Rebase on cdist 7.0.0

This commit is contained in:
fnux 2024-02-19 10:30:08 +01:00
parent 2741dcf3c1
commit 7d66a4e472
No known key found for this signature in database
GPG key ID: 4502C902C00A1E12
433 changed files with 97777 additions and 1 deletions

View file

@ -1,7 +1,8 @@
Changelog
---------
next:
7.0.0: 2022-07-31
~~~~~~~~~~~~~~~~~
* Explorer machine_type: Rewrite (Dennis Camera)
* New type: __sed (Ander Punnar)
* New type: __haproxy_dualstack (Evilham and ungleich)
@ -17,6 +18,8 @@ next:
* Type __file: make file uploading and attribute changes more atomic (Steven Armstrong)
* Type __dot_file: Add support for using --file parameter (Stephan Leemburg)
* Type __apt_ppa: Replace custom "remove-apt-repository" with add-apt-repository -r (Romain Dartigues)
* Type __apt_source: Add signed-by parameter (Daniel Fancsali)
* Explorer: add support for checkpoint (Stephan Leemburg)
6.9.8: 2021-08-24
~~~~~~~~~~~~~~~~~

View file

@ -0,0 +1,4 @@
# Sphinx build info version 1
# This file hashes the configuration used when building these files. When it is not found, a full rebuild will be done.
config: b757b11e09dc40d2a6c98293cde34e70
tags: 645f666f9bcd5a90fca523b33c5a78b7

View file

@ -0,0 +1,278 @@
Best practice
=============
Practices used in real environments
Passwordless connections
------------------------
It is recommended to run cdist with public key authentication.
This requires a private/public key pair and the entry
"PermitRootLogin without-password" in the sshd server.
See sshd_config(5) and ssh-keygen(1).
Speeding up ssh connections
---------------------------
When connecting to a new host, the initial delay with ssh connections
is pretty big. As cdist makes many connections to each host successive
connections can be sped up by "sharing of multiple sessions over a single
network connection" (quote from ssh_config(5)). This is also called "connection
multiplexing".
Cdist implements this since v4.0.0 by executing ssh with the appropriate
options (`-o ControlMaster=auto -o ControlPath=/tmp/<tmpdir>/s -o
ControlPersist=2h`).
Note that the sshd_config on the server can configure the maximum number of
parallel multiplexed connections this with `MaxSessions N` (N defaults to 10
for OpenSSH v7.4).
Speeding up shell execution
----------------------------
On the source host, ensure that /bin/sh is *not* bash: bash is quite slow for
script execution. Instead, you could use dash after installing it::
ln -sf /bin/dash /bin/sh
Multi master or environment setups
----------------------------------
If you plan to distribute cdist among servers or use different
environments, you can do so easily with the included version
control git. For instance if you plan to use the typical three
environments production, integration and development, you can
realise this with git branches::
# Go to cdist checkout
cd /path/to/cdist
# Create branches
git branch development
git branch integration
git branch production
# Make use of a branch, for instance production
git checkout production
Similar if you want to have cdist checked out at multiple machines,
you can clone it multiple times::
machine-a % git clone git://your-git-server/cdist
machine-b % git clone git://your-git-server/cdist
Separating work by groups
-------------------------
If you are working with different groups on one cdist-configuration,
you can delegate to other manifests and have the groups edit only
their manifests. You can use the following snippet in
**conf/manifests/init**::
# Include other groups
sh -e "$__manifest/systems"
sh -e "$__manifest/cbrg"
Maintaining multiple configurations
-----------------------------------
When you need to manage multiple sites with cdist, like company_a, company_b
and private for instance, you can easily use git for this purpose.
Including a possible common base that is reused across the different sites::
# create branches
git branch company_a company_b common private
# make stuff for company a
git checkout company_a
# work, commit, etc.
# make stuff for company b
git checkout company_b
# work, commit, etc.
# make stuff relevant for all sites
git checkout common
# work, commit, etc.
# change to private and include latest common stuff
git checkout private
git merge common
The following **.git/config** is taken from a real world scenario::
# Track upstream, merge from time to time
[remote "upstream"]
url = git://git.schottelius.org/cdist
fetch = +refs/heads/*:refs/remotes/upstream/*
# Same as upstream, but works when being offline
[remote "local"]
fetch = +refs/heads/*:refs/remotes/local/*
url = /home/users/nico/p/cdist
# Remote containing various ETH internal branches
[remote "eth"]
url = sans.ethz.ch:/home/services/sans/git/cdist-eth
fetch = +refs/heads/*:refs/remotes/eth/*
# Public remote that contains my private changes to cdist upstream
[remote "nico"]
url = git.schottelius.org:/home/services/git/cdist-nico
fetch = +refs/heads/*:refs/remotes/nico/*
# The "nico" branch will be synced with the remote nico, branch master
[branch "nico"]
remote = nico
merge = refs/heads/master
# ETH stable contains rock solid configurations used in various places
[branch "eth-stable"]
remote = eth
merge = refs/heads/stable
Have a look at git-remote(1) to adjust the remote configuration, which allows
Multiple developers with different trust
----------------------------------------
If you are working in an environment that requires different people to
work on the same configuration, but having different privileges, you can
implement this scenario with a gateway host and sudo:
- Create a dedicated user (for instance **cdist**)
- Setup the ssh-pubkey for this user that has the right to configure all hosts
- Create a wrapper to update the cdist configuration in ~cdist/cdist
- Allow every developer to execute this script via sudo as the user cdist
- Allow run of cdist as user cdist on specific hosts on a per user/group basis.
- f.i. nico ALL=(ALL) NOPASSWD: /home/cdist/bin/cdist config hostabc
For more details consult sudoers(5)
Templating
----------
* create directory files/ in your type (convention)
* create the template as an executable file like files/basic.conf.sh, it will output text using shell variables for the values
.. code-block:: sh
#!/bin/sh
# in the template, use cat << eof (here document) to output the text
# and use standard shell variables in the template
# output everything in the template script to stdout
cat << EOF
server {
listen 80;
server_name $SERVERNAME;
root $ROOT;
access_log /var/log/nginx/$SERVERNAME_access.log
error_log /var/log/nginx/$SERVERNAME_error.log
}
EOF
* in the manifest, export the relevant variables and add the following lines to your manifest:
.. code-block:: console
# export variables needed for the template
export SERVERNAME='test"
export ROOT='/var/www/test'
# render the template
mkdir -p "$__object/files"
"$__type/files/basic.conf.sh" > "$__object/files/basic.conf"
# send the rendered template
__file /etc/nginx/sites-available/test.conf \
--state present
--source "$__object/files/basic.conf"
Testing a new type
------------------
If you want to test a new type on a node, you can tell cdist to only use an
object of this type: Use the '--initial-manifest' parameter
with - (stdin) as argument and feed object into stdin
of cdist:
.. code-block:: sh
# Singleton type without parameter
echo __ungleich_munin_server | cdist config --initial-manifest - munin.panter.ch
# Singleton type with parameter
echo __ungleich_munin_node --allow 1.2.3.4 | \
cdist config --initial-manifest - rails-19.panter.ch
# Normal type
echo __file /tmp/stdintest --mode 0644 | \
cdist config --initial-manifest - cdist-dev-01.ungleich.ch
Other content in cdist repository
---------------------------------
Usually the cdist repository contains all configuration
items. Sometimes you may have additional resources that
you would like to store in your central configuration
repository (like password files from KeepassX,
Libreoffice diagrams, etc.).
It is recommended to use a subfolder named "non-cdist"
in the repository for such content: It allows you to
easily distinguish what is used by cdist and what is not
and also to store all important files in one
repository.
Notes on CDIST_ORDER_DEPENDENCY
-------------------------------
With CDIST_ORDER_DEPENDENCY all types are executed in the order in which they
are created in the manifest. The current created object automatically depends
on the previously created object.
It essentially helps you to build up blocks of code that build upon each other
(like first creating the directory xyz than the file below the directory).
This can be helpful, but one must be aware of its side effects.
CDIST_ORDER_DEPENDENCY kills parallelization
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Suppose you have defined CDIST_ORDER_DEPENDENCY and then, among other things,
you specify creation of three, by nature independent, files.
**init**
.. code-block:: sh
CDIST_ORDER_DEPENDENCY=1
export CDIST_ORDER_DEPENDENCY
...
__file /tmp/file1
__file /tmp/file2
__file /tmp/file3
...
Due to defined CDIST_ORDER_DEPENDENCY cdist will execute them in specified order.
It is better to use CDIST_ORDER_DEPENDENCY in well defined blocks:
**init**
.. code-block:: sh
CDIST_ORDER_DEPENDENCY=1
export CDIST_ORDER_DEPENDENCY
...
unset CDIST_ORDER_DEPENDENCY
__file /tmp/file1
__file /tmp/file2
__file /tmp/file3
CDIST_ORDER_DEPENDENCY=1
export CDIST_ORDER_DEPENDENCY
...
unset CDIST_ORDER_DEPENDENCY

View file

@ -0,0 +1,118 @@
Bootstrap
=========
This document describes the usual steps recommended for a new
cdist setup. It is recommended that you have read and understood
`cdist quickstart <cdist-quickstart.html>`_ before digging into this.
Location
---------
First of all, you should think about where to store your configuration
database and who will be accessing or changing it. Secondly you have to
think about where to configure your hosts from, which may be a different
location.
For starters, having cdist (which includes the configuration database) on
your notebook should be fine.
Additionally an external copy of the git repository the configuration
relies on is recommended, for use as backup as well as to allow easy collaboration
with others.
For more sophisticated setups developing cdist configurations with multiple
people, have a look at `cdist best practice <cdist-best-practice.html>`_.
Setup working directory and branch
----------------------------------
I assume you have a fresh copy of the cdist tree in ~/cdist, cloned from
one of the official URLs (see `cdist quickstart <cdist-quickstart.html>`_ if you don't).
Entering the command "git branch" should show you "* master", which indicates
you are on the **master** branch.
The master branch reflects the latest development of cdist. As this is the
development branch, it may or may not work. There are also version branches
available, which are kept in a stable state. Let's use **git branch -r**
to list all branches::
cdist% git branch -r
origin/1.0
origin/1.1
origin/1.2
origin/1.3
origin/1.4
origin/1.5
origin/1.6
origin/1.7
origin/2.0
origin/HEAD -> origin/master
origin/archive_shell_function_approach
origin/master
So **2.0** is the latest version branch in this example.
All versions (2.0.x) within one version branch (2.0) are compatible to each
other and won't break your configuration when updating.
It's up to you to decide which branch you want to base your own work on:
master contains more recent changes, newer types, but may also break.
The version branches are stable, but may lack the latest features.
Your decision can be changed later on, but may result in merge conflicts,
which you will need to solve.
Let's assume you want latest stuff and select the master branch as base for
your own work. Now it's time to create your branch, which contains your
local changes. I usually name it by the company/area I am working for:
ethz-systems, localch, customerX, ... But this is pretty much up to you.
In this tutorial I use the branch **mycompany**::
cdist% git checkout -b mycompany origin/master
Branch mycompany set up to track remote branch master from origin.
Switched to a new branch 'mycompany'
cdist-user% git branch
master
* mycompany
From now on, you can use git as usual to commit your changes in your own branch.
Publishing the configuration
----------------------------
Usually a development machine like a notebook should be considered
temporary only. For this reason and to enable shareability, the configuration
should be published to another device as early as possible. The following
example shows how to publish the configuration to another host that is
reachable via ssh and has git installed::
# Create bare git repository on the host named "loch"
cdist% ssh loch "GIT_DIR=/home/nutzer/cdist git init"
Initialized empty Git repository in /home/nutzer/cdist/
# Add remote git repo to git config
cdist% git remote add loch loch:/home/nutzer/cdist
# Configure the mycompany branch to push to loch
cdist% git config branch.mycompany.remote loch
# Configure mycompany branch to push into remote master branch
cdist% git config branch.mycompany.merge refs/heads/master
# Push mycompany branch to remote branch master initially
cdist% git push loch mycompany:refs/heads/master
Now you have setup the git repository to synchronise the **mycompany**
branch with the **master** branch on the host **loch**. Thus you can commit
as usual in your branch and push out changes by entering **git push**.
Updating from origin
--------------------
Whenever you want to update your cdist installation, you can use git to do so::
# Update git repository with latest changes from origin
cdist% git fetch origin
# Update current branch with master branch from origin
cdist% git merge origin/master
# Alternative: Update current branch with 2.0 branch from origin
cdist% git merge origin/2.0

