From 64c247026a4fe02db1d31e2bd45839f577c7c1bb Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Mon, 30 Sep 2019 14:20:26 +0200 Subject: [PATCH 001/176] [__locale_system] Support Devuan --- cdist/conf/type/__locale_system/manifest | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cdist/conf/type/__locale_system/manifest b/cdist/conf/type/__locale_system/manifest index 80f7401b..4a1fdeed 100755 --- a/cdist/conf/type/__locale_system/manifest +++ b/cdist/conf/type/__locale_system/manifest @@ -26,7 +26,7 @@ os=$(cat "$__global/explorer/os") case "$os" in - debian|ubuntu) + debian|devuan|ubuntu) locale_conf="/etc/default/locale" ;; archlinux) From 2cf44c66d46435e859fe0528d4b414dafd8b468a Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Wed, 15 Jan 2020 19:00:30 +0100 Subject: [PATCH 002/176] [__directory] Add --state exists and --state pre-exists --- cdist/conf/type/__directory/gencode-remote | 17 ++++++++++++++--- cdist/conf/type/__directory/man.rst | 15 +++++++++++++-- 2 files changed, 27 insertions(+), 5 deletions(-) diff --git a/cdist/conf/type/__directory/gencode-remote b/cdist/conf/type/__directory/gencode-remote index 374db47a..e1ab69d7 100755 --- a/cdist/conf/type/__directory/gencode-remote +++ b/cdist/conf/type/__directory/gencode-remote @@ -3,6 +3,7 @@ # 2011-2013 Nico Schottelius (nico-cdist at schottelius.org) # 2013 Steven Armstrong (steven-cdist armstrong.cc) # 2014 Daniel Heule (hda at sfs.biz) +# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # @@ -21,8 +22,8 @@ # destination="/$__object_id" -state_should="$(cat "$__object/parameter/state")" -type="$(cat "$__object/explorer/type")" +state_should=$(cat "$__object/parameter/state") +type=$(cat "$__object/explorer/type") stat_file="$__object/explorer/stat" # variable to keep track if we have to set directory attributes @@ -72,7 +73,7 @@ set_mode() { } case "$state_should" in - present) + present|exists) if [ "$type" != "directory" ]; then set_attributes=1 if [ "$type" != "none" ]; then @@ -83,6 +84,10 @@ case "$state_should" in fi echo "mkdir $mkdiropt '$destination'" echo "create" >> "$__messages_out" + elif [ "$state_should" = 'exists' ]; then + # The type is directory and --state exists. We are done and do not + # check or set the attributes. + exit 0 fi # Note: Mode - needs to happen last as a chown/chgrp can alter mode by @@ -103,6 +108,12 @@ case "$state_should" in fi done ;; + pre-exists) + if [ "$type" != "directory" ]; then + echo "Directory \"$destination\" does not exist" >&2 + exit 1 + fi + ;; absent) if [ "$type" = "directory" ]; then echo "rm -rf '$destination'" diff --git a/cdist/conf/type/__directory/man.rst b/cdist/conf/type/__directory/man.rst index 74b00afe..7755334c 100644 --- a/cdist/conf/type/__directory/man.rst +++ b/cdist/conf/type/__directory/man.rst @@ -19,7 +19,18 @@ None. OPTIONAL PARAMETERS ------------------- state - 'present' or 'absent', defaults to 'present' + 'present', 'absent', 'exists' or 'pre-exists', defaults to 'present' where: + + present + the directory exists and the given attributes are set. + absent + the directory does not exist. + exists + the directory exists, but its attributes are not altered if it already + existed. + pre-exists + check that the directory exists and is indeed a directory, but do not + create or modify it. group Group to chgrp to. @@ -36,7 +47,7 @@ BOOLEAN PARAMETERS parents Whether to create parents as well (mkdir -p behaviour). Warning: all intermediate directory permissions default - to whatever mkdir -p does. + to whatever mkdir -p does. Usually this means root:root, 0700. From e1ac97b6a5b10d29b7b9bd70c5adea7e9c33b2e9 Mon Sep 17 00:00:00 2001 From: Ander Punnar Date: Sun, 19 Jan 2020 14:02:00 +0200 Subject: [PATCH 003/176] __acl: add --source --- cdist/conf/type/__acl/gencode-remote | 12 +++++++++++- cdist/conf/type/__acl/man.rst | 12 ++++++++++++ cdist/conf/type/__acl/parameter/optional | 1 + 3 files changed, 24 insertions(+), 1 deletion(-) diff --git a/cdist/conf/type/__acl/gencode-remote b/cdist/conf/type/__acl/gencode-remote index f4f0d1e2..70a46af5 100755 --- a/cdist/conf/type/__acl/gencode-remote +++ b/cdist/conf/type/__acl/gencode-remote @@ -28,7 +28,17 @@ acl_path="/$__object_id" acl_is="$( cat "$__object/explorer/acl_is" )" -if [ -f "$__object/parameter/entry" ] +if [ -f "$__object/parameter/source" ] +then + acl_source="$( cat "$__object/parameter/source" )" + + if [ "$acl_source" = '-' ] + then + acl_should="$( cat "$__object/stdin" )" + else + acl_should="$( grep -Ev '^#|^$' "$acl_source" )" + fi +elif [ -f "$__object/parameter/entry" ] then acl_should="$( cat "$__object/parameter/entry" )" elif [ -f "$__object/parameter/acl" ] diff --git a/cdist/conf/type/__acl/man.rst b/cdist/conf/type/__acl/man.rst index c3493e49..e7ef9579 100644 --- a/cdist/conf/type/__acl/man.rst +++ b/cdist/conf/type/__acl/man.rst @@ -19,6 +19,14 @@ entry Set ACL entry following ``getfacl`` output syntax. +OPTIONAL PARAMETERS +------------------- +source + Read ACL entries from stdin or file. + Ordering of entries is not important. + When reading from file, comments and empty lines are ignored. + + BOOLEAN PARAMETERS ------------------ default @@ -71,6 +79,10 @@ EXAMPLES --entry group:secret-project:rwx \ --entry user:alice:r-x + # read acl from stdin + echo 'user:alice:rwx' \ + | __acl /path/to/directory --source - + AUTHORS ------- diff --git a/cdist/conf/type/__acl/parameter/optional b/cdist/conf/type/__acl/parameter/optional index 4b32086b..12edcccb 100644 --- a/cdist/conf/type/__acl/parameter/optional +++ b/cdist/conf/type/__acl/parameter/optional @@ -1,2 +1,3 @@ mask other +source From 5089f9055ecb0b826942c8f947eb26f9ef397aaa Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Sun, 19 Jan 2020 19:41:26 +0100 Subject: [PATCH 004/176] ++changelog --- docs/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/changelog b/docs/changelog index ccaf848f..3f240e5a 100644 --- a/docs/changelog +++ b/docs/changelog @@ -13,6 +13,7 @@ next: - match line at the beginning when not regex - fix incorrect 'wrongposition' in state explorer - produce error when file does not exist + * Type __acl: Add --source parameter (Ander Punnar) 6.4.0: 2020-01-04 * Type __consul_agent: Don't deploy init script on Alpine anymore, it ships with one itself (Nico Schottelius) From 1fbd2fc2bdf76697dd50808cd3927d15f6b8bc5c Mon Sep 17 00:00:00 2001 From: Ander Punnar Date: Sun, 19 Jan 2020 22:51:40 +0200 Subject: [PATCH 005/176] __acl: add --file and --directory for convenience --- cdist/conf/type/__acl/gencode-remote | 8 +++++++- cdist/conf/type/__acl/man.rst | 13 +++++++++++++ cdist/conf/type/__acl/manifest | 11 +++++++++++ cdist/conf/type/__acl/parameter/optional | 2 ++ 4 files changed, 33 insertions(+), 1 deletion(-) create mode 100755 cdist/conf/type/__acl/manifest diff --git a/cdist/conf/type/__acl/gencode-remote b/cdist/conf/type/__acl/gencode-remote index 70a46af5..e5404a9d 100755 --- a/cdist/conf/type/__acl/gencode-remote +++ b/cdist/conf/type/__acl/gencode-remote @@ -20,7 +20,13 @@ file_is="$( cat "$__object/explorer/file_is" )" -[ "$file_is" = 'missing' ] && [ -z "$__cdist_dry_run" ] && exit 0 +if [ "$file_is" = 'missing' ] \ + && [ -z "$__cdist_dry_run" ] \ + && \( [ ! -f "$__object/parameter/file" ] \ + || [ ! -f "$__object/parameter/directory" ] \) +then + exit 0 +fi os="$( cat "$__global/explorer/os" )" diff --git a/cdist/conf/type/__acl/man.rst b/cdist/conf/type/__acl/man.rst index e7ef9579..28412871 100644 --- a/cdist/conf/type/__acl/man.rst +++ b/cdist/conf/type/__acl/man.rst @@ -26,6 +26,12 @@ source Ordering of entries is not important. When reading from file, comments and empty lines are ignored. +file + Create/change file with ``__file`` using ``user:group:mode`` pattern. + +directory + Create/change directory with ``__directory`` using ``user:group:mode`` pattern. + BOOLEAN PARAMETERS ------------------ @@ -83,6 +89,13 @@ EXAMPLES echo 'user:alice:rwx' \ | __acl /path/to/directory --source - + # create/change directory too + __acl /path/to/directory \ + --default \ + --remove \ + --directory root:root:770 \ + --entry user:nobody:rwx + AUTHORS ------- diff --git a/cdist/conf/type/__acl/manifest b/cdist/conf/type/__acl/manifest new file mode 100755 index 00000000..5fd23110 --- /dev/null +++ b/cdist/conf/type/__acl/manifest @@ -0,0 +1,11 @@ +#!/bin/sh -e + +for p in file directory +do + [ ! -f "$__object/parameter/$p" ] && continue + + "__$p" "/$__object_id" \ + --owner "$( awk -F: '{print $1}' "$__object/parameter/$p" )" \ + --group "$( awk -F: '{print $2}' "$__object/parameter/$p" )" \ + --mode "$( awk -F: '{print $3}' "$__object/parameter/$p" )" +done diff --git a/cdist/conf/type/__acl/parameter/optional b/cdist/conf/type/__acl/parameter/optional index 12edcccb..cdcbc0b8 100644 --- a/cdist/conf/type/__acl/parameter/optional +++ b/cdist/conf/type/__acl/parameter/optional @@ -1,3 +1,5 @@ mask other source +file +directory From 4e8ccd9b788c11403f586bf0c413d57546013c1b Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Mon, 20 Jan 2020 09:08:55 +0100 Subject: [PATCH 006/176] ++changelog --- docs/changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/changelog b/docs/changelog index 3f240e5a..083cf5fb 100644 --- a/docs/changelog +++ b/docs/changelog @@ -13,7 +13,7 @@ next: - match line at the beginning when not regex - fix incorrect 'wrongposition' in state explorer - produce error when file does not exist - * Type __acl: Add --source parameter (Ander Punnar) + * Type __acl: Add --source, --file and --directory parameters (Ander Punnar) 6.4.0: 2020-01-04 * Type __consul_agent: Don't deploy init script on Alpine anymore, it ships with one itself (Nico Schottelius) From 8f12a4c505812d640cd926567ee8c6300a6341fb Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Thu, 23 Jan 2020 07:10:48 +0100 Subject: [PATCH 007/176] Release 6.5.0 --- docs/changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/changelog b/docs/changelog index 083cf5fb..467c0f22 100644 --- a/docs/changelog +++ b/docs/changelog @@ -1,7 +1,7 @@ Changelog --------- -next: +6.5.0: 2020-01-23 * Type __acl: Add --entry parameter to replace --acl, deprecate --acl (Ander Punnar) * Core: preos: Fix missing configuration file usage, support -g, --config-file option (Darko Poljak) * Core info command: Support tilde expansion of conf directories (Darko Poljak) From 87f30b6053315f11013bbf92ce1281bca2d54f43 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Thu, 23 Jan 2020 14:40:07 +0100 Subject: [PATCH 008/176] Update sphinx docs copyright year --- docs/src/conf.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/src/conf.py b/docs/src/conf.py index 78f9842c..47765413 100644 --- a/docs/src/conf.py +++ b/docs/src/conf.py @@ -56,7 +56,7 @@ master_doc = 'index' # General information about the project. project = 'cdist' -copyright = 'ungleich GmbH 2019' +copyright = 'ungleich GmbH 2020' # author = 'Darko Poljak' # The version info for the project you're documenting, acts as replacement for From de1a421b68edeb2bf3660f2ed98e109db93e8d88 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Wed, 2 Oct 2019 15:39:30 +0200 Subject: [PATCH 009/176] [explorer/init] Support for Darwin and more BusyBox combinations --- cdist/conf/explorer/init | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/cdist/conf/explorer/init b/cdist/conf/explorer/init index a8a7857e..829d6ab8 100755 --- a/cdist/conf/explorer/init +++ b/cdist/conf/explorer/init @@ -23,14 +23,22 @@ # for example at linux this value is "init" or "systemd" in most cases # -uname_s="$(uname -s)" - -case "$uname_s" in +case $(uname -s) in Linux) - (pgrep -P0 -l | awk '/^1[ \t]/ {print $2;}') || true + if command -v pgrep >/dev/null + then + # BusyBox's version of ps does not support some options. + # On Linux systems, we prefer pgrep to get the name of PID1. + (pgrep -P0 -l | awk '/^1[ \t]/ {print $2;}') || true + else + ps -o comm= -p 1 2>/dev/null || cat /proc/1/comm + fi ;; FreeBSD|OpenBSD) - ps -o comm= -p 1 || true + ps -o comm= -p 1 2>/dev/null || true + ;; + Darwin) + basename "$(ps -o comm= -p 1 2>/dev/null)" ;; *) # return a empty string as unknown value From 4fe2dcba891ae52cccbe02553976be2bb7291fd1 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Thu, 30 Jan 2020 18:35:50 +0100 Subject: [PATCH 010/176] [explorer/init] Linux is a mess... --- cdist/conf/explorer/init | 44 +++++++++++++++++++++++++++++++++++----- 1 file changed, 39 insertions(+), 5 deletions(-) diff --git a/cdist/conf/explorer/init b/cdist/conf/explorer/init index 829d6ab8..ceae2e9f 100755 --- a/cdist/conf/explorer/init +++ b/cdist/conf/explorer/init @@ -25,14 +25,48 @@ case $(uname -s) in Linux) - if command -v pgrep >/dev/null + if test -d /proc/1/ then - # BusyBox's version of ps does not support some options. - # On Linux systems, we prefer pgrep to get the name of PID1. - (pgrep -P0 -l | awk '/^1[ \t]/ {print $2;}') || true + comm_name=$(cat /proc/1/comm) else - ps -o comm= -p 1 2>/dev/null || cat /proc/1/comm + # BusyBox's versions of ps and pgrep do not support some options + # depending on which compile-time options have been used. + # Both pgrep and ps are tried to get the command name + comm_name=$( + pgrep -P0 -l 2>/dev/null | awk '/^1[ \t]/ { print $2 }' + || ps -o comm= -p 1 2>/dev/null) fi + + case $comm_name + in + systemd) + echo systemd + ;; + init) + # It could be anything... + + if test -h /proc/1/exe + then + init_exe=/proc/1/exe + else + init_exe=$(command -v "$comm_name") + fi + + test -x "$comm_exe" || exit 1 + + case $("$comm_exe" --version | head -n 1) + in + *SysV*) + echo init + ;; + *upstart*) + echo upstart + ;; + *) + echo "" + ;; + esac + esac ;; FreeBSD|OpenBSD) ps -o comm= -p 1 2>/dev/null || true From e5d86ffc9360767502469d00a0db1aca72d4f483 Mon Sep 17 00:00:00 2001 From: Matthias Stecher Date: Sat, 1 Feb 2020 17:08:25 +0100 Subject: [PATCH 011/176] Fix to remove cronjobs when the cronjob expression did not match. --- cdist/conf/type/__cron/gencode-remote | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/cdist/conf/type/__cron/gencode-remote b/cdist/conf/type/__cron/gencode-remote index 59398058..8f3c92dc 100755 --- a/cdist/conf/type/__cron/gencode-remote +++ b/cdist/conf/type/__cron/gencode-remote @@ -42,8 +42,12 @@ fi mkdir "$__object/files" echo "$entry" > "$__object/files/entry" -if diff -q "$__object/files/entry" "$__object/explorer/entry" >/dev/null; then - state_is=present +if [ -s "$__object/explorer/entry" ]; then + if diff -q "$__object/files/entry" "$__object/explorer/entry" >/dev/null; then + state_is=present + else + state_is=modified + fi else state_is=absent fi From f3237e5d76c995d138bdf287c00a03d48f4ac742 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Mon, 3 Feb 2020 17:44:47 +0100 Subject: [PATCH 012/176] [consul agent] add support for Debian 10 --- cdist/conf/type/__consul_agent/manifest | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cdist/conf/type/__consul_agent/manifest b/cdist/conf/type/__consul_agent/manifest index ee682d72..e00f29ec 100755 --- a/cdist/conf/type/__consul_agent/manifest +++ b/cdist/conf/type/__consul_agent/manifest @@ -209,7 +209,7 @@ case "$os" in [567]) init_sysvinit debian ;; - [89]) + [89]|10) init_systemd ;; *) From 0f420993e1befd2692aca6cae43efb751a4a78de Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Mon, 3 Feb 2020 17:45:34 +0100 Subject: [PATCH 013/176] ++ changelog update --- docs/changelog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/changelog b/docs/changelog index 467c0f22..9f5e73bd 100644 --- a/docs/changelog +++ b/docs/changelog @@ -1,6 +1,9 @@ Changelog --------- +next: + * Type __consul_agent: Add Debian 10 support (Nico Schottelius) + 6.5.0: 2020-01-23 * Type __acl: Add --entry parameter to replace --acl, deprecate --acl (Ander Punnar) * Core: preos: Fix missing configuration file usage, support -g, --config-file option (Darko Poljak) From e82dd35869e00b2fb00b6907b5fc3a960981bc6e Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Mon, 30 Sep 2019 18:50:20 +0200 Subject: [PATCH 014/176] [__file] stat explorer patch for systems without stat(1) Some embedded systems (like OpenWrt) do not ship a stat(1) binary. This workaround parses the output of ls(1) and /etc/passwd, /etc/group to gather the information needed. --- cdist/conf/type/__file/explorer/stat | 64 ++++++++++++++++++++-------- 1 file changed, 46 insertions(+), 18 deletions(-) diff --git a/cdist/conf/type/__file/explorer/stat b/cdist/conf/type/__file/explorer/stat index 13c1c208..91c8cc84 100755 --- a/cdist/conf/type/__file/explorer/stat +++ b/cdist/conf/type/__file/explorer/stat @@ -2,6 +2,7 @@ # # 2013 Steven Armstrong (steven-cdist armstrong.cc) # 2019 Nico Schottelius (nico-cdist at schottelius.org) +# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # @@ -21,29 +22,54 @@ destination="/$__object_id" +fallback() { + # Fallback: Patch the output together, manually. + + ls_line=$(ls -ldn "$destination") + + uid=$(echo "$ls_line" | awk '{ print $3 }') + gid=$(echo "$ls_line" | awk '{ print $4 }') + + owner=$(awk -F: -v uid="$uid" '$3 == uid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/passwd) + group=$(awk -F: -v uid="$uid" '$3 == uid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/group) + + mode_text=$(echo "$ls_line" | awk '{ print $1 }') + mode=$(echo "$mode_text" | awk '{ k=0; for (i=0; i<=8; i++) k += ((substr($1, i+2, 1) ~ /[rwx]/) * 2^(8-i)); printf("%0o", k) }') + + size=$(echo "$ls_line" | awk '{ print $5 }') + links=$(echo "$ls_line" | awk '{ print $2 }') + + printf 'type: %s\nowner: %d %s\ngroup: %d %s\nmode: %s %s\nsize: %d\nlinks: %d\n' \ + "$("$__type_explorer/type")" \ + "$uid" "$owner" \ + "$gid" "$group" \ + "$mode" "$mode_text" \ + "$size" \ + "$links" +} + + # nothing to work with, nothing we could do [ -e "$destination" ] || exit 0 -os=$("$__explorer/os") -case "$os" in - "freebsd"|"netbsd"|"openbsd"|"macosx") + +if ! command -v stat >/dev/null +then + fallback + exit +fi + + +case $("$__explorer/os") +in + freebsd|netbsd|openbsd|macosx) stat -f "type: %HT owner: %Du %Su group: %Dg %Sg mode: %Lp %Sp size: %Dz links: %Dl -" "$destination" | awk '/^type/ { print tolower($0); next; } { print; }' - ;; - alpine) - # busybox stat - stat -c "type: %F -owner: %u %U -group: %g %G -mode: %a %A -size: %s -links: %h -" "$destination" +" "$destination" | awk '/^type/ { print tolower($0); next } { print }' ;; solaris) ls1="$( ls -ld "$destination" )" @@ -77,12 +103,14 @@ links: %h echo "links: $( echo "$ls1" | awk '{print $2}' )" ;; *) - stat --printf="type: %F + # NOTE: Do not use --printf here as it is not supported by BusyBox stat. + # NOTE: BusyBox's stat might not support the "-c" option, in which case + # we fall through to the shell fallback. + stat -c "type: %F owner: %u %U group: %g %G mode: %a %A size: %s -links: %h -" "$destination" - ;; +links: %h" "$destination" 2>/dev/null || fallback + ;; esac From 3b5433d63af27f06f3c44b121b21d7e0520af7bf Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Mon, 3 Feb 2020 18:12:27 +0100 Subject: [PATCH 015/176] [__directory] stat explorer patch for systems without stat(1) Some embedded systems (like OpenWrt) do not ship a stat(1) binary. This workaround parses the output of ls(1) and /etc/passwd, /etc/group to gather the information needed. --- cdist/conf/type/__directory/explorer/stat | 48 +++++++++++++++++------ 1 file changed, 35 insertions(+), 13 deletions(-) diff --git a/cdist/conf/type/__directory/explorer/stat b/cdist/conf/type/__directory/explorer/stat index 03d466ba..105d894f 100755 --- a/cdist/conf/type/__directory/explorer/stat +++ b/cdist/conf/type/__directory/explorer/stat @@ -1,6 +1,7 @@ #!/bin/sh # # 2013 Steven Armstrong (steven-cdist armstrong.cc) +# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # @@ -20,24 +21,43 @@ destination="/$__object_id" +fallback() { + # Patch the output together, manually + + ls_line=$(ls -ldn "$destination") + + uid=$(echo "$ls_line" | awk '{ print $3 }') + gid=$(echo "$ls_line" | awk '{ print $4 }') + + owner=$(awk -F: -v uid="$uid" '$3 == uid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/passwd) + group=$(awk -F: -v uid="$uid" '$3 == uid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/group) + + mode_text=$(echo "$ls_line" | awk '{ print $1 }') + mode=$(echo "$mode_text" | awk '{ k=0; for (i=0; i<=8; i++) k += ((substr($1, i+2, 1) ~ /[rwx]/) * 2^(8-i)); printf("%0o", k) }') + + printf 'type: %s\nowner: %d %s\ngroup: %d %s\nmode: %s %s\n' \ + "$("$__type_explorer/type")" \ + "$uid" "$owner" \ + "$gid" "$group" \ + "$mode" "$mode_text" +} + # nothing to work with, nothing we could do [ -e "$destination" ] || exit 0 -os=$("$__explorer/os") -case "$os" in +if ! command -v stat >/dev/null +then + fallback + exit +fi + +case $("$__explorer/os") in "freebsd"|"netbsd"|"openbsd"|"macosx") stat -f "type: %HT owner: %Du %Su group: %Dg %Sg mode: %Lp %Sp -" "$destination" | awk '/^type/ { print tolower($0); next; } { print; }' - ;; - alpine) - stat -c "type: %F -owner: %u %U -group: %g %G -mode: %a %A -" "$destination" +" "$destination" | awk '/^type/ { print tolower($0); next } { print }' ;; solaris) ls1="$( ls -ld "$destination" )" @@ -69,10 +89,12 @@ mode: %a %A echo "mode: $octets $( echo "$ls1" | awk '{print $1}' )" ;; *) - stat --printf="type: %F + # NOTE: Do not use --printf here as it is not supported by BusyBox stat. + # NOTE: BusyBox's stat might not support the "-c" option, in which case + # we fall through to the shell fallback. + stat -c "type: %F owner: %u %U group: %g %G -mode: %a %A -" "$destination" +mode: %a %A" "$destination" 2>/dev/null || fallback ;; esac From 984e0dc8c4975904057a7ab0a8c9d357ed0b4fdf Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Mon, 3 Feb 2020 19:29:04 +0100 Subject: [PATCH 016/176] [explorer/os_release] Add fallbacks to /usr/lib/os-release and /var/run/os-release --- cdist/conf/explorer/os_release | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/cdist/conf/explorer/os_release b/cdist/conf/explorer/os_release index cfc01004..6489446b 100644 --- a/cdist/conf/explorer/os_release +++ b/cdist/conf/explorer/os_release @@ -1,6 +1,7 @@ #!/bin/sh # # 2018 Adam Dej (dejko.a at gmail.com) +# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # @@ -21,6 +22,17 @@ # See os-release(5) and http://0pointer.de/blog/projects/os-release -set +e +if test -f /etc/os-release +then + # Linux and FreeBSD (usually a symlink) + cat /etc/os-release +elif test -f /usr/lib/os-release +then + # systemd + cat /usr/lib/os-release +elif test -f /var/run/os-release +then + # FreeBSD (created by os-release service) + cat /var/run/os-release +fi -cat /etc/os-release || cat /usr/lib/os-release || true From 7a5d6d5a7d602863cd7d74bfb4e13a8bb59c5944 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Tue, 4 Feb 2020 07:45:04 +0100 Subject: [PATCH 017/176] ++changelog --- docs/changelog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/changelog b/docs/changelog index 9f5e73bd..bf0a8777 100644 --- a/docs/changelog +++ b/docs/changelog @@ -3,6 +3,8 @@ Changelog next: * Type __consul_agent: Add Debian 10 support (Nico Schottelius) + * Explorer os_release: Add fallbacks (Dennis Camera) + * Types __file, __directory: Add fallback for systems without stat (Dennis Camera) 6.5.0: 2020-01-23 * Type __acl: Add --entry parameter to replace --acl, deprecate --acl (Ander Punnar) From 08d5814e2cc8ea6a204afca91bec7b831116112b Mon Sep 17 00:00:00 2001 From: Ander Punnar Date: Sun, 9 Feb 2020 20:37:06 +0200 Subject: [PATCH 018/176] __package_apt: update index cache, on installation, when it is older than one day --- cdist/conf/type/__package_apt/gencode-remote | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cdist/conf/type/__package_apt/gencode-remote b/cdist/conf/type/__package_apt/gencode-remote index 699eb0c9..b3184a9c 100755 --- a/cdist/conf/type/__package_apt/gencode-remote +++ b/cdist/conf/type/__package_apt/gencode-remote @@ -74,6 +74,11 @@ fi case "$state_should" in present) + cat << EOF +if [ -f /var/cache/apt/pkgcache.bin ] && [ "\$( stat --format %Y /var/cache/apt/pkgcache.bin )" -lt "\$( date +%s -d '-1 day' )" ] +then echo apt-get update > /dev/null 2>&1 || true +fi +EOF if [ -n "$version" ]; then name="${name}=${version}" fi From b3bad9468de78cf90e8ce92a59c8bb3d285883fe Mon Sep 17 00:00:00 2001 From: Ander Punnar Date: Sun, 9 Feb 2020 20:43:09 +0200 Subject: [PATCH 019/176] __package_apt: pkgcache.bin may not exist --- cdist/conf/type/__package_apt/gencode-remote | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cdist/conf/type/__package_apt/gencode-remote b/cdist/conf/type/__package_apt/gencode-remote index b3184a9c..cb79e886 100755 --- a/cdist/conf/type/__package_apt/gencode-remote +++ b/cdist/conf/type/__package_apt/gencode-remote @@ -75,7 +75,7 @@ fi case "$state_should" in present) cat << EOF -if [ -f /var/cache/apt/pkgcache.bin ] && [ "\$( stat --format %Y /var/cache/apt/pkgcache.bin )" -lt "\$( date +%s -d '-1 day' )" ] +if [ ! -f /var/cache/apt/pkgcache.bin ] || [ "\$( stat --format %Y /var/cache/apt/pkgcache.bin )" -lt "\$( date +%s -d '-1 day' )" ] then echo apt-get update > /dev/null 2>&1 || true fi EOF From bcefeb240c81fd263763c794acc7f6ce0b8f6db0 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Mon, 10 Feb 2020 15:51:15 +0100 Subject: [PATCH 020/176] add note about IPv6, because people ask --- docs/src/index.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/src/index.rst b/docs/src/index.rst index 5e54d8fc..31c044dc 100644 --- a/docs/src/index.rst +++ b/docs/src/index.rst @@ -2,8 +2,9 @@ cdist - usable configuration management ======================================= cdist is a usable configuration management system. -It adheres to the KISS principle and +It adheres to the KISS principle and is being used in small up to enterprise grade environments. +It natively supports IPv6 since the first release. .. toctree:: From 710e99f240ef616c6c1978167749b877b3d1e8dc Mon Sep 17 00:00:00 2001 From: Ander Punnar Date: Thu, 13 Feb 2020 17:29:44 +0200 Subject: [PATCH 021/176] __mysql_privileges: fix quoting --- cdist/conf/type/__mysql_privileges/explorer/state | 2 +- cdist/conf/type/__mysql_privileges/gencode-remote | 9 +++++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/cdist/conf/type/__mysql_privileges/explorer/state b/cdist/conf/type/__mysql_privileges/explorer/state index 0cfbaacd..4f13a70c 100755 --- a/cdist/conf/type/__mysql_privileges/explorer/state +++ b/cdist/conf/type/__mysql_privileges/explorer/state @@ -30,7 +30,7 @@ host="$( cat "$__object/parameter/host" )" check_privileges="$( mysql -B -N -e "show grants for '$user'@'$host'" \ - | grep -Ei "^grant $privileges on .$database.\..$table. to " || true )" + | grep -Ei "^grant $privileges on .$database.\..?$table.? to " || true )" if [ -n "$check_privileges" ] then diff --git a/cdist/conf/type/__mysql_privileges/gencode-remote b/cdist/conf/type/__mysql_privileges/gencode-remote index bcd362e6..20975c50 100755 --- a/cdist/conf/type/__mysql_privileges/gencode-remote +++ b/cdist/conf/type/__mysql_privileges/gencode-remote @@ -37,13 +37,18 @@ user="$( cat "$__object/parameter/user" )" host="$( cat "$__object/parameter/host" )" +if [ "$table" != '*' ] +then + table="$( printf '`%s`' "$table" )" +fi + case "$state_should" in present) - echo "mysql -e 'grant $privileges on \`$database\`.\`$table\` to \`$user\`@\`$host\`'" + echo "mysql -e 'grant $privileges on \`$database\`.$table to \`$user\`@\`$host\`'" echo "grant $privileges on $database.$table to $user@$host" >> "$__messages_out" ;; absent) - echo "mysql -e 'revoke $privileges on \`$database\`.\`$table\` from \`$user\`@\`$host\`'" + echo "mysql -e 'revoke $privileges on \`$database\`.$table from \`$user\`@\`$host\`'" echo "revoke $privileges on $database.$table from $user@$host" >> "$__messages_out" ;; esac From b7483d73ebc5a95c96adc4a40173ce5015173eeb Mon Sep 17 00:00:00 2001 From: Ander Punnar Date: Thu, 13 Feb 2020 17:38:19 +0200 Subject: [PATCH 022/176] __mysql_privileges: fix shellcheck --- cdist/conf/type/__mysql_privileges/gencode-remote | 1 + 1 file changed, 1 insertion(+) diff --git a/cdist/conf/type/__mysql_privileges/gencode-remote b/cdist/conf/type/__mysql_privileges/gencode-remote index 20975c50..0656699f 100755 --- a/cdist/conf/type/__mysql_privileges/gencode-remote +++ b/cdist/conf/type/__mysql_privileges/gencode-remote @@ -39,6 +39,7 @@ host="$( cat "$__object/parameter/host" )" if [ "$table" != '*' ] then + # shellcheck disable=SC2016 table="$( printf '`%s`' "$table" )" fi From f771840178ed2586a4abc47f5e513da2309d5128 Mon Sep 17 00:00:00 2001 From: Ander Punnar Date: Thu, 13 Feb 2020 17:38:34 +0200 Subject: [PATCH 023/176] __mysql_privileges: fix typo --- cdist/conf/type/__mysql_privileges/man.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cdist/conf/type/__mysql_privileges/man.rst b/cdist/conf/type/__mysql_privileges/man.rst index 8208d7d4..b72c9eba 100644 --- a/cdist/conf/type/__mysql_privileges/man.rst +++ b/cdist/conf/type/__mysql_privileges/man.rst @@ -17,7 +17,7 @@ REQUIRED PARAMETERS database Name of database. -User +user Name of user. From e5f9d320049dea5acef6e505cc7a4966ecbd72c6 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Fri, 14 Feb 2020 16:07:06 +0100 Subject: [PATCH 024/176] ++changelog --- docs/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/changelog b/docs/changelog index bf0a8777..3f69899a 100644 --- a/docs/changelog +++ b/docs/changelog @@ -5,6 +5,7 @@ next: * Type __consul_agent: Add Debian 10 support (Nico Schottelius) * Explorer os_release: Add fallbacks (Dennis Camera) * Types __file, __directory: Add fallback for systems without stat (Dennis Camera) + * Type __mysql_privileges: Fix quoting (Ander Punnar) 6.5.0: 2020-01-23 * Type __acl: Add --entry parameter to replace --acl, deprecate --acl (Ander Punnar) From 1be5a9d3163fc5b8aa107764ea5aab41f46e860a Mon Sep 17 00:00:00 2001 From: Ander Punnar Date: Fri, 14 Feb 2020 19:19:12 +0200 Subject: [PATCH 025/176] __package_apt: add note about updating index --- cdist/conf/type/__package_apt/man.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/cdist/conf/type/__package_apt/man.rst b/cdist/conf/type/__package_apt/man.rst index a3a70d91..a1691eac 100644 --- a/cdist/conf/type/__package_apt/man.rst +++ b/cdist/conf/type/__package_apt/man.rst @@ -11,6 +11,9 @@ DESCRIPTION apt-get is usually used on Debian and variants (like Ubuntu) to manage packages. +This type will also update package index, if it is older +than one day, to avoid missing package error messages. + REQUIRED PARAMETERS ------------------- From 869a38676f97b7863997b7d2c257447a63344368 Mon Sep 17 00:00:00 2001 From: Ander Punnar Date: Fri, 14 Feb 2020 19:22:06 +0200 Subject: [PATCH 026/176] __package_apt: add comment about package index update --- cdist/conf/type/__package_apt/gencode-remote | 3 +++ 1 file changed, 3 insertions(+) diff --git a/cdist/conf/type/__package_apt/gencode-remote b/cdist/conf/type/__package_apt/gencode-remote index cb79e886..e02564a2 100755 --- a/cdist/conf/type/__package_apt/gencode-remote +++ b/cdist/conf/type/__package_apt/gencode-remote @@ -74,6 +74,9 @@ fi case "$state_should" in present) + # following is bit ugly, but important hack. + # due to how cdist config run works, there isn't + # currently better way to do it :( cat << EOF if [ ! -f /var/cache/apt/pkgcache.bin ] || [ "\$( stat --format %Y /var/cache/apt/pkgcache.bin )" -lt "\$( date +%s -d '-1 day' )" ] then echo apt-get update > /dev/null 2>&1 || true From 48bff6656322eecd940a1e0a2c272fe2303268f6 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Fri, 14 Feb 2020 21:55:35 +0100 Subject: [PATCH 027/176] ++changelog --- docs/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/changelog b/docs/changelog index 3f69899a..734db7ea 100644 --- a/docs/changelog +++ b/docs/changelog @@ -6,6 +6,7 @@ next: * Explorer os_release: Add fallbacks (Dennis Camera) * Types __file, __directory: Add fallback for systems without stat (Dennis Camera) * Type __mysql_privileges: Fix quoting (Ander Punnar) + * Type __package_apt: Update package index if it is older than one day (Ander Punnar) 6.5.0: 2020-01-23 * Type __acl: Add --entry parameter to replace --acl, deprecate --acl (Ander Punnar) From a761d4842ca36688fd6355a63185da985528366a Mon Sep 17 00:00:00 2001 From: Matthias Stecher Date: Sat, 15 Feb 2020 08:21:24 +0100 Subject: [PATCH 028/176] Add check for the state parameter in manifest. This only allow following cases: - present - absent else, it will abort with an error message. --- cdist/conf/type/__cron/manifest | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/cdist/conf/type/__cron/manifest b/cdist/conf/type/__cron/manifest index 53973e07..3017e2fd 100755 --- a/cdist/conf/type/__cron/manifest +++ b/cdist/conf/type/__cron/manifest @@ -22,3 +22,12 @@ if [ -f "$__object/parameter/raw" ] && [ -f "$__object/parameter/raw_command" ]; echo "ERROR: both raw and raw_command specified" >&2 exit 1 fi + +case "$(cat "$__object/parameter/state" 2>/dev/null || echo "present")" in + present) ;; + absent) ;; + + *) + echo "ERROR: unkown cron state" >&2 + exit 2 +esac From 5e6e17b3e55ea5b53a3ad9fe28f1d1c422121369 Mon Sep 17 00:00:00 2001 From: Matthias Stecher Date: Sat, 15 Feb 2020 09:46:23 +0100 Subject: [PATCH 029/176] Moved default parameter values from scripts to cdist parameter handling. For more generalisation, the default parameter values are now handled by cdist instead of trying to get a value and use a default if parameter is not given. It handles the default values in a more general way, instead of write one default in (possibly) multiple places. Problem occurred when checking the 'state' parameter, which required to set a default value in two places. --- cdist/conf/type/__cron/gencode-remote | 12 ++++++------ cdist/conf/type/__cron/manifest | 2 +- .../conf/type/__cron/parameter/default/day_of_month | 1 + cdist/conf/type/__cron/parameter/default/day_of_week | 1 + cdist/conf/type/__cron/parameter/default/hour | 1 + cdist/conf/type/__cron/parameter/default/minute | 1 + cdist/conf/type/__cron/parameter/default/month | 1 + cdist/conf/type/__cron/parameter/default/state | 1 + 8 files changed, 13 insertions(+), 7 deletions(-) create mode 100644 cdist/conf/type/__cron/parameter/default/day_of_month create mode 100644 cdist/conf/type/__cron/parameter/default/day_of_week create mode 100644 cdist/conf/type/__cron/parameter/default/hour create mode 100644 cdist/conf/type/__cron/parameter/default/minute create mode 100644 cdist/conf/type/__cron/parameter/default/month create mode 100644 cdist/conf/type/__cron/parameter/default/state diff --git a/cdist/conf/type/__cron/gencode-remote b/cdist/conf/type/__cron/gencode-remote index 8f3c92dc..9debbc47 100755 --- a/cdist/conf/type/__cron/gencode-remote +++ b/cdist/conf/type/__cron/gencode-remote @@ -31,11 +31,11 @@ if [ -f "$__object/parameter/raw" ]; then elif [ -f "$__object/parameter/raw_command" ]; then entry="$command" else - minute="$(cat "$__object/parameter/minute" 2>/dev/null || echo "*")" - hour="$(cat "$__object/parameter/hour" 2>/dev/null || echo "*")" - day_of_month="$(cat "$__object/parameter/day_of_month" 2>/dev/null || echo "*")" - month="$(cat "$__object/parameter/month" 2>/dev/null || echo "*")" - day_of_week="$(cat "$__object/parameter/day_of_week" 2>/dev/null || echo "*")" + minute="$(cat "$__object/parameter/minute")" + hour="$(cat "$__object/parameter/hour")" + day_of_month="$(cat "$__object/parameter/day_of_month")" + month="$(cat "$__object/parameter/month")" + day_of_week="$(cat "$__object/parameter/day_of_week")" entry="$minute $hour $day_of_month $month $day_of_week $command # $name" fi @@ -52,7 +52,7 @@ else state_is=absent fi -state_should="$(cat "$__object/parameter/state" 2>/dev/null || echo "present")" +state_should="$(cat "$__object/parameter/state")" [ "$state_is" = "$state_should" ] && exit 0 diff --git a/cdist/conf/type/__cron/manifest b/cdist/conf/type/__cron/manifest index 3017e2fd..e7b51863 100755 --- a/cdist/conf/type/__cron/manifest +++ b/cdist/conf/type/__cron/manifest @@ -23,7 +23,7 @@ if [ -f "$__object/parameter/raw" ] && [ -f "$__object/parameter/raw_command" ]; exit 1 fi -case "$(cat "$__object/parameter/state" 2>/dev/null || echo "present")" in +case "$(cat "$__object/parameter/state")" in present) ;; absent) ;; diff --git a/cdist/conf/type/__cron/parameter/default/day_of_month b/cdist/conf/type/__cron/parameter/default/day_of_month new file mode 100644 index 00000000..72e8ffc0 --- /dev/null +++ b/cdist/conf/type/__cron/parameter/default/day_of_month @@ -0,0 +1 @@ +* diff --git a/cdist/conf/type/__cron/parameter/default/day_of_week b/cdist/conf/type/__cron/parameter/default/day_of_week new file mode 100644 index 00000000..72e8ffc0 --- /dev/null +++ b/cdist/conf/type/__cron/parameter/default/day_of_week @@ -0,0 +1 @@ +* diff --git a/cdist/conf/type/__cron/parameter/default/hour b/cdist/conf/type/__cron/parameter/default/hour new file mode 100644 index 00000000..72e8ffc0 --- /dev/null +++ b/cdist/conf/type/__cron/parameter/default/hour @@ -0,0 +1 @@ +* diff --git a/cdist/conf/type/__cron/parameter/default/minute b/cdist/conf/type/__cron/parameter/default/minute new file mode 100644 index 00000000..72e8ffc0 --- /dev/null +++ b/cdist/conf/type/__cron/parameter/default/minute @@ -0,0 +1 @@ +* diff --git a/cdist/conf/type/__cron/parameter/default/month b/cdist/conf/type/__cron/parameter/default/month new file mode 100644 index 00000000..72e8ffc0 --- /dev/null +++ b/cdist/conf/type/__cron/parameter/default/month @@ -0,0 +1 @@ +* diff --git a/cdist/conf/type/__cron/parameter/default/state b/cdist/conf/type/__cron/parameter/default/state new file mode 100644 index 00000000..e7f6134f --- /dev/null +++ b/cdist/conf/type/__cron/parameter/default/state @@ -0,0 +1 @@ +present From ef089d1c6114e840c4b8022d43322bdb18b96e8f Mon Sep 17 00:00:00 2001 From: Matthias Stecher Date: Mon, 6 Jan 2020 10:42:12 +0100 Subject: [PATCH 030/176] [__systemd_service] new type to manage the state of systemd services --- .../type/__systemd_service/explorer/state | 43 +++++++ .../type/__systemd_service/gencode-remote | 98 ++++++++++++++++ cdist/conf/type/__systemd_service/man.rst | 110 ++++++++++++++++++ .../type/__systemd_service/parameter/boolean | 1 + .../__systemd_service/parameter/default/state | 1 + .../type/__systemd_service/parameter/optional | 3 + 6 files changed, 256 insertions(+) create mode 100755 cdist/conf/type/__systemd_service/explorer/state create mode 100755 cdist/conf/type/__systemd_service/gencode-remote create mode 100644 cdist/conf/type/__systemd_service/man.rst create mode 100644 cdist/conf/type/__systemd_service/parameter/boolean create mode 100644 cdist/conf/type/__systemd_service/parameter/default/state create mode 100644 cdist/conf/type/__systemd_service/parameter/optional diff --git a/cdist/conf/type/__systemd_service/explorer/state b/cdist/conf/type/__systemd_service/explorer/state new file mode 100755 index 00000000..f5f751d4 --- /dev/null +++ b/cdist/conf/type/__systemd_service/explorer/state @@ -0,0 +1,43 @@ +#!/bin/sh -e +# explorer/state +# +# 2020 Matthias Stecher +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + +# Check if the service is running or stopped. +# +# The explorer must check before if the service exist, because 'systemctl is-active' +# will return "inactive" even if there is no service there: +# systemctl cat foo # does not exist +# systemctl is-active foo # is "inactive" + + +# get name of the service +if [ -f "$__object/parameter/name" ]; then + name="$(cat "$__object/parameter/name")" +else + name="$__object_id" +fi + + +# check if the service exist, else exit without output (also if systemd doesn't exist) +# do not exit here with an error code, will be done in the gencode-remote script +systemctl cat "$name" > /dev/null 2>&1 || exit 0 + +# print if the service is running or not +systemctl is-active -q "$name" && printf "running" || printf "stopped" diff --git a/cdist/conf/type/__systemd_service/gencode-remote b/cdist/conf/type/__systemd_service/gencode-remote new file mode 100755 index 00000000..c867ff22 --- /dev/null +++ b/cdist/conf/type/__systemd_service/gencode-remote @@ -0,0 +1,98 @@ +#!/bin/sh -e +# gencode-remote +# +# 2020 Matthias Stecher +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + +# Checks the given state of the service and set it to the given +# state. Optionally, it executes the action if service running. + + +# get name of the service +name="$__object/parameter/name" +if [ -f "$name" ]; then + name="$(cat "$name")" +else + name="$__object_id" +fi + + +# read current status and parameters +state="$(cat "$__object/explorer/state")" +should="$(cat "$__object/parameter/state")" + +# if systemd/service does not exist +if [ -z "$state" ]; then + printf "systemd or service '%s' does not exist!