Commit 2d8afe0d authored by Nico Schottelius's avatar Nico Schottelius

Merge branch 'master' of code.ungleich.ch:ungleich-public/cdist

parents f3237e5d 87f30b60
...@@ -20,7 +20,13 @@ ...@@ -20,7 +20,13 @@
file_is="$( cat "$__object/explorer/file_is" )" file_is="$( cat "$__object/explorer/file_is" )"
[ "$file_is" = 'missing' ] && [ -z "$__cdist_dry_run" ] && exit 0 if [ "$file_is" = 'missing' ] \
&& [ -z "$__cdist_dry_run" ] \
&& \( [ ! -f "$__object/parameter/file" ] \
|| [ ! -f "$__object/parameter/directory" ] \)
then
exit 0
fi
os="$( cat "$__global/explorer/os" )" os="$( cat "$__global/explorer/os" )"
...@@ -28,7 +34,20 @@ acl_path="/$__object_id" ...@@ -28,7 +34,20 @@ acl_path="/$__object_id"
acl_is="$( cat "$__object/explorer/acl_is" )" acl_is="$( cat "$__object/explorer/acl_is" )"
if [ -f "$__object/parameter/acl" ] if [ -f "$__object/parameter/source" ]
then
acl_source="$( cat "$__object/parameter/source" )"
if [ "$acl_source" = '-' ]
then
acl_should="$( cat "$__object/stdin" )"
else
acl_should="$( grep -Ev '^#|^$' "$acl_source" )"
fi
elif [ -f "$__object/parameter/entry" ]
then
acl_should="$( cat "$__object/parameter/entry" )"
elif [ -f "$__object/parameter/acl" ]
then then
acl_should="$( cat "$__object/parameter/acl" )" acl_should="$( cat "$__object/parameter/acl" )"
elif elif
......
...@@ -15,10 +15,24 @@ See ``setfacl`` and ``acl`` manpages for more details. ...@@ -15,10 +15,24 @@ See ``setfacl`` and ``acl`` manpages for more details.
REQUIRED MULTIPLE PARAMETERS REQUIRED MULTIPLE PARAMETERS
---------------------------- ----------------------------
acl entry
Set ACL entry following ``getfacl`` output syntax. Set ACL entry following ``getfacl`` output syntax.
OPTIONAL PARAMETERS
-------------------
source
Read ACL entries from stdin or file.
Ordering of entries is not important.
When reading from file, comments and empty lines are ignored.
file
Create/change file with ``__file`` using ``user:group:mode`` pattern.
directory
Create/change directory with ``__directory`` using ``user:group:mode`` pattern.
BOOLEAN PARAMETERS BOOLEAN PARAMETERS
------------------ ------------------
default default
...@@ -36,8 +50,8 @@ remove ...@@ -36,8 +50,8 @@ remove
DEPRECATED PARAMETERS DEPRECATED PARAMETERS
--------------------- ---------------------
Parameters ``user``, ``group``, ``mask`` and ``other`` are deprecated and they Parameters ``acl``, ``user``, ``group``, ``mask`` and ``other`` are deprecated and they
will be removed in future versions. Please use ``acl`` parameter instead. will be removed in future versions. Please use ``entry`` parameter instead.
