From a2e96ac435cd8fa98fad2edade8d5798fcb8d57f Mon Sep 17 00:00:00 2001 From: Jake Guffey Date: Wed, 19 Sep 2012 14:50:28 -0400 Subject: [PATCH 01/25] Initial commit Broke old __pf type into __pf_* Initial commit of __pf_ruleset type with basic logic --- conf/type/__pf_ruleset/explorer/cksum | 43 +++++++++++++ conf/type/__pf_ruleset/explorer/rcvar | 36 +++++++++++ conf/type/__pf_ruleset/gencode-local | 74 +++++++++++++++++++++++ conf/type/__pf_ruleset/gencode-remote | 41 +++++++++++++ conf/type/__pf_ruleset/man.text | 51 ++++++++++++++++ conf/type/__pf_ruleset/parameter/optional | 1 + conf/type/__pf_ruleset/parameter/required | 1 + conf/type/__pf_ruleset/singleton | 0 8 files changed, 247 insertions(+) create mode 100755 conf/type/__pf_ruleset/explorer/cksum create mode 100755 conf/type/__pf_ruleset/explorer/rcvar create mode 100644 conf/type/__pf_ruleset/gencode-local create mode 100644 conf/type/__pf_ruleset/gencode-remote create mode 100644 conf/type/__pf_ruleset/man.text create mode 100644 conf/type/__pf_ruleset/parameter/optional create mode 100644 conf/type/__pf_ruleset/parameter/required create mode 100644 conf/type/__pf_ruleset/singleton diff --git a/conf/type/__pf_ruleset/explorer/cksum b/conf/type/__pf_ruleset/explorer/cksum new file mode 100755 index 00000000..372e9193 --- /dev/null +++ b/conf/type/__pf_ruleset/explorer/cksum @@ -0,0 +1,43 @@ +#!/bin/sh +# +# 2012 Jake Guffey (jake.guffey at eprotex.com) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# +# Get the 256 bit SHA2 checksum of the pf ruleset on the target host. +# + +# Debug +#exec >&2 +#set -x + +# Check /etc/rc.conf for pf's configuration file name. Default to /etc/pf.conf +# See if file exists and if so, get checksum + +RC="/etc/rc.conf" +TMP="$(grep '^pf_rules=' ${RC} | cut -d= -f2 | sed 's/"//g')" +PFCONF="${TMP:-"/etc/pf.conf"}" + +if [ -f "${PFCONF}" ]; then # The pf config file exists, find its cksum. + cksum -o 1 ${PFCONF} | cut -d= -f2 | sed 's/ //g' +else # the pf config file doesn't exist + echo NOTEXIST +fi + +# Debug +#set +x + diff --git a/conf/type/__pf_ruleset/explorer/rcvar b/conf/type/__pf_ruleset/explorer/rcvar new file mode 100755 index 00000000..20e9dfcc --- /dev/null +++ b/conf/type/__pf_ruleset/explorer/rcvar @@ -0,0 +1,36 @@ +#!/bin/sh +# +# 2012 Jake Guffey (jake.guffey at eprotex.com) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# +# Get the location of the pf ruleset on the target host. +# + +# Debug +#exec >&2 +#set -x + +# Check /etc/rc.conf for pf's configuration file name. Default to /etc/pf.conf + +RC="/etc/rc.conf" +PFCONF="$(grep '^pf_rules=' ${RC} | cut -d= -f2 | sed 's/"//g')" +echo ${PFCONF:-"/etc/pf.conf"} + +# Debug +#set +x + diff --git a/conf/type/__pf_ruleset/gencode-local b/conf/type/__pf_ruleset/gencode-local new file mode 100644 index 00000000..7c2f877e --- /dev/null +++ b/conf/type/__pf_ruleset/gencode-local @@ -0,0 +1,74 @@ +#!/bin/sh +# +# 2012 Jake Guffey (jake.guffey at eprotex.com) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# +# Manage pf(4) on *BSD +# + +# Debug +#exec >&2 +#set -x + +# Send files to $__target_host via $__remote_copy + +uname=$(uname) # Need to know what the cdist host is running so we know how to compute the ruleset's checksum +state=$(cat "$__object/parameter/state") + +if [ "$state" = "absent" ]; then # There is nothing more for a *local* script to do + exit 0 +fi + +if [ -f "$__object/parameter/source" ]; then + source=$(cat "$__object/parameter/source") +fi + +rcvar=$(cat "$__object/explorer/rcvar") +cksum=$(cat "$__object/explorer/cksum") + + +cat <&2 + exit 1 + ;; +esac + +if [ ! "${cksum}" = "NOTEXIST" ]; then + if [ ! "\${currentSum}" = "${cksum}" ]; then + $__remote_copy "${source}" "$__target_host:${rcvar}.new" + fi +else # File just doesn't exist yet + $__remote_copy "${source}" "$__target_host:${rcvar}.new" +fi + +if [ -n "${testscript}" ]; then + $__remote_copy "${testscript}" "$__target_host:${rcvar}.test" +fi +EOF + diff --git a/conf/type/__pf_ruleset/gencode-remote b/conf/type/__pf_ruleset/gencode-remote new file mode 100644 index 00000000..56aee3cb --- /dev/null +++ b/conf/type/__pf_ruleset/gencode-remote @@ -0,0 +1,41 @@ +#!/bin/sh +# +# 2012 Jake Guffey (jake.guffey at eprotex.com) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# +# Manage pf(4) on *BSD +# + +# Debug +#exec >&2 +#set -x + +# Remove ${rcvar} in the case of --state absent + +state=$(cat "$__object/parameter/state") + +if [ ! "$state" = "absent" ]; then # There is nothing more for a *remote* script to do + exit 0 +fi + +rcvar=$(cat "$__object/explorer/rcvar") + +# --state absent, so ensure that .new doesn't exist and that conf is renamed to .old +echo rm \"${rcvar}.new\" +echo mv \"${rcvar}\" \"${rcvar.old}\" + diff --git a/conf/type/__pf_ruleset/man.text b/conf/type/__pf_ruleset/man.text new file mode 100644 index 00000000..68601fad --- /dev/null +++ b/conf/type/__pf_ruleset/man.text @@ -0,0 +1,51 @@ +cdist-type__pf_ruleset(7) +================================== +Jake Guffey + + +NAME +---- +cdist-type__pf_ruleset - Copy a pf(4) ruleset to $__target_host + + +DESCRIPTION +----------- +This type is used on *BSD systems to manage the pf firewall's ruleset. + + +REQUIRED PARAMETERS +------------------- +state:: + Either "absent" (no ruleset at all) or "present" + + +OPTIONAL PARAMETERS +------------------- +source:: + If supplied, use to define the ruleset to load onto the $__target_host for pf(4). + Note that this type is almost useless without a ruleset defined, but it's technically not + needed, e.g. for the case of disabling the firewall temporarily. + +EXAMPLES +-------- + +-------------------------------------------------------------------------------- +# Remove the current ruleset in place +__pf_ruleset --state absent + +# Enable the firewall with the ruleset defined in $__manifest/files/pf.conf +__pf_ruleset --state present --source $__manifest/files/pf.conf + +-------------------------------------------------------------------------------- + + +SEE ALSO +-------- +- cdist-type(7) +- pf(4) + + +COPYING +------- +Copyright \(C) 2012 Jake Guffey. Free use of this software is +granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/conf/type/__pf_ruleset/parameter/optional b/conf/type/__pf_ruleset/parameter/optional new file mode 100644 index 00000000..5a18cd2f --- /dev/null +++ b/conf/type/__pf_ruleset/parameter/optional @@ -0,0 +1 @@ +source diff --git a/conf/type/__pf_ruleset/parameter/required b/conf/type/__pf_ruleset/parameter/required new file mode 100644 index 00000000..ff72b5c7 --- /dev/null +++ b/conf/type/__pf_ruleset/parameter/required @@ -0,0 +1 @@ +state diff --git a/conf/type/__pf_ruleset/singleton b/conf/type/__pf_ruleset/singleton new file mode 100644 index 00000000..e69de29b From c551bbbb692e03d3035165f7798c85e9cb76c8b9 Mon Sep 17 00:00:00 2001 From: Jake Guffey Date: Wed, 19 Sep 2012 15:49:36 -0400 Subject: [PATCH 02/25] Initial commit Initial commit of __pf_apply type before actually creating logic --- conf/type/__pf_apply/gencode-remote | 34 +++++++++++++++++++ conf/type/__pf_apply/man.text | 52 +++++++++++++++++++++++++++++ conf/type/__pf_apply/singleton | 0 3 files changed, 86 insertions(+) create mode 100755 conf/type/__pf_apply/gencode-remote create mode 100644 conf/type/__pf_apply/man.text create mode 100644 conf/type/__pf_apply/singleton diff --git a/conf/type/__pf_apply/gencode-remote b/conf/type/__pf_apply/gencode-remote new file mode 100755 index 00000000..309eb12d --- /dev/null +++ b/conf/type/__pf_apply/gencode-remote @@ -0,0 +1,34 @@ +#!