Merge branch 'master' of github.com:ungleich/cdist

Signed-off-by: Nico Schottelius <nico@nico-notebook.schottelius.org>
This commit is contained in:
Nico Schottelius 2018-10-09 19:43:41 +02:00
commit 256c8324a0
266 changed files with 3317 additions and 1132 deletions

6
.gitattributes vendored Normal file
View file

@ -0,0 +1,6 @@
.gitignore export-ignore
.gitattributes export-ignore
.gitkeep export-ignore
docs/speeches export-ignore
docs/video export-ignore
docs/src/man7 export-ignore

View file

@ -39,6 +39,11 @@ PYTHON_VERSION=cdist/version.py
SPHINXM=make -C $(DOCS_SRC_DIR) man
SPHINXH=make -C $(DOCS_SRC_DIR) html
SPHINXC=make -C $(DOCS_SRC_DIR) clean
SHELLCHECKCMD=shellcheck -s sh -f gcc -x
# Skip SC2154 for variables starting with __ since such variables are cdist
# environment variables.
SHELLCHECK_SKIP=grep -v ': __.*is referenced but not assigned.*\[SC2154\]'
################################################################################
# Manpages
#
@ -54,6 +59,7 @@ MANTYPES=$(subst /man.rst,.rst,$(MANTYPEPREFIX))
# Link manpage: do not create man.html but correct named file
$(MAN7DSTDIR)/cdist-type%.rst: $(TYPEDIR)/%/man.rst
mkdir -p $(MAN7DSTDIR)
ln -sf "../../../$^" $@
# Manpages #2: reference
@ -247,5 +253,34 @@ pub:
test:
$(helper) $@
test-remote:
$(helper) $@
pep8:
$(helper) $@
shellcheck-global-explorers:
@find cdist/conf/explorer -type f -exec $(SHELLCHECKCMD) {} + | $(SHELLCHECK_SKIP) || exit 0
shellcheck-type-explorers:
@find cdist/conf/type -type f -path "*/explorer/*" -exec $(SHELLCHECKCMD) {} + | $(SHELLCHECK_SKIP) || exit 0
shellcheck-manifests:
@find cdist/conf/type -type f -name manifest -exec $(SHELLCHECKCMD) {} + | $(SHELLCHECK_SKIP) || exit 0
shellcheck-local-gencodes:
@find cdist/conf/type -type f -name gencode-local -exec $(SHELLCHECKCMD) {} + | $(SHELLCHECK_SKIP) || exit 0
shellcheck-remote-gencodes:
@find cdist/conf/type -type f -name gencode-remote -exec $(SHELLCHECKCMD) {} + | $(SHELLCHECK_SKIP) || exit 0
shellcheck-gencodes: shellcheck-local-gencodes shellcheck-remote-gencodes
shellcheck-types: shellcheck-type-explorers shellcheck-manifests shellcheck-gencodes
shellcheck: shellcheck-global-explorers shellcheck-types
shellcheck-type-files:
@find cdist/conf/type -type f -path "*/files/*" -exec $(SHELLCHECKCMD) {} + | $(SHELLCHECK_SKIP) || exit 0
shellcheck-with-files: shellcheck shellcheck-type-files

View file

@ -250,6 +250,7 @@ eof
"$0" check-date
"$0" check-unittest
"$0" check-pep8
"$0" shellcheck
# Generate version file to be included in packaging
"$0" target-version
@ -359,13 +360,40 @@ eof
fi
;;
test-remote)
export PYTHONPATH="$(pwd -P)"
python3 -m cdist.test.exec.remote
;;
pep8)
pep8 "${basedir}" "${basedir}/scripts/cdist" | less
;;
check-pep8)
"$0" pep8
echo "Please review pep8 report."
printf "\\nPlease review pep8 report.\\n"
while true
do
echo "Continue (yes/no)?"
any=
read any
case "$any" in
yes)
break
;;
no)
exit 1
;;
*)
echo "Please answer with 'yes' or 'no' explicitly."
;;
esac
done
;;
shellcheck)
make helper=${helper} WEBDIR=${WEBDIR} shellcheck
printf "\\nPlease review shellcheck report.\\n"
while true
do
echo "Continue (yes/no)?"

View file

@ -285,6 +285,7 @@ eof
"$0" check-date
"$0" check-unittest
"$0" check-pep8
"$0" shellcheck
# Generate version file to be included in packaging
"$0" target-version
@ -421,13 +422,40 @@ eof
fi
;;
test-remote)
export PYTHONPATH="$(pwd -P)"
python3 -m cdist.test.exec.remote
;;
pep8)
pep8 "${basedir}" "${basedir}/scripts/cdist" | less
;;
check-pep8)
"$0" pep8
echo "Please review pep8 report."
printf "\\nPlease review pep8 report.\\n"
while true
do
echo "Continue (yes/no)?"
any=
read any
case "$any" in
yes)
break
;;
no)
exit 1
;;
*)
echo "Please answer with 'yes' or 'no' explicitly."
;;
esac
done
;;
shellcheck)
make helper=${helper} WEBDIR=${WEBDIR} shellcheck
printf "\\nPlease review shellcheck report.\\n"
while true
do
echo "Continue (yes/no)?"

View file

@ -83,41 +83,78 @@ class CdistBetaRequired(cdist.Error):
class CdistEntityError(Error):
"""Something went wrong while executing cdist entity"""
def __init__(self, entity_name, entity_params, stderr_paths, subject=''):
def __init__(self, entity_name, entity_params, stdout_paths,
stderr_paths, subject=''):
self.entity_name = entity_name
self.entity_params = entity_params
self.stderr_paths = stderr_paths
self.stdout_paths = stdout_paths
if isinstance(subject, Error):
self.original_error = subject
else:
self.original_error = None
self.message = str(subject)
@property
def stderr(self):
def _stdpath(self, stdpaths, header_name):
result = {}
for name, path in stdpaths:
if name not in result:
result[name] = []
try:
if os.path.exists(path) and os.path.getsize(path) > 0:
output = []
for stderr_name, stderr_path in self.stderr_paths:
if (os.path.exists(stderr_path) and
os.path.getsize(stderr_path) > 0):
label_begin = '---- BEGIN ' + stderr_name + ':stderr ----'
label_end = '---- END ' + stderr_name + ':stderr ----'
output.append('\n' + label_begin)
with open(stderr_path, 'r') as fd:
label_begin = name + ":" + header_name
output.append(label_begin)
output.append('\n')
output.append('-' * len(label_begin))
output.append('\n')
with open(path, 'r') as fd:
output.append(fd.read())
output.append(label_end)
return '\n'.join(output)
output.append('\n')
result[name].append(''.join(output))
except UnicodeError as ue:
result[name].append(('Cannot output {}:{} due to: {}.\n'
'You can try to read the error file "{}"'
' yourself.').format(
name, header_name, ue, path))
return result
def _stderr(self):
return self._stdpath(self.stderr_paths, 'stderr')
def _stdout(self):
return self._stdpath(self.stdout_paths, 'stdout')
def _update_dict_list(self, target, source):
for x in source:
if x not in target:
target[x] = []
target[x].extend(source[x])
@property
def std_streams(self):
std_dict = {}
self._update_dict_list(std_dict, self._stdout())
self._update_dict_list(std_dict, self._stderr())
return std_dict
def __str__(self):
output = []
output.append(self.message)
header = "\nError processing " + self.entity_name
output.append('\n\n')
header = "Error processing " + self.entity_name
under_header = '=' * len(header)
output.append(header)
output.append('\n')
output.append(under_header)
output.append('\n')
for param_name, param_value in self.entity_params:
output.append(param_name + ': ' + str(param_value))
output.append(self.stderr + '\n')
return '\n'.join(output)
output.append('\n')
output.append('\n')
for x in self.std_streams:
output.append(''.join(self.std_streams[x]))
return ''.join(output)
class CdistObjectError(CdistEntityError):
@ -127,28 +164,39 @@ class CdistObjectError(CdistEntityError):
('name', cdist_object.name, ),
('path', cdist_object.absolute_path, ),
('source', " ".join(cdist_object.source), ),
('type', cdist_object.cdist_type.absolute_path, ),
('type', os.path.realpath(
cdist_object.cdist_type.absolute_path), ),
]
stderr_paths = []
for stderr_name in os.listdir(cdist_object.stderr_path):
stderr_path = os.path.join(cdist_object.stderr_path,
stderr_name)
stderr_paths.append((stderr_name, stderr_path, ))
stdout_paths = []
for stdout_name in os.listdir(cdist_object.stdout_path):
stdout_path = os.path.join(cdist_object.stdout_path,
stdout_name)
stdout_paths.append((stdout_name, stdout_path, ))
super().__init__("object '{}'".format(cdist_object.name),
params, stderr_paths, subject)
params, stdout_paths, stderr_paths, subject)
class InitialManifestError(CdistEntityError):
"""Something went wrong while executing initial manifest"""
def __init__(self, initial_manifest, stderr_path, subject=''):
def __init__(self, initial_manifest, stdout_path, stderr_path, subject=''):
params = [
('path', initial_manifest, ),
]
stdout_paths = []
stdout_paths = [
('init', stdout_path, ),
]
stderr_paths = []
stderr_paths = [
('init', stderr_path, ),
]
super().__init__('initial manifest', params, stderr_paths, subject)
super().__init__('initial manifest', params, stdout_paths,
stderr_paths, subject)
def file_to_list(filename):

