From acb4644f1ed6941d81d98c0323c936c3c4ae6e16 Mon Sep 17 00:00:00 2001 From: Matt Coddington Date: Mon, 6 Feb 2012 16:21:51 -0500 Subject: [PATCH 01/48] redhat groupmod doesn't support --gid option redhat groupmod doesn't support password chages redhat doesn't support getent gshadow --- conf/type/__group/explorer/gshadow | 10 +++++++++- conf/type/__group/gencode-remote | 15 ++++++++++++++- 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/conf/type/__group/explorer/gshadow b/conf/type/__group/explorer/gshadow index 51d502a1..2c0c0e8c 100755 --- a/conf/type/__group/explorer/gshadow +++ b/conf/type/__group/explorer/gshadow @@ -22,6 +22,14 @@ # name=$__object_id +os="$($__explorer/os)" -getent gshadow "$name" || true +case "$os" in + centos|fedora|redhat) + grep "^${name}:" /etc/gshadow || true + ;; + *) + getent gshadow "$name" || true + ;; +esac diff --git a/conf/type/__group/gencode-remote b/conf/type/__group/gencode-remote index cf26a437..9a283207 100755 --- a/conf/type/__group/gencode-remote +++ b/conf/type/__group/gencode-remote @@ -23,23 +23,36 @@ # name="$__object_id" +os="$(cat "$__global/explorer/os")" cd "$__object/parameter" if grep -q "^${name}:" "$__object/explorer/group"; then for property in $(ls .); do new_value="$(cat "$property")" + # argument to pass the groupmod command for this property (os-specific + # exceptions are listed in the case statement below) + proparg="--$property" case "$property" in password) current_value="$(awk -F: '{ print $2 }' < "$__object/explorer/gshadow")" + case "$os" in + centos|fedora|redhat) + echo "group/$name: $os groupmod does not support password modification" >&2 + continue + ;; + esac ;; gid) current_value="$(awk -F: '{ print $3 }' < "$__object/explorer/group")" + case "$os" in + centos|fedora|redhat) proparg="-g" ;; + esac ;; esac if [ "$new_value" != "$current_value" ]; then - set -- "$@" "--$property" \"$new_value\" + set -- "$@" "$proparg" \"$new_value\" fi done From 1f8693a7226108b1d25bbee6cb6f08b154e8c269 Mon Sep 17 00:00:00 2001 From: Matt Coddington Date: Tue, 7 Feb 2012 17:29:55 -0500 Subject: [PATCH 02/48] case-based exceptions only on OS's where we know they are needed always use -g instead of --gid when passing arg to groupmod --- conf/type/__group/explorer/gshadow | 9 +++++---- conf/type/__group/gencode-remote | 20 ++++++++++---------- 2 files changed, 15 insertions(+), 14 deletions(-) diff --git a/conf/type/__group/explorer/gshadow b/conf/type/__group/explorer/gshadow index 2c0c0e8c..e3c2dd6c 100755 --- a/conf/type/__group/explorer/gshadow +++ b/conf/type/__group/explorer/gshadow @@ -22,11 +22,12 @@ # name=$__object_id -os="$($__explorer/os)" +os_version="$($__explorer/os_version)" -case "$os" in - centos|fedora|redhat) - grep "^${name}:" /etc/gshadow || true +case "$os_version" in + "Red Hat Enterprise Linux Server release "[45]*|"CentOS release "[45]*) + # TODO: find a way to get this information + echo "$os_version does not have getent gshadow" ;; *) getent gshadow "$name" || true diff --git a/conf/type/__group/gencode-remote b/conf/type/__group/gencode-remote index 9a283207..2b4774ab 100755 --- a/conf/type/__group/gencode-remote +++ b/conf/type/__group/gencode-remote @@ -23,31 +23,31 @@ # name="$__object_id" -os="$(cat "$__global/explorer/os")" +os_version="$(cat "$__global/explorer/os_version")" cd "$__object/parameter" if grep -q "^${name}:" "$__object/explorer/group"; then for property in $(ls .); do new_value="$(cat "$property")" - # argument to pass the groupmod command for this property (os-specific - # exceptions are listed in the case statement below) + # argument to pass the groupmod command for this property (exceptions + # are made in the case statement below) proparg="--$property" case "$property" in password) current_value="$(awk -F: '{ print $2 }' < "$__object/explorer/gshadow")" - case "$os" in - centos|fedora|redhat) - echo "group/$name: $os groupmod does not support password modification" >&2 - continue + case "$os_version" in + "Red Hat Enterprise Linux Server release "[45]*|"CentOS release "[45]*) + # TODO: Use gpasswd? Need to fix gshadow explorer first. + echo "group/$name: '$os_version' groupmod does not support password modification" >&2 + exit 1 ;; esac ;; gid) + # set to -g to support older redhat/centos + proparg="-g" current_value="$(awk -F: '{ print $3 }' < "$__object/explorer/group")" - case "$os" in - centos|fedora|redhat) proparg="-g" ;; - esac ;; esac From ff5c97342b37069d88bfd64f539ec9e150567333 Mon Sep 17 00:00:00 2001 From: Benedikt Koeppel Date: Sat, 18 Feb 2012 20:40:03 +0100 Subject: [PATCH 03/48] new type "__mysql_server" installs a MySQL server and performs some basic security changes. --- conf/type/__mysql_server/files/my.cnf | 1 + conf/type/__mysql_server/man.text | 43 ++++++++++++++++ conf/type/__mysql_server/manifest | 57 +++++++++++++++++++++ conf/type/__mysql_server/parameter/required | 1 + conf/type/__mysql_server/singleton | 0 5 files changed, 102 insertions(+) create mode 100644 conf/type/__mysql_server/files/my.cnf create mode 100644 conf/type/__mysql_server/man.text create mode 100755 conf/type/__mysql_server/manifest create mode 100644 conf/type/__mysql_server/parameter/required create mode 100644 conf/type/__mysql_server/singleton diff --git a/conf/type/__mysql_server/files/my.cnf b/conf/type/__mysql_server/files/my.cnf new file mode 100644 index 00000000..bd651c46 --- /dev/null +++ b/conf/type/__mysql_server/files/my.cnf @@ -0,0 +1 @@ +[client] diff --git a/conf/type/__mysql_server/man.text b/conf/type/__mysql_server/man.text new file mode 100644 index 00000000..e1bcc5a5 --- /dev/null +++ b/conf/type/__mysql_server/man.text @@ -0,0 +1,43 @@ +cdist-type__issue(7) +==================== +Benedikt Koeppel + + +NAME +---- +cdist-type__mysql_server - Manage a MySQL server + + +DESCRIPTION +----------- +This cdist type allows you to install a MySQL database server. + + +REQUIRED PARAMETERS +------------------- +password:: + The root password to set. + + +OPTIONAL PARAMETERS +------------------- +None. + + +EXAMPLES +-------- + +-------------------------------------------------------------------------------- +__mysql_server "mysql-server" --password "Uu9jooKe" +-------------------------------------------------------------------------------- + + +SEE ALSO +-------- +- cdist-type(7) + + +COPYING +------- +Copyright \(C) 2012 Benedikt Koeppel. Free use of this software is +granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/conf/type/__mysql_server/manifest b/conf/type/__mysql_server/manifest new file mode 100755 index 00000000..88a585da --- /dev/null +++ b/conf/type/__mysql_server/manifest @@ -0,0 +1,57 @@ +#!/bin/sh +# +# 2012 Benedikt Koeppel (code@benediktkoeppel.ch) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# + +# install mysql-server +__package mysql-server --state installed + +# store the root password in /root/.my.cnf so that processes can connect +# to the database without requiring a passwort input +rootpassword="$(cat "$__object/parameter/password")" +__file "/root/.my.cnf" --group root --user root --mode 600 --source "$__type/files/my.cnf" +require="__file/root/.my.cnf" \ + __addifnosuchline "/root/.my.cnf" --line "password=$rootpassword" + +# set root password +mysqladmin -u root password $rootpassword + +# remove anonymous users +mysql -u root -p <<-EOF + DELETE FROM mysql.user WHERE User=''; +EOF + +# remove remote-access for root +mysql -u root -p <<-EOF + DELETE FROM mysql.user WHERE User='root' AND Host!='localhost'; +EOF + +# remove test database +mysql -u root -p <<-EOF + DROP DATABASE test; +EOF +mysql -u root -p <<-EOF + DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%' +EOF + +# flush privileges +mysql -u root -p <<-EOF + FLUSH PRIVILEGES; +EOF + diff --git a/conf/type/__mysql_server/parameter/required b/conf/type/__mysql_server/parameter/required new file mode 100644 index 00000000..f3097ab1 --- /dev/null +++ b/conf/type/__mysql_server/parameter/required @@ -0,0 +1 @@ +password diff --git a/conf/type/__mysql_server/singleton b/conf/type/__mysql_server/singleton new file mode 100644 index 00000000..e69de29b From b6a0d55c0b7d7c55d0b1d561de88298d9db92dbd Mon Sep 17 00:00:00 2001 From: Benedikt Koeppel Date: Sat, 18 Feb 2012 20:47:04 +0100 Subject: [PATCH 04/48] fixed title in mysql_server man page --- conf/type/__mysql_server/man.text | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/conf/type/__mysql_server/man.text b/conf/type/__mysql_server/man.text index e1bcc5a5..92163fa3 100644 --- a/conf/type/__mysql_server/man.text +++ b/conf/type/__mysql_server/man.text @@ -1,5 +1,5 @@ -cdist-type__issue(7) -==================== +cdist-type__mysql_server(7) +=========================== Benedikt Koeppel From 01619614d4b16425deeb107aa41f783f0e118d12 Mon Sep 17 00:00:00 2001 From: Benedikt Koeppel Date: Sat, 18 Feb 2012 21:04:25 +0100 Subject: [PATCH 05/48] splitted manifest up in manifest and gencode-remote --- conf/type/__mysql_server/gencode-remote | 51 +++++++++++++++++++++++++ conf/type/__mysql_server/manifest | 27 ------------- 2 files changed, 51 insertions(+), 27 deletions(-) create mode 100755 conf/type/__mysql_server/gencode-remote diff --git a/conf/type/__mysql_server/gencode-remote b/conf/type/__mysql_server/gencode-remote new file mode 100755 index 00000000..782a4cb6 --- /dev/null +++ b/conf/type/__mysql_server/gencode-remote @@ -0,0 +1,51 @@ +#!