/bin/sh +# +# 2012 Jake Guffey (jake.guffey at eprotex.com) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# +# Apply pf(4) ruleset on *BSD +# + +# Debug +#exec >&2 +#set -x + +cat < + + +NAME +---- +cdist-type__pf_apply - Apply pf(4) ruleset on *BSD + + +DESCRIPTION +----------- +This type is used on *BSD systems to manage the pf firewall's active ruleset. + + +REQUIRED PARAMETERS +------------------- +NONE + + +OPTIONAL PARAMETERS +------------------- +NONE + + +EXAMPLES +-------- + +-------------------------------------------------------------------------------- +# Modify the ruleset on $__target_host: +__pf_ruleset --state present --source /my/pf/ruleset.conf +require="__pf_ruleset" \ + __pf_apply + +# Remove the ruleset on $__target_host (implies disabling pf(4): +__pf_ruleset --state absent +require="__pf_ruleset" \ + __pf_apply +-------------------------------------------------------------------------------- + + +SEE ALSO +-------- +- cdist-type(7) +- cdist-type__pf_ruleset(7) +- pf(4) + + +COPYING +------- +Copyright \(C) 2012 Jake Guffey. Free use of this software is +granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/conf/type/__pf_apply/singleton b/conf/type/__pf_apply/singleton new file mode 100644 index 00000000..e69de29b From 08aa7d8e8315652dbe86b6e8ad56227a28e80d3d Mon Sep 17 00:00:00 2001 From: Jake Guffey Date: Wed, 19 Sep 2012 16:15:06 -0400 Subject: [PATCH 03/25] Fleshed out gencode-remote logic Added logic into gencode-remote to enable/disable pf Added logic into gencode-remote to apply the new ruleset if necessary Added explorer to find ${rcvar} --- conf/type/__pf_apply/explorer/rcvar | 36 +++++++++++++++++++++++++++++ conf/type/__pf_apply/gencode-remote | 22 +++++++++++++++++- 2 files changed, 57 insertions(+), 1 deletion(-) create mode 100755 conf/type/__pf_apply/explorer/rcvar diff --git a/conf/type/__pf_apply/explorer/rcvar b/conf/type/__pf_apply/explorer/rcvar new file mode 100755 index 00000000..20e9dfcc --- /dev/null +++ b/conf/type/__pf_apply/explorer/rcvar @@ -0,0 +1,36 @@ +#!/bin/sh +# +# 2012 Jake Guffey (jake.guffey at eprotex.com) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# +# Get the location of the pf ruleset on the target host. +# + +# Debug +#exec >&2 +#set -x + +# Check /etc/rc.conf for pf's configuration file name. Default to /etc/pf.conf + +RC="/etc/rc.conf" +PFCONF="$(grep '^pf_rules=' ${RC} | cut -d= -f2 | sed 's/"//g')" +echo ${PFCONF:-"/etc/pf.conf"} + +# Debug +#set +x + diff --git a/conf/type/__pf_apply/gencode-remote b/conf/type/__pf_apply/gencode-remote index 309eb12d..83529859 100755 --- a/conf/type/__pf_apply/gencode-remote +++ b/conf/type/__pf_apply/gencode-remote @@ -25,8 +25,28 @@ #exec >&2 #set -x +rcvar=$(cat "$__object/explorer/rcvar") + cat <&2 + fi +fi EOF # Debug From 205f32c78bcedd5f4291457753b7250f1ec95e7c Mon Sep 17 00:00:00 2001 From: Jake Guffey Date: Wed, 19 Sep 2012 16:37:18 -0400 Subject: [PATCH 04/25] Fixed generated code and explorer Generated code needed subshell escaped Explorer wasn't parsing output of cksum properly --- conf/type/__pf_ruleset/explorer/cksum | 2 +- conf/type/__pf_ruleset/gencode-local | 13 ++++++------- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/conf/type/__pf_ruleset/explorer/cksum b/conf/type/__pf_ruleset/explorer/cksum index 372e9193..ce188ba0 100755 --- a/conf/type/__pf_ruleset/explorer/cksum +++ b/conf/type/__pf_ruleset/explorer/cksum @@ -33,7 +33,7 @@ TMP="$(grep '^pf_rules=' ${RC} | cut -d= -f2 | sed 's/"//g')" PFCONF="${TMP:-"/etc/pf.conf"}" if [ -f "${PFCONF}" ]; then # The pf config file exists, find its cksum. - cksum -o 1 ${PFCONF} | cut -d= -f2 | sed 's/ //g' + cksum -o 1 ${PFCONF} | cut -d= -f2 | awk '{print $1}' else # the pf config file doesn't exist echo NOTEXIST fi diff --git a/conf/type/__pf_ruleset/gencode-local b/conf/type/__pf_ruleset/gencode-local index 7c2f877e..b1ee6a14 100644 --- a/conf/type/__pf_ruleset/gencode-local +++ b/conf/type/__pf_ruleset/gencode-local @@ -45,13 +45,13 @@ cksum=$(cat "$__object/explorer/cksum") cat <&2 @@ -66,9 +66,8 @@ if [ ! "${cksum}" = "NOTEXIST" ]; then else # File just doesn't exist yet $__remote_copy "${source}" "$__target_host:${rcvar}.new" fi - -if [ -n "${testscript}" ]; then - $__remote_copy "${testscript}" "$__target_host:${rcvar}.test" -fi EOF +# Debug +#exec +x + From 995265d4a64df5d57cdaa61ca841cc49c3d1b440 Mon Sep 17 00:00:00 2001 From: Jake Guffey Date: Wed, 19 Sep 2012 16:42:15 -0400 Subject: [PATCH 05/25] Allow pfctl -[de] to return 1 If pf is already enabled or disabled and we try to enable/disable it again, it returns 1. --- conf/type/__pf_apply/gencode-remote | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/conf/type/__pf_apply/gencode-remote b/conf/type/__pf_apply/gencode-remote index 83529859..72200b59 100755 --- a/conf/type/__pf_apply/gencode-remote +++ b/conf/type/__pf_apply/gencode-remote @@ -29,6 +29,8 @@ rcvar=$(cat "$__object/explorer/rcvar") cat < Date: Wed, 19 Sep 2012 17:00:22 -0400 Subject: [PATCH 06/25] Fix typo Generated code had unterminated string in first check, causing future check to fail --- conf/type/__pf_apply/gencode-remote | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/conf/type/__pf_apply/gencode-remote b/conf/type/__pf_apply/gencode-remote index 72200b59..aa3864b0 100755 --- a/conf/type/__pf_apply/gencode-remote +++ b/conf/type/__pf_apply/gencode-remote @@ -33,7 +33,7 @@ if [ -f "${rcvar}.old" ]; then # rcvar.old exists, we must need to disable pf # If it already is disabled, pfctl -d returns 1, go on with life pfctl -d # Cleanup - rm -f "${rcvar}.old + rm -f "${rcvar}.old" # This file shouldn't exist, but just in case... [ -f "${rcvar}" ] && rm -f "${rcvar}" elif [ -f "${rcvar}.new" ]; then # rcvar.new exists, we must need to apply it @@ -43,12 +43,15 @@ elif [ -f "${rcvar}.new" ]; then # rcvar.new exists, we must need to apply it pfctl -f "${rcvar}" ret="$?" # Cleanup - rm -f "${rcvar}.old + rm -f "${rcvar}.old" # This file shouldn't exist, but just in case... [ -f "${rcvar}" ] && rm -f "${rcvar}" if [ "$ret" -ne "0" ]; then # failed to configure new ruleset - echo "Failed to configure the new ruleset on ${__target_host}\!" >&2 + echo "Failed to configure the new ruleset on ${__target_host}!" >&2 fi +else # neither ${rcvar}.old nor ${rcvar}.new exist? error. + echo "Neither ${rcvar}.old nor ${rcvar}.new exist! Something is wrong." >&2 + exit 1 fi EOF From 629f751726e61ff77ef8ec344e66031c37c0bc50 Mon Sep 17 00:00:00 2001 From: Jake Guffey Date: Wed, 19 Sep 2012 17:04:03 -0400 Subject: [PATCH 07/25] Removed ${rcvar} but never renamed ${rcvar}.new Was trying to load ${rcvar} into pf, but couldn't because new ruleset was never renamed. --- conf/type/__pf_apply/gencode-remote | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/conf/type/__pf_apply/gencode-remote b/conf/type/__pf_apply/gencode-remote index aa3864b0..9288d3e2 100755 --- a/conf/type/__pf_apply/gencode-remote +++ b/conf/type/__pf_apply/gencode-remote @@ -39,13 +39,14 @@ if [ -f "${rcvar}.old" ]; then # rcvar.old exists, we must need to disable pf elif [ -f "${rcvar}.new" ]; then # rcvar.new exists, we must need to apply it # Ensure that pf is enabled in the first place # If it already is enabled, pfctl -e returns 1, go on with life + [ -f "${rcvar}" ] && rm -f "${rcvar}" + mv "${rcvar}.new" "${rcvar}" pfctl -e || true pfctl -f "${rcvar}" ret="$?" # Cleanup + # This file shouldn't exist, but just in case rm -f "${rcvar}.old" - # This file shouldn't exist, but just in case... - [ -f "${rcvar}" ] && rm -f "${rcvar}" if [ "$ret" -ne "0" ]; then # failed to configure new ruleset echo "Failed to configure the new ruleset on ${__target_host}!" >&2 fi From 269b9eff84316b9390bf428dc523d98e42091f0d Mon Sep 17 00:00:00 2001 From: Jake Guffey Date: Wed, 19 Sep 2012 17:07:56 -0400 Subject: [PATCH 08/25] Escape inner variable ret was being set and checked in generated code but the $ wasn't being escaped --- conf/type/__pf_apply/gencode-remote | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/conf/type/__pf_apply/gencode-remote b/conf/type/__pf_apply/gencode-remote index 9288d3e2..5a027984 100755 --- a/conf/type/__pf_apply/gencode-remote +++ b/conf/type/__pf_apply/gencode-remote @@ -47,12 +47,9 @@ elif [ -f "${rcvar}.new" ]; then # rcvar.new exists, we must need to apply it # Cleanup # This file shouldn't exist, but just in case rm -f "${rcvar}.old" - if [ "$ret" -ne "0" ]; then # failed to configure new ruleset + if [ "\$ret" -ne "0" ]; then # failed to configure new ruleset echo "Failed to configure the new ruleset on ${__target_host}!" >&2 fi -else # neither ${rcvar}.old nor ${rcvar}.new exist? error. - echo "Neither ${rcvar}.old nor ${rcvar}.new exist! Something is wrong." >&2 - exit 1 fi EOF From 34ca94ffa2716404d456a095c65f6c88fdbb004c Mon Sep 17 00:00:00 2001 From: Jake Guffey Date: Wed, 19 Sep 2012 17:10:48 -0400 Subject: [PATCH 09/25] Fix typo referenced ${rcvar.old} rather than ${rcvar}.old --- conf/type/__pf_ruleset/gencode-remote | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/type/__pf_ruleset/gencode-remote b/conf/type/__pf_ruleset/gencode-remote index 56aee3cb..b35c47c4 100644 --- a/conf/type/__pf_ruleset/gencode-remote +++ b/conf/type/__pf_ruleset/gencode-remote @@ -37,5 +37,5 @@ rcvar=$(cat "$__object/explorer/rcvar") # --state absent, so ensure that .new doesn't exist and that conf is renamed to .old echo rm \"${rcvar}.new\" -echo mv \"${rcvar}\" \"${rcvar.old}\" +echo mv \"${rcvar}\" \"${rcvar}.old\" From a1793f66ff8445298c8b86b523e073f374cb80ac Mon Sep 17 00:00:00 2001 From: Jake Guffey Date: Wed, 19 Sep 2012 17:16:00 -0400 Subject: [PATCH 10/25] Add logic to check for existence of files before interacting with them if ${rcvar} or ${rcvar}.new don't exist, we can't rm/mv them. --- conf/type/__pf_ruleset/gencode-remote | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/conf/type/__pf_ruleset/gencode-remote b/conf/type/__pf_ruleset/gencode-remote index b35c47c4..4018bbd7 100644 --- a/conf/type/__pf_ruleset/gencode-remote +++ b/conf/type/__pf_ruleset/gencode-remote @@ -36,6 +36,6 @@ fi rcvar=$(cat "$__object/explorer/rcvar") # --state absent, so ensure that .new doesn't exist and that conf is renamed to .old -echo rm \"${rcvar}.new\" -echo mv \"${rcvar}\" \"${rcvar}.old\" +echo "[ -f \"${rcvar}.new\" ] && rm \"${rcvar}.new\"" +echo "[ -f \"${rcvar}\" ] && mv \"${rcvar}\" \"${rcvar}.old\"" From 7a67f8bc16e75330d95a11a3b35ab354dbdbad51 Mon Sep 17 00:00:00 2001 From: Jake Guffey Date: Wed, 19 Sep 2012 17:18:45 -0400 Subject: [PATCH 11/25] Make code match up with comments If pf was already disabled, the code would exit upon trying to disable it again --- conf/type/__pf_apply/gencode-remote | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/type/__pf_apply/gencode-remote b/conf/type/__pf_apply/gencode-remote index 5a027984..94d02b3b 100755 --- a/conf/type/__pf_apply/gencode-remote +++ b/conf/type/__pf_apply/gencode-remote @@ -31,7 +31,7 @@ cat < Date: Wed, 19 Sep 2012 17:27:40 -0400 Subject: [PATCH 12/25] set -e doesn't like [ blah ] && blah syntax changed to if [ blah ]; then blah; fi format migrated echo usage to cat with HEREDOC to improve readability --- conf/type/__pf_ruleset/gencode-remote | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/conf/type/__pf_ruleset/gencode-remote b/conf/type/__pf_ruleset/gencode-remote index 4018bbd7..e5eece64 100644 --- a/conf/type/__pf_ruleset/gencode-remote +++ b/conf/type/__pf_ruleset/gencode-remote @@ -36,6 +36,12 @@ fi rcvar=$(cat "$__object/explorer/rcvar") # --state absent, so ensure that .new doesn't exist and that conf is renamed to .old -echo "[ -f \"${rcvar}.new\" ] && rm \"${rcvar}.new\"" -echo "[ -f \"${rcvar}\" ] && mv \"${rcvar}\" \"${rcvar}.old\"" +cat < Date: Wed, 19 Sep 2012 17:33:42 -0400 Subject: [PATCH 13/25] Migrate conditional syntax set -e doesn't like [ X ] && Y syntax, migrate to if [ X ]; then Y; fi --- conf/type/__pf_apply/gencode-remote | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/conf/type/__pf_apply/gencode-remote b/conf/type/__pf_apply/gencode-remote index 94d02b3b..1185696f 100755 --- a/conf/type/__pf_apply/gencode-remote +++ b/conf/type/__pf_apply/gencode-remote @@ -35,11 +35,15 @@ if [ -f "${rcvar}.old" ]; then # rcvar.old exists, we must need to disable pf # Cleanup rm -f "${rcvar}.old" # This file shouldn't