Commit graph

2251 commits

Author SHA1 Message Date
ander 60753ddfcc
fix shellcheck 2021-07-01 14:42:10 +03:00
ander 7b3f268df2
[__download] improvements
1. post download checksum verification
2. detect hashes without prefix
3. add optional --destination
4. updated man
2021-06-22 16:36:30 +03:00
Dennis Camera d596986af8 [type/__pyvenv] Fix group explorer 2021-05-31 09:06:52 +02:00
poljakowski d2ce55ea6e Merge branch '__git_fix_group_explorer' into 'master'
[__git] fix group explorer

See merge request ungleich-public/cdist!992
2021-05-29 11:20:20 +02:00
ander 503a06ed28
[__git] fix group explorer
group name from numberic id wasn't resolved correctly.

try to use getent and fallback to reading /etc/group directly.
2021-05-23 13:35:33 +03:00
evilham 81b426e4e2 [__letsencrypt_cert] Revamp explorers, add locking.
Closes #839

See merge request ungleich-public/cdist!976

This patch joins all explorers in one to avoid starting multiple remote python
processes and uses a cdist-specific lock in /tmp/certbot.cdist.lock with a
60 seconds timeout.
2021-05-10 12:10:01 +02:00
evilham a696f3cf00 [__letsencrypt_cert] Revamp explorers, add locking.
This would fix #839

Certbot uses locking [1] even for read-only operations and does not properly
use exit codes, which means that sometimes it would print:
"Another instance of Certbot is already running" and exit with success.

However, the previous explorers would take that as the certificate being absent
and would trigger code generation.

The issue was made worse by having many explorers running certbot, so for N
certificates, we'd run certbot N*4 times, potentially "in parallel".


This patch joins all explorers in one to avoid starting multiple remote python
processes and uses a cdist-specific lock in /tmp/certbot.cdist.lock with a
60 seconds timeout.

It has been tested with certbot 0.31.0 and 0.17 that the:

    from certbot.main import main

trick works. It is somewhat well documented so it can be somewhat relied upon.
2021-05-10 12:10:00 +02:00
evilham c00c8c2012 [__apt_key*] Deprecate __apt_key_uri and improve __apt_key
Previously this type was falling back to using the deprecated apt-key(8) by
checking for existence of files/directories on the controller host in

Adding `--use-deprecated-apt-key` as an explicit boolean serves two purposes:
1. It prevents fallbacks that might end up doing the wrong thing
   (as was the case)
2. It allows for a simple way to remove keys from the keyring that were
   previously added with apt-key(8) to /etc/apt/trusted.gpg

This parameter is added marked as deprecated as is only intended use is to
migrate to directory-based keyrings as recommended by Debian for a few releases.
It will be removed when Debian 11 stops being supported.

During the review process of this merge request, it was noted that the state of
PGP Key Servers is somewhat suboptimal, that the examples encouraged bad
practise (it is trivial to produce collisions for short key IDs), and that
this use does not require the Web of Trust, but instead only the public key
that is signing the repository.

That is why this also adds `--source` as an argument allowing for in-type or
in-manifest provision of such public keys by the type/manifest maintainer and
the use of Key Servers is still supported, but discouraged.
2021-05-10 12:08:22 +02:00
Dennis Camera 0f05f38384 [type/__postgres_role] Treat --password '' like no --password 2021-04-25 20:01:36 +02:00
Dennis Camera 0d33407b18 [type/__postgres_database] Proper quoting in state explorer 2021-04-25 20:01:36 +02:00
Dennis Camera 8296051653 [type/__postgres_extension] Add state explorer 2021-04-25 20:01:36 +02:00
Dennis Camera 3cf93249c3 [type/__postgres_extension] Include postgres_user explorer from __postgres_conf 2021-04-25 20:01:36 +02:00
Dennis Camera beb8da6d5f [type/__postgres_role] Include postgres_user explorer from __postgres_conf 2021-04-25 20:01:36 +02:00
Dennis Camera 58b279a8d0 [type/__postgres_database] Improve quoting 2021-04-25 20:01:36 +02:00
Dennis Camera 6ac8cbf98f [type/__postgres_database] Include postgres_user explorer from __postgres_conf 2021-04-25 20:01:36 +02:00
poljakowski 71d79ed6ee Merge branch 'feature/type/__postgres_conf' into 'master'
__postgres_conf: new type

See merge request ungleich-public/cdist!972
2021-04-25 15:49:19 +02:00
Dennis Camera 1c047353a9 [bin/cdist] Fix Python version check 2021-04-17 09:57:10 +02:00
Dennis Camera 19bf37be1a [type/__postgres_conf] Update man.rst 2021-04-15 15:56:15 +02:00
Dennis Camera 686e4f0f2d [type/__postgres_conf] Reverse state logic (decide based on source first) 2021-04-15 15:50:03 +02:00
Dennis Camera bef1433ba3 [type/__postgres_conf] Accept empty values 2021-04-15 15:50:03 +02:00
Dennis Camera 12c2995494 [type/__postgres_conf] Implement complex state compare logic 2021-04-15 15:50:02 +02:00
Dennis Camera e0416403c4 [type/__postgres_conf] Add psql_conf_source function to state explorer 2021-04-15 15:50:02 +02:00
Dennis Camera 2ccc03fef1 [type/__postgres_conf] Add psql_conf_cmp function to state explorer 2021-04-15 15:50:02 +02:00
Dennis Camera 92b8942a8c [type/__postgres_conf] Add psql_exec function to state explorer 2021-04-15 15:50:02 +02:00
ander d2eec60668
[__download] make --sum optional 2021-04-11 23:16:00 +03:00
Darko Poljak 750c71fb5a Minor refactoring and remove code duplication 2021-04-07 10:25:26 +02:00
Darko Poljak 199effb7ef Improve unfinished object requirements bool check
When we need only boolean value for unfinished object requirements then
we don't need to determine the whole list of unfinished objects.
2021-04-06 19:35:14 +02:00
poljakowski ce79a2069c Merge branch 'fix/type/__pyvenv/numeric-owner' into 'master'
__pyvenv: Fix if --owner / --group is numeric

