tom/cdist
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Compare commits

base: tom:master
Branches Tags
tom:master
tom:xymon_config-excludes
tom:xymon_client-msgcache
tom:new-type__xymon_server
tom:beta
tom:6.0
tom:feature/shell-lib
tom:monitoring-test
tom:5.1
tom:feature/support-type-deprecation
tom:5.0
tom:feature/python-types
tom:4.11
tom:4.10
tom:shellcheck
tom:4.9
tom:4.8
tom:freebsd-improvements
tom:new-prometheus
tom:key_value-onchange
tom:feature/output_streams
tom:AnotherKamila-patch-1
tom:__letsencrypt_cert-fixes
tom:letsencrypt-cron-fix
tom:4.7
tom:newtype-__letsencrypt_cert
tom:os_explorer_devuan_fix
tom:prometheus-exporter-fixes
tom:daemontools-for-fbsd
tom:type-prometheus-exporter-from-master
tom:prometheus-more-fixes
tom:4.6
tom:4.5
tom:fix-j
tom:steven-backport
tom:4.4
tom:prometheus-fixes
tom:grafana_dashboard
tom:prometheus
tom:daemontools
tom:consul_improvements
tom:feature/trigger
tom:4.3
tom:4.0-pre-not-stable
tom:4.2
tom:4.1
tom:4.0
tom:feature_install_and_preos
tom:3.1
tom:no-dot-cdist
tom:random_dot_cdist
tom:feature_yum_url
tom:feature_files_export
tom:3.0
tom:2.3
tom:2.2
tom:2.1
tom:ssh_callback
tom:2.0
tom:archive_shell_function_approach
tom:1.7
tom:1.6
tom:1.5
tom:1.4
tom:1.3
tom:1.2
tom:1.1
tom:1.0
tom:6.0.1
tom:6.0.0
tom:5.1.3
tom:5.1.2
tom:5.1.1
tom:5.1.0
tom:5.0.2
tom:5.0.1
tom:5.0.0
tom:4.11.1
tom:4.11.0
tom:4.10.11
tom:4.10.10
tom:4.10.9
tom:4.10.8
tom:4.10.7
tom:4.10.6
tom:4.10.5
tom:4.10.4
tom:4.10.3
tom:4.10.2
tom:4.10.1
tom:4.10.0
tom:4.9.1
tom:4.9.0
tom:4.8.4
tom:4.8.3
tom:4.8.2
tom:4.8.1
tom:4.8.0
tom:4.7.3
tom:4.7.2
tom:4.7.1
tom:4.7.0
tom:4.6.1
tom:4.6.0
tom:4.5.0
tom:4.4.4
tom:4.4.3
tom:4.4.2
tom:4.4.1
tom:4.4.0
tom:4.3.2
tom:4.3.1
tom:4.3.0
tom:4.2.2
tom:4.2.1
tom:4.2.0
tom:4.1.0
tom:4.0.0
tom:3.1.13
tom:tn1
tom:3.1.12
tom:3.1.11
tom:3.1.10
tom:3.1.9
tom:3.1.8
tom:3.1.7
tom:3.1.6
tom:4.0.0pre3
tom:3.1.5
tom:3.1.4
tom:3.1.3
tom:3.1.2
tom:3.1.1
tom:3.1.0
tom:4.0.0pre2
tom:3.0.9
tom:3.0.8
tom:3.0.7
tom:3.0.6
tom:3.0.5
tom:3.0.4
tom:3.0.3
tom:4.0.0pre1
tom:3.0.2
tom:3.0.1
tom:3.0.0
tom:2.3.7
tom:2.3.6
tom:2.3.5
tom:2.3.4
tom:2.3.3
tom:2.3.2
tom:2.3.1
tom:2.3.0
tom:2.2.0
tom:2.1.2
tom:2.1.1
tom:2.1.0
tom:2.1.0pre8
tom:2.1.0pre7
tom:2.1.0pre6
tom:2.0.15
tom:2.1.0pre5
tom:2.1.0pre4
tom:2.1.0pre3
tom:2.1.0pre2
tom:2.1.0pre1
tom:2.0.14
tom:2.0.13
tom:2.0.12
tom:2.0.11
tom:2.0.10
tom:2.0.9
tom:2.0.8
tom:2.0.7
tom:2.0.6
tom:2.0.5
tom:2.0.4
tom:2.0.3
tom:2.0.2
tom:2.0.1
tom:2.0.0
tom:1.7.1
tom:1.7.0
tom:1.6.2
tom:1.6.1
tom:1.6.0
tom:1.5.0
tom:1.4.1
tom:1.4.0
tom:1.3.2
tom:1.3.1
tom:1.3.0
tom:1.2.0
tom:1.1.0
tom:1.0.4
tom:1.0.3
tom:1.0.2
tom:1.0.1
tom:1.0.0
tom:0.9.9
tom:0.9.8
tom:0.9.7
tom:0.9.6
tom:0.9.5
tom:0.9.4
tom:0.9.3
tom:0.9.2
tom:0.9.1
tom:0.9
tom:0.8
tom:0.7
tom:0.6
tom:0.5
tom:0.4
tom:0.3
tom:0.2
tom:0.1
..
compare: tom:feature/support-type-deprecation
Branches Tags
tom:xymon_config-excludes
tom:xymon_client-msgcache
tom:master
tom:new-type__xymon_server
tom:beta
tom:6.0
tom:feature/shell-lib
tom:monitoring-test
tom:5.1
tom:feature/support-type-deprecation
tom:5.0
tom:feature/python-types
tom:4.11
tom:4.10
tom:shellcheck
tom:4.9
tom:4.8
tom:freebsd-improvements
tom:new-prometheus
tom:key_value-onchange
tom:feature/output_streams
tom:AnotherKamila-patch-1
tom:__letsencrypt_cert-fixes
tom:letsencrypt-cron-fix
tom:4.7
tom:newtype-__letsencrypt_cert
tom:os_explorer_devuan_fix
tom:prometheus-exporter-fixes
tom:daemontools-for-fbsd
tom:type-prometheus-exporter-from-master
tom:prometheus-more-fixes
tom:4.6
tom:4.5
tom:fix-j
tom:steven-backport
tom:4.4
tom:prometheus-fixes
tom:grafana_dashboard
tom:prometheus
tom:daemontools
tom:consul_improvements
tom:feature/trigger
tom:4.3
tom:4.0-pre-not-stable
tom:4.2
tom:4.1
tom:4.0
tom:feature_install_and_preos
tom:3.1
tom:no-dot-cdist
tom:random_dot_cdist
tom:feature_yum_url
tom:feature_files_export
tom:3.0
tom:2.3
tom:2.2
tom:2.1
tom:ssh_callback
tom:2.0
tom:archive_shell_function_approach
tom:1.7
tom:1.6
tom:1.5
tom:1.4
tom:1.3
tom:1.2
tom:1.1
tom:1.0
tom:6.0.1
tom:6.0.0
tom:5.1.3
tom:5.1.2
tom:5.1.1
tom:5.1.0
tom:5.0.2
tom:5.0.1
tom:5.0.0
tom:4.11.1
tom:4.11.0
tom:4.10.11
tom:4.10.10
tom:4.10.9
tom:4.10.8
tom:4.10.7
tom:4.10.6
tom:4.10.5
tom:4.10.4
tom:4.10.3
tom:4.10.2
tom:4.10.1
tom:4.10.0
tom:4.9.1
tom:4.9.0
tom:4.8.4
tom:4.8.3
tom:4.8.2
tom:4.8.1
tom:4.8.0
tom:4.7.3
tom:4.7.2
tom:4.7.1
tom:4.7.0
tom:4.6.1
tom:4.6.0
tom:4.5.0
tom:4.4.4
tom:4.4.3
tom:4.4.2
tom:4.4.1
tom:4.4.0
tom:4.3.2
tom:4.3.1
tom:4.3.0
tom:4.2.2
tom:4.2.1
tom:4.2.0
tom:4.1.0
tom:4.0.0
tom:3.1.13
tom:tn1
tom:3.1.12
tom:3.1.11
tom:3.1.10
tom:3.1.9
tom:3.1.8
tom:3.1.7
tom:3.1.6
tom:4.0.0pre3
tom:3.1.5
tom:3.1.4
tom:3.1.3
tom:3.1.2
tom:3.1.1
tom:3.1.0
tom:4.0.0pre2
tom:3.0.9
tom:3.0.8
tom:3.0.7
tom:3.0.6
tom:3.0.5
tom:3.0.4
tom:3.0.3
tom:4.0.0pre1
tom:3.0.2
tom:3.0.1
tom:3.0.0
tom:2.3.7
tom:2.3.6
tom:2.3.5
tom:2.3.4
tom:2.3.3
tom:2.3.2
tom:2.3.1
tom:2.3.0
tom:2.2.0
tom:2.1.2
tom:2.1.1
tom:2.1.0
tom:2.1.0pre8
tom:2.1.0pre7
tom:2.1.0pre6
tom:2.0.15
tom:2.1.0pre5
tom:2.1.0pre4
tom:2.1.0pre3
tom:2.1.0pre2
tom:2.1.0pre1
tom:2.0.14
tom:2.0.13
tom:2.0.12
tom:2.0.11
tom:2.0.10
tom:2.0.9
tom:2.0.8
tom:2.0.7
tom:2.0.6
tom:2.0.5
tom:2.0.4
tom:2.0.3
tom:2.0.2
tom:2.0.1
tom:2.0.0
tom:1.7.1
tom:1.7.0
tom:1.6.2
tom:1.6.1
tom:1.6.0
tom:1.5.0
tom:1.4.1
tom:1.4.0
tom:1.3.2
tom:1.3.1
tom:1.3.0
tom:1.2.0
tom:1.1.0
tom:1.0.4
tom:1.0.3
tom:1.0.2
tom:1.0.1
tom:1.0.0
tom:0.9.9
tom:0.9.8
tom:0.9.7
tom:0.9.6
tom:0.9.5
tom:0.9.4
tom:0.9.3
tom:0.9.2
tom:0.9.1
tom:0.9
tom:0.8
tom:0.7
tom:0.6
tom:0.5
tom:0.4
tom:0.3
tom:0.2
tom:0.1

No commits in common. "master" and "feature/support-type-deprecation" have entirely different histories.
master ... feature/su

189 changed files with 317 additions and 11982 deletions
Show stats Expand all files Collapse all files

2
.gitignore vendored
View file

@ -34,7 +34,7 @@ cdist/inventory/
# Python: cache, distutils, distribution in general
__pycache__/
*.pyc
/MANIFEST
MANIFEST
dist/
cdist/version.py
cdist.egg-info/

6
Makefile
View file

@ -31,9 +31,9 @@ help:
@echo "docs-clean clean documentation"
@echo "clean clean"
DOCS_SRC_DIR=./docs/src
SPEECHDIR=./docs/speeches
TYPEDIR=./cdist/conf/type
DOCS_SRC_DIR=docs/src
SPEECHDIR=docs/speeches
TYPEDIR=cdist/conf/type
SPHINXM=make -C $(DOCS_SRC_DIR) man
SPHINXH=make -C $(DOCS_SRC_DIR) html

5
cdist/argparse.py
View file

@ -5,7 +5,6 @@ import logging
import collections
import functools
import cdist.configuration
import cdist.preos
# set of beta sub-commands
@ -21,7 +20,6 @@ parser = None
_verbosity_level_off = -2
_verbosity_level = {
None: logging.WARNING,
_verbosity_level_off: logging.OFF,
-1: logging.ERROR,
0: logging.WARNING,
@ -424,9 +422,6 @@ def get_parsers():
parser['inventory'].set_defaults(
func=cdist.inventory.Inventory.commandline)
# PreOs
parser['preos'] = parser['sub'].add_parser('preos', add_help=False)
# Shell
parser['shell'] = parser['sub'].add_parser(
'shell', parents=[parser['loglevel']])

12
cdist/conf/explorer/hostname
View file

@ -1,6 +1,7 @@
#!/bin/sh
#
# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
# 2010-2014 Nico Schottelius (nico-cdist at schottelius.org)
# 2012 Steven Armstrong (steven-cdist at armstrong.cc)
#
# This file is part of cdist.
#
@ -18,12 +19,7 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# Retrieve the running hostname
#
if command -v hostname >/dev/null
then
hostname
else
uname -n
if command -v uname >/dev/null; then
uname -n
fi

14
cdist/conf/explorer/interfaces
View file

@ -18,11 +18,13 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
if command -v ip >/dev/null
if command -v ip > /dev/null
then
ip -o link show | sed -n 's/^[0-9]\+: \(.\+\): <.*/\1/p'
elif command -v ifconfig >/dev/null
ip -o link show | sed -n 's/^[0-9]\+: \(.\+\): <.*/\1/p'
elif command -v ifconfig > /dev/null
then
ifconfig -a | sed -n -E 's/^(.*)(:[[:space:]]*flags=|Link encap).*/\1/p'
fi \
| sort -u
ifconfig -a \
| sed -n -E 's/^(.*)(:[[:space:]]*flags=|Link encap).*/\1/p' \
| sort -u
fi

