Merge branch 'master' into 'fix/type/__user/openbsd-shadow'

# Conflicts:
#   cdist/conf/type/__user/explorer/shadow
This commit is contained in:
ssrq 2020-06-30 14:26:23 +02:00
commit 9e33a8f42f
168 changed files with 2572 additions and 737 deletions

View file

@ -1,6 +1,8 @@
stages: stages:
- test - test
image: code.ungleich.ch:5050/ungleich-public/cdist/cdist-ci:latest
unit_tests: unit_tests:
stage: test stage: test
script: script:

7
README
View file

@ -1,7 +0,0 @@
cdist
-----
cdist is a usable configuration management system.
For the web documentation have a look at https://www.cdi.st/
or at docs/src for reStructuredText manual.

31
README.md Normal file
View file

@ -0,0 +1,31 @@
# cdist
**cdist** is a usable configuration management system.
It adheres to the [**KISS principle**](https://en.wikipedia.org/wiki/KISS_principle)
and is being used in small up to enterprise grade environments.
For more information have a look at [**homepage**](https://cdi.st)
or at **``docs/src``** for manual in **reStructuredText** format.
## Contributing
Merge/Pull requests can be made in both
[upstream **GitLab**](https://code.ungleich.ch/ungleich-public/cdist/merge_requests)
(managed by [**ungleich**](https://ungleich.ch))
and [**GitHub** project](https://github.com/ungleich/cdist/pulls).
Issues can be made and other project management activites happen
[**only in GitLab**](https://code.ungleich.ch/ungleich-public/cdist)
(needs [**ungleich** account](https://account.ungleich.ch)).
For community-maintained types there is
[**cdist-contrib** project](https://code.ungleich.ch/ungleich-public/cdist-contrib).
## Participating
IRC: ``#cdist`` @ freenode
Matrix: ``#cdist:ungleich.ch``
Mattermost: https://chat.ungleich.ch/ungleich/channels/cdist

View file

@ -26,6 +26,7 @@ import hashlib
import cdist.log import cdist.log
import cdist.version import cdist.version
VERSION = cdist.version.VERSION VERSION = cdist.version.VERSION
BANNER = """ BANNER = """
@ -48,6 +49,9 @@ REMOTE_EXEC = "ssh -o User=root"
REMOTE_CMDS_CLEANUP_PATTERN = "ssh -o User=root -O exit -S {}" REMOTE_CMDS_CLEANUP_PATTERN = "ssh -o User=root -O exit -S {}"
MIN_SUPPORTED_PYTHON_VERSION = '3.5'
class Error(Exception): class Error(Exception):
"""Base exception class for this project""" """Base exception class for this project"""
pass pass

View file

@ -5,6 +5,7 @@ import logging
import collections import collections
import functools import functools
import cdist.configuration import cdist.configuration
import cdist.log
import cdist.preos import cdist.preos
import cdist.info import cdist.info
@ -125,6 +126,14 @@ def get_parsers():
'value.'), 'value.'),
action='count', default=None) action='count', default=None)
parser['colored_output'] = argparse.ArgumentParser(add_help=False)
parser['colored_output'].add_argument(
'--colors', metavar='WHEN',
help="Colorize cdist's output based on log level; "
"WHEN is 'always', 'never', or 'auto'.",
action='store', dest='colored_output', required=False,
choices=cdist.configuration.ColoredOutputOption.CHOICES)
parser['beta'] = argparse.ArgumentParser(add_help=False) parser['beta'] = argparse.ArgumentParser(add_help=False)
parser['beta'].add_argument( parser['beta'].add_argument(
'-b', '--beta', '-b', '--beta',
@ -197,6 +206,13 @@ def get_parsers():
'supported. Without argument CPU count is used by default. '), 'supported. Without argument CPU count is used by default. '),
action='store', dest='jobs', action='store', dest='jobs',
const=multiprocessing.cpu_count()) const=multiprocessing.cpu_count())
parser['config_main'].add_argument(
'--log-server',
action='store_true',
help=('Start a log server for sub processes to use. '
'This is mainly useful when running cdist nested '
'from a code-local script. Log server is alwasy '
'implicitly started for \'install\' command.'))
parser['config_main'].add_argument( parser['config_main'].add_argument(
'-n', '--dry-run', '-n', '--dry-run',
help='Do not execute code.', action='store_true') help='Do not execute code.', action='store_true')
@ -283,6 +299,7 @@ def get_parsers():
'host', nargs='*', help='Host(s) to operate on.') 'host', nargs='*', help='Host(s) to operate on.')
parser['config'] = parser['sub'].add_parser( parser['config'] = parser['sub'].add_parser(
'config', parents=[parser['loglevel'], parser['beta'], 'config', parents=[parser['loglevel'], parser['beta'],
parser['colored_output'],
parser['common'], parser['common'],
parser['config_main'], parser['config_main'],
parser['inventory_common'], parser['inventory_common'],
@ -301,6 +318,7 @@ def get_parsers():
parser['add-host'] = parser['invsub'].add_parser( parser['add-host'] = parser['invsub'].add_parser(
'add-host', parents=[parser['loglevel'], parser['beta'], 'add-host', parents=[parser['loglevel'], parser['beta'],
parser['colored_output'],
parser['common'], parser['common'],
parser['inventory_common']]) parser['inventory_common']])
parser['add-host'].add_argument( parser['add-host'].add_argument(
@ -315,6 +333,7 @@ def get_parsers():
parser['add-tag'] = parser['invsub'].add_parser( parser['add-tag'] = parser['invsub'].add_parser(
'add-tag', parents=[parser['loglevel'], parser['beta'], 'add-tag', parents=[parser['loglevel'], parser['beta'],
parser['colored_output'],
parser['common'], parser['common'],
parser['inventory_common']]) parser['inventory_common']])
parser['add-tag'].add_argument( parser['add-tag'].add_argument(
@ -346,6 +365,7 @@ def get_parsers():
parser['del-host'] = parser['invsub'].add_parser( parser['del-host'] = parser['invsub'].add_parser(
'del-host', parents=[parser['loglevel'], parser['beta'], 'del-host', parents=[parser['loglevel'], parser['beta'],
parser['colored_output'],
parser['common'], parser['common'],
parser['inventory_common']]) parser['inventory_common']])
parser['del-host'].add_argument( parser['del-host'].add_argument(
@ -363,6 +383,7 @@ def get_parsers():
parser['del-tag'] = parser['invsub'].add_parser( parser['del-tag'] = parser['invsub'].add_parser(
'del-tag', parents=[parser['loglevel'], parser['beta'], 'del-tag', parents=[parser['loglevel'], parser['beta'],
parser['colored_output'],
parser['common'], parser['common'],
parser['inventory_common']]) parser['inventory_common']])
parser['del-tag'].add_argument( parser['del-tag'].add_argument(
@ -398,6 +419,7 @@ def get_parsers():
parser['list'] = parser['invsub'].add_parser( parser['list'] = parser['invsub'].add_parser(
'list', parents=[parser['loglevel'], parser['beta'], 'list', parents=[parser['loglevel'], parser['beta'],
parser['colored_output'],
parser['common'], parser['common'],
parser['inventory_common']]) parser['inventory_common']])
parser['list'].add_argument( parser['list'].add_argument(
@ -430,7 +452,7 @@ def get_parsers():
# Shell # Shell
parser['shell'] = parser['sub'].add_parser( parser['shell'] = parser['sub'].add_parser(
'shell', parents=[parser['loglevel']]) 'shell', parents=[parser['loglevel'], parser['colored_output']])
parser['shell'].add_argument( parser['shell'].add_argument(
'-s', '--shell', '-s', '--shell',
help=('Select shell to use, defaults to current shell. Used shell' help=('Select shell to use, defaults to current shell. Used shell'
@ -478,7 +500,12 @@ def handle_loglevel(args):
if hasattr(args, 'quiet') and args.quiet: if hasattr(args, 'quiet') and args.quiet:
args.verbose = _verbosity_level_off args.verbose = _verbosity_level_off
logging.root.setLevel(_verbosity_level[args.verbose]) logging.getLogger().setLevel(_verbosity_level[args.verbose])
def handle_log_colors(args):
if cdist.configuration.ColoredOutputOption.translate(args.colored_output):
cdist.log.CdistFormatter.USE_COLORS = True
def parse_and_configure(argv, singleton=True): def parse_and_configure(argv, singleton=True):
@ -492,6 +519,7 @@ def parse_and_configure(argv, singleton=True):
raise cdist.Error(str(e)) raise cdist.Error(str(e))
# Loglevels are handled globally in here # Loglevels are handled globally in here
handle_loglevel(args) handle_loglevel(args)
handle_log_colors(args)
log = logging.getLogger("cdist") log = logging.getLogger("cdist")

View file

@ -32,6 +32,10 @@ case "$os" in
sysctl -n hw.ncpuonline sysctl -n hw.ncpuonline
;; ;;
"freebsd"|"netbsd")
sysctl -n hw.ncpu
;;
*) *)
if [ -r /proc/cpuinfo ]; then if [ -r /proc/cpuinfo ]; then
cores="$(grep "core id" /proc/cpuinfo | sort | uniq | wc -l)" cores="$(grep "core id" /proc/cpuinfo | sort | uniq | wc -l)"

View file

@ -1,27 +1,67 @@
#!/bin/sh #!/bin/sh -e
#
# based on previous work by other people, modified by:
# 2020 Dennis Camera <dennis.camera at ssrq-sds-fds.ch>
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# Finds disks of the system (excl. ram disks, floppy, cdrom)
uname_s="$(uname -s)" uname_s="$(uname -s)"
case "${uname_s}" in case $uname_s in
FreeBSD) FreeBSD)
sysctl -n kern.disks sysctl -n kern.disks
;; ;;
OpenBSD|NetBSD) OpenBSD)
sysctl -n hw.disknames | grep -Eo '[lsw]d[0-9]+' | xargs sysctl -n hw.disknames | grep -Eo '[lsw]d[0-9]+'
;;
NetBSD)
PATH="${PATH}:/usr/local/sbin:/usr/sbin:/sbin"
sysctl -n hw.disknames \
| awk 'BEGIN { RS = " " } /^[lsw]d[0-9]+/'
;; ;;
Linux) Linux)
if command -v lsblk > /dev/null # list of major device numbers toexclude:
# ram disks, floppies, cdroms
# https://www.kernel.org/doc/Documentation/admin-guide/devices.txt
ign_majors='1 2 11'
if command -v lsblk >/dev/null 2>&1
then then
# exclude ram disks, floppies and cdroms lsblk -e "$(echo "$ign_majors" | tr ' ' ',')" -dno name
# https://www.kernel.org/doc/Documentation/admin-guide/devices.txt elif test -d /sys/block/
lsblk -e 1,2,11 -dno name | xargs then
# shellcheck disable=SC2012
ls -1 /sys/block/ \
| awk -v ign_majors="$(echo "$ign_majors" | tr ' ' '|')" '
{
devfile = "/sys/block/" $0 "/dev"
getline devno < devfile
close(devfile)
if (devno !~ "^(" ign_majors "):") print
}'
else else
printf "Don't know how to list disks for %s operating system without lsblk, if you can please submit a patch\n" "${uname_s}" >&2 echo "Don't know how to list disks on Linux without lsblk and sysfs." >&2
echo 'If you can, please submit a patch.'>&2
fi fi
;; ;;
*) *)
printf "Don't know how to list disks for %s operating system, if you can please submit a patch\n" "${uname_s}" >&2 printf "Don't know how to list disks for %s operating system.\n" "${uname_s}" >&2
printf 'If you can please submit a patch\n' >&2
;; ;;
esac esac \
| xargs
exit 0

