Compare commits

...

109 Commits

Author SHA1 Message Date
evilham 74f340ceae [__git] Silence SC2012 as it does not apply to this case. 2020-06-18 12:01:28 +02:00
evilham 0ef94550c7 [__git] Fix quoting error, improve readability in various places. 2020-06-18 11:57:27 +02:00
evilham a837797ee3 [__git] Simplify exporters.
Instead of using stat, we can rely on ls.
Thanks to @ssrq for pointing that out.
2020-06-18 11:39:04 +02:00
evilham e23e5ffa3c [__git] Add a --no-updates flag to support old static behaviour.
Users relying on this would probably be better off using tags, but this enables
old behaviour with minor changes in existing manifests.
2020-06-18 11:28:20 +02:00
evilham 6e3ef60f89 [__git] Fix quoting in gencode-remote.
Echoing is hard turns out.
2020-06-18 11:26:54 +02:00
evilham db68b04420 [__git] Fix bug introduced in explorers.
I was using explorers in the explorers >,< which is not supported and would be
awkward.
While at it, symlinked group to owner and unified that code.
2020-06-18 11:03:48 +02:00
evilham e13b44bd5d [__git] Smart shellcheck! Fix bug 2020-06-18 00:52:46 +02:00
evilham 376fab8a66 [__git] Make shellcheck happy :-) 2020-06-18 00:50:31 +02:00
evilham a40025d842 [__git] Implement onchange triggers and messaging.
Closes #820.
2020-06-18 00:47:16 +02:00
evilham 852ac22b13 [__git] Improve manpage regarding tags usage. 2020-06-18 00:29:34 +02:00
evilham 8f91e4aedc [__git] Keep repository up to date in subsequent runs.
This also ensure that tags and branch changes are supported.

Closes #819.
2020-06-18 00:23:41 +02:00
evilham 05c639e3b7 [__git]: Don't generate code only because owner/group is absent
This closes #821 and improves readability.
2020-06-18 00:12:02 +02:00
evilham 14f0780775 [__git]: Change default behaviour for --mode parameter
By default it only applies to the top-level directory, that way any permissions
that are specified in git are respected after cloning.

Old behaviour can be obtained with the new `--mode-recursive` parameter.

Closes #818.
2020-06-17 22:29:54 +02:00
evilham 79c3734913 [__git]: Improve understanding with a manifest comment. 2020-06-17 22:27:42 +02:00
evilham d59e2c6440 [__git]: Fix explorers on *BSD
stat's implementation differs between BSD and GNU/Linux Operating Systems.
Tested on FreeBSD, manual-compatibility was asserted for OpenBSD and NetBSD.
2020-06-17 22:17:46 +02:00
Darko Poljak a6543a72ad ++changelog 2020-06-17 13:40:31 +02:00
poljakowski d59ba09d71 Merge branch '__download' into 'master'
new type: __download

See merge request ungleich-public/cdist!892
2020-06-17 13:39:07 +02:00
Darko Poljak cdb998398d Release 6.6.0 2020-06-17 12:10:58 +02:00
ander 201050a9e5 new type: __download 2020-06-16 20:53:31 +03:00
Darko Poljak 5be8437a60 ++changelog 2020-06-13 13:48:34 +02:00
poljakowski 7a48b30d7a Merge branch 'log-server-new-min-py-ver' into 'master'
Log server to capture nested logging output

See merge request ungleich-public/cdist!891
2020-06-13 13:46:05 +02:00
Darko Poljak 59b98091d7 Adapt; update docs and code style 2020-06-13 13:44:01 +02:00
Steven Armstrong 57e352cd1e log server is also usefull for cdist config
Signed-off-by: Steven Armstrong <steven@icarus.ethz.ch>
2020-06-13 13:44:01 +02:00
Steven Armstrong 831bfc822b remove unused code
Signed-off-by: Steven Armstrong <steven@icarus.ethz.ch>
2020-06-13 13:44:01 +02:00
Steven Armstrong 6e9e9ad557 implement log server to capture nested logging output
Signed-off-by: Steven Armstrong <steven@icarus.ethz.ch>
2020-06-13 13:44:01 +02:00
Darko Poljak eba3d0505b ++changelog 2020-06-12 06:29:39 +02:00
Darko Poljak eec7ab8e45 Increase minimum supported Python version to 3.5 2020-06-12 06:08:56 +02:00
Darko Poljak 4167f9f60c Use proper format string with name 2020-06-11 14:22:54 +02:00
Darko Poljak 840e417eb7 Fix emulator colored logging 2020-06-11 14:16:37 +02:00
Darko Poljak 74e5d7182a ++changelog 2020-06-10 10:45:20 +02:00
poljakowski b22e09e1af Merge branch '__clean_path_add_path_param' into 'master'
[__clean_path] add --path parameter

