Note that type rewrites network interface files

cdist/conf/explorer/disks

@@ -1,67 +1,27 @@
-#!/bin/sh -e
-#
-# based on previous work by other people, modified by:
-# 2020 Dennis Camera <dennis.camera at ssrq-sds-fds.ch>
-#
-# This file is part of cdist.
-#
-# cdist is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# cdist is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with cdist. If not, see <http://www.gnu.org/licenses/>.
-#
-# Finds disks of the system (excl. ram disks, floppy, cdrom)
+#!/bin/sh
 
 uname_s="$(uname -s)"
 
-case $uname_s in
+case "${uname_s}" in
     FreeBSD)
         sysctl -n kern.disks
     ;;
-    OpenBSD)
-        sysctl -n hw.disknames | grep -Eo '[lsw]d[0-9]+'
-    ;;
-    NetBSD)
-        PATH="${PATH}:/usr/local/sbin:/usr/sbin:/sbin"
-        sysctl -n hw.disknames \
-        | awk 'BEGIN { RS = " " } /^[lsw]d[0-9]+/'
+    OpenBSD|NetBSD)
+        sysctl -n hw.disknames | grep -Eo '[lsw]d[0-9]+' | xargs
     ;;
     Linux)
-        # list of major device numbers toexclude:
-        #  ram disks, floppies, cdroms
-        # https://www.kernel.org/doc/Documentation/admin-guide/devices.txt
-        ign_majors='1 2 11'
-
-        if command -v lsblk >/dev/null 2>&1
+        if command -v lsblk > /dev/null
         then
-            lsblk -e "$(echo "$ign_majors" | tr ' ' ',')" -dno name
-        elif test -d /sys/block/
-        then
-            # shellcheck disable=SC2012
-            ls -1 /sys/block/ \
-            | awk -v ign_majors="$(echo "$ign_majors" | tr ' ' '|')" '
-                {
-                  devfile = "/sys/block/" $0 "/dev"
-                  getline devno < devfile
-                  close(devfile)
-                  if (devno !~ "^(" ign_majors "):") print
-                }'
+            # exclude ram disks, floppies and cdroms
+            # https://www.kernel.org/doc/Documentation/admin-guide/devices.txt
+            lsblk -e 1,2,11 -dno name | xargs
         else
-            echo "Don't know how to list disks on Linux without lsblk and sysfs." >&2
-            echo 'If you can, please submit a patch.'>&2
+            printf "Don't know how to list disks for %s operating system without lsblk, if you can please submit a patch\n" "${uname_s}" >&2
         fi
     ;;
     *)
-        printf "Don't know how to list disks for %s operating system.\n" "${uname_s}" >&2
-        printf 'If you can please submit a patch\n' >&2
+        printf "Don't know how to list disks for %s operating system, if you can please submit a patch\n" "${uname_s}" >&2
     ;;
-esac \
-| xargs
+esac
+
+exit 0

cdist/conf/explorer/init

@@ -1,8 +1,7 @@
-#!/bin/sh -e
+#!/bin/sh
 #
 # 2016 Daniel Heule (hda at sfs.biz)
 # Copyright 2017, Philippe Gregoire <pg@pgregoire.xyz>
-# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
 #
 # This file is part of cdist.
 #
@@ -20,422 +19,21 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 #
-# Returns the name of the init system (PID 1)
-
-# Expected values:
-# Linux:
-#  Adélie Linux:
-#    sysvinit+openrc
-#  Alpine Linux:
-#    busybox-init+openrc
-#  ArchLinux:
-#    systemd, sysvinit
-#  CRUX:
-#    sysvinit
-#  Debian:
-#    systemd, upstart, sysvinit, openrc, ???
-#  Devuan:
-#    sysvinit, sysvinit+openrc
-#  Gentoo:
-#    sysvinit+openrc, openrc-init, systemd
-#  OpenBMC:
-#    systemd
-#  OpenWrt:
-#    procd, init???
-#  RedHat (RHEL, CentOS, Fedora, RedHat Linux, ...):
-#    systemd, upstart, upstart-legacy, sysvinit
-#  Slackware:
-#    sysvinit
-#  SuSE:
-#    systemd, sysvinit
-#  Ubuntu:
-#    systemd, upstart, upstart-legacy, sysvinit
-#  VoidLinux:
-#    runit
+# Returns the process name of pid 1 ( normaly the init system )
+# for example at linux this value is "init" or "systemd" in most cases
 #
-# GNU:
-#   Debian:
-#     sysvinit, hurd-init
-#
-# BSD:
-#  {Free,Open,Net}BSD:
-#    init
-#
-# Mac OS X:
-#   launchd, init+SystemStarter
-#
-# Solaris/Illumos:
-#   smf, init???
 
-# NOTE: init systems can be stacked. This is popular to run OpenRC on top of
-# sysvinit (Gentoo) or busybox-init (Alpine), but can also be used to run runit
-# as a systemd service.  This makes init system detection very complicated
-# (which result is expected?)  This script tries to untangle some combinations,
-# OpenRC on top of sysv or busybox (X+openrc), but will ignore others (runit as
-# a systemd service)
+uname_s="$(uname -s)"
 
-# NOTE: When we have no idea, nothing will be printed!
-
-# NOTE:
-# When trying to gather information about the init system make sure to do so
-# without calling the binary!   On some systems this triggers a reinitialisation
-# of the system which we don't want (e.g. embedded systems).
-
-
-set -e
-
-KERNEL_NAME=$(uname -s)
-
-KNOWN_INIT_SYSTEMS=$(cat <<EOF
-systemd
-sysvinit
-upstart
-runit
-procd
-smf
-launchd
-init
-hurd_init
-systemstarter
-EOF
-)
-
-
-common_candidates_by_kernel() {
-	case $KERNEL_NAME
-	in
-		FreeBSD|NetBSD|OpenBSD)
-			echo init
-			;;
-		Linux)
-			echo systemd
-			echo sysvinit
-			echo upstart
-			;;
-		GNU)
-			echo sysvinit
-			echo hurd-init
-			;;
-		Darwin)
-			echo launchd
-			echo systemstarter
-			;;
-		SunOS)
-			echo smf
-			;;
-	esac
-}
-
-
-## Helpers
-
-trim() {
-	sed -e 's/^[[:blank:]]*//' -e 's/[[:blank:]]*$//' -e '/^[[:blank:]]*$/d'
-}
-
-unique() {
-	# Delete duplicate lines (keeping input order)
-	# NOTE: Solaris AWK breaks without if/print construct.
-	awk '{ if (!x[$0]++) print }'
-}
-
-
-## Check functions
-# These functions are used to verify if a guess is correct by checking some
-# common property of a running system (presence of a directory in /run etc.)
-
-check_busybox_init() (
-	busybox_path=${1:-/bin/busybox}
-	test -x "${busybox_path}" || return 1
-	grep -q 'BusyBox v[0-9]' "${busybox_path}" || return 1
-
-	# It is quite common to use Busybox init to stack other init systemd
-	# (like OpenRC) on top of it. So we check for that, too.
-	if stacked=$(check_openrc)
-	then
-		echo "busybox-init+${stacked}"
-	else
-		echo busybox-init
-	fi
-)
-
-check_hurd_init() (
-	init_exe=${1:-/hurd/init}
-	test -x "${init_exe}" || return 1
-	grep -q 'GNU Hurd' "${init_exe}" || return 1
-	echo hurd-init
-)
-
-check_init() {
-	# Checks for various BSD inits...
-	test -x /sbin/init || return 1
-
-	if grep -q -E '(Free|Net|Open)BSD' /sbin/init
-	then
-		echo init
-		return 0
-	fi
-}
-
-check_launchd() {
-	command -v launchctl >/dev/null 2>&1 || return 1
-	launchctl getenv PATH >/dev/null || return 1
-	echo launchd
-}
-
-check_openrc() {
-	test -f /run/openrc/softlevel || return 1
-	echo openrc
-}
-
-check_procd() (
-	procd_path=${1:-/sbin/procd}
-	test -x "${procd_path}" || return 1
-	grep -q 'procd' "${procd_path}" || return 1
-	echo procd
-)
-
-check_runit() {
-	test -d /run/runit || return 1
-	echo runit
-}
-
-check_smf() {
-	# XXX: Is this the correct way??
-	test -f /etc/svc/volatile/svc_nonpersist.db || return 1
-	echo smf
-}
-
-check_systemd() {
-	# NOTE: sd_booted(3)
-	test -d /run/systemd/system/ || return 1
-	# systemctl --version | sed -e '/^systemd/!d;s/^systemd //'
-	echo systemd
-}
-
-check_systemstarter() {
-	test -d /System/Library/StartupItems/ || return 1
-	test -f /System/Library/StartupItems/LoginWindow/StartupParameters.plist || return 1
-	echo init+SystemStarter
-}
-
-check_sysvinit() (
-	init_path=${1:-/sbin/init}
-	grep -q 'INIT_VERSION=sysvinit-[0-9.]*' "${init_path}" || return 1
-
-	# It is quite common to use SysVinit to stack other init systemd
-	# (like OpenRC) on top of it. So we check for that, too.
-	if stacked=$(check_openrc)
-	then
-		echo "sysvinit+${stacked}"
-	else
-		echo sysvinit
-	fi
-	unset stacked
-)
-
-check_upstart() {
-	test -x "$(command -v initctl)" || return 1
-	case $(initctl version)
-	in
-		*'(upstart '*')')
-			if test -d /etc/init
-			then
-				# modern (DBus-based?) upstart >= 0.5
-				echo upstart
-			elif test -d /etc/event.d
-			then
-				# ancient upstart
-				echo upstart-legacy
-			else
-				# whatever...
-				echo upstart
-			fi
-			;;
-		*)
-			return 1
-			;;
-	esac
-}
-
-find_init_procfs() (
-	# First, check if the required file in procfs exists...
-	test -h /proc/1/exe || return 1
-
-	# Find init executable
-	init_exe=$(ls -l /proc/1/exe 2>/dev/null) || return 1
-	init_exe=${init_exe#* -> }
-
-	if ! test -x "$init_exe"
-	then
-		# On some rare occasions it can happen that the
-		# running init's binary has been replaced. In this
-		# case Linux adjusts the symlink to "X (deleted)"
-
-		# [root@fedora-12 ~]# readlink /proc/1/exe
-		# /sbin/init (deleted)
-		# [root@fedora-12 ~]# ls -l /proc/1/exe
-		# lrwxrwxrwx. 1 root root 0 2020-01-30 23:00 /proc/1/exe -> /sbin/init (deleted)
-
-		init_exe=${init_exe% (deleted)}
-		test -x "$init_exe" || return 1
-	fi
-
-	echo "${init_exe}"
-)
-
-guess_by_path() {
-	case $1
-	in
-		/bin/busybox)
-			check_busybox_init "$1" && return
-			;;
-		/lib/systemd/systemd)
-			check_systemd "$1" && return
-			;;
-		/hurd/init)
-			check_hurd_init "$1" && return
-			;;
-		/sbin/launchd)
-			check_launchd "$1" && return
-			;;
-		/usr/bin/runit|/sbin/runit)
-			check_runit "$1" && return
-			;;
-		/sbin/openrc-init)
-			if check_openrc "$1" >/dev/null
-			then
-				echo openrc-init
-				return
-			fi
-			;;
-		/sbin/procd)
-			check_procd "$1" && return
-			;;
-		/sbin/init|*/init)
-			# init: it could be anything -> (explicit) no match
-			return 1
-			;;
-	esac
-
-	# No match
-	return 1
-}
-
-guess_by_comm_name() {
-	case $1
-	in
-		busybox)
-			check_busybox_init && return
-			;;
-		openrc-init)
-			if check_openrc >/dev/null
-			then
-				echo openrc-init
-				return 0
-			fi
-			;;
-		init)
-			# init could be anything -> no match
-			return 1
-			;;
-		*)
-			# Run check function by comm name if available.
-			# Fall back to comm name if either it does not exist or
-			# returns non-zero.
-			if type "check_$1" >/dev/null
-			then
-				"check_$1" && return
-			else
-				echo "$1" ; return 0
-			fi
-	esac
-
-	return 1
-}
-
-check_list() (
-	# List must be a multi-line input on stdin (one name per line)
-	while read -r init
-	do
-		"check_${init}" || continue
-		return 0
-	done
-	return 1
-)
-
-
-# BusyBox's versions of ps and pgrep do not support some options
-# depending on which compile-time options have been used.
-
-find_init_pgrep() {
-	pgrep -P0 -fl 2>/dev/null | awk -F '[[:blank:]]' '$1 == 1 { print $2 }'
-}
-
-find_init_ps() {
-	case $KERNEL_NAME
-	in
-		Darwin)
-			ps -o command -p 1 2>/dev/null | tail -n +2
-			;;
-		FreeBSD)
-			ps -o args= -p 1 2>/dev/null | cut -d ' ' -f 1
-			;;
-		Linux)
-			ps -o comm= -p 1 2>/dev/null
-			;;
-		NetBSD)
-			ps -o comm= -p 1 2>/dev/null
-			;;
-		OpenBSD)
-			ps -o args -p 1 2>/dev/null | tail -n +2 | cut -d ' ' -f 1
-			;;
-		*)
-			ps -o args= -p 1 2>/dev/null
-			;;
-	esac | trim  # trim trailing whitespace (some ps like Darwin add it)
-}
-
-find_init() {
-	case $KERNEL_NAME
-	in
-		Linux|GNU|NetBSD)
-			find_init_procfs || find_init_pgrep || find_init_ps
-			;;
-		FreeBSD)
-			find_init_procfs || find_init_ps
-			;;
-		OpenBSD)
-			find_init_pgrep || find_init_ps
-			;;
-		Darwin|SunOS)
-			find_init_ps
-			;;
-		*)
-			echo "Don't know how to determine init." >&2
-			echo 'Please send a patch.' >&2
-			exit 1
-	esac
-}
-
-# -----
-
-init=$(find_init)
-
-# If we got a path, guess by the path first (fall back to file name if no match)
-# else guess by file name directly.
-# shellcheck disable=SC2015
-{
-	test -x "${init}" \
-		&& guess_by_path "${init}" \
-		|| guess_by_comm_name "$(basename "${init}")"
-} && exit 0 || true
-
-
-# Guessing based on the file path and name didn’t lead to a definitive result.
-#
-# We go through all of the checks until we find a match. To speed up the
-# process, common cases will be checked first based on the underlying kernel.
-
-{ common_candidates_by_kernel; echo "${KNOWN_INIT_SYSTEMS}"; } \
-	| unique | check_list
+case "$uname_s" in
+    Linux)
+        (pgrep -P0 -l | awk '/^1[ \t]/ {print $2;}') || true
+    ;;
+    FreeBSD|OpenBSD)
+        ps -o comm= -p 1 || true
+    ;;
+    *)
+        # return a empty string as unknown value
+        echo ""
+    ;;
+esac

cdist/conf/explorer/os_release

@@ -1,7 +1,6 @@
 #!/bin/sh
 #
 # 2018 Adam Dej (dejko.a at gmail.com)
-# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
 #
 # This file is part of cdist.
 #
@@ -22,17 +21,6 @@
 