View file

@ -1,7 +1,8 @@
#!/bin/sh #!/bin/sh -e
# #
# 2016 Daniel Heule (hda at sfs.biz) # 2016 Daniel Heule (hda at sfs.biz)
# Copyright 2017, Philippe Gregoire <pg@pgregoire.xyz> # Copyright 2017, Philippe Gregoire <pg@pgregoire.xyz>
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -19,21 +20,423 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
# #
# Returns the process name of pid 1 ( normaly the init system ) # Returns the name of the init system (PID 1)
# for example at linux this value is "init" or "systemd" in most cases
# Expected values:
# Linux:
# Adélie Linux:
# sysvinit+openrc
# Alpine Linux:
# busybox-init+openrc
# ArchLinux:
# systemd, sysvinit
# CRUX:
# sysvinit
# Debian:
# systemd, upstart, sysvinit, openrc, ???
# Devuan:
# sysvinit, sysvinit+openrc
# Gentoo:
# sysvinit+openrc, openrc-init, systemd
# OpenBMC:
# systemd
# OpenWrt:
# procd, init???
# RedHat (RHEL, CentOS, Fedora, RedHat Linux, ...):
# systemd, upstart, upstart-legacy, sysvinit
# Slackware:
# sysvinit
# SuSE:
# systemd, sysvinit
# Ubuntu:
# systemd, upstart, upstart-legacy, sysvinit
# VoidLinux:
# runit
# #
# GNU:
# Debian:
# sysvinit, hurd-init
#
# BSD:
# {Free,Open,Net}BSD:
# init
#
# Mac OS X:
# launchd, init+SystemStarter
#
# Solaris/Illumos:
# smf, init???
uname_s="$(uname -s)" # NOTE: init systems can be stacked. This is popular to run OpenRC on top of
# sysvinit (Gentoo) or busybox-init (Alpine), but can also be used to run runit
# as a systemd service. This makes init system detection very complicated
# (which result is expected?) This script tries to untangle some combinations,
# OpenRC on top of sysv or busybox (X+openrc), but will ignore others (runit as
# a systemd service)
case "$uname_s" in # NOTE: When we have no idea, nothing will be printed!
Linux)
(pgrep -P0 -l | awk '/^1[ \t]/ {print $2;}') || true # NOTE:
;; # When trying to gather information about the init system make sure to do so
FreeBSD|OpenBSD) # without calling the binary! On some systems this triggers a reinitialisation
ps -o comm= -p 1 || true # of the system which we don't want (e.g. embedded systems).
;;
*)
# return a empty string as unknown value set -e
echo ""
;; KERNEL_NAME=$(uname -s)
esac
KNOWN_INIT_SYSTEMS=$(cat <<EOF
systemd
sysvinit
upstart
runit
procd
smf
launchd
init
hurd_init
systemstarter
EOF
)
common_candidates_by_kernel() {
case $KERNEL_NAME
in
FreeBSD|NetBSD|OpenBSD)
echo init
;;
Linux)
echo systemd
echo sysvinit
echo upstart
;;
GNU)
echo sysvinit
echo hurd-init
;;
Darwin)
echo launchd
echo systemstarter
;;
SunOS)
echo smf
;;
esac
}
## Helpers
trim() {
sed -e 's/^[[:blank:]]*//' -e 's/[[:blank:]]*$//' -e '/^[[:blank:]]*$/d'
}
unique() {
# Delete duplicate lines (keeping input order)
# NOTE: Solaris AWK breaks without if/print construct.
awk '{ if (!x[$0]++) print }'
}
## Check functions
# These functions are used to verify if a guess is correct by checking some
# common property of a running system (presence of a directory in /run etc.)
check_busybox_init() (
busybox_path=${1:-/bin/busybox}
test -x "${busybox_path}" || return 1
grep -q 'BusyBox v[0-9]' "${busybox_path}" || return 1
# It is quite common to use Busybox init to stack other init systemd
# (like OpenRC) on top of it. So we check for that, too.
if stacked=$(check_openrc)
then
echo "busybox-init+${stacked}"
else
echo busybox-init
fi
)
check_hurd_init() (
init_exe=${1:-/hurd/init}
test -x "${init_exe}" || return 1
grep -q 'GNU Hurd' "${init_exe}" || return 1
echo hurd-init
)
check_init() {
# Checks for various BSD inits...
test -x /sbin/init || return 1
if grep -q -E '(Free|Net|Open)BSD' /sbin/init
then
echo init
return 0
fi
}
check_launchd() {
command -v launchctl >/dev/null 2>&1 || return 1
launchctl getenv PATH >/dev/null || return 1
echo launchd
}
check_openrc() {
test -f /run/openrc/softlevel || return 1
echo openrc
}
check_procd() (
procd_path=${1:-/sbin/procd}
test -x "${procd_path}" || return 1
grep -q 'procd' "${procd_path}" || return 1
echo procd
)
check_runit() {
test -d /run/runit || return 1
echo runit
}
check_smf() {
# XXX: Is this the correct way??
test -f /etc/svc/volatile/svc_nonpersist.db || return 1
echo smf
}
check_systemd() {
# NOTE: sd_booted(3)
test -d /run/systemd/system/ || return 1
# systemctl --version | sed -e '/^systemd/!d;s/^systemd //'
echo systemd
}
check_systemstarter() {
test -d /System/Library/StartupItems/ || return 1
test -f /System/Library/StartupItems/LoginWindow/StartupParameters.plist || return 1
echo init+SystemStarter
}
check_sysvinit() (
init_path=${1:-/sbin/init}
test -x "${init_path}" || return 1
grep -q 'INIT_VERSION=sysvinit-[0-9.]*' "${init_path}" || return 1
# It is quite common to use SysVinit to stack other init systemd
# (like OpenRC) on top of it. So we check for that, too.
if stacked=$(check_openrc)
then
echo "sysvinit+${stacked}"
else
echo sysvinit
fi
unset stacked
)
check_upstart() {
test -x "$(command -v initctl)" || return 1
case $(initctl version)
in
*'(upstart '*')')
if test -d /etc/init
then
# modern (DBus-based?) upstart >= 0.5
echo upstart
elif test -d /etc/event.d
then
# ancient upstart
echo upstart-legacy
else
# whatever...
echo upstart
fi
;;
*)
return 1
;;
esac
}
find_init_procfs() (
# First, check if the required file in procfs exists...
test -h /proc/1/exe || return 1
# Find init executable
init_exe=$(ls -l /proc/1/exe 2>/dev/null) || return 1
init_exe=${init_exe#* -> }
if ! test -x "$init_exe"
then
# On some rare occasions it can happen that the
# running init's binary has been replaced. In this
# case Linux adjusts the symlink to "X (deleted)"
# [root@fedora-12 ~]# readlink /proc/1/exe
# /sbin/init (deleted)
# [root@fedora-12 ~]# ls -l /proc/1/exe
# lrwxrwxrwx. 1 root root 0 2020-01-30 23:00 /proc/1/exe -> /sbin/init (deleted)
init_exe=${init_exe% (deleted)}
test -x "$init_exe" || return 1
fi
echo "${init_exe}"
)
guess_by_path() {
case $1
in
/bin/busybox)
check_busybox_init "$1" && return
;;
/lib/systemd/systemd)
check_systemd "$1" && return
;;
/hurd/init)
check_hurd_init "$1" && return
;;
/sbin/launchd)
check_launchd "$1" && return
;;
/usr/bin/runit|/sbin/runit)
check_runit "$1" && return
;;
/sbin/openrc-init)
if check_openrc "$1" >/dev/null
then
echo openrc-init
return
fi
;;
/sbin/procd)
check_procd "$1" && return
;;
/sbin/init|*/init)
# init: it could be anything -> (explicit) no match
return 1
;;
esac
# No match
return 1
}
guess_by_comm_name() {
case $1
in
busybox)
check_busybox_init && return
;;
openrc-init)
if check_openrc >/dev/null
then
echo openrc-init
return 0
fi
;;
init)
# init could be anything -> no match
return 1
;;
*)
# Run check function by comm name if available.
# Fall back to comm name if either it does not exist or
# returns non-zero.
if type "check_$1" >/dev/null
then
"check_$1" && return
else
echo "$1" ; return 0
fi
esac
return 1
}
check_list() (
# List must be a multi-line input on stdin (one name per line)
while read -r init
do
"check_${init}" || continue
return 0
done
return 1
)
# BusyBox's versions of ps and pgrep do not support some options
# depending on which compile-time options have been used.
find_init_pgrep() {
pgrep -P0 -fl 2>/dev/null | awk -F '[[:blank:]]' '$1 == 1 { print $2 }'
}
find_init_ps() {
case $KERNEL_NAME
in
Darwin)
ps -o command -p 1 2>/dev/null | tail -n +2
;;
FreeBSD)
ps -o args= -p 1 2>/dev/null | cut -d ' ' -f 1
;;
Linux)
ps -o comm= -p 1 2>/dev/null
;;
NetBSD)
ps -o comm= -p 1 2>/dev/null
;;
OpenBSD)
ps -o args -p 1 2>/dev/null | tail -n +2 | cut -d ' ' -f 1
;;
*)
ps -o args= -p 1 2>/dev/null
;;
esac | trim # trim trailing whitespace (some ps like Darwin add it)
}
find_init() {
case $KERNEL_NAME
in
Linux|GNU|NetBSD)
find_init_procfs || find_init_pgrep || find_init_ps
;;
FreeBSD)
find_init_procfs || find_init_ps
;;
OpenBSD)
find_init_pgrep || find_init_ps
;;
Darwin|SunOS)
find_init_ps
;;
*)
echo "Don't know how to determine init." >&2
echo 'Please send a patch.' >&2
exit 1
esac
}
# -----
init=$(find_init)
# If we got a path, guess by the path first (fall back to file name if no match)
# else guess by file name directly.
# shellcheck disable=SC2015
{
test -x "${init}" \
&& guess_by_path "${init}" \
|| guess_by_comm_name "$(basename "${init}")"
} && exit 0 || true
# Guessing based on the file path and name didnt lead to a definitive result.
#
# We go through all of the checks until we find a match. To speed up the
# process, common cases will be checked first based on the underlying kernel.
{ common_candidates_by_kernel; echo "${KNOWN_INIT_SYSTEMS}"; } \
| unique | check_list

View file

@ -2,6 +2,7 @@
# #
# 2014 Daniel Heule (hda at sfs.biz) # 2014 Daniel Heule (hda at sfs.biz)
# 2014 Thomas Oettli (otho at sfs.biz) # 2014 Thomas Oettli (otho at sfs.biz)
# 2020 Evilham (contact at evilham.com)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -18,63 +19,91 @@
# You should have received a copy of the GNU General Public License # You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
#
# FIXME: other system types (not linux ...) os=$("$__explorer/os")
if [ -d "/proc/vz" ] && [ ! -d "/proc/bc" ]; then vendor_string_to_machine_type() {
echo openvz for vendor in vmware bochs kvm qemu virtualbox bhyve; do
exit if echo "${1}" | grep -q -i "${vendor}"; then
fi if [ "${vendor}" = "bochs" ] || [ "${vendor}" = "qemu" ]; then
vendor="kvm"
fi
echo "virtual_by_${vendor}"
exit
fi
done
}
if [ -e "/proc/1/environ" ] && case "$os" in
tr '\000' '\n' < "/proc/1/environ" | grep -Eiq '^container='; then "freebsd")
echo lxc # FreeBSD does not have /proc/cpuinfo even when procfs is used.
exit # Instead there is a sysctl kern.vm_guest.
fi # Which is 'none' if physical, else the virtualisation.
vm_guest="$(sysctl -n kern.vm_guest 2>/dev/null || true)"
if [ -r /proc/cpuinfo ]; then if [ -n "${vm_guest}" ]; then
# this should only exist on virtual guest machines, if [ "${vm_guest}" = "none" ]; then
# tested on vmware, xen, kvm echo "physical"
if grep -q "hypervisor" /proc/cpuinfo; then
# this file is aviable in xen guest systems
if [ -r /sys/hypervisor/type ]; then
if grep -q -i "xen" /sys/hypervisor/type; then
echo virtual_by_xen
exit exit
fi fi
else echo "virtual_by_${vm_guest}"
if [ -r /sys/class/dmi/id/product_name ]; then exit
if grep -q -i 'vmware' /sys/class/dmi/id/product_name; then fi
echo "virtual_by_vmware" ;;
exit
elif grep -q -i 'bochs' /sys/class/dmi/id/product_name; then
echo "virtual_by_kvm"
exit
elif grep -q -i 'virtualbox' /sys/class/dmi/id/product_name; then
echo "virtual_by_virtualbox"
exit
fi
fi
if [ -r /sys/class/dmi/id/sys_vendor ]; then "openbsd")
if grep -q -i 'qemu' /sys/class/dmi/id/sys_vendor; then # OpenBSD can also use the sysctl's: hw.vendor or hw.product.
echo "virtual_by_kvm" # Note we can be reasonably sure about a machine being virtualised
exit # as long as we can identify the virtualisation technology.
fi # But not so much about it being physical...
fi # Patches are welcome / reach out if you have better ideas.
for sysctl in hw.vendor hw.product; do
# This exits if we can make a reasonable judgement
vendor_string_to_machine_type "$(sysctl -n "${sysctl}")"
done
;;
if [ -r /sys/class/dmi/id/chassis_vendor ]; then *)
if grep -q -i 'qemu' /sys/class/dmi/id/chassis_vendor; then # Defaulting to linux for compatibility with previous cdist behaviour
echo "virtual_by_kvm"
exit if [ -d "/proc/vz" ] && [ ! -d "/proc/bc" ]; then
echo openvz
exit
fi
if [ -e "/proc/1/environ" ] &&
tr '\000' '\n' < "/proc/1/environ" | grep -Eiq '^container='; then
echo lxc
exit
fi
if [ -r /proc/cpuinfo ]; then
# this should only exist on virtual guest machines,
# tested on vmware, xen, kvm, bhyve
if grep -q "hypervisor" /proc/cpuinfo; then
# this file is aviable in xen guest systems
if [ -r /sys/hypervisor/type ]; then
if grep -q -i "xen" /sys/hypervisor/type; then
echo virtual_by_xen
exit
fi
else
for vendor_file in /sys/class/dmi/id/product_name \
/sys/class/dmi/id/sys_vendor \
/sys/class/dmi/id/chasis_vendor; do
if [ -r ${vendor_file} ]; then
# This exits if we can make a reasonable judgement
vendor_string_to_machine_type "$(cat "${vendor_file}")"
fi
done
fi fi
echo "virtual_by_unknown"
exit
else
echo "physical"
exit
fi fi
fi fi
echo "virtual_by_unknown" ;;
else esac
echo "physical"
fi echo "unknown"
else
echo "unknown"
fi

