Merge branch 'master' into hostname

This commit is contained in:
Dennis Camera 2019-10-27 20:15:03 +01:00
commit fbe9fc4204
53 changed files with 1075 additions and 26 deletions

2
.gitignore vendored
View file

@ -34,7 +34,7 @@ cdist/inventory/
# Python: cache, distutils, distribution in general # Python: cache, distutils, distribution in general
__pycache__/ __pycache__/
*.pyc *.pyc
MANIFEST /MANIFEST
dist/ dist/
cdist/version.py cdist/version.py
cdist.egg-info/ cdist.egg-info/

View file

@ -21,10 +21,8 @@
if command -v ip >/dev/null if command -v ip >/dev/null
then then
ip -o link show | sed -n 's/^[0-9]\+: \(.\+\): <.*/\1/p' ip -o link show | sed -n 's/^[0-9]\+: \(.\+\): <.*/\1/p'
elif command -v ifconfig >/dev/null elif command -v ifconfig >/dev/null
then then
ifconfig -a \ ifconfig -a | sed -n -E 's/^(.*)(:[[:space:]]*flags=|Link encap).*/\1/p'
| sed -n -E 's/^(.*)(:[[:space:]]*flags=|Link encap).*/\1/p' \ fi \
| sort -u | sort -u
fi

View file

@ -145,7 +145,7 @@ esac
if [ -f /etc/os-release ]; then if [ -f /etc/os-release ]; then
# already lowercase, according to: # already lowercase, according to:
# https://www.freedesktop.org/software/systemd/man/os-release.html # https://www.freedesktop.org/software/systemd/man/os-release.html
awk -F= '/^ID=/ {print $2;}' /etc/os-release awk -F= '/^ID=/ { if ($2 ~ /^'"'"'(.*)'"'"'$/ || $2 ~ /^"(.*)"$/) { print substr($2, 2, length($2) - 2) } else { print $2 } }' /etc/os-release
exit 0 exit 0
fi fi

View file

@ -35,7 +35,8 @@ owner=$(cat "$__object/parameter/owner")
group=$(cat "$__object/parameter/group") group=$(cat "$__object/parameter/group")
mode=$(cat "$__object/parameter/mode") mode=$(cat "$__object/parameter/mode")
[ -f "$__object/parameter/recursive" ] && recursive='--recursive' || recursive='' [ -f "$__object/parameter/recursive" ] && recursive='--recurse-submodules' || recursive=''
[ -f "$__object/parameter/shallow" ] && shallow='--depth 1 --shallow-submodules' || shallow=''
[ "$state_should" = "$state_is" ] \ [ "$state_should" = "$state_is" ] \
&& [ "$owner" = "$owner_is" ] \ && [ "$owner" = "$owner_is" ] \
@ -45,7 +46,7 @@ mode=$(cat "$__object/parameter/mode")
case $state_should in case $state_should in
present) present)
if [ "$state_should" != "$state_is" ]; then if [ "$state_should" != "$state_is" ]; then
echo git clone --quiet "$recursive" --branch "$branch" "$source" "$destination" echo git clone --quiet "$recursive" "$shallow" --branch "$branch" "$source" "$destination"
fi fi
if { [ -n "$owner" ] && [ "$owner_is" != "$owner" ]; } || \ if { [ -n "$owner" ] && [ "$owner_is" != "$owner" ]; } || \
{ [ -n "$group" ] && [ "$group_is" != "$group" ]; }; then { [ -n "$group" ] && [ "$group_is" != "$group" ]; }; then

View file

@ -36,7 +36,11 @@ owner
User to chown to. User to chown to.
recursive recursive
Passes the --recursive flag to git when cloning the repository. Passes the --recurse-submodules flag to git when cloning the repository.
shallow
Sets --depth=1 and --shallow-submodules for cloning repositories with big history.
EXAMPLES EXAMPLES
-------- --------

