Version information
This version is compatible with:
- Puppet Enterprise 2023.8.x, 2023.7.x, 2023.6.x, 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x
- Puppet >= 7.0.0 < 9.0.0
- AlmaLinux, Amazon, Archlinux, CentOS, Darwin, Debian, Fedora, FreeBSD, Gentoo, LinuxMint, OpenBSD, OpenSUSE, OracleLinux, RedHat, Pop!_OS, Rocky, SLES, Scientific, Solaris, Ubuntu, VirtuozzoLinux, Windows
Start using this module
Add this module to your Puppetfile:
mod 'simp-simplib', '4.14.0'
Learn more about managing modules with a PuppetfileDocumentation
Table of Contents
This is a SIMP module
This module is a component of the System Integrity Management Platform, a compliance-management framework built on Puppet.
If you find any issues, they can be submitted to our JIRA.
Module Description
simp-simplib
provides a standard library of resources commonly used by SIMP
modules but generally suited for any Puppet environment.
Setup
What simplib affects
simplib
contains data types, custom types and providers, facts, functions,
and a class that expands puppetlabs-stdlib
stages.
Setup Requirements
Agents will need to enable pluginsync
.
Usage
Please see reference for usage.
Reference
Items not covered by puppet strings
are provided below.
See REFERENCE.md for all other reference documentation.
Facts
- acpid_enabled - Return true if ACPI is available on the system
- boot_dir_uuid - Return the UUID of the partition holding the boot directory
- cmdline - Returns the contents of
/proc/cmdline
as a hash - cpuinfo - Returns the contents of
/proc/cpuinfo
as a hash - defaultgateway - Return the default gateway of the system
- defaultgatewayiface - Return the default gw interface of the system
- fips_ciphers - Returns a list of available OpenSSL ciphers
- fips_enabled - Determine whether FIPS is enabled on this system
- fullrun - Determine whether to do an intensive run
- gdm_version - Return the version of GDM that is installed
- grub_version - Return the grub version installed on the system
- init_systems - Return a list of all init systems present on the system
- ipa - Return a hash containing the IPA domain and server to which a host is connected
- ipv6_enabled - Return true if IPv6 is enabled and false if not
- login_defs - Return the contents of
/etc/login.defs
as a hash with downcased keys - prelink - Returns a hash containing prelink status
- reboot_required - Returns a hash of 'name' => 'reason' entries
- root_dir_uuid - Return the UUID of the partition holding the
/
directory - runlevel - Return the current system runlevel
- shmall - Return the value of shmall from sysctl
- simplib__efi_enabled - Returns true if the system is using EFI
- simplib__secure_boot_enabled - Returns true if the host is using uEFI Secure Boot
- simplib__firewalls - Return an array of known firewall commands that are present on the system.
- simplib__mountpoints - Return a hash of mountpoints of particular interest to SIMP modules.
- simplib__numa - Return hash of numa values about your system.
- simplib_sysctl - Return hash of sysctl values that are relevant to SIMP
- simp_puppet_settings - Returns a hash of all Puppet settings on a node
- tmp_mounts - DEPRECATED - use
simplib__mountpoints
This fact provides information about/tmp
,/var/tmp
, and/dev/shm
should they be present on the system - uid_min - Return the minimum uid allowed
Run stages
See REFERENCE.md#simplibstages
Puppet extensions
The following methods are Puppet extensions in the PuppetX::SIMP::Simplib
namespace:
PuppetX::SIMP::Simplib::hostname?
Determine whether the passed value is a valid hostname, optionally postpended with ':\<number>' or '/\<number>'.
NOTE: This returns true for an IPv4 address, as it conforms to RFC 1123.
Arguments:
obj
Input to be assessed
Returns: Boolean
false
if obj
is not comprised of ASCII
letters (upper or lower case), digits, hyphens (except at the
beginning and end), and dots (except at beginning and end),
excluding an optional, trailing ':\<number>' or '/\<number>'
Examples:
# Returns true
PuppetX::SIMP::Simplib.hostname?('hostname.me.com')
PuppetX::SIMP::Simplib.hostname?('hostname.me.com:5454')
# Returns false
PuppetX::SIMP::Simplib.hostname?('-hostname.me.com')
PuppetX::SIMP::Simplib::hostname_only?
Determine whether the passed value is a valid hostname.
NOTE: This returns true for an IPv4 address, as it conforms to RFC 1123.
Arguments:
obj
Input to be assessed
Returns: Boolean
false
if obj
is not comprised of ASCII
letters (upper or lower case), digits, hyphens (except at the
beginning and end), and dots (except at beginning and end)
Examples:
# Returns true
PuppetX::SIMP::Simplib.hostname_only?('hostname.me.com')
# Returns false
PuppetX::SIMP::Simplib.hostname_only?('-hostname.me.com')
PuppetX::SIMP::Simplib.hostname_only?('hostname.me.com:5454')
PuppetX::SIMP::Simplib::human_sort
Sort a list of values based on usual human sorting semantics.
Arguments:
obj
Enumerable object to be sorted
Returns: Sorted object
PuppetX::SIMP::Simplib::split_port
Split input string into a [ host, port ] pair
Arguments:
host_string
String to be split into host and port
Returns: Array[ host, port ]
Host and port pair
* Returns ``[ nil, nil ]`` if ``host_string`` is ``nil`` or
an empty string
* Returns ``[ host_string, nil ]`` if ``host_string`` is
a CIDR address or contains no port
* Port returned is a string
Examples:
PuppetX::SIMP::Simplib.split_port('myhost.name:5656')
# returns ['myhost.name','5656']
PuppetX::SIMP::Simplib.split_port['192.165.3.9']
# returns ['192.165.3.9',nil]
PuppetX::SIMP::Simplib.split_port['192.165.3.9/24']
# returns ['192.164.3.9/24',nil]
PuppetX::SIMP::Simplib.split_port('[2001:0db8:85a3:0000:0000:8a2e:0370]:'))
# returns ['[2001:0db8:85a3:0000:0000:8a2e:0370]',nil]
Development
Please read our Contribution Guide.
If you find any issues, they can be submitted to our JIRA.
Reference
Table of Contents
Classes
simplib::reboot_notify
: This is a simple controller class for global settings related to thesimplib::stages
: Expands on thepuppetlabs-stdlib
stages
Defined types
simplib::install
: Manage packages based on Hash input
Resource types
ftpusers
: Adds all system users to the named file, preserving any other entries currently in the file.init_ulimit
: Please use thesystemd
module for systems that supportsystemd
Updateulimit
settings in init scripts. The resource name does hprepend_file_line
: Type that can prepend whole a line to a file if it does not already contain it. Example: file_prepend_line { 'sudo_rule': path => '/etc/sreboot_notify
: Notifies users when a system reboot is required. This type creates a file at $target the contents of which provide a summary of the reasonsrunlevel
: Changes the system runlevel by re-evaluating the inittab or systemd link. Arguments: name - the runlevel to evaluate for the system persiscript_umask
: Alters the umask settings in the passed file.simp_file_line
: Ensures that a given line is contained within a file. The implementation matches the full line, including whitespace at the beginning and en
Functions
simplib::assert_metadata
: Fails a compile if the client system is not compatible with the module'smetadata.json
NOTE: New capabilities will be added to the simplibsimplib::assert_optional_dependency
: Fails a compile if the system does not contain a correct version of the required module in the current environment. Provides a message aboutsimplib::bracketize
: Add brackets to strings of IPv6 addresses andArrays
of IPv6 addresses based on the rules for bracketing IPv6 addresses. Ignores anythingsimplib::caller
: Returns the location of whatever called the item that called this function (two levels up) This is meant to be used inside other functions tsimplib::cron::expand_range
: Expand all ranges ('-') into a comma separated listsimplib::cron::to_systemd
: Convert a set of 'cron' native type parameters to a 'best effort' systemd calendar Stringsimplib::debug::classtrace
: Prints out the stack of Puppet Classes and Defined Types that have been called up to this point WARNING: Uses EXPERIMENTAL features fromsimplib::debug::inspect
: Prints out Puppet warning messages that display the passed variable, data type, and location. WARNING: Uses EXPERIMENTAL features from Psimplib::debug::stacktrace
: Prints out a stacktrace of all files loaded up until the point where this function was called WARNING: Uses EXPERIMENTAL features from Psimplib::deprecation
: Function to print deprecation warnings, logging a warning once for a given key.simplib::dlookup
: A function for performing lookups targeted at ease of use with defined types. Quite often you need to override something in an existing defisimplib::filtered
: Hiera v5 backend that takes a list of allowed hiera key names, and only returns results from the underlying backend function that match thosesimplib::gen_random_password
: Generates a random password string. Terminates catalog compilation if the password cannot be created in the allotted time.simplib::hash_to_opts
: Turn a hash into a options string, for use in a shell commandsimplib::host_is_me
: Detect if a local system identifier hostname/IPv4 address matches a specified hostname/IPv4 address or an entry in a list of hostnames and/orsimplib::in_bolt
: Returnstrue
if the run is active inside of Bolt andfalse
otherwise. Presently, this function is extremely basic. However, this chesimplib::inspect
: Prints the passed variable's Ruby type and value for debugging purposes This uses aNotify
resource to print the information during thesimplib::ip::family_hash
: Process an array of IP addresses and return them split by IP family and include metadata and/or processed versions.simplib::ip_to_cron
: Transforms an IP address to one or more interval values forcron
. This can be used to avoid starting a certain cron job at the same timesimplib::ipaddresses
: Return anArray
of all IPv4 addresses known to be associated with the client, optionally excluding local addresses.simplib::join_mount_opts
: Merge two sets ofmount
options in a reasonable fashion, giving precedence to the second set.simplib::knockout
: uses the knockout prefix of '--' to remove elements from an array.simplib::ldap::domain_to_dn
: Generates a LDAP Base DN from a domainsimplib::lookup
: A function for falling back to global scope variable lookups when the Puppet 4lookup()
function cannot find a value. Whilelookup()
simplib::mock_data
: A mock data functionsimplib::module_exist
: Determines if a module exists in the current environment If passed with an author, such assimp/simplib
orsimp-simplib
, will return whesimplib::module_metadata::assert
: Fails a compile if the client system is not compatible with the module'smetadata.json
simplib::module_metadata::os_blacklisted
: Returns whether or not the passed module is blacklisted per the module's metadata.json. If a blacklist is passed, then it will return `falsesimplib::module_metadata::os_supported
: Returns whether or not the passed module is supported per the module's metadata.json.simplib::nets2cidr
: Take an input list of networks and returns an equivalentArray
in CIDR notation. Hostnames are passed through untouched. Terminates casimplib::nets2ddq
: Tranforms a list of networks into an equivalent array in dotted quad notation. * IPv4 CIDR networks are converted to dotted quad notation nesimplib::params2hash
: Returns a Hash of the parameters of the calling resource This is meant to get the parameters of classes and defined types. The behavior whensimplib::parse_hosts
: Convert anArray
of items that may contain port numbers or protocols into a structuredHash
of host information. * Works with Hostnamessimplib::passgen
: Generates/retrieves a random password string or its hash for a passed identifier. Supports 2 modes: simpkv * Password info is storsimplib::passgen::gen_password_and_salt
: Generates a password and salt Password length, complexity and complex-only settings are specified by the caller. Salt length, complexisimplib::passgen::gen_salt
: Generates a salt * Terminates catalog compilation if the salt cannot be created in the allotted time.simplib::passgen::get
: Retrieves a generated password and any stored attributes Supports 2 modes: simpkv * Password info is stored in a key/value store asimplib::passgen::legacy::common_settings
: Returns common settings used by simplib::passgen in legacy modesimplib::passgen::legacy::get
: Retrieves a generated password and any stored attributes that have been stored in files on the local file system at `Puppet.settings[:vardir]simplib::passgen::legacy::list
: Retrieves the list of generated passwords with attributes stored in files on the local files system at `Puppet.settings[:vardir]/simp/environsimplib::passgen::legacy::passgen
: Generates/retrieves a random password string or its hash for a passed identifier. * Password info is stored in files on the local file systesimplib::passgen::legacy::remove
: Removes a generated password, history and stored attributes * Password info is stored in files on the local file system at `Puppet.settingsimplib::passgen::legacy::set
: Stores a generated password and salt in files on the local filesystem at `Puppet.settings[:vardir]/simp/environments/$environment/simp_autofisimplib::passgen::list
: Retrieves the list of generated passwords with attributes and the list of sub-folders stored at a simplib::passgen folder. * Folder specificsimplib::passgen::remove
: Removes a generated password, history and stored attributes Supports 2 modes: simpkv * Password info is stored in a key/value storsimplib::passgen::set
: Sets a generated password with attributes * Sets the password and salt, backs up the previous password and salt, and depending upon mode ssimplib::passgen::simpkv::get
: Retrieves a generated password and stored attributes from a key/value store using simpkv Terminates catalog compilation if any simpkv operatsimplib::passgen::simpkv::list
: Using simpkv, retrieves the list of generated passwords with attributes and the list of sub-folders stored at a simplib::passgen folder in asimplib::passgen::simpkv::passgen
: Generates/retrieves a random password string or its hash for a passed identifier. * Password info is stored in a key/value store and accessesimplib::passgen::simpkv::remove
: Removes a generated password, history and stored attributes Password info is stored in a key/value store and removed using simpkv. simsimplib::passgen::simpkv::root_dir
: Returns the root directory in simpkv for password info generated by simplib::passgensimplib::passgen::simpkv::set
: Using simpkv, sets a generated password with attributes simpkv key is the identifier. simpkv value is a Hash with 'password' and 'salt'simplib::passgen::simpkv::valid_password_info
: Returns whether password information retrieved from simpkv is validsimplib::rand_cron
: Transforms an input string to one or more interval values forcron
. This can be used to avoid starting a certain cron job at the same timsimplib::safe_filename
: Convert a string into a filename that is 'path safe' The goal is to ensure that files do not contain characters that may accidentally turn isimplib::simp_version
: Return the version of SIMP that this server is running or "unknown\n"simplib::strip_ports
: Extract list of unique hostnames and/or IP addresses from anArray
of hosts, each of which may may contain protocols and/or port numbers Tsimplib::to_integer
: Converts the argument into anInteger
. Terminates catalog compilation if the argument's class does not respond to theto_i()
Ruby methodsimplib::to_string
: Converts the argument into aString
.simplib::validate_array_member
: Validate that an single input is a member of anotherArray
or anArray
input is a subset of anotherArray
. * The comparison can optionsimplib::validate_between
: Validate that the first value is between the second and third values numerically. The range is inclusive. Terminates catalog compilation ifsimplib::validate_bool
: Validate that all passed values are eithertrue
, 'true',false
or 'false'. Terminates catalog compilation if validation fails.simplib::validate_deep_hash
: Perform a deep validation on two passedHashes