/bin/sh +# +# 2012 Benedikt Koeppel (code@benediktkoeppel.ch) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# + +# store the root password in /root/.my.cnf so that processes can connect +# to the database without requiring a passwort input +rootpassword="$(cat "$__object/parameter/password")" + +# set root password +mysqladmin -u root password $rootpassword + +# remove anonymous users +mysql -u root -p <<-EOF + DELETE FROM mysql.user WHERE User=''; +EOF + +# remove remote-access for root +mysql -u root -p <<-EOF + DELETE FROM mysql.user WHERE User='root' AND Host!='localhost'; +EOF + +# remove test database +mysql -u root -p <<-EOF + DROP DATABASE test; +EOF +mysql -u root -p <<-EOF + DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%' +EOF + +# flush privileges +mysql -u root -p <<-EOF + FLUSH PRIVILEGES; +EOF + diff --git a/conf/type/__mysql_server/manifest b/conf/type/__mysql_server/manifest index 88a585da..a9d5127c 100755 --- a/conf/type/__mysql_server/manifest +++ b/conf/type/__mysql_server/manifest @@ -28,30 +28,3 @@ rootpassword="$(cat "$__object/parameter/password")" __file "/root/.my.cnf" --group root --user root --mode 600 --source "$__type/files/my.cnf" require="__file/root/.my.cnf" \ __addifnosuchline "/root/.my.cnf" --line "password=$rootpassword" - -# set root password -mysqladmin -u root password $rootpassword - -# remove anonymous users -mysql -u root -p <<-EOF - DELETE FROM mysql.user WHERE User=''; -EOF - -# remove remote-access for root -mysql -u root -p <<-EOF - DELETE FROM mysql.user WHERE User='root' AND Host!='localhost'; -EOF - -# remove test database -mysql -u root -p <<-EOF - DROP DATABASE test; -EOF -mysql -u root -p <<-EOF - DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%' -EOF - -# flush privileges -mysql -u root -p <<-EOF - FLUSH PRIVILEGES; -EOF - From dc5fb8b769256dcbd84b5419f2c83116f0c03aee Mon Sep 17 00:00:00 2001 From: Benedikt Koeppel Date: Sat, 18 Feb 2012 21:17:24 +0100 Subject: [PATCH 06/48] fixed usage of __file --- conf/type/__mysql_server/manifest | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/type/__mysql_server/manifest b/conf/type/__mysql_server/manifest index a9d5127c..da7e0165 100755 --- a/conf/type/__mysql_server/manifest +++ b/conf/type/__mysql_server/manifest @@ -25,6 +25,6 @@ __package mysql-server --state installed # store the root password in /root/.my.cnf so that processes can connect # to the database without requiring a passwort input rootpassword="$(cat "$__object/parameter/password")" -__file "/root/.my.cnf" --group root --user root --mode 600 --source "$__type/files/my.cnf" +__file "/root/.my.cnf" --group root --owner root --mode 600 --source "$__type/files/my.cnf" require="__file/root/.my.cnf" \ __addifnosuchline "/root/.my.cnf" --line "password=$rootpassword" From 3ceb643487d43e27977a11b12be36f1165a69a31 Mon Sep 17 00:00:00 2001 From: Benedikt Koeppel Date: Sat, 18 Feb 2012 21:50:26 +0100 Subject: [PATCH 07/48] fixed the generating of .my.cnf --- conf/type/__mysql_server/gencode-remote | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/conf/type/__mysql_server/gencode-remote b/conf/type/__mysql_server/gencode-remote index 782a4cb6..07826d27 100755 --- a/conf/type/__mysql_server/gencode-remote +++ b/conf/type/__mysql_server/gencode-remote @@ -19,13 +19,18 @@ # # -# store the root password in /root/.my.cnf so that processes can connect # to the database without requiring a passwort input rootpassword="$(cat "$__object/parameter/password")" # set root password mysqladmin -u root password $rootpassword +# store the root password in /root/.my.cnf so that processes can connect +cat <<-EOF > /root/.my.cnf + [client] + password=$rootpassword +EOF + # remove anonymous users mysql -u root -p <<-EOF DELETE FROM mysql.user WHERE User=''; From 3a810fa5ea1e19c24ea8d51b257ce725ec402e23 Mon Sep 17 00:00:00 2001 From: Benedikt Koeppel Date: Sat, 18 Feb 2012 21:59:42 +0100 Subject: [PATCH 08/48] fix manifest --- conf/type/__mysql_server/manifest | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/conf/type/__mysql_server/manifest b/conf/type/__mysql_server/manifest index da7e0165..a6840964 100755 --- a/conf/type/__mysql_server/manifest +++ b/conf/type/__mysql_server/manifest @@ -24,7 +24,4 @@ __package mysql-server --state installed # store the root password in /root/.my.cnf so that processes can connect # to the database without requiring a passwort input -rootpassword="$(cat "$__object/parameter/password")" -__file "/root/.my.cnf" --group root --owner root --mode 600 --source "$__type/files/my.cnf" -require="__file/root/.my.cnf" \ - __addifnosuchline "/root/.my.cnf" --line "password=$rootpassword" +__file "/root/.my.cnf" --group root --owner root --mode 600 From 7715ba395c77fb7ade861b7cd0e708f9a5d22e7a Mon Sep 17 00:00:00 2001 From: Benedikt Koeppel Date: Sat, 18 Feb 2012 23:08:34 +0100 Subject: [PATCH 09/48] fixed mysql_server type can install now successfully removes test database and all grants sets a root password --- conf/type/__mysql_server/gencode-remote | 26 ++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/conf/type/__mysql_server/gencode-remote b/conf/type/__mysql_server/gencode-remote index 07826d27..30803a91 100755 --- a/conf/type/__mysql_server/gencode-remote +++ b/conf/type/__mysql_server/gencode-remote @@ -23,34 +23,46 @@ rootpassword="$(cat "$__object/parameter/password")" # set root password -mysqladmin -u root password $rootpassword +echo "mysqladmin -u root password $rootpassword" # store the root password in /root/.my.cnf so that processes can connect +cat <<-EOFF cat <<-EOF > /root/.my.cnf [client] password=$rootpassword EOF +EOFF # remove anonymous users -mysql -u root -p <<-EOF +cat <<-EOFF +mysql -u root <<-EOF DELETE FROM mysql.user WHERE User=''; EOF +EOFF # remove remote-access for root -mysql -u root -p <<-EOF +cat <<-EOFF +mysql -u root <<-EOF DELETE FROM mysql.user WHERE User='root' AND Host!='localhost'; EOF +EOFF # remove test database -mysql -u root -p <<-EOF - DROP DATABASE test; +cat <<-EOFF +mysql -u root <<-EOF + DROP DATABASE IF EXISTS test; EOF -mysql -u root -p <<-EOF +EOFF +cat <<-EOFF +mysql -u root <<-EOF DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%' EOF +EOFF # flush privileges -mysql -u root -p <<-EOF +cat <<-EOFF +mysql -u root <<-EOF FLUSH PRIVILEGES; EOF +EOFF From 6a491080f8529dbaeda0436667d8d18bf12c2b2f Mon Sep 17 00:00:00 2001 From: Benedikt Koeppel Date: Sat, 18 Feb 2012 23:09:26 +0100 Subject: [PATCH 10/48] fixed man page for mysql_server it is a singleton and thus can't have a name --- conf/type/__mysql_server/man.text | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/type/__mysql_server/man.text b/conf/type/__mysql_server/man.text index 92163fa3..25ce3e0e 100644 --- a/conf/type/__mysql_server/man.text +++ b/conf/type/__mysql_server/man.text @@ -28,7 +28,7 @@ EXAMPLES -------- -------------------------------------------------------------------------------- -__mysql_server "mysql-server" --password "Uu9jooKe" +__mysql_server --password "Uu9jooKe" -------------------------------------------------------------------------------- From cfaee39e706e2998f023d4693aa49ed29ae7fd27 Mon Sep 17 00:00:00 2001 From: Benedikt Koeppel Date: Sat, 18 Feb 2012 21:02:26 +0100 Subject: [PATCH 11/48] new type 'mysql_database' installs a database on an existing mysql_server remotely --- conf/type/__mysql_database/gencode-remote | 48 ++++++++++++++++++ conf/type/__mysql_database/man.text | 49 +++++++++++++++++++ conf/type/__mysql_database/parameter/optional | 3 ++ 3 files changed, 100 insertions(+) create mode 100755 conf/type/__mysql_database/gencode-remote create mode 100644 conf/type/__mysql_database/man.text create mode 100644 conf/type/__mysql_database/parameter/optional diff --git a/conf/type/__mysql_database/gencode-remote b/conf/type/__mysql_database/gencode-remote new file mode 100755 index 00000000..fdfb1501 --- /dev/null +++ b/conf/type/__mysql_database/gencode-remote @@ -0,0 +1,48 @@ +#!/bin/sh +# +# 2012 Benedikt Koeppel (code@benediktkoeppel.ch) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# + +# if --database was specified +if [ -f "$__object/parameter/database" ]; then + database="$(cat "$__object/parameter/database")" +else # otherwise use the object id as database name + database="$__object_id" +fi + +mysql -u root -p <<-EOF + CREATE DATABASE IF NOT EXISTS $database +EOF + +# if --user was specified +if [ -f "$__object/parameter/user" ]; then + user="$(cat "$__object/parameter/user")" + + # if --password was specified + if [ -f "$__object/parameter/password" ]; then + password="$(cat "$__object/parameter/password")" + mysql -u root -p <<-EOF + GRANT ALL PRIVILEGES ON $database.* to '$user'@'localhost' IDENTIFIED BY '$password'; + EOF + else + mysql -u root -p <<-EOF + GRANT ALL PRIVILEGES ON $database.