romain-dartigues
/
cdist
forked from ungleich-public/cdist
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
7,228 Commits 111 Branches 0 Tags 19 MiB
Commit Graph

1738 Commits

Author SHA1 Message Date
ander 67f85546ec
[explorer/os_version] add new debian code names: bookworm and trixie 2021-08-23 10:09:41 +03:00
Dennis Camera 05c2a62191 [explorer/machine_type] Implement chroot detection using /proc/.../mountinfo 2021-08-05 13:52:51 +02:00
Dennis Camera 5af1317c29 [explorer/machine_type] Try to detect chroot path 2021-08-05 13:52:51 +02:00
Dennis Camera 4a05669765 [explorer/machine_type] Implement chroot detection 2021-08-05 13:52:51 +02:00
Dennis Camera 23fbfaf035 [explorer/machine_type] Use systemd-detect-virt (if available) to detect containers and VMs 2021-08-05 13:52:51 +02:00
Dennis Camera 2ffa895f57 [explorer/machine_type] Remove CPUID check 
it's a lot of code and depends on a binary helper unlikely to be installed.
 2021-08-05 13:52:51 +02:00
Dennis Camera abc6d009b2 [explorer/machine_type] Print top most machine layer as first line (fallback to physical) 2021-08-05 13:52:51 +02:00
Dennis Camera edcac70b2a [explorer/machine_type] Reimplement 2021-08-05 13:52:51 +02:00
poljakowski 841ebb9b88 Merge branch 'fix/explorer/os_version/old-freebsd' into 'master' 
explorer/os_version: fix for FreeBSD < 10.0 (again)

See merge request ungleich-public/cdist!1017
 2021-08-05 10:26:33 +02:00
poljakowski 39dcb41349 Merge branch 'fix/explorer/os_version/legacy-macosx' into 'master' 
explorer/os_version: Fix for legacy Mac OS X versions

See merge request ungleich-public/cdist!1018
 2021-08-05 10:25:17 +02:00
poljakowski d37772f3ea Merge branch 'fix/type/__update_alternatives/dry-run' into 'master' 
update alternatives: fixes for dry runs and non-English systems

See merge request ungleich-public/cdist!1016
 2021-08-05 10:23:29 +02:00
poljakowski 49a9bcdf93 Merge branch 'fix/explorer/memory/gt-2g' into 'master' 
explorer/memory: fix conversion of large numbers (>= 2GiB)

See merge request ungleich-public/cdist!1015
 2021-08-05 10:23:20 +02:00
Dennis Camera 2a0c073d40 [explorer/os_version] Fix for legacy Mac OS X versions 2021-08-04 21:55:56 +02:00
Dennis Camera bbcc81a984 [type/__update_alternatives] Fix for non-English locales 
Since update-alternatives(1) is localized, screen scraping its output breaks
if the locale is set to non-English.
 2021-08-04 21:44:04 +02:00
Dennis Camera 0b3b47396f [type/__update_alternatives] dry-run fixes 2021-08-04 21:39:39 +02:00
Dennis Camera a7d6481a7d [type/__update_alternatives] Secure cdist-defined environment variables with :? 2021-08-04 21:38:21 +02:00
Dennis Camera 83fe6e9f5b [explorer/memory] Fix conversion of large numbers (>= 2GiB) 
At least mawk uses scientific notation when using print for
numbers >=2^31 (INT_MAX of a signed 32-bit int).

`printf "%.f\n"` works around this.
 2021-08-04 20:45:14 +02:00
Dennis Camera e108cbc205 [explorer/os_version] Ubuntu: fall back to os-release/lsb-release files 2021-08-04 20:44:17 +02:00
Dennis Camera 53334fb4eb [explorer/os_version] Fix for FreeBSD < 10.0 (again) 2021-08-04 19:50:10 +02:00
sparrowhawk 4156fea900
[filesystem] Add ubuntu as supported distribution. 2021-07-28 12:56:39 +02:00
poljakowski bf0c355fe7 Merge branch 'feature/explorer/os_version/devuan-ceres' into 'master' 
explorer/os_version: Convert Devuan ceres to version number

See merge request ungleich-public/cdist!1008
 2021-07-20 06:37:40 +02:00
Dennis Camera 24c9406ea0 [explorer/os_version] Convert Devuan ceres to version number 
Conversion of Devuan ceres to version numbers is done based on Devuan codenames.
The version number is the version number of the final release - 0.01.

