forked from ungleich-public/cdist
Merge branch 'master' into 2.1
Conflicts: conf/type/__package/man.text conf/type/__package_apt/man.text conf/type/__package_luarocks/gencode-remote conf/type/__package_luarocks/man.text conf/type/__package_pacman/gencode-remote conf/type/__package_pacman/man.text conf/type/__package_pkg_openbsd/gencode-remote conf/type/__package_pkg_openbsd/man.text conf/type/__package_rubygem/gencode-remote conf/type/__package_rubygem/man.text conf/type/__package_yum/gencode-remote conf/type/__package_yum/man.text Signed-off-by: Nico Schottelius <nico@brief.schottelius.org>
This commit is contained in:
commit
410e0ba8fa
62 changed files with 520 additions and 50 deletions
2
README
2
README
|
@ -350,4 +350,4 @@ with cdist on more than **60** production machines of the
|
|||
|
||||
The CBRG is managing most of their compute clusters with cdist.
|
||||
|
||||
|
||||
[[!tag cdist unix]]
|
||||
|
|
|
@ -16,8 +16,7 @@ It dispatches the actual work to the package system dependant types.
|
|||
|
||||
REQUIRED PARAMETERS
|
||||
-------------------
|
||||
state::
|
||||
The state the package should be in, either "present" or "absent"
|
||||
None
|
||||
|
||||
|
||||
OPTIONAL PARAMETERS
|
||||
|
@ -34,6 +33,9 @@ type::
|
|||
e.g. __package_apt for Debian
|
||||
__package_emerge for Gentoo
|
||||
|
||||
state::
|
||||
The state the package should be in, either "present" or "absent"
|
||||
|
||||
|
||||
EXAMPLES
|
||||
--------
|
||||
|
|
|
@ -2,3 +2,4 @@ name
|
|||
version
|
||||
type
|
||||
pkgsite
|
||||
state
|
||||
|
|
|
@ -27,7 +27,11 @@ else
|
|||
name="$__object_id"
|
||||
fi
|
||||
|
||||
state_should="$(cat "$__object/parameter/state")"
|
||||
if [ -f "$__object/parameter/state" ]; then
|
||||
state_should="$(cat "$__object/parameter/state")"
|
||||
else
|
||||
state_should="present"
|
||||
fi
|
||||
|
||||
# FIXME: use grep directly, state is a list, not a line!
|
||||
state_is="$(cat "$__object/explorer/state")"
|
||||
|
|
|
@ -16,8 +16,7 @@ manage packages.
|
|||
|
||||
REQUIRED PARAMETERS
|
||||
-------------------
|
||||
state::
|
||||
The state the package should be in, either "present" or "absent"
|
||||
None
|
||||
|
||||
|
||||
OPTIONAL PARAMETERS
|
||||
|
@ -25,6 +24,9 @@ OPTIONAL PARAMETERS
|
|||
name::
|
||||
If supplied, use the name and not the object id as the package name.
|
||||
|
||||
state::
|
||||
The state the package should be in, either "present" or "absent"
|
||||
|
||||
|
||||
EXAMPLES
|
||||
--------
|
||||
|
|
|
@ -1,2 +1,3 @@
|
|||
name
|
||||
version
|
||||
state
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
state
|
|
@ -29,7 +29,11 @@ else
|
|||
name="$__object_id"
|
||||
fi
|
||||
|
||||
state_should="$(cat "$__object/parameter/state")"
|
||||
if [ -f "$__object/parameter/state" ]; then
|
||||
state_should="$(cat "$__object/parameter/state")"
|
||||
else
|
||||
state_should="present"
|
||||
fi
|
||||
|
||||
if grep -q "(installed)" "$__object/explorer/pkg_status"; then
|
||||
state_is="present"
|
||||
|
|
|
@ -15,8 +15,7 @@ LuaRocks is a deployment and management system for Lua modules.