View file

@ -0,0 +1,115 @@
Local cache overview
====================
Description
-----------
While executing, cdist stores data to local cache. Currently this feature is
one way only. That means that cdist does not use stored data for future runs.
Anyway, those data can be used for debugging cdist, debugging types and
debugging after host configuration fails.
Local cache is saved under $HOME/.cdist/cache directory, one directory entry
for each host. Subdirectory path is specified by
:strong:`-C/--cache-path-pattern` option, :strong:`cache_path_pattern`
configuration option or by using :strong:`CDIST_CACHE_PATH_PATTERN`
environment variable.
For more info on cache path pattern see :strong:`CACHE PATH PATTERN FORMAT`
section in cdist man page.
Cache overview
--------------
As noted above each configured host has got its subdirectory in local cache.
Entries in host's cache directory are as follows.
bin
directory with cdist type emulators
conf
dynamically determined cdist conf directory, union of all specified
conf directories
explorer
directory containing global explorer named files containing explorer output
after running on target host
messages
file containing messages
object
directory containing subdirectory for each cdist object
object_marker
object marker for this particular cdist run
stderr
directory containing init manifest and remote stderr stream output
stdout
directory containing init manifest and remote stdout stream output
target_host
file containing target host of this cdist run, as specified when running
cdist
typeorder
file containing types in order of execution.
Object cache overview
~~~~~~~~~~~~~~~~~~~~~
Each object under :strong:`object` directory has its own structure.
autorequire
file containing a list of object auto requirements
children
file containing a list of object children, i.e. objects of types that this
type reuses (along with 'parents' it is used for maintaining parent-child
relationship graph)
code-local
code generated from gencode-local, present only if something is
generated
code-remote
code generated from gencode-remote, present only if something is
generated
explorer
directory containing type explorer named files containing explorer output
after running on target host
files
directory with object files created during type execution
parameter
directory containing type parameter named files containing parameter
values
parents
file containing a list of object parents, i.e. objects of types that reuse
this type (along with 'children' it is used for maintaining parent-child
relationship graph); objects without parents are objects specified in init
manifest
require
file containing a list of object requirements
source
this type's source (init manifest)
state
this type execution state ('done' when finished)
stderr
directory containing type's manifest, gencode-* and code-* stderr stream
outputs
stdin
this type stdin content
stdout
directory containing type's manifest, gencode-* and code-* stdout stream
outputs.

View file

@ -0,0 +1,41 @@
Configuration
=============
Description
-----------
cdist obtains configuration data from the following sources in the following
order:
#. command-line options
#. configuration file specified at command-line using -g command line option
#. configuration file specified in CDIST_CONFIG_FILE environment variable
#. environment variables
#. user's configuration file (first one found of ~/.cdist.cfg, $XDG_CONFIG_HOME/cdist/cdist.cfg, in specified order)
#. in-distribution configuration file (cdist/conf/cdist.cfg)
#. system-wide configuration file (/etc/cdist.cfg)
if one exists.
Configuration source with lower ordering number from above has a higher
precedence. Configuration option value read from source with higher
precedence will overwrite option value, if exists, read from source with
lower precedence. That means that command-line option wins them all.
Users can decide on the local configuration file location. It can be either
~/.cdist.cfg or $XDG_CONFIG_HOME/cdist/cdist.cfg. Note that, if both exist,
then ~/.cdist.cfg is used.
For a per-project configuration, particular environment variables or better,
CDIST_CONFIG_FILE environment variable or -g CONFIG_FILE command line option,
can be used.
Config file format
------------------
cdist configuration file is in the INI file format. Currently it supports
only [GLOBAL] section.
Here you can find configuration file skeleton:
.. literalinclude:: cdist.cfg.skeleton
:language: ini

View file

@ -0,0 +1,54 @@
Explorer
========
Description
-----------
Explorers are small shell scripts, which will be executed on the target
host. The aim of each explorer is to give hints to types on how to act on the
target system. An explorer outputs the result to stdout, which is usually
a one liner, but may be empty or multi line especially in the case of
type explorers.
There are general explorers, which are run in an early stage, and
type explorers. Both work almost exactly the same way, with the difference
that the values of the general explorers are stored in a general location and
the type specific below the object.
Explorers can reuse other explorers on the target system by calling
::
$__explorer/<explorer_name> (general and type explorer)
or
::
$__type_explorer/<explorer name> (type explorer).
In case of significant errors, the explorer may exit non-zero and return an
error message on stderr, which will cause cdist to abort.
You can also use stderr for debugging purposes while developing a new
explorer.
Examples
--------
A very simple explorer may look like this::
hostname
Which is in practise the **hostname** explorer.
A type explorer, which could check for the status of a package may look like this:
.. code-block:: sh
if [ -f "$__object/parameter/name" ]; then
name="$(cat "$__object/parameter/name")"
else
name="$__object_id"
fi
# Expect dpkg failing, if package is not known / installed
dpkg -s "$name" 2>/dev/null || exit 0

View file

@ -0,0 +1,48 @@
Features
========
But cdist ticks differently, here is the feature set that makes it unique:
Simplicity
There is only one type to extend cdist called **type**
Design
+ Type and core cleanly separated
+ Sticks completely to the KISS (keep it simple and stupid) paradigm
+ Meaningful error messages - do not lose time debugging error messages
+ Consistency in behaviour, naming and documentation
+ No surprise factor: Only do what is obviously clear, no magic
+ Define target state, do not focus on methods or scripts
+ Push architecture: Instantly apply your changes
Small core
cdist's core is very small - less code, less bugs
Fast development
Focus on straightforwardness of type creation is a main development objective
Batteries included: A lot of requirements can be solved using standard types
Modern Programming Language
cdist is written in Python
Requirements, Scalability
No central server needed, cdist operates in push mode and can be run from any computer
Requirements, Scalability, Upgrade
cdist only needs to be updated on the master, not on the target hosts
Requirements, Security
Uses well-know `SSH <http://www.openssh.com/>`_ as transport protocol
Requirements, Simplicity
Requires only shell and SSH server on the target
UNIX
Reuse of existing tools like cat, find, mv, ...
UNIX, familiar environment, documentation
Is available as manpages and HTML
UNIX, simplicity, familiar environment
cdist is configured in POSIX shell

View file

@ -0,0 +1,145 @@
Hacking
=======
Welcome
-------
Welcome dear hacker! I invite you to a tour of pointers to
get into the usable configuration management system, cdist.
The first thing to know is probably that cdist is brought to
you by people who care about how code looks like and who think
twice before merging or implementing a feature: Less features
with good usability are far better than the opposite.
Reporting bugs
--------------
If you believe you've found a bug and verified that it is
in the latest version, drop a mail to the cdist mailing list,
subject prefixed with "[BUG] " or create an issue on code.ungleich.ch.
Coding conventions (everywhere)
-------------------------------
If something should be improved or needs to be fixed, add the word FIXME
nearby, so grepping for FIXME gives all positions that need to be fixed.
Indentation is 4 spaces (welcome to the python world).
How to submit stuff for inclusion into upstream cdist
-----------------------------------------------------
If you did some cool changes to cdist, which you think might be of benefit to other
cdist users, you're welcome to propose inclusion into upstream.
There are some requirements to ensure your changes don't break other peoples
work nor kill the authors brain:
- All files should contain the usual header (Author, Copying, etc.)
- Code submission must be done via git
- Do not add cdist/conf/manifest/init - This file should only be touched in your
private branch!
- Code to be included should be branched of the upstream "master" branch
- Exception: Bugfixes to a version branch
- On a merge request, always name the branch I should pull from
- Always ensure **all** manpages build. Use **./build man** to test.
- If you developed more than **one** feature, consider submitting them in
separate branches. This way one feature can already be included, even if
the other needs to be improved.
As soon as your work meets these requirements, write a mail
for inclusion to the mailinglist **cdist-configuration-management at googlegroups.com**
or open a merge request at https://code.ungleich.ch/ungleich-public/cdist.
How to submit a new type
------------------------
For detailed information about types, see `cdist type <cdist-type.html>`_.
Submitting a type works as described above, with the additional requirement
that a corresponding manpage named man.rst in ReSTructured text format with
the manpage-name "cdist-type__NAME" is included in the type directory
AND the manpage builds (`make man`).
Warning: Submitting "exec" or "run" types that simply echo their parameter in
**gencode** will not be accepted, because they are of no use. Every type can output
code and thus such a type introduces redundant functionality that is given by
core cdist already.
Example git workflow
---------------------
The following workflow works fine for most developers
.. code-block:: sh
# get latest upstream master branch
git clone https://code.ungleich.ch/ungleich-public/cdist.git
# update if already existing
cd cdist; git fetch -v; git merge origin/master
# create a new branch for your feature/bugfix
cd cdist # if you haven't done before
git checkout -b documentation_cleanup
# *hack*
*hack*
# clone the cdist repository on code.ungleich.ch if you haven't done so
# configure your repo to know about your clone (only once)
git remote add ungleich git@code.ungleich.ch:YOURUSERNAME/cdist.git
# push the new branch to ungleich gitlab
git push ungleich documentation_cleanup
# (or everything)
git push --mirror ungleich
# create a merge request at ungleich gitlab (use a browser)
# *fixthingsbecausequalityassurancefoundissuesinourpatch*
*hack*
# push code to ungleich gitlab again
git push ... # like above
# add comment that everything should be green now (use a browser)
# go back to master branch
git checkout master
# update master branch that includes your changes now
git fetch -v origin
git diff master..origin/master
git merge origin/master
If at any point you want to go back to the original master branch, you can
use **git stash** to stash your changes away::
.. code-block:: sh
# assume you are on documentation_cleanup
git stash
# change to master and update to most recent upstream version
git checkout master
git fetch -v origin
git merge origin/master
Similarly when you want to develop another new feature, you go back
to the master branch and create another branch based on it::
.. code-block:: sh
# change to master and update to most recent upstream version
git checkout master
git fetch -v origin
git merge origin/master
git checkout -b another_feature
(you can repeat the code above for as many features as you want to develop
in parallel)

View file

@ -0,0 +1,182 @@
How to install cdist
====================
Requirements
-------------
Source Host
~~~~~~~~~~~
This is the machine from which you will configure target hosts.
* /bin/sh: A POSIX like shell (for instance bash, dash, zsh)
* Python >= 3.5
* SSH client
* sphinx with the rtd theme (for building html docs and/or the man pages)
Target Hosts
~~~~~~~~~~~~
* /bin/sh: A POSIX like shell (for instance bash, dash, zsh)
* SSH server
Install cdist
-------------
From git
~~~~~~~~
Cloning cdist from git gives you the advantage of having
a version control in place for development of your own stuff
immediately.
To install cdist, execute the following commands:
.. code-block:: sh
git clone https://code.ungleich.ch/ungleich-public/cdist.git
cd cdist
export PATH=$PATH:$(pwd -P)/bin
From version 4.2.0 cdist tags and releases are signed.
You can get GPG public key used for signing `here <_static/pgp-key-EFD2AE4EC36B6901.asc>`_.
It is assumed that you are familiar with *git* ways of signing and verification.
You can also get cdist from `github mirror <https://github.com/ungleich/cdist>`_.
To install cdist with distutils from cloned repository, first you have to
create version.py:
.. code-block:: sh
./bin/cdist-build-helper version
Then you install it with:
.. code-block:: sh
make install
or with:
.. code-block:: sh
make install-user
to install it into user *site-packages* directory.
Or directly with distutils:
.. code-block:: sh
python setup.py install
Note that `bin/cdist-build-helper` script is intended for cdist maintainers.
Available versions in git
^^^^^^^^^^^^^^^^^^^^^^^^^
* The active development takes place in the **master** branch
* The released versions can be found in the tags
Other branches may be available for features or bugfixes, but they
may vanish at any point. To select a specific branch use
.. code-block:: sh
# Generic code
git checkout -b <localbranchname> origin/<branchname>
So for instance if you want to use and stay with version 4.1, you can use
.. code-block:: sh
git checkout -b 4.1 origin/4.1
Building and using documentation (man and html)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you want to build and use the documentation, run:
.. code-block:: sh
make docs
Documentation comes in two formats, man pages and full HTML
documentation. Documentation is built into distribution's
docs/dist directory. man pages are in docs/dist/man and
HTML documentation in docs/dist/html.
If you want to use man pages, run:
.. code-block:: sh
export MANPATH=$MANPATH:$(pwd -P)/docs/dist/man
Or you can move man pages from docs/dist/man directory to some
other directory and add it to MANPATH.
Full HTML documentation can be accessed at docs/dist/html/index.html.
You can also build only man pages or only html documentation, for
only man pages run:
.. code-block:: sh
make man
for only html documentation run:
.. code-block:: sh
make html
You can also build man pages for types in your ~/.cdist directory:
.. code-block:: sh
make dotman
Built man pages are now in docs/dist/man directory. If you have
some other custom .cdist directory, e.g. /opt/cdist then use:
.. code-block:: sh
make DOT_CDIST_PATH=/opt/cdist dotman
Note that `dotman`-target has to be built before a `make docs`-run, otherwise
the custom man-pages are not picked up.
Python package
~~~~~~~~~~~~~~
Cdist is available as a python package at
`PyPi <http://pypi.python.org/pypi/cdist/>`_. You can install it using
.. code-block:: sh
pip install cdist
Installing from source with signature verification
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If you want to install cdist from signed source and verify it, first you need to
download cdist archive and its detached signature.
Get both, *cdist-x.y.z.tar.gz* and *cdist-x.y.z.tar.gz.asc* from release
notes of the desired tag *x.y.z* at
`cdist git repository <https://code.ungleich.ch/ungleich-public/cdist/-/tags>`_.
Get GPG public key used for signing `here <_static/pgp-key-EFD2AE4EC36B6901.asc>`_
and import it into GPG.
Now cdist source archive can be verified using `gpg`, e.g. to verify `cdist-6.2.0`:
.. code-block:: sh
$ gpg --verify cdist-6.2.0.tar.gz.asc cdist-6.2.0.targ.gz
gpg: Signature made Sat Nov 30 23:14:19 2019 CET
gpg: using RSA key 69767822F3ECC3C349C1EFFFEFD2AE4EC36B6901
gpg: Good signature from "ungleich GmbH (ungleich FOSS) <foss@ungleich.ch>" [ultimate]
Further steps are the same as for `installing from git <cdist-install.html#from-git>`_.

View file

@ -0,0 +1,47 @@
cdist integration / using cdist as library
==========================================
Description
-----------
cdist can be integrate with other applications by importing cdist and other
cdist modules and setting all by hand. There are also helper functions which
aim to ease this integration. Just import **cdist.integration** and use its
functions:
* :strong:`cdist.integration.configure_hosts_simple` for configuration
* :strong:`cdist.integration.install_hosts_simple` for installation.
Functions require `host` and `manifest` parameters.
`host` can be specified as a string representing host or as iterable
of hosts. `manifest` is a path to initial manifest. For other cdist
options default values will be used. `verbose` is a desired verbosity
level which defaults to VERBOSE_INFO. `cdist_path` parameter specifies
path to cdist executable, if it is `None` then functions will try to
find it first from local lib directory and then in PATH.
In case of cdist error :strong:`cdist.Error` exception is raised.
:strong:`WARNING`: cdist integration helper functions are not yet stable!
Examples
--------
.. code-block:: sh
# configure host from python interactive shell
>>> import cdist.integration
>>> cdist.integration.configure_hosts_simple('185.203.114.185',
... '~/.cdist/manifest/init')
# configure host from python interactive shell, specifying verbosity level
>>> import cdist.integration
>>> cdist.integration.configure_hosts_simple(
... '185.203.114.185', '~/.cdist/manifest/init',
... verbose=cdist.argparse.VERBOSE_TRACE)
# configure specified dns hosts from python interactive shell
>>> import cdist.integration
>>> hosts = ('dns1.ungleich.ch', 'dns2.ungleich.ch', 'dns3.ungleich.ch', )
>>> cdist.integration.configure_hosts_simple(hosts,
... '~/.cdist/manifest/init')

View file

@ -0,0 +1,211 @@
Inventory
=========
Introduction
------------
cdist comes with simple built-in tag based inventory. It is a simple inventory
with list of hosts and a host has a list of tags.
Inventory functionality is still in **beta** so it can be used only if beta
command line flag is specified (-b, --beta) or setting CDIST_BETA env var.
Description
-----------
The idea is to have simple tagging inventory. There is a list of hosts and for
each host there are tags. Inventory database is a set of files under inventory
database base directory. Filename equals hostname. Each file contains tags for
hostname with each tag on its own line.
Using inventory you can now configure hosts by selecting them by tags.
Tags have no values, as tags are just tags. Tag name-value would in this
context mean that host has two tags and it is selected by specifying that both
tags are present.
This inventory is **KISS** cdist built-in inventory database. You can maintain it
using cdist inventory interface or using standard UNIX tools.
cdist inventory interface
-------------------------
With cdist inventory interface you can list host(s) and tag(s), add host(s),
add tag(s), delete host(s) and delete tag(s).
Configuring hosts using inventory
---------------------------------
config command now has new options, **-t**, **-a** and **-A**.
**-A** means that all hosts in tag db is selected.
**-a** means that selected hosts must contain ALL specified tags.
**-t** means that host specifies tag - all hosts that have specified tags are
selected.
Examples
--------
.. code-block:: sh
# List inventory content
$ cdist inventory list -b
# List inventory for specified host localhost
$ cdist inventory list -b localhost
# List inventory for specified tag loadbalancer
$ cdist inventory list -b -t loadbalancer
# Add hosts to inventory
$ cdist inventory add-host -b web1 web2 web3
# Delete hosts from file old-hosts from inventory
$ cdist inventory del-host -b -f old-hosts
# Add tags to specified hosts
$ cdist inventory add-tag -b -t europe,croatia,web,static web1 web2
# Add tag to all hosts in inventory
$ cdist inventory add-tag -b -t vm
# Delete all tags from specified host
$ cdist inventory del-tag -b -a localhost
# Delete tags read from stdin from hosts specified by file hosts
$ cdist inventory del-tag -b -T - -f hosts
# Configure hosts from inventory with any of specified tags
$ cdist config -b -t web dynamic
# Configure hosts from inventory with all specified tags
$ cdist config -b -t -a web dynamic
# Configure all hosts from inventory db
$ cdist config -b -A
Example of manipulating database
--------------------------------
.. code-block:: sh
$ python3 scripts/cdist inventory list -b
$ python3 scripts/cdist inventory add-host -b localhost
$ python3 scripts/cdist inventory add-host -b test.mycloud.net
$ python3 scripts/cdist inventory list -b
localhost
test.mycloud.net
$ python3 scripts/cdist inventory add-host -b web1.mycloud.net web2.mycloud.net shell1.mycloud.net shell2.mycloud.net
$ python3 scripts/cdist inventory list -b
localhost
test.mycloud.net
web1.mycloud.net
web2.mycloud.net
shell1.mycloud.net
shell2.mycloud.net
$ python3 scripts/cdist inventory add-tag -b -t web web1.mycloud.net web2.mycloud.net
$ python3 scripts/cdist inventory add-tag -b -t shell shell1.mycloud.net shell2.mycloud.net
$ python3 scripts/cdist inventory add-tag -b -t cloud
$ python3 scripts/cdist inventory list -b
localhost cloud
test.mycloud.net cloud
web1.mycloud.net cloud,web
web2.mycloud.net cloud,web
shell1.mycloud.net cloud,shell
shell2.mycloud.net cloud,shell
$ python3 scripts/cdist inventory add-tag -b -t test,web,shell test.mycloud.net
$ python3 scripts/cdist inventory list -b
localhost cloud
test.mycloud.net cloud,shell,test,web
web1.mycloud.net cloud,web
web2.mycloud.net cloud,web
shell1.mycloud.net cloud,shell
shell2.mycloud.net cloud,shell
$ python3 scripts/cdist inventory del-tag -b -t shell test.mycloud.net
$ python3 scripts/cdist inventory list -b
localhost cloud
test.mycloud.net cloud,test,web
web1.mycloud.net cloud,web
web2.mycloud.net cloud,web
shell1.mycloud.net cloud,shell
shell2.mycloud.net cloud,shell
$ python3 scripts/cdist inventory add-tag -b -t all
$ python3 scripts/cdist inventory add-tag -b -t mistake
$ python3 scripts/cdist inventory list -b
localhost all,cloud,mistake
test.mycloud.net all,cloud,mistake,test,web
web1.mycloud.net all,cloud,mistake,web
web2.mycloud.net all,cloud,mistake,web
shell1.mycloud.net all,cloud,mistake,shell
shell2.mycloud.net all,cloud,mistake,shell
$ python3 scripts/cdist inventory del-tag -b -t mistake
$ python3 scripts/cdist inventory list -b
localhost all,cloud
test.mycloud.net all,cloud,test,web
web1.mycloud.net all,cloud,web
web2.mycloud.net all,cloud,web
shell1.mycloud.net all,cloud,shell
shell2.mycloud.net all,cloud,shell
$ python3 scripts/cdist inventory del-host -b localhost
$ python3 scripts/cdist inventory list -b
test.mycloud.net all,cloud,test,web
web1.mycloud.net all,cloud,web
web2.mycloud.net all,cloud,web
shell1.mycloud.net all,cloud,shell
shell2.mycloud.net all,cloud,shell
$ python3 scripts/cdist inventory list -b -t web
test.mycloud.net all,cloud,test,web
web1.mycloud.net all,cloud,web
web2.mycloud.net all,cloud,web
$ python3 scripts/cdist inventory list -b -t -a web test
test.mycloud.net all,cloud,test,web
$ python3 scripts/cdist inventory list -b -t -a web all
test.mycloud.net all,cloud,test,web
web1.mycloud.net all,cloud,web
web2.mycloud.net all,cloud,web
$ python3 scripts/cdist inventory list -b -t web all
test.mycloud.net all,cloud,test,web
web1.mycloud.net all,cloud,web
web2.mycloud.net all,cloud,web
shell1.mycloud.net all,cloud,shell
shell2.mycloud.net all,cloud,shell
$ cd cdist/inventory
$ ls -1
shell1.mycloud.net
shell2.mycloud.net
test.mycloud.net
web1.mycloud.net
web2.mycloud.net
$ ls -l
total 20
-rw-r--r-- 1 darko darko 16 Jun 24 12:43 shell1.mycloud.net
-rw-r--r-- 1 darko darko 16 Jun 24 12:43 shell2.mycloud.net
-rw-r--r-- 1 darko darko 19 Jun 24 12:43 test.mycloud.net
-rw-r--r-- 1 darko darko 14 Jun 24 12:43 web1.mycloud.net
-rw-r--r-- 1 darko darko 14 Jun 24 12:43 web2.mycloud.net
$ cat test.mycloud.net
test
all
web
cloud
$ cat web2.mycloud.net
all
web
cloud
For more info about inventory commands and options see `cdist <man1/cdist.html>`_\ (1).
Using external inventory
------------------------
cdist can be used with any external inventory where external inventory is
some storage or database from which you can get a list of hosts to configure.
cdist can then be fed with this list of hosts through stdin or file using
**-f** option. For example, if your host list is stored in sqlite3 database
hosts.db and you want to select hosts which purpose is **django** then you
can use it with cdist like:
.. code-block:: sh
$ sqlite3 hosts.db "select hostname from hosts where purpose = 'django';" | cdist config

View file

@ -0,0 +1,377 @@
Manifest
========
Description
-----------
Manifests are used to define which objects to create.
Objects are instances of **types**, like in object oriented programming languages.
An object is represented by the combination of
**type + slash + object name**: **\__file/etc/cdist-configured** is an
object of the type **__file** with the name **etc/cdist-configured**.
All available types can be found in the **cdist/conf/type/** directory,
use **ls cdist/conf/type** to get the list of available types. If you have
setup the MANPATH correctly, you can use **man cdist-reference** to access
the reference with pointers to the manpages.
Types in manifests are used like normal command line tools. Let's have a look
at an example::
# Create object of type __package with the parameter state = absent
__package apache2 --state absent
# Same with the __directory type
__directory /tmp/cdist --state present
These two lines create objects, which will later be used to realise the
configuration on the target host.
Manifests are executed locally as a shell script using **/bin/sh -e**.
The resulting objects are stored in an internal database.
The same object can be redefined in multiple different manifests as long as
the parameters are exactly the same.
In general, manifests are used to define which types are used depending
on given conditions.
Initial and type manifests
--------------------------
Cdist knows about two types of manifests: The initial manifest and type
manifests. The initial manifest is used to define, which configurations
to apply to which hosts. The type manifests are used to create objects
from types. More about manifests in types can be found in `cdist type <cdist-type.html>`_.
Define state in the initial manifest
------------------------------------
The **initial manifest** is the entry point for cdist to find out, which
**objects** to configure on the selected host.
Cdist expects the initial manifest at **cdist/conf/manifest/init**.
Within this initial manifest you define which objects should be
created on which host. To distinguish between hosts, you can use the
environment variable **__target_host** and/or **__target_hostname** and/or
**__target_fqdn**. Let's have a look at a simple example::
__cdistmarker
case "$__target_host" in
localhost)
__directory /home/services/kvm-vm --parents yes
;;
esac
This manifest says: Independent of the host, always use the type
**__cdistmarker**, which creates the file **/etc/cdist-configured**,
with the timestamp as content.
The directory **/home/services/kvm-vm**, including all parent directories,
is only created on the host **localhost**.
As you can see, there is no magic involved, the manifest is simple shell code that
utilises cdist types. Every available type can be executed like a normal
command.
Splitting up the initial manifest
---------------------------------
If you want to split up your initial manifest, you can create other shell
scripts in **cdist/conf/manifest/** and include them in **cdist/conf/manifest/init**.
Cdist provides the environment variable **__manifest** to reference
the directory containing the initial manifest (see `cdist reference <cdist-reference.html>`_).
The following example would include every file with a **.sh** suffix::
# Include *.sh
for manifest in $__manifest/*.sh; do
# And source scripts into our shell environment
. "$manifest"
done
Dependencies
------------
If you want to describe that something requires something else, just
setup the variable "require" to contain the requirements. Multiple
requirements can be added separated with (optionally consecutive)
delimiters including space, tab and newline.
::
1 # No dependency
2 __file /etc/cdist-configured
3
4 # Require above object
5 require="__file/etc/cdist-configured" __link /tmp/cdist-testfile \
6 --source /etc/cdist-configured --type symbolic
7
8 # Require two objects
9 require="__file/etc/cdist-configured __link/tmp/cdist-testfile" \
10 __file /tmp/cdist-another-testfile
Above the "require" variable is only set for the command that is
immediately following it. Dependencies should always be declared that way.
On line 4 you can see that the instantiation of a type "\__link" object needs
the object "__file/etc/cdist-configured" to be present, before it can proceed.
This also means that the "\__link" command must make sure, that either
"\__file/etc/cdist-configured" already is present, or, if it's not, it needs
to be created. The task of cdist is to make sure, that the dependency will be
resolved appropriately and thus "\__file/etc/cdist-configured" be created
if necessary before "__link" proceeds (or to abort execution with an error).
If you really need to make all types depend on a common dependency, you can
export the "require" variable as well. But then, if you need to add extra
dependencies to a specific type, you have to make sure that you append these
to the globally already defined one.
::
# First of all, update the package index
__package_update_index
# Upgrade all the installed packages afterwards
require="__package_update_index" __package_upgrade_all
# Create a common dependency for all the next types so that they get to
# be executed only after the package upgrade has finished
export require="__package_upgrade_all"
# Ensure that lighttpd is installed after we have upgraded all the packages
__package lighttpd --state present
# Ensure that munin is installed after lighttpd is present and after all
# the packages are upgraded
require="$require __package/lighttpd" __package munin --state present
All objects that are created in a type manifest are automatically required
from the type that is calling them. This is called "autorequirement" in
cdist jargon.
You can find a more in depth description of the flow execution of manifests
in `cdist execution stages <cdist-stages.html>`_ and of how types work in `cdist type <cdist-type.html>`_.
Create dependencies from execution order
-----------------------------------------
You can tell cdist to execute all types in the order in which they are created
in the manifest by setting up the variable CDIST_ORDER_DEPENDENCY.
When cdist sees that this variable is setup, the current created object
automatically depends on the previously created object.
It essentially helps you to build up blocks of code that build upon each other
(like first creating the directory xyz than the file below the directory).
Read also about `notes on CDIST_ORDER_DEPENDENCY <cdist-best-practice.html#notes-on-cdist-order-dependency>`_.
In version 6.2.0 semantic CDIST_ORDER_DEPENDENCY is finally fixed and well defined.
CDIST_ORDER_DEPENDENCY defines type order dependency context. Order dependency context
starts when CDIST_ORDER_DEPENDENCY is set, and ends when it is unset. After each
manifest execution finishes, any existing order dependency context is automatically
unset. This ensures that CDIST_ORDER_DEPENDENCY is valid within the manifest where it
is used. When order dependency context is defined then cdist executes types in the
order in which they are created in the manifest inside order dependency context.
Sometimes the best way to see how something works is to see examples.
Suppose you have defined **initial manifest**:
.. code-block:: sh
__cycle1 cycle1
export CDIST_ORDER_DEPENDENCY=1
__cycle2 cycle2
__cycle3 cycle3
with types **__cycle1**:
.. code-block:: sh
export CDIST_ORDER_DEPENDENCY=1
__file /tmp/cycle11
__file /tmp/cycle12
__file /tmp/cycle13
**__cycle2**:
.. code-block:: sh
__file /tmp/cycle21
export CDIST_ORDER_DEPENDENCY=1
__file /tmp/cycle22
__file /tmp/cycle23
unset CDIST_ORDER_DEPENDENCY
__file /tmp/cycle24
**__cycle3**:
.. code-block:: sh
__file /tmp/cycle31
__file /tmp/cycle32
export CDIST_ORDER_DEPENDENCY=1
__file /tmp/cycle33
__file /tmp/cycle34
For the above config, cdist results in the following expected *dependency graph*
(type *__cycleX* is shown as *cX*, *__file/tmp/cycleXY* is shown as *fcXY*):
::
c1---->fc11
| /\
| |
+----->fc12
| /\
| |
+----->fc13
c2--+--->fc21
/\ |
| |
| +----->fc22
| | /\
| | |
| +----->fc23
| |
| |
| +----->fc24
|
|
c3---->fc31
|
|
+----->fc32
|
|
+----->fc33
| /\
| |
+----->fc34
Before version 6.2.0 the above configuration would result in cycle:
::
ERROR: 185.203.112.26: Cycle detected in object dependencies:
__file/tmp/cycle11 -> __cycle3/cycle3 -> __cycle2/cycle2 -> __cycle1/cycle1 -> __file/tmp/cycle11!
The following manifest shows an example for order dependency contexts:
.. code-block:: sh
__file /tmp/fileA
export CDIST_ORDER_DEPENDENCY=1
__file /tmp/fileB
__file /tmp/fileC
__file /tmp/fileD
unset CDIST_ORDER_DEPENDENCY
__file /tmp/fileE
__file /tmp/fileF
export CDIST_ORDER_DEPENDENCY=1
__file /tmp/fileG
__file /tmp/fileH
unset CDIST_ORDER_DEPENDENCY
__file /tmp/fileI
This means:
* C depends on B
* D depends on C
* H depends on G
and there are no other dependencies from this manifest.
Overrides
---------
In some special cases, you would like to create an already defined object
with different parameters. In normal situations this leads to an error in cdist.
If you wish, you can setup the environment variable CDIST_OVERRIDE
(any value or even empty is ok) to tell cdist, that this object override is
wanted and should be accepted.
ATTENTION: Only use this feature if you are 100% sure in which order
cdist encounters the affected objects, otherwise this results
in an undefined situation.
If CDIST_OVERRIDE and CDIST_ORDER_DEPENDENCY are set for an object,
CDIST_ORDER_DEPENDENCY will be ignored, because adding a dependency in case of
overrides would result in circular dependencies, which is an error.
Examples
--------
The initial manifest may for instance contain the following code:
.. code-block:: sh
# Always create this file, so other sysadmins know cdist is used.
__file /etc/cdist-configured
case "$__target_host" in
my.server.name)
__directory /root/bin/
__file /etc/issue.net --source "$__manifest/issue.net
;;
esac
The manifest of the type "nologin" may look like this:
.. code-block:: sh
__file /etc/nologin --source "$__type/files/default.nologin"
This example makes use of dependencies:
.. code-block:: sh
# Ensure that lighttpd is installed
__package lighttpd --state present
# Ensure that munin makes use of lighttpd instead of the default webserver
# package as decided by the package manager
require="__package/lighttpd" __package munin --state present
How to override objects:
.. code-block:: sh
# for example in the initial manifest
# create user account foobar with some hash for password
__user foobar --password 'some_fancy_hash' --home /home/foobarexample
# ... many statements and includes in the manifest later ...
# somewhere in a conditionally sourced manifest
# (e.g. for example only sourced if a special application is on the target host)
# this leads to an error ...
__user foobar --password 'some_other_hash'
# this tells cdist, that you know that this is an override and should be accepted
CDIST_OVERRIDE=yes __user foobar --password 'some_other_hash'
# it's only an override, means the parameter --home is not touched
# and stays at the original value of /home/foobarexample
Dependencies defined by execution order work as following:
.. code-block:: sh
# Tells cdist to execute all types in the order in which they are created ...
export CDIST_ORDER_DEPENDENCY=on
__sample_type 1
require="__some_type_somewhere/id" __sample_type 2
__example_type 23
# Now this types are executed in the creation order until the variable is unset
unset CDIST_ORDER_DEPENDENCY
# all now following types cdist makes the order ..
__not_in_order_type 42
# how it works :
# this lines above are translated to:
__sample_type 1
require="__some_type_somewhere/id __sample_type/1" __sample_type 2
require="__sample_type/2" __example_type 23
__not_in_order_type 42

View file

@ -0,0 +1,94 @@
Messaging
=========
Description
-----------
cdist has a simple but powerful way of allowing communication between
the initial manifest and types as well as types and types.
Whenever execution is passed from cdist to one of the
scripts described below, cdist generate 2 new temporary files
and exports the environment variables **__messages_in** and
**__messages_out** to point to them.
Before handing over the control, the content of the global message
file is copied into the file referenced by **$__messages_in**.
After cdist gained control back, the content of the file referenced
by **$__messages_out** is appended to the global message file.
This way overwriting any of the two files by accident does not
interfere with other types.
The order of execution is not defined unless you create dependencies
between the different objects (see `cdist manifest <cdist-manifest.html>`_) and thus you
can only react reliably on messages by objects that you depend on.
Availability
------------
Messaging is possible between all **local** scripts:
- initial manifest
- type/manifest
- type/gencode-local
- type/gencode-remote
Examples
--------
When you want to emit a message use:
.. code-block:: sh
echo "something" >> "$__messages_out"
When you want to react on a message use:
.. code-block:: sh
if grep -q "^__your_type/object/id:something" "$__messages_in"; then
echo "I do something else"
fi
Some real life examples:
.. code-block:: sh
# Reacting on changes from block for keepalive
if grep -q "^__block/keepalive-vrrp" "$__messages_in"; then
echo /etc/init.d/keepalived restart
fi
# Reacting on changes of configuration files
if grep -q "^__file/etc/one" $__messages_in; then
echo 'for init in /etc/init.d/opennebula*; do $init restart; done'
fi
Restart sshd on changes
.. code-block:: sh
os="$(cat "$__global/explorer/os")"
case "$os" in
centos|redhat|suse)
restart="/etc/init.d/sshd restart"
;;
debian|ubuntu)
restart="/etc/init.d/ssh restart"
;;
*)
cat << eof >&2
Unsupported os $os.
If you would like to have this type running on $os,
you can either develop the changes and send a pull
request or ask for a quote at www.ungleich.ch
eof
exit 1
;;
esac
if grep -q "^__key_value/PermitRootLogin" "$__messages_in"; then
echo $restart
fi

View file

@ -0,0 +1,19 @@
Supported operating systems
===========================
cdist was tested or is know to run on at least
* `Alpine Linux <https://alpinelinux.org>`_
* `Archlinux <http://www.archlinux.org>`_
* `CentOS <http://www.centos.org>`_
* `Debian <http://www.debian.org>`_
* `Devuan <https://devuan.org>`_
* `Fedora <http://fedoraproject.org>`_
* `FreeBSD <http://www.freebsd.org>`_
* `Gentoo <http://www.gentoo.org>`_
* `Mac OS X <http://www.apple.com/macosx>`_
* `NetBSD <https://www.netbsd.org>`_
* `OpenBSD <http://www.openbsd.org>`_
* `Redhat <http://www.redhat.com>`_
* `Ubuntu <http://www.ubuntu.com>`_
* `XenServer <http://www.citrix.com/xenserver>`_

View file

@ -0,0 +1,73 @@
Parallelization
===============
Description
-----------
cdist has two modes of parallel operation.
One of them is to operate on each host in separate process. This is enabled
with :strong:`-p/--parallel` option.
The other way is to operate in parallel within one host where you specify
the number of jobs. This is enabled with :strong:`-j/--jobs` option where you
can specify the number of parallel jobs. By default,
:strong:`multiprocessing.cpu_count()` is used. For this mode global explorers,
object preparation and object run are supported.
You can, of course, use those two options together. This means that each host
will be processed by its own process. Within each process cdist will operate
using specified number of parallel jobs.
For more info on those options see :strong:`cdist`\ (1).
Examples
--------
.. code-block:: sh
# Configure hosts read from file hosts.file in parallel
$ cdist config -p -f hosts.file
# Configure hosts read from file hosts.file sequentially but using default
# number of parallel jobs
$ cdist config -j -f hosts.file
# Configure hosts read from file hosts.file in parallel using 16
# parallel jobs
$ cdist config -j 16 -p -f hosts.file
Caveats
-------
When operating in parallel, either by operating in parallel for each host
(-p/--parallel) or by parallel jobs within a host (-j/--jobs), and depending
on target SSH server and its configuration you may encounter connection drops.
This is controlled with sshd :strong:MaxStartups configuration options.
You may also encounter session open refusal. This happens with ssh multiplexing
when you reach maximum number of open sessions permitted per network
connection. In this case ssh will disable multiplexing.
This limit is controlled with sshd :strong:MaxSessions configuration
options. For more details refer to :strong:`sshd_config`\ (5).
For example, if you reach :strong:`MaxSessions` sessions you may get the
following output:
.. code-block:: sh
$ cdist config -b -j 11 -v 78.47.116.244
INFO: cdist: version 4.2.2-55-g640b7f9
INFO: 78.47.116.244: Running global explorers
INFO: 78.47.116.244: Remote transfer in 11 parallel jobs
channel 22: open failed: administratively prohibited: open failed
mux_client_request_session: session request failed: Session open refused by peer
ControlSocket /tmp/tmpuah6fw_t/d886d4b7e4425a102a54bfaff4d2288b/ssh-control-path already exists, disabling multiplexing
INFO: 78.47.116.244: Running global explorers in 11 parallel jobs
channel 22: open failed: administratively prohibited: open failed
mux_client_request_session: session request failed: Session open refused by peer
ControlSocket /tmp/tmpuah6fw_t/d886d4b7e4425a102a54bfaff4d2288b/ssh-control-path already exists, disabling multiplexing
INFO: 78.47.116.244: Running initial manifest /tmp/tmpuah6fw_t/d886d4b7e4425a102a54bfaff4d2288b/data/conf/manifest/init
INFO: 78.47.116.244: Running manifest and explorers for __file/root/host.file
INFO: 78.47.116.244: Generating code for __file/root/host.file
INFO: 78.47.116.244: Finished successful run in 18.655028820037842 seconds
INFO: cdist: Total processing time for 1 host(s): 19.159148693084717

View file

@ -0,0 +1,129 @@
PreOS
=====
Description
-----------
With cdist you can install and configure new machines. You can use cdist to
create PreOS, minimal OS whose purpose is to boot a new machine.
After PreOS is booted, the machine is ready for installing the desired OS and
afterwards it is ready for configuration.
PreOS creation
--------------
With cdist you can create PreOS.
Currently supported PreOS-es include:
* debian
* ubuntu
* devuan
PreOS is created using the ``cdist preos`` command.
This command has subcommands that determine the desired PreOS.
For example, to create an ubuntu PreOS:
.. code-block:: sh
$ cdist preos ubuntu /preos/preos-ubuntu -B -C \
-k ~/.ssh/id_rsa.pub -p /preos/pxe-ubuntu
For more info about the available options see the cdist manual page.
This will bootstrap (``-B``) ubuntu PreOS in the ``/preos/preos-ubuntu``
directory, it will be configured (``-C``) using default the built-in initial
manifest and with specified ssh authorized key (``-k``).
After bootstrapping and configuration, the PXE boot directory will be
created (``-p``) in ``/preos/pxe-ubuntu``.
After PreOS is created, new machines can be booted using the created PXE
(after proper dhcp and tftp settings).
Since PreOS is configured with ssh authorized key it can be accessed through
ssh, i.e. it can be further installed and configured with cdist.
Implementing a new PreOS sub-command
------------------------------------
preos command is implemented as a plugin system. This plugin system scans for
preos subcommands in the ``cdist/preos/`` distribution directory and also in
``~/.cdist/preos/`` directory if it exists.
preos subcommand is a module or a class that satisfies the following:
* it has the attribute ``_cdist_preos`` set to ``True``
* it defines a function/method ``commandline``.
For a module-based preos subcommand, the ``commandline`` function accepts a
module object as its first argument and the list of command line
arguments (``sys.argv[2:]``).
For a class-based preos subcommand ``commandline`` method should be
static-method and must accept a class as its first argument and the
list of command line arguments (``sys.argv[2:]``).
If preos scanning finds a module/class that has ``_cdist_preos`` set
to ``True`` and a function/method ``commandline`` then this module/class is
registered to preos subcommands. The name of the command is set to ``_preos_name``
attribute if defined in the module/class, defaulting to the module/class name in lowercase.
When a registered preos subcommand is specified, ``commandline``
will be called with the first argument set to module/class and the second
argument set to ``sys.argv[2:]``.
Example of writing new dummy preos sub-command
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Module-based preos:
^^^^^^^^^^^^^^^^^^^
#. Create directory ``~/.cdist/preos/`` if it does not exist
#. Create ``~/.cdist/preos/netbsd.py`` with the following contents:
.. code-block:: python
_preos_name = 'netbsd'
_cdist_preos = True
def commandline(cls, args):
print("NetBSD PreOS: {}".format(args))
When you try to run this new preos you will get:
.. code-block:: sh
$ cdist preos -L
Available PreOS-es:
- debian
- devuan
- netbsd
- ubuntu
$ cdist preos netbsd
NetBSD PreOS: []
Class based preos:
^^^^^^^^^^^^^^^^^^
#. Create directory ``~/.cdist/preos/`` if it does not exist
#. Create ``~/.cdist/preos/freebsd.py`` with the following contents:
.. code-block:: python
class FreeBSD(object):
_cdist_preos = True
@classmethod
def commandline(cls, args):
print("FreeBSD dummy preos: {}".format(args))
When you try to run this new preos you will get:
.. code-block:: sh
$ cdist preos -h
Available PreOS-es:
- debian
- devuan
- freebsd
- ubuntu
$ cdist preos freebsd
FreeBSD dummy preos: []
In the ``commandline`` function/method you have all the freedom to actually create
a PreOS.

View file

@ -0,0 +1,77 @@
Quickstart
==========
This tutorial is aimed at people learning cdist and shows
typical approaches as well as gives an easy start into
the world of configuration management.
For those who just want to configure a system with the
cdist configuration management and do not need (or want)
to understand everything.
This tutorial assumes you are configuring **localhost**, because
it is always available. Just replace **localhost** with your target
host for real life usage.
Cdist uses **ssh** for communication and transportation
and usually logs into the **target host** as the
**root** user. So you need to configure the **ssh server**
of the target host to allow root logins: Edit
the file **/etc/ssh/sshd_config** and add one of the following
lines::
# Allow login only via public key
PermitRootLogin without-password
# Allow login via password and public key
PermitRootLogin yes
As cdist uses ssh intensively, it is recommended to setup authentication
with public keys::
# Generate pubkey pair as a normal user
ssh-keygen
# Copy pubkey over to target host
ssh-copy-id root@localhost
Have a look at ssh-agent(1) and ssh-add(1) on how to cache the password for
your public key. Usually it looks like this::
# Start agent and export variables
eval `ssh-agent`
# Add keys (requires password for every identity file)
ssh-add
At this point you should be able to **ssh root@localhost** without
re-entering the password. If something failed until here, ensure that
all steps went successfully and you have read and understood the
documentation.
As soon as you are able to login without password to localhost,
we can use cdist to configure it. You can copy and paste the following
code into your shell to get started and configure localhost::
# Get cdist
git clone git@code.ungleich.ch:ungleich-public/cdist.git
# Create manifest (maps configuration to host(s)
cd cdist
echo '__file /etc/cdist-configured' > cdist/conf/manifest/init
# Configure localhost in verbose mode
./bin/cdist config -v localhost
# Find out that cdist created /etc/cdist-configured
ls -l /etc/cdist-configured
Note: cdist/conf is configuration directory shipped with cdist distribution.
If exists, ~/.cdist, is also automatically used as cdist configuration
directory. So in the above example you could create ~/.cdist directory,
then ~/.cdist/manifest sub-directory and create init manifest
~/.cdist/manifest/init.
That's it, you've successfully used cdist to configure your first host!
Continue reading the next sections, to understand what you did and how
to create a more sophisticated configuration.

View file

@ -0,0 +1,573 @@
Dive into real world cdist
==========================
Introduction
------------
This walkthrough shows real world cdist configuration example.
Sample target host is named **test.ungleich.ch**.
Just replace **test.ungleich.ch** with your target hostname.
Our goal is to configure python application hosting. For writing sample
application we will use `Bottle <http://bottlepy.org>`_ WSGI micro web-framework.
It will use PostgreSQL database and it will list items from **items** table.
It will be served by uWSGI server. We will also use the Nginx web server
as a reverse proxy and we want HTTPS.
For HTTPS we will use Let's Encrypt certificate.
For setting up hosting we want to use cdist so we will write a new type
for that. This type will:
- install required packages
- create OS user, user home directory and application home directory
- create PostgreSQL database
- configure uWSGI
- configure Let's Encrypt certificate
- configure nginx.
Our type will not create the actual python application. Its intention is only
to configure hosting for specified user and project. It is up to the user to
create his/her applications.
So let's start.
Creating type layout
--------------------
We will create a new custom type. Let's call it **__sample_bottle_hosting**.
Go to **~/.cdist/type** directory (create it if it does not exist) and create
new type layout::
cd ~/.cdist/type
mkdir __sample_bottle_hosting
cd __sample_bottle_hosting
touch manifest gencode-remote
mkdir parameter
touch parameter/required
Creating __sample_bottle_hosting type parameters
------------------------------------------------
Our type will be configurable through the means of parameters. Let's define
the following parameters:
projectname
name for the project, needed for uWSGI ini file
user
user name
domain
target host domain, needed for Let's Encrypt certificate.
We define parameters to make our type reusable for different projects, user and domain.
Define required parameters::
printf "projectname\n" >> parameter/required
printf "user\n" >> parameter/required
printf "domain\n" >> parameter/required
For details on type parameters see `Defining parameters <cdist-type.html#defining-parameters>`_.
Creating __sample_bottle_hosting type manifest
----------------------------------------------
Next step is to define manifest (~/.cdist/type/__sample_bottle_hosting/manifest).
We also want our type to currently support only Devuan. So we will start by
checking target host OS. We will use `os <cdist-reference.html#explorers>`_
global explorer::
os=$(cat "$__global/explorer/os")
case "$os" in
devuan)
:
;;
*)
echo "OS $os currently not supported" >&2
exit 1
;;
esac
If target host OS is not Devuan then we print error message to stderr
and exit. For other OS-es support we should check and change package names
we should install, because packages differ in different OS-es and in different
OS distributions like GNU/Linux distributions. There can also be a different
configuration locations (e.g. nginx config directory could be in /usr/local tree).
If we detected unsupported OS we should error out. cdist will stop configuration
process and output error message.
Creating user and user directories
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Then we create user and his/her home directory and application home directory.
We will use existing cdist types `__user <man7/cdist-type__user.html>`_ and `__directory <man7/cdist-type__directory.html>`_::
user="$(cat "$__object/parameter/user")"
home="/home/$user"
apphome="$home/app"
# create user
__user "$user" --home "$home" --shell /bin/bash
# create user home dir
require="__user/$user" __directory "$home" \
--owner "$user" --group "$user" --mode 0755
# create app home dir
require="__user/$user __directory/$home" __directory "$apphome" \
--state present --owner "$user" --group "$user" --mode 0755
First we define *user*, *home* and *apphome* variables. User is defined by type's
**user** parameter. Here we use **require** which is cdist's way to define dependencies.
User home directory should be created **after** user is created. And application
home directory is created **after** both user and user home directory are created.
For details on **require** see `Dependencies <cdist-manifest.html#dependencies>`_.
Installing packages
~~~~~~~~~~~~~~~~~~~
Install required packages using existing `__package <man7/cdist-type__package.html>`_ type.
Before installing package we want to update apt package index using
`__apt_update_index <man7/cdist-type__apt_update_index.html>`_::
# define packages that need to be installed
packages_to_install="nginx uwsgi-plugin-python3 python3-dev python3-pip postgresql postgresql-contrib libpq-dev python3-venv uwsgi python3-psycopg2"
# update package index
__apt_update_index
# install packages
for package in $packages_to_install
do require="__apt_update_index" __package $package --state=present
done
Here we use shell for loop. It executes **require="__apt_update_index" __package**
for each member in a list we define in **packages_to_install** variable.
This is much nicer then having as many **require="__apt_update_index" __package**
lines as there are packages we want to install.
For python packages we use `__package_pip <man7/cdist-type__package_pip.html>`_::
# install pip3 packages
for package in bottle bottle-pgsql; do
__package_pip --pip pip3 $package
done
Creating PostgreSQL database
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Create PostgreSQL database using `__postgres_database <man7/cdist-type__postgres_database.html>`_
and `__postgres_role <man7/cdist-type__postgres_role.html>`_ for creating database user::
#PostgreSQL db & user
postgres_server=postgresql
# create PostgreSQL db user
require="__package/postgresql" __postgres_role $user --login --createdb
# create PostgreSQL db
require="__postgres_role/$user __package/postgresql" __postgres_database $user \
--owner $user
Configuring uWSGI
~~~~~~~~~~~~~~~~~
Configure uWSGI using `__file <man7/cdist-type__file.html>`_ type::
# configure uWSGI
projectname="$(cat "$__object/parameter/projectname")"
require="__package/uwsgi" __file /etc/uwsgi/apps-enabled/$user.ini \
--owner root --group root --mode 0644 \
--state present \
--source - << EOF
[uwsgi]
socket = $apphome/uwsgi.sock
chdir = $apphome
wsgi-file = $projectname/wsgi.py
touch-reload = $projectname/wsgi.py
processes = 4
threads = 2
chmod-socket = 666
daemonize=true
vacuum = true
uid = $user
gid = $user
EOF
We require package uWSGI present in order to create **/etc/uwsgi/apps-enabled/$user.ini** file.
Installation of uWSGI also creates configuration layout: **/etc/uwsgi/apps-enabled**.
If this directory does not exist then **__file** type would error.
We also use stdin as file content source. For details see `Input from stdin <cdist-type.html#input-from-stdin>`_.
For feeding stdin we use here-document (**<<** operator). It allows redirection of subsequent
lines read by the shell to the input of a command until a line containing only the delimiter
and a newline, with no blank characters in between (EOF in our case).
Configuring nginx for Let's Encrypt and HTTPS redirection
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Next configure nginx for Let's Encrypt and for HTTP -> HTTPS redirection. For this
purpose we will create new type **__sample_nginx_http_letsencrypt_and_ssl_redirect**
and use it here::
domain="$(cat "$__object/parameter/domain")"
webroot="/var/www/html"
__sample_nginx_http_letsencrypt_and_ssl_redirect "$domain" --webroot "$webroot"
Configuring certificate creation
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
After HTTP nginx configuration we will create Let's Encrypt certificate using
`__letsencrypt_cert <man7/cdist-type__letsencrypt_cert.html>`_ type.
For Let's Encrypt cert configuration ensure that there is a DNS entry for your
domain. We assure that cert creation is applied after nginx HTTP is configured
for Let's Encrypt to work::
# create SSL cert
require="__package/nginx __sample_nginx_http_letsencrypt_and_ssl_redirect/$domain" \
__letsencrypt_cert --admin-email admin@test.ungleich.ch \
--webroot "$webroot" \
--automatic-renewal \
--renew-hook "service nginx reload" \
--domain "$domain" \
"$domain"
Configuring nginx HTTPS server with uWSGI upstream
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Then we can configure nginx HTTPS server that will use created Let's Encrypt certificate::
# configure nginx
require="__package/nginx __letsencrypt_cert/$domain" \
__file "/etc/nginx/sites-enabled/https-$domain" \
--source - --mode 0644 << EOF
upstream _bottle {
server unix:$apphome/uwsgi.sock;
}
server {
listen 443;
listen [::]:443;
server_name $domain;
access_log /var/log/nginx/access.log;
ssl on;
ssl_certificate /etc/letsencrypt/live/$domain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$domain/privkey.pem;
client_max_body_size 256m;
location / {
try_files \$uri @uwsgi;
}
location @uwsgi {
include uwsgi_params;
uwsgi_pass _bottle;
}
}
EOF
Now our manifest is finished.
Complete __sample_bottle_hosting type manifest listing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Here is complete __sample_bottle_hosting type manifest listing,
located in ~/.cdist/type/__sample_bottle_hosting/manifest::
#!/bin/sh
os=$(cat "$__global/explorer/os")
case "$os" in
devuan)
:
;;
*)
echo "OS $os currently not supported" >&2
exit 1
;;
esac
projectname="$(cat "$__object/parameter/projectname")"
user="$(cat "$__object/parameter/user")"
home="/home/$user"
apphome="$home/app"
domain="$(cat "$__object/parameter/domain")"
# create user
__user "$user" --home "$home" --shell /bin/bash
# create user home dir
require="__user/$user" __directory "$home" \
--owner "$user" --group "$user" --mode 0755
# create app home dir
require="__user/$user __directory/$home" __directory "$apphome" \
--state present --owner "$user" --group "$user" --mode 0755
# define packages that need to be installed
packages_to_install="nginx uwsgi-plugin-python3 python3-dev python3-pip postgresql postgresql-contrib libpq-dev python3-venv uwsgi python3-psycopg2"
# update package index
__apt_update_index
# install packages
for package in $packages_to_install
do require="__apt_update_index" __package $package --state=present
done
# install pip3 packages
for package in bottle bottle-pgsql; do
__package_pip --pip pip3 $package
done
#PostgreSQL db & user
postgres_server=postgresql
# create PostgreSQL db user
require="__package/postgresql" __postgres_role $user --login --createdb
# create PostgreSQL db
require="__postgres_role/$user __package/postgresql" __postgres_database $user \
--owner $user
# configure uWSGI
require="__package/uwsgi" __file /etc/uwsgi/apps-enabled/$user.ini \
--owner root --group root --mode 0644 \
--state present \
--source - << EOF
[uwsgi]
socket = $apphome/uwsgi.sock
chdir = $apphome
wsgi-file = $projectname/wsgi.py
touch-reload = $projectname/wsgi.py
processes = 4
threads = 2
chmod-socket = 666
daemonize=true
vacuum = true
uid = $user
gid = $user
EOF
# setup nginx HTTP for Let's Encrypt and SSL redirect
domain="$(cat "$__object/parameter/domain")"
webroot="/var/www/html"
__sample_nginx_http_letsencrypt_and_ssl_redirect "$domain" --webroot "$webroot"
# create SSL cert
require="__package/nginx __sample_nginx_http_letsencrypt_and_ssl_redirect/$domain" \
__letsencrypt_cert --admin-email admin@test.ungleich.ch \
--webroot "$webroot" \
--automatic-renewal \
--renew-hook "service nginx reload" \
--domain "$domain" \
"$domain"
# configure nginx
require="__package/nginx __letsencrypt_cert/$domain" \
__file "/etc/nginx/sites-enabled/https-$domain" \
--source - --mode 0644 << EOF
upstream _bottle {
server unix:$apphome/uwsgi.sock;
}
server {
listen 443;
listen [::]:443;
server_name $domain;
access_log /var/log/nginx/access.log;
ssl on;
ssl_certificate /etc/letsencrypt/live/$domain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$domain/privkey.pem;
client_max_body_size 256m;
location / {
try_files \$uri @uwsgi;
}
location @uwsgi {
include uwsgi_params;
uwsgi_pass _bottle;
}
}
EOF
Creating __sample_bottle_hosting type gencode-remote
----------------------------------------------------
Now define **gencode-remote** script: ~/.cdist/type/__sample_bottle_hosting/gencode-remote.
After manifest is applied it should restart uWSGI and nginx services so that our
configuration is active. Our gencode-remote looks like the following::
echo "service uwsgi restart"
echo "service nginx restart"
Our **__sample_bottle_hosting** type is now finished.
Creating __sample_nginx_http_letsencrypt_and_ssl_redirect type
--------------------------------------------------------------
Let's now create **__sample_nginx_http_letsencrypt_and_ssl_redirect** type::
cd ~/.cdist/type
mkdir __sample_nginx_http_letsencrypt_and_ssl_redirect
cd __sample_nginx_http_letsencrypt_and_ssl_redirect
mkdir parameter
echo webroot > parameter/required
touch manifest
touch gencode-remote
Edit manifest::
domain="$__object_id"
webroot="$(cat "$__object/parameter/webroot")"
# make sure we have nginx package
__package nginx
# setup Let's Encrypt HTTP acme challenge, redirect HTTP to HTTPS
require="__package/nginx" __file "/etc/nginx/sites-enabled/http-$domain" \
--source - --mode 0644 << EOF
server {
listen *:80;
listen [::]:80;
server_name $domain;
# Let's Encrypt
location /.well-known/acme-challenge/ {
root $webroot;
}
# Everything else -> SSL
location / {
return 301 https://\$host\$request_uri;
}
}
EOF
Edit gencode-remote::
echo "service nginx reload"
Creating init manifest
----------------------
Next create init manifest::
cd ~/.cdist/manifest
printf "__sample_bottle_hosting --projectname sample --user app --domain \$__target_host sample\n" > sample
Using this init manifest our target host will be configured using our **__sample_bottle_hosting**
type with projectname *sample*, user *app* and domain equal to **__target_host**.
Here the last positional argument *sample* is type's object id. For details on
**__target_host** and **__object_id** see
`Environment variables (for reading) <cdist-reference.html#environment-variables-for-reading>`_
reference.
Configuring host
----------------
Finally configure test.ungleich.ch::
cdist config -v -i ~/.cdist/manifest/sample test.ungleich.ch
After cdist configuration is successfully finished our host is ready.
Creating python bottle application
----------------------------------
We now need to create Bottle application. As you remember from the beginning
of this walkthrough our type does not create the actual python application,
its intention is only to configure hosting for specified user and project.
It is up to the user to create his/her applications.
Become app user::
su -l app
Preparing database
~~~~~~~~~~~~~~~~~~
We need to prepare database for our application. Create table and
insert some items::
psql -c "create table items (item varchar(255));"
psql -c "insert into items(item) values('spam');"
psql -c "insert into items(item) values('eggs');"
psql -c "insert into items(item) values('sausage');"
Creating application
~~~~~~~~~~~~~~~~~~~~
Next create sample app::
cd /home/app/app
mkdir sample
cd sample
Create app.py with the following content::
#!/usr/bin/env python3
import bottle
import bottle_pgsql
app = application = bottle.Bottle()
plugin = bottle_pgsql.Plugin('dbname=app user=app password=')
app.install(plugin)
@app.route('/')
def show_index(db):
db.execute('select * from items')
items = db.fetchall() or []
rv = '<html><body><h3>Items:</h3><ul>'
for item in items:
rv += '<li>' + str(item['item']) + '</li>'
rv += '</ul></body></html>'
return rv
if __name__ == '__main__':
bottle.run(app=app, host='0.0.0.0', port=8080)
Create wsgi.py with the following content::
import os
os.chdir(os.path.dirname(__file__))
import app
application = app.app
We have configured uWSGI with **touch-reload = $projectname/wsgi.py** so after
we have changed our **wsgi.py** file uWSGI reloads the application.
Our application selects and lists items from **items** table.
Opening application
~~~~~~~~~~~~~~~~~~~~
Finally try the application::
http://test.ungleich.ch/
It should redirect to HTTPS and return:
.. container:: highlight
.. raw:: html
<h3>Items:</h3>
<ul>
<li>spam</li>
<li>eggs</li>
<li>sausage</li>
</ul>
What's next?
------------
Continue reading next sections ;)