EXAMPLES EXAMPLES
...@@ -49,27 +63,38 @@ EXAMPLES ...@@ -49,27 +63,38 @@ EXAMPLES
--default \ --default \
--recursive \ --recursive \
--remove \ --remove \
--acl user:alice:rwx \ --entry user:alice:rwx \
--acl user:bob:r-x \ --entry user:bob:r-x \
--acl group:project-group:rwx \ --entry group:project-group:rwx \
--acl group:some-other-group:r-x \ --entry group:some-other-group:r-x \
--acl mask::r-x \ --entry mask::r-x \
--acl other::r-x --entry other::r-x
# give Alice read-only access to subdir, # give Alice read-only access to subdir,
# but don't allow her to see parent content. # but don't allow her to see parent content.
__acl /srv/project2 \ __acl /srv/project2 \
--remove \ --remove \
--acl default:group:secret-project:rwx \ --entry default:group:secret-project:rwx \
--acl group:secret-project:rwx \ --entry group:secret-project:rwx \
--acl user:alice:--x --entry user:alice:--x
__acl /srv/project2/subdir \ __acl /srv/project2/subdir \
--default \ --default \
--remove \ --remove \
--acl group:secret-project:rwx \ --entry group:secret-project:rwx \
--acl user:alice:r-x --entry user:alice:r-x
# read acl from stdin
echo 'user:alice:rwx' \
| __acl /path/to/directory --source -
# create/change directory too
__acl /path/to/directory \
--default \
--remove \
--directory root:root:770 \
--entry user:nobody:rwx
AUTHORS AUTHORS
......
#!/bin/sh -e
for p in file directory
do
[ ! -f "$__object/parameter/$p" ] && continue
"__$p" "/$__object_id" \
--owner "$( awk -F: '{print $1}' "$__object/parameter/$p" )" \
--group "$( awk -F: '{print $2}' "$__object/parameter/$p" )" \
--mode "$( awk -F: '{print $3}' "$__object/parameter/$p" )"
done
mask mask
other other
source
file
directory
cdist-type__apt_unattended_upgrades(7)
======================================
NAME
----
cdist-type__apt_unattended_upgrades - automatic installation of updates
DESCRIPTION
-----------
Install and configure unattended-upgrades package.
For more information see https://wiki.debian.org/UnattendedUpgrades.
OPTIONAL MULTIPLE PARAMETERS
----------------------------
option
Set options for unattended-upgrades. See examples.
Supported options with default values (as of 2020-01-17) are:
- AutoFixInterruptedDpkg, default is "true"
- MinimalSteps, default is "true"
- InstallOnShutdown, default is "false"
- Mail, default is "" (empty)
- MailOnlyOnError, default is "false"
- Remove-Unused-Kernel-Packages, default is "true"
- Remove-New-Unused-Dependencies, default is "true"
- Remove-Unused-Dependencies, default is "false"
- Automatic-Reboot, default is "false"
- Automatic-Reboot-WithUsers, default is "true"
- Automatic-Reboot-Time, default is "02:00"
- SyslogEnable, default is "false"
- SyslogFacility, default is "daemon"
- OnlyOnACPower, default is "true"
- Skip-Updates-On-Metered-Connections, default is "true"
- Verbose, default is "false"
- Debug, default is "false"
blacklist
Python regular expressions, matching packages to exclude from upgrading.
EXAMPLES
--------
.. code-block:: sh
__apt_unattended_upgrades \
--option Mail=root \
--option MailOnlyOnError=true \
--blacklist multipath-tools \
--blacklist open-iscsi
AUTHORS
-------
Ander Punnar <ander-at-kvlt-dot-ee>
COPYING
-------
Copyright \(C) 2020 Ander Punnar. You can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the Free
Software Foundation, either version 3 of the License, or (at your option) any
later version.
#!/bin/sh -e
#
# 2020 Ander Punnar (ander-at-kvlt-dot-ee)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
__package unattended-upgrades
export require='__package/unattended-upgrades'
# in normal circumstances 20auto-upgrades is managed
# by debconf and it can only contain these lines
__file /etc/apt/apt.conf.d/20auto-upgrades \
--owner root \
--group root \
--mode 644 \
--source - << EOF
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
EOF
# lets not write into upstream 50unattended-upgrades file,
# but use our own config file to avoid clashes
conf_file='/etc/apt/apt.conf.d/51unattended-upgrades-cdist'
conf='# this file is managed by cdist'
if [ -f "$__object/parameter/option" ]
then
o=''
while read -r l
do
o="$( printf '%s\nUnattended-Upgrade::%s "%s";\n' "$o" "${l%%=*}" "${l#*=}" )"
done \
< "$__object/parameter/option"
conf="$( printf '%s\n%s\n' "$conf" "$o" )"
fi
if [ -f "$__object/parameter/blacklist" ]
then
b='Unattended-Upgrade::Package-Blacklist {'
while read -r l
do
b="$( printf '%s\n"%s";\n' "$b" "$l" )"
done \
< "$__object/parameter/blacklist"
conf="$( printf '%s\n%s\n}\n' "$conf" "$b" )"
fi
if [ "$( echo "$conf" | wc -l )" -gt 1 ]