|
|||
|
||||
REQUIRED PARAMETERS
|
||||
-------------------
|
||||
state::
|
||||
The state the package should be in, either "present" or "absent"
|
||||
None
|
||||
|
||||
|
||||
OPTIONAL PARAMETERS
|
||||
|
@ -24,6 +23,9 @@ OPTIONAL PARAMETERS
|
|||
name::
|
||||
If supplied, use the name and not the object id as the package name.
|
||||
|
||||
state::
|
||||
The state the package should be in, either "present" or "absent"
|
||||
|
||||
|
||||
EXAMPLES
|
||||
--------
|
||||
|
|
|
@ -1 +1,2 @@
|
|||
name
|
||||
state
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
state
|
|
@ -28,7 +28,12 @@ else
|
|||
name="$__object_id"
|
||||
fi
|
||||
|
||||
state_should="$(cat "$__object/parameter/state")"
|
||||
if [ -f "$__object/parameter/state" ]; then
|
||||
state_should="$(cat "$__object/parameter/state")"
|
||||
else
|
||||
state_should="present"
|
||||
fi
|
||||
|
||||
state_is="$(cat "$__object/explorer/pkg_status")"
|
||||
case "$state_is" in
|
||||
absent*)
|
||||
|
|
|
@ -15,8 +15,7 @@ opkg is usually used on OpenWRT to manage packages.
|
|||
|
||||
REQUIRED PARAMETERS
|
||||
-------------------
|
||||
state::
|
||||
The state the package should be in, either "present" or "absent"
|
||||
None
|
||||
|
||||
|
||||
OPTIONAL PARAMETERS
|
||||
|
@ -24,6 +23,9 @@ OPTIONAL PARAMETERS
|
|||
name::
|
||||
If supplied, use the name and not the object id as the package name.
|
||||
|
||||
state::
|
||||
The state the package should be in, either "present" or "absent"
|
||||
|
||||
|
||||
EXAMPLES
|
||||
--------
|
||||
|
|
|
@ -1 +1,2 @@
|
|||
name
|
||||
state
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
state
|
|
@ -31,7 +31,11 @@ else
|
|||
name="$__object_id"
|
||||
fi
|
||||
|
||||
state_should="$(cat "$__object/parameter/state")"
|
||||
if [ -f "$__object/parameter/state" ]; then
|
||||
state_should="$(cat "$__object/parameter/state")"
|
||||
else
|
||||
state_should="present"
|
||||
fi
|
||||
|
||||
pkg_version="$(cat "$__object/explorer/pkg_version")"
|
||||
if [ -z "$pkg_version" ]; then
|
||||
|
|
|
@ -16,8 +16,7 @@ packages.
|
|||
|
||||
REQUIRED PARAMETERS
|
||||
-------------------
|
||||
state::
|
||||
The state the package should be in, either "present" or "absent"
|
||||
None
|
||||
|
||||
|
||||
OPTIONAL PARAMETERS
|
||||
|
@ -25,6 +24,9 @@ OPTIONAL PARAMETERS
|
|||
name::
|
||||
If supplied, use the name and not the object id as the package name.
|
||||
|
||||
state::
|
||||
The state the package should be in, either "present" or "absent"
|
||||
|
||||
|
||||
EXAMPLES
|
||||
--------
|
||||
|
|
|
@ -1 +1,2 @@
|
|||
name
|
||||
state
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
state
|
|
@ -22,7 +22,11 @@
|
|||
#
|
||||
|
||||
state_is=$(cat "$__object/explorer/state")
|
||||
state_should=$(cat "$__object/parameter/state")
|
||||
if [ -f "$__object/parameter/state" ]; then
|
||||
state_should="$(cat "$__object/parameter/state")"
|
||||
else
|
||||
state_should="present"
|
||||
fi
|
||||
|
||||
[ "$state_is" = "$state_should" ] && exit 0
|
||||
|
||||
|
|
|
@ -16,8 +16,7 @@ It is also included in the python virtualenv environment.