* to '$user'@'localhost'; + EOF + fi +fi diff --git a/conf/type/__mysql_database/man.text b/conf/type/__mysql_database/man.text new file mode 100644 index 00000000..3c66eeab --- /dev/null +++ b/conf/type/__mysql_database/man.text @@ -0,0 +1,49 @@ +cdist-type__mysql_database(7) +============================= +Benedikt Koeppel + + +NAME +---- +cdist-type__mysql_database - Manage a MySQL database + + +DESCRIPTION +----------- +This cdist type allows you to install a MySQL database. + + +REQUIRED PARAMETERS +------------------- +None. + +OPTIONAL PARAMETERS +------------------- +database:: + The name of the database to install + defaults to the object id + +user:: + A user that should have access to the database + +password:: + The password for the user who manages the database + + +EXAMPLES +-------- + +-------------------------------------------------------------------------------- +__mysql_database "cdist" --database "cdist" --user "myuser" --password "mypwd" +-------------------------------------------------------------------------------- + + +SEE ALSO +-------- +- cdist-type(7) + + +COPYING +------- +Copyright \(C) 2012 Benedikt Koeppel. Free use of this software is +granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/conf/type/__mysql_database/parameter/optional b/conf/type/__mysql_database/parameter/optional new file mode 100644 index 00000000..ac60a873 --- /dev/null +++ b/conf/type/__mysql_database/parameter/optional @@ -0,0 +1,3 @@ +database +user +password From c67c0cf12dd76a87de17e8812f8948f2b7ac094d Mon Sep 17 00:00:00 2001 From: Benedikt Koeppel Date: Sat, 18 Feb 2012 23:10:56 +0100 Subject: [PATCH 12/48] fixed mysql_database type can now install a database, and create a user who manages that database --- conf/type/__mysql_database/gencode-remote | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/conf/type/__mysql_database/gencode-remote b/conf/type/__mysql_database/gencode-remote index fdfb1501..9001ac99 100755 --- a/conf/type/__mysql_database/gencode-remote +++ b/conf/type/__mysql_database/gencode-remote @@ -26,9 +26,11 @@ else # otherwise use the object id as database name database="$__object_id" fi -mysql -u root -p <<-EOF +cat <<-EOFF +mysql -u root <<-EOF CREATE DATABASE IF NOT EXISTS $database EOF +EOFF # if --user was specified if [ -f "$__object/parameter/user" ]; then @@ -37,12 +39,17 @@ if [ -f "$__object/parameter/user" ]; then # if --password was specified if [ -f "$__object/parameter/password" ]; then password="$(cat "$__object/parameter/password")" - mysql -u root -p <<-EOF + cat <<-EOFF + mysql -u root <<-EOF GRANT ALL PRIVILEGES ON $database.* to '$user'@'localhost' IDENTIFIED BY '$password'; - EOF +EOF +EOFF else - mysql -u root -p <<-EOF + password="" + cat <<-EOFF + mysql -u root <<-EOF GRANT ALL PRIVILEGES ON $database.* to '$user'@'localhost'; - EOF +EOF +EOFF fi fi From df512162cba34bde910df33bd5338f7b636ed1c8 Mon Sep 17 00:00:00 2001 From: Benedikt Koeppel Date: Tue, 21 Feb 2012 06:49:47 +0100 Subject: [PATCH 13/48] --password is optional now, and added --no_my_cnf option if no password is specified, then __mysql_server simply installs the mysql-server package and doesn't perform any additional tasks. if --password is specified, it writes its own .my.cnf configuration file with the root password. This behaviour can be turned of by setting --no_my_cnf "true" --- conf/type/__mysql_server/gencode-remote | 101 ++++++++++++-------- conf/type/__mysql_server/man.text | 21 +++- conf/type/__mysql_server/manifest | 20 +++- conf/type/__mysql_server/parameter/optional | 2 + conf/type/__mysql_server/parameter/required | 1 - 5 files changed, 101 insertions(+), 44 deletions(-) create mode 100644 conf/type/__mysql_server/parameter/optional diff --git a/conf/type/__mysql_server/gencode-remote b/conf/type/__mysql_server/gencode-remote index 30803a91..4c160671 100755 --- a/conf/type/__mysql_server/gencode-remote +++ b/conf/type/__mysql_server/gencode-remote @@ -19,50 +19,75 @@ # # -# to the database without requiring a passwort input -rootpassword="$(cat "$__object/parameter/password")" +if [ -f "$__object/parameter/no_my_cnf" ]; then + no_my_cnf="$(cat "$__object/parameter/no_my_cnf")" +else + no_my_cnf="false" +fi -# set root password -echo "mysqladmin -u root password $rootpassword" +if [ -f "$__object/parameter/password" ]; then + rootpassword="$(cat "$__object/parameter/password")" +else + rootpassword="" +fi -# store the root password in /root/.my.cnf so that processes can connect -cat <<-EOFF -cat <<-EOF > /root/.my.cnf - [client] - password=$rootpassword + +if [ "$rootpassword" != "" ]; then + # to the database without requiring a passwort input + # set root password + echo "mysqladmin -u root password $rootpassword" + + # if we don't want to overwrite the .my.cnf, then take a backup now + if [ "$no_my_cnf" == "true" ]; then + mv /root/.my.cnf /root/.my.cnf.cdist.bkp + fi + + # store the root password in /root/.my.cnf so that processes can connect + cat <<-EOFF + cat <<-EOF > /root/.my.cnf + [client] + password=$rootpassword EOF EOFF -# remove anonymous users -cat <<-EOFF -mysql -u root <<-EOF - DELETE FROM mysql.user WHERE User=''; + + + # remove anonymous users + cat <<-EOFF + mysql -u root <<-EOF + DELETE FROM mysql.user WHERE User=''; +EOF +EOFF + + # remove remote-access for root + cat <<-EOFF + mysql -u root <<-EOF + DELETE FROM mysql.user WHERE User='root' AND Host!='localhost'; +EOF +EOFF + + # remove test database + cat <<-EOFF + mysql -u root <<-EOF + DROP DATABASE IF EXISTS test; +EOF +EOFF + cat <<-EOFF + mysql -u root <<-EOF + DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%' +EOF +EOFF + + # flush privileges + cat <<-EOFF + mysql -u root <<-EOF + FLUSH PRIVILEGES; EOF EOFF -# remove remote-access for root -cat <<-EOFF -mysql -u root <<-EOF - DELETE FROM mysql.user WHERE User='root' AND Host!='localhost'; -EOF -EOFF - -# remove test database -cat <<-EOFF -mysql -u root <<-EOF - DROP DATABASE IF EXISTS test; -EOF -EOFF -cat <<-EOFF -mysql -u root <<-EOF - DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%' -EOF -EOFF - -# flush privileges -cat <<-EOFF -mysql -u root <<-EOF - FLUSH PRIVILEGES; -EOF -EOFF + # if we don't want to overwrite the .my.cnf, then restore the backup now + if [ "$no_my_cnf" == "true" ]; then + mv /root/.my.cnf.cdist.bkp /root/.my.cnf + fi +fi diff --git a/conf/type/__mysql_server/man.text b/conf/type/__mysql_server/man.text index 25ce3e0e..f8573051 100644 --- a/conf/type/__mysql_server/man.text +++ b/conf/type/__mysql_server/man.text @@ -10,7 +10,10 @@ cdist-type__mysql_server - Manage a MySQL server DESCRIPTION ----------- -This cdist type allows you to install a MySQL database server. +This cdist type allows you to install a MySQL database server. The +__mysql_server type also takes care of a few basic security tweaks that are +normally done by running the mysql_secure_installation script that is provided +with MySQL. REQUIRED PARAMETERS @@ -21,14 +24,28 @@ password:: OPTIONAL PARAMETERS ------------------- -None. +no_my_cnf:: + The /root/.my.cnf file is used to temporary store the root password when doing + the mysql_secure_installation. If you want to have your own .my.cnf file, then + specify --no_my_cnf "true". + Cdist will then place your original /root/.my.cnf back once cdist has run. EXAMPLES -------- -------------------------------------------------------------------------------- +# to install a MySQL server +__mysql_server + +# to install a MySQL server, remove remote access, remove test databases +# similar to mysql_secure_installation, specify the root password __mysql_server --password "Uu9jooKe" +# this will also write a /root/.my.cnf file + +# if you don't want cdist to write a /root/.my.cnf file permanently, specify +# the --no_my_cnf option +__mysql_server --password "Uu9jooKe" --no_my_cnf -------------------------------------------------------------------------------- diff --git a/conf/type/__mysql_server/manifest b/conf/type/__mysql_server/manifest index a6840964..ce331998 100755 --- a/conf/type/__mysql_server/manifest +++ b/conf/type/__mysql_server/manifest @@ -22,6 +22,20 @@ # install mysql-server __package mysql-server --state installed -# store the root password in /root/.my.cnf so that processes can connect -# to the database without requiring a passwort input -__file "/root/.my.cnf" --group root --owner root --mode 600 +if [ -f "$__object/parameter/no_my_cnf" ]; then + no_my_cnf="$(cat "$__object/parameter/no_my_cnf")" +else + no_my_cnf="false" +fi + +if [ -f "$__object/parameter/password" ]; then + rootpassword="$(cat "$__object/parameter/password")" +else + rootpassword="" +fi + +if [ "$no_my_cnf" != "true" -a "$rootpassword" != "" ]; then + # store the root password in /root/.my.cnf so that processes can connect + # to the database without requiring a passwort input + __file "/root/.my.cnf" --group root --owner root --mode 600 +fi diff --git a/conf/type/__mysql_server/parameter/optional b/conf/type/__mysql_server/parameter/optional new file mode 100644 index 00000000..4c40596c --- /dev/null +++ b/conf/type/__mysql_server/parameter/optional @@ -0,0 +1,2 @@ +no_my_cnf +password diff --git a/conf/type/__mysql_server/parameter/required b/conf/type/__mysql_server/parameter/required index f3097ab1..e69de29b 100644 --- a/conf/type/__mysql_server/parameter/required +++ b/conf/type/__mysql_server/parameter/required @@ -1 +0,0 @@ -password From cd8e2869883efd3eedd1b78a78227259565c6731 Mon Sep 17 00:00:00 2001 From: Benedikt Koeppel Date: Tue, 21 Feb 2012 07:03:03 +0100 Subject: [PATCH 14/48] renamed --database to --name --- conf/type/__mysql_database/gencode-remote | 4 ++-- conf/type/__mysql_database/man.text | 4 ++-- conf/type/__mysql_database/parameter/optional | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/conf/type/__mysql_database/gencode-remote b/conf/type/__mysql_database/gencode-remote index 9001ac99..c0e862f3 100755 --- a/conf/type/__mysql_database/gencode-remote +++ b/conf/type/__mysql_database/gencode-remote @@ -20,8 +20,8 @@ # # if --database was specified -if [ -f "$__object/parameter/database" ]; then - database="$(cat "$__object/parameter/database")" +if [ -f "$__object/parameter/name" ]; then + database="$(cat "$__object/parameter/name")" else # otherwise use the object id as database name database="$__object_id" fi diff --git a/conf/type/__mysql_database/man.text b/conf/type/__mysql_database/man.text index 3c66eeab..f184a30e 100644 --- a/conf/type/__mysql_database/man.text +++ b/conf/type/__mysql_database/man.text @@ -19,7 +19,7 @@ None. OPTIONAL