View file

@ -251,6 +251,11 @@ def get_parsers():
'line). If no host or host file is specified then, by '
'default, read hosts from stdin.'),
dest='hostfile', required=False)
parser['config_args'].add_argument(
'-P', '--timestamp',
help=('Timestamp log messages with the current local date and time '
'in the format: YYYYMMDDHHMMSS.us.'),
action='store_true', dest='timestamp')
parser['config_args'].add_argument(
'-p', '--parallel', nargs='?', metavar='HOST_MAX',
type=functools.partial(check_lower_bounded_int, lower_bound=1,
@ -434,7 +439,7 @@ def get_parsers():
def handle_loglevel(args):
if args.quiet:
if hasattr(args, 'quiet') and args.quiet:
args.verbose = _verbosity_level_off
logging.root.setLevel(_verbosity_level[args.verbose])

View file

@ -25,13 +25,13 @@
os=$("$__explorer/os")
case "$os" in
"macosx")
echo "$(sysctl -n hw.physicalcpu)"
sysctl -n hw.physicalcpu
;;
*)
if [ -r /proc/cpuinfo ]; then
cores="$(grep "core id" /proc/cpuinfo | sort | uniq | wc -l)"
if [ ${cores} -eq 0 ]; then
if [ "${cores}" -eq 0 ]; then
cores="1"
fi
echo "$cores"

View file

@ -25,14 +25,14 @@
os=$("$__explorer/os")
case "$os" in
"macosx")
echo "$(system_profiler SPHardwareDataType | grep "Number of Processors" | awk -F': ' '{print $2}')"
system_profiler SPHardwareDataType | grep "Number of Processors" | awk -F': ' '{print $2}'
;;
*)
if [ -r /proc/cpuinfo ]; then
sockets="$(grep "physical id" /proc/cpuinfo | sort | uniq | wc -l)"
if [ ${sockets} -eq 0 ]; then
sockets="$(cat /proc/cpuinfo | grep "processor" | wc -l)"
sockets="$(grep "physical id" /proc/cpuinfo | sort -u | wc -l)"
if [ "${sockets}" -eq 0 ]; then
sockets="$(grep -c "processor" /proc/cpuinfo)"
fi
echo "${sockets}"
fi

3
cdist/conf/explorer/disks Normal file → Executable file
View file

@ -1,2 +1,3 @@
cd /dev
#!/bin/sh
cd /dev || exit 0
echo sd? hd? vd?

View file

@ -0,0 +1,2 @@
#!/bin/sh
sysctl -n security.jail.jailed 2>/dev/null | grep "1" || true

1
cdist/conf/explorer/kernel_name Normal file → Executable file
View file

@ -1 +1,2 @@
#!/bin/sh
uname -s

View file

@ -20,8 +20,9 @@
#
set +e
case "$($__explorer/os)" in
case "$("$__explorer/os")" in
openwrt)
# shellcheck disable=SC1091
(. /etc/openwrt_release && echo "$DISTRIB_CODENAME")
;;
*)

View file

@ -20,8 +20,9 @@
#
set +e
case "$($__explorer/os)" in
case "$("$__explorer/os")" in
openwrt)
# shellcheck disable=SC1091
(. /etc/openwrt_release && echo "$DISTRIB_DESCRIPTION")
;;
*)

View file

@ -20,8 +20,9 @@
#
set +e
case "$($__explorer/os)" in
case "$("$__explorer/os")" in
openwrt)
# shellcheck disable=SC1091
(. /etc/openwrt_release && echo "$DISTRIB_ID")
;;
*)

View file

@ -20,8 +20,9 @@
#
set +e
case "$($__explorer/os)" in
case "$("$__explorer/os")" in
openwrt)
# shellcheck disable=SC1091
(. /etc/openwrt_release && echo "$DISTRIB_RELEASE")
;;
*)

View file

@ -22,6 +22,6 @@
#
#
if command -v uname 2>&1 >/dev/null; then
if command -v uname >/dev/null 2>&1 ; then
uname -m
fi

View file

@ -22,13 +22,13 @@
# FIXME: other system types (not linux ...)
if [ -d "/proc/vz" -a ! -d "/proc/bc" ]; then
if [ -d "/proc/vz" ] && [ ! -d "/proc/bc" ]; then
echo openvz
exit
fi
if [ -e "/proc/1/environ" ] &&
cat "/proc/1/environ" | tr '\000' '\n' | grep -Eiq '^container='; then
tr '\000' '\n' < "/proc/1/environ" | grep -Eiq '^container='; then
echo lxc
exit
fi

View file

@ -0,0 +1,26 @@
#!/bin/sh
#
# 2018 Adam Dej (dejko.a at gmail.com)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# See os-release(5) and http://0pointer.de/blog/projects/os-release
set +e
cat /etc/os-release || cat /usr/lib/os-release || true

View file

@ -22,7 +22,7 @@
#
#
case "$($__explorer/os)" in
case "$("$__explorer/os")" in
amazon)
cat /etc/system-release
;;

View file

@ -1,6 +1,6 @@
#!/bin/sh -e
#
# 2011 Steven Armstrong (steven-cdist at armstrong.cc)
# 2018 Ander Punnar (ander-at-kvlt-dot-ee)
#
# This file is part of cdist.
#
@ -18,6 +18,6 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# set defaults
options="$(cat "$__object/parameter/options" 2>/dev/null \
|| echo "" | tee "$__object/parameter/options")"
if [ -e "/$__object_id" ]
then getfacl "/$__object_id" | grep -E '^((default:|)(user|group)):[a-z]' || true
fi

View file

@ -0,0 +1,81 @@
#!/bin/sh -e
#
# 2018 Ander Punnar (ander-at-kvlt-dot-ee)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
os="$( cat "$__global/explorer/os" )"
acl_path="/$__object_id"
acl_is="$( cat "$__object/explorer/acl_is" )"
acl_should="$( for parameter in user group
do
if [ ! -f "$__object/parameter/$parameter" ]
then continue
fi
while read -r l
do
echo "$parameter:$l"
if [ -f "$__object/parameter/default" ]
then echo "default:$parameter:$l"
fi
done < "$__object/parameter/$parameter"
done )"
setfacl_exec='setfacl'
if [ -f "$__object/parameter/recursive" ]
then
if echo "$os" | grep -E 'macosx|netbsd|freebsd|openbsd'
then
echo "$os setfacl do not support recursive operations" >&2
else
setfacl_exec="$setfacl_exec -R"
fi
fi
if [ -f "$__object/parameter/remove" ]
then
if echo "$os" | grep 'solaris'
then
# Solaris setfacl behaves differently.
# We will not support Solaris for now, because no way to test it.
# But adding support should be easy (use -s instead of -m on modify).
echo "$os setfacl do not support -x flag for ACL remove" >&2
else
echo "$acl_is" | while read -r acl
do
if echo "$acl_should" | grep -Fq "$acl"
then continue
fi
no_bits="$( echo "$acl" | sed -r 's/:[rwx-]+$//' )"
echo "$setfacl_exec -x \"$no_bits\" \"$acl_path\""
done
fi
fi
for acl in $acl_should
do
if ! echo "$acl_is" | grep -Eq "^$acl"
then echo "$setfacl_exec -m \"$acl\" \"$acl_path\""
fi
done

