $other_parameters)\n- $options_hash is mandatory and must be a hash.\n- $options_absent is optional and can be either a single value or an array.\n- $other_parameters is optional and must be a hash.\n\nExample:\n$options = {\n 'Match User www-data' => {\n 'PasswordAuthentication' => 'yes',\n 'X11Forwarding' => 'no',\n },\n 'Match Group bamboo' => {\n 'ForcedCommand' => '/bin/echo hello world',\n },\n 'X11Forwarding' => 'yes',\n 'DebianBanner' => '/etc/banner.net',\n 'AllowGroups' => [\"sshgroups\", \"admins\"],\n }\n$options_absent = ['DebianBanner','NoneField']\n$other_parameters = { 'target' => '/etc/ssh/sshd_config' }\n\n$options_final_augeas = sshserver_options_to_augeas_sshd_config($options, $options_absent, $other_parameters)\n\nIn this case, the value of $options_final_augeas would be:\n\n'PasswordAuthentication User www-data' => {\n 'ensure' => 'present',\n 'condition' => 'User www-data',\n 'key' => 'PasswordAuthentication',\n 'value' => 'yes',\n 'target' => '/etc/ssh/sshd_config',\n }\n 'X11Forwarding User www-data' => {\n 'ensure' => 'present',\n 'condition' => 'User www-data',\n 'key' => 'X11Forwarding',\n 'value' => 'no',\n 'target' => '/etc/ssh/sshd_config',\n }\n 'ForcedCommand Group bamboo' => {\n 'ensure' => 'present',\n 'condition' => 'Group bamboo',\n 'key' => 'ForcedCommand',\n 'value' => '/bin/echo hello world',\n 'target' => '/etc/ssh/sshd_config',\n }\n 'X11Forwarding' => {\n 'ensure' => 'present',\n 'key' => 'X11Forwarding',\n 'value' => 'yes',\n 'target' => '/etc/ssh/sshd_config',\n }\n 'DebianBanner' => {\n 'ensure' => 'absent',\n 'key' => 'DebianBanner',\n 'target' => '/etc/ssh/sshd_config',\n }\n 'AllowGroups' => {\n 'ensure' => 'present',\n 'key' => 'AllowGroups',\n 'value' => ['sshgroups','admins'],\n 'target' => '/etc/ssh/sshd_config',\n }\n 'NoneField' => {\n 'ensure' => 'absent',\n 'key' => 'NoneField',\n 'target' => '/etc/ssh/sshd_config',\n }\n\nNote how the word \"Match\" is stripped a", "tags": [{"tag_name": "return", "text": "", "types": ["Any"]}]}}], "docstring": {"text": "This function will convert a key-value hash to a format understandable by the augeas sshd_config provider\nIt will also optionally deal with keys that should be absent, and inject static parameters if supplied.\n\nUsage: sshserver_options_to_augeas_sshd_config($options_present, $options_absent, $other_parameters)\n- $options_hash is mandatory and must be a hash.\n- $options_absent is optional and can be either a single value or an array.\n- $other_parameters is optional and must be a hash.\n\nExample:\n$options = {\n 'Match User www-data' => {\n 'PasswordAuthentication' => 'yes',\n 'X11Forwarding' => 'no',\n },\n 'Match Group bamboo' => {\n 'ForcedCommand' => '/bin/echo hello world',\n },\n 'X11Forwarding' => 'yes',\n 'DebianBanner' => '/etc/banner.net',\n 'AllowGroups' => [\"sshgroups\", \"admins\"],\n }\n$options_absent = ['DebianBanner','NoneField']\n$other_parameters = { 'target' => '/etc/ssh/sshd_config' }\n\n$options_final_augeas = sshserver_options_to_augeas_sshd_config($options, $options_absent, $other_parameters)\n\nIn this case, the value of $options_final_augeas would be:\n\n'PasswordAuthentication User www-data' => {\n 'ensure' => 'present',\n 'condition' => 'User www-data',\n 'key' => 'PasswordAuthentication',\n 'value' => 'yes',\n 'target' => '/etc/ssh/sshd_config',\n }\n 'X11Forwarding User www-data' => {\n 'ensure' => 'present',\n 'condition' => 'User www-data',\n 'key' => 'X11Forwarding',\n 'value' => 'no',\n 'target' => '/etc/ssh/sshd_config',\n }\n 'ForcedCommand Group bamboo' => {\n 'ensure' => 'present',\n 'condition' => 'Group bamboo',\n 'key' => 'ForcedCommand',\n 'value' => '/bin/echo hello world',\n 'target' => '/etc/ssh/sshd_config',\n }\n 'X11Forwarding' => {\n 'ensure' => 'present',\n 'key' => 'X11Forwarding',\n 'value' => 'yes',\n 'target' => '/etc/ssh/sshd_config',\n }\n 'DebianBanner' => {\n 'ensure' => 'absent',\n 'key' => 'DebianBanner',\n 'target' => '/etc/ssh/sshd_config',\n }\n 'AllowGroups' => {\n 'ensure' => 'present',\n 'key' => 'AllowGroups',\n 'value' => ['sshgroups','admins'],\n 'target' => '/etc/ssh/sshd_config',\n }\n 'NoneField' => {\n 'ensure' => 'absent',\n 'key' => 'NoneField',\n 'target' => '/etc/ssh/sshd_config',\n }\n\nNote how the word \"Match\" is stripped a", "tags": [{"tag_name": "return", "text": "", "types": ["Any"]}]}, "source": "newfunction(:sshserver_options_to_augeas_sshd_config, type: :rvalue, doc: <<-'DOC') do |args|\nThis function will convert a key-value hash to a format understandable by the augeas sshd_config provider\nIt will also optionally deal with keys that should be absent, and inject static parameters if supplied.\n\nUsage: sshserver_options_to_augeas_sshd_config($options_present, $options_absent, $other_parameters)\n- $options_hash is mandatory and must be a hash.\n- $options_absent is optional and can be either a single value or an array.\n- $other_parameters is optional and must be a hash.\n\nExample:\n$options = {\n 'Match User www-data' => {\n 'PasswordAuthentication' => 'yes',\n 'X11Forwarding' => 'no',\n },\n 'Match Group bamboo' => {\n 'ForcedCommand' => '/bin/echo hello world',\n },\n 'X11Forwarding' => 'yes',\n 'DebianBanner' => '/etc/banner.net',\n 'AllowGroups' => [\"sshgroups\", \"admins\"],\n }\n$options_absent = ['DebianBanner','NoneField']\n$other_parameters = { 'target' => '/etc/ssh/sshd_config' }\n\n$options_final_augeas = sshserver_options_to_augeas_sshd_config($options, $options_absent, $other_parameters)\n\nIn this case, the value of $options_final_augeas would be:\n\n'PasswordAuthentication User www-data' => {\n 'ensure' => 'present',\n 'condition' => 'User www-data',\n 'key' => 'PasswordAuthentication',\n 'value' => 'yes',\n 'target' => '/etc/ssh/sshd_config',\n }\n 'X11Forwarding User www-data' => {\n 'ensure' => 'present',\n 'condition' => 'User www-data',\n 'key' => 'X11Forwarding',\n 'value' => 'no',\n 'target' => '/etc/ssh/sshd_config',\n }\n 'ForcedCommand Group bamboo' => {\n 'ensure' => 'present',\n 'condition' => 'Group bamboo',\n 'key' => 'ForcedCommand',\n 'value' => '/bin/echo hello world',\n 'target' => '/etc/ssh/sshd_config',\n }\n 'X11Forwarding' => {\n 'ensure' => 'present',\n 'key' => 'X11Forwarding',\n 'value' => 'yes',\n 'target' => '/etc/ssh/sshd_config',\n }\n 'DebianBanner' => {\n 'ensure' => 'absent',\n 'key' => 'DebianBanner',\n 'target' => '/etc/ssh/sshd_config',\n }\n 'AllowGroups' => {\n 'ensure' => 'present',\n 'key' => 'AllowGroups',\n 'value' => ['sshgroups','admins'],\n 'target' => '/etc/ssh/sshd_config',\n }\n 'NoneField' => {\n 'ensure' => 'absent',\n 'key' => 'NoneField',\n 'target' => '/etc/ssh/sshd_config',\n }\n\nNote how the word \"Match\" is stripped away.