Compare commits

..

6 commits

Author SHA1 Message Date
Darko Poljak
a9067aa846 Implement python types 2019-05-13 10:27:49 +02:00
Dominique Roux
66db5acc32 Updated the man pages for the cdist trigger and preos 2019-05-09 19:36:43 +02:00
Darko Poljak
eb78d9b034 Add missing configuration arg 2019-05-09 19:36:43 +02:00
Darko Poljak
0e92f5bb0a Update trigger to config 2019-05-09 19:36:43 +02:00
Darko Poljak
a87a69e281 Log trigger server error 2019-05-09 19:36:43 +02:00
Darko Poljak
11974e5ed6 Implement preos and triggering 2019-05-09 19:36:43 +02:00
160 changed files with 2165 additions and 2648 deletions

2
.gitignore vendored
View file

@ -34,7 +34,7 @@ cdist/inventory/
# Python: cache, distutils, distribution in general
__pycache__/
*.pyc
/MANIFEST
MANIFEST
dist/
cdist/version.py
cdist.egg-info/

View file

@ -31,9 +31,9 @@ help:
@echo "docs-clean clean documentation"
@echo "clean clean"
DOCS_SRC_DIR=./docs/src
SPEECHDIR=./docs/speeches
TYPEDIR=./cdist/conf/type
DOCS_SRC_DIR=docs/src
SPEECHDIR=docs/speeches
TYPEDIR=cdist/conf/type
SPHINXM=make -C $(DOCS_SRC_DIR) man
SPHINXH=make -C $(DOCS_SRC_DIR) html

View file

@ -23,8 +23,9 @@
#
usage() {
printf "usage: %s TARGET [TARGET-ARGS...]
printf "usage: %s TARGET RUN-AS
Available targets:
print-runas
changelog-changes
changelog-version
check-date
@ -57,29 +58,64 @@ usage() {
version
target-version
clean
distclean\n" "$1"
distclean
Run as:
nico
darko - default, if empty string specified\n" "$1"
}
basename="${0##*/}"
if [ $# -lt 1 ]
if [ $# -lt 2 ]
then
usage "${basename}"
exit 1
fi
option=$1; shift
run_as="$1"; shift
case "$run_as" in
nico)
from_a=nico.schottelius
from_d=ungleich.ch
ml_name="Nico Schottelius"
ml_sig_name="Nico"
;;
darko|'')
from_a=darko.poljak
from_d=gmail.com
ml_name="Darko Poljak"
ml_sig_name="Darko"
if [ -z "${run_as}" ]
then
run_as="darko"
fi
;;
*)
printf "Unsupported RUN-AS value: '%s'.\n" "${run_as}" >&2
usage "${basename}"
exit 1
;;
esac
SHELLCHECKCMD="shellcheck -s sh -f gcc -x"
# Skip SC2154 for variables starting with __ since such variables are cdist
# environment variables.
SHELLCHECK_SKIP=': __.*is referenced but not assigned.*\[SC2154\]'
to_a="cdist-configuration-management"
to_d="googlegroups.com"
# Change to checkout directory
basedir="${0%/*}/../"
cd "$basedir"
case "$option" in
print-runas)
printf "run_as: '%s'\n" "$run_as"
;;
changelog-changes)
if [ "$#" -eq 1 ]; then
start=$1
@ -123,7 +159,7 @@ case "$option" in
;;
check-unittest)
"$0" test
"$0" test "${run_as}"
;;
ml-release)
@ -132,10 +168,20 @@ case "$option" in
exit 1
fi
# Send mail only once - lock until new changelog things happened.
[ ! -f .lock-ml ] && touch .lock-ml
x=$(find 'docs' -name changelog -type f -newer .lock-ml)
[ -z "${x}" ] && exit 0
version=$1; shift
to=${to_a}@${to_d}
from=${from_a}@${from_d}
(
cat << eof
From: ${ml_name} <$from>
To: cdist mailing list <$to>
Subject: cdist $version has been released
Hello .*,
@ -144,11 +190,23 @@ cdist $version has been released with the following changes:
eof
"$0" changelog-changes "$version"
"$0" changelog-changes "${run_as}" "$version"
cat << eof
Cheers,
${ml_sig_name}
--
Automatisation at its best level. With cdist.
eof
) > mailinglist.tmp
if [ "$run_as" = "nico" ]
then
/usr/sbin/sendmail -f "$from" "$to" < mailinglist.tmp && rm -f mailinglist.tmp
fi
touch .lock-ml
;;
archlinux-release)
@ -167,7 +225,7 @@ eof
pypi-release)
# Ensure that pypi release has the right version
"$0" version
"$0" version "${run_as}"
make docs-clean
make docs
@ -175,7 +233,7 @@ eof
;;
release-git-tag)
target_version=$($0 changelog-version)
target_version=$($0 changelog-version "${run_as}")
if git rev-parse --verify "refs/tags/${target_version}" 2>/dev/null; then
printf "Tag for %s exists, aborting\n" "${target_version}"
exit 1
@ -229,7 +287,7 @@ eof
git archive --prefix="cdist-${tag}/" -o "${archivename}" "${tag}" \
|| exit 1
# make sure target version is generated
"$0" target-version
"$0" target-version "${run_as}"
tar -x -f "${archivename}" || exit 1
cp cdist/version.py "cdist-${tag}/cdist/version.py" || exit 1
tar -c -f "${archivename}" "cdist-${tag}/" || exit 1
@ -259,7 +317,7 @@ eof
| sed "${sed_cmd}") || exit 1
# make release
changelog=$("$0" changelog-changes "$1" | sed 's/^[[:space:]]*//')
changelog=$("$0" changelog-changes "${run_as}" "$1" | sed 's/^[[:space:]]*//')
release_notes=$(
printf "%s\n\n%s\n\n**Changelog**\n\n%s\n" \
"${response_archive}" "${response_archive_sig}" "${changelog}"
@ -280,19 +338,19 @@ eof
release)
set -e
target_version=$($0 changelog-version)
target_branch=$($0 version-branch)
target_version=$($0 changelog-version "${run_as}")
target_branch=$($0 version-branch "${run_as}")
printf "Beginning release process for %s\n" "${target_version}"
# First check everything is sane
"$0" check-date
"$0" check-unittest
"$0" check-pycodestyle
"$0" check-shellcheck
"$0" check-date "${run_as}"
"$0" check-unittest "${run_as}"
"$0" check-pycodestyle "${run_as}"
"$0" check-shellcheck "${run_as}"
# Generate version file to be included in packaging
"$0" target-version
"$0" target-version "${run_as}"
# Ensure the git status is clean, else abort
if ! git diff-index --name-only --exit-code HEAD ; then
@ -327,8 +385,8 @@ eof
fi
# Verify that after the merge everything works
"$0" check-date
"$0" check-unittest
"$0" check-date "${run_as}"
"$0" check-unittest "${run_as}"
# Generate documentation (man and html)
# First, clean old generated docs
@ -339,7 +397,7 @@ eof
# Everything green, let's do the release
# Tag the current commit
"$0" release-git-tag
"$0" release-git-tag "${run_as}"
# Also merge back the version branch
if [ "$masterbranch" = yes ]; then
@ -348,28 +406,37 @@ eof
fi
# Publish git changes
# if you want to have mirror locally then uncomment this and comment below
# if you want to have mirror locally then uncomment this support
# if [ "$run_as" = "nico" ]
# then
# git push --mirror
# else
# if we are not Nico :) then just push, no mirror
git push
# push also new branch and set up tracking
git push -u origin "${target_branch}"
# fi
# Create and publish package for pypi
"$0" pypi-release
"$0" pypi-release "${run_as}"
if [ "$run_as" = "nico" ]
then
# Archlinux release is based on pypi
"$0" archlinux-release "${run_as}"
fi
# sign git tag
printf "Enter upstream repository authentication token: "
read -r token
"$0" sign-git-release "${target_version}" "${token}"
"$0" sign-git-release "${run_as}" "${target_version}" "${token}"
# Announce change on ML
"$0" ml-release "${target_version}"
"$0" ml-release "${run_as}" "${target_version}"
cat << eof
Manual steps post release:
- cdist-web
- send mail body generated in mailinglist.tmp and inform Dmitry for deb
- twitter
eof
;;
@ -409,7 +476,7 @@ eof
;;
check-pycodestyle)
"$0" pycodestyle
"$0" pycodestyle "${run_as}"
printf "\\nPlease review pycodestyle report.\\n"
while true
do
@ -451,24 +518,24 @@ eof
;;
shellcheck-scripts)
${SHELLCHECKCMD} scripts/cdist-dump scripts/cdist-new-type || exit 0
${SHELLCHECKCMD} scripts/cdist-dump || exit 0
;;
shellcheck-gencodes)
"$0" shellcheck-local-gencodes
"$0" shellcheck-remote-gencodes
"$0" shellcheck-local-gencodes "${run_as}"
"$0" shellcheck-remote-gencodes "${run_as}"
;;
shellcheck-types)
"$0" shellcheck-type-explorers
"$0" shellcheck-manifests
"$0" shellcheck-gencodes
"$0" shellcheck-type-explorers "${run_as}"
"$0" shellcheck-manifests "${run_as}"
"$0" shellcheck-gencodes "${run_as}"
;;
shellcheck)
"$0" shellcheck-global-explorers
"$0" shellcheck-types
"$0" shellcheck-scripts
"$0" shellcheck-global-explorers "${run_as}"
"$0" shellcheck-types "${run_as}"
"$0" shellcheck-scripts "${run_as}"
;;
shellcheck-type-files)
@ -476,8 +543,8 @@ eof
;;
shellcheck-with-files)
"$0" shellcheck
"$0" shellcheck-type-files
"$0" shellcheck "${run_as}"
"$0" shellcheck-type-files "${run_as}"
;;
shellcheck-build-helper)
@ -485,7 +552,7 @@ eof
;;
check-shellcheck)
"$0" shellcheck
"$0" shellcheck "${run_as}"
printf "\\nPlease review shellcheck report.\\n"
while true
do
@ -507,7 +574,7 @@ eof
;;
version-branch)
"$0" changelog-version | cut -d. -f '1,2'
"$0" changelog-version "${run_as}" | cut -d. -f '1,2'
;;
version)
@ -515,7 +582,7 @@ eof
;;
target-version)
target_version=$($0 changelog-version)
target_version=$($0 changelog-version "${run_as}")
printf "VERSION = \"%s\"\n" "${target_version}" > cdist/version.py
;;
@ -538,7 +605,7 @@ eof
;;
distclean)
"$0" clean
"$0" clean "${run_as}"
rm -f cdist/version.py
;;
*)

