Compare commits

..

No commits in common. "master" and "feature/info-command" have entirely different histories.

352 changed files with 1640 additions and 9114 deletions

2
.gitattributes vendored
View file

@ -4,5 +4,5 @@
docs/speeches export-ignore docs/speeches export-ignore
docs/video export-ignore docs/video export-ignore
docs/src/man7 export-ignore docs/src/man7 export-ignore
bin/cdist-build-helper export-ignore bin/build-helper export-ignore
README-maintainers export-ignore README-maintainers export-ignore

View file

@ -1,23 +1,18 @@
---
image: code.ungleich.ch:5050/ungleich-public/cdist/cdist-ci:latest
stages: stages:
- test - test
before_script:
- ./bin/cdist-build-helper version
shellcheck:
stage: test
script:
- ./bin/cdist-build-helper shellcheck
pycodestyle:
stage: test
script:
- ./bin/cdist-build-helper pycodestyle
unit_tests: unit_tests:
stage: test stage: test
script: script:
- ./bin/cdist-build-helper test - ./bin/build-helper version
- ./bin/build-helper test
pycodestyle:
stage: test
script:
- ./bin/build-helper pycodestyle
shellcheck:
stage: test
script:
- ./bin/build-helper shellcheck

View file

@ -81,7 +81,7 @@ version:
} }
# Manpages #3: generic part # Manpages #3: generic part
man: version configskel $(MANTYPES) $(DOCSREF) $(DOCSTYPESREF) man: version $(MANTYPES) $(DOCSREF)
$(SPHINXM) $(SPHINXM)
html: version configskel $(MANTYPES) $(DOCSREF) $(DOCSTYPESREF) html: version configskel $(MANTYPES) $(DOCSREF) $(DOCSTYPESREF)
@ -104,7 +104,7 @@ DOTMANTYPES=$(subst /man.rst,.rst,$(DOTMANTYPEPREFIX))
$(DOTMAN7DSTDIR)/cdist-type%.rst: $(DOTTYPEDIR)/%/man.rst $(DOTMAN7DSTDIR)/cdist-type%.rst: $(DOTTYPEDIR)/%/man.rst
ln -sf "$^" $@ ln -sf "$^" $@
dotman: version configskel $(DOTMANTYPES) $(DOCSREF) $(DOCSTYPESREF) dotman: version $(DOTMANTYPES)
$(SPHINXM) $(SPHINXM)
################################################################################ ################################################################################

7
README Normal file
View file

@ -0,0 +1,7 @@
cdist
-----
cdist is a usable configuration management system.
For the web documentation have a look at https://www.cdi.st/
or at docs/src for reStructuredText manual.

View file

@ -1,4 +1,4 @@
Maintainers should use ./bin/cdist-build-helper script. Maintainers should use ./bin/build-helper script.
Makefile is intended for end users. It can be used for non-maintaining Makefile is intended for end users. It can be used for non-maintaining
targets that can be run from pure source (without git repository). targets that can be run from pure source (without git repository).

View file

@ -1,31 +0,0 @@
# cdist
**cdist** is a usable configuration management system.
It adheres to the [**KISS principle**](https://en.wikipedia.org/wiki/KISS_principle)
and is being used in small up to enterprise grade environments.
For more information have a look at [**homepage**](https://cdi.st)
or at **``docs/src``** for manual in **reStructuredText** format.
## Contributing
Merge/Pull requests can be made in both
[upstream **GitLab**](https://code.ungleich.ch/ungleich-public/cdist/merge_requests)
(managed by [**ungleich**](https://ungleich.ch))
and [**GitHub** project](https://github.com/ungleich/cdist/pulls).
Issues can be made and other project management activites happen
[**only in GitLab**](https://code.ungleich.ch/ungleich-public/cdist)
(needs [**ungleich** account](https://account.ungleich.ch)).
For community-maintained types there is
[**cdist-contrib** project](https://code.ungleich.ch/ungleich-public/cdist-contrib).
## Participating
IRC: ``#cdist`` @ freenode
Matrix: ``#cdist:ungleich.ch``
Mattermost: https://chat.ungleich.ch/ungleich/channels/cdist

View file

@ -45,7 +45,7 @@ usage() {
shellcheck-manifests shellcheck-manifests
shellcheck-local-gencodes shellcheck-local-gencodes
shellcheck-remote-gencodes shellcheck-remote-gencodes
shellcheck-bin shellcheck-scripts
shellcheck-gencodes shellcheck-gencodes
shellcheck-types shellcheck-types
shellcheck shellcheck
@ -370,7 +370,8 @@ eof
cat << eof cat << eof
Manual steps post release: Manual steps post release:
- cdist-web - cdist-web
- send generated mailinglist.tmp mail - send mail body generated in mailinglist.tmp and inform Dmitry for deb
- twitter
eof eof
;; ;;
@ -405,7 +406,7 @@ eof
;; ;;
pycodestyle|pep8) pycodestyle|pep8)
pycodestyle "${basedir}" "${basedir}/bin/cdist" pycodestyle "${basedir}" "${basedir}/scripts/cdist"
;; ;;
check-pycodestyle) check-pycodestyle)
@ -460,34 +461,27 @@ eof
test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; } test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; }
;; ;;
# NOTE: shellcheck-scripts is kept for compatibility shellcheck-scripts)
shellcheck-bin|shellcheck-scripts)
# shellcheck disable=SC2086 # shellcheck disable=SC2086
${SHELLCHECKCMD} bin/cdist-dump bin/cdist-new-type > "${SHELLCHECKTMP}" ${SHELLCHECKCMD} scripts/cdist-dump scripts/cdist-new-type > "${SHELLCHECKTMP}"
test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; } test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; }
;; ;;
shellcheck-gencodes) shellcheck-gencodes)
errors=false "$0" shellcheck-local-gencodes || exit 1
"$0" shellcheck-local-gencodes || errors=true "$0" shellcheck-remote-gencodes || exit 1
"$0" shellcheck-remote-gencodes || errors=true
! $errors || exit 1
;; ;;
shellcheck-types) shellcheck-types)
errors=false "$0" shellcheck-type-explorers || exit 1
"$0" shellcheck-type-explorers || errors=true "$0" shellcheck-manifests || exit 1
"$0" shellcheck-manifests || errors=true "$0" shellcheck-gencodes || exit 1
"$0" shellcheck-gencodes || errors=true
! $errors || exit 1
;; ;;
shellcheck) shellcheck)
errors=false "$0" shellcheck-global-explorers || exit 1
"$0" shellcheck-global-explorers || errors=true "$0" shellcheck-types || exit 1
"$0" shellcheck-types || errors=true "$0" shellcheck-scripts || exit 1
"$0" shellcheck-bin || errors=true
! $errors || exit 1
;; ;;
shellcheck-type-files) shellcheck-type-files)
@ -497,14 +491,12 @@ eof
;; ;;
shellcheck-with-files) shellcheck-with-files)
errors=false "$0" shellcheck || exit 1
"$0" shellcheck || errors=true "$0" shellcheck-type-files || exit 1
"$0" shellcheck-type-files || errors=true
! $errors || exit 1
;; ;;
shellcheck-build-helper) shellcheck-build-helper)
${SHELLCHECKCMD} ./bin/cdist-build-helper ${SHELLCHECKCMD} ./bin/build-helper
;; ;;
check-shellcheck) check-shellcheck)

View file

@ -1,8 +1,7 @@
#!/usr/bin/env python3 #!/bin/sh
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# #
# 2010-2016 Nico Schottelius (nico-cdist at schottelius.org) # 2012 Nico Schottelius (nico-cdist at schottelius.org)
# 2016 Darko Poljak (darko.poljak at gmail.com)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -21,81 +20,14 @@
# #
# #
import logging # Wrapper for real script to allow execution from checkout
import os dir=${0%/*}
import sys
# See if this file's parent is cdist module # Ensure version is present - the bundled/shipped version contains a static version,
# and if so add it to module search path. # the git version contains a dynamic version
cdist_dir = os.path.realpath( "$dir/build-helper" version
os.path.join(
os.path.dirname(os.path.realpath(__file__)),
os.pardir))
cdist_init_dir = os.path.join(cdist_dir, 'cdist', '__init__.py')
if os.path.exists(cdist_init_dir):
sys.path.insert(0, cdist_dir)
import cdist # noqa 402 libdir=$(cd "${dir}/../" && pwd -P)
import cdist.argparse # noqa 402 export PYTHONPATH="${libdir}"
import cdist.banner # noqa 402
import cdist.config # noqa 402
import cdist.install # noqa 402
import cdist.shell # noqa 402
import cdist.inventory # noqa 402
"$dir/../scripts/cdist" "$@"
def commandline():
"""Parse command line"""
# preos subcommand hack
if len(sys.argv) > 1 and sys.argv[1] == 'preos':
return cdist.preos.PreOS.commandline(sys.argv[1:])
parser, cfg = cdist.argparse.parse_and_configure(sys.argv[1:])
args = cfg.get_args()
# Work around python 3.3 bug:
# http://bugs.python.org/issue16308
# http://bugs.python.org/issue9253
# FIXME: catching AttributeError also hides
# real problems.. try a different way
# FIXME: we always print main help, not
# the help of the actual parser being used!
try:
getattr(args, "func")
except AttributeError:
parser['main'].print_help()
sys.exit(0)
args.func(args)
if __name__ == "__main__":
if sys.version < cdist.MIN_SUPPORTED_PYTHON_VERSION:
print('Python >= {} is required on the source host.'.format(
cdist.MIN_SUPPORTED_PYTHON_VERSIO), file=sys.stderr)
sys.exit(1)
exit_code = 0
try:
import re
import os
if re.match("__", os.path.basename(sys.argv[0])):
import cdist.emulator
emulator = cdist.emulator.Emulator(sys.argv)
emulator.run()
else:
commandline()
except KeyboardInterrupt:
exit_code = 2
except cdist.Error as e:
log = logging.getLogger("cdist")
log.error(e)
exit_code = 1
sys.exit(exit_code)

View file

@ -22,27 +22,11 @@
import os import os
import hashlib import hashlib
import subprocess
import cdist.log import cdist.log
VERSION = 'unknown version'
try:
import cdist.version import cdist.version
VERSION = cdist.version.VERSION VERSION = cdist.version.VERSION
except ModuleNotFoundError:
cdist_dir = os.path.abspath(
os.path.join(os.path.dirname(__file__), os.pardir))
if os.path.isdir(os.path.join(cdist_dir, '.git')):
try:
VERSION = subprocess.check_output(
['git', 'describe', '--always'],
cwd=cdist_dir,
universal_newlines=True)
except Exception:
pass
BANNER = """ BANNER = """
.. . .x+=:. s .. . .x+=:. s
@ -64,9 +48,6 @@ REMOTE_EXEC = "ssh -o User=root"
REMOTE_CMDS_CLEANUP_PATTERN = "ssh -o User=root -O exit -S {}" REMOTE_CMDS_CLEANUP_PATTERN = "ssh -o User=root -O exit -S {}"
MIN_SUPPORTED_PYTHON_VERSION = '3.5'
class Error(Exception): class Error(Exception):
"""Base exception class for this project""" """Base exception class for this project"""
pass pass

