diff --git a/.version b/.version deleted file mode 100644 index 71f08595..00000000 --- a/.version +++ /dev/null @@ -1 +0,0 @@ -2.1.0-pre1 diff --git a/Makefile b/Makefile index 112b1411..a2003dcc 100644 --- a/Makefile +++ b/Makefile @@ -109,8 +109,8 @@ man-dist: man check-date man-latest-link: web-pub # Fix ikiwiki, which does not like symlinks for pseudo security - ssh tee.schottelius.org \ - "cd /home/services/www/nico/www.nico.schottelius.org/www/software/cdist/man && rm -f latest && ln -sf "$(CHANGELOG_VERSION)" latest" + ssh staticweb.ungleich.ch \ + "cd /home/services/www/nico/nico.schottelius.org/www/software/cdist/man/ && rm -f latest && ln -sf "$(CHANGELOG_VERSION)" latest" ################################################################################ # Speeches @@ -170,17 +170,6 @@ $(ML_FILE): $(CHANGELOG_FILE) ml-release: $(ML_FILE) -################################################################################ -# Release: Freecode -# -FREECODE_FILE=.lock-freecode - -$(FREECODE_FILE): $(CHANGELOG_FILE) - $(helper) freecode-release $(CHANGELOG_VERSION) - touch $@ - -freecode-release: $(FREECODE_FILE) - ################################################################################ # pypi # @@ -197,7 +186,7 @@ ARCHLINUX_FILE=.lock-archlinux ARCHLINUXTAR=cdist-$(CHANGELOG_VERSION)-1.src.tar.gz $(ARCHLINUXTAR): PKGBUILD - makepkg -c --source + umask 022; mkaurball PKGBUILD: PKGBUILD.in $(PYTHON_VERSION) ./PKGBUILD.in $(CHANGELOG_VERSION) @@ -254,10 +243,7 @@ distclean: clean # The pub is Nico's "push to all git remotes" way ("make pub") pub: - for remote in "" github sf; do \ - echo "Pushing to $$remote"; \ - git push --mirror $$remote; \ - done + git push --mirror test: $(helper) $@ diff --git a/PKGBUILD.in b/PKGBUILD.in index e3ae4619..c967249d 100755 --- a/PKGBUILD.in +++ b/PKGBUILD.in @@ -17,7 +17,13 @@ source=("http://pypi.python.org/packages/source/c/cdist/cdist-\${pkgver}.tar.gz" package() { cd cdist-\${pkgver} python3 setup.py build install --root="\${pkgdir}" + find "\$pkgdir" -type d -exec chmod 0755 {} \; + find "\$pkgdir" -type f -exec chmod a+r {} \; } eof makepkg -g >> "${outfile}" + +# Fix this issue: +# error: failed to upload cdist-3.1.6-1.src.tar.gz: Error - all files must have permissions of 644 or 755. +chmod a+r "${outfile}" diff --git a/bin/build-helper b/bin/build-helper index d28c0616..31789a2e 100755 --- a/bin/build-helper +++ b/bin/build-helper @@ -145,21 +145,6 @@ eof ;; - freecode-release) - version=$1; shift - printf "Enter tag list for freecode release %s> " "$version" - read taglist - - printf "Enter changelog for freecode release %s> " "$version" - read changelog - - echo "Submitting to freecode ..." - python2 ~/p/foreign/freecode-submit-2.7/freecode-submit -P cdist \ - -v "$version" -c "$changelog" \ - -t "$taglist" \ - -n - ;; - release-git-tag) target_version=$($0 changelog-version) if git rev-parse --verify refs/tags/$target_version 2>/dev/null; then @@ -258,9 +243,6 @@ eof # Archlinux release is based on pypi make archlinux-release - # Announce change on Freecode - make freecode-release - # Announce change on ML make ml-release diff --git a/cdist/conf/explorer/cpu_cores b/cdist/conf/explorer/cpu_cores index efabc848..7f7a955e 100755 --- a/cdist/conf/explorer/cpu_cores +++ b/cdist/conf/explorer/cpu_cores @@ -22,10 +22,19 @@ # FIXME: other system types (not linux ...) -if [ -r /proc/cpuinfo ]; then - cores="$(cat /proc/cpuinfo | grep "core id" | sort | uniq | wc -l)" - if [ ${cores} -eq 0 ]; then - cores="1" - fi - echo "${cores}" -fi +os=$("$__explorer/os") +case "$os" in + "macosx") + echo "$(sysctl -n hw.physicalcpu)" + ;; + + *) + if [ -r /proc/cpuinfo ]; then + cores="$(grep "core id" /proc/cpuinfo | sort | uniq | wc -l)" + if [ ${cores} -eq 0 ]; then + cores="1" + fi + echo "$cores" + fi + ;; +esac diff --git a/cdist/conf/explorer/cpu_sockets b/cdist/conf/explorer/cpu_sockets index 98836cec..8a8194df 100755 --- a/cdist/conf/explorer/cpu_sockets +++ b/cdist/conf/explorer/cpu_sockets @@ -22,10 +22,19 @@ # FIXME: other system types (not linux ...) -if [ -r /proc/cpuinfo ]; then - sockets="$(cat /proc/cpuinfo | grep "physical id" | sort | uniq | wc -l)" - if [ ${sockets} -eq 0 ]; then - sockets="$(cat /proc/cpuinfo | grep "processor" | wc -l)" +os=$("$__explorer/os") +case "$os" in + "macosx") + echo "$(system_profiler SPHardwareDataType | grep "Number of Processors" | awk -F': ' '{print $2}')" + ;; + + *) + if [ -r /proc/cpuinfo ]; then + sockets="$(grep "physical id" /proc/cpuinfo | sort | uniq | wc -l)" + if [ ${sockets} -eq 0 ]; then + sockets="$(cat /proc/cpuinfo | grep "processor" | wc -l)" + fi + echo "${sockets}" fi - echo "${sockets}" -fi + ;; +esac diff --git a/cdist/conf/explorer/memory b/cdist/conf/explorer/memory index 982b5dfa..05db865f 100755 --- a/cdist/conf/explorer/memory +++ b/cdist/conf/explorer/memory @@ -22,6 +22,15 @@ # FIXME: other system types (not linux ...) -if [ -r /proc/meminfo ]; then - echo "$(cat /proc/meminfo | grep "MemTotal:" | awk '{print $2}')" -fi +os=$("$__explorer/os") +case "$os" in + "macosx") + echo "$(sysctl -n hw.memsize)/1024" | bc + ;; + + *) + if [ -r /proc/meminfo ]; then + grep "MemTotal:" /proc/meminfo | awk '{print $2}' + fi + ;; +esac diff --git a/cdist/conf/type/__apt_update_index/man.text b/cdist/conf/type/__apt_update_index/man.text index 778af508..628292dc 100644 --- a/cdist/conf/type/__apt_update_index/man.text +++ b/cdist/conf/type/__apt_update_index/man.text @@ -5,7 +5,7 @@ Steven Armstrong NAME ---- -cdist-type__apt_update_index - update apt's package index +cdist-type__apt_update_index - Update apt's package index DESCRIPTION diff --git a/cdist/conf/type/__block/explorer/block b/cdist/conf/type/__block/explorer/block index 6c35bc46..e1ca3441 100755 --- a/cdist/conf/type/__block/explorer/block +++ b/cdist/conf/type/__block/explorer/block @@ -1,5 +1,24 @@ #!/bin/sh -# 2013 Steven Armstrong (steven-cdist at armstrong.cc) +# +# 2013 Steven Armstrong (steven-cdist armstrong.cc) +# 2014 Nico Schottelius (nico-cdist at schottelius.org) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + file="$(cat "$__object/parameter/file" 2>/dev/null || echo "/$__object_id")" @@ -8,12 +27,12 @@ file="$(cat "$__object/parameter/file" 2>/dev/null || echo "/$__object_id")" prefix=$(cat "$__object/parameter/prefix" 2>/dev/null || echo "#cdist:__block/$__object_id") suffix=$(cat "$__object/parameter/suffix" 2>/dev/null || echo "#/cdist:__block/$__object_id") -awk -v prefix="$prefix" -v suffix="$suffix" '{ - if (index($0,prefix)) { +awk -v prefix="^$prefix\$" -v suffix="^$suffix\$" '{ + if (match($0,prefix)) { triggered=1 } if (triggered) { - if (index($0,suffix)) { + if (match($0,suffix)) { triggered=0 } print diff --git a/cdist/conf/type/__block/gencode-remote b/cdist/conf/type/__block/gencode-remote index 0a5eea18..2e2147e5 100755 --- a/cdist/conf/type/__block/gencode-remote +++ b/cdist/conf/type/__block/gencode-remote @@ -46,13 +46,13 @@ tmpfile=\$(mktemp ${file}.cdist.XXXXXXXXXX) if [ -f "$file" ]; then cp -p "$file" "\$tmpfile" fi -awk -v prefix="$prefix" -v suffix="$suffix" ' +awk -v prefix="^$prefix\$" -v suffix="^$suffix\$" ' { - if (index(\$0,prefix)) { + if (match(\$0,prefix)) { triggered=1 } if (triggered) { - if (index(\$0,suffix)) { + if (match(\$0,suffix)) { triggered=0 } } else { diff --git a/cdist/conf/type/__ccollect_source/explorer/stat b/cdist/conf/type/__ccollect_source/explorer/stat index 298221b7..7c86d94f 100755 --- a/cdist/conf/type/__ccollect_source/explorer/stat +++ b/cdist/conf/type/__ccollect_source/explorer/stat @@ -25,7 +25,7 @@ destination="/$__object_id" os=$("$__explorer/os") case "$os" in - "freebsd") + "freebsd"|"openbsd") # FIXME: should be something like this based on man page, but can not test stat -f "type: %ST owner: %Du %Su @@ -35,6 +35,15 @@ size: %Dz links: %Dl " "$destination" ;; + "macosx") + stat -f "type: %HT + owner: %Du %Su + group: %Dg %Sg + mode: %Lp %Sp + size: %Dz + links: %Dl + " "$destination" + ;; *) stat --printf="type: %F owner: %u %U diff --git a/cdist/conf/type/__cdistmarker/man.text b/cdist/conf/type/__cdistmarker/man.text index ca5611a7..3a59659b 100644 --- a/cdist/conf/type/__cdistmarker/man.text +++ b/cdist/conf/type/__cdistmarker/man.text @@ -40,7 +40,7 @@ EXAMPLES __cdistmarker # Creates the marker differently. -__cdistmarker --file /tmp/cdist_marker --format '+%s' +__cdistmarker --destination /tmp/cdist_marker --format '+%s' -------------------------------------------------------------------------------- diff --git a/cdist/conf/type/__config_file/gencode-remote b/cdist/conf/type/__config_file/gencode-remote new file mode 100755 index 00000000..e9b38c35 --- /dev/null +++ b/cdist/conf/type/__config_file/gencode-remote @@ -0,0 +1,34 @@ +#!/bin/sh +# +# 2015 Steven Armstrong (steven-cdist at armstrong.cc) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + +destination="$__object_id" +state="$(cat "$__object/parameter/state")" + +if [ "$state" = "absent" ]; then + # nothing to do + exit 0 +fi + +if [ -f "$__object/parameter/onchange" ]; then + if grep -q "^__file/${destination}" "$__messages_in"; then + cat "$__object/parameter/onchange" + fi +fi + diff --git a/cdist/conf/type/__config_file/man.text b/cdist/conf/type/__config_file/man.text new file mode 100644 index 00000000..a4ec7363 --- /dev/null +++ b/cdist/conf/type/__config_file/man.text @@ -0,0 +1,60 @@ +cdist-type__config_file(7) +========================== +Steven Armstrong + + +NAME +---- +cdist-type__config_file - manages config files + + +DESCRIPTION +----------- +Deploy config files using the file type. +Run the given code if the files changes. + + +REQUIRED PARAMETERS +------------------- +None. + + +OPTIONAL PARAMETERS +------------------- +group:: + see cdist-type__file +mode:: + see cdist-type__file +onchange:: + the code to run if the file changes +owner:: + see cdist-type__file +source:: + Path to the config file. + If source is '-' (dash), take what was written to stdin as the config file content. +state:: + see cdist-type__file + + +EXAMPLES +-------- + +-------------------------------------------------------------------------------- +__config_file /etc/consul/conf.d/watch_foo.json \ + --owner root --group consul --mode 640 \ + --source "$__type/files/watch_foo.json" \ + --state present \ + --onchange 'service consul status >/dev/null && service consul reload || true' +-------------------------------------------------------------------------------- + + +SEE ALSO +-------- +- cdist-type(7) +- cdist-type__file(7) + + +COPYING +------- +Copyright \(C) 2015 Steven Armstrong. Free use of this software is +granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/cdist/conf/type/__config_file/manifest b/cdist/conf/type/__config_file/manifest new file mode 100755 index 00000000..29add8b7 --- /dev/null +++ b/cdist/conf/type/__config_file/manifest @@ -0,0 +1,41 @@ +#!/bin/sh +# +# 2015 Steven Armstrong (steven-cdist at armstrong.cc) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + +set -- "/${__object_id}" +for param in $(ls "$__object/parameter/"); do + case "$param" in + source) + source="$(cat "$__object/parameter/source")" + if [ "$source" = "-" ]; then + source="$__object/stdin" + fi + set -- "$@" --source "$source" + ;; + owner|group|mode|state) + set -- "$@" "--${param}" "$(cat "$__object/parameter/$param")" + ;; + *) + # ignore unknown parameters + : + ;; + esac +done + +__file "$@" diff --git a/cdist/conf/type/__config_file/parameter/default/state b/cdist/conf/type/__config_file/parameter/default/state new file mode 100644 index 00000000..e7f6134f --- /dev/null +++ b/cdist/conf/type/__config_file/parameter/default/state @@ -0,0 +1 @@ +present diff --git a/cdist/conf/type/__config_file/parameter/optional b/cdist/conf/type/__config_file/parameter/optional new file mode 100644 index 00000000..085c7725 --- /dev/null +++ b/cdist/conf/type/__config_file/parameter/optional @@ -0,0 +1,6 @@ +group +mode +onchange +owner +source +state diff --git a/cdist/conf/type/__consul/files/versions/0.4.1/cksum b/cdist/conf/type/__consul/files/versions/0.4.1/cksum new file mode 100644 index 00000000..edba1a68 --- /dev/null +++ b/cdist/conf/type/__consul/files/versions/0.4.1/cksum @@ -0,0 +1 @@ +428915666 15738724 consul diff --git a/cdist/conf/type/__consul/files/versions/0.4.1/source b/cdist/conf/type/__consul/files/versions/0.4.1/source new file mode 100644 index 00000000..b1e9908d --- /dev/null +++ b/cdist/conf/type/__consul/files/versions/0.4.1/source @@ -0,0 +1 @@ +https://dl.bintray.com/mitchellh/consul/0.4.1_linux_amd64.zip diff --git a/cdist/conf/type/__consul/files/versions/0.5.0/cksum b/cdist/conf/type/__consul/files/versions/0.5.0/cksum new file mode 100644 index 00000000..fe9888ae --- /dev/null +++ b/cdist/conf/type/__consul/files/versions/0.5.0/cksum @@ -0,0 +1 @@ +131560372 17734417 consul diff --git a/cdist/conf/type/__consul/files/versions/0.5.0/source b/cdist/conf/type/__consul/files/versions/0.5.0/source new file mode 100644 index 00000000..00a209a5 --- /dev/null +++ b/cdist/conf/type/__consul/files/versions/0.5.0/source @@ -0,0 +1 @@ +https://dl.bintray.com/mitchellh/consul/0.5.0_linux_amd64.zip diff --git a/cdist/conf/type/__consul/man.text b/cdist/conf/type/__consul/man.text new file mode 100644 index 00000000..5ebaf1e8 --- /dev/null +++ b/cdist/conf/type/__consul/man.text @@ -0,0 +1,54 @@ +cdist-type__consul(7) +===================== +Steven Armstrong + + +NAME +---- +cdist-type__consul - install consul + + +DESCRIPTION +----------- +Downloads and installs the consul binary from https://dl.bintray.com/mitchellh/consul. +Note that the consul binary is downloaded on the server (the machine running +cdist) and then deployed to the target host using the __file type. + + +REQUIRED PARAMETERS +------------------- +None. + + +OPTIONAL PARAMETERS +------------------- +state:: + either 'present' or 'absent'. Defaults to 'present' + +version:: + which version of consul to install. See ./files/versions for a list of + supported versions. Defaults to the latest known version. + + +EXAMPLES +-------- + +-------------------------------------------------------------------------------- +# just install using defaults +__consul + +# specific version +__consul \ + --version 0.4.1 +-------------------------------------------------------------------------------- + + +SEE ALSO +-------- +- cdist-type(7) + + +COPYING +------- +Copyright \(C) 2015 Steven Armstrong. Free use of this software is +granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/cdist/conf/type/__consul/manifest b/cdist/conf/type/__consul/manifest new file mode 100755 index 00000000..1cbc5413 --- /dev/null +++ b/cdist/conf/type/__consul/manifest @@ -0,0 +1,54 @@ +#!/bin/sh +# +# 2015 Steven Armstrong (steven-cdist at armstrong.cc) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + + +os=$(cat "$__global/explorer/os") + +case "$os" in + centos|redhat|ubuntu|debian|archlinux|gentoo) + # any linux should work + : + ;; + *) + echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2 + echo "Please contribute an implementation for it if you can." >&2 + exit 1 + ;; +esac + +versions_dir="$__type/files/versions" +version="$(cat "$__object/parameter/version")" +version_dir="$versions_dir/$version" + +if [ ! -d "$version_dir" ]; then + echo "Unknown consul version '$version'. Expected one of:" >&2 + ls "$versions_dir" >&2 + exit 1 +fi + +__staged_file /usr/local/bin/consul \ + --source "$(cat "$version_dir/source")" \ + --cksum "$(cat "$version_dir/cksum")" \ + --fetch-command 'curl -s -L "%s"' \ + --prepare-command 'unzip -p "%s"' \ + --state "$(cat "$__object/parameter/state")" \ + --group root \ + --owner root \ + --mode 755 diff --git a/cdist/conf/type/__consul/parameter/default/state b/cdist/conf/type/__consul/parameter/default/state new file mode 100644 index 00000000..e7f6134f --- /dev/null +++ b/cdist/conf/type/__consul/parameter/default/state @@ -0,0 +1 @@ +present diff --git a/cdist/conf/type/__consul/parameter/default/version b/cdist/conf/type/__consul/parameter/default/version new file mode 100644 index 00000000..8f0916f7 --- /dev/null +++ b/cdist/conf/type/__consul/parameter/default/version @@ -0,0 +1 @@ +0.5.0 diff --git a/cdist/conf/type/__consul/parameter/optional b/cdist/conf/type/__consul/parameter/optional new file mode 100644 index 00000000..4d595ed7 --- /dev/null +++ b/cdist/conf/type/__consul/parameter/optional @@ -0,0 +1,2 @@ +state +version diff --git a/cdist/conf/type/__consul/singleton b/cdist/conf/type/__consul/singleton new file mode 100644 index 00000000..e69de29b diff --git a/cdist/conf/type/__consul_agent/files/consul.systemd b/cdist/conf/type/__consul_agent/files/consul.systemd new file mode 100644 index 00000000..db624fd1 --- /dev/null +++ b/cdist/conf/type/__consul_agent/files/consul.systemd @@ -0,0 +1,17 @@ +[Unit] +Description=Consul Agent +Wants=basic.target +After=basic.target network.target + +[Service] +User=consul +Group=consul +Environment="GOMAXPROCS=2" +ExecStart=/usr/local/bin/consul agent -config-dir /etc/consul/conf.d +ExecReload=/bin/kill -HUP $MAINPID +KillMode=process +Restart=on-failure +RestartSec=42s + +[Install] +WantedBy=multi-user.target diff --git a/cdist/conf/type/__consul_agent/files/consul.sysv b/cdist/conf/type/__consul_agent/files/consul.sysv new file mode 100644 index 00000000..9a2aaeb2 --- /dev/null +++ b/cdist/conf/type/__consul_agent/files/consul.sysv @@ -0,0 +1,93 @@ +#!/bin/bash +# +# /etc/rc.d/init.d/consul +# +# Daemonize the consul agent. +# +# chkconfig: 2345 95 95 +# description: Service discovery and configuration made easy. \ +# Distributed, highly available, and datacenter-aware. +# processname: consul +# pidfile: /var/run/consul/pidfile + +# Source function library. +. /etc/init.d/functions +NAME=consul +CONSUL=/usr/local/bin/consul +CONFIG=/etc/$NAME/conf.d +PID_FILE=/var/run/$NAME/pidfile +LOG_FILE=/var/log/$NAME + +[ -e /etc/sysconfig/$NAME ] && . /etc/sysconfig/$NAME +export GOMAXPROCS=${GOMAXPROCS:-2} + +mkdir -p /var/run/$NAME +chown consul /var/run/$NAME + +start() { + echo -n "Starting $NAME: " + daemon --user=consul \ + --pidfile="$PID_FILE" \ + "$CONSUL" agent -pid-file="$PID_FILE" -config-dir "$CONFIG" >> "$LOG_FILE" & + retcode=$? + touch /var/lock/subsys/$NAME + return $retcode +} + +stop() { + echo -n "Shutting down $NAME: " + "$CONSUL" leave + retcode=$? + rm -f /var/lock/subsys/$NAME + return $retcode +} + +case "$1" in + start) + if $(status -p "$PID_FILE" $NAME >/dev/null); then + echo "$NAME already running" + else + start + fi + ;; + stop) + if $(status -p "$PID_FILE" $NAME >/dev/null); then + stop + else + echo "$NAME not running" + fi + ;; + info) + "$CONSUL" info + ;; + status) + status -p "$PID_FILE" $NAME + exit $? + ;; + restart) + if $(status -p "$PID_FILE" $NAME >/dev/null); then + stop + fi + start + ;; + reload) + if $(status -p "$PID_FILE" $NAME >/dev/null); then + kill -HUP `cat $PID_FILE` + else + echo "$NAME not running" + fi + ;; + condrestart) + if [ -f /var/lock/subsys/$NAME ]; then + if $(status -p "$PID_FILE" $NAME >/dev/null); then + stop + fi + start + fi + ;; + *) + echo "Usage: $NAME {start|stop|status|reload|restart}" + exit 1 + ;; +esac +exit $? diff --git a/cdist/conf/type/__consul_agent/files/consul.upstart b/cdist/conf/type/__consul_agent/files/consul.upstart new file mode 100644 index 00000000..ed0c7b8e --- /dev/null +++ b/cdist/conf/type/__consul_agent/files/consul.upstart @@ -0,0 +1,13 @@ +description "Consul Agent" +start on (local-filesystems and net-device-up IFACE!=lo) +stop on runlevel [06] + +setuid consul +setgid consul + +respawn +respawn limit 10 10 +kill timeout 10 + +exec /usr/local/bin/consul agent -config-dir /etc/consul/conf.d + diff --git a/cdist/conf/type/__consul_agent/gencode-remote b/cdist/conf/type/__consul_agent/gencode-remote new file mode 100755 index 00000000..04662967 --- /dev/null +++ b/cdist/conf/type/__consul_agent/gencode-remote @@ -0,0 +1,31 @@ +#!/bin/sh +# +# 2015 Steven Armstrong (steven-cdist at armstrong.cc) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + +service="consul" +state="$(cat "$__object/parameter/state")" + +case "$state" in + present) + : + ;; + absent) + echo "service $service stop || true" + ;; +esac diff --git a/cdist/conf/type/__consul_agent/man.text b/cdist/conf/type/__consul_agent/man.text new file mode 100644 index 00000000..63337185 --- /dev/null +++ b/cdist/conf/type/__consul_agent/man.text @@ -0,0 +1,134 @@ +cdist-type__consul_agent(7) +=========================== +Steven Armstrong + + +NAME +---- +cdist-type__consul_agent - manage the consul agent + + +DESCRIPTION +----------- +Configure and manage the consul agent. + + +REQUIRED PARAMETERS +------------------- +None. + + +OPTIONAL PARAMETERS +------------------- +bind-addr:: + sets the bind address for cluster communication +bootstrap-expect:: + sets server to expect bootstrap mode +ca-file-source:: + path to a PEM encoded certificate authority file which will be uploaded and + configure using the ca_file config option. +cert-file-source:: + path to a PEM encoded certificate file which will be uploaded and + configure using the cert_file config option. +client-addr:: + sets the address to bind for client access +datacenter:: + datacenter of the agent +encrypt:: + provides the gossip encryption key +group:: + the primary group for the agent +json-config:: + path to a partial json config file without leading { and trailing }. + If json-config is '-' (dash), take what was written to stdin as the file content. +key-file-source:: + path to a PEM encoded private key file which will be uploaded and + configure using the key_file config option. +node-name:: + name of this node. Must be unique in the cluster +retry-join:: + address to attempt joining every retry_interval until at least one join works. + Can be specified multiple times. +user:: + the user to run the agent as +state:: + if the agent is 'present' or 'absent'. Defaults to 'present'. + Currently state=absent is not working due to some dependency issues. + + +BOOLEAN PARAMETERS +------------------ +disable-remote-exec:: + disables support for remote execution. When set to true, the agent will ignore any incoming remote exec requests. +disable-update-check:: + disables automatic checking for security bulletins and new version releases +leave-on-terminate:: + gracefully leave cluster on SIGTERM +rejoin-after-leave:: + rejoin the cluster using the previous state after leaving +server:: + used to control if an agent is in server or client mode +syslog:: + enables logging to syslog +verify-incoming:: + enforce the use of TLS and verify a client's authenticity on incomming connections +verify-outgoing:: + enforce the use of TLS and verify the peers authenticity on outgoing connections + + +EXAMPLES +-------- + +-------------------------------------------------------------------------------- +# configure as server, bootstrap and rejoin +hostname="$(cat "$__global/explorer/hostname")" +__consul_agent \ + --datacenter dc1 \ + --node-name "${hostname%%.*}" \ + --disable-update-check \ + --server \ + --rejoin-after-leave \ + --bootstrap-expect 3 \ + --retry-join consul-01 \ + --retry-join consul-02 \ + --retry-join consul-03 + +# configure as server, bootstrap and rejoin with ssl support +hostname="$(cat "$__global/explorer/hostname")" +__consul_agent \ + --datacenter dc1 \ + --node-name "${hostname%%.*}" \ + --disable-update-check \ + --server \ + --rejoin-after-leave \ + --bootstrap-expect 3 \ + --retry-join consul-01 \ + --retry-join consul-02 \ + --retry-join consul-03 \ + --ca-file-source /path/to/ca.pem \ + --cert-file-source /path/to/cert.pem \ + --key-file-source /path/to/key.pem \ + --verify-incoming \ + --verify-outgoing + +# configure as client and try joining existing cluster +__consul_agent \ + --datacenter dc1 \ + --node-name "${hostname%%.*}" \ + --disable-update-check \ + --retry-join consul-01 \ + --retry-join consul-02 \ + --retry-join consul-03 + +-------------------------------------------------------------------------------- + + +SEE ALSO +-------- +- cdist-type(7) + + +COPYING +------- +Copyright \(C) 2015 Steven Armstrong. Free use of this software is +granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/cdist/conf/type/__consul_agent/manifest b/cdist/conf/type/__consul_agent/manifest new file mode 100755 index 00000000..c4e947bc --- /dev/null +++ b/cdist/conf/type/__consul_agent/manifest @@ -0,0 +1,174 @@ +#!/bin/sh +# +# 2015 Steven Armstrong (steven-cdist at armstrong.cc) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + + +os=$(cat "$__global/explorer/os") + +case "$os" in + centos|redhat) + # whitelist safeguard + : + ;; + *) + echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2 + echo "Please contribute an implementation for it if you can." >&2 + exit 1 + ;; +esac + +state="$(cat "$__object/parameter/state")" +user="$(cat "$__object/parameter/user")" +group="$(cat "$__object/parameter/group")" +data_dir="/var/lib/consul" +conf_dir="/etc/consul/conf.d" +conf_file="config.json" + +# FIXME: there has got to be a better way to handle the dependencies in this case +case "$state" in + present) + __group "$group" --system --state "$state" + require="__group/$group" \ + __user "$user" --system --gid "$group" \ + --home "$data_dir" --state "$state" + export require="__user/consul" + ;; + absent) + echo "Sorry, state=absent currently not supported :-(" >&2 + exit 1 + require="$__object_name" \ + __user "$user" --system --gid "$group" --state "$state" + require="__user/$user" \ + __group "$group" --system --state "$state" + ;; +esac + +__directory /etc/consul \ + --owner root --group "$group" --mode 750 --state "$state" +require="__directory/etc/consul" \ + __directory "$conf_dir" \ + --owner root --group "$group" --mode 750 --state "$state" + +if [ -f "$__object/parameter/ca-file-source" -o -f "$__object/parameter/cert-file-source" -o -f "$__object/parameter/key-file-source" ]; then + # create directory for ssl certs + require="__directory/etc/consul" \ + __directory /etc/consul/ssl \ + --owner root --group "$group" --mode 750 --state "$state" +fi + +__directory "$data_dir" \ + --owner "$user" --group "$group" --mode 770 --state "$state" + + +# Generate json config file +( +echo "{" + +# parameters we define ourself +printf ' "data_dir": "%s"\n' "$data_dir" + +for param in $(ls "$__object/parameter/"); do + case "$param" in + state|user|group|json-config) continue ;; + ca-file-source|cert-file-source|key-file-source) + source="$(cat "$__object/parameter/$param")" + destination="/etc/consul/ssl/${source##*/}" + require="__directory/etc/consul/ssl" \ + __file "$destination" \ + --owner root --group consul --mode 640 \ + --source "$source" \ + --state "$state" + key="$(echo "${param%-*}" | tr '-' '_')" + printf ' ,"%s": "%s"\n' "$key" "$destination" + ;; + disable-remote-exec|disable-update-check|leave-on-terminate|rejoin-after-leave|server|syslog|verify-incoming|verify-outgoing) + # handle boolean parameters + key="$(echo "$param" | tr '-' '_')" + printf ' ,"%s": true\n' "$key" + ;; + retry-join) + # join multiple parameters into json array + retry_join="$(awk '{printf "\""$1"\","}' "$__object/parameter/retry-join")" + # remove trailing , + printf ' ,"retry_join": [%s]\n' "${retry_join%*,}" + ;; + bootstrap-expect) + # integer key=value parameters + key="$(echo "$param" | tr '-' '_')" + printf ' ,"%s": %s\n' "$key" "$(cat "$__object/parameter/$param")" + ;; + *) + # string key=value parameters + key="$(echo "$param" | tr '-' '_')" + printf ' ,"%s": "%s"\n' "$key" "$(cat "$__object/parameter/$param")" + ;; + esac +done +if [ -f "$__object/parameter/json-config" ]; then + json_config="$(cat "$__object/parameter/json-config")" + if [ "$json_config" = "-" ]; then + json_config="$__object/stdin" + fi + printf ',' + # remove trailing , + json=$(cat "$json_config") + echo "${json%*,}" +fi +echo "}" +) | \ +require="__directory${conf_dir}" \ + __config_file "${conf_dir}/${conf_file}" \ + --owner root --group "$group" --mode 640 \ + --state "$state" \ + --onchange 'service consul status >/dev/null && service consul reload || true' \ + --source - + + +# Install init script to start on boot +case "$os" in + centos|redhat) + os_version="$(sed 's/[^0-9.]