PARAMETERS ------------------- -database:: +name:: The name of the database to install defaults to the object id @@ -34,7 +34,7 @@ EXAMPLES -------- -------------------------------------------------------------------------------- -__mysql_database "cdist" --database "cdist" --user "myuser" --password "mypwd" +__mysql_database "cdist" --name "cdist" --user "myuser" --password "mypwd" -------------------------------------------------------------------------------- diff --git a/conf/type/__mysql_database/parameter/optional b/conf/type/__mysql_database/parameter/optional index ac60a873..756afee7 100644 --- a/conf/type/__mysql_database/parameter/optional +++ b/conf/type/__mysql_database/parameter/optional @@ -1,3 +1,3 @@ -database +name user password From 12d2c6c19960fa33d4750fe8807f9381219a52d2 Mon Sep 17 00:00:00 2001 From: Giel van Schijndel Date: Tue, 21 Feb 2012 15:48:39 +0100 Subject: [PATCH 15/48] __start_on_boot type: add support for OpenWRT Signed-off-by: Giel van Schijndel --- conf/type/__start_on_boot/explorer/state | 2 +- conf/type/__start_on_boot/gencode-remote | 11 +++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/conf/type/__start_on_boot/explorer/state b/conf/type/__start_on_boot/explorer/state index ff092a65..d1998e22 100755 --- a/conf/type/__start_on_boot/explorer/state +++ b/conf/type/__start_on_boot/explorer/state @@ -44,7 +44,7 @@ case "$os" in done ;; - debian|ubuntu) + debian|ubuntu|openwrt) state="present" [ -f "/etc/rc$runlevel.d/S"??"$name" ] || state="absent" ;; diff --git a/conf/type/__start_on_boot/gencode-remote b/conf/type/__start_on_boot/gencode-remote index be2bd98b..cefdc385 100755 --- a/conf/type/__start_on_boot/gencode-remote +++ b/conf/type/__start_on_boot/gencode-remote @@ -47,6 +47,13 @@ case "$state_should" in echo chkconfig \"$name\" on ;; + openwrt) + # 'enable' can be successful and still return a non-zero exit + # code, deal with it by checking for success ourselves in that + # case (the || ... part). + echo "/etc/init.d/\"$name\" enable || [ -f /etc/rc.d/S??\"$name\" ]" + ;; + *) echo "Unsupported os: $os" >&2 exit 1 @@ -74,6 +81,10 @@ case "$state_should" in echo chkconfig \"$name\" off ;; + openwrt) + echo "\"/etc/init.d/$name\" disable" + ;; + *) echo "Unsupported os: $os" >&2 exit 1 From 1016161bfbe0875f7216b7b22066d14e6aa01cb5 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Wed, 22 Feb 2012 09:11:00 +0100 Subject: [PATCH 16/48] ++changes(2.0.9) Signed-off-by: Nico Schottelius --- doc/changelog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/changelog b/doc/changelog index dc498b9e..c4d02aed 100644 --- a/doc/changelog +++ b/doc/changelog @@ -9,7 +9,8 @@ Changelog displayed (Giel van Schijndel) * New Type: __package_opkg (Giel van Schijndel) * New Type: __package_pkg_freebsd (Jake Guffey) - * Feature __package: Support OpenWRT (Giel van Schijndel) + * Feature __package: Support for OpenWRT (Giel van Schijndel) + * Feature __start_on_boot: Support for OpenWRT (Giel van Schijndel) 2.0.8: 2012-02-20 * Bugfix core: Remove another nasty traceback when sending SIGINT (aka Ctrl-C) From 38b2e5678663feaa3d54e7d4c7fc3fe3c887eff0 Mon Sep 17 00:00:00 2001 From: Matt Coddington Date: Thu, 1 Mar 2012 08:44:37 +0100 Subject: [PATCH 17/48] tiny fix for __start_on_boot/explorer/state Signed-off-by: Nico Schottelius --- conf/type/__start_on_boot/explorer/state | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/conf/type/__start_on_boot/explorer/state b/conf/type/__start_on_boot/explorer/state index d1998e22..bf24738a 100755 --- a/conf/type/__start_on_boot/explorer/state +++ b/conf/type/__start_on_boot/explorer/state @@ -49,9 +49,8 @@ case "$os" in [ -f "/etc/rc$runlevel.d/S"??"$name" ] || state="absent" ;; - centos|fedora|owl|redhat) - state="present" - state=$(chkconfig --level "$runlevel" \"$name\" || echo absent) + amazon|centos|fedora|owl|redhat) + state=$(chkconfig --level "$runlevel" "$name" || echo absent) [ "$state" ] || state="present" ;; From 53ca7e7acad8cf42ba9206c9880c2a9b938e455a Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Thu, 1 Mar 2012 09:28:23 +0100 Subject: [PATCH 18/48] ++changes(2.0.9) Signed-off-by: Nico Schottelius --- doc/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/changelog b/doc/changelog index c4d02aed..7533133a 100644 --- a/doc/changelog +++ b/doc/changelog @@ -11,6 +11,7 @@ Changelog * New Type: __package_pkg_freebsd (Jake Guffey) * Feature __package: Support for OpenWRT (Giel van Schijndel) * Feature __start_on_boot: Support for OpenWRT (Giel van Schijndel) + * Feature __start_on_boot: Support for Amazon Linux (Matt Coddington) 2.0.8: 2012-02-20 * Bugfix core: Remove another nasty traceback when sending SIGINT (aka Ctrl-C) From d3b9aa6769ca1e8ffad410c2e5d5c3babfa3ed7e Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Wed, 7 Mar 2012 11:19:26 +0100 Subject: [PATCH 19/48] begin support for sensible exit codes of cdist Signed-off-by: Nico Schottelius --- bin/cdist | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/bin/cdist b/bin/cdist index 5456b134..edd610a5 100755 --- a/bin/cdist +++ b/bin/cdist @@ -91,13 +91,13 @@ def commandline(): logging.root.setLevel(logging.DEBUG) log.debug(args) - args.func(args) + return args.func(args) def config(args): - configinstall(args, mode=cdist.config.Config) + return configinstall(args, mode=cdist.config.Config) def install(args): - configinstall(args, mode=cdist.install.Install) + return configinstall(args, mode=cdist.install.Install) def configinstall(args, mode): """Configure or install remote system""" @@ -140,6 +140,7 @@ def configinstall(args, mode): if len(failed_hosts) > 0: log.warn("Failed to deploy to the following hosts: " + " ".join(failed_hosts)) + exit_code = 1 time_end = time.time() log.info("Total processing time for %s host(s): %s", len(args.host), @@ -203,6 +204,8 @@ if __name__ == "__main__": # Sys is needed for sys.exit() import sys + exit_code = 0 + try: import logging import os @@ -226,11 +229,15 @@ if __name__ == "__main__": logging.basicConfig(format='%(levelname)s: %(message)s') if re.match("__", os.path.basename(sys.argv[0])): - emulator() + run = emulator() else: - commandline() - - sys.exit(0) + run = commandline() except KeyboardInterrupt: - sys.exit(0) + pass + + # Determine exit code by return value of function + if not run: + exit_code = 1 + + sys.exit(exit_code) From 531ad2966fe1580880fc4c1192192eb98f1f0b26 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Wed, 7 Mar 2012 11:48:41 +0100 Subject: [PATCH 20/48] in fork() do sys.exit() so parent knows about failures Signed-off-by: Nico Schottelius --- bin/cdist | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/bin/cdist b/bin/cdist index edd610a5..9c15a8cf 100755 --- a/bin/cdist +++ b/bin/cdist @@ -177,28 +177,25 @@ def configinstall_onehost(host, args, mode, parallel): context.cleanup() except cdist.Error as e: - log.error(e) - return False - except KeyboardInterrupt: - # Do not care in sequential mode, catch in parallel mode - if not parallel: - raise + if parallel: + log.error(e) + sys.exit(1) else: - # Catch here, above does not need to know about our errors - return False + raise - return True + except KeyboardInterrupt: + # Ignore in parallel mode, we are existing anyway + if parallel: + sys.exit(0) + # Pass back to controlling code in sequential mode + else: + raise def emulator(): """Prepare and run emulator""" - try: - import cdist.emulator - emulator = cdist.emulator.Emulator(sys.argv) - emulator.run() - - except cdist.Error as e: - log.error(e) - sys.exit(1) + import cdist.emulator + emulator = cdist.emulator.Emulator(sys.argv) + return emulator.run() if __name__ == "__main__": # Sys is needed for sys.exit() @@ -213,9 +210,8 @@ if __name__ == "__main__": cdistpythonversion = '3.2' if sys.version < cdistpythonversion: - print('Cdist requires Python >= ' + cdistpythonversion + + raise cdist.Error('Cdist requires Python >= ' + cdistpythonversion + ' on the source host.') - sys.exit(1) # Ensure our /lib/ is included into PYTHON_PATH sys.path.insert(0, os.path.abspath( @@ -236,6 +232,10 @@ if __name__ == "__main__": except KeyboardInterrupt: pass + except cdist.Error as e: + log.error(e) + exit_code = 1 + # Determine exit code by return value of function if not run: exit_code = 1 From 58a88ca5bd5dacad2860abeeca60ea24555e1e0b Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Wed, 7 Mar 2012 11:50:16 +0100 Subject: [PATCH 21/48] remove useless try: block that was needed to find out how multiprocess /sigint behaviour works NOT needed: KeyBoardInterrupet (aka SIGINT) is forwarded to processes spawned by multiprocess! Signed-off-by: Nico Schottelius --- bin/cdist | 59 ++++++++++++++++++++++--------------------------------- 1 file changed, 23 insertions(+), 36 deletions(-) diff --git a/bin/cdist b/bin/cdist index 9c15a8cf..97dd4107 100755 --- a/bin/cdist +++ b/bin/cdist @@ -115,48 +115,35 @@ def configinstall(args, mode): import atexit atexit.register(lambda: os.remove(initial_manifest_temp_path)) - try: - process = {} - failed_hosts = [] - time_start = time.time() - - for host in args.host: - if args.parallel: - log.debug("Creating child process for %s", host) - process[host] = multiprocessing.Process(target=configinstall_onehost, args=(host, args, mode, True)) - process[host].start() - else: - if not configinstall_onehost(host, args, mode, parallel=False): - failed_hosts.append(host) + process = {} + failed_hosts = [] + time_start = time.time() + for host in args.host: if args.parallel: - for p in process.keys(): - log.debug("Joining process %s", p) - process[p].join() + log.debug("Creating child process for %s", host) + process[host] = multiprocessing.Process(target=configinstall_onehost, args=(host, args, mode, True)) + process[host].start() + else: + if not configinstall_onehost(host, args, mode, parallel=False): + failed_hosts.append(host) - if not process[p].exitcode == 0: - failed_hosts.append(p) + if args.parallel: + for p in process.keys(): + log.debug("Joining process %s", p) + process[p].join() - if len(failed_hosts) > 0: - log.warn("Failed to deploy to the following hosts: " + - " ".join(failed_hosts)) - exit_code = 1 + if not process[p].exitcode == 0: + failed_hosts.append(p) - time_end = time.time() - log.info("Total processing time for %s host(s): %s", len(args.host), - (time_end - time_start)) + if len(failed_hosts) > 0: + log.warn("Failed to deploy to the following hosts: " + + " ".join(failed_hosts)) + exit_code = 1 - except KeyboardInterrupt: - if args.parallel: - for p in process.keys(): - # NOT needed: KeyBoardInterrupet (aka SIGINT) - # is forwarded to processes spawned by multiprocess! - # pid = process[p].pid.