View file

@ -5,11 +5,12 @@ import logging
import collections
import functools
import cdist.configuration
import cdist.trigger
import cdist.preos
# set of beta sub-commands
BETA_COMMANDS = set(('install', 'inventory', ))
BETA_COMMANDS = set(('install', 'inventory', 'preos', 'trigger', ))
# set of beta arguments for sub-commands
BETA_ARGS = {
'config': set(('tag', 'all_tagged_hosts', 'use_archiving', )),
@ -21,7 +22,6 @@ parser = None
_verbosity_level_off = -2
_verbosity_level = {
None: logging.WARNING,
_verbosity_level_off: logging.OFF,
-1: logging.ERROR,
0: logging.WARNING,
@ -436,6 +436,28 @@ def get_parsers():
' should be POSIX compatible shell.'))
parser['shell'].set_defaults(func=cdist.shell.Shell.commandline)
# Trigger
parser['trigger'] = parser['sub'].add_parser(
'trigger', parents=[parser['loglevel'],
parser['beta'],
parser['common'],
parser['config_main']])
parser['trigger'].add_argument(
'-D', '--directory', action='store', required=False,
help=('Where to create local files'))
parser['trigger'].add_argument(
'-H', '--http-port', action='store', default=3000, required=False,
help=('Create trigger listener via http on specified port'))
parser['trigger'].add_argument(
'--ipv6', default=False,
help=('Listen to both IPv4 and IPv6 (instead of only IPv4)'),
action='store_true')
parser['trigger'].add_argument(
'-O', '--source', action='store', required=False,
help=('Which file to copy for creation'))
parser['trigger'].set_defaults(func=cdist.trigger.Trigger.commandline)
for p in parser:
parser[p].epilog = EPILOG

View file

@ -1,6 +1,7 @@
#!/bin/sh
#
# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
# 2010-2014 Nico Schottelius (nico-cdist at schottelius.org)
# 2012 Steven Armstrong (steven-cdist at armstrong.cc)
#
# This file is part of cdist.
#
@ -18,12 +19,7 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# Retrieve the running hostname
#
if command -v hostname >/dev/null
then
hostname
else
uname -n
if command -v uname >/dev/null; then
uname -n
fi

View file

@ -18,11 +18,13 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
if command -v ip >/dev/null
if command -v ip > /dev/null
then
ip -o link show | sed -n 's/^[0-9]\+: \(.\+\): <.*/\1/p'
elif command -v ifconfig >/dev/null
ip -o link show | sed -n 's/^[0-9]\+: \(.\+\): <.*/\1/p'
elif command -v ifconfig > /dev/null
then
ifconfig -a | sed -n -E 's/^(.*)(:[[:space:]]*flags=|Link encap).*/\1/p'
fi \
| sort -u
ifconfig -a \
| sed -n -E 's/^(.*)(:[[:space:]]*flags=|Link encap).*/\1/p' \
| sort -u
fi

View file

@ -145,7 +145,7 @@ esac
if [ -f /etc/os-release ]; then
# already lowercase, according to:
# https://www.freedesktop.org/software/systemd/man/os-release.html
awk -F= '/^ID=/ { if ($2 ~ /^'"'"'(.*)'"'"'$/ || $2 ~ /^"(.*)"$/) { print substr($2, 2, length($2) - 2) } else { print $2 } }' /etc/os-release
awk -F= '/^ID=/ {print $2;}' /etc/os-release
exit 0
fi

View file

@ -18,22 +18,30 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# TODO check if filesystem has ACL turned on etc
[ ! -e "/$__object_id" ] && exit 0
if [ -f "$__object/parameter/acl" ]
then
grep -E '^(default:)?(user|group):' "$__object/parameter/acl" \
| while read -r acl
for parameter in user group
do
if [ ! -f "$__object/parameter/$parameter" ]
then
continue
fi
while read -r acl
do
param="$( echo "$acl" | awk -F: '{print $(NF-2)}' )"
check="$( echo "$acl" | awk -F: '{print $(NF-1)}' )"
check="$( echo "$acl" | awk -F: '{print $1}' )"
[ "$param" = 'user' ] && db=passwd || db="$param"
if ! getent "$db" "$check" > /dev/null
if [ "$parameter" = 'user' ]
then
echo "missing $param '$check'" >&2
exit 1
getent_db=passwd
else
getent_db="$parameter"
fi
done
fi
if ! getent "$getent_db" "$check" > /dev/null
then
echo "missing $parameter '$check'"
fi
done \
< "$__object/parameter/$parameter"
done

View file

@ -20,65 +20,59 @@
file_is="$( cat "$__object/explorer/file_is" )"
[ "$file_is" = 'missing' ] && [ -z "$__cdist_dry_run" ] && exit 0
[ "$file_is" = 'missing' ] && exit 0
os="$( cat "$__global/explorer/os" )"
missing_users_groups="$( cat "$__object/explorer/missing_users_groups" )"
acl_path="/$__object_id"
acl_is="$( cat "$__object/explorer/acl_is" )"
if [ -f "$__object/parameter/acl" ]
if [ -n "$missing_users_groups" ]
then
acl_should="$( cat "$__object/parameter/acl" )"
elif
[ -f "$__object/parameter/user" ] \
|| [ -f "$__object/parameter/group" ] \
|| [ -f "$__object/parameter/mask" ] \
|| [ -f "$__object/parameter/other" ]
then
acl_should="$( for param in user group mask other
do
[ ! -f "$__object/parameter/$param" ] && continue
echo "$param" | grep -Eq 'mask|other' && sep=:: || sep=:
echo "$param$sep$( cat "$__object/parameter/$param" )"
done )"
else
echo 'no parameters set' >&2
echo "$missing_users_groups" >&2
exit 1
fi
if [ -f "$__object/parameter/default" ]
os="$( cat "$__global/explorer/os" )"
acl_is="$( cat "$__object/explorer/acl_is" )"
acl_path="/$__object_id"
if [ -f "$__object/parameter/default" ] && [ "$file_is" = 'directory' ]
then
acl_should="$( echo "$acl_should" \
| sed 's/^default://' \
| sort -u \
| sed 's/\(.*\)/default:\1\n\1/' )"
set_default=1
else
set_default=0
fi
if [ "$file_is" = 'regular' ] \
&& echo "$acl_should" | grep -Eq '^default:'
then
# only directories can have default ACLs,
# but instead of error,
# let's just remove default entries
acl_should="$( echo "$acl_should" | grep -Ev '^default:' )"
fi
acl_should="$( for parameter in user group mask other
do
if [ ! -f "$__object/parameter/$parameter" ]
then
continue
fi
if echo "$acl_should" | awk -F: '{ print $NF }' | grep -Fq 'X'
then
[ "$file_is" = 'directory' ] && rep=x || rep=-
while read -r acl
do
if echo "$acl" | awk -F: '{ print $NF }' | grep -Fq 'X'
then
[ "$file_is" = 'directory' ] && rep=x || rep=-
acl_should="$( echo "$acl_should" | sed "s/\\(.*\\)X/\\1$rep/" )"
fi
acl="$( echo "$acl" | sed "s/\(.*\)X/\1$rep/" )"
fi
echo "$parameter" | grep -Eq '(mask|other)' && sep=:: || sep=:
echo "$parameter$sep$acl"
[ "$set_default" = '1' ] && echo "default:$parameter$sep$acl"
done \
< "$__object/parameter/$parameter"
done )"
setfacl_exec='setfacl'
if [ -f "$__object/parameter/recursive" ]
then
if echo "$os" | grep -Fq 'freebsd'
if echo "$os" | grep -Eq 'macosx|freebsd'
then
echo "$os setfacl do not support recursive operations" >&2
else
@ -88,36 +82,44 @@ fi
if [ -f "$__object/parameter/remove" ]
then
echo "$acl_is" | while read -r acl
do
# skip wanted ACL entries which already exist
# and skip mask and other entries, because we
# can't actually remove them, but only change.
if echo "$acl_should" | grep -Eq "^$acl" \
|| echo "$acl" | grep -Eq '^(default:)?(mask|other)'
then continue
fi
if echo "$os" | grep -Fq 'solaris'
then
# Solaris setfacl behaves differently.
# We will not support Solaris for now, because no way to test it.
# But adding support should be easy (use -s instead of -m on modify).
echo "$os setfacl do not support -x flag for ACL remove" >&2
else
echo "$acl_is" | while read -r acl
do
# Skip wanted ACL entries which already exist
# and skip mask and other entries, because we
# can't actually remove them, but only change.
if echo "$acl_should" | grep -Eq "^$acl" \
|| echo "$acl" | grep -Eq '^(default:)?(mask|other)'
then continue
fi
if echo "$os" | grep -Fq 'freebsd'
then
remove="$acl"
else
remove="$( echo "$acl" | sed 's/:...$//' )"
fi
if echo "$os" | grep -Eq 'macosx|freebsd'
then
remove="$acl"
else
remove="$( echo "$acl" | sed 's/:...$//' )"
fi
echo "$setfacl_exec -x \"$remove\" \"$acl_path\""
echo "removed '$remove'" >> "$__messages_out"
done
echo "$setfacl_exec -x \"$remove\" \"$acl_path\""
echo "removed '$remove'" >> "$__messages_out"
done
fi
fi
for acl in $acl_should
do
if ! echo "$acl_is" | grep -Eq "^$acl"
then
if echo "$os" | grep -Fq 'freebsd' \
if echo "$os" | grep -Eq 'macosx|freebsd' \
&& echo "$acl" | grep -Eq '^default:'
then
echo "setting default ACL in $os is currently not supported" >&2
echo "setting default ACL in $os is currently not supported. sorry :(" >&2
else
echo "$setfacl_exec -m \"$acl\" \"$acl_path\""
echo "added '$acl'" >> "$__messages_out"

View file

@ -8,36 +8,46 @@ cdist-type__acl - Set ACL entries
DESCRIPTION
-----------
Fully supported and tested on Linux (ext4 filesystem), partial support for FreeBSD.
ACL must be defined as 3-symbol combination, using ``r``, ``w``, ``x`` and ``-``.
Fully supported on Linux (tested on Debian and CentOS).
Partial support for FreeBSD, OSX and Solaris.
OpenBSD and NetBSD support is not possible.
See ``setfacl`` and ``acl`` manpages for more details.
REQUIRED MULTIPLE PARAMETERS
OPTIONAL MULTIPLE PARAMETERS
----------------------------
acl
Set ACL entry following ``getfacl`` output syntax.
user
Add user ACL entry.
group
Add group ACL entry.
OPTIONAL PARAMETERS
-------------------
mask
Add mask ACL entry.
other
Add other ACL entry.
BOOLEAN PARAMETERS
------------------
default
Set all ACL entries as default too.
Only directories can have default ACLs.
Setting default ACL in FreeBSD is currently not supported.
recursive
Make ``setfacl`` recursive (Linux only), but not ``getfacl`` in explorer.
default
Add default ACL entries (FreeBSD not supported).
remove
Remove undefined ACL entries.
``mask`` and ``other`` entries can't be removed, but only changed.
DEPRECATED PARAMETERS
---------------------
Parameters ``user``, ``group``, ``mask`` and ``other`` are deprecated and they
will be removed in future versions. Please use ``acl`` parameter instead.
Remove undefined ACL entries (Solaris not supported).
ACL entries for ``mask`` and ``other`` can't be removed.
EXAMPLES
@ -46,30 +56,15 @@ EXAMPLES
.. code-block:: sh
__acl /srv/project \
--default \
--recursive \
--remove \
--acl user:alice:rwx \
--acl user:bob:r-x \
--acl group:project-group:rwx \
--acl group:some-other-group:r-x \
--acl mask::r-x \
--acl other::r-x
# give Alice read-only access to subdir,
# but don't allow her to see parent content.
__acl /srv/project2 \
--remove \
--acl default:group:secret-project:rwx \
--acl group:secret-project:rwx \
--acl user:alice:--x
__acl /srv/project2/subdir \
--default \
--remove \
--acl group:secret-project:rwx \
--acl user:alice:r-x
--user alice:rwx \
--user bob:r-x \
--group project-group:rwx \
--group some-other-group:r-x \
--mask r-x \
--other r-x
AUTHORS

