Merge branch 'master' into beta

This commit is contained in:
Darko Poljak 2020-05-25 11:24:01 +02:00
commit b47b9b1ba0
19 changed files with 156 additions and 103 deletions

View file

@ -2,6 +2,7 @@
#
# 2014 Daniel Heule (hda at sfs.biz)
# 2014 Thomas Oettli (otho at sfs.biz)
# 2020 Evilham (contact at evilham.com)
#
# This file is part of cdist.
#
@ -18,24 +19,66 @@
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# FIXME: other system types (not linux ...)
os=$("$__explorer/os")
if [ -d "/proc/vz" ] && [ ! -d "/proc/bc" ]; then
vendor_string_to_machine_type() {
for vendor in vmware bochs kvm qemu virtualbox bhyve; do
if echo "${1}" | grep -q -i "${vendor}"; then
if [ "${vendor}" = "bochs" ] || [ "${vendor}" = "qemu" ]; then
vendor="kvm"
fi
echo "virtual_by_${vendor}"
exit
fi
done
}
case "$os" in
"freebsd")
# FreeBSD does not have /proc/cpuinfo even when procfs is used.
# Instead there is a sysctl kern.vm_guest.
# Which is 'none' if physical, else the virtualisation.
vm_guest="$(sysctl -n kern.vm_guest 2>/dev/null || true)"
if [ -n "${vm_guest}" ]; then
if [ "${vm_guest}" = "none" ]; then
echo "physical"
exit
fi
echo "virtual_by_${vm_guest}"
exit
fi
;;
"openbsd")
# OpenBSD can also use the sysctl's: hw.vendor or hw.product.
# Note we can be reasonably sure about a machine being virtualised
# as long as we can identify the virtualisation technology.
# But not so much about it being physical...
# Patches are welcome / reach out if you have better ideas.
for sysctl in hw.vendor hw.product; do
# This exits if we can make a reasonable judgement
vendor_string_to_machine_type "$(sysctl -n "${sysctl}")"
done
;;
*)
# Defaulting to linux for compatibility with previous cdist behaviour
if [ -d "/proc/vz" ] && [ ! -d "/proc/bc" ]; then
echo openvz
exit
fi
fi
if [ -e "/proc/1/environ" ] &&
if [ -e "/proc/1/environ" ] &&
tr '\000' '\n' < "/proc/1/environ" | grep -Eiq '^container='; then
echo lxc
exit
fi
fi
if [ -r /proc/cpuinfo ]; then
if [ -r /proc/cpuinfo ]; then
# this should only exist on virtual guest machines,
# tested on vmware, xen, kvm
# tested on vmware, xen, kvm, bhyve
if grep -q "hypervisor" /proc/cpuinfo; then
# this file is aviable in xen guest systems
if [ -r /sys/hypervisor/type ]; then
@ -44,37 +87,23 @@ if [ -r /proc/cpuinfo ]; then
exit
fi
else
if [ -r /sys/class/dmi/id/product_name ]; then
if grep -q -i 'vmware' /sys/class/dmi/id/product_name; then
echo "virtual_by_vmware"
exit
elif grep -q -i 'bochs' /sys/class/dmi/id/product_name; then
echo "virtual_by_kvm"
exit
elif grep -q -i 'virtualbox' /sys/class/dmi/id/product_name; then
echo "virtual_by_virtualbox"
exit
fi
fi
if [ -r /sys/class/dmi/id/sys_vendor ]; then
if grep -q -i 'qemu' /sys/class/dmi/id/sys_vendor; then
echo "virtual_by_kvm"
exit
fi
fi
if [ -r /sys/class/dmi/id/chassis_vendor ]; then
if grep -q -i 'qemu' /sys/class/dmi/id/chassis_vendor; then
echo "virtual_by_kvm"
exit
fi
for vendor_file in /sys/class/dmi/id/product_name \
/sys/class/dmi/id/sys_vendor \
/sys/class/dmi/id/chasis_vendor; do
if [ -r ${vendor_file} ]; then
# This exits if we can make a reasonable judgement
vendor_string_to_machine_type "$(cat "${vendor_file}")"
fi
done
fi
echo "virtual_by_unknown"
exit
else
echo "physical"
exit
fi
else
echo "unknown"
fi
fi
;;
esac
echo "unknown"

View file

@ -21,6 +21,11 @@ command
OPTIONAL PARAMETERS
-------------------
**NOTE**: All time-related parameters (``--minute``, ``--hour``, ``--day_of_month``
``--month`` and ``--day_of_week``) defaults to ``*``, which means to execute it
**always**. If you set ``--hour 0`` to execute the cronjob only at midnight, it
will execute **every** minute in the first hour of the morning all days.
state
Either present or absent. Defaults to present.
minute

View file

@ -50,13 +50,13 @@ state
create or modify it
group
Group to chgrp to.
Group to chgrp to. Defaults to ``root``.
mode
Unix permissions, suitable for chmod.
Unix permissions, suitable for chmod. Defaults to a very secure ``0600``.
owner
User to chown to.
User to chown to. Defaults to ``root``.
source
If supplied, copy this file from the host running cdist to the target.

