Commit graph

7184 commits

Author SHA1 Message Date
aa80c09c80 [__letsencrypt_cert] Move hook contents generation out of manifest
While there address some minor issues in the comments in the hook contents.
2021-02-10 10:10:21 +01:00
b832af5e3b [__letsencrypt_cert] Don't mess with user script indentation
This could break in odd ways if they passed sth like:
cat <<eof
bla bla
eof
2021-02-09 20:53:58 +01:00
e49da474c4 [__letsencrypt_cert] Remove problematic trailing slash in sed.
Happy fingers are happy and like adding slashes places.
2021-02-09 20:29:17 +01:00
bc145bbc27 [__letsencrypt_cert] Fix various issues with hooks.
Closes #853, see issue for full description / discussion.

Short summary:
- There was about 6.53% chances of `--renewal-hook` not being applied
- Using --automatic-renewal in one cert and not in another was an error.
- It was not possible to use different hooks for different certificates.
- FreeBSD support was utterly broken.
2021-02-09 19:58:47 +01:00
Darko Poljak
65a6a2ed52 ++changelog 2021-02-08 08:28:31 +01:00
c8141d28c3 Merge branch 'fix/explorer/memory' into 'master'
explorer/memory: fix to return result in kiB for all systems and add support for Solaris

See merge request ungleich-public/cdist!967
2021-02-08 08:27:07 +01:00
cda17be38a [explorer/memory] Clean up, return kiB for all systems, add SunOS
BSDs were MiB before.
2021-02-08 08:27:03 +01:00
73a03d75d7 __package_pip: fix shellcheck 2021-02-04 19:18:02 +01:00
8eccacec59 __package_pip: add optional dependencies
This is a poor implementation of optional dependencies for pip packages.
It ensures to install them if the package will be installed, but does
not take into account if they must be added/removed after the package is
already installed. Also, it will not be autoremoved, as all dependencies
will not be removed.
2021-02-04 19:09:26 +01:00
Dennis Camera
6b18cace75 [type/__postgres_conf] Catch connection errors early 2021-01-26 14:01:44 +01:00
Dennis Camera
f9ebb4333c [type/__postgres_conf] Add NetBSD PostgreSQL UNIX user 2021-01-26 14:01:44 +01:00
Dennis Camera
4967c7ebbb [type/__postgres_conf] Silence psql output 2021-01-26 14:01:44 +01:00
Dennis Camera
3f605c31ac [type/__postgres_conf] Add support for more init systems to restart service 2021-01-26 14:01:44 +01:00
Dennis Camera
0f2ff47738 [type/__postgres_conf] Restart PostgreSQL server based on pending_restart column of pg_settings 2021-01-26 14:01:44 +01:00
Dennis Camera
5051d4f40b [type/__postgres_conf] Catch invalid values 2021-01-26 14:01:44 +01:00
Dennis Camera
891c98567e [type/__postgres_conf] Compare configuration parameter names case insensitively 2021-01-26 14:01:44 +01:00
Dennis Camera
803367b316 [type/__postgres_conf] Fix default detection when default is also set in config file
e.g. port is usually also set to the default value in postgresql.conf
2021-01-26 14:01:44 +01:00
Dennis Camera
1b49fec972 [type/__postgres_conf] Refactor 2021-01-26 14:01:43 +01:00
Beni Ruef
b4060720dc [type/__postgres_conf] Fix psql options for ALTER command 2021-01-26 14:01:43 +01:00
Beni Ruef
50bcd95105 [type/__postgres_conf] Remove faulty quotes 2021-01-26 14:01:43 +01:00
Beni Ruef
534d5f6bb5 [type/__postgres_conf] Fix errors found by ShellCheck 2021-01-26 14:01:43 +01:00
Beni Ruef
c51d68a737 [type/__postgres_conf] New type based on ALTER SYSTEM command 2021-01-26 14:01:43 +01:00
Dennis Camera
35cde3e666 [type/__postgres_role] Fix state explorer when stored password is empty 2021-01-18 13:09:29 +01:00
Darko Poljak
92a50da487 Fix pycodestyle issues 2021-01-18 06:28:09 +01:00
Darko Poljak
6e9b13d949 ++changelog 2021-01-18 06:22:32 +01:00
878a65a8b7 Merge branch 'fix/type/__sshd_config/error-on-invalid' into 'master'
sshd config: Produce error if invalid config is generated, fix processing of AuthenticationMethods and AuthorizedKeysFile, document explorer bug

