Table of Contents

1. Overview
2. Module Description - What the module does and why it is useful
3. Setup - The basics of getting started with simplib
   • What simplib affects
   • Setup requirements
   • Beginning with simplib
4. Usage - Configuration options and additional functionality
5. Reference - An under-the-hood peek at what the module is doing and how
   • Facts
   • Functions
   • Puppet Extensions
   • Puppet 3 Functions
   • Types
   • Data Types
   • Stages
6. Development - Guide for contributing to the module

This is a SIMP module

This module is a component of the System Integrity Management Platform, a compliance-management framework built on Puppet.

If you find any issues, they can be submitted to our JIRA.

Module Description

simp/simplib provides a standard library of resources for SIMP modules. It adds the following resources to Puppet:

• Data Types
• Custom Types and Providers
• Facts
• Functions
• Puppet Extensions
• Puppet 3 Functions
• Stages

Setup

What simplib affects

simplib contains data types, custom types and providers, facts, functions, and a class that expands Puppet Stdlib stages.

Setup Requirements

Agents will need to enable pluginsync.

Usage

Please see reference for usage.

Full documentation can be found in the module docs

Reference

A list of things provided by simplib is below.

Please reference the doc/ directory in the top level of the repo or the code itself for more detailed documentation.

Facts

• acpid_enabled - Return true if ACPI is available on the system
• boot_dir_uuid - Return the UUID of the partition holding the boot directory
• cmdline - Returns the contents of /proc/cmdline as a hash
• cpuinfo - Returns the contents of /proc/cpuinfo as a hash
• defaultgateway - Return the default gateway of the system
• defaultgatewayiface - Return the default gw interface of the system
• fips_ciphers - Returns a list of available OpenSSL ciphers
• fips_enabled - Determine whether FIPS is enabled on this system
• fullrun - Determine whether to do an intensive run
• gdm_version - Return the version of GDM that is installed
• grub_version - Return the grub version installed on the system
• init_systems - Return a list of all init systems present on the system
• ipa - Return a hash containing the IPA domain and server to which a host is connected
• ipv6_enabled - Return true if IPv6 is enabled and false if not
• login_defs - Return the contents of /etc/login.defs as a hash with downcased keys
• prelink - Returns a hash containing prelink status
• reboot_required - Returns a hash of 'name' => 'reason' entries
• root_dir_uuid - Return the UUID of the partition holding the / directory
• runlevel - Return the current system runlevel
• shmall - Return the value of shmall from sysctl
• simplib_sysctl - Return hash of sysctl values that are relevant to SIMP
• simp_puppet_settings - Returns a hash of all Puppet settings on a node
• tmp_mounts - This fact provides information about /tmp, /var/tmp, and /dev/shm should they be present on the system
• uid_min - Return the minimum uid allowed

Functions

• simplib::assert_metadata
• simplib::deprecation
• simplib::filtered
• simplib::gen_random_password
• simplib::inspect
• simplib::ip_to_cron
• simplib::ipaddresses
• simplib::join_mount_opts
• simplib::knockout
• simplib::ldap::domain_to_dn
• simplib::lookup
• simplib::nets2cidr
• simplib::nets2ddq
• simplib::parse_hosts
• simplib::passgen
• simplib::rand_cron
• simplib::strip_ports
• simplib::to_integer
• simplib::to_string
• simplib::validate_array_member
• simplib::validate_between
• simplib::validate_bool
• simplib::validate_deep_hash
• simplib::validate_net_list
• simplib::validate_port
• simplib::validate_re_array
• simplib::validate_sysctl_value
• simplib::validate_uri_list

simplib::assert_metadata

Fails a puppet catalog compile if the client system is not compatible with the module's metadata.json

Arguments:

• module_name module name
• options (Optional) Hash of behavior modifiers for the function

options can be set globally (for all classes that use this function) via hieradata and has the following keys:

• enable If set to false disable all validation

• os Options for OS validation to be done. Valid keys:

  • validate Whether to validate the OS settings

  • options OS validation options. Valid keys:

    • release_match Type of OS release matching to be done. Valid values:

      • none No match on minor release (default)
      • full Full release must match
      • major Only the major release must match

Returns: nil

Example:

    simplib::assert_metadata('mymodule')

simplib::deprecation

Function to print deprecation warnings, logging a warning once for a given key.

Messages can be enabled if the SIMPLIB_LOG_DEPRECATIONS environment variable is set to 'true'.

Arguments:

• key Uniqueness key, which is used to dedupe messages
• message Message to be printed, file and line info will be appended if available.

Returns: nil

Example:

  simplib::deprecation('simplib::foo','simplib::foo is deprecated and will be removed in a future version')
  # Writes message to log if SIMPLIB_LOG_DEPRECATIONS is true.

simplib::filtered

Hiera v5 backend that takes a list of allowed hiera key names, and only returns results from the underlying backend function that match those keys.

This allows hiera data to be delegated to end users in a multi-tenant environment, without allowing them the ability to override every hiera data point (and potentially break systems).

simplib::gen_random_password

Generates a random password string.

Terminates catalog compilation if the password cannot be created within allotted time.

Arguments:

• length Length of the string to return

• complexity (Optional) The types of characters to be used in the password; valid values:

  • 0 Use only Alphanumeric characters (safest)
  • 1 Use Alphanumeric characters and reasonably safe symbols
  • 2 Use any printable ASCII characters

• complex_only (Optional) Use only the characters explicitly added by the complexity rules

• timeout_seconds (Optional) Maximum time allotted to generate the password; a value of 0 disables the timeout

Returns: String Generated password

Raises: RuntimeError if password cannot be created within allotted time

simplib::ipaddresses

Return an array of all IP addresses known to be associated with the client, optionally excluding local addresses.

Arguments:

• only_remote (Optional) Whether to exclude local addresses from the return value (e.g., '127.0.0.1').

Returns: Array

simplib::inspect

Prints the passed variable's Ruby type and value for debugging purposes. This uses a Notify resource to print the information during the client run.

Arguments:

• var_name The actual name of the variable, fully scoped, as a String.

• output_type (Optional) The format that you wish to use to display the output during the run.

  • Valid values are json, oneline_json and yaml.
  • json and yaml result in multi-line message content.
  • oneline_json results in single-line message content.

Returns: nil

Example:

  class my_test(
    String $var1,
    Hash   $var2
  )
  {
    simplib::inspect('var1')
    simplib::inspect('var2')
    ...
  }

simplib::ip_to_cron

Transforms an IP address to one or more interval values for cron. This can be used to avoid starting a certain cron job at the same time on all servers.

Arguments:

• occurs (Optional) The occurrence within an interval, i.e., the number of values to be generated for the interval.

• max_value (Optional) The maximum value for the interval. The values generated will be in the inclusive range [0, max_value].

• algorithm (Optional) Valid values are ip_mod and sha256

  • ip_mod: The modulus of the IP number is used as the basis for the returned values. This algorithm works well to create cron job intervals for multiple hosts, when the number of hosts exceeds the max_value and the hosts have largely, linearly- assigned IP addresses.

  • sha256: A random number generated using the IP address string is the basis for the returned values. This algorithm works well to create cron job intervals for multiple hosts, when the number of hosts is less than the max_value or the hosts do not have linearly-assigned IP addresses.

• ip (Optional) The IP address to use as the basis for the generated values. When nil, the ipaddress fact (IPv4) is used.

Returns: Array[Integer] Array of integers suitable for use in the minute or hour cron field.

Examples:

Generate one value for the minute cron interval:

    simplib::ip_to_cron()

Generate 2 values for the hour cron interval, using the 'sha256' algorithm and a provided IP address:

     simplib::ip_to_cron(2,23,'sha256','10.0.23.45')

simplib::join_mount_opts

Merge two sets of mount options in a reasonable fashion. The second set will always override the first.

Arguments:

• system_mount_opts System mount options
• new_mount_opts New mount options, which will override system_mount_opts when there are conflicts

Returns: String

simplib::knockout

Uses the knockout prefix of -- to remove elements from an array.

Arguments:

• array The array to work on

Returns: Array

Example:

  array = [
    'ssh',
    'sudo',
    '--ssh',
  ]
  $result = simplib::knockout(array)
  #
  # returns $result = [ 'sudo' ]

simplib::ldap::domain_to_dn

Generates an LDAP Base DN from a domain.

Arguments:

• domain (Optional) The DNS domain name, defaults to domain fact
• downcase_attributes (Optional) Whether to downcase the LDAP attributes

Returns: String

Examples:

Generate a LDAP Base DN with uppercase attributes:

  $ldap_dn = simplib::ldap::domain_to_dn('test.local')

  # returns $ldap_dn = 'DC=test,DC=local'

Generate a LDAP Base DN with lowercase attributes:

  $ldap_dn = simplib::ldap::domain_to_dn('test.local', true)
  #  returns $ldap_dn = 'dc=test,dc=local'

simplib::lookup

A function for falling back to global scope variable lookups when the Puppet 4 lookup() function cannot find a value.

While lookup() will stop at the back-end data sources, simplib::lookup() will check the global scope first to see if the variable has been defined.

This means that you can pre-declare a class and/or use an ENC and look up the variable whether it is declared this way or via Hiera or some other back-end.

Arguments:

• param The parameter you wish to look up.
• options (Optional) Hash of options for regular lookup() This must follow the syntax rules for the Puppet lookup( [\<NAME\>], \<OPTIONS HASH\> ) version of lookup(). No other formats are supported!

Returns: Any The value that is found in the system for the passed parameter

Examples:

  # No defaults
  simplib::lookup('foo::bar::baz')

  # With a default
  simplib::lookup('foo::bar::baz', { 'default_value' => 'Banana' })

  # With a typed default
  simplib::lookup('foo::bar::baz', { 'default_value' => 'Banana', 'value_type' => String })

simplib::nets2cidr

Take an input list of networks and returns an equivalent Array in CIDR notation.

• Hostnames are passed through untouched.
• Terminates catalog compilation if any input item is not a valid network or hostname.

Arguments:

• networks_list List of 1 or more networks in a single string (separated by whitespace, commas, or semicolons) or an array of strings.

Returns Array[String] Array of networks in CIDR notation

Example:

  $foo = [ '1.2.0.0/255.255.0.0',
           '2001:db8:85a3::8a2e:370:0/112',
           '1.2.3.4',
           'myhost.test.local' ]

  $cidrs = nets2cidr($foo)
  #
  # returns $cidrs = [ '1.2.0.0/16',
  #                    '2001:db8:85a3::8a2e:370:0/112',
  #                    '1.2.3.4',
  #                    'myhost.test.local'
  #                  ]

simplib::nets2ddq

Tranforms a list of networks into an equivalent array in dotted quad notation.

• CIDR networks are converted to dotted quad notation networks.
• IP addresses and hostnames are left untouched.
• Terminates catalog compilation if any input item is not a valid network or hostname.

Arguments:

• networks List of 1 or more networks in a single string (separated by whitespace, commas, or semicolons) or an array of strings.

Returns: Array[String] Converted input

Raises: RuntimeError if any input item is not a valid network or hostname

Example:

  # Convert Array input
  $foo = [ '10.0.1.0/24',
           '10.0.2.0/255.255.255.0',
           '10.0.3.25',
           'myhost' ]
  $bar = simplib::nets2ddq($foo)
  #
  # returns  $bar = [ '10.0.1.0/255.255.255.0',
  #                   '10.0.2.0/255.255.255.0',
  #                   '10.0.3.25',
  #                   'myhost' ]

simplib::parse_hosts

Convert an Array of items that may contain port numbers or protocols into a structured Hash of host information.

• Works with Hostnames as well as IPv4 and IPv6 addresses.

• IPv6 addresses will be returned normalized with square brackets around them for clarity.

• Terminates catalog compilation if

  • A valid network or hostname cannot be extracted from all input items.
  • Any input item that contains a port specifies an invalid port.

Arguments:

• hosts Array of host entries, where each entry may contain a protocol or both a protocol and port

Returns: Hash Structured Hash of the host information

Raises: RuntimeError if any input item that contains a port specifies an invalid port

Example:

  # Input with multiple host formats:
  simplib::parse_hosts([ '1.2.3.4',
                         'http://1.2.3.4',
                         'https://1.2.3.4:443' ])
  #   Returns:
  #   {
  #     '1.2.3.4' => {
  #       :ports     => ['443'],
  #       :protocols => {
  #         'http'  => [],
  #         'https' => ['443']
  #       }
  #     }
  #   }

simplib::passgen

Generates/retrieves a random password string or its hash for a passed identifier.

• Uses Puppet.settings[:vardir]/simp/environments/$environment/simp_autofiles/gen_passwd/ as the destination directory for password storage.
• The minimum length password that this function will return is 8 characters.
• Terminates catalog compilation if the password storage directory cannot be created/accessed by the Puppet user, the password cannot be created in the allotted time, or files not owned by the Puppet user are present in the password storage directory.

Arguments:

• identifier Unique String to identify the password usage.

• modifier_hash (Optional) Hash which may contain any of the following options:

  • last Whether to return the last generated password

  • length Length of the new password

  • hash Whether to return a hash of the password, instead of the password itself. Valid values are:

    • false
    • true which is equivalent to sha256
    • md5,
    • sha256
    • sha512

  • complexity The types of characters to be used in the password; valid values:

    • 0 Use only Alphanumeric characters (safest)
    • 1 Use Alphanumeric characters and reasonably safe symbols
    • 2 Use any printable ASCII characters

Returns: String Password specified

Examples:

  # Run simplib::passgen for the first time for an identifier.  This
  # generates a length 34 password, stores it, and returns it in plain text.
  $password = simplib::passgen('myfavpasswd',{'length'=> 34})

  # Request a password hash.  Since a password already exists for this
  # identifier, retrieves the existing password and returns the hash of it.
  $password_hash = simplib::passgen('myfavpasswd',{ hash => 'sha256' })

simplib::rand_cron

Transforms an input string to one or more interval values for cron. This can be used to avoid starting a certain cron job at the same time on all servers.

Arguments:

• modifier The input string to use as the basis for the generated values

• algorithm Randomization algorithm to apply to transform the input string; valid values are ip_mod and sha256

  • ip_mod: The modulus of the IP number is used as the basis for the returned values. This algorithm works well to create cron job intervals for multiple hosts, when the number of hosts exceeds the max_value and the hosts have largely, linearly- assigned IP addresses.

  • sha256: A random number generated using the IP address string is the basis for the returned values. This algorithm works well to create cron job intervals for multiple hosts, when the number of hosts is less than the max_value or the hosts do not have linearly-assigned IP addresses.

• occurs (Optional) The occurrence within an interval

• max_value (Optional) The maximum value for the interval

Returns: Array[Integer] Array of integers suitable for use in the minute or hour cron field

Examples:

  # Generate one value for the `minute` cron interval using using sha256
  simplib::rand_cron('myhost.test.local','sha256')

  # Generate 2 values for the `hour` cron interval, using the
  # 'ip_mod' algorithm
  simplib::rand_cron('10.0.6.78', 'ip_mod', 2, 23)

simplib::strip_ports

Extract list of unique hostnames and/or IP addresses from an Array of hosts, each of which may may contain protocols and/or port numbers

Terminates catalog compilation if

• A valid network or hostname cannot be extracted from all input items.
• Any input item that contains a port specifies an invalid port.

Arguments:

• hosts Array of hosts which may contain protocols and port numbers

Returns: Array Non-port portion of hostnames

Raises: RuntimeError if any input item that contains a port specifies an invalid port

Example:

  $foo = ['https://mysite.net:8443',
          'http://yoursite.net:8081',
          'https://theirsite.com']

  $bar = strip_ports($foo)

  # results  $bar = ['mysite.net','yoursite.net','theirsite.com']

simplib::to_integer

Converts the argument into an Integer.

Terminates catalog compilation if the argument's class does not respond to the to_i() Ruby method.

Arguments:

• input Item to be converted

Returns: Integer

Raises: RuntimeError if any input does not implement a to_i() method

simplib::to_string

Converts the argument into a String.

Arguments:

• input Item to be converted

Returns: String

simplib::validate_array_member

Validate that an single input is a member of another Array or an Array input is a subset of another Array.

• The comparison can optionally ignore the case of String elements.
• Terminates catalog compilation if validation fails.

Arguments:

• input The input to find in the target array.
• target The array to search.
• modifier (Optional) If 'i' ignores case.

Returns: nil

Raises: RuntimeError if input is not found in target

Examples:

  # Passing:
  simplib::validate_array_member('foo',['foo','bar'])
  simplib::validate_array_member('foo',['FOO','BAR'],'i')

  # Failing, causing compilation to abort:
  simplib::validate_array_member(['foo','bar'],['FOO','BAR','BAZ'])

simplib::validate_between

Validate that the first value is between the second and third values numerically.

• The range is inclusive.
• Terminates catalog compilation if validation fails.

