forked from ungleich-public/cdist
Merge branch 'master' into 2.1
Conflicts: conf/type/__package/man.text conf/type/__package_apt/man.text conf/type/__package_luarocks/gencode-remote conf/type/__package_luarocks/man.text conf/type/__package_pacman/gencode-remote conf/type/__package_pacman/man.text conf/type/__package_pkg_openbsd/gencode-remote conf/type/__package_pkg_openbsd/man.text conf/type/__package_rubygem/gencode-remote conf/type/__package_rubygem/man.text conf/type/__package_yum/gencode-remote conf/type/__package_yum/man.text Signed-off-by: Nico Schottelius <nico@brief.schottelius.org>
This commit is contained in:
commit
410e0ba8fa
62 changed files with 520 additions and 50 deletions
2
README
2
README
|
@ -350,4 +350,4 @@ with cdist on more than **60** production machines of the
|
||||||
|
|
||||||
The CBRG is managing most of their compute clusters with cdist.
|
The CBRG is managing most of their compute clusters with cdist.
|
||||||
|
|
||||||
|
[[!tag cdist unix]]
|
||||||
|
|
|
@ -16,8 +16,7 @@ It dispatches the actual work to the package system dependant types.
|
||||||
|
|
||||||
REQUIRED PARAMETERS
|
REQUIRED PARAMETERS
|
||||||
-------------------
|
-------------------
|
||||||
state::
|
None
|
||||||
The state the package should be in, either "present" or "absent"
|
|
||||||
|
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
OPTIONAL PARAMETERS
|
||||||
|
@ -34,6 +33,9 @@ type::
|
||||||
e.g. __package_apt for Debian
|
e.g. __package_apt for Debian
|
||||||
__package_emerge for Gentoo
|
__package_emerge for Gentoo
|
||||||
|
|
||||||
|
state::
|
||||||
|
The state the package should be in, either "present" or "absent"
|
||||||
|
|
||||||
|
|
||||||
EXAMPLES
|
EXAMPLES
|
||||||
--------
|
--------
|
||||||
|
|
|
@ -2,3 +2,4 @@ name
|
||||||
version
|
version
|
||||||
type
|
type
|
||||||
pkgsite
|
pkgsite
|
||||||
|
state
|
||||||
|
|
|
@ -27,7 +27,11 @@ else
|
||||||
name="$__object_id"
|
name="$__object_id"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ -f "$__object/parameter/state" ]; then
|
||||||
state_should="$(cat "$__object/parameter/state")"
|
state_should="$(cat "$__object/parameter/state")"
|
||||||
|
else
|
||||||
|
state_should="present"
|
||||||
|
fi
|
||||||
|
|
||||||
# FIXME: use grep directly, state is a list, not a line!
|
# FIXME: use grep directly, state is a list, not a line!
|
||||||
state_is="$(cat "$__object/explorer/state")"
|
state_is="$(cat "$__object/explorer/state")"
|
||||||
|
|
|
@ -16,8 +16,7 @@ manage packages.
|
||||||
|
|
||||||
REQUIRED PARAMETERS
|
REQUIRED PARAMETERS
|
||||||
-------------------
|
-------------------
|
||||||
state::
|
None
|
||||||
The state the package should be in, either "present" or "absent"
|
|
||||||
|
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
OPTIONAL PARAMETERS
|
||||||
|
@ -25,6 +24,9 @@ OPTIONAL PARAMETERS
|
||||||
name::
|
name::
|
||||||
If supplied, use the name and not the object id as the package name.
|
If supplied, use the name and not the object id as the package name.
|
||||||
|
|
||||||
|
state::
|
||||||
|
The state the package should be in, either "present" or "absent"
|
||||||
|
|
||||||
|
|
||||||
EXAMPLES
|
EXAMPLES
|
||||||
--------
|
--------
|
||||||
|
|
|
@ -1,2 +1,3 @@
|
||||||
name
|
name
|
||||||
version
|
version
|
||||||
|
state
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
state
|
|
|
@ -29,7 +29,11 @@ else
|
||||||
name="$__object_id"
|
name="$__object_id"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ -f "$__object/parameter/state" ]; then
|
||||||
state_should="$(cat "$__object/parameter/state")"
|
state_should="$(cat "$__object/parameter/state")"
|
||||||
|
else
|
||||||
|
state_should="present"
|
||||||
|
fi
|
||||||
|
|
||||||
if grep -q "(installed)" "$__object/explorer/pkg_status"; then
|
if grep -q "(installed)" "$__object/explorer/pkg_status"; then
|
||||||
state_is="present"
|
state_is="present"
|
||||||
|
|
|
@ -15,8 +15,7 @@ LuaRocks is a deployment and management system for Lua modules.
|
||||||
|
|
||||||
REQUIRED PARAMETERS
|
REQUIRED PARAMETERS
|
||||||
-------------------
|
-------------------
|
||||||
state::
|
None
|
||||||
The state the package should be in, either "present" or "absent"
|
|
||||||
|
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
OPTIONAL PARAMETERS
|
||||||
|
@ -24,6 +23,9 @@ OPTIONAL PARAMETERS
|
||||||
name::
|
name::
|
||||||
If supplied, use the name and not the object id as the package name.