See merge request ungleich-public/cdist!889
2020-06-10 10:44:20 +02:00
ander 7c490a703d [__clean_path] add --path parameter 2020-06-10 11:38:14 +03:00
Darko Poljak 955243a93b Update cdist man page copyright years 2020-06-09 12:51:19 +02:00
Darko Poljak 191f45eb7f ++changelog 2020-06-08 13:48:37 +02:00
Darko Poljak 58f101b8e8 Merge branch 'dheule-fix_os_explorer_sles15' 2020-06-08 13:44:11 +02:00
Darko Poljak a251e53495 Merge branch 'fix_os_explorer_sles15' of https://github.com/dheule/cdist into dheule-fix_os_explorer_sles15 2020-06-08 13:43:41 +02:00
Darko Poljak 4a81c019e3 Merge branch 'jaakristioja-master' 2020-06-08 13:37:51 +02:00
Jaak Ristioja 7b262c0cec
[docs] Fixed capitalization of URLs in cdist-bootstrap.rst
Signed-off-by: Jaak Ristioja <jaak@ristioja.ee>
2020-06-08 14:12:03 +03:00
Jaak Ristioja dc018fdb16
[docs] Fixed typo in cdist-cache.rst
Signed-off-by: Jaak Ristioja <jaak@ristioja.ee>
2020-06-08 14:12:03 +03:00
Jaak Ristioja 978e249043
[docs] Fixed capitalization of POSIX in cdist-install.rst
Signed-off-by: Jaak Ristioja <jaak@ristioja.ee>
2020-06-08 14:12:03 +03:00
Jaak Ristioja e1ff1bfdff
[docs] Fixed two typos in cdist-real-world.rst
Signed-off-by: Jaak Ristioja <jaak@ristioja.ee>
2020-06-08 14:12:03 +03:00
Jaak Ristioja 46574fc577
[docs] Fixed three typos in cdist-upgrade.rst
Signed-off-by: Jaak Ristioja <jaak@ristioja.ee>
2020-06-08 14:12:03 +03:00
Jaak Ristioja 3d725f12da
[docs] Fixed a typo and s/posix/POSIX/ in cdist-why.rst
Signed-off-by: Jaak Ristioja <jaak@ristioja.ee>
2020-06-08 14:12:03 +03:00
Jaak Ristioja f5630297bd
[docs] Fixed typo in cdist-configuration.rst
Signed-off-by: Jaak Ristioja <jaak@ristioja.ee>
2020-06-08 14:11:58 +03:00
Darko Poljak be47619b1e ++changelog 2020-06-08 09:11:51 +02:00
poljakowski c8a98c02ff Merge branch 'no-color' into 'master'
Respect NO_COLOR environment variable

See merge request ungleich-public/cdist!887
2020-06-08 09:09:50 +02:00
Dennis Camera 89ebd7a4f7 cdist man page: update --colors metavar name 2020-06-07 19:20:10 +02:00
Dennis Camera 23e66e08fa Restrict colored_output value to always/never/auto. 2020-06-06 13:45:31 +02:00
Dennis Camera 7a570f8692 [cdist.cfg.skeleton] Update colored_output documentation based on cdist(1) 2020-06-05 13:59:17 +02:00
Dennis Camera 790c6efae9 Update colored output documentation 2020-06-05 13:56:30 +02:00
Dennis Camera 89e48734bf Let config file and command line override NO_COLOR envvar 2020-06-05 12:23:36 +02:00
Dennis Camera cdb0d2be41 Patch tests 2020-06-03 23:21:50 +02:00
Dennis Camera 747c6b1076 Respect NO_COLOR environment variable 2020-06-03 22:17:52 +02:00
Daniel Heule 6a611e556a fix os explorer for sles15 2020-06-02 13:40:21 +02:00
Darko Poljak 48d66b0143 ++changelog 2020-06-01 22:25:15 +02:00
poljakowski fc9ce280f7 Merge branch 'bugfix/sphinx-build-failure' into 'master'
Bugfix/sphinx build failure

Closes #814

See merge request ungleich-public/cdist!885
2020-06-01 22:23:50 +02:00
Darko Poljak 55ebd1a4c5 Fix man build failure in newer sphinx versions 2020-06-01 20:22:40 +02:00
Darko Poljak 9a4e3488c2 ++changelog 2020-06-01 19:17:02 +02:00
poljakowski 3fc36a67a1 Merge branch 'evilham-colored-output' into 'master'
[UX] Add option to enable LogLevel-based coloured output.

See merge request ungleich-public/cdist!879
2020-06-01 19:11:58 +02:00
evilham ba77ea9edc [UX] Add option to enable LogLevel-based coloured output.
This makes it easier for new and experienced users to run cdist with higher
verbosity levels, both to know that things are working as expected and to debug
issues.

Documentation has been modified accordingly and default behaviour is not
changed.
2020-06-01 19:11:58 +02:00
Darko Poljak 988190363a Resolve shellcheck SC1090 2020-05-30 15:10:13 +02:00
Darko Poljak b354ea6e94 ++changelog 2020-05-30 10:49:13 +02:00
poljakowski b99f1eda0f Merge branch '__ssh_authorized_keys_remove_unknown' into 'master'
[__ssh_authorized_keys] add --remove-unknown parameter

See merge request ungleich-public/cdist!884
2020-05-30 10:48:02 +02:00
ander 29c0180204 [__ssh_authorized_keys] add --remove-unknown parameter 2020-05-28 23:31:13 +03:00
Darko Poljak abac79d4a5 Release 6.5.6 2020-05-25 11:16:48 +02:00
Darko Poljak ba64971a56 ++changelog 2020-05-24 17:05:01 +02:00
poljakowski 06cc20aa28 Merge branch 'bugfix/multiple-log-lines' into 'master'
Fix multiple log lines

Closes #813

See merge request ungleich-public/cdist!883
2020-05-24 17:01:31 +02:00
Darko Poljak f4e1bbc87e Fix multiple log lines
Fixes #813.
2020-05-24 01:10:56 +02:00
Darko Poljak 6ba73c4be6 ++changelog 2020-05-23 19:03:13 +02:00
poljakowski 15e4b5ee3b Merge branch '__user_remove_freebsd_fix' into 'master'
[__user] fix user delete on freebsd

See merge request ungleich-public/cdist!882
2020-05-23 19:02:31 +02:00
ander b7d3da443c Merge branch 'jaakristioja-master' into github 2020-05-23 01:15:09 +03:00
ander 716d3554f3 [__user] fix user delete on freebsd 2020-05-23 00:48:35 +03:00
Jaak Ristioja 66f4421089
[docs] Fixed two typos in cdist.cfg.skeleton
Signed-off-by: Jaak Ristioja <jaak@ristioja.ee>
2020-05-22 17:14:29 +03:00
Darko Poljak 226ed02c1c ++changelog 2020-05-22 10:09:05 +02:00
poljakowski dab32b0cb6 Merge branch '__group_freebsd_fix' into 'master'
[__group] fix --gid on freebsd