exist, but just in case... - [ -f "${rcvar}" ] && rm -f "${rcvar}" + if [ -f "${rcvar}" ]; then + rm -f "${rcvar}" + fi elif [ -f "${rcvar}.new" ]; then # rcvar.new exists, we must need to apply it # Ensure that pf is enabled in the first place # If it already is enabled, pfctl -e returns 1, go on with life - [ -f "${rcvar}" ] && rm -f "${rcvar}" + if [ -f "${rcvar}" ]; + rm -f "${rcvar}" + fi mv "${rcvar}.new" "${rcvar}" pfctl -e || true pfctl -f "${rcvar}" From c01a7ebc456f5ec97b68c14384af4317c3baa301 Mon Sep 17 00:00:00 2001 From: Jake Guffey Date: Wed, 19 Sep 2012 17:37:19 -0400 Subject: [PATCH 14/25] Left out ; then --- conf/type/__pf_apply/gencode-remote | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/type/__pf_apply/gencode-remote b/conf/type/__pf_apply/gencode-remote index 1185696f..3045ee60 100755 --- a/conf/type/__pf_apply/gencode-remote +++ b/conf/type/__pf_apply/gencode-remote @@ -41,7 +41,7 @@ if [ -f "${rcvar}.old" ]; then # rcvar.old exists, we must need to disable pf elif [ -f "${rcvar}.new" ]; then # rcvar.new exists, we must need to apply it # Ensure that pf is enabled in the first place # If it already is enabled, pfctl -e returns 1, go on with life - if [ -f "${rcvar}" ]; + if [ -f "${rcvar}" ]; then rm -f "${rcvar}" fi mv "${rcvar}.new" "${rcvar}" From 6afec722329c296eeb772dc96a1b2ed8d018fce9 Mon Sep 17 00:00:00 2001 From: Jake Guffey Date: Fri, 21 Sep 2012 10:06:16 -0400 Subject: [PATCH 15/25] Implement Nico's suggestions Modified behavior of cksum explorer to print nothing if the file doesn't exist Modified gencode-local to reflect cksum's new behavior Modified gencode-remote to check states explicitly and error on invalid state. --- conf/type/__pf_ruleset/explorer/cksum | 2 -- conf/type/__pf_ruleset/gencode-local | 2 +- conf/type/__pf_ruleset/gencode-remote | 28 ++++++++++++++------------- 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/conf/type/__pf_ruleset/explorer/cksum b/conf/type/__pf_ruleset/explorer/cksum index ce188ba0..f8679836 100755 --- a/conf/type/__pf_ruleset/explorer/cksum +++ b/conf/type/__pf_ruleset/explorer/cksum @@ -34,8 +34,6 @@ PFCONF="${TMP:-"/etc/pf.conf"}" if [ -f "${PFCONF}" ]; then # The pf config file exists, find its cksum. cksum -o 1 ${PFCONF} | cut -d= -f2 | awk '{print $1}' -else # the pf config file doesn't exist - echo NOTEXIST fi # Debug diff --git a/conf/type/__pf_ruleset/gencode-local b/conf/type/__pf_ruleset/gencode-local index b1ee6a14..c2495509 100644 --- a/conf/type/__pf_ruleset/gencode-local +++ b/conf/type/__pf_ruleset/gencode-local @@ -59,7 +59,7 @@ case $uname in ;; esac -if [ ! "${cksum}" = "NOTEXIST" ]; then +if [ -n "${cksum}" ]; then if [ ! "\${currentSum}" = "${cksum}" ]; then $__remote_copy "${source}" "$__target_host:${rcvar}.new" fi diff --git a/conf/type/__pf_ruleset/gencode-remote b/conf/type/__pf_ruleset/gencode-remote index e5eece64..6e9030ea 100644 --- a/conf/type/__pf_ruleset/gencode-remote +++ b/conf/type/__pf_ruleset/gencode-remote @@ -28,20 +28,22 @@ # Remove ${rcvar} in the case of --state absent state=$(cat "$__object/parameter/state") - -if [ ! "$state" = "absent" ]; then # There is nothing more for a *remote* script to do - exit 0 -fi - rcvar=$(cat "$__object/explorer/rcvar") -# --state absent, so ensure that .new doesn't exist and that conf is renamed to .old -cat <&2 + exit 1 +fi From 9a45333e82327a4754be0d54c3b083c717cf961e Mon Sep 17 00:00:00 2001 From: Jake Guffey Date: Fri, 21 Sep 2012 10:11:56 -0400 Subject: [PATCH 16/25] Implement Nico's suggestions Removed unnecessary code from gencode-remote --- conf/type/__pf_apply/gencode-remote | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/conf/type/__pf_apply/gencode-remote b/conf/type/__pf_apply/gencode-remote index 3045ee60..f7c889b4 100755 --- a/conf/type/__pf_apply/gencode-remote +++ b/conf/type/__pf_apply/gencode-remote @@ -34,24 +34,13 @@ if [ -f "${rcvar}.old" ]; then # rcvar.old exists, we must need to disable pf pfctl -d || true # Cleanup rm -f "${rcvar}.old" - # This file shouldn't exist, but just in case... - if [ -f "${rcvar}" ]; then - rm -f "${rcvar}" - fi elif [ -f "${rcvar}.new" ]; then # rcvar.new exists, we must need to apply it # Ensure that pf is enabled in the first place # If it already is enabled, pfctl -e returns 1, go on with life - if [ -f "${rcvar}" ]; then - rm -f "${rcvar}" - fi mv "${rcvar}.new" "${rcvar}" pfctl -e || true pfctl -f "${rcvar}" - ret="$?" - # Cleanup - # This file shouldn't exist, but just in case - rm -f "${rcvar}.old" - if [ "\$ret" -ne "0" ]; then # failed to configure new ruleset + if [ "\$?" -ne "0" ]; then # failed to configure new ruleset echo "Failed to configure the new ruleset on ${__target_host}!" >&2 fi fi From 07902f2a0b09729bd09c3b60eaac8d43390a2267 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Mon, 1 Oct 2012 17:52:19 +0200 Subject: [PATCH 17/25] ++changes(2.0.15) Signed-off-by: Nico Schottelius --- doc/changelog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/changelog b/doc/changelog index 2f9ecef5..39ee0fad 100644 --- a/doc/changelog +++ b/doc/changelog @@ -8,6 +8,8 @@ Changelog * Core: Make variable __object_name available in type explorers (Steven Armtrong) * New Type: __qemu_img * New Type: __line + * New Type: __pf_apply (Jake Guffey) + * New Type: __pf_ruleset (Jake Guffey) 2.0.14: 2012-09-07 * Bugfix Type: __jail: Use correct variable (Jake Guffey) From 62c69c63b51d23e6277bfda948efd36fc0a27aa6 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Tue, 2 Oct 2012 18:05:47 +0200 Subject: [PATCH 18/25] support root and user rvm Signed-off-by: Nico Schottelius --- conf/type/__rvm/explorer/state | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/conf/type/__rvm/explorer/state b/conf/type/__rvm/explorer/state index d0da0d86..f43f5509 100755 --- a/conf/type/__rvm/explorer/state +++ b/conf/type/__rvm/explorer/state @@ -19,8 +19,18 @@ # user="$__object_id" -if su - $user -c "[ -d \"\$HOME/.rvm\" ]" ; then - echo "present" + +# RVM behaves differently if root is the username / uid == 0 +if [ "$user" = "root" ]; then + if [ -d /usr/local/rvm ]; then + echo present + else + echo absent + fi else - echo "absent" + if su - $user -c "[ -d \"\$HOME/.rvm\" ]" ; then + echo "present" + else + echo "absent" + fi fi From 748fc8a258d52474ca2e2e811d1ff53a316472b0 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Tue, 2 Oct 2012 18:06:15 +0200 Subject: [PATCH 19/25] support installing, even if rvm is already present Signed-off-by: Nico Schottelius --- conf/type/__rvm/gencode-remote | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/type/__rvm/gencode-remote b/conf/type/__rvm/gencode-remote