diff --git a/.gitignore b/.gitignore index 4b80b425..ed8b453a 100644 --- a/.gitignore +++ b/.gitignore @@ -34,7 +34,7 @@ cdist/inventory/ # Python: cache, distutils, distribution in general __pycache__/ *.pyc -MANIFEST +/MANIFEST dist/ cdist/version.py cdist.egg-info/ diff --git a/cdist/conf/explorer/hostname b/cdist/conf/explorer/hostname index 7715c6b0..dca004d1 100755 --- a/cdist/conf/explorer/hostname +++ b/cdist/conf/explorer/hostname @@ -1,7 +1,6 @@ #!/bin/sh # -# 2010-2014 Nico Schottelius (nico-cdist at schottelius.org) -# 2012 Steven Armstrong (steven-cdist at armstrong.cc) +# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # @@ -19,7 +18,12 @@ # along with cdist. If not, see . # # +# Retrieve the running hostname +# -if command -v uname >/dev/null; then - uname -n +if command -v hostname >/dev/null +then + hostname +else + uname -n fi diff --git a/cdist/conf/explorer/interfaces b/cdist/conf/explorer/interfaces index 55287971..aeb55ed0 100755 --- a/cdist/conf/explorer/interfaces +++ b/cdist/conf/explorer/interfaces @@ -18,13 +18,11 @@ # along with cdist. If not, see . # -if command -v ip > /dev/null +if command -v ip >/dev/null then - ip -o link show | sed -n 's/^[0-9]\+: \(.\+\): <.*/\1/p' - -elif command -v ifconfig > /dev/null + ip -o link show | sed -n 's/^[0-9]\+: \(.\+\): <.*/\1/p' +elif command -v ifconfig >/dev/null then - ifconfig -a \ - | sed -n -E 's/^(.*)(:[[:space:]]*flags=|Link encap).*/\1/p' \ - | sort -u -fi + ifconfig -a | sed -n -E 's/^(.*)(:[[:space:]]*flags=|Link encap).*/\1/p' +fi \ + | sort -u diff --git a/cdist/conf/explorer/os b/cdist/conf/explorer/os index d522300c..563fa4cf 100755 --- a/cdist/conf/explorer/os +++ b/cdist/conf/explorer/os @@ -145,7 +145,7 @@ esac if [ -f /etc/os-release ]; then # already lowercase, according to: # https://www.freedesktop.org/software/systemd/man/os-release.html - awk -F= '/^ID=/ {print $2;}' /etc/os-release + awk -F= '/^ID=/ { if ($2 ~ /^'"'"'(.*)'"'"'$/ || $2 ~ /^"(.*)"$/) { print substr($2, 2, length($2) - 2) } else { print $2 } }' /etc/os-release exit 0 fi diff --git a/cdist/conf/type/__apt_key/gencode-remote b/cdist/conf/type/__apt_key/gencode-remote index e9daa524..0c96ff67 100755 --- a/cdist/conf/type/__apt_key/gencode-remote +++ b/cdist/conf/type/__apt_key/gencode-remote @@ -61,31 +61,29 @@ EOF echo "curl -s -L '$uri' | apt-key add -" fi elif [ -d "$keydir" ]; then - tmp='/tmp/cdist_apt_key_tmp' - # we need to kill gpg after 30 seconds, because gpg # can get stuck if keyserver is not responding. # exporting env var and not exit 1, # because we need to clean up and kill dirmngr. cat << EOF -mkdir -m 700 -p "$tmp" +gpgtmphome="\$( mktemp -d )" if timeout 30s \\ - gpg --homedir "$tmp" \\ + gpg --homedir "\$gpgtmphome" \\ --keyserver "$keyserver" \\ --recv-keys "$keyid" then - gpg --homedir "$tmp" \\ + gpg --homedir "\$gpgtmphome" \\ --export "$keyid" \\ > "$keyfile" else export GPG_GOT_STUCK=1 fi -GNUPGHOME="$tmp" gpgconf --kill dirmngr +GNUPGHOME="\$gpgtmphome" gpgconf --kill dirmngr -rm -rf "$tmp" +rm -rf "\$gpgtmphome" if [ -n "\$GPG_GOT_STUCK" ] then diff --git a/cdist/conf/type/__git/gencode-remote b/cdist/conf/type/__git/gencode-remote index 4de0f1c6..ab22655f 100755 --- a/cdist/conf/type/__git/gencode-remote +++ b/cdist/conf/type/__git/gencode-remote @@ -35,7 +35,8 @@ owner=$(cat "$__object/parameter/owner") group=$(cat "$__object/parameter/group") mode=$(cat "$__object/parameter/mode") -[ -f "$__object/parameter/recursive" ] && recursive='--recursive' || recursive='' +[ -f "$__object/parameter/recursive" ] && recursive='--recurse-submodules' || recursive='' +[ -f "$__object/parameter/shallow" ] && shallow='--depth 1 --shallow-submodules' || shallow='' [ "$state_should" = "$state_is" ] \ && [ "$owner" = "$owner_is" ] \ @@ -45,7 +46,7 @@ mode=$(cat "$__object/parameter/mode") case $state_should in present) if [ "$state_should" != "$state_is" ]; then - echo git clone --quiet "$recursive" --branch "$branch" "$source" "$destination" + echo git clone --quiet "$recursive" "$shallow" --branch "$branch" "$source" "$destination" fi if { [ -n "$owner" ] && [ "$owner_is" != "$owner" ]; } || \ { [ -n "$group" ] && [ "$group_is" != "$group" ]; }; then diff --git a/cdist/conf/type/__git/man.rst b/cdist/conf/type/__git/man.rst index 144eadda..d3e15f25 100644 --- a/cdist/conf/type/__git/man.rst +++ b/cdist/conf/type/__git/man.rst @@ -36,7 +36,11 @@ owner User to chown to. recursive - Passes the --recursive flag to git when cloning the repository. + Passes the --recurse-submodules flag to git when cloning the repository. + +shallow + Sets --depth=1 and --shallow-submodules for cloning repositories with big history. + EXAMPLES -------- diff --git a/cdist/conf/type/__git/parameter/boolean b/cdist/conf/type/__git/parameter/boolean index a633e659..d600d4ca 100644 --- a/cdist/conf/type/__git/parameter/boolean +++ b/cdist/conf/type/__git/parameter/boolean @@ -1 +1,2 @@ recursive +shallow diff --git a/cdist/conf/type/__grafana_dashboard/manifest b/cdist/conf/type/__grafana_dashboard/manifest index e652202b..d145c4c3 100755 --- a/cdist/conf/type/__grafana_dashboard/manifest +++ b/cdist/conf/type/__grafana_dashboard/manifest @@ -15,6 +15,10 @@ case $os in # Differntation not needed anymore apt_source_distribution=stable ;; + 10*) + # Differntation not needed anymore + apt_source_distribution=stable + ;; *) echo "Don't know how to install Grafana on $os $os_version. Send us a pull request!" >&2 exit 1 @@ -29,10 +33,9 @@ case $os in --uri https://packages.grafana.com/oss/deb \ --distribution $apt_source_distribution \ --component main - __package apt-transport-https - - require="$require __apt_source/grafana __package/apt-transport-https" __package grafana + require="$require __apt_source/grafana" __apt_update_index + require="$require __package/apt-transport-https __apt_update_index" __package grafana require="$require __package/grafana" __start_on_boot grafana-server require="$require __start_on_boot/grafana-server" __process grafana-server --start "service grafana-server start" ;; diff --git a/cdist/conf/type/__group/explorer/group b/cdist/conf/type/__group/explorer/group index 07f73a91..dc673f61 100755 --- a/cdist/conf/type/__group/explorer/group +++ b/cdist/conf/type/__group/explorer/group @@ -1,6 +1,7 @@ #!/bin/sh # # 2011-2015 Steven Armstrong (steven-cdist at armstrong.cc) +# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # @@ -21,7 +22,21 @@ # Get an existing groups group entry. # +not_supported() { + echo "Your operating system ($("$__explorer/os")) is currently not supported." >&2 + echo "Cannot extract group information." >&2 + echo "Please contribute an implementation for it if you can." >&2 + exit 1 +} + name=$__object_id -getent group "$name" || true - +if command -v getent >/dev/null +then + getent group "$name" || true +elif [ -f /etc/group ] +then + grep "^${name}:" /etc/group || true +else + not_supported +fi diff --git a/cdist/conf/type/__group/explorer/gshadow b/cdist/conf/type/__group/explorer/gshadow index ef40b7bc..05841d69 100755 --- a/cdist/conf/type/__group/explorer/gshadow +++ b/cdist/conf/type/__group/explorer/gshadow @@ -1,6 +1,7 @@ #!/bin/sh # # 2011-2015 Steven Armstrong (steven-cdist at armstrong.cc) +# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # @@ -22,13 +23,28 @@ # name=$__object_id -os="$("$__explorer/os")" +os=$("$__explorer/os") -case "$os" in - "freebsd"|"netbsd") - echo "$os does not have getent gshadow" - exit 0 - ;; +not_supported() { + echo "Your operating system ($os) is currently not supported." >&2 + echo "Cannot extract group information." >&2 + echo "Please contribute an implementation for it if you can." >&2 + exit 1 +} + +case $os in + "freebsd"|"netbsd") + echo "$os does not have getent gshadow" >&2 + exit 0 + ;; esac -getent gshadow "$name" || true +if command -v getent >/dev/null +then + getent gshadow "$name" || true +elif [ -f /etc/gshadow ] +then + grep "^${name}:" /etc/gshadow || true +else + not_supported +fi diff --git a/cdist/conf/type/__hostname/explorer/has_hostnamectl b/cdist/conf/type/__hostname/explorer/has_hostnamectl index 9040023d..2f531f30 100755 --- a/cdist/conf/type/__hostname/explorer/has_hostnamectl +++ b/cdist/conf/type/__hostname/explorer/has_hostnamectl @@ -21,4 +21,4 @@ # Check whether system has hostnamectl # -command -v hostnamectl || true +command -v hostnamectl 2>/dev/null || true diff --git a/cdist/conf/type/__hostname/explorer/max_len b/cdist/conf/type/__hostname/explorer/max_len new file mode 100644 index 00000000..fb863949 --- /dev/null +++ b/cdist/conf/type/__hostname/explorer/max_len @@ -0,0 +1,10 @@ +#!