Merge branch 'master' of code.ungleich.ch:ungleich-public/cdist

This commit is contained in:
Nico Schottelius 2020-12-11 19:38:03 +01:00
commit 69b8bc9af0
94 changed files with 3430 additions and 353 deletions

2
.gitattributes vendored
View file

@ -4,5 +4,5 @@
docs/speeches export-ignore docs/speeches export-ignore
docs/video export-ignore docs/video export-ignore
docs/src/man7 export-ignore docs/src/man7 export-ignore
bin/build-helper export-ignore bin/cdist-build-helper export-ignore
README-maintainers export-ignore README-maintainers export-ignore

View file

@ -1,20 +1,23 @@
---
image: code.ungleich.ch:5050/ungleich-public/cdist/cdist-ci:latest
stages: stages:
- test - test
image: code.ungleich.ch:5050/ungleich-public/cdist/cdist-ci:latest before_script:
- ./bin/cdist-build-helper version
unit_tests:
stage: test
script:
- ./bin/build-helper version
- ./bin/build-helper test
pycodestyle:
stage: test
script:
- ./bin/build-helper pycodestyle
shellcheck: shellcheck:
stage: test stage: test
script: script:
- ./bin/build-helper shellcheck - ./bin/cdist-build-helper shellcheck
pycodestyle:
stage: test
script:
- ./bin/cdist-build-helper pycodestyle
unit_tests:
stage: test
script:
- ./bin/cdist-build-helper test

View file

@ -1,4 +1,4 @@
Maintainers should use ./bin/build-helper script. Maintainers should use ./bin/cdist-build-helper script.
Makefile is intended for end users. It can be used for non-maintaining Makefile is intended for end users. It can be used for non-maintaining
targets that can be run from pure source (without git repository). targets that can be run from pure source (without git repository).

View file

@ -1,7 +1,8 @@
#!/bin/sh #!/usr/bin/env python3
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# #
# 2012 Nico Schottelius (nico-cdist at schottelius.org) # 2010-2016 Nico Schottelius (nico-cdist at schottelius.org)
# 2016 Darko Poljak (darko.poljak at gmail.com)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -20,14 +21,81 @@
# #
# #
# Wrapper for real script to allow execution from checkout import logging
dir=${0%/*} import os
import sys
# Ensure version is present - the bundled/shipped version contains a static version, # See if this file's parent is cdist module
# the git version contains a dynamic version # and if so add it to module search path.
"$dir/build-helper" version cdist_dir = os.path.realpath(
os.path.join(
os.path.dirname(os.path.realpath(__file__)),
os.pardir))
cdist_init_dir = os.path.join(cdist_dir, 'cdist', '__init__.py')
if os.path.exists(cdist_init_dir):
sys.path.insert(0, cdist_dir)
libdir=$(cd "${dir}/../" && pwd -P) import cdist # noqa 402
export PYTHONPATH="${libdir}" import cdist.argparse # noqa 402
import cdist.banner # noqa 402
import cdist.config # noqa 402
import cdist.install # noqa 402
import cdist.shell # noqa 402
import cdist.inventory # noqa 402
"$dir/../scripts/cdist" "$@"
def commandline():
"""Parse command line"""
# preos subcommand hack
if len(sys.argv) > 1 and sys.argv[1] == 'preos':
return cdist.preos.PreOS.commandline(sys.argv[1:])
parser, cfg = cdist.argparse.parse_and_configure(sys.argv[1:])
args = cfg.get_args()
# Work around python 3.3 bug:
# http://bugs.python.org/issue16308
# http://bugs.python.org/issue9253
# FIXME: catching AttributeError also hides
# real problems.. try a different way
# FIXME: we always print main help, not
# the help of the actual parser being used!
try:
getattr(args, "func")
except AttributeError:
parser['main'].print_help()
sys.exit(0)
args.func(args)
if __name__ == "__main__":
if sys.version < cdist.MIN_SUPPORTED_PYTHON_VERSION:
print('Python >= {} is required on the source host.'.format(
cdist.MIN_SUPPORTED_PYTHON_VERSIO), file=sys.stderr)
sys.exit(1)
exit_code = 0
try:
import re
import os
if re.match("__", os.path.basename(sys.argv[0])):
import cdist.emulator
emulator = cdist.emulator.Emulator(sys.argv)
emulator.run()
else:
commandline()
except KeyboardInterrupt:
exit_code = 2
except cdist.Error as e:
log = logging.getLogger("cdist")
log.error(e)
exit_code = 1
sys.exit(exit_code)

View file

@ -45,7 +45,7 @@ usage() {
shellcheck-manifests shellcheck-manifests
shellcheck-local-gencodes shellcheck-local-gencodes
shellcheck-remote-gencodes shellcheck-remote-gencodes
shellcheck-scripts shellcheck-bin
shellcheck-gencodes shellcheck-gencodes
shellcheck-types shellcheck-types
shellcheck shellcheck
@ -405,7 +405,7 @@ eof
;; ;;
pycodestyle|pep8) pycodestyle|pep8)
pycodestyle "${basedir}" "${basedir}/scripts/cdist" pycodestyle "${basedir}" "${basedir}/bin/cdist"
;; ;;
check-pycodestyle) check-pycodestyle)
@ -460,27 +460,34 @@ eof
test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; } test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; }
;; ;;
shellcheck-scripts) # NOTE: shellcheck-scripts is kept for compatibility
shellcheck-bin|shellcheck-scripts)
# shellcheck disable=SC2086 # shellcheck disable=SC2086
${SHELLCHECKCMD} scripts/cdist-dump scripts/cdist-new-type > "${SHELLCHECKTMP}" ${SHELLCHECKCMD} bin/cdist-dump bin/cdist-new-type > "${SHELLCHECKTMP}"
test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; } test ! -s "${SHELLCHECKTMP}" || { cat "${SHELLCHECKTMP}"; exit 1; }
;; ;;
shellcheck-gencodes) shellcheck-gencodes)
"$0" shellcheck-local-gencodes || exit 1 errors=false
"$0" shellcheck-remote-gencodes || exit 1 "$0" shellcheck-local-gencodes || errors=true
"$0" shellcheck-remote-gencodes || errors=true
! $errors || exit 1
;; ;;
shellcheck-types) shellcheck-types)
"$0" shellcheck-type-explorers || exit 1 errors=false
"$0" shellcheck-manifests || exit 1 "$0" shellcheck-type-explorers || errors=true
"$0" shellcheck-gencodes || exit 1 "$0" shellcheck-manifests || errors=true
"$0" shellcheck-gencodes || errors=true
! $errors || exit 1
;; ;;
shellcheck) shellcheck)
"$0" shellcheck-global-explorers || exit 1 errors=false
"$0" shellcheck-types || exit 1 "$0" shellcheck-global-explorers || errors=true
"$0" shellcheck-scripts || exit 1 "$0" shellcheck-types || errors=true
"$0" shellcheck-bin || errors=true
! $errors || exit 1
;; ;;
shellcheck-type-files) shellcheck-type-files)
@ -490,12 +497,14 @@ eof
;; ;;
shellcheck-with-files) shellcheck-with-files)
"$0" shellcheck || exit 1 errors=false
"$0" shellcheck-type-files || exit 1 "$0" shellcheck || errors=true
"$0" shellcheck-type-files || errors=true
! $errors || exit 1
;; ;;
shellcheck-build-helper) shellcheck-build-helper)
${SHELLCHECKCMD} ./bin/build-helper ${SHELLCHECKCMD} ./bin/cdist-build-helper
;; ;;
check-shellcheck) check-shellcheck)

View file

@ -22,12 +22,27 @@
import os import os
import hashlib import hashlib
import subprocess
import cdist.log import cdist.log
import cdist.version
VERSION = cdist.version.VERSION VERSION = 'unknown version'
try:
import cdist.version
VERSION = cdist.version.VERSION
except ModuleNotFoundError:
cdist_dir = os.path.abspath(
os.path.join(os.path.dirname(__file__), os.pardir))
if os.path.isdir(os.path.join(cdist_dir, '.git')):
try:
VERSION = subprocess.check_output(
['git', 'describe', '--always'],
cwd=cdist_dir,
universal_newlines=True)
except Exception:
pass
BANNER = """ BANNER = """
.. . .x+=:. s .. . .x+=:. s

View file

@ -473,7 +473,7 @@ def get_parsers():
# Scan = config + further # Scan = config + further
parser['scan'] = parser['sub'].add_parser('scan', add_help=False, parser['scan'] = parser['sub'].add_parser('scan', add_help=False,
parents=[parser['config']]) parents=[parser['config']])
parser['scan'] = parser['sub'].add_parser( parser['scan'] = parser['sub'].add_parser(
'scan', parents=[parser['loglevel'], 'scan', parents=[parser['loglevel'],

View file

@ -32,11 +32,12 @@ EXAMPLES
AUTHORS AUTHORS
------- -------
Steven Armstrong <steven-cdist--@--armstrong.cc> Steven Armstrong <steven-cdist--@--armstrong.cc>
Dennis Camera <dennis.camera--@--ssrq-sds-fds.ch>
COPYING COPYING
------- -------
Copyright \(C) 2014 Steven Armstrong. You can redistribute it Copyright \(C) 2014 Steven Armstrong, 2020 Dennis Camera.
and/or modify it under the terms of the GNU General Public License as You can redistribute it and/or modify it under the terms of the GNU General
published by the Free Software Foundation, either version 3 of the Public License as published by the Free Software Foundation, either version 3 of
License, or (at your option) any later version. the License, or (at your option) any later version.

View file

@ -1,6 +1,7 @@
#!/bin/sh -e #!/bin/sh -e
# #
# 2014 Steven Armstrong (steven-cdist at armstrong.cc) # 2014 Steven Armstrong (steven-cdist at armstrong.cc)
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -19,26 +20,28 @@
# #
os=$(cat "$__global/explorer/os") os=$(cat "${__global:?}/explorer/os")
case "$os" in case ${os}
ubuntu|debian|devuan) in
# No stinking recommends thank you very much. (ubuntu|debian|devuan)
# If I want something installed I will do so myself. __file /etc/apt/apt.conf.d/00InstallRecommends --state present \
__file /etc/apt/apt.conf.d/99-no-recommends \ --owner root --group root --mode 0644 --source - <<-'EOF'
--owner root --group root --mode 644 \ APT::Install-Recommends "false";
--source - << DONE APT::Install-Suggests "false";
APT::Install-Recommends "0"; APT::AutoRemove::RecommendsImportant "false";
APT::Install-Suggests "0"; APT::AutoRemove::SuggestsImportant "false";
APT::AutoRemove::RecommendsImportant "0"; EOF
APT::AutoRemove::SuggestsImportant "0";
DONE # TODO: Remove the following object after some time
;; require=__file/etc/apt/apt.conf.d/00InstallRecommends \
*) __file /etc/apt/apt.conf.d/99-no-recommends --state absent
cat >&2 << DONE ;;
(*)
cat >&2 <<EOF
The developer of this type (${__type##*/}) did not think your operating system The developer of this type (${__type##*/}) did not think your operating system
($os) would have any use for it. If you think otherwise please submit a patch. ($os) would have any use for it. If you think otherwise please submit a patch.
DONE EOF
exit 1 exit 1
;; ;;
esac esac

View file

@ -46,28 +46,29 @@ fi
remove_block() { remove_block() {
cat << DONE cat << DONE
tmpfile=\$(mktemp ${file}.cdist.XXXXXXXXXX) tmpfile=\$(mktemp ${quoted_file}.cdist.XXXXXXXXXX)
# preserve ownership and permissions of existing file # preserve ownership and permissions of existing file
if [ -f "$file" ]; then if [ -f $quoted_file ]; then
cp -p "$file" "\$tmpfile" cp -p $quoted_file "\$tmpfile"
fi fi
awk -v prefix=^$(quote "$prefix")\$ -v suffix=^$(quote "$suffix")\$ ' awk -v prefix=$(quote "$prefix") -v suffix=$(quote "$suffix") '
{ {
if (match(\$0,prefix)) { if (\$0 == prefix) {
triggered=1 triggered=1
} }
if (triggered) { if (triggered) {
if (match(\$0,suffix)) { if (\$0 == suffix) {
triggered=0 triggered=0
} }
} else { } else {
print print
} }
}' "$file" > "\$tmpfile" }' $quoted_file > "\$tmpfile"
mv -f "\$tmpfile" "$file" mv -f "\$tmpfile" $quoted_file
DONE DONE
} }
quoted_file="$(quote "$file")"
case "$state_should" in case "$state_should" in
present) present)
if [ "$state_is" = "changed" ]; then if [ "$state_is" = "changed" ]; then
@ -77,7 +78,7 @@ case "$state_should" in
echo add >> "$__messages_out" echo add >> "$__messages_out"
fi fi
cat << DONE cat << DONE
cat >> "$file" << ${__type##*/}_DONE cat >> $quoted_file << '${__type##*/}_DONE'
$(cat "$block") $(cat "$block")
${__type##*/}_DONE ${__type##*/}_DONE
DONE DONE

View file

@ -0,0 +1,26 @@
#!/bin/sh -e
# __dpkg_architecture/explorer/architecture
#
# 2020 Matthias Stecher <matthiasstecher at gmx.de>
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# Get the main architecture of this machine
# print or die in the gencode-remote
dpkg --print-architecture || true

View file

@ -0,0 +1,26 @@
#!/bin/sh -e
# __dpkg_architecture/explorer/foreign-architectures
#
# 2020 Matthias Stecher <matthiasstecher at gmx.de>
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# Print all additional architectures
# print or die in the gencode-remote
dpkg --print-foreign-architectures || true

View file

@ -0,0 +1,82 @@
#!/bin/sh -e
# __dpkg_architecture/gencode-remote
#
# 2020 Matthias Stecher <matthiasstecher at gmx.de>
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# Get parameter and explorer
state_should="$(cat "$__object/parameter/state")"
arch_wanted="$__object_id"
main_arch="$(cat "$__object/explorer/architecture")"
# Exit here if dpkg do not work (empty explorer)
if [ -z "$main_arch" ]; then
echo "dpkg is not available or unable to detect a architecture!" >&2
exit 1
fi
# Check if requested architecture is the main one
if [ "$arch_wanted" = "$main_arch" ]; then
# higher than present; we can not remove it
state_is="present"
caution="yes"
# Check if the architecture not already used
elif grep -qFx "$arch_wanted" "$__object/explorer/foreign-architectures"; then
state_is="present"
# arch does not exist
else
state_is="absent"
fi
# Check what to do
if [ "$state_is" != "$state_should" ]; then
case "$state_should" in
present)
# print add code
printf "dpkg --add-architecture '%s'\n" "$arch_wanted"
# updating the index to make the new architecture available
echo "apt update"
echo added >> "$__messages_out"
;;
absent)
if [ "$caution" ]; then
printf "can not remove the main arch '%s' of the system!\n" "$main_arch" >&2
exit 1
fi
# removing all existing packages for the architecture
printf "apt purge '.*:%s'\n" "$arch_wanted"
# print remove code
printf "dpkg --remove-architecture '%s'\n" "$arch_wanted"
echo removed >> "$__messages_out"
;;
*)
printf "state '%s' is unknown!\n" "$state_should" >&2
exit 1
;;
esac
fi