\n" "$name" >&2 + exit 1 +fi + + +# save the action required +required_action="" + +# check the state of the service that should be +if [ "$state" != "$should" ]; then + # select what to do to get the $should state + case "$should" in + running) + if [ "$state" = "stopped" ]; then required_action="start"; fi + ;; + + stopped) + if [ "$state" = "running" ]; then required_action="stop"; fi + ;; + esac +fi + +# check if the action can be achieved if given +if [ -f "$__object/parameter/action" ] \ + && [ -z "$required_action" ] && [ "$state" = "running" ]; then + + # there must be an action + action="$(cat "$__object/parameter/action")" + + # select the action to the required element + case "$action" in + restart) + required_action="restart" + ;; + + reload) + required_action="reload" + ;; + + *) + printf "action '%s' does not exist!" "$action" >&2 + exit 2 + esac + + # Make a special check: only do this action if a dependency did something + # it is required that the dependencies write there action to $__messages_in + if [ -f "$__object/parameter/if-required" ]; then + # exit here if there are no changes from the dependencies affected (nothing to do) + if ! grep -q -f "$__object/require" "$__messages_in"; then exit 0; fi + fi +fi + +# print the execution command if a action given +if [ -n "$required_action" ]; then + # also print it as message + echo "$required_action" >> "$__messages_out" + echo "systemctl $required_action '$name'" +fi diff --git a/cdist/conf/type/__systemd_service/man.rst b/cdist/conf/type/__systemd_service/man.rst new file mode 100644 index 00000000..678cee29 --- /dev/null +++ b/cdist/conf/type/__systemd_service/man.rst @@ -0,0 +1,110 @@ +cdist-type__systemd-service(7) +============================== + +NAME +---- +cdist-type__systemd-service - Controls a systemd service state + +DESCRIPTION +----------- +This type controls systemd services to define a state of the service, +or an action like reloading or restarting. It is useful to reload a +service after configuration applied or shutdown one service. + +The activation or deactivation is out of scope. Look for the +:strong:`cdist-type__systemd_util`\ (7) type instead. + +REQUIRED PARAMETERS +------------------- + +None. + +OPTIONAL PARAMETERS +------------------- + +name + String which will used as name instead of the object id. + +state + The state which the service should be in: + + running + Service should run (default) + + stoppend + Service should stopped + +action + Executes an action on on the service. It will only execute it if the + service keeps the state **running**. There are following actions, where: + + reload + Reloads the service + + restart + Restarts the service + +BOOLEAN PARAMETERS +----------------- + +if-required + Only execute the action if minimum one required type outputs a message to + **$__messages_out**. Through this, the action should only executed if a + dependency did something. The action will not executed if no dependencies + given. + +MESSAGES +-------- + +start + Started the service + +stop + Stopped the service + +restart + Restarted the service + +reload + Reloaded the service + +ABORTS +------ +Aborts in following cases: + +systemd or the service does not exist + +EXAMPLES +-------- +.. code-block:: sh + + # service must run + __systemd_service nginx + + # service must stopped + __systemd_service sshd \ + --state stopped + + # restart the service + __systemd_service apache2 \ + --action restart + + # makes sure the service exist with an alternative name + __systemd_service foo \ + --name sshd + + # reload the service for a modified configuration file + # only reloads the service if the file really changed + require="__config_file/etc/foo.conf" __systemd_service foo \ + --action reload --if-required + +AUTHORS +------- +Matthias Stecher + +COPYRIGHT +--------- +Copyright \(C) 2020 Matthias Stecher. You can redistribute it +and/or modify it under the terms of the GNU General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. diff --git a/cdist/conf/type/__systemd_service/parameter/boolean b/cdist/conf/type/__systemd_service/parameter/boolean new file mode 100644 index 00000000..a4bccb66 --- /dev/null +++ b/cdist/conf/type/__systemd_service/parameter/boolean @@ -0,0 +1 @@ +if-required diff --git a/cdist/conf/type/__systemd_service/parameter/default/state b/cdist/conf/type/__systemd_service/parameter/default/state new file mode 100644 index 00000000..a2ae71b3 --- /dev/null +++ b/cdist/conf/type/__systemd_service/parameter/default/state @@ -0,0 +1 @@ +running diff --git a/cdist/conf/type/__systemd_service/parameter/optional b/cdist/conf/type/__systemd_service/parameter/optional new file mode 100644 index 00000000..fc78265f --- /dev/null +++ b/cdist/conf/type/__systemd_service/parameter/optional @@ -0,0 +1,3 @@ +name +state +action From 58841fc4bfd8dbeb82717fe3638b3bb4d2ed017b Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Sat, 15 Feb 2020 12:20:41 +0100 Subject: [PATCH 031/176] ++changelog --- docs/changelog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/changelog b/docs/changelog index 734db7ea..f687e5ed 100644 --- a/docs/changelog +++ b/docs/changelog @@ -7,6 +7,8 @@ next: * Types __file, __directory: Add fallback for systems without stat (Dennis Camera) * Type __mysql_privileges: Fix quoting (Ander Punnar) * Type __package_apt: Update package index if it is older than one day (Ander Punnar) + * Type __cron: Fix job removal if 'is' and 'should' don't match (Matthias Stecher) + * New type: __systemd_service (Matthias Stecher) 6.5.0: 2020-01-23 * Type __acl: Add --entry parameter to replace --acl, deprecate --acl (Ander Punnar) From a1536933ab066671e09aaf47a3c6101a68a6b60f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Sat, 15 Feb 2020 08:51:29 +0100 Subject: [PATCH 032/176] Fix password command synthax in __postgres_role --- cdist/conf/type/__postgres_role/gencode-remote | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cdist/conf/type/__postgres_role/gencode-remote b/cdist/conf/type/__postgres_role/gencode-remote index 977832c9..282294c9 100755 --- a/cdist/conf/type/__postgres_role/gencode-remote +++ b/cdist/conf/type/__postgres_role/gencode-remote @@ -54,7 +54,7 @@ case "$state_should" in [ -n "$password" ] && password="PASSWORD '$password'" cat << EOF -su - '$postgres_user' -c "psql postgres -wc 'CREATE ROLE \"$name\" WITH $password $booleans;'" +su - '$postgres_user' -c "psql postgres -wc \"CREATE ROLE \\\\\"$name\\\\\" WITH $password $booleans;\"" EOF ;; absent) From cda77e5e8a44eabde7e39396c39fd34daba1c702 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Sat, 15 Feb 2020 14:35:29 +0100 Subject: [PATCH 033/176] ++changelog --- docs/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/changelog b/docs/changelog index f687e5ed..d5ed1b06 100644 --- a/docs/changelog +++ b/docs/changelog @@ -9,6 +9,7 @@ next: * Type __package_apt: Update package index if it is older than one day (Ander Punnar) * Type __cron: Fix job removal if 'is' and 'should' don't match (Matthias Stecher) * New type: __systemd_service (Matthias Stecher) + * Type __postgres_role: Fix password command synthax (Timothée Floure) 6.5.0: 2020-01-23 * Type __acl: Add --entry parameter to replace --acl, deprecate --acl (Ander Punnar) From 9f3747cf3f664ba5cc2f74ec356d833e7eda2621 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Sat, 15 Feb 2020 14:36:26 +0100 Subject: [PATCH 034/176] Release 6.5.1 --- docs/changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/changelog b/docs/changelog index d5ed1b06..9f1e6245 100644 --- a/docs/changelog +++ b/docs/changelog @@ -1,7 +1,7 @@ Changelog --------- -next: +6.5.1: 2020-02-15 * Type __consul_agent: Add Debian 10 support (Nico Schottelius) * Explorer os_release: Add fallbacks (Dennis Camera) * Types __file, __directory: Add fallback for systems without stat (Dennis Camera) From 0640b02f90d92e11f6a4f8b7c0110d9b5a9bfb89 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Sat, 15 Feb 2020 14:59:12 +0100 Subject: [PATCH 035/176] Fix too short title underline --- cdist/conf/type/__systemd_service/man.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cdist/conf/type/__systemd_service/man.rst b/cdist/conf/type/__systemd_service/man.rst index 678cee29..7eca398b 100644 --- a/cdist/conf/type/__systemd_service/man.rst +++ b/cdist/conf/type/__systemd_service/man.rst @@ -45,7 +45,7 @@ action Restarts the service BOOLEAN PARAMETERS ------------------ +------------------ if-required Only execute the action if minimum one required type outputs a message to From c09165d1228e887e2fb4dad456c6b1409211a499 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Sat, 15 Feb 2020 21:05:24 +0100 Subject: [PATCH 036/176] Fix spelling --- docs/changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/changelog b/docs/changelog index 9f1e6245..bd767b9d 100644 --- a/docs/changelog +++ b/docs/changelog @@ -9,7 +9,7 @@ Changelog * Type __package_apt: Update package index if it is older than one day (Ander Punnar) * Type __cron: Fix job removal if 'is' and 'should' don't match (Matthias Stecher) * New type: __systemd_service (Matthias Stecher) - * Type __postgres_role: Fix password command synthax (Timothée Floure) + * Type __postgres_role: Fix password command syntax (Timothée Floure) 6.5.0: 2020-01-23 * Type __acl: Add --entry parameter to replace --acl, deprecate --acl (Ander Punnar) From 70200cd28fe9b35670f574e77d49e747f23072f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Tue, 21 Jan 2020 10:06:09 +0100 Subject: [PATCH 037/176] Refactor __consul_agent type to support distribution packages --- cdist/conf/type/__consul_agent/man.rst | 3 + cdist/conf/type/__consul_agent/manifest | 373 +++++++++++------- .../type/__consul_agent/parameter/boolean | 1 + 3 files changed, 225 insertions(+), 152 deletions(-) diff --git a/cdist/conf/type/__consul_agent/man.rst b/cdist/conf/type/__consul_agent/man.rst index 966abc60..62ee70bb 100644 --- a/cdist/conf/type/__consul_agent/man.rst +++ b/cdist/conf/type/__consul_agent/man.rst @@ -116,6 +116,9 @@ verify-incoming verify-outgoing enforce the use of TLS and verify the peers authenticity on outgoing connections +use-distribution-package + uses distribution package instead of upstream binary + EXAMPLES -------- diff --git a/cdist/conf/type/__consul_agent/manifest b/cdist/conf/type/__consul_agent/manifest index e00f29ec..599f15b4 100755 --- a/cdist/conf/type/__consul_agent/manifest +++ b/cdist/conf/type/__consul_agent/manifest @@ -2,6 +2,7 @@ # # 2015 Steven Armstrong (steven-cdist at armstrong.cc) # 2015-2019 Nico Schottelius (nico-cdist at schottelius.org) +# 2019 Timothée Floure (timothee.floure at ungleich.ch) # # This file is part of cdist. # @@ -19,133 +20,64 @@ # along with cdist. If not, see . # - os=$(cat "$__global/explorer/os") -case "$os" in - alpine|scientific|centos|debian|devuan|redhat|ubuntu) - # whitelist safeguard - : - ;; - *) - echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2 - echo "Please contribute an implementation for it if you can." >&2 - exit 1 - ;; -esac +### +# Type parameters. state="$(cat "$__object/parameter/state")" user="$(cat "$__object/parameter/user")" group="$(cat "$__object/parameter/group")" +release=$(cat "$__global/explorer/lsb_release") +if [ -f "$__object/parameter/use-distribution-package" ]; then + use_distribution_package=1 +fi + +### +# Those are default that might be overriden by os-specific logic. + data_dir="/var/lib/consul" conf_dir="/etc/consul/conf.d" conf_file="config.json" +tls_dir="$conf_dir/tls" -# FIXME: there has got to be a better way to handle the dependencies in this case -case "$state" in - present) - __group "$group" --system --state "$state" - require="__group/$group" \ - __user "$user" --system --gid "$group" \ - --home "$data_dir" --state "$state" - export require="__user/consul" - ;; - absent) - echo "Sorry, state=absent currently not supported :-(" >&2 - exit 1 - require="$__object_name" \ - __user "$user" --system --gid "$group" --state "$state" - require="__user/$user" \ - __group "$group" --system --state "$state" - ;; -esac +### +# Sane deployment, based on distribution package when available. -__directory /etc/consul \ - --owner root --group "$group" --mode 750 --state "$state" -require="__directory/etc/consul" \ - __directory "$conf_dir" \ - --owner root --group "$group" --mode 750 --state "$state" +distribution_setup () { + case "$os" in + debian) + # consul is only available starting Debian 10 (buster). + # See https://packages.debian.org/buster/consul + if [ $release -lt 10 ]; then + echo "Consul is not available for your debian release." >&2 + echo "Please use the 'manual' (i.e. non-package) installation or \ + upgrade the target system." >&2 + exit 1 + fi -if [ -f "$__object/parameter/ca-file-source" ] || [ -f "$__object/parameter/cert-file-source" ] || [ -f "$__object/parameter/key-file-source" ]; then - # create directory for ssl certs - require="__directory/etc/consul" \ - __directory /etc/consul/ssl \ - --owner root --group "$group" --mode 750 --state "$state" -fi + # Override previously defined environment to match debian packaging. + conf_dir='/etc/consul.d' + user='consul' + grou='consul' + ;; + *) + echo "Your operating system ($os) is currently not supported with the \ + --use-distribution-package flag (${__type##*/})." >&2 + echo "Please use non-package installation or contribute an \ + implementation for if you can." >&2 + exit 1 + ;; + esac -__directory "$data_dir" \ - --owner "$user" --group "$group" --mode 770 --state "$state" + # Install consul package. + __package consul --state $state + export config_deployment_requires="__package/consul" +} -# Generate json config file -( -echo "{" - -# parameters we define ourself -printf ' "data_dir": "%s"\n' "$data_dir" - -cd "$__object/parameter/" -for param in *; do - case "$param" in - state|user|group|json-config) continue ;; - ca-file-source|cert-file-source|key-file-source) - source="$(cat "$__object/parameter/$param")" - destination="/etc/consul/ssl/${source##*/}" - require="__directory/etc/consul/ssl" \ - __file "$destination" \ - --owner root --group consul --mode 640 \ - --source "$source" \ - --state "$state" - key="$(echo "${param%-*}" | tr '-' '_')" - printf ' ,"%s": "%s"\n' "$key" "$destination" - ;; - disable-remote-exec|disable-update-check|leave-on-terminate|rejoin-after-leave|server|enable-syslog|verify-incoming|verify-outgoing) - # handle boolean parameters - key="$(echo "$param" | tr '-' '_')" - printf ' ,"%s": true\n' "$key" - ;; - retry-join) - # join multiple parameters into json array - retry_join="$(awk '{printf "\""$1"\","}' "$__object/parameter/retry-join")" - # remove trailing , - printf ' ,"retry_join": [%s]\n' "${retry_join%*,}" - ;; - retry-join-wan) - # join multiple parameters into json array over wan - retry_join_wan="$(awk '{printf "\""$1"\","}' "$__object/parameter/retry-join-wan")" - # remove trailing , - printf ' ,"retry_join_wan": [%s]\n' "${retry_join_wan%*,}" - ;; - bootstrap-expect) - # integer key=value parameters - key="$(echo "$param" | tr '-' '_')" - printf ' ,"%s": %s\n' "$key" "$(cat "$__object/parameter/$param")" - ;; - *) - # string key=value parameters - key="$(echo "$param" | tr '-' '_')" - printf ' ,"%s": "%s"\n' "$key" "$(cat "$__object/parameter/$param")" - ;; - esac -done -if [ -f "$__object/parameter/json-config" ]; then - json_config="$(cat "$__object/parameter/json-config")" - if [ "$json_config" = "-" ]; then - json_config="$__object/stdin" - fi - # remove leading and trailing whitespace and commas from first and last line - # indent each line with 3 spaces for consistency - json=$(sed -e 's/^[ \t]*/ /' -e '1s/^[ \t,]*//' -e '$s/[ \t,]*$//' "$json_config") - printf ' ,%s\n' "$json" -fi -echo "}" -) | \ -require="__directory${conf_dir}" \ - __config_file "${conf_dir}/${conf_file}" \ - --owner root --group "$group" --mode 640 \ - --state "$state" \ - --onchange 'service consul status >/dev/null && service consul reload || true' \ - --source - +### +# LEGACY manual deployment, kept for compatibility reasons. init_sysvinit() { @@ -179,47 +111,184 @@ init_upstart() require="__file/etc/init/consul.conf" __start_on_boot consul } -# Install init script to start on boot -case "$os" in - devuan) - init_sysvinit debian - ;; - centos|redhat) - os_version="$(sed 's/[^0-9.]//g' "$__global/explorer/os_version")" - major_version="${os_version%%.*}" - case "$major_version" in - [456]) - init_sysvinit redhat - ;; - 7) - init_systemd - ;; - *) - echo "Unsupported CentOS/Redhat version: $os_version" >&2 - exit 1 - ;; - esac - ;; +manual_setup () { + case "$os" in + alpine|scientific|centos|debian|devuan|redhat|ubuntu) + # whitelist safeguard + : + ;; + *) + echo "Your operating system ($os) is currently not supported by this \ + type (${__type##*/})." >&2 + echo "Please contribute an implementation for it if you can." >&2 + exit 1 + ;; + esac - debian) - os_version=$(cat "$__global/explorer/os_version") - major_version="${os_version%%.*}" + # FIXME: there has got to be a better way to handle the dependencies in this case + case "$state" in + present) + __group "$group" --system --state "$state" + require="__group/$group" __user "$user" \ + --system --gid "$group" --home "$data_dir" --state "$state" + ;; + *) + echo "The $state state is not (yet?) supported by this type." >&2 + exit 1 + ;; + esac - case "$major_version" in - [567]) - init_sysvinit debian - ;; - [89]|10) - init_systemd - ;; - *) - echo "Unsupported Debian version $os_version" >&2 - exit 1 - ;; - esac - ;; + # Create data directory. + require="__user/consul"__directory "$data_dir" \ + --owner "$user" --group "$group" --mode 770 --state "$state" - ubuntu) - init_upstart + # Create config directory. + require="__user/consul" __directory "$conf_dir" \ + --parents --owner root --group "$group" --mode 750 --state "$state" + + # Install init script to start on boot + case "$os" in + devuan) + init_sysvinit debian + ;; + centos|redhat) + os_version="$(sed 's/[^0-9.]//g' "$__global/explorer/os_version")" + major_version="${os_version%%.*}" + case "$major_version" in + [456]) + init_sysvinit redhat + ;; + 7) + init_systemd + ;; + *) + echo "Unsupported CentOS/Redhat version: $os_version" >&2 + exit 1 + ;; + esac + ;; + + debian) + os_version=$(cat "$__global/explorer/os_version") + major_version="${os_version%%.*}" + + case "$major_version" in + [567]) + init_sysvinit debian + ;; + [89]|10) + init_systemd + ;; + *) + echo "Unsupported Debian version $os_version" >&2 + exit 1 + ;; + esac + ;; + + ubuntu) + init_upstart + ;; + esac + + config_deployment_requires="__user/consul __directory/$conf_dir" +} + +### +# Trigger requested installation method. +if [ $use_distribution_package ]; then + distribution_setup +else + manual_setup +fi + +### +# Generate and deploy configuration. +json_configuration=$( + echo "{" + + # parameters we define ourself + printf ' "data_dir": "%s"\n' "$data_dir" + + cd "$__object/parameter/" + for param in *; do + case "$param" in + state|user|group|json-config|use-distribution-package) continue ;; + ca-file-source|cert-file-source|key-file-source) + source="$(cat "$__object/parameter/$param")" + destination="/etc/consul/ssl/${source##*/}" + require="__directory/etc/consul/ssl" \ + __file "$destination" \ + --owner root --group consul --mode 640 \ + --source "$source" \ + --state "$state" + key="$(echo "${param%-*}" | tr '-' '_')" + printf ' ,"%s": "%s"\n' "$key" "$destination" ;; -esac + disable-remote-exec|disable-update-check|leave-on-terminate\ + |rejoin-after-leave|server|enable-syslog|verify-incoming|verify-outgoing) + # handle boolean parameters + key="$(echo "$param" | tr '-' '_')" + printf ' ,"%s": true\n' "$key" + ;; + retry-join) + # join multiple parameters into json array + retry_join="$(awk '{printf "\""$1"\","}' "$__object/parameter/retry-join")" + # remove trailing , + printf ' ,"retry_join": [%s]\n' "${retry_join%*,}" + ;; + retry-join-wan) + # join multiple parameters into json array over wan + retry_join_wan="$(awk '{printf "\""$1"\","}' "$__object/parameter/retry-join-wan")" + # remove trailing , + printf ' ,"retry_join_wan": [%s]\n' "${retry_join_wan%*,}" + ;; + bootstrap-expect) + # integer key=value parameters + key="$(echo "$param" | tr '-' '_')" + printf ' ,"%s": %s\n' "$key" "$(cat "$__object/parameter/$param")" + ;; + *) + # string key=value parameters + key="$(echo "$param" | tr '-' '_')" + printf ' ,"%s": "%s"\n' "$key" "$(cat "$__object/parameter/$param")" + ;; + esac + done + if [ -f "$__object/parameter/json-config" ]; then + json_config="$(cat "$__object/parameter/json-config")" + if [ "$json_config" = "-" ]; then + json_config="$__object/stdin" + fi + # remove leading and trailing whitespace and commas from first and last line + # indent each line with 3 spaces for consistency + json=$(sed -e 's/^[ \t]*/ /' -e '1s/^[ \t,]*//' -e '$s/[ \t,]*$//' "$json_config") + printf ' ,%s\n' "$json" + fi + echo "}" +) +echo "$json_configuration" | require="$config_deployment_requires" \ + __file "$conf_dir/$conf_file" \ + --owner root --group "$group" --mode 640 \ + --state "$state" \ + --source - + +# Set configuration deployment as requirement for service restart. +restart_requires="__file/$conf_dir/$conf_file" + +### +# Install TLS certificates. +if [ -f "$__object/parameter/ca-file-source" ] || \ + [ -f "$__object/parameter/cert-file-source" ] || \ + [ -f "$__object/parameter/key-file-source" ]; then + + requires="__file/$conf_dir/$conf_file" __directory $conf_dir/tls \ + --owner root --group "$group" --mode 750 --state "$state" + + # Append to service restart requirements. + restart_requires="$restart_requires __directory/$conf_dir/tls" +fi + +### +# Restart consul agent after everything else. +require="$restart_requires" __service consul --action restart diff --git a/cdist/conf/type/__consul_agent/parameter/boolean b/cdist/conf/type/__consul_agent/parameter/boolean index 91f7f17e..c86853c3 100644 --- a/cdist/conf/type/__consul_agent/parameter/boolean +++ b/cdist/conf/type/__consul_agent/parameter/boolean @@ -6,3 +6,4 @@ server enable-syslog verify-incoming verify-outgoing +use-distribution-package From f595664924b3ae2ad190f9469fdf0be3b38d8a47 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Tue, 21 Jan 2020 10:07:21 +0100 Subject: [PATCH 038/176] Patch __consul_* to discover remote consul configuration dir --- cdist/conf/type/__consul_check/explorer/conf-dir | 1 + cdist/conf/type/__consul_check/manifest | 2 +- .../conf/type/__consul_service/explorer/conf-dir | 15 +++++++++++++++ cdist/conf/type/__consul_service/manifest | 5 ++--- .../type/__consul_watch_checks/explorer/conf-dir | 1 + cdist/conf/type/__consul_watch_checks/manifest | 2 +- .../type/__consul_watch_event/explorer/conf-dir | 1 + cdist/conf/type/__consul_watch_event/manifest | 2 +- .../type/__consul_watch_key/explorer/conf-dir | 1 + cdist/conf/type/__consul_watch_key/manifest | 2 +- .../__consul_watch_keyprefix/explorer/conf-dir | 1 + cdist/conf/type/__consul_watch_keyprefix/manifest | 2 +- .../type/__consul_watch_nodes/explorer/conf-dir | 1 + cdist/conf/type/__consul_watch_nodes/manifest | 2 +- .../type/__consul_watch_service/explorer/conf-dir | 1 + cdist/conf/type/__consul_watch_service/manifest | 2 +- .../__consul_watch_services/explorer/conf-dir | 1 + cdist/conf/type/__consul_watch_services/manifest | 2 +- 18 files changed, 33 insertions(+), 11 deletions(-) create mode 120000 cdist/conf/type/__consul_check/explorer/conf-dir create mode 100644 cdist/conf/type/__consul_service/explorer/conf-dir create mode 120000 cdist/conf/type/__consul_watch_checks/explorer/conf-dir create mode 120000 cdist/conf/type/__consul_watch_event/explorer/conf-dir create mode 120000 cdist/conf/type/__consul_watch_key/explorer/conf-dir create mode 120000 cdist/conf/type/__consul_watch_keyprefix/explorer/conf-dir create mode 120000 cdist/conf/type/__consul_watch_nodes/explorer/conf-dir create mode 120000 cdist/conf/type/__consul_watch_service/explorer/conf-dir create mode 120000 cdist/conf/type/__consul_watch_services/explorer/conf-dir diff --git a/cdist/conf/type/__consul_check/explorer/conf-dir b/cdist/conf/type/__consul_check/explorer/conf-dir new file mode 120000 index 00000000..daa712c3 --- /dev/null +++ b/cdist/conf/type/__consul_check/explorer/conf-dir @@ -0,0 +1 @@ +../../__consul_service/explorer/conf-dir \ No newline at end of file diff --git a/cdist/conf/type/__consul_check/manifest b/cdist/conf/type/__consul_check/manifest index c9f7add9..522aa1a9 100755 --- a/cdist/conf/type/__consul_check/manifest +++ b/cdist/conf/type/__consul_check/manifest @@ -19,7 +19,7 @@ # name="$(cat "$__object/parameter/name" 2>/dev/null || echo "$__object_id")" -conf_dir="/etc/consul/conf.d" +conf_dir=$(cat "$__object/explorer/conf-dir") conf_file="check_${name}.json" state="$(cat "$__object/parameter/state")" diff --git a/cdist/conf/type/__consul_service/explorer/conf-dir b/cdist/conf/type/__consul_service/explorer/conf-dir new file mode 100644 index 00000000..6e94f781 --- /dev/null +++ b/cdist/conf/type/__consul_service/explorer/conf-dir @@ -0,0 +1,15 @@ +# Determine the configuration directory used by consul. + +check_dir () { + if [ -d "$1" ]; then + echo -n "$1" + exit + fi +} + +check_dir '/etc/consul/conf.d' +check_dir '/etc/consul.d' +check_dir '/etc/consul' + +echo 'Could not determine consul configuration dir. Exiting.' >&2 +exit 1 diff --git a/cdist/conf/type/__consul_service/manifest b/cdist/conf/type/__consul_service/manifest index 60397db7..d16f18e0 100755 --- a/cdist/conf/type/__consul_service/manifest +++ b/cdist/conf/type/__consul_service/manifest @@ -19,7 +19,7 @@ # name="$(cat "$__object/parameter/name" 2>/dev/null || echo "$__object_id")" -conf_dir="/etc/consul/conf.d" +conf_dir=$(cat "$__object/explorer/conf-dir") conf_file="service_${name}.json" state="$(cat "$__object/parameter/state")" @@ -45,7 +45,7 @@ printf ' "name": "%s"\n' "$name" cd "$__object/parameter/" for param in *; do case "$param" in - state|name|check-interval) continue ;; + state|name|check-interval|conf-dir) continue ;; check-script) printf ' ,"check": {\n' printf ' "script": "%s"\n' "$(cat "$__object/parameter/check-script")" @@ -86,7 +86,6 @@ echo " }" # end json file echo "}" ) | \ -require="__directory${conf_dir}" \ __config_file "${conf_dir}/${conf_file}" \ --owner root --group consul --mode 640 \ --state "$state" \ diff --git a/cdist/conf/type/__consul_watch_checks/explorer/conf-dir b/cdist/conf/type/__consul_watch_checks/explorer/conf-dir new file mode 120000 index 00000000..daa712c3 --- /dev/null +++ b/cdist/conf/type/__consul_watch_checks/explorer/conf-dir @@ -0,0 +1 @@ +../../__consul_service/explorer/conf-dir \ No newline at end of file diff --git a/cdist/conf/type/__consul_watch_checks/manifest b/cdist/conf/type/__consul_watch_checks/manifest index 5fdd7a74..4976b25a 100755 --- a/cdist/conf/type/__consul_watch_checks/manifest +++ b/cdist/conf/type/__consul_watch_checks/manifest @@ -20,7 +20,7 @@ cdist_type="${__type##*/}" watch_type="${cdist_type##*_}" -conf_dir="/etc/consul/conf.d" +conf_dir=$(cat "$__object/explorer/conf-dir") conf_file="watch_${watch_type}_${__object_id}.json" state="$(cat "$__object/parameter/state")" diff --git a/cdist/conf/type/__consul_watch_event/explorer/conf-dir b/cdist/conf/type/__consul_watch_event/explorer/conf-dir new file mode 120000 index 00000000..daa712c3 --- /dev/null +++ b/cdist/conf/type/__consul_watch_event/explorer/conf-dir @@ -0,0 +1 @@ +../../__consul_service/explorer/conf-dir \ No newline at end of file diff --git a/cdist/conf/type/__consul_watch_event/manifest b/cdist/conf/type/__consul_watch_event/manifest index 61934656..b17680c1 100755 --- a/cdist/conf/type/__consul_watch_event/manifest +++ b/cdist/conf/type/__consul_watch_event/manifest @@ -20,7 +20,7 @@ cdist_type="${__type##*/}" watch_type="${cdist_type##*_}" -conf_dir="/etc/consul/conf.d" +conf_dir=$(cat "$__object/explorer/conf-dir") conf_file="watch_${watch_type}_${__object_id}.json" state="$(cat "$__object/parameter/state")" diff --git a/cdist/conf/type/__consul_watch_key/explorer/conf-dir b/cdist/conf/type/__consul_watch_key/explorer/conf-dir new file mode 120000 index 00000000..daa712c3 --- /dev/null +++ b/cdist/conf/type/__consul_watch_key/explorer/conf-dir @@ -0,0 +1 @@ +../../__consul_service/explorer/conf-dir \ No newline at end of file diff --git a/cdist/conf/type/__consul_watch_key/manifest b/cdist/conf/type/__consul_watch_key/manifest index 61934656..b17680c1 100755 --- a/cdist/conf/type/__consul_watch_key/manifest +++ b/cdist/conf/type/__consul_watch_key/manifest @@ -20,7 +20,7 @@ cdist_type="${__type##*/}" watch_type="${cdist_type##*_}" -conf_dir="/etc/consul/conf.d" +conf_dir=$(cat "$__object/explorer/conf-dir") conf_file="watch_${watch_type}_${__object_id}.json" state="$(cat "$__object/parameter/state")" diff --git a/cdist/conf/type/__consul_watch_keyprefix/explorer/conf-dir b/cdist/conf/type/__consul_watch_keyprefix/explorer/conf-dir new file mode 120000 index 00000000..daa712c3 --- /dev/null +++ b/cdist/conf/type/__consul_watch_keyprefix/explorer/conf-dir @@ -0,0 +1 @@ +../../__consul_service/explorer/conf-dir \ No newline at end of file diff --git a/cdist/conf/type/__consul_watch_keyprefix/manifest b/cdist/conf/type/__consul_watch_keyprefix/manifest index 61934656..b17680c1 100755 --- a/cdist/conf/type/__consul_watch_keyprefix/manifest +++ b/cdist/conf/type/__consul_watch_keyprefix/manifest @@ -20,7 +20,7 @@ cdist_type="${__type##*/}" watch_type="${cdist_type##*_}" -conf_dir="/etc/consul/conf.d" +conf_dir=$(cat "$__object/explorer/conf-dir") conf_file="watch_${watch_type}_${__object_id}.json" state="$(cat "$__object/parameter/state")" diff --git a/cdist/conf/type/__consul_watch_nodes/explorer/conf-dir b/cdist/conf/type/__consul_watch_nodes/explorer/conf-dir new file mode 120000 index 00000000..daa712c3 --- /dev/null +++ b/cdist/conf/type/__consul_watch_nodes/explorer/conf-dir @@ -0,0 +1 @@ +../../__consul_service/explorer/conf-dir \ No newline at end of file diff --git a/cdist/conf/type/__consul_watch_nodes/manifest b/cdist/conf/type/__consul_watch_nodes/manifest index 61934656..b17680c1 100755 --- a/cdist/conf/type/__consul_watch_nodes/manifest +++ b/cdist/conf/type/__consul_watch_nodes/manifest @@ -20,7 +20,7 @@ cdist_type="${__type##*/}" watch_type="${cdist_type##*_}" -conf_dir="/etc/consul/conf.d" +conf_dir=$(cat "$__object/explorer/conf-dir") conf_file="watch_${watch_type}_${__object_id}.json" state="$(cat "$__object/parameter/state")" diff --git a/cdist/conf/type/__consul_watch_service/explorer/conf-dir b/cdist/conf/type/__consul_watch_service/explorer/conf-dir new file mode 120000 index 00000000..daa712c3 --- /dev/null +++ b/cdist/conf/type/__consul_watch_service/explorer/conf-dir @@ -0,0 +1 @@ +../../__consul_service/explorer/conf-dir \ No newline at end of file diff --git a/cdist/conf/type/__consul_watch_service/manifest b/cdist/conf/type/__consul_watch_service/manifest index db38eb18..e8d18328 100755 --- a/cdist/conf/type/__consul_watch_service/manifest +++ b/cdist/conf/type/__consul_watch_service/manifest @@ -20,7 +20,7 @@ cdist_type="${__type##*/}" watch_type="${cdist_type##*_}" -conf_dir="/etc/consul/conf.d" +conf_dir=$(cat "$__object/explorer/conf-dir") conf_file="watch_${watch_type}_${__object_id}.json" state="$(cat "$__object/parameter/state")" diff --git a/cdist/conf/type/__consul_watch_services/explorer/conf-dir b/cdist/conf/type/__consul_watch_services/explorer/conf-dir new file mode 120000 index 00000000..daa712c3 --- /dev/null +++ b/cdist/conf/type/__consul_watch_services/explorer/conf-dir @@ -0,0 +1 @@ +../../__consul_service/explorer/conf-dir \ No newline at end of file diff --git a/cdist/conf/type/__consul_watch_services/manifest b/cdist/conf/type/__consul_watch_services/manifest index 61934656..b17680c1 100755 --- a/cdist/conf/type/__consul_watch_services/manifest +++ b/cdist/conf/type/__consul_watch_services/manifest @@ -20,7 +20,7 @@ cdist_type="${__type##*/}" watch_type="${cdist_type##*_}" -conf_dir="/etc/consul/conf.d" +conf_dir=$(cat "$__object/explorer/conf-dir") conf_file="watch_${watch_type}_${__object_id}.json" state="$(cat "$__object/parameter/state")" From 31ad1bdaad701720303054d668cf9635987edf1f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Sun, 26 Jan 2020 15:13:12 +0100 Subject: [PATCH 039/176] Fix various typos and styling errors in __consul_agent, conf-dir explorer --- cdist/conf/type/__consul_agent/manifest | 40 ++++++++++--------- .../type/__consul_service/explorer/conf-dir | 2 +- 2 files changed, 22 insertions(+), 20 deletions(-) diff --git a/cdist/conf/type/__consul_agent/manifest b/cdist/conf/type/__consul_agent/manifest index 599f15b4..40667002 100755 --- a/cdist/conf/type/__consul_agent/manifest +++ b/cdist/conf/type/__consul_agent/manifest @@ -49,7 +49,7 @@ distribution_setup () { debian) # consul is only available starting Debian 10 (buster). # See https://packages.debian.org/buster/consul - if [ $release -lt 10 ]; then + if [ "$release" -lt 10 ]; then echo "Consul is not available for your debian release." >&2 echo "Please use the 'manual' (i.e. non-package) installation or \ upgrade the target system." >&2 @@ -59,7 +59,7 @@ distribution_setup () { # Override previously defined environment to match debian packaging. conf_dir='/etc/consul.d' user='consul' - grou='consul' + group='consul' ;; *) echo "Your operating system ($os) is currently not supported with the \ @@ -71,7 +71,7 @@ distribution_setup () { esac # Install consul package. - __package consul --state $state + __package consul --state "$state" export config_deployment_requires="__package/consul" } @@ -139,7 +139,7 @@ manual_setup () { esac # Create data directory. - require="__user/consul"__directory "$data_dir" \ + require="__user/consul" __directory "$data_dir" \ --owner "$user" --group "$group" --mode 770 --state "$state" # Create config directory. @@ -202,8 +202,23 @@ else manual_setup fi +### +# Install TLS certificates. + +if [ -f "$__object/parameter/ca-file-source" ] || \ + [ -f "$__object/parameter/cert-file-source" ] || \ + [ -f "$__object/parameter/key-file-source" ]; then + + requires="$config_deployment_requires" __directory $tls_dir \ + --owner root --group "$group" --mode 750 --state "$state" + + # Append to service restart requirements. + restart_requires="$restart_requires __directory/$conf_dir/tls" +fi + ### # Generate and deploy configuration. + json_configuration=$( echo "{" @@ -216,8 +231,8 @@ json_configuration=$( state|user|group|json-config|use-distribution-package) continue ;; ca-file-source|cert-file-source|key-file-source) source="$(cat "$__object/parameter/$param")" - destination="/etc/consul/ssl/${source##*/}" - require="__directory/etc/consul/ssl" \ + destination="$tls_dir/${source##*/}" + require="__directory/$tls_dir" \ __file "$destination" \ --owner root --group consul --mode 640 \ --source "$source" \ @@ -276,19 +291,6 @@ echo "$json_configuration" | require="$config_deployment_requires" \ # Set configuration deployment as requirement for service restart. restart_requires="__file/$conf_dir/$conf_file" -### -# Install TLS certificates. -if [ -f "$__object/parameter/ca-file-source" ] || \ - [ -f "$__object/parameter/cert-file-source" ] || \ - [ -f "$__object/parameter/key-file-source" ]; then - - requires="__file/$conf_dir/$conf_file" __directory $conf_dir/tls \ - --owner root --group "$group" --mode 750 --state "$state" - - # Append to service restart requirements. - restart_requires="$restart_requires __directory/$conf_dir/tls" -fi - ### # Restart consul agent after everything else. require="$restart_requires" __service consul --action restart diff --git a/cdist/conf/type/__consul_service/explorer/conf-dir b/cdist/conf/type/__consul_service/explorer/conf-dir index 6e94f781..0fc9ef84 100644 --- a/cdist/conf/type/__consul_service/explorer/conf-dir +++ b/cdist/conf/type/__consul_service/explorer/conf-dir @@ -2,7 +2,7 @@ check_dir () { if [ -d "$1" ]; then - echo -n "$1" + printf '%s' "$1" exit fi } From 09540dc6bd63cb338ed8dc27bf69e2cc3547f02f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Mon, 17 Feb 2020 11:18:36 +0100 Subject: [PATCH 040/176] Add simple __service type --- .../type/__service/explorer/service-manager | 8 +++ cdist/conf/type/__service/gencode-remote | 9 ++++ cdist/conf/type/__service/man.rst | 51 +++++++++++++++++++ cdist/conf/type/__service/manifest | 15 ++++++ cdist/conf/type/__service/parameter/required | 1 + 5 files changed, 84 insertions(+) create mode 100755 cdist/conf/type/__service/explorer/service-manager create mode 100755 cdist/conf/type/__service/gencode-remote create mode 100644 cdist/conf/type/__service/man.rst create mode 100644 cdist/conf/type/__service/manifest create mode 100644 cdist/conf/type/__service/parameter/required diff --git a/cdist/conf/type/__service/explorer/service-manager b/cdist/conf/type/__service/explorer/service-manager new file mode 100755 index 00000000..55a873fa --- /dev/null +++ b/cdist/conf/type/__service/explorer/service-manager @@ -0,0 +1,8 @@ +#!/bin/sh + +# Assume systemd if systemctl is in PATH. +if [ "$(command -v systemctl)" ]; then + printf "systemd" +else + printf "unknown" +fi diff --git a/cdist/conf/type/__service/gencode-remote b/cdist/conf/type/__service/gencode-remote new file mode 100755 index 00000000..ac62e05f --- /dev/null +++ b/cdist/conf/type/__service/gencode-remote @@ -0,0 +1,9 @@ +#!/bin/sh + +manager="$(cat "$__object/explorer/service-manager")" +name=$__object_id +action="$(cat "$__object/parameter/action")" + +if [ "$manager" = "unknown" ]; then + echo "service '$name' '$action'" +fi diff --git a/cdist/conf/type/__service/man.rst b/cdist/conf/type/__service/man.rst new file mode 100644 index 00000000..f9b23d5b --- /dev/null +++ b/cdist/conf/type/__service/man.rst @@ -0,0 +1,51 @@ +cdist-type__service(7) +====================== + +NAME +---- +cdist-type__service - Run action on a system service + + +DESCRIPTION +----------- +This type allows you to run an action against a system service. + + +REQUIRED PARAMETERS +------------------- +action + Arbitrary parameter passed as action. Usually 'start', 'stop', 'reload' or 'restart'. + +OPTIONAL PARAMETERS +------------------- +None. + + +BOOLEAN PARAMETERS +------------------ +None. + + +EXAMPLES +-------- + +.. code-block:: sh + + # Restart nginx service. + __service nginx --action restart + + # Stop postfix service. + __service postfix --action stop + + +AUTHORS +------- +Timothée Floure + + +COPYING +------- +Copyright \(C) 2019 Timothée Floure. You can redistribute it +and/or modify it under the terms of the GNU General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. diff --git a/cdist/conf/type/__service/manifest b/cdist/conf/type/__service/manifest new file mode 100644 index 00000000..cb5af234 --- /dev/null +++ b/cdist/conf/type/__service/manifest @@ -0,0 +1,15 @@ +#!/bin/sh + +manager="$(cat "$__object/explorer/service-manager")" + +name=$__object_id +action="$(cat "$__object/parameter/action")" + +case "$manager" in + systemd) + __systemd_service "$name" --action "$action" + ;; + *) + # Unknown: handled by `service $NAME $action` in gencode-remote. + ;; +esac diff --git a/cdist/conf/type/__service/parameter/required b/cdist/conf/type/__service/parameter/required new file mode 100644 index 00000000..a9f84d41 --- /dev/null +++ b/cdist/conf/type/__service/parameter/required @@ -0,0 +1 @@ +action From b891bb05d5751fe0f80829d7fe54cd56468d5e51 Mon Sep 17 00:00:00 2001 From: Ander Punnar Date: Wed, 19 Feb 2020 12:58:22 +0200 Subject: [PATCH 041/176] __update_alternatives: add state explorer --- cdist/conf/type/__update_alternatives/explorer/state | 8 ++++++++ cdist/conf/type/__update_alternatives/gencode-remote | 4 ++++ 2 files changed, 12 insertions(+) create mode 100755 cdist/conf/type/__update_alternatives/explorer/state diff --git a/cdist/conf/type/__update_alternatives/explorer/state b/cdist/conf/type/__update_alternatives/explorer/state new file mode 100755 index 00000000..04a78aaa --- /dev/null +++ b/cdist/conf/type/__update_alternatives/explorer/state @@ -0,0 +1,8 @@ +#!/bin/sh -e +path="$(cat "$__object/parameter/path")" +name="$__object_id" +link="$(readlink "/etc/alternatives/$name")" +if [ "$path" = "$link" ] +then echo present +else echo absent +fi diff --git a/cdist/conf/type/__update_alternatives/gencode-remote b/cdist/conf/type/__update_alternatives/gencode-remote index 0e7b0d89..b632deb2 100755 --- a/cdist/conf/type/__update_alternatives/gencode-remote +++ b/cdist/conf/type/__update_alternatives/gencode-remote @@ -21,6 +21,10 @@ # Setup alternative - no standard way to create, always set # +if [ "$(cat "$__object/explorer/state")" = 'present' ] +then exit 0 +fi + path="$(cat "$__object/parameter/path")" name="$__object_id" echo "update-alternatives --quiet --set '$name' '$path'" From a3bc8f94075e23d8c0032fc8322aba5eebebd41e Mon Sep 17 00:00:00 2001 From: Ander Punnar Date: Wed, 19 Feb 2020 12:59:14 +0200 Subject: [PATCH 042/176] __update_alternatives: remove expired comment --- cdist/conf/type/__update_alternatives/gencode-remote | 3 --- 1 file changed, 3 deletions(-) diff --git a/cdist/conf/type/__update_alternatives/gencode-remote b/cdist/conf/type/__update_alternatives/gencode-remote index b632deb2..c0b49814 100755 --- a/cdist/conf/type/__update_alternatives/gencode-remote +++ b/cdist/conf/type/__update_alternatives/gencode-remote @@ -17,9 +17,6 @@ # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # -# -# Setup alternative - no standard way to create, always set -# if [ "$(cat "$__object/explorer/state")" = 'present' ] then exit 0 From 1b0caeda13ddfc3d941332ea912983aba01b4819 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Wed, 19 Feb 2020 14:49:35 +0100 Subject: [PATCH 043/176] ++changelog --- docs/changelog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/changelog b/docs/changelog index bd767b9d..6410d36d 100644 --- a/docs/changelog +++ b/docs/changelog @@ -1,6 +1,9 @@ Changelog --------- +next: + * Type __update_alternatives: Add state explorer (Ander Punnar) + 6.5.1: 2020-02-15 * Type __consul_agent: Add Debian 10 support (Nico Schottelius) * Explorer os_release: Add fallbacks (Dennis Camera) From 28d3760e29aaf8cdb30390f7e78c2334d7af8bc4 Mon Sep 17 00:00:00 2001 From: Jin-Guk Kwon Date: Thu, 20 Feb 2020 09:40:55 +0100 Subject: [PATCH 044/176] [cdist]Update os_version for alpine --- cdist/conf/explorer/os_version | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cdist/conf/explorer/os_version b/cdist/conf/explorer/os_version index 4c41695b..1d54ea60 100755 --- a/cdist/conf/explorer/os_version +++ b/cdist/conf/explorer/os_version @@ -70,4 +70,7 @@ case "$("$__explorer/os")" in ubuntu) lsb_release -sr ;; -esac + alpine) + cat /etc/alpine-release + ;; +esac \ No newline at end of file From ceddbd15a04327489916b61e58fdf2d7a7728427 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Thu, 20 Feb 2020 10:15:34 +0100 Subject: [PATCH 045/176] ++changes --- docs/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/changelog b/docs/changelog index 6410d36d..b0ebf789 100644 --- a/docs/changelog +++ b/docs/changelog @@ -3,6 +3,7 @@ Changelog next: * Type __update_alternatives: Add state explorer (Ander Punnar) + * Explorer os_version: Add support for Alpine Linux (Jin-Guk Kwon) 6.5.1: 2020-02-15 * Type __consul_agent: Add Debian 10 support (Nico Schottelius) From 21c9e3db1852eebb88be5454137ceb23159f7dc0 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Mon, 3 Feb 2020 22:12:21 +0100 Subject: [PATCH 046/176] [explorer/init] Support more init systems --- cdist/conf/explorer/init | 225 ++++++++++++++++++++++++++++++--------- 1 file changed, 174 insertions(+), 51 deletions(-) diff --git a/cdist/conf/explorer/init b/cdist/conf/explorer/init index ceae2e9f..bf1736cd 100755 --- a/cdist/conf/explorer/init +++ b/cdist/conf/explorer/init @@ -1,7 +1,8 @@ -#!