View file

@ -0,0 +1,508 @@
Reference
=========
Variable, path and type reference for cdist
Explorers
---------
The following global explorers are available:
- cpu_cores
- cpu_sockets
- disks
- hostname
- init
- interfaces
- is-freebsd-jail
- kernel_name
- lsb_codename
- lsb_description
- lsb_id
- lsb_release
- machine
- machine_type
- memory
- os
- os_release
- os_version
- runlevel
Paths
-----
$HOME/.cdist
The standard cdist configuration directory relative to your home directory.
This is usually the place you want to store your site specific configuration.
cdist/conf/
The distribution configuration directory.
This contains types and explorers to be used.
cdist/inventory/
The distribution inventory directory.
This path is relative to cdist installation directory.
cdist/preos/
The distribution PreOS plugins directory.
confdir
Cdist will use all available configuration directories and create
a temporary confdir containing links to the real configuration directories.
This way it is possible to merge configuration directories.
By default it consists of everything in $HOME/.cdist and cdist/conf/.
For more details see cdist(1).
confdir/files/
Cdist does not care about this directory besides providing access to it.
It is thought to be a general file storage area.
confdir/manifest/init
This is the central entry point.
It is an executable (+x bit set) shell script that can use
values from the explorers to decide which configuration to create
for the specified target host.
Its intent is to used to define mapping from configurations to hosts.
confdir/manifest/*
All other files in this directory are not directly used by cdist, but you
can separate configuration mappings, if you have a lot of code in the
conf/manifest/init file. This may also be helpful to have different admins
maintain different groups of hosts.
confdir/explorer/<name>
Contains explorers to be run on the target hosts, see `cdist explorer <cdist-explorer.html>`_.
confdir/type/
Contains all available types, which are used to provide
some kind of functionality. See `cdist type <cdist-type.html>`_.
confdir/type/<name>/
Home of the type <name>.
This directory is referenced by the variable __type (see below).
confdir/type/<name>/man.rst
Manpage in reStructuredText format (required for inclusion into upstream).
confdir/type/<name>/manifest
Used to generate additional objects from a type.
confdir/type/<name>/gencode-local
Used to generate code to be executed on the source host.
confdir/type/<name>/gencode-remote
Used to generate code to be executed on the target host.
confdir/type/<name>/parameter/required
Parameters required by type, \n separated list.
confdir/type/<name>/parameter/optional
Parameters optionally accepted by type, \n separated list.
confdir/type/<name>/parameter/default/*
Default values for optional parameters.
Assuming an optional parameter name of 'foo', it's default value would
be read from the file confdir/type/<name>/parameter/default/foo.
confdir/type/<name>/parameter/boolean
Boolean parameters accepted by type, \n separated list.
confdir/type/<name>/explorer
Location of the type specific explorers.
This directory is referenced by the variable __type_explorer (see below).
See `cdist explorer <cdist-explorer.html>`_.
confdir/type/<name>/files
This directory is reserved for user data and will not be used
by cdist at any time. It can be used for storing supplementary
files (like scripts to act as a template or configuration files).
out/
This directory contains output of cdist and is usually located
in a temporary directory and thus will be removed after the run.
This directory is referenced by the variable __global (see below).
out/explorer
Output of general explorers.
out/object
Objects created for the host.
out/object/<object>
Contains all object specific information.
This directory is referenced by the variable __object (see below).
out/object/<object>/explorers
Output of type specific explorers, per object.
Types
-----
The following types are available:
- __acl (`cdist-type__acl(7) <man7/cdist-type__acl.html>`_)
- __apt_backports (`cdist-type__apt_backports(7) <man7/cdist-type__apt_backports.html>`_)
- __apt_default_release (`cdist-type__apt_default_release(7) <man7/cdist-type__apt_default_release.html>`_)
- __apt_key (`cdist-type__apt_key(7) <man7/cdist-type__apt_key.html>`_)
- __apt_key_uri (`cdist-type__apt_key_uri(7) <man7/cdist-type__apt_key_uri.html>`_)
- __apt_mark (`cdist-type__apt_mark(7) <man7/cdist-type__apt_mark.html>`_)
- __apt_norecommends (`cdist-type__apt_norecommends(7) <man7/cdist-type__apt_norecommends.html>`_)
- __apt_pin (`cdist-type__apt_pin(7) <man7/cdist-type__apt_pin.html>`_)
- __apt_ppa (`cdist-type__apt_ppa(7) <man7/cdist-type__apt_ppa.html>`_)
- __apt_source (`cdist-type__apt_source(7) <man7/cdist-type__apt_source.html>`_)
- __apt_unattended_upgrades (`cdist-type__apt_unattended_upgrades(7) <man7/cdist-type__apt_unattended_upgrades.html>`_)
- __apt_update_index (`cdist-type__apt_update_index(7) <man7/cdist-type__apt_update_index.html>`_)
- __block (`cdist-type__block(7) <man7/cdist-type__block.html>`_)
- __ccollect_source (`cdist-type__ccollect_source(7) <man7/cdist-type__ccollect_source.html>`_)
- __cdist (`cdist-type__cdist(7) <man7/cdist-type__cdist.html>`_)
- __cdistmarker (`cdist-type__cdistmarker(7) <man7/cdist-type__cdistmarker.html>`_)
- __check_messages (`cdist-type__check_messages(7) <man7/cdist-type__check_messages.html>`_)
- __chroot_mount (`cdist-type__chroot_mount(7) <man7/cdist-type__chroot_mount.html>`_)
- __chroot_umount (`cdist-type__chroot_umount(7) <man7/cdist-type__chroot_umount.html>`_)
- __clean_path (`cdist-type__clean_path(7) <man7/cdist-type__clean_path.html>`_)
- __config_file (`cdist-type__config_file(7) <man7/cdist-type__config_file.html>`_)
- __consul (`cdist-type__consul(7) <man7/cdist-type__consul.html>`_)
- __consul_agent (`cdist-type__consul_agent(7) <man7/cdist-type__consul_agent.html>`_)
- __consul_check (`cdist-type__consul_check(7) <man7/cdist-type__consul_check.html>`_)
- __consul_reload (`cdist-type__consul_reload(7) <man7/cdist-type__consul_reload.html>`_)
- __consul_service (`cdist-type__consul_service(7) <man7/cdist-type__consul_service.html>`_)
- __consul_template (`cdist-type__consul_template(7) <man7/cdist-type__consul_template.html>`_)
- __consul_template_template (`cdist-type__consul_template_template(7) <man7/cdist-type__consul_template_template.html>`_)
- __consul_watch_checks (`cdist-type__consul_watch_checks(7) <man7/cdist-type__consul_watch_checks.html>`_)
- __consul_watch_event (`cdist-type__consul_watch_event(7) <man7/cdist-type__consul_watch_event.html>`_)
- __consul_watch_key (`cdist-type__consul_watch_key(7) <man7/cdist-type__consul_watch_key.html>`_)
- __consul_watch_keyprefix (`cdist-type__consul_watch_keyprefix(7) <man7/cdist-type__consul_watch_keyprefix.html>`_)
- __consul_watch_nodes (`cdist-type__consul_watch_nodes(7) <man7/cdist-type__consul_watch_nodes.html>`_)
- __consul_watch_service (`cdist-type__consul_watch_service(7) <man7/cdist-type__consul_watch_service.html>`_)
- __consul_watch_services (`cdist-type__consul_watch_services(7) <man7/cdist-type__consul_watch_services.html>`_)
- __cron (`cdist-type__cron(7) <man7/cdist-type__cron.html>`_)
- __daemontools (`cdist-type__daemontools(7) <man7/cdist-type__daemontools.html>`_)
- __daemontools_service (`cdist-type__daemontools_service(7) <man7/cdist-type__daemontools_service.html>`_)
- __debconf_set_selections (`cdist-type__debconf_set_selections(7) <man7/cdist-type__debconf_set_selections.html>`_)
- __directory (`cdist-type__directory(7) <man7/cdist-type__directory.html>`_)
- __docker (`cdist-type__docker(7) <man7/cdist-type__docker.html>`_)
- __docker_compose (`cdist-type__docker_compose(7) <man7/cdist-type__docker_compose.html>`_)
- __docker_config (`cdist-type__docker_config(7) <man7/cdist-type__docker_config.html>`_)
- __docker_secret (`cdist-type__docker_secret(7) <man7/cdist-type__docker_secret.html>`_)
- __docker_stack (`cdist-type__docker_stack(7) <man7/cdist-type__docker_stack.html>`_)
- __docker_swarm (`cdist-type__docker_swarm(7) <man7/cdist-type__docker_swarm.html>`_)
- __dog_vdi (`cdist-type__dog_vdi(7) <man7/cdist-type__dog_vdi.html>`_)
- __dot_file (`cdist-type__dot_file(7) <man7/cdist-type__dot_file.html>`_)
- __download (`cdist-type__download(7) <man7/cdist-type__download.html>`_)
- __dpkg_architecture (`cdist-type__dpkg_architecture(7) <man7/cdist-type__dpkg_architecture.html>`_)
- __file (`cdist-type__file(7) <man7/cdist-type__file.html>`_)
- __filesystem (`cdist-type__filesystem(7) <man7/cdist-type__filesystem.html>`_)
- __firewalld_rule (`cdist-type__firewalld_rule(7) <man7/cdist-type__firewalld_rule.html>`_)
- __firewalld_start (`cdist-type__firewalld_start(7) <man7/cdist-type__firewalld_start.html>`_)
- __git (`cdist-type__git(7) <man7/cdist-type__git.html>`_)
- __go_get (`cdist-type__go_get(7) <man7/cdist-type__go_get.html>`_)
- __golang_from_vendor (`cdist-type__golang_from_vendor(7) <man7/cdist-type__golang_from_vendor.html>`_)
- __grafana_dashboard (`cdist-type__grafana_dashboard(7) <man7/cdist-type__grafana_dashboard.html>`_)
- __group (`cdist-type__group(7) <man7/cdist-type__group.html>`_)
- __haproxy_dualstack (`cdist-type__haproxy_dualstack(7) <man7/cdist-type__haproxy_dualstack.html>`_)
- __hostname (`cdist-type__hostname(7) <man7/cdist-type__hostname.html>`_)
- __hosts (`cdist-type__hosts(7) <man7/cdist-type__hosts.html>`_)
- __hwclock (`cdist-type__hwclock(7) <man7/cdist-type__hwclock.html>`_)
- __install_bootloader_grub (`cdist-type__install_bootloader_grub(7) <man7/cdist-type__install_bootloader_grub.html>`_)
- __install_chroot_mount (`cdist-type__install_chroot_mount(7) <man7/cdist-type__install_chroot_mount.html>`_)
- __install_chroot_umount (`cdist-type__install_chroot_umount(7) <man7/cdist-type__install_chroot_umount.html>`_)
- __install_config (`cdist-type__install_config(7) <man7/cdist-type__install_config.html>`_)
- __install_coreos (`cdist-type__install_coreos(7) <man7/cdist-type__install_coreos.html>`_)
- __install_directory (`cdist-type__install_directory(7) <man7/cdist-type__install_directory.html>`_)
- __install_file (`cdist-type__install_file(7) <man7/cdist-type__install_file.html>`_)
- __install_fstab (`cdist-type__install_fstab(7) <man7/cdist-type__install_fstab.html>`_)
- __install_generate_fstab (`cdist-type__install_generate_fstab(7) <man7/cdist-type__install_generate_fstab.html>`_)
- __install_mkfs (`cdist-type__install_mkfs(7) <man7/cdist-type__install_mkfs.html>`_)
- __install_mount (`cdist-type__install_mount(7) <man7/cdist-type__install_mount.html>`_)
- __install_partition_msdos (`cdist-type__install_partition_msdos(7) <man7/cdist-type__install_partition_msdos.html>`_)
- __install_partition_msdos_apply (`cdist-type__install_partition_msdos_apply(7) <man7/cdist-type__install_partition_msdos_apply.html>`_)
- __install_reboot (`cdist-type__install_reboot(7) <man7/cdist-type__install_reboot.html>`_)
- __install_reset_disk (`cdist-type__install_reset_disk(7) <man7/cdist-type__install_reset_disk.html>`_)
- __install_stage (`cdist-type__install_stage(7) <man7/cdist-type__install_stage.html>`_)
- __install_umount (`cdist-type__install_umount(7) <man7/cdist-type__install_umount.html>`_)
- __iptables_apply (`cdist-type__iptables_apply(7) <man7/cdist-type__iptables_apply.html>`_)
- __iptables_rule (`cdist-type__iptables_rule(7) <man7/cdist-type__iptables_rule.html>`_)
- __issue (`cdist-type__issue(7) <man7/cdist-type__issue.html>`_)
- __jail (`cdist-type__jail(7) <man7/cdist-type__jail.html>`_)
- __jail_freebsd10 (`cdist-type__jail_freebsd10(7) <man7/cdist-type__jail_freebsd10.html>`_)
- __jail_freebsd9 (`cdist-type__jail_freebsd9(7) <man7/cdist-type__jail_freebsd9.html>`_)
- __key_value (`cdist-type__key_value(7) <man7/cdist-type__key_value.html>`_)
- __keyboard (`cdist-type__keyboard(7) <man7/cdist-type__keyboard.html>`_)
- __letsencrypt_cert (`cdist-type__letsencrypt_cert(7) <man7/cdist-type__letsencrypt_cert.html>`_)
- __line (`cdist-type__line(7) <man7/cdist-type__line.html>`_)
- __link (`cdist-type__link(7) <man7/cdist-type__link.html>`_)
- __locale (`cdist-type__locale(7) <man7/cdist-type__locale.html>`_)
- __locale_system (`cdist-type__locale_system(7) <man7/cdist-type__locale_system.html>`_)
- __localedef (`cdist-type__localedef(7) <man7/cdist-type__localedef.html>`_)
- __motd (`cdist-type__motd(7) <man7/cdist-type__motd.html>`_)
- __mount (`cdist-type__mount(7) <man7/cdist-type__mount.html>`_)
- __mysql_database (`cdist-type__mysql_database(7) <man7/cdist-type__mysql_database.html>`_)
- __mysql_privileges (`cdist-type__mysql_privileges(7) <man7/cdist-type__mysql_privileges.html>`_)
- __mysql_user (`cdist-type__mysql_user(7) <man7/cdist-type__mysql_user.html>`_)
- __openldap_server (`cdist-type__openldap_server(7) <man7/cdist-type__openldap_server.html>`_)
- __package (`cdist-type__package(7) <man7/cdist-type__package.html>`_)
- __package_apk (`cdist-type__package_apk(7) <man7/cdist-type__package_apk.html>`_)
- __package_apt (`cdist-type__package_apt(7) <man7/cdist-type__package_apt.html>`_)
- __package_dpkg (`cdist-type__package_dpkg(7) <man7/cdist-type__package_dpkg.html>`_)
- __package_emerge (`cdist-type__package_emerge(7) <man7/cdist-type__package_emerge.html>`_)
- __package_emerge_dependencies (`cdist-type__package_emerge_dependencies(7) <man7/cdist-type__package_emerge_dependencies.html>`_)
- __package_luarocks (`cdist-type__package_luarocks(7) <man7/cdist-type__package_luarocks.html>`_)
- __package_opkg (`cdist-type__package_opkg(7) <man7/cdist-type__package_opkg.html>`_)
- __package_pacman (`cdist-type__package_pacman(7) <man7/cdist-type__package_pacman.html>`_)
- __package_pip (`cdist-type__package_pip(7) <man7/cdist-type__package_pip.html>`_)
- __package_pkg_freebsd (`cdist-type__package_pkg_freebsd(7) <man7/cdist-type__package_pkg_freebsd.html>`_)
- __package_pkg_openbsd (`cdist-type__package_pkg_openbsd(7) <man7/cdist-type__package_pkg_openbsd.html>`_)
- __package_pkgng_freebsd (`cdist-type__package_pkgng_freebsd(7) <man7/cdist-type__package_pkgng_freebsd.html>`_)
- __package_rubygem (`cdist-type__package_rubygem(7) <man7/cdist-type__package_rubygem.html>`_)
- __package_update_index (`cdist-type__package_update_index(7) <man7/cdist-type__package_update_index.html>`_)
- __package_upgrade_all (`cdist-type__package_upgrade_all(7) <man7/cdist-type__package_upgrade_all.html>`_)
- __package_yum (`cdist-type__package_yum(7) <man7/cdist-type__package_yum.html>`_)
- __package_zypper (`cdist-type__package_zypper(7) <man7/cdist-type__package_zypper.html>`_)
- __pacman_conf (`cdist-type__pacman_conf(7) <man7/cdist-type__pacman_conf.html>`_)
- __pacman_conf_integrate (`cdist-type__pacman_conf_integrate(7) <man7/cdist-type__pacman_conf_integrate.html>`_)
- __pf_apply_anchor (`cdist-type__pf_apply_anchor(7) <man7/cdist-type__pf_apply_anchor.html>`_)
- __pf_ruleset (`cdist-type__pf_ruleset(7) <man7/cdist-type__pf_ruleset.html>`_)
- __ping (`cdist-type__ping(7) <man7/cdist-type__ping.html>`_)
- __postfix (`cdist-type__postfix(7) <man7/cdist-type__postfix.html>`_)
- __postfix_master (`cdist-type__postfix_master(7) <man7/cdist-type__postfix_master.html>`_)
- __postfix_postconf (`cdist-type__postfix_postconf(7) <man7/cdist-type__postfix_postconf.html>`_)
- __postfix_postmap (`cdist-type__postfix_postmap(7) <man7/cdist-type__postfix_postmap.html>`_)
- __postfix_reload (`cdist-type__postfix_reload(7) <man7/cdist-type__postfix_reload.html>`_)
- __postgres_conf (`cdist-type__postgres_conf(7) <man7/cdist-type__postgres_conf.html>`_)
- __postgres_database (`cdist-type__postgres_database(7) <man7/cdist-type__postgres_database.html>`_)
- __postgres_extension (`cdist-type__postgres_extension(7) <man7/cdist-type__postgres_extension.html>`_)
- __postgres_role (`cdist-type__postgres_role(7) <man7/cdist-type__postgres_role.html>`_)
- __process (`cdist-type__process(7) <man7/cdist-type__process.html>`_)
- __prometheus_alertmanager (`cdist-type__prometheus_alertmanager(7) <man7/cdist-type__prometheus_alertmanager.html>`_)
- __prometheus_exporter (`cdist-type__prometheus_exporter(7) <man7/cdist-type__prometheus_exporter.html>`_)
- __prometheus_server (`cdist-type__prometheus_server(7) <man7/cdist-type__prometheus_server.html>`_)
- __pyvenv (`cdist-type__pyvenv(7) <man7/cdist-type__pyvenv.html>`_)
- __qemu_img (`cdist-type__qemu_img(7) <man7/cdist-type__qemu_img.html>`_)
- __rbenv (`cdist-type__rbenv(7) <man7/cdist-type__rbenv.html>`_)
- __rsync (`cdist-type__rsync(7) <man7/cdist-type__rsync.html>`_)
- __rvm (`cdist-type__rvm(7) <man7/cdist-type__rvm.html>`_)
- __rvm_gem (`cdist-type__rvm_gem(7) <man7/cdist-type__rvm_gem.html>`_)
- __rvm_gemset (`cdist-type__rvm_gemset(7) <man7/cdist-type__rvm_gemset.html>`_)
- __rvm_ruby (`cdist-type__rvm_ruby(7) <man7/cdist-type__rvm_ruby.html>`_)
- __sed (`cdist-type__sed(7) <man7/cdist-type__sed.html>`_)
- __sensible_editor (`cdist-type__sensible_editor(7) <man7/cdist-type__sensible_editor.html>`_)
- __service (`cdist-type__service(7) <man7/cdist-type__service.html>`_)
- __snakeoil_cert (`cdist-type__snakeoil_cert(7) <man7/cdist-type__snakeoil_cert.html>`_)
- __ssh_authorized_key (`cdist-type__ssh_authorized_key(7) <man7/cdist-type__ssh_authorized_key.html>`_)
- __ssh_authorized_keys (`cdist-type__ssh_authorized_keys(7) <man7/cdist-type__ssh_authorized_keys.html>`_)
- __ssh_dot_ssh (`cdist-type__ssh_dot_ssh(7) <man7/cdist-type__ssh_dot_ssh.html>`_)
- __sshd_config (`cdist-type__sshd_config(7) <man7/cdist-type__sshd_config.html>`_)
- __staged_file (`cdist-type__staged_file(7) <man7/cdist-type__staged_file.html>`_)
- __start_on_boot (`cdist-type__start_on_boot(7) <man7/cdist-type__start_on_boot.html>`_)
- __sysctl (`cdist-type__sysctl(7) <man7/cdist-type__sysctl.html>`_)
- __systemd_service (`cdist-type__systemd_service(7) <man7/cdist-type__systemd_service.html>`_)
- __systemd_unit (`cdist-type__systemd_unit(7) <man7/cdist-type__systemd_unit.html>`_)
- __timezone (`cdist-type__timezone(7) <man7/cdist-type__timezone.html>`_)
- __uci (`cdist-type__uci(7) <man7/cdist-type__uci.html>`_)
- __uci_section (`cdist-type__uci_section(7) <man7/cdist-type__uci_section.html>`_)
- __ufw (`cdist-type__ufw(7) <man7/cdist-type__ufw.html>`_)
- __ufw_rule (`cdist-type__ufw_rule(7) <man7/cdist-type__ufw_rule.html>`_)
- __unpack (`cdist-type__unpack(7) <man7/cdist-type__unpack.html>`_)
- __update_alternatives (`cdist-type__update_alternatives(7) <man7/cdist-type__update_alternatives.html>`_)
- __user (`cdist-type__user(7) <man7/cdist-type__user.html>`_)
- __user_groups (`cdist-type__user_groups(7) <man7/cdist-type__user_groups.html>`_)
- __xymon_apache (`cdist-type__xymon_apache(7) <man7/cdist-type__xymon_apache.html>`_)
- __xymon_client (`cdist-type__xymon_client(7) <man7/cdist-type__xymon_client.html>`_)
- __xymon_config (`cdist-type__xymon_config(7) <man7/cdist-type__xymon_config.html>`_)
- __xymon_server (`cdist-type__xymon_server(7) <man7/cdist-type__xymon_server.html>`_)
- __yum_repo (`cdist-type__yum_repo(7) <man7/cdist-type__yum_repo.html>`_)
- __zypper_repo (`cdist-type__zypper_repo(7) <man7/cdist-type__zypper_repo.html>`_)
- __zypper_service (`cdist-type__zypper_service(7) <man7/cdist-type__zypper_service.html>`_)
Objects
-------
For object to object communication and tests, the following paths are
usable within a object directory:
files
This directory is reserved for user data and will not be used
by cdist at any time. It can be used freely by the type
(for instance to store template results).
changed
This empty file exists in an object directory, if the object has
code to be executed (either remote or local).
stdin
This file exists and contains data, if data was provided on stdin
when the type was called.
Environment variables (for reading)
-----------------------------------
The following environment variables are exported by cdist:
__cdist_log_level, __cdist_log_level_name
cdist log level value and cdist log level name. One of:
+----------------+-----------------+
| Log level name | Log level value |
+================+=================+
| OFF | 60 |
+----------------+-----------------+
| ERROR | 40 |
+----------------+-----------------+
| WARNING | 30 |
+----------------+-----------------+
| INFO | 20 |
+----------------+-----------------+
| VERBOSE | 15 |
+----------------+-----------------+
| DEBUG | 10 |
+----------------+-----------------+
| TRACE | 5 |
+----------------+-----------------+
Available for: initial manifest, explorer, type manifest, type explorer,
type gencode.
__cdist_colored_log
whether or not cdist's log has colors enabled.
Is set to the string true if cdist's output is using colors,
otherwise the variable contains the string false.
Available for: initial manifest, explorer, type manifest, type explorer,
type gencode.
__cdist_dry_run
Is set only when doing dry run (-n flag).
Available for: initial manifest, explorer, type manifest, type explorer,
type gencode.
__explorer
Directory that contains all global explorers.
Available for: initial manifest, explorer, type explorer, shell.
__files
Directory that contains content from the "files" subdirectories
from the configuration directories.
Available for: initial manifest, type manifest, type gencode, shell.
__manifest
Directory that contains the initial manifest.
Available for: initial manifest, type manifest, shell.
__global
Directory that contains generic output like explorer.
Available for: initial manifest, type manifest, type gencode, shell.
__messages_in
File to read messages from.
Available for: initial manifest, type manifest, type gencode.
__messages_out
File to write messages.
Available for: initial manifest, type manifest, type gencode.
__object
Directory that contains the current object.
Available for: type manifest, type explorer, type gencode and code scripts.
__object_id
The type unique object id.
Available for: type manifest, type explorer, type gencode and code scripts.
| Note: The leading and the trailing "/" will always be stripped (caused by
the filesystem database and ensured by the core).
| Note: Double slashes ("//") will not be fixed and result in an error.
__object_name
The full qualified name of the current object.
Available for: type manifest, type explorer, type gencode.
__target_host
The host we are deploying to. This is primary variable. It's content is
literally the one user passed in.
Available for: explorer, initial manifest, type explorer, type manifest, type gencode, shell.
__target_hostname
The hostname of host we are deploying to. This variable is derived from
**__target_host** (using **socket.getaddrinfo(__target_host)** and then
**socket.gethostbyaddr()**).
Available for: explorer, initial manifest, type explorer, type manifest, type gencode, shell.
__target_fqdn
The fully qualified domain name of the host we are deploying to.
This variable is derived from **__target_host**
(using **socket.getfqdn()**).
Available for: explorer, initial manifest, type explorer, type manifest, type gencode, shell.
__target_host_tags
Comma separated list of target host tags.
Available for: explorer, initial manifest, type explorer, type manifest, type gencode, shell.
__type
Path to the current type.
Available for: type manifest, type gencode.
__type_explorer
Directory that contains the type explorers.
Available for: type explorer.
Environment variables (for writing)
-----------------------------------
The following environment variables influence the behaviour of cdist:
require
Setup dependencies between objects (see `cdist manifest <cdist-manifest.html>`_).
__cdist_log_level
cdist log level value. One of:
+----------------+-----------------+
| Log level | Log level value |
+================+=================+
| OFF | 60 |
+----------------+-----------------+
| ERROR | 40 |
+----------------+-----------------+
| WARNING | 30 |
+----------------+-----------------+
| INFO | 20 |
+----------------+-----------------+
| VERBOSE | 15 |
+----------------+-----------------+
| DEBUG | 10 |
+----------------+-----------------+
| TRACE | 5 |
+----------------+-----------------+
If set cdist will set this log level in
accordance with configuration rules. If cdist invokation is used
in types then nested cdist will honor this specified log level if
not specified otherwise while invoking it.
CDIST_PATH
Colon delimited list of config directories.
CDIST_LOCAL_SHELL
Use this shell locally instead of /bin/sh to execute scripts.
CDIST_REMOTE_SHELL
Use this shell remotely instead of /bin/sh to execute scripts.
CDIST_OVERRIDE
Allow overwriting type parameters (see `cdist manifest <cdist-manifest.html>`_).
CDIST_ORDER_DEPENDENCY
Create dependencies based on the execution order (see `cdist manifest <cdist-manifest.html>`_).
Note that in version 6.2.0 semantic of this processing mode is finally fixed and well defined.
CDIST_REMOTE_EXEC
Use this command for remote execution (should behave like ssh).
CDIST_REMOTE_COPY
Use this command for remote copy (should behave like scp).
CDIST_INVENTORY_DIR
Use this directory as inventory directory.
CDIST_BETA
Enable beta functionalities.
CDIST_COLORED_OUTPUT
Colorize cdist's output. If enabled, cdist will use different colors for
different log levels.
Recognized values are 'always', 'never', and 'auto' (the default).
CDIST_CACHE_PATH_PATTERN
Custom cache path pattern.