See merge request ungleich-public/cdist!881
2020-05-22 10:08:29 +02:00
poljakowski d1b73dd42b Merge branch '__motd_fix_for_debians' into 'master'
[__motd] debian|ubuntu|devuan use /etc/motd

See merge request ungleich-public/cdist!880
2020-05-22 10:05:50 +02:00
ander 3bcbd95269 [__motd] debian|ubuntu|devuan use /etc/motd 2020-05-22 02:36:49 +03:00
ander bf25a18a04 [__group] fix --gid on freebsd 2020-05-22 02:31:38 +03:00
Darko Poljak f354d80308 ++changelog 2020-05-18 21:03:42 +02:00
poljakowski cc8dcf682c Merge branch 'evilham-authorized_keys-options-bug' into 'master'
[__ssh_authorized_keys] Fix bug where --option was not multiple

See merge request ungleich-public/cdist!878
2020-05-18 21:03:01 +02:00
evilham ad58ea79c2 [__ssh_authorized_keys] Fix bug where --option was not multiple
This went against both documentation and intent.
2020-05-18 20:01:01 +02:00
Darko Poljak f9afac4dd6 ++changelog 2020-05-18 19:51:08 +02:00
poljakowski 8d639d54d0 Merge branch 'evilham-authorized_keys-man' into 'master'
[__ssh_authorizedkey{,s}] Improve documentation.

See merge request ungleich-public/cdist!877
2020-05-18 19:49:50 +02:00
poljakowski 2362d89976 Merge branch 'evilham-machine_type-explorer-simplify-linux-add-openbsd' into 'master'
[explorer/machine_type] simplify linux add openbsd

See merge request ungleich-public/cdist!876
2020-05-18 19:48:47 +02:00
poljakowski c5454afc72 Merge branch 'evilham-machine_type-explorer-freebsd' into 'master'
[explorer/machine_type] Add support for FreeBSD.

See merge request ungleich-public/cdist!875
2020-05-18 19:46:47 +02:00
poljakowski d5075b49c5 Merge branch 'fix/manpages' into 'master'
Fix some type manpages

See merge request ungleich-public/cdist!874
2020-05-18 19:45:12 +02:00
evilham 6d502f737a [__ssh_authorizedkey{,s}] Improve documentation. 2020-05-18 18:37:16 +02:00
evilham 8b790b0a54 [explorer/machine_type] Make shellcheck happy! 2020-05-18 16:47:20 +02:00
evilham cf44c4a01b [explorer/machine_type] Simplify Linux + basic OpenBSD support.
By abstracting away vendor-dependent pattern matching for the linux code, we can
re-use that and be reasonably sure about OpenBSD machines being virtualised when
we can identify the undelrying virtualisation technology.
It remains to be solved how to tell if an OpenBSD machine is physical; in that
case previous cdist behaviour ("unknown") remains.

For NetBSD something similar to OpenBSD could be done, with different sysctls:
hw.machine and hw.model wary of adding those without testing though, so for
NetBSD previous cdist behaviour ("unknown") remains.
https://netbsd.gw.com/cgi-bin/man-cgi?sysctl+7.i386+NetBSD-9.0
2020-05-18 16:35:50 +02:00
evilham 7ca2bfc14a [explorer/machine_type] Add support for FreeBSD.
More research is needed for {Net,Open}BSD support.

Indentation is left as-is for the linux code as I intend to simplify it in a
future MR, this way the diff is minimal.
2020-05-18 16:00:23 +02:00
matze 086e683c99 [__file] add "default values" in manual for group, mode and owner
Because at least the --mode default value may not be expected, the
manual lists the "default values". As they are not explicitly set in the
`__file` type, it is a bit more difficult, but should resolve to
following:
  - the mode comes from the umask set in the cdist code to protect file
    creation and uses the strongest umask possible.
  - the owner and group comes from the ssh user, which should always be
    the root user. (I think this can be swaped, too, but who will?)

At the owner and group parameter, it could be replaced with something
like "the ssh user and group", which would be more correct, but less
understandable.
2020-05-16 16:33:38 +02:00
matze dcfabf9268 [__cron] add hint for default values of time-related parameters
This should resolve some misunderstanding when leave a time-related
parameter with it's default value.
2020-05-16 14:00:02 +02:00
matze 42f2dceeb1 [__link] fix typo in the manual 2020-05-09 18:40:44 +02:00
Nico Schottelius 6f4649efc6 Reference the new cdist chat on matrix 2020-05-08 16:08:21 +02:00
Nico Schottelius d4059fd29e [__letsencrypt_cert] whitelist Ubuntu 2020-05-01 15:31:23 +02:00
Nico Schottelius f58d662b32 [__pyvenv] Switch to python3 -m venv for ubuntu 2020-05-01 15:28:01 +02:00
Darko Poljak 310045d9fb Release 6.5.5 2020-05-01 13:02:00 +02:00
Darko Poljak 250161e42d ++ 2020-04-28 23:08:03 +02:00
poljakowski 888cf54d99 Merge branch 'mute-return_output-warning' into 'master'
[logging] Mute warning on return_output=True when running scripts.

Closes #806

See merge request ungleich-public/cdist!872
2020-04-28 15:00:00 +02:00
evilham ea3bd14d8b [logging] Mute warning on return_output=True when running scripts.
This fixes #806 which contains more information about the issue.

The TL;DR: this warning is not being useful and hinders debugging types because
it creates an innecessary line for each explorer.

An alternative proposal was #807 but was abandoned in favour of just dropping
the warning.
2020-04-28 14:54:51 +02:00
Darko Poljak 515992249d ++changelog 2020-04-27 22:55:57 +02:00
poljakowski cd0c811d74 Merge branch 'evilham-explorers' into 'master'
[explorers] Improve *BSD support.

