forked from ungleich-public/cdist
Merge branch 'master' into preos
This commit is contained in:
commit
9ecbf9f1cc
25 changed files with 233 additions and 56 deletions
13
Makefile
13
Makefile
|
@ -170,17 +170,6 @@ $(ML_FILE): $(CHANGELOG_FILE)
|
|||
ml-release: $(ML_FILE)
|
||||
|
||||
|
||||
################################################################################
|
||||
# Release: Freecode
|
||||
#
|
||||
FREECODE_FILE=.lock-freecode
|
||||
|
||||
$(FREECODE_FILE): $(CHANGELOG_FILE)
|
||||
$(helper) freecode-release $(CHANGELOG_VERSION)
|
||||
touch $@
|
||||
|
||||
freecode-release: $(FREECODE_FILE)
|
||||
|
||||
################################################################################
|
||||
# pypi
|
||||
#
|
||||
|
@ -197,7 +186,7 @@ ARCHLINUX_FILE=.lock-archlinux
|
|||
ARCHLINUXTAR=cdist-$(CHANGELOG_VERSION)-1.src.tar.gz
|
||||
|
||||
$(ARCHLINUXTAR): PKGBUILD
|
||||
makepkg -c --source
|
||||
umask 022; makepkg -c --source
|
||||
|
||||
PKGBUILD: PKGBUILD.in $(PYTHON_VERSION)
|
||||
./PKGBUILD.in $(CHANGELOG_VERSION)
|
||||
|
|
|
@ -17,7 +17,13 @@ source=("http://pypi.python.org/packages/source/c/cdist/cdist-\${pkgver}.tar.gz"
|
|||
package() {
|
||||
cd cdist-\${pkgver}
|
||||
python3 setup.py build install --root="\${pkgdir}"
|
||||
find "\$pkgdir" -type d -exec chmod 0755 {} \;
|
||||
find "\$pkgdir" -type f -exec chmod a+r {} \;
|
||||
}
|
||||
eof
|
||||
|
||||
makepkg -g >> "${outfile}"
|
||||
|
||||
# Fix this issue:
|
||||
# error: failed to upload cdist-3.1.6-1.src.tar.gz: Error - all files must have permissions of 644 or 755.
|
||||
chmod a+r "${outfile}"
|
||||
|
|
|
@ -145,21 +145,6 @@ eof
|
|||
;;
|
||||
|
||||
|
||||
freecode-release)
|
||||
version=$1; shift
|
||||
printf "Enter tag list for freecode release %s> " "$version"
|
||||
read taglist
|
||||
|
||||
printf "Enter changelog for freecode release %s> " "$version"
|
||||
read changelog
|
||||
|
||||
echo "Submitting to freecode ..."
|
||||
python2 ~/p/foreign/freecode-submit-2.7/freecode-submit -P cdist \
|
||||
-v "$version" -c "$changelog" \
|
||||
-t "$taglist" \
|
||||
-n
|
||||
;;
|
||||
|
||||
release-git-tag)
|
||||
target_version=$($0 changelog-version)
|
||||
if git rev-parse --verify refs/tags/$target_version 2>/dev/null; then
|
||||
|
@ -258,9 +243,6 @@ eof
|
|||
# Archlinux release is based on pypi
|
||||
make archlinux-release
|
||||
|
||||
# Announce change on Freecode
|
||||
make freecode-release
|
||||
|
||||
# Announce change on ML
|
||||
make ml-release
|
||||
|
||||
|
|
|
@ -1,5 +1,24 @@
|
|||
#!/bin/sh
|
||||
# 2013 Steven Armstrong (steven-cdist at armstrong.cc)
|
||||
#
|
||||
# 2013 Steven Armstrong (steven-cdist armstrong.cc)
|
||||
# 2014 Nico Schottelius (nico-cdist at schottelius.org)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
# cdist is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# cdist is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
|
||||
file="$(cat "$__object/parameter/file" 2>/dev/null || echo "/$__object_id")"
|
||||
|
||||
|
@ -8,12 +27,12 @@ file="$(cat "$__object/parameter/file" 2>/dev/null || echo "/$__object_id")"
|
|||
|
||||
prefix=$(cat "$__object/parameter/prefix" 2>/dev/null || echo "#cdist:__block/$__object_id")
|
||||
suffix=$(cat "$__object/parameter/suffix" 2>/dev/null || echo "#/cdist:__block/$__object_id")
|
||||
awk -v prefix="$prefix" -v suffix="$suffix" '{
|
||||
if (index($0,prefix)) {
|
||||
awk -v prefix="^$prefix\$" -v suffix="^$suffix\$" '{
|
||||
if (match($0,prefix)) {
|
||||
triggered=1
|
||||
}
|
||||
if (triggered) {
|
||||
if (index($0,suffix)) {
|
||||
if (match($0,suffix)) {
|
||||
triggered=0
|
||||
}
|
||||
print
|
||||
|
|
|
@ -46,7 +46,7 @@ tmpfile=\$(mktemp ${file}.cdist.XXXXXXXXXX)
|
|||
if [ -f "$file" ]; then
|
||||