View file

@ -29,7 +29,7 @@ case "$os" in
echo "$(sysctl -n hw.memsize)/1024" | bc echo "$(sysctl -n hw.memsize)/1024" | bc
;; ;;
"openbsd") *"bsd")
echo "$(sysctl -n hw.physmem) / 1048576" | bc echo "$(sysctl -n hw.physmem) / 1048576" | bc
;; ;;

View file

@ -143,6 +143,11 @@ case "$uname_s" in
esac esac
if [ -f /etc/os-release ]; then if [ -f /etc/os-release ]; then
# after sles15, suse don't provide an /etc/SuSE-release anymore, but there is almost no difference between sles and opensuse leap, so call it suse
if grep -q ^ID_LIKE=\"suse\" /etc/os-release 2>/dev/null; then
echo suse
exit 0
fi
# already lowercase, according to: # already lowercase, according to:
# https://www.freedesktop.org/software/systemd/man/os-release.html # https://www.freedesktop.org/software/systemd/man/os-release.html
awk -F= '/^ID=/ { if ($2 ~ /^'"'"'(.*)'"'"'$/ || $2 ~ /^"(.*)"$/) { print substr($2, 2, length($2) - 2) } else { print $2 } }' /etc/os-release awk -F= '/^ID=/ { if ($2 ~ /^'"'"'(.*)'"'"'$/ || $2 ~ /^"(.*)"$/) { print substr($2, 2, length($2) - 2) } else { print $2 } }' /etc/os-release

View file

@ -1,6 +1,7 @@
#!/bin/sh #!/bin/sh
# #
# 2018 Adam Dej (dejko.a at gmail.com) # 2018 Adam Dej (dejko.a at gmail.com)
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -21,6 +22,17 @@
# See os-release(5) and http://0pointer.de/blog/projects/os-release # See os-release(5) and http://0pointer.de/blog/projects/os-release
set +e if test -f /etc/os-release
then
# Linux and FreeBSD (usually a symlink)
cat /etc/os-release
elif test -f /usr/lib/os-release
then
# systemd
cat /usr/lib/os-release
elif test -f /var/run/os-release
then
# FreeBSD (created by os-release service)
cat /var/run/os-release
fi
cat /etc/os-release || cat /usr/lib/os-release || true

View file

@ -70,4 +70,7 @@ case "$("$__explorer/os")" in
ubuntu) ubuntu)
lsb_release -sr lsb_release -sr
;; ;;
alpine)
cat /etc/alpine-release
;;
esac esac

View file

@ -20,7 +20,13 @@
file_is="$( cat "$__object/explorer/file_is" )" file_is="$( cat "$__object/explorer/file_is" )"
[ "$file_is" = 'missing' ] && [ -z "$__cdist_dry_run" ] && exit 0 if [ "$file_is" = 'missing' ] \
&& [ -z "$__cdist_dry_run" ] \
&& \( [ ! -f "$__object/parameter/file" ] \
|| [ ! -f "$__object/parameter/directory" ] \)
then
exit 0
fi
os="$( cat "$__global/explorer/os" )" os="$( cat "$__global/explorer/os" )"
@ -28,7 +34,17 @@ acl_path="/$__object_id"
acl_is="$( cat "$__object/explorer/acl_is" )" acl_is="$( cat "$__object/explorer/acl_is" )"
if [ -f "$__object/parameter/entry" ] if [ -f "$__object/parameter/source" ]
then
acl_source="$( cat "$__object/parameter/source" )"
if [ "$acl_source" = '-' ]
then
acl_should="$( cat "$__object/stdin" )"
else
acl_should="$( grep -Ev '^#|^$' "$acl_source" )"
fi
elif [ -f "$__object/parameter/entry" ]
then then
acl_should="$( cat "$__object/parameter/entry" )" acl_should="$( cat "$__object/parameter/entry" )"
elif [ -f "$__object/parameter/acl" ] elif [ -f "$__object/parameter/acl" ]

View file

@ -19,6 +19,20 @@ entry
Set ACL entry following ``getfacl`` output syntax. Set ACL entry following ``getfacl`` output syntax.
OPTIONAL PARAMETERS
-------------------
source
Read ACL entries from stdin or file.
Ordering of entries is not important.
When reading from file, comments and empty lines are ignored.
file
Create/change file with ``__file`` using ``user:group:mode`` pattern.
directory
Create/change directory with ``__directory`` using ``user:group:mode`` pattern.
BOOLEAN PARAMETERS BOOLEAN PARAMETERS
------------------ ------------------
default default
@ -71,6 +85,17 @@ EXAMPLES
--entry group:secret-project:rwx \ --entry group:secret-project:rwx \
--entry user:alice:r-x --entry user:alice:r-x
# read acl from stdin
echo 'user:alice:rwx' \
| __acl /path/to/directory --source -
# create/change directory too
__acl /path/to/directory \
--default \
--remove \
--directory root:root:770 \
--entry user:nobody:rwx
AUTHORS AUTHORS
------- -------

11
cdist/conf/type/__acl/manifest Executable file
View file

@ -0,0 +1,11 @@
#!/bin/sh -e
for p in file directory
do
[ ! -f "$__object/parameter/$p" ] && continue
"__$p" "/$__object_id" \
--owner "$( awk -F: '{print $1}' "$__object/parameter/$p" )" \
--group "$( awk -F: '{print $2}' "$__object/parameter/$p" )" \
--mode "$( awk -F: '{print $3}' "$__object/parameter/$p" )"
done

View file

@ -1,2 +1,5 @@
mask mask
other other
source
file
directory

View file

@ -37,6 +37,7 @@ source="$(cat "$__object/parameter/source")"
# out of it # out of it
home=/home/$username home=/home/$username
# shellcheck disable=SC2086
__user "$username" --home "$home" $shell __user "$username" --home "$home" $shell
require="__user/$username" __directory "$home" \ require="__user/$username" __directory "$home" \

View file

@ -18,7 +18,12 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
path="/$__object_id" if [ -f "$__object/parameter/path" ]
then
path="$( cat "$__object/parameter/path" )"
else
path="/$__object_id"
fi
[ ! -d "$path" ] && exit 0 [ ! -d "$path" ] && exit 0

View file

@ -20,7 +20,12 @@
[ ! -s "$__object/explorer/list" ] && exit 0 [ ! -s "$__object/explorer/list" ] && exit 0
path="/$__object_id" if [ -f "$__object/parameter/path" ]
then
path="$( cat "$__object/parameter/path" )"
else
path="/$__object_id"
fi
pattern="$( cat "$__object/parameter/pattern" )" pattern="$( cat "$__object/parameter/pattern" )"

View file

@ -10,7 +10,7 @@ DESCRIPTION
----------- -----------
Remove files and directories which match the pattern. Remove files and directories which match the pattern.
Provided path (as __object_id) must be a directory. Provided path must be a directory.
Patterns are passed to ``find``'s ``-regex`` - see ``find(1)`` for more details. Patterns are passed to ``find``'s ``-regex`` - see ``find(1)`` for more details.
@ -29,6 +29,9 @@ pattern
OPTIONAL PARAMETERS OPTIONAL PARAMETERS
------------------- -------------------
path
Path which will be cleaned. Defaults to ``$__object_id``.
exclude exclude
Pattern of files which are excluded from removal. Pattern of files which are excluded from removal.
@ -46,6 +49,11 @@ EXAMPLES
--exclude '.+\(charset\.conf\|security\.conf\)' \ --exclude '.+\(charset\.conf\|security\.conf\)' \
--onchange 'service apache2 restart' --onchange 'service apache2 restart'
__clean_path apache2-conf-enabled \
--path /etc/apache2/conf-enabled \
--pattern '.+' \
--exclude '.+\(charset\.conf\|security\.conf\)' \
--onchange 'service apache2 restart'
AUTHORS AUTHORS
------- -------

View file

@ -1,2 +1,3 @@
exclude exclude
onchange onchange
path

View file

@ -116,6 +116,9 @@ verify-incoming
verify-outgoing verify-outgoing
enforce the use of TLS and verify the peers authenticity on outgoing connections enforce the use of TLS and verify the peers authenticity on outgoing connections
use-distribution-package
uses distribution package instead of upstream binary
EXAMPLES EXAMPLES
-------- --------