 # See os-release(5) and http://0pointer.de/blog/projects/os-release
 
-if test -f /etc/os-release
-then
-	# Linux and FreeBSD (usually a symlink)
-	cat /etc/os-release
-elif test -f /usr/lib/os-release
-then
-	# systemd
-	cat /usr/lib/os-release
-elif test -f /var/run/os-release
-then
-	# FreeBSD (created by os-release service)
-	cat /var/run/os-release
-fi
+set +e
 
+cat /etc/os-release || cat /usr/lib/os-release || true

cdist/conf/explorer/os_version

@@ -70,7 +70,4 @@ case "$("$__explorer/os")" in
    ubuntu)
       lsb_release -sr
    ;;
-   alpine)
-       cat /etc/alpine-release
-   ;;
-esac
+esac

cdist/conf/type/__consul_agent/man.rst

@@ -116,9 +116,6 @@ verify-incoming
 verify-outgoing
    enforce the use of TLS and verify the peers authenticity on outgoing connections
 
-use-distribution-package
-   uses distribution package instead of upstream binary
-
 
 EXAMPLES
 --------

cdist/conf/type/__consul_agent/manifest

@@ -2,7 +2,6 @@
 #
 # 2015 Steven Armstrong (steven-cdist at armstrong.cc)
 # 2015-2019 Nico Schottelius (nico-cdist at schottelius.org)
-# 2019 Timothée Floure (timothee.floure at ungleich.ch)
 #
 # This file is part of cdist.
 #
@@ -20,75 +19,133 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 
+
 os=$(cat "$__global/explorer/os")
 
-###
-# Type parameters.
+case "$os" in
+   alpine|scientific|centos|debian|devuan|redhat|ubuntu)
+      # whitelist safeguard
+      :
+   ;;
+   *)
+      echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
+      echo "Please contribute an implementation for it if you can." >&2
+      exit 1
+   ;;
+esac
 
 state="$(cat "$__object/parameter/state")"
 user="$(cat "$__object/parameter/user")"
 group="$(cat "$__object/parameter/group")"
-release=$(cat "$__global/explorer/lsb_release")
-if [ -f "$__object/parameter/use-distribution-package" ]; then
-  use_distribution_package=1
-fi
-
-###
-# Those are default that might be overriden by os-specific logic.
-
 data_dir="/var/lib/consul"
 conf_dir="/etc/consul/conf.d"
 conf_file="config.json"
-tls_dir="$conf_dir/tls"
 
-###
-# Sane deployment, based on distribution package when available.
+# FIXME: there has got to be a better way to handle the dependencies in this case
+case "$state" in
+   present)
+      __group "$group" --system --state "$state"
+      require="__group/$group" \
+         __user "$user" --system --gid "$group" \
+            --home "$data_dir" --state "$state"
+      export require="__user/consul"
+   ;;
+   absent)
+      echo "Sorry, state=absent currently not supported :-(" >&2
+      exit 1
+      require="$__object_name" \
+         __user "$user" --system --gid "$group" --state "$state"
+      require="__user/$user" \
+         __group "$group" --system --state "$state"
+   ;;
+esac
 
-distribution_setup () {
-  case "$os" in
-     debian)
-       # consul is only available starting Debian 10 (buster).
-       # See https://packages.debian.org/buster/consul
-       if [ "$release" -lt 10 ]; then
-         echo "Consul is not available for your debian release." >&2
-         echo "Please use the 'manual' (i.e. non-package) installation or \
-           upgrade the target system." >&2
-         exit 1
-       fi
+__directory /etc/consul \
+   --owner root --group "$group" --mode 750 --state "$state"
+require="__directory/etc/consul" \
+   __directory "$conf_dir" \
+      --owner root --group "$group" --mode 750 --state "$state"
 
-       # Override previously defined environment to match debian packaging.
-       conf_dir='/etc/consul.d'
-       user='consul'
-       group='consul'
-     ;;
-     alpine)
-       # consul is only available starting Alpine 3.12 (= edge during the 3.11 cycle).
-       # See https://pkgs.alpinelinux.org/packages?name=consul&branch=edge
+if [ -f "$__object/parameter/ca-file-source" ] || [ -f "$__object/parameter/cert-file-source" ] || [ -f "$__object/parameter/key-file-source" ]; then
+   # create directory for ssl certs
+   require="__directory/etc/consul" \
+      __directory /etc/consul/ssl \
+         --owner root --group "$group" --mode 750 --state "$state"
+fi
 
-       # Override previously defined environment to match alpine packaging.
-       conf_dir='/etc/consul'
-       conf_file='server.json'
-       data_dir='/var/consul'
-       user='consul'
-       group='consul'
-     ;;
-     *)
-        echo "Your operating system ($os) is currently not supported with the \
-          --use-distribution-package flag (${__type##*/})." >&2
-        echo "Please use non-package installation or contribute an \
-          implementation for if you can." >&2
-        exit 1
-     ;;
-  esac
+__directory "$data_dir" \
+   --owner "$user" --group "$group" --mode 770 --state "$state"
 
-  # Install consul package.
-  __package consul --state "$state"
 
-  export config_deployment_requires="__package/consul"
-}
+# Generate json config file
+(
+echo "{"
 
-###
-# LEGACY manual deployment, kept for compatibility reasons.
+# parameters we define ourself
+printf '   "data_dir": "%s"\n' "$data_dir"
+
+cd "$__object/parameter/"
+for param in *; do
+   case "$param" in
+      state|user|group|json-config) continue ;;
+      ca-file-source|cert-file-source|key-file-source)
+         source="$(cat "$__object/parameter/$param")"
+         destination="/etc/consul/ssl/${source##*/}"
+         require="__directory/etc/consul/ssl" \
+            __file "$destination" \
+               --owner root --group consul --mode 640 \
+               --source "$source" \
+               --state "$state"
+         key="$(echo "${param%-*}" | tr '-' '_')"
+         printf '   ,"%s": "%s"\n' "$key" "$destination"
+      ;;
+      disable-remote-exec|disable-update-check|leave-on-terminate|rejoin-after-leave|server|enable-syslog|verify-incoming|verify-outgoing)
+         # handle boolean parameters
+         key="$(echo "$param" | tr '-' '_')"
+         printf '   ,"%s": true\n' "$key"
+      ;;
+      retry-join)
+         # join multiple parameters into json array
+         retry_join="$(awk '{printf "\""$1"\","}' "$__object/parameter/retry-join")"
+         # remove trailing ,
+         printf '   ,"retry_join": [%s]\n' "${retry_join%*,}"
+      ;;
+      retry-join-wan)
+         # join multiple parameters into json array over wan
+         retry_join_wan="$(awk '{printf "\""$1"\","}' "$__object/parameter/retry-join-wan")"
+         # remove trailing ,
+         printf '   ,"retry_join_wan": [%s]\n' "${retry_join_wan%*,}"
+      ;;
+      bootstrap-expect)
+         # integer key=value parameters
+         key="$(echo "$param" | tr '-' '_')"
+         printf '   ,"%s": %s\n' "$key" "$(cat "$__object/parameter/$param")"
+      ;;
+      *)
+         # string key=value parameters
+         key="$(echo "$param" | tr '-' '_')"
+         printf '   ,"%s": "%s"\n' "$key" "$(cat "$__object/parameter/$param")"
+      ;;
+   esac
+done
+if [ -f "$__object/parameter/json-config" ]; then
+   json_config="$(cat "$__object/parameter/json-config")"
+   if [ "$json_config" = "-" ]; then
+      json_config="$__object/stdin"
+   fi
+   # remove leading and trailing whitespace and commas from first and last line
+   # indent each line with 3 spaces for consistency
+   json=$(sed -e 's/^[ \t]*/   /' -e '1s/^[ \t,]*//' -e '$s/[ \t,]*$//' "$json_config")
+   printf '   ,%s\n' "$json"
+fi
+echo "}"
+) | \
+require="__directory${conf_dir}" \
+   __config_file "${conf_dir}/${conf_file}" \
+      --owner root --group "$group" --mode 640 \
+      --state "$state" \
+      --onchange 'service consul status >/dev/null && service consul reload || true' \
+      --source -
 
 init_sysvinit()
 {
@@ -122,186 +179,47 @@ init_upstart()
     require="__file/etc/init/consul.conf" __start_on_boot consul
 }
 
-manual_setup () {
-  case "$os" in
-     alpine|scientific|centos|debian|devuan|redhat|ubuntu)
-        # whitelist safeguard
-        :
-     ;;
-     *)
-        echo "Your operating system ($os) is currently not supported by this \
-          type (${__type##*/})." >&2
-        echo "Please contribute an implementation for it if you can." >&2
-        exit 1
-     ;;
-  esac
-
-  # FIXME: there has got to be a better way to handle the dependencies in this case
-  case "$state" in
-     present)
-        __group "$group" --system --state "$state"
-        require="__group/$group" __user "$user" \
-          --system --gid "$group" --home "$data_dir" --state "$state"
-     ;;
-     *)
-        echo "The $state state is not (yet?) supported by this type." >&2
-        exit 1
-     ;;
-  esac
-
-  # Create data directory.
-  require="__user/consul" __directory "$data_dir" \
-    --owner "$user" --group "$group" --mode 770 --state "$state"
-
-  # Create config directory.
-  require="__user/consul" __directory "$conf_dir" \
-    --parents --owner root --group "$group" --mode 750 --state "$state"
-
-  # Install init script to start on boot
-  case "$os" in
-      devuan)
-          init_sysvinit debian
-          ;;
-      centos|redhat)
-          os_version="$(sed 's/[^0-9.]//g' "$__global/explorer/os_version")"
-          major_version="${os_version%%.*}"
-          case "$major_version" in
-              [456])
-                  init_sysvinit redhat
-                  ;;
-              7)
-                  init_systemd
-                  ;;
-              *)
-                  echo "Unsupported CentOS/Redhat version: $os_version" >&2
-                  exit 1
-                  ;;
-          esac
-          ;;
-
-      debian)
-          os_version=$(cat "$__global/explorer/os_version")
-          major_version="${os_version%%.*}"
-
-          case "$major_version" in
-              [567])
-                  init_sysvinit debian
-              ;;
-              [89]|10)
-                  init_systemd
-              ;;
-              *)
-                  echo "Unsupported Debian version $os_version" >&2
-                  exit 1
-              ;;
-          esac
-          ;;
-
-      ubuntu)
-          init_upstart
-          ;;
-  esac
-
-  config_deployment_requires="__user/consul __directory/$conf_dir"
-}
-
-###
-# Trigger requested installation method.
-if [ $use_distribution_package ]; then
-  distribution_setup
-else
-  manual_setup
-fi
-
-###
-# Install TLS certificates.
-
-if [ -f "$__object/parameter/ca-file-source" ] || \
-   [ -f "$__object/parameter/cert-file-source" ] || \
-   [ -f "$__object/parameter/key-file-source" ]; then
-
-   requires="$config_deployment_requires" __directory $tls_dir \
-     --owner root --group "$group" --mode 750 --state "$state"
-
-   # Append to service restart requirements.
-   restart_requires="$restart_requires __directory/$conf_dir/tls"
-fi
-
-###
-# Generate and deploy configuration.
-
-json_configuration=$(
-  echo "{"
-
-  # parameters we define ourself
-  printf '   "data_dir": "%s"\n' "$data_dir"
-
-  cd "$__object/parameter/"
-  for param in *; do
-     case "$param" in
-        state|user|group|json-config|use-distribution-package) continue ;;
-        ca-file-source|cert-file-source|key-file-source)
-           source="$(cat "$__object/parameter/$param")"
-           destination="$tls_dir/${source##*/}"
-           require="__directory/$tls_dir" \
-              __file "$destination" \
-                 --owner root --group consul --mode 640 \
-                 --source "$source" \
-                 --state "$state"
-           key="$(echo "${param%-*}" | tr '-' '_')"
-           printf '   ,"%s": "%s"\n' "$key" "$destination"
+# Install init script to start on boot
+case "$os" in
+    devuan)
+        init_sysvinit debian
         ;;
-        disable-remote-exec|disable-update-check|leave-on-terminate\
-          |rejoin-after-leave|server|enable-syslog|verify-incoming|verify-outgoing)
-           # handle boolean parameters
-           key="$(echo "$param" | tr '-' '_')"
-           printf '   ,"%s": true\n' "$key"
+    centos|redhat)
+        os_version="$(sed 's/[^0-9.]//g' "$__global/explorer/os_version")"
+        major_version="${os_version%%.*}"
+        case "$major_version" in
+            [456])
+                init_sysvinit redhat
+                ;;
+            7)
+                init_systemd
+                ;;
+            *)
+                echo "Unsupported CentOS/Redhat version: $os_version" >&2
+                exit 1
+                ;;
+        esac
         ;;
-        retry-join)
-           # join multiple parameters into json array
-           retry_join="$(awk '{printf "\""$1"\","}' "$__object/parameter/retry-join")"
-           # remove trailing ,
-           printf '   ,"retry_join": [%s]\n' "${retry_join%*,}"
-        ;;
-        retry-join-wan)
-           # join multiple parameters into json array over wan
-           retry_join_wan="$(awk '{printf "\""$1"\","}' "$__object/parameter/retry-join-wan")"
-           # remove trailing ,
-           printf '   ,"retry_join_wan": [%s]\n' "${retry_join_wan%*,}"
-        ;;
-        bootstrap-expect)
-           # integer key=value parameters
-           key="$(echo "$param" | tr '-' '_')"
-           printf '   ,"%s": %s\n' "$key" "$(cat "$__object/parameter/$param")"
-        ;;
-        *)
-           # string key=value parameters
-           key="$(echo "$param" | tr '-' '_')"
-           printf '   ,"%s": "%s"\n' "$key" "$(cat "$__object/parameter/$param")"
-        ;;
-     esac
-  done
-  if [ -f "$__object/parameter/json-config" ]; then
-     json_config="$(cat "$__object/parameter/json-config")"
-     if [ "$json_config" = "-" ]; then
-        json_config="$__object/stdin"
-     fi
-     # remove leading and trailing whitespace and commas from first and last line
-     # indent each line with 3 spaces for consistency
-     json=$(sed -e 's/^[ \t]*/   /' -e '1s/^[ \t,]*//' -e '$s/[ \t,]*$//' "$json_config")
-     printf '   ,%s\n' "$json"
-  fi
-  echo "}"
-)
-echo "$json_configuration" | require="$config_deployment_requires" \
-  __file "$conf_dir/$conf_file" \
-      --owner root --group "$group" --mode 640 \
-      --state "$state" \
-      --source -
 