|
|||
|
||||
REQUIRED PARAMETERS
|
||||
-------------------
|
||||
state::
|
||||
Either "present" or "absent".
|
||||
None
|
||||
|
||||
|
||||
OPTIONAL PARAMETERS
|
||||
|
@ -28,6 +27,9 @@ name::
|
|||
pip::
|
||||
Instead of using pip from PATH, use the specific pip path.
|
||||
|
||||
state::
|
||||
Either "present" or "absent".
|
||||
|
||||
|
||||
EXAMPLES
|
||||
--------
|
||||
|
|
|
@ -1 +1,2 @@
|
|||
pip
|
||||
state
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
state
|
|
@ -63,7 +63,11 @@ if [ -f "$__object/parameter/pkgsite" ]; then
|
|||
pkgsite="$(cat "$__object/parameter/pkgsite")"
|
||||
fi
|
||||
|
||||
state="$(cat "$__object/parameter/state")"
|
||||
if [ -f "$__object/parameter/state" ]; then
|
||||
state="$(cat "$__object/parameter/state")"
|
||||
else
|
||||
state="present"
|
||||
fi
|
||||
curr_version="$(cat "$__object/explorer/pkg_version")"
|
||||
add_cmd="pkg_add"
|
||||
rm_cmd="pkg_delete"
|
||||
|
|
|
@ -15,8 +15,7 @@ This type is usually used on FreeBSD to manage packages.
|
|||
|
||||
REQUIRED PARAMETERS
|
||||
-------------------
|
||||
state::
|
||||
Either "present" or "absent".
|
||||
None
|
||||
|
||||
|
||||
OPTIONAL PARAMETERS
|
||||
|
@ -33,6 +32,9 @@ version::
|
|||
pkgsite::
|
||||
If supplied, use to install from a specific package repository.
|
||||
|
||||
state::
|
||||
Either "present" or "absent".
|
||||
|
||||
|
||||
EXAMPLES
|
||||
--------
|
||||
|
|
|
@ -2,3 +2,4 @@ name
|
|||
flavor
|
||||
version
|
||||
pkgsite
|
||||
state
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
state
|
|
@ -42,7 +42,11 @@ else
|
|||
name="$__object_id"
|
||||
fi
|
||||
|
||||
state_should="$(cat "$__object/parameter/state")"
|
||||
if [ -f "$__object/parameter/state" ]; then
|
||||
state_should="$(cat "$__object/parameter/state")"
|
||||
else
|
||||
state_should="present"
|
||||
fi
|
||||
|
||||
pkg_version="$(cat "$__object/explorer/pkg_version")"
|
||||
|
||||
|
|
|
@ -15,8 +15,7 @@ This type is usually used on OpenBSD to manage packages.
|
|||
|
||||
REQUIRED PARAMETERS
|
||||
-------------------
|
||||
state::
|
||||
The state the package should be in, either "present" or "absent"
|
||||
None
|
||||
|
||||
|
||||
OPTIONAL PARAMETERS
|
||||
|
@ -27,6 +26,9 @@ name::
|
|||
flavor::
|
||||
If supplied, use to avoid ambiguity.
|
||||
|
||||
state::
|
||||
The state the package should be in, either "present" or "absent"
|
||||
|
||||
|
||||
EXAMPLES
|
||||
--------
|
||||
|
|
|
@ -1,2 +1,3 @@
|
|||
name
|
||||
flavor
|
||||
state
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
state
|
|
@ -27,7 +27,11 @@ else
|
|||
name="$__object_id"
|
||||
fi
|
||||
|
||||
state_should="$(cat "$__object/parameter/state")"
|
||||
if [ -f "$__object/parameter/state" ]; then
|
||||
state_should="$(cat "$__object/parameter/state")"
|
||||
else
|
||||
state_should="present"
|
||||
fi
|
||||
|
||||
if grep -q true "$__object/explorer/pkg_status"; then
|
||||
state_is="present"
|
||||
|
|
|
@ -15,8 +15,7 @@ Rubygems is the default package management system for the Ruby programming langu
|
|||
|
||||
REQUIRED PARAMETERS
|
||||
-------------------
|
||||
state::
|
||||
The state the package should be in, either "present" or "absent"
|
||||
None
|
||||
|
||||
|
||||
OPTIONAL PARAMETERS
|
||||
|
@ -24,6 +23,9 @@ OPTIONAL PARAMETERS
|
|||
name::
|
||||
If supplied, use the name and not the object id as the package name.