2
cdist/conf/explorer/os
View file

@ -145,7 +145,7 @@ esac
if [ -f /etc/os-release ]; then
# already lowercase, according to:
# https://www.freedesktop.org/software/systemd/man/os-release.html
awk -F= '/^ID=/ { if ($2 ~ /^'"'"'(.*)'"'"'$/ || $2 ~ /^"(.*)"$/) { print substr($2, 2, length($2) - 2) } else { print $2 } }' /etc/os-release
awk -F= '/^ID=/ {print $2;}' /etc/os-release
exit 0
fi

36
cdist/conf/type/__acl/explorer/checks → cdist/conf/type/__acl/explorer/missing_users_groups
View file

@ -18,22 +18,30 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# TODO check if filesystem has ACL turned on etc
[ ! -e "/$__object_id" ] && exit 0
if [ -f "$__object/parameter/acl" ]
then
grep -E '^(default:)?(user|group):' "$__object/parameter/acl" \
| while read -r acl
for parameter in user group
do
if [ ! -f "$__object/parameter/$parameter" ]
then
continue
fi
while read -r acl
do
param="$( echo "$acl" | awk -F: '{print $(NF-2)}' )"
check="$( echo "$acl" | awk -F: '{print $(NF-1)}' )"
check="$( echo "$acl" | awk -F: '{print $1}' )"
[ "$param" = 'user' ] && db=passwd || db="$param"
if ! getent "$db" "$check" > /dev/null
if [ "$parameter" = 'user' ]
then
echo "missing $param '$check'" >&2
exit 1
getent_db=passwd
else
getent_db="$parameter"
fi
done
fi
if ! getent "$getent_db" "$check" > /dev/null
then
echo "missing $parameter '$check'"
fi
done \
< "$__object/parameter/$parameter"
done

128
cdist/conf/type/__acl/gencode-remote
View file

@ -20,65 +20,59 @@
file_is="$( cat "$__object/explorer/file_is" )"
[ "$file_is" = 'missing' ] && [ -z "$__cdist_dry_run" ] && exit 0
[ "$file_is" = 'missing' ] && exit 0
os="$( cat "$__global/explorer/os" )"
missing_users_groups="$( cat "$__object/explorer/missing_users_groups" )"
acl_path="/$__object_id"
acl_is="$( cat "$__object/explorer/acl_is" )"
if [ -f "$__object/parameter/acl" ]
if [ -n "$missing_users_groups" ]
then
acl_should="$( cat "$__object/parameter/acl" )"
elif
[ -f "$__object/parameter/user" ] \
|| [ -f "$__object/parameter/group" ] \
|| [ -f "$__object/parameter/mask" ] \
|| [ -f "$__object/parameter/other" ]
then
acl_should="$( for param in user group mask other
do
[ ! -f "$__object/parameter/$param" ] && continue
echo "$param" | grep -Eq 'mask|other' && sep=:: || sep=:
echo "$param$sep$( cat "$__object/parameter/$param" )"
done )"
else
echo 'no parameters set' >&2
echo "$missing_users_groups" >&2
exit 1
fi
if [ -f "$__object/parameter/default" ]
os="$( cat "$__global/explorer/os" )"
acl_is="$( cat "$__object/explorer/acl_is" )"
acl_path="/$__object_id"
if [ -f "$__object/parameter/default" ] && [ "$file_is" = 'directory' ]
then
acl_should="$( echo "$acl_should" \
| sed 's/^default://' \
| sort -u \
| sed 's/\(.*\)/default:\1\n\1/' )"
set_default=1
else
set_default=0
fi
if [ "$file_is" = 'regular' ] \
&& echo "$acl_should" | grep -Eq '^default:'
then
# only directories can have default ACLs,
# but instead of error,
# let's just remove default entries
acl_should="$( echo "$acl_should" | grep -Ev '^default:' )"
fi
acl_should="$( for parameter in user group mask other
do
if [ ! -f "$__object/parameter/$parameter" ]
then
continue
fi
if echo "$acl_should" | awk -F: '{ print $NF }' | grep -Fq 'X'
then
[ "$file_is" = 'directory' ] && rep=x || rep=-
while read -r acl
do
if echo "$acl" | awk -F: '{ print $NF }' | grep -Fq 'X'
then
[ "$file_is" = 'directory' ] && rep=x || rep=-
acl_should="$( echo "$acl_should" | sed "s/\\(.*\\)X/\\1$rep/" )"
fi
acl="$( echo "$acl" | sed "s/\(.*\)X/\1$rep/" )"
fi
echo "$parameter" | grep -Eq '(mask|other)' && sep=:: || sep=:
echo "$parameter$sep$acl"
[ "$set_default" = '1' ] && echo "default:$parameter$sep$acl"
done \
< "$__object/parameter/$parameter"
done )"
setfacl_exec='setfacl'
if [ -f "$__object/parameter/recursive" ]
then
if echo "$os" | grep -Fq 'freebsd'
if echo "$os" | grep -Eq 'macosx|freebsd'
then
echo "$os setfacl do not support recursive operations" >&2
else
@ -88,36 +82,44 @@ fi
if [ -f "$__object/parameter/remove" ]
then
echo "$acl_is" | while read -r acl
do
# skip wanted ACL entries which already exist
# and skip mask and other entries, because we
# can't actually remove them, but only change.
if echo "$acl_should" | grep -Eq "^$acl" \
|| echo "$acl" | grep -Eq '^(default:)?(mask|other)'
then continue
fi
if echo "$os" | grep -Fq 'solaris'
then
# Solaris setfacl behaves differently.
# We will not support Solaris for now, because no way to test it.
# But adding support should be easy (use -s instead of -m on modify).
echo "$os setfacl do not support -x flag for ACL remove" >&2
else
echo "$acl_is" | while read -r acl
do
# Skip wanted ACL entries which already exist
# and skip mask and other entries, because we
# can't actually remove them, but only change.
if echo "$acl_should" | grep -Eq "^$acl" \
|| echo "$acl" | grep -Eq '^(default:)?(mask|other)'
then continue
fi
if echo "$os" | grep -Fq 'freebsd'
then
remove="$acl"
else
remove="$( echo "$acl" | sed 's/:...$//' )"
fi
if echo "$os" | grep -Eq 'macosx|freebsd'
then
remove="$acl"
else
remove="$( echo "$acl" | sed 's/:...$//' )"
fi
echo "$setfacl_exec -x \"$remove\" \"$acl_path\""
echo "removed '$remove'" >> "$__messages_out"
done
echo "$setfacl_exec -x \"$remove\" \"$acl_path\""
echo "removed '$remove'" >> "$__messages_out"
done
fi
fi
for acl in $acl_should
do
if ! echo "$acl_is" | grep -Eq "^$acl"
then
if echo "$os" | grep -Fq 'freebsd' \
if echo "$os" | grep -Eq 'macosx|freebsd' \
&& echo "$acl" | grep -Eq '^default:'
then
echo "setting default ACL in $os is currently not supported" >&2
echo "setting default ACL in $os is currently not supported. sorry :(" >&2
else
echo "$setfacl_exec -m \"$acl\" \"$acl_path\""
echo "added '$acl'" >> "$__messages_out"

71
cdist/conf/type/__acl/man.rst
View file

@ -8,36 +8,46 @@ cdist-type__acl - Set ACL entries
DESCRIPTION
-----------
Fully supported and tested on Linux (ext4 filesystem), partial support for FreeBSD.
ACL must be defined as 3-symbol combination, using ``r``, ``w``, ``x`` and ``-``.
Fully supported on Linux (tested on Debian and CentOS).
Partial support for FreeBSD, OSX and Solaris.
OpenBSD and NetBSD support is not possible.
See ``setfacl`` and ``acl`` manpages for more details.
REQUIRED MULTIPLE PARAMETERS
OPTIONAL MULTIPLE PARAMETERS
----------------------------
acl
Set ACL entry following ``getfacl`` output syntax.
user
Add user ACL entry.
group
Add group ACL entry.
OPTIONAL PARAMETERS
-------------------
mask
Add mask ACL entry.
other
Add other ACL entry.
BOOLEAN PARAMETERS
------------------
default
Set all ACL entries as default too.
Only directories can have default ACLs.
Setting default ACL in FreeBSD is currently not supported.
recursive
Make ``setfacl`` recursive (Linux only), but not ``getfacl`` in explorer.
default
Add default ACL entries (FreeBSD not supported).
remove
Remove undefined ACL entries.
``mask`` and ``other`` entries can't be removed, but only changed.
DEPRECATED PARAMETERS
---------------------
Parameters ``user``, ``group``, ``mask`` and ``other`` are deprecated and they
will be removed in future versions. Please use ``acl`` parameter instead.
Remove undefined ACL entries (Solaris not supported).
ACL entries for ``mask`` and ``other`` can't be removed.
EXAMPLES
@ -46,30 +56,15 @@ EXAMPLES
.. code-block:: sh
__acl /srv/project \
--default \
--recursive \
--remove \
--acl user:alice:rwx \
--acl user:bob:r-x \
--acl group:project-group:rwx \
--acl group:some-other-group:r-x \
--acl mask::r-x \
--acl other::r-x
# give Alice read-only access to subdir,
# but don't allow her to see parent content.
__acl /srv/project2 \
--remove \
--acl default:group:secret-project:rwx \
--acl group:secret-project:rwx \
--acl user:alice:--x
__acl /srv/project2/subdir \
--default \
--remove \
--acl group:secret-project:rwx \
--acl user:alice:r-x
--user alice:rwx \
--user bob:r-x \
--group project-group:rwx \
--group some-other-group:r-x \
--mask r-x \
--other r-x
AUTHORS

1
cdist/conf/type/__acl/parameter/deprecated/group
View file

@ -1 +0,0 @@
see manual for details

1
cdist/conf/type/__acl/parameter/deprecated/mask
View file

@ -1 +0,0 @@
see manual for details

1
cdist/conf/type/__acl/parameter/deprecated/other
View file

@ -1 +0,0 @@
see manual for details

1
cdist/conf/type/__acl/parameter/deprecated/user
View file

@ -1 +0,0 @@
see manual for details

1
cdist/conf/type/__acl/parameter/optional_multiple
View file

@ -1,3 +1,2 @@
acl
user
group

18
cdist/conf/type/__apt_key/explorer/state
View file

@ -27,18 +27,6 @@ else
keyid="$__object_id"
fi
keydir="$(cat "$__object/parameter/keydir")"
keyfile="$keydir/$__object_id.gpg"
if [ -d "$keydir" ]
then
if [ -f "$keyfile" ]
then echo present
else echo absent
fi
else
# fallback to deprecated apt-key
apt-key export "$keyid" | head -n 1 | grep -Fqe "BEGIN PGP PUBLIC KEY BLOCK" \
&& echo present \
|| echo absent
fi
apt-key export "$keyid" | head -n 1 | grep -Fqe "BEGIN PGP PUBLIC KEY BLOCK" \
&& echo present \
|| echo absent

76
cdist/conf/type/__apt_key/gencode-remote
View file

@ -31,84 +31,12 @@ if [ "$state_should" = "$state_is" ]; then
exit 0
fi
keydir="$(cat "$__object/parameter/keydir")"
keyfile="$keydir/$__object_id.gpg"
case "$state_should" in
present)
keyserver="$(cat "$__object/parameter/keyserver")"
if [ -f "$__object/parameter/uri" ]; then
uri="$(cat "$__object/parameter/uri")"
if [ -d "$keydir" ]; then
cat << EOF
curl -s -L \\
-o "$keyfile" \\
"$uri"
key="\$( cat "$keyfile" )"
if echo "\$key" | grep -Fq 'BEGIN PGP PUBLIC KEY BLOCK'
then
echo "\$key" | gpg --dearmor > "$keyfile"
fi
EOF
else
# fallback to deprecated apt-key
echo "curl -s -L '$uri' | apt-key add -"
fi
elif [ -d "$keydir" ]; then
tmp='/tmp/cdist_apt_key_tmp'
# we need to kill gpg after 30 seconds, because gpg
# can get stuck if keyserver is not responding.
# exporting env var and not exit 1,
# because we need to clean up and kill dirmngr.
cat << EOF
mkdir -m 700 -p "$tmp"
if timeout 30s \\
gpg --homedir "$tmp" \\
--keyserver "$keyserver" \\
--recv-keys "$keyid"
then
gpg --homedir "$tmp" \\
--export "$keyid" \\
> "$keyfile"
else
export GPG_GOT_STUCK=1
fi
GNUPGHOME="$tmp" gpgconf --kill dirmngr
rm -rf "$tmp"
if [ -n "\$GPG_GOT_STUCK" ]
then
echo "GPG GOT STUCK - no response from keyserver after 30 seconds" >&2
exit 1
fi
EOF
else
# fallback to deprecated apt-key
echo "apt-key adv --keyserver \"$keyserver\" --recv-keys \"$keyid\""
fi
echo "added '$keyid'" >> "$__messages_out"
echo "apt-key adv --keyserver \"$keyserver\" --recv-keys \"$keyid\""
;;
absent)
if [ -f "$keyfile" ]; then
echo "rm '$keyfile'"
else
# fallback to deprecated apt-key
echo "apt-key del \"$keyid\""
fi
echo "removed '$keyid'" >> "$__messages_out"
echo "apt-key del \"$keyid\""
;;
esac

