Merge branch 'master' into 'fix/type/__user/openbsd-shadow'
# Conflicts: # cdist/conf/type/__user/explorer/shadow
This commit is contained in:
commit
9e33a8f42f
168 changed files with 2572 additions and 737 deletions
|
@ -1,6 +1,8 @@
|
||||||
stages:
|
stages:
|
||||||
- test
|
- test
|
||||||
|
|
||||||
|
image: code.ungleich.ch:5050/ungleich-public/cdist/cdist-ci:latest
|
||||||
|
|
||||||
unit_tests:
|
unit_tests:
|
||||||
stage: test
|
stage: test
|
||||||
script:
|
script:
|
||||||
|
|
7
README
7
README
|
@ -1,7 +0,0 @@
|
||||||
cdist
|
|
||||||
-----
|
|
||||||
|
|
||||||
cdist is a usable configuration management system.
|
|
||||||
|
|
||||||
For the web documentation have a look at https://www.cdi.st/
|
|
||||||
or at docs/src for reStructuredText manual.
|
|
31
README.md
Normal file
31
README.md
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
# cdist
|
||||||
|
|
||||||
|
**cdist** is a usable configuration management system.
|
||||||
|
|
||||||
|
It adheres to the [**KISS principle**](https://en.wikipedia.org/wiki/KISS_principle)
|
||||||
|
and is being used in small up to enterprise grade environments.
|
||||||
|
|
||||||
|
For more information have a look at [**homepage**](https://cdi.st)
|
||||||
|
or at **``docs/src``** for manual in **reStructuredText** format.
|
||||||
|
|
||||||
|
## Contributing
|
||||||
|
|
||||||
|
Merge/Pull requests can be made in both
|
||||||
|
[upstream **GitLab**](https://code.ungleich.ch/ungleich-public/cdist/merge_requests)
|
||||||
|
(managed by [**ungleich**](https://ungleich.ch))
|
||||||
|
and [**GitHub** project](https://github.com/ungleich/cdist/pulls).
|
||||||
|
|
||||||
|
Issues can be made and other project management activites happen
|
||||||
|
[**only in GitLab**](https://code.ungleich.ch/ungleich-public/cdist)
|
||||||
|
(needs [**ungleich** account](https://account.ungleich.ch)).
|
||||||
|
|
||||||
|
For community-maintained types there is
|
||||||
|
[**cdist-contrib** project](https://code.ungleich.ch/ungleich-public/cdist-contrib).
|
||||||
|
|
||||||
|
## Participating
|
||||||
|
|
||||||
|
IRC: ``#cdist`` @ freenode
|
||||||
|
|
||||||
|
Matrix: ``#cdist:ungleich.ch``
|
||||||
|
|
||||||
|
Mattermost: https://chat.ungleich.ch/ungleich/channels/cdist
|
|
@ -26,6 +26,7 @@ import hashlib
|
||||||
import cdist.log
|
import cdist.log
|
||||||
import cdist.version
|
import cdist.version
|
||||||
|
|
||||||
|
|
||||||
VERSION = cdist.version.VERSION
|
VERSION = cdist.version.VERSION
|
||||||
|
|
||||||
BANNER = """
|
BANNER = """
|
||||||
|
@ -48,6 +49,9 @@ REMOTE_EXEC = "ssh -o User=root"
|
||||||
REMOTE_CMDS_CLEANUP_PATTERN = "ssh -o User=root -O exit -S {}"
|
REMOTE_CMDS_CLEANUP_PATTERN = "ssh -o User=root -O exit -S {}"
|
||||||
|
|
||||||
|
|
||||||
|
MIN_SUPPORTED_PYTHON_VERSION = '3.5'
|
||||||
|
|
||||||
|
|
||||||
class Error(Exception):
|
class Error(Exception):
|
||||||
"""Base exception class for this project"""
|
"""Base exception class for this project"""
|
||||||
pass
|
pass
|
||||||
|
|
|
@ -5,6 +5,7 @@ import logging
|
||||||
import collections
|
import collections
|
||||||
import functools
|
import functools
|
||||||
import cdist.configuration
|
import cdist.configuration
|
||||||
|
import cdist.log
|
||||||
import cdist.preos
|
import cdist.preos
|
||||||
import cdist.info
|
import cdist.info
|
||||||
|
|
||||||
|
@ -125,6 +126,14 @@ def get_parsers():
|
||||||
'value.'),
|
'value.'),
|
||||||
action='count', default=None)
|
action='count', default=None)
|
||||||
|
|
||||||
|
parser['colored_output'] = argparse.ArgumentParser(add_help=False)
|
||||||
|
parser['colored_output'].add_argument(
|
||||||
|
'--colors', metavar='WHEN',
|
||||||
|
help="Colorize cdist's output based on log level; "
|
||||||
|
"WHEN is 'always', 'never', or 'auto'.",
|
||||||
|
action='store', dest='colored_output', required=False,
|
||||||
|
choices=cdist.configuration.ColoredOutputOption.CHOICES)
|
||||||
|
|
||||||
parser['beta'] = argparse.ArgumentParser(add_help=False)
|
parser['beta'] = argparse.ArgumentParser(add_help=False)
|
||||||
parser['beta'].add_argument(
|
parser['beta'].add_argument(
|
||||||
'-b', '--beta',
|
'-b', '--beta',
|
||||||
|
@ -197,6 +206,13 @@ def get_parsers():
|
||||||
'supported. Without argument CPU count is used by default. '),
|
'supported. Without argument CPU count is used by default. '),
|
||||||
action='store', dest='jobs',
|
action='store', dest='jobs',
|
||||||
const=multiprocessing.cpu_count())
|
const=multiprocessing.cpu_count())
|
||||||
|
parser['config_main'].add_argument(
|
||||||
|
'--log-server',
|
||||||
|
action='store_true',
|
||||||
|
help=('Start a log server for sub processes to use. '
|
||||||
|
'This is mainly useful when running cdist nested '
|
||||||
|
'from a code-local script. Log server is alwasy '
|
||||||
|
'implicitly started for \'install\' command.'))
|
||||||
parser['config_main'].add_argument(
|
parser['config_main'].add_argument(
|
||||||
'-n', '--dry-run',
|
'-n', '--dry-run',
|
||||||
help='Do not execute code.', action='store_true')
|
help='Do not execute code.', action='store_true')
|
||||||
|
@ -283,6 +299,7 @@ def get_parsers():
|
||||||
'host', nargs='*', help='Host(s) to operate on.')
|
'host', nargs='*', help='Host(s) to operate on.')