|
If supplied, use the name and not the object id as the package name.
|
||||||
|
|
||||||
|
state::
|
||||||
|
The state the package should be in, either "present" or "absent"
|
||||||
|
|
||||||
|
|
||||||
EXAMPLES
|
EXAMPLES
|
||||||
--------
|
--------
|
||||||
|
|
|
@ -1 +1,2 @@
|
||||||
name
|
name
|
||||||
|
state
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
state
|
|
|
@ -28,7 +28,12 @@ else
|
||||||
name="$__object_id"
|
name="$__object_id"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ -f "$__object/parameter/state" ]; then
|
||||||
state_should="$(cat "$__object/parameter/state")"
|
state_should="$(cat "$__object/parameter/state")"
|
||||||
|
else
|
||||||
|
state_should="present"
|
||||||
|
fi
|
||||||
|
|
||||||
state_is="$(cat "$__object/explorer/pkg_status")"
|
state_is="$(cat "$__object/explorer/pkg_status")"
|
||||||
case "$state_is" in
|
case "$state_is" in
|
||||||
absent*)
|
absent*)
|
||||||
|
|
|
@ -15,8 +15,7 @@ opkg is usually used on OpenWRT to manage packages.
|
||||||
|
|
||||||
REQUIRED PARAMETERS
|
REQUIRED PARAMETERS
|
||||||
-------------------
|
-------------------
|
||||||
state::
|
None
|
||||||
The state the package should be in, either "present" or "absent"
|
|
||||||
|
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
OPTIONAL PARAMETERS
|
||||||
|
@ -24,6 +23,9 @@ OPTIONAL PARAMETERS
|
||||||
name::
|
name::
|
||||||
If supplied, use the name and not the object id as the package name.
|
If supplied, use the name and not the object id as the package name.
|
||||||
|
|
||||||
|
state::
|
||||||
|
The state the package should be in, either "present" or "absent"
|
||||||
|
|
||||||
|
|
||||||
EXAMPLES
|
EXAMPLES
|
||||||
--------
|
--------
|
||||||
|
|
|
@ -1 +1,2 @@
|
||||||
name
|
name
|
||||||
|
state
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
state
|
|
|
@ -31,7 +31,11 @@ else
|
||||||
name="$__object_id"
|
name="$__object_id"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ -f "$__object/parameter/state" ]; then
|
||||||
state_should="$(cat "$__object/parameter/state")"
|
state_should="$(cat "$__object/parameter/state")"
|
||||||
|
else
|
||||||
|
state_should="present"
|
||||||
|
fi
|
||||||
|
|
||||||
pkg_version="$(cat "$__object/explorer/pkg_version")"
|
pkg_version="$(cat "$__object/explorer/pkg_version")"
|
||||||
if [ -z "$pkg_version" ]; then
|
if [ -z "$pkg_version" ]; then
|
||||||
|
|
|
@ -16,8 +16,7 @@ packages.
|
||||||
|
|
||||||
REQUIRED PARAMETERS
|
REQUIRED PARAMETERS
|
||||||
-------------------
|
-------------------
|
||||||
state::
|
None
|
||||||
The state the package should be in, either "present" or "absent"
|
|
||||||
|
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
OPTIONAL PARAMETERS
|
||||||
|
@ -25,6 +24,9 @@ OPTIONAL PARAMETERS
|
||||||
name::
|
name::
|
||||||
If supplied, use the name and not the object id as the package name.
|
If supplied, use the name and not the object id as the package name.
|
||||||
|
|
||||||
|
state::
|
||||||
|
The state the package should be in, either "present" or "absent"
|
||||||
|
|
||||||
|
|
||||||
EXAMPLES
|
EXAMPLES
|
||||||
--------
|
--------
|
||||||
|
|
|
@ -1 +1,2 @@
|
||||||
name
|
name
|
||||||
|
state
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
state
|
|
|
@ -22,7 +22,11 @@
|
||||||
#
|
#
|
||||||
|
|
||||||
state_is=$(cat "$__object/explorer/state")
|
state_is=$(cat "$__object/explorer/state")
|
||||||
state_should=$(cat "$__object/parameter/state")
|
if [ -f "$__object/parameter/state" ]; then
|
||||||
|
state_should="$(cat "$__object/parameter/state")"
|
||||||
|
else
|
||||||
|
state_should="present"
|
||||||
|
fi
|
||||||
|
|
||||||
[ "$state_is" = "$state_should" ] && exit 0
|
[ "$state_is" = "$state_should" ] && exit 0
|
||||||
|
|
||||||
|
|
|
@ -16,8 +16,7 @@ It is also included in the python virtualenv environment.
|
||||||
|
|
||||||
REQUIRED PARAMETERS
|
REQUIRED PARAMETERS
|
||||||
-------------------
|
-------------------
|
||||||
state::
|
None
|
||||||
Either "present" or "absent".
