forked from ungleich-public/cdist
Merge branch 'master' into beta
This commit is contained in:
commit
b47b9b1ba0
19 changed files with 156 additions and 103 deletions
cdist
conf
explorer
type
__cron
__file_old
__group
__letsencrypt_cert
__link
__motd
__pyvenv
__ssh_authorized_key
__ssh_authorized_keys
__user
configuration
docs
|
@ -2,6 +2,7 @@
|
||||||
#
|
#
|
||||||
# 2014 Daniel Heule (hda at sfs.biz)
|
# 2014 Daniel Heule (hda at sfs.biz)
|
||||||
# 2014 Thomas Oettli (otho at sfs.biz)
|
# 2014 Thomas Oettli (otho at sfs.biz)
|
||||||
|
# 2020 Evilham (contact at evilham.com)
|
||||||
#
|
#
|
||||||
# This file is part of cdist.
|
# This file is part of cdist.
|
||||||
#
|
#
|
||||||
|
@ -18,9 +19,51 @@
|
||||||
# You should have received a copy of the GNU General Public License
|
# You should have received a copy of the GNU General Public License
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
#
|
#
|
||||||
#
|
|
||||||
|
|
||||||
# FIXME: other system types (not linux ...)
|
os=$("$__explorer/os")
|
||||||
|
|
||||||
|
vendor_string_to_machine_type() {
|
||||||
|
for vendor in vmware bochs kvm qemu virtualbox bhyve; do
|
||||||
|
if echo "${1}" | grep -q -i "${vendor}"; then
|
||||||
|
if [ "${vendor}" = "bochs" ] || [ "${vendor}" = "qemu" ]; then
|
||||||
|
vendor="kvm"
|
||||||
|
fi
|
||||||
|
echo "virtual_by_${vendor}"
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
case "$os" in
|
||||||
|
"freebsd")
|
||||||
|
# FreeBSD does not have /proc/cpuinfo even when procfs is used.
|
||||||
|
# Instead there is a sysctl kern.vm_guest.
|
||||||
|
# Which is 'none' if physical, else the virtualisation.
|
||||||
|
vm_guest="$(sysctl -n kern.vm_guest 2>/dev/null || true)"
|
||||||
|
if [ -n "${vm_guest}" ]; then
|
||||||
|
if [ "${vm_guest}" = "none" ]; then
|
||||||
|
echo "physical"
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
echo "virtual_by_${vm_guest}"
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
|
||||||
|
"openbsd")