\n\nDOC\n\n if args.empty?\n raise Puppet::ParseError, 'sshserver_options_to_augeas_sshd_config: expects at least one argument'\n end\n\n options = args[0]\n unless options.is_a?(Hash)\n raise Puppet::ParseError, 'sshserver_options_to_augeas_sshd_config: first argument must be a hash'\n end\n\n options_absent = args[1] if args[1]\n other_parameters = args[2] if args[2]\n if options_absent\n unless options_absent.is_a?(Array) || options_absent.is_a?(String)\n raise Puppet::ParseError, 'sshserver_options_to_augeas_sshd_config: second argument, if supplied, must be an array or a string'\n end\n end\n if other_parameters\n unless other_parameters.is_a?(Hash)\n raise Puppet::ParseError, 'sshserver_options_to_augeas_sshd_config: third argument, if supplied, must be a hash'\n end\n end\n\n options_final_augeas = {}\n options.each do |key1, value1|\n if value1.is_a?(Hash)\n value1.each do |key2, value2|\n v = { 'ensure' => 'present' }.merge('condition' => key1.gsub('Match ', '')).merge('key' => key2, 'value' => value2)\n options_final_augeas[\"#{key2} #{key1.gsub('Match ', '')}\"] = v.merge(other_parameters)\n end\n else\n options_final_augeas[key1] = { 'ensure' => 'present' }.merge('key' => key1, 'value' => value1).merge(other_parameters)\n end\n end\n options_absent.each do |value|\n options_final_augeas[value] = { 'ensure' => 'absent' }.merge('key' => value).merge(other_parameters)\n end\n return options_final_augeas\nend"}, {"name": "apache::apache_pw_hash", "file": "lib/puppet/functions/apache/apache_pw_hash.rb", "line": 4, "type": "ruby4x", "signatures": [{"signature": "apache::apache_pw_hash(Any *$args)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "", "types": ["Any"]}, {"tag_name": "summary", "text": "DEPRECATED. Use the function [`apache::pw_hash`](#apachepw_hash) instead."}]}, "source": "Puppet::Functions.create_function(:'apache::apache_pw_hash') do\n dispatch :deprecation_gen do\n repeated_param 'Any', :args\n end\n def deprecation_gen(*args)\n call_function('deprecation', 'apache::apache_pw_hash', 'This function is deprecated, please use apache::pw_hash instead.')\n call_function('apache::pw_hash', *args)\n end\nend"}, {"name": "apache::bool2httpd", "file": "lib/puppet/functions/apache/bool2httpd.rb", "line": 6, "type": "ruby4x", "signatures": [{"signature": "apache::bool2httpd(Any $arg)", "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "$trace_enable = false\n$server_signature = 'mail'\n\napache::bool2httpd($trace_enable) # returns 'Off'\napache::bool2httpd($server_signature) # returns 'mail'\napache::bool2httpd(undef) # returns 'Off'", "name": ""}, {"tag_name": "param", "text": "The value to be converted into a string.", "types": ["Any"], "name": "arg"}, {"tag_name": "return", "text": "Will return either `On` or `Off` if given a boolean value. Returns a string of any\nother given value.", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "example", "text": "$trace_enable = false\n$server_signature = 'mail'\n\napache::bool2httpd($trace_enable) # returns 'Off'\napache::bool2httpd($server_signature) # returns 'mail'\napache::bool2httpd(undef) # returns 'Off'", "name": ""}, {"tag_name": "param", "text": "The value to be converted into a string.", "types": ["Any"], "name": "arg"}, {"tag_name": "return", "text": "Will return either `On` or `Off` if given a boolean value. Returns a string of any\nother given value.", "types": ["Any"]}, {"tag_name": "summary", "text": "Transform a supposed boolean to On or Off. Passes all other values through."}]}, "source": "Puppet::Functions.create_function(:'apache::bool2httpd') do\n # @param arg\n # The value to be converted into a string.\n #\n # @return\n # Will return either `On` or `Off` if given a boolean value. Returns a string of any\n # other given value.\n # @example\n # $trace_enable = false\n # $server_signature = 'mail'\n #\n # apache::bool2httpd($trace_enable) # returns 'Off'\n # apache::bool2httpd($server_signature) # returns 'mail'\n # apache::bool2httpd(undef) # returns 'Off'\n #\n def bool2httpd(arg)\n return 'Off' if arg.nil? || arg == false || matches_string?(arg, %r{false}i) || arg == :undef\n return 'On' if arg == true || matches_string?(arg, %r{true}i)\n arg.to_s\n end\n\n private\n\n def matches_string?(value, matcher)\n if Gem::Version.new(RUBY_VERSION) < Gem::Version.new('2.4.0')\n value =~ matcher\n else\n value.is_a?(String) && value.match?(matcher)\n end\n end\nend"}, {"name": "apache::pw_hash", "file": "lib/puppet/functions/apache/pw_hash.rb", "line": 8, "type": "ruby4x", "signatures": [{"signature": "apache::pw_hash(String[1] $password)", "docstring": {"text": "Currently uses SHA-hashes, because although this format is considered insecure, it's the\nmost secure format supported by the most platforms.", "tags": [{"tag_name": "param", "text": "The input that is to be hashed.", "types": ["String[1]"], "name": "password"}, {"tag_name": "return", "text": "Returns the hash of the input that was given.", "types": ["String"]}]}}], "docstring": {"text": "Currently uses SHA-hashes, because although this format is considered insecure, it's the\nmost secure format supported by the most platforms.", "tags": [{"tag_name": "param", "text": "The input that is to be hashed.", "types": ["String[1]"], "name": "password"}, {"tag_name": "return", "text": "Returns the hash of the input that was given.", "types": ["String"]}, {"tag_name": "summary", "text": "Hashes a password in a format suitable for htpasswd files read by apache."}]}, "source": "Puppet::Functions.create_function(:'apache::pw_hash') do\n # @param password\n # The input that is to be hashed.\n #\n # @return\n # Returns the hash of the input that was given.\n dispatch :apache_pw_hash do\n required_param 'String[1]', :password\n return_type 'String'\n end\n\n def apache_pw_hash(password)\n require 'base64'\n '{SHA}' + Base64.strict_encode64(Digest::SHA1.digest(password))\n end\nend"}, {"name": "apache_pw_hash", "file": "lib/puppet/functions/apache_pw_hash.rb", "line": 4, "type": "ruby4x", "signatures": [{"signature": "apache_pw_hash(Any *$args)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "", "types": ["Any"]}, {"tag_name": "summary", "text": "DEPRECATED. Use the namespaced function [`apache::pw_hash`](#apachepw_hash) instead."}]}, "source": "Puppet::Functions.create_function(:apache_pw_hash) do\n dispatch :deprecation_gen do\n repeated_param 'Any', :args\n end\n def deprecation_gen(*args)\n call_function('deprecation', 'apache_pw_hash', 'This function is deprecated, please use apache::pw_hash instead.')