|
||||||
parser['config'] = parser['sub'].add_parser(
|
parser['config'] = parser['sub'].add_parser(
|
||||||
'config', parents=[parser['loglevel'], parser['beta'],
|
'config', parents=[parser['loglevel'], parser['beta'],
|
||||||
|
parser['colored_output'],
|
||||||
parser['common'],
|
parser['common'],
|
||||||
parser['config_main'],
|
parser['config_main'],
|
||||||
parser['inventory_common'],
|
parser['inventory_common'],
|
||||||
|
@ -301,6 +318,7 @@ def get_parsers():
|
||||||
|
|
||||||
parser['add-host'] = parser['invsub'].add_parser(
|
parser['add-host'] = parser['invsub'].add_parser(
|
||||||
'add-host', parents=[parser['loglevel'], parser['beta'],
|
'add-host', parents=[parser['loglevel'], parser['beta'],
|
||||||
|
parser['colored_output'],
|
||||||
parser['common'],
|
parser['common'],
|
||||||
parser['inventory_common']])
|
parser['inventory_common']])
|
||||||
parser['add-host'].add_argument(
|
parser['add-host'].add_argument(
|
||||||
|
@ -315,6 +333,7 @@ def get_parsers():
|
||||||
|
|
||||||
parser['add-tag'] = parser['invsub'].add_parser(
|
parser['add-tag'] = parser['invsub'].add_parser(
|
||||||
'add-tag', parents=[parser['loglevel'], parser['beta'],
|
'add-tag', parents=[parser['loglevel'], parser['beta'],
|
||||||
|
parser['colored_output'],
|
||||||
parser['common'],
|
parser['common'],
|
||||||
parser['inventory_common']])
|
parser['inventory_common']])
|
||||||
parser['add-tag'].add_argument(
|
parser['add-tag'].add_argument(
|
||||||
|
@ -346,6 +365,7 @@ def get_parsers():
|
||||||
|
|
||||||
parser['del-host'] = parser['invsub'].add_parser(
|
parser['del-host'] = parser['invsub'].add_parser(
|
||||||
'del-host', parents=[parser['loglevel'], parser['beta'],
|
'del-host', parents=[parser['loglevel'], parser['beta'],
|
||||||
|
parser['colored_output'],
|
||||||
parser['common'],
|
parser['common'],
|
||||||
parser['inventory_common']])
|
parser['inventory_common']])
|
||||||
parser['del-host'].add_argument(
|
parser['del-host'].add_argument(
|
||||||
|
@ -363,6 +383,7 @@ def get_parsers():
|
||||||
|
|
||||||
parser['del-tag'] = parser['invsub'].add_parser(
|
parser['del-tag'] = parser['invsub'].add_parser(
|
||||||
'del-tag', parents=[parser['loglevel'], parser['beta'],
|
'del-tag', parents=[parser['loglevel'], parser['beta'],
|
||||||
|
parser['colored_output'],
|
||||||
parser['common'],
|
parser['common'],
|
||||||
parser['inventory_common']])
|
parser['inventory_common']])
|
||||||
parser['del-tag'].add_argument(
|
parser['del-tag'].add_argument(
|
||||||
|
@ -398,6 +419,7 @@ def get_parsers():
|
||||||
|
|
||||||
parser['list'] = parser['invsub'].add_parser(
|
parser['list'] = parser['invsub'].add_parser(
|
||||||
'list', parents=[parser['loglevel'], parser['beta'],
|
'list', parents=[parser['loglevel'], parser['beta'],
|
||||||
|
parser['colored_output'],
|
||||||
parser['common'],
|
parser['common'],
|
||||||
parser['inventory_common']])
|
parser['inventory_common']])
|
||||||
parser['list'].add_argument(
|
parser['list'].add_argument(
|
||||||
|
@ -430,7 +452,7 @@ def get_parsers():
|
||||||
|
|
||||||
# Shell
|
# Shell
|
||||||
parser['shell'] = parser['sub'].add_parser(
|
parser['shell'] = parser['sub'].add_parser(
|
||||||
'shell', parents=[parser['loglevel']])
|
'shell', parents=[parser['loglevel'], parser['colored_output']])
|
||||||
parser['shell'].add_argument(
|
parser['shell'].add_argument(
|
||||||
'-s', '--shell',
|
'-s', '--shell',
|
||||||
help=('Select shell to use, defaults to current shell. Used shell'
|
help=('Select shell to use, defaults to current shell. Used shell'
|
||||||
|
@ -478,7 +500,12 @@ def handle_loglevel(args):
|
||||||
if hasattr(args, 'quiet') and args.quiet:
|
if hasattr(args, 'quiet') and args.quiet:
|
||||||
args.verbose = _verbosity_level_off
|
args.verbose = _verbosity_level_off
|
||||||
|
|
||||||
logging.root.setLevel(_verbosity_level[args.verbose])
|
logging.getLogger().setLevel(_verbosity_level[args.verbose])
|
||||||
|
|
||||||
|
|
||||||
|
def handle_log_colors(args):
|
||||||
|
if cdist.configuration.ColoredOutputOption.translate(args.colored_output):
|
||||||
|
cdist.log.CdistFormatter.USE_COLORS = True
|
||||||
|
|
||||||
|
|
||||||
def parse_and_configure(argv, singleton=True):
|
def parse_and_configure(argv, singleton=True):
|
||||||
|
@ -492,6 +519,7 @@ def parse_and_configure(argv, singleton=True):
|
||||||
raise cdist.Error(str(e))
|
raise cdist.Error(str(e))
|
||||||
# Loglevels are handled globally in here
|
# Loglevels are handled globally in here
|
||||||
handle_loglevel(args)
|
handle_loglevel(args)
|
||||||
|
handle_log_colors(args)
|
||||||
|
|
||||||
log = logging.getLogger("cdist")
|
log = logging.getLogger("cdist")
|
||||||
|
|
||||||
|
|
|
@ -32,6 +32,10 @@ case "$os" in
|
||||||
sysctl -n hw.ncpuonline
|
sysctl -n hw.ncpuonline
|
||||||
;;
|
;;
|
||||||
|
|
||||||
|
"freebsd"|"netbsd")
|
||||||
|
sysctl -n hw.ncpu
|
||||||
|
;;
|
||||||
|
|
||||||
*)
|
*)
|
||||||
if [ -r /proc/cpuinfo ]; then
|
if [ -r /proc/cpuinfo ]; then
|
||||||
cores="$(grep "core id" /proc/cpuinfo | sort | uniq | wc -l)"
|
cores="$(grep "core id" /proc/cpuinfo | sort | uniq | wc -l)"
|
||||||
|
|
|
@ -1,27 +1,67 @@
|
||||||
#!/bin/sh
|
#!/bin/sh -e
|
||||||
|
#
|
||||||
|
# based on previous work by other people, modified by:
|
||||||
|
# 2020 Dennis Camera <dennis.camera at ssrq-sds-fds.ch>
|
||||||
|
#
|
||||||
|
# This file is part of cdist.
|
||||||
|
#
|
||||||
|
# cdist is free software: you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation, either version 3 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# cdist is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
#
|
||||||
|
# Finds disks of the system (excl. ram disks, floppy, cdrom)
|
||||||
|
|
||||||
uname_s="$(uname -s)"
|
uname_s="$(uname -s)"
|
||||||
|
|
||||||
case "${uname_s}" in
|
case $uname_s in
|
||||||
FreeBSD)
|
FreeBSD)
|
||||||
sysctl -n kern.disks
|
sysctl -n kern.disks
|
||||||
;;
|
;;
|
||||||
OpenBSD|NetBSD)
|
OpenBSD)
|
||||||
sysctl -n hw.disknames | grep -Eo '[lsw]d[0-9]+' | xargs
|
sysctl -n hw.disknames | grep -Eo '[lsw]d[0-9]+'
|
||||||
|
;;
|
||||||
|
NetBSD)
|
||||||
|
PATH="${PATH}:/usr/local/sbin:/usr/sbin:/sbin"
|
||||||
|
sysctl -n hw.disknames \
|
||||||
|
| awk 'BEGIN { RS = " " } /^[lsw]d[0-9]+/'
|
||||||
;;
|
;;
|
||||||
Linux)
|
Linux)
|
||||||
if command -v lsblk > /dev/null
|
# list of major device numbers toexclude:
|
||||||
|
# ram disks, floppies, cdroms
|
||||||
|
# https://www.kernel.org/doc/Documentation/admin-guide/devices.txt
|
||||||
|
ign_majors='1 2 11'
|
||||||
|
|
||||||
|
if command -v lsblk >/dev/null 2>&1
|
||||||
then
|
then
|
||||||
# exclude ram disks, floppies and cdroms
|
lsblk -e "$(echo "$ign_majors" | tr ' ' ',')" -dno name
|
||||||
# https://www.kernel.org/doc/Documentation/admin-guide/devices.txt
|
elif test -d /sys/block/
|
||||||
lsblk -e 1,2,11 -dno name | xargs
|
then
|
||||||
|
# shellcheck disable=SC2012
|
||||||
|
ls -1 /sys/block/ \
|
||||||
|
| awk -v ign_majors="$(echo "$ign_majors" | tr ' ' '|')" '
|
||||||
|
{
|
||||||
|
devfile = "/sys/block/" $0 "/dev"
|
||||||
|
getline devno < devfile
|
||||||
|
close(devfile)
|
||||||
|
if (devno !~ "^(" ign_majors "):") print
|
||||||
|
}'
|
||||||
else
|
else
|
||||||
printf "Don't know how to list disks for %s operating system without lsblk, if you can please submit a patch\n" "${uname_s}" >&2
|
echo "Don't know how to list disks on Linux without lsblk and sysfs." >&2
|
||||||
|
echo 'If you can, please submit a patch.'>&2
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
printf "Don't know how to list disks for %s operating system, if you can please submit a patch\n" "${uname_s}" >&2
|
printf "Don't know how to list disks for %s operating system.\n" "${uname_s}" >&2
|
||||||
|
printf 'If you can please submit a patch\n' >&2
|
||||||
;;
|
;;