cp -p "$file" "\$tmpfile"
|
||||
fi
|
||||
awk -v prefix="$prefix" -v suffix="$suffix" '
|
||||
awk -v prefix="^$prefix\\\$" -v suffix="^$suffix\\\$" '
|
||||
{
|
||||
if (index(\$0,prefix)) {
|
||||
triggered=1
|
||||
|
|
|
@ -45,4 +45,14 @@ case $1 in
|
|||
restart)
|
||||
"$0" stop && "$0" start
|
||||
;;
|
||||
reset)
|
||||
for table in INPUT FORWARD OUTPUT; do
|
||||
iptables -P "$table" ACCEPT
|
||||
iptables -F "$table"
|
||||
done
|
||||
for table in PREROUTING POSTROUTING OUTPUT; do
|
||||
iptables -t nat -P "$table" ACCEPT
|
||||
iptables -t nat -F "$table"
|
||||
done
|
||||
;;
|
||||
esac
|
||||
|
|
|
@ -29,7 +29,7 @@ case "$os" in
|
|||
# Debian needs a seperate package
|
||||
__package locales --state present
|
||||
;;
|
||||
suse)
|
||||
archlinux|suse)
|
||||
:
|
||||
;;
|
||||
*)
|
||||
|
|
|
@ -12,9 +12,9 @@ DESCRIPTION
|
|||
-----------
|
||||
Adds or removes ssh keys from a authorized_keys file.
|
||||
|
||||
This type also manages the directory containing the authorized_keys
|
||||
file and sets strict ownership and permissions. You can disable this feature
|
||||
with the --noparent boolean parameter.
|
||||
This type uses the __ssh_dot_ssh type to the directory containing
|
||||
the authorized_keys file.
|
||||
You can disable this feature with the --noparent boolean parameter.
|
||||
|
||||
The existence, ownership and permissions of the authorized_keys file itself are
|
||||
also managed. This can be disabled with the --nofile boolean parameter. It is
|
||||
|
|
|
@ -40,12 +40,8 @@ if [ ! -f "$__object/parameter/noparent" -o ! -f "$__object/parameter/nofile" ];
|
|||
fi
|
||||
|
||||
if [ ! -f "$__object/parameter/noparent" ]; then
|
||||
# Ensure that the directory in which the authorized_keys shall be exists and
|
||||
# has the right permissions.
|
||||
ssh_directory="${file%/*}"
|
||||
__directory "$ssh_directory" --state present --parents \
|
||||
--owner "$owner" --group "$group" --mode 0700
|
||||
export require="__directory/$ssh_directory"
|
||||
__ssh_dot_ssh "$owner"
|
||||
export require="__ssh_dot_ssh/$owner"
|
||||
fi
|
||||
if [ ! -f "$__object/parameter/nofile" ]; then
|
||||
# Ensure that authorized_keys file exists and has the right permissions.
|
||||
|
|
22
cdist/conf/type/__ssh_dot_ssh/explorer/group
Executable file
22
cdist/conf/type/__ssh_dot_ssh/explorer/group
Executable file
|
@ -0,0 +1,22 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# 2014 Steven Armstrong (steven-cdist at armstrong.cc)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
# cdist is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# cdist is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
gid="$("$__type_explorer/passwd" | cut -d':' -f 4)"
|
||||
getent group "$gid" || true
|
24
cdist/conf/type/__ssh_dot_ssh/explorer/passwd
Executable file
24
cdist/conf/type/__ssh_dot_ssh/explorer/passwd
Executable file
|
@ -0,0 +1,24 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# 2012 Steven Armstrong (steven-cdist at armstrong.cc)
|
||||
# 2014 Nico Schottelius (nico-cdist at schottelius.org)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
# cdist is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# cdist is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
owner="$__object_id"
|
||||
|
||||
getent passwd "$owner" || true
|
44
cdist/conf/type/__ssh_dot_ssh/man.text
Normal file
44
cdist/conf/type/__ssh_dot_ssh/man.text
Normal file
|
@ -0,0 +1,44 @@
|
|||
cdist-type__ssh_dot_ssh(7)
|
||||
==========================
|
||||
Nico Schottelius <nico-cdist--@--schottelius.org>
|
||||
|
||||
|
||||
NAME
|
||||
----
|
||||
cdist-type__ssh_dot_ssh - Manage .ssh directory
|
||||
|
||||
|
||||
DESCRIPTION
|
||||
-----------
|
||||
Adds or removes .ssh directory to a user home.