\n call_function('apache::pw_hash', *args)\n end\nend"}, {"name": "bool2httpd", "file": "lib/puppet/functions/bool2httpd.rb", "line": 4, "type": "ruby4x", "signatures": [{"signature": "bool2httpd(Any *$args)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "", "types": ["Any"]}, {"tag_name": "summary", "text": "DEPRECATED. Use the namespaced function [`apache::bool2httpd`](#apachebool2httpd) instead."}]}, "source": "Puppet::Functions.create_function(:bool2httpd) do\n dispatch :deprecation_gen do\n repeated_param 'Any', :args\n end\n def deprecation_gen(*args)\n call_function('deprecation', 'bool2httpd', 'This function is deprecated, please use apache::bool2httpd instead.')\n call_function('apache::bool2httpd', *args)\n end\nend"}, {"name": "mysql::normalise_and_deepmerge", "file": "lib/puppet/functions/mysql/normalise_and_deepmerge.rb", "line": 16, "type": "ruby4x", "signatures": [{"signature": "mysql::normalise_and_deepmerge(Any *$args)", "docstring": {"text": "- When there is a duplicate key that is a hash, they are recursively merged.\n- When there is a duplicate key that is not a hash, the key in the rightmost hash will \"win.\"\n- When there are conficting uses of dashes and underscores in two keys (which mysql would otherwise equate), the rightmost style will win.", "tags": [{"tag_name": "example", "text": "$hash1 = {'one' => 1, 'two' => 2, 'three' => { 'four' => 4 } }\n$hash2 = {'two' => 'dos', 'three' => { 'five' => 5 } }\n$merged_hash = mysql::normalise_and_deepmerge($hash1, $hash2)\n# The resulting hash is equivalent to:\n# $merged_hash = { 'one' => 1, 'two' => 'dos', 'three' => { 'four' => 4, 'five' => 5 } }", "name": ""}, {"tag_name": "param", "text": "Hash to be normalised", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "hash\nThe given hash normalised", "types": ["Any"]}]}}], "docstring": {"text": "- When there is a duplicate key that is a hash, they are recursively merged.\n- When there is a duplicate key that is not a hash, the key in the rightmost hash will \"win.\"\n- When there are conficting uses of dashes and underscores in two keys (which mysql would otherwise equate), the rightmost style will win.", "tags": [{"tag_name": "example", "text": "$hash1 = {'one' => 1, 'two' => 2, 'three' => { 'four' => 4 } }\n$hash2 = {'two' => 'dos', 'three' => { 'five' => 5 } }\n$merged_hash = mysql::normalise_and_deepmerge($hash1, $hash2)\n# The resulting hash is equivalent to:\n# $merged_hash = { 'one' => 1, 'two' => 'dos', 'three' => { 'four' => 4, 'five' => 5 } }", "name": ""}, {"tag_name": "param", "text": "Hash to be normalised", "types": ["Any"], "name": "*args"}, {"tag_name": "return", "text": "hash\nThe given hash normalised", "types": ["Any"]}, {"tag_name": "summary", "text": "Recursively merges two or more hashes together, normalises keys with differing use of dashes and underscores."}]}, "source": "Puppet::Functions.create_function(:'mysql::normalise_and_deepmerge') do\n # @param args\n # Hash to be normalised\n #\n # @return hash\n # The given hash normalised\n #\n def normalise_and_deepmerge(*args)\n if args.length < 2\n raise Puppet::ParseError, _('mysql::normalise_and_deepmerge(): wrong number of arguments (%{args_length}; must be at least 2)') % { args_length: args.length }\n end\n\n result = {}\n args.each do |arg|\n next if arg.is_a?(String) && arg.empty? # empty string is synonym for puppet's undef\n # If the argument was not a hash, skip it.\n unless arg.is_a?(Hash)\n raise Puppet::ParseError, _('mysql::normalise_and_deepmerge: unexpected argument type %{arg_class}, only expects hash arguments.') % { args_class: args.class }\n end\n\n # We need to make a copy of the hash since it is frozen by puppet\n current = deep_copy(arg)\n\n # Now we have to traverse our hash assigning our non-hash values\n # to the matching keys in our result while following our hash values\n # and repeating the process.\n overlay(result, current)\n end\n result\n end\n\n def normalized?(hash, key)\n return true if hash.key?(key)\n return false unless %r{-|_}.match?(key)\n other_key = key.include?('-') ? key.tr('-', '_') : key.tr('_', '-')\n return false unless hash.key?(other_key)\n hash[key] = hash.delete(other_key)\n true\n end\n\n def overlay(hash1, hash2)\n hash2.each do |key, value|\n if normalized?(hash1, key) && value.is_a?(Hash) && hash1[key].is_a?(Hash)\n overlay(hash1[key], value)\n else\n hash1[key] = value\n end\n end\n end\n\n def deep_copy(inputhash)\n return inputhash unless inputhash.is_a? Hash\n hash = {}\n inputhash.each do |k, v|\n hash.store(k, deep_copy(v))\n end\n hash\n end\nend"}, {"name": "mysql::password", "file": "lib/puppet/functions/mysql/password.rb", "line": 7, "type": "ruby4x", "signatures": [{"signature": "mysql::password(Variant[String, Sensitive[String]] $password, Optional[Boolean] $sensitive)", "docstring": {"text": "Hash a string as mysql's \"PASSWORD()\" function would do it", "tags": [{"tag_name": "param", "text": "Plain text password.", "types": ["Variant[String, Sensitive[String]]"], "name": "password"}, {"tag_name": "param", "text": "If the Postgresql-Passwordhash should be of Datatype Sensitive[String]", "types": ["Optional[Boolean]"], "name": "sensitive"}, {"tag_name": "return", "text": "hash\nThe mysql password hash from the clear text password.", "types": ["Variant[String, Sensitive[String]]"]}]}}], "docstring": {"text": "Hash a string as mysql's \"PASSWORD()\" function would do it", "tags": [{"tag_name": "param", "text": "Plain text password.", "types": ["Variant[String, Sensitive[String]]"], "name": "password"}, {"tag_name": "param", "text": "If the Postgresql-Passwordhash should be of Datatype Sensitive[String]", "types": ["Optional[Boolean]"], "name": "sensitive"}, {"tag_name": "return", "text": "hash\nThe mysql password hash from the clear text password.", "types": ["Variant[String, Sensitive[String]]"]}]}, "source": "Puppet::Functions.create_function(:'mysql::password') do\n # @param password\n # Plain text password.\n # @param sensitive\n # If the Postgresql-Passwordhash should be of Datatype Sensitive[String]\n #\n # @return hash\n # The mysql password hash from the clear text password.\n #\n dispatch :password do\n required_param 'Variant[String, Sensitive[String]]', :password\n optional_param 'Boolean', :sensitive\n return_type 'Variant[String, Sensitive[String]]'\n end\n\n def password(password, sensitive = false)\n if password.is_a?(Puppet::Pops::Types::PSensitiveType::Sensitive)\n password = password.unwrap\n end\n\n result_string = if %r{\\*[A-F0-9]{40}$}.match?(password)\n password\n elsif password.empty?