ander
67f85546ec
[explorer/os_version] add new debian code names: bookworm and trixie
2021-08-23 10:09:41 +03:00
Dennis Camera
05c2a62191
[explorer/machine_type] Implement chroot detection using /proc/.../mountinfo
2021-08-05 13:52:51 +02:00
Dennis Camera
5af1317c29
[explorer/machine_type] Try to detect chroot path
2021-08-05 13:52:51 +02:00
Dennis Camera
4a05669765
[explorer/machine_type] Implement chroot detection
2021-08-05 13:52:51 +02:00
Dennis Camera
23fbfaf035
[explorer/machine_type] Use systemd-detect-virt (if available) to detect containers and VMs
2021-08-05 13:52:51 +02:00
Dennis Camera
2ffa895f57
[explorer/machine_type] Remove CPUID check
...
it's a lot of code and depends on a binary helper unlikely to be installed.
2021-08-05 13:52:51 +02:00
Dennis Camera
abc6d009b2
[explorer/machine_type] Print top most machine layer as first line (fallback to physical)
2021-08-05 13:52:51 +02:00
Dennis Camera
edcac70b2a
[explorer/machine_type] Reimplement
2021-08-05 13:52:51 +02:00
poljakowski
841ebb9b88
Merge branch 'fix/explorer/os_version/old-freebsd' into 'master'
...
explorer/os_version: fix for FreeBSD < 10.0 (again)
See merge request ungleich-public/cdist!1017
2021-08-05 10:26:33 +02:00
poljakowski
39dcb41349
Merge branch 'fix/explorer/os_version/legacy-macosx' into 'master'
...
explorer/os_version: Fix for legacy Mac OS X versions
See merge request ungleich-public/cdist!1018
2021-08-05 10:25:17 +02:00
poljakowski
d37772f3ea
Merge branch 'fix/type/__update_alternatives/dry-run' into 'master'
...
update alternatives: fixes for dry runs and non-English systems
See merge request ungleich-public/cdist!1016
2021-08-05 10:23:29 +02:00
poljakowski
49a9bcdf93
Merge branch 'fix/explorer/memory/gt-2g' into 'master'
...
explorer/memory: fix conversion of large numbers (>= 2GiB)
See merge request ungleich-public/cdist!1015
2021-08-05 10:23:20 +02:00
Dennis Camera
2a0c073d40
[explorer/os_version] Fix for legacy Mac OS X versions
2021-08-04 21:55:56 +02:00
Dennis Camera
bbcc81a984
[type/__update_alternatives] Fix for non-English locales
...
Since update-alternatives(1) is localized, screen scraping its output breaks
if the locale is set to non-English.
2021-08-04 21:44:04 +02:00
Dennis Camera
0b3b47396f
[type/__update_alternatives] dry-run fixes
2021-08-04 21:39:39 +02:00
Dennis Camera
a7d6481a7d
[type/__update_alternatives] Secure cdist-defined environment variables with :?
2021-08-04 21:38:21 +02:00
Dennis Camera
83fe6e9f5b
[explorer/memory] Fix conversion of large numbers (>= 2GiB)
...
At least mawk uses scientific notation when using print for
numbers >=2^31 (INT_MAX of a signed 32-bit int).
`printf "%.f\n"` works around this.
2021-08-04 20:45:14 +02:00
Dennis Camera
e108cbc205
[explorer/os_version] Ubuntu: fall back to os-release/lsb-release files
2021-08-04 20:44:17 +02:00
Dennis Camera
53334fb4eb
[explorer/os_version] Fix for FreeBSD < 10.0 (again)
2021-08-04 19:50:10 +02:00
sparrowhawk
4156fea900
[filesystem] Add ubuntu as supported distribution.
2021-07-28 12:56:39 +02:00
poljakowski
bf0c355fe7
Merge branch 'feature/explorer/os_version/devuan-ceres' into 'master'
...
explorer/os_version: Convert Devuan ceres to version number
See merge request ungleich-public/cdist!1008
2021-07-20 06:37:40 +02:00
Dennis Camera
24c9406ea0
[explorer/os_version] Convert Devuan ceres to version number
...