Analogous to Debian.
 2021-07-19 12:14:20 +02:00
poljakowski 8b160841ad Merge branch 'apt-pin-type' into 'master' 
New type: __apt_pin - manage apt pinning

See merge request ungleich-public/cdist!1005
 2021-07-18 17:44:04 +02:00
ander 46b5c24cd2
use $__remote_exec for RSYNC_RSH 2021-07-18 16:25:00 +03:00
ander 0e611af2a6
[__rsync] rewrite 2021-07-17 11:44:09 +03:00
Darko Poljak 65c43d3c1d Fix docs code block errors 2021-07-10 21:02:27 +02:00
poljakowski b8f601ee15 Merge branch 'rsync-ssh-multiplex' into 'master' 
__rsync: Use $__remote_exec and thus the ssh multiplexing

See merge request ungleich-public/cdist!1001
 2021-07-08 08:05:52 +02:00
ander cf0032d667
add messaging and exit earlier 2021-07-07 21:28:00 +03:00
ander 7a5896acfa
add --onchange, fix shellcheck 2021-07-07 21:23:25 +03:00
ander 485283f2e5
new type: __sed 2021-07-07 20:47:22 +03:00
fancsali 166b58aeea Fix typo in distro names... 2021-07-05 15:32:27 +02:00
fancsali 521241d741 Refine docs even more 2021-07-05 15:28:05 +02:00
fancsali be92731c5c Shell check quoting 
We're actually echo-ing the command, hence the escape in front of the
quotes - the issue Shellcheck alludes too would actually occur, had the
escaping bakcslashes been omitted.
 2021-07-05 12:44:09 +01:00
poljakowski d8da298cdf Merge branch '__snakeoil_cert' into 'master' 
new type: __snakeoil_cert

See merge request ungleich-public/cdist!1002
 2021-07-05 08:59:59 +02:00
ander 30ba796d06
new type: __snakeoil_cert 2021-07-02 10:09:38 +03:00
poljakowski 6528fd1c77 Merge branch 'feature/type/__debconf_set_selections/state-explorer' into 'master' 
__debconf set selections: Add state explorer

See merge request ungleich-public/cdist!999
 2021-07-02 06:49:24 +02:00
ander 60753ddfcc
fix shellcheck 2021-07-01 14:42:10 +03:00
fancsali d937d53f3d Add quotes to rsync command 2021-06-28 18:09:35 +01:00
fancsali 2db40d8d70 Use $__remote_exec and thus the ssh multiplexing 2021-06-28 12:54:20 +02:00
ander 7b3f268df2
[__download] improvements 
1. post download checksum verification
2. detect hashes without prefix
3. add optional --destination
4. updated man
 2021-06-22 16:36:30 +03:00
fancsali b726697e07 Add documentation 2021-06-11 15:05:33 +01:00
fancsali a3102022e1 More sensible defaults; reword debian-only error message 2021-06-11 15:05:17 +01:00
Dennis Camera 6ede76b08b [type/__debconf_set_selections] man.rst: Fix line break in AUTHORS 2021-06-08 16:20:55 +02:00
Dennis Camera d596986af8 [type/__pyvenv] Fix group explorer 2021-05-31 09:06:52 +02:00
poljakowski d2ce55ea6e Merge branch '__git_fix_group_explorer' into 'master' 
[__git] fix group explorer

See merge request ungleich-public/cdist!992
 2021-05-29 11:20:20 +02:00
ander 503a06ed28
[__git] fix group explorer 
group name from numberic id wasn't resolved correctly.

try to use getent and fallback to reading /etc/group directly.
 2021-05-23 13:35:33 +03:00
evilham 81b426e4e2 [__letsencrypt_cert] Revamp explorers, add locking. 
Closes #839