\n ''\n else\n '*' + Digest::SHA1.hexdigest(Digest::SHA1.digest(password)).upcase\n end\n\n if sensitive\n Puppet::Pops::Types::PSensitiveType::Sensitive.new(result_string)\n else\n result_string\n end\n end\nend"}, {"name": "mysql::strip_hash", "file": "lib/puppet/functions/mysql/strip_hash.rb", "line": 6, "type": "ruby4x", "signatures": [{"signature": "mysql::strip_hash(Hash $hash)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Hash to be stripped", "types": ["Hash"], "name": "hash"}, {"tag_name": "return", "text": "hash\nThe given hash with all blank entries removed", "types": ["Hash"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Hash to be stripped", "types": ["Hash"], "name": "hash"}, {"tag_name": "return", "text": "hash\nThe given hash with all blank entries removed", "types": ["Hash"]}, {"tag_name": "summary", "text": "When given a hash this function strips out all blank entries."}]}, "source": "Puppet::Functions.create_function(:'mysql::strip_hash') do\n # @param hash\n # Hash to be stripped\n #\n # @return hash\n # The given hash with all blank entries removed\n #\n dispatch :strip_hash do\n required_param 'Hash', :hash\n return_type 'Hash'\n end\n\n def strip_hash(hash)\n # Filter out all the top level blanks.\n hash.reject { |_k, v| v == '' }.each do |_k, v|\n v.reject! { |_ki, vi| vi == '' } if v.is_a?(Hash)\n end\n end\nend"}, {"name": "mysql_password", "file": "lib/puppet/functions/mysql_password.rb", "line": 4, "type": "ruby4x", "signatures": [{"signature": "mysql_password(Variant[String, Sensitive[String]] $password, Optional[Boolean] $sensitive)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Plain text password.", "types": ["Variant[String, Sensitive[String]]"], "name": "password"}, {"tag_name": "param", "text": "", "types": ["Optional[Boolean]"], "name": "sensitive"}, {"tag_name": "return", "text": "The mysql password hash from the 4.x function mysql::password.", "types": ["Variant[String, Sensitive[String]]"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "Plain text password.", "types": ["Variant[String, Sensitive[String]]"], "name": "password"}, {"tag_name": "param", "text": "", "types": ["Optional[Boolean]"], "name": "sensitive"}, {"tag_name": "return", "text": "The mysql password hash from the 4.x function mysql::password.", "types": ["Variant[String, Sensitive[String]]"]}, {"tag_name": "summary", "text": "DEPRECATED. Use the namespaced function [`mysql::password`](#mysqlpassword) instead."}]}, "source": "Puppet::Functions.create_function(:mysql_password) do\n # @param password\n # Plain text password.\n #\n # @return\n # The mysql password hash from the 4.x function mysql::password.\n dispatch :mysql_password do\n required_param 'Variant[String, Sensitive[String]]', :password\n optional_param 'Boolean', :sensitive\n return_type 'Variant[String, Sensitive[String]]'\n end\n\n def mysql_password(password, sensitive = false)\n call_function('deprecation', 'mysql_password', \"This method has been deprecated, please use the namespaced version 'mysql::password' instead.\")\n call_function('mysql::password', password, sensitive)\n end\nend"}, {"name": "puppetdb::create_subsetting_resource_hash", "file": "lib/puppet/functions/puppetdb/create_subsetting_resource_hash.rb", "line": 1, "type": "ruby4x", "signatures": [{"signature": "puppetdb::create_subsetting_resource_hash(Hash $java_args, Any $params)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Hash"], "name": "java_args"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "params"}, {"tag_name": "return", "text": "", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Hash"], "name": "java_args"}, {"tag_name": "param", "text": "", "types": ["Any"], "name": "params"}, {"tag_name": "return", "text": "", "types": ["Any"]}]}, "source": "Puppet::Functions.create_function(:'puppetdb::create_subsetting_resource_hash') do\n dispatch :create_subsetting_resource_hash do\n required_param 'Hash', :java_args\n required_param 'Any', :params\n end\n\n def create_subsetting_resource_hash(java_args, params)\n resource_hash = {}\n\n java_args.each do |k, v|\n item_params = { 'subsetting' => k, 'value' => (v || '') }\n item_params.merge!(params)\n resource_hash.merge!(\"'#{k}'\" => item_params)\n end\n\n resource_hash\n end\nend"}, {"name": "puppetdb::flatten_java_args", "file": "lib/puppet/functions/puppetdb/flatten_java_args.rb", "line": 1, "type": "ruby4x", "signatures": [{"signature": "puppetdb::flatten_java_args(Optional[Hash] $java_args)", "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Optional[Hash]"], "name": "java_args"}, {"tag_name": "return", "text": "", "types": ["String"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "param", "text": "", "types": ["Optional[Hash]"], "name": "java_args"}, {"tag_name": "return", "text": "", "types": ["String"]}]}, "source": "Puppet::Functions.create_function(:'puppetdb::flatten_java_args') do\n dispatch :flatten_java_args do\n optional_param 'Hash', :java_args\n return_type 'String'\n end\n\n def flatten_java_args(java_args = {})\n args = ''\n java_args.each { |k, v| args += \"#{k}#{v} \" }\n \"\\\"#{args.chomp(' ')}\\\"\"\n end\nend"}, {"name": "syncthing_bcrypt", "file": "lib/puppet/parser/functions/syncthing_bcrypt.rb", "line": 2, "type": "ruby3x", "signatures": [{"signature": "syncthing_bcrypt()", "docstring": {"text": "", "tags": [{"tag_name": "return", "text": "", "types": ["Any"]}]}}], "docstring": {"text": "", "tags": [{"tag_name": "return", "text": "", "types": ["Any"]}]}, "source": "newfunction(:syncthing_bcrypt, type: :rvalue) do |args|\n begin\n require 'bcrypt'\n rescue LoadError\n raise Puppet::ParseError, 'syncthing_bcrypt(): bcrypt gem is required to hash passwords.'\n end\n\n if args.length == 1\n BCrypt::Password.create(args[0]).to_s\n elsif args.length == 2\n # Custom salt.\n BCrypt::Engine.hash_secret args[0], args[1]\n else\n raise Puppet::ParseError, 'syncthing_bcrypt(): Invalid number of arguments.'\n end\nend"}, {"name": "hash2ini", "file": "lib/puppet/parser/functions/hash2ini.rb", "line": 2, "type": "ruby3x", "signatures": [{"signature": "hash2ini()", "docstring": {"text": "This converts a puppet hash to an INI string.", "tags": [{"tag_name": "return", "text": "", "types": ["Any"]}]}}], "docstring": {"text": "This converts a puppet hash to an INI string.", "tags": [{"tag_name": "return", "text": "", "types": ["Any"]}]}, "source": "newfunction(:hash2ini, :type => :rvalue, :doc => <<-EOS\nThis converts a puppet hash to an INI string.\n EOS\n) do |arguments|\n\n if arguments.size < 1\n raise(Puppet::ParseError, 'hash2ini(): requires at least one argument')\n end\n if arguments.size >= 3\n raise(Puppet::ParseError, 'hash2ini(): too many arguments')\n end\n unless arguments[0].is_a?