Conversion of Devuan ceres to version numbers is done based on Devuan codenames.
The version number is the version number of the final release - 0.01.
Analogous to Debian.
2021-07-19 12:14:20 +02:00
poljakowski
8b160841ad
Merge branch 'apt-pin-type' into 'master'
...
New type: __apt_pin - manage apt pinning
See merge request ungleich-public/cdist!1005
2021-07-18 17:44:04 +02:00
ander
46b5c24cd2
use $__remote_exec for RSYNC_RSH
2021-07-18 16:25:00 +03:00
ander
0e611af2a6
[__rsync] rewrite
2021-07-17 11:44:09 +03:00
Darko Poljak
65c43d3c1d
Fix docs code block errors
2021-07-10 21:02:27 +02:00
poljakowski
b8f601ee15
Merge branch 'rsync-ssh-multiplex' into 'master'
...
__rsync: Use $__remote_exec and thus the ssh multiplexing
See merge request ungleich-public/cdist!1001
2021-07-08 08:05:52 +02:00
ander
cf0032d667
add messaging and exit earlier
2021-07-07 21:28:00 +03:00
ander
7a5896acfa
add --onchange, fix shellcheck
2021-07-07 21:23:25 +03:00
ander
485283f2e5
new type: __sed
2021-07-07 20:47:22 +03:00
fancsali
166b58aeea
Fix typo in distro names...
2021-07-05 15:32:27 +02:00
fancsali
521241d741
Refine docs even more
2021-07-05 15:28:05 +02:00
fancsali
be92731c5c
Shell check quoting
...
We're actually echo-ing the command, hence the escape in front of the
quotes - the issue Shellcheck alludes too would actually occur, had the
escaping bakcslashes been omitted.
2021-07-05 12:44:09 +01:00
poljakowski
d8da298cdf
Merge branch '__snakeoil_cert' into 'master'
...
new type: __snakeoil_cert
See merge request ungleich-public/cdist!1002
2021-07-05 08:59:59 +02:00
ander
30ba796d06
new type: __snakeoil_cert
2021-07-02 10:09:38 +03:00
poljakowski
6528fd1c77
Merge branch 'feature/type/__debconf_set_selections/state-explorer' into 'master'
...
__debconf set selections: Add state explorer
See merge request ungleich-public/cdist!999
2021-07-02 06:49:24 +02:00
ander
60753ddfcc
fix shellcheck
2021-07-01 14:42:10 +03:00
fancsali
d937d53f3d
Add quotes to rsync command
2021-06-28 18:09:35 +01:00
fancsali
2db40d8d70
Use $__remote_exec and thus the ssh multiplexing
2021-06-28 12:54:20 +02:00
ander
7b3f268df2
[__download] improvements
...
1. post download checksum verification
2. detect hashes without prefix
3. add optional --destination
4. updated man
2021-06-22 16:36:30 +03:00
fancsali
b726697e07
Add documentation
2021-06-11 15:05:33 +01:00
fancsali
a3102022e1
More sensible defaults; reword debian-only error message
2021-06-11 15:05:17 +01:00
Dennis Camera
6ede76b08b
[type/__debconf_set_selections] man.rst: Fix line break in AUTHORS
2021-06-08 16:20:55 +02:00
Dennis Camera
d596986af8
[type/__pyvenv] Fix group explorer
2021-05-31 09:06:52 +02:00
poljakowski
d2ce55ea6e
Merge branch '__git_fix_group_explorer' into 'master'
...
[__git] fix group explorer
See merge request ungleich-public/cdist!992
2021-05-29 11:20:20 +02:00
ander
503a06ed28
[__git] fix group explorer
...
group name from numberic id wasn't resolved correctly.
try to use getent and fallback to reading /etc/group directly.
2021-05-23 13:35:33 +03:00
evilham
81b426e4e2
[__letsencrypt_cert] Revamp explorers, add locking.
...