|
||||
|
||||
This type is being used by __ssh_authorized_keys.
|
||||
|
||||
OPTIONAL PARAMETERS
|
||||
-------------------
|
||||
state::
|
||||
if the directory should be 'present' or 'absent', defaults to 'present'.
|
||||
|
||||
|
||||
EXAMPLES
|
||||
--------
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
# Ensure root has ~/.ssh with the right permissions
|
||||
__ssh_dot_ssh root
|
||||
|
||||
# Nico does not need ~/.ssh anymore
|
||||
__ssh_dot_ssh nico --state absent
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
|
||||
SEE ALSO
|
||||
--------
|
||||
- cdist-type(7)
|
||||
- cdist-type__ssh_authorized_keys(7)
|
||||
|
||||
|
||||
COPYING
|
||||
-------
|
||||
Copyright \(C) 2014 Nico Schottelius. Free use of this software is
|
||||
granted under the terms of the GNU General Public License version 3 (GPLv3).
|
44
cdist/conf/type/__ssh_dot_ssh/manifest
Executable file
44
cdist/conf/type/__ssh_dot_ssh/manifest
Executable file
|
@ -0,0 +1,44 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# 2012-2014 Steven Armstrong (steven-cdist at armstrong.cc)
|
||||
# 2014 Nico Schottelius (nico-cdist at schottelius.org)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
# cdist is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# cdist is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
# Hacked in Kalamata, Greece
|
||||
#
|
||||
|
||||
owner="$__object_id"
|
||||
state="$(cat "$__object/parameter/state")"
|
||||
|
||||
group="$(cut -d':' -f 1 "$__object/explorer/group")"
|
||||
if [ -z "$group" ]; then
|
||||
echo "Failed to get owners group from explorer." >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
home="$(cut -d':' -f 6 "$__object/explorer/passwd")"
|
||||
if [ -z "$home" ]; then
|
||||
echo "Failed to get home directory from explorer." >&2
|
||||
exit 1
|
||||
fi
|
||||
ssh_directory="${home}/.ssh"
|
||||
|
||||
# Ensure that the directory in which the authorized_keys shall be exists and
|
||||
# has the right permissions.
|
||||
__directory "$ssh_directory" \
|
||||
--state "$state" \
|
||||
--owner "$owner" --group "$group" --mode 0700
|
1
cdist/conf/type/__ssh_dot_ssh/parameter/default/state
Normal file
1
cdist/conf/type/__ssh_dot_ssh/parameter/default/state
Normal file
|
@ -0,0 +1 @@
|
|||
present
|
1
cdist/conf/type/__ssh_dot_ssh/parameter/optional
Normal file
1
cdist/conf/type/__ssh_dot_ssh/parameter/optional
Normal file
|
@ -0,0 +1 @@
|
|||
state
|
|
@ -1,6 +1,6 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# 2013 Daniel Heule (hda at sfs.biz)
|
||||
# 2013-2014 Daniel Heule (hda at sfs.biz)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
|
@ -26,4 +26,4 @@ if [ -f "$__object/parameter/uri" ]; then
|
|||
else
|
||||
uri="$__object_id"
|
||||
fi
|
||||
echo $(zypper lr -u | grep -E "\<$uri\>" | cut -d'|' -f 1 | grep -E '^[0-9]' )
|
||||
echo $(zypper lr -u | grep -F "$uri" | cut -d'|' -f 1 | grep -E '^[0-9]' )
|
||||
|
|
|
@ -5,12 +5,17 @@ Changelog
|
|||
* Exception: No braces means author == Nico Schottelius
|
||||
|
||||
|
||||
3.1.6:
|
||||
3.1.6: 2014-08-18
|
||||
* New Type: __ssh_dot_ssh
|
||||
* Type __package_yum: Support retrieving package via URL
|
||||
* Type __hostname: Support SuSE and have CentOS use sysconfig value
|
||||
* Type __locale: Support SuSE
|
||||
* Type __locale: Support Archlinux
|
||||
* Type __timezone: Support SuSE
|
||||
* Type __file: Support MacOS X (Manuel Hutter)
|
||||
* Type __iptables_apply: Add "reset" to init.d script of iptables
|
||||
* Type __ssh_authorized_key: Use new type __ssh_dot_ssh
|
||||
* Type __zypper_repo: Bugfix for pattern matching (Daniel Heule)
|
||||
|
||||
3.1.5: 2014-05-05
|
||||
* Type __zypper_repo: Automatically import gpg keys (Daniel Heule)
|
||||
|
|
|
@ -5,10 +5,6 @@ Feel free to pick one!