/bin/sh +#!/bin/sh -e # # 2016 Daniel Heule (hda at sfs.biz) # Copyright 2017, Philippe Gregoire +# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # @@ -23,59 +24,181 @@ # for example at linux this value is "init" or "systemd" in most cases # +set -e + +# Expected values: +# Linux: +# Gentoo: +# sysvinit, openrc-init + +# GNU: +# Debian: +# hurd-init, sysvinit + +# [root@fedora-12 ~]# readlink /proc/1/exe +# /sbin/init (deleted) +# [root@fedora-12 ~]# ls -l /proc/1/exe +# lrwxrwxrwx. 1 root root 0 2020-01-30 23:00 /proc/1/exe -> /sbin/init (deleted) + +# inspired by https://stackoverflow.com/a/33266819 +shreadlink() ( + CDPATH= + target=$1 fname= targetDir= + + # Resolve potential symlinks until the ultimate target is found. + while : + do + if ! test -e "$target" + then + printf 'ERROR: %s does not exist.\n' "'$target'" >&2 + return 1 + fi + + # Change to target dir; necessary for correct resolution of target path. + cd "$(dirname -- "$target")" + + fname=$(basename -- "$target") # Extract filename. + [ "$fname" = '/' ] && fname='' # !! curiously, `basename /` returns '/' + + [ -L "$fname" ] || break + + # Extract [next] target path, which may be defined + # *relative* to the symlink's own directory. + # Note: We parse `ls -l` output to find the symlink target + # which is the only POSIX-compliant, albeit somewhat fragile, way. + # FIXME: Will break if one of the filenames contain ’ -> ’ + target=$(ls -l "$fname" | sed -e 's/^.* -> //') + done + + # Get canonical dir. path + targetDir=$(pwd -P) + + # Output the ultimate target's canonical path. + # Note that we manually resolve paths ending in /. and /.. to make sure we have a normalized path. + if test "$fname" = '.' + then + printf '%s\n' "${targetDir%/}" + elif test "$fname" = '..' + then + # Caveat: something like /var/.. will resolve to /private (assuming /var@ -> /private/var), i.e. the '..' is applied + # AFTER canonicalization. + printf '%s\n' "$(dirname -- "${targetDir}")" + else + printf '%s/%s\n' "${targetDir%/}" "$fname" + fi +) + + case $(uname -s) in - Linux) - if test -d /proc/1/ - then - comm_name=$(cat /proc/1/comm) - else - # BusyBox's versions of ps and pgrep do not support some options - # depending on which compile-time options have been used. - # Both pgrep and ps are tried to get the command name - comm_name=$( - pgrep -P0 -l 2>/dev/null | awk '/^1[ \t]/ { print $2 }' - || ps -o comm= -p 1 2>/dev/null) - fi + Linux|GNU) + # if test -f /proc/1/comm + # then + # comm_name=$(cat /proc/1/comm) + # else + # BusyBox's versions of ps and pgrep do not support some options + # depending on which compile-time options have been used. + # Both pgrep and ps are tried to get the command name + # comm_name=$( + # pgrep -P0 -l 2>/dev/null | awk '/^1[ \t]/ { print $2 }' + # || ps -o comm= -p 1 2>/dev/null) + # fi - case $comm_name - in - systemd) - echo systemd - ;; - init) - # It could be anything... + init_exe=$(shreadlink /proc/1/exe) - if test -h /proc/1/exe - then - init_exe=/proc/1/exe - else - init_exe=$(command -v "$comm_name") - fi + if ! test -x "$init_exe" + then + # On some rare occasions it can happen that the + # running init's binary has been replaced. In this + # case Linux adjusts the symlink to "X (deleted)" + case $init_exe + in + *' (deleted)') + init_exe=${init_exe% (deleted)} + test -x "$init_exe" || exit 1 + ;; + *) + exit 1 + ;; + esac + fi - test -x "$comm_exe" || exit 1 + if test "$init_exe" = '/hurd/init' + then + # XXX: Could maybe be removed + echo hurd-init + exit 0 + fi - case $("$comm_exe" --version | head -n 1) - in - *SysV*) - echo init - ;; - *upstart*) - echo upstart - ;; - *) - echo "" - ;; - esac - esac - ;; - FreeBSD|OpenBSD) - ps -o comm= -p 1 2>/dev/null || true - ;; - Darwin) - basename "$(ps -o comm= -p 1 2>/dev/null)" - ;; - *) - # return a empty string as unknown value - echo "" - ;; + comm_name=$(basename "$init_exe") + case $comm_name + in + init) + : # handled below + ;; + systemd) + # NOTE: sd_booted(3) + if test -d /run/systemd/system/ + then + echo systemd + exit 0 + fi + # otherwise: treat like "init" + ;; + *) + echo "$comm_name" + exit 0 + ;; + esac + + # init: it could be anything... + case $("$init_exe" --version 2>/dev/null | head -n 1) + in + SysV*) + # This is a little bit more specific than init + echo sysvinit + exit 0 + ;; + *'GNU Hurd'*) + echo hurd-init + ;; + *upstart*) + echo upstart + exit 0 + ;; + esac + case $("$init_exe" --help 2>/dev/null | head -n 1) + in + BusyBox*) + echo busybox + exit 0 + ;; + esac + + echo init + ;; + FreeBSD|OpenBSD) + ps -o comm= -p 1 2>/dev/null || true + ;; + Darwin) + basename "$(ps -o comm= -p 1 2>/dev/null)" + ;; + SunOS) + comm_name=$(ps -o comm= -p 1 2>/dev/null) + if test "$(basename "$comm_name")" != 'init' + then + echo "${comm_name}" + exit 0 + fi + + # XXX: Is this the correct way?? + if test -f /etc/svc/volatile/svc_nonpersist.db + then + echo smf + exit 0 + fi + ;; + *) + # return a empty string as unknown value + echo "" + ;; esac From d895bb0e87f524e8a64a802e6ff1922e52860ffa Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Tue, 18 Feb 2020 01:24:41 +0100 Subject: [PATCH 047/176] [explorer/init] Clean up --- cdist/conf/explorer/init | 399 ++++++++++++++++++++++++--------------- 1 file changed, 246 insertions(+), 153 deletions(-) diff --git a/cdist/conf/explorer/init b/cdist/conf/explorer/init index bf1736cd..2d4f07c1 100755 --- a/cdist/conf/explorer/init +++ b/cdist/conf/explorer/init @@ -20,185 +20,278 @@ # along with cdist. If not, see . # # -# Returns the process name of pid 1 ( normaly the init system ) -# for example at linux this value is "init" or "systemd" in most cases +# Returns the name of the init system (PID 1) # - -set -e - # Expected values: # Linux: +# Adélie Linux: +# sysvinit+openrc +# Alpine Linux: +# busybox-init+openrc +# ArchLinux: +# systemd, sysvinit +# CRUX: +# sysvinit +# Debian: +# systemd, upstart, sysvinit, openrc, ??? +# Devuan: +# sysvinit, ??? # Gentoo: -# sysvinit, openrc-init - +# sysvinit+openrc, openrc-init, systemd +# OpenBMC: +# systemd +# OpenWrt: +# procd, init?? +# RedHat (RHEL, CentOS, Fedora, RedHat Linux, ...): +# systemd, upstart, sysvinit +# Slackware: +# sysvinit +# SuSE: +# systemd, sysvinit +# Ubuntu: +# systemd, upstart, sysvinit +# # GNU: -# Debian: -# hurd-init, sysvinit +# Debian: +# hurd-init, sysvinit +# +# BSD: +# {Free,Open,Net}BSD: +# init +# +# Mac OS X: +# launchd, init +# +# Solaris/Illumos: +# smf, init + # [root@fedora-12 ~]# readlink /proc/1/exe # /sbin/init (deleted) # [root@fedora-12 ~]# ls -l /proc/1/exe # lrwxrwxrwx. 1 root root 0 2020-01-30 23:00 /proc/1/exe -> /sbin/init (deleted) -# inspired by https://stackoverflow.com/a/33266819 -shreadlink() ( - CDPATH= - target=$1 fname= targetDir= +set -e +#set -x # DEBUG - # Resolve potential symlinks until the ultimate target is found. - while : - do - if ! test -e "$target" - then - printf 'ERROR: %s does not exist.\n' "'$target'" >&2 - return 1 - fi - - # Change to target dir; necessary for correct resolution of target path. - cd "$(dirname -- "$target")" - - fname=$(basename -- "$target") # Extract filename. - [ "$fname" = '/' ] && fname='' # !! curiously, `basename /` returns '/' - - [ -L "$fname" ] || break - - # Extract [next] target path, which may be defined - # *relative* to the symlink's own directory. - # Note: We parse `ls -l` output to find the symlink target - # which is the only POSIX-compliant, albeit somewhat fragile, way. - # FIXME: Will break if one of the filenames contain ’ -> ’ - target=$(ls -l "$fname" | sed -e 's/^.* -> //') - done - - # Get canonical dir. path - targetDir=$(pwd -P) - - # Output the ultimate target's canonical path. - # Note that we manually resolve paths ending in /. and /.. to make sure we have a normalized path. - if test "$fname" = '.' +validate_busybox_init() { + # It is quite common to use SysVinit to stack other init systemd + # (like OpenRC) on top of it. So we check for that, too. + if stacked=$(validate_openrc) then - printf '%s\n' "${targetDir%/}" - elif test "$fname" = '..' - then - # Caveat: something like /var/.. will resolve to /private (assuming /var@ -> /private/var), i.e. the '..' is applied - # AFTER canonicalization. - printf '%s\n' "$(dirname -- "${targetDir}")" + echo "busybox-init+${stacked}" else - printf '%s/%s\n' "${targetDir%/}" "$fname" + echo busybox-init fi -) +} +validate_hurd_init() { + # FIXME: Test me! + test -x /hurd/init || return 1 + grep -q 'GNU Hurd' /hurd/init || return 1 + echo hurd-init +} -case $(uname -s) in - Linux|GNU) - # if test -f /proc/1/comm - # then - # comm_name=$(cat /proc/1/comm) - # else - # BusyBox's versions of ps and pgrep do not support some options - # depending on which compile-time options have been used. - # Both pgrep and ps are tried to get the command name - # comm_name=$( - # pgrep -P0 -l 2>/dev/null | awk '/^1[ \t]/ { print $2 }' - # || ps -o comm= -p 1 2>/dev/null) - # fi +validate_openrc() { + test -f /run/openrc/softlevel || return 1 + echo openrc +} - init_exe=$(shreadlink /proc/1/exe) +validate_procd() { + grep -q 'procd' /sbin/procd || return 1 + echo procd +} - if ! test -x "$init_exe" - then - # On some rare occasions it can happen that the - # running init's binary has been replaced. In this - # case Linux adjusts the symlink to "X (deleted)" - case $init_exe - in - *' (deleted)') - init_exe=${init_exe% (deleted)} - test -x "$init_exe" || exit 1 - ;; - *) - exit 1 - ;; - esac - fi +validate_runit() { + test -d /run/runit || return 1 + echo runit +} - if test "$init_exe" = '/hurd/init' - then - # XXX: Could maybe be removed - echo hurd-init - exit 0 - fi +validate_smf() { + # XXX: Is this the correct way?? + test -f /etc/svc/volatile/svc_nonpersist.db || return 1 + echo smf +} - comm_name=$(basename "$init_exe") - case $comm_name +validate_systemd() { + # NOTE: sd_booted(3) + test -d /run/systemd/system/ || return 1 + # systemctl --version | sed -e '/^systemd/!d;s/^systemd //' + echo systemd +} + +validate_sysvinit() { + test -x /sbin/init \ + && grep -q 'INIT_VERSION=sysvinit-[0-9.]*' /sbin/init \ + || return 1 + + # It is quite common to use SysVinit to stack other init systemd + # (like OpenRC) on top of it. So we check for that, too. + if stacked=$(validate_openrc) + then + echo "sysvinit+${stacked}" + else + echo sysvinit + fi + unset stacked +} + +validate_upstart() { + test -x "$(command -v initctl)" || return 1 + case $(initctl version) + in + *'(upstart '*')') + # if type -d /etc/init + # then + # # modern (DBus-based?) upstart >= 0.5 + # : + # elif type -d /etc/events.d + # then + # # ancient upstart + # : + # fi + echo upstart + ;; + *) + return 1 + ;; + esac +} + +find_init_procfs() ( + # First, check if the required file in procfs exists... + test -h /proc/1/exe || return 1 + + # Find init executable + init_exe=$(ls -l /proc/1/exe 2>/dev/null) + init_exe=${init_exe#* -> } + + if ! test -x "$init_exe" + then + # On some rare occasions it can happen that the + # running init's binary has been replaced. In this + # case Linux adjusts the symlink to "X (deleted)" + case $init_exe in - init) - : # handled below - ;; - systemd) - # NOTE: sd_booted(3) - if test -d /run/systemd/system/ - then - echo systemd - exit 0 - fi - # otherwise: treat like "init" + *' (deleted)') + init_exe=${init_exe% (deleted)} + test -x "$init_exe" || exit 1 ;; *) - echo "$comm_name" - exit 0 + exit 1 ;; esac + fi - # init: it could be anything... - case $("$init_exe" --version 2>/dev/null | head -n 1) - in - SysV*) - # This is a little bit more specific than init - echo sysvinit - exit 0 - ;; - *'GNU Hurd'*) - echo hurd-init - ;; - *upstart*) - echo upstart - exit 0 - ;; - esac - case $("$init_exe" --help 2>/dev/null | head -n 1) - in - BusyBox*) - echo busybox - exit 0 - ;; - esac + echo "${init_exe}" +) - echo init - ;; - FreeBSD|OpenBSD) - ps -o comm= -p 1 2>/dev/null || true - ;; - Darwin) - basename "$(ps -o comm= -p 1 2>/dev/null)" - ;; - SunOS) - comm_name=$(ps -o comm= -p 1 2>/dev/null) - if test "$(basename "$comm_name")" != 'init' - then - echo "${comm_name}" - exit 0 - fi +# BusyBox's versions of ps and pgrep do not support some options +# depending on which compile-time options have been used. - # XXX: Is this the correct way?? - if test -f /etc/svc/volatile/svc_nonpersist.db - then - echo smf - exit 0 - fi - ;; - *) - # return a empty string as unknown value - echo "" - ;; -esac +find_init_pgrep() { + pgrep -P0 -fl 2>/dev/null | awk -F '[[:blank:]]' '$1 == 1 { print $2 }' +} + +find_init_ps() { + case $(uname -s) + in + Darwin|NetBSD) + ps -o ucomm= -p 1 2>/dev/null + ;; + FreeBSD) + ps -o command= -p 1 2>/dev/null | cut -d ' ' -f 1 + ;; + OpenBSD) + ps -o command -p 1 2>/dev/null | tail -n +2 | cut -d ' ' -f 1 + ;; + *) + ps -o comm= -p 1 2>/dev/null + ;; + esac +} + +find_init() { + case $(uname -s) + in + Linux|GNU|NetBSD) + find_init_procfs || find_init_pgrep || find_init_ps + ;; + FreeBSD) + find_init_procfs || find_init_ps + ;; + OpenBSD) + find_init_pgrep || find_init_ps + ;; + Darwin|FreeBSD|SunOS) + find_init_ps + ;; + *) + echo "Don't know how to determine init." >&2 + echo 'Please send a patch.' >&2 + exit 1 + esac +} + +validate_by_comm_name() { + case $1 + in + busybox) + validate_busybox_init + ;; + init) + # FIXME: Do some more magic here! + echo init + ;; + openrc-init) + validate_openrc >/dev/null && echo openrc-init + ;; + runit) + validate_runit + ;; + systemd) + validate_systemd + ;; + *) + # Run validate function by comm name if available. + # Fall back to comm name if either it does not exist or + # returns non-zero. + type "validate_$1" >/dev/null && "validate_$1" || echo $1 + esac +} + +try_all() { + # init: it could be anything... + # We try some approaches to gather more information about init without + # calling it! On some init systemd this triggers a reinitialisation of + # the system which we don't want (e.g. embedded systems). + + validate_sysvinit || \ + validate_openrc || \ + validate_runit || \ + validate_smf || \ + validate_upstart || \ + validate_hurd_init || \ + echo init # fallback +} + +init=$(find_init) + +if test -x "${init}" +then + case $init + in + /hurd/init) + # FIXME: Create validate function + echo hurd-init + ;; + */init) + try_all + ;; + *) + validate_by_comm_name "$(basename "${init}")" + ;; + esac +else + validate_by_comm_name "${init}" +fi From 364340c8d5a1bcb6492d6c8cdfbbd808b13b5024 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Thu, 20 Feb 2020 21:34:21 +0100 Subject: [PATCH 048/176] [explorer/init] Refactor and testing --- cdist/conf/explorer/init | 392 ++++++++++++++++++++++++++------------- 1 file changed, 267 insertions(+), 125 deletions(-) diff --git a/cdist/conf/explorer/init b/cdist/conf/explorer/init index 2d4f07c1..db417a14 100755 --- a/cdist/conf/explorer/init +++ b/cdist/conf/explorer/init @@ -21,7 +21,7 @@ # # # Returns the name of the init system (PID 1) -# + # Expected values: # Linux: # Adélie Linux: @@ -35,122 +35,221 @@ # Debian: # systemd, upstart, sysvinit, openrc, ??? # Devuan: -# sysvinit, ??? +# sysvinit, sysvinit+openrc # Gentoo: # sysvinit+openrc, openrc-init, systemd # OpenBMC: # systemd # OpenWrt: -# procd, init?? +# procd, init??? # RedHat (RHEL, CentOS, Fedora, RedHat Linux, ...): -# systemd, upstart, sysvinit +# systemd, upstart, upstart-legacy, sysvinit # Slackware: # sysvinit # SuSE: # systemd, sysvinit # Ubuntu: -# systemd, upstart, sysvinit +# systemd, upstart, upstart-legacy, sysvinit +# VoidLinux: +# runit # # GNU: # Debian: -# hurd-init, sysvinit +# sysvinit, hurd-init # # BSD: # {Free,Open,Net}BSD: # init # # Mac OS X: -# launchd, init +# launchd, init+SystemStarter # # Solaris/Illumos: -# smf, init +# smf, init??? +# NOTE: init systems can be stacked. This is popular to run OpenRC on top of +# sysvinit (Gentoo) or busybox-init (Alpine), but can also be used to run runit +# as a systemd service. This makes init system detection very complicated +# (which result is expected?) This script tries to untangle some combinations, +# OpenRC on top of sysv or busybox (X+openrc), but will ignore others (runit as +# a systemd service) + +# NOTE: When we have no idea, nothing will be printed! + +# NOTE: +# When trying to gather information about the init system make sure to do so +# without calling the binary! On some systems this triggers a reinitialisation +# of the system which we don't want (e.g. embedded systems). -# [root@fedora-12 ~]# readlink /proc/1/exe -# /sbin/init (deleted) -# [root@fedora-12 ~]# ls -l /proc/1/exe -# lrwxrwxrwx. 1 root root 0 2020-01-30 23:00 /proc/1/exe -> /sbin/init (deleted) set -e -#set -x # DEBUG -validate_busybox_init() { - # It is quite common to use SysVinit to stack other init systemd +KERNEL_NAME=$(uname -s) + +KNOWN_INIT_SYSTEMS=$(cat </dev/null 2>&1 || return 1 + launchctl getenv PATH >/dev/null || return 1 + echo launchd +} + +check_openrc() { test -f /run/openrc/softlevel || return 1 echo openrc } -validate_procd() { - grep -q 'procd' /sbin/procd || return 1 +check_procd() ( + procd_path=${1:-/sbin/procd} + test -x "${procd_path}" || return 1 + grep -q 'procd' "${procd_path}" || return 1 echo procd -} +) -validate_runit() { +check_runit() { test -d /run/runit || return 1 echo runit } -validate_smf() { +check_smf() { # XXX: Is this the correct way?? test -f /etc/svc/volatile/svc_nonpersist.db || return 1 echo smf } -validate_systemd() { +check_systemd() { # NOTE: sd_booted(3) test -d /run/systemd/system/ || return 1 # systemctl --version | sed -e '/^systemd/!d;s/^systemd //' echo systemd } -validate_sysvinit() { - test -x /sbin/init \ - && grep -q 'INIT_VERSION=sysvinit-[0-9.]*' /sbin/init \ - || return 1 +check_systemstarter() { + test -d /System/Library/StartupItems/ || return 1 + test -f /System/Library/StartupItems/LoginWindow/StartupParameters.plist || return 1 + echo init+SystemStarter +} + +check_sysvinit() ( + init_path=${1:-/sbin/init} + grep -q 'INIT_VERSION=sysvinit-[0-9.]*' "${init_path}" || return 1 # It is quite common to use SysVinit to stack other init systemd # (like OpenRC) on top of it. So we check for that, too. - if stacked=$(validate_openrc) + if stacked=$(check_openrc) then echo "sysvinit+${stacked}" else echo sysvinit fi unset stacked -} +) -validate_upstart() { +check_upstart() { test -x "$(command -v initctl)" || return 1 case $(initctl version) in *'(upstart '*')') - # if type -d /etc/init - # then - # # modern (DBus-based?) upstart >= 0.5 - # : - # elif type -d /etc/events.d - # then - # # ancient upstart - # : - # fi - echo upstart + if test -d /etc/init + then + # modern (DBus-based?) upstart >= 0.5 + echo upstart + elif test -d /etc/event.d + then + # ancient upstart + echo upstart-legacy + else + # whatever... + echo upstart + fi ;; *) return 1 @@ -163,7 +262,7 @@ find_init_procfs() ( test -h /proc/1/exe || return 1 # Find init executable - init_exe=$(ls -l /proc/1/exe 2>/dev/null) + init_exe=$(ls -l /proc/1/exe 2>/dev/null) || return 1 init_exe=${init_exe#* -> } if ! test -x "$init_exe" @@ -171,21 +270,100 @@ find_init_procfs() ( # On some rare occasions it can happen that the # running init's binary has been replaced. In this # case Linux adjusts the symlink to "X (deleted)" - case $init_exe - in - *' (deleted)') - init_exe=${init_exe% (deleted)} - test -x "$init_exe" || exit 1 - ;; - *) - exit 1 - ;; - esac + + # [root@fedora-12 ~]# readlink /proc/1/exe + # /sbin/init (deleted) + # [root@fedora-12 ~]# ls -l /proc/1/exe + # lrwxrwxrwx. 1 root root 0 2020-01-30 23:00 /proc/1/exe -> /sbin/init (deleted) + + init_exe=${init_exe% (deleted)} + test -x "$init_exe" || return 1 fi echo "${init_exe}" ) +guess_by_path() { + case $1 + in + /bin/busybox) + check_busybox_init "$1" && return + ;; + /lib/systemd/systemd) + check_systemd "$1" && return + ;; + /hurd/init) + check_hurd_init "$1" && return + ;; + /sbin/launchd) + check_launchd "$1" && return + ;; + /usr/bin/runit|/sbin/runit) + check_runit "$1" && return + ;; + /sbin/openrc-init) + if check_openrc "$1" >/dev/null + then + echo openrc-init + return + fi + ;; + /sbin/procd) + check_procd && return + ;; + /sbin/init|*/init) + # init: it could be anything -> (explicit) no match + return 1 + ;; + esac + + # No match + return 1 +} + +guess_by_comm_name() { + case $1 + in + busybox) + check_busybox_init && return + ;; + openrc-init) + if check_openrc >/dev/null + then + echo openrc-init + return 0 + fi + ;; + init) + # init could be anything -> no match + return 1 + ;; + *) + # Run check function by comm name if available. + # Fall back to comm name if either it does not exist or + # returns non-zero. + if type "check_$1" >/dev/null + then + "check_$1" && return + else + echo "$1" ; return 0 + fi + esac + + return 1 +} + +check_list() ( + # List must be a multi-line input on stdin (one name per line) + while read init + do + "check_${init}" || continue + return 0 + done + return 1 +) + + # BusyBox's versions of ps and pgrep do not support some options # depending on which compile-time options have been used. @@ -194,25 +372,31 @@ find_init_pgrep() { } find_init_ps() { - case $(uname -s) + case $KERNEL_NAME in - Darwin|NetBSD) - ps -o ucomm= -p 1 2>/dev/null + Darwin) + ps -o command -p 1 2>/dev/null | tail -n +2 ;; FreeBSD) - ps -o command= -p 1 2>/dev/null | cut -d ' ' -f 1 + ps -o args= -p 1 2>/dev/null | cut -d ' ' -f 1 ;; - OpenBSD) - ps -o command -p 1 2>/dev/null | tail -n +2 | cut -d ' ' -f 1 - ;; - *) + Linux) ps -o comm= -p 1 2>/dev/null ;; - esac + NetBSD) + ps -o comm= -p 1 2>/dev/null + ;; + OpenBSD) + ps -o args -p 1 2>/dev/null | tail -n +2 | cut -d ' ' -f 1 + ;; + *) + ps -o args= -p 1 2>/dev/null + ;; + esac | trim # trim trailing whitespace (some ps like Darwin add it) } find_init() { - case $(uname -s) + case $KERNEL_NAME in Linux|GNU|NetBSD) find_init_procfs || find_init_pgrep || find_init_ps @@ -233,65 +417,23 @@ find_init() { esac } -validate_by_comm_name() { - case $1 - in - busybox) - validate_busybox_init - ;; - init) - # FIXME: Do some more magic here! - echo init - ;; - openrc-init) - validate_openrc >/dev/null && echo openrc-init - ;; - runit) - validate_runit - ;; - systemd) - validate_systemd - ;; - *) - # Run validate function by comm name if available. - # Fall back to comm name if either it does not exist or - # returns non-zero. - type "validate_$1" >/dev/null && "validate_$1" || echo $1 - esac -} - -try_all() { - # init: it could be anything... - # We try some approaches to gather more information about init without - # calling it! On some init systemd this triggers a reinitialisation of - # the system which we don't want (e.g. embedded systems). - - validate_sysvinit || \ - validate_openrc || \ - validate_runit || \ - validate_smf || \ - validate_upstart || \ - validate_hurd_init || \ - echo init # fallback -} +# ----- init=$(find_init) -if test -x "${init}" -then - case $init - in - /hurd/init) - # FIXME: Create validate function - echo hurd-init - ;; - */init) - try_all - ;; - *) - validate_by_comm_name "$(basename "${init}")" - ;; - esac -else - validate_by_comm_name "${init}" -fi +# If we got a path, guess by the path first (fall back to file name if no match) +# else guess by file name directly. +{ + test -x "${init}" \ + && guess_by_path "${init}" \ + || guess_by_comm_name "$(basename "${init}")" +} && exit 0 || true + + +# Guessing based on the file path and name didn’t lead to a definitive result. +# +# We go through all of the checks until we find a match. To speed up the +# process, common cases will be checked first based on the underlying kernel. + +{ common_candidates_by_kernel; echo "${KNOWN_INIT_SYSTEMS}"; } \ + | unique | check_list From 0d84c91b4047d3da0571d0262b4b5d9a8f9796b9 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Thu, 20 Feb 2020 22:55:46 +0100 Subject: [PATCH 049/176] [explorer/init] Fix unique() for Solaris --- cdist/conf/explorer/init | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cdist/conf/explorer/init b/cdist/conf/explorer/init index db417a14..0f04a0ee 100755 --- a/cdist/conf/explorer/init +++ b/cdist/conf/explorer/init @@ -135,7 +135,8 @@ trim() { unique() { # Delete duplicate lines (keeping input order) - awk '!x[$0]++' + # NOTE: Solaris AWK breaks without if/print construct. + awk '{ if (!x[$0]++) print }' } From 0d6bc8e8f8166a3f61dd4da4a0e499499d3702c4 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Thu, 20 Feb 2020 23:29:21 +0100 Subject: [PATCH 050/176] [explorer/init] Make shellcheck happy --- cdist/conf/explorer/init | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/cdist/conf/explorer/init b/cdist/conf/explorer/init index 0f04a0ee..1b921c68 100755 --- a/cdist/conf/explorer/init +++ b/cdist/conf/explorer/init @@ -310,7 +310,7 @@ guess_by_path() { fi ;; /sbin/procd) - check_procd && return + check_procd "$1" && return ;; /sbin/init|*/init) # init: it could be anything -> (explicit) no match @@ -356,7 +356,7 @@ guess_by_comm_name() { check_list() ( # List must be a multi-line input on stdin (one name per line) - while read init + while read -r init do "check_${init}" || continue return 0 @@ -408,7 +408,7 @@ find_init() { OpenBSD) find_init_pgrep || find_init_ps ;; - Darwin|FreeBSD|SunOS) + Darwin|SunOS) find_init_ps ;; *) @@ -424,6 +424,7 @@ init=$(find_init) # If we got a path, guess by the path first (fall back to file name if no match) # else guess by file name directly. +# shellcheck disable=SC2015 { test -x "${init}" \ && guess_by_path "${init}" \ From 49fc21ec47d665155edac73bdbae4fed9258f382 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Sun, 23 Feb 2020 09:32:03 +0100 Subject: [PATCH 051/176] ++changelog --- docs/changelog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/changelog b/docs/changelog index b0ebf789..8463bb89 100644 --- a/docs/changelog +++ b/docs/changelog @@ -4,6 +4,9 @@ Changelog next: * Type __update_alternatives: Add state explorer (Ander Punnar) * Explorer os_version: Add support for Alpine Linux (Jin-Guk Kwon) + * Explorer init: Rewrite and support more init systems (Dennis Camera) + * New type: __service (Timothée Floure) + * Types __consul_*: Add optional parameter for using distribution packages (Timothée Floure) 6.5.1: 2020-02-15 * Type __consul_agent: Add Debian 10 support (Nico Schottelius) From c6aba8d189c2efc7c88f9c595acba7ceae5a4e00 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Sun, 23 Feb 2020 22:59:41 +0100 Subject: [PATCH 052/176] [explorer/disks] Fix for NetBSD When connecting over SSH and running /bin/sh, the PATH is missing sbin locations. sysctl is located at /sbin/sysctl on NetBSD. --- cdist/conf/explorer/disks | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/cdist/conf/explorer/disks b/cdist/conf/explorer/disks index 87a6b5c6..08290bc7 100755 --- a/cdist/conf/explorer/disks +++ b/cdist/conf/explorer/disks @@ -1,14 +1,20 @@ -#!/bin/sh +#!/bin/sh -e uname_s="$(uname -s)" -case "${uname_s}" in +case $uname_s in FreeBSD) sysctl -n kern.disks ;; - OpenBSD|NetBSD) + OpenBSD) sysctl -n hw.disknames | grep -Eo '[lsw]d[0-9]+' | xargs ;; + NetBSD) + PATH="${PATH}:/usr/local/sbin:/usr/sbin:/sbin" + sysctl -n hw.disknames \ + | awk 'BEGIN { RS = " " } /^[lsw]d[0-9]+/' \ + | xargs + ;; Linux) if command -v lsblk > /dev/null then @@ -23,5 +29,3 @@ case "${uname_s}" in printf "Don't know how to list disks for %s operating system, if you can please submit a patch\n" "${uname_s}" >&2 ;; esac - -exit 0 From e6f683b88633fa0722b3787e3daa39db640ce0f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Mon, 24 Feb 2020 09:20:49 +0100 Subject: [PATCH 053/176] Add support for alpine (edge) package to __consul_agent --- cdist/conf/type/__consul_agent/manifest | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/cdist/conf/type/__consul_agent/manifest b/cdist/conf/type/__consul_agent/manifest index 40667002..0d819d45 100755 --- a/cdist/conf/type/__consul_agent/manifest +++ b/cdist/conf/type/__consul_agent/manifest @@ -61,6 +61,17 @@ distribution_setup () { user='consul' group='consul' ;; + alpine) + # consul is only available starting Alpine 3.12 (= edge during the 3.11 cycle). + # See https://pkgs.alpinelinux.org/packages?name=consul&branch=edge + + # Override previously defined environment to match alpine packaging. + conf_dir='/etc/consul' + conf_file='server.json' + data_dir='/var/consul' + user='consul' + group='consul' + ;; *) echo "Your operating system ($os) is currently not supported with the \ --use-distribution-package flag (${__type##*/})." >&2 From d3bd2669ec49fb861016e614893dac280ed5fd35 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Sun, 23 Feb 2020 23:07:40 +0100 Subject: [PATCH 054/176] [explorer/disks] Support Linux without lsblk (fallback to sysfs) --- cdist/conf/explorer/disks | 29 +++++++++++++++++++++++------ 1 file changed, 23 insertions(+), 6 deletions(-) diff --git a/cdist/conf/explorer/disks b/cdist/conf/explorer/disks index 08290bc7..0fabc95f 100755 --- a/cdist/conf/explorer/disks +++ b/cdist/conf/explorer/disks @@ -16,16 +16,33 @@ case $uname_s in | xargs ;; Linux) - if command -v lsblk > /dev/null + # list of major device numbers toexclude: + # ram disks, floppies, cdroms + # https://www.kernel.org/doc/Documentation/admin-guide/devices.txt + ign_majors='1 2 11' + + if command -v lsblk >/dev/null 2>&1 then - # exclude ram disks, floppies and cdroms - # https://www.kernel.org/doc/Documentation/admin-guide/devices.txt - lsblk -e 1,2,11 -dno name | xargs + lsblk -e "$(echo "$ign_majors" | tr ' ' ',')" -dno name | xargs + elif test -d /sys/block/ + then + # shellcheck disable=SC2012 + ls -1 /sys/block/ \ + | awk -v ign_majors="$(echo "$ign_majors" | tr ' ' '|')" ' + { + devfile = "/sys/block/" $0 "/dev" + getline devno < devfile + close(devfile) + if (devno !~ "^(" ign_majors "):") print + }' \ + | xargs else - printf "Don't know how to list disks for %s operating system without lsblk, if you can please submit a patch\n" "${uname_s}" >&2 + echo "Don't know how to list disks on Linux without lsblk and sysfs." >&2 + echo 'If you can, please submit a patch.'>&2 fi ;; *) - printf "Don't know how to list disks for %s operating system, if you can please submit a patch\n" "${uname_s}" >&2 + printf "Don't know how to list disks for %s operating system.\n" "${uname_s}" >&2 + printf 'If you can please submit a patch\n' >&2 ;; esac From 1ef126e16f95e822562978abd895a3c036f7d5c4 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Sun, 23 Feb 2020 23:08:40 +0100 Subject: [PATCH 055/176] [explorer/disks] Move xargs call to the bottom --- cdist/conf/explorer/disks | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/cdist/conf/explorer/disks b/cdist/conf/explorer/disks index 0fabc95f..ed1afce4 100755 --- a/cdist/conf/explorer/disks +++ b/cdist/conf/explorer/disks @@ -7,13 +7,12 @@ case $uname_s in sysctl -n kern.disks ;; OpenBSD) - sysctl -n hw.disknames | grep -Eo '[lsw]d[0-9]+' | xargs + sysctl -n hw.disknames | grep -Eo '[lsw]d[0-9]+' ;; NetBSD) PATH="${PATH}:/usr/local/sbin:/usr/sbin:/sbin" sysctl -n hw.disknames \ - | awk 'BEGIN { RS = " " } /^[lsw]d[0-9]+/' \ - | xargs + | awk 'BEGIN { RS = " " } /^[lsw]d[0-9]+/' ;; Linux) # list of major device numbers toexclude: @@ -23,7 +22,7 @@ case $uname_s in if command -v lsblk >/dev/null 2>&1 then - lsblk -e "$(echo "$ign_majors" | tr ' ' ',')" -dno name | xargs + lsblk -e "$(echo "$ign_majors" | tr ' ' ',')" -dno name elif test -d /sys/block/ then # shellcheck disable=SC2012 @@ -34,8 +33,7 @@ case $uname_s in getline devno < devfile close(devfile) if (devno !~ "^(" ign_majors "):") print - }' \ - | xargs + }' else echo "Don't know how to list disks on Linux without lsblk and sysfs." >&2 echo 'If you can, please submit a patch.'>&2 @@ -45,4 +43,5 @@ case $uname_s in printf "Don't know how to list disks for %s operating system.\n" "${uname_s}" >&2 printf 'If you can please submit a patch\n' >&2 ;; -esac +esac \ +| xargs From 6db6dc4ac0950579ce13252dcca6d0f61f5533c6 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Sun, 23 Feb 2020 23:14:14 +0100 Subject: [PATCH 056/176] [explorer/disks] Add license header --- cdist/conf/explorer/disks | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/cdist/conf/explorer/disks b/cdist/conf/explorer/disks index ed1afce4..24540601 100755 --- a/cdist/conf/explorer/disks +++ b/cdist/conf/explorer/disks @@ -1,4 +1,24 @@ #!/bin/sh -e +# +# based on previous work by other people, modified by: +# 2020 Dennis Camera +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# Finds disks of the system (excl. ram disks, floppy, cdrom) uname_s="$(uname -s)" From b2db864eaf95a50e7e0d31be52f86ab1d0bea480 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Wed, 26 Feb 2020 13:01:29 +0100 Subject: [PATCH 057/176] ++changelog --- docs/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/changelog b/docs/changelog index 8463bb89..35590655 100644 --- a/docs/changelog +++ b/docs/changelog @@ -7,6 +7,7 @@ next: * Explorer init: Rewrite and support more init systems (Dennis Camera) * New type: __service (Timothée Floure) * Types __consul_*: Add optional parameter for using distribution packages (Timothée Floure) + * Explorer disks: Fix NetBSD, support Linux w/o lsblk (Dennis Camera) 6.5.1: 2020-02-15 * Type __consul_agent: Add Debian 10 support (Nico Schottelius) From 6b4b6534a1187e2533f627ff485873aeac7c4a32 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Wed, 26 Feb 2020 16:12:21 +0100 Subject: [PATCH 058/176] [__directory] Give more precise error message when --state pre-exists --- cdist/conf/type/__directory/gencode-remote | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/cdist/conf/type/__directory/gencode-remote b/cdist/conf/type/__directory/gencode-remote index e1ab69d7..a1a32ea2 100755 --- a/cdist/conf/type/__directory/gencode-remote +++ b/cdist/conf/type/__directory/gencode-remote @@ -109,10 +109,24 @@ case "$state_should" in done ;; pre-exists) - if [ "$type" != "directory" ]; then - echo "Directory \"$destination\" does not exist" >&2 - exit 1 - fi + case $type in + directory) + # all good + exit 0 + ;; + none) + printf 'Directory "%s" does not exist\n' "$destination" >&2 + exit 1 + ;; + file|symlink) + printf 'File "%s" exists and is a %s, but should be a directory\n' "$destination" "$type" >&2 + exit 1 + ;; + *) + printf 'File or directory "%s" is in an unknown state\n' "$destination" >&2 + exit 1 + ;; + esac ;; absent) if [ "$type" = "directory" ]; then From 046f7d0663fb6e117f76747bf71c7976abc90962 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Wed, 26 Feb 2020 16:32:03 +0100 Subject: [PATCH 059/176] ++changelog --- docs/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/changelog b/docs/changelog index 35590655..4fdfcd68 100644 --- a/docs/changelog +++ b/docs/changelog @@ -8,6 +8,7 @@ next: * New type: __service (Timothée Floure) * Types __consul_*: Add optional parameter for using distribution packages (Timothée Floure) * Explorer disks: Fix NetBSD, support Linux w/o lsblk (Dennis Camera) + * Type __directory: Add 'exists' and 'pre-exists' states (Dennis Camera) 6.5.1: 2020-02-15 * Type __consul_agent: Add Debian 10 support (Nico Schottelius) From 46d2487f08e04d3f6f3cbd434404dda006e83276 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Wed, 26 Feb 2020 16:40:53 +0100 Subject: [PATCH 060/176] [__file] Give more precise error message when --state pre-exists --- cdist/conf/type/__file/gencode-local | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/cdist/conf/type/__file/gencode-local b/cdist/conf/type/__file/gencode-local index fb9f9a92..231b6927 100755 --- a/cdist/conf/type/__file/gencode-local +++ b/cdist/conf/type/__file/gencode-local @@ -31,12 +31,24 @@ if [ "$state_should" = "pre-exists" ]; then exit 1 fi - if [ "$type" = "file" ]; then - exit 0 # nothing to do - else - echo "File \"$destination\" does not exist" - exit 1 - fi + case $type in + file) + # nothing to do + exit 0 + ;; + none) + printf 'File "%s" does not exist\n' "$destination" >&2 + exit 1 + ;; + directory|symlink) + printf 'File "%s" exists and is a %s, but should be a regular file\n' "$destination" "$type" >&2 + exit 1 + ;; + *) + printf 'File or directory "%s" is in an unknown state\n' "$destination" >&2 + exit 1 + ;; + esac fi upload_file= From 9eacba06bb218bd0627ef633b363495331ac6c5b Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Wed, 26 Feb 2020 16:48:14 +0100 Subject: [PATCH 061/176] [__file] Treat pre-exists as a special case in gencode-remote as it should never get there --- cdist/conf/type/__file/gencode-remote | 56 ++++++++++++++------------- 1 file changed, 30 insertions(+), 26 deletions(-) diff --git a/cdist/conf/type/__file/gencode-remote b/cdist/conf/type/__file/gencode-remote index b04c471e..815593bd 100755 --- a/cdist/conf/type/__file/gencode-remote +++ b/cdist/conf/type/__file/gencode-remote @@ -55,37 +55,41 @@ set_owner() { } set_mode() { - echo "chmod '$1' '$destination'" - echo "chmod '$1'" >> "$__messages_out" - fire_onchange=1 + echo "chmod '$1' '$destination'" + echo "chmod '$1'" >> "$__messages_out" + fire_onchange=1 } case "$state_should" in - present|exists|pre-exists) - # Note: Mode - needs to happen last as a chown/chgrp can alter mode by - # clearing S_ISUID and S_ISGID bits (see chown(2)) - for attribute in group owner mode; do - if [ -f "$__object/parameter/$attribute" ]; then - value_should="$(cat "$__object/parameter/$attribute")" + present|exists) + # Note: Mode - needs to happen last as a chown/chgrp can alter mode by + # clearing S_ISUID and S_ISGID bits (see chown(2)) + for attribute in group owner mode; do + if [ -f "$__object/parameter/$attribute" ]; then + value_should="$(cat "$__object/parameter/$attribute")" - # change 0xxx format to xxx format => same as stat returns - if [ "$attribute" = mode ]; then - value_should="$(echo "$value_should" | sed 's/^0\(...\)/\1/')" - fi - - value_is="$(get_current_value "$attribute" "$value_should")" - if [ -f "$__object/files/set-attributes" ] || [ "$value_should" != "$value_is" ]; then - "set_$attribute" "$value_should" + # change 0xxx format to xxx format => same as stat returns + if [ "$attribute" = mode ]; then + value_should="$(echo "$value_should" | sed 's/^0\(...\)/\1/')" + fi + + value_is="$(get_current_value "$attribute" "$value_should")" + if [ -f "$__object/files/set-attributes" ] || [ "$value_should" != "$value_is" ]; then + "set_$attribute" "$value_should" + fi fi + done + if [ -f "$__object/files/set-attributes" ]; then + # set-attributes is created if file is created or uploaded in gencode-local + fire_onchange=1 fi - done - if [ -f "$__object/files/set-attributes" ]; then - # set-attributes is created if file is created or uploaded in gencode-local - fire_onchange=1 - fi - ;; + pre-exists) + # pre-exists should never reach gencode-remote… + exit 1 + ;; + absent) if [ "$type" = "file" ]; then echo "rm -f '$destination'" @@ -101,7 +105,7 @@ case "$state_should" in esac if [ -f "$__object/parameter/onchange" ]; then - if [ -n "$fire_onchange" ]; then - cat "$__object/parameter/onchange" - fi + if [ -n "$fire_onchange" ]; then + cat "$__object/parameter/onchange" + fi fi From da6ccf808ef4417b90e0882abd042f0a40f28a8e Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Wed, 26 Feb 2020 21:48:08 +0100 Subject: [PATCH 062/176] ++changelog --- docs/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/changelog b/docs/changelog index 4fdfcd68..9075cf3f 100644 --- a/docs/changelog +++ b/docs/changelog @@ -9,6 +9,7 @@ next: * Types __consul_*: Add optional parameter for using distribution packages (Timothée Floure) * Explorer disks: Fix NetBSD, support Linux w/o lsblk (Dennis Camera) * Type __directory: Add 'exists' and 'pre-exists' states (Dennis Camera) + * Type __file: Improve error messages for pre-exists state (Dennis Camera) 6.5.1: 2020-02-15 * Type __consul_agent: Add Debian 10 support (Nico Schottelius) From 213f1b049c55205ffe233de22e68c4a4738c8b82 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Thu, 27 Feb 2020 20:23:04 +0100 Subject: [PATCH 063/176] Release 6.5.2 --- docs/changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/changelog b/docs/changelog index 9075cf3f..64b124e8 100644 --- a/docs/changelog +++ b/docs/changelog @@ -1,7 +1,7 @@ Changelog --------- -next: +6.5.2: 2020-02-27 * Type __update_alternatives: Add state explorer (Ander Punnar) * Explorer os_version: Add support for Alpine Linux (Jin-Guk Kwon) * Explorer init: Rewrite and support more init systems (Dennis Camera) From fb32d6ed3f9421d515b0ec2eabe9ab4fcc6ccacb Mon Sep 17 00:00:00 2001 From: llnu Date: Sun, 8 Mar 2020 16:04:02 +0100 Subject: [PATCH 064/176] alpine uses a different getent lib which doesnt support: getent shadow --- cdist/conf/type/__user/explorer/shadow | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cdist/conf/type/__user/explorer/shadow b/cdist/conf/type/__user/explorer/shadow index 73ce0e29..63d38f0d 100755 --- a/cdist/conf/type/__user/explorer/shadow +++ b/cdist/conf/type/__user/explorer/shadow @@ -24,7 +24,7 @@ name=$__object_id case $("$__explorer/os") in - 'freebsd'|'netbsd'|'openbsd') + 'freebsd'|'netbsd'|'openbsd'|'alpine') database='passwd' ;; # Default to using shadow passwords From f7d5f5bc974fff858c9999752badce3c6e8ba72e Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Mon, 9 Mar 2020 08:02:18 +0100 Subject: [PATCH 065/176] ++changelog --- docs/changelog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/changelog b/docs/changelog index 64b124e8..93df32a2 100644 --- a/docs/changelog +++ b/docs/changelog @@ -1,6 +1,9 @@ Changelog --------- +next: + * Type __user: Fix missing shadow for alpine (llnu) + 6.5.2: 2020-02-27 * Type __update_alternatives: Add state explorer (Ander Punnar) * Explorer os_version: Add support for Alpine Linux (Jin-Guk Kwon) From 358e04b2afa380b63843869f1f57967e0ef8de22 Mon Sep 17 00:00:00 2001 From: Matthias Stecher Date: Sat, 14 Mar 2020 09:58:38 +0100 Subject: [PATCH 066/176] Handle specially if no time about the last index update found. The explorer 'currage' now returns -1 if he can not find any value about this. The gencode-remote script handle this value special to not exit if -1 given as value. This fixes the bug https://code.ungleich.ch/ungleich-public/cdist/issues/803 --- cdist/conf/type/__package_update_index/explorer/currage | 6 +++--- cdist/conf/type/__package_update_index/gencode-remote | 3 ++- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/cdist/conf/type/__package_update_index/explorer/currage b/cdist/conf/type/__package_update_index/explorer/currage index cfb778d5..bd51ee86 100644 --- a/cdist/conf/type/__package_update_index/explorer/currage +++ b/cdist/conf/type/__package_update_index/explorer/currage @@ -24,18 +24,18 @@ case "$type" in if [ -f "/var/cache/apt/pkgcache.bin" ]; then echo $(($(date +"%s")-$(stat --format '%Y' /var/cache/apt/pkgcache.bin))) else - echo 0 + echo -1 fi ;; pacman) if [ -d "/var/lib/pacman/sync" ]; then echo $(($(date +"%s")-$(stat --format '%Y' /var/lib/pacman/sync))) else - echo 0 + echo -1 fi ;; alpine) - echo 0 + echo -1 ;; *) echo "Your specified type ($type) is currently not supported." >&2 echo "Please contribute an implementation for it if you can." >&2 diff --git a/cdist/conf/type/__package_update_index/gencode-remote b/cdist/conf/type/__package_update_index/gencode-remote index 6c51cbed..803468b5 100755 --- a/cdist/conf/type/__package_update_index/gencode-remote +++ b/cdist/conf/type/__package_update_index/gencode-remote @@ -31,7 +31,8 @@ if [ -n "$maxage" ]; then if [ "$type" != "apt" ] && [ "$type" != "pacman" ]; then echo "ERROR: \"--maxage\" only supported for \"apt\" or \"pacman\" pkg-manager." >&2 exit 1 - elif [ "$currage" -lt "$maxage" ]; then + # do not exit if no value found (represented as -1) + elif [ "$currage" -ne -1 ] && [ "$currage" -lt "$maxage" ]; then exit 0 # no need to update fi fi From f00e4af5f0f1f49ab93be001468327ea90df6bd0 Mon Sep 17 00:00:00 2001 From: Andrew Schleifer Date: Thu, 26 Mar 2020 21:17:32 +0800 Subject: [PATCH 067/176] fix typo --- cdist/conf/type/__letsencrypt_cert/man.