Dennis Camera
e47c4dd8a4
[type/__sshd_config] Whitelist OpenBMC in manifest
2021-03-11 14:17:44 +01:00
Dennis Camera
fb19f34266
[type/__ssh_authorized_key] Only grep if file exists
2021-03-09 21:15:26 +01:00
1bc0d912bf
Merge branch 'fix/type/__pyvenv/man-typo' into 'master'
...
__pyvenv: Fix user example
See merge request ungleich-public/cdist!978
2021-03-02 09:28:50 +01:00
Dennis Camera
8ef19d47f6
[type/__pyvenv] Fix example (--user -> --owner)
2021-03-01 17:59:45 +01:00
dc66efa690
Fix shellcheck issues
2021-02-23 11:59:09 +00:00
1a74470c4d
__apt_pin: Always use $__object_id as preferences.d filename
2021-02-23 09:43:02 +00:00
0734288483
First draft of __apt_pin
2021-02-23 09:43:02 +00:00
6358885d26
Merge branch 'feature/__package_pip/extras' into 'master'
...
__package_pip: add optional (extra) dependencies
See merge request ungleich-public/cdist!975
2021-02-23 06:27:09 +01:00
b3a9c907ad
Merge branch '__letsencrypt_cert-fix-hooks' into 'master'
...
[__letsencrypt_cert] Fix various issues with hooks.
Closes #853
See merge request ungleich-public/cdist!977
2021-02-22 09:09:45 +01:00
e854db096e
Merge branch 'fix/type/__postgres_role/implement-alter' into 'master'
...
__postgres_role: implement modification of roles
See merge request ungleich-public/cdist!973
2021-02-22 08:58:58 +01:00
d1f45d3524
__package_pip: corrected typo in man
...
.. by fully replacing it with a smaller sentence.
2021-02-19 09:03:56 +01:00
Dennis Camera
0835f414a5
[type/__postgres_conf] Extract PostgreSQL service user detection to separate explorer
2021-02-16 16:03:23 +01:00
2ce1fce767
__package_pip: match package names case insensitive
...
Pip matches them insensitive, so we need to do the same to avoid
problems by saying extras are not installed but already is there in
place.
2021-02-15 16:17:46 +01:00
951712740f
__package_pip: update man.rst
...
Adjusted comments for `explorer/extras` and updated the man page for the
new behaviour of updating the extras.
2021-02-12 13:42:51 +01:00
a9d7dfb2ed
__package_pip: split extra 'all' to a list of all extras
...
This will fix if a package will be upgraded from some extras to all
extras. Previously, it will not work because some dependencies of 'all'
are already installed, so the feature 'all' is already installed.
Now, it will use a list of all extras to iterate over them separatly. This
will result it will never install all extras via `[all]`, but rather
`[foo,bar]`.
2021-02-12 09:17:02 +01:00
7398382890
__package_pip: fix shellcheck
...
Useless `cat $file`, use `< $file` instead.
2021-02-11 23:12:10 +01:00
2db0ef7c98
__package_pip: updating real detection of extras
...
As the previous detection took the wrong values, this explorer now
checks if packages for an extra are installed or not. If not, the extra
is not installed.
Based on the information of the explorer, it will install the package
again with the absent extras.
2021-02-11 22:53:26 +01:00
8dc6ab9738
__package_pip: install not found extras
...
Compares the explorer against the parameters and install those extras
that are not already installed.
2021-02-11 13:49:53 +01:00
4717e5ceff
__package_pip: add extras explorer
...
The two new explorers detect all installed extras for this package.
2021-02-11 10:31:07 +01:00
aa80c09c80
[__letsencrypt_cert] Move hook contents generation out of manifest
...
While there address some minor issues in the comments in the hook contents.
2021-02-10 10:10:21 +01:00
b832af5e3b
[__letsencrypt_cert] Don't mess with user script indentation
...
This could break in odd ways if they passed sth like:
cat <<eof
bla bla
eof
2021-02-09 20:53:58 +01:00
e49da474c4
[__letsencrypt_cert] Remove problematic trailing slash in sed.
...
Happy fingers are happy and like adding slashes places.
2021-02-09 20:29:17 +01:00
bc145bbc27
[__letsencrypt_cert] Fix various issues with hooks.
...
Closes #853 , see issue for full description / discussion.
Short summary:
- There was about 6.53% chances of `--renewal-hook` not being applied
- Using --automatic-renewal in one cert and not in another was an error.
- It was not possible to use different hooks for different certificates.
- FreeBSD support was utterly broken.
2021-02-09 19:58:47 +01:00
cda17be38a
[explorer/memory] Clean up, return kiB for all systems, add SunOS
...