View file

@ -1,7 +1,8 @@
#!/bin/sh -e #!/bin/sh -e
# #
# 2015 Steven Armstrong (steven-cdist at armstrong.cc) # 2015 Steven Armstrong (steven-cdist at armstrong.cc)
# 2015-2019 Nico Schottelius (nico-cdist at schottelius.org) # 2015-2020 Nico Schottelius (nico-cdist at schottelius.org)
# 2019 Timothée Floure (timothee.floure at ungleich.ch)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -19,133 +20,87 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
os=$(cat "$__global/explorer/os") os=$(cat "$__global/explorer/os")
case "$os" in ###
alpine|scientific|centos|debian|devuan|redhat|ubuntu) # Type parameters.
# whitelist safeguard
:
;;
*)
echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
echo "Please contribute an implementation for it if you can." >&2
exit 1
;;
esac
state="$(cat "$__object/parameter/state")" state="$(cat "$__object/parameter/state")"
user="$(cat "$__object/parameter/user")" user="$(cat "$__object/parameter/user")"
group="$(cat "$__object/parameter/group")" group="$(cat "$__object/parameter/group")"
data_dir="/var/lib/consul" release=$(cat "$__global/explorer/lsb_release")
conf_dir="/etc/consul/conf.d" if [ -f "$__object/parameter/use-distribution-package" ]; then
conf_file="config.json" use_distribution_package=1
fi
# FIXME: there has got to be a better way to handle the dependencies in this case ###
case "$state" in # Those are default that might be overriden by os-specific logic.
present)
__group "$group" --system --state "$state" data_dir="/var/lib/consul"
require="__group/$group" \
__user "$user" --system --gid "$group" \
--home "$data_dir" --state "$state"
export require="__user/consul" tls_dir="$conf_dir/tls"
;;
absent) case "$os" in
echo "Sorry, state=absent currently not supported :-(" >&2 alpine)
exit 1 conf_dir="/etc/consul"
require="$__object_name" \ conf_file="server.json"
__user "$user" --system --gid "$group" --state "$state" ;;
require="__user/$user" \ *)
__group "$group" --system --state "$state" conf_dir="/etc/consul/conf.d"
;; conf_file="config.json"
;;
esac esac
__directory /etc/consul \ ###
--owner root --group "$group" --mode 750 --state "$state" # Sane deployment, based on distribution package when available.
require="__directory/etc/consul" \
__directory "$conf_dir" \
--owner root --group "$group" --mode 750 --state "$state"
if [ -f "$__object/parameter/ca-file-source" ] || [ -f "$__object/parameter/cert-file-source" ] || [ -f "$__object/parameter/key-file-source" ]; then distribution_setup () {
# create directory for ssl certs case "$os" in
require="__directory/etc/consul" \ debian)
__directory /etc/consul/ssl \ # consul is only available starting Debian 10 (buster).
--owner root --group "$group" --mode 750 --state "$state" # See https://packages.debian.org/buster/consul
fi if [ "$release" -lt 10 ]; then
echo "Consul is not available for your debian release." >&2
echo "Please use the 'manual' (i.e. non-package) installation or \
upgrade the target system." >&2
exit 1
fi
__directory "$data_dir" \ # Override previously defined environment to match debian packaging.
--owner "$user" --group "$group" --mode 770 --state "$state" conf_dir='/etc/consul.d'
user='consul'
group='consul'
;;
alpine)
# consul is only available starting Alpine 3.12 (= edge during the 3.11 cycle).
# See https://pkgs.alpinelinux.org/packages?name=consul&branch=edge
# Override previously defined environment to match alpine packaging.
conf_dir='/etc/consul'
conf_file='server.json'
data_dir='/var/consul'
user='consul'
group='consul'
;;
*)
echo "Your operating system ($os) is currently not supported with the \
--use-distribution-package flag (${__type##*/})." >&2
echo "Please use non-package installation or contribute an \
implementation for if you can." >&2
exit 1
;;
esac
# Generate json config file # Install consul package.
( __package consul --state "$state"
echo "{"
# parameters we define ourself export config_deployment_requires="__package/consul"
printf ' "data_dir": "%s"\n' "$data_dir" }
cd "$__object/parameter/" ###
for param in *; do # LEGACY manual deployment, kept for compatibility reasons.
case "$param" in
state|user|group|json-config) continue ;;
ca-file-source|cert-file-source|key-file-source)
source="$(cat "$__object/parameter/$param")"
destination="/etc/consul/ssl/${source##*/}"
require="__directory/etc/consul/ssl" \
__file "$destination" \
--owner root --group consul --mode 640 \
--source "$source" \
--state "$state"
key="$(echo "${param%-*}" | tr '-' '_')"
printf ' ,"%s": "%s"\n' "$key" "$destination"
;;
disable-remote-exec|disable-update-check|leave-on-terminate|rejoin-after-leave|server|enable-syslog|verify-incoming|verify-outgoing)
# handle boolean parameters
key="$(echo "$param" | tr '-' '_')"
printf ' ,"%s": true\n' "$key"
;;
retry-join)
# join multiple parameters into json array
retry_join="$(awk '{printf "\""$1"\","}' "$__object/parameter/retry-join")"
# remove trailing ,
printf ' ,"retry_join": [%s]\n' "${retry_join%*,}"
;;
retry-join-wan)
# join multiple parameters into json array over wan
retry_join_wan="$(awk '{printf "\""$1"\","}' "$__object/parameter/retry-join-wan")"
# remove trailing ,
printf ' ,"retry_join_wan": [%s]\n' "${retry_join_wan%*,}"
;;
bootstrap-expect)
# integer key=value parameters
key="$(echo "$param" | tr '-' '_')"
printf ' ,"%s": %s\n' "$key" "$(cat "$__object/parameter/$param")"
;;
*)
# string key=value parameters
key="$(echo "$param" | tr '-' '_')"
printf ' ,"%s": "%s"\n' "$key" "$(cat "$__object/parameter/$param")"
;;
esac
done
if [ -f "$__object/parameter/json-config" ]; then
json_config="$(cat "$__object/parameter/json-config")"
if [ "$json_config" = "-" ]; then
json_config="$__object/stdin"
fi
# remove leading and trailing whitespace and commas from first and last line
# indent each line with 3 spaces for consistency
json=$(sed -e 's/^[ \t]*/ /' -e '1s/^[ \t,]*//' -e '$s/[ \t,]*$//' "$json_config")
printf ' ,%s\n' "$json"
fi
echo "}"
) | \
require="__directory${conf_dir}" \
__config_file "${conf_dir}/${conf_file}" \
--owner root --group "$group" --mode 640 \
--state "$state" \
--onchange 'service consul status >/dev/null && service consul reload || true' \
--source -
init_sysvinit() init_sysvinit()
{ {
@ -179,47 +134,186 @@ init_upstart()
require="__file/etc/init/consul.conf" __start_on_boot consul require="__file/etc/init/consul.conf" __start_on_boot consul
} }
# Install init script to start on boot manual_setup () {
case "$os" in case "$os" in
devuan) alpine|scientific|centos|debian|devuan|redhat|ubuntu)
init_sysvinit debian # whitelist safeguard
;; :
centos|redhat) ;;
os_version="$(sed 's/[^0-9.]//g' "$__global/explorer/os_version")" *)
major_version="${os_version%%.*}" echo "Your operating system ($os) is currently not supported by this \
case "$major_version" in type (${__type##*/})." >&2
[456]) echo "Please contribute an implementation for it if you can." >&2
init_sysvinit redhat exit 1
;; ;;
7) esac
init_systemd
;;
*)
echo "Unsupported CentOS/Redhat version: $os_version" >&2
exit 1
;;
esac
;;
debian) # FIXME: there has got to be a better way to handle the dependencies in this case
os_version=$(cat "$__global/explorer/os_version") case "$state" in
major_version="${os_version%%.*}" present)
__group "$group" --system --state "$state"
require="__group/$group" __user "$user" \
--system --gid "$group" --home "$data_dir" --state "$state"
;;
*)
echo "The $state state is not (yet?) supported by this type." >&2
exit 1
;;
esac
case "$major_version" in # Create data directory.
[567]) require="__user/consul" __directory "$data_dir" \
init_sysvinit debian --owner "$user" --group "$group" --mode 770 --state "$state"
;;
[89])
init_systemd
;;
*)
echo "Unsupported Debian version $os_version" >&2
exit 1
;;
esac
;;
ubuntu) # Create config directory.
init_upstart require="__user/consul" __directory "$conf_dir" \
--parents --owner root --group "$group" --mode 750 --state "$state"
# Install init script to start on boot
case "$os" in
devuan)
init_sysvinit debian
;;
centos|redhat)
os_version="$(sed 's/[^0-9.]//g' "$__global/explorer/os_version")"
major_version="${os_version%%.*}"
case "$major_version" in
[456])
init_sysvinit redhat
;;
7)
init_systemd
;;
*)
echo "Unsupported CentOS/Redhat version: $os_version" >&2
exit 1
;;
esac
;;
debian)
os_version=$(cat "$__global/explorer/os_version")
major_version="${os_version%%.*}"
case "$major_version" in
[567])
init_sysvinit debian
;;
[89]|10)
init_systemd
;;
*)
echo "Unsupported Debian version $os_version" >&2
exit 1
;;
esac
;;
ubuntu)
init_upstart
;;
esac
config_deployment_requires="__user/consul __directory/$conf_dir"
}
###
# Trigger requested installation method.
if [ $use_distribution_package ]; then
distribution_setup
else
manual_setup
fi
###
# Install TLS certificates.
if [ -f "$__object/parameter/ca-file-source" ] || \
[ -f "$__object/parameter/cert-file-source" ] || \
[ -f "$__object/parameter/key-file-source" ]; then
requires="$config_deployment_requires" __directory "$tls_dir" \
--owner root --group "$group" --mode 750 --state "$state"
# Append to service restart requirements.
restart_requires="$restart_requires __directory/$conf_dir/tls"
fi
###
# Generate and deploy configuration.
json_configuration=$(
echo "{"
# parameters we define ourself
printf ' "data_dir": "%s"\n' "$data_dir"
cd "$__object/parameter/"
for param in *; do
case "$param" in
state|user|group|json-config|use-distribution-package) continue ;;
ca-file-source|cert-file-source|key-file-source)
source="$(cat "$__object/parameter/$param")"
destination="$tls_dir/${source##*/}"
require="__directory/$tls_dir" \
__file "$destination" \
--owner root --group consul --mode 640 \
--source "$source" \
--state "$state"
key="$(echo "${param%-*}" | tr '-' '_')"
printf ' ,"%s": "%s"\n' "$key" "$destination"
;; ;;
esac disable-remote-exec|disable-update-check|leave-on-terminate\
|rejoin-after-leave|server|enable-syslog|verify-incoming|verify-outgoing)
# handle boolean parameters
key="$(echo "$param" | tr '-' '_')"
printf ' ,"%s": true\n' "$key"
;;
retry-join)
# join multiple parameters into json array
retry_join="$(awk '{printf "\""$1"\","}' "$__object/parameter/retry-join")"
# remove trailing ,
printf ' ,"retry_join": [%s]\n' "${retry_join%*,}"
;;
retry-join-wan)
# join multiple parameters into json array over wan
retry_join_wan="$(awk '{printf "\""$1"\","}' "$__object/parameter/retry-join-wan")"
# remove trailing ,
printf ' ,"retry_join_wan": [%s]\n' "${retry_join_wan%*,}"
;;
bootstrap-expect)
# integer key=value parameters
key="$(echo "$param" | tr '-' '_')"
printf ' ,"%s": %s\n' "$key" "$(cat "$__object/parameter/$param")"
;;
*)
# string key=value parameters
key="$(echo "$param" | tr '-' '_')"
printf ' ,"%s": "%s"\n' "$key" "$(cat "$__object/parameter/$param")"
;;
esac
done
if [ -f "$__object/parameter/json-config" ]; then
json_config="$(cat "$__object/parameter/json-config")"
if [ "$json_config" = "-" ]; then
json_config="$__object/stdin"
fi
# remove leading and trailing whitespace and commas from first and last line
# indent each line with 3 spaces for consistency
json=$(sed -e 's/^[ \t]*/ /' -e '1s/^[ \t,]*//' -e '$s/[ \t,]*$//' "$json_config")
printf ' ,%s\n' "$json"
fi
echo "}"
)
echo "$json_configuration" | require="$config_deployment_requires" \
__file "$conf_dir/$conf_file" \
--owner root --group "$group" --mode 640 \
--state "$state" \
--source -
# Set configuration deployment as requirement for service restart.
restart_requires="__file/$conf_dir/$conf_file"
###
# Restart consul agent after everything else.
require="$restart_requires" __service consul --action restart

View file

@ -6,3 +6,4 @@ server
enable-syslog enable-syslog
verify-incoming verify-incoming
verify-outgoing verify-outgoing
use-distribution-package

View file

@ -0,0 +1 @@
../../__consul_service/explorer/conf-dir

View file

@ -19,7 +19,7 @@
# #
name="$(cat "$__object/parameter/name" 2>/dev/null || echo "$__object_id")" name="$(cat "$__object/parameter/name" 2>/dev/null || echo "$__object_id")"
conf_dir="/etc/consul/conf.d" conf_dir=$(cat "$__object/explorer/conf-dir")
conf_file="check_${name}.json" conf_file="check_${name}.json"
state="$(cat "$__object/parameter/state")" state="$(cat "$__object/parameter/state")"

View file

@ -0,0 +1,15 @@
# Determine the configuration directory used by consul.
check_dir () {
if [ -d "$1" ]; then
printf '%s' "$1"
exit
fi
}
check_dir '/etc/consul/conf.d'
check_dir '/etc/consul.d'
check_dir '/etc/consul'
echo 'Could not determine consul configuration dir. Exiting.' >&2
exit 1

View file

@ -19,7 +19,7 @@
# #
name="$(cat "$__object/parameter/name" 2>/dev/null || echo "$__object_id")" name="$(cat "$__object/parameter/name" 2>/dev/null || echo "$__object_id")"
conf_dir="/etc/consul/conf.d" conf_dir=$(cat "$__object/explorer/conf-dir")
conf_file="service_${name}.json" conf_file="service_${name}.json"
state="$(cat "$__object/parameter/state")" state="$(cat "$__object/parameter/state")"
@ -45,7 +45,7 @@ printf ' "name": "%s"\n' "$name"
cd "$__object/parameter/" cd "$__object/parameter/"
for param in *; do for param in *; do
case "$param" in case "$param" in
state|name|check-interval) continue ;; state|name|check-interval|conf-dir) continue ;;
check-script) check-script)
printf ' ,"check": {\n' printf ' ,"check": {\n'
printf ' "script": "%s"\n' "$(cat "$__object/parameter/check-script")" printf ' "script": "%s"\n' "$(cat "$__object/parameter/check-script")"
@ -86,7 +86,6 @@ echo " }"
# end json file # end json file
echo "}" echo "}"
) | \ ) | \
require="__directory${conf_dir}" \
__config_file "${conf_dir}/${conf_file}" \ __config_file "${conf_dir}/${conf_file}" \
--owner root --group consul --mode 640 \ --owner root --group consul --mode 640 \
--state "$state" \ --state "$state" \

View file

@ -0,0 +1 @@
../../__consul_service/explorer/conf-dir

View file

@ -20,7 +20,7 @@
cdist_type="${__type##*/}" cdist_type="${__type##*/}"
watch_type="${cdist_type##*_}" watch_type="${cdist_type##*_}"
conf_dir="/etc/consul/conf.d" conf_dir=$(cat "$__object/explorer/conf-dir")
conf_file="watch_${watch_type}_${__object_id}.json" conf_file="watch_${watch_type}_${__object_id}.json"
state="$(cat "$__object/parameter/state")" state="$(cat "$__object/parameter/state")"

View file

@ -0,0 +1 @@
../../__consul_service/explorer/conf-dir

View file

@ -20,7 +20,7 @@
cdist_type="${__type##*/}" cdist_type="${__type##*/}"
watch_type="${cdist_type##*_}" watch_type="${cdist_type##*_}"
conf_dir="/etc/consul/conf.d" conf_dir=$(cat "$__object/explorer/conf-dir")
conf_file="watch_${watch_type}_${__object_id}.json" conf_file="watch_${watch_type}_${__object_id}.json"
state="$(cat "$__object/parameter/state")" state="$(cat "$__object/parameter/state")"

View file

@ -0,0 +1 @@
../../__consul_service/explorer/conf-dir

View file

@ -20,7 +20,7 @@
cdist_type="${__type##*/}" cdist_type="${__type##*/}"
watch_type="${cdist_type##*_}" watch_type="${cdist_type##*_}"
conf_dir="/etc/consul/conf.d" conf_dir=$(cat "$__object/explorer/conf-dir")
conf_file="watch_${watch_type}_${__object_id}.json" conf_file="watch_${watch_type}_${__object_id}.json"
state="$(cat "$__object/parameter/state")" state="$(cat "$__object/parameter/state")"