(Hash)\n raise(Puppet::ParseError, 'hash2ini(): requires a hash as argument')\n end\n\n h = arguments[0]\n\n settings = {\n 'header' => '# THIS FILE IS CONTROLLED BY PUPPET',\n 'section_prefix' => '[',\n 'section_suffix' => ']',\n 'key_val_separator' => '=',\n 'quote_char' => '\"',\n \"quote_booleans\" => true,\n \"quote_numerics\" => true,\n }\n\n if arguments[1]\n unless arguments[1].is_a?(Hash)\n raise(Puppet::ParseError, 'hash2ini(): Requires a hash as argument')\n end\n settings.merge!(arguments[1])\n end\n\n\n\n ini = []\n ini << settings['header'] << nil\n h.keys.each do |section|\n ini << \"#{settings['section_prefix']}#{section}#{settings['section_suffix']}\"\n h[section].each do |k, v|\n v_is_a_boolean = (v.is_a?(TrueClass) or v.is_a?(FalseClass))\n\n if (v_is_a_boolean and not settings['quote_booleans']) or (v.is_a?(Numeric) and not settings['quote_numerics'])\n ini << \"#{k}#{settings['key_val_separator']}#{v}\"\n else\n ini << \"#{k}#{settings['key_val_separator']}#{settings['quote_char']}#{v}#{settings['quote_char']}\"\n end\n end\n ini << nil\n end\n return ini.join(\"\\n\")\nend"}, {"name": "hash2json", "file": "lib/puppet/parser/functions/hash2json.rb", "line": 2, "type": "ruby3x", "signatures": [{"signature": "hash2json()", "docstring": {"text": "This converts a puppet hash to JSON string.", "tags": [{"tag_name": "return", "text": "", "types": ["Any"]}]}}], "docstring": {"text": "This converts a puppet hash to JSON string.", "tags": [{"tag_name": "return", "text": "", "types": ["Any"]}]}, "source": "newfunction(:hash2json, :type => :rvalue, :doc => <<-EOS\nThis converts a puppet hash to JSON string.\n EOS\n) do |arguments|\n require 'json'\n\n if arguments.size != 1\n raise(Puppet::ParseError, 'hash2json(): requires one and only one argument')\n end\n unless arguments[0].is_a?(Hash)\n raise(Puppet::ParseError, 'hash2json(): requires a hash as argument')\n end\n\n h = arguments[0]\n\n return JSON.pretty_generate(h) << \"\\n\"\nend"}, {"name": "hash2kv", "file": "lib/puppet/parser/functions/hash2kv.rb", "line": 2, "type": "ruby3x", "signatures": [{"signature": "hash2kv()", "docstring": {"text": "This converts a puppet hash to an key-value string.", "tags": [{"tag_name": "return", "text": "", "types": ["Any"]}]}}], "docstring": {"text": "This converts a puppet hash to an key-value string.", "tags": [{"tag_name": "return", "text": "", "types": ["Any"]}]}, "source": "newfunction(:hash2kv, :type => :rvalue, :doc => <<-EOS\nThis converts a puppet hash to an key-value string.\n EOS\n) do |arguments|\n\n if arguments.size < 1\n raise(Puppet::ParseError, 'hash2kv(): requires at least one argument')\n end\n if arguments.size >= 3\n raise(Puppet::ParseError, 'hash2kv(): too many arguments')\n end\n unless arguments[0].is_a?(Hash)\n raise(Puppet::ParseError, 'hash2kv(): requires a hash as argument')\n end\n\n h = arguments[0]\n\n settings = {\n 'header' => '# THIS FILE IS CONTROLLED BY PUPPET',\n 'key_val_separator' => '=',\n 'quote_char' => '\"',\n }\n\n if arguments[1]\n unless arguments[1].is_a?(Hash)\n raise(Puppet::ParseError, 'hash2kv(): Requires a hash as argument')\n end\n settings.merge!(arguments[1])\n end\n\n\n\n kv = []\n kv << settings['header'] << nil\n h.each do |k,v|\n kv << \"#{k}#{settings['key_val_separator']}#{settings['quote_char']}#{v}#{settings['quote_char']}\"\n end\n kv << nil\n return kv.join(\"\\n\")\nend"}, {"name": "hash2properties", "file": "lib/puppet/parser/functions/hash2properties.rb", "line": 2, "type": "ruby3x", "signatures": [{"signature": "hash2properties()", "docstring": {"text": "This converts a puppet hash to an properties string.", "tags": [{"tag_name": "return", "text": "", "types": ["Any"]}]}}], "docstring": {"text": "This converts a puppet hash to an properties string.", "tags": [{"tag_name": "return", "text": "", "types": ["Any"]}]}, "source": "newfunction(:hash2properties, :type => :rvalue, :doc => <<-EOS\nThis converts a puppet hash to an properties string.\n EOS\n) do |arguments|\n\n if arguments.size < 1\n raise(Puppet::ParseError, 'hash2properties(): requires at least one argument')\n end\n if arguments.size >= 3\n raise(Puppet::ParseError, 'hash2properties(): too many arguments')\n end\n unless arguments[0].is_a?(Hash)\n arg_class=arguments[0].class\n raise(Puppet::ParseError, \"hash2properties(): requires a hash as argument (received #{arg_class})\")\n end\n\n from_hash = arguments[0]\n\n settings = {\n 'header' => '# THIS FILE IS CONTROLLED BY PUPPET',\n 'key_val_separator' => '=',\n 'quote_char' => '',\n 'list_separator' => ',',\n }\n\n if arguments[1]\n unless arguments[1].is_a?(Hash)\n arg_class=arguments[1].class\n raise(Puppet::ParseError, \"hash2properties(): Requires a hash as argument (received #{arg_class})\")\n end\n settings.merge!(arguments[1])\n end\n\n properties_str=[]\n\n key_hashes = from_hash.to_a\n # puts \"Key hashes: \", String(key_hashes)\n properties = {}\n list_separator=settings['list_separator']\n while key_hashes.size > 0\n key_value = key_hashes.pop\n if key_value[1].is_a?(Hash)\n key_hashes += key_value[1].to_a.map { |key,value| [ \"#{key_value[0]}.#{key}\", value ] }\n else\n if key_value[1].is_a?(Array)\n prop_value=key_value[1].join(list_separator)\n else\n prop_value=key_value[1]\n end\n properties[key_value[0]] = prop_value\n end\n end\n\n\n key_val_separator=settings['key_val_separator']\n quote_char=settings['quote_char']\n\n properties.each do | property, value |\n properties_str << \"#{property}#{key_val_separator}#{quote_char}#{value}#{quote_char}\"\n end\n\n properties_str.sort!{ |x,y| String(x) <=> String(y) }\n properties_str.insert(0, settings['header'], '')\n properties_str << ''\n\n return properties_str.join(\"\\n\")\nend"}, {"name": "hash2yaml", "file": "lib/puppet/parser/functions/hash2yaml.rb", "line": 2, "type": "ruby3x", "signatures": [{"signature": "hash2yaml()", "docstring": {"text": "This converts a puppet hash to YAML string.", "tags": [{"tag_name": "return", "text": "", "types": ["Any"]}]}}], "docstring": {"text": "This converts a puppet hash to YAML string.", "tags": [{"tag_name": "return", "text": "", "types": ["Any"]}]}, "source": "newfunction(:hash2yaml, :type => :rvalue, :doc => <<-EOS\nThis converts a puppet hash to YAML string.\n EOS\n) do |arguments|\n require 'yaml'\n\n if arguments.size < 1\n raise(Puppet::ParseError, 'hash2yaml(): requires at least one argument')\n end\n if arguments.size >= 3\n raise(Puppet::ParseError, 'hash2yaml(): too many arguments')\n end\n unless arguments[0].is_a?(Hash)\n raise(Puppet::ParseError, 'hash2yaml(): requires a hash as argument')\n end\n\n h = arguments[0]\n\n settings = {\n 'header' => '',\n }\n\n if arguments[1]\n unless arguments[1].is_a?