|
||||||
esac
|
esac \
|
||||||
|
| xargs
|
||||||
exit 0
|
|
||||||
|
|
|
@ -1,7 +1,8 @@
|
||||||
#!/bin/sh
|
#!/bin/sh -e
|
||||||
#
|
#
|
||||||
# 2016 Daniel Heule (hda at sfs.biz)
|
# 2016 Daniel Heule (hda at sfs.biz)
|
||||||
# Copyright 2017, Philippe Gregoire <pg@pgregoire.xyz>
|
# Copyright 2017, Philippe Gregoire <pg@pgregoire.xyz>
|
||||||
|
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
|
||||||
#
|
#
|
||||||
# This file is part of cdist.
|
# This file is part of cdist.
|
||||||
#
|
#
|
||||||
|
@ -19,21 +20,423 @@
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
#
|
#
|
||||||
#
|
#
|
||||||
# Returns the process name of pid 1 ( normaly the init system )
|
# Returns the name of the init system (PID 1)
|
||||||
# for example at linux this value is "init" or "systemd" in most cases
|
|
||||||
|
# Expected values:
|
||||||
|
# Linux:
|
||||||
|
# Adélie Linux:
|
||||||
|
# sysvinit+openrc
|
||||||
|
# Alpine Linux:
|
||||||
|
# busybox-init+openrc
|
||||||
|
# ArchLinux:
|
||||||
|
# systemd, sysvinit
|
||||||
|
# CRUX:
|
||||||
|
# sysvinit
|
||||||
|
# Debian:
|
||||||
|
# systemd, upstart, sysvinit, openrc, ???
|
||||||
|
# Devuan:
|
||||||
|
# sysvinit, sysvinit+openrc
|
||||||
|
# Gentoo:
|
||||||
|
# sysvinit+openrc, openrc-init, systemd
|
||||||
|
# OpenBMC:
|
||||||
|
# systemd
|
||||||
|
# OpenWrt:
|
||||||
|
# procd, init???
|
||||||
|
# RedHat (RHEL, CentOS, Fedora, RedHat Linux, ...):
|
||||||
|
# systemd, upstart, upstart-legacy, sysvinit
|
||||||
|
# Slackware:
|
||||||
|
# sysvinit
|
||||||
|
# SuSE:
|
||||||
|
# systemd, sysvinit
|
||||||
|
# Ubuntu:
|
||||||
|
# systemd, upstart, upstart-legacy, sysvinit
|
||||||
|
# VoidLinux:
|
||||||
|
# runit
|
||||||
#
|
#
|
||||||
|
# GNU:
|
||||||
|
# Debian:
|
||||||
|
# sysvinit, hurd-init
|
||||||
|
#
|
||||||
|
# BSD:
|
||||||
|
# {Free,Open,Net}BSD:
|
||||||
|
# init
|
||||||
|
#
|
||||||
|
# Mac OS X:
|
||||||
|
# launchd, init+SystemStarter
|
||||||
|
#
|
||||||
|
# Solaris/Illumos:
|
||||||
|
# smf, init???
|
||||||
|
|
||||||
uname_s="$(uname -s)"
|
# NOTE: init systems can be stacked. This is popular to run OpenRC on top of
|
||||||
|
# sysvinit (Gentoo) or busybox-init (Alpine), but can also be used to run runit
|
||||||
|
# as a systemd service. This makes init system detection very complicated
|
||||||
|
# (which result is expected?) This script tries to untangle some combinations,
|
||||||
|
# OpenRC on top of sysv or busybox (X+openrc), but will ignore others (runit as
|
||||||
|
# a systemd service)
|
||||||
|
|
||||||
case "$uname_s" in
|
# NOTE: When we have no idea, nothing will be printed!
|
||||||
Linux)
|
|
||||||
(pgrep -P0 -l | awk '/^1[ \t]/ {print $2;}') || true
|
# NOTE:
|
||||||
;;
|
# When trying to gather information about the init system make sure to do so
|
||||||
FreeBSD|OpenBSD)
|
# without calling the binary! On some systems this triggers a reinitialisation
|
||||||
ps -o comm= -p 1 || true
|
# of the system which we don't want (e.g. embedded systems).
|
||||||
;;
|
|
||||||
*)
|
|
||||||
# return a empty string as unknown value
|
set -e
|
||||||
echo ""
|
|
||||||
;;
|
KERNEL_NAME=$(uname -s)
|
||||||
esac
|
|
||||||
|
KNOWN_INIT_SYSTEMS=$(cat <<EOF
|
||||||
|
systemd
|
||||||
|
sysvinit
|
||||||
|
upstart
|
||||||
|
runit
|
||||||
|
procd
|
||||||
|
smf
|
||||||
|
launchd
|
||||||
|
init
|
||||||
|
hurd_init
|
||||||
|
systemstarter
|
||||||
|
EOF
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
common_candidates_by_kernel() {
|
||||||
|
case $KERNEL_NAME
|
||||||
|
in
|
||||||
|
FreeBSD|NetBSD|OpenBSD)
|
||||||
|
echo init
|
||||||
|
;;
|
||||||
|
Linux)
|
||||||
|
echo systemd
|
||||||
|
echo sysvinit
|
||||||
|
echo upstart
|
||||||
|
;;
|
||||||
|
GNU)
|
||||||
|
echo sysvinit
|
||||||
|
echo hurd-init
|
||||||
|
;;
|
||||||
|
Darwin)
|
||||||
|
echo launchd
|
||||||
|
echo systemstarter
|
||||||
|
;;
|
||||||
|
SunOS)
|
||||||
|
echo smf
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
## Helpers
|
||||||
|
|
||||||
|
trim() {
|
||||||
|
sed -e 's/^[[:blank:]]*//' -e 's/[[:blank:]]*$//' -e '/^[[:blank:]]*$/d'
|
||||||
|
}
|
||||||
|
|
||||||
|
unique() {
|
||||||
|
# Delete duplicate lines (keeping input order)
|
||||||
|
# NOTE: Solaris AWK breaks without if/print construct.
|
||||||
|
awk '{ if (!x[$0]++) print }'
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
## Check functions
|
||||||
|
# These functions are used to verify if a guess is correct by checking some
|
||||||
|
# common property of a running system (presence of a directory in /run etc.)
|
||||||
|
|
||||||
|
check_busybox_init() (
|
||||||
|
busybox_path=${1:-/bin/busybox}
|
||||||
|
test -x "${busybox_path}" || return 1
|
||||||
|
grep -q 'BusyBox v[0-9]' "${busybox_path}" || return 1
|
||||||
|
|
||||||
|
# It is quite common to use Busybox init to stack other init systemd
|
||||||
|
# (like OpenRC) on top of it. So we check for that, too.
|
||||||
|
if stacked=$(check_openrc)
|
||||||
|
then
|
||||||
|
echo "busybox-init+${stacked}"
|
||||||
|
else
|
||||||
|
echo busybox-init
|
||||||
|
fi
|
||||||
|
)
|
||||||
|
|
||||||
|
check_hurd_init() (
|
||||||
|
init_exe=${1:-/hurd/init}
|
||||||
|
test -x "${init_exe}" || return 1
|
||||||
|
grep -q 'GNU Hurd' "${init_exe}" || return 1
|
||||||
|
echo hurd-init
|
||||||
|
)
|
||||||
|
|
||||||
|
check_init() {
|
||||||
|
# Checks for various BSD inits...
|
||||||
|
test -x /sbin/init || return 1
|
||||||
|
|
||||||
|
if grep -q -E '(Free|Net|Open)BSD' /sbin/init
|
||||||
|
then
|
||||||
|
echo init
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
check_launchd() {
|
||||||
|
command -v launchctl >/dev/null 2>&1 || return 1
|
||||||
|
launchctl getenv PATH >/dev/null || return 1
|
||||||
|
echo launchd
|
||||||
|
}
|
||||||
|
|
||||||
|
check_openrc() {
|
||||||
|
test -f /run/openrc/softlevel || return 1
|
||||||
|
echo openrc
|
||||||
|
}
|
||||||
|
|
||||||
|
check_procd() (
|
||||||
|
procd_path=${1:-/sbin/procd}
|
||||||
|
test -x "${procd_path}" || return 1
|
||||||
|
grep -q 'procd' "${procd_path}" || return 1
|
||||||
|
echo procd
|
||||||
|
)
|
||||||
|
|
||||||
|
check_runit() {
|
||||||
|
test -d /run/runit || return 1
|
||||||
|
echo runit
|
||||||
|
}
|
||||||
|
|
||||||
|
check_smf() {
|
||||||
|
# XXX: Is this the correct way??
|
||||||
|
test -f /etc/svc/volatile/svc_nonpersist.db || return 1
|
||||||
|
echo smf
|
||||||
|
}
|
||||||
|
|
||||||
|
check_systemd() {
|
||||||
|
# NOTE: sd_booted(3)
|
||||||
|
test -d /run/systemd/system/ || return 1
|
||||||
|
# systemctl --version | sed -e '/^systemd/!d;s/^systemd //'
|
||||||
|
echo systemd
|
||||||
|
}
|
||||||
|
|
||||||
|
check_systemstarter() {
|
||||||
|
test -d /System/Library/StartupItems/ || return 1
|
||||||
|
test -f /System/Library/StartupItems/LoginWindow/StartupParameters.plist || return 1
