diff --git a/cdist/conf/explorer/machine_type b/cdist/conf/explorer/machine_type
index bb21f69c..1c84f4d7 100755
--- a/cdist/conf/explorer/machine_type
+++ b/cdist/conf/explorer/machine_type
@@ -2,6 +2,7 @@
#
# 2014 Daniel Heule (hda at sfs.biz)
# 2014 Thomas Oettli (otho at sfs.biz)
+# 2020 Evilham (contact at evilham.com)
#
# This file is part of cdist.
#
@@ -18,63 +19,91 @@
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see .
#
-#
-# FIXME: other system types (not linux ...)
+os=$("$__explorer/os")
-if [ -d "/proc/vz" ] && [ ! -d "/proc/bc" ]; then
- echo openvz
- exit
-fi
-
-if [ -e "/proc/1/environ" ] &&
- tr '\000' '\n' < "/proc/1/environ" | grep -Eiq '^container='; then
- echo lxc
- exit
-fi
-
-if [ -r /proc/cpuinfo ]; then
- # this should only exist on virtual guest machines,
- # tested on vmware, xen, kvm
- if grep -q "hypervisor" /proc/cpuinfo; then
- # this file is aviable in xen guest systems
- if [ -r /sys/hypervisor/type ]; then
- if grep -q -i "xen" /sys/hypervisor/type; then
- echo virtual_by_xen
- exit
+vendor_string_to_machine_type() {
+ for vendor in vmware bochs kvm qemu virtualbox bhyve; do
+ if echo "${1}" | grep -q -i "${vendor}"; then
+ if [ "${vendor}" = "bochs" ] || [ "${vendor}" = "qemu" ]; then
+ vendor="kvm"
fi
- else
- if [ -r /sys/class/dmi/id/product_name ]; then
- if grep -q -i 'vmware' /sys/class/dmi/id/product_name; then
- echo "virtual_by_vmware"
- exit
- elif grep -q -i 'bochs' /sys/class/dmi/id/product_name; then
- echo "virtual_by_kvm"
- exit
- elif grep -q -i 'virtualbox' /sys/class/dmi/id/product_name; then
- echo "virtual_by_virtualbox"
- exit
- fi
- fi
-
- if [ -r /sys/class/dmi/id/sys_vendor ]; then
- if grep -q -i 'qemu' /sys/class/dmi/id/sys_vendor; then
- echo "virtual_by_kvm"
- exit
- fi
- fi
-
- if [ -r /sys/class/dmi/id/chassis_vendor ]; then
- if grep -q -i 'qemu' /sys/class/dmi/id/chassis_vendor; then
- echo "virtual_by_kvm"
- exit
- fi
- fi
+ echo "virtual_by_${vendor}"
+ exit
fi
- echo "virtual_by_unknown"
- else
- echo "physical"
- fi
-else
- echo "unknown"
-fi
+ done
+}
+
+case "$os" in
+ "freebsd")
+ # FreeBSD does not have /proc/cpuinfo even when procfs is used.
+ # Instead there is a sysctl kern.vm_guest.
+ # Which is 'none' if physical, else the virtualisation.
+ vm_guest="$(sysctl -n kern.vm_guest 2>/dev/null || true)"
+ if [ -n "${vm_guest}" ]; then
+ if [ "${vm_guest}" = "none" ]; then
+ echo "physical"
+ exit
+ fi
+ echo "virtual_by_${vm_guest}"
+ exit
+ fi
+ ;;
+
+ "openbsd")
+ # OpenBSD can also use the sysctl's: hw.vendor or hw.product.
+ # Note we can be reasonably sure about a machine being virtualised
+ # as long as we can identify the virtualisation technology.
+ # But not so much about it being physical...
+ # Patches are welcome / reach out if you have better ideas.