See merge request ungleich-public/cdist!869
2020-04-27 22:53:09 +02:00
poljakowski 965829e18a Merge branch 'evilham-cdist.cfg.skeleton' into 'master'
[docs] Improve cdist.cfg.skeleton

See merge request ungleich-public/cdist!868
2020-04-27 22:51:48 +02:00
nico14571 bd66b6d948 Merge branch 'update_readme' into 'master'
update README

See merge request ungleich-public/cdist!870
2020-04-27 16:48:09 +02:00
ander b31e13eacf README: add bits about cdist-contrib 2020-04-27 16:30:52 +03:00
ander 56a65518ab README: add participating section 2020-04-27 15:25:43 +03:00
ander 0b3c417aef update README 2020-04-27 15:09:40 +03:00
evilham 678df1ec8a [explorers] Improve *BSD support.
cpu_cores and memory did lacked support for other BSDs.
2020-04-27 01:29:37 +02:00
evilham fefc828780 [docs] Improve cdist.cfg.skeleton 2020-04-26 19:06:42 +02:00
70 changed files with 924 additions and 239 deletions

7
README
View File

@ -1,7 +0,0 @@
cdist
-----
cdist is a usable configuration management system.
For the web documentation have a look at https://www.cdi.st/
or at docs/src for reStructuredText manual.

31
README.md Normal file
View File

@ -0,0 +1,31 @@
# cdist
**cdist** is a usable configuration management system.
It adheres to the [**KISS principle**](https://en.wikipedia.org/wiki/KISS_principle)
and is being used in small up to enterprise grade environments.
For more information have a look at [**homepage**](https://cdi.st)
or at **``docs/src``** for manual in **reStructuredText** format.
## Contributing
Merge/Pull requests can be made in both
[upstream **GitLab**](https://code.ungleich.ch/ungleich-public/cdist/merge_requests)
(managed by [**ungleich**](https://ungleich.ch))
and [**GitHub** project](https://github.com/ungleich/cdist/pulls).
Issues can be made and other project management activites happen
[**only in GitLab**](https://code.ungleich.ch/ungleich-public/cdist)
(needs [**ungleich** account](https://account.ungleich.ch)).
For community-maintained types there is
[**cdist-contrib** project](https://code.ungleich.ch/ungleich-public/cdist-contrib).
## Participating
IRC: ``#cdist`` @ freenode
Matrix: ``#cdist:ungleich.ch``
Mattermost: https://chat.ungleich.ch/ungleich/channels/cdist

View File

@ -26,6 +26,7 @@ import hashlib
import cdist.log
import cdist.version
VERSION = cdist.version.VERSION
BANNER = """
@ -48,6 +49,9 @@ REMOTE_EXEC = "ssh -o User=root"
REMOTE_CMDS_CLEANUP_PATTERN = "ssh -o User=root -O exit -S {}"
MIN_SUPPORTED_PYTHON_VERSION = '3.5'
class Error(Exception):
"""Base exception class for this project"""
pass

View File

@ -5,6 +5,7 @@ import logging
import collections
import functools
import cdist.configuration
import cdist.log
import cdist.preos
import cdist.info
@ -125,6 +126,14 @@ def get_parsers():
'value.'),
action='count', default=None)
parser['colored_output'] = argparse.ArgumentParser(add_help=False)
parser['colored_output'].add_argument(
'--colors', metavar='WHEN',
help="Colorize cdist's output based on log level; "
"WHEN is 'always', 'never', or 'auto'.",
action='store', dest='colored_output', required=False,
choices=cdist.configuration.ColoredOutputOption.CHOICES)
parser['beta'] = argparse.ArgumentParser(add_help=False)
parser['beta'].add_argument(
'-b', '--beta',
@ -197,6 +206,13 @@ def get_parsers():
'supported. Without argument CPU count is used by default. '),
action='store', dest='jobs',
const=multiprocessing.cpu_count())
parser['config_main'].add_argument(
'--log-server',
action='store_true',
help=('Start a log server for sub processes to use. '
'This is mainly useful when running cdist nested '
'from a code-local script. Log server is alwasy '
'implicitly started for \'install\' command.'))
parser['config_main'].add_argument(
'-n', '--dry-run',
help='Do not execute code.', action='store_true')
@ -283,6 +299,7 @@ def get_parsers():
'host', nargs='*', help='Host(s) to operate on.')
parser['config'] = parser['sub'].add_parser(
'config', parents=[parser['loglevel'], parser['beta'],
parser['colored_output'],
parser['common'],
parser['config_main'],
parser['inventory_common'],
@ -301,6 +318,7 @@ def get_parsers():
parser['add-host'] = parser['invsub'].add_parser(
'add-host', parents=[parser['loglevel'], parser['beta'],
parser['colored_output'],
parser['common'],
parser['inventory_common']])
parser['add-host'].add_argument(
@ -315,6 +333,7 @@ def get_parsers():
parser['add-tag'] = parser['invsub'].add_parser(
'add-tag', parents=[parser['loglevel'], parser['beta'],
parser['colored_output'],
parser['common'],
parser['inventory_common']])
parser['add-tag'].add_argument(
@ -346,6 +365,7 @@ def get_parsers():
parser['del-host'] = parser['invsub'].add_parser(
'del-host', parents=[parser['loglevel'], parser['beta'],
parser['colored_output'],
parser['common'],
parser['inventory_common']])
parser['del-host'].add_argument(
@ -363,6 +383,7 @@ def get_parsers():
parser['del-tag'] = parser['invsub'].add_parser(
'del-tag', parents=[parser['loglevel'], parser['beta'],
parser['colored_output'],
parser['common'],
parser['inventory_common']])
parser['del-tag'].add_argument(
@ -398,6 +419,7 @@ def get_parsers():
parser['list'] = parser['invsub'].add_parser(
'list', parents=[parser['loglevel'], parser['beta'],
parser['colored_output'],
parser['common'],
parser['inventory_common']])
parser['list'].add_argument(
@ -430,7 +452,7 @@ def get_parsers():
# Shell
parser['shell'] = parser['sub'].add_parser(
'shell', parents=[parser['loglevel']])
'shell', parents=[parser['loglevel'], parser['colored_output']])
parser['shell'].add_argument(
'-s', '--shell',
help=('Select shell to use, defaults to current shell. Used shell'
@ -478,7 +500,12 @@ def handle_loglevel(args):
if hasattr(args, 'quiet') and args.quiet:
args.verbose = _verbosity_level_off
logging.root.setLevel(_verbosity_level[args.verbose])
logging.getLogger().setLevel(_verbosity_level[args.verbose])
def handle_log_colors(args):
if cdist.configuration.ColoredOutputOption.translate(args.colored_output):
cdist.log.CdistFormatter.USE_COLORS = True
def parse_and_configure(argv, singleton=True):
@ -492,6 +519,7 @@ def parse_and_configure(argv, singleton=True):
raise cdist.Error(str(e))
# Loglevels are handled globally in here
handle_loglevel(args)
handle_log_colors(args)
log = logging.getLogger("cdist")