View file

@ -0,0 +1,103 @@
cdist-type__dpkg_architecture(7)
================================
NAME
----
cdist-type__dpkg_architecture - Handles foreign architectures on debian-like
systems managed by `dpkg`
DESCRIPTION
-----------
This type handles foreign architectures on systems managed by
:strong:`dpkg`\ (1). The object id is the name of the architecture accepted by
`dpkg`, which should be added or removed.
If the architecture is not setup on the system, it adds a new architecture as a
new foreign architecture in `dpkg`. Then, it updates the apt package index to
make packages from the new architecture available.
If the architecture should be removed, it will remove it if it is not the base
architecture on where the system was installed on. Before it, it will purge
every package based on the "to be removed" architecture via `apt` to be able to
remove the selected architecture.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
state
``present`` or ``absent``. Defaults to ``present``.
MESSAGES
--------
added
Added the specified architecture
removed
Removed the specified architecture
ABORTS
------
Aborts in the following cases:
If :strong:`dpkg`\ (1) is not available. It will abort with a proper error
message.
If the architecture is the same as the base architecture the system is build
upon it (returned by ``dpkg --print-architecture``) and it should be removed.
It will fail if it can not execute :strong:`apt`\ (8). It is assumed that it is
already installed.
EXAMPLES
--------
.. code-block:: sh
# add i386 (32 bit) architecture
__dpkg_architecture i386
# remove it again :)
__dpkg_architecture i386 --state absent
SEE ALSO
--------
`Multiarch on Debian systems <https://wiki.debian.org/Multiarch>`_
`How to setup multiarch on Debian <https://wiki.debian.org/Multiarch/HOWTO>`_
:strong:`dpkg`\ (1)
:strong:`cdist-type__package_dpkg`\ (7)
:strong:`cdist-type__package_apt`\ (7)
Useful commands:
.. code-block:: sh
# base architecture installed on this system
dpkg --print-architecture
# extra architectures added
dpkg --print-foreign-architectures
AUTHORS
-------
Matthias Stecher <matthiasstecher at gmx.de>
COPYING
-------
Copyright \(C) 2020 Matthias Stecher. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
ublished by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1 @@
present

View file

@ -0,0 +1 @@
state

View file

@ -95,6 +95,10 @@ case "$state_should" in
fi fi
;; ;;
pre-exists)
:
;;
*) *)
echo "Unknown state: $state_should" >&2 echo "Unknown state: $state_should" >&2
exit 1 exit 1

View file

@ -20,26 +20,27 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
os=$(cat "$__global/explorer/os") os=$(cat "${__global:?}/explorer/os")
name_running=$(cat "$__global/explorer/hostname") name_running=$(cat "${__global:?}/explorer/hostname")
has_hostnamectl=$(cat "$__object/explorer/has_hostnamectl") has_hostnamectl=$(cat "${__object:?}/explorer/has_hostnamectl")
if test -s "$__object/parameter/name" if test -s "${__object:?}/parameter/name"
then then
name_should=$(cat "$__object/parameter/name") name_should=$(cat "${__object:?}/parameter/name")
else else
case $os case ${os}
in in
# RedHat-derivatives and BSDs # RedHat-derivatives and BSDs
centos|fedora|redhat|scientific|freebsd|macosx|netbsd|openbsd) (centos|fedora|redhat|scientific|freebsd|macosx|netbsd|openbsd)
# Hostname is FQDN # Hostname is FQDN
name_should="${__target_host}" name_should=${__target_host:?}
;; ;;
*) (*)
# Hostname is only first component of FQDN # Hostname is only first component of FQDN
name_should="${__target_host%%.*}" name_should=${__target_host:?}
;; name_should=${name_should%%.*}
;;
esac esac
fi fi
@ -47,43 +48,46 @@ fi
################################################################################ ################################################################################
# Check if the (running) hostname is already correct # Check if the (running) hostname is already correct
# #
test "$name_running" != "$name_should" || exit 0 test "${name_running}" != "${name_should}" || exit 0
################################################################################ ################################################################################
# Setup hostname # Setup hostname
# #
echo 'changed' >>"$__messages_out" echo 'changed' >>"${__messages_out:?}"
# Use the good old way to set the hostname. # Use the good old way to set the hostname.
case $os case ${os}
in in
alpine|debian|devuan|ubuntu) (alpine|debian|devuan|ubuntu)
echo 'hostname -F /etc/hostname' echo 'hostname -F /etc/hostname'
;; ;;
archlinux) (archlinux)
echo 'command -v hostnamectl >/dev/null 2>&1' \ echo 'command -v hostnamectl >/dev/null 2>&1' \
"&& hostnamectl set-hostname '$name_should'" \ "&& hostnamectl set-hostname '${name_should}'" \
"|| hostname '$name_should'" "|| hostname '${name_should}'"
;; ;;
centos|fedora|redhat|scientific|freebsd|netbsd|openbsd|gentoo|void) (centos|fedora|redhat|scientific|freebsd|netbsd|openbsd|gentoo|void)
echo "hostname '$name_should'" echo "hostname '${name_should}'"
;; ;;
macosx) (openwrt)
echo "scutil --set HostName '$name_should'" echo "echo '${name_should}' >/proc/sys/kernel/hostname"
;; ;;
solaris) (macosx)
echo "uname -S '$name_should'" echo "scutil --set HostName '${name_should}'"
;; ;;
slackware|suse|opensuse-leap) (solaris)
echo "uname -S '${name_should}'"
;;
(slackware|suse)
# We do not read from /etc/HOSTNAME, because the running # We do not read from /etc/HOSTNAME, because the running
# hostname is the first component only while the file contains # hostname is the first component only while the file contains
# the FQDN. # the FQDN.
echo "hostname '$name_should'" echo "hostname '${name_should}'"
;; ;;
*) (*)
# Fall back to set the hostname using hostnamectl, if available. # Fall back to set the hostname using hostnamectl, if available.
if test -n "$has_hostnamectl" if test -n "${has_hostnamectl}"
then then
# Don't use hostnamectl as the primary means to set the hostname for # Don't use hostnamectl as the primary means to set the hostname for
# systemd systems, because it cannot be trusted to work reliably and # systemd systems, because it cannot be trusted to work reliably and
@ -94,7 +98,8 @@ in
echo "test \"\$(hostname)\" = \"\$(cat /etc/hostname)\"" \ echo "test \"\$(hostname)\" = \"\$(cat /etc/hostname)\"" \
" || hostname -F /etc/hostname" " || hostname -F /etc/hostname"
else else
printf "echo 'Unsupported OS: %s' >&2\nexit 1\n" "$os" printf "echo 'Unsupported OS: %s' >&2\n" "${os}"
printf 'exit 1\n'
fi fi
;; ;;
esac esac

View file

@ -20,69 +20,49 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
not_supported() {
echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
echo "Please contribute an implementation for it if you can." >&2
exit 1
}
set_hostname_systemd() { set_hostname_systemd() {
echo "$1" | __file /etc/hostname --source - echo "$1" | __file /etc/hostname --source -
} }
os=$(cat "$__global/explorer/os") os=$(cat "${__global:?}/explorer/os")
os_version=$(cat "$__global/explorer/os_version")
os_major=$(echo "$os_version" | grep -o '^[0-9][0-9]*' || true)
max_len=$(cat "$__object/explorer/max_len") max_len=$(cat "${__object:?}/explorer/max_len")
has_hostnamectl=$(cat "$__object/explorer/has_hostnamectl") has_hostnamectl=$(cat "${__object:?}/explorer/has_hostnamectl")
if test -s "$__object/parameter/name" if test -s "${__object:?}/parameter/name"
then then
name_should=$(cat "$__object/parameter/name") name_should=$(cat "${__object:?}/parameter/name")
else else
case $os case ${os}
in in
# RedHat-derivatives and BSDs # RedHat-derivatives and BSDs
centos|fedora|redhat|scientific|freebsd|netbsd|openbsd|slackware) (centos|fedora|redhat|scientific|freebsd|netbsd|openbsd|slackware|suse)
# Hostname is FQDN # Hostname is FQDN
name_should="${__target_host}" name_should=${__target_host:?}
;; ;;
suse|opensuse-leap)
# Classic SuSE stores the FQDN in /etc/HOSTNAME, while
# systemd does not. The running hostname is the first
# component in both cases.
# In versions before 15.x, the FQDN is stored in /etc/hostname.
if test -n "$has_hostnamectl" && test "$os_major" -ge 15 \
&& test "$os_major" -ne 42
then
name_should="${__target_host%%.*}"
else
name_should="${__target_host}"
fi
;;
*) *)
# Hostname is only first component of FQDN on all other systems. # Hostname is only first component of FQDN on all other systems.
name_should="${__target_host%%.*}" name_should=${__target_host:?}
;; name_should=${name_should%%.*}
;;
esac esac
fi fi
if test -n "$max_len" && test "$(printf '%s' "$name_should" | wc -c)" -gt "$max_len" if test -n "${max_len}" && test "$(printf '%s' "${name_should}" | wc -c)" -gt "${max_len}"
then then
printf "Host name too long. Up to %u characters allowed.\n" "${max_len}" >&2 printf "Host name too long. Up to %u characters allowed.\n" "${max_len}" >&2
exit 1 exit 1
fi fi
case $os case ${os}
in in
alpine|debian|devuan|ubuntu|void) (alpine|debian|devuan|ubuntu|void)
echo "$name_should" | __file /etc/hostname --source - echo "${name_should}" | __file /etc/hostname --source -
;; ;;
archlinux) (archlinux)
if test -n "$has_hostnamectl" if test -n "${has_hostnamectl}"
then then
set_hostname_systemd "$name_should" set_hostname_systemd "${name_should}"
else else
echo 'Ancient ArchLinux variants without hostnamectl are not supported.' >&2 echo 'Ancient ArchLinux variants without hostnamectl are not supported.' >&2
exit 1 exit 1
@ -97,8 +77,8 @@ in
# --value "\"$name_should\"" # --value "\"$name_should\""
fi fi
;; ;;
centos|fedora|redhat|scientific) (centos|fedora|redhat|scientific)
if test -z "$has_hostnamectl" if test -z "${has_hostnamectl}"
then then
# Only write to /etc/sysconfig/network on non-systemd versions. # Only write to /etc/sysconfig/network on non-systemd versions.
# On systemd-based versions this entry is ignored. # On systemd-based versions this entry is ignored.
@ -106,59 +86,83 @@ in
--file /etc/sysconfig/network \ --file /etc/sysconfig/network \
--delimiter '=' --exact_delimiter \ --delimiter '=' --exact_delimiter \
--key HOSTNAME \ --key HOSTNAME \
--value "\"$name_should\"" --value "\"${name_should}\""
else else
set_hostname_systemd "$name_should" set_hostname_systemd "${name_should}"
fi fi
;; ;;
gentoo) (gentoo)
# Only write to /etc/conf.d/hostname on OpenRC-based installations. # Only write to /etc/conf.d/hostname on OpenRC-based installations.
# On systemd use hostnamectl(1) in gencode-remote. # On systemd use hostnamectl(1) in gencode-remote.
if test -z "$has_hostnamectl" if test -z "${has_hostnamectl}"
then then
__key_value '/etc/conf.d/hostname:hostname' \ __key_value '/etc/conf.d/hostname:hostname' \
--file /etc/conf.d/hostname \ --file /etc/conf.d/hostname \
--delimiter '=' --exact_delimiter \ --delimiter '=' --exact_delimiter \
--key 'hostname' \ --key 'hostname' \
--value "\"$name_should\"" --value "\"${name_should}\""
else else
set_hostname_systemd "$name_should" set_hostname_systemd "$name_should"
fi fi
;; ;;
freebsd) (freebsd)
__key_value '/etc/rc.conf:hostname' \ __key_value '/etc/rc.conf:hostname' \
--file /etc/rc.conf \ --file /etc/rc.conf \
--delimiter '=' --exact_delimiter \ --delimiter '=' --exact_delimiter \
--key 'hostname' \ --key 'hostname' \
--value "\"$name_should\"" --value "\"${name_should}\""
;; ;;
macosx) (macosx)
# handled in gencode-remote # handled in gencode-remote
: ;;
;; (netbsd)
netbsd)
__key_value '/etc/rc.conf:hostname' \ __key_value '/etc/rc.conf:hostname' \
--file /etc/rc.conf \ --file /etc/rc.conf \
--delimiter '=' --exact_delimiter \ --delimiter '=' --exact_delimiter \
--key 'hostname' \ --key 'hostname' \
--value "\"$name_should\"" --value "\"${name_should}\""
# To avoid confusion, ensure that the hostname is only stored once. # To avoid confusion, ensure that the hostname is only stored once.
__file /etc/myname --state absent __file /etc/myname --state absent
;; ;;
openbsd) (openbsd)
echo "$name_should" | __file /etc/myname --source - echo "${name_should}" | __file /etc/myname --source -
;; ;;
slackware) (openwrt)
__uci system.@system[0].hostname --value "${name_should}"
# --transaction hostname
;;
(slackware)
# We write the FQDN into /etc/HOSTNAME. But /etc/rc.d/rc.M will only # We write the FQDN into /etc/HOSTNAME. But /etc/rc.d/rc.M will only
# read the first component from this file and set it as the running # read the first component from this file and set it as the running
# hostname on boot. # hostname on boot.
echo "$name_should" | __file /etc/HOSTNAME --source - echo "${name_should}" | __file /etc/HOSTNAME --source -
;; ;;
solaris) (solaris)
echo "$name_should" | __file /etc/nodename --source - echo "${name_should}" | __file /etc/nodename --source -
;; ;;
suse|opensuse-leap) (suse)
if test -s "${__global:?}/explorer/os_release"
then
# shellcheck source=/dev/null
os_version=$(. "${__global:?}/explorer/os_release" && echo "${VERSION}")
else
os_version=$(sed -n 's/^VERSION\ *=\ *//p' "${__global:?}/explorer/os_version")
fi
os_major=$(expr "${os_version}" : '\([0-9]\{1,\}\)')
# Classic SuSE stores the FQDN in /etc/HOSTNAME, while
# systemd does not. The running hostname is the first
# component in both cases.
# In versions before 15.x, the FQDN is stored in /etc/hostname.
if test -n "${has_hostnamectl}" \
&& test "${os_major}" -ge 15 \
&& test "${os_major}" -ne 42
then
# strip away everything but the first part from $name_should
name_should=${name_should%%.*}
fi
# Modern SuSE provides /etc/HOSTNAME as a symlink for # Modern SuSE provides /etc/HOSTNAME as a symlink for
# backwards-compatibility. Unfortunately it cannot be used # backwards-compatibility. Unfortunately it cannot be used
# here as __file does not follow the symlink. # here as __file does not follow the symlink.
@ -167,23 +171,25 @@ in
# not work correctly on openSUSE 12.x which provides # not work correctly on openSUSE 12.x which provides
# hostnamectl but not /etc/hostname. # hostnamectl but not /etc/hostname.
if test -n "$has_hostnamectl" -a "$os_major" -gt 12 if test -n "${has_hostnamectl}" -a "${os_major}" -gt 12
then then
hostname_file='/etc/hostname' hostname_file=/etc/hostname
else else
hostname_file='/etc/HOSTNAME' hostname_file=/etc/HOSTNAME
fi fi
echo "$name_should" | __file "$hostname_file" --source - echo "${name_should}" | __file "${hostname_file}" --source -
;; ;;
*) (*)
# On other operating systems we fall back to systemd's # On other operating systems we fall back to systemd's
# hostnamectl if available… # hostnamectl if available…
if test -n "$has_hostnamectl" if test -n "${has_hostnamectl}"
then then
set_hostname_systemd "$name_should" set_hostname_systemd "${name_should}"
else else
not_supported echo "Your operating system (${os}) is currently not supported by this type (${__type##*/})." >&2
echo "Please contribute an implementation for it if you can." >&2
exit 1
fi fi
;; ;;
esac esac