. All keys must be defined in the referenceHash
that is being validated against. Unsimplib::validate_net_list
: Validate that a passed list (Array
or singleString
) of networks is filled with valid IP addresses, network addresses (CIDR notation), orsimplib::validate_port
: Validates whether each passed argument contains valid port(s). * Each element of each argument must, numerically, be in the range [1, 6553simplib::validate_re_array
: Perform simple validation of aString
, orArray
ofStrings
, against one or more regular expressions. * Derived from the Puppet Labs stsimplib::validate_sysctl_value
: Validate that the passed value is correct for the passedsysctl
key. If a key is not known, assumes the value is valid. Terminates catsimplib::validate_uri_list
: Validate that a passed list (Array
or singleString
) of URIs is valid according to Ruby's URI parser. * Caution: No scheme (protocol
Data types
Simplib::Cron::Hour
: Matches valid cron hour parameterSimplib::Cron::Hour_entry
: Matches valid cron hour parameter Tested with Rubular: https://rubular.com/r/y7jCmNCjgTl4kxSimplib::Cron::Minute
: Matches valid cron minute parameterSimplib::Cron::Minute_entry
: Matches valid cron minute parameter Tested with Rubular: https://rubular.com/r/kBrcbFmFldCR7qSimplib::Cron::Month
: Matches valid cron month parameterSimplib::Cron::MonthDay
: Matches valid cron monthday parameterSimplib::Cron::MonthDay_entry
: Matches valid cron monthday parameter Tested with Rubular: https://rubular.com/r/ovqrYiCurMdQirSimplib::Cron::Month_entry
: Matches valid cron month parameter Tested with Rubular: https://rubular.com/r/TSDNxt1rcWkb8USimplib::Cron::WeekDay
: Matches valid cron weekday parameterSimplib::Cron::WeekDay_entry
: Matches valid cron weekday parameter Tested with Rubular: https://rubular.com/r/uuFFu5ISzdRL7lSimplib::Domain
: Valid DNS domain names Complies with TLD restrictions from Section 2 of RFC 3696: only ASCII alpha + numbers + hyphens are allowed laSimplib::Domainlist
: List of valid domains (RFC 3696, Section 2)Simplib::EmailAddress
: Matches valid email addressesSimplib::Host
: Matches a single IP Address or HostnameSimplib::Host::Port
: Matches a single IP Address or Hostname with a PortSimplib::Hostname
: Valid Hostnames - May not match Unicode and does not validate against TLD registrySimplib::Hostname::Port
: Valid Hostnames with ports - May not match Unicode and does not validate against TLD registrySimplib::IP
: Matches a single IP AddressSimplib::IP::CIDR
: Matches valid CIDR IP addressesSimplib::IP::Port
: Matches valid IP addresses with PortsSimplib::IP::V4
: Matches valid IPv4 addresses Regex taken from Ruby core's Resolv::IPv4::Regex Reference: ruby/lib/resolv.rb Copyright 2010 Tanaka Akira <krSimplib::IP::V4::CIDR
: Matches valid IPv4 CIDR Mask addresses Base Regex taken from Ruby core's Resolv::IPv4::Regex Reference: ruby/lib/resolv.rb Copyright 2010 TSimplib::IP::V4::DDQ
: Matches valid IPv4 Dotted Quad Mask addresses Base Regex taken from Ruby core's Resolv::IPv4::Regex Reference: ruby/lib/resolv.rb CopyrightSimplib::IP::V4::Port
: Matches valid IPv4 addresses with a Port Regex taken from Ruby core's Resolv::IPv4::Regex Reference: ruby/lib/resolv.rb Copyright 2010 TanaSimplib::IP::V6
: Matches valid IPv6 addressesSimplib::IP::V6::Base
: Matches valid IPv6 addresses Regex taken from Ruby core's Resolv::IPv6::Regex Reference: ruby/lib/resolv.rb Copyright 2010 Tanaka Akira <krSimplib::IP::V6::Bracketed
: Matches valid Bracketed IPv6 addresses Regex taken from Ruby core's Resolv::IPv6::Regex Reference: ruby/lib/resolv.rb Copyright 2010 TanakaSimplib::IP::V6::CIDR
: Matches valid IPv6 addresses with CIDR netmasks Base Regex taken from Ruby core's Resolv::IPv6::Regex Reference: ruby/lib/resolv.rb CopyrigSimplib::IP::V6::Port
: Matches valid Bracketed IPv6 addresses with Port specification Base Regex taken from Ruby core's Resolv::IPv6::Regex Reference: ruby/lib/resoSimplib::Libcrypt::BSDIExtendedDES
: Regular expression pulled from the crypt(5) man pageSimplib::Libcrypt::Bcrypt
: Regular expression pulled from the crypt(5) man pageSimplib::Libcrypt::Bigcrypt
: Regular expression pulled from the crypt(5) man pageSimplib::Libcrypt::DES
: Regular expression pulled from the crypt(5) man pageSimplib::Libcrypt::MD5_FreeBSD
: Regular expression pulled from the crypt(5) man pageSimplib::Libcrypt::MD5_Sun
: Regular expression pulled from the crypt(5) man page lint:ignore:single_quote_string_with_variablesSimplib::Libcrypt::NTHASH
: Regular expression pulled from the crypt(5) man pageSimplib::Libcrypt::SHA1
: Regular expression pulled from the crypt(5) man pageSimplib::Libcrypt::SHA2_256
: Regular expression pulled from the crypt(5) man pageSimplib::Libcrypt::SHA2_512
: Regular expression pulled from the crypt(5) man pageSimplib::Libcrypt::Scrypt
: Regular expression pulled from the crypt(5) man pageSimplib::Libcrypt::Yescrypt
: Regular expression pulled from the crypt(5) man pageSimplib::Macaddress
: Matches MAC addressesSimplib::Netlist
: Matches all possible lists of Network Addresses and HostnamesSimplib::Netlist::Host
: Matches an Array of Simplib::HostsSimplib::Netlist::IP
: Matches all possible lists of IP Network AddressesSimplib::Netlist::IP::V4
: Matches all possible lists of IPv4 Network AddressesSimplib::Netlist::IP::V6
: Matches all possible lists of IPv6 Network AddressesSimplib::Netlist::Port
: Matches all possible lists of Network Addresses and Hostnames with PortsSimplib::PackageEnsure
: Valid values for theensure
parameter of thepackage
resourceSimplib::Port
: A valid port TypeSimplib::Port::Dynamic
: Corresponds to the usual unprivileged port rangeSimplib::Port::Random
: Corresponds to a port of0
which has different behaviors but usually binds to a random portSimplib::Port::System
: Corresponds to the usual privileged port rangeSimplib::Port::User
: Corresponds to the unprivileged port rangeSimplib::Puppet::Metadata::OS_support
: The 'operating_support' data structure in metadata.jsonSimplib::PuppetLogLevel
: A valid log level TypeSimplib::Serverdistribution
: Valid options for ServerdistributionSimplib::ShadowPass
: Valid entries for the password field of the 'shadow' file These items are recognized by recent versions of crypt but may not be exhaustiveSimplib::Syslog::CFacility
: Syslog facilities inC
compatible formatSimplib::Syslog::CPriority
: Syslog priorities inC
compatible formatSimplib::Syslog::CSeverity
: Syslog severities inC
compatible formatSimplib::Syslog::Facility
: Syslog facilitiesSimplib::Syslog::LowerFacility
: Valid lowercase versions of syslog facilitiesSimplib::Syslog::LowerPriority
: Valid lowercase versions of syslog prioritiesSimplib::Syslog::LowerSeverity
: Valid lowercase versions of syslog severitiesSimplib::Syslog::Priority
: Syslog prioritiesSimplib::Syslog::Severity
: Syslog severitiesSimplib::Syslog::UpperFacility
: Valid uppercase bounds for syslog facilitiesSimplib::Syslog::UpperPriority
: Valid uppercase versions of syslog prioritiesSimplib::Syslog::UpperSeverity
: Valid uppercase versions of syslog severitiesSimplib::Systemd::ServiceName
: Valid systemd service namesSimplib::URI
: Matches URI stringsSimplib::Umask
: Matches umask patterns
Classes
simplib::reboot_notify
reboot_notify
custom type
Parameters
The following parameters are available in the simplib::reboot_notify
class:
log_level
Data type: Simplib::PuppetLogLevel
The Puppet log_level to use when generating output
To change the level of the reboot_notify messages add this class to the class list in hiera and set simplib::reboot_notify::log_level to the level you want.
- Set to log_level to
debug
if you wish to disable output unless you're running in debug mode.
Default value: 'notice'
simplib::stages
Adds additional intermediate stages that we found necessary when developing various SIMP modules that had global ramifications.
Primarily, we wanted to ensure that anyone using the stdlib stages was not tripped up by any of our modules that may enable, or disable, various system, components; particularly ones that require a reboot.
Added Stages:
simp_prep
-> Comes before stdlib'ssetup
simp_finalize
-> Comes after stdlib'sdeploy
Defined types
simplib::install
This has been created as a Defined Type so that it can be properly referenced in manifest ordering
Parameters
The following parameters are available in the simplib::install
defined type:
packages
Data type: Hash[String[1], Optional[Hash]]
Hash of the packages to install
- If just a key is provided, will apply
package_ensure
to the item - A value may be provided to the package name key that will be passed along as the arguments for resource creation.
- A special entry called
defaults
can be provided that will set the default package options for all packages in theHash
@example Adding a package to be installed simplib::install({ 'my_package' => undef })
defaults
Data type: Hash[String[1], String[1]]
A Hash
of default parameters to apply to all $packages
- This will be overridden by any options applied to individual packages
@example Adding some packages with defaults simplib::install(
# The package list
{
'pkg1' => {
'ensure' => 'installed'
},
'pkg2' => undef
},
# The defaults
{
'ensure' => 'latest',
'configfiles' => 'replace'
}
)
Default value: { 'ensure' => 'present' }
Resource types
ftpusers
Adds all system users to the named file, preserving any other entries currently in the file.
Properties
The following properties are available in the ftpusers
type.
to_write
Ignored, auto-populated from /etc/passwd
Default value: default
Parameters
The following parameters are available in the ftpusers
type.
always_deny
Entries to always add to the file
Default value: ['nobody', 'nfsnobody']
min_id
The UID below which all values will be considered system users
Default value: 500
name
namevar
The file to which to write the values
init_ulimit
Please use the systemd
module for systems that support systemd
Update ulimit
settings in init scripts.
The resource name does have to be unique but is meaningless.
Valid limit_type
names are:
- b|socket_buffer_size
- c|max_core_size
- d|max_data_segment
- e|max_nice
- f|max_file_size
- i|max_pending_signals
- l|max_memory_lock_size
- m|max_resident_set_size
- n|max_open_files (default)
- p|max_queue_size
- r|max_real_time_pri
- s|max_stack_size
- t|max_cpu_time
- u|max_num_procs
- v|max_virt_memory
- x|max_file_locks
- T|max_threads
All of these are explained in the ulimit
section of bash_builtins(1)
The parameter names are taken from the descriptive field names used in
limits.conf
.
Examples
Long Names
init_ulimit { 'rsyslog':
ensure => 'present',
limit_type => 'both'
item => 'max_open_files',
value => 'unlimited'
}
Short Names
init_ulimit { 'rsyslog':
item => 'n',
value => 'unlimited'
}
Properties
The following properties are available in the init_ulimit
type.
ensure
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
value
Valid values: hard
, soft
, unlimited
, %r{^\d+$}
The value to which to set the new limit.
Parameters
The following parameters are available in the init_ulimit
type.
item
namevar
The system limit resource to modify
Default value: max_open_files
limit_type
Valid values: soft
, hard
, both
The limit type: hard|soft|both
Default value: both
name
A unique name for the resource
provider
The specific backend to use for this init_ulimit
resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
target
namevar
The service that will be modified. If you specify a full path, that will be used instead.
prepend_file_line
Type that can prepend whole a line to a file if it does not already contain it.
Example:
file_prepend_line { 'sudo_rule': path => '/etc/sudoers', line => '%admin ALL=(ALL) ALL', }
Properties
The following properties are available in the prepend_file_line
type.
ensure
Valid values: present
Has no effect, items are only added to files
Default value: present
Parameters
The following parameters are available in the prepend_file_line
type.
line
The line to be prepended to the path.
name
namevar
arbitrary name used as identity
path
File to possibly prepend a line to.
provider
The specific backend to use for this prepend_file_line
resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
reboot_notify
Notifies users when a system reboot is required.
This type creates a file at $target the contents of which provide a summary of the reasons why the system requires a reboot.
NOTE: This type will only register entries on refresh. Any other use of the type will not report the necessary reboot.
A reboot notification will be printed at each puppet run until the system is successfully rebooted.
Properties
The following properties are available in the reboot_notify
type.
ensure
Valid values: present
, absent
Whether the notification should be added or removed
Default value: present
Parameters
The following parameters are available in the reboot_notify
type.
control_only
Valid values: true
, false
, yes
, no
This resource is only for control and should not add an item to the notification list
You may only have ONE resource with this set to true
in your catalog
Default value: false
log_level
Valid values: alert
, crit
, debug
, notice
, emerg
, err
, info
, warning
Set the message log level for notifications
This is only active with :control_only set to true
Default value: notice
name
namevar
The item that is being modified that requires a reboot
provider
The specific backend to use for this reboot_notify
resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
reason
An optional reason for rebooting
Default value: modified
runlevel
Changes the system runlevel by re-evaluating the inittab or systemd link. Arguments:
name
- the runlevel to evaluate for the system
persist
- boolean value that determines whether or not to set as the default runlevel of the system
Example:
runlevel { '3': persist => true, }
Properties
The following properties are available in the runlevel
type.
level
Valid values: %r{^[1-5]$}
, rescue
, multi-user
, graphical
, default
The target runlevel of the system. Defaults to what is specified in :name
Default value: default
persist
Valid values: true
, false
Whether or not to save the runlevel as default.
Default value: true
Parameters
The following parameters are available in the runlevel
type.
name
Valid values: %r{^[1-5]$}
, rescue
, multi-user
, graphical
namevar
The target runlevel of the system
provider
The specific backend to use for this runlevel
resource. You will seldom need to specify this --- Puppet will usually
discover the appropriate provider for your platform.
transition_timeout
Valid values: %r{^\d+$}
How many seconds to wait for a runlevel switch before failing
Default value: 60
script_umask
Alters the umask settings in the passed file.
Properties
The following properties are available in the script_umask
type.
umask
Valid values: %r{^[0-7]{3,4}$}
The umask that should be set in the target file.
Default value: 077
Parameters
The following parameters are available in the script_umask
type.
name
namevar
The file to alter.
provider
The specific backend to use for this script_umask
resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
simp_file_line
Ensures that a given line is contained within a file. The implementation matches the full line, including whitespace at the beginning and end. If the line is not contained in the given file, Puppet will add the line to ensure the desired state. Multiple resources may be declared to manage multiple lines in the same file.
Example:
simp_file_line { 'sudo_rule':
path => '/etc/sudoers',
line => '%sudo ALL=(ALL) ALL',
}
simp_file_line { 'sudo_rule_nopw':
path => '/etc/sudoers',
line => '%sudonopw ALL=(ALL) NOPASSWD: ALL',
}
In this example, Puppet will ensure both of the specified lines are contained in the file /etc/sudoers.
This is an enhancement to the stdlib file_line that allows for the following additional options:
- prepend => [binary] Prepend the line instead of appending it if not using 'match'
- deconflict => [binary] Do not execute if there is a file resource that already manipulates the content of the target file.