|
|
||||||
|
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
OPTIONAL PARAMETERS
|
||||||
|
@ -28,6 +27,9 @@ name::
|
||||||
pip::
|
pip::
|
||||||
Instead of using pip from PATH, use the specific pip path.
|
Instead of using pip from PATH, use the specific pip path.
|
||||||
|
|
||||||
|
state::
|
||||||
|
Either "present" or "absent".
|
||||||
|
|
||||||
|
|
||||||
EXAMPLES
|
EXAMPLES
|
||||||
--------
|
--------
|
||||||
|
|
|
@ -1 +1,2 @@
|
||||||
pip
|
pip
|
||||||
|
state
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
state
|
|
|
@ -63,7 +63,11 @@ if [ -f "$__object/parameter/pkgsite" ]; then
|
||||||
pkgsite="$(cat "$__object/parameter/pkgsite")"
|
pkgsite="$(cat "$__object/parameter/pkgsite")"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ -f "$__object/parameter/state" ]; then
|
||||||
state="$(cat "$__object/parameter/state")"
|
state="$(cat "$__object/parameter/state")"
|
||||||
|
else
|
||||||
|
state="present"
|
||||||
|
fi
|
||||||
curr_version="$(cat "$__object/explorer/pkg_version")"
|
curr_version="$(cat "$__object/explorer/pkg_version")"
|
||||||
add_cmd="pkg_add"
|
add_cmd="pkg_add"
|
||||||
rm_cmd="pkg_delete"
|
rm_cmd="pkg_delete"
|
||||||
|
|
|
@ -15,8 +15,7 @@ This type is usually used on FreeBSD to manage packages.
|
||||||
|
|
||||||
REQUIRED PARAMETERS
|
REQUIRED PARAMETERS
|
||||||
-------------------
|
-------------------
|
||||||
state::
|
None
|
||||||
Either "present" or "absent".
|
|
||||||
|
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
OPTIONAL PARAMETERS
|
||||||
|
@ -33,6 +32,9 @@ version::
|
||||||
pkgsite::
|
pkgsite::
|
||||||
If supplied, use to install from a specific package repository.
|
If supplied, use to install from a specific package repository.
|
||||||
|
|
||||||
|
state::
|
||||||
|
Either "present" or "absent".
|
||||||
|
|
||||||
|
|
||||||
EXAMPLES
|
EXAMPLES
|
||||||
--------
|
--------
|
||||||
|
|
|
@ -2,3 +2,4 @@ name
|
||||||
flavor
|
flavor
|
||||||
version
|
version
|
||||||
pkgsite
|
pkgsite
|
||||||
|
state
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
state
|
|
|
@ -42,7 +42,11 @@ else
|
||||||
name="$__object_id"
|
name="$__object_id"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ -f "$__object/parameter/state" ]; then
|
||||||
state_should="$(cat "$__object/parameter/state")"
|
state_should="$(cat "$__object/parameter/state")"
|
||||||
|
else
|
||||||
|
state_should="present"
|
||||||
|
fi
|
||||||
|
|
||||||
pkg_version="$(cat "$__object/explorer/pkg_version")"
|
pkg_version="$(cat "$__object/explorer/pkg_version")"
|
||||||
|
|
||||||
|
|
|
@ -15,8 +15,7 @@ This type is usually used on OpenBSD to manage packages.
|
||||||
|
|
||||||
REQUIRED PARAMETERS
|
REQUIRED PARAMETERS
|
||||||
-------------------
|
-------------------
|
||||||
state::
|
None
|
||||||
The state the package should be in, either "present" or "absent"
|
|
||||||
|
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
OPTIONAL PARAMETERS
|
||||||
|
@ -27,6 +26,9 @@ name::
|
||||||
flavor::
|
flavor::
|
||||||
If supplied, use to avoid ambiguity.
|
If supplied, use to avoid ambiguity.
|
||||||
|
|
||||||
|
state::
|
||||||
|
The state the package should be in, either "present" or "absent"
|
||||||
|
|
||||||
|
|
||||||
EXAMPLES
|
EXAMPLES
|
||||||
--------
|
--------
|
||||||
|
|
|
@ -1,2 +1,3 @@
|
||||||
name
|
name
|
||||||
flavor
|
flavor
|
||||||
|
state
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
state
|
|
|
@ -27,7 +27,11 @@ else
|
||||||
name="$__object_id"
|
name="$__object_id"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ -f "$__object/parameter/state" ]; then
|
||||||
state_should="$(cat "$__object/parameter/state")"
|
state_should="$(cat "$__object/parameter/state")"
|
||||||
|
else
|
||||||
|
state_should="present"
|
||||||
|
fi
|
||||||
|
|
||||||
if grep -q true "$__object/explorer/pkg_status"; then
|
if grep -q true "$__object/explorer/pkg_status"; then
|
||||||
state_is="present"
|
state_is="present"
|
||||||
|
|
|
@ -15,8 +15,7 @@ Rubygems is the default package management system for the Ruby programming langu
|
||||||
|
|
||||||
REQUIRED PARAMETERS
|
REQUIRED PARAMETERS
|
||||||
-------------------
|
-------------------
|
||||||
state::
|
None
|
||||||
The state the package should be in, either "present" or "absent"
|
|
||||||
|
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
OPTIONAL PARAMETERS
|
||||||
|
@ -24,6 +23,9 @@ OPTIONAL PARAMETERS
|
||||||
name::
|
name::
|
||||||
If supplied, use the name and not the object id as the package name.