View file

@ -0,0 +1,415 @@
Remote exec and copy commands
=============================
Cdist interacts with the target host in two ways:
- it executes code (__remote_exec)
- and it copies files (__remote_copy)
By default this is accomplished with ssh and scp respectively.
The default implementations used by cdist are::
__remote_exec: ssh -o User=root
__remote_copy: scp -o User=root -q
The user can override these defaults by providing custom implementations and
passing them to cdist with the --remote-exec and/or --remote-copy arguments.
For __remote_exec, the custom implementation must behave as if it where ssh.
For __remote_copy, it must behave like scp.
Please notice, custom implementations should work like ssh/scp so __remote_copy
must support IPv6 addresses enclosed in square brackets. For __remote_exec you
must take into account that for some options (like -L) IPv6 addresses can be
specified by enclosed in square brackets (see :strong:`ssh`\ (1) and
:strong:`scp`\ (1)).
With this simple interface the user can take total control of how cdist
interacts with the target when required, while the default implementation
remains as simple as possible.
Examples
--------
Here are examples of using alternative __remote_copy and __remote_exec scripts.
All scripts from below are present in cdist sources in `other/examples/remote`
directory.
ssh
~~~
Same as cdist default.
**copy**
Usage: cdist config --remote-copy "/path/to/this/script" target_host
.. code-block:: sh
#echo "$@" | logger -t "cdist-ssh-copy"
scp -o User=root -q $@
**exec**
Usage: cdist config --remote-exec "/path/to/this/script" target_host
.. code-block:: sh
#echo "$@" | logger -t "cdist-ssh-exec"
ssh -o User=root $@
local
~~~~~
This effectively turns remote calling into local calling. Probably most useful
for the unit testing.
**copy**
.. code-block:: sh
code="$(echo "$@" | sed "s|\([[:space:]]\)$__target_host:|\1|g")"
cp -L $code
**exec**
.. code-block:: sh
target_host=$1; shift
echo "$@" | /bin/sh
chroot
~~~~~~
**copy**
Usage: cdist config --remote-copy "/path/to/this/script /path/to/your/chroot" target-id
.. code-block:: sh
log() {
#echo "$@" | logger -t "cdist-chroot-copy"
:
}
chroot="$1"; shift
target_host="$__target_host"
# replace target_host with chroot location
code="$(echo "$@" | sed "s|$target_host:|$chroot|g")"
log "target_host: $target_host"
log "chroot: $chroot"
log "$@"
log "$code"
# copy files into chroot
cp $code
log "-----"
**exec**
Usage: cdist config --remote-exec "/path/to/this/script /path/to/your/chroot" target-id
.. code-block:: sh
log() {
#echo "$@" | logger -t "cdist-chroot-exec"
:
}
chroot="$1"; shift
target_host="$1"; shift
script=$(mktemp "${chroot}/tmp/chroot-${0##*/}.XXXXXXXXXX")
trap cleanup INT TERM EXIT
cleanup() {
[ $__cdist_debug ] || rm "$script"
}
log "target_host: $target_host"
log "script: $script"
log "@: $@"
echo "#!/bin/sh -l" > "$script"
echo "$@" >> "$script"
chmod +x "$script"
relative_script="${script#$chroot}"
log "relative_script: $relative_script"
# run in chroot
chroot "$chroot" "$relative_script"
log "-----"
rsync
~~~~~
**copy**
Usage: cdist config --remote-copy /path/to/this/script target_host
.. code-block:: sh
# For rsync to do the right thing, the source has to end with "/" if it is
# a directory. The below preprocessor loop takes care of that.
# second last argument is the source
source_index=$(($#-1))
index=0
for arg in $@; do
if [ $index -eq 0 ]; then
# reset $@
set --
fi
index=$((index+=1))
if [ $index -eq $source_index -a -d "$arg" ]; then
arg="${arg%/}/"
fi
set -- "$@" "$arg"
done
rsync --backup --suffix=~cdist -e 'ssh -o User=root' $@
schroot
~~~~~~~
__remote_copy and __remote_exec scripts to run cdist against a chroot on the
target host over ssh.
**copy**
Usage: cdist config --remote-copy "/path/to/this/script schroot-chroot-name" target_host
.. code-block:: sh
log() {
#echo "$@" | logger -t "cdist-schroot-copy"
:
}
chroot_name="$1"; shift
target_host="$__target_host"
# get directory for given chroot_name
chroot="$(ssh -o User=root -q $target_host schroot -c $chroot_name --config | awk -F = '/directory=/ {print $2}')"
# prefix destination with chroot
code="$(echo "$@" | sed "s|$target_host:|$target_host:$chroot|g")"
log "target_host: $target_host"
log "chroot_name: $chroot_name"
log "chroot: $chroot"
log "@: $@"
log "code: $code"
# copy files into remote chroot
scp -o User=root -q $code
log "-----"
**exec**
Usage: cdist config --remote-exec "/path/to/this/script schroot-chroot-name" target_host
.. code-block:: sh
log() {
#echo "$@" | logger -t "cdist-schroot-exec"
:
}
chroot_name="$1"; shift
target_host="$1"; shift
code="ssh -o User=root -q $target_host schroot -c $chroot_name -- $@"
log "target_host: $target_host"
log "chroot_name: $chroot_name"
log "@: $@"
log "code: $code"
# run in remote chroot
$code
log "-----"
schroot-uri
~~~~~~~~~~~
__remote_exec/__remote_copy script to run cdist against a schroot target URI.
Usage::
cdist config \
--remote-exec "/path/to/this/script exec" \
--remote-copy "/path/to/this/script copy" \
target_uri
# target_uri examples:
schroot:///chroot-name
schroot://foo.ethz.ch/chroot-name
schroot://user-name@foo.ethz.ch/chroot-name
# and how to match them in .../manifest/init
case "$target_host" in
schroot://*)
# any schroot
;;
schroot://foo.ethz.ch/*)
# any schroot on specific host
;;
schroot://foo.ethz.ch/chroot-name)
# specific schroot on specific host
;;
schroot:///chroot-name)
# specific schroot on localhost
;;
esac
**copy/exec**
.. code-block:: sh
my_name="${0##*/}"
mode="$1"; shift
log() {
# uncomment me for debugging
#echo "$@" | logger -t "cdist-$my_name-$mode"
:
}
die() {
echo "$@" >&2
exit 1
}
uri="$__target_host"
scheme="${uri%%:*}"; rest="${uri#$scheme:}"; rest="${rest#//}"
authority="${rest%%/*}"; rest="${rest#$authority}"
path="${rest%\?*}"; rest="${rest#$path}"
schroot_name="${path#/}"
[ "$scheme" = "schroot" ] || die "Failed to parse scheme from __target_host ($__target_host). Expected 'schroot', got '$scheme'"
[ -n "$schroot_name" ] || die "Failed to parse schroot name from __target_host: $__target_host"
case "$authority" in
'')
# authority is empty, neither user nor host given
user=""
host=""
;;
*@*)
# authority contains @, take user from authority
user="${authority%@*}"
host="${authority#*@}"
;;
*)
# no user in authority, default to root
user="root"
host="$authority"
;;
esac
log "mode: $mode"
log "@: $@"
log "uri: $uri"
log "scheme: $scheme"
log "authority: $authority"
log "user: $user"
log "host: $host"
log "path: $path"
log "schroot_name: $schroot_name"
exec_prefix=""
copy_prefix=""
if [ -n "$host" ]; then
# we are working on a remote host
exec_prefix="ssh -o User=$user -q $host"
copy_prefix="scp -o User=$user -q"
copy_destination_prefix="$host:"
else
# working on local machine
copy_prefix="cp"
copy_destination_prefix=""
fi
log "exec_prefix: $exec_prefix"
log "copy_prefix: $copy_prefix"
log "copy_destination_prefix: $copy_destination_prefix"
case "$mode" in
exec)
# In exec mode the first argument is the __target_host which we already got from env. Get rid of it.
shift
code="$exec_prefix schroot -c $schroot_name -- sh -c '$@'"
;;
copy)
# get directory for given chroot_name
schroot_directory="$($exec_prefix schroot -c $schroot_name --config | awk -F = '/directory=/ {print $2}')"
[ -n "$schroot_directory" ] || die "Failed to retreive schroot directory for schroot: $schroot_name"
log "schroot_directory: $schroot_directory"
# prefix destination with chroot
code="$copy_prefix $(echo "$@" | sed "s|$uri:|${copy_destination_prefix}${schroot_directory}|g")"
;;
*) die "Unknown mode: $mode";;
esac
log "code: $code"
# Run the code
$code
log "-----"
sudo
~~~~
**copy**
Use rsync over ssh to copy files. Uses the "--rsync-path" option
to run the remote rsync instance with sudo.
This command assumes your ssh configuration is already set up in ~/.ssh/config.
Usage: cdist config --remote-copy /path/to/this/script target_host
.. code-block:: sh
# For rsync to do the right thing, the source has to end with "/" if it is
# a directory. The below preprocessor loop takes care of that.
# second last argument is the source
source_index=$(($#-1))
index=0
for arg in $@; do
if [ $index -eq 0 ]; then
# reset $@
set --
fi
index=$((index+=1))
if [ $index -eq $source_index -a -d "$arg" ]; then
arg="${arg%/}/"
fi
set -- "$@" "$arg"
done
rsync --copy-links --rsync-path="sudo rsync" -e 'ssh' "$@"
**exec**
Prefixes all remote commands with sudo.
This command assumes your ssh configuration is already set up in ~/.ssh/config.
Usage: cdist config --remote-exec "/path/to/this/script" target_host
.. code-block:: sh
host="$1"; shift
ssh -q "$host" sudo sh -c \""$@"\"

View file

@ -0,0 +1,88 @@
Saving output streams
=====================
Description
-----------
Since version 4.8.0 cdist, by default, saves output streams to local cache.
Saving output streams is implemented because important information was lost
during a config run, hidden in all other output.
Now all created output is bound to the context where it was produced.
Saving output streams include stdout and stderr of init manifest, remote
commands and for each object stdout and stderr of manifest, gencode-\* and code-\*.
Output stream files are created only if some output is produced. For more info
on these cache files see `Local cache overview <cdist-cache.html>`_.
Also, in case of an error, cdist can now exit and show all information it has
about the error.
For example:
.. code-block:: sh
$ ./bin/cdist config -v -i ~/.cdist/manifest/init-output-streams $(cat ~/ungleich/data/opennebula-debian9-test )
INFO: 185.203.112.42: Starting configuration run
INFO: 185.203.112.42: Processing __myline/test
ERROR: 185.203.112.42: Command failed: '/bin/sh -e /tmp/tmpow6cwemh/75ee6a79e32da093da23fe4a13dd104b/data/object/__myline/test/.cdist-kisrqlpw/code-local'
return code: 1
---- BEGIN stdout ----
---- END stdout ----
Error processing object '__myline/test'
========================================
name: __myline/test
path: /tmp/tmpow6cwemh/75ee6a79e32da093da23fe4a13dd104b/data/object/__myline/test/.cdist-kisrqlpw
source: /home/darko/.cdist/manifest/init-output-streams
type: /tmp/tmpow6cwemh/75ee6a79e32da093da23fe4a13dd104b/data/conf/type/__myline
---- BEGIN manifest:stderr ----
myline manifest stderr
---- END manifest:stderr ----
---- BEGIN gencode-remote:stderr ----
test gencode-remote error
---- END gencode-remote:stderr ----
---- BEGIN code-local:stderr ----
error
---- END code-local:stderr ----
ERROR: cdist: Failed to configure the following hosts: 185.203.112.42
Upon successful run execution state is saved to local cache and temporary
directory is removed.
In case of an error temporary directory is not removed and can be further
discovered.
There is also an option :strong:`-S/--disable-saving-output-streams` for
disabling saving output streams. In this case error reporting can look
like this:
.. code-block:: sh
$ ./bin/cdist config -v -S -i ~/.cdist/manifest/init-output-streams $(cat ~/ungleich/data/opennebula-debian9-test )
INFO: 185.203.112.42: Starting configuration run
test stdout output streams
test stderr output streams
myline manifest stdout
myline manifest stderr
test gencode-remote error
INFO: 185.203.112.42: Processing __myline/test
error
ERROR: 185.203.112.42: Command failed: '/bin/sh -e /tmp/tmpzomy0wis/75ee6a79e32da093da23fe4a13dd104b/data/object/__myline/test/.cdist-n566pqut/code-local'
return code: 1
---- BEGIN stdout ----
---- END stdout ----
Error processing object '__myline/test'
========================================
name: __myline/test
path: /tmp/tmpzomy0wis/75ee6a79e32da093da23fe4a13dd104b/data/object/__myline/test/.cdist-n566pqut
source: /home/darko/.cdist/manifest/init-output-streams
type: /tmp/tmpzomy0wis/75ee6a79e32da093da23fe4a13dd104b/data/conf/type/__myline
ERROR: cdist: Failed to configure the following hosts: 185.203.112.42

View file

@ -0,0 +1,84 @@
Scan
=====
Description
-----------
Runs cdist as a daemon that discover/watch on hosts and reconfigure them
periodically. It is especially useful in netboot-based environment where hosts
boot unconfigured, and to ensure your infrastructure stays in sync with your
configuration.
This feature is still consider to be in **beta** stage, and only operate on
IPv6 (including link-local).
Usage (Examples)
----------------
Discover hosts on local network and configure those whose name is resolved by
the name mapper script.
.. code-block:: sh
$ cdist scan --beta --interface eth0 \
--mode scan --name-mapper path/to/script \
--mode trigger --mode config
List known hosts and exit.
.. code-block:: sh
$ cdist scan --beta --list --name-mapper path/to/script
Please refer to `cdist(1)` for a detailed list of parameters.
Modes
-----
The scanner has 3 modes that can be independently toggled. If the `--mode`
parameter is not specified, only `tigger` and `scan` are enabled (= hosts are
not configured).
trigger
Send ICMPv6 requests to specific hosts or broadcast over IPv6 link-local to
trigger detection by the `scan` module.
scan
Watch for incoming ICMPv6 replies and optionally configure detected hosts.
config
Enable configuration of hosts detected by `scan`.
Name Mapper Script
------------------
The name mapper script takes an IPv6 address as first argument and writes the
resolved name to stdout - if any. The script must be executable.
Simplest script:
.. code-block:: sh
#!/bin/sh
case "$1" in
"fe80::20d:b9ff:fe57:3524")
printf "my-host-01"
;;
"fe80::7603:bdff:fe05:89bb")
printf "my-host-02"
;;
esac
Resolving name from `PTR` DNS record:
.. code-block:: sh
#!/bin/sh
for cmd in dig sed; do
if ! command -v $cmd > /dev/null; then
exit 1
fi
done
dig +short -x "$1" | sed -e 's/.$//'

View file

@ -0,0 +1,70 @@
Execution stages
================
Description
-----------
When cdist is started, it passes through different stages.
Stage 1: target information retrieval
-------------------------------------
In this stage information is collected about the target host using so called
explorers. Every existing explorer is run on the target and the output of all
explorers are copied back into the local cache. The results can be used by
manifests and types.
Stage 2: run the initial manifest
---------------------------------
The initial manifest, which should be used for mappings of hosts to types,
is executed. This stage creates objects in a cconfig database that contains
the objects as defined in the manifest for the specific host. In this stage,
no conflicts may occur, i.e. no object of the same type with the same id may
be created, if it has different parameters.
Stage 3: object information retrieval
-------------------------------------
Every object is checked whether its type has explorers and if so, these are
executed on the target host. The results are transferred back
and can be used in the following stages to decide what changes need to be made
on the target to implement the desired state.
Stage 4: run the object manifest
--------------------------------
Every object is checked whether its type has a executable manifest. The
manifest script may generate and change the created objects. In other words,
one type can reuse other types.
For instance the object __apache/www.example.org is of type __apache, which may
contain a manifest script, which creates new objects of type __file.
The newly created objects are merged back into the existing tree. No conflicts
may occur during the merge. A conflict would mean that two different objects
try to create the same object, which indicates a broken configuration.
Stage 5: code generation
------------------------
In this stage for every created object its type is checked for executable
gencode scripts. The gencode scripts generate the code to be executed on the
target on stdout. If the gencode executables fail, they must print diagnostic
messages on stderr and exit non-zero.
Stage 6: code execution
-----------------------
For every object the resulting code from the previous stage is transferred to
the target host and executed there to apply the configuration changes.
Stage 7: cache
--------------
The cache stores the information from the current run for later use.
Summary
-------
If, and only if, all the stages complete without errors, the configuration
will be applied to the target.

View file

@ -0,0 +1,26 @@
Support
-------
Chat
~~~~
Chat with us on `#cdist:ungleich.ch <https://ungleich.ch/u/projects/open-chat/>`_.
Mailing list
~~~~~~~~~~~~
Bug reports, questions, patches, etc. should be send to the
`cdist mailing list <https://groups.google.com/forum/#!forum/cdist-configuration-management>`_.
Linkedin
~~~~~~~~
If you have an account
at `Linked in <http://www.linkedin.com/>`_,
you can join the
`cdist group <http://www.linkedin.com/groups/cdist-configuration-management-3952797>`_.
Commercial support
~~~~~~~~~~~~~~~~~~
You can request commercial support for cdist from
`ungleich <http://www.ungleich.ch/>`_.

View file

@ -0,0 +1,64 @@
Troubleshooting
===============
Error in manifest is not considered an error by cdist
-----------------------------------------------------
Situation: You are executing other scripts from a manifest.
This script fails, but cdist does not recognise the error.
An example script would be something like this:
.. code-block:: sh
% cat ~/.cdist/manifest/init
"$__manifest/special"
% cat ~/.cdist/manifest/special
#!/bin/sh
echo "Here is an unclean exiting script"
somecommandthatdoesnotexist
echo "I continue here although previous command failed"
We can clearly see that **somecommandthatdoesnotexist**
will fail in ~/.cdist/manifest/special. But as the custom
script is not called with the -e flag (exit on failure) of shell,
it does not lead to an error. And thus cdist sees the exit 0
code of the last echo line instead of the failing command.
All scripts executed by cdist carry the -e flag.
To prevent the above from happening, there are three solutions available,
two of which can be used in the calling script:
.. code-block:: sh
# Execute as before, but abort on failure
sh -e "$__manifest/special"
# Source the script in our namespace, runs in a set -e environment:
. "$__manifest/special"
The third solution is to include a shebang header in every script
you write to use the -e flag:
.. code-block:: sh
% cat ~/.cdist/manifest/special
#!/bin/sh -e
...
Using debug dump helper script
------------------------------
Since cdist stores data to local cache that can be used for debugging there
is a helper script that dumps data from local cache,
`cdist-dump <man1/cdist-dump.html>`_.
For more info see:
.. code-block:: sh
cdist-dump -h
Or from cdist git cloned directory:
.. code-block:: sh
./scripts/cdist-dump -h

View file

@ -0,0 +1,524 @@
cdist type
==========
Description
-----------
Types are the main component of cdist and define functionality. If you
use cdist, you'll write a type for every functionality you would like
to use.
Synopsis
--------
.. code-block:: sh
__TYPE ID --parameter value [--parameter value ...]
__TYPE --parameter value [--parameter value ...] (for singletons)
How to use a type
-----------------
You can use types from the initial manifest or the type manifest like a
normal shell command:
.. code-block:: sh
# Creates empty file /etc/cdist-configured
__file /etc/cdist-configured --type file
# Ensure tree is installed
__package tree --state installed
A list of supported types can be found in the `cdist reference <cdist-reference.html>`_ manpage.
Singleton types
---------------
If a type is flagged as a singleton, it may be used only
once per host. This is useful for types which can be used only once on a
system. Singleton types do not take an object name as argument.
Example:
.. code-block:: sh
# __issue type manages /etc/issue
__issue
# Probably your own type - singletons may use parameters
__myfancysingleton --colour green
Config types
------------
By default types are used with config command. These are types that are not
flagged by any known command flag. If a type is marked then it will be skipped
with config command.
Install types
-------------
If a type is flagged with 'install' flag then it is used only with install command.
With other commands, i.e. config, these types are skipped if used.
Nonparallel types
-----------------
If a type is flagged with 'nonparallel' flag then its objects cannot be run in parallel
when using -j option. Example of such a type is __package_dpkg type where dpkg itself
prevents to be run in more than one instance.
Deprecated types
-----------------
If a type is flagged with 'deprecated' marker then it is considered deprecated.
When it is used cdist writes warning line. If 'deprecated' marker has content
then this content is printed as a deprecation messages, e.g.:
.. code-block:: sh
$ ls -l deprecated
-rw-r--r-- 1 darko darko 71 May 20 18:30 deprecated
$ cat deprecated
This type is deprecated. It will be removed in the next minor release.
$ echo '__foo foo' | ./bin/cdist config -i - 185.203.112.26
WARNING: 185.203.112.26: Type __foo is deprecated: This type is deprecated. It will be removed in the next minor release.
If 'deprecated' marker has no content then general message is printed, e.g.:
.. code-block:: sh
$ ls -l deprecated
-rw-r--r-- 1 darko darko 0 May 20 18:36 deprecated
$ echo '__bar foo' | ./bin/cdist config -i - 185.203.112.26
WARNING: 185.203.112.26: Type __bar is deprecated.
How to write a new type
-----------------------
A type consists of
- parameter (optional)
- manifest (optional)
- singleton (optional)
- explorer (optional)
- gencode (optional)
- nonparallel (optional)
Types are stored below cdist/conf/type/. Their name should always be prefixed with
two underscores (__) to prevent collisions with other executables in $PATH.
To implement a new type, create the directory **cdist/conf/type/__NAME**.
Type manifest and gencode can be written in any language. They just need to be
executable and have a proper shebang. If they are not executable then cdist assumes
they are written in shell so they are executed using '/bin/sh -e' or 'CDIST_LOCAL_SHELL'.
For executable shell code it is suggested that shebang is '#!/bin/sh -e'.
For creating type skeleton you can use helper script
`cdist-new-type <man1/cdist-new-type.html>`_.
Defining parameters
-------------------
Every type consists of required, optional and boolean parameters, which must
each be declared in a newline separated file in **parameter/required**,
**parameter/required_multiple**, **parameter/optional**,
**parameter/optional_multiple** and **parameter/boolean**.
Parameters which are allowed multiple times should be listed in
required_multiple or optional_multiple respectively. All other parameters
follow the standard unix behaviour "the last given wins".
If either is missing, the type will have no required, no optional, no boolean
or no parameters at all.
Default values for optional parameters can be predefined in
**parameter/default/<name>**.
Example:
.. code-block:: sh
echo servername >> cdist/conf/type/__nginx_vhost/parameter/required
echo logdirectory >> cdist/conf/type/__nginx_vhost/parameter/optional
echo loglevel >> cdist/conf/type/__nginx_vhost/parameter/optional
mkdir cdist/conf/type/__nginx_vhost/parameter/default
echo warning > cdist/conf/type/__nginx_vhost/parameter/default/loglevel
echo server_alias >> cdist/conf/type/__nginx_vhost/parameter/optional_multiple
echo use_ssl >> cdist/conf/type/__nginx_vhost/parameter/boolean
Using parameters
----------------
The parameters given to a type can be accessed and used in all type scripts
(e.g manifest, gencode, explorer). Note that boolean parameters are
represented by file existence. File exists -> True,
file does not exist -> False
Example: (e.g. in cdist/conf/type/__nginx_vhost/manifest)
.. code-block:: sh
# required parameter
servername="$(cat "$__object/parameter/servername")"
# optional parameter
if [ -f "$__object/parameter/logdirectory" ]; then
logdirectory="$(cat "$__object/parameter/logdirectory")"
fi
# optional parameter with predefined default
loglevel="$(cat "$__object/parameter/loglevel")"
# boolean parameter
if [ -f "$__object/parameter/use_ssl" ]; then
# file exists -> True
# do some fancy ssl stuff
fi
# parameter with multiple values
if [ -f "$__object/parameter/server_alias" ]; then
for alias in $(cat "$__object/parameter/server_alias"); do
echo $alias > /some/where/useful
done
fi
Deprecated parameters
---------------------
To deprecate type parameters one can declare a file for each deprecated
parameter under **parameter/deprecated** directory.
When such parameter is used cdist writes warning line with deprecation message.
If such file has content then this content is printed as deprecation message.
If there is no content then generic parameter deprecation message is printed.
Example:
.. code-block:: sh
$ ls parameter/deprecated/
eggs spam
$ cat parameter/deprecated/eggs
eggs parameter is deprecated, please use multiple egg parameter.
$ cat parameter/deprecated/spam
$ echo '__foo foo --foo foo --eggs eggs' | ./bin/cdist config -i - 185.203.112.26
WARNING: 185.203.112.26: eggs parameter of type __foo is deprecated: eggs parameter is deprecated, please use multiple egg parameter.
$ echo '__foo foo --foo foo --eggs eggs --spam spam' | ./bin/cdist config -i - 185.203.112.26
WARNING: 185.203.112.26: spam parameter of type __foo is deprecated.
WARNING: 185.203.112.26: eggs parameter of type __foo is deprecated: eggs parameter is deprecated, please use multiple egg parameter.
Input from stdin
----------------
Every type can access what has been written on stdin when it has been called.
The result is saved into the **stdin** file in the object directory.
Example use of a type: (e.g. in cdist/conf/type/__archlinux_hostname)
.. code-block:: sh
__file /etc/rc.conf --source - << eof
...
HOSTNAME="$__target_host"
...
eof
If you have not seen this syntax (<< eof) before, it may help you to read
about "here documents".
In the __file type, stdin is used as source for the file, if - is used for source:
.. code-block:: sh
if [ -f "$__object/parameter/source" ]; then
source="$(cat "$__object/parameter/source")"
if [ "$source" = "-" ]; then
source="$__object/stdin"
fi
....
Stdin inside a loop
~~~~~~~~~~~~~~~~~~~
Since cdist saves type's stdin content in the object as **$__object/stdin**,
so it can be accessed in manifest and gencode-* scripts, this can lead to
unexpected behavior. For example, suppose you have some type with the following
in its manifest:
.. code-block:: sh
if [ -f "$__object/parameter/foo" ]
then
while read -r l
do
__file "$l"
echo "$l" >&2
done < "$__object/parameter/foo"
fi
and init manifest:
.. code-block:: sh
__foo foo --foo a --foo b --foo c
You expect that manifest stderr content is:
.. code-block:: sh
a
b
c
and that files *a*, *b* and *c* are created. But all you get in manifest stderr
is:
.. code-block:: sh
a
and only *a* file is created.
When redirecting parameter *foo* file content to while's stdin that means that all
commands in while body have this same stdin. So when *__file* type gets executed,
cdist saves its stdin which means it gets the remaining content of parameter *foo*
file, i.e.:
.. code-block:: sh
b
c
The solution is to make sure that your types inside such loops get their stdin
from somewhere else, e.g. for the above problem *__file* type can get empty
stdin from */dev/null*:
.. code-block:: sh
if [ -f "$__object/parameter/foo" ]
then
while read -r l
do
__file "$l" < /dev/null
echo "$l" >&2
done < "$__object/parameter/foo"
fi
Writing the manifest
--------------------
In the manifest of a type you can use other types, so your type extends
their functionality. A good example is the __package type, which in
a shortened version looks like this:
.. code-block:: sh
os="$(cat "$__global/explorer/os")"
case "$os" in
archlinux) type="pacman" ;;
debian|ubuntu) type="apt" ;;
gentoo) type="emerge" ;;
*)
echo "Don't know how to manage packages on: $os" >&2
exit 1
;;
esac
__package_$type "$@"
As you can see, the type can reference different environment variables,
which are documented in `cdist reference <cdist-reference.html>`_.
Always ensure the manifest is executable, otherwise cdist will not be able
to execute it. For more information about manifests see `cdist manifest <cdist-manifest.html>`_.
Singleton - one instance only
-----------------------------
If you want to ensure that a type can only be used once per target, you can
mark it as a singleton: Just create the (empty) file "singleton" in your type
directory:
.. code-block:: sh
touch cdist/conf/type/__NAME/singleton
This will also change the way your type must be called:
.. code-block:: sh
__YOURTYPE --parameter value
As you can see, the object ID is omitted, because it does not make any sense,
if your type can be used only once.
Install - type with install command
-----------------------------------
If you want a type to be used with install command, you must mark it as
install: create the (empty) file "install" in your type directory:
.. code-block:: sh
touch cdist/conf/type/__install_NAME/install
With other commands, i.e. config, it will be skipped if used.
Nonparallel - only one instance can be run at a time
----------------------------------------------------
If objects of a type must not or cannot be run in parallel when using -j
option, you must mark it as nonparallel: create the (empty) file "nonparallel"
in your type directory:
.. code-block:: sh
touch cdist/conf/type/__NAME/nonparallel
For example, package types are nonparallel types.
The type explorers
------------------
If a type needs to explore specific details, it can provide type specific
explorers, which will be executed on the target for every created object.
The explorers are stored under the "explorer" directory below the type.
It could for instance contain code to check the md5sum of a file on the
client, like this (shortened version from the type __file):
.. code-block:: sh
if [ -f "$__object/parameter/destination" ]; then
destination="$(cat "$__object/parameter/destination")"
else
destination="/$__object_id"
fi
if [ -e "$destination" ]; then
md5sum < "$destination"
fi
Writing the gencode script
--------------------------
There are two gencode scripts: **gencode-local** and **gencode-remote**.
The output of gencode-local is executed locally, whereas
the output of gencode-remote is executed on the target.
The gencode scripts can make use of the parameters, the global explorers
and the type specific explorers.
If the gencode scripts encounters an error, it should print diagnostic
messages to stderr and exit non-zero. If you need to debug the gencode
script, you can write to stderr:
.. code-block:: sh
# Debug output to stderr
echo "My fancy debug line" >&2
# Output to be saved by cdist for execution on the target
echo "touch /etc/cdist-configured"
Notice: if you use __remote_copy or __remote_exec directly in your scripts
then for IPv6 address with __remote_copy execution you should enclose IPv6
address in square brackets. The same applies to __remote_exec if it behaves
the same as ssh for some options where colon is a delimiter, as for -L ssh
option (see :strong:`ssh`\ (1) and :strong:`scp`\ (1)).
Variable access from the generated scripts
------------------------------------------
In the generated scripts, you have access to the following cdist variables
- __object
- __object_id
but only for read operations, means there is no back copy of this
files after the script execution.
So when you generate a script with the following content, it will work:
.. code-block:: sh
if [ -f "$__object/parameter/name" ]; then
name="$(cat "$__object/parameter/name")"
else
name="$__object_id"
fi
Environment variable usage idiom
--------------------------------
In type scripts you can support environment variables with default values if
environment variable is unset or null by using **${parameter:-[word]}**
parameter expansion.
Example using mktemp in a portable way that supports TMPDIR environment variable.
.. code-block:: sh
tempfile=$(mktemp "${TMPDIR:-/tmp}/cdist.XXXXXXXXXX")
Log level in types
------------------
cdist log level can be accessed from __cdist_log_level variable.One of:
+----------------+-----------------+
| Log level | Log level value |
+================+=================+
| OFF | 60 |
+----------------+-----------------+
| ERROR | 40 |
+----------------+-----------------+
| WARNING | 30 |
+----------------+-----------------+
| INFO | 20 |
+----------------+-----------------+
| VERBOSE | 15 |
+----------------+-----------------+
| DEBUG | 10 |
+----------------+-----------------+
| TRACE | 5 |
+----------------+-----------------+
It is available for initial manifest, explorer, type manifest,
type explorer, type gencode.
Detecting dry run
-----------------
If ``$__cdist_dry_run`` environment variable is set, then it's dry run.
It is available for initial manifest, explorer, type manifest,
type explorer, type gencode.
Hints for typewriters
----------------------
It must be assumed that the target is pretty dumb and thus does not have high
level tools like ruby installed. If a type requires specific tools to be present
on the target, there must be another type that provides this tool and the first
type should create an object of the specific type.
If your type wants to save temporary data, that may be used by other types
later on (for instance \__file), you can save them in the subdirectory
"files" below $__object (but you must create it yourself).
cdist will not touch this directory.
If your type contains static files, it's also recommended to place them in
a folder named "files" within the type (again, because cdist guarantees to
never ever touch this folder).
How to include a type into upstream cdist
-----------------------------------------
If you think your type may be useful for others, ensure it works with the
current master branch of cdist and have a look at `cdist hacking <cdist-hacker.html>`_ on
how to submit it.