View file

@ -5,14 +5,12 @@ import logging
import collections import collections
import functools import functools
import cdist.configuration import cdist.configuration
import cdist.log
import cdist.preos import cdist.preos
import cdist.info import cdist.info
import cdist.scan.commandline
# set of beta sub-commands # set of beta sub-commands
BETA_COMMANDS = set(('install', 'inventory', 'scan', )) BETA_COMMANDS = set(('install', 'inventory', ))
# set of beta arguments for sub-commands # set of beta arguments for sub-commands
BETA_ARGS = { BETA_ARGS = {
'config': set(('tag', 'all_tagged_hosts', 'use_archiving', )), 'config': set(('tag', 'all_tagged_hosts', 'use_archiving', )),
@ -127,14 +125,6 @@ def get_parsers():
'value.'), 'value.'),
action='count', default=None) action='count', default=None)
parser['colored_output'] = argparse.ArgumentParser(add_help=False)
parser['colored_output'].add_argument(
'--colors', metavar='WHEN',
help="Colorize cdist's output based on log level; "
"WHEN is 'always', 'never', or 'auto'.",
action='store', dest='colored_output', required=False,
choices=cdist.configuration.ColoredOutputOption.CHOICES)
parser['beta'] = argparse.ArgumentParser(add_help=False) parser['beta'] = argparse.ArgumentParser(add_help=False)
parser['beta'].add_argument( parser['beta'].add_argument(
'-b', '--beta', '-b', '--beta',
@ -207,13 +197,6 @@ def get_parsers():
'supported. Without argument CPU count is used by default. '), 'supported. Without argument CPU count is used by default. '),
action='store', dest='jobs', action='store', dest='jobs',
const=multiprocessing.cpu_count()) const=multiprocessing.cpu_count())
parser['config_main'].add_argument(
'--log-server',
action='store_true',
help=('Start a log server for sub processes to use. '
'This is mainly useful when running cdist nested '
'from a code-local script. Log server is alwasy '
'implicitly started for \'install\' command.'))
parser['config_main'].add_argument( parser['config_main'].add_argument(
'-n', '--dry-run', '-n', '--dry-run',
help='Do not execute code.', action='store_true') help='Do not execute code.', action='store_true')
@ -274,7 +257,8 @@ def get_parsers():
'-f', '--file', '-f', '--file',
help=('Read specified file for a list of additional hosts to ' help=('Read specified file for a list of additional hosts to '
'operate on or if \'-\' is given, read stdin (one host per ' 'operate on or if \'-\' is given, read stdin (one host per '
'line).'), 'line). If no host or host file is specified then, by '
'default, read hosts from stdin.'),
dest='hostfile', required=False) dest='hostfile', required=False)
parser['config_args'].add_argument( parser['config_args'].add_argument(
'-p', '--parallel', nargs='?', metavar='HOST_MAX', '-p', '--parallel', nargs='?', metavar='HOST_MAX',
@ -299,7 +283,6 @@ def get_parsers():
'host', nargs='*', help='Host(s) to operate on.') 'host', nargs='*', help='Host(s) to operate on.')
parser['config'] = parser['sub'].add_parser( parser['config'] = parser['sub'].add_parser(
'config', parents=[parser['loglevel'], parser['beta'], 'config', parents=[parser['loglevel'], parser['beta'],
parser['colored_output'],
parser['common'], parser['common'],
parser['config_main'], parser['config_main'],
parser['inventory_common'], parser['inventory_common'],
@ -318,7 +301,6 @@ def get_parsers():
parser['add-host'] = parser['invsub'].add_parser( parser['add-host'] = parser['invsub'].add_parser(
'add-host', parents=[parser['loglevel'], parser['beta'], 'add-host', parents=[parser['loglevel'], parser['beta'],
parser['colored_output'],
parser['common'], parser['common'],
parser['inventory_common']]) parser['inventory_common']])
parser['add-host'].add_argument( parser['add-host'].add_argument(
@ -326,12 +308,13 @@ def get_parsers():
parser['add-host'].add_argument( parser['add-host'].add_argument(
'-f', '--file', '-f', '--file',
help=('Read additional hosts to add from specified file ' help=('Read additional hosts to add from specified file '
'or from stdin if \'-\' (each host on separate line). '), 'or from stdin if \'-\' (each host on separate line). '
'If no host or host file is specified then, by default, '
'read from stdin.'),
dest='hostfile', required=False) dest='hostfile', required=False)
parser['add-tag'] = parser['invsub'].add_parser( parser['add-tag'] = parser['invsub'].add_parser(
'add-tag', parents=[parser['loglevel'], parser['beta'], 'add-tag', parents=[parser['loglevel'], parser['beta'],
parser['colored_output'],
parser['common'], parser['common'],
parser['inventory_common']]) parser['inventory_common']])
parser['add-tag'].add_argument( parser['add-tag'].add_argument(
@ -340,12 +323,20 @@ def get_parsers():
parser['add-tag'].add_argument( parser['add-tag'].add_argument(
'-f', '--file', '-f', '--file',
help=('Read additional hosts to add tags from specified file ' help=('Read additional hosts to add tags from specified file '
'or from stdin if \'-\' (each host on separate line). '), 'or from stdin if \'-\' (each host on separate line). '
'If no host or host file is specified then, by default, '
'read from stdin. If no tags/tagfile nor hosts/hostfile'
' are specified then tags are read from stdin and are'
' added to all hosts.'),
dest='hostfile', required=False) dest='hostfile', required=False)
parser['add-tag'].add_argument( parser['add-tag'].add_argument(
'-T', '--tag-file', '-T', '--tag-file',
help=('Read additional tags to add from specified file ' help=('Read additional tags to add from specified file '
'or from stdin if \'-\' (each tag on separate line). '), 'or from stdin if \'-\' (each tag on separate line). '
'If no tag or tag file is specified then, by default, '
'read from stdin. If no tags/tagfile nor hosts/hostfile'
' are specified then tags are read from stdin and are'
' added to all hosts.'),
dest='tagfile', required=False) dest='tagfile', required=False)
parser['add-tag'].add_argument( parser['add-tag'].add_argument(
'-t', '--taglist', '-t', '--taglist',
@ -355,7 +346,6 @@ def get_parsers():
parser['del-host'] = parser['invsub'].add_parser( parser['del-host'] = parser['invsub'].add_parser(
'del-host', parents=[parser['loglevel'], parser['beta'], 'del-host', parents=[parser['loglevel'], parser['beta'],
parser['colored_output'],
parser['common'], parser['common'],
parser['inventory_common']]) parser['inventory_common']])
parser['del-host'].add_argument( parser['del-host'].add_argument(
@ -366,12 +356,13 @@ def get_parsers():
parser['del-host'].add_argument( parser['del-host'].add_argument(
'-f', '--file', '-f', '--file',
help=('Read additional hosts to delete from specified file ' help=('Read additional hosts to delete from specified file '
'or from stdin if \'-\' (each host on separate line). '), 'or from stdin if \'-\' (each host on separate line). '
'If no host or host file is specified then, by default, '
'read from stdin.'),
dest='hostfile', required=False) dest='hostfile', required=False)
parser['del-tag'] = parser['invsub'].add_parser( parser['del-tag'] = parser['invsub'].add_parser(
'del-tag', parents=[parser['loglevel'], parser['beta'], 'del-tag', parents=[parser['loglevel'], parser['beta'],
parser['colored_output'],
parser['common'], parser['common'],
parser['inventory_common']]) parser['inventory_common']])
parser['del-tag'].add_argument( parser['del-tag'].add_argument(
@ -384,13 +375,20 @@ def get_parsers():
parser['del-tag'].add_argument( parser['del-tag'].add_argument(
'-f', '--file', '-f', '--file',
help=('Read additional hosts to delete tags for from specified ' help=('Read additional hosts to delete tags for from specified '
'file or from stdin if \'-\' (each host on separate ' 'file or from stdin if \'-\' (each host on separate line). '
'line). '), 'If no host or host file is specified then, by default, '
'read from stdin. If no tags/tagfile nor hosts/hostfile'
' are specified then tags are read from stdin and are'
' deleted from all hosts.'),
dest='hostfile', required=False) dest='hostfile', required=False)
parser['del-tag'].add_argument( parser['del-tag'].add_argument(
'-T', '--tag-file', '-T', '--tag-file',
help=('Read additional tags from specified file ' help=('Read additional tags from specified file '
'or from stdin if \'-\' (each tag on separate line). '), 'or from stdin if \'-\' (each tag on separate line). '
'If no tag or tag file is specified then, by default, '
'read from stdin. If no tags/tagfile nor'
' hosts/hostfile are specified then tags are read from'
' stdin and are added to all hosts.'),
dest='tagfile', required=False) dest='tagfile', required=False)
parser['del-tag'].add_argument( parser['del-tag'].add_argument(
'-t', '--taglist', '-t', '--taglist',
@ -400,7 +398,6 @@ def get_parsers():
parser['list'] = parser['invsub'].add_parser( parser['list'] = parser['invsub'].add_parser(
'list', parents=[parser['loglevel'], parser['beta'], 'list', parents=[parser['loglevel'], parser['beta'],
parser['colored_output'],
parser['common'], parser['common'],
parser['inventory_common']]) parser['inventory_common']])
parser['list'].add_argument( parser['list'].add_argument(
@ -433,7 +430,7 @@ def get_parsers():
# Shell # Shell
parser['shell'] = parser['sub'].add_parser( parser['shell'] = parser['sub'].add_parser(
'shell', parents=[parser['loglevel'], parser['colored_output']]) 'shell', parents=[parser['loglevel']])
parser['shell'].add_argument( parser['shell'].add_argument(
'-s', '--shell', '-s', '--shell',
help=('Select shell to use, defaults to current shell. Used shell' help=('Select shell to use, defaults to current shell. Used shell'
@ -471,35 +468,6 @@ def get_parsers():
'pattern', nargs='?', help='Glob pattern.') 'pattern', nargs='?', help='Glob pattern.')
parser['info'].set_defaults(func=cdist.info.Info.commandline) parser['info'].set_defaults(func=cdist.info.Info.commandline)
# Scan = config + further
parser['scan'] = parser['sub'].add_parser('scan', add_help=False,
parents=[parser['config']])
parser['scan'] = parser['sub'].add_parser(
'scan', parents=[parser['loglevel'],
parser['beta'],
parser['colored_output'],
parser['common'],
parser['config_main']])
parser['scan'].add_argument(
'-m', '--mode', help='Which modes should run',
action='append', default=[],
choices=['scan', 'trigger'])
parser['scan'].add_argument(
'--config',
action='store_true',
help='Try to configure detected hosts')
parser['scan'].add_argument(
'-I', '--interfaces',
action='append', default=[],
help='On which interfaces to scan/trigger')
parser['scan'].add_argument(
'-d', '--delay',
action='store', default=3600,
help='How long to wait before reconfiguring after last try')
parser['scan'].set_defaults(func=cdist.scan.commandline.commandline)
for p in parser: for p in parser:
parser[p].epilog = EPILOG parser[p].epilog = EPILOG
@ -510,12 +478,7 @@ def handle_loglevel(args):
if hasattr(args, 'quiet') and args.quiet: if hasattr(args, 'quiet') and args.quiet:
args.verbose = _verbosity_level_off args.verbose = _verbosity_level_off
logging.getLogger().setLevel(_verbosity_level[args.verbose]) logging.root.setLevel(_verbosity_level[args.verbose])
def handle_log_colors(args):
if cdist.configuration.ColoredOutputOption.translate(args.colored_output):
cdist.log.CdistFormatter.USE_COLORS = True
def parse_and_configure(argv, singleton=True): def parse_and_configure(argv, singleton=True):
@ -529,7 +492,6 @@ def parse_and_configure(argv, singleton=True):
raise cdist.Error(str(e)) raise cdist.Error(str(e))
# Loglevels are handled globally in here # Loglevels are handled globally in here
handle_loglevel(args) handle_loglevel(args)
handle_log_colors(args)
log = logging.getLogger("cdist") log = logging.getLogger("cdist")

View file

@ -32,11 +32,6 @@ case "$os" in
sysctl -n hw.ncpuonline sysctl -n hw.ncpuonline
;; ;;
"freebsd"|"netbsd")
PATH=$(getconf PATH)
sysctl -n hw.ncpu
;;
*) *)
if [ -r /proc/cpuinfo ]; then if [ -r /proc/cpuinfo ]; then
cores="$(grep "core id" /proc/cpuinfo | sort | uniq | wc -l)" cores="$(grep "core id" /proc/cpuinfo | sort | uniq | wc -l)"

View file

@ -1,66 +1,27 @@
#!/bin/sh -e #!/bin/sh
#
# based on previous work by other people, modified by:
# 2020 Dennis Camera <dennis.camera at ssrq-sds-fds.ch>
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# Finds disks of the system (excl. ram disks, floppy, cdrom)
uname_s="$(uname -s)" uname_s="$(uname -s)"
case $uname_s in case "${uname_s}" in
FreeBSD) FreeBSD)
sysctl -n kern.disks sysctl -n kern.disks
;; ;;
OpenBSD) OpenBSD|NetBSD)
sysctl -n hw.disknames | grep -Eo '[lsw]d[0-9]+' sysctl -n hw.disknames | grep -Eo '[lsw]d[0-9]+' | xargs
;;
NetBSD)
PATH=$(getconf PATH)
sysctl -n hw.disknames | awk -v RS=' ' '/^[lsw]d[0-9]+/'
;; ;;
Linux) Linux)
# list of major device numbers toexclude: if command -v lsblk > /dev/null
# ram disks, floppies, cdroms then
# exclude ram disks, floppies and cdroms
# https://www.kernel.org/doc/Documentation/admin-guide/devices.txt # https://www.kernel.org/doc/Documentation/admin-guide/devices.txt
ign_majors='1 2 11' lsblk -e 1,2,11 -dno name | xargs
if command -v lsblk >/dev/null 2>&1
then
lsblk -e "$(echo "$ign_majors" | tr ' ' ',')" -dno name
elif test -d /sys/block/
then
# shellcheck disable=SC2012
ls -1 /sys/block/ \
| awk -v ign_majors="$(echo "$ign_majors" | tr ' ' '|')" '
{
devfile = "/sys/block/" $0 "/dev"
getline devno < devfile
close(devfile)
if (devno !~ "^(" ign_majors "):") print
}'
else else
echo "Don't know how to list disks on Linux without lsblk and sysfs." >&2 printf "Don't know how to list disks for %s operating system without lsblk, if you can please submit a patch\n" "${uname_s}" >&2
echo 'If you can, please submit a patch.'>&2
fi fi
;; ;;
*) *)
printf "Don't know how to list disks for %s operating system.\n" "${uname_s}" >&2 printf "Don't know how to list disks for %s operating system, if you can please submit a patch\n" "${uname_s}" >&2
printf 'If you can please submit a patch\n' >&2
;; ;;
esac \ esac
| xargs
exit 0