View file

@ -0,0 +1,28 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# Prints the clock mode read from the /etc/adjtime file, if present.
#
# not all operating systems use an adjfile
test -f /etc/adjtime || exit 0
# 3rd line is clock mode
# adjtime(5) https://man7.org/linux/man-pages/man5/adjtime.5.html
sed -n 3p /etc/adjtime

View file

@ -0,0 +1,27 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# Prints the LocalRTC property using timedatectl on systemd-based systems.
#
command -v timedatectl >/dev/null 2>&1 || exit 0
# NOTE: Older versions of timedatectl do not support `timedatectl show'
timedatectl --no-pager status \
| awk -F': ' '$1 ~ "RTC in local TZ$" { sub(/[ \t]*$/, "", $2); print $2 }'

View file

@ -0,0 +1,62 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
mode=$(cat "${__object:?}/parameter/mode")
timedatectl_localrtc=$(cat "${__object:?}/explorer/timedatectl_localrtc")
adjtime_mode=$(cat "${__object:?}/explorer/adjtime_mode")
case ${mode}
in
(localtime)
adjtime_str=LOCAL
local_rtc_str=yes
;;
(UTC|utc)
adjtime_str=UTC
local_rtc_str=no
;;
(*)
printf 'Invalid value for --mode: %s\n' "${mode}" >&2
printf 'Acceptable values are: localtime, utc.\n' >&2
exit 1
esac
if test -n "${timedatectl_localrtc}"
then
# systemd
timedatectl_should=${local_rtc_str}
if test "${timedatectl_localrtc}" != "${timedatectl_should}"
then
printf 'timedatectl set-local-rtc %s\n' "${timedatectl_should}"
fi
elif test -n "${adjtime_mode}"
then
# others (update /etc/adjtime if present)
if test "${adjtime_mode}" != "${adjtime_str}"
then
# Update /etc/adjtime (3rd line is clock mode)
# adjtime(5) https://man7.org/linux/man-pages/man5/adjtime.5.html
# FIXME: Should maybe add third line if adjfile only contains two lines
printf "sed -i '3c\\\\\\n%s\\n' /etc/adjtime\\n" "${adjtime_str}"
fi
fi

View file

@ -0,0 +1,63 @@
cdist-type__hwclock(7)
======================
NAME
----
cdist-type__hwclock - Manage the hardware real time clock.
DESCRIPTION
-----------
This type can be used to control how the hardware clock is used by the operating
system.
REQUIRED PARAMETERS
-------------------
mode
What mode the hardware clock is in.
Acceptable values:
localtime
The hardware clock is set to local time (common for systems also running
Windows.)
UTC
The hardware clock is set to UTC (common on UNIX systems.)
OPTIONAL PARAMETERS
-------------------
None.
BOOLEAN PARAMETERS
------------------
None.
EXAMPLES
--------
.. code-block:: sh
# Make the operating system treat the time read from the hwclock as UTC.
__hwclock --mode UTC
SEE ALSO
--------
:strong:`hwclock`\ (8)
AUTHORS
-------
Dennis Camera <dennis.camera@ssrq-sds-fds.ch>
COPYING
-------
Copyright \(C) 2020 Dennis Camera. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,222 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# TODO: Consider supporting BADYEAR
os=$(cat "${__global:?}/explorer/os")
mode=$(cat "${__object:?}/parameter/mode")
has_systemd_timedatectl=$(test -s "${__object:?}/explorer/timedatectl_localrtc" && echo true || echo false)
case ${mode}
in
(localtime)
local_clock=true
;;
(UTC|utc)
local_clock=false
;;
(*)
printf 'Invalid value for --mode: %s\n' "${mode}" >&2
printf 'Acceptable values are: UTC, localtime.\n' >&2
exit 1
esac
case ${os}
in
(alpine|gentoo)
if ! $has_systemd_timedatectl
then
# NOTE: Gentoo also supports systemd, in which case /etc/conf.d is
# not used. So we check for systemd presence here and only
# update /etc/conf.d if systemd is not installed.
# https://wiki.gentoo.org/wiki/System_time#Hardware_clock
export CDIST_ORDER_DEPENDENCY=true
__file /etc/conf.d/hwclock --state present \
--owner root --group root --mode 0644
__key_value /etc/conf.d/hwclock:clock \
--file /etc/conf.d/hwclock \
--key clock \
--delimiter '=' --exact_delimiter \
--value "\"$($local_clock && echo local || echo UTC)\""
unset CDIST_ORDER_DEPENDENCY
fi
;;
(centos|fedora|redhat|scientific)
os_version=$(cat "${__global:?}/explorer/os_version")
os_major=$(expr "${os_version}" : '.* release \([0-9]*\)')
case ${os}
in
(centos|scientific)
update_sysconfig=$(test "${os_major}" -lt 6 && echo true || echo false)
;;
(fedora)
update_sysconfig=$(test "${os_major}" -lt 10 && echo true || echo false)
;;
(redhat|*)
case ${os_version}
in
('Red Hat Enterprise Linux'*)
update_sysconfig=$(test "${os_major}" -lt 6 && echo true || echo false)
;;
('Red Hat Linux'*)
update_sysconfig=true
;;
(*)
printf 'Could not determine Red Hat distribution.\n' >&2
printf "Please contribute an implementation for it if you can.\n" >&2
exit 1
;;
esac
;;
esac
if ${update_sysconfig:?}
then
export CDIST_ORDER_DEPENDENCY=true
__file /etc/sysconfig/clock --state present \
--owner root --group root --mode 0644
__key_value /etc/sysconfig/clock:UTC \
--file /etc/sysconfig/clock \
--key UTC \
--delimiter '=' --exact_delimiter \
--value "$($local_clock && echo false || echo true)"
unset CDIST_ORDER_DEPENDENCY
fi
;;
(debian|devuan|ubuntu)
os_major=$(sed 's/[^0-9].*$//' "${__global:?}/explorer/os_version")
case ${os}
in
(debian)
if test "${os_major}" -ge 7
then
update_rcS=false
elif test "${os_major}" -ge 3
then
update_rcS=true
else
# Debian 2.2 should be supportable using rcS.
# Debian 2.1 uses the ancient GMT key.
# Debian 1.3 does not have rcS.
printf "Your operating system (Debian %s) is currently not supported by this type (%s)\n" \
"$(cat "${__global:?}/explorer/os_version")" "${__type##*/}" >&2
printf "Please contribute an implementation for it if you can.\n" >&2
exit 1
fi
;;
(devuan)
update_rcS=false
;;
(ubuntu)
update_rcS=$(test "${os_major}" -lt 16 && echo true || echo false)
;;
esac
if ${update_rcS}
then
export CDIST_ORDER_DEPENDENCY=true
__file /etc/default/rcS --state present \
--owner root --group root --mode 0644
__key_value /etc/default/rcS:UTC \
--file /etc/default/rcS \
--key UTC \
--delimiter '=' --exact_delimiter \
--value "$($local_clock && echo no || echo yes)"
unset CDIST_ORDER_DEPENDENCY
fi
;;
(freebsd)
# cf. adjkerntz(8)
__file /etc/wall_cmos_clock \
--state "$($local_clock && echo present || echo absent)" \
--owner root --group wheel --mode 0444
;;
(netbsd)
# https://wiki.netbsd.org/guide/boot/#index9h2
__key_value /etc/rc.conf:rtclocaltime \
--file /etc/rc.conf \
--key rtclocaltime \
--delimiter '=' --exact_delimiter \
--value "$($local_clock && echo YES || echo NO)"
;;
(slackware)
__file /etc/hardwareclock --owner root --group root --mode 0644 \
--source - <<-EOF
# /etc/hardwareclock
#
# Tells how the hardware clock time is stored.
# This file is managed by cdist.
$($local_clock && echo localtime || echo UTC)
EOF
;;
(suse)
if test -s "${__global:?}/explorer/os_release"
then
# shellcheck source=/dev/null
os_version=$(. "${__global:?}/explorer/os_release" && echo "${VERSION}")
else
os_version=$(sed -n 's/^VERSION\ *=\ *//p' "${__global:?}/explorer/os_version")
fi
os_major=$(expr "${os_version}" : '\([0-9]\{1,\}\)')
# TODO: Consider using `yast2 timezone set hwclock' instead
if expr "${os_major}" \< 12
then
# Starting with SuSE 12 (first systemd-based version)
# /etc/sysconfig/clock does not contain the HWCLOCK line
# anymore.
# With SuSE 13, it has been reduced to TIMEZONE configuration.
__key_value /etc/sysconfig/clock:HWCLOCK \
--file /etc/sysconfig/clock \
--delimiter '=' --exact_delimiter \
--key HWCLOCK \
--value "$($local_clock && echo '"--localtime"' || echo '"-u"')"
fi
;;
(void)
export CDIST_ORDER_DEPENDENCY=true
__file /etc/rc.conf \
--owner root --group root --mode 0644 \
--state present
__key_value /etc/rc.conf:HARDWARECLOCK \
--file /etc/rc.conf \
--delimiter '=' --exact_delimiter \
--key HARDWARECLOCK \
--value "\"$($local_clock && echo localtime || echo UTC)\""
unset CDIST_ORDER_DEPENDENCY
;;
(*)
if ! $has_systemd_timedatectl
then
printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2
printf "Please contribute an implementation for it if you can.\n" >&2
exit 1
fi
;;
esac
# NOTE: timedatectl set-local-rtc for systemd is in gencode-remote
# NOTE: /etc/adjtime is also updated in gencode-remote

View file

@ -0,0 +1 @@
mode

View file

View file

@ -1,7 +1,4 @@
#!/bin/sh #!/bin/sh
# Nico Schottelius
# Zürisee, Mon Sep 2 18:38:27 CEST 2013
#
### BEGIN INIT INFO ### BEGIN INIT INFO
# Provides: iptables # Provides: iptables
# Required-Start: $local_fs $remote_fs # Required-Start: $local_fs $remote_fs
@ -14,34 +11,72 @@
# and saves/restores previous status # and saves/restores previous status
### END INIT INFO ### END INIT INFO
# Originally written by:
# Nico Schottelius
# Zürisee, Mon Sep 2 18:38:27 CEST 2013
#
# 2013 Nico Schottelius (nico-cdist at schottelius.org)
# 2020 Matthias Stecher (matthiasstecher at gmx.de)
#
# This file is distributed with cdist and licenced under the
# GNU GPLv3+ WITHOUT ANY WARRANTY.
# Read files and execute the content with the given commands
#
# Arguments:
# 1: Directory
# 2..n: Commands which should be used to execute the file content
gothrough() {
cd "$1" || return
shift
# iterate through all rules and continue if it's not a file
for rule in *; do
[ -f "$rule" ] || continue
echo "Appling iptables rule $rule ..."
# execute it with all commands specificed
ruleparam="$(cat "$rule")"
for cmd in "$@"; do
# Command and Rule should be split.
# shellcheck disable=SC2046
command $cmd $ruleparam
done
done
}
# Shortcut for iptables command to do IPv4 and v6
# only applies to the "reset" target
iptables() {
command iptables "$@"
command ip6tables "$@"
}
basedir=/etc/iptables.d basedir=/etc/iptables.d
status="${basedir}/.pre-start" status4="${basedir}/.pre-start"
status6="${basedir}/.pre-start6"
case $1 in case $1 in
start) start)
# Save status # Save status
iptables-save > "$status" iptables-save > "$status4"
ip6tables-save > "$status6"
# Apply our ruleset # Apply our ruleset
cd "$basedir" || exit gothrough "$basedir" iptables
count="$(find . ! -name . -prune | wc -l)" #gothrough "$basedir/v4" iptables # conflicts with $basedir
gothrough "$basedir/v6" ip6tables
# Only do something if there are rules gothrough "$basedir/all" iptables ip6tables
if [ "$count" -ge 1 ]; then
for rule in *; do
echo "Applying iptables rule $rule ..."
# Rule should be split.
# shellcheck disable=SC2046
iptables $(cat "$rule")
done
fi
;; ;;
stop) stop)
# Restore from status before, if there is something to restore # Restore from status before, if there is something to restore
if [ -f "$status" ]; then if [ -f "$status4" ]; then
iptables-restore < "$status" iptables-restore < "$status4"
fi
if [ -f "$status6" ]; then
ip6tables-restore < "$status6"
fi fi
;; ;;
restart) restart)

View file

@ -10,7 +10,24 @@ DESCRIPTION
----------- -----------
This cdist type deploys an init script that triggers This cdist type deploys an init script that triggers
the configured rules and also re-applies them on the configured rules and also re-applies them on
configuration. configuration. Rules are written from __iptables_rule
into the folder ``/etc/iptables.d/``.
It reads all rules from the base folder as rules for IPv4.
Rules in the subfolder ``v6/`` are IPv6 rules. Rules in
the subfolder ``all/`` are applied to both rule tables. All
files contain the arguments for a single ``iptables`` and/or
``ip6tables`` command.
Rules are applied in the following order:
1. All IPv4 rules
2. All IPv6 rules
2. All rules that should be applied to both tables
The order of the rules that will be applied are definite
from the result the shell glob returns, which should be
alphabetical. If rules must be applied in a special order,
prefix them with a number like ``02-some-rule``.
REQUIRED PARAMETERS REQUIRED PARAMETERS
@ -24,7 +41,7 @@ None
EXAMPLES EXAMPLES
-------- --------
None (__iptables_apply is used by __iptables_rule) None (__iptables_apply is used by __iptables_rule automatically)
SEE ALSO SEE ALSO
@ -35,11 +52,13 @@ SEE ALSO
AUTHORS AUTHORS
------- -------
Nico Schottelius <nico-cdist--@--schottelius.org> Nico Schottelius <nico-cdist--@--schottelius.org>
Matthias Stecher <matthiasstecher--@--gmx.de>
COPYING COPYING
------- -------
Copyright \(C) 2013 Nico Schottelius. You can redistribute it Copyright \(C) 2013 Nico Schottelius.
and/or modify it under the terms of the GNU General Public License as Copyright \(C) 2020 Matthias Stecher.
published by the Free Software Foundation, either version 3 of the You can redistribute it and/or modify it under the terms of the GNU
License, or (at your option) any later version. General Public License as published by the Free Software Foundation,
either version 3 of the License, or (at your option) any later version.