View file

@ -88,7 +88,7 @@ if [ "$state" = "present" ]; then
fi
done
if [ "$os" = "freebsd" ]; then
echo pw groupadd "$@" "$name"
echo pw groupadd "$name" "$@"
else
echo groupadd "$@" "$name"
fi

View file

@ -90,6 +90,9 @@ if [ -z "${certbot_fullpath}" ]; then
__package py27-certbot
certbot_fullpath=/usr/local/bin/certbot
;;
ubuntu)
__package certbot
;;
*)
echo "Unsupported os: $os" >&2

View file

@ -18,7 +18,7 @@ source
Specifies the link source.
type
Specifies the link type: Either hard or symoblic.
Specifies the link type: Either hard or symbolic.
OPTIONAL PARAMETERS

View file

@ -22,13 +22,6 @@
os=$(cat "$__global/explorer/os")
case "$os" in
debian|ubuntu|devuan)
# Debian and Ubuntu need to be updated,
# as seen in /etc/init.d/bootlogs
echo "uname -snrvm > /var/run/motd"
echo "cat /etc/motd.tail >> /var/run/motd"
;;
freebsd)
# FreeBSD only updates /etc/motd on boot,
# as seen in /etc/rc.d/motd

View file

@ -33,10 +33,6 @@ os=$(cat "$__global/explorer/os")
case "$os" in
debian|ubuntu|devuan)
# Debian-based systems use /etc/motd.tail as a template
destination=/etc/motd.tail
;;
freebsd)
# FreeBSD uses motd.template to prepend system information on boot
# (this actually only applies starting with version 13,

View file

@ -1,6 +1,7 @@
#!/bin/sh -e
#
# 2016 Darko Poljak (darko.poljak at gmail.com)
# 2020 Nico Schotetlius (nico.schottelius at ungleich.ch)
#
# This file is part of cdist.
#
@ -45,7 +46,7 @@ then
pyvenv=$(cat "$pyvenvparam")
else
case "$os" in
alpine) # no pyvenv on alpine - I assume others will follow
alpine|ubuntu) # no pyvenv on alpine - I assume others will follow
pyvenv="python3 -m venv"
;;
*)

View file

@ -9,7 +9,7 @@ cdist-type__pyvenv - Create or remove python virtual environment
DESCRIPTION
-----------
This cdist type allows you to create or remove python virtual
environment using pyvenv.
environment using pyvenv on python3 -m venv.
It assumes pyvenv is already installed. Concrete package depends
on concrete OS and/or OS version/distribution.
Ensure this for e.g. in your init manifest as in the following example:
@ -76,4 +76,3 @@ COPYING
-------
Copyright \(C) 2016 Darko Poljak. Free use of this software is
granted under the terms of the GNU General Public License v3 or later (GPLv3+).

View file

@ -15,25 +15,27 @@ This type was created to be used by the __ssh_authorized_keys type.
REQUIRED PARAMETERS
-------------------
file
the authorized_keys file to which the given key should be added
The authorized_keys file where the given key should be managed.
key
a string containing the ssh keytype, base 64 encoded key and optional
trailing comment which shall be added to the given authorized_keys file.
The ssh key which shall be managed in this authorized_keys file.
Must be a string containing the ssh keytype, base 64 encoded key and
optional trailing comment which shall be added to the given
authorized_keys file.
OPTIONAL PARAMETERS
-------------------
comment
explicit comment instead of the one which may be trailing the given key
Use this comment instead of the one which may be trailing in the key.
option
an option to set for this authorized_key entry.
An option to set for this authorized_key entry.
Can be specified multiple times.
See sshd(8) for available options.
state
if the given keys should be 'present' or 'absent', defaults to 'present'.
If the managed key should be 'present' or 'absent', defaults to 'present'.
MESSAGES
@ -64,7 +66,7 @@ EXAMPLES
SEE ALSO
--------
:strong:`cdist__ssh_authorized_keys`\ (7), :strong:`sshd`\ (8)
:strong:`cdist-type__ssh_authorized_keys`\ (7), :strong:`sshd`\ (8)
AUTHORS