Properties
The following properties are available in the simp_file_line
type.
ensure
Valid values: present
, absent
Whether the line should be added or removed
Default value: present
Parameters
The following parameters are available in the simp_file_line
type.
deconflict
Valid values: true
, false
Do not execute this type if there is a file type that already manages the content of the target file unless $replace == false
Default value: false
line
The line to be added to the file located by the path parameter.
match
An optional regular expression to run against existing lines in the file. If a match is found, we replace that line rather than adding a new line.
name
namevar
An arbitrary name used as the identity of the resource.
path
The file Puppet will ensure contains the line specified by the line parameter.
prepend
Valid values: true
, false
Prepend the line to the file if not using match
Default value: false
provider
The specific backend to use for this simp_file_line
resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
Functions
simplib::assert_metadata
Type: Puppet Language
Fails a compile if the client system is not compatible with the module's
metadata.json
NOTE: New capabilities will be added to the simplib::module_metadata::assert function instead of here but this will remain to preserve backwards compatibility
`simplib::assert_metadata(String[1] $module_name, Optional[Struct[{
enable => Optional[Boolean],
os => Optional[Struct[{
validate => Optional[Boolean],
options => Optional[Struct[{
release_match => Enum['none','full','major']
}]]
}]]
}]] $options = simplib::lookup('simplib::assert_metadata::options', { 'default_value' => undef }))`
Fails a compile if the client system is not compatible with the module's
metadata.json
NOTE: New capabilities will be added to the simplib::module_metadata::assert function instead of here but this will remain to preserve backwards compatibility
Returns: None
module_name
Data type: String[1]
The name of the module that should be checked
options
Data type:
Optional[Struct[{
enable => Optional[Boolean],
os => Optional[Struct[{
validate => Optional[Boolean],
options => Optional[Struct[{
release_match => Enum['none','full','major']
}]]
}]]
}]]
Behavior modifiers for the function
- Can be set using
simplib::assert_metadata::options
in thelookup
stack
Options
- enable => If set to
false
disable all validation - os
- validate => Whether or not to validate the OS settings
- options
- release_match
- none -> No match on minor release (default)
- full -> Full release must match
- major -> Only the major release must match
- release_match
simplib::assert_optional_dependency
Type: Ruby 4.x API
Fails a compile if the system does not contain a correct version of the required module in the current environment.
Provides a message about exactly which version of the module is required.
Examples
Check for the 'puppet/foo' optional dependency
### metadata.json ###
"simp": {
"optional_dependencies" [
{
"name": "puppet/foo",
"version_requirement": ">= 1.2.3 < 4.5.6"
}
]
}
### myclass.pp ###
# Check all dependencies
simplib::assert_optional_dependency($module_name)
# Check the module 'foo'
simplib::assert_optional_dependency($module_name, 'foo')
# Check the module 'foo' by author 'puppet'
simplib::assert_optional_dependency($module_name, 'puppet/foo')
# Check an alternate dependency target
simplib::assert_optional_dependency($module_name, 'puppet/foo', 'my:deps')
simplib::assert_optional_dependency(String[1] $source_module, Optional[String[1]] $target_module, Optional[String[1]] $dependency_tree)
Fails a compile if the system does not contain a correct version of the required module in the current environment.
Provides a message about exactly which version of the module is required.
Returns: None
Examples
Check for the 'puppet/foo' optional dependency
### metadata.json ###
"simp": {
"optional_dependencies" [
{
"name": "puppet/foo",
"version_requirement": ">= 1.2.3 < 4.5.6"
}
]
}
### myclass.pp ###
# Check all dependencies
simplib::assert_optional_dependency($module_name)
# Check the module 'foo'
simplib::assert_optional_dependency($module_name, 'foo')
# Check the module 'foo' by author 'puppet'
simplib::assert_optional_dependency($module_name, 'puppet/foo')
# Check an alternate dependency target
simplib::assert_optional_dependency($module_name, 'puppet/foo', 'my:deps')
source_module
Data type: String[1]
The name of the module containing the dependency information (usually the module that this function is being called from)
target_module
Data type: Optional[String[1]]
The target module to check. If not specified, all optional dependencies in the tree will be checked.
- This may optionally be the full module name with the author in
author/module
form which allows for different logic paths that can use multiple vendor modules
dependency_tree
Data type: Optional[String[1]]
The root of the dependency tree in the module's metadata.json
that
contains the optional dependencies.
- Nested levels should be separated by colons (
:
)
simplib::bracketize
Type: Ruby 4.x API
Add brackets to strings of IPv6 addresses and Arrays
of IPv6 addresses based on the rules for bracketing
IPv6 addresses.
Ignores anything that does not look like an IPv6 address and return those entries untouched.
simplib::bracketize(Array[String] $ip_arr)
The simplib::bracketize function.
Returns: Variant[String, Array[String]]
converted input
Examples
Bracketize ip_arr input
$foo = [ '2001:0db8:85a3:0000:0000:8a2e:0370:7334',
'2001:0db8:85a3:0000:0000:8a2e:0370:7334/24' ]
$bar = simplib::bracketize($foo)
$bar contains:[ '[2001:0db8:85a3:0000:0000:8a2e:0370:7334]',
'[2001:0db8:85a3:0000:0000:8a2e:0370:7334]/24' ]
ip_arr
Data type: Array[String]
The array of IPv6 addresses to bracketize
simplib::bracketize(String $ipaddr_string)
The simplib::bracketize function.
Returns: Variant[String, Array[String]]
converted input
Examples
Bracketize ipaddr_string input
$foo = '2001:0db8:85a3:0000:0000:8a2e:0370:7334,2001:0db8:85a3:0000:0000:8a2e:0370:7334/24 3456:0db8:85a3:0000:0000:8a2e:0370:7334'
$bar = simplib::bracketize($foo)
$bar contains:[ '[2001:0db8:85a3:0000:0000:8a2e:0370:7334]',
'[2001:0db8:85a3:0000:0000:8a2e:0370:7334]/24',
'[3456:0db8:85a3:0000:0000:8a2e:0370:7334]' ]
ipaddr_string
Data type: String
The string of IPv6 addresses to bracketize (comma, space, and/or semi-colon separated)
simplib::caller
Type: Ruby 4.x API
Returns the location of whatever called the item that called this function (two levels up)
This is meant to be used inside other functions to tell you what is calling the given function so that you can return a meaningful error message and has limited utility outside of that situation.
WARNING: Uses EXPERIMENTAL features from Puppet, may break at any time.
simplib::caller(Optional[Integer[0]] $depth, Optional[Boolean] $print)
Returns the location of whatever called the item that called this function (two levels up)
This is meant to be used inside other functions to tell you what is calling the given function so that you can return a meaningful error message and has limited utility outside of that situation.
WARNING: Uses EXPERIMENTAL features from Puppet, may break at any time.
Returns: Array
The caller
depth
Data type: Optional[Integer[0]]
The level to walk backwards in the stack. May be useful for popping out of known function nesting
print
Data type: Optional[Boolean]
Whether or not to print to the visual output
simplib::cron::expand_range
Type: Puppet Language
Expand all ranges ('-') into a comma separated list
simplib::cron::expand_range(String $range)
Expand all ranges ('-') into a comma separated list
Returns: String
range
Data type: String
The range to convert
simplib::cron::to_systemd
Type: Puppet Language
Convert a set of 'cron' native type parameters to a 'best effort' systemd calendar String
simplib::cron::to_systemd(Simplib::Cron::Minute $minute = '*', Simplib::Cron::Hour $hour = '*', Simplib::Cron::Month $month = '*', Simplib::Cron::Monthday $monthday = '*', Optional[Simplib::Cron::Weekday] $weekday = undef)
Convert a set of 'cron' native type parameters to a 'best effort' systemd calendar String
Returns: String
minute
Data type: Simplib::Cron::Minute
The minute
parameter from the cron resource
hour
Data type: Simplib::Cron::Hour
The hour
parameter from the cron resource
month
Data type: Simplib::Cron::Month
The month
parameter from the cron resource
monthday
Data type: Simplib::Cron::Monthday
The monthday
parameter from the cron resource
weekday
Data type: Optional[Simplib::Cron::Weekday]
The weekday
parameter from the cron resource
simplib::debug::classtrace
Type: Ruby 4.x API
Prints out the stack of Puppet Classes and Defined Types that have been called up to this point
WARNING: Uses EXPERIMENTAL features from Puppet, may break at any time.
simplib::debug::classtrace(Optional[Boolean] $print)
Prints out the stack of Puppet Classes and Defined Types that have been called up to this point
WARNING: Uses EXPERIMENTAL features from Puppet, may break at any time.
Returns: Array
The class trace
print
Data type: Optional[Boolean]
Whether or not to print to the visual output
simplib::debug::inspect
Type: Ruby 4.x API
Prints out Puppet warning messages that display the passed variable, data type, and location.
WARNING: Uses EXPERIMENTAL features from Puppet, may break at any time.
simplib::debug::inspect(NotUndef $to_inspect, Optional[Boolean] $print)
Prints out Puppet warning messages that display the passed variable, data type, and location.
WARNING: Uses EXPERIMENTAL features from Puppet, may break at any time.
Returns: Hash
Hash of the data that is printed
to_inspect
Data type: NotUndef
The parameter that you wish to inspect
print
Data type: Optional[Boolean]
Whether or not to print to the visual output
simplib::debug::stacktrace
Type: Ruby 4.x API
Prints out a stacktrace of all files loaded up until the point where this function was called
WARNING: Uses EXPERIMENTAL features from Puppet, may break at any time.
simplib::debug::stacktrace(Optional[Boolean] $print)
Prints out a stacktrace of all files loaded up until the point where this function was called
WARNING: Uses EXPERIMENTAL features from Puppet, may break at any time.
Returns: Array
The stack trace
print
Data type: Optional[Boolean]
Whether or not to print to the visual output
simplib::deprecation
Type: Ruby 4.x API
Function to print deprecation warnings, logging a warning once for a given key.
Examples
Emit a warning about a function that will be removed
simplib::deprecation('simplib::foo', 'simplib::foo is deprecated and will be removed in a future version')
Emit a Warning about function that has been replaced
simplib::deprecation('simplib::foo', 'simplib::foo is deprecated. Please use simplib::foo2 instead')
simplib::deprecation(String $key, String $message)
Function to print deprecation warnings, logging a warning once for a given key.
Returns: Nil
Examples
Emit a warning about a function that will be removed
simplib::deprecation('simplib::foo', 'simplib::foo is deprecated and will be removed in a future version')
Emit a Warning about function that has been replaced
simplib::deprecation('simplib::foo', 'simplib::foo is deprecated. Please use simplib::foo2 instead')
key
Data type: String
Uniqueness key, which is used to dedupe messages.
message
Data type: String
Message to be printed, to which file and line information will be appended, if available.
simplib::dlookup
Type: Ruby 4.x API
A function for performing lookups targeted at ease of use with defined types.
Quite often you need to override something in an existing defined type and, presently, you have to do this by creating a resource collector and potentially ending up with unintended side-effects.
This function introduces the capability to consistently opt-in to a lookup syntax for overriding all parameters of a given defined type or parameters on a specific instance of a defined type.
This calls simplib::lookup
under the hood after formatting the parameters
appropriately but was split out in case the underlying syntax needs to
change in the future.
There are two ways to call this method as shown in the following examples.
Examples
Global Options
In this case, you want to set a parameter on *every* instance of your
defined type that is ever called. For example, this may be useful for
setting cipher suites to a modified global default to meet company policy.
This follows the general Puppet nomenclature for class lookups since you
cannot have a class and defined type of the same name.
Function Call:
```ruby
define mydef::global (
$ssl_version = simplib::dlookup('mydef::global', 'ssl_version', { 'default_value' => 'SSLv3' })
) { ... }
mydef::global { 'test': }
Example Hieradata:
---
mydef::global::ssl_version: 'TLS1.2'
##### Specific Instance Options
```puppet
In this case, you want to focus on a specific named instance of a defined
type resource and change only that parameter. If the specific instance
cannot be found, it will fall back to a global lookup for the parameter
as in the first example.
Function Call:
```ruby
define mydef::specific (
$ssl_version = simplib::dlookup('mydef::specific', 'ssl_version', $title, { 'default_value' => 'SSLv3' })
) { ... }
mydef::specific{ 'test': }
Example Hieradata:
---
"Mydef::Specific[test]::ssl_version": 'TLS1.2'
Note that, in this case, only the test
instance of the mydef::specific
resource will have its ssl_version
set to TLS1.2
. All others will have
their version set to SSLv3
.
#### `simplib::dlookup(String[1] $define_id, String[1] $param, Optional[Any] $options)`
The literal unique identifier of the defined type resource ('mydef::global'
in the examples)
Returns: `Any` The discovered data from Hiera
##### `define_id`
Data type: `String[1]`
##### `param`
Data type: `String[1]`
The parameter that you wish to look up
##### `options`
Data type: `Optional[Any]`
Hash of options for regular ``lookup()``
* This **must** follow the syntax rules for the
Puppet ``lookup( [<NAME>], <OPTIONS HASH> )`` version of ``lookup()``
* No other formats are supported!
#### `simplib::dlookup(String[1] $define_id, String[1] $param, String[1] $resource_title, Optional[Any] $options)`
The literal unique identifier of the defined type resource ('mydef::specific'
in the examples)
Returns: `Any` The discovered data from Hiera
##### `define_id`
Data type: `String[1]`
##### `param`
Data type: `String[1]`
The parameter that you wish to look up
##### `resource_title`
Data type: `String[1]`
The $title of the resource
##### `options`
Data type: `Optional[Any]`
Hash of options for regular ``lookup()``
* This **must** follow the syntax rules for the
Puppet ``lookup( [<NAME>], <OPTIONS HASH> )`` version of ``lookup()``
* No other formats are supported!
### <a name="simplib--filtered"></a>`simplib::filtered`
Type: Ruby 4.x API
Hiera v5 backend that takes a list of allowed hiera key names, and only
returns results from the underlying backend function that match those keys.
This allows hiera data to be delegated to end users in a multi-tenant
environment without allowing them the ability to override every hiera data
point (and potentially break systems)
#### Examples
##### Enabling the Backend
```puppet
---
version: 5 # Specific version of hiera we are using, required for v4 and v5
defaults: # Used for any hierarchy level that omits these keys.
datadir: "data" # This path is relative to hiera.yaml's directory.
data_hash: "yaml_data" # Use the built-in YAML backend.
hierarchy: # Each hierarchy consists of multiple levels
- name: "OSFamily"
path: "osfamily/%{facts.osfamily}.yaml"
- name: "datamodules"
data_hash: simplib::filtered
datadir: "delegated-data"
paths:
- "%{facts.sitename}/osfamily/%{facts.osfamily}.yaml"
- "%{facts.sitename}/os/%{facts.operatingsystem}.yaml"
- "%{facts.sitename}/host/%{facts.fqdn}.yaml"
- "%{facts.sitename}/common.yaml"
options:
function: yaml_data
filter:
- profiles::ntp::servers
- profiles::.*
- name: "Common"
path: "common.yaml"
simplib::filtered(Hash $options, Puppet::LookupContext $context)
The simplib::filtered function.
Returns: Hash
options
Data type: Hash
context
Data type: Puppet::LookupContext
simplib::filtered(String $key, Hash $options, Puppet::LookupContext $context)
The simplib::filtered function.
Returns: Hash
key
Data type: String
options
Data type: Hash
context
Data type: Puppet::LookupContext
simplib::gen_random_password
Type: Ruby 4.x API
Generates a random password string.
Terminates catalog compilation if the password cannot be created in the allotted time.
simplib::gen_random_password(Integer[8] $length, Optional[Integer[0,2]] $complexity, Optional[Boolean] $complex_only, Optional[Variant[Integer[0],Float[0]]] $timeout_seconds)
Generates a random password string.
Terminates catalog compilation if the password cannot be created in the allotted time.