View file

@ -11,6 +11,10 @@ DESCRIPTION
This cdist type allows you to manage iptable rules This cdist type allows you to manage iptable rules
in a distribution independent manner. in a distribution independent manner.
See :strong:`cdist-type__iptables_apply`\ (7) for the
execution order of these rules. It will be executed
automaticly to apply all rules non-volaite.
REQUIRED PARAMETERS REQUIRED PARAMETERS
------------------- -------------------
@ -25,6 +29,24 @@ state
'present' or 'absent', defaults to 'present' 'present' or 'absent', defaults to 'present'
BOOLEAN PARAMETERS
------------------
All rules without any of these parameters will be treated like ``--v4`` because
of backward compatibility.
v4
Explicitly set it as rule for IPv4. If IPv6 is set, too, it will be
threaten like ``--all``. Will be the default if nothing else is set.
v6
Explicitly set it as rule for IPv6. If IPv4 is set, too, it will be
threaten like ``--all``.
all
Set the rule for both IPv4 and IPv6. It will be saved separately from the
other rules.
EXAMPLES EXAMPLES
-------- --------
@ -48,6 +70,16 @@ EXAMPLES
--state absent --state absent
# IPv4-only rule for ICMPv4
__iptables_rule icmp-v4 --v4 --rule "-A INPUT -p icmp -j ACCEPT"
# IPv6-only rule for ICMPv6
__iptables_rule icmp-v6 --v6 --rule "-A INPUT -p icmpv6 -j ACCEPT"
# doing something for the dual stack
__iptables_rule fwd-eth0-eth1 --v4 --v6 --rule "-A INPUT -i eth0 -o eth1 -j ACCEPT"
__iptables_rule fwd-eth1-eth0 --all --rule "-A -o eth1 -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT"
SEE ALSO SEE ALSO
-------- --------
:strong:`cdist-type__iptables_apply`\ (7), :strong:`iptables`\ (8) :strong:`cdist-type__iptables_apply`\ (7), :strong:`iptables`\ (8)
@ -56,11 +88,13 @@ SEE ALSO
AUTHORS AUTHORS
------- -------
Nico Schottelius <nico-cdist--@--schottelius.org> Nico Schottelius <nico-cdist--@--schottelius.org>
Matthias Stecher <matthiasstecher--@--gmx.de>
COPYING COPYING
------- -------
Copyright \(C) 2013 Nico Schottelius. You can redistribute it Copyright \(C) 2013 Nico Schottelius.
and/or modify it under the terms of the GNU General Public License as Copyright \(C) 2020 Matthias Stecher.
published by the Free Software Foundation, either version 3 of the You can redistribute it and/or modify it under the terms of the GNU
License, or (at your option) any later version. General Public License as published by the Free Software Foundation,
either version 3 of the License, or (at your option) any later version.

View file

@ -1,6 +1,7 @@
#!/bin/sh -e #!/bin/sh -e
# #
# 2013 Nico Schottelius (nico-cdist at schottelius.org) # 2013 Nico Schottelius (nico-cdist at schottelius.org)
# 2020 Matthias Stecher (matthiasstecher at gmx.de)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -24,12 +25,36 @@ base_dir=/etc/iptables.d
name="$__object_id" name="$__object_id"
state="$(cat "$__object/parameter/state")" state="$(cat "$__object/parameter/state")"
if [ -f "$__object/parameter/v4" ]; then
only_v4="yes"
# $specific_dir is $base_dir
fi
if [ -f "$__object/parameter/v6" ]; then
only_v6="yes"
specific_dir="$base_dir/v6"
fi
# If rules should be set for both protocols
if { [ "$only_v4" = "yes" ] && [ "$only_v6" = "yes" ]; } ||
[ -f "$__object/parameter/all" ]; then
# all to a specific directory
specific_dir="$base_dir/all"
fi
# set rule directory based on if it's the base or subdirectory
rule_dir="${specific_dir:-$base_dir}"
################################################################################ ################################################################################
# Basic setup # Basic setup
# #
__directory "$base_dir" --state present __directory "$base_dir" --state present
# sub-directory if required
if [ "$specific_dir" ]; then
require="__directory/$base_dir" __directory "$specific_dir" --state present
fi
# Have apply do the real job # Have apply do the real job
require="$__object_name" __iptables_apply require="$__object_name" __iptables_apply
@ -37,6 +62,15 @@ require="$__object_name" __iptables_apply
# The rule # The rule
# #
require="__directory/$base_dir" __file "$base_dir/${name}" \ for dir in "$base_dir" "$base_dir/v6" "$base_dir/all"; do
--source "$__object/parameter/rule" \ # defaults to absent except the directory that should contain the file
--state "$state" if [ "$rule_dir" = "$dir" ]; then
curr_state="$state"
else
curr_state="absent"
fi
require="__directory/$rule_dir" __file "$dir/$name" \
--source "$__object/parameter/rule" \
--state "$curr_state"
done

View file

@ -0,0 +1,3 @@
all
v4
v6

View file

@ -0,0 +1 @@
This type is deprecated. Please use __localedef instead.

View file

@ -0,0 +1,36 @@
#!/bin/sh -e
# __locale/explorer/state
#
# 2020 Matthias Stecher (matthiasstecher at gmx.de)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# Check if the locale is already installed on the system.
# Outputs 'present' or 'absent' depending if the locale exists.
#
# Get user-defined locale
# locale name is echoed differently than the user propably set it (for UTF-8)
locale="$(echo "$__object_id" | sed 's/UTF-8/utf8/')"
# Check if the given locale exists on the system
if localedef --list-archive | grep -qFx "$locale"; then
echo present
else
echo absent
fi

View file

@ -23,6 +23,15 @@
locale="$__object_id" locale="$__object_id"
state_is=$(cat "$__object/explorer/state")
state_should=$(cat "$__object/parameter/state")
# short circuit if there is nothing to do
if [ "$state_is" = "$state_should" ]; then
exit 0
fi
# Hardcoded, create a pull request with # Hardcoded, create a pull request with
# branching on $os in case it is at another location # branching on $os in case it is at another location
alias=/usr/share/locale/locale.alias alias=/usr/share/locale/locale.alias
@ -35,8 +44,6 @@ charmap=$(echo "$locale" | cut -d . -f 2)
# W-T-F! # W-T-F!
locale_remove=$(echo "$locale" | sed 's/UTF-8/utf8/') locale_remove=$(echo "$locale" | sed 's/UTF-8/utf8/')
state=$(cat "$__object/parameter/state")
os=$(cat "$__global/explorer/os") os=$(cat "$__global/explorer/os")
# Nothing to be done on alpine # Nothing to be done on alpine
@ -46,7 +53,7 @@ case "$os" in
;; ;;
esac esac
case "$state" in case "$state_should" in
present) present)
echo localedef -A "$alias" -f "$charmap" -i "$input" "$locale" echo localedef -A "$alias" -f "$charmap" -i "$input" "$locale"
;; ;;
@ -54,7 +61,7 @@ case "$state" in
echo localedef --delete-from-archive "$locale_remove" echo localedef --delete-from-archive "$locale_remove"
;; ;;
*) *)
echo "Unsupported state: $state" >&2 echo "Unsupported state: $state_should" >&2
exit 1 exit 1
;; ;;
esac esac

View file

@ -0,0 +1,100 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# This explorer determines if the locale is defined on the target system.
# Will print nothing on error.
#
# Possible output:
# present:
# the main locale (and possibly aliases) is present
# absent:
# neither the main locale nor any aliases are present
# alias-present:
# the main locale is absent, but at least one of its aliases is present
#
# Hardcoded, create a pull request in case it is at another location for
# some other distro. (cf. gencode-remote)
aliasfile='/usr/share/locale/locale.alias'
command -v locale >/dev/null 2>&1 || exit 0
locales=$(locale -a)
parse_locale() {
# This function will split locales into their parts. Locale strings are
# usually of the form: [language[_territory][.codeset][@modifier]]
# For simplicity, language and territory are not separated by this function.
# Old Linux systems were also using "english" or "german" as locale strings.
# Usage: parse_locale locale_str lang_var codeset_var modifier_var
eval "${2:?}"="$(expr "$1" : '\([^.@]*\)')"
eval "${3:?}"="$(expr "$1" : '[^.]*\.\([^@]*\)')"
eval "${4:?}"="$(expr "$1" : '.*@\(.*\)$')"
}
format_locale() {
# Usage: format_locale language codeset modifier
printf '%s' "$1"
test -z "$2" || printf '.%s' "$2"
test -z "$3" || printf '@%s' "$3"
printf '\n'
}
gnu_normalize_codeset() {
# reimplementation of glibc/locale/programs/localedef.c normalize_codeset()
echo "$*" | tr '[:upper:]' '[:lower:]' | tr -cd '[:alnum:]'
}
locale_available() (
echo "${locales}" | grep -qxF "$1" || {
# glibc uses "normalized" locale names in archives.
# If a locale is stored in an archive, the normalized name will be
# printed by locale, so that needs to be checked, too.
localename=$(
parse_locale "$1" _lang _codeset _modifier \
&& format_locale "${_lang:?}" "$(gnu_normalize_codeset "${_codeset?}")" \
"${_modifier?}")
echo "${locales}" | grep -qxF "${localename}"
}
)
if locale_available "${__object_id:?}"
then
echo present
else
# NOTE: locale.alias can be symlinked.
if test -e "${aliasfile}"
then
# Check if one of the aliases of the locale is defined
baselocale=$(
parse_locale "${__object_id:?}" _lang _codeset _modifiers \
&& format_locale "${_lang}" "${_codeset}")
while read -r _alias _localename
do
if test "${_localename}" = "${baselocale}" \
&& echo "${locales}" | grep -qxF "${_alias}"
then
echo alias-present
exit 0
fi
done <"${aliasfile}"
fi
echo absent
fi

View file

@ -0,0 +1,5 @@
# -*- mode: sh; indent-tabs-mode: t -*-
gnu_normalize_codeset() {
echo "$*" | tr -cd '[:alnum:]' | tr '[:upper:]' '[:lower:]'
}

View file

@ -0,0 +1,20 @@
# -*- mode: sh; indent-tabs-mode:t -*-
parse_locale() {
# This function will split locales into their parts. Locale strings are
# usually of the form: [language[_territory][.codeset][@modifier]]
# For simplicity, language and territory are not separated by this function.
# Old Linux systems were also using "english" or "german" as locale strings.
# Usage: parse_locale locale_str lang_var codeset_var modifier_var
eval "${2:?}"="$(expr "$1" : '\([^.@]*\)')"
eval "${3:?}"="$(expr "$1" : '[^.]*\.\([^@]*\)')"
eval "${4:?}"="$(expr "$1" : '.*@\(.*\)$')"
}
format_locale() {
# Usage: format_locale language codeset modifier
printf '%s' "$1"
test -z "$2" || printf '.%s' "$2"
test -z "$3" || printf '@%s' "$3"
printf '\n'
}

View file

@ -0,0 +1,136 @@
#!/bin/sh -e
#
# 2013-2019 Nico Schottelius (nico-cdist at schottelius.org)
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# Manage system locales using localedef(1).
#
# shellcheck source=cdist/conf/type/__localedef/files/lib/locale.sh
. "${__type:?}/files/lib/locale.sh"
# shellcheck source=cdist/conf/type/__localedef/files/lib/glibc.sh
. "${__type:?}/files/lib/glibc.sh"
state_is=$(cat "${__object:?}/explorer/state")
state_should=$(cat "${__object:?}/parameter/state")
test "${state_should}" = 'present' -o "${state_should}" = 'absent' || {
printf 'Invalid state: %s\n' "${state_should}" >&2
exit 1
}
# NOTE: If state explorer fails (e.g. locale(1) missing), the following check
# will always fail and let definition/removal run.
if test "${state_is}" = "${state_should}"
then
exit 0
fi
locale=${__object_id:?}
os=$(cat "${__global:?}/explorer/os")
if expr "${locale}" : '.*/' >/dev/null
then
printf 'Paths as locales are not supported.\n' >&2
printf '__object_id is: %s\n' "${locale}" >&2
exit 1
fi
: "${lang=}" "${codeset=}" "${modifier=}" # declare variables for shellcheck
parse_locale "${locale}" lang codeset modifier
case ${os}
in
(alpine|openwrt)
printf '%s does not support locales.\n' "${os}" >&2
exit 1
;;
(archlinux|debian|devuan|ubuntu|suse|centos|fedora|redhat|scientific)
# FIXME: The code below only works for glibc-based installations.
# NOTE: Hardcoded, create a pull request in case it is at another
# location for some opther distro.
# NOTE: locale.alias can be symlinked (e.g. Debian)
aliasfile='/usr/share/locale/locale.alias'
case ${state_should}
in
(present)
input=$(format_locale "${lang}" '' "${modifier}")
cat <<-EOF
set --
if test -e '${aliasfile}'
then
set -- -A '${aliasfile}'
fi
localedef -i '${input}' -f '${codeset}' "\$@" '${locale}'
EOF
;;
(absent)
main_localename=$(format_locale "${lang}" "$(gnu_normalize_codeset "${codeset}")" "${modifier}")
cat <<-EOF
while read -r _alias _localename
do
if test "\${_localename}" = '$(format_locale "${lang}" "${codeset}")'
then
localedef --delete-from-archive "\${_alias}"
fi
done <'${aliasfile}'
EOF
if test "${state_is}" = present
then
printf "localedef --delete-from-archive '%s'\n" "${main_localename}"
fi
;;
esac
;;
(freebsd)
case ${state_should}
in
(present)
if expr "$(grep -oe '^[0-9]*' "${__global:?}/explorer/os_version")" '>=' 11 >/dev/null
then
# localedef(1) is available with FreeBSD >= 11
printf "localedef -i '%s' -f '%s' '%s'\n" "${input}" "${codeset}" "${locale}"
else
printf 'localedef(1) was added to FreeBSD starting with version 11.\n' >&2
printf 'Please upgrade your FreeBSD installation to use %s.\n' "${__type##*/}" >&2
exit 1
fi
;;
(absent)
printf "rm -R '/usr/share/locale/%s'\n" "${locale}"
;;
esac
;;
(netbsd|openbsd)
# NetBSD/OpenBSD are missing localedef(1).
# We also do not delete defined locales because they can't be recreated.
echo "${os} is lacking localedef(1). Locale management unavailable." >&2
exit 1
;;
(*)
echo "Your operating system (${os}) is currently not supported by this type (${__type##*/})." >&2
echo "Please contribute an implementation for it if you can." >&2
exit 1
;;
esac

View file

@ -0,0 +1,60 @@
cdist-type__localedef(7)
========================
NAME
----
cdist-type__localedef - Define and remove system locales
DESCRIPTION
-----------
This cdist type allows you to define locales on the system using
:strong:`localedef`\ (1) or remove them.
On systems that don't support definition of new locales, the type will raise an
error.
**NB:** This type respects the glibc ``locale.alias`` file,
i.e. it defines alias locales or deletes aliases of a locale when it is removed.
It is not possible, however, to use alias names to define locales or only remove
certain aliases of a locale.
OPTIONAL PARAMETERS
-------------------
state
``present`` or ``absent``. Defaults to ``present``.
EXAMPLES
--------
.. code-block:: sh
# Add locale de_CH.UTF-8
__localedef de_CH.UTF-8
# Same as above, but more explicit
__localedef de_CH.UTF-8 --state present
# Remove colourful British English
__localedef en_GB.UTF-8 --state absent
SEE ALSO
--------
:strong:`locale`\ (1),
:strong:`localedef`\ (1),
:strong:`cdist-type__locale_system`\ (7)
AUTHORS
-------
| Dennis Camera <dennis.camera--@--ssrq-sds-fds.ch>
| Nico Schottelius <nico-cdist--@--schottelius.org>
COPYING
-------
Copyright \(C) 2013-2019 Nico Schottelius, 2020 Dennis Camera. Free use of this
software is granted under the terms of the GNU General Public License version 3
or later (GPLv3+).