View file

@ -0,0 +1,62 @@
cdist-type__acl(7)
==================
NAME
----
cdist-type__acl - Basic wrapper around `setfacl`
DESCRIPTION
-----------
ACL must be defined as 3-symbol combination, using `r`, `w`, `x` and `-`.
See setfacl(1) and acl(5) for more details.
OPTIONAL MULTIPLE PARAMETERS
----------------------------
user
Add user ACL entry.
group
Add group ACL entry.
BOOLEAN PARAMETERS
------------------
recursive
Operate recursively (Linux only).
default
Add default ACL entries.
remove
Remove undefined ACL entries (Solaris not supported).
EXAMPLES
--------
.. code-block:: sh
__acl /srv/project \
--recursive \
--default \
--remove \
--user alice:rwx \
--user bob:r-x \
--group project-group:rwx \
--group some-other-group:r-x
AUTHORS
-------
Ander Punnar <ander-at-kvlt-dot-ee>
COPYING
-------
Copyright \(C) 2018 Ander Punnar. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,3 @@
recursive
default
remove

View file

@ -0,0 +1,2 @@
user
group

View file

@ -23,10 +23,11 @@
name="$__object_id"
# shellcheck disable=SC1091
. /etc/lsb-release
repo_name="${name#ppa:}"
repo_file_name="$(echo "$repo_name" | sed -e "s|[/:]|-|" -e "s|\.|_|")-${DISTRIB_CODENAME}.list"
repo_file_name="$(echo "$repo_name" | sed -e 's|[/:]|-|' -e 's|\.|_|')-${DISTRIB_CODENAME}.list"
[ -s "/etc/apt/sources.list.d/${repo_file_name}" ] \
&& echo present || echo absent

View file

@ -29,9 +29,9 @@ fi
case "$state_should" in
present)
echo add-apt-repository \"$name\"
echo "add-apt-repository '$name'"
;;
absent)
echo remove-apt-repository \"$name\"
echo "remove-apt-repository '$name'"
;;
esac

View file

@ -18,8 +18,6 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
name="$__object_id"
__package software-properties-common
require="__package/software-properties-common" \

View file

View file

@ -18,8 +18,6 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
file="$(cat "$__object/parameter/file" 2>/dev/null || echo "/$__object_id")"
prefix=$(cat "$__object/parameter/prefix" 2>/dev/null || echo "#cdist:__block/$__object_id")
suffix=$(cat "$__object/parameter/suffix" 2>/dev/null || echo "#/cdist:__block/$__object_id")
text=$(cat "$__object/parameter/text")

View file

@ -42,21 +42,20 @@ get_current_value() {
}
set_group() {
echo chgrp \"$1\" \"$destination\"
echo chgrp $1 >> "$__messages_out"
echo "chgrp '$1' '$destination'"
echo "chgrp '$1'" >> "$__messages_out"
}
set_owner() {
echo chown \"$1\" \"$destination\"
echo chown $1 >> "$__messages_out"
echo "chown '$1' '$destination'"
echo "chown '$1'" >> "$__messages_out"
}
set_mode() {
echo chmod \"$1\" \"$destination\"
echo chmod $1 >> "$__messages_out"
echo "chmod '$1' '$destination'"
echo "chmod '$1'" >> "$__messages_out"
}
set_attributes=
case "$state_should" in
present|exists)
# Note: Mode - needs to happen last as a chown/chgrp can alter mode by
@ -67,11 +66,11 @@ case "$state_should" in
# change 0xxx format to xxx format => same as stat returns
if [ "$attribute" = mode ]; then
value_should="$(echo $value_should | sed 's/^0\(...\)/\1/')"
value_should="$(echo "$value_should" | sed 's/^0\(...\)/\1/')"
fi
value_is="$(get_current_value "$attribute" "$value_should")"
if [ -f "$__object/files/set-attributes" -o "$value_should" != "$value_is" ]; then
if [ -f "$__object/files/set-attributes" ] || [ "$value_should" != "$value_is" ]; then
"set_$attribute" "$value_should"
fi
fi
@ -81,7 +80,7 @@ case "$state_should" in
absent)
if [ "$type" = "file" ]; then
echo rm -f \"$destination\"
echo "rm -f '$destination'"
echo remove >> "$__messages_out"
fi
;;

View file

@ -22,7 +22,7 @@ name="$__object_id"
state="$(cat "$__object/parameter/state")"
source="$(cat "$__object/parameter/source")"
destination="$(cat "$__object/parameter/destination")"
ccollectconf="$(cat "$__object/parameter/ccollectconf" | sed 's,/$,,')"
ccollectconf="$(sed 's,/$,,' "$__object/parameter/ccollectconf")"
sourcedir="$ccollectconf/sources"
basedir="$sourcedir/$name"
@ -55,5 +55,5 @@ if [ -f "$__object/parameter/exclude" ]; then
fi
if [ -f "$__object/parameter/create-destination" ]; then
__directory "${destination}" --parents --state ${state}
__directory "${destination}" --parents --state "${state}"
fi

View file

@ -19,7 +19,8 @@
#
set -- "/${__object_id}"
for param in $(ls "$__object/parameter/"); do
cd "$__object/parameter/"
for param in *; do
case "$param" in
source)
source="$(cat "$__object/parameter/source")"

View file

@ -39,7 +39,7 @@ version_dir="$versions_dir/$version"
source=$(cat "$version_dir/source")
source_file_name="${source##*/}"
cksum_should=$(cat "$version_dir/cksum" | cut -d' ' -f1,2)
cksum_should=$(cut -d' ' -f1,2 "$version_dir/cksum")
cat << eof
tmpdir=\$(mktemp -d --tmpdir="/tmp" "${__type##*/}.XXXXXXXXXX")

View file

@ -40,9 +40,11 @@ MESSAGES
If consul binary is created using __staged_file then underlaying __file type messages are emitted.
If consul binary is created by direct method then the following messages are emitted:
/usr/local/bin/consul created
consul binary was created
EXAMPLES
--------

View file

@ -20,14 +20,14 @@
#
### BEGIN INIT INFO
# Provides: consul
# Required-Start: $remote_fs
# Required-Stop: $remote_fs
# Should-Start: $all
# Should-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Required-Start: $network $local_fs $remote_fs
# Required-Stop: $local_fs
# Should-Start:
# Should-Stop:
# Short-Description: consul
# Description: consul agent
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
### END INIT INFO
if [ -f "/etc/default/consul" ]; then

View file

@ -66,7 +66,7 @@ require="__directory/etc/consul" \
__directory "$conf_dir" \
--owner root --group "$group" --mode 750 --state "$state"
if [ -f "$__object/parameter/ca-file-source" -o -f "$__object/parameter/cert-file-source" -o -f "$__object/parameter/key-file-source" ]; then
if [ -f "$__object/parameter/ca-file-source" ] || [ -f "$__object/parameter/cert-file-source" ] || [ -f "$__object/parameter/key-file-source" ]; then
# create directory for ssl certs
require="__directory/etc/consul" \
__directory /etc/consul/ssl \
@ -84,7 +84,8 @@ echo "{"
# parameters we define ourself
printf ' "data_dir": "%s"\n' "$data_dir"
for param in $(ls "$__object/parameter/"); do
cd "$__object/parameter/"
for param in *; do
case "$param" in
state|user|group|json-config) continue ;;
ca-file-source|cert-file-source|key-file-source)

View file

@ -40,7 +40,7 @@ if [ ! -f "$__object/parameter/interval" ]; then
fi
done
fi
if [ -f "$__object/parameter/docker-container-id" -a ! -f "$__object/parameter/script" ]; then
if [ -f "$__object/parameter/docker-container-id" ] && [ ! -f "$__object/parameter/script" ]; then
echo "When using --docker-container-id you must also define --script." >&2
exit 1
fi
@ -50,7 +50,8 @@ fi
echo "{"
printf ' "check": {\n'
printf ' "name": "%s"\n' "$name"
for param in $(ls "$__object/parameter/"); do
cd "$__object/parameter/"
for param in *; do
case "$param" in
state|name) continue ;;
*)

