Merge branch 'master' into beta

This commit is contained in:
Darko Poljak 2020-05-25 11:24:01 +02:00
commit b47b9b1ba0
19 changed files with 156 additions and 103 deletions

View file

@ -2,6 +2,7 @@
# #
# 2014 Daniel Heule (hda at sfs.biz) # 2014 Daniel Heule (hda at sfs.biz)
# 2014 Thomas Oettli (otho at sfs.biz) # 2014 Thomas Oettli (otho at sfs.biz)
# 2020 Evilham (contact at evilham.com)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -18,63 +19,91 @@
# You should have received a copy of the GNU General Public License # You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
#
# FIXME: other system types (not linux ...) os=$("$__explorer/os")
if [ -d "/proc/vz" ] && [ ! -d "/proc/bc" ]; then vendor_string_to_machine_type() {
echo openvz for vendor in vmware bochs kvm qemu virtualbox bhyve; do
exit if echo "${1}" | grep -q -i "${vendor}"; then
fi if [ "${vendor}" = "bochs" ] || [ "${vendor}" = "qemu" ]; then
vendor="kvm"
if [ -e "/proc/1/environ" ] &&
tr '\000' '\n' < "/proc/1/environ" | grep -Eiq '^container='; then
echo lxc
exit
fi
if [ -r /proc/cpuinfo ]; then
# this should only exist on virtual guest machines,
# tested on vmware, xen, kvm
if grep -q "hypervisor" /proc/cpuinfo; then
# this file is aviable in xen guest systems
if [ -r /sys/hypervisor/type ]; then
if grep -q -i "xen" /sys/hypervisor/type; then
echo virtual_by_xen
exit
fi fi
else echo "virtual_by_${vendor}"
if [ -r /sys/class/dmi/id/product_name ]; then exit
if grep -q -i 'vmware' /sys/class/dmi/id/product_name; then
echo "virtual_by_vmware"
exit
elif grep -q -i 'bochs' /sys/class/dmi/id/product_name; then
echo "virtual_by_kvm"
exit
elif grep -q -i 'virtualbox' /sys/class/dmi/id/product_name; then
echo "virtual_by_virtualbox"
exit
fi
fi
if [ -r /sys/class/dmi/id/sys_vendor ]; then
if grep -q -i 'qemu' /sys/class/dmi/id/sys_vendor; then
echo "virtual_by_kvm"
exit
fi
fi
if [ -r /sys/class/dmi/id/chassis_vendor ]; then
if grep -q -i 'qemu' /sys/class/dmi/id/chassis_vendor; then
echo "virtual_by_kvm"
exit
fi
fi
fi fi
echo "virtual_by_unknown" done
else }
echo "physical"
fi case "$os" in
else "freebsd")
echo "unknown" # FreeBSD does not have /proc/cpuinfo even when procfs is used.
fi # Instead there is a sysctl kern.vm_guest.
# Which is 'none' if physical, else the virtualisation.
vm_guest="$(sysctl -n kern.vm_guest 2>/dev/null || true)"
if [ -n "${vm_guest}" ]; then
if [ "${vm_guest}" = "none" ]; then
echo "physical"
exit
fi
echo "virtual_by_${vm_guest}"
exit
fi
;;
"openbsd")
# OpenBSD can also use the sysctl's: hw.vendor or hw.product.
# Note we can be reasonably sure about a machine being virtualised
# as long as we can identify the virtualisation technology.
# But not so much about it being physical...
# Patches are welcome / reach out if you have better ideas.
for sysctl in hw.vendor hw.product; do
# This exits if we can make a reasonable judgement
vendor_string_to_machine_type "$(sysctl -n "${sysctl}")"
done
;;
*)
# Defaulting to linux for compatibility with previous cdist behaviour
if [ -d "/proc/vz" ] && [ ! -d "/proc/bc" ]; then
echo openvz
exit
fi
if [ -e "/proc/1/environ" ] &&
tr '\000' '\n' < "/proc/1/environ" | grep -Eiq '^container='; then
echo lxc
exit
fi
if [ -r /proc/cpuinfo ]; then
# this should only exist on virtual guest machines,
# tested on vmware, xen, kvm, bhyve
if grep -q "hypervisor" /proc/cpuinfo; then
# this file is aviable in xen guest systems
if [ -r /sys/hypervisor/type ]; then
if grep -q -i "xen" /sys/hypervisor/type; then
echo virtual_by_xen
exit
fi
else
for vendor_file in /sys/class/dmi/id/product_name \
/sys/class/dmi/id/sys_vendor \
/sys/class/dmi/id/chasis_vendor; do
if [ -r ${vendor_file} ]; then
# This exits if we can make a reasonable judgement
vendor_string_to_machine_type "$(cat "${vendor_file}")"
fi
done
fi
echo "virtual_by_unknown"
exit
else
echo "physical"
exit
fi
fi
;;
esac
echo "unknown"