View file

@ -0,0 +1,30 @@
#!/bin/sh -e
#
# 2013-2019 Nico Schottelius (nico-cdist at schottelius.org)
# 2015 David Hürlimann (david at ungleich.ch)
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# Install required packages.
#
case $(cat "${__global:?}/explorer/os")
in
(debian|devuan)
__package_apt locales --state present
;;
esac

View file

@ -0,0 +1 @@
present

View file

@ -0,0 +1 @@
state

View file

@ -42,6 +42,13 @@ else
target_release="" target_release=""
fi fi
if [ -f "$__object/parameter/install-recommends" ]; then
# required if __apt_norecommends is used
recommendsparam="-o APT::Install-Recommends=1"
else
recommendsparam="-o APT::Install-Recommends=0"
fi
if [ -f "$__object/parameter/purge-if-absent" ]; then if [ -f "$__object/parameter/purge-if-absent" ]; then
purgeparam="--purge" purgeparam="--purge"
else else
@ -62,16 +69,16 @@ case "$state_is" in
;; ;;
esac esac
# Hint if we need to avoid questions at some point:
# DEBIAN_PRIORITY=critical can reduce the number of questions
aptget="DEBIAN_FRONTEND=noninteractive apt-get --quiet --yes -o APT::Install-Recommends=0 -o Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\""
if [ "$state_is" = "$state_should" ]; then if [ "$state_is" = "$state_should" ]; then
if [ -z "$version" ] || [ "$version" = "$version_is" ]; then if [ -z "$version" ] || [ "$version" = "$version_is" ]; then
exit 0; exit 0;
fi fi
fi fi
# Hint if we need to avoid questions at some point:
# DEBIAN_PRIORITY=critical can reduce the number of questions
aptget="DEBIAN_FRONTEND=noninteractive apt-get --quiet --yes -o Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\""
case "$state_should" in case "$state_should" in
present) present)
# following is bit ugly, but important hack. # following is bit ugly, but important hack.
@ -85,7 +92,7 @@ EOF
if [ -n "$version" ]; then if [ -n "$version" ]; then
name="${name}=${version}" name="${name}=${version}"
fi fi
echo "$aptget install $target_release '$name'" echo "$aptget $recommendsparam install $target_release '$name'"
echo "installed" >> "$__messages_out" echo "installed" >> "$__messages_out"
;; ;;
absent) absent)

View file

@ -9,7 +9,9 @@ cdist-type__package_apt - Manage packages with apt-get
DESCRIPTION DESCRIPTION
----------- -----------
apt-get is usually used on Debian and variants (like Ubuntu) to apt-get is usually used on Debian and variants (like Ubuntu) to
manage packages. manage packages. The package will be installed without recommended
or suggested packages. If such packages are required, install them
separatly or use the parameter ``--install-recommends``.
This type will also update package index, if it is older This type will also update package index, if it is older
than one day, to avoid missing package error messages. than one day, to avoid missing package error messages.
@ -23,7 +25,7 @@ None
OPTIONAL PARAMETERS OPTIONAL PARAMETERS
------------------- -------------------
name name
If supplied, use the name and not the object id as the package name. If supplied, use the name and not the object id as the package name.
state state
Either "present" or "absent", defaults to "present" Either "present" or "absent", defaults to "present"
@ -39,6 +41,15 @@ version
BOOLEAN PARAMETERS BOOLEAN PARAMETERS
------------------ ------------------
install-recommends
If the package will be installed, it also installs recommended packages
with it. It will not install recommended packages if the original package
is already installed.
In most cases, it is recommended to install recommended packages separatly
to control which additional packages will be installed to avoid useless
installed packages.
purge-if-absent purge-if-absent
If this parameter is given when state is `absent`, the package is If this parameter is given when state is `absent`, the package is
purged from the system (using `--purge`). purged from the system (using `--purge`).

View file

@ -1 +1,2 @@
install-recommends
purge-if-absent purge-if-absent

View file

@ -75,7 +75,7 @@ execcmd(){
esac esac
if [ -z "${pkg_bootstrapped}" ]; then if [ -z "${pkg_bootstrapped}" ]; then
echo "pkg bootstrap -y >/dev/null 2>&1" echo "ASSUME_ALWAYS_YES=yes pkg bootstrap >/dev/null 2>&1"
fi fi
echo "$_cmd >/dev/null 2>&1" # Silence the output of the command echo "$_cmd >/dev/null 2>&1" # Silence the output of the command

View file

@ -0,0 +1,121 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# Determines the current state of the config option.
# Possible output:
# - present: "should" option present in config file
# - default: the "should" option is the default -> dont know if present
# - absent: no such option present in config file
#
joinlines() { sed -n -e H -e "\${x;s/^\\n//;s/\\n/${1:?}/g;p;}"; }
trlower() { tr '[:upper:]' '[:lower:]'; }
tolower() { printf '%s' "$*" | trlower; }
default_value() {
sshd -T -f /dev/null -C "$(make_conn_spec)" \
| sed -n -e 's/^'"$(tolower "${1:?}")"'[[:blank:]]\{1,\}//p'
}
make_conn_spec() {
if test -s "${__object:?}/parameter/match"
then
_match_file="${__object:?}/parameter/match"
else
_match_file='/dev/null'
fi
for _kw in \
addr=Address \
user=User \
host=Host \
laddr=LocalAddress \
lport=LocalPort \
rdomain=RDomain
do
_specname=${_kw%%=*}
_confname=$(tolower "${_kw#*=}")
while read -r _k _v
do
if test "$(tolower "${_k}")" = "${_confname}"
then
printf '%s=%s\n' "${_specname}" "${_v}"
continue 2
fi
done <"${_match_file}"
# NOTE: Print test spec even for empty keys to suppress errors like:
# 'Match User' in configuration but 'user' not in connection test specification.
# except lport:
# Invalid port '' in test mode specification lport=
test "${_specname}" = 'lport' || printf '%s=\n' "${_specname}"
done \
| joinlines ','
unset _match_file
}
sshd_config_file=$(cat "${__object:?}/parameter/file")
state_should=$(cat "${__object:?}/parameter/state")
if test -s "${__object:?}/parameter/option"
then
option_name=$(cat "${__object:?}/parameter/option")
else
option_name=${__object_id:?}
fi
value_should=$(cat "${__object:?}/parameter/value" 2>/dev/null) \
|| test "${state_should}" = absent || exit 0 # param optional if --state absent
command -v sshd >/dev/null 2>&1 || {
echo 'Cannot find sshd.' >&2
exit 1
}
test -e "${sshd_config_file}" || {
echo 'absent'
exit 0
}
value_is=$(
sshd -T -f "${sshd_config_file}" -C "$(make_conn_spec)" \
| sed -n -e 's/^'"$(tolower "${option_name}")"'[[:blank:]]\{1,\}//p')
if printf '%s\n' "${value_is}" | {
if test -n "${value_should}"
then
grep -q -x -F "${value_should}"
else
# if no value provided, assume "any" value
grep -q -e .
fi
}
then
if default_value "${option_name}" | grep -q -x -F "${value_is}"
then
# Might produce false positives for default values.
# TODO: Manual checking should be done, but for simplicity, this case is
# currently ignored here.
echo default
else
echo present
fi
else
echo absent
fi

View file

@ -0,0 +1,293 @@
# -*- mode: awk; indent-tabs-mode: t -*-
function usage() {
print_err("Usage: awk -f update_sshd_config.awk -- -o set|unset [-m 'User git'] -l 'X11Forwarding no' /etc/ssh/sshd_config")
}
function print_err(s) { print s | "cat >&2" }
function alength(a, i) {
for (i = 0; (i + 1) in a; ++i);
return i
}
function join(sep, a, i, s) {
for (i = i ? i : 1; i in a; i++)
s = s sep a[i]
return substr(s, 2)
}
function getopt(opts, argv, target, files, i, c, lv, idx, nf) {
# trivial getopt(3) implementation; only basic functionality
if (argv[1] == "--") i++
for (i += 1; i in argv; i++) {
if (lv) { target[c] = argv[i]; lv = 0; continue }
if (argv[i] ~ /^-/) {
c = substr(argv[i], 2, 1)
idx = index(opts, c)
if (!idx) {
print_err(sprintf("invalid option -%c\n", c))
continue
}
if (substr(opts, idx + 1, 1) == ":") {
# option takes argument
if (length(argv[i]) > 2)
target[c] = substr(argv[i], 3)
else
lv = 1
} else {
target[c] = 1
}
} else
files[++nf] = argv[i]
}
}
# tokenise configuration line
# this function mimics the counterpart in OpenSSH (misc.c)
# but it returns two (next token SUBSEP rest) because I didnt want to have to
# simulate any pointer magic.
function strdelim_internal(s, split_equals, old) {
if (!s)
return ""
old = s
if (!match(s, WHITESPACE "|" QUOTE "" (split_equals ? "|" EQUALS : "")))
return s
s = substr(s, RSTART)
old = substr(old, 1, RSTART - 1)
if (s ~ "^" QUOTE) {
old = substr(old, 2)
# Find matching quote
if (match(s, QUOTE)) {
old = substr(old, 1, RSTART)
# s = substr()
if (match(s, "^" WHITESPACE "*"))
s = substr(s, RLENGTH)
return old
} else {
# no matching quote
return ""
}
}
if (match(s, "^" WHITESPACE "+")) {
sub("^" WHITESPACE "+", "", s)
if (split_equals)
sub(EQUALS WHITESPACE "*", "", s)
} else if (s ~ "^" EQUALS) {
s = substr(s, 2)
}
return old SUBSEP s
}
function strdelim(s) { return strdelim_internal(s, 1) }
function strdelimw(s) { return strdelim_internal(s, 0) }
function singleton_option(opt) {
return tolower(opt) !~ /^(acceptenv|allowgroups|allowusers|authenticationmethods|authorizedkeysfile|denygroups|denyusers|hostcertificate|hostkey|listenaddress|logverbose|permitlisten|permitopen|port|setenv|subsystem)$/
}
function print_update() {
if (mode) {
if (match_only) printf "\t"
printf "%s\n", line_should
updated = 1
}
}
BEGIN {
FS = "\n" # disable field splitting
WHITESPACE = "[ \t]" # servconf.c, misc.c:strdelim_internal (without line breaks, cf. bugs)
QUOTE = "[\"]" # misc.c:strdelim_internal
EQUALS = "[=]"
split("", opts)
split("", files)
getopt("ho:l:m:", ARGV, opts, files)
if (opts["h"]) { usage(); exit (e="0") }
line_should = opts["l"]
match_only = opts["m"]
num_files = alength(files)
if (num_files != 1 || !opts["o"] || !line_should) {
usage()
exit (e=126)
}
if (opts["o"] == "set") {
mode = 1
} else if (opts["o"] == "unset") {
mode = 0
} else {
print_err(sprintf("invalid mode %s\n", mode))
exit (e=1)
}
if (mode) {
# loop over sshd_config twice!
ARGV[2] = ARGV[1] = files[1]
ARGC = 3
} else {
# only loop once
ARGV[1] = files[1]
ARGC = 2
}
split(strdelim(line_should), should, SUBSEP)
option_should = tolower(should[1])
value_should = should[2]
}
{
line = $0
# Strip trailing whitespace. Allow \f (form feed) at EOL only
sub("(" WHITESPACE "|\f)*$", "", line)
# Strip leading whitespace
sub("^" WHITESPACE "*", "", line)
if (match(line, "^#" WHITESPACE "*")) {
prefix = substr(line, RSTART, RLENGTH)
line = substr(line, RSTART + RLENGTH)
} else {
prefix = ""
}
line_type = "invalid"
option_is = value_is = ""
if (line) {
split(strdelim(line), toks, SUBSEP)
if (tolower(toks[1]) == "match") {
MATCH = (prefix ~ /^#/ ? "#" : "") join(" ", toks, 2)
line_type = "match"
} else if (toks[1] ~ /^[A-Za-z][A-Za-z0-9]+$/) {
# This could be an option line
line_type = "option"
option_is = tolower(toks[1])
value_is = toks[2]
}
} else {
line_type = "empty"
}
}
# mode: unset
!mode {
# delete matching config
if (prefix !~ /^#/)
if (MATCH == match_only && option_is == option_should)
if (!value_should || value_should == value_is)
next
print
next
}
# mode: set
mode && NR == FNR {
if (line_type == "option") {
if (MATCH !~ /^#/) {
if (prefix ~ /^#/) {
# comment line
last_occ[MATCH, "#" option_is] = FNR
} else {
# option line
last_occ[MATCH, option_is] = FNR
}
last_occ[MATCH] = FNR
}
} else if (line_type == "invalid" && !prefix) {
# INVALID LINE
print_err(sprintf("%s: syntax error on line %u\n", ARGV[0], FNR))
}
next
}
# before second pass prepare hashes containing location information to be used
# in the second pass.
mode && NR > FNR && FNR == 1 {
# First we drop the locations of commented-out options if a non-commented
# option is available. If a non-commented option is available, we will
# append new config options there to have them all at one place.
for (k in last_occ) {
if (k ~ /^#/) {
# delete entries of commented out match blocks
delete last_occ[k]
continue
}
split(k, parts, SUBSEP)
if (parts[2] ~ /^#/ && ((parts[1], substr(parts[2], 2)) in last_occ))
delete last_occ[k]
}
# Reverse the option => line mapping. The line_map allows for easier lookups
# in the second pass.
# We only keep options, not top-level keywords, because we can only have
# one entry per line and there are conflicts with last lines of "sections".
for (k in last_occ) {
if (!index(k, SUBSEP)) continue
line_map[last_occ[k]] = k
}
}
# Second pass
mode && line_map[FNR] == match_only SUBSEP option_should && !updated {
split(line_map[FNR], parts, SUBSEP)
# If option allows multiple values, print current value
if (!singleton_option(parts[2])) {
if (value_should != value_is)
print
}
print_update()
next
}
mode { print }
# Is a comment option
mode && line_map[FNR] == match_only SUBSEP "#" option_should && !updated {
print_update()
}
# Last line of the should match section
mode && last_occ[match_only] == FNR && !updated {
# NOTE: Inserting empty lines is only cosmetic. It is only done if
# different options are next to each other and not in a match block
# (match blocks are usually not in the default config and thus dont
# contain commented blocks.)
if (line && option_is != option_should && !MATCH)
print ""
print_update()
}
END {
if (e) exit e
if (mode && !updated) {
if (match_only && MATCH != match_only) {
printf "\nMatch %s\n", match_only
}
print_update()
}
}