-# Set configuration deployment as requirement for service restart.
-restart_requires="__file/$conf_dir/$conf_file"
+    debian)
+        os_version=$(cat "$__global/explorer/os_version")
+        major_version="${os_version%%.*}"
 
-###
-# Restart consul agent after everything else.
-require="$restart_requires" __service consul --action restart
+        case "$major_version" in
+            [567])
+                init_sysvinit debian
+            ;;
+            [89])
+                init_systemd
+            ;;
+            *)
+                echo "Unsupported Debian version $os_version" >&2
+                exit 1
+            ;;
+        esac
+        ;;
+
+    ubuntu)
+        init_upstart
+        ;;
+esac

cdist/conf/type/__consul_agent/parameter/boolean

@@ -6,4 +6,3 @@ server
 enable-syslog
 verify-incoming
 verify-outgoing
-use-distribution-package

cdist/conf/type/__consul_check/explorer/conf-dir

@@ -1 +0,0 @@
-../../__consul_service/explorer/conf-dir

cdist/conf/type/__consul_check/manifest

@@ -19,7 +19,7 @@
 #
 
 name="$(cat "$__object/parameter/name" 2>/dev/null || echo "$__object_id")"
-conf_dir=$(cat "$__object/explorer/conf-dir")
+conf_dir="/etc/consul/conf.d"
 conf_file="check_${name}.json"
 state="$(cat "$__object/parameter/state")"
 

cdist/conf/type/__consul_service/explorer/conf-dir

@@ -1,15 +0,0 @@
-# Determine the configuration directory used by consul.
-
-check_dir () {
-  if [ -d "$1" ]; then
-    printf '%s' "$1"
-    exit
-  fi
-}
-
-check_dir '/etc/consul/conf.d'
-check_dir '/etc/consul.d'
-check_dir '/etc/consul'
-
-echo 'Could not determine consul configuration dir. Exiting.' >&2
-exit 1

cdist/conf/type/__consul_service/manifest

@@ -19,7 +19,7 @@
 #
 
 name="$(cat "$__object/parameter/name" 2>/dev/null || echo "$__object_id")"
-conf_dir=$(cat "$__object/explorer/conf-dir")
+conf_dir="/etc/consul/conf.d"
 conf_file="service_${name}.json"
 state="$(cat "$__object/parameter/state")"
 
@@ -45,7 +45,7 @@ printf '      "name": "%s"\n' "$name"
 cd "$__object/parameter/"
 for param in *; do
    case "$param" in
-      state|name|check-interval|conf-dir) continue ;;
+      state|name|check-interval) continue ;;
       check-script)
          printf '     ,"check": {\n'
          printf '         "script": "%s"\n' "$(cat "$__object/parameter/check-script")"
@@ -86,6 +86,7 @@ echo "   }"
 # end json file
 echo "}"
 ) | \
+require="__directory${conf_dir}" \
    __config_file "${conf_dir}/${conf_file}" \
       --owner root --group consul --mode 640 \
       --state "$state" \

cdist/conf/type/__consul_watch_checks/explorer/conf-dir

@@ -1 +0,0 @@
-../../__consul_service/explorer/conf-dir

cdist/conf/type/__consul_watch_checks/manifest

@@ -20,7 +20,7 @@
 
 cdist_type="${__type##*/}"
 watch_type="${cdist_type##*_}"
-conf_dir=$(cat "$__object/explorer/conf-dir")
+conf_dir="/etc/consul/conf.d"
 conf_file="watch_${watch_type}_${__object_id}.json"
 state="$(cat "$__object/parameter/state")"
 

cdist/conf/type/__consul_watch_event/explorer/conf-dir

@@ -1 +0,0 @@
-../../__consul_service/explorer/conf-dir

cdist/conf/type/__consul_watch_event/manifest

@@ -20,7 +20,7 @@
 
 cdist_type="${__type##*/}"
 watch_type="${cdist_type##*_}"
-conf_dir=$(cat "$__object/explorer/conf-dir")
+conf_dir="/etc/consul/conf.d"
 conf_file="watch_${watch_type}_${__object_id}.json"
 state="$(cat "$__object/parameter/state")"
 

cdist/conf/type/__consul_watch_key/explorer/conf-dir

@@ -1 +0,0 @@
-../../__consul_service/explorer/conf-dir

cdist/conf/type/__consul_watch_key/manifest

@@ -20,7 +20,7 @@
 
 cdist_type="${__type##*/}"
 watch_type="${cdist_type##*_}"
-conf_dir=$(cat "$__object/explorer/conf-dir")
+conf_dir="/etc/consul/conf.d"
 conf_file="watch_${watch_type}_${__object_id}.json"
 state="$(cat "$__object/parameter/state")"
 

cdist/conf/type/__consul_watch_keyprefix/explorer/conf-dir

@@ -1 +0,0 @@
-../../__consul_service/explorer/conf-dir

cdist/conf/type/__consul_watch_keyprefix/manifest

@@ -20,7 +20,7 @@
 
 cdist_type="${__type##*/}"
 watch_type="${cdist_type##*_}"
-conf_dir=$(cat "$__object/explorer/conf-dir")
+conf_dir="/etc/consul/conf.d"
 conf_file="watch_${watch_type}_${__object_id}.json"
 state="$(cat "$__object/parameter/state")"
 

cdist/conf/type/__consul_watch_nodes/explorer/conf-dir

@@ -1 +0,0 @@
-../../__consul_service/explorer/conf-dir

cdist/conf/type/__consul_watch_nodes/manifest

@@ -20,7 +20,7 @@
 
 cdist_type="${__type##*/}"
 watch_type="${cdist_type##*_}"
-conf_dir=$(cat "$__object/explorer/conf-dir")
+conf_dir="/etc/consul/conf.d"
 conf_file="watch_${watch_type}_${__object_id}.json"
 state="$(cat "$__object/parameter/state")"
 

cdist/conf/type/__consul_watch_service/explorer/conf-dir

@@ -1 +0,0 @@
-../../__consul_service/explorer/conf-dir

cdist/conf/type/__consul_watch_service/manifest

@@ -20,7 +20,7 @@
 
 cdist_type="${__type##*/}"
 watch_type="${cdist_type##*_}"
-conf_dir=$(cat "$__object/explorer/conf-dir")
+conf_dir="/etc/consul/conf.d"
 conf_file="watch_${watch_type}_${__object_id}.json"
 state="$(cat "$__object/parameter/state")"
 

cdist/conf/type/__consul_watch_services/explorer/conf-dir

@@ -1 +0,0 @@
-../../__consul_service/explorer/conf-dir

cdist/conf/type/__consul_watch_services/manifest

@@ -20,7 +20,7 @@
 
 cdist_type="${__type##*/}"
 watch_type="${cdist_type##*_}"
-conf_dir=$(cat "$__object/explorer/conf-dir")
+conf_dir="/etc/consul/conf.d"
 conf_file="watch_${watch_type}_${__object_id}.json"
 state="$(cat "$__object/parameter/state")"
 

cdist/conf/type/__cron/gencode-remote

@@ -31,28 +31,24 @@ if [ -f "$__object/parameter/raw" ]; then
 elif [ -f "$__object/parameter/raw_command" ]; then
    entry="$command"
 else
-   minute="$(cat "$__object/parameter/minute")"
-   hour="$(cat "$__object/parameter/hour")"
-   day_of_month="$(cat "$__object/parameter/day_of_month")"
-   month="$(cat "$__object/parameter/month")"
-   day_of_week="$(cat "$__object/parameter/day_of_week")"
+   minute="$(cat "$__object/parameter/minute" 2>/dev/null || echo "*")"
+   hour="$(cat "$__object/parameter/hour" 2>/dev/null || echo "*")"
+   day_of_month="$(cat "$__object/parameter/day_of_month" 2>/dev/null || echo "*")"
+   month="$(cat "$__object/parameter/month" 2>/dev/null || echo "*")"
+   day_of_week="$(cat "$__object/parameter/day_of_week" 2>/dev/null || echo "*")"
    entry="$minute $hour $day_of_month $month $day_of_week $command # $name"
 fi
 
 mkdir "$__object/files"
 echo "$entry" > "$__object/files/entry"
 
-if [ -s "$__object/explorer/entry" ]; then
-    if diff -q "$__object/files/entry" "$__object/explorer/entry" >/dev/null; then
-        state_is=present
-    else
-        state_is=modified
-    fi
+if diff -q "$__object/files/entry" "$__object/explorer/entry" >/dev/null; then
+    state_is=present
 else
     state_is=absent
 fi
 
-state_should="$(cat "$__object/parameter/state")"
+state_should="$(cat "$__object/parameter/state" 2>/dev/null || echo "present")"
 
 [ "$state_is" = "$state_should" ] && exit 0
 

cdist/conf/type/__cron/manifest

@@ -22,12 +22,3 @@ if [ -f "$__object/parameter/raw" ] && [ -f "$__object/parameter/raw_command" ];
     echo "ERROR: both raw and raw_command specified" >&2
     exit 1
 fi
-
-case "$(cat "$__object/parameter/state")" in
-    present) ;;
-    absent) ;;
-
-    *)
-        echo "ERROR: unkown cron state" >&2
-        exit 2
-esac

cdist/conf/type/__cron/parameter/default/day_of_month

@@ -1 +0,0 @@
-*

cdist/conf/type/__cron/parameter/default/day_of_week

@@ -1 +0,0 @@
-*

cdist/conf/type/__cron/parameter/default/hour

@@ -1 +0,0 @@
-*

cdist/conf/type/__cron/parameter/default/minute

@@ -1 +0,0 @@
-*

cdist/conf/type/__cron/parameter/default/month

@@ -1 +0,0 @@
-*

cdist/conf/type/__directory/explorer/stat

@@ -1,7 +1,6 @@
 #!/bin/sh
 #
 # 2013 Steven Armstrong (steven-cdist armstrong.cc)
-# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
 #
 # This file is part of cdist.
 #
@@ -21,43 +20,24 @@
 
 destination="/$__object_id"
 