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cdist/conf/type/__letsencrypt_cert/man.rst b/cdist/conf/type/__letsencrypt_cert/man.rst index c4ffc6bc..85eb88ea 100644 --- a/cdist/conf/type/__letsencrypt_cert/man.rst +++ b/cdist/conf/type/__letsencrypt_cert/man.rst @@ -59,13 +59,13 @@ MESSAGES -------- change - Certificte was changed. + Certificate was changed. create - Certificte was created. + Certificate was created. remove - Certificte was removed. + Certificate was removed. EXAMPLES -------- From 66d990502987aae97695a4b8678e7d160f1066f7 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Thu, 26 Mar 2020 21:48:17 +0100 Subject: [PATCH 068/176] [__consul_agent] make conf_dir depent on the OS --- cdist/conf/type/__consul_agent/manifest | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/cdist/conf/type/__consul_agent/manifest b/cdist/conf/type/__consul_agent/manifest index 0d819d45..a7fe0bc5 100755 --- a/cdist/conf/type/__consul_agent/manifest +++ b/cdist/conf/type/__consul_agent/manifest @@ -1,7 +1,7 @@ #!/bin/sh -e # # 2015 Steven Armstrong (steven-cdist at armstrong.cc) -# 2015-2019 Nico Schottelius (nico-cdist at schottelius.org) +# 2015-2020 Nico Schottelius (nico-cdist at schottelius.org) # 2019 Timothée Floure (timothee.floure at ungleich.ch) # # This file is part of cdist. @@ -37,10 +37,22 @@ fi # Those are default that might be overriden by os-specific logic. data_dir="/var/lib/consul" -conf_dir="/etc/consul/conf.d" -conf_file="config.json" + + + tls_dir="$conf_dir/tls" +case "$os" in + alpine) + conf_dir="/etc/consul" + conf_file="server.json" + ;; + *) + conf_dir="/etc/consul/conf.d" + conf_file="config.json" + ;; +esac + ### # Sane deployment, based on distribution package when available. From ec11f04ab83504035271483a61549a4e0c51053c Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Thu, 26 Mar 2020 21:49:43 +0100 Subject: [PATCH 069/176] ++changes --- docs/changelog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/changelog b/docs/changelog index 93df32a2..76f47679 100644 --- a/docs/changelog +++ b/docs/changelog @@ -3,6 +3,8 @@ Changelog next: * Type __user: Fix missing shadow for alpine (llnu) + * Type __consule_agent: Make conf_dir dependent on OS - fixes + Alpine (Nico Schottelius) 6.5.2: 2020-02-27 * Type __update_alternatives: Add state explorer (Ander Punnar) From df63cfe0884d460942a34b31d9296a31aa8edb2f Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Fri, 27 Mar 2020 08:50:27 +0100 Subject: [PATCH 070/176] ++changelog --- docs/changelog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/changelog b/docs/changelog index 76f47679..8e51b949 100644 --- a/docs/changelog +++ b/docs/changelog @@ -3,8 +3,8 @@ Changelog next: * Type __user: Fix missing shadow for alpine (llnu) - * Type __consule_agent: Make conf_dir dependent on OS - fixes - Alpine (Nico Schottelius) + * Type __consule_agent: Make conf_dir dependent on OS - fixes Alpine (Nico Schottelius) + * Type __letsencrypt_cert: Fix typo (Andrew Schleifer) 6.5.2: 2020-02-27 * Type __update_alternatives: Add state explorer (Ander Punnar) From b25939cdd64fdab7d71ab9285c64ad5bf14797f5 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Fri, 27 Mar 2020 13:30:52 +0100 Subject: [PATCH 071/176] Fix shellcheck --- cdist/conf/type/__consul_agent/manifest | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cdist/conf/type/__consul_agent/manifest b/cdist/conf/type/__consul_agent/manifest index a7fe0bc5..7b54529c 100755 --- a/cdist/conf/type/__consul_agent/manifest +++ b/cdist/conf/type/__consul_agent/manifest @@ -232,7 +232,7 @@ if [ -f "$__object/parameter/ca-file-source" ] || \ [ -f "$__object/parameter/cert-file-source" ] || \ [ -f "$__object/parameter/key-file-source" ]; then - requires="$config_deployment_requires" __directory $tls_dir \ + requires="$config_deployment_requires" __directory "$tls_dir" \ --owner root --group "$group" --mode 750 --state "$state" # Append to service restart requirements. From da30afe791e1eca11d68fedc88d7a943ecf089e5 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Sun, 29 Mar 2020 12:54:02 +0200 Subject: [PATCH 072/176] ++changelog --- docs/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/changelog b/docs/changelog index 8e51b949..62ef28be 100644 --- a/docs/changelog +++ b/docs/changelog @@ -5,6 +5,7 @@ next: * Type __user: Fix missing shadow for alpine (llnu) * Type __consule_agent: Make conf_dir dependent on OS - fixes Alpine (Nico Schottelius) * Type __letsencrypt_cert: Fix typo (Andrew Schleifer) + * Type __package_update_index: Fix maxage false positives (Matthias Stecher) 6.5.2: 2020-02-27 * Type __update_alternatives: Add state explorer (Ander Punnar) From 0f639a9278e32b395bbc0f20b53b89ce1bb324a8 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Thu, 2 Apr 2020 18:14:09 +0200 Subject: [PATCH 073/176] Make __cron nonparallel It fails due to removal / edit of crontab at the same time VERBOSE: [18331]: uncloud.ungleich.ch: Running object __cron/pg_dump_cleanup VERBOSE: [18332]: uncloud.ungleich.ch: Running object __ungleich_packages/server VERBOSE: [18335]: uncloud.ungleich.ch: Running object __postgres_role/app INFO: [18335]: uncloud.ungleich.ch: Processing __postgres_role/app INFO: [18331]: uncloud.ungleich.ch: Processing __cron/pg_dump_cleanup ERROR: [16451]: uncloud.ungleich.ch: ssh -o User=root -o ControlPath=/tmp/tmp_8eu4oep/s -o ControlMaster=auto -o ControlPersist=2h uncloud.ungleich.ch /bin/sh -c ' export __object=/var/lib/cdist/object/__cron/pg_dumpall_under_day/.cdist-mfd00npk; export __object_id=pg_dumpall_under_day;/bin/sh -e /var/lib/cdist/object/__cron/pg_dumpall_under_day/.cdist-mfd00npk/code-remote': ['ssh', '-o', 'User=root', '-o', 'ControlPath=/tmp/tmp_8eu4oep/s', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=2h', 'uncloud.ungleich.ch', "/bin/sh -c ' export __object=/var/lib/cdist/object/__cron/pg_dumpall_under_day/.cdist-mfd00npk; export __object_id=pg_dumpall_under_day;/bin/sh -e /var/lib/cdist/object/__cron/pg_dumpall_under_day/.cdist-mfd00npk/code-remote'"] Error processing object '__cron/pg_dumpall_under_day' ===================================================== name: __cron/pg_dumpall_under_day path: /tmp/tmplaq9cwdh/6318c251013a449595327745daacf3ee/data/object/__cron/pg_dumpall_under_day/.cdist-mfd00npk source: /tmp/tmplaq9cwdh/6318c251013a449595327745daacf3ee/data/conf/type/__ungleich_postgresql/manifest type: /home/nico/vcs/cdist/cdist/conf/type/__cron code-remote:stderr ------------------ crontab: can't move 'postgres.new' to 'postgres': No such file or directory VERBOSE: [16451]: config: Total processing time for 1 host(s): 13.98031210899353 [18:09] line:~% --- cdist/conf/type/__cron/nonparallel | 0 docs/changelog | 1 + 2 files changed, 1 insertion(+) create mode 100644 cdist/conf/type/__cron/nonparallel diff --git a/cdist/conf/type/__cron/nonparallel b/cdist/conf/type/__cron/nonparallel new file mode 100644 index 00000000..e69de29b diff --git a/docs/changelog b/docs/changelog index 62ef28be..b608b35f 100644 --- a/docs/changelog +++ b/docs/changelog @@ -2,6 +2,7 @@ Changelog --------- next: + * Type __cron: Make non parallel due to race condition (Nico Schottelius) * Type __user: Fix missing shadow for alpine (llnu) * Type __consule_agent: Make conf_dir dependent on OS - fixes Alpine (Nico Schottelius) * Type __letsencrypt_cert: Fix typo (Andrew Schleifer) From d034fe9369f1f7aa00a7b0136ffd940ecbceb588 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Thu, 2 Apr 2020 18:24:13 +0200 Subject: [PATCH 074/176] [__pyvenv] use python3 -m venv on alpine Until python4 comes, this will work --- cdist/conf/type/__pyvenv/gencode-remote | 12 +++++++++++- docs/changelog | 1 + 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/cdist/conf/type/__pyvenv/gencode-remote b/cdist/conf/type/__pyvenv/gencode-remote index 04700683..05ec3b29 100755 --- a/cdist/conf/type/__pyvenv/gencode-remote +++ b/cdist/conf/type/__pyvenv/gencode-remote @@ -37,11 +37,21 @@ mode="$(cat "$__object/parameter/mode")" destination="/$__object_id" venvparams="$(cat "$__object/parameter/venvparams")" pyvenvparam="$__object/parameter/pyvenv" + +os=$(cat $__global/explorer/os) + if [ -f "$pyvenvparam" ] then pyvenv=$(cat "$pyvenvparam") else - pyvenv="pyvenv" + case "$os" in + alpine) # no pyvenv on alpine - I assume others will follow + pyvenv="python3 -m venv" + ;; + *) + pyvenv="pyvenv" + ;; + esac fi case $state_should in diff --git a/docs/changelog b/docs/changelog index b608b35f..f5846925 100644 --- a/docs/changelog +++ b/docs/changelog @@ -3,6 +3,7 @@ Changelog next: * Type __cron: Make non parallel due to race condition (Nico Schottelius) + * Type __pyvenv: Use python3 -m venv on Alpine (Nico Schottelius) * Type __user: Fix missing shadow for alpine (llnu) * Type __consule_agent: Make conf_dir dependent on OS - fixes Alpine (Nico Schottelius) * Type __letsencrypt_cert: Fix typo (Andrew Schleifer) From 890c73f6bdd027e60cedd868323f9d0438408b7a Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Thu, 2 Apr 2020 20:18:04 +0200 Subject: [PATCH 075/176] Fix shellcheck issues --- cdist/conf/type/__package_update_index/explorer/currage | 6 +++--- cdist/conf/type/__pyvenv/gencode-remote | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cdist/conf/type/__package_update_index/explorer/currage b/cdist/conf/type/__package_update_index/explorer/currage index bd51ee86..8eadaf53 100644 --- a/cdist/conf/type/__package_update_index/explorer/currage +++ b/cdist/conf/type/__package_update_index/explorer/currage @@ -24,18 +24,18 @@ case "$type" in if [ -f "/var/cache/apt/pkgcache.bin" ]; then echo $(($(date +"%s")-$(stat --format '%Y' /var/cache/apt/pkgcache.bin))) else - echo -1 + echo -- -1 fi ;; pacman) if [ -d "/var/lib/pacman/sync" ]; then echo $(($(date +"%s")-$(stat --format '%Y' /var/lib/pacman/sync))) else - echo -1 + echo -- -1 fi ;; alpine) - echo -1 + echo -- -1 ;; *) echo "Your specified type ($type) is currently not supported." >&2 echo "Please contribute an implementation for it if you can." >&2 diff --git a/cdist/conf/type/__pyvenv/gencode-remote b/cdist/conf/type/__pyvenv/gencode-remote index 05ec3b29..9c7b7fab 100755 --- a/cdist/conf/type/__pyvenv/gencode-remote +++ b/cdist/conf/type/__pyvenv/gencode-remote @@ -38,7 +38,7 @@ destination="/$__object_id" venvparams="$(cat "$__object/parameter/venvparams")" pyvenvparam="$__object/parameter/pyvenv" -os=$(cat $__global/explorer/os) +os=$(cat "$__global/explorer/os") if [ -f "$pyvenvparam" ] then From ceb6b597ef66dc21c901b5b52f251f4c8c61cd54 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Fri, 3 Apr 2020 19:45:44 +0200 Subject: [PATCH 076/176] Release 6.5.3 --- docs/changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/changelog b/docs/changelog index f5846925..aa5439d5 100644 --- a/docs/changelog +++ b/docs/changelog @@ -1,7 +1,7 @@ Changelog --------- -next: +6.5.3: 2020-04-03 * Type __cron: Make non parallel due to race condition (Nico Schottelius) * Type __pyvenv: Use python3 -m venv on Alpine (Nico Schottelius) * Type __user: Fix missing shadow for alpine (llnu) From d53077f4e8fbca26c6f1105efa1060df749900b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Mon, 6 Apr 2020 09:26:52 +0200 Subject: [PATCH 077/176] Add --encoding, --lc-collate, --lc-support to __postgres_database type --- .../type/__postgres_database/gencode-remote | 18 +++++++++++++++++- cdist/conf/type/__postgres_database/man.rst | 12 ++++++++++-- .../__postgres_database/parameter/optional | 3 +++ 3 files changed, 30 insertions(+), 3 deletions(-) diff --git a/cdist/conf/type/__postgres_database/gencode-remote b/cdist/conf/type/__postgres_database/gencode-remote index 47e6b97c..b5f52f50 100755 --- a/cdist/conf/type/__postgres_database/gencode-remote +++ b/cdist/conf/type/__postgres_database/gencode-remote @@ -43,8 +43,24 @@ if [ "$state_should" != "$state_is" ]; then if [ -f "$__object/parameter/owner" ]; then owner="-O \"$(cat "$__object/parameter/owner")\"" fi + + encoding="" + if [ -f "$__object/parameter/encoding" ]; then + encoding="--encoding \"$(cat "$__object/parameter/encoding")\"" + fi + + lc_collate="" + if [ -f "$__object/parameter/lc-collate" ]; then + lc_collate="--lc-collate \"$(cat "$__object/parameter/lc-collate")\"" + fi + + lc_ctype="" + if [ -f "$__object/parameter/lc-ctype" ]; then + lc_ctype="--lc-ctype \"$(cat "$__object/parameter/lc-ctype")\"" + fi + cat << EOF -su - '$postgres_user' -c "createdb $owner \"$name\"" +su - '$postgres_user' -c "createdb $owner \"$name\" $encoding $lc_collate $lc_ctype" EOF ;; absent) diff --git a/cdist/conf/type/__postgres_database/man.rst b/cdist/conf/type/__postgres_database/man.rst index acceec9b..97ac95eb 100644 --- a/cdist/conf/type/__postgres_database/man.rst +++ b/cdist/conf/type/__postgres_database/man.rst @@ -14,11 +14,19 @@ This cdist type allows you to create or drop postgres databases. OPTIONAL PARAMETERS ------------------- state - either 'present' or 'absent', defaults to 'present'. + Either 'present' or 'absent', defaults to 'present'. owner - the role owning this database + Specifies the database user who will own the new database. +encoding + Specifies the character encoding scheme to be used in this database. + +lc-collate + Specifies the LC_COLLATE setting to be used in this database. + +lc-ctype + Specifies the LC_CTYPE setting to be used in this database. EXAMPLES -------- diff --git a/cdist/conf/type/__postgres_database/parameter/optional b/cdist/conf/type/__postgres_database/parameter/optional index d86b6469..fed2581e 100644 --- a/cdist/conf/type/__postgres_database/parameter/optional +++ b/cdist/conf/type/__postgres_database/parameter/optional @@ -1,2 +1,5 @@ state owner +encoding +lc-collate +lc-ctype From 76d978d3d85051fe943334771c30dfff907f6e21 Mon Sep 17 00:00:00 2001 From: Steven Armstrong Date: Fri, 10 Apr 2020 10:51:17 +0200 Subject: [PATCH 078/176] explorer/init: do not grep on non-existent init Signed-off-by: Steven Armstrong --- cdist/conf/explorer/init | 1 + 1 file changed, 1 insertion(+) diff --git a/cdist/conf/explorer/init b/cdist/conf/explorer/init index 1b921c68..f27c77ef 100755 --- a/cdist/conf/explorer/init +++ b/cdist/conf/explorer/init @@ -221,6 +221,7 @@ check_systemstarter() { check_sysvinit() ( init_path=${1:-/sbin/init} + test -x "${init_path}" || return 1 grep -q 'INIT_VERSION=sysvinit-[0-9.]*' "${init_path}" || return 1 # It is quite common to use SysVinit to stack other init systemd From e19c1bb1e0072a4bfd6ec64ada2d3c4fab1ac064 Mon Sep 17 00:00:00 2001 From: Steven Armstrong Date: Fri, 10 Apr 2020 21:50:39 +0200 Subject: [PATCH 079/176] remove duplicates from conf dirs while preserving order Signed-off-by: Steven Armstrong --- cdist/exec/util.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/cdist/exec/util.py b/cdist/exec/util.py index 9787f431..e3be2235 100644 --- a/cdist/exec/util.py +++ b/cdist/exec/util.py @@ -199,7 +199,9 @@ def resolve_conf_dirs(configuration, add_conf_dirs): if add_conf_dirs: conf_dirs.extend(add_conf_dirs) - conf_dirs = set(conf_dirs) + + # Remove duplicates. + conf_dirs = list(dict.fromkeys(conf_dirs)) return conf_dirs From 1ebcc219c26f91bcc634a9526171871f15210bd9 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Sat, 11 Apr 2020 09:54:57 +0200 Subject: [PATCH 080/176] ++changelog --- docs/changelog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/changelog b/docs/changelog index aa5439d5..a927a08d 100644 --- a/docs/changelog +++ b/docs/changelog @@ -1,6 +1,9 @@ Changelog --------- +next: + * Explorer init: Do not grep on non-existent init (Steven Armstrong) + 6.5.3: 2020-04-03 * Type __cron: Make non parallel due to race condition (Nico Schottelius) * Type __pyvenv: Use python3 -m venv on Alpine (Nico Schottelius) From 704e78322ed5794fd9baf324f64363858fda2b26 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Sat, 11 Apr 2020 20:26:20 +0200 Subject: [PATCH 081/176] Use OrderedDict to guarantee order Note: > Changed in version 3.7: Dictionary order is guaranteed to be > insertion order. This behavior was an implementation detail of > CPython from 3.6. --- cdist/exec/util.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cdist/exec/util.py b/cdist/exec/util.py index e3be2235..90a26ad3 100644 --- a/cdist/exec/util.py +++ b/cdist/exec/util.py @@ -22,6 +22,7 @@ import subprocess import os from tempfile import TemporaryFile +from collections import OrderedDict import cdist import cdist.configuration @@ -201,7 +202,7 @@ def resolve_conf_dirs(configuration, add_conf_dirs): conf_dirs.extend(add_conf_dirs) # Remove duplicates. - conf_dirs = list(dict.fromkeys(conf_dirs)) + conf_dirs = list(OrderedDict.fromkeys(conf_dirs)) return conf_dirs From d1eecb93eeef11da057052fe14818ff442a0d0c8 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Sat, 11 Apr 2020 20:30:56 +0200 Subject: [PATCH 082/176] ++changelog --- docs/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/changelog b/docs/changelog index a927a08d..8c7d497b 100644 --- a/docs/changelog +++ b/docs/changelog @@ -3,6 +3,7 @@ Changelog next: * Explorer init: Do not grep on non-existent init (Steven Armstrong) + * Core: Bugfix to preserve conf dirs order (Steven Armstrong) 6.5.3: 2020-04-03 * Type __cron: Make non parallel due to race condition (Nico Schottelius) From 0805fac7e91b9ea3d0dd92fb00e36bc33d8cf779 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Sat, 11 Apr 2020 20:35:29 +0200 Subject: [PATCH 083/176] Release 6.5.4 --- docs/changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/changelog b/docs/changelog index 8c7d497b..b6b1bb39 100644 --- a/docs/changelog +++ b/docs/changelog @@ -1,7 +1,7 @@ Changelog --------- -next: +6.5.4: 2020-04-11 * Explorer init: Do not grep on non-existent init (Steven Armstrong) * Core: Bugfix to preserve conf dirs order (Steven Armstrong) From c3f924d350772d7c3af1ce8bbbe29f1b8010d4f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Tue, 14 Apr 2020 10:23:08 +0200 Subject: [PATCH 084/176] Add --template flag to __postgres_database type --- cdist/conf/type/__postgres_database/gencode-remote | 7 ++++++- cdist/conf/type/__postgres_database/man.rst | 4 ++++ cdist/conf/type/__postgres_database/parameter/optional | 1 + 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/cdist/conf/type/__postgres_database/gencode-remote b/cdist/conf/type/__postgres_database/gencode-remote index b5f52f50..0f11cff4 100755 --- a/cdist/conf/type/__postgres_database/gencode-remote +++ b/cdist/conf/type/__postgres_database/gencode-remote @@ -44,6 +44,11 @@ if [ "$state_should" != "$state_is" ]; then owner="-O \"$(cat "$__object/parameter/owner")\"" fi + template="" + if [ -f "$__object/parameter/template" ]; then + template="--template \"$(cat "$__object/parameter/template")\"" + fi + encoding="" if [ -f "$__object/parameter/encoding" ]; then encoding="--encoding \"$(cat "$__object/parameter/encoding")\"" @@ -60,7 +65,7 @@ if [ "$state_should" != "$state_is" ]; then fi cat << EOF -su - '$postgres_user' -c "createdb $owner \"$name\" $encoding $lc_collate $lc_ctype" +su - '$postgres_user' -c "createdb $owner \"$name\" $template $encoding $lc_collate $lc_ctype" EOF ;; absent) diff --git a/cdist/conf/type/__postgres_database/man.rst b/cdist/conf/type/__postgres_database/man.rst index 97ac95eb..870b4917 100644 --- a/cdist/conf/type/__postgres_database/man.rst +++ b/cdist/conf/type/__postgres_database/man.rst @@ -28,6 +28,10 @@ lc-collate lc-ctype Specifies the LC_CTYPE setting to be used in this database. +template + Specifies the template database from which to build this database. + + EXAMPLES -------- diff --git a/cdist/conf/type/__postgres_database/parameter/optional b/cdist/conf/type/__postgres_database/parameter/optional index fed2581e..877fbf32 100644 --- a/cdist/conf/type/__postgres_database/parameter/optional +++ b/cdist/conf/type/__postgres_database/parameter/optional @@ -3,3 +3,4 @@ owner encoding lc-collate lc-ctype +template From 742163e38c2a8124390cecee02a9c865fe18fdff Mon Sep 17 00:00:00 2001 From: Joachim Desroches Date: Wed, 15 Apr 2020 17:10:33 +0200 Subject: [PATCH 085/176] Fix configuration file location --- cdist/configuration.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cdist/configuration.py b/cdist/configuration.py index f05a5963..1011a382 100644 --- a/cdist/configuration.py +++ b/cdist/configuration.py @@ -274,7 +274,8 @@ class Configuration(metaclass=Singleton): os.path.isfile(_local_config_file))): _local_config_file = os.path.join( os.environ.get('XDG_CONFIG_HOME', - os.path.expanduser('~/.config/cdist')), + os.path.expanduser('~/.config/')), + 'cdist', _config_basename) _dist_config_file = os.path.join( os.path.abspath(os.path.join(os.path.dirname(cdist.__file__), "conf")), From c9c1e7d79050afe2bc69b875096dbd1379d70eea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Tue, 21 Apr 2020 08:13:32 +0200 Subject: [PATCH 086/176] Import CI image definition --- other/ci/Dockerfile | 8 ++++++++ other/ci/README.md | 3 +++ other/ci/repositories | 3 +++ 3 files changed, 14 insertions(+) create mode 100644 other/ci/Dockerfile create mode 100644 other/ci/README.md create mode 100644 other/ci/repositories diff --git a/other/ci/Dockerfile b/other/ci/Dockerfile new file mode 100644 index 00000000..03d6b546 --- /dev/null +++ b/other/ci/Dockerfile @@ -0,0 +1,8 @@ +FROM alpine:latest + +COPY ./repositories /etc/apk/ + +RUN apk update +RUN apk upgrade +RUN apk add python3 py3-pycodestyle rsync make shellcheck git +RUN apk fix diff --git a/other/ci/README.md b/other/ci/README.md new file mode 100644 index 00000000..0bd64613 --- /dev/null +++ b/other/ci/README.md @@ -0,0 +1,3 @@ +This container is used for cdist's CI pipeline, and deployed in ungleich's docker registry at: + + code.ungleich.ch:5050/ungleich-public/cdist-ci:latest diff --git a/other/ci/repositories b/other/ci/repositories new file mode 100644 index 00000000..46cabcc3 --- /dev/null +++ b/other/ci/repositories @@ -0,0 +1,3 @@ +https://mirror.ungleich.ch/mirror/packages/alpine/edge/main +https://mirror.ungleich.ch/mirror/packages/alpine/edge/community +https://mirror.ungleich.ch/mirror/packages/alpine/edge/testing From 7d576554708115cef78eac364b20265386998882 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Tue, 21 Apr 2020 08:15:51 +0200 Subject: [PATCH 087/176] Fix typo in cdist-ci image README --- other/ci/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/other/ci/README.md b/other/ci/README.md index 0bd64613..6a9b0ac5 100644 --- a/other/ci/README.md +++ b/other/ci/README.md @@ -1,3 +1,3 @@ This container is used for cdist's CI pipeline, and deployed in ungleich's docker registry at: - code.ungleich.ch:5050/ungleich-public/cdist-ci:latest + code.ungleich.ch:5050/ungleich-public/cdist/cdist-ci:latest From e2b26aa233fe702f19a39fa1378a6c531d36720f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Tue, 21 Apr 2020 08:16:46 +0200 Subject: [PATCH 088/176] Patch CI configuration to use cdist-ci image --- .gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 1cc17995..e215652c 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,6 +1,8 @@ stages: - test +image: code.ungleich.ch:5050/ungleich-public/cdist/cdist-ci:latest + unit_tests: stage: test script: From 38ccdfda321e6bdb683842d227b379feea5e752c Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Wed, 22 Apr 2020 23:21:34 +0200 Subject: [PATCH 089/176] Fix newly found shellcheck issues --- cdist/conf/type/__cdist/manifest | 1 + cdist/conf/type/__openldap_server/manifest | 1 + 2 files changed, 2 insertions(+) diff --git a/cdist/conf/type/__cdist/manifest b/cdist/conf/type/__cdist/manifest index a97cf288..0b0f1263 100755 --- a/cdist/conf/type/__cdist/manifest +++ b/cdist/conf/type/__cdist/manifest @@ -37,6 +37,7 @@ source="$(cat "$__object/parameter/source")" # out of it home=/home/$username +# shellcheck disable=SC2086 __user "$username" --home "$home" $shell require="__user/$username" __directory "$home" \ diff --git a/cdist/conf/type/__openldap_server/manifest b/cdist/conf/type/__openldap_server/manifest index dadc9f20..d35603c4 100644 --- a/cdist/conf/type/__openldap_server/manifest +++ b/cdist/conf/type/__openldap_server/manifest @@ -168,6 +168,7 @@ if [ -z "${_skip_letsencrypt_cert}" ]; then staging="" fi + # shellcheck disable=SC2086 __letsencrypt_cert "${name}" --admin-email "${admin_email}" \ --renew-hook "cp ${ETC}/letsencrypt/live/${name}/*.pem ${SLAPD_DIR}/sasl2 && chown -R openldap:openldap ${SLAPD_DIR}/sasl2 && service slapd restart" \ --automatic-renewal ${staging} From 41e59a748dc45aaec88edc7a7eaed96c6086b1b1 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Wed, 22 Apr 2020 23:24:34 +0200 Subject: [PATCH 090/176] Fix newly found shellcheck issues --- scripts/cdist-dump | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/cdist-dump b/scripts/cdist-dump index 83b09eb8..d29e5985 100755 --- a/scripts/cdist-dump +++ b/scripts/cdist-dump @@ -224,6 +224,7 @@ hor_line() if [ "${do_global_explorer}" ] then print_verbose 2 "Dumping global explorers" + # shellcheck disable=SC2086 set -- "$@" ${or} \( \ -path "*/explorer/*" -a \ ! -path "*/conf/*" -a \ From de37b0ce450109306e31affa67dd2ff3653b6d68 Mon Sep 17 00:00:00 2001 From: Evilham Date: Fri, 24 Apr 2020 20:26:44 +0200 Subject: [PATCH 091/176] [__motd] Improve documentation and support for FreeBSD This makes it easier to use the type just by reading the man page and also treats FreeBSD's MOTD better. --- cdist/conf/type/__motd/gencode-remote | 11 +++++++++++ cdist/conf/type/__motd/man.rst | 19 ++++++++++++++++++- cdist/conf/type/__motd/manifest | 8 ++++++++ 3 files changed, 37 insertions(+), 1 deletion(-) diff --git a/cdist/conf/type/__motd/gencode-remote b/cdist/conf/type/__motd/gencode-remote index bc842cc8..738ea834 100755 --- a/cdist/conf/type/__motd/gencode-remote +++ b/cdist/conf/type/__motd/gencode-remote @@ -29,7 +29,18 @@ case "$os" in echo "uname -snrvm > /var/run/motd" echo "cat /etc/motd.tail >> /var/run/motd" ;; + freebsd) + # FreeBSD only updates /etc/motd on boot, + # as seen in /etc/rc.d/motd + echo "uname -sri > /etc/motd" + echo "cat /etc/motd.template >> /etc/motd" + # FreeBSD 13 starts treating motd slightly different from previous + # versions this ensures hosts have the expected config. + echo "rm /etc/motd.template || true" + echo "service motd start" + ;; *) + # Other OS tend to treat /etc/motd statically exit 0 ;; esac diff --git a/cdist/conf/type/__motd/man.rst b/cdist/conf/type/__motd/man.rst index 17369684..a567dc80 100644 --- a/cdist/conf/type/__motd/man.rst +++ b/cdist/conf/type/__motd/man.rst @@ -10,6 +10,13 @@ DESCRIPTION ----------- This cdist type allows you to easily setup /etc/motd. +.. note:: + In some OS, motd is a bit special, check `motd(5)`. + Currently Debian, Devuan, Ubuntu and FreeBSD are taken into account. + If your OS of choice does something besides /etc/motd, check the source + and contribute support for it. + Otherwise it will likely just work. + REQUIRED PARAMETERS ------------------- @@ -20,6 +27,7 @@ OPTIONAL PARAMETERS ------------------- source If supplied, copy this file from the host running cdist to the target. + If source is '-' (dash), take what was written to stdin as the file content. If not supplied, a default message will be placed onto the target. @@ -34,6 +42,15 @@ EXAMPLES # Supply source file from a different type __motd --source "$__type/files/my-motd" + # Supply source from stdin + __motd --source "-" < COPYING ------- -Copyright \(C) 2011 Nico Schottelius. You can redistribute it +Copyright \(C) 2020 Nico Schottelius. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. diff --git a/cdist/conf/type/__motd/manifest b/cdist/conf/type/__motd/manifest index cd741cf4..ded734d7 100755 --- a/cdist/conf/type/__motd/manifest +++ b/cdist/conf/type/__motd/manifest @@ -34,9 +34,17 @@ os=$(cat "$__global/explorer/os") case "$os" in debian|ubuntu|devuan) + # Debian-based systems use /etc/motd.tail as a template destination=/etc/motd.tail ;; + freebsd) + # FreeBSD uses motd.template to prepend system information on boot + # (this actually only applies starting with version 13, + # but we fix that for whatever version in gencode-remote) + destination=/etc/motd.template + ;; *) + # Most UNIX systems, including other Linux and OpenBSD just use /etc/motd destination=/etc/motd ;; esac From 056c7c5400e7beeb15de800be6b62661998259ff Mon Sep 17 00:00:00 2001 From: Evilham Date: Sat, 25 Apr 2020 00:12:24 +0200 Subject: [PATCH 092/176] [__openldap_server] Support extra config parameter. This allows the user to, e.g. manually define ACLs, while this type does not support that. --- cdist/conf/type/__openldap_server/man.rst | 3 +++ cdist/conf/type/__openldap_server/manifest | 3 +++ cdist/conf/type/__openldap_server/parameter/optional | 3 ++- 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/cdist/conf/type/__openldap_server/man.rst b/cdist/conf/type/__openldap_server/man.rst index d20101d1..fbad21d8 100644 --- a/cdist/conf/type/__openldap_server/man.rst +++ b/cdist/conf/type/__openldap_server/man.rst @@ -92,6 +92,9 @@ tls-ca Required if `tls-cert` is defined. Path in the remote hosts to the PEM-encoded CA certificate file. +extra-config + Custom settings to be added in `slapd.conf(5)`. + OPTIONAL MULTIPLE PARAMETERS ---------------------------- diff --git a/cdist/conf/type/__openldap_server/manifest b/cdist/conf/type/__openldap_server/manifest index d35603c4..84ba176f 100644 --- a/cdist/conf/type/__openldap_server/manifest +++ b/cdist/conf/type/__openldap_server/manifest @@ -9,6 +9,7 @@ slapd_modules=$(cat "${__object}/parameter/module" 2>/dev/null || true) schemas=$(cat "${__object}/parameter/schema") slapd_urls=$(tr '\n' ' ' < "${__object}/parameter/slapd-url") tls_cipher_suite=$(cat "${__object}/parameter/tls-cipher-suite" 2>/dev/null || true) +extra_config=$(cat "${__object}/parameter/extra-config" || true) os="$(cat "${__global}/explorer/os")" @@ -231,6 +232,8 @@ index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub index entryCSN,entryUUID eq +${extra_config} + serverid ${serverid} EOF diff --git a/cdist/conf/type/__openldap_server/parameter/optional b/cdist/conf/type/__openldap_server/parameter/optional index a92b9c6e..71c64659 100644 --- a/cdist/conf/type/__openldap_server/parameter/optional +++ b/cdist/conf/type/__openldap_server/parameter/optional @@ -5,4 +5,5 @@ admin-email tls-cipher-suite tls-cert tls-privkey -tls-ca \ No newline at end of file +tls-ca +extra-config From 5981d0a5f1deb2e60ea3c95ad3b535f1425060f6 Mon Sep 17 00:00:00 2001 From: Evilham Date: Sat, 25 Apr 2020 00:22:28 +0200 Subject: [PATCH 093/176] [__postfix] Automagically support more OSs by not checking too much. It is quite likely that the package is going to be called postfix, rather than trying to have an exhaustive "allow list" for this package, we can just add special cases for OSs where that is not the case (not aware of any atm). --- cdist/conf/type/__postfix/manifest | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/cdist/conf/type/__postfix/manifest b/cdist/conf/type/__postfix/manifest index f3616979..121bba96 100755 --- a/cdist/conf/type/__postfix/manifest +++ b/cdist/conf/type/__postfix/manifest @@ -19,16 +19,4 @@ # along with cdist. If not, see . # - -os=$(cat "$__global/explorer/os") - -case "$os" in - alpine|ubuntu|debian|archlinux|suse|scientific|centos|devuan) - __package postfix --state present - ;; - *) - echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2 - echo "Please contribute an implementation for it if you can." >&2 - exit 1 - ;; -esac +__package postfix --state present From fefe90e9c9bde2ad00c142c01d5a588eb99751e5 Mon Sep 17 00:00:00 2001 From: Evilham Date: Sat, 25 Apr 2020 12:23:27 +0200 Subject: [PATCH 094/176] [__pf*] (~) __pf_ruleset (+)__pf_apply_anchor, deprecate __pf_apply MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit __pf_apply the way it exists on cdist is not really useful and __pf_ruleset does not take advantage of other types as it should, being instead overly complex and not as reliable. The new __pf_ruleset is compatible with the previous one, and __pf_apply_anchors allows for a simple and powerful way of managing pf anchors. The functionality previously provided by __pf_apply is still possible out of the box in __pf_ruleset. These patches were mostly contributed by Kamila Součková and made fit for upstreaming by Evilham. --- cdist/conf/type/__pf_apply/deprecated | 1 + .../gencode-remote} | 28 +++---- cdist/conf/type/__pf_apply_anchor/man.rst | 62 ++++++++++++++ .../type/__pf_apply_anchor/parameter/optional | 1 + cdist/conf/type/__pf_ruleset/gencode-local | 81 ------------------- cdist/conf/type/__pf_ruleset/man.rst | 14 ++-- .../__pf_ruleset/{gencode-remote => manifest} | 47 +++++------ 7 files changed, 105 insertions(+), 129 deletions(-) create mode 100644 cdist/conf/type/__pf_apply/deprecated rename cdist/conf/type/{__pf_ruleset/explorer/cksum => __pf_apply_anchor/gencode-remote} (55%) create mode 100644 cdist/conf/type/__pf_apply_anchor/man.rst create mode 100644 cdist/conf/type/__pf_apply_anchor/parameter/optional delete mode 100755 cdist/conf/type/__pf_ruleset/gencode-local rename cdist/conf/type/__pf_ruleset/{gencode-remote => manifest} (51%) diff --git a/cdist/conf/type/__pf_apply/deprecated b/cdist/conf/type/__pf_apply/deprecated new file mode 100644 index 00000000..36cfed90 --- /dev/null +++ b/cdist/conf/type/__pf_apply/deprecated @@ -0,0 +1 @@ +Consider moving to __pf_apply_anchor. Get in touch if you need __pf_apply. diff --git a/cdist/conf/type/__pf_ruleset/explorer/cksum b/cdist/conf/type/__pf_apply_anchor/gencode-remote similarity index 55% rename from cdist/conf/type/__pf_ruleset/explorer/cksum rename to cdist/conf/type/__pf_apply_anchor/gencode-remote index 9be6c901..36c26521 100755 --- a/cdist/conf/type/__pf_ruleset/explorer/cksum +++ b/cdist/conf/type/__pf_apply_anchor/gencode-remote @@ -1,6 +1,6 @@ -#!/bin/sh +#!/bin/sh -e # -# 2012 Jake Guffey (jake.guffey at eprotex.com) +# 2016 Kamila Součková (coding at kamila.is) # # This file is part of cdist. # @@ -18,24 +18,16 @@ # along with cdist. If not, see . # # -# Get the 256 bit SHA2 checksum of the pf ruleset on the target host. +# Apply pf(4) ruleset on *BSD # -# Debug -#exec >&2 -#set -x +ANCHORS_DIR="/etc/pf.d" -# Check /etc/rc.conf for pf's configuration file name. Default to /etc/pf.conf -# See if file exists and if so, get checksum - -RC="/etc/rc.conf" -TMP="$(grep '^pf_rules=' ${RC} | cut -d= -f2 | sed 's/"//g')" -PFCONF="${TMP:-"/etc/pf.conf"}" - -if [ -f "${PFCONF}" ]; then # The pf config file exists, find its cksum. - cksum -o 1 "${PFCONF}" | cut -d= -f2 | awk '{print $1}' +if [ -f "${__object}/parameter/anchor_name" ]; then + anchor_name="$(cat "${__object}/parameter/anchor_name")" +else + anchor_name="${__object_id}" fi +anchor_file="${ANCHORS_DIR}/${anchor_name}" -# Debug -#set +x - +echo "pfctl -a \"${anchor_name}\" -f \"${anchor_file}\"" diff --git a/cdist/conf/type/__pf_apply_anchor/man.rst b/cdist/conf/type/__pf_apply_anchor/man.rst new file mode 100644 index 00000000..aef6cdf4 --- /dev/null +++ b/cdist/conf/type/__pf_apply_anchor/man.rst @@ -0,0 +1,62 @@ +cdist-type__pf_apply_anchor(7) +============================== + +NAME +---- +cdist-type__pf_apply_anchor - Apply a pf(4) anchor on $__target_host + + +DESCRIPTION +----------- +This type is used on \*BSD systems to manage anchors for the pf firewall. + +Notice this type does not take care of copying the ruleset, that must be +done by the user with, e.g. `__file`. + + +OPTIONAL PARAMETERS +------------------- +anchor_name + The name of the anchor to apply. If not set, `${__object_id}` is used. + This type requires `/etc/pf.d/${anchor_name}` to exist on + `$__target_host`. + + +EXAMPLES +-------- + +.. code-block:: sh + + # Copy anchor file to ${__target_host} + __file "/etc/pf.d/80_dns" --source - < +Kamila Součková +Jake Guffey + + +COPYING +------- +Copyright \(C) 2020 Evilham. +Copyright \(C) 2016 Kamila Součková. +Copyright \(C) 2012 Jake Guffey. You can redistribute it +and/or modify it under the terms of the GNU General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. diff --git a/cdist/conf/type/__pf_apply_anchor/parameter/optional b/cdist/conf/type/__pf_apply_anchor/parameter/optional new file mode 100644 index 00000000..b9f61e28 --- /dev/null +++ b/cdist/conf/type/__pf_apply_anchor/parameter/optional @@ -0,0 +1 @@ +anchor_name diff --git a/cdist/conf/type/__pf_ruleset/gencode-local b/cdist/conf/type/__pf_ruleset/gencode-local deleted file mode 100755 index 11bfb0b1..00000000 --- a/cdist/conf/type/__pf_ruleset/gencode-local +++ /dev/null @@ -1,81 +0,0 @@ -#!/bin/sh -e -# -# 2012 Jake Guffey (jake.guffey at eprotex.com) -# -# This file is part of cdist. -# -# cdist is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# cdist is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with cdist. If not, see . -# -# -# Manage pf(4) on *BSD -# - -# Debug -#exec >&2 -#set -x - -# Send files to $__target_host via $__remote_copy - -uname=$(uname) # Need to know what the cdist host is running so we know how to compute the ruleset's checksum -state=$(cat "$__object/parameter/state") - -if [ "$state" = "absent" ]; then # There is nothing more for a *local* script to do - exit 0 -fi - -if [ -f "$__object/parameter/source" ]; then - source=$(cat "$__object/parameter/source") -fi - -rcvar=$(cat "$__object/explorer/rcvar") -cksum=$(cat "$__object/explorer/cksum") - - -cat <&2 - exit 1 - ;; -esac - -# IPv6 fix -if $(echo "${__target_host}" | grep -q -E '^[0-9a-fA-F:]+$') -then - my_target_host="[${__target_host}]" -else - my_target_host="${__target_host}" -fi - -if [ -n "${cksum}" ]; then - if [ ! "\${currentSum}" = "${cksum}" ]; then - $__remote_copy "${source}" "\${my_target_host}:${rcvar}.new" - fi -else # File just doesn't exist yet - $__remote_copy "${source}" "\${my_target_host}:${rcvar}.new" -fi -EOF - -# Debug -#exec +x - diff --git a/cdist/conf/type/__pf_ruleset/man.rst b/cdist/conf/type/__pf_ruleset/man.rst index 5719e94e..db8873ac 100644 --- a/cdist/conf/type/__pf_ruleset/man.rst +++ b/cdist/conf/type/__pf_ruleset/man.rst @@ -10,6 +10,9 @@ DESCRIPTION ----------- This type is used on \*BSD systems to manage the pf firewall's ruleset. +It will also enable and disable the pf firewall as requested in the `state` +parameter. + REQUIRED PARAMETERS ------------------- @@ -20,9 +23,8 @@ state OPTIONAL PARAMETERS ------------------- source - If supplied, use to define the ruleset to load onto the $__target_host for pf(4). - Note that this type is almost useless without a ruleset defined, but it's technically not - needed, e.g. for the case of disabling the firewall temporarily. + Required when state is "present". + Defines the ruleset to load onto the $__target_host for `pf(4)`. EXAMPLES @@ -30,10 +32,10 @@ EXAMPLES .. code-block:: sh - # Remove the current ruleset in place + # Remove the current ruleset in place and disable pf __pf_ruleset --state absent - # Enable the firewall with the ruleset defined in $__manifest/files/pf.conf + # Enable pf with the ruleset defined in $__manifest/files/pf.conf __pf_ruleset --state present --source $__manifest/files/pf.conf @@ -44,11 +46,13 @@ SEE ALSO AUTHORS ------- +Kamila Součková Jake Guffey COPYING ------- +Copyright \(C) 2016 Kamila Součková. Copyright \(C) 2012 Jake Guffey. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the diff --git a/cdist/conf/type/__pf_ruleset/gencode-remote b/cdist/conf/type/__pf_ruleset/manifest similarity index 51% rename from cdist/conf/type/__pf_ruleset/gencode-remote rename to cdist/conf/type/__pf_ruleset/manifest index 12760fdf..34fee5dd 100755 --- a/cdist/conf/type/__pf_ruleset/gencode-remote +++ b/cdist/conf/type/__pf_ruleset/manifest @@ -1,6 +1,6 @@ #!