(Hash)\n raise(Puppet::ParseError, 'hash2yaml(): Requires a hash as second argument')\n end\n settings.merge!(arguments[1])\n end\n\n # https://github.com/hallettj/zaml/issues/3\n # https://tickets.puppetlabs.com/browse/PUP-3120\n # https://tickets.puppetlabs.com/browse/PUP-5630\n #\n # puppet 3.x uses ZAML which formats YAML output differently than puppet 4.x\n # including not ending the file with a new line\n if Puppet.version.to_f < 4.0\n output = h.to_yaml << \"\\n\"\n else\n output = h.to_yaml\n end\n\n if settings['header'].to_s.empty?\n return output\n else\n return \"#{settings['header']}\\n#{output}\"\n end\nend"}, {"name": "array_suffix", "file": "lib/puppet/parser/functions/array_suffix.rb", "line": 5, "type": "ruby3x", "signatures": [{"signature": "array_suffix()", "docstring": {"text": "This function applies a suffix to all elements in an array.\n\n*Examples:*\n\n array_suffix(['a','b','c'], 'p')\n\nWill return: ['ap','bp','cp']", "tags": [{"tag_name": "return", "text": "Array", "types": ["Any"]}]}}], "docstring": {"text": "This function applies a suffix to all elements in an array.\n\n*Examples:*\n\n array_suffix(['a','b','c'], 'p')\n\nWill return: ['ap','bp','cp']", "tags": [{"tag_name": "return", "text": "Array", "types": ["Any"]}]}, "source": "newfunction(\n :array_suffix,\n type: :rvalue,\n doc: <<~EOS\n This function applies a suffix to all elements in an array.\n\n *Examples:*\n\n array_suffix(['a','b','c'], 'p')\n\n Will return: ['ap','bp','cp']\n\n @return Array\n EOS\n) do |arguments|\n # Technically we support two arguments but only first is mandatory ...\n if arguments.empty?\n raise(Puppet::ParseError, 'array_suffix(): Wrong number of arguments ' \\\n \"given (#{arguments.size} for 1)\")\n end\n\n array = arguments[0]\n\n raise Puppet::ParseError, \"array_suffix(): expected first argument to be an Array, got #{array.inspect}\" unless array.is_a?(Array)\n\n suffix = arguments[1] if arguments[1]\n\n raise Puppet::ParseError, \"array_suffix(): expected second argument to be a String, got #{suffix.inspect}\" if suffix && !(suffix.is_a? String)\n\n # Turn everything into string same as join would do ...\n result = array.map do |i|\n i = i.to_s\n suffix ? i + suffix : i\n end\n\n return result\nend"}, {"name": "concat_merge", "file": "lib/puppet/parser/functions/concat_merge.rb", "line": 5, "type": "ruby3x", "signatures": [{"signature": "concat_merge()", "docstring": {"text": "Merges two or more hashes together concatenating duplicate keys\nwith array values and returns the resulting hash.\n\nFor example:\n\n $hash1 = {'a' => [1]}\n $hash2 = {'a' => [2]}\n concat_merge($hash1, $hash2)\n # The resulting hash is equivalent to:\n # { 'a' => [1, 2] }\n\nWhen there is a duplicate key that is not an array, the key in\nthe rightmost hash will \"win.\"", "tags": [{"tag_name": "return", "text": "String", "types": ["Any"]}]}}], "docstring": {"text": "Merges two or more hashes together concatenating duplicate keys\nwith array values and returns the resulting hash.\n\nFor example:\n\n $hash1 = {'a' => [1]}\n $hash2 = {'a' => [2]}\n concat_merge($hash1, $hash2)\n # The resulting hash is equivalent to:\n # { 'a' => [1, 2] }\n\nWhen there is a duplicate key that is not an array, the key in\nthe rightmost hash will \"win.\"", "tags": [{"tag_name": "return", "text": "String", "types": ["Any"]}]}, "source": "newfunction(\n :concat_merge,\n type: :rvalue,\n doc: <<-'ENDHEREDOC') do |args|\n Merges two or more hashes together concatenating duplicate keys\n with array values and returns the resulting hash.\n\n For example:\n\n $hash1 = {'a' => [1]}\n $hash2 = {'a' => [2]}\n concat_merge($hash1, $hash2)\n # The resulting hash is equivalent to:\n # { 'a' => [1, 2] }\n\n When there is a duplicate key that is not an array, the key in\n the rightmost hash will \"win.\"\n\n @return String\n ENDHEREDOC\n\n raise Puppet::ParseError, \"concat_merge(): wrong number of arguments (#{args.length}; must be at least 2)\" if args.length < 2\n\n concat_merge = proc do |hash1, hash2|\n hash1.merge(hash2) do |_key, old_value, new_value|\n if old_value.is_a?(Array) && new_value.is_a?(Array)\n old_value + new_value\n else\n new_value\n end\n end\n end\n\n result = {}\n args.each do |arg|\n next if arg.is_a?(String) && arg.empty? # empty string is synonym for puppet's undef\n # If the argument was not a hash, skip it.\n raise Puppet::ParseError, \"concat_merge: unexpected argument type #{arg.class}, only expects hash arguments\" unless arg.is_a?(Hash)\n\n result = concat_merge.call(result, arg)\n end\n result\nend"}, {"name": "deep_implode", "file": "lib/puppet/parser/functions/deep_implode.rb", "line": 9, "type": "ruby3x", "signatures": [{"signature": "deep_implode()", "docstring": {"text": "Recursively flattens all keys of a hash into a dot-notated\nhash, deeply merging duplicate key values by natively combining\nthem and returns the resulting hash.\n\nThat is confusing, look at the examples for more clarity.\n\nFor example:\n\n $hash = {'top' => {'sub' => [1]}, 'top.sub' => [2] }\n $flattened_hash = deep_implode($hash)\n # The resulting hash is equivalent to:\n # { 'top.sub' => [1, 2] }\n\nWhen the function encounters array or hash values, they are\nconcatenated or merged, respectively.\nWhen duplace paths for a key are generated, the function will prefer\nto retain keys with the longest root key.", "tags": [{"tag_name": "return", "text": "Hash", "types": ["Any"]}]}}], "docstring": {"text": "Recursively flattens all keys of a hash into a dot-notated\nhash, deeply merging duplicate key values by natively combining\nthem and returns the resulting hash.\n\nThat is confusing, look at the examples for more clarity.\n\nFor example:\n\n $hash = {'top' => {'sub' => [1]}, 'top.sub' => [2] }\n $flattened_hash = deep_implode($hash)\n # The resulting hash is equivalent to:\n # { 'top.sub' => [1, 2] }\n\nWhen the function encounters array or hash values, they are\nconcatenated or merged, respectively.\nWhen duplace paths for a key are generated, the function will prefer\nto retain keys with the longest root key.", "tags": [{"tag_name": "return", "text": "Hash", "types": ["Any"]}]}, "source": "newfunction(\n :deep_implode,\n type: :rvalue,\n doc: <<-'ENDHEREDOC') do |args|\n Recursively flattens all keys of a hash into a dot-notated\n hash, deeply merging duplicate key values by natively combining\n them and returns the resulting hash.\n\n That is confusing, look at the examples for more clarity.\n\n For example:\n\n $hash = {'top' => {'sub' => [1]}, 'top.sub' => [2] }\n $flattened_hash = deep_implode($hash)\n # The resulting hash is equivalent to:\n # { 'top.sub' => [1, 2] }\n\n When the function encounters array or hash values, they are\n concatenated or merged, respectively.