Arguments:

• value Value to validate
• min_value Minimum value that is valid
• max_value Maximum value that is valid

Returns: nil

Raises: RuntimeError if validation fails

Examples:

  # Passing:
  simplib::validate_between('-1', -3, 0)
  simplib::validate_between(7, 0, 60)
  simplib::validate_between(7.6, 7.1, 8.4)

  # Failing, causing compilation to abort:
  simplib::validate_between('-1', 0, 3)
  simplib::validate_between(0, 1, 60)
  simplib::validate_between(7.6, 7.7, 8.4)

simplib::validate_bool

Validate that all passed values are either true, 'true', false or 'false'.

Terminates catalog compilation if validation fails.

Arguments:

• values_to_validate The value to validate.

Returns: nil

Raises: RuntimeError if validation fails

Examples:

  # Passing:
  $iamtrue = true
  simplib::validate_bool(true)
  simplib::validate_bool("false")
  simplib::validate_bool("true")
  simplib::validate_bool(true, 'true', false, $iamtrue)

  # Failing, causing compilation to abort:
  simplib::validate_bool('True')
  simplib::validate_bool('FALSE')

simplib::validate_deep_hash

Perform a deep validation on two passed Hashes.

• All keys must be defined in the reference Hash that is being validated against.
• Unknown keys in the Hash being compared will cause a failure in validation
• All values in the final leaves of the 'reference 'Hash' must be a String, Boolean, or nil.
• All values in the final leaves of the Hash being compared must support a to_s() method.
• Terminates catalog compilation if validation fails.

Arguments:

• reference Reference Hash to validate against. Keys at all levels of the hash define the structure of the hash and the value at each final leaf in the hash tree contains a regular expression string, a boolean or nil for value validation:

  • When the validation value is a regular expression string, the string representation of the to_check value (from the to_s() method) will be compared to the regular expression contained in the reference string.

  • When the validation value is a Boolean, the string representation of the to_check value will be compared with the string representation of the Boolean (as provided by the to_s() method).

  • When the validation value is a nil or 'nil', no value validation will be done for the key.

  • When the to_check value contains an Array of values for a key, the validation for that key will be applied to each element in that array.

• to_check Hash to validate against the reference

Returns: nil

Raises: RuntimeError if validation fails

Examples:

  # Passing:
  reference = {
    'foo' => {
      'bar' => {
        #NOTE: Use quotes for regular expressions instead of '/'
        'baz' => '^\d+$',
        'abc' => '^\w+$',
        'def' => nil
      },
      'baz' => {
        'qrs' => false
        'xyz' => '^true|false$'
      }
    }
  }

  to_check = {
    'foo' => {
      'bar' => {
        'baz' => ['123', 45]
        'abc' => [ 'these', 'are', 'words' ],
        'def' => 'Anything will work here!'
      },
      'baz' => {
        'qrs' => false
        'xyz' => true
      }
    }
  }
  simplib::validate_deep_hash(reference, to_check)

  # Failing, causing compilation to abort:
  reference => { 'foo' => '^\d+$' }
  to_check  => { 'foo' => 'abc' }

  simplib::validate_deep_hash(reference, to_check)

simplib::validate_port

Validates whether each passed argument contains valid port(s).

• Each argument can be an individual string, individual integer, or an array containing strings and/or integers.
• Each port, numerically, must be in the range [1, 65535].
• Terminates catalog compilation if validation fails.

Arguments:

• port_args A port or array of ports.

Returns: nil

Raises: RuntimeError if validation fails

Examples:

  # Passing
  $port = '10541'
  $ports = [5555, 7777, 1, 65535]

  simplib::validate_port($port)
  simplib::validate_port($ports)
  simplib::validate_port($port, $ports)

  # Failing, causing compilation to abort:
  simplib::validate_port('0')
  simplib::validate_port(65536)

simplib::validate_net_list

Validate that a passed list (Array or single String) of networks is filled with valid IP addresses, network addresses (CIDR notation), or hostnames.

• Hostnames are checked per RFC 1123.
• Ports appended with a colon : are allowed for hostnames and individual IP addresses.
• Terminates catalog compilation if validation fails.

Arguments:

• net_list 1 or more network to be validated.
• str_match (Optional) Stringified regular expression (regex without the // delimiters)

Returns: nil

Raises: RuntimeError if validation fails

Examples:

  #  Passing
  $trusted_nets = '10.10.10.0/24'
  simplib::validate_net_list($trusted_nets)

  $trusted_nets = '1.2.3.5:400'
  simplib::validate_net_list($trusted_nets)

  $trusted_nets = 'ALL'
  simplib::validate_net_list($trusted_nets,'^(%any|ALL)$')

  # Failing, causing compilation to abort:
  $trusted_nets = '10.10.10.0/24,1.2.3.4'
  simplib::validate_net_list($trusted_nets)

  $trusted_nets = 'bad stuff'
  simplib::validate_net_list($trusted_nets)

simplib::validate_re_array

Perform simple validation of a String, or Array of Strings, against one or more regular expressions.

• Derived from the Puppet Labs stdlib validate_re()
• Terminates catalog compilation if validation fails.

Arguments:

• input String to be validated
• regex Stringified regular expression (regex without the // delimiters)
• err_msg (Optional) error message to emit upon failure

Returns: nil

Raises: RuntimeError if validation fails

Examples:

  # Passing
  simplib::validate_re_array('one', '^one$')

  # Failing, causing compilation to abort:
  simplib::validate_re_array('one', '^two')

  # Failing with a custom error message
  simplib::validate_re_array($::puppetversion, '^2.7',
    'The $puppetversion fact value does not match 2.7')

simplib::validate_sysctl_value

Validate that the passed value is correct for the passed sysctl key.

• If a key is not known, simply returns that the value is valid.
• Terminates catalog compilation if validation fails.

Arguments:

• key sysctl setting whose value is to be validated
• value Value to be validated

Returns: nil

Raises: RuntimeError if validation fails

simplib::validate_uri_list

Validate that a passed list (Array or single String) of URIs is valid according to Ruby's URI parser.

• Caution: No scheme (protocol type) validation is done if the scheme_list parameter is not set.
• Terminates catalog compilation if validation fails.

Arguments:

• uri URI to be validated.
• scheme_list (Optional) List of schemes (protocol types) allowed for the URI.

Returns: nil

Raises: RuntimeError if validation fails

Examples:

  # Passing:
  $uris = [http://foo.bar.baz:1234','ldap://my.ldap.server']
  simplib::validate_uri_list($uris)

  $uris = ['ldap://my.ldap.server','ldaps://my.ldap.server']
  simplib::validate_uri_list($uris,['ldap','ldaps'])

Puppet Extensions

The following methods are Puppet extensions in the PuppetX::SIMP::Simplib namespace:

• hostname?
• hostname_only?
• human_sort
• split_port

PuppetX::SIMP::Simplib::hostname?

Determine whether the passed value is a valid hostname, optionally postpended with ':\<number>' or '/\<number>'.

NOTE: This returns true for an IPv4 address, as it conforms to RFC 1123.

Arguments:

• obj Input to be assessed

Returns: Boolean false if obj is not comprised of ASCII letters (upper or lower case), digits, hypens (except at the beginning and end), and dots (except at beginning and end), excluding an optional, trailing ':\<number>' or '/\<number>'

Examples:

  # Returns true
  PuppetX::SIMP::Simplib.hostname?('hostname.me.com')
  PuppetX::SIMP::Simplib.hostname?('hostname.me.com:5454')

  # Returns false
  PuppetX::SIMP::Simplib.hostname?('-hostname.me.com')

PuppetX::SIMP::Simplib::hostname_only?

Determine whether the passed value is a valid hostname.

NOTE: This returns true for an IPv4 address, as it conforms to RFC 1123.

Arguments:

• obj Input to be assessed

Returns: Boolean false if obj is not comprised of ASCII letters (upper or lower case), digits, hypens (except at the beginning and end), and dots (except at beginning and end)

Examples:

  # Returns true
  PuppetX::SIMP::Simplib.hostname_only?('hostname.me.com')

  # Returns false
  PuppetX::SIMP::Simplib.hostname_only?('-hostname.me.com')
  PuppetX::SIMP::Simplib.hostname_only?('hostname.me.com:5454')

PuppetX::SIMP::Simplib::human_sort

Sort a list of values based on usual human sorting semantics.

Arguments:

• obj Enumerable object to be sorted

Returns: Sorted object

PuppetX::SIMP::Simplib::split_port

Split input string into a [ host, port ] pair

Arguments:

• host_string String to be split into host and port

Returns: Array[ host, port ] Host and port pair

* Returns ``[ nil, nil ]`` if ``host_string`` is ``nil`` or
  an empty string
* Returns ``[ host_string, nil ]`` if ``host_string`` is
  a CIDR address or contains no port
* Port returned is a string

Examples:

  PuppetX::SIMP::Simplib.split_port('myhost.name:5656')
  # returns ['myhost.name','5656']

  PuppetX::SIMP::Simplib.split_port['192.165.3.9']
  # returns ['192.165.3.9',nil]

  PuppetX::SIMP::Simplib.split_port['192.165.3.9/24']
  # returns ['192.164.3.9/24',nil]

  PuppetX::SIMP::Simplib.split_port('[2001:0db8:85a3:0000:0000:8a2e:0370]:'))
  # returns ['[2001:0db8:85a3:0000:0000:8a2e:0370]',nil]

Puppet 3 Functions

Many of these functions have been deprecated and will be removed in a future release. Do not use these functions in new code. Instead, use the newer, environment-safe functions described in Functions. Also, wherever possible, replace the existing use of these functions with strongly-type parameters, Puppet functions, or the newer simplib functions.

When simplib replacement exists for a function, it will be noted in the function's description.

• array_include
• array_size
• array_union
• bracketize
• deep_merge
• filtered
• generate_reboot_msg
• get_ports
• h2n
• host_is_me
• inspect
• ip_is_me
• ip_to_cron
• ipaddresses
• join_mount_opts
• localuser
• mapval
• nets2cidr
• nets2ddq
• parse_hosts
• passgen
• rand_cron
• simp_version
• slice_array
• strip_ports
• to_integer
• to_string
• validate_array_member
• validate_array_of_hashes
• validate_between
• validate_bool_simp
• validate_deep_hash
• validate_float
• validate_integer
• validate_macaddress
• validate_net_list
• validate_port
• validate_re_array
• validate_sysctl_value
• validate_umask
• validate_uri_list

array_include

Determine if the first passed array contains the contents of another array or string.

Example:

$arr_x = [ 'foo', 'bar' ]
$arr_y = [ 'foo', 'baz', 'bar' ]

if array_include($arr_x, $arr_y) {
  notice('this will be printed')
}
if array_include($arr_x, 'bar') {
  notice('this will be printed')
}
if array_include($arr_x, 'baz') {
  notice('this will not be printed')
}

Returns: boolean

array_size

Returns the number of elements in an array. If a string is passed, simply returns '1'.

This is in contrast to the Puppet Labs stdlib 'size' function which returns the size of an array or the length of a string when called.

Returns: integer

array_union

Return the union of two arrays.

Example:

$arr_x = ['1','2']
$arr_y = ['2','3','4']

$res = array_union($arr_x, $arr_y)

$res contains: ['1','2','3','4']

Returns: array

bracketize

Add brackets to IP addresses and arrays of IP addresses based on the rules for bracketing IPv6 addresses. Ignore anything that doesn't look like an IPv6 address.

Returns: string or array

deep_merge

Perform a deep merge on two passed hashes.

This code is shamelessly stolen from the guts of ActiveSupport::CoreExtensions::Hash::DeepMerge and munged together with the Puppet Labs stdlib 'merge' function.

Returns: hash

filtered

This function is deprecated and has been replaced by simplib::filtered.

data_hash variant

Hiera v5 backend that takes a list of allowed hiera key names, and only returns results from the underlying backend function that match those keys.

This allows hiera data to be delegated to end users in a multi-tenant environment without allowing them the ability to override every hiera data point (and potentially break systems)

Usage:

---
version: 5 # Specific version of hiera we are using, required for v4 and v5
defaults:  # Used for any hierarchy level that omits these keys.
  datadir: "data"         # This path is relative to hiera.yaml's directory.
  data_hash: "yaml_data"  # Use the built-in YAML backend.
hierarchy: # Each hierarchy consists of multiple levels
  - name: "OSFamily"
    path: "osfamily/%{facts.osfamily}.yaml"
  - name: "datamodules"
    data_hash: simplib::filtered
    datadir: "delegated-data"
    paths:
            - "%{facts.sitename}/osfamily/%{facts.osfamily}.yaml"
            - "%{facts.sitename}/os/%{facts.operatingsystem}.yaml"
            - "%{facts.sitename}/host/%{facts.fqdn}.yaml"
            - "%{facts.sitename}/common.yaml"
    options:
       function: yaml_data
       filter:
         - profiles::ntp::servers
         - profiles::.*
  - name: "Common"
    path: "common.yaml"

Returns: hash

generate_reboot_msg

Generate a reboot message from a passed hash.

Requires a hash of the following form:

{
  'id'  => 'reason',
  'id2' => 'reason2',
  ...
}

Will return a message such as:

A system reboot is required due to:
  id => reason
  id2 => reason2

Returns: hash

get_ports

Take an array of items that may contain port numbers and appropriately return the port portion. Works with hostnames, IPv4, and IPv6.

$foo = ['https://mysite.net:8443','http://yoursite.net:8081']

$bar = strip_ports($foo)

$bar contains: ['8443','8081']

Returns: array

h2n

Return an IP address for the passed hostname.

Returns: string

host_is_me

Detect if a local system identifier Hostname/IP address is contained in the passed whitespace delimited list. Whitespace and comma delimiters and passed arrays are accepted. 127.0.0.1 and ::1 are never matched, use 'localhost' or 'localhost6' for that if necessary.

Returns: boolean

inspect

This function is deprecated and has been replaced by simplib::inspect.

Prints out Puppet warning messages that displays the contents of the passed variable.

This is mainly meant for debugging purposes.

ipaddresses

This function is deprecated and has been replaced by simplib::ipaddresses.

Return an array of all IP addresses known to be associated with the client. If an argument is passed, and is not false, then only return non-local addresses.

Returns: array

ip_is_me

Detect if an IP address is contained in the passed whitespace delimited list.

Returns: boolean

ip_to_cron

This function is deprecated and has been replaced by simplib::ip_to_cron.

Provides a "random" value to cron based on the passed integer value. Used to avoid starting a certain cron job at the same time on all servers. If used with no parameters, it will return a single value between 0-59. first argument is the occurrence within a timeframe, for example if you want it to run 2 times per hour the second argument is the timeframe, by default its 60 minutes, but it could also be 24 hours etc

Pulled from: http://projects.puppetlabs.com/projects/puppet/wiki/Cron_Patterns/8/diff Author: ohadlevy@gmail.com License: None

Example:

ip_to_cron()     - returns one value between 0..59
ip_to_cron(2)    - returns an array of two values between 0..59
ip_to_cron(2,24) - returns an array of two values between 0..23

Returns: integer or array

join_mount_opts

This function is deprecated and has been replaced by simplib::join_mount_opts.

Merge two sets of 'mount' options in a reasonable fashion. The second set will always override the first.

Returns: string

localuser

Pull a pre-set password from a password list and return an array of user details associated with the passed hostname.

If the password starts with the string '\$1\$' and the length is 34 characters, then it will be assumed to be an MD5 hash to be directly applied to the system.

If the password is in plain text form, then it will be hashed and stored back into the source file for future use. The plain text version will be commented out in the file.

Arguments:

• filename Path to the file containing the local users
• hostname Host that you are trying to match against

Returns: array

mapval

Pull a mapped value from a text file. Must provide a Ruby regex!.

Returns: string

nets2cidr

This function is deprecated and has been replaced by simplib::nets2cidr.

Convert an array of networks into CIDR notation

Returns: array

nets2ddq

This function is deprecated and has been replaced by simplib::nets2ddq.

Convert an array of networks into dotted quad notation

Returns: array

parse_hosts

This function is deprecated and has been replaced by simplib::parse_hosts.

Take an array of items that may contain port numbers or protocols and return the host information, ports, and protocols. Works with hostnames, IPv4, and IPv6.

Example:

parse_hosts([ '1.2.3.4', '<http://1.2.3.4>', '<https://1.2.3.4:443>' ])

Returns: '1.2.3.4' => {
           ports => ['443'],
           protocols => {
             'http' => [],
             'https' => ['443']
           }
         }

---

NOTE

IPv6 addresses will be returned normalized with square brackets

---

Returns: hash

passgen

This function is deprecated and has been replaced by simplib::passgen.

Generates a random password string for a passed identifier. Uses Puppet[:environmentpath]/\$environment/simp_autofiles/gen_passwd/ as the destination directory.

The minimum length password that this function will return is 6
characters.

    Arguments: identifier, <modifier hash>; in that order.