//g' "$__global/explorer/os_version")" + major_version="${os_version%%.*}" + case "$major_version" in + 7) + __file /lib/systemd/system/consul.service \ + --owner root --group root --mode 0555 \ + --state "$state" \ + --source "$__type/files/consul.systemd" + export require="__file/lib/systemd/system/consul.service" + ;; + *) + __file /etc/init.d/consul \ + --owner root --group root --mode 0555 \ + --state "$state" \ + --source "$__type/files/consul.sysv" + export require="__file/etc/init.d/consul" + ;; + esac + __start_on_boot consul --state "$state" + ;; + ubuntu) + __file /etc/init/consul.conf \ + --owner root --group root --mode 0644 \ + --state "$state" \ + --source "$__type/files/consul.upstart" + export require="__file/etc/init/consul.conf" + __start_on_boot consul --state "$state" + ;; +esac diff --git a/cdist/conf/type/__consul_agent/parameter/boolean b/cdist/conf/type/__consul_agent/parameter/boolean new file mode 100644 index 00000000..9efecf49 --- /dev/null +++ b/cdist/conf/type/__consul_agent/parameter/boolean @@ -0,0 +1,8 @@ +disable-remote-exec +disable-update-check +leave-on-terminate +rejoin-after-leave +server +syslog +verify-incoming +verify-outgoing diff --git a/cdist/conf/type/__consul_agent/parameter/default/group b/cdist/conf/type/__consul_agent/parameter/default/group new file mode 100644 index 00000000..7d22c92b --- /dev/null +++ b/cdist/conf/type/__consul_agent/parameter/default/group @@ -0,0 +1 @@ +consul diff --git a/cdist/conf/type/__consul_agent/parameter/default/state b/cdist/conf/type/__consul_agent/parameter/default/state new file mode 100644 index 00000000..e7f6134f --- /dev/null +++ b/cdist/conf/type/__consul_agent/parameter/default/state @@ -0,0 +1 @@ +present diff --git a/cdist/conf/type/__consul_agent/parameter/default/user b/cdist/conf/type/__consul_agent/parameter/default/user new file mode 100644 index 00000000..7d22c92b --- /dev/null +++ b/cdist/conf/type/__consul_agent/parameter/default/user @@ -0,0 +1 @@ +consul diff --git a/cdist/conf/type/__consul_agent/parameter/optional b/cdist/conf/type/__consul_agent/parameter/optional new file mode 100644 index 00000000..bceaf060 --- /dev/null +++ b/cdist/conf/type/__consul_agent/parameter/optional @@ -0,0 +1,13 @@ +bind-addr +bootstrap-expect +ca-file-source +cert-file-source +client-addr +datacenter +encrypt +group +json-config +key-file-source +node-name +user +state diff --git a/cdist/conf/type/__consul_agent/parameter/optional_multiple b/cdist/conf/type/__consul_agent/parameter/optional_multiple new file mode 100644 index 00000000..12cd064c --- /dev/null +++ b/cdist/conf/type/__consul_agent/parameter/optional_multiple @@ -0,0 +1 @@ +retry-join diff --git a/cdist/conf/type/__consul_agent/singleton b/cdist/conf/type/__consul_agent/singleton new file mode 100644 index 00000000..e69de29b diff --git a/cdist/conf/type/__consul_check/man.text b/cdist/conf/type/__consul_check/man.text new file mode 100644 index 00000000..18eaf638 --- /dev/null +++ b/cdist/conf/type/__consul_check/man.text @@ -0,0 +1,68 @@ +cdist-type__consul_check(7) +============================= +Steven Armstrong + + +NAME +---- +cdist-type__consul_check - manages consul checks + + +DESCRIPTION +----------- +Generate and deploy check definitions for a consul agent. +See http://www.consul.io/docs/agent/checks.html for parameter documentation. + +Use either script toghether with interval, or use ttl. + + +REQUIRED PARAMETERS +------------------- +None. + + +OPTIONAL PARAMETERS +------------------- +interval:: + the interval in which the script given with --script should be run +script:: + the shell command to run every --interval +ttl:: + how long a check is considered healthy without being updated through the + HTTP interfave +id:: + Defaults to --name +name:: + The name of this check. Defaults to __object_id +notes:: + human readable description +state:: + if this check is 'present' or 'absent'. Defaults to 'present'. + + +EXAMPLES +-------- + +-------------------------------------------------------------------------------- +__consul_check redis \ + --script /usr/local/bin/check_redis.py \ + --interval 10s + +__consul_check some-object-id \ + --id web-app \ + --name "Web App Status" \ + --notes "Web app does a curl internally every 10 seconds" \ + --ttl 30s +-------------------------------------------------------------------------------- + + +SEE ALSO +-------- +- cdist-type(7) +- cdist-type__consul_agent(7) + + +COPYING +------- +Copyright \(C) 2015 Steven Armstrong. Free use of this software is +granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/cdist/conf/type/__consul_check/manifest b/cdist/conf/type/__consul_check/manifest new file mode 100755 index 00000000..3004f319 --- /dev/null +++ b/cdist/conf/type/__consul_check/manifest @@ -0,0 +1,64 @@ +#!/bin/sh +# +# 2015 Steven Armstrong (steven-cdist at armstrong.cc) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + +name="$(cat "$__object/parameter/name" 2>/dev/null || echo "$__object_id")" +conf_dir="/etc/consul/conf.d" +conf_file="check_${name}.json" +state="$(cat "$__object/parameter/state")" + +# Sanity checks +if [ -f "$__object/parameter/script" -a -f "$__object/parameter/ttl" ]; then + echo "Use either --script together with --interval OR --ttl, but not both" >&2 + exit 1 +fi +if [ -f "$__object/parameter/script" -a ! -f "$__object/parameter/interval" ]; then + echo "When using --script you must also define --interval" >&2 + exit 1 +fi + +# Generate json config file +( +echo "{" +printf ' "check": {\n' +printf ' "name": "%s"\n' "$name" +for param in $(ls "$__object/parameter/"); do + case "$param" in + state|name|interval) continue ;; + script) + printf ' ,"script": "%s"\n' "$(cat "$__object/parameter/script")" + printf ' ,"interval": "%s"\n' "$(cat "$__object/parameter/interval")" + ;; + *) + key="$(echo "$param" | tr '-' '_')" + printf ' ,"%s": "%s"\n' "$key" "$(cat "$__object/parameter/$param")" + ;; + esac +done +# end check +echo " }" +# end json file +echo "}" +) | \ +require="__directory${conf_dir}" \ + __config_file "${conf_dir}/${conf_file}" \ + --owner root --group consul --mode 640 \ + --state "$state" \ + --onchange 'service consul status >/dev/null && service consul reload || true' \ + --source - diff --git a/cdist/conf/type/__consul_check/parameter/default/state b/cdist/conf/type/__consul_check/parameter/default/state new file mode 100644 index 00000000..e7f6134f --- /dev/null +++ b/cdist/conf/type/__consul_check/parameter/default/state @@ -0,0 +1 @@ +present diff --git a/cdist/conf/type/__consul_check/parameter/optional b/cdist/conf/type/__consul_check/parameter/optional new file mode 100644 index 00000000..f6c3a6e4 --- /dev/null +++ b/cdist/conf/type/__consul_check/parameter/optional @@ -0,0 +1,7 @@ +id +interval +name +notes +script +state +ttl diff --git a/cdist/conf/type/__consul_reload/gencode-remote b/cdist/conf/type/__consul_reload/gencode-remote new file mode 100755 index 00000000..9369db73 --- /dev/null +++ b/cdist/conf/type/__consul_reload/gencode-remote @@ -0,0 +1,24 @@ +#!/bin/sh +# +# 2015 Steven Armstrong (steven-cdist at armstrong.cc) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + +service="consul" +if grep -q "^__file/etc/consul/conf.d/" "$__messages_in"; then + echo "service $service status && service $service reload || true" +fi diff --git a/cdist/conf/type/__consul_reload/man.text b/cdist/conf/type/__consul_reload/man.text new file mode 100644 index 00000000..8dd045cf --- /dev/null +++ b/cdist/conf/type/__consul_reload/man.text @@ -0,0 +1,42 @@ +cdist-type__consul_reload(7) +============================ +Steven Armstrong + + +NAME +---- +cdist-type__consul_reload - reload consul + + +DESCRIPTION +----------- +Reload consul after configuration changes. + + +REQUIRED PARAMETERS +------------------- +None. + + +OPTIONAL PARAMETERS +------------------- +None. + + +EXAMPLES +-------- + +-------------------------------------------------------------------------------- +__consul_reload +-------------------------------------------------------------------------------- + + +SEE ALSO +-------- +- cdist-type(7) + + +COPYING +------- +Copyright \(C) 2015 Steven Armstrong. Free use of this software is +granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/cdist/conf/type/__consul_reload/singleton b/cdist/conf/type/__consul_reload/singleton new file mode 100644 index 00000000..e69de29b diff --git a/cdist/conf/type/__consul_service/man.text b/cdist/conf/type/__consul_service/man.text new file mode 100644 index 00000000..6bb024b1 --- /dev/null +++ b/cdist/conf/type/__consul_service/man.text @@ -0,0 +1,71 @@ +cdist-type__consul_service(7) +============================= +Steven Armstrong + + +NAME +---- +cdist-type__consul_service - manages consul services + + +DESCRIPTION +----------- +Generate and deploy service definitions for a consul agent. +See http://www.consul.io/docs/agent/services.html for parameter documentation. + +Use either script together with interval, or use ttl. + + +REQUIRED PARAMETERS +------------------- +None. + + +OPTIONAL PARAMETERS +------------------- +check-interval:: + the interval in which the script given with --check-script should be run +check-script:: + the shell command to run every --check-interval +check-ttl:: + how long a service is considered healthy without being updated through the + HTTP interfave +id:: + Defaults to --name +name:: + The name of this service. Defaults to __object_id +port:: + the port at which this service can be reached +state:: + if this service is 'present' or 'absent'. Defaults to 'present'. +tag:: + a tag to add to this service. Can be specified multiple times. + + +EXAMPLES +-------- + +-------------------------------------------------------------------------------- +__consul_service redis \ + --tag master \ + --tag production \ + --port 8000 \ + --check-script /usr/local/bin/check_redis.py \ + --check-interval 10s + +__consul_service webapp \ + --port 80 \ + --check-ttl 10s +-------------------------------------------------------------------------------- + + +SEE ALSO +-------- +- cdist-type(7) +- cdist-type__consul_agent(7) + + +COPYING +------- +Copyright \(C) 2015 Steven Armstrong. Free use of this software is +granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/cdist/conf/type/__consul_service/manifest b/cdist/conf/type/__consul_service/manifest new file mode 100755 index 00000000..9ba64141 --- /dev/null +++ b/cdist/conf/type/__consul_service/manifest @@ -0,0 +1,83 @@ +#!/bin/sh +# +# 2015 Steven Armstrong (steven-cdist at armstrong.cc) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + +name="$(cat "$__object/parameter/name" 2>/dev/null || echo "$__object_id")" +conf_dir="/etc/consul/conf.d" +conf_file="service_${name}.json" +state="$(cat "$__object/parameter/state")" + +# Sanity checks +if [ -f "$__object/parameter/check-script" -a -f "$__object/parameter/check-ttl" ]; then + echo "Use either --check-script together with --check-interval OR --check-ttl, but not both" >&2 + exit 1 +fi +if [ -f "$__object/parameter/check-script" -a ! -f "$__object/parameter/check-interval" ]; then + echo "When using --check-script you must also define --check-interval" >&2 + exit 1 +fi + +# Generate json config file +( +echo "{" +printf ' "service": {\n' +printf ' "name": "%s"\n' "$name" +for param in $(ls "$__object/parameter/"); do + case "$param" in + state|name|check-interval) continue ;; + check-script) + printf ' ,"check": {\n' + printf ' "script": "%s"\n' "$(cat "$__object/parameter/check-script")" + printf ' ,"interval": "%s"\n' "$(cat "$__object/parameter/check-interval")" + printf ' }\n' + ;; + check-ttl) + printf ' ,"check": {\n' + printf ' "ttl": "%s"\n' "$(cat "$__object/parameter/check-ttl")" + printf ' }\n' + ;; + tag) + # create json array from newline delimited file + tags="$(awk '{printf "\""$1"\","}' "$__object/parameter/tag")" + # remove trailing , + printf ' ,"tags": [%s]\n' "${tags%*,}" + ;; + port) + # integer key=value parameters + key="$(echo "$param" | tr '-' '_')" + printf ' ,"%s": %s\n' "$key" "$(cat "$__object/parameter/$param")" + ;; + *) + # string key=value parameters + key="$(echo "$param" | tr '-' '_')" + printf ' ,"%s": "%s"\n' "$key" "$(cat "$__object/parameter/$param")" + ;; + esac +done +# end service +echo " }" +# end json file +echo "}" +) | \ +require="__directory${conf_dir}" \ + __config_file "${conf_dir}/${conf_file}" \ + --owner root --group consul --mode 640 \ + --state "$state" \ + --onchange 'service consul status >/dev/null && service consul reload || true' \ + --source - diff --git a/cdist/conf/type/__consul_service/parameter/default/state b/cdist/conf/type/__consul_service/parameter/default/state new file mode 100644 index 00000000..e7f6134f --- /dev/null +++ b/cdist/conf/type/__consul_service/parameter/default/state @@ -0,0 +1 @@ +present diff --git a/cdist/conf/type/__consul_service/parameter/optional b/cdist/conf/type/__consul_service/parameter/optional new file mode 100644 index 00000000..496e31a3 --- /dev/null +++ b/cdist/conf/type/__consul_service/parameter/optional @@ -0,0 +1,7 @@ +check-interval +check-script +check-ttl +id +name +port +state diff --git a/cdist/conf/type/__consul_service/parameter/optional_multiple b/cdist/conf/type/__consul_service/parameter/optional_multiple new file mode 100644 index 00000000..42c7c82c --- /dev/null +++ b/cdist/conf/type/__consul_service/parameter/optional_multiple @@ -0,0 +1 @@ +tag diff --git a/cdist/conf/type/__consul_template/files/consul-template.systemd b/cdist/conf/type/__consul_template/files/consul-template.systemd new file mode 100644 index 00000000..c67eaab5 --- /dev/null +++ b/cdist/conf/type/__consul_template/files/consul-template.systemd @@ -0,0 +1,19 @@ +[Unit] +Description=Consul-Template Daemon +Wants=basic.target +After=basic.target network.target + +[Service] +User=root +Group=root +Environment="CONSUL_TEMPLATE_LOG=info" +Environment="GOMAXPROCS=2" +ExecStart=/usr/local/bin/consul-template -config /etc/consul-template/conf.d +ExecReload=/bin/kill -HUP $MAINPID +KillMode=process +Restart=on-failure +RestartSec=10s +LimitNOFILE=4096 + +[Install] +WantedBy=multi-user.target diff --git a/cdist/conf/type/__consul_template/files/consul-template.sysv b/cdist/conf/type/__consul_template/files/consul-template.sysv new file mode 100644 index 00000000..0a463020 --- /dev/null +++ b/cdist/conf/type/__consul_template/files/consul-template.sysv @@ -0,0 +1,89 @@ +#!/bin/bash +# +# /etc/rc.d/init.d/consul-template +# +# Daemonize the consul-template agent. +# +# chkconfig: 2345 95 95 +# description: Generic template rendering and notifications with Consul +# processname: consul-template +# pidfile: /var/run/consul-template/pidfile + +# Source function library. +. /etc/init.d/functions +NAME=consul-template +CONSUL_TEMPLATE=/usr/local/bin/consul-template +CONFIG=/etc/$NAME/conf.d +PID_FILE=/var/run/$NAME/pidfile +LOG_FILE=/var/log/$NAME + +[ -e /etc/sysconfig/$NAME ] && . /etc/sysconfig/$NAME +export CONSUL_TEMPLATE_LOG=${CONSUL_TEMPLATE_LOG:-info} +export GOMAXPROCS=${GOMAXPROCS:-2} + +mkdir -p /var/run/$NAME + +start() { + echo -n "Starting $NAME: " + daemon --pidfile="$PID_FILE" \ + "$CONSUL_TEMPLATE" -config "$CONFIG" >> "$LOG_FILE" 2>&1 & + echo $! > "$PID_FILE" + retcode=$? + touch /var/lock/subsys/$NAME + return $retcode +} + +stop() { + echo -n "Shutting down $NAME: " + killproc -p $PID_FILE $CONSUL_TEMPLATE + retcode=$? + rm -f /var/lock/subsys/$NAME + return $retcode +} + +case "$1" in + start) + if $(status -p "$PID_FILE" $NAME >/dev/null); then + echo "$NAME already running" + else + start + fi + ;; + stop) + if $(status -p "$PID_FILE" $NAME >/dev/null); then + stop + else + echo "$NAME not running" + fi + ;; + status) + status -p "$PID_FILE" $NAME + exit $? + ;; + restart) + if $(status -p "$PID_FILE" $NAME >/dev/null); then + stop + fi + start + ;; + reload) + if $(status -p "$PID_FILE" $NAME >/dev/null); then + kill -HUP `cat $PID_FILE` + else + echo "$NAME not running" + fi + ;; + condrestart) + if [ -f /var/lock/subsys/$NAME ]; then + if $(status -p "$PID_FILE" $NAME >/dev/null); then + stop + fi + start + fi + ;; + *) + echo "Usage: $NAME {start|stop|status|reload|restart}" + exit 1 + ;; +esac +exit $? diff --git a/cdist/conf/type/__consul_template/files/consul-template.upstart b/cdist/conf/type/__consul_template/files/consul-template.upstart new file mode 100644 index 00000000..b81a2818 --- /dev/null +++ b/cdist/conf/type/__consul_template/files/consul-template.upstart @@ -0,0 +1,12 @@ +description "Consul-Template Daemon" +start on (local-filesystems and net-device-up IFACE!=lo) +stop on runlevel [06] + +env CONSUL_TEMPLATE_LOG=info +env GOMAXPROCS=${GOMAXPROCS} + +exec /usr/local/bin/consul-template -config /etc/consul-template/conf.d >> /var/log/consul-template 2>&1 + +respawn +respawn limit 10 10 +kill timeout 10 diff --git a/cdist/conf/type/__consul_template/files/versions/0.6.5/cksum b/cdist/conf/type/__consul_template/files/versions/0.6.5/cksum new file mode 100644 index 00000000..2dcac994 --- /dev/null +++ b/cdist/conf/type/__consul_template/files/versions/0.6.5/cksum @@ -0,0 +1 @@ +1356006333 8496656 consul-template diff --git a/cdist/conf/type/__consul_template/files/versions/0.6.5/source b/cdist/conf/type/__consul_template/files/versions/0.6.5/source new file mode 100644 index 00000000..09a1ce3a --- /dev/null +++ b/cdist/conf/type/__consul_template/files/versions/0.6.5/source @@ -0,0 +1 @@ +https://github.com/hashicorp/consul-template/releases/download/v0.6.5/consul-template_0.6.5_linux_amd64.tar.gz diff --git a/cdist/conf/type/__consul_template/man.text b/cdist/conf/type/__consul_template/man.text new file mode 100644 index 00000000..9db958eb --- /dev/null +++ b/cdist/conf/type/__consul_template/man.text @@ -0,0 +1,85 @@ +cdist-type__consul_template(7) +============================== +Steven Armstrong + + +NAME +---- +cdist-type__consul_template - manage the consul-template service + + +DESCRIPTION +----------- +Downloads and installs the consul-template binary from +https://github.com/hashicorp/consul-template/releases/download/. +Generates a global config file and creates directory for per template config files. +Note that the consul-template binary is downloaded on the server (the machine running +cdist) and then deployed to the target host using the __file type. + + +REQUIRED PARAMETERS +------------------- +None. + + +OPTIONAL PARAMETERS +------------------- +auth:: + specify a username (and password) for basic authentication. +batch-size:: + the size of the batch when polling multiple dependencies. +consul:: + the location of the Consul instance to query (may be an IP address or FQDN) with port. + Defaults to 'localhost:8500'. +max-stale:: + the maximum staleness of a query. If specified, Consul will distribute work among all + servers instead of just the leader. +retry:: + the amount of time to wait if Consul returns an error when communicating + with the API. +state:: + either 'present' or 'absent'. Defaults to 'present' +token:: + the Consul API token. +version:: + which version of consul-template to install. See ./files/versions for a list of + supported versions. Defaults to the latest known version. +wait:: + the minimum(:maximum) to wait before rendering a new template to disk and + triggering a command, separated by a colon (:). If the optional maximum + value is omitted, it is assumed to be 4x the required minimum value. + + +BOOLEAN PARAMETERS +------------------ +ssl:: + use HTTPS while talking to Consul. Requires the Consul server to be configured to serve secure connections. +ssl-no-verify:: + ignore certificate warnings. Only used if ssl is enabled. + + +EXAMPLES +-------- + +-------------------------------------------------------------------------------- +__consul_template \ + --consul consul.service.consul:8500 \ + --retry 30s + +# specific version +__consul_template \ + --version 0.6.5 \ + --retry 30s +-------------------------------------------------------------------------------- + + +SEE ALSO +-------- +- cdist-type(7) +- https://github.com/hashicorp/consul-template + + +COPYING +------- +Copyright \(C) 2015 Steven Armstrong. Free use of this software is +granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/cdist/conf/type/__consul_template/manifest b/cdist/conf/type/__consul_template/manifest new file mode 100755 index 00000000..edeca89c --- /dev/null +++ b/cdist/conf/type/__consul_template/manifest @@ -0,0 +1,143 @@ +#!/bin/sh +# +# 2015 Steven Armstrong (steven-cdist at armstrong.cc) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + + +os=$(cat "$__global/explorer/os") + +case "$os" in + centos|redhat) + # whitelist safeguard + service_onchange='service consul-template status >/dev/null && service consul-template reload || true' \ + ;; + archlinux) + service_onchange="systemctl status consul-template >/dev/null && systemctl reload consul-template || true" + ;; + *) + echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2 + echo "Please contribute an implementation for it if you can." >&2 + exit 1 + ;; +esac + +versions_dir="$__type/files/versions" +version="$(cat "$__object/parameter/version")" +version_dir="$versions_dir/$version" + +if [ ! -d "$version_dir" ]; then + echo "Unknown consul-template version '$version'. Expected one of:" >&2 + ls "$versions_dir" >&2 + exit 1 +fi + +state="$(cat "$__object/parameter/state")" + +__staged_file /usr/local/bin/consul-template \ + --source "$(cat "$version_dir/source")" \ + --cksum "$(cat "$version_dir/cksum")" \ + --fetch-command 'curl -s -L "%s"' \ + --prepare-command 'tar -xzf "%s"; cat consul-template_*/consul-template' \ + --state "$state" \ + --group root \ + --owner root \ + --mode 755 + + +conf_dir="/etc/consul-template/conf.d" +conf_file="config.hcl" +template_dir="/etc/consul-template/template" + +__directory /etc/consul-template \ + --owner root --group root --mode 750 +require="__directory/etc/consul-template" \ + __directory "$conf_dir" \ + --owner root --group root --mode 750 +require="__directory/etc/consul-template" \ + __directory "$template_dir" \ + --owner root --group root --mode 750 + + +# Generate hcl config file +( +for param in $(ls "$__object/parameter/"); do + case "$param" in + ssl|ssl-no-verify) # boolean + key="$(echo "$param" | tr '-' '_')" + printf '%s = true\n' "$key" + ;; + auth|batch-size|consul|max-stale|retry|token|wait) + key="$(echo "$param" | tr '-' '_')" + printf '%s = "%s"\n' "$key" "$(cat "$__object/parameter/$param")" + ;; + *) + # ignore unknown parameters + : + ;; + esac +done +) | \ +require="__directory${conf_dir}" \ + __config_file "${conf_dir}/${conf_file}" \ + --owner root --group root --mode 640 \ + --state "$state" \ + --onchange "$service_onchange" \ + --source - + + +# Install init script to start on boot +service="consul-template" +case "$os" in + centos|redhat) + os_version="$(sed 's/[^0-9.]//g' "$__global/explorer/os_version")" + major_version="${os_version%%.*}" + case "$major_version" in + 7) + __file "/lib/systemd/system/${service}.service" \ + --owner root --group root --mode 0555 \ + --state "$state" \ + --source "$__type/files/${service}.systemd" + export require="__file/lib/systemd/system/${service}.service" + ;; + *) + __file "/etc/init.d/${service}" \ + --owner root --group root --mode 0555 \ + --state "$state" \ + --source "$__type/files/${service}.sysv" + export require="__file/etc/init.d/${service}" + ;; + esac + __start_on_boot "$service" --state "$state" + ;; + ubuntu) + __file "/etc/init/${service}.conf" \ + --owner root --group root --mode 0644 \ + --state "$state" \ + --source "$__type/files/${service}.upstart" + export require="__file/etc/init/${service}.conf" + __start_on_boot "$service" --state "$state" + ;; + archlinux) + __file "/lib/systemd/system/${service}.service" \ + --owner root --group root --mode 0555 \ + --state "$state" \ + --source "$__type/files/${service}.systemd" + export require="__file/lib/systemd/system/${service}.service" + __start_on_boot "$service" --state "$state" + ;; +esac diff --git a/cdist/conf/type/__consul_template/parameter/boolean b/cdist/conf/type/__consul_template/parameter/boolean new file mode 100644 index 00000000..5e17dcd7 --- /dev/null +++ b/cdist/conf/type/__consul_template/parameter/boolean @@ -0,0 +1,2 @@ +ssl +ssl-no-verify diff --git a/cdist/conf/type/__consul_template/parameter/default/consul b/cdist/conf/type/__consul_template/parameter/default/consul new file mode 100644 index 00000000..42dfa616 --- /dev/null +++ b/cdist/conf/type/__consul_template/parameter/default/consul @@ -0,0 +1 @@ +localhost:8500 diff --git a/cdist/conf/type/__consul_template/parameter/default/state b/cdist/conf/type/__consul_template/parameter/default/state new file mode 100644 index 00000000..e7f6134f --- /dev/null +++ b/cdist/conf/type/__consul_template/parameter/default/state @@ -0,0 +1 @@ +present diff --git a/cdist/conf/type/__consul_template/parameter/default/version b/cdist/conf/type/__consul_template/parameter/default/version new file mode 100644 index 00000000..ef5e4454 --- /dev/null +++ b/cdist/conf/type/__consul_template/parameter/default/version @@ -0,0 +1 @@ +0.6.5 diff --git a/cdist/conf/type/__consul_template/parameter/optional b/cdist/conf/type/__consul_template/parameter/optional new file mode 100644 index 00000000..2848edb9 --- /dev/null +++ b/cdist/conf/type/__consul_template/parameter/optional @@ -0,0 +1,9 @@ +auth +batch-size +consul +max-stale +retry +state +token +version +wait diff --git a/cdist/conf/type/__consul_template/singleton b/cdist/conf/type/__consul_template/singleton new file mode 100644 index 00000000..e69de29b diff --git a/cdist/conf/type/__consul_template/todo b/cdist/conf/type/__consul_template/todo new file mode 100644 index 00000000..a3786501 --- /dev/null +++ b/cdist/conf/type/__consul_template/todo @@ -0,0 +1,2 @@ +- add support for latest version 0.7.0 + - config file format has changed diff --git a/cdist/conf/type/__consul_template_template/man.text b/cdist/conf/type/__consul_template_template/man.text new file mode 100644 index 00000000..159a63fb --- /dev/null +++ b/cdist/conf/type/__consul_template_template/man.text @@ -0,0 +1,69 @@ +cdist-type__consul_template_template(7) +======================================= +Steven Armstrong + + +NAME +---- +cdist-type__consul_template_template - manage consul-template templates + + +DESCRIPTION +----------- +Generate and deploy template definitions for a consul-template. +See https://github.com/hashicorp/consul-template#examples for documentation. +Templates are written in the Go template format. +Either the --source or the --source-file parameter must be given. + + +REQUIRED PARAMETERS +------------------- +destination:: + the destination where the generated file should go. + + +OPTIONAL PARAMETERS +------------------- +command:: + an optional command to run after rendering the template to its destination. +source:: + path to the template source. Conflicts --source-file. +source-file:: + path to a local file which is uploaded using the __file type and configured + as the source. + If source is '-' (dash), take what was written to stdin as the file content. + Conflicts --source. +state:: + if this template is 'present' or 'absent'. Defaults to 'present'. + + +EXAMPLES +-------- + +-------------------------------------------------------------------------------- +# configure template on the target +__consul_template_template nginx \ + --source /etc/my-consul-templates/nginx.ctmpl \ + --destination /etc/nginx/nginx.conf \ + --command 'service nginx restart' + + +# upload a local file to the target and configure it +__consul_template_template nginx \ + --source-file "$__manifest/files/nginx.ctmpl" \ + --destination /etc/nginx/nginx.conf \ + --command 'service nginx restart' +-------------------------------------------------------------------------------- + + +SEE ALSO +-------- +- cdist-type(7) +- cdist-type__consul_template(7) +- cdist-type__consul_template_config(7) + + +COPYING +------- +Copyright \(C) 2015 Steven Armstrong. Free use of this software is +granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/cdist/conf/type/__consul_template_template/manifest b/cdist/conf/type/__consul_template_template/manifest new file mode 100755 index 00000000..c997a2c8 --- /dev/null +++ b/cdist/conf/type/__consul_template_template/manifest @@ -0,0 +1,74 @@ +#!