|
||||||
|
echo init+SystemStarter
|
||||||
|
}
|
||||||
|
|
||||||
|
check_sysvinit() (
|
||||||
|
init_path=${1:-/sbin/init}
|
||||||
|
test -x "${init_path}" || return 1
|
||||||
|
grep -q 'INIT_VERSION=sysvinit-[0-9.]*' "${init_path}" || return 1
|
||||||
|
|
||||||
|
# It is quite common to use SysVinit to stack other init systemd
|
||||||
|
# (like OpenRC) on top of it. So we check for that, too.
|
||||||
|
if stacked=$(check_openrc)
|
||||||
|
then
|
||||||
|
echo "sysvinit+${stacked}"
|
||||||
|
else
|
||||||
|
echo sysvinit
|
||||||
|
fi
|
||||||
|
unset stacked
|
||||||
|
)
|
||||||
|
|
||||||
|
check_upstart() {
|
||||||
|
test -x "$(command -v initctl)" || return 1
|
||||||
|
case $(initctl version)
|
||||||
|
in
|
||||||
|
*'(upstart '*')')
|
||||||
|
if test -d /etc/init
|
||||||
|
then
|
||||||
|
# modern (DBus-based?) upstart >= 0.5
|
||||||
|
echo upstart
|
||||||
|
elif test -d /etc/event.d
|
||||||
|
then
|
||||||
|
# ancient upstart
|
||||||
|
echo upstart-legacy
|
||||||
|
else
|
||||||
|
# whatever...
|
||||||
|
echo upstart
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
return 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
}
|
||||||
|
|
||||||
|
find_init_procfs() (
|
||||||
|
# First, check if the required file in procfs exists...
|
||||||
|
test -h /proc/1/exe || return 1
|
||||||
|
|
||||||
|
# Find init executable
|
||||||
|
init_exe=$(ls -l /proc/1/exe 2>/dev/null) || return 1
|
||||||
|
init_exe=${init_exe#* -> }
|
||||||
|
|
||||||
|
if ! test -x "$init_exe"
|
||||||
|
then
|
||||||
|
# On some rare occasions it can happen that the
|
||||||
|
# running init's binary has been replaced. In this
|
||||||
|
# case Linux adjusts the symlink to "X (deleted)"
|
||||||
|
|
||||||
|
# [root@fedora-12 ~]# readlink /proc/1/exe
|
||||||
|
# /sbin/init (deleted)
|
||||||
|
# [root@fedora-12 ~]# ls -l /proc/1/exe
|
||||||
|
# lrwxrwxrwx. 1 root root 0 2020-01-30 23:00 /proc/1/exe -> /sbin/init (deleted)
|
||||||
|
|
||||||
|
init_exe=${init_exe% (deleted)}
|
||||||
|
test -x "$init_exe" || return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "${init_exe}"
|
||||||
|
)
|
||||||
|
|
||||||
|
guess_by_path() {
|
||||||
|
case $1
|
||||||
|
in
|
||||||
|
/bin/busybox)
|
||||||
|
check_busybox_init "$1" && return
|
||||||
|
;;
|
||||||
|
/lib/systemd/systemd)
|
||||||
|
check_systemd "$1" && return
|
||||||
|
;;
|
||||||
|
/hurd/init)
|
||||||
|
check_hurd_init "$1" && return
|
||||||
|
;;
|
||||||
|
/sbin/launchd)
|
||||||
|
check_launchd "$1" && return
|
||||||
|
;;
|
||||||
|
/usr/bin/runit|/sbin/runit)
|
||||||
|
check_runit "$1" && return
|
||||||
|
;;
|
||||||
|
/sbin/openrc-init)
|
||||||
|
if check_openrc "$1" >/dev/null
|
||||||
|
then
|
||||||
|
echo openrc-init
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
/sbin/procd)
|
||||||
|
check_procd "$1" && return
|
||||||
|
;;
|
||||||
|
/sbin/init|*/init)
|
||||||
|
# init: it could be anything -> (explicit) no match
|
||||||
|
return 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
# No match
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
|
||||||
|
guess_by_comm_name() {
|
||||||
|
case $1
|
||||||
|
in
|
||||||
|
busybox)
|
||||||
|
check_busybox_init && return
|
||||||
|
;;
|
||||||
|
openrc-init)
|
||||||
|
if check_openrc >/dev/null
|
||||||
|
then
|
||||||
|
echo openrc-init
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
init)
|
||||||
|
# init could be anything -> no match
|
||||||
|
return 1
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
# Run check function by comm name if available.
|
||||||
|
# Fall back to comm name if either it does not exist or
|
||||||
|
# returns non-zero.
|
||||||
|
if type "check_$1" >/dev/null
|
||||||
|
then
|
||||||
|
"check_$1" && return
|
||||||
|
else
|
||||||
|
echo "$1" ; return 0
|
||||||
|
fi
|
||||||
|
esac
|
||||||
|
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
|
||||||
|
check_list() (
|
||||||
|
# List must be a multi-line input on stdin (one name per line)
|
||||||
|
while read -r init
|
||||||
|
do
|
||||||
|
"check_${init}" || continue
|
||||||
|
return 0
|
||||||
|
done
|
||||||
|
return 1
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
# BusyBox's versions of ps and pgrep do not support some options
|
||||||
|
# depending on which compile-time options have been used.
|
||||||
|
|
||||||
|
find_init_pgrep() {
|
||||||
|
pgrep -P0 -fl 2>/dev/null | awk -F '[[:blank:]]' '$1 == 1 { print $2 }'
|
||||||
|
}
|
||||||
|
|
||||||
|
find_init_ps() {
|
||||||
|
case $KERNEL_NAME
|
||||||
|
in
|
||||||
|
Darwin)
|
||||||
|
ps -o command -p 1 2>/dev/null | tail -n +2
|
||||||
|
;;
|
||||||
|
FreeBSD)
|
||||||
|
ps -o args= -p 1 2>/dev/null | cut -d ' ' -f 1
|
||||||
|
;;
|
||||||
|
Linux)
|
||||||
|
ps -o comm= -p 1 2>/dev/null
|
||||||
|
;;
|
||||||
|
NetBSD)
|
||||||
|
ps -o comm= -p 1 2>/dev/null
|
||||||
|
;;
|
||||||
|
OpenBSD)
|
||||||
|
ps -o args -p 1 2>/dev/null | tail -n +2 | cut -d ' ' -f 1
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
ps -o args= -p 1 2>/dev/null
|
||||||
|
;;
|
||||||
|
esac | trim # trim trailing whitespace (some ps like Darwin add it)
|
||||||
|
}
|
||||||
|
|
||||||
|
find_init() {
|
||||||
|
case $KERNEL_NAME
|
||||||
|
in
|
||||||
|
Linux|GNU|NetBSD)
|
||||||
|
find_init_procfs || find_init_pgrep || find_init_ps
|
||||||
|
;;
|
||||||
|
FreeBSD)
|
||||||
|
find_init_procfs || find_init_ps
|
||||||
|
;;
|
||||||
|
OpenBSD)
|
||||||
|
find_init_pgrep || find_init_ps
|
||||||
|
;;
|
||||||
|
Darwin|SunOS)
|
||||||
|
find_init_ps
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Don't know how to determine init." >&2
|
||||||
|
echo 'Please send a patch.' >&2
|
||||||
|
exit 1
|
||||||
|
esac
|
||||||
|
}
|
||||||
|
|
||||||
|
# -----
|
||||||
|
|
||||||
|
init=$(find_init)
|
||||||
|
|
||||||
|
# If we got a path, guess by the path first (fall back to file name if no match)
|
||||||
|
# else guess by file name directly.
|
||||||
|
# shellcheck disable=SC2015
|
||||||
|
{
|
||||||
|
test -x "${init}" \
|
||||||
|
&& guess_by_path "${init}" \
|
||||||
|
|| guess_by_comm_name "$(basename "${init}")"