-fallback() {
-   # Patch the output together, manually
-
-   ls_line=$(ls -ldn "$destination")
-
-   uid=$(echo "$ls_line" | awk '{ print $3 }')
-   gid=$(echo "$ls_line" | awk '{ print $4 }')
-
-   owner=$(awk -F: -v uid="$uid" '$3 == uid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/passwd)
-   group=$(awk -F: -v uid="$uid" '$3 == uid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/group)
-
-   mode_text=$(echo "$ls_line" | awk '{ print $1 }')
-   mode=$(echo "$mode_text" | awk '{ k=0; for (i=0; i<=8; i++) k += ((substr($1, i+2, 1) ~ /[rwx]/) * 2^(8-i)); printf("%0o", k) }')
-
-   printf 'type: %s\nowner: %d %s\ngroup: %d %s\nmode: %s %s\n' \
-      "$("$__type_explorer/type")" \
-      "$uid" "$owner" \
-      "$gid" "$group" \
-      "$mode" "$mode_text"
-}
-
 # nothing to work with, nothing we could do
 [ -e "$destination" ] || exit 0
 
-if ! command -v stat >/dev/null
-then
-   fallback
-   exit
-fi
-
-case $("$__explorer/os") in
+os=$("$__explorer/os")
+case "$os" in
    "freebsd"|"netbsd"|"openbsd"|"macosx")
       stat -f "type: %HT
 owner: %Du %Su
 group: %Dg %Sg
 mode: %Lp %Sp
-" "$destination" | awk '/^type/ { print tolower($0); next } { print }'
+" "$destination" | awk '/^type/ { print tolower($0); next; } { print; }'
+      ;;
+   alpine)
+      stat -c "type: %F
+owner: %u %U
+group: %g %G
+mode: %a %A
+" "$destination"
       ;;
     solaris)
         ls1="$( ls -ld "$destination" )"
@@ -89,12 +69,10 @@ mode: %Lp %Sp
         echo "mode: $octets $( echo "$ls1" | awk '{print $1}' )"
     ;;
    *)
-      # NOTE: Do not use --printf here as it is not supported by BusyBox stat.
-      # NOTE: BusyBox's stat might not support the "-c" option, in which case
-      #       we fall through to the shell fallback.
-       stat -c "type: %F
+       stat --printf="type: %F
 owner: %u %U
 group: %g %G
-mode: %a %A" "$destination" 2>/dev/null || fallback
+mode: %a %A
+" "$destination"
    ;;
 esac

cdist/conf/type/__directory/gencode-remote

@@ -3,7 +3,6 @@
 # 2011-2013 Nico Schottelius (nico-cdist at schottelius.org)
 # 2013 Steven Armstrong (steven-cdist armstrong.cc)
 # 2014 Daniel Heule (hda at sfs.biz)
-# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
 #
 # This file is part of cdist.
 #
@@ -22,8 +21,8 @@
 #
 
 destination="/$__object_id"
-state_should=$(cat "$__object/parameter/state")
-type=$(cat "$__object/explorer/type")
+state_should="$(cat "$__object/parameter/state")"
+type="$(cat "$__object/explorer/type")"
 stat_file="$__object/explorer/stat"
 
 # variable to keep track if we have to set directory attributes
@@ -73,7 +72,7 @@ set_mode() {
 }
 
 case "$state_should" in
-   present|exists)
+   present)
       if [ "$type" != "directory" ]; then
          set_attributes=1
          if [ "$type" != "none" ]; then
@@ -84,10 +83,6 @@ case "$state_should" in
          fi
          echo "mkdir $mkdiropt '$destination'"
          echo "create" >> "$__messages_out"
-      elif [ "$state_should" = 'exists' ]; then
-         # The type is directory and --state exists. We are done and do not
-         # check or set the attributes.
-         exit 0
       fi
 
       # Note: Mode - needs to happen last as a chown/chgrp can alter mode by
@@ -108,26 +103,6 @@ case "$state_should" in
          fi
       done
    ;;
-   pre-exists)
-      case $type in
-         directory)
-            # all good
-            exit 0
-         ;;
-         none)
-            printf 'Directory "%s" does not exist\n' "$destination" >&2
-            exit 1
-         ;;
-         file|symlink)
-            printf 'File "%s" exists and is a %s, but should be a directory\n' "$destination" "$type" >&2
-            exit 1
-         ;;
-         *)
-            printf 'File or directory "%s" is in an unknown state\n' "$destination" >&2
-            exit 1
-         ;;
-      esac
-   ;;
    absent)
         if [ "$type" = "directory" ]; then
             echo "rm -rf '$destination'"

cdist/conf/type/__directory/man.rst

@@ -19,18 +19,7 @@ None.
 OPTIONAL PARAMETERS
 -------------------
 state
-   'present', 'absent', 'exists' or 'pre-exists', defaults to 'present' where:
-
-   present
-      the directory exists and the given attributes are set.
-   absent
-      the directory does not exist.
-   exists
-      the directory exists, but its attributes are not altered if it already
-      existed.
-   pre-exists
-      check that the directory exists and is indeed a directory, but do not
-      create or modify it.
+   'present' or 'absent', defaults to 'present'
 
 group
    Group to chgrp to.
@@ -47,7 +36,7 @@ BOOLEAN PARAMETERS
 parents
    Whether to create parents as well (mkdir -p behaviour).
    Warning: all intermediate directory permissions default
-   to whatever mkdir -p does.
+   to whatever mkdir -p does. 
 
    Usually this means root:root, 0700.
 

cdist/conf/type/__file/explorer/stat

@@ -2,7 +2,6 @@
 #
 # 2013 Steven Armstrong (steven-cdist armstrong.cc)
 # 2019 Nico Schottelius (nico-cdist at schottelius.org)
-# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
 #
 # This file is part of cdist.
 #
@@ -22,54 +21,29 @@
 
 destination="/$__object_id"
 
-fallback() {
-   # Fallback: Patch the output together, manually.
-
-   ls_line=$(ls -ldn "$destination")
-
-   uid=$(echo "$ls_line" | awk '{ print $3 }')
-   gid=$(echo "$ls_line" | awk '{ print $4 }')
-
-   owner=$(awk -F: -v uid="$uid" '$3 == uid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/passwd)
-   group=$(awk -F: -v uid="$uid" '$3 == uid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/group)
-
-   mode_text=$(echo "$ls_line" | awk '{ print $1 }')
-   mode=$(echo "$mode_text" | awk '{ k=0; for (i=0; i<=8; i++) k += ((substr($1, i+2, 1) ~ /[rwx]/) * 2^(8-i)); printf("%0o", k) }')
-
-   size=$(echo "$ls_line" | awk '{ print $5 }')
-   links=$(echo "$ls_line" | awk '{ print $2 }')
-
-   printf 'type: %s\nowner: %d %s\ngroup: %d %s\nmode: %s %s\nsize: %d\nlinks: %d\n' \
-      "$("$__type_explorer/type")" \
-      "$uid" "$owner" \
-      "$gid" "$group" \
-      "$mode" "$mode_text" \
-      "$size" \
-      "$links"
-}
-
-
 # nothing to work with, nothing we could do
 [ -e "$destination" ] || exit 0
 
-
-if ! command -v stat >/dev/null
-then
-   fallback
-   exit
-fi
-
-
-case $("$__explorer/os")
-in
-   freebsd|netbsd|openbsd|macosx)
+os=$("$__explorer/os")
+case "$os" in
+   "freebsd"|"netbsd"|"openbsd"|"macosx")
       stat -f "type: %HT
 owner: %Du %Su
 group: %Dg %Sg
 mode: %Lp %Sp
 size: %Dz
 links: %Dl
-" "$destination" | awk '/^type/ { print tolower($0); next } { print }'
+" "$destination" | awk '/^type/ { print tolower($0); next; } { print; }'
+      ;;
+   alpine)
+       # busybox stat
+      stat -c "type: %F
+owner: %u %U
+group: %g %G
+mode: %a %A
+size: %s
+links: %h
+" "$destination"
       ;;
     solaris)
         ls1="$( ls -ld "$destination" )"
@@ -103,14 +77,12 @@ links: %Dl
         echo "links: $( echo "$ls1" | awk '{print $2}' )"
     ;;
    *)
-      # NOTE: Do not use --printf here as it is not supported by BusyBox stat.
-      # NOTE: BusyBox's stat might not support the "-c" option, in which case
-      #       we fall through to the shell fallback.
-      stat -c "type: %F
+      stat --printf="type: %F
 owner: %u %U
 group: %g %G
 mode: %a %A
 size: %s
-links: %h" "$destination" 2>/dev/null || fallback
-         ;;
+links: %h
+" "$destination"
+      ;;
 esac

cdist/conf/type/__file/gencode-local

@@ -31,24 +31,12 @@ if [ "$state_should" = "pre-exists" ]; then
       exit 1
    fi
 
-   case $type in
-      file)
-         # nothing to do
-         exit 0
-      ;;
-      none)
-         printf 'File "%s" does not exist\n' "$destination" >&2
-         exit 1
-      ;;
-      directory|symlink)
-         printf 'File "%s" exists and is a %s, but should be a regular file\n' "$destination" "$type" >&2
-         exit 1
-      ;;
-      *)
-         printf 'File or directory "%s" is in an unknown state\n' "$destination" >&2
-         exit 1
-      ;;
-   esac
+   if [ "$type" = "file" ]; then
+      exit 0 # nothing to do
+   else
+      echo "File \"$destination\" does not exist"
+      exit 1
+   fi
 fi
 
 upload_file=

cdist/conf/type/__file/gencode-remote

@@ -55,40 +55,36 @@ set_owner() {
 }
 
 set_mode() {
-    echo "chmod '$1' '$destination'"
-    echo "chmod '$1'" >> "$__messages_out"
-    fire_onchange=1
+   echo "chmod '$1' '$destination'"
+   echo "chmod '$1'" >> "$__messages_out"
+   fire_onchange=1
 }
 
 case "$state_should" in
-    present|exists)
-        # Note: Mode - needs to happen last as a chown/chgrp can alter mode by
-        #  clearing S_ISUID and S_ISGID bits (see chown(2))
-        for attribute in group owner mode; do
-            if [ -f "$__object/parameter/$attribute" ]; then
-                value_should="$(cat "$__object/parameter/$attribute")"
+    present|exists|pre-exists)
+    # Note: Mode - needs to happen last as a chown/chgrp can alter mode by
+    #  clearing S_ISUID and S_ISGID bits (see chown(2))
+    for attribute in group owner mode; do
+        if [ -f "$__object/parameter/$attribute" ]; then
+            value_should="$(cat "$__object/parameter/$attribute")"
 
-                # change 0xxx format to xxx format => same as stat returns
-                if [ "$attribute" = mode ]; then
-                    value_should="$(echo "$value_should" | sed 's/^0\(...\)/\1/')"
-                fi
-
-                value_is="$(get_current_value "$attribute" "$value_should")"
-                if [ -f "$__object/files/set-attributes" ] || [ "$value_should" != "$value_is" ]; then
-                    "set_$attribute" "$value_should"
-                fi
+            # change 0xxx format to xxx format => same as stat returns
+            if [ "$attribute" = mode ]; then
+                value_should="$(echo "$value_should" | sed 's/^0\(...\)/\1/')"
+            fi
+            
+            value_is="$(get_current_value "$attribute" "$value_should")"
+            if [ -f "$__object/files/set-attributes" ] || [ "$value_should" != "$value_is" ]; then
+                "set_$attribute" "$value_should"
             fi
-        done
-        if [ -f "$__object/files/set-attributes" ]; then
-            # set-attributes is created if file is created or uploaded in gencode-local
-            fire_onchange=1
         fi
-    ;;
+    done
+    if [ -f "$__object/files/set-attributes" ]; then
+        # set-attributes is created if file is created or uploaded in gencode-local
+        fire_onchange=1
+    fi
 
-    pre-exists)
-        # pre-exists should never reach gencode-remote…
-        exit 1
-   ;;
+    ;;
 
     absent)
         if [ "$type" = "file" ]; then
@@ -105,7 +101,7 @@ case "$state_should" in
 esac
 
 if [ -f "$__object/parameter/onchange" ]; then
-    if [ -n "$fire_onchange" ]; then
-        cat "$__object/parameter/onchange"
-    fi
+   if [ -n "$fire_onchange" ]; then
+      cat "$__object/parameter/onchange"
+   fi
 fi

cdist/conf/type/__letsencrypt_cert/man.rst

@@ -59,13 +59,13 @@ MESSAGES
 --------
 
 change
-    Certificate was changed.
+    Certificte was changed.
 
 create
-    Certificate was created.
+    Certificte was created.
 
 remove
-    Certificate was removed.
+    Certificte was removed.
 
 EXAMPLES
 --------

cdist/conf/type/__mysql_privileges/explorer/state

@@ -30,7 +30,7 @@ host="$( cat "$__object/parameter/host" )"
 
 check_privileges="$( 
     mysql -B -N -e "show grants for '$user'@'$host'" \
-        | grep -Ei "^grant $privileges on .$database.\..?$table.? to " || true )"
+        | grep -Ei "^grant $privileges on .$database.\..$table. to " || true )"
 
 if [ -n "$check_privileges" ]
 then

cdist/conf/type/__mysql_privileges/gencode-remote

@@ -37,19 +37,13 @@ user="$( cat "$__object/parameter/user" )"
 
 host="$( cat "$__object/parameter/host" )"
 
-if [ "$table" != '*' ]
-then
-    # shellcheck disable=SC2016
-    table="$( printf '`%s`' "$table" )"
-fi
-
 case "$state_should" in
     present)
-        echo "mysql -e 'grant $privileges on \`$database\`.$table to \`$user\`@\`$host\`'"
+        echo "mysql -e 'grant $privileges on \`$database\`.\`$table\` to \`$user\`@\`$host\`'"
         echo "grant $privileges on $database.$table to $user@$host" >> "$__messages_out"
     ;;
     absent)
-        echo "mysql -e 'revoke $privileges on \`$database\`.$table from \`$user\`@\`$host\`'"
+        echo "mysql -e 'revoke $privileges on \`$database\`.\`$table\` from \`$user\`@\`$host\`'"
         echo "revoke $privileges on $database.$table from $user@$host" >> "$__messages_out"
     ;;
 esac

cdist/conf/type/__mysql_privileges/man.rst

@@ -17,7 +17,7 @@ REQUIRED PARAMETERS
 database
    Name of database.
 