View file

@ -1 +1,2 @@
recursive recursive
shallow

View file

@ -15,6 +15,10 @@ case $os in
# Differntation not needed anymore # Differntation not needed anymore
apt_source_distribution=stable apt_source_distribution=stable
;; ;;
10*)
# Differntation not needed anymore
apt_source_distribution=stable
;;
*) *)
echo "Don't know how to install Grafana on $os $os_version. Send us a pull request!" >&2 echo "Don't know how to install Grafana on $os $os_version. Send us a pull request!" >&2
exit 1 exit 1
@ -29,10 +33,9 @@ case $os in
--uri https://packages.grafana.com/oss/deb \ --uri https://packages.grafana.com/oss/deb \
--distribution $apt_source_distribution \ --distribution $apt_source_distribution \
--component main --component main
__package apt-transport-https __package apt-transport-https
require="$require __apt_source/grafana" __apt_update_index
require="$require __apt_source/grafana __package/apt-transport-https" __package grafana require="$require __package/apt-transport-https __apt_update_index" __package grafana
require="$require __package/grafana" __start_on_boot grafana-server require="$require __package/grafana" __start_on_boot grafana-server
require="$require __start_on_boot/grafana-server" __process grafana-server --start "service grafana-server start" require="$require __start_on_boot/grafana-server" __process grafana-server --start "service grafana-server start"
;; ;;

View file

@ -7,6 +7,12 @@ if [ -z "${certbot_fullpath}" ]; then
os_version="$(cat "${__global}/explorer/os_version")" os_version="$(cat "${__global}/explorer/os_version")"
case "$os" in case "$os" in
archlinux)
__package certbot
;;
alpine)
__package certbot
;;
debian) debian)
case "$os_version" in case "$os_version" in
8*) 8*)
@ -33,6 +39,10 @@ if [ -z "${certbot_fullpath}" ]; then
require="__apt_source/stretch-backports" __package_apt certbot \ require="__apt_source/stretch-backports" __package_apt certbot \
--target-release stretch-backports --target-release stretch-backports
;; ;;
10*)
__package_apt certbot
;;
*) *)
echo "Unsupported OS version: $os_version" >&2 echo "Unsupported OS version: $os_version" >&2
exit 1 exit 1

View file

@ -34,6 +34,9 @@ case "$type" in
echo 0 echo 0
fi fi
;; ;;
alpine)
echo 0
;;
*) echo "Your specified type ($type) is currently not supported." >&2 *) echo "Your specified type ($type) is currently not supported." >&2
echo "Please contribute an implementation for it if you can." >&2 echo "Please contribute an implementation for it if you can." >&2
;; ;;

View file

@ -26,6 +26,7 @@ else
amazon|scientific|centos|fedora|redhat) echo "yum" ;; amazon|scientific|centos|fedora|redhat) echo "yum" ;;
debian|ubuntu|devuan) echo "apt" ;; debian|ubuntu|devuan) echo "apt" ;;
archlinux) echo "pacman" ;; archlinux) echo "pacman" ;;
alpine) echo "apk" ;;
*) *)
echo "Don't know how to manage packages on: $os" >&2 echo "Don't know how to manage packages on: $os" >&2
exit 1 exit 1

View file

@ -47,6 +47,10 @@ case "$type" in
echo "pacman --noprogressbar --sync --refresh" echo "pacman --noprogressbar --sync --refresh"
echo "pacman package database synced (age was: $currage)" >> "$__messages_out" echo "pacman package database synced (age was: $currage)" >> "$__messages_out"
;; ;;
alpine)
echo "apk update"
echo "apk package database updated."
;;
*) *)
echo "Don't know how to manage packages for type: $type" >&2 echo "Don't know how to manage packages for type: $type" >&2
exit 1 exit 1

View file

@ -30,6 +30,7 @@ if [ -f "$__object/parameter/install-from-backports" ]; then
*) *)
echo "--install-from-backports is only supported on Devuan -- ignoring." >&2 echo "--install-from-backports is only supported on Devuan -- ignoring." >&2
echo "Send a pull request if you require it." >&2 echo "Send a pull request if you require it." >&2
exit 1
;; ;;
esac esac
else else
@ -60,5 +61,5 @@ require="$require __directory/$storage_path $require_pkg" \
__config_file $CONF \ __config_file $CONF \
--source "$config" \ --source "$config" \
--group prometheus --mode 640 \ --group prometheus --mode 640 \
--onchange "service prometheus-alertmanager reload" # TODO when a config-check tool is available, check config here --onchange "service prometheus-alertmanager restart" # TODO when a config-check tool is available, check config here