__str__() - #log.warn("Terminating deploy " + p + " (" + pid + ")") - # process[p].terminate() - pass - - sys.exit(0) + time_end = time.time() + log.info("Total processing time for %s host(s): %s", len(args.host), + (time_end - time_start)) def configinstall_onehost(host, args, mode, parallel): From 5001e9cbe739a55d516c3912832b21372d181186 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Wed, 7 Mar 2012 13:01:11 +0100 Subject: [PATCH 22/48] prevent tracebacks in tempfile code/initial manifest from stdin Signed-off-by: Nico Schottelius --- bin/cdist | 29 +++++++++++++++++------------ lib/cdist/banner.py | 2 +- 2 files changed, 18 insertions(+), 13 deletions(-) diff --git a/bin/cdist b/bin/cdist index 97dd4107..79b8cae3 100755 --- a/bin/cdist +++ b/bin/cdist @@ -1,7 +1,7 @@ #!/usr/bin/env python3 # -*- coding: utf-8 -*- # -# 2010-2011 Nico Schottelius (nico-cdist at schottelius.org) +# 2010-2012 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # @@ -91,13 +91,13 @@ def commandline(): logging.root.setLevel(logging.DEBUG) log.debug(args) - return args.func(args) + args.func(args) def config(args): - return configinstall(args, mode=cdist.config.Config) + configinstall(args, mode=cdist.config.Config) def install(args): - return configinstall(args, mode=cdist.install.Install) + configinstall(args, mode=cdist.install.Install) def configinstall(args, mode): """Configure or install remote system""" @@ -108,9 +108,13 @@ def configinstall(args, mode): if args.manifest == '-': # read initial manifest from stdin import tempfile - handle, initial_manifest_temp_path = tempfile.mkstemp(prefix='cdist.stdin.') - with os.fdopen(handle, 'w') as fd: - fd.write(sys.stdin.read()) + try: + handle, initial_manifest_temp_path = tempfile.mkstemp(prefix='cdist.stdin.') + with os.fdopen(handle, 'w') as fd: + fd.write(sys.stdin.read()) + except (IOError, OSError) as e: + raise cdist.Error("Creating tempfile for stdin data failed: %s" % e) + args.manifest = initial_manifest_temp_path import atexit atexit.register(lambda: os.remove(initial_manifest_temp_path)) @@ -139,12 +143,15 @@ def configinstall(args, mode): if len(failed_hosts) > 0: log.warn("Failed to deploy to the following hosts: " + " ".join(failed_hosts)) - exit_code = 1 time_end = time.time() log.info("Total processing time for %s host(s): %s", len(args.host), (time_end - time_start)) + if len(failed_hosts) > 0: + return False + else: + return True def configinstall_onehost(host, args, mode, parallel): """Configure or install ONE remote system""" @@ -212,9 +219,9 @@ if __name__ == "__main__": logging.basicConfig(format='%(levelname)s: %(message)s') if re.match("__", os.path.basename(sys.argv[0])): - run = emulator() + emulator() else: - run = commandline() + commandline() except KeyboardInterrupt: pass @@ -224,7 +231,5 @@ if __name__ == "__main__": exit_code = 1 # Determine exit code by return value of function - if not run: - exit_code = 1 sys.exit(exit_code) diff --git a/lib/cdist/banner.py b/lib/cdist/banner.py index 4148fa72..edfa72e8 100644 --- a/lib/cdist/banner.py +++ b/lib/cdist/banner.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # -# 2011 Nico Schottelius (nico-cdist at schottelius.org) +# 2011-2012 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # From eef408c1b304d43b4f9826cbc5b7c346a360fb21 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Wed, 7 Mar 2012 14:26:28 +0100 Subject: [PATCH 23/48] record failing host and continue Signed-off-by: Nico Schottelius --- bin/cdist | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/bin/cdist b/bin/cdist index 79b8cae3..d291beb0 100755 --- a/bin/cdist +++ b/bin/cdist @@ -129,29 +129,29 @@ def configinstall(args, mode): process[host] = multiprocessing.Process(target=configinstall_onehost, args=(host, args, mode, True)) process[host].start() else: - if not configinstall_onehost(host, args, mode, parallel=False): + try: + configinstall_onehost(host, args, mode, parallel=False) + except cdist.Error as e: + # FIXME: save the error and display at the end? + # Would be non-consistent to parallel mode failed_hosts.append(host) + # Catch errors in parallel mode when joining if args.parallel: - for p in process.keys(): - log.debug("Joining process %s", p) - process[p].join() + for host in process.keys(): + log.debug("Joining process %s", host) + process[host].join() - if not process[p].exitcode == 0: - failed_hosts.append(p) - - if len(failed_hosts) > 0: - log.warn("Failed to deploy to the following hosts: " + - " ".join(failed_hosts)) + if not process[host].exitcode == 0: + failed_hosts.append(host) time_end = time.time() log.info("Total processing time for %s host(s): %s", len(args.host), (time_end - time_start)) if len(failed_hosts) > 0: - return False - else: - return True + raise cdist.Error("Failed to deploy to the following hosts: " + + " ".join(failed_hosts)) def configinstall_onehost(host, args, mode, parallel): """Configure or install ONE remote system""" From 1ea0ea0b1b2c4cd5caefaa1dcc79c672f5765ac6 Mon Sep 17 00:00:00 2001 From: Steven Armstrong Date: Fri, 9 Mar 2012 20:05:50 +0100 Subject: [PATCH 24/48] add support for crontab EXTENSIONS, e.g. @reboot Signed-off-by: Steven Armstrong --- conf/type/__cron/man.text | 12 ++++++-- conf/type/__cron/manifest | 45 ++++++++--------------------- conf/type/__cron/parameter/optional | 1 + 3 files changed, 23 insertions(+), 35 deletions(-) diff --git a/conf/type/__cron/man.text b/conf/type/__cron/man.text index c4852b7f..2e3ae925 100644 --- a/conf/type/__cron/man.text +++ b/conf/type/__cron/man.text @@ -35,14 +35,22 @@ month:: See crontab(5). Defaults to * day_of_week:: See crontab(5). Defaults to * +special:: + See EXTENSIONS in crontab(5). e.g. reboot, yearly, monthly + If given all other time and date fields are ignored. EXAMPLES -------- -------------------------------------------------------------------------------- -# add cronjob -__cron some-id --user root --command "/path/to/script" +# run Monday to Saturday at 23:15 +__cron some-id --user root --command "/path/to/script" \ + --hour 23 --minute 15 --day_of_week 1-6 + +# run on reboot +__cron some-id --user root --command "/path/to/script" \ + --special reboot # remove cronjob __cron some-id --user root --command "/path/to/script" --state absent diff --git a/conf/type/__cron/manifest b/conf/type/__cron/manifest index 01c4358c..e8a77229 100755 --- a/conf/type/__cron/manifest +++ b/conf/type/__cron/manifest @@ -23,44 +23,23 @@ user="$(cat "$__object/parameter/user")" command="$(cat "$__object/parameter/command")" # set defaults -if [ ! -f "$__object/parameter/state" ]; then - echo "present" > "$__object/parameter/state" -fi -if [ -f "$__object/parameter/minute" ]; then - minute="$(cat "$__object/parameter/minute")" +test -f "$__object/parameter/state" || echo "present" > "$__object/parameter/state" + +if [ -f "$__object/parameter/special" ]; then + special="$(cat "$__object/parameter/special")" + entry="@$special $command" else - minute="*" - echo "$minute" > "$__object/parameter/minute" -fi -if [ -f "$__object/parameter/hour" ]; then - hour="$(cat "$__object/parameter/hour")" -else - hour="*" - echo "$hour" > "$__object/parameter/hour" -fi -if [ -f "$__object/parameter/day_of_month" ]; then - day_of_month="$(cat "$__object/parameter/day_of_month")" -else - day_of_month="*" - echo "$day_of_month" > "$__object/parameter/day_of_month" -fi -if [ -f "$__object/parameter/month" ]; then - month="$(cat "$__object/parameter/month")" -else - month="*" - echo "$month" > "$__object/parameter/month" -fi -if [ -f "$__object/parameter/day_of_week" ]; then - day_of_week="$(cat "$__object/parameter/day_of_week")" -else - day_of_week="*" - echo "$day_of_week" > "$__object/parameter/day_of_week" + minute="$(cat "$__object/parameter/minute" 2>/dev/null || echo "*")" + hour="$(cat "$__object/parameter/hour" 2>/dev/null || echo "*")" + day_of_month="$(cat "$__object/parameter/day_of_month" 2>/dev/null || echo "*")" + month="$(cat "$__object/parameter/month" 2>/dev/null || echo "*")" + day_of_week="$(cat "$__object/parameter/day_of_week" 2>/dev/null || echo "*")" + entry="$minute $hour $day_of_month $month $day_of_week $command" fi # NOTE: if changed, also change in explorers prefix="#cdist:__cron/$name" suffix="#/cdist:__cron/$name" echo "$prefix" | tee "$__object/parameter/prefix" > "$__object/parameter/entry" -echo "$minute $hour $day_of_month $month $day_of_week $command" >> "$__object/parameter/entry" +echo "$entry" >> "$__object/parameter/entry" echo "$suffix" | tee "$__object/parameter/suffix" >> "$__object/parameter/entry" - diff --git a/conf/type/__cron/parameter/optional b/conf/type/__cron/parameter/optional index 1a4aae3d..e81b64c3 100644 --- a/conf/type/__cron/parameter/optional +++ b/conf/type/__cron/parameter/optional @@ -4,3 +4,4 @@ hour day_of_month month day_of_week +special From 3e6b866cae62707d0fb8ab2b58e9487c01388f09 Mon Sep 17 00:00:00 2001 From: Matt Coddington Date: Fri, 9 Mar 2012 15:43:49 -0500 Subject: [PATCH 25/48] support rsync for remote copy --- lib/cdist/exec/remote.