|
||||
|
||||
state::
|
||||
The state the package should be in, either "present" or "absent"
|
||||
|
||||
|
||||
EXAMPLES
|
||||
--------
|
||||
|
|
|
@ -1 +1,2 @@
|
|||
name
|
||||
state
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
state
|
|
@ -27,7 +27,11 @@ else
|
|||
name="$__object_id"
|
||||
fi
|
||||
|
||||
state_should="$(cat "$__object/parameter/state")"
|
||||
if [ -f "$__object/parameter/state" ]; then
|
||||
state_should="$(cat "$__object/parameter/state")"
|
||||
else
|
||||
state_should="present"
|
||||
fi
|
||||
|
||||
if grep -q -E "(centos|redhat|amazon)" "$__global/explorer/os"; then
|
||||
opts="-y --quiet"
|
||||
|
|
|
@ -17,8 +17,7 @@ slightly confusing error message "Error: Nothing to do".
|
|||
|
||||
REQUIRED PARAMETERS
|
||||
-------------------
|
||||
state::
|
||||
The state the package should be in, either "present" or "absent"
|
||||
None
|
||||
|
||||
|
||||
OPTIONAL PARAMETERS
|
||||
|
@ -26,6 +25,10 @@ OPTIONAL PARAMETERS
|
|||
name::
|
||||
If supplied, use the name and not the object id as the package name.
|
||||
|
||||
state::
|
||||
The state the package should be in, either "present" or "absent"
|
||||
(the old values "installed" or "removed" will be removed in cdist 2.1).
|
||||
|
||||
|
||||
EXAMPLES
|
||||
--------
|
||||
|
|
|
@ -1 +1,2 @@
|
|||
name
|
||||
state
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
state
|
|
@ -33,7 +33,11 @@ else
|
|||
name="$__object_id"
|
||||
fi
|
||||
|
||||
state_should="$(cat "$__object/parameter/state")"
|
||||
if [ -f "$__object/parameter/state" ]; then
|
||||
state_should="$(cat "$__object/parameter/state")"
|
||||
else
|
||||
state_should="present"
|
||||
fi
|
||||
|
||||
# Exit if nothing is needed to be done
|
||||
[ "$state_is" = "$state_should" ] && exit 0
|
||||
|
|
|
@ -15,8 +15,7 @@ Zypper is usually used on the SuSE distribution to manage packages.
|
|||
|
||||
REQUIRED PARAMETERS
|
||||
-------------------
|
||||
state::
|
||||
The state the package should be in, either "present" or "absent"
|
||||
None
|
||||
|
||||
|
||||
OPTIONAL PARAMETERS
|
||||
|
@ -24,6 +23,9 @@ OPTIONAL PARAMETERS
|
|||
name::
|
||||
If supplied, use the name and not the object id as the package name.
|
||||
|
||||
state::
|
||||
The state the package should be in, either "present" or "absent"
|
||||
|
||||
|
||||
EXAMPLES
|
||||
--------
|
||||
|
|
|
@ -1 +1,2 @@
|
|||
name
|
||||
state
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
state
|
36
conf/type/__pf_apply/explorer/rcvar
Executable file
36
conf/type/__pf_apply/explorer/rcvar
Executable file
|
@ -0,0 +1,36 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# 2012 Jake Guffey (jake.guffey at eprotex.com)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
# cdist is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# cdist is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