17
cdist/conf/type/__apt_key/man.rst
View file

@ -28,12 +28,6 @@ keyserver
the keyserver from which to fetch the key. If omitted the default set
in ./parameter/default/keyserver is used.
keydir
key save location, defaults to ``/etc/apt/trusted.pgp.d``
uri
the URI from which to download the key
EXAMPLES
--------
@ -53,20 +47,15 @@ EXAMPLES
# same thing with other keyserver
__apt_key UbuntuArchiveKey --keyid 437D05B5 --keyserver keyserver.ubuntu.com
# download key from the internet
__apt_key rabbitmq \
--uri http://www.rabbitmq.com/rabbitmq-signing-key-public.asc
AUTHORS
-------
Steven Armstrong <steven-cdist--@--armstrong.cc>
Ander Punnar <ander-at-kvlt-dot-ee>
COPYING
-------
Copyright \(C) 2011-2019 Steven Armstrong and Ander Punnar. You can
redistribute it and/or modify it under the terms of the GNU General Public
License as published by the Free Software Foundation, either version 3 of the
Copyright \(C) 2011-2014 Steven Armstrong. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

8
cdist/conf/type/__apt_key/manifest
View file

@ -1,8 +0,0 @@
#!/bin/sh -e
__package gnupg
if [ -f "$__object/parameter/uri" ]
then __package curl
else __package dirmngr
fi

1
cdist/conf/type/__apt_key/parameter/default/keydir
View file

@ -1 +0,0 @@
/etc/apt/trusted.gpg.d

2
cdist/conf/type/__apt_key/parameter/optional
View file

@ -1,5 +1,3 @@
state
keyid
keyserver
keydir
uri

37
cdist/conf/type/__docker/manifest
View file

@ -64,43 +64,6 @@ case "$os" in
require="__apt_source/docker" __package docker-ce --state "${state}"
fi
;;
devuan)
os_version="$(cat "$__global/explorer/os_version")"
case "$os_version" in
ascii)
distribution="stretch"
;;
jessie)
distribution="jessie"
;;
*)
echo "Your devuan release ($os_version) is currently not supported by this type (${__type##*/}).">&2
echo "Please contribute an implementation for it if you can." >&2
exit 1
;;
esac
if [ "${state}" = "present" ]; then
__package apt-transport-https
__package ca-certificates
__package gnupg2
fi
__apt_key_uri docker --name "Docker Release (CE deb) <docker@docker.com>" \
--uri "https://download.docker.com/linux/${os}/gpg" --state "${state}"
require="__apt_key_uri/docker" __apt_source docker \
--uri "https://download.docker.com/linux/${os}" \
--distribution "${distribution}" \
--state "${state}" \
--component "stable"
if [ "$version" != "latest" ]; then
require="__apt_source/docker" __package docker-ce --version "${version}" --state "${state}"
else
require="__apt_source/docker" __package docker-ce --state "${state}"
fi
;;
*)
echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
echo "Please contribute an implementation for it if you can." >&2

2
cdist/conf/type/__docker_swarm/explorer/swarm-state
View file

@ -18,4 +18,4 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
docker info 2>/dev/null | grep '^ *Swarm: ' | awk '{print $2}'
docker info 2>/dev/null | grep "^Swarm: " | cut -d " " -f 2-

35
cdist/conf/type/__git/gencode-remote
View file

@ -19,34 +19,32 @@
#
#
state_is=$(cat "$__object/explorer/state")
owner_is=$(cat "$__object/explorer/owner")
group_is=$(cat "$__object/explorer/group")
state_is="$(cat "$__object/explorer/state")"
owner_is="$(cat "$__object/explorer/owner")"
group_is="$(cat "$__object/explorer/group")"
state_should=$(cat "$__object/parameter/state")
state_should="$(cat "$__object/parameter/state")"
branch=$(cat "$__object/parameter/branch")
branch="$(cat "$__object/parameter/branch")"
source=$(cat "$__object/parameter/source")
source="$(cat "$__object/parameter/source")"
destination="/$__object_id"
owner=$(cat "$__object/parameter/owner")
group=$(cat "$__object/parameter/group")
mode=$(cat "$__object/parameter/mode")
owner="$(cat "$__object/parameter/owner")"
group="$(cat "$__object/parameter/group")"
mode="$(cat "$__object/parameter/mode")"
[ -f "$__object/parameter/recursive" ] && recursive='--recurse-submodules' || recursive=''
[ -f "$__object/parameter/shallow" ] && shallow='--depth 1 --shallow-submodules' || shallow=''
[ "$state_should" = "$state_is" ] \
&& [ "$owner" = "$owner_is" ] \
&& [ "$group" = "$group_is" ] \
&& [ -n "$mode" ] && exit 0
[ "$state_should" = "$state_is" ] && \
[ "$owner" = "$owner_is" ] && \
[ "$group" = "$group_is" ] && \
[ -n "$mode" ] && exit 0
case $state_should in
present)
if [ "$state_should" != "$state_is" ]; then
echo git clone --quiet "$recursive" "$shallow" --branch "$branch" "$source" "$destination"
echo git clone --quiet --branch "$branch" "$source" "$destination"
fi
if { [ -n "$owner" ] && [ "$owner_is" != "$owner" ]; } || \
{ [ -n "$group" ] && [ "$group_is" != "$group" ]; }; then
@ -56,9 +54,8 @@ case $state_should in
echo chmod -R "$mode" "$destination"
fi
;;
# Handled in manifest
absent)
# Handled in manifest
;;
*)

6
cdist/conf/type/__git/man.rst
View file

@ -35,12 +35,6 @@ mode
owner
User to chown to.
recursive
Passes the --recurse-submodules flag to git when cloning the repository.
shallow
Sets --depth=1 and --shallow-submodules for cloning repositories with big history.
EXAMPLES
--------

2
cdist/conf/type/__git/parameter/boolean
View file

@ -1,2 +0,0 @@
recursive
shallow

19
cdist/conf/type/__grafana_dashboard/manifest
View file

@ -8,16 +8,10 @@ case $os in
debian|devuan)
case $os_version in
8*|jessie)
# Differntation not needed anymore
apt_source_distribution=stable
apt_source_distribution=jessie
;;
9*|ascii/ceres|ascii)
# Differntation not needed anymore
apt_source_distribution=stable
;;
10*)
# Differntation not needed anymore
apt_source_distribution=stable
apt_source_distribution=stretch
;;
*)
echo "Don't know how to install Grafana on $os $os_version. Send us a pull request!" >&2
@ -27,15 +21,16 @@ case $os in
__apt_key_uri grafana \
--name 'Grafana Release Signing Key' \
--uri https://packages.grafana.com/gpg.key
--uri https://packagecloud.io/gpg.key
require="$require __apt_key_uri/grafana" __apt_source grafana \
--uri https://packages.grafana.com/oss/deb \
--uri https://packagecloud.io/grafana/stable/debian/ \
--distribution $apt_source_distribution \
--component main
__package apt-transport-https
require="$require __apt_source/grafana" __apt_update_index
require="$require __package/apt-transport-https __apt_update_index" __package grafana
require="$require __apt_source/grafana __package/apt-transport-https" __package grafana
require="$require __package/grafana" __start_on_boot grafana-server
require="$require __start_on_boot/grafana-server" __process grafana-server --start "service grafana-server start"
;;

19
cdist/conf/type/__group/explorer/group
View file

@ -1,7 +1,6 @@
#!/bin/sh
#
# 2011-2015 Steven Armstrong (steven-cdist at armstrong.cc)
# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
@ -22,21 +21,7 @@
# Get an existing groups group entry.
#
not_supported() {
echo "Your operating system ($("$__explorer/os")) is currently not supported." >&2
echo "Cannot extract group information." >&2
echo "Please contribute an implementation for it if you can." >&2
exit 1
}
name=$__object_id
if command -v getent >/dev/null
then
getent group "$name" || true
elif [ -f /etc/group ]
then
grep "^${name}:" /etc/group || true
else
not_supported
fi
getent group "$name" || true

30
cdist/conf/type/__group/explorer/gshadow
View file

@ -1,7 +1,6 @@
#!/bin/sh
#
# 2011-2015 Steven Armstrong (steven-cdist at armstrong.cc)
# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
@ -23,28 +22,13 @@
#
name=$__object_id
os=$("$__explorer/os")
os="$("$__explorer/os")"
not_supported() {
echo "Your operating system ($os) is currently not supported." >&2
echo "Cannot extract group information." >&2
echo "Please contribute an implementation for it if you can." >&2
exit 1
}
case $os in
"freebsd"|"netbsd")
echo "$os does not have getent gshadow" >&2
exit 0
;;
case "$os" in
"freebsd"|"netbsd")
echo "$os does not have getent gshadow"
exit 0
;;
esac
if command -v getent >/dev/null
then
getent gshadow "$name" || true
elif [ -f /etc/gshadow ]
then
grep "^${name}:" /etc/gshadow || true
else
not_supported
fi
getent gshadow "$name" || true

2
cdist/conf/type/__hostname/explorer/has_hostnamectl
View file

@ -21,4 +21,4 @@
# Check whether system has hostnamectl
#
command -v hostnamectl 2>/dev/null || true
command -v hostnamectl || true

19
cdist/conf/type/__xymon_config/gencode-remote → cdist/conf/type/__hostname/explorer/hostname_file Normal file → Executable file
View file

@ -1,6 +1,6 @@
#!/bin/sh -e
#!/bin/sh
#
# 2018-2019 Thomas Eckert (tom at it-eckert.de)
# 2014 Nico Schottelius (nico-cdist at schottelius.org)
#
# This file is part of cdist.
#
@ -16,8 +16,15 @@
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# Retrieve the contents of /etc/hostname
#
## to speed up config-reload we send a HUP to the server process:
cat <<-EOT
pkill -HUP xymond || { echo "HUPing xymond failed" >&2; exit 1; }
EOT
# Almost any distribution
if [ -f /etc/hostname ]; then
cat /etc/hostname
# SuSE
elif [ -f /etc/HOSTNAME ]; then
cat /etc/HOSTNAME
fi

12
cdist/conf/type/__xymon_apache/explorer/active-conf → cdist/conf/type/__hostname/explorer/hostname_sysconfig
View file

@ -1,6 +1,6 @@
#!/bin/sh -e
#!/bin/sh
#
# 2018-2019 Thomas Eckert (tom at it-eckert.de)
# 2014 Nico Schottelius (nico-cdist at schottelius.org)
#
# This file is part of cdist.
#
@ -16,7 +16,11 @@
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# Retrieve the contents of /etc/hostname
#
if [ -d /etc/apache2/mods-enabled ]; then
ls -1 /etc/apache2/conf-enabled/
if [ -f /etc/sysconfig/network ]; then
awk -F= '/^HOSTNAME=/ { print $2 }' /etc/sysconfig/network
fi

10
cdist/conf/type/__hostname/explorer/max_len
View file

@ -1,10 +0,0 @@
#!/bin/sh -e
command -v getconf >/dev/null || exit 0
val=$(getconf HOST_NAME_MAX 2>/dev/null) || exit 0
if test -n "${val}" -a "${val}" != 'undefined'
then
echo "${val}"
fi

102
cdist/conf/type/__hostname/gencode-remote
View file

@ -2,7 +2,6 @@
#
# 2014-2017 Steven Armstrong (steven-cdist at armstrong.cc)
# 2014 Nico Schottelius (nico-cdist at schottelius.org)
# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
@ -20,81 +19,60 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
os=$(cat "$__global/explorer/os")
name_running=$(cat "$__global/explorer/hostname")
has_hostnamectl=$(cat "$__object/explorer/has_hostnamectl")
if test -s "$__object/parameter/name"
then
name_should=$(cat "$__object/parameter/name")
if [ -f "$__object/parameter/name" ]; then
name_should="$(cat "$__object/parameter/name")"
else
case $os
in
# RedHat-derivatives and BSDs
centos|fedora|redhat|scientific|freebsd|macosx|netbsd|openbsd)
# Hostname is FQDN
name_should="${__target_host}"
;;
*)
# Hostname is only first component of FQDN
name_should="${__target_host%%.*}"
;;
esac
name_should="${__target_host%%.*}"
fi
os=$(cat "$__global/explorer/os")
name_running=$(cat "$__global/explorer/hostname")
name_config=$(cat "$__object/explorer/hostname_file")
name_sysconfig=$(cat "$__object/explorer/hostname_sysconfig")
has_hostnamectl=$(cat "$__object/explorer/has_hostnamectl")
################################################################################
# Check if the (running) hostname is already correct
# If everything is ok -> exit
#
test "$name_running" != "$name_should" || exit 0
case "$os" in
archlinux|debian|suse|ubuntu|devuan|coreos|alpine)
if [ "$name_config" = "$name_should" ] && [ "$name_running" = "$name_should" ]; then
exit 0
fi
;;
scientific|centos|freebsd|openbsd)
if [ "$name_sysconfig" = "$name_should" ] && [ "$name_running" = "$name_should" ]; then
exit 0
fi
;;
*)
echo "Unsupported os: $os" >&2
exit 1
;;
esac
################################################################################
# Setup hostname
#
echo 'changed' >>"$__messages_out"
echo changed >> "$__messages_out"
# Use the good old way to set the hostname.
case $os
in
alpine|debian|devuan|ubuntu)
echo 'hostname -F /etc/hostname'
# Use the good old way to set the hostname even on machines running systemd.
case "$os" in
archlinux|debian|ubuntu|devuan|centos|coreos|alpine)
printf "printf '%%s\\\\n' '$name_should' > /etc/hostname\\n"
echo "hostname -F /etc/hostname"
;;
archlinux)
echo 'command -v hostnamectl >/dev/null 2>&1' \
"&& hostnamectl set-hostname '$name_should'" \
"|| hostname '$name_should'"
;;
centos|fedora|redhat|scientific|freebsd|netbsd|openbsd|gentoo|void)
freebsd|openbsd)
echo "hostname '$name_should'"
;;
macosx)
echo "scutil --set HostName '$name_should'"
;;
solaris)
echo "uname -S '$name_should'"
;;
slackware|suse|opensuse-leap)
# We do not read from /etc/HOSTNAME, because the running
# hostname is the first component only while the file contains
# the FQDN.
suse)
echo "hostname '$name_should'"
;;
*)
# Fall back to set the hostname using hostnamectl, if available.
if test -n "$has_hostnamectl"
then
# Don't use hostnamectl as the primary means to set the hostname for
# systemd systems, because it cannot be trusted to work reliably and
# exit with non-zero when it fails (e.g. hostname too long,
# D-Bus failure, etc.).
echo "hostnamectl set-hostname \"\$(cat /etc/hostname)\""
echo "test \"\$(hostname)\" = \"\$(cat /etc/hostname)\"" \
" || hostname -F /etc/hostname"
else
printf "echo 'Unsupported OS: %s' >&2\nexit 1\n" "$os"
fi
printf "printf '%%s\\\\n' '$name_should' > /etc/HOSTNAME\\n"
;;
esac
if [ "$has_hostnamectl" ]; then
# Allow hostnamectl set-hostname to fail silently.
# Who the fuck invented a tool that needs dbus to set the hostname anyway ...
echo "hostnamectl set-hostname '$name_should' || true"
fi