View file

@ -0,0 +1,179 @@
cdist types
===========
.. toctree::
:titlesonly:
__acl <man7/cdist-type__acl>
__apt_backports <man7/cdist-type__apt_backports>
__apt_default_release <man7/cdist-type__apt_default_release>
__apt_key <man7/cdist-type__apt_key>
__apt_key_uri <man7/cdist-type__apt_key_uri>
__apt_mark <man7/cdist-type__apt_mark>
__apt_norecommends <man7/cdist-type__apt_norecommends>
__apt_pin <man7/cdist-type__apt_pin>
__apt_ppa <man7/cdist-type__apt_ppa>
__apt_source <man7/cdist-type__apt_source>
__apt_unattended_upgrades <man7/cdist-type__apt_unattended_upgrades>
__apt_update_index <man7/cdist-type__apt_update_index>
__block <man7/cdist-type__block>
__ccollect_source <man7/cdist-type__ccollect_source>
__cdist <man7/cdist-type__cdist>
__cdistmarker <man7/cdist-type__cdistmarker>
__check_messages <man7/cdist-type__check_messages>
__chroot_mount <man7/cdist-type__chroot_mount>
__chroot_umount <man7/cdist-type__chroot_umount>
__clean_path <man7/cdist-type__clean_path>
__config_file <man7/cdist-type__config_file>
__consul <man7/cdist-type__consul>
__consul_agent <man7/cdist-type__consul_agent>
__consul_check <man7/cdist-type__consul_check>
__consul_reload <man7/cdist-type__consul_reload>
__consul_service <man7/cdist-type__consul_service>
__consul_template <man7/cdist-type__consul_template>
__consul_template_template <man7/cdist-type__consul_template_template>
__consul_watch_checks <man7/cdist-type__consul_watch_checks>
__consul_watch_event <man7/cdist-type__consul_watch_event>
__consul_watch_key <man7/cdist-type__consul_watch_key>
__consul_watch_keyprefix <man7/cdist-type__consul_watch_keyprefix>
__consul_watch_nodes <man7/cdist-type__consul_watch_nodes>
__consul_watch_service <man7/cdist-type__consul_watch_service>
__consul_watch_services <man7/cdist-type__consul_watch_services>
__cron <man7/cdist-type__cron>
__daemontools <man7/cdist-type__daemontools>
__daemontools_service <man7/cdist-type__daemontools_service>
__debconf_set_selections <man7/cdist-type__debconf_set_selections>
__directory <man7/cdist-type__directory>
__docker <man7/cdist-type__docker>
__docker_compose <man7/cdist-type__docker_compose>
__docker_config <man7/cdist-type__docker_config>
__docker_secret <man7/cdist-type__docker_secret>
__docker_stack <man7/cdist-type__docker_stack>
__docker_swarm <man7/cdist-type__docker_swarm>
__dog_vdi <man7/cdist-type__dog_vdi>
__dot_file <man7/cdist-type__dot_file>
__download <man7/cdist-type__download>
__dpkg_architecture <man7/cdist-type__dpkg_architecture>
__file <man7/cdist-type__file>
__filesystem <man7/cdist-type__filesystem>
__firewalld_rule <man7/cdist-type__firewalld_rule>
__firewalld_start <man7/cdist-type__firewalld_start>
__git <man7/cdist-type__git>
__go_get <man7/cdist-type__go_get>
__golang_from_vendor <man7/cdist-type__golang_from_vendor>
__grafana_dashboard <man7/cdist-type__grafana_dashboard>
__group <man7/cdist-type__group>
__haproxy_dualstack <man7/cdist-type__haproxy_dualstack>
__hostname <man7/cdist-type__hostname>
__hosts <man7/cdist-type__hosts>
__hwclock <man7/cdist-type__hwclock>
__install_bootloader_grub <man7/cdist-type__install_bootloader_grub>
__install_chroot_mount <man7/cdist-type__install_chroot_mount>
__install_chroot_umount <man7/cdist-type__install_chroot_umount>
__install_config <man7/cdist-type__install_config>
__install_coreos <man7/cdist-type__install_coreos>
__install_directory <man7/cdist-type__install_directory>
__install_file <man7/cdist-type__install_file>
__install_fstab <man7/cdist-type__install_fstab>
__install_generate_fstab <man7/cdist-type__install_generate_fstab>
__install_mkfs <man7/cdist-type__install_mkfs>
__install_mount <man7/cdist-type__install_mount>
__install_partition_msdos <man7/cdist-type__install_partition_msdos>
__install_partition_msdos_apply <man7/cdist-type__install_partition_msdos_apply>
__install_reboot <man7/cdist-type__install_reboot>
__install_reset_disk <man7/cdist-type__install_reset_disk>
__install_stage <man7/cdist-type__install_stage>
__install_umount <man7/cdist-type__install_umount>
__iptables_apply <man7/cdist-type__iptables_apply>
__iptables_rule <man7/cdist-type__iptables_rule>
__issue <man7/cdist-type__issue>
__jail <man7/cdist-type__jail>
__jail_freebsd10 <man7/cdist-type__jail_freebsd10>
__jail_freebsd9 <man7/cdist-type__jail_freebsd9>
__key_value <man7/cdist-type__key_value>
__keyboard <man7/cdist-type__keyboard>
__letsencrypt_cert <man7/cdist-type__letsencrypt_cert>
__line <man7/cdist-type__line>
__link <man7/cdist-type__link>
__locale <man7/cdist-type__locale>
__locale_system <man7/cdist-type__locale_system>
__localedef <man7/cdist-type__localedef>
__motd <man7/cdist-type__motd>
__mount <man7/cdist-type__mount>
__mysql_database <man7/cdist-type__mysql_database>
__mysql_privileges <man7/cdist-type__mysql_privileges>
__mysql_user <man7/cdist-type__mysql_user>
__openldap_server <man7/cdist-type__openldap_server>
__package <man7/cdist-type__package>
__package_apk <man7/cdist-type__package_apk>
__package_apt <man7/cdist-type__package_apt>
__package_dpkg <man7/cdist-type__package_dpkg>
__package_emerge <man7/cdist-type__package_emerge>
__package_emerge_dependencies <man7/cdist-type__package_emerge_dependencies>
__package_luarocks <man7/cdist-type__package_luarocks>
__package_opkg <man7/cdist-type__package_opkg>
__package_pacman <man7/cdist-type__package_pacman>
__package_pip <man7/cdist-type__package_pip>
__package_pkg_freebsd <man7/cdist-type__package_pkg_freebsd>
__package_pkg_openbsd <man7/cdist-type__package_pkg_openbsd>
__package_pkgng_freebsd <man7/cdist-type__package_pkgng_freebsd>
__package_rubygem <man7/cdist-type__package_rubygem>
__package_update_index <man7/cdist-type__package_update_index>
__package_upgrade_all <man7/cdist-type__package_upgrade_all>
__package_yum <man7/cdist-type__package_yum>
__package_zypper <man7/cdist-type__package_zypper>
__pacman_conf <man7/cdist-type__pacman_conf>
__pacman_conf_integrate <man7/cdist-type__pacman_conf_integrate>
__pf_apply_anchor <man7/cdist-type__pf_apply_anchor>
__pf_ruleset <man7/cdist-type__pf_ruleset>
__ping <man7/cdist-type__ping>
__postfix <man7/cdist-type__postfix>
__postfix_master <man7/cdist-type__postfix_master>
__postfix_postconf <man7/cdist-type__postfix_postconf>
__postfix_postmap <man7/cdist-type__postfix_postmap>
__postfix_reload <man7/cdist-type__postfix_reload>
__postgres_conf <man7/cdist-type__postgres_conf>
__postgres_database <man7/cdist-type__postgres_database>
__postgres_extension <man7/cdist-type__postgres_extension>
__postgres_role <man7/cdist-type__postgres_role>
__process <man7/cdist-type__process>
__prometheus_alertmanager <man7/cdist-type__prometheus_alertmanager>
__prometheus_exporter <man7/cdist-type__prometheus_exporter>
__prometheus_server <man7/cdist-type__prometheus_server>
__pyvenv <man7/cdist-type__pyvenv>
__qemu_img <man7/cdist-type__qemu_img>
__rbenv <man7/cdist-type__rbenv>
__rsync <man7/cdist-type__rsync>
__rvm <man7/cdist-type__rvm>
__rvm_gem <man7/cdist-type__rvm_gem>
__rvm_gemset <man7/cdist-type__rvm_gemset>
__rvm_ruby <man7/cdist-type__rvm_ruby>
__sed <man7/cdist-type__sed>
__sensible_editor <man7/cdist-type__sensible_editor>
__service <man7/cdist-type__service>
__snakeoil_cert <man7/cdist-type__snakeoil_cert>
__ssh_authorized_key <man7/cdist-type__ssh_authorized_key>
__ssh_authorized_keys <man7/cdist-type__ssh_authorized_keys>
__ssh_dot_ssh <man7/cdist-type__ssh_dot_ssh>
__sshd_config <man7/cdist-type__sshd_config>
__staged_file <man7/cdist-type__staged_file>
__start_on_boot <man7/cdist-type__start_on_boot>
__sysctl <man7/cdist-type__sysctl>
__systemd_service <man7/cdist-type__systemd_service>
__systemd_unit <man7/cdist-type__systemd_unit>
__timezone <man7/cdist-type__timezone>
__uci <man7/cdist-type__uci>
__uci_section <man7/cdist-type__uci_section>
__ufw <man7/cdist-type__ufw>
__ufw_rule <man7/cdist-type__ufw_rule>
__unpack <man7/cdist-type__unpack>
__update_alternatives <man7/cdist-type__update_alternatives>
__user <man7/cdist-type__user>
__user_groups <man7/cdist-type__user_groups>
__xymon_apache <man7/cdist-type__xymon_apache>
__xymon_client <man7/cdist-type__xymon_client>
__xymon_config <man7/cdist-type__xymon_config>
__xymon_server <man7/cdist-type__xymon_server>
__yum_repo <man7/cdist-type__yum_repo>
__zypper_repo <man7/cdist-type__zypper_repo>
__zypper_service <man7/cdist-type__zypper_service>

View file

@ -0,0 +1,188 @@
How to upgrade cdist
====================
Update the git installation
---------------------------
To upgrade cdist in the current branch use
.. code-block:: sh
git pull
# Also update the manpages
make man
export MANPATH=$MANPATH:$(pwd -P)/doc/man
If you stay on a version branch (i.e. 1.0, 1.1., ...), nothing should break.
The master branch on the other hand is the development branch and may not be
working, break your setup or eat the tree in your garden.
Safely upgrading to new versions
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To upgrade to **any** further cdist version, you can take the
following procedure to do a safe upgrade:
.. code-block:: sh
# Create new branch to try out the update
git checkout -b upgrade_cdist
# Get latest cdist version in git database
git fetch -v
# see what will happen on merge - replace
# master with the branch you plan to merge
git diff upgrade_cdist..origin/master
# Merge the new version
git merge origin/master
Now you can ensure all custom types work with the new version.
Assume that you need to go back to an older version during
the migration/update, you can do so as follows:
.. code-block:: sh
# commit changes
git commit -m ...
# go back to original branch
git checkout master
After that, you can go back and continue the upgrade:
.. code-block:: sh
# git checkout upgrade_cdist
Update the python package
-------------------------
To upgrade to the latest version do
.. code-block:: sh
pip install --upgrade cdist
General update instructions
---------------------------
Updating from 3.0 to 3.1
~~~~~~~~~~~~~~~~~~~~~~~~
The type **\_\_ssh_authorized_keys** now also manages existing keys,
not only the ones added by cdist.
Updating from 2.3 to 3.0
~~~~~~~~~~~~~~~~~~~~~~~~
The **changed** attribute of objects has been removed.
Use `messaging </software/cdist/man/3.0.0/man7/cdist-messaging.html>`_ instead.
Updating from 2.2 to 2.3
~~~~~~~~~~~~~~~~~~~~~~~~
No incompatibilities.
Updating from 2.1 to 2.2
~~~~~~~~~~~~~~~~~~~~~~~~
Starting with 2.2, the syntax for requiring a singleton type changed:
Old format:
.. code-block:: sh
require="__singleton_type/singleton" ...
New format:
.. code-block:: sh
require="__singleton_type" ...
Internally the "singleton" object id was dropped to make life more easy.
You can probably fix your configuration by running the following code
snippet (currently untested, please report back if it works for you):
.. code-block:: sh
find ~/.cdist/* -type f -exec sed -i 's,/singleton,,' {} \;
Updating from 2.0 to 2.1
~~~~~~~~~~~~~~~~~~~~~~~~
Have a look at the update guide for [[2.0 to 2.1|2.0-to-2.1]].
* Type **\_\_package* and \_\_process** use --state **present** or **absent**.
The states **removed/installed** and **stopped/running** have been removed.
Support for the new states is already present in 2.0.
* Type **\_\_directory**: Parameter --parents and --recursive are now boolean
The old "yes/no" values need to be removed.
* Type **\_\_rvm_ruby**: Parameter --default is now boolean
The old "yes/no" values need to be removed.
* Type **\_\_rvm_gemset**: Parameter --default is now boolean
The old "yes/no" values need to be removed.
* Type **\_\_addifnosuchline** and **\_\_removeline** have been replaced by **\_\_line**
* The **conf** directory is now located at **cdist/conf**.
You need to migrate your types, explorers and manifests
manually to the new location.
* Replace the variable **\_\_self** by **\_\_object_name**
Support for the variable **\_\_object_name** is already present in 2.0.
* The types **\_\_autofs**, **\_\_autofs_map** and **\_\_autofs_reload** have been removed
(no maintainer, no users)
* Type **\_\_user**: Parameter --groups removed (use the new \_\_user_groups type)
* Type **\_\_ssh_authorized_key** has been replaced by more flexible type
**\_\_ssh_authorized_keys**
Updating from 1.7 to 2.0
~~~~~~~~~~~~~~~~~~~~~~~~
* Ensure python (>= 3.2) is installed on the source host
* Use "cdist config host" instead of "cdist-deploy-to host"
* Use "cdist config -p host1 host2" instead of "cdist-mass-deploy"
* Use "cdist banner" for fun
* Use **\_\_object_name** instead of **\_\_self** in manifests
Updating from 1.6 to 1.7
~~~~~~~~~~~~~~~~~~~~~~~~
* If you used the global explorer **hardware_type**, you need to change
your code to use **machine** instead.
Updating from 1.5 to 1.6
~~~~~~~~~~~~~~~~~~~~~~~~
* If you used **\_\_package_apt --preseed**, you need to use the new
type **\_\_debconf_set_selections** instead.
* The **\_\_package** types accepted either --state deinstalled or
--state uninstalled. Starting with 1.6, it was made consistently
to --state removed.
Updating from 1.3 to 1.5
~~~~~~~~~~~~~~~~~~~~~~~~
No incompatibilities.
Updating from 1.2 to 1.3
~~~~~~~~~~~~~~~~~~~~~~~~
Rename **gencode** of every type to **gencode-remote**.
Updating from 1.1 to 1.2
~~~~~~~~~~~~~~~~~~~~~~~~
No incompatibilities.
Updating from 1.0 to 1.1
~~~~~~~~~~~~~~~~~~~~~~~~
In 1.1 the type **\_\_file** was split into **\_\_directory**, **\_\_file** and
**\_\_link**. The parameter **--type** was removed from **\_\_file**. Thus you
need to replace **\_\_file** calls in your manifests:
* Remove --type from all \_\_file calls
* If type was symlink, use \_\_link and --type symbolic
* If type was directory, use \_\_directory

View file

@ -0,0 +1,72 @@
Why should I use cdist?
=======================
There are several motivations to use cdist, these
are probably the most popular ones.
Known language
--------------
Cdist is being configured in
`shell script <https://en.wikipedia.org/wiki/Shell_script>`_.
Shell script is used by UNIX system engineers for decades.
So when cdist is introduced, your staff does not need to learn a new
`DSL <https://en.wikipedia.org/wiki/Domain-specific_language>`_
or programming language.
Powerful language
-----------------
Not only is shell scripting widely known by system engineers,
but it is also a very powerful language. Here are some features
which make daily work easy:
* Configuration can react dynamically on explored values
* High level string manipulation (using sed, awk, grep)
* Conditional support (**if, case**)
* Loop support (**for, while**)
* Support for dependencies between cdist types
More than shell scripting
-------------------------
If you compare regular shell scripting with cdist, there is one major
difference: When using cdist types,
the results are
`idempotent <https://en.wikipedia.org/wiki/Idempotence>`_.
In practise that means it does not matter in which order you
call cdist types, the result is always the same.
Zero dependency configuration management
----------------------------------------
Cdist requires very little on a target system. Even better,
in almost all cases all dependencies are usually fulfilled.
Cdist does not require an agent or high level programming
languages on the target host: it will run on any host that
has a **ssh server running** and a POSIX compatible shell
(**/bin/sh**). Compared to other configuration management systems,
it does not require to open up an additional port.
Push based distribution
-----------------------
Cdist uses the push based model for configuration. In this
scenario, one (or more) computers connect to the target hosts
and apply the configuration. That way the source host has
very little requirements: Cdist can even run on a sysadmin
notebook that is loosely connected to the network and has
limited amount of resources.
Furthermore, from a security point of view, only one machine
needs access to the target hosts. No target hosts will ever
need to connect back to the source host, which contains the
full configuration.
Highly scalable
---------------
If at some point you manage more hosts than can be handled from
a single source host, you can simply add more resources: Either
add more cores to one host or add hosts.
Cdist will utilise the given resources in parallel.

View file

@ -0,0 +1,46 @@
cdist - usable configuration management
=======================================
cdist is a usable configuration management system.
It adheres to the KISS principle and
is being used in small up to enterprise grade environments.
It natively supports IPv6 since the first release.
.. toctree::
:maxdepth: 3
:glob:
:numbered:
:hidden:
cdist-why
cdist-features
cdist-os
cdist-install
cdist-upgrade
cdist-support
cdist-quickstart
cdist-real-world
man1/cdist
man1/cdist-dump
man1/cdist-new-type
cdist-bootstrap
cdist-configuration
cdist-manifest
cdist-type
cdist-types
cdist-explorer
cdist-messaging
cdist-parallelization
cdist-inventory
cdist-preos
cdist-scan
cdist-integration
cdist-reference
cdist-best-practice
cdist-stages
cdist-cache
cdist-saving-output-streams
cdist-remote-exec-copy
cdist-hacker
cdist-troubleshooting

View file

@ -0,0 +1,110 @@
cdist-dump(1)
=============
NAME
----
cdist-dump - Dump data from local cdist cache
SYNOPSIS
--------
::
cdist-dump [options] [host...]
DESCRIPTION
-----------
cdist-dump is a helper script that dumps data from local cdist cache for
specified hosts. If host is not specified then all data from cache directory
is dumped. Default cache directory is '~/.cdist/cache'.
cdist-dump can be used for debugging existing types, host configuration and
new types.
OPTIONS
-------
**-a**
dump all
**-C CACHE-DIR**
use specified CACHE-DIR (default: ~/.cdist/cache)
**-c**
dump code-*
**-d DELIMITER**
delimiter used for filename and line number prefix (default: ':')
**-E**
dump global explorers
**-e**
dump type explorers
**-F**
disable filename prefix (enabled by default)
**-f**
enable filename prefix (default)
**-g**
dump gencode-*
**-h**
show this help screen and exit
**-L**
disable line number prefix (default)
**-l**
enable line number prefix (disabled by default)
**-m**
dump messages
**-o**
dump executions' stdout
**-p**
dump parameters
**-r**
dump executions' stderr
**-V**
show version and exit
**-v**
increase verbosity
EXAMPLES
--------
.. code-block:: sh
# Dump all
% cdist-dump -a
# Dump only code-* output
% cdist-dump -c
SEE ALSO
--------
:strong:`cdist`\ (1)
AUTHORS
-------
Darko Poljak <darko.poljak--@--ungleich.ch>
COPYING
-------
Copyright \(C) 2019 Darko Poljak. Free use of this software is
granted under the terms of the GNU General Public License v3 or later (GPLv3+).

View file

@ -0,0 +1,74 @@
cdist-new-type(1)
=================
NAME
----
cdist-new-type - Create new type skeleton
SYNOPSIS
--------
::
cdist-new-type TYPE-NAME AUTHOR-NAME AUTHOR-EMAIL [TYPE-BASE-PATH]
DESCRIPTION
-----------
cdist-new-type is a helper script that creates new type skeleton.
It is then up to the type author to finish the type.
It creates skeletons for the following files:
* man.rst
* manifest
* gencode-remote.
Upon creation it prints the path to the newly created type directory.
ARGUMENTS
---------
**TYPE-NAME**
Name of the new type.
**AUTHOR-NAME**
Type author's full name.
**AUTHOR-NAME**
Type author's email.
**TYPE-BASE-PATH**
Path to the base directory of the type. If not set it defaults
to '$PWD/type'.
EXAMPLES
--------
.. code-block:: sh
# Create new type __foo in ~/.cdist directory.
$ cd ~/.cdist
$ cdist-new-type '__foo' 'Foo Bar' 'foo.bar at foobar.org'
/home/foo/.cdist/type/__foo
SEE ALSO
--------
:strong:`cdist`\ (1)
AUTHORS
-------
| Steven Armstrong <steven-cdist--@--armstrong.cc>
| Darko Poljak <darko.poljak--@--ungleich.ch>
COPYING
-------
Copyright \(C) 2019 Steven Armstrong, Darko Poljak. Free use of this software is
granted under the terms of the GNU General Public License v3 or later (GPLv3+).