|
If supplied, use the name and not the object id as the package name.
|
||||||
|
|
||||||
|
state::
|
||||||
|
The state the package should be in, either "present" or "absent"
|
||||||
|
|
||||||
|
|
||||||
EXAMPLES
|
EXAMPLES
|
||||||
--------
|
--------
|
||||||
|
|
|
@ -1 +1,2 @@
|
||||||
name
|
name
|
||||||
|
state
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
state
|
|
|
@ -27,7 +27,11 @@ else
|
||||||
name="$__object_id"
|
name="$__object_id"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ -f "$__object/parameter/state" ]; then
|
||||||
state_should="$(cat "$__object/parameter/state")"
|
state_should="$(cat "$__object/parameter/state")"
|
||||||
|
else
|
||||||
|
state_should="present"
|
||||||
|
fi
|
||||||
|
|
||||||
if grep -q -E "(centos|redhat|amazon)" "$__global/explorer/os"; then
|
if grep -q -E "(centos|redhat|amazon)" "$__global/explorer/os"; then
|
||||||
opts="-y --quiet"
|
opts="-y --quiet"
|
||||||
|
|
|
@ -17,8 +17,7 @@ slightly confusing error message "Error: Nothing to do".
|
||||||
|
|
||||||
REQUIRED PARAMETERS
|
REQUIRED PARAMETERS
|
||||||
-------------------
|
-------------------
|
||||||
state::
|
None
|
||||||
The state the package should be in, either "present" or "absent"
|
|
||||||
|
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
OPTIONAL PARAMETERS
|
||||||
|
@ -26,6 +25,10 @@ OPTIONAL PARAMETERS
|
||||||
name::
|
name::
|
||||||
If supplied, use the name and not the object id as the package name.
|
If supplied, use the name and not the object id as the package name.
|
||||||
|
|
||||||
|
state::
|
||||||
|
The state the package should be in, either "present" or "absent"
|
||||||
|
(the old values "installed" or "removed" will be removed in cdist 2.1).
|
||||||
|
|
||||||
|
|
||||||
EXAMPLES
|
EXAMPLES
|
||||||
--------
|
--------
|
||||||
|
|
|
@ -1 +1,2 @@
|
||||||
name
|
name
|
||||||
|
state
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
state
|
|
|
@ -33,7 +33,11 @@ else
|
||||||
name="$__object_id"
|
name="$__object_id"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ -f "$__object/parameter/state" ]; then
|
||||||
state_should="$(cat "$__object/parameter/state")"
|
state_should="$(cat "$__object/parameter/state")"
|
||||||
|
else
|
||||||
|
state_should="present"
|
||||||
|
fi
|
||||||
|
|
||||||
# Exit if nothing is needed to be done
|
# Exit if nothing is needed to be done
|
||||||
[ "$state_is" = "$state_should" ] && exit 0
|
[ "$state_is" = "$state_should" ] && exit 0
|
||||||
|
|
|
@ -15,8 +15,7 @@ Zypper is usually used on the SuSE distribution to manage packages.
|
||||||
|
|
||||||
REQUIRED PARAMETERS
|
REQUIRED PARAMETERS
|
||||||
-------------------
|
-------------------
|
||||||
state::
|
None
|
||||||
The state the package should be in, either "present" or "absent"
|
|
||||||
|
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
OPTIONAL PARAMETERS
|
||||||
|
@ -24,6 +23,9 @@ OPTIONAL PARAMETERS
|
||||||
name::
|
name::
|
||||||
If supplied, use the name and not the object id as the package name.
|
If supplied, use the name and not the object id as the package name.
|
||||||
|
|
||||||
|
state::
|
||||||
|
The state the package should be in, either "present" or "absent"
|
||||||
|
|
||||||
|
|
||||||
EXAMPLES
|
EXAMPLES
|
||||||
--------
|
--------
|
||||||
|
|
|
@ -1 +1,2 @@
|
||||||
name
|
name
|
||||||
|
state
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
state
|
|
36
conf/type/__pf_apply/explorer/rcvar
Executable file
36
conf/type/__pf_apply/explorer/rcvar
Executable file
|
@ -0,0 +1,36 @@
|
||||||
|
#!/bin/sh
|
||||||
|
#
|
||||||
|
# 2012 Jake Guffey (jake.guffey at eprotex.com)
|
||||||
|
#
|
||||||
|
# This file is part of cdist.
|
||||||
|
#
|
||||||
|
# cdist is free software: you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation, either version 3 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# cdist is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