|
||||||
|
} && exit 0 || true
|
||||||
|
|
||||||
|
|
||||||
|
# Guessing based on the file path and name didn’t lead to a definitive result.
|
||||||
|
#
|
||||||
|
# We go through all of the checks until we find a match. To speed up the
|
||||||
|
# process, common cases will be checked first based on the underlying kernel.
|
||||||
|
|
||||||
|
{ common_candidates_by_kernel; echo "${KNOWN_INIT_SYSTEMS}"; } \
|
||||||
|
| unique | check_list
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
#
|
#
|
||||||
# 2014 Daniel Heule (hda at sfs.biz)
|
# 2014 Daniel Heule (hda at sfs.biz)
|
||||||
# 2014 Thomas Oettli (otho at sfs.biz)
|
# 2014 Thomas Oettli (otho at sfs.biz)
|
||||||
|
# 2020 Evilham (contact at evilham.com)
|
||||||
#
|
#
|
||||||
# This file is part of cdist.
|
# This file is part of cdist.
|
||||||
#
|
#
|
||||||
|
@ -18,63 +19,91 @@
|
||||||
# You should have received a copy of the GNU General Public License
|
# You should have received a copy of the GNU General Public License
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
#
|
#
|
||||||
#
|
|
||||||
|
|
||||||
# FIXME: other system types (not linux ...)
|
os=$("$__explorer/os")
|
||||||
|
|
||||||
if [ -d "/proc/vz" ] && [ ! -d "/proc/bc" ]; then
|
vendor_string_to_machine_type() {
|
||||||
echo openvz
|
for vendor in vmware bochs kvm qemu virtualbox bhyve; do
|
||||||
exit
|
if echo "${1}" | grep -q -i "${vendor}"; then
|
||||||
fi
|
if [ "${vendor}" = "bochs" ] || [ "${vendor}" = "qemu" ]; then
|
||||||
|
vendor="kvm"
|
||||||
|
fi
|
||||||
|
echo "virtual_by_${vendor}"
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
if [ -e "/proc/1/environ" ] &&
|
case "$os" in
|
||||||
tr '\000' '\n' < "/proc/1/environ" | grep -Eiq '^container='; then
|
"freebsd")
|
||||||
echo lxc
|
# FreeBSD does not have /proc/cpuinfo even when procfs is used.
|
||||||
exit
|
# Instead there is a sysctl kern.vm_guest.
|
||||||
fi
|
# Which is 'none' if physical, else the virtualisation.
|
||||||
|
vm_guest="$(sysctl -n kern.vm_guest 2>/dev/null || true)"
|
||||||
if [ -r /proc/cpuinfo ]; then
|
if [ -n "${vm_guest}" ]; then
|
||||||
# this should only exist on virtual guest machines,
|
if [ "${vm_guest}" = "none" ]; then
|
||||||
# tested on vmware, xen, kvm
|
echo "physical"
|
||||||
if grep -q "hypervisor" /proc/cpuinfo; then
|
|
||||||
# this file is aviable in xen guest systems
|
|
||||||
if [ -r /sys/hypervisor/type ]; then
|
|
||||||
if grep -q -i "xen" /sys/hypervisor/type; then
|
|
||||||
echo virtual_by_xen
|
|
||||||
exit
|
exit
|
||||||
fi
|
fi
|
||||||
else
|
echo "virtual_by_${vm_guest}"
|
||||||
if [ -r /sys/class/dmi/id/product_name ]; then
|
exit
|
||||||
if grep -q -i 'vmware' /sys/class/dmi/id/product_name; then
|
fi
|
||||||
echo "virtual_by_vmware"
|
;;
|
||||||
exit
|
|
||||||
elif grep -q -i 'bochs' /sys/class/dmi/id/product_name; then
|
|
||||||
echo "virtual_by_kvm"
|
|
||||||
exit
|
|
||||||
elif grep -q -i 'virtualbox' /sys/class/dmi/id/product_name; then
|
|
||||||
echo "virtual_by_virtualbox"
|
|
||||||
exit
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -r /sys/class/dmi/id/sys_vendor ]; then
|
"openbsd")
|
||||||
if grep -q -i 'qemu' /sys/class/dmi/id/sys_vendor; then
|
# OpenBSD can also use the sysctl's: hw.vendor or hw.product.
|
||||||
echo "virtual_by_kvm"
|
# Note we can be reasonably sure about a machine being virtualised
|
||||||
exit
|
# as long as we can identify the virtualisation technology.
|
||||||
fi
|
# But not so much about it being physical...
|
||||||
fi
|
# Patches are welcome / reach out if you have better ideas.
|
||||||
|
for sysctl in hw.vendor hw.product; do
|
||||||
|
# This exits if we can make a reasonable judgement
|
||||||
|
vendor_string_to_machine_type "$(sysctl -n "${sysctl}")"
|
||||||
|
done
|
||||||
|
;;
|
||||||
|
|
||||||
if [ -r /sys/class/dmi/id/chassis_vendor ]; then
|
*)
|
||||||
if grep -q -i 'qemu' /sys/class/dmi/id/chassis_vendor; then
|
# Defaulting to linux for compatibility with previous cdist behaviour
|
||||||
echo "virtual_by_kvm"
|
|
||||||
exit
|
if [ -d "/proc/vz" ] && [ ! -d "/proc/bc" ]; then
|
||||||
|
echo openvz
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -e "/proc/1/environ" ] &&
|
||||||
|
tr '\000' '\n' < "/proc/1/environ" | grep -Eiq '^container='; then
|
||||||
|
echo lxc
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -r /proc/cpuinfo ]; then
|
||||||
|
# this should only exist on virtual guest machines,
|
||||||
|
# tested on vmware, xen, kvm, bhyve
|
||||||
|
if grep -q "hypervisor" /proc/cpuinfo; then
|
||||||
|
# this file is aviable in xen guest systems
|
||||||
|
if [ -r /sys/hypervisor/type ]; then
|
||||||
|
if grep -q -i "xen" /sys/hypervisor/type; then
|
||||||
|
echo virtual_by_xen
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
for vendor_file in /sys/class/dmi/id/product_name \
|
||||||
|
/sys/class/dmi/id/sys_vendor \
|
||||||
|
/sys/class/dmi/id/chasis_vendor; do
|
||||||
|
if [ -r ${vendor_file} ]; then
|
||||||
|
# This exits if we can make a reasonable judgement
|
||||||
|
vendor_string_to_machine_type "$(cat "${vendor_file}")"
|
||||||
|
fi
|
||||||
|
done
|
||||||
fi
|
fi
|
||||||
|
echo "virtual_by_unknown"
|
||||||
|
exit
|
||||||
|
else
|
||||||
|
echo "physical"
|
||||||
|
exit
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
echo "virtual_by_unknown"
|
;;
|
||||||
else
|
esac
|
||||||
echo "physical"
|
|
||||||
fi
|
echo "unknown"
|
||||||
else
|
|
||||||
echo "unknown"
|
|
||||||
fi
|
|
||||||
|
|
|
@ -29,7 +29,7 @@ case "$os" in
|
||||||
echo "$(sysctl -n hw.memsize)/1024" | bc
|
echo "$(sysctl -n hw.memsize)/1024" | bc
|
||||||
;;
|
;;
|
||||||
|
|
||||||
"openbsd")
|
*"bsd")
|
||||||
echo "$(sysctl -n hw.physmem) / 1048576" | bc
|
echo "$(sysctl -n hw.physmem) / 1048576" | bc
|
||||||
;;
|
;;
|
||||||
|
|
||||||
|
|
|
@ -143,6 +143,11 @@ case "$uname_s" in
|
||||||
esac
|
esac
|
||||||
|
|
||||||
if [ -f /etc/os-release ]; then
|
if [ -f /etc/os-release ]; then
|
||||||
|
# after sles15, suse don't provide an /etc/SuSE-release anymore, but there is almost no difference between sles and opensuse leap, so call it suse
|
||||||
|
if grep -q ^ID_LIKE=\"suse\" /etc/os-release 2>/dev/null; then
|
||||||
|
echo suse
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
# already lowercase, according to:
|
# already lowercase, according to:
|
||||||
# https://www.freedesktop.org/software/systemd/man/os-release.html
|
# https://www.freedesktop.org/software/systemd/man/os-release.html
|
||||||
awk -F= '/^ID=/ { if ($2 ~ /^'"'"'(.*)'"'"'$/ || $2 ~ /^"(.*)"$/) { print substr($2, 2, length($2) - 2) } else { print $2 } }' /etc/os-release
|
awk -F= '/^ID=/ { if ($2 ~ /^'"'"'(.*)'"'"'$/ || $2 ~ /^"(.*)"$/) { print substr($2, 2, length($2) - 2) } else { print $2 } }' /etc/os-release
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# 2018 Adam Dej (dejko.a at gmail.com)