/bin/sh +# +# 2015 Steven Armstrong (steven-cdist at armstrong.cc) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + +name="$(cat "$__object/parameter/name" 2>/dev/null || echo "$__object_id")" +state="$(cat "$__object/parameter/state")" +conf_dir="/etc/consul-template/conf.d" +conf_file="template_${name}.hcl" +template_dir="/etc/consul-template/template" +require="" + +# Sanity checks +if [ -f "$__object/parameter/source" -a -f "$__object/parameter/source-file" ]; then + echo "Use either --source OR --source-file, but not both." >&2 + exit 1 +fi +if [ ! -f "$__object/parameter/source" -a ! -f "$__object/parameter/source-file" ]; then + echo "Either --source OR --source-file must be given." >&2 + exit 1 +fi + +# Generate hcl config file +( +printf 'template {\n' +for param in $(ls "$__object/parameter/"); do + case "$param" in + source-file) + source="$(cat "$__object/parameter/$param")" + if [ "$source" = "-" ]; then + source="$__object/stdin" + fi + destination="${template_dir}/${name}" + require="__directory${template_dir}" \ + __file "$destination" \ + --owner root --group root --mode 640 \ + --source "$source" \ + --state "$state" + export require="__file${destination}" + printf ' source = "%s"\n' "$destination" + + ;; + source|destination|command) + printf ' %s = "%s"\n' "$param" "$(cat "$__object/parameter/$param")" + ;; + *) + # ignore unknown parameters + : + ;; + esac +done +printf '}\n' +) | \ +require="$require __directory${conf_dir}" \ + __config_file "${conf_dir}/${conf_file}" \ + --owner root --group root --mode 640 \ + --state "$state" \ + --onchange 'service consul-template status >/dev/null && service consul-template reload || true' \ + --source - diff --git a/cdist/conf/type/__consul_template_template/parameter/default/state b/cdist/conf/type/__consul_template_template/parameter/default/state new file mode 100644 index 00000000..e7f6134f --- /dev/null +++ b/cdist/conf/type/__consul_template_template/parameter/default/state @@ -0,0 +1 @@ +present diff --git a/cdist/conf/type/__consul_template_template/parameter/optional b/cdist/conf/type/__consul_template_template/parameter/optional new file mode 100644 index 00000000..229f6c89 --- /dev/null +++ b/cdist/conf/type/__consul_template_template/parameter/optional @@ -0,0 +1,4 @@ +command +source +source-file +state diff --git a/cdist/conf/type/__consul_template_template/parameter/required b/cdist/conf/type/__consul_template_template/parameter/required new file mode 100644 index 00000000..ac459b09 --- /dev/null +++ b/cdist/conf/type/__consul_template_template/parameter/required @@ -0,0 +1 @@ +destination diff --git a/cdist/conf/type/__consul_watch_checks/man.text b/cdist/conf/type/__consul_watch_checks/man.text new file mode 100644 index 00000000..75c42fc2 --- /dev/null +++ b/cdist/conf/type/__consul_watch_checks/man.text @@ -0,0 +1,64 @@ +cdist-type__consul_watch_checks(7) +================================== +Steven Armstrong + + +NAME +---- +cdist-type__consul_watch_checks - manages consul checks watches + + +DESCRIPTION +----------- +Generate and deploy watch definitions of type 'checks' for a consul agent. +See http://www.consul.io/docs/agent/watches.html for parameter documentation. + + +REQUIRED PARAMETERS +------------------- +handler:: + the handler to invoke when the data view updates + + +OPTIONAL PARAMETERS +------------------- +datacenter:: + can be provided to override the agent's default datacenter +filter-service:: + filter to a specific service. Conflicts with --filter-state. +filter-state:: + filter to a specific state. Conflicts with --filter-service. +state:: + if this watch is 'present' or 'absent'. Defaults to 'present'. +token:: + can be provided to override the agent's default ACL token + + +EXAMPLES +-------- + +-------------------------------------------------------------------------------- +__consul_watch_checks some-id \ + --handler /usr/bin/my-handler.sh + +__consul_watch_checks some-id \ + --filter-service consul \ + --handler /usr/bin/my-handler.sh + +__consul_watch_checks some-id \ + --filter-state passing \ + --handler /usr/bin/my-handler.sh +-------------------------------------------------------------------------------- + + +SEE ALSO +-------- +- cdist-type(7) +- cdist-type__consul_agent(7) +- http://www.consul.io/docs/agent/watches.html + + +COPYING +------- +Copyright \(C) 2015 Steven Armstrong. Free use of this software is +granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/cdist/conf/type/__consul_watch_checks/manifest b/cdist/conf/type/__consul_watch_checks/manifest new file mode 100755 index 00000000..c05ae9eb --- /dev/null +++ b/cdist/conf/type/__consul_watch_checks/manifest @@ -0,0 +1,61 @@ +#!/bin/sh +# +# 2015 Steven Armstrong (steven-cdist at armstrong.cc) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + +cdist_type="${__type##*/}" +watch_type="${cdist_type##*_}" +conf_dir="/etc/consul/conf.d" +conf_file="watch_${watch_type}_${__object_id}.json" +state="$(cat "$__object/parameter/state")" + +# Sanity checks +if [ -f "$__object/parameter/filter-service" -a -f "$__object/parameter/filter-state" ]; then + echo "Use either --filter-service or --filter-state but not both." >&2 + exit 1 +fi + +# Generate json config file +( +echo "{" +printf ' "watches": [{\n' +printf ' "type": "%s"\n' "$watch_type" +for param in $(ls "$__object/parameter/"); do + case "$param" in + state) continue ;; + filter-*) + key="${param##*-}" + printf ' ,"%s": "%s"\n' "$key" "$(cat "$__object/parameter/$param")" + ;; + *) + key="$(echo "$param" | tr '-' '_')" + printf ' ,"%s": "%s"\n' "$key" "$(cat "$__object/parameter/$param")" + ;; + esac +done +# end watches +echo " }]" +# end json file +echo "}" +) | \ +require="__directory${conf_dir}" \ + __config_file "${conf_dir}/${conf_file}" \ + --owner root --group consul --mode 640 \ + --state "$state" \ + --onchange 'service consul status >/dev/null && service consul reload || true' \ + --source - diff --git a/cdist/conf/type/__consul_watch_checks/parameter/default/state b/cdist/conf/type/__consul_watch_checks/parameter/default/state new file mode 100644 index 00000000..e7f6134f --- /dev/null +++ b/cdist/conf/type/__consul_watch_checks/parameter/default/state @@ -0,0 +1 @@ +present diff --git a/cdist/conf/type/__consul_watch_checks/parameter/optional b/cdist/conf/type/__consul_watch_checks/parameter/optional new file mode 100644 index 00000000..d37fd557 --- /dev/null +++ b/cdist/conf/type/__consul_watch_checks/parameter/optional @@ -0,0 +1,5 @@ +datacenter +filter-service +filter-state +state +token diff --git a/cdist/conf/type/__consul_watch_checks/parameter/required b/cdist/conf/type/__consul_watch_checks/parameter/required new file mode 100644 index 00000000..64b916c1 --- /dev/null +++ b/cdist/conf/type/__consul_watch_checks/parameter/required @@ -0,0 +1 @@ +handler diff --git a/cdist/conf/type/__consul_watch_event/man.text b/cdist/conf/type/__consul_watch_event/man.text new file mode 100644 index 00000000..3b393241 --- /dev/null +++ b/cdist/conf/type/__consul_watch_event/man.text @@ -0,0 +1,58 @@ +cdist-type__consul_watch_event(7) +================================= +Steven Armstrong + + +NAME +---- +cdist-type__consul_watch_event - manages consul event watches + + +DESCRIPTION +----------- +Generate and deploy watch definitions of type 'event' for a consul agent. +See http://www.consul.io/docs/agent/watches.html for parameter documentation. + + +REQUIRED PARAMETERS +------------------- +handler:: + the handler to invoke when the data view updates + + +OPTIONAL PARAMETERS +------------------- +datacenter:: + can be provided to override the agent's default datacenter +name:: + restrict the watch to only events with the given name +state:: + if this watch is 'present' or 'absent'. Defaults to 'present'. +token:: + can be provided to override the agent's default ACL token + + +EXAMPLES +-------- + +-------------------------------------------------------------------------------- +__consul_watch_event some-id \ + --handler /usr/bin/my-handler.sh + +__consul_watch_event some-id \ + --name web-deploy \ + --handler /usr/bin/my-handler.sh +-------------------------------------------------------------------------------- + + +SEE ALSO +-------- +- cdist-type(7) +- cdist-type__consul_agent(7) +- http://www.consul.io/docs/agent/watches.html + + +COPYING +------- +Copyright \(C) 2015 Steven Armstrong. Free use of this software is +granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/cdist/conf/type/__consul_watch_event/manifest b/cdist/conf/type/__consul_watch_event/manifest new file mode 100755 index 00000000..4e36a10d --- /dev/null +++ b/cdist/conf/type/__consul_watch_event/manifest @@ -0,0 +1,51 @@ +#!/bin/sh +# +# 2015 Steven Armstrong (steven-cdist at armstrong.cc) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + +cdist_type="${__type##*/}" +watch_type="${cdist_type##*_}" +conf_dir="/etc/consul/conf.d" +conf_file="watch_${watch_type}_${__object_id}.json" +state="$(cat "$__object/parameter/state")" + +# Generate json config file +( +echo "{" +printf ' "watches": [{\n' +printf ' "type": "%s"\n' "$watch_type" +for param in $(ls "$__object/parameter/"); do + case "$param" in + state) continue ;; + *) + key="$(echo "$param" | tr '-' '_')" + printf ' ,"%s": "%s"\n' "$key" "$(cat "$__object/parameter/$param")" + ;; + esac +done +# end watches +echo " }]" +# end json file +echo "}" +) | \ +require="__directory${conf_dir}" \ + __config_file "${conf_dir}/${conf_file}" \ + --owner root --group consul --mode 640 \ + --state "$state" \ + --onchange 'service consul status >/dev/null && service consul reload || true' \ + --source - diff --git a/cdist/conf/type/__consul_watch_event/parameter/default/state b/cdist/conf/type/__consul_watch_event/parameter/default/state new file mode 100644 index 00000000..e7f6134f --- /dev/null +++ b/cdist/conf/type/__consul_watch_event/parameter/default/state @@ -0,0 +1 @@ +present diff --git a/cdist/conf/type/__consul_watch_event/parameter/optional b/cdist/conf/type/__consul_watch_event/parameter/optional new file mode 100644 index 00000000..ac808c47 --- /dev/null +++ b/cdist/conf/type/__consul_watch_event/parameter/optional @@ -0,0 +1,4 @@ +datacenter +name +state +token diff --git a/cdist/conf/type/__consul_watch_event/parameter/required b/cdist/conf/type/__consul_watch_event/parameter/required new file mode 100644 index 00000000..64b916c1 --- /dev/null +++ b/cdist/conf/type/__consul_watch_event/parameter/required @@ -0,0 +1 @@ +handler diff --git a/cdist/conf/type/__consul_watch_key/man.text b/cdist/conf/type/__consul_watch_key/man.text new file mode 100644 index 00000000..5d8381cb --- /dev/null +++ b/cdist/conf/type/__consul_watch_key/man.text @@ -0,0 +1,55 @@ +cdist-type__consul_watch_key(7) +=============================== +Steven Armstrong + + +NAME +---- +cdist-type__consul_watch_key - manages consul key watches + + +DESCRIPTION +----------- +Generate and deploy watch definitions of type 'key' for a consul agent. +See http://www.consul.io/docs/agent/watches.html for parameter documentation. + + +REQUIRED PARAMETERS +------------------- +handler:: + the handler to invoke when the data view updates +key:: + the key to watch for changes + + +OPTIONAL PARAMETERS +------------------- +datacenter:: + can be provided to override the agent's default datacenter +state:: + if this watch is 'present' or 'absent'. Defaults to 'present'. +token:: + can be provided to override the agent's default ACL token + + +EXAMPLES +-------- + +-------------------------------------------------------------------------------- +__consul_watch_key some-id \ + --key foo/bar/baz \ + --handler /usr/bin/my-key-handler.sh +-------------------------------------------------------------------------------- + + +SEE ALSO +-------- +- cdist-type(7) +- cdist-type__consul_agent(7) +- http://www.consul.io/docs/agent/watches.html + + +COPYING +------- +Copyright \(C) 2015 Steven Armstrong. Free use of this software is +granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/cdist/conf/type/__consul_watch_key/manifest b/cdist/conf/type/__consul_watch_key/manifest new file mode 100755 index 00000000..4e36a10d --- /dev/null +++ b/cdist/conf/type/__consul_watch_key/manifest @@ -0,0 +1,51 @@ +#!/bin/sh +# +# 2015 Steven Armstrong (steven-cdist at armstrong.cc) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + +cdist_type="${__type##*/}" +watch_type="${cdist_type##*_}" +conf_dir="/etc/consul/conf.d" +conf_file="watch_${watch_type}_${__object_id}.json" +state="$(cat "$__object/parameter/state")" + +# Generate json config file +( +echo "{" +printf ' "watches": [{\n' +printf ' "type": "%s"\n' "$watch_type" +for param in $(ls "$__object/parameter/"); do + case "$param" in + state) continue ;; + *) + key="$(echo "$param" | tr '-' '_')" + printf ' ,"%s": "%s"\n' "$key" "$(cat "$__object/parameter/$param")" + ;; + esac +done +# end watches +echo " }]" +# end json file +echo "}" +) | \ +require="__directory${conf_dir}" \ + __config_file "${conf_dir}/${conf_file}" \ + --owner root --group consul --mode 640 \ + --state "$state" \ + --onchange 'service consul status >/dev/null && service consul reload || true' \ + --source - diff --git a/cdist/conf/type/__consul_watch_key/parameter/default/state b/cdist/conf/type/__consul_watch_key/parameter/default/state new file mode 100644 index 00000000..e7f6134f --- /dev/null +++ b/cdist/conf/type/__consul_watch_key/parameter/default/state @@ -0,0 +1 @@ +present diff --git a/cdist/conf/type/__consul_watch_key/parameter/optional b/cdist/conf/type/__consul_watch_key/parameter/optional new file mode 100644 index 00000000..bfce8305 --- /dev/null +++ b/cdist/conf/type/__consul_watch_key/parameter/optional @@ -0,0 +1,3 @@ +datacenter +state +token diff --git a/cdist/conf/type/__consul_watch_key/parameter/required b/cdist/conf/type/__consul_watch_key/parameter/required new file mode 100644 index 00000000..a7ae5b65 --- /dev/null +++ b/cdist/conf/type/__consul_watch_key/parameter/required @@ -0,0 +1,2 @@ +handler +key diff --git a/cdist/conf/type/__consul_watch_keyprefix/man.text b/cdist/conf/type/__consul_watch_keyprefix/man.text new file mode 100644 index 00000000..e2f05de2 --- /dev/null +++ b/cdist/conf/type/__consul_watch_keyprefix/man.text @@ -0,0 +1,55 @@ +cdist-type__consul_watch_keyprefix(7) +===================================== +Steven Armstrong + + +NAME +---- +cdist-type__consul_watch_keyprefix - manages consul keyprefix watches + + +DESCRIPTION +----------- +Generate and deploy watch definitions of type 'keyprefix' for a consul agent. +See http://www.consul.io/docs/agent/watches.html for parameter documentation. + + +REQUIRED PARAMETERS +------------------- +handler:: + the handler to invoke when the data view updates +prefix:: + the prefix of keys to watch for changes + + +OPTIONAL PARAMETERS +------------------- +datacenter:: + can be provided to override the agent's default datacenter +state:: + if this watch is 'present' or 'absent'. Defaults to 'present'. +token:: + can be provided to override the agent's default ACL token + + +EXAMPLES +-------- + +-------------------------------------------------------------------------------- +__consul_watch_keyprefix some-id \ + --prefix foo/ \ + --handler /usr/bin/my-prefix-handler.sh +-------------------------------------------------------------------------------- + + +SEE ALSO +-------- +- cdist-type(7) +- cdist-type__consul_agent(7) +- http://www.consul.io/docs/agent/watches.html + + +COPYING +------- +Copyright \(C) 2015 Steven Armstrong. Free use of this software is +granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/cdist/conf/type/__consul_watch_keyprefix/manifest b/cdist/conf/type/__consul_watch_keyprefix/manifest new file mode 100755 index 00000000..4e36a10d --- /dev/null +++ b/cdist/conf/type/__consul_watch_keyprefix/manifest @@ -0,0 +1,51 @@ +#!/bin/sh +# +# 2015 Steven Armstrong (steven-cdist at armstrong.cc) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + +cdist_type="${__type##*/}" +watch_type="${cdist_type##*_}" +conf_dir="/etc/consul/conf.d" +conf_file="watch_${watch_type}_${__object_id}.json" +state="$(cat "$__object/parameter/state")" + +# Generate json config file +( +echo "{" +printf ' "watches": [{\n' +printf ' "type": "%s"\n' "$watch_type" +for param in $(ls "$__object/parameter/"); do + case "$param" in + state) continue ;; + *) + key="$(echo "$param" | tr '-' '_')" + printf ' ,"%s": "%s"\n' "$key" "$(cat "$__object/parameter/$param")" + ;; + esac +done +# end watches +echo " }]" +# end json file +echo "}" +) | \ +require="__directory${conf_dir}" \ + __config_file "${conf_dir}/${conf_file}" \ + --owner root --group consul --mode 640 \ + --state "$state" \ + --onchange 'service consul status >/dev/null && service consul reload || true' \ + --source - diff --git a/cdist/conf/type/__consul_watch_keyprefix/parameter/default/state b/cdist/conf/type/__consul_watch_keyprefix/parameter/default/state new file mode 100644 index 00000000..e7f6134f --- /dev/null +++ b/cdist/conf/type/__consul_watch_keyprefix/parameter/default/state @@ -0,0 +1 @@ +present diff --git a/cdist/conf/type/__consul_watch_keyprefix/parameter/optional b/cdist/conf/type/__consul_watch_keyprefix/parameter/optional new file mode 100644 index 00000000..bfce8305 --- /dev/null +++ b/cdist/conf/type/__consul_watch_keyprefix/parameter/optional @@ -0,0 +1,3 @@ +datacenter +state +token diff --git a/cdist/conf/type/__consul_watch_keyprefix/parameter/required b/cdist/conf/type/__consul_watch_keyprefix/parameter/required new file mode 100644 index 00000000..6223b4de --- /dev/null +++ b/cdist/conf/type/__consul_watch_keyprefix/parameter/required @@ -0,0 +1,2 @@ +handler +keyprefix diff --git a/cdist/conf/type/__consul_watch_nodes/man.text b/cdist/conf/type/__consul_watch_nodes/man.text new file mode 100644 index 00000000..70b83e92 --- /dev/null +++ b/cdist/conf/type/__consul_watch_nodes/man.text @@ -0,0 +1,52 @@ +cdist-type__consul_watch_nodes(7) +================================= +Steven Armstrong + + +NAME +---- +cdist-type__consul_watch_nodes - manages consul nodes watches + + +DESCRIPTION +----------- +Generate and deploy watch definitions of type 'nodes' for a consul agent. +See http://www.consul.io/docs/agent/watches.html for parameter documentation. + + +REQUIRED PARAMETERS +------------------- +handler:: + the handler to invoke when the data view updates + + +OPTIONAL PARAMETERS +------------------- +datacenter:: + can be provided to override the agent's default datacenter +state:: + if this watch is 'present' or 'absent'. Defaults to 'present'. +token:: + can be provided to override the agent's default ACL token + + +EXAMPLES +-------- + +-------------------------------------------------------------------------------- +__consul_watch_nodes some-id \ + --handler /usr/bin/my-key-handler.sh +-------------------------------------------------------------------------------- + + +SEE ALSO +-------- +- cdist-type(7) +- cdist-type__consul_agent(7) +- http://www.consul.io/docs/agent/watches.html + + +COPYING +------- +Copyright \(C) 2015 Steven Armstrong. Free use of this software is +granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/cdist/conf/type/__consul_watch_nodes/manifest b/cdist/conf/type/__consul_watch_nodes/manifest new file mode 100755 index 00000000..4e36a10d --- /dev/null +++ b/cdist/conf/type/__consul_watch_nodes/manifest @@ -0,0 +1,51 @@ +#!/bin/sh +# +# 2015 Steven Armstrong (steven-cdist at armstrong.cc) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + +cdist_type="${__type##*/}" +watch_type="${cdist_type##*_}" +conf_dir="/etc/consul/conf.d" +conf_file="watch_${watch_type}_${__object_id}.json" +state="$(cat "$__object/parameter/state")" + +# Generate json config file +( +echo "{" +printf ' "watches": [{\n' +printf ' "type": "%s"\n' "$watch_type" +for param in $(ls "$__object/parameter/"); do + case "$param" in + state) continue ;; + *) + key="$(echo "$param" | tr '-' '_')" + printf ' ,"%s": "%s"\n' "$key" "$(cat "$__object/parameter/$param")" + ;; + esac +done +# end watches +echo " }]" +# end json file +echo "}" +) | \ +require="__directory${conf_dir}" \ + __config_file "${conf_dir}/${conf_file}" \ + --owner root --group consul --mode 640 \ + --state "$state" \ + --onchange 'service consul status >/dev/null && service consul reload || true' \ + --source - diff --git a/cdist/conf/type/__consul_watch_nodes/parameter/default/state b/cdist/conf/type/__consul_watch_nodes/parameter/default/state new file mode 100644 index 00000000..e7f6134f --- /dev/null +++ b/cdist/conf/type/__consul_watch_nodes/parameter/default/state @@ -0,0 +1 @@ +present diff --git a/cdist/conf/type/__consul_watch_nodes/parameter/optional b/cdist/conf/type/__consul_watch_nodes/parameter/optional new file mode 100644 index 00000000..bfce8305 --- /dev/null +++ b/cdist/conf/type/__consul_watch_nodes/parameter/optional @@ -0,0 +1,3 @@ +datacenter +state +token diff --git a/cdist/conf/type/__consul_watch_nodes/parameter/required b/cdist/conf/type/__consul_watch_nodes/parameter/required new file mode 100644 index 00000000..64b916c1 --- /dev/null +++ b/cdist/conf/type/__consul_watch_nodes/parameter/required @@ -0,0 +1 @@ +handler diff --git a/cdist/conf/type/__consul_watch_service/man.text b/cdist/conf/type/__consul_watch_service/man.text new file mode 100644 index 00000000..c7731a97 --- /dev/null +++ b/cdist/conf/type/__consul_watch_service/man.text @@ -0,0 +1,74 @@ +cdist-type__consul_watch_service(7) +=================================== +Steven Armstrong + + +NAME +---- +cdist-type__consul_watch_service - manages consul service watches + + +DESCRIPTION +----------- +Generate and deploy watch definitions of type 'service' for a consul agent. +See http://www.consul.io/docs/agent/watches.html for parameter documentation. + + +REQUIRED PARAMETERS +------------------- +handler:: + the handler to invoke when the data view updates +service:: + the service to watch for changes + + +OPTIONAL PARAMETERS +------------------- +datacenter:: + can be provided to override the agent's default datacenter +state:: + if this watch is 'present' or 'absent'. Defaults to 'present'. +token:: + can be provided to override the agent's default ACL token +tag:: + filter by tag + + +BOOLEAN PARAMETERS +------------------ +passingonly:: + specifies if only hosts passing all checks are displayed + + +EXAMPLES +-------- + +-------------------------------------------------------------------------------- +__consul_watch_service some-id \ + --service consul \ + --handler /usr/bin/my-handler.sh + +__consul_watch_service some-id \ + --service redis \ + --tag production \ + --handler /usr/bin/my-handler.sh + +__consul_watch_service some-id \ + --service redis \ + --tag production \ + --passingonly \ + --handler /usr/bin/my-handler.sh +-------------------------------------------------------------------------------- + + +SEE ALSO +-------- +- cdist-type(7) +- cdist-type__consul_agent(7) +- http://www.consul.io/docs/agent/watches.html + + +COPYING +------- +Copyright \(C) 2015 Steven Armstrong. Free use of this software is +granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/cdist/conf/type/__consul_watch_service/manifest b/cdist/conf/type/__consul_watch_service/manifest new file mode 100755 index 00000000..6011e288 --- /dev/null +++ b/cdist/conf/type/__consul_watch_service/manifest @@ -0,0 +1,54 @@ +#!/bin/sh +# +# 2015 Steven Armstrong (steven-cdist at armstrong.cc) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + +cdist_type="${__type##*/}" +watch_type="${cdist_type##*_}" +conf_dir="/etc/consul/conf.d" +conf_file="watch_${watch_type}_${__object_id}.json" +state="$(cat "$__object/parameter/state")" + +# Generate json config file +( +echo "{" +printf ' "watches": [{\n' +printf ' "type": "%s"\n' "$watch_type" +for param in $(ls "$__object/parameter/"); do + case "$param" in + state) continue ;; + passingonly) + printf ' ,"passingonly": true\n' + ;; + *) + key="$(echo "$param" | tr '-' '_')" + printf ' ,"%s": "%s"\n' "$key" "$(cat "$__object/parameter/$param")" + ;; + esac +done +# end watches +echo " }]" +# end json file +echo "}" +) | \ +require="__directory${conf_dir}" \ + __config_file "${conf_dir}/${conf_file}" \ + --owner root --group consul --mode 640 \ + --state "$state" \ + --onchange 'service consul status >/dev/null && service consul reload || true' \ + --source - diff --git a/cdist/conf/type/__consul_watch_service/parameter/boolean b/cdist/conf/type/__consul_watch_service/parameter/boolean new file mode 100644 index 00000000..4c1e4b3f --- /dev/null +++ b/cdist/conf/type/__consul_watch_service/parameter/boolean @@ -0,0 +1 @@ +passingonly diff --git a/cdist/conf/type/__consul_watch_service/parameter/default/state b/cdist/conf/type/__consul_watch_service/parameter/default/state new file mode 100644 index 00000000..e7f6134f --- /dev/null +++ b/cdist/conf/type/__consul_watch_service/parameter/default/state @@ -0,0 +1 @@ +present diff --git a/cdist/conf/type/__consul_watch_service/parameter/optional b/cdist/conf/type/__consul_watch_service/parameter/optional new file mode 100644 index 00000000..a81860ac --- /dev/null +++ b/cdist/conf/type/__consul_watch_service/parameter/optional @@ -0,0 +1,4 @@ +datacenter +state +tag +token diff --git a/cdist/conf/type/__consul_watch_service/parameter/required b/cdist/conf/type/__consul_watch_service/parameter/required new file mode 100644 index 00000000..e1ffa4d6 --- /dev/null +++ b/cdist/conf/type/__consul_watch_service/parameter/required @@ -0,0 +1,2 @@ +handler +service diff --git a/cdist/conf/type/__consul_watch_services/man.text b/cdist/conf/type/__consul_watch_services/man.text new file mode 100644 index 00000000..bc489493 --- /dev/null +++ b/cdist/conf/type/__consul_watch_services/man.text @@ -0,0 +1,52 @@ +cdist-type__consul_watch_services(7) +==================================== +Steven Armstrong + + +NAME +---- +cdist-type__consul_watch_services - manages consul services watches + + +DESCRIPTION +----------- +Generate and deploy watch definitions of type 'services' for a consul agent. +See http://www.consul.io/docs/agent/watches.html for parameter documentation. + + +REQUIRED PARAMETERS +------------------- +handler:: + the handler to invoke when the data view updates + + +OPTIONAL PARAMETERS +------------------- +datacenter:: + can be provided to override the agent's default datacenter +state:: + if this watch is 'present' or 'absent'. Defaults to 'present'. +token:: + can be provided to override the agent's default ACL token + + +EXAMPLES +-------- + +-------------------------------------------------------------------------------- +__consul_watch_services some-id \ + --handler /usr/bin/my-key-handler.sh +-------------------------------------------------------------------------------- + + +SEE ALSO +-------- +- cdist-type(7) +- cdist-type__consul_agent(7) +- http://www.consul.io/docs/agent/watches.html + + +COPYING +------- +Copyright \(C) 2015 Steven Armstrong. Free use of this software is +granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/cdist/conf/type/__consul_watch_services/manifest b/cdist/conf/type/__consul_watch_services/manifest new file mode 100755 index 00000000..4e36a10d --- /dev/null +++ b/cdist/conf/type/__consul_watch_services/manifest @@ -0,0 +1,51 @@ +#!