#
|
||||
# Get the location of the pf ruleset on the target host.
|
||||
#
|
||||
|
||||
# Debug
|
||||
#exec >&2
|
||||
#set -x
|
||||
|
||||
# Check /etc/rc.conf for pf's configuration file name. Default to /etc/pf.conf
|
||||
|
||||
RC="/etc/rc.conf"
|
||||
PFCONF="$(grep '^pf_rules=' ${RC} | cut -d= -f2 | sed 's/"//g')"
|
||||
echo ${PFCONF:-"/etc/pf.conf"}
|
||||
|
||||
# Debug
|
||||
#set +x
|
||||
|
51
conf/type/__pf_apply/gencode-remote
Executable file
51
conf/type/__pf_apply/gencode-remote
Executable file
|
@ -0,0 +1,51 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# 2012 Jake Guffey (jake.guffey at eprotex.com)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
# cdist is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# cdist is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
#
|
||||
# Apply pf(4) ruleset on *BSD
|
||||
#
|
||||
|
||||
# Debug
|
||||
#exec >&2
|
||||
#set -x
|
||||
|
||||
rcvar=$(cat "$__object/explorer/rcvar")
|
||||
|
||||
cat <<EOF
|
||||
if [ -f "${rcvar}.old" ]; then # rcvar.old exists, we must need to disable pf
|
||||
# Disable pf
|
||||
# If it already is disabled, pfctl -d returns 1, go on with life
|
||||
pfctl -d || true
|
||||
# Cleanup
|
||||
rm -f "${rcvar}.old"
|
||||
elif [ -f "${rcvar}.new" ]; then # rcvar.new exists, we must need to apply it
|
||||
# Ensure that pf is enabled in the first place
|
||||
# If it already is enabled, pfctl -e returns 1, go on with life
|
||||
mv "${rcvar}.new" "${rcvar}"
|
||||
pfctl -e || true
|
||||
pfctl -f "${rcvar}"
|
||||
if [ "\$?" -ne "0" ]; then # failed to configure new ruleset
|
||||
echo "Failed to configure the new ruleset on ${__target_host}!" >&2
|
||||
fi
|
||||
fi
|
||||
EOF
|
||||
|
||||
# Debug
|
||||
#set +x
|
||||
|
52
conf/type/__pf_apply/man.text
Normal file
52
conf/type/__pf_apply/man.text
Normal file
|
@ -0,0 +1,52 @@
|
|||
cdist-type__pf_apply(7)
|
||||
==================================
|
||||
Jake Guffey <jake.guffey--@--eprotex.com>
|
||||
|
||||
|
||||
NAME
|
||||
----
|
||||
cdist-type__pf_apply - Apply pf(4) ruleset on *BSD
|
||||
|
||||
|
||||
DESCRIPTION
|
||||
-----------
|
||||
This type is used on *BSD systems to manage the pf firewall's active ruleset.
|
||||
|
||||
|
||||
REQUIRED PARAMETERS
|
||||
-------------------
|
||||
NONE
|
||||
|
||||
|
||||
OPTIONAL PARAMETERS
|
||||
-------------------
|
||||
NONE
|
||||
|
||||
|
||||
EXAMPLES
|
||||
--------
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
# Modify the ruleset on $__target_host:
|
||||
__pf_ruleset --state present --source /my/pf/ruleset.conf
|
||||
require="__pf_ruleset" \
|
||||
__pf_apply
|
||||
|
||||
# Remove the ruleset on $__target_host (implies disabling pf(4):
|
||||
__pf_ruleset --state absent
|
||||
require="__pf_ruleset" \
|
||||
__pf_apply
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
|
||||
SEE ALSO
|
||||
--------
|
||||
- cdist-type(7)
|
||||
- cdist-type__pf_ruleset(7)
|
||||
- pf(4)
|
||||
|
||||
|
||||
COPYING
|
||||
-------
|
||||
Copyright \(C) 2012 Jake Guffey. Free use of this software is
|
||||
granted under the terms of the GNU General Public License version 3 (GPLv3).