View file

@ -0,0 +1,991 @@
cdist(1)
========
NAME
----
cdist - Usable Configuration Management
SYNOPSIS
--------
::
cdist [-h] [-V] {banner,config,install,inventory,preos,shell,info} ...
cdist banner [-h] [-l LOGLEVEL] [-q] [-v]
cdist config [-h] [-l LOGLEVEL] [-q] [-v] [-b] [--colors WHEN]
[-g CONFIG_FILE] [-4] [-6] [-C CACHE_PATH_PATTERN]
[-c CONF_DIR] [-i MANIFEST] [-j [JOBS]] [--log-server]
[-n] [-o OUT_PATH] [-P] [-R [{tar,tgz,tbz2,txz}]]
[-r REMOTE_OUT_PATH] [--remote-copy REMOTE_COPY]
[--remote-exec REMOTE_EXEC] [-S] [-I INVENTORY_DIR] [-A]
[-a] [-f HOSTFILE] [-p [HOST_MAX]] [-s] [-t]
[host [host ...]]
cdist install [-h] [-l LOGLEVEL] [-q] [-v] [-b] [--colors WHEN]
[-g CONFIG_FILE] [-4] [-6] [-C CACHE_PATH_PATTERN]
[-c CONF_DIR] [-i MANIFEST] [-j [JOBS]] [--log-server]
[-n] [-o OUT_PATH] [-P] [-R [{tar,tgz,tbz2,txz}]]
[-r REMOTE_OUT_PATH] [--remote-copy REMOTE_COPY]
[--remote-exec REMOTE_EXEC] [-S] [-I INVENTORY_DIR] [-A]
[-a] [-f HOSTFILE] [-p [HOST_MAX]] [-s] [-t]
[host [host ...]]
cdist inventory [-h] {add-host,add-tag,del-host,del-tag,list} ...
cdist inventory add-host [-h] [-l LOGLEVEL] [-q] [-v] [-b] [--colors WHEN]
[-g CONFIG_FILE] [-I INVENTORY_DIR] [-f HOSTFILE]
[host [host ...]]
cdist inventory add-tag [-h] [-l LOGLEVEL] [-q] [-v] [-b] [--colors WHEN]
[-g CONFIG_FILE] [-I INVENTORY_DIR] [-f HOSTFILE]
[-T TAGFILE] [-t TAGLIST]
[host [host ...]]
cdist inventory del-host [-h] [-l LOGLEVEL] [-q] [-v] [-b] [--colors WHEN]
[-g CONFIG_FILE] [-I INVENTORY_DIR] [-a]
[-f HOSTFILE]
[host [host ...]]
cdist inventory del-tag [-h] [-l LOGLEVEL] [-q] [-v] [-b] [--colors WHEN]
[-g CONFIG_FILE] [-I INVENTORY_DIR] [-a]
[-f HOSTFILE] [-T TAGFILE] [-t TAGLIST]
[host [host ...]]
cdist inventory list [-h] [-l LOGLEVEL] [-q] [-v] [-b] [--colors WHEN]
[-g CONFIG_FILE] [-I INVENTORY_DIR] [-a] [-f HOSTFILE]
[-H] [-t]
[host [host ...]]
cdist preos [-h] [-l LOGLEVEL] [-q] [-v] [-c CONF_DIR] [-g CONFIG_FILE] [-L]
[preos] ...
cdist preos [preos-options] debian [-h] [-l LOGLEVEL] [-q] [-v] [-b] [-a ARCH] [-B]
[-C] [-c CDIST_PARAMS] [-D DRIVE] [-e REMOTE_EXEC]
[-i MANIFEST] [-k KEYFILE ] [-m MIRROR]
[-P ROOT_PASSWORD] [-p PXE_BOOT_DIR] [-r]
[-S SCRIPT] [-s SUITE] [-y REMOTE_COPY]
target_dir
cdist preos [preos-options] devuan [-h] [-l LOGLEVEL] [-q] [-v] [-b] [-a ARCH] [-B]
[-C] [-c CDIST_PARAMS] [-D DRIVE] [-e REMOTE_EXEC]
[-i MANIFEST] [-k KEYFILE ] [-m MIRROR]
[-P ROOT_PASSWORD] [-p PXE_BOOT_DIR] [-r]
[-S SCRIPT] [-s SUITE] [-y REMOTE_COPY]
target_dir
cdist preos [preos-options] ubuntu [-h] [-l LOGLEVEL] [-q] [-v] [-b] [-a ARCH] [-B]
[-C] [-c CDIST_PARAMS] [-D DRIVE] [-e REMOTE_EXEC]
[-i MANIFEST] [-k KEYFILE ] [-m MIRROR]
[-P ROOT_PASSWORD] [-p PXE_BOOT_DIR] [-r]
[-S SCRIPT] [-s SUITE] [-y REMOTE_COPY]
target_dir
cdist shell [-h] [-l LOGLEVEL] [-q] [-v] [--colors WHEN] [-s SHELL]
cdist info [-h] [-a] [-c CONF_DIR] [-e] [-F] [-f] [-g CONFIG_FILE] [-t]
[pattern]
cdist scan -I INTERFACE [--m MODE] [--name-mapper PATH_TO_SCRIPT] [--list]
[-d CONFIG_DELAY] [-t TRIGGER_DELAY]
DESCRIPTION
-----------
cdist is the frontend executable to the cdist configuration management.
It supports different subcommands as explained below.
It is written in Python so it requires :strong:`python`\ (1) to be installed.
It requires a minimal Python version 3.5.
GENERAL
-------
All commands accept the following options:
**-h, --help**
Show the help screen.
**--colors WHEN**
Colorize cdist's output. If enabled, cdist will use different colors for
different log levels.
WHEN recognizes the values 'always', 'never', and 'auto' (the default).
If the value is 'auto', colored output is enabled if stdout is a TTY
unless the NO_COLOR (https://no-color.org/) environment variable is defined.
**-l LOGLEVEL, --log-level LOGLEVEL**
Set the specified verbosity level. The levels, in
order from the lowest to the highest, are: ERROR (-1),
WARNING (0), INFO (1), VERBOSE (2), DEBUG (3), TRACE (4
or higher). If used along with -v then -v increases
last set value and -l overwrites last set value.
**-q, --quiet**
Quiet mode: disables logging, including WARNING and ERROR.
**-v, --verbose**
Increase the verbosity level. Every instance of -v
increments the verbosity level by one. Its default
value is 0 which includes ERROR and WARNING levels.
The levels, in order from the lowest to the highest,
are: ERROR (-1), WARNING (0), INFO (1), VERBOSE (2),
DEBUG (3), TRACE (4 or higher). If used along with -l
then -l overwrites last set value and -v increases
last set value.
**-V, --version**
Show version and exit.
BANNER
------
Displays the cdist banner. Useful for printing
cdist posters - a must have for every office.
CONFIG/INSTALL
--------------
Configure/install one or more hosts.
Install command is currently in beta.
**-4, --force-ipv4**
Force to use IPv4 addresses only. No influence for
custom remote commands.
**-6, --force-ipv6**
Force to use IPv6 addresses only. No influence for
custom remote commands.
**-A, --all-tagged**
Use all hosts present in tags db. Currently in beta.
**-a, --all**
List hosts that have all specified tags, if -t/--tag
is specified.
**-b, --beta**
Enable beta functionality.
**-C CACHE_PATH_PATTERN, --cache-path-pattern CACHE_PATH_PATTERN**
Specify custom cache path pattern. If it is not set then
default hostdir is used. For more info on format see
:strong:`CACHE PATH PATTERN FORMAT` below.
**-c CONF_DIR, --conf-dir CONF_DIR**
Add a configuration directory. Can be specified multiple times.
If configuration directories contain conflicting types, explorers or
manifests, then the last one found is used.
**-f HOSTFILE, --file HOSTFILE**
Read specified file for a list of additional hosts to operate on
or if '-' is given, read stdin (one host per line). For the file
format see :strong:`HOSTFILE FORMAT` below.
**-g CONFIG_FILE, --config-file CONFIG_FILE**
Use specified custom configuration file.
**-I INVENTORY_DIR, --inventory INVENTORY_DIR**
Use specified custom inventory directory. Inventory
directory is set up by the following rules: if cdist
configuration resolves this value then specified
directory is used, if HOME env var is set then
~/.cdit/inventory is used, otherwise distribution
inventory directory is used.
**-i MANIFEST, --initial-manifest MANIFEST**
Path to a cdist manifest or - to read from stdin.
**-j [JOBS], --jobs [JOBS]**
Operate in parallel in specified maximum number of
jobs. Global explorers, object prepare and object run
are supported. Without argument CPU count is used by
default.
**--log-server**
Start a log server for sub processes to use. This is
mainly useful when running cdist nested from a code-
local script. Log server is always implicitly started
for 'install' command.
**-n, --dry-run**
Do not execute code.
**-o OUT_PATH, --out-dir OUT_PATH**
Directory to save cdist output in.
**-P, --timestamp**
Timestamp log messages with the current local date and time
in the format: YYYYMMDDHHMMSS.us.
**-p [HOST_MAX], --parallel [HOST_MAX]**
Operate on multiple hosts in parallel for specified
maximum hosts at a time. Without argument CPU count is
used by default.
**-R [{tar,tgz,tbz2,txz}], --use-archiving [{tar,tgz,tbz2,txz}]**
Operate by using archiving with compression where
appropriate. Supported values are: tar - tar archive,
tgz - gzip tar archive (the default), tbz2 - bzip2 tar
archive and txz - lzma tar archive. Currently in beta.
**-r REMOTE_OUT_PATH, --remote-out-dir REMOTE_OUT_PATH**
Directory to save cdist output in on the target host.
**-S, --disable-saving-output-streams**
Disable saving output streams.
**-s, --sequential**
Operate on multiple hosts sequentially (default).
**--remote-copy REMOTE_COPY**
Command to use for remote copy (should behave like scp).
**--remote-exec REMOTE_EXEC**
Command to use for remote execution (should behave like ssh).
**-t, --tag**
Host is specified by tag, not hostname/address; list
all hosts that contain any of specified tags.
Currently in beta.
HOSTFILE FORMAT
~~~~~~~~~~~~~~~
The HOSTFILE contains one host per line.
A comment is started with '#' and continues to the end of the line.
Any leading and trailing whitespace on a line is ignored.
Empty lines are ignored/skipped.
The Hostfile lines are processed as follows. First, all comments are
removed. Then all leading and trailing whitespace characters are stripped.
If such a line results in empty line it is ignored/skipped. Otherwise,
host string is used.
CACHE PATH PATTERN FORMAT
~~~~~~~~~~~~~~~~~~~~~~~~~
Cache path pattern specifies path for a cache directory subdirectory.
In the path, '%N' will be substituted by the target host, '%h' will
be substituted by the calculated host directory, '%P' will be substituted
by the current process id. All format codes that
:strong:`python` :strong:`datetime.strftime()` function supports, except
'%h', are supported. These date/time directives format cdist config/install
start time.
If empty pattern is specified then default calculated host directory
is used.
Calculated host directory is a hash of a host cdist operates on.
Resulting path is used to specify cache path subdirectory under which
current host cache data are saved.
INVENTORY
---------
Manage inventory database.
Currently in beta with all sub-commands.
INVENTORY ADD-HOST
------------------
Add host(s) to inventory database.
**host**
Host(s) to add.
**-b, --beta**
Enable beta functionality.
**-f HOSTFILE, --file HOSTFILE**
Read additional hosts to add from specified file or
from stdin if '-' (each host on separate line).
Hostfile format is the same as config hostfile format.
**-g CONFIG_FILE, --config-file CONFIG_FILE**
Use specified custom configuration file.
**-I INVENTORY_DIR, --inventory INVENTORY_DIR**
Use specified custom inventory directory. Inventory
directory is set up by the following rules: if cdist
configuration resolves this value then specified
directory is used, if HOME env var is set then
~/.cdit/inventory is used, otherwise distribution
inventory directory is used.
INVENTORY ADD-TAG
-----------------
Add tag(s) to inventory database.
**host**
List of host(s) for which tags are added.
**-b, --beta**
Enable beta functionality.
**-f HOSTFILE, --file HOSTFILE**
Read additional hosts to add tags from specified file
or from stdin if '-' (each host on separate line).
Hostfile format is the same as config hostfile format.
**-g CONFIG_FILE, --config-file CONFIG_FILE**
Use specified custom configuration file.
**-I INVENTORY_DIR, --inventory INVENTORY_DIR**
Use specified custom inventory directory. Inventory
directory is set up by the following rules: if cdist
configuration resolves this value then specified
directory is used, if HOME env var is set then
~/.cdit/inventory is used, otherwise distribution
inventory directory is used.
**-T TAGFILE, --tag-file TAGFILE**
Read additional tags to add from specified file or
from stdin if '-' (each tag on separate line).
Tagfile format is the same as config hostfile format.
**-t TAGLIST, --taglist TAGLIST**
Tag list to be added for specified host(s), comma
separated values.
INVENTORY DEL-HOST
------------------
Delete host(s) from inventory database.
**host**
Host(s) to delete.
**-a, --all**
Delete all hosts.
**-b, --beta**
Enable beta functionality.
**-f HOSTFILE, --file HOSTFILE**
Read additional hosts to delete from specified file or
from stdin if '-' (each host on separate line).
Hostfile format is the same as config hostfile format.
**-g CONFIG_FILE, --config-file CONFIG_FILE**
Use specified custom configuration file.
**-I INVENTORY_DIR, --inventory INVENTORY_DIR**
Use specified custom inventory directory. Inventory
directory is set up by the following rules: if cdist
configuration resolves this value then specified
directory is used, if HOME env var is set then
~/.cdit/inventory is used, otherwise distribution
inventory directory is used.
INVENTORY DEL-TAG
-----------------
Delete tag(s) from inventory database.
**host**
List of host(s) for which tags are deleted.
**-a, --all**
Delete all tags for specified host(s).
**-b, --beta**
Enable beta functionality.
**-f HOSTFILE, --file HOSTFILE**
Read additional hosts to delete tags for from
specified file or from stdin if '-' (each host on
separate line). Hostfile format is the same as
config hostfile format.
**-g CONFIG_FILE, --config-file CONFIG_FILE**
Use specified custom configuration file.
**-I INVENTORY_DIR, --inventory INVENTORY_DIR**
Use specified custom inventory directory. Inventory
directory is set up by the following rules: if cdist
configuration resolves this value then specified
directory is used, if HOME env var is set then
~/.cdit/inventory is used, otherwise distribution
inventory directory is used.
**-T TAGFILE, --tag-file TAGFILE**
Read additional tags from specified file or from stdin
if '-' (each tag on separate line).
Tagfile format is the same as config hostfile format.
**-t TAGLIST, --taglist TAGLIST**
Tag list to be deleted for specified host(s), comma
separated values.
INVENTORY LIST
--------------
List inventory database.
**host**
Host(s) to list.
**-a, --all**
List hosts that have all specified tags, if -t/--tag
is specified.
**-b, --beta**
Enable beta functionality.
**-f HOSTFILE, --file HOSTFILE**
Read additional hosts to list from specified file or
from stdin if '-' (each host on separate line). If no
host or host file is specified then, by default, list
all. Hostfile format is the same as config hostfile format.
**-g CONFIG_FILE, --config-file CONFIG_FILE**
Use specified custom configuration file.
**-H, --host-only**
Suppress tags listing.
**-I INVENTORY_DIR, --inventory INVENTORY_DIR**
Use specified custom inventory directory. Inventory
directory is set up by the following rules: if cdist
configuration resolves this value then specified
directory is used, if HOME env var is set then
~/.cdit/inventory is used, otherwise distribution
inventory directory is used.
**-t, --tag**
Host is specified by tag, not hostname/address; list
all hosts that contain any of specified tags.
PREOS
-----
Create PreOS.
**-c CONF_DIR, --conf-dir CONF_DIR**
Add configuration directory (one that contains "preos" subdirectory).
**-g CONFIG_FILE, --config-file CONFIG_FILE**
Use specified custom configuration file.
**-L, --list-preoses**
List available PreOS-es.
Currently, the following PreOS-es are supported:
* debian
* ubuntu
* devuan
PREOS DEBIAN/DEVUAN
-------------------
**target_dir**
target directory where PreOS will be bootstrapped
**-a ARCH, --arch ARCH**
target debootstrap architecture, by default 'amd64'
**-B, --bootstrap**
do bootstrap step
**-b, --beta**
Enable beta functionality.
**-C, --configure**
do configure step
**-c CDIST_PARAMS, --cdist-params CDIST_PARAMS**
parameters that will be passed to cdist config, by
default '-v' is used
**-D DRIVE, --drive-boot DRIVE**
create bootable PreOS on specified drive
**-e REMOTE_EXEC, --remote-exec REMOTE_EXEC**
remote exec that cdist config will use, by default
internal script is used
**-i MANIFEST, --init-manifest MANIFEST**
init manifest that cdist config will use, by default
internal init manifest is used
**-k KEYFILE, --keyfile KEYFILE**
ssh key files that will be added to cdist config;
'``__ssh_authorized_keys root ...``' type is appended to initial manifest
**-m MIRROR, --mirror MIRROR**
use specified mirror for debootstrap
**-P ROOT_PASSWORD, --root-password ROOT_PASSWORD**
Set specified password for root, generated by default
**-p PXE_BOOT_DIR, --pxe-boot-dir PXE_BOOT_DIR**
PXE boot directory
**-r, --rm-bootstrap-dir**
remove target directory after finishing
**-S SCRIPT, --script SCRIPT**
use specified script for debootstrap
**-s SUITE, --suite SUITE**
suite used for debootstrap, by default 'stable'
**-y REMOTE_COPY, --remote-copy REMOTE_COPY**
remote copy that cdist config will use, by default
internal script is used
PREOS UBUNTU
------------
**target_dir**
target directory where PreOS will be bootstrapped
**-a ARCH, --arch ARCH**
target debootstrap architecture, by default 'amd64'
**-B, --bootstrap**
do bootstrap step
**-b, --beta**
Enable beta functionality.
**-C, --configure**
do configure step
**-c CDIST_PARAMS, --cdist-params CDIST_PARAMS**
parameters that will be passed to cdist config, by
default '-v' is used
**-D DRIVE, --drive-boot DRIVE**
create bootable PreOS on specified drive
**-e REMOTE_EXEC, --remote-exec REMOTE_EXEC**
remote exec that cdist config will use, by default
internal script is used
**-i MANIFEST, --init-manifest MANIFEST**
init manifest that cdist config will use, by default
internal init manifest is used
**-k KEYFILE, --keyfile KEYFILE**
ssh key files that will be added to cdist config;
'``__ssh_authorized_keys root ...``' type is appended to initial manifest
**-m MIRROR, --mirror MIRROR**
use specified mirror for debootstrap
**-P ROOT_PASSWORD, --root-password ROOT_PASSWORD**
Set specified password for root, generated by default
**-p PXE_BOOT_DIR, --pxe-boot-dir PXE_BOOT_DIR**
PXE boot directory
**-r, --rm-bootstrap-dir**
remove target directory after finishing
**-S SCRIPT, --script SCRIPT**
use specified script for debootstrap
**-s SUITE, --suite SUITE**
suite used for debootstrap, by default 'xenial'
**-y REMOTE_COPY, --remote-copy REMOTE_COPY**
remote copy that cdist config will use, by default
internal script is used
SHELL
-----
This command allows you to spawn a shell that enables access
to the types as commands. It can be thought as an
"interactive manifest" environment. See below for example
usage. Its primary use is for debugging type parameters.
**-s SHELL, --shell SHELL**
Select shell to use, defaults to current shell. Used shell should
be POSIX compatible shell.
INFO
----
Display information for cdist (global explorers, types).
**pattern**
Glob pattern. If it contains special characters('?', '*', '[') then it is
used as specified, otherwise it is translated to `*pattern*`.
**-h, --help**
Show help message and exit.
**-a, --all**
Display all info. This is the default.
**-c CONF_DIR, --conf-dir CONF_DIR**
Add configuration directory (can be repeated).
**-e, --global-explorers**
Display info for global explorers.
**-F, --fixed-string**
Interpret pattern as a fixed string.
**-f, --full**
Display full details.
**-g CONFIG_FILE, --config-file CONFIG_FILE**
Use specified custom configuration file.
**-t, --types**
Display info for types.
SCAN
----
Runs cdist as a daemon that discover/watch on hosts and reconfigure them
periodically.
**-I INTERFACE, --interfaces INTERFACE**
Interface to listen on. Can be specified multiple times.
**-m MODE, --mode MODE**
Scanner components to enable. Can be specified multiple time to enable more
than one component. Supported modes are: scan, trigger and config. Defaults
to tiggger and scan.
**--name-mapper PATH_TO_SCRIPT**
Path to script used to resolve a remote host name from an IPv6 address.
**--list**
List known hosts and exit.
**-d CONFIG_DELAY, --config-delay CONFIG_DELAY**
How long (seconds) to wait before reconfiguring after last try (config mode only).
**-t TRIGGER_DELAY, --tigger-delay TRIGGER_DELAY**
How long (seconds) to wait between ICMPv6 echo requests (trigger mode only).
CONFIGURATION
-------------
cdist obtains configuration data from the following sources in the following
order (from higher to lower precedence):
#. command-line options
#. configuration file specified at command-line
#. configuration file specified in CDIST_CONFIG_FILE environment variable
#. environment variables
#. user's configuration file (first one found of ~/.cdist.cfg, $XDG_CONFIG_HOME/cdist/cdist.cfg, in specified order)
#. system-wide configuration file (/etc/cdist.cfg).
CONFIGURATION FILE FORMAT
~~~~~~~~~~~~~~~~~~~~~~~~~
cdist configuration file is in the INI file format. Currently it supports
only [GLOBAL] section.
The possible keywords and their meanings are as follows:
:strong:`archiving`
Use specified archiving. Valid values include:
'none', 'tar', 'tgz', 'tbz2' and 'txz'.
:strong:`beta`
Enable beta functionality. It recognizes boolean values from
'yes'/'no', 'on'/'off', 'true'/'false' and '1'/'0'.
:strong:`cache_path_pattern`
Specify cache path pattern.
:strong:`colored_output`
Colorize cdist's output. cf. the :code:`--colors` option.
:strong:`conf_dir`
List of configuration directories separated with the character conventionally
used by the operating system to separate search path components (as in PATH),
such as ':' for POSIX or ';' for Windows.
If also specified at command line then values from command line are
appended to this value.
:strong:`init_manifest`
Specify default initial manifest.
:strong:`inventory_dir`
Specify inventory directory.
:strong:`jobs`
Specify number of jobs for parallel processing. If -1 then the default,
number of CPU's in the system is used. If 0 then parallel processing in
jobs is disabled. If set to positive number then specified maximum
number of processes will be used.
:strong:`local_shell`
Shell command used for local execution.
:strong:`out_path`
Directory to save cdist output in.
:strong:`parallel`
Process hosts in parallel. If -1 then the default, number of CPU's in
the system is used. If 0 then parallel processing of hosts is disabled.
If set to positive number then specified maximum number of processes
will be used.
:strong:`remote_copy`
Command to use for remote copy (should behave like scp).
:strong:`remote_exec`
Command to use for remote execution (should behave like ssh).
:strong:`remote_out_path`
Directory to save cdist output in on the target host.
:strong:`remote_shell`
Shell command at remote host used for remote execution.
:strong:`save_output_streams`
Enable/disable saving output streams (enabled by default).
It recognizes boolean values from 'yes'/'no', 'on'/'off', 'true'/'false'
and '1'/'0'.
:strong:`timestamp`
Timestamp log messages with the current local date and time
in the format: YYYYMMDDHHMMSS.us.
:strong:`verbosity`
Set verbosity level. Valid values are:
'ERROR', 'WARNING', 'INFO', 'VERBOSE', 'DEBUG', 'TRACE' and 'OFF'.
FILES
-----
~/.cdist
Your personal cdist config directory. If exists it will be
automatically used.
~/.cdist/cache
Local cache directory.
~/.cdist/inventory
The home inventory directory. If ~/.cdist exists it will be used as
default inventory directory.
~/.cdist/preos
PreOS plugins directory, if existing.
cdist/conf
The distribution configuration directory. It contains official types and
explorers. This path is relative to cdist installation directory.
cdist/inventory
The distribution inventory directory.
This path is relative to cdist installation directory.
cdist/preos
The distribution PreOS plugins directory.
/etc/cdist.cfg
Global cdist configuration file, if exists.
~/.cdist.cfg or $XDG_CONFIG_HOME/cdist/cdist.cfg
Local cdist configuration file, if exists.
NOTES
-----
cdist detects if host is specified by IPv6 address. If so then remote_copy
command is executed with host address enclosed in square brackets
(see :strong:`scp`\ (1)).
EXAMPLES
--------
.. code-block:: sh
# Configure ikq05.ethz.ch with debug enabled
% cdist config -vvv ikq05.ethz.ch
# Configure hosts in parallel and use a different configuration directory
% cdist config -c ~/p/cdist-nutzung \
-p ikq02.ethz.ch ikq03.ethz.ch ikq04.ethz.ch
# Use custom remote exec / copy commands
% cdist config --remote-exec /path/to/my/remote/exec \
--remote-copy /path/to/my/remote/copy \
-p ikq02.ethz.ch ikq03.ethz.ch ikq04.ethz.ch
# Configure hosts read from file loadbalancers
% cdist config -f loadbalancers
# Configure hosts read from file web.hosts using 16 parallel jobs
% cdist config -j 16 -f web.hosts
# Display banner
cdist banner
# Show help
% cdist --help
# Show Version
% cdist --version
# Enter a shell that has access to emulated types
% cdist shell
% __git
usage: __git --source SOURCE [--state STATE] [--branch BRANCH]
[--group GROUP] [--owner OWNER] [--mode MODE] object_id
# Install ikq05.ethz.ch with debug enabled
% cdist install -vvv ikq05.ethz.ch
# List inventory content
% cdist inventory list -b
# List inventory for specified host localhost
% cdist inventory list -b localhost
# List inventory for specified tag loadbalancer
% cdist inventory list -b -t loadbalancer
# Add hosts to inventory
% cdist inventory add-host -b web1 web2 web3
# Delete hosts from file old-hosts from inventory
% cdist inventory del-host -b -f old-hosts
# Add tags to specified hosts
% cdist inventory add-tag -b -t europe,croatia,web,static web1 web2
# Add tag to all hosts in inventory
% cdist inventory add-tag -b -t vm
# Delete all tags from specified host
% cdist inventory del-tag -b -a localhost
# Delete tags read from stdin from hosts specified by file hosts
% cdist inventory del-tag -b -T - -f hosts
# Configure hosts from inventory with any of specified tags
% cdist config -b -t web dynamic
# Configure hosts from inventory with all specified tags
% cdist config -b -t -a web dynamic
# Configure all hosts from inventory db
$ cdist config -b -A
# Create default debian PreOS in debug mode
$ cdist preos debian /preos/preos-debian -vvvv -C \
-k ~/.ssh/id_rsa.pub -p /preos/pxe-debian
# Create ubuntu PreOS
$ cdist preos ubuntu /preos/preos-ubuntu -C \
-k ~/.ssh/id_rsa.pub -p /preos/pxe-ubuntu
# Create ubuntu PreOS on drive /dev/sdb
# and set root password to 'password'.
$ cdist preos ubuntu /mnt -B -C \
-k ~/.ssh/id_rsa.pub -D /dev/sdb \
-P password
ENVIRONMENT
-----------
TMPDIR, TEMP, TMP
Setup the base directory for the temporary directory.
See http://docs.python.org/py3k/library/tempfile.html for
more information. This is rather useful, if the standard
directory used does not allow executables.
CDIST_PATH
Colon delimited list of config directories.
CDIST_LOCAL_SHELL
Selects shell for local script execution, defaults to /bin/sh.
CDIST_REMOTE_SHELL
Selects shell for remote script execution, defaults to /bin/sh.
CDIST_OVERRIDE
Allow overwriting type parameters.
CDIST_ORDER_DEPENDENCY
Create dependencies based on the execution order.
Note that in version 6.2.0 semantic of this processing mode is
finally fixed and well defined.
CDIST_REMOTE_EXEC
Use this command for remote execution (should behave like ssh).
CDIST_REMOTE_COPY
Use this command for remote copy (should behave like scp).
CDIST_INVENTORY_DIR
Use this directory as inventory directory.
CDIST_BETA
Enable beta functionality.
CDIST_CACHE_PATH_PATTERN
Custom cache path pattern.
CDIST_COLORED_OUTPUT
Colorize cdist's output. cf. the :code:`--colors` option.
CDIST_CONFIG_FILE
Custom configuration file.
EXIT STATUS
-----------
The following exit values shall be returned:
0 Successful completion.
1 One or more host configurations failed.
AUTHORS
-------
Originally written by Nico Schottelius <nico-cdist--@--schottelius.org>
and Steven Armstrong <steven-cdist--@--armstrong.cc>.
CAVEATS
-------
When operating in parallel, either by operating in parallel for each host
(-p/--parallel) or by parallel jobs within a host (-j/--jobs), and depending
on target SSH server and its configuration you may encounter connection drops.
This is controlled with sshd :strong:`MaxStartups` configuration options.
You may also encounter session open refusal. This happens with ssh multiplexing
when you reach maximum number of open sessions permitted per network
connection. In this case ssh will disable multiplexing.
This limit is controlled with sshd :strong:`MaxSessions` configuration
options. For more details refer to :strong:`sshd_config`\ (5).
When requirements for the same object are defined in different manifests (see
example below), for example, in init manifest and in some other type manifest
and those requirements differ then dependency resolver cannot detect
dependencies correctly. This happens because cdist cannot prepare all objects first
and run all objects afterwards. Some object can depend on the result of type
explorer(s) and explorers are executed during object run. cdist will detect
such case and display a warning message. An example of such a case:
.. code-block:: sh
init manifest:
__a a
require="__e/e" __b b
require="__f/f" __c c
__e e
__f f
require="__c/c" __d d
__g g
__h h
type __g manifest:
require="__c/c __d/d" __a a
Warning message:
WARNING: cdisttesthost: Object __a/a already exists with requirements:
/usr/home/darko/ungleich/cdist/cdist/test/config/fixtures/manifest/init-deps-resolver /tmp/tmp.cdist.test.ozagkg54/local/759547ff4356de6e3d9e08522b0d0807/data/conf/type/__g/manifest: set()
/tmp/tmp.cdist.test.ozagkg54/local/759547ff4356de6e3d9e08522b0d0807/data/conf/type/__g/manifest: {'__c/c', '__d/d'}
Dependency resolver could not handle dependencies as expected.
COPYING
-------
Copyright \(C) 2011-2020 Nico Schottelius. Free use of this software is
granted under the terms of the GNU General Public License v3 or later (GPLv3+).

View file

@ -0,0 +1,108 @@
cdist-type__acl(7)
==================
NAME
----
cdist-type__acl - Set ACL entries
DESCRIPTION
-----------
Fully supported and tested on Linux (ext4 filesystem), partial support for FreeBSD.
See ``setfacl`` and ``acl`` manpages for more details.
One of ``--entry`` or ``--source`` must be used.
OPTIONAL MULTIPLE PARAMETERS
----------------------------
entry
Set ACL entry following ``getfacl`` output syntax.
Must be used if ``--source`` is not used.
OPTIONAL PARAMETERS
-------------------
source
Read ACL entries from stdin or file.
Ordering of entries is not important.
When reading from file, comments and empty lines are ignored.
Must be used if ``--entry`` is not used.
file
Create/change file with ``__file`` using ``user:group:mode`` pattern.
directory
Create/change directory with ``__directory`` using ``user:group:mode`` pattern.
BOOLEAN PARAMETERS
------------------
default
Set all ACL entries as default too.
Only directories can have default ACLs.
Setting default ACL in FreeBSD is currently not supported.
recursive
Make ``setfacl`` recursive (Linux only), but not ``getfacl`` in explorer.
remove
Remove undefined ACL entries.
``mask`` and ``other`` entries can't be removed, but only changed.
EXAMPLES
--------
.. code-block:: sh
__acl /srv/project \
--default \
--recursive \
--remove \
--entry user:alice:rwx \
--entry user:bob:r-x \
--entry group:project-group:rwx \
--entry group:some-other-group:r-x \
--entry mask::r-x \
--entry other::r-x
# give Alice read-only access to subdir,
# but don't allow her to see parent content.
__acl /srv/project2 \
--remove \
--entry default:group:secret-project:rwx \
--entry group:secret-project:rwx \
--entry user:alice:--x
__acl /srv/project2/subdir \
--default \
--remove \
--entry group:secret-project:rwx \
--entry user:alice:r-x
# read acl from stdin
echo 'user:alice:rwx' \
| __acl /path/to/directory --source -
# create/change directory too
__acl /path/to/directory \
--default \
--remove \
--directory root:root:770 \
--entry user:nobody:rwx
AUTHORS
-------
Ander Punnar <ander-at-kvlt-dot-ee>
COPYING
-------
Copyright \(C) 2018 Ander Punnar. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,104 @@
cdist-type__debian_backports(7)
===============================
NAME
----
cdist-type__apt_backports - Install backports
DESCRIPTION
-----------
This singleton type installs backports for the current OS release.
It aborts if backports are not supported for the specified OS or
no version codename could be fetched (like Debian unstable).
The package index will be automatically updated if required.
It supports backports from following OSes:
- Debian
- Devuan
- Ubuntu
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
state
Represents the state of the backports repository. ``present`` or
``absent``, defaults to ``present``.
Will be directly passed to :strong:`cdist-type__apt_source`\ (7).
mirror
The mirror to fetch the backports from. Will defaults to the generic
mirror of the current OS.
Will be directly passed to :strong:`cdist-type__apt_source`\ (7).
BOOLEAN PARAMETERS
------------------
None.
MESSAGES
--------
None.
EXAMPLES
--------
.. code-block:: sh
# setup the backports
__apt_backports
__apt_backports --state absent
__apt_backports --state present --mirror "http://ftp.de.debian.org/debian/"
# install a backports package
# currently for the buster release backports
require="__apt_backports" __package_apt wireguard \
--target-release buster-backports
ABORTS
------
Aborts if the detected os is not Debian.
Aborts if no distribuition codename could be detected. This is common for the
unstable distribution, but there is no backports repository for it already.
CAVEATS
-------
For Ubuntu, it setup all componenents for the backports repository: ``main``,
``restricted``, ``universe`` and ``multiverse``. The user may not want to
install proprietary packages, which will only be installed if the user
explicitly uses the backports target-release. The user may change this behavior
to install backports packages without the need of explicitly select it.
SEE ALSO
--------
`Official Debian Backports site <https://backports.debian.org/>`_
:strong:`cdist-type__apt_source`\ (7)
AUTHORS
-------
Matthias Stecher <matthiasstecher at gmx.de>
COPYING
-------
Copyright \(C) 2020 Matthias Stecher. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,46 @@
cdist-type__apt_default_release(7)
==================================
NAME
----
cdist-type__apt_default_release - Configure the default release for apt
DESCRIPTION
-----------
Configure the default release for apt, using the APT::Default-Release
configuration value.
REQUIRED PARAMETERS
-------------------
release
The value to set APT::Default-Release to.
This can contain release name, codename or release version. Examples:
'stable', 'testing', 'unstable', 'stretch', 'buster', '4.0', '5.0*'.
OPTIONAL PARAMETERS
-------------------
None.
EXAMPLES
--------
.. code-block:: sh
__apt_default_release --release stretch
AUTHORS
-------
Matthijs Kooijman <matthijs--@--stdin.nl>
COPYING
-------
Copyright \(C) 2017 Matthijs Kooijman. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,114 @@
cdist-type__apt_key(7)
======================
NAME
----
cdist-type__apt_key - Manage the list of keys used by apt
DESCRIPTION
-----------
Manages the list of keys used by apt to authenticate packages.
This is done by placing the requested key in a file named
``$__object_id.gpg`` in the ``keydir`` directory.
This is supported by modern releases of Debian-based distributions.
In order of preference, exactly one of: ``source``, ``uri`` or ``keyid``
must be specified.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
keydir
keyring directory, defaults to ``/etc/apt/trusted.pgp.d``, which is
enabled system-wide by default.
source
path to a file containing the GPG key of the repository.
Using this is recommended as it ensures that the manifest/type manintainer
has validated the key.
If ``-``, the GPG key is read from the type's stdin.
state
'present' or 'absent'. Defaults to 'present'
uri
the URI from which to download the key.
It is highly recommended that you only use protocols with TLS like HTTPS.
This uses ``__download`` but does not use checksums, if you want to ensure
that the key doesn't change, you are better off downloading it and using
``--source``.
DEPRECATED OPTIONAL PARAMETERS
------------------------------
keyid
the id of the key to download from the ``keyserver``.
This is to be used in absence of ``--source`` and ``--uri`` or together
with ``--use-deprecated-apt-key`` for key removal.
Defaults to ``$__object_id``.
keyserver
the keyserver from which to fetch the key.
Defaults to ``pool.sks-keyservers.net``.
DEPRECATED BOOLEAN PARAMETERS
-----------------------------
use-deprecated-apt-key
``apt-key(8)`` will last be available in Debian 11 and Ubuntu 22.04.
You can use this parameter to force usage of ``apt-key(8)``.
Please only use this parameter to *remove* keys from the keyring,
in order to prepare for removal of ``apt-key``.
Adding keys should be done without this parameter.
This parameter will be removed when Debian 11 stops being supported.
EXAMPLES
--------
.. code-block:: sh
# add a key that has been verified by a type maintainer
__apt_key jitsi_meet_2021 \
--source cdist-contrib/type/__jitsi_meet/files/apt_2021.gpg
# remove an old, deprecated or expired key
__apt_key jitsi_meet_2016 --state absent
# Get rid of a key that might have been added to
# /etc/apt/trusted.gpg with apt-key
__apt_key 0x40976EAF437D05B5 --use-deprecated-apt-key --state absent
# add a key that we define in-line
__apt_key jitsi_meet_2021 --source '-' <<EOF
-----BEGIN PGP PUBLIC KEY BLOCK-----
[...]
-----END PGP PUBLIC KEY BLOCK-----
EOF
# download or update key from the internet
__apt_key rabbitmq_2007 \
--uri https://www.rabbitmq.com/rabbitmq-signing-key-public.asc
AUTHORS
-------
Steven Armstrong <steven-cdist--@--armstrong.cc>
Ander Punnar <ander-at-kvlt-dot-ee>
Evilham <contact~~@~~evilham.com>
COPYING
-------
Copyright \(C) 2011-2021 Steven Armstrong, Ander Punnar and Evilham. You can
redistribute it and/or modify it under the terms of the GNU General Public
License as published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,51 @@
cdist-type__apt_key_uri(7)
==========================
NAME
----
cdist-type__apt_key_uri - Add apt key from uri
DESCRIPTION
-----------
Download a key from an uri and add it to the apt keyring.
REQUIRED PARAMETERS
-------------------
uri
the uri from which to download the key
OPTIONAL PARAMETERS
-------------------
state
'present' or 'absent', defaults to 'present'
name
a name for this key, used when testing if it is already installed.
Defaults to __object_id
EXAMPLES
--------
.. code-block:: sh
__apt_key_uri rabbitmq \
--name 'RabbitMQ Release Signing Key <info@rabbitmq.com>' \
--uri http://www.rabbitmq.com/rabbitmq-signing-key-public.asc \
--state present
AUTHORS
-------
Steven Armstrong <steven-cdist--@--armstrong.cc>
COPYING
-------
Copyright \(C) 2011-2014 Steven Armstrong. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,47 @@
cdist-type__apt_mark(7)
=======================
NAME
----
cdist-type__apt_mark - set package state as 'hold' or 'unhold'
DESCRIPTION
-----------
See apt-mark(8) for details.
REQUIRED PARAMETERS
-------------------
state
Either "hold" or "unhold".
OPTIONAL PARAMETERS
-------------------
name
If supplied, use the name and not the object id as the package name.
EXAMPLES
--------
.. code-block:: sh
# hold package
__apt_mark quagga --state hold
# unhold package
__apt_mark quagga --state unhold
AUTHORS
-------
Ander Punnar <cdist--@--kvlt.ee>
COPYING
-------
Copyright \(C) 2016 Ander Punnar. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,43 @@
cdist-type__apt_norecommends(7)
===============================
NAME
----
cdist-type__apt_norecommends - Configure apt to not install recommended packages
DESCRIPTION
-----------
Configure apt to not install any recommended or suggested packages.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
None.
EXAMPLES
--------
.. code-block:: sh
__apt_norecommends
AUTHORS
-------
Steven Armstrong <steven-cdist--@--armstrong.cc>
Dennis Camera <dennis.camera--@--ssrq-sds-fds.ch>
COPYING
-------
Copyright \(C) 2014 Steven Armstrong, 2020 Dennis Camera.
You can redistribute it and/or modify it under the terms of the GNU General
Public License as published by the Free Software Foundation, either version 3 of
the License, or (at your option) any later version.

View file

@ -0,0 +1,79 @@
cdist-type__apt_pin(7)
======================
NAME
----
cdist-type__apt_pin - Manage apt pinning rules
DESCRIPTION
-----------
Adds/removes/edits rules to pin some packages to a specific distribution. Useful if using multiple debian repositories at the same time. (Useful, if one wants to use a few specific packages from backports or perhaps Debain testing... or even sid.)
REQUIRED PARAMETERS
-------------------
distribution
Specifies what distribution the package should be pinned to. Accepts both codenames (buster/bullseye/sid) and suite names (stable/testing/...).
OPTIONAL PARAMETERS
-------------------
package
Package name, glob or regular expression to match (multiple) packages. If not specified `__object_id` is used.
priority
The priority value to assign to matching packages. Deafults to 500. (To match the default target distro's priority)
state
Will be passed to underlying `__file` type; see there for valid values and defaults.
BOOLEAN PARAMETERS
------------------
None.
EXAMPLES
--------
.. code-block:: sh
# Add the bullseye repo to buster, but do not install any packages by default,
# only if explicitely asked for (-1 means "never" for apt)
__apt_pin bullseye-default \
--package "*" \
--distribution bullseye \
--priority -1
require="__apt_pin/bullseye-default" __apt_source bullseye \
--uri http://deb.debian.org/debian/ \
--distribution bullseye \
--component main
__apt_pin foo --package "foo foo-*" --distribution bullseye
__foo # Assuming, this installs the `foo` package internally
__package foo-plugin-extras # Assuming we also need some extra stuff
SEE ALSO