    <modifier hash> may contain any of the following options:
      - 'last' => false(*) or true
        * Return the last generated password
      - 'length' => Integer
        * Length of the new password
      - 'hash' => false(*), true, md5, sha256 (true), sha512
        * Return a hash of the password instead of the password itself.
      - 'complexity' => 0(*), 1, 2
        * 0 => Use only Alphanumeric characters in your password (safest) 1 =>
        * Add reasonably safe symbols 2 => Printable ASCII

    If no, or an invalid, second argument is provided then it will return the
    currently stored string.

Returns: string

rand_cron

This function is deprecated and has been replaced by simplib::rand_cron.

Provides a "random" value to cron based on the passed integer value. Used to avoid starting a certain cron job at the same time on all servers. If used with no parameters, it will return a single value between 0-59 first argument is the occurrence within a timeframe, for example if you want it to run 2 times per hour the second argument is the timeframe, by default its 60 minutes, but it could also be 24 hours etc

Based on: http://projects.puppetlabs.com/projects/puppet/wiki/Cron_Patterns/8/diff Author: ohadlevy@gmail.com License: None Posted

Example:

int_to_cron('100')     - returns one value between 0..59 based on the value 100
int_to_cron(100,2)    - returns an array of two values between 0..59 based on the value 100
int_to_cron(100,2,24) - returns an array of two values between 0..23 based on the value 100

Returns: integer or array

simp_version

Return the version of SIMP that this server is running.

Returns: string

slice_array

Split an array into an array of arrays that contain groupings of 'max_length' size. This is similar to 'each_slice' in newer versions of Ruby.

  * Options *

  to_slice => The array to slice. This will be flattened if necessary.

  max_length => The maximum length of each slice.

  split_char => An optional character upon which to count sub-elements
  as multiples. Only one per subelement is supported.

Returns: array of arrays

strip_ports

This function is deprecated and has been replaced by simplib::strip_ports.

Take an array of items that may contain port numbers and appropriately return the non-port portion. Works with hostnames, IPv4, and IPv6.

$foo = ['https://mysite.net:8443',
        'http://yoursite.net:8081',
        'https://theirsite.com']

$bar = strip_ports($foo)

$bar contains: ['https://mysite.net','http://yoursite.net','theirsite.com']

Returns: array

to_integer

This function is deprecated and has been replaced by simplib::to_integer.

Converts the argument into an Integer.

Only works if the passed argument responds to the to_i() Ruby method.

Returns: integer

to_string

This function is deprecated and has been replaced by simplib::to_string.

Converts the argument into a String.

Only works if the passed argument responds to the to_s() Ruby method.

Returns: string

validate_array_of_hashes

Validate that the passed argument is either an empty array or an array that only contains hashes.

Examples:

validate_array_of_hashes([{'foo' => 'bar'}]) # => OK
validate_array_of_hashes([])                 # => OK
validate_array_of_hashes(['FOO','BAR'])      # => BAD

Returns: boolean

validate_array_member

This function is deprecated and has been replaced by simplib::validate_array_member

Validate that the first string (or array) passed is a member of the second array passed. An optional third argument of i can be passed, which ignores the case of the objects inside the array.

Examples:

validate_array_member('foo',['foo','bar'])     # => true
validate_array_member('foo',['FOO','BAR'])     # => false

#Optional 'i' as third object, ignoring case of FOO and BAR#

validate_array_member('foo',['FOO','BAR'],'i') # => true

Returns: boolean

validate_between

This function is deprecated and has been replaced by simplib::validate_between

Validate that the first value is between the second and third values numerically.

This is a pure Ruby comparison, not a human comparison.

Returns: boolean

validate_bool_simp

This function is deprecated and has been replaced by simplib::validate_bool

Validate that all passed values are either true or false. Abort catalog compilation if any value fails this check.

Modified from the stdlib validate_bool to handle the strings 'true' and 'false'.

The following values will pass:

$iamtrue = true

validate_bool(true)
validate_bool("false")
validate_bool("true")
validate_bool(true, 'true', false, $iamtrue)

The following values will fail, causing compilation to abort:

$some_array = [ true ]

validate_bool($some_array)

Returns: boolean

validate_deep_hash

This function is deprecated and has been replaced by simplib::validate_deep_hash

Perform a deep validation on two passed hashes.

The first hash is the one to validate against, and the second is the one being validated. The first hash (i.e. the source) exists to define a valid structure and potential regular expression to validate against, or to skip an entry. Arrays of values will match each entry to the given regular expression. Below are examples of a source hash and a hash to compare against it:

    'source' = {
       'foo' => {
         'bar' => {
           #NOTE: Use single quotes for regular expressions
           'baz' => '^\d+$',
           'abc' => '^\w+$',
           'def' => nil #NOTE: not 'nil' in quotes
         },
         'baz' => {
           'xyz' => '^true|false$'
         }
       }
     }

    'to_check' = {
       'foo' => {
         'bar' => {
           'baz' => '123',
           'abc' => [ 'these', 'are', 'words' ],
           'def' => 'Anything will work here!'
         },
         'baz' => {
           'xyz' => 'false'
         }
       }

This fails because we expect the value of 'foo' to be a series of digits, not letters.

Additionally, all keys must be defined in the source hash that is being validated against. Unknown keys in the hash being compared will cause a

Returns: boolean

validate_float

Validates whether the passed argument is a float.

Returns: boolean

validate_integer

Validates whether the passed argument is an integer.

Returns: boolean

validate_macaddress

This function is deprecated and has been replaced by Simplib::Macaddress data type.

Validate that all passed values are valid MAC addresses.

The following values will pass:

$macaddress = 'CA:FE:BE:EF:00:11'

validate_macaddress($macaddress)
validate_macaddress($macaddress,'00:11:22:33:44:55')
validate_macaddress([$macaddress,'00:11:22:33:44:55'])

Returns: boolean

validate_port

This function is deprecated and has been replaced by simplib::validate_port

Validates whether the passed argument is a valid port (i.e. between 1 - 65535).

The following values will pass:

$port = '10541'
$ports = ['5555', '7777', '1', '65535']

validate_port($port)
validate_port($ports)
validate_port('11', '22')

The following values will not pass:

validate_port('0')
validate_port('65536')

Returns: boolean

validate_net_list

This function is deprecated and has been replaced by simplib::validate_net_list

Validate that a passed list (Array or single String) of networks is filled with valid IP addresses or hostnames. Hostnames are checked per RFC 1123. Ports appended with a colon (:) are allowed.

There is a second, optional argument that is a regex of strings that should be ignored from the list. Omit the beginning and ending '/' delimiters.

The following values will pass:

$trusted_nets = ['10.10.10.0/24','1.2.3.4','1.3.4.5:400']
validate_net_list($trusted_nets)

$trusted_nets = '10.10.10.0/24'
validate_net_list($trusted_nets)

$trusted_nets = ['10.10.10.0/24','1.2.3.4','any','ALL']
validate_net_list($trusted_nets,'^(any|ALL)$')

The following values will fail:

$trusted_nets = '10.10.10.0/24,1.2.3.4'
validate_net_list($trusted_nets)

$trusted_nets = 'bad stuff'
validate_net_list($trusted_nets)

Returns: boolean

validate_re_array

This function is deprecated and has been replaced by simplib::validate_re_array

Perform simple validation of a string, or array of strings, against one or more regular expressions. The first argument of this function should be a string to test, and the second argument should be a stringified regular expression (without the // delimiters) or an array of regular expressions. If none of the regular expressions match the string passed in, compilation will abort with a parse error.

If a third argument is specified, this will be the error message raised and seen by the user.

The following strings will validate against the regular expressions:

validate_re_array('one', '^one$')
validate_re_array('one', [ '^one','^two' ])
validate_re_array(['one','two'], [ '^one', '^two' ])

The following strings will fail to validate, causing compilation to abort:

validate_re_array('one', [ '^two', '^three' ])

A helpful error message can be returned like this:

validate_re_array($::puppetversion, '^2.7', 'The $puppetversion fact
value does not match 2.7')

Returns: boolean

validate_sysctl_value

This function is deprecated and has been replaced by simplib::validate_sysctl_value

Validate that the passed value is correct for the passed sysctl key.

If a key is not know, simply returns that the value is valid.

Example:

Returns: boolean

validate_umask

This function is deprecated and has been replaced by Simplib::Umask data type.

Validate that the passed value is a valid umask string.

Examples:

$val = '0077' validate_umask($val) # => OK

$val = '0078' validate_umask($val) # => BAD

Returns: boolean

validate_uri_list

This function is deprecated and has been replaced by simplib::validate_uri_list

Usage: validate_uri_list([LIST],[])

Validate that a passed list (Array or single String) of URIs is valid according to Ruby's URI parser.

The following values will pass:

$uris = [http://foo.bar.baz:1234','ldap://my.ldap.server']
validate_uri_list($uris)

$uris = ['ldap://my.ldap.server','ldaps://my.ldap.server']
validate_uri_list($uris,['ldap','ldaps'])

Returns: boolean

Types

• ftpusers
• init_ulimit
• prepend_file_line
• reboot_notify
• runlevel
• script_umask
• simp_file_line

ftpusers

Adds all system users to the named file, preserving any other entries currently in the file.

Example:

  # This will add all users in /etc/passwd with uid < 500
  # and 'nobody' and 'jim' to the file '/etc/ftpusers'
  #
  ftpusers { '/etc/ftpusers':
    min_id      => 500,
    always_deny => ['nobody', 'jim'],
    require     => File['/etc/ftpusers']
  }

init_ulimit

This type is for systems that do not support systemd.

Updates the ulimit settings in init scripts.

Examples:

  # limit long name
  init_ulimit { 'rsyslog':
    ensure     => 'present',
    limit_type => 'both'
    item       => 'max_open_files',
    value      => 'unlimited'
  }

  # limit short name
  init_ulimit { 'rsyslog':
    item       => 'n',
    value      => 'unlimited'
  }

prepend_file_line

Prepends a whole line to a file, if the file does not already contain the line.

Example:

  file_prepend_line { 'sudo_rule':
    path => '/etc/sudoers',
    line => '%admin ALL=(ALL) ALL',
  }

reboot_notify

Notifies users when a system reboot is required.

• This type creates a file with contents that provide a summary of the reasons why the system requires a reboot.
• This type will only register entries on refresh. Any other use of the type will not report the necessary reboot.
• A reboot notification will be printed at each Puppet run until the system is successfully rebooted

Examples:

  reboot_notify { 'selinux':
    reason    => 'A reboot is required to completely modify selinux state',
    subscribe => Selinux_state['set_selinux_state']
  }

runlevel

Changes the system runlevel by re-evaluating the inittab or systemd link.

Examples:

  # Set the current level and the default level to mulit-user
  runlevel { '3': persist => true, }

  # Set the current level to graphical
  runlevel { 'graphical':
    persist => false
  }

script_umask

Alters the umask settings in the passed file, if a umask line exists.

Examples:

  script_umask { '/usr/local/myscript.sh':
      umask => 077
  }

simp_file_line

Ensures that a given line is contained within a file. The implementation matches the full line, including whitespace at the beginning and end. If the line is not contained in the given file, Puppet will add the line to ensure the desired state. Multiple resources may be declared to manage multiple lines in the same file.

This is an enhancement to the stdlib file_line that allows for the following additional options:

• prepend Whether to prepend the line instead of appending it, if not using the match option.
• deconflict Whether to not execute if there is a file resource that already manipulates the content of the target file.

Examples:

  # This will add both lines to /etc/sudoers
  simp_file_line { 'sudo_rule':
    path => '/etc/sudoers',
    line => '%sudo ALL=(ALL) ALL',
  }
  simp_file_line { 'sudo_rule_nopw':
    path => '/etc/sudoers',
    line => '%sudonopw ALL=(ALL) NOPASSWD: ALL',
  }

  # This will not add the line
  file { '/tmp/myfile':
    content => 'junk content',
  }
  simp_file_line { 'junk':
    path => '/tmp/myfile',
    line => 'What a beautiful day'
  }

  # This will  add the line
  file { '/tmp/myfile':
    content => 'junk content',
    replace => false
  }
  simp_file_line { 'junk':
    path => '/tmp/myfile',
    line => 'What a beautiful day'
  }

Data Types

The following Puppet 4 compatible Data Types have been added for convenience and validation across the SIMP code base.

• Simplib::Domain

  • Valid DNS domain names (RFC 3696, Section 2). Examples:
    • example.com

• Simplib::Domainlist

  • List of valid domains (RFC 3696, Section 2)

• Simplib::EmailAddress

  • Simple e-mail address validator. Examples:
    • foo@bar.com

• Simplib::Host

  • A single Host or an IP Address. Examples:
    • 1.2.3.4
    • my-host.com

• Simplib::Host::Port

  • A single Host or an IP Address with a Port. Examples:
    • 1.2.3.4:80
    • my-host.com:443

• Simplib::Hostname

  • A hostname, Unicode hostnames are not currently supported. Examples:
    • my-host.com
    • aa.bb

• Simplib::Hostname::Port

  • A single Hostname with a Port. Examples:
    • my-host.com:443

• Simplib::IP

  • An IP Address. Examples:
    • 1.2.3.4
    • 2001:0db8:85a3:0000:0000:8a2e:0370:7334

• Simplib::IP::CIDR

  • An IPv4 or IPv6 Address with a CIDR Subnet. Examples:
    • 1.2.3.4/24
    • 2001:0db8:85a3:0000:0000:8a2e:0370:7334/96

• Simplib::IP::Port

  • An IP Address (V4 or V6) with a Port. Examples:
    • 1.2.3.4:80
    • [2001:db8:85a3:8d3:1319:8a2e:370:7348]:443

• Simplib::IP::V4

  • An IPv4 Address. Examples:
    • 1.2.3.4

• Simplib::IP::V4::CIDR

  • An IPv4 Address with a CIDR Subnet. Examples:
    • 1.2.3.4/24

• Simplib::IP::V4::DDQ

  • An IPv4 Address with a Dotted Quad Subnet. Examples:
    • 1.2.3.4/255.255.0.0

• Simplib::IP::V4::Port

  • An IPv4 Address with an attached Port. Examples:
    • 1.2.3.4:443

• Simplib::IP::V6

  • An IPv6 Address. Examples:
    • ::1
    • 2001:0db8:85a3:0000:0000:8a2e:0370:7334
    • [::1]
    • [2001:0db8:85a3:0000:0000:8a2e:0370:7334]

• Simplib::IP::V6::Base

  • A regular IPv6 Address. Examples:
    • ::1
    • 2001:0db8:85a3:0000:0000:8a2e:0370:7334

• Simplib::IP::V6::Bracketed

  • A bracketed IPv6 Address. Examples:
    • [::1]
    • [2001:0db8:85a3:0000:0000:8a2e:0370:7334]

• Simplib::IP::V6::CIDR

  • An IPv6 address with a CIDR subnet. Examples:
    • 2001:0db8:85a3:0000:0000:8a2e:0370:7334/96

• Simplib::IP::V6::Port

  • An IPv6 address with an attached Port. Examples:
    • [2001:0db8:85a3:0000:0000:8a2e:0370:7334]:443

• Simplib::Macaddress

  • A MAC address. Examples:
    • CA:FE:BE:EF:00:11
    • ca:fe:be:ef:00:11

• Simplib::Netlist

  • An Array of network-relevant entries
    • Hostname
    • IPv4
    • IPv4 with Subnet
    • IPv4 with Port
    • IPv6
    • IPv4 with Subnet
    • IPv4 with Port

• Simplib::Netlist::Host

  • An Array of Hosts
    • Hostname
    • IPv4
    • IPv6

• Simplib::Netlist::IP

  • An Array of IP Addresses
    • IPv4
    • IPv6

• Simplib::Netlist::IP::V4

  • An Array of IPv4 Addresses

• Simplib::Netlist::IP::V6

  • An Array of IPv6 Addresses

• Simplib::Netlist::Port

  • An Array of Hosts with Ports

• Simplib::PackageEnsure

  • Valid ensure values for a Package resource. Examples:
    • absent
    • latest

• Simplib::Port

  • A Port Number

• Simplib::Port::Dynamic

  • Port in the unprivileged port range [49152, 65535]

• Simplib::Port::Random

  • Port 0 which has different behaviors but usually binds to a random port

• Simplib::Port::System

  • Port in the system privileged port range [1, 1024]

• Simplib::Port::User

  • Port available to users in the unprivileged port ranges [1025, 49151] and [49153, 65534]

• Simplib::Puppet::Metadata::OS_support

  • The 'operating_support' data structure in a Puppet module's metadata.json

• Simplib::Serverdistribution

  • Valid options for a Puppet server distribution
    • PC1
    • PE

• Simplib::Syslog::CFacility

  • A syslog log facility, in the form expected by syslog(3). Examples:
    • LOG_KERN
    • LOG_LOCAL6

• Simplib::Syslog::CPriority

  • A syslog log priority, in the form expected by syslog(3). Examples:
    • LOG_KERN.LOG_INFO
    • LOG_LOCAL6.LOG_WARNING

• Simplib::Syslog::CSeverity

  • A syslog log severity, in the form expected by syslog(3). Examples:
    • LOG_INFO
    • LOG_WARNING

• Simplib::Syslog::Facility

  • A syslog log facility, in either all uppercase or all lowercase.. Examples:
    • kern
    • local6
    • LOCAL6

• Simplib::Syslog::LowerFacility

  • A syslog log facility, in all lowercase. Examples:
    • auth
    • local4

• Simplib::Syslog::UpperFacility

  • A syslog log facility, in all uppercase. Examples:
    • MAIL
    • LOCAL7

• Simplib::Syslog::Severity

  • A syslog severity level, in either all uppercase or all lowercase. Examples:
    • info
    • WARNING

• Simplib::Syslog::LowerSeverity

  • A syslog severity level, in all lowercase. Examples:
    • info
    • emerg

• Simplib::Syslog::UpperSeverity

  • A syslog severity level, in all uppercase. Examples:
    • DEBUG
    • WARNING

• Simplib::Syslog::Priority

  • A syslog priority destination, in format 'facility.severity' and in either all uppercase or all lowercase. This type only accepts the keyword facilities and severities. Examples:
    • mail.info
    • KERN.EMERG

• Simplib::Syslog::LowerPriority

  • A syslog priority destination, in format 'facility.severity' and in only all lowercase. This type only accepts the keyword facilities and severities. Examples:
    • mail.info
    • user.err

• Simplib::Syslog::UpperPriority

  • A syslog priority destination, in format 'facility.severity' and in only all uppercase. This type only accepts the keyword facilities and severities. Examples:
    • SYSLOG.WARNING
    • AUTHPRIV.INFO

• Simplib::Umask

  • A valid Umask

• Simplib::URI

  • A valid URI string (lightly sanity checked)

Stages

simplib::stages are added to ensure that anyone using the stdlib stages are not tripped up by any SIMP modules that may enable, or disable, various system, components; particularly ones that require a reboot.