\n When duplace paths for a key are generated, the function will prefer\n to retain keys with the longest root key.\n\n @return Hash\n ENDHEREDOC\n\n raise Puppet::ParseError, \"deep_implode(): wrong number of arguments (#{args.length}; must be 1)\" if args.length != 1\n\n arg = args[0]\n\n raise Puppet::ParseError, 'deep_implode: unexpected argument type, only expects hashes' unless arg.is_a? Hash\n\n return {} if arg.empty?\n\n Puppet_X::Elastic.deep_implode arg\nend"}, {"name": "es_plugin_name", "file": "lib/puppet/parser/functions/es_plugin_name.rb", "line": 9, "type": "ruby3x", "signatures": [{"signature": "es_plugin_name()", "docstring": {"text": "Given a string, return the best guess at what the directory name\nwill be for the given plugin. Any arguments past the first will\nbe fallbacks (using the same logic) should the first fail.\n\nFor example, all the following return values are \"plug\":\n\n es_plugin_name('plug')\n es_plugin_name('foo/plug')\n es_plugin_name('foo/plug/1.0.0')\n es_plugin_name('foo/elasticsearch-plug')\n es_plugin_name('foo/es-plug/1.3.2')", "tags": [{"tag_name": "return", "text": "String", "types": ["Any"]}]}}], "docstring": {"text": "Given a string, return the best guess at what the directory name\nwill be for the given plugin. Any arguments past the first will\nbe fallbacks (using the same logic) should the first fail.\n\nFor example, all the following return values are \"plug\":\n\n es_plugin_name('plug')\n es_plugin_name('foo/plug')\n es_plugin_name('foo/plug/1.0.0')\n es_plugin_name('foo/elasticsearch-plug')\n es_plugin_name('foo/es-plug/1.3.2')", "tags": [{"tag_name": "return", "text": "String", "types": ["Any"]}]}, "source": "newfunction(\n :es_plugin_name,\n type: :rvalue,\n doc: <<-'ENDHEREDOC') do |args|\n Given a string, return the best guess at what the directory name\n will be for the given plugin. Any arguments past the first will\n be fallbacks (using the same logic) should the first fail.\n\n For example, all the following return values are \"plug\":\n\n es_plugin_name('plug')\n es_plugin_name('foo/plug')\n es_plugin_name('foo/plug/1.0.0')\n es_plugin_name('foo/elasticsearch-plug')\n es_plugin_name('foo/es-plug/1.3.2')\n\n @return String\n ENDHEREDOC\n\n if args.empty?\n raise Puppet::ParseError,\n 'wrong number of arguments, at least one value required'\n end\n\n ret = args.select do |arg|\n arg.is_a?(String) && !arg.empty?\n end.first\n\n if ret\n Puppet_X::Elastic.plugin_name ret\n else\n raise Puppet::Error,\n 'could not determine plugin name'\n end\nend"}, {"name": "plugin_dir", "file": "lib/puppet/parser/functions/plugin_dir.rb", "line": 5, "type": "ruby3x", "signatures": [{"signature": "plugin_dir()", "docstring": {"text": "Extracts the end plugin directory of the name", "tags": [{"tag_name": "return", "text": "String", "types": ["Any"]}]}}], "docstring": {"text": "Extracts the end plugin directory of the name", "tags": [{"tag_name": "return", "text": "String", "types": ["Any"]}]}, "source": "newfunction(\n :plugin_dir,\n type: :rvalue,\n doc: <<-EOS\n Extracts the end plugin directory of the name\n\n @return String\n EOS\n) do |arguments|\n raise(Puppet::ParseError, 'plugin_dir(): No arguments given') if arguments.empty?\n raise(Puppet::ParseError, \"plugin_dir(): Too many arguments given (#{arguments.size})\") if arguments.size > 2\n raise(Puppet::ParseError, 'plugin_dir(): Requires string as first argument') unless arguments[0].is_a?(String)\n\n plugin_name = arguments[0]\n items = plugin_name.split('/')\n\n return items[0] if items.count == 1\n\n plugin = items[1]\n endname = if plugin.include?('-') # example elasticsearch-head\n if plugin.start_with?('elasticsearch-')\n plugin.gsub('elasticsearch-', '')\n elsif plugin.start_with?('es-')\n plugin.gsub('es-', '')\n else\n plugin\n end\n else\n plugin\n end\n\n return endname\nend"}], "puppet_tasks": [{"name": "init", "file": "tasks/init.json", "line": 0, "docstring": {"text": "Allows you to perform apt functions", "tags": [{"name": "action", "tag_name": "param", "text": "Action to perform ", "types": ["Enum[update, upgrade, dist-upgrade, autoremove]"]}]}, "source": "{\n \"description\": \"Allows you to perform apt functions\",\n \"input_method\": \"stdin\",\n \"parameters\": {\n \"action\": {\n \"description\": \"Action to perform \",\n \"type\": \"Enum[update, upgrade, dist-upgrade, autoremove]\"\n }\n }\n}\n", "supports_noop": false, "input_method": "stdin"}, {"name": "init", "file": "tasks/init.json", "line": 0, "docstring": {"text": "Allows you to perform yum functions", "tags": [{"name": "action", "tag_name": "param", "text": "Action to perform ", "types": ["Enum[update, upgrade, 'list updates']"]}, {"name": "quiet", "tag_name": "param", "text": "Run without output ", "types": ["Optional[Boolean]"]}]}, "source": "{\n \"description\": \"Allows you to perform yum functions\",\n \"input_method\": \"stdin\",\n \"parameters\": {\n \"action\": {\n \"description\": \"Action to perform \",\n \"type\": \"Enum[update, upgrade, 'list updates']\"\n },\n \"quiet\": {\n \"description\": \"Run without output \",\n \"type\": \"Optional[Boolean]\"\n }\n },\n \"implementations\": [\n {\n \"name\": \"init.rb\",\n \"requirements\": [\"puppet-agent\"]\n }\n ]\n}\n", "supports_noop": false, "input_method": "stdin"}, {"name": "sql", "file": "tasks/sql.json", "line": 0, "docstring": {"text": "Allows you to execute arbitary SQL", "tags": [{"name": "database", "tag_name": "param", "text": "Database to connect to", "types": ["Optional[String[1]]"]}, {"name": "host", "tag_name": "param", "text": "Hostname to connect to", "types": ["Optional[String[1]]"]}, {"name": "password", "tag_name": "param", "text": "The password", "types": ["Optional[String[1]]"]}, {"name": "port", "tag_name": "param", "text": "The port", "types": ["Optional[String[1]]"]}, {"name": "sql", "tag_name": "param", "text": "The SQL you want to execute", "types": ["String[1]"]}, {"name": "user", "tag_name": "param", "text": "The user", "types": ["Optional[String[1]]"]}]}, "source": "{\n \"description\": \"Allows you to execute arbitary SQL\",\n \"input_method\": \"stdin\",\n \"parameters\": {\n \"database\": {\n \"description\": \"Database to connect to\",\n \"type\": \"Optional[String[1]]\"\n },\n \"host\": {\n \"description\": \"Hostname to connect to\",\n \"type\": \"Optional[String[1]]\"\n },\n \"password\": {\n \"description\": \"The password\",\n \"type\": \"Optional[String[1]]\"\n },\n \"port\": {\n \"description\": \"The port\",\n \"type\": \"Optional[String[1]]\"\n },\n \"sql\": {\n \"description\": \"The SQL you want to