View file

@ -0,0 +1 @@
../../__consul_service/explorer/conf-dir

View file

@ -20,7 +20,7 @@
cdist_type="${__type##*/}" cdist_type="${__type##*/}"
watch_type="${cdist_type##*_}" watch_type="${cdist_type##*_}"
conf_dir="/etc/consul/conf.d" conf_dir=$(cat "$__object/explorer/conf-dir")
conf_file="watch_${watch_type}_${__object_id}.json" conf_file="watch_${watch_type}_${__object_id}.json"
state="$(cat "$__object/parameter/state")" state="$(cat "$__object/parameter/state")"

View file

@ -0,0 +1 @@
../../__consul_service/explorer/conf-dir

View file

@ -20,7 +20,7 @@
cdist_type="${__type##*/}" cdist_type="${__type##*/}"
watch_type="${cdist_type##*_}" watch_type="${cdist_type##*_}"
conf_dir="/etc/consul/conf.d" conf_dir=$(cat "$__object/explorer/conf-dir")
conf_file="watch_${watch_type}_${__object_id}.json" conf_file="watch_${watch_type}_${__object_id}.json"
state="$(cat "$__object/parameter/state")" state="$(cat "$__object/parameter/state")"

View file

@ -0,0 +1 @@
../../__consul_service/explorer/conf-dir

View file

@ -20,7 +20,7 @@
cdist_type="${__type##*/}" cdist_type="${__type##*/}"
watch_type="${cdist_type##*_}" watch_type="${cdist_type##*_}"
conf_dir="/etc/consul/conf.d" conf_dir=$(cat "$__object/explorer/conf-dir")
conf_file="watch_${watch_type}_${__object_id}.json" conf_file="watch_${watch_type}_${__object_id}.json"
state="$(cat "$__object/parameter/state")" state="$(cat "$__object/parameter/state")"

View file

@ -0,0 +1 @@
../../__consul_service/explorer/conf-dir

View file

@ -20,7 +20,7 @@
cdist_type="${__type##*/}" cdist_type="${__type##*/}"
watch_type="${cdist_type##*_}" watch_type="${cdist_type##*_}"
conf_dir="/etc/consul/conf.d" conf_dir=$(cat "$__object/explorer/conf-dir")
conf_file="watch_${watch_type}_${__object_id}.json" conf_file="watch_${watch_type}_${__object_id}.json"
state="$(cat "$__object/parameter/state")" state="$(cat "$__object/parameter/state")"

View file

@ -31,24 +31,28 @@ if [ -f "$__object/parameter/raw" ]; then
elif [ -f "$__object/parameter/raw_command" ]; then elif [ -f "$__object/parameter/raw_command" ]; then
entry="$command" entry="$command"
else else
minute="$(cat "$__object/parameter/minute" 2>/dev/null || echo "*")" minute="$(cat "$__object/parameter/minute")"
hour="$(cat "$__object/parameter/hour" 2>/dev/null || echo "*")" hour="$(cat "$__object/parameter/hour")"
day_of_month="$(cat "$__object/parameter/day_of_month" 2>/dev/null || echo "*")" day_of_month="$(cat "$__object/parameter/day_of_month")"
month="$(cat "$__object/parameter/month" 2>/dev/null || echo "*")" month="$(cat "$__object/parameter/month")"
day_of_week="$(cat "$__object/parameter/day_of_week" 2>/dev/null || echo "*")" day_of_week="$(cat "$__object/parameter/day_of_week")"
entry="$minute $hour $day_of_month $month $day_of_week $command # $name" entry="$minute $hour $day_of_month $month $day_of_week $command # $name"
fi fi
mkdir "$__object/files" mkdir "$__object/files"
echo "$entry" > "$__object/files/entry" echo "$entry" > "$__object/files/entry"
if diff -q "$__object/files/entry" "$__object/explorer/entry" >/dev/null; then if [ -s "$__object/explorer/entry" ]; then
state_is=present if diff -q "$__object/files/entry" "$__object/explorer/entry" >/dev/null; then
state_is=present
else
state_is=modified
fi
else else
state_is=absent state_is=absent
fi fi
state_should="$(cat "$__object/parameter/state" 2>/dev/null || echo "present")" state_should="$(cat "$__object/parameter/state")"
[ "$state_is" = "$state_should" ] && exit 0 [ "$state_is" = "$state_should" ] && exit 0

View file

@ -21,6 +21,11 @@ command
OPTIONAL PARAMETERS OPTIONAL PARAMETERS
------------------- -------------------
**NOTE**: All time-related parameters (``--minute``, ``--hour``, ``--day_of_month``
``--month`` and ``--day_of_week``) defaults to ``*``, which means to execute it
**always**. If you set ``--hour 0`` to execute the cronjob only at midnight, it
will execute **every** minute in the first hour of the morning all days.
state state
Either present or absent. Defaults to present. Either present or absent. Defaults to present.
minute minute

View file

@ -22,3 +22,12 @@ if [ -f "$__object/parameter/raw" ] && [ -f "$__object/parameter/raw_command" ];
echo "ERROR: both raw and raw_command specified" >&2 echo "ERROR: both raw and raw_command specified" >&2
exit 1 exit 1
fi fi
case "$(cat "$__object/parameter/state")" in
present) ;;
absent) ;;
*)
echo "ERROR: unkown cron state" >&2
exit 2
esac

View file

View file

@ -0,0 +1 @@
*

View file

@ -0,0 +1 @@
*

View file

@ -0,0 +1 @@
*

View file

@ -0,0 +1 @@
*

View file

@ -0,0 +1 @@
*

View file

@ -0,0 +1 @@
present

View file

@ -1,6 +1,7 @@
#!/bin/sh #!/bin/sh
# #
# 2013 Steven Armstrong (steven-cdist armstrong.cc) # 2013 Steven Armstrong (steven-cdist armstrong.cc)
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -20,24 +21,43 @@
destination="/$__object_id" destination="/$__object_id"
fallback() {
# Patch the output together, manually
ls_line=$(ls -ldn "$destination")
uid=$(echo "$ls_line" | awk '{ print $3 }')
gid=$(echo "$ls_line" | awk '{ print $4 }')
owner=$(awk -F: -v uid="$uid" '$3 == uid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/passwd)
group=$(awk -F: -v uid="$uid" '$3 == uid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/group)
mode_text=$(echo "$ls_line" | awk '{ print $1 }')
mode=$(echo "$mode_text" | awk '{ k=0; for (i=0; i<=8; i++) k += ((substr($1, i+2, 1) ~ /[rwx]/) * 2^(8-i)); printf("%0o", k) }')
printf 'type: %s\nowner: %d %s\ngroup: %d %s\nmode: %s %s\n' \
"$("$__type_explorer/type")" \
"$uid" "$owner" \
"$gid" "$group" \
"$mode" "$mode_text"
}
# nothing to work with, nothing we could do # nothing to work with, nothing we could do
[ -e "$destination" ] || exit 0 [ -e "$destination" ] || exit 0
os=$("$__explorer/os") if ! command -v stat >/dev/null
case "$os" in then
fallback
exit
fi
case $("$__explorer/os") in
"freebsd"|"netbsd"|"openbsd"|"macosx") "freebsd"|"netbsd"|"openbsd"|"macosx")
stat -f "type: %HT stat -f "type: %HT
owner: %Du %Su owner: %Du %Su
group: %Dg %Sg group: %Dg %Sg
mode: %Lp %Sp mode: %Lp %Sp
" "$destination" | awk '/^type/ { print tolower($0); next; } { print; }' " "$destination" | awk '/^type/ { print tolower($0); next } { print }'
;;
alpine)
stat -c "type: %F
owner: %u %U
group: %g %G
mode: %a %A
" "$destination"
;; ;;
solaris) solaris)
ls1="$( ls -ld "$destination" )" ls1="$( ls -ld "$destination" )"
@ -69,10 +89,12 @@ mode: %a %A
echo "mode: $octets $( echo "$ls1" | awk '{print $1}' )" echo "mode: $octets $( echo "$ls1" | awk '{print $1}' )"
;; ;;
*) *)
stat --printf="type: %F # NOTE: Do not use --printf here as it is not supported by BusyBox stat.
# NOTE: BusyBox's stat might not support the "-c" option, in which case
# we fall through to the shell fallback.
stat -c "type: %F
owner: %u %U owner: %u %U
group: %g %G group: %g %G
mode: %a %A mode: %a %A" "$destination" 2>/dev/null || fallback
" "$destination"
;; ;;
esac esac

View file

@ -3,6 +3,7 @@
# 2011-2013 Nico Schottelius (nico-cdist at schottelius.org) # 2011-2013 Nico Schottelius (nico-cdist at schottelius.org)
# 2013 Steven Armstrong (steven-cdist armstrong.cc) # 2013 Steven Armstrong (steven-cdist armstrong.cc)
# 2014 Daniel Heule (hda at sfs.biz) # 2014 Daniel Heule (hda at sfs.biz)
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -21,8 +22,8 @@
# #
destination="/$__object_id" destination="/$__object_id"
state_should="$(cat "$__object/parameter/state")" state_should=$(cat "$__object/parameter/state")
type="$(cat "$__object/explorer/type")" type=$(cat "$__object/explorer/type")
stat_file="$__object/explorer/stat" stat_file="$__object/explorer/stat"
# variable to keep track if we have to set directory attributes # variable to keep track if we have to set directory attributes
@ -72,7 +73,7 @@ set_mode() {
} }
case "$state_should" in case "$state_should" in
present) present|exists)
if [ "$type" != "directory" ]; then if [ "$type" != "directory" ]; then
set_attributes=1 set_attributes=1
if [ "$type" != "none" ]; then if [ "$type" != "none" ]; then
@ -83,6 +84,10 @@ case "$state_should" in
fi fi
echo "mkdir $mkdiropt '$destination'" echo "mkdir $mkdiropt '$destination'"
echo "create" >> "$__messages_out" echo "create" >> "$__messages_out"
elif [ "$state_should" = 'exists' ]; then
# The type is directory and --state exists. We are done and do not
# check or set the attributes.
exit 0
fi fi
# Note: Mode - needs to happen last as a chown/chgrp can alter mode by # Note: Mode - needs to happen last as a chown/chgrp can alter mode by
@ -103,6 +108,26 @@ case "$state_should" in
fi fi
done done
;; ;;
pre-exists)
case $type in
directory)
# all good
exit 0
;;
none)
printf 'Directory "%s" does not exist\n' "$destination" >&2
exit 1
;;
file|symlink)
printf 'File "%s" exists and is a %s, but should be a directory\n' "$destination" "$type" >&2
exit 1
;;
*)
printf 'File or directory "%s" is in an unknown state\n' "$destination" >&2
exit 1
;;
esac
;;
absent) absent)
if [ "$type" = "directory" ]; then if [ "$type" = "directory" ]; then
echo "rm -rf '$destination'" echo "rm -rf '$destination'"

View file

@ -19,7 +19,18 @@ None.
OPTIONAL PARAMETERS OPTIONAL PARAMETERS
------------------- -------------------
state state
'present' or 'absent', defaults to 'present' 'present', 'absent', 'exists' or 'pre-exists', defaults to 'present' where:
present
the directory exists and the given attributes are set.
absent
the directory does not exist.
exists
the directory exists, but its attributes are not altered if it already
existed.
pre-exists
check that the directory exists and is indeed a directory, but do not
create or modify it.
group group
Group to chgrp to. Group to chgrp to.