/bin/sh +# +# 2015 Steven Armstrong (steven-cdist at armstrong.cc) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + +cdist_type="${__type##*/}" +watch_type="${cdist_type##*_}" +conf_dir="/etc/consul/conf.d" +conf_file="watch_${watch_type}_${__object_id}.json" +state="$(cat "$__object/parameter/state")" + +# Generate json config file +( +echo "{" +printf ' "watches": [{\n' +printf ' "type": "%s"\n' "$watch_type" +for param in $(ls "$__object/parameter/"); do + case "$param" in + state) continue ;; + *) + key="$(echo "$param" | tr '-' '_')" + printf ' ,"%s": "%s"\n' "$key" "$(cat "$__object/parameter/$param")" + ;; + esac +done +# end watches +echo " }]" +# end json file +echo "}" +) | \ +require="__directory${conf_dir}" \ + __config_file "${conf_dir}/${conf_file}" \ + --owner root --group consul --mode 640 \ + --state "$state" \ + --onchange 'service consul status >/dev/null && service consul reload || true' \ + --source - diff --git a/cdist/conf/type/__consul_watch_services/parameter/default/state b/cdist/conf/type/__consul_watch_services/parameter/default/state new file mode 100644 index 00000000..e7f6134f --- /dev/null +++ b/cdist/conf/type/__consul_watch_services/parameter/default/state @@ -0,0 +1 @@ +present diff --git a/cdist/conf/type/__consul_watch_services/parameter/optional b/cdist/conf/type/__consul_watch_services/parameter/optional new file mode 100644 index 00000000..bfce8305 --- /dev/null +++ b/cdist/conf/type/__consul_watch_services/parameter/optional @@ -0,0 +1,3 @@ +datacenter +state +token diff --git a/cdist/conf/type/__consul_watch_services/parameter/required b/cdist/conf/type/__consul_watch_services/parameter/required new file mode 100644 index 00000000..64b916c1 --- /dev/null +++ b/cdist/conf/type/__consul_watch_services/parameter/required @@ -0,0 +1 @@ +handler diff --git a/cdist/conf/type/__directory/explorer/stat b/cdist/conf/type/__directory/explorer/stat index d8cdbb9e..077aa43b 100755 --- a/cdist/conf/type/__directory/explorer/stat +++ b/cdist/conf/type/__directory/explorer/stat @@ -25,7 +25,7 @@ destination="/$__object_id" os=$("$__explorer/os") case "$os" in - "freebsd") + "freebsd"|"openbsd") # FIXME: should be something like this based on man page, but can not test stat -f "type: %ST owner: %Du %Su @@ -33,6 +33,13 @@ group: %Dg %Sg mode: %Op %Sp " "$destination" ;; + "macosx") + stat -f "type: %HT + owner: %Du %Su + group: %Dg %Sg + mode: %Lp %Sp + " "$destination" + ;; *) stat --printf="type: %F owner: %u %U diff --git a/cdist/conf/type/__file/explorer/stat b/cdist/conf/type/__file/explorer/stat index 52570379..00e34cca 100755 --- a/cdist/conf/type/__file/explorer/stat +++ b/cdist/conf/type/__file/explorer/stat @@ -33,6 +33,15 @@ group: %Dg %Sg mode: %Op %Sp size: %Dz links: %Dl +" "$destination" + ;; + "macosx") + stat -f "type: %HT +owner: %Du %Su +group: %Dg %Sg +mode: %Lp %Sp +size: %Dz +links: %Dl " "$destination" ;; *) diff --git a/cdist/conf/type/__file/gencode-local b/cdist/conf/type/__file/gencode-local index 601705c8..ed7482cb 100755 --- a/cdist/conf/type/__file/gencode-local +++ b/cdist/conf/type/__file/gencode-local @@ -67,7 +67,7 @@ DONE if [ "$upload_file" ]; then echo upload >> "$__messages_out" cat << DONE -$__remote_copy $source ${__target_host}:\$destination_upload +$__remote_copy "$source" "${__target_host}:\$destination_upload" DONE fi # move uploaded file into place diff --git a/cdist/conf/type/__firewalld_rule/explorer/rule b/cdist/conf/type/__firewalld_rule/explorer/rule new file mode 100644 index 00000000..e9e1ebeb --- /dev/null +++ b/cdist/conf/type/__firewalld_rule/explorer/rule @@ -0,0 +1,31 @@ +# +# 2015 Nico Schottelius (nico-cdist at schottelius.org) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# + +protocol="$(cat "$__object/parameter/protocol")" +table="$(cat "$__object/parameter/table")" +chain="$(cat "$__object/parameter/chain")" +priority="$(cat "$__object/parameter/priority")" +rule="$(cat "$__object/parameter/rule")" + +if firewall-cmd --permanent --direct --query-rule "$protocol" "$table" "$chain" "$priority" $rule >/dev/null; then + echo present +else + echo absent +fi diff --git a/cdist/conf/type/__firewalld_rule/gencode-remote b/cdist/conf/type/__firewalld_rule/gencode-remote new file mode 100644 index 00000000..e184f5b3 --- /dev/null +++ b/cdist/conf/type/__firewalld_rule/gencode-remote @@ -0,0 +1,47 @@ +# +# 2015 Nico Schottelius (nico-cdist at schottelius.org) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# + +name="$__object_id" +state_should="$(cat "$__object/parameter/state")" +state_is="$(cat "$__object/explorer/rule")" + +[ "$state_is" = "$state_should" ] && exit 0 + +protocol="$(cat "$__object/parameter/protocol")" +table="$(cat "$__object/parameter/table")" +chain="$(cat "$__object/parameter/chain")" +priority="$(cat "$__object/parameter/priority")" +rule="$(cat "$__object/parameter/rule")" + +case "$state_should" in + present) + echo firewall-cmd --quiet --permanent --direct --add-rule \"$protocol\" \"$table\" \"$chain\" \"$priority\" $rule + echo firewall-cmd --quiet --direct --add-rule \"$protocol\" \"$table\" \"$chain\" \"$priority\" $rule + ;; + + absent) + echo firewall-cmd --quiet --permanent --direct --remove-rule \"$protocol\" \"$table\" \"$chain\" \"$priority\" $rule + echo firewall-cmd --quiet --direct --remove-rule \"$protocol\" \"$table\" \"$chain\" \"$priority\" $rule + ;; + *) + echo "Unknown state $state_should" >&2 + exit 1 + ;; +esac diff --git a/cdist/conf/type/__firewalld_rule/man.text b/cdist/conf/type/__firewalld_rule/man.text new file mode 100644 index 00000000..17296a25 --- /dev/null +++ b/cdist/conf/type/__firewalld_rule/man.text @@ -0,0 +1,78 @@ +cdist-type__firewalld_rule(7) +============================= +Nico Schottelius + + +NAME +---- +cdist-type__firewalld_rule - Configure firewalld rules + + +DESCRIPTION +----------- +This cdist type allows you to manage rules in firewalld +using the *direct* way (i.e. no zone support). + + +REQUIRED PARAMETERS +------------------- +rule:: + The rule to apply. Essentially an firewalld command + line without firewalld in front of it. +protocol:: + Either ipv4, ipv4 or eb. See firewall-cmd(1) +table:: + The table to use (like filter or nat). See firewall-cmd(1). +chain:: + The chain to use (like INPUT_direct or FORWARD_direct). See firewall-cmd(1). +priority:: + The priority to use (0 is topmost). See firewall-cmd(1). + + +OPTIONAL PARAMETERS +------------------- +state:: + 'present' or 'absent', defaults to 'present' + + +EXAMPLES +-------- + +-------------------------------------------------------------------------------- +# Allow acces from entrance.place4.ungleich.ch +__firewalld_rule entrance \ + --protocol ipv4 \ + --table filter \ + --chain INPUT_direct \ + --priority 0 \ + --rule '-s entrance.place4.ungleich.ch -j ACCEPT' + +# Allow forwarding of traffic from br0 +__firewalld_rule vm-forward --protocol ipv4 \ + --table filter \ + --chain FORWARD_direct \ + --priority 0 \ + --rule '-i br0 -j ACCEPT' + +# Ensure old rule is absent - warning, the rule part must stay the same! +__firewalld_rule vm-forward + --protocol ipv4 \ + --table filter \ + --chain FORWARD_direct \ + --priority 0 \ + --rule '-i br0 -j ACCEPT' \ + --state absent +-------------------------------------------------------------------------------- + + +SEE ALSO +-------- +- cdist-type(7) +- cdist-type__iptables_rule(7) +- firewalld(8) + + +COPYING +------- +Copyright \(C) 2015 Nico Schottelius. Free use of this software is +granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/cdist/conf/type/__firewalld_rule/parameter/default/state b/cdist/conf/type/__firewalld_rule/parameter/default/state new file mode 100644 index 00000000..e7f6134f --- /dev/null +++ b/cdist/conf/type/__firewalld_rule/parameter/default/state @@ -0,0 +1 @@ +present diff --git a/cdist/conf/type/__firewalld_rule/parameter/optional b/cdist/conf/type/__firewalld_rule/parameter/optional new file mode 100644 index 00000000..ff72b5c7 --- /dev/null +++ b/cdist/conf/type/__firewalld_rule/parameter/optional @@ -0,0 +1 @@ +state diff --git a/cdist/conf/type/__firewalld_rule/parameter/required b/cdist/conf/type/__firewalld_rule/parameter/required new file mode 100644 index 00000000..58def7e4 --- /dev/null +++ b/cdist/conf/type/__firewalld_rule/parameter/required @@ -0,0 +1,5 @@ +chain +priority +protocol +rule +table diff --git a/cdist/conf/type/__group/TODO b/cdist/conf/type/__group/TODO deleted file mode 100644 index c20a5d21..00000000 --- a/cdist/conf/type/__group/TODO +++ /dev/null @@ -1,2 +0,0 @@ -- delete groups - diff --git a/cdist/conf/type/__group/explorer/group b/cdist/conf/type/__group/explorer/group index 4c1e6ac0..07f73a91 100755 --- a/cdist/conf/type/__group/explorer/group +++ b/cdist/conf/type/__group/explorer/group @@ -1,6 +1,6 @@ #!/bin/sh # -# 2011 Steven Armstrong (steven-cdist at armstrong.cc) +# 2011-2015 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # diff --git a/cdist/conf/type/__group/explorer/gshadow b/cdist/conf/type/__group/explorer/gshadow index 5ab4ed80..8d40e9e0 100755 --- a/cdist/conf/type/__group/explorer/gshadow +++ b/cdist/conf/type/__group/explorer/gshadow @@ -1,6 +1,6 @@ #!/bin/sh # -# 2011 Steven Armstrong (steven-cdist at armstrong.cc) +# 2011-2015 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # @@ -22,7 +22,6 @@ # name=$__object_id -os_version="$($__explorer/os_version)" os="$($__explorer/os)" if [ "$os" = "freebsd" ]; then @@ -30,13 +29,4 @@ if [ "$os" = "freebsd" ]; then exit 0 fi -case "$os_version" in - "Red Hat Enterprise Linux Server release "[45]*|"CentOS release "[45]*) - # TODO: find a way to get this information - echo "$os_version does not have getent gshadow" - ;; - *) - getent gshadow "$name" || true - ;; -esac - +getent gshadow "$name" || true diff --git a/cdist/conf/type/__group/gencode-remote b/cdist/conf/type/__group/gencode-remote index 1cffa8d4..2aaa83f3 100755 --- a/cdist/conf/type/__group/gencode-remote +++ b/cdist/conf/type/__group/gencode-remote @@ -1,6 +1,6 @@ #!/bin/sh # -# 2011 Steven Armstrong (steven-cdist at armstrong.cc) +# 2011-2015 Steven Armstrong (steven-cdist at armstrong.cc) # 2011 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. @@ -23,91 +23,86 @@ # name="$__object_id" -os_version="$(cat "$__global/explorer/os_version")" os="$(cat "$__global/explorer/os")" +state="$(cat "$__object/parameter/state")" -cd "$__object/parameter" -if grep -q "^${name}:" "$__object/explorer/group"; then - for property in $(ls .); do - new_value="$(cat "$property")" - # argument to pass the groupmod command for this property (exceptions - # are made in the case statement below) - proparg="--$property" - case "$property" in - password) - if [ "$os" = "freebsd" ]; then - echo "group/$name: FreeBSD doesn't support password modification" >&2 - exit 1 - fi - case "$os_version" in - "Red Hat Enterprise Linux Server release "[45]*|"CentOS release "[45]*) - # TODO: Use gpasswd? Need to fix gshadow explorer first. - echo "group/$name: '$os_version' groupmod does not support password modification" >&2 - exit 1 +# Use short option names for portability +shorten_property() { + case "$1" in + gid) echo "-g";; + password) echo "-p";; + system) echo "-r";; + esac +} + + +if [ "$state" = "present" ]; then + case "$os" in + freebsd) + supported_add_properties="gid" + supported_change_properties="gid" + ;; + *) + supported_add_properties="gid password system" + supported_change_properties="gid password" + ;; + esac + if grep -q "^${name}:" "$__object/explorer/group"; then + # change existing + for property in $supported_change_properties; do + if [ -f "$__object/parameter/$property" ]; then + new_value="$(cat "$__object/parameter/$property")" + unset current_value + case "$property" in + password) + current_value="$(awk -F: '{ print $2 }' "$__object/explorer/gshadow")" + ;; + gid) + current_value="$(awk -F: '{ print $3 }' "$__object/explorer/group")" ;; esac - current_value="$(awk -F: '{ print $2 }' < "$__object/explorer/gshadow")" - ;; - gid) - # set to -g to support older redhat/centos - proparg="-g" - current_value="$(awk -F: '{ print $3 }' < "$__object/explorer/group")" - ;; - esac - - if [ "$new_value" != "$current_value" ]; then - set -- "$@" "$proparg" \"$new_value\" - echo change $property $new_value $current_value >> "$__messages_out" - fi - done - - if [ $# -gt 0 ]; then - echo mod >> "$__messages_out" - case $os in - freebsd) - echo pw group mod "$@" "$name" - ;; - *) + if [ "$new_value" != "$current_value" ]; then + set -- "$@" "$(shorten_property $property)" \'$new_value\' + echo change $property $new_value $current_value >> "$__messages_out" + fi + fi + done + if [ $# -gt 0 ]; then + if [ "$os" = "freebsd" ]; then + echo pw groupmod "$@" "$name" + else echo groupmod "$@" "$name" - ;; - esac + fi + echo mod >> "$__messages_out" + fi + else + # create new + for property in $supported_change_properties; do + if [ -f "$__object/parameter/$property" ]; then + new_value="$(cat "$__object/parameter/$property")" + if [ -z "$new_value" ]; then + # Boolean parameters have no value + set -- "$@" "$(shorten_property $property)" + else + set -- "$@" "$(shorten_property $property)" \'$new_value\' + fi + fi + done + if [ "$os" = "freebsd" ]; then + echo pw groupadd "$@" "$name" + else + echo groupadd "$@" "$name" + fi fi else - echo add >> "$__messages_out" - for property in $(ls .); do - new_value="$(cat "$property")" + # delete existing + if grep -q "^${name}:" "$__object/explorer/group"; then if [ "$os" = "freebsd" ]; then - case $property in - gid) - proparg="-g" - ;; - password) - echo "group/$name: FreeBSD doesn't support password setting" >&2 - exit 1 - ;; - *) - # The type has been updated to support more properties than it knows how to handle for FreeBSD - # tell the user about this. - echo "Currently unknown property: $property" >&2 - exit 1 - ;; - esac + echo pw groupdel "$name" else - proparg="--$property" + echo groupdel "$name" fi - - set -- "$@" "$proparg" \"$new_value\" - echo set $property $new_value >> "$__messages_out" - done - - case $os in - freebsd) - echo pw group add "$@" "$name" - ;; - *) - echo groupadd "$@" "$name" - ;; - esac + echo remove >> "$__messages_out" + fi fi - diff --git a/cdist/conf/type/__group/man.text b/cdist/conf/type/__group/man.text index def0232f..4b18a552 100644 --- a/cdist/conf/type/__group/man.text +++ b/cdist/conf/type/__group/man.text @@ -20,18 +20,28 @@ None. OPTIONAL PARAMETERS ------------------- +state:: + absent or present, defaults to present gid:: see groupmod(8) password:: see above +BOOLEAN PARAMETERS +------------------ +system:: + see groupadd(8), apply only on group creation + + MESSAGES -------- mod:: group is modified add:: New group added +remove:: + group is removed change :: Changed group property from current_value to new_value set :: @@ -45,6 +55,12 @@ EXAMPLES # Create a group 'foobar' with operating system default settings __group foobar +# Remove the 'foobar' group +__group foobar --state absent + +# Create a system group 'myservice' with operating system default settings +__group myservice --system + # Same but with a specific gid __group foobar --gid 1234 @@ -60,5 +76,5 @@ SEE ALSO COPYING ------- -Copyright \(C) 2011 Steven Armstrong. Free use of this software is +Copyright \(C) 2011-2015 Steven Armstrong. Free use of this software is granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/cdist/conf/type/__group/parameter/boolean b/cdist/conf/type/__group/parameter/boolean new file mode 100644 index 00000000..bec3a35e --- /dev/null +++ b/cdist/conf/type/__group/parameter/boolean @@ -0,0 +1 @@ +system diff --git a/cdist/conf/type/__group/parameter/default/state b/cdist/conf/type/__group/parameter/default/state new file mode 100644 index 00000000..e7f6134f --- /dev/null +++ b/cdist/conf/type/__group/parameter/default/state @@ -0,0 +1 @@ +present diff --git a/cdist/conf/type/__group/parameter/optional b/cdist/conf/type/__group/parameter/optional index 4c661c8f..dd51c173 100644 --- a/cdist/conf/type/__group/parameter/optional +++ b/cdist/conf/type/__group/parameter/optional @@ -1,2 +1,3 @@ gid password +state diff --git a/cdist/conf/type/__hostname/explorer/hostname_file b/cdist/conf/type/__hostname/explorer/hostname_file index ed28c8a8..6a00aa9f 100755 --- a/cdist/conf/type/__hostname/explorer/hostname_file +++ b/cdist/conf/type/__hostname/explorer/hostname_file @@ -21,6 +21,10 @@ # Retrieve the contents of /etc/hostname # +# Almost any distribution if [ -f /etc/hostname ]; then cat /etc/hostname +# SuSE +elif [ -f /etc/HOSTNAME ]; then + cat /etc/HOSTNAME fi diff --git a/cdist/conf/type/__hostname/gencode-remote b/cdist/conf/type/__hostname/gencode-remote index eec3bc9f..576f80bf 100755 --- a/cdist/conf/type/__hostname/gencode-remote +++ b/cdist/conf/type/__hostname/gencode-remote @@ -28,14 +28,14 @@ fi os=$(cat "$__global/explorer/os") name_running=$(cat "$__global/explorer/hostname") name_config=$(cat "$__object/explorer/hostname_file") -name_sysconfig=$(cat "$__object/explorer/hostname_file") +name_sysconfig=$(cat "$__object/explorer/hostname_sysconfig") has_hostnamectl=$(cat "$__object/explorer/has_hostnamectl") ################################################################################ # If everything is ok -> exit # case "$os" in - archlinux|debian|ubuntu) + archlinux|debian|suse|ubuntu) if [ "$name_config" = "$name_should" -a "$name_running" = "$name_should" ]; then exit 0 fi @@ -45,6 +45,10 @@ case "$os" in exit 0 fi ;; + *) + echo "Unsupported os: $os" >&2 + exit 1 + ;; esac ################################################################################ @@ -63,5 +67,9 @@ else centos) echo "hostname '$name_should'" ;; + suse) + echo "hostname '$name_should'" + echo "printf '%s\n' '$name_should' > /etc/HOSTNAME" + ;; esac fi diff --git a/cdist/conf/type/__hostname/manifest b/cdist/conf/type/__hostname/manifest index b6985c1c..448e56da 100755 --- a/cdist/conf/type/__hostname/manifest +++ b/cdist/conf/type/__hostname/manifest @@ -34,7 +34,7 @@ not_supported() { } case "$os" in - archlinux|debian|ubuntu) + archlinux|debian|suse|ubuntu) # handled in gencode-remote : ;; diff --git a/cdist/conf/type/__iptables_apply/files/init-script b/cdist/conf/type/__iptables_apply/files/init-script index 2dc952e9..2247dcf5 100644 --- a/cdist/conf/type/__iptables_apply/files/init-script +++ b/cdist/conf/type/__iptables_apply/files/init-script @@ -45,4 +45,14 @@ case $1 in restart) "$0" stop && "$0" start ;; + reset) + for table in INPUT FORWARD OUTPUT; do + iptables -P "$table" ACCEPT + iptables -F "$table" + done + for table in PREROUTING POSTROUTING OUTPUT; do + iptables -t nat -P "$table" ACCEPT + iptables -t nat -F "$table" + done + ;; esac diff --git a/cdist/conf/type/__locale/manifest b/cdist/conf/type/__locale/manifest index f3d75d59..e7230f9c 100644 --- a/cdist/conf/type/__locale/manifest +++ b/cdist/conf/type/__locale/manifest @@ -1,6 +1,6 @@ #!/bin/sh # -# 2013-2014 Nico Schottelius (nico-cdist at schottelius.org) +# 2013-2015 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # @@ -29,6 +29,9 @@ case "$os" in # Debian needs a seperate package __package locales --state present ;; + archlinux|suse|ubuntu) + : + ;; *) echo "Sorry, do not know how to handle os: $os" >&2 echo "Please edit the type ${__type##*/} to fix this." >&2 diff --git a/cdist/conf/type/__package/explorer/pkgng_exists b/cdist/conf/type/__package/explorer/pkgng_exists new file mode 100755 index 00000000..355c5d65 --- /dev/null +++ b/cdist/conf/type/__package/explorer/pkgng_exists @@ -0,0 +1,27 @@ +#!/bin/sh +# +# 2014 Jake Guffey (jake.guffey at eprotex.com) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# +# Retrieve the status of a package - parsed dpkg output +# + +if [ "$($__explorer/os)" = "freebsd" ]; then + command -v pkg +fi + diff --git a/cdist/conf/type/__package/manifest b/cdist/conf/type/__package/manifest index 0ebf0099..25e43b30 100755 --- a/cdist/conf/type/__package/manifest +++ b/cdist/conf/type/__package/manifest @@ -19,7 +19,7 @@ # # # __package is an abstract type which dispatches to the lower level -# __package_$name types which do the actual interaction with the packaging +# __package_$type types which do the actual interaction with the packaging # system. # @@ -33,7 +33,13 @@ else amazon|centos|fedora|redhat) type="yum" ;; archlinux) type="pacman" ;; debian|ubuntu) type="apt" ;; - freebsd) type="pkg_freebsd" ;; + freebsd) + if [ -n "$(cat "$__object/explorer/pkgng_exists")" ]; then + type="pkgng_freebsd" + else + type="pkg_freebsd" + fi + ;; gentoo) type="emerge" ;; suse) type="zypper" ;; openwrt) type="opkg" ;; diff --git a/cdist/conf/type/__package_apt/gencode-remote b/cdist/conf/type/__package_apt/gencode-remote index 57339db3..1feec012 100755 --- a/cdist/conf/type/__package_apt/gencode-remote +++ b/cdist/conf/type/__package_apt/gencode-remote @@ -33,6 +33,14 @@ else state_should="present" fi +if [ -f "$__object/parameter/target-release" ]; then + target_release="--target-release $(cat "$__object/parameter/target-release")" +else + target_release="" +fi + + + # FIXME: use grep directly, state is a list, not a line! state_is="$(cat "$__object/explorer/state")" case "$state_is" in @@ -44,13 +52,13 @@ esac # Hint if we need to avoid questions at some point: # DEBIAN_PRIORITY=critical can reduce the number of questions -aptget="DEBIAN_FRONTEND=noninteractive apt-get --quiet --yes --no-install-recommends -o DPkg::Options::=\"--force-confold\"" +aptget="DEBIAN_FRONTEND=noninteractive apt-get --quiet --yes --no-install-recommends -o Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\"" [ "$state_is" = "$state_should" ] && exit 0 case "$state_should" in present) - echo $aptget install \"$name\" + echo $aptget install $target_release \"$name\" ;; absent) echo $aptget remove \"$name\" diff --git a/cdist/conf/type/__package_apt/man.text b/cdist/conf/type/__package_apt/man.text index 5d4656c1..c1f8ee1f 100644 --- a/cdist/conf/type/__package_apt/man.text +++ b/cdist/conf/type/__package_apt/man.text @@ -27,6 +27,9 @@ name:: state:: Either "present" or "absent", defaults to "present" +target-release:: + Passed on to apt-get install, see apt-get(8). + Essentially allows you to retrieve packages from a different release EXAMPLES -------- diff --git a/cdist/conf/type/__package_apt/parameter/optional b/cdist/conf/type/__package_apt/parameter/optional index 41b8e6cf..d6674f95 100644 --- a/cdist/conf/type/__package_apt/parameter/optional +++ b/cdist/conf/type/__package_apt/parameter/optional @@ -1,3 +1,4 @@ name version state +target-release diff --git a/cdist/conf/type/__package_emerge/gencode-remote b/cdist/conf/type/__package_emerge/gencode-remote index d4cee37e..1199fc72 100644 --- a/cdist/conf/type/__package_emerge/gencode-remote +++ b/cdist/conf/type/__package_emerge/gencode-remote @@ -27,37 +27,40 @@ else name="$__object_id" fi -if [ -f "$__object/parameter/state" ]; then - state_should="$(cat "$__object/parameter/state")" -else - state_should="present" +state_should="$(cat "$__object/parameter/state")" + +version="$(cat "$__object/parameter/version")" + +if [ -n "$version" ]; then + name="=$name-$version" fi pkg_version="$(cat "$__object/explorer/pkg_version")" if [ -z "$pkg_version" ]; then state_is="absent" -elif [ $(echo "$pkg_version" | wc -l) -gt 1 ]; then +elif [ -z "$version" -a $(echo "$pkg_version" | wc -l) -gt 1 ]; then + echo "Package name is not unique! The following packages are installed:" + echo "$pkg_version" + exit 1 +elif [ -n "$version" -a $(echo "$pkg_version" | cut -d " " -f 1 | sort | uniq | wc -l) -gt 1 ]; then echo "Package name is not unique! The following packages are installed:" echo "$pkg_version" exit 1 else state_is="present" - installed_version="$(echo "$pkg_version" | cut -d " " -f 2)" + if [ -n "$version" ] && echo "$pkg_version" | cut -d " " -f 2 | grep -q -x "$version"; then + installed_version="$(echo "$pkg_version" | cut -d " " -f 2 | grep -x "$version")" + else + installed_version="$(echo "$pkg_version" | cut -d " " -f 2 | tail -n 1)" + fi fi -if [ -f "$__object/parameter/version" ]; then - version="$(cat "$__object/parameter/version")" - if [ ! -z "$version" ]; then - name="=$name-$version" - fi -else - version="" -fi # Exit if nothing is needed to be done [ "$state_is" = "$state_should" ] && ( [ -z "$version" ] || [ "$installed_version" = "$version" ] ) && exit 0 [ "$state_should" = "absent" ] && [ ! -z "$version" ] && [ "$installed_version" != "$version" ] && exit 0 + case "$state_should" in present) echo "emerge \"$name\" &>/dev/null || exit 1" diff --git a/cdist/conf/type/__package_emerge/parameter/default/state b/cdist/conf/type/__package_emerge/parameter/default/state new file mode 100644 index 00000000..e7f6134f --- /dev/null +++ b/cdist/conf/type/__package_emerge/parameter/default/state @@ -0,0 +1 @@ +present diff --git a/cdist/conf/type/__package_emerge/parameter/default/version b/cdist/conf/type/__package_emerge/parameter/default/version new file mode 100644 index 00000000..e69de29b diff --git a/cdist/conf/type/__package_pkgng_freebsd/explorer/pkg_version b/cdist/conf/type/__package_pkgng_freebsd/explorer/pkg_version new file mode 100755 index 00000000..947857b9 --- /dev/null +++ b/cdist/conf/type/__package_pkgng_freebsd/explorer/pkg_version @@ -0,0 +1,37 @@ +#!/bin/sh +# +# 2014 Jake Guffey (jake.guffey at eprotex.com) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# +# Retrieve the status of a package - parsed dpkg output +# + +if [ -f "$__object/parameter/name" ]; then + name="$(cat "$__object/parameter/name")" +else + name="$__object_id" +fi + +# Don't produce "no pkgs installed" output -- breaks things +PKG_OUTPUT=$(pkg info 2>&1) +echo -n "$(echo "$PKG_OUTPUT" \ + | awk '{print $1}' \ + | sed 's/^\(.*\)-\([^-]*\)$/name:\1 ver:\2/g' \ + | grep "name:$name ver:" \ + | sed 's/^.*ver:\(.*\)/\1/g')" + diff --git a/cdist/conf/type/__package_pkgng_freebsd/gencode-remote b/cdist/conf/type/__package_pkgng_freebsd/gencode-remote new file mode 100755 index 00000000..39965aca --- /dev/null +++ b/cdist/conf/type/__package_pkgng_freebsd/gencode-remote @@ -0,0 +1,139 @@ +#!