View file

@ -20,42 +20,45 @@ then left to the user to ensure that the file exists and that ownership and
permissions work with ssh.
REQUIRED PARAMETERS
-------------------
REQUIRED MULTIPLE PARAMETERS
----------------------------
key
the ssh key which shall be added to this authorized_keys file.
Must be a string and can be specified multiple times.
An ssh key which shall be managed in this authorized_keys file.
Must be a string containing the ssh keytype, base 64 encoded key and
optional trailing comment which shall be added to the given
authorized_keys file.
Can be specified multiple times.
OPTIONAL PARAMETERS
-------------------
comment
explicit comment instead of the one which may be trailing the given key
Use this comment instead of the one which may be trailing in each key.
file
an alternative destination file, defaults to ~$owner/.ssh/authorized_keys
An alternative destination file, defaults to ~$owner/.ssh/authorized_keys.
option
an option to set for all created authorized_key entries.
An option to set for all authorized_key entries in the key parameter.
Can be specified multiple times.
See sshd(8) for available options.
owner
the user owning the authorized_keys file, defaults to object_id.
The user owning the authorized_keys file, defaults to object_id.
state
if the given keys should be 'present' or 'absent', defaults to 'present'.
If the given keys should be 'present' or 'absent', defaults to 'present'.
BOOLEAN PARAMETERS
------------------
noparent
don't create or change ownership and permissions of the directory containing
the authorized_keys file
Don't create or change ownership and permissions of the directory containing
the authorized_keys file.
nofile
don't manage existence, ownership and permissions of the the authorized_keys
file
Don't manage existence, ownership and permissions of the the authorized_keys
file.
EXAMPLES

View file

@ -1,5 +1,4 @@
comment
file
option
owner
state

View file

@ -0,0 +1 @@
option

View file

@ -135,10 +135,18 @@ elif [ "$state" = "absent" ]; then
if grep -q "^${name}:" "$__object/explorer/passwd"; then
#user exists, but state != present, so delete it
if [ -f "$__object/parameter/remove-home" ]; then
if [ "$os" = "freebsd" ]; then
printf "pw userdel '%s' -r >/dev/null 2>&1\\n" "${name}"
else
printf "userdel -r '%s' >/dev/null 2>&1\\n" "${name}"
fi
echo "userdel -r" >> "$__messages_out"
else
if [ "$os" = "freebsd" ]; then
printf "pw userdel '%s' >/dev/null 2>&1\\n" "${name}"
else
printf "userdel '%s' >/dev/null 2>&1\\n" "${name}"
fi
echo "userdel" >> "$__messages_out"
fi
fi

View file

@ -64,6 +64,7 @@ class DefaultLog(logging.Logger):
def __init__(self, name):
super().__init__(name)
self.propagate = False
formatter = logging.Formatter(self.FORMAT)

View file

@ -26,7 +26,7 @@
#
# init_manifest
# Specify default initial manifest.
# init_mainfest = <path-to-init-manifst>
# init_manifest = <path-to-init-manifest>
#
# inventory_dir
# Specify inventory directory.

View file

@ -5,6 +5,19 @@ next:
* Core: Add trigger functionality (Nico Schottelius, Darko Poljak)
* Core: Implement core support for python types (Darko Poljak)
6.5.6: 2020-05-25
* Type __pyvenv: Switch to python3 -m venv for Ubuntu (Nico Schottelius)
* Type __letsencrypt_cert: Whitelist Ubuntu (Nico Schottelius)
* Types __cron, __file, __link: Improve manpages (Matthias Stecher)
* Explorer machine_type: Add support for FreeBSD and OpenBSD, and simplify Linux code (Evil Ham)
* Type __ssh_authorized_key, __ssh_authorized_keys: Improve manpages (Evil Ham)
* Type __ssh_authorized_keys: Fix bug where --option was not multiple (Evil Ham)
* Type __motd: Debian/Ubuntu/Devuan use /etc/motd (Ander Punnar)
* Type __group: Fix --gid on FreeBSD (Ander Punnar)
* Configuration: Fix typos in cdist.cfg.skeleton (Jaak Ristioja)
* Type __user: Fix user deletion on FreeBSD (Ander Punnar)
* Core: Fix double log lines (Darko Poljak)
6.5.5: 2020-05-01
* Core: Fix XDG_CONFIG_HOME config file location (Joachim Desroches)
* Type __postgres_database: Add encoding, lc-collate, lc-ctype, template parameters (Timothée Floure)

View file

@ -3,7 +3,7 @@ Support
Chat
~~~~
Chat with us: `ungleich chat <https://chat.ungleich.ch/ungleich/channels/cdist>`_.
Chat with us on `#cdist:ungleich.ch <https://ungleich.ch/u/projects/open-chat/>`_.
Mailing list
~~~~~~~~~~~~