View file

@ -0,0 +1,20 @@
#!/bin/sh -e
dst="/$__object_id"
# shellcheck disable=SC2059
cmd="$( printf "$( cat "$__object/parameter/cmd-sum" )" "$dst" )"
sum="$( cat "$__object/parameter/sum" )"
if [ -f "$dst" ]
then
if [ "$( eval "$cmd" )" = "$sum" ]
then
echo 'present'
else
echo 'mismatch'
fi
else
echo 'absent'
fi

View file

@ -0,0 +1,35 @@
#!/bin/sh -e
state_is="$( cat "$__object/explorer/state" )"
if [ "$state_is" = 'present' ]
then
exit 0
fi
url="$( cat "$__object/parameter/url" )"
cmd="$( cat "$__object/parameter/cmd-get" )"
tmp="$( mktemp )"
dst="/$__object_id"
printf "$cmd > %s\n" \
"$url" \
"$tmp"
if echo "$__target_host" | grep -Eq '^[0-9a-fA-F:]+$'
then
target_host="[$__target_host]"
else
target_host="$__target_host"
fi
printf '%s %s %s:%s\n' \
"$__remote_copy" \
"$tmp" \
"$target_host" \
"$dst"
echo "rm -f '$tmp'"

View file

@ -0,0 +1,66 @@
cdist-type__download(7)
=======================
NAME
----
cdist-type__download - Download file to local storage and copy it to target host
DESCRIPTION
-----------
You must use persistent storage in target host for destination file
(``$__object_id``) because it will be used for checksum calculation
in order to decide if file must be downloaded.
REQUIRED PARAMETERS
-------------------
url
URL from which to download the file.
sum
Checksum of downloaded file.
OPTIONAL PARAMETERS
-------------------
cmd-get
Command used for downloading.
Default is ``wget -O- '%s'``.
Command must output to ``stdout``.
cmd-sum
Command used for checksum calculation.
Default is ``md5sum '%s' | awk '{print $1}'``.
Command output and ``--sum`` parameter must match.
EXAMPLES
--------
.. code-block:: sh
__directory /opt/cpma
require='__directory/opt/cpma' \
__download /opt/cpma/cnq3.zip \
--url https://cdn.playmorepromode.com/files/cnq3/cnq3-1.51.zip \
--sum 46da3021ca9eace277115ec9106c5b46
require='__download/opt/cpma/cnq3.zip' \
__unpack /opt/cpma/cnq3.zip \
--move-existing-destination \
--destination /opt/cpma/server
AUTHORS
-------
Ander Punnar <ander-at-kvlt-dot-ee>
COPYING
-------
Copyright \(C) 2020 Ander Punnar. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1 @@
wget -O- '%s'

View file

@ -0,0 +1 @@
md5sum '%s' | awk '{print $1}'

View file

@ -0,0 +1,2 @@
cmd-get
cmd-sum

View file

@ -0,0 +1,2 @@
url
sum

View file

@ -2,6 +2,7 @@
# #
# 2013 Steven Armstrong (steven-cdist armstrong.cc) # 2013 Steven Armstrong (steven-cdist armstrong.cc)
# 2019 Nico Schottelius (nico-cdist at schottelius.org) # 2019 Nico Schottelius (nico-cdist at schottelius.org)
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -21,29 +22,54 @@
destination="/$__object_id" destination="/$__object_id"
fallback() {
# Fallback: Patch the output together, manually.
ls_line=$(ls -ldn "$destination")
uid=$(echo "$ls_line" | awk '{ print $3 }')
gid=$(echo "$ls_line" | awk '{ print $4 }')
owner=$(awk -F: -v uid="$uid" '$3 == uid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/passwd)
group=$(awk -F: -v uid="$uid" '$3 == uid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/group)
mode_text=$(echo "$ls_line" | awk '{ print $1 }')
mode=$(echo "$mode_text" | awk '{ k=0; for (i=0; i<=8; i++) k += ((substr($1, i+2, 1) ~ /[rwx]/) * 2^(8-i)); printf("%0o", k) }')
size=$(echo "$ls_line" | awk '{ print $5 }')
links=$(echo "$ls_line" | awk '{ print $2 }')
printf 'type: %s\nowner: %d %s\ngroup: %d %s\nmode: %s %s\nsize: %d\nlinks: %d\n' \
"$("$__type_explorer/type")" \
"$uid" "$owner" \
"$gid" "$group" \
"$mode" "$mode_text" \
"$size" \
"$links"
}
# nothing to work with, nothing we could do # nothing to work with, nothing we could do
[ -e "$destination" ] || exit 0 [ -e "$destination" ] || exit 0
os=$("$__explorer/os")
case "$os" in if ! command -v stat >/dev/null
"freebsd"|"netbsd"|"openbsd"|"macosx") then
fallback
exit
fi
case $("$__explorer/os")
in
freebsd|netbsd|openbsd|macosx)
stat -f "type: %HT stat -f "type: %HT
owner: %Du %Su owner: %Du %Su
group: %Dg %Sg group: %Dg %Sg
mode: %Lp %Sp mode: %Lp %Sp
size: %Dz size: %Dz
links: %Dl links: %Dl
" "$destination" | awk '/^type/ { print tolower($0); next; } { print; }' " "$destination" | awk '/^type/ { print tolower($0); next } { print }'
;;
alpine)
# busybox stat
stat -c "type: %F
owner: %u %U
group: %g %G
mode: %a %A
size: %s
links: %h
" "$destination"
;; ;;
solaris) solaris)
ls1="$( ls -ld "$destination" )" ls1="$( ls -ld "$destination" )"
@ -77,12 +103,14 @@ links: %h
echo "links: $( echo "$ls1" | awk '{print $2}' )" echo "links: $( echo "$ls1" | awk '{print $2}' )"
;; ;;
*) *)
stat --printf="type: %F # NOTE: Do not use --printf here as it is not supported by BusyBox stat.
# NOTE: BusyBox's stat might not support the "-c" option, in which case
# we fall through to the shell fallback.
stat -c "type: %F
owner: %u %U owner: %u %U
group: %g %G group: %g %G
mode: %a %A mode: %a %A
size: %s size: %s
links: %h links: %h" "$destination" 2>/dev/null || fallback
" "$destination" ;;
;;
esac esac

View file

@ -31,12 +31,24 @@ if [ "$state_should" = "pre-exists" ]; then
exit 1 exit 1
fi fi
if [ "$type" = "file" ]; then case $type in
exit 0 # nothing to do file)
else # nothing to do
echo "File \"$destination\" does not exist" exit 0
exit 1 ;;
fi none)
printf 'File "%s" does not exist\n' "$destination" >&2
exit 1
;;
directory|symlink)
printf 'File "%s" exists and is a %s, but should be a regular file\n' "$destination" "$type" >&2
exit 1
;;
*)
printf 'File or directory "%s" is in an unknown state\n' "$destination" >&2
exit 1
;;
esac
fi fi
upload_file= upload_file=

View file

@ -55,37 +55,41 @@ set_owner() {
} }
set_mode() { set_mode() {
echo "chmod '$1' '$destination'" echo "chmod '$1' '$destination'"
echo "chmod '$1'" >> "$__messages_out" echo "chmod '$1'" >> "$__messages_out"
fire_onchange=1 fire_onchange=1
} }
case "$state_should" in case "$state_should" in
present|exists|pre-exists) present|exists)
# Note: Mode - needs to happen last as a chown/chgrp can alter mode by # Note: Mode - needs to happen last as a chown/chgrp can alter mode by
# clearing S_ISUID and S_ISGID bits (see chown(2)) # clearing S_ISUID and S_ISGID bits (see chown(2))
for attribute in group owner mode; do for attribute in group owner mode; do
if [ -f "$__object/parameter/$attribute" ]; then if [ -f "$__object/parameter/$attribute" ]; then
value_should="$(cat "$__object/parameter/$attribute")" value_should="$(cat "$__object/parameter/$attribute")"
# change 0xxx format to xxx format => same as stat returns # change 0xxx format to xxx format => same as stat returns
if [ "$attribute" = mode ]; then if [ "$attribute" = mode ]; then
value_should="$(echo "$value_should" | sed 's/^0\(...\)/\1/')" value_should="$(echo "$value_should" | sed 's/^0\(...\)/\1/')"
fi fi
value_is="$(get_current_value "$attribute" "$value_should")" value_is="$(get_current_value "$attribute" "$value_should")"
if [ -f "$__object/files/set-attributes" ] || [ "$value_should" != "$value_is" ]; then if [ -f "$__object/files/set-attributes" ] || [ "$value_should" != "$value_is" ]; then
"set_$attribute" "$value_should" "set_$attribute" "$value_should"
fi
fi fi
done
if [ -f "$__object/files/set-attributes" ]; then
# set-attributes is created if file is created or uploaded in gencode-local
fire_onchange=1
fi fi
done
if [ -f "$__object/files/set-attributes" ]; then
# set-attributes is created if file is created or uploaded in gencode-local
fire_onchange=1
fi
;; ;;
pre-exists)
# pre-exists should never reach gencode-remote…
exit 1
;;
absent) absent)
if [ "$type" = "file" ]; then if [ "$type" = "file" ]; then
echo "rm -f '$destination'" echo "rm -f '$destination'"
@ -101,7 +105,7 @@ case "$state_should" in
esac esac
if [ -f "$__object/parameter/onchange" ]; then if [ -f "$__object/parameter/onchange" ]; then
if [ -n "$fire_onchange" ]; then if [ -n "$fire_onchange" ]; then
cat "$__object/parameter/onchange" cat "$__object/parameter/onchange"
fi fi
fi fi

View file

@ -50,13 +50,13 @@ state
create or modify it create or modify it
group group
Group to chgrp to. Group to chgrp to. Defaults to ``root``.
mode mode
Unix permissions, suitable for chmod. Unix permissions, suitable for chmod. Defaults to a very secure ``0600``.
owner owner
User to chown to. User to chown to. Defaults to ``root``.
source source
If supplied, copy this file from the host running cdist to the target. If supplied, copy this file from the host running cdist to the target.

View file

@ -88,7 +88,7 @@ if [ "$state" = "present" ]; then
fi fi
done done
if [ "$os" = "freebsd" ]; then if [ "$os" = "freebsd" ]; then
echo pw groupadd "$@" "$name" echo pw groupadd "$name" "$@"
else else
echo groupadd "$@" "$name" echo groupadd "$@" "$name"
fi fi

View file

@ -59,13 +59,13 @@ MESSAGES
-------- --------
change change
Certificte was changed. Certificate was changed.
create create
Certificte was created. Certificate was created.
remove remove
Certificte was removed. Certificate was removed.
EXAMPLES EXAMPLES
-------- --------

View file

@ -91,6 +91,9 @@ if [ -z "${certbot_fullpath}" ]; then
certbot_fullpath=/usr/local/bin/certbot certbot_fullpath=/usr/local/bin/certbot
;; ;;
ubuntu)
__package certbot
;;
*) *)
echo "Unsupported os: $os" >&2 echo "Unsupported os: $os" >&2
exit 1 exit 1

View file

@ -18,7 +18,7 @@ source
Specifies the link source. Specifies the link source.
type type
Specifies the link type: Either hard or symoblic. Specifies the link type: Either hard or symbolic.
OPTIONAL PARAMETERS OPTIONAL PARAMETERS

View file

@ -26,7 +26,7 @@
os=$(cat "$__global/explorer/os") os=$(cat "$__global/explorer/os")
case "$os" in case "$os" in
debian|ubuntu) debian|devuan|ubuntu)
locale_conf="/etc/default/locale" locale_conf="/etc/default/locale"
;; ;;
archlinux) archlinux)

View file

@ -22,14 +22,18 @@
os=$(cat "$__global/explorer/os") os=$(cat "$__global/explorer/os")
case "$os" in case "$os" in
debian|ubuntu|devuan) freebsd)
# FreeBSD only updates /etc/motd on boot,
# Debian and Ubuntu need to be updated, # as seen in /etc/rc.d/motd
# as seen in /etc/init.d/bootlogs echo "uname -sri > /etc/motd"
echo "uname -snrvm > /var/run/motd" echo "cat /etc/motd.template >> /etc/motd"
echo "cat /etc/motd.tail >> /var/run/motd" # FreeBSD 13 starts treating motd slightly different from previous
# versions this ensures hosts have the expected config.
echo "rm /etc/motd.template || true"
echo "service motd start"
;; ;;
*) *)
# Other OS tend to treat /etc/motd statically
exit 0 exit 0
;; ;;
esac esac

View file

@ -10,6 +10,13 @@ DESCRIPTION
----------- -----------
This cdist type allows you to easily setup /etc/motd. This cdist type allows you to easily setup /etc/motd.
.. note::
In some OS, motd is a bit special, check `motd(5)`.
Currently Debian, Devuan, Ubuntu and FreeBSD are taken into account.
If your OS of choice does something besides /etc/motd, check the source
and contribute support for it.
Otherwise it will likely just work.
REQUIRED PARAMETERS REQUIRED PARAMETERS
------------------- -------------------
@ -20,6 +27,7 @@ OPTIONAL PARAMETERS
------------------- -------------------
source source
If supplied, copy this file from the host running cdist to the target. If supplied, copy this file from the host running cdist to the target.
If source is '-' (dash), take what was written to stdin as the file content.
If not supplied, a default message will be placed onto the target. If not supplied, a default message will be placed onto the target.
@ -34,6 +42,15 @@ EXAMPLES
# Supply source file from a different type # Supply source file from a different type
__motd --source "$__type/files/my-motd" __motd --source "$__type/files/my-motd"
# Supply source from stdin
__motd --source "-" <<EOF
Take this kiss upon the brow!
And, in parting from you now,
Thus much let me avow-
You are not wrong, who deem
That my days have been a dream
EOF
AUTHORS AUTHORS
------- -------
@ -42,7 +59,7 @@ Nico Schottelius <nico-cdist--@--schottelius.org>
COPYING COPYING
------- -------
Copyright \(C) 2011 Nico Schottelius. You can redistribute it Copyright \(C) 2020 Nico Schottelius. You can redistribute it
and/or modify it under the terms of the GNU General Public License as and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version. License, or (at your option) any later version.