View file

@ -21,6 +21,11 @@ command
OPTIONAL PARAMETERS OPTIONAL PARAMETERS
------------------- -------------------
**NOTE**: All time-related parameters (``--minute``, ``--hour``, ``--day_of_month``
``--month`` and ``--day_of_week``) defaults to ``*``, which means to execute it
**always**. If you set ``--hour 0`` to execute the cronjob only at midnight, it
will execute **every** minute in the first hour of the morning all days.
state state
Either present or absent. Defaults to present. Either present or absent. Defaults to present.
minute minute

View file

@ -50,13 +50,13 @@ state
create or modify it create or modify it
group group
Group to chgrp to. Group to chgrp to. Defaults to ``root``.
mode mode
Unix permissions, suitable for chmod. Unix permissions, suitable for chmod. Defaults to a very secure ``0600``.
owner owner
User to chown to. User to chown to. Defaults to ``root``.
source source
If supplied, copy this file from the host running cdist to the target. If supplied, copy this file from the host running cdist to the target.

View file

@ -88,7 +88,7 @@ if [ "$state" = "present" ]; then
fi fi
done done
if [ "$os" = "freebsd" ]; then if [ "$os" = "freebsd" ]; then
echo pw groupadd "$@" "$name" echo pw groupadd "$name" "$@"
else else
echo groupadd "$@" "$name" echo groupadd "$@" "$name"
fi fi

View file

@ -91,6 +91,9 @@ if [ -z "${certbot_fullpath}" ]; then
certbot_fullpath=/usr/local/bin/certbot certbot_fullpath=/usr/local/bin/certbot
;; ;;
ubuntu)
__package certbot
;;
*) *)
echo "Unsupported os: $os" >&2 echo "Unsupported os: $os" >&2
exit 1 exit 1

View file

@ -18,7 +18,7 @@ source
Specifies the link source. Specifies the link source.
type type
Specifies the link type: Either hard or symoblic. Specifies the link type: Either hard or symbolic.
OPTIONAL PARAMETERS OPTIONAL PARAMETERS

View file

@ -22,13 +22,6 @@
os=$(cat "$__global/explorer/os") os=$(cat "$__global/explorer/os")
case "$os" in case "$os" in
debian|ubuntu|devuan)
# Debian and Ubuntu need to be updated,
# as seen in /etc/init.d/bootlogs
echo "uname -snrvm > /var/run/motd"
echo "cat /etc/motd.tail >> /var/run/motd"
;;
freebsd) freebsd)
# FreeBSD only updates /etc/motd on boot, # FreeBSD only updates /etc/motd on boot,
# as seen in /etc/rc.d/motd # as seen in /etc/rc.d/motd

View file

@ -33,10 +33,6 @@ os=$(cat "$__global/explorer/os")
case "$os" in case "$os" in
debian|ubuntu|devuan)
# Debian-based systems use /etc/motd.tail as a template
destination=/etc/motd.tail
;;
freebsd) freebsd)
# FreeBSD uses motd.template to prepend system information on boot # FreeBSD uses motd.template to prepend system information on boot
# (this actually only applies starting with version 13, # (this actually only applies starting with version 13,

View file

@ -1,6 +1,7 @@
#!/bin/sh -e #!/bin/sh -e
# #
# 2016 Darko Poljak (darko.poljak at gmail.com) # 2016 Darko Poljak (darko.poljak at gmail.com)
# 2020 Nico Schotetlius (nico.schottelius at ungleich.ch)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -45,7 +46,7 @@ then
pyvenv=$(cat "$pyvenvparam") pyvenv=$(cat "$pyvenvparam")
else else
case "$os" in case "$os" in
alpine) # no pyvenv on alpine - I assume others will follow alpine|ubuntu) # no pyvenv on alpine - I assume others will follow
pyvenv="python3 -m venv" pyvenv="python3 -m venv"
;; ;;
*) *)