Closes #839
See merge request ungleich-public/cdist!976
This patch joins all explorers in one to avoid starting multiple remote python
processes and uses a cdist-specific lock in /tmp/certbot.cdist.lock with a
60 seconds timeout.
2021-05-10 12:10:01 +02:00
evilham
a696f3cf00
[__letsencrypt_cert] Revamp explorers, add locking.
...
This would fix #839
Certbot uses locking [1] even for read-only operations and does not properly
use exit codes, which means that sometimes it would print:
"Another instance of Certbot is already running" and exit with success.
However, the previous explorers would take that as the certificate being absent
and would trigger code generation.
The issue was made worse by having many explorers running certbot, so for N
certificates, we'd run certbot N*4 times, potentially "in parallel".
[1]: https://certbot.eff.org/docs/using.html#id5
This patch joins all explorers in one to avoid starting multiple remote python
processes and uses a cdist-specific lock in /tmp/certbot.cdist.lock with a
60 seconds timeout.
It has been tested with certbot 0.31.0 and 0.17 that the:
from certbot.main import main
trick works. It is somewhat well documented so it can be somewhat relied upon.
2021-05-10 12:10:00 +02:00
evilham
c00c8c2012
[__apt_key*] Deprecate __apt_key_uri and improve __apt_key
...
Previously this type was falling back to using the deprecated apt-key(8) by
checking for existence of files/directories on the controller host in
gencode-remote.
Adding `--use-deprecated-apt-key` as an explicit boolean serves two purposes:
1. It prevents fallbacks that might end up doing the wrong thing
(as was the case)
2. It allows for a simple way to remove keys from the keyring that were
previously added with apt-key(8) to /etc/apt/trusted.gpg
This parameter is added marked as deprecated as is only intended use is to
migrate to directory-based keyrings as recommended by Debian for a few releases.
It will be removed when Debian 11 stops being supported.
During the review process of this merge request, it was noted that the state of
PGP Key Servers is somewhat suboptimal, that the examples encouraged bad
practise (it is trivial to produce collisions for short key IDs), and that
this use does not require the Web of Trust, but instead only the public key
that is signing the repository.
That is why this also adds `--source` as an argument allowing for in-type or
in-manifest provision of such public keys by the type/manifest maintainer and
the use of Key Servers is still supported, but discouraged.
2021-05-10 12:08:22 +02:00
Dennis Camera
a42ebc7a78
[type/__debconf_set_selections] Synchronise objects
...
Works around locking error:
debconf: DbDriver "config": /var/cache/debconf/config.dat is locked by another process: Resource temporarily unavailable
2021-04-27 19:46:07 +02:00
Dennis Camera
9cf19388ab
[type/__debconf_set_selections] Send message about each debconf setting that is changed
2021-04-26 16:47:44 +02:00
Dennis Camera
a4122882f2
[type/__debconf_set_selections] Add state explorer
...
…and to make it work, replace --file with --line.
--file is deprecated because it does not work with the state explorer as the
contents of the file are not available on the target.
2021-04-26 16:39:51 +02:00
Dennis Camera
0f05f38384
[type/__postgres_role] Treat --password '' like no --password
2021-04-25 20:01:36 +02:00
Dennis Camera
0d33407b18
[type/__postgres_database] Proper quoting in state explorer
2021-04-25 20:01:36 +02:00
Dennis Camera
8296051653
[type/__postgres_extension] Add state explorer
2021-04-25 20:01:36 +02:00
Dennis Camera
3cf93249c3
[type/__postgres_extension] Include postgres_user explorer from __postgres_conf
2021-04-25 20:01:36 +02:00
Dennis Camera
beb8da6d5f
[type/__postgres_role] Include postgres_user explorer from __postgres_conf
2021-04-25 20:01:36 +02:00
Dennis Camera
58b279a8d0
[type/__postgres_database] Improve quoting
2021-04-25 20:01:36 +02:00
Dennis Camera
6ac8cbf98f
[type/__postgres_database] Include postgres_user explorer from __postgres_conf
2021-04-25 20:01:36 +02:00
poljakowski
71d79ed6ee
Merge branch 'feature/type/__postgres_conf' into 'master'
...