/bin/sh -e + +command -v getconf >/dev/null || exit 0 + +val=$(getconf HOST_NAME_MAX 2>/dev/null) || exit 0 + +if test -n "${val}" -a "${val}" != 'undefined' +then + echo "${val}" +fi diff --git a/cdist/conf/type/__hostname/gencode-remote b/cdist/conf/type/__hostname/gencode-remote index 8b5797dd..ae224611 100755 --- a/cdist/conf/type/__hostname/gencode-remote +++ b/cdist/conf/type/__hostname/gencode-remote @@ -2,6 +2,7 @@ # # 2014-2017 Steven Armstrong (steven-cdist at armstrong.cc) # 2014 Nico Schottelius (nico-cdist at schottelius.org) +# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # @@ -19,60 +20,81 @@ # along with cdist. If not, see . # -if [ -f "$__object/parameter/name" ]; then - name_should="$(cat "$__object/parameter/name")" -else - name_should="${__target_host%%.*}" -fi - os=$(cat "$__global/explorer/os") name_running=$(cat "$__global/explorer/hostname") -name_config=$(cat "$__object/explorer/hostname_file") -name_sysconfig=$(cat "$__object/explorer/hostname_sysconfig") has_hostnamectl=$(cat "$__object/explorer/has_hostnamectl") + +if test -s "$__object/parameter/name" +then + name_should=$(cat "$__object/parameter/name") +else + case $os + in + # RedHat-derivatives and BSDs + centos|fedora|redhat|scientific|freebsd|macosx|netbsd|openbsd) + # Hostname is FQDN + name_should="${__target_host}" + ;; + *) + # Hostname is only first component of FQDN + name_should="${__target_host%%.*}" + ;; + esac +fi + + ################################################################################ -# If everything is ok -> exit +# Check if the (running) hostname is already correct # -case "$os" in - archlinux|debian|suse|ubuntu|devuan|coreos|alpine) - if [ "$name_config" = "$name_should" ] && [ "$name_running" = "$name_should" ]; then - exit 0 - fi - ;; - scientific|centos|freebsd|openbsd) - if [ "$name_sysconfig" = "$name_should" ] && [ "$name_running" = "$name_should" ]; then - exit 0 - fi - ;; - *) - echo "Unsupported os: $os" >&2 - exit 1 - ;; -esac +test "$name_running" != "$name_should" || exit 0 + ################################################################################ # Setup hostname # -echo changed >> "$__messages_out" +echo 'changed' >>"$__messages_out" -# Use the good old way to set the hostname even on machines running systemd. -case "$os" in - archlinux|debian|ubuntu|devuan|centos|coreos|alpine) - printf "printf '%%s\\\\n' '$name_should' > /etc/hostname\\n" - echo "hostname -F /etc/hostname" +# Use the good old way to set the hostname. +case $os +in + alpine|debian|devuan|ubuntu) + echo 'hostname -F /etc/hostname' ;; - freebsd|openbsd) + archlinux) + echo 'command -v hostnamectl >/dev/null 2>&1' \ + "&& hostnamectl set-hostname '$name_should'" \ + "|| hostname '$name_should'" + ;; + centos|fedora|redhat|scientific|freebsd|netbsd|openbsd|gentoo|void) echo "hostname '$name_should'" ;; - suse) + macosx) + echo "scutil --set HostName '$name_should'" + ;; + solaris) + echo "uname -S '$name_should'" + ;; + slackware|suse|opensuse-leap) + # We do not read from /etc/HOSTNAME, because the running + # hostname is the first component only while the file contains + # the FQDN. echo "hostname '$name_should'" - printf "printf '%%s\\\\n' '$name_should' > /etc/HOSTNAME\\n" + ;; + *) + # Fall back to set the hostname using hostnamectl, if available. + if test -n "$has_hostnamectl" + then + # Don't use hostnamectl as the primary means to set the hostname for + # systemd systems, because it cannot be trusted to work reliably and + # exit with non-zero when it fails (e.g. hostname too long, + # D-Bus failure, etc.). + + echo "hostnamectl set-hostname \"\$(cat /etc/hostname)\"" + echo "test \"\$(hostname)\" = \"\$(cat /etc/hostname)\"" \ + " || hostname -F /etc/hostname" + else + printf "echo 'Unsupported OS: %s' >&2\nexit 1\n" "$os" + fi ;; esac - -if [ "$has_hostnamectl" ]; then - # Allow hostnamectl set-hostname to fail silently. - # Who the fuck invented a tool that needs dbus to set the hostname anyway ... - echo "hostnamectl set-hostname '$name_should' || true" -fi diff --git a/cdist/conf/type/__hostname/man.rst b/cdist/conf/type/__hostname/man.rst index d23a3b8a..72aefbab 100644 --- a/cdist/conf/type/__hostname/man.rst +++ b/cdist/conf/type/__hostname/man.rst @@ -8,7 +8,10 @@ cdist-type__hostname - Set the hostname DESCRIPTION ----------- -Set's the hostname on various operating systems. +Sets the hostname on various operating systems. + +**Tip:** For advice on choosing a hostname, see +`RFC 1178 `_. REQUIRED PARAMETERS @@ -18,7 +21,7 @@ None. OPTIONAL PARAMETERS ------------------- name - The hostname to set. Defaults to the first segment of __target_host + The hostname to set. Defaults to the first segment of __target_host (${__target_host%%.*}) diff --git a/cdist/conf/type/__hostname/manifest b/cdist/conf/type/__hostname/manifest index 8f1adf12..75a90027 100755 --- a/cdist/conf/type/__hostname/manifest +++ b/cdist/conf/type/__hostname/manifest @@ -2,6 +2,7 @@ # # 2012 Steven Armstrong (steven-cdist at armstrong.cc) # 2014 Nico Schottelius (nico-cdist at schottelius.org) +# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # @@ -19,50 +20,170 @@ # along with cdist. If not, see . # +not_supported() { + echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2 + echo "Please contribute an implementation for it if you can." >&2 + exit 1 +} + +set_hostname_systemd() { + echo "$1" | __file /etc/hostname --source - +} + os=$(cat "$__global/explorer/os") -if [ -f "$__object/parameter/name" ]; then - name_should="$(cat "$__object/parameter/name")" +os_version=$(cat "$__global/explorer/os_version") +os_major=$(echo "$os_version" | grep -o '^[0-9][0-9]*') + +max_len=$(cat "$__object/explorer/max_len") +has_hostnamectl=$(cat "$__object/explorer/has_hostnamectl") + +if test -s "$__object/parameter/name" +then + name_should=$(cat "$__object/parameter/name") else - case "$os" in - openbsd) - name_should="${__target_host}" - ;; - *) - name_should="${__target_host%%.*}" - ;; + case $os + in + # RedHat-derivatives and BSDs + centos|fedora|redhat|scientific|freebsd|netbsd|openbsd|slackware) + # Hostname is FQDN + name_should="${__target_host}" + ;; + suse|opensuse-leap) + # Classic SuSE stores the FQDN in /etc/HOSTNAME, while + # systemd does not. The running hostname is the first + # component in both cases. + # In versions before 15.x, the FQDN is stored in /etc/hostname. + if test -n "$has_hostnamectl" && test "$os_major" -ge 15 \ + && test "$os_major" -ne 42 + then + name_should="${__target_host%%.*}" + else + name_should="${__target_host}" + fi + ;; + *) + # Hostname is only first component of FQDN on all other systems. + name_should="${__target_host%%.*}" + ;; esac fi +if test -n "$max_len" && test "$(printf '%s' "$name_should" | wc -c)" -gt "$max_len" +then + printf "Host name too long. Up to %u characters allowed.\n" "${max_len}" >&2 + exit 1 +fi -not_supported() { - echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2 - echo "Please contribute an implementation for it if you can." >&2 - exit 1 -} +case $os +in + alpine|debian|devuan|ubuntu|void) + echo "$name_should" | __file /etc/hostname --source - + ;; + archlinux) + if test -n "$has_hostnamectl" + then + set_hostname_systemd "$name_should" + else + echo 'Ancient ArchLinux variants without hostnamectl are not supported.' >&2 + exit 1 + # Only for ancient ArchLinux, write to /etc/rc.conf on pre-systemd + # versions. There are some versions which use /etc/hostname but not + # systemd. It is unclear which ones these are. -case "$os" in - archlinux|debian|suse|ubuntu|devuan|coreos|alpine) + # __key_value '/etc/rc.conf:HOSTNAME' \ + # --file /etc/rc.conf \ + # --delimiter '=' --exact_delimiter \ + # --key 'HOSTNAME' \ + # --value "\"$name_should\"" + fi + ;; + centos|fedora|redhat|scientific) + if test -z "$has_hostnamectl" + then + # Only write to /etc/sysconfig/network on non-systemd versions. + # On systemd-based versions this entry is ignored. + __key_value '/etc/sysconfig/network:HOSTNAME' \ + --file /etc/sysconfig/network \ + --delimiter '=' --exact_delimiter \ + --key HOSTNAME \ + --value "\"$name_should\"" + else + set_hostname_systemd "$name_should" + fi + ;; + gentoo) + # Only write to /etc/conf.d/hostname on OpenRC-based installations. + # On systemd use hostnamectl(1) in gencode-remote. + if test -z "$has_hostnamectl" + then + __key_value '/etc/conf.d/hostname:hostname' \ + --file /etc/conf.d/hostname \ + --delimiter '=' --exact_delimiter \ + --key 'hostname' \ + --value "\"$name_should\"" + else + set_hostname_systemd "$name_should" + fi + ;; + freebsd) + __key_value '/etc/rc.conf:hostname' \ + --file /etc/rc.conf \ + --delimiter '=' --exact_delimiter \ + --key 'hostname' \ + --value "\"$name_should\"" + ;; + macosx) # handled in gencode-remote : ;; - scientific|centos) - __key_value sysconfig-hostname \ - --file /etc/sysconfig/network \ - --delimiter '=' \ - --key HOSTNAME \ - --value "$name_should" --exact_delimiter - ;; - freebsd) - __key_value rcconf-hostname \ + netbsd) + __key_value '/etc/rc.conf:hostname' \ --file /etc/rc.conf \ - --delimiter '=' \ + --delimiter '=' --exact_delimiter \ --key 'hostname' \ - --value "$name_should" + --value "\"$name_should\"" + + # To avoid confusion, ensure that the hostname is only stored once. + __file /etc/myname --state absent ;; openbsd) echo "$name_should" | __file /etc/myname --source - ;; + slackware) + # We write the FQDN into /etc/HOSTNAME. But /etc/rc.d/rc.M will only + # read the first component from this file and set it as the running + # hostname on boot. + echo "$name_should" | __file /etc/HOSTNAME --source - + ;; + solaris) + echo "$name_should" | __file /etc/nodename --source - + ;; + suse|opensuse-leap) + # Modern SuSE provides /etc/HOSTNAME as a symlink for + # backwards-compatibility. Unfortunately it cannot be used + # here as __file does not follow the symlink. + # Therefore, we use the presence of the hostnamectl binary as + # an indication of which file to use. This unfortunately does + # not work correctly on openSUSE 12.x which provides + # hostnamectl but not /etc/hostname. + + if test -n "$has_hostnamectl" -a "$os_major" -gt 12 + then + hostname_file='/etc/hostname' + else + hostname_file='/etc/HOSTNAME' + fi + + echo "$name_should" | __file "$hostname_file" --source - + ;; *) - not_supported + # On other operating systems we fall back to systemd's + # hostnamectl if available… + if test -n "$has_hostnamectl" + then + set_hostname_systemd "$name_should" + else + not_supported + fi ;; esac diff --git a/cdist/conf/type/__letsencrypt_cert/manifest b/cdist/conf/type/__letsencrypt_cert/manifest index f736f3f2..68ecf9d4 100755 --- a/cdist/conf/type/__letsencrypt_cert/manifest +++ b/cdist/conf/type/__letsencrypt_cert/manifest @@ -7,6 +7,12 @@ if [ -z "${certbot_fullpath}" ]; then os_version="$(cat "${__global}/explorer/os_version")" case "$os" in + archlinux) + __package certbot + ;; + alpine) + __package certbot + ;; debian) case "$os_version" in 8*) @@ -33,6 +39,10 @@ if [ -z "${certbot_fullpath}" ]; then require="__apt_source/stretch-backports" __package_apt certbot \ --target-release stretch-backports ;; + 10*) + __package_apt certbot + ;; + *) echo "Unsupported OS version: $os_version" >&2 exit 1 diff --git a/cdist/conf/type/__package_update_index/explorer/currage b/cdist/conf/type/__package_update_index/explorer/currage index 3539b8e1..cfb778d5 100644 --- a/cdist/conf/type/__package_update_index/explorer/currage +++ b/cdist/conf/type/__package_update_index/explorer/currage @@ -34,6 +34,9 @@ case "$type" in echo 0 fi ;; + alpine) + echo 0 + ;; *) echo "Your specified type ($type) is currently not supported." >&2 echo "Please contribute an implementation for it if you can." >&2 ;; diff --git a/cdist/conf/type/__package_update_index/explorer/type b/cdist/conf/type/__package_update_index/explorer/type index 35254c5f..c98e1e67 100644 --- a/cdist/conf/type/__package_update_index/explorer/type +++ b/cdist/conf/type/__package_update_index/explorer/type @@ -26,6 +26,7 @@ else amazon|scientific|centos|fedora|redhat) echo "yum" ;; debian|ubuntu|devuan) echo "apt" ;; archlinux) echo "pacman" ;; + alpine) echo "apk" ;; *) echo "Don't know how to manage packages on: $os" >&2 exit 1 diff --git a/cdist/conf/type/__package_update_index/gencode-remote b/cdist/conf/type/__package_update_index/gencode-remote index 738d38eb..9b2ecba2 100755 --- a/cdist/conf/type/__package_update_index/gencode-remote +++ b/cdist/conf/type/__package_update_index/gencode-remote @@ -47,6 +47,10 @@ case "$type" in echo "pacman --noprogressbar --sync --refresh" echo "pacman package database synced (age was: $currage)" >> "$__messages_out" ;; + alpine) + echo "apk update" + echo "apk package database updated." + ;; *) echo "Don't know how to manage packages for type: $type" >&2 exit 1 diff --git a/cdist/conf/type/__hostname/explorer/hostname_file b/cdist/conf/type/__podman_compose/gencode-remote old mode 100755 new mode 100644 similarity index 72% rename from cdist/conf/type/__hostname/explorer/hostname_file rename to cdist/conf/type/__podman_compose/gencode-remote index 6a00aa9f..0f5cf9db --- a/cdist/conf/type/__hostname/explorer/hostname_file +++ b/cdist/conf/type/__podman_compose/gencode-remote @@ -1,6 +1,6 @@ -#!/bin/sh +#!/bin/sh -e # -# 2014 Nico Schottelius (nico-cdist at schottelius.org) +# 2019 Daniel Tschada # # This file is part of cdist. # @@ -17,14 +17,8 @@ # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # -# -# Retrieve the contents of /etc/hostname -# -# Almost any distribution -if [ -f /etc/hostname ]; then - cat /etc/hostname -# SuSE -elif [ -f /etc/HOSTNAME ]; then - cat /etc/HOSTNAME -fi +install="$(cat "$__object/parameter/install")" +state="$(cat "$__object/parameter/state")" +user="$(cat "$__object/parameter/user")" +version="$(cat "$__object/parameter/version")" \ No newline at end of file diff --git a/cdist/conf/type/__podman_compose/man.rst b/cdist/conf/type/__podman_compose/man.rst new file mode 100644 index 00000000..fa98f443 --- /dev/null +++ b/cdist/conf/type/__podman_compose/man.rst @@ -0,0 +1,61 @@ +cdist-type__podman_compose(7) +============================= + +NAME +---- +cdist-type__podman_compose - install podman-compose + + +DESCRIPTION +----------- +Installs podman-compose package. +State 'absent' will not remove podman binary itself, +only podman-compose binary will be removed + + +REQUIRED PARAMETERS +------------------- +install + defaults to 'pip' + + +OPTIONAL PARAMETERS +------------------- +state + 'present' or 'absent', defaults to 'present' +user + the user who owns the file, defaults to 'root' + + +BOOLEAN PARAMETERS +------------------ +None. + + +EXAMPLES +-------- + +.. code-block:: sh + + # Install podman-compose + __podman_compose + + # Install latest version via pip + __podman_compose --state present --install pip + + # Install latest version via pip and change user + __podman_compose --state present --install pip --user root + + # Remove podman-compose + __podman_compose --state absent + + +AUTHORS +------- +Daniel Tschada + + +COPYING +------- +Copyright \(C) 2019 Daniel Tschada. Free use of this software is +granted under the terms of the GNU General Public License version 3 or later (GPLv3+). diff --git a/cdist/conf/type/__podman_compose/manifest b/cdist/conf/type/__podman_compose/manifest new file mode 100755 index 00000000..2b06068d --- /dev/null +++ b/cdist/conf/type/__podman_compose/manifest @@ -0,0 +1,50 @@ +#!/bin/sh -e +# +# 2019 Daniel Tschada +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + +# shellcheck disable=SC2154 +# shellcheck disable=SC2034 +install="$(cat "$__object/parameter/install")" +state="$(cat "$__object/parameter/state")" +user="$(cat "$__object/parameter/user")" +version="$(cat "$__object/parameter/version")" + +# install it with pip +if [ "${install}" = "pip" ]; then + + if [ "${state}" = "present" ]; then + __package_pip podman-compose --state present --pip /usr/local/bin/podman-compose --runas "${user}" + elif [ "${state}" = "absent" ]; then + __package_pip podman-compose --state absent + else + if [ "${state}" != "present" ] -a [ "${state}" != "absent" ]; then + echo "Unknown state: ${state}" >&2 + exit 1 + else + echo "Unknown user: ${user}" >&2 + exit 1 + fi + fi + +else + + echo "Unknown user: ${install}" >&2 + exit 1 + +fi \ No newline at end of file diff --git a/cdist/conf/type/__podman_compose/parameter/default/install b/cdist/conf/type/__podman_compose/parameter/default/install new file mode 100644 index 00000000..a1b589e3 --- /dev/null +++ b/cdist/conf/type/__podman_compose/parameter/default/install @@ -0,0 +1 @@ +pip diff --git a/cdist/conf/type/__podman_compose/parameter/default/state b/cdist/conf/type/__podman_compose/parameter/default/state new file mode 100644 index 00000000..e7f6134f --- /dev/null +++ b/cdist/conf/type/__podman_compose/parameter/default/state @@ -0,0 +1 @@ +present diff --git a/cdist/conf/type/__podman_compose/parameter/default/user b/cdist/conf/type/__podman_compose/parameter/default/user new file mode 100644 index 00000000..d8649da3 --- /dev/null +++ b/cdist/conf/type/__podman_compose/parameter/default/user @@ -0,0 +1 @@ +root diff --git a/cdist/conf/type/__podman_compose/parameter/optional b/cdist/conf/type/__podman_compose/parameter/optional new file mode 100644 index 00000000..92913e56 --- /dev/null +++ b/cdist/conf/type/__podman_compose/parameter/optional @@ -0,0 +1,4 @@ +install +state +user +version diff --git a/cdist/conf/type/__podman_compose/parameter/required b/cdist/conf/type/__podman_compose/parameter/required new file mode 100644 index 00000000..7c32f559 --- /dev/null +++ b/cdist/conf/type/__podman_compose/parameter/required @@ -0,0 +1 @@ +install diff --git a/cdist/conf/type/__podman_compose/singleton b/cdist/conf/type/__podman_compose/singleton new file mode 100644 index 00000000..e69de29b diff --git a/cdist/conf/type/__prometheus_alertmanager/manifest b/cdist/conf/type/__prometheus_alertmanager/manifest index 8ee818c3..cf410c44 100755 --- a/cdist/conf/type/__prometheus_alertmanager/manifest +++ b/cdist/conf/type/__prometheus_alertmanager/manifest @@ -30,6 +30,7 @@ if [ -f "$__object/parameter/install-from-backports" ]; then *) echo "--install-from-backports is only supported on Devuan -- ignoring." >&2 echo "Send a pull request if you require it." >&2 + exit 1 ;; esac else @@ -60,5 +61,5 @@ require="$require __directory/$storage_path $require_pkg" \ __config_file $CONF \ --source "$config" \ --group prometheus --mode 640 \ - --onchange "service prometheus-alertmanager reload" # TODO when a config-check tool is available, check config here + --onchange "service prometheus-alertmanager restart" # TODO when a config-check tool is available, check config here diff --git a/cdist/conf/type/__prometheus_exporter/manifest b/cdist/conf/type/__prometheus_exporter/manifest index b9e14531..f3930ac6 100644 --- a/cdist/conf/type/__prometheus_exporter/manifest +++ b/cdist/conf/type/__prometheus_exporter/manifest @@ -5,9 +5,11 @@ export GOBIN=/opt/gocode/bin # where to find go binaries exporter="$(cat "$__object/parameter/exporter")" [ -z "$exporter" ] && exporter="$__object_id" -__user prometheus --system +__user prometheus +require="__user/prometheus" __group prometheus +require="__group/prometheus" __user_groups prometheus --group prometheus -require="" +require="__user_groups/prometheus" case $exporter in node) TEXTFILES=/service/node-exporter/textfiles # path for the textfiles collector diff --git a/cdist/conf/type/__prometheus_server/manifest b/cdist/conf/type/__prometheus_server/manifest index 8685130f..9756169e 100755 --- a/cdist/conf/type/__prometheus_server/manifest +++ b/cdist/conf/type/__prometheus_server/manifest @@ -33,11 +33,13 @@ if [ -f "$__object/parameter/install-from-backports" ]; then *) echo "--install-from-backports is only supported on Devuan -- ignoring." >&2 echo "Send a pull request if you require it." >&2 + exit 1 ;; esac else __package prometheus - require_pkg="__package/prometheus" + __package prometheus-blackbox-exporter + require_pkg="__package/prometheus __package/prometheus-blackbox-exporter" fi ##### PREPARE PATHS AND SUCH ################################################ @@ -58,7 +60,7 @@ require="$require __directory/$storage_path $require_pkg" \ __config_file $CONF \ --source "$config" \ --group prometheus --mode 640 \ - --onchange "promtool check config $CONF && service prometheus reload" + --onchange "promtool check config $CONF && service prometheus restart" for file in $rule_files; do dest=$CONF_DIR/$(basename "$file") @@ -66,6 +68,6 @@ for file in $rule_files; do __config_file "$dest" \ --source "$file" \ --owner prometheus \ - --onchange "promtool check rules '$dest' && service prometheus reload" + --onchange "promtool check rules '$dest' && service prometheus restart" done diff --git a/cdist/conf/type/__sensible_editor/explorer/editor_path b/cdist/conf/type/__sensible_editor/explorer/editor_path new file mode 100644 index 00000000..dcf63c9b --- /dev/null +++ b/cdist/conf/type/__sensible_editor/explorer/editor_path @@ -0,0 +1,131 @@ +#!/bin/sh -e +# +# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# +# Check if the given editor is present on the target system and determine its +# absolute path. +# + +die() { + echo "$@" >&2 + exit 1 +} + +editor_missing() { die "Editor '$1' is missing on the target system."; } +editor_no_alternative() { + die "Editor '$1' is not in the alternatives list of the target system." \ + "$(test -n "${editors}" && printf '\nPlease choose one of:\n\n%s\n' "${editors}")" +} + +# No need to check for the path if the file is supposed to be removed. +test "$(cat "${__object}/parameter/state")" != 'absent' || exit 0 + + +case $("${__explorer}/os") +in + debian|devuan|ubuntu) + has_alternatives=true + + # NOTE: Old versions do not support `--list`, in this case ignore the errors. + # This will require an absolute path to be provided, though. + editors=$(update-alternatives --list editor 2>/dev/null) + ;; + *) + # NOTE: RedHat has an alternatives system but it doesn't usually track + # editors and it is a pain to extract the list. + has_alternatives=false + ;; +esac + +# Read --editor parameter and check its value since it is "optional" +editor=$(cat "${__object}/parameter/editor" 2>/dev/null) || true +test -n "${editor}" || die 'Please provide an --editor to configure.' + +case $editor +in + /*) + is_abspath=true + ;; + */*) + die 'Relative editor paths are not supported' + ;; + *) + is_abspath=false + ;; +esac + + +if $has_alternatives && test -n "${editors}" +then + IFS=' +' + if ! $is_abspath + then + # First, try to resolve the absolute path using $editors. + while true + do + for e in $editors + do + if test "$(basename "${e}")" = "${editor}" + then + editor="${e}" + break 2 # break out of both loops + fi + done + + # Iterating through alternatives did not yield a result + editor_no_alternative "${editor}" + break + done + fi + + # Check if editor is present + test -f "${editor}" || editor_missing "${editor}" + + for e in $editors + do + if test "${editor}" = "${e}" + then + # Editor is part of the alternatives list -> use it! + echo "${editor}" + exit 0 + fi + done + + editor_no_alternative "${editor}" +else + # NOTE: This branch is mostly for RedHat-based systems which do + # not track editor alternatives. To make this type useful + # on RedHat at all we allow an absoloute path to be provided + # in any case. + + if $is_abspath + then + test -x "${editor}" || editor_missing "${editor}" + + echo "${editor}" + exit 0 + else + die "The target doesn't list any editor alternatives. " \ + "Please specify an absolute path or populate the alternatives list." + fi +fi + +# The script should never reach this statement! +exit 1 diff --git a/cdist/conf/type/__sensible_editor/explorer/group b/cdist/conf/type/__sensible_editor/explorer/group new file mode 100644 index 00000000..5d288189 --- /dev/null +++ b/cdist/conf/type/__sensible_editor/explorer/group @@ -0,0 +1,26 @@ +#!/bin/sh -e +# +# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# +# Determines the primary group of the user. +# + +user=$__object_id + +id -gn "${user}" 2>/dev/null diff --git a/cdist/conf/type/__sensible_editor/explorer/user_home b/cdist/conf/type/__sensible_editor/explorer/user_home new file mode 100644 index 00000000..b88243f7 --- /dev/null +++ b/cdist/conf/type/__sensible_editor/explorer/user_home @@ -0,0 +1,33 @@ +#!/bin/sh -e +# +# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# +# Determines the home folder of the target user. +# + +user=$__object_id +home=$(getent passwd "${user}" | cut -d':' -f6) + +if ! test -d "${home}" +then + echo "Cannot find home directory of user ${user}" >&2 + exit 1 +fi + +echo "${home}" diff --git a/cdist/conf/type/__sensible_editor/man.rst b/cdist/conf/type/__sensible_editor/man.rst new file mode 100644 index 00000000..9b805e06 --- /dev/null +++ b/cdist/conf/type/__sensible_editor/man.rst @@ -0,0 +1,78 @@ +cdist-type__sensible_editor(7) +============================== + +NAME +---- +cdist-type__sensible_editor - Select the sensible-editor + + +DESCRIPTION +----------- +This cdist type allows you to select the :strong:`sensible-editor` for +a given user. + + +REQUIRED PARAMETERS +------------------- +editor + Name or path of the editor to be selected. + On systems other than Debian derivatives an absolute path is required. + + It is permissible to omit this parameter if --state is absent. + + +OPTIONAL PARAMETERS +------------------- +state + 'present', 'absent', or 'exists'. Defaults to 'present', where: + + present + the sensible-editor is exactly what is specified in --editor. + absent + no sensible-editor configuration is present. + exists + the sensible-editor will be set to what is specified in --editor, + unless there already is a configuration on the target system. + + +EXAMPLES +-------- + +.. code-block:: sh + + __sensible_editor root --editor /bin/ed # ed(1) is the standard + __sensible_editor noob --editor nano + + +LIMITATIONS +----------- + +This type depends upon the :strong:`sensible-editor`\ (1) script which +is part of the sensible-utils package. + +Therefore, the following operating systems are supported: + * Debian 8 (jessie) or later + * Devuan + * Ubuntu 8.10 (intrepid) or later + * RHEL/CentOS 7 or later (EPEL repo required) + * Fedora 21 or later + +Note: on old versions of Ubuntu the sensible-* utils are part of the +debianutils package. + +SEE ALSO +-------- +:strong:`select-editor`\ (1), :strong:`sensible-editor`\ (1). + + +AUTHOR +------- +Dennis Camera + + +COPYING +------- +Copyright \(C) 2019 Dennis Camera. +You can redistribute it and/or modify it under the terms of the GNU General +Public License as published by the Free Software Foundation, either version 3 of +the License, or (at your option) any later version. diff --git a/cdist/conf/type/__sensible_editor/manifest b/cdist/conf/type/__sensible_editor/manifest new file mode 100644 index 00000000..1cdb0c2c --- /dev/null +++ b/cdist/conf/type/__sensible_editor/manifest @@ -0,0 +1,94 @@ +#!