View file

@ -1,8 +1,7 @@
#!/bin/sh -e #!/bin/sh
# #
# 2016 Daniel Heule (hda at sfs.biz) # 2016 Daniel Heule (hda at sfs.biz)
# Copyright 2017, Philippe Gregoire <pg@pgregoire.xyz> # Copyright 2017, Philippe Gregoire <pg@pgregoire.xyz>
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -20,423 +19,21 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
# #
# Returns the name of the init system (PID 1) # Returns the process name of pid 1 ( normaly the init system )
# for example at linux this value is "init" or "systemd" in most cases
# Expected values:
# Linux:
# Adélie Linux:
# sysvinit+openrc
# Alpine Linux:
# busybox-init+openrc
# ArchLinux:
# systemd, sysvinit
# CRUX:
# sysvinit
# Debian:
# systemd, upstart, sysvinit, openrc, ???
# Devuan:
# sysvinit, sysvinit+openrc
# Gentoo:
# sysvinit+openrc, openrc-init, systemd
# OpenBMC:
# systemd
# OpenWrt:
# procd, init???
# RedHat (RHEL, CentOS, Fedora, RedHat Linux, ...):
# systemd, upstart, upstart-legacy, sysvinit
# Slackware:
# sysvinit
# SuSE:
# systemd, sysvinit
# Ubuntu:
# systemd, upstart, upstart-legacy, sysvinit
# VoidLinux:
# runit
# #
# GNU:
# Debian:
# sysvinit, hurd-init
#
# BSD:
# {Free,Open,Net}BSD:
# init
#
# Mac OS X:
# launchd, init+SystemStarter
#
# Solaris/Illumos:
# smf, init???
# NOTE: init systems can be stacked. This is popular to run OpenRC on top of uname_s="$(uname -s)"
# sysvinit (Gentoo) or busybox-init (Alpine), but can also be used to run runit
# as a systemd service. This makes init system detection very complicated
# (which result is expected?) This script tries to untangle some combinations,
# OpenRC on top of sysv or busybox (X+openrc), but will ignore others (runit as
# a systemd service)
# NOTE: When we have no idea, nothing will be printed! case "$uname_s" in
# NOTE:
# When trying to gather information about the init system make sure to do so
# without calling the binary! On some systems this triggers a reinitialisation
# of the system which we don't want (e.g. embedded systems).
set -e
KERNEL_NAME=$(uname -s)
KNOWN_INIT_SYSTEMS=$(cat <<EOF
systemd
sysvinit
upstart
runit
procd
smf
launchd
init
hurd_init
systemstarter
EOF
)
common_candidates_by_kernel() {
case $KERNEL_NAME
in
FreeBSD|NetBSD|OpenBSD)
echo init
;;
Linux) Linux)
echo systemd (pgrep -P0 -l | awk '/^1[ \t]/ {print $2;}') || true
echo sysvinit
echo upstart
;; ;;
GNU) FreeBSD|OpenBSD)
echo sysvinit ps -o comm= -p 1 || true
echo hurd-init
;;
Darwin)
echo launchd
echo systemstarter
;;
SunOS)
echo smf
;;
esac
}
## Helpers
trim() {
sed -e 's/^[[:blank:]]*//' -e 's/[[:blank:]]*$//' -e '/^[[:blank:]]*$/d'
}
unique() {
# Delete duplicate lines (keeping input order)
# NOTE: Solaris AWK breaks without if/print construct.
awk '{ if (!x[$0]++) print }'
}
## Check functions
# These functions are used to verify if a guess is correct by checking some
# common property of a running system (presence of a directory in /run etc.)
check_busybox_init() (
busybox_path=${1:-/bin/busybox}
test -x "${busybox_path}" || return 1
grep -q 'BusyBox v[0-9]' "${busybox_path}" || return 1
# It is quite common to use Busybox init to stack other init systemd
# (like OpenRC) on top of it. So we check for that, too.
if stacked=$(check_openrc)
then
echo "busybox-init+${stacked}"
else
echo busybox-init
fi
)
check_hurd_init() (
init_exe=${1:-/hurd/init}
test -x "${init_exe}" || return 1
grep -q 'GNU Hurd' "${init_exe}" || return 1
echo hurd-init
)
check_init() {
# Checks for various BSD inits...
test -x /sbin/init || return 1
if grep -q -E '(Free|Net|Open)BSD' /sbin/init
then
echo init
return 0
fi
}
check_launchd() {
command -v launchctl >/dev/null 2>&1 || return 1
launchctl getenv PATH >/dev/null || return 1
echo launchd
}
check_openrc() {
test -f /run/openrc/softlevel || return 1
echo openrc
}
check_procd() (
procd_path=${1:-/sbin/procd}
test -x "${procd_path}" || return 1
grep -q 'procd' "${procd_path}" || return 1
echo procd
)
check_runit() {
test -d /run/runit || return 1
echo runit
}
check_smf() {
# XXX: Is this the correct way??
test -f /etc/svc/volatile/svc_nonpersist.db || return 1
echo smf
}
check_systemd() {
# NOTE: sd_booted(3)
test -d /run/systemd/system/ || return 1
# systemctl --version | sed -e '/^systemd/!d;s/^systemd //'
echo systemd
}
check_systemstarter() {
test -d /System/Library/StartupItems/ || return 1
test -f /System/Library/StartupItems/LoginWindow/StartupParameters.plist || return 1
echo init+SystemStarter
}
check_sysvinit() (
init_path=${1:-/sbin/init}
test -x "${init_path}" || return 1
grep -q 'INIT_VERSION=sysvinit-[0-9.]*' "${init_path}" || return 1
# It is quite common to use SysVinit to stack other init systemd
# (like OpenRC) on top of it. So we check for that, too.
if stacked=$(check_openrc)
then
echo "sysvinit+${stacked}"
else
echo sysvinit
fi
unset stacked
)
check_upstart() {
test -x "$(command -v initctl)" || return 1
case $(initctl version)
in
*'(upstart '*')')
if test -d /etc/init
then
# modern (DBus-based?) upstart >= 0.5
echo upstart
elif test -d /etc/event.d
then
# ancient upstart
echo upstart-legacy
else
# whatever...
echo upstart
fi
;; ;;
*) *)
return 1 # return a empty string as unknown value
echo ""
;; ;;
esac esac
}
find_init_procfs() (
# First, check if the required file in procfs exists...
test -h /proc/1/exe || return 1
# Find init executable
init_exe=$(ls -l /proc/1/exe 2>/dev/null) || return 1
init_exe=${init_exe#* -> }
if ! test -x "$init_exe"
then
# On some rare occasions it can happen that the
# running init's binary has been replaced. In this
# case Linux adjusts the symlink to "X (deleted)"
# [root@fedora-12 ~]# readlink /proc/1/exe
# /sbin/init (deleted)
# [root@fedora-12 ~]# ls -l /proc/1/exe
# lrwxrwxrwx. 1 root root 0 2020-01-30 23:00 /proc/1/exe -> /sbin/init (deleted)
init_exe=${init_exe% (deleted)}
test -x "$init_exe" || return 1
fi
echo "${init_exe}"
)
guess_by_path() {
case $1
in
/bin/busybox)
check_busybox_init "$1" && return
;;
/lib/systemd/systemd)
check_systemd "$1" && return
;;
/hurd/init)
check_hurd_init "$1" && return
;;
/sbin/launchd)
check_launchd "$1" && return
;;
/usr/bin/runit|/sbin/runit)
check_runit "$1" && return
;;
/sbin/openrc-init)
if check_openrc "$1" >/dev/null
then
echo openrc-init
return
fi
;;
/sbin/procd)
check_procd "$1" && return
;;
/sbin/init|*/init)
# init: it could be anything -> (explicit) no match
return 1
;;
esac
# No match
return 1
}
guess_by_comm_name() {
case $1
in
busybox)
check_busybox_init && return
;;
openrc-init)
if check_openrc >/dev/null
then
echo openrc-init
return 0
fi
;;
init)
# init could be anything -> no match
return 1
;;
*)
# Run check function by comm name if available.
# Fall back to comm name if either it does not exist or
# returns non-zero.
if type "check_$1" >/dev/null
then
"check_$1" && return
else
echo "$1" ; return 0
fi
esac
return 1
}
check_list() (
# List must be a multi-line input on stdin (one name per line)
while read -r init
do
"check_${init}" || continue
return 0
done
return 1
)
# BusyBox's versions of ps and pgrep do not support some options
# depending on which compile-time options have been used.
find_init_pgrep() {
pgrep -P0 -fl 2>/dev/null | awk -F '[[:blank:]]' '$1 == 1 { print $2 }'
}
find_init_ps() {
case $KERNEL_NAME
in
Darwin)
ps -o command -p 1 2>/dev/null | tail -n +2
;;
FreeBSD)
ps -o args= -p 1 2>/dev/null | cut -d ' ' -f 1
;;
Linux)
ps -o comm= -p 1 2>/dev/null
;;
NetBSD)
ps -o comm= -p 1 2>/dev/null
;;
OpenBSD)
ps -o args -p 1 2>/dev/null | tail -n +2 | cut -d ' ' -f 1
;;
*)
ps -o args= -p 1 2>/dev/null
;;
esac | trim # trim trailing whitespace (some ps like Darwin add it)
}
find_init() {
case $KERNEL_NAME
in
Linux|GNU|NetBSD)
find_init_procfs || find_init_pgrep || find_init_ps
;;
FreeBSD)
find_init_procfs || find_init_ps
;;
OpenBSD)
find_init_pgrep || find_init_ps
;;
Darwin|SunOS)
find_init_ps
;;
*)
echo "Don't know how to determine init." >&2
echo 'Please send a patch.' >&2
exit 1
esac
}
# -----
init=$(find_init)
# If we got a path, guess by the path first (fall back to file name if no match)
# else guess by file name directly.
# shellcheck disable=SC2015
{
test -x "${init}" \
&& guess_by_path "${init}" \
|| guess_by_comm_name "$(basename "${init}")"
} && exit 0 || true
# Guessing based on the file path and name didnt lead to a definitive result.
#
# We go through all of the checks until we find a match. To speed up the
# process, common cases will be checked first based on the underlying kernel.
{ common_candidates_by_kernel; echo "${KNOWN_INIT_SYSTEMS}"; } \
| unique | check_list

View file

@ -2,7 +2,6 @@
# #
# 2014 Daniel Heule (hda at sfs.biz) # 2014 Daniel Heule (hda at sfs.biz)
# 2014 Thomas Oettli (otho at sfs.biz) # 2014 Thomas Oettli (otho at sfs.biz)
# 2020 Evilham (contact at evilham.com)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -19,51 +18,9 @@
# You should have received a copy of the GNU General Public License # You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
#
os=$("$__explorer/os") # FIXME: other system types (not linux ...)
vendor_string_to_machine_type() {
for vendor in vmware bochs kvm qemu virtualbox bhyve; do
if echo "${1}" | grep -q -i "${vendor}"; then
if [ "${vendor}" = "bochs" ] || [ "${vendor}" = "qemu" ]; then
vendor="kvm"
fi
echo "virtual_by_${vendor}"
exit
fi
done
}
case "$os" in
"freebsd")
# FreeBSD does not have /proc/cpuinfo even when procfs is used.
# Instead there is a sysctl kern.vm_guest.
# Which is 'none' if physical, else the virtualisation.
vm_guest="$(sysctl -n kern.vm_guest 2>/dev/null || true)"
if [ -n "${vm_guest}" ]; then
if [ "${vm_guest}" = "none" ]; then
echo "physical"
exit
fi
echo "virtual_by_${vm_guest}"
exit
fi
;;
"openbsd")
# OpenBSD can also use the sysctl's: hw.vendor or hw.product.
# Note we can be reasonably sure about a machine being virtualised
# as long as we can identify the virtualisation technology.
# But not so much about it being physical...
# Patches are welcome / reach out if you have better ideas.
for sysctl in hw.vendor hw.product; do
# This exits if we can make a reasonable judgement
vendor_string_to_machine_type "$(sysctl -n "${sysctl}")"
done
;;
*)
# Defaulting to linux for compatibility with previous cdist behaviour
if [ -d "/proc/vz" ] && [ ! -d "/proc/bc" ]; then if [ -d "/proc/vz" ] && [ ! -d "/proc/bc" ]; then
echo openvz echo openvz
@ -78,7 +35,7 @@ case "$os" in
if [ -r /proc/cpuinfo ]; then if [ -r /proc/cpuinfo ]; then
# this should only exist on virtual guest machines, # this should only exist on virtual guest machines,
# tested on vmware, xen, kvm, bhyve # tested on vmware, xen, kvm
if grep -q "hypervisor" /proc/cpuinfo; then if grep -q "hypervisor" /proc/cpuinfo; then
# this file is aviable in xen guest systems # this file is aviable in xen guest systems
if [ -r /sys/hypervisor/type ]; then if [ -r /sys/hypervisor/type ]; then
@ -87,23 +44,37 @@ case "$os" in
exit exit
fi fi
else else
for vendor_file in /sys/class/dmi/id/product_name \ if [ -r /sys/class/dmi/id/product_name ]; then
/sys/class/dmi/id/sys_vendor \ if grep -q -i 'vmware' /sys/class/dmi/id/product_name; then
/sys/class/dmi/id/chasis_vendor; do echo "virtual_by_vmware"
if [ -r ${vendor_file} ]; then exit
# This exits if we can make a reasonable judgement elif grep -q -i 'bochs' /sys/class/dmi/id/product_name; then
vendor_string_to_machine_type "$(cat "${vendor_file}")" echo "virtual_by_kvm"
exit
elif grep -q -i 'virtualbox' /sys/class/dmi/id/product_name; then
echo "virtual_by_virtualbox"
exit
fi
fi
if [ -r /sys/class/dmi/id/sys_vendor ]; then
if grep -q -i 'qemu' /sys/class/dmi/id/sys_vendor; then
echo "virtual_by_kvm"
exit
fi
fi
if [ -r /sys/class/dmi/id/chassis_vendor ]; then
if grep -q -i 'qemu' /sys/class/dmi/id/chassis_vendor; then
echo "virtual_by_kvm"
exit
fi
fi fi
done
fi fi
echo "virtual_by_unknown" echo "virtual_by_unknown"
exit
else else
echo "physical" echo "physical"
exit
fi fi
fi else
;;
esac
echo "unknown" echo "unknown"
fi

View file

@ -29,8 +29,7 @@ case "$os" in
echo "$(sysctl -n hw.memsize)/1024" | bc echo "$(sysctl -n hw.memsize)/1024" | bc
;; ;;
*"bsd") "openbsd")
PATH=$(getconf PATH)
echo "$(sysctl -n hw.physmem) / 1048576" | bc echo "$(sysctl -n hw.physmem) / 1048576" | bc
;; ;;

View file

@ -143,13 +143,6 @@ case "$uname_s" in
esac esac
if [ -f /etc/os-release ]; then if [ -f /etc/os-release ]; then
# after sles15, suse don't provide an /etc/SuSE-release anymore, but there is almost no difference between sles and opensuse leap, so call it suse
# shellcheck disable=SC1091
if (. /etc/os-release && echo "${ID_LIKE}" | grep -q '\(^\|\ \)suse\($\|\ \)')
then
echo suse
exit 0
fi
# already lowercase, according to: # already lowercase, according to:
# https://www.freedesktop.org/software/systemd/man/os-release.html # https://www.freedesktop.org/software/systemd/man/os-release.html
awk -F= '/^ID=/ { if ($2 ~ /^'"'"'(.*)'"'"'$/ || $2 ~ /^"(.*)"$/) { print substr($2, 2, length($2) - 2) } else { print $2 } }' /etc/os-release awk -F= '/^ID=/ { if ($2 ~ /^'"'"'(.*)'"'"'$/ || $2 ~ /^"(.*)"$/) { print substr($2, 2, length($2) - 2) } else { print $2 } }' /etc/os-release