View file

@ -24,15 +24,15 @@ conf_file="service_${name}.json"
state="$(cat "$__object/parameter/state")"
# Sanity checks
if [ -f "$__object/parameter/check-script" -a -f "$__object/parameter/check-ttl" ]; then
if [ -f "$__object/parameter/check-script" ] && [ -f "$__object/parameter/check-ttl" ]; then
echo "Use either --check-script together with --check-interval OR --check-ttl, but not both" >&2
exit 1
fi
if [ -f "$__object/parameter/check-script" -a ! -f "$__object/parameter/check-interval" ]; then
if [ -f "$__object/parameter/check-script" ] && [ ! -f "$__object/parameter/check-interval" ]; then
echo "When using --check-script you must also define --check-interval" >&2
exit 1
fi
if [ -f "$__object/parameter/check-http" -a ! -f "$__object/parameter/check-interval" ]; then
if [ -f "$__object/parameter/check-http" ] && [ ! -f "$__object/parameter/check-interval" ]; then
echo "When using --check-http you must also define --check-interval" >&2
exit 1
fi
@ -42,7 +42,8 @@ fi
echo "{"
printf ' "service": {\n'
printf ' "name": "%s"\n' "$name"
for param in $(ls "$__object/parameter/"); do
cd "$__object/parameter/"
for param in *; do
case "$param" in
state|name|check-interval) continue ;;
check-script)

View file

@ -75,7 +75,8 @@ require="__directory/etc/consul-template" \
# Generate hcl config file
(
for param in $(ls "$__object/parameter/"); do
cd "$__object/parameter/"
for param in *; do
case "$param" in
auth-password|state|ssl-*|syslog-*|version|vault-token|vault-ssl*) continue ;;
auth-username)

View file

@ -26,32 +26,36 @@ template_dir="/etc/consul-template/template"
require=""
# Sanity checks
if [ -f "$__object/parameter/source" -a -f "$__object/parameter/source-file" ]; then
if [ -f "$__object/parameter/source" ] && [ -f "$__object/parameter/source-file" ]; then
echo "Use either --source OR --source-file, but not both." >&2
exit 1
fi
if [ ! -f "$__object/parameter/source" -a ! -f "$__object/parameter/source-file" ]; then
if [ ! -f "$__object/parameter/source" ] && [ ! -f "$__object/parameter/source-file" ]; then
echo "Either --source OR --source-file must be given." >&2
exit 1
fi
if [ -f "$__object/parameter/source-file" ]; then
destination="${template_dir}/${name}"
require="__file${destination}"
fi
# Generate hcl config file
(
{
printf 'template {\n'
for param in $(ls "$__object/parameter/"); do
cd "$__object/parameter/"
for param in *; do
case "$param" in
source-file)
source="$(cat "$__object/parameter/$param")"
if [ "$source" = "-" ]; then
source="$__object/stdin"
fi
destination="${template_dir}/${name}"
require="__directory${template_dir}" \
__file "$destination" \
--owner root --group root --mode 640 \
--source "$source" \
--state "$state"
export require="__file${destination}"
printf ' source = "%s"\n' "$destination"
;;
@ -65,7 +69,7 @@ for param in $(ls "$__object/parameter/"); do
esac
done
printf '}\n'
) | \
} | \
require="$require __directory${conf_dir}" \
__config_file "${conf_dir}/${conf_file}" \
--owner root --group root --mode 640 \

View file

@ -25,7 +25,7 @@ conf_file="watch_${watch_type}_${__object_id}.json"
state="$(cat "$__object/parameter/state")"
# Sanity checks
if [ -f "$__object/parameter/filter-service" -a -f "$__object/parameter/filter-state" ]; then
if [ -f "$__object/parameter/filter-service" ] && [ -f "$__object/parameter/filter-state" ]; then
echo "Use either --filter-service or --filter-state but not both." >&2
exit 1
fi
@ -35,7 +35,8 @@ fi
echo "{"
printf ' "watches": [{\n'
printf ' "type": "%s"\n' "$watch_type"
for param in $(ls "$__object/parameter/"); do
cd "$__object/parameter/"
for param in *; do
case "$param" in
state) continue ;;
filter-*)

View file

@ -29,7 +29,8 @@ state="$(cat "$__object/parameter/state")"
echo "{"
printf ' "watches": [{\n'
printf ' "type": "%s"\n' "$watch_type"
for param in $(ls "$__object/parameter/"); do
cd "$__object/parameter/"
for param in *; do
case "$param" in
state) continue ;;
*)

View file

@ -29,7 +29,8 @@ state="$(cat "$__object/parameter/state")"
echo "{"
printf ' "watches": [{\n'
printf ' "type": "%s"\n' "$watch_type"
for param in $(ls "$__object/parameter/"); do
cd "$__object/parameter/"
for param in *; do
case "$param" in
state) continue ;;
*)

View file

@ -29,7 +29,8 @@ state="$(cat "$__object/parameter/state")"
echo "{"
printf ' "watches": [{\n'
printf ' "type": "%s"\n' "$watch_type"
for param in $(ls "$__object/parameter/"); do
cd "$__object/parameter/"
for param in *; do
case "$param" in
state) continue ;;
*)

View file

@ -29,7 +29,8 @@ state="$(cat "$__object/parameter/state")"
echo "{"
printf ' "watches": [{\n'
printf ' "type": "%s"\n' "$watch_type"
for param in $(ls "$__object/parameter/"); do
cd "$__object/parameter/"
for param in *; do
case "$param" in
state) continue ;;
*)

View file

@ -29,7 +29,8 @@ state="$(cat "$__object/parameter/state")"
echo "{"
printf ' "watches": [{\n'
printf ' "type": "%s"\n' "$watch_type"
for param in $(ls "$__object/parameter/"); do
cd "$__object/parameter/"
for param in *; do
case "$param" in
state) continue ;;
passingonly)

View file

@ -29,7 +29,8 @@ state="$(cat "$__object/parameter/state")"
echo "{"
printf ' "watches": [{\n'
printf ' "type": "%s"\n' "$watch_type"
for param in $(ls "$__object/parameter/"); do
cd "$__object/parameter/"
for param in *; do
case "$param" in
state) continue ;;
*)

View file

@ -24,7 +24,7 @@ user="$(cat "$__object/parameter/user")"
if [ -f "$__object/parameter/raw_command" ]; then
command="$(cat "$__object/parameter/command")"
crontab -u $user -l 2>/dev/null | grep "^$command\$" || true
crontab -u "$user" -l 2>/dev/null | grep "^$command\$" || true
else
crontab -u $user -l 2>/dev/null | grep "# $name\$" || true
crontab -u "$user" -l 2>/dev/null | grep "# $name\$" || true
fi

View file

@ -58,7 +58,7 @@ state_should="$(cat "$__object/parameter/state" 2>/dev/null || echo "present")"
# These are the old markers
prefix="#cdist:__cron/$__object_id"
suffix="#/cdist:__cron/$__object_id"
filter="^# DO NOT EDIT THIS FILE|^# \(.* installed on |^# \(Cron version V|^# \(Cronie version .\..\)$"
filter='^# DO NOT EDIT THIS FILE|^# \(.* installed on |^# \(Cron version V|^# \(Cronie version .\..\)$'
cat << DONE
crontab -u $user -l 2>/dev/null | grep -v -E "$filter" | awk -v prefix="$prefix" -v suffix="$suffix" '
{

View file

@ -3,12 +3,13 @@
pkg=$(cat "$__object/parameter/from-package")
servicedir=$(cat "$__object/parameter/servicedir")
__package $pkg
__directory $servicedir --mode 700
__package "$pkg"
__directory "$servicedir" --mode 700
os=$(cat "$__global/explorer/os")
init=$(cat "$__global/explorer/init")
require=""
case $os in
freebsd)
# TODO change to __start_on_boot once it supports freebsd

1
cdist/conf/type/__daemontools_service/explorer/svc Normal file → Executable file
View file