/bin/sh -e +# -*- mode: sh; indent-tabs-mode: t -*- +# +# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + +version_ge() { + awk -F '[^0-9.]' -v target="${1:?}" ' + function max(x, y) { return x > y ? x : y; } + BEGIN { + getline; + nx = split($1, x, "."); + ny = split(target, y, "."); + for (i = 1; i <= max(nx, ny); ++i) { + diff = int(x[i]) - int(y[i]); + if (diff < 0) exit 1; + else if (diff > 0) exit 0; + else continue; + } + }' +} + +not_supported() { + echo "OS ${os} does not support __sensible_editor." >&2 + echo 'If it does, please provide a patch.' >&2 + exit 1 +} + +os=$(cat "${__global}/explorer/os") +os_version=$(cat "${__global}/explorer/os_version") + +state=$(cat "${__object}/parameter/state") +user=$__object_id + +if test "${state}" != 'present' && test "${state}" != 'exists' && test "${state}" != 'absent' +then + echo 'Only "present", "exists", and "absent" are allowed for --state' >&2 + exit 1 +fi + +package_name='sensible-utils' + +case $os +in + debian) + pkg_type='apt' + ;; + devuan) + pkg_type='apt' + ;; + ubuntu) + (echo "${os_version}" | version_ge 10.04) || package_name='debianutils' + pkg_type='apt' + ;; + centos|fedora|redhat|scientific) + pkg_type='yum' + ;; + *) + not_supported + ;; +esac + +if test "${state}" != 'absent' +then + __package "${package_name}" --state present \ + --type "${pkg_type}" + export require="__package/${package_name}" +fi + +editor_path=$(cat "${__object}/explorer/editor_path") +user_home=$(cat "${__object}/explorer/user_home") +group=$(cat "${__object}/explorer/group") + +__file "${user_home}/.selected_editor" --state "${state}" \ + --owner "${user}" --group "${group}" --mode 0644 \ + --source - </dev/null || echo "$__object_id")" - home=$(getent passwd "$owner" | cut -d':' -f 6) - echo "$home/.ssh/authorized_keys" + if [ -s "$__object/parameter/owner" ] + then + owner=$(cat "$__object/parameter/owner") + else + owner="$__object_id" + fi + + if command -v getent >/dev/null + then + owner_line=$(getent passwd "$owner") + elif [ -f /etc/passwd ] + then + case $owner + in + [0-9][0-9]*) + owner_line=$(awk -F: "\$3 == \"${owner}\" { print }" /etc/passwd) + ;; + *) + owner_line=$(awk -F: "\$1 == \"${owner}\" { print }" /etc/passwd) + ;; + esac + fi + + if [ "$owner_line" ] + then + home=$(echo "$owner_line" | cut -d':' -f6) + fi + + if [ ! -d "$home" ] + then + # Don't know how to determine user's home directory, fall back to ~ + home="~$owner" + command -v realpath >/dev/null && home=$(realpath "$home") + fi + + [ -d "$home" ] && echo "$home/.ssh/authorized_keys" fi diff --git a/cdist/conf/type/__ssh_authorized_keys/explorer/group b/cdist/conf/type/__ssh_authorized_keys/explorer/group index 72a4e314..d259050f 100755 --- a/cdist/conf/type/__ssh_authorized_keys/explorer/group +++ b/cdist/conf/type/__ssh_authorized_keys/explorer/group @@ -1,6 +1,7 @@ #!/bin/sh # # 2014 Steven Armstrong (steven-cdist at armstrong.cc) +# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # @@ -18,6 +19,28 @@ # along with cdist. If not, see . # -owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")" -gid="$(getent passwd "$owner" | cut -d':' -f 4)" -getent group "$gid" || true +if [ -s "$__object/parameter/owner" ] +then + owner=$(cat "$__object/parameter/owner") +else + owner="$__object_id" +fi + +if command -v getent >/dev/null +then + gid=$(getent passwd "$owner" | cut -d':' -f4) + getent group "$gid" || true +else + # Fallback to local file scanning + case $owner + in + [0-9][0-9]*) + gid=$(awk -F: "\$3 == \"${owner}\" { print \$4 }" /etc/passwd) + ;; + *) + gid=$(awk -F: "\$1 == \"${owner}\" { print \$4 }" /etc/passwd) + ;; + esac + + awk -F: "\$3 == \"$gid\" { print }" /etc/group +fi diff --git a/cdist/conf/type/__ssh_authorized_keys/manifest b/cdist/conf/type/__ssh_authorized_keys/manifest index b507c7ff..b9f0582e 100755 --- a/cdist/conf/type/__ssh_authorized_keys/manifest +++ b/cdist/conf/type/__ssh_authorized_keys/manifest @@ -23,6 +23,12 @@ owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")" state="$(cat "$__object/parameter/state" 2>/dev/null)" file="$(cat "$__object/explorer/file")" +if [ ! -f "$__object/parameter/nofile" ] && [ -z "$file" ] +then + echo "Cannot determine path of authorized_keys file" >&2 + exit 1 +fi + if [ ! -f "$__object/parameter/noparent" ] || [ ! -f "$__object/parameter/nofile" ]; then group="$(cut -d':' -f 1 "$__object/explorer/group")" if [ -z "$group" ]; then diff --git a/cdist/conf/type/__ssh_dot_ssh/explorer/group b/cdist/conf/type/__ssh_dot_ssh/explorer/group index cdea6fe7..faf44cb8 100755 --- a/cdist/conf/type/__ssh_dot_ssh/explorer/group +++ b/cdist/conf/type/__ssh_dot_ssh/explorer/group @@ -1,6 +1,7 @@ #!/bin/sh # # 2014 Steven Armstrong (steven-cdist at armstrong.cc) +# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # @@ -18,5 +19,11 @@ # along with cdist. If not, see . # -gid="$("$__type_explorer/passwd" | cut -d':' -f 4)" -getent group "$gid" || true +gid=$("$__type_explorer/passwd" | cut -d':' -f4) + +if command -v getent >/dev/null +then + getent group "$gid" || true +else + awk -F: "\$3 == \"$gid\" { print }" /etc/group +fi diff --git a/cdist/conf/type/__ssh_dot_ssh/explorer/passwd b/cdist/conf/type/__ssh_dot_ssh/explorer/passwd index 3fbad06f..42686b20 100755 --- a/cdist/conf/type/__ssh_dot_ssh/explorer/passwd +++ b/cdist/conf/type/__ssh_dot_ssh/explorer/passwd @@ -2,6 +2,7 @@ # # 2012 Steven Armstrong (steven-cdist at armstrong.cc) # 2014 Nico Schottelius (nico-cdist at schottelius.org) +# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # @@ -21,4 +22,16 @@ owner="$__object_id" -getent passwd "$owner" || true +if command -v getent >/dev/null +then + getent passwd "$owner" || true +else + case $owner in + [0-9][0-9]*) + awk -F: "\$3 == \"$owner\" { print }" /etc/passwd + ;; + *) + grep "^$owner:" /etc/passwd || true + ;; + esac +fi diff --git a/cdist/conf/type/__user/explorer/group b/cdist/conf/type/__user/explorer/group index 2aae2973..0fd1471a 100755 --- a/cdist/conf/type/__user/explorer/group +++ b/cdist/conf/type/__user/explorer/group @@ -23,11 +23,9 @@ if [ -f "$__object/parameter/gid" ]; then gid=$(cat "$__object/parameter/gid") - getent=$(command -v getent) - if [ X != X"${getent}" ]; then - "${getent}" group "$gid" || true + if command -v getent >/dev/null; then + getent group "$gid" || true elif [ -f /etc/group ]; then grep -E "^(${gid}|([^:]+:){2}${gid}):" /etc/group || true fi fi - diff --git a/cdist/conf/type/__user/explorer/passwd b/cdist/conf/type/__user/explorer/passwd index 677e3ff0..b8391a6f 100755 --- a/cdist/conf/type/__user/explorer/passwd +++ b/cdist/conf/type/__user/explorer/passwd @@ -23,9 +23,8 @@ name=$__object_id -getent=$(command -v getent) -if [ X != X"${getent}" ]; then - "${getent}" passwd "$name" || true +if command -v getent >/dev/null; then + getent passwd "$name" || true elif [ -f /etc/passwd ]; then grep "^${name}:" /etc/passwd || true fi diff --git a/cdist/conf/type/__user/explorer/shadow b/cdist/conf/type/__user/explorer/shadow index c49992d5..73ce0e29 100755 --- a/cdist/conf/type/__user/explorer/shadow +++ b/cdist/conf/type/__user/explorer/shadow @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/sh -e # # 2011 Steven Armstrong (steven-cdist at armstrong.cc) # @@ -22,18 +22,19 @@ # name=$__object_id -os="$("$__explorer/os")" -# Default to using shadow passwords -database="shadow" -case "$os" in - "freebsd"|"netbsd"|"openbsd") database="passwd";; +case $("$__explorer/os") in + 'freebsd'|'netbsd'|'openbsd') + database='passwd' + ;; + # Default to using shadow passwords + *) + database='shadow' + ;; esac - -getent=$(command -v getent) -if [ X != X"${getent}" ]; then - "${getent}" "$database" "$name" || true +if command -v getent >/dev/null; then + getent "$database" "$name" || true elif [ -f /etc/shadow ]; then grep "^${name}:" /etc/shadow || true fi diff --git a/cdist/conf/type/__hostname/explorer/hostname_sysconfig b/cdist/conf/type/__xymon_apache/explorer/active-conf similarity index 75% rename from cdist/conf/type/__hostname/explorer/hostname_sysconfig rename to cdist/conf/type/__xymon_apache/explorer/active-conf index d0d7b4e7..bd281e21 100755 --- a/cdist/conf/type/__hostname/explorer/hostname_sysconfig +++ b/cdist/conf/type/__xymon_apache/explorer/active-conf @@ -1,6 +1,6 @@ -#!