View file

@ -9,7 +9,7 @@ cdist-type__pyvenv - Create or remove python virtual environment
DESCRIPTION DESCRIPTION
----------- -----------
This cdist type allows you to create or remove python virtual This cdist type allows you to create or remove python virtual
environment using pyvenv. environment using pyvenv on python3 -m venv.
It assumes pyvenv is already installed. Concrete package depends It assumes pyvenv is already installed. Concrete package depends
on concrete OS and/or OS version/distribution. on concrete OS and/or OS version/distribution.
Ensure this for e.g. in your init manifest as in the following example: Ensure this for e.g. in your init manifest as in the following example:
@ -57,7 +57,7 @@ EXAMPLES
__pyvenv /home/services/djangoenv __pyvenv /home/services/djangoenv
# Use specific pyvenv # Use specific pyvenv
__pyvenv /home/foo/fooenv --pyvenv /usr/local/bin/pyvenv-3.4 __pyvenv /home/foo/fooenv --pyvenv /usr/local/bin/pyvenv-3.4
# Create python virtualenv for user foo. # Create python virtualenv for user foo.
@ -76,4 +76,3 @@ COPYING
------- -------
Copyright \(C) 2016 Darko Poljak. Free use of this software is Copyright \(C) 2016 Darko Poljak. Free use of this software is
granted under the terms of the GNU General Public License v3 or later (GPLv3+). granted under the terms of the GNU General Public License v3 or later (GPLv3+).

View file

@ -15,25 +15,27 @@ This type was created to be used by the __ssh_authorized_keys type.
REQUIRED PARAMETERS REQUIRED PARAMETERS
------------------- -------------------
file file
the authorized_keys file to which the given key should be added The authorized_keys file where the given key should be managed.
key key
a string containing the ssh keytype, base 64 encoded key and optional The ssh key which shall be managed in this authorized_keys file.
trailing comment which shall be added to the given authorized_keys file. Must be a string containing the ssh keytype, base 64 encoded key and
optional trailing comment which shall be added to the given
authorized_keys file.
OPTIONAL PARAMETERS OPTIONAL PARAMETERS
------------------- -------------------
comment comment
explicit comment instead of the one which may be trailing the given key Use this comment instead of the one which may be trailing in the key.
option option
an option to set for this authorized_key entry. An option to set for this authorized_key entry.
Can be specified multiple times. Can be specified multiple times.
See sshd(8) for available options. See sshd(8) for available options.
state state
if the given keys should be 'present' or 'absent', defaults to 'present'. If the managed key should be 'present' or 'absent', defaults to 'present'.
MESSAGES MESSAGES
@ -64,7 +66,7 @@ EXAMPLES
SEE ALSO SEE ALSO
-------- --------
:strong:`cdist__ssh_authorized_keys`\ (7), :strong:`sshd`\ (8) :strong:`cdist-type__ssh_authorized_keys`\ (7), :strong:`sshd`\ (8)
AUTHORS AUTHORS

View file

@ -20,42 +20,45 @@ then left to the user to ensure that the file exists and that ownership and
permissions work with ssh. permissions work with ssh.
REQUIRED PARAMETERS REQUIRED MULTIPLE PARAMETERS
------------------- ----------------------------
key key
the ssh key which shall be added to this authorized_keys file. An ssh key which shall be managed in this authorized_keys file.
Must be a string and can be specified multiple times. Must be a string containing the ssh keytype, base 64 encoded key and
optional trailing comment which shall be added to the given
authorized_keys file.
Can be specified multiple times.
OPTIONAL PARAMETERS OPTIONAL PARAMETERS
------------------- -------------------
comment comment
explicit comment instead of the one which may be trailing the given key Use this comment instead of the one which may be trailing in each key.
file file
an alternative destination file, defaults to ~$owner/.ssh/authorized_keys An alternative destination file, defaults to ~$owner/.ssh/authorized_keys.
option option
an option to set for all created authorized_key entries. An option to set for all authorized_key entries in the key parameter.
Can be specified multiple times. Can be specified multiple times.
See sshd(8) for available options. See sshd(8) for available options.
owner owner
the user owning the authorized_keys file, defaults to object_id. The user owning the authorized_keys file, defaults to object_id.
state state
if the given keys should be 'present' or 'absent', defaults to 'present'. If the given keys should be 'present' or 'absent', defaults to 'present'.
BOOLEAN PARAMETERS BOOLEAN PARAMETERS
------------------ ------------------
noparent noparent
don't create or change ownership and permissions of the directory containing Don't create or change ownership and permissions of the directory containing
the authorized_keys file the authorized_keys file.
nofile nofile
don't manage existence, ownership and permissions of the the authorized_keys Don't manage existence, ownership and permissions of the the authorized_keys
file file.
EXAMPLES EXAMPLES