-user
+User
    Name of user.
 
 

cdist/conf/type/__network_interface/files/debian/00000-wait-for-ip

@@ -0,0 +1,38 @@
+#!/bin/sh
+#
+# workaround the bloody upstart race conditions
+# by delaying the emission of the net-device-up signal until the interface is
+# really up and configured.
+#
+# environment variables:
+# METHOD=dhcp
+# MODE=start
+# LOGICAL=eth0
+# PHASE=post-up
+# ADDRFAM=inet
+# VERBOSITY=0
+# PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+# IF_METRIC=100
+# IFACE=eth0
+# PWD=/root
+
+# nothing to do for loopback
+[ "$IFACE" = lo ] && exit 0
+
+LOG_FILE="/tmp/wait-for-ip-${IFACE}.log"
+cp /dev/null $LOG_FILE
+RETRY=20
+index=0
+
+if [ "$ADDRFAM" = "inet" -a "$METHOD" = "dhcp" ]; then
+   until [ -n "$ip" -o $index -eq $RETRY ]; do
+      ip=$(ip -o -family inet addr show dev $IFACE | awk '{split($4, a, "/"); print a[1]}')
+      index=$((index+1))
+      sleep 0.5
+   done
+   if [ -n "$ip" ]; then
+      echo "Interface $IFACE is up with ip $ip after $index of $RETRY tries." >> $LOG_FILE
+   else
+      echo "Interface $IFACE failed to come up with an ip address, giving up after $RETRY tries." >> $LOG_FILE
+   fi
+fi

cdist/conf/type/__network_interface/files/debian/ifupdown-symmetric-routing

@@ -0,0 +1,64 @@
+#!/bin/sh
+#
+# See 'IFACE OPTIONS' in interfaces(5) for available variables.
+#
+
+DEBUG=
+#DEBUG=1
+debug() {
+   if [ "$DEBUG" ]; then
+      echo "[DEBUG] $@" >&2
+   fi
+}
+
+interface="$IFACE"
+
+# noop for loopback
+[ "$interface" = "lo" ] && exit 0
+
+# only work with ipv4
+[ "$ADDRFAM" = "inet" ] || exit 0
+
+# Interface must be explicitly configured to do symmetric routing.
+[ "${IF_SYMMETRIC_ROUTING:-no}" = "no" ] && exit 0
+
+
+case "$MODE" in
+   start)
+      action="up"
+   ;;
+   stop)
+      action="down"
+   ;;
+esac
+
+case "$METHOD" in
+   dhcp)
+      LEASEFILE="/var/lib/dhcp/dhclient.${interface}.leases"
+      ip_address="$(awk '/fixed-address/ {sub(/;$/,""); print $2}' "$LEASEFILE" | tail -1)"
+      subnet_mask_or_prefix="$(awk '/option subnet-mask/ {sub(/;$/,""); print $3}' "$LEASEFILE" | tail -1)"
+      gateway="$(awk '/option routers/ {sub(/;$/,""); print $3}' "$LEASEFILE" | tail -1)"
+   ;;
+   static)
+      [ -n "$IF_ADDRESS" ] && ip_address="$IF_ADDRESS"
+      [ -n "$IF_NETMASK" ] && subnet_mask_or_prefix="$IF_NETMASK"
+      [ -n "$IF_GATEWAY" ] && gateway="$IF_GATEWAY"
+   ;;
+   *)
+      echo "Unknown/unsupported METHOD: $METHOD" >&2
+      exit 1
+   ;;
+esac
+
+debug "$interface -----"
+debug "action: $action"
+debug "interface: $interface"
+debug "ip_address: $ip_address"
+debug "subnet_mask_or_prefix: $subnet_mask_or_prefix"
+debug "gateway: $gateway"
+debug "/$interface -----"
+
+if [ -n "$action" -a -n "$interface" -a -n "$ip_address" -a -n "$subnet_mask_or_prefix" ]; then
+   symmetric-routing "$action" "$interface" "$ip_address" "$subnet_mask_or_prefix" "$gateway"
+fi
+

cdist/conf/type/__network_interface/files/debian/interfaces

@@ -0,0 +1,9 @@
+# Generated by cdist __network_interface
+# Changes will be overwritten.
+
+# loopback
+auto lo
+iface lo inet loopback
+
+# include per interface configurations
+source /etc/network/interfaces.d/*.conf

cdist/conf/type/__network_interface/files/debian/manifest

@@ -0,0 +1,238 @@
+#!/bin/sh -e
+#
+# 2012-2018 Steven Armstrong (steven-cdist at armstrong.cc)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+
+__package ifupdown
+# Use cumulus ifupdown2 instead of ifupown and ifenslave
+# ifupdown2 is currently not compatible with network-wait-online.
+#__package ifupdown \
+#   --name ifupdown2
+
+type_files="$__type/files/debian"
+mkdir "$__object/files"
+interface_filename="${__object_id}.conf"
+
+(
+cat << DONE
+# Created by cdist ${__type##*/}
+# Do not change. Changes will be overwritten.
+#
+
+DONE
+
+if [ -f "$__object/parameter/comment" ]; then
+    awk '{ print "# "$0 }' < "$__object/parameter/comment"
+fi
+
+if [ -f "$__object/parameter/onboot" ]; then
+   # shellcheck disable=SC2154
+   printf "auto %s\n" "$name"
+elif [ -f "$__object/parameter/hotplug" ]; then
+   # shellcheck disable=SC2154
+   printf "allow-hotplug %s\n" "$name"
+fi
+
+ignored_parameters="linkdelay"
+manually_handled_parameters="name comment extra-config state method onboot hotplug nodns noroute no-network-wait-online symmetric-routing bond-slaves"
+# shellcheck disable=SC2154
+case "$method" in
+   dhcp)
+      printf "iface %s inet %s\n" "$name" "$method"
+      ignored_parameters="$ignored_parameters address broadcast gateway netmask"
+   ;;
+   static|manual)
+      printf "iface %s inet %s\n" "$name" "$method"
+   ;;
+   *)
+      echo "Unsupported value for parameter --method. Got '$method'. See man page for supported values." >&2
+      exit 1
+   ;;
+esac
+
+for param in "$__object"/parameter/*; do
+   if echo "$ignored_parameters" | grep -w -q "$param"; then
+      continue
+   fi
+   if echo "$manually_handled_parameters" | grep -w -q "$param"; then
+      continue
+   fi
+
+   if [ -f "$type_files/name-map" ]; then
+      key="$(awk -v param="$param" '{ if ($1 == param) {print $2;} else { print param;} }' "$type_files/name-map")"
+   else
+      key="$param"
+   fi
+   printf "  %s %s\n" "$key" "$(cat "$__object/parameter/$param")"
+done
+
+if [ -f "$__object/parameter/bond-mode" ] || [ -f "$__object/parameter/bond-primary" ]; then
+   # Note: ifenslave is not needed when using ifupdown2
+   # install package required for bonding
+   __package ifenslave
+   if [ -f "$__object/parameter/bond-slaves" ]; then
+      printf '  bond-slaves %s\n' "$(cat "$__object/parameter/bond-slaves")"
+   else
+      # need this or the slave tries to bring the master up, but the master hangs waiting for a slave
+      printf '  bond-slaves none\n'
+   fi
+fi
+
+if [ -f "$__object/parameter/no-network-wait-online" ]; then
+   # Do not consider this interface in network-wait-online.service
+   printf '  no-network-wait-online yes\n'
+fi
+
+if [ -f "$__object/parameter/symmetric-routing" ]; then
+   # Deploy scripts that implement the feature ...
+   __file /sbin/symmetric-routing \
+      --owner root --group root --mode 0755 \
+      --source "$__type/files/symmetric-routing"
+   require="__package/ifupdown __file/sbin/symmetric-routing" \
+      __file /etc/network/if-up.d/symmetric-routing \
+         --owner root --group root --mode 0755 \
+         --source "$__type/files/debian/ifupdown-symmetric-routing"
+   require="__package/ifupdown __file/etc/network/if-up.d/symmetric-routing" \
+      __link /etc/network/if-down.d/symmetric-routing \
+         --type symbolic \
+         --source ../if-up.d/symmetric-routing
+   # ... then enable it in interface stanza file.
+   printf '  symmetric-routing yes\n'
+fi
+
+# shellcheck disable=SC2154
+if [ -n "$vlan" ] && [ -n "$device" ]; then
+   # Explicit parent interface for vlans
+   printf '  vlan-raw-device %s\n' "$device"
+fi
+
+if [ -f "$__object/parameter/extra-config" ]; then
+   extra_config="$(cat "$__object/parameter/extra-config")"
+   if [ "$extra_config" = "-" ]; then
+      extra_config="$__object/stdin"
+   fi
+   awk '{print "  " $0}' "$extra_config"
+fi
+
+) >> "$__object/files/$interface_filename"
+
+__directory /etc/network \
+   --state present \
+   --owner root \
+   --group root \
+   --mode 755
+
+require="__directory/etc/network" \
+   __directory /etc/network/interfaces.d \
+      --state present \
+      --owner root \
+      --group root \
+      --mode 755
+
+require="__directory/etc/network" \
+   __file /etc/network/interfaces \
+      --source "$type_files/interfaces" \
+      --owner root \
+      --group root \
+      --mode 644
+
+# shellcheck disable=SC2154
+require="__file/etc/network/interfaces __directory/etc/network/interfaces.d" \
+   __file "/etc/network/interfaces.d/$interface_filename" \
+      --owner root \
+      --group root \
+      --mode 644 \
+      --source "$__object/files/$interface_filename" \
+      --state "$state"
+
+
+if [ "$method" = "dhcp" ] && [ -f "$__object/parameter/noroute" ]; then
+(
+cat << DONE
+# Created by cdist ${__type##*/}
+# Do not change. Changes will be overwritten.
+#
+
+if [ "\$interface" = "$name" ]; then
+
+case "\$reason" in
+   BOUND|RENEW|REBIND|REBOOT)
+      # prevent default gateway to be set by this interface
+      unset new_routers
+   ;;
+esac
+
+fi
+DONE
+) | \
+__file "/etc/dhcp/dhclient-enter-hooks.d/cdist-__network_interface-${name}-noroute" \
+   --owner root \
+   --group root \
+   --mode 644 \
+   --source - \
+   --state "$state"
+fi # end noroute
+
+if [ "$method" = "dhcp" ] && [ -f "$__object/parameter/nodns" ]; then
+(
+cat << DONE
+# Created by cdist ${__type##*/}
+# Do not change. Changes will be overwritten.
+#
+
+if [ "\$interface" = "$name" ]; then
+
+# Prevent /etc/resolv.conf from being changed by this interface
+# by overriding the default 'make_resolv_conf' function.
+make_resolv_conf(){
+   :
+}
+
+fi
+DONE
+) | \
+__file "/etc/dhcp/dhclient-enter-hooks.d/cdist-__network_interface-${name}-nodns" \
+   --owner root \
+   --group root \
+   --mode 644 \
+   --source - \
+   --state "$state"
+fi # end nodns
+
+
+os=$(cat "$__global/explorer/os")
+if [ "$os" = "ubuntu" ]; then
+   # workaround the bloody upstart race conditions
+   # by deploying a script that delays the emission of the net-device-up
+   # signal until the interface is really up and configured.
+   #script_name="00000-wait-for-ip"
+   #__file "/etc/network/if-up.d/$script_name" \
+   #   --owner root --group root --mode 755 \
+   #   --source "$type_files/$script_name"
+
+   # Deal with systemd network-online.target race conditions
+   require="__package/ifupdown" \
+      __file /etc/network/if-pre-up.d/network-online \
+         --owner root --group root --mode 0755 \
+         --source "$__type/files/debian/network-online"
+   require="__file/etc/network/if-pre-up.d/network-online" \
+      __link /etc/network/if-up.d/network-online \
+         --type symbolic \
+         --source ../if-pre-up.d/network-online
+fi
+

cdist/conf/type/__network_interface/files/debian/network-online

@@ -0,0 +1,49 @@
+#!/bin/sh
+#
+# See 'IFACE OPTIONS' in interfaces(5) for available variables.
+#
+
+DEBUG=
+#DEBUG=1
+debug() {
+   if [ "$DEBUG" ]; then
+      echo "[DEBUG] $@" >&2
+   fi
+}
+
+interface="$IFACE"
+
+# noop for loopback
+[ "$interface" = "lo" ] && exit 0
+
+# nothing usefull we could do for '--all'
+[ "$interface" = "--all" ] && exit 0
+
+# Interface is configured to not be considered by network-wait-online.service
+[ "${IF_NO_NETWORK_WAIT_ONLINE:-no}" = "yes" ] && exit 0
+
+
+case "$MODE" in
+   start)
+      action="up"
+   ;;
+   stop)
+      action="down"
+   ;;
+esac
+
+state_dir=/run/network-online-interfaces
+mkdir -p "$state_dir"
+
+case "$PHASE" in
+   pre-up)
+      # Create flag file to wait for in network-wait-online.service
+      touch "$state_dir/$interface"
+   ;;
+   post-up)
+      # This interface is up!
+      # Remove the flag file that was created in /sbin/ifup-pre-local
+      # so that the network-wait-online.service can reach the network-online.target
+      rm -rf "$state_dir/$interface"
+   ;;
+esac