|
# 2018 Adam Dej (dejko.a at gmail.com)
|
||||||
|
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
|
||||||
#
|
#
|
||||||
# This file is part of cdist.
|
# This file is part of cdist.
|
||||||
#
|
#
|
||||||
|
@ -21,6 +22,17 @@
|
||||||
|
|
||||||
# See os-release(5) and http://0pointer.de/blog/projects/os-release
|
# See os-release(5) and http://0pointer.de/blog/projects/os-release
|
||||||
|
|
||||||
set +e
|
if test -f /etc/os-release
|
||||||
|
then
|
||||||
|
# Linux and FreeBSD (usually a symlink)
|
||||||
|
cat /etc/os-release
|
||||||
|
elif test -f /usr/lib/os-release
|
||||||
|
then
|
||||||
|
# systemd
|
||||||
|
cat /usr/lib/os-release
|
||||||
|
elif test -f /var/run/os-release
|
||||||
|
then
|
||||||
|
# FreeBSD (created by os-release service)
|
||||||
|
cat /var/run/os-release
|
||||||
|
fi
|
||||||
|
|
||||||
cat /etc/os-release || cat /usr/lib/os-release || true
|
|
||||||
|
|
|
@ -70,4 +70,7 @@ case "$("$__explorer/os")" in
|
||||||
ubuntu)
|
ubuntu)
|
||||||
lsb_release -sr
|
lsb_release -sr
|
||||||
;;
|
;;
|
||||||
|
alpine)
|
||||||
|
cat /etc/alpine-release
|
||||||
|
;;
|
||||||
esac
|
esac
|
|
@ -20,7 +20,13 @@
|
||||||
|
|
||||||
file_is="$( cat "$__object/explorer/file_is" )"
|
file_is="$( cat "$__object/explorer/file_is" )"
|
||||||
|
|
||||||
[ "$file_is" = 'missing' ] && [ -z "$__cdist_dry_run" ] && exit 0
|
if [ "$file_is" = 'missing' ] \
|
||||||
|
&& [ -z "$__cdist_dry_run" ] \
|
||||||
|
&& \( [ ! -f "$__object/parameter/file" ] \
|
||||||
|
|| [ ! -f "$__object/parameter/directory" ] \)
|
||||||
|
then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
os="$( cat "$__global/explorer/os" )"
|
os="$( cat "$__global/explorer/os" )"
|
||||||
|
|
||||||
|
@ -28,7 +34,17 @@ acl_path="/$__object_id"
|
||||||
|
|
||||||
acl_is="$( cat "$__object/explorer/acl_is" )"
|
acl_is="$( cat "$__object/explorer/acl_is" )"
|
||||||
|
|
||||||
if [ -f "$__object/parameter/entry" ]
|
if [ -f "$__object/parameter/source" ]
|
||||||
|
then
|
||||||
|
acl_source="$( cat "$__object/parameter/source" )"
|
||||||
|
|
||||||
|
if [ "$acl_source" = '-' ]
|
||||||
|
then
|
||||||
|
acl_should="$( cat "$__object/stdin" )"
|
||||||
|
else
|
||||||
|
acl_should="$( grep -Ev '^#|^$' "$acl_source" )"
|
||||||
|
fi
|
||||||
|
elif [ -f "$__object/parameter/entry" ]
|
||||||
then
|
then
|
||||||
acl_should="$( cat "$__object/parameter/entry" )"
|
acl_should="$( cat "$__object/parameter/entry" )"
|
||||||
elif [ -f "$__object/parameter/acl" ]
|
elif [ -f "$__object/parameter/acl" ]
|
||||||
|
|
|
@ -19,6 +19,20 @@ entry
|
||||||
Set ACL entry following ``getfacl`` output syntax.
|
Set ACL entry following ``getfacl`` output syntax.
|
||||||
|
|
||||||
|
|
||||||
|
OPTIONAL PARAMETERS
|
||||||
|
-------------------
|
||||||
|
source
|
||||||
|
Read ACL entries from stdin or file.
|
||||||
|
Ordering of entries is not important.
|
||||||
|
When reading from file, comments and empty lines are ignored.
|
||||||
|
|
||||||
|
file
|
||||||
|
Create/change file with ``__file`` using ``user:group:mode`` pattern.
|
||||||
|
|
||||||
|
directory
|
||||||
|
Create/change directory with ``__directory`` using ``user:group:mode`` pattern.
|
||||||
|
|
||||||
|
|
||||||
BOOLEAN PARAMETERS
|
BOOLEAN PARAMETERS
|
||||||
------------------
|
------------------
|
||||||
default
|
default
|
||||||
|
@ -71,6 +85,17 @@ EXAMPLES
|
||||||
--entry group:secret-project:rwx \
|
--entry group:secret-project:rwx \
|
||||||
--entry user:alice:r-x
|
--entry user:alice:r-x
|
||||||
|
|
||||||
|
# read acl from stdin
|
||||||
|
echo 'user:alice:rwx' \
|
||||||
|
| __acl /path/to/directory --source -
|
||||||
|
|
||||||
|
# create/change directory too
|
||||||
|
__acl /path/to/directory \
|
||||||
|
--default \
|
||||||
|
--remove \
|
||||||
|
--directory root:root:770 \
|
||||||
|
--entry user:nobody:rwx
|
||||||
|
|
||||||
|
|
||||||
AUTHORS
|
AUTHORS
|
||||||
-------
|
-------
|
||||||
|
|
11
cdist/conf/type/__acl/manifest
Executable file
11
cdist/conf/type/__acl/manifest
Executable file
|
@ -0,0 +1,11 @@
|
||||||
|
#!/bin/sh -e
|
||||||
|
|
||||||
|
for p in file directory
|
||||||
|
do
|
||||||
|
[ ! -f "$__object/parameter/$p" ] && continue
|
||||||
|
|
||||||
|
"__$p" "/$__object_id" \
|
||||||
|
--owner "$( awk -F: '{print $1}' "$__object/parameter/$p" )" \
|
||||||
|
--group "$( awk -F: '{print $2}' "$__object/parameter/$p" )" \
|
||||||
|
--mode "$( awk -F: '{print $3}' "$__object/parameter/$p" )"
|
||||||
|
done
|
|
@ -1,2 +1,5 @@
|
||||||
mask
|
mask
|
||||||
other
|
other
|
||||||
|
source
|
||||||
|
file
|
||||||
|
directory
|
||||||
|
|
|
@ -37,6 +37,7 @@ source="$(cat "$__object/parameter/source")"
|
||||||
# out of it
|
# out of it
|
||||||
home=/home/$username
|
home=/home/$username
|
||||||
|
|
||||||
|
# shellcheck disable=SC2086
|
||||||
__user "$username" --home "$home" $shell
|
__user "$username" --home "$home" $shell
|
||||||
|
|
||||||
require="__user/$username" __directory "$home" \
|
require="__user/$username" __directory "$home" \
|
||||||
|
|
|
@ -18,7 +18,12 @@
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
#
|
#
|
||||||
|
|
||||||
path="/$__object_id"
|
if [ -f "$__object/parameter/path" ]
|
||||||
|
then
|
||||||
|
path="$( cat "$__object/parameter/path" )"
|
||||||
|
else
|
||||||
|
path="/$__object_id"
|
||||||
|
fi
|
||||||
|
|
||||||
[ ! -d "$path" ] && exit 0
|
[ ! -d "$path" ] && exit 0
|
||||||
|
|
||||||
|
|
|
@ -20,7 +20,12 @@
|
||||||
|
|
||||||
[ ! -s "$__object/explorer/list" ] && exit 0
|
[ ! -s "$__object/explorer/list" ] && exit 0
|
||||||
|
|
||||||
path="/$__object_id"
|
if [ -f "$__object/parameter/path" ]
|
||||||
|
then
|
||||||
|
path="$( cat "$__object/parameter/path" )"
|
||||||
|
else
|
||||||
|
path="/$__object_id"
|
||||||
|
fi
|
||||||
|
|
||||||
pattern="$( cat "$__object/parameter/pattern" )"
|
pattern="$( cat "$__object/parameter/pattern" )"
|
||||||
|
|
||||||
|
|
|
@ -10,7 +10,7 @@ DESCRIPTION
|
||||||
-----------
|
-----------
|
||||||
Remove files and directories which match the pattern.
|
Remove files and directories which match the pattern.
|
||||||
|
|
||||||
Provided path (as __object_id) must be a directory.
|
Provided path must be a directory.
|
||||||
|
|
||||||
Patterns are passed to ``find``'s ``-regex`` - see ``find(1)`` for more details.
|
Patterns are passed to ``find``'s ``-regex`` - see ``find(1)`` for more details.
|
||||||
|
|
||||||
|
@ -29,6 +29,9 @@ pattern
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
OPTIONAL PARAMETERS
|
||||||
-------------------
|
-------------------
|
||||||
|
path
|
||||||
|
Path which will be cleaned. Defaults to ``$__object_id``.
|
||||||
|
|
||||||
exclude
|
exclude
|
||||||
Pattern of files which are excluded from removal.
|
Pattern of files which are excluded from removal.