See merge request ungleich-public/cdist!976

This patch joins all explorers in one to avoid starting multiple remote python
processes and uses a cdist-specific lock in /tmp/certbot.cdist.lock with a
60 seconds timeout.
 2021-05-10 12:10:01 +02:00
evilham a696f3cf00 [__letsencrypt_cert] Revamp explorers, add locking. 
This would fix #839

Certbot uses locking [1] even for read-only operations and does not properly
use exit codes, which means that sometimes it would print:
"Another instance of Certbot is already running" and exit with success.

However, the previous explorers would take that as the certificate being absent
and would trigger code generation.

The issue was made worse by having many explorers running certbot, so for N
certificates, we'd run certbot N*4 times, potentially "in parallel".

[1]: https://certbot.eff.org/docs/using.html#id5

This patch joins all explorers in one to avoid starting multiple remote python
processes and uses a cdist-specific lock in /tmp/certbot.cdist.lock with a
60 seconds timeout.

It has been tested with certbot 0.31.0 and 0.17 that the:

    from certbot.main import main

trick works. It is somewhat well documented so it can be somewhat relied upon.
 2021-05-10 12:10:00 +02:00
evilham c00c8c2012 [__apt_key*] Deprecate __apt_key_uri and improve __apt_key 
Previously this type was falling back to using the deprecated apt-key(8) by
checking for existence of files/directories on the controller host in
gencode-remote.

Adding `--use-deprecated-apt-key` as an explicit boolean serves two purposes:
1. It prevents fallbacks that might end up doing the wrong thing
   (as was the case)
2. It allows for a simple way to remove keys from the keyring that were
   previously added with apt-key(8) to /etc/apt/trusted.gpg

This parameter is added marked as deprecated as is only intended use is to
migrate to directory-based keyrings as recommended by Debian for a few releases.
It will be removed when Debian 11 stops being supported.

During the review process of this merge request, it was noted that the state of
PGP Key Servers is somewhat suboptimal, that the examples encouraged bad
practise (it is trivial to produce collisions for short key IDs), and that
this use does not require the Web of Trust, but instead only the public key
that is signing the repository.

That is why this also adds `--source` as an argument allowing for in-type or
in-manifest provision of such public keys by the type/manifest maintainer and
the use of Key Servers is still supported, but discouraged.
 2021-05-10 12:08:22 +02:00
Dennis Camera a42ebc7a78 [type/__debconf_set_selections] Synchronise objects 
Works around locking error:

	debconf: DbDriver "config": /var/cache/debconf/config.dat is locked by another process: Resource temporarily unavailable
 2021-04-27 19:46:07 +02:00
Dennis Camera 9cf19388ab [type/__debconf_set_selections] Send message about each debconf setting that is changed 2021-04-26 16:47:44 +02:00
Dennis Camera a4122882f2 [type/__debconf_set_selections] Add state explorer 
…and to make it work, replace --file with --line.

--file is deprecated because it does not work with the state explorer as the
contents of the file are not available on the target.
 2021-04-26 16:39:51 +02:00
Dennis Camera 0f05f38384 [type/__postgres_role] Treat --password '' like no --password 2021-04-25 20:01:36 +02:00
Dennis Camera 0d33407b18 [type/__postgres_database] Proper quoting in state explorer 2021-04-25 20:01:36 +02:00
Dennis Camera 8296051653 [type/__postgres_extension] Add state explorer 2021-04-25 20:01:36 +02:00
Dennis Camera 3cf93249c3 [type/__postgres_extension] Include postgres_user explorer from __postgres_conf 2021-04-25 20:01:36 +02:00
Dennis Camera beb8da6d5f [type/__postgres_role] Include postgres_user explorer from __postgres_conf 2021-04-25 20:01:36 +02:00
Dennis Camera 58b279a8d0 [type/__postgres_database] Improve quoting 2021-04-25 20:01:36 +02:00
Dennis Camera 6ac8cbf98f [type/__postgres_database] Include postgres_user explorer from __postgres_conf 2021-04-25 20:01:36 +02:00
poljakowski 71d79ed6ee Merge branch 'feature/type/__postgres_conf' into 'master' 
__postgres_conf: new type