/bin/sh +# +# 2014 Jake Guffey (jake.guffey at eprotex.com) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# +# Manage packages with pkg on FreeBSD +# + +# Debug +#exec >&2 +#set -x + +if [ -f "$__object/parameter/name" ]; then + name="$(cat "$__object/parameter/name")" +else + name="$__object_id" +fi + +if [ -f "$__object/parameter/flavor" ]; then + flavor="$(cat "$__object/parameter/flavor")" +fi + +if [ -f "$__object/parameter/version" ]; then + version="$(cat "$__object/parameter/version")" +fi + +if [ -f "$__object/parameter/upgrade" ]; then + upgrade="true" +else + upgrade="false" +fi + +if [ -f "$__object/parameter/repo" ]; then + repo="$(cat "$__object/parameter/repo")" +fi + +if [ -f "$__object/parameter/state" ]; then + state="$(cat "$__object/parameter/state")" +else + state="present" +fi +curr_version="$(cat "$__object/explorer/pkg_version")" +add_cmd="pkg install -y" +rm_cmd="pkg delete -y" +upg_cmd="pkg upgrade -y" +cmd="" + +# Print the command to be executed +# Parms: $1 -- mode, "rm", "add", or "upg" +# $2 -- the command to be echoed +execcmd(){ + local _cmd="" + + case "$1" in + add) + _cmd="${add_cmd} $2" + ;; + rm) + _cmd="${rm_cmd} $2" + ;; + upg) + _cmd="${upg_cmd} $2" + ;; + *) + printf "Error. Don't understand command: %s" "$1" >&2 + exit 1 + ;; + esac + + echo "$_cmd 2>&- >&-" # Silence the output of the command + echo "status=\$?" + echo "if [ \"\$status\" -ne \"0\" ]; then" + echo " echo \"Error: ${_cmd} exited nonzero with \$status\"'!' >&2" + echo " exit 1" + echo "fi" +} + +if [ -n "$curr_version" ]; then # PKG *is* installed + if [ -n "$repo" ]; then + cmd="-r ${repo} ${name}" + else + cmd="${name}" + fi + if [ -n "$flavor" ]; then + cmd="${cmd}-${flavor}" + fi + # PKG is supposed to be removed + if [ "$state" = "absent" ]; then + execcmd "rm" "${cmd}" + # PKG is supposed to be installed to a particular version + elif [ -n "$version" ] && [ "$version" != "$curr_version" ]; then + if [ "$upgrade" = "true" ]; then + execcmd "upg" "${cmd}" + else + printf "Version %s is already installed and pkg-ng can't upgrade directly to version %s.\nTo upgrade to the latest version, use the --upgrade flag.\n" "$curr_version" "$version" >&2 + exit 1 + fi + # PKG is supposed to be installed to the latest version + else + : # Do nothing. + fi +else # PKG *isn't* installed + if [ "$state" = "absent" ]; then # Shouldn't be installed + exit 0 + else # Should be installed + if [ -n "$repo" ]; then + cmd="-r ${repo} ${name}" + else + cmd="${name}" + fi + if [ -n "$flavor" ]; then + cmd="${cmd}-${flavor}" + fi + if [ -n "$version" ]; then + cmd="${cmd}-${version}" + fi + + execcmd "add" "$cmd" + exit 0 + fi +fi + +# Debug +#set +x diff --git a/cdist/conf/type/__package_pkgng_freebsd/man.text b/cdist/conf/type/__package_pkgng_freebsd/man.text new file mode 100644 index 00000000..da44da83 --- /dev/null +++ b/cdist/conf/type/__package_pkgng_freebsd/man.text @@ -0,0 +1,97 @@ +cdist-type__package_pkgng_freebsd(7) +================================== +Jake Guffey + + +NAME +---- +cdist-type__package_pkgng_freebsd - Manage FreeBSD packages with pkg-ng + + +DESCRIPTION +----------- +This type is usually used on FreeBSD to manage packages. + + +REQUIRED PARAMETERS +------------------- +None + + +OPTIONAL PARAMETERS +------------------- +name:: + If supplied, use the name and not the object id as the package name. + +flavor:: + If supplied, use to avoid ambiguity. + +version:: + If supplied, use to install a specific version of the package named. + +repo:: + If supplied, use to install the package named from a particular repo. + +state:: + Either "present" or "absent", defaults to "present" + + +BOOLEAN PARAMETERS +------------------ +upgrade:: + If supplied, allow upgrading to the latest version of a package. + + +CAVEATS +------- +This type requires that repository definitions already exist in /etc/pkg/*.conf. +Ensure that they exist prior to use of this type with __file. + +pkg-ng can't upgrade a package to a specific version. If this type needs to +upgrade a package, it can only ugprade to the latest available version. If the +"upgrade" parameter is not given and an upgrade needs to occur, an error will result. + + +MESSAGES +-------- +install:: + The package was installed +remove:: + The package was removed +upgrade:: + The package was upgraded +exist:: + The package was already present and thus not installed + + +EXAMPLES +-------- + +-------------------------------------------------------------------------------- +# Ensure zsh is installed +__package_pkgng_freebsd zsh --state present + +# Ensure vim is installed, use flavor no_x11 +__package_pkgng_freebsd vim --state present --flavor no_x11 + +# If you don't want to follow pythonX packages, but always use python +__package_pkgng_freebsd python --state present --name python2 + +# Install a package from a particular repository when multiples exist +__package_pkgng_freebsd bash --state present --repo myrepo + +# Remove obsolete package +__package_pkgng_freebsd puppet --state absent +-------------------------------------------------------------------------------- + + +SEE ALSO +-------- +- cdist-type(7) +- cdist-type__package(7) + + +COPYING +------- +Copyright \(C) 2014 Jake Guffey. Free use of this software is +granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/cdist/conf/type/__package_pkgng_freebsd/parameter/boolean b/cdist/conf/type/__package_pkgng_freebsd/parameter/boolean new file mode 100644 index 00000000..007ead00 --- /dev/null +++ b/cdist/conf/type/__package_pkgng_freebsd/parameter/boolean @@ -0,0 +1 @@ +upgrade \ No newline at end of file diff --git a/cdist/conf/type/__package_pkgng_freebsd/parameter/optional b/cdist/conf/type/__package_pkgng_freebsd/parameter/optional new file mode 100644 index 00000000..6e67f838 --- /dev/null +++ b/cdist/conf/type/__package_pkgng_freebsd/parameter/optional @@ -0,0 +1,5 @@ +name +flavor +version +repo +state diff --git a/cdist/conf/type/__package_update_index/gencode-remote b/cdist/conf/type/__package_update_index/gencode-remote new file mode 100755 index 00000000..8ee837eb --- /dev/null +++ b/cdist/conf/type/__package_update_index/gencode-remote @@ -0,0 +1,50 @@ +#!/bin/sh +# +# 2014 Ricardo Catalinas Jiménez (jimenezrick at gmail.com) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# +# Update the package index with the appropriate package manager +# + +type="$__object/parameter/type" + +if [ -f "$type" ]; then + type="$(cat "$type")" +else + # By default determine package manager based on operating system + os="$(cat "$__global/explorer/os")" + case "$os" in + amazon|centos|fedora|redhat) type="yum" ;; + debian|ubuntu) type="apt" ;; + archlinux) type="pacman" ;; + *) + echo "Don't know how to manage packages on: $os" >&2 + exit 1 + ;; + esac +fi + +case "$type" in + yum) ;; + apt) echo "apt-get --quiet update" ;; + pacman) echo "pacman --noprogressbar --sync --refresh" ;; + *) + echo "Don't know how to manage packages on: $os" >&2 + exit 1 + ;; +esac diff --git a/cdist/conf/type/__package_update_index/man.text b/cdist/conf/type/__package_update_index/man.text new file mode 100644 index 00000000..6435e51d --- /dev/null +++ b/cdist/conf/type/__package_update_index/man.text @@ -0,0 +1,52 @@ +cdist-type__package_update_index(7) +=================================== +Ricardo Catalinas Jiménez + + +NAME +---- +cdist-type__package_update_index - Update the package index + + +DESCRIPTION +----------- +This cdist type allows you to update the package index on the target. +It will automatically use the appropriate package manager. + + +REQUIRED PARAMETERS +------------------- +None + + +OPTIONAL PARAMETERS +------------------- +type:: + The package manager to use. Default is determined based on the $os + explorer variable. + e.g. apt for Debian + yum for Red Hat + pacman for Arch Linux + + +EXAMPLES +-------- + +-------------------------------------------------------------------------------- +# Update the package index on the target +__package_update_index + +# Force use of a specific package manager +__package_update_index --type apt +-------------------------------------------------------------------------------- + + +SEE ALSO +-------- +- cdist-type(7) + + +COPYING +------- +Copyright \(C) 2014 Ricardo Catalinas Jiménez. Free use of this software is +granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/cdist/conf/type/__package_update_index/parameter/optional b/cdist/conf/type/__package_update_index/parameter/optional new file mode 100644 index 00000000..aa80e646 --- /dev/null +++ b/cdist/conf/type/__package_update_index/parameter/optional @@ -0,0 +1 @@ +type diff --git a/cdist/conf/type/__package_update_index/singleton b/cdist/conf/type/__package_update_index/singleton new file mode 100644 index 00000000..e69de29b diff --git a/cdist/conf/type/__package_upgrade_all/gencode-remote b/cdist/conf/type/__package_upgrade_all/gencode-remote new file mode 100755 index 00000000..57676a57 --- /dev/null +++ b/cdist/conf/type/__package_upgrade_all/gencode-remote @@ -0,0 +1,62 @@ +#!/bin/sh +# +# 2014 Ricardo Catalinas Jiménez (jimenezrick at gmail.com) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# +# Upgrade all the already installed packages with the appropriate package +# manager +# + +type="$__object/parameter/type" + +if [ -f "$type" ]; then + type="$(cat "$type")" +else + # By default determine package manager based on operating system + os="$(cat "$__global/explorer/os")" + case "$os" in + amazon|centos|fedora|redhat) type="yum" ;; + debian|ubuntu) type="apt" ;; + archlinux) type="pacman" ;; + *) + echo "Don't know how to manage packages on: $os" >&2 + exit 1 + ;; + esac +fi + +aptget="DEBIAN_FRONTEND=noninteractive apt-get --quiet --yes --no-install-recommends -o Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\"" + +case "$type" in + yum) + echo "yum --quiet --assumeyes update" + echo "yum --quiet clean all" + ;; + apt) + echo $aptget dist-upgrade + echo "apt-get --quiet autoclean" + ;; + pacman) + echo "pacman --noprogressbar --noconfirm --sync --sysupgrade" + echo "pacman --noprogressbar --noconfirm --sync --clean" + ;; + *) + echo "Don't know how to manage packages on: $os" >&2 + exit 1 + ;; +esac diff --git a/cdist/conf/type/__package_upgrade_all/man.text b/cdist/conf/type/__package_upgrade_all/man.text new file mode 100644 index 00000000..6d3e1338 --- /dev/null +++ b/cdist/conf/type/__package_upgrade_all/man.text @@ -0,0 +1,52 @@ +cdist-type__package_upgrade_all(7) +================================== +Ricardo Catalinas Jiménez + + +NAME +---- +cdist-type__package_upgrade_all - Upgrade all the installed packages + + +DESCRIPTION +----------- +This cdist type allows you to upgrade all the installed packages on the +target. It will automatically use the appropriate package manager. + + +REQUIRED PARAMETERS +------------------- +None + + +OPTIONAL PARAMETERS +------------------- +type:: + The package manager to use. Default is determined based on the $os + explorer variable. + e.g. apt for Debian + yum for Red Hat + pacman for Arch Linux + + +EXAMPLES +-------- + +-------------------------------------------------------------------------------- +# Upgrade all the installed packages on the target +__package_upgrade_all + +# Force use of a specific package manager +__package_upgrade_all --type apt +-------------------------------------------------------------------------------- + + +SEE ALSO +-------- +- cdist-type(7) + + +COPYING +------- +Copyright \(C) 2014 Ricardo Catalinas Jiménez. Free use of this software is +granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/cdist/conf/type/__package_upgrade_all/parameter/optional b/cdist/conf/type/__package_upgrade_all/parameter/optional new file mode 100644 index 00000000..aa80e646 --- /dev/null +++ b/cdist/conf/type/__package_upgrade_all/parameter/optional @@ -0,0 +1 @@ +type diff --git a/cdist/conf/type/__package_upgrade_all/singleton b/cdist/conf/type/__package_upgrade_all/singleton new file mode 100644 index 00000000..e69de29b diff --git a/cdist/conf/type/__package_yum/gencode-remote b/cdist/conf/type/__package_yum/gencode-remote index 5f0e8ac8..32a794a0 100755 --- a/cdist/conf/type/__package_yum/gencode-remote +++ b/cdist/conf/type/__package_yum/gencode-remote @@ -1,6 +1,6 @@ #!/bin/sh # -# 2011 Nico Schottelius (nico-cdist at schottelius.org) +# 2011-2014 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # @@ -27,6 +27,14 @@ else name="$__object_id" fi +# Support installing from an URL +if [ -f "$__object/parameter/url" ]; then + install_name="$(cat "$__object/parameter/url")" +else + install_name="$name" +fi + + state_should="$(cat "$__object/parameter/state")" if grep -q -E "(centos|redhat|amazon)" "$__global/explorer/os"; then @@ -47,7 +55,7 @@ fi case "$state_should" in present) - echo yum $opts install \"$name\" + echo yum $opts install \"$install_name\" ;; absent) echo yum $opts remove \"$name\" diff --git a/cdist/conf/type/__package_yum/man.text b/cdist/conf/type/__package_yum/man.text index d958dd1e..65e1be67 100644 --- a/cdist/conf/type/__package_yum/man.text +++ b/cdist/conf/type/__package_yum/man.text @@ -27,6 +27,8 @@ name:: state:: Either "present" or "absent", defaults to "present" +url:: + URL to use for the package EXAMPLES @@ -41,6 +43,9 @@ __package_yum python --state present --name python2 # Remove obsolete package __package_yum puppet --state absent + +__package epel-release-6-8 \ + --url http://mirror.switch.ch/ftp/mirror/epel/6/i386/epel-release-6-8.noarch.rpm -------------------------------------------------------------------------------- diff --git a/cdist/conf/type/__package_yum/parameter/optional b/cdist/conf/type/__package_yum/parameter/optional index 1b423dc4..9293119d 100644 --- a/cdist/conf/type/__package_yum/parameter/optional +++ b/cdist/conf/type/__package_yum/parameter/optional @@ -1,2 +1,3 @@ name state +url diff --git a/cdist/conf/type/__postfix/manifest b/cdist/conf/type/__postfix/manifest index 52a13919..5a184910 100755 --- a/cdist/conf/type/__postfix/manifest +++ b/cdist/conf/type/__postfix/manifest @@ -1,6 +1,6 @@ #!/bin/sh # -# 2012 Steven Armstrong (steven-cdist at armstrong.cc) +# 2012-2014 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # @@ -22,7 +22,7 @@ os=$(cat "$__global/explorer/os") case "$os" in - ubuntu|debian|archlinux|suse) + ubuntu|debian|archlinux|suse|centos) __package postfix --state present ;; *) diff --git a/cdist/conf/type/__postfix_master/manifest b/cdist/conf/type/__postfix_master/manifest index 87e2329b..7777892b 100755 --- a/cdist/conf/type/__postfix_master/manifest +++ b/cdist/conf/type/__postfix_master/manifest @@ -1,6 +1,6 @@ #!/bin/sh # -# 2012 - 2013 Steven Armstrong (steven-cdist at armstrong.cc) +# 2012-2014 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # @@ -22,7 +22,7 @@ os=$(cat "$__global/explorer/os") case "$os" in - ubuntu|debian|archlinux) + ubuntu|debian|archlinux|centos) : ;; *) diff --git a/cdist/conf/type/__postfix_postconf/explorer/value b/cdist/conf/type/__postfix_postconf/explorer/value index e08c6da6..3f319eda 100755 --- a/cdist/conf/type/__postfix_postconf/explorer/value +++ b/cdist/conf/type/__postfix_postconf/explorer/value @@ -1,6 +1,6 @@ #!/bin/sh # -# 2012 Steven Armstrong (steven-cdist at armstrong.cc) +# 2012-2014 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # @@ -22,7 +22,7 @@ os=$("$__explorer/os") case "$os" in - ubuntu|debian|archlinux|suse) + ubuntu|debian|archlinux|suse|centos) : ;; *) diff --git a/cdist/conf/type/__postfix_postconf/gencode-remote b/cdist/conf/type/__postfix_postconf/gencode-remote index 43c0482e..4b4096a5 100755 --- a/cdist/conf/type/__postfix_postconf/gencode-remote +++ b/cdist/conf/type/__postfix_postconf/gencode-remote @@ -1,6 +1,6 @@ #!/bin/sh # -# 2012 Steven Armstrong (steven-cdist at armstrong.cc) +# 2012-2014 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # @@ -21,7 +21,7 @@ os=$(cat "$__global/explorer/os") case "$os" in - ubuntu|debian|archlinux|suse) + ubuntu|debian|archlinux|suse|centos) : ;; *) diff --git a/cdist/conf/type/__postfix_postconf/manifest b/cdist/conf/type/__postfix_postconf/manifest index 0dde64e9..dbce5364 100755 --- a/cdist/conf/type/__postfix_postconf/manifest +++ b/cdist/conf/type/__postfix_postconf/manifest @@ -1,6 +1,6 @@ #!/bin/sh # -# 2012 - 2013 Steven Armstrong (steven-cdist at armstrong.cc) +# 2012-2014 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # diff --git a/cdist/conf/type/__postfix_postmap/manifest b/cdist/conf/type/__postfix_postmap/manifest index 0dde64e9..dbce5364 100755 --- a/cdist/conf/type/__postfix_postmap/manifest +++ b/cdist/conf/type/__postfix_postmap/manifest @@ -1,6 +1,6 @@ #!/bin/sh # -# 2012 - 2013 Steven Armstrong (steven-cdist at armstrong.cc) +# 2012-2014 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # diff --git a/cdist/conf/type/__postfix_reload/gencode-remote b/cdist/conf/type/__postfix_reload/gencode-remote index 5822f1e3..8311568a 100755 --- a/cdist/conf/type/__postfix_reload/gencode-remote +++ b/cdist/conf/type/__postfix_reload/gencode-remote @@ -1,6 +1,6 @@ #!/bin/sh # -# 2012 Steven Armstrong (steven-cdist at armstrong.cc) +# 2012-2014 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # @@ -22,7 +22,7 @@ os=$(cat "$__global/explorer/os") case "$os" in - ubuntu|debian|archlinux) + ubuntu|debian|archlinux|centos) echo "postfix reload" ;; *) diff --git a/cdist/conf/type/__postfix_reload/manifest b/cdist/conf/type/__postfix_reload/manifest index 0dde64e9..dbce5364 100755 --- a/cdist/conf/type/__postfix_reload/manifest +++ b/cdist/conf/type/__postfix_reload/manifest @@ -1,6 +1,6 @@ #!/bin/sh # -# 2012 - 2013 Steven Armstrong (steven-cdist at armstrong.cc) +# 2012-2014 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # diff --git a/cdist/conf/type/__qemu_img/man.text b/cdist/conf/type/__qemu_img/man.text index 0fe2bbec..dda54e0d 100644 --- a/cdist/conf/type/__qemu_img/man.text +++ b/cdist/conf/type/__qemu_img/man.text @@ -1,5 +1,5 @@ cdist-type__qemu_img(7) -======================== +======================= Nico Schottelius diff --git a/cdist/conf/type/__rsync/gencode-local b/cdist/conf/type/__rsync/gencode-local new file mode 100644 index 00000000..7d688115 --- /dev/null +++ b/cdist/conf/type/__rsync/gencode-local @@ -0,0 +1,19 @@ +source=$(cat "$__object/parameter/source") +remote_user=$(cat "$__object/parameter/remote-user") + +if [ -f "$__object/parameter/destination" ]; then + destination=$(cat "$__object/parameter/destination") +else + destination="/$__object_id" +fi + +set -- +if [ -f "$__object/parameter/rsync-opts" ]; then + while read opts; do + set -- "$@" "$opts" + done +fi + +echo rsync -a \ + --no-owner --no-group \ + -q "$@" "${source}/" "${remote_user}@${__target_host}:${destination}" diff --git a/cdist/conf/type/__rsync/gencode-remote b/cdist/conf/type/__rsync/gencode-remote new file mode 100644 index 00000000..f8d85313 --- /dev/null +++ b/cdist/conf/type/__rsync/gencode-remote @@ -0,0 +1,17 @@ +if [ -f "$__object/parameter/destination" ]; then + destination=$(cat "$__object/parameter/destination") +else + destination="/$__object_id" +fi + +ownergroup="" +if [ -f "$__object/parameter/owner" ]; then + ownergroup=$(cat "$__object/parameter/owner") +fi +if [ -f "$__object/parameter/group" ]; then + ownergroup=":$(cat "$__object/parameter/group")" +fi + +if [ "$ownergroup" ]; then + echo chown -R "$ownergroup" "$destination" +fi diff --git a/cdist/conf/type/__rsync/man.text b/cdist/conf/type/__rsync/man.text new file mode 100644 index 00000000..744b4bc2 --- /dev/null +++ b/cdist/conf/type/__rsync/man.text @@ -0,0 +1,87 @@ +cdist-type__rsync(7) +==================== +Nico Schottelius + + +NAME +---- +cdist-type__rsync - Mirror directories using rsync + + +DESCRIPTION +----------- +WARNING: This type is of BETA quality: + +- it has not been tested widely +- interfaces *may* change +- if there is a better approach to solve the problem -> the type may even vanish + +If you are fine with these constraints, please read on. + + +This cdist type allows you to mirror local directories to the +target host using rsync. Rsync will be installed in the manifest of the type. +If group or owner are giveng, a recursive chown will be executed on the +target host. + +A slash will be appended to the source directory so that only the contents +of the directory are taken and not the directory name itself. + +REQUIRED PARAMETERS +------------------- +source:: + Where to take files from + + +OPTIONAL PARAMETERS +------------------- +group:: + Group to chgrp to. + +owner:: + User to chown to. + +destination:: + Use this as the base destination instead of the object id + +remote-user:: + Use this user instead of the default "root" for rsync operations. + +MESSAGES +-------- +NONE + + +EXAMPLES +-------- + +-------------------------------------------------------------------------------- +# You can use any source directory +__rsync /tmp/testdir \ + --source /etc + +# Use source from type +__rsync /etc \ + --source "$__type/files/package" + +# Allow multiple __rsync objects to write to the same dir +__rsync mystuff \ + --destination /usr/local/bin \ + --source "$__type/files/package" + +__rsync otherstuff \ + --destination /usr/local/bin \ + --source "$__type/files/package2" + + +-------------------------------------------------------------------------------- + +SEE ALSO +-------- +- cdist-type(7) + + +COPYING +------- +Copyright \(C) 2015 Nico Schottelius. Free use of this software is +granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/cdist/conf/type/__rsync/manifest b/cdist/conf/type/__rsync/manifest new file mode 100644 index 00000000..d25df45b --- /dev/null +++ b/cdist/conf/type/__rsync/manifest @@ -0,0 +1 @@ +__package rsync diff --git a/cdist/conf/type/__rsync/parameter/default/remote-user b/cdist/conf/type/__rsync/parameter/default/remote-user new file mode 100644 index 00000000..d8649da3 --- /dev/null +++ b/cdist/conf/type/__rsync/parameter/default/remote-user @@ -0,0 +1 @@ +root diff --git a/cdist/conf/type/__rsync/parameter/optional b/cdist/conf/type/__rsync/parameter/optional new file mode 100644 index 00000000..ac2b2390 --- /dev/null +++ b/cdist/conf/type/__rsync/parameter/optional @@ -0,0 +1,4 @@ +destination +owner +group +remote-user diff --git a/cdist/conf/type/__rsync/parameter/required b/cdist/conf/type/__rsync/parameter/required new file mode 100644 index 00000000..5a18cd2f --- /dev/null +++ b/cdist/conf/type/__rsync/parameter/required @@ -0,0 +1 @@ +source diff --git a/cdist/conf/type/__ssh_authorized_key/explorer/entry b/cdist/conf/type/__ssh_authorized_key/explorer/entry new file mode 100755 index 00000000..78031ab5 --- /dev/null +++ b/cdist/conf/type/__ssh_authorized_key/explorer/entry @@ -0,0 +1,26 @@ +#!/bin/sh +# +# 2014 Steven Armstrong (steven-cdist at armstrong.cc) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + +# extract the keytype and base64 encoded key ignoring any options and comment +type_and_key="$(cat "$__object/parameter/key" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }')" +file="$(cat $__object/parameter/file)" + +# get any entries that match the type and key +grep ".*$type_and_key[ \n]" "$file" || true diff --git a/cdist/conf/type/__ssh_authorized_key/gencode-remote b/cdist/conf/type/__ssh_authorized_key/gencode-remote new file mode 100755 index 00000000..6bbfa269 --- /dev/null +++ b/cdist/conf/type/__ssh_authorized_key/gencode-remote @@ -0,0 +1,109 @@ +#!/bin/sh +# +# 2014 Steven Armstrong (steven-cdist at armstrong.cc) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + +set -u + +remove_line() { + file="$1" + line="$2" + cat << DONE +tmpfile=\$(mktemp ${file}.cdist.XXXXXXXXXX) +# preserve ownership and permissions of existing file +if [ -f "$file" ]; then + cp -p "$file" "\$tmpfile" +fi +grep -v -F -x '$line' '$file' > \$tmpfile || true +mv -f "\$tmpfile" "$file" +DONE +} + +add_line() { + file="$1" + line="$2" + # escape single quotes + line_sanitised=$(echo "$line" | sed -e "s/'/'\"'\"'/g") + printf '%s' "printf '%s\n' '$line_sanitised' >> $file" +} + + +file="$(cat "$__object/parameter/file")" +mkdir "$__object/files" + +# Generate the entry as it should be +( + if [ -f "$__object/parameter/option" ]; then + # comma seperated list of options + options="$(cat "$__object/parameter/option" | tr '\n' ',')" + printf '%s ' "${options%*,}" + fi + if [ -f "$__object/parameter/comment" ]; then + # extract the keytype and base64 encoded key ignoring any options and comment + printf '%s ' "$(cat "$__object/parameter/key" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }')" + # override the comment with the one explicitly given + printf '%s' "$(cat "$__object/parameter/comment")" + else + printf '%s' "$(cat "$__object/parameter/key")" + fi + printf '\n' +) > "$__object/files/should" + +# Remove conflicting entries if any +if [ -s "$__object/explorer/entry" ]; then + # Note that the files have to be sorted for comparison with `comm`. + sort "$__object/explorer/entry" > "$__object/files/is" + comm -13 "$__object/files/should" "$__object/files/is" | { + while read entry; do + remove_line "$file" "$entry" + done + } +fi + +# Determine the current state +entry="$(cat "$__object/files/should")" +state_should="$(cat "$__object/parameter/state")" +num_existing_entries=$(grep -c -F -x "$entry" "$__object/explorer/entry" || true) +if [ $num_existing_entries -eq 1 ]; then + state_is="present" +else + # Posix grep does not define the -m option, so we can not remove a single + # occurence of a string from a file in the `remove_line` function. Instead + # _all_ occurences are removed. + # By using `comm` to detect conflicting entries this could lead to the + # situation that the key we want to add is actually removed. + # To workaround this we must treat 0 or more then 1 existing entries to + # mean current state is 'absent'. By doing this, the key is readded + # again after cleaning up conflicting entries. + state_is="absent" +fi + +# Manage the actual entry as it should be +if [ "$state_should" = "$state_is" ]; then + # Nothing to do + exit 0 +fi + +case "$state_should" in + present) + add_line "$file" "$entry" + ;; + absent) + remove_line "$file" "$entry" + ;; +esac diff --git a/cdist/conf/type/__ssh_authorized_key/man.text b/cdist/conf/type/__ssh_authorized_key/man.text new file mode 100644 index 00000000..b519222c --- /dev/null +++ b/cdist/conf/type/__ssh_authorized_key/man.text @@ -0,0 +1,67 @@ +cdist-type__ssh_authorized_key(7) +================================= +Steven Armstrong + + +NAME +---- +cdist-type__ssh_authorized_key - manage a single ssh authorized key entry + + +DESCRIPTION +----------- +Manage a single authorized key entry in an authorized_key file. +This type was created to be used by the __ssh_authorized_keys type. + + +REQUIRED PARAMETERS +------------------- +file:: + the authorized_keys file to which the given key should be added + +key:: + a string containing the ssh keytype, base 64 encoded key and optional + trailing comment which shall be added to the given authorized_keys file. + + +OPTIONAL PARAMETERS +------------------- +comment:: + explicit comment instead of the one which may be trailing the given key + +option:: + an option to set for this authorized_key entry. + Can be specified multiple times. + See sshd(8) for available options. + +state:: + if the given keys should be 'present' or 'absent', defaults to 'present'. + + +EXAMPLES +-------- + +-------------------------------------------------------------------------------- +__ssh_authorized_key some-id \ + --file "/home/user/.ssh/autorized_keys" \ + --key "$(cat ~/.ssh/id_rsa.pub)" + +__ssh_authorized_key some-id \ + --file "/home/user/.ssh/autorized_keys" \ + --key "$(cat ~/.ssh/id_rsa.pub)" \ + --option 'command="/path/to/script"' \ + --option 'environment="FOO=bar"' \ + --comment 'one to rule them all' +-------------------------------------------------------------------------------- + + +SEE ALSO +-------- +- cdist-type(7) +- cdist__ssh_authorized_keys(7) +- sshd(8) + +COPYING +------- +Copyright \(C) 2014 Steven Armstrong. Free use of this software is +granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/cdist/conf/type/__ssh_authorized_key/parameter/default/state b/cdist/conf/type/__ssh_authorized_key/parameter/default/state new file mode 100644 index 00000000..e7f6134f --- /dev/null +++ b/cdist/conf/type/__ssh_authorized_key/parameter/default/state @@ -0,0 +1 @@ +present diff --git a/cdist/conf/type/__ssh_authorized_key/parameter/optional b/cdist/conf/type/__ssh_authorized_key/parameter/optional new file mode 100644 index 00000000..89e8d966 --- /dev/null +++ b/cdist/conf/type/__ssh_authorized_key/parameter/optional @@ -0,0 +1,2 @@ +comment +state diff --git a/cdist/conf/type/__ssh_authorized_key/parameter/optional_multiple b/cdist/conf/type/__ssh_authorized_key/parameter/optional_multiple new file mode 100644 index 00000000..01925a15 --- /dev/null +++ b/cdist/conf/type/__ssh_authorized_key/parameter/optional_multiple @@ -0,0 +1 @@ +option diff --git a/cdist/conf/type/__ssh_authorized_key/parameter/required b/cdist/conf/type/__ssh_authorized_key/parameter/required new file mode 100644 index 00000000..d51426c3 --- /dev/null +++ b/cdist/conf/type/__ssh_authorized_key/parameter/required @@ -0,0 +1,2 @@ +file +key diff --git a/cdist/conf/type/__ssh_authorized_keys/explorer/file b/cdist/conf/type/__ssh_authorized_keys/explorer/file new file mode 100755 index 00000000..5a02721a --- /dev/null +++ b/cdist/conf/type/__ssh_authorized_keys/explorer/file @@ -0,0 +1,27 @@ +#!