|
|||
|
||||
CORE
|
||||
----
|
||||
- support default parameter
|
||||
- document and add paremeters for remote-copy and remote-exec!
|
||||
- remove hack, make a feature of it
|
||||
|
||||
- remove var=foo calls on remote side. Use -o SendEnv (yeah, see ssh_config(5))
|
||||
|
||||
TESTS
|
||||
|
@ -23,9 +19,6 @@ TESTS
|
|||
|
||||
USER INTERFACE
|
||||
--------------
|
||||
- How to cleanly implement "restart service if config file changed"
|
||||
-> document
|
||||
|
||||
- Cache
|
||||
- add example how to use
|
||||
- export variable $__cache
|
||||
|
@ -45,7 +38,6 @@ TYPES
|
|||
- Add testing framework (proposed by Evax Software)
|
||||
- __user
|
||||
add option to include --create-home
|
||||
- Merge __addifnosuchline and __removeline into __line + --state present|absent
|
||||
- __cron: Support --file to be used instead of user cron (probably direct support
|
||||
of /etc/cron.d)
|
||||
|
||||
|
|
|
@ -57,6 +57,48 @@ if grep -q "^__your_type/object/id:something" "$__messages_in"; then
|
|||
fi
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
Some real life examples:
|
||||
--------------------------------------------------------------------------------
|
||||
# Reacting on changes from block for keepalive
|
||||
if grep -q "^__block/keepalive-vrrp" "$__messages_in"; then
|
||||
echo /etc/init.d/keepalived restart
|
||||
fi
|
||||
|
||||
# Reacting on changes of configuration files
|
||||
if grep -q "^__file/etc/one" $__messages_in; then
|
||||
echo 'for init in /etc/init.d/opennebula*; do $init restart; done'
|
||||
fi
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
Restart sshd on changes
|
||||
--------------------------------------------------------------------------------
|
||||
os="$(cat "$__global/explorer/os")"
|
||||
|
||||
case "$os" in
|
||||
centos|redhat|suse)
|
||||
restart="/etc/init.d/sshd restart"
|
||||
;;
|
||||
debian|ubuntu)
|
||||
restart="/etc/init.d/ssh restart"
|
||||
;;
|
||||
*)
|
||||
cat << eof >&2
|
||||
Unsupported os $os.
|
||||
If you would like to have this type running on $os,
|
||||
you can either develop the changes and send a pull
|
||||
request or ask for a quote at www.ungleich.ch
|
||||
eof
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
if grep -q "^__key_value/PermitRootLogin" "$__messages_in"; then
|
||||
echo $restart
|
||||
fi
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
|
||||
|
||||
|
||||
SEE ALSO
|
||||
--------
|
||||
|
|
Binary file not shown.
BIN
docs/speeches/2014-06-10_openclouddays.odp
Normal file
BIN
docs/speeches/2014-06-10_openclouddays.odp
Normal file
Binary file not shown.
BIN
docs/speeches/2014-06-10_openclouddays_teaser.odp
Normal file
BIN
docs/speeches/2014-06-10_openclouddays_teaser.odp
Normal file
Binary file not shown.
BIN
docs/speeches/2014-06-10_openclouddays_teaser.pdf
Normal file
BIN
docs/speeches/2014-06-10_openclouddays_teaser.pdf
Normal file
Binary file not shown.
BIN
docs/speeches/2014-06-19_ucms14_cdi.st.odp
Normal file
BIN
docs/speeches/2014-06-19_ucms14_cdi.st.odp
Normal file
Binary file not shown.
BIN
docs/speeches/2014-06-19_ucms14_cdist_cinv_bof.odp
Normal file
BIN
docs/speeches/2014-06-19_ucms14_cdist_cinv_bof.odp
Normal file
Binary file not shown.
Loading…
Reference in a new issue