@ -1 +1,2 @@
#!/bin/sh
command -v svc || true

View file

@ -25,14 +25,14 @@ badusage() {
[ -z "$run$runfile" ] && badusage
[ -n "$run" ] && [ -n "$runfile" ] && badusage
__directory $servicedir/$name/log/main --parents
__directory "$servicedir/$name/log/main" --parents
echo "$RUN_PREFIX$run" | require="__directory/$servicedir/$name/log/main" __config_file "$servicedir/$name/run" \
--onchange "svc -t '$servicedir/$name' 2>/dev/null" \
--mode 755 \
--source "${runfile:--}"
echo "$RUN_PREFIX$logrun" | require="__directory/$servicedir/$name/log/main" __config_file $servicedir/$name/log/run \
echo "$RUN_PREFIX$logrun" | require="__directory/$servicedir/$name/log/main" __config_file "$servicedir/$name/log/run" \
--onchange "svc -t '$servicedir/$name/log' 2>/dev/null" \
--mode 755 \
--source "-"

View file

@ -57,18 +57,18 @@ get_current_value() {
}
set_group() {
echo chgrp $recursive \"$1\" \"$destination\"
echo chgrp $recursive $1 >> "$__messages_out"
echo "chgrp $recursive '$1' '$destination'"
echo "chgrp $recursive '$1'" >> "$__messages_out"
}
set_owner() {
echo chown $recursive \"$1\" \"$destination\"
echo chown $recursive $1 >> "$__messages_out"
echo "chown $recursive '$1' '$destination'"
echo "chown $recursive '$1'" >> "$__messages_out"
}
set_mode() {
echo chmod $recursive \"$1\" \"$destination\"
echo chmod $recursive $1 >> "$__messages_out"
echo "chmod $recursive '$1' '$destination'"
echo "chmod $recursive '$1'" >> "$__messages_out"
}
case "$state_should" in
@ -78,10 +78,10 @@ case "$state_should" in
if [ "$type" != "none" ]; then
# our destination is not a directory, remove whatever is there
# and then create our directory and set all attributes
echo rm -f "\"$destination\""
echo "rm -f '$destination'"
echo "remove non directory" >> "$__messages_out"
fi
echo "mkdir $mkdiropt \"$destination\""
echo "mkdir $mkdiropt '$destination'"
echo "create" >> "$__messages_out"
fi
@ -94,7 +94,7 @@ case "$state_should" in
# change 0xxx format to xxx format => same as stat returns
if [ "$attribute" = mode ]; then
value_should="$(echo $value_should | sed 's/^0\(...\)/\1/')"
value_should="$(echo "$value_should" | sed 's/^0\(...\)/\1/')"
fi
if [ "$set_attributes" = 1 ] || [ "$value_should" != "$value_is" ]; then
@ -105,7 +105,7 @@ case "$state_should" in
;;
absent)
if [ "$type" = "directory" ]; then
echo rm -rf \"$destination\"
echo "rm -rf '$destination'"
echo remove >> "$__messages_out"
fi
;;

View file

@ -3,12 +3,12 @@ cdist-type__docker(7)
NAME
----
cdist-type__docker - install docker-engine
cdist-type__docker - install Docker CE
DESCRIPTION
-----------
Installs latest docker-engine package from dockerproject.org.
Installs latest Docker Community Edition package.
REQUIRED PARAMETERS
@ -18,16 +18,13 @@ None.
OPTIONAL PARAMETERS
-------------------
None.
state
'present' or 'absent', defaults to 'present'
BOOLEAN PARAMETERS
------------------
experimental
Install the experimental docker-engine package instead of the latest stable release.
state
'present' or 'absent', defaults to 'present'
None.
EXAMPLES
@ -38,9 +35,6 @@ EXAMPLES
# Install docker
__docker
# Install experimental
__docker --experimental
# Remove docker
__docker --state absent

View file

@ -24,57 +24,38 @@ state=$(cat "$__object/parameter/state")
case "$os" in
centos)
component="main"
if [ -f "$__object/parameter/experimental" ]; then
component="experimental"
fi
__yum_repo docker \
--name 'Docker Repository' \
--baseurl "https://yum.dockerproject.org/repo/$component/centos/\$releasever/" \
# shellcheck source=/dev/null
if (. "$__global/explorer/os_release" && [ "${VERSION_ID}" = "7" ]); then
__yum_repo docker-ce-stable \
--name 'Docker CE Stable' \
--baseurl "https://download.docker.com/linux/centos/7/\$basearch/stable" \
--enabled \
--gpgcheck 1 \
--gpgkey 'https://yum.dockerproject.org/gpg' \
--state ${state}
require="__yum_repo/docker" __package docker-engine --state ${state}
;;
ubuntu)
component="main"
if [ -f "$__object/parameter/experimental" ]; then
component="experimental"
--gpgkey 'https://download.docker.com/linux/centos/gpg' \
--state "${state}"
require="__yum_repo/docker-ce-stable" __package docker-ce --state "${state}"
else
echo "CentOS version 7 is required!" >&2
exit 1
fi
__package apparmor --state ${state}
__package ca-certificates --state ${state}
__package apt-transport-https --state ${state}
__apt_key docker --keyid 58118E89F3A912897C070ADBF76221572C52609D --state ${state}
;;
ubuntu|debian)
if [ "${state}" = "present" ]; then
__package apt-transport-https
__package ca-certificates
__package gnupg2
fi
__apt_key_uri docker --name "Docker Release (CE deb) <docker@docker.com>" \
--uri "https://download.docker.com/linux/${os}/gpg" --state "${state}"
export CDIST_ORDER_DEPENDENCY=on
__apt_source docker \
--uri https://apt.dockerproject.org/repo \
--distribution "ubuntu-$(cat "$__global/explorer/lsb_codename")" \
--state ${state} \
--component "$component"
__package docker-engine --state ${state}
--uri "https://download.docker.com/linux/${os}" \
--distribution "$(cat "$__global/explorer/lsb_codename")" \
--state "${state}" \
--component "stable"
__package docker-ce --state "${state}"
unset CDIST_ORDER_DEPENDENCY
;;
debian)
component="main"
if [ -f "$__object/parameter/experimental" ]; then
component="experimental"
fi
__package apt-transport-https --state ${state}
__package ca-certificates --state ${state}
__package gnupg2 --state ${state}
__apt_key docker --keyid 58118E89F3A912897C070ADBF76221572C52609D --state ${state}
export CDIST_ORDER_DEPENDENCY=on
__apt_source docker \
--uri https://apt.dockerproject.org/repo \
--distribution "debian-$(cat "$__global/explorer/lsb_codename")" \
--state ${state} \
--component "$component"
__package docker-engine --state ${state}
unset CDIST_ORDER_DEPENDENCY
;;
*)
echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
echo "Please contribute an implementation for it if you can." >&2

View file

@ -1 +0,0 @@
experimental

View file

@ -22,9 +22,10 @@
version="$(cat "$__object/parameter/version")"
state="$(cat "$__object/parameter/state")"
if [ ${state} = "present" ]; then
if [ "${state}" = "present" ]; then
# Download docker-compose file
echo 'curl -L "https://github.com/docker/compose/releases/download/'${version}'/docker-compose-$(uname -s)-$(uname -m)" -o /tmp/docker-compose'
#shellcheck disable=SC2016
echo 'curl -L "https://github.com/docker/compose/releases/download/'"${version}"'/docker-compose-$(uname -s)-$(uname -m)" -o /tmp/docker-compose'
echo 'mv /tmp/docker-compose /usr/local/bin/docker-compose'
# Change permissions
echo 'chmod +x /usr/local/bin/docker-compose'

View file

@ -22,10 +22,10 @@
state="$(cat "$__object/parameter/state")"
# Needed packages
if [ ${state} = "present" ]; then
if [ "${state}" = "present" ]; then
__docker
__package curl
elif [ ${state} = "absent" ]; then
elif [ "${state}" = "absent" ]; then
__file /usr/local/bin/docker-compose --state absent
else
echo "Unknown state: ${state}" >&2