/bin/sh +# +# 2014 Steven Armstrong (steven-cdist at armstrong.cc) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + +if [ -f "$__object/parameter/file" ]; then + cat "$__object/parameter/file" +else + owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")" + home=$(getent passwd "$owner" | cut -d':' -f 6) + echo "$home/.ssh/authorized_keys" +fi diff --git a/cdist/conf/type/__ssh_authorized_keys/explorer/group b/cdist/conf/type/__ssh_authorized_keys/explorer/group index cdea6fe7..72a4e314 100755 --- a/cdist/conf/type/__ssh_authorized_keys/explorer/group +++ b/cdist/conf/type/__ssh_authorized_keys/explorer/group @@ -18,5 +18,6 @@ # along with cdist. If not, see . # -gid="$("$__type_explorer/passwd" | cut -d':' -f 4)" +owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")" +gid="$(getent passwd "$owner" | cut -d':' -f 4)" getent group "$gid" || true diff --git a/cdist/conf/type/__ssh_authorized_keys/man.text b/cdist/conf/type/__ssh_authorized_keys/man.text index 9fd683fd..d5523a6e 100644 --- a/cdist/conf/type/__ssh_authorized_keys/man.text +++ b/cdist/conf/type/__ssh_authorized_keys/man.text @@ -12,13 +12,13 @@ DESCRIPTION ----------- Adds or removes ssh keys from a authorized_keys file. -This type also manages the directory containing the authorized_keys -file and sets strict ownership and permissions. You can disable this feature -with the --noparent boolean parameter. +This type uses the __ssh_dot_ssh type to manage the directory containing +the authorized_keys file. You can disable this feature with the --noparent +boolean parameter. The existence, ownership and permissions of the authorized_keys file itself are also managed. This can be disabled with the --nofile boolean parameter. It is -then left to the user to ensure that the file exists and that ownership and +then left to the user to ensure that the file exists and that ownership and permissions work with ssh. @@ -31,15 +31,23 @@ key:: OPTIONAL PARAMETERS ------------------- +comment:: + explicit comment instead of the one which may be trailing the given key + +file:: + an alternative destination file, defaults to ~$owner/.ssh/authorized_keys + +option:: + an option to set for all created authorized_key entries. + Can be specified multiple times. + See sshd(8) for available options. + owner:: the user owning the authorized_keys file, defaults to object_id. state:: if the given keys should be 'present' or 'absent', defaults to 'present'. -file:: - an alternative destination file, defaults to ~$owner/.ssh/authorized_keys - BOOLEAN PARAMETERS ------------------ @@ -64,13 +72,24 @@ __ssh_authorized_keys root \ __ssh_authorized_keys user-name \ --key "ssh-rsa AXYZAAB3NzaC1yc2..." +# allow key to login as user-name with options and expicit comment +__ssh_authorized_keys user-name \ + --key "ssh-rsa AXYZAAB3NzaC1yc2..." \ + --option no-agent-forwarding \ + --option 'from="*.example.com"' \ + --comment 'backup server' + # same as above, but with explicit owner and two keys +# note that the options are set for all given keys __ssh_authorized_keys some-fancy-id \ --owner user-name \ --key "ssh-rsa AXYZAAB3NzaC1yc2..." \ - --key "ssh-rsa AZXYAAB3NzaC1yc2..." + --key "ssh-rsa AZXYAAB3NzaC1yc2..." \ + --option no-agent-forwarding \ + --option 'from="*.example.com"' \ + --comment 'backup server' -# same as above, but authorized_keys file in non standard location +# authorized_keys file in non standard location __ssh_authorized_keys some-fancy-id \ --file /etc/ssh/keys/user-name/authorized_keys \ --owner user-name \ @@ -89,6 +108,7 @@ __ssh_authorized_keys some-fancy-id \ SEE ALSO -------- - cdist-type(7) +- sshd(8) COPYING diff --git a/cdist/conf/type/__ssh_authorized_keys/manifest b/cdist/conf/type/__ssh_authorized_keys/manifest index 1c9df208..6a536e1b 100755 --- a/cdist/conf/type/__ssh_authorized_keys/manifest +++ b/cdist/conf/type/__ssh_authorized_keys/manifest @@ -21,16 +21,7 @@ owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")" state="$(cat "$__object/parameter/state" 2>/dev/null)" -if [ -f "$__object/parameter/file" ]; then - file="$(cat "$__object/parameter/file")" -else - home="$(cut -d':' -f 6 "$__object/explorer/passwd")" - if [ -z "$home" ]; then - echo "Failed to get home directory from explorer." >&2 - exit 1 - fi - file="$home/.ssh/authorized_keys" -fi +file="$(cat "$__object/explorer/file")" if [ ! -f "$__object/parameter/noparent" -o ! -f "$__object/parameter/nofile" ]; then group="$(cut -d':' -f 1 "$__object/explorer/group")" @@ -40,12 +31,8 @@ if [ ! -f "$__object/parameter/noparent" -o ! -f "$__object/parameter/nofile" ]; fi if [ ! -f "$__object/parameter/noparent" ]; then - # Ensure that the directory in which the authorized_keys shall be exists and - # has the right permissions. - ssh_directory="${file%/*}" - __directory "$ssh_directory" --state present --parents \ - --owner "$owner" --group "$group" --mode 0700 - export require="__directory/$ssh_directory" + __ssh_dot_ssh "$owner" + export require="__ssh_dot_ssh/$owner" fi if [ ! -f "$__object/parameter/nofile" ]; then # Ensure that authorized_keys file exists and has the right permissions. @@ -54,6 +41,7 @@ if [ ! -f "$__object/parameter/noparent" -o ! -f "$__object/parameter/nofile" ]; --group "$group" \ --mode 0600 \ --state exists + export require="__file/$file" fi fi @@ -67,22 +55,25 @@ __block "$__object_name" \ --text - << DONE remove legacy block DONE +export require="__block/$__object_name" _cksum() { echo "$1" | cksum | cut -d' ' -f 1 } while read key; do - cksum_key="$(_cksum "$key")" - line_id="${owner}-${cksum_key}" - - set -- "$line_id" + type_and_key="$(echo "$key" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }')" + object_id="$(_cksum "$file")-$(_cksum "$type_and_key")" + set -- "$object_id" set -- "$@" --file "$file" - set -- "$@" --regex ".*$key.*" - if [ "$state" = 'present' ]; then - set -- "$@" --line "$key" - fi + set -- "$@" --key "$key" set -- "$@" --state "$state" - # Ensure __line does not read stdin - require="__block/$__object_name" __line "$@" < /dev/null + if [ -f "$__object/parameter/option" ]; then + set -- "$@" --option "$(cat "$__object/parameter/option")" + fi + if [ -f "$__object/parameter/comment" ]; then + set -- "$@" --comment "$(cat "$__object/parameter/comment")" + fi + # Ensure __ssh_authorized_key does not read stdin + __ssh_authorized_key "$@" < /dev/null done < "$__object/parameter/key" diff --git a/cdist/conf/type/__ssh_authorized_keys/parameter/optional b/cdist/conf/type/__ssh_authorized_keys/parameter/optional index 989750b3..21f9bc29 100644 --- a/cdist/conf/type/__ssh_authorized_keys/parameter/optional +++ b/cdist/conf/type/__ssh_authorized_keys/parameter/optional @@ -1,3 +1,5 @@ +comment +file +option owner state -file diff --git a/cdist/conf/type/__ssh_dot_ssh/explorer/group b/cdist/conf/type/__ssh_dot_ssh/explorer/group new file mode 100755 index 00000000..cdea6fe7 --- /dev/null +++ b/cdist/conf/type/__ssh_dot_ssh/explorer/group @@ -0,0 +1,22 @@ +#!/bin/sh +# +# 2014 Steven Armstrong (steven-cdist at armstrong.cc) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + +gid="$("$__type_explorer/passwd" | cut -d':' -f 4)" +getent group "$gid" || true diff --git a/cdist/conf/type/__ssh_authorized_keys/explorer/passwd b/cdist/conf/type/__ssh_dot_ssh/explorer/passwd similarity index 90% rename from cdist/conf/type/__ssh_authorized_keys/explorer/passwd rename to cdist/conf/type/__ssh_dot_ssh/explorer/passwd index e6352ee0..3fbad06f 100755 --- a/cdist/conf/type/__ssh_authorized_keys/explorer/passwd +++ b/cdist/conf/type/__ssh_dot_ssh/explorer/passwd @@ -1,6 +1,7 @@ #!/bin/sh # # 2012 Steven Armstrong (steven-cdist at armstrong.cc) +# 2014 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # @@ -18,6 +19,6 @@ # along with cdist. If not, see . # -owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")" +owner="$__object_id" getent passwd "$owner" || true diff --git a/cdist/conf/type/__ssh_dot_ssh/man.text b/cdist/conf/type/__ssh_dot_ssh/man.text new file mode 100644 index 00000000..2cd2001c --- /dev/null +++ b/cdist/conf/type/__ssh_dot_ssh/man.text @@ -0,0 +1,44 @@ +cdist-type__ssh_dot_ssh(7) +========================== +Nico Schottelius + + +NAME +---- +cdist-type__ssh_dot_ssh - Manage .ssh directory + + +DESCRIPTION +----------- +Adds or removes .ssh directory to a user home. + +This type is being used by __ssh_authorized_keys. + +OPTIONAL PARAMETERS +------------------- +state:: + if the directory should be 'present' or 'absent', defaults to 'present'. + + +EXAMPLES +-------- + +-------------------------------------------------------------------------------- +# Ensure root has ~/.ssh with the right permissions +__ssh_dot_ssh root + +# Nico does not need ~/.ssh anymore +__ssh_dot_ssh nico --state absent +-------------------------------------------------------------------------------- + + +SEE ALSO +-------- +- cdist-type(7) +- cdist-type__ssh_authorized_keys(7) + + +COPYING +------- +Copyright \(C) 2014 Nico Schottelius. Free use of this software is +granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/cdist/conf/type/__ssh_dot_ssh/manifest b/cdist/conf/type/__ssh_dot_ssh/manifest new file mode 100755 index 00000000..4b797afb --- /dev/null +++ b/cdist/conf/type/__ssh_dot_ssh/manifest @@ -0,0 +1,44 @@ +#!/bin/sh +# +# 2012-2014 Steven Armstrong (steven-cdist at armstrong.cc) +# 2014 Nico Schottelius (nico-cdist at schottelius.org) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# Hacked in Kalamata, Greece +# + +owner="$__object_id" +state="$(cat "$__object/parameter/state")" + +group="$(cut -d':' -f 1 "$__object/explorer/group")" +if [ -z "$group" ]; then + echo "Failed to get owners group from explorer." >&2 + exit 1 +fi + +home="$(cut -d':' -f 6 "$__object/explorer/passwd")" +if [ -z "$home" ]; then + echo "Failed to get home directory from explorer." >&2 + exit 1 +fi +ssh_directory="${home}/.ssh" + +# Ensure that the directory in which the authorized_keys shall be exists and +# has the right permissions. +__directory "$ssh_directory" \ + --state "$state" \ + --owner "$owner" --group "$group" --mode 0700 diff --git a/cdist/conf/type/__ssh_dot_ssh/parameter/default/state b/cdist/conf/type/__ssh_dot_ssh/parameter/default/state new file mode 100644 index 00000000..e7f6134f --- /dev/null +++ b/cdist/conf/type/__ssh_dot_ssh/parameter/default/state @@ -0,0 +1 @@ +present diff --git a/cdist/conf/type/__ssh_dot_ssh/parameter/optional b/cdist/conf/type/__ssh_dot_ssh/parameter/optional new file mode 100644 index 00000000..ff72b5c7 --- /dev/null +++ b/cdist/conf/type/__ssh_dot_ssh/parameter/optional @@ -0,0 +1 @@ +state diff --git a/cdist/conf/type/__staged_file/gencode-local b/cdist/conf/type/__staged_file/gencode-local new file mode 100755 index 00000000..87d79f4c --- /dev/null +++ b/cdist/conf/type/__staged_file/gencode-local @@ -0,0 +1,98 @@ +#!/bin/sh +# +# 2015 Steven Armstrong (steven-cdist at armstrong.cc) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + +#set -x + +destination="$__object_id" +source="$(cat "$__object/parameter/source")" +cksum="$(cat "$__object/parameter/cksum")" +stage_dir="$(cat "$__object/parameter/stage-dir")" +state="$(cat "$__object/parameter/state")" +fetch_command="$(cat "$__object/parameter/fetch-command")" +stage_file="${stage_dir}/${destination}" +stage_file_dir="${stage_file%/*}" +source_file_name="${source##*/}" + +if [ "$state" = "absent" ]; then + # nothing to do + exit 0 +fi + +#printf 'set -x\n' + +if [ ! -d "$stage_dir" ]; then + printf 'mkdir -p "%s"\n' "$stage_dir" + printf 'chmod 700 "%s"\n' "$stage_dir" +fi + +if [ ! -d "$stage_file_dir" ]; then + printf 'mkdir -p "%s"\n' "$stage_file_dir" +fi + + +get_file() { + if [ -f "$__object/parameter/prepare-command" ]; then + fetch_and_prepare_file + else + fetch_file + fi +} + +fetch_file() { + printf "$fetch_command" "$source" + printf ' > "%s"\n' "$stage_file" +} + +fetch_and_prepare_file() { + printf 'tmpdir="$(mktemp -d --tmpdir="/tmp" "%s")"\n' "${__type##*/}.XXXXXXXXXX" + printf 'cd "$tmpdir"\n' + printf "$fetch_command > \"%s\"\n" "$source" "$source_file_name" + prepare_command="$(cat "$__object/parameter/prepare-command")" + printf "$prepare_command > \"%s\"\n" "$source_file_name" "$stage_file" + printf 'cd - >/dev/null\n' + printf 'rm -rf "$tmpdir"\n' +} + +cat << DONE +verify_cksum() { + cksum_is="\$(cksum "$stage_file" | cut -d' ' -f1,2)" + cksum_should="$(cat "$__object/parameter/cksum" | cut -d' ' -f1,2)" + if [ "\$cksum_is" == "\$cksum_should" ]; then + return 0 + else + return 1 + fi +} +DONE + +if [ ! -f "$stage_file" ]; then + get_file +else + printf 'verify_cksum || {\n' + get_file + printf '}\n' +fi + +cat << DONE +verify_cksum || { + echo "Failed to verify checksum for $__object_name" >&2 + exit 1 +} +DONE diff --git a/cdist/conf/type/__staged_file/man.text b/cdist/conf/type/__staged_file/man.text new file mode 100644 index 00000000..e94e491d --- /dev/null +++ b/cdist/conf/type/__staged_file/man.text @@ -0,0 +1,103 @@ +cdist-type__staged_file(7) +========================== +Steven Armstrong + + +NAME +---- +cdist-type__staged_file - manage staged files + + +DESCRIPTION +----------- +Manages a staged file that is downloaded on the server (the machine running +cdist) and then deployed to the target host using the __file type. + + +REQUIRED PARAMETERS +------------------- +source:: + the URL from which to retreive the source file. + e.g. + https://dl.bintray.com/mitchellh/consul/0.4.1_linux_amd64.zip + file:///path/to/local/file +cksum:: + the output of running the command: `cksum $source-file` + e.g. + $ echo foobar > /tmp/foobar + $ cksum /tmp/foobar + 857691210 7 /tmp/foobar + If either checksum or file size has changed the file will be + (re)fetched from the --source. The file name can be omitted and is + ignored if given. + + +OPTIONAL PARAMETERS +------------------- +fetch-command:: + the command used to fetch the staged file using printf formatting. + Where a single %s will be replaced with the value of the given --source + parameter. The --fetch-command is expected to output the fetched file to + stdout. + Defaults to 'curl -s -L "%s"'. +group:: + see cdist-type__file +owner:: + see cdist-type__file +mode:: + see cdist-type__file +prepare-command:: + the optional command used to prepare or preprocess the staged file for later + use by the file type. + If given, it must be a string in printf formatting where a single %s will + be replaced with the last segment (filename) of the value of the given + --source parameter. + It is executed in the same directory into which the fetched file has been + saved. The --prepare-command is expected to output the final file to stdout. + + So for example given a --source of https://example.com/my-zip.zip, and a + --prepare-command of 'unzip -p "%s"', the code `unzip -p "my-zip.zip"` will + be executed in the folder containing the downloaded file my-zip.zip. + A more complex example might be --prepare-command 'tar -xz "%s"; cat path/from/archive' +stage-dir:: + the directory in which to store downloaded and prepared files. + Defaults to '/var/tmp/cdist/__staged_file' +state:: + see cdist-type__file + + +EXAMPLES +-------- + +-------------------------------------------------------------------------------- +__staged_file /usr/local/bin/consul \ + --source file:///path/to/local/copy/consul \ + --cksum '428915666 15738724' \ + --state present \ + --group root \ + --owner root \ + --mode 755 + +__staged_file /usr/local/bin/consul \ + --source https://dl.bintray.com/mitchellh/consul/0.4.1_linux_amd64.zip \ + --cksum '428915666 15738724' \ + --fetch-command 'curl -s -L "%s"' \ + --prepare-command 'unzip -p "%s"' \ + --state present \ + --group root \ + --owner root \ + --mode 755 + +-------------------------------------------------------------------------------- + + +SEE ALSO +-------- +- cdist-type(7) +- cdist-type__file(7) + + +COPYING +------- +Copyright \(C) 2015 Steven Armstrong. Free use of this software is +granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/cdist/conf/type/__staged_file/manifest b/cdist/conf/type/__staged_file/manifest new file mode 100755 index 00000000..454948b4 --- /dev/null +++ b/cdist/conf/type/__staged_file/manifest @@ -0,0 +1,38 @@ +#!/bin/sh +# +# 2015 Steven Armstrong (steven-cdist at armstrong.cc) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + +destination="$__object_id" +source="$(cat "$__object/parameter/source")" +cksum="$(cat "$__object/parameter/cksum")" +stage_dir="$(cat "$__object/parameter/stage-dir")" +state="$(cat "$__object/parameter/state")" +fetch_command="$(cat "$__object/parameter/fetch-command")" +stage_file="${stage_dir}/${destination}" + +set -- "/${destination}" +for param in owner group mode state; do + if [ -f "$__object/parameter/$param" ]; then + set -- "$@" "--${param}" "$(cat "$__object/parameter/$param")" + fi +done +set -- "$@" --source "$stage_file" + +require="$__object_name" \ + __file "$@" diff --git a/cdist/conf/type/__staged_file/parameter/default/fetch-command b/cdist/conf/type/__staged_file/parameter/default/fetch-command new file mode 100644 index 00000000..b4dc1211 --- /dev/null +++ b/cdist/conf/type/__staged_file/parameter/default/fetch-command @@ -0,0 +1 @@ +curl -s -L "%s" diff --git a/cdist/conf/type/__staged_file/parameter/default/stage-dir b/cdist/conf/type/__staged_file/parameter/default/stage-dir new file mode 100644 index 00000000..9420b510 --- /dev/null +++ b/cdist/conf/type/__staged_file/parameter/default/stage-dir @@ -0,0 +1 @@ +/var/tmp/cdist/__staged_file diff --git a/cdist/conf/type/__staged_file/parameter/default/state b/cdist/conf/type/__staged_file/parameter/default/state new file mode 100644 index 00000000..e7f6134f --- /dev/null +++ b/cdist/conf/type/__staged_file/parameter/default/state @@ -0,0 +1 @@ +present diff --git a/cdist/conf/type/__staged_file/parameter/optional b/cdist/conf/type/__staged_file/parameter/optional new file mode 100644 index 00000000..18f4e87a --- /dev/null +++ b/cdist/conf/type/__staged_file/parameter/optional @@ -0,0 +1,7 @@ +fetch-command +group +owner +mode +prepare-command +stage-dir +state diff --git a/cdist/conf/type/__staged_file/parameter/required b/cdist/conf/type/__staged_file/parameter/required new file mode 100644 index 00000000..bfb1d5bf --- /dev/null +++ b/cdist/conf/type/__staged_file/parameter/required @@ -0,0 +1,2 @@ +cksum +source diff --git a/cdist/conf/type/__start_on_boot/explorer/state b/cdist/conf/type/__start_on_boot/explorer/state index e9e4318e..1906033c 100755 --- a/cdist/conf/type/__start_on_boot/explorer/state +++ b/cdist/conf/type/__start_on_boot/explorer/state @@ -1,6 +1,6 @@ #!/bin/sh # -# 2012-2013 Nico Schottelius (nico-cdist at schottelius.org) +# 2012-2015 Nico Schottelius (nico-cdist at schottelius.org) # 2013 Daniel Heule (hda at sfs.biz) # # This file is part of cdist. @@ -34,10 +34,15 @@ case "$os" in || echo absent) ;; - debian|ubuntu|openwrt) + debian|openwrt) state="present" [ -f "/etc/rc$runlevel.d/S"??"$name" ] || state="absent" ;; + ubuntu) + state="absent" + [ -f "/etc/rc$runlevel.d/S"??"$name" ] && state="present" + [ -f "/etc/init/${name}.conf" ] && state="present" + ;; amazon|centos|fedora|owl|redhat) state=$(chkconfig --level "$runlevel" "$name" || echo absent) diff --git a/cdist/conf/type/__timezone/manifest b/cdist/conf/type/__timezone/manifest index 81de0217..6f34f71b 100755 --- a/cdist/conf/type/__timezone/manifest +++ b/cdist/conf/type/__timezone/manifest @@ -1,7 +1,7 @@ #!/bin/sh # # 2011 Ramon Salvadó (rsalvado at gnuine dot com) -# 2012 Steven Armstrong (steven-cdist at armstrong.cc) +# 2012-2015 Steven Armstrong (steven-cdist at armstrong.cc) # 2012 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. @@ -24,16 +24,39 @@ timezone="$__object_id" os=$(cat "$__global/explorer/os") - + case "$os" in archlinux|debian|ubuntu) + __package tzdata + export require="__package/tzdata" + ;; + suse) + __package timezone + export require="__package/timezone" + ;; + freebsd) + # whitelist + : + ;; + centos) __package tzdata --state present - require="__package/tzdata" __link /etc/localtime \ - --source "/usr/share/zoneinfo/${timezone}" \ - --type symbolic + export require="__package/tzdata" + __file /etc/sysconfig/clock \ + --owner root --group root --mode 644 \ + --state exists + require="__file/etc/sysconfig/clock" \ + ___key_value ZONE \ + --file /etc/sysconfig/clock \ + --delimiter '=' \ + --value "\"$timezone\"" ;; *) - echo "Unsupported OS $os" >&2 + echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2 + echo "Please contribute an implementation for it if you can." >&2 exit 1 ;; esac + +__link /etc/localtime \ + --source "/usr/share/zoneinfo/${timezone}" \ + --type symbolic diff --git a/cdist/conf/type/__zypper_repo/explorer/repo_id b/cdist/conf/type/__zypper_repo/explorer/repo_id index be0b9771..6a4791e6 100644 --- a/cdist/conf/type/__zypper_repo/explorer/repo_id +++ b/cdist/conf/type/__zypper_repo/explorer/repo_id @@ -1,6 +1,6 @@ #!/bin/sh # -# 2013 Daniel Heule (hda at sfs.biz) +# 2013-2014 Daniel Heule (hda at sfs.biz) # # This file is part of cdist. # @@ -26,4 +26,4 @@ if [ -f "$__object/parameter/uri" ]; then else uri="$__object_id" fi -echo $(zypper lr -u | grep -E "\<$uri\>" | cut -d'|' -f 1 | grep -E '^[0-9]' ) +echo $(zypper lr -u | grep -F "$uri" | cut -d'|' -f 1 | grep -E '^[0-9]' ) diff --git a/cdist/config.py b/cdist/config.py index 2fd80db0..a0c787ac 100644 --- a/cdist/config.py +++ b/cdist/config.py @@ -229,12 +229,12 @@ class Config(object): for requirement in cdist_object.requirements_unfinished(cdist_object.autorequire): autorequire_names.append(requirement.name) - requirements = ", ".join(requirement_names) - autorequire = ", ".join(autorequire_names) - info_string.append("%s requires: %s autorequires: %s" % (cdist_object.name, requirements, autorequire)) + requirements = "\n ".join(requirement_names) + autorequire = "\n ".join(autorequire_names) + info_string.append("%s requires:\n %s\n%s autorequires:\n %s" % (cdist_object.name, requirements, cdist_object.name, autorequire)) - raise cdist.UnresolvableRequirementsError("The requirements of the following objects could not be resolved: %s" % - ("; ".join(info_string))) + raise cdist.UnresolvableRequirementsError("The requirements of the following objects could not be resolved:\n%s" % + ("\n".join(info_string))) def object_prepare(self, cdist_object): """Prepare object: Run type explorer + manifest""" diff --git a/cdist/core/cdist_type.py b/cdist/core/cdist_type.py index ff1ebaec..d5b4ea3e 100644 --- a/cdist/core/cdist_type.py +++ b/cdist/core/cdist_type.py @@ -204,11 +204,13 @@ class CdistType(object): try: defaults_dir = os.path.join(self.absolute_path, "parameter", "default") for name in os.listdir(defaults_dir): - with open(os.path.join(defaults_dir, name)) as fd: - defaults[name] = fd.read().strip() + try: + with open(os.path.join(defaults_dir, name)) as fd: + defaults[name] = fd.read().strip() + except EnvironmentError: + pass # Swallow errors raised by open() or read() except EnvironmentError: - # error ignored - pass + pass # Swallow error raised by os.listdir() finally: self.__parameter_defaults = defaults return self.