|
||||||
|
# OpenBSD can also use the sysctl's: hw.vendor or hw.product.
|
||||||
|
# Note we can be reasonably sure about a machine being virtualised
|
||||||
|
# as long as we can identify the virtualisation technology.
|
||||||
|
# But not so much about it being physical...
|
||||||
|
# Patches are welcome / reach out if you have better ideas.
|
||||||
|
for sysctl in hw.vendor hw.product; do
|
||||||
|
# This exits if we can make a reasonable judgement
|
||||||
|
vendor_string_to_machine_type "$(sysctl -n "${sysctl}")"
|
||||||
|
done
|
||||||
|
;;
|
||||||
|
|
||||||
|
*)
|
||||||
|
# Defaulting to linux for compatibility with previous cdist behaviour
|
||||||
|
|
||||||
if [ -d "/proc/vz" ] && [ ! -d "/proc/bc" ]; then
|
if [ -d "/proc/vz" ] && [ ! -d "/proc/bc" ]; then
|
||||||
echo openvz
|
echo openvz
|
||||||
|
@ -35,7 +78,7 @@ fi
|
||||||
|
|
||||||
if [ -r /proc/cpuinfo ]; then
|
if [ -r /proc/cpuinfo ]; then
|
||||||
# this should only exist on virtual guest machines,
|
# this should only exist on virtual guest machines,
|
||||||
# tested on vmware, xen, kvm
|
# tested on vmware, xen, kvm, bhyve
|
||||||
if grep -q "hypervisor" /proc/cpuinfo; then
|
if grep -q "hypervisor" /proc/cpuinfo; then
|
||||||
# this file is aviable in xen guest systems
|
# this file is aviable in xen guest systems
|
||||||
if [ -r /sys/hypervisor/type ]; then
|
if [ -r /sys/hypervisor/type ]; then
|
||||||
|
@ -44,37 +87,23 @@ if [ -r /proc/cpuinfo ]; then
|
||||||
exit
|
exit
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
if [ -r /sys/class/dmi/id/product_name ]; then
|
for vendor_file in /sys/class/dmi/id/product_name \
|
||||||
if grep -q -i 'vmware' /sys/class/dmi/id/product_name; then
|
/sys/class/dmi/id/sys_vendor \
|
||||||
echo "virtual_by_vmware"
|
/sys/class/dmi/id/chasis_vendor; do
|
||||||
exit
|
if [ -r ${vendor_file} ]; then
|
||||||
elif grep -q -i 'bochs' /sys/class/dmi/id/product_name; then
|
# This exits if we can make a reasonable judgement
|
||||||
echo "virtual_by_kvm"
|
vendor_string_to_machine_type "$(cat "${vendor_file}")"
|
||||||
exit
|
|
||||||
elif grep -q -i 'virtualbox' /sys/class/dmi/id/product_name; then
|
|
||||||
echo "virtual_by_virtualbox"
|
|
||||||
exit
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -r /sys/class/dmi/id/sys_vendor ]; then
|
|
||||||
if grep -q -i 'qemu' /sys/class/dmi/id/sys_vendor; then
|
|
||||||
echo "virtual_by_kvm"
|
|
||||||
exit
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -r /sys/class/dmi/id/chassis_vendor ]; then
|
|
||||||
if grep -q -i 'qemu' /sys/class/dmi/id/chassis_vendor; then
|
|
||||||
echo "virtual_by_kvm"
|
|
||||||
exit
|
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
|
done
|
||||||
fi
|
fi
|
||||||
echo "virtual_by_unknown"
|
echo "virtual_by_unknown"
|
||||||
|
exit
|
||||||
else
|
else
|
||||||
echo "physical"
|
echo "physical"
|
||||||
|
exit
|
||||||
fi
|
fi
|
||||||
else
|
fi
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
echo "unknown"
|
echo "unknown"
|
||||||
fi
|
|
||||||
|
|
|
@ -21,6 +21,11 @@ command
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
OPTIONAL PARAMETERS
|
||||||
-------------------
|
-------------------
|
||||||
|
**NOTE**: All time-related parameters (``--minute``, ``--hour``, ``--day_of_month``
|
||||||
|
``--month`` and ``--day_of_week``) defaults to ``*``, which means to execute it
|
||||||
|
**always**. If you set ``--hour 0`` to execute the cronjob only at midnight, it
|
||||||
|
will execute **every** minute in the first hour of the morning all days.
|
||||||
|
|
||||||
state
|
state
|
||||||
Either present or absent. Defaults to present.
|
Either present or absent. Defaults to present.
|
||||||
minute
|
minute
|
||||||
|
|
|
@ -50,13 +50,13 @@ state
|
||||||
create or modify it
|
create or modify it
|
||||||
|
|
||||||
group
|
group
|
||||||
Group to chgrp to.
|
Group to chgrp to. Defaults to ``root``.
|
||||||
|
|
||||||
mode
|
mode
|
||||||
Unix permissions, suitable for chmod.
|
Unix permissions, suitable for chmod. Defaults to a very secure ``0600``.
|
||||||
|
|
||||||
owner
|
owner
|
||||||
User to chown to.
|
User to chown to. Defaults to ``root``.
|
||||||
|
|
||||||
source
|
source
|
||||||
If supplied, copy this file from the host running cdist to the target.
|
If supplied, copy this file from the host running cdist to the target.