7
cdist/conf/type/__hostname/man.rst
View file

@ -8,10 +8,7 @@ cdist-type__hostname - Set the hostname
DESCRIPTION
-----------
Sets the hostname on various operating systems.
**Tip:** For advice on choosing a hostname, see
`RFC 1178 <https://tools.ietf.org/html/rfc1178>`_.
Set's the hostname on various operating systems.
REQUIRED PARAMETERS
@ -21,7 +18,7 @@ None.
OPTIONAL PARAMETERS
-------------------
name
The hostname to set. Defaults to the first segment of __target_host
The hostname to set. Defaults to the first segment of __target_host
(${__target_host%%.*})

177
cdist/conf/type/__hostname/manifest
View file

@ -2,7 +2,6 @@
#
# 2012 Steven Armstrong (steven-cdist at armstrong.cc)
# 2014 Nico Schottelius (nico-cdist at schottelius.org)
# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
@ -20,170 +19,50 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
not_supported() {
echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
echo "Please contribute an implementation for it if you can." >&2
exit 1
}
set_hostname_systemd() {
echo "$1" | __file /etc/hostname --source -
}
os=$(cat "$__global/explorer/os")
os_version=$(cat "$__global/explorer/os_version")
os_major=$(echo "$os_version" | grep -o '^[0-9][0-9]*')
max_len=$(cat "$__object/explorer/max_len")
has_hostnamectl=$(cat "$__object/explorer/has_hostnamectl")
if test -s "$__object/parameter/name"
then
name_should=$(cat "$__object/parameter/name")
if [ -f "$__object/parameter/name" ]; then
name_should="$(cat "$__object/parameter/name")"
else
case $os
in
# RedHat-derivatives and BSDs
centos|fedora|redhat|scientific|freebsd|netbsd|openbsd|slackware)
# Hostname is FQDN
name_should="${__target_host}"
;;
suse|opensuse-leap)
# Classic SuSE stores the FQDN in /etc/HOSTNAME, while
# systemd does not. The running hostname is the first
# component in both cases.
# In versions before 15.x, the FQDN is stored in /etc/hostname.
if test -n "$has_hostnamectl" && test "$os_major" -ge 15 \
&& test "$os_major" -ne 42
then
name_should="${__target_host%%.*}"
else
name_should="${__target_host}"
fi
;;
*)
# Hostname is only first component of FQDN on all other systems.
name_should="${__target_host%%.*}"
;;
case "$os" in
openbsd)
name_should="${__target_host}"
;;
*)
name_should="${__target_host%%.*}"
;;
esac
fi
if test -n "$max_len" && test "$(printf '%s' "$name_should" | wc -c)" -gt "$max_len"
then
printf "Host name too long. Up to %u characters allowed.\n" "${max_len}" >&2
exit 1
fi
case $os
in
alpine|debian|devuan|ubuntu|void)
echo "$name_should" | __file /etc/hostname --source -
;;
archlinux)
if test -n "$has_hostnamectl"
then
set_hostname_systemd "$name_should"
else
echo 'Ancient ArchLinux variants without hostnamectl are not supported.' >&2
exit 1
# Only for ancient ArchLinux, write to /etc/rc.conf on pre-systemd
# versions. There are some versions which use /etc/hostname but not
# systemd. It is unclear which ones these are.
not_supported() {
echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
echo "Please contribute an implementation for it if you can." >&2
exit 1
}
# __key_value '/etc/rc.conf:HOSTNAME' \
# --file /etc/rc.conf \
# --delimiter '=' --exact_delimiter \
# --key 'HOSTNAME' \
# --value "\"$name_should\""
fi
;;
centos|fedora|redhat|scientific)
if test -z "$has_hostnamectl"
then
# Only write to /etc/sysconfig/network on non-systemd versions.
# On systemd-based versions this entry is ignored.
__key_value '/etc/sysconfig/network:HOSTNAME' \
--file /etc/sysconfig/network \
--delimiter '=' --exact_delimiter \
--key HOSTNAME \
--value "\"$name_should\""
else
set_hostname_systemd "$name_should"
fi
;;
gentoo)
# Only write to /etc/conf.d/hostname on OpenRC-based installations.
# On systemd use hostnamectl(1) in gencode-remote.
if test -z "$has_hostnamectl"
then
__key_value '/etc/conf.d/hostname:hostname' \
--file /etc/conf.d/hostname \
--delimiter '=' --exact_delimiter \
--key 'hostname' \
--value "\"$name_should\""
else
set_hostname_systemd "$name_should"
fi
;;
freebsd)
__key_value '/etc/rc.conf:hostname' \
--file /etc/rc.conf \
--delimiter '=' --exact_delimiter \
--key 'hostname' \
--value "\"$name_should\""
;;
macosx)
case "$os" in
archlinux|debian|suse|ubuntu|devuan|coreos|alpine)
# handled in gencode-remote
:
;;
netbsd)
__key_value '/etc/rc.conf:hostname' \
scientific|centos)
__key_value sysconfig-hostname \
--file /etc/sysconfig/network \
--delimiter '=' \
--key HOSTNAME \
--value "$name_should" --exact_delimiter
;;
freebsd)
__key_value rcconf-hostname \
--file /etc/rc.conf \
--delimiter '=' --exact_delimiter \
--delimiter '=' \
--key 'hostname' \
--value "\"$name_should\""
# To avoid confusion, ensure that the hostname is only stored once.
__file /etc/myname --state absent
--value "$name_should"
;;
openbsd)
echo "$name_should" | __file /etc/myname --source -
;;
slackware)
# We write the FQDN into /etc/HOSTNAME. But /etc/rc.d/rc.M will only
# read the first component from this file and set it as the running
# hostname on boot.
echo "$name_should" | __file /etc/HOSTNAME --source -
;;
solaris)
echo "$name_should" | __file /etc/nodename --source -
;;
suse|opensuse-leap)
# Modern SuSE provides /etc/HOSTNAME as a symlink for
# backwards-compatibility. Unfortunately it cannot be used
# here as __file does not follow the symlink.
# Therefore, we use the presence of the hostnamectl binary as
# an indication of which file to use. This unfortunately does
# not work correctly on openSUSE 12.x which provides
# hostnamectl but not /etc/hostname.
if test -n "$has_hostnamectl" -a "$os_major" -gt 12
then
hostname_file='/etc/hostname'
else
hostname_file='/etc/HOSTNAME'
fi
echo "$name_should" | __file "$hostname_file" --source -
;;
*)
# On other operating systems we fall back to systemd's
# hostnamectl if available…
if test -n "$has_hostnamectl"
then
set_hostname_systemd "$name_should"
else
not_supported
fi
not_supported
;;
esac

15
cdist/conf/type/__letsencrypt_cert/manifest
View file

@ -7,12 +7,6 @@ if [ -z "${certbot_fullpath}" ]; then
os_version="$(cat "${__global}/explorer/os_version")"
case "$os" in
archlinux)
__package certbot
;;
alpine)
__package certbot
;;
debian)
case "$os_version" in
8*)
@ -39,10 +33,6 @@ if [ -z "${certbot_fullpath}" ]; then
require="__apt_source/stretch-backports" __package_apt certbot \
--target-release stretch-backports
;;
10*)
__package_apt certbot
;;
*)
echo "Unsupported OS version: $os_version" >&2
exit 1
@ -72,12 +62,11 @@ if [ -z "${certbot_fullpath}" ]; then
--distribution ascii-backports \
--component main
require="__apt_source/ascii-backports" __package_apt python-certbot \
--target-release ascii-backports
require="__apt_source/ascii-backports" __package_apt certbot \
--target-release ascii-backports
;;
beowulf*)
__package_apt certbot
;;
*)
echo "Unsupported OS version: $os_version" >&2
exit 1

3
cdist/conf/type/__package_update_index/explorer/currage
View file

@ -34,9 +34,6 @@ case "$type" in
echo 0
fi
;;
alpine)
echo 0
;;
*) echo "Your specified type ($type) is currently not supported." >&2
echo "Please contribute an implementation for it if you can." >&2
;;

1
cdist/conf/type/__package_update_index/explorer/type
View file

@ -26,7 +26,6 @@ else
amazon|scientific|centos|fedora|redhat) echo "yum" ;;
debian|ubuntu|devuan) echo "apt" ;;
archlinux) echo "pacman" ;;
alpine) echo "apk" ;;
*)
echo "Don't know how to manage packages on: $os" >&2
exit 1

4
cdist/conf/type/__package_update_index/gencode-remote
View file

@ -47,10 +47,6 @@ case "$type" in
echo "pacman --noprogressbar --sync --refresh"
echo "pacman package database synced (age was: $currage)" >> "$__messages_out"
;;
alpine)
echo "apk update"
echo "apk package database updated."
;;
*)
echo "Don't know how to manage packages for type: $type" >&2
exit 1

3
cdist/conf/type/__prometheus_alertmanager/manifest
View file

@ -30,7 +30,6 @@ if [ -f "$__object/parameter/install-from-backports" ]; then
*)
echo "--install-from-backports is only supported on Devuan -- ignoring." >&2
echo "Send a pull request if you require it." >&2
exit 1
;;
esac
else
@ -61,5 +60,5 @@ require="$require __directory/$storage_path $require_pkg" \
__config_file $CONF \
--source "$config" \
--group prometheus --mode 640 \
--onchange "service prometheus-alertmanager restart" # TODO when a config-check tool is available, check config here
--onchange "service prometheus-alertmanager reload" # TODO when a config-check tool is available, check config here

6
cdist/conf/type/__prometheus_exporter/manifest
View file

@ -5,11 +5,9 @@ export GOBIN=/opt/gocode/bin # where to find go binaries
exporter="$(cat "$__object/parameter/exporter")"
[ -z "$exporter" ] && exporter="$__object_id"
__user prometheus
require="__user/prometheus" __group prometheus
require="__group/prometheus" __user_groups prometheus --group prometheus
__user prometheus --system
require="__user_groups/prometheus"
require=""
case $exporter in
node)
TEXTFILES=/service/node-exporter/textfiles # path for the textfiles collector

8
cdist/conf/type/__prometheus_server/manifest
View file

@ -33,13 +33,11 @@ if [ -f "$__object/parameter/install-from-backports" ]; then
*)
echo "--install-from-backports is only supported on Devuan -- ignoring." >&2
echo "Send a pull request if you require it." >&2
exit 1
;;
esac
else
__package prometheus
__package prometheus-blackbox-exporter
require_pkg="__package/prometheus __package/prometheus-blackbox-exporter"
require_pkg="__package/prometheus"
fi
##### PREPARE PATHS AND SUCH ################################################
@ -60,7 +58,7 @@ require="$require __directory/$storage_path $require_pkg" \
__config_file $CONF \
--source "$config" \
--group prometheus --mode 640 \
--onchange "promtool check config $CONF && service prometheus restart"
--onchange "promtool check config $CONF && service prometheus reload"
for file in $rule_files; do
dest=$CONF_DIR/$(basename "$file")
@ -68,6 +66,6 @@ for file in $rule_files; do
__config_file "$dest" \
--source "$file" \
--owner prometheus \
--onchange "promtool check rules '$dest' && service prometheus restart"
--onchange "promtool check rules '$dest' && service prometheus reload"
done