/bin/sh +#!/bin/sh -e # -# 2014 Nico Schottelius (nico-cdist at schottelius.org) +# 2018-2019 Thomas Eckert (tom at it-eckert.de) # # This file is part of cdist. # @@ -16,11 +16,7 @@ # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . -# -# -# Retrieve the contents of /etc/hostname -# -if [ -f /etc/sysconfig/network ]; then - awk -F= '/^HOSTNAME=/ { print $2 }' /etc/sysconfig/network +if [ -d /etc/apache2/mods-enabled ]; then + ls -1 /etc/apache2/conf-enabled/ fi diff --git a/cdist/conf/type/__xymon_apache/explorer/active-modules b/cdist/conf/type/__xymon_apache/explorer/active-modules new file mode 100755 index 00000000..4c745ced --- /dev/null +++ b/cdist/conf/type/__xymon_apache/explorer/active-modules @@ -0,0 +1,5 @@ +#!/bin/sh -e + +if [ -d /etc/apache2/mods-enabled ]; then + /usr/sbin/apachectl -t -D DUMP_MODULES | awk '/.*_module/ { gsub(/_module.*$/, ""); gsub(/^ /, ""); print }' +fi diff --git a/cdist/conf/type/__xymon_apache/gencode-remote b/cdist/conf/type/__xymon_apache/gencode-remote new file mode 100755 index 00000000..e7d8e344 --- /dev/null +++ b/cdist/conf/type/__xymon_apache/gencode-remote @@ -0,0 +1,56 @@ +#!/bin/sh -e +# +# 2018-2019 Thomas Eckert (tom at it-eckert.de) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . + +state=$(cat "$__object/parameter/state") + +os=$(cat "$__global/explorer/os") +case "$os" in + debian|ubuntu) + : + ;; + *) + echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2 + echo "Please contribute an implementation for it if you can." >&2 + exit 1 + ;; +esac + +if [ "$state" = "present" ]; then + if ! grep -q ^rewrite "$__object/explorer/active-modules"; then + echo "a2enmod rewrite >/dev/null" + echo "mod:rewrite enabled" >> "$__messages_out" + fi + if ! grep -q "^cgi$" "$__object/explorer/active-modules"; then + echo "a2enmod cgi >/dev/null" + echo "mod:cgi enabled" >> "$__messages_out" + fi + + if ! grep -q ^xymon.conf "$__object/explorer/active-conf"; then + echo "a2enconf xymon >/dev/null" + echo "conf:xymon enabled" >> "$__messages_out" + fi +fi + +if grep -q "^mod:.* enabled" "$__messages_out"; then + echo "systemctl restart apache2.service" + echo "apache restarted" >> "$__messages_out" +elif grep -q "^conf:xymon enabled" "$__messages_out"; then + echo "systemctl reload apache2.service" + echo "apache reloaded" >> "$__messages_out" +fi diff --git a/cdist/conf/type/__xymon_apache/man.rst b/cdist/conf/type/__xymon_apache/man.rst new file mode 100644 index 00000000..8358c821 --- /dev/null +++ b/cdist/conf/type/__xymon_apache/man.rst @@ -0,0 +1,79 @@ +cdist-type__xymon_apache(7) +=========================== + +NAME +---- +cdist-type__xymon_apache - Configure apache2-webserver for Xymon + + +DESCRIPTION +----------- +This cdist type installs and configures apache2 to be used "exclusively" (in +the sense that no other use is taken care of) with Xymon (the systems and +network monitor). + +It depends on `__xymon_server`. + + +REQUIRED PARAMETERS +------------------- +None. + + +OPTIONAL PARAMETERS +------------------- +state + 'present', 'absent', defaults to 'present'. + +ipacl + IP(-ranges) that have access to the Xymon webpages and CGIs. Apache2-style + syntax suitable for `Require ip ...`. Example: `192.168.1.0/24 10.0.0.0/8` + + +MESSAGES +-------- +mod:rewrite enabled + apache module enabled +conf:xymon enabled + apache config for xymon enabled +apache restarted + apache2.service was reloaded +apache reloaded + apache2.service was restarted + + +EXPLORERS +--------- +active-conf + lists apache2 `conf-enabled` +active-modules + lists active apache2-modules + + +EXAMPLES +-------- + +.. code-block:: sh + + # minmal, only localhost-access: + __xymon_apache + # allow more IPs to access the Xymon-webinterface: + __xymon_apache --ipacl "192.168.0.0/16 10.0.0.0/8" --state "present" + + +SEE ALSO +-------- +:strong:`cdist__xymon_server`\ (7) + + +AUTHORS +------- +Thomas Eckert + + +COPYING +------- +Copyright \(C) 2018-2019 Thomas Eckert. You can redistribute it +and/or modify it under the terms of the GNU General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. diff --git a/cdist/conf/type/__xymon_apache/manifest b/cdist/conf/type/__xymon_apache/manifest new file mode 100755 index 00000000..bfd0af79 --- /dev/null +++ b/cdist/conf/type/__xymon_apache/manifest @@ -0,0 +1,42 @@ +#!/bin/sh -e +# +# 2018-2019 Thomas Eckert (tom at it-eckert.de) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . + +state=$(cat "$__object/parameter/state") + +os=$(cat "$__global/explorer/os") +case "$os" in + debian|ubuntu) + : + ;; + *) + echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2 + echo "Please contribute an implementation for it if you can." >&2 + exit 1 + ;; +esac + +__package apache2 --state "$state" + +## edit xymon.conf IP-ranges +if [ -f "$__object/parameter/ipacl" ]; then + require="__package/xymon" __line /etc/apache2/conf-available/xymon.conf \ + --line " Require ip $(cat "$__object/parameter/ipacl")" \ + --after "^[[:space:]]*Require local" \ + --state "present" +fi diff --git a/cdist/conf/type/__xymon_apache/parameter/default/state b/cdist/conf/type/__xymon_apache/parameter/default/state new file mode 100644 index 00000000..e7f6134f --- /dev/null +++ b/cdist/conf/type/__xymon_apache/parameter/default/state @@ -0,0 +1 @@ +present diff --git a/cdist/conf/type/__xymon_apache/parameter/optional b/cdist/conf/type/__xymon_apache/parameter/optional new file mode 100644 index 00000000..d374ec41 --- /dev/null +++ b/cdist/conf/type/__xymon_apache/parameter/optional @@ -0,0 +1,2 @@ +state +ipacl diff --git a/cdist/conf/type/__xymon_apache/singleton b/cdist/conf/type/__xymon_apache/singleton new file mode 100644 index 00000000..e69de29b diff --git a/cdist/conf/type/__xymon_client/gencode-remote b/cdist/conf/type/__xymon_client/gencode-remote new file mode 100755 index 00000000..49eed317 --- /dev/null +++ b/cdist/conf/type/__xymon_client/gencode-remote @@ -0,0 +1,28 @@ +#!/bin/sh -e +# +# 2018-2019 Thomas Eckert (tom at it-eckert.de) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . + +servers=$(cat "$__object/parameter/servers") + +if grep -q ^__key_value/CLIENTHOSTNAME "$__messages_in" || grep -q ^__key_value/XYMONSERVERS "$__messages_in" ; then + echo "systemctl restart xymon-client" + echo "restarted" >> "$__messages_out" + cat <<-EOT + echo "xymon-client xymon-client/XYMONSERVERS string $servers" | debconf-set-selections + EOT +fi diff --git a/cdist/conf/type/__xymon_client/man.rst b/cdist/conf/type/__xymon_client/man.rst new file mode 100644 index 00000000..05d085dc --- /dev/null +++ b/cdist/conf/type/__xymon_client/man.rst @@ -0,0 +1,66 @@ +cdist-type__xymon_client(7) +=========================== + +NAME +---- +cdist-type__xymon_client - Install the Xymon client + + +DESCRIPTION +----------- +This cdist type installs the Xymon client and configures it to report with +FQDN. + + +REQUIRED PARAMETERS +------------------- +None. + + +OPTIONAL PARAMETERS +------------------- +state + 'present', 'absent', defaults to 'present'. + +servers + One or more IP addresses (space separated) of the Xymon server(s) to report + to. While DNS-names are ok it is discouraged, defaults to 127.0.0.1. + + +BOOLEAN PARAMETERS +------------------ +msgcache + Enable xymon `msgcache`. Note: XYMONSERVER has to be `127.0.0.1` for using + `msgcache` (see `msgcache (8)` of the xymon documentation for details). + +EXAMPLES +-------- + +.. code-block:: sh + + # minimal, report to 127.0.0.1 + __xymon_client + + # specify server: + __xymon_client --servers "192.168.1.1" + + # activate `msgcache` for passive client: + __xymon_client --msgcache + + +SEE ALSO +-------- +:strong:`cdist__xymon_server`\ (7), :strong:`xymon`\ (7), :strong:`msgcache`\ (8) + + +AUTHORS +------- +Thomas Eckert + + +COPYING +------- +Copyright \(C) 2018-2019 Thomas Eckert. You can redistribute it +and/or modify it under the terms of the GNU General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. diff --git a/cdist/conf/type/__xymon_client/manifest b/cdist/conf/type/__xymon_client/manifest new file mode 100755 index 00000000..88293a12 --- /dev/null +++ b/cdist/conf/type/__xymon_client/manifest @@ -0,0 +1,54 @@ +#!