|
||||||
|
|
|
@ -88,7 +88,7 @@ if [ "$state" = "present" ]; then
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
if [ "$os" = "freebsd" ]; then
|
if [ "$os" = "freebsd" ]; then
|
||||||
echo pw groupadd "$@" "$name"
|
echo pw groupadd "$name" "$@"
|
||||||
else
|
else
|
||||||
echo groupadd "$@" "$name"
|
echo groupadd "$@" "$name"
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -90,6 +90,9 @@ if [ -z "${certbot_fullpath}" ]; then
|
||||||
__package py27-certbot
|
__package py27-certbot
|
||||||
|
|
||||||
certbot_fullpath=/usr/local/bin/certbot
|
certbot_fullpath=/usr/local/bin/certbot
|
||||||
|
;;
|
||||||
|
ubuntu)
|
||||||
|
__package certbot
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
echo "Unsupported os: $os" >&2
|
echo "Unsupported os: $os" >&2
|
||||||
|
|
|
@ -18,7 +18,7 @@ source
|
||||||
Specifies the link source.
|
Specifies the link source.
|
||||||
|
|
||||||
type
|
type
|
||||||
Specifies the link type: Either hard or symoblic.
|
Specifies the link type: Either hard or symbolic.
|
||||||
|
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
OPTIONAL PARAMETERS
|
||||||
|
|
|
@ -22,13 +22,6 @@
|
||||||
os=$(cat "$__global/explorer/os")
|
os=$(cat "$__global/explorer/os")
|
||||||
|
|
||||||
case "$os" in
|
case "$os" in
|
||||||
debian|ubuntu|devuan)
|
|
||||||
|
|
||||||
# Debian and Ubuntu need to be updated,
|
|
||||||
# as seen in /etc/init.d/bootlogs
|
|
||||||
echo "uname -snrvm > /var/run/motd"
|
|
||||||
echo "cat /etc/motd.tail >> /var/run/motd"
|
|
||||||
;;
|
|
||||||
freebsd)
|
freebsd)
|
||||||
# FreeBSD only updates /etc/motd on boot,
|
# FreeBSD only updates /etc/motd on boot,
|
||||||
# as seen in /etc/rc.d/motd
|
# as seen in /etc/rc.d/motd
|
||||||
|
|
|
@ -33,10 +33,6 @@ os=$(cat "$__global/explorer/os")
|
||||||
|
|
||||||
|
|
||||||
case "$os" in
|
case "$os" in
|
||||||
debian|ubuntu|devuan)
|
|
||||||
# Debian-based systems use /etc/motd.tail as a template
|
|
||||||
destination=/etc/motd.tail
|
|
||||||
;;
|
|
||||||
freebsd)
|
freebsd)
|
||||||
# FreeBSD uses motd.template to prepend system information on boot
|
# FreeBSD uses motd.template to prepend system information on boot
|
||||||
# (this actually only applies starting with version 13,
|
# (this actually only applies starting with version 13,
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
#!/bin/sh -e
|
#!/bin/sh -e
|
||||||
#
|
#
|
||||||
# 2016 Darko Poljak (darko.poljak at gmail.com)
|
# 2016 Darko Poljak (darko.poljak at gmail.com)
|
||||||
|
# 2020 Nico Schotetlius (nico.schottelius at ungleich.ch)
|
||||||
#
|
#
|
||||||
# This file is part of cdist.
|
# This file is part of cdist.
|
||||||
#
|
#
|
||||||
|
@ -45,7 +46,7 @@ then
|
||||||
pyvenv=$(cat "$pyvenvparam")
|
pyvenv=$(cat "$pyvenvparam")
|
||||||
else
|
else
|
||||||
case "$os" in
|
case "$os" in
|
||||||
alpine) # no pyvenv on alpine - I assume others will follow
|
alpine|ubuntu) # no pyvenv on alpine - I assume others will follow
|
||||||
pyvenv="python3 -m venv"
|
pyvenv="python3 -m venv"
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
|
|
|
@ -9,7 +9,7 @@ cdist-type__pyvenv - Create or remove python virtual environment
|
||||||
DESCRIPTION
|
DESCRIPTION
|
||||||
-----------
|
-----------
|
||||||
This cdist type allows you to create or remove python virtual
|
This cdist type allows you to create or remove python virtual
|
||||||
environment using pyvenv.