View file

@ -1 +0,0 @@
see manual for details

View file

@ -1 +0,0 @@
see manual for details

View file

@ -1 +0,0 @@
see manual for details

View file

@ -1 +0,0 @@
see manual for details

View file

@ -1,3 +1,2 @@
acl
user
group

View file

@ -27,18 +27,6 @@ else
keyid="$__object_id"
fi
keydir="$(cat "$__object/parameter/keydir")"
keyfile="$keydir/$__object_id.gpg"
if [ -d "$keydir" ]
then
if [ -f "$keyfile" ]
then echo present
else echo absent
fi
else
# fallback to deprecated apt-key
apt-key export "$keyid" | head -n 1 | grep -Fqe "BEGIN PGP PUBLIC KEY BLOCK" \
&& echo present \
|| echo absent
fi
apt-key export "$keyid" | head -n 1 | grep -Fqe "BEGIN PGP PUBLIC KEY BLOCK" \
&& echo present \
|| echo absent

View file

@ -31,82 +31,12 @@ if [ "$state_should" = "$state_is" ]; then
exit 0
fi
keydir="$(cat "$__object/parameter/keydir")"
keyfile="$keydir/$__object_id.gpg"
case "$state_should" in
present)
keyserver="$(cat "$__object/parameter/keyserver")"
if [ -f "$__object/parameter/uri" ]; then
uri="$(cat "$__object/parameter/uri")"
if [ -d "$keydir" ]; then
cat << EOF
curl -s -L \\
-o "$keyfile" \\
"$uri"
key="\$( cat "$keyfile" )"
if echo "\$key" | grep -Fq 'BEGIN PGP PUBLIC KEY BLOCK'
then
echo "\$key" | gpg --dearmor > "$keyfile"
fi
EOF
else
# fallback to deprecated apt-key
echo "curl -s -L '$uri' | apt-key add -"
fi
elif [ -d "$keydir" ]; then
# we need to kill gpg after 30 seconds, because gpg
# can get stuck if keyserver is not responding.
# exporting env var and not exit 1,
# because we need to clean up and kill dirmngr.
cat << EOF
gpgtmphome="\$( mktemp -d )"
if timeout 30s \\
gpg --homedir "\$gpgtmphome" \\
--keyserver "$keyserver" \\
--recv-keys "$keyid"
then
gpg --homedir "\$gpgtmphome" \\
--export "$keyid" \\
> "$keyfile"
else
export GPG_GOT_STUCK=1
fi
GNUPGHOME="\$gpgtmphome" gpgconf --kill dirmngr
rm -rf "\$gpgtmphome"
if [ -n "\$GPG_GOT_STUCK" ]
then
echo "GPG GOT STUCK - no response from keyserver after 30 seconds" >&2
exit 1
fi
EOF
else
# fallback to deprecated apt-key
echo "apt-key adv --keyserver \"$keyserver\" --recv-keys \"$keyid\""
fi
echo "added '$keyid'" >> "$__messages_out"
echo "apt-key adv --keyserver \"$keyserver\" --recv-keys \"$keyid\""
;;
absent)
if [ -f "$keyfile" ]; then
echo "rm '$keyfile'"
else
# fallback to deprecated apt-key
echo "apt-key del \"$keyid\""
fi
echo "removed '$keyid'" >> "$__messages_out"
echo "apt-key del \"$keyid\""
;;
esac

View file

@ -28,12 +28,6 @@ keyserver
the keyserver from which to fetch the key. If omitted the default set
in ./parameter/default/keyserver is used.
keydir
key save location, defaults to ``/etc/apt/trusted.pgp.d``
uri
the URI from which to download the key
EXAMPLES
--------
@ -53,20 +47,15 @@ EXAMPLES
# same thing with other keyserver
__apt_key UbuntuArchiveKey --keyid 437D05B5 --keyserver keyserver.ubuntu.com
# download key from the internet
__apt_key rabbitmq \
--uri http://www.rabbitmq.com/rabbitmq-signing-key-public.asc
AUTHORS
-------
Steven Armstrong <steven-cdist--@--armstrong.cc>
Ander Punnar <ander-at-kvlt-dot-ee>
COPYING
-------
Copyright \(C) 2011-2019 Steven Armstrong and Ander Punnar. You can
redistribute it and/or modify it under the terms of the GNU General Public
License as published by the Free Software Foundation, either version 3 of the
Copyright \(C) 2011-2014 Steven Armstrong. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -1,8 +0,0 @@
#!/bin/sh -e
__package gnupg
if [ -f "$__object/parameter/uri" ]
then __package curl
else __package dirmngr
fi

View file

@ -1 +0,0 @@
/etc/apt/trusted.gpg.d

View file

@ -1,5 +1,3 @@
state
keyid
keyserver
keydir
uri

View file

@ -0,0 +1,12 @@
#!/bin/sh
os=$(cat "$__global/explorer/os")
case "$os" in
devuan)
echo "update-rc.d cdist-preos-trigger defaults > /dev/null"
;;
*)
;;
esac

View file

@ -0,0 +1,45 @@
cdist-type__cdist_preos_trigger(7)
==================================
NAME
----
cdist-type__cdist_preos_trigger - configure cdist preos trigger
DESCRIPTION
-----------
Create cdist PreOS trigger by creating systemd unit file that will be started
at boot and will execute trigger command - connect to specified host and port.
REQUIRED PARAMETERS
-------------------
trigger-command
Command that will be executed as a PreOS cdist trigger.
OPTIONAL PARAMETERS
-------------------
None
EXAMPLES
--------
.. code-block:: sh
# Configure default curl trigger for host cdist.ungleich.ch at port 80.
__cdist_preos_trigger http --trigger-command '/usr/bin/curl cdist.ungleich.ch:80'
AUTHORS
-------
Darko Poljak <darko.poljak--@--ungleich.ch>
COPYING
-------
Copyright \(C) 2016 Darko Poljak. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,67 @@
#!/bin/sh
os="$(cat "$__global/explorer/os")"
trigger_command=$(cat "$__object/parameter/trigger-command")
case "$os" in
devuan)
__file /etc/init.d/cdist-preos-trigger --owner root \
--group root \
--mode 755 \
--source - << EOF
#!/bin/sh
# /etc/init.d/cdist-preos-trigger
### BEGIN INIT INFO
# Provides: cdist-preos-trigger
# Required-Start: \$all
# Required-Stop:
# Default-Start: 2 3 4 5 S
# Default-Stop: 0 1 6
# Short-Description: Execute cdist preos trigger command
# Description: Execute cdist preos trigger commnad.
### END INIT INFO
case "\$1" in
start)
echo "Starting cdist-preos-trigger command"
${trigger_command} &
;;
stop)
# no-op
;;
*)
echo "Usage: /etc/init.d/cdist-preos-trigger {start|stop}"
exit 1
;;
esac
exit 0
EOF
;;
*)
__file /etc/systemd/system/cdist-preos-trigger.service --owner root \
--group root \
--mode 644 \
--source - << EOF
[Unit]
Description=preos trigger
Wants=network-online.target
After=network.target network-online.target
[Service]
Type=simple
Restart=no
# Broken systemd
ExecStartPre=/bin/sleep 5
ExecStart=${trigger_command}
[Install]
WantedBy=multi-user.target
EOF
require="__file/etc/systemd/system/cdist-preos-trigger.service" \
__start_on_boot cdist-preos-trigger
;;
esac

View file

@ -0,0 +1 @@
trigger-command

View file

@ -1 +0,0 @@
886614099 103959898 consul

View file

@ -1 +0,0 @@
https://releases.hashicorp.com/consul/1.5.0/consul_1.5.0_linux_amd64.zip

View file

@ -42,7 +42,7 @@ source_file_name="${source##*/}"
cksum_should=$(cut -d' ' -f1,2 "$version_dir/cksum")
cat << eof
tmpdir=\$(mktemp -d -p /tmp "${__type##*/}.XXXXXXXXXX")
tmpdir=\$(mktemp -d --tmpdir="/tmp" "${__type##*/}.XXXXXXXXXX")
curl -s -L "$source" > "\$tmpdir/$source_file_name"
unzip -p "\$tmpdir/$source_file_name" > "${destination}.tmp"
rm -rf "\$tmpdir"

View file

@ -24,7 +24,7 @@
os=$(cat "$__global/explorer/os")
case "$os" in
alpine|scientific|centos|redhat|ubuntu|debian|devuan|archlinux|gentoo)
scientific|centos|redhat|ubuntu|debian|devuan|archlinux|gentoo)
# any linux should work
:
;;
@ -47,7 +47,6 @@ fi
if [ -f "$__object/parameter/direct" ]; then
__package unzip
__package curl
else
__staged_file /usr/local/bin/consul \
--source "$(cat "$version_dir/source")" \

View file

@ -1,38 +0,0 @@
#!/sbin/openrc-run
# 2019 Nico Schottelius (nico-cdist at schottelius.org)
description="consul agent"
pidfile="${CONSUL_PIDFILE:-"/var/run/$RC_SVCNAME/pidfile"}"
command="${CONSUL_BINARY:-"/usr/local/bin/consul"}"
checkconfig() {
if [ ! -d /var/run/consul ] ; then
mkdir -p /var/run/consul || return 1
chown consul:consul /var/run/$NAME || return 1
chmod 2770 /var/run/$NAME || return 1
fi
}
start() {
need net
start-stop-daemon --start --quiet --oknodo \
--pidfile "$pidfile" --background \
--exec $command -- agent -pid-file="$pidfile" -config-dir /etc/consul/conf.d
}
start_pre() {
checkconfig
}
stop() {
if [ "${RC_CMD}" = "restart" ] ; then
checkconfig || return 1
fi
ebegin "Stopping $RC_SVCNAME"
start-stop-daemon --stop --exec "$command" \
--pidfile "$pidfile" --quiet
eend $?
}