Added Stages:

• simp_prep -> Comes before stdlib's setup stage
• simp_finalize -> Comes after stdlib's deploy stage

Development

Please read our Contribution Guide and visit our Developer Wiki

If you find any issues, they can be submitted to our JIRA.

System Integrity Management Platform

Reference

Table of Contents

Classes

• simplib::reboot_notify: This is a simple controller class for global settings related to the 'reboot_notify' custom type
• simplib::stages: This class expands on the Puppet Stdlib stages to add a few levels that we found necessary when developing various SIMP modules that had glob

Defined types

• simplib::install: Manage packages based on Hash input This has been created as a Defined Type so that it can be properly referenced in manifest ordering

Resource types

• ftpusers: Adds all system users to the named file, preserving any other entries currently in the file.
• init_ulimit: Please use the systemd module for systems that support systemd Update ulimit settings in init scripts. The resource name does h
• prepend_file_line: Type that can prepend whole a line to a file if it does not already contain it. Example: file_prepend_line { 'sudo_rule': path => '/etc/s
• reboot_notify: Notifies users when a system reboot is required. This type creates a file at $target the contents of which provide a summary of the reasons
• runlevel: Changes the system runlevel by re-evaluating the inittab or systemd link. Arguments: name - the runlevel to evaluate for the system persi
• script_umask: Alters the umask settings in the passed file.
• simp_file_line: Ensures that a given line is contained within a file. The implementation matches the full line, including whitespace at the beginning and en

Functions

• array_include: Determine if the first passed array contains the contents of another array or string.
• array_size: Returns the number of elements in an Array. If a String is passed, simply returns 1. This is in contrast to the Puppet Labs stdlib
• array_union: Return the union of two Arrays.
• bracketize: Add brackets to IP addresses and Arrays of IP addresses based on the rules for bracketing IPv6 addresses. Ignore anything that does not lo
• deep_merge: Perform a deep merge on two passed Hashes. This code is shamelessly stolen from the guts of `ActiveSupport::CoreExtensions::Hash::DeepMerg
• generate_reboot_msg: Generate a reboot message from a passed Hash. Requires a Hash of the following form: ``ruby { 'id' => 'reason', 'id2' => 'reason2'
• get_ports: Take an Array of items that may contain port numbers and appropriately return the port portion. Works with hostnames, IPv4, and IPv6.
• h2n: Takes a single hostname and returns the associated IP address if it can determine it. If it cannot be determined, simply returns the passe
• host_is_me: Detect if a local system identifier Hostname/IP address is contained in the passed whitespace delimited list. Whitespace and comma delimiter
• inspect: Prints out Puppet warning messages that display the passed variable. This is mainly meant for debugging purposes.
• ip_is_me: Detect if an IP address is contained in the passed whitespace delimited String.
• ip_to_cron: Provides a "random" value to cron based on the passed Integer value. Used to avoid starting a certain cron job at the same time on all s
• ipaddresses: Return an Array of all IP addresses known to be associated with the client. If an argument is passed, and is not false, then only return
• join_mount_opts: Merge two sets of mount options in a reasonable fashion. The second set will always override the first.
• localuser: Pull a pre-set password from a password list and return an array of user details associated with the passed hostname. If the password star
• mapval: This function pulls a mapped value from a text file with the format: <key> | <value> Only the last value matched will be returned
• nets2cidr: Take an input Array of networks and returns an equivalent Array in CIDR notation. It can also accept a String separated by spaces, com
• nets2ddq: Take an input Array of networks and returns an equivalent Array in Dotted Quad notation. It can also accept a String separated by spac
• parse_hosts: Take an Array of items that may contain port numbers or protocols and return the host information, ports, and protocols. Works with Hostna
• passgen: Generates a random password string for a passed identifier. Uses Puppet[:vardir]/simp/environments/$environment/simp_autofiles/gen_passwd/
• rand_cron: Provides a 'random' value to cron based on the passed Integer value. Used to avoid starting a certain cron job at the same time on all
• simp_version: Return the version of SIMP that this server is running
• simplib::assert_metadata: Fails a compile if the client system is not compatible with the module's metadata.json
• simplib::deprecation: Function to print deprecation warnings, logging a warning once for a given key. Messages can be enabled if the SIMPLIB_LOG_DEPRECATIONS envi
• simplib::filtered: Hiera v5 backend that takes a list of allowed hiera key names, and only returns results from the underlying backend function that match those
• simplib::gen_random_password: Generates a random password string. Terminates catalog compilation if the password cannot be created in the allotted time.
• simplib::hash_to_opts: Turn a hash into a options string, for use in a shell command
• simplib::inspect: Prints the passed variable's Ruby type and value for debugging purposes This uses a Notify resource to print the information during the
• simplib::ip_to_cron: Transforms an IP address to one or more interval values for cron. This can be used to avoid starting a certain cron job at the same time
• simplib::ipaddresses: Return an Array of all IP addresses known to be associated with the client, optionally excluding local addresses.
• simplib::join_mount_opts: Merge two sets of mount options in a reasonable fashion, giving precedence to the second set.
• simplib::knockout: uses the knockout prefix of '--' to remove elements from an array.
• simplib::ldap::domain_to_dn: Generates a LDAP Base DN from a domain
• simplib::lookup: A function for falling back to global scope variable lookups when the Puppet 4 lookup() function cannot find a value. While lookup()
• simplib::mock_data: A mock data function
• simplib::module_exist: Determines if a module exists in the current environment
• simplib::nets2cidr: Take an input list of networks and returns an equivalent Array in CIDR notation. Hostnames are passed through untouched. Terminates ca
• simplib::nets2ddq: Tranforms a list of networks into an equivalent array in dotted quad notation. * CIDR networks are converted to dotted quad notation network
• simplib::parse_hosts: Convert an Array of items that may contain port numbers or protocols into a structured Hash of host information. * Works with Hostnames
• simplib::passgen: Generates/retrieves a random password string or its hash for a passed identifier. * Uses `Puppet.settings[:vardir]/simp/environments/$enviro
• simplib::rand_cron: Transforms an input string to one or more interval values for cron. This can be used to avoid starting a certain cron job at the same tim
• simplib::strip_ports: Extract list of unique hostnames and/or IP addresses from an Array of hosts, each of which may may contain protocols and/or port numbers T
• simplib::to_integer: Converts the argument into an Integer. Terminates catalog compilation if the argument's class does not respond to the to_i() Ruby method
• simplib::to_string: Converts the argument into a String.
• simplib::validate_array_member: Validate that an single input is a member of another Array or an Array input is a subset of another Array. * The comparison can option
• simplib::validate_between: Validate that the first value is between the second and third values numerically. The range is inclusive. Terminates catalog compilation if
• simplib::validate_bool: Validate that all passed values are either true, 'true', false or 'false'. Terminates catalog compilation if validation fails.
• simplib::validate_deep_hash: Perform a deep validation on two passed Hashes. All keys must be defined in the reference Hash that is being validated against. Un
• simplib::validate_net_list: Validate that a passed list (Array or single String) of networks is filled with valid IP addresses, network addresses (CIDR notation), or
• simplib::validate_port: Validates whether each passed argument contains valid port(s). * Each element of each argument must, numerically, be in the range [1, 6553
• simplib::validate_re_array: Perform simple validation of a String, or Array of Strings, against one or more regular expressions. * Derived from the Puppet Labs st
• simplib::validate_sysctl_value: Validate that the passed value is correct for the passed sysctl key. If a key is not known, assumes the value is valid. Terminates cat
• simplib::validate_uri_list: Validate that a passed list (Array or single String) of URIs is valid according to Ruby's URI parser. * Caution: No scheme (protocol
• simplib_deprecation: Function to print deprecation warnings for 3.X functions. The first argument is the uniqueness key, which allows deduping of messages. The se
• slice_array: Split an Array into an array of arrays that contain groupings of max_length size. This is similar to each_slice in newer versions of Ru
• strip_ports: Take an Array of items that may contain port numbers and appropriately return the non-port portion. Works with hostnames, IPv4, and IPv6.
• to_integer: Converts the argument into an Integer. Only works if the passed argument responds to the to_i() Ruby method.
• to_string: Converts the argument into a String. Only works if the passed argument responds to the to_s() Ruby method.
• validate_array_member: Validate that the first String (or Array) passed is a member of the second Array passed. An optional third argument of i can be passed,
• validate_array_of_hashes: Validate that the passed argument is either an empty Array or an Array that only contains Hashes.
• validate_between: Validate that the first value is between the second and third values numerically. This is a pure Ruby comparison, not a human comparison
• validate_bool_simp: Validate that all passed values are either true or false. Abort catalog compilation if any value fails this check. Modified from the st
• validate_deep_hash: Perform a deep validation on two passed Hashes. The first Hash is the one to validate against, and the second is the one being validated
• validate_float: Validates whether or not the passed argument is a float
• validate_integer: Validates that the passed argument is an Integer.
• validate_macaddress: Validate that all passed values are valid MAC addresses.
• validate_net_list: Validate that a passed list (Array or single String) of networks is filled with valid IP addresses or hostnames. Hostnames are checked pe
• validate_port: Validates whether or not the passed argument is a valid port (i.e. between 1 - 65535).
• validate_re_array: Perform simple validation of a String, or Array of Strings, against one or more regular expressions. The first argument of this functio
• validate_sysctl_value: Validate that the passed value is correct for the passed sysctl key. If a key is not known, simply returns that the value is valid.
• validate_umask: Validate that the passed String is a valid umask
• validate_uri_list: Usage: validate_uri_list([LIST],[<VALID_SCHEMES>]) Validate that a passed list (Array or single String) of URIs is valid according to Ru

Classes

simplib::reboot_notify

This is a simple controller class for global settings related to the 'reboot_notify' custom type

Parameters

The following parameters are available in the simplib::reboot_notify class.

log_level

Data type: Simplib::PuppetLogLevel

The Puppet log_level to use when generating output

To change the level of the reboot_notify messages add this class to the class list in hiera and set simplib::reboot_notify::log_level to the level you want.

• Set to log_level todebug if you wish to disable output unless you're running in debug mode.

Default value: 'notice'

simplib::stages

This class expands on the Puppet Stdlib stages to add a few levels that we found necessary when developing various SIMP modules that had global ramifications.

Primarily, we wanted to ensure that anyone using the stdlib stages was not tripped up by any of our modules that may enable, or disable, various system, components; particularly ones that require a reboot.

Added Stages:

• simp_prep -> Comes before stdlib's setup
• simp_finalize -> Comes after stdlib's deploy

Defined types

simplib::install

Manage packages based on Hash input

This has been created as a Defined Type so that it can be properly referenced in manifest ordering

Parameters

The following parameters are available in the simplib::install defined type.

packages

Data type: Hash[String[1], Optional[Hash]]

Hash of the packages to install

• If just a key is provided, will apply package_ensure to the item
• A value may be provided to the package name key that will be passed along as the arguments for resource creation.
• A special entry called defaults can be provided that will set the default package options for all packages in the Hash

@example Adding a package to be installed simplib::install({ 'my_package' => undef })

defaults

Data type: Hash[String[1], String[1]]

A Hash of default parameters to apply to all $packages

• This will be overridden by any options applied to individual packages

@example Adding some packages with defaults simplib::install(

# The package list
{
  'pkg1' => {
    'ensure' => 'installed'
  },
  'pkg2' => undef
},
# The defaults
{
  'ensure'      => 'latest',
  'configfiles' => 'replace'
}

)

Default value: { 'ensure' => 'present' }

Resource types

ftpusers

Adds all system users to the named file, preserving any other entries currently in the file.

Properties

The following properties are available in the ftpusers type.

to_write

Ignored, auto-populated from /etc/passwd

Default value: default

Parameters

The following parameters are available in the ftpusers type.

name

namevar

The file to which to write the values

min_id

The UID below which all values will be considered system users

Default value: 500

always_deny

Entries to always add to the file

Default value: ['nobody','nfsnobody']

init_ulimit

Please use the systemd module for systems that support systemd

Update ulimit settings in init scripts.

The resource name does have to be unique but is meaningless.

Valid limit_type names are:

• b|socket_buffer_size
• c|max_core_size
• d|max_data_segment
• e|max_nice
• f|max_file_size
• i|max_pending_signals
• l|max_memory_lock_size
• m|max_resident_set_size
• n|max_open_files (default)
• p|max_queue_size
• r|max_real_time_pri
• s|max_stack_size
• t|max_cpu_time
• u|max_num_procs
• v|max_virt_memory
• x|max_file_locks
• T|max_threads

All of these are explained in the ulimit section of bash_builtins(1)

The parameter names are taken from the descriptive field names used in limits.conf.

Examples

Long Names

init_ulimit { 'rsyslog':
  ensure     => 'present',
  limit_type => 'both'
  item       => 'max_open_files',
  value      => 'unlimited'
}

Short Names

init_ulimit { 'rsyslog':
  item       => 'n',
  value      => 'unlimited'
}

Properties

The following properties are available in the init_ulimit type.

ensure

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

value

Valid values: hard, soft, unlimited, /^\d+$/

The value to which to set the new limit.

Parameters

The following parameters are available in the init_ulimit type.

name

A unique name for the resource

target

namevar

The service that will be modified. If you specify a full path, that will be used instead.

limit_type

Valid values: soft, hard, both

The limit type: hard|soft|both

Default value: both

item

namevar

The system limit resource to modify

Default value: max_open_files

prepend_file_line

Type that can prepend whole a line to a file if it does not already contain it.

Example:

file_prepend_line { 'sudo_rule': path => '/etc/sudoers', line => '%admin ALL=(ALL) ALL', }

Properties

The following properties are available in the prepend_file_line type.

ensure

Valid values: present

The basic property that the resource should be in.

Default value: present

Parameters

The following parameters are available in the prepend_file_line type.

name

namevar

arbitrary name used as identity

line

The line to be prepended to the path.

path

File to possibly prepend a line to.

reboot_notify

Notifies users when a system reboot is required.

This type creates a file at $target the contents of which provide a summary of the reasons why the system requires a reboot.

NOTE: This type will only register entries on refresh. Any other use of the type will not report the necessary reboot.

A reboot notification will be printed at each puppet run until the system is successfully rebooted.

Properties

The following properties are available in the reboot_notify type.

ensure

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

Parameters

The following parameters are available in the reboot_notify type.

name

namevar

The item that is being modified that requires a reboot

reason

An optional reason for rebooting

Default value: modified

control_only

Valid values: true, false, yes, no

This resource is only for control and should not add an item to the notification list

You may only have ONE resource with this set to true in your catalog

Default value: false

log_level

Valid values: alert, crit, debug, notice, emerg, err, info, warning

Set the message log level for notifications

This is only active with :control_only set to true

Default value: notice

runlevel

Changes the system runlevel by re-evaluating the inittab or systemd link. Arguments:

name

• the runlevel to evaluate for the system

persist

• boolean value that determines whether or not to set as the default runlevel of the system

Example:

runlevel { '3': persist => true, }

Properties

The following properties are available in the runlevel type.

level

Valid values: /^[1-5]$/, rescue, multi-user, graphical, default

The target runlevel of the system. Defaults to what is specified in :name

Default value: default

persist

Valid values: true, false

Whether or not to save the runlevel as default.