/bin/sh -e # -# 2012 Jake Guffey (jake.guffey at eprotex.com) +# 2016 Kamila Součková (coding at kamila.is) # # This file is part of cdist. # @@ -21,29 +21,26 @@ # Manage pf(4) on *BSD # -# Debug -#exec >&2 -#set -x - -# Remove ${rcvar} in the case of --state absent - -state=$(cat "$__object/parameter/state") -rcvar=$(cat "$__object/explorer/rcvar") - -if [ "$state" = "present" ]; then # There is nothing more for a *remote* script to do - exit 0 -elif [ "$state" = "absent" ]; then - # --state absent, so ensure that .new doesn't exist and that conf is renamed to .old - cat <&2 - exit 1 +rcvar="$(cat "${__object}/explorer/rcvar")" +state="$(cat "${__object}/parameter/state")" +if [ -f "${__object}/parameter/source" ]; then + source="$(cat "${__object}/parameter/source")" fi +if [ "${state}" = "absent" ]; then + action="/etc/rc.d/pf stop" +else + action="/etc/rc.d/pf reload || /etc/rc.d/pf start" +fi + +__key_value __pf_ruleset/rcvar \ + --state "${state}" \ + --file /etc/rc.conf \ + --delimiter "=" \ + --key "pf_enable" \ + --value "YES" + +require="__key_value/__pf_ruleset/rcvar" __config_file ${rcvar} \ + --source "${source}" \ + --state "${state}" \ + --onchange "${action}" From 292879544154f11f4cd719ebf0c67c25000a25fd Mon Sep 17 00:00:00 2001 From: Evilham Date: Sat, 25 Apr 2020 14:54:29 +0200 Subject: [PATCH 095/176] [__pf_ruleset] Fix shellcheck issue. --- cdist/conf/type/__pf_ruleset/manifest | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cdist/conf/type/__pf_ruleset/manifest b/cdist/conf/type/__pf_ruleset/manifest index 34fee5dd..27b35328 100755 --- a/cdist/conf/type/__pf_ruleset/manifest +++ b/cdist/conf/type/__pf_ruleset/manifest @@ -40,7 +40,7 @@ __key_value __pf_ruleset/rcvar \ --key "pf_enable" \ --value "YES" -require="__key_value/__pf_ruleset/rcvar" __config_file ${rcvar} \ +require="__key_value/__pf_ruleset/rcvar" __config_file "${rcvar}" \ --source "${source}" \ --state "${state}" \ --onchange "${action}" From 04b7f240ebc1ae5b0f23279d75b65b50d062ccd1 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Sun, 26 Apr 2020 10:01:18 +0200 Subject: [PATCH 096/176] ++changelog --- docs/changelog | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/changelog b/docs/changelog index b6b1bb39..7cacf3cf 100644 --- a/docs/changelog +++ b/docs/changelog @@ -1,6 +1,16 @@ Changelog --------- +next: + * Core: Fix XDG_CONFIG_HOME config file location (Joachim Desroches) + * Type __postgres_database: Add encoding, lc-collate, lc-ctype, template parameters (Timothée Floure) + * Type __motd: Improve documentation and support for FreeBSD (Evil Ham) + * Type __openldap_server: Support extra config parameter (Evil Ham) + * Type __postfix: Automagically support more OSs by not checking too much (Evil Ham) + * New type: __pf_apply_anchor (Kamila Součková, Evil Ham) + * Type __pf_ruleset: Refactor (Kamila Součková, Evil Ham) + * Type __pf_apply: Deprecate type (Kamila Součková, Evil Ham) + 6.5.4: 2020-04-11 * Explorer init: Do not grep on non-existent init (Steven Armstrong) * Core: Bugfix to preserve conf dirs order (Steven Armstrong) From fefc828780bc76c4245fa96ef517a66ec3eda3fa Mon Sep 17 00:00:00 2001 From: Evilham Date: Sun, 26 Apr 2020 19:06:42 +0200 Subject: [PATCH 097/176] [docs] Improve cdist.cfg.skeleton --- configuration/cdist.cfg.skeleton | 3 +++ 1 file changed, 3 insertions(+) diff --git a/configuration/cdist.cfg.skeleton b/configuration/cdist.cfg.skeleton index 22c1ccaf..bfac9f5c 100644 --- a/configuration/cdist.cfg.skeleton +++ b/configuration/cdist.cfg.skeleton @@ -19,6 +19,9 @@ # such as ':' for POSIX or ';' for Windows. # If also specified at command line then values from command line are # appended to this value. +# Notice that this works in a "last one wins" fashion, so if a type is redefined +# in multiple conf_dirs, the last one in which it is defined will be used. +# Consider using a unique prefix for your own roles if this can be an issue. # conf_dir = : # # init_manifest From 678df1ec8a24b4c3884554b1931445435e098787 Mon Sep 17 00:00:00 2001 From: Evilham Date: Mon, 27 Apr 2020 01:23:48 +0200 Subject: [PATCH 098/176] [explorers] Improve *BSD support. cpu_cores and memory did lacked support for other BSDs. --- cdist/conf/explorer/cpu_cores | 4 ++++ cdist/conf/explorer/memory | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/cdist/conf/explorer/cpu_cores b/cdist/conf/explorer/cpu_cores index a52bddac..c6744142 100755 --- a/cdist/conf/explorer/cpu_cores +++ b/cdist/conf/explorer/cpu_cores @@ -32,6 +32,10 @@ case "$os" in sysctl -n hw.ncpuonline ;; + "freebsd"|"netbsd") + sysctl -n hw.ncpu + ;; + *) if [ -r /proc/cpuinfo ]; then cores="$(grep "core id" /proc/cpuinfo | sort | uniq | wc -l)" diff --git a/cdist/conf/explorer/memory b/cdist/conf/explorer/memory index 4e3efff8..302b4cda 100755 --- a/cdist/conf/explorer/memory +++ b/cdist/conf/explorer/memory @@ -29,7 +29,7 @@ case "$os" in echo "$(sysctl -n hw.memsize)/1024" | bc ;; - "openbsd") + *"bsd") echo "$(sysctl -n hw.physmem) / 1048576" | bc ;; From 0b3c417aef13eceb51195bb42e9a17205a9afc6c Mon Sep 17 00:00:00 2001 From: Ander Punnar Date: Mon, 27 Apr 2020 14:00:39 +0300 Subject: [PATCH 099/176] update README --- README | 7 ------- README.md | 20 ++++++++++++++++++++ 2 files changed, 20 insertions(+), 7 deletions(-) delete mode 100644 README create mode 100644 README.md diff --git a/README b/README deleted file mode 100644 index caf2dac8..00000000 --- a/README +++ /dev/null @@ -1,7 +0,0 @@ -cdist ------ - -cdist is a usable configuration management system. - -For the web documentation have a look at https://www.cdi.st/ -or at docs/src for reStructuredText manual. diff --git a/README.md b/README.md new file mode 100644 index 00000000..9e49b053 --- /dev/null +++ b/README.md @@ -0,0 +1,20 @@ +# cdist + +**cdist** is a usable configuration management system. + +It adheres to the [**KISS principle**](https://en.wikipedia.org/wiki/KISS_principle) +and is being used in small up to enterprise grade environments. + +For more information have a look at [**homepage**](https://cdi.st) +or at **``docs/src``** for manual in **reStructuredText** format. + +## Contributing + +Merge/Pull requests can be made in both +[upstream **GitLab**](https://code.ungleich.ch/ungleich-public/cdist/merge_requests) +(managed by [**ungleich**](https://ungleich.ch)) +and [**GitHub** project](https://github.com/ungleich/cdist/pulls). + +Issues can be made and other project management activites happen +[**only in GitLab**](https://code.ungleich.ch/ungleich-public/cdist) +(needs [**ungleich** account](https://account.ungleich.ch)). From 56a65518ab6171d0f19152642fccb94038a3c5ad Mon Sep 17 00:00:00 2001 From: Ander Punnar Date: Mon, 27 Apr 2020 15:25:43 +0300 Subject: [PATCH 100/176] README: add participating section --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index 9e49b053..0a0d6e6d 100644 --- a/README.md +++ b/README.md @@ -18,3 +18,11 @@ and [**GitHub** project](https://github.com/ungleich/cdist/pulls). Issues can be made and other project management activites happen [**only in GitLab**](https://code.ungleich.ch/ungleich-public/cdist) (needs [**ungleich** account](https://account.ungleich.ch)). + +## Participating + +IRC: ``#cdist`` @ freenode + +Matrix: ``#cdist:ungleich.ch`` + +Mattermost: https://chat.ungleich.ch/ungleich/channels/cdist From b31e13eacf2cb23e6a7bdadc33741026ae88553a Mon Sep 17 00:00:00 2001 From: Ander Punnar Date: Mon, 27 Apr 2020 16:30:52 +0300 Subject: [PATCH 101/176] README: add bits about cdist-contrib --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 0a0d6e6d..de6901c7 100644 --- a/README.md +++ b/README.md @@ -19,6 +19,9 @@ Issues can be made and other project management activites happen [**only in GitLab**](https://code.ungleich.ch/ungleich-public/cdist) (needs [**ungleich** account](https://account.ungleich.ch)). +For community-maintained types there is +[**cdist-contrib** project](https://code.ungleich.ch/ungleich-public/cdist-contrib). + ## Participating IRC: ``#cdist`` @ freenode From 515992249de513492a725dbf4072a6c3f376668a Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Mon, 27 Apr 2020 22:55:57 +0200 Subject: [PATCH 102/176] ++changelog --- docs/changelog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/changelog b/docs/changelog index 7cacf3cf..1e213187 100644 --- a/docs/changelog +++ b/docs/changelog @@ -10,6 +10,8 @@ next: * New type: __pf_apply_anchor (Kamila Součková, Evil Ham) * Type __pf_ruleset: Refactor (Kamila Součková, Evil Ham) * Type __pf_apply: Deprecate type (Kamila Součková, Evil Ham) + * Configuration: Add notes to cdist.cfg.skeleton (Evil Ham) + * Explorers cpu_cores, memory: Improve *BSD support (Evil Ham) 6.5.4: 2020-04-11 * Explorer init: Do not grep on non-existent init (Steven Armstrong) From ea3bd14d8b377818a16578bd5032a853188baeec Mon Sep 17 00:00:00 2001 From: Evilham Date: Tue, 28 Apr 2020 14:54:51 +0200 Subject: [PATCH 103/176] [logging] Mute warning on return_output=True when running scripts. This fixes #806 which contains more information about the issue. The TL;DR: this warning is not being useful and hinders debugging types because it creates an innecessary line for each explorer. An alternative proposal was #807 but was abandoned in favour of just dropping the warning. --- cdist/exec/remote.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/cdist/exec/remote.py b/cdist/exec/remote.py index e0ef66ec..f72bf3bf 100644 --- a/cdist/exec/remote.py +++ b/cdist/exec/remote.py @@ -280,9 +280,6 @@ class Remote(object): assert isinstance(command, (list, tuple)), ( "list or tuple argument expected, got: %s" % command) - if return_output and stdout is not subprocess.PIPE: - self.log.debug("return_output is True, ignoring stdout") - close_stdout = False close_stderr = False if self.save_output_streams: From 250161e42d1fe32bcb7b6945014aa4786d3b46ed Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Tue, 28 Apr 2020 23:08:03 +0200 Subject: [PATCH 104/176] ++ --- docs/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/changelog b/docs/changelog index 1e213187..c29f70de 100644 --- a/docs/changelog +++ b/docs/changelog @@ -12,6 +12,7 @@ next: * Type __pf_apply: Deprecate type (Kamila Součková, Evil Ham) * Configuration: Add notes to cdist.cfg.skeleton (Evil Ham) * Explorers cpu_cores, memory: Improve *BSD support (Evil Ham) + * Core: Remove debug logging noise (Evil Ham) 6.5.4: 2020-04-11 * Explorer init: Do not grep on non-existent init (Steven Armstrong) From 310045d9fb5a5a63a337867a90009f89e0ded5ed Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Fri, 1 May 2020 13:02:00 +0200 Subject: [PATCH 105/176] Release 6.5.5 --- docs/changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/changelog b/docs/changelog index c29f70de..e6a7927e 100644 --- a/docs/changelog +++ b/docs/changelog @@ -1,7 +1,7 @@ Changelog --------- -next: +6.5.5: 2020-05-01 * Core: Fix XDG_CONFIG_HOME config file location (Joachim Desroches) * Type __postgres_database: Add encoding, lc-collate, lc-ctype, template parameters (Timothée Floure) * Type __motd: Improve documentation and support for FreeBSD (Evil Ham) From f58d662b32fb9c1c226b5340ccd06c6dd3e2a3f9 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Fri, 1 May 2020 15:28:01 +0200 Subject: [PATCH 106/176] [__pyvenv] Switch to python3 -m venv for ubuntu --- cdist/conf/type/__pyvenv/gencode-remote | 3 ++- cdist/conf/type/__pyvenv/man.rst | 5 ++--- docs/changelog | 4 ++++ 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/cdist/conf/type/__pyvenv/gencode-remote b/cdist/conf/type/__pyvenv/gencode-remote index 9c7b7fab..c5b64eff 100755 --- a/cdist/conf/type/__pyvenv/gencode-remote +++ b/cdist/conf/type/__pyvenv/gencode-remote @@ -1,6 +1,7 @@ #!/bin/sh -e # # 2016 Darko Poljak (darko.poljak at gmail.com) +# 2020 Nico Schotetlius (nico.schottelius at ungleich.ch) # # This file is part of cdist. # @@ -45,7 +46,7 @@ then pyvenv=$(cat "$pyvenvparam") else case "$os" in - alpine) # no pyvenv on alpine - I assume others will follow + alpine|ubuntu) # no pyvenv on alpine - I assume others will follow pyvenv="python3 -m venv" ;; *) diff --git a/cdist/conf/type/__pyvenv/man.rst b/cdist/conf/type/__pyvenv/man.rst index d7de92fa..8085ff12 100644 --- a/cdist/conf/type/__pyvenv/man.rst +++ b/cdist/conf/type/__pyvenv/man.rst @@ -9,7 +9,7 @@ cdist-type__pyvenv - Create or remove python virtual environment DESCRIPTION ----------- This cdist type allows you to create or remove python virtual -environment using pyvenv. +environment using pyvenv on python3 -m venv. It assumes pyvenv is already installed. Concrete package depends on concrete OS and/or OS version/distribution. Ensure this for e.g. in your init manifest as in the following example: @@ -57,7 +57,7 @@ EXAMPLES __pyvenv /home/services/djangoenv - # Use specific pyvenv + # Use specific pyvenv __pyvenv /home/foo/fooenv --pyvenv /usr/local/bin/pyvenv-3.4 # Create python virtualenv for user foo. @@ -76,4 +76,3 @@ COPYING ------- Copyright \(C) 2016 Darko Poljak. Free use of this software is granted under the terms of the GNU General Public License v3 or later (GPLv3+). - diff --git a/docs/changelog b/docs/changelog index e6a7927e..4ee47d37 100644 --- a/docs/changelog +++ b/docs/changelog @@ -1,6 +1,10 @@ Changelog --------- +next: + * Type __pyvenv: Switch to python3 -m venv for Ubuntu (Nico Schottelius) + + 6.5.5: 2020-05-01 * Core: Fix XDG_CONFIG_HOME config file location (Joachim Desroches) * Type __postgres_database: Add encoding, lc-collate, lc-ctype, template parameters (Timothée Floure) From d4059fd29ecb93e094c411bb8ca09a234904b763 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Fri, 1 May 2020 15:31:23 +0200 Subject: [PATCH 107/176] [__letsencrypt_cert] whitelist Ubuntu --- cdist/conf/type/__letsencrypt_cert/manifest | 3 +++ docs/changelog | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/cdist/conf/type/__letsencrypt_cert/manifest b/cdist/conf/type/__letsencrypt_cert/manifest index 68ecf9d4..b4464366 100755 --- a/cdist/conf/type/__letsencrypt_cert/manifest +++ b/cdist/conf/type/__letsencrypt_cert/manifest @@ -91,6 +91,9 @@ if [ -z "${certbot_fullpath}" ]; then certbot_fullpath=/usr/local/bin/certbot ;; + ubuntu) + __package certbot + ;; *) echo "Unsupported os: $os" >&2 exit 1 diff --git a/docs/changelog b/docs/changelog index 4ee47d37..e61933ab 100644 --- a/docs/changelog +++ b/docs/changelog @@ -3,7 +3,7 @@ Changelog next: * Type __pyvenv: Switch to python3 -m venv for Ubuntu (Nico Schottelius) - + * Type __letsencrypt_cert: Whitelist Ubuntu (Nico Schottelius) 6.5.5: 2020-05-01 * Core: Fix XDG_CONFIG_HOME config file location (Joachim Desroches) From 6f4649efc69593fb4178fb6c2c5c95bbd93054d1 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Fri, 8 May 2020 16:08:21 +0200 Subject: [PATCH 108/176] Reference the new cdist chat on matrix --- docs/src/cdist-support.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/src/cdist-support.rst b/docs/src/cdist-support.rst index 19afde2f..f9f61f01 100644 --- a/docs/src/cdist-support.rst +++ b/docs/src/cdist-support.rst @@ -3,7 +3,7 @@ Support Chat ~~~~ -Chat with us: `ungleich chat `_. +Chat with us on `#cdist:ungleich.ch `_. Mailing list ~~~~~~~~~~~~ From 42f2dceeb12fee55616202bf085e6823d18ee714 Mon Sep 17 00:00:00 2001 From: Matthias Stecher Date: Sat, 9 May 2020 18:40:44 +0200 Subject: [PATCH 109/176] [__link] fix typo in the manual --- cdist/conf/type/__link/man.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cdist/conf/type/__link/man.rst b/cdist/conf/type/__link/man.rst index fe0ce425..2e81aea9 100644 --- a/cdist/conf/type/__link/man.rst +++ b/cdist/conf/type/__link/man.rst @@ -18,7 +18,7 @@ source Specifies the link source. type - Specifies the link type: Either hard or symoblic. + Specifies the link type: Either hard or symbolic. OPTIONAL PARAMETERS From dcfabf9268865794602d3e59af2f312a1b0392f0 Mon Sep 17 00:00:00 2001 From: Matthias Stecher Date: Sat, 16 May 2020 14:00:02 +0200 Subject: [PATCH 110/176] [__cron] add hint for default values of time-related parameters This should resolve some misunderstanding when leave a time-related parameter with it's default value. --- cdist/conf/type/__cron/man.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cdist/conf/type/__cron/man.rst b/cdist/conf/type/__cron/man.rst index d0694738..e39bfb5c 100644 --- a/cdist/conf/type/__cron/man.rst +++ b/cdist/conf/type/__cron/man.rst @@ -21,6 +21,11 @@ command OPTIONAL PARAMETERS ------------------- +**NOTE**: All time-related parameters (``--minute``, ``--hour``, ``--day_of_month`` +``--month`` and ``--day_of_week``) defaults to ``*``, which means to execute it +**always**. If you set ``--hour 0`` to execute the cronjob only at midnight, it +will execute **every** minute in the first hour of the morning all days. + state Either present or absent. Defaults to present. minute From 086e683c997729817300c600307592c6fc02ffd8 Mon Sep 17 00:00:00 2001 From: Matthias Stecher Date: Sat, 16 May 2020 16:33:38 +0200 Subject: [PATCH 111/176] [__file] add "default values" in manual for group, mode and owner Because at least the --mode default value may not be expected, the manual lists the "default values". As they are not explicitly set in the `__file` type, it is a bit more difficult, but should resolve to following: - the mode comes from the umask set in the cdist code to protect file creation and uses the strongest umask possible. - the owner and group comes from the ssh user, which should always be the root user. (I think this can be swaped, too, but who will?) At the owner and group parameter, it could be replaced with something like "the ssh user and group", which would be more correct, but less understandable. --- cdist/conf/type/__file/man.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cdist/conf/type/__file/man.rst b/cdist/conf/type/__file/man.rst index 7a0603bb..2f3b9e69 100644 --- a/cdist/conf/type/__file/man.rst +++ b/cdist/conf/type/__file/man.rst @@ -50,13 +50,13 @@ state create or modify it group - Group to chgrp to. + Group to chgrp to. Defaults to ``root``. mode - Unix permissions, suitable for chmod. + Unix permissions, suitable for chmod. Defaults to a very secure ``0600``. owner - User to chown to. + User to chown to. Defaults to ``root``. source If supplied, copy this file from the host running cdist to the target. From 7ca2bfc14a8ed0cb73b3a01c85a562060264d02b Mon Sep 17 00:00:00 2001 From: Evilham Date: Mon, 18 May 2020 16:00:23 +0200 Subject: [PATCH 112/176] [explorer/machine_type] Add support for FreeBSD. More research is needed for {Net,Open}BSD support. Indentation is left as-is for the linux code as I intend to simplify it in a future MR, this way the diff is minimal. --- cdist/conf/explorer/machine_type | 31 +++++++++++++++++++++++++++---- 1 file changed, 27 insertions(+), 4 deletions(-) diff --git a/cdist/conf/explorer/machine_type b/cdist/conf/explorer/machine_type index bb21f69c..fe0ae7d5 100755 --- a/cdist/conf/explorer/machine_type +++ b/cdist/conf/explorer/machine_type @@ -2,6 +2,7 @@ # # 2014 Daniel Heule (hda at sfs.biz) # 2014 Thomas Oettli (otho at sfs.biz) +# 2020 Evilham (contact at evilham.com) # # This file is part of cdist. # @@ -18,9 +19,27 @@ # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # -# -# FIXME: other system types (not linux ...) +os=$("$__explorer/os") + +case "$os" in + "freebsd") + # FreeBSD does not have /proc/cpuinfo even when procfs is used. + # Instead there is a sysctl kern.vm_guest. + # Which is 'none' if physical, else the virtualisation. + vm_guest="$(sysctl -n kern.vm_guest 2>/dev/null || true)" + if [ -n "${vm_guest}" ]; then + if [ "${vm_guest}" = "none" ]; then + echo "physical" + exit + fi + echo "virtual_by_${vm_guest}" + exit + fi + ;; + + *) + # Defaulting to linux for compatibility with previous cdist behaviour if [ -d "/proc/vz" ] && [ ! -d "/proc/bc" ]; then echo openvz @@ -72,9 +91,13 @@ if [ -r /proc/cpuinfo ]; then fi fi echo "virtual_by_unknown" + exit else echo "physical" + exit fi -else - echo "unknown" fi + ;; +esac + +echo "unknown" From cf44c4a01bcfba95e11ba8d6aa64156c5470adc1 Mon Sep 17 00:00:00 2001 From: Evilham Date: Mon, 18 May 2020 16:35:50 +0200 Subject: [PATCH 113/176] [explorer/machine_type] Simplify Linux + basic OpenBSD support. By abstracting away vendor-dependent pattern matching for the linux code, we can re-use that and be reasonably sure about OpenBSD machines being virtualised when we can identify the undelrying virtualisation technology. It remains to be solved how to tell if an OpenBSD machine is physical; in that case previous cdist behaviour ("unknown") remains. For NetBSD something similar to OpenBSD could be done, with different sysctls: hw.machine and hw.model wary of adding those without testing though, so for NetBSD previous cdist behaviour ("unknown") remains. https://netbsd.gw.com/cgi-bin/man-cgi?sysctl+7.i386+NetBSD-9.0 --- cdist/conf/explorer/machine_type | 116 ++++++++++++++++--------------- 1 file changed, 61 insertions(+), 55 deletions(-) diff --git a/cdist/conf/explorer/machine_type b/cdist/conf/explorer/machine_type index fe0ae7d5..6800234d 100755 --- a/cdist/conf/explorer/machine_type +++ b/cdist/conf/explorer/machine_type @@ -22,6 +22,18 @@ os=$("$__explorer/os") +vendor_string_to_machine_type() { + for vendor in vmware bochs kvm qemu virtualbox bhyve; do + if echo "${1}" | grep -q -i "${vendor}"; then + if [ "${vendor}" = "bochs" -o "${vendor}" = "qemu" ]; then + vendor="kvm" + fi + echo "virtual_by_${vendor}" + exit + fi + done +} + case "$os" in "freebsd") # FreeBSD does not have /proc/cpuinfo even when procfs is used. @@ -38,65 +50,59 @@ case "$os" in fi ;; + "openbsd") + # OpenBSD can also use the sysctl's: hw.vendor or hw.product. + # Note we can be reasonably sure about a machine being virtualised + # as long as we can identify the virtualisation technology. + # But not so much about it being physical... + # Patches are welcome / reach out if you have better ideas. + for sysctl in hw.vendor hw.product; do + # This exits if we can make a reasonable judgement + vendor_string_to_machine_type "$(sysctl -n "${sysctl}")" + done + ;; + *) # Defaulting to linux for compatibility with previous cdist behaviour -if [ -d "/proc/vz" ] && [ ! -d "/proc/bc" ]; then - echo openvz - exit -fi - -if [ -e "/proc/1/environ" ] && - tr '\000' '\n' < "/proc/1/environ" | grep -Eiq '^container='; then - echo lxc - exit -fi - -if [ -r /proc/cpuinfo ]; then - # this should only exist on virtual guest machines, - # tested on vmware, xen, kvm - if grep -q "hypervisor" /proc/cpuinfo; then - # this file is aviable in xen guest systems - if [ -r /sys/hypervisor/type ]; then - if grep -q -i "xen" /sys/hypervisor/type; then - echo virtual_by_xen - exit - fi - else - if [ -r /sys/class/dmi/id/product_name ]; then - if grep -q -i 'vmware' /sys/class/dmi/id/product_name; then - echo "virtual_by_vmware" - exit - elif grep -q -i 'bochs' /sys/class/dmi/id/product_name; then - echo "virtual_by_kvm" - exit - elif grep -q -i 'virtualbox' /sys/class/dmi/id/product_name; then - echo "virtual_by_virtualbox" - exit - fi - fi - - if [ -r /sys/class/dmi/id/sys_vendor ]; then - if grep -q -i 'qemu' /sys/class/dmi/id/sys_vendor; then - echo "virtual_by_kvm" - exit - fi - fi - - if [ -r /sys/class/dmi/id/chassis_vendor ]; then - if grep -q -i 'qemu' /sys/class/dmi/id/chassis_vendor; then - echo "virtual_by_kvm" - exit - fi - fi + if [ -d "/proc/vz" ] && [ ! -d "/proc/bc" ]; then + echo openvz + exit + fi + + if [ -e "/proc/1/environ" ] && + tr '\000' '\n' < "/proc/1/environ" | grep -Eiq '^container='; then + echo lxc + exit + fi + + if [ -r /proc/cpuinfo ]; then + # this should only exist on virtual guest machines, + # tested on vmware, xen, kvm, bhyve + if grep -q "hypervisor" /proc/cpuinfo; then + # this file is aviable in xen guest systems + if [ -r /sys/hypervisor/type ]; then + if grep -q -i "xen" /sys/hypervisor/type; then + echo virtual_by_xen + exit + fi + else + for vendor_file in /sys/class/dmi/id/product_name \ + /sys/class/dmi/id/sys_vendor \ + /sys/class/dmi/id/chasis_vendor; do + if [ -r ${vendor_file} ]; then + # This exits if we can make a reasonable judgement + vendor_string_to_machine_type "$(cat "${vendor_file}")" + fi + done + fi + echo "virtual_by_unknown" + exit + else + echo "physical" + exit + fi fi - echo "virtual_by_unknown" - exit - else - echo "physical" - exit - fi -fi ;; esac From 8b790b0a54aecf93298c97948c48be80b67ca7b5 Mon Sep 17 00:00:00 2001 From: Evilham Date: Mon, 18 May 2020 16:47:20 +0200 Subject: [PATCH 114/176] [explorer/machine_type] Make shellcheck happy! --- cdist/conf/explorer/machine_type | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cdist/conf/explorer/machine_type b/cdist/conf/explorer/machine_type index 6800234d..1c84f4d7 100755 --- a/cdist/conf/explorer/machine_type +++ b/cdist/conf/explorer/machine_type @@ -25,7 +25,7 @@ os=$("$__explorer/os") vendor_string_to_machine_type() { for vendor in vmware bochs kvm qemu virtualbox bhyve; do if echo "${1}" | grep -q -i "${vendor}"; then - if [ "${vendor}" = "bochs" -o "${vendor}" = "qemu" ]; then + if [ "${vendor}" = "bochs" ] || [ "${vendor}" = "qemu" ]; then vendor="kvm" fi echo "virtual_by_${vendor}" From 6d502f737aac8a836949d2b4b8a55c8ba20161fa Mon Sep 17 00:00:00 2001 From: Evilham Date: Mon, 18 May 2020 18:37:16 +0200 Subject: [PATCH 115/176] [__ssh_authorizedkey{,s}] Improve documentation. --- cdist/conf/type/__ssh_authorized_key/man.rst | 16 +++++----- cdist/conf/type/__ssh_authorized_keys/man.rst | 29 ++++++++++--------- 2 files changed, 25 insertions(+), 20 deletions(-) diff --git a/cdist/conf/type/__ssh_authorized_key/man.rst b/cdist/conf/type/__ssh_authorized_key/man.rst index 087a3dae..5bae02aa 100644 --- a/cdist/conf/type/__ssh_authorized_key/man.rst +++ b/cdist/conf/type/__ssh_authorized_key/man.rst @@ -15,25 +15,27 @@ This type was created to be used by the __ssh_authorized_keys type. REQUIRED PARAMETERS ------------------- file - the authorized_keys file to which the given key should be added + The authorized_keys file where the given key should be managed. key - a string containing the ssh keytype, base 64 encoded key and optional - trailing comment which shall be added to the given authorized_keys file. + The ssh key which shall be managed in this authorized_keys file. + Must be a string containing the ssh keytype, base 64 encoded key and + optional trailing comment which shall be added to the given + authorized_keys file. OPTIONAL PARAMETERS ------------------- comment - explicit comment instead of the one which may be trailing the given key + Use this comment instead of the one which may be trailing in the key. option - an option to set for this authorized_key entry. + An option to set for this authorized_key entry. Can be specified multiple times. See sshd(8) for available options. state - if the given keys should be 'present' or 'absent', defaults to 'present'. + If the managed key should be 'present' or 'absent', defaults to 'present'. MESSAGES @@ -64,7 +66,7 @@ EXAMPLES SEE ALSO -------- -:strong:`cdist__ssh_authorized_keys`\ (7), :strong:`sshd`\ (8) +:strong:`cdist-type__ssh_authorized_keys`\ (7), :strong:`sshd`\ (8) AUTHORS diff --git a/cdist/conf/type/__ssh_authorized_keys/man.rst b/cdist/conf/type/__ssh_authorized_keys/man.rst index ba310ff9..93357b1d 100644 --- a/cdist/conf/type/__ssh_authorized_keys/man.rst +++ b/cdist/conf/type/__ssh_authorized_keys/man.rst @@ -20,42 +20,45 @@ then left to the user to ensure that the file exists and that ownership and permissions work with ssh. -REQUIRED PARAMETERS -------------------- +REQUIRED MULTIPLE PARAMETERS +---------------------------- key - the ssh key which shall be added to this authorized_keys file. - Must be a string and can be specified multiple times. + An ssh key which shall be managed in this authorized_keys file. + Must be a string containing the ssh keytype, base 64 encoded key and + optional trailing comment which shall be added to the given + authorized_keys file. + Can be specified multiple times. OPTIONAL PARAMETERS ------------------- comment - explicit comment instead of the one which may be trailing the given key + Use this comment instead of the one which may be trailing in each key. file - an alternative destination file, defaults to ~$owner/.ssh/authorized_keys + An alternative destination file, defaults to ~$owner/.ssh/authorized_keys. option - an option to set for all created authorized_key entries. + An option to set for all authorized_key entries in the key parameter. Can be specified multiple times. See sshd(8) for available options. owner - the user owning the authorized_keys file, defaults to object_id. + The user owning the authorized_keys file, defaults to object_id. state - if the given keys should be 'present' or 'absent', defaults to 'present'. + If the given keys should be 'present' or 'absent', defaults to 'present'. BOOLEAN PARAMETERS ------------------ noparent - don't create or change ownership and permissions of the directory containing - the authorized_keys file + Don't create or change ownership and permissions of the directory containing + the authorized_keys file. nofile - don't manage existence, ownership and permissions of the the authorized_keys - file + Don't manage existence, ownership and permissions of the the authorized_keys + file. EXAMPLES From f9afac4dd617c5ee7934cdb03477e6a30ae70af7 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Mon, 18 May 2020 19:51:08 +0200 Subject: [PATCH 116/176] ++changelog --- docs/changelog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/changelog b/docs/changelog index e61933ab..013e0083 100644 --- a/docs/changelog +++ b/docs/changelog @@ -4,6 +4,9 @@ Changelog next: * Type __pyvenv: Switch to python3 -m venv for Ubuntu (Nico Schottelius) * Type __letsencrypt_cert: Whitelist Ubuntu (Nico Schottelius) + * Types __cron, __file, __link: Improve manpages (Matthias Stecher) + * Explorer machine_type: Add support for FreeBSD and OpenBSD, and simplify Linux code (Evil Ham) + * Type __ssh_authorized_key, __ssh_authorized_keys: Improve manpages (Evil Ham) 6.5.5: 2020-05-01 * Core: Fix XDG_CONFIG_HOME config file location (Joachim Desroches) From ad58ea79c2cd3edd11a828d26a28975aa332bdd0 Mon Sep 17 00:00:00 2001 From: Evilham Date: Mon, 18 May 2020 20:01:01 +0200 Subject: [PATCH 117/176] [__ssh_authorized_keys] Fix bug where --option was not multiple This went against both documentation and intent. --- cdist/conf/type/__ssh_authorized_keys/parameter/optional | 1 - .../conf/type/__ssh_authorized_keys/parameter/optional_multiple | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) create mode 100644 cdist/conf/type/__ssh_authorized_keys/parameter/optional_multiple diff --git a/cdist/conf/type/__ssh_authorized_keys/parameter/optional b/cdist/conf/type/__ssh_authorized_keys/parameter/optional index 21f9bc29..fa64fc43 100644 --- a/cdist/conf/type/__ssh_authorized_keys/parameter/optional +++ b/cdist/conf/type/__ssh_authorized_keys/parameter/optional @@ -1,5 +1,4 @@ comment file -option owner state diff --git a/cdist/conf/type/__ssh_authorized_keys/parameter/optional_multiple b/cdist/conf/type/__ssh_authorized_keys/parameter/optional_multiple new file mode 100644 index 00000000..01925a15 --- /dev/null +++ b/cdist/conf/type/__ssh_authorized_keys/parameter/optional_multiple @@ -0,0 +1 @@ +option From f354d80308b1f048416b2d52a397035a93a8ee03 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Mon, 18 May 2020 21:03:29 +0200 Subject: [PATCH 118/176] ++changelog --- docs/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/changelog b/docs/changelog index 013e0083..782d9bd7 100644 --- a/docs/changelog +++ b/docs/changelog @@ -7,6 +7,7 @@ next: * Types __cron, __file, __link: Improve manpages (Matthias Stecher) * Explorer machine_type: Add support for FreeBSD and OpenBSD, and simplify Linux code (Evil Ham) * Type __ssh_authorized_key, __ssh_authorized_keys: Improve manpages (Evil Ham) + * Type __ssh_authorized_keys: Fix bug where --option was not multiple (Evil Ham) 6.5.5: 2020-05-01 * Core: Fix XDG_CONFIG_HOME config file location (Joachim Desroches) From bf25a18a048ae3e3d1fd4a450d77fe516c18c861 Mon Sep 17 00:00:00 2001 From: Ander Punnar Date: Fri, 22 May 2020 02:31:38 +0300 Subject: [PATCH 119/176] [__group] fix --gid on freebsd --- cdist/conf/type/__group/gencode-remote | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cdist/conf/type/__group/gencode-remote b/cdist/conf/type/__group/gencode-remote index 6091c548..ff63e218 100755 --- a/cdist/conf/type/__group/gencode-remote +++ b/cdist/conf/type/__group/gencode-remote @@ -88,7 +88,7 @@ if [ "$state" = "present" ]; then fi done if [ "$os" = "freebsd" ]; then - echo pw groupadd "$@" "$name" + echo pw groupadd "$name" "$@" else echo groupadd "$@" "$name" fi From 3bcbd952698cd5a4b8333551660ba308e4f30d7b Mon Sep 17 00:00:00 2001 From: Ander Punnar Date: Fri, 22 May 2020 02:36:49 +0300 Subject: [PATCH 120/176] [__motd] debian|ubuntu|devuan use /etc/motd --- cdist/conf/type/__motd/gencode-remote | 7 ------- cdist/conf/type/__motd/manifest | 4 ---- 2 files changed, 11 deletions(-) diff --git a/cdist/conf/type/__motd/gencode-remote b/cdist/conf/type/__motd/gencode-remote index 738ea834..cb7bfc84 100755 --- a/cdist/conf/type/__motd/gencode-remote +++ b/cdist/conf/type/__motd/gencode-remote @@ -22,13 +22,6 @@ os=$(cat "$__global/explorer/os") case "$os" in - debian|ubuntu|devuan) - - # Debian and Ubuntu need to be updated, - # as seen in /etc/init.d/bootlogs - echo "uname -snrvm > /var/run/motd" - echo "cat /etc/motd.tail >> /var/run/motd" - ;; freebsd) # FreeBSD only updates /etc/motd on boot, # as seen in /etc/rc.d/motd diff --git a/cdist/conf/type/__motd/manifest b/cdist/conf/type/__motd/manifest index ded734d7..b8f74ebf 100755 --- a/cdist/conf/type/__motd/manifest +++ b/cdist/conf/type/__motd/manifest @@ -33,10 +33,6 @@ os=$(cat "$__global/explorer/os") case "$os" in - debian|ubuntu|devuan) - # Debian-based systems use /etc/motd.tail as a template - destination=/etc/motd.tail - ;; freebsd) # FreeBSD uses motd.template to prepend system information on boot # (this actually only applies starting with version 13, From 226ed02c1c2556ed30e4f8aaf1946099bd590725 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Fri, 22 May 2020 10:09:05 +0200 Subject: [PATCH 121/176] ++changelog --- docs/changelog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/changelog b/docs/changelog index 782d9bd7..f0aa3aa7 100644 --- a/docs/changelog +++ b/docs/changelog @@ -8,6 +8,8 @@ next: * Explorer machine_type: Add support for FreeBSD and OpenBSD, and simplify Linux code (Evil Ham) * Type __ssh_authorized_key, __ssh_authorized_keys: Improve manpages (Evil Ham) * Type __ssh_authorized_keys: Fix bug where --option was not multiple (Evil Ham) + * Type __motd: Debian/Ubuntu/Devuan use /etc/motd (Ander Punnar) + * Type __group: Fix --gid on FreeBSD (Ander Punnar) 6.5.5: 2020-05-01 * Core: Fix XDG_CONFIG_HOME config file location (Joachim Desroches) From 66f4421089660fc0a083abe3d2c93470eacd55ce Mon Sep 17 00:00:00 2001 From: Jaak Ristioja Date: Fri, 22 May 2020 17:14:29 +0300 Subject: [PATCH 122/176] [docs] Fixed two typos in cdist.cfg.skeleton Signed-off-by: Jaak Ristioja --- configuration/cdist.cfg.skeleton | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configuration/cdist.cfg.skeleton b/configuration/cdist.cfg.skeleton index bfac9f5c..91c5ab02 100644 --- a/configuration/cdist.cfg.skeleton +++ b/configuration/cdist.cfg.skeleton @@ -26,7 +26,7 @@ # # init_manifest # Specify default initial manifest. -# init_mainfest = +# init_manifest = # # inventory_dir # Specify inventory directory. From 716d3554f3dd9a7cf83cb0fd4f706b6458cb13d8 Mon Sep 17 00:00:00 2001 From: Ander Punnar Date: Sat, 23 May 2020 00:48:35 +0300 Subject: [PATCH 123/176] [__user] fix user delete on freebsd --- cdist/conf/type/__user/gencode-remote | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/cdist/conf/type/__user/gencode-remote b/cdist/conf/type/__user/gencode-remote index ee18c18f..41c3a57b 100755 --- a/cdist/conf/type/__user/gencode-remote +++ b/cdist/conf/type/__user/gencode-remote @@ -135,11 +135,19 @@ elif [ "$state" = "absent" ]; then if grep -q "^${name}:" "$__object/explorer/passwd"; then #user exists, but state != present, so delete it if [ -f "$__object/parameter/remove-home" ]; then - printf "userdel -r '%s' >/dev/null 2>&1\\n" "${name}" - echo "userdel -r" >> "$__messages_out" + if [ "$os" = "freebsd" ]; then + printf "pw userdel '%s' -r >/dev/null 2>&1\\n" "${name}" + else + printf "userdel -r '%s' >/dev/null 2>&1\\n" "${name}" + fi + echo "userdel -r" >> "$__messages_out" else - printf "userdel '%s' >/dev/null 2>&1\\n" "${name}" - echo "userdel" >> "$__messages_out" + if [ "$os" = "freebsd" ]; then + printf "pw userdel '%s' >/dev/null 2>&1\\n" "${name}" + else + printf "userdel '%s' >/dev/null 2>&1\\n" "${name}" + fi + echo "userdel" >> "$__messages_out" fi fi else From 6ba73c4be6a57007c035f748c3273dd7a7041992 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Sat, 23 May 2020 19:03:13 +0200 Subject: [PATCH 124/176] ++changelog --- docs/changelog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/changelog b/docs/changelog index f0aa3aa7..6746bec6 100644 --- a/docs/changelog +++ b/docs/changelog @@ -10,6 +10,8 @@ next: * Type __ssh_authorized_keys: Fix bug where --option was not multiple (Evil Ham) * Type __motd: Debian/Ubuntu/Devuan use /etc/motd (Ander Punnar) * Type __group: Fix --gid on FreeBSD (Ander Punnar) + * Configuration: Fix typos in cdist.cfg.skeleton (Jaak Ristioja) + * Type __user: Fix user deletion on FreeBSD (Ander Punnar) 6.5.5: 2020-05-01 * Core: Fix XDG_CONFIG_HOME config file location (Joachim Desroches) From f4e1bbc87e9127ed4ac1789c700e1cbee02ff61c Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Sun, 24 May 2020 01:10:56 +0200 Subject: [PATCH 125/176] Fix multiple log lines Fixes #813. --- cdist/log.py | 1 + 1 file changed, 1 insertion(+) diff --git a/cdist/log.py b/cdist/log.py index 5d431130..2d0bef0b 100644 --- a/cdist/log.py +++ b/cdist/log.py @@ -64,6 +64,7 @@ class DefaultLog(logging.Logger): def __init__(self, name): super().__init__(name) + self.propagate = False formatter = logging.Formatter(self.FORMAT) From ba64971a567722c29cfe5a93c7ccc7e03bbf7940 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Sun, 24 May 2020 17:05:01 +0200 Subject: [PATCH 126/176] ++changelog --- docs/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/changelog b/docs/changelog index 6746bec6..5a2f905a 100644 --- a/docs/changelog +++ b/docs/changelog @@ -12,6 +12,7 @@ next: * Type __group: Fix --gid on FreeBSD (Ander Punnar) * Configuration: Fix typos in cdist.cfg.skeleton (Jaak Ristioja) * Type __user: Fix user deletion on FreeBSD (Ander Punnar) + * Core: Fix double log lines (Darko Poljak) 6.5.5: 2020-05-01 * Core: Fix XDG_CONFIG_HOME config file location (Joachim Desroches) From abac79d4a50857c81e12660aaa13424d371f2137 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Mon, 25 May 2020 11:16:48 +0200 Subject: [PATCH 127/176] Release 6.5.6 --- docs/changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/changelog b/docs/changelog index 5a2f905a..ad008cb2 100644 --- a/docs/changelog +++ b/docs/changelog @@ -1,7 +1,7 @@ Changelog --------- -next: +6.5.6: 2020-05-25 * Type __pyvenv: Switch to python3 -m venv for Ubuntu (Nico Schottelius) * Type __letsencrypt_cert: Whitelist Ubuntu (Nico Schottelius) * Types __cron, __file, __link: Improve manpages (Matthias Stecher) From 29c0180204beced2813f2d1ec2b50ee069d205c6 Mon Sep 17 00:00:00 2001 From: Ander Punnar Date: Thu, 28 May 2020 23:31:13 +0300 Subject: [PATCH 128/176] [__ssh_authorized_keys] add --remove-unknown parameter --- .../type/__ssh_authorized_keys/explorer/keys | 8 ++++++ cdist/conf/type/__ssh_authorized_keys/man.rst | 9 +++++++ .../conf/type/__ssh_authorized_keys/manifest | 27 ++++++++++++++++++- .../__ssh_authorized_keys/parameter/boolean | 1 + 4 files changed, 44 insertions(+), 1 deletion(-) create mode 100755 cdist/conf/type/__ssh_authorized_keys/explorer/keys diff --git a/cdist/conf/type/__ssh_authorized_keys/explorer/keys b/cdist/conf/type/__ssh_authorized_keys/explorer/keys new file mode 100755 index 00000000..b515c630 --- /dev/null +++ b/cdist/conf/type/__ssh_authorized_keys/explorer/keys @@ -0,0 +1,8 @@ +#!/bin/sh -e + +file="$( . "$__type_explorer/file" )" + +if [ -f "$file" ] +then + cat "$file" +fi diff --git a/cdist/conf/type/__ssh_authorized_keys/man.rst b/cdist/conf/type/__ssh_authorized_keys/man.rst index 93357b1d..dac6adeb 100644 --- a/cdist/conf/type/__ssh_authorized_keys/man.rst +++ b/cdist/conf/type/__ssh_authorized_keys/man.rst @@ -60,6 +60,9 @@ nofile Don't manage existence, ownership and permissions of the the authorized_keys file. +remove-unknown + Remove undefined keys. + EXAMPLES -------- @@ -70,6 +73,12 @@ EXAMPLES __ssh_authorized_keys root \ --key "$(cat ~/.ssh/id_rsa.pub)" + # same as above, but make sure your key is only key in + # root's authorized_keys file + __ssh_authorized_keys root \ + --key "$(cat ~/.ssh/id_rsa.pub)" \ + --remove-unknown + # allow key to login as user-name __ssh_authorized_keys user-name \ --key "ssh-rsa AXYZAAB3NzaC1yc2..." diff --git a/cdist/conf/type/__ssh_authorized_keys/manifest b/cdist/conf/type/__ssh_authorized_keys/manifest index b9f0582e..b319316b 100755 --- a/cdist/conf/type/__ssh_authorized_keys/manifest +++ b/cdist/conf/type/__ssh_authorized_keys/manifest @@ -55,8 +55,12 @@ _cksum() { echo "$1" | cksum | cut -d' ' -f 1 } +_type_and_key() { + echo "$1" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }' +} + while read -r key; do - type_and_key="$(echo "$key" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }')" + type_and_key="$( _type_and_key "$key" )" object_id="$(_cksum "$file")-$(_cksum "$type_and_key")" set -- "$object_id" set -- "$@" --file "$file" @@ -72,3 +76,24 @@ while read -r key; do # Ensure __ssh_authorized_key does not read stdin __ssh_authorized_key "$@" < /dev/null done < "$__object/parameter/key" + +if [ -f "$__object/parameter/remove-unknown" ] && + [ -s "$__object/explorer/keys" ] +then + while read -r key + do + type_and_key="$( _type_and_key "$key" )" + + if grep -Fq "$type_and_key" "$__object/parameter/key" + then + continue + fi + + __ssh_authorized_key "remove-$( _cksum "$file$key" )" \ + --file "$file" \ + --key "$key" \ + --state absent \ + < /dev/null + done \ + < "$__object/explorer/keys" +fi diff --git a/cdist/conf/type/__ssh_authorized_keys/parameter/boolean b/cdist/conf/type/__ssh_authorized_keys/parameter/boolean index 4bb126fe..7388fed5 100644 --- a/cdist/conf/type/__ssh_authorized_keys/parameter/boolean +++ b/cdist/conf/type/__ssh_authorized_keys/parameter/boolean @@ -1,2 +1,3 @@ noparent nofile +remove-unknown From b354ea6e9430816bd62168c4c8e7b936ad4a4885 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Sat, 30 May 2020 10:49:13 +0200 Subject: [PATCH 129/176] ++changelog --- docs/changelog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/changelog b/docs/changelog index ad008cb2..76b5edfa 100644 --- a/docs/changelog +++ b/docs/changelog @@ -1,6 +1,9 @@ Changelog --------- +next: + * Type __ssh_authorized_keys: Add option for removing undefined keys (Ander Punnar) + 6.5.6: 2020-05-25 * Type __pyvenv: Switch to python3 -m venv for Ubuntu (Nico Schottelius) * Type __letsencrypt_cert: Whitelist Ubuntu (Nico Schottelius) From 988190363aeff5fba9be80355c318e1ff372eda9 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Sat, 30 May 2020 15:10:13 +0200 Subject: [PATCH 130/176] Resolve shellcheck SC1090 --- cdist/conf/type/__ssh_authorized_keys/explorer/keys | 1 + 1 file changed, 1 insertion(+) diff --git a/cdist/conf/type/__ssh_authorized_keys/explorer/keys b/cdist/conf/type/__ssh_authorized_keys/explorer/keys index b515c630..cec25746 100755 --- a/cdist/conf/type/__ssh_authorized_keys/explorer/keys +++ b/cdist/conf/type/__ssh_authorized_keys/explorer/keys @@ -1,5 +1,6 @@ #!