View file

@ -33,10 +33,14 @@ os=$(cat "$__global/explorer/os")
case "$os" in case "$os" in
debian|ubuntu|devuan) freebsd)
destination=/etc/motd.tail # FreeBSD uses motd.template to prepend system information on boot
# (this actually only applies starting with version 13,
# but we fix that for whatever version in gencode-remote)
destination=/etc/motd.template
;; ;;
*) *)
# Most UNIX systems, including other Linux and OpenBSD just use /etc/motd
destination=/etc/motd destination=/etc/motd
;; ;;
esac esac

View file

@ -30,7 +30,7 @@ host="$( cat "$__object/parameter/host" )"
check_privileges="$( check_privileges="$(
mysql -B -N -e "show grants for '$user'@'$host'" \ mysql -B -N -e "show grants for '$user'@'$host'" \
| grep -Ei "^grant $privileges on .$database.\..$table. to " || true )" | grep -Ei "^grant $privileges on .$database.\..?$table.? to " || true )"
if [ -n "$check_privileges" ] if [ -n "$check_privileges" ]
then then

View file

@ -37,13 +37,19 @@ user="$( cat "$__object/parameter/user" )"
host="$( cat "$__object/parameter/host" )" host="$( cat "$__object/parameter/host" )"
if [ "$table" != '*' ]
then
# shellcheck disable=SC2016
table="$( printf '`%s`' "$table" )"
fi
case "$state_should" in case "$state_should" in
present) present)
echo "mysql -e 'grant $privileges on \`$database\`.\`$table\` to \`$user\`@\`$host\`'" echo "mysql -e 'grant $privileges on \`$database\`.$table to \`$user\`@\`$host\`'"
echo "grant $privileges on $database.$table to $user@$host" >> "$__messages_out" echo "grant $privileges on $database.$table to $user@$host" >> "$__messages_out"
;; ;;
absent) absent)
echo "mysql -e 'revoke $privileges on \`$database\`.\`$table\` from \`$user\`@\`$host\`'" echo "mysql -e 'revoke $privileges on \`$database\`.$table from \`$user\`@\`$host\`'"
echo "revoke $privileges on $database.$table from $user@$host" >> "$__messages_out" echo "revoke $privileges on $database.$table from $user@$host" >> "$__messages_out"
;; ;;
esac esac

View file

@ -17,7 +17,7 @@ REQUIRED PARAMETERS
database database
Name of database. Name of database.
User user
Name of user. Name of user.

View file

@ -92,6 +92,9 @@ tls-ca
Required if `tls-cert` is defined. Required if `tls-cert` is defined.
Path in the remote hosts to the PEM-encoded CA certificate file. Path in the remote hosts to the PEM-encoded CA certificate file.
extra-config
Custom settings to be added in `slapd.conf(5)`.
OPTIONAL MULTIPLE PARAMETERS OPTIONAL MULTIPLE PARAMETERS
---------------------------- ----------------------------

View file

@ -9,6 +9,7 @@ slapd_modules=$(cat "${__object}/parameter/module" 2>/dev/null || true)
schemas=$(cat "${__object}/parameter/schema") schemas=$(cat "${__object}/parameter/schema")
slapd_urls=$(tr '\n' ' ' < "${__object}/parameter/slapd-url") slapd_urls=$(tr '\n' ' ' < "${__object}/parameter/slapd-url")
tls_cipher_suite=$(cat "${__object}/parameter/tls-cipher-suite" 2>/dev/null || true) tls_cipher_suite=$(cat "${__object}/parameter/tls-cipher-suite" 2>/dev/null || true)
extra_config=$(cat "${__object}/parameter/extra-config" || true)
os="$(cat "${__global}/explorer/os")" os="$(cat "${__global}/explorer/os")"
@ -168,6 +169,7 @@ if [ -z "${_skip_letsencrypt_cert}" ]; then
staging="" staging=""
fi fi
# shellcheck disable=SC2086
__letsencrypt_cert "${name}" --admin-email "${admin_email}" \ __letsencrypt_cert "${name}" --admin-email "${admin_email}" \
--renew-hook "cp ${ETC}/letsencrypt/live/${name}/*.pem ${SLAPD_DIR}/sasl2 && chown -R openldap:openldap ${SLAPD_DIR}/sasl2 && service slapd restart" \ --renew-hook "cp ${ETC}/letsencrypt/live/${name}/*.pem ${SLAPD_DIR}/sasl2 && chown -R openldap:openldap ${SLAPD_DIR}/sasl2 && service slapd restart" \
--automatic-renewal ${staging} --automatic-renewal ${staging}
@ -230,6 +232,8 @@ index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub
index entryCSN,entryUUID eq index entryCSN,entryUUID eq
${extra_config}
serverid ${serverid} serverid ${serverid}
EOF EOF

View file

@ -6,3 +6,4 @@ tls-cipher-suite
tls-cert tls-cert
tls-privkey tls-privkey
tls-ca tls-ca
extra-config

View file

@ -74,6 +74,14 @@ fi
case "$state_should" in case "$state_should" in
present) present)
# following is bit ugly, but important hack.
# due to how cdist config run works, there isn't
# currently better way to do it :(
cat << EOF
if [ ! -f /var/cache/apt/pkgcache.bin ] || [ "\$( stat --format %Y /var/cache/apt/pkgcache.bin )" -lt "\$( date +%s -d '-1 day' )" ]
then echo apt-get update > /dev/null 2>&1 || true
fi
EOF
if [ -n "$version" ]; then if [ -n "$version" ]; then
name="${name}=${version}" name="${name}=${version}"
fi fi

View file

@ -11,6 +11,9 @@ DESCRIPTION
apt-get is usually used on Debian and variants (like Ubuntu) to apt-get is usually used on Debian and variants (like Ubuntu) to
manage packages. manage packages.
This type will also update package index, if it is older
than one day, to avoid missing package error messages.
REQUIRED PARAMETERS REQUIRED PARAMETERS
------------------- -------------------

View file

@ -1,7 +1,8 @@
#!/bin/sh #!/bin/sh -e
# #
# 2011 Nico Schottelius (nico-cdist at schottelius.org) # 2011 Nico Schottelius (nico-cdist at schottelius.org)
# 2012 Giel van Schijndel (giel plus cdist at mortis dot eu) # 2012 Giel van Schijndel (giel plus cdist at mortis dot eu)
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -19,21 +20,78 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
# #
# Retrieve the status of a package - parsed opkg output # Retrieve the status of a package - parses opkg output
# #
if [ -f "$__object/parameter/name" ]; then readonly __type_path=${__object%%${__object_id}*}
name="$(cat "$__object/parameter/name")" test -d "${__type_path}" || { echo 'Cannot determine __type_path' >&2; exit 1; }
readonly LOCKFILE="${__type_path:?}/.cdist_opkg.lock"
if command -v flock >/dev/null 2>&1
then
# use flock (if available) on FD 9
_lock() {
exec 9<>"${LOCKFILE:?}"
flock -x 9
echo $$>&9
}
_unlock() {
:>"${LOCKFILE:?}"
flock -u 9
exec 9<&-
}
else else
name="$__object_id" # fallback to mkdir if flock is missing
_lock() {
until mkdir "${LOCKFILE:?}.dir" 2>/dev/null
do
while test -d "${LOCKFILE}.dir"
do
# DEBUG:
# printf 'Locked by PID: %u\n' "$(cat "${LOCKFILE}.dir/pid")"
sleep 1
done
done
echo $$ >"${LOCKFILE:?}.dir/pid"
}
_unlock() {
test -d "${LOCKFILE}.dir" || return 0
if test -s "${LOCKFILE}.dir/pid"
then
test "$(cat "${LOCKFILE}.dir/pid")" = $$ || return 1
rm "${LOCKFILE:?}.dir/pid"
fi
rmdir "${LOCKFILE:?}.dir"
}
fi fi
# Except dpkg failing, if package is not known / installed
if opkg status "$name" 2>/dev/null | grep -q "^Status: install user installed$"; then if test -f "${__object}/parameter/name"
echo "present" then
exit 0 pkg_name=$(cat "${__object}/parameter/name")
elif [ "$(opkg info "$name" 2> /dev/null | wc -l)" -eq 0 ]; then else
echo "absent notpresent" pkg_name=$__object_id
exit 0 fi
# NOTE: We need to lock parallel execution of type explorers and code-remote
# because opkg will try to acquire the OPKG lock (usually /var/lock/opkg.lock)
# using lockf(2) for every operation.
# It will not wait for the lock but terminate with an error.
# This leads to incorrect 'absent notpresent' statuses when parallel execution
# is enabled.
trap _unlock EXIT
_lock
# Except opkg failing, if package is not known / installed
if opkg status "${pkg_name}" 2>/dev/null \
| grep -q -e '^Status: [^ ][^ ]* [^ ][^ ]* installed$'
then
echo 'present'
elif opkg info "${pkg_name}" 2>/dev/null | grep -q .
then
echo 'absent notpresent'
else
echo 'absent'
fi fi
echo "absent"

View file

@ -2,6 +2,7 @@
# #
# 2011,2013 Nico Schottelius (nico-cdist at schottelius.org) # 2011,2013 Nico Schottelius (nico-cdist at schottelius.org)
# 2012 Giel van Schijndel (giel plus cdist at mortis dot eu) # 2012 Giel van Schijndel (giel plus cdist at mortis dot eu)
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -19,41 +20,50 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
# #
# Manage packages on OpenWRT and co. # Manage packages on OpenWrt, optware, and co.
# #
if [ -f "$__object/parameter/name" ]; then if test -f "${__object}/parameter/name"
name="$(cat "$__object/parameter/name")" then
name=$(cat "${__object}/parameter/name")
else else
name="$__object_id" name=$__object_id
fi fi
state_should="$(cat "$__object/parameter/state")" state_should=$(cat "${__object}/parameter/state")
state_is=$(cat "${__object}/explorer/pkg_status")
state_is="$(cat "$__object/explorer/pkg_status")" case $state_is
case "$state_is" in in
absent*) (absent*)
present="$(echo "$state_is" | cut -d ' ' -f 2)" presence=$(echo "${state_is}" | cut -d ' ' -f 2)
state_is="absent" state_is='absent'
;; ;;
esac esac
[ "$state_is" = "$state_should" ] && exit 0 if test "${state_is}" = "${state_should}"
then
exit 0
fi
case "$state_should" in
present) case $state_should
if [ "$present" = "notpresent" ]; then in
echo "opkg --verbosity=0 update" (present)
fi if test "${presence}" = 'notpresent'
echo "opkg --verbosity=0 install '$name'" then
echo "installed" >> "$__messages_out" echo 'opkg --verbosity=0 update'
;; fi
absent)
echo "opkg --verbosity=0 remove '$name'" printf "opkg --verbosity=0 install '%s'\n" "${name}"
echo "removed" >> "$__messages_out" echo 'installed' >>"${__messages_out}"
;; ;;
*) (absent)
echo "Unknown state: ${state_should}" >&2 printf "opkg --verbosity=0 remove '%s'" "${name}"
exit 1 echo 'removed' >>"${__messages_out}"
;; ;;
(*)
printf 'Unknown state: %s\n' "${state_should}" >&2
exit 1
;;
esac esac

View file

@ -24,18 +24,18 @@ case "$type" in
if [ -f "/var/cache/apt/pkgcache.bin" ]; then if [ -f "/var/cache/apt/pkgcache.bin" ]; then
echo $(($(date +"%s")-$(stat --format '%Y' /var/cache/apt/pkgcache.bin))) echo $(($(date +"%s")-$(stat --format '%Y' /var/cache/apt/pkgcache.bin)))
else else
echo 0 echo -- -1
fi fi
;; ;;
pacman) pacman)
if [ -d "/var/lib/pacman/sync" ]; then if [ -d "/var/lib/pacman/sync" ]; then
echo $(($(date +"%s")-$(stat --format '%Y' /var/lib/pacman/sync))) echo $(($(date +"%s")-$(stat --format '%Y' /var/lib/pacman/sync)))
else else
echo 0 echo -- -1
fi fi
;; ;;
alpine) alpine)
echo 0 echo -- -1
;; ;;
*) echo "Your specified type ($type) is currently not supported." >&2 *) echo "Your specified type ($type) is currently not supported." >&2
echo "Please contribute an implementation for it if you can." >&2 echo "Please contribute an implementation for it if you can." >&2

View file

@ -31,7 +31,8 @@ if [ -n "$maxage" ]; then
if [ "$type" != "apt" ] && [ "$type" != "pacman" ]; then if [ "$type" != "apt" ] && [ "$type" != "pacman" ]; then
echo "ERROR: \"--maxage\" only supported for \"apt\" or \"pacman\" pkg-manager." >&2 echo "ERROR: \"--maxage\" only supported for \"apt\" or \"pacman\" pkg-manager." >&2
exit 1 exit 1
elif [ "$currage" -lt "$maxage" ]; then # do not exit if no value found (represented as -1)
elif [ "$currage" -ne -1 ] && [ "$currage" -lt "$maxage" ]; then
exit 0 # no need to update exit 0 # no need to update
fi fi
fi fi

View file

@ -0,0 +1 @@
Consider moving to __pf_apply_anchor. Get in touch if you need __pf_apply.