131
cdist/conf/type/__sensible_editor/explorer/editor_path
View file

@ -1,131 +0,0 @@
#!/bin/sh -e
#
# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# Check if the given editor is present on the target system and determine its
# absolute path.
#
die() {
echo "$@" >&2
exit 1
}
editor_missing() { die "Editor '$1' is missing on the target system."; }
editor_no_alternative() {
die "Editor '$1' is not in the alternatives list of the target system." \
"$(test -n "${editors}" && printf '\nPlease choose one of:\n\n%s\n' "${editors}")"
}
# No need to check for the path if the file is supposed to be removed.
test "$(cat "${__object}/parameter/state")" != 'absent' || exit 0
case $("${__explorer}/os")
in
debian|devuan|ubuntu)
has_alternatives=true
# NOTE: Old versions do not support `--list`, in this case ignore the errors.
# This will require an absolute path to be provided, though.
editors=$(update-alternatives --list editor 2>/dev/null)
;;
*)
# NOTE: RedHat has an alternatives system but it doesn't usually track
# editors and it is a pain to extract the list.
has_alternatives=false
;;
esac
# Read --editor parameter and check its value since it is "optional"
editor=$(cat "${__object}/parameter/editor" 2>/dev/null) || true
test -n "${editor}" || die 'Please provide an --editor to configure.'
case $editor
in
/*)
is_abspath=true
;;
*/*)
die 'Relative editor paths are not supported'
;;
*)
is_abspath=false
;;
esac
if $has_alternatives && test -n "${editors}"
then
IFS='
'
if ! $is_abspath
then
# First, try to resolve the absolute path using $editors.
while true
do
for e in $editors
do
if test "$(basename "${e}")" = "${editor}"
then
editor="${e}"
break 2 # break out of both loops
fi
done
# Iterating through alternatives did not yield a result
editor_no_alternative "${editor}"
break
done
fi
# Check if editor is present
test -f "${editor}" || editor_missing "${editor}"
for e in $editors
do
if test "${editor}" = "${e}"
then
# Editor is part of the alternatives list -> use it!
echo "${editor}"
exit 0
fi
done
editor_no_alternative "${editor}"
else
# NOTE: This branch is mostly for RedHat-based systems which do
# not track editor alternatives. To make this type useful
# on RedHat at all we allow an absoloute path to be provided
# in any case.
if $is_abspath
then
test -x "${editor}" || editor_missing "${editor}"
echo "${editor}"
exit 0
else
die "The target doesn't list any editor alternatives. " \
"Please specify an absolute path or populate the alternatives list."
fi
fi
# The script should never reach this statement!
exit 1

26
cdist/conf/type/__sensible_editor/explorer/group
View file

@ -1,26 +0,0 @@
#!/bin/sh -e
#
# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# Determines the primary group of the user.
#
user=$__object_id
id -gn "${user}" 2>/dev/null

33
cdist/conf/type/__sensible_editor/explorer/user_home
View file

@ -1,33 +0,0 @@
#!/bin/sh -e
#
# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# Determines the home folder of the target user.
#
user=$__object_id
home=$(getent passwd "${user}" | cut -d':' -f6)
if ! test -d "${home}"
then
echo "Cannot find home directory of user ${user}" >&2
exit 1
fi
echo "${home}"

78
cdist/conf/type/__sensible_editor/man.rst
View file

@ -1,78 +0,0 @@
cdist-type__sensible_editor(7)
==============================
NAME
----
cdist-type__sensible_editor - Select the sensible-editor
DESCRIPTION
-----------
This cdist type allows you to select the :strong:`sensible-editor` for
a given user.
REQUIRED PARAMETERS
-------------------
editor
Name or path of the editor to be selected.
On systems other than Debian derivatives an absolute path is required.
It is permissible to omit this parameter if --state is absent.
OPTIONAL PARAMETERS
-------------------
state
'present', 'absent', or 'exists'. Defaults to 'present', where:
present
the sensible-editor is exactly what is specified in --editor.
absent
no sensible-editor configuration is present.
exists
the sensible-editor will be set to what is specified in --editor,
unless there already is a configuration on the target system.
EXAMPLES
--------
.. code-block:: sh
__sensible_editor root --editor /bin/ed # ed(1) is the standard
__sensible_editor noob --editor nano
LIMITATIONS
-----------
This type depends upon the :strong:`sensible-editor`\ (1) script which
is part of the sensible-utils package.
Therefore, the following operating systems are supported:
* Debian 8 (jessie) or later
* Devuan
* Ubuntu 8.10 (intrepid) or later
* RHEL/CentOS 7 or later (EPEL repo required)
* Fedora 21 or later
Note: on old versions of Ubuntu the sensible-* utils are part of the
debianutils package.
SEE ALSO
--------
:strong:`select-editor`\ (1), :strong:`sensible-editor`\ (1).
AUTHOR
-------
Dennis Camera <dennis.camera--@--ssrq-sds-fds.ch>
COPYING
-------
Copyright \(C) 2019 Dennis Camera.
You can redistribute it and/or modify it under the terms of the GNU General
Public License as published by the Free Software Foundation, either version 3 of
the License, or (at your option) any later version.

94
cdist/conf/type/__sensible_editor/manifest
View file

@ -1,94 +0,0 @@
#!/bin/sh -e
# -*- mode: sh; indent-tabs-mode: t -*-
#
# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
version_ge() {
awk -F '[^0-9.]' -v target="${1:?}" '
function max(x, y) { return x > y ? x : y; }
BEGIN {
getline;
nx = split($1, x, ".");
ny = split(target, y, ".");
for (i = 1; i <= max(nx, ny); ++i) {
diff = int(x[i]) - int(y[i]);
if (diff < 0) exit 1;
else if (diff > 0) exit 0;
else continue;
}
}'
}
not_supported() {
echo "OS ${os} does not support __sensible_editor." >&2
echo 'If it does, please provide a patch.' >&2
exit 1
}
os=$(cat "${__global}/explorer/os")
os_version=$(cat "${__global}/explorer/os_version")
state=$(cat "${__object}/parameter/state")
user=$__object_id
if test "${state}" != 'present' && test "${state}" != 'exists' && test "${state}" != 'absent'
then
echo 'Only "present", "exists", and "absent" are allowed for --state' >&2
exit 1
fi
package_name='sensible-utils'
case $os
in
debian)
pkg_type='apt'
;;
devuan)
pkg_type='apt'
;;
ubuntu)
(echo "${os_version}" | version_ge 10.04) || package_name='debianutils'
pkg_type='apt'
;;
centos|fedora|redhat|scientific)
pkg_type='yum'
;;
*)
not_supported
;;
esac
if test "${state}" != 'absent'
then
__package "${package_name}" --state present \
--type "${pkg_type}"
export require="__package/${package_name}"
fi
editor_path=$(cat "${__object}/explorer/editor_path")
user_home=$(cat "${__object}/explorer/user_home")
group=$(cat "${__object}/explorer/group")
__file "${user_home}/.selected_editor" --state "${state}" \
--owner "${user}" --group "${group}" --mode 0644 \
--source - <<EOF
# Managed by cdist
SELECTED_EDITOR="${editor_path}"
EOF

1
cdist/conf/type/__sensible_editor/parameter/default/state
View file

@ -1 +0,0 @@
present

2
cdist/conf/type/__sensible_editor/parameter/optional
View file

@ -1,2 +0,0 @@
editor
state

42
cdist/conf/type/__ssh_authorized_keys/explorer/file
View file

@ -1,7 +1,6 @@
#!/bin/sh
#
# 2014 Steven Armstrong (steven-cdist at armstrong.cc)
# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
@ -20,42 +19,9 @@
#
if [ -f "$__object/parameter/file" ]; then
cat "$__object/parameter/file"
cat "$__object/parameter/file"
else
if [ -s "$__object/parameter/owner" ]
then
owner=$(cat "$__object/parameter/owner")
else
owner="$__object_id"
fi
if command -v getent >/dev/null
then
owner_line=$(getent passwd "$owner")
elif [ -f /etc/passwd ]
then
case $owner
in
[0-9][0-9]*)
owner_line=$(awk -F: "\$3 == \"${owner}\" { print }" /etc/passwd)
;;
*)
owner_line=$(awk -F: "\$1 == \"${owner}\" { print }" /etc/passwd)
;;
esac
fi
if [ "$owner_line" ]
then
home=$(echo "$owner_line" | cut -d':' -f6)
fi
if [ ! -d "$home" ]
then
# Don't know how to determine user's home directory, fall back to ~
home="~$owner"
command -v realpath >/dev/null && home=$(realpath "$home")
fi
[ -d "$home" ] && echo "$home/.ssh/authorized_keys"
owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")"
home=$(getent passwd "$owner" | cut -d':' -f 6)
echo "$home/.ssh/authorized_keys"
fi

29
cdist/conf/type/__ssh_authorized_keys/explorer/group
View file

@ -1,7 +1,6 @@
#!/bin/sh
#
# 2014 Steven Armstrong (steven-cdist at armstrong.cc)
# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
@ -19,28 +18,6 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
if [ -s "$__object/parameter/owner" ]
then
owner=$(cat "$__object/parameter/owner")
else
owner="$__object_id"
fi
if command -v getent >/dev/null
then
gid=$(getent passwd "$owner" | cut -d':' -f4)
getent group "$gid" || true
else
# Fallback to local file scanning
case $owner
in
[0-9][0-9]*)
gid=$(awk -F: "\$3 == \"${owner}\" { print \$4 }" /etc/passwd)
;;
*)
gid=$(awk -F: "\$1 == \"${owner}\" { print \$4 }" /etc/passwd)
;;
esac
awk -F: "\$3 == \"$gid\" { print }" /etc/group
fi
owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")"
gid="$(getent passwd "$owner" | cut -d':' -f 4)"
getent group "$gid" || true

6
cdist/conf/type/__ssh_authorized_keys/manifest
View file

@ -23,12 +23,6 @@ owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")"
state="$(cat "$__object/parameter/state" 2>/dev/null)"
file="$(cat "$__object/explorer/file")"
if [ ! -f "$__object/parameter/nofile" ] && [ -z "$file" ]
then
echo "Cannot determine path of authorized_keys file" >&2
exit 1
fi
if [ ! -f "$__object/parameter/noparent" ] || [ ! -f "$__object/parameter/nofile" ]; then
group="$(cut -d':' -f 1 "$__object/explorer/group")"
if [ -z "$group" ]; then

11
cdist/conf/type/__ssh_dot_ssh/explorer/group
View file

@ -1,7 +1,6 @@
#!/bin/sh
#
# 2014 Steven Armstrong (steven-cdist at armstrong.cc)
# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
@ -19,11 +18,5 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
gid=$("$__type_explorer/passwd" | cut -d':' -f4)
if command -v getent >/dev/null
then
getent group "$gid" || true
else
awk -F: "\$3 == \"$gid\" { print }" /etc/group
fi
gid="$("$__type_explorer/passwd" | cut -d':' -f 4)"
getent group "$gid" || true

15
cdist/conf/type/__ssh_dot_ssh/explorer/passwd
View file

@ -2,7 +2,6 @@
#
# 2012 Steven Armstrong (steven-cdist at armstrong.cc)
# 2014 Nico Schottelius (nico-cdist at schottelius.org)
# 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
@ -22,16 +21,4 @@
owner="$__object_id"
if command -v getent >/dev/null
then
getent passwd "$owner" || true
else
case $owner in
[0-9][0-9]*)
awk -F: "\$3 == \"$owner\" { print }" /etc/passwd
;;
*)
grep "^$owner:" /etc/passwd || true
;;
esac
fi
getent passwd "$owner" || true

3
cdist/conf/type/__sysctl/manifest
View file

@ -2,7 +2,6 @@
#
# 2014 Steven Armstrong (steven-cdist at armstrong.cc)
# 2018 Takashi Yoshi (takashi at yoshi.email)
# 2019 Nico Schottelius (nico-cdist at schottelius.org)
#
# This file is part of cdist.
#
@ -25,7 +24,7 @@ os=$(cat "$__global/explorer/os")
case "$os" in
# Linux
alpine|redhat|centos|ubuntu|debian|devuan|archlinux|coreos)
redhat|centos|ubuntu|debian|devuan|archlinux|coreos)
:
;;
# BSD

6
cdist/conf/type/__user/explorer/group
View file

@ -23,9 +23,11 @@
if [ -f "$__object/parameter/gid" ]; then
gid=$(cat "$__object/parameter/gid")
if command -v getent >/dev/null; then
getent group "$gid" || true
getent=$(command -v getent)
if [ X != X"${getent}" ]; then
"${getent}" group "$gid" || true
elif [ -f /etc/group ]; then
grep -E "^(${gid}|([^:]+:){2}${gid}):" /etc/group || true
fi
fi

5
cdist/conf/type/__user/explorer/passwd
View file

@ -23,8 +23,9 @@
name=$__object_id
if command -v getent >/dev/null; then
getent passwd "$name" || true
getent=$(command -v getent)
if [ X != X"${getent}" ]; then
"${getent}" passwd "$name" || true
elif [ -f /etc/passwd ]; then
grep "^${name}:" /etc/passwd || true
fi