Default value: true

Parameters

The following parameters are available in the runlevel type.

name

Valid values: /^[1-5]$/, rescue, multi-user, graphical

namevar

The target runlevel of the system

transition_timeout

Valid values: /^\d+$/

How many seconds to wait for a runlevel switch before failing

Default value: 60

script_umask

Alters the umask settings in the passed file.

Properties

The following properties are available in the script_umask type.

umask

Valid values: /^[0-7]{3,4}$/

The umask that should be set in the target file.

Default value: 077

Parameters

The following parameters are available in the script_umask type.

name

namevar

The file to alter.

simp_file_line

Ensures that a given line is contained within a file. The implementation matches the full line, including whitespace at the beginning and end. If the line is not contained in the given file, Puppet will add the line to ensure the desired state. Multiple resources may be declared to manage multiple lines in the same file.

Example:

simp_file_line { 'sudo_rule':
  path => '/etc/sudoers',
  line => '%sudo ALL=(ALL) ALL',
}
simp_file_line { 'sudo_rule_nopw':
  path => '/etc/sudoers',
  line => '%sudonopw ALL=(ALL) NOPASSWD: ALL',
}

In this example, Puppet will ensure both of the specified lines are contained in the file /etc/sudoers.

This is an enhancement to the stdlib file_line that allows for the following additional options:

• prepend => [binary] Prepend the line instead of appending it if not using 'match'
• deconflict => [binary] Do not execute if there is a file resource that already manipulates the content of the target file.

Properties

The following properties are available in the simp_file_line type.

ensure

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

Parameters

The following parameters are available in the simp_file_line type.

name

namevar

An arbitrary name used as the identity of the resource.

match

An optional regular expression to run against existing lines in the file. If a match is found, we replace that line rather than adding a new line.

line

The line to be added to the file located by the path parameter.

path

The file Puppet will ensure contains the line specified by the line parameter.

deconflict

Valid values: true, false

Do not execute this type if there is a file type that already manages the content of the target file unless $replace == false

Default value: false

prepend

Valid values: true, false

Prepend the line to the file if not using match

Default value: false

Functions

array_include

Type: Ruby 3.x API

Determine if the first passed array contains the contents of another array or string.

array_include()

Determine if the first passed array contains the contents of another array or string.

Returns: Boolean

array_size

Type: Ruby 3.x API

Returns the number of elements in an Array. If a String is passed, simply returns 1.

This is in contrast to the Puppet Labs stdlib size() function which returns the size of an Array or the length of a String when called.

array_size()

Returns the number of elements in an Array. If a String is passed, simply returns 1.

This is in contrast to the Puppet Labs stdlib size() function which returns the size of an Array or the length of a String when called.

Returns: Integer

array_union

Type: Ruby 3.x API

Return the union of two Arrays.

array_union()

Return the union of two Arrays.

Returns: Array

bracketize

Type: Ruby 3.x API

Add brackets to IP addresses and Arrays of IP addresses based on the rules for bracketing IPv6 addresses.

Ignore anything that does not look like an IPv6 address.

bracketize()

Add brackets to IP addresses and Arrays of IP addresses based on the rules for bracketing IPv6 addresses.

Ignore anything that does not look like an IPv6 address.

Returns: Variant[String, Array[String]]

deep_merge

Type: Ruby 3.x API

Perform a deep merge on two passed Hashes.

This code is shamelessly stolen from the guts of ActiveSupport::CoreExtensions::Hash::DeepMerge and munged together with the Puppet Labs stdlib merge() function.

deep_merge()

Perform a deep merge on two passed Hashes.

This code is shamelessly stolen from the guts of ActiveSupport::CoreExtensions::Hash::DeepMerge and munged together with the Puppet Labs stdlib merge() function.

Returns: Hash

generate_reboot_msg

Type: Ruby 3.x API

Generate a reboot message from a passed Hash.

Requires a Hash of the following form:

ruby { 'id' => 'reason', 'id2' => 'reason2', ... }

Will return a message such as:

A system reboot is required due to: id => reason id2 => reason2

generate_reboot_msg()

Generate a reboot message from a passed Hash.

Requires a Hash of the following form:

ruby { 'id' => 'reason', 'id2' => 'reason2', ... }

Will return a message such as:

A system reboot is required due to: id => reason id2 => reason2

Returns: Strin Strin

get_ports

Type: Ruby 3.x API

Take an Array of items that may contain port numbers and appropriately return the port portion. Works with hostnames, IPv4, and IPv6.

get_ports()

Take an Array of items that may contain port numbers and appropriately return the port portion. Works with hostnames, IPv4, and IPv6.

Returns: Array[Strin Array[Strin

h2n

Type: Ruby 3.x API

Takes a single hostname and returns the associated IP address if it can determine it.

If it cannot be determined, simply returns the passed hostname.

h2n()

Takes a single hostname and returns the associated IP address if it can determine it.

If it cannot be determined, simply returns the passed hostname.

Returns: Stri Stri

host_is_me

Type: Ruby 3.x API

Detect if a local system identifier Hostname/IP address is contained in the passed whitespace delimited list.

Whitespace and comma delimiters and passed Arrays are accepted. 127.0.0.1 and ::1 are never matched, use localhost or localhost6 for that if necessary.

host_is_me()

Detect if a local system identifier Hostname/IP address is contained in the passed whitespace delimited list.

Whitespace and comma delimiters and passed Arrays are accepted. 127.0.0.1 and ::1 are never matched, use localhost or localhost6 for that if necessary.

Returns: Variant[String, Arra Variant[String, Arra

inspect

Type: Ruby 3.x API

Prints out Puppet warning messages that display the passed variable.

This is mainly meant for debugging purposes.

inspect()

Prints out Puppet warning messages that display the passed variable.

This is mainly meant for debugging purposes.

Returns: N N

ip_is_me

Type: Ruby 3.x API

Detect if an IP address is contained in the passed whitespace delimited String.

ip_is_me()

Detect if an IP address is contained in the passed whitespace delimited String.

Returns: Boole Boole

ip_to_cron

Type: Ruby 3.x API

Provides a "random" value to cron based on the passed Integer value.

Used to avoid starting a certain cron job at the same time on all servers.

If used with no parameters, it will return a single value between 0-59 first argument is the occurrence within a timeframe, for example if you want it to run 2 times per hour the second argument is the timeframe, by default its 60 minutes, but it could also be 24 hours etc...

Pulled from: http://projects.puppetlabs.com/projects/puppet/wiki/Cron_Patterns/8/diff

• Author: ohadlevy@gmail.com
• License: None

ip_to_cron()

Provides a "random" value to cron based on the passed Integer value.

Used to avoid starting a certain cron job at the same time on all servers.

If used with no parameters, it will return a single value between 0-59 first argument is the occurrence within a timeframe, for example if you want it to run 2 times per hour the second argument is the timeframe, by default its 60 minutes, but it could also be 24 hours etc...

Pulled from: http://projects.puppetlabs.com/projects/puppet/wiki/Cron_Patterns/8/diff

• Author: ohadlevy@gmail.com
• License: None

Returns: Variant[Integer[0,59], Array[Integer[0,59], Integer[0,23]]]

ipaddresses

Type: Ruby 3.x API

Return an Array of all IP addresses known to be associated with the client.

If an argument is passed, and is not false, then only return non-local addresses.

ipaddresses()

Return an Array of all IP addresses known to be associated with the client.

If an argument is passed, and is not false, then only return non-local addresses.

Returns: Array[Strin Array[Strin

join_mount_opts

Type: Ruby 3.x API

Merge two sets of mount options in a reasonable fashion.

The second set will always override the first.

join_mount_opts()

Merge two sets of mount options in a reasonable fashion.

The second set will always override the first.

Returns: Array[Strin Array[Strin

localuser

Type: Ruby 3.x API

Pull a pre-set password from a password list and return an array of user details associated with the passed hostname.

If the password starts with the string $1$ and the length is 34 characters, then it will be assumed to be an MD5 hash to be directly applied to the system.

If the password is in plain text form, then it will be hashed and stored back into the source file for future use. The plain text version will be commented out in the file.

Lines beginning with the # symbol are ignored and commas , are not allowed in usernames or hostnames though any characters are allowed in passwords.

homedir is the home directory of the user and is optional. By default, the system will choose the home directory.

The function will return a String with the following contents:

[attr]<username>,MD5-based password hash with random salt

Hostname Ruby regular expressions are fully supported. The following formats are allowed:

• /regex/opts,
• /regex/,
• regex,
• *.,
• fqdn,

localuser(Stdlib::Absolutepath $filename, Any $hostname)

Pull a pre-set password from a password list and return an array of user details associated with the passed hostname.

If the password starts with the string $1$ and the length is 34 characters, then it will be assumed to be an MD5 hash to be directly applied to the system.

If the password is in plain text form, then it will be hashed and stored back into the source file for future use. The plain text version will be commented out in the file.

Lines beginning with the # symbol are ignored and commas , are not allowed in usernames or hostnames though any characters are allowed in passwords.

homedir is the home directory of the user and is optional. By default, the system will choose the home directory.

The function will return a String with the following contents:

[attr]<username>,MD5-based password hash with random salt

Hostname Ruby regular expressions are fully supported. The following formats are allowed:

• /regex/opts,
• /regex/,
• regex,
• *.,
• fqdn,

Returns: String

filename

Data type: Stdlib::Absolutepath

path to the file containing the local users

hostname

Data type: Any

host that you are trying to match against

mapval

Type: Ruby 3.x API

This function pulls a mapped value from a text file with the format:

<key> | <value>

Only the last value matched will be returned

mapval(String $regex, Stdlib::Absolutepath $filename)

This function pulls a mapped value from a text file with the format:

<key> | <value>

Only the last value matched will be returned

Returns: Stri Stri

regex

Data type: String

Ruby regular expression that will be mapped. Do not add starting ^ or ending $

filename

Data type: Stdlib::Absolutepath

The filename from which to pull the value

nets2cidr

Type: Ruby 3.x API

Take an input Array of networks and returns an equivalent Array in CIDR notation.

It can also accept a String separated by spaces, commas, or semicolons.

nets2cidr(Variant[Array[String], String] $networks)

Take an input Array of networks and returns an equivalent Array in CIDR notation.

It can also accept a String separated by spaces, commas, or semicolons.

Returns: Variant[Array[String], Strin Variant[Array[String], Strin

networks

Data type: Variant[Array[String], String]

nets2ddq

Type: Ruby 3.x API

Take an input Array of networks and returns an equivalent Array in Dotted Quad notation.

It can also accept a String separated by spaces, commas, or semicolons.

nets2ddq(Variant[Array[String], String] $networks)

Take an input Array of networks and returns an equivalent Array in Dotted Quad notation.

It can also accept a String separated by spaces, commas, or semicolons.

Returns: Variant[Array[String], Strin Variant[Array[String], Strin

networks

Data type: Variant[Array[String], String]

parse_hosts

Type: Ruby 3.x API

Take an Array of items that may contain port numbers or protocols and return the host information, ports, and protocols.

Works with Hostnames as well as IPv4 and IPv6 addresses.

NOTE: IPv6 addresses will be returned normalized with square brackets around them for clarity.

parse_hosts()

Take an Array of items that may contain port numbers or protocols and return the host information, ports, and protocols.

Works with Hostnames as well as IPv4 and IPv6 addresses.

NOTE: IPv6 addresses will be returned normalized with square brackets around them for clarity.

Returns: Array[Strin Array[Strin

passgen

Type: Ruby 3.x API

Generates a random password string for a passed identifier.

Uses Puppet[:vardir]/simp/environments/$environment/simp_autofiles/gen_passwd/ as the destination directory.

The minimum length password that this function will return is 6 characters.

Arguments: identifier, ; in that order.

passgen(String $identifier, Hash $modifier_hash)

Generates a random password string for a passed identifier.

Uses Puppet[:vardir]/simp/environments/$environment/simp_autofiles/gen_passwd/ as the destination directory.

The minimum length password that this function will return is 6 characters.

Arguments: identifier, ; in that order.

Returns: Stri Stri

identifier

Data type: String

Unique String to identify the password usage

modifier_hash

Data type: Hash

May contain any of the following options:

• last => false(*) or true

  • Return the last generated password

• length => Integer

  • Length of the new password

• hash => false(*), true, md5, sha256 (true), sha512

  • Return a Hash of the password instead of the password itself.

• complexity => 0(*), 1, 2

  • 0 => Use only Alphanumeric characters in your password (safest)
  • 1 => Add reasonably safe symbols
  • 2 => Printable ASCII

  private options:

• password => contains the string representation of the password to hash (used for testing)

• salt => contains the string literal salt to use (used for testing)

• complex_only => use only the characters explicitly added by the complexity rules (used for testing)

If no, or an invalid, second argument is provided then it will return the currently stored String.

rand_cron

Type: Ruby 3.x API

Provides a 'random' value to cron based on the passed Integer value.

Used to avoid starting a certain cron job at the same time on all servers.

If used with no parameters, it will return a single value between 0-59 first argument is the occurrence within a timeframe, for example if you want it to run 2 times per hour the second argument is the timeframe, by default its 60 minutes, but it could also be 24 hours etc

Based on: http://projects.puppetlabs.com/projects/puppet/wiki/Cron_Patterns/8/diff

• Author: ohadlevy@gmail.com
• License: None Posted

rand_cron(String $modifier, Integer $occurs, Integer $scope)

Provides a 'random' value to cron based on the passed Integer value.

Used to avoid starting a certain cron job at the same time on all servers.

If used with no parameters, it will return a single value between 0-59 first argument is the occurrence within a timeframe, for example if you want it to run 2 times per hour the second argument is the timeframe, by default its 60 minutes, but it could also be 24 hours etc

Based on: http://projects.puppetlabs.com/projects/puppet/wiki/Cron_Patterns/8/diff

• Author: ohadlevy@gmail.com
• License: None Posted

Returns: Variant[Integer[0,59], Array[Integer[0,59], Integer[0,23]]]

modifier

Data type: String

Input range modifier

occurs

Data type: Integer

How many values to return

scope

Data type: Integer

Top range of randomly generated number

simp_version

Type: Ruby 3.x API

Return the version of SIMP that this server is running

simp_version()

Return the version of SIMP that this server is running

Returns: Stri Stri

simplib::assert_metadata

Type: Puppet Language

Fails a compile if the client system is not compatible with the module's metadata.json

`simplib::assert_metadata(String[1] $module_name, Optional[Struct[{

os => Optional[Struct[{
  validate => Optional[Boolean],
  options  => Struct[{
    release_match => Enum['none','full','major']
  }]
}]]

}]] $options = simplib::lookup('simplib::assert_metadata::options', { 'default_value' => undef }))`

Fails a compile if the client system is not compatible with the module's metadata.json

Returns: None

module_name

Data type: String[1]

The name of the module that should be checked

options

Data type: Optional[Struct[{ os => Optional[Struct[{ validate => Optional[Boolean], options => Struct[{ release_match => Enum['none','full','major'] }] }]] }]]

Behavior modifiers for the function

• Can be set using simplib::assert_metadata::options in the lookup stack

Options

• enable => If set to false disable all validation
• os
  • validate => Whether or not to validate the OS settings
  • options
    • release_match
      • none -> No match on minor release (default)
      • full -> Full release must match
      • major -> Only the major release must match

simplib::deprecation

Type: Ruby 4.x API

Function to print deprecation warnings, logging a warning once for a given key.

Messages can be enabled if the SIMPLIB_LOG_DEPRECATIONS environment variable is set to 'true'

simplib::deprecation(String $key, String $message)

Function to print deprecation warnings, logging a warning once for a given key.

Messages can be enabled if the SIMPLIB_LOG_DEPRECATIONS environment variable is set to 'true'

Returns: Nil

key

Data type: String

Uniqueness key, which is used to dedupe messages.

message

Data type: String

Message to be printed, to which file and line information will be appended, if available.

simplib::filtered

Type: Ruby 4.x API

Hiera v5 backend that takes a list of allowed hiera key names, and only returns results from the underlying backend function that match those keys.

This allows hiera data to be delegated to end users in a multi-tenant environment without allowing them the ability to override every hiera data point (and potentially break systems)

simplib::filtered(Hash $options, Puppet::LookupContext $context)

The simplib::filtered function.

Returns: Hash

options

Data type: Hash

context

Data type: Puppet::LookupContext

simplib::filtered(String $key, Hash $options, Puppet::LookupContext $context)

The simplib::filtered function.

Returns: Hash

key

Data type: String

options

Data type: Hash

context

Data type: Puppet::LookupContext

simplib::gen_random_password

Type: Ruby 4.x API

Generates a random password string.

