Compare commits
4 commits
master
...
parallel-_
| Author | SHA1 | Date | |
|---|---|---|---|
| 60ed6f35fd | |||
| 3367ada5a8 | |||
| 01c9f79357 | |||
| 9ba9dceb1a |
13 changed files with 90 additions and 62 deletions
|
|
@ -1,3 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
command -v certbot 2>/dev/null || true
|
||||
78
cdist/conf/type/__letsencrypt_cert/explorer/certificate-data
Executable file
78
cdist/conf/type/__letsencrypt_cert/explorer/certificate-data
Executable file
|
|
@ -0,0 +1,78 @@
|
|||
#!/bin/sh -e
|
||||
certbot_path="$(command -v certbot 2>/dev/null || true)"
|
||||
# Defaults
|
||||
certificate_exists="no"
|
||||
certificate_is_test="no"
|
||||
|
||||
if [ -n "${certbot_path}" ]; then
|
||||
# Find python executable that has access to certbot's module
|
||||
python_path=$(sed -n '1s/^#! *//p' "${certbot_path}")
|
||||
|
||||
# Use a lock for cdist due to certbot not exiting with failure
|
||||
# or having any flags for concurrent use.
|
||||
_certbot() {
|
||||
${python_path} - 2>/dev/null <<EOF
|
||||
from certbot.main import main
|
||||
import fcntl
|
||||
lock_file = "/tmp/certbot.cdist.lock"
|
||||
timeout=60
|
||||
with open(lock_file, 'w') as fd:
|
||||
for i in range(timeout):
|
||||
try:
|
||||
# Get exclusive lock
|
||||
fcntl.flock(fd, fcntl.LOCK_EX | fcntl.LOCK_NB)
|
||||
break
|
||||
except:
|
||||
# Wait if that fails
|
||||
import time
|
||||
time.sleep(1)
|
||||
else:
|
||||
# Timed out, exit with failure
|
||||
import sys
|
||||
sys.exit(1)
|
||||
# Do list certificates
|
||||
main(["certificates", "--cert-name", "${__object_id:?}"])
|
||||
EOF
|
||||
}
|
||||
|
||||
|
||||
_certificate_exists() {
|
||||
if grep -q " Certificate Name: ${__object_id:?}$"; then
|
||||
echo yes
|
||||
else
|
||||
echo no
|
||||
fi
|
||||
}
|
||||
|
||||
_certificate_is_test() {
|
||||
if grep -q 'INVALID: TEST_CERT'; then
|
||||
echo yes
|
||||
else
|
||||
echo no
|
||||
fi
|
||||
}
|
||||
|
||||
_certificate_domains() {
|
||||
grep ' Domains: ' | cut -d ' ' -f 6- | tr ' ' '\n'
|
||||
}
|
||||
|
||||
# Get data about all available certificates
|
||||
certificates="$(_certbot)"
|
||||
|
||||
# Check whether or not the certificate exists
|
||||
certificate_exists="$(echo "${certificates}" | _certificate_exists)"
|
||||
|
||||
# Check whether or not the certificate is for testing
|
||||
certificate_is_test="$(echo "${certificates}" | _certificate_is_test)"
|
||||
|
||||
# Get domains for certificate
|
||||
certificate_domains="$(echo "${certificates}" | _certificate_domains)"
|
||||
fi
|
||||
|
||||
# Return received data
|
||||
cat <<EOF
|
||||
certbot_path:${certbot_path}
|
||||
certificate_exists:${certificate_exists}
|
||||
certificate_is_test:${certificate_is_test}
|
||||
${certificate_domains}
|
||||
EOF
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
certbot_path=$("${__type_explorer}/certbot-path")
|
||||
if [ -n "${certbot_path}" ]
|
||||
then
|
||||
certbot certificates --cert-name "${__object_id:?}" | grep ' Domains: ' | \
|
||||
cut -d ' ' -f 6- | tr ' ' '\n'
|
||||
fi
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
certbot_path=$("${__type_explorer}/certbot-path")
|
||||
if [ -n "${certbot_path}" ]
|
||||
then
|
||||
if certbot certificates | grep -q " Certificate Name: ${__object_id:?}$"; then
|
||||
echo yes
|
||||
else
|
||||
echo no
|
||||
fi
|
||||
else
|
||||
echo no
|
||||
fi
|
||||
|
|
@ -1,14 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
certbot_path=$("${__type_explorer}/certbot-path")
|
||||
if [ -n "${certbot_path}" ]
|
||||
then
|
||||
if certbot certificates --cert-name "${__object_id:?}" | \
|
||||
grep -q 'INVALID: TEST_CERT'; then
|
||||
echo yes
|
||||
else
|
||||
echo no
|
||||
fi
|
||||
else
|
||||
echo no
|
||||
fi
|
||||
|
|
@ -1,6 +1,10 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
certificate_exists=$(cat "${__object:?}/explorer/certificate-exists")
|
||||
_explorer_var() {
|
||||
grep "^$1:" "${__object:?}/explorer/certificate-data" | cut -d ':' -f 2-
|
||||
}
|
||||
|
||||