|
0
conf/type/__pf_apply/singleton
Normal file
0
conf/type/__pf_apply/singleton
Normal file
41
conf/type/__pf_ruleset/explorer/cksum
Executable file
41
conf/type/__pf_ruleset/explorer/cksum
Executable file
|
@ -0,0 +1,41 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# 2012 Jake Guffey (jake.guffey at eprotex.com)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
# cdist is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# cdist is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
#
|
||||
# Get the 256 bit SHA2 checksum of the pf ruleset on the target host.
|
||||
#
|
||||
|
||||
# Debug
|
||||
#exec >&2
|
||||
#set -x
|
||||
|
||||
# Check /etc/rc.conf for pf's configuration file name. Default to /etc/pf.conf
|
||||
# See if file exists and if so, get checksum
|
||||
|
||||
RC="/etc/rc.conf"
|
||||
TMP="$(grep '^pf_rules=' ${RC} | cut -d= -f2 | sed 's/"//g')"
|
||||
PFCONF="${TMP:-"/etc/pf.conf"}"
|
||||
|
||||
if [ -f "${PFCONF}" ]; then # The pf config file exists, find its cksum.
|
||||
cksum -o 1 ${PFCONF} | cut -d= -f2 | awk '{print $1}'
|
||||
fi
|
||||
|
||||
# Debug
|
||||
#set +x
|
||||
|
36
conf/type/__pf_ruleset/explorer/rcvar
Executable file
36
conf/type/__pf_ruleset/explorer/rcvar
Executable file
|
@ -0,0 +1,36 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# 2012 Jake Guffey (jake.guffey at eprotex.com)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
# cdist is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# cdist is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
#
|
||||
# Get the location of the pf ruleset on the target host.
|
||||
#
|
||||
|
||||
# Debug
|
||||
#exec >&2
|
||||
#set -x
|
||||
|
||||
# Check /etc/rc.conf for pf's configuration file name. Default to /etc/pf.conf
|
||||
|
||||
RC="/etc/rc.conf"
|
||||
PFCONF="$(grep '^pf_rules=' ${RC} | cut -d= -f2 | sed 's/"//g')"
|
||||
echo ${PFCONF:-"/etc/pf.conf"}
|
||||
|
||||
# Debug
|
||||
#set +x
|
||||
|
73
conf/type/__pf_ruleset/gencode-local
Normal file
73
conf/type/__pf_ruleset/gencode-local
Normal file
|
@ -0,0 +1,73 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# 2012 Jake Guffey (jake.guffey at eprotex.com)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
# cdist is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# cdist is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
#
|
||||
# Manage pf(4) on *BSD
|
||||
#
|
||||
|
||||
# Debug
|
||||
#exec >&2
|
||||
#set -x
|
||||
|
||||
# Send files to $__target_host via $__remote_copy
|
||||
|
||||
uname=$(uname) # Need to know what the cdist host is running so we know how to compute the ruleset's checksum
|
||||
state=$(cat "$__object/parameter/state")
|
||||
|
||||
if [ "$state" = "absent" ]; then # There is nothing more for a *local* script to do
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if [ -f "$__object/parameter/source" ]; then
|
||||
source=$(cat "$__object/parameter/source")
|
||||
fi
|
||||
|
||||
rcvar=$(cat "$__object/explorer/rcvar")
|
||||
cksum=$(cat "$__object/explorer/cksum")
|
||||
|
||||
|
||||
cat <<EOF
|
||||
case $uname in
|
||||
Darwin)
|
||||
currentSum=\$(cksum -o 1 ${source} | cut '-d ' -f1)
|
||||
;;
|
||||
Linux)
|
||||
currentSum=\$(cksum ${source} | cut '-d ' -f1)
|
||||
;;
|
||||
FreeBSD)
|
||||