BSDs were MiB before.
2021-02-08 08:27:03 +01:00
73a03d75d7
__package_pip: fix shellcheck
2021-02-04 19:18:02 +01:00
8eccacec59
__package_pip: add optional dependencies
...
This is a poor implementation of optional dependencies for pip packages.
It ensures to install them if the package will be installed, but does
not take into account if they must be added/removed after the package is
already installed. Also, it will not be autoremoved, as all dependencies
will not be removed.
2021-02-04 19:09:26 +01:00
Dennis Camera
6b18cace75
[type/__postgres_conf] Catch connection errors early
2021-01-26 14:01:44 +01:00
Dennis Camera
f9ebb4333c
[type/__postgres_conf] Add NetBSD PostgreSQL UNIX user
2021-01-26 14:01:44 +01:00
Dennis Camera
4967c7ebbb
[type/__postgres_conf] Silence psql output
2021-01-26 14:01:44 +01:00
Dennis Camera
3f605c31ac
[type/__postgres_conf] Add support for more init systems to restart service
2021-01-26 14:01:44 +01:00
Dennis Camera
0f2ff47738
[type/__postgres_conf] Restart PostgreSQL server based on pending_restart column of pg_settings
2021-01-26 14:01:44 +01:00
Dennis Camera
5051d4f40b
[type/__postgres_conf] Catch invalid values
2021-01-26 14:01:44 +01:00
Dennis Camera
891c98567e
[type/__postgres_conf] Compare configuration parameter names case insensitively
2021-01-26 14:01:44 +01:00
Dennis Camera
803367b316
[type/__postgres_conf] Fix default detection when default is also set in config file
...
e.g. port is usually also set to the default value in postgresql.conf
2021-01-26 14:01:44 +01:00
Dennis Camera
1b49fec972
[type/__postgres_conf] Refactor
2021-01-26 14:01:43 +01:00
Beni Ruef
b4060720dc
[type/__postgres_conf] Fix psql options for ALTER command
2021-01-26 14:01:43 +01:00
Beni Ruef
50bcd95105
[type/__postgres_conf] Remove faulty quotes
2021-01-26 14:01:43 +01:00
Beni Ruef
534d5f6bb5
[type/__postgres_conf] Fix errors found by ShellCheck
2021-01-26 14:01:43 +01:00
Beni Ruef
c51d68a737
[type/__postgres_conf] New type based on ALTER SYSTEM command
2021-01-26 14:01:43 +01:00
Dennis Camera
35cde3e666
[type/__postgres_role] Fix state explorer when stored password is empty
2021-01-18 13:09:29 +01:00
Dennis Camera
2954347771
[type/__postgres_role] Add note regarding empty passwords
2021-01-14 13:46:40 +01:00
Dennis Camera
bd8ab8f26f
[type/__sshd_config] Document "bug" in state explorer
2021-01-05 17:02:42 +01:00
Dennis Camera
8753b7eedf
[type/__sshd_config] Make AuthenticationMethods and AuthorizedKeysFile singleton options
...
They were incorrectly treated as non-singleton options before.
cf. https://github.com/openssh/openssh-portable/blob/V_8_4/servconf.c#L2273
and https://github.com/openssh/openssh-portable/blob/V_8_4/servconf.c#L1899 resp.
2021-01-05 16:59:04 +01:00
Dennis Camera
766198912d
[type/__sshd_config] Produce error if invalid config file is generated
...
Previously, cdist would silently swallow the error (no invalid config file was
generated).
Reason: `set -e` does not exit if a command in a sub-command group fails,
it merely returns with a non-zero exit status.
e.g. the following snippet does not abort the script if sshd -t returns with a
non-zero exit status:
set -e
cmp -s old new || {
# check config file and update it
sshd -t -f new \
&& cat new >old
}
or compressed:
set -e
false || { false && true; }
echo $?
# prints 1
2021-01-05 15:50:21 +01:00
Mark Verboom
8dc2c4207c
Added optional dirmode parameter to set the mode of (optional) the directory.
2020-12-18 11:16:28 +01:00
Dennis Camera
99d82fd0d5
[type/__postgres_role] Always set psql -q
2020-12-17 17:05:58 +01:00
Dennis Camera
1180f13ed6
[type/__postgres_role] Fix setting password
...
We need to make sure that the password does not end up in ~/.psql_history.