21
cdist/conf/type/__user/explorer/shadow
View file

@ -1,4 +1,4 @@
#!/bin/sh -e
#!/bin/sh
#
# 2011 Steven Armstrong (steven-cdist at armstrong.cc)
#
@ -22,19 +22,18 @@
#
name=$__object_id
os="$("$__explorer/os")"
# Default to using shadow passwords
database="shadow"
case $("$__explorer/os") in
'freebsd'|'netbsd'|'openbsd')
database='passwd'
;;
# Default to using shadow passwords
*)
database='shadow'
;;
case "$os" in
"freebsd"|"netbsd"|"openbsd") database="passwd";;
esac
if command -v getent >/dev/null; then
getent "$database" "$name" || true
getent=$(command -v getent)
if [ X != X"${getent}" ]; then
"${getent}" "$database" "$name" || true
elif [ -f /etc/shadow ]; then
grep "^${name}:" /etc/shadow || true
fi

5
cdist/conf/type/__xymon_apache/explorer/active-modules
View file

@ -1,5 +0,0 @@
#!/bin/sh -e
if [ -d /etc/apache2/mods-enabled ]; then
/usr/sbin/apachectl -t -D DUMP_MODULES | awk '/.*_module/ { gsub(/_module.*$/, ""); gsub(/^ /, ""); print }'
fi

56
cdist/conf/type/__xymon_apache/gencode-remote
View file

@ -1,56 +0,0 @@
#!/bin/sh -e
#
# 2018-2019 Thomas Eckert (tom at it-eckert.de)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
state=$(cat "$__object/parameter/state")
os=$(cat "$__global/explorer/os")
case "$os" in
debian|ubuntu)
:
;;
*)
echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
echo "Please contribute an implementation for it if you can." >&2
exit 1
;;
esac
if [ "$state" = "present" ]; then
if ! grep -q ^rewrite "$__object/explorer/active-modules"; then
echo "a2enmod rewrite >/dev/null"
echo "mod:rewrite enabled" >> "$__messages_out"
fi
if ! grep -q "^cgi$" "$__object/explorer/active-modules"; then
echo "a2enmod cgi >/dev/null"
echo "mod:cgi enabled" >> "$__messages_out"
fi
if ! grep -q ^xymon.conf "$__object/explorer/active-conf"; then
echo "a2enconf xymon >/dev/null"
echo "conf:xymon enabled" >> "$__messages_out"
fi
fi
if grep -q "^mod:.* enabled" "$__messages_out"; then
echo "systemctl restart apache2.service"
echo "apache restarted" >> "$__messages_out"
elif grep -q "^conf:xymon enabled" "$__messages_out"; then
echo "systemctl reload apache2.service"
echo "apache reloaded" >> "$__messages_out"
fi

79
cdist/conf/type/__xymon_apache/man.rst
View file

@ -1,79 +0,0 @@
cdist-type__xymon_apache(7)
===========================
NAME
----
cdist-type__xymon_apache - Configure apache2-webserver for Xymon
DESCRIPTION
-----------
This cdist type installs and configures apache2 to be used "exclusively" (in
the sense that no other use is taken care of) with Xymon (the systems and
network monitor).
It depends on `__xymon_server`.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
state
'present', 'absent', defaults to 'present'.
ipacl
IP(-ranges) that have access to the Xymon webpages and CGIs. Apache2-style
syntax suitable for `Require ip ...`. Example: `192.168.1.0/24 10.0.0.0/8`
MESSAGES
--------
mod:rewrite enabled
apache module enabled
conf:xymon enabled
apache config for xymon enabled
apache restarted
apache2.service was reloaded
apache reloaded
apache2.service was restarted
EXPLORERS
---------
active-conf
lists apache2 `conf-enabled`
active-modules
lists active apache2-modules
EXAMPLES
--------
.. code-block:: sh
# minmal, only localhost-access:
__xymon_apache
# allow more IPs to access the Xymon-webinterface:
__xymon_apache --ipacl "192.168.0.0/16 10.0.0.0/8" --state "present"
SEE ALSO
--------
:strong:`cdist__xymon_server`\ (7)
AUTHORS
-------
Thomas Eckert <tom--@--it-eckert.de>
COPYING
-------
Copyright \(C) 2018-2019 Thomas Eckert. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

42
cdist/conf/type/__xymon_apache/manifest
View file

@ -1,42 +0,0 @@
#!/bin/sh -e
#
# 2018-2019 Thomas Eckert (tom at it-eckert.de)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
state=$(cat "$__object/parameter/state")
os=$(cat "$__global/explorer/os")
case "$os" in
debian|ubuntu)
:
;;
*)
echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
echo "Please contribute an implementation for it if you can." >&2
exit 1
;;
esac
__package apache2 --state "$state"
## edit xymon.conf IP-ranges
if [ -f "$__object/parameter/ipacl" ]; then
require="__package/xymon" __line /etc/apache2/conf-available/xymon.conf \
--line " Require ip $(cat "$__object/parameter/ipacl")" \
--after "^[[:space:]]*Require local" \
--state "present"
fi

1
cdist/conf/type/__xymon_apache/parameter/default/state
View file

@ -1 +0,0 @@
present

2
cdist/conf/type/__xymon_apache/parameter/optional
View file

@ -1,2 +0,0 @@
state
ipacl

0
cdist/conf/type/__xymon_apache/singleton
View file

28
cdist/conf/type/__xymon_client/gencode-remote
View file

@ -1,28 +0,0 @@
#!/bin/sh -e
#
# 2018-2019 Thomas Eckert (tom at it-eckert.de)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
servers=$(cat "$__object/parameter/servers")
if grep -q ^__key_value/CLIENTHOSTNAME "$__messages_in" || grep -q ^__key_value/XYMONSERVERS "$__messages_in" ; then
echo "systemctl restart xymon-client"
echo "restarted" >> "$__messages_out"
cat <<-EOT
echo "xymon-client xymon-client/XYMONSERVERS string $servers" | debconf-set-selections
EOT
fi

57
cdist/conf/type/__xymon_client/man.rst
View file

@ -1,57 +0,0 @@
cdist-type__xymon_client(7)
===========================
NAME
----
cdist-type__xymon_client - Install the Xymon client
DESCRIPTION
-----------
This cdist type installs the Xymon client and configures it to report with
FQDN.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
state
'present', 'absent', defaults to 'present'.
servers
One or more IP addresses (space separated) of the Xymon server(s) to report
to. While DNS-names are ok it is discouraged, defaults to 127.0.0.1.
EXAMPLES
--------
.. code-block:: sh
# minmal, report to 127.0.0.1
__xymon_client
# specify server:
__xymon_client --servers "192.168.1.1"
SEE ALSO
--------
:strong:`cdist__xymon_server`\ (7), :strong:`xymon`\ (7)
AUTHORS
-------
Thomas Eckert <tom--@--it-eckert.de>
COPYING
-------
Copyright \(C) 2018-2019 Thomas Eckert. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

49
cdist/conf/type/__xymon_client/manifest
View file

@ -1,49 +0,0 @@
#!/bin/sh -e
#
# 2018-2019 Thomas Eckert (tom at it-eckert.de)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
state=$(cat "$__object/parameter/state")
servers=$(cat "$__object/parameter/servers")
os=$(cat "$__global/explorer/os")
case "$os" in
debian|ubuntu)
:
;;
*)
echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
echo "Please contribute an implementation for it if you can." >&2
exit 1
;;
esac
__package xymon-client --state "$state"
require="__package/xymon-client" __key_value CLIENTHOSTNAME \
--file /etc/default/xymon-client \
--value "'$__target_hostname'" \
--delimiter '=' \
--state "$state"
require="__package/xymon-client" __key_value XYMONSERVERS \
--file /etc/default/xymon-client \
--value "'$servers'" \
--delimiter '=' \
--state "$state"
## CLI-usage often requires a shell:
require="__package/xymon-client" __user xymon --shell "/bin/bash" --state "$state"

1
cdist/conf/type/__xymon_client/parameter/default/servers
View file

@ -1 +0,0 @@
127.0.0.1

1
cdist/conf/type/__xymon_client/parameter/default/state
View file

@ -1 +0,0 @@
present

2
cdist/conf/type/__xymon_client/parameter/optional
View file

@ -1,2 +0,0 @@
state
servers

0
cdist/conf/type/__xymon_client/singleton
View file

0
cdist/conf/type/__xymon_config/files/.keep
View file

57
cdist/conf/type/__xymon_config/man.rst
View file

@ -1,57 +0,0 @@
cdist-type__xymon_config(7)
===========================
NAME
----
cdist-type__xymon_config - Deploy a Xymon configuration-directory
DESCRIPTION
-----------
This cdist type deploys a full Xymon configuration directory from the files-dir
to the host. This type requires an installed Xymon server, e.g. deployed by
`__xymon_server`.
WARNING: This type _replaces_ the `/etc/xymon/`-directory! The previous
contents is replaced/deleted!
REQUIRED PARAMETERS
-------------------
confdir
The directory in `./files/` that contains the `/etc/xymon/`-content to be
deployed.
REQUIRED FILES
--------------
The directory specified by `confdir` has to contain a valid xymon-configuration
(`/etc/xymon/`) _plus_ the `ext/`-directory that normally resides in
`/usr/lib/xymon/server/`.
EXAMPLES
--------
.. code-block:: sh
__xymon_config --confdir=xymon.example.com
# this will replace /etc/xymon/ on the target host with
# the contents from __xymon_config/files/xymon.example.com/
SEE ALSO
--------
:strong:`cdist__xymon_server`\ (7), :strong:`xymon`\ (7)
AUTHORS
-------
Thomas Eckert <tom--@--it-eckert.de>
COPYING
-------
Copyright \(C) 2018-2019 Thomas Eckert. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

24
cdist/conf/type/__xymon_config/manifest
View file

@ -1,24 +0,0 @@
#!/bin/sh -e
#
# 2018-2019 Thomas Eckert (tom at it-eckert.de)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
confdir=$(cat "$__object/parameter/confdir")
__rsync /etc/xymon/ \
--source "$__type/files/$confdir/" \
--rsync-opts "delete"

1
cdist/conf/type/__xymon_config/parameter/required
View file

@ -1 +0,0 @@
confdir

0
cdist/conf/type/__xymon_config/singleton
View file

26
cdist/conf/type/__xymon_server/gencode-remote
View file

@ -1,26 +0,0 @@
#!/bin/sh -e
#
# 2018-2019 Thomas Eckert (tom at it-eckert.de)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
## "move" user-modified dirs to /etc/xymon to be managed by __xymon_config:
cat <<-EOT
if [ ! -L /usr/lib/xymon/server/ext ]; then
mv /usr/lib/xymon/server/ext /etc/xymon
ln -s /etc/xymon/ext /usr/lib/xymon/server/
fi
EOT

87
cdist/conf/type/__xymon_server/man.rst
View file

@ -1,87 +0,0 @@
cdist-type__xymon_server(7)
===========================
NAME
----
cdist-type__xymon_server - Install a Xymon server
DESCRIPTION
-----------
This cdist type installs a Xymon (https://www.xymon.com/) server and (optional)
required helper packages.
This includes the Xymon client as a dependency, so NO NEED to install
`__xymon_client` separately.
To access the webinterface a webserver is required. The cdist-type
`__xymon_apache` can be used to install and configure the apache webserver for
the use with Xymon.
Further and day-to-day configuration of Xymon can either be done manually in
`/etc/xymon/` or the directory can be deployed and managed by `__xymon_config`.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
state
'present', 'absent', defaults to 'present'. If '--install_helpers' is
specified for 'absent' the helper packages will be un-installed.
BOOLEAN PARAMETERS
------------------
install_helpers
Install helper packages used by Xymon (fping, heirloom-mailx, traceroute,
ntpdate).
EXAMPLES
--------
.. code-block:: sh
# minmal
__xymon_server
# the same
__xymon_server --state present
# also install helper packages:
__xymon_server --install_helpers
# examples to give a more complete picture: __xymon_server installed on
# `xymon.example.com` w/ IP 192.168.1.1:
#
# install webserver and grant 2 private subnets access to the webinterface:
__xymon_apache --ipacl "192.168.0.0/16 10.0.0.0/8"
# deploy server-configuration with __xymon_config:
__xymon_config --confdir=xymon.example.com
# install xymon-client on other machines (not needed on the server):
__xymon_client --servers "192.168.1.1"
SEE ALSO
--------
:strong:`cdist__xymon_apache`\ (7), :strong:`cdist__xymon_config`\ (7),
:strong:`cdist__xymon_client`\ (7), :strong:`xymon`\ (7)
AUTHORS
-------
Thomas Eckert <tom--@--it-eckert.de>
COPYING
-------
Copyright \(C) 2018-2019 Thomas Eckert. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

50
cdist/conf/type/__xymon_server/manifest
View file

@ -1,50 +0,0 @@
#!/bin/sh -e
#
# 2018-2019 Thomas Eckert (tom at it-eckert.de)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
state=$(cat "$__object/parameter/state")
if [ -f "$__object/parameter/install_helpers" ]; then
install_helpers=1
else
install_helpers=0
fi
os=$(cat "$__global/explorer/os")
case "$os" in
debian|ubuntu)
:
;;
*)
echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
echo "Please contribute an implementation for it if you can." >&2
exit 1
;;
esac
__package xymon --state "$state"
## install helper-packages/tools used by the xymon server if requested:
if [ "$install_helpers" = "1" ]; then
__package fping --state "$state"
__package heirloom-mailx --state "$state"
__package traceroute --state "$state"
__package ntpdate --state "$state"
fi
## CLI-usage often requires a shell:
require="__package/xymon" __user xymon --shell "/bin/bash" --state "$state"