cdist/conf/type/__network_interface/files/network-wait-online.service

@@ -0,0 +1,17 @@
+[Unit]
+Description=Wait for network to be configured
+Documentation=man:ifup(8)
+DefaultDependencies=no
+Conflicts=shutdown.target
+After=%NETWORK_SERVICE_NAME%
+Before=network-online.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+TimeoutStartSec=3min
+ExecStart=/bin/sh -ec 'while [ "$(ls -1 /run/network-online-interfaces/)" ]; do sleep 1; done'
+
+[Install]
+WantedBy=network-online.target
+

cdist/conf/type/__network_interface/files/redhat/ifup-pre-local

@@ -0,0 +1,39 @@
+#!/bin/sh
+
+#echo "/sbin/ifup-pre-local" >&2
+#set -x
+
+config="$1"
+interface="$1"
+
+cd /etc/sysconfig/network-scripts
+. ./network-functions
+
+[ -f ../network ] && . ../network
+
+need_config "$config"
+
+source_config
+
+# If not started at boot we don't care
+[ "${ONBOOT:-no}" = "no" ] && exit 0
+
+# noop for loopback
+[ "$DEVICE" = "lo" ] && exit 0
+
+state_dir=/run/network-online-interfaces
+mkdir -p "$state_dir"
+
+if [ "${NO_NETWORK_WAIT_ONLINE:-no}" = "no" ]; then
+   # remember device for later use in network-wait-online.service
+   touch "$state_dir/$DEVICE"
+fi
+
+# hackaround bugs in /etc/sysconfig/network-scripts/ifup
+wait_for_device=20
+index=0
+until [ -d "/sys/class/net/$DEVICE" -o $index -eq $wait_for_device ]; do
+   echo "waiting for /sys/class/net/$DEVICE $index/$wait_for_device" >&2
+   sleep 1
+   index=$(($index + 1))
+done

cdist/conf/type/__network_interface/files/redhat/ifupdown-local

@@ -0,0 +1,84 @@
+#!/bin/sh
+
+myname="${0##*/}"
+
+case "$myname" in
+   ifup-local)
+      action="up"
+   ;;
+   ifdown-local|ifdown-pre-local)
+      action="down"
+   ;;
+   *)
+      echo "Unable to determine action from script name: $myname" >&2
+      exit 1
+   ;;
+esac
+
+DEBUG=
+#DEBUG=1
+debug() {
+   if [ "$DEBUG" ]; then
+      echo "[DEBUG] $@" >&2
+   fi
+}
+
+interface="$1"
+
+# noop for loopback
+[ "$interface" = "lo" ] && exit 0
+
+
+cd /etc/sysconfig/network-scripts
+. ./network-functions
+
+[ -f ../network ] && . ../network
+
+need_config "$interface"
+source_config
+
+case "${BOOTPROTO}" in
+   bootp|dhcp)
+      generate_lease_file_name
+      ip_address="$(awk '/fixed-address/ {sub(/;$/,""); print $2}' "$LEASEFILE" | tail -1)"
+      subnet_mask_or_prefix="$(awk '/option subnet-mask/ {sub(/;$/,""); print $3}' "$LEASEFILE" | tail -1)"
+      gateway="$(awk '/option routers/ {sub(/;$/,""); print $3}' "$LEASEFILE" | tail -1)"
+   ;;
+   none)
+      # No ip address set -> nothing we could do
+      [ -n "$IPADDR" ] && ip_address="$IPADDR"
+      [ -n "$PREFIX" ] && subnet_mask_or_prefix="$PREFIX" || {
+         [ -n "$NETMASK" ] && subnet_mask_or_prefix="$NETMASK"
+      }
+      [ -n "$GATEWAY" ] && gateway="$GATEWAY"
+   ;;
+   *)
+      echo "Unknown/unsupported BOOTPROTO: $BOOTPROTO" >&2
+      exit 1
+   ;;
+esac
+
+debug "$interface -----"
+debug "action: $action"
+debug "interface: $interface"
+debug "ip_address: $ip_address"
+debug "subnet_mask_or_prefix: $subnet_mask_or_prefix"
+debug "gateway: $gateway"
+debug "/$interface -----"
+
+# Interface must be explicitly configured to do symmetric routing.
+if [ "${SYMMETRIC_ROUTING:-no}" = "yes" ]; then
+   if [ -n "$action" -a -n "$interface" -a -n "$ip_address" -a -n "$subnet_mask_or_prefix" ]; then
+      symmetric-routing "$action" "$interface" "$ip_address" "$subnet_mask_or_prefix" "$gateway"
+   fi
+fi
+
+case "$action" in
+   up)
+      # This interface is up!
+      # Remove the flag file that was created in /sbin/ifup-pre-local
+      # so that the network-wait-online.service can reach the network-online.target
+      state_dir=/run/network-online-interfaces
+      rm -rf "$state_dir/$interface"
+   ;;
+esac

cdist/conf/type/__network_interface/files/redhat/manifest

@@ -0,0 +1,175 @@
+#!/bin/sh -e
+#
+# 2014 Steven Armstrong (steven-cdist at armstrong.cc)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+
+type_files="$__type/files/redhat"
+mkdir "$__object/files"
+# shellcheck disable=SC2154
+interface_filename="ifcfg-${name}"
+
+(
+cat << DONE
+# Created by cdist ${__type##*/}
+# Do not change. Changes will be overwritten.
+#
+
+DONE
+
+if [ -f "$__object/parameter/comment" ]; then
+    awk '{ print "# "$0 }' < "$__object/parameter/comment"
+fi
+
+printf 'DEVICE="%s"\n' "$name"
+printf 'NM_CONTROLLED=no\n'
+printf 'USERCTL=no\n'
+
+if [ -f "$__object/parameter/onboot" ]; then
+   printf 'ONBOOT=yes\n'
+else
+   printf 'ONBOOT=no\n'
+fi
+if [ -f "$__object/parameter/hotplug" ]; then
+   printf 'HOTPLUG=yes\n'
+else
+   printf 'HOTPLUG=no\n'
+fi
+if [ -f "$__object/parameter/nodns" ]; then
+   printf 'PEERDNS=no\n'
+else
+   printf 'PEERDNS=yes\n'
+fi
+if [ -f "$__object/parameter/noroute" ]; then
+   printf 'DEFROUTE=no\n'
+else
+   printf 'DEFROUTE=yes\n'
+fi
+if [ -f "$__object/parameter/no-network-wait-online" ]; then
+   printf 'NO_NETWORK_WAIT_ONLINE=yes\n'
+fi
+if [ -f "$__object/parameter/symmetric-routing" ]; then
+   # Deploy scripts that implement the feature ...
+   __file /sbin/symmetric-routing \
+      --owner root --group root --mode 0755 \
+      --source "$__type/files/symmetric-routing"
+   # ... then enable it in interface cfg file.
+   printf 'SYMMETRIC_ROUTING=yes\n'
+fi
+
+ignored_parameters=""
+manually_handled_parameters="name comment extra-config state method onboot hotplug nodns noroute no-network-wait-online symmetric-routing"
+# shellcheck disable=SC2154
+case "$method" in
+   dhcp)
+      printf 'BOOTPROTO=dhcp\n'
+      ignored_parameters="$ignored_parameters address broadcast gateway netmask"
+   ;;
+   static|manual)
+      printf 'BOOTPROTO=none\n'
+   ;;
+   *)
+      echo "Unsupported value for parameter --method. Got '$method'. See man page for supported values." >&2
+      exit 1
+   ;;
+esac
+
+for param in "$__object"/parameter/*; do
+   if echo "$ignored_parameters" | grep -w -q "$param"; then
+      continue
+   fi
+   if echo "$manually_handled_parameters" | grep -w -q "$param"; then
+      continue
+   fi
+
+   case "$param" in
+      bond-master)
+         # if someone is my master, I am a slave
+         printf 'SLAVE=yes\n'
+         printf 'MASTER=%s\n' "$(cat "$__object/parameter/$param")"
+      ;;
+      bond-*)
+         key="$(echo "${param#*bond-}" | tr - _)"
+         if [ "$param" = "bond-arp-ip-target" ]; then
+            value="$(tr '\n' , < "$__object/parameter/$param")"
+            # strip trailing comma
+            value="${value%,}"
+         else
+            value="$(cat "$__object/parameter/$param")"
+         fi
+         printf '%s=%s\n' "$key" "$value" >> "$__object/files/bonding_opts"
+      ;;
+      *)
+         # check for redhat specific name for this parameter
+         if [ -f "$type_files/name-map" ]; then
+            key="$(awk -v param="$param" '{ if ($1 == param) {print $2;} else { print param;} }' "$type_files/name-map")"
+         else
+            key="$param"
+         fi
+         # redhat likes things uppercase
+         key="$(echo "$key" | tr '[:lower:]' '[:upper:]')"
+         printf '%s=%s\n' "$key" "$(cat "$__object/parameter/$param")"
+      ;;
+   esac
+done
+if [ -f "$__object/files/bonding_opts" ]; then
+   value="$(tr '\n' ' ' < "$__object/files/bonding_opts")"
+   # strip trailing space
+   value="${value% }"
+   printf 'BONDING_OPTS="%s"\n' "$value"
+fi
+
+# shellcheck disable=SC2154
+if [ -n "$vlan" ] && [ -n "$device" ]; then
+   # Enable vlan for this interface
+   printf 'VLAN=yes\n'
+fi
+
+if [ -f "$__object/parameter/extra-config" ]; then
+   extra_config="$(cat "$__object/parameter/extra-config")"
+   if [ "$extra_config" = "-" ]; then
+      extra_config="$__object/stdin"
+   fi
+   cat "$extra_config"
+fi
+
+
+) >> "$__object/files/$interface_filename"
+
+# shellcheck disable=SC2154
+__file "/etc/sysconfig/network-scripts/$interface_filename" \
+   --owner root \
+   --group root \
+   --mode 644 \
+   --source "$__object/files/$interface_filename" \
+   --state "$state"
+
+# Deploy helper scripts
+__file /sbin/ifupdown-local \
+   --owner root --group root --mode 0755 \
+   --source "$__type/files/redhat/ifupdown-local"
+require="__file/sbin/ifupdown-local" \
+   __link /sbin/ifup-local \
+      --type symbolic \
+      --source ./ifupdown-local
+require="__file/sbin/ifupdown-local" \
+   __link /sbin/ifdown-pre-local \
+      --type symbolic \
+      --source ./ifupdown-local
+__file /sbin/ifup-pre-local \
+   --owner root --group root --mode 0755 \
+   --source "$__type/files/redhat/ifup-pre-local"