|
environment using pyvenv on python3 -m venv.
|
||||||
It assumes pyvenv is already installed. Concrete package depends
|
It assumes pyvenv is already installed. Concrete package depends
|
||||||
on concrete OS and/or OS version/distribution.
|
on concrete OS and/or OS version/distribution.
|
||||||
Ensure this for e.g. in your init manifest as in the following example:
|
Ensure this for e.g. in your init manifest as in the following example:
|
||||||
|
@ -76,4 +76,3 @@ COPYING
|
||||||
-------
|
-------
|
||||||
Copyright \(C) 2016 Darko Poljak. Free use of this software is
|
Copyright \(C) 2016 Darko Poljak. Free use of this software is
|
||||||
granted under the terms of the GNU General Public License v3 or later (GPLv3+).
|
granted under the terms of the GNU General Public License v3 or later (GPLv3+).
|
||||||
|
|
||||||
|
|
|
@ -15,25 +15,27 @@ This type was created to be used by the __ssh_authorized_keys type.
|
||||||
REQUIRED PARAMETERS
|
REQUIRED PARAMETERS
|
||||||
-------------------
|
-------------------
|
||||||
file
|
file
|
||||||
the authorized_keys file to which the given key should be added
|
The authorized_keys file where the given key should be managed.
|
||||||
|
|
||||||
key
|
key
|
||||||
a string containing the ssh keytype, base 64 encoded key and optional
|
The ssh key which shall be managed in this authorized_keys file.
|
||||||
trailing comment which shall be added to the given authorized_keys file.
|
Must be a string containing the ssh keytype, base 64 encoded key and
|
||||||
|
optional trailing comment which shall be added to the given
|
||||||
|
authorized_keys file.
|
||||||
|
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
OPTIONAL PARAMETERS
|
||||||
-------------------
|
-------------------
|
||||||
comment
|
comment
|
||||||
explicit comment instead of the one which may be trailing the given key
|
Use this comment instead of the one which may be trailing in the key.
|
||||||
|
|
||||||
option
|
option
|
||||||
an option to set for this authorized_key entry.
|
An option to set for this authorized_key entry.
|
||||||
Can be specified multiple times.
|
Can be specified multiple times.
|
||||||
See sshd(8) for available options.
|
See sshd(8) for available options.
|
||||||
|
|
||||||
state
|
state
|
||||||
if the given keys should be 'present' or 'absent', defaults to 'present'.
|
If the managed key should be 'present' or 'absent', defaults to 'present'.
|
||||||
|
|
||||||
|
|
||||||
MESSAGES
|
MESSAGES
|
||||||
|
@ -64,7 +66,7 @@ EXAMPLES
|
||||||
|
|
||||||
SEE ALSO
|
SEE ALSO
|
||||||
--------
|
--------
|
||||||
:strong:`cdist__ssh_authorized_keys`\ (7), :strong:`sshd`\ (8)
|
:strong:`cdist-type__ssh_authorized_keys`\ (7), :strong:`sshd`\ (8)
|
||||||
|
|
||||||
|
|
||||||
AUTHORS
|
AUTHORS
|
||||||
|
|
|
@ -20,42 +20,45 @@ then left to the user to ensure that the file exists and that ownership and
|
||||||
permissions work with ssh.
|
permissions work with ssh.
|
||||||
|
|
||||||
|
|
||||||
REQUIRED PARAMETERS
|
REQUIRED MULTIPLE PARAMETERS
|
||||||
-------------------
|
----------------------------
|
||||||
key
|
key
|
||||||
the ssh key which shall be added to this authorized_keys file.