View file

@ -5,9 +5,11 @@ export GOBIN=/opt/gocode/bin # where to find go binaries
exporter="$(cat "$__object/parameter/exporter")" exporter="$(cat "$__object/parameter/exporter")"
[ -z "$exporter" ] && exporter="$__object_id" [ -z "$exporter" ] && exporter="$__object_id"
__user prometheus --system __user prometheus
require="__user/prometheus" __group prometheus
require="__group/prometheus" __user_groups prometheus --group prometheus
require="" require="__user_groups/prometheus"
case $exporter in case $exporter in
node) node)
TEXTFILES=/service/node-exporter/textfiles # path for the textfiles collector TEXTFILES=/service/node-exporter/textfiles # path for the textfiles collector

View file

@ -33,11 +33,13 @@ if [ -f "$__object/parameter/install-from-backports" ]; then
*) *)
echo "--install-from-backports is only supported on Devuan -- ignoring." >&2 echo "--install-from-backports is only supported on Devuan -- ignoring." >&2
echo "Send a pull request if you require it." >&2 echo "Send a pull request if you require it." >&2
exit 1
;; ;;
esac esac
else else
__package prometheus __package prometheus
require_pkg="__package/prometheus" __package prometheus-blackbox-exporter
require_pkg="__package/prometheus __package/prometheus-blackbox-exporter"
fi fi
##### PREPARE PATHS AND SUCH ################################################ ##### PREPARE PATHS AND SUCH ################################################
@ -58,7 +60,7 @@ require="$require __directory/$storage_path $require_pkg" \
__config_file $CONF \ __config_file $CONF \
--source "$config" \ --source "$config" \
--group prometheus --mode 640 \ --group prometheus --mode 640 \
--onchange "promtool check config $CONF && service prometheus reload" --onchange "promtool check config $CONF && service prometheus restart"
for file in $rule_files; do for file in $rule_files; do
dest=$CONF_DIR/$(basename "$file") dest=$CONF_DIR/$(basename "$file")
@ -66,6 +68,6 @@ for file in $rule_files; do
__config_file "$dest" \ __config_file "$dest" \
--source "$file" \ --source "$file" \
--owner prometheus \ --owner prometheus \
--onchange "promtool check rules '$dest' && service prometheus reload" --onchange "promtool check rules '$dest' && service prometheus restart"
done done

View file

@ -0,0 +1,131 @@
#!/bin/sh -e
#
# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# Check if the given editor is present on the target system and determine its
# absolute path.
#
die() {
echo "$@" >&2
exit 1
}
editor_missing() { die "Editor '$1' is missing on the target system."; }
editor_no_alternative() {
die "Editor '$1' is not in the alternatives list of the target system." \
"$(test -n "${editors}" && printf '\nPlease choose one of:\n\n%s\n' "${editors}")"
}
# No need to check for the path if the file is supposed to be removed.
test "$(cat "${__object}/parameter/state")" != 'absent' || exit 0
case $("${__explorer}/os")
in
debian|devuan|ubuntu)
has_alternatives=true
# NOTE: Old versions do not support `--list`, in this case ignore the errors.
# This will require an absolute path to be provided, though.
editors=$(update-alternatives --list editor 2>/dev/null)
;;
*)
# NOTE: RedHat has an alternatives system but it doesn't usually track
# editors and it is a pain to extract the list.
has_alternatives=false
;;
esac
# Read --editor parameter and check its value since it is "optional"
editor=$(cat "${__object}/parameter/editor" 2>/dev/null) || true
test -n "${editor}" || die 'Please provide an --editor to configure.'
case $editor
in
/*)
is_abspath=true
;;
*/*)
die 'Relative editor paths are not supported'
;;
*)
is_abspath=false
;;
esac
if $has_alternatives && test -n "${editors}"
then
IFS='
'
if ! $is_abspath
then
# First, try to resolve the absolute path using $editors.
while true
do
for e in $editors
do
if test "$(basename "${e}")" = "${editor}"
then
editor="${e}"
break 2 # break out of both loops
fi
done
# Iterating through alternatives did not yield a result
editor_no_alternative "${editor}"
break
done
fi
# Check if editor is present
test -f "${editor}" || editor_missing "${editor}"
for e in $editors
do
if test "${editor}" = "${e}"
then
# Editor is part of the alternatives list -> use it!
echo "${editor}"
exit 0
fi
done
editor_no_alternative "${editor}"
else
# NOTE: This branch is mostly for RedHat-based systems which do
# not track editor alternatives. To make this type useful
# on RedHat at all we allow an absoloute path to be provided
# in any case.
if $is_abspath
then
test -x "${editor}" || editor_missing "${editor}"
echo "${editor}"
exit 0
else
die "The target doesn't list any editor alternatives. " \
"Please specify an absolute path or populate the alternatives list."
fi
fi
# The script should never reach this statement!
exit 1