See merge request ungleich-public/cdist!972
 2021-04-25 15:49:19 +02:00
Dennis Camera 19bf37be1a [type/__postgres_conf] Update man.rst 2021-04-15 15:56:15 +02:00
Dennis Camera 686e4f0f2d [type/__postgres_conf] Reverse state logic (decide based on source first) 2021-04-15 15:50:03 +02:00
Dennis Camera bef1433ba3 [type/__postgres_conf] Accept empty values 2021-04-15 15:50:03 +02:00
Dennis Camera 12c2995494 [type/__postgres_conf] Implement complex state compare logic 2021-04-15 15:50:02 +02:00
Dennis Camera e0416403c4 [type/__postgres_conf] Add psql_conf_source function to state explorer 2021-04-15 15:50:02 +02:00
Dennis Camera 2ccc03fef1 [type/__postgres_conf] Add psql_conf_cmp function to state explorer 2021-04-15 15:50:02 +02:00
Dennis Camera 92b8942a8c [type/__postgres_conf] Add psql_exec function to state explorer 2021-04-15 15:50:02 +02:00
ander d2eec60668
[__download] make --sum optional 2021-04-11 23:16:00 +03:00
poljakowski ce79a2069c Merge branch 'fix/type/__pyvenv/numeric-owner' into 'master' 
__pyvenv: Fix if --owner / --group is numeric

See merge request ungleich-public/cdist!988
 2021-04-01 15:36:02 +02:00
Dennis Camera 985252585c [type/__pyvenv] Fix if --owner / --group is numeric 
Before, if --owner and/or --group was numeric, gencode-remote would generate
`chown` code every time.
 2021-03-30 13:26:21 +02:00
Dennis Camera 167c2ad7ea [type/__git] Fix if --owner / --group is numeric 
Before, if --owner and/or --group was numeric, gencode-remote would generate
`chown` code every time.
 2021-03-30 13:24:56 +02:00
poljakowski c55397766e Merge branch 'feature/type/__sshd_config/whitelist-openbmc' into 'master' 
__sshd_config: Whitelist OpenBMC

See merge request ungleich-public/cdist!980
 2021-03-12 08:20:35 +01:00
Dennis Camera e47c4dd8a4 [type/__sshd_config] Whitelist OpenBMC in manifest 2021-03-11 14:17:44 +01:00
Dennis Camera fb19f34266 [type/__ssh_authorized_key] Only grep if file exists 2021-03-09 21:15:26 +01:00
poljakowski 1bc0d912bf Merge branch 'fix/type/__pyvenv/man-typo' into 'master' 
__pyvenv: Fix user example

See merge request ungleich-public/cdist!978
 2021-03-02 09:28:50 +01:00
Dennis Camera 8ef19d47f6 [type/__pyvenv] Fix example (--user -> --owner) 2021-03-01 17:59:45 +01:00
fancsali dc66efa690 Fix shellcheck issues 2021-02-23 11:59:09 +00:00
fancsali 1a74470c4d __apt_pin: Always use $__object_id as preferences.d filename 2021-02-23 09:43:02 +00:00
fancsali 0734288483 First draft of __apt_pin 2021-02-23 09:43:02 +00:00
poljakowski 6358885d26 Merge branch 'feature/__package_pip/extras' into 'master' 
__package_pip: add optional (extra) dependencies

See merge request ungleich-public/cdist!975
 2021-02-23 06:27:09 +01:00
poljakowski b3a9c907ad Merge branch '__letsencrypt_cert-fix-hooks' into 'master' 
[__letsencrypt_cert] Fix various issues with hooks.