View file

@ -1,7 +1,6 @@
#!/bin/sh #!/bin/sh
# #
# 2018 Adam Dej (dejko.a at gmail.com) # 2018 Adam Dej (dejko.a at gmail.com)
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -22,17 +21,6 @@
# See os-release(5) and http://0pointer.de/blog/projects/os-release # See os-release(5) and http://0pointer.de/blog/projects/os-release
if test -f /etc/os-release set +e
then
# Linux and FreeBSD (usually a symlink)
cat /etc/os-release
elif test -f /usr/lib/os-release
then
# systemd
cat /usr/lib/os-release
elif test -f /var/run/os-release
then
# FreeBSD (created by os-release service)
cat /var/run/os-release
fi
cat /etc/os-release || cat /usr/lib/os-release || true

View file

@ -31,32 +31,7 @@ case "$("$__explorer/os")" in
cat /etc/arch-release cat /etc/arch-release
;; ;;
debian) debian)
debian_version=$(cat /etc/debian_version) cat /etc/debian_version
case $debian_version
in
testing/unstable)
# previous to Debian 4.0 testing/unstable was used
# cf. https://metadata.ftp-master.debian.org/changelogs/main/b/base-files/base-files_11_changelog
echo 3.99
;;
*/sid)
# sid versions don't have a number, so we decode by codename:
case $(expr "$debian_version" : '\([a-z]\{1,\}\)/')
in
bullseye) echo 10.99 ;;
buster) echo 9.99 ;;
stretch) echo 8.99 ;;
jessie) echo 7.99 ;;
wheezy) echo 6.99 ;;
squeeze) echo 5.99 ;;
lenny) echo 4.99 ;;
*) exit 1
esac
;;
*)
echo "$debian_version"
;;
esac
;; ;;
devuan) devuan)
cat /etc/devuan_version cat /etc/devuan_version
@ -70,11 +45,6 @@ case "$("$__explorer/os")" in
macosx) macosx)
sw_vers -productVersion sw_vers -productVersion
;; ;;
freebsd)
# Apparently uname -r is not a reliable way to get the patch level.
# See: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251743
freebsd-version
;;
*bsd|solaris) *bsd|solaris)
uname -r uname -r
;; ;;
@ -100,7 +70,4 @@ case "$("$__explorer/os")" in
ubuntu) ubuntu)
lsb_release -sr lsb_release -sr
;; ;;
alpine)
cat /etc/alpine-release
;;
esac esac

View file

@ -1,6 +1,6 @@
#!/bin/sh -e #!/bin/sh -e
# #
# 2020 Ander Punnar (ander-at-kvlt-dot-ee) # 2019 Ander Punnar (ander-at-kvlt-dot-ee)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -18,23 +18,22 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
privileges="$( cat "$__object/parameter/privileges" )" # TODO check if filesystem has ACL turned on etc
database="$( cat "$__object/parameter/database" )" if [ -f "$__object/parameter/acl" ]
table="$( cat "$__object/parameter/table" )"
user="$( cat "$__object/parameter/user" )"
host="$( cat "$__object/parameter/host" )"
check_privileges="$(
mysql -B -N -e "show grants for '$user'@'$host'" \
| grep -Ei "^grant $privileges on .$database.\..?$table.? to " || true )"
if [ -n "$check_privileges" ]
then then
echo 'present' grep -E '^(default:)?(user|group):' "$__object/parameter/acl" \
else | while read -r acl
echo 'absent' do
param="$( echo "$acl" | awk -F: '{print $(NF-2)}' )"
check="$( echo "$acl" | awk -F: '{print $(NF-1)}' )"
[ "$param" = 'user' ] && db=passwd || db="$param"
if ! getent "$db" "$check" > /dev/null
then
echo "missing $param '$check'" >&2
exit 1
fi
done
fi fi

View file

@ -1,4 +0,0 @@
#!/bin/sh -e
getent passwd | awk -F: '{print "user:"$1}'
getent group | awk -F: '{print "group:"$1}'

View file

@ -20,13 +20,7 @@
file_is="$( cat "$__object/explorer/file_is" )" file_is="$( cat "$__object/explorer/file_is" )"
if [ "$file_is" = 'missing' ] \ [ "$file_is" = 'missing' ] && [ -z "$__cdist_dry_run" ] && exit 0
&& [ -z "$__cdist_dry_run" ] \
&& [ ! -f "$__object/parameter/file" ] \
&& [ ! -f "$__object/parameter/directory" ]
then
exit 0
fi
os="$( cat "$__global/explorer/os" )" os="$( cat "$__global/explorer/os" )"
@ -34,39 +28,28 @@ acl_path="/$__object_id"
acl_is="$( cat "$__object/explorer/acl_is" )" acl_is="$( cat "$__object/explorer/acl_is" )"
if [ -f "$__object/parameter/source" ] if [ -f "$__object/parameter/acl" ]
then then
acl_source="$( cat "$__object/parameter/source" )" acl_should="$( cat "$__object/parameter/acl" )"
elif
[ -f "$__object/parameter/user" ] \
|| [ -f "$__object/parameter/group" ] \
|| [ -f "$__object/parameter/mask" ] \
|| [ -f "$__object/parameter/other" ]
then
acl_should="$( for param in user group mask other
do
[ ! -f "$__object/parameter/$param" ] && continue
if [ "$acl_source" = '-' ] echo "$param" | grep -Eq 'mask|other' && sep=:: || sep=:
then
acl_should="$( cat "$__object/stdin" )" echo "$param$sep$( cat "$__object/parameter/$param" )"
else done )"
acl_should="$( grep -Ev '^#|^$' "$acl_source" )"
fi
elif [ -f "$__object/parameter/entry" ]
then
acl_should="$( cat "$__object/parameter/entry" )"
else else
echo 'no parameters set' >&2 echo 'no parameters set' >&2
exit 1 exit 1
fi fi
# instead of setfacl's non-helpful message "Option -m: Invalid argument near character X"
# let's check if target has necessary users and groups, since mistyped or missing
# users/groups in target is most common reason.
echo "$acl_should" \
| grep -Po '(user|group):[^:]+' \
| sort -u \
| while read -r l
do
if ! grep "$l" -Fxq "$__object/explorer/getent"
then
echo "no $l' in target" | sed "s/:/ '/" >&2
exit 1
fi
done
if [ -f "$__object/parameter/default" ] if [ -f "$__object/parameter/default" ]
then then
acl_should="$( echo "$acl_should" \ acl_should="$( echo "$acl_should" \

View file

@ -12,29 +12,11 @@ Fully supported and tested on Linux (ext4 filesystem), partial support for FreeB
See ``setfacl`` and ``acl`` manpages for more details. See ``setfacl`` and ``acl`` manpages for more details.
One of ``--entry`` or ``--source`` must be used.
REQUIRED MULTIPLE PARAMETERS
OPTIONAL MULTIPLE PARAMETERS
---------------------------- ----------------------------
entry acl
Set ACL entry following ``getfacl`` output syntax. Set ACL entry following ``getfacl`` output syntax.
Must be used if ``--source`` is not used.
OPTIONAL PARAMETERS
-------------------
source
Read ACL entries from stdin or file.
Ordering of entries is not important.
When reading from file, comments and empty lines are ignored.
Must be used if ``--entry`` is not used.
file
Create/change file with ``__file`` using ``user:group:mode`` pattern.
directory
Create/change directory with ``__directory`` using ``user:group:mode`` pattern.
BOOLEAN PARAMETERS BOOLEAN PARAMETERS
@ -52,6 +34,12 @@ remove
``mask`` and ``other`` entries can't be removed, but only changed. ``mask`` and ``other`` entries can't be removed, but only changed.
DEPRECATED PARAMETERS
---------------------
Parameters ``user``, ``group``, ``mask`` and ``other`` are deprecated and they
will be removed in future versions. Please use ``acl`` parameter instead.
EXAMPLES EXAMPLES
-------- --------
@ -61,38 +49,27 @@ EXAMPLES
--default \ --default \
--recursive \ --recursive \
--remove \ --remove \
--entry user:alice:rwx \ --acl user:alice:rwx \
--entry user:bob:r-x \ --acl user:bob:r-x \
--entry group:project-group:rwx \ --acl group:project-group:rwx \
--entry group:some-other-group:r-x \ --acl group:some-other-group:r-x \
--entry mask::r-x \ --acl mask::r-x \
--entry other::r-x --acl other::r-x
# give Alice read-only access to subdir, # give Alice read-only access to subdir,
# but don't allow her to see parent content. # but don't allow her to see parent content.
__acl /srv/project2 \ __acl /srv/project2 \
--remove \ --remove \
--entry default:group:secret-project:rwx \ --acl default:group:secret-project:rwx \
--entry group:secret-project:rwx \ --acl group:secret-project:rwx \
--entry user:alice:--x --acl user:alice:--x
__acl /srv/project2/subdir \ __acl /srv/project2/subdir \
--default \ --default \
--remove \ --remove \
--entry group:secret-project:rwx \ --acl group:secret-project:rwx \
--entry user:alice:r-x --acl user:alice:r-x
# read acl from stdin
echo 'user:alice:rwx' \
| __acl /path/to/directory --source -
# create/change directory too
__acl /path/to/directory \
--default \
--remove \
--directory root:root:770 \
--entry user:nobody:rwx
AUTHORS AUTHORS

View file

@ -1,11 +0,0 @@
#!/bin/sh -e
for p in file directory
do
[ ! -f "$__object/parameter/$p" ] && continue
"__$p" "/$__object_id" \
--owner "$( awk -F: '{print $1}' "$__object/parameter/$p" )" \
--group "$( awk -F: '{print $2}' "$__object/parameter/$p" )" \
--mode "$( awk -F: '{print $3}' "$__object/parameter/$p" )"
done

View file

@ -0,0 +1 @@
see manual for details

View file

@ -0,0 +1 @@
see manual for details

View file

@ -0,0 +1 @@
see manual for details

View file

@ -0,0 +1 @@
see manual for details

View file

@ -1,3 +1,2 @@
source mask
file other
directory

View file

@ -1 +1,3 @@
entry acl
user
group

View file

@ -1,104 +0,0 @@
cdist-type__debian_backports(7)
===============================
NAME
----
cdist-type__apt_backports - Install backports
DESCRIPTION
-----------
This singleton type installs backports for the current OS release.
It aborts if backports are not supported for the specified OS or
no version codename could be fetched (like Debian unstable).
The package index will be automatically updated if required.
It supports backports from following OSes:
- Debian
- Devuan
- Ubuntu
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
state
Represents the state of the backports repository. ``present`` or
``absent``, defaults to ``present``.
Will be directly passed to :strong:`cdist-type__apt_source`\ (7).
mirror
The mirror to fetch the backports from. Will defaults to the generic
mirror of the current OS.
Will be directly passed to :strong:`cdist-type__apt_source`\ (7).
BOOLEAN PARAMETERS
------------------
None.
MESSAGES
--------
None.
EXAMPLES
--------
.. code-block:: sh
# setup the backports
__apt_backports
__apt_backports --state absent
__apt_backports --state present --mirror "http://ftp.de.debian.org/debian/"
# install a backports package
# currently for the buster release backports
require="__apt_backports" __package_apt wireguard \
--target-release buster-backports
ABORTS
------
Aborts if the detected os is not Debian.
Aborts if no distribuition codename could be detected. This is common for the
unstable distribution, but there is no backports repository for it already.
CAVEATS
-------
For Ubuntu, it setup all componenents for the backports repository: ``main``,
``restricted``, ``universe`` and ``multiverse``. The user may not want to
install proprietary packages, which will only be installed if the user
explicitly uses the backports target-release. The user may change this behavior
to install backports packages without the need of explicitly select it.
SEE ALSO
--------
`Official Debian Backports site <https://backports.debian.org/>`_
:strong:`cdist-type__apt_source`\ (7)
AUTHORS
-------
Matthias Stecher <matthiasstecher at gmx.de>
COPYING
-------
Copyright \(C) 2020 Matthias Stecher. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -1,81 +0,0 @@
#!/bin/sh -e
# __apt_backports/manifest
#
# 2020 Matthias Stecher (matthiasstecher at gmx.de)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# Enables/disables backports repository. Utilises __apt_source for it.
#
# Get the distribution codename by /etc/os-release.
# is already executed in a subshell by string substitution
# lsb_release may not be given in all installations
codename_os_release() {
# shellcheck disable=SC1090
. "$__global/explorer/os_release"
printf "%s" "$VERSION_CODENAME"
}
# detect backport distribution
os="$(cat "$__global/explorer/os")"
case "$os" in
debian)
dist="$( codename_os_release )"
components="main"
mirror="http://deb.debian.org/debian/"
;;
devuan)
dist="$( codename_os_release )"
components="main"
mirror="http://deb.devuan.org/merged"
;;
ubuntu)
dist="$( codename_os_release )"
components="main restricted universe multiverse"
mirror="http://archive.ubuntu.com/ubuntu"
;;
*)
printf "Backports for %s are not supported!\n" "$os" >&2
exit 1
;;
esac
# error if no codename given (e.g. on Debian unstable)
if [ -z "$dist" ]; then
printf "No backports for unkown version of distribution %s!\n" "$os" >&2
exit 1
fi
# parameters
state="$(cat "$__object/parameter/state")"
# mirror already set for the os, only override user-values
if [ -f "$__object/parameter/mirror" ]; then
mirror="$(cat "$__object/parameter/mirror")"
fi
# install the given backports repository
__apt_source "${dist}-backports" \
--state "$state" \
--distribution "${dist}-backports" \
--component "$components" \
--uri "$mirror"

View file

@ -1,2 +0,0 @@
state
mirror

View file

@ -32,12 +32,11 @@ EXAMPLES
AUTHORS AUTHORS
------- -------
Steven Armstrong <steven-cdist--@--armstrong.cc> Steven Armstrong <steven-cdist--@--armstrong.cc>
Dennis Camera <dennis.camera--@--ssrq-sds-fds.ch>
COPYING COPYING
------- -------
Copyright \(C) 2014 Steven Armstrong, 2020 Dennis Camera. Copyright \(C) 2014 Steven Armstrong. You can redistribute it
You can redistribute it and/or modify it under the terms of the GNU General and/or modify it under the terms of the GNU General Public License as
Public License as published by the Free Software Foundation, either version 3 of published by the Free Software Foundation, either version 3 of the
the License, or (at your option) any later version. License, or (at your option) any later version.