/bin/sh -e +# shellcheck disable=SC1090 file="$( . "$__type_explorer/file" )" if [ -f "$file" ] From ba77ea9edcf2d99c6edd76adaa83017821babae3 Mon Sep 17 00:00:00 2001 From: Evil Ham Date: Mon, 1 Jun 2020 19:11:58 +0200 Subject: [PATCH 131/176] [UX] Add option to enable LogLevel-based coloured output. This makes it easier for new and experienced users to run cdist with higher verbosity levels, both to know that things are working as expected and to debug issues. Documentation has been modified accordingly and default behaviour is not changed. --- cdist/argparse.py | 31 ++++++++++++++++-- cdist/configuration.py | 11 +++++++ cdist/core/manifest.py | 1 + cdist/emulator.py | 3 ++ cdist/log.py | 26 ++++++++++++++- cdist/test/configuration/__init__.py | 28 +++++++++++++++++ configuration/cdist.cfg.skeleton | 6 ++++ docs/src/cdist-reference.rst.sh | 5 +++ docs/src/man1/cdist.rst | 47 +++++++++++++++++++--------- 9 files changed, 140 insertions(+), 18 deletions(-) diff --git a/cdist/argparse.py b/cdist/argparse.py index 611c484a..c30e2030 100644 --- a/cdist/argparse.py +++ b/cdist/argparse.py @@ -5,6 +5,7 @@ import logging import collections import functools import cdist.configuration +import cdist.log import cdist.preos import cdist.info @@ -88,6 +89,13 @@ def check_lower_bounded_int(value, lower_bound, name): return val +def colored_output_type(val): + boolean_states = cdist.configuration.ColoredOutputOption.BOOLEAN_STATES + if val not in boolean_states.keys(): + raise argparse.ArgumentError() + return boolean_states[val] + + def get_parsers(): global parser @@ -125,6 +133,15 @@ def get_parsers(): 'value.'), action='count', default=None) + parser['colored_output'] = argparse.ArgumentParser(add_help=False) + parser['colored_output'].add_argument( + '--colors', + help='Use a colored output for different log levels.' + 'It can be a boolean or "auto" (default) which enables this ' + 'feature if stdout is a tty and disables it otherwise.', + action='store', dest='colored_output', required=False, + type=colored_output_type) + parser['beta'] = argparse.ArgumentParser(add_help=False) parser['beta'].add_argument( '-b', '--beta', @@ -283,6 +300,7 @@ def get_parsers(): 'host', nargs='*', help='Host(s) to operate on.') parser['config'] = parser['sub'].add_parser( 'config', parents=[parser['loglevel'], parser['beta'], + parser['colored_output'], parser['common'], parser['config_main'], parser['inventory_common'], @@ -301,6 +319,7 @@ def get_parsers(): parser['add-host'] = parser['invsub'].add_parser( 'add-host', parents=[parser['loglevel'], parser['beta'], + parser['colored_output'], parser['common'], parser['inventory_common']]) parser['add-host'].add_argument( @@ -315,6 +334,7 @@ def get_parsers(): parser['add-tag'] = parser['invsub'].add_parser( 'add-tag', parents=[parser['loglevel'], parser['beta'], + parser['colored_output'], parser['common'], parser['inventory_common']]) parser['add-tag'].add_argument( @@ -346,6 +366,7 @@ def get_parsers(): parser['del-host'] = parser['invsub'].add_parser( 'del-host', parents=[parser['loglevel'], parser['beta'], + parser['colored_output'], parser['common'], parser['inventory_common']]) parser['del-host'].add_argument( @@ -363,6 +384,7 @@ def get_parsers(): parser['del-tag'] = parser['invsub'].add_parser( 'del-tag', parents=[parser['loglevel'], parser['beta'], + parser['colored_output'], parser['common'], parser['inventory_common']]) parser['del-tag'].add_argument( @@ -398,6 +420,7 @@ def get_parsers(): parser['list'] = parser['invsub'].add_parser( 'list', parents=[parser['loglevel'], parser['beta'], + parser['colored_output'], parser['common'], parser['inventory_common']]) parser['list'].add_argument( @@ -430,7 +453,7 @@ def get_parsers(): # Shell parser['shell'] = parser['sub'].add_parser( - 'shell', parents=[parser['loglevel']]) + 'shell', parents=[parser['loglevel'], parser['colored_output']]) parser['shell'].add_argument( '-s', '--shell', help=('Select shell to use, defaults to current shell. Used shell' @@ -495,9 +518,13 @@ def parse_and_configure(argv, singleton=True): log = logging.getLogger("cdist") + config = cfg.get_config() + if config.get('GLOBAL', {}).get('colored_output', False): + cdist.log.ColorFormatter.USE_COLORS = True + log.verbose("version %s" % cdist.VERSION) log.trace('command line args: {}'.format(cfg.command_line_args)) - log.trace('configuration: {}'.format(cfg.get_config())) + log.trace('configuration: {}'.format(config)) log.trace('configured args: {}'.format(args)) check_beta(vars(args)) diff --git a/cdist/configuration.py b/cdist/configuration.py index 1011a382..6f07c27f 100644 --- a/cdist/configuration.py +++ b/cdist/configuration.py @@ -27,6 +27,7 @@ import cdist.argparse import re import multiprocessing import logging +import sys class Singleton(type): @@ -47,6 +48,7 @@ _VERBOSITY_VALUES = ( _ARCHIVING_VALUES = ( 'tar', 'tgz', 'tbz2', 'txz', 'none', ) +_COLORED_OUTPUT_DEFAULT = sys.stdout.isatty() class OptionBase: @@ -246,9 +248,15 @@ class LogLevelOption(OptionBase): return VerbosityOption().translate(val) +class ColoredOutputOption(BooleanOption): + BOOLEAN_STATES = dict(configparser.ConfigParser.BOOLEAN_STATES, + auto=_COLORED_OUTPUT_DEFAULT) + + _ARG_OPTION_MAPPING = { 'beta': 'beta', 'cache_path_pattern': 'cache_path_pattern', + 'colored_output': 'colored_output', 'conf_dir': 'conf_dir', 'manifest': 'init_manifest', 'out_path': 'out_path', @@ -294,6 +302,7 @@ class Configuration(metaclass=Singleton): 'remote_shell': StringOption('remote_shell'), 'cache_path_pattern': StringOption('cache_path_pattern'), 'conf_dir': ConfDirOption(), + 'colored_output': ColoredOutputOption('colored_output'), 'init_manifest': StringOption('init_manifest'), 'out_path': StringOption('out_path'), 'remote_out_path': StringOption('remote_out_path'), @@ -319,6 +328,7 @@ class Configuration(metaclass=Singleton): 'CDIST_REMOTE_COPY': 'remote_copy', 'CDIST_INVENTORY_DIR': 'inventory_dir', 'CDIST_CACHE_PATH_PATTERN': 'cache_path_pattern', + 'CDIST_COLORED_OUTPUT': 'colored_output', '__cdist_log_level': 'verbosity', } ENV_VAR_BOOLEAN_OPTIONS = ('CDIST_BETA', ) @@ -332,6 +342,7 @@ class Configuration(metaclass=Singleton): } REQUIRED_DEFAULT_CONFIG_VALUES = { 'GLOBAL': { + 'colored_output': _COLORED_OUTPUT_DEFAULT, 'verbosity': 0, }, } diff --git a/cdist/core/manifest.py b/cdist/core/manifest.py index 8aeaf860..32520e49 100644 --- a/cdist/core/manifest.py +++ b/cdist/core/manifest.py @@ -119,6 +119,7 @@ class Manifest(object): '__cdist_log_level': util.log_level_env_var_val(self.log), '__cdist_log_level_name': util.log_level_name_env_var_val( self.log), + '__cdist_colored_log': str(cdist.log.ColorFormatter.USE_COLORS), } if dry_run: diff --git a/cdist/emulator.py b/cdist/emulator.py index 4800e2a3..87c9fe12 100644 --- a/cdist/emulator.py +++ b/cdist/emulator.py @@ -129,6 +129,9 @@ class Emulator(object): # if invalid __cdist_log_level value logging.root.setLevel(logging.WARNING) + colored_log = self.env.get('__cdist_colored_log', 'False') + cdist.log.ColorFormatter.USE_COLORS = colored_log == 'True' + self.log = logging.getLogger(self.target_host[0]) def commandline(self): diff --git a/cdist/log.py b/cdist/log.py index 2d0bef0b..5f2d8f53 100644 --- a/cdist/log.py +++ b/cdist/log.py @@ -50,6 +50,30 @@ def _trace(msg, *args, **kwargs): logging.trace = _trace +class ColorFormatter(logging.Formatter): + USE_COLORS = False + RESET = '\033[0m' + COLOR_MAP = { + 'ERROR': '\033[0;31m', + 'WARNING': '\033[0;33m', + 'INFO': '\033[0;94m', + 'VERBOSE': '\033[0;34m', + 'DEBUG': '\033[0;90m', + 'TRACE': '\033[0;37m', + } + + def __init__(self, msg): + super().__init__(msg) + + def format(self, record): + msg = super().format(record) + if self.USE_COLORS: + color = self.COLOR_MAP.get(record.levelname) + if color: + msg = color + msg + self.RESET + return msg + + class DefaultLog(logging.Logger): FORMAT = '%(levelname)s: %(message)s' @@ -66,7 +90,7 @@ class DefaultLog(logging.Logger): super().__init__(name) self.propagate = False - formatter = logging.Formatter(self.FORMAT) + formatter = ColorFormatter(self.FORMAT) self.addFilter(self) diff --git a/cdist/test/configuration/__init__.py b/cdist/test/configuration/__init__.py index 182868a6..07a73bda 100644 --- a/cdist/test/configuration/__init__.py +++ b/cdist/test/configuration/__init__.py @@ -28,10 +28,12 @@ import argparse from cdist import test import cdist.argparse as cap import logging +import sys my_dir = op.abspath(op.dirname(__file__)) fixtures = op.join(my_dir, 'fixtures') interpolation_config_file = op.join(fixtures, "interpolation-test.cfg") +colored_output_default = sys.stdout.isatty() def newConfigParser(): @@ -153,6 +155,7 @@ class ConfigurationTestCase(test.CdistTestCase): 'remote_shell': '/bin/sh', 'inventory_dir': '', 'cache_path_pattern': '', + 'colored_output': colored_output_default, 'conf_dir': '', 'init_manifest': '', 'out_path': '', @@ -184,6 +187,7 @@ class ConfigurationTestCase(test.CdistTestCase): 'remote_shell': '/bin/sh', 'inventory_dir': None, 'cache_path_pattern': None, + 'colored_output': colored_output_default, 'conf_dir': None, 'init_manifest': None, 'out_path': None, @@ -390,6 +394,7 @@ class ConfigurationTestCase(test.CdistTestCase): args = argparse.Namespace() expected_config_dict = { 'GLOBAL': { + 'colored_output': colored_output_default, 'verbosity': 0, }, } @@ -440,6 +445,7 @@ class ConfigurationTestCase(test.CdistTestCase): 'remote_shell': '/bin/sh', 'inventory_dir': None, 'cache_path_pattern': None, + 'colored_output': colored_output_default, 'conf_dir': None, 'init_manifest': None, 'out_path': None, @@ -515,6 +521,7 @@ class ConfigurationTestCase(test.CdistTestCase): 'remote_shell': '/usr/bin/sh', 'inventory_dir': '/var/db/cdist/inventory', 'cache_path_pattern': None, + 'colored_output': colored_output_default, 'conf_dir': ['/opt/cdist', ], 'init_manifest': None, 'out_path': None, @@ -556,6 +563,7 @@ class ConfigurationTestCase(test.CdistTestCase): 'remote_shell': '/bin/sh', 'inventory_dir': '', 'cache_path_pattern': '', + 'colored_output': colored_output_default, 'conf_dir': '', 'init_manifest': '', 'out_path': '', @@ -579,6 +587,7 @@ class ConfigurationTestCase(test.CdistTestCase): 'remote_shell': '/usr/bin/sh', 'inventory_dir': None, 'cache_path_pattern': None, + 'colored_output': colored_output_default, 'conf_dir': [ '/opt/cdist/conf', '/usr/local/share/cdist/conf', @@ -623,6 +632,7 @@ class ConfigurationTestCase(test.CdistTestCase): 'remote_shell': '/bin/sh', 'inventory_dir': '', 'cache_path_pattern': '', + 'colored_output': colored_output_default, 'conf_dir': '', 'init_manifest': '', 'out_path': '', @@ -645,6 +655,7 @@ class ConfigurationTestCase(test.CdistTestCase): 'local_shell': '/usr/bin/sh', 'remote_shell': '/usr/bin/sh', 'inventory_dir': '/var/db/cdist/inventory', + 'colored_output': colored_output_default, 'conf_dir': '/opt/cdist', 'remote_copy': 'myscp', 'remote_exec': 'myexec', @@ -663,6 +674,7 @@ class ConfigurationTestCase(test.CdistTestCase): 'remote_shell': '/usr/bin/sh', 'inventory_dir': '/var/db/cdist/inventory', 'cache_path_pattern': None, + 'colored_output': colored_output_default, 'conf_dir': [ '/opt/cdist/conf', '/usr/local/share/cdist/conf', @@ -694,6 +706,7 @@ class ConfigurationTestCase(test.CdistTestCase): } expected_config = { 'GLOBAL': { + 'colored_output': colored_output_default, 'verbosity': 0, }, } @@ -767,6 +780,7 @@ class ConfigurationTestCase(test.CdistTestCase): 'remote_shell': '/usr/bin/sh', 'inventory_dir': '/opt/sysadmin/cdist/inventory', 'cache_path_pattern': None, + 'colored_output': colored_output_default, 'conf_dir': [ '/opt/cdist/conf', '/usr/local/share/cdist/conf', @@ -865,6 +879,7 @@ class ConfigurationTestCase(test.CdistTestCase): 'remote_shell': '/usr/bin/sh', 'inventory_dir': '/var/db/cdist/inventory', 'cache_path_pattern': None, + 'colored_output': colored_output_default, 'conf_dir': [ '/opt/conf/cdist', ], @@ -964,6 +979,7 @@ class ConfigurationTestCase(test.CdistTestCase): 'remote_shell': '/usr/bin/sh', 'inventory_dir': '/var/db/cdist/inventory', 'cache_path_pattern': None, + 'colored_output': colored_output_default, 'conf_dir': [ '/opt/conf/cdist', ], @@ -1063,6 +1079,7 @@ class ConfigurationTestCase(test.CdistTestCase): 'remote_shell': '/usr/bin/sh', 'inventory_dir': '/var/db/cdist/inventory', 'cache_path_pattern': None, + 'colored_output': colored_output_default, 'conf_dir': [ '/opt/conf/cdist', ], @@ -1095,6 +1112,7 @@ class ConfigurationTestCase(test.CdistTestCase): 'beta': True, 'inventory_dir': '/var/db/cdist/inventory', 'cache_path_pattern': None, + 'colored_output': colored_output_default, 'conf_dir': [ '/opt/conf/cdist', ], @@ -1125,6 +1143,7 @@ class ConfigurationTestCase(test.CdistTestCase): expected_config_dict = { 'GLOBAL': { 'inventory_dir': None, + 'colored_output': colored_output_default, 'conf_dir': None, 'verbosity': 0, }, @@ -1148,6 +1167,7 @@ class ConfigurationTestCase(test.CdistTestCase): expected_config_dict = { 'GLOBAL': { + 'colored_output': colored_output_default, 'verbosity': cap.VERBOSE_DEBUG, }, } @@ -1185,6 +1205,7 @@ class ConfigurationTestCase(test.CdistTestCase): expected_config_dict = { 'GLOBAL': { + 'colored_output': colored_output_default, 'save_output_streams': True, 'verbosity': 0, }, @@ -1213,6 +1234,7 @@ class ConfigurationTestCase(test.CdistTestCase): expected_config_dict = { 'GLOBAL': { + 'colored_output': colored_output_default, 'save_output_streams': False, 'verbosity': 0, }, @@ -1241,6 +1263,7 @@ class ConfigurationTestCase(test.CdistTestCase): expected_config_dict = { 'GLOBAL': { + 'colored_output': colored_output_default, 'save_output_streams': False, 'verbosity': 0, }, @@ -1269,6 +1292,7 @@ class ConfigurationTestCase(test.CdistTestCase): expected_config_dict = { 'GLOBAL': { + 'colored_output': colored_output_default, 'save_output_streams': False, 'verbosity': 0, }, @@ -1308,6 +1332,7 @@ class ConfigurationTestCase(test.CdistTestCase): expected_config_dict = { 'GLOBAL': { + 'colored_output': colored_output_default, 'timestamp': True, 'verbosity': 0, }, @@ -1336,6 +1361,7 @@ class ConfigurationTestCase(test.CdistTestCase): expected_config_dict = { 'GLOBAL': { + 'colored_output': colored_output_default, 'timestamp': True, 'verbosity': 0, }, @@ -1364,6 +1390,7 @@ class ConfigurationTestCase(test.CdistTestCase): expected_config_dict = { 'GLOBAL': { + 'colored_output': colored_output_default, 'timestamp': False, 'verbosity': 0, }, @@ -1392,6 +1419,7 @@ class ConfigurationTestCase(test.CdistTestCase): expected_config_dict = { 'GLOBAL': { + 'colored_output': colored_output_default, 'timestamp': False, 'verbosity': 0, }, diff --git a/configuration/cdist.cfg.skeleton b/configuration/cdist.cfg.skeleton index 91c5ab02..f2a09064 100644 --- a/configuration/cdist.cfg.skeleton +++ b/configuration/cdist.cfg.skeleton @@ -13,6 +13,12 @@ # Specify cache path pattern. # cache_path_pattern = %h # +# colored_output +# Use a colored output for different log levels. +# It can be a boolean or 'auto' (default) which enables this feature if +# stdout is a tty and disables it otherwise. +# colored_output = auto +# # conf_dir # List of configuration directories separated with the character conventionally # used by the operating system to separate search path components (as in PATH), diff --git a/docs/src/cdist-reference.rst.sh b/docs/src/cdist-reference.rst.sh index e77d98f6..3b997f63 100755 --- a/docs/src/cdist-reference.rst.sh +++ b/docs/src/cdist-reference.rst.sh @@ -344,6 +344,11 @@ CDIST_INVENTORY_DIR CDIST_BETA Enable beta functionalities. +CDIST_COLORED_OUTPUT + Use a colored output for different log levels. + It can be a boolean or 'auto' (default) which enables this feature if + stdout is a tty and disables it otherwise. + CDIST_CACHE_PATH_PATTERN Custom cache path pattern. eof diff --git a/docs/src/man1/cdist.rst b/docs/src/man1/cdist.rst index 38248821..4c34c4b7 100644 --- a/docs/src/man1/cdist.rst +++ b/docs/src/man1/cdist.rst @@ -15,8 +15,9 @@ SYNOPSIS cdist banner [-h] [-l LOGLEVEL] [-q] [-v] - cdist config [-h] [-l LOGLEVEL] [-q] [-v] [-b] [-g CONFIG_FILE] [-4] - [-6] [-C CACHE_PATH_PATTERN] [-c CONF_DIR] [-i MANIFEST] + cdist config [-h] [-l LOGLEVEL] [-q] [-v] [-b] + [--colors COLORED_OUTPUT] [-g CONFIG_FILE] [-4] [-6] + [-C CACHE_PATH_PATTERN] [-c CONF_DIR] [-i MANIFEST] [-j [JOBS]] [-n] [-o OUT_PATH] [-P] [-R [{tar,tgz,tbz2,txz}]] [-r REMOTE_OUT_PATH] [--remote-copy REMOTE_COPY] [--remote-exec REMOTE_EXEC] @@ -24,8 +25,9 @@ SYNOPSIS [-p [HOST_MAX]] [-s] [-t] [host [host ...]] - cdist install [-h] [-l LOGLEVEL] [-q] [-v] [-b] [-g CONFIG_FILE] [-4] - [-6] [-C CACHE_PATH_PATTERN] [-c CONF_DIR] [-i MANIFEST] + cdist install [-h] [-l LOGLEVEL] [-q] [-v] [-b] + [--colors COLORED_OUTPUT] [-g CONFIG_FILE] [-4] [-6] + [-C CACHE_PATH_PATTERN] [-c CONF_DIR] [-i MANIFEST] [-j [JOBS]] [-n] [-o OUT_PATH] [-P] [-R [{tar,tgz,tbz2,txz}]] [-r REMOTE_OUT_PATH] [--remote-copy REMOTE_COPY] [--remote-exec REMOTE_EXEC] @@ -36,26 +38,29 @@ SYNOPSIS cdist inventory [-h] {add-host,add-tag,del-host,del-tag,list} ... cdist inventory add-host [-h] [-l LOGLEVEL] [-q] [-v] [-b] - [-g CONFIG_FILE] [-I INVENTORY_DIR] - [-f HOSTFILE] + [--colors COLORED_OUTPUT] [-g CONFIG_FILE] + [-I INVENTORY_DIR] [-f HOSTFILE] [host [host ...]] cdist inventory add-tag [-h] [-l LOGLEVEL] [-q] [-v] [-b] - [-g CONFIG_FILE] [-I INVENTORY_DIR] - [-f HOSTFILE] [-T TAGFILE] [-t TAGLIST] + [--colors COLORED_OUTPUT] [-g CONFIG_FILE] + [-I INVENTORY_DIR] [-f HOSTFILE] [-T TAGFILE] + [-t TAGLIST] [host [host ...]] cdist inventory del-host [-h] [-l LOGLEVEL] [-q] [-v] [-b] - [-g CONFIG_FILE] [-I INVENTORY_DIR] [-a] - [-f HOSTFILE] + [--colors COLORED_OUTPUT] [-g CONFIG_FILE] + [-I INVENTORY_DIR] [-a] [-f HOSTFILE] [host [host ...]] cdist inventory del-tag [-h] [-l LOGLEVEL] [-q] [-v] [-b] - [-g CONFIG_FILE] [-I INVENTORY_DIR] [-a] - [-f HOSTFILE] [-T TAGFILE] [-t TAGLIST] + [--colors COLORED_OUTPUT] [-g CONFIG_FILE] + [-I INVENTORY_DIR] [-a] [-f HOSTFILE] + [-T TAGFILE] [-t TAGLIST] [host [host ...]] - cdist inventory list [-h] [-l LOGLEVEL] [-q] [-v] [-b] [-g CONFIG_FILE] + cdist inventory list [-h] [-l LOGLEVEL] [-q] [-v] [-b] + [--colors COLORED_OUTPUT] [-g CONFIG_FILE] [-I INVENTORY_DIR] [-a] [-f HOSTFILE] [-H] [-t] [host [host ...]] @@ -84,9 +89,11 @@ SYNOPSIS [-S SCRIPT] [-s SUITE] [-y REMOTE_COPY] target_dir - cdist shell [-h] [-l LOGLEVEL] [-q] [-v] [-s SHELL] + cdist shell [-h] [-l LOGLEVEL] [-q] [-v] [--colors COLORED_OUTPUT] + [-s SHELL] - cdist info [-h] [-a] [-c CONF_DIR] [-e] [-F] [-f] [-g CONFIG_FILE] [-t] [pattern] + cdist info [-h] [-a] [-c CONF_DIR] [-e] [-F] [-f] [-g CONFIG_FILE] [-t] + [pattern] DESCRIPTION @@ -104,6 +111,11 @@ All commands accept the following options: **-h, --help** Show the help screen. +**--colors COLORED_OUTPUT** + Use a colored output for different log levels.It can + be a boolean or "auto" (default) which enables this + feature if stdout is a tty and disables it otherwise. + **-l LOGLEVEL, --log-level LOGLEVEL** Set the specified verbosity level. The levels, in order from the lowest to the highest, are: ERROR (-1), @@ -893,6 +905,11 @@ CDIST_BETA CDIST_CACHE_PATH_PATTERN Custom cache path pattern. +CDIST_COLORED_OUTPUT + Use a colored output for different log levels. + It can be a boolean or 'auto' (default) which enables this feature if + stdout is a tty and disables it otherwise. + CDIST_CONFIG_FILE Custom configuration file. From 9a4e3488c2104ad5562b5ab9aad8120969df73a8 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Mon, 1 Jun 2020 19:17:02 +0200 Subject: [PATCH 132/176] ++changelog --- docs/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/changelog b/docs/changelog index 76b5edfa..5408c54f 100644 --- a/docs/changelog +++ b/docs/changelog @@ -3,6 +3,7 @@ Changelog next: * Type __ssh_authorized_keys: Add option for removing undefined keys (Ander Punnar) + * Core: Support colored log output (Evil Ham) 6.5.6: 2020-05-25 * Type __pyvenv: Switch to python3 -m venv for Ubuntu (Nico Schottelius) From 55ebd1a4c56e788b18911f273d931f950a0c5271 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Mon, 1 Jun 2020 20:22:40 +0200 Subject: [PATCH 133/176] Fix man build failure in newer sphinx versions --- cdist/sphinxext/manpage.py | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/cdist/sphinxext/manpage.py b/cdist/sphinxext/manpage.py index 135fe22e..1f8ac4f6 100644 --- a/cdist/sphinxext/manpage.py +++ b/cdist/sphinxext/manpage.py @@ -7,6 +7,7 @@ from docutils.io import FileOutput from os import path from sphinx.util.nodes import inline_all_toctrees from sphinx import addnodes +from sphinx.util import logging """ Extension based on sphinx builtin manpage. @@ -15,6 +16,9 @@ from sphinx import addnodes """ +logger = logging.getLogger(__name__) + + class ManualPageTranslator(sphinx.writers.manpage.ManualPageTranslator): def header(self): @@ -28,7 +32,7 @@ class ManualPageWriter(sphinx.writers.manpage.ManualPageWriter): def __init__(self, builder): super().__init__(builder) self.translator_class = ( - self.builder.translator_class or ManualPageTranslator) + self.builder.get_translator_class() or ManualPageTranslator) class ManualPageBuilder(sphinx.builders.manpage.ManualPageBuilder): @@ -43,7 +47,7 @@ class ManualPageBuilder(sphinx.builders.manpage.ManualPageBuilder): components=(docwriter,), read_config_files=True).get_default_values() - self.info(bold('writing... '), nonl=True) + logger.info(bold('writing... '), nonl=True) for info in self.config.man_pages: docname, name, description, authors, section = info @@ -54,7 +58,7 @@ class ManualPageBuilder(sphinx.builders.manpage.ManualPageBuilder): authors = [] targetname = '%s.%s' % (name, section) - self.info(darkgreen(targetname) + ' { ', nonl=True) + logger.info(darkgreen(targetname) + ' { ', nonl=True) destination = FileOutput( destination_path=path.join(self.outdir, targetname), encoding='utf-8') @@ -63,7 +67,7 @@ class ManualPageBuilder(sphinx.builders.manpage.ManualPageBuilder): docnames = set() largetree = inline_all_toctrees(self, docnames, docname, tree, darkgreen, [docname]) - self.info('} ', nonl=True) + logger.info('} ', nonl=True) self.env.resolve_references(largetree, docname, self) # remove pending_xref nodes for pendingnode in largetree.traverse(addnodes.pending_xref): @@ -76,7 +80,7 @@ class ManualPageBuilder(sphinx.builders.manpage.ManualPageBuilder): largetree.settings.section = section docwriter.write(largetree, destination) - self.info() + logger.info("") def setup(app): From 48d66b014351982e70aa3e065ffc1ed344660bab Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Mon, 1 Jun 2020 22:25:15 +0200 Subject: [PATCH 134/176] ++changelog --- docs/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/changelog b/docs/changelog index 5408c54f..5b57e98b 100644 --- a/docs/changelog +++ b/docs/changelog @@ -4,6 +4,7 @@ Changelog next: * Type __ssh_authorized_keys: Add option for removing undefined keys (Ander Punnar) * Core: Support colored log output (Evil Ham) + * Documentation: Fix failing man pages build with newer sphinx versions (Darko Poljak) 6.5.6: 2020-05-25 * Type __pyvenv: Switch to python3 -m venv for Ubuntu (Nico Schottelius) From 6a611e556a54a60952a833989a5a0fca79011217 Mon Sep 17 00:00:00 2001 From: Daniel Heule Date: Tue, 2 Jun 2020 13:40:21 +0200 Subject: [PATCH 135/176] fix os explorer for sles15 --- cdist/conf/explorer/os | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cdist/conf/explorer/os b/cdist/conf/explorer/os index 563fa4cf..2d2aede6 100755 --- a/cdist/conf/explorer/os +++ b/cdist/conf/explorer/os @@ -143,6 +143,11 @@ case "$uname_s" in esac if [ -f /etc/os-release ]; then + # after sles15, suse don't provide an /etc/SuSE-release anymore, but there is almost no difference between sles and opensuse leap, so call it suse + if grep -q ^ID_LIKE=\"suse\" /etc/os-release 2>/dev/null; then + echo suse + exit 0 + fi # already lowercase, according to: # https://www.freedesktop.org/software/systemd/man/os-release.html awk -F= '/^ID=/ { if ($2 ~ /^'"'"'(.*)'"'"'$/ || $2 ~ /^"(.*)"$/) { print substr($2, 2, length($2) - 2) } else { print $2 } }' /etc/os-release From 747c6b10762e18bbda24fbb876ac2e88f29dc70b Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Wed, 3 Jun 2020 21:45:04 +0200 Subject: [PATCH 136/176] Respect NO_COLOR environment variable --- cdist/argparse.py | 23 +++++++++-------------- cdist/config.py | 1 + cdist/configuration.py | 28 +++++++++++++++++++--------- cdist/core/manifest.py | 2 +- cdist/emulator.py | 4 ++-- cdist/log.py | 19 ++++++++++--------- cdist/test/configuration/__init__.py | 2 +- configuration/cdist.cfg.skeleton | 6 ++++-- 8 files changed, 47 insertions(+), 38 deletions(-) diff --git a/cdist/argparse.py b/cdist/argparse.py index c30e2030..0782654f 100644 --- a/cdist/argparse.py +++ b/cdist/argparse.py @@ -89,13 +89,6 @@ def check_lower_bounded_int(value, lower_bound, name): return val -def colored_output_type(val): - boolean_states = cdist.configuration.ColoredOutputOption.BOOLEAN_STATES - if val not in boolean_states.keys(): - raise argparse.ArgumentError() - return boolean_states[val] - - def get_parsers(): global parser @@ -140,7 +133,7 @@ def get_parsers(): 'It can be a boolean or "auto" (default) which enables this ' 'feature if stdout is a tty and disables it otherwise.', action='store', dest='colored_output', required=False, - type=colored_output_type) + choices=cdist.configuration.ColoredOutputOption.CHOICES) parser['beta'] = argparse.ArgumentParser(add_help=False) parser['beta'].add_argument( @@ -501,7 +494,12 @@ def handle_loglevel(args): if hasattr(args, 'quiet') and args.quiet: args.verbose = _verbosity_level_off - logging.root.setLevel(_verbosity_level[args.verbose]) + logging.getLogger().setLevel(_verbosity_level[args.verbose]) + + +def handle_log_colors(args): + if cdist.configuration.ColoredOutputOption.translate(args.colored_output): + cdist.log.DefaultLog.USE_COLORS = True def parse_and_configure(argv, singleton=True): @@ -515,16 +513,13 @@ def parse_and_configure(argv, singleton=True): raise cdist.Error(str(e)) # Loglevels are handled globally in here handle_loglevel(args) + handle_log_colors(args) log = logging.getLogger("cdist") - config = cfg.get_config() - if config.get('GLOBAL', {}).get('colored_output', False): - cdist.log.ColorFormatter.USE_COLORS = True - log.verbose("version %s" % cdist.VERSION) log.trace('command line args: {}'.format(cfg.command_line_args)) - log.trace('configuration: {}'.format(config)) + log.trace('configuration: {}'.format(cfg.get_config())) log.trace('configured args: {}'.format(args)) check_beta(vars(args)) diff --git a/cdist/config.py b/cdist/config.py index 97cc1da6..b2d72f05 100644 --- a/cdist/config.py +++ b/cdist/config.py @@ -203,6 +203,7 @@ class Config(object): cdist.log.setupParallelLogging() elif args.timestamp: cdist.log.setupTimestampingLogging() + log = logging.getLogger("config") # No new child process if only one host at a time. diff --git a/cdist/configuration.py b/cdist/configuration.py index 6f07c27f..c0fbc063 100644 --- a/cdist/configuration.py +++ b/cdist/configuration.py @@ -48,7 +48,6 @@ _VERBOSITY_VALUES = ( _ARCHIVING_VALUES = ( 'tar', 'tgz', 'tbz2', 'txz', 'none', ) -_COLORED_OUTPUT_DEFAULT = sys.stdout.isatty() class OptionBase: @@ -249,8 +248,22 @@ class LogLevelOption(OptionBase): class ColoredOutputOption(BooleanOption): - BOOLEAN_STATES = dict(configparser.ConfigParser.BOOLEAN_STATES, - auto=_COLORED_OUTPUT_DEFAULT) + CHOICES = tuple(configparser.ConfigParser.BOOLEAN_STATES) + ('auto',) + DEFAULT = 'auto' + + def get_converter(self): + return self.translate + + @staticmethod + def translate(val): + if 'NO_COLOR' in os.environ: + return False + elif isinstance(val, bool): + return val + elif val == 'auto': + return sys.stdout.isatty() + else: + return configparser.ConfigParser.BOOLEAN_STATES[val] _ARG_OPTION_MAPPING = { @@ -337,12 +350,10 @@ class Configuration(metaclass=Singleton): } ARG_OPTION_MAPPING = _ARG_OPTION_MAPPING - ADJUST_ARG_OPTION_MAPPING = { - _ARG_OPTION_MAPPING[key]: key for key in _ARG_OPTION_MAPPING - } + ADJUST_ARG_OPTION_MAPPING = {v: k for k, v in _ARG_OPTION_MAPPING.items()} REQUIRED_DEFAULT_CONFIG_VALUES = { 'GLOBAL': { - 'colored_output': _COLORED_OUTPUT_DEFAULT, + 'colored_output': 'auto', 'verbosity': 0, }, } @@ -495,8 +506,7 @@ class Configuration(metaclass=Singleton): newconfig = self._read_config_file(config_file) self._update_config_dict(config, newconfig) # command line config file - if (self.args and 'config_file' in self.args and - self.args['config_file']): + if (self.args and self.args.get('config_file', None)): newconfig = self._read_config_file(self.args['config_file']) self._update_config_dict(config, newconfig) # command line diff --git a/cdist/core/manifest.py b/cdist/core/manifest.py index 32520e49..8b833ff2 100644 --- a/cdist/core/manifest.py +++ b/cdist/core/manifest.py @@ -119,7 +119,7 @@ class Manifest(object): '__cdist_log_level': util.log_level_env_var_val(self.log), '__cdist_log_level_name': util.log_level_name_env_var_val( self.log), - '__cdist_colored_log': str(cdist.log.ColorFormatter.USE_COLORS), + '__cdist_colored_log': str(self.log.USE_COLORS).lower(), } if dry_run: diff --git a/cdist/emulator.py b/cdist/emulator.py index 87c9fe12..4eaf2c93 100644 --- a/cdist/emulator.py +++ b/cdist/emulator.py @@ -129,8 +129,8 @@ class Emulator(object): # if invalid __cdist_log_level value logging.root.setLevel(logging.WARNING) - colored_log = self.env.get('__cdist_colored_log', 'False') - cdist.log.ColorFormatter.USE_COLORS = colored_log == 'True' + colored_log = self.env.get('__cdist_colored_log', 'false') + cdist.log.ColorFormatter.USE_COLORS = colored_log == 'true' self.log = logging.getLogger(self.target_host[0]) diff --git a/cdist/log.py b/cdist/log.py index 5f2d8f53..19efebdb 100644 --- a/cdist/log.py +++ b/cdist/log.py @@ -51,7 +51,6 @@ logging.trace = _trace class ColorFormatter(logging.Formatter): - USE_COLORS = False RESET = '\033[0m' COLOR_MAP = { 'ERROR': '\033[0;31m', @@ -62,20 +61,19 @@ class ColorFormatter(logging.Formatter): 'TRACE': '\033[0;37m', } - def __init__(self, msg): - super().__init__(msg) + def __init__(self, fmt): + super().__init__(fmt=fmt) def format(self, record): msg = super().format(record) - if self.USE_COLORS: - color = self.COLOR_MAP.get(record.levelname) - if color: - msg = color + msg + self.RESET + color = self.COLOR_MAP.get(record.levelname) + if color: + msg = color + msg + self.RESET return msg class DefaultLog(logging.Logger): - + USE_COLORS = False FORMAT = '%(levelname)s: %(message)s' class StdoutFilter(logging.Filter): @@ -90,7 +88,10 @@ class DefaultLog(logging.Logger): super().__init__(name) self.propagate = False - formatter = ColorFormatter(self.FORMAT) + if self.USE_COLORS: + formatter = ColorFormatter(self.FORMAT) + else: + formatter = logging.Formatter(self.FORMAT) self.addFilter(self) diff --git a/cdist/test/configuration/__init__.py b/cdist/test/configuration/__init__.py index 07a73bda..5305b6d3 100644 --- a/cdist/test/configuration/__init__.py +++ b/cdist/test/configuration/__init__.py @@ -33,7 +33,7 @@ import sys my_dir = op.abspath(op.dirname(__file__)) fixtures = op.join(my_dir, 'fixtures') interpolation_config_file = op.join(fixtures, "interpolation-test.cfg") -colored_output_default = sys.stdout.isatty() +colored_output_default = 'auto' def newConfigParser(): diff --git a/configuration/cdist.cfg.skeleton b/configuration/cdist.cfg.skeleton index f2a09064..0730201d 100644 --- a/configuration/cdist.cfg.skeleton +++ b/configuration/cdist.cfg.skeleton @@ -17,6 +17,8 @@ # Use a colored output for different log levels. # It can be a boolean or 'auto' (default) which enables this feature if # stdout is a tty and disables it otherwise. +# Colored output is always disabled if the NO_COLOR environment variable is +# defined (https://no-color.org/). # colored_output = auto # # conf_dir @@ -51,7 +53,7 @@ # # out_path # Directory to save cdist output in. -# out_path = +# out_path = # # parallel # Process hosts in parallel. If -1 then the default, number of CPU's in @@ -77,6 +79,6 @@ # remote_shell = /bin/sh # # verbosity -# Set verbosity level. Valid values are: +# Set verbosity level. Valid values are: # ERROR, WARNING, INFO, VERBOSE, DEBUG, TRACE and OFF. # verbosity = INFO From cdb0d2be413114a237a0f56c948cc5cd6cfc2b0b Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Wed, 3 Jun 2020 23:21:50 +0200 Subject: [PATCH 137/176] Patch tests --- cdist/configuration.py | 4 ++++ cdist/test/configuration/__init__.py | 9 ++++++--- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/cdist/configuration.py b/cdist/configuration.py index c0fbc063..f68a5e09 100644 --- a/cdist/configuration.py +++ b/cdist/configuration.py @@ -266,6 +266,10 @@ class ColoredOutputOption(BooleanOption): return configparser.ConfigParser.BOOLEAN_STATES[val] +ColoredOutputOption.DEFAULT = ColoredOutputOption.translate( + ColoredOutputOption.DEFAULT) + + _ARG_OPTION_MAPPING = { 'beta': 'beta', 'cache_path_pattern': 'cache_path_pattern', diff --git a/cdist/test/configuration/__init__.py b/cdist/test/configuration/__init__.py index 5305b6d3..3fd24ca5 100644 --- a/cdist/test/configuration/__init__.py +++ b/cdist/test/configuration/__init__.py @@ -187,7 +187,8 @@ class ConfigurationTestCase(test.CdistTestCase): 'remote_shell': '/bin/sh', 'inventory_dir': None, 'cache_path_pattern': None, - 'colored_output': colored_output_default, + 'colored_output': cc.ColoredOutputOption.translate( + colored_output_default), 'conf_dir': None, 'init_manifest': None, 'out_path': None, @@ -587,7 +588,8 @@ class ConfigurationTestCase(test.CdistTestCase): 'remote_shell': '/usr/bin/sh', 'inventory_dir': None, 'cache_path_pattern': None, - 'colored_output': colored_output_default, + 'colored_output': cc.ColoredOutputOption.translate( + colored_output_default), 'conf_dir': [ '/opt/cdist/conf', '/usr/local/share/cdist/conf', @@ -674,7 +676,8 @@ class ConfigurationTestCase(test.CdistTestCase): 'remote_shell': '/usr/bin/sh', 'inventory_dir': '/var/db/cdist/inventory', 'cache_path_pattern': None, - 'colored_output': colored_output_default, + 'colored_output': cc.ColoredOutputOption.translate( + colored_output_default), 'conf_dir': [ '/opt/cdist/conf', '/usr/local/share/cdist/conf', From 89e48734bf13446024e9009bce7e77cbd4255840 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Fri, 5 Jun 2020 12:22:49 +0200 Subject: [PATCH 138/176] Let config file and command line override NO_COLOR envvar --- cdist/configuration.py | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/cdist/configuration.py b/cdist/configuration.py index f68a5e09..a12940b0 100644 --- a/cdist/configuration.py +++ b/cdist/configuration.py @@ -256,14 +256,12 @@ class ColoredOutputOption(BooleanOption): @staticmethod def translate(val): - if 'NO_COLOR' in os.environ: - return False - elif isinstance(val, bool): + if isinstance(val, bool): return val - elif val == 'auto': - return sys.stdout.isatty() - else: + elif val in configparser.ConfigParser.BOOLEAN_STATES: return configparser.ConfigParser.BOOLEAN_STATES[val] + elif val == 'auto': + return 'NO_COLOR' not in os.environ and sys.stdout.isatty() ColoredOutputOption.DEFAULT = ColoredOutputOption.translate( From 790c6efae9e379cb140e59469f07d2c3732f536c Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Fri, 5 Jun 2020 13:56:30 +0200 Subject: [PATCH 139/176] Update colored output documentation --- docs/src/cdist-reference.rst.sh | 38 +++++++++++++++++++++++++++------ docs/src/man1/cdist.rst | 35 +++++++++++++++++------------- 2 files changed, 51 insertions(+), 22 deletions(-) diff --git a/docs/src/cdist-reference.rst.sh b/docs/src/cdist-reference.rst.sh index 3b997f63..a841862e 100755 --- a/docs/src/cdist-reference.rst.sh +++ b/docs/src/cdist-reference.rst.sh @@ -34,7 +34,7 @@ dest="$__cdist_abs_mydir/$filename" cd "$__cdist_abs_mydir" exec > "$dest" -cat << eof +cat << eof Reference ========= Variable, path and type reference for cdist @@ -51,7 +51,7 @@ eof done ) -cat << eof +cat << eof Paths ----- @@ -187,13 +187,13 @@ usable within a object directory: files This directory is reserved for user data and will not be used - by cdist at any time. It can be used freely by the type + by cdist at any time. It can be used freely by the type (for instance to store template results). changed This empty file exists in an object directory, if the object has code to be executed (either remote or local). stdin - This file exists and contains data, if data was provided on stdin + This file exists and contains data, if data was provided on stdin when the type was called. @@ -222,65 +222,89 @@ __cdist_log_level, __cdist_log_level_name | TRACE | 5 | +----------------+-----------------+ + Available for: initial manifest, explorer, type manifest, type explorer, + type gencode. +__cdist_colored_log + whether or not cdist's log has colors enabled. + Is set to the string ``true`` if cdist's output is using colors, + otherwise the variable contains the string ``false``. + Available for: initial manifest, explorer, type manifest, type explorer, type gencode. __cdist_dry_run Is set only when doing dry run (``-n`` flag). + Available for: initial manifest, explorer, type manifest, type explorer, type gencode. __explorer Directory that contains all global explorers. + Available for: initial manifest, explorer, type explorer, shell. __files Directory that contains content from the "files" subdirectories from the configuration directories. + Available for: initial manifest, type manifest, type gencode, shell. __manifest Directory that contains the initial manifest. + Available for: initial manifest, type manifest, shell. __global Directory that contains generic output like explorer. + Available for: initial manifest, type manifest, type gencode, shell. __messages_in File to read messages from. + Available for: initial manifest, type manifest, type gencode. __messages_out File to write messages. + Available for: initial manifest, type manifest, type gencode. __object Directory that contains the current object. + Available for: type manifest, type explorer, type gencode and code scripts. __object_id The type unique object id. + Available for: type manifest, type explorer, type gencode and code scripts. - Note: The leading and the trailing "/" will always be stripped (caused by - the filesystem database and ensured by the core). - Note: Double slashes ("//") will not be fixed and result in an error. + + | Note: The leading and the trailing "/" will always be stripped (caused by + the filesystem database and ensured by the core). + | Note: Double slashes ("//") will not be fixed and result in an error. __object_name The full qualified name of the current object. + Available for: type manifest, type explorer, type gencode. __target_host The host we are deploying to. This is primary variable. It's content is literally the one user passed in. + Available for: explorer, initial manifest, type explorer, type manifest, type gencode, shell. __target_hostname The hostname of host we are deploying to. This variable is derived from **__target_host** (using **socket.getaddrinfo(__target_host)** and then **socket.gethostbyaddr()**). + Available for: explorer, initial manifest, type explorer, type manifest, type gencode, shell. __target_fqdn The fully qualified domain name of the host we are deploying to. This variable is derived from **__target_host** (using **socket.getfqdn()**). + Available for: explorer, initial manifest, type explorer, type manifest, type gencode, shell. __target_host_tags Comma separated list of target host tags. + Available for: explorer, initial manifest, type explorer, type manifest, type gencode, shell. __type Path to the current type. + Available for: type manifest, type gencode. __type_explorer Directory that contains the type explorers. + Available for: type explorer. Environment variables (for writing) diff --git a/docs/src/man1/cdist.rst b/docs/src/man1/cdist.rst index 4c34c4b7..4def97b5 100644 --- a/docs/src/man1/cdist.rst +++ b/docs/src/man1/cdist.rst @@ -112,9 +112,13 @@ All commands accept the following options: Show the help screen. **--colors COLORED_OUTPUT** - Use a colored output for different log levels.It can - be a boolean or "auto" (default) which enables this - feature if stdout is a tty and disables it otherwise. + Colorize cdist's output. If enabled, cdist will use different colors for + different log levels. + COLORED_OUTPUT recognizes the boolean values 'yes'/'no', 'on'/'off', + 'true'/'false', '1'/'0', and 'auto' (the default). + + If the value is 'auto', colored output is enabled if stdout is a TTY + unless the NO_COLOR (https://no-color.org/) environment variable is defined. **-l LOGLEVEL, --log-level LOGLEVEL** Set the specified verbosity level. The levels, in @@ -168,7 +172,7 @@ Install command is currently in beta. **-b, --beta** Enable beta functionality. - + **-C CACHE_PATH_PATTERN, --cache-path-pattern CACHE_PATH_PATTERN** Specify