From a34060d7035e84ff8f70d1e8d5bded7a1bfd71b3 Mon Sep 17 00:00:00 2001 From: sideeffect42 Date: Sat, 3 Nov 2018 19:17:56 +0100 Subject: [PATCH] Improve OpenBSD support (#720) * [type/__timezone] Whitelist OpenBSD OpenBSD ships /etc/localtime and /usr/share/zoneinfo by default. * [type/__postgres_{database,role}] Add explorer support for OpenBSD On OpenBSD the "postgres" user is called "_postgresql". The "postgres" database must me specifically specified as it differs from the user name. * [type/__postgres_{database,role}] Add gencode support for OpenBSD On OpenBSD the "postgres" user is called "_postgresql". The "postgres" database must me specifically specified when using psql as it differs from the user name. * [type/__postgres_role] Query DB if role exists instead of screen scaping * [type/__postgres_database] Query DB if database exists instead * [type/__postgres_{database,role}] Add user for NetBSD * [type/__postgres_extension] Add support for OpenBSD and NetBSD * [__ssh_authorized_key] Add OpenBSD support to entry explorer Make sure to adhere to re_format(7) for OpenBSD compatibility. https://man.openbsd.org/re_format.7 * [type/__start_on_boot] Add support for OpenBSD --- .../type/__postgres_database/explorer/state | 21 +++++++++++++++--- .../type/__postgres_database/gencode-remote | 18 +++++++++++++-- .../type/__postgres_extension/gencode-remote | 20 ++++++++++++++--- .../conf/type/__postgres_role/explorer/state | 21 +++++++++++++++--- .../conf/type/__postgres_role/gencode-remote | 22 +++++++++++++++---- .../type/__ssh_authorized_key/explorer/entry | 5 ++++- .../conf/type/__start_on_boot/explorer/state | 4 ++++ .../conf/type/__start_on_boot/gencode-remote | 5 +++++ cdist/conf/type/__timezone/manifest | 6 ++++- 9 files changed, 105 insertions(+), 17 deletions(-) diff --git a/cdist/conf/type/__postgres_database/explorer/state b/cdist/conf/type/__postgres_database/explorer/state index 54eb768d..652d81e7 100755 --- a/cdist/conf/type/__postgres_database/explorer/state +++ b/cdist/conf/type/__postgres_database/explorer/state @@ -18,10 +18,25 @@ # along with cdist. If not, see . # +case "$("${__explorer}/os")" +in + netbsd) + postgres_user='pgsql' + ;; + openbsd) + postgres_user='_postgresql' + ;; + *) + postgres_user='postgres' + ;; +esac + + name="$__object_id" -if su - postgres -c "echo '\\q' | psql '$name'" 2>/dev/null; then - echo "present" +if test -n "$(su - "$postgres_user" -c "psql postgres -tAc \"SELECT 1 FROM pg_database WHERE datname='$name'\"")" +then + echo 'present' else - echo "absent" + echo 'absent' fi diff --git a/cdist/conf/type/__postgres_database/gencode-remote b/cdist/conf/type/__postgres_database/gencode-remote index 92301fb8..61cfa50d 100755 --- a/cdist/conf/type/__postgres_database/gencode-remote +++ b/cdist/conf/type/__postgres_database/gencode-remote @@ -18,6 +18,20 @@ # along with cdist. If not, see . # +case "$(cat "${__global}/explorer/os")" +in + netbsd) + postgres_user='pgsql' + ;; + openbsd) + postgres_user='_postgresql' + ;; + *) + postgres_user='postgres' + ;; +esac + + name="$__object_id" state_should="$(cat "$__object/parameter/state")" state_is="$(cat "$__object/explorer/state")" @@ -29,10 +43,10 @@ if [ "$state_should" != "$state_is" ]; then if [ -f "$__object/parameter/owner" ]; then owner="-O '$(cat "$__object/parameter/owner")'" fi - echo "su - postgres -c \"createdb $owner '$name'\"" + echo "su - '$postgres_user' -c \"createdb $owner '$name'\"" ;; absent) - echo "su - postgres -c \"dropdb '$name'\"" + echo "su - '$postgres_user' -c \"dropdb '$name'\"" ;; esac fi diff --git a/cdist/conf/type/__postgres_extension/gencode-remote b/cdist/conf/type/__postgres_extension/gencode-remote index 627067c7..af9c97f1 100755 --- a/cdist/conf/type/__postgres_extension/gencode-remote +++ b/cdist/conf/type/__postgres_extension/gencode-remote @@ -22,6 +22,20 @@ # along with cdist. If not, see . # +case "$(cat "${__global}/explorer/os")" +in + netbsd) + postgres_user='pgsql' + ;; + openbsd) + postgres_user='_postgresql' + ;; + *) + postgres_user='postgres' + ;; +esac + + dbname=$( echo "$__object_id" | cut -d":" -f1 ) extension=$( echo "$__object_id" | cut -d":" -f2 ) @@ -30,10 +44,10 @@ state_should=$( cat "$__object/parameter/state" ) case "$state_should" in present) cmd="CREATE EXTENSION IF NOT EXISTS $extension" - echo "su - postgres -c 'psql -c \"$cmd\" \"$dbname\"'" + echo "su - '$postgres_user' -c 'psql -c \"$cmd\" \"$dbname\"'" ;; absent) - cmd="DROP EXTENSION IF EXISTS $extension" - echo "su - postgres -c 'psql -c \"$cmd\" \"$dbname\"'" + cmd="DROP EXTENSION IF EXISTS $extension" + echo "su - '$postgres_user' -c 'psql -c \"$cmd\" \"$dbname\"'" ;; esac diff --git a/cdist/conf/type/__postgres_role/explorer/state b/cdist/conf/type/__postgres_role/explorer/state index 40f64cef..5cc71477 100755 --- a/cdist/conf/type/__postgres_role/explorer/state +++ b/cdist/conf/type/__postgres_role/explorer/state @@ -18,10 +18,25 @@ # along with cdist. If not, see . # +case "$("${__explorer}/os")" +in + netbsd) + postgres_user='pgsql' + ;; + openbsd) + postgres_user='_postgresql' + ;; + *) + postgres_user='postgres' + ;; +esac + + name="$__object_id" -if su - postgres -c "psql -c '\\du' | grep -q '^ *$name *|'"; then - echo "present" +if test -n "$(su - "$postgres_user" -c "psql postgres -tAc \"SELECT 1 FROM pg_roles WHERE rolname='$name'\"")" +then + echo 'present' else - echo "absent" + echo 'absent' fi diff --git a/cdist/conf/type/__postgres_role/gencode-remote b/cdist/conf/type/__postgres_role/gencode-remote index f977e73e..f04b22e7 100755 --- a/cdist/conf/type/__postgres_role/gencode-remote +++ b/cdist/conf/type/__postgres_role/gencode-remote @@ -18,6 +18,20 @@ # along with cdist. If not, see . # +case "$(cat "${__global}/explorer/os")" +in + netbsd) + postgres_user='pgsql' + ;; + openbsd) + postgres_user='_postgresql' + ;; + *) + postgres_user='postgres' + ;; +esac + + name="$__object_id" state_is="$(cat "$__object/explorer/state")" state_should="$(cat "$__object/parameter/state")" @@ -38,12 +52,12 @@ case "$state_should" in booleans="$booleans $upper" done - [ -n "$password" ] && password="PASSWORD '$password'" + [ -n "$password" ] && password="PASSWORD '$password'" - cmd="CREATE ROLE $name WITH $password $booleans" - echo "su - postgres -c \"psql -c \\\"$cmd\\\"\"" + cmd="CREATE ROLE $name WITH $password $booleans" + echo "su - '$postgres_user' -c \"psql postgres -c '$cmd'\"" ;; absent) - echo "su - postgres -c \"dropuser \\\"$name\\\"\"" + echo "su - '$postgres_user' -c \"dropuser '$name'\"" ;; esac diff --git a/cdist/conf/type/__ssh_authorized_key/explorer/entry b/cdist/conf/type/__ssh_authorized_key/explorer/entry index 78efbb48..ccab0afc 100755 --- a/cdist/conf/type/__ssh_authorized_key/explorer/entry +++ b/cdist/conf/type/__ssh_authorized_key/explorer/entry @@ -27,5 +27,8 @@ then file="$(cat "$__object/parameter/file")" # get any entries that match the type and key - grep ".*$type_and_key\\([ \\n]\\|$\\)" "$file" || true + + # NOTE: Do not match from the beginning of the line as there may be options + # preceeding the key. + grep "${type_and_key}\\([ \\n].*\\)*$" "$file" || true fi diff --git a/cdist/conf/type/__start_on_boot/explorer/state b/cdist/conf/type/__start_on_boot/explorer/state index cef9013e..1f99db48 100644 --- a/cdist/conf/type/__start_on_boot/explorer/state +++ b/cdist/conf/type/__start_on_boot/explorer/state @@ -83,6 +83,10 @@ else state="absent" service -e | grep "/$name$" && state="present" ;; + openbsd) + state='absent' + # OpenBSD 5.7 and higher + rcctl ls on | grep "^${name}$" && state='present' *) echo "Unsupported os: $os" >&2 exit 1 diff --git a/cdist/conf/type/__start_on_boot/gencode-remote b/cdist/conf/type/__start_on_boot/gencode-remote index 122692ec..b9346826 100755 --- a/cdist/conf/type/__start_on_boot/gencode-remote +++ b/cdist/conf/type/__start_on_boot/gencode-remote @@ -81,6 +81,11 @@ case "$state_should" in : # handled in manifest ;; + openbsd) + # OpenBSD 5.7 and phigher + echo "rcctl enable '$name'" + ;; + *) echo "Unsupported os: $os" >&2 exit 1 diff --git a/cdist/conf/type/__timezone/manifest b/cdist/conf/type/__timezone/manifest index a20f5d32..c908f087 100755 --- a/cdist/conf/type/__timezone/manifest +++ b/cdist/conf/type/__timezone/manifest @@ -34,7 +34,11 @@ case "$os" in __package timezone export require="__package/timezone" ;; - freebsd|netbsd|coreos) + freebsd|netbsd|openbsd) + # whitelist + : + ;; + coreos) # whitelist : ;;