View file

@ -1,7 +1,6 @@
#!/bin/sh -e #!/bin/sh -e
# #
# 2014 Steven Armstrong (steven-cdist at armstrong.cc) # 2014 Steven Armstrong (steven-cdist at armstrong.cc)
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -20,28 +19,26 @@
# #
os=$(cat "${__global:?}/explorer/os") os=$(cat "$__global/explorer/os")
case ${os} case "$os" in
in ubuntu|debian|devuan)
(ubuntu|debian|devuan) # No stinking recommends thank you very much.
__file /etc/apt/apt.conf.d/00InstallRecommends --state present \ # If I want something installed I will do so myself.
--owner root --group root --mode 0644 --source - <<-'EOF' __file /etc/apt/apt.conf.d/99-no-recommends \
APT::Install-Recommends "false"; --owner root --group root --mode 644 \
APT::Install-Suggests "false"; --source - << DONE
APT::AutoRemove::RecommendsImportant "false"; APT::Install-Recommends "0";
APT::AutoRemove::SuggestsImportant "false"; APT::Install-Suggests "0";
EOF APT::AutoRemove::RecommendsImportant "0";
APT::AutoRemove::SuggestsImportant "0";
# TODO: Remove the following object after some time DONE
require=__file/etc/apt/apt.conf.d/00InstallRecommends \
__file /etc/apt/apt.conf.d/99-no-recommends --state absent
;; ;;
(*) *)
cat >&2 <<EOF cat >&2 << DONE
The developer of this type (${__type##*/}) did not think your operating system The developer of this type (${__type##*/}) did not think your operating system
($os) would have any use for it. If you think otherwise please submit a patch. ($os) would have any use for it. If you think otherwise please submit a patch.
EOF DONE
exit 1 exit 1
;; ;;
esac esac

View file

@ -1,68 +0,0 @@
cdist-type__apt_unattended_upgrades(7)
======================================
NAME
----
cdist-type__apt_unattended_upgrades - automatic installation of updates
DESCRIPTION
-----------
Install and configure unattended-upgrades package.
For more information see https://wiki.debian.org/UnattendedUpgrades.
OPTIONAL MULTIPLE PARAMETERS
----------------------------
option
Set options for unattended-upgrades. See examples.
Supported options with default values (as of 2020-01-17) are:
- AutoFixInterruptedDpkg, default is "true"
- MinimalSteps, default is "true"
- InstallOnShutdown, default is "false"
- Mail, default is "" (empty)
- MailOnlyOnError, default is "false"
- Remove-Unused-Kernel-Packages, default is "true"
- Remove-New-Unused-Dependencies, default is "true"
- Remove-Unused-Dependencies, default is "false"
- Automatic-Reboot, default is "false"
- Automatic-Reboot-WithUsers, default is "true"
- Automatic-Reboot-Time, default is "02:00"
- SyslogEnable, default is "false"
- SyslogFacility, default is "daemon"
- OnlyOnACPower, default is "true"
- Skip-Updates-On-Metered-Connections, default is "true"
- Verbose, default is "false"
- Debug, default is "false"
blacklist
Python regular expressions, matching packages to exclude from upgrading.
EXAMPLES
--------
.. code-block:: sh
__apt_unattended_upgrades \
--option Mail=root \
--option MailOnlyOnError=true \
--blacklist multipath-tools \
--blacklist open-iscsi
AUTHORS
-------
Ander Punnar <ander-at-kvlt-dot-ee>
COPYING
-------
Copyright \(C) 2020 Ander Punnar. You can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the Free
Software Foundation, either version 3 of the License, or (at your option) any
later version.

View file

@ -1,80 +0,0 @@
#!/bin/sh -e
#
# 2020 Ander Punnar (ander-at-kvlt-dot-ee)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
__package unattended-upgrades
export require='__package/unattended-upgrades'
# in normal circumstances 20auto-upgrades is managed
# by debconf and it can only contain these lines
__file /etc/apt/apt.conf.d/20auto-upgrades \
--owner root \
--group root \
--mode 644 \
--source - << EOF
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
EOF
# lets not write into upstream 50unattended-upgrades file,
# but use our own config file to avoid clashes
conf_file='/etc/apt/apt.conf.d/51unattended-upgrades-cdist'
conf='# this file is managed by cdist'
if [ -f "$__object/parameter/option" ]
then
o=''
while read -r l
do
o="$( printf '%s\nUnattended-Upgrade::%s "%s";\n' "$o" "${l%%=*}" "${l#*=}" )"
done \
< "$__object/parameter/option"
conf="$( printf '%s\n%s\n' "$conf" "$o" )"
fi
if [ -f "$__object/parameter/blacklist" ]
then
b='Unattended-Upgrade::Package-Blacklist {'
while read -r l
do
b="$( printf '%s\n"%s";\n' "$b" "$l" )"
done \
< "$__object/parameter/blacklist"
conf="$( printf '%s\n%s\n}\n' "$conf" "$b" )"
fi
if [ "$( echo "$conf" | wc -l )" -gt 1 ]
then
echo "$conf" \
| __file "$conf_file" \
--owner root \
--group root \
--mode 644 \
--source -
else
__file "$conf_file" --state absent
fi

View file

@ -1,2 +0,0 @@
option
blacklist

View file

@ -46,29 +46,28 @@ fi
remove_block() { remove_block() {
cat << DONE cat << DONE
tmpfile=\$(mktemp ${quoted_file}.cdist.XXXXXXXXXX) tmpfile=\$(mktemp ${file}.cdist.XXXXXXXXXX)
# preserve ownership and permissions of existing file # preserve ownership and permissions of existing file
if [ -f $quoted_file ]; then if [ -f "$file" ]; then
cp -p $quoted_file "\$tmpfile" cp -p "$file" "\$tmpfile"
fi fi
awk -v prefix=$(quote "$prefix") -v suffix=$(quote "$suffix") ' awk -v prefix=^$(quote "$prefix")\$ -v suffix=^$(quote "$suffix")\$ '
{ {
if (\$0 == prefix) { if (match(\$0,prefix)) {
triggered=1 triggered=1
} }
if (triggered) { if (triggered) {
if (\$0 == suffix) { if (match(\$0,suffix)) {
triggered=0 triggered=0
} }
} else { } else {
print print
} }
}' $quoted_file > "\$tmpfile" }' "$file" > "\$tmpfile"
mv -f "\$tmpfile" $quoted_file mv -f "\$tmpfile" "$file"
DONE DONE
} }
quoted_file="$(quote "$file")"
case "$state_should" in case "$state_should" in
present) present)
if [ "$state_is" = "changed" ]; then if [ "$state_is" = "changed" ]; then
@ -78,7 +77,7 @@ case "$state_should" in
echo add >> "$__messages_out" echo add >> "$__messages_out"
fi fi
cat << DONE cat << DONE
cat >> $quoted_file << '${__type##*/}_DONE' cat >> "$file" << ${__type##*/}_DONE
$(cat "$block") $(cat "$block")
${__type##*/}_DONE ${__type##*/}_DONE
DONE DONE

View file

@ -37,7 +37,6 @@ source="$(cat "$__object/parameter/source")"
# out of it # out of it
home=/home/$username home=/home/$username
# shellcheck disable=SC2086
__user "$username" --home "$home" $shell __user "$username" --home "$home" $shell
require="__user/$username" __directory "$home" \ require="__user/$username" __directory "$home" \

View file

@ -18,12 +18,7 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
if [ -f "$__object/parameter/path" ]
then
path="$( cat "$__object/parameter/path" )"
else
path="/$__object_id" path="/$__object_id"
fi
[ ! -d "$path" ] && exit 0 [ ! -d "$path" ] && exit 0

View file

@ -20,12 +20,7 @@
[ ! -s "$__object/explorer/list" ] && exit 0 [ ! -s "$__object/explorer/list" ] && exit 0
if [ -f "$__object/parameter/path" ]
then
path="$( cat "$__object/parameter/path" )"
else
path="/$__object_id" path="/$__object_id"
fi
pattern="$( cat "$__object/parameter/pattern" )" pattern="$( cat "$__object/parameter/pattern" )"

View file

@ -10,7 +10,7 @@ DESCRIPTION
----------- -----------
Remove files and directories which match the pattern. Remove files and directories which match the pattern.
Provided path must be a directory. Provided path (as __object_id) must be a directory.
Patterns are passed to ``find``'s ``-regex`` - see ``find(1)`` for more details. Patterns are passed to ``find``'s ``-regex`` - see ``find(1)`` for more details.
@ -29,9 +29,6 @@ pattern
OPTIONAL PARAMETERS OPTIONAL PARAMETERS
------------------- -------------------
path
Path which will be cleaned. Defaults to ``$__object_id``.
exclude exclude
Pattern of files which are excluded from removal. Pattern of files which are excluded from removal.
@ -49,11 +46,6 @@ EXAMPLES
--exclude '.+\(charset\.conf\|security\.conf\)' \ --exclude '.+\(charset\.conf\|security\.conf\)' \
--onchange 'service apache2 restart' --onchange 'service apache2 restart'
__clean_path apache2-conf-enabled \
--path /etc/apache2/conf-enabled \
--pattern '.+' \
--exclude '.+\(charset\.conf\|security\.conf\)' \
--onchange 'service apache2 restart'
AUTHORS AUTHORS
------- -------

View file

@ -1,3 +1,2 @@
exclude exclude
onchange onchange
path

View file

@ -116,9 +116,6 @@ verify-incoming
verify-outgoing verify-outgoing
enforce the use of TLS and verify the peers authenticity on outgoing connections enforce the use of TLS and verify the peers authenticity on outgoing connections
use-distribution-package
uses distribution package instead of upstream binary
EXAMPLES EXAMPLES
-------- --------