|
||||||
|
|
||||||
|
@ -46,6 +49,11 @@ EXAMPLES
|
||||||
--exclude '.+\(charset\.conf\|security\.conf\)' \
|
--exclude '.+\(charset\.conf\|security\.conf\)' \
|
||||||
--onchange 'service apache2 restart'
|
--onchange 'service apache2 restart'
|
||||||
|
|
||||||
|
__clean_path apache2-conf-enabled \
|
||||||
|
--path /etc/apache2/conf-enabled \
|
||||||
|
--pattern '.+' \
|
||||||
|
--exclude '.+\(charset\.conf\|security\.conf\)' \
|
||||||
|
--onchange 'service apache2 restart'
|
||||||
|
|
||||||
AUTHORS
|
AUTHORS
|
||||||
-------
|
-------
|
||||||
|
|
|
@ -1,2 +1,3 @@
|
||||||
exclude
|
exclude
|
||||||
onchange
|
onchange
|
||||||
|
path
|
||||||
|
|
|
@ -116,6 +116,9 @@ verify-incoming
|
||||||
verify-outgoing
|
verify-outgoing
|
||||||
enforce the use of TLS and verify the peers authenticity on outgoing connections
|
enforce the use of TLS and verify the peers authenticity on outgoing connections
|
||||||
|
|
||||||
|
use-distribution-package
|
||||||
|
uses distribution package instead of upstream binary
|
||||||
|
|
||||||
|
|
||||||
EXAMPLES
|
EXAMPLES
|
||||||
--------
|
--------
|
||||||
|
|
|
@ -1,7 +1,8 @@
|
||||||
#!/bin/sh -e
|
#!/bin/sh -e
|
||||||
#
|
#
|
||||||
# 2015 Steven Armstrong (steven-cdist at armstrong.cc)
|
# 2015 Steven Armstrong (steven-cdist at armstrong.cc)
|
||||||
# 2015-2019 Nico Schottelius (nico-cdist at schottelius.org)
|
# 2015-2020 Nico Schottelius (nico-cdist at schottelius.org)
|
||||||
|
# 2019 Timothée Floure (timothee.floure at ungleich.ch)
|
||||||
#
|
#
|
||||||
# This file is part of cdist.
|
# This file is part of cdist.
|
||||||
#
|
#
|
||||||
|
@ -19,133 +20,87 @@
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
#
|
#
|
||||||
|
|
||||||
|
|
||||||
os=$(cat "$__global/explorer/os")
|
os=$(cat "$__global/explorer/os")
|
||||||
|
|
||||||
case "$os" in
|
###
|
||||||
alpine|scientific|centos|debian|devuan|redhat|ubuntu)
|
# Type parameters.
|
||||||
# whitelist safeguard
|
|
||||||
:
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
|
|
||||||
echo "Please contribute an implementation for it if you can." >&2
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
state="$(cat "$__object/parameter/state")"
|
state="$(cat "$__object/parameter/state")"
|
||||||
user="$(cat "$__object/parameter/user")"
|
user="$(cat "$__object/parameter/user")"
|
||||||
group="$(cat "$__object/parameter/group")"
|
group="$(cat "$__object/parameter/group")"
|
||||||
data_dir="/var/lib/consul"
|
release=$(cat "$__global/explorer/lsb_release")
|
||||||
conf_dir="/etc/consul/conf.d"
|
if [ -f "$__object/parameter/use-distribution-package" ]; then
|
||||||
conf_file="config.json"
|
use_distribution_package=1
|
||||||
|
fi
|
||||||
|
|
||||||
# FIXME: there has got to be a better way to handle the dependencies in this case
|
###
|
||||||
case "$state" in
|
# Those are default that might be overriden by os-specific logic.
|
||||||
present)
|
|
||||||
__group "$group" --system --state "$state"
|
data_dir="/var/lib/consul"
|
||||||
require="__group/$group" \
|
|
||||||
__user "$user" --system --gid "$group" \
|
|
||||||
--home "$data_dir" --state "$state"
|
|
||||||
export require="__user/consul"
|
tls_dir="$conf_dir/tls"
|
||||||
;;
|
|
||||||
absent)
|
case "$os" in
|
||||||
echo "Sorry, state=absent currently not supported :-(" >&2
|
alpine)
|
||||||
exit 1
|
conf_dir="/etc/consul"
|
||||||
require="$__object_name" \
|
conf_file="server.json"
|
||||||
__user "$user" --system --gid "$group" --state "$state"
|
;;
|
||||||
require="__user/$user" \
|
*)
|
||||||
__group "$group" --system --state "$state"
|
conf_dir="/etc/consul/conf.d"
|
||||||
;;
|
conf_file="config.json"
|
||||||
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
__directory /etc/consul \
|
###
|
||||||
--owner root --group "$group" --mode 750 --state "$state"
|
# Sane deployment, based on distribution package when available.
|
||||||
require="__directory/etc/consul" \
|
|
||||||
__directory "$conf_dir" \
|
|
||||||
--owner root --group "$group" --mode 750 --state "$state"
|
|
||||||
|
|
||||||
if [ -f "$__object/parameter/ca-file-source" ] || [ -f "$__object/parameter/cert-file-source" ] || [ -f "$__object/parameter/key-file-source" ]; then
|
distribution_setup () {
|
||||||
# create directory for ssl certs
|
case "$os" in
|
||||||
require="__directory/etc/consul" \
|
debian)
|
||||||
__directory /etc/consul/ssl \
|
# consul is only available starting Debian 10 (buster).
|
||||||
--owner root --group "$group" --mode 750 --state "$state"
|
# See https://packages.debian.org/buster/consul
|
||||||
fi
|
if [ "$release" -lt 10 ]; then
|
||||||
|
echo "Consul is not available for your debian release." >&2
|
||||||
|
echo "Please use the 'manual' (i.e. non-package) installation or \
|
||||||
|
upgrade the target system." >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
__directory "$data_dir" \
|
# Override previously defined environment to match debian packaging.
|
||||||
--owner "$user" --group "$group" --mode 770 --state "$state"
|
conf_dir='/etc/consul.d'
|
||||||
|
user='consul'
|
||||||
|
group='consul'
|
||||||
|
;;
|
||||||
|
alpine)
|
||||||
|
# consul is only available starting Alpine 3.12 (= edge during the 3.11 cycle).
|
||||||
|
# See https://pkgs.alpinelinux.org/packages?name=consul&branch=edge
|
||||||
|
|
||||||
|
# Override previously defined environment to match alpine packaging.
|
||||||
|
conf_dir='/etc/consul'
|
||||||
|
conf_file='server.json'
|
||||||
|
data_dir='/var/consul'
|
||||||
|
user='consul'
|
||||||
|
group='consul'
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Your operating system ($os) is currently not supported with the \
|
||||||
|
--use-distribution-package flag (${__type##*/})." >&2
|
||||||
|
echo "Please use non-package installation or contribute an \
|
||||||
|
implementation for if you can." >&2
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
# Generate json config file
|
# Install consul package.
|
||||||
(
|
__package consul --state "$state"
|
||||||
echo "{"
|
|
||||||
|
|
||||||
# parameters we define ourself
|
export config_deployment_requires="__package/consul"
|
||||||
printf ' "data_dir": "%s"\n' "$data_dir"
|
}
|
||||||
|
|
||||||
cd "$__object/parameter/"