Returns: String
Generated password
Raises:
if
password cannot be created within allotted time
length
Data type: Integer[8]
Length of the new password.
complexity
Data type: Optional[Integer[0,2]]
Specifies the types of characters to be used in the password
0
=> Use only Alphanumeric characters (safest)1
=> Use Alphanumeric characters and reasonably safe symbols2
=> Use any printable ASCII characters
complex_only
Data type: Optional[Boolean]
Use only the characters explicitly added by the complexity rules
timeout_seconds
Data type: Optional[Variant[Integer[0],Float[0]]]
Maximum time allotted to generate the password; a value of 0 disables the timeout
simplib::hash_to_opts
Type: Puppet Language
Turn a hash into a options string, for use in a shell command
Examples
simplib::hash_to_opts({'key' => 'value'})
returns ``--key=value``
simplib::hash_to_opts({'key' => ['lo',7,false]})
returns ``--key=lo,7,false``
simplib::hash_to_opts({'key' => Undef })
returns ```--key``
simplib::hash_to_opts({'f' => '/tmp/file'}, {'connector' => ' ', 'prefix' => '-'})
returns ``-f /tmp/file``
`simplib::hash_to_opts(Hash[String,Variant[Array,String,Numeric,Boolean,Undef]] $input, Struct[{
Optional[connector] => String[1],
Optional[prefix] => String[1],
Optional[repeat] => Enum['comma','repeat'],
Optional[delimiter] => String[1],
}] $opts = {})`
Turn a hash into a options string, for use in a shell command
Returns: String
Examples
simplib::hash_to_opts({'key' => 'value'})
returns ``--key=value``
simplib::hash_to_opts({'key' => ['lo',7,false]})
returns ``--key=lo,7,false``
simplib::hash_to_opts({'key' => Undef })
returns ```--key``
simplib::hash_to_opts({'f' => '/tmp/file'}, {'connector' => ' ', 'prefix' => '-'})
returns ``-f /tmp/file``
input
Data type: Hash[String,Variant[Array,String,Numeric,Boolean,Undef]]
Input hash, with Strings as keys and either a String, Array, Numeric, Boolean, or Undef as a value.
opts
Data type:
Struct[{
Optional[connector] => String[1],
Optional[prefix] => String[1],
Optional[repeat] => Enum['comma','repeat'],
Optional[delimiter] => String[1],
}]
Options hash. It only takes 3 keys, none of them required:
connector
: String that joins each key and value pair. Defaults to '='prefix
: String that prefixes each key value pair. Defaults to '--'delimiter
: When a value is an array, the string that is used to deliminate each item. Defaults to ','repeat
: Whether to return array values as a deliminated string, or by repeating the option with each unique value
simplib::host_is_me
Type: Ruby 4.x API
Detect if a local system identifier hostname/IPv4 address matches a specified hostname/IPv4 address or an entry in a list of hostnames and/or IPv4 addresses
simplib::host_is_me(Simplib::Host $host)
The simplib::host_is_me function.
Returns: Boolean
true if a local system hostname/IPv4 address matches
the specified host
host
Data type: Simplib::Host
Hostname/IPv4 address to compare against;
127.0.0.1
is never matched, use localhost
instead
simplib::host_is_me(Array[Simplib::Host] $hosts)
The simplib::host_is_me function.
Returns: Boolean
true if a local system hostname/IPv4 address matches
any of the specified hosts
hosts
Data type: Array[Simplib::Host]
Array of Hostnames and/or IPv4 addresses to compare
against; 127.0.0.1
is never matched, use localhost
instead
simplib::in_bolt
Type: Puppet Language
Returns true
if the run is active inside of Bolt and false
otherwise.
Presently, this function is extremely basic. However, this check was placed here to allow us to update the check in the future without needing to modify more than one module or hunt down code.
simplib::in_bolt()
Returns true
if the run is active inside of Bolt and false
otherwise.
Presently, this function is extremely basic. However, this check was placed here to allow us to update the check in the future without needing to modify more than one module or hunt down code.
Returns: Boolean
simplib::inspect
Type: Puppet Language
Prints the passed variable's Ruby type and value for debugging purposes
This uses a Notify
resource to print the information during the client
run.
class my_test( String $var1, Hash $var2 ) { simplib::inspect('var1') simplib::inspect('var2') ... }
Examples
Debugging variable content
simplib::inspect(String $var_name, Enum['json','yaml', 'oneline_json'] $output_type = 'json')
Prints the passed variable's Ruby type and value for debugging purposes
This uses a Notify
resource to print the information during the client
run.
class my_test( String $var1, Hash $var2 ) { simplib::inspect('var1') simplib::inspect('var2') ... }
Returns: None
Examples
Debugging variable content
var_name
Data type: String
The actual name of the variable, fully scoped, as a String
output_type
Data type: Enum['json','yaml', 'oneline_json']
The format that you wish to use to display the output during the run. 'json' and 'yaml' result in multi-line message content. 'oneline_json' results in single-line message content.
simplib::ip::family_hash
Type: Ruby 4.x API
Process an array of IP addresses and return them split by IP family and include metadata and/or processed versions.
Examples
simplib::ip::family_hash(
[
'1.2.3.4',
'2.3.4.5/8',
'::1',
]
)
Returns (YAML Formatted for clarity)
---
ipv4:
'1.2.3.4':
address: '1.2.3.4'
netmask:
ddq: '255.255.255.255'
cidr: 32
'2.3.4.5/8':
address: '2.0.0.0'
netmask:
ddq: '255.0.0.0'
cidr: 8
ipv6:
'::1':
address: '[::1]'
netmask:
ddq: nil
cidr: 128
`simplib::ip::family_hash(Variant[
Simplib::Host,
Simplib::IP::V4::DDQ,
Simplib::IP::V4::CIDR,
Simplib::IP::V6::CIDR,
Simplib::Netlist
] $ip_addresses)`
Process an array of IP addresses and return them split by IP family and include metadata and/or processed versions.
Returns: Hash
Converted Hash with the following format (YAML representation):
# IPv4 Addresses
ipv4:
<Passed Address>:
address: <normalized address>
netmask:
ddq: <dotted quad notation netmask>
cidr: <CIDR netmask>
# IPv6 Addresses
ipv6:
<Passed Address>:
address: <normalized address>
netmask:
# DDQ is not valid for IPv6
ddq: nil
cidr: <CIDR netmask>
Examples
simplib::ip::family_hash(
[
'1.2.3.4',
'2.3.4.5/8',
'::1',
]
)
Returns (YAML Formatted for clarity)
---
ipv4:
'1.2.3.4':
address: '1.2.3.4'
netmask:
ddq: '255.255.255.255'
cidr: 32
'2.3.4.5/8':
address: '2.0.0.0'
netmask:
ddq: '255.0.0.0'
cidr: 8
ipv6:
'::1':
address: '[::1]'
netmask:
ddq: nil
cidr: 128
ip_addresses
Data type:
Variant[
Simplib::Host,
Simplib::IP::V4::DDQ,
Simplib::IP::V4::CIDR,
Simplib::IP::V6::CIDR,
Simplib::Netlist
]
The addresses to convert
simplib::ip_to_cron
Type: Ruby 4.x API
Transforms an IP address to one or more interval values for cron
.
This can be used to avoid starting a certain cron job at the same
time on all servers.
Examples
Generate one value for the minute
cron interval
ip_to_cron()
Generate 2 values for the hour
cron interval, using the
'sha256' algorithm and a provided IP address
ip_to_cron(2,23,'sha256','10.0.23.45')
simplib::ip_to_cron(Optional[Integer[1]] $occurs, Optional[Integer[1]] $max_value, Optional[IpToCronAlgorithm] $algorithm, Optional[Simplib::IP] $ip)
Transforms an IP address to one or more interval values for cron
.
This can be used to avoid starting a certain cron job at the same
time on all servers.
Returns: Array[Integer]
Array of integers suitable for use in the
minute
or hour
cron field.
Examples
Generate one value for the minute
cron interval
ip_to_cron()
Generate 2 values for the hour
cron interval, using the
'sha256' algorithm and a provided IP address
ip_to_cron(2,23,'sha256','10.0.23.45')
occurs
Data type: Optional[Integer[1]]
The occurrence within an interval, i.e., the number of values to be generated for the interval.
max_value
Data type: Optional[Integer[1]]
The maximum value for the interval. The values generated will be in the inclusive range [0, max_value].
algorithm
Data type: Optional[IpToCronAlgorithm]
When 'ip_mod', the modulus of the IP number is used as the basis
for the returned values. This algorithm works well to create
cron job intervals for multiple hosts, when the number of hosts
exceeds the max_value
and the hosts have largely, linearly-
assigned IP addresses.
When 'sha256', a random number generated using the IP address
string is the basis for the returned values. This algorithm
works well to create cron job intervals for multiple hosts,
when the number of hosts is less than the max_value
or the
hosts do not have linearly-assigned IP addresses.
ip
Data type: Optional[Simplib::IP]
The IP address to use as the basis for the generated values.
When nil
, the 'ipaddress' fact (IPv4) is used.
simplib::ipaddresses
Type: Ruby 4.x API
Return an Array
of all IPv4 addresses known to be associated with the
client, optionally excluding local addresses.
simplib::ipaddresses(Optional[Boolean] $only_remote)
Return an Array
of all IPv4 addresses known to be associated with the
client, optionally excluding local addresses.
Returns: Array[String]
List of IP addresses for the client
only_remote
Data type: Optional[Boolean]
Whether to exclude local addresses from the return value (e.g., '127.0.0.1').
simplib::join_mount_opts
Type: Ruby 4.x API
Merge two sets of mount
options in a reasonable fashion, giving
precedence to the second set.
simplib::join_mount_opts(Array[String] $system_mount_opts, Array[String] $new_mount_opts)
Merge two sets of mount
options in a reasonable fashion, giving
precedence to the second set.
Returns: String
Merged options string in which new_mount_opts
mount options take precedence; options are comma delimited
system_mount_opts
Data type: Array[String]
System mount options
new_mount_opts
Data type: Array[String]
New mount options, which will override
system_mount_opts
when there are conflicts
simplib::knockout
Type: Puppet Language
uses the knockout prefix of '--' to remove elements from an array.
Examples
Using knockout
array = [
'ssh',
'sudo',
'--ssh',
]
result = simplib::knockout(array)
result => [
'sudo'
]
simplib::knockout(Array $array)
uses the knockout prefix of '--' to remove elements from an array.
Returns: Array
Resulting array.
Examples
Using knockout
array = [
'ssh',
'sudo',
'--ssh',
]
result = simplib::knockout(array)
result => [
'sudo'
]
array
Data type: Array
The array to knockout
simplib::ldap::domain_to_dn
Type: Puppet Language
Generates a LDAP Base DN from a domain
Examples
Generate LDAP Base DN with uppercase attributes
$ldap_dn = simplib::ldap::domain_to_dn('test.local')
returns $ldap_dn = 'DC=test,DC=local'
Generate LDAP Base DN with lowercase attributes
$ldap_dn = simplib::ldap::domain_to_dn('test.local', true)
returns $ldap_dn = 'dc=test,dc=local'
simplib::ldap::domain_to_dn(String $domain = $facts['networking']['domain'], Boolean $downcase_attributes = false)
Generates a LDAP Base DN from a domain
Returns: String
Examples
Generate LDAP Base DN with uppercase attributes
$ldap_dn = simplib::ldap::domain_to_dn('test.local')
returns $ldap_dn = 'DC=test,DC=local'
Generate LDAP Base DN with lowercase attributes
$ldap_dn = simplib::ldap::domain_to_dn('test.local', true)
returns $ldap_dn = 'dc=test,dc=local'
domain
Data type: String
The domain to convert, defaults to the domain
fact
downcase_attributes
Data type: Boolean
Whether to downcase the LDAP attributes
- Different tools have bugs where they cannot, handle both upcased and downcased LDAP attribute elements
simplib::lookup
Type: Ruby 4.x API
A function for falling back to global scope variable lookups when the
Puppet 4 lookup()
function cannot find a value.
While lookup()
will stop at the back-end data sources,
simplib::lookup()
will check the global scope first to see if the
variable has been defined.
This means that you can pre-declare a class and/or use an ENC and look up the variable whether it is declared this way or via Hiera or some other back-end.
Examples
No defaults
simplib::lookup('foo::bar::baz')
With a default
simplib::lookup('foo::bar::baz', { 'default_value' => 'Banana' })
With a typed default
simplib::lookup('foo::bar::baz', { 'default_value' => 'Banana', 'value_type' => String })
simplib::lookup(String $param, Optional[Any] $options)
A function for falling back to global scope variable lookups when the
Puppet 4 lookup()
function cannot find a value.
While lookup()
will stop at the back-end data sources,
simplib::lookup()
will check the global scope first to see if the
variable has been defined.
This means that you can pre-declare a class and/or use an ENC and look up the variable whether it is declared this way or via Hiera or some other back-end.
Returns: Any
The value that is found in the system for the passed
parameter.
Examples
No defaults
simplib::lookup('foo::bar::baz')
With a default
simplib::lookup('foo::bar::baz', { 'default_value' => 'Banana' })
With a typed default
simplib::lookup('foo::bar::baz', { 'default_value' => 'Banana', 'value_type' => String })
param
Data type: String
The parameter that you wish to look up
options
Data type: Optional[Any]
Hash of options for regular lookup()
- This must follow the syntax rules for the
Puppet
lookup( [<NAME>], <OPTIONS HASH> )
version oflookup()
- No other formats are supported!
simplib::mock_data
Type: Ruby 4.x API
A mock data function
simplib::mock_data(Hash $options, Puppet::LookupContext $context)
The simplib::mock_data function.
Returns: Any
options
Data type: Hash
context
Data type: Puppet::LookupContext
simplib::mock_data(String $key, Hash $options, Puppet::LookupContext $context)
The simplib::mock_data function.
Returns: Any
key
Data type: String
options
Data type: Hash
context
Data type: Puppet::LookupContext
simplib::module_exist
Type: Ruby 4.x API
Determines if a module exists in the current environment
If passed with an author, such as simp/simplib
or simp-simplib
, will
return whether or not that specific module exists.
simplib::module_exist(String[1] $module_name)
Determines if a module exists in the current environment
If passed with an author, such as simp/simplib
or simp-simplib
, will
return whether or not that specific module exists.
Returns: Boolean
Whether or not the module exists in the current environment
module_name
Data type: String[1]
The module name to check
simplib::module_metadata::assert
Type: Puppet Language
Fails a compile if the client system is not compatible with the module's
metadata.json
`simplib::module_metadata::assert(String[1] $module_name, Optional[Struct[{
enable => Optional[Boolean],
blacklist => Optional[Array[Variant[String[1], Hash[String[1], Variant[String[1], Array[String[1]]]]]]],
blacklist_validation => Optional[Struct[{
enable => Optional[Boolean],
options => Optional[Struct[{
release_match => Enum['none','full','major']
}]]
}]],
os_validation => Optional[Struct[{
enable => Optional[Boolean],
options => Optional[Struct[{
release_match => Enum['none','full','major']
}]]
}]]
}]] $options = simplib::lookup('simplib::assert_metadata::options', { 'default_value' => undef }))`
Fails a compile if the client system is not compatible with the module's
metadata.json
Returns: None
module_name
Data type: String[1]
The name of the module that should be checked
options
Data type:
Optional[Struct[{
enable => Optional[Boolean],
blacklist => Optional[Array[Variant[String[1], Hash[String[1], Variant[String[1], Array[String[1]]]]]]],
blacklist_validation => Optional[Struct[{
enable => Optional[Boolean],
options => Optional[Struct[{
release_match => Enum['none','full','major']
}]]
}]],
os_validation => Optional[Struct[{
enable => Optional[Boolean],
options => Optional[Struct[{
release_match => Enum['none','full','major']
}]]
}]]
}]]
Options to control the assertion behavior
@see $simplib::module_metadata::os_blacklist::options @see $simplib::module_metadata::os_supported::options
simplib::module_metadata::os_blacklisted
Type: Puppet Language
Returns whether or not the passed module is blacklisted per the module's metadata.json.