View file

@ -1,8 +1,7 @@
#!/bin/sh -e #!/bin/sh -e
# #
# 2015 Steven Armstrong (steven-cdist at armstrong.cc) # 2015 Steven Armstrong (steven-cdist at armstrong.cc)
# 2015-2020 Nico Schottelius (nico-cdist at schottelius.org) # 2015-2019 Nico Schottelius (nico-cdist at schottelius.org)
# 2019 Timothée Floure (timothee.floure at ungleich.ch)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -20,229 +19,66 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
os=$(cat "$__global/explorer/os") os=$(cat "$__global/explorer/os")
###
# Type parameters.
state="$(cat "$__object/parameter/state")"
user="$(cat "$__object/parameter/user")"
group="$(cat "$__object/parameter/group")"
release=$(cat "$__global/explorer/lsb_release")
if [ -f "$__object/parameter/use-distribution-package" ]; then
use_distribution_package=1
fi
###
# Those are default that might be overriden by os-specific logic.
data_dir="/var/lib/consul"
tls_dir="$conf_dir/tls"
case "$os" in
alpine)
conf_dir="/etc/consul"
conf_file="server.json"
;;
*)
conf_dir="/etc/consul/conf.d"
conf_file="config.json"
;;
esac
###
# Sane deployment, based on distribution package when available.
distribution_setup () {
case "$os" in
debian)
# consul is only available starting Debian 10 (buster).
# See https://packages.debian.org/buster/consul
if [ "$release" -lt 10 ]; then
echo "Consul is not available for your debian release." >&2
echo "Please use the 'manual' (i.e. non-package) installation or \
upgrade the target system." >&2
exit 1
fi
# Override previously defined environment to match debian packaging.
conf_dir='/etc/consul.d'
user='consul'
group='consul'
;;
alpine)
# consul is only available starting Alpine 3.12 (= edge during the 3.11 cycle).
# See https://pkgs.alpinelinux.org/packages?name=consul&branch=edge
# Override previously defined environment to match alpine packaging.
conf_dir='/etc/consul'
conf_file='server.json'
data_dir='/var/consul'
user='consul'
group='consul'
;;
*)
echo "Your operating system ($os) is currently not supported with the \
--use-distribution-package flag (${__type##*/})." >&2
echo "Please use non-package installation or contribute an \
implementation for if you can." >&2
exit 1
;;
esac
# Install consul package.
__package consul --state "$state"
export config_deployment_requires="__package/consul"
}
###
# LEGACY manual deployment, kept for compatibility reasons.
init_sysvinit()
{
__file /etc/init.d/consul \
--owner root --group root --mode 0755 \
--state "$state" \
--source "$__type/files/consul.sysv-$1"
require="__file/etc/init.d/consul" __start_on_boot consul
}
init_systemd()
{
__file /lib/systemd/system/consul.service \
--owner root --group root --mode 0644 \
--state "$state" \
--source "$__type/files/consul.systemd"
require="__file/lib/systemd/system/consul.service" __start_on_boot consul
}
init_upstart()
{
__file /etc/init/consul-prepare.conf \
--owner root --group root --mode 0644 \
--state "$state" \
--source "$__type/files/consul-prepare.upstart"
require="__file/etc/init/consul-prepare.conf" \
__file /etc/init/consul.conf \
--owner root --group root --mode 0644 \
--state "$state" \
--source "$__type/files/consul.upstart"
require="__file/etc/init/consul.conf" __start_on_boot consul
}
manual_setup () {
case "$os" in case "$os" in
alpine|scientific|centos|debian|devuan|redhat|ubuntu) alpine|scientific|centos|debian|devuan|redhat|ubuntu)
# whitelist safeguard # whitelist safeguard
: :
;; ;;
*) *)
echo "Your operating system ($os) is currently not supported by this \ echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
type (${__type##*/})." >&2
echo "Please contribute an implementation for it if you can." >&2 echo "Please contribute an implementation for it if you can." >&2
exit 1 exit 1
;; ;;
esac esac
state="$(cat "$__object/parameter/state")"
user="$(cat "$__object/parameter/user")"
group="$(cat "$__object/parameter/group")"
data_dir="/var/lib/consul"
conf_dir="/etc/consul/conf.d"
conf_file="config.json"
# FIXME: there has got to be a better way to handle the dependencies in this case # FIXME: there has got to be a better way to handle the dependencies in this case
case "$state" in case "$state" in
present) present)
__group "$group" --system --state "$state" __group "$group" --system --state "$state"
require="__group/$group" __user "$user" \ require="__group/$group" \
--system --gid "$group" --home "$data_dir" --state "$state" __user "$user" --system --gid "$group" \
--home "$data_dir" --state "$state"
export require="__user/consul"
;; ;;
*) absent)
echo "The $state state is not (yet?) supported by this type." >&2 echo "Sorry, state=absent currently not supported :-(" >&2
exit 1 exit 1
require="$__object_name" \
__user "$user" --system --gid "$group" --state "$state"
require="__user/$user" \
__group "$group" --system --state "$state"
;; ;;
esac esac
# Create data directory. __directory /etc/consul \
require="__user/consul" __directory "$data_dir" \ --owner root --group "$group" --mode 750 --state "$state"
--owner "$user" --group "$group" --mode 770 --state "$state" require="__directory/etc/consul" \
__directory "$conf_dir" \
# Create config directory.
require="__user/consul" __directory "$conf_dir" \
--parents --owner root --group "$group" --mode 750 --state "$state"
# Install init script to start on boot
case "$os" in
devuan)
init_sysvinit debian
;;
centos|redhat)
os_version="$(sed 's/[^0-9.]//g' "$__global/explorer/os_version")"
major_version="${os_version%%.*}"
case "$major_version" in
[456])
init_sysvinit redhat
;;
7)
init_systemd
;;
*)
echo "Unsupported CentOS/Redhat version: $os_version" >&2
exit 1
;;
esac
;;
debian)
os_version=$(cat "$__global/explorer/os_version")
major_version="${os_version%%.*}"
case "$major_version" in
[567])
init_sysvinit debian
;;
[89]|10)
init_systemd
;;
*)
echo "Unsupported Debian version $os_version" >&2
exit 1
;;
esac
;;
ubuntu)
init_upstart
;;
esac
config_deployment_requires="__user/consul __directory/$conf_dir"
}
###
# Trigger requested installation method.
if [ $use_distribution_package ]; then
distribution_setup
else
manual_setup
fi
###
# Install TLS certificates.
if [ -f "$__object/parameter/ca-file-source" ] || \
[ -f "$__object/parameter/cert-file-source" ] || \
[ -f "$__object/parameter/key-file-source" ]; then
requires="$config_deployment_requires" __directory "$tls_dir" \
--owner root --group "$group" --mode 750 --state "$state" --owner root --group "$group" --mode 750 --state "$state"
# Append to service restart requirements. if [ -f "$__object/parameter/ca-file-source" ] || [ -f "$__object/parameter/cert-file-source" ] || [ -f "$__object/parameter/key-file-source" ]; then
restart_requires="$restart_requires __directory/$conf_dir/tls" # create directory for ssl certs
require="__directory/etc/consul" \
__directory /etc/consul/ssl \
--owner root --group "$group" --mode 750 --state "$state"
fi fi
### __directory "$data_dir" \
# Generate and deploy configuration. --owner "$user" --group "$group" --mode 770 --state "$state"
json_configuration=$(
# Generate json config file
(
echo "{" echo "{"
# parameters we define ourself # parameters we define ourself
@ -251,11 +87,11 @@ json_configuration=$(
cd "$__object/parameter/" cd "$__object/parameter/"
for param in *; do for param in *; do
case "$param" in case "$param" in
state|user|group|json-config|use-distribution-package) continue ;; state|user|group|json-config) continue ;;
ca-file-source|cert-file-source|key-file-source) ca-file-source|cert-file-source|key-file-source)
source="$(cat "$__object/parameter/$param")" source="$(cat "$__object/parameter/$param")"
destination="$tls_dir/${source##*/}" destination="/etc/consul/ssl/${source##*/}"
require="__directory/$tls_dir" \ require="__directory/etc/consul/ssl" \
__file "$destination" \ __file "$destination" \
--owner root --group consul --mode 640 \ --owner root --group consul --mode 640 \
--source "$source" \ --source "$source" \
@ -263,8 +99,7 @@ json_configuration=$(
key="$(echo "${param%-*}" | tr '-' '_')" key="$(echo "${param%-*}" | tr '-' '_')"
printf ' ,"%s": "%s"\n' "$key" "$destination" printf ' ,"%s": "%s"\n' "$key" "$destination"
;; ;;
disable-remote-exec|disable-update-check|leave-on-terminate\ disable-remote-exec|disable-update-check|leave-on-terminate|rejoin-after-leave|server|enable-syslog|verify-incoming|verify-outgoing)
|rejoin-after-leave|server|enable-syslog|verify-incoming|verify-outgoing)
# handle boolean parameters # handle boolean parameters
key="$(echo "$param" | tr '-' '_')" key="$(echo "$param" | tr '-' '_')"
printf ' ,"%s": true\n' "$key" printf ' ,"%s": true\n' "$key"
@ -304,16 +139,87 @@ json_configuration=$(
printf ' ,%s\n' "$json" printf ' ,%s\n' "$json"
fi fi
echo "}" echo "}"
) ) | \
echo "$json_configuration" | require="$config_deployment_requires" \ require="__directory${conf_dir}" \
__file "$conf_dir/$conf_file" \ __config_file "${conf_dir}/${conf_file}" \
--owner root --group "$group" --mode 640 \ --owner root --group "$group" --mode 640 \
--state "$state" \ --state "$state" \
--onchange 'service consul status >/dev/null && service consul reload || true' \
--source - --source -
# Set configuration deployment as requirement for service restart. init_sysvinit()
restart_requires="__file/$conf_dir/$conf_file" {
__file /etc/init.d/consul \
--owner root --group root --mode 0755 \
--state "$state" \
--source "$__type/files/consul.sysv-$1"
require="__file/etc/init.d/consul" __start_on_boot consul
}
### init_systemd()
# Restart consul agent after everything else. {
require="$restart_requires" __service consul --action restart __file /lib/systemd/system/consul.service \
--owner root --group root --mode 0644 \
--state "$state" \
--source "$__type/files/consul.systemd"
require="__file/lib/systemd/system/consul.service" __start_on_boot consul
}
init_upstart()
{
__file /etc/init/consul-prepare.conf \
--owner root --group root --mode 0644 \
--state "$state" \
--source "$__type/files/consul-prepare.upstart"
require="__file/etc/init/consul-prepare.conf" \
__file /etc/init/consul.conf \
--owner root --group root --mode 0644 \
--state "$state" \
--source "$__type/files/consul.upstart"
require="__file/etc/init/consul.conf" __start_on_boot consul
}
# Install init script to start on boot
case "$os" in
devuan)
init_sysvinit debian
;;
centos|redhat)
os_version="$(sed 's/[^0-9.]//g' "$__global/explorer/os_version")"
major_version="${os_version%%.*}"
case "$major_version" in
[456])
init_sysvinit redhat
;;
7)
init_systemd
;;
*)
echo "Unsupported CentOS/Redhat version: $os_version" >&2
exit 1
;;
esac
;;
debian)
os_version=$(cat "$__global/explorer/os_version")
major_version="${os_version%%.*}"
case "$major_version" in
[567])
init_sysvinit debian
;;
[89])
init_systemd
;;
*)
echo "Unsupported Debian version $os_version" >&2
exit 1
;;
esac
;;
ubuntu)
init_upstart
;;
esac

View file

@ -6,4 +6,3 @@ server
enable-syslog enable-syslog
verify-incoming verify-incoming
verify-outgoing verify-outgoing
use-distribution-package

View file

@ -1 +0,0 @@
../../__consul_service/explorer/conf-dir

View file

@ -19,7 +19,7 @@
# #
name="$(cat "$__object/parameter/name" 2>/dev/null || echo "$__object_id")" name="$(cat "$__object/parameter/name" 2>/dev/null || echo "$__object_id")"
conf_dir=$(cat "$__object/explorer/conf-dir") conf_dir="/etc/consul/conf.d"
conf_file="check_${name}.json" conf_file="check_${name}.json"
state="$(cat "$__object/parameter/state")" state="$(cat "$__object/parameter/state")"

View file

@ -1,15 +0,0 @@
# Determine the configuration directory used by consul.
check_dir () {
if [ -d "$1" ]; then
printf '%s' "$1"
exit
fi
}
check_dir '/etc/consul/conf.d'
check_dir '/etc/consul.d'
check_dir '/etc/consul'
echo 'Could not determine consul configuration dir. Exiting.' >&2
exit 1

View file

@ -19,7 +19,7 @@
# #
name="$(cat "$__object/parameter/name" 2>/dev/null || echo "$__object_id")" name="$(cat "$__object/parameter/name" 2>/dev/null || echo "$__object_id")"
conf_dir=$(cat "$__object/explorer/conf-dir") conf_dir="/etc/consul/conf.d"
conf_file="service_${name}.json" conf_file="service_${name}.json"
state="$(cat "$__object/parameter/state")" state="$(cat "$__object/parameter/state")"
@ -45,7 +45,7 @@ printf ' "name": "%s"\n' "$name"
cd "$__object/parameter/" cd "$__object/parameter/"
for param in *; do for param in *; do
case "$param" in case "$param" in
state|name|check-interval|conf-dir) continue ;; state|name|check-interval) continue ;;
check-script) check-script)
printf ' ,"check": {\n' printf ' ,"check": {\n'
printf ' "script": "%s"\n' "$(cat "$__object/parameter/check-script")" printf ' "script": "%s"\n' "$(cat "$__object/parameter/check-script")"
@ -86,6 +86,7 @@ echo " }"
# end json file # end json file
echo "}" echo "}"
) | \ ) | \
require="__directory${conf_dir}" \
__config_file "${conf_dir}/${conf_file}" \ __config_file "${conf_dir}/${conf_file}" \
--owner root --group consul --mode 640 \ --owner root --group consul --mode 640 \
--state "$state" \ --state "$state" \

View file

@ -1 +0,0 @@
../../__consul_service/explorer/conf-dir

View file

@ -20,7 +20,7 @@
cdist_type="${__type##*/}" cdist_type="${__type##*/}"
watch_type="${cdist_type##*_}" watch_type="${cdist_type##*_}"
conf_dir=$(cat "$__object/explorer/conf-dir") conf_dir="/etc/consul/conf.d"
conf_file="watch_${watch_type}_${__object_id}.json" conf_file="watch_${watch_type}_${__object_id}.json"
state="$(cat "$__object/parameter/state")" state="$(cat "$__object/parameter/state")"

View file

@ -1 +0,0 @@
../../__consul_service/explorer/conf-dir

View file

@ -20,7 +20,7 @@
cdist_type="${__type##*/}" cdist_type="${__type##*/}"
watch_type="${cdist_type##*_}" watch_type="${cdist_type##*_}"
conf_dir=$(cat "$__object/explorer/conf-dir") conf_dir="/etc/consul/conf.d"
conf_file="watch_${watch_type}_${__object_id}.json" conf_file="watch_${watch_type}_${__object_id}.json"
state="$(cat "$__object/parameter/state")" state="$(cat "$__object/parameter/state")"

View file

@ -1 +0,0 @@
../../__consul_service/explorer/conf-dir

View file

@ -20,7 +20,7 @@
cdist_type="${__type##*/}" cdist_type="${__type##*/}"
watch_type="${cdist_type##*_}" watch_type="${cdist_type##*_}"
conf_dir=$(cat "$__object/explorer/conf-dir") conf_dir="/etc/consul/conf.d"
conf_file="watch_${watch_type}_${__object_id}.json" conf_file="watch_${watch_type}_${__object_id}.json"
state="$(cat "$__object/parameter/state")" state="$(cat "$__object/parameter/state")"

View file

@ -1 +0,0 @@
../../__consul_service/explorer/conf-dir

View file

@ -20,7 +20,7 @@
cdist_type="${__type##*/}" cdist_type="${__type##*/}"
watch_type="${cdist_type##*_}" watch_type="${cdist_type##*_}"
conf_dir=$(cat "$__object/explorer/conf-dir") conf_dir="/etc/consul/conf.d"
conf_file="watch_${watch_type}_${__object_id}.json" conf_file="watch_${watch_type}_${__object_id}.json"
state="$(cat "$__object/parameter/state")" state="$(cat "$__object/parameter/state")"

View file

@ -1 +0,0 @@
../../__consul_service/explorer/conf-dir

View file

@ -20,7 +20,7 @@
cdist_type="${__type##*/}" cdist_type="${__type##*/}"
watch_type="${cdist_type##*_}" watch_type="${cdist_type##*_}"
conf_dir=$(cat "$__object/explorer/conf-dir") conf_dir="/etc/consul/conf.d"
conf_file="watch_${watch_type}_${__object_id}.json" conf_file="watch_${watch_type}_${__object_id}.json"
state="$(cat "$__object/parameter/state")" state="$(cat "$__object/parameter/state")"