View File

@ -32,6 +32,10 @@ case "$os" in
sysctl -n hw.ncpuonline
;;
"freebsd"|"netbsd")
sysctl -n hw.ncpu
;;
*)
if [ -r /proc/cpuinfo ]; then
cores="$(grep "core id" /proc/cpuinfo | sort | uniq | wc -l)"

View File

@ -2,6 +2,7 @@
#
# 2014 Daniel Heule (hda at sfs.biz)
# 2014 Thomas Oettli (otho at sfs.biz)
# 2020 Evilham (contact at evilham.com)
#
# This file is part of cdist.
#
@ -18,63 +19,91 @@
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# FIXME: other system types (not linux ...)
os=$("$__explorer/os")
if [ -d "/proc/vz" ] && [ ! -d "/proc/bc" ]; then
echo openvz
exit
fi
if [ -e "/proc/1/environ" ] &&
tr '\000' '\n' < "/proc/1/environ" | grep -Eiq '^container='; then
echo lxc
exit
fi
if [ -r /proc/cpuinfo ]; then
# this should only exist on virtual guest machines,
# tested on vmware, xen, kvm
if grep -q "hypervisor" /proc/cpuinfo; then
# this file is aviable in xen guest systems
if [ -r /sys/hypervisor/type ]; then
if grep -q -i "xen" /sys/hypervisor/type; then
echo virtual_by_xen
exit
vendor_string_to_machine_type() {
for vendor in vmware bochs kvm qemu virtualbox bhyve; do
if echo "${1}" | grep -q -i "${vendor}"; then
if [ "${vendor}" = "bochs" ] || [ "${vendor}" = "qemu" ]; then
vendor="kvm"
fi
else
if [ -r /sys/class/dmi/id/product_name ]; then
if grep -q -i 'vmware' /sys/class/dmi/id/product_name; then
echo "virtual_by_vmware"
exit
elif grep -q -i 'bochs' /sys/class/dmi/id/product_name; then
echo "virtual_by_kvm"
exit
elif grep -q -i 'virtualbox' /sys/class/dmi/id/product_name; then
echo "virtual_by_virtualbox"
exit
fi
fi
if [ -r /sys/class/dmi/id/sys_vendor ]; then
if grep -q -i 'qemu' /sys/class/dmi/id/sys_vendor; then
echo "virtual_by_kvm"
exit
fi
fi
if [ -r /sys/class/dmi/id/chassis_vendor ]; then
if grep -q -i 'qemu' /sys/class/dmi/id/chassis_vendor; then
echo "virtual_by_kvm"
exit
fi
fi
echo "virtual_by_${vendor}"
exit
fi
echo "virtual_by_unknown"
else
echo "physical"
fi
else
echo "unknown"
fi
done
}
case "$os" in
"freebsd")
# FreeBSD does not have /proc/cpuinfo even when procfs is used.
# Instead there is a sysctl kern.vm_guest.
# Which is 'none' if physical, else the virtualisation.
vm_guest="$(sysctl -n kern.vm_guest 2>/dev/null || true)"
if [ -n "${vm_guest}" ]; then
if [ "${vm_guest}" = "none" ]; then
echo "physical"
exit
fi
echo "virtual_by_${vm_guest}"
exit
fi
;;
"openbsd")
# OpenBSD can also use the sysctl's: hw.vendor or hw.product.
# Note we can be reasonably sure about a machine being virtualised
# as long as we can identify the virtualisation technology.
# But not so much about it being physical...
# Patches are welcome / reach out if you have better ideas.
for sysctl in hw.vendor hw.product; do
# This exits if we can make a reasonable judgement
vendor_string_to_machine_type "$(sysctl -n "${sysctl}")"
done
;;
*)
# Defaulting to linux for compatibility with previous cdist behaviour
if [ -d "/proc/vz" ] && [ ! -d "/proc/bc" ]; then
echo openvz
exit
fi
if [ -e "/proc/1/environ" ] &&
tr '\000' '\n' < "/proc/1/environ" | grep -Eiq '^container='; then
echo lxc
exit
fi
if [ -r /proc/cpuinfo ]; then
# this should only exist on virtual guest machines,
# tested on vmware, xen, kvm, bhyve
if grep -q "hypervisor" /proc/cpuinfo; then
# this file is aviable in xen guest systems
if [ -r /sys/hypervisor/type ]; then
if grep -q -i "xen" /sys/hypervisor/type; then
echo virtual_by_xen
exit
fi
else
for vendor_file in /sys/class/dmi/id/product_name \
/sys/class/dmi/id/sys_vendor \
/sys/class/dmi/id/chasis_vendor; do
if [ -r ${vendor_file} ]; then
# This exits if we can make a reasonable judgement
vendor_string_to_machine_type "$(cat "${vendor_file}")"
fi
done
fi
echo "virtual_by_unknown"
exit
else
echo "physical"
exit
fi
fi
;;
esac
echo "unknown"