2020-12-17 17:03:58 +01:00
Dennis Camera
4859c27900
[type/__postgres_role] Refactor gencode-remote
2020-12-17 16:57:43 +01:00
Dennis Camera
7b7ca4d385
[type/__postgres_role] Handle password changes
2020-12-16 19:07:05 +01:00
Dennis Camera
c36df82882
[type/__postgres_role] ALTER ROLE when parameters change
2020-12-15 21:11:48 +01:00
Dennis Camera
932e2496ed
[type/__postgres_role] Lint
2020-12-15 18:40:39 +01:00
f87da8150c
Merge branch 'type/__debian_backports' into 'master'
...
__apt_backports type
See merge request ungleich-public/cdist!964
2020-12-13 16:03:31 +01:00
27aca06fb8
__apt_backports: undo __apt_update_index call
...
Becuase it is already done by __apt_source.
2020-12-12 17:34:51 +01:00
fca35fc858
__apt_backports: fix explorer call
...
s/-/_/ because the explorers are following an other convention :-)
2020-12-12 17:29:58 +01:00
645734c629
[explorer/os_version] Improve FreeBSD support.
...
It looks like uname -r is not the most reliable way to get the target patch
level for the target system.
For more information see:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251743
2020-12-12 12:15:17 +01:00
fafa3d9ea5
__apt_backports: update index if required
...
This type now automatically calls the type __apt_update_index to update
the package index if something changed.
2020-12-12 10:00:23 +01:00
49aec0b5e4
__apt_backports: list supported OSes
...
The manpage now lists all OSes where this type supports backports.
2020-12-12 09:40:47 +01:00
c4d19a2319
__debian_backports -> __apt_backports; add wider os support
...
As discussed in the chat, this type now supports a broader list of OSes
which it supports backports for. Because of this, it was renamed to
something more generic. "apt" should fit in.
2020-12-12 09:36:17 +01:00
0d96b31b56
__debian_backports: pass shellcheck for sourced file
...
Because the sourced explorer can't be detected by shellcheck, it will be
completely disabled. Changing the path to /etc/os-release isn't
deterministic either.
The shellcheck wiki page suggests to use `source=/dev/null` instead of
`disable=SC1090`, but it was choosen to completely avoid that check ..
2020-12-11 18:13:44 +01:00
a5169ad858
new type __debian_backports
...
This new type will setup the backports distribution for the current
Debian release.
2020-12-10 21:24:26 +01:00
0546d6e476
Merge branch 'fix/__block/escape' into 'master'
...
__block: fix escaping in here-doc
Closes #838
See merge request ungleich-public/cdist!962
2020-12-08 19:36:45 +01:00
a1987fe410
Merge branch 'feature/__iptables_rule/ipv6' into 'master'
...
__iptables*: add IPv6 support
See merge request ungleich-public/cdist!959
2020-12-08 07:10:29 +01:00
c5ca4cd2e1
__block: securly quote via the quote function
...
Because the function already exists, it will be used for the file to be
changed, too. Therefor, no quotes are required for that value.
The prefix and suffix match was also improved: There is no regex check
any more (the regex did checked the whole line); instead it will do it
simple.
2020-12-07 19:59:05 +01:00
3930f69456
__block: fix escaping in here-doc
...
This changes the here-document to do not interpret any shell-things. It
also single-quotes some more strings that are printed to code-remote.
Fixes #838
2020-12-06 16:45:58 +01:00
087be130fa
__iptables_apply: shorten copyright header
...
Do we need all the copyright header or is this sufficient? The licence
is given for cdist, but not on the target host. But it should be clear
anyway.
2020-12-04 19:23:49 +01:00
Dennis Camera
2d19856840
[type/__package_pkgng_freebsd] Set ASSUME_ALWAYS_YES instead of -y
2020-12-04 18:26:03 +01:00
ba7d16a155
__iptables_*: correct manpage spelling
2020-12-04 17:57:55 +01:00
a1db5c3d0e
__iptables*: Update manpages for execution order
...
To make some thinks clear if someone needs it ..
2020-12-02 18:22:31 +01:00
bee255c1ae
__iptables_apply: man updates
2020-12-02 18:04:50 +01:00
f568462e49
__iptables_rule: fix shellcheck SC2235
2020-12-02 17:48:41 +01:00
84172550df
__iptables*: add IPv6 support
...
Because it currently only support IPv4. To implement this, it falls back
to IPv4 for backward compatibilty, but now supports rules for IPv6 and
both protocols at the same time.
2020-11-30 20:35:19 +01:00
a234445e85
Merge branch 'feature/type/__localedef' into 'master'
...
__localedef: Add new type to replace __locale
See merge request ungleich-public/cdist!951
2020-11-20 19:42:52 +01:00
58b28d2d75
Merge branch 'feature/type/__sshd_config' into 'master'
...