View file

@ -0,0 +1,26 @@
#!/bin/sh -e
#
# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# Determines the primary group of the user.
#
user=$__object_id
id -gn "${user}" 2>/dev/null

View file

@ -0,0 +1,33 @@
#!/bin/sh -e
#
# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# Determines the home folder of the target user.
#
user=$__object_id
home=$(getent passwd "${user}" | cut -d':' -f6)
if ! test -d "${home}"
then
echo "Cannot find home directory of user ${user}" >&2
exit 1
fi
echo "${home}"

View file

@ -0,0 +1,78 @@
cdist-type__sensible_editor(7)
==============================
NAME
----
cdist-type__sensible_editor - Select the sensible-editor
DESCRIPTION
-----------
This cdist type allows you to select the :strong:`sensible-editor` for
a given user.
REQUIRED PARAMETERS
-------------------
editor
Name or path of the editor to be selected.
On systems other than Debian derivatives an absolute path is required.
It is permissible to omit this parameter if --state is absent.
OPTIONAL PARAMETERS
-------------------
state
'present', 'absent', or 'exists'. Defaults to 'present', where:
present
the sensible-editor is exactly what is specified in --editor.
absent
no sensible-editor configuration is present.
exists
the sensible-editor will be set to what is specified in --editor,
unless there already is a configuration on the target system.
EXAMPLES
--------
.. code-block:: sh
__sensible_editor root --editor /bin/ed # ed(1) is the standard
__sensible_editor noob --editor nano
LIMITATIONS
-----------
This type depends upon the :strong:`sensible-editor`\ (1) script which
is part of the sensible-utils package.
Therefore, the following operating systems are supported:
* Debian 8 (jessie) or later
* Devuan
* Ubuntu 8.10 (intrepid) or later
* RHEL/CentOS 7 or later (EPEL repo required)
* Fedora 21 or later
Note: on old versions of Ubuntu the sensible-* utils are part of the
debianutils package.
SEE ALSO
--------
:strong:`select-editor`\ (1), :strong:`sensible-editor`\ (1).
AUTHOR
-------
Dennis Camera <dennis.camera--@--ssrq-sds-fds.ch>
COPYING
-------
Copyright \(C) 2019 Dennis Camera.
You can redistribute it and/or modify it under the terms of the GNU General
Public License as published by the Free Software Foundation, either version 3 of
the License, or (at your option) any later version.

View file

@ -0,0 +1,94 @@
#!/bin/sh -e
# -*- mode: sh; indent-tabs-mode: t -*-
#
# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
version_ge() {
awk -F '[^0-9.]' -v target="${1:?}" '
function max(x, y) { return x > y ? x : y; }
BEGIN {
getline;
nx = split($1, x, ".");
ny = split(target, y, ".");
for (i = 1; i <= max(nx, ny); ++i) {
diff = int(x[i]) - int(y[i]);
if (diff < 0) exit 1;
else if (diff > 0) exit 0;
else continue;
}
}'
}
not_supported() {
echo "OS ${os} does not support __sensible_editor." >&2
echo 'If it does, please provide a patch.' >&2
exit 1
}
os=$(cat "${__global}/explorer/os")
os_version=$(cat "${__global}/explorer/os_version")
state=$(cat "${__object}/parameter/state")
user=$__object_id
if test "${state}" != 'present' && test "${state}" != 'exists' && test "${state}" != 'absent'
then
echo 'Only "present", "exists", and "absent" are allowed for --state' >&2
exit 1
fi
package_name='sensible-utils'
case $os
in
debian)
pkg_type='apt'
;;
devuan)
pkg_type='apt'
;;
ubuntu)
(echo "${os_version}" | version_ge 10.04) || package_name='debianutils'
pkg_type='apt'
;;
centos|fedora|redhat|scientific)
pkg_type='yum'
;;
*)
not_supported
;;
esac
if test "${state}" != 'absent'
then
__package "${package_name}" --state present \
--type "${pkg_type}"
export require="__package/${package_name}"
fi
editor_path=$(cat "${__object}/explorer/editor_path")
user_home=$(cat "${__object}/explorer/user_home")
group=$(cat "${__object}/explorer/group")
__file "${user_home}/.selected_editor" --state "${state}" \
--owner "${user}" --group "${group}" --mode 0644 \
--source - <<EOF
# Managed by cdist
SELECTED_EDITOR="${editor_path}"
EOF