View File

@ -29,7 +29,7 @@ case "$os" in
echo "$(sysctl -n hw.memsize)/1024" | bc
;;
"openbsd")
*"bsd")
echo "$(sysctl -n hw.physmem) / 1048576" | bc
;;

View File

@ -143,6 +143,11 @@ case "$uname_s" in
esac
if [ -f /etc/os-release ]; then
# after sles15, suse don't provide an /etc/SuSE-release anymore, but there is almost no difference between sles and opensuse leap, so call it suse
if grep -q ^ID_LIKE=\"suse\" /etc/os-release 2>/dev/null; then
echo suse
exit 0
fi
# already lowercase, according to:
# https://www.freedesktop.org/software/systemd/man/os-release.html
awk -F= '/^ID=/ { if ($2 ~ /^'"'"'(.*)'"'"'$/ || $2 ~ /^"(.*)"$/) { print substr($2, 2, length($2) - 2) } else { print $2 } }' /etc/os-release

View File

@ -18,7 +18,12 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
path="/$__object_id"
if [ -f "$__object/parameter/path" ]
then
path="$( cat "$__object/parameter/path" )"
else
path="/$__object_id"
fi
[ ! -d "$path" ] && exit 0

View File

@ -20,7 +20,12 @@
[ ! -s "$__object/explorer/list" ] && exit 0
path="/$__object_id"
if [ -f "$__object/parameter/path" ]
then
path="$( cat "$__object/parameter/path" )"
else
path="/$__object_id"
fi
pattern="$( cat "$__object/parameter/pattern" )"

View File

@ -10,7 +10,7 @@ DESCRIPTION
-----------
Remove files and directories which match the pattern.
Provided path (as __object_id) must be a directory.
Provided path must be a directory.
Patterns are passed to ``find``'s ``-regex`` - see ``find(1)`` for more details.
@ -29,6 +29,9 @@ pattern
OPTIONAL PARAMETERS
-------------------
path
Path which will be cleaned. Defaults to ``$__object_id``.
exclude
Pattern of files which are excluded from removal.
@ -46,6 +49,11 @@ EXAMPLES
--exclude '.+\(charset\.conf\|security\.conf\)' \
--onchange 'service apache2 restart'
__clean_path apache2-conf-enabled \
--path /etc/apache2/conf-enabled \
--pattern '.+' \
--exclude '.+\(charset\.conf\|security\.conf\)' \
--onchange 'service apache2 restart'
AUTHORS
-------

View File

@ -1,2 +1,3 @@
exclude
onchange
path

View File

@ -21,6 +21,11 @@ command
OPTIONAL PARAMETERS
-------------------
**NOTE**: All time-related parameters (``--minute``, ``--hour``, ``--day_of_month``
``--month`` and ``--day_of_week``) defaults to ``*``, which means to execute it
**always**. If you set ``--hour 0`` to execute the cronjob only at midnight, it
will execute **every** minute in the first hour of the morning all days.
state
Either present or absent. Defaults to present.
minute

View File

@ -0,0 +1,20 @@
#!/bin/sh -e
dst="/$__object_id"
# shellcheck disable=SC2059
cmd="$( printf "$( cat "$__object/parameter/cmd-sum" )" "$dst" )"
sum="$( cat "$__object/parameter/sum" )"
if [ -f "$dst" ]
then
if [ "$( eval "$cmd" )" = "$sum" ]
then
echo 'present'
else
echo 'mismatch'
fi
else
echo 'absent'
fi

View File

@ -0,0 +1,35 @@
#!/bin/sh -e
state_is="$( cat "$__object/explorer/state" )"
if [ "$state_is" = 'present' ]
then
exit 0
fi
url="$( cat "$__object/parameter/url" )"
cmd="$( cat "$__object/parameter/cmd-get" )"
tmp="$( mktemp )"
dst="/$__object_id"
printf "$cmd > %s\n" \
"$url" \
"$tmp"
if echo "$__target_host" | grep -Eq '^[0-9a-fA-F:]+$'
then
target_host="[$__target_host]"
else
target_host="$__target_host"
fi
printf '%s %s %s:%s\n' \
"$__remote_copy" \
"$tmp" \
"$target_host" \
"$dst"
echo "rm -f '$tmp'"

View File

@ -0,0 +1,66 @@
cdist-type__download(7)
=======================
NAME
----
cdist-type__download - Download file to local storage and copy it to target host
DESCRIPTION
-----------
You must use persistent storage in target host for destination file
(``$__object_id``) because it will be used for checksum calculation
in order to decide if file must be downloaded.
REQUIRED PARAMETERS
-------------------
url
URL from which to download the file.
sum
Checksum of downloaded file.
OPTIONAL PARAMETERS
-------------------
cmd-get
Command used for downloading.
Default is ``wget -O- '%s'``.
Command must output to ``stdout``.
cmd-sum
Command used for checksum calculation.
Default is ``md5sum '%s' | awk '{print $1}'``.
Command output and ``--sum`` parameter must match.
EXAMPLES
--------
.. code-block:: sh
__directory /opt/cpma
require='__directory/opt/cpma' \
__download /opt/cpma/cnq3.zip \
--url https://cdn.playmorepromode.com/files/cnq3/cnq3-1.51.zip \
--sum 46da3021ca9eace277115ec9106c5b46
require='__download/opt/cpma/cnq3.zip' \
__unpack /opt/cpma/cnq3.zip \
--move-existing-destination \
--destination /opt/cpma/server
AUTHORS
-------
Ander Punnar <ander-at-kvlt-dot-ee>
COPYING
-------
Copyright \(C) 2020 Ander Punnar. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View File

@ -0,0 +1 @@
wget -O- '%s'

View File

@ -0,0 +1 @@
md5sum '%s' | awk '{print $1}'

View File

@ -0,0 +1,2 @@
cmd-get
cmd-sum

View File

@ -0,0 +1,2 @@
url
sum

View File

@ -50,13 +50,13 @@ state
create or modify it
group
Group to chgrp to.
Group to chgrp to. Defaults to ``root``.
mode
Unix permissions, suitable for chmod.
Unix permissions, suitable for chmod. Defaults to a very secure ``0600``.
owner
User to chown to.
User to chown to. Defaults to ``root``.
source
If supplied, copy this file from the host running cdist to the target.