View file

@ -1,7 +1,7 @@
#!/bin/sh -e
#
# 2015 Steven Armstrong (steven-cdist at armstrong.cc)
# 2015-2019 Nico Schottelius (nico-cdist at schottelius.org)
# 2015 Nico Schottelius (nico-cdist at schottelius.org)
#
# This file is part of cdist.
#
@ -23,7 +23,7 @@
os=$(cat "$__global/explorer/os")
case "$os" in
alpine|scientific|centos|debian|devuan|redhat|ubuntu)
scientific|centos|debian|devuan|redhat|ubuntu)
# whitelist safeguard
:
;;
@ -181,25 +181,22 @@ init_upstart()
# Install init script to start on boot
case "$os" in
alpine|devuan)
init_sysvinit debian
;;
centos|redhat)
os_version="$(sed 's/[^0-9.]//g' "$__global/explorer/os_version")"
major_version="${os_version%%.*}"
case "$major_version" in
[456])
init_sysvinit redhat
;;
7)
init_systemd
;;
*)
echo "Unsupported CentOS/Redhat version: $os_version" >&2
exit 1
;;
esac
;;
centos|redhat)
os_version="$(sed 's/[^0-9.]//g' "$__global/explorer/os_version")"
major_version="${os_version%%.*}"
case "$major_version" in
[456])
init_sysvinit redhat
;;
7)
init_systemd
;;
*)
echo "Unsupported CentOS/Redhat version: $os_version" >&2
exit 1
;;
esac
;;
debian)
os_version=$(cat "$__global/explorer/os_version")
@ -217,9 +214,13 @@ case "$os" in
exit 1
;;
esac
;;
;;
devuan)
init_sysvinit debian
;;
ubuntu)
init_upstart
;;
;;
esac

View file

@ -64,43 +64,6 @@ case "$os" in
require="__apt_source/docker" __package docker-ce --state "${state}"
fi
;;
devuan)
os_version="$(cat "$__global/explorer/os_version")"
case "$os_version" in
ascii)
distribution="stretch"
;;
jessie)
distribution="jessie"
;;
*)
echo "Your devuan release ($os_version) is currently not supported by this type (${__type##*/}).">&2
echo "Please contribute an implementation for it if you can." >&2
exit 1
;;
esac
if [ "${state}" = "present" ]; then
__package apt-transport-https
__package ca-certificates
__package gnupg2
fi
__apt_key_uri docker --name "Docker Release (CE deb) <docker@docker.com>" \
--uri "https://download.docker.com/linux/${os}/gpg" --state "${state}"
require="__apt_key_uri/docker" __apt_source docker \
--uri "https://download.docker.com/linux/${os}" \
--distribution "${distribution}" \
--state "${state}" \
--component "stable"
if [ "$version" != "latest" ]; then
require="__apt_source/docker" __package docker-ce --version "${version}" --state "${state}"
else
require="__apt_source/docker" __package docker-ce --state "${state}"
fi
;;
*)
echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
echo "Please contribute an implementation for it if you can." >&2

View file

@ -18,4 +18,4 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
docker info 2>/dev/null | grep '^ *Swarm: ' | awk '{print $2}'
docker info 2>/dev/null | grep "^Swarm: " | cut -d " " -f 2-

View file

@ -0,0 +1,103 @@
import os
import re
import sys
from cdist.core import PythonType
class FileType(PythonType):
def get_attribute(self, stat_file, attribute, value_should):
if os.path.exists(stat_file):
if re.match('[0-9]', value_should):
index = 1
else:
index = 2
with open(stat_file, 'r') as f:
for line in f:
if re.match(attribute + ":", line):
fields = line.split()
return fields[index]
return None
def set_attribute(self, attribute, value_should, destination):
cmd = {
'group': 'chgrp',
'owner': 'chown',
'mode': 'chmod',
}
self.send_message("{} '{}'".format(cmd[attribute], value_should))
return "{} '{}' '{}'".format(cmd[attribute], value_should, destination)
def type_manifest(self):
yield from ()
def type_gencode(self):
typeis = self.get_explorer('type')
state_should = self.get_parameter('state')
if state_should == 'exists' and typeis == 'file':
return
source = self.get_parameter('source')
if source == '-':
source = self.stdin_path
destination = '/' + self.object_id
if state_should == 'pre-exists':
if source is not None:
self.die('--source cannot be used with --state pre-exists')
if typeis == 'file':
return None
else:
self.die('File {} does not exist'.format(destination))
create_file = False
upload_file = False
set_attributes = False
code = []
if state_should == 'present' or state_should == 'exists':
if source is None:
remote_stat = self.get_explorer('stat')
if not remote_stat:
create_file = True
else:
if os.path.exists(source):
if typeis == 'file':
local_cksum = self.run_local(['cksum', source, ])
local_cksum = local_cksum.split()[0]
remote_cksum = self.get_explorer('cksum')
remote_cksum = remote_cksum.split()[0]
upload_file = local_cksum != remote_cksum
else:
upload_file = True
else:
self.die('Source {} does not exist'.format(source))
if create_file or upload_file:
set_attributes = True
tempfile_template = '{}.cdist.XXXXXXXXXX'.format(destination)
destination_upload = self.run_remote(
["mktemp", tempfile_template, ])
if upload_file:
self.transfer(source, destination_upload)
code.append('rm -rf {}'.format(destination))
code.append('mv {} {}'.format(destination_upload, destination))
if state_should in ('present', 'exists', 'pre-exists', ):
for attribute in ('group', 'owner', 'mode', ):
if attribute in self.parameters:
value_should = self.get_parameter(attribute)
if attribute == 'mode':
value_should = re.sub('^0', '', value_should)
stat_file = self.get_explorer_file('stat')
value_is = self.get_attribute(stat_file, attribute,
value_should)
if set_attributes or value_should != value_is:
code.append(self.set_attribute(attribute,
value_should,
destination))
elif state_should == 'absent':
if typeis == 'file':
code.append('rm -f {}'.format(destination))
self.send_message('remove')
else:
self.die('Unknown state {}'.format(state_should))
return "\n".join(code)

View file

@ -1,6 +1,6 @@
#!/bin/sh -e
#!/bin/sh
#
# 2018-2019 Thomas Eckert (tom at it-eckert.de)
# 2011-2012 Nico Schottelius (nico-cdist at schottelius.org)
#
# This file is part of cdist.
#
@ -16,8 +16,19 @@
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# Retrieve the md5sum of a file to be created, if it is already existing.
#
## to speed up config-reload we send a HUP to the server process:
cat <<-EOT
pkill -HUP xymond || { echo "HUPing xymond failed" >&2; exit 1; }
EOT
destination="/$__object_id"
if [ -e "$destination" ]; then
if [ -f "$destination" ]; then
cksum < "$destination"
else
echo "NO REGULAR FILE"
fi
else
echo "NO FILE FOUND, NO CHECKSUM CALCULATED."
fi

View file

@ -1,6 +1,6 @@
#!/bin/sh -e
#!/bin/sh
#
# 2018-2019 Thomas Eckert (tom at it-eckert.de)
# 2013 Steven Armstrong (steven-cdist armstrong.cc)
#
# This file is part of cdist.
#
@ -16,27 +16,41 @@
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
state=$(cat "$__object/parameter/state")
destination="/$__object_id"
os=$(cat "$__global/explorer/os")
# nothing to work with, nothing we could do
[ -e "$destination" ] || exit 0
os=$("$__explorer/os")
case "$os" in
debian|ubuntu)
:
;;
*)
echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
echo "Please contribute an implementation for it if you can." >&2
exit 1
;;
"freebsd"|"netbsd"|"openbsd")
# FIXME: should be something like this based on man page, but can not test
stat -f "type: %ST
owner: %Du %Su
group: %Dg %Sg
mode: %Op %Sp
size: %Dz
links: %Dl
" "$destination"
;;
"macosx")
stat -f "type: %HT
owner: %Du %Su
group: %Dg %Sg
mode: %Lp %Sp
size: %Dz
links: %Dl
" "$destination"
;;
*)
stat --printf="type: %F
owner: %u %U
group: %g %G
mode: %a %A
size: %s
links: %h
" "$destination"
;;
esac
__package apache2 --state "$state"
## edit xymon.conf IP-ranges
if [ -f "$__object/parameter/ipacl" ]; then
require="__package/xymon" __line /etc/apache2/conf-available/xymon.conf \
--line " Require ip $(cat "$__object/parameter/ipacl")" \
--after "^[[:space:]]*Require local" \
--state "present"
fi

View file

@ -1,6 +1,6 @@
#!/bin/sh -e
#!/bin/sh
#
# 2019 Daniel Tschada
# 2013 Steven Armstrong (steven-cdist armstrong.cc)
#
# This file is part of cdist.
#
@ -18,7 +18,16 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
install="$(cat "$__object/parameter/install")"
state="$(cat "$__object/parameter/state")"
user="$(cat "$__object/parameter/user")"
version="$(cat "$__object/parameter/version")"
destination="/$__object_id"
if [ ! -e "$destination" ]; then
echo none
elif [ -h "$destination" ]; then
echo symlink
elif [ -f "$destination" ]; then
echo file
elif [ -d "$destination" ]; then
echo directory
else
echo unknown
fi

View file

@ -0,0 +1,5 @@
state
group
mode
owner
source

View file

@ -19,34 +19,32 @@
#
#
state_is=$(cat "$__object/explorer/state")
owner_is=$(cat "$__object/explorer/owner")
group_is=$(cat "$__object/explorer/group")
state_is="$(cat "$__object/explorer/state")"
owner_is="$(cat "$__object/explorer/owner")"
group_is="$(cat "$__object/explorer/group")"
state_should=$(cat "$__object/parameter/state")
state_should="$(cat "$__object/parameter/state")"
branch=$(cat "$__object/parameter/branch")
branch="$(cat "$__object/parameter/branch")"
source=$(cat "$__object/parameter/source")
source="$(cat "$__object/parameter/source")"
destination="/$__object_id"
owner=$(cat "$__object/parameter/owner")
group=$(cat "$__object/parameter/group")
mode=$(cat "$__object/parameter/mode")
owner="$(cat "$__object/parameter/owner")"
group="$(cat "$__object/parameter/group")"
mode="$(cat "$__object/parameter/mode")"
[ -f "$__object/parameter/recursive" ] && recursive='--recurse-submodules' || recursive=''
[ -f "$__object/parameter/shallow" ] && shallow='--depth 1 --shallow-submodules' || shallow=''
[ "$state_should" = "$state_is" ] \
&& [ "$owner" = "$owner_is" ] \
&& [ "$group" = "$group_is" ] \
&& [ -n "$mode" ] && exit 0
[ "$state_should" = "$state_is" ] && \
[ "$owner" = "$owner_is" ] && \
[ "$group" = "$group_is" ] && \
[ -n "$mode" ] && exit 0
case $state_should in
present)
if [ "$state_should" != "$state_is" ]; then
echo git clone --quiet "$recursive" "$shallow" --branch "$branch" "$source" "$destination"
echo git clone --quiet --branch "$branch" "$source" "$destination"
fi
if { [ -n "$owner" ] && [ "$owner_is" != "$owner" ]; } || \
{ [ -n "$group" ] && [ "$group_is" != "$group" ]; }; then
@ -56,9 +54,8 @@ case $state_should in
echo chmod -R "$mode" "$destination"
fi
;;
# Handled in manifest
absent)
# Handled in manifest
;;
*)