See merge request ungleich-public/cdist!968
2021-01-18 06:22:02 +01:00
cce470b556 Merge branch 'bugfix/preos-debug' into 'master'
Fix debug parameter

Closes #849

See merge request ungleich-public/cdist!970
2021-01-18 06:17:36 +01:00
Dennis Camera
2954347771 [type/__postgres_role] Add note regarding empty passwords 2021-01-14 13:46:40 +01:00
Nico Schottelius
f0e1b3b849 Merge branch 'master' of code.ungleich.ch:ungleich-public/cdist 2021-01-11 22:20:50 +01:00
Darko Poljak
c819548343 Fix debug parameter
-d was removed from cdist in favor of mulitple -v and -l parameters, but
-d was not removed from preos.

Resolve #849.
2021-01-11 09:51:52 +01:00
Dennis Camera
bd8ab8f26f [type/__sshd_config] Document "bug" in state explorer 2021-01-05 17:02:42 +01:00
Dennis Camera
8753b7eedf [type/__sshd_config] Make AuthenticationMethods and AuthorizedKeysFile singleton options
They were incorrectly treated as non-singleton options before.

cf. https://github.com/openssh/openssh-portable/blob/V_8_4/servconf.c#L2273
and https://github.com/openssh/openssh-portable/blob/V_8_4/servconf.c#L1899 resp.
2021-01-05 16:59:04 +01:00
Dennis Camera
766198912d [type/__sshd_config] Produce error if invalid config file is generated
Previously, cdist would silently swallow the error (no invalid config file was
generated).

Reason: `set -e` does not exit if a command in a sub-command group fails,
it merely returns with a non-zero exit status.

e.g. the following snippet does not abort the script if sshd -t returns with a
non-zero exit status:

    set -e
    cmp -s old new || {
        # check config file and update it
        sshd -t -f new \
        && cat new >old
    }

or compressed:

    set -e
    false || { false && true; }
    echo $?
    # prints 1
2021-01-05 15:50:21 +01:00
Darko Poljak
7cf85c4659 Release 6.9.4 2020-12-21 19:21:51 +01:00
Nico Schottelius
a10d43bc69 Merge branch 'master' of code.ungleich.ch:ungleich-public/cdist 2020-12-20 11:42:44 +01:00
Darko Poljak
4bae2863db ++changelog 2020-12-18 12:54:33 +01:00
3566901e1c Merge branch '__dot_file-dirmode' into 'master'
Added optional dirmode parameter to set the mode of (optional) the directory.

See merge request ungleich-public/cdist!966
2020-12-18 12:50:30 +01:00
Mark Verboom
8dc2c4207c Added optional dirmode parameter to set the mode of (optional) the directory. 2020-12-18 11:16:28 +01:00
Dennis Camera
99d82fd0d5 [type/__postgres_role] Always set psql -q 2020-12-17 17:05:58 +01:00
Dennis Camera
1180f13ed6 [type/__postgres_role] Fix setting password
We need to make sure that the password does not end up in ~/.psql_history.
2020-12-17 17:03:58 +01:00
Dennis Camera
4859c27900 [type/__postgres_role] Refactor gencode-remote 2020-12-17 16:57:43 +01:00
Dennis Camera
7b7ca4d385 [type/__postgres_role] Handle password changes 2020-12-16 19:07:05 +01:00
Dennis Camera
c36df82882 [type/__postgres_role] ALTER ROLE when parameters change 2020-12-15 21:11:48 +01:00
Dennis Camera
932e2496ed [type/__postgres_role] Lint 2020-12-15 18:40:39 +01:00
Darko Poljak
71f2283117 ++changelog 2020-12-13 16:03:39 +01:00
f87da8150c Merge branch 'type/__debian_backports' into 'master'
__apt_backports type

See merge request ungleich-public/cdist!964
2020-12-13 16:03:31 +01:00
ae747ac021 Merge branch 'os_version-freebsd' into 'master'
[explorer/os_version] Improve FreeBSD support.

See merge request ungleich-public/cdist!965
2020-12-13 16:00:45 +01:00
27aca06fb8 __apt_backports: undo __apt_update_index call
Becuase it is already done by __apt_source.
2020-12-12 17:34:51 +01:00
fca35fc858 __apt_backports: fix explorer call
s/-/_/ because the explorers are following an other convention :-)
2020-12-12 17:29:58 +01:00
645734c629 [explorer/os_version] Improve FreeBSD support.
It looks like uname -r is not the most reliable way to get the target patch
level for the target system.

For more information see:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251743
2020-12-12 12:15:17 +01:00