If a blacklist is passed, then it will return false
if the OS is in the
blacklist and true
otherwise.
`simplib::module_metadata::os_blacklisted(Hash $module_metadata, Array[Variant[String[1], Hash[String[1], Variant[String[1], Array[String[1]]]]]] $blacklist, Optional[Struct[{
release_match => Enum['none','full','major']
}]] $options = undef)`
Returns whether or not the passed module is blacklisted per the module's metadata.json.
If a blacklist is passed, then it will return false
if the OS is in the
blacklist and true
otherwise.
Returns: Boolean
true => The OS + release is blacklisted
false => The OS + release is not not blacklisted
module_metadata
Data type: Hash
A Hash of the contents of the metadata.json for a puppet module.
- In general, this should be generated by load_module_metadata($module_name)
blacklist
Data type: Array[Variant[String[1], Hash[String[1], Variant[String[1], Array[String[1]]]]]]
An Array of Strings or Hashes
- Strings: Only match against the OS name, effectively blacklisting all versions of the OS
- Hash: Must be of the form { 'OS' => ['version1', 'version2'] }
@example Blacklist all Windows, RHEL 7.2, and OEL 8.2 [ 'Windows', { 'RedHat' => ['7.2'] }, { 'OracleLinux' => ['8.2'] ]
options
Data type:
Optional[Struct[{
release_match => Enum['none','full','major']
}]]
Options that determine the nature of OS matching
Attributes: release_match:
* 'none' -> No match on release (default)
* 'full' -> Full release must match
* 'major' -> Only the major release must match
simplib::module_metadata::os_supported
Type: Puppet Language
Returns whether or not the passed module is supported per the module's metadata.json.
`simplib::module_metadata::os_supported(Hash $module_metadata, Optional[Struct[{
release_match => Enum['none','full','major']
}]] $options = undef)`
Returns whether or not the passed module is supported per the module's metadata.json.
Returns: Boolean
true => The OS + release is supported
false => The OS + release is not not supported
module_metadata
Data type: Hash
A Hash of the contents of the metadata.json for a puppet module.
- In general, this should be generated by load_module_metadata($module_name)
options
Data type:
Optional[Struct[{
release_match => Enum['none','full','major']
}]]
Options that determine the nature of OS matching
Attributes: release_match:
* 'none' -> No match on release (default)
* 'full' -> Full release must match
* 'major' -> Only the major release must match
simplib::nets2cidr
Type: Ruby 4.x API
Take an input list of networks and returns an equivalent Array
in
CIDR notation.
- Hostnames are passed through untouched.
- Terminates catalog compilation if any input item is not a valid network or hostname.
simplib::nets2cidr(String $network_list)
The simplib::nets2cidr function.
Returns: Array[String]
Array of networks in CIDR notation
Examples
Convert space-separated network string
$networks = '1.2.0.0/255.255.0.0 myhost.test.local'
$cidrs = nets2cidr($networks)
returns $cidrs = [ '1.2.0.0/16',
'myhost.test.local'
]
network_list
Data type: String
List of 1 or more networks separated by spaces, commas, or semicolons
simplib::nets2cidr(Array $networks)
The simplib::nets2cidr function.
Returns: Array[String]
Array of networks in CIDR notation
Examples
Convert array of networks
$networks = [ '1.2.0.0/255.255.0.0',
'2001:db8:85a3::8a2e:370:0/112',
'1.2.3.4',
'myhost.test.local'
]
$cidrs = nets2cidr($networks)
returns $cidrs = [ '1.2.0.0/16',
'2001:db8:85a3::8a2e:370:0/112',
'1.2.3.4',
'myhost.test.local'
]
networks
Data type: Array
Array of networks
simplib::nets2ddq
Type: Ruby 4.x API
Tranforms a list of networks into an equivalent array in dotted quad notation.
- IPv4 CIDR networks are converted to dotted quad notation networks. All other IP addresses and hostnames are left untouched.
- Terminates catalog compilation if any input item is not a valid network or hostname.
simplib::nets2ddq(Array $networks)
The simplib::nets2ddq function.
Returns: Array[String]
Converted input
Examples
Convert Array input
$foo = [ '10.0.1.0/24',
'10.0.2.0/255.255.255.0',
'10.0.3.25',
'myhost',
'2001:0db8:85a3:0000:0000:8a2e:0370:7334',
'2001:0db8:85a3:0000:0000:8a2e:0370:7334/64' ]
$bar = simplib::nets2ddq($foo)
$bar contains:[ '10.0.1.0/255.255.255.0',
'10.0.2.0/255.255.255.0',
'10.0.3.25',
'myhost',
'2001:0db8:85a3:0000:0000:8a2e:0370:7334',
'2001:0db8:85a3:0000:0000:8a2e:0370:7334/64' ]
networks
Data type: Array
The networks to convert
simplib::nets2ddq(String $networks_string)
The simplib::nets2ddq function.
Returns: Array[String]
Converted input
Examples
Convert String input
$foo = '10.0.1.0/24 10.0.2.0/255.255.255.0 10.0.3.25 myhost 2001:0db8:85a3:0000:0000:8a2e:0370:7334 2001:0db8:85a3:0000:0000:8a2e:0370:7334/64'
$bar = simplib::nets2ddq($foo)
$bar contains:[ '10.0.1.0/255.255.255.0',
'10.0.2.0/255.255.255.0',
'10.0.3.25',
'myhost',
'2001:0db8:85a3:0000:0000:8a2e:0370:7334',
'2001:0db8:85a3:0000:0000:8a2e:0370:7334/64' ]
networks_string
Data type: String
String containing the list of networks to convert; list elements are separated by spaces, commas or semicolons.
simplib::params2hash
Type: Ruby 4.x API
Returns a Hash of the parameters of the calling resource
This is meant to get the parameters of classes and defined types. The behavior when calling from other contexts is undefined
simplib::params2hash(Optional[Array[String[1]]] $prune)
Returns a Hash of the parameters of the calling resource
This is meant to get the parameters of classes and defined types. The behavior when calling from other contexts is undefined
Returns: Hash
All in-scope parameters
prune
Data type: Optional[Array[String[1]]]
Parameters that you wish to exclude from the output
simplib::parse_hosts
Type: Ruby 4.x API
Convert an Array
of items that may contain port numbers or protocols
into a structured Hash
of host information.
-
Works with Hostnames as well as IPv4 and IPv6 addresses.
-
IPv6 addresses will be returned normalized with square brackets around them for clarity.
-
Terminates catalog compilation if
- A valid network or hostname cannot be extracted from all input items.
- Any input item that contains a port specifies an invalid port.
Examples
Input with multiple host formats:
simplib::parse_hosts(
[
'1.2.3.4',
'http://1.2.3.4',
'https://1.2.3.4:443',
]
)
Returns:
{
'1.2.3.4' => {
:ports => ['443'],
:protocols => {
'http' => [],
'https' => ['443'],
},
},
}
simplib::parse_hosts(Array[String[1],1] $hosts)
Convert an Array
of items that may contain port numbers or protocols
into a structured Hash
of host information.
-
Works with Hostnames as well as IPv4 and IPv6 addresses.
-
IPv6 addresses will be returned normalized with square brackets around them for clarity.
-
Terminates catalog compilation if
- A valid network or hostname cannot be extracted from all input items.
- Any input item that contains a port specifies an invalid port.
Returns: Hash
Structured Hash of the host information
Raises:
if
a valid network or hostname cannot be extracted from all input itemsif
any input item that contains a port specifies an invalid port
Examples
Input with multiple host formats:
simplib::parse_hosts(
[
'1.2.3.4',
'http://1.2.3.4',
'https://1.2.3.4:443',
]
)
Returns:
{
'1.2.3.4' => {
:ports => ['443'],
:protocols => {
'http' => [],
'https' => ['443'],
},
},
}
hosts
Data type: Array[String[1],1]
Array of host entries, where each entry may contain a protocol or both a protocol and port
simplib::passgen
Type: Ruby 4.x API
Generates/retrieves a random password string or its hash for a passed identifier.
- Supports 2 modes:
- simpkv
- Password info is stored in a key/value store and accessed using simpkv.
- Terminates catalog compilation if
password_options
contains invalid parameters, any simpkv operation fails or the password cannot be created in the allotted time.
- Legacy
- Password info is stored in files on the local file system at
Puppet.settings[:vardir]/simp/environments/$environment/simp_autofiles/gen_passwd/
. - Terminates catalog compilation if the password storage directory cannot be created/accessed by the Puppet user, the password cannot be created in the allotted time, or files not owned by the Puppet user are present in the password storage directory.
- Password info is stored in files on the local file system at
- simpkv
- To enable the simpkv mode, set
simplib::passgen::simpkv
totrue
in hieradata. When that setting absent or false, legacy mode will be used. - The minimum length password that this function will return is
8
characters.
simplib::passgen(String[1] $identifier, Optional[Hash] $password_options, Optional[Hash] $simpkv_options)
Generates/retrieves a random password string or its hash for a passed identifier.
- Supports 2 modes:
- simpkv
- Password info is stored in a key/value store and accessed using simpkv.
- Terminates catalog compilation if
password_options
contains invalid parameters, any simpkv operation fails or the password cannot be created in the allotted time.
- Legacy
- Password info is stored in files on the local file system at
Puppet.settings[:vardir]/simp/environments/$environment/simp_autofiles/gen_passwd/
. - Terminates catalog compilation if the password storage directory cannot be created/accessed by the Puppet user, the password cannot be created in the allotted time, or files not owned by the Puppet user are present in the password storage directory.
- Password info is stored in files on the local file system at
- simpkv
- To enable the simpkv mode, set
simplib::passgen::simpkv
totrue
in hieradata. When that setting absent or false, legacy mode will be used. - The minimum length password that this function will return is
8
characters.
Returns: String
Password or password hash specified.
-
When the
last
password option istrue
, the password is determined as follows:- If the last password exists in the key/value store, uses the existing last password.
- Otherwise, if the current password exists in the key/value store, uses the existing current password.
- Otherwise, creates and stores a new password as the current password, and then uses this new password
-
When
last
option isfalse
, the password is determined as follows:- If the current password doesn't exist in the key/value store, creates and stores a new password as the current password, and then uses this new password.
- Otherwise, if the current password exists in the key/value store and it has an appropriate length, uses the current password.
- Otherwise, stores the current password as the last password, creates and stores a new password as the current password, and then uses this new password.
Raises:
Exception
ifpassword_options
contains invalid parameters, a simpkv operation fails, or password generation times out
identifier
Data type: String[1]
Unique String
to identify the password usage.
Must conform to the following:
- Identifier must contain only the following characters:
- a-z
- A-Z
- 0-9
- The following special characters:
._:-
for the legacy implementation._:-/
for the simpkv-enabled implementation
- Identifier may not contain '/./' or '/../' sequences.
password_options
Data type: Optional[Hash]
Password options
Options:
- 'last'
Boolean
: Whether to return the last generated password. Defaults tofalse
. - 'length'
Integer[8]
: Length of the new password. Defaults to32
. - Enum[true,false,'md5',sha256','sha512']]
Enum[true,false,'md5',sha256','sha512']] 'hash'sha256' a
Hashof the password instead of the password itself. Defaults to
false.
trueis equivalent to 'sha256'.
: 'hash' Return aHash
of the password instead of the password itself. Defaults tofalse
.true
is equivalent to 'sha256'. - 'complexity'
Integer[0,2]
: Specifies the types of characters to be used in the password0
=> Default. Use only Alphanumeric characters in your password (safest)1
=> Add reasonably safe symbols2
=> Printable ASCII
- 'complex_only'
Boolean
: Whether to use only the characters explicitly added by the complexity rules. For example, whencomplexity
is1
, create a password from only safe symbols. Defaults tofalse
. - 'gen_timeout_seconds'
Variant[Integer[0],Float[0]]
: Maximum time allotted to generate the password.- Value of
0
disables the timeout. - Defaults to
30
.
- Value of
simpkv_options
Data type: Optional[Hash]
simpkv configuration when in simpkv mode.
- Will be merged with
simpkv::options
. - All keys are optional.
Options:
-
'app_id'
String
: Specifies an application name that can be used to identify which backend configuration to use via fuzzy name matching, in the absence of thebackend
option.- More flexible option than
backend
. - Useful for grouping together simpkv function calls found in different catalog resources.
- When specified and the
backend
option is absent, the backend will be selected preferring a backend in the mergedbackends
option whose name exactly matches theapp_id
, followed by the longest backend name that matches the beginning of theapp_id
, followed by thedefault
backend. - When absent and the
backend
option is also absent, this function will use thedefault
backend.
- More flexible option than
-
'backend'
String
: Definitive name of the backend to use.- Takes precedence over
app_id
. - When present, must match a key in the
backends
option of the merged options Hash or the function will fail. - When absent in the merged options, this function will select
the backend as described in the
app_id
option.
- Takes precedence over
-
'backends'
Hash
: Hash of backend configurations-
Each backend configuration in the merged options Hash must be a Hash that has the following keys:
type
: Backend type.id
: Unique name for the instance of the backend. (Same backend type can be configured differently).
-
Other keys for configuration specific to the backend may also be present.
-
-
'environment'
String
: Puppet environment to prepend to keys.- When set to a non-empty string, it is prepended to the key used in the backend operation.
- Should only be set to an empty string when the key being accessed is truly global.
- Defaults to the Puppet environment for the node.
-
'softfail'
Boolean
: Whether to ignore simpkv operation failures.- When
true
, this function will return a result even when the operation failed at the backend. - When
false
, this function will fail when the backend operation failed. - Defaults to
false
.
- When
simplib::passgen::gen_password_and_salt
Type: Ruby 4.x API
Generates a password and salt
-
Password length, complexity and complex-only settings are specified by the caller.
-
Salt length, complexity and complex-only settings are hard-coded to values appropriate for a salt.
-
Terminates catalog compilation if the password and salt cannot be created in the allotted time.
simplib::passgen::gen_password_and_salt(Integer[8] $length, Integer[0,2] $complexity, Boolean $complex_only, Variant[Integer[0],Float[0]] $timeout_seconds)
Generates a password and salt
-
Password length, complexity and complex-only settings are specified by the caller.
-
Salt length, complexity and complex-only settings are hard-coded to values appropriate for a salt.
-
Terminates catalog compilation if the password and salt cannot be created in the allotted time.