currentSum=\$(cksum -o 1 ${source} | cut -d= -f2 | sed 's/ //g')
|
||||
;;
|
||||
*)
|
||||
echo "Sorry, I do not know how to find a cksum on ${UNAME}." >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
if [ -n "${cksum}" ]; then
|
||||
if [ ! "\${currentSum}" = "${cksum}" ]; then
|
||||
$__remote_copy "${source}" "$__target_host:${rcvar}.new"
|
||||
fi
|
||||
else # File just doesn't exist yet
|
||||
$__remote_copy "${source}" "$__target_host:${rcvar}.new"
|
||||
fi
|
||||
EOF
|
||||
|
||||
# Debug
|
||||
#exec +x
|
||||
|
49
conf/type/__pf_ruleset/gencode-remote
Normal file
49
conf/type/__pf_ruleset/gencode-remote
Normal file
|
@ -0,0 +1,49 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# 2012 Jake Guffey (jake.guffey at eprotex.com)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
# cdist is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# cdist is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
#
|
||||
# Manage pf(4) on *BSD
|
||||
#
|
||||
|
||||
# Debug
|
||||
#exec >&2
|
||||
#set -x
|
||||
|
||||
# Remove ${rcvar} in the case of --state absent
|
||||
|
||||
state=$(cat "$__object/parameter/state")
|
||||
rcvar=$(cat "$__object/explorer/rcvar")
|
||||
|
||||
if [ "$state" = "present" ]; then # There is nothing more for a *remote* script to do
|
||||
exit 0
|
||||
elif [ "$state" = "absent" ]; then
|
||||
# --state absent, so ensure that .new doesn't exist and that conf is renamed to .old
|
||||
cat <<EOF
|
||||
if [ -f "${rcvar}.new" ]; then
|
||||
rm "${rcvar}.new"
|
||||
fi
|
||||
if [ -f "${rcvar}" ]; then
|
||||
mv "${rcvar}" "${rcvar}.old"
|
||||
fi
|
||||
EOF
|
||||
else
|
||||
echo "Unknown state ${state}!" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
51
conf/type/__pf_ruleset/man.text
Normal file
51
conf/type/__pf_ruleset/man.text
Normal file
|
@ -0,0 +1,51 @@
|
|||
cdist-type__pf_ruleset(7)
|
||||
==================================
|
||||
Jake Guffey <jake.guffey--@--eprotex.com>
|
||||
|
||||
|
||||
NAME
|
||||
----
|
||||
cdist-type__pf_ruleset - Copy a pf(4) ruleset to $__target_host
|
||||
|
||||
|
||||
DESCRIPTION
|
||||
-----------
|
||||
This type is used on *BSD systems to manage the pf firewall's ruleset.
|
||||
|
||||
|
||||
REQUIRED PARAMETERS
|
||||
-------------------
|
||||
state::
|
||||
Either "absent" (no ruleset at all) or "present"
|
||||
|
||||
|
||||
OPTIONAL PARAMETERS
|
||||
-------------------
|
||||
source::
|
||||
If supplied, use to define the ruleset to load onto the $__target_host for pf(4).
|
||||
Note that this type is almost useless without a ruleset defined, but it's technically not
|
||||
needed, e.g. for the case of disabling the firewall temporarily.
|
||||
|
||||
EXAMPLES
|
||||
--------
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
# Remove the current ruleset in place
|
||||
__pf_ruleset --state absent
|
||||
|
||||
# Enable the firewall with the ruleset defined in $__manifest/files/pf.conf
|
||||
__pf_ruleset --state present --source $__manifest/files/pf.conf
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
|
||||
SEE ALSO
|
||||
--------
|
||||
- cdist-type(7)
|
||||
- pf(4)
|
||||
|
||||
|
||||
COPYING
|
||||
-------
|
||||
Copyright \(C) 2012 Jake Guffey. Free use of this software is
|
||||
granted under the terms of the GNU General Public License version 3 (GPLv3).