__sshd config: New type
See merge request ungleich-public/cdist!958
2020-11-19 19:33:49 +01:00
9d4f69250e
__sshd config: New type
2020-11-19 19:33:47 +01:00
6c539d67af
Merge branch 'fix/type/__hostname/fix-os-version-detection' into 'master'
...
__hostname: fix guessing of SuSE OS version
See merge request ungleich-public/cdist!953
2020-11-19 19:31:53 +01:00
Dennis Camera
87faffd875
[type/__localdef] Also check for aliases in state explorer
2020-11-14 11:45:31 +01:00
Dennis Camera
eeb9871919
[type/__localedef] glibc: Also delete aliases when removing a locale
2020-11-14 11:45:31 +01:00
Dennis Camera
575bb62dc5
[type/__localedef] Externalise functions to separate files
2020-11-14 11:45:31 +01:00
Dennis Camera
c1c60e3374
[type/__localedef] Blacklist OpenBSD and NetBSD
2020-11-14 11:45:31 +01:00
Dennis Camera
dcef2c19f5
[type/__localedef] Add support for FreeBSD
2020-11-14 11:45:31 +01:00
Dennis Camera
f44888f192
[type/__localedef] Only install dependencies in manifest. OS checking moved to gencode-remote
2020-11-14 11:45:31 +01:00
Dennis Camera
cc29e54b85
[type/__localedef] Differentiate between OSes and better handling of normalized locale names
2020-11-14 11:45:31 +01:00
Dennis Camera
54e689f7c2
[type/__localedef] Add state explorer
2020-11-14 10:48:18 +01:00
Dennis Camera
f75d477209
Deprecate __locale and replace with __localedef
2020-11-14 10:48:18 +01:00
105797ccb4
Merge branch 'feature/type/__hwclock' into 'master'
...
__hwclock: New type
See merge request ungleich-public/cdist!956
2020-11-13 06:35:58 +01:00
Dennis Camera
ebf471e8d0
[type/__hwclock] Add new type
2020-11-13 02:32:45 +01:00
Dennis Camera
87a0d91587
[type/__hostname] Fix OS version detection for SuSE
...
everything should be suse now…
2020-11-11 14:21:35 +01:00
Dennis Camera
702f3eba4f
[type/__hostname] Remove opensuse-leap OS string
...
everything should be suse now…
2020-11-11 14:21:35 +01:00
Dennis Camera
3e48ef9e11
[type/__hostname] Lint
...
- Error if expected environment variables are unset
- Always wrap variable expansions in {}
2020-11-11 14:21:35 +01:00
a95eab77a5
__locale: add state explorer
...
.. so it doesn't execute code all the time.
2020-11-08 15:28:14 +01:00
fe8920740f
Merge branch 'feature/__package_apt/recommends' into 'master'
...
__package_apt: add --install-recommends parameter
See merge request ungleich-public/cdist!949
2020-11-08 13:26:39 +01:00
729fdb9c1a
Merge branch 'type/__dpkg_architecture' into 'master'
...
New type __dpkg_architecture
See merge request ungleich-public/cdist!948
2020-11-08 13:24:58 +01:00
1b3e1acd22
Merge branch 'feature/type/__hostname/openwrt-support' into 'master'
...
__hostname: Add support for OpenWrt
See merge request ungleich-public/cdist!947
2020-11-08 13:23:36 +01:00
77397514ca
Merge branch 'fix/type/__file/pre-exists' into 'master'
...
__file: Fix --state pre-exists (this time for real)
See merge request ungleich-public/cdist!946
2020-11-08 13:22:06 +01:00
9fc6ee0948
__package_apt: add --install-recommends parameter
...
For a good reason, __package_apt doesn't install recommended packages as
default. But the option --install-recommends comes handy if you want to
install a package where you want to install all recommended packages
(and not to install all of them separately).
Also, the manpage now explains that the type won't install recommended
packages by default.
2020-11-08 13:19:46 +01:00
91bcc2a293
__dpkg_architecture: make type nonparallel
...
I think it's not good that dpkg or apt is running in parallel.
2020-11-07 21:03:38 +01:00
7777580d8f
__dpkg_architecture: add copyright headers
2020-11-07 20:56:17 +01:00
b0f3bb3350
New type __dpkg_architecture
...
This type handles foreign architectures added to dpkg.
2020-11-07 18:24:27 +01:00
Dennis Camera
10abe514b8
[type/__hostname] Add support for OpenWrt
2020-11-07 12:20:16 +01:00
Darko Poljak
0f1df5ef68
Fix shellcheck source directives
2020-11-07 12:07:58 +01:00