View file

@ -35,12 +35,6 @@ mode
owner
User to chown to.
recursive
Passes the --recurse-submodules flag to git when cloning the repository.
shallow
Sets --depth=1 and --shallow-submodules for cloning repositories with big history.
EXAMPLES
--------

View file

@ -1,2 +0,0 @@
recursive
shallow

View file

@ -8,16 +8,10 @@ case $os in
debian|devuan)
case $os_version in
8*|jessie)
# Differntation not needed anymore
apt_source_distribution=stable
apt_source_distribution=jessie
;;
9*|ascii/ceres|ascii)
# Differntation not needed anymore
apt_source_distribution=stable
;;
10*)
# Differntation not needed anymore
apt_source_distribution=stable
apt_source_distribution=stretch
;;
*)
echo "Don't know how to install Grafana on $os $os_version. Send us a pull request!" >&2
@ -27,15 +21,16 @@ case $os in
__apt_key_uri grafana \
--name 'Grafana Release Signing Key' \
--uri https://packages.grafana.com/gpg.key
--uri https://packagecloud.io/gpg.key
require="$require __apt_key_uri/grafana" __apt_source grafana \
--uri https://packages.grafana.com/oss/deb \
--uri https://packagecloud.io/grafana/stable/debian/ \
--distribution $apt_source_distribution \
--component main
__package apt-transport-https
require="$require __apt_source/grafana" __apt_update_index
require="$require __package/apt-transport-https __apt_update_index" __package grafana
require="$require __apt_source/grafana __package/apt-transport-https" __package grafana
require="$require __package/grafana" __start_on_boot grafana-server
require="$require __start_on_boot/grafana-server" __process grafana-server --start "service grafana-server start"
;;

View file

@ -1,7 +1,6 @@
#!/bin/sh
#
# 2011-2015 Steven Armstrong (steven-cdist at armstrong.cc)
# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
@ -22,21 +21,7 @@
# Get an existing groups group entry.
#
not_supported() {
echo "Your operating system ($("$__explorer/os")) is currently not supported." >&2
echo "Cannot extract group information." >&2
echo "Please contribute an implementation for it if you can." >&2
exit 1
}
name=$__object_id
if command -v getent >/dev/null
then
getent group "$name" || true
elif [ -f /etc/group ]
then
grep "^${name}:" /etc/group || true
else
not_supported
fi
getent group "$name" || true

View file

@ -1,7 +1,6 @@
#!/bin/sh
#
# 2011-2015 Steven Armstrong (steven-cdist at armstrong.cc)
# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
@ -23,28 +22,13 @@
#
name=$__object_id
os=$("$__explorer/os")
os="$("$__explorer/os")"
not_supported() {
echo "Your operating system ($os) is currently not supported." >&2
echo "Cannot extract group information." >&2
echo "Please contribute an implementation for it if you can." >&2
exit 1
}
case $os in
"freebsd"|"netbsd")
echo "$os does not have getent gshadow" >&2
exit 0
;;
case "$os" in
"freebsd"|"netbsd")
echo "$os does not have getent gshadow"
exit 0
;;
esac
if command -v getent >/dev/null
then
getent gshadow "$name" || true
elif [ -f /etc/gshadow ]
then
grep "^${name}:" /etc/gshadow || true
else
not_supported
fi
getent gshadow "$name" || true

View file

@ -21,4 +21,4 @@
# Check whether system has hostnamectl
#
command -v hostnamectl 2>/dev/null || true
command -v hostnamectl || true

View file

@ -1,6 +1,6 @@
#!/bin/sh -e
#!/bin/sh
#
# 2018-2019 Thomas Eckert (tom at it-eckert.de)
# 2014 Nico Schottelius (nico-cdist at schottelius.org)
#
# This file is part of cdist.
#
@ -16,7 +16,15 @@
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# Retrieve the contents of /etc/hostname
#
if [ -d /etc/apache2/mods-enabled ]; then
ls -1 /etc/apache2/conf-enabled/
# Almost any distribution
if [ -f /etc/hostname ]; then
cat /etc/hostname
# SuSE
elif [ -f /etc/HOSTNAME ]; then
cat /etc/HOSTNAME
fi

View file

@ -1,6 +1,6 @@
#!/bin/sh -e
#!/bin/sh
#
# 2019 Nico Schottelius (nico-cdist at schottelius.org)
# 2014 Nico Schottelius (nico-cdist at schottelius.org)
#
# This file is part of cdist.
#
@ -18,15 +18,9 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# Manage users.
# Retrieve the contents of /etc/hostname
#
os=$(cat "$__global/explorer/os")
case "$os" in
alpine)
__package shadow
;;
*)
:
;;
esac
if [ -f /etc/sysconfig/network ]; then
awk -F= '/^HOSTNAME=/ { print $2 }' /etc/sysconfig/network
fi

View file

@ -1,10 +0,0 @@
#!/bin/sh -e
command -v getconf >/dev/null || exit 0
val=$(getconf HOST_NAME_MAX 2>/dev/null) || exit 0
if test -n "${val}" -a "${val}" != 'undefined'
then
echo "${val}"
fi

View file

@ -2,7 +2,6 @@
#
# 2014-2017 Steven Armstrong (steven-cdist at armstrong.cc)
# 2014 Nico Schottelius (nico-cdist at schottelius.org)
# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
@ -20,81 +19,60 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
os=$(cat "$__global/explorer/os")
name_running=$(cat "$__global/explorer/hostname")
has_hostnamectl=$(cat "$__object/explorer/has_hostnamectl")
if test -s "$__object/parameter/name"
then
name_should=$(cat "$__object/parameter/name")
if [ -f "$__object/parameter/name" ]; then
name_should="$(cat "$__object/parameter/name")"
else
case $os
in
# RedHat-derivatives and BSDs
centos|fedora|redhat|scientific|freebsd|macosx|netbsd|openbsd)
# Hostname is FQDN
name_should="${__target_host}"
;;
*)
# Hostname is only first component of FQDN
name_should="${__target_host%%.*}"
;;
esac
name_should="${__target_host%%.*}"
fi
os=$(cat "$__global/explorer/os")
name_running=$(cat "$__global/explorer/hostname")
name_config=$(cat "$__object/explorer/hostname_file")
name_sysconfig=$(cat "$__object/explorer/hostname_sysconfig")
has_hostnamectl=$(cat "$__object/explorer/has_hostnamectl")
################################################################################
# Check if the (running) hostname is already correct
# If everything is ok -> exit
#
test "$name_running" != "$name_should" || exit 0
case "$os" in
archlinux|debian|suse|ubuntu|devuan|coreos|alpine)
if [ "$name_config" = "$name_should" ] && [ "$name_running" = "$name_should" ]; then
exit 0
fi
;;
scientific|centos|freebsd|openbsd)
if [ "$name_sysconfig" = "$name_should" ] && [ "$name_running" = "$name_should" ]; then
exit 0
fi
;;
*)
echo "Unsupported os: $os" >&2
exit 1
;;
esac
################################################################################
# Setup hostname
#
echo 'changed' >>"$__messages_out"
echo changed >> "$__messages_out"
# Use the good old way to set the hostname.
case $os
in
alpine|debian|devuan|ubuntu)
echo 'hostname -F /etc/hostname'
# Use the good old way to set the hostname even on machines running systemd.
case "$os" in
archlinux|debian|ubuntu|devuan|centos|coreos|alpine)
printf "printf '%%s\\\\n' '$name_should' > /etc/hostname\\n"
echo "hostname -F /etc/hostname"
;;
archlinux)
echo 'command -v hostnamectl >/dev/null 2>&1' \
"&& hostnamectl set-hostname '$name_should'" \
"|| hostname '$name_should'"
;;
centos|fedora|redhat|scientific|freebsd|netbsd|openbsd|gentoo|void)
freebsd|openbsd)
echo "hostname '$name_should'"
;;
macosx)
echo "scutil --set HostName '$name_should'"
;;
solaris)
echo "uname -S '$name_should'"
;;
slackware|suse|opensuse-leap)
# We do not read from /etc/HOSTNAME, because the running
# hostname is the first component only while the file contains
# the FQDN.
suse)
echo "hostname '$name_should'"
;;
*)
# Fall back to set the hostname using hostnamectl, if available.
if test -n "$has_hostnamectl"
then
# Don't use hostnamectl as the primary means to set the hostname for
# systemd systems, because it cannot be trusted to work reliably and
# exit with non-zero when it fails (e.g. hostname too long,
# D-Bus failure, etc.).
echo "hostnamectl set-hostname \"\$(cat /etc/hostname)\""
echo "test \"\$(hostname)\" = \"\$(cat /etc/hostname)\"" \
" || hostname -F /etc/hostname"
else
printf "echo 'Unsupported OS: %s' >&2\nexit 1\n" "$os"
fi
printf "printf '%%s\\\\n' '$name_should' > /etc/HOSTNAME\\n"
;;
esac
if [ "$has_hostnamectl" ]; then
# Allow hostnamectl set-hostname to fail silently.
# Who the fuck invented a tool that needs dbus to set the hostname anyway ...
echo "hostnamectl set-hostname '$name_should' || true"
fi

View file

@ -8,10 +8,7 @@ cdist-type__hostname - Set the hostname
DESCRIPTION
-----------
Sets the hostname on various operating systems.
**Tip:** For advice on choosing a hostname, see
`RFC 1178 <https://tools.ietf.org/html/rfc1178>`_.
Set's the hostname on various operating systems.
REQUIRED PARAMETERS
@ -21,7 +18,7 @@ None.
OPTIONAL PARAMETERS
-------------------
name
The hostname to set. Defaults to the first segment of __target_host
The hostname to set. Defaults to the first segment of __target_host
(${__target_host%%.*})