#
|
||||||
|
#
|
||||||
|
# Get the location of the pf ruleset on the target host.
|
||||||
|
#
|
||||||
|
|
||||||
|
# Debug
|
||||||
|
#exec >&2
|
||||||
|
#set -x
|
||||||
|
|
||||||
|
# Check /etc/rc.conf for pf's configuration file name. Default to /etc/pf.conf
|
||||||
|
|
||||||
|
RC="/etc/rc.conf"
|
||||||
|
PFCONF="$(grep '^pf_rules=' ${RC} | cut -d= -f2 | sed 's/"//g')"
|
||||||
|
echo ${PFCONF:-"/etc/pf.conf"}
|
||||||
|
|
||||||
|
# Debug
|
||||||
|
#set +x
|
||||||
|
|
51
conf/type/__pf_apply/gencode-remote
Executable file
51
conf/type/__pf_apply/gencode-remote
Executable file
|
@ -0,0 +1,51 @@
|
||||||
|
#!/bin/sh
|
||||||
|
#
|
||||||
|
# 2012 Jake Guffey (jake.guffey at eprotex.com)
|
||||||
|
#
|
||||||
|
# This file is part of cdist.
|
||||||
|
#
|
||||||
|
# cdist is free software: you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation, either version 3 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# cdist is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
#
|
||||||
|
#
|
||||||
|
# Apply pf(4) ruleset on *BSD
|
||||||
|
#
|
||||||
|
|
||||||
|
# Debug
|
||||||
|
#exec >&2
|
||||||
|
#set -x
|
||||||
|
|
||||||
|
rcvar=$(cat "$__object/explorer/rcvar")
|
||||||
|
|
||||||
|
cat <<EOF
|
||||||
|
if [ -f "${rcvar}.old" ]; then # rcvar.old exists, we must need to disable pf
|
||||||
|
# Disable pf
|
||||||
|
# If it already is disabled, pfctl -d returns 1, go on with life
|
||||||
|
pfctl -d || true
|
||||||
|
# Cleanup
|
||||||
|
rm -f "${rcvar}.old"
|
||||||
|
elif [ -f "${rcvar}.new" ]; then # rcvar.new exists, we must need to apply it
|
||||||
|
# Ensure that pf is enabled in the first place
|
||||||
|
# If it already is enabled, pfctl -e returns 1, go on with life
|
||||||
|
mv "${rcvar}.new" "${rcvar}"
|
||||||
|
pfctl -e || true
|
||||||
|
pfctl -f "${rcvar}"
|
||||||
|
if [ "\$?" -ne "0" ]; then # failed to configure new ruleset
|
||||||
|
echo "Failed to configure the new ruleset on ${__target_host}!" >&2
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Debug
|
||||||
|
#set +x
|
||||||
|
|
52
conf/type/__pf_apply/man.text
Normal file
52
conf/type/__pf_apply/man.text
Normal file
|
@ -0,0 +1,52 @@
|
||||||
|
cdist-type__pf_apply(7)
|
||||||
|
==================================
|
||||||
|
Jake Guffey <jake.guffey--@--eprotex.com>
|
||||||
|
|
||||||
|
|
||||||
|
NAME
|
||||||
|
----
|
||||||
|
cdist-type__pf_apply - Apply pf(4) ruleset on *BSD
|
||||||
|
|
||||||
|
|
||||||
|
DESCRIPTION
|
||||||
|
-----------
|
||||||
|
This type is used on *BSD systems to manage the pf firewall's active ruleset.
|
||||||
|
|
||||||
|
|
||||||
|
REQUIRED PARAMETERS
|
||||||
|
-------------------
|
||||||
|
NONE
|
||||||
|
|
||||||
|
|
||||||
|
OPTIONAL PARAMETERS
|
||||||
|
-------------------
|
||||||
|
NONE
|
||||||
|
|
||||||
|
|
||||||
|
EXAMPLES
|
||||||
|
--------
|
||||||
|
|
||||||
|
--------------------------------------------------------------------------------
|
||||||
|
# Modify the ruleset on $__target_host:
|
||||||
|
__pf_ruleset --state present --source /my/pf/ruleset.conf
|
||||||
|
require="__pf_ruleset" \
|
||||||
|
__pf_apply
|
||||||
|
|
||||||
|
# Remove the ruleset on $__target_host (implies disabling pf(4):
|
||||||
|
__pf_ruleset --state absent
|
||||||
|
require="__pf_ruleset" \
|
||||||
|
__pf_apply
|
||||||
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
|
||||||
|
SEE ALSO
|
||||||
|
--------
|
||||||
|
- cdist-type(7)
|
||||||
|
- cdist-type__pf_ruleset(7)
|
||||||
|
- pf(4)
|
||||||
|
|
||||||
|
|
||||||
|
COPYING
|
||||||
|
-------
|
||||||
|
Copyright \(C) 2012 Jake Guffey. Free use of this software is
|
||||||
|
granted under the terms of the GNU General Public License version 3 (GPLv3).