View file

@ -1,6 +1,6 @@
#!/bin/sh -e
#
# 2011 Steven Armstrong (steven-cdist at armstrong.cc)
# 2018 Ľubomír Kučera <lubomir.kucera.jr at gmail.com>
#
# This file is part of cdist.
#
@ -18,6 +18,5 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# set defaults
target="$(cat "$__object/parameter/target" 2>/dev/null \
|| echo "/target" | tee "$__object/parameter/target")"
docker config inspect "${__object_id:?}" --format '{{json .Spec.Data}}' \
2>/dev/null | tr -d '"' | base64 -d

View file

@ -0,0 +1,25 @@
#!/bin/sh -e
#
# 2018 Ľubomír Kučera <lubomir.kucera.jr at gmail.com>
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
if docker config ls | grep -q " ${__object_id:?} "; then
echo yes
else
echo no
fi

View file

@ -0,0 +1,69 @@
#!/bin/sh -e
#
# 2018 Ľubomír Kučera <lubomir.kucera.jr at gmail.com>
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
config="${__object_id:?}"
config_exists=$(cat "${__object:?}/explorer/config-exists")
state=$(cat "${__object:?}/parameter/state")
case "${state}" in
absent)
if [ "${config_exists}" != "yes" ]; then
exit 0
fi
echo "docker config rm \"${config}\""
;;
present)
source=$(cat "${__object}/parameter/source")
if [ -z "${source}" ]; then
exit 0
fi
if [ "${source}" = "-" ]; then
source="${__object}/stdin"
fi
if [ "${config_exists}" = "yes" ]; then
if cmp -s "${source}" "${__object}/explorer/config-data"; then
exit 0
else
echo "docker config rm \"${config}\""
fi
fi
cat <<-EOF
source_file="\$(mktemp cdist.XXXXXXXXXX)"
base64 -d > "\${source_file}" << eof
$(base64 "${source}")
eof
docker config create "${config}" "\${source_file}"
rm "\${source_file}"
EOF
;;
*)
echo "Unsupported state: ${state}" >&2
exit 1
;;
esac

View file

@ -0,0 +1,55 @@
cdist-type__docker_config(7)
============================
NAME
----
cdist-type__docker_config - Manage Docker configs
DESCRIPTION
-----------
This type manages Docker configs.
OPTIONAL PARAMETERS
-------------------
source
Path to the source file. If it is '-' (dash), read standard input.
state
'present' or 'absent', defaults to 'present' where:
present
if the config does not exist, it is created
absent
the config is removed
CAVEATS
-------
Since Docker configs cannot be updated once created, this type tries removing
and recreating the config if it changes. If the config is used by a service at
the time of removing, then this type will fail.
EXAMPLES
--------
.. code-block:: sh
# Creates "foo" config from "bar" source file
__docker_config foo --source bar
AUTHORS
-------
Ľubomír Kučera <lubomir.kucera.jr at gmail.com>
COPYING
-------
Copyright \(C) 2018 Ľubomír Kučera. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1 @@
present

View file

@ -0,0 +1,2 @@
source
state

View file

@ -0,0 +1,25 @@
#!/bin/sh -e
#
# 2018 Ľubomír Kučera <lubomir.kucera.jr at gmail.com>
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
if docker secret ls | grep -q " ${__object_id:?} "; then
echo yes
else
echo no
fi

View file

@ -0,0 +1,65 @@
#!/bin/sh -e
#
# 2018 Ľubomír Kučera <lubomir.kucera.jr at gmail.com>
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
secret="${__object_id:?}"
secret_exists=$(cat "${__object:?}/explorer/secret-exists")
state=$(cat "${__object:?}/parameter/state")
case "${state}" in
absent)
if [ "${secret_exists}" != "yes" ]; then
exit 0
fi
echo "docker secret rm ${secret}"
;;
present)
if [ "${secret_exists}" = "yes" ]; then
exit 0
fi
source=$(cat "${__object}/parameter/source")
if [ -z "${source}" ]; then
exit 0
fi
if [ "${source}" = "-" ]; then
source="${__object}/stdin"
fi
cat <<-EOF
source_file="\$(mktemp cdist.XXXXXXXXXX)"
base64 -d > "\${source_file}" << eof
$(base64 "${source}")
eof
docker secret create "${secret}" "\${source_file}"
rm "\${source_file}"
EOF
;;
*)
echo "Unsupported state: ${state}" >&2
exit 1
;;
esac

View file

@ -0,0 +1,54 @@
cdist-type__docker_secret(7)
============================
NAME
----
cdist-type__docker_secret - Manage Docker secrets
DESCRIPTION
-----------
This type manages Docker secrets.
OPTIONAL PARAMETERS
-------------------
source
Path to the source file. If it is '-' (dash), read standard input.
state
'present' or 'absent', defaults to 'present' where:
present
if the secret does not exist, it is created
absent
the secret is removed
CAVEATS
-------
Since Docker secrets cannot be updated once created, this type takes no action
if the specified secret already exists.
EXAMPLES
--------
.. code-block:: sh
# Creates "foo" secret from "bar" source file
__docker_secret foo --source bar
AUTHORS
-------
Ľubomír Kučera <lubomir.kucera.jr at gmail.com>
COPYING
-------
Copyright \(C) 2018 Ľubomír Kučera. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1 @@
present

View file

@ -0,0 +1,2 @@
source
state

View file

@ -0,0 +1,25 @@
#!/bin/sh -e
#
# 2018 Ľubomír Kučera <lubomir.kucera.jr at gmail.com>
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
if docker stack ls | grep -q "^${__object_id:?} "; then
echo 1
else
echo 0
fi

View file

@ -0,0 +1,63 @@
#!/bin/sh -e
#
# 2018 Ľubomír Kučera <lubomir.kucera.jr at gmail.com>
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
stack="${__object_id:?}"
state=$(cat "${__object:?}/parameter/state")
case "${state}" in
absent)
stack_exists=$(cat "${__object:?}/explorer/stack-exists")
if [ "${stack_exists}" -ne 1 ]; then
exit 0
fi
echo "docker stack rm ${stack}"
;;
present)
compose_file=$(cat "${__object}/parameter/compose-file")
if [ -z "${compose_file}" ]; then
exit 0
fi
if [ "${compose_file}" = "-" ]; then
compose_file="${__object}/stdin"
fi
cat <<-EOF
compose_file="\$(mktemp cdist.XXXXXXXXXX)"
base64 -d > "\${compose_file}" << eof
$(base64 "${compose_file}")
eof
docker stack deploy --compose-file "\${compose_file}" \
--prune --with-registry-auth ${stack}
rm "\${compose_file}"
EOF
;;
*)
echo "Unsupported state: ${state}" >&2
exit 1
;;
esac

View file

@ -0,0 +1,54 @@
cdist-type__docker_stack(7)
===========================
NAME
----
cdist-type__docker_stack - Manage Docker stacks
DESCRIPTION
-----------
This type manages service stacks.
.. note::
Since there is no easy way to tell whether a stack needs to be updated,
`docker stack deploy` is being run every time this type is invoked.
However, it does not mean this type is not idempotent. If Docker does not
detect changes, the existing stack will not be updated.
OPTIONAL PARAMETERS
-------------------
compose-file
Path to the compose file. If it is '-' (dash), read standard input.
state
'present' or 'absent', defaults to 'present' where:
present
the stack is deployed
absent
the stack is removed
EXAMPLES
--------
.. code-block:: sh
# Deploys 'foo' stack defined in 'docker-compose.yml' compose file
__docker_stack foo --compose-file docker-compose.yml
AUTHORS
-------
Ľubomír Kučera <lubomir.kucera.jr at gmail.com>
COPYING
-------
Copyright \(C) 2018 Ľubomír Kučera. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1 @@
present

View file

@ -0,0 +1,2 @@
compose-file
state

View file

@ -0,0 +1,21 @@
#!/bin/sh -e
#
# 2018 Ľubomír Kučera <lubomir.kucera.jr at gmail.com>
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
docker info 2>/dev/null | grep "^Swarm: " | cut -d " " -f 2-