View file

@ -2,7 +2,6 @@
#
# 2012 Steven Armstrong (steven-cdist at armstrong.cc)
# 2014 Nico Schottelius (nico-cdist at schottelius.org)
# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
@ -20,170 +19,50 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
not_supported() {
echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
echo "Please contribute an implementation for it if you can." >&2
exit 1
}
set_hostname_systemd() {
echo "$1" | __file /etc/hostname --source -
}
os=$(cat "$__global/explorer/os")
os_version=$(cat "$__global/explorer/os_version")
os_major=$(echo "$os_version" | grep -o '^[0-9][0-9]*')
max_len=$(cat "$__object/explorer/max_len")
has_hostnamectl=$(cat "$__object/explorer/has_hostnamectl")
if test -s "$__object/parameter/name"
then
name_should=$(cat "$__object/parameter/name")
if [ -f "$__object/parameter/name" ]; then
name_should="$(cat "$__object/parameter/name")"
else
case $os
in
# RedHat-derivatives and BSDs
centos|fedora|redhat|scientific|freebsd|netbsd|openbsd|slackware)
# Hostname is FQDN
name_should="${__target_host}"
;;
suse|opensuse-leap)
# Classic SuSE stores the FQDN in /etc/HOSTNAME, while
# systemd does not. The running hostname is the first
# component in both cases.
# In versions before 15.x, the FQDN is stored in /etc/hostname.
if test -n "$has_hostnamectl" && test "$os_major" -ge 15 \
&& test "$os_major" -ne 42
then
name_should="${__target_host%%.*}"
else
name_should="${__target_host}"
fi
;;
*)
# Hostname is only first component of FQDN on all other systems.
name_should="${__target_host%%.*}"
;;
case "$os" in
openbsd)
name_should="${__target_host}"
;;
*)
name_should="${__target_host%%.*}"
;;
esac
fi
if test -n "$max_len" && test "$(printf '%s' "$name_should" | wc -c)" -gt "$max_len"
then
printf "Host name too long. Up to %u characters allowed.\n" "${max_len}" >&2
exit 1
fi
case $os
in
alpine|debian|devuan|ubuntu|void)
echo "$name_should" | __file /etc/hostname --source -
;;
archlinux)
if test -n "$has_hostnamectl"
then
set_hostname_systemd "$name_should"
else
echo 'Ancient ArchLinux variants without hostnamectl are not supported.' >&2
exit 1
# Only for ancient ArchLinux, write to /etc/rc.conf on pre-systemd
# versions. There are some versions which use /etc/hostname but not
# systemd. It is unclear which ones these are.
not_supported() {
echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
echo "Please contribute an implementation for it if you can." >&2
exit 1
}
# __key_value '/etc/rc.conf:HOSTNAME' \
# --file /etc/rc.conf \
# --delimiter '=' --exact_delimiter \
# --key 'HOSTNAME' \
# --value "\"$name_should\""
fi
;;
centos|fedora|redhat|scientific)
if test -z "$has_hostnamectl"
then
# Only write to /etc/sysconfig/network on non-systemd versions.
# On systemd-based versions this entry is ignored.
__key_value '/etc/sysconfig/network:HOSTNAME' \
--file /etc/sysconfig/network \
--delimiter '=' --exact_delimiter \
--key HOSTNAME \
--value "\"$name_should\""
else
set_hostname_systemd "$name_should"
fi
;;
gentoo)
# Only write to /etc/conf.d/hostname on OpenRC-based installations.
# On systemd use hostnamectl(1) in gencode-remote.
if test -z "$has_hostnamectl"
then
__key_value '/etc/conf.d/hostname:hostname' \
--file /etc/conf.d/hostname \
--delimiter '=' --exact_delimiter \
--key 'hostname' \
--value "\"$name_should\""
else
set_hostname_systemd "$name_should"
fi
;;
freebsd)
__key_value '/etc/rc.conf:hostname' \
--file /etc/rc.conf \
--delimiter '=' --exact_delimiter \
--key 'hostname' \
--value "\"$name_should\""
;;
macosx)
case "$os" in
archlinux|debian|suse|ubuntu|devuan|coreos|alpine)
# handled in gencode-remote
:
;;
netbsd)
__key_value '/etc/rc.conf:hostname' \
scientific|centos)
__key_value sysconfig-hostname \
--file /etc/sysconfig/network \
--delimiter '=' \
--key HOSTNAME \
--value "$name_should" --exact_delimiter
;;
freebsd)
__key_value rcconf-hostname \
--file /etc/rc.conf \
--delimiter '=' --exact_delimiter \
--delimiter '=' \
--key 'hostname' \
--value "\"$name_should\""
# To avoid confusion, ensure that the hostname is only stored once.
__file /etc/myname --state absent
--value "$name_should"
;;
openbsd)
echo "$name_should" | __file /etc/myname --source -
;;
slackware)
# We write the FQDN into /etc/HOSTNAME. But /etc/rc.d/rc.M will only
# read the first component from this file and set it as the running
# hostname on boot.
echo "$name_should" | __file /etc/HOSTNAME --source -
;;
solaris)
echo "$name_should" | __file /etc/nodename --source -
;;
suse|opensuse-leap)
# Modern SuSE provides /etc/HOSTNAME as a symlink for
# backwards-compatibility. Unfortunately it cannot be used
# here as __file does not follow the symlink.
# Therefore, we use the presence of the hostnamectl binary as
# an indication of which file to use. This unfortunately does
# not work correctly on openSUSE 12.x which provides
# hostnamectl but not /etc/hostname.
if test -n "$has_hostnamectl" -a "$os_major" -gt 12
then
hostname_file='/etc/hostname'
else
hostname_file='/etc/HOSTNAME'
fi
echo "$name_should" | __file "$hostname_file" --source -
;;
*)
# On other operating systems we fall back to systemd's
# hostnamectl if available…
if test -n "$has_hostnamectl"
then
set_hostname_systemd "$name_should"
else
not_supported
fi
not_supported
;;
esac

View file

@ -7,12 +7,6 @@ if [ -z "${certbot_fullpath}" ]; then
os_version="$(cat "${__global}/explorer/os_version")"
case "$os" in
archlinux)
__package certbot
;;
alpine)
__package certbot
;;
debian)
case "$os_version" in
8*)
@ -39,10 +33,6 @@ if [ -z "${certbot_fullpath}" ]; then
require="__apt_source/stretch-backports" __package_apt certbot \
--target-release stretch-backports
;;
10*)
__package_apt certbot
;;
*)
echo "Unsupported OS version: $os_version" >&2
exit 1
@ -72,12 +62,11 @@ if [ -z "${certbot_fullpath}" ]; then
--distribution ascii-backports \
--component main
require="__apt_source/ascii-backports" __package_apt python-certbot \
--target-release ascii-backports
require="__apt_source/ascii-backports" __package_apt certbot \
--target-release ascii-backports
;;
beowulf*)
__package_apt certbot
;;
*)
echo "Unsupported OS version: $os_version" >&2
exit 1

View file

@ -27,10 +27,6 @@ else
name="$__object_id"
fi
# Remove the @.. repo tag for finding out whether it is installed
# f.i. pass@testing => pass
name="$(echo "$name" | sed 's/@.*//')"
if [ "$(apk list -I "$name")" ]; then
echo present
else

View file

@ -34,9 +34,6 @@ case "$type" in
echo 0
fi
;;
alpine)
echo 0
;;
*) echo "Your specified type ($type) is currently not supported." >&2
echo "Please contribute an implementation for it if you can." >&2
;;

View file

@ -26,7 +26,6 @@ else
amazon|scientific|centos|fedora|redhat) echo "yum" ;;
debian|ubuntu|devuan) echo "apt" ;;
archlinux) echo "pacman" ;;
alpine) echo "apk" ;;
*)
echo "Don't know how to manage packages on: $os" >&2
exit 1

View file

@ -47,10 +47,6 @@ case "$type" in
echo "pacman --noprogressbar --sync --refresh"
echo "pacman package database synced (age was: $currage)" >> "$__messages_out"
;;
alpine)
echo "apk update"
echo "apk package database updated."
;;
*)
echo "Don't know how to manage packages for type: $type" >&2
exit 1

View file

@ -1,61 +0,0 @@
cdist-type__podman_compose(7)
=============================
NAME
----
cdist-type__podman_compose - install podman-compose
DESCRIPTION
-----------
Installs podman-compose package.
State 'absent' will not remove podman binary itself,
only podman-compose binary will be removed
REQUIRED PARAMETERS
-------------------
install
defaults to 'pip'
OPTIONAL PARAMETERS
-------------------
state
'present' or 'absent', defaults to 'present'
user
the user who owns the file, defaults to 'root'
BOOLEAN PARAMETERS
------------------
None.
EXAMPLES
--------
.. code-block:: sh
# Install podman-compose
__podman_compose
# Install latest version via pip
__podman_compose --state present --install pip
# Install latest version via pip and change user
__podman_compose --state present --install pip --user root
# Remove podman-compose
__podman_compose --state absent
AUTHORS
-------
Daniel Tschada <mail--@--moep.name>
COPYING
-------
Copyright \(C) 2019 Daniel Tschada. Free use of this software is
granted under the terms of the GNU General Public License version 3 or later (GPLv3+).

View file

@ -1,50 +0,0 @@
#!/bin/sh -e
#
# 2019 Daniel Tschada
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# shellcheck disable=SC2154
# shellcheck disable=SC2034
install="$(cat "$__object/parameter/install")"
state="$(cat "$__object/parameter/state")"
user="$(cat "$__object/parameter/user")"
version="$(cat "$__object/parameter/version")"
# install it with pip
if [ "${install}" = "pip" ]; then
if [ "${state}" = "present" ]; then
__package_pip podman-compose --state present --pip /usr/local/bin/podman-compose --runas "${user}"
elif [ "${state}" = "absent" ]; then
__package_pip podman-compose --state absent
else
if [ "${state}" != "present" ] -a [ "${state}" != "absent" ]; then
echo "Unknown state: ${state}" >&2
exit 1
else
echo "Unknown user: ${user}" >&2
exit 1
fi
fi
else
echo "Unknown user: ${install}" >&2
exit 1
fi

View file

@ -1,4 +0,0 @@
install
state
user
version

View file

@ -1 +0,0 @@
install

View file

@ -1,7 +1,6 @@
#!/bin/sh -e
#
# 2012-2014 Steven Armstrong (steven-cdist at armstrong.cc)
# 2019 Nico Schottelius (nico-cdist at schottelius.org)
#
# This file is part of cdist.
#
@ -23,7 +22,7 @@
os=$(cat "$__global/explorer/os")
case "$os" in
alpine|ubuntu|debian|archlinux|suse|scientific|centos|devuan)
ubuntu|debian|archlinux|suse|scientific|centos|devuan)
__package postfix --state present
;;
*)

View file

@ -22,7 +22,7 @@
os=$("$__explorer/os")
case "$os" in
alpine|ubuntu|debian|archlinux|suse|scientific|centos|devuan)
ubuntu|debian|archlinux|suse|scientific|centos|devuan)
:
;;
*)

View file

@ -1,7 +1,6 @@
#!/bin/sh -e
#
# 2012-2014 Steven Armstrong (steven-cdist at armstrong.cc)
# 2019 Nico Schottelius (nico-cdist at schottelius.org)
#
# This file is part of cdist.
#
@ -22,7 +21,7 @@
os=$(cat "$__global/explorer/os")
case "$os" in
alpine|archlinux|centos|debian|devuan|suse|scientific|ubuntu)
ubuntu|debian|archlinux|suse|scientific|centos|devuan)
:
;;
*)