+ for sysctl in hw.vendor hw.product; do
+ # This exits if we can make a reasonable judgement
+ vendor_string_to_machine_type "$(sysctl -n "${sysctl}")"
+ done
+ ;;
+
+ *)
+ # Defaulting to linux for compatibility with previous cdist behaviour
+
+ if [ -d "/proc/vz" ] && [ ! -d "/proc/bc" ]; then
+ echo openvz
+ exit
+ fi
+
+ if [ -e "/proc/1/environ" ] &&
+ tr '\000' '\n' < "/proc/1/environ" | grep -Eiq '^container='; then
+ echo lxc
+ exit
+ fi
+
+ if [ -r /proc/cpuinfo ]; then
+ # this should only exist on virtual guest machines,
+ # tested on vmware, xen, kvm, bhyve
+ if grep -q "hypervisor" /proc/cpuinfo; then
+ # this file is aviable in xen guest systems
+ if [ -r /sys/hypervisor/type ]; then
+ if grep -q -i "xen" /sys/hypervisor/type; then
+ echo virtual_by_xen
+ exit
+ fi
+ else
+ for vendor_file in /sys/class/dmi/id/product_name \
+ /sys/class/dmi/id/sys_vendor \
+ /sys/class/dmi/id/chasis_vendor; do
+ if [ -r ${vendor_file} ]; then
+ # This exits if we can make a reasonable judgement
+ vendor_string_to_machine_type "$(cat "${vendor_file}")"
+ fi
+ done
+ fi
+ echo "virtual_by_unknown"
+ exit
+ else
+ echo "physical"
+ exit
+ fi
+ fi
+ ;;
+esac
+
+echo "unknown"
diff --git a/cdist/conf/type/__cron/man.rst b/cdist/conf/type/__cron/man.rst
index d0694738..e39bfb5c 100644
--- a/cdist/conf/type/__cron/man.rst
+++ b/cdist/conf/type/__cron/man.rst
@@ -21,6 +21,11 @@ command
OPTIONAL PARAMETERS
-------------------
+**NOTE**: All time-related parameters (``--minute``, ``--hour``, ``--day_of_month``
+``--month`` and ``--day_of_week``) defaults to ``*``, which means to execute it
+**always**. If you set ``--hour 0`` to execute the cronjob only at midnight, it
+will execute **every** minute in the first hour of the morning all days.
+
state
Either present or absent. Defaults to present.
minute
diff --git a/cdist/conf/type/__file_old/man.rst b/cdist/conf/type/__file_old/man.rst
index 7a0603bb..2f3b9e69 100644
--- a/cdist/conf/type/__file_old/man.rst
+++ b/cdist/conf/type/__file_old/man.rst
@@ -50,13 +50,13 @@ state
create or modify it
group
- Group to chgrp to.
+ Group to chgrp to. Defaults to ``root``.
mode
- Unix permissions, suitable for chmod.
+ Unix permissions, suitable for chmod. Defaults to a very secure ``0600``.
owner
- User to chown to.
+ User to chown to. Defaults to ``root``.
source
If supplied, copy this file from the host running cdist to the target.
diff --git a/cdist/conf/type/__group/gencode-remote b/cdist/conf/type/__group/gencode-remote
index 6091c548..ff63e218 100755
--- a/cdist/conf/type/__group/gencode-remote
+++ b/cdist/conf/type/__group/gencode-remote
@@ -88,7 +88,7 @@ if [ "$state" = "present" ]; then
fi
done
if [ "$os" = "freebsd" ]; then
- echo pw groupadd "$@" "$name"
+ echo pw groupadd "$name" "$@"
else
echo groupadd "$@" "$name"
fi
diff --git a/cdist/conf/type/__letsencrypt_cert/manifest b/cdist/conf/type/__letsencrypt_cert/manifest
index 68ecf9d4..b4464366 100755
--- a/cdist/conf/type/__letsencrypt_cert/manifest
+++ b/cdist/conf/type/__letsencrypt_cert/manifest
@@ -91,6 +91,9 @@ if [ -z "${certbot_fullpath}" ]; then
certbot_fullpath=/usr/local/bin/certbot
;;
+ ubuntu)
+ __package certbot
+ ;;
*)
echo "Unsupported os: $os" >&2
exit 1
diff --git a/cdist/conf/type/__link/man.rst b/cdist/conf/type/__link/man.rst
index fe0ce425..2e81aea9 100644
--- a/cdist/conf/type/__link/man.rst
+++ b/cdist/conf/type/__link/man.rst
@@ -18,7 +18,7 @@ source
Specifies the link source.
type
- Specifies the link type: Either hard or symoblic.