View File

@ -0,0 +1,21 @@
#!/bin/sh -e
destination="/$__object_id"
state_should="$(cat "$__object/parameter/state")"
owner="$(cat "$__object/parameter/owner")"
# If the user did not provide an owner, cdist defaults to root.
git_user="${owner:-root}"
# Only do something if we are not removing the repo and it is not the first run
if [ "$state_should" = "present" ] && [ -d "$destination/.git" ]; then
# Whenever possible run git as non-root, see history of CVEs.
branch="$(su -m "$git_user" -c "git -C '$destination' rev-parse --abbrev-ref HEAD")"
if [ "$branch" != "HEAD" ]; then
echo "$branch"
else
# We are using tags
su -m "$git_user" -c "git -C '$destination' describe --always --tags --abbrev=0"
fi
fi

4
cdist/conf/type/__git/explorer/group Normal file → Executable file
View File

@ -2,4 +2,6 @@
destination="/$__object_id/.git"
stat --print "%G" "${destination}" 2>/dev/null || exit 0
# See: cdist/conf/type/__file/explorer/stat
# shellcheck disable=SC2012
ls -ld "$destination" | awk '{ print $4 }'

View File

@ -0,0 +1,30 @@
#!/bin/sh -e
if [ -f "$__object/parameter/no-updates" ]; then
# User requested explicitly not to have updates
exit
fi
destination="/$__object_id"
state_should="$(cat "$__object/parameter/state")"
branch_should="$(cat "$__object/parameter/branch")"
owner="$(cat "$__object/parameter/owner")"
# If the user did not provide an owner, cdist defaults to root.
git_user="${owner:-root}"
# Only do something if we are not removing the repo and it is not the first run
if [ "$state_should" = "present" ] && [ -d "$destination/.git" ]; then
# First fetch the remote
# Whenever possible run git as non-root, see history of CVEs.
su -m "$git_user" -c "git -C '$destination' fetch --quiet"
head="$(su -m "$git_user" -c "git -C '$destination' rev-parse HEAD")"
# Try first to get the latest commit in the remote current branch,
# if it fails try to get the commit for the expected tag name
upstream="$(su -m "$git_user" -c "git -C '$destination' rev-parse '@{u}'" 2>/dev/null ||
su -m "$git_user" -c "git -C '$destination' rev-parse '${branch_should}^{}'")"
if [ "${head}" != "$upstream" ]; then
echo "YES"
fi
fi

4
cdist/conf/type/__git/explorer/owner Normal file → Executable file
View File

@ -2,4 +2,6 @@
destination="/$__object_id/.git"
stat --print "%U" "${destination}" 2>/dev/null || exit 0
# See: cdist/conf/type/__file/explorer/stat
# shellcheck disable=SC2012
ls -ld "$destination" | awk '{ print $3 }'

View File

@ -19,13 +19,19 @@
#
#
branch_is=$(cat "$__object/explorer/branch")
state_is=$(cat "$__object/explorer/state")
owner_is=$(cat "$__object/explorer/owner")
group_is=$(cat "$__object/explorer/group")
needs_update=$(cat "$__object/explorer/needs-update")
if [ -f "$__object/parameter/no-updates" ]; then
no_updates="YES"
fi
state_should=$(cat "$__object/parameter/state")
branch=$(cat "$__object/parameter/branch")
branch_should=$(cat "$__object/parameter/branch")
source=$(cat "$__object/parameter/source")
@ -38,27 +44,70 @@ mode=$(cat "$__object/parameter/mode")
[ -f "$__object/parameter/recursive" ] && recursive='--recurse-submodules' || recursive=''
[ -f "$__object/parameter/shallow" ] && shallow='--depth 1 --shallow-submodules' || shallow=''
if { [ -n "$owner" ] && [ "$owner_is" != "$owner" ]; } || \
{ [ -n "$group" ] && [ "$group_is" != "$group" ]; }; then
needs_chown="YES"
fi
[ "$state_should" = "$state_is" ] \
&& [ "$owner" = "$owner_is" ] \
&& [ "$group" = "$group_is" ] \
&& [ -z "$needs_chown" ] \
&& [ -n "$mode" ] && exit 0
# Whenever possible run git as non-root, see history of CVEs.
if [ -n "$owner" ]; then
git_user="$owner"
else
git_user="root"
fi
case $state_should in
present)
if [ "$state_should" != "$state_is" ]; then
echo git clone --quiet "$recursive" "$shallow" --branch "$branch" "$source" "$destination"
if [ "$git_user" != "root" ]; then
# If we execute git as non-root, it is not obvious that we'll be able
# to create the output directory, so we have to ensure that.
cat << EOF
if [ ! -d '$destination' ]; then
mkdir '$destination'
fi
chown '${owner}:${group}' '$destination'
EOF
fi
# Actually clone the repository
echo "su -m '$git_user' -c \"git clone --quiet $recursive $shallow --branch '$branch_should' '$source' '$destination'\""
echo create >> "$__messages_out"
repo_changed="YES"
elif [ "$branch_should" != "$branch_is" ]; then
# User has changed tag / branch, let's update that
echo "su -m '$git_user' -c \"git checkout --quiet '$branch_should'\""
echo "change $branch_is -> $branch_should" >> "$__messages_out"
repo_changed="YES"
elif [ -z "$no_updates" ] && [ -n "$needs_update" ]; then
# The remote has newer information than our repository.
# Fetch was done in the explorer, here we can just pull
echo "su -m '$git_user' -c \"git -C '$destination' pull --quiet\""
echo update >> "$__messages_out"
repo_changed="YES"
fi
if { [ -n "$owner" ] && [ "$owner_is" != "$owner" ]; } || \
{ [ -n "$group" ] && [ "$group_is" != "$group" ]; }; then
if [ -n "$needs_chown" ]; then
echo chown -R "${owner}:${group}" "$destination"
echo "chown -R '${owner}:${group}'" >> "$__messages_out"
repo_changed="YES"
fi
if [ -f "$__object/parameter/mode-recursive" ]; then
mode_recursive="-R"
fi
if [ -n "$mode" ]; then
echo chmod -R "$mode" "$destination"
echo chmod "${mode_recursive}" "$mode" "$destination"
fi
;;
absent)
# Handled in manifest
# Handled in manifest, except for the change triggers
if [ "$state_should" != "$state_is" ]; then
echo remove >> "$__messages_out"
repo_changed="YES"
fi
;;
*)
@ -66,3 +115,7 @@ case $state_should in
exit 1
;;
esac
if [ -n "$repo_changed" ]; then
cat "$__object/parameter/onchange"
fi