execute\",\n \"type\": \"String[1]\"\n },\n \"user\": {\n \"description\": \"The user\",\n \"type\": \"Optional[String[1]]\"\n }\n }\n}\n", "supports_noop": false, "input_method": "stdin"}, {"name": "init", "file": "tasks/init.json", "line": 0, "docstring": {"text": "Allows you to perform apache service functions", "tags": [{"name": "action", "tag_name": "param", "text": "Action to perform ", "types": ["Enum[reload]"]}, {"name": "service_name", "tag_name": "param", "text": "The name of the apache service ", "types": ["Optional[String[1]]"]}]}, "source": "{\n \"description\": \"Allows you to perform apache service functions\",\n \"input_method\": \"stdin\",\n \"parameters\": {\n \"action\": {\n \"description\": \"Action to perform \",\n \"type\": \"Enum[reload]\"\n },\n \"service_name\": {\n \"description\": \"The name of the apache service \",\n \"type\": \"Optional[String[1]]\"\n }\n }\n}\n", "supports_noop": false, "input_method": "stdin"}, {"name": "export", "file": "tasks/export.json", "line": 0, "docstring": {"text": "Allows you to backup your database to local file.", "tags": [{"name": "database", "tag_name": "param", "text": "Database to connect to", "types": ["Optional[String[1]]"]}, {"name": "user", "tag_name": "param", "text": "The user", "types": ["Optional[String[1]]"]}, {"name": "password", "tag_name": "param", "text": "The password", "types": ["Optional[String[1]]"]}, {"name": "file", "tag_name": "param", "text": "Path to file you want backup to", "types": ["String[1]"]}]}, "source": "{\n \"description\": \"Allows you to backup your database to local file.\",\n \"input_method\": \"stdin\",\n \"parameters\": {\n \"database\": {\n \"description\": \"Database to connect to\",\n \"type\": \"Optional[String[1]]\"\n },\n \"user\": {\n \"description\": \"The user\",\n \"type\": \"Optional[String[1]]\"\n },\n \"password\": {\n \"description\": \"The password\",\n \"type\": \"Optional[String[1]]\"\n },\n \"file\": {\n \"description\": \"Path to file you want backup to\",\n \"type\": \"String[1]\"\n }\n }\n}\n", "supports_noop": false, "input_method": "stdin"}, {"name": "sql", "file": "tasks/sql.json", "line": 0, "docstring": {"text": "Allows you to execute arbitary SQL", "tags": [{"name": "database", "tag_name": "param", "text": "Database to connect to", "types": ["Optional[String[1]]"]}, {"name": "user", "tag_name": "param", "text": "The user", "types": ["Optional[String[1]]"]}, {"name": "password", "tag_name": "param", "text": "The password", "types": ["Optional[String[1]]"]}, {"name": "sql", "tag_name": "param", "text": "The SQL you want to execute", "types": ["String[1]"]}]}, "source": "{\n \"description\": \"Allows you to execute arbitary SQL\",\n \"input_method\": \"stdin\",\n \"parameters\": {\n \"database\": {\n \"description\": \"Database to connect to\",\n \"type\": \"Optional[String[1]]\"\n },\n \"user\": {\n \"description\": \"The user\",\n \"type\": \"Optional[String[1]]\"\n },\n \"password\": {\n \"description\": \"The password\",\n \"type\": \"Optional[String[1]]\"\n },\n \"sql\": {\n \"description\": \"The SQL you want to execute\",\n \"type\": \"String[1]\"\n }\n }\n}\n", "supports_noop": false, "input_method": "stdin"}], "puppet_plans": []}
\ No newline at end of file
diff --git a/reflow.py b/reflow.py
new file mode 100755
index 0000000000000000000000000000000000000000..7d01ce0df0a8ce2b97b33ab008ea7c829b7b02eb
--- /dev/null
+++ b/reflow.py
@@ -0,0 +1,73 @@
+#!/usr/bin/env python3
+
+"""
+Reword the output of puppet parser to something managable.
+
+Traverse takes a tree as returned by
+`puppet parser dump --format json` (as a python object).
+
+It returns a new python object representing the same data, but in a
+more managable format.
+"""
+
+from typing import Any
+
+
+def tagged_list_to_dict(lst: list[Any]) -> dict[Any, Any]:
+ """
+ Turn a tagged list into a dictionary.
+
+ A tagged list in this context is a list where every even value
+ (zero-indexed) is a key, and every odd value is a value.
+
+ :example:
+ >>> tagged_list_to_dict(['a', 1, 'b', 2])
+ {'a': 1, 'b': 2}
+ """
+ return {lst[i]: lst[i+1]
+ for i in range(0, len(lst), 2)}
+
+
+def traverse(tree):
+ """
+ Reflow a puppet parse output tree.
+
+ Reworks a tree returned by `puppet parser dump --format json` into
+ something amnagable by python.
+
+ - '^' tags are recursed as blocks of forms
+ - '#' are expanded as key-value pairs, turning into python
+ dictionaries
+ - lists are recursed through
+ - strings (and other stuff) is kept verbatim
+ """
+ if type(tree) == str:
+ # print(tree)
+ return tree
+ elif type(tree) == dict:
+ # `x in tree` pattern since there may be empty lists (which
+ # are "False")
+ if '#' in tree:
+ return {key: traverse(value)
+ for (key, value)
+ in tagged_list_to_dict(tree['#']).items()}
+ elif '^' in tree:
+ return [traverse(subtree) for subtree in tree['^']]
+ else:
+ raise Exception('Unexpected dictionary', tree)
+ elif type(tree) == list:
+ return [traverse(branch) for branch in tree]
+ else:
+ return tree
+
+
+def __main():
+ import json
+ import sys
+
+ json.dump(traverse(json.load(sys.stdin)), sys.stdout)
+ print()
+
+
+if __name__ == '__main__':
+ __main()
diff --git a/style.css b/style.css
new file mode 100644
index 0000000000000000000000000000000000000000..a693aeb0f403e364db71cf215c25623ca21ec1a9
--- /dev/null
+++ b/style.css
@@ -0,0 +1,76 @@
+.qn {
+ color: green;
+}
+
+.var {
+ color: blue;
+}
+
+.define {
+ color: orange;
+}
+
+.name {
+ color: red;
+}
+
+.string {
+ color: olive;
+}
+
+.str-var {
+ color: pink;
+}
+
+.qr {
+ color: darkgreen;
+}
+
+.compound-type {
+ color: lightblue;
+}
+
+.undef {
+ color: lightgray;
+}
+
+.number {
+ color: red;
+}
+
+/* -------------------------------------------------- */
+
+.parse-error {
+ background: red;
+ color: yellow;
+}
+
+/* -------------------------------------------------- */
+
+h2 {
+ position: sticky;
+ top: 0;
+ background: white;
+ display: block;
+ z-index: 100;
+}
+
+/* -------------------------------------------------- */
+
+.var {
+ position: relative;
+}
+
+.var .documentation {
+ display: none;
+ position: absolute;
+ top: 2ch;
+ left: 0;
+ border: 1px solid black;
+ background: lightblue;
+ z-index: 10;
+}
+
+.var:hover .documentation {
+ display: block;
+}
diff --git a/tests/test_reflow.py b/tests/test_reflow.py
new file mode 100644
index 0000000000000000000000000000000000000000..536898243698d7ace56aedbc3b5b315c6415b686
--- /dev/null
+++ b/tests/test_reflow.py
@@ -0,0 +1,12 @@
+"""
+Test for reflow.
+
+TODO
+- traverse
+"""
+
+from reflow import tagged_list_to_dict
+
+
+def test_tagged_list_to_dict():
+ assert tagged_list_to_dict(['a', 1, 'b', 2]) == {'a': 1, 'b': 2}