View file

@ -0,0 +1,46 @@
#!/bin/sh -e
#
# 2018 Ľubomír Kučera <lubomir.kucera.jr at gmail.com>
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
state=$(cat "${__object:?}/parameter/state")
swarm_state="$(cat "${__object}/explorer/swarm-state")"
if [ -z "${swarm_state}" ]; then
echo "Unable to determine Swarm state. Is compatible version of Docker installed?" >&2
exit 1
fi
case "${state}" in
absent)
if [ "${swarm_state}" = "active" ]; then
echo "docker swarm leave --force"
fi
;;
present)
if [ "${swarm_state}" = "inactive" ]; then
echo "docker swarm init"
fi
;;
*)
echo "Unsupported state: ${state}" >&2
exit 1
;;
esac

View file

@ -0,0 +1,49 @@
cdist-type__docker_swarm(7)
===========================
NAME
----
cdist-type__docker_swarm - Manage Swarm
DESCRIPTION
-----------
This type can initialize Docker swarm mode. For more information about swarm
mode, see `Swarm mode overview <https://docs.docker.com/engine/swarm/>`_.
OPTIONAL PARAMETERS
-------------------
state
'present' or 'absent', defaults to 'present' where:
present
Swarm is initialized
absent
Swarm is left
EXAMPLES
--------
.. code-block:: sh
# Initializes a swarm
__docker_swarm
# Leaves a swarm
__docker_swarm --state absent
AUTHORS
-------
Ľubomír Kučera <lubomir.kucera.jr at gmail.com>
COPYING
-------
Copyright \(C) 2018 Ľubomír Kučera. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1 @@
present

View file

@ -0,0 +1 @@
state

View file

View file

@ -19,7 +19,7 @@ set -eu
user="$(cat "${__object}/parameter/user")"
if which getent >/dev/null 2>&1; then
if command -v getent >/dev/null 2>&1; then
line=$(getent passwd "${user}")
else
line=$(grep "^${user}:" /etc/passwd)

View file

@ -23,7 +23,7 @@ destination="/$__object_id"
state_should="$(cat "$__object/parameter/state")"
type="$(cat "$__object/explorer/type")"
[ "$state_should" = "exists" -a "$type" = "file" ] && exit 0 # nothing to do
[ "$state_should" = "exists" ] && [ "$type" = "file" ] && exit 0 # nothing to do
if [ "$state_should" = "pre-exists" ]; then
if [ -f "$__object/parameter/source" ]; then
@ -41,7 +41,7 @@ fi
upload_file=
create_file=
if [ "$state_should" = "present" -o "$state_should" = "exists" ]; then
if [ "$state_should" = "present" ] || [ "$state_should" = "exists" ]; then
if [ ! -f "$__object/parameter/source" ]; then
remote_stat="$(cat "$__object/explorer/stat")"
if [ -z "$remote_stat" ]; then
@ -70,7 +70,7 @@ if [ "$state_should" = "present" -o "$state_should" = "exists" ]; then
fi
fi
fi
if [ "$create_file" -o "$upload_file" ]; then
if [ "$create_file" ] || [ "$upload_file" ]; then
# tell gencode-remote that we created or uploaded a file and that it must
# set all attributes no matter what the explorer retreived
mkdir "$__object/files"
@ -84,7 +84,7 @@ DONE
if [ "$upload_file" ]; then
echo upload >> "$__messages_out"
# IPv6 fix
if $(echo "${__target_host}" | grep -q -E '^[0-9a-fA-F:]+$')
if echo "${__target_host}" | grep -q -E '^[0-9a-fA-F:]+$'
then
my_target_host="[${__target_host}]"
else

View file

@ -43,21 +43,20 @@ get_current_value() {
}
set_group() {
echo chgrp \"$1\" \"$destination\"
echo chgrp $1 >> "$__messages_out"
echo "chgrp '$1' '$destination'"
echo "chgrp '$1'" >> "$__messages_out"
}
set_owner() {
echo chown \"$1\" \"$destination\"
echo chown $1 >> "$__messages_out"
echo "chown '$1' '$destination'"
echo "chown '$1'" >> "$__messages_out"
}
set_mode() {
echo chmod \"$1\" \"$destination\"
echo chmod $1 >> "$__messages_out"
echo "chmod '$1' '$destination'"
echo "chmod '$1'" >> "$__messages_out"
}
set_attributes=
case "$state_should" in
present|exists|pre-exists)
# Note: Mode - needs to happen last as a chown/chgrp can alter mode by
@ -68,11 +67,11 @@ case "$state_should" in
# change 0xxx format to xxx format => same as stat returns
if [ "$attribute" = mode ]; then
value_should="$(echo $value_should | sed 's/^0\(...\)/\1/')"
value_should="$(echo "$value_should" | sed 's/^0\(...\)/\1/')"
fi
value_is="$(get_current_value "$attribute" "$value_should")"
if [ -f "$__object/files/set-attributes" -o "$value_should" != "$value_is" ]; then
if [ -f "$__object/files/set-attributes" ] || [ "$value_should" != "$value_is" ]; then
"set_$attribute" "$value_should"
fi
fi
@ -82,7 +81,7 @@ case "$state_should" in
absent)
if [ "$type" = "file" ]; then
echo rm -f \"$destination\"
echo "rm -f '$destination'"
echo remove >> "$__messages_out"
fi
;;

View file

@ -25,7 +25,7 @@ chain="$(cat "$__object/parameter/chain")"
priority="$(cat "$__object/parameter/priority")"
rule="$(cat "$__object/parameter/rule")"
if firewall-cmd --permanent --direct --query-rule "$protocol" "$table" "$chain" "$priority" $rule >/dev/null; then
if firewall-cmd --permanent --direct --query-rule "$protocol" "$table" "$chain" "$priority" "$rule" >/dev/null; then
echo present
else
echo absent

View file

@ -19,7 +19,6 @@
#
#
name="$__object_id"
state_should="$(cat "$__object/parameter/state")"
state_is="$(cat "$__object/explorer/rule")"
@ -33,13 +32,13 @@ rule="$(cat "$__object/parameter/rule")"
case "$state_should" in
present)
echo firewall-cmd --quiet --permanent --direct --add-rule \"$protocol\" \"$table\" \"$chain\" \"$priority\" $rule
echo firewall-cmd --quiet --direct --add-rule \"$protocol\" \"$table\" \"$chain\" \"$priority\" $rule
echo "firewall-cmd --quiet --permanent --direct --add-rule '$protocol' '$table' '$chain' '$priority' $rule"
echo "firewall-cmd --quiet --direct --add-rule '$protocol' '$table' '$chain' '$priority' $rule"
;;
absent)
echo firewall-cmd --quiet --permanent --direct --remove-rule \"$protocol\" \"$table\" \"$chain\" \"$priority\" $rule
echo firewall-cmd --quiet --direct --remove-rule \"$protocol\" \"$table\" \"$chain\" \"$priority\" $rule
echo "firewall-cmd --quiet --permanent --direct --remove-rule '$protocol' '$table' '$chain' '$priority' $rule"
echo "firewall-cmd --quiet --direct --remove-rule '$protocol' '$table' '$chain' '$priority' $rule"
;;
*)
echo "Unknown state $state_should" >&2

View file

@ -2,4 +2,4 @@
destination="/$__object_id/.git"
stat --print "%G" ${destination} 2>/dev/null || exit 0
stat --print "%G" "${destination}" 2>/dev/null || exit 0

View file

@ -2,4 +2,4 @@
destination="/$__object_id/.git"
stat --print "%U" ${destination} 2>/dev/null || exit 0
stat --print "%U" "${destination}" 2>/dev/null || exit 0

View file

@ -35,10 +35,10 @@ owner="$(cat "$__object/parameter/owner")"
group="$(cat "$__object/parameter/group")"
mode="$(cat "$__object/parameter/mode")"
[ "$state_should" = "$state_is" -a \
"$owner" = "$owner_is" -a \
"$group" = "$group_is" -a \
-n "$mode" ] && exit 0
[ "$state_should" = "$state_is" ] && \
[ "$owner" = "$owner_is" ] && \
[ "$group" = "$group_is" ] && \
[ -n "$mode" ] && exit 0
case $state_should in
present)
@ -46,8 +46,8 @@ case $state_should in
if [ "$state_should" != "$state_is" ]; then
echo git clone --quiet --branch "$branch" "$source" "$destination"
fi
if [ \( -n "$owner" -a "$owner_is" != "$owner" \) -o \
\( -n "$group" -a "$group_is" != "$group" \) ]; then
if { [ -n "$owner" ] && [ "$owner_is" != "$owner" ]; } || \
{ [ -n "$group" ] && [ "$group_is" != "$group" ]; }; then
echo chown -R "${owner}:${group}" "$destination"
fi
if [ -n "$mode" ]; then