View file

@ -0,0 +1 @@
present

View file

@ -0,0 +1,2 @@
editor
state

View file

@ -35,10 +35,10 @@ else
case $owner case $owner
in in
[0-9][0-9]*) [0-9][0-9]*)
gid=$(awk -F: "\$3 == \"${owner}\" { print $4 }" /etc/passwd) gid=$(awk -F: "\$3 == \"${owner}\" { print \$4 }" /etc/passwd)
;; ;;
*) *)
gid=$(awk -F: "\$1 == \"${owner}\" { print $4 }" /etc/passwd) gid=$(awk -F: "\$1 == \"${owner}\" { print \$4 }" /etc/passwd)
;; ;;
esac esac

View file

@ -0,0 +1,22 @@
#!/bin/sh -e
#
# 2018-2019 Thomas Eckert (tom at it-eckert.de)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
if [ -d /etc/apache2/mods-enabled ]; then
ls -1 /etc/apache2/conf-enabled/
fi

View file

@ -0,0 +1,5 @@
#!/bin/sh -e
if [ -d /etc/apache2/mods-enabled ]; then
/usr/sbin/apachectl -t -D DUMP_MODULES | awk '/.*_module/ { gsub(/_module.*$/, ""); gsub(/^ /, ""); print }'
fi

View file

@ -0,0 +1,56 @@
#!/bin/sh -e
#
# 2018-2019 Thomas Eckert (tom at it-eckert.de)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
state=$(cat "$__object/parameter/state")
os=$(cat "$__global/explorer/os")
case "$os" in
debian|ubuntu)
:
;;
*)
echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
echo "Please contribute an implementation for it if you can." >&2
exit 1
;;
esac
if [ "$state" = "present" ]; then
if ! grep -q ^rewrite "$__object/explorer/active-modules"; then
echo "a2enmod rewrite >/dev/null"
echo "mod:rewrite enabled" >> "$__messages_out"
fi
if ! grep -q "^cgi$" "$__object/explorer/active-modules"; then
echo "a2enmod cgi >/dev/null"
echo "mod:cgi enabled" >> "$__messages_out"
fi
if ! grep -q ^xymon.conf "$__object/explorer/active-conf"; then
echo "a2enconf xymon >/dev/null"
echo "conf:xymon enabled" >> "$__messages_out"
fi
fi
if grep -q "^mod:.* enabled" "$__messages_out"; then
echo "systemctl restart apache2.service"
echo "apache restarted" >> "$__messages_out"
elif grep -q "^conf:xymon enabled" "$__messages_out"; then
echo "systemctl reload apache2.service"
echo "apache reloaded" >> "$__messages_out"
fi