/bin/sh -e +# +# 2018-2019 Thomas Eckert (tom at it-eckert.de) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . + +state=$(cat "$__object/parameter/state") +servers=$(cat "$__object/parameter/servers") + +os=$(cat "$__global/explorer/os") +case "$os" in + debian|ubuntu) + : + ;; + *) + echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2 + echo "Please contribute an implementation for it if you can." >&2 + exit 1 + ;; +esac + +__package xymon-client --state "$state" + +if [ -f "$__object/parameter/msgcache" ]; then + require="__package/xymon-client" __line /etc/xymon/clientlaunch.cfg \ + --regex DISABLED --state absent +fi + +require="__package/xymon-client" __key_value CLIENTHOSTNAME \ + --file /etc/default/xymon-client \ + --value "'$__target_hostname'" \ + --delimiter '=' \ + --state "$state" +require="__package/xymon-client" __key_value XYMONSERVERS \ + --file /etc/default/xymon-client \ + --value "'$servers'" \ + --delimiter '=' \ + --state "$state" + +## CLI-usage often requires a shell: +require="__package/xymon-client" __user xymon --shell "/bin/bash" --state "$state" diff --git a/cdist/conf/type/__xymon_client/parameter/boolean b/cdist/conf/type/__xymon_client/parameter/boolean new file mode 100644 index 00000000..0dd7839d --- /dev/null +++ b/cdist/conf/type/__xymon_client/parameter/boolean @@ -0,0 +1 @@ +msgcache diff --git a/cdist/conf/type/__xymon_client/parameter/default/servers b/cdist/conf/type/__xymon_client/parameter/default/servers new file mode 100644 index 00000000..7b9ad531 --- /dev/null +++ b/cdist/conf/type/__xymon_client/parameter/default/servers @@ -0,0 +1 @@ +127.0.0.1 diff --git a/cdist/conf/type/__xymon_client/parameter/default/state b/cdist/conf/type/__xymon_client/parameter/default/state new file mode 100644 index 00000000..e7f6134f --- /dev/null +++ b/cdist/conf/type/__xymon_client/parameter/default/state @@ -0,0 +1 @@ +present diff --git a/cdist/conf/type/__xymon_client/parameter/optional b/cdist/conf/type/__xymon_client/parameter/optional new file mode 100644 index 00000000..7c34489a --- /dev/null +++ b/cdist/conf/type/__xymon_client/parameter/optional @@ -0,0 +1,2 @@ +state +servers diff --git a/cdist/conf/type/__xymon_client/singleton b/cdist/conf/type/__xymon_client/singleton new file mode 100644 index 00000000..e69de29b diff --git a/cdist/conf/type/__xymon_config/files/.keep b/cdist/conf/type/__xymon_config/files/.keep new file mode 100644 index 00000000..e69de29b diff --git a/cdist/conf/type/__xymon_config/gencode-remote b/cdist/conf/type/__xymon_config/gencode-remote new file mode 100644 index 00000000..b25a0fda --- /dev/null +++ b/cdist/conf/type/__xymon_config/gencode-remote @@ -0,0 +1,23 @@ +#!/bin/sh -e +# +# 2018-2019 Thomas Eckert (tom at it-eckert.de) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . + +## to speed up config-reload we send a HUP to the server process: +cat <<-EOT + pkill -HUP xymond || { echo "HUPing xymond failed" >&2; exit 1; } +EOT diff --git a/cdist/conf/type/__xymon_config/man.rst b/cdist/conf/type/__xymon_config/man.rst new file mode 100644 index 00000000..8adfbe1f --- /dev/null +++ b/cdist/conf/type/__xymon_config/man.rst @@ -0,0 +1,78 @@ +cdist-type__xymon_config(7) +=========================== + +NAME +---- +cdist-type__xymon_config - Deploy a Xymon configuration-directory + + +DESCRIPTION +----------- +This cdist type deploys a full Xymon configuration directory from the files-dir +to the host. This type requires an installed Xymon server, e.g. deployed by +`__xymon_server`. + +WARNING: This type _replaces_ the `/etc/xymon/`-directory! The previous +contents is replaced/deleted! + + +REQUIRED PARAMETERS +------------------- +confdir + The directory in `./files/` that contains the `/etc/xymon/`-content to be + deployed. + + +OPTIONAL PARAMETERS +------------------- +owner + passed as-is as `--owner` to `__rsync` + +group + passed as-is as `--group` to `__rsync` + + +OPTIONAL MULTIPLE PARAMETERS +---------------------------- +rsync-opts + identical to __rsync type, only `--`-options are supported + + +REQUIRED FILES +-------------- +The directory specified by `confdir` has to contain a valid xymon-configuration +(`/etc/xymon/`) _plus_ the `ext/`-directory that normally resides in +`/usr/lib/xymon/server/`. + + +EXAMPLES +-------- + +.. code-block:: sh + + __xymon_config --confdir=xymon.example.com + # this will replace /etc/xymon/ on the target host with + # the contents from __xymon_config/files/xymon.example.com/ + + ## the same but set ownership to `xymon:xymon` and exclude + ## the `netrc`-file: + __xymon_config --confdir=xymon.example.com \ + --owner xymon --group xymon \ + --rsync-opts "exclude=netrc" + + +SEE ALSO +-------- +:strong:`cdist__xymon_server`\ (7), :strong:`cdist__rsync`\ (7), :strong:`xymon`\ (7) + +AUTHORS +------- +Thomas Eckert + + +COPYING +------- +Copyright \(C) 2018-2019 Thomas Eckert. You can redistribute it +and/or modify it under the terms of the GNU General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. diff --git a/cdist/conf/type/__xymon_config/manifest b/cdist/conf/type/__xymon_config/manifest new file mode 100644 index 00000000..4a5fb6c9 --- /dev/null +++ b/cdist/conf/type/__xymon_config/manifest @@ -0,0 +1,43 @@ +#!/bin/sh -e +# +# 2018-2019 Thomas Eckert (tom at it-eckert.de) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . + +confdir=$(cat "$__object/parameter/confdir") +set -- +if [ -f "$__object/parameter/owner" ]; then + owner=$(cat "$__object/parameter/owner") + set -- "$@" "--owner $owner" +fi +if [ -f "$__object/parameter/group" ]; then + group=$(cat "$__object/parameter/group") + set -- "$@" "--group $group" +fi + +## pass `--rsync-opts` as-is to `__rsync`: +if [ -f "$__object/parameter/rsync-opts" ]; then + while read -r opts; do + # shellcheck disable=SC2089 + set -- "$@" "--rsync-opts '$opts'" + done < "$__object/parameter/rsync-opts" +fi + +# shellcheck disable=SC2068,SC2090 +__rsync /etc/xymon/ \ + --source "$__type/files/$confdir/" \ + --rsync-opts "delete" \ + $@ diff --git a/cdist/conf/type/__xymon_config/parameter/optional b/cdist/conf/type/__xymon_config/parameter/optional new file mode 100644 index 00000000..866b4bde --- /dev/null +++ b/cdist/conf/type/__xymon_config/parameter/optional @@ -0,0 +1,2 @@ +owner +group diff --git a/cdist/conf/type/__xymon_config/parameter/optional_multiple b/cdist/conf/type/__xymon_config/parameter/optional_multiple new file mode 100644 index 00000000..fdb7cd88 --- /dev/null +++ b/cdist/conf/type/__xymon_config/parameter/optional_multiple @@ -0,0 +1 @@ +rsync-opts diff --git a/cdist/conf/type/__xymon_config/parameter/required b/cdist/conf/type/__xymon_config/parameter/required new file mode 100644 index 00000000..43222f13 --- /dev/null +++ b/cdist/conf/type/__xymon_config/parameter/required @@ -0,0 +1 @@ +confdir diff --git a/cdist/conf/type/__xymon_config/singleton b/cdist/conf/type/__xymon_config/singleton new file mode 100644 index 00000000..e69de29b diff --git a/cdist/conf/type/__xymon_server/gencode-remote b/cdist/conf/type/__xymon_server/gencode-remote new file mode 100755 index 00000000..0770e319 --- /dev/null +++ b/cdist/conf/type/__xymon_server/gencode-remote @@ -0,0 +1,26 @@ +#!/bin/sh -e +# +# 2018-2019 Thomas Eckert (tom at it-eckert.de) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . + +## "move" user-modified dirs to /etc/xymon to be managed by __xymon_config: +cat <<-EOT + if [ ! -L /usr/lib/xymon/server/ext ]; then + mv /usr/lib/xymon/server/ext /etc/xymon + ln -s /etc/xymon/ext /usr/lib/xymon/server/ + fi +EOT diff --git a/cdist/conf/type/__xymon_server/man.rst b/cdist/conf/type/__xymon_server/man.rst new file mode 100644 index 00000000..a9a180e1 --- /dev/null +++ b/cdist/conf/type/__xymon_server/man.rst @@ -0,0 +1,87 @@ +cdist-type__xymon_server(7) +=========================== + +NAME +---- +cdist-type__xymon_server - Install a Xymon server + + +DESCRIPTION +----------- +This cdist type installs a Xymon (https://www.xymon.com/) server and (optional) +required helper packages. + +This includes the Xymon client as a dependency, so NO NEED to install +`__xymon_client` separately. + +To access the webinterface a webserver is required. The cdist-type +`__xymon_apache` can be used to install and configure the apache webserver for +the use with Xymon. + +Further and day-to-day configuration of Xymon can either be done manually in +`/etc/xymon/` or the directory can be deployed and managed by `__xymon_config`. + + +REQUIRED PARAMETERS +------------------- +None. + + +OPTIONAL PARAMETERS +------------------- +state + 'present', 'absent', defaults to 'present'. If '--install_helpers' is + specified for 'absent' the helper packages will be un-installed. + + +BOOLEAN PARAMETERS +------------------ +install_helpers + Install helper packages used by Xymon (fping, heirloom-mailx, traceroute, + ntpdate). + + +EXAMPLES +-------- + +.. code-block:: sh + + # minmal + __xymon_server + + # the same + __xymon_server --state present + + # also install helper packages: + __xymon_server --install_helpers + + # examples to give a more complete picture: __xymon_server installed on + # `xymon.example.com` w/ IP 192.168.1.1: + # + # install webserver and grant 2 private subnets access to the webinterface: + __xymon_apache --ipacl "192.168.0.0/16 10.0.0.0/8" + # deploy server-configuration with __xymon_config: + __xymon_config --confdir=xymon.example.com + + # install xymon-client on other machines (not needed on the server): + __xymon_client --servers "192.168.1.1" + + + +SEE ALSO +-------- +:strong:`cdist__xymon_apache`\ (7), :strong:`cdist__xymon_config`\ (7), +:strong:`cdist__xymon_client`\ (7), :strong:`xymon`\ (7) + + +AUTHORS +------- +Thomas Eckert + + +COPYING +------- +Copyright \(C) 2018-2019 Thomas Eckert. You can redistribute it +and/or modify it under the terms of the GNU General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. diff --git a/cdist/conf/type/__xymon_server/manifest b/cdist/conf/type/__xymon_server/manifest new file mode 100755 index 00000000..7cee0d23 --- /dev/null +++ b/cdist/conf/type/__xymon_server/manifest @@ -0,0 +1,50 @@ +#!