|
1
conf/type/__pf_ruleset/parameter/optional
Normal file
1
conf/type/__pf_ruleset/parameter/optional
Normal file
|
@ -0,0 +1 @@
|
|||
source
|
0
conf/type/__pf_ruleset/singleton
Normal file
0
conf/type/__pf_ruleset/singleton
Normal file
|
@ -32,7 +32,7 @@ EXAMPLES
|
|||
--------
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
# Ensure zsh in installed
|
||||
# Create a 50G size image
|
||||
__qemu_img /home/services/kvm/vm/myvmname/system-disk --size 50G
|
||||
|
||||
# Remove image
|
||||
|
|
|
@ -19,8 +19,18 @@
|
|||
#
|
||||
|
||||
user="$__object_id"
|
||||
if su - $user -c "[ -d \"\$HOME/.rvm\" ]" ; then
|
||||
echo "present"
|
||||
|
||||
# RVM behaves differently if root is the username / uid == 0
|
||||
if [ "$user" = "root" ]; then
|
||||
if [ -d /usr/local/rvm ]; then
|
||||
echo present
|
||||
else
|
||||
echo absent
|
||||
fi
|
||||
else
|
||||
if su - $user -c "[ -d \"\$HOME/.rvm\" ]" ; then
|
||||
echo "present"
|
||||
else
|
||||
echo "absent"
|
||||
fi
|
||||
fi
|
||||
|
|
|
@ -25,7 +25,7 @@ if [ "$state_is" != "$state_should" ]; then
|
|||
case "$state_should" in
|
||||
present)
|
||||
cat << DONE
|
||||
su - $user -c "curl -L get.rvm.io | bash -s stable"
|
||||
su - $user -c "unset rvm_path; unset rvm_bin_path; unset rvm_prefix; unset rvm_version; curl -L get.rvm.io | bash -s stable"
|
||||
DONE
|
||||
;;
|
||||
absent)
|
||||
|
|
|
@ -23,7 +23,7 @@ ruby="$(echo "$gemset" | cut -d '@' -f 1)"
|
|||
gemsetname="$(echo "$gemset" | cut -d '@' -f 2)"
|
||||
state_is="$(cat "$__object/explorer/state")"
|
||||
user="$(cat "$__object/parameter/user")"
|
||||
default="$(cat "$__object/parameter/default")"
|
||||
default="$(cat "$__object/parameter/default" 2>/dev/null || true)"
|
||||
state_should="$(cat "$__object/parameter/state")"
|
||||
if [ "$state_is" != "$state_should" ]; then
|
||||
case "$state_should" in
|
||||
|
|
|
@ -21,8 +21,9 @@
|
|||
ruby="$__object_id"
|
||||
state_is="$(cat "$__object/explorer/state")"
|
||||
user="$(cat "$__object/parameter/user")"
|
||||
default="$(cat "$__object/parameter/default")"
|
||||
default="$(cat "$__object/parameter/default" 2>/dev/null || true)"
|
||||
state_should="$(cat "$__object/parameter/state")"
|
||||
|
||||
if [ "$state_is" != "$state_should" ]; then
|
||||
case "$state_should" in
|
||||
present)
|
||||
|
|
|
@ -8,6 +8,9 @@ Changelog
|
|||
* Core: Make variable __object_name available in type explorers (Steven Armtrong)
|
||||
* New Type: __qemu_img
|
||||
* New Type: __line
|
||||
* New Type: __pf_apply (Jake Guffey)
|
||||
* New Type: __pf_ruleset (Jake Guffey)
|
||||
* Bugfix Type: __rvm: Make type work if rvm is already installed
|
||||
|
||||
2.0.14: 2012-09-07
|
||||
* Bugfix Type: __jail: Use correct variable (Jake Guffey)
|
||||
|
|
1
doc/gfx/font-used
Normal file
1
doc/gfx/font-used
Normal file
|
@ -0,0 +1 @@
|
|||
fraktur
|
Loading…
Reference in a new issue