See merge request ungleich-public/cdist!988
2021-04-01 15:36:02 +02:00
poljakowski c981f654f1 Merge branch 'fix/type/__git/numeric-owner' into 'master'
__git: Fix if --owner / --group is numeric

See merge request ungleich-public/cdist!987
2021-04-01 15:35:46 +02:00
Darko Poljak 4c2d273f07 Unify string formatting
Use one way of string formatting: replace old `%` style with new `str.format`.

Resolve #855.
2021-03-31 08:19:34 +02:00
Darko Poljak f984a918b9 Fix log message string formatting
Use logging message format with args, instead of direct `%` or `str.format`.

Resolve #855.
2021-03-31 08:19:28 +02:00
Dennis Camera 985252585c [type/__pyvenv] Fix if --owner / --group is numeric
Before, if --owner and/or --group was numeric, gencode-remote would generate
`chown` code every time.
2021-03-30 13:26:21 +02:00
Dennis Camera 167c2ad7ea [type/__git] Fix if --owner / --group is numeric
Before, if --owner and/or --group was numeric, gencode-remote would generate
`chown` code every time.
2021-03-30 13:24:56 +02:00
Darko Poljak 7a0b697f4c Implement maintaining object relationship graph
For each object maintain parent-child relationship graph, i.e. list of
parent objects ('parents' property) and list of children objects ('children'

Objects without parent(s) are objects specified in init manifest.
Objects without children are object of types that do not reuse other types.
2021-03-30 12:09:59 +02:00
poljakowski c55397766e Merge branch 'feature/type/__sshd_config/whitelist-openbmc' into 'master'
__sshd_config: Whitelist OpenBMC

See merge request ungleich-public/cdist!980
2021-03-12 08:20:35 +01:00
Dennis Camera e47c4dd8a4 [type/__sshd_config] Whitelist OpenBMC in manifest 2021-03-11 14:17:44 +01:00
Dennis Camera fb19f34266 [type/__ssh_authorized_key] Only grep if file exists 2021-03-09 21:15:26 +01:00
Steven Armstrong ea0126dd81 Make local state dir available to custom remote scripts
Signed-off-by: Steven Armstrong <>
2021-03-05 16:11:49 +01:00
poljakowski 1bc0d912bf Merge branch 'fix/type/__pyvenv/man-typo' into 'master'
__pyvenv: Fix user example

See merge request ungleich-public/cdist!978
2021-03-02 09:28:50 +01:00
Dennis Camera 8ef19d47f6 [type/__pyvenv] Fix example (--user -> --owner) 2021-03-01 17:59:45 +01:00
poljakowski 6358885d26 Merge branch 'feature/__package_pip/extras' into 'master'
__package_pip: add optional (extra) dependencies

See merge request ungleich-public/cdist!975
2021-02-23 06:27:09 +01:00
poljakowski b3a9c907ad Merge branch '__letsencrypt_cert-fix-hooks' into 'master'
[__letsencrypt_cert] Fix various issues with hooks.

Closes #853

See merge request ungleich-public/cdist!977
2021-02-22 09:09:45 +01:00
poljakowski e854db096e Merge branch 'fix/type/__postgres_role/implement-alter' into 'master'
__postgres_role: implement modification of roles

See merge request ungleich-public/cdist!973
2021-02-22 08:58:58 +01:00
matze d1f45d3524 __package_pip: corrected typo in man
.. by fully replacing it with a smaller sentence.
2021-02-19 09:03:56 +01:00
Dennis Camera 0835f414a5 [type/__postgres_conf] Extract PostgreSQL service user detection to separate explorer 2021-02-16 16:03:23 +01:00
matze 2ce1fce767 __package_pip: match package names case insensitive
Pip matches them insensitive, so we need to do the same to avoid
problems by saying extras are not installed but already is there in
2021-02-15 16:17:46 +01:00
matze 951712740f __package_pip: update man.rst
Adjusted comments for `explorer/extras` and updated the man page for the
new behaviour of updating the extras.
2021-02-12 13:42:51 +01:00
matze a9d7dfb2ed __package_pip: split extra 'all' to a list of all extras
This will fix if a package will be upgraded from some extras to all
extras. Previously, it will not work because some dependencies of 'all'
are already installed, so the feature 'all' is already installed.

Now, it will use a list of all extras to iterate over them separatly. This
will result it will never install all extras via `[all]`, but rather
2021-02-12 09:17:02 +01:00
matze 7398382890 __package_pip: fix shellcheck
Useless `cat $file`, use `< $file` instead.
2021-02-11 23:12:10 +01:00
matze 2db0ef7c98 __package_pip: updating real detection of extras
As the previous detection took the wrong values, this explorer now
checks if packages for an extra are installed or not. If not, the extra
is not installed.

Based on the information of the explorer, it will install the package
again with the absent extras.
2021-02-11 22:53:26 +01:00