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/lib/cdist/exec/remote.py b/lib/cdist/exec/remote.py index 124c1b4f..2e7d9d10 100644 --- a/lib/cdist/exec/remote.py +++ b/lib/cdist/exec/remote.py @@ -77,7 +77,12 @@ class Remote(object): self.log.debug("Remote transfer: %s -> %s", source, destination) self.rmdir(destination) command = self._copy.split() - command.extend(["-r", source, self.target_host + ":" + destination]) + # support rsync by appending a "/" to the source if it's a directory + if os.path.isdir(source) == True: + command.extend(["-r", source + "/", self.target_host + ":" + destination]) + else: + command.extend(["-r", source, self.target_host + ":" + destination]) + self._run_command(command) def run_script(self, script, env=None, return_output=False): From 534ccc86ab46268ffffb7e1a88cd2d672a2843f2 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Fri, 9 Mar 2012 23:14:06 +0100 Subject: [PATCH 26/48] clearify same object and use example.org in doc Signed-off-by: Nico Schottelius --- doc/man/man7/cdist-stages.text | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/man/man7/cdist-stages.text b/doc/man/man7/cdist-stages.text index c1b73a8d..fa5e28d1 100644 --- a/doc/man/man7/cdist-stages.text +++ b/doc/man/man7/cdist-stages.text @@ -27,7 +27,7 @@ The initial manifest, which should be used for mappings of hosts to types, is executed. This stage creates objects in a cconfig database that contains the objects as defined in the manifest for the specific host. In this stage, no conflicts may occur, i.e. no object of the same type with the same id may -be created. +be created, if it has different parameters. STAGE 3: OBJECT INFORMATION RETRIEVAL @@ -44,7 +44,7 @@ Every object is checked whether its type has a executable manifest. The manifest script may generate and change the created objects. In other words, one type can reuse other types. -For instance the object __apache/www.test.ch is of type __apache, which may +For instance the object __apache/www.example.org is of type __apache, which may contain a manifest script, which creates new objects of type __file. The newly created objects are merged back into the existing tree. No conflicts From 5f2f8e2bd2efd404d17004590a5ba3030bd9c86d Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Fri, 9 Mar 2012 23:14:15 +0100 Subject: [PATCH 27/48] no == true needed Signed-off-by: Nico Schottelius --- lib/cdist/exec/remote.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/cdist/exec/remote.py b/lib/cdist/exec/remote.py index 2e7d9d10..11b8c78e 100644 --- a/lib/cdist/exec/remote.py +++ b/lib/cdist/exec/remote.py @@ -78,7 +78,7 @@ class Remote(object): self.rmdir(destination) command = self._copy.split() # support rsync by appending a "/" to the source if it's a directory - if os.path.isdir(source) == True: + if os.path.isdir(source): command.extend(["-r", source + "/", self.target_host + ":" + destination]) else: command.extend(["-r", source, self.target_host + ":" + destination]) From 79e8eff032cd24fcd6c178d6881c6a11dcca0d42 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Fri, 9 Mar 2012 23:23:22 +0100 Subject: [PATCH 28/48] ONE != ONLY Signed-off-by: Nico Schottelius --- doc/man/man7/cdist-type.text | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/man/man7/cdist-type.text b/doc/man/man7/cdist-type.text index 1147511e..22e72a01 100644 --- a/doc/man/man7/cdist-type.text +++ b/doc/man/man7/cdist-type.text @@ -139,8 +139,8 @@ Always ensure the manifest is executable, otherwise cdist will not be able to execute it. For more information about manifests see cdist-manifest(7). -SINGLETON - ONLY INSTANCE ONLY ------------------------------- +SINGLETON - ONE INSTANCE ONLY +----------------------------- If you want to ensure that a type can only be used once per target, you can mark it as a singleton: Just create the (empty) file "singleton" in your type directory: From cec0418794d6f04f07cbd8b82d4c104f66d93b6a Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Fri, 9 Mar 2012 23:27:52 +0100 Subject: [PATCH 29/48] ++changes(2.0.9) Signed-off-by: Nico Schottelius --- doc/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/changelog b/doc/changelog index 7533133a..cdc0c956 100644 --- a/doc/changelog +++ b/doc/changelog @@ -7,6 +7,7 @@ Changelog 2.0.9: * Cleanup documentation: Fix environment variable list to be properly displayed (Giel van Schijndel) + * Cleanup documentation: Some minor corrections * New Type: __package_opkg (Giel van Schijndel) * New Type: __package_pkg_freebsd (Jake Guffey) * Feature __package: Support for OpenWRT (Giel van Schijndel) From c12501b63df9b57e74a16445116560ae083fb13e Mon Sep 17 00:00:00 2001 From: Matt Coddington Date: Fri, 9 Mar 2012 17:32:45 -0500 Subject: [PATCH 30/48] added rsync copy example --- other/examples/remote/rsync/copy | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100755 other/examples/remote/rsync/copy diff --git a/other/examples/remote/rsync/copy b/other/examples/remote/rsync/copy new file mode 100755 index 00000000..ca1f1959 --- /dev/null +++ b/other/examples/remote/rsync/copy @@ -0,0 +1,30 @@ +#!/bin/sh +# +# 2012 Matt Coddington (mcoddington at gmail.com) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# +# Use rsync to copy files. This particular invocation of rsync makes +# a backup of the file before overwriting it. For example, if cdist +# overwrites /etc/passwd then you'll end up with the old copy at +# /etc/passwd~cdist +# +# Usage: +# __remote_copy="/path/to/this/script" cdist config target_host +# + +rsync --backup --suffix=~cdist -e 'ssh -i /root/.ssh/cdist -o User=root' $@ From 9c98f387b2d154219072bfa70f5a739e061a87c1 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Fri, 9 Mar 2012 23:34:46 +0100 Subject: [PATCH 31/48] remove redundant redundant sentence Signed-off-by: Nico Schottelius --- doc/man/man7/cdist-type.text | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/doc/man/man7/cdist-type.text b/doc/man/man7/cdist-type.text index 22e72a01..7e3198f3 100644 --- a/doc/man/man7/cdist-type.text +++ b/doc/man/man7/cdist-type.text @@ -186,10 +186,8 @@ WRITING THE GENCODE SCRIPT There are two gencode scripts: ***gencode-local*** and ***gencode-remote***. The output of gencode-local is executed locally, whereas the output of gencode-remote is executed on the target. - The gencode scripts can make use of the parameters, the global explorers -and the type specific explorers. The output (stdout) of these script is -saved by cdist and will be executed on the target. +and the type specific explorers. If the gencode scripts encounter an error, it should print diagnostic messages to stderr and exit non-zero. If you need to debug the gencode From 115f0549555c66c59c50915d99bdde8326297a25 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Fri, 9 Mar 2012 23:39:47 +0100 Subject: [PATCH 32/48] move submit stuff into cdist-hacker Signed-off-by: Nico Schottelius --- doc/man/man7/cdist-hacker.text | 8 +++++--- doc/man/man7/cdist-type.text | 10 +++------- 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/doc/man/man7/cdist-hacker.text b/doc/man/man7/cdist-hacker.text index 646439a3..ee88ca29 100644 --- a/doc/man/man7/cdist-hacker.text +++ b/doc/man/man7/cdist-hacker.text @@ -54,9 +54,9 @@ work nor kill the authors brain: seperate branches. This way one feature can already be included, even if the other needs to be improved. -As soon as your work meets these requirements, you can contact me -(IRC, Mailinglist, Phone, RFC 1149) and I'll check your code before -including it. +As soon as your work meets these requirements, write a mail +for inclusion to the mailinglist **cdist at cdist -- at -- l.schottelius.org** +or open a pull request at http://github.com/telmich/cdist. HOW TO SUBMIT A NEW TYPE @@ -75,6 +75,8 @@ code and thus such a type introduces redundant functionality that is given by core cdist already. + + SEE ALSO -------- - cdist(7) diff --git a/doc/man/man7/cdist-type.text b/doc/man/man7/cdist-type.text index 7e3198f3..92a2b36d 100644 --- a/doc/man/man7/cdist-type.text +++ b/doc/man/man7/cdist-type.text @@ -222,17 +222,13 @@ never ever touch this folder). HOW TO INCLUDE A TYPE INTO UPSTREAM CDIST ----------------------------------------- If you think your type may be useful for others, ensure it works with the -current master branch of cdist and submit the git url containing the type for -inclusion to the mailinglist **cdist at cdist -- at -- l.schottelius.org** -or open a pull request at http://github.com/telmich/cdist. - -Ensure a corresponding manpage named man.text in asciidoc format with -the manpage-name "cdist-type__NAME" is included in the type directory. - +current master branch of cdist and have a look at cdist-hacker(7) on +how to submit it. SEE ALSO -------- - cdist-explorer(7) +- cdist-hacker(7) - cdist-stages(7) - cdist-tutorial(7) From 9ef7482ec1669f78c174d8042768b37ad4c90b72 Mon Sep 17 00:00:00 2001 From: Matt Coddington Date: Fri, 9 Mar 2012 17:39:54 -0500 Subject: [PATCH 33/48] remove ssh key location to simplify and match other examples --- other/examples/remote/rsync/copy | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/other/examples/remote/rsync/copy b/other/examples/remote/rsync/copy index ca1f1959..f6b93c5c 100755 --- a/other/examples/remote/rsync/copy +++ b/other/examples/remote/rsync/copy @@ -18,13 +18,13 @@ # along with cdist. If not, see . # # -# Use rsync to copy files. This particular invocation of rsync makes -# a backup of the file before overwriting it. For example, if cdist -# overwrites /etc/passwd then you'll end up with the old copy at -# /etc/passwd~cdist +# Use rsync over ssh to copy files. This particular invocation of +# rsync makes a backup of the file before overwriting it. For example, +# if cdist overwrites /etc/passwd then you'll end up with the old copy +# at /etc/passwd~cdist. # # Usage: # __remote_copy="/path/to/this/script" cdist config target_host # -rsync --backup --suffix=~cdist -e 'ssh -i /root/.ssh/cdist -o User=root' $@ +rsync --backup --suffix=~cdist -e 'ssh -o User=root' $@ From a35c81d2e1d750b9cc24994d5bbba0320d8bae39 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Fri, 9 Mar 2012 23:48:04 +0100 Subject: [PATCH 34/48] ++changes(2.0.9) Signed-off-by: Nico Schottelius --- doc/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/changelog b/doc/changelog index cdc0c956..8164228d 100644 --- a/doc/changelog +++ b/doc/changelog @@ -13,6 +13,7 @@ Changelog * Feature __package: Support for OpenWRT (Giel van Schijndel) * Feature __start_on_boot: Support for OpenWRT (Giel van Schijndel) * Feature __start_on_boot: Support for Amazon Linux (Matt Coddington) + * New Example: Use rsync to backup files (Matt Coddington) 2.0.8: 2012-02-20 * Bugfix core: Remove another nasty traceback when sending SIGINT (aka Ctrl-C) From dc355e7aa22cb937ddabef9c0300301e2702422a Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Sat, 10 Mar 2012 00:25:13 +0100 Subject: [PATCH 35/48] be consistent - log parsing is easy Signed-off-by: Nico Schottelius --- bin/cdist | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/bin/cdist b/bin/cdist index d291beb0..c6467477 100755 --- a/bin/cdist +++ b/bin/cdist @@ -132,8 +132,6 @@ def configinstall(args, mode): try: configinstall_onehost(host, args, mode, parallel=False) except cdist.Error as e: - # FIXME: save the error and display at the end? - # Would be non-consistent to parallel mode failed_hosts.append(host) # Catch errors in parallel mode when joining @@ -171,6 +169,7 @@ def configinstall_onehost(host, args, mode, parallel): context.cleanup() except cdist.Error as e: + # We are running in our own process here, need to sys.exit! if parallel: log.error(e) sys.exit(1) From 10d0cf00d66a66be937b5234f5073de12d34fa7c Mon Sep 17 00:00:00 2001 From: Steven Armstrong Date: Sat, 10 Mar 2012 14:07:13 +0100 Subject: [PATCH 36/48] /special/raw/ Signed-off-by: Steven Armstrong --- conf/type/__cron/man.text | 9 +++++---- conf/type/__cron/manifest | 6 +++--- conf/type/__cron/parameter/optional | 2 +- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/conf/type/__cron/man.text b/conf/type/__cron/man.text index 2e3ae925..039be04c 100644 --- a/conf/type/__cron/man.text +++ b/conf/type/__cron/man.text @@ -35,9 +35,10 @@ month:: See crontab(5). Defaults to * day_of_week:: See crontab(5). Defaults to * -special:: - See EXTENSIONS in crontab(5). e.g. reboot, yearly, monthly - If given all other time and date fields are ignored. +raw:: + Take whatever the user has given instead of time and date fields. + If given, all other time and date fields are ignored. + Can for example be used to specify cron EXTENSIONS like reboot, yearly etc. EXAMPLES @@ -50,7 +51,7 @@ __cron some-id --user root --command "/path/to/script" \ # run on reboot __cron some-id --user root --command "/path/to/script" \ - --special reboot + --raw @reboot # remove cronjob __cron some-id --user root --command "/path/to/script" --state absent diff --git a/conf/type/__cron/manifest b/conf/type/__cron/manifest index e8a77229..7aca41ff 100755 --- a/conf/type/__cron/manifest +++ b/conf/type/__cron/manifest @@ -25,9 +25,9 @@ command="$(cat "$__object/parameter/command")" # set defaults test -f "$__object/parameter/state" || echo "present" > "$__object/parameter/state" -if [ -f "$__object/parameter/special" ]; then - special="$(cat "$__object/parameter/special")" - entry="@$special $command" +if [ -f "$__object/parameter/raw" ]; then + raw="$(cat "$__object/parameter/raw")" + entry="$raw $command" else minute="$(cat "$__object/parameter/minute" 2>/dev/null || echo "*")" hour="$(cat "$__object/parameter/hour" 2>/dev/null || echo "*")" diff --git a/conf/type/__cron/parameter/optional b/conf/type/__cron/parameter/optional index e81b64c3..517d821e 100644 --- a/conf/type/__cron/parameter/optional +++ b/conf/type/__cron/parameter/optional @@ -4,4 +4,4 @@ hour day_of_month month day_of_week -special +raw From f3545a51fe88edf0ce8bf92d794f6f39b0500091 Mon Sep 17 00:00:00 2001 From: Steven Armstrong Date: Sat, 10 Mar 2012 14:08:57 +0100 Subject: [PATCH 37/48] be nice with them users Signed-off-by: Steven Armstrong --- conf/type/__cron/man.text | 2 ++ 1 file changed, 2 insertions(+) diff --git a/conf/type/__cron/man.text b/conf/type/__cron/man.text index 039be04c..47f47456 100644 --- a/conf/type/__cron/man.text +++ b/conf/type/__cron/man.text @@ -39,6 +39,8 @@ raw:: Take whatever the user has given instead of time and date fields. If given, all other time and date fields are ignored. Can for example be used to specify cron EXTENSIONS like reboot, yearly etc. + See crontab(5) for the extensions if any that your cron implementation + implements. EXAMPLES From 2b22e5de242a23797b064b05d24385a6c0adfdeb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Bondis?= Date: Mon, 12 Mar 2012 14:13:02 -0400 Subject: [PATCH 38/48] added informations for templating --- doc/man/man7/cdist-best-practice.text | 34 +++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/doc/man/man7/cdist-best-practice.text b/doc/man/man7/cdist-best-practice.text index bbfd084a..2674bc06 100644 --- a/doc/man/man7/cdist-best-practice.text +++ b/doc/man/man7/cdist-best-practice.text @@ -153,6 +153,40 @@ implement this scenario with a gateway host and sudo: For more details consult sudoers(5) +TEMPLATING +---------- +* create directory templates/ in your type (convention) +* create the template as an executable file like templates/basic.conf.sh, it will output text using shell variables for the values + +-------------------------------------------------------------------------------------- +#!/bin/bash +# in the template, use cat << eof (here document) to output the text +# and use standard shell variables in the template +# output everything in the template script to stdout +cat << EOF +server { + listen 80; + server_name $SERVERNAME; + root $ROOT; + + access_log /var/log/nginx/$SERVERNAME_access.log + error_log /var/log/nginx/$SERVERNAME_error.log +} +EOF +-------------------------------------------------------------------------------------- + +* in the manifest, export the relevant variables and add the following lines in your manifest: +-------------------------------------------------------------------------------------- +# export variables needed for the template + export SERVERNAME='test" + export ROOT='/var/www/test' +# render the template + mkdir -p "$__object/files" + "$__type/templates/collectd.conf" > "$__object/files/collectd.conf" +# send the rendered template + __file /etc/collectd.conf --state present --source "$__object/files/collectd.conf" +-------------------------------------------------------------------------------------- + SEE ALSO -------- - cdist(1) From 1878c35ac4f30822e68f55e0573f8c1c8a00977b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Bondis?= Date: Mon, 12 Mar 2012 14:16:37 -0400 Subject: [PATCH 39/48] modify template name in example --- doc/man/man7/cdist-best-practice.text | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/man/man7/cdist-best-practice.text b/doc/man/man7/cdist-best-practice.text index 2674bc06..9e18bd2f 100644 --- a/doc/man/man7/cdist-best-practice.text +++ b/doc/man/man7/cdist-best-practice.text @@ -182,9 +182,9 @@ EOF export ROOT='/var/www/test' # render the template mkdir -p "$__object/files" - "$__type/templates/collectd.conf" > "$__object/files/collectd.conf" + "$__type/templates/basic.conf.sh" > "$__object/files/basic.conf" # send the rendered template - __file /etc/collectd.conf --state present --source "$__object/files/collectd.conf" + __file /etc/nginx/sites-available/test.conf --state present --source "$__object/files/basic.conf" -------------------------------------------------------------------------------------- SEE ALSO From 6b125d26ecd856ab4827c6ce89c2836176ff9623 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Bondis?= Date: Mon, 12 Mar 2012 14:19:41 -0400 Subject: [PATCH 40/48] doc: template changed to /bin/sh --- doc/man/man7/cdist-best-practice.text | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/man/man7/cdist-best-practice.text b/doc/man/man7/cdist-best-practice.text index 9e18bd2f..a8851f7f 100644 --- a/doc/man/man7/cdist-best-practice.text +++ b/doc/man/man7/cdist-best-practice.text @@ -159,7 +159,7 @@ TEMPLATING * create the template as an executable file like templates/basic.conf.sh, it will output text using shell variables for the values -------------------------------------------------------------------------------------- -#!/bin/bash +#!