index 6c661302..aa6ef647 100755 --- a/conf/type/__rvm/gencode-remote +++ b/conf/type/__rvm/gencode-remote @@ -25,7 +25,7 @@ if [ "$state_is" != "$state_should" ]; then case "$state_should" in present) cat << DONE -su - $user -c "curl -L get.rvm.io | bash -s stable" +su - $user -c "unset rvm_path; unset rvm_bin_path; unset rvm_prefix; unset rvm_version; curl -L get.rvm.io | bash -s stable" DONE ;; absent) From 8c0228bbaadfb7b6252959908bfc062af2f3a184 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Tue, 2 Oct 2012 18:09:52 +0200 Subject: [PATCH 20/25] allow failing cat on optional parameter Signed-off-by: Nico Schottelius --- conf/type/__rvm_gemset/gencode-remote | 2 +- conf/type/__rvm_ruby/gencode-remote | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/conf/type/__rvm_gemset/gencode-remote b/conf/type/__rvm_gemset/gencode-remote index 75cc833a..1604538d 100755 --- a/conf/type/__rvm_gemset/gencode-remote +++ b/conf/type/__rvm_gemset/gencode-remote @@ -23,7 +23,7 @@ ruby="$(echo "$gemset" | cut -d '@' -f 1)" gemsetname="$(echo "$gemset" | cut -d '@' -f 2)" state_is="$(cat "$__object/explorer/state")" user="$(cat "$__object/parameter/user")" -default="$(cat "$__object/parameter/default")" +default="$(cat "$__object/parameter/default" 2>/dev/null || true)" state_should="$(cat "$__object/parameter/state")" if [ "$state_is" != "$state_should" ]; then case "$state_should" in diff --git a/conf/type/__rvm_ruby/gencode-remote b/conf/type/__rvm_ruby/gencode-remote index b25b4fe9..0003cfe7 100755 --- a/conf/type/__rvm_ruby/gencode-remote +++ b/conf/type/__rvm_ruby/gencode-remote @@ -21,8 +21,9 @@ ruby="$__object_id" state_is="$(cat "$__object/explorer/state")" user="$(cat "$__object/parameter/user")" -default="$(cat "$__object/parameter/default")" +default="$(cat "$__object/parameter/default" 2>/dev/null || true)" state_should="$(cat "$__object/parameter/state")" + if [ "$state_is" != "$state_should" ]; then case "$state_should" in present) From 57adc731c45f1d2876c32d9db02e5e9a5fb99bf1 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Tue, 2 Oct 2012 18:11:16 +0200 Subject: [PATCH 21/25] ++changes(2.0.15) - Fixes #66 Signed-off-by: Nico Schottelius --- doc/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/changelog b/doc/changelog index 39ee0fad..05d6d96b 100644 --- a/doc/changelog +++ b/doc/changelog @@ -10,6 +10,7 @@ Changelog * New Type: __line * New Type: __pf_apply (Jake Guffey) * New Type: __pf_ruleset (Jake Guffey) + * Bugfix Type: __rvm: Make type work if rvm is already installed 2.0.14: 2012-09-07 * Bugfix Type: __jail: Use correct variable (Jake Guffey) From 61394f390976183d1f8c35c9a219ea683fb9df15 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Thu, 4 Oct 2012 10:10:41 +0200 Subject: [PATCH 22/25] correct comment Signed-off-by: Nico Schottelius --- conf/type/__qemu_img/man.text | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/type/__qemu_img/man.text b/conf/type/__qemu_img/man.text index e2442172..3e16f957 100644 --- a/conf/type/__qemu_img/man.text +++ b/conf/type/__qemu_img/man.text @@ -32,7 +32,7 @@ EXAMPLES -------- -------------------------------------------------------------------------------- -# Ensure zsh in installed +# Create a 50G size image __qemu_img /home/services/kvm/vm/myvmname/system-disk --size 50G # Remove image From 1fef54ecdfd90d3dd02e489119250957259dab65 Mon Sep 17 00:00:00 2001 From: Jake Guffey Date: Sun, 7 Oct 2012 11:51:15 -0400 Subject: [PATCH 23/25] Fix __package* state usage Removed __package*/parameter/required Added state to __package*/parameter/optional Modified man pages for __package* Added optional check for state parameter Defaulted state parameter to "present" --- conf/type/__package/man.text | 8 +++++--- conf/type/__package/parameter/optional | 1 + conf/type/__package/parameter/required | 1 - conf/type/__package_apt/gencode-remote | 6 +++++- conf/type/__package_apt/man.text | 8 +++++--- conf/type/__package_apt/parameter/optional | 1 + conf/type/__package_apt/parameter/required | 1 - conf/type/__package_luarocks/gencode-remote | 6 +++++- conf/type/__package_luarocks/man.text | 8 +++++--- conf/type/__package_luarocks/parameter/optional | 1 + conf/type/__package_luarocks/parameter/required | 1 - conf/type/__package_opkg/gencode-remote | 7 ++++++- conf/type/__package_opkg/man.text | 6 ++++-- conf/type/__package_opkg/parameter/optional | 1 + conf/type/__package_opkg/parameter/required | 1 - conf/type/__package_pacman/gencode-remote | 6 +++++- conf/type/__package_pacman/man.text | 8 +++++--- conf/type/__package_pacman/parameter/optional | 1 + conf/type/__package_pacman/parameter/required | 1 - conf/type/__package_pip/gencode-remote | 6 +++++- conf/type/__package_pip/man.text | 6 ++++-- conf/type/__package_pip/parameter/optional | 1 + conf/type/__package_pip/parameter/required | 1 - conf/type/__package_pkg_freebsd/gencode-remote | 6 +++++- conf/type/__package_pkg_freebsd/man.text | 6 ++++-- conf/type/__package_pkg_freebsd/parameter/optional | 1 + conf/type/__package_pkg_freebsd/parameter/required | 1 - conf/type/__package_pkg_openbsd/gencode-remote | 6 +++++- conf/type/__package_pkg_openbsd/man.text | 8 +++++--- conf/type/__package_pkg_openbsd/parameter/optional | 1 + conf/type/__package_pkg_openbsd/parameter/required | 1 - conf/type/__package_rubygem/gencode-remote | 6 +++++- conf/type/__package_rubygem/man.text | 8 +++++--- conf/type/__package_rubygem/parameter/optional | 1 + conf/type/__package_rubygem/parameter/required | 1 - conf/type/__package_yum/gencode-remote | 6 +++++- conf/type/__package_yum/man.text | 8 +++++--- conf/type/__package_yum/parameter/optional | 1 + conf/type/__package_yum/parameter/required | 1 - conf/type/__package_zypper/gencode-remote | 6 +++++- conf/type/__package_zypper/man.text | 6 ++++-- conf/type/__package_zypper/parameter/optional | 1 + conf/type/__package_zypper/parameter/required | 1 - 43 files changed, 113 insertions(+), 50 deletions(-) delete mode 100644 conf/type/__package/parameter/required delete mode 100644 conf/type/__package_apt/parameter/required delete mode 100644 conf/type/__package_luarocks/parameter/required delete mode 100644 conf/type/__package_opkg/parameter/required delete mode 100644 conf/type/__package_pacman/parameter/required delete mode 100644 conf/type/__package_pip/parameter/required delete mode 100644 conf/type/__package_pkg_freebsd/parameter/required delete mode 100644 conf/type/__package_pkg_openbsd/parameter/required delete mode 100644 conf/type/__package_rubygem/parameter/required delete mode 100644 conf/type/__package_yum/parameter/required delete mode 100644 