View file

@ -30,7 +30,6 @@ if [ -f "$__object/parameter/install-from-backports" ]; then
*)
echo "--install-from-backports is only supported on Devuan -- ignoring." >&2
echo "Send a pull request if you require it." >&2
exit 1
;;
esac
else
@ -61,5 +60,5 @@ require="$require __directory/$storage_path $require_pkg" \
__config_file $CONF \
--source "$config" \
--group prometheus --mode 640 \
--onchange "service prometheus-alertmanager restart" # TODO when a config-check tool is available, check config here
--onchange "service prometheus-alertmanager reload" # TODO when a config-check tool is available, check config here

View file

@ -5,11 +5,9 @@ export GOBIN=/opt/gocode/bin # where to find go binaries
exporter="$(cat "$__object/parameter/exporter")"
[ -z "$exporter" ] && exporter="$__object_id"
__user prometheus
require="__user/prometheus" __group prometheus
require="__group/prometheus" __user_groups prometheus --group prometheus
__user prometheus --system
require="__user_groups/prometheus"
require=""
case $exporter in
node)
TEXTFILES=/service/node-exporter/textfiles # path for the textfiles collector

View file

@ -33,13 +33,11 @@ if [ -f "$__object/parameter/install-from-backports" ]; then
*)
echo "--install-from-backports is only supported on Devuan -- ignoring." >&2
echo "Send a pull request if you require it." >&2
exit 1
;;
esac
else
__package prometheus
__package prometheus-blackbox-exporter
require_pkg="__package/prometheus __package/prometheus-blackbox-exporter"
require_pkg="__package/prometheus"
fi
##### PREPARE PATHS AND SUCH ################################################
@ -60,7 +58,7 @@ require="$require __directory/$storage_path $require_pkg" \
__config_file $CONF \
--source "$config" \
--group prometheus --mode 640 \
--onchange "promtool check config $CONF && service prometheus restart"
--onchange "promtool check config $CONF && service prometheus reload"
for file in $rule_files; do
dest=$CONF_DIR/$(basename "$file")
@ -68,6 +66,6 @@ for file in $rule_files; do
__config_file "$dest" \
--source "$file" \
--owner prometheus \
--onchange "promtool check rules '$dest' && service prometheus restart"
--onchange "promtool check rules '$dest' && service prometheus reload"
done

View file

@ -1,131 +0,0 @@
#!/bin/sh -e
#
# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# Check if the given editor is present on the target system and determine its
# absolute path.
#
die() {
echo "$@" >&2
exit 1
}
editor_missing() { die "Editor '$1' is missing on the target system."; }
editor_no_alternative() {
die "Editor '$1' is not in the alternatives list of the target system." \
"$(test -n "${editors}" && printf '\nPlease choose one of:\n\n%s\n' "${editors}")"
}
# No need to check for the path if the file is supposed to be removed.
test "$(cat "${__object}/parameter/state")" != 'absent' || exit 0
case $("${__explorer}/os")
in
debian|devuan|ubuntu)
has_alternatives=true
# NOTE: Old versions do not support `--list`, in this case ignore the errors.
# This will require an absolute path to be provided, though.
editors=$(update-alternatives --list editor 2>/dev/null)
;;
*)
# NOTE: RedHat has an alternatives system but it doesn't usually track
# editors and it is a pain to extract the list.
has_alternatives=false
;;
esac
# Read --editor parameter and check its value since it is "optional"
editor=$(cat "${__object}/parameter/editor" 2>/dev/null) || true
test -n "${editor}" || die 'Please provide an --editor to configure.'
case $editor
in
/*)
is_abspath=true
;;
*/*)
die 'Relative editor paths are not supported'
;;
*)
is_abspath=false
;;
esac
if $has_alternatives && test -n "${editors}"
then
IFS='
'
if ! $is_abspath
then
# First, try to resolve the absolute path using $editors.
while true
do
for e in $editors
do
if test "$(basename "${e}")" = "${editor}"
then
editor="${e}"
break 2 # break out of both loops
fi
done
# Iterating through alternatives did not yield a result
editor_no_alternative "${editor}"
break
done
fi
# Check if editor is present
test -f "${editor}" || editor_missing "${editor}"
for e in $editors
do
if test "${editor}" = "${e}"
then
# Editor is part of the alternatives list -> use it!
echo "${editor}"
exit 0
fi
done
editor_no_alternative "${editor}"
else
# NOTE: This branch is mostly for RedHat-based systems which do
# not track editor alternatives. To make this type useful
# on RedHat at all we allow an absoloute path to be provided
# in any case.
if $is_abspath
then
test -x "${editor}" || editor_missing "${editor}"
echo "${editor}"
exit 0
else
die "The target doesn't list any editor alternatives. " \
"Please specify an absolute path or populate the alternatives list."
fi
fi
# The script should never reach this statement!
exit 1

View file

@ -1,26 +0,0 @@
#!/bin/sh -e
#
# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# Determines the primary group of the user.
#
user=$__object_id
id -gn "${user}" 2>/dev/null

View file

@ -1,33 +0,0 @@
#!/bin/sh -e
#
# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# Determines the home folder of the target user.
#
user=$__object_id
home=$(getent passwd "${user}" | cut -d':' -f6)
if ! test -d "${home}"
then
echo "Cannot find home directory of user ${user}" >&2
exit 1
fi
echo "${home}"

View file

@ -1,78 +0,0 @@
cdist-type__sensible_editor(7)
==============================
NAME
----
cdist-type__sensible_editor - Select the sensible-editor
DESCRIPTION
-----------
This cdist type allows you to select the :strong:`sensible-editor` for
a given user.
REQUIRED PARAMETERS
-------------------
editor
Name or path of the editor to be selected.
On systems other than Debian derivatives an absolute path is required.
It is permissible to omit this parameter if --state is absent.
OPTIONAL PARAMETERS
-------------------
state
'present', 'absent', or 'exists'. Defaults to 'present', where:
present
the sensible-editor is exactly what is specified in --editor.
absent
no sensible-editor configuration is present.
exists
the sensible-editor will be set to what is specified in --editor,
unless there already is a configuration on the target system.
EXAMPLES
--------
.. code-block:: sh
__sensible_editor root --editor /bin/ed # ed(1) is the standard
__sensible_editor noob --editor nano
LIMITATIONS
-----------
This type depends upon the :strong:`sensible-editor`\ (1) script which
is part of the sensible-utils package.
Therefore, the following operating systems are supported:
* Debian 8 (jessie) or later
* Devuan
* Ubuntu 8.10 (intrepid) or later
* RHEL/CentOS 7 or later (EPEL repo required)
* Fedora 21 or later
Note: on old versions of Ubuntu the sensible-* utils are part of the
debianutils package.
SEE ALSO
--------
:strong:`select-editor`\ (1), :strong:`sensible-editor`\ (1).
AUTHOR
-------
Dennis Camera <dennis.camera--@--ssrq-sds-fds.ch>
COPYING
-------
Copyright \(C) 2019 Dennis Camera.
You can redistribute it and/or modify it under the terms of the GNU General
Public License as published by the Free Software Foundation, either version 3 of
the License, or (at your option) any later version.

View file

@ -1,94 +0,0 @@
#!/bin/sh -e
# -*- mode: sh; indent-tabs-mode: t -*-
#
# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
version_ge() {
awk -F '[^0-9.]' -v target="${1:?}" '
function max(x, y) { return x > y ? x : y; }
BEGIN {
getline;
nx = split($1, x, ".");
ny = split(target, y, ".");
for (i = 1; i <= max(nx, ny); ++i) {
diff = int(x[i]) - int(y[i]);
if (diff < 0) exit 1;
else if (diff > 0) exit 0;
else continue;
}
}'
}
not_supported() {
echo "OS ${os} does not support __sensible_editor." >&2
echo 'If it does, please provide a patch.' >&2
exit 1
}
os=$(cat "${__global}/explorer/os")
os_version=$(cat "${__global}/explorer/os_version")
state=$(cat "${__object}/parameter/state")
user=$__object_id
if test "${state}" != 'present' && test "${state}" != 'exists' && test "${state}" != 'absent'
then
echo 'Only "present", "exists", and "absent" are allowed for --state' >&2
exit 1
fi
package_name='sensible-utils'
case $os
in
debian)
pkg_type='apt'
;;
devuan)
pkg_type='apt'
;;
ubuntu)
(echo "${os_version}" | version_ge 10.04) || package_name='debianutils'
pkg_type='apt'
;;
centos|fedora|redhat|scientific)
pkg_type='yum'
;;
*)
not_supported
;;
esac
if test "${state}" != 'absent'
then
__package "${package_name}" --state present \
--type "${pkg_type}"
export require="__package/${package_name}"
fi
editor_path=$(cat "${__object}/explorer/editor_path")
user_home=$(cat "${__object}/explorer/user_home")
group=$(cat "${__object}/explorer/group")
__file "${user_home}/.selected_editor" --state "${state}" \
--owner "${user}" --group "${group}" --mode 0644 \
--source - <<EOF
# Managed by cdist
SELECTED_EDITOR="${editor_path}"
EOF

View file

@ -1,2 +0,0 @@
editor
state

View file

@ -1,7 +1,6 @@
#!/bin/sh
#
# 2014 Steven Armstrong (steven-cdist at armstrong.cc)
# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
@ -20,42 +19,9 @@
#
if [ -f "$__object/parameter/file" ]; then
cat "$__object/parameter/file"
cat "$__object/parameter/file"
else
if [ -s "$__object/parameter/owner" ]
then
owner=$(cat "$__object/parameter/owner")
else
owner="$__object_id"
fi
if command -v getent >/dev/null
then
owner_line=$(getent passwd "$owner")
elif [ -f /etc/passwd ]
then
case $owner
in
[0-9][0-9]*)
owner_line=$(awk -F: "\$3 == \"${owner}\" { print }" /etc/passwd)
;;
*)
owner_line=$(awk -F: "\$1 == \"${owner}\" { print }" /etc/passwd)
;;
esac
fi
if [ "$owner_line" ]
then
home=$(echo "$owner_line" | cut -d':' -f6)
fi
if [ ! -d "$home" ]
then
# Don't know how to determine user's home directory, fall back to ~
home="~$owner"
command -v realpath >/dev/null && home=$(realpath "$home")
fi
[ -d "$home" ] && echo "$home/.ssh/authorized_keys"
owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")"
home=$(getent passwd "$owner" | cut -d':' -f 6)
echo "$home/.ssh/authorized_keys"
fi