custom cache path pattern. If it is not set then default hostdir is used. For more info on format see @@ -191,7 +195,7 @@ Install command is currently in beta. **-I INVENTORY_DIR, --inventory INVENTORY_DIR** Use specified custom inventory directory. Inventory - directory is set up by the following rules: if cdist + directory is set up by the following rules: if cdist configuration resolves this value then specified directory is used, if HOME env var is set then ~/.cdit/inventory is used, otherwise distribution @@ -306,7 +310,7 @@ Add host(s) to inventory database. **-I INVENTORY_DIR, --inventory INVENTORY_DIR** Use specified custom inventory directory. Inventory - directory is set up by the following rules: if cdist + directory is set up by the following rules: if cdist configuration resolves this value then specified directory is used, if HOME env var is set then ~/.cdit/inventory is used, otherwise distribution @@ -336,7 +340,7 @@ Add tag(s) to inventory database. **-I INVENTORY_DIR, --inventory INVENTORY_DIR** Use specified custom inventory directory. Inventory - directory is set up by the following rules: if cdist + directory is set up by the following rules: if cdist configuration resolves this value then specified directory is used, if HOME env var is set then ~/.cdit/inventory is used, otherwise distribution @@ -379,7 +383,7 @@ Delete host(s) from inventory database. **-I INVENTORY_DIR, --inventory INVENTORY_DIR** Use specified custom inventory directory. Inventory - directory is set up by the following rules: if cdist + directory is set up by the following rules: if cdist configuration resolves this value then specified directory is used, if HOME env var is set then ~/.cdit/inventory is used, otherwise distribution @@ -413,7 +417,7 @@ Delete tag(s) from inventory database. **-I INVENTORY_DIR, --inventory INVENTORY_DIR** Use specified custom inventory directory. Inventory - directory is set up by the following rules: if cdist + directory is set up by the following rules: if cdist configuration resolves this value then specified directory is used, if HOME env var is set then ~/.cdit/inventory is used, otherwise distribution @@ -460,7 +464,7 @@ List inventory database. **-I INVENTORY_DIR, --inventory INVENTORY_DIR** Use specified custom inventory directory. Inventory - directory is set up by the following rules: if cdist + directory is set up by the following rules: if cdist configuration resolves this value then specified directory is used, if HOME env var is set then ~/.cdit/inventory is used, otherwise distribution @@ -685,6 +689,9 @@ The possible keywords and their meanings are as follows: :strong:`cache_path_pattern` Specify cache path pattern. +:strong:`colored_output` + Colorize cdist's output. cf. the :code:`--colors` option. + :strong:`conf_dir` List of configuration directories separated with the character conventionally used by the operating system to separate search path components (as in PATH), @@ -738,7 +745,7 @@ The possible keywords and their meanings are as follows: in the format: YYYYMMDDHHMMSS.us. :strong:`verbosity` - Set verbosity level. Valid values are: + Set verbosity level. Valid values are: 'ERROR', 'WARNING', 'INFO', 'VERBOSE', 'DEBUG', 'TRACE' and 'OFF'. @@ -770,7 +777,7 @@ cdist/preos NOTES ----- cdist detects if host is specified by IPv6 address. If so then remote_copy -command is executed with host address enclosed in square brackets +command is executed with host address enclosed in square brackets (see :strong:`scp`\ (1)). EXAMPLES @@ -906,9 +913,7 @@ CDIST_CACHE_PATH_PATTERN Custom cache path pattern. CDIST_COLORED_OUTPUT - Use a colored output for different log levels. - It can be a boolean or 'auto' (default) which enables this feature if - stdout is a tty and disables it otherwise. + Colorize cdist's output. cf. the :code:`--colors` option. CDIST_CONFIG_FILE Custom configuration file. From 7a570f8692a727662a6eda2c13f2b578b55864e4 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Fri, 5 Jun 2020 13:59:17 +0200 Subject: [PATCH 140/176] [cdist.cfg.skeleton] Update colored_output documentation based on cdist(1) --- configuration/cdist.cfg.skeleton | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/configuration/cdist.cfg.skeleton b/configuration/cdist.cfg.skeleton index 0730201d..9c66b51b 100644 --- a/configuration/cdist.cfg.skeleton +++ b/configuration/cdist.cfg.skeleton @@ -14,11 +14,12 @@ # cache_path_pattern = %h # # colored_output -# Use a colored output for different log levels. -# It can be a boolean or 'auto' (default) which enables this feature if -# stdout is a tty and disables it otherwise. -# Colored output is always disabled if the NO_COLOR environment variable is -# defined (https://no-color.org/). +# Colorize cdist's output. If enabled, cdist will use different colors for +# different log levels. +# Recognized values are 'yes'/'no', 'on'/'off', 'true'/'false', '1'/'0', +# and 'auto' +# If the value is 'auto', colored output is enabled if stdout is a TTY +# unless the NO_COLOR (https://no-color.org/) environment variable is defined. # colored_output = auto # # conf_dir From 23e66e08fab14f254c426c88271f461fe8499ba4 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Sat, 6 Jun 2020 13:39:29 +0200 Subject: [PATCH 141/176] Restrict colored_output value to always/never/auto. --- cdist/argparse.py | 7 +++---- cdist/configuration.py | 8 +++++--- configuration/cdist.cfg.skeleton | 7 +++---- docs/src/cdist-reference.rst.sh | 6 +++--- docs/src/man1/cdist.rst | 6 +++--- 5 files changed, 17 insertions(+), 17 deletions(-) diff --git a/cdist/argparse.py b/cdist/argparse.py index 0782654f..85dba246 100644 --- a/cdist/argparse.py +++ b/cdist/argparse.py @@ -128,10 +128,9 @@ def get_parsers(): parser['colored_output'] = argparse.ArgumentParser(add_help=False) parser['colored_output'].add_argument( - '--colors', - help='Use a colored output for different log levels.' - 'It can be a boolean or "auto" (default) which enables this ' - 'feature if stdout is a tty and disables it otherwise.', + '--colors', metavar='WHEN', + help="Colorize cdist's output based on log level; " + "WHEN is 'always', 'never', or 'auto'.", action='store', dest='colored_output', required=False, choices=cdist.configuration.ColoredOutputOption.CHOICES) diff --git a/cdist/configuration.py b/cdist/configuration.py index a12940b0..4ba43a7a 100644 --- a/cdist/configuration.py +++ b/cdist/configuration.py @@ -248,7 +248,7 @@ class LogLevelOption(OptionBase): class ColoredOutputOption(BooleanOption): - CHOICES = tuple(configparser.ConfigParser.BOOLEAN_STATES) + ('auto',) + CHOICES = ('always', 'never', 'auto') DEFAULT = 'auto' def get_converter(self): @@ -258,8 +258,10 @@ class ColoredOutputOption(BooleanOption): def translate(val): if isinstance(val, bool): return val - elif val in configparser.ConfigParser.BOOLEAN_STATES: - return configparser.ConfigParser.BOOLEAN_STATES[val] + elif val == 'always': + return True + elif val == 'never': + return False elif val == 'auto': return 'NO_COLOR' not in os.environ and sys.stdout.isatty() diff --git a/configuration/cdist.cfg.skeleton b/configuration/cdist.cfg.skeleton index 9c66b51b..14861592 100644 --- a/configuration/cdist.cfg.skeleton +++ b/configuration/cdist.cfg.skeleton @@ -16,10 +16,9 @@ # colored_output # Colorize cdist's output. If enabled, cdist will use different colors for # different log levels. -# Recognized values are 'yes'/'no', 'on'/'off', 'true'/'false', '1'/'0', -# and 'auto' -# If the value is 'auto', colored output is enabled if stdout is a TTY -# unless the NO_COLOR (https://no-color.org/) environment variable is defined. +# Recognized values are 'always', 'never', and 'auto'. +# If the value is 'auto', colors are enabled if stdout is a TTY unless +# the NO_COLOR (https://no-color.org/) environment variable is defined. # colored_output = auto # # conf_dir diff --git a/docs/src/cdist-reference.rst.sh b/docs/src/cdist-reference.rst.sh index a841862e..c0ac2c3e 100755 --- a/docs/src/cdist-reference.rst.sh +++ b/docs/src/cdist-reference.rst.sh @@ -369,9 +369,9 @@ CDIST_BETA Enable beta functionalities. CDIST_COLORED_OUTPUT - Use a colored output for different log levels. - It can be a boolean or 'auto' (default) which enables this feature if - stdout is a tty and disables it otherwise. + Colorize cdist's output. If enabled, cdist will use different colors for + different log levels. + Recognized values are 'always', 'never', and 'auto' (the default). CDIST_CACHE_PATH_PATTERN Custom cache path pattern. diff --git a/docs/src/man1/cdist.rst b/docs/src/man1/cdist.rst index 4def97b5..760ff8f6 100644 --- a/docs/src/man1/cdist.rst +++ b/docs/src/man1/cdist.rst @@ -111,11 +111,11 @@ All commands accept the following options: **-h, --help** Show the help screen. -**--colors COLORED_OUTPUT** +**--colors WHEN** Colorize cdist's output. If enabled, cdist will use different colors for different log levels. - COLORED_OUTPUT recognizes the boolean values 'yes'/'no', 'on'/'off', - 'true'/'false', '1'/'0', and 'auto' (the default). + COLORED_OUTPUT recognizes the values 'always', 'never', + and 'auto' (the default). If the value is 'auto', colored output is enabled if stdout is a TTY unless the NO_COLOR (https://no-color.org/) environment variable is defined. From 89ebd7a4f79bef894cb3f31931571cf577778b26 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Sun, 7 Jun 2020 16:45:48 +0200 Subject: [PATCH 142/176] cdist man page: update --colors metavar name --- docs/src/man1/cdist.rst | 62 ++++++++++++++++++----------------------- 1 file changed, 27 insertions(+), 35 deletions(-) diff --git a/docs/src/man1/cdist.rst b/docs/src/man1/cdist.rst index 760ff8f6..aae98538 100644 --- a/docs/src/man1/cdist.rst +++ b/docs/src/man1/cdist.rst @@ -15,21 +15,19 @@ SYNOPSIS cdist banner [-h] [-l LOGLEVEL] [-q] [-v] - cdist config [-h] [-l LOGLEVEL] [-q] [-v] [-b] - [--colors COLORED_OUTPUT] [-g CONFIG_FILE] [-4] [-6] - [-C CACHE_PATH_PATTERN] [-c CONF_DIR] [-i MANIFEST] - [-j [JOBS]] [-n] [-o OUT_PATH] [-P] + cdist config [-h] [-l LOGLEVEL] [-q] [-v] [-b] [--colors WHEN] + [-g CONFIG_FILE] [-4] [-6] [-C CACHE_PATH_PATTERN] + [-c CONF_DIR] [-i MANIFEST] [-j [JOBS]] [-n] [-o OUT_PATH] [-P] [-R [{tar,tgz,tbz2,txz}]] [-r REMOTE_OUT_PATH] [--remote-copy REMOTE_COPY] [--remote-exec REMOTE_EXEC] [-S] [-I INVENTORY_DIR] [-A] [-a] [-f HOSTFILE] [-p [HOST_MAX]] [-s] [-t] [host [host ...]] - cdist install [-h] [-l LOGLEVEL] [-q] [-v] [-b] - [--colors COLORED_OUTPUT] [-g CONFIG_FILE] [-4] [-6] - [-C CACHE_PATH_PATTERN] [-c CONF_DIR] [-i MANIFEST] - [-j [JOBS]] [-n] [-o OUT_PATH] [-P] - [-R [{tar,tgz,tbz2,txz}]] [-r REMOTE_OUT_PATH] + cdist install [-h] [-l LOGLEVEL] [-q] [-v] [-b] [--colors WHEN] + [-g CONFIG_FILE] [-4] [-6] [-C CACHE_PATH_PATTERN] + [-c CONF_DIR] [-i MANIFEST] [-j [JOBS]] [-n] [-o OUT_PATH] + [-P] [-R [{tar,tgz,tbz2,txz}]] [-r REMOTE_OUT_PATH] [--remote-copy REMOTE_COPY] [--remote-exec REMOTE_EXEC] [-S] [-I INVENTORY_DIR] [-A] [-a] [-f HOSTFILE] [-p [HOST_MAX]] [-s] [-t] @@ -37,35 +35,31 @@ SYNOPSIS cdist inventory [-h] {add-host,add-tag,del-host,del-tag,list} ... - cdist inventory add-host [-h] [-l LOGLEVEL] [-q] [-v] [-b] - [--colors COLORED_OUTPUT] [-g CONFIG_FILE] - [-I INVENTORY_DIR] [-f HOSTFILE] + cdist inventory add-host [-h] [-l LOGLEVEL] [-q] [-v] [-b] [--colors WHEN] + [-g CONFIG_FILE] [-I INVENTORY_DIR] [-f HOSTFILE] [host [host ...]] - cdist inventory add-tag [-h] [-l LOGLEVEL] [-q] [-v] [-b] - [--colors COLORED_OUTPUT] [-g CONFIG_FILE] - [-I INVENTORY_DIR] [-f HOSTFILE] [-T TAGFILE] - [-t TAGLIST] - [host [host ...]] - - cdist inventory del-host [-h] [-l LOGLEVEL] [-q] [-v] [-b] - [--colors COLORED_OUTPUT] [-g CONFIG_FILE] - [-I INVENTORY_DIR] [-a] [-f HOSTFILE] - [host [host ...]] - - cdist inventory del-tag [-h] [-l LOGLEVEL] [-q] [-v] [-b] - [--colors COLORED_OUTPUT] [-g CONFIG_FILE] - [-I INVENTORY_DIR] [-a] [-f HOSTFILE] + cdist inventory add-tag [-h] [-l LOGLEVEL] [-q] [-v] [-b] [--colors WHEN] + [-g CONFIG_FILE] [-I INVENTORY_DIR] [-f HOSTFILE] [-T TAGFILE] [-t TAGLIST] [host [host ...]] - cdist inventory list [-h] [-l LOGLEVEL] [-q] [-v] [-b] - [--colors COLORED_OUTPUT] [-g CONFIG_FILE] - [-I INVENTORY_DIR] [-a] [-f HOSTFILE] [-H] [-t] + cdist inventory del-host [-h] [-l LOGLEVEL] [-q] [-v] [-b] [--colors WHEN] + [-g CONFIG_FILE] [-I INVENTORY_DIR] [-a] + [-f HOSTFILE] + [host [host ...]] + + cdist inventory del-tag [-h] [-l LOGLEVEL] [-q] [-v] [-b] [--colors WHEN] + [-g CONFIG_FILE] [-I INVENTORY_DIR] [-a] + [-f HOSTFILE] [-T TAGFILE] [-t TAGLIST] + [host [host ...]] + + cdist inventory list [-h] [-l LOGLEVEL] [-q] [-v] [-b] [--colors WHEN] + [-g CONFIG_FILE] [-I INVENTORY_DIR] [-a] [-f HOSTFILE] + [-H] [-t] [host [host ...]] - cdist preos [-h] [-l LOGLEVEL] [-q] [-v] [-c CONF_DIR] [-g CONFIG_FILE] - [-L] + cdist preos [-h] [-l LOGLEVEL] [-q] [-v] [-c CONF_DIR] [-g CONFIG_FILE] [-L] [preos] ... cdist preos [preos-options] debian [-h] [-l LOGLEVEL] [-q] [-v] [-b] [-a ARCH] [-B] @@ -89,8 +83,7 @@ SYNOPSIS [-S SCRIPT] [-s SUITE] [-y REMOTE_COPY] target_dir - cdist shell [-h] [-l LOGLEVEL] [-q] [-v] [--colors COLORED_OUTPUT] - [-s SHELL] + cdist shell [-h] [-l LOGLEVEL] [-q] [-v] [--colors WHEN] [-s SHELL] cdist info [-h] [-a] [-c CONF_DIR] [-e] [-F] [-f] [-g CONFIG_FILE] [-t] [pattern] @@ -114,8 +107,7 @@ All commands accept the following options: **--colors WHEN** Colorize cdist's output. If enabled, cdist will use different colors for different log levels. - COLORED_OUTPUT recognizes the values 'always', 'never', - and 'auto' (the default). + WHEN recognizes the values 'always', 'never', and 'auto' (the default). If the value is 'auto', colored output is enabled if stdout is a TTY unless the NO_COLOR (https://no-color.org/) environment variable is defined. From be47619b1ed7a87090f7615c19a9504f7cf2b590 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Mon, 8 Jun 2020 09:11:51 +0200 Subject: [PATCH 143/176] ++changelog --- docs/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/changelog b/docs/changelog index 5b57e98b..94ef55d8 100644 --- a/docs/changelog +++ b/docs/changelog @@ -4,6 +4,7 @@ Changelog next: * Type __ssh_authorized_keys: Add option for removing undefined keys (Ander Punnar) * Core: Support colored log output (Evil Ham) + * Core: Tune colored log output and respect NO_COLOR env var (Dennis Camera) * Documentation: Fix failing man pages build with newer sphinx versions (Darko Poljak) 6.5.6: 2020-05-25 From f5630297bd58fc92d95ab174ed6c8a8e14abf0b9 Mon Sep 17 00:00:00 2001 From: Jaak Ristioja Date: Wed, 3 Jun 2020 23:06:49 +0300 Subject: [PATCH 144/176] [docs] Fixed typo in cdist-configuration.rst Signed-off-by: Jaak Ristioja --- docs/src/cdist-configuration.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/src/cdist-configuration.rst b/docs/src/cdist-configuration.rst index 706ed761..a2024584 100644 --- a/docs/src/cdist-configuration.rst +++ b/docs/src/cdist-configuration.rst @@ -21,7 +21,7 @@ precedence. Configuration option value read from source with higher precedence will overwrite option value, if exists, read from source with lower precedence. That means that command-line option wins them all. -Users can decide on the local conifguration file location. It can be either +Users can decide on the local configuration file location. It can be either ~/.cdist.cfg or $XDG_CONFIG_HOME/cdist/cdist.cfg. Note that, if both exist, then ~/.cdist.cfg is used. From 3d725f12dace8d2e977d408b7c01fa28b8b17bde Mon Sep 17 00:00:00 2001 From: Jaak Ristioja Date: Wed, 3 Jun 2020 23:10:27 +0300 Subject: [PATCH 145/176] [docs] Fixed a typo and s/posix/POSIX/ in cdist-why.rst Signed-off-by: Jaak Ristioja --- docs/src/cdist-why.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/src/cdist-why.rst b/docs/src/cdist-why.rst index 1123a1de..0e2cd34d 100644 --- a/docs/src/cdist-why.rst +++ b/docs/src/cdist-why.rst @@ -21,7 +21,7 @@ Not only is shell scripting widely known by system engineers, but it is also a very powerful language. Here are some features which make daily work easy: - * Configuration can react dynamicly on explored values + * Configuration can react dynamically on explored values * High level string manipulation (using sed, awk, grep) * Conditional support (**if, case**) * Loop support (**for, while**) @@ -44,7 +44,7 @@ Cdist requires very little on a target system. Even better, in almost all cases all dependencies are usually fulfilled. Cdist does not require an agent or high level programming languages on the target host: it will run on any host that -has a **ssh server running** and a posix compatible shell +has a **ssh server running** and a POSIX compatible shell (**/bin/sh**). Compared to other configuration management systems, it does not require to open up an additional port. From 46574fc5779b939db5d90e8c11f28e808be458be Mon Sep 17 00:00:00 2001 From: Jaak Ristioja Date: Wed, 3 Jun 2020 23:12:10 +0300 Subject: [PATCH 146/176] [docs] Fixed three typos in cdist-upgrade.rst Signed-off-by: Jaak Ristioja --- docs/src/cdist-upgrade.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/src/cdist-upgrade.rst b/docs/src/cdist-upgrade.rst index 67fd4934..f745b212 100644 --- a/docs/src/cdist-upgrade.rst +++ b/docs/src/cdist-upgrade.rst @@ -14,7 +14,7 @@ To upgrade cdist in the current branch use make man export MANPATH=$MANPATH:$(pwd -P)/doc/man -If you stay on a version branche (i.e. 1.0, 1.1., ...), nothing should break. +If you stay on a version branch (i.e. 1.0, 1.1., ...), nothing should break. The master branch on the other hand is the development branch and may not be working, break your setup or eat the tree in your garden. @@ -61,7 +61,7 @@ After that, you can go back and continue the upgrade: Update the python package ------------------------- -To upgrade to the lastet version do +To upgrade to the latest version do .. code-block:: sh @@ -158,7 +158,7 @@ Updating from 1.5 to 1.6 * If you used **\_\_package_apt --preseed**, you need to use the new type **\_\_debconf_set_selections** instead. * The **\_\_package** types accepted either --state deinstalled or - --state uninstaaled. Starting with 1.6, it was made consistently + --state uninstalled. Starting with 1.6, it was made consistently to --state removed. Updating from 1.3 to 1.5 From e1ff1bfdffd9a188a045669c4168dcd1fb561b0b Mon Sep 17 00:00:00 2001 From: Jaak Ristioja Date: Wed, 3 Jun 2020 23:15:38 +0300 Subject: [PATCH 147/176] [docs] Fixed two typos in cdist-real-world.rst Signed-off-by: Jaak Ristioja --- docs/src/cdist-real-world.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/src/cdist-real-world.rst b/docs/src/cdist-real-world.rst index ba118d63..973dcd6d 100644 --- a/docs/src/cdist-real-world.rst +++ b/docs/src/cdist-real-world.rst @@ -198,7 +198,7 @@ We require package uWSGI present in order to create **/etc/uwsgi/apps-enabled/$u Installation of uWSGI also creates configuration layout: **/etc/uwsgi/apps-enabled**. If this directory does not exist then **__file** type would error. We also use stdin as file content source. For details see `Input from stdin `_. -For feading stdin we use here-document (**<<** operator). It allows redirection of subsequent +For feeding stdin we use here-document (**<<** operator). It allows redirection of subsequent lines read by the shell to the input of a command until a line containing only the delimiter and a newline, with no blank characters in between (EOF in our case). @@ -546,7 +546,7 @@ we have changed our **wsgi.py** file uWSGI reloads the application. Our application selects and lists items from **items** table. -Openning application +Opening application ~~~~~~~~~~~~~~~~~~~~ Finally try the application:: From 978e24904336e6af074a7de757282456ff0314a4 Mon Sep 17 00:00:00 2001 From: Jaak Ristioja Date: Wed, 3 Jun 2020 23:23:49 +0300 Subject: [PATCH 148/176] [docs] Fixed capitalization of POSIX in cdist-install.rst Signed-off-by: Jaak Ristioja --- docs/src/cdist-install.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/src/cdist-install.rst b/docs/src/cdist-install.rst index 880b9f8e..0b65cad6 100644 --- a/docs/src/cdist-install.rst +++ b/docs/src/cdist-install.rst @@ -9,7 +9,7 @@ Source Host This is the machine from which you will configure target hosts. - * /bin/sh: A posix like shell (for instance bash, dash, zsh) + * /bin/sh: A POSIX like shell (for instance bash, dash, zsh) * Python >= 3.2 * SSH client * sphinx (for building html docs and/or the man pages) @@ -17,7 +17,7 @@ This is the machine from which you will configure target hosts. Target Hosts ~~~~~~~~~~~~ - * /bin/sh: A posix like shell (for instance bash, dash, zsh) + * /bin/sh: A POSIX like shell (for instance bash, dash, zsh) * SSH server Install cdist From dc018fdb16ba8b6044bbb55efd44e975fc5247ae Mon Sep 17 00:00:00 2001 From: Jaak Ristioja Date: Wed, 3 Jun 2020 23:25:46 +0300 Subject: [PATCH 149/176] [docs] Fixed typo in cdist-cache.rst Signed-off-by: Jaak Ristioja --- docs/src/cdist-cache.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/src/cdist-cache.rst b/docs/src/cdist-cache.rst index 0e5361ee..d2d2d56c 100644 --- a/docs/src/cdist-cache.rst +++ b/docs/src/cdist-cache.rst @@ -59,7 +59,7 @@ typeorder Object cache overview ~~~~~~~~~~~~~~~~~~~~~ -Each object under :strong:`object` directory has its own structurue. +Each object under :strong:`object` directory has its own structure. code-local code generated from gencode-local, present only if something is From 7b262c0cec2c3c42822cef103220965424500bcb Mon Sep 17 00:00:00 2001 From: Jaak Ristioja Date: Wed, 3 Jun 2020 23:27:16 +0300 Subject: [PATCH 150/176] [docs] Fixed capitalization of URLs in cdist-bootstrap.rst Signed-off-by: Jaak Ristioja --- docs/src/cdist-bootstrap.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/src/cdist-bootstrap.rst b/docs/src/cdist-bootstrap.rst index c9972a99..10f86c5a 100644 --- a/docs/src/cdist-bootstrap.rst +++ b/docs/src/cdist-bootstrap.rst @@ -25,7 +25,7 @@ people, have a look at `cdist best practice `_. Setup working directory and branch ---------------------------------- I assume you have a fresh copy of the cdist tree in ~/cdist, cloned from -one of the official urls (see `cdist quickstart `_ if you don't). +one of the official URLs (see `cdist quickstart `_ if you don't). Entering the command "git branch" should show you "* master", which indicates you are on the **master** branch. From 191f45eb7f8ab8ce97f996f3bb8375da5142d39a Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Mon, 8 Jun 2020 13:48:37 +0200 Subject: [PATCH 151/176] ++changelog --- docs/changelog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/changelog b/docs/changelog index 94ef55d8..e73cfa6f 100644 --- a/docs/changelog +++ b/docs/changelog @@ -6,6 +6,8 @@ next: * Core: Support colored log output (Evil Ham) * Core: Tune colored log output and respect NO_COLOR env var (Dennis Camera) * Documentation: Fix failing man pages build with newer sphinx versions (Darko Poljak) + * Documentation: Fix trivial grammatical mistakes (Jaak Ristioja) + * Explorer os: Fix for sles15 (Daniel Heule) 6.5.6: 2020-05-25 * Type __pyvenv: Switch to python3 -m venv for Ubuntu (Nico Schottelius) From 955243a93b28d3524f93eb6d69af1f0eec5ff36d Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Tue, 9 Jun 2020 12:51:19 +0200 Subject: [PATCH 152/176] Update cdist man page copyright years --- docs/src/man1/cdist.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/src/man1/cdist.rst b/docs/src/man1/cdist.rst index aae98538..68a9a4ee 100644 --- a/docs/src/man1/cdist.rst +++ b/docs/src/man1/cdist.rst @@ -969,5 +969,5 @@ such case and display a warning message. An example of such a case: COPYING ------- -Copyright \(C) 2011-2019 Nico Schottelius. Free use of this software is +Copyright \(C) 2011-2020 Nico Schottelius. Free use of this software is granted under the terms of the GNU General Public License v3 or later (GPLv3+). From 7c490a703d0203747e481a9fc3405bf7eb5ba01a Mon Sep 17 00:00:00 2001 From: Ander Punnar Date: Wed, 10 Jun 2020 11:38:14 +0300 Subject: [PATCH 153/176] [__clean_path] add --path parameter --- cdist/conf/type/__clean_path/explorer/list | 7 ++++++- cdist/conf/type/__clean_path/gencode-remote | 7 ++++++- cdist/conf/type/__clean_path/man.rst | 10 +++++++++- cdist/conf/type/__clean_path/parameter/optional | 1 + 4 files changed, 22 insertions(+), 3 deletions(-) diff --git a/cdist/conf/type/__clean_path/explorer/list b/cdist/conf/type/__clean_path/explorer/list index 07d38127..2bdc63a5 100755 --- a/cdist/conf/type/__clean_path/explorer/list +++ b/cdist/conf/type/__clean_path/explorer/list @@ -18,7 +18,12 @@ # along with cdist. If not, see . # -path="/$__object_id" +if [ -f "$__object/parameter/path" ] +then + path="$( cat "$__object/parameter/path" )" +else + path="/$__object_id" +fi [ ! -d "$path" ] && exit 0 diff --git a/cdist/conf/type/__clean_path/gencode-remote b/cdist/conf/type/__clean_path/gencode-remote index 998a70d8..2899c4a5 100755 --- a/cdist/conf/type/__clean_path/gencode-remote +++ b/cdist/conf/type/__clean_path/gencode-remote @@ -20,7 +20,12 @@ [ ! -s "$__object/explorer/list" ] && exit 0 -path="/$__object_id" +if [ -f "$__object/parameter/path" ] +then + path="$( cat "$__object/parameter/path" )" +else + path="/$__object_id" +fi pattern="$( cat "$__object/parameter/pattern" )" diff --git a/cdist/conf/type/__clean_path/man.rst b/cdist/conf/type/__clean_path/man.rst index 826f4589..31d90701 100644 --- a/cdist/conf/type/__clean_path/man.rst +++ b/cdist/conf/type/__clean_path/man.rst @@ -10,7 +10,7 @@ DESCRIPTION ----------- Remove files and directories which match the pattern. -Provided path (as __object_id) must be a directory. +Provided path must be a directory. Patterns are passed to ``find``'s ``-regex`` - see ``find(1)`` for more details. @@ -29,6 +29,9 @@ pattern OPTIONAL PARAMETERS ------------------- +path + Path which will be cleaned. Defaults to ``$__object_id``. + exclude Pattern of files which are excluded from removal. @@ -46,6 +49,11 @@ EXAMPLES --exclude '.+\(charset\.conf\|security\.conf\)' \ --onchange 'service apache2 restart' + __clean_path apache2-conf-enabled \ + --path /etc/apache2/conf-enabled \ + --pattern '.+' \ + --exclude '.+\(charset\.conf\|security\.conf\)' \ + --onchange 'service apache2 restart' AUTHORS ------- diff --git a/cdist/conf/type/__clean_path/parameter/optional b/cdist/conf/type/__clean_path/parameter/optional index 6f313474..3b97f71c 100644 --- a/cdist/conf/type/__clean_path/parameter/optional +++ b/cdist/conf/type/__clean_path/parameter/optional @@ -1,2 +1,3 @@ exclude onchange +path From 74e5d7182a466cd02b79137f1d73500c0cc50808 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Wed, 10 Jun 2020 10:45:20 +0200 Subject: [PATCH 154/176] ++changelog --- docs/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/changelog b/docs/changelog index e73cfa6f..bcde9268 100644 --- a/docs/changelog +++ b/docs/changelog @@ -8,6 +8,7 @@ next: * Documentation: Fix failing man pages build with newer sphinx versions (Darko Poljak) * Documentation: Fix trivial grammatical mistakes (Jaak Ristioja) * Explorer os: Fix for sles15 (Daniel Heule) + * Type __clean_path: Add --path parameter (Ander Punnar) 6.5.6: 2020-05-25 * Type __pyvenv: Switch to python3 -m venv for Ubuntu (Nico Schottelius) From 840e417eb79c7135762d3353f34a3f8330cb0e84 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Thu, 11 Jun 2020 14:16:37 +0200 Subject: [PATCH 155/176] Fix emulator colored logging --- cdist/argparse.py | 2 +- cdist/core/manifest.py | 3 ++- cdist/emulator.py | 2 +- cdist/flock.py | 1 + cdist/log.py | 16 +++++++--------- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/cdist/argparse.py b/cdist/argparse.py index 85dba246..1c83237c 100644 --- a/cdist/argparse.py +++ b/cdist/argparse.py @@ -498,7 +498,7 @@ def handle_loglevel(args): def handle_log_colors(args): if cdist.configuration.ColoredOutputOption.translate(args.colored_output): - cdist.log.DefaultLog.USE_COLORS = True + cdist.log.CdistFormatter.USE_COLORS = True def parse_and_configure(argv, singleton=True): diff --git a/cdist/core/manifest.py b/cdist/core/manifest.py index 8b833ff2..2e7b873e 100644 --- a/cdist/core/manifest.py +++ b/cdist/core/manifest.py @@ -119,7 +119,8 @@ class Manifest(object): '__cdist_log_level': util.log_level_env_var_val(self.log), '__cdist_log_level_name': util.log_level_name_env_var_val( self.log), - '__cdist_colored_log': str(self.log.USE_COLORS).lower(), + '__cdist_colored_log': str( + cdist.log.CdistFormatter.USE_COLORS).lower(), } if dry_run: diff --git a/cdist/emulator.py b/cdist/emulator.py index 4eaf2c93..08e15a78 100644 --- a/cdist/emulator.py +++ b/cdist/emulator.py @@ -130,7 +130,7 @@ class Emulator(object): logging.root.setLevel(logging.WARNING) colored_log = self.env.get('__cdist_colored_log', 'false') - cdist.log.ColorFormatter.USE_COLORS = colored_log == 'true' + cdist.log.CdistFormatter.USE_COLORS = colored_log == 'true' self.log = logging.getLogger(self.target_host[0]) diff --git a/cdist/flock.py b/cdist/flock.py index d8bac916..3afacfd9 100644 --- a/cdist/flock.py +++ b/cdist/flock.py @@ -22,6 +22,7 @@ import fcntl import logging import os +import cdist.log log = logging.getLogger('cdist-flock') diff --git a/cdist/log.py b/cdist/log.py index 19efebdb..efae2cd3 100644 --- a/cdist/log.py +++ b/cdist/log.py @@ -50,7 +50,8 @@ def _trace(msg, *args, **kwargs): logging.trace = _trace -class ColorFormatter(logging.Formatter): +class CdistFormatter(logging.Formatter): + USE_COLORS = False RESET = '\033[0m' COLOR_MAP = { 'ERROR': '\033[0;31m', @@ -66,14 +67,14 @@ class ColorFormatter(logging.Formatter): def format(self, record): msg = super().format(record) - color = self.COLOR_MAP.get(record.levelname) - if color: - msg = color + msg + self.RESET + if self.USE_COLORS: + color = self.COLOR_MAP.get(record.levelname) + if color: + msg = color + msg + self.RESET return msg class DefaultLog(logging.Logger): - USE_COLORS = False FORMAT = '%(levelname)s: %(message)s' class StdoutFilter(logging.Filter): @@ -88,10 +89,7 @@ class DefaultLog(logging.Logger): super().__init__(name) self.propagate = False - if self.USE_COLORS: - formatter = ColorFormatter(self.FORMAT) - else: - formatter = logging.Formatter(self.FORMAT) + formatter = CdistFormatter(self.FORMAT) self.addFilter(self) From 4167f9f60c30a4587b492c2fa3dce2f02ded463a Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Thu, 11 Jun 2020 14:22:54 +0200 Subject: [PATCH 156/176] Use proper format string with name --- cdist/log.py | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/cdist/log.py b/cdist/log.py index efae2cd3..790059df 100644 --- a/cdist/log.py +++ b/cdist/log.py @@ -75,7 +75,7 @@ class CdistFormatter(logging.Formatter): class DefaultLog(logging.Logger): - FORMAT = '%(levelname)s: %(message)s' + FORMAT = '%(levelname)s: %(name)s: %(message)s' class StdoutFilter(logging.Filter): def filter(self, rec): @@ -91,8 +91,6 @@ class DefaultLog(logging.Logger): formatter = CdistFormatter(self.FORMAT) - self.addFilter(self) - stdout_handler = logging.StreamHandler(sys.stdout) stdout_handler.addFilter(self.StdoutFilter()) stdout_handler.setLevel(logging.TRACE) @@ -106,13 +104,6 @@ class DefaultLog(logging.Logger): self.addHandler(stdout_handler) self.addHandler(stderr_handler) - def filter(self, record): - """Prefix messages with logger name""" - - record.msg = self.name + ": " + str(record.msg) - - return True - def verbose(self, msg, *args, **kwargs): self.log(logging.VERBOSE, msg, *args, **kwargs) @@ -134,7 +125,7 @@ class TimestampingLog(DefaultLog): class ParallelLog(DefaultLog): - FORMAT = '%(levelname)s: [%(process)d]: %(message)s' + FORMAT = '%(levelname)s: [%(process)d]: %(name)s: %(message)s' class TimestampingParallelLog(TimestampingLog, ParallelLog): From eec7ab8e4577008c6a48a473e295a9d1e31f2358 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Wed, 10 Jun 2020 16:59:18 +0200 Subject: [PATCH 157/176] Increase minimum supported Python version to 3.5 --- docs/src/cdist-install.rst | 2 +- docs/src/man1/cdist.rst | 2 +- scripts/cdist | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/src/cdist-install.rst b/docs/src/cdist-install.rst index 0b65cad6..6f4f14d7 100644 --- a/docs/src/cdist-install.rst +++ b/docs/src/cdist-install.rst @@ -10,7 +10,7 @@ Source Host This is the machine from which you will configure target hosts. * /bin/sh: A POSIX like shell (for instance bash, dash, zsh) - * Python >= 3.2 + * Python >= 3.5 * SSH client * sphinx (for building html docs and/or the man pages) diff --git a/docs/src/man1/cdist.rst b/docs/src/man1/cdist.rst index 68a9a4ee..9bf8fc9b 100644 --- a/docs/src/man1/cdist.rst +++ b/docs/src/man1/cdist.rst @@ -95,7 +95,7 @@ cdist is the frontend executable to the cdist configuration management. It supports different subcommands as explained below. It is written in Python so it requires :strong:`python`\ (1) to be installed. -It requires a minimal Python version 3.2. +It requires a minimal Python version 3.5. GENERAL ------- diff --git a/scripts/cdist b/scripts/cdist index 7bf12c01..664504a0 100755 --- a/scripts/cdist +++ b/scripts/cdist @@ -60,7 +60,7 @@ def commandline(): if __name__ == "__main__": - cdistpythonversion = '3.2' + cdistpythonversion = '3.5' if sys.version < cdistpythonversion: print('Python >= {} is required on the source host.'.format( cdistpythonversion), file=sys.stderr) From eba3d0505bba4ee0472df3452142cc63c8fe2f5c Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Fri, 12 Jun 2020 06:29:39 +0200 Subject: [PATCH 158/176] ++changelog --- docs/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/changelog b/docs/changelog index bcde9268..0cc2a714 100644 --- a/docs/changelog +++ b/docs/changelog @@ -9,6 +9,7 @@ next: * Documentation: Fix trivial grammatical mistakes (Jaak Ristioja) * Explorer os: Fix for sles15 (Daniel Heule) * Type __clean_path: Add --path parameter (Ander Punnar) + * Core: Increase minimal supported Python version to 3.5 (Darko Poljak) 6.5.6: 2020-05-25 * Type __pyvenv: Switch to python3 -m venv for Ubuntu (Nico Schottelius) From 6e9e9ad557479354938257f04c8fab283b8251e8 Mon Sep 17 00:00:00 2001 From: Steven Armstrong Date: Tue, 12 Nov 2019 00:40:58 +0100 Subject: [PATCH 159/176] implement log server to capture nested logging output Signed-off-by: Steven Armstrong --- cdist/core/code.py | 4 +++ cdist/install.py | 23 +++++++++++++- cdist/log.py | 77 ++++++++++++++++++++++++++++++++++++++-------- 3 files changed, 90 insertions(+), 14 deletions(-) diff --git a/cdist/core/code.py b/cdist/core/code.py index 1550880a..a7d9b7ca 100644 --- a/cdist/core/code.py +++ b/cdist/core/code.py @@ -116,6 +116,10 @@ class Code(object): if dry_run: self.env['__cdist_dry_run'] = '1' + if '__cdist_log_server_socket_to_export' in os.environ: + self.env['__cdist_log_server_socket'] = os.environ['__cdist_log_server_socket_to_export'] + + def _run_gencode(self, cdist_object, which): cdist_type = cdist_object.cdist_type script = os.path.join(self.local.type_path, diff --git a/cdist/install.py b/cdist/install.py index b88ad016..3f94ca68 100644 --- a/cdist/install.py +++ b/cdist/install.py @@ -1,7 +1,7 @@ #!/usr/bin/env python3 # -*- coding: utf-8 -*- # -# 2013 Steven Armstrong (steven-cdist at armstrong.cc) +# 2013-2019 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # @@ -20,11 +20,32 @@ # # +import os +import logging +import tempfile + import cdist.config import cdist.core class Install(cdist.config.Config): + + @classmethod + def onehost(cls, host, host_tags, host_base_path, host_dir_name, args, + parallel, configuration, remove_remote_files_dirs=False): + # Start a log server so nested `cdist config` runs have a place to + # send their logs to. + log_server_socket_dir = tempfile.mkdtemp() + log_server_socket = os.path.join(log_server_socket_dir, 'log-server') + cls._register_path_for_removal(log_server_socket_dir) + log = logging.getLogger(host) + log.debug('Starting logging server on: %s', log_server_socket) + os.environ['__cdist_log_server_socket_to_export'] = log_server_socket + cdist.log.setupLogServer(log_server_socket) + + super().onehost(host, host_tags, host_base_path, host_dir_name, args, + parallel, configuration, remove_remote_files_dirs=False) + def object_list(self): """Short name for object list retrieval. In install mode, we only care about install objects. diff --git a/cdist/log.py b/cdist/log.py index 790059df..94dd11e8 100644 --- a/cdist/log.py +++ b/cdist/log.py @@ -2,6 +2,7 @@ # -*- coding: utf-8 -*- # # 2010-2013 Nico Schottelius (nico-cdist at schottelius.org) +# 2019-2020 Steven Armstrong # # This file is part of cdist. # @@ -20,9 +21,17 @@ # # -import logging -import sys +import asyncio +import contextlib import datetime +import logging +import logging.handlers +import os +import pickle +import struct +import sys +import threading +import time # Define additional cdist logging levels. @@ -89,20 +98,25 @@ class DefaultLog(logging.Logger): super().__init__(name) self.propagate = False - formatter = CdistFormatter(self.FORMAT) + if '__cdist_log_server_socket' in os.environ: + log_server_socket = os.environ['__cdist_log_server_socket'] + socket_handler = logging.handlers.SocketHandler(log_server_socket, None) + self.addHandler(socket_handler) + else: + formatter = CdistFormatter(self.FORMAT) - stdout_handler = logging.StreamHandler(sys.stdout) - stdout_handler.addFilter(self.StdoutFilter()) - stdout_handler.setLevel(logging.TRACE) - stdout_handler.setFormatter(formatter) + stdout_handler = logging.StreamHandler(sys.stdout) + stdout_handler.addFilter(self.StdoutFilter()) + stdout_handler.setLevel(logging.TRACE) + stdout_handler.setFormatter(formatter) - stderr_handler = logging.StreamHandler(sys.stderr) - stderr_handler.addFilter(self.StderrFilter()) - stderr_handler.setLevel(logging.ERROR) - stderr_handler.setFormatter(formatter) + stderr_handler = logging.StreamHandler(sys.stderr) + stderr_handler.addFilter(self.StderrFilter()) + stderr_handler.setLevel(logging.ERROR) + stderr_handler.setFormatter(formatter) - self.addHandler(stdout_handler) - self.addHandler(stderr_handler) + self.addHandler(stdout_handler) + self.addHandler(stderr_handler) def verbose(self, msg, *args, **kwargs): self.log(logging.VERBOSE, msg, *args, **kwargs) @@ -152,4 +166,41 @@ def setupParallelLogging(): logging.setLoggerClass(ParallelLog) +async def handle_log_client(reader, writer): + while True: + chunk = await reader.read(4) + if len(chunk) < 4: + return + + data_size = struct.unpack('>L', chunk)[0] + data = bytearray(data_size) + view = memoryview(data) + data_pending = data_size + data = await reader.read(data_size) + + obj = pickle.loads(data) + record = logging.makeLogRecord(obj) + logger = logging.getLogger(record.name) + logger.handle(record) + + +def run_log_server(server_address): + # Get a new loop inside the current thread to run the log server. + loop = asyncio.new_event_loop() + loop.create_task(asyncio.start_unix_server(handle_log_client, server_address)) + loop.run_forever() + + +def setupLogServer(log_server_socket): + """Run a asyncio based unix socket log server in a background thread. + """ + with contextlib.suppress(FileNotFoundError): + os.remove(log_server_socket) + t = threading.Thread(target=run_log_server, args=(log_server_socket,)) + # Deamonizing the thread means we don't have to care about stoping it. + # It will die together with the main process. + t.daemon = True + t.start() + + setupDefaultLogging() From 831bfc822b61a5e5cf8186a32ea592622693efdb Mon Sep 17 00:00:00 2001 From: Steven Armstrong Date: Tue, 12 Nov 2019 09:22:28 +0100 Subject: [PATCH 160/176] remove unused code Signed-off-by: Steven Armstrong --- cdist/log.