Returns: Array
Generated <password,salt> pair
Raises:
if
password cannot be created within allotted time
length
Data type: Integer[8]
Length of the new password.
complexity
Data type: Integer[0,2]
Specifies the types of characters to be used in the password
0
=> Use only Alphanumeric characters (safest)1
=> Use Alphanumeric characters and reasonably safe symbols2
=> Use any printable ASCII characters
complex_only
Data type: Boolean
Use only the characters explicitly added by the complexity rules
timeout_seconds
Data type: Variant[Integer[0],Float[0]]
Maximum time allotted to generate the password or the salt; a value of 0 disables the timeout
simplib::passgen::gen_salt
Type: Ruby 4.x API
Generates a salt
- Terminates catalog compilation if the salt cannot be created in the allotted time.
simplib::passgen::gen_salt(Optional[Variant[Integer[0],Float[0]]] $timeout_seconds)
Generates a salt
- Terminates catalog compilation if the salt cannot be created in the allotted time.
Returns: String
Generated salt
Raises:
if
password cannot be created within allotted time
timeout_seconds
Data type: Optional[Variant[Integer[0],Float[0]]]
Maximum time allotted to generate the salt; a value of 0 disables the timeout
simplib::passgen::get
Type: Ruby 4.x API
Retrieves a generated password and any stored attributes
- Supports 2 modes:
- simpkv
- Password info is stored in a key/value store and retrieved using simpkv.
- Terminates catalog compilation if any simpkv operation fails.
- Legacy
- Password info is stored in files on the local file system at
Puppet.settings[:vardir]/simp/environments/$environment/simp_autofiles/gen_passwd/
. - Terminates catalog compilation if the password storage directory cannot be accessed by the user.
- Password info is stored in files on the local file system at
- simpkv
- To enable the simpkv mode, set
simplib::passgen::simpkv
totrue
in hieradata. When that setting absent or false, legacy mode will be used. - Terminates compilation if a simpkv operation fails or a legacy password file is inaccessible by the user.
simplib::passgen::get(String[1] $identifier, Optional[Hash] $simpkv_options)
Retrieves a generated password and any stored attributes
- Supports 2 modes:
- simpkv
- Password info is stored in a key/value store and retrieved using simpkv.
- Terminates catalog compilation if any simpkv operation fails.
- Legacy
- Password info is stored in files on the local file system at
Puppet.settings[:vardir]/simp/environments/$environment/simp_autofiles/gen_passwd/
. - Terminates catalog compilation if the password storage directory cannot be accessed by the user.
- Password info is stored in files on the local file system at
- simpkv
- To enable the simpkv mode, set
simplib::passgen::simpkv
totrue
in hieradata. When that setting absent or false, legacy mode will be used. - Terminates compilation if a simpkv operation fails or a legacy password file is inaccessible by the user.
Returns: Hash
Password information or {} if the password does not exist
- 'value'- Hash containing 'password' and 'salt' attributes
- 'metadata' - Hash containing a 'history' attribute, and when available,
'complexity' and 'complex_only' attributes.
- 'history' is an Array of up to the last 10 <password,salt> pairs. history[0][0] is the most recent password and history[0][1] is its salt.
Raises:
Exception
if a simpkv operation fails or a legacy password file is inaccessible by the user
identifier
Data type: String[1]
Unique String
to identify the password usage.
Must conform to the following:
- Identifier must contain only the following characters:
- a-z
- A-Z
- 0-9
- The following special characters:
._:-
for the legacy implementation._:-/
for the simpkv-enabled implementation
- Identifier may not contain '/./' or '/../' sequences.
simpkv_options
Data type: Optional[Hash]
simpkv configuration when in simpkv mode.
- Will be merged with
simpkv::options
. - All keys are optional.
Options:
-
'app_id'
String
: Specifies an application name that can be used to identify which backend configuration to use via fuzzy name matching, in the absence of thebackend
option.- More flexible option than
backend
. - Useful for grouping together simpkv function calls found in different catalog resources.
- When specified and the
backend
option is absent, the backend will be selected preferring a backend in the mergedbackends
option whose name exactly matches theapp_id
, followed by the longest backend name that matches the beginning of theapp_id
, followed by thedefault
backend. - When absent and the
backend
option is also absent, this function will use thedefault
backend.
- More flexible option than
-
'backend'
String
: Definitive name of the backend to use.- Takes precedence over
app_id
. - When present, must match a key in the
backends
option of the merged options Hash or the function will fail. - When absent in the merged options, this function will select
the backend as described in the
app_id
option.
- Takes precedence over
-
'backends'
Hash
: Hash of backend configurations-
Each backend configuration in the merged options Hash must be a Hash that has the following keys:
type
: Backend type.id
: Unique name for the instance of the backend. (Same backend type can be configured differently).
-
Other keys for configuration specific to the backend may also be present.
-
-
'environment'
String
: Puppet environment to prepend to keys.- When set to a non-empty string, it is prepended to the key used in the backend operation.
- Should only be set to an empty string when the key being accessed is truly global.
- Defaults to the Puppet environment for the node.
-
'softfail'
Boolean
: Whether to ignore simpkv operation failures.- When
true
, this function will return a result even when the operation failed at the backend. - When
false
, this function will fail when the backend operation failed. - Defaults to
false
.
- When
simplib::passgen::legacy::common_settings
Type: Ruby 4.x API
Returns common settings used by simplib::passgen in legacy mode
simplib::passgen::legacy::common_settings()
Returns common settings used by simplib::passgen in legacy mode
Returns: Hash
Settings Hash containing 'keydir', 'user', 'group',
'dir_mode' and 'file_mode' attributes
simplib::passgen::legacy::get
Type: Ruby 4.x API
Retrieves a generated password and any stored attributes that have
been stored in files on the local file system at
Puppet.settings[:vardir]/simp/environments/$environment/simp_autofiles/gen_passwd/
Terminates catalog compilation if a legacy password file is inaccessible by the user.
simplib::passgen::legacy::get(String[1] $identifier)
Retrieves a generated password and any stored attributes that have
been stored in files on the local file system at
Puppet.settings[:vardir]/simp/environments/$environment/simp_autofiles/gen_passwd/
Terminates catalog compilation if a legacy password file is inaccessible by the user.
Returns: Hash
Password information or {} if the password does not exist
- 'value'- Hash containing 'password' and 'salt' attributes
- 'metadata' - Hash containing 'history' attribute.
- 'history' is an Array of <password,hash> pairs that will contain at most 1 entry.
- No other metadata is provided in legacy mode.
Raises:
Exception
if a legacy password file is inaccessible by the user
identifier
Data type: String[1]
Unique String
to identify the password usage.
Must conform to the following:
- Identifier must contain only the following characters:
- a-z
- A-Z
- 0-9
- The following special characters:
._:-
simplib::passgen::legacy::list
Type: Ruby 4.x API
Retrieves the list of generated passwords with attributes stored
in files on the local files system at
Puppet.settings[:vardir]/simp/environments/$environment/simp_autofiles/gen_passwd/
.
- Any password file that cannot be accessed or for which the password is empty will be ignored
- Terminates catalog compilation if the password root directory cannot be accessed by the user.
simplib::passgen::legacy::list()
Retrieves the list of generated passwords with attributes stored
in files on the local files system at
Puppet.settings[:vardir]/simp/environments/$environment/simp_autofiles/gen_passwd/
.
- Any password file that cannot be accessed or for which the password is empty will be ignored
- Terminates catalog compilation if the password root directory cannot be accessed by the user.
Returns: Hash
Hash of results or {} if folder does not exist
- 'keys' = Hash of password information
- 'value'- Hash containing 'password' and 'salt' attributes
- 'metadata' - Hash containing other stored attributes. Will always be empty, as the legacy simplib::passgen does not store any other attributes.
- 'folders' = Array of sub-folder names. Will always be empty, as legacy simplib::passgen does not support password identifiers prefixed with a folder path.
Raises:
Exception
If password root directory cannot be accessed by the user.
- Mon Dec 30 2024 Steven Pritchard steve@sicura.us - 4.14.0
- Fix use of legacy facts (#301)
- Mon Dec 23 2024 Steven Pritchard steve@sicura.us - 4.13.0
- Refactor and cleanup for rubocop
- Fri Dec 13 2024 Steven Pritchard steve@sicura.us - 4.12.3
- Fix
ipa
fact (#296)
- Fri Jan 19 2024 ben benrobertson9876@gmail.com - 4.12.2
- Fix simplib__crypto_policy_state fact to include custom policies
- Thu Oct 12 2023 Steven Pritchard steve@sicura.us - 4.12.1
- Update Gemfile
- Fix GHA release workflow
- Work around rspec-puppet 4 changes in spec_helper.rb
- Mon Aug 28 2023 Steven Pritchard steve@sicura.us - 4.12.0
- Fixed
- Ruby 3 support
- puppetlabs-stdlib 9 support
- Updated gem dependencies
- Mon Jun 12 2023 Chris Tessmer chris.tessmer@onyxpoint.com - 4.11.0
- Add RockyLinux 8 support
- Thu Jul 07 2022 Chris Tessmer chris.tessmer@onyxpoint.com - 4.10.4
- Fixed
- If the user/group Puppet's settings doesn't exist on the OS, passgen's file ownership falls back to the owner of the compiler's process
- Fri Jun 24 2022 Trevor Vaughan tvaughan@sicura.us - 4.10.3
- Fixed
- Allow
assert_optional_dependency
to handle extended version strings (Alpha, Beta, RC, 1.2.3.4, etc...)
- Allow
- Fri Jun 24 2022 Chris Tessmer chris.tessmer@onyxpoint.com - 4.10.3
- Fixed
- Permit root user to run
puppet lookup --compile
without borking passgen
- Permit root user to run
- Thu Dec 16 2021 ke5C2Fin noreply@github.com - 4.10.2
- Fixed
- Call
klist -s
instead ofklist
to properly handle cache issues
- Call
- Thu Sep 23 2021 Trevor Vaughan tvaughan@onyxpoint.com - 4.10.1
- Fixed
- Increased randomization in simplib::gen_random_password
- Tue Aug 03 2021 Trevor Vaughan tvaughan@onyxpoint.com - 4.10.0
- Fixed
- simplib::cron::hour_entry now supports comma separated lists
- simplib::cron::minute_entry now supports comma separated lists
- simplib::cron::to_systemd() properly supports/converts ranges and commas
- Added
- simplib::cron::expand_range() to expand ranges into comma separated strings
- Better tests for simplib::cron::to_systemd()
- Acceptance tests for simplib::cron::to_systemd()
- Tue Jul 06 2021 Trevor Vaughan tvaughan@onyxpoint.com - 4.9.0
- Added a
simplib::cron::to_systemd
function to provide 'best-effort' conversions of cron resource parameters to a systemd timespec - Fixed the simplib__networkmanager fact
- Fixed a bug where the ipa fact did not detect when an EL8 client was joined to an IPA domain
- Wed Jun 16 2021 Chris Tessmer chris.tessmer@onyxpoint.com - 4.9.0
- Removed support for Puppet 5
- Ensured support for Puppet 7 in requirements and stdlib
- Thu Apr 29 2021 Trevor Vaughan tvaughan@onyxpoint.com - 4.8.0
- Add a
simplib::params2hash()
function to return all of the calling scope's parameters as a Hash
- Mon Feb 01 2021 Kendall Moore kendall.moore@onyxpoint.com - 4.7.1
- Add net.ipv6.conf.all.disable_ipv6 to simplib_sysctl
- Thu Jan 21 2021 Trevor Vaughan tvaughan@onyxpoint.com - 4.7.0
- Added the simplib__crypto_policy_state fact since it is required by both the simp/crypto_policy and simp/fips modules
- Wed Jan 20 2021 Trevor Vaughan tvaughan@onyxpoint.com - 4.6.3
- Updated REFERENCE.md
- Ensure that the
puppet_settings
fact supports both theserver
andmaster
settings for backwards compatibility - Add a tertiary check to the
grub_version
fact
- Wed Jan 13 2021 Chris Tessmer chris.tessmer@onyxpoint.com - 4.6.3
- Removed EL6 from supported OSs
- Wed Nov 04 2020 Trevor Vaughan tvaughan@onyxpoint.com - 4.6.2-0
- Added Amazon Linux support
- Changed Simplib::Puppet::Metadata::OS_support type to allow the operatingsystemrelease to be optionally defined.
- Fri Oct 23 2020 Trevor Vaughan tvaughan@onyxpoint.com - 4.6.1-0
- Fix the use of simplib::debug::inspect when using Bolt
- Thu Sep 24 2020 Pat Riehecky riehecky@fnal.gov - 4.6.0-0
- Add simplib__numa to collect NUMA-related facts
- Thu Sep 17 2020 Pat Riehecky riehecky@fnal.gov - 4.5.0-0
- Add facts to note EFI status
- simplib__efi_enabled
- simplib__secure_boot_enabled
- Tue Sep 01 2020 Trevor Vaughan tvaughan@onyxpoint.com - 4.5.0-0
- Add a simplib__mountpoints fact that returns information about mountpoints of specific interest to SIMP. This may be deprecated in the future if core facter can be updated to contain the relevant information.
- Refactor the tmp_mounts fact to use simplib__mountpoints
- Mark tmp_mounts as deprecated for removal in a future release
- Fixed bugs in the grub_version and init_systems facts
- Tue Aug 25 2020 Trevor Vaughan tvaughan@onyxpoint.com - 4.4.1-0
- Fixed the simplib__auditd fact so that it detects the state of the running auditd process
- Fixed Simplib::Systemd::ServiceName to accept instance services
- Added 'any' and 'ALL' to the data_types/hostname spec test
- Tue Aug 04 2020 Trevor Vaughan tvaughan@onyxpoint.com - 4.4.0-0
- Added a simplib__auditd fact to return comprehensive information about auditd
- Thu Jun 18 2020 Trevor Vaughan tvaughan@onyxpoint.com - 4.3.0-0
- Added additional helper capabilities
- simplib::safe_filename() => Replace unsafe characters with safe ones in filename strings
- Simplib::Systemd::ServiceName => Data type for safe service name strings
- Tue Apr 07 2020 Trevor Vaughan tvaughan@onyxpoint.com - 4.2.1-0
- Fix an issue in the simplib__sshd_config fact that would cause the daemon to start on an EL6 system that did not already have it running
- Fri Mar 06 2020 Trevor Vaughan tvaughan@onyxpoint.com - 4.2.0-0
- Namespace the
simplib__firewalls
fact so that it does not trigger on Windows systems - Change simp-libkv to simp-simpkv
- SIMPkv support is still EXPERIMENTAL
- Fri Dec 20 2019 Trevor Vaughan tvaughan@onyxpoint.com - 4.1.0-0
- Add EL8 support
- Wed Dec 04 2019 Trevor Vaughan tvaughan@onyxpoint.com - 4.0.1-0
- Fixed an issue in
simplib::ip::family_hash
where the 'unknown' entries were not properly populated.
- Tue Nov 05 2019 Trevor Vaughan tvaughan@onyxpoint.com - 4.0.0-0
- Add
simplib::ip::family_hash
function that takes an IP address or Array of IP addresses and returns a Hash with the addresses broken down by family with additional helpful metadata
- Fri Oct 04 2019 Liz Nemsick lnemsick.simp@gmail.com - 4.0.0-0
- Updated
simplib::passgen
to run in legacy mode or in a libkv mode.- libkv mode is EXPERIMENTAL.
- When in libkv mode,
simplib:passgen
uses libkv for password persistence. - libkv mode is enabled by setting
simplib::passgen::libkv
totrue
in hieradata. - If you enable libkv mode in a system that already has passwords generated via the legacy code, currently, all passwords will be regenerated.
- Added
libkv_options
parameter tosimplib::passgen
for use in libkv mode. - Added
gen_timeout_seconds
password option. Previously this was hardcoded to 30 seconds. - Enhanced
simplib::passgen
operation when in libkv mode- Stores 'complexity' and 'complex_only' setting in the password's libkv metadata, so that the password can be regenerated with the same characteristics.