View file

@ -0,0 +1,97 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
joinlines() { sed -n -e H -e "\${x;s/^\\n//;s/\\n/${1:?}/g;p;}"; }
state_is=$(cat "${__object:?}/explorer/state")
state_should=$(cat "${__object:?}/parameter/state")
if test "${state_is}" = "${state_should}" -o "${state_is}" = 'default'
then
# nothing to do (if the value is the default, ignore its state)
exit 0
fi
case ${state_should}
in
(present)
mode='set'
;;
(absent)
mode='unset'
;;
(*)
printf 'Invalid --state: %s\n' "${state_should}" >&2
exit 1
;;
esac
sshd_config_file=$(cat "${__object:?}/parameter/file")
quote() { printf "'%s'" "$(printf '%s' "$*" | sed -e "s/'/'\\\\''/g")"; }
drop_awk_comments() { quote "$(sed '/^[[:blank:]]*#.*$/d;/^$/d' "$@")"; }
# Ensure the sshd_config file is there
cat <<EOF
test -e $(quote "${sshd_config_file}") || {
: >$(quote "${sshd_config_file}")
chown 0:0 $(quote "${sshd_config_file}")
chmod 0644 $(quote "${sshd_config_file}")
}
EOF
match_only=
if test -s "${__object:?}/parameter/match"
then
match_only=$(joinlines ' ' <"${__object:?}/parameter/match")
fi
if test -s "${__object:?}/parameter/option"
then
option_line=$(cat "${__object:?}/parameter/option")
else
option_line=${__object_id:?}
fi
if test -s "${__object:?}/parameter/value"
then
option_line="${option_line} $(cat "${__object:?}/parameter/value")"
fi
# Send message on config update
printf '%s%s %s\n' "${mode}" "${match_only:+ [${match_only}]}" \
"${option_line}" >>"${__messages_out:?}"
# Update sshd_config (remote code)
cat <<EOF
awk $(drop_awk_comments "${__type:?}/files/update_sshd_config.awk") \\
-o ${mode} \\
-m $(quote "${match_only}") \\
-l $(quote "${option_line}") \\
$(quote "${sshd_config_file}") >$(quote "${sshd_config_file}.tmp") \\
|| exit
cmp -s $(quote "${sshd_config_file}") $(quote "${sshd_config_file}.tmp") || {
sshd -t -f $(quote "${sshd_config_file}.tmp") \\
&& cat $(quote "${sshd_config_file}.tmp") >$(quote "${sshd_config_file}")
}
rm -f $(quote "${sshd_config_file}.tmp")
EOF

View file

@ -0,0 +1,94 @@
cdist-type__sshd_config(7)
==========================
NAME
----
cdist-type__sshd_config - Manage options in sshd_config
DESCRIPTION
-----------
This space intentionally left blank.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
file
The path to the sshd_config file to edit.
Defaults to ``/etc/ssh/sshd_config``.
match
Restrict this option to apply only for certain connections.
Allowed values are what would be allowed to be written after a ``Match``
keyword in ``sshd_config``, e.g. ``--match 'User anoncvs'``.
Can be used multiple times. All of the values are ANDed together.
option
The name of the option to manipulate. Defaults to ``__object_id``.
state
Can be:
- ``present``: ensure a matching config line is present (or the default
value).
- ``absent``: ensure no matching config line is present.
value
The option's value to be assigned to the option (if ``--state present``) or
removed (if ``--state absent``).
This option is required if ``--state present``. If not specified and
``--state absent``, all values for the given option are removed.
BOOLEAN PARAMETERS
------------------
None.
EXAMPLES
--------
.. code-block:: sh
# Disallow root logins with password
__sshd_config PermitRootLogin --value without-password
# Disallow password-based authentication
__sshd_config PasswordAuthentication --value no
# Accept the EDITOR environment variable
__sshd_config AcceptEnv:EDITOR --option AcceptEnv --value EDITOR
# Force command for connections as git user
__sshd_config git@ForceCommand --match 'User git' --option ForceCommand \
--value 'cd ~git && exec git-shell ${SSH_ORIGINAL_COMMAND:+-c "${SSH_ORIGINAL_COMMAND}"}'
SEE ALSO
--------
:strong:`sshd_config`\ (5)
BUGS
----
- This type assumes a nicely formatted config file,
i.e. no config options spanning multiple lines.
- ``Include`` directives are ignored.
- Config options are not added/removed to/from the config file if their value is
the default value.
AUTHORS
-------
Dennis Camera <dennis.camera--@--ssrq-sds-fds.ch>
COPYING
-------
Copyright \(C) 2020 Dennis Camera. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,48 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
os=$(cat "${__global:?}/explorer/os")
state_should=$(cat "${__object:?}/parameter/state")
case ${os}
in
(alpine|centos|fedora|redhat|scientific|debian|devuan|ubuntu)
if test "${state_should}" != 'absent'
then
__package openssh-server --state present
fi
;;
(archlinux|gentoo|slackware|suse)
if test "${state_should}" != 'absent'
then
__package openssh --state present
fi
;;
(freebsd|netbsd|openbsd)
# whitelist
;;
(*)
printf 'Your operating system (%s) is currently not supported by this type (%s)\n' \
"${os}" "${__type##*/}" >&2
printf 'Please contribute an implementation for it if you can.\n' >&2
exit 1
;;
esac

View file

@ -0,0 +1 @@
/etc/ssh/sshd_config

View file

@ -0,0 +1 @@
present

View file

@ -0,0 +1,4 @@
file
option
state
value

View file

@ -0,0 +1 @@
match

View file

@ -0,0 +1,110 @@
#!/bin/sh
#
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# This explorer retrieves the current state of the configuration option
# The output of this explorer is one of these values:
# present
# The configuration option is present and has the value of the
# parameter --value.
# absent
# The configuration option is not defined.
# different
# The configuration option is present but has a different value than the
# parameter --value.
# rearranged
# The configuration option is present (a list) and has the same values as
# the parameter --value, but in a different order.
RS=$(printf '\036')
option=${__object_id:?}
values_is=$(uci -s -N -d "${RS}" get "${option}" 2>/dev/null) || {
echo absent
exit 0
}
if test -f "${__object:?}/parameter/value"
then
should_file="${__object:?}/parameter/value"
else
should_file='/dev/null'
fi
# strip off trailing newline
printf '%s' "${values_is}" \
| awk '
function unquote(s) {
# simplified dequoting of single quoted strings
if (s ~ /^'\''.*'\''$/) {
s = substr(s, 2, length(s) - 2)
sub(/'"'\\\\''"'/, "'\''", s)
}
return s
}
BEGIN {
state = "present" # assume all is fine
}
NR == FNR {
# memoize "should" state
should[FNR] = $0
should_count++
# go to next line (important!)
next
}
# compare "is" state
{ $0 = unquote($0) }
$0 == should[FNR] { next }
FNR > should_count {
# there are more "is" records than "should" -> definitely different
state = "different"
exit
}
{
# see if we can find the value somewhere in should
for (i in should) {
if ($0 == should[i]) {
# ... value found -> rearranged
# FIXME: Duplicate values are not properly handled here. Do they matter?
state = "rearranged"
next
}
}
state = "different"
exit
}
END {
if (FNR < should_count) {
# "is" was shorter than "should" -> different
state = "different"
}
print state
}
' "${should_file}" RS="${RS}" -

View file

@ -0,0 +1,73 @@
# -*- mode: sh; indent-tabs-mode: t -*-
in_list() {
printf '%s\n' "$@" | { grep -qxF "$(read -r ndl; echo "${ndl}")"; }
}
quote() {
for _arg
do
shift
if test -n "$(printf %s "${_arg}" | tr -d -c '\t\n \042-\047\050-\052\073-\077\133\\`|~' | tr -c '' '.')"
then
# needs quoting
set -- "$@" "$(printf "'%s'" "$(printf %s "${_arg}" | sed -e "s/'/'\\\\''/g")")"
else
set -- "$@" "${_arg}"
fi
done
unset _arg
# NOTE: Use printf because POSIX echo interprets escape sequences
printf '%s' "$*"
}
uci_cmd() {
# Usage: uci_cmd [UCI ARGUMENTS]...
mkdir -p "${__object:?}/files"
printf '%s\n' "$(quote "$@")" >>"${__object:?}/files/uci_batch.txt"
}
uci_validate_name() {
# like util.c uci_validate_name()
test -n "$*" && test -z "$(echo "$*" | tr -d '[:alnum:]_')"
}
uci_validate_tuple() (
tok=${1:?}
case $tok
in
(*.*.*)
# check option
option=${tok##*.}
uci_validate_name "${option}" || {
printf 'Invalid option: %s\n' "${option}" >&2
return 1
}
tok=${tok%.*}
;;
(*.*)
# no option (section definition)
;;
(*)
printf 'Invalid tuple: %s\n' "$1" >&2
return 1
;;
esac
case ${tok#*.}
in
(@*) section=$(expr "${tok#*.}" : '@\(.*\)\[-*[0-9]*\]$') ;;
(*) section=${tok#*.} ;;
esac
uci_validate_name "${section}" || {
printf 'Invalid section: %s\n' "${1#*.}" >&2
return 1
}
config=${tok%%.*}
uci_validate_name "${config}" || {
printf 'Invalid config: %s\n' "${config}" >&2
return 1
}
)

View file

@ -0,0 +1,43 @@
changes=$(uci changes)
if test -n "${changes}"
then
echo 'Uncommited UCI changes were found on the target:'
printf '%s\n\n' "${changes}"
echo 'This can be caused by manual changes or due to a previous failed run.'
echo 'Please investigate the situation, revert or commit the changes, and try again.'
exit 1
fi >&2
check_errors() {
# reads stdin and forwards non-empty lines to stderr.
# returns 0 if stdin is empty, else 1.
! grep -e . >&2
}
commit() {
uci commit
}
rollback() {
printf '\nAn error occurred when trying to commit UCI transaction!\n' >&2
uci changes \
| sed -e 's/^-//' -e 's/\..*\$//' \
| sort -u \
| while read -r _package
do
uci revert "${_package}"
echo "${_package}" # for logging
done \
| awk '
BEGIN { printf "Reverted changes in: " }
{ printf "%s%s", (FNR > 1 ? ", " : ""), $0 }
END { printf "\n" }' >&2
return 1
}
uci_apply() {
uci batch 2>&1 | check_errors && commit || rollback
}

View file

@ -0,0 +1,101 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# shellcheck source=cdist/conf/type/__uci/files/functions.sh
. "${__type:?}/files/functions.sh"
state_is=$(cat "${__object:?}/explorer/state")
state_should=$(cat "${__object:?}/parameter/state")
config=${__object_id:?}
uci_validate_tuple "${config}"
case ${state_should}
in
(present)
if in_list "${state_is}" 'present' 'rearranged'
then
# NOTE: order is ignored so rearranged is also fine.
exit 0
fi
# Determine type
type=$(cat "${__object:?}/parameter/type" 2>/dev/null || true)
case ${type}
in
(option|list) ;;
('')
# Guess type by the number of values
test "$(wc -l "${__object:?}/parameter/value")" -gt 1 \
&& type=list \
|| type=option
;;
(*)
printf 'Invalid --type: %s\n' "${type}" >&2
exit 1
;;
esac
case ${type}
in
(list)
printf 'set_list %s\n' "${config}" >>"${__messages_out:?}"
if test "${state_is}" != 'absent'
then
uci_cmd delete "${config}"
fi
while read -r value
do
uci_cmd add_list "${config}"="${value}"
done <"${__object:?}/parameter/value"
;;
(option)
printf 'set %s\n' "${config}" >>"${__messages_out:?}"
value=$(cat "${__object:?}/parameter/value")
uci_cmd set "${config}"="${value}"
;;
esac
;;
(absent)
if in_list "${state_is}" 'absent'
then
exit 0
fi
printf 'delete %s\n' "${config}" >>"${__messages_out:?}"
uci_cmd delete "${config}"
;;
(*)
printf 'Invalid --state: %s\n' "${state_should}" >&2
exit 1
;;
esac
if test -s "${__object:?}/files/uci_batch.txt"
then
cat "${__type:?}/files/uci_apply.sh"
printf "uci_apply <<'EOF'\n"
cat "${__object:?}/files/uci_batch.txt"
printf '\nEOF\n'
fi

View file

@ -0,0 +1,78 @@
cdist-type__uci(7)
==================
NAME
----
cdist-type__uci - Manage configuration values in UCI
DESCRIPTION
-----------
This cdist type can be used to alter configuration options in OpenWrt's
Unified Configuration Interface (UCI) system.
REQUIRED PARAMETERS
-------------------
value
The value to be set. Can be used multiple times.
This parameter is ignored if ``--state`` is ``absent``.
Due to the way cdist handles arguments, values **must not** contain newline
characters.
Values do not need special quoting for UCI. The only requirement is that the
value is passed to the type as a single shell argument.
OPTIONAL PARAMETERS
-------------------
state
``present`` or ``absent``, defaults to ``present``.
type
If the type should generate an option or a list.
One of: ``option`` or ``list``.
Defaults to auto-detect based on the number of ``--value`` parameters.
BOOLEAN PARAMETERS
------------------
None.
EXAMPLES
--------
.. code-block:: sh
# Set the system hostname
__uci system.@system[0].hostname --value 'OpenWrt'
# Set DHCP option 252: tell DHCP clients to not ask for proxy information.
__uci dhcp.lan.dhcp_option --type list --value '252,"\n"'
# Enable NTP and NTPd (each is applied individually)
__uci system.ntp.enabled --value 1
__uci system.ntp.enable_server --value 1
__uci system.ntp.server --type list \
--value '0.openwrt.pool.ntp.org' \
--value '1.openwrt.pool.ntp.org' \
--value '2.openwrt.pool.ntp.org' \
--value '3.openwrt.pool.ntp.org'
SEE ALSO
--------
- https://openwrt.org/docs/guide-user/base-system/uci
AUTHORS
-------
Dennis Camera <dennis.camera@ssrq-sds-fds.ch>
COPYING
-------
Copyright \(C) 2020 Dennis Camera. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

51
cdist/conf/type/__uci/manifest Executable file
View file

@ -0,0 +1,51 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
os=$(cat "${__global:?}/explorer/os")
state_should=$(cat "${__object:?}/parameter/state")
case ${os}
in
(openwrt)
# okay
;;
(*)
printf "Your operating system (%s) is currently not supported by this type (%s)\n" "${os}" "${__type##*/}" >&2
printf "Please contribute an implementation for it if you can.\n" >&2
exit 1
;;
esac
case ${state_should}
in
(present)
test -s "${__object:?}/parameter/value" || {
echo 'The parameter --value is required.' >&2
exit 1
}
;;
(absent)
;;
(*)
printf 'Invalid --state: %s\n' "${state_should}" >&2
exit 1
;;
esac