|
0
conf/type/__pf_apply/singleton
Normal file
0
conf/type/__pf_apply/singleton
Normal file
41
conf/type/__pf_ruleset/explorer/cksum
Executable file
41
conf/type/__pf_ruleset/explorer/cksum
Executable file
|
@ -0,0 +1,41 @@
|
||||||
|
#!/bin/sh
|
||||||
|
#
|
||||||
|
# 2012 Jake Guffey (jake.guffey at eprotex.com)
|
||||||
|
#
|
||||||
|
# This file is part of cdist.
|
||||||
|
#
|
||||||
|
# cdist is free software: you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation, either version 3 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# cdist is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
#
|
||||||
|
#
|
||||||
|
# Get the 256 bit SHA2 checksum of the pf ruleset on the target host.
|
||||||
|
#
|
||||||
|
|
||||||
|
# Debug
|
||||||
|
#exec >&2
|
||||||
|
#set -x
|
||||||
|
|
||||||
|
# Check /etc/rc.conf for pf's configuration file name. Default to /etc/pf.conf
|
||||||
|
# See if file exists and if so, get checksum
|
||||||
|
|
||||||
|
RC="/etc/rc.conf"
|
||||||
|
TMP="$(grep '^pf_rules=' ${RC} | cut -d= -f2 | sed 's/"//g')"
|
||||||
|
PFCONF="${TMP:-"/etc/pf.conf"}"
|
||||||
|
|
||||||
|
if [ -f "${PFCONF}" ]; then # The pf config file exists, find its cksum.
|
||||||
|
cksum -o 1 ${PFCONF} | cut -d= -f2 | awk '{print $1}'
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Debug
|
||||||
|
#set +x
|
||||||
|
|
36
conf/type/__pf_ruleset/explorer/rcvar
Executable file
36
conf/type/__pf_ruleset/explorer/rcvar
Executable file
|
@ -0,0 +1,36 @@
|
||||||
|
#!/bin/sh
|
||||||
|
#
|
||||||
|
# 2012 Jake Guffey (jake.guffey at eprotex.com)
|
||||||
|
#
|
||||||
|
# This file is part of cdist.
|
||||||
|
#
|
||||||
|
# cdist is free software: you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation, either version 3 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# cdist is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
#
|
||||||
|
#
|
||||||
|
# Get the location of the pf ruleset on the target host.
|
||||||
|
#
|
||||||
|
|
||||||
|
# Debug
|
||||||
|
#exec >&2
|
||||||
|
#set -x
|
||||||
|
|
||||||
|
# Check /etc/rc.conf for pf's configuration file name. Default to /etc/pf.conf
|
||||||
|
|
||||||
|
RC="/etc/rc.conf"
|
||||||
|
PFCONF="$(grep '^pf_rules=' ${RC} | cut -d= -f2 | sed 's/"//g')"
|
||||||
|
echo ${PFCONF:-"/etc/pf.conf"}
|
||||||
|
|
||||||
|
# Debug
|
||||||
|
#set +x
|
||||||
|
|
73
conf/type/__pf_ruleset/gencode-local
Normal file
73
conf/type/__pf_ruleset/gencode-local
Normal file
|
@ -0,0 +1,73 @@
|
||||||
|
#!/bin/sh
|
||||||
|
#
|
||||||
|
# 2012 Jake Guffey (jake.guffey at eprotex.com)
|
||||||
|
#
|
||||||
|
# This file is part of cdist.
|
||||||
|
#
|
||||||
|
# cdist is free software: you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation, either version 3 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# cdist is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
#
|
||||||
|
#
|
||||||
|
# Manage pf(4) on *BSD
|
||||||
|
#
|
||||||
|
|
||||||
|
# Debug
|
||||||
|
#exec >&2
|
||||||
|
#set -x
|
||||||
|
|
||||||
|
# Send files to $__target_host via $__remote_copy
|
||||||
|
|
||||||
|
uname=$(uname) # Need to know what the cdist host is running so we know how to compute the ruleset's checksum
|
||||||
|
state=$(cat "$__object/parameter/state")
|
||||||
|
|
||||||
|
if [ "$state" = "absent" ]; then # There is nothing more for a *local* script to do
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -f "$__object/parameter/source" ]; then
|
||||||
|
source=$(cat "$__object/parameter/source")
|
||||||
|
fi
|
||||||
|
|
||||||
|
rcvar=$(cat "$__object/explorer/rcvar")
|
||||||
|
cksum=$(cat "$__object/explorer/cksum")
|
||||||
|
|
||||||
|
|
||||||
|
cat <<EOF
|
||||||
|
case $uname in
|
||||||
|
Darwin)
|
||||||
|
currentSum=\$(cksum -o 1 ${source} | cut '-d ' -f1)
|
||||||
|
;;
|
||||||
|
Linux)
|
||||||
|
currentSum=\$(cksum ${source} | cut '-d ' -f1)
|
||||||
|
;;
|
||||||
|
FreeBSD)
|
||||||
|
currentSum=\$(cksum -o 1 ${source} | cut -d= -f2 | sed 's/ //g')
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Sorry, I do not know how to find a cksum on ${UNAME}." >&2
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
if [ -n "${cksum}" ]; then
|
||||||
|
if [ ! "\${currentSum}" = "${cksum}" ]; then
|
||||||
|
$__remote_copy "${source}" "$__target_host:${rcvar}.new"
|
||||||
|
fi
|
||||||
|
else # File just doesn't exist yet
|
||||||
|
$__remote_copy "${source}" "$__target_host:${rcvar}.new"