/bin/sh -e +# +# 2018-2019 Thomas Eckert (tom at it-eckert.de) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . + +state=$(cat "$__object/parameter/state") +if [ -f "$__object/parameter/install_helpers" ]; then + install_helpers=1 +else + install_helpers=0 +fi + +os=$(cat "$__global/explorer/os") +case "$os" in + debian|ubuntu) + : + ;; + *) + echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2 + echo "Please contribute an implementation for it if you can." >&2 + exit 1 + ;; +esac + +__package xymon --state "$state" + +## install helper-packages/tools used by the xymon server if requested: +if [ "$install_helpers" = "1" ]; then + __package fping --state "$state" + __package heirloom-mailx --state "$state" + __package traceroute --state "$state" + __package ntpdate --state "$state" +fi + +## CLI-usage often requires a shell: +require="__package/xymon" __user xymon --shell "/bin/bash" --state "$state" diff --git a/cdist/conf/type/__xymon_server/parameter/boolean b/cdist/conf/type/__xymon_server/parameter/boolean new file mode 100644 index 00000000..56ebcb2c --- /dev/null +++ b/cdist/conf/type/__xymon_server/parameter/boolean @@ -0,0 +1 @@ +install_helpers diff --git a/cdist/conf/type/__xymon_server/parameter/default/state b/cdist/conf/type/__xymon_server/parameter/default/state new file mode 100644 index 00000000..e7f6134f --- /dev/null +++ b/cdist/conf/type/__xymon_server/parameter/default/state @@ -0,0 +1 @@ +present diff --git a/cdist/conf/type/__xymon_server/parameter/optional b/cdist/conf/type/__xymon_server/parameter/optional new file mode 100644 index 00000000..ff72b5c7 --- /dev/null +++ b/cdist/conf/type/__xymon_server/parameter/optional @@ -0,0 +1 @@ +state diff --git a/cdist/conf/type/__xymon_server/singleton b/cdist/conf/type/__xymon_server/singleton new file mode 100644 index 00000000..e69de29b diff --git a/docs/changelog b/docs/changelog index 168d0beb..71509004 100644 --- a/docs/changelog +++ b/docs/changelog @@ -1,6 +1,41 @@ Changelog --------- +next: + * Type __xymon_config: Add parameters for ownership and generic rsync options (Thomas Eckert) + * Type __xymon_client: Add msgcache parameter to support passive clients (Thomas Eckert) + * Type __apt_key: Use mktemp for unique temporary gpg home (Ander Punnar) + +6.1.0: 2019-11-19 + * Explorer hostname, type __hostname: Support more operating systems, rewrite type and hostname explorer (Dennis Camera) + +6.0.4: 2019-11-19 + * Doc: Fix typos (Kirill Miazine) + +6.0.3: 2019-10-31 + * Type __letsencrypt_cert: Add Alpine support (Nico Schottelius) + * Type __xymon_client: Fix spelling error in manpage (Dmitry Bogatov) + * Build: Support pip from git (Darko Poljak, Ľubomír Kučera) + * Type __package_update_index: Add Alpine support (Ahmed Bilal Khalid) + +6.0.2: 2019-10-17 + * New types: __xymon_server, __xymon_apache, __xymon_config, __xymon_client (Thomas Eckert) + * Type __letsencrypt_cert: Add Arch Linux support (Nico Schottelius) + * New type: __sensible_editor (Dennis Camera) + * Types __grafana_dashboard, __prometheus_alertmanager, __prometheus_exporter, __prometheus_server: Support Debian 10 (Ahmed Bilal Khalid) + +6.0.1: 2019-10-08 + * Type __group: Support OSes without getent (Dennis Camera) + * Type __user: Support OSes without getent (Dennis Camera) + * Type __ssh_authorized_keys: Support OSes without getent (Dennis Camera) + * Type __ssh_dot_ssh: Support OSes without getent (Dennis Camera) + * Explorer interfaces: Always sort output (Dennis Camera) + * Explorer os: Unquote value from os-release file (Dennis Camera) + * Type __letsencrypt_cert: Support Debian 10* (Ahmed Bilal Khalid) + * Type __prometheus_server: Add missing exit after unsupported error message (Dominique Roux) + * Type __git: Use --recurse-submodules instead of --recursive (Jonas Hagen) + * Type __git: Add --shallow option (Jonas Hagen) + 6.0.0: 2019-10-01 * Type __letsencrypt_cert: Fix beowulf's spelling (Mondi Ravi) * Core: Add preos functionality (Darko Poljak) diff --git a/docs/src/cdist-real-world.rst b/docs/src/cdist-real-world.rst index 8ccb0fc9..ba118d63 100644 --- a/docs/src/cdist-real-world.rst +++ b/docs/src/cdist-real-world.rst @@ -27,7 +27,7 @@ for that. This type will: - configure nginx. Our type will not create the actual python application. Its intention is only -to configure hosing for specified user and project. It is up to the user to +to configure hosting for specified user and project. It is up to the user to create his/her applications. So let's start. @@ -480,7 +480,7 @@ Creating python bottle application We now need to create Bottle application. As you remember from the beginning of this walkthrough our type does not create the actual python application, -its intention is only to configure hosing for specified user and project. +its intention is only to configure hosting for specified user and project. It is up to the user to create his/her applications. Become app user:: diff --git a/docs/src/cdist-upgrade.rst b/docs/src/cdist-upgrade.rst index e57ed63c..67fd4934 100644 --- a/docs/src/cdist-upgrade.rst +++ b/docs/src/cdist-upgrade.rst @@ -11,7 +11,7 @@ To upgrade cdist in the current branch use git pull # Also update the manpages - ./build man + make man export MANPATH=$MANPATH:$(pwd -P)/doc/man If you stay on a version branche (i.e. 1.0, 1.1., ...), nothing should break. diff --git a/hacking/timing-tests/benchmark-files.sh b/hacking/timing-tests/benchmark-files.sh new file mode 100644 index 00000000..c71d1c7e --- /dev/null +++ b/hacking/timing-tests/benchmark-files.sh @@ -0,0 +1,79 @@ +#!/bin/sh + +num=50000 +dsthost=localhost + +tmp=$(mktemp -d) +remote_tmp=${tmp}-remote + +cd "$tmp" + +create_files() { + i=0 + while [ $i -lt $num ]; do + echo $i > file-${i} + i=$((i+1)) + done +} + +delete_remote() { + ssh "${dsthost}" "rm -rf ${remote_tmp}" +} + + +tar_remote() { + cd "${tmp}" + tar c . | ssh "${dsthost}" "mkdir ${remote_tmp}; cd ${remote_tmp}; tar x" +} + +cdist_remote() +{ + ( + while [ $i -lt $num ]; do + echo __file ${remote_tmp}/file-${i} --source "${tmp}/file-${i}" + i=$((i+1)) + done + ) | cdist config -i - -vv "${dsthost}" + +} + +cdist_remote_parallel() +{ + ( + while [ $i -lt $num ]; do + echo __file ${remote_tmp}/file-${i} --source "${tmp}/file-${i}" + i=$((i+1)) + done + ) | cdist config -j10 -i - -vv "${dsthost}" + +} + +echo "Creating ${num} files" +time create_files + +echo "scping files" +time scp -r "${tmp}" "${dsthost}:$remote_tmp" >/dev/null + +echo "delete remote" +time delete_remote + +echo "taring files" +time tar_remote + +echo "delete remote" +time delete_remote + +echo "cdisting files" +time cdist_remote + +echo "delete remote" +time delete_remote + +echo "cdisting files (parallel)!" +time cdist_remote + +echo "delete remote" +time delete_remote + +echo "delete local" +rm -rf "$tmp" diff --git a/setup.py b/setup.py index ae651125..2bb1e16d 100644 --- a/setup.py +++ b/setup.py @@ -1,7 +1,27 @@ from distutils.core import setup -import cdist +from distutils.errors import DistutilsError import os import re +import subprocess + + +# We have it only if it is a git cloned repo. +build_helper = os.path.join('bin', 'build-helper') +# Version file path. +version_file = os.path.join('cdist', 'version.py') +# If we have build-helper we could be a git repo. +if os.path.exists(build_helper): + # Try to generate version.py. + rv = subprocess.run([build_helper, 'version', ]) + if rv.returncode != 0: + raise DistutilsError("Failed to generate {}".format(version_file)) +else: + # Otherwise, version.py should be present. + if not os.path.exists(version_file): + raise DistutilsError("Missing version file {}".format(version_file)) + + +import cdist def data_finder(data_dir):