instead of calling the copy command once per file in a directory (eg a
type explorer dir), call the copy command only once with all files of
the directory.
batch copy saves 20% of dry-run time on my test manifest in sequential
mode, and 15% in parallel mode.
Remote::transfer contains a call to mkdir(destination) if the source is
a directory. since the destination must also be a directory we can omit
extra mkdir calls in Explorer.
this saves about 10% on my manifests in sequential mode, and about 6% in
parallel mode.
- Update installation method, following official installation
instructions.
- docker-engine was renamed to Docker CE around March 2017. Update
manpage to reflect that change.
- Remove flag `--experimental` since it is no longer necessary to install a
different binary to get experimental features. Experimental features are
included in the stable binary and can be enabled by a flag or in a
config file.
* add an type explorer to unify detecting of package type.
* update currage use the type explorer, so if os and passed in type
does not match, it behaves correctly.
This type tried to disable an unit after it has removed it, which
failed. Now the removal happens in gencode-remote, after the unit has
been stopped and disabled.
Clarify that this type only operates on units in /etc/systemd/system.
Also, when state=present, it is not always true that the type is
"installed, enabled and started"
Why:
In case when name contains package name with exact version specified (e.g. rpm-build-4.11.3)
```
rpm -q --whatprovides "$pkg_name"
```
will tell you that no package could provide you with 'rpm-build-4.11.3',
because it's not virtual or file-provide, but exact package name.
This will lead to the installation of the package which was already installed.
It slows down manifest execution a lot.
My change will keep previous behaviour which relies on --whatprovides and
will fix wrong behaviour when argument is full package name with version.
This commit adds the following features:
* Ability to expand existing certificate
* Ability to manage object state
* Ability to obtain test certificate
* Ability to promote test certificate to production
* Ability to specify custom certificate name
* Ability to specify multiple domains per certificate
* Ability to use Certbot in standalone mode
* Messaging
This commit also introduces the following behavioral changes:
* Attempt to install Certbot only when it is not installed
already
* Installation of the cron job has to be enabled using
`--automatic-renewal` parameter
**Note:** Object ID is now treated as certificate name and new
required parameter `--domain` was added.
Before this fix, the explorer returned binary data when config did
not exist.
This commit also removes dependency on jq and sets executable flag
on the explorer file.
Error before:
---- BEGIN code-remote:stderr ----
insserv: warning: script 'consul' missing LSB tags and overrides
insserv: There is a loop between service monit and consul if stopped
insserv: loop involving service consul at depth 2
insserv: loop involving service monit at depth 1
insserv: Stopping consul depends on monit and therefore on system facility `$all' which can not be true!
insserv: exiting now without changing boot order!
update-rc.d: error: insserv rejected the script header
- `--state` allows to remove a deb-package, if `--purge-if-absent` is
specified the package is purged instead of "only" removed
- messaging was added
- man-page updated accordingly
Configuration files are not purged under Debian when the package
is deinstalled. If this parameter is given, they are deleted upon
package deinstallation.
When directly piping in the source of a systemd unit file, cdist
errored out. This is due to not propagating the stdin file to the
underlying __config_file type (which already contains code for this
case, but this has to be duplicated in __systemd_unit).
The following example thus works:
__systemd_unit test.service --source - <<EOF
[Service]
ExecStart=/bin/sleep 3600
EOF
Some pre/post-install scripts rely on them being open.
(It would be bette to leave them open and show the output, but I didn't
want to change the behaviour)
If `regex` begins with an hyphen, `grep` treats it as an option
and treats `file` as the regular expression. This leads to `grep`
trying to read from the standard input and making it wait infinitely.
This patch adds the missing argument breaker `--` and allows
`regex` to begin with an hyphen (provided it is called correctly).
* __systemd_unit: Move systemctl detection to manifest
* __systemd_unit: Restart the unit if inactive
Until now, the --restart parameter caused the unit to be restarted
only when the unit file has changed. This commit modifies --restart
behavior so that the unit is also restarted when the unit is inactive.
* __systemd_unit: Do not create unit file when source is empty
The pkg_version explorer will fail to properly detect if a package
is installed when a package's name is present in the description of
a package (as returned by pkg_info).
Currently, trying to install libtool fails due to incorrect parsing:
$ pkg_info | grep libtool
libltdl-2.4.2p1 GNU libtool system independent dlopen wrapper
Additionally, trying to install nagios results in the following output:
$ pkg_info | grep nagios
nagios-4.0.8p3-chroot host and service monitor
nagios-web-4.0.8p2-chroot cgis and webpages for nagios
This commit fixes detection by properly parsing pkg_info's output.
Specifically, descriptions are ignored and package names are properly
extracted.
In 6.1, OpenBSD introduced installurl(5), which contains
the URL the sets where installed from during install or upgrade.
The content of this file is used by pkg_add(1) if PKG_PATH is
not defined.
This commit changes the behavior of __package_pkg_openbsd to omit
setting PKG_PATH to a hard-coded value if --pkg_path is not provided.
This, in turn, makes pkg_add(1) use installurl(5).
Warning: apt-key output should not be parsed (stdout is not a terminal)
on stderr. Redirect stderr of apt-key to /dev/null to prevent output in
cdist run.
getent(1) is a utility available where Name Service Switch (NSS)
is available. Many modern operating systems support it, but that
may not be the case of all (e.g. embedded systems).
This commit modifies the __user type explorers to check the
traditional files instead of relying solely on the availability
of getent(1).
- Makes the group explorer use /etc/group
- Makes the passwd explorer use /etc/passwd
- Makes the shadow explorer use /etc/shadow
Implementation note
"getent shadow" does not support querying an entry using a uid
since it does not store that information. Since the shadow explorer
uses __object_id, the passwd explorer does not check if __object_id
matches an entry by uid. This behavior ensures consistent, transparent
behavior of the type. The group explorer, on the other hand, handles
group names and uids; like always.
/etc/os-release was introduced by systemd[1] and is now
more and more common; even on systems without systemd (e.g. lede).
In addition to detecting the OS based on specific attributes,
this file provides the ID marker to describe the OS.
This commit adds support for OS detection via /etc/os-release.
According to [2], it is already lowercase.
[1] http://0pointer.de/blog/projects/os-release
[2] https://www.freedesktop.org/software/systemd/man/os-release.html