|
||||||
|
fi
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Debug
|
||||||
|
#exec +x
|
||||||
|
|
49
conf/type/__pf_ruleset/gencode-remote
Normal file
49
conf/type/__pf_ruleset/gencode-remote
Normal file
|
@ -0,0 +1,49 @@
|
||||||
|
#!/bin/sh
|
||||||
|
#
|
||||||
|
# 2012 Jake Guffey (jake.guffey at eprotex.com)
|
||||||
|
#
|
||||||
|
# This file is part of cdist.
|
||||||
|
#
|
||||||
|
# cdist is free software: you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation, either version 3 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# cdist is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
#
|
||||||
|
#
|
||||||
|
# Manage pf(4) on *BSD
|
||||||
|
#
|
||||||
|
|
||||||
|
# Debug
|
||||||
|
#exec >&2
|
||||||
|
#set -x
|
||||||
|
|
||||||
|
# Remove ${rcvar} in the case of --state absent
|
||||||
|
|
||||||
|
state=$(cat "$__object/parameter/state")
|
||||||
|
rcvar=$(cat "$__object/explorer/rcvar")
|
||||||
|
|
||||||
|
if [ "$state" = "present" ]; then # There is nothing more for a *remote* script to do
|
||||||
|
exit 0
|
||||||
|
elif [ "$state" = "absent" ]; then
|
||||||
|
# --state absent, so ensure that .new doesn't exist and that conf is renamed to .old
|
||||||
|
cat <<EOF
|
||||||
|
if [ -f "${rcvar}.new" ]; then
|
||||||
|
rm "${rcvar}.new"
|
||||||
|
fi
|
||||||
|
if [ -f "${rcvar}" ]; then
|
||||||
|
mv "${rcvar}" "${rcvar}.old"
|
||||||
|
fi
|
||||||
|
EOF
|
||||||
|
else
|
||||||
|
echo "Unknown state ${state}!" >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
51
conf/type/__pf_ruleset/man.text
Normal file
51
conf/type/__pf_ruleset/man.text
Normal file
|
@ -0,0 +1,51 @@
|
||||||
|
cdist-type__pf_ruleset(7)
|
||||||
|
==================================
|
||||||
|
Jake Guffey <jake.guffey--@--eprotex.com>
|
||||||
|
|
||||||
|
|
||||||
|
NAME
|
||||||
|
----
|
||||||
|
cdist-type__pf_ruleset - Copy a pf(4) ruleset to $__target_host
|
||||||
|
|
||||||
|
|
||||||
|
DESCRIPTION
|
||||||
|
-----------
|
||||||
|
This type is used on *BSD systems to manage the pf firewall's ruleset.
|
||||||
|
|
||||||
|
|
||||||
|
REQUIRED PARAMETERS
|
||||||
|
-------------------
|
||||||
|
state::
|
||||||
|
Either "absent" (no ruleset at all) or "present"
|
||||||
|
|
||||||
|
|
||||||
|
OPTIONAL PARAMETERS
|
||||||
|
-------------------
|
||||||
|
source::
|
||||||
|
If supplied, use to define the ruleset to load onto the $__target_host for pf(4).
|
||||||
|
Note that this type is almost useless without a ruleset defined, but it's technically not
|
||||||
|
needed, e.g. for the case of disabling the firewall temporarily.
|
||||||
|
|
||||||
|
EXAMPLES
|
||||||
|
--------
|
||||||
|
|
||||||
|
--------------------------------------------------------------------------------
|
||||||
|
# Remove the current ruleset in place
|
||||||
|
__pf_ruleset --state absent
|
||||||
|
|
||||||
|
# Enable the firewall with the ruleset defined in $__manifest/files/pf.conf
|
||||||
|
__pf_ruleset --state present --source $__manifest/files/pf.conf
|
||||||
|
|
||||||
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
|
||||||
|
SEE ALSO
|
||||||
|
--------
|
||||||
|
- cdist-type(7)
|
||||||
|
- pf(4)
|
||||||
|
|
||||||
|
|
||||||
|
COPYING
|
||||||
|
-------
|
||||||
|
Copyright \(C) 2012 Jake Guffey. Free use of this software is
|
||||||
|
granted under the terms of the GNU General Public License version 3 (GPLv3).