View file

@ -1,5 +1,4 @@
comment comment
file file
option
owner owner
state state

View file

@ -0,0 +1 @@
option

View file

@ -135,11 +135,19 @@ elif [ "$state" = "absent" ]; then
if grep -q "^${name}:" "$__object/explorer/passwd"; then if grep -q "^${name}:" "$__object/explorer/passwd"; then
#user exists, but state != present, so delete it #user exists, but state != present, so delete it
if [ -f "$__object/parameter/remove-home" ]; then if [ -f "$__object/parameter/remove-home" ]; then
printf "userdel -r '%s' >/dev/null 2>&1\\n" "${name}" if [ "$os" = "freebsd" ]; then
echo "userdel -r" >> "$__messages_out" printf "pw userdel '%s' -r >/dev/null 2>&1\\n" "${name}"
else
printf "userdel -r '%s' >/dev/null 2>&1\\n" "${name}"
fi
echo "userdel -r" >> "$__messages_out"
else else
printf "userdel '%s' >/dev/null 2>&1\\n" "${name}" if [ "$os" = "freebsd" ]; then
echo "userdel" >> "$__messages_out" printf "pw userdel '%s' >/dev/null 2>&1\\n" "${name}"
else
printf "userdel '%s' >/dev/null 2>&1\\n" "${name}"
fi
echo "userdel" >> "$__messages_out"
fi fi
fi fi
else else

View file

@ -64,6 +64,7 @@ class DefaultLog(logging.Logger):
def __init__(self, name): def __init__(self, name):
super().__init__(name) super().__init__(name)
self.propagate = False
formatter = logging.Formatter(self.FORMAT) formatter = logging.Formatter(self.FORMAT)

View file

@ -26,7 +26,7 @@
# #
# init_manifest # init_manifest
# Specify default initial manifest. # Specify default initial manifest.
# init_mainfest = <path-to-init-manifst> # init_manifest = <path-to-init-manifest>
# #
# inventory_dir # inventory_dir
# Specify inventory directory. # Specify inventory directory.

View file

@ -5,6 +5,19 @@ next:
* Core: Add trigger functionality (Nico Schottelius, Darko Poljak) * Core: Add trigger functionality (Nico Schottelius, Darko Poljak)
* Core: Implement core support for python types (Darko Poljak) * Core: Implement core support for python types (Darko Poljak)
6.5.6: 2020-05-25
* Type __pyvenv: Switch to python3 -m venv for Ubuntu (Nico Schottelius)
* Type __letsencrypt_cert: Whitelist Ubuntu (Nico Schottelius)
* Types __cron, __file, __link: Improve manpages (Matthias Stecher)
* Explorer machine_type: Add support for FreeBSD and OpenBSD, and simplify Linux code (Evil Ham)
* Type __ssh_authorized_key, __ssh_authorized_keys: Improve manpages (Evil Ham)
* Type __ssh_authorized_keys: Fix bug where --option was not multiple (Evil Ham)
* Type __motd: Debian/Ubuntu/Devuan use /etc/motd (Ander Punnar)
* Type __group: Fix --gid on FreeBSD (Ander Punnar)
* Configuration: Fix typos in cdist.cfg.skeleton (Jaak Ristioja)
* Type __user: Fix user deletion on FreeBSD (Ander Punnar)
* Core: Fix double log lines (Darko Poljak)
6.5.5: 2020-05-01 6.5.5: 2020-05-01
* Core: Fix XDG_CONFIG_HOME config file location (Joachim Desroches) * Core: Fix XDG_CONFIG_HOME config file location (Joachim Desroches)
* Type __postgres_database: Add encoding, lc-collate, lc-ctype, template parameters (Timothée Floure) * Type __postgres_database: Add encoding, lc-collate, lc-ctype, template parameters (Timothée Floure)

View file

@ -3,7 +3,7 @@ Support
Chat Chat
~~~~ ~~~~
Chat with us: `ungleich chat <https://chat.ungleich.ch/ungleich/channels/cdist>`_. Chat with us on `#cdist:ungleich.ch <https://ungleich.ch/u/projects/open-chat/>`_.
Mailing list Mailing list
~~~~~~~~~~~~ ~~~~~~~~~~~~