|
An ssh key which shall be managed in this authorized_keys file.
|
||||||
Must be a string and can be specified multiple times.
|
Must be a string containing the ssh keytype, base 64 encoded key and
|
||||||
|
optional trailing comment which shall be added to the given
|
||||||
|
authorized_keys file.
|
||||||
|
Can be specified multiple times.
|
||||||
|
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
OPTIONAL PARAMETERS
|
||||||
-------------------
|
-------------------
|
||||||
comment
|
comment
|
||||||
explicit comment instead of the one which may be trailing the given key
|
Use this comment instead of the one which may be trailing in each key.
|
||||||
|
|
||||||
file
|
file
|
||||||
an alternative destination file, defaults to ~$owner/.ssh/authorized_keys
|
An alternative destination file, defaults to ~$owner/.ssh/authorized_keys.
|
||||||
|
|
||||||
option
|
option
|
||||||
an option to set for all created authorized_key entries.
|
An option to set for all authorized_key entries in the key parameter.
|
||||||
Can be specified multiple times.
|
Can be specified multiple times.
|
||||||
See sshd(8) for available options.
|
See sshd(8) for available options.
|
||||||
|
|
||||||
owner
|
owner
|
||||||
the user owning the authorized_keys file, defaults to object_id.
|
The user owning the authorized_keys file, defaults to object_id.
|
||||||
|
|
||||||
state
|
state
|
||||||
if the given keys should be 'present' or 'absent', defaults to 'present'.
|
If the given keys should be 'present' or 'absent', defaults to 'present'.
|
||||||
|
|
||||||
|
|
||||||
BOOLEAN PARAMETERS
|
BOOLEAN PARAMETERS
|
||||||
------------------
|
------------------
|
||||||
noparent
|
noparent
|
||||||
don't create or change ownership and permissions of the directory containing
|
Don't create or change ownership and permissions of the directory containing
|
||||||
the authorized_keys file
|
the authorized_keys file.
|
||||||
|
|
||||||
nofile
|
nofile
|
||||||
don't manage existence, ownership and permissions of the the authorized_keys
|
Don't manage existence, ownership and permissions of the the authorized_keys
|
||||||
file
|
file.
|
||||||
|
|
||||||
|
|
||||||
EXAMPLES
|
EXAMPLES
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
comment
|
comment
|
||||||
file
|
file
|
||||||
option
|
|
||||||
owner
|
owner
|
||||||
state
|
state
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
option
|
|
@ -135,10 +135,18 @@ elif [ "$state" = "absent" ]; then
|
||||||
if grep -q "^${name}:" "$__object/explorer/passwd"; then
|
if grep -q "^${name}:" "$__object/explorer/passwd"; then
|
||||||
#user exists, but state != present, so delete it
|
#user exists, but state != present, so delete it
|
||||||
if [ -f "$__object/parameter/remove-home" ]; then
|
if [ -f "$__object/parameter/remove-home" ]; then
|
||||||
|
if [ "$os" = "freebsd" ]; then
|
||||||
|
printf "pw userdel '%s' -r >/dev/null 2>&1\\n" "${name}"
|
||||||
|
else
|
||||||
printf "userdel -r '%s' >/dev/null 2>&1\\n" "${name}"
|
printf "userdel -r '%s' >/dev/null 2>&1\\n" "${name}"
|
||||||
|
fi
|
||||||
echo "userdel -r" >> "$__messages_out"
|
echo "userdel -r" >> "$__messages_out"
|
||||||
|
else
|
||||||
|
if [ "$os" = "freebsd" ]; then
|
||||||
|
printf "pw userdel '%s' >/dev/null 2>&1\\n" "${name}"
|
||||||
else
|
else
|
||||||
printf "userdel '%s' >/dev/null 2>&1\\n" "${name}"
|
printf "userdel '%s' >/dev/null 2>&1\\n" "${name}"
|
||||||
|
fi
|
||||||
echo "userdel" >> "$__messages_out"
|
echo "userdel" >> "$__messages_out"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -64,6 +64,7 @@ class DefaultLog(logging.Logger):
|
||||||
|
|
||||||
def __init__(self, name):
|
def __init__(self, name):
|
||||||
super().__init__(name)
|
super().__init__(name)
|
||||||
|
self.propagate = False
|
||||||
|
|
||||||
formatter = logging.Formatter(self.FORMAT)
|
formatter = logging.Formatter(self.FORMAT)