View file

@ -1 +0,0 @@
../../__consul_service/explorer/conf-dir

View file

@ -20,7 +20,7 @@
cdist_type="${__type##*/}" cdist_type="${__type##*/}"
watch_type="${cdist_type##*_}" watch_type="${cdist_type##*_}"
conf_dir=$(cat "$__object/explorer/conf-dir") conf_dir="/etc/consul/conf.d"
conf_file="watch_${watch_type}_${__object_id}.json" conf_file="watch_${watch_type}_${__object_id}.json"
state="$(cat "$__object/parameter/state")" state="$(cat "$__object/parameter/state")"

View file

@ -1 +0,0 @@
../../__consul_service/explorer/conf-dir

View file

@ -20,7 +20,7 @@
cdist_type="${__type##*/}" cdist_type="${__type##*/}"
watch_type="${cdist_type##*_}" watch_type="${cdist_type##*_}"
conf_dir=$(cat "$__object/explorer/conf-dir") conf_dir="/etc/consul/conf.d"
conf_file="watch_${watch_type}_${__object_id}.json" conf_file="watch_${watch_type}_${__object_id}.json"
state="$(cat "$__object/parameter/state")" state="$(cat "$__object/parameter/state")"

View file

@ -31,28 +31,24 @@ if [ -f "$__object/parameter/raw" ]; then
elif [ -f "$__object/parameter/raw_command" ]; then elif [ -f "$__object/parameter/raw_command" ]; then
entry="$command" entry="$command"
else else
minute="$(cat "$__object/parameter/minute")" minute="$(cat "$__object/parameter/minute" 2>/dev/null || echo "*")"
hour="$(cat "$__object/parameter/hour")" hour="$(cat "$__object/parameter/hour" 2>/dev/null || echo "*")"
day_of_month="$(cat "$__object/parameter/day_of_month")" day_of_month="$(cat "$__object/parameter/day_of_month" 2>/dev/null || echo "*")"
month="$(cat "$__object/parameter/month")" month="$(cat "$__object/parameter/month" 2>/dev/null || echo "*")"
day_of_week="$(cat "$__object/parameter/day_of_week")" day_of_week="$(cat "$__object/parameter/day_of_week" 2>/dev/null || echo "*")"
entry="$minute $hour $day_of_month $month $day_of_week $command # $name" entry="$minute $hour $day_of_month $month $day_of_week $command # $name"
fi fi
mkdir "$__object/files" mkdir "$__object/files"
echo "$entry" > "$__object/files/entry" echo "$entry" > "$__object/files/entry"
if [ -s "$__object/explorer/entry" ]; then
if diff -q "$__object/files/entry" "$__object/explorer/entry" >/dev/null; then if diff -q "$__object/files/entry" "$__object/explorer/entry" >/dev/null; then
state_is=present state_is=present
else
state_is=modified
fi
else else
state_is=absent state_is=absent
fi fi
state_should="$(cat "$__object/parameter/state")" state_should="$(cat "$__object/parameter/state" 2>/dev/null || echo "present")"
[ "$state_is" = "$state_should" ] && exit 0 [ "$state_is" = "$state_should" ] && exit 0

View file

@ -21,11 +21,6 @@ command
OPTIONAL PARAMETERS OPTIONAL PARAMETERS
------------------- -------------------
**NOTE**: All time-related parameters (``--minute``, ``--hour``, ``--day_of_month``
``--month`` and ``--day_of_week``) defaults to ``*``, which means to execute it
**always**. If you set ``--hour 0`` to execute the cronjob only at midnight, it
will execute **every** minute in the first hour of the morning all days.
state state
Either present or absent. Defaults to present. Either present or absent. Defaults to present.
minute minute

View file

@ -22,12 +22,3 @@ if [ -f "$__object/parameter/raw" ] && [ -f "$__object/parameter/raw_command" ];
echo "ERROR: both raw and raw_command specified" >&2 echo "ERROR: both raw and raw_command specified" >&2
exit 1 exit 1
fi fi
case "$(cat "$__object/parameter/state")" in
present) ;;
absent) ;;
*)
echo "ERROR: unkown cron state" >&2
exit 2
esac

View file

@ -1 +0,0 @@
*

View file

@ -1 +0,0 @@
present

View file

@ -1,7 +1,6 @@
#!/bin/sh #!/bin/sh
# #
# 2013 Steven Armstrong (steven-cdist armstrong.cc) # 2013 Steven Armstrong (steven-cdist armstrong.cc)
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -21,51 +20,59 @@
destination="/$__object_id" destination="/$__object_id"
fallback() {
# Patch the output together, manually
ls_line=$(ls -ldn "$destination")
uid=$(echo "$ls_line" | awk '{ print $3 }')
gid=$(echo "$ls_line" | awk '{ print $4 }')
owner=$(awk -F: -v uid="$uid" '$3 == uid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/passwd)
group=$(awk -F: -v gid="$gid" '$3 == gid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/group)
mode_text=$(echo "$ls_line" | awk '{ print $1 }')
mode=$(echo "$mode_text" | awk '{for(i=8;i>=0;--i){c=substr($1,10-i,1);k+=((c~/[rwxst]/)*2^i);if(!(i%3))k+=(tolower(c)~/[lst]/)*2^(9+i/3)}printf("%04o",k)}')
printf 'type: %s\nowner: %d %s\ngroup: %d %s\nmode: %s %s\n' \
"$("$__type_explorer/type")" \
"$uid" "$owner" \
"$gid" "$group" \
"$mode" "$mode_text"
}
# nothing to work with, nothing we could do # nothing to work with, nothing we could do
[ -e "$destination" ] || exit 0 [ -e "$destination" ] || exit 0
command -v stat >/dev/null 2>&1 || { os=$("$__explorer/os")
fallback case "$os" in
exit "freebsd"|"netbsd"|"openbsd"|"macosx")
} stat -f "type: %HT
case $("$__explorer/os")
in
freebsd|netbsd|openbsd|macosx)
stat -f 'type: %HT
owner: %Du %Su owner: %Du %Su
group: %Dg %Sg group: %Dg %Sg
mode: %Mp%03Lp %Sp mode: %Lp %Sp
' "$destination" | awk '/^type/ { print tolower($0); next } { print }' " "$destination" | awk '/^type/ { print tolower($0); next; } { print; }'
;; ;;
*) alpine)
# NOTE: Do not use --printf here as it is not supported by BusyBox stat. stat -c "type: %F
# NOTE: BusyBox's stat might not support the "-c" option, in which case
# we fall through to the shell fallback.
stat -c 'type: %F
owner: %u %U owner: %u %U
group: %g %G group: %g %G
mode: %04a %A' "$destination" 2>/dev/null || fallback mode: %a %A
" "$destination"
;;
solaris)
ls1="$( ls -ld "$destination" )"
ls2="$( ls -ldn "$destination" )"
if [ -f "$__object/parameter/mode" ]
then mode_should="$( cat "$__object/parameter/mode" )"
fi
# yes, it is ugly hack, but if you know better way...
if [ -z "$( find "$destination" -perm "$mode_should" )" ]
then octets=888
else octets="$( echo "$mode_should" | sed 's/^0//' )"
fi
case "$( echo "$ls1" | cut -c1-1 )" in
-) echo 'type: regular file' ;;
d) echo 'type: directory' ;;
esac
echo "owner: $( echo "$ls2" \
| awk '{print $3}' ) $( echo "$ls1" \
| awk '{print $3}' )"
echo "group: $( echo "$ls2" \
| awk '{print $4}' ) $( echo "$ls1" \
| awk '{print $4}' )"
echo "mode: $octets $( echo "$ls1" | awk '{print $1}' )"
;;
*)
stat --printf="type: %F
owner: %u %U
group: %g %G
mode: %a %A
" "$destination"
;; ;;
esac esac

View file

@ -3,7 +3,6 @@
# 2011-2013 Nico Schottelius (nico-cdist at schottelius.org) # 2011-2013 Nico Schottelius (nico-cdist at schottelius.org)
# 2013 Steven Armstrong (steven-cdist armstrong.cc) # 2013 Steven Armstrong (steven-cdist armstrong.cc)
# 2014 Daniel Heule (hda at sfs.biz) # 2014 Daniel Heule (hda at sfs.biz)
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -22,8 +21,8 @@
# #
destination="/$__object_id" destination="/$__object_id"
state_should=$(cat "$__object/parameter/state") state_should="$(cat "$__object/parameter/state")"
type=$(cat "$__object/explorer/type") type="$(cat "$__object/explorer/type")"
stat_file="$__object/explorer/stat" stat_file="$__object/explorer/stat"
# variable to keep track if we have to set directory attributes # variable to keep track if we have to set directory attributes
@ -73,7 +72,7 @@ set_mode() {
} }
case "$state_should" in case "$state_should" in
present|exists) present)
if [ "$type" != "directory" ]; then if [ "$type" != "directory" ]; then
set_attributes=1 set_attributes=1
if [ "$type" != "none" ]; then if [ "$type" != "none" ]; then
@ -84,10 +83,6 @@ case "$state_should" in
fi fi
echo "mkdir $mkdiropt '$destination'" echo "mkdir $mkdiropt '$destination'"
echo "create" >> "$__messages_out" echo "create" >> "$__messages_out"
elif [ "$state_should" = 'exists' ]; then
# The type is directory and --state exists. We are done and do not
# check or set the attributes.
exit 0
fi fi
# Note: Mode - needs to happen last as a chown/chgrp can alter mode by # Note: Mode - needs to happen last as a chown/chgrp can alter mode by
@ -97,11 +92,9 @@ case "$state_should" in
value_should="$(cat "$__object/parameter/$attribute")" value_should="$(cat "$__object/parameter/$attribute")"
value_is="$(get_current_value "$attribute" "$value_should")" value_is="$(get_current_value "$attribute" "$value_should")"
# format mode in four digits => same as stat returns # change 0xxx format to xxx format => same as stat returns
if [ "$attribute" = mode ]; then if [ "$attribute" = mode ]; then
# Convert to four-digit octal number (printf interprets value_should="$(echo "$value_should" | sed 's/^0\(...\)/\1/')"
# strings with leading 0s as octal!)
value_should=$(printf '%04o' "0${value_should}")
fi fi
if [ "$set_attributes" = 1 ] || [ "$value_should" != "$value_is" ]; then if [ "$set_attributes" = 1 ] || [ "$value_should" != "$value_is" ]; then
@ -110,26 +103,6 @@ case "$state_should" in
fi fi
done done
;; ;;
pre-exists)
case $type in
directory)
# all good
exit 0
;;
none)
printf 'Directory "%s" does not exist\n' "$destination" >&2
exit 1
;;
file|symlink)
printf 'File "%s" exists and is a %s, but should be a directory\n' "$destination" "$type" >&2
exit 1
;;
*)
printf 'File or directory "%s" is in an unknown state\n' "$destination" >&2
exit 1
;;
esac
;;
absent) absent)
if [ "$type" = "directory" ]; then if [ "$type" = "directory" ]; then
echo "rm -rf '$destination'" echo "rm -rf '$destination'"

View file

@ -19,18 +19,7 @@ None.
OPTIONAL PARAMETERS OPTIONAL PARAMETERS
------------------- -------------------
state state
'present', 'absent', 'exists' or 'pre-exists', defaults to 'present' where: 'present' or 'absent', defaults to 'present'
present
the directory exists and the given attributes are set.
absent
the directory does not exist.
exists
the directory exists, but its attributes are not altered if it already
existed.
pre-exists
check that the directory exists and is indeed a directory, but do not
create or modify it.
group group
Group to chgrp to. Group to chgrp to.

View file

@ -25,9 +25,6 @@ user
OPTIONAL PARAMETERS OPTIONAL PARAMETERS
------------------- -------------------
dirmode
forwarded to :strong:`__directory` type as mode
mode mode
forwarded to :strong:`__file` type forwarded to :strong:`__file` type

View file

@ -19,7 +19,6 @@ set -eu
user="$(cat "${__object}/parameter/user")" user="$(cat "${__object}/parameter/user")"
home="$(cat "${__object}/explorer/home")" home="$(cat "${__object}/explorer/home")"
primary_group="$(cat "${__object}/explorer/primary_group")" primary_group="$(cat "${__object}/explorer/primary_group")"
dirmode="$(cat "${__object}/parameter/dirmode")"
# Create parent directory. Type __directory has flag 'parents', but it # Create parent directory. Type __directory has flag 'parents', but it
# will leave us with root-owned directory in user home, which is not # will leave us with root-owned directory in user home, which is not
@ -37,7 +36,6 @@ export CDIST_ORDER_DEPENDENCY
for dir ; do for dir ; do
__directory "${home}/${dir}" \ __directory "${home}/${dir}" \
--group "${primary_group}" \ --group "${primary_group}" \
--mode "${dirmode}" \
--owner "${user}" --owner "${user}"
done done

View file

@ -1,4 +1,3 @@
state state
mode mode
source source
dirmode

View file

@ -1,19 +0,0 @@
#!/bin/sh -e
if [ -f "$__object/parameter/cmd-get" ]
then
cmd="$( cat "$__object/parameter/cmd-get" )"
elif command -v curl > /dev/null
then
cmd="curl -L -o - '%s'"
elif command -v fetch > /dev/null
then
cmd="fetch -o - '%s'"
else
cmd="wget -O - '%s'"
fi
echo "$cmd"