|
1
conf/type/__pf_ruleset/parameter/optional
Normal file
1
conf/type/__pf_ruleset/parameter/optional
Normal file
|
@ -0,0 +1 @@
|
||||||
|
source
|
0
conf/type/__pf_ruleset/singleton
Normal file
0
conf/type/__pf_ruleset/singleton
Normal file
|
@ -32,7 +32,7 @@ EXAMPLES
|
||||||
--------
|
--------
|
||||||
|
|
||||||
--------------------------------------------------------------------------------
|
--------------------------------------------------------------------------------
|
||||||
# Ensure zsh in installed
|
# Create a 50G size image
|
||||||
__qemu_img /home/services/kvm/vm/myvmname/system-disk --size 50G
|
__qemu_img /home/services/kvm/vm/myvmname/system-disk --size 50G
|
||||||
|
|
||||||
# Remove image
|
# Remove image
|
||||||
|
|
|
@ -19,8 +19,18 @@
|
||||||
#
|
#
|
||||||
|
|
||||||
user="$__object_id"
|
user="$__object_id"
|
||||||
|
|
||||||
|
# RVM behaves differently if root is the username / uid == 0
|
||||||
|
if [ "$user" = "root" ]; then
|
||||||
|
if [ -d /usr/local/rvm ]; then
|
||||||
|
echo present
|
||||||
|
else
|
||||||
|
echo absent
|
||||||
|
fi
|
||||||
|
else
|
||||||
if su - $user -c "[ -d \"\$HOME/.rvm\" ]" ; then
|
if su - $user -c "[ -d \"\$HOME/.rvm\" ]" ; then
|
||||||
echo "present"
|
echo "present"
|
||||||
else
|
else
|
||||||
echo "absent"
|
echo "absent"
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
|
|
|
@ -25,7 +25,7 @@ if [ "$state_is" != "$state_should" ]; then
|
||||||
case "$state_should" in
|
case "$state_should" in
|
||||||
present)
|
present)
|
||||||
cat << DONE
|
cat << DONE
|
||||||
su - $user -c "curl -L get.rvm.io | bash -s stable"
|
su - $user -c "unset rvm_path; unset rvm_bin_path; unset rvm_prefix; unset rvm_version; curl -L get.rvm.io | bash -s stable"
|
||||||
DONE
|
DONE
|
||||||
;;
|
;;
|
||||||
absent)
|
absent)
|
||||||
|
|
|
@ -23,7 +23,7 @@ ruby="$(echo "$gemset" | cut -d '@' -f 1)"
|
||||||
gemsetname="$(echo "$gemset" | cut -d '@' -f 2)"
|
gemsetname="$(echo "$gemset" | cut -d '@' -f 2)"
|
||||||
state_is="$(cat "$__object/explorer/state")"
|
state_is="$(cat "$__object/explorer/state")"
|
||||||
user="$(cat "$__object/parameter/user")"
|
user="$(cat "$__object/parameter/user")"
|
||||||
default="$(cat "$__object/parameter/default")"
|
default="$(cat "$__object/parameter/default" 2>/dev/null || true)"
|
||||||
state_should="$(cat "$__object/parameter/state")"
|
state_should="$(cat "$__object/parameter/state")"
|
||||||
if [ "$state_is" != "$state_should" ]; then
|
if [ "$state_is" != "$state_should" ]; then
|
||||||
case "$state_should" in
|
case "$state_should" in
|
||||||
|
|
|
@ -21,8 +21,9 @@
|
||||||
ruby="$__object_id"
|
ruby="$__object_id"
|
||||||
state_is="$(cat "$__object/explorer/state")"
|
state_is="$(cat "$__object/explorer/state")"
|
||||||
user="$(cat "$__object/parameter/user")"
|
user="$(cat "$__object/parameter/user")"
|
||||||
default="$(cat "$__object/parameter/default")"
|
default="$(cat "$__object/parameter/default" 2>/dev/null || true)"
|
||||||
state_should="$(cat "$__object/parameter/state")"
|
state_should="$(cat "$__object/parameter/state")"
|
||||||
|
|
||||||
if [ "$state_is" != "$state_should" ]; then
|
if [ "$state_is" != "$state_should" ]; then
|
||||||
case "$state_should" in
|
case "$state_should" in
|
||||||
present)
|
present)
|
||||||
|
|
|
@ -8,6 +8,9 @@ Changelog
|
||||||
* Core: Make variable __object_name available in type explorers (Steven Armtrong)
|
* Core: Make variable __object_name available in type explorers (Steven Armtrong)
|
||||||
* New Type: __qemu_img
|
* New Type: __qemu_img
|
||||||
* New Type: __line
|
* New Type: __line
|
||||||
|
* New Type: __pf_apply (Jake Guffey)
|
||||||
|
* New Type: __pf_ruleset (Jake Guffey)
|
||||||
|
* Bugfix Type: __rvm: Make type work if rvm is already installed
|
||||||
|
|
||||||
2.0.14: 2012-09-07
|
2.0.14: 2012-09-07
|
||||||
* Bugfix Type: __jail: Use correct variable (Jake Guffey)
|
* Bugfix Type: __jail: Use correct variable (Jake Guffey)
|
||||||
|
|
1
doc/gfx/font-used
Normal file
1
doc/gfx/font-used
Normal file
|
@ -0,0 +1 @@
|
||||||
|
fraktur
|
Loading…
Reference in a new issue