View file

@ -0,0 +1,79 @@
cdist-type__xymon_apache(7)
===========================
NAME
----
cdist-type__xymon_apache - Configure apache2-webserver for Xymon
DESCRIPTION
-----------
This cdist type installs and configures apache2 to be used "exclusively" (in
the sense that no other use is taken care of) with Xymon (the systems and
network monitor).
It depends on `__xymon_server`.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
state
'present', 'absent', defaults to 'present'.
ipacl
IP(-ranges) that have access to the Xymon webpages and CGIs. Apache2-style
syntax suitable for `Require ip ...`. Example: `192.168.1.0/24 10.0.0.0/8`
MESSAGES
--------
mod:rewrite enabled
apache module enabled
conf:xymon enabled
apache config for xymon enabled
apache restarted
apache2.service was reloaded
apache reloaded
apache2.service was restarted
EXPLORERS
---------
active-conf
lists apache2 `conf-enabled`
active-modules
lists active apache2-modules
EXAMPLES
--------
.. code-block:: sh
# minmal, only localhost-access:
__xymon_apache
# allow more IPs to access the Xymon-webinterface:
__xymon_apache --ipacl "192.168.0.0/16 10.0.0.0/8" --state "present"
SEE ALSO
--------
:strong:`cdist__xymon_server`\ (7)
AUTHORS
-------
Thomas Eckert <tom--@--it-eckert.de>
COPYING
-------
Copyright \(C) 2018-2019 Thomas Eckert. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,42 @@
#!/bin/sh -e
#
# 2018-2019 Thomas Eckert (tom at it-eckert.de)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
state=$(cat "$__object/parameter/state")
os=$(cat "$__global/explorer/os")
case "$os" in
debian|ubuntu)
:
;;
*)
echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
echo "Please contribute an implementation for it if you can." >&2
exit 1
;;
esac
__package apache2 --state "$state"
## edit xymon.conf IP-ranges
if [ -f "$__object/parameter/ipacl" ]; then
require="__package/xymon" __line /etc/apache2/conf-available/xymon.conf \
--line " Require ip $(cat "$__object/parameter/ipacl")" \
--after "^[[:space:]]*Require local" \
--state "present"
fi

View file

@ -0,0 +1 @@
present

View file

@ -0,0 +1,2 @@
state
ipacl

View file

View file

@ -0,0 +1,28 @@
#!/bin/sh -e
#
# 2018-2019 Thomas Eckert (tom at it-eckert.de)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
servers=$(cat "$__object/parameter/servers")
if grep -q ^__key_value/CLIENTHOSTNAME "$__messages_in" || grep -q ^__key_value/XYMONSERVERS "$__messages_in" ; then
echo "systemctl restart xymon-client"
echo "restarted" >> "$__messages_out"
cat <<-EOT
echo "xymon-client xymon-client/XYMONSERVERS string $servers" | debconf-set-selections
EOT
fi

View file

@ -0,0 +1,57 @@
cdist-type__xymon_client(7)
===========================
NAME
----
cdist-type__xymon_client - Install the Xymon client
DESCRIPTION
-----------
This cdist type installs the Xymon client and configures it to report with
FQDN.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
state
'present', 'absent', defaults to 'present'.
servers
One or more IP addresses (space separated) of the Xymon server(s) to report
to. While DNS-names are ok it is discouraged, defaults to 127.0.0.1.
EXAMPLES
--------
.. code-block:: sh
# minmal, report to 127.0.0.1
__xymon_client
# specify server:
__xymon_client --servers "192.168.1.1"
SEE ALSO
--------
:strong:`cdist__xymon_server`\ (7), :strong:`xymon`\ (7)
AUTHORS
-------
Thomas Eckert <tom--@--it-eckert.de>
COPYING
-------
Copyright \(C) 2018-2019 Thomas Eckert. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,49 @@
#!/bin/sh -e
#
# 2018-2019 Thomas Eckert (tom at it-eckert.de)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
state=$(cat "$__object/parameter/state")
servers=$(cat "$__object/parameter/servers")
os=$(cat "$__global/explorer/os")
case "$os" in
debian|ubuntu)
:
;;
*)
echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
echo "Please contribute an implementation for it if you can." >&2
exit 1
;;
esac
__package xymon-client --state "$state"
require="__package/xymon-client" __key_value CLIENTHOSTNAME \
--file /etc/default/xymon-client \
--value "'$__target_hostname'" \
--delimiter '=' \
--state "$state"
require="__package/xymon-client" __key_value XYMONSERVERS \
--file /etc/default/xymon-client \
--value "'$servers'" \
--delimiter '=' \
--state "$state"
## CLI-usage often requires a shell:
require="__package/xymon-client" __user xymon --shell "/bin/bash" --state "$state"

View file

@ -0,0 +1 @@
127.0.0.1

View file

@ -0,0 +1 @@
present

View file

@ -0,0 +1,2 @@
state
servers

View file

View file

@ -0,0 +1,23 @@
#!/bin/sh -e
#
# 2018-2019 Thomas Eckert (tom at it-eckert.de)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
## to speed up config-reload we send a HUP to the server process:
cat <<-EOT
pkill -HUP xymond || { echo "HUPing xymond failed" >&2; exit 1; }
EOT