--------
:strong:`apt_preferences`\ (5)
:strong:`cdist-type__apt_source`\ (7)
:strong:`cdist-type__apt_backports`\ (7)
:strong:`cdist-type__file`\ (7)
AUTHORS
-------
Daniel Fancsali <fancsali@gmail.com>
COPYING
-------
Copyright \(C) 2021 Daniel Fancsali. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,50 @@
cdist-type__apt_ppa(7)
======================
NAME
----
cdist-type__apt_ppa - Manage ppa repositories
DESCRIPTION
-----------
This cdist type allows manage ubuntu ppa repositories.
REQUIRED PARAMETERS
-------------------
state
The state the ppa should be in, either 'present' or 'absent'.
Defaults to 'present'
OPTIONAL PARAMETERS
-------------------
None.
EXAMPLES
--------
.. code-block:: sh
# Enable a ppa repository
__apt_ppa ppa:sans-intern/missing-bits
# same as
__apt_ppa ppa:sans-intern/missing-bits --state present
# Disable a ppa repository
__apt_ppa ppa:sans-intern/missing-bits --state absent
AUTHORS
-------
Steven Armstrong <steven-cdist--@--armstrong.cc>
COPYING
-------
Copyright \(C) 2011-2014 Steven Armstrong. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,78 @@
cdist-type__apt_source(7)
=========================
NAME
----
cdist-type__apt_source - Manage apt sources
DESCRIPTION
-----------
This cdist type allows you to manage apt sources. It invokes index update
internally when needed so call of index updating type is not needed.
REQUIRED PARAMETERS
-------------------
uri
the uri to the apt repository
OPTIONAL PARAMETERS
-------------------
arch
set this if you need to force and specific arch (ubuntu specific)
signed-by
provide a GPG key fingerprint or keyring path for signature checks
state
'present' or 'absent', defaults to 'present'
distribution
the distribution codename to use. Defaults to DISTRIB_CODENAME from
the targets /etc/lsb-release
component
space delimited list of components to enable. Defaults to an empty string.
BOOLEAN PARAMETERS
------------------
include-src
include deb-src entries
EXAMPLES
--------
.. code-block:: sh
__apt_source rabbitmq \
--uri http://www.rabbitmq.com/debian/ \
--distribution testing \
--component main \
--include-src \
--state present
__apt_source canonical_partner \
--uri http://archive.canonical.com/ \
--component partner --state present
__apt_source goaccess \
--uri http://deb.goaccess.io/ \
--component main \
--signed-by C03B48887D5E56B046715D3297BD1A0133449C3D
AUTHORS
-------
Steven Armstrong <steven-cdist--@--armstrong.cc>
COPYING
-------
Copyright \(C) 2011-2018 Steven Armstrong. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,68 @@
cdist-type__apt_unattended_upgrades(7)
======================================
NAME
----
cdist-type__apt_unattended_upgrades - automatic installation of updates
DESCRIPTION
-----------
Install and configure unattended-upgrades package.
For more information see https://wiki.debian.org/UnattendedUpgrades.
OPTIONAL MULTIPLE PARAMETERS
----------------------------
option
Set options for unattended-upgrades. See examples.
Supported options with default values (as of 2020-01-17) are:
- AutoFixInterruptedDpkg, default is "true"
- MinimalSteps, default is "true"
- InstallOnShutdown, default is "false"
- Mail, default is "" (empty)
- MailOnlyOnError, default is "false"
- Remove-Unused-Kernel-Packages, default is "true"
- Remove-New-Unused-Dependencies, default is "true"
- Remove-Unused-Dependencies, default is "false"
- Automatic-Reboot, default is "false"
- Automatic-Reboot-WithUsers, default is "true"
- Automatic-Reboot-Time, default is "02:00"
- SyslogEnable, default is "false"
- SyslogFacility, default is "daemon"
- OnlyOnACPower, default is "true"
- Skip-Updates-On-Metered-Connections, default is "true"
- Verbose, default is "false"
- Debug, default is "false"
blacklist
Python regular expressions, matching packages to exclude from upgrading.
EXAMPLES
--------
.. code-block:: sh
__apt_unattended_upgrades \
--option Mail=root \
--option MailOnlyOnError=true \
--blacklist multipath-tools \
--blacklist open-iscsi
AUTHORS
-------
Ander Punnar <ander-at-kvlt-dot-ee>
COPYING
-------
Copyright \(C) 2020 Ander Punnar. You can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the Free
Software Foundation, either version 3 of the License, or (at your option) any
later version.

View file

@ -0,0 +1,41 @@
cdist-type__apt_update_index(7)
===============================
NAME
----
cdist-type__apt_update_index - Update apt's package index
DESCRIPTION
-----------
This cdist type runs apt-get update whenever any apt sources have changed.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
None.
EXAMPLES
--------
.. code-block:: sh
__apt_update_index
AUTHORS
-------
Steven Armstrong <steven-cdist--@--armstrong.cc>
COPYING
-------
Copyright \(C) 2011 Steven Armstrong. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,82 @@
cdist-type__block(7)
====================
NAME
----
cdist-type__block - Manage blocks of text in files
DESCRIPTION
-----------
Manage a block of text in an existing file.
The block is identified using the prefix and suffix parameters.
Everything between prefix and suffix is considered to be a managed block
of text.
REQUIRED PARAMETERS
-------------------
text
the text to manage.
If text is '-' (dash), take what was written to stdin as the text.
OPTIONAL PARAMETERS
-------------------
file
the file in which to manage the text block.
Defaults to object_id.
prefix
the prefix to add before the text.
Defaults to #cdist:__block/$__object_id
suffix
the suffix to add after the text.
Defaults to #/cdist:__block/$__object_id
state
'present' or 'absent', defaults to 'present'
MESSAGES
--------
add
block was added
update
block was updated/changed
remove
block was removed
EXAMPLES
--------
.. code-block:: sh
# text from argument
__block /path/to/file \
--prefix '#start' \
--suffix '#end' \
--text 'some\nblock of\ntext'
# text from stdin
__block some-id \
--file /path/to/file \
--text - << DONE
here some block
of text
DONE
AUTHORS
-------
Steven Armstrong <steven-cdist--@--armstrong.cc>
COPYING
-------
Copyright \(C) 2013 Steven Armstrong. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,78 @@
cdist-type__ccollect_source(7)
==============================
NAME
----
cdist-type__ccollect_source - Manage ccollect sources
DESCRIPTION
-----------
This cdist type allows you to create or delete ccollect sources.
REQUIRED PARAMETERS
-------------------
source
The source from which to backup
destination
The destination directory
OPTIONAL PARAMETERS
-------------------
state
'present' or 'absent', defaults to 'present'
ccollectconf
The CCOLLECT_CONF directory. Defaults to /etc/ccollect.
OPTIONAL MULTIPLE PARAMETERS
----------------------------
exclude
Paths to exclude of backup
BOOLEAN PARAMETERS
------------------
verbose
Whether to report backup verbosely
create-destination
Create the directory specified in the destination parameter on the remote host
EXAMPLES
--------
.. code-block:: sh
__ccollect_source doc.ungleich.ch \
--source doc.ungleich.ch:/ \
--destination /backup/doc.ungleich.ch \
--exclude '/proc/*' --exclude '/sys/*' \
--verbose
__ccollect_source doc.ungleich.ch \
--source doc.ungleich.ch:/ \
--destination /backup/doc.ungleich.ch \
--exclude '/proc/*' --exclude '/sys/*' \
--verbose \
--create-destination
SEE ALSO
--------
:strong:`ccollect`\ (1)
AUTHORS
-------
Nico Schottelius <nico-cdist--@--schottelius.org>
COPYING
-------
Copyright \(C) 2014 Nico Schottelius. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,63 @@
cdist-type__cdist(7)
====================
NAME
----
cdist-type__cdist - Manage cdist installations
DESCRIPTION
-----------
This cdist type allows you to easily setup cdist
on another box, to allow the other box to configure
systems.
This type is *NOT* required by target hosts.
It is only helpful to build FROM which you configure
other hosts.
This type will use git to clone
REQUIRED PARAMETERS
-------------------
OPTIONAL PARAMETERS
-------------------
username
Select the user to create for the cdist installation.
Defaults to "cdist".
source
Select the source from which to clone cdist from.
Defaults to "git@code.ungleich.ch:ungleich-public/cdist.git".
branch
Select the branch to checkout from.
Defaults to "master".
EXAMPLES
--------
.. code-block:: sh
# Install cdist for user cdist in her home as subfolder cdist
__cdist /home/cdist/cdist
# Use alternative source
__cdist --source "git@code.ungleich.ch:ungleich-public/cdist.git" /home/cdist/cdist
AUTHORS
-------
Nico Schottelius <nico-cdist--@--schottelius.org>
COPYING
-------
Copyright \(C) 2013 Nico Schottelius. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,55 @@
cdist-type__cdistmarker(7)
==========================
NAME
----
cdist-type__cdistmarker - Add a timestamped cdist marker.
DESCRIPTION
-----------
This type is used to add a common marker file which indicates that a given
machine is being managed by cdist. The contents of this file consist of a
timestamp, which can be used to determine the most recent time at which cdist
was run against the machine in question.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
destination
The path and filename of the marker.
Default: /etc/cdist-configured
format
The format of the timestamp. This is passed directly to system 'date'.
Default: -u
EXAMPLES
--------
.. code-block:: sh
# Creates the marker as normal.
__cdistmarker
# Creates the marker differently.
__cdistmarker --destination /tmp/cdist_marker --format '+%s'
AUTHORS
-------
Daniel Maher <phrawzty+cdist--@--gmail.com>
COPYING
-------
Copyright \(C) 2011 Daniel Maher. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,52 @@
cdist-type__check_messages(7)
=============================
NAME
----
cdist-type__check_messages - Check messages for pattern and execute command on match.
DESCRIPTION
-----------
Check messages for pattern and execute command on match.
This type is useful if you chain together multiple related types using
dependencies and want to restart service if at least one type changes
something.
For more information about messages see `cdist messaging <cdist-messaging.html>`_.
For more information about dependencies and execution order see
`cdist manifest <cdist-manifest.html#dependencies>`_ documentation.
REQUIRED PARAMETERS
-------------------
pattern
Extended regular expression pattern for search (passed to ``grep -E``).
execute
Command to execute on pattern match.
EXAMPLES
--------
.. code-block:: sh
__check_messages munin \
--pattern '^__(file|link|line)/etc/munin/' \
--execute 'service munin-node restart'
AUTHORS
-------
Ander Punnar <ander-at-kvlt-dot-ee>
COPYING
-------
Copyright \(C) 2019 Ander Punnar. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,55 @@
cdist-type__chroot_mount(7)
===========================
NAME
----
cdist-type__chroot_mount - mount a chroot
DESCRIPTION
-----------
Mount and prepare a chroot for running commands within it.
REQUIRED PARAMETERS
-------------------
None
OPTIONAL PARAMETERS
-------------------
manage-resolv-conf
manage /etc/resolv.conf inside the chroot.
Use the value of this parameter as the suffix to save a copy
of the current /etc/resolv.conf to /etc/resolv.conf.$suffix.
This is used by the __chroot_umount type to restore the initial
file content when unmounting the chroot.
BOOLEAN PARAMETERS
------------------
None.
EXAMPLES
--------
.. code-block:: sh
__chroot_mount /path/to/chroot
__chroot_mount /path/to/chroot \
--manage-resolv-conf "some-known-string"
AUTHORS
-------
Steven Armstrong <steven-cdist--@--armstrong.cc>
COPYING
-------
Copyright \(C) 2012-2017 Steven Armstrong. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,60 @@
cdist-type__chroot_umount(7)
============================
NAME
----
cdist-type__chroot_umount - unmount a chroot mounted by __chroot_mount
DESCRIPTION
-----------
Undo what __chroot_mount did.
REQUIRED PARAMETERS
-------------------
None
OPTIONAL PARAMETERS
-------------------
manage-resolv-conf
manage /etc/resolv.conf inside the chroot.
Use the value of this parameter as the suffix to find the backup file
that was saved by the __chroot_mount.
This is used by the to restore the initial file content when unmounting
the chroot.
BOOLEAN PARAMETERS
------------------
None.
EXAMPLES
--------
.. code-block:: sh
__chroot_umount /path/to/chroot
__chroot_umount /path/to/chroot \
--manage-resolv-conf "some-known-string"
SEE ALSO
--------
:strong:`cdist-type__chroot_mount`\ (7)
AUTHORS
-------
Steven Armstrong <steven-cdist--@--armstrong.cc>
COPYING
-------
Copyright \(C) 2012-2017 Steven Armstrong. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,68 @@
cdist-type__clean_path(7)
=========================
NAME
----
cdist-type__clean_path - Remove files and directories which match the pattern.
DESCRIPTION
-----------
Remove files and directories which match the pattern.
Provided path must be a directory.
Patterns are passed to ``find``'s ``-regex`` - see ``find(1)`` for more details.
Look up of files and directories is non-recursive (``-maxdepth 1``).
Parent directory is excluded (``-mindepth 1``).
This type is not POSIX compatible (sorry, Solaris users).
REQUIRED PARAMETERS
-------------------
pattern
Pattern of files which are removed from path.
OPTIONAL PARAMETERS
-------------------
path
Path which will be cleaned. Defaults to ``$__object_id``.
exclude
Pattern of files which are excluded from removal.
onchange
The code to run if files or directories were removed.
EXAMPLES
--------
.. code-block:: sh
__clean_path /etc/apache2/conf-enabled \
--pattern '.+' \
--exclude '.+\(charset\.conf\|security\.conf\)' \
--onchange 'service apache2 restart'
__clean_path apache2-conf-enabled \
--path /etc/apache2/conf-enabled \
--pattern '.+' \
--exclude '.+\(charset\.conf\|security\.conf\)' \
--onchange 'service apache2 restart'
AUTHORS
-------
Ander Punnar <ander-at-kvlt-dot-ee>
COPYING
-------
Copyright \(C) 2019 Ander Punnar. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,64 @@
cdist-type__config_file(7)
==========================
NAME
----
cdist-type__config_file - _Manages config files
DESCRIPTION
-----------
Deploy config files using the file type.
Run the given code if the files changes.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
group
see cdist-type__file
mode
see cdist-type__file
onchange
the code to run if the file changes
owner
see cdist-type__file
source
Path to the config file.
If source is '-' (dash), take what was written to stdin as the config file content.
state
see cdist-type__file
EXAMPLES
--------
.. code-block:: sh
__config_file /etc/consul/conf.d/watch_foo.json \
--owner root --group consul --mode 640 \
--source "$__type/files/watch_foo.json" \
--state present \
--onchange 'service consul status >/dev/null && service consul reload || true'
SEE ALSO
--------
:strong:`cdist-type__file`\ (7)
AUTHORS
-------
Steven Armstrong <steven-cdist--@--armstrong.cc>
COPYING
-------
Copyright \(C) 2015 Steven Armstrong. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,75 @@
cdist-type__consul(7)
=====================
NAME
----
cdist-type__consul - Install consul
DESCRIPTION
-----------
Downloads and installs the consul binary from https://dl.bintray.com/mitchellh/consul.
Note that the consul binary is downloaded on the server (the machine running
cdist) and then deployed to the target host using the __file type unless --direct
parameter is used.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
state
either 'present' or 'absent'. Defaults to 'present'
version
which version of consul to install. See ./files/versions for a list of
supported versions. Defaults to the latest known version.
BOOLEAN PARAMETERS
------------------
direct
Download and deploy consul binary directly on the target machine.
MESSAGES
--------
If consul binary is created using __staged_file then underlaying __file type messages are emitted.
If consul binary is created by direct method then the following messages are emitted:
/usr/local/bin/consul created
consul binary was created
EXAMPLES
--------
.. code-block:: sh
# just install using defaults
__consul
# install by downloading consul binary directly on the target machine
__consul --direct
# specific version
__consul \
--version 0.4.1
AUTHORS
-------
| Steven Armstrong <steven-cdist--@--armstrong.cc>
| Darko Poljak <darko.poljak--@--gmail.com>
COPYING
-------
Copyright \(C) 2015 Steven Armstrong. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,184 @@
cdist-type__consul_agent(7)
===========================
NAME
----
cdist-type__consul_agent - Manage the consul agent
DESCRIPTION
-----------
Configure and manage the consul agent.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
acl-datacenter
only used by servers. This designates the datacenter which is authoritative
for ACL information.
acl-default-policy
either "allow" or "deny"; defaults to "allow". The default policy controls the
behavior of a token when there is no matching rule.
acl-down-policy
either "allow", "deny" or "extend-cache"; "extend-cache" is the default.
acl-master-token
only used for servers in the acl_datacenter. This token will be created with
management-level permissions if it does not exist. It allows operators to
bootstrap the ACL system with a token ID that is well-known.
acl-token
when provided, the agent will use this token when making requests to the
Consul servers.
acl-ttl
used to control Time-To-Live caching of ACLs.
bind-addr
sets the bind address for cluster communication
bootstrap-expect
sets server to expect bootstrap mode
ca-file-source
path to a PEM encoded certificate authority file which will be uploaded and
configure using the ca_file config option.
cert-file-source
path to a PEM encoded certificate file which will be uploaded and
configure using the cert_file config option.
client-addr
sets the address to bind for client access
datacenter
datacenter of the agent
encrypt
provides the gossip encryption key
group
the primary group for the agent
json-config
path to a partial json config file without leading { and trailing }.
If json-config is '-' (dash), take what was written to stdin as the file content.
key-file-source
path to a PEM encoded private key file which will be uploaded and
configure using the key_file config option.
node-name
name of this node. Must be unique in the cluster
retry-join
address to attempt joining every retry_interval until at least one join works.
Can be specified multiple times.
user
the user to run the agent as
state
if the agent is 'present' or 'absent'. Defaults to 'present'.
Currently state=absent is not working due to some dependency issues.
BOOLEAN PARAMETERS
------------------
disable-remote-exec
disables support for remote execution. When set to true, the agent will ignore any incoming remote exec requests.
disable-update-check
disables automatic checking for security bulletins and new version releases
leave-on-terminate
gracefully leave cluster on SIGTERM
rejoin-after-leave
rejoin the cluster using the previous state after leaving
server
used to control if an agent is in server or client mode
enable-syslog
enables logging to syslog
verify-incoming
enforce the use of TLS and verify a client's authenticity on incoming connections
verify-outgoing
enforce the use of TLS and verify the peers authenticity on outgoing connections
use-distribution-package
uses distribution package instead of upstream binary
EXAMPLES
--------
.. code-block:: sh
# configure as server, bootstrap and rejoin
hostname="$(cat "$__global/explorer/hostname")"
__consul_agent \
--datacenter dc1 \
--node-name "${hostname%%.*}" \
--disable-update-check \
--server \
--rejoin-after-leave \
--bootstrap-expect 3 \
--retry-join consul-01 \
--retry-join consul-02 \
--retry-join consul-03
# configure as server, bootstrap and rejoin with ssl support
hostname="$(cat "$__global/explorer/hostname")"
__consul_agent \
--datacenter dc1 \
--node-name "${hostname%%.*}" \
--disable-update-check \
--server \
--rejoin-after-leave \
--bootstrap-expect 3 \
--retry-join consul-01 \
--retry-join consul-02 \
--retry-join consul-03 \
--ca-file-source /path/to/ca.pem \
--cert-file-source /path/to/cert.pem \
--key-file-source /path/to/key.pem \
--verify-incoming \
--verify-outgoing
# configure as client and try joining existing cluster
__consul_agent \
--datacenter dc1 \
--node-name "${hostname%%.*}" \
--disable-update-check \
--retry-join consul-01 \
--retry-join consul-02 \
--retry-join consul-03
SEE ALSO
--------
consul documentation at: <http://www.consul.io/docs/agent/options.html>.
AUTHORS
-------
Steven Armstrong <steven-cdist--@--armstrong.cc>
COPYING
-------
Copyright \(C) 2015 Steven Armstrong. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,102 @@
cdist-type__consul_check(7)
=============================
NAME
----
cdist-type__consul_check - Manages consul checks
DESCRIPTION
-----------
Generate and deploy check definitions for a consul agent.
See http://www.consul.io/docs/agent/checks.html for parameter documentation.
Use either script together with interval, or use ttl.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
docker-container-id
the id of the docker container to run
http
the url to check
id
The id of this check.
interval
the interval in which the check should run
name
The name of this check. Defaults to __object_id
notes
human readable description
script
the shell command to run
service-id
the id of the service this check is bound to
shell
the shell to run inside the docker container
state
if this check is 'present' or 'absent'. Defaults to 'present'.
status
specify the initial state of this health check
tcp
the host and port to check
timeout
after how long to timeout checks which take to long
token
ACL token to use for interacting with the catalog
ttl
how long a TTL check is considered healthy without being updated through the
HTTP interface
EXAMPLES
--------
.. code-block:: sh
__consul_check redis \
--script /usr/local/bin/check_redis.py \
--interval 10s
__consul_check some-object-id \
--id web-app \
--name "Web App Status" \
--notes "Web app does a curl internally every 10 seconds" \
--ttl 30s
SEE ALSO
--------
:strong:`cdist-type__consul_agent`\ (7)
AUTHORS
-------
Steven Armstrong <steven-cdist--@--armstrong.cc>
COPYING
-------
Copyright \(C) 2015-2016 Steven Armstrong. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,42 @@
cdist-type__consul_reload(7)
============================
NAME
----
cdist-type__consul_reload - Reload consul
DESCRIPTION
-----------
Reload consul after configuration changes.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
None.
EXAMPLES
--------
.. code-block:: sh
__consul_reload
AUTHORS
-------
Steven Armstrong <steven-cdist--@--armstrong.cc>
COPYING
-------
Copyright \(C) 2015 Steven Armstrong. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,85 @@
cdist-type__consul_service(7)
=============================
NAME
----
cdist-type__consul_service - Manages consul services
DESCRIPTION
-----------
Generate and deploy service definitions for a consul agent.
See http://www.consul.io/docs/agent/services.html for parameter documentation.
Use either script together with interval, or use ttl.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
check-interval
the interval in which the script given with --check-script should be run
check-http
the URL to check for HTTP 200-ish status every --check-interval
check-script
the shell command to run every --check-interval
check-ttl
how long a service is considered healthy without being updated through the
HTTP interfave
id
Defaults to --name
name
The name of this service. Defaults to __object_id
port
the port at which this service can be reached
state
if this service is 'present' or 'absent'. Defaults to 'present'.
tag
a tag to add to this service. Can be specified multiple times.
EXAMPLES
--------
.. code-block:: sh
__consul_service redis \
--tag master \
--tag production \
--port 8000 \
--check-script /usr/local/bin/check_redis.py \
--check-interval 10s
__consul_service webapp \
--port 80 \
--check-ttl 10s
SEE ALSO
--------
:strong:`cdist-type__consul_agent`\ (7)
AUTHORS
-------
Steven Armstrong <steven-cdist--@--armstrong.cc>
COPYING
-------
Copyright \(C) 2015 Steven Armstrong. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,141 @@
cdist-type__consul_template(7)
==============================
NAME
----
cdist-type__consul_template - Manage the consul-template service
DESCRIPTION
-----------
Downloads and installs the consul-template binary from
https://github.com/hashicorp/consul-template/releases/download/.
Generates a global config file and creates directory for per template config files.
Note that the consul-template binary is downloaded on the server (the machine running
cdist) and then deployed to the target host using the __file type.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
auth-username
specify a username for basic authentication.
auth-password
specify a password for basic authentication.
batch-size
the size of the batch when polling multiple dependencies.
consul
the location of the Consul instance to query (may be an IP address or FQDN) with port.
Defaults to 'localhost:8500'.
log-level
The log level for output. This applies to the stdout/stderr logging as well
as syslog logging (if enabled). Valid values are "debug", "info", "warn",
and "err". The default value is "warn".
max-stale
the maximum staleness of a query. If specified, Consul will distribute work among all
servers instead of just the leader.
retry
the amount of time to wait if Consul returns an error when communicating
with the API.
state
either 'present' or 'absent'. Defaults to 'present'
ssl-cert
Path to an SSL client certificate to use to authenticate to the consul server.
Useful if the consul server "verify_incoming" option is set.
ssl-ca-cert
Path to a CA certificate file, containing one or more CA certificates to
use to validate the certificate sent by the consul server to us. This is a
handy alternative to setting --ssl-no-verify if you are using your own CA.
syslog-facility
The facility to use when sending to syslog. This requires the use of --syslog.
The default value is LOCAL0.
token
the Consul API token.
vault-address
the location of the Vault instance to query (may be an IP address or FQDN) with port.
vault-token
the Vault API token.
vault-ssl-cert
Path to an SSL client certificate to use to authenticate to the vault server.
vault-ssl-ca-cert
Path to a CA certificate file, containing one or more CA certificates to
use to validate the certificate sent by the vault server to us.
version
which version of consul-template to install. See ./files/versions for a list of
supported versions. Defaults to the latest known version.
wait
the minimum(:maximum) to wait before rendering a new template to disk and
triggering a command, separated by a colon (:). If the optional maximum
value is omitted, it is assumed to be 4x the required minimum value.
BOOLEAN PARAMETERS
------------------
ssl
use HTTPS while talking to Consul. Requires the Consul server to be configured to serve secure connections.
ssl-no-verify
ignore certificate warnings. Only used if ssl is enabled.
syslog
Send log output to syslog (in addition to stdout and stderr).
vault-ssl
use HTTPS while talking to Vault. Requires the Vault server to be configured to serve secure connections.
vault-ssl-no-verify
ignore certificate warnings. Only used if vault is enabled.
EXAMPLES
--------
.. code-block:: sh
__consul_template \
--consul consul.service.consul:8500 \
--retry 30s
# specific version
__consul_template \
--version 0.6.5 \
--retry 30s
SEE ALSO
--------
consul documentation at: <https://github.com/hashicorp/consul-template>.
AUTHORS
-------
Steven Armstrong <steven-cdist--@--armstrong.cc>
COPYING
-------
Copyright \(C) 2015 Steven Armstrong. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,84 @@
cdist-type__consul_template_template(7)
=======================================
NAME
----
cdist-type__consul_template_template - Manage consul-template templates
DESCRIPTION
-----------
Generate and deploy template definitions for a consul-template.
See https://github.com/hashicorp/consul-template#examples for documentation.
Templates are written in the Go template format.
Either the --source or the --source-file parameter must be given.
REQUIRED PARAMETERS
-------------------
destination
the destination where the generated file should go.
OPTIONAL PARAMETERS
-------------------
command
an optional command to run after rendering the template to its destination.
source
path to the template source. Conflicts --source-file.
source-file
path to a local file which is uploaded using the __file type and configured
as the source.
If source is '-' (dash), take what was written to stdin as the file content.
Conflicts --source.
state
if this template is 'present' or 'absent'. Defaults to 'present'.
wait
The `minimum(:maximum)` time to wait before rendering a new template to
disk and triggering a command, separated by a colon (`:`). If the optional
maximum value is omitted, it is assumed to be 4x the required minimum value.
This is a numeric time with a unit suffix ("5s"). There is no default value.
The wait value for a template takes precedence over any globally-configured
wait.
EXAMPLES
--------
.. code-block:: sh
# configure template on the target
__consul_template_template nginx \
--source /etc/my-consul-templates/nginx.ctmpl \
--destination /etc/nginx/nginx.conf \
--command 'service nginx restart'
# upload a local file to the target and configure it
__consul_template_template nginx \
--wait '2s:6s' \
--source-file "$__manifest/files/nginx.ctmpl" \
--destination /etc/nginx/nginx.conf \
--command 'service nginx restart'
SEE ALSO
--------
:strong:`cdist-type__consul_template`\ (7), :strong:`cdist-type__consul_template_config`\ (7)
AUTHORS
-------
Steven Armstrong <steven-cdist--@--armstrong.cc>
COPYING
-------
Copyright \(C) 2015-2016 Steven Armstrong. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,73 @@
cdist-type__consul_watch_checks(7)
==================================
NAME
----
cdist-type__consul_watch_checks - Manages consul checks watches
DESCRIPTION
-----------
Generate and deploy watch definitions of type 'checks' for a consul agent.
See http://www.consul.io/docs/agent/watches.html for parameter documentation.
REQUIRED PARAMETERS
-------------------
handler
the handler to invoke when the data view updates
OPTIONAL PARAMETERS
-------------------
datacenter
can be provided to override the agent's default datacenter
filter-service
filter to a specific service. Conflicts with --filter-state.
filter-state
filter to a specific state. Conflicts with --filter-service.
state
if this watch is 'present' or 'absent'. Defaults to 'present'.
token
can be provided to override the agent's default ACL token
EXAMPLES
--------
.. code-block:: sh
__consul_watch_checks some-id \
--handler /usr/bin/my-handler.sh
__consul_watch_checks some-id \
--filter-service consul \
--handler /usr/bin/my-handler.sh
__consul_watch_checks some-id \
--filter-state passing \
--handler /usr/bin/my-handler.sh
SEE ALSO
--------
:strong:`cdist-type__consul_agent`\ (7)
consul documentation at: <http://www.consul.io/docs/agent/watches.html>.
AUTHORS
-------
Steven Armstrong <steven-cdist--@--armstrong.cc>
COPYING
-------
Copyright \(C) 2015 Steven Armstrong. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,66 @@
cdist-type__consul_watch_event(7)
=================================
NAME
----
cdist-type__consul_watch_event - Manages consul event watches
DESCRIPTION
-----------
Generate and deploy watch definitions of type 'event' for a consul agent.
See http://www.consul.io/docs/agent/watches.html for parameter documentation.
REQUIRED PARAMETERS
-------------------
handler
the handler to invoke when the data view updates
OPTIONAL PARAMETERS
-------------------
datacenter
can be provided to override the agent's default datacenter
name
restrict the watch to only events with the given name
state
if this watch is 'present' or 'absent'. Defaults to 'present'.
token
can be provided to override the agent's default ACL token
EXAMPLES
--------
.. code-block:: sh
__consul_watch_event some-id \
--handler /usr/bin/my-handler.sh
__consul_watch_event some-id \
--name web-deploy \
--handler /usr/bin/my-handler.sh
SEE ALSO
--------
:strong:`cdist-type__consul_agent`\ (7)
consul documentation at: <http://www.consul.io/docs/agent/watches.html>.
AUTHORS
-------
Steven Armstrong <steven-cdist--@--armstrong.cc>
COPYING
-------
Copyright \(C) 2015 Steven Armstrong. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,63 @@
cdist-type__consul_watch_key(7)
===============================
NAME
----
cdist-type__consul_watch_key - Manages consul key watches
DESCRIPTION
-----------
Generate and deploy watch definitions of type 'key' for a consul agent.
See http://www.consul.io/docs/agent/watches.html for parameter documentation.
REQUIRED PARAMETERS
-------------------
handler
the handler to invoke when the data view updates
key
the key to watch for changes
OPTIONAL PARAMETERS
-------------------
datacenter
can be provided to override the agent's default datacenter
state
if this watch is 'present' or 'absent'. Defaults to 'present'.
token
can be provided to override the agent's default ACL token
EXAMPLES
--------
.. code-block:: sh
__consul_watch_key some-id \
--key foo/bar/baz \
--handler /usr/bin/my-key-handler.sh
SEE ALSO
--------
:strong:`cdist-type__consul_agent`\ (7)
consul documentation at: <http://www.consul.io/docs/agent/watches.html>.
AUTHORS
-------
Steven Armstrong <steven-cdist--@--armstrong.cc>
COPYING
-------
Copyright \(C) 2015 Steven Armstrong. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,63 @@
cdist-type__consul_watch_keyprefix(7)
=====================================
NAME
----
cdist-type__consul_watch_keyprefix - Manages consul keyprefix watches
DESCRIPTION
-----------
Generate and deploy watch definitions of type 'keyprefix' for a consul agent.
See http://www.consul.io/docs/agent/watches.html for parameter documentation.
REQUIRED PARAMETERS
-------------------
handler
the handler to invoke when the data view updates
prefix
the prefix of keys to watch for changes
OPTIONAL PARAMETERS
-------------------
datacenter
can be provided to override the agent's default datacenter
state
if this watch is 'present' or 'absent'. Defaults to 'present'.
token
can be provided to override the agent's default ACL token
EXAMPLES
--------
.. code-block:: sh
__consul_watch_keyprefix some-id \
--prefix foo/ \
--handler /usr/bin/my-prefix-handler.sh
SEE ALSO
--------
:strong:`cdist-type__consul_agent`\ (7)
consul documentation at: <http://www.consul.io/docs/agent/watches.html>.
AUTHORS
-------
Steven Armstrong <steven-cdist--@--armstrong.cc>
COPYING
-------
Copyright \(C) 2015 Steven Armstrong. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,59 @@
cdist-type__consul_watch_nodes(7)
=================================
NAME
----
cdist-type__consul_watch_nodes - Manages consul nodes watches
DESCRIPTION
-----------
Generate and deploy watch definitions of type 'nodes' for a consul agent.
See http://www.consul.io/docs/agent/watches.html for parameter documentation.
REQUIRED PARAMETERS
-------------------
handler
the handler to invoke when the data view updates
OPTIONAL PARAMETERS
-------------------
datacenter
can be provided to override the agent's default datacenter
state
if this watch is 'present' or 'absent'. Defaults to 'present'.
token
can be provided to override the agent's default ACL token
EXAMPLES
--------
.. code-block:: sh
__consul_watch_nodes some-id \
--handler /usr/bin/my-key-handler.sh
SEE ALSO
--------
:strong:`cdist-type__consul_agent`\ (7)
consul documentation at: <http://www.consul.io/docs/agent/watches.html>.
AUTHORS
-------
Steven Armstrong <steven-cdist--@--armstrong.cc>
COPYING
-------
Copyright \(C) 2015 Steven Armstrong. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,83 @@
cdist-type__consul_watch_service(7)
===================================
NAME
----
cdist-type__consul_watch_service - Manages consul service watches
DESCRIPTION
-----------
Generate and deploy watch definitions of type 'service' for a consul agent.
See http://www.consul.io/docs/agent/watches.html for parameter documentation.
REQUIRED PARAMETERS
-------------------
handler
the handler to invoke when the data view updates
service
the service to watch for changes
OPTIONAL PARAMETERS
-------------------
datacenter
can be provided to override the agent's default datacenter
state
if this watch is 'present' or 'absent'. Defaults to 'present'.
token
can be provided to override the agent's default ACL token
tag
filter by tag
BOOLEAN PARAMETERS
------------------
passingonly
specifies if only hosts passing all checks are displayed
EXAMPLES
--------
.. code-block:: sh
__consul_watch_service some-id \
--service consul \
--handler /usr/bin/my-handler.sh
__consul_watch_service some-id \
--service redis \
--tag production \
--handler /usr/bin/my-handler.sh
__consul_watch_service some-id \
--service redis \
--tag production \
--passingonly \
--handler /usr/bin/my-handler.sh
SEE ALSO
--------
:strong:`cdist-type__consul_agent`\ (7)
consul documentation at: <http://www.consul.io/docs/agent/watches.html>.
AUTHORS
-------
Steven Armstrong <steven-cdist--@--armstrong.cc>
COPYING
-------
Copyright \(C) 2015 Steven Armstrong. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,59 @@
cdist-type__consul_watch_services(7)
====================================
NAME
----
cdist-type__consul_watch_services - Manages consul services watches
DESCRIPTION
-----------
Generate and deploy watch definitions of type 'services' for a consul agent.
See http://www.consul.io/docs/agent/watches.html for parameter documentation.
REQUIRED PARAMETERS
-------------------
handler
the handler to invoke when the data view updates
OPTIONAL PARAMETERS
-------------------
datacenter
can be provided to override the agent's default datacenter
state
if this watch is 'present' or 'absent'. Defaults to 'present'.
token
can be provided to override the agent's default ACL token
EXAMPLES
--------
.. code-block:: sh
__consul_watch_services some-id \
--handler /usr/bin/my-key-handler.sh
SEE ALSO
--------
:strong:`cdist-type__consul_agent`\ (7)
consul documentation at: <http://www.consul.io/docs/agent/watches.html>.
AUTHORS
-------
Steven Armstrong <steven-cdist--@--armstrong.cc>
COPYING
-------
Copyright \(C) 2015 Steven Armstrong. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,89 @@
cdist-type__cron(7)
===================
NAME
----
cdist-type__cron - Installs and manages cron jobs
DESCRIPTION
-----------
This cdist type allows you to manage entries in a users crontab.
REQUIRED PARAMETERS
-------------------
user
The user who's crontab is edited
command
The command to run.
OPTIONAL PARAMETERS
-------------------
**NOTE**: All time-related parameters (``--minute``, ``--hour``, ``--day_of_month``
``--month`` and ``--day_of_week``) defaults to ``*``, which means to execute it
**always**. If you set ``--hour 0`` to execute the cronjob only at midnight, it
will execute **every** minute in the first hour of the morning all days.
state
Either present or absent. Defaults to present.
minute
See crontab(5). Defaults to *
hour
See crontab(5). Defaults to *
day_of_month
See crontab(5). Defaults to *
month
See crontab(5). Defaults to *
day_of_week
See crontab(5). Defaults to *
raw
Take whatever the user has given instead of time and date fields.
If given, all other time and date fields are ignored.
Can for example be used to specify cron EXTENSIONS like reboot, yearly etc.
See crontab(5) for the extensions if any that your cron implementation
implements.
raw_command
Take whatever the user has given in the command and ignore everything else.
If given, the command will be added to crontab.
Can for example be used to define variables like SHELL or MAILTO.
EXAMPLES
--------
.. code-block:: sh
# run Monday to Saturday at 23:15
__cron some-id --user root --command "/path/to/script" \
--hour 23 --minute 15 --day_of_week 1-6
# run on reboot
__cron some-id --user root --command "/path/to/script" \
--raw @reboot
# remove cronjob
__cron some-id --user root --command "/path/to/script" --state absent
# define default shell
__cron some-id --user root --raw_command --command "SHELL=/bin/bash" \
--state present
SEE ALSO
--------
:strong:`crontab`\ (5)
AUTHORS
-------
Steven Armstrong <steven-cdist--@--armstrong.cc>
COPYING
-------
Copyright \(C) 2011-2013 Steven Armstrong. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,54 @@
cdist-type__daemontools(7)
==========================
NAME
----
cdist-type__daemontools - Install daemontools
DESCRIPTION
-----------