conf/type/__package_zypper/parameter/required diff --git a/conf/type/__package/man.text b/conf/type/__package/man.text index 071a8bfb..9ad9747a 100644 --- a/conf/type/__package/man.text +++ b/conf/type/__package/man.text @@ -16,9 +16,7 @@ It dispatches the actual work to the package system dependant types. REQUIRED PARAMETERS ------------------- -state:: - The state the package should be in, either "present" or "absent" - (the old values "installed" or "removed" will be removed in cdist 2.1). +None OPTIONAL PARAMETERS @@ -35,6 +33,10 @@ type:: e.g. __package_apt for Debian __package_emerge for Gentoo +state:: + The state the package should be in, either "present" or "absent" + (the old values "installed" or "removed" will be removed in cdist 2.1). + EXAMPLES -------- diff --git a/conf/type/__package/parameter/optional b/conf/type/__package/parameter/optional index 6f793411..9982507e 100644 --- a/conf/type/__package/parameter/optional +++ b/conf/type/__package/parameter/optional @@ -2,3 +2,4 @@ name version type pkgsite +state diff --git a/conf/type/__package/parameter/required b/conf/type/__package/parameter/required deleted file mode 100644 index ff72b5c7..00000000 --- a/conf/type/__package/parameter/required +++ /dev/null @@ -1 +0,0 @@ -state diff --git a/conf/type/__package_apt/gencode-remote b/conf/type/__package_apt/gencode-remote index 0bcdb946..14b2f884 100755 --- a/conf/type/__package_apt/gencode-remote +++ b/conf/type/__package_apt/gencode-remote @@ -27,7 +27,11 @@ else name="$__object_id" fi -state_should="$(cat "$__object/parameter/state")" +if [ -f "$__object/parameter/state" ]; then + state_should="$(cat "$__object/parameter/state")" +else + state_should="present" +fi # Correct pre 2.1 naming - FIXME in 2.1 case "$state_should" in diff --git a/conf/type/__package_apt/man.text b/conf/type/__package_apt/man.text index fd9c1a9c..7e880054 100644 --- a/conf/type/__package_apt/man.text +++ b/conf/type/__package_apt/man.text @@ -16,9 +16,7 @@ manage packages. REQUIRED PARAMETERS ------------------- -state:: - The state the package should be in, either "present" or "absent" - (the old values "installed" or "removed" will be removed in cdist 2.1). +None OPTIONAL PARAMETERS @@ -26,6 +24,10 @@ OPTIONAL PARAMETERS name:: If supplied, use the name and not the object id as the package name. +state:: + The state the package should be in, either "present" or "absent" + (the old values "installed" or "removed" will be removed in cdist 2.1). + EXAMPLES -------- diff --git a/conf/type/__package_apt/parameter/optional b/conf/type/__package_apt/parameter/optional index a52167d3..41b8e6cf 100644 --- a/conf/type/__package_apt/parameter/optional +++ b/conf/type/__package_apt/parameter/optional @@ -1,2 +1,3 @@ name version +state diff --git a/conf/type/__package_apt/parameter/required b/conf/type/__package_apt/parameter/required deleted file mode 100644 index ff72b5c7..00000000 --- a/conf/type/__package_apt/parameter/required +++ /dev/null @@ -1 +0,0 @@ -state diff --git a/conf/type/__package_luarocks/gencode-remote b/conf/type/__package_luarocks/gencode-remote index 327f812c..e8a7240c 100755 --- a/conf/type/__package_luarocks/gencode-remote +++ b/conf/type/__package_luarocks/gencode-remote @@ -29,7 +29,11 @@ else name="$__object_id" fi -state_should="$(cat "$__object/parameter/state")" +if [ -f "$__object/parameter/state" ]; then + state_should="$(cat "$__object/parameter/state")" +else + state_should="present" +fi # Correct pre 2.1 naming - FIXME in 2.1 case "$state_should" in installed) diff --git a/conf/type/__package_luarocks/man.text b/conf/type/__package_luarocks/man.text index 8b041b7c..75083821 100644 --- a/conf/type/__package_luarocks/man.text +++ b/conf/type/__package_luarocks/man.text @@ -15,9 +15,7 @@ LuaRocks is a deployment and management system for Lua modules. REQUIRED PARAMETERS ------------------- -state:: - The state the package should be in, either "present" or "absent" - (the old values "installed" or "removed" will be removed in cdist 2.1). +None OPTIONAL PARAMETERS @@ -25,6 +23,10 @@ OPTIONAL PARAMETERS name:: If supplied, use the name and not the object id as the package name. +state:: + The state the package should be in, either "present" or "absent" + (the old values "installed" or "removed" will be removed in cdist 2.1). + EXAMPLES -------- diff --git a/conf/type/__package_luarocks/parameter/optional b/conf/type/__package_luarocks/parameter/optional index f121bdbf..1b423dc4 100644 --- a/conf/type/__package_luarocks/parameter/optional +++ b/conf/type/__package_luarocks/parameter/optional @@ -1 +1,2 @@ name +state diff --git a/conf/type/__package_luarocks/parameter/required b/conf/type/__package_luarocks/parameter/required deleted file mode 100644 index ff72b5c7..00000000 --- a/conf/type/__package_luarocks/parameter/required +++ /dev/null @@ -1 +0,0 @@ -state diff --git a/conf/type/__package_opkg/gencode-remote b/conf/type/__package_opkg/gencode-remote index bd9a599b..99f86632 100755 --- a/conf/type/__package_opkg/gencode-remote +++ b/conf/type/__package_opkg/gencode-remote @@ -28,7 +28,12 @@ else name="$__object_id" fi -state_should="$(cat "$__object/parameter/state")" +if [ -f "$__object/parameter/state" ]; then + state_should="$(cat "$__object/parameter/state")" +else + state_should="present" +fi + state_is="$(cat "$__object/explorer/pkg_status")" case "$state_is" in absent*) diff --git a/conf/type/__package_opkg/man.text b/conf/type/__package_opkg/man.text index 19d26af6..3d02d1ce 100644 --- a/conf/type/__package_opkg/man.text +++ b/conf/type/__package_opkg/man.text @@ -15,8 +15,7 @@ opkg is usually used on OpenWRT to manage packages. REQUIRED PARAMETERS ------------------- -state:: - The state the package should be in, either "present" or "absent" +None OPTIONAL PARAMETERS @@ -24,6 +23,9 @@ OPTIONAL PARAMETERS name:: If supplied, use the name and not the object id as the package name. +state:: + The state the package should be in, either "present" or "absent" + EXAMPLES -------- diff --git a/conf/type/__package_opkg/parameter/optional b/conf/type/__package_opkg/parameter/optional index f121bdbf..1b423dc4 100644 --- a/conf/type/__package_opkg/parameter/optional +++ b/conf/type/__package_opkg/parameter/optional @@ -1 +1,2 @@ name +state diff --git a/conf/type/__package_opkg/parameter/required b/conf/type/__package_opkg/parameter/required deleted file mode 100644 index ff72b5c7..00000000 --- a/conf/type/__package_opkg/parameter/required +++ /dev/null @@ -1 +0,0 @@ -state diff --git a/conf/type/__package_pacman/gencode-remote b/conf/type/__package_pacman/gencode-remote index e585ee86..9918d28d 100755 --- a/conf/type/__package_pacman/gencode-remote +++ b/conf/type/__package_pacman/gencode-remote @@ -31,7 +31,11 @@ else name="$__object_id" fi -state_should="$(cat "$__object/parameter/state")" +if [ -f "$__object/parameter/state" ]; then + state_should="$(cat "$__object/parameter/state")" +else + state_should="present" +fi case "$state_should" in installed) echo "WARNING: ${__object_name}: $state_should is deprecated and will be removed in cdist 2.1. Please change to present/absent." >&2 diff --git a/conf/type/__package_pacman/man.text b/conf/type/__package_pacman/man.text index fe2abac8..b6d07c94 100644 --- a/conf/type/__package_pacman/man.text +++ b/conf/type/__package_pacman/man.text @@ -16,9 +16,7 @@ packages. REQUIRED PARAMETERS ------------------- -state:: - The state the package should be in, either "present" or "absent" - (the old values "installed" or "removed" will be removed in cdist 2.1). +None OPTIONAL PARAMETERS @@ -26,6 +24,10 @@ OPTIONAL PARAMETERS name:: If supplied, use the name and not the object id as the package name. +state:: + The state the package should be in, either "present" or "absent" + (the old values "installed" or "removed" will be removed in cdist 2.1). + EXAMPLES -------- diff --git a/conf/type/__package_pacman/parameter/optional b/conf/type/__package_pacman/parameter/optional index f121bdbf..1b423dc4 100644 --- a/conf/type/__package_pacman/parameter/optional +++ b/conf/type/__package_pacman/parameter/optional @@ -1 +1,2 @@ name +state diff --git a/conf/type/__package_pacman/parameter/required b/conf/type/__package_pacman/parameter/required deleted file mode 100644 index ff72b5c7..00000000 --- a/conf/type/__package_pacman/parameter/required +++ /dev/null @@ -1 +0,0 @@ -state diff --git a/conf/type/__package_pip/gencode-remote b/conf/type/__package_pip/gencode-remote index 0f15abdc..3456ced2 100644 --- a/conf/type/__package_pip/gencode-remote +++ b/conf/type/__package_pip/gencode-remote @@ -22,7 +22,11 @@ # state_is=$(cat "$__object/explorer/state") -state_should=$(cat "$__object/parameter/state") +if [ -f "$__object/parameter/state" ]; then + state_should="$(cat "$__object/parameter/state")" +else + state_should="present" +fi [ "$state_is" = "$state_should" ] && exit 0 diff --git a/conf/type/__package_pip/man.text b/conf/type/__package_pip/man.text index 2a620658..21d4f9fd 100644 --- a/conf/type/__package_pip/man.text +++ b/conf/type/__package_pip/man.text @@ -16,8 +16,7 @@ It is also included in the python virtualenv environment. REQUIRED PARAMETERS ------------------- -state:: - Either "present" or "absent". +None OPTIONAL PARAMETERS @@ -28,6 +27,9 @@ name:: pip:: Instead of using pip from PATH, use the specific pip path. +state:: + Either "present" or "absent". + EXAMPLES -------- diff --git a/conf/type/__package_pip/parameter/optional b/conf/type/__package_pip/parameter/optional index a1b589e3..f32876f7 100644 --- a/conf/type/__package_pip/parameter/optional +++ b/conf/type/__package_pip/parameter/optional @@ -1 +1,2 @@ pip +state diff --git a/conf/type/__package_pip/parameter/required b/conf/type/__package_pip/parameter/required deleted file mode 100644 index ff72b5c7..00000000 --- a/conf/type/__package_pip/parameter/required +++ /dev/null @@ -1 +0,0 @@ -state diff --git a/conf/type/__package_pkg_freebsd/gencode-remote b/conf/type/__package_pkg_freebsd/gencode-remote index ef6632c0..f7dbbd7f 100755 --- a/conf/type/__package_pkg_freebsd/gencode-remote +++ b/conf/type/__package_pkg_freebsd/gencode-remote @@ -63,7 +63,11 @@ if [ -f "$__object/parameter/pkgsite" ]; then pkgsite="$(cat "$__object/parameter/pkgsite")" fi -state="$(cat "$__object/parameter/state")" +if [ -f "$__object/parameter/state" ]; then + state="$(cat "$__object/parameter/state")" +else + state="present" +fi curr_version="$(cat "$__object/explorer/pkg_version")" add_cmd="pkg_add" rm_cmd="pkg_delete" diff --git a/conf/type/__package_pkg_freebsd/man.text b/conf/type/__package_pkg_freebsd/man.text index f41ac47a..3087cae1 100644 --- a/conf/type/__package_pkg_freebsd/man.text +++ b/conf/type/__package_pkg_freebsd/man.text @@ -15,8 +15,7 @@ This type is usually used on FreeBSD to manage packages. REQUIRED PARAMETERS ------------------- -state:: - Either "present" or "absent". +None OPTIONAL PARAMETERS @@ -33,6 +32,9 @@ version:: pkgsite:: If supplied, use to install from a specific package repository. +state:: + Either "present" or "absent". + EXAMPLES -------- diff --git a/conf/type/__package_pkg_freebsd/parameter/optional b/conf/type/__package_pkg_freebsd/parameter/optional index 3fb2f29e..8cb68f98 100644 --- a/conf/type/__package_pkg_freebsd/parameter/optional +++ b/conf/type/__package_pkg_freebsd/parameter/optional @@ -2,3 +2,4 @@ name flavor version pkgsite +state diff --git a/conf/type/__package_pkg_freebsd/parameter/required b/conf/type/__package_pkg_freebsd/parameter/required deleted file mode 100644 index ff72b5c7..00000000 --- a/conf/type/__package_pkg_freebsd/parameter/required +++ /dev/null @@ -1 +0,0 @@ -state diff --git a/conf/type/__package_pkg_openbsd/gencode-remote b/conf/type/__package_pkg_openbsd/gencode-remote index 26dd4689..7788c210 100755 --- a/conf/type/__package_pkg_openbsd/gencode-remote +++ b/conf/type/__package_pkg_openbsd/gencode-remote @@ -42,7 +42,11 @@ else name="$__object_id" fi -state_should="$(cat "$__object/parameter/state")" +if [ -f "$__object/parameter/state" ]; then + state_should="$(cat "$__object/parameter/state")" +else + state_should="present" +fi # Correct pre 2.1 naming - FIXME in 2.1 case "$state_should" in installed) diff --git a/conf/type/__package_pkg_openbsd/man.text b/conf/type/__package_pkg_openbsd/man.text index 71cf9d4e..91c8d378 100644 --- a/conf/type/__package_pkg_openbsd/man.text +++ b/conf/type/__package_pkg_openbsd/man.text @@ -15,9 +15,7 @@ This type is usually used on OpenBSD to manage packages. REQUIRED PARAMETERS ------------------- -state:: - The state the package should be in, either "present" or "absent" - (the old values "installed" or "removed" will be removed in cdist 2.1). +None OPTIONAL PARAMETERS @@ -28,6 +26,10 @@ name:: flavor:: If supplied, use to avoid ambiguity. +state:: + The state the package should be in, either "present" or "absent" + (the old values "installed" or "removed" will be removed in cdist 2.1). + EXAMPLES -------- diff --git a/conf/type/__package_pkg_openbsd/parameter/optional b/conf/type/__package_pkg_openbsd/parameter/optional index 29b123ef..77fd22b3 100644 --- a/conf/type/__package_pkg_openbsd/parameter/optional +++ b/conf/type/__package_pkg_openbsd/parameter/optional @@ -1,2 +1,3 @@ name flavor +state diff --git