cdist/conf/type/__network_interface/files/redhat/name-map

@@ -0,0 +1 @@
+address ipaddr

cdist/conf/type/__network_interface/files/symmetric-routing

@@ -0,0 +1,240 @@
+#!/bin/sh
+#
+
+set -e
+
+error() {
+   echo "[ERROR] $@" >&2
+}
+die() {
+   error "$@"
+   exit 1
+}
+info() {
+   echo "[INFO] $@" >&2
+}
+debug() {
+   if [ "$DEBUG" ]; then
+      echo "[DEBUG] $@" >&2
+   fi
+}
+
+usage() {
+   cat << EOS 1>&2
+Usage: ${0##*/} [OPTIONS] ACTION INTERFACE IP_ADDRESS SUBNET_MASK_OR_PREFIX [GATEWAY]
+(see -h for more information)
+EOS
+}
+
+help() {
+   usage 2>&1 | head -n -1 1>&2
+
+   cat << EOS 1>&2
+
+Setup policy based routing for the given interface
+to ensure symmetric routing.
+
+ACTION must be either 'up' or 'down' to add respectively remove the
+routing table entries.
+
+Options:
+    -h    show this help message
+    -d    run in debug mode
+    -x    run with 'set -x' set
+    -n    no action, just show what would be done without doing it
+
+Examples:
+   ${0##*/} up eth1 192.168.42.23 255.255.255.0 192.168.0.1
+   ${0##*/} down eth1 192.168.42.23 255.255.255.0 192.168.0.1
+   # gateway is optional
+   ${0##*/} up eth1 192.168.42.23 255.255.255.0
+   ${0##*/} down eth1 192.168.42.23 255.255.255.0
+   # same but using prefix instead of subnet mask
+   ${0##*/} up eth1 192.168.42.23 24 192.168.0.1
+   ${0##*/} down eth1 192.168.42.23 24 192.168.0.1
+
+EOS
+}
+
+die_usage() {
+   error "$@"
+   usage
+   exit 1
+}
+
+
+### Utility functions
+
+# Convert ip to int.
+ip2int() {
+   _ip="$1"
+   { IFS=. read _a _b _c _d; } << _done
+$_ip
+_done
+   echo $(((((((_a << 8) | _b) << 8) | _c) << 8) | _d))
+   unset _ip _a _b _c _d
+}
+
+# Convert int to ip.
+int2ip() {
+   _ui32=$1; shift
+   _ip=
+   for _n in 1 2 3 4; do
+      _ip=$((_ui32 & 0xff))${_ip:+.}$_ip
+      _ui32=$((_ui32 >> 8))
+   done
+   echo $_ip
+   unset _ui32 _ip _n
+}
+
+# Convert the given prefix into a subnet mask.
+mask_from_prefix() {
+   _prefix="$1"
+   _mask=$((0xffffffff << (32 - $_prefix)))
+   int2ip $_mask
+   unset _prefix _mask
+}
+
+# Calculate network number from the given ip and prefix.
+network_from_ip_and_prefix() {
+   _ip="$1"
+   _prefix="$2"
+   _addr=$(ip2int $_ip)
+   _mask=$((0xffffffff << (32 - $_prefix)))
+   int2ip $((_addr & _mask))
+   unset _ip _prefix _addr _mask
+}
+
+# Calculate number of bits in the given subnet mask.
+prefix_from_mask() {
+   # Assumes there's no "255." after a non-255 byte in the mask
+   _mask="$1"
+   _x=${_mask##*255.}
+   set -- 0^^^128^192^224^240^248^252^254^ $(( (${#1} - ${#_x})*2 )) ${_x%%.*}
+   _x=${1%%$3*}
+   echo $(( $2 + (${#_x}/4) ))
+   unset _mask _x
+}
+
+rt_tables=/etc/iproute2/rt_tables
+#rt_tables=/tmp/rt_tables
+# Get and if required create a routing table for the given table name.
+table_id_from_name() {
+   _interface="$1"
+   _table_id=$(awk -vname=$_interface '{ if ($2 == name) print $1 }' "$rt_tables")
+   if [ -z "$_table_id" ]; then
+      # find unused table id and create a new table for this interface
+      _used_ids=$(awk '$1 !~ /^(#| |255|254|253|0)/ { print $1 }' "$rt_tables")
+      for _tid in $(seq 1 252); do
+         if echo "$_used_ids" | grep -q "$_tid"; then
+            continue
+         else
+            _table_id="$_tid"
+            [ $NOACTION ] || printf '%s %s\n' "$_table_id" "$_interface" >> "$rt_tables"
+            break
+         fi
+      done
+   fi
+   echo "$_table_id"
+   unset _interface _table_id _used_ids _tid
+}
+
+
+### Parse command line arguments
+
+NOACTION=
+DEBUG=
+SETX=
+while getopts "ndxh" options
+do
+   #echo "$flag" $OPTIND $OPTARG
+   case $options in
+      n) NOACTION=1;;
+      d) DEBUG=1;;
+      x) SETX=1;;
+      ?|h) help
+         exit 0
+      ;;
+      *) usage
+         exit 1
+      ;;
+   esac
+done
+# Strip arguments allready handled by getopts
+shift $((OPTIND-1))
+
+[ "$SETX" ] && set -x
+
+# Validate arguments
+[ "$#" -ge 4 ] || die_usage "Expected at least 4 arguments, got: $#"
+
+action="$1" # up | down
+interface="$2"
+ip_address="$3"
+subnet_mask_or_prefix="$4"
+gateway="$5"
+
+debug "action: $action"
+debug "interface: $interface"
+debug "ip_address: $ip_address"
+debug "subnet_mask_or_prefix: $subnet_mask_or_prefix"
+debug "gateway: $gateway"
+
+
+case "$subnet_mask_or_prefix" in
+   *.*)
+      # has a dot, must be a subnet mask
+      subnet_mask="$subnet_mask_or_prefix"
+      prefix=$(prefix_from_mask "$subnet_mask")
+      network="$(network_from_ip_and_prefix "$ip_address" "$prefix")"
+   ;;
+   *)
+      # no dot, must be prefix
+      prefix="$subnet_mask_or_prefix"
+      subnet_mask="$(mask_from_prefix "$prefix")"
+      network="$(network_from_ip_and_prefix "$ip_address" "$prefix")"
+   ;;
+esac
+
+table_name="$interface"
+table_id="$(table_id_from_name "$table_name")"
+
+debug "subnet_mask: $subnet_mask"
+debug "prefix: $prefix"
+debug "network: $network"
+debug "table_name: $table_name"
+debug "table_id: $table_id"
+
+(
+case "$action" in
+   up)
+      # setup routing table for interface
+      printf 'ip route add "%s/%s" dev "%s" proto static src "%s" table "%s"\n' \
+         "$network" "$prefix" "$interface" "$ip_address" "$table_name"
+      if [ -n "$gateway" ]; then
+         printf 'ip route add default via "%s" table "%s"\n' "$gateway" "$table_name"
+      fi
+      printf 'ip rule add from "%s" table "%s"\n' "$ip_address" "$table_name"
+   ;;
+   down)
+      printf 'ip rule del from "%s" table "%s"\n' "$ip_address" "$table_name"
+      if [ -n "$gateway" ]; then
+         printf 'ip route del default via "%s" table "%s"\n' "$gateway" "$table_name"
+      fi
+      printf 'ip route del "%s/%s" dev "%s" proto static src "%s" table "%s"\n' \
+         "$network" "$prefix" "$interface" "$ip_address" "$table_name"
+   ;;
+   *)
+      echo "Unknown action: $action" >&2
+      exit 1
+   ;;
+esac
+# tell the kernel that it needs to re-parse the policy database
+printf 'ip route flush cache\n'
+) | (
+   if [ "$NOACTION" ]; then
+      cat
+   else
+      /bin/sh -s
+   fi
+)

cdist/conf/type/__network_interface/man.rst

@@ -0,0 +1,200 @@
+cdist-type__network_interface(7)
+================================
+
+NAME
+----
+cdist-type__network_interface - configure network interfaces
+
+
+DESCRIPTION
+-----------
+Configures network interfaces on debian an redhat based systems.
+Interface names containing a dot are assumed to be vlan tagged sub interfaces.
+e.g. eth0.10 is vlan 10 on physical device eth0.
+
+Note that this type rewrites network interface files.
+
+
+REQUIRED PARAMETERS
+-------------------
+None.
+
+OPTIONAL PARAMETERS
+-------------------
+name
+    The name of the physical or logical network device.
+    Defaults to __object_id.
+
+method
+    The method for determining an IP address for the interface.
+    'dhcp', 'static' or 'manual'.
+    Defaults to 'dhcp'.
+
+address
+    The IP address of the network interface.
+    Only used if --method is not 'dhcp'.
+
+broadcast
+    Only used if --method is not 'dhcp'.
+
+comment
+    Comment.
+
+extra-config
+    Additional config that is added to the generated interfaces file verbatim.
+
+gateway
+    Default gateway (dotted quad).
+    Only used if --method is not 'dhcp'.
+
+netmask
+    The subnet mask to apply to the interface.
+    Only used if --method is not 'dhcp'.
+
+metric
+    Routing metric for the default gateway.
+
+mtu
+    The Maximum Transmission Unit size to use for the interface.
+
+state
+    'present' or 'absent', defaults to 'present'.
+
+bond-arp-interval
+    Specifies (in milliseconds) how often ARP monitoring occurs.
+
+bond-arp-ip-target
+    Specifies the target IP address of ARP requests when the arp_interval parameter is enabled.
+    Can be specified up to 16 times.
+
+bond-master
+    The name of the master (bonding) interface to which this slave should be enslaved.
+
+bond-miimon
+    Specifies (in milliseconds) how often MII link monitoring occurs.
+
+bond-mode
+    Allows you to specify the bonding policy. The value can be one of:
+
+    - balance-rr (0)
+    - active-backup (1)
+    - balance-xor (2)
+    - broadcast (3)
+    - 802.3ad (4)
+    - balance-tlb (5)
+    - balance-alb (6)
+
+bond-primary
+    Specifies the interface name, such as eth0, of the primary device.
+
+bond-slaves
+    The slave interfaces that form this bonding.
+
+linkdelay
+    Only useable on Redhat based systems.
+    Time in seconds that the system should pause after the specific interface
+    is enabled.  This may be useful if one interface is connected to a
+    switch which has spanning tree enabled and must wait for STP to
+    converge before the interface should be considered usable.
+
+BOOLEAN PARAMETERS
+------------------
+onboot
+    Whether to bring the interface up on boot.
+
+hotplug
+    Allow/disallow hotplug support for this interface.
+
+nodns
+    Do not configure nameservers in /etc/resolv.conf.
+
+noroute
+    Do not set default route.
+
+no-network-wait-online
+    Do not consider this network interface in the network-wait-online.service unit.
+
+symmetric-routing
+    Manage routing tables and rules to ensure symmetric routing.
+
+
+EXAMPLES
+--------
+
+.. code-block:: sh
+
+    __network_interface eth0 --onboot
+
+    # Same thing, but explicitly define method
+    __network_interface eth0 --method dhcp --onboot
+
+    __network_interface eth1 \
+        --method static \
+        --address 192.168.42.23 \
+        --netmask 255.255.255.0 \
+        --gateway 192.168.42.1 \
+        --onboot
+
+    __network_interface eth3 --method dhcp --hotplug
+
+    # Don't wait for Infiniband interface to be up before reaching systemd network-online.target
+    __network_interface ib0 --method dhcp --no-network-wait-online
+
+    # active-backup bonding with 2 slaves
+    __network_interface bond0 \
+        --onboot \
+        --method static \
+        --bond-mode active-backup \
+        --bond-miimon 500 \
+        --bond-primary eth5 \
+        --address 10.205.9.65 \
+        --netmask 255.255.224.0
+
+    __network_interface eth5 \
+        --onboot \
+        --method manual \
+        --bond-master bond0
+
+    __network_interface eth6 \
+        --onboot \
+        --method manual \
+        --bond-master bond0
+
+    # extra config
+    __network_interface eth0 \
+        --method dhcp \
+        --extra-config - << DONE
+    post-up ip route add 10.205.0.0/19 via 10.205.161.1
+    post-up ip route add 10.205.96.0/19 via 10.205.161.1
+    pre-down ip route del 10.205.0.0/19 via 10.205.161.1
+    pre-down ip route del 10.205.96.0/19 via 10.205.161.1
+    DONE
+
+
+SEE ALSO
+--------
+Redhat bonding documentation:
+
+* https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/sec-Using_Channel_Bonding.html
+* https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Networking_Guide/sec-Using_Channel_Bonding.html
+* https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s2-networkscripts-interfaces-chan.html
+
+Debian bonding documentation
+
+* /usr/share/doc/ifenslave-2.6/README.Debian.gz
+
+Symmetric routing
+
+* http://www.microhowto.info/howto/ensure_symmetric_routing_on_a_server_with_multiple_default_gateways.html
+
+
+AUTHORS
+-------
+Steven Armstrong <steven-cdist--@--armstrong.cc>
+
+COPYING
+-------
+Copyright \(C) 2012-2016 Steven Armstrong. You can redistribute it
+and/or modify it under the terms of the GNU General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.

cdist/conf/type/__network_interface/manifest

@@ -0,0 +1,86 @@
+#!/bin/sh -e
+#
+# 2012-2014 Steven Armstrong (steven-cdist at armstrong.cc)
+# 2020 Adapted for upstream cdist by Darko Poljak (darko.poljak at gmail.com)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+
+os=$(cat "$__global/explorer/os")
+osv="$(cat "$__global/explorer/os_version")"
+
+not_supported() {
+   echo "Your operating system ($os $osv) is currently not supported by this type (${__type##*/})." >&2
+   echo "Please contribute an implementation for it if you can." >&2
+   exit 1
+}
+
+case "$os" in
+   ubuntu)
+      osv_int="$(echo "$osv" | tr -d .)"
+      if [ "$osv_int" -lt 1110 ]; then
+         not_supported
+      fi
+      manifest_file="$__type/files/debian/manifest"
+      systemd_network_service_name="networking.service"
+   ;;
+   debian)
+      manifest_file="$__type/files/debian/manifest"
+      systemd_network_service_name="networking.service"
+   ;;
+   centos|redhat)
+      manifest_file="$__type/files/redhat/manifest"
+      systemd_network_service_name="network.service"
+   ;;
+   *)
+      not_supported
+   ;;
+esac
+
+name="$(cat "$__object/parameter/name" 2>/dev/null || echo "$__object_id")"
+method="$(cat "$__object/parameter/method")"
+state="$(cat "$__object/parameter/state")"
+
+device=
+vlan=
+case "$name" in
+   *.*)
+      device="${name%.*}"
+      vlan="${name#*.}"
+   ;;
+esac
+
+
+# export variables
+export name
+export device
+export vlan
+export method
+export state
+
+# run os specific manifest
+"$manifest_file"
+
+
+if grep -q systemd "$__global/explorer/init"; then
+   sed -e "s|%NETWORK_SERVICE_NAME%|${systemd_network_service_name}|" \
+      "$__type/files/network-wait-online.service" | \
+      __file /etc/systemd/system/network-wait-online.service \
+         --owner root --group root --mode 0644 \
+         --source -
+   require="__file/etc/systemd/system/network-wait-online.service" \
+      __start_on_boot network-wait-online
+fi

cdist/conf/type/__network_interface/parameter/boolean

@@ -0,0 +1,6 @@
+hotplug
+nodns
+noroute
+onboot
+no-network-wait-online
+symmetric-routing

cdist/conf/type/__network_interface/parameter/default/method

@@ -0,0 +1 @@
+dhcp

cdist/conf/type/__network_interface/parameter/optional

@@ -0,0 +1,20 @@
+address
+bond-arp-interval
+bond-arp-ip-target
+bond-master
+bond-miimon
+bond-mode
+bond-primary
+bond-slaves
+broadcast
+comment
+extra-config
+gateway
+linkdelay
+method
+metric
+mtu
+name
+netmask
+network
+state

cdist/conf/type/__package_apt/gencode-remote

@@ -74,14 +74,6 @@ fi
 
 case "$state_should" in
     present)
-        # following is bit ugly, but important hack.
-        # due to how cdist config run works, there isn't
-        # currently better way to do it :(
-        cat << EOF
-if [ ! -f /var/cache/apt/pkgcache.bin ] || [ "\$( stat --format %Y /var/cache/apt/pkgcache.bin )" -lt "\$( date +%s -d '-1 day' )" ]
-then echo apt-get update > /dev/null 2>&1 || true
-fi
-EOF
         if [ -n "$version" ]; then
             name="${name}=${version}"
         fi

cdist/conf/type/__package_apt/man.rst

@@ -11,9 +11,6 @@ DESCRIPTION
 apt-get is usually used on Debian and variants (like Ubuntu) to
 manage packages.
 