then
echo "$conf" \
| __file "$conf_file" \
--owner root \
--group root \
--mode 644 \
--source -
else
__file "$conf_file" --state absent
fi
#!/bin/sh -e #!/bin/sh -e
# #
# 2018 Steven Armstrong (steven-cdist at armstrong.cc) # 2018 Steven Armstrong (steven-cdist at armstrong.cc)
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
# #
# This file is part of cdist. # This file is part of cdist.
# #
...@@ -18,6 +19,14 @@ ...@@ -18,6 +19,14 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
if [ -f "$__object/parameter/file" ]; then
file=$(cat "$__object/parameter/file")
else
file="/$__object_id"
fi
[ -f "$file" ] || exit 0
if [ -f "$__object/parameter/before" ]; then if [ -f "$__object/parameter/before" ]; then
position="before" position="before"
elif [ -f "$__object/parameter/after" ]; then elif [ -f "$__object/parameter/after" ]; then
...@@ -33,63 +42,56 @@ else ...@@ -33,63 +42,56 @@ else
needle="line" needle="line"
fi fi
if [ -f "$__object/parameter/file" ]; then
file="$(cat "$__object/parameter/file")"
else
file="/$__object_id"
fi
if [ ! -f "$file" ]; then
echo "file_missing"
exit 0
fi
awk -v position="$position" -v needle="$needle" ' awk -v position="$position" -v needle="$needle" '
function _find(_text, _pattern) { function _find(_text, _pattern) {
if (needle == "regex") { if (needle == "regex") {
return match(_text, _pattern) return match(_text, _pattern)
} else { } else {
return index(_text, _pattern) return index(_text, _pattern) == 1
} }
} }
BEGIN { BEGIN {
getline anchor < (ENVIRON["__object"] "/parameter/" position) getline anchor < (ENVIRON["__object"] "/parameter/" position)
getline pattern < (ENVIRON["__object"] "/parameter/" needle) getline pattern < (ENVIRON["__object"] "/parameter/" needle)
state = "absent"
found_line = 0
correct_pos = (position != "after" && position != "before")
} }
{ {
if (position == "after") { if (position == "after") {
if (match($0, anchor)) { if (match($0, anchor)) {
getline getline
if (_find($0, pattern)) { if (_find($0, pattern)) {
state = "present" found_line++
} correct_pos = 1
else { exit 0
state = "wrongposition"
} }
exit 0 } else if (_find($0, pattern)) {
found_line++
} }
} } else if (position == "before") {
else if (position == "before") {
if (_find($0, pattern)) { if (_find($0, pattern)) {
found_line++
getline getline
if (match($0, anchor)) { if (match($0, anchor)) {
state = "present" correct_pos = 1
} exit 0
else {
state = "wrongposition"
} }
exit 0
} }
} } else {
else {
if (_find($0, pattern)) { if (_find($0, pattern)) {
state = "present" found_line++
exit 0 exit 0
} }
} }
} }
END { END {
print state if (found_line && correct_pos) {
print "present"
} else if (found_line) {
print "wrongposition"
} else {
print "absent"
}
} }
' "$file" ' "$file"