Closes #853

See merge request ungleich-public/cdist!977
 2021-02-22 09:09:45 +01:00
poljakowski e854db096e Merge branch 'fix/type/__postgres_role/implement-alter' into 'master' 
__postgres_role: implement modification of roles

See merge request ungleich-public/cdist!973
 2021-02-22 08:58:58 +01:00
matze d1f45d3524 __package_pip: corrected typo in man 
.. by fully replacing it with a smaller sentence.
 2021-02-19 09:03:56 +01:00
Dennis Camera 0835f414a5 [type/__postgres_conf] Extract PostgreSQL service user detection to separate explorer 2021-02-16 16:03:23 +01:00
matze 2ce1fce767 __package_pip: match package names case insensitive 
Pip matches them insensitive, so we need to do the same to avoid
problems by saying extras are not installed but already is there in
place.
 2021-02-15 16:17:46 +01:00
matze 951712740f __package_pip: update man.rst 
Adjusted comments for `explorer/extras` and updated the man page for the
new behaviour of updating the extras.
 2021-02-12 13:42:51 +01:00
matze a9d7dfb2ed __package_pip: split extra 'all' to a list of all extras 
This will fix if a package will be upgraded from some extras to all
extras. Previously, it will not work because some dependencies of 'all'
are already installed, so the feature 'all' is already installed.

Now, it will use a list of all extras to iterate over them separatly. This
will result it will never install all extras via `[all]`, but rather
`[foo,bar]`.
 2021-02-12 09:17:02 +01:00
matze 7398382890 __package_pip: fix shellcheck 
Useless `cat $file`, use `< $file` instead.
 2021-02-11 23:12:10 +01:00
matze 2db0ef7c98 __package_pip: updating real detection of extras 
As the previous detection took the wrong values, this explorer now
checks if packages for an extra are installed or not. If not, the extra
is not installed.

Based on the information of the explorer, it will install the package
again with the absent extras.
 2021-02-11 22:53:26 +01:00
matze 8dc6ab9738 __package_pip: install not found extras 
Compares the explorer against the parameters and install those extras
that are not already installed.
 2021-02-11 13:49:53 +01:00
matze 4717e5ceff __package_pip: add extras explorer 
The two new explorers detect all installed extras for this package.
 2021-02-11 10:31:07 +01:00
evilham aa80c09c80 [__letsencrypt_cert] Move hook contents generation out of manifest 
While there address some minor issues in the comments in the hook contents.
 2021-02-10 10:10:21 +01:00
evilham b832af5e3b [__letsencrypt_cert] Don't mess with user script indentation 
This could break in odd ways if they passed sth like:
cat <<eof
bla bla
eof
 2021-02-09 20:53:58 +01:00
evilham e49da474c4 [__letsencrypt_cert] Remove problematic trailing slash in sed. 
Happy fingers are happy and like adding slashes places.
 2021-02-09 20:29:17 +01:00
evilham bc145bbc27 [__letsencrypt_cert] Fix various issues with hooks. 
Closes #853, see issue for full description / discussion.

Short summary:
- There was about 6.53% chances of `--renewal-hook` not being applied
- Using --automatic-renewal in one cert and not in another was an error.
- It was not possible to use different hooks for different certificates.
- FreeBSD support was utterly broken.
 2021-02-09 19:58:47 +01:00
ssrq cda17be38a [explorer/memory] Clean up, return kiB for all systems, add SunOS 
BSDs were MiB before.
 2021-02-08 08:27:03 +01:00
matze 73a03d75d7 __package_pip: fix shellcheck 2021-02-04 19:18:02 +01:00
matze 8eccacec59 __package_pip: add optional dependencies 
This is a poor implementation of optional dependencies for pip packages.
It ensures to install them if the package will be installed, but does
not take into account if they must be added/removed after the package is
already installed. Also, it will not be autoremoved, as all dependencies
will not be removed.
 2021-02-04 19:09:26 +01:00
Dennis Camera 6b18cace75 [type/__postgres_conf] Catch connection errors early 2021-01-26 14:01:44 +01:00
Dennis Camera f9ebb4333c [type/__postgres_conf] Add NetBSD PostgreSQL UNIX user 2021-01-26 14:01:44 +01:00