+ Specifies the link type: Either hard or symbolic.
OPTIONAL PARAMETERS
diff --git a/cdist/conf/type/__motd/gencode-remote b/cdist/conf/type/__motd/gencode-remote
index 738ea834..cb7bfc84 100755
--- a/cdist/conf/type/__motd/gencode-remote
+++ b/cdist/conf/type/__motd/gencode-remote
@@ -22,13 +22,6 @@
os=$(cat "$__global/explorer/os")
case "$os" in
- debian|ubuntu|devuan)
-
- # Debian and Ubuntu need to be updated,
- # as seen in /etc/init.d/bootlogs
- echo "uname -snrvm > /var/run/motd"
- echo "cat /etc/motd.tail >> /var/run/motd"
- ;;
freebsd)
# FreeBSD only updates /etc/motd on boot,
# as seen in /etc/rc.d/motd
diff --git a/cdist/conf/type/__motd/manifest b/cdist/conf/type/__motd/manifest
index ded734d7..b8f74ebf 100755
--- a/cdist/conf/type/__motd/manifest
+++ b/cdist/conf/type/__motd/manifest
@@ -33,10 +33,6 @@ os=$(cat "$__global/explorer/os")
case "$os" in
- debian|ubuntu|devuan)
- # Debian-based systems use /etc/motd.tail as a template
- destination=/etc/motd.tail
- ;;
freebsd)
# FreeBSD uses motd.template to prepend system information on boot
# (this actually only applies starting with version 13,
diff --git a/cdist/conf/type/__pyvenv/gencode-remote b/cdist/conf/type/__pyvenv/gencode-remote
index 9c7b7fab..c5b64eff 100755
--- a/cdist/conf/type/__pyvenv/gencode-remote
+++ b/cdist/conf/type/__pyvenv/gencode-remote
@@ -1,6 +1,7 @@
#!/bin/sh -e
#
# 2016 Darko Poljak (darko.poljak at gmail.com)
+# 2020 Nico Schotetlius (nico.schottelius at ungleich.ch)
#
# This file is part of cdist.
#
@@ -45,7 +46,7 @@ then
pyvenv=$(cat "$pyvenvparam")
else
case "$os" in
- alpine) # no pyvenv on alpine - I assume others will follow
+ alpine|ubuntu) # no pyvenv on alpine - I assume others will follow
pyvenv="python3 -m venv"
;;
*)
diff --git a/cdist/conf/type/__pyvenv/man.rst b/cdist/conf/type/__pyvenv/man.rst
index d7de92fa..8085ff12 100644
--- a/cdist/conf/type/__pyvenv/man.rst
+++ b/cdist/conf/type/__pyvenv/man.rst
@@ -9,7 +9,7 @@ cdist-type__pyvenv - Create or remove python virtual environment
DESCRIPTION
-----------
This cdist type allows you to create or remove python virtual
-environment using pyvenv.
+environment using pyvenv on python3 -m venv.
It assumes pyvenv is already installed. Concrete package depends
on concrete OS and/or OS version/distribution.
Ensure this for e.g. in your init manifest as in the following example:
@@ -57,7 +57,7 @@ EXAMPLES
__pyvenv /home/services/djangoenv
- # Use specific pyvenv
+ # Use specific pyvenv
__pyvenv /home/foo/fooenv --pyvenv /usr/local/bin/pyvenv-3.4
# Create python virtualenv for user foo.
@@ -76,4 +76,3 @@ COPYING
-------
Copyright \(C) 2016 Darko Poljak. Free use of this software is
granted under the terms of the GNU General Public License v3 or later (GPLv3+).
-
diff --git a/cdist/conf/type/__ssh_authorized_key/man.rst b/cdist/conf/type/__ssh_authorized_key/man.rst
index 087a3dae..5bae02aa 100644
--- a/cdist/conf/type/__ssh_authorized_key/man.rst
+++ b/cdist/conf/type/__ssh_authorized_key/man.rst
@@ -15,25 +15,27 @@ This type was created to be used by the __ssh_authorized_keys type.
REQUIRED PARAMETERS
-------------------
file
- the authorized_keys file to which the given key should be added
+ The authorized_keys file where the given key should be managed.
key
- a string containing the ssh keytype, base 64 encoded key and optional
- trailing comment which shall be added to the given authorized_keys file.