-This type will also update package index, if it is older
-than one day, to avoid missing package error messages.
-
 
 REQUIRED PARAMETERS
 -------------------

cdist/conf/type/__postgres_role/gencode-remote

@@ -54,7 +54,7 @@ case "$state_should" in
 
         [ -n "$password" ] && password="PASSWORD '$password'"
         cat << EOF
-su - '$postgres_user' -c "psql postgres -wc \"CREATE ROLE \\\\\"$name\\\\\" WITH $password $booleans;\""
+su - '$postgres_user' -c "psql postgres -wc 'CREATE ROLE \"$name\" WITH $password $booleans;'"
 EOF
     ;;
     absent)

cdist/conf/type/__service/explorer/service-manager

@@ -1,8 +0,0 @@
-#!/bin/sh
-
-# Assume systemd if systemctl is in PATH.
-if [ "$(command -v systemctl)" ]; then
-	printf "systemd"
-else
-	printf "unknown"
-fi

cdist/conf/type/__service/gencode-remote

@@ -1,9 +0,0 @@
-#!/bin/sh
-
-manager="$(cat "$__object/explorer/service-manager")"
-name=$__object_id
-action="$(cat "$__object/parameter/action")"
-
-if [ "$manager" = "unknown" ]; then
-	echo "service '$name' '$action'"
-fi

cdist/conf/type/__service/man.rst

@@ -1,51 +0,0 @@
-cdist-type__service(7)
-======================
-
-NAME
-----
-cdist-type__service - Run action on a system service
-
-
-DESCRIPTION
------------
-This type allows you to run an action against a system service.
-
-
-REQUIRED PARAMETERS
--------------------
-action
-  Arbitrary parameter passed as action. Usually 'start', 'stop', 'reload' or 'restart'.
-
-OPTIONAL PARAMETERS
--------------------
-None.
-
-
-BOOLEAN PARAMETERS
-------------------
-None.
-
-
-EXAMPLES
---------
-
-.. code-block:: sh
-
-    # Restart nginx service.
-    __service nginx --action restart
-
-    # Stop postfix service.
-    __service postfix --action stop
-
-
-AUTHORS
--------
-Timothée Floure <timothee.floure@ungleich.ch>
-
-
-COPYING
--------
-Copyright \(C) 2019 Timothée Floure. You can redistribute it
-and/or modify it under the terms of the GNU General Public License as
-published by the Free Software Foundation, either version 3 of the
-License, or (at your option) any later version.

cdist/conf/type/__service/manifest

@@ -1,15 +0,0 @@
-#!/bin/sh
-
-manager="$(cat "$__object/explorer/service-manager")"
-
-name=$__object_id
-action="$(cat "$__object/parameter/action")"
-
-case "$manager" in
-	systemd)
-		__systemd_service "$name" --action "$action"
-	;;
-	*)
-		# Unknown: handled by `service $NAME $action` in gencode-remote.
-	;;
-esac

cdist/conf/type/__service/parameter/required

@@ -1 +0,0 @@
-action

cdist/conf/type/__systemd_service/explorer/state

@@ -1,43 +0,0 @@
-#!/bin/sh -e
-# explorer/state
-#
-# 2020 Matthias Stecher <matthiasstecher at gmx.de>
-#
-# This file is part of cdist.
-#
-# cdist is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# cdist is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with cdist. If not, see <http://www.gnu.org/licenses/>.
-#
-
-# Check if the service is running or stopped.
-#
-# The explorer must check before if the service exist, because 'systemctl is-active'
-# will return "inactive" even if there is no service there:
-#   systemctl cat foo        # does not exist
-#   systemctl is-active foo  # is "inactive"
-
-
-# get name of the service
-if [ -f "$__object/parameter/name" ]; then
-    name="$(cat "$__object/parameter/name")"
-else
-    name="$__object_id"
-fi
-
-
-# check if the service exist, else exit without output (also if systemd doesn't exist)
-# do not exit here with an error code, will be done in the gencode-remote script
-systemctl cat "$name" > /dev/null 2>&1 || exit 0
-
-# print if the service is running or not
-systemctl is-active -q "$name" && printf "running" || printf "stopped"

cdist/conf/type/__systemd_service/gencode-remote

@@ -1,98 +0,0 @@
-#!/bin/sh -e
-# gencode-remote
-#
-# 2020 Matthias Stecher <matthiasstecher at gmx.de>
-#
-# This file is part of cdist.
-#
-# cdist is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# cdist is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with cdist. If not, see <http://www.gnu.org/licenses/>.
-#
-
-# Checks the given state of the service and set it to the given
-# state. Optionally, it executes the action if service running.
-
-
-# get name of the service
-name="$__object/parameter/name"
-if [ -f "$name" ]; then
-    name="$(cat "$name")"
-else
-    name="$__object_id"
-fi
-
-
-# read current status and parameters
-state="$(cat "$__object/explorer/state")"
-should="$(cat "$__object/parameter/state")"
-
-# if systemd/service does not exist
-if [ -z "$state" ]; then
-    printf "systemd or service '%s' does not exist!\n" "$name" >&2
-    exit 1
-fi
-
-
-# save the action required
-required_action=""
-
-# check the state of the service that should be
-if [ "$state" != "$should" ]; then
-    # select what to do to get the $should state
-    case "$should" in
-        running)
-            if [ "$state" = "stopped" ]; then required_action="start"; fi
-            ;;
-
-        stopped)
-            if [ "$state" = "running" ]; then required_action="stop"; fi
-            ;;
-    esac
-fi
-
-# check if the action can be achieved if given
-if [ -f "$__object/parameter/action" ] \
-    && [ -z "$required_action" ] && [ "$state" = "running" ]; then
-
-    # there must be an action
-    action="$(cat "$__object/parameter/action")"
-
-    # select the action to the required element
-    case "$action" in
-        restart)
-            required_action="restart"
-            ;;
-
-        reload)
-            required_action="reload"
-            ;;
-
-        *)
-            printf "action '%s' does not exist!" "$action" >&2
-            exit 2
-    esac
-
-    # Make a special check: only do this action if a dependency did something
-    # it is required that the dependencies write there action to $__messages_in
-    if [ -f "$__object/parameter/if-required" ]; then
-        # exit here if there are no changes from the dependencies affected (nothing to do)
-        if ! grep -q -f "$__object/require" "$__messages_in"; then exit 0; fi
-    fi
-fi
-
-# print the execution command if a action given
-if [ -n "$required_action" ]; then
-    # also print it as message
-    echo "$required_action" >> "$__messages_out"
-    echo "systemctl $required_action '$name'"
-fi

cdist/conf/type/__systemd_service/man.rst

@@ -1,110 +0,0 @@
-cdist-type__systemd-service(7)
-==============================
-
-NAME
-----
-cdist-type__systemd-service - Controls a systemd service state
-
-DESCRIPTION
------------
-This type controls systemd services to define a state of the service,
-or an action like reloading or restarting. It is useful to reload a
-service after configuration applied or shutdown one service.
-
-The activation or deactivation is out of scope. Look for the
-:strong:`cdist-type__systemd_util`\ (7) type instead.
-
-REQUIRED PARAMETERS
--------------------
-
-None.
-
-OPTIONAL PARAMETERS
--------------------
-
-name
-    String which will used as name instead of the object id.
-
-state
-    The state which the service should be in:
-
-    running
-        Service should run (default)
-
-    stoppend
-        Service should stopped
-
-action
-    Executes an action on on the service. It will only execute it if the
-    service keeps the state **running**. There are following actions, where:
-
-    reload
-        Reloads the service
-
-    restart
-        Restarts the service
-
-BOOLEAN PARAMETERS
-------------------
-
-if-required
-    Only execute the action if minimum one required type outputs a message to
-    **$__messages_out**. Through this, the action should only executed if a
-    dependency did something. The action will not executed if no dependencies
-    given.
-
-MESSAGES
---------
-
-start
-    Started the service
-
-stop
-    Stopped the service
-
-restart
-    Restarted the service
-
-reload
-    Reloaded the service
-
-ABORTS
-------
-Aborts in following cases:
-
-systemd or the service does not exist
-
-EXAMPLES
---------
-.. code-block:: sh
-
-    # service must run
-    __systemd_service nginx
-
-    # service must stopped
-    __systemd_service sshd \
-        --state stopped
-
-    # restart the service
-    __systemd_service apache2 \
-        --action restart
-
-    # makes sure the service exist with an alternative name
-    __systemd_service foo \
-        --name sshd
-
-    # reload the service for a modified configuration file
-    # only reloads the service if the file really changed
-    require="__config_file/etc/foo.conf" __systemd_service foo \
-        --action reload --if-required
-
-AUTHORS
--------
-Matthias Stecher <matthiasstecher at gmx.de>
-
-COPYRIGHT
----------
-Copyright \(C) 2020 Matthias Stecher. You can redistribute it
-and/or modify it under the terms of the GNU General Public License as
-published by the Free Software Foundation, either version 3 of the
-License, or (at your option) any later version.

cdist/conf/type/__systemd_service/parameter/boolean

@@ -1 +0,0 @@
-if-required

cdist/conf/type/__systemd_service/parameter/default/state

@@ -1 +0,0 @@
-running

cdist/conf/type/__systemd_service/parameter/optional

@@ -1,3 +0,0 @@
-name
-state
-action

cdist/conf/type/__update_alternatives/explorer/state

@@ -1,8 +0,0 @@
-#!/bin/sh -e
-path="$(cat "$__object/parameter/path")"
-name="$__object_id"
-link="$(readlink "/etc/alternatives/$name")"
-if [ "$path" = "$link" ]
-then echo present
-else echo absent
-fi

cdist/conf/type/__update_alternatives/gencode-remote

@@ -17,10 +17,9 @@
 # You should have received a copy of the GNU General Public License
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
-
-if [ "$(cat "$__object/explorer/state")" = 'present' ]
-then exit 0
-fi
+#
+# Setup alternative - no standard way to create, always set
+#
 
 path="$(cat "$__object/parameter/path")"
 name="$__object_id"

cdist/conf/type/__user/explorer/shadow

@@ -24,7 +24,7 @@
 name=$__object_id
 
 case $("$__explorer/os") in
-  'freebsd'|'netbsd'|'openbsd'|'alpine')
+  'freebsd'|'netbsd'|'openbsd')
     database='passwd'
     ;;
   # Default to using shadow passwords

docs/changelog

@@ -1,29 +1,6 @@
 Changelog
 ---------
 
-next:
-	* Type __user: Fix missing shadow for alpine (llnu)
-
-6.5.2: 2020-02-27
-	* Type __update_alternatives: Add state explorer (Ander Punnar)
-	* Explorer os_version: Add support for Alpine Linux (Jin-Guk Kwon)
-	* Explorer init: Rewrite and support more init systems (Dennis Camera)
-	* New type: __service (Timothée Floure)
-	* Types __consul_*: Add optional parameter for using distribution packages (Timothée Floure)
-	* Explorer disks: Fix NetBSD, support Linux w/o lsblk (Dennis Camera)
-	* Type __directory: Add 'exists' and 'pre-exists' states (Dennis Camera)
-	* Type __file: Improve error messages for pre-exists state (Dennis Camera)
-
-6.5.1: 2020-02-15
-	* Type __consul_agent: Add Debian 10 support (Nico Schottelius)
-	* Explorer os_release: Add fallbacks (Dennis Camera)
-	* Types __file, __directory: Add fallback for systems without stat (Dennis Camera)
-	* Type __mysql_privileges: Fix quoting (Ander Punnar)
-	* Type __package_apt: Update package index if it is older than one day (Ander Punnar)
-	* Type __cron: Fix job removal if 'is' and 'should' don't match (Matthias Stecher)
-	* New type: __systemd_service (Matthias Stecher)
-	* Type __postgres_role: Fix password command syntax (Timothée Floure)
-
 6.5.0: 2020-01-23
 	* Type __acl: Add --entry parameter to replace --acl, deprecate --acl (Ander Punnar)
 	* Core: preos: Fix missing configuration file usage, support -g, --config-file option (Darko Poljak)

docs/src/index.rst

@@ -2,9 +2,8 @@ cdist - usable configuration management
 =======================================
 
 cdist is a usable configuration management system.
-It adheres to the KISS principle and
+It adheres to the KISS principle and 
 is being used in small up to enterprise grade environments.
-It natively supports IPv6 since the first release.
 
 
 .. toctree::