View file

@ -1,7 +1,6 @@
#!/bin/sh
#
# 2014 Steven Armstrong (steven-cdist at armstrong.cc)
# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
@ -19,28 +18,6 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
if [ -s "$__object/parameter/owner" ]
then
owner=$(cat "$__object/parameter/owner")
else
owner="$__object_id"
fi
if command -v getent >/dev/null
then
gid=$(getent passwd "$owner" | cut -d':' -f4)
getent group "$gid" || true
else
# Fallback to local file scanning
case $owner
in
[0-9][0-9]*)
gid=$(awk -F: "\$3 == \"${owner}\" { print \$4 }" /etc/passwd)
;;
*)
gid=$(awk -F: "\$1 == \"${owner}\" { print \$4 }" /etc/passwd)
;;
esac
awk -F: "\$3 == \"$gid\" { print }" /etc/group
fi
owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")"
gid="$(getent passwd "$owner" | cut -d':' -f 4)"
getent group "$gid" || true

View file

@ -23,12 +23,6 @@ owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")"
state="$(cat "$__object/parameter/state" 2>/dev/null)"
file="$(cat "$__object/explorer/file")"
if [ ! -f "$__object/parameter/nofile" ] && [ -z "$file" ]
then
echo "Cannot determine path of authorized_keys file" >&2
exit 1
fi
if [ ! -f "$__object/parameter/noparent" ] || [ ! -f "$__object/parameter/nofile" ]; then
group="$(cut -d':' -f 1 "$__object/explorer/group")"
if [ -z "$group" ]; then

View file

@ -1,7 +1,6 @@
#!/bin/sh
#
# 2014 Steven Armstrong (steven-cdist at armstrong.cc)
# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
@ -19,11 +18,5 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
gid=$("$__type_explorer/passwd" | cut -d':' -f4)
if command -v getent >/dev/null
then
getent group "$gid" || true
else
awk -F: "\$3 == \"$gid\" { print }" /etc/group
fi
gid="$("$__type_explorer/passwd" | cut -d':' -f 4)"
getent group "$gid" || true

View file

@ -2,7 +2,6 @@
#
# 2012 Steven Armstrong (steven-cdist at armstrong.cc)
# 2014 Nico Schottelius (nico-cdist at schottelius.org)
# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
@ -22,16 +21,4 @@
owner="$__object_id"
if command -v getent >/dev/null
then
getent passwd "$owner" || true
else
case $owner in
[0-9][0-9]*)
awk -F: "\$3 == \"$owner\" { print }" /etc/passwd
;;
*)
grep "^$owner:" /etc/passwd || true
;;
esac
fi
getent passwd "$owner" || true

View file

@ -2,7 +2,6 @@
#
# 2014 Steven Armstrong (steven-cdist at armstrong.cc)
# 2018 Takashi Yoshi (takashi at yoshi.email)
# 2019 Nico Schottelius (nico-cdist at schottelius.org)
#
# This file is part of cdist.
#
@ -25,7 +24,7 @@ os=$(cat "$__global/explorer/os")
case "$os" in
# Linux
alpine|redhat|centos|ubuntu|debian|devuan|archlinux|coreos)
redhat|centos|ubuntu|debian|devuan|archlinux|coreos)
:
;;
# BSD

View file

@ -23,9 +23,11 @@
if [ -f "$__object/parameter/gid" ]; then
gid=$(cat "$__object/parameter/gid")
if command -v getent >/dev/null; then
getent group "$gid" || true
getent=$(command -v getent)
if [ X != X"${getent}" ]; then
"${getent}" group "$gid" || true
elif [ -f /etc/group ]; then
grep -E "^(${gid}|([^:]+:){2}${gid}):" /etc/group || true
fi
fi

View file

@ -23,8 +23,9 @@
name=$__object_id
if command -v getent >/dev/null; then
getent passwd "$name" || true
getent=$(command -v getent)
if [ X != X"${getent}" ]; then
"${getent}" passwd "$name" || true
elif [ -f /etc/passwd ]; then
grep "^${name}:" /etc/passwd || true
fi

View file

@ -1,4 +1,4 @@
#!/bin/sh -e
#!/bin/sh
#
# 2011 Steven Armstrong (steven-cdist at armstrong.cc)
#
@ -22,19 +22,18 @@
#
name=$__object_id
os="$("$__explorer/os")"
# Default to using shadow passwords
database="shadow"
case $("$__explorer/os") in
'freebsd'|'netbsd'|'openbsd')
database='passwd'
;;
# Default to using shadow passwords
*)
database='shadow'
;;
case "$os" in
"freebsd"|"netbsd"|"openbsd") database="passwd";;
esac
if command -v getent >/dev/null; then
getent "$database" "$name" || true
getent=$(command -v getent)
if [ X != X"${getent}" ]; then
"${getent}" "$database" "$name" || true
elif [ -f /etc/shadow ]; then
grep "^${name}:" /etc/shadow || true
fi

View file

@ -1,5 +0,0 @@
#!/bin/sh -e
if [ -d /etc/apache2/mods-enabled ]; then
/usr/sbin/apachectl -t -D DUMP_MODULES | awk '/.*_module/ { gsub(/_module.*$/, ""); gsub(/^ /, ""); print }'
fi

View file

@ -1,56 +0,0 @@
#!/bin/sh -e
#
# 2018-2019 Thomas Eckert (tom at it-eckert.de)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
state=$(cat "$__object/parameter/state")
os=$(cat "$__global/explorer/os")
case "$os" in
debian|ubuntu)
:
;;
*)
echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
echo "Please contribute an implementation for it if you can." >&2
exit 1
;;
esac
if [ "$state" = "present" ]; then
if ! grep -q ^rewrite "$__object/explorer/active-modules"; then
echo "a2enmod rewrite >/dev/null"
echo "mod:rewrite enabled" >> "$__messages_out"
fi
if ! grep -q "^cgi$" "$__object/explorer/active-modules"; then
echo "a2enmod cgi >/dev/null"
echo "mod:cgi enabled" >> "$__messages_out"
fi
if ! grep -q ^xymon.conf "$__object/explorer/active-conf"; then
echo "a2enconf xymon >/dev/null"
echo "conf:xymon enabled" >> "$__messages_out"
fi
fi
if grep -q "^mod:.* enabled" "$__messages_out"; then
echo "systemctl restart apache2.service"
echo "apache restarted" >> "$__messages_out"
elif grep -q "^conf:xymon enabled" "$__messages_out"; then
echo "systemctl reload apache2.service"
echo "apache reloaded" >> "$__messages_out"
fi

View file

@ -1,79 +0,0 @@
cdist-type__xymon_apache(7)
===========================
NAME
----
cdist-type__xymon_apache - Configure apache2-webserver for Xymon
DESCRIPTION
-----------
This cdist type installs and configures apache2 to be used "exclusively" (in
the sense that no other use is taken care of) with Xymon (the systems and
network monitor).
It depends on `__xymon_server`.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
state
'present', 'absent', defaults to 'present'.
ipacl
IP(-ranges) that have access to the Xymon webpages and CGIs. Apache2-style
syntax suitable for `Require ip ...`. Example: `192.168.1.0/24 10.0.0.0/8`
MESSAGES
--------
mod:rewrite enabled
apache module enabled
conf:xymon enabled
apache config for xymon enabled
apache restarted
apache2.service was reloaded
apache reloaded
apache2.service was restarted
EXPLORERS
---------
active-conf
lists apache2 `conf-enabled`
active-modules
lists active apache2-modules
EXAMPLES
--------
.. code-block:: sh
# minmal, only localhost-access:
__xymon_apache
# allow more IPs to access the Xymon-webinterface:
__xymon_apache --ipacl "192.168.0.0/16 10.0.0.0/8" --state "present"
SEE ALSO
--------
:strong:`cdist__xymon_server`\ (7)
AUTHORS
-------
Thomas Eckert <tom--@--it-eckert.de>
COPYING
-------
Copyright \(C) 2018-2019 Thomas Eckert. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -1 +0,0 @@
present

View file

@ -1,2 +0,0 @@
state
ipacl

View file

@ -1,28 +0,0 @@
#!/bin/sh -e
#
# 2018-2019 Thomas Eckert (tom at it-eckert.de)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
servers=$(cat "$__object/parameter/servers")
if grep -q ^__key_value/CLIENTHOSTNAME "$__messages_in" || grep -q ^__key_value/XYMONSERVERS "$__messages_in" ; then
echo "systemctl restart xymon-client"
echo "restarted" >> "$__messages_out"
cat <<-EOT
echo "xymon-client xymon-client/XYMONSERVERS string $servers" | debconf-set-selections
EOT
fi

View file

@ -1,66 +0,0 @@
cdist-type__xymon_client(7)
===========================
NAME
----
cdist-type__xymon_client - Install the Xymon client
DESCRIPTION
-----------
This cdist type installs the Xymon client and configures it to report with
FQDN.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
state
'present', 'absent', defaults to 'present'.
servers
One or more IP addresses (space separated) of the Xymon server(s) to report
to. While DNS-names are ok it is discouraged, defaults to 127.0.0.1.
BOOLEAN PARAMETERS
------------------
msgcache
Enable xymon `msgcache`. Note: XYMONSERVER has to be `127.0.0.1` for using
`msgcache` (see `msgcache (8)` of the xymon documentation for details).
EXAMPLES
--------
.. code-block:: sh
# minimal, report to 127.0.0.1
__xymon_client
# specify server:
__xymon_client --servers "192.168.1.1"
# activate `msgcache` for passive client:
__xymon_client --msgcache
SEE ALSO
--------
:strong:`cdist__xymon_server`\ (7), :strong:`xymon`\ (7), :strong:`msgcache`\ (8)
AUTHORS
-------
Thomas Eckert <tom--@--it-eckert.de>
COPYING
-------
Copyright \(C) 2018-2019 Thomas Eckert. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -1,54 +0,0 @@
#!/bin/sh -e
#
# 2018-2019 Thomas Eckert (tom at it-eckert.de)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
state=$(cat "$__object/parameter/state")
servers=$(cat "$__object/parameter/servers")
os=$(cat "$__global/explorer/os")
case "$os" in
debian|ubuntu)
:
;;
*)
echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
echo "Please contribute an implementation for it if you can." >&2
exit 1
;;
esac
__package xymon-client --state "$state"
if [ -f "$__object/parameter/msgcache" ]; then
require="__package/xymon-client" __line /etc/xymon/clientlaunch.cfg \
--regex DISABLED --state absent
fi
require="__package/xymon-client" __key_value CLIENTHOSTNAME \
--file /etc/default/xymon-client \
--value "'$__target_hostname'" \
--delimiter '=' \
--state "$state"
require="__package/xymon-client" __key_value XYMONSERVERS \
--file /etc/default/xymon-client \
--value "'$servers'" \
--delimiter '=' \
--state "$state"
## CLI-usage often requires a shell:
require="__package/xymon-client" __user xymon --shell "/bin/bash" --state "$state"

View file

@ -1 +0,0 @@
msgcache

View file

@ -1 +0,0 @@
127.0.0.1

View file

@ -1 +0,0 @@
present

View file

@ -1,2 +0,0 @@
state
servers

Some files were not shown because too many files have changed in this diff Show more