__postgres_conf: new type
See merge request ungleich-public/cdist!972
2021-04-25 15:49:19 +02:00
Dennis Camera
19bf37be1a
[type/__postgres_conf] Update man.rst
2021-04-15 15:56:15 +02:00
Dennis Camera
686e4f0f2d
[type/__postgres_conf] Reverse state logic (decide based on source first)
2021-04-15 15:50:03 +02:00
Dennis Camera
bef1433ba3
[type/__postgres_conf] Accept empty values
2021-04-15 15:50:03 +02:00
Dennis Camera
12c2995494
[type/__postgres_conf] Implement complex state compare logic
2021-04-15 15:50:02 +02:00
Dennis Camera
e0416403c4
[type/__postgres_conf] Add psql_conf_source function to state explorer
2021-04-15 15:50:02 +02:00
Dennis Camera
2ccc03fef1
[type/__postgres_conf] Add psql_conf_cmp function to state explorer
2021-04-15 15:50:02 +02:00
Dennis Camera
92b8942a8c
[type/__postgres_conf] Add psql_exec function to state explorer
2021-04-15 15:50:02 +02:00
ander
d2eec60668
[__download] make --sum optional
2021-04-11 23:16:00 +03:00
poljakowski
ce79a2069c
Merge branch 'fix/type/__pyvenv/numeric-owner' into 'master'
...
__pyvenv: Fix if --owner / --group is numeric
See merge request ungleich-public/cdist!988
2021-04-01 15:36:02 +02:00
Dennis Camera
985252585c
[type/__pyvenv] Fix if --owner / --group is numeric
...
Before, if --owner and/or --group was numeric, gencode-remote would generate
`chown` code every time.
2021-03-30 13:26:21 +02:00
Dennis Camera
167c2ad7ea
[type/__git] Fix if --owner / --group is numeric
...
Before, if --owner and/or --group was numeric, gencode-remote would generate
`chown` code every time.
2021-03-30 13:24:56 +02:00
poljakowski
c55397766e
Merge branch 'feature/type/__sshd_config/whitelist-openbmc' into 'master'
...
__sshd_config: Whitelist OpenBMC
See merge request ungleich-public/cdist!980
2021-03-12 08:20:35 +01:00
Dennis Camera
e47c4dd8a4
[type/__sshd_config] Whitelist OpenBMC in manifest
2021-03-11 14:17:44 +01:00
Dennis Camera
fb19f34266
[type/__ssh_authorized_key] Only grep if file exists
2021-03-09 21:15:26 +01:00
poljakowski
1bc0d912bf
Merge branch 'fix/type/__pyvenv/man-typo' into 'master'
...
__pyvenv: Fix user example
See merge request ungleich-public/cdist!978
2021-03-02 09:28:50 +01:00
Dennis Camera
8ef19d47f6
[type/__pyvenv] Fix example (--user -> --owner)
2021-03-01 17:59:45 +01:00
fancsali
dc66efa690
Fix shellcheck issues
2021-02-23 11:59:09 +00:00
fancsali
1a74470c4d
__apt_pin: Always use $__object_id as preferences.d filename
2021-02-23 09:43:02 +00:00
fancsali
0734288483
First draft of __apt_pin
2021-02-23 09:43:02 +00:00
poljakowski
6358885d26
Merge branch 'feature/__package_pip/extras' into 'master'
...
__package_pip: add optional (extra) dependencies
See merge request ungleich-public/cdist!975
2021-02-23 06:27:09 +01:00
poljakowski
b3a9c907ad
Merge branch '__letsencrypt_cert-fix-hooks' into 'master'
...
[__letsencrypt_cert] Fix various issues with hooks.
Closes #853
See merge request ungleich-public/cdist!977
2021-02-22 09:09:45 +01:00
poljakowski
e854db096e
Merge branch 'fix/type/__postgres_role/implement-alter' into 'master'
...