a/conf/type/__package_pkg_openbsd/parameter/required b/conf/type/__package_pkg_openbsd/parameter/required deleted file mode 100644 index ff72b5c7..00000000 --- a/conf/type/__package_pkg_openbsd/parameter/required +++ /dev/null @@ -1 +0,0 @@ -state diff --git a/conf/type/__package_rubygem/gencode-remote b/conf/type/__package_rubygem/gencode-remote index 638c4252..059e125e 100755 --- a/conf/type/__package_rubygem/gencode-remote +++ b/conf/type/__package_rubygem/gencode-remote @@ -27,7 +27,11 @@ else name="$__object_id" fi -state_should="$(cat "$__object/parameter/state")" +if [ -f "$__object/parameter/state" ]; then + state_should="$(cat "$__object/parameter/state")" +else + state_should="present" +fi # Correct pre 2.1 naming - FIXME in 2.1 case "$state_should" in installed) diff --git a/conf/type/__package_rubygem/man.text b/conf/type/__package_rubygem/man.text index 79bb8b52..55b202dc 100644 --- a/conf/type/__package_rubygem/man.text +++ b/conf/type/__package_rubygem/man.text @@ -15,9 +15,7 @@ Rubygems is the default package management system for the Ruby programming langu REQUIRED PARAMETERS ------------------- -state:: - The state the package should be in, either "present" or "absent" - (the old values "installed" or "removed" will be removed in cdist 2.1). +None OPTIONAL PARAMETERS @@ -25,6 +23,10 @@ OPTIONAL PARAMETERS name:: If supplied, use the name and not the object id as the package name. +state:: + The state the package should be in, either "present" or "absent" + (the old values "installed" or "removed" will be removed in cdist 2.1). + EXAMPLES -------- diff --git a/conf/type/__package_rubygem/parameter/optional b/conf/type/__package_rubygem/parameter/optional index f121bdbf..1b423dc4 100644 --- a/conf/type/__package_rubygem/parameter/optional +++ b/conf/type/__package_rubygem/parameter/optional @@ -1 +1,2 @@ name +state diff --git a/conf/type/__package_rubygem/parameter/required b/conf/type/__package_rubygem/parameter/required deleted file mode 100644 index ff72b5c7..00000000 --- a/conf/type/__package_rubygem/parameter/required +++ /dev/null @@ -1 +0,0 @@ -state diff --git a/conf/type/__package_yum/gencode-remote b/conf/type/__package_yum/gencode-remote index df2bf405..71c8034a 100755 --- a/conf/type/__package_yum/gencode-remote +++ b/conf/type/__package_yum/gencode-remote @@ -27,7 +27,11 @@ else name="$__object_id" fi -state_should="$(cat "$__object/parameter/state")" +if [ -f "$__object/parameter/state" ]; then + state_should="$(cat "$__object/parameter/state")" +else + state_should="present" +fi case "$state_should" in installed) echo "WARNING: ${__object_name}: $state_should is deprecated and will be removed in cdist 2.1. Please change to present/absent." >&2 diff --git a/conf/type/__package_yum/man.text b/conf/type/__package_yum/man.text index 9dfb394e..30c3f308 100644 --- a/conf/type/__package_yum/man.text +++ b/conf/type/__package_yum/man.text @@ -17,9 +17,7 @@ slightly confusing error message "Error: Nothing to do". REQUIRED PARAMETERS ------------------- -state:: - The state the package should be in, either "present" or "absent" - (the old values "installed" or "removed" will be removed in cdist 2.1). +None OPTIONAL PARAMETERS @@ -27,6 +25,10 @@ OPTIONAL PARAMETERS name:: If supplied, use the name and not the object id as the package name. +state:: + The state the package should be in, either "present" or "absent" + (the old values "installed" or "removed" will be removed in cdist 2.1). + EXAMPLES -------- diff --git a/conf/type/__package_yum/parameter/optional b/conf/type/__package_yum/parameter/optional index f121bdbf..1b423dc4 100644 --- a/conf/type/__package_yum/parameter/optional +++ b/conf/type/__package_yum/parameter/optional @@ -1 +1,2 @@ name +state diff --git a/conf/type/__package_yum/parameter/required b/conf/type/__package_yum/parameter/required deleted file mode 100644 index ff72b5c7..00000000 --- a/conf/type/__package_yum/parameter/required +++ /dev/null @@ -1 +0,0 @@ -state diff --git a/conf/type/__package_zypper/gencode-remote b/conf/type/__package_zypper/gencode-remote index 3323d6b1..ca9aec33 100755 --- a/conf/type/__package_zypper/gencode-remote +++ b/conf/type/__package_zypper/gencode-remote @@ -33,7 +33,11 @@ else name="$__object_id" fi -state_should="$(cat "$__object/parameter/state")" +if [ -f "$__object/parameter/state" ]; then + state_should="$(cat "$__object/parameter/state")" +else + state_should="present" +fi # Exit if nothing is needed to be done [ "$state_is" = "$state_should" ] && exit 0 diff --git a/conf/type/__package_zypper/man.text b/conf/type/__package_zypper/man.text index 9cff9706..702d51e5 100644 --- a/conf/type/__package_zypper/man.text +++ b/conf/type/__package_zypper/man.text @@ -15,8 +15,7 @@ Zypper is usually used on the SuSE distribution to manage packages. REQUIRED PARAMETERS ------------------- -state:: - The state the package should be in, either "present" or "absent" +None OPTIONAL PARAMETERS @@ -24,6 +23,9 @@ OPTIONAL PARAMETERS name:: If supplied, use the name and not the object id as the package name. +state:: + The state the package should be in, either "present" or "absent" + EXAMPLES -------- diff --git a/conf/type/__package_zypper/parameter/optional b/conf/type/__package_zypper/parameter/optional index f121bdbf..1b423dc4 100644 --- a/conf/type/__package_zypper/parameter/optional +++ b/conf/type/__package_zypper/parameter/optional @@ -1 +1,2 @@ name +state diff --git a/conf/type/__package_zypper/parameter/required b/conf/type/__package_zypper/parameter/required deleted file mode 100644 index ff72b5c7..00000000 --- a/conf/type/__package_zypper/parameter/required +++ /dev/null @@ -1 +0,0 @@ -state From 1c294c72f9444af3897931eb3d064eed59075249 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Mon, 8 Oct 2012 17:24:13 +0200 Subject: [PATCH 24/25] document font used for cdist logo Signed-off-by: Nico Schottelius --- doc/gfx/font-used | 1 + 1 file changed, 1 insertion(+) create mode 100644 doc/gfx/font-used diff --git a/doc/gfx/font-used b/doc/gfx/font-used new file mode 100644 index 00000000..46d3e5d3 --- /dev/null +++ b/doc/gfx/font-used @@ -0,0 +1 @@ +fraktur From 4cc3baf0575235e7df491e5593409e21e5781397 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Fri, 12 Oct 2012 09:00:50 +0200 Subject: [PATCH 25/25] import tag Signed-off-by: Nico Schottelius --- README | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README b/README index d37569ef..ffd0bcb5 100644 --- a/README +++ b/README @@ -350,4 +350,4 @@ with cdist on more than **60** production machines of the The CBRG is managing most of their compute clusters with cdist. - +[[!tag cdist unix]]