View File

@ -3,12 +3,13 @@ cdist-type__git(7)
NAME
----
cdist-type__git - Get and or keep git repositories up-to-date
cdist-type__git - Get and keep git repositories up-to-date
DESCRIPTION
-----------
This cdist type allows you to clone git repositories
This cdist type allows you to clone git repositories, track specific branches
or tags and keep up to date at your own pace.
REQUIRED PARAMETERS
@ -23,7 +24,7 @@ state
Either "present" or "absent", defaults to "present"
branch
Create this branch by checking out the remote branch of this name
Check out this branch or tag to the target directory.
Default branch is "master"
group
@ -31,16 +32,45 @@ group
mode
Unix permissions, suitable for chmod.
By default it only applies to the top-level directory.
See the mode-recursive parameter as well.
onchange
The code to run if the repository is first-cloned, changes or is removed.
owner
User to chown to.
BOOLEAN PARAMETERS
------------------
mode-recursive
If present and --mode is passed, the given permissions will be applied
recursively to the working directory.
no-updates
If present the repository will not be updated after first check out.
Notice that this does not affect behaviour if you change the target
tag / branch, in which case the type will still ensure the specified one
is checked out.
recursive
Passes the --recurse-submodules flag to git when cloning the repository.
shallow
Sets --depth=1 and --shallow-submodules for cloning repositories with big history.
MESSAGES
--------
change <old_branch> -> <new_branch>
The directory tracks old_branch but should track new_branch, it will be changed
chown -R <owner>:<group>
Changed ownership
create
Freshly created the directory with the repository clone
remove
The directory with the repository exists, but state is absent, it will be removed
update
The repository tracks a branch that has been updated on the remote
EXAMPLES
--------
@ -52,15 +82,21 @@ EXAMPLES
# Checkout cdist, stay on branch 2.1
__git /home/nico/cdist --source git@code.ungleich.ch:ungleich-public/cdist.git --branch 2.1
# If at a later stage you decide to keep up with the development version,
# cdist will change the branch and keep you up to date with:
__git /home/nico/cdist --source git@code.ungleich.ch:ungleich-public/cdist.git --branch master
AUTHORS
-------
Nico Schottelius <nico-cdist--@--schottelius.org>
Evilham <cvs--@--evilham.com>
COPYING
-------
Copyright \(C) 2012 Nico Schottelius. You can redistribute it
Copyright \(C) 2012 Nico Schottelius. 2020 Evilham.
You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View File

@ -32,6 +32,7 @@ mode="$(cat "$__object/parameter/mode")"
case "$state_should" in
present)
# Handled in gencode-remote
:
;;

View File

@ -1,2 +1,4 @@
mode-recursive
no-updates
recursive
shallow

View File

@ -1,5 +1,6 @@
state
branch
group
onchange
owner
mode

View File

@ -88,7 +88,7 @@ if [ "$state" = "present" ]; then
fi
done
if [ "$os" = "freebsd" ]; then
echo pw groupadd "$@" "$name"
echo pw groupadd "$name" "$@"
else
echo groupadd "$@" "$name"
fi

View File

@ -91,6 +91,9 @@ if [ -z "${certbot_fullpath}" ]; then
certbot_fullpath=/usr/local/bin/certbot
;;
ubuntu)
__package certbot
;;
*)
echo "Unsupported os: $os" >&2
exit 1

View File

@ -18,7 +18,7 @@ source
Specifies the link source.
type
Specifies the link type: Either hard or symoblic.
Specifies the link type: Either hard or symbolic.
OPTIONAL PARAMETERS

View File

@ -22,13 +22,6 @@
os=$(cat "$__global/explorer/os")
case "$os" in
debian|ubuntu|devuan)
# Debian and Ubuntu need to be updated,
# as seen in /etc/init.d/bootlogs
echo "uname -snrvm > /var/run/motd"
echo "cat /etc/motd.tail >> /var/run/motd"
;;
freebsd)
# FreeBSD only updates /etc/motd on boot,
# as seen in /etc/rc.d/motd

View File

@ -33,10 +33,6 @@ os=$(cat "$__global/explorer/os")
case "$os" in
debian|ubuntu|devuan)
# Debian-based systems use /etc/motd.tail as a template
destination=/etc/motd.tail
;;
freebsd)
# FreeBSD uses motd.template to prepend system information on boot
# (this actually only applies starting with version 13,

View File

@ -1,6 +1,7 @@
#!/bin/sh -e
#
# 2016 Darko Poljak (darko.poljak at gmail.com)
# 2020 Nico Schotetlius (nico.schottelius at ungleich.ch)
#
# This file is part of cdist.
#
@ -45,7 +46,7 @@ then
pyvenv=$(cat "$pyvenvparam")
else
case "$os" in
alpine) # no pyvenv on alpine - I assume others will follow
alpine|ubuntu) # no pyvenv on alpine - I assume others will follow
pyvenv="python3 -m venv"