#!/bin/sh -e #!/bin/sh -e
# #
# 2018 Steven Armstrong (steven-cdist at armstrong.cc) # 2018 Steven Armstrong (steven-cdist at armstrong.cc)
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
# #
# This file is part of cdist. # This file is part of cdist.
# #
...@@ -23,9 +24,20 @@ if [ -f "$__object/parameter/before" ] && [ -f "$__object/parameter/after" ]; th ...@@ -23,9 +24,20 @@ if [ -f "$__object/parameter/before" ] && [ -f "$__object/parameter/after" ]; th
exit 1 exit 1
fi fi
if [ -f "$__object/parameter/file" ]; then
file="$(cat "$__object/parameter/file")"
else
file="/$__object_id"
fi
state_should="$(cat "$__object/parameter/state")" state_should="$(cat "$__object/parameter/state")"
state_is="$(cat "$__object/explorer/state")" state_is="$(cat "$__object/explorer/state")"
if [ -z "$state_is" ]; then
printf 'The file "%s" is missing. Please create it before using %s on it.\n' "$file" "${__type##*/}" >&2
exit 1
fi
if [ "$state_should" = "$state_is" ]; then if [ "$state_should" = "$state_is" ]; then
# nothing to do # nothing to do
exit 0 exit 0
...@@ -46,12 +58,6 @@ else ...@@ -46,12 +58,6 @@ else
needle="line" needle="line"
fi fi
if [ -f "$__object/parameter/file" ]; then
file="$(cat "$__object/parameter/file")"
else
file="/$__object_id"
fi
add=0 add=0
remove=0 remove=0
case "$state_should" in case "$state_should" in
...@@ -104,10 +110,12 @@ BEGIN { ...@@ -104,10 +110,12 @@ BEGIN {
if (anchor && match(\$0, anchor)) { if (anchor && match(\$0, anchor)) {
if (position == "before") { if (position == "before") {
print line print line
add = 0
print print
} else if (position == "after") { } else if (position == "after") {
print print
print line print line
add = 0
} }
next next
} }
...@@ -115,7 +123,7 @@ BEGIN { ...@@ -115,7 +123,7 @@ BEGIN {
print print
} }
END { END {
if (add && position == "end") { if (add) {
print line print line
} }
} }
......
...@@ -43,10 +43,14 @@ if [ "$state_should" != "$state_is" ]; then ...@@ -43,10 +43,14 @@ if [ "$state_should" != "$state_is" ]; then
if [ -f "$__object/parameter/owner" ]; then if [ -f "$__object/parameter/owner" ]; then
owner="-O \"$(cat "$__object/parameter/owner")\"" owner="-O \"$(cat "$__object/parameter/owner")\""
fi fi
echo "su - '$postgres_user' -c \"createdb $owner \"$name\"\"" cat << EOF
su - '$postgres_user' -c "createdb $owner \"$name\""
EOF
;; ;;
absent) absent)
echo "su - '$postgres_user' -c \"dropdb \"$name\"\"" cat << EOF
su - '$postgres_user' -c "dropdb \"$name\""
EOF
;; ;;
esac esac
fi fi
...@@ -53,11 +53,13 @@ case "$state_should" in ...@@ -53,11 +53,13 @@ case "$state_should" in
done done
[ -n "$password" ] && password="PASSWORD '$password'" [ -n "$password" ] && password="PASSWORD '$password'"
cat << EOF
cmd="CREATE ROLE \"$name\" WITH $password $booleans" su - '$postgres_user' -c "psql postgres -wc 'CREATE ROLE \"$name\" WITH $password $booleans;'"
echo "su - '$postgres_user' -c \"psql postgres -wc \\\"$cmd\\\"\"" EOF
;; ;;
absent) absent)
echo "su - '$postgres_user' -c \"dropuser \\\"$name\\\"\"" cat << EOF
su - '$postgres_user' -c "dropuser \"$name\""
EOF
;; ;;
esac esac
...@@ -24,6 +24,7 @@ import os ...@@ -24,6 +24,7 @@ import os
from tempfile import TemporaryFile from tempfile import TemporaryFile
import cdist import cdist
import cdist.configuration
# IMPORTANT: # IMPORTANT:
...@@ -200,3 +201,9 @@ def resolve_conf_dirs(configuration, add_conf_dirs): ...@@ -200,3 +201,9 @@ def resolve_conf_dirs(configuration, add_conf_dirs):
conf_dirs.extend(add_conf_dirs) conf_dirs.extend(add_conf_dirs)
conf_dirs = set(conf_dirs) conf_dirs = set(conf_dirs)
return conf_dirs return conf_dirs
def resolve_conf_dirs_from_config_and_args(args):
cfg = cdist.configuration.Configuration(args)
configuration = cfg.get_config(section='GLOBAL')
return resolve_conf_dirs(configuration, args.conf_dir)
...@@ -53,10 +53,7 @@ class Info(object): ...@@ -53,10 +53,7 @@ class Info(object):