Terminates catalog compilation if the password cannot be created in the allotted time.

simplib::gen_random_password(Integer[8] $length, Optional[Integer[0,2]] $complexity, Optional[Boolean] $complex_only, Optional[Variant[Integer[0],Float[0]]] $timeout_seconds)

Generates a random password string.

Terminates catalog compilation if the password cannot be created in the allotted time.

Returns: String Generated password

Raises:

• RuntimeError if password cannot be created within allotted time

length

Data type: Integer[8]

Length of the new password.

complexity

Data type: Optional[Integer[0,2]]

Specifies the types of characters to be used in the password

• 0 => Use only Alphanumeric characters (safest)
• 1 => Use Alphanumeric characters and reasonably safe symbols
• 2 => Use any printable ASCII characters

complex_only

Data type: Optional[Boolean]

Use only the characters explicitly added by the complexity rules

timeout_seconds

Data type: Optional[Variant[Integer[0],Float[0]]]

Maximum time allotted to generate the password; a value of 0 disables the timeout

simplib::hash_to_opts

Type: Puppet Language

Turn a hash into a options string, for use in a shell command

`simplib::hash_to_opts(Hash[String,Variant[Array,String,Numeric,Boolean,Undef]] $input, Struct[{

Optional[connector] => String[1],
Optional[prefix]    => String[1],
Optional[repeat]    => Enum['comma','repeat'],
Optional[delimiter] => String[1],

}] $opts = {})`

Turn a hash into a options string, for use in a shell command

Returns: String

input

Data type: Hash[String,Variant[Array,String,Numeric,Boolean,Undef]]

Input hash, with Strings as keys and either a String, Array, Numeric, Boolean, or Undef as a value.

opts

Data type: Struct[{ Optional[connector] => String[1], Optional[prefix] => String[1], Optional[repeat] => Enum['comma','repeat'], Optional[delimiter] => String[1], }]

Options hash. It only takes 3 keys, none of them required:

• connector: String that joins each key and value pair. Defaults to '='
• prefix: String that prefixes each key value pair. Defaults to '--'
• delimiter: When a value is an array, the string that is used to deliminate each item. Defaults to ','
• repeat: Whether to return array values as a deliminated string, or by repeating the option with each unique value

simplib::inspect

Type: Puppet Language

Prints the passed variable's Ruby type and value for debugging purposes

This uses a Notify resource to print the information during the client run.

class my_test( String $var1, Hash $var2 ) { simplib::inspect('var1') simplib::inspect('var2') ... }

simplib::inspect(String $var_name, Enum['json','yaml', 'oneline_json'] $output_type = 'json')

Prints the passed variable's Ruby type and value for debugging purposes

This uses a Notify resource to print the information during the client run.

class my_test( String $var1, Hash $var2 ) { simplib::inspect('var1') simplib::inspect('var2') ... }

Returns: None

var_name

Data type: String

The actual name of the variable, fully scoped, as a String

output_type

Data type: Enum['json','yaml', 'oneline_json']

The format that you wish to use to display the output during the run. 'json' and 'yaml' result in multi-line message content. 'oneline_json' results in single-line message content.

simplib::ip_to_cron

Type: Ruby 4.x API

Transforms an IP address to one or more interval values for cron. This can be used to avoid starting a certain cron job at the same time on all servers.

simplib::ip_to_cron(Optional[Integer[1]] $occurs, Optional[Integer[1]] $max_value, Optional[IpToCronAlgorithm] $algorithm, Optional[Simplib::IP] $ip)

Transforms an IP address to one or more interval values for cron. This can be used to avoid starting a certain cron job at the same time on all servers.

Returns: Array[Integer] Array of integers suitable for use in the minute or hour cron field.

occurs

Data type: Optional[Integer[1]]

The occurrence within an interval, i.e., the number of values to be generated for the interval.

max_value

Data type: Optional[Integer[1]]

The maximum value for the interval. The values generated will be in the inclusive range [0, max_value].

algorithm

Data type: Optional[IpToCronAlgorithm]

When 'ip_mod', the modulus of the IP number is used as the basis for the returned values. This algorithm works well to create cron job intervals for multiple hosts, when the number of hosts exceeds the max_value and the hosts have largely, linearly- assigned IP addresses.

When 'sha256', a random number generated using the IP address string is the basis for the returned values. This algorithm works well to create cron job intervals for multiple hosts, when the number of hosts is less than the max_value or the hosts do not have linearly-assigned IP addresses.

ip

Data type: Optional[Simplib::IP]

The IP address to use as the basis for the generated values. When nil, the 'ipaddress' fact (IPv4) is used.

simplib::ipaddresses

Type: Ruby 4.x API

Return an Array of all IP addresses known to be associated with the client, optionally excluding local addresses.

simplib::ipaddresses(Optional[Boolean] $only_remote)

Return an Array of all IP addresses known to be associated with the client, optionally excluding local addresses.

Returns: Array[String] List of IP addresses for the client

only_remote

Data type: Optional[Boolean]

Whether to exclude local addresses from the return value (e.g., '127.0.0.1').

simplib::join_mount_opts

Type: Ruby 4.x API

Merge two sets of mount options in a reasonable fashion, giving precedence to the second set.

simplib::join_mount_opts(Array[String] $system_mount_opts, Array[String] $new_mount_opts)

Merge two sets of mount options in a reasonable fashion, giving precedence to the second set.

Returns: String Merged options string in which new_mount_opts mount options take precedence; options are comma delimited

system_mount_opts

Data type: Array[String]

System mount options

new_mount_opts

Data type: Array[String]

New mount options, which will override system_mount_opts when there are conflicts

simplib::knockout

Type: Puppet Language

uses the knockout prefix of '--' to remove elements from an array.

simplib::knockout(Array $array)

uses the knockout prefix of '--' to remove elements from an array.

Returns: Array Resulting array.

array

Data type: Array

The array to knockout

simplib::ldap::domain_to_dn

Type: Puppet Language

Generates a LDAP Base DN from a domain

simplib::ldap::domain_to_dn(String $domain = $facts['domain'], Boolean $downcase_attributes = false)

Generates a LDAP Base DN from a domain

Returns: String

domain

Data type: String

The domain to convert, defaults to the domain fact

downcase_attributes

Data type: Boolean

Whether to downcase the LDAP attributes

• Different tools have bugs where they cannot, handle both upcased and downcased LDAP attribute elements

simplib::lookup

Type: Ruby 4.x API

A function for falling back to global scope variable lookups when the Puppet 4 lookup() function cannot find a value.

While lookup() will stop at the back-end data sources, simplib::lookup() will check the global scope first to see if the variable has been defined.

This means that you can pre-declare a class and/or use an ENC and look up the variable whether it is declared this way or via Hiera or some other back-end.

simplib::lookup(String $param, Optional[Any] $options)

A function for falling back to global scope variable lookups when the Puppet 4 lookup() function cannot find a value.

While lookup() will stop at the back-end data sources, simplib::lookup() will check the global scope first to see if the variable has been defined.

This means that you can pre-declare a class and/or use an ENC and look up the variable whether it is declared this way or via Hiera or some other back-end.

Returns: Any The value that is found in the system for the passed parameter.

param

Data type: String

The parameter that you wish to look up

options

Data type: Optional[Any]

Hash of options for regular lookup()

• This must follow the syntax rules for the Puppet lookup( [<NAME>], <OPTIONS HASH> ) version of lookup()
• No other formats are supported!

simplib::mock_data

Type: Ruby 4.x API

A mock data function

simplib::mock_data(Hash $options, Puppet::LookupContext $context)

The simplib::mock_data function.

Returns: Any

options

Data type: Hash

context

Data type: Puppet::LookupContext

simplib::mock_data(String $key, Hash $options, Puppet::LookupContext $context)

The simplib::mock_data function.

Returns: Any

key

Data type: String

options

Data type: Hash

context

Data type: Puppet::LookupContext

simplib::module_exist

Type: Ruby 4.x API

Determines if a module exists in the current environment

simplib::module_exist(String[1] $module_name)

Determines if a module exists in the current environment

Returns: Boolean Whether or not the module exists in the current environment

module_name

Data type: String[1]

The module name to check

simplib::nets2cidr

Type: Ruby 4.x API

Take an input list of networks and returns an equivalent Array in CIDR notation.

• Hostnames are passed through untouched.
• Terminates catalog compilation if any input item is not a valid network or hostname.

simplib::nets2cidr(String $network_list)

The simplib::nets2cidr function.

Returns: Array[String] Array of networks in CIDR notation

network_list

Data type: String

List of 1 or more networks separated by spaces, commas, or semicolons

simplib::nets2cidr(Array $networks)

The simplib::nets2cidr function.

Returns: Array[String] Array of networks in CIDR notation

networks

Data type: Array

Array of networks

simplib::nets2ddq

Type: Ruby 4.x API

Tranforms a list of networks into an equivalent array in dotted quad notation.

• CIDR networks are converted to dotted quad notation networks. IP addresses and hostnames are left untouched.
• Terminates catalog compilation if any input item is not a valid network or hostname.

simplib::nets2ddq(Array $networks)

The simplib::nets2ddq function.

Returns: Array[String] Converted input

networks

Data type: Array

The networks to convert

simplib::nets2ddq(String $networks_string)

The simplib::nets2ddq function.

Returns: Array[String] Converted input

networks_string

Data type: String

String containing the list of networks to convert; list elements are separated by spaces, commas or semicolons.

simplib::parse_hosts

Type: Ruby 4.x API

Convert an Array of items that may contain port numbers or protocols into a structured Hash of host information.

• Works with Hostnames as well as IPv4 and IPv6 addresses.

• IPv6 addresses will be returned normalized with square brackets around them for clarity.

• Terminates catalog compilation if

  • A valid network or hostname cannot be extracted from all input items.
  • Any input item that contains a port specifies an invalid port.

simplib::parse_hosts(Array[String[1],1] $hosts)

Convert an Array of items that may contain port numbers or protocols into a structured Hash of host information.

• Works with Hostnames as well as IPv4 and IPv6 addresses.

• IPv6 addresses will be returned normalized with square brackets around them for clarity.

• Terminates catalog compilation if

  • A valid network or hostname cannot be extracted from all input items.
  • Any input item that contains a port specifies an invalid port.

Returns: Hash Structured Hash of the host information

Raises:

• RuntimeError if a valid network or hostname cannot be extracted from all input items
• RuntimeError if any input item that contains a port specifies an invalid port

hosts

Data type: Array[String[1],1]

Array of host entries, where each entry may contain a protocol or both a protocol and port

simplib::passgen

Type: Ruby 4.x API

Generates/retrieves a random password string or its hash for a passed identifier.

• Uses Puppet.settings[:vardir]/simp/environments/$environment/simp_autofiles/gen_passwd/ as the destination directory for password storage.
• The minimum length password that this function will return is 8 characters.
• Terminates catalog compilation if the password storage directory cannot be created/accessed by the Puppet user, the password cannot be created in the allotted time, or files not owned by the Puppet user are present in the password storage directory.

simplib::passgen(String[1] $identifier, Optional[Hash] $modifier_hash)

Generates/retrieves a random password string or its hash for a passed identifier.

• Uses Puppet.settings[:vardir]/simp/environments/$environment/simp_autofiles/gen_passwd/ as the destination directory for password storage.
• The minimum length password that this function will return is 8 characters.
• Terminates catalog compilation if the password storage directory cannot be created/accessed by the Puppet user, the password cannot be created in the allotted time, or files not owned by the Puppet user are present in the password storage directory.

Returns: String Password or password hash specified. If no modifier_hash or an invalid modifier_hash is provided, it will return the currently stored/generated password.

identifier

Data type: String[1]

Unique String to identify the password usage.

modifier_hash

Data type: Optional[Hash]

Options Hash. May include any of the following options:

• last => false(*) or true
  • Return the last generated password
• length => Integer
  • Length of the new password
• hash => false(*), true, md5, sha256 (true), sha512
  • Return a Hash of the password instead of the password itself
• complexity => 0(*), 1, 2

   * `0` => Use only Alphanumeric characters in your password (safest)
   * `1` => Add reasonably safe symbols
   * `2` => Printable ASCII
  

  private options:
• password => contains the string representation of the password to hash (used for testing)
• salt => contains the string literal salt to use (used for testing)
• complex_only => use only the characters explicitly added by the complexity rules (used for testing)

simplib::rand_cron

Type: Ruby 4.x API

Transforms an input string to one or more interval values for cron. This can be used to avoid starting a certain cron job at the same time on all servers.

simplib::rand_cron(String $modifier, RandCronAlgorithm $algorithm, Optional[Integer[1]] $occurs, Optional[Integer[1]] $max_value)

Transforms an input string to one or more interval values for cron. This can be used to avoid starting a certain cron job at the same time on all servers.

Returns: Array[Integer] Array of integers suitable for use in the minute or hour cron field.

modifier

Data type: String

The input string to use as the basis for the generated values.

algorithm

Data type: RandCronAlgorithm

Randomization algorithm to apply to transform the input string.

When 'sha256', a random number generated from the input string via sha256 is used as the basis for the returned values. If the input string is an IP address, this algorithm works well to create cron job intervals for multiple hosts, when the number of hosts is less than the max_value or the hosts do not have linearly-assigned IP addresses.

When 'ip_mod' and the input string is an IP address, the modulus of the numeric IP is used as the basis for the returned values. This algorithm works well to create cron job intervals for multiple hosts, when the number of hosts exceeds the max_value and the hosts have linearly-assigned IP addresses.

When 'ip_mod' and the input string is not an IP address, for backward compatibility, the crc32 of the input string will be used as the basis for the returned values.

When 'crc32', the crc32 of the input string will be used as the basis for the returned values.

occurs

Data type: Optional[Integer[1]]

The occurrence within an interval, i.e., the number of values to be generated for the interval. Defaults to 1.

max_value

Data type: Optional[Integer[1]]

The maximum value for the interval. The values generated will be in the inclusive range [0, max_value]. Defaults to 60 for use in the minute cron field.

simplib::strip_ports

Type: Ruby 4.x API

Extract list of unique hostnames and/or IP addresses from an Array of hosts, each of which may may contain protocols and/or port numbers

Terminates catalog compilation if

• A valid network or hostname cannot be extracted from all input items.
• Any input item that contains a port specifies an invalid port.

simplib::strip_ports(Array[String[1],1] $hosts)

Extract list of unique hostnames and/or IP addresses from an Array of hosts, each of which may may contain protocols and/or port numbers

Terminates catalog compilation if

• A valid network or hostname cannot be extracted from all input items.
• Any input item that contains a port specifies an invalid port.

Returns: Array[String] Non-port portion of hostnames

Raises:

• RuntimeError if any input item that contains a port specifies an invalid port

hosts

Data type: Array[String[1],1]

List of hosts which may contain protocols and port numbers.

simplib::to_integer

Type: Ruby 4.x API

Converts the argument into an Integer.

Terminates catalog compilation if the argument's class does not respond to the to_i() Ruby method.

simplib::to_integer(Any $input)

Converts the argument into an Integer.

Terminates catalog compilation if the argument's class does not respond to the to_i() Ruby method.

Returns: Integer Converted input

input

Data type: Any

The argument to convert into an Integer

simplib::to_string

Type: Ruby 4.x API

Converts the argument into a String.

simplib::to_string(Any $input)

Converts the argument into a String.

Returns: String Converted input

input

Data type: Any

The argument to convert into a String

simplib::validate_array_member

Type: Ruby 4.x API

Validate that an single input is a member of another Array or an Array input is a subset of another Array.

• The comparison can optionally ignore the case of String elements.
• Terminates catalog compilation if validation fails.

simplib::validate_array_member(Variant[SimpleTypes,Array[SimpleTypes]] $input, Array[SimpleTypes] $target, Optional[Enum['i']] $modifier)

Validate that an single input is a member of another Array or an Array input is a subset of another Array.

• The comparison can optionally ignore the case of String elements.
• Terminates catalog compilation if validation fails.

Returns: Nil

Raises:

• RuntimeError if validation fails

input

Data type: Variant[SimpleTypes,Array[SimpleTypes]]

Input to find within the target

target

Data type: Array[SimpleTypes]

modifier

Data type: Optional[Enum['i']]

Modification to be made to the comparison operation. Currently, 'i', string case invariance is the only supported modifier.

simplib::validate_between

Type: Ruby 4.x API

Validate that the first value is between the second and third values numerically. The range is inclusive.

Terminates catalog compilation if validation fails.

simplib::validate_between(Variant[String[1],Numeric] $value, Numeric $min_value, Numeric $max_value)

Validate that the first value is between the second and third values numerically. The range is inclusive.

Terminates catalog compilation if validation fails.

Returns: Nil

Raises:

• RuntimeError if validation fails

value

Data type: Variant[String[1],Numeric]

Value to validate

min_value

Data type: Numeric

Minimum value that is valid

max_value

Data type: Numeric

Maximum value that is valid

simplib::validate_bool

Type: Ruby 4.x API

Validate that all passed values are either true, 'true', false or 'false'.