View file

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh -e
# #
# 2012 Jake Guffey (jake.guffey at eprotex.com) # 2016 Kamila Součková (coding at kamila.is)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -18,24 +18,16 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
# #
# Get the 256 bit SHA2 checksum of the pf ruleset on the target host. # Apply pf(4) ruleset on *BSD
# #
# Debug ANCHORS_DIR="/etc/pf.d"
#exec >&2
#set -x
# Check /etc/rc.conf for pf's configuration file name. Default to /etc/pf.conf if [ -f "${__object}/parameter/anchor_name" ]; then
# See if file exists and if so, get checksum anchor_name="$(cat "${__object}/parameter/anchor_name")"
else
RC="/etc/rc.conf" anchor_name="${__object_id}"
TMP="$(grep '^pf_rules=' ${RC} | cut -d= -f2 | sed 's/"//g')"
PFCONF="${TMP:-"/etc/pf.conf"}"
if [ -f "${PFCONF}" ]; then # The pf config file exists, find its cksum.
cksum -o 1 "${PFCONF}" | cut -d= -f2 | awk '{print $1}'
fi fi
anchor_file="${ANCHORS_DIR}/${anchor_name}"
# Debug echo "pfctl -a \"${anchor_name}\" -f \"${anchor_file}\""
#set +x

View file

@ -0,0 +1,62 @@
cdist-type__pf_apply_anchor(7)
==============================
NAME
----
cdist-type__pf_apply_anchor - Apply a pf(4) anchor on $__target_host
DESCRIPTION
-----------
This type is used on \*BSD systems to manage anchors for the pf firewall.
Notice this type does not take care of copying the ruleset, that must be
done by the user with, e.g. `__file`.
OPTIONAL PARAMETERS
-------------------
anchor_name
The name of the anchor to apply. If not set, `${__object_id}` is used.
This type requires `/etc/pf.d/${anchor_name}` to exist on
`$__target_host`.
EXAMPLES
--------
.. code-block:: sh
# Copy anchor file to ${__target_host}
__file "/etc/pf.d/80_dns" --source - <<EOF
# Managed remotely, changes will be lost
pass quick proto {tcp,udp} from any to any port domain
EOF
# Apply the anchor
require="__file/etc/pf.d/80_dns" __pf_apply_anchor 80_dns
# This is roughly equivalent to:
# pfctl -a "${anchor_name}" -f "/etc/pf.d/${anchor_name}"
SEE ALSO
--------
:strong:`pf`\ (4)
AUTHORS
-------
Evilham <contact--@--evilham.com>
Kamila Součková <coding--@--kamila.is>
Jake Guffey <jake.guffey--@--eprotex.com>
COPYING
-------
Copyright \(C) 2020 Evilham.
Copyright \(C) 2016 Kamila Součková.
Copyright \(C) 2012 Jake Guffey. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View file

@ -0,0 +1 @@
anchor_name

View file

@ -1,81 +0,0 @@
#!/bin/sh -e
#
# 2012 Jake Guffey (jake.guffey at eprotex.com)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# Manage pf(4) on *BSD
#
# Debug
#exec >&2
#set -x
# Send files to $__target_host via $__remote_copy
uname=$(uname) # Need to know what the cdist host is running so we know how to compute the ruleset's checksum
state=$(cat "$__object/parameter/state")
if [ "$state" = "absent" ]; then # There is nothing more for a *local* script to do
exit 0
fi
if [ -f "$__object/parameter/source" ]; then
source=$(cat "$__object/parameter/source")
fi
rcvar=$(cat "$__object/explorer/rcvar")
cksum=$(cat "$__object/explorer/cksum")
cat <<EOF
case $uname in
Darwin)
currentSum=\$(cksum -o 1 ${source} | cut '-d ' -f1)
;;
Linux)
currentSum=\$(cksum ${source} | cut '-d ' -f1)
;;
FreeBSD)
currentSum=\$(cksum -o 1 ${source} | cut -d= -f2 | sed 's/ //g')
;;
*)
echo "Sorry, I do not know how to find a cksum on ${uname}." >&2
exit 1
;;
esac
# IPv6 fix
if $(echo "${__target_host}" | grep -q -E '^[0-9a-fA-F:]+$')
then
my_target_host="[${__target_host}]"
else
my_target_host="${__target_host}"
fi
if [ -n "${cksum}" ]; then
if [ ! "\${currentSum}" = "${cksum}" ]; then
$__remote_copy "${source}" "\${my_target_host}:${rcvar}.new"
fi
else # File just doesn't exist yet
$__remote_copy "${source}" "\${my_target_host}:${rcvar}.new"
fi
EOF
# Debug
#exec +x

View file

@ -10,6 +10,9 @@ DESCRIPTION
----------- -----------
This type is used on \*BSD systems to manage the pf firewall's ruleset. This type is used on \*BSD systems to manage the pf firewall's ruleset.
It will also enable and disable the pf firewall as requested in the `state`
parameter.
REQUIRED PARAMETERS REQUIRED PARAMETERS
------------------- -------------------
@ -20,9 +23,8 @@ state
OPTIONAL PARAMETERS OPTIONAL PARAMETERS
------------------- -------------------
source source
If supplied, use to define the ruleset to load onto the $__target_host for pf(4). Required when state is "present".
Note that this type is almost useless without a ruleset defined, but it's technically not Defines the ruleset to load onto the $__target_host for `pf(4)`.
needed, e.g. for the case of disabling the firewall temporarily.
EXAMPLES EXAMPLES
@ -30,10 +32,10 @@ EXAMPLES
.. code-block:: sh .. code-block:: sh
# Remove the current ruleset in place # Remove the current ruleset in place and disable pf
__pf_ruleset --state absent __pf_ruleset --state absent
# Enable the firewall with the ruleset defined in $__manifest/files/pf.conf # Enable pf with the ruleset defined in $__manifest/files/pf.conf
__pf_ruleset --state present --source $__manifest/files/pf.conf __pf_ruleset --state present --source $__manifest/files/pf.conf
@ -44,11 +46,13 @@ SEE ALSO
AUTHORS AUTHORS
------- -------
Kamila Součková <coding--@--kamila.is>
Jake Guffey <jake.guffey--@--eprotex.com> Jake Guffey <jake.guffey--@--eprotex.com>
COPYING COPYING
------- -------
Copyright \(C) 2016 Kamila Součková.
Copyright \(C) 2012 Jake Guffey. You can redistribute it Copyright \(C) 2012 Jake Guffey. You can redistribute it
and/or modify it under the terms of the GNU General Public License as and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the published by the Free Software Foundation, either version 3 of the

View file

@ -1,6 +1,6 @@
#!/bin/sh -e #!/bin/sh -e
# #
# 2012 Jake Guffey (jake.guffey at eprotex.com) # 2016 Kamila Součková (coding at kamila.is)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -21,29 +21,26 @@
# Manage pf(4) on *BSD # Manage pf(4) on *BSD
# #
# Debug rcvar="$(cat "${__object}/explorer/rcvar")"
#exec >&2 state="$(cat "${__object}/parameter/state")"
#set -x if [ -f "${__object}/parameter/source" ]; then
source="$(cat "${__object}/parameter/source")"
# Remove ${rcvar} in the case of --state absent
state=$(cat "$__object/parameter/state")
rcvar=$(cat "$__object/explorer/rcvar")
if [ "$state" = "present" ]; then # There is nothing more for a *remote* script to do
exit 0
elif [ "$state" = "absent" ]; then
# --state absent, so ensure that .new doesn't exist and that conf is renamed to .old
cat <<EOF
if [ -f "${rcvar}.new" ]; then
rm "${rcvar}.new"
fi
if [ -f "${rcvar}" ]; then
mv "${rcvar}" "${rcvar}.old"
fi
EOF
else
echo "Unknown state ${state}!" >&2
exit 1
fi fi
if [ "${state}" = "absent" ]; then
action="/etc/rc.d/pf stop"
else
action="/etc/rc.d/pf reload || /etc/rc.d/pf start"
fi
__key_value __pf_ruleset/rcvar \
--state "${state}" \
--file /etc/rc.conf \
--delimiter "=" \
--key "pf_enable" \
--value "YES"
require="__key_value/__pf_ruleset/rcvar" __config_file "${rcvar}" \
--source "${source}" \
--state "${state}" \
--onchange "${action}"

View file

@ -19,16 +19,4 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
__package postfix --state present
os=$(cat "$__global/explorer/os")
case "$os" in
alpine|ubuntu|debian|archlinux|suse|scientific|centos|devuan)
__package postfix --state present
;;
*)
echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
echo "Please contribute an implementation for it if you can." >&2
exit 1
;;
esac

View file

@ -43,8 +43,29 @@ if [ "$state_should" != "$state_is" ]; then
if [ -f "$__object/parameter/owner" ]; then if [ -f "$__object/parameter/owner" ]; then
owner="-O \"$(cat "$__object/parameter/owner")\"" owner="-O \"$(cat "$__object/parameter/owner")\""
fi fi
template=""
if [ -f "$__object/parameter/template" ]; then
template="--template \"$(cat "$__object/parameter/template")\""
fi
encoding=""
if [ -f "$__object/parameter/encoding" ]; then
encoding="--encoding \"$(cat "$__object/parameter/encoding")\""
fi
lc_collate=""
if [ -f "$__object/parameter/lc-collate" ]; then
lc_collate="--lc-collate \"$(cat "$__object/parameter/lc-collate")\""
fi
lc_ctype=""
if [ -f "$__object/parameter/lc-ctype" ]; then
lc_ctype="--lc-ctype \"$(cat "$__object/parameter/lc-ctype")\""
fi
cat << EOF cat << EOF
su - '$postgres_user' -c "createdb $owner \"$name\"" su - '$postgres_user' -c "createdb $owner \"$name\" $template $encoding $lc_collate $lc_ctype"
EOF EOF
;; ;;
absent) absent)

View file

@ -14,10 +14,22 @@ This cdist type allows you to create or drop postgres databases.
OPTIONAL PARAMETERS OPTIONAL PARAMETERS
------------------- -------------------
state state
either 'present' or 'absent', defaults to 'present'. Either 'present' or 'absent', defaults to 'present'.
owner owner
the role owning this database Specifies the database user who will own the new database.
encoding
Specifies the character encoding scheme to be used in this database.
lc-collate
Specifies the LC_COLLATE setting to be used in this database.
lc-ctype
Specifies the LC_CTYPE setting to be used in this database.
template
Specifies the template database from which to build this database.
EXAMPLES EXAMPLES

View file

@ -1,2 +1,6 @@
state state
owner owner
encoding
lc-collate
lc-ctype
template

View file

@ -54,7 +54,7 @@ case "$state_should" in
[ -n "$password" ] && password="PASSWORD '$password'" [ -n "$password" ] && password="PASSWORD '$password'"
cat << EOF cat << EOF
su - '$postgres_user' -c "psql postgres -wc 'CREATE ROLE \"$name\" WITH $password $booleans;'" su - '$postgres_user' -c "psql postgres -wc \"CREATE ROLE \\\\\"$name\\\\\" WITH $password $booleans;\""
EOF EOF
;; ;;
absent) absent)

View file

@ -1,6 +1,7 @@
#!/bin/sh -e #!/bin/sh -e
# #
# 2016 Darko Poljak (darko.poljak at gmail.com) # 2016 Darko Poljak (darko.poljak at gmail.com)
# 2020 Nico Schotetlius (nico.schottelius at ungleich.ch)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -37,11 +38,21 @@ mode="$(cat "$__object/parameter/mode")"
destination="/$__object_id" destination="/$__object_id"
venvparams="$(cat "$__object/parameter/venvparams")" venvparams="$(cat "$__object/parameter/venvparams")"
pyvenvparam="$__object/parameter/pyvenv" pyvenvparam="$__object/parameter/pyvenv"
os=$(cat "$__global/explorer/os")
if [ -f "$pyvenvparam" ] if [ -f "$pyvenvparam" ]
then then
pyvenv=$(cat "$pyvenvparam") pyvenv=$(cat "$pyvenvparam")
else else
pyvenv="pyvenv" case "$os" in
alpine|ubuntu) # no pyvenv on alpine - I assume others will follow
pyvenv="python3 -m venv"
;;
*)
pyvenv="pyvenv"
;;
esac
fi fi
case $state_should in case $state_should in

Some files were not shown because too many files have changed in this diff Show more