certificate_exists="$(_explorer_var certificate_exists)"
|
||||
name="${__object_id:?}"
|
||||
state=$(cat "${__object}/parameter/state")
|
||||
|
||||
|
|
@ -29,8 +33,9 @@ case "${state}" in
|
|||
fi
|
||||
|
||||
if [ "${certificate_exists}" = "yes" ]; then
|
||||
existing_domains="${__object}/explorer/certificate-domains"
|
||||
certificate_is_test=$(cat "${__object}/explorer/certificate-is-test")
|
||||
existing_domains=$(mktemp "${TMPDIR:-/tmp}/existing_domains.cdist.XXXXXXXXXX")
|
||||
tail -n +4 "${__object:?}/explorer/certificate-data" | grep -v '^$' > "${existing_domains}"
|
||||
certificate_is_test="$(_explorer_var certificate_is_test)"
|
||||
|
||||
sort -uo "${requested_domains}" "${requested_domains}"
|
||||
sort -uo "${existing_domains}" "${existing_domains}"
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
#!/bin/sh
|
||||
|
||||
certbot_fullpath="$(cat "${__object:?}/explorer/certbot-path")"
|
||||
certbot_fullpath="$(grep "^certbot_path:" "${__object:?}/explorer/certificate-data" | cut -d ':' -f 2-)"
|
||||
state=$(cat "${__object}/parameter/state")
|
||||
os="$(cat "${__global:?}/explorer/os")"
|
||||
|
||||
|
|
|
|||
|
|
@ -61,7 +61,7 @@ EXAMPLES
|
|||
__pyvenv /home/foo/fooenv --pyvenv /usr/local/bin/pyvenv-3.4
|
||||
|
||||
# Create python virtualenv for user foo.
|
||||
__pyvenv /home/foo/fooenv --group foo --owner foo
|
||||
__pyvenv /home/foo/fooenv --group foo --user foo
|
||||
|
||||
# Create python virtualenv with specific parameters.
|
||||
__pyvenv /home/services/djangoenv --venvparams "--copies --system-site-packages"
|
||||
|
|
|
|||
|
|
@ -25,7 +25,6 @@ type_and_key="$(tr ' ' '\n' < "$__object/parameter/key"| awk '/^(ssh|ecdsa)-[^ ]
|
|||
if [ -n "${type_and_key}" ]
|
||||
then
|
||||
file="$(cat "$__object/parameter/file")"
|
||||
test -e "$file" || exit 0
|
||||
|
||||
# get any entries that match the type and key
|
||||
|
||||
|
|
|
|||
|
|
@ -37,9 +37,9 @@ tmpfile=\$(mktemp ${file}.cdist.XXXXXXXXXX)
|
|||
# preserve ownership and permissions of existing file
|
||||
if [ -f "$file" ]; then
|
||||
cp -p "$file" "\$tmpfile"
|
||||
grep -v -F -x '$line' '$file' >\$tmpfile
|
||||
fi
|
||||
cat "\$tmpfile" >"$file"
|
||||
grep -v -F -x '$line' '$file' > \$tmpfile || true
|
||||
mv -f "\$tmpfile" "$file"
|
||||
DONE
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -39,14 +39,7 @@ in
|
|||
(freebsd|netbsd|openbsd)
|
||||
# whitelist
|
||||
;;
|
||||
(openbmc-phosphor)
|
||||
# whitelist
|
||||
# OpenBMC can be configured with dropbear and OpenSSH.
|
||||
# If dropbear is used, the state explorer will already fail because it
|
||||
# cannot find the sshd binary.
|
||||
;;
|
||||
(*)
|
||||
: "${__type:?}" # make shellcheck happy
|
||||
printf 'Your operating system (%s) is currently not supported by this type (%s)\n' \
|
||||
"${os}" "${__type##*/}" >&2
|
||||
printf 'Please contribute an implementation for it if you can.\n' >&2
|
||||
|
|
|
|||
|
|
@ -420,9 +420,6 @@ class Config:
|
|||
exec_path=sys.argv[0],
|
||||
save_output_streams=args.save_output_streams)
|
||||
|
||||
# Make __global state dir available to custom remote scripts.
|
||||
os.environ['__global'] = local.base_path
|
||||
|
||||
remote = cdist.exec.remote.Remote(
|
||||
target_host=target_host,
|
||||
remote_exec=remote_exec,
|
||||
|
|
|
|||
|
|
@ -2,12 +2,6 @@ Changelog
|
|||
---------
|
||||
|
||||
next:
|
||||
* Type __pyvenv: Fix user example in man page (Dennis Camera)
|
||||
* Core: config: Make local state directory available to custom remotes (Steven Armstrong
|
||||
* Type __ssh_authorized_key: grep only if file exists (Dennis Camera)
|
||||
* Type __sshd_config: Whitelist OpenBMC (Dennis Camera)
|
||||
|
||||
6.9.5: 2021-02-28
|
||||
* Core: preos: Fix passing cdist debug parameter (Darko Poljak)
|
||||
* Type __sshd_config: Produce error if invalid config is generated, fix processing of AuthenticationMethods and AuthorizedKeysFile, document explorer bug (Dennis Camera)
|
||||
* Explorer memory: Fix result units; support Solaris (Dennis Camera)
|
||||
|
|
|
|||
Loading…
Reference in a new issue