Terminates catalog compilation if validation fails.

simplib::validate_bool(Variant[String,Boolean] *$values_to_validate)

Validate that all passed values are either true, 'true', false or 'false'.

Terminates catalog compilation if validation fails.

Returns: Nil

Raises:

• RuntimeError if validation fails

*values_to_validate

Data type: Variant[String,Boolean]

One or more values to validate

simplib::validate_deep_hash

Type: Ruby 4.x API

Perform a deep validation on two passed Hashes.

• All keys must be defined in the reference Hash that is being validated against.
• Unknown keys in the Hash being compared will cause a failure in validation
• All values in the final leaves of the 'reference 'Hash' must be a String, Boolean, or nil.
• All values in the final leaves of the Hash being compared must support a to_s() method.
• Terminates catalog compilation if validation fails.

simplib::validate_deep_hash(Hash $reference, Hash $to_check)

Perform a deep validation on two passed Hashes.

• All keys must be defined in the reference Hash that is being validated against.
• Unknown keys in the Hash being compared will cause a failure in validation
• All values in the final leaves of the 'reference 'Hash' must be a String, Boolean, or nil.
• All values in the final leaves of the Hash being compared must support a to_s() method.
• Terminates catalog compilation if validation fails.

Returns: Nil

Raises:

• RuntimeError if validation fails

reference

Data type: Hash

Hash to validate against. Keys at all levels of the hash define the structure of the hash and the value at each final leaf in the hash tree contains a regular expression string, a boolean or nil for value validation:

• When the validation value is a regular expression string, the string representation of the to_check value (from the to_s() method) will be compared to the regular expression contained in the reference string.

• When the validation value is a Boolean, the string representation of the to_check value will be compared with the string representation of the Boolean (as provided by the to_s() method).

• When the validation value is a nil or 'nil', no value validation will be done for the key.

• When the to_check value contains an Array of values for a key, the validation for that key will be applied to each element in that array.

to_check

Data type: Hash

Hash to be validated against the reference

simplib::validate_net_list

Type: Ruby 4.x API

Validate that a passed list (Array or single String) of networks is filled with valid IP addresses, network addresses (CIDR notation), or hostnames.

• Hostnames are checked per RFC 1123.
• Ports appended with # a colon : are allowed for hostnames and individual IP addresses.
• Terminates catalog compilation if validation fails.

simplib::validate_net_list(String $net, Optional[String] $str_match)

The simplib::validate_net_list function.

Returns: Nil

net

Data type: String

Single network to be validated.

str_match

Data type: Optional[String]

Stringified regular expression (regex without the // delimiters)

simplib::validate_net_list(Array[String] $net_list, Optional[String] $str_match)

The simplib::validate_net_list function.

Returns: Nil

net_list

Data type: Array[String]

Array of networks to be validated.

str_match

Data type: Optional[String]

Stringified regular expression (regex without the // delimiters)

simplib::validate_port

Type: Ruby 4.x API

Validates whether each passed argument contains valid port(s).

• Each element of each argument must, numerically, be in the range [1, 65535].
• Terminates catalog compilation if validation fails.

simplib::validate_port(Variant[String[1],Integer,StringOrIntegerArray] *$port_args)

Validates whether each passed argument contains valid port(s).

• Each element of each argument must, numerically, be in the range [1, 65535].
• Terminates catalog compilation if validation fails.

Returns: Nil

Raises:

• RuntimeError if validation fails

*port_args

Data type: Variant[String[1],Integer,StringOrIntegerArray]

Arguments each of which contain either an individual port or an array of ports.

simplib::validate_re_array

Type: Ruby 4.x API

Perform simple validation of a String, or Array of Strings, against one or more regular expressions.

• Derived from the Puppet Labs stdlib validate_re.
• Terminates catalog compilation if validation fails.

simplib::validate_re_array(String $input, String $regex, Optional[String] $err_msg)

The simplib::validate_re_array function.

Returns: Nil

input

Data type: String

String to be validated

regex

Data type: String

Stringified regex expression (regex without the // delimiters)

err_msg

Data type: Optional[String]

Optional error message to emit upon failure

simplib::validate_re_array(String $input, Array $regex_list, Optional[String] $err_msg)

The simplib::validate_re_array function.

Returns: Nil

input

Data type: String

String to be validated

regex_list

Data type: Array

Array of stringified regex expressions ( regexes without the // delimiters)

err_msg

Data type: Optional[String]

Optional error message to emit upon failure

simplib::validate_re_array(Array $inputs, String $regex, Optional[String] $err_msg)

The simplib::validate_re_array function.

Returns: Nil

inputs

Data type: Array

Array of strings to be validated

regex

Data type: String

Stringified regex expression (regex without the // delimiters)

err_msg

Data type: Optional[String]

Optional error message to emit upon failure

simplib::validate_re_array(Array $inputs, Array $regex_list, Optional[String] $err_msg)

The simplib::validate_re_array function.

Returns: Nil

inputs

Data type: Array

Array of strings to be validated

regex_list

Data type: Array

Array of stringified regex expressions ( regexes without the // delimiters)

err_msg

Data type: Optional[String]

Optional error message to emit upon failure

simplib::validate_sysctl_value

Type: Ruby 4.x API

Validate that the passed value is correct for the passed sysctl key.

• If a key is not known, assumes the value is valid.
• Terminates catalog compilation if validation fails.

simplib::validate_sysctl_value(String $key, String $value)

Validate that the passed value is correct for the passed sysctl key.

• If a key is not known, assumes the value is valid.
• Terminates catalog compilation if validation fails.

Returns: Nil

Raises:

• RuntimeError upon validation failure

key

Data type: String

sysctl setting whose value is to be validated

value

Data type: String

Value to be validated

simplib::validate_uri_list

Type: Ruby 4.x API

Validate that a passed list (Array or single String) of URIs is valid according to Ruby's URI parser.

• Caution: No scheme (protocol type) validation is done if the scheme_list parameter is not set.
• Terminates catalog compilation if validation fails.

simplib::validate_uri_list(String[1] $uri, Optional[Array[String]] $scheme_list)

The simplib::validate_uri_list function.

Returns: Nil

uri

Data type: String[1]

URI to be validated.

scheme_list

Data type: Optional[Array[String]]

List of schemes (protocol types) allowed for the URI.

simplib::validate_uri_list(Array[String[1],1] $uri_list, Optional[Array[String]] $scheme_list)

The simplib::validate_uri_list function.

Returns: Nil

uri_list

Data type: Array[String[1],1]

1 or more URIs to be validated.

scheme_list

Data type: Optional[Array[String]]

List of schemes (protocol types) allowed for the URI.

simplib_deprecation

Type: Ruby 3.x API

Function to print deprecation warnings for 3.X functions. The first argument is the uniqueness key, which allows deduping of messages. The second argument is the message to be printed. Messages can be enabled if the SIMPLIB_LOG_DEPRECATIONS environment variable is set to 'true'.

simplib_deprecation()

Function to print deprecation warnings for 3.X functions. The first argument is the uniqueness key, which allows deduping of messages. The second argument is the message to be printed. Messages can be enabled if the SIMPLIB_LOG_DEPRECATIONS environment variable is set to 'true'.

Returns: Nil

slice_array

Type: Ruby 3.x API

Split an Array into an array of arrays that contain groupings of max_length size. This is similar to each_slice in newer versions of Ruby.

slice_array(Array $to_slice, Integer $max_length, String[1,1] $split_char)

Split an Array into an array of arrays that contain groupings of max_length size. This is similar to each_slice in newer versions of Ruby.

Returns: Array[Array[Any] Array[Array[Any]

to_slice

Data type: Array

The array to slice. This will be flattened if necessary.

max_length

Data type: Integer

The maximum length of each slice.

split_char

Data type: String[1,1]

An optional character upon which to count sub-elements as multiples. Only one per subelement is supported.

strip_ports

Type: Ruby 3.x API

Take an Array of items that may contain port numbers and appropriately return the non-port portion. Works with hostnames, IPv4, and IPv6.

strip_ports(Array[String] $hosts)

Take an Array of items that may contain port numbers and appropriately return the non-port portion. Works with hostnames, IPv4, and IPv6.

Returns: Array[Str Array[Str

hosts

Data type: Array[String]

Array of hostnames which may contain port numbers.

to_integer

Type: Ruby 3.x API

Converts the argument into an Integer.

Only works if the passed argument responds to the to_i() Ruby method.

to_integer(Any $input)

Converts the argument into an Integer.

Only works if the passed argument responds to the to_i() Ruby method.

Returns: Any [

input

Data type: Any

The argument to convert into an Integer

to_string

Type: Ruby 3.x API

Converts the argument into a String.

Only works if the passed argument responds to the to_s() Ruby method.

to_string(Any $input)

Converts the argument into a String.

Only works if the passed argument responds to the to_s() Ruby method.

Returns: Any

input

Data type: Any

The argument to convert into a String

validate_array_member

Type: Ruby 3.x API

Validate that the first String (or Array) passed is a member of the second Array passed. An optional third argument of i can be passed, which ignores the case of the objects inside the Array.

validate_array_member()

Validate that the first String (or Array) passed is a member of the second Array passed. An optional third argument of i can be passed, which ignores the case of the objects inside the Array.

Returns: Boolean

validate_array_of_hashes

Type: Ruby 3.x API

Validate that the passed argument is either an empty Array or an Array that only contains Hashes.

validate_array_of_hashes()

Validate that the passed argument is either an empty Array or an Array that only contains Hashes.

Returns: Boolean

validate_between

Type: Ruby 3.x API

Validate that the first value is between the second and third values numerically.

This is a pure Ruby comparison, not a human comparison.

validate_between()

Validate that the first value is between the second and third values numerically.

This is a pure Ruby comparison, not a human comparison.

Returns: Boolean

validate_bool_simp

Type: Ruby 3.x API

Validate that all passed values are either true or false.

Abort catalog compilation if any value fails this check.

Modified from the stdlib validate_bool to handle the strings true and false.

validate_bool_simp()

Validate that all passed values are either true or false.

Abort catalog compilation if any value fails this check.

Modified from the stdlib validate_bool to handle the strings true and false.

Returns: Nil

validate_deep_hash

Type: Ruby 3.x API

Perform a deep validation on two passed Hashes.

The first Hash is the one to validate against, and the second is the one being validated. The first Hash (i.e. the source) exists to define a valid structure and potential regular expression to validate against, or nil top skip an entry.

Arrays of values will match each entry to the given regular expression.

All keys must be defined in the source Hash that is being validated against.

Unknown keys in the Hash being compared will cause a failure in validation

validate_deep_hash()

Perform a deep validation on two passed Hashes.

The first Hash is the one to validate against, and the second is the one being validated. The first Hash (i.e. the source) exists to define a valid structure and potential regular expression to validate against, or nil top skip an entry.

Arrays of values will match each entry to the given regular expression.

All keys must be defined in the source Hash that is being validated against.

Unknown keys in the Hash being compared will cause a failure in validation

Returns: Nil

validate_float

Type: Ruby 3.x API

Validates whether or not the passed argument is a float

validate_float()

Validates whether or not the passed argument is a float

Returns: N N

validate_integer

Type: Ruby 3.x API

Validates that the passed argument is an Integer.

validate_integer()

Validates that the passed argument is an Integer.

Returns: N N

validate_macaddress

Type: Ruby 3.x API

Validate that all passed values are valid MAC addresses.

validate_macaddress()

Validate that all passed values are valid MAC addresses.

Returns: Nil

validate_net_list

Type: Ruby 3.x API

Validate that a passed list (Array or single String) of networks is filled with valid IP addresses or hostnames. Hostnames are checked per RFC 1123. Ports appended with a colon : are allowed.

There is a second, optional argument that is a regex of Strings that should be ignored from the list. Omit the beginning and ending / delimiters.

validate_net_list()

Validate that a passed list (Array or single String) of networks is filled with valid IP addresses or hostnames. Hostnames are checked per RFC 1123. Ports appended with a colon : are allowed.

There is a second, optional argument that is a regex of Strings that should be ignored from the list. Omit the beginning and ending / delimiters.

Returns: Nil

validate_port

Type: Ruby 3.x API

Validates whether or not the passed argument is a valid port (i.e. between 1 - 65535).

validate_port()

Validates whether or not the passed argument is a valid port (i.e. between 1 - 65535).

Returns: N N

validate_re_array

Type: Ruby 3.x API

Perform simple validation of a String, or Array of Strings, against one or more regular expressions. The first argument of this function should be a String to test, and the second argument should be a stringified regular expression (without the // delimiters) or an Array of regular expressions. If none of the regular expressions match the string passed in, compilation will abort with a parse error.

If a third argument is specified, this will be the error message raised and seen by the user.

validate_re_array()

Perform simple validation of a String, or Array of Strings, against one or more regular expressions. The first argument of this function should be a String to test, and the second argument should be a stringified regular expression (without the // delimiters) or an Array of regular expressions. If none of the regular expressions match the string passed in, compilation will abort with a parse error.

If a third argument is specified, this will be the error message raised and seen by the user.

Returns: Nil

validate_sysctl_value

Type: Ruby 3.x API

Validate that the passed value is correct for the passed sysctl key.

If a key is not known, simply returns that the value is valid.

validate_sysctl_value()

Validate that the passed value is correct for the passed sysctl key.

If a key is not known, simply returns that the value is valid.

Returns: Nil

validate_umask

Type: Ruby 3.x API

Validate that the passed String is a valid umask

validate_umask()

Validate that the passed String is a valid umask

Returns: Nil

validate_uri_list

Type: Ruby 3.x API

Usage: validate_uri_list([LIST],[<VALID_SCHEMES>])

Validate that a passed list (Array or single String) of URIs is valid according to Ruby's URI parser.

validate_uri_list()

Usage: validate_uri_list([LIST],[<VALID_SCHEMES>])

Validate that a passed list (Array or single String) of URIs is valid according to Ruby's URI parser.

Returns: Nil

• Fri Jul 27 2018 Trevor Vaughan tvaughan@onyxpoint.com - 3.10.1-0

• Added timeout for changing runlevels based on issues discovered in the field
• Fixed bugs in the EL6 runlevel persistence where, in some cases, the runlevel line might not get written to /etc/inittab

• Wed Jul 18 2018 Lucas Yamanishi lucas.yamanishi@onyxpoint.com - 3.10.1-0

• Add support for Puppet 5
• Add support for Oracle Linux

• Tue Jun 19 2018 Trevor Vaughan tvaughan@onyxpoint.com - 3.10.0-0

• Added a function module_exist that will return whether or not a module exists in the current environment.
• Fixed an issue in the 'runlevel' provider where the actual runlevel would not be changed at execution time

• Thu Jun 14 2018 dforste dforste@users.noreply.github.com - 3.10.0-0

• Fixed bug in cmdline face where duplicate parameters would be ignored
  • Duplicate parameters now turn the value of the parameter into an array

• Fri Jun 01 2018 Trevor Vaughan tvaughan@onyxpoint.com - 3.10.0-0

• Add a 'simplib::install' defined type that allows users to provide a Hash of packages to install along with a Hash of defaults to apply to those packages and override each package configuration if necessary.
  • This was originally created by Nick Miller nick.miller@onyxpoint.com

• Thu May 03 2018 Nick Miller nick.miller@onyxpoint.com - 3.10.0-0

• Add simplib::hash_to_opts which turns a hash into a string. Useful for generating commands.

• Mon Apr 30 2018 Trevor Vaughan tvaughan@onyxpoint.com - 3.9.1-0

• Made the init_ulimit custom type safe for puppet generate types
• Fixed a typo in the composite namevar for init_ulimit
• The following changes allow users to disable reboot notify messages
  • Adds two parameters :log_level and :control_only to the 'reboot_notify' custom type.
    • :log_level => Set the Puppet log level of the generated message
    • :control_only => Indicate that this entry should not be added to the generated file
  • Added a Simplib::PuppetLogLevel Data Type
  • Added a 'reboot_control_metadata' section to the on-system record file
  • Added a simplib::reboot_notify class to allow for ease of global metadata manipulation.
• Fixed file paths that were not Windows compatible
• Improved error handling in reboot_notify and fixed a few small bugs
• Improved some tests

• Fri Jan 19 2018 Trevor Vaughan tvaughan@onyxpoint.com - 3.9.0-0

• Updated the simplib::ldap::domain_to_dn function to allow users to choose whether they want to upcase or downcase the LDAP attributes to work around different system bugs
• Updated min_uid fact for OEL and Scientific Linux
• Updated tests

• Mon Jan 15 2018 Liz Nemsick lnemsick.simp@gmail.com - 3.9.0-0

• Add a 'prelink' fact that indicates whether prelink has been enabled

• Wed Jan 03 2018 Liz Nemsick lnemsick.simp@gmail.com - 3.9.0-0

• Add an 'ipa' fact that provides the IPA domain and server to which a host is connected, when the host is joined to the IPA domain.