__postgres_role: implement modification of roles
See merge request ungleich-public/cdist!973
2021-02-22 08:58:58 +01:00
matze
d1f45d3524
__package_pip: corrected typo in man
...
.. by fully replacing it with a smaller sentence.
2021-02-19 09:03:56 +01:00
Dennis Camera
0835f414a5
[type/__postgres_conf] Extract PostgreSQL service user detection to separate explorer
2021-02-16 16:03:23 +01:00
matze
2ce1fce767
__package_pip: match package names case insensitive
...
Pip matches them insensitive, so we need to do the same to avoid
problems by saying extras are not installed but already is there in
place.
2021-02-15 16:17:46 +01:00
matze
951712740f
__package_pip: update man.rst
...
Adjusted comments for `explorer/extras` and updated the man page for the
new behaviour of updating the extras.
2021-02-12 13:42:51 +01:00
matze
a9d7dfb2ed
__package_pip: split extra 'all' to a list of all extras
...
This will fix if a package will be upgraded from some extras to all
extras. Previously, it will not work because some dependencies of 'all'
are already installed, so the feature 'all' is already installed.
Now, it will use a list of all extras to iterate over them separatly. This
will result it will never install all extras via `[all]`, but rather
`[foo,bar]`.
2021-02-12 09:17:02 +01:00
matze
7398382890
__package_pip: fix shellcheck
...
Useless `cat $file`, use `< $file` instead.
2021-02-11 23:12:10 +01:00
matze
2db0ef7c98
__package_pip: updating real detection of extras
...
As the previous detection took the wrong values, this explorer now
checks if packages for an extra are installed or not. If not, the extra
is not installed.
Based on the information of the explorer, it will install the package
again with the absent extras.
2021-02-11 22:53:26 +01:00
matze
8dc6ab9738
__package_pip: install not found extras
...
Compares the explorer against the parameters and install those extras
that are not already installed.
2021-02-11 13:49:53 +01:00
matze
4717e5ceff
__package_pip: add extras explorer
...
The two new explorers detect all installed extras for this package.
2021-02-11 10:31:07 +01:00
evilham
aa80c09c80
[__letsencrypt_cert] Move hook contents generation out of manifest
...
While there address some minor issues in the comments in the hook contents.
2021-02-10 10:10:21 +01:00
evilham
b832af5e3b
[__letsencrypt_cert] Don't mess with user script indentation
...
This could break in odd ways if they passed sth like:
cat <<eof
bla bla
eof
2021-02-09 20:53:58 +01:00
evilham
e49da474c4
[__letsencrypt_cert] Remove problematic trailing slash in sed.
...
Happy fingers are happy and like adding slashes places.
2021-02-09 20:29:17 +01:00
evilham
bc145bbc27
[__letsencrypt_cert] Fix various issues with hooks.
...
Closes #853 , see issue for full description / discussion.
Short summary:
- There was about 6.53% chances of `--renewal-hook` not being applied
- Using --automatic-renewal in one cert and not in another was an error.
- It was not possible to use different hooks for different certificates.
- FreeBSD support was utterly broken.
2021-02-09 19:58:47 +01:00
ssrq
cda17be38a
[explorer/memory] Clean up, return kiB for all systems, add SunOS
...
BSDs were MiB before.
2021-02-08 08:27:03 +01:00
matze
73a03d75d7
__package_pip: fix shellcheck
2021-02-04 19:18:02 +01:00
matze
8eccacec59
__package_pip: add optional dependencies
...
This is a poor implementation of optional dependencies for pip packages.
It ensures to install them if the package will be installed, but does
not take into account if they must be added/removed after the package is
already installed. Also, it will not be autoremoved, as all dependencies
will not be removed.
2021-02-04 19:09:26 +01:00
Dennis Camera
6b18cace75
[type/__postgres_conf] Catch connection errors early
2021-01-26 14:01:44 +01:00
Dennis Camera
f9ebb4333c
[type/__postgres_conf] Add NetBSD PostgreSQL UNIX user
2021-01-26 14:01:44 +01:00