Install djb daemontools and (optionally) an init script.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
from-package
Package to install. Must be compatible with the original daemontools. Example: daemontools-encore. Default: daemontools.
servicedir
Directory to scan for services. Default: `/service`
BOOLEAN PARAMETERS
------------------
install-init-script
Add an init script and set it to start on boot.
EXAMPLES
--------
.. code-block:: sh
__daemontools --from-package daemontools-encore # if you prefer
SEE ALSO
--------
:strong:`cdist-type__daemontools_service`\ (7)
AUTHORS
-------
Kamila Součková <kamila--@--ksp.sk>
COPYING
-------
Copyright \(C) 2017 Kamila Součková. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,72 @@
cdist-type__daemontools_service(7)
==================================
NAME
----
cdist-type__daemontools_service - Create a daemontools-compatible service dir.
DESCRIPTION
-----------
Create a directory structure compatible with daemontools-like service management.
Note that svc must be present on the target system.
The object ID will be used as the service name.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
run
Command to run. exec-ing and stderr redirection will be added. One of run, run-file must be specified.
Example: `my-program`
run-file
File to save as <servicedir>/run. One of run, run-file must be specified.
Example:
.. code-block:: sh
#!/bin/sh
exec 2>&1
exec my_program
log-run
Command to run for log consumption. Default: `multilog t ./main`
servicedir
Directory to install into. Default: `/service`
BOOLEAN PARAMETERS
------------------
None.
EXAMPLES
--------
.. code-block:: sh
require="__daemontools" __daemontools_service prometheus --run "setuidgid prometheus $GOBIN/prometheus $FLAGS"
SEE ALSO
--------
:strong:`cdist-type__daemontools`\ (7)
AUTHORS
-------
Kamila Součková <kamila--@--ksp.sk>
COPYING
-------
Copyright \(C) 2017 Kamila Součková. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,70 @@
cdist-type__debconf_set_selections(7)
=====================================
NAME
----
cdist-type__debconf_set_selections - Setup debconf selections
DESCRIPTION
-----------
On Debian and alike systems :strong:`debconf-set-selections`\ (1) can be used
to setup configuration parameters.
REQUIRED PARAMETERS
-------------------
cf. ``--line``.
OPTIONAL PARAMETERS
-------------------
file
Use the given filename as input for :strong:`debconf-set-selections`\ (1)
If filename is ``-``, read from stdin.
**This parameter is deprecated, because it doesn't work with state detection.**
line
A line in :strong:`debconf-set-selections`\ (1) compatible format.
This parameter can be used multiple times to set multiple options.
(This parameter is actually required, but marked optional because the
deprecated ``--file`` is still accepted.)
BOOLEAN PARAMETERS
------------------
None.
EXAMPLES
--------
.. code-block:: sh
# Setup gitolite's gituser
__debconf_set_selections nslcd --line 'gitolite gitolite/gituser string git'
# Setup configuration for nslcd from a file.
# NB: Multiple lines can be passed to --line, although this can be considered a hack.
__debconf_set_selections nslcd --line "$(cat "${__files:?}/preseed/nslcd.debconf")"
SEE ALSO
--------
- :strong:`cdist-type__update_alternatives`\ (7)
- :strong:`debconf-set-selections`\ (1)
AUTHORS
-------
| Nico Schottelius <nico-cdist--@--schottelius.org>
| Dennis Camera <dennis.camera--@--ssrq-sds-fds.ch>
COPYING
-------
Copyright \(C) 2011-2014 Nico Schottelius, 2021 Dennis Camera.
You can redistribute it and/or modify it under the terms of the GNU General
Public License as published by the Free Software Foundation, either version 3 of
the License, or (at your option) any later version.

View file

@ -0,0 +1,112 @@
cdist-type__directory(7)
========================
NAME
----
cdist-type__directory - Manage a directory
DESCRIPTION
-----------
This cdist type allows you to create or remove directories on the target.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
state
'present', 'absent', 'exists' or 'pre-exists', defaults to 'present' where:
present
the directory exists and the given attributes are set.
absent
the directory does not exist.
exists
the directory exists, but its attributes are not altered if it already
existed.
pre-exists
check that the directory exists and is indeed a directory, but do not
create or modify it.
group
Group to chgrp to.
mode
Unix permissions, suitable for chmod.
owner
User to chown to.
BOOLEAN PARAMETERS
------------------
parents
Whether to create parents as well (mkdir -p behaviour).
Warning: all intermediate directory permissions default
to whatever mkdir -p does.
Usually this means root:root, 0700.
recursive
If supplied the chgrp and chown call will run recursively.
This does *not* influence the behaviour of chmod.
MESSAGES
--------
chgrp <group>
Changed group membership
chown <owner>
Changed owner
chmod <mode>
Changed mode
create
Empty directory was created
remove
Directory exists, but state is absent, directory will be removed by generated code.
remove non directory
Something other than a directory with the same name exists and was removed prior to create.
EXAMPLES
--------
.. code-block:: sh
# A silly example
__directory /tmp/foobar
# Remove a directory
__directory /tmp/foobar --state absent
# Ensure /etc exists correctly
__directory /etc --owner root --group root --mode 0755
# Create nfs service directory, including parents
__directory /home/services/nfs --parents
# Change permissions recursively
__directory /home/services --recursive --owner root --group root
# Setup a temp directory
__directory /local --mode 1777
# Take it all
__directory /home/services/kvm --recursive --parents \
--owner root --group root --mode 0755 --state present
AUTHORS
-------
Nico Schottelius <nico-cdist--@--schottelius.org>
COPYING
-------
Copyright \(C) 2011 Nico Schottelius. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,55 @@
cdist-type__docker(7)
=====================
NAME
----
cdist-type__docker - install Docker CE
DESCRIPTION
-----------
Installs latest Docker Community Edition package.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
state
'present' or 'absent', defaults to 'present'
version
The specific version to install. Defaults to the special value 'latest',
meaning the version the package manager will install by default.
BOOLEAN PARAMETERS
------------------
None.
EXAMPLES
--------
.. code-block:: sh
# Install docker
__docker
# Remove docker
__docker --state absent
# Install specific version
__docker --state present --version 18.03.0.ce
AUTHORS
-------
Steven Armstrong <steven-cdist--@--armstrong.cc>
COPYING
-------
Copyright \(C) 2016 Steven Armstrong. Free use of this software is
granted under the terms of the GNU General Public License version 3 (GPLv3).

View file

@ -0,0 +1,58 @@
cdist-type__docker_compose(7)
=============================
NAME
----
cdist-type__docker_compose - install docker-compose
DESCRIPTION
-----------
Installs docker-compose package.
State 'absent' will not remove docker binary itself,
only docker-compose binary will be removed
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
version
Define docker_compose version, defaults to "1.9.0"
state
'present' or 'absent', defaults to 'present'
BOOLEAN PARAMETERS
------------------
None.
EXAMPLES
--------
.. code-block:: sh
# Install docker-compose
__docker_compose
# Install version 1.9.0-rc4
__docker_compose --version 1.9.0-rc4
# Remove docker-compose
__docker_compose --state absent
AUTHORS
-------
Dominique Roux <dominique.roux--@--ungleich.ch>
COPYING
-------
Copyright \(C) 2016 Dominique Roux. Free use of this software is
granted under the terms of the GNU General Public License version 3 or later (GPLv3+).

View file

@ -0,0 +1,55 @@
cdist-type__docker_config(7)
============================
NAME
----
cdist-type__docker_config - Manage Docker configs
DESCRIPTION
-----------
This type manages Docker configs.
OPTIONAL PARAMETERS
-------------------
source
Path to the source file. If it is '-' (dash), read standard input.
state
'present' or 'absent', defaults to 'present' where:
present
if the config does not exist, it is created
absent
the config is removed
CAVEATS
-------
Since Docker configs cannot be updated once created, this type tries removing
and recreating the config if it changes. If the config is used by a service at
the time of removing, then this type will fail.
EXAMPLES
--------
.. code-block:: sh
# Creates "foo" config from "bar" source file
__docker_config foo --source bar
AUTHORS
-------
Ľubomír Kučera <lubomir.kucera.jr at gmail.com>
COPYING
-------
Copyright \(C) 2018 Ľubomír Kučera. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,54 @@
cdist-type__docker_secret(7)
============================
NAME
----
cdist-type__docker_secret - Manage Docker secrets
DESCRIPTION
-----------
This type manages Docker secrets.
OPTIONAL PARAMETERS
-------------------
source
Path to the source file. If it is '-' (dash), read standard input.
state
'present' or 'absent', defaults to 'present' where:
present
if the secret does not exist, it is created
absent
the secret is removed
CAVEATS
-------
Since Docker secrets cannot be updated once created, this type takes no action
if the specified secret already exists.
EXAMPLES
--------
.. code-block:: sh
# Creates "foo" secret from "bar" source file
__docker_secret foo --source bar
AUTHORS
-------
Ľubomír Kučera <lubomir.kucera.jr at gmail.com>
COPYING
-------
Copyright \(C) 2018 Ľubomír Kučera. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,54 @@
cdist-type__docker_stack(7)
===========================
NAME
----
cdist-type__docker_stack - Manage Docker stacks
DESCRIPTION
-----------
This type manages service stacks.
.. note::
Since there is no easy way to tell whether a stack needs to be updated,
`docker stack deploy` is being run every time this type is invoked.
However, it does not mean this type is not idempotent. If Docker does not
detect changes, the existing stack will not be updated.
OPTIONAL PARAMETERS
-------------------
compose-file
Path to the compose file. If it is '-' (dash), read standard input.
state
'present' or 'absent', defaults to 'present' where:
present
the stack is deployed
absent
the stack is removed
EXAMPLES
--------
.. code-block:: sh
# Deploys 'foo' stack defined in 'docker-compose.yml' compose file
__docker_stack foo --compose-file docker-compose.yml
AUTHORS
-------
Ľubomír Kučera <lubomir.kucera.jr at gmail.com>
COPYING
-------
Copyright \(C) 2018 Ľubomír Kučera. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,49 @@
cdist-type__docker_swarm(7)
===========================
NAME
----
cdist-type__docker_swarm - Manage Swarm
DESCRIPTION
-----------
This type can initialize Docker swarm mode. For more information about swarm
mode, see `Swarm mode overview <https://docs.docker.com/engine/swarm/>`_.
OPTIONAL PARAMETERS
-------------------
state
'present' or 'absent', defaults to 'present' where:
present
Swarm is initialized
absent
Swarm is left
EXAMPLES
--------
.. code-block:: sh
# Initializes a swarm
__docker_swarm
# Leaves a swarm
__docker_swarm --state absent
AUTHORS
-------
Ľubomír Kučera <lubomir.kucera.jr at gmail.com>
COPYING
-------
Copyright \(C) 2018 Ľubomír Kučera. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,59 @@
cdist-type__dog_vdi(7)
======================
NAME
----
cdist-type__dog_vdi - Manage Sheepdog VM images
DESCRIPTION
-----------
The dog program is used to create images for sheepdog
to be used in qemu.
OPTIONAL PARAMETERS
-------------------
state
Either "present" or "absent", defaults to "present"
size
Size of the image in "dog vdi" compatible units.
Required if state is "present".
EXAMPLES
--------
.. code-block:: sh
# Create a 50G size image
__dog_vdi nico-privat.sky.ungleich.ch --size 50G
# Create a 50G size image (more explicit)
__dog_vdi nico-privat.sky.ungleich.ch --size 50G --state present
# Remove image
__dog_vdi nico-privat.sky.ungleich.ch --state absent
# Remove image - keeping --size is ok
__dog_vdi nico-privat.sky.ungleich.ch --size 50G --state absent
SEE ALSO
--------
:strong:`qemu`\ (1), :strong:`dog`\ (8)
AUTHORS
-------
Nico Schottelius <nico-cdist--@--schottelius.org>
COPYING
-------
Copyright \(C) 2014 Nico Schottelius. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,89 @@
cdist-type__dot_file(7)
========================
NAME
----
cdist-type__dot_file - install file under user's home directory
DESCRIPTION
-----------
This type installs a file (=\ *__object_id*) under user's home directory,
providing a way to install per-user configuration files. File owner
and group is deduced from user, for who file is installed.
Unlike regular __file type, you do not need make any assumptions,
where user's home directory is.
REQUIRED PARAMETERS
-------------------
user
User, for who file is installed
OPTIONAL PARAMETERS
-------------------
dirmode
forwarded to :strong:`__directory` type as mode
mode
forwarded to :strong:`__file` type
state
forwarded to :strong:`__file` type
source
forwarded to :strong:`__file` type
file
forwarded to :strong:`__file` type
This can be used if multiple users need to have a dotfile updated,
which will result in duplicate object id errors. When using the
file parameter the object id can be some unique value.
MESSAGES
--------
This type inherits all messages from :strong:`file` type, and do not add
any new.
EXAMPLES
--------
.. code-block:: sh
# Install .forward file for user 'alice'. Since state is 'present',
# user is not meant to edit this file, all changes will be overridden.
# It is good idea to put warning about it in file itself.
__dot_file .forward --user alice --source "$__files/forward"
# Install .muttrc for user 'bob', if not already present. User can safely
# edit it, his changes will not be overwritten.
__dot_file .muttrc --user bob --source "$__files/recommended_mutt_config" --state exists
# Install default xmonad config for user 'eve'. Parent directory is created automatically.
__dot_file .xmonad/xmonad.hs --user eve --state exists --source "$__files/xmonad.hs"
# install .vimrc for root and some users
for user in root userx usery userz; do
__dot_file "${user}_dot_vimrc" \
--user $user \
--file .vimrc \
--state exists \
--source "$__files/$user/.vimrc"
done
SEE ALSO
--------
**cdist-type__file**\ (7)
COPYING
-------
Copyright (C) 2015 Dmitry Bogatov. Free use of this software is granted
under the terms of the GNU General Public License version 3 or later
(GPLv3+).

View file

@ -0,0 +1,101 @@
cdist-type__download(7)
=======================
NAME
----
cdist-type__download - Download a file
DESCRIPTION
-----------
By default type will try to use ``curl``, ``fetch`` or ``wget``.
If download happens in target (see ``--download``) then type will
fallback to (and install) ``wget``.
If download happens in local machine, then environment variables like
``{http,https,ftp}_proxy`` etc can be used on cdist execution
(``http_proxy=foo cdist config ...``).
To change downloaded file's owner, group or permissions, use ``require='__download/path/to/file' __file ...``.
REQUIRED PARAMETERS
-------------------
url
File's URL.
OPTIONAL PARAMETERS
-------------------
destination
Downloaded file's destination in target. If unset, ``$__object_id`` is used.
sum
Supported formats: ``cksum`` output without file name, MD5, SHA1 and SHA256.
Type tries to detect hash format with regexes, but prefixes
``cksum:``, ``md5:``, ``sha1:`` and ``sha256:`` are also supported.
Checksum have two purposes - state check and post-download verification.
In state check, if destination checksum mismatches, then content of URL
will be downloaded to temporary file. If downloaded temporary file's
checksum matches, then it will be moved to destination (overwritten).
For local downloads it is expected that usable utilities for checksum
calculation exist in the system.
download
If ``local`` (default), then file is downloaded to local storage and copied
to target host. If ``remote``, then download happens in target.
For local downloads it is expected that usable utilities for downloading
exist in the system. Type will try to use ``curl``, ``fetch`` or ``wget``.
cmd-get
Command used for downloading.
Command must output to ``stdout``.
Parameter will be used for ``printf`` and must include only one
format specification ``%s`` which will become URL.
For example: ``wget -O - '%s'``.
cmd-sum
Command used for checksum calculation.
Command output and ``--sum`` parameter must match.
Parameter will be used for ``printf`` and must include only one
format specification ``%s`` which will become destination.
For example: ``md5sum '%s' | awk '{print $1}'``.
onchange
Execute this command after download.
EXAMPLES
--------
.. code-block:: sh
__directory /opt/cpma
require='__directory/opt/cpma' \
__download /opt/cpma/cnq3.zip \
--url https://cdn.playmorepromode.com/files/cnq3/cnq3-1.51.zip \
--sum 46da3021ca9eace277115ec9106c5b46
require='__download/opt/cpma/cnq3.zip' \
__unpack /opt/cpma/cnq3.zip \
--backup-destination \
--preserve-archive \
--destination /opt/cpma/server
AUTHORS
-------
Ander Punnar <ander-at-kvlt-dot-ee>
COPYING
-------
Copyright \(C) 2021 Ander Punnar. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,103 @@
cdist-type__dpkg_architecture(7)
================================
NAME
----
cdist-type__dpkg_architecture - Handles foreign architectures on debian-like
systems managed by `dpkg`
DESCRIPTION
-----------
This type handles foreign architectures on systems managed by
:strong:`dpkg`\ (1). The object id is the name of the architecture accepted by
`dpkg`, which should be added or removed.
If the architecture is not setup on the system, it adds a new architecture as a
new foreign architecture in `dpkg`. Then, it updates the apt package index to
make packages from the new architecture available.
If the architecture should be removed, it will remove it if it is not the base
architecture on where the system was installed on. Before it, it will purge
every package based on the "to be removed" architecture via `apt` to be able to
remove the selected architecture.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
state
``present`` or ``absent``. Defaults to ``present``.
MESSAGES
--------
added
Added the specified architecture
removed
Removed the specified architecture
ABORTS
------
Aborts in the following cases:
If :strong:`dpkg`\ (1) is not available. It will abort with a proper error
message.
If the architecture is the same as the base architecture the system is build
upon it (returned by ``dpkg --print-architecture``) and it should be removed.
It will fail if it can not execute :strong:`apt`\ (8). It is assumed that it is
already installed.
EXAMPLES
--------
.. code-block:: sh
# add i386 (32 bit) architecture
__dpkg_architecture i386
# remove it again :)
__dpkg_architecture i386 --state absent
SEE ALSO
--------
`Multiarch on Debian systems <https://wiki.debian.org/Multiarch>`_
`How to setup multiarch on Debian <https://wiki.debian.org/Multiarch/HOWTO>`_
:strong:`dpkg`\ (1)
:strong:`cdist-type__package_dpkg`\ (7)
:strong:`cdist-type__package_apt`\ (7)
Useful commands:
.. code-block:: sh
# base architecture installed on this system
dpkg --print-architecture
# extra architectures added
dpkg --print-foreign-architectures
AUTHORS
-------
Matthias Stecher <matthiasstecher at gmx.de>
COPYING
-------
Copyright \(C) 2020 Matthias Stecher. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
ublished by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,124 @@
cdist-type__file(7)
===================
NAME
----
cdist-type__file - Manage files.
DESCRIPTION
-----------
This cdist type allows you to create files, remove files and set file
attributes on the target.
If the file already exists on the target, then if it is a:
regular file, and state is:
present
replace it with the source file if they are not equal
exists
do nothing
symlink
replace it with the source file
directory
replace it with the source file
One exception is that when state is pre-exists, an error is raised if
the file would have been created otherwise (e.g. it is not present or
not a regular file).
In any case, make sure that the file attributes are as specified.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
state
'present', 'absent', 'exists' or 'pre-exists', defaults to 'present' where:
present
the file is exactly the one from source
absent
the file does not exist
exists
the file from source but only if it doesn't already exist
pre-exists
check that the file exists and is a regular file, but do not
create or modify it
group
Group to chgrp to. Defaults to ``root``.
mode
Unix permissions, suitable for chmod. Defaults to a very secure ``0600``.
owner
User to chown to. Defaults to ``root``.
source
If supplied, copy this file from the host running cdist to the target.
If not supplied, an empty file or directory will be created.
If source is '-' (dash), take what was written to stdin as the file content.
onchange
The code to run if file is modified.
MESSAGES
--------
chgrp <group>
Changed group membership
chown <owner>
Changed owner
chmod <mode>
Changed mode
create
Empty file was created (no --source specified)
remove
File exists, but state is absent, file will be removed by generated code.
upload
File was uploaded
EXAMPLES
--------
.. code-block:: sh
# Create /etc/cdist-configured as an empty file
__file /etc/cdist-configured
# The same thing
__file /etc/cdist-configured --state present
# Use __file from another type
__file /etc/issue --source "$__type/files/archlinux" --state present
# Delete existing file
__file /etc/cdist-configured --state absent
# Supply some more settings
__file /etc/shadow --source "$__type/files/shadow" \
--owner root --group shadow --mode 0640 \
--state present
# Provide a default file, but let the user change it
__file /home/frodo/.bashrc --source "/etc/skel/.bashrc" \
--state exists \
--owner frodo --mode 0600
# Check that the file is present, show an error when it is not
__file /etc/somefile --state pre-exists
# Take file content from stdin
__file /tmp/whatever --owner root --group root --mode 644 --source - << DONE
Here goes the content for /tmp/whatever
DONE
AUTHORS
-------
Nico Schottelius <nico-cdist--@--schottelius.org>
COPYING
-------
Copyright \(C) 2011-2013 Nico Schottelius. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,81 @@
cdist-type__filesystem(7)
=========================
NAME
----
cdist-type__filesystem - Create Filesystems.
DESCRIPTION
-----------
This cdist type allows you to create filesystems on devices.
If the device is mounted on target, it refuses to do anything.
If the device has a filesystem other then the specified and/or
the label is not correct, it only makes a new filesystem
if you have specified --force option.
REQUIRED PARAMETERS
-------------------
fstype
Filesystem type, for example 'ext3', 'btrfs' or 'xfs'.
OPTIONAL PARAMETERS
-------------------
device
Blockdevice for filesystem, Defaults to object_id.
On linux, it can be any lsblk accepted device notation.
|
| For example:
| /dev/sdx
| or /dev/disk/by-xxxx/xxx
| or /dev/mapper/xxxx
label
Label which should be applied on the filesystem.
mkfsoptions
Additional options which are inserted to the mkfs.xxx call.
BOOLEAN PARAMETERS
------------------
force
Normally, this type does nothing if a filesystem is found
on the target device. If you specify force, it's formatted
if the filesystem type or label differs from parameters.
Warning: This option can easily lead into data loss!
MESSAGES
--------
filesystem <fstype> on <device> \: <discoverd device> created
Filesystem was created on <discoverd device>
EXAMPLES
--------
.. code-block:: sh
# Ensures that device /dev/sdb is formatted with xfs
__filesystem /dev/sdb --fstype xfs --label Testdisk1
# The same thing with btrfs and disk spezified by pci path to disk 1:0 on vmware
__filesystem dev_sdb --fstype btrfs --device /dev/disk/by-path/pci-0000:0b:00.0-scsi-0:0:0:0 --label Testdisk2
# Make sure that a multipath san device has a filesystem ...
__filesystem dev_sdb --fstype xfs --device /dev/mapper/360060e80432f560050202f22000023ff --label Testdisk3
AUTHORS
-------
Daniel Heule <hda--@--sfs.biz>
COPYING
-------
Copyright \(C) 2016 Daniel Heule. Free use of this software is
granted under the terms of the GNU General Public License version 3 or any later version (GPLv3+).

View file

@ -0,0 +1,81 @@
cdist-type__firewalld_rule(7)
=============================
NAME
----
cdist-type__firewalld_rule - Configure firewalld rules
DESCRIPTION
-----------
This cdist type allows you to manage rules in firewalld
using the *direct* way (i.e. no zone support).
REQUIRED PARAMETERS
-------------------
rule
The rule to apply. Essentially an firewalld command
line without firewalld in front of it.
protocol
Either ipv4, ipv4 or eb. See firewall-cmd(1)
table
The table to use (like filter or nat). See firewall-cmd(1).
chain
The chain to use (like INPUT_direct or FORWARD_direct). See firewall-cmd(1).
priority
The priority to use (0 is topmost). See firewall-cmd(1).
OPTIONAL PARAMETERS
-------------------
state
'present' or 'absent', defaults to 'present'
EXAMPLES
--------
.. code-block:: sh
# Allow access from entrance.place4.ungleich.ch
__firewalld_rule entrance \
--protocol ipv4 \
--table filter \
--chain INPUT_direct \
--priority 0 \
--rule '-s entrance.place4.ungleich.ch -j ACCEPT'
# Allow forwarding of traffic from br0
__firewalld_rule vm-forward --protocol ipv4 \
--table filter \
--chain FORWARD_direct \
--priority 0 \
--rule '-i br0 -j ACCEPT'
# Ensure old rule is absent - warning, the rule part must stay the same!
__firewalld_rule vm-forward
--protocol ipv4 \
--table filter \
--chain FORWARD_direct \
--priority 0 \
--rule '-i br0 -j ACCEPT' \
--state absent
SEE ALSO
--------
:strong:`cdist-type__iptables_rule`\ (7), :strong:`firewalld`\ (8)
AUTHORS
-------
Nico Schottelius <nico-cdist--@--schottelius.org>
COPYING
-------
Copyright \(C) 2015 Nico Schottelius. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,53 @@
cdist-type__firewalld_start(7)
==============================
NAME
----
cdist-type__firewalld_start - start and enable firewalld
DESCRIPTION
-----------
This cdist type allows you to start and enable firewalld.
REQUIRED PARAMETERS
-------------------
None
OPTIONAL PARAMETERS
-------------------
startstate
'present' or 'absent', start/stop firewalld. Default is 'present'.
bootstate
'present' or 'absent', enable/disable firewalld on boot. Default is 'present'.
EXAMPLES
--------
.. code-block:: sh
# start and enable firewalld
__firewalld_start
# only enable firewalld to start on boot
__firewalld_start --startstate present --bootstate absent
SEE ALSO
--------
:strong:`firewalld`\ (8)
AUTHORS
-------
Darko Poljak <darko.poljak--@--ungleich.ch>
COPYING
-------
Copyright \(C) 2016 Darko Poljak. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,66 @@
cdist-type__git(7)
==================
NAME
----
cdist-type__git - Get and or keep git repositories up-to-date
DESCRIPTION
-----------
This cdist type allows you to clone git repositories
REQUIRED PARAMETERS
-------------------
source
Specifies the git remote to clone from
OPTIONAL PARAMETERS
-------------------
state
Either "present" or "absent", defaults to "present"
branch
Create this branch by checking out the remote branch of this name
Default branch is "master"
group
Group to chgrp to.
mode
Unix permissions, suitable for chmod.
owner
User to chown to.
recursive
Passes the --recurse-submodules flag to git when cloning the repository.
shallow
Sets --depth=1 and --shallow-submodules for cloning repositories with big history.
EXAMPLES
--------
.. code-block:: sh
__git /home/services/dokuwiki --source git://github.com/splitbrain/dokuwiki.git
# Checkout cdist, stay on branch 2.1
__git /home/nico/cdist --source git@code.ungleich.ch:ungleich-public/cdist.git --branch 2.1
AUTHORS
-------
Nico Schottelius <nico-cdist--@--schottelius.org>
COPYING
-------
Copyright \(C) 2012 Nico Schottelius. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,48 @@
cdist-type__go_get(7)
=====================
NAME
----
cdist-type__go_get - Install go packages with go get
DESCRIPTION
-----------
This cdist type allows you to install golang packages with go get.
A sufficiently recent version of go must be present on the system.
The object ID is the go package to be installed.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
None.
EXAMPLES
--------
.. code-block:: sh
__go_get github.com/prometheus/prometheus/cmd/...
# usually you'd need to require golang from somewhere:
require="__golang_from_vendor" __go_get github.com/prometheus/prometheus/cmd/...
AUTHORS
-------
Kamila Součková <kamila@ksp.sk>
COPYING
-------
Copyright \(C) 2017 Kamila Součková. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,48 @@
cdist-type__golang_from_vendor(7)
=================================
NAME
----
cdist-type__golang_from_vendor - Install any version of golang from golang.org
DESCRIPTION
-----------
This cdist type allows you to install golang from archives provided by https://golang.org/dl/.
See https://golang.org/dl/ for the list of supported versions, operating systems and architectures.
This is a singleton type.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
version
The golang version to install, defaults to 1.8.1
EXAMPLES
--------
.. code-block:: sh
__golang_from_vendor --version 1.8.1
AUTHORS
-------
Kamila Součková <kamila@ksp.sk>
COPYING
-------
Copyright \(C) 2017 Kamila Součková. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,43 @@
cdist-type__grafana_dashboard(7)
================================
NAME
----
cdist-type__grafana_dashboard - Install Grafana (https://grafana.com)
DESCRIPTION
-----------
This cdist type adds the Grafana repository, installs the grafana package, and sets the server to start on boot.
This is a singleton type.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
None.
EXAMPLES
--------
.. code-block:: sh
__grafana_dashboard
AUTHORS
-------
Kamila Součková <kamila@ksp.sk>
COPYING
-------
Copyright \(C) 2017 Kamila Součková. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,80 @@
cdist-type__group(7)
====================
NAME
----
cdist-type__group - Manage groups
DESCRIPTION
-----------
This cdist type allows you to create or modify groups on the target.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
state
absent or present, defaults to present
gid
see groupmod(8)
password
see above
BOOLEAN PARAMETERS
------------------
system
see groupadd(8), apply only on group creation
MESSAGES
--------
mod
group is modified
add
New group added
remove
group is removed
change <property> <new_value> <current_value>
Changed group property from current_value to new_value
set <property> <new_value>
set property to new value, property was not set before
EXAMPLES
--------
.. code-block:: sh
# Create a group 'foobar' with operating system default settings
__group foobar
# Remove the 'foobar' group
__group foobar --state absent
# Create a system group 'myservice' with operating system default settings
__group myservice --system
# Same but with a specific gid
__group foobar --gid 1234
# Same but with a gid and password
__group foobar --gid 1234 --password 'crypted-password-string'
AUTHORS
-------
Steven Armstrong <steven-cdist--@--armstrong.cc>
COPYING
-------
Copyright \(C) 2011-2015 Steven Armstrong. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,121 @@
cdist-type__haproxy_dualstack(7)
================================
NAME
----
cdist-type__haproxy_dualstack - Proxy services from a dual-stack server
DESCRIPTION
-----------
This (singleton) type installs and configures haproxy to act as a dual-stack
proxy for single-stack services.
This can be useful to add IPv4 support to IPv6-only services while only using
one IPv4 for many such services.
By default this type uses the plain TCP proxy mode, which means that there is no
need for TLS termination on this host when SNI is supported.
This also means that proxied services will not receive the client's IP address,
but will see the proxy's IP address instead (that of `$__target_host`).
This can be solved by using the PROXY protocol, but do take into account that,
e.g. nginx cannot serve both regular HTTP(S) and PROXY protocols on the same
port, so you will need to use other ports for that.
As a recommendation in this type: use TCP ports 8080 and 591 respectively to
serve HTTP and HTTPS using the PROXY protocol.
See the EXAMPLES for more details.
OPTIONAL PARAMETERS
-------------------
v4proxy
Proxy incoming IPv4 connections to the equivalent IPv6 endpoint.
In its simplest use, it must be a NAME with an `AAAA` DNS entry, which is
the IP address actually providing the proxied services.
The full format of this argument is:
`[proxy:]NAME[[:PROTOCOL_1=PORT_1]...[:PROTOCOL_N=PORT_N]]`
Where starting with `proxy:` determines that the PROXY protocol must be
used and each `:PROTOCOL=PORT` (e.g. `:http=8080` or `:https=591`) is a PORT
override for the given PROTOCOL (see `--protocol`), if not present the
PROTOCOL's default port will be used.
v6proxy
Proxy incoming IPv6 connections to the equivalent IPv4 endpoint.
In its simplest use, it must be a NAME with an `A` DNS entry, which is
the IP address actually providing the proxied services.
See `--v4proxy` for more options and details.
protocol
Can be passed multiple times or as a space-separated list of protocols.
Currently supported protocols are: `http`, `https`, `imaps`, `smtps`.
This defaults to: `http https imaps smtps`.
EXAMPLES
--------
.. code-block:: sh
# Proxy the IPv6-only services so IPv4-only clients can access them
# This uses HAProxy's TCP mode for http, https, imaps and smtps
__haproxy_dualstack \
--v4proxy ipv6.chat \
--v4proxy matrix.ungleich.ch
# Proxy the IPv6-only HTTP(S) services so IPv4-only clients can access them
# Note this means that the backend IPv6-only server will only see
# the IPv6 address of the haproxy host managed by cdist, which can be
# troublesome if this information is relevant for analytics/security/...
# See the PROXY example below
__haproxy_dualstack \
--protocol http --protocol https \
--v4proxy ipv6.chat \
--v4proxy matrix.ungleich.ch
# Use the PROXY protocol to proxy the IPv6-only HTTP(S) services enabling
# IPv4-only clients to access them while maintaining the client's IP address
__haproxy_dualstack \
--protocol http --protocol https \
--v4proxy proxy:ipv6.chat:http=8080:https=591 \
--v4proxy proxy:matrix.ungleich.ch:http=8080:https=591
# Note however that the PROXY protocol is not compatible with regular
# HTTP(S) protocols, so your nginx will have to listen on different ports
# with the PROXY settings.
# Note that you will need to restrict access to the 8080 port to prevent
# Client IP spoofing.
# This can be something like:
# server {
# # listen for regular HTTP connections
# listen [::]:80 default_server;
# listen 80 default_server;
# # listen for PROXY HTTP connections
# listen [::]:8080 proxy_protocol;
# # Accept the Client's IP from the PROXY protocol
# real_ip_header proxy_protocol;
# }
SEE ALSO
--------
- https://www.haproxy.com/blog/enhanced-ssl-load-balancing-with-server-name-indication-sni-tls-extension/
- https://www.haproxy.com/blog/haproxy/proxy-protocol/
- https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/
AUTHORS
-------
ungleich <foss--@--ungleich.ch>
Evilham <cvs--@--evilham.com>
COPYING
-------
Copyright \(C) 2021 ungleich glarus ag. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,55 @@
cdist-type__hostname(7)
=======================
NAME
----
cdist-type__hostname - Set the hostname
DESCRIPTION
-----------
Sets the hostname on various operating systems.
**Tip:** For advice on choosing a hostname, see
`RFC 1178 <https://tools.ietf.org/html/rfc1178>`_.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
name
The hostname to set. Defaults to the first segment of __target_host
(${__target_host%%.*})
MESSAGES
--------
changed
Changed the hostname
EXAMPLES
--------
.. code-block:: sh
# take hostname from __target_host
__hostname
# set hostname explicitly
__hostname --name some-static-hostname
AUTHORS
-------
Steven Armstrong <steven-cdist--@--armstrong.cc>
COPYING
-------
Copyright \(C) 2012 Steven Armstrong. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,62 @@
cdist-type__hosts(7)
====================
NAME
----
cdist-type__hosts - manage entries in /etc/hosts
DESCRIPTION
-----------
Add or remove entries from */etc/hosts* file.
OPTIONAL PARAMETERS
-------------------
state
If state is ``present``, make *object_id* resolve to *ip*. If
state is ``absent``, *object_id* will no longer resolve via
*/etc/hosts*, if it was previously configured with this type.
Manually inserted entries are unaffected.
ip
IP address, to which hostname (=\ *object_id*) must resolve. If
state is ``present``, this parameter is mandatory, if state is
``absent``, this parameter is silently ignored.
alias
An alias for the hostname.
This parameter can be specified multiple times (once per alias).
EXAMPLES
--------
.. code-block:: sh
# Now `funny' resolves to 192.168.1.76,
__hosts funny --ip 192.168.1.76
# and `happy' no longer resolve via /etc/hosts if it was
# previously configured via __hosts.
__hosts happy --state absent
__hosts srv1.example.com --ip 192.168.0.42 --alias srv1
SEE ALSO
--------
:strong:`hosts`\ (5)
AUTHORS
-------
| Dmitry Bogatov <KAction@gnu.org>
| Dennis Camera <dennis.camera--@--ssrq-sds-fds.ch>
COPYING
-------
Copyright \(C) 2015-2016 Dmitry Bogatov, 2019 Dennis Camera.
You can redistribute it and/or modify it under the terms of the GNU General
Public License as published by the Free Software Foundation, either version 3 of
the License, or (at your option) any later version.

View file

@ -0,0 +1,63 @@
cdist-type__hwclock(7)
======================
NAME
----
cdist-type__hwclock - Manage the hardware real time clock.
DESCRIPTION
-----------
This type can be used to control how the hardware clock is used by the operating
system.
REQUIRED PARAMETERS
-------------------
mode
What mode the hardware clock is in.
Acceptable values:
localtime
The hardware clock is set to local time (common for systems also running
Windows.)
UTC
The hardware clock is set to UTC (common on UNIX systems.)
OPTIONAL PARAMETERS
-------------------
None.
BOOLEAN PARAMETERS
------------------
None.
EXAMPLES
--------
.. code-block:: sh
# Make the operating system treat the time read from the hwclock as UTC.
__hwclock --mode UTC
SEE ALSO
--------
:strong:`hwclock`\ (8)
AUTHORS
-------
Dennis Camera <dennis.camera@ssrq-sds-fds.ch>
COPYING
-------
Copyright \(C) 2020 Dennis Camera. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,48 @@
cdist-type__install_bootloader_grub(7)
======================================
NAME
----
cdist-type__install_bootloader_grub - install grub2 bootloader on given disk
DESCRIPTION
-----------
This cdist type allows you to install grub2 bootloader on given disk.
REQUIRED PARAMETERS
-------------------
None
OPTIONAL PARAMETERS
-------------------
device
The device to install grub to. Defaults to object_id
chroot
where to chroot before running grub-install. Defaults to /target.
EXAMPLES
--------
.. code-block:: sh
__install_bootloader_grub /dev/sda
__install_bootloader_grub /dev/sda --chroot /mnt/foobar
AUTHORS
-------
Steven Armstrong <steven-cdist--@--armstrong.cc>
COPYING
-------
Copyright \(C) 2011 Steven Armstrong. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,42 @@
cdist-type__install_chroot_mount(7)
===================================
NAME
----
cdist-type__install_chroot_mount - mount a chroot with install command
DESCRIPTION
-----------
Mount and prepare a chroot for running commands within it.
REQUIRED PARAMETERS
-------------------
None
OPTIONAL PARAMETERS
-------------------
None
EXAMPLES
--------
.. code-block:: sh
__install_chroot_mount /path/to/chroot
AUTHORS
-------
Steven Armstrong <steven-cdist--@--armstrong.cc>
COPYING
-------
Copyright \(C) 2012 Steven Armstrong. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,47 @@
cdist-type__install_chroot_umount(7)
====================================
NAME
----
cdist-type__install_chroot_umount - unmount a chroot mounted by __install_chroot_mount
DESCRIPTION
-----------
Undo what __install_chroot_mount did.
REQUIRED PARAMETERS
-------------------
None
OPTIONAL PARAMETERS
-------------------
None
EXAMPLES
--------
.. code-block:: sh
__install_chroot_umount /path/to/chroot
SEE ALSO
--------
:strong:`cdist-type__install_chroot_mount`\ (7)
AUTHORS
-------
Steven Armstrong <steven-cdist--@--armstrong.cc>
COPYING
-------
Copyright \(C) 2012 Steven Armstrong. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

Some files were not shown because too many files have changed in this diff Show more