__parameter_defaults diff --git a/cdist/core/manifest.py b/cdist/core/manifest.py index 95bf4c25..240e57a1 100644 --- a/cdist/core/manifest.py +++ b/cdist/core/manifest.py @@ -144,4 +144,4 @@ class Manifest(object): type_manifest = os.path.join(self.local.type_path, cdist_object.cdist_type.manifest_path) message_prefix = cdist_object.name if os.path.isfile(type_manifest): - self.local.run_script(type_manifest, env=self.env_type_manifest(cdist_object)) + self.local.run_script(type_manifest, env=self.env_type_manifest(cdist_object), message_prefix=message_prefix) diff --git a/cdist/message.py b/cdist/message.py index b840a84d..f9b0c313 100644 --- a/cdist/message.py +++ b/cdist/message.py @@ -37,12 +37,14 @@ class Message(object): self.prefix = prefix self.global_messages = messages - self.messages_in = tempfile.mkstemp(suffix='.cdist_message_in')[1] - self.messages_out = tempfile.mkstemp(suffix='.cdist_message_out')[1] + in_fd, self.messages_in = tempfile.mkstemp(suffix='.cdist_message_in') + out_fd, self.messages_out = tempfile.mkstemp(suffix='.cdist_message_out') + + os.close(in_fd) + os.close(out_fd) self._copy_messages() - @property def env(self): env = {} diff --git a/cdist/test/cdist_type/__init__.py b/cdist/test/cdist_type/__init__.py index 36a524b4..ccbf6742 100644 --- a/cdist/test/cdist_type/__init__.py +++ b/cdist/test/cdist_type/__init__.py @@ -153,3 +153,10 @@ class TypeTestCase(test.CdistTestCase): self.assertFalse('optional2' in cdist_type.parameter_defaults) self.assertEqual(cdist_type.parameter_defaults['optional1'], 'value1') + def test_directory_in_default(self): + base_path = fixtures + cdist_type = core.CdistType(base_path, '__directory_in_default') + self.assertEqual( + list(sorted(cdist_type.parameter_defaults.keys())), + ['bar', 'foo'] + ) diff --git a/cdist/test/cdist_type/fixtures/__directory_in_default/parameter/default/a/.gitkeep b/cdist/test/cdist_type/fixtures/__directory_in_default/parameter/default/a/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/cdist/test/cdist_type/fixtures/__directory_in_default/parameter/default/bar b/cdist/test/cdist_type/fixtures/__directory_in_default/parameter/default/bar new file mode 100644 index 00000000..e69de29b diff --git a/cdist/test/cdist_type/fixtures/__directory_in_default/parameter/default/foo b/cdist/test/cdist_type/fixtures/__directory_in_default/parameter/default/foo new file mode 100644 index 00000000..e69de29b diff --git a/cdist/test/cdist_type/fixtures/__directory_in_default/parameter/optional b/cdist/test/cdist_type/fixtures/__directory_in_default/parameter/optional new file mode 100644 index 00000000..3bd1f0e2 --- /dev/null +++ b/cdist/test/cdist_type/fixtures/__directory_in_default/parameter/optional @@ -0,0 +1,2 @@ +foo +bar diff --git a/docs/changelog b/docs/changelog index e40dd5c0..f55a01ac 100644 --- a/docs/changelog +++ b/docs/changelog @@ -1,9 +1,68 @@ Changelog --------- - * Changes are always commented with their author in (braces) - * Exception: No braces means author == Nico Schottelius +next: + * New type: __firewalld_rule (Nico Schottelius) +3.1.11: 2015-02-27 + * New type: __staged_file: Manage staged files (Steven Armstrong) + * New type: __config_file: Manage configuration files and run code on change (Steven Armstrong) + * New type: __consul: install consul (Steven Armstrong) + * New type: __consul_agent: manage the consul agent (Steven Armstrong) + * New type: __consul_check: manages consul checks (Steven Armstrong) + * New type: __consul_reload: reload consul (Steven Armstrong) + * New type: __consul_service: manages consul services (Steven Armstrong) + * New type: __consul_template: manage the consul-template service (Steven Armstrong) + * New type: __consul_template_template: manage consul-template templates (Steven Armstrong) + * New type: __consul_watch_checks: manages consul checks watches (Steven Armstrong) + * New type: __consul_watch_event: manages consul event watches (Steven Armstrong) + * New type: __consul_watch_key: manages consul key watches (Steven Armstrong) + * New type: __consul_watch_keyprefix: manages consul keyprefix watches (Steven Armstrong) + * New type: __consul_watch_nodes: manages consul nodes watches (Steven Armstrong) + * New type: __consul_watch_service: manages consul service watches (Steven Armstrong) + * New type: __consul_watch_services: manages consul services watches (Steven Armstrong) + * New Type: __rsync (Nico Schottelius) + * Type __start_on_boot: Support Ubuntu upstart (Nico Schottelius) + * Type __timezone: Added support for FreeBSD (Christian Kruse) + +3.1.10: 2015-02-10 + * Core: Fix too many open files bug (#343) + * Type __ssh_authorized_keys: Remove unneeded explorer (Steven Armstrong) + * Type __ssh_authorized_keys: Fix empty output bug of entry explorer (Steven Armstrong) + * Type __package_apt: Add support for --target-release (Nico Schottelius) + * Type __locale: Add support for Ubuntu (Nico Schottelius) + * Type __group: Rewrite (Steven Armstrong) + * Documentation: Fix typo in maintainer file (Stephan Kulla) + +3.1.9: 2014-10-17 + * Type __package_emerge: Fix handling of slotted packages (Daniel Heule) + * Type __package_apt: Use --force-confdef (Ricardo Catalinas Jiménez) + * Type __package_update_index: Decrease verbosity (Ricardo Catalinas Jiménez) + * Type __package_upgrade_all: Decrease verbosity (Ricardo Catalinas Jiménez) + +3.1.8: 2014-10-01 + * New Type: __package_update_index (Ricardo Catalinas Jiménez) + * New Type: __package_upgrade_all (Ricardo Catalinas Jiménez) + +3.1.7: 2014-09-29 + * Type __cdistmarker: Fix typo (Ricardo Catalinas Jiménez) + * Core: Bugfix: Export messaging to manifests (Ricardo Catalinas Jiménez) + * Explorer cpu_cores, cpu_sockets, memory: Add Mac OS X support (Manuel Hutter) + * Type __ssh_authorized_keys: Ensure keys are correctly added (Steven Armstrong) + * New Type: __ssh_authorized_key (Steven Armstrong) + * New Type: __package_pkgng_freebsd (Jake Guffey) + +3.1.6: 2014-08-18 + * New Type: __ssh_dot_ssh (Nico Schottelius) + * Type __package_yum: Support retrieving package via URL (Nico Schottelius) + * Type __hostname: Support SuSE and have CentOS use sysconfig value (Nico Schottelius) + * Type __locale: Support SuSE (Nico Schottelius) + * Type __locale: Support Archlinux (Nico Schottelius) + * Type __timezone: Support SuSE (Nico Schottelius) + * Type __file: Support MacOS X (Manuel Hutter) + * Type __iptables_apply: Add "reset" to init.d script of iptables (Nico Schottelius) + * Type __ssh_authorized_key: Use new type __ssh_dot_ssh (Nico Schottelius) + * Type __zypper_repo: Bugfix for pattern matching (Daniel Heule) 3.1.5: 2014-05-05 * Type __zypper_repo: Automatically import gpg keys (Daniel Heule) @@ -17,13 +76,13 @@ Changelog 3.1.3: 2014-04-29 * New Type: __yum_repo (Steven Armstrong) - * Type __hostname: Add support for CentOS + * Type __hostname: Add support for CentOS (Nico Schottelius) 3.1.2: 2014-04-12 - * Documentation: Add missing environment variables to reference - * Type __qemu_img: size is optional, if state is not present + * Documentation: Add missing environment variables to reference (Nico Schottelius) + * Type __qemu_img: size is optional, if state is not present (Nico Schottelius) * Type __key_value: Rewrite using awk (Daniel Heule) - * New Type: __dog_vdi + * New Type: __dog_vdi (Nico Schottelius) 3.1.1: 2014-03-26 * Core: Make __object and __object_id available to code (Daniel Heule) @@ -37,11 +96,11 @@ Changelog * Type __package_pkg_openbsd: Improve error handling (og) 3.1.0: 2014-03-19 - * New Type: __rbenv + * New Type: __rbenv (Nico Schottelius) * Type __file: Enhance OpenBSD Support (og) - * Type __git: Pass onwer/group/mode values to __directory + * Type __git: Pass onwer/group/mode values to __directory (Nico Schottelius) * Type __iptable_rule: Fix example documentation (Antoine Catton) - * Type __key_value: Add messaging support + * Type __key_value: Add messaging support (Nico Schottelius) * Type __package_pkg_openbsd: Allow to change PKG_PATH (og) * Type __ssh_authorized_keys: Allow managing existing keys (Steven Armstrong) * Type __user: Enhance OpenBSD Support (og) @@ -49,7 +108,7 @@ Changelog 3.0.9: 2014-02-14 * Core: Ignore order dependencies if override is set (Daniel Heule) * Core: Improve Mac OS X support for unit tests (Steven Armstrong) - * Type __locale: Error out in case of unsupported OS + * Type __locale: Error out in case of unsupported OS (Nico Schottelius) * Type __jail: Use default parameters for state (Daniel Heule) * Type __pf_ruleset: Use default parameters for state (Daniel Heule) * Type __postgres_database: Use default parameters for state (Daniel Heule) @@ -73,7 +132,7 @@ Changelog * New Type: __apt_key_uri (Steven Armstrong) * New Type: __apt_norecommends (Steven Armstrong) * New Type: __apt_source (Steven Armstrong) - * New Type: __ccollect_source + * New Type: __ccollect_source (Nico Schottelius) * Type __git: Use default parameters (Daniel Heule) * Type __jail: Use default parameters (Daniel Heule) * Type __package_yum: Use default parameters (Daniel Heule) @@ -83,24 +142,24 @@ Changelog 3.0.5: 2014-02-05 * Core: Introduce override concept (Daniel Heule) * Type __process: Make --state absent work (Steven Armstrong) - * Documentation: Update documentation for environment variables + * Documentation: Update documentation for environment variables (Nico Schottelius) 3.0.4: 2014-01-29 - * Core: Ignore install types in config mode - * Documentation: Update reference (files path in object space) - * Documentation: Update best practise: Replaces templates/ with files/ + * Core: Ignore install types in config mode (Nico Schottelius) + * Documentation: Update reference (files path in object space) (Nico Schottelius) + * Documentation: Update best practise: Replaces templates/ with files/ (Nico Schottelius) * Type __apt_ppa: Install required software (Steven Armstrong) - * Type __debconf_set_selections: Support --file - to read from stdin + * Type __debconf_set_selections: Support --file - to read from stdin (Nico Schottelius) * Type __jail: Fix jaildir parameter handling (Jake Guffey) 3.0.3: 2014-01-22 - * Core: Enhance error message when requirement is missing object id + * Core: Enhance error message when requirement is missing object id (Nico Schottelius) * Core: Add environment variable to select shell for executing scripts (Daniel Heule) - * Explorer hostname: Return host name by using uname -n + * Explorer hostname: Return host name by using uname -n (Nico Schottelius) * New Type: __hostname (Steven Armstrong) * Type __cdist: Use default paremeters (Daniel Heule) * Type __key_value: Use default paremeters (Daniel Heule) - * Type __line: Use printf instead of echo for printing user input + * Type __line: Use printf instead of echo for printing user input (Nico Schottelius) * Type __qemu_img: Use default paremeters (Daniel Heule) * Type __zypper_repo: Use default paremeters (Daniel Heule) * Type __zypper_service: Use default paremeters (Daniel Heule) @@ -114,16 +173,16 @@ Changelog 3.0.1: 2014-01-14 * Core: Copy only files, not directories (Steven Armstrong) - * Core: Allow hostnames to start with / - * Type __line: Remove unecessary backslash escape + * Core: Allow hostnames to start with / (Nico Schottelius) + * Type __line: Remove unecessary backslash escape (Nico Schottelius) * Type __directory: Add messaging support (Daniel Heule) * Type __directory: Do not generate code if mode is 0xxx (Daniel Heule) * Type __package: Fix typo in optional parameter ptype (Daniel Heule) * Type __start_on_boot: Fix for SuSE's chkconfig (Daniel Heule) 3.0.0: 2013-12-24 - * Core: Added messaging support - * Core: Removed unused "changed" attribute of objects + * Core: Added messaging support (Nico Schottelius) + * Core: Removed unused "changed" attribute of objects (Nico Schottelius) * Core: Support default values for multiple parameters (Steven Armstrong) * Core: Ensure Object Parameter file contains \n (Steven Armstrong) * New Type: __zypper_repo (Daniel Heule) @@ -133,8 +192,8 @@ Changelog * Type __cron: Add support for raw lines (Daniel Heule) * Type __cron: Suppress stderr output from crontab (Daniel Heule) * Type __cron: Fix quoting issue (Daniel Heule) - * Type __file: Do not generate code if mode is 0xxx - * Type __iptables_rule: Use default parameter + * Type __file: Do not generate code if mode is 0xxx (Nico Schottelius) + * Type __iptables_rule: Use default parameter (Nico Schottelius) * Type __key_value: Fix quoting issue (Steven Armstrong) * Type __package: Use state --present by default (Steven Armstrong) * Type __package_zypper: Support non packages as well (Daniel Heule) @@ -142,7 +201,7 @@ Changelog * Type __postfix_*: Depend on __postfix Type (Steven Armstrong) * Type __postfix_postconf: Enable support for SuSE (Daniel Heule) * Type __postfix: Enable support for SuSE (Daniel Heule) - * Type __start_on_boot: Use default parameter state + * Type __start_on_boot: Use default parameter state (Nico Schottelius) * Type __start_on_boot: Add support for gentoo (Daniel Heule) * Type __user: Add support for state parameter (Daniel Heule) * Type __user: Add support for system users (Daniel Heule) @@ -154,19 +213,19 @@ Changelog * Type __file: Only remove file when state is absent (Steven Armstrong) * Type __link: Only remove link when state is absent (Steven Armstrong) * Type __directory: Only remove directory when state is absent (Steven Armstrong) - * Type __directory: Fix newly introduced quoting issue + * Type __directory: Fix newly introduced quoting issue (Nico Schottelius) * Type __package_zypper: Fix explorer and parameter issue (Daniel Heule) - * Core: Fix backtrace when cache cannot be deleted + * Core: Fix backtrace when cache cannot be deleted (Nico Schottelius) 2.3.6: 2013-11-25 - * New Type: __locale - * Type __line: Ensure special characters are not interpreted + * New Type: __locale (Nico Schottelius) + * Type __line: Ensure special characters are not interpreted (Nico Schottelius) 2.3.5: 2013-10-10 * Core: Unit test fix for remote_copy (Steven Armstrong) * Documentation: Updated manpages of __package and __file (Alex Greif) * Documentation: Add more examples to cdist-manifest (Dan Levin) - * Type __package_apt: Do not install recommends by default + * Type __package_apt: Do not install recommends by default (Nico Schottelius) 2.3.4: 2013-10-03 * Core: Add missing bits to support dry run (Steven Armstrong) @@ -184,51 +243,51 @@ Changelog * Type __start_on_boot: Bugfix for systemd (Steven Armstrong) 2.3.2: 2013-09-05 - * Build: Ensure tests don't change attributes of non-test files - * Core: Fix typo in argument parser + * Build: Ensure tests don't change attributes of non-test files (Nico Schottelius) + * Core: Fix typo in argument parser (Nico Schottelius) * Core: Code cleanup: Remove old install code (Steven Armstrong) - * Core: Improve error message when using non-existing type in requirement - * New Type: __iptables_rule - * New Type: __iptables_apply - * Type __cdist: Also create home directory - * Type __cdist: Add support for --shell parameter - * Type __motd: Regenerate motd on Debian and Ubuntu + * Core: Improve error message when using non-existing type in requirement (Nico Schottelius) + * New Type: __iptables_rule (Nico Schottelius) + * New Type: __iptables_apply (Nico Schottelius) + * Type __cdist: Also create home directory (Nico Schottelius) + * Type __cdist: Add support for --shell parameter (Nico Schottelius) + * Type __motd: Regenerate motd on Debian and Ubuntu (Nico Schottelius) 2.3.1: 2013-08-28 - * Core: Support relative paths for configuration directories - * Core: Code cleanup (removed context class, added log class) - * Documentation: Add more best practises - * Documentation: Add troubleshooting chapter + * Core: Support relative paths for configuration directories (Nico Schottelius) + * Core: Code cleanup (removed context class, added log class) (Nico Schottelius) + * Documentation: Add more best practises (Nico Schottelius) + * Documentation: Add troubleshooting chapter (Nico Schottelius) * Type __key_value: Fix quoting problem (Steven Armstrong) 2.3.0: 2013-08-12 - * Core: Added support for cdist shell - * Documentation: Improved some manpages + * Core: Added support for cdist shell (Nico Schottelius) + * Documentation: Improved some manpages (Nico Schottelius) 2.2.0: 2013-07-12 - * Build: Cleanup the Makefile - * Type __package_opkg: Use shortcut version + * Build: Cleanup the Makefile (Nico Schottelius) + * Type __package_opkg: Use shortcut version (Nico Schottelius) * Core: Remove old pseudo object id "singleton" (Steven Armstrong) 2.1.2: 2013-07-09 - * Build: Change clean-dist target to "distclean" + * Build: Change clean-dist target to "distclean" (Nico Schottelius) * Build: Moved a lot of build logic into Makefile for dependency resolution * Core: Make global explorers available to initial manifest (Arkaitz Jimenez) - * Core: Change execution order to run object as one unit + * Core: Change execution order to run object as one unit (Nico Schottelius) * Documentation: Improved documentation (Tomáš Pospíšek) * New Remote Example: Add support for sudo operations (Chase James) - * New Type: __update_alternatives - * New Type: __cdist + * New Type: __update_alternatives (Nico Schottelius) + * New Type: __cdist (Nico Schottelius) * Type __apt_ppa: Fix comparison operator (Tyler Akins) - * Type __start_on_boot: Archlinux changed to use systemd - adapt type + * Type __start_on_boot: Archlinux changed to use systemd - adapt type (Nico Schottelius) * Type __git: Missing quotes added (Chase James) * Type __postgres_database: Make state parameter optional (Chase James) * Type __postgres_role: Make state parameter optional, fix password bug (Chase James) - * Type __process: Make state parameter optional - * Type __cron: Simplyfied and syntax change + * Type __process: Make state parameter optional (Nico Schottelius) + * Type __cron: Simplyfied and syntax change (Nico Schottelius) 2.1.1: 2013-04-08 - * Core: Use dynamic dependency resolver to allow indirect self dependencies + * Core: Use dynamic dependency resolver to allow indirect self dependencies (Nico Schottelius) * Core: Remove umask call - protect /var/lib/cdist only (Arkaitz Jimenez) * Explorer os: Added Slackware support (Eivind Uggedal) * Type __git: Support mode and fix owner/group settings (contradict) @@ -238,90 +297,90 @@ Changelog * Type __user: Add support for creating user home (Arkaitz Jimenez) 2.1.0: 2012-12-09 - * Core: Ensure global explorers are executable + * Core: Ensure global explorers are executable (Nico Schottelius) * Core: Ensure type explorers are executable (Steven Armstrong) - * New Type: __git + * New Type: __git (Nico Schottelius) * New Type: __ssh_authorized_keys (Steven Armstrong) * New Type: __user_groups (Steven Armstrong) - * Type __rvm_gemset: Change parameter "default" to be boolean + * Type __rvm_gemset: Change parameter "default" to be boolean (Nico Schottelius) * Type __user: Remove --groups support (now provided by __user_groups) * Type __apt_ppa: Bugfix: Installeded ppa detection (Steven Armstrong) * Type __jail: Change optional parameter "started" to boolean "stopped" parameter, change optional parameter "devfs-enable" to boolean "devfs-disable" parameter and - change optional parameter "onboot" to boolean. - * Type __package_pip: Bugfix: Installeded the package, not pyro - * Remove Type __ssh_authorized_key: Superseeded by __ssh_authorized_keys + change optional parameter "onboot" to boolean. (Nico Schottelius) + * Type __package_pip: Bugfix: Installeded the package, not pyro (Nico Schottelius) + * Remove Type __ssh_authorized_key: Superseeded by __ssh_authorized_keys (Nico Schottelius) * Support for CDIST_PATH (Steven Armstrong) 2.1.0pre8: 2012-11-15 * Type cleanup: __apt_ppa, __apt_ppa_update_index, __file, __ssh_authorized_key, __timezone, all install types (Steven Armstrong) - * Types: Remove all parameter changing code - * Type __rvm_ruby: Change parameter "default" to be boolean - * Documentation: Web documentation clean up + * Types: Remove all parameter changing code (Nico Schottelius) + * Type __rvm_ruby: Change parameter "default" to be boolean (Nico Schottelius) + * Documentation: Web documentation clean up (Nico Schottelius) 2.1.0pre7: 2012-11-07 - * Core: All unit tests restored back to working - * Core: Print error message when missing the initial manifest + * Core: All unit tests restored back to working (Nico Schottelius) + * Core: Print error message when missing the initial manifest (Nico Schottelius) 2.1.0pre6: 2012-11-05 - * New Example: Turn remote calls into local calls (used for unittesting) - * Core: Export PYTHONPATH, it's also needed by emulator - * Bugfix Type __rvm_ruby: Add clean package dependencies - * Bugfix Type __rvm_gem: Run rvm as user, not as root - * Cleanup Type __rvm, __rvm_gemset: Use shortcut version - * Bugfix __rvm_gemset: Correctly check for gemsets + * New Example: Turn remote calls into local calls (used for unittesting) (Nico Schottelius) + * Core: Export PYTHONPATH, it's also needed by emulator (Nico Schottelius) + * Bugfix Type __rvm_ruby: Add clean package dependencies (Nico Schottelius) + * Bugfix Type __rvm_gem: Run rvm as user, not as root (Nico Schottelius) + * Cleanup Type __rvm, __rvm_gemset: Use shortcut version (Nico Schottelius) + * Bugfix __rvm_gemset: Correctly check for gemsets (Nico Schottelius) * Cleanup Type __postgres_database, __postgres_role: Reference each other - in documentation - * Cleanp Type __postgres_role: Use boolean parameters where appropriate - * Cleanp Type __postgres_role: Use shortcut version + in documentation (Nico Schottelius) + * Cleanp Type __postgres_role: Use boolean parameters where appropriate (Nico Schottelius) + * Cleanp Type __postgres_role: Use shortcut version (Nico Schottelius) 2.1.0pre5: 2012-11-01 - * Core: First round of tests updated to work with multiple configuration directories + * Core: First round of tests updated to work with multiple configuration directories (Nico Schottelius) 2.1.0pre4: 2012-10-31 - * Dist: PyPi: Moved cdist.py to script/cdist to avoid double import - * Core: Added support for multiple configuration directories (no documentation) + * Dist: PyPi: Moved cdist.py to script/cdist to avoid double import (Nico Schottelius) + * Core: Added support for multiple configuration directories (no documentation) (Nico Schottelius) 2.1.0pre3: 2012-10-30 - * Dist: PyPi: Types and explorer included as package data + * Dist: PyPi: Types and explorer included as package data (Nico Schottelius) 2.1.0pre2: 2012-10-26 - * Dist: PyPi: Add conf/ directory to distribution - * Dist: Initial support for archlinux packaging + * Dist: PyPi: Add conf/ directory to distribution (Nico Schottelius) + * Dist: Initial support for archlinux packaging (Nico Schottelius) 2.1.0pre1: 2012-10-26 - * Core: Removed obsolete variable __self - * Removed type __addifnosuchline (replaced by __line) - * Removed type __removeline (replaced by __line) - * Type __directory: Parameter --parents and --recursive are now boolean + * Core: Removed obsolete variable __self (Nico Schottelius) + * Removed type __addifnosuchline (replaced by __line) (Nico Schottelius) + * Removed type __removeline (replaced by __line) (Nico Schottelius) + * Type __directory: Parameter --parents and --recursive are now boolean (Nico Schottelius) * Type __package_apt, __package_luarocks, __package_opkg, __package_pacman, __package_pkg_freebsd, __package_pkg_openbsd, __package_rubygem, __package_yum, __process: - Parameter state accepts only "present" and "absent" - * Dist: Initial support for pypi packaging + Parameter state accepts only "present" and "absent" (Nico Schottelius) + * Dist: Initial support for pypi packaging (Nico Schottelius) 2.0.15: 2012-11-02 * Core: Make variable __object_name available in type explorers (Steven Armtrong) - * New Type: __qemu_img - * New Type: __line + * New Type: __qemu_img (Nico Schottelius) + * New Type: __line (Nico Schottelius) * New Type: __pf_apply (Jake Guffey) * New Type: __pf_ruleset (Jake Guffey) - * Bugfix Type: __rvm: Make type work if rvm is already installed + * Bugfix Type: __rvm: Make type work if rvm is already installed (Nico Schottelius) 2.0.14: 2012-09-07 * Bugfix Type: __jail: Use correct variable (Jake Guffey) * Change Type: __jail: Parameter jailbase now optional (Jake Guffey) * Bugfix Type: __user: Use passwd database on FreeBSD (Jake Guffey) - * Bugfix Type: __start_on_boot: Do not change parameters + * Bugfix Type: __start_on_boot: Do not change parameters (Nico Schottelius) * Feature __user: Added support for BSDs (Sébastien Gross) * Feature __group: Added support for FreeBSD (Jake Guffey) - * New Type: __package_zypper - * Feature Types: Initial Support for SuSE Linux + * New Type: __package_zypper (Nico Schottelius) + * Feature Types: Initial Support for SuSE Linux (Nico Schottelius) 2.0.13: 2012-06-05 * Bugfix __ssh_authorized_key: Ensure it sets proper group (contradict) - * Bugfix __addifnosuchline: Fixed quotes/interpolation bug ("a b" became "a b") + * Bugfix __addifnosuchline: Fixed quotes/interpolation bug ("a b" became "a b") (Nico Schottelius) * New Explorer: interfaces (Sébastien Gross) * Feature core: Support reading from stdin in types (Steven Armstrong) * Feature core: Support multiple parameters for types (Steven Armstrong) @@ -329,24 +388,24 @@ Changelog 2.0.12: 2012-05-29 * Core: Correctly raise error on Python < 3.2 (Steven Armtrong) - * Core: Add support for --remote-exec and --remote-copy parameters + * Core: Add support for --remote-exec and --remote-copy parameters (Nico Schottelius) * Documentation: Debian Squeeze hints (Sébastien Gross) 2.0.11: 2012-05-23 - * Fix insecure file/directory creation: Use umask 077 + * Fix insecure file/directory creation: Use umask 077 (Nico Schottelius) 2.0.10: 2012-05-18 * Cleanup __group: No getent gshadow in old Redhat, use groupmod -g (Matt Coddington) - * Bugfix __package_yum: Missing cat + * Bugfix __package_yum: Missing cat (Nico Schottelius) * Bugfix __start_on_boot: Correctly use sed and quotes (Steven Armstrong) * Feature __file: Support for --state exists (Steven Armstrong) - * Feature core: Make variable __manifest available to type manifests + * Feature core: Make variable __manifest available to type manifests (Nico Schottelius) * Feature core: Correct parent dependency handling (Steven Armstrong) * Bugfix several types: Fix sed for FreeBSD (Istvan Beregszaszi) * New Type: __jail (Jake Guffey) * Change Type: __rvm*: --state present/absent not installed/remvoed (Evax Software) - * Bugfix Type: __cron: Hide error output from crontab + * Bugfix Type: __cron: Hide error output from crontab (Nico Schottelius) * Various smaller bugfixes (Chris Lamb) 2.0.9: 2012-03-12 @@ -360,19 +419,19 @@ Changelog * Feature __start_on_boot: Support for OpenWRT (Giel van Schijndel) * Feature __start_on_boot: Support for Amazon Linux (Matt Coddington) * New Example: Use rsync to backup files (Matt Coddington) - * Feature core: Exit non-zero, if configuration failed + * Feature core: Exit non-zero, if configuration failed (Nico Schottelius) * Documentation: Describe how to do templating (Aurélien Bondis) 2.0.8: 2012-02-20 - * Bugfix core: Remove another nasty traceback when sending SIGINT (aka Ctrl-C) - * Cleanup: Better hint to source of error - * Cleanup: Do not output failing script, but path to script only + * Bugfix core: Remove another nasty traceback when sending SIGINT (aka Ctrl-C) (Nico Schottelius) + * Cleanup: Better hint to source of error (Nico Schottelius) + * Cleanup: Do not output failing script, but path to script only (Nico Schottelius) * Cleanup: Remove support for __debug variable in manifests (Type != Core - debugging) + debugging) (Nico Schottelius) * Cleanup: Change __package_* to support absent/present (default state - name now). The values removed/installed will be removed in cdist 2.1. + name now). The values removed/installed will be removed in cdist 2.1. (Nico Schottelius) * Cleanup: Change __process to support absent/present (default state - name now). The values running/stopped will be removed in cdist 2.1. + name now). The values running/stopped will be removed in cdist 2.1. (Nico Schottelius) * Feature Core: Support boolean parameters (Steven Armstrong) 2.0.7: 2012-02-13 @@ -381,9 +440,9 @@ Changelog * Bugfix __link: Properly handle existing links (Steven Armstrong) * Bugfix __key_value: More robust implementation (Steven Armstrong) * Bugfix __user: Fix for changing a user's group by name (Matt Coddington) - * New Type: __package_pip + * New Type: __package_pip (Nico Schottelius) * Bugfix/Cleanup: Correctly allow Object ID to start and end with /, but - not contain //. + not contain //. (Nico Schottelius) 2.0.6: 2012-01-28 * Bugfix __apt_ppa: @@ -402,8 +461,8 @@ Changelog 2.0.5: 2012-01-18 * Bugfix __key_value: Use correct delimiters (Steven Armstrong, Daniel Maher) - * Cleanup: Explicitly require Python >= 3.2 (do not fail implicitly) - * Documentation: (Re)write of the tutorial + * Cleanup: Explicitly require Python >= 3.2 (do not fail implicitly) (Nico Schottelius) + * Documentation: (Re)write of the tutorial (Nico Schottelius) * Feature: __addifnosuchline supports matching on regular expressions (Daniel Maher) * Feature: __directory, __file, __link: @@ -412,11 +471,11 @@ Changelog * New Type: __cdistmarker (Daniel Maher) 2.0.4: 2011-11-18 - * Bugfix core: Remove traceback when sending SIGINT (aka Ctrl-C) + * Bugfix core: Remove traceback when sending SIGINT (aka Ctrl-C) (Nico Schottelius) * Bugfix core: Accept parameters with - in the name (Steven Armstrong) - * Cleanup: __object_fq variable removed (never used) - * Cleanup: Environment variable __self DEPRECATED, use __object_name instead - * Cleanup: Environment variable __self scheduled for removal in cdist 2.1 + * Cleanup: __object_fq variable removed (never used) (Nico Schottelius) + * Cleanup: Environment variable __self DEPRECATED, use __object_name instead (Nico Schottelius) + * Cleanup: Environment variable __self scheduled for removal in cdist 2.1 (Nico Schottelius) * Documentation: Many examples for use of __remote_* (Steven Armstrong) * Feature: Automatically require all used objects (Steven Armstrong) * New Type: __cron (Steven Armstrong) @@ -424,28 +483,28 @@ Changelog 2.0.3: 2011-10-18 * Improved logging, added --verbose, by more quiet by default * Bugfix __user: Correct quoting (Steven Armstrong) - * Bugfix __addifnosuchline: Falsely exited - * Bugfix requirements: Restore original require="" behaviour - * Feature requirements: Check for broken object_ids and abort + * Bugfix __addifnosuchline: Falsely exited (Nico Schottelius) + * Bugfix