1
cdist/conf/type/__xymon_server/parameter/boolean
View file

@ -1 +0,0 @@
install_helpers

1
cdist/conf/type/__xymon_server/parameter/default/state
View file

@ -1 +0,0 @@
present

1
cdist/conf/type/__xymon_server/parameter/optional
View file

@ -1 +0,0 @@
state

0
cdist/conf/type/__xymon_server/singleton
View file

10
cdist/config.py
View file

@ -767,16 +767,6 @@ class Config(object):
deprecated)
else:
self.log.warning("Type %s is deprecated.", cdist_type.name)
for param in cdist_object.parameters:
if param in cdist_type.deprecated_parameters:
msg = cdist_type.deprecated_parameters[param]
if msg:
format = "%s parameter of type %s is deprecated: %s"
args = [param, cdist_type.name, msg]
else:
format = "%s parameter of type %s is deprecated."
args = [param, cdist_type.name]
self.log.warning(format, *args)
def object_prepare(self, cdist_object, transfer_type_explorers=True):
"""Prepare object: Run type explorer + manifest"""

21
cdist/core/cdist_type.py
View file

@ -69,7 +69,6 @@ class CdistType(object):
self.__optional_multiple_parameters = None
self.__boolean_parameters = None
self.__parameter_defaults = None
self.__deprecated_parameters = None
def __hash__(self):
return hash(self.name)
@ -276,23 +275,3 @@ class CdistType(object):
finally:
self.__parameter_defaults = defaults
return self.__parameter_defaults
@property
def deprecated_parameters(self):
if not self.__deprecated_parameters:
deprecated = {}
try:
deprecated_dir = os.path.join(self.absolute_path,
"parameter",
"deprecated")
for name in cdist.core.listdir(deprecated_dir):
try:
with open(os.path.join(deprecated_dir, name)) as fd:
deprecated[name] = fd.read().strip()
except EnvironmentError:
pass # Swallow errors raised by open() or read()
except EnvironmentError:
pass # Swallow error raised by os.listdir()
finally:
self.__deprecated_parameters = deprecated
return self.__deprecated_parameters

101
cdist/preos.py
View file

@ -1,101 +0,0 @@
import os
import os.path
import sys
import inspect
import argparse
import cdist
import logging
_PREOS_CALL = "commandline"
_PREOS_NAME = "_preos_name"
_PREOS_MARKER = "_cdist_preos"
_PLUGINS_DIR = "preos"
_PLUGINS_PATH = [os.path.join(os.path.dirname(__file__), _PLUGINS_DIR), ]
cdist_home = cdist.home_dir()
if cdist_home:
cdist_home_preos = os.path.join(cdist_home, "preos")
if os.path.isdir(cdist_home_preos):
_PLUGINS_PATH.append(cdist_home_preos)
sys.path.extend(_PLUGINS_PATH)
log = logging.getLogger("PreOS")
def preos_plugin(obj):
"""It is preos if _PREOS_MARKER is True and has _PREOS_CALL."""
if hasattr(obj, _PREOS_MARKER):
is_preos = getattr(obj, _PREOS_MARKER)
else:
is_preos = False
if is_preos and hasattr(obj, _PREOS_CALL):
yield obj
def scan_preos_dir_plugins(dir):
for fname in os.listdir(dir):
if os.path.isfile(os.path.join(dir, fname)):
fname = os.path.splitext(fname)[0]
module_name = fname
try:
module = __import__(module_name)
yield from preos_plugin(module)
clsmembers = inspect.getmembers(module, inspect.isclass)
for cm in clsmembers:
c = cm[1]
yield from preos_plugin(c)
except ImportError as e:
log.warning("Cannot import '{}': {}".format(module_name, e))
def find_preos_plugins():
for dir in _PLUGINS_PATH:
yield from scan_preos_dir_plugins(dir)
def find_preoses():
preoses = {}
for preos in find_preos_plugins():
if hasattr(preos, _PREOS_NAME):
preos_name = getattr(preos, _PREOS_NAME)
else:
preos_name = preos.__name__.lower()
preoses[preos_name] = preos
return preoses
def check_root():
if os.geteuid() != 0:
raise cdist.Error("Must be run with root privileges")
class PreOS(object):
preoses = None
@classmethod
def commandline(cls, argv):
if not cls.preoses:
cls.preoses = find_preoses()
parser = argparse.ArgumentParser(
description="Create PreOS", prog="cdist preos")
parser.add_argument('preos', help='PreOS to create, one of: {}'.format(
set(cls.preoses)))
args = parser.parse_args(argv[1:2])
preos_name = args.preos
if preos_name in cls.preoses:
preos = cls.preoses[preos_name]
func = getattr(preos, _PREOS_CALL)
if inspect.ismodule(preos):
func_args = [preos, argv[2:], ]
else:
func_args = [argv[2:], ]
log.info("Running preos : {}".format(preos_name))
func(*func_args)
else:
log.error("Unknown preos: {}, available preoses: {}".format(
preos_name, set(cls.preoses.keys())))

1
cdist/preos/debootstrap/__init__.py
View file

@ -1 +0,0 @@
from debootstrap.debootstrap import Debian, Ubuntu, Devuan

239
cdist/preos/debootstrap/debootstrap.py
View file

@ -1,239 +0,0 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
#
# 2016 Darko Poljak (darko.poljak at ungleich.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
import cdist
import cdist.config
import cdist.core
import cdist.preos
import argparse
import cdist.argparse
import logging
import os
import subprocess
class Debian(object):
_preos_name = 'debian'
_cdist_preos = True
_files_dir = os.path.join(os.path.dirname(__file__), "files")
@classmethod
def default_args(cls):
default_remote_exec = os.path.join(cls._files_dir, "remote-exec.sh")
default_remote_copy = os.path.join(cls._files_dir, "remote-copy.sh")
default_init_manifest = os.path.join(
cls._files_dir, "init-manifest-{}".format(cls._preos_name))
defargs = argparse.Namespace()
defargs.arch = 'amd64'
defargs.bootstrap = False
defargs.configure = False
defargs.cdist_params = '-v'
defargs.rm_bootstrap_dir = False
defargs.suite = 'stable'
defargs.remote_exec = default_remote_exec
defargs.remote_copy = default_remote_copy
defargs.manifest = default_init_manifest
return defargs
@classmethod
def get_parser(cls):
defargs = cls.default_args()
cdist_parser = cdist.argparse.get_parsers()
parser = argparse.ArgumentParser(
prog='cdist preos {}'.format(cls._preos_name),
parents=[cdist_parser['loglevel'], cdist_parser['beta']])
parser.add_argument('target_dir', nargs=1,
help=("target directory where PreOS will be "
"bootstrapped"))
parser.add_argument(
'-a', '--arch',
help="target debootstrap architecture, by default '{}'".format(
defargs.arch), dest='arch', default=defargs.arch)
parser.add_argument(
'-B', '--bootstrap',
help='do bootstrap step',
dest='bootstrap', action='store_true', default=defargs.bootstrap)
parser.add_argument(
'-C', '--configure',
help='do configure step',
dest='configure', action='store_true', default=defargs.configure)
parser.add_argument(
'-c', '--cdist-params',
help=("parameters that will be passed to cdist config, by default"
" '{}' is used".format(defargs.cdist_params)),
dest='cdist_params', default=defargs.cdist_params)
parser.add_argument(
'-D', '--drive-boot',
help='create bootable PreOS on specified drive',
dest='drive')
parser.add_argument(
'-e', '--remote-exec',
help=("remote exec that cdist config will use, by default "
"internal script is used"),
dest='remote_exec', default=defargs.remote_exec)
parser.add_argument(
'-i', '--init-manifest',
help=("init manifest that cdist config will use, by default "
"internal init manifest is used"),
dest='manifest', default=defargs.manifest)
parser.add_argument(
'-k', '--keyfile', action="append",
help=("ssh key files that will be added to cdist config; "
"'__ssh_authorized_keys root ...' type is appended to "
"initial manifest"),
dest='keyfile')
parser.add_argument(
'-m', '--mirror',
help='use specified mirror for debootstrap',
dest='mirror')
parser.add_argument(
'-P', '--root-password',
help='Set specified password for root, generated by default',
dest='root_password')
parser.add_argument('-p', '--pxe-boot-dir', help='PXE boot directory',
dest='pxe_boot_dir')
parser.add_argument(
'-r', '--rm-bootstrap-dir',
help='remove target directory after finishing',
dest='rm_bootstrap_dir', action='store_true',
default=defargs.rm_bootstrap_dir)
parser.add_argument(
'-S', '--script',
help='use specified script for debootstrap',
dest='script')
parser.add_argument('-s', '--suite',
help="suite used for debootstrap, "
"by default '{}'".format(defargs.suite),
dest='suite', default=defargs.suite)
parser.add_argument(
'-y', '--remote-copy',
help=("remote copy that cdist config will use, by default "
"internal script is used"),
dest='remote_copy', default=defargs.remote_copy)
parser.epilog = cdist.argparse.EPILOG
return parser
@classmethod
def update_env(cls, env):
pass
@classmethod
def commandline(cls, argv):
log = logging.getLogger(cls.__name__)
parser = cls.get_parser()
args = parser.parse_args(argv)
if args.script and not args.mirror:
raise cdist.Error("script option cannot be used without "
"mirror option")
args.command = cls._preos_name
cdist.argparse.check_beta(vars(args))
cdist.preos.check_root()
args.target_dir = os.path.realpath(args.target_dir[0])
args.os = cls._preos_name
args.remote_exec = os.path.realpath(args.remote_exec)
args.remote_copy = os.path.realpath(args.remote_copy)
args.manifest = os.path.realpath(args.manifest)
if args.keyfile:
new_keyfile = [os.path.realpath(x) for x in args.keyfile]
args.keyfile = new_keyfile
if args.pxe_boot_dir:
args.pxe_boot_dir = os.path.realpath(args.pxe_boot_dir)
cdist.argparse.handle_loglevel(args)
log.debug("preos: {}, args: {}".format(cls._preos_name, args))
try:
env = vars(args)
new_env = {}
for key in env:
if key == 'verbose' and env[key]:
if env[key] >= 3:
new_env['debug'] = "yes"
elif env[key] == 2:
new_env['verbose'] = "yes"
elif not env[key]:
new_env[key] = ''
elif isinstance(env[key], bool) and env[key]:
new_env[key] = "yes"
elif isinstance(env[key], list):
val = env[key]
new_env[key + "_cnt"] = str(len(val))
for i, v in enumerate(val):
new_env[key + "_" + str(i)] = v
else:
new_env[key] = str(env[key])
env = new_env
env.update(os.environ)
cls.update_env(env)
log.debug("preos: {} env: {}".format(cls._preos_name, env))
cmd = os.path.join(cls._files_dir, "code")
info_msg = ["Running preos: {}, suite: {}, arch: {}".format(
cls._preos_name, args.suite, args.arch), ]
if args.mirror:
info_msg.append("mirror: {}".format(args.mirror))
if args.script:
info_msg.append("script: {}".format(args.script))
if args.bootstrap:
info_msg.append("bootstrapping")
if args.configure:
info_msg.append("configuring")
if args.pxe_boot_dir:
info_msg.append("creating PXE")
if args.drive:
info_msg.append("creating bootable drive")
log.info(info_msg)
log.debug("cmd={}".format(cmd))
subprocess.check_call(cmd, env=env, shell=True)
except subprocess.CalledProcessError as e:
log.error("preos {} failed: {}".format(cls._preos_name, e))
class Ubuntu(Debian):
_preos_name = "ubuntu"
@classmethod
def default_args(cls):
defargs = super().default_args()
defargs.suite = 'xenial'
return defargs
class Devuan(Debian):
_preos_name = "devuan"
@classmethod
def default_args(cls):
defargs = super().default_args()
defargs.suite = 'jessie'
return defargs
@classmethod
def update_env(cls, env):
env['DEBOOTSTRAP_DIR'] = os.path.join(cls._files_dir,
'devuan-debootstrap')