+ The ssh key which shall be managed in this authorized_keys file.
+ Must be a string containing the ssh keytype, base 64 encoded key and
+ optional trailing comment which shall be added to the given
+ authorized_keys file.
OPTIONAL PARAMETERS
-------------------
comment
- explicit comment instead of the one which may be trailing the given key
+ Use this comment instead of the one which may be trailing in the key.
option
- an option to set for this authorized_key entry.
+ An option to set for this authorized_key entry.
Can be specified multiple times.
See sshd(8) for available options.
state
- if the given keys should be 'present' or 'absent', defaults to 'present'.
+ If the managed key should be 'present' or 'absent', defaults to 'present'.
MESSAGES
@@ -64,7 +66,7 @@ EXAMPLES
SEE ALSO
--------
-:strong:`cdist__ssh_authorized_keys`\ (7), :strong:`sshd`\ (8)
+:strong:`cdist-type__ssh_authorized_keys`\ (7), :strong:`sshd`\ (8)
AUTHORS
diff --git a/cdist/conf/type/__ssh_authorized_keys/man.rst b/cdist/conf/type/__ssh_authorized_keys/man.rst
index ba310ff9..93357b1d 100644
--- a/cdist/conf/type/__ssh_authorized_keys/man.rst
+++ b/cdist/conf/type/__ssh_authorized_keys/man.rst
@@ -20,42 +20,45 @@ then left to the user to ensure that the file exists and that ownership and
permissions work with ssh.
-REQUIRED PARAMETERS
--------------------
+REQUIRED MULTIPLE PARAMETERS
+----------------------------
key
- the ssh key which shall be added to this authorized_keys file.
- Must be a string and can be specified multiple times.
+ An ssh key which shall be managed in this authorized_keys file.
+ Must be a string containing the ssh keytype, base 64 encoded key and
+ optional trailing comment which shall be added to the given
+ authorized_keys file.
+ Can be specified multiple times.
OPTIONAL PARAMETERS
-------------------
comment
- explicit comment instead of the one which may be trailing the given key
+ Use this comment instead of the one which may be trailing in each key.
file
- an alternative destination file, defaults to ~$owner/.ssh/authorized_keys
+ An alternative destination file, defaults to ~$owner/.ssh/authorized_keys.
option
- an option to set for all created authorized_key entries.
+ An option to set for all authorized_key entries in the key parameter.
Can be specified multiple times.
See sshd(8) for available options.
owner
- the user owning the authorized_keys file, defaults to object_id.
+ The user owning the authorized_keys file, defaults to object_id.
state
- if the given keys should be 'present' or 'absent', defaults to 'present'.
+ If the given keys should be 'present' or 'absent', defaults to 'present'.
BOOLEAN PARAMETERS
------------------
noparent
- don't create or change ownership and permissions of the directory containing
- the authorized_keys file
+ Don't create or change ownership and permissions of the directory containing
+ the authorized_keys file.
nofile
- don't manage existence, ownership and permissions of the the authorized_keys
- file
+ Don't manage existence, ownership and permissions of the the authorized_keys
+ file.