|
||||||
|
|
||||||
|
|
|
@ -26,7 +26,7 @@
|
||||||
#
|
#
|
||||||
# init_manifest
|
# init_manifest
|
||||||
# Specify default initial manifest.
|
# Specify default initial manifest.
|
||||||
# init_mainfest = <path-to-init-manifst>
|
# init_manifest = <path-to-init-manifest>
|
||||||
#
|
#
|
||||||
# inventory_dir
|
# inventory_dir
|
||||||
# Specify inventory directory.
|
# Specify inventory directory.
|
||||||
|
|
|
@ -5,6 +5,19 @@ next:
|
||||||
* Core: Add trigger functionality (Nico Schottelius, Darko Poljak)
|
* Core: Add trigger functionality (Nico Schottelius, Darko Poljak)
|
||||||
* Core: Implement core support for python types (Darko Poljak)
|
* Core: Implement core support for python types (Darko Poljak)
|
||||||
|
|
||||||
|
6.5.6: 2020-05-25
|
||||||
|
* Type __pyvenv: Switch to python3 -m venv for Ubuntu (Nico Schottelius)
|
||||||
|
* Type __letsencrypt_cert: Whitelist Ubuntu (Nico Schottelius)
|
||||||
|
* Types __cron, __file, __link: Improve manpages (Matthias Stecher)
|
||||||
|
* Explorer machine_type: Add support for FreeBSD and OpenBSD, and simplify Linux code (Evil Ham)
|
||||||
|
* Type __ssh_authorized_key, __ssh_authorized_keys: Improve manpages (Evil Ham)
|
||||||
|
* Type __ssh_authorized_keys: Fix bug where --option was not multiple (Evil Ham)
|
||||||
|
* Type __motd: Debian/Ubuntu/Devuan use /etc/motd (Ander Punnar)
|
||||||
|
* Type __group: Fix --gid on FreeBSD (Ander Punnar)
|
||||||
|
* Configuration: Fix typos in cdist.cfg.skeleton (Jaak Ristioja)
|
||||||
|
* Type __user: Fix user deletion on FreeBSD (Ander Punnar)
|
||||||
|
* Core: Fix double log lines (Darko Poljak)
|
||||||
|
|
||||||
6.5.5: 2020-05-01
|
6.5.5: 2020-05-01
|
||||||
* Core: Fix XDG_CONFIG_HOME config file location (Joachim Desroches)
|
* Core: Fix XDG_CONFIG_HOME config file location (Joachim Desroches)
|
||||||
* Type __postgres_database: Add encoding, lc-collate, lc-ctype, template parameters (Timothée Floure)
|
* Type __postgres_database: Add encoding, lc-collate, lc-ctype, template parameters (Timothée Floure)
|
||||||
|
|
|
@ -3,7 +3,7 @@ Support
|
||||||
|
|
||||||
Chat
|
Chat
|
||||||
~~~~
|
~~~~
|
||||||
Chat with us: `ungleich chat <https://chat.ungleich.ch/ungleich/channels/cdist>`_.
|
Chat with us on `#cdist:ungleich.ch <https://ungleich.ch/u/projects/open-chat/>`_.
|
||||||
|
|
||||||
Mailing list
|
Mailing list
|
||||||
~~~~~~~~~~~~
|
~~~~~~~~~~~~
|
||||||
|
|
Loading…
Reference in a new issue