274
cdist/preos/debootstrap/files/code
View file

@ -1,274 +0,0 @@
#!/bin/sh
##
## 2016 Darko Poljak (darko.poljak at ungleich.ch)
##
## This file is part of cdist.
##
## cdist is free software: you can redistribute it and/or modify
## it under the terms of the GNU General Public License as published by
## the Free Software Foundation, either version 3 of the License, or
## (at your option) any later version.
##
## cdist is distributed in the hope that it will be useful,
## but WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
## GNU General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with cdist. If not, see <http://www.gnu.org/licenses/>.
set -e
if [ "${debug}" ]
then
set -x
cdist_params="${cdist_params} -d"
fi
bootstrap_dir="${target_dir}"
case "${os}" in
ubuntu|debian|devuan)
# nothing, those are valid values
;;
*)
echo "ERROR: invalid os value: ${os}" >&2
exit 1
;;
esac
check_bootstrap_dir() {
if [ ! -e "$1" ]
then
echo "ERROR: bootstrap directory $1 does not exist" >&2
exit 1
fi
}
# bootstrap
if [ "${bootstrap}" ]
then
if [ "${DEBOOTSTRAP_DIR}" ]
then
debootstrap_cmd="${DEBOOTSTRAP_DIR}/debootstrap"
else
command -v debootstrap 2>&1 > /dev/null || {
echo "ERROR: debootstrap not found" >&2
exit 1
}
debootstrap_cmd="debootstrap"
fi
# If PreOS on drive then do not check for directory emptiness.
# Partition can at least contain 'lost+found' directory.
if [ ! "${drive}" ]
then
if [ -e "${bootstrap_dir}" ]
then
dir_content=$(ls -A "${bootstrap_dir}" | wc -l)
else
dir_content=0
fi
if [ "${dir_content}" -ne 0 ]
then
echo "ERROR: "${bootstrap_dir}" not empty " >&2
exit 1
fi
fi
if [ "${verbose}" -o "${debug}" ]
then
echo "bootstrapping..."
fi
mkdir -p "${bootstrap_dir}"
"${debootstrap_cmd}" --include=openssh-server --arch=${arch} ${suite} ${bootstrap_dir} \
${mirror} ${script}
if [ "${verbose}" -o "${debug}" ]
then
echo "bootstrap finished"
fi
fi
chroot_mount() {
mount -t proc none "${bootstrap_dir}/proc" || true
mount -t sysfs none "${bootstrap_dir}/sys" || true
mount -o bind /dev "${bootstrap_dir}/dev" || true
mount -t devpts none "${bootstrap_dir}/dev/pts" || true
}
chroot_umount() {
umount "${bootstrap_dir}/dev/pts" || true
umount "${bootstrap_dir}/dev" || true
umount "${bootstrap_dir}/sys" || true
umount "${bootstrap_dir}/proc" || true
}
TRAPFUNC="umount \"${bootstrap_dir}/dev/pts\" || true; \
umount \"${bootstrap_dir}/dev\" || true; \
umount \"${bootstrap_dir}/sys\" || true; \
umount \"${bootstrap_dir}/proc\" || true;"
# config
if [ "${configure}" ]
then
if [ ! -f "${manifest}" ]
then
echo "ERROR: ${manifest} does not exist" >&2
exit 1
fi
if [ ! -f "${remote_exec}" ]
then
echo "ERROR: ${remote_exec} does not exist" >&2
exit 1
fi
if [ ! -f "${remote_copy}" ]
then
echo "ERROR: ${remote_copy} does not exist" >&2
exit 1
fi
if [ "${keyfile_cnt}" -a "${keyfile_cnt}" -gt 0 ]
then
i="$((keyfile_cnt - 1))"
keyfiles=""
while [ "${i}" -ge 0 ]
do
kf_var="keyfile_${i}"
eval kf='$'"${kf_var}"
if [ ! -f "${kf}" ]
then
echo "ERROR: ${kf} does not exist" >&2
exit 1
fi
key=$(cat "${kf}")
keyfiles="${keyfiles} --key '${key}'"
i=$((i - 1))
done
ssh_auth_keys_line="__ssh_authorized_keys root ${keyfiles}\n"
else
ssh_auth_keys_line=""
fi
check_bootstrap_dir "${bootstrap_dir}"
if [ "${verbose}" -o "${debug}" ]
then
echo "configuring..."
fi
trap "${TRAPFUNC}" 0 1 2 3 15
chroot_mount
chroot "${bootstrap_dir}" /usr/bin/apt-get update
if [ "${drive}" ]
then
grub_manifest_line="__package grub-pc --state present\n"
grub_kern_params_line="__line linux_kernel_params \
--file /etc/default/grub \
--line 'GRUB_CMDLINE_LINUX_DEFAULT=\"quiet splash net.ifnames=0\"'\n"
else
grub_manifest_line=""
grub_kern_params_line=""
fi
grub_lines="${grub_manifest_line}${grub_kern_params_line}"
printf "${ssh_auth_keys_line}${grub_lines}" \
| cat "${manifest}" - |\
cdist config \
${cdist_params} -i - \
--remote-exec "${remote_exec}" \
--remote-copy "${remote_copy}" \
"${bootstrap_dir}"
# __hostname with systmed uses hostnamectl which needs dbus running
# set hostname explicitly here instead
printf "preos\n" > "${bootstrap_dir}/etc/hostname"
chroot "${bootstrap_dir}" /usr/bin/apt-get autoclean
chroot "${bootstrap_dir}" /usr/bin/apt-get clean
chroot "${bootstrap_dir}" /usr/bin/apt-get autoremove
chroot_umount
trap - 0 1 2 3 15
if [ "${verbose}" -o "${debug}" ]
then
echo "configuring finished"
fi
fi
if [ "${pxe_boot_dir}" ]
then
check_bootstrap_dir "${bootstrap_dir}"
if [ "${verbose}" -o "${debug}" ]
then
echo "creating pxe..."
fi
mkdir -p "${pxe_boot_dir}"
cp "${bootstrap_dir}"/boot/vmlinuz-* "${pxe_boot_dir}/kernel"
cd "${bootstrap_dir}"
find . -print0 | cpio --null -o --format=newc | gzip -9 > "${pxe_boot_dir}/initramfs"
mkdir -p "${pxe_boot_dir}/pxelinux.cfg"
cat <<EOPXEF > "${pxe_boot_dir}/pxelinux.cfg/default"
DEFAULT preos
LABEL preos
KERNEL kernel
APPEND utf8 load_ramdisk=1 root=/dev/ram nofb initrd=initramfs console=ttyS1,115200 net.ifnames=0
EOPXEF
cp "${bootstrap_dir}/usr/lib/PXELINUX/pxelinux.0" "${pxe_boot_dir}/pxelinux.0"
cp "${bootstrap_dir}/usr/lib/syslinux/modules/bios/ldlinux.c32" \
"${pxe_boot_dir}/ldlinux.c32"
# network boot need all files world readable
chmod -R 644 "${pxe_boot_dir}"/*
if [ "${verbose}" -o "${debug}" ]
then
echo "pxe creation finished"
fi
fi
if [ "${drive}" ]
then
trap "${TRAPFUNC}" 0 1 2 3 15
chroot_mount
chroot "${bootstrap_dir}" grub-install ${drive}
chroot "${bootstrap_dir}" /bin/sh -c "GRUB_DISABLE_OS_PROBER=true update-grub"
# set root password
if [ ! "${root_password}" ]
then
if ! which strings >/dev/null 2>&1
then
printf "strings is missing\n" >&2
exit 1
fi
root_password="$(head -n 1000 /dev/urandom | strings | \
grep -o '[[:alnum:]]' | head -n 30 | tr -d '\n')"
printf "Generated root password (without quotes):'${root_password}'\n"
fi
chroot "${bootstrap_dir}" /bin/sh -c "echo \"root:${root_password}\" | \
chpasswd"
# /etc/securetty must not be world writeable.
chmod 644 "${bootstrap_dir}"/etc/securetty
chroot_umount
trap - 0 1 2 3 15
fi
if [ "${rm_bootstrap_dir}" ]
then
if [ "${verbose}" -o "${debug}" ]
then
echo "removing bootstrap dir..."
fi
rm -r -f "${bootstrap_dir}"
if [ "${verbose}" -o "${debug}" ]
then
echo "removing bootstrap dir finished"
fi
fi

18
cdist/preos/debootstrap/files/devuan-debootstrap/Makefile
View file

@ -1,18 +0,0 @@
# avoid dpkg-dev dependency; fish out the version with sed
VERSION := $(shell sed 's/.*(\(.*\)).*/\1/; q' debian/changelog)
all:
clean:
DSDIR=$(DESTDIR)/usr/share/debootstrap
install:
mkdir -p $(DSDIR)/scripts
mkdir -p $(DESTDIR)/usr/sbin
cp -a scripts/* $(DSDIR)/scripts/
install -o root -g root -m 0644 functions $(DSDIR)/
sed 's/@VERSION@/$(VERSION)/g' debootstrap >$(DESTDIR)/usr/sbin/debootstrap
chown root:root $(DESTDIR)/usr/sbin/debootstrap
chmod 0755 $(DESTDIR)/usr/sbin/debootstrap

65
cdist/preos/debootstrap/files/devuan-debootstrap/README
View file

@ -1,65 +0,0 @@
README for debootstrap
======================
See the manpage for (some) documentation.
Running debootstrap from source
-------------------------------
You can run debootstrap from its source tree without installing it. This
can be useful if you want a quick way to make a Debian chroot on another
system, or if you are testing modifications to debootstrap.
First, get the source.
* Either by using git
git clone https://anonscm.debian.org/git/d-i/debootstrap.git
* Or by visiting <https://packages.debian.org/source/sid/debootstrap>
and downloading the tar.gz file
Then in the debootstrap source directory:
export DEBOOTSTRAP_DIR=`pwd`
sudo ./debootstrap stable my-stable-dir
If you are running a multi-stage boot strap (for example for a QEMU
rootfs) you don't even need root:
export DEBOOTSTRAP_DIR=`pwd`
fakeroot ./debootstrap --foreign --arch=armhf testing my-testing-dir http://deb.debian.org/debian
Of course you will need to execute the second stage as root to finish the bootstrap:
(on foreign hardware)
/debootstrap/debootstrap --second-stage
Future
------
* Cross-strap support - so you can bootstrap a filesystem to the
point where it will successfully boot, and finish installing itself
without having to be running the target architecture or OS yourself.
debootstrap --arch powerpc sarge ./sarge-ppc-chroot ...
on an i386 system, boot a powerpc box with sarge-ppc-chroot as its
root files system, and have it "work". The cross-hurd package does
something similar, and should be replaced by this feature.
* There should be some (better) way of telling debootstrap what "base"
packages you want to install -- this varies between making a chroot,
doing an install, and doing a buildd. Also, some installs want
different base packages (to setup networking, or kernels, eg)
NMUing
------
If there's a problem with debootstrap that you need fixed, feel free to do
an NMU to fix it. Usual rules: try not to break anything, and mail the
patch to the BTS. Don't worry about asking first though.
However, note that debootstrap is now team maintained. Anyone in d-i can do
a release without the bother of a NMU.

11
cdist/preos/debootstrap/files/devuan-debootstrap/TODO
View file

@ -1,11 +0,0 @@
Features:
++ second stage via chroot debootstrap/debootstrap
++ debootstrap/deb file to record deb destinations/information
-- configuration file
-- versus command line
-- support for sources (vs mirrors)
-- faux-pinning for packages
++ makedev in second stage

6
cdist/preos/debootstrap/files/devuan-debootstrap/debian/.gitignore vendored
View file

@ -1,6 +0,0 @@
debootstrap
debootstrap-udeb
files
*.debhelper.log
*.substvars

15
cdist/preos/debootstrap/files/devuan-debootstrap/debian/README.DevuanSource
View file

@ -1,15 +0,0 @@
To sync up with debians source for inspiration you should run the following:
`git remote add alioth-git git://anonscm.debian.org/d-i/debootstrap.git`
`git fetch alioth-git`
After that you can either cherry-pick or merge releases from debian. To
merge a release, it's do:
`git tag` to list the release tags
and
`git merge <tag>`
followed by all the fixups and then commit with an appropriate message like
"Merging Release <tag> from debian"
Copyright 2016 Daniel Reurich <daniel@centurion.net.nz>

2655
cdist/preos/debootstrap/files/devuan-debootstrap/debian/changelog
View file

File diff suppressed because it is too large Load diff

1
cdist/preos/debootstrap/files/devuan-debootstrap/debian/compat
View file

@ -1 +0,0 @@
9

26
cdist/preos/debootstrap/files/devuan-debootstrap/debian/control
View file

@ -1,26 +0,0 @@
Source: debootstrap
Section: admin
Priority: extra
Maintainer: Franco (nextime) Lanza <nextime@devuan.org>
Uploaders: Franco (nextime) Lanza <nextime@devuan.org>, Daniel Reurich <daniel@centurion.net.nz>
Build-Depends: debhelper (>= 9), makedev (>= 2.3.1-69) [linux-any], git
Standards-Version: 3.9.8
Vcs-Browser: https://git.devuan.org/devuan-packages/debootstrap
Vcs-Git: https://git.devuan.org/devuan-packages/debootstrap.git
Package: debootstrap
Architecture: all
Depends: ${misc:Depends}, wget
Recommends: gnupg, ${keyring}, devuan-keyring
Description: Bootstrap a basic Devuan system
debootstrap is used to create a Devuan base system from scratch,
without requiring the availability of dpkg or apt. It does this by
downloading .deb files from a mirror site, and carefully unpacking them
into a directory which can eventually be chrooted into.
Package: debootstrap-udeb
Section: debian-installer
Package-Type: udeb
Architecture: all
Depends: ${misc:Depends}, mounted-partitions
Description: Bootstrap the Devuan system

30
cdist/preos/debootstrap/files/devuan-debootstrap/debian/copyright
View file

@ -1,30 +0,0 @@
This package was debianized by Anthony Towns <ajt@debian.org> on
Tue, 30 Jan 2001 10:54:45 +1000.
It was written from scratch for Debian by Anthony Towns <ajt@debian.org>
based loosely on the code for constructing base tarballs as part of the
boot-floppies package.
Copyright:
Copyright (c) 2001-2005 Anthony Towns
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

1
cdist/preos/debootstrap/files/devuan-debootstrap/debian/debootstrap.docs
View file

@ -1 +0,0 @@
README

Some files were not shown because too many files have changed in this diff Show more