• Wed Dec 13 2017 Trevor Vaughan tvaughan@onyxpoint.com - 3.9.0-0

• Added a 'login_defs' structured fact that returns a hash of all values in '/etc/login.defs' with a default 'uid_min' and 'gid_min'

• Fri Dec 08 2017 Chris Tessmer chris.tessmer@onyxpoint.com - 3.9.0-0

• Add data types Simplib::Domain and Simplib::Domainlist
• Re-enabled unit-style data type spec tests for Puppet 4.10

• Wed Nov 15 2017 Liz Nemsick lnemsick.simp@gmail.com - 3.8.0-0

• Disable simplib deprecation warnings by default

• Mon Nov 06 2017 Liz Nemsick lnemsick.simp@gmail.com - 3.8.0-0

• Convert a subset of Puppet 3 functions to Puppet 4 and emit a simplib deprecation warning when the Puppet 3 versions are called:
  • simplib::nets2ddq() replaces deprecated nets2ddq().
  • simplib::validate_array_member() replaces deprecated validate_array_member()
  • simplib::validate_between() replaces deprecated validate_between(). The new version fails validation, instead of returning false. This behavior consistent with both how the method is used by SIMP modules and the error behavior of all other simplib validate functions.
  • simplib::validate_bool() replaces deprecated validate_bool_simp()
  • simplib::validate_deep_hash replaced validate_deep_hash.
• In simplib::validate_deep_hash, fixed validate_deep_hash bug in which unknown keys in the Hash to check were not detected.

• Mon Nov 06 2017 Jason Balicki sakodak@gmail.com - 3.8.0-0

• Fixes split failure when "findmnt" does not exist on Linux

• Thu Oct 26 2017 Liz Nemsick lnemsick.simp@gmail.com - 3.7.0-0

• Add Simplib::Macaddress data type
• Convert a subset of Puppet 3 functions to Puppet 4 and emit a simplib deprecation warning when the Puppet 3 versions are called:
  • simplib::join_mount_opts() replaces deprected join_mount_opts()
  • simplib::nets2cidr() replaces deprecated nets2cidr()
  • simplib::validate_re_array() replaces deprecated validate_re_array()
  • simplib::validate_sysctl_value() replaces deprecated validate_sysctl_value()
• Deprecate validate_umask(), advising the user to convert to the Simplib::Umask data type
• Deprecate validate_macaddresses(), advising the user to convert to the Simplib::Macaddress data type
• Fix bug in which simplib_deprecation() used the wrong environment variable.

• Tue Sep 26 2017 Trevor Vaughan tvaughan@onyxpoint.com - 3.6.0-0

• Convert all 'sysctl' 'kernel.shm*' entries to Strings
  • shmall and shmmax were causing Facter and newer versions of Puppet to crash
  • See FACT-1732 for additional information
• Add Puppet function simplib::assert_metadata_os()
• Add data type Simplib::Puppet::Metadata::OS_support

• Mon Sep 11 2017 Liz Nemsick lnemsick.simp@gmail.com - 3.5.0-0

• Convert a subset of Puppet 3 functions to Puppet 4 and emit a simplib deprecation warning when the Puppet 3 versions are called:
  • simplib::ip_to_cron() replaces deprecated ip_to_cron()
  • simplib::rand_cron() replaces deprecated rand_cron()
• Add algorithm options to simplib::ip_to_cron() and simplib::rand_cron() to allow the user to select the transformation algorithm, instead of defaulting to an IP number modulus, when the entity to be transformed is an IP address. The IP number modulus algorithm produces undesirable clustering when used to randomize IP addresses in a system for which the number of IPs to be transformed is less than the range over which the randomization is requested.

• Tue Aug 15 2017 Liz Nemsick lnemsick.simp@gmail.com - 3.5.0-0

• Add simplib-specific deprecation functions for both Puppet 3 functions (simplib_deprecation()) and Puppet 4 functions (simplib::deprecation()).
• Convert a subset of Puppet 3 functions to Puppet 4 and emit a simplib deprecation warning when the Puppet 3 versions are called:
  • simplib::inspect() replaces deprecated inspect()
  • simplib::ipaddresses() replaces deprecated ipaddresses()
  • simplib::parse_hosts() replaces deprecated parse_hosts()
  • simplib::passgen() replaces deprecated passgen()
  • simplib::strip_ports() replaces deprecated strip_ports()
  • simplib::to_integer() replaces deprecated to_integer()
  • simplib::to_string() replaces deprecated to_string()
  • simplib::validate_uri_list() replaces deprecated validate_uri_list()
  • simplib::validate_net_list() replaces deprecated validate_net_list()
  • simplib::validate_port() replaces deprecated validate_port()
• Add single-line json output option to simplib::inspect()

• Thu Aug 03 2017 Trevor Vaughan tvaughan@onyxpoint.com - 3.5.0-0

• Added a 'simplib::assert_metadata_os' function that will fail the compile if the passed module does not support the operating systems defined in the module's metadata.json.

• Thu Aug 03 2017 Nick Markowski nmarkowski@keywcorp.com - 3.5.0-0

• The fips_ciphers fact returns nil if the openssl binary is not available

• Sun Jul 23 2017 Trevor Vaughan tvaughan@onyxpoint.com - 3.5.0-0

• Updated puppet-strings documentation
• Updated CONTRIBUTING.md

• Tue Jul 18 2017 Dylan Cochran dylan.cochran@onyxpoint.com - 3.5.0-0

• Fix ipv6_enabled fact, so that it is confined only to linux systems

• Tue Jun 13 2017 Nick Markowski nmarkowski@keywcorp.com - 3.4.0-0

• Due to lack of support for knockout_prefix for arrays in older versions of Puppet, simp::knockout functionality has been moved to simplib::knockout because multiple modules are using the function.
• A wrapper has been put around simp::knockout for backwards-compatibility in our code.
• Update puppet requirement in metadata.json

• Sat Jun 10 2017 Dylan Cochran dylan.cochran@onyxpoint.com - 3.4.0-0

• Fix fullrun fact so it's confined to linux systems

• Thu May 18 2017 Nick Miller nick.miller@onyxpoint.com - 3.4.0-0

• Add data type for catalyst package_ensure

• Thu Apr 27 2017 Trevor Vaughan tvaughan@onyxpoint.com - 3.4.0-0

• Added a pre and post stage that wrap around the stdlib stages to ensure that all SIMP components have proper buffers around the rest of the stdlib stages that other users might be using.
• Added a simplib_sysctl fact to provide values that are particularly relevant to SIMP installations.
• Fixed a bug in the puppet_settings fact in the case where facter was run standalone
• Added a 'root_dir_uuid' fact so that it can be compared against the /boot partition in the fips module. Facter used to have a data structure of all mountpoints but it was removed for performance reasons.

• Wed Apr 12 2017 Liz Nemsick lnemsick.simp@gmail.com - 3.4.0-0

• Use the standard ip utility to determine default gateway information, instead of the netstat utility. This removes a dependency on the net-tools package.

• Fri Apr 07 2017 Dylan Cochran dylan.cochran@onyxpoint.com - 3.3.0-0

• Change case of simplib::ldap::domain_to_dn to be upper case

• Fri Apr 07 2017 Trevor Vaughan tvaughan@onyxpoint.com - 3.3.0-0

• Added a 'simplib::inspect' debugging function for dumping parameters during Puppet runs.

• Sun Mar 25 2017 Lucas Yamanishi lucas.yamanishi@onyxpoint.com - 3.2.2-0

• Use PATH lookup for simp_version's rpm call

• Mon Mar 20 2017 Liz Nemsick lnemsick.simp@gmail.com - 3.2.1-0

• move passgen to Puppet[:vardir]

• Thu Mar 15 2017 Dylan Cochran dylan.cochran@onyxpoint.com - 3.2.1-0

  • move passgen to /var/simp

• Wed Mar 01 2017 Ryan Russel-Yates ryan.russel-yates@onyxpoint.com - 3.2.1-0

  • updated Readme

• Fri Jan 27 2017 Nick Miller nick.miller@onyxpoint.com - 3.2.0

• Added openssl_ciphers fact to list avaiable OpenSSL ciphers

• Fri Jan 20 2017 Dylan Cochran dylan.cochran@onyxpoint.com - 3.2.0-0

• Added type for the server distribution of puppet being used

• Fri Jan 13 2017 Trevor Vaughan tvaughan@onyxpoint.com - 3.2.0-0

• Added a simplib::ldap::domain_to_dn function for generating a reasonable Base DN from the domain fact

• Mon Jan 09 2017 Dylan Cochran dylan.cochran@onyxpoint.com - 3.2.0-0

• fixed how passgen generated salts to restrict it to non-special characters

• Mon Jan 02 2017 Trevor Vaughan tvaughan@onyxpoint.com - 3.1.0-0

• Added additional syslog data types and added tests for all syslog data types
  • Syslog::CFacility
  • Syslog::CPriority
  • Syslog::CSeverity

• Sat Dec 24 2016 Trevor Vaughan tvaughan@onyxpoint.com - 3.1.0-0

• Added types to cover entries with Ports
  • Host::Port
  • Hostname::Port
  • Netlist::Port
  • IP::Port
• Added IP::CIDR type

• Tue Dec 20 2016 Nick Miller nick.miller@onyxpoint.com - 3.0.0-0

• NOTE: THIS MODULE CONTAINS NO MORE CLASSES OR MANIFESTS
• Migrated content in manifests and templates to other modules.
  • See SIMP-1679 for details

• Mon Dec 19 2016 Nick Miller nick.miller@onyxpoint.com - 2.1.0-0

• Added new types:
  • SyslogFacility
  • SyslogLevel

• Wed Dec 07 2016 Trevor Vaughan tvaughan@onyxpoint.com - 2.1.0-0

• Added a set of Data Types
  • EmailAddress
  • Host (Single IP or Hostname)
  • Hostname
  • Hostname
  • IP
  • IP::V4
  • IP::V4::CIDR
  • IP::V4::DDQ
  • IP::V4::Port (with port)
  • IP::V6
  • IP::V6::Base (Regular IPv6)
  • IP::V6::Bracketed (IPv6 with Brackets)
  • IP::V6::CIDR
  • IP::V6::Port (with port)
  • Netlist
  • Netlist::IP
  • Netlist::IP::V4
  • Netlist::IP::V6
  • Port (any of the below)
  • Port::Dynamic (49152-65535)
  • Port::Random (0)
  • Port::System (1-1024)
  • Port::User (1025-49151)
  • URI
• Added a simplib::lookup() function that returns a globally scoped variable if it exists before calling the traditional lookup() function.

• Tue Nov 29 2016 Nick Miller nick.miller@onyxpoint.com - 2.0.0-0

• Renamed the file containing the puppet_settings fact to deconflict with puppetlabs/puppetlabs-stdlib. They don't create any facts with the name puppet_settings, so this works for now.

• Mon Nov 21 2016 Chris Tessmer chris.tessmer@onyxpoint.com - 2.0.0-0

• Updated to compliance_markup version 2

• Wed Nov 16 2016 Trevor Vaughan tvaughan@onyxpoint.com - 2.0.0-0

• Rewrite the puppet_settings fact to fix several issues

• Fri Oct 14 2016 Liz Nemsick lnemsick.simp@gmail.com - 2.0.0-0

• Fix errors when validate_net_list uses regex strings and is validating IPv6.

• Thu Oct 13 2016 Nick Markowski nmarkowski@keywcorp.com - 2.0.0-0

• EL 7 machines now default nsswitch hosts to 'files','myhostname','dns' in an attempt to mitigate https://bugs.centos.org/view.php?id=10635

• Wed Oct 12 2016 Trevor Vaughan tvaughan@onyxpoint.com - 2.0.0-0

• Updated to use the version of 'simpcat' that does not conflict with 'puppetlabs/concat'.
• Removed the 'has_clustering' fact since it is no longer used in SIMP
• Added a 'puppet_settings' fact that will provide a hash of all puppet settings on the client system.

• Tue Oct 11 2016 Lucas Yamanishi lucas.yamanishi@onyxpoint.com - 1.3.3-0

• Prior to this named::resolv made reference to Service['named'], causing errors in cases where the named servce was not called "named." This commit changes the reference to Class['named'] to abstract out the service name and any other potential starup quirks.

• Thu Aug 25 2016 Trevor Vaughan tvaughan@onyxpoint.com - 1.3.1-0

• Update to provide the option to pass the 'gid' option to the /proc mount so that a specific group can be allowed to see the full process tree.

• Thu Aug 11 2016 Lucas Yamanishi lucas.yamanishi@onyxpoint.com - 1.3.0-0

• Mitigate CVE-2016-5696 via sysctl

• Fri Jul 29 2016 Trevor Vaughan tvaughan@onyxpoint.com - 1.2.7-0

• Fixed the acceptance tests

• Fri Jul 08 2016 Nick Miller nick.miller@onyxpoint.com - 1.2.6-0

• Updated the readme
• Updated to use the new packaging format

• Mon Jun 27 2016 Nick Miller nick.miller@onyxpoint.com - 1.2.5-0

• Added logic to ensure the tmpwatch package is installed on EL6 systems

• Thu Jun 09 2016 Nick Markowski nmarkowski@keywcorp.com - 1.2.4-0

• Added the gdm_version facts from xwindows and confined it on the existence of the gdm binary.

• Thu Apr 14 2016 Trevor Vaughan tvaughan@onyxpoint.com - 1.2.3-0

• The nsswitch.conf logic has been updated to work properly between SSSD and non-SSSD systems.

• Tue Apr 12 2016 Kendall Moore kendall.moore@onyxpoint.com - 1.2.2-1

• Fixed deprecation warning in custom types

• Mon Mar 21 2016 Nick Markowski nmarkowski@keywcorp.com - 1.2.2-0

• Fixed sssd/ldap logic in nsswitch.conf

• Sat Mar 19 2016 Trevor Vaughan tvaughan@onyxpoint.comm - 1.2.1-0

• Migrated use_simp_pki to a global catalyst.

• Mon Mar 14 2016 Trevor Vaughan tvaughan@onyxpoint.com - 1.2.0-0

• Updated to use SSSD for EL6.7+

• Mon Mar 14 2016 Nick Markowski nmarkowski@keywcorp.com - 1.1.0-1

• Modified nsswitch template to reference private _use_sssd and _use_ldap logic, exclusively.

• Thu Mar 10 2016 Trevor Vaughan tvaughan@onyxpoint.com - 1.1.0-0

• Ensure that the validate_between() function can handle string/integer combinations.
• Add a to_integer() function which converts the passed argument to an integer.
• Converted to Semantic Versioning 2.0.0

• Fri Mar 04 2016 Nick Markowski nmarkowski@keywcorp.com - 1.0.1-4

• Updated the localusers function to be compatible with multiple versions of ruby, and fixed a bug in the return value.

• Mon Feb 29 2016 Trevor Vaughan tvaughan@onyxpoint.com - 1.0.1-3

• Added a to_string() function which simply converts the passed argument to a string. This has been added to both pass linting and allow for the case where you know you need a string and you want to make sure that is known.

• Fri Feb 19 2016 Ralph Wright ralph.wright@onyxpoint.com - 1.0.1-2

• Added compliance function support

• Tue Feb 02 2016 Chris Tessmer chris.tessmer@onyxpoint.com - 1.0.1-1

• Removed os_bugfixes and bugfix1049656.

• Fri Jan 08 2016 Chris Tessmer chris.tessmer@onyxpoint.com - 1.0.1-0

• Confined Linux facts that were causing errors during Windows agent runs

• Thu Dec 24 2015 Trevor Vaughan tvaughan@onyxpoint.com - 1.0.0-3

• Removed the simp_enabled fact as it is not needed.

• Thu Dec 17 2015 Nick Markowski nmarkowski@keywcorp.com - 1.0.0-2

• CCE-18455-6, CCE-3562-6 disable ipv6. Ipv6 remains enabled at the kernel level, but is functionally disabled via sysctl when ipv6_enabled = false.

• Thu Dec 10 2015 Nick Markowski nmarkowski@keywcorp.com - 1.0.0-1

• CCE-4241-6 Single user mode is now password protected.
• Added a simp_enabled fact to return true if the 'simp' class is in the catalog.

• Thu Nov 19 2015 Trevor Vaughan tvaughan@onyxpoint.com - 1.0.0-0

• Added validate_uri_list function
• Ensure that nsswitch works properly for SSSD
• Add sudoers support for SSSD and nsswitch

• Fri Nov 13 2015 Chris Tessmer chris.tessmer@onyxpoint.com - 1.0.0-0

• Imported manifests/ template/ and files/ assets from pupmod-common
• manifests/ assets from pupmod-functions are deprecated and will not be imported
• All tests pass; first version is rolled up

• Tue Oct 13 2015 Chris Tessmer chris.tessmer@onyxpoint.com - 0.1.0-0

• Initial rollup of lib/ assets from legacy modules simp-common and simp-functions