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/cdist/log.py b/cdist/log.py index 94dd11e8..c1376a58 100644 --- a/cdist/log.py +++ b/cdist/log.py @@ -173,9 +173,6 @@ async def handle_log_client(reader, writer): return data_size = struct.unpack('>L', chunk)[0] - data = bytearray(data_size) - view = memoryview(data) - data_pending = data_size data = await reader.read(data_size) obj = pickle.loads(data) From 57e352cd1e7b400ca1daf7e1e680874bd9a6cc01 Mon Sep 17 00:00:00 2001 From: Steven Armstrong Date: Sat, 11 Jan 2020 01:59:18 +0100 Subject: [PATCH 161/176] log server is also usefull for cdist config Signed-off-by: Steven Armstrong --- cdist/argparse.py | 6 ++++++ cdist/config.py | 10 ++++++++++ cdist/install.py | 13 +++---------- 3 files changed, 19 insertions(+), 10 deletions(-) diff --git a/cdist/argparse.py b/cdist/argparse.py index 1c83237c..15b9ca7a 100644 --- a/cdist/argparse.py +++ b/cdist/argparse.py @@ -250,6 +250,12 @@ def get_parsers(): '-S', '--disable-saving-output-streams', help='Disable saving output streams.', action='store_false', dest='save_output_streams', default=True) + parser['config_main'].add_argument( + '--log-server', + action='store_true', + help=('Start a log server for sub processes to use.' + 'This is mainly usefull when running cdist nested' + 'from a code-local script.')) # Config parser['config_args'] = argparse.ArgumentParser(add_help=False) diff --git a/cdist/config.py b/cdist/config.py index b2d72f05..82e8559b 100644 --- a/cdist/config.py +++ b/cdist/config.py @@ -385,6 +385,16 @@ class Config(object): log = logging.getLogger(host) + if args.log_server: + # Start a log server so that nested `cdist config` runs have a place + # to send their logs to. + log_server_socket_dir = tempfile.mkdtemp() + log_server_socket = os.path.join(log_server_socket_dir, 'log-server') + cls._register_path_for_removal(log_server_socket_dir) + log.debug('Starting logging server on: %s', log_server_socket) + os.environ['__cdist_log_server_socket_to_export'] = log_server_socket + cdist.log.setupLogServer(log_server_socket) + try: remote_exec, remote_copy, cleanup_cmd = cls._resolve_remote_cmds( args) diff --git a/cdist/install.py b/cdist/install.py index 3f94ca68..ec0a7270 100644 --- a/cdist/install.py +++ b/cdist/install.py @@ -33,16 +33,9 @@ class Install(cdist.config.Config): @classmethod def onehost(cls, host, host_tags, host_base_path, host_dir_name, args, parallel, configuration, remove_remote_files_dirs=False): - # Start a log server so nested `cdist config` runs have a place to - # send their logs to. - log_server_socket_dir = tempfile.mkdtemp() - log_server_socket = os.path.join(log_server_socket_dir, 'log-server') - cls._register_path_for_removal(log_server_socket_dir) - log = logging.getLogger(host) - log.debug('Starting logging server on: %s', log_server_socket) - os.environ['__cdist_log_server_socket_to_export'] = log_server_socket - cdist.log.setupLogServer(log_server_socket) - + # Always start log server during cdist install so that nested + # `cdist config` runs have a place to send their logs to. + args.log_server = True super().onehost(host, host_tags, host_base_path, host_dir_name, args, parallel, configuration, remove_remote_files_dirs=False) From 59b98091d78c5195d2aa4a2ea3ef79f93e5ba67c Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Tue, 9 Jun 2020 12:47:50 +0200 Subject: [PATCH 162/176] Adapt; update docs and code style --- cdist/__init__.py | 4 ++++ cdist/argparse.py | 13 +++++++------ cdist/config.py | 27 ++++++++++++--------------- cdist/core/code.py | 6 +++--- cdist/install.py | 8 +++----- cdist/log.py | 18 +++++++++++------- docs/src/man1/cdist.rst | 26 ++++++++++++++++---------- scripts/cdist | 5 ++--- 8 files changed, 58 insertions(+), 49 deletions(-) diff --git a/cdist/__init__.py b/cdist/__init__.py index c673b3ba..be573170 100644 --- a/cdist/__init__.py +++ b/cdist/__init__.py @@ -26,6 +26,7 @@ import hashlib import cdist.log import cdist.version + VERSION = cdist.version.VERSION BANNER = """ @@ -48,6 +49,9 @@ REMOTE_EXEC = "ssh -o User=root" REMOTE_CMDS_CLEANUP_PATTERN = "ssh -o User=root -O exit -S {}" +MIN_SUPPORTED_PYTHON_VERSION = '3.5' + + class Error(Exception): """Base exception class for this project""" pass diff --git a/cdist/argparse.py b/cdist/argparse.py index 15b9ca7a..77303591 100644 --- a/cdist/argparse.py +++ b/cdist/argparse.py @@ -206,6 +206,13 @@ def get_parsers(): 'supported. Without argument CPU count is used by default. '), action='store', dest='jobs', const=multiprocessing.cpu_count()) + parser['config_main'].add_argument( + '--log-server', + action='store_true', + help=('Start a log server for sub processes to use. ' + 'This is mainly useful when running cdist nested ' + 'from a code-local script. Log server is alwasy ' + 'implicitly started for \'install\' command.')) parser['config_main'].add_argument( '-n', '--dry-run', help='Do not execute code.', action='store_true') @@ -250,12 +257,6 @@ def get_parsers(): '-S', '--disable-saving-output-streams', help='Disable saving output streams.', action='store_false', dest='save_output_streams', default=True) - parser['config_main'].add_argument( - '--log-server', - action='store_true', - help=('Start a log server for sub processes to use.' - 'This is mainly usefull when running cdist nested' - 'from a code-local script.')) # Config parser['config_args'] = argparse.ArgumentParser(add_help=False) diff --git a/cdist/config.py b/cdist/config.py index 82e8559b..9fe9b676 100644 --- a/cdist/config.py +++ b/cdist/config.py @@ -29,18 +29,20 @@ import time import itertools import tempfile import multiprocessing -from cdist.mputil import mp_pool_run, mp_sig_handler import atexit import shutil import socket + +from cdist.mputil import mp_pool_run, mp_sig_handler +from cdist import core, inventory +from cdist.util.remoteutil import inspect_ssh_mux_opts + import cdist import cdist.hostsource import cdist.exec.local import cdist.exec.remote import cdist.util.ipaddr as ipaddr import cdist.configuration -from cdist import core, inventory -from cdist.util.remoteutil import inspect_ssh_mux_opts def graph_check_cycle(graph): @@ -195,7 +197,6 @@ class Config(object): @classmethod def commandline(cls, args): """Configure remote system""" - if (args.parallel and args.parallel != 1) or args.jobs: if args.timestamp: cdist.log.setupTimestampingParallelLogging() @@ -382,20 +383,16 @@ class Config(object): If operating in parallel then return tuple (host, True|False, ) so that main process knows for which host function was successful. """ - log = logging.getLogger(host) - if args.log_server: - # Start a log server so that nested `cdist config` runs have a place - # to send their logs to. - log_server_socket_dir = tempfile.mkdtemp() - log_server_socket = os.path.join(log_server_socket_dir, 'log-server') - cls._register_path_for_removal(log_server_socket_dir) - log.debug('Starting logging server on: %s', log_server_socket) - os.environ['__cdist_log_server_socket_to_export'] = log_server_socket - cdist.log.setupLogServer(log_server_socket) - try: + if args.log_server: + # Start a log server so that nested `cdist config` runs + # have a place to send their logs to. + log_server_socket_dir = tempfile.mkdtemp() + cls._register_path_for_removal(log_server_socket_dir) + cdist.log.setupLogServer(log_server_socket_dir, log) + remote_exec, remote_copy, cleanup_cmd = cls._resolve_remote_cmds( args) log.debug("remote_exec for host \"{}\": {}".format( diff --git a/cdist/core/code.py b/cdist/core/code.py index a7d9b7ca..2a30908e 100644 --- a/cdist/core/code.py +++ b/cdist/core/code.py @@ -116,9 +116,9 @@ class Code(object): if dry_run: self.env['__cdist_dry_run'] = '1' - if '__cdist_log_server_socket_to_export' in os.environ: - self.env['__cdist_log_server_socket'] = os.environ['__cdist_log_server_socket_to_export'] - + if '__cdist_log_server_socket_export' in os.environ: + self.env['__cdist_log_server_socket'] = os.environ[ + '__cdist_log_server_socket_export'] def _run_gencode(self, cdist_object, which): cdist_type = cdist_object.cdist_type diff --git a/cdist/install.py b/cdist/install.py index ec0a7270..561b2fa6 100644 --- a/cdist/install.py +++ b/cdist/install.py @@ -20,12 +20,9 @@ # # -import os -import logging -import tempfile - import cdist.config import cdist.core +import cdist.log class Install(cdist.config.Config): @@ -36,8 +33,9 @@ class Install(cdist.config.Config): # Always start log server during cdist install so that nested # `cdist config` runs have a place to send their logs to. args.log_server = True + super().onehost(host, host_tags, host_base_path, host_dir_name, args, - parallel, configuration, remove_remote_files_dirs=False) + parallel, configuration, remove_remote_files_dirs) def object_list(self): """Short name for object list retrieval. diff --git a/cdist/log.py b/cdist/log.py index c1376a58..bee99fac 100644 --- a/cdist/log.py +++ b/cdist/log.py @@ -21,17 +21,16 @@ # # -import asyncio -import contextlib import datetime import logging import logging.handlers +import sys import os +import asyncio +import contextlib import pickle import struct -import sys import threading -import time # Define additional cdist logging levels. @@ -100,7 +99,8 @@ class DefaultLog(logging.Logger): if '__cdist_log_server_socket' in os.environ: log_server_socket = os.environ['__cdist_log_server_socket'] - socket_handler = logging.handlers.SocketHandler(log_server_socket, None) + socket_handler = logging.handlers.SocketHandler(log_server_socket, + None) self.addHandler(socket_handler) else: formatter = CdistFormatter(self.FORMAT) @@ -184,13 +184,17 @@ async def handle_log_client(reader, writer): def run_log_server(server_address): # Get a new loop inside the current thread to run the log server. loop = asyncio.new_event_loop() - loop.create_task(asyncio.start_unix_server(handle_log_client, server_address)) + loop.create_task(asyncio.start_unix_server(handle_log_client, + server_address)) loop.run_forever() -def setupLogServer(log_server_socket): +def setupLogServer(socket_dir, log=logging.getLogger(__name__)): """Run a asyncio based unix socket log server in a background thread. """ + log_server_socket = os.path.join(socket_dir, 'log-server') + log.debug('Starting logging server on: %s', log_server_socket) + os.environ['__cdist_log_server_socket_export'] = log_server_socket with contextlib.suppress(FileNotFoundError): os.remove(log_server_socket) t = threading.Thread(target=run_log_server, args=(log_server_socket,)) diff --git a/docs/src/man1/cdist.rst b/docs/src/man1/cdist.rst index 9bf8fc9b..aa2607f8 100644 --- a/docs/src/man1/cdist.rst +++ b/docs/src/man1/cdist.rst @@ -17,20 +17,20 @@ SYNOPSIS cdist config [-h] [-l LOGLEVEL] [-q] [-v] [-b] [--colors WHEN] [-g CONFIG_FILE] [-4] [-6] [-C CACHE_PATH_PATTERN] - [-c CONF_DIR] [-i MANIFEST] [-j [JOBS]] [-n] [-o OUT_PATH] [-P] - [-R [{tar,tgz,tbz2,txz}]] [-r REMOTE_OUT_PATH] - [--remote-copy REMOTE_COPY] [--remote-exec REMOTE_EXEC] - [-S] [-I INVENTORY_DIR] [-A] [-a] [-f HOSTFILE] - [-p [HOST_MAX]] [-s] [-t] + [-c CONF_DIR] [-i MANIFEST] [-j [JOBS]] [--log-server] + [-n] [-o OUT_PATH] [-P] [-R [{tar,tgz,tbz2,txz}]] + [-r REMOTE_OUT_PATH] [--remote-copy REMOTE_COPY] + [--remote-exec REMOTE_EXEC] [-S] [-I INVENTORY_DIR] [-A] + [-a] [-f HOSTFILE] [-p [HOST_MAX]] [-s] [-t] [host [host ...]] cdist install [-h] [-l LOGLEVEL] [-q] [-v] [-b] [--colors WHEN] [-g CONFIG_FILE] [-4] [-6] [-C CACHE_PATH_PATTERN] - [-c CONF_DIR] [-i MANIFEST] [-j [JOBS]] [-n] [-o OUT_PATH] - [-P] [-R [{tar,tgz,tbz2,txz}]] [-r REMOTE_OUT_PATH] - [--remote-copy REMOTE_COPY] [--remote-exec REMOTE_EXEC] - [-S] [-I INVENTORY_DIR] [-A] [-a] [-f HOSTFILE] - [-p [HOST_MAX]] [-s] [-t] + [-c CONF_DIR] [-i MANIFEST] [-j [JOBS]] [--log-server] + [-n] [-o OUT_PATH] [-P] [-R [{tar,tgz,tbz2,txz}]] + [-r REMOTE_OUT_PATH] [--remote-copy REMOTE_COPY] + [--remote-exec REMOTE_EXEC] [-S] [-I INVENTORY_DIR] [-A] + [-a] [-f HOSTFILE] [-p [HOST_MAX]] [-s] [-t] [host [host ...]] cdist inventory [-h] {add-host,add-tag,del-host,del-tag,list} ... @@ -202,6 +202,12 @@ Install command is currently in beta. are supported. Without argument CPU count is used by default. +**--log-server** + Start a log server for sub processes to use. This is + mainly useful when running cdist nested from a code- + local script. Log server is always implicitly started + for 'install' command. + **-n, --dry-run** Do not execute code. diff --git a/scripts/cdist b/scripts/cdist index 664504a0..b1d782ab 100755 --- a/scripts/cdist +++ b/scripts/cdist @@ -60,10 +60,9 @@ def commandline(): if __name__ == "__main__": - cdistpythonversion = '3.5' - if sys.version < cdistpythonversion: + if sys.version < cdist.MIN_SUPPORTED_PYTHON_VERSION: print('Python >= {} is required on the source host.'.format( - cdistpythonversion), file=sys.stderr) + cdist.MIN_SUPPORTED_PYTHON_VERSIO), file=sys.stderr) sys.exit(1) exit_code = 0 From 5be8437a602907009d7603fa41ae0a4e6528ffdf Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Sat, 13 Jun 2020 13:48:34 +0200 Subject: [PATCH 163/176] ++changelog --- docs/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/changelog b/docs/changelog index 0cc2a714..fa5f7405 100644 --- a/docs/changelog +++ b/docs/changelog @@ -10,6 +10,7 @@ next: * Explorer os: Fix for sles15 (Daniel Heule) * Type __clean_path: Add --path parameter (Ander Punnar) * Core: Increase minimal supported Python version to 3.5 (Darko Poljak) + * Core: Add log server for nested logging (Steven Armstrong) 6.5.6: 2020-05-25 * Type __pyvenv: Switch to python3 -m venv for Ubuntu (Nico Schottelius) From 201050a9e5144d0f7da2a8019e5822fedaa1d1b1 Mon Sep 17 00:00:00 2001 From: Ander Punnar Date: Sun, 14 Jun 2020 11:07:18 +0300 Subject: [PATCH 164/176] new type: __download --- cdist/conf/type/__download/explorer/state | 20 ++++++ cdist/conf/type/__download/gencode-local | 35 ++++++++++ cdist/conf/type/__download/man.rst | 66 +++++++++++++++++++ .../type/__download/parameter/default/cmd-get | 1 + .../type/__download/parameter/default/cmd-sum | 1 + cdist/conf/type/__download/parameter/optional | 2 + cdist/conf/type/__download/parameter/required | 2 + 7 files changed, 127 insertions(+) create mode 100755 cdist/conf/type/__download/explorer/state create mode 100755 cdist/conf/type/__download/gencode-local create mode 100644 cdist/conf/type/__download/man.rst create mode 100644 cdist/conf/type/__download/parameter/default/cmd-get create mode 100644 cdist/conf/type/__download/parameter/default/cmd-sum create mode 100644 cdist/conf/type/__download/parameter/optional create mode 100644 cdist/conf/type/__download/parameter/required diff --git a/cdist/conf/type/__download/explorer/state b/cdist/conf/type/__download/explorer/state new file mode 100755 index 00000000..6a50f5a5 --- /dev/null +++ b/cdist/conf/type/__download/explorer/state @@ -0,0 +1,20 @@ +#!/bin/sh -e + +dst="/$__object_id" + +# shellcheck disable=SC2059 +cmd="$( printf "$( cat "$__object/parameter/cmd-sum" )" "$dst" )" + +sum="$( cat "$__object/parameter/sum" )" + +if [ -f "$dst" ] +then + if [ "$( eval "$cmd" )" = "$sum" ] + then + echo 'present' + else + echo 'mismatch' + fi +else + echo 'absent' +fi diff --git a/cdist/conf/type/__download/gencode-local b/cdist/conf/type/__download/gencode-local new file mode 100755 index 00000000..49e9c699 --- /dev/null +++ b/cdist/conf/type/__download/gencode-local @@ -0,0 +1,35 @@ +#!/bin/sh -e + +state_is="$( cat "$__object/explorer/state" )" + +if [ "$state_is" = 'present' ] +then + exit 0 +fi + +url="$( cat "$__object/parameter/url" )" + +cmd="$( cat "$__object/parameter/cmd-get" )" + +tmp="$( mktemp )" + +dst="/$__object_id" + +printf "$cmd > %s\n" \ + "$url" \ + "$tmp" + +if echo "$__target_host" | grep -Eq '^[0-9a-fA-F:]+$' +then + target_host="[$__target_host]" +else + target_host="$__target_host" +fi + +printf '%s %s %s:%s\n' \ + "$__remote_copy" \ + "$tmp" \ + "$target_host" \ + "$dst" + +echo "rm -f '$tmp'" diff --git a/cdist/conf/type/__download/man.rst b/cdist/conf/type/__download/man.rst new file mode 100644 index 00000000..c973448f --- /dev/null +++ b/cdist/conf/type/__download/man.rst @@ -0,0 +1,66 @@ +cdist-type__download(7) +======================= + +NAME +---- +cdist-type__download - Download file to local storage and copy it to target host + + +DESCRIPTION +----------- +You must use persistent storage in target host for destination file +(``$__object_id``) because it will be used for checksum calculation +in order to decide if file must be downloaded. + + +REQUIRED PARAMETERS +------------------- +url + URL from which to download the file. + +sum + Checksum of downloaded file. + + +OPTIONAL PARAMETERS +------------------- +cmd-get + Command used for downloading. + Default is ``wget -O- '%s'``. + Command must output to ``stdout``. + +cmd-sum + Command used for checksum calculation. + Default is ``md5sum '%s' | awk '{print $1}'``. + Command output and ``--sum`` parameter must match. + + +EXAMPLES +-------- + +.. code-block:: sh + + __directory /opt/cpma + + require='__directory/opt/cpma' \ + __download /opt/cpma/cnq3.zip \ + --url https://cdn.playmorepromode.com/files/cnq3/cnq3-1.51.zip \ + --sum 46da3021ca9eace277115ec9106c5b46 + + require='__download/opt/cpma/cnq3.zip' \ + __unpack /opt/cpma/cnq3.zip \ + --move-existing-destination \ + --destination /opt/cpma/server + + +AUTHORS +------- +Ander Punnar + + +COPYING +------- +Copyright \(C) 2020 Ander Punnar. You can redistribute it +and/or modify it under the terms of the GNU General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. diff --git a/cdist/conf/type/__download/parameter/default/cmd-get b/cdist/conf/type/__download/parameter/default/cmd-get new file mode 100644 index 00000000..2daa38a1 --- /dev/null +++ b/cdist/conf/type/__download/parameter/default/cmd-get @@ -0,0 +1 @@ +wget -O- '%s' diff --git a/cdist/conf/type/__download/parameter/default/cmd-sum b/cdist/conf/type/__download/parameter/default/cmd-sum new file mode 100644 index 00000000..3e8a9295 --- /dev/null +++ b/cdist/conf/type/__download/parameter/default/cmd-sum @@ -0,0 +1 @@ +md5sum '%s' | awk '{print $1}' diff --git a/cdist/conf/type/__download/parameter/optional b/cdist/conf/type/__download/parameter/optional new file mode 100644 index 00000000..22783e02 --- /dev/null +++ b/cdist/conf/type/__download/parameter/optional @@ -0,0 +1,2 @@ +cmd-get +cmd-sum diff --git a/cdist/conf/type/__download/parameter/required b/cdist/conf/type/__download/parameter/required new file mode 100644 index 00000000..6ea4c38f --- /dev/null +++ b/cdist/conf/type/__download/parameter/required @@ -0,0 +1,2 @@ +url +sum From cdb998398d25f1ba99f01364bbc42b900be944d5 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Wed, 17 Jun 2020 12:10:58 +0200 Subject: [PATCH 165/176] Release 6.6.0 --- docs/changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/changelog b/docs/changelog index fa5f7405..c8388b93 100644 --- a/docs/changelog +++ b/docs/changelog @@ -1,7 +1,7 @@ Changelog --------- -next: +6.6.0: 2020-06-17 * Type __ssh_authorized_keys: Add option for removing undefined keys (Ander Punnar) * Core: Support colored log output (Evil Ham) * Core: Tune colored log output and respect NO_COLOR env var (Dennis Camera) From a6543a72ade5a3b64cab1b0164d5df0b4388e88f Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Wed, 17 Jun 2020 13:40:31 +0200 Subject: [PATCH 166/176] ++changelog --- docs/changelog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/changelog b/docs/changelog index c8388b93..a0de09fa 100644 --- a/docs/changelog +++ b/docs/changelog @@ -1,6 +1,9 @@ Changelog --------- +next: + * New type: __download (Ander Punnar) + 6.6.0: 2020-06-17 * Type __ssh_authorized_keys: Add option for removing undefined keys (Ander Punnar) * Core: Support colored log output (Evil Ham) From 97e48be39e80ffe50946606b912ca28d3612cc61 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Sat, 20 Jun 2020 21:11:28 +0200 Subject: [PATCH 167/176] [type/__package_opkg] Fix explorer running in parallel --- .../type/__package_opkg/explorer/pkg_status | 57 ++++++++++++++----- 1 file changed, 44 insertions(+), 13 deletions(-) diff --git a/cdist/conf/type/__package_opkg/explorer/pkg_status b/cdist/conf/type/__package_opkg/explorer/pkg_status index 5da4f742..1ba88e81 100755 --- a/cdist/conf/type/__package_opkg/explorer/pkg_status +++ b/cdist/conf/type/__package_opkg/explorer/pkg_status @@ -1,7 +1,8 @@ -#!/bin/sh +#!/bin/sh -e # # 2011 Nico Schottelius (nico-cdist at schottelius.org) # 2012 Giel van Schijndel (giel plus cdist at mortis dot eu) +# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # @@ -19,21 +20,51 @@ # along with cdist. If not, see . # # -# Retrieve the status of a package - parsed opkg output +# Retrieve the status of a package - parses opkg output # -if [ -f "$__object/parameter/name" ]; then - name="$(cat "$__object/parameter/name")" +LOCKFILE="${__type_explorer}/cdist_opkg.lock" +_lock() ( + set -o noclobber + until echo $$>"${LOCKFILE}" + do + while test -f "${LOCKFILE}"; do sleep 1; done + done + +) 2>/dev/null +_unlock() { + if test -s "${LOCKFILE}" && test "$(cat "${LOCKFILE}")" = $$ + then + rm "${LOCKFILE}" + fi +} + + +if test -f "${__object}/parameter/name" +then + pkg_name=$(cat "${__object}/parameter/name") else - name="$__object_id" + pkg_name=$__object_id fi -# Except dpkg failing, if package is not known / installed -if opkg status "$name" 2>/dev/null | grep -q "^Status: install user installed$"; then - echo "present" - exit 0 -elif [ "$(opkg info "$name" 2> /dev/null | wc -l)" -eq 0 ]; then - echo "absent notpresent" - exit 0 + +# NOTE: We need to lock parallel execution of this explorer because opkg will +# try to acquire the OPKG lock (usually /var/lock/opkg.lock) using lockf(2) for +# every operation. It will not wait for the lock but terminate with an error. +# This leads to incorrect 'absent notpresent' statuses when parallel execution +# is enabled. +trap _unlock EXIT +_lock + + +# Except opkg failing, if package is not known / installed +if opkg status "${pkg_name}" 2>/dev/null \ + | grep -q -e '^Status: [^ ][^ ]* [^ ][^ ]* installed$' +then + echo 'present' +elif opkg info "${pkg_name}" 2>/dev/null | grep -q . +then + echo 'absent notpresent' +else + echo 'absent' fi -echo "absent" From e79b26a61f790108b90c3625d554f6df4086d616 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Sun, 21 Jun 2020 13:15:38 +0200 Subject: [PATCH 168/176] [type/__package_opkg] Also lock execution of code-remote --- .../type/__package_opkg/explorer/pkg_status | 11 ++- cdist/conf/type/__package_opkg/gencode-remote | 94 +++++++++++++------ 2 files changed, 73 insertions(+), 32 deletions(-) diff --git a/cdist/conf/type/__package_opkg/explorer/pkg_status b/cdist/conf/type/__package_opkg/explorer/pkg_status index 1ba88e81..f5a6f098 100755 --- a/cdist/conf/type/__package_opkg/explorer/pkg_status +++ b/cdist/conf/type/__package_opkg/explorer/pkg_status @@ -23,7 +23,9 @@ # Retrieve the status of a package - parses opkg output # -LOCKFILE="${__type_explorer}/cdist_opkg.lock" +__type_path=${__object%%${__object_id}*} + +LOCKFILE="${__type_path}/cdist_opkg.lock" _lock() ( set -o noclobber until echo $$>"${LOCKFILE}" @@ -48,9 +50,10 @@ else fi -# NOTE: We need to lock parallel execution of this explorer because opkg will -# try to acquire the OPKG lock (usually /var/lock/opkg.lock) using lockf(2) for -# every operation. It will not wait for the lock but terminate with an error. +# NOTE: We need to lock parallel execution of type explorers and code-remote +# because opkg will try to acquire the OPKG lock (usually /var/lock/opkg.lock) +# using lockf(2) for every operation. +# It will not wait for the lock but terminate with an error. # This leads to incorrect 'absent notpresent' statuses when parallel execution # is enabled. trap _unlock EXIT diff --git a/cdist/conf/type/__package_opkg/gencode-remote b/cdist/conf/type/__package_opkg/gencode-remote index 269d5f49..ad90dc24 100755 --- a/cdist/conf/type/__package_opkg/gencode-remote +++ b/cdist/conf/type/__package_opkg/gencode-remote @@ -2,6 +2,7 @@ # # 2011,2013 Nico Schottelius (nico-cdist at schottelius.org) # 2012 Giel van Schijndel (giel plus cdist at mortis dot eu) +# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # @@ -19,41 +20,78 @@ # along with cdist. If not, see . # # -# Manage packages on OpenWRT and co. +# Manage packages on OpenWrt, optware, and co. # -if [ -f "$__object/parameter/name" ]; then - name="$(cat "$__object/parameter/name")" +if test -f "${__object}/parameter/name" +then + name=$(cat "${__object}/parameter/name") else - name="$__object_id" + name=$__object_id fi -state_should="$(cat "$__object/parameter/state")" +state_should=$(cat "${__object}/parameter/state") +state_is=$(cat "${__object}/explorer/pkg_status") -state_is="$(cat "$__object/explorer/pkg_status")" -case "$state_is" in - absent*) - present="$(echo "$state_is" | cut -d ' ' -f 2)" - state_is="absent" - ;; +case $state_is +in + (absent*) + presence=$(echo "${state_is}" | cut -d ' ' -f 2) + state_is='absent' + ;; esac -[ "$state_is" = "$state_should" ] && exit 0 +if test "${state_is}" = "${state_should}" +then + exit 0 +fi -case "$state_should" in - present) - if [ "$present" = "notpresent" ]; then - echo "opkg --verbosity=0 update" - fi - echo "opkg --verbosity=0 install '$name'" - echo "installed" >> "$__messages_out" - ;; - absent) - echo "opkg --verbosity=0 remove '$name'" - echo "removed" >> "$__messages_out" - ;; - *) - echo "Unknown state: ${state_should}" >&2 - exit 1 - ;; +cat <<'EOF' +__type_path=${__object%%${__object_id}*} + +LOCKFILE="${__type_path}/cdist_opkg.lock" +_lock() ( + set -o noclobber + until echo $$>"${LOCKFILE}" + do + while test -f "${LOCKFILE}"; do sleep 1; done + done + +) 2>/dev/null +_unlock() { + if test -s "${LOCKFILE}" && test "$(cat "${LOCKFILE}")" = $$ + then + rm "${LOCKFILE}" + fi +} +EOF + +# NOTE: We need to lock parallel execution of code-remote to ensure that it is +# not executed concurrently with a type explorer. +# opkg will try to acquire the OPKG lock (usually /var/lock/opkg.lock) using +# lockf(2) for every operation. +# It will not wait for the lock but terminate with an error leading to an +# incorrect outcome. +echo 'trap _unlock EXIT' +echo '_lock' + +case $state_should +in + (present) + if test "${presence}" = 'notpresent' + then + echo 'opkg --verbosity=0 update' + fi + + printf "opkg --verbosity=0 install '%s'\n" "${name}" + echo 'installed' >>"${__messages_out}" + ;; + (absent) + printf "opkg --verbosity=0 remove '%s'" "${name}" + echo 'removed' >>"${__messages_out}" + ;; + (*) + printf 'Unknown state: %s\n' "${state_should}" >&2 + exit 1 + ;; esac From a6a3fb40bfcbaa5d6506a1ac5ebe2e40376dcb6f Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Sat, 20 Jun 2020 22:22:29 +0200 Subject: [PATCH 169/176] Remove unnecessary Python shebangs --- cdist/config.py | 1 - cdist/info.py | 1 - cdist/install.py | 1 - cdist/integration.py | 1 - cdist/inventory.py | 1 - cdist/log.py | 1 - cdist/preos/debootstrap/debootstrap.py | 1 - 7 files changed, 7 deletions(-) diff --git a/cdist/config.py b/cdist/config.py index b2d72f05..b71536a8 100644 --- a/cdist/config.py +++ b/cdist/config.py @@ -1,4 +1,3 @@ -#!/usr/bin/env python3 # -*- coding: utf-8 -*- # # 2010-2015 Nico Schottelius (nico-cdist at schottelius.org) diff --git a/cdist/info.py b/cdist/info.py index b896a3d1..9e29f5d9 100644 --- a/cdist/info.py +++ b/cdist/info.py @@ -1,4 +1,3 @@ -#!/usr/bin/env python3 # -*- coding: utf-8 -*- # # 2019-2020 Darko Poljak (darko.poljak at gmail.com) diff --git a/cdist/install.py b/cdist/install.py index b88ad016..a9c8119a 100644 --- a/cdist/install.py +++ b/cdist/install.py @@ -1,4 +1,3 @@ -#!/usr/bin/env python3 # -*- coding: utf-8 -*- # # 2013 Steven Armstrong (steven-cdist at armstrong.cc) diff --git a/cdist/integration.py b/cdist/integration.py index ee742cc5..03e4167d 100644 --- a/cdist/integration.py +++ b/cdist/integration.py @@ -1,4 +1,3 @@ -#!/usr/bin/env python3 # -*- coding: utf-8 -*- # # 2017 Darko Poljak (darko.poljak at gmail.com) diff --git a/cdist/inventory.py b/cdist/inventory.py index 138a2034..fb5ab960 100644 --- a/cdist/inventory.py +++ b/cdist/inventory.py @@ -1,4 +1,3 @@ -#!/usr/bin/env python3 # -*- coding: utf-8 -*- # # 2016 Darko Poljak (darko.poljak at gmail.com) diff --git a/cdist/log.py b/cdist/log.py index 19efebdb..c77ba8ec 100644 --- a/cdist/log.py +++ b/cdist/log.py @@ -1,4 +1,3 @@ -#!/usr/bin/env python3 # -*- coding: utf-8 -*- # # 2010-2013 Nico Schottelius (nico-cdist at schottelius.org) diff --git a/cdist/preos/debootstrap/debootstrap.py b/cdist/preos/debootstrap/debootstrap.py index f53dd4a7..d3e590f2 100644 --- a/cdist/preos/debootstrap/debootstrap.py +++ b/cdist/preos/debootstrap/debootstrap.py @@ -1,4 +1,3 @@ -#!/usr/bin/env python3 # -*- coding: utf-8 -*- # # 2016 Darko Poljak (darko.poljak at ungleich.ch) From ce07021580219d130c3968c547d03f451f2dea12 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Sat, 20 Jun 2020 21:16:23 +0200 Subject: [PATCH 170/176] Do not subclass object --- cdist/config.py | 2 +- cdist/core/cdist_object.py | 2 +- cdist/core/cdist_type.py | 2 +- cdist/core/code.py | 2 +- cdist/core/explorer.py | 2 +- cdist/core/manifest.py | 2 +- cdist/emulator.py | 2 +- cdist/exec/local.py | 2 +- cdist/exec/remote.py | 2 +- cdist/hostsource.py | 2 +- cdist/info.py | 3 +-- cdist/inventory.py | 2 +- cdist/message.py | 2 +- cdist/preos.py | 2 +- cdist/preos/debootstrap/debootstrap.py | 2 +- cdist/shell.py | 4 +--- cdist/test/config/__init__.py | 2 +- cdist/util/fsproperty.py | 4 ++-- 18 files changed, 19 insertions(+), 22 deletions(-) diff --git a/cdist/config.py b/cdist/config.py index b2d72f05..982d8b75 100644 --- a/cdist/config.py +++ b/cdist/config.py @@ -70,7 +70,7 @@ def _graph_dfs_cycle(graph, node, path): return False -class Config(object): +class Config: """Cdist main class to hold arbitrary data""" # list of paths (files and/or directories) that will be removed on finish diff --git a/cdist/core/cdist_object.py b/cdist/core/cdist_object.py index 114a47e0..51d61e04 100644 --- a/cdist/core/cdist_object.py +++ b/cdist/core/cdist_object.py @@ -47,7 +47,7 @@ class MissingObjectIdError(cdist.Error): return '%s' % (self.message) -class CdistObject(object): +class CdistObject: """Represents a cdist object. All interaction with objects in cdist should be done through this class. diff --git a/cdist/core/cdist_type.py b/cdist/core/cdist_type.py index 4500f50d..c0329c8a 100644 --- a/cdist/core/cdist_type.py +++ b/cdist/core/cdist_type.py @@ -38,7 +38,7 @@ class InvalidTypeError(cdist.Error): self.type_path, self.type_absolute_path, self.source_path) -class CdistType(object): +class CdistType: """Represents a cdist type. All interaction with types in cdist should be done through this class. diff --git a/cdist/core/code.py b/cdist/core/code.py index 1550880a..226bc63d 100644 --- a/cdist/core/code.py +++ b/cdist/core/code.py @@ -92,7 +92,7 @@ code-remote ''' -class Code(object): +class Code: """Generates and executes cdist code scripts. """ diff --git a/cdist/core/explorer.py b/cdist/core/explorer.py index 353d7681..a3baa959 100644 --- a/cdist/core/explorer.py +++ b/cdist/core/explorer.py @@ -63,7 +63,7 @@ type explorer is: ''' -class Explorer(object): +class Explorer: """Executes cdist explorers. """ diff --git a/cdist/core/manifest.py b/cdist/core/manifest.py index 8b833ff2..2a0b2189 100644 --- a/cdist/core/manifest.py +++ b/cdist/core/manifest.py @@ -92,7 +92,7 @@ class NoInitialManifestError(cdist.Error): return repr(self.message) -class Manifest(object): +class Manifest: """Executes cdist manifests. """ diff --git a/cdist/emulator.py b/cdist/emulator.py index 4eaf2c93..24d239fa 100644 --- a/cdist/emulator.py +++ b/cdist/emulator.py @@ -56,7 +56,7 @@ class DefaultList(list): return cls(initial.split('\n')) -class Emulator(object): +class Emulator: def __init__(self, argv, stdin=sys.stdin.buffer, env=os.environ): self.argv = argv self.stdin = stdin diff --git a/cdist/exec/local.py b/cdist/exec/local.py index ad6c6e36..e0aab190 100644 --- a/cdist/exec/local.py +++ b/cdist/exec/local.py @@ -39,7 +39,7 @@ import cdist.exec.util as util CONF_SUBDIRS_LINKED = ["explorer", "files", "manifest", "type", ] -class Local(object): +class Local: """Execute commands locally. All interaction with the local side should be done through this class. diff --git a/cdist/exec/remote.py b/cdist/exec/remote.py index f72bf3bf..e5af2f34 100644 --- a/cdist/exec/remote.py +++ b/cdist/exec/remote.py @@ -49,7 +49,7 @@ class DecodeError(cdist.Error): return "Cannot decode output of " + " ".join(self.command) -class Remote(object): +class Remote: """Execute commands remotely. All interaction with the remote side should be done through this class. diff --git a/cdist/hostsource.py b/cdist/hostsource.py index a7b8f0b4..5f927b36 100644 --- a/cdist/hostsource.py +++ b/cdist/hostsource.py @@ -41,7 +41,7 @@ def hostfile_process_line(line, strip_func=str.strip): return None -class HostSource(object): +class HostSource: """ Host source object. Source can be a sequence or filename (stdin if \'-\'). diff --git a/cdist/info.py b/cdist/info.py index b896a3d1..a1fad237 100644 --- a/cdist/info.py +++ b/cdist/info.py @@ -29,8 +29,7 @@ import glob import fnmatch -class Info(object): - +class Info: def __init__(self, conf_dirs, args): self.conf_dirs = conf_dirs self.all = args.all diff --git a/cdist/inventory.py b/cdist/inventory.py index 138a2034..c06efff0 100644 --- a/cdist/inventory.py +++ b/cdist/inventory.py @@ -80,7 +80,7 @@ def rstrip_nl(s): return str.rstrip(s, "\n") -class Inventory(object): +class Inventory: """Inventory main class""" def __init__(self, db_basedir=dist_inventory_db, configuration=None): diff --git a/cdist/message.py b/cdist/message.py index 450fc3c3..ffa8c2bb 100644 --- a/cdist/message.py +++ b/cdist/message.py @@ -27,7 +27,7 @@ import tempfile log = logging.getLogger(__name__) -class Message(object): +class Message: """Support messaging between types """ diff --git a/cdist/preos.py b/cdist/preos.py index bf2a8e60..f8a5dd67 100644 --- a/cdist/preos.py +++ b/cdist/preos.py @@ -78,7 +78,7 @@ def get_available_preoses_string(cls): return "Available PreOS-es:\n{}".format("\n".join(preoses)) -class PreOS(object): +class PreOS: preoses = None @classmethod diff --git a/cdist/preos/debootstrap/debootstrap.py b/cdist/preos/debootstrap/debootstrap.py index f53dd4a7..ac01e08b 100644 --- a/cdist/preos/debootstrap/debootstrap.py +++ b/cdist/preos/debootstrap/debootstrap.py @@ -31,7 +31,7 @@ import os import subprocess -class Debian(object): +class Debian: _preos_name = 'debian' _cdist_preos = True diff --git a/cdist/shell.py b/cdist/shell.py index 60b6a9f0..04a68937 100644 --- a/cdist/shell.py +++ b/cdist/shell.py @@ -32,10 +32,8 @@ import cdist.config log = logging.getLogger(__name__) -class Shell(object): - +class Shell: def __init__(self, shell=None): - self.shell = shell self.target_host = ( diff --git a/cdist/test/config/__init__.py b/cdist/test/config/__init__.py index 499593e3..0ed614b1 100644 --- a/cdist/test/config/__init__.py +++ b/cdist/test/config/__init__.py @@ -44,7 +44,7 @@ expected_object_names = sorted([ '__third/moon']) -class CdistObjectErrorContext(object): +class CdistObjectErrorContext: def __init__(self, original_error): self.original_error = original_error diff --git a/cdist/util/fsproperty.py b/cdist/util/fsproperty.py index 5a27c9d7..1d76fd76 100644 --- a/cdist/util/fsproperty.py +++ b/cdist/util/fsproperty.py @@ -177,7 +177,7 @@ class DirectoryDict(collections.MutableMapping): raise cdist.Error(str(e)) -class FileBasedProperty(object): +class FileBasedProperty: attribute_class = None def __init__(self, path): @@ -189,7 +189,7 @@ class FileBasedProperty(object): Usage with a sublcass: - class Foo(object): + class Foo: # note that the actual DirectoryDict is stored as __parameters # on the instance parameters = DirectoryDictProperty( From 6aae58dea77002dea0b57d20cbb01b5e2a1066b5 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Sun, 21 Jun 2020 17:35:28 +0200 Subject: [PATCH 171/176] [type/__package_opkg] Mark lock variables readonly --- cdist/conf/type/__package_opkg/explorer/pkg_status | 4 ++-- cdist/conf/type/__package_opkg/gencode-remote | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cdist/conf/type/__package_opkg/explorer/pkg_status b/cdist/conf/type/__package_opkg/explorer/pkg_status index f5a6f098..9d993055 100755 --- a/cdist/conf/type/__package_opkg/explorer/pkg_status +++ b/cdist/conf/type/__package_opkg/explorer/pkg_status @@ -23,9 +23,9 @@ # Retrieve the status of a package - parses opkg output # -__type_path=${__object%%${__object_id}*} +readonly __type_path=${__object%%${__object_id}*} +readonly LOCKFILE="${__type_path}/cdist_opkg.lock" -LOCKFILE="${__type_path}/cdist_opkg.lock" _lock() ( set -o noclobber until echo $$>"${LOCKFILE}" diff --git a/cdist/conf/type/__package_opkg/gencode-remote b/cdist/conf/type/__package_opkg/gencode-remote index ad90dc24..c7f21751 100755 --- a/cdist/conf/type/__package_opkg/gencode-remote +++ b/cdist/conf/type/__package_opkg/gencode-remote @@ -47,9 +47,9 @@ then fi cat <<'EOF' -__type_path=${__object%%${__object_id}*} +readonly __type_path=${__object%%${__object_id}*} +readonly LOCKFILE="${__type_path}/cdist_opkg.lock" -LOCKFILE="${__type_path}/cdist_opkg.lock" _lock() ( set -o noclobber until echo $$>"${LOCKFILE}" From 3649555f3522ea80f1999ca2cb7f8ddd112cbb33 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Mon, 22 Jun 2020 09:31:59 +0200 Subject: [PATCH 172/176] [type/__package_opkg] Do not lock execution of code-remote (revert) Instead, rely on `nonparallel`. In any case cdist should never run explorer and code concurrently even if the dependency graph would allow to do so as it would result in many more synchronization issues than this one. --- cdist/conf/type/__package_opkg/gencode-remote | 32 ++----------------- 1 file changed, 2 insertions(+), 30 deletions(-) diff --git a/cdist/conf/type/__package_opkg/gencode-remote b/cdist/conf/type/__package_opkg/gencode-remote index c7f21751..28caff71 100755 --- a/cdist/conf/type/__package_opkg/gencode-remote +++ b/cdist/conf/type/__package_opkg/gencode-remote @@ -25,9 +25,9 @@ if test -f "${__object}/parameter/name" then - name=$(cat "${__object}/parameter/name") + name=$(cat "${__object}/parameter/name") else - name=$__object_id + name=$__object_id fi state_should=$(cat "${__object}/parameter/state") @@ -46,34 +46,6 @@ then exit 0 fi -cat <<'EOF' -readonly __type_path=${__object%%${__object_id}*} -readonly LOCKFILE="${__type_path}/cdist_opkg.lock" - -_lock() ( - set -o noclobber - until echo $$>"${LOCKFILE}" - do - while test -f "${LOCKFILE}"; do sleep 1; done - done - -) 2>/dev/null -_unlock() { - if test -s "${LOCKFILE}" && test "$(cat "${LOCKFILE}")" = $$ - then - rm "${LOCKFILE}" - fi -} -EOF - -# NOTE: We need to lock parallel execution of code-remote to ensure that it is -# not executed concurrently with a type explorer. -# opkg will try to acquire the OPKG lock (usually /var/lock/opkg.lock) using -# lockf(2) for every operation. -# It will not wait for the lock but terminate with an error leading to an -# incorrect outcome. -echo 'trap _unlock EXIT' -echo '_lock' case $state_should in From a9778965be7154c0f42cf0170142ee2ec571d7ec Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Wed, 24 Jun 2020 08:47:22 +0200 Subject: [PATCH 173/176] [type/__package_opkg] Use mkdir(1) to lock instead of noclobber noclobber is potentially unsafe, because it relies on the underlying shell to implement noclobber in a safe way that avoids race conditions between multiple processes. mkdir is safer because it is mandated by POSIX to "fail" if the target already exists. --- .../type/__package_opkg/explorer/pkg_status | 25 ++++++++++++------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/cdist/conf/type/__package_opkg/explorer/pkg_status b/cdist/conf/type/__package_opkg/explorer/pkg_status index 9d993055..09c550e5 100755 --- a/cdist/conf/type/__package_opkg/explorer/pkg_status +++ b/cdist/conf/type/__package_opkg/explorer/pkg_status @@ -24,21 +24,28 @@ # readonly __type_path=${__object%%${__object_id}*} -readonly LOCKFILE="${__type_path}/cdist_opkg.lock" +test -d "${__type_path}" || { echo 'Cannot determine __type_path' >&2; exit 1; } +readonly LOCKDIR="${__type_path:?}/.cdist_opkg.lock.dir" -_lock() ( - set -o noclobber - until echo $$>"${LOCKFILE}" +_lock() { + until mkdir "${LOCKDIR:?}" 2>/dev/null do - while test -f "${LOCKFILE}"; do sleep 1; done + while test -d "${LOCKDIR}" + do + # DEBUG: printf 'Locked by PID: %u\n' "$(cat "${LOCKDIR}/pid")" + sleep 1 + done done - -) 2>/dev/null + echo $$ >"${LOCKDIR:?}/pid" +} _unlock() { - if test -s "${LOCKFILE}" && test "$(cat "${LOCKFILE}")" = $$ + test -d "${LOCKDIR}" || return 0 + if test -s "${LOCKDIR}/pid" then - rm "${LOCKFILE}" + test "$(cat "${LOCKDIR}/pid")" = $$ || return 1 + rm "${LOCKDIR:?}/pid" fi + rmdir "${LOCKDIR:?}" } From 5364d3bc9037969c415140523c5cac2f8891b967 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Wed, 24 Jun 2020 20:49:48 +0200 Subject: [PATCH 174/176] [type/__package_opkg] Implement flock locking if available --- .../type/__package_opkg/explorer/pkg_status | 55 ++++++++++++------- 1 file changed, 36 insertions(+), 19 deletions(-) diff --git a/cdist/conf/type/__package_opkg/explorer/pkg_status b/cdist/conf/type/__package_opkg/explorer/pkg_status index 09c550e5..de7b896b 100755 --- a/cdist/conf/type/__package_opkg/explorer/pkg_status +++ b/cdist/conf/type/__package_opkg/explorer/pkg_status @@ -25,28 +25,45 @@ readonly __type_path=${__object%%${__object_id}*} test -d "${__type_path}" || { echo 'Cannot determine __type_path' >&2; exit 1; } -readonly LOCKDIR="${__type_path:?}/.cdist_opkg.lock.dir" +readonly LOCKFILE="${__type_path:?}/.cdist_opkg.lock" -_lock() { - until mkdir "${LOCKDIR:?}" 2>/dev/null - do - while test -d "${LOCKDIR}" +if command -v flock >/dev/null 2>&1 +then + # use flock (if available) on FD 9 + _lock() { + exec 9<>"${LOCKFILE:?}" + flock -x 9 + echo $$>&9 + } + _unlock() { + :>"${LOCKFILE:?}" + flock -u 9 + exec 9<&- + } +else + # fallback to mkdir if flock is missing + _lock() { + until mkdir "${LOCKFILE:?}.dir" 2>/dev/null do - # DEBUG: printf 'Locked by PID: %u\n' "$(cat "${LOCKDIR}/pid")" - sleep 1 + while test -d "${LOCKFILE}.dir" + do + # DEBUG: + # printf 'Locked by PID: %u\n' "$(cat "${LOCKFILE}.dir/pid")" + sleep 1 + done done - done - echo $$ >"${LOCKDIR:?}/pid" -} -_unlock() { - test -d "${LOCKDIR}" || return 0 - if test -s "${LOCKDIR}/pid" - then - test "$(cat "${LOCKDIR}/pid")" = $$ || return 1 - rm "${LOCKDIR:?}/pid" - fi - rmdir "${LOCKDIR:?}" -} + echo $$ >"${LOCKFILE:?}.dir/pid" + } + _unlock() { + test -d "${LOCKFILE}.dir" || return 0 + if test -s "${LOCKFILE}.dir/pid" + then + test "$(cat "${LOCKFILE}.dir/pid")" = $$ || return 1 + rm "${LOCKFILE:?}.dir/pid" + fi + rmdir "${LOCKFILE:?}.dir" + } +fi if test -f "${__object}/parameter/name" From 7074f9c395d3ab6f763682f860744ac8d12a8c26 Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Thu, 25 Jun 2020 06:32:10 +0200 Subject: [PATCH 175/176] ++changelog --- docs/changelog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/changelog b/docs/changelog index a0de09fa..f1713d3b 100644 --- a/docs/changelog +++ b/docs/changelog @@ -3,6 +3,8 @@ Changelog next: * New type: __download (Ander Punnar) + * Type __locale_system: Add devuan support (Dennis Camera) + * Type __package_opkg: Add locking (Dennis Camera) 6.6.0: 2020-06-17 * Type __ssh_authorized_keys: Add option for removing undefined keys (Ander Punnar) From 077989e8fd749339da9a6ca8458b2c73ac71672c Mon Sep 17 00:00:00 2001 From: Darko Poljak Date: Sat, 27 Jun 2020 15:55:04 +0200 Subject: [PATCH 176/176] Remove annoying warnings Those warnings don't have any specail meaning and usage. Resolve #825. --- cdist/util/ipaddr.py | 4 ---- 1 file changed, 4 deletions(-) diff --git a/cdist/util/ipaddr.py b/cdist/util/ipaddr.py index 9b730225..95ca74ee 100644 --- a/cdist/util/ipaddr.py +++ b/cdist/util/ipaddr.py @@ -45,8 +45,6 @@ def resolve_target_host_name(host, family=0): log.debug("derived host_name for host \"{}\": {}".format( host, host_name)) except (socket.gaierror, socket.herror) as e: - log.warning("Could not derive host_name for {}" - ", $host_name will be empty. Error is: {}".format(host, e)) # in case of error provide empty value host_name = '' return host_name @@ -59,8 +57,6 @@ def resolve_target_fqdn(host): log.debug("derived host_fqdn for host \"{}\": {}".format( host, host_fqdn)) except socket.herror as e: - log.warning("Could not derive host_fqdn for {}" - ", $host_fqdn will be empty. Error is: {}".format(host, e)) # in case of error provide empty value host_fqdn = '' return host_fqdn