View file

@ -0,0 +1,57 @@
cdist-type__xymon_config(7)
===========================
NAME
----
cdist-type__xymon_config - Deploy a Xymon configuration-directory
DESCRIPTION
-----------
This cdist type deploys a full Xymon configuration directory from the files-dir
to the host. This type requires an installed Xymon server, e.g. deployed by
`__xymon_server`.
WARNING: This type _replaces_ the `/etc/xymon/`-directory! The previous
contents is replaced/deleted!
REQUIRED PARAMETERS
-------------------
confdir
The directory in `./files/` that contains the `/etc/xymon/`-content to be
deployed.
REQUIRED FILES
--------------
The directory specified by `confdir` has to contain a valid xymon-configuration
(`/etc/xymon/`) _plus_ the `ext/`-directory that normally resides in
`/usr/lib/xymon/server/`.
EXAMPLES
--------
.. code-block:: sh
__xymon_config --confdir=xymon.example.com
# this will replace /etc/xymon/ on the target host with
# the contents from __xymon_config/files/xymon.example.com/
SEE ALSO
--------
:strong:`cdist__xymon_server`\ (7), :strong:`xymon`\ (7)
AUTHORS
-------
Thomas Eckert <tom--@--it-eckert.de>
COPYING
-------
Copyright \(C) 2018-2019 Thomas Eckert. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,24 @@
#!/bin/sh -e
#
# 2018-2019 Thomas Eckert (tom at it-eckert.de)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
confdir=$(cat "$__object/parameter/confdir")
__rsync /etc/xymon/ \
--source "$__type/files/$confdir/" \
--rsync-opts "delete"

View file

@ -0,0 +1 @@
confdir

View file

View file

@ -0,0 +1,26 @@
#!/bin/sh -e
#
# 2018-2019 Thomas Eckert (tom at it-eckert.de)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
## "move" user-modified dirs to /etc/xymon to be managed by __xymon_config:
cat <<-EOT
if [ ! -L /usr/lib/xymon/server/ext ]; then
mv /usr/lib/xymon/server/ext /etc/xymon
ln -s /etc/xymon/ext /usr/lib/xymon/server/
fi
EOT

View file

@ -0,0 +1,87 @@
cdist-type__xymon_server(7)
===========================
NAME
----
cdist-type__xymon_server - Install a Xymon server
DESCRIPTION
-----------
This cdist type installs a Xymon (https://www.xymon.com/) server and (optional)
required helper packages.
This includes the Xymon client as a dependency, so NO NEED to install
`__xymon_client` separately.
To access the webinterface a webserver is required. The cdist-type
`__xymon_apache` can be used to install and configure the apache webserver for
the use with Xymon.
Further and day-to-day configuration of Xymon can either be done manually in
`/etc/xymon/` or the directory can be deployed and managed by `__xymon_config`.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
state
'present', 'absent', defaults to 'present'. If '--install_helpers' is
specified for 'absent' the helper packages will be un-installed.
BOOLEAN PARAMETERS
------------------
install_helpers
Install helper packages used by Xymon (fping, heirloom-mailx, traceroute,
ntpdate).
EXAMPLES
--------
.. code-block:: sh
# minmal
__xymon_server
# the same
__xymon_server --state present
# also install helper packages:
__xymon_server --install_helpers
# examples to give a more complete picture: __xymon_server installed on
# `xymon.example.com` w/ IP 192.168.1.1:
#
# install webserver and grant 2 private subnets access to the webinterface:
__xymon_apache --ipacl "192.168.0.0/16 10.0.0.0/8"
# deploy server-configuration with __xymon_config:
__xymon_config --confdir=xymon.example.com
# install xymon-client on other machines (not needed on the server):
__xymon_client --servers "192.168.1.1"
SEE ALSO
--------
:strong:`cdist__xymon_apache`\ (7), :strong:`cdist__xymon_config`\ (7),
:strong:`cdist__xymon_client`\ (7), :strong:`xymon`\ (7)
AUTHORS
-------
Thomas Eckert <tom--@--it-eckert.de>
COPYING
-------
Copyright \(C) 2018-2019 Thomas Eckert. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,50 @@
#!/bin/sh -e
#
# 2018-2019 Thomas Eckert (tom at it-eckert.de)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
state=$(cat "$__object/parameter/state")
if [ -f "$__object/parameter/install_helpers" ]; then
install_helpers=1
else
install_helpers=0
fi
os=$(cat "$__global/explorer/os")
case "$os" in
debian|ubuntu)
:
;;
*)
echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
echo "Please contribute an implementation for it if you can." >&2
exit 1
;;
esac
__package xymon --state "$state"
## install helper-packages/tools used by the xymon server if requested:
if [ "$install_helpers" = "1" ]; then
__package fping --state "$state"
__package heirloom-mailx --state "$state"
__package traceroute --state "$state"
__package ntpdate --state "$state"
fi
## CLI-usage often requires a shell:
require="__package/xymon" __user xymon --shell "/bin/bash" --state "$state"