View file

View file

@ -0,0 +1 @@
present

View file

@ -0,0 +1,2 @@
state
type

View file

@ -0,0 +1 @@
value

View file

@ -0,0 +1,103 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# This explorer determines the "prefix" of the --type section matching --match
# if set, or __object_id otherwise.
RS=$(printf '\036')
NL=$(printf '\n '); NL=${NL% }
squote_values() {
sed -e '/=".*"$/{s/="/='\''/;s/"$/'\''/}' \
-e "/='.*'$/"'!{s/=/='\''/;s/$/'\''/}'
}
count_lines() (
IFS=${NL?}
# shellcheck disable=SC2048,SC2086
set -f -- $*; echo $#
)
echo "${__object_id:?}" | grep -q -e '^[^.]\{1,\}\.[^.]\{1,\}$' || {
echo 'Section identifiers are a package and section name separated by a "." (period).' >&2
exit 1
}
test -s "${__object:?}/parameter/match" || {
# If no --match is given, we take the __object_id as the section identifier.
echo "${__object_id:?}"
exit 0
}
test -s "${__object:?}/parameter/type" || {
echo 'Parameters --match and --type must be used together.' >&2
exit 1
}
sect_type_param=$(cat "${__object:?}/parameter/type")
expr "${sect_type_param}" : '[^.]\{1,\}\.[^.]\{1,\}$' >/dev/null 2>&1 || {
echo 'Section types are a package name and section type separated by a "." (period).' >&2
exit 1
}
package_filter=${sect_type_param%%.*}
section_filter=${sect_type_param#*.}
# Find by --match
# NOTE: Apart from section types all values are printed in single quotes by uci show.
match=$(head -n 1 "${__object:?}/parameter/match" | squote_values)
if uci -s -N get "${__object_id:?}" >/dev/null 2>&1
then
# Named section exists: ensure if --match applies to it
# if the "matched" option does not exist (e.g. empty section) we use the
# section unconditionally.
if match_value_is=$(uci -s -N get "${__object_id:?}.${match%%=*}" 2>/dev/null)
then
match_value_should=$(expr "${match}" : ".*='\\(.*\\)'$")
test "${match_value_is}" = "${match_value_should}" || {
printf 'Named section "%s" does not match --match "%s"\n' \
"${__object_id:?}" "${match}" >&2
exit 1
}
fi
echo "${__object_id:?}"
exit 0
fi
# No correctly named section exists already: find one to which --match applies
regex="^${package_filter}\\.@${section_filter}\\[[0-9]\\{1,\\}\\]\\.${match%%=*}="
matched_sections=$(
uci -s -N -d "${RS}" show "${package_filter}" 2>/dev/null \
| grep -e "${regex}" \
| while read -r _line
do
if test "${_line#*=}" = "${match#*=}"
then
echo "${_line}"
fi
done \
| sed -e 's/\.[^.]*=.*$//')
test "$(count_lines "${matched_sections}")" -le 1 || {
printf 'Found multiple matching sections:\n%s\n' "${matched_sections}" >&2
exit 1
}
echo "${matched_sections}"

View file

@ -0,0 +1,48 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# This explorer retrieves the current options of the configuration section.
RS=$(printf '\036')
section=$("${__type_explorer:?}/match")
test -n "${section}" || exit 0
uci -s -N -d "${RS}" show "${section}" 2>/dev/null \
| awk -v VSEP="${RS}" '
{
# Strip off the config and section parts
is_opt = sub(/^([^.]*\.){2}/, "")
if (!is_opt) {
# this line represents the section -> skip
next
}
if (index($0, VSEP)) {
# Put values each on a line, like --option and --list parameters
opt = substr($0, 1, index($0, "=") - 1)
split(substr($0, length(opt) + 2), values, VSEP)
for (i in values) {
printf "%s=%s\n", opt, values[i]
}
} else {
print
}
}'

View file

@ -0,0 +1,25 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# This explorer retrieves the current section type.
section=$("${__type_explorer:?}/match")
test -n "${section}" || exit 0
uci -s -N get "${section}" 2>/dev/null || true

View file

@ -0,0 +1,59 @@
# -*- mode: sh; indent-tabs-mode: t -*-
NL=$(printf '\n '); NL=${NL% }
grep_line() {
{ shift; printf '%s\n' "$@"; } | grep -qxF "$1"
}
print_errors() {
awk -v prefix="${1:-Found errors:}" -v suffix="${2-}" '
BEGIN {
if (getline) {
print prefix
print
rc = 1
}
}
{ print }
END {
if (rc && suffix) print suffix
exit rc
}' >&2
}
quote() {
for _arg
do
shift
if test -n "$(printf %s "${_arg}" | tr -d -c '\t\n \042-\047\050-\052\073-\077\133\\`|~' | tr -c '' '.')"
then
# needs quoting
set -- "$@" "$(printf "'%s'" "$(printf %s "${_arg}" | sed -e "s/'/'\\\\''/g")")"
else
set -- "$@" "${_arg}"
fi
done
unset _arg
printf '%s' "$*"
}
uci_cmd() {
# Usage: uci_cmd [UCI ARGUMENTS]...
mkdir -p "${__object:?}/files"
printf '%s\n' "$(quote "$@")" >>"${__object:?}/files/uci_batch.txt"
}
uci_validate_name() {
# like util.c uci_validate_name()
test -n "$*" && test -z "$(printf %s "$*" | tr -d '[:alnum:]_' | tr -c '' .)"
}
unquote_lines() {
sed -e '/^".*"$/{s/^"//;s/"$//}' \
-e '/'"^'.*'"'$/{s/'"^'"'//;s/'"'$"'//}'
}
validate_options() {
grep -shv -e '^[[:alnum:]_]\{1,\}=' "$@"
}

View file

@ -0,0 +1,91 @@
# -*- mode: awk; indent-tabs-mode:t -*-
# Usage: awk -f option_state.awk option_type option_name
# e.g. awk -f option_state.awk option title
# awk -f option_state.awk list entry
function unquote(s) {
# simplified dequoting of single quoted strings
if (s ~ /^'.*'$/) {
s = substr(s, 2, length(s) - 2)
sub(/'\\''/, "'", s)
}
return s
}
function valueof(line) {
if (line !~ /^[[:alpha:]_]+=/) return 0
return unquote(substr(line, index(line, "=") + 1))
}
BEGIN {
__object = ENVIRON["__object"]
if (!__object) exit 1
opttype = ARGV[1]
optname = ARGV[2]
if (opttype !~ /^(option|list)/ || !optname) {
print "invalid"
exit (e=1)
}
ARGV[1] = __object "/parameter/" opttype
ARGV[2] = __object "/explorer/options"
state = "present"
}
NR == FNR {
# memoize "should" state
if (index($0, optname "=") == 1) {
should[++should_count] = valueof($0)
}
# go to next line (important!)
next
}
{
# compare "is" state
if (index($0, optname "=") != 1)
next
++is_count
v = valueof($0)
if (v == should[is_count]) {
# looks good, but can't say definitely just from this line
} else if (is_count > should_count) {
# there are more "is" records than "should" -> definitely different
state = "different"
exit
} else {
# see if we can find the "is" value somewhere in "should"
for (i in should) {
if (v == should[i]) {
# value found -> could be rearranged
# FIXME: Duplicate values are not properly handled here. Do they matter?
state = "rearranged"
next
}
}
# "is" value could not be found in "should" -> definitely different
state = "different"
exit
}
}
END {
if (e) exit
if (!is_count) {
# no "is" values -> absent
state = "absent"
} else if (is_count < should_count) {
# "is" was shorter than "should" -> different
state = "different"
}
print state
}

View file

@ -0,0 +1 @@
../../__uci/files/uci_apply.sh

View file

@ -0,0 +1,174 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# shellcheck source=cdist/conf/type/__uci_section/files/functions.sh
. "${__type:?}/files/functions.sh"
section=$(cat "${__object:?}/explorer/match")
state_is=$(test -s "${__object:?}/explorer/type" && echo present || echo absent)
state_should=$(cat "${__object:?}/parameter/state")
case $state_should
in
(present)
test -f "${__object:?}/parameter/type" || {
echo 'Parameter --type is required.' >&2
exit 1
}
type_is=$(cat "${__object:?}/explorer/type")
type_should=$(cat "${__object:?}/parameter/type")
if test -n "${type_is}"
then
sect_type=${type_is}
else
sect_type=${type_should##*.}
fi
if test -z "${section}"
then
# No section exists and --match was used.
# So we generate a new section identifier from $__object_id.
case ${__object_id:?}
in
(*.*) section=${__object_id:?} ;;
(*) section="${type_should%%.*}.${__object_id:?}" ;;
esac
fi
# Collect option names
if test -f "${__object:?}/parameter/list"
then
listnames_should=$(
sed -e 's/=.*$//' "${__object:?}/parameter/list" | sort -u)
fi
if test -f "${__object:?}/parameter/option"
then
optnames_should=$(
sed -e 's/=.*$//' "${__object:?}/parameter/option" | sort -u)
fi
# Make sure the section itself is present
if test "${state_is}" = absent \
|| test "${type_is}" != "${type_should#*.}"
then
printf 'set %s\n' "${section}" >>"${__messages_out:?}"
# shellcheck disable=SC2140
uci_cmd set "${section}"="${sect_type}"
fi
# Delete options/lists not in "should"
sed -e 's/=.*$//' "${__object:?}/explorer/options" \
| while read -r _optname
do
grep_line "${_optname}" "${listnames_should}" "${optnames_should}" || {
printf 'delete %s\n' "${section}.${_optname}" >>"${__messages_out:?}"
uci_cmd delete "${section}.${_optname}"
} </dev/null
done
opt_proc_error() {
printf 'An error occurred during processing of option %s\n' "${1:?}" >&2
exit 1
}
# Set "should" options
echo "${optnames_should}" \
| grep -e . \
| while read -r _optname
do
_opt_state=$(awk -f "${__type:?}/files/option_state.awk" option "${_optname}") \
|| opt_proc_error "${_optname}"
case ${_opt_state}
in
(invalid)
opt_proc_error "${_optname}"
;;
(present)
;;
(*)
printf 'set %s\n' "${section}.${_optname}" >>"${__messages_out:?}"
# shellcheck disable=SC2140
uci_cmd set "${section}.${_optname}"="$(
grep -e "^${_optname}=" "${__object:?}/parameter/option" \
| sed -e 's/^.*=//' \
| unquote_lines \
| head -n 1)"
;;
esac
done
echo "${listnames_should}" \
| grep -e . \
| while read -r _optname
do
_list_state=$(awk -f "${__type:?}/files/option_state.awk" list "${_optname}") \
|| opt_proc_error "${_optname}"
case ${_list_state}
in
(invalid)
opt_proc_error "${_optname}"
;;
(present)
;;
(*)
printf 'set_list %s\n' "${section}.${_optname}" >>"${__messages_out:?}"
if test "${_list_state}" != absent
then
uci_cmd delete "${section}.${_optname}"
fi
grep "^${_optname}=" "${__object:?}/parameter/list" \
| sed -e 's/^.*=//' \
| unquote_lines \
| while read -r _value
do
# shellcheck disable=SC2140
uci_cmd add_list "${section}.${_optname}"="${_value}"
done
;;
esac
done
;;
(absent)
if test "${state_is}" = absent
then
# if explorer found no section there is nothing to delete
exit 0
fi
printf 'delete %s\n' "${section}" >>"${__messages_out:?}"
uci_cmd delete "${section}"
;;
esac
if test -s "${__object:?}/files/uci_batch.txt"
then
cat "${__type:?}/files/uci_apply.sh"
printf "uci_apply <<'EOF'\n"
cat "${__object:?}/files/uci_batch.txt"
printf '\nEOF\n'
fi

View file

@ -0,0 +1,119 @@
cdist-type__uci_section(7)
==========================
NAME
----
cdist-type__uci_section - Manage configuration sections in UCI
DESCRIPTION
-----------
This cdist type can be used to replace whole configuration sections in OpenWrt's
Unified Configuration Interface (UCI) system.
It can be thought of as syntactic sugar for :strong:`cdist-type__uci`\ (7),
as this type will generate the required `__uci` objects to make the section
contain exactly the options specified using ``--option``.
Since many default UCI sections are unnamed, this type allows to find the
matching section by one of its options using the ``--match`` parameter.
**NOTE:** Options already present on the target and not listed in ``--option``
or ``--list`` will be deleted.
REQUIRED PARAMETERS
-------------------
None.
OPTIONAL PARAMETERS
-------------------
list
An option that is part of a list and should be present in the section (as
part of a list). Lists with multiple options can be expressed by using the
same ``<option>`` repeatedly.
The value to this parameter is a ``<option>=<value>`` string.
``<value>`` does not need special quoting for UCI.
The only requirement is that the value is passed to the type as a single
shell argument.
match
Allows to find a section to "replace" through one of its parameters.
The value to this parameter is a ``<option>=<value>`` string.
option
An option that should be present in the section.
This parameter can be used multiple times to specify multiple options.
The value to this parameter is a ``<option>=<value>`` string.
``<value>`` does not need special quoting for UCI.
The only requirement is that the value is passed to the type as a single
shell argument.
state
``present`` or ``absent``, defaults to ``present``.
type
The type of the section in the format: ``<config>.<section-type>``
BOOLEAN PARAMETERS
------------------
None.
EXAMPLES
--------
.. code-block:: sh
# Configure the dropbear daemon
__uci_section dropbear --type dropbear.dropbear \
--match Port=22 --option Port=22 \
--option PasswordAuth=off \
--option RootPasswordAuth=off
# Define a firewall zone comprised of lan and wlan networks
__uci_section firewall.internal --type firewall.zone \
--option name='internal' \
--list network='lan' \
--list network='wlan' \
--option input='ACCEPT' \
--option output='ACCEPT' \
--option forward='ACCEPT'
# Block SSH access from the guest network
__uci_section firewall.block_ssh_from_guest --type firewall.rule \
--option name='Block-SSH-Access-from-Guest' \
--option src='guest' \
--option proto='tcp' \
--option dest_port='22' \
--option target='REJECT'
# Configure a Wi-Fi access point
__uci_section wireless.default_radio0 --type wireless.wifi-iface \
--option device='radio0' \
--option mode='ap' \
--option network='wlan' \
--option ssid='mywifi' \
--option encryption="psk2' \
--option key='hunter2'
SEE ALSO
--------
- https://openwrt.org/docs/guide-user/base-system/uci
- :strong:`cdist-type__uci`\ (7)
AUTHORS
-------
Dennis Camera <dennis.camera@ssrq-sds-fds.ch>
COPYING
-------
Copyright \(C) 2020 Dennis Camera. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1,88 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# shellcheck source=cdist/conf/type/__uci_section/files/functions.sh
. "${__type:?}/files/functions.sh"
## Check section name and error if invalid!
case ${__object_id:?}
in
(*.*)
uci_validate_name "${__object_id%%.*}" || {
printf 'Invalid package name: %s\n' "${__object_id%%.*}" >&2
exit 1
}
uci_validate_name "${__object_id#*.}" || {
printf 'Invalid section name: %s\n' "${__object_id#*.}" >&2
exit 1
}
;;
(*)
uci_validate_name "${__object_id:?}" || {
printf 'Invalid section name: %s\n' "${__object_id:?}" >&2
exit 1
}
;;
esac
state_should=$(cat "${__object:?}/parameter/state")
case $state_should
in
(present)
test -f "${__object:?}/parameter/type" || {
echo 'Parameter --type is required.' >&2
exit 1
}
type_is=$(cat "${__object:?}/explorer/type")
type_should=$(cat "${__object:?}/parameter/type")
if test -n "${type_is}" && test "${type_is}" != "${type_should##*.}"
then
# Check if section type matches (section exists and --type provided)
printf 'Section type "%s" does not match --type "%s".\n' \
"${type_is}" "${type_should}" >&2
exit 1
fi
# Check options for syntax errors
validate_options "${__object:?}/parameter/list" "${__object:?}/parameter/object" \
| print_errors 'Found erroneous options in arguments:'
# Check for duplicate option names
if test -s "${__object:?}/parameter/option"
then
sed -e 's/=.*$//' "${__object:?}/parameter/option" \
| sort \
| uniq -d \
| print_errors \
'Found duplicate --options:' \
"$(printf '\nUse --list for lists, instead.')"
fi
;;
(absent)
:
;;
(*)
printf 'Invalid --state: %s\n' "${state_should}" >&2
exit 1
;;
esac