- Regenerates the password if the requested 'complexity' or 'complex_only' setting differs from the setting used for the latest persisted password.
- Stores up to the lastest 10 <password,salt> pairs in the password's libkv metadata.
- Added functions to support maintenance of passwords generated by
simplib::passgen
. All functions work in both legacy or libkv mode.simplib::passgen::gen_password_and_salt
simplib::passgen::gen_salt
simplib::passgen::set
simplib::passgen::get
,simplib::passgen::list
simplib::passgen::remove
- Added simp-libkv as a module dependency.
- Updated
simplib::gen_random_password
to intersperse special characters among the alpha-numeric characters, when complexity is 1 or 2 and complex_only is false. Previously, this function grouped the all alpha- numeric characters together and grouped all special characters together.
- Wed Oct 02 2019 Jeanne Greulich jeannegreulich@onyxpoint.com - 4.0.0-0
- Update passgen function to set permissions on files to user running the catalog compile. This will allow bolt to set perms correctly.
- Mon Sep 23 2019 Trevor Vaughan tvaughan@onyxpoint.com - 4.0.0-0
- Added a
simplib__firewalls
fact to list discovered firewall tools. - Added RHEL 8 support
- Realigned supported OS listing
- Added 'blacklist' functionality to deliberately fail on an OS that's listed in the metadata.json but not necessarily supported by all parts of the given module.
- Add new, more flexible, functions for delving into the module metadata
- simplib::module_metadata::os_blacklisted => Determine if the passed module metadata indicates that the current OS has been blacklisted
- simplib::module_metadata::os_supported => Determine if the passed module metadata indicates that the current OS is supported
- simplib::module_metadata::assert => Adds an assertion based on whether the OS is supported or blacklisted
- simplib::caller => A useful function for determining what called a function
- Wed Aug 28 2019 Jeanne Greulich jeanne.greulich@oyxpoint.com - 4.0.0-0
- Added support for Puppet 6
- Removed the following deprecated Puppet 3 API functions in order to support
Puppet 6:
- array_include
- array_size
- array_union
- bracketize
- generate_reboot_msg
- get_ports
- h2n
- host_is_me
- inspect
- ip_is_me
- ip_to_cron
- ipaddresses
- join_mount_opts
- localuser
- mapval
- nets2cidr
- nets2ddq
- parse_hosts
- passgen
- rand_cron
- simp_version
- simplib_deprecation
- slice_array
- strip_ports
- to_integer
- to_string
- validate_array_member
- validate_array_of_hashes
- validate_between
- validate_bool_simp
- validate_deep_hash
- validate_float
- validate_macaddress
- validate_net_list
- validate_port
- validate_re_array
- validate_sysctl_value
- validate_umask
- validate_uri_list
- See the SIMP 6.4.0 Changelog for more detailed information on replacements for the removed Puppet 3 API functions.
- Wed Aug 21 2019 Trevor Vaughan tvaughan@oyxpoint.com - 3.16.0-0
- Ensure that simplib::simp_version works on Windows
- Added the following functions:
- simplib::debug::inspect
- Enhanced version of the old 'simplib::inspect'
- simplib::debug::classtrace
- Prints a trace of all resources traversed to get to the current point
- simplib::debug::stacktrace
- Prints a trace of all files traversed to get to the current point
- simplib::debug::inspect
- Mon Aug 12 2019 Robert Vincent pillarsdotnet@gmail.com - 3.16.0-0
- Support puppetlabs/stdlib 6.x.
- Fix "uninitialized constant" error with reboot_notify
- Fri Jun 28 2019 Jeanne Greulich jeanne.greulich@onyxpoint.com - 3.15.3-0
- Allow users to disable deprecation warnings using SIMPLIB_NOLOG_DEPRECATIONS environment variable
- Fri May 31 2019 Liz Nemsick lnemsick.simp@gmail.com - 3.15.2-0
- Remove Puppet 4 support, as Puppet has removed the Puppet 4 RPMs from their yum repos.
- Tue May 21 2019 Trevor Vaughan tvaughan@onyxpoint.com - 3.15.2-0
- Defer to the inbuilt 'fips_enabled' fact if it exists.
- Thu May 09 2019 Jeanne Greulich jeanne.greulich@onyxpoint.com - 3.15.1-0
- Updated simp_version function to use Puppet::Util::Execution.execute instead of backtics. This avoids a GLIBC error triggered by JRuby 9K when backtics, system or %x are used.
- Fri Apr 12 2019 Michael Morrone michael.morrone@onyxpoint.com - 3.15.0-0
- Added
simplib__sshd_config
fact to check the contents of sshd_config file
- Fri Apr 05 2019 Joseph Sharkey shark.bruhaha@gmail.com - 3.15.0-0
- Re-enable simplib deprecation warnings by default
- Mon Apr 01 2019 Trevor Vaughan tvaughan@onyxpoint.com - 3.15.0-0
- Added a 'simplib_networkmanager' fact to provide useful information about the state of NetworkManager components.
- Fri Mar 29 2019 Joseph Sharkey shark.bruhaha@gmail.com - 3.15.0-0
- Fixed a bug in simplib::nets2ddq where it would incorrectly try to expand an IPv6 CIDR. It now passes IPv6 addresses through untouched.
- Converted bracketize Puppet 3 function to simplib::bracketize Puppet 4 function and emit a simplib deprecation warning when bracketize is called.
- Added capability for simplib::bracketize to accept a string delimited by: comma, space, and/or semi-colon
- Thu Mar 21 2019 Liz Nemsick lnemsick.simp@gmail.com - 3.15.0-0
- Deprecated simplib Puppet 3 functions for which corresponding,
though not identically behaving, Puppet builtins or stdlib
functions exist. The functions will be removed in a future
release, unless SIMP receives requests from users to convert
them to namespaced Puppet 4.x functions.
- array_include() can often be replaced with stdlib member()
- array_size() can often be replaced with the Puppet builtin length()
- slice_array() can often be replace with the Puppet builtin slice()
- Deprecated Puppet 3 functions that are not used by any SIMP
modules. The functions will be removed in a future release,
unless SIMP receives requests from users to convert them to
namespaced Puppet 4.x functions.
- array_union
- generate_reboot_msg
- get_ports
- h2n
- ip_is_me
- localuser
- mapval
- validate_array_of_hashes
- validate_float
- Convert a subset of Puppet 3 functions to Puppet 4 and emit a
simplib deprecation warning when the Puppet 3 versions are called:
- simplib::simp_version() replaces deprecated simp_version().
- simplib::host_is_me() replaces deprecated host_is_me().
- Remove Puppet 3 validate_integer function that conflicts with the
same-named Puppet 3 function provided by puppetlab-stdlib.
- Has no impact on uses of
validate_integer
(hence a bug fix not a major version change). - Eliminates 'Illegal method definition' errors caused by the conflict, when using Puppet 6.
- Has no impact on uses of
- Tue Mar 19 2019 Chris Tessmer chris.tessmer@onyxpoint.com - 3.15.0-0
- Removed simplib's
deep_merge()
3.x function that conflicts with stdlib's fully-equivalentdeep_merge()
function.- Has no impact on uses of
deep_merge
(hence a bug fix not a major version change). - Eliminates 'Illegal method definition' errors caused by the conflict, when using Puppet 6.
- Has no impact on uses of
- Tue Mar 19 2019 Liz Nemsick lnemsick.simp@gmail.com - 3.14.1-0
- Fixed bug in Simplib::Cron::Weekday type alias in which a numeric value of 0 was not allowed.
- Tue Mar 12 2019 Joseph Sharkey shark.bruhaha@gmail.com - 3.14.0-0
- Add
Simplib::Cron::####_entry
set of datatypes for each of: minute, hour, month, monthday, and weekday. - Add
Simplib::Cron::####
datatype for single|list of each cron datatype - Updated README.md
- Fri Mar 01 2019 Trevor Vaughan tvaughan@onyxpoint.com - 3.13.0-0
- Add a
simplib::in_bolt
function to detect if the current run is happening during a Bolt run. - Updated REFERENCE.md
- Mon Feb 11 2019 Liz Nemsick lnemsick.simp@gmail.com - 3.13.0-0
- Fix simplib::ipaddresses signature
- Wed Jan 30 2019 Jason Hane hanej@users.noreply.github.com - 3.12.0-0
- Add a timeout to the
ipa
fact to prevent hangs during fact collection
- Fri Jan 18 2019 Trevor Vaughan tvaughan@onyxpoint.com - 3.12.0-0
- Add support for fs.inotify.max_user_watches to simplib::validate_sysctl_value()
- Fix bug in simplib::assert_metadata where it could not be disabled
- Thanks to Adam Hagen for filing the proposed patch in JIRA
- Add a 'defined type' lookup capability,
simplib::dlookup
that provides a consistent method for retrieving defined type parameters from Hiera in an opt-in manner. - Fixed various YARD documentation issues
- Fri Jan 04 2019 Adam Yohrling adam.yohrling@onyxpoint.com - 3.12.0-0
- Add Simplib::ShadowPass custom data type
- Wed Oct 31 2018 Trevor Vaughan tvaughan@onyxpoint.com - 3.11.1-0
- Fix reboot_notify tests
- Ensure that reboot_notify updates resources based on a modified 'reason'
- Fix the ipaddresses tests
- Add better confinement on boot_dir_uuid
- Add a docker nodeset
- Add test for catching facter errors
- Bumped the minimum version of Puppet to 4.10.4
- Fri Sep 28 2018 Daniel Henninger daniel@vorpalcloud.org - 3.11.1-0
- Fixed bug where uid_min would throw errors under operating systems without /etc/login.defs.
- Fixed bug where simplib_sysctl would throw an undefined method error on non-Linux OS's. (both those with sysctl (MacOS X) and without (Windows))
- Both patches of which were improved by Trevor Vaughan tvaughan@onyxpoint.com.
- Wed Sep 26 2018 Chris Tessmer chris.tessmer@onyxpoint.com - 3.11.0-0
- Fixed a bug in the
puppet_settings
fact where settings from all sections were interpolated using settings (like$vardir
) from the[main]
section.
- Wed Aug 01 2018 Trevor Vaughan tvaughan@onyxpoint.com - 3.11.0-0
- Added a function
assert_optional_dependency
that allows users to fail if expected functionality is not present in the current environment's module set. This provides the ability for users to support multiple vendor modules without forking.
- Fri Jul 27 2018 Trevor Vaughan tvaughan@onyxpoint.com - 3.10.1-0
- Added timeout for changing runlevels based on issues discovered in the field
- Fixed bugs in the EL6 runlevel persistence where, in some cases, the runlevel line might not get written to /etc/inittab
- Wed Jul 18 2018 Lucas Yamanishi lucas.yamanishi@onyxpoint.com - 3.10.1-0
- Add support for Puppet 5
- Add support for Oracle Linux
- Tue Jun 19 2018 Trevor Vaughan tvaughan@onyxpoint.com - 3.10.0-0
- Added a function
module_exist
that will return whether or not a module exists in the current environment. - Fixed an issue in the 'runlevel' provider where the actual runlevel would not be changed at execution time
- Thu Jun 14 2018 dforste dforste@users.noreply.github.com - 3.10.0-0
- Fixed bug in cmdline face where duplicate parameters would be ignored
- Duplicate parameters now turn the value of the parameter into an array
- Fri Jun 01 2018 Trevor Vaughan tvaughan@onyxpoint.com - 3.10.0-0
- Add a 'simplib::install' defined type that allows users to provide a Hash of
packages to install along with a Hash of defaults to apply to those packages
and override each package configuration if necessary.
- This was originally created by Nick Miller nick.miller@onyxpoint.com
- Thu May 03 2018 Nick Miller nick.miller@onyxpoint.com - 3.10.0-0
- Add
simplib::hash_to_opts
which turns a hash into a string. Useful for generating commands.
- Mon Apr 30 2018 Trevor Vaughan tvaughan@onyxpoint.com - 3.9.1-0
- Made the
init_ulimit
custom type safe forpuppet generate types
- Fixed a typo in the composite namevar for
init_ulimit
- The following changes allow users to disable reboot notify messages
- Adds two parameters :log_level and :control_only to the 'reboot_notify'
custom type.
- :log_level => Set the Puppet log level of the generated message
- :control_only => Indicate that this entry should not be added to the generated file
- Added a
Simplib::PuppetLogLevel
Data Type - Added a 'reboot_control_metadata' section to the on-system record file
- Added a
simplib::reboot_notify
class to allow for ease of global metadata manipulation.
- Adds two parameters :log_level and :control_only to the 'reboot_notify'
custom type.
- Fixed file paths that were not Windows compatible
- Improved error handling in
reboot_notify
and fixed a few small bugs - Improved some tests
- Fri Jan 19 2018 Trevor Vaughan tvaughan@onyxpoint.com - 3.9.0-0
- Updated the simplib::ldap::domain_to_dn function to allow users to choose whether they want to upcase or downcase the LDAP attributes to work around different system bugs
- Updated min_uid fact for OEL and Scientific Linux
- Updated tests
- Mon Jan 15 2018 Liz Nemsick lnemsick.simp@gmail.com - 3.9.0-0
- Add a 'prelink' fact that indicates whether prelink has been enabled
- Wed Jan 03 2018 Liz Nemsick lnemsick.simp@gmail.com - 3.9.0-0
- Add an 'ipa' fact that provides the IPA domain and server to which a host is connected, when the host is joined to the IPA domain.
- Wed Dec 13 2017 Trevor Vaughan tvaughan@onyxpoint.com - 3.9.0-0
- Added a 'login_defs' structured fact that returns a hash of all values in '/etc/login.defs' with a default 'uid_min' and 'gid_min'
- Fri Dec 08 2017 Chris Tessmer chris.tessmer@onyxpoint.com - 3.9.0-0
- Add data types Simplib::Domain and Simplib::Domainlist
- Re-enabled unit-style data type spec tests for Puppet 4.10
- Wed Nov 15 2017 Liz Nemsick lnemsick.simp@gmail.com - 3.8.0-0
- Disable simplib deprecation warnings by default
- Mon Nov 06 2017 Liz Nemsick lnemsick.simp@gmail.com - 3.8.0-0
- Convert a subset of Puppet 3 functions to Puppet 4 and emit a
simplib deprecation warning when the Puppet 3 versions are called:
- simplib::nets2ddq() replaces deprecated nets2ddq().
- simplib::validate_array_member() replaces deprecated validate_array_member()
- simplib::validate_between() replaces deprecated validate_between(). The new version fails validation, instead of returning false. This behavior consistent with both how the method is used by SIMP modules and the error behavior of all other simplib validate functions.
- simplib::validate_bool() replaces deprecated validate_bool_simp()
- simplib::validate_deep_hash replaced validate_deep_hash.
- In simplib::validate_deep_hash, fixed validate_deep_hash bug in which unknown keys in the Hash to check were not detected.