/bin/sh # in the template, use cat << eof (here document) to output the text # and use standard shell variables in the template # output everything in the template script to stdout From bb926f88bd6b2dc1d82344de49dd92916d78d259 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Mon, 12 Mar 2012 19:24:30 +0100 Subject: [PATCH 41/48] ++changes(2.0.9) Signed-off-by: Nico Schottelius --- doc/changelog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/changelog b/doc/changelog index 8164228d..29e0cbdf 100644 --- a/doc/changelog +++ b/doc/changelog @@ -14,6 +14,8 @@ Changelog * Feature __start_on_boot: Support for OpenWRT (Giel van Schijndel) * Feature __start_on_boot: Support for Amazon Linux (Matt Coddington) * New Example: Use rsync to backup files (Matt Coddington) + * Feature core: Exit non-zero, if configuration failed + * Documentation: Describe how to do templating (Aurélien Bondis) 2.0.8: 2012-02-20 * Bugfix core: Remove another nasty traceback when sending SIGINT (aka Ctrl-C) From 73113a2fe97a250f5ce13eee390c61699445bfe5 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Mon, 12 Mar 2012 20:17:59 +0100 Subject: [PATCH 42/48] --whitespace Signed-off-by: Nico Schottelius --- conf/type/__mysql_database/gencode-remote | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/type/__mysql_database/gencode-remote b/conf/type/__mysql_database/gencode-remote index c0e862f3..7cd32242 100755 --- a/conf/type/__mysql_database/gencode-remote +++ b/conf/type/__mysql_database/gencode-remote @@ -35,7 +35,7 @@ EOFF # if --user was specified if [ -f "$__object/parameter/user" ]; then user="$(cat "$__object/parameter/user")" - + # if --password was specified if [ -f "$__object/parameter/password" ]; then password="$(cat "$__object/parameter/password")" From 48f169f11fb97ac66f3c85f63cd3c650b248d680 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Mon, 12 Mar 2012 20:18:49 +0100 Subject: [PATCH 43/48] ++changes(2.0.9) Signed-off-by: Nico Schottelius --- doc/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/changelog b/doc/changelog index 29e0cbdf..4899e915 100644 --- a/doc/changelog +++ b/doc/changelog @@ -10,6 +10,7 @@ Changelog * Cleanup documentation: Some minor corrections * New Type: __package_opkg (Giel van Schijndel) * New Type: __package_pkg_freebsd (Jake Guffey) + * New Type: __mysql_database (Benedikt Koeppel) * Feature __package: Support for OpenWRT (Giel van Schijndel) * Feature __start_on_boot: Support for OpenWRT (Giel van Schijndel) * Feature __start_on_boot: Support for Amazon Linux (Matt Coddington) From ff42f7dd4c7ec47457e2297787d329f59dea4bff Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Mon, 12 Mar 2012 20:20:18 +0100 Subject: [PATCH 44/48] document return code Signed-off-by: Nico Schottelius --- doc/man/man1/cdist.text | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/doc/man/man1/cdist.text b/doc/man/man1/cdist.text index 99c28f8b..e46e84a3 100644 --- a/doc/man/man1/cdist.text +++ b/doc/man/man1/cdist.text @@ -90,10 +90,20 @@ TMPDIR, TEMP, TMP:: more information. This is rather useful, if the standard directory used does not allow executables. + +EXIT STATUS +----------- +The following exit values shall be returned: + +0:: + Successful completion +1:: + One or more host configuration failed. + + SEE ALSO -------- - cdist(7) -- cdist-type-emulator(1) - cdist-reference(7) From 04c768d51d1a6333c4b8399219a5921bdcd70aed Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Mon, 12 Mar 2012 20:20:56 +0100 Subject: [PATCH 45/48] lib: 2.0.9 Signed-off-by: Nico Schottelius --- lib/cdist/__init__.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/cdist/__init__.py b/lib/cdist/__init__.py index c1e16ffb..bd8e6483 100644 --- a/lib/cdist/__init__.py +++ b/lib/cdist/__init__.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # -# 2010-2011 Nico Schottelius (nico-cdist at schottelius.org) +# 2010-2012 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # @@ -19,7 +19,7 @@ # # -VERSION = "2.0.8" +VERSION = "2.0.9" BANNER = """ .. . .x+=:. s From 0e99dbc30acf0954c343866ea49dc4f56a0566e2 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Mon, 12 Mar 2012 20:23:58 +0100 Subject: [PATCH 46/48] ++releasedate Signed-off-by: Nico Schottelius --- doc/changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/changelog b/doc/changelog index 4899e915..dead9aa8 100644 --- a/doc/changelog +++ b/doc/changelog @@ -4,7 +4,7 @@ Changelog * Changes are always commented with their author in (braces) * Exception: No braces means author == Nico Schottelius -2.0.9: +2.0.9: 2012-03-12 * Cleanup documentation: Fix environment variable list to be properly displayed (Giel van Schijndel) * Cleanup documentation: Some minor corrections From db14277b411bd05d3a651a749addc075da04f2a0 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Mon, 12 Mar 2012 20:54:41 +0100 Subject: [PATCH 47/48] move __mysql_server to types_submitted_for_inclusion Signed-off-by: Nico Schottelius --- .../.readmes/README.inclusion.specific | 1 + .../__mysql_server/README.inclusion | 1 + .../types_submitted_for_inclusion}/__mysql_server/files/my.cnf | 0 .../types_submitted_for_inclusion}/__mysql_server/gencode-remote | 0 .../types_submitted_for_inclusion}/__mysql_server/man.text | 0 .../types_submitted_for_inclusion}/__mysql_server/manifest | 0 .../__mysql_server/parameter/optional | 0 .../__mysql_server/parameter/required | 0 .../types_submitted_for_inclusion}/__mysql_server/singleton | 0 9 files changed, 2 insertions(+) create mode 120000 other/types_submitted_for_inclusion/__mysql_server/README.inclusion rename {conf/type => other/types_submitted_for_inclusion}/__mysql_server/files/my.cnf (100%) rename {conf/type => other/types_submitted_for_inclusion}/__mysql_server/gencode-remote (100%) rename {conf/type => other/types_submitted_for_inclusion}/__mysql_server/man.text (100%) rename {conf/type => other/types_submitted_for_inclusion}/__mysql_server/manifest (100%) rename {conf/type => other/types_submitted_for_inclusion}/__mysql_server/parameter/optional (100%) rename {conf/type => other/types_submitted_for_inclusion}/__mysql_server/parameter/required (100%) rename {conf/type => other/types_submitted_for_inclusion}/__mysql_server/singleton (100%) diff --git a/other/types_submitted_for_inclusion/.readmes/README.inclusion.specific b/other/types_submitted_for_inclusion/.readmes/README.inclusion.specific index 0a1eb22e..3afdb7b4 100644 --- a/other/types_submitted_for_inclusion/.readmes/README.inclusion.specific +++ b/other/types_submitted_for_inclusion/.readmes/README.inclusion.specific @@ -2,6 +2,7 @@ Description: Type that will probably only work in a very specific environnment (like a specific distribution only). + or has custom code that may not satisfy the "usual" or generic use case. Problem: diff --git a/other/types_submitted_for_inclusion/__mysql_server/README.inclusion b/other/types_submitted_for_inclusion/__mysql_server/README.inclusion new file mode 120000 index 00000000..573e1f5f --- /dev/null +++ b/other/types_submitted_for_inclusion/__mysql_server/README.inclusion @@ -0,0 +1 @@ +../.readmes/README.inclusion.specific \ No newline at end of file diff --git a/conf/type/__mysql_server/files/my.cnf b/other/types_submitted_for_inclusion/__mysql_server/files/my.cnf similarity index 100% rename from conf/type/__mysql_server/files/my.cnf rename to other/types_submitted_for_inclusion/__mysql_server/files/my.cnf diff --git a/conf/type/__mysql_server/gencode-remote b/other/types_submitted_for_inclusion/__mysql_server/gencode-remote similarity index 100% rename from conf/type/__mysql_server/gencode-remote rename to other/types_submitted_for_inclusion/__mysql_server/gencode-remote diff --git a/conf/type/__mysql_server/man.text b/other/types_submitted_for_inclusion/__mysql_server/man.text similarity index 100% rename from conf/type/__mysql_server/man.text rename to other/types_submitted_for_inclusion/__mysql_server/man.text diff --git a/conf/type/__mysql_server/manifest b/other/types_submitted_for_inclusion/__mysql_server/manifest similarity index 100% rename from conf/type/__mysql_server/manifest rename to other/types_submitted_for_inclusion/__mysql_server/manifest diff --git a/conf/type/__mysql_server/parameter/optional b/other/types_submitted_for_inclusion/__mysql_server/parameter/optional similarity index 100% rename from conf/type/__mysql_server/parameter/optional rename to other/types_submitted_for_inclusion/__mysql_server/parameter/optional diff --git a/conf/type/__mysql_server/parameter/required b/other/types_submitted_for_inclusion/__mysql_server/parameter/required similarity index 100% rename from conf/type/__mysql_server/parameter/required rename to other/types_submitted_for_inclusion/__mysql_server/parameter/required diff --git a/conf/type/__mysql_server/singleton b/other/types_submitted_for_inclusion/__mysql_server/singleton similarity index 100% rename from conf/type/__mysql_server/singleton rename to other/types_submitted_for_inclusion/__mysql_server/singleton From a013fa6b10b52d93ddd39a53f6392f3fd28b3546 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Mon, 12 Mar 2012 20:58:53 +0100 Subject: [PATCH 48/48] ++changes(2.0.10) Signed-off-by: Nico Schottelius --- doc/changelog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/doc/changelog b/doc/changelog index dead9aa8..ce9f798b 100644 --- a/doc/changelog +++ b/doc/changelog @@ -4,6 +4,10 @@ Changelog * Changes are always commented with their author in (braces) * Exception: No braces means author == Nico Schottelius +2.0.10: + * Cleanup __group: No getent gshadow in old Redhat, use groupmod -g + (Matt Coddington) + 2.0.9: 2012-03-12 * Cleanup documentation: Fix environment variable list to be properly displayed (Giel van Schijndel)