requirements: Restore original require="" behaviour (Nico Schottelius) + * Feature requirements: Check for broken object_ids and abort (Nico Schottelius) * Massive refactoring and unittesting introduced (Steven Armstrong) 2.0.2: 2011-09-27 * Add support for detection of OpenWall Linux (Matthias Teege) - * Add support for __debug variable in manifests - * Bugfix core: Various issues with type emulator + * Add support for __debug variable in manifests (Nico Schottelius) + * Bugfix core: Various issues with type emulator (Nico Schottelius) 2.0.1: 2011-09-23 - * Bugfix core: Always print source of error in case of exec errors - * Bugfix core: Various smaller bugs in string concatenation - * Feature: Add marker "changed" to changed objects + * Bugfix core: Always print source of error in case of exec errors (Nico Schottelius) + * Bugfix core: Various smaller bugs in string concatenation (Nico Schottelius) + * Feature: Add marker "changed" to changed objects (Nico Schottelius) 2.0.0: 2011-09-16 * New Type: __package_rubygem (Chase Allen James) - * __self replaced by __object_fq - * Rewrote cdist in Python + * __self replaced by __object_fq (Nico Schottelius) + * Rewrote cdist in Python (Nico Schottelius) 1.7.1: 2011-07-26 - * Documentation: Add explorers to reference + * Documentation: Add explorers to reference (Nico Schottelius) * Documentation: Typo cleanup (Derek Brost) * Type __key_value: Bugfix (Steven Armstrong) * New Type: __postgres_role (Steven Armstrong) @@ -455,42 +514,42 @@ Changelog * Bugfix type __package_yum: Fix redhat support (Ramon Salvadó) * Improved type __package_yum: Add centos support (Ramon Salvadó) * New Type: __timezone (Ramon Salvadó) - * Renamed explorer: hardware_type to machine - * Core: Do not execute empty code fragments + * Renamed explorer: hardware_type to machine (Nico Schottelius) + * Core: Do not execute empty code fragments (Nico Schottelius) 1.6.2: 2011-04-19 - * Core: Introduce __cdist_tmp_base_dir - * Core: Cleanup and enhance cdist-type-template - * Core: cdist-mass-deploy: Report failed cdist-deploy-to instances + * Core: Introduce __cdist_tmp_base_dir (Nico Schottelius) + * Core: Cleanup and enhance cdist-type-template (Nico Schottelius) + * Core: cdist-mass-deploy: Report failed cdist-deploy-to instances (Nico Schottelius) * New Type: __ssh_authorized_key (Aurélien Bondis) 1.6.1: 2011-04-07 - * Improved logging: Show code responsible for abort - * Improved logging: Consistently prefix with current object or core - * Bugfix: Type __debconf_set_selections used wrong contens for selection - * Bugfix: Don't fail, if cache directory is not existing - * Bugfix: __user and __group exited non-zero if no change was necessary - * New Explorer: hardware_type + * Improved logging: Show code responsible for abort (Nico Schottelius) + * Improved logging: Consistently prefix with current object or core (Nico Schottelius) + * Bugfix: Type __debconf_set_selections used wrong contens for selection (Nico Schottelius) + * Bugfix: Don't fail, if cache directory is not existing (Nico Schottelius) + * Bugfix: __user and __group exited non-zero if no change was necessary (Nico Schottelius) + * New Explorer: hardware_type (Nico Schottelius) * New Type: __package_pkg_openbsd (Andi Brönnimann) * New Type: __autofs_map (Steven Armstrong) * New Type: __autofs_master (Steven Armstrong) 1.6.0: 2011-04-06 - * New Type: __package_yum - * New type: __debconf_set_selections - * New explorer: os_version - * Bugfix: Type __group failed in case of __group NAME syntax + * New Type: __package_yum (Nico Schottelius) + * New type: __debconf_set_selections (Nico Schottelius) + * New explorer: os_version (Nico Schottelius) + * Bugfix: Type __group failed in case of __group NAME syntax (Nico Schottelius) * Bugfix: __package* types: consistently name --state removed instead of - uninstalled or deinstalled - * Type __package: Added Fedora support - * Type __package_apt: Removed --preseed support - * Explorer os gained Fedora support - * Simplified types __user and __group - * New helper binary: cdist-mass-deploy + uninstalled or deinstalled (Nico Schottelius) + * Type __package: Added Fedora support (Nico Schottelius) + * Type __package_apt: Removed --preseed support (Nico Schottelius) + * Explorer os gained Fedora support (Nico Schottelius) + * Simplified types __user and __group (Nico Schottelius) + * New helper binary: cdist-mass-deploy (Nico Schottelius) 1.5.0: 2011-04-01 - * Add basic cache functionality - * New type: __process + * Add basic cache functionality (Nico Schottelius) + * New type: __process (Nico Schottelius) * Restructured execution: (Steven Armstrong) Orientate processing on objects, resolve dependencies and ensure correct execution order. @@ -500,77 +559,77 @@ Changelog 1.4.1: 2011-03-25 * New type: __key_value (Steven Armstrong) * New type: __apt_ppa (Steven Armstrong) - * Documentation: Manpage generation cleanup + * Documentation: Manpage generation cleanup (Nico Schottelius) * Documentation: Manpage fix for __apt_ppa 1.4.0: 2011-03-24 - * Add --recursive to __directory - * Move cdist generated stuff to .cdist of an object - * Allow objects to be redefined + * Add --recursive to __directory (Nico Schottelius) + * Move cdist generated stuff to .cdist of an object (Nico Schottelius) + * Allow objects to be redefined (Nico Schottelius) 1.3.2: 2011-03-21 - * Add --source to __motd - * Add --preseed to __package_apt - * Include HTML documentation of manpages and publish them + * Add --source to __motd (Nico Schottelius) + * Add --preseed to __package_apt (Nico Schottelius) + * Include HTML documentation of manpages and publish them (Nico Schottelius) 1.3.1: 2011-03-21 - * Document: cdist-type-build-emulation - * Document: cdist-type-emulator - * Document: cdist-remote-explorer-run - * Fix dependencies in cdist-code-run - * Fix dependencies in cdist-manifest-run-all - * Add --source to __issue and fix os check + * Document: cdist-type-build-emulation (Nico Schottelius) + * Document: cdist-type-emulator (Nico Schottelius) + * Document: cdist-remote-explorer-run (Nico Schottelius) + * Fix dependencies in cdist-code-run (Nico Schottelius) + * Fix dependencies in cdist-manifest-run-all (Nico Schottelius) + * Add --source to __issue and fix os check (Nico Schottelius) 1.3.0: 2011-03-20 - * Add support for local and remote code generation and execution - * Bugfix: Remove obsolete $@ call in cdist-remote-explorer-run - * Bugfix: Correct manpage for __removeline (broke manpage generation) + * Add support for local and remote code generation and execution (Nico Schottelius) + * Bugfix: Remove obsolete $@ call in cdist-remote-explorer-run (Nico Schottelius) + * Bugfix: Correct manpage for __removeline (broke manpage generation) (Nico Schottelius) 1.2.0: 2011-03-19 - * Added dependencies (see cdist-type(7)) + * Added dependencies (see cdist-type(7)) (Nico Schottelius) * New type: __removeline (Daniel Roth) * New type: __group (Steven Armstrong) * New type: __user (Steven Armstrong) - * Documentation: cdist-run-remote - * Documentation: cdist-code-run-all - * Documentation: cdist-object-gencode - * Documentation: cdist-explorer-run-global - * Documentation: cdist-manifest-run-init - * Documentation: cdist-manifest-run-all - * Documentation: cdist-object-gencode-all - * Documentation: cdist-manifest-run + * Documentation: cdist-run-remote (Nico Schottelius) + * Documentation: cdist-code-run-all (Nico Schottelius) + * Documentation: cdist-object-gencode (Nico Schottelius) + * Documentation: cdist-explorer-run-global (Nico Schottelius) + * Documentation: cdist-manifest-run-init (Nico Schottelius) + * Documentation: cdist-manifest-run-all (Nico Schottelius) + * Documentation: cdist-object-gencode-all (Nico Schottelius) + * Documentation: cdist-manifest-run (Nico Schottelius) 1.1.0: 2011-03-16 - * Replace type __file with __file, __directory, __link - * Documentation: cdist-env - * Documentation: cdist-config - * Documentation: cdist-dir - * Documentation: cdist-quickstart + * Replace type __file with __file, __directory, __link (Nico Schottelius) + * Documentation: cdist-env (Nico Schottelius) + * Documentation: cdist-config (Nico Schottelius) + * Documentation: cdist-dir (Nico Schottelius) + * Documentation: cdist-quickstart (Nico Schottelius) 1.0.4: 2011-03-15 - * New type: __motd + * New type: __motd (Nico Schottelius) * New type: __addifnosuchline (Daniel Roth) - * New type: __user - * Document type: __issue - * Document type: __package - * Document type: __package_pacman - * Document type: __package_apt - * New parameter for __file: --owner and --group + * New type: __user (Nico Schottelius) + * Document type: __issue (Nico Schottelius) + * Document type: __package (Nico Schottelius) + * Document type: __package_pacman (Nico Schottelius) + * Document type: __package_apt (Nico Schottelius) + * New parameter for __file: --owner and --group (Nico Schottelius) 1.0.3: 2011-03-11 - * Update regexp used for sane characters - * Allow types without parameters - * Allow type to be singleton - * Type __file learned --type symlink + * Update regexp used for sane characters (Nico Schottelius) + * Allow types without parameters (Nico Schottelius) + * Allow type to be singleton (Nico Schottelius) + * Type __file learned --type symlink (Nico Schottelius) 1.0.2: 2011-03-09 - * Add manpages: cdist-type, cdist-type__file, cdist-reference, cdist-explorer - * Make doc/man/ usable as MANPATH entry + * Add manpages: cdist-type, cdist-type__file, cdist-reference, cdist-explorer (Nico Schottelius) + * Make doc/man/ usable as MANPATH entry (Nico Schottelius) 1.0.1: 2011-03-08 - * Added cdist-type-template including manpage - * Fix manpage building - * Add new manpages: cdist-stages, cdist-bin-transfer + * Added cdist-type-template including manpage (Nico Schottelius) + * Fix manpage building (Nico Schottelius) + * Add new manpages: cdist-stages, cdist-bin-transfer (Nico Schottelius) 1.0.0: 2011-03-07 - * Initial release + * Initial release (Nico Schottelius) diff --git a/docs/dev/logs/2014-09-10.preos-keys b/docs/dev/logs/2014-09-10.preos-keys new file mode 100644 index 00000000..53d3721a --- /dev/null +++ b/docs/dev/logs/2014-09-10.preos-keys @@ -0,0 +1,18 @@ + +cdist preos keyramfs --keyfile --keyfile + +[17:51] freiheit:vcs% mkdir preos-keys +[17:51] freiheit:vcs% mkdir -p preos-keys/root/.ssh +[17:56] freiheit:vcs% + +chown root:root -R preos-keys/ +chmod 0600 preos-keys/root/.ssh/authorized_keys + +chmod 0700 preos-keys/root/ +chmod 0700 preos-keys/root/.ssh/ + +[18:20:17] freiheit:/home/users/nico/.ungleich/ungleich/vcs/preos-keys# find . | cpio -H newc -o | gzip -9 > ../initramfs.cpio.gz +4 blocks +[18:21:08] freiheit:/home/users/nico/.ungleich/ungleich/vcs/preos-keys# + + diff --git a/docs/dev/logs/2014-11-11.discussion b/docs/dev/logs/2014-11-11.discussion new file mode 100644 index 00000000..a04d2823 --- /dev/null +++ b/docs/dev/logs/2014-11-11.discussion @@ -0,0 +1,104 @@ +- logging/cache destination + local: + ~/.cdist/log/by-host/$__target/host/config/YYYY/MM/DD/hhmmss/ + ~/.cdist/log/by-session/YYYY/MM/DD/hhmmss/$__target_host/ + config/ + install/ + export/ + remote: + /var/lib/cdist/YYYY-MM-DD-hhmmss-$sourcehost.$pid + + rm old directories on remote side + +- support for tags + - for partial configuration + - supports also install + - on object definition, define + - a) don't care (i.e. no tags) + - b) require tag (only if this tag is setup) + - c) require not tag (only if this tag is *not* setup) + - d) what if both given (conflicting) + - names for parameters: + - cdist config / cdist type + --if-tag / --not-if-tag / --require-tag + --not-if-tag + +- logging + - command line + - stdin of cdist + - stdout/stderr/stdin of types + - new: stdout/stderr + - initial manifest + - if coming from stdin + +- logging configurable + - to be discussed + +- sudo remote + - cp to tmp & mv + - umask issue? + +- install + - via tagged types + - + +- export + - one /export script per type + - exports of type running after object's code is done + - global export should also exist after everything + - PR & merge + - change DONE status to CODE_DONE + - introduce EXPORT_DONE + + +- preos + - merge with debian support only + - we are open to support --os-type later + +- stackable remotes + - change API for remote_exec and remote_copy + - new minor version + - PR & merge + +- locking + - optional + - remote lock + - based on $(ls /var/lib/cdist/) > 0 + +- ideas for parallelisation + - run explorer in parallel + - type + - object + - objects without dependencies can be run in parallel + +- connection test + - just implement + +- multi user environment + - not really needed [at the moment] + - can be implemented by + - git branches + - setting the output dir + +- python2 support with __future__ + - steven votes against it + - nico does not care too much to object + + +- pull based + - sshd / stdin + stdout + - use Use ProxyCommand with stdin/stdout + - http://www.nico.schottelius.org/blog/openssh-6.2-add-callback-functionality-using-dynamic-remote-port-forwarding/ + + - cdist grant-pull-access + - generate user + - ssh pubkeypair + - call wraper script on targethost + - it is shell! + - ssh cdistuser@controlhost + +- config replay/redo/undo + - not now + + +- have a new discussion about handling uris diff --git a/docs/dev/logs/dependency-tree-with-fruits b/docs/dev/logs/dependency-tree-with-fruits new file mode 100644 index 00000000..322dc6e3 --- /dev/null +++ b/docs/dev/logs/dependency-tree-with-fruits @@ -0,0 +1,29 @@ +1. Manifests need type explorers to be run before + Only this way the manifest can use the values + +2. Type explorers can depend on the (successful) execution of other objects + A type explorer may lookup values (ownership, size, processes, etc.) + that are depending on the code of other objects. + +3. The 'require="a" b' dependency specifies only that execution of b needs to wait until a is finished + Other requirements given at another position may not be + executed before b, as cdist interprets require="a" as + "a is everything that is needed to realise b" + +4. The 'require' state is thus *not* suitable to trigger reloads + A type b, which uses the require="" statement to wait for all + require="" dependencies, may be executed in an incomplete + status. + +5. Depending on multiple dependencies defined at different locations requires all objects to be present + Because otherwise the dependent object cannot be sure that the + list of objects it waits for is complete. + +6. If a statement requires all objects to be present, all manifests must have run already. + If all manifests have run already, also all type explorers have run already (#1). + If all type explorers have run already, some objects may have been finished completly already (#2). + +7. Because of #4 and #6, we need to introduce another dependency that allows reloading after + +8. Because the object could be finished already due to a 'require' dependency, we need another script + Maybe "gen-post-run-local", "gen-post-run-remote" diff --git a/docs/dev/todo/TAKEME b/docs/dev/todo/TAKEME index 87fc91c5..4d097091 100644 --- a/docs/dev/todo/TAKEME +++ b/docs/dev/todo/TAKEME @@ -5,10 +5,6 @@ Feel free to pick one! CORE ---- -- support default parameter -- document and add paremeters for remote-copy and remote-exec! - - remove hack, make a feature of it - - remove var=foo calls on remote side. Use -o SendEnv (yeah, see ssh_config(5)) TESTS @@ -23,9 +19,6 @@ TESTS USER INTERFACE -------------- -- How to cleanly implement "restart service if config file changed" - -> document - - Cache - add example how to use - export variable $__cache @@ -45,7 +38,6 @@ TYPES - Add testing framework (proposed by Evax Software) - __user add option to include --create-home -- Merge __addifnosuchline and __removeline into __line + --state present|absent - __cron: Support --file to be used instead of user cron (probably direct support of /etc/cron.d) diff --git a/docs/man/cdist-reference.text.sh b/docs/man/cdist-reference.text.sh index 7081e762..fda7aa9c 100755 --- a/docs/man/cdist-reference.text.sh +++ b/docs/man/cdist-reference.text.sh @@ -203,10 +203,10 @@ __global:: Directory that contains generic output like explorer. Available for: initial manifest, type manifest, type gencode, shell __messages_in:: - File to read messages from + File to read messages from. Available for: initial manifest, type manifest, type gencode __messages_out:: - File to write messages + File to write messages. Available for: initial manifest, type manifest, type gencode __object:: Directory that contains the current object. diff --git a/docs/man/man7/cdist-explorer.text b/docs/man/man7/cdist-explorer.text index 2c25d845..a99be050 100644 --- a/docs/man/man7/cdist-explorer.text +++ b/docs/man/man7/cdist-explorer.text @@ -50,7 +50,7 @@ else name="$__object_id" fi -# Except dpkg failing, if package is not known / installed +# Expect dpkg failing, if package is not known / installed dpkg -s "$name" 2>/dev/null || exit 0 -------------------------------------------------------------------------------- @@ -64,5 +64,5 @@ SEE ALSO COPYING ------- -Copyright \(C) 2010-2012 Nico Schottelius. Free use of this software is +Copyright \(C) 2010-2014 Nico Schottelius. Free use of this software is granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/docs/man/man7/cdist-manifest.text b/docs/man/man7/cdist-manifest.text index b28fe94f..80df5410 100644 --- a/docs/man/man7/cdist-manifest.text +++ b/docs/man/man7/cdist-manifest.text @@ -110,6 +110,7 @@ setup the variable "require" to contain the requirements. Multiple requirements can be added white space separated. -------------------------------------------------------------------------------- + 1 # No dependency 2 __file /etc/cdist-configured 3 @@ -121,21 +122,43 @@ requirements can be added white space separated. 9 require="__file/etc/cdist-configured __link/tmp/cdist-testfile" \ 10 __file /tmp/cdist-another-testfile - -------------------------------------------------------------------------------- Above the "require" variable is only set for the command that is -immediately following it. Dependencies should allways be declared that way. +immediately following it. Dependencies should always be declared that way. -On line 4 you can see that the instantion of a type "__link" object needs +On line 4 you can see that the instantion of a type "\__link" object needs the object "__file/etc/cdist-configured" to be present, before it can proceed. -This also means that the "__link" command must make sure, that either -"__file/etc/cdist-configured" allready is present, or, if it's not, it needs +This also means that the "\__link" command must make sure, that either +"\__file/etc/cdist-configured" allready is present, or, if it's not, it needs to be created. The task of cdist is to make sure, that the dependency will be -resolved appropriately and thus "__file/etc/cdist-configured" be created +resolved appropriately and thus "\__file/etc/cdist-configured" be created if necessary before "__link" proceeds (or to abort execution with an error). +If you really need to make all types depend on a common dependency, you can +export the "require" variable as well. But then, if you need to add extra +dependencies to a specific type, you have to make sure that you append these +to the globally already defined one. + +-------------------------------------------------------------------------------- + +# First of all, update the package index +__package_update_index +# Upgrade all the installed packages afterwards +require="__package_update_index" __package_upgrade_all +# Create a common dependency for all the next types so that they get to +# be executed only after the package upgrade has finished +export require="__package_upgrade_all" + +# Ensure that lighttpd is installed after we have upgraded all the packages +__package lighttpd --state present +# Ensure that munin is installed after lighttpd is present and after all +# the packages are upgraded +require="$require __package/lighttpd" __package munin --state present + +-------------------------------------------------------------------------------- + All objects that are created in a type manifest are automatically required from the type that is calling them. This is called "autorequirement" in cdist jargon. @@ -153,8 +176,6 @@ automatically depends on the previously created object. It essentially helps you to build up blocks of code that build upon each other (like first creating the directory xyz than the file below the directory). -THIS IS A BETA FEATURE AND MAY BE REMOVED OR CHANGED AT ANY TIME. - OVERRIDES --------- @@ -171,8 +192,6 @@ If CDIST_OVERRIDE and CDIST_ORDER_DEPENDENCY are set for an object, CDIST_ORDER_DEPENDENCY will be ignored, because adding a dependency in case of overrides would result in circular dependencies, which is an error. -THIS IS A BETA FEATURE AND MAY BE REMOVED OR CHANGED AT ANY TIME. - diff --git a/docs/man/man7/cdist-messaging.text b/docs/man/man7/cdist-messaging.text index 0e53871e..a6258564 100644 --- a/docs/man/man7/cdist-messaging.text +++ b/docs/man/man7/cdist-messaging.text @@ -57,6 +57,48 @@ if grep -q "^__your_type/object/id:something" "$__messages_in"; then fi -------------------------------------------------------------------------------- +Some real life examples: +-------------------------------------------------------------------------------- +# Reacting on changes from block for keepalive +if grep -q "^__block/keepalive-vrrp" "$__messages_in"; then + echo /etc/init.d/keepalived restart +fi + +# Reacting on changes of configuration files +if grep -q "^__file/etc/one" $__messages_in; then + echo 'for init in /etc/init.d/opennebula*; do $init restart; done' +fi +-------------------------------------------------------------------------------- + +Restart sshd on changes +-------------------------------------------------------------------------------- +os="$(cat "$__global/explorer/os")" + +case "$os" in + centos|redhat|suse) + restart="/etc/init.d/sshd restart" + ;; + debian|ubuntu) + restart="/etc/init.d/ssh restart" + ;; + *) + cat << eof >&2 +Unsupported os $os. +If you would like to have this type running on $os, +you can either develop the changes and send a pull +request or ask for a quote at www.ungleich.ch +eof + exit 1 + ;; +esac + +if grep -q "^__key_value/PermitRootLogin" "$__messages_in"; then + echo $restart +fi +-------------------------------------------------------------------------------- + + + SEE ALSO -------- diff --git a/docs/man/man7/cdist-type.text b/docs/man/man7/cdist-type.text index 323fc130..71d04ab3 100644 --- a/docs/man/man7/cdist-type.text +++ b/docs/man/man7/cdist-type.text @@ -100,7 +100,7 @@ echo use_ssl >> cdist/conf/type/__nginx_vhost/parameter/boolean USING PARAMETERS ---------------- The parameters given to a type can be accessed and used in all type scripts -(e.g manifest, gencode-*, explorer/*). Note that boolean parameters are +(e.g manifest, gencode, explorer). Note that boolean parameters are represented by file existence. File exists -> True, file does not exist -> False @@ -281,7 +281,7 @@ on the target, there must be another type that provides this tool and the first type should create an object of the specific type. If your type wants to save temporary data, that may be used by other types -later on (for instance __file), you can save them in the subdirectory +later on (for instance \__file), you can save them in the subdirectory "files" below $__object (but you must create it yourself). cdist will not touch this directory. diff --git a/docs/speeches/2014-05-08_linuxtag_berlin.odp b/docs/speeches/2014-05-08_linuxtag_berlin.odp new file mode 100644 index 00000000..38063332 Binary files /dev/null and b/docs/speeches/2014-05-08_linuxtag_berlin.odp differ diff --git a/docs/speeches/2014-05-08_linuxtag_berlin.pdf b/docs/speeches/2014-05-08_linuxtag_berlin.pdf new file mode 100644 index 00000000..88fbeb6e Binary files /dev/null and b/docs/speeches/2014-05-08_linuxtag_berlin.pdf differ diff --git a/docs/speeches/2014-05-19_cdi.st-zkb_linux_erfa.odp b/docs/speeches/2014-05-19_cdi.st-zkb_linux_erfa.odp new file mode 100644 index 00000000..a09db845 Binary files /dev/null and b/docs/speeches/2014-05-19_cdi.st-zkb_linux_erfa.odp differ diff --git a/docs/speeches/2014-05-19_cdi.st-zkb_linux_erfa.pdf b/docs/speeches/2014-05-19_cdi.st-zkb_linux_erfa.pdf new file mode 100644 index 00000000..9c169a84 Binary files /dev/null and b/docs/speeches/2014-05-19_cdi.st-zkb_linux_erfa.pdf differ diff --git a/docs/speeches/2014-06-10_openclouddays.odp b/docs/speeches/2014-06-10_openclouddays.odp new file mode 100644 index 00000000..e85451c8 Binary files /dev/null and b/docs/speeches/2014-06-10_openclouddays.odp differ diff --git a/docs/speeches/2014-06-10_openclouddays_teaser.odp b/docs/speeches/2014-06-10_openclouddays_teaser.odp new file mode 100644 index 00000000..16ec8e95 Binary files /dev/null and b/docs/speeches/2014-06-10_openclouddays_teaser.odp differ diff --git a/docs/speeches/2014-06-10_openclouddays_teaser.pdf b/docs/speeches/2014-06-10_openclouddays_teaser.pdf new file mode 100644 index 00000000..c5a052b8 Binary files /dev/null and b/docs/speeches/2014-06-10_openclouddays_teaser.pdf differ diff --git a/docs/speeches/2014-06-19_ucms14_cdi.st.odp b/docs/speeches/2014-06-19_ucms14_cdi.st.odp new file mode 100644 index 00000000..9338abe4 Binary files /dev/null and b/docs/speeches/2014-06-19_ucms14_cdi.st.odp differ diff --git a/docs/speeches/2014-06-19_ucms14_cdist_cinv_bof.odp b/docs/speeches/2014-06-19_ucms14_cdist_cinv_bof.odp new file mode 100644 index 00000000..21f59ee8 Binary files /dev/null and b/docs/speeches/2014-06-19_ucms14_cdist_cinv_bof.odp differ diff --git a/docs/speeches/2014-11-07_sfs_linux_erfa_cdist4.odp b/docs/speeches/2014-11-07_sfs_linux_erfa_cdist4.odp new file mode 100644 index 00000000..29ada1b0 Binary files /dev/null and b/docs/speeches/2014-11-07_sfs_linux_erfa_cdist4.odp differ diff --git a/docs/speeches/2014-11-07_sfs_linux_erfa_cdist4.pdf b/docs/speeches/2014-11-07_sfs_linux_erfa_cdist4.pdf new file mode 100644 index 00000000..718d3997 Binary files /dev/null and b/docs/speeches/2014-11-07_sfs_linux_erfa_cdist4.pdf differ diff --git a/docs/speeches/2014-11-07_sfs_linux_erfa_cdist_web_prototype.odp b/docs/speeches/2014-11-07_sfs_linux_erfa_cdist_web_prototype.odp new file mode 100644 index 00000000..47c858d4 Binary files /dev/null and b/docs/speeches/2014-11-07_sfs_linux_erfa_cdist_web_prototype.odp differ diff --git a/docs/speeches/2014-11-07_sfs_linux_erfa_cdist_web_prototype.pdf b/docs/speeches/2014-11-07_sfs_linux_erfa_cdist_web_prototype.pdf new file mode 100644 index 00000000..ae0a3bef Binary files /dev/null and b/docs/speeches/2014-11-07_sfs_linux_erfa_cdist_web_prototype.pdf differ diff --git a/docs/web/cdist/install.mdwn b/docs/web/cdist/install.mdwn index c81354f0..ce6ca877 100644 --- a/docs/web/cdist/install.mdwn +++ b/docs/web/cdist/install.mdwn @@ -137,7 +137,7 @@ immediately. To install cdist, execute the following commands: - git clone git://git.schottelius.org/cdist + git clone https://github.com/telmich/cdist.git cd cdist export PATH=$PATH:$(pwd -P)/bin diff --git a/other/archived_types/.README.unmaintained b/other/archived_types/.README.unmaintained index e9795911..513f3b78 100644 --- a/other/archived_types/.README.unmaintained +++ b/other/archived_types/.README.unmaintained @@ -1 +1 @@ -This type is not maintained by anymore and has thus been removed from cdist. +This type is not maintained anymore and has thus been removed from cdist.