EXAMPLES
diff --git a/cdist/conf/type/__ssh_authorized_keys/parameter/optional b/cdist/conf/type/__ssh_authorized_keys/parameter/optional
index 21f9bc29..fa64fc43 100644
--- a/cdist/conf/type/__ssh_authorized_keys/parameter/optional
+++ b/cdist/conf/type/__ssh_authorized_keys/parameter/optional
@@ -1,5 +1,4 @@
comment
file
-option
owner
state
diff --git a/cdist/conf/type/__ssh_authorized_keys/parameter/optional_multiple b/cdist/conf/type/__ssh_authorized_keys/parameter/optional_multiple
new file mode 100644
index 00000000..01925a15
--- /dev/null
+++ b/cdist/conf/type/__ssh_authorized_keys/parameter/optional_multiple
@@ -0,0 +1 @@
+option
diff --git a/cdist/conf/type/__user/gencode-remote b/cdist/conf/type/__user/gencode-remote
index ee18c18f..41c3a57b 100755
--- a/cdist/conf/type/__user/gencode-remote
+++ b/cdist/conf/type/__user/gencode-remote
@@ -135,11 +135,19 @@ elif [ "$state" = "absent" ]; then
if grep -q "^${name}:" "$__object/explorer/passwd"; then
#user exists, but state != present, so delete it
if [ -f "$__object/parameter/remove-home" ]; then
- printf "userdel -r '%s' >/dev/null 2>&1\\n" "${name}"
- echo "userdel -r" >> "$__messages_out"
+ if [ "$os" = "freebsd" ]; then
+ printf "pw userdel '%s' -r >/dev/null 2>&1\\n" "${name}"
+ else
+ printf "userdel -r '%s' >/dev/null 2>&1\\n" "${name}"
+ fi
+ echo "userdel -r" >> "$__messages_out"
else
- printf "userdel '%s' >/dev/null 2>&1\\n" "${name}"
- echo "userdel" >> "$__messages_out"
+ if [ "$os" = "freebsd" ]; then
+ printf "pw userdel '%s' >/dev/null 2>&1\\n" "${name}"
+ else
+ printf "userdel '%s' >/dev/null 2>&1\\n" "${name}"
+ fi
+ echo "userdel" >> "$__messages_out"
fi
fi
else
diff --git a/cdist/log.py b/cdist/log.py
index 5d431130..2d0bef0b 100644
--- a/cdist/log.py
+++ b/cdist/log.py
@@ -64,6 +64,7 @@ class DefaultLog(logging.Logger):
def __init__(self, name):
super().__init__(name)
+ self.propagate = False
formatter = logging.Formatter(self.FORMAT)
diff --git a/configuration/cdist.cfg.skeleton b/configuration/cdist.cfg.skeleton
index bfac9f5c..91c5ab02 100644
--- a/configuration/cdist.cfg.skeleton
+++ b/configuration/cdist.cfg.skeleton
@@ -26,7 +26,7 @@
#
# init_manifest
# Specify default initial manifest.
-# init_mainfest =
+# init_manifest =
#
# inventory_dir
# Specify inventory directory.
diff --git a/docs/changelog b/docs/changelog
index 4ec4a71a..cb34fc2a 100644
--- a/docs/changelog
+++ b/docs/changelog
@@ -5,6 +5,19 @@ next:
* Core: Add trigger functionality (Nico Schottelius, Darko Poljak)
* Core: Implement core support for python types (Darko Poljak)
+6.5.6: 2020-05-25
+ * Type __pyvenv: Switch to python3 -m venv for Ubuntu (Nico Schottelius)
+ * Type __letsencrypt_cert: Whitelist Ubuntu (Nico Schottelius)
+ * Types __cron, __file, __link: Improve manpages (Matthias Stecher)
+ * Explorer machine_type: Add support for FreeBSD and OpenBSD, and simplify Linux code (Evil Ham)
+ * Type __ssh_authorized_key, __ssh_authorized_keys: Improve manpages (Evil Ham)
+ * Type __ssh_authorized_keys: Fix bug where --option was not multiple (Evil Ham)
+ * Type __motd: Debian/Ubuntu/Devuan use /etc/motd (Ander Punnar)
+ * Type __group: Fix --gid on FreeBSD (Ander Punnar)
+ * Configuration: Fix typos in cdist.cfg.skeleton (Jaak Ristioja)
+ * Type __user: Fix user deletion on FreeBSD (Ander Punnar)
+ * Core: Fix double log lines (Darko Poljak)
+
6.5.5: 2020-05-01
* Core: Fix XDG_CONFIG_HOME config file location (Joachim Desroches)
* Type __postgres_database: Add encoding, lc-collate, lc-ctype, template parameters (Timothée Floure)
diff --git a/docs/src/cdist-support.rst b/docs/src/cdist-support.rst
index 19afde2f..f9f61f01 100644
--- a/docs/src/cdist-support.rst
+++ b/docs/src/cdist-support.rst
@@ -3,7 +3,7 @@ Support
Chat
~~~~
-Chat with us: `ungleich chat `_.
+Chat with us on `#cdist:ungleich.ch `_.
Mailing list
~~~~~~~~~~~~