View file

@ -0,0 +1 @@
present

View file

@ -0,0 +1 @@
default

View file

@ -0,0 +1,4 @@
match
state
transaction
type

View file

@ -0,0 +1,2 @@
list
option

View file

@ -120,17 +120,18 @@ class Emulator:
level = logging.WARNING level = logging.WARNING
else: else:
level = logging.WARNING level = logging.WARNING
self.log = logging.getLogger(self.target_host[0])
try: try:
logging.root.setLevel(level) logging.root.setLevel(level)
self.log.setLevel(level)
except (ValueError, TypeError): except (ValueError, TypeError):
# if invalid __cdist_log_level value # if invalid __cdist_log_level value
logging.root.setLevel(logging.WARNING) logging.root.setLevel(logging.WARNING)
self.log.setLevel(logging.WARNING)
colored_log = self.env.get('__cdist_colored_log', 'false') colored_log = self.env.get('__cdist_colored_log', 'false')
cdist.log.CdistFormatter.USE_COLORS = colored_log == 'true' cdist.log.CdistFormatter.USE_COLORS = colored_log == 'true'
self.log = logging.getLogger(self.target_host[0])
def commandline(self): def commandline(self):
"""Parse command line""" """Parse command line"""

View file

@ -54,13 +54,12 @@ _mydir = os.path.dirname(__file__)
def find_cdist_exec(): def find_cdist_exec():
"""Search cdist executable starting from local lib directory. """Search cdist executable starting from local lib directory.
Detect if ../scripts/cdist (from local lib direcotry) exists and Detect if ../bin/cdist (from local lib directory) exists and
if it is executable. If not then try to find cdist exec path in if it is executable. If not then try to find cdist exec path in
os.get_exec_path() entries. If no cdist path is found rasie os.get_exec_path() entries. If no cdist path is found rasie
cdist.Error. cdist.Error.
""" """
cdist_path = os.path.abspath(os.path.join(_mydir, '..', 'scripts', cdist_path = os.path.abspath(os.path.join(_mydir, '..', 'bin', 'cdist'))
'cdist'))
if os.access(cdist_path, os.X_OK): if os.access(cdist_path, os.X_OK):
return cdist_path return cdist_path
cdist_path = find_cdist_exec_in_path() cdist_path = find_cdist_exec_in_path()

View file

@ -37,7 +37,7 @@ def commandline(args):
if not args.mode: if not args.mode:
# By default scan and trigger, but do not call any action # By default scan and trigger, but do not call any action
args.mode = ['scan', 'trigger' ] args.mode = ['scan', 'trigger', ]
if 'trigger' in args.mode: if 'trigger' in args.mode:
t = scan.Trigger(interfaces=args.interfaces) t = scan.Trigger(interfaces=args.interfaces)

View file

@ -30,9 +30,12 @@
# Scanner logic # Scanner logic
# - save results to configdir: # - save results to configdir:
# basedir = ~/.cdist/scan/<ipv6-address> # basedir = ~/.cdist/scan/<ipv6-address>
# last_seen = ~/.cdist/scan/<ipv6-address>/last_seen -- record unix time or similar # last_seen = ~/.cdist/scan/<ipv6-address>/last_seen -- record unix time
# last_configured = ~/.cdist/scan/<ipv6-address>/last_configured -- record unix time or similar # or similar
# last_installed = ~/.cdist/scan/<ipv6-address>/last_configured -- record unix time or similar # last_configured = ~/.cdist/scan/<ipv6-address>/last_configured -- record
# unix time or similar
# last_installed = ~/.cdist/scan/<ipv6-address>/last_configured -- record
# unix time or similar
# #
# #
# #
@ -60,6 +63,7 @@ import cdist.config
log = logging.getLogger("scan") log = logging.getLogger("scan")
class Trigger(object): class Trigger(object):
""" """
Trigger an ICMPv6EchoReply from all hosts that are alive Trigger an ICMPv6EchoReply from all hosts that are alive
@ -93,6 +97,7 @@ class Trigger(object):
log.debug(f"Sending request on {interface}") log.debug(f"Sending request on {interface}")
send(packet, verbose=self.verbose) send(packet, verbose=self.verbose)
class Scanner(object): class Scanner(object):
""" """
Scan for replies of hosts, maintain the up-to-date database Scan for replies of hosts, maintain the up-to-date database
@ -149,7 +154,6 @@ class Scanner(object):
prn=self.handle_pkg) prn=self.handle_pkg)
if __name__ == '__main__': if __name__ == '__main__':
t = Trigger(interfaces=["wlan0"]) t = Trigger(interfaces=["wlan0"])
t.start() t.start()

View file

@ -26,7 +26,7 @@ import tempfile
cdist_base_path = os.path.abspath( cdist_base_path = os.path.abspath(
os.path.join(os.path.dirname(os.path.realpath(__file__)), "../../")) os.path.join(os.path.dirname(os.path.realpath(__file__)), "../../"))
cdist_exec_path = os.path.join(cdist_base_path, "scripts/cdist") cdist_exec_path = os.path.join(cdist_base_path, "bin/cdist")
global_fixtures_dir = os.path.abspath(os.path.join(os.path.dirname(__file__), global_fixtures_dir = os.path.abspath(os.path.join(os.path.dirname(__file__),
"fixtures")) "fixtures"))

View file

@ -20,7 +20,7 @@
# #
# #
import imp import importlib
import os import os
import sys import sys
import unittest import unittest
@ -37,8 +37,9 @@ for possible_test in os.listdir(base_dir):
suites = [] suites = []
for test_module in test_modules: for test_module in test_modules:
module_parameters = imp.find_module(test_module, [base_dir]) module_spec = importlib.util.find_spec("cdist.test.{}".format(test_module))
module = imp.load_module("cdist.test." + test_module, *module_parameters) module = importlib.util.module_from_spec(module_spec)
module_spec.loader.exec_module(module)
suite = unittest.defaultTestLoader.loadTestsFromModule(module) suite = unittest.defaultTestLoader.loadTestsFromModule(module)
# print("Got suite: " + suite.__str__()) # print("Got suite: " + suite.__str__())

View file

@ -202,7 +202,7 @@ class ConfigRunTestCase(test.CdistTestCase):
host_dir_name=self.hostdir, host_dir_name=self.hostdir,
# exec_path can not derivated from sys.argv in case of unittest # exec_path can not derivated from sys.argv in case of unittest
exec_path=os.path.abspath(os.path.join( exec_path=os.path.abspath(os.path.join(
my_dir, '../../../scripts/cdist')), my_dir, '../../../bin/cdist')),
initial_manifest=os.path.join(fixtures, initial_manifest=os.path.join(fixtures,
'manifest/dryrun_manifest'), 'manifest/dryrun_manifest'),
add_conf_dirs=[fixtures]) add_conf_dirs=[fixtures])
@ -219,7 +219,7 @@ class ConfigRunTestCase(test.CdistTestCase):
base_root_path=self.host_base_path, base_root_path=self.host_base_path,
host_dir_name=self.hostdir, host_dir_name=self.hostdir,
exec_path=os.path.abspath(os.path.join( exec_path=os.path.abspath(os.path.join(
my_dir, '../../../scripts/cdist')), my_dir, '../../../bin/cdist')),
initial_manifest=os.path.join( initial_manifest=os.path.join(
fixtures, 'manifest/init-deps-resolver'), fixtures, 'manifest/init-deps-resolver'),
add_conf_dirs=[fixtures]) add_conf_dirs=[fixtures])

View file

@ -2,6 +2,31 @@ Changelog
--------- ---------
next: next:
* __package_pkgng_freebsd: Fix bootstrapping pkg (Dennis Camera)
* Core: Deal with deprecated imp in unit tests (Evil Ham)
* Type __iptables: Add IPv6 support (Matthias Stecher)
* Type __block: Fix escaping in here-doc (Matthias Stecher)
6.9.3: 2020-12-04
* pip install: Add cdist.scan to packages in setup.py (Dennis Camera)
6.9.2: 2020-11-20
* Documentation: Fix examples in best practice (Dennis Camera)
* Type __locale: Add state explorer (Matthias Stecher)
* Core: Reorganize scripts, version generation (Ander Punnar, Dennis Camera)
* New type: __hwclock (Dennis Camera)
* Type __hostname: Fix guessing SuSE OS version (Dennis Camera)
* New type: __sshd_config (Dennis Camera)
* New type: __localedef (Dennis Camera)
* Type __locale: Deprecate in favor of __localedef (Dennis Camera)
6.9.1: 2020-11-08
* Type __file: Fix state pre-exists (Dennis Camera)
* Type __hostname: Add support for OpenWrt (Dennis Camera)
* New type: __dpkg_architecture (Matthias Stecher)
* Type __package_apt: Add --install-recommends parameter (Matthias Stecher)
6.9.0: 2020-11-07
* Core: Clarify stdin input (Darko Poljak) * Core: Clarify stdin input (Darko Poljak)
* Type __package_pip: Detect pip binary (Ander Punnar) * Type __package_pip: Detect pip binary (Ander Punnar)
* Documentation: Add custom remote copy/exec examples (Darko Poljak) * Documentation: Add custom remote copy/exec examples (Darko Poljak)
@ -12,6 +37,9 @@ next:
* Type __acl: Remove deprecated parameters, fix bugs (Ander Punnar) * Type __acl: Remove deprecated parameters, fix bugs (Ander Punnar)
* Type __update_alternatives: Rewrite, support --install (Ander Punnar) * Type __update_alternatives: Rewrite, support --install (Ander Punnar)
* Type __file: Fix state pre-exists (Dennis Camera) * Type __file: Fix state pre-exists (Dennis Camera)
* Type __apt_norecommends: Use 00InstallRecommends file as debian-installer does (Dennis Camera)
* New types: __uci, __uci_section (Dennis Camera)
* Core: Introduce scanner (noninvasive, beta) (Nico Schottelius)
6.8.0: 2020-09-11 6.8.0: 2020-09-11
* Type __locale_system: Fix for debian and ubuntu (Ander Punnar) * Type __locale_system: Fix for debian and ubuntu (Ander Punnar)

View file

@ -200,15 +200,15 @@ of cdist:
.. code-block:: sh .. code-block:: sh
# Singleton type without parameter # Singleton type without parameter
echo __ungleich_munin_server | cdist --initial-manifest - munin.panter.ch echo __ungleich_munin_server | cdist config --initial-manifest - munin.panter.ch
# Singleton type with parameter # Singleton type with parameter
echo __ungleich_munin_node --allow 1.2.3.4 | \ echo __ungleich_munin_node --allow 1.2.3.4 | \
cdist --initial-manifest - rails-19.panter.ch cdist config --initial-manifest - rails-19.panter.ch
# Normal type # Normal type
echo __file /tmp/stdintest --mode 0644 | \ echo __file /tmp/stdintest --mode 0644 | \
cdist --initial-manifest - cdist-dev-01.ungleich.ch cdist config --initial-manifest - cdist-dev-01.ungleich.ch
Other content in cdist repository Other content in cdist repository

View file

@ -49,7 +49,7 @@ create version.py:
.. code-block:: sh .. code-block:: sh
./bin/build-helper version ./bin/cdist-build-helper version
Then you install it with: Then you install it with:
@ -70,7 +70,7 @@ Or directly with distutils:
python setup.py install python setup.py install
Note that `bin/build-helper` script is intended for cdist maintainers. Note that `bin/cdist-build-helper` script is intended for cdist maintainers.
Available versions in git Available versions in git

View file

@ -1,89 +0,0 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
#
# 2010-2016 Nico Schottelius (nico-cdist at schottelius.org)
# 2016 Darko Poljak (darko.poljak at gmail.com)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
import logging
import sys
import cdist
import cdist.argparse
import cdist.banner
import cdist.config
import cdist.install
import cdist.shell
import cdist.inventory
def commandline():
"""Parse command line"""
# preos subcommand hack
if len(sys.argv) > 1 and sys.argv[1] == 'preos':
return cdist.preos.PreOS.commandline(sys.argv[1:])
parser, cfg = cdist.argparse.parse_and_configure(sys.argv[1:])
args = cfg.get_args()
# Work around python 3.3 bug:
# http://bugs.python.org/issue16308
# http://bugs.python.org/issue9253
# FIXME: catching AttributeError also hides
# real problems.. try a different way
# FIXME: we always print main help, not
# the help of the actual parser being used!
try:
getattr(args, "func")
except AttributeError:
parser['main'].print_help()
sys.exit(0)
args.func(args)
if __name__ == "__main__":
if sys.version < cdist.MIN_SUPPORTED_PYTHON_VERSION:
print('Python >= {} is required on the source host.'.format(
cdist.MIN_SUPPORTED_PYTHON_VERSIO), file=sys.stderr)
sys.exit(1)
exit_code = 0
try:
import re
import os
if re.match("__", os.path.basename(sys.argv[0])):
import cdist.emulator
emulator = cdist.emulator.Emulator(sys.argv)
emulator.run()
else:
commandline()
except KeyboardInterrupt:
exit_code = 2
except cdist.Error as e:
log = logging.getLogger("cdist")
log.error(e)
exit_code = 1
sys.exit(exit_code)

View file

@ -6,7 +6,7 @@ import subprocess
# We have it only if it is a git cloned repo. # We have it only if it is a git cloned repo.
build_helper = os.path.join('bin', 'build-helper') build_helper = os.path.join('bin', 'cdist-build-helper')
# Version file path. # Version file path.
version_file = os.path.join('cdist', 'version.py') version_file = os.path.join('cdist', 'version.py')
# If we have build-helper we could be a git repo. # If we have build-helper we could be a git repo.
@ -54,14 +54,13 @@ os.chdir(cur)
setup( setup(
name="cdist", name="cdist",
packages=["cdist", "cdist.core", "cdist.exec", "cdist.util", ], packages=["cdist", "cdist.core", "cdist.exec", "cdist.scan", "cdist.util"],
package_data={'cdist': package_data}, package_data={'cdist': package_data},
scripts=["scripts/cdist", "scripts/cdist-dump", "scripts/cdist-new-type"], scripts=["bin/cdist", "bin/cdist-dump", "bin/cdist-new-type"],
version=cdist.version.VERSION, version=cdist.version.VERSION,
description="A Usable Configuration Management System", description="A Usable Configuration Management System",
author="Nico Schottelius", author="cdist contributors",
author_email="nico-cdist-pypi@schottelius.org", url="https://cdi.st",
url="https://www.cdi.st/",
classifiers=[ classifiers=[
"Development Status :: 6 - Mature", "Development Status :: 6 - Mature",
"Environment :: Console", "Environment :: Console",