View file

@ -0,0 +1 @@
install_helpers

View file

@ -0,0 +1 @@
present

View file

@ -0,0 +1 @@
state

View file

View file

@ -2,10 +2,28 @@ Changelog
--------- ---------
next: next:
* Type __letsencrypt_cert: Add Alpine support (Nico Schottelius)
* Type __xymon_client: Fix spelling error in manpage (Dmitry Bogatov)
* Build: Support pip from git (Darko Poljak, Ľubomír Kučera)
* Type __package_update_index: Add Alpine support (Ahmed Bilal Khalid)
6.0.2: 2019-10-17
* New types: __xymon_server, __xymon_apache, __xymon_config, __xymon_client (Thomas Eckert)
* Type __letsencrypt_cert: Add Arch Linux support (Nico Schottelius)
* New type: __sensible_editor (Dennis Camera)
* Types __grafana_dashboard, __prometheus_alertmanager, __prometheus_exporter, __prometheus_server: Support Debian 10 (Ahmed Bilal Khalid)
6.0.1: 2019-10-08
* Type __group: Support OSes without getent (Dennis Camera) * Type __group: Support OSes without getent (Dennis Camera)
* Type __user: Support OSes without getent (Dennis Camera) * Type __user: Support OSes without getent (Dennis Camera)
* Type __ssh_authorized_keys: Support OSes without getent (Dennis Camera) * Type __ssh_authorized_keys: Support OSes without getent (Dennis Camera)
* Type __ssh_dot_ssh: Support OSes without getent (Dennis Camera) * Type __ssh_dot_ssh: Support OSes without getent (Dennis Camera)
* Explorer interfaces: Always sort output (Dennis Camera)
* Explorer os: Unquote value from os-release file (Dennis Camera)
* Type __letsencrypt_cert: Support Debian 10* (Ahmed Bilal Khalid)
* Type __prometheus_server: Add missing exit after unsupported error message (Dominique Roux)
* Type __git: Use --recurse-submodules instead of --recursive (Jonas Hagen)
* Type __git: Add --shallow option (Jonas Hagen)
6.0.0: 2019-10-01 6.0.0: 2019-10-01
* Type __letsencrypt_cert: Fix beowulf's spelling (Mondi Ravi) * Type __letsencrypt_cert: Fix beowulf's spelling (Mondi Ravi)

View file

@ -11,7 +11,7 @@ To upgrade cdist in the current branch use
git pull git pull
# Also update the manpages # Also update the manpages
./build man make man
export MANPATH=$MANPATH:$(pwd -P)/doc/man export MANPATH=$MANPATH:$(pwd -P)/doc/man
If you stay on a version branche (i.e. 1.0, 1.1., ...), nothing should break. If you stay on a version branche (i.e. 1.0, 1.1., ...), nothing should break.

View file

@ -1,7 +1,27 @@
from distutils.core import setup from distutils.core import setup
import cdist from distutils.errors import DistutilsError
import os import os
import re import re
import subprocess
# We have it only if it is a git cloned repo.
build_helper = os.path.join('bin', 'build-helper')
# Version file path.
version_file = os.path.join('cdist', 'version.py')
# If we have build-helper we could be a git repo.
if os.path.exists(build_helper):
# Try to generate version.py.
rv = subprocess.run([build_helper, 'version', ])
if rv.returncode != 0:
raise DistutilsError("Failed to generate {}".format(version_file))
else:
# Otherwise, version.py should be present.
if not os.path.exists(version_file):
raise DistutilsError("Missing version file {}".format(version_file))
import cdist
def data_finder(data_dir): def data_finder(data_dir):