View file

@ -1,72 +0,0 @@
#!/bin/sh -e
dst="/$__object_id"
if [ ! -f "$dst" ]
then
echo 'absent'
exit 0
fi
sum_should="$( cat "$__object/parameter/sum" )"
if [ -f "$__object/parameter/cmd-sum" ]
then
# shellcheck disable=SC2059
sum_is="$( eval "$( printf \
"$( cat "$__object/parameter/cmd-sum" )" \
"$dst" )" )"
else
os="$( "$__explorer/os" )"
if echo "$sum_should" | grep -Eq '^[0-9]+\s[0-9]+$'
then
sum_is="$( cksum "$dst" | awk '{print $1" "$2}' )"
elif echo "$sum_should" | grep -Eiq '^md5:[a-f0-9]{32}$'
then
case "$os" in
freebsd)
sum_is="md5:$( md5 -q "$dst" )"
;;
*)
sum_is="md5:$( md5sum "$dst" | awk '{print $1}' )"
;;
esac
elif echo "$sum_should" | grep -Eiq '^sha1:[a-f0-9]{40}$'
then
case "$os" in
freebsd)
sum_is="sha1:$( sha1 -q "$dst" )"
;;
*)
sum_is="sha1:$( sha1sum "$dst" | awk '{print $1}' )"
;;
esac
elif echo "$sum_should" | grep -Eiq '^sha256:[a-f0-9]{64}$'
then
case "$os" in
freebsd)
sum_is="sha256:$( sha256 -q "$dst" )"
;;
*)
sum_is="sha256:$( sha256sum "$dst" | awk '{print $1}' )"
;;
esac
fi
fi
if [ -z "$sum_is" ]
then
echo 'no checksum from target' >&2
exit 1
fi
if [ "$sum_is" = "$sum_should" ]
then
echo 'present'
else
echo 'mismatch'
fi

View file

@ -1,58 +0,0 @@
#!/bin/sh -e
download="$( cat "$__object/parameter/download" )"
state_is="$( cat "$__object/explorer/state" )"
if [ "$download" != 'local' ] || [ "$state_is" = 'present' ]
then
exit 0
fi
url="$( cat "$__object/parameter/url" )"
tmp="$( mktemp )"
dst="/$__object_id"
if [ -f "$__object/parameter/cmd-get" ]
then
cmd="$( cat "$__object/parameter/cmd-get" )"
elif command -v wget > /dev/null
then
cmd="wget -O - '%s'"
elif command -v curl > /dev/null
then
cmd="curl -L -o - '%s'"
elif command -v fetch > /dev/null
then
cmd="fetch -o - '%s'"
else
echo 'no usable locally installed utility for downloading' >&2
exit 1
fi
printf "$cmd > %s\n" \
"$url" \
"$tmp"
if echo "$__target_host" | grep -Eq '^[0-9a-fA-F:]+$'
then
target_host="[$__target_host]"
else
target_host="$__target_host"
fi
printf '%s %s %s:%s\n' \
"$__remote_copy" \
"$tmp" \
"$target_host" \
"$dst"
echo "rm -f '$tmp'"
echo 'downloaded' > "$__messages_out"

View file

@ -1,25 +0,0 @@
#!/bin/sh -e
download="$( cat "$__object/parameter/download" )"
state_is="$( cat "$__object/explorer/state" )"
if [ "$download" = 'remote' ] && [ "$state_is" != 'present' ]
then
cmd="$( cat "$__object/explorer/remote_cmd" )"
url="$( cat "$__object/parameter/url" )"
dst="/$__object_id"
printf "$cmd > %s\n" \
"$url" \
"$dst"
echo 'downloaded' > "$__messages_out"
fi
if [ -f "$__object/parameter/onchange" ] && [ "$state_is" != "present" ]
then
cat "$__object/parameter/onchange"
fi

View file

@ -1,87 +0,0 @@
cdist-type__download(7)
=======================
NAME
----
cdist-type__download - Download a file
DESCRIPTION
-----------
Destination (``$__object_id``) in target host must be persistent storage
in order to calculate checksum and decide if file must be (re-)downloaded.
By default type will try to use ``wget``, ``curl`` or ``fetch``.
If download happens in target (see ``--download``) then type will
fallback to (and install) ``wget``.
If download happens in local machine, then environment variables like
``{http,https,ftp}_proxy`` etc can be used on cdist execution
(``http_proxy=foo cdist config ...``).
REQUIRED PARAMETERS
-------------------
url
File's URL.
sum
Checksum of file going to be downloaded.
By default output of ``cksum`` without filename is expected.
Other hash formats supported with prefixes: ``md5:``, ``sha1:`` and ``sha256:``.
OPTIONAL PARAMETERS
-------------------
download
If ``local`` (default), then download file to local storage and copy
it to target host. If ``remote``, then download happens in target.
cmd-get
Command used for downloading.
Command must output to ``stdout``.
Parameter will be used for ``printf`` and must include only one
format specification ``%s`` which will become URL.
For example: ``wget -O - '%s'``.
cmd-sum
Command used for checksum calculation.
Command output and ``--sum`` parameter must match.
Parameter will be used for ``printf`` and must include only one
format specification ``%s`` which will become destination.
For example: ``md5sum '%s' | awk '{print $1}'``.
onchange
Execute this command after download.
EXAMPLES
--------
.. code-block:: sh
__directory /opt/cpma
require='__directory/opt/cpma' \
__download /opt/cpma/cnq3.zip \
--url https://cdn.playmorepromode.com/files/cnq3/cnq3-1.51.zip \
--sum md5:46da3021ca9eace277115ec9106c5b46
require='__download/opt/cpma/cnq3.zip' \
__unpack /opt/cpma/cnq3.zip \
--backup-destination \
--preserve-archive \
--destination /opt/cpma/server
AUTHORS
-------
Ander Punnar <ander-at-kvlt-dot-ee>
COPYING
-------
Copyright \(C) 2020 Ander Punnar. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -1,6 +0,0 @@
#!/bin/sh -e
if grep -Eq '^wget' "$__object/explorer/remote_cmd"
then
__package wget
fi

View file

@ -1,4 +0,0 @@
cmd-get
cmd-sum
download
onchange

View file

@ -1,2 +0,0 @@
url
sum

View file

@ -1,26 +0,0 @@
#!/bin/sh -e
# __dpkg_architecture/explorer/architecture
#
# 2020 Matthias Stecher <matthiasstecher at gmx.de>
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# Get the main architecture of this machine
# print or die in the gencode-remote
dpkg --print-architecture || true

View file

@ -1,26 +0,0 @@
#!/bin/sh -e
# __dpkg_architecture/explorer/foreign-architectures
#
# 2020 Matthias Stecher <matthiasstecher at gmx.de>
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# Print all additional architectures
# print or die in the gencode-remote
dpkg --print-foreign-architectures || true

View file

@ -1,82 +0,0 @@
#!/bin/sh -e
# __dpkg_architecture/gencode-remote
#
# 2020 Matthias Stecher <matthiasstecher at gmx.de>
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# Get parameter and explorer
state_should="$(cat "$__object/parameter/state")"
arch_wanted="$__object_id"
main_arch="$(cat "$__object/explorer/architecture")"
# Exit here if dpkg do not work (empty explorer)
if [ -z "$main_arch" ]; then
echo "dpkg is not available or unable to detect a architecture!" >&2
exit 1
fi
# Check if requested architecture is the main one
if [ "$arch_wanted" = "$main_arch" ]; then
# higher than present; we can not remove it
state_is="present"
caution="yes"
# Check if the architecture not already used
elif grep -qFx "$arch_wanted" "$__object/explorer/foreign-architectures"; then
state_is="present"
# arch does not exist
else
state_is="absent"
fi
# Check what to do
if [ "$state_is" != "$state_should" ]; then
case "$state_should" in
present)
# print add code
printf "dpkg --add-architecture '%s'\n" "$arch_wanted"
# updating the index to make the new architecture available
echo "apt update"
echo added >> "$__messages_out"
;;
absent)
if [ "$caution" ]; then
printf "can not remove the main arch '%s' of the system!\n" "$main_arch" >&2
exit 1
fi
# removing all existing packages for the architecture
printf "apt purge '.*:%s'\n" "$arch_wanted"
# print remove code
printf "dpkg --remove-architecture '%s'\n" "$arch_wanted"
echo removed >> "$__messages_out"
;;
*)
printf "state '%s' is unknown!\n" "$state_should" >&2
exit 1
;;
esac
fi

View file

@ -1,103 +0,0 @@
cdist-type__dpkg_architecture(7)
================================
NAME
----
cdist-type__dpkg_architecture - Handles foreign architectures on debian-like
systems managed by `dpkg`
DESCRIPTION
-----------
This type handles foreign architectures on systems managed by
:strong:`dpkg`\ (1). The object id is the name of the architecture accepted by
`dpkg`, which should be added or removed.
If the architecture is not setup on the system, it adds a new architecture as a
new foreign architecture in `dpkg`. Then, it updates the apt package index to
make packages from the new architecture available.
If the architecture should be removed, it will remove it if it is not the base
architecture on where the system was installed on. Before it, it will purge
every package based on the "to be removed" architecture via `apt` to be able to
remove the selected architecture.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
state
``present`` or ``absent``. Defaults to ``present``.
MESSAGES
--------
added
Added the specified architecture
removed
Removed the specified architecture
ABORTS
------
Aborts in the following cases:
If :strong:`dpkg`\ (1) is not available. It will abort with a proper error
message.
If the architecture is the same as the base architecture the system is build
upon it (returned by ``dpkg --print-architecture``) and it should be removed.
It will fail if it can not execute :strong:`apt`\ (8). It is assumed that it is
already installed.
EXAMPLES
--------
.. code-block:: sh
# add i386 (32 bit) architecture
__dpkg_architecture i386
# remove it again :)
__dpkg_architecture i386 --state absent
SEE ALSO
--------
`Multiarch on Debian systems <https://wiki.debian.org/Multiarch>`_
`How to setup multiarch on Debian <https://wiki.debian.org/Multiarch/HOWTO>`_
:strong:`dpkg`\ (1)
:strong:`cdist-type__package_dpkg`\ (7)
:strong:`cdist-type__package_apt`\ (7)
Useful commands:
.. code-block:: sh
# base architecture installed on this system
dpkg --print-architecture
# extra architectures added
dpkg --print-foreign-architectures
AUTHORS
-------
Matthias Stecher <matthiasstecher at gmx.de>
COPYING
-------
Copyright \(C) 2020 Matthias Stecher. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
ublished by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -2,7 +2,6 @@
# #
# 2013 Steven Armstrong (steven-cdist armstrong.cc) # 2013 Steven Armstrong (steven-cdist armstrong.cc)
# 2019 Nico Schottelius (nico-cdist at schottelius.org) # 2019 Nico Schottelius (nico-cdist at schottelius.org)
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -22,63 +21,68 @@
destination="/$__object_id" destination="/$__object_id"
fallback() {
# Fallback: Patch the output together, manually.
ls_line=$(ls -ldn "$destination")
uid=$(echo "$ls_line" | awk '{ print $3 }')
gid=$(echo "$ls_line" | awk '{ print $4 }')
owner=$(awk -F: -v uid="$uid" '$3 == uid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/passwd)
group=$(awk -F: -v gid="$gid" '$3 == gid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/group)
mode_text=$(echo "$ls_line" | awk '{ print $1 }')
mode=$(echo "$mode_text" | awk '{for(i=8;i>=0;--i){c=substr($1,10-i,1);k+=((c~/[rwxst]/)*2^i);if(!(i%3))k+=(tolower(c)~/[lst]/)*2^(9+i/3)}printf("%04o",k)}')
size=$(echo "$ls_line" | awk '{ print $5 }')
links=$(echo "$ls_line" | awk '{ print $2 }')
printf 'type: %s\nowner: %d %s\ngroup: %d %s\nmode: %s %s\nsize: %d\nlinks: %d\n' \
"$("$__type_explorer/type")" \
"$uid" "$owner" \
"$gid" "$group" \
"$mode" "$mode_text" \
"$size" \
"$links"
}
# nothing to work with, nothing we could do # nothing to work with, nothing we could do
[ -e "$destination" ] || exit 0 [ -e "$destination" ] || exit 0
os=$("$__explorer/os")
command -v stat >/dev/null 2>&1 || { case "$os" in
fallback "freebsd"|"netbsd"|"openbsd"|"macosx")
exit stat -f "type: %HT
}
case $("$__explorer/os")
in
freebsd|netbsd|openbsd|macosx)
stat -f 'type: %HT
owner: %Du %Su owner: %Du %Su
group: %Dg %Sg group: %Dg %Sg
mode: %Mp%03Lp %Sp mode: %Lp %Sp
size: %Dz size: %Dz
links: %Dl links: %Dl
' "$destination" | awk '/^type/ { print tolower($0); next } { print }' " "$destination" | awk '/^type/ { print tolower($0); next; } { print; }'
;; ;;
*) alpine)
# NOTE: Do not use --printf here as it is not supported by BusyBox stat. # busybox stat
# NOTE: BusyBox's stat might not support the "-c" option, in which case stat -c "type: %F
# we fall through to the shell fallback.
stat -c 'type: %F
owner: %u %U owner: %u %U
group: %g %G group: %g %G
mode: %04a %A mode: %a %A
size: %s size: %s
links: %h' "$destination" 2>/dev/null || fallback links: %h
" "$destination"
;;
solaris)
ls1="$( ls -ld "$destination" )"
ls2="$( ls -ldn "$destination" )"
if [ -f "$__object/parameter/mode" ]
then mode_should="$( cat "$__object/parameter/mode" )"
fi
# yes, it is ugly hack, but if you know better way...
if [ -z "$( find "$destination" -perm "$mode_should" )" ]
then octets=888
else octets="$( echo "$mode_should" | sed 's/^0//' )"
fi
case "$( echo "$ls1" | cut -c1-1 )" in
-) echo 'type: regular file' ;;
d) echo 'type: directory' ;;
esac
echo "owner: $( echo "$ls2" \
| awk '{print $3}' ) $( echo "$ls1" \
| awk '{print $3}' )"
echo "group: $( echo "$ls2" \
| awk '{print $4}' ) $( echo "$ls1" \
| awk '{print $4}' )"
echo "mode: $octets $( echo "$ls1" | awk '{print $1}' )"
echo "size: $( echo "$ls1" | awk '{print $5}' )"
echo "links: $( echo "$ls1" | awk '{print $2}' )"
;;
*)
stat --printf="type: %F
owner: %u %U
group: %g %G
mode: %a %A
size: %s
links: %h
" "$destination"
;; ;;
esac esac

Some files were not shown because too many files have changed in this diff Show more