- Mon Nov 06 2017 Jason Balicki sakodak@gmail.com - 3.8.0-0
- Fixes split failure when "findmnt" does not exist on Linux
- Thu Oct 26 2017 Liz Nemsick lnemsick.simp@gmail.com - 3.7.0-0
- Add Simplib::Macaddress data type
- Convert a subset of Puppet 3 functions to Puppet 4 and emit a
simplib deprecation warning when the Puppet 3 versions are called:
- simplib::join_mount_opts() replaces deprected join_mount_opts()
- simplib::nets2cidr() replaces deprecated nets2cidr()
- simplib::validate_re_array() replaces deprecated validate_re_array()
- simplib::validate_sysctl_value() replaces deprecated validate_sysctl_value()
- Deprecate validate_umask(), advising the user to convert to the Simplib::Umask data type
- Deprecate validate_macaddresses(), advising the user to convert to the Simplib::Macaddress data type
- Fix bug in which simplib_deprecation() used the wrong environment variable.
- Tue Sep 26 2017 Trevor Vaughan tvaughan@onyxpoint.com - 3.6.0-0
- Convert all 'sysctl' 'kernel.shm*' entries to Strings
- shmall and shmmax were causing Facter and newer versions of Puppet to crash
- See FACT-1732 for additional information
- Add Puppet function
simplib::assert_metadata_os()
- Add data type
Simplib::Puppet::Metadata::OS_support
- Mon Sep 11 2017 Liz Nemsick lnemsick.simp@gmail.com - 3.5.0-0
- Convert a subset of Puppet 3 functions to Puppet 4 and emit a
simplib deprecation warning when the Puppet 3 versions are called:
- simplib::ip_to_cron() replaces deprecated ip_to_cron()
- simplib::rand_cron() replaces deprecated rand_cron()
- Add algorithm options to simplib::ip_to_cron() and simplib::rand_cron() to allow the user to select the transformation algorithm, instead of defaulting to an IP number modulus, when the entity to be transformed is an IP address. The IP number modulus algorithm produces undesirable clustering when used to randomize IP addresses in a system for which the number of IPs to be transformed is less than the range over which the randomization is requested.
- Tue Aug 15 2017 Liz Nemsick lnemsick.simp@gmail.com - 3.5.0-0
- Add simplib-specific deprecation functions for both Puppet 3 functions (simplib_deprecation()) and Puppet 4 functions (simplib::deprecation()).
- Convert a subset of Puppet 3 functions to Puppet 4 and emit a
simplib deprecation warning when the Puppet 3 versions are called:
- simplib::inspect() replaces deprecated inspect()
- simplib::ipaddresses() replaces deprecated ipaddresses()
- simplib::parse_hosts() replaces deprecated parse_hosts()
- simplib::passgen() replaces deprecated passgen()
- simplib::strip_ports() replaces deprecated strip_ports()
- simplib::to_integer() replaces deprecated to_integer()
- simplib::to_string() replaces deprecated to_string()
- simplib::validate_uri_list() replaces deprecated validate_uri_list()
- simplib::validate_net_list() replaces deprecated validate_net_list()
- simplib::validate_port() replaces deprecated validate_port()
- Add single-line json output option to simplib::inspect()
- Thu Aug 03 2017 Trevor Vaughan tvaughan@onyxpoint.com - 3.5.0-0
- Added a 'simplib::assert_metadata_os' function that will fail the compile if the passed module does not support the operating systems defined in the module's metadata.json.
- Thu Aug 03 2017 Nick Markowski nmarkowski@keywcorp.com - 3.5.0-0
- The fips_ciphers fact returns nil if the openssl binary is not available
- Sun Jul 23 2017 Trevor Vaughan tvaughan@onyxpoint.com - 3.5.0-0
- Updated puppet-strings documentation
- Updated CONTRIBUTING.md
- Tue Jul 18 2017 Dylan Cochran dylan.cochran@onyxpoint.com - 3.5.0-0
- Fix ipv6_enabled fact, so that it is confined only to linux systems
- Tue Jun 13 2017 Nick Markowski nmarkowski@keywcorp.com - 3.4.0-0
- Due to lack of support for knockout_prefix for arrays in older versions of Puppet, simp::knockout functionality has been moved to simplib::knockout because multiple modules are using the function.
- A wrapper has been put around simp::knockout for backwards-compatibility in our code.
- Update puppet requirement in metadata.json
- Sat Jun 10 2017 Dylan Cochran dylan.cochran@onyxpoint.com - 3.4.0-0
- Fix fullrun fact so it's confined to linux systems
- Thu May 18 2017 Nick Miller nick.miller@onyxpoint.com - 3.4.0-0
- Add data type for catalyst
package_ensure
- Thu Apr 27 2017 Trevor Vaughan tvaughan@onyxpoint.com - 3.4.0-0
- Added a pre and post stage that wrap around the stdlib stages to ensure that all SIMP components have proper buffers around the rest of the stdlib stages that other users might be using.
- Added a
simplib_sysctl
fact to provide values that are particularly relevant to SIMP installations. - Fixed a bug in the
puppet_settings
fact in the case wherefacter
was run standalone - Added a 'root_dir_uuid' fact so that it can be compared against the
/boot
partition in the fips module. Facter used to have a data structure of all mountpoints but it was removed for performance reasons.
- Wed Apr 12 2017 Liz Nemsick lnemsick.simp@gmail.com - 3.4.0-0
- Use the standard ip utility to determine default gateway information, instead of the netstat utility. This removes a dependency on the net-tools package.
- Fri Apr 07 2017 Dylan Cochran dylan.cochran@onyxpoint.com - 3.3.0-0
- Change case of simplib::ldap::domain_to_dn to be upper case
- Fri Apr 07 2017 Trevor Vaughan tvaughan@onyxpoint.com - 3.3.0-0
- Added a 'simplib::inspect' debugging function for dumping parameters during Puppet runs.
- Sun Mar 25 2017 Lucas Yamanishi lucas.yamanishi@onyxpoint.com - 3.2.2-0
- Use PATH lookup for simp_version's rpm call
- Mon Mar 20 2017 Liz Nemsick lnemsick.simp@gmail.com - 3.2.1-0
- move passgen to Puppet[:vardir]
-
Thu Mar 15 2017 Dylan Cochran dylan.cochran@onyxpoint.com - 3.2.1-0
- move passgen to /var/simp
-
Wed Mar 01 2017 Ryan Russel-Yates ryan.russel-yates@onyxpoint.com - 3.2.1-0
- updated Readme
-
Fri Jan 27 2017 Nick Miller nick.miller@onyxpoint.com - 3.2.0
- Added openssl_ciphers fact to list avaiable OpenSSL ciphers
- Fri Jan 20 2017 Dylan Cochran dylan.cochran@onyxpoint.com - 3.2.0-0
- Added type for the server distribution of puppet being used
- Fri Jan 13 2017 Trevor Vaughan tvaughan@onyxpoint.com - 3.2.0-0
- Added a simplib::ldap::domain_to_dn function for generating a reasonable Base DN from the domain fact
- Mon Jan 09 2017 Dylan Cochran dylan.cochran@onyxpoint.com - 3.2.0-0
- fixed how passgen generated salts to restrict it to non-special characters
- Mon Jan 02 2017 Trevor Vaughan tvaughan@onyxpoint.com - 3.1.0-0
- Added additional syslog data types and added tests for all syslog data types
- Syslog::CFacility
- Syslog::CPriority
- Syslog::CSeverity
- Sat Dec 24 2016 Trevor Vaughan tvaughan@onyxpoint.com - 3.1.0-0
- Added types to cover entries with Ports
- Host::Port
- Hostname::Port
- Netlist::Port
- IP::Port
- Added IP::CIDR type
- Tue Dec 20 2016 Nick Miller nick.miller@onyxpoint.com - 3.0.0-0
- NOTE: THIS MODULE CONTAINS NO MORE CLASSES OR MANIFESTS
- Migrated content in manifests and templates to other modules.
- See SIMP-1679 for details
- Mon Dec 19 2016 Nick Miller nick.miller@onyxpoint.com - 2.1.0-0
- Added new types:
- SyslogFacility
- SyslogLevel
- Wed Dec 07 2016 Trevor Vaughan tvaughan@onyxpoint.com - 2.1.0-0
- Added a set of Data Types
- EmailAddress
- Host (Single IP or Hostname)
- Hostname
- Hostname
- IP
- IP::V4
- IP::V4::CIDR
- IP::V4::DDQ
- IP::V4::Port (with port)
- IP::V6
- IP::V6::Base (Regular IPv6)
- IP::V6::Bracketed (IPv6 with Brackets)
- IP::V6::CIDR
- IP::V6::Port (with port)
- Netlist
- Netlist::IP
- Netlist::IP::V4
- Netlist::IP::V6
- Port (any of the below)
- Port::Dynamic (49152-65535)
- Port::Random (0)
- Port::System (1-1024)
- Port::User (1025-49151)
- URI
- Added a simplib::lookup() function that returns a globally scoped variable if it exists before calling the traditional lookup() function.
- Tue Nov 29 2016 Nick Miller nick.miller@onyxpoint.com - 2.0.0-0
- Renamed the file containing the puppet_settings fact to deconflict with
puppetlabs/puppetlabs-stdlib. They don't create any facts with the name
puppet_settings
, so this works for now.
- Mon Nov 21 2016 Chris Tessmer chris.tessmer@onyxpoint.com - 2.0.0-0
- Updated to compliance_markup version 2
- Wed Nov 16 2016 Trevor Vaughan tvaughan@onyxpoint.com - 2.0.0-0
- Rewrite the
puppet_settings
fact to fix several issues
- Fri Oct 14 2016 Liz Nemsick lnemsick.simp@gmail.com - 2.0.0-0
- Fix errors when validate_net_list uses regex strings and is validating IPv6.
- Thu Oct 13 2016 Nick Markowski nmarkowski@keywcorp.com - 2.0.0-0
- EL 7 machines now default nsswitch hosts to 'files','myhostname','dns' in an attempt to mitigate https://bugs.centos.org/view.php?id=10635
- Wed Oct 12 2016 Trevor Vaughan tvaughan@onyxpoint.com - 2.0.0-0
- Updated to use the version of 'simpcat' that does not conflict with 'puppetlabs/concat'.
- Removed the 'has_clustering' fact since it is no longer used in SIMP
- Added a 'puppet_settings' fact that will provide a hash of all puppet settings on the client system.
- Tue Oct 11 2016 Lucas Yamanishi lucas.yamanishi@onyxpoint.com - 1.3.3-0
- Prior to this
named::resolv
made reference toService['named']
, causing errors in cases where the named servce was not called "named." This commit changes the reference toClass['named']
to abstract out the service name and any other potential starup quirks.
- Thu Aug 25 2016 Trevor Vaughan tvaughan@onyxpoint.com - 1.3.1-0
- Update to provide the option to pass the 'gid' option to the /proc mount so that a specific group can be allowed to see the full process tree.
- Thu Aug 11 2016 Lucas Yamanishi lucas.yamanishi@onyxpoint.com - 1.3.0-0
- Mitigate CVE-2016-5696 via sysctl
- Fri Jul 29 2016 Trevor Vaughan tvaughan@onyxpoint.com - 1.2.7-0
- Fixed the acceptance tests
- Fri Jul 08 2016 Nick Miller nick.miller@onyxpoint.com - 1.2.6-0
- Updated the readme
- Updated to use the new packaging format
- Mon Jun 27 2016 Nick Miller nick.miller@onyxpoint.com - 1.2.5-0
- Added logic to ensure the tmpwatch package is installed on EL6 systems
- Thu Jun 09 2016 Nick Markowski nmarkowski@keywcorp.com - 1.2.4-0
- Added the gdm_version facts from xwindows and confined it on the existence of the gdm binary.
- Thu Apr 14 2016 Trevor Vaughan tvaughan@onyxpoint.com - 1.2.3-0
- The nsswitch.conf logic has been updated to work properly between SSSD and non-SSSD systems.
- Tue Apr 12 2016 Kendall Moore kendall.moore@onyxpoint.com - 1.2.2-1
- Fixed deprecation warning in custom types
- Mon Mar 21 2016 Nick Markowski nmarkowski@keywcorp.com - 1.2.2-0
- Fixed sssd/ldap logic in nsswitch.conf
- Sat Mar 19 2016 Trevor Vaughan tvaughan@onyxpoint.comm - 1.2.1-0
- Migrated use_simp_pki to a global catalyst.
- Mon Mar 14 2016 Trevor Vaughan tvaughan@onyxpoint.com - 1.2.0-0
- Updated to use SSSD for EL6.7+
- Mon Mar 14 2016 Nick Markowski nmarkowski@keywcorp.com - 1.1.0-1
- Modified nsswitch template to reference private _use_sssd and _use_ldap logic, exclusively.
- Thu Mar 10 2016 Trevor Vaughan tvaughan@onyxpoint.com - 1.1.0-0
- Ensure that the validate_between() function can handle string/integer combinations.
- Add a to_integer() function which converts the passed argument to an integer.
- Converted to Semantic Versioning 2.0.0
- Fri Mar 04 2016 Nick Markowski nmarkowski@keywcorp.com - 1.0.1-4
- Updated the localusers function to be compatible with multiple versions of ruby, and fixed a bug in the return value.
- Mon Feb 29 2016 Trevor Vaughan tvaughan@onyxpoint.com - 1.0.1-3
- Added a to_string() function which simply converts the passed argument to a string. This has been added to both pass linting and allow for the case where you know you need a string and you want to make sure that is known.
- Fri Feb 19 2016 Ralph Wright ralph.wright@onyxpoint.com - 1.0.1-2
- Added compliance function support
- Tue Feb 02 2016 Chris Tessmer chris.tessmer@onyxpoint.com - 1.0.1-1
- Removed
os_bugfixes
andbugfix1049656
.
- Fri Jan 08 2016 Chris Tessmer chris.tessmer@onyxpoint.com - 1.0.1-0
- Confined Linux facts that were causing errors during Windows agent runs
- Thu Dec 24 2015 Trevor Vaughan tvaughan@onyxpoint.com - 1.0.0-3
- Removed the simp_enabled fact as it is not needed.
- Thu Dec 17 2015 Nick Markowski nmarkowski@keywcorp.com - 1.0.0-2
- CCE-18455-6, CCE-3562-6 disable ipv6. Ipv6 remains enabled at the kernel level, but is functionally disabled via sysctl when ipv6_enabled = false.
- Thu Dec 10 2015 Nick Markowski nmarkowski@keywcorp.com - 1.0.0-1
- CCE-4241-6 Single user mode is now password protected.
- Added a simp_enabled fact to return true if the 'simp' class is in the catalog.
- Thu Nov 19 2015 Trevor Vaughan tvaughan@onyxpoint.com - 1.0.0-0
- Added validate_uri_list function
- Ensure that nsswitch works properly for SSSD
- Add sudoers support for SSSD and nsswitch
- Fri Nov 13 2015 Chris Tessmer chris.tessmer@onyxpoint.com - 1.0.0-0
- Imported manifests/ template/ and files/ assets from pupmod-common
- manifests/ assets from pupmod-functions are deprecated and will not be imported
- All tests pass; first version is rolled up
- Tue Oct 13 2015 Chris Tessmer chris.tessmer@onyxpoint.com - 0.1.0-0
- Initial rollup of lib/ assets from legacy modules simp-common and simp-functions
Dependencies
- puppetlabs/stdlib (>= 8.0.0 < 10.0.0)
- simp/simpkv (>= 0.7.0 < 1.0.0)
simplib - A collection of common SIMP functions, facts, and puppet code Per Section 105 of the Copyright Act of 1976, these works are not entitled to domestic copyright protection under US Federal law. The US Government retains the right to pursue copyright protections outside of the United States. The United States Government has unlimited rights in this software and all derivatives thereof, pursuant to the contracts under which it was developed and the License under which it falls. --- Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.