3
cdist/conf/type/__go_get/explorer/go-executable Normal file → Executable file
View file

@ -1,3 +1,6 @@
#!/bin/sh
# shellcheck disable=SC1091
[ -f /etc/environment ] && . /etc/environment
# shellcheck disable=SC1091
[ -f /etc/profile ] && . /etc/profile
go version 2>/dev/null || true

View file

@ -2,7 +2,7 @@
version=$(cat "$__object/parameter/version")
kernel_name=$(cat "$__global/explorer/kernel_name" | tr '[:upper:]' '[:lower:]')
kernel_name=$(tr '[:upper:]' '[:lower:]' < "$__global/explorer/kernel_name")
machine=$(cat "$__global/explorer/machine")
case $machine in
x86_64|amd64)

View file

@ -1,3 +1,4 @@
#!/bin/sh -e
# shellcheck disable=SC2016
__line go_in_path --line 'export PATH=/usr/local/go/bin:$PATH' --file /etc/profile

View file

@ -1,50 +1,41 @@
#!/bin/sh -e
os=$(cat $__global/explorer/os)
os_version=$(cat $__global/explorer/os_version)
os=$(cat "$__global/explorer/os")
os_version=$(cat "$__global/explorer/os_version")
require=""
case $os in
debian|devuan)
case $os_version in
8*|jessie)
__apt_key_uri grafana \
--name 'Grafana Release Signing Key' \
--uri https://packagecloud.io/gpg.key
require="__apt_key_uri/grafana" __apt_source grafana \
--uri https://packagecloud.io/grafana/stable/debian/ \
--distribution jessie \
--component main
__package apt-transport-https
require="__apt_source/grafana __package/apt-transport-https" __package grafana
require="__package/grafana" __start_on_boot grafana-server
apt_source_distribution=jessie
;;
9*|ascii/ceres)
__apt_key_uri grafana \
--name 'Grafana Release Signing Key' \
--uri https://packagecloud.io/gpg.key
require="__apt_key_uri/grafana" __apt_source grafana \
--uri https://packagecloud.io/grafana/stable/debian/ \
--distribution stretch \
--component main
__package apt-transport-https
require="__apt_source/grafana __package/apt-transport-https" __package grafana
require="__package/grafana" __start_on_boot grafana-server
9*|ascii/ceres|ascii)
apt_source_distribution=stretch
;;
*)
echo "Don't know how to install Grafana on $os $os_version. Send us a pull request!"
echo "Don't know how to install Grafana on $os $os_version. Send us a pull request!" >&2
exit 1
;;
esac
__apt_key_uri grafana \
--name 'Grafana Release Signing Key' \
--uri https://packagecloud.io/gpg.key
require="$require __apt_key_uri/grafana" __apt_source grafana \
--uri https://packagecloud.io/grafana/stable/debian/ \
--distribution $apt_source_distribution \
--component main
__package apt-transport-https
require="$require __apt_source/grafana __package/apt-transport-https" __package grafana
require="$require __package/grafana" __start_on_boot grafana-server
require="$require __start_on_boot/grafana-server" __process grafana-server --start "service grafana-server start"
;;
*)
echo "Don't know how to install Grafana on $os. Send us a pull request!"
echo "Don't know how to install Grafana on $os. Send us a pull request!" >&2
exit 1
;;
esac

View file

@ -22,7 +22,7 @@
#
name=$__object_id
os="$($__explorer/os)"
os="$("$__explorer/os")"
case "$os" in
"freebsd"|"netbsd")

View file

@ -30,9 +30,9 @@ state="$(cat "$__object/parameter/state")"
# Use short option names for portability
shorten_property() {
case "$1" in
gid) echo "-g";;
password) echo "-p";;
system) echo "-r";;
gid) echo -- "-g";;
password) echo -- "-p";;
system) echo -- "-r";;
esac
}
@ -40,11 +40,9 @@ shorten_property() {
if [ "$state" = "present" ]; then
case "$os" in
freebsd)
supported_add_properties="gid"
supported_change_properties="gid"
;;
*)
supported_add_properties="gid password system"
supported_change_properties="gid password"
;;
esac
@ -63,8 +61,8 @@ if [ "$state" = "present" ]; then
;;
esac
if [ "$new_value" != "$current_value" ]; then
set -- "$@" "$(shorten_property $property)" \'$new_value\'
echo change $property $new_value $current_value >> "$__messages_out"
set -- "$@" "$(shorten_property "$property")" \'"$new_value"\'
echo "change $property $new_value $current_value" >> "$__messages_out"
fi
fi
done
@ -83,9 +81,9 @@ if [ "$state" = "present" ]; then
new_value="$(cat "$__object/parameter/$property")"
if [ -z "$new_value" ]; then
# Boolean parameters have no value
set -- "$@" "$(shorten_property $property)"
set -- "$@" "$(shorten_property "$property")"
else
set -- "$@" "$(shorten_property $property)" \'$new_value\'
set -- "$@" "$(shorten_property "$property")" \'"$new_value"\'
fi
fi
done

View file

@ -22,7 +22,7 @@
if [ -f "$__object/parameter/name" ]; then
name_should="$(cat "$__object/parameter/name")"
else
name_should="$(echo "${__target_host%%.*}")"
name_should="${__target_host%%.*}"
fi
os=$(cat "$__global/explorer/os")
@ -36,12 +36,12 @@ has_hostnamectl=$(cat "$__object/explorer/has_hostnamectl")
#
case "$os" in
archlinux|debian|suse|ubuntu|devuan|coreos)
if [ "$name_config" = "$name_should" -a "$name_running" = "$name_should" ]; then
if [ "$name_config" = "$name_should" ] && [ "$name_running" = "$name_should" ]; then
exit 0
fi
;;
scientific|centos|openbsd)
if [ "$name_sysconfig" = "$name_should" -a "$name_running" = "$name_should" ]; then
scientific|centos|freebsd|openbsd)
if [ "$name_sysconfig" = "$name_should" ] && [ "$name_running" = "$name_should" ]; then
exit 0
fi
;;
@ -59,15 +59,15 @@ echo changed >> "$__messages_out"
# Use the good old way to set the hostname even on machines running systemd.
case "$os" in
archlinux|debian|ubuntu|devuan|centos|coreos)
echo "printf '%s\n' '$name_should' > /etc/hostname"
printf "printf '%s\\n' '$name_should' > /etc/hostname\\n"
echo "hostname -F /etc/hostname"
;;
openbsd)
freebsd|openbsd)
echo "hostname '$name_should'"
;;
suse)
echo "hostname '$name_should'"
echo "printf '%s\n' '$name_should' > /etc/HOSTNAME"
printf "printf '%s\\n' '$name_should' > /etc/HOSTNAME\\n"
;;
esac

View file

@ -25,10 +25,10 @@ if [ -f "$__object/parameter/name" ]; then
else
case "$os" in
openbsd)
name_should="$(echo "${__target_host}")"
name_should="${__target_host}"
;;
*)
name_should="$(echo "${__target_host%%.*}")"
name_should="${__target_host%%.*}"
;;
esac
fi
@ -52,6 +52,13 @@ case "$os" in
--key HOSTNAME \
--value "$name_should" --exact_delimiter
;;
freebsd)
__key_value rcconf-hostname \
--file /etc/rc.conf \
--delimiter '=' \
--key 'hostname' \
--value "$name_should"
;;
openbsd)
echo "$name_should" | __file /etc/myname --source -
;;

View file

@ -28,7 +28,7 @@ install_script="$__object/files/install_script"
# Link file descriptor #6 with stdout
exec 6>&1
# Link stdout with $install_script
exec > $install_script
exec > "$install_script"
# Generate script to install bootloader on distro
printf '#!/bin/sh -l\n'

Some files were not shown because too many files have changed in this diff Show more