|
###
|
||||||
for param in *; do
|
# LEGACY manual deployment, kept for compatibility reasons.
|
||||||
case "$param" in
|
|
||||||
state|user|group|json-config) continue ;;
|
|
||||||
ca-file-source|cert-file-source|key-file-source)
|
|
||||||
source="$(cat "$__object/parameter/$param")"
|
|
||||||
destination="/etc/consul/ssl/${source##*/}"
|
|
||||||
require="__directory/etc/consul/ssl" \
|
|
||||||
__file "$destination" \
|
|
||||||
--owner root --group consul --mode 640 \
|
|
||||||
--source "$source" \
|
|
||||||
--state "$state"
|
|
||||||
key="$(echo "${param%-*}" | tr '-' '_')"
|
|
||||||
printf ' ,"%s": "%s"\n' "$key" "$destination"
|
|
||||||
;;
|
|
||||||
disable-remote-exec|disable-update-check|leave-on-terminate|rejoin-after-leave|server|enable-syslog|verify-incoming|verify-outgoing)
|
|
||||||
# handle boolean parameters
|
|
||||||
key="$(echo "$param" | tr '-' '_')"
|
|
||||||
printf ' ,"%s": true\n' "$key"
|
|
||||||
;;
|
|
||||||
retry-join)
|
|
||||||
# join multiple parameters into json array
|
|
||||||
retry_join="$(awk '{printf "\""$1"\","}' "$__object/parameter/retry-join")"
|
|
||||||
# remove trailing ,
|
|
||||||
printf ' ,"retry_join": [%s]\n' "${retry_join%*,}"
|
|
||||||
;;
|
|
||||||
retry-join-wan)
|
|
||||||
# join multiple parameters into json array over wan
|
|
||||||
retry_join_wan="$(awk '{printf "\""$1"\","}' "$__object/parameter/retry-join-wan")"
|
|
||||||
# remove trailing ,
|
|
||||||
printf ' ,"retry_join_wan": [%s]\n' "${retry_join_wan%*,}"
|
|
||||||
;;
|
|
||||||
bootstrap-expect)
|
|
||||||
# integer key=value parameters
|
|
||||||
key="$(echo "$param" | tr '-' '_')"
|
|
||||||
printf ' ,"%s": %s\n' "$key" "$(cat "$__object/parameter/$param")"
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
# string key=value parameters
|
|
||||||
key="$(echo "$param" | tr '-' '_')"
|
|
||||||
printf ' ,"%s": "%s"\n' "$key" "$(cat "$__object/parameter/$param")"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
if [ -f "$__object/parameter/json-config" ]; then
|
|
||||||
json_config="$(cat "$__object/parameter/json-config")"
|
|
||||||
if [ "$json_config" = "-" ]; then
|
|
||||||
json_config="$__object/stdin"
|
|
||||||
fi
|
|
||||||
# remove leading and trailing whitespace and commas from first and last line
|
|
||||||
# indent each line with 3 spaces for consistency
|
|
||||||
json=$(sed -e 's/^[ \t]*/ /' -e '1s/^[ \t,]*//' -e '$s/[ \t,]*$//' "$json_config")
|
|
||||||
printf ' ,%s\n' "$json"
|
|
||||||
fi
|
|
||||||
echo "}"
|
|
||||||
) | \
|
|
||||||
require="__directory${conf_dir}" \
|
|
||||||
__config_file "${conf_dir}/${conf_file}" \
|
|
||||||
--owner root --group "$group" --mode 640 \
|
|
||||||
--state "$state" \
|
|
||||||
--onchange 'service consul status >/dev/null && service consul reload || true' \
|
|
||||||
--source -
|
|
||||||
|
|
||||||
init_sysvinit()
|
init_sysvinit()
|
||||||
{
|
{
|
||||||
|
@ -179,47 +134,186 @@ init_upstart()
|
||||||
require="__file/etc/init/consul.conf" __start_on_boot consul
|
require="__file/etc/init/consul.conf" __start_on_boot consul
|
||||||
}
|
}
|
||||||
|
|
||||||
# Install init script to start on boot
|
manual_setup () {
|
||||||
case "$os" in
|
case "$os" in
|
||||||
devuan)
|
alpine|scientific|centos|debian|devuan|redhat|ubuntu)
|
||||||
init_sysvinit debian
|
# whitelist safeguard
|
||||||
;;
|
:
|
||||||
centos|redhat)
|
;;
|
||||||
os_version="$(sed 's/[^0-9.]//g' "$__global/explorer/os_version")"
|
*)
|
||||||
major_version="${os_version%%.*}"
|
echo "Your operating system ($os) is currently not supported by this \
|
||||||
case "$major_version" in
|
type (${__type##*/})." >&2
|
||||||
[456])
|
echo "Please contribute an implementation for it if you can." >&2
|
||||||
init_sysvinit redhat
|
exit 1
|
||||||
;;
|
;;
|
||||||
7)
|
esac
|
||||||
init_systemd
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
echo "Unsupported CentOS/Redhat version: $os_version" >&2
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
;;
|
|
||||||
|
|
||||||
debian)
|
# FIXME: there has got to be a better way to handle the dependencies in this case
|
||||||
os_version=$(cat "$__global/explorer/os_version")
|
case "$state" in
|
||||||
major_version="${os_version%%.*}"
|
present)
|
||||||
|
__group "$group" --system --state "$state"
|
||||||
|
require="__group/$group" __user "$user" \
|
||||||
|
--system --gid "$group" --home "$data_dir" --state "$state"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "The $state state is not (yet?) supported by this type." >&2
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
case "$major_version" in
|
# Create data directory.
|
||||||
[567])
|
require="__user/consul" __directory "$data_dir" \
|
||||||
init_sysvinit debian
|
--owner "$user" --group "$group" --mode 770 --state "$state"
|
||||||
;;
|
|
||||||
[89])
|
|
||||||
init_systemd
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
echo "Unsupported Debian version $os_version" >&2
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
;;
|
|
||||||
|
|
||||||
ubuntu)
|
# Create config directory.
|
||||||
init_upstart
|
require="__user/consul" __directory "$conf_dir" \
|
||||||
|
--parents --owner root --group "$group" --mode 750 --state "$state"
|
||||||
|
|
||||||
|
# Install init script to start on boot
|
||||||
|
case "$os" in
|
||||||
|
devuan)
|
||||||
|
init_sysvinit debian
|
||||||
|
;;
|
||||||
|
centos|redhat)
|
||||||
|
os_version="$(sed 's/[^0-9.]//g' "$__global/explorer/os_version")"
|
||||||
|
major_version="${os_version%%.*}"
|
||||||
|
case "$major_version" in
|
||||||
|
[456])
|
||||||
|
init_sysvinit redhat
|
||||||
|
;;
|
||||||
|
7)
|
||||||
|
init_systemd
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Unsupported CentOS/Redhat version: $os_version" >&2
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
;;
|
||||||
|
|
||||||
|
debian)
|
||||||
|
os_version=$(cat "$__global/explorer/os_version")
|
||||||
|
major_version="${os_version%%.*}"
|
||||||
|
|
||||||
|
case "$major_version" in
|
||||||
|
[567])
|
||||||
|
init_sysvinit debian
|
||||||
|
;;
|
||||||
|
[89]|10)
|
||||||
|
init_systemd
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Unsupported Debian version $os_version" >&2
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
;;
|
||||||
|
|
||||||
|
ubuntu)
|
||||||
|
init_upstart
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
config_deployment_requires="__user/consul __directory/$conf_dir"
|
||||||
|
}
|
||||||
|
|
||||||
|
###
|
||||||
|
# Trigger requested installation method.
|
||||||
|
if [ $use_distribution_package ]; then
|
||||||
|
distribution_setup
|
||||||
|
else
|
||||||
|
manual_setup
|
||||||
|
fi
|
||||||
|
|
||||||
|
###
|
||||||
|
# Install TLS certificates.
|
||||||
|
|
||||||
|
if [ -f "$__object/parameter/ca-file-source" ] || \
|
||||||
|
[ -f "$__object/parameter/cert-file-source" ] || \
|
||||||
|
[ -f "$__object/parameter/key-file-source" ]; then
|
||||||
|
|
||||||
|
requires="$config_deployment_requires" __directory "$tls_dir" \
|
||||||
|
--owner root --group "$group" --mode 750 --state "$state"
|
||||||
|
|
||||||
|
# Append to service restart requirements.
|
||||||
|
restart_requires="$restart_requires __directory/$conf_dir/tls"
|
||||||
|
fi
|
||||||
|
|
||||||
|
###
|
||||||
|
# Generate and deploy configuration.
|
||||||
|
|
||||||
|
json_configuration=$(
|
||||||
|
echo "{"
|
||||||
|
|
||||||
|
# parameters we define ourself
|
||||||
|
printf ' "data_dir": "%s"\n' "$data_dir"
|
||||||
|
|
||||||
|
cd "$__object/parameter/"
|
||||||
|
for param in *; do
|
||||||
|
case "$param" in
|
||||||
|
state|user|group|json-config|use-distribution-package) continue ;;
|
||||||
|
ca-file-source|cert-file-source|key-file-source)
|
||||||
|
source="$(cat "$__object/parameter/$param")"
|
||||||
|
destination="$tls_dir/${source##*/}"
|
||||||
|
require="__directory/$tls_dir" \
|
||||||
|
__file "$destination" \
|
||||||
|
--owner root --group consul --mode 640 \
|
||||||
|
--source "$source" \
|
||||||
|
--state "$state"
|
||||||
|
key="$(echo "${param%-*}" | tr '-' '_')"
|
||||||
|
printf ' ,"%s": "%s"\n' "$key" "$destination"
|
||||||
;;
|
;;
|
||||||
esac
|
disable-remote-exec|disable-update-check|leave-on-terminate\
|
||||||
|
|rejoin-after-leave|server|enable-syslog|verify-incoming|verify-outgoing)
|
||||||
|
# handle boolean parameters
|
||||||
|
key="$(echo "$param" | tr '-' '_')"
|
||||||
|
printf ' ,"%s": true\n' "$key"
|
||||||
|
;;
|
||||||
|
retry-join)
|
||||||
|
# join multiple parameters into json array
|
||||||
|
retry_join="$(awk '{printf "\""$1"\","}' "$__object/parameter/retry-join")"
|
||||||
|
# remove trailing ,
|
||||||
|
printf ' ,"retry_join": [%s]\n' "${retry_join%*,}"
|
||||||
|
;;
|
||||||
|
retry-join-wan)
|
||||||
|
# join multiple parameters into json array over wan
|
||||||
|
retry_join_wan="$(awk '{printf "\""$1"\","}' "$__object/parameter/retry-join-wan")"
|
||||||
|
# remove trailing ,
|
||||||
|
printf ' ,"retry_join_wan": [%s]\n' "${retry_join_wan%*,}"
|
||||||
|
;;
|
||||||
|
bootstrap-expect)
|
||||||
|
# integer key=value parameters
|
||||||
|
key="$(echo "$param" | tr '-' '_')"
|
||||||
|
printf ' ,"%s": %s\n' "$key" "$(cat "$__object/parameter/$param")"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
# string key=value parameters
|
||||||
|
key="$(echo "$param" | tr '-' '_')"
|
||||||
|
printf ' ,"%s": "%s"\n' "$key" "$(cat "$__object/parameter/$param")"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
if [ -f "$__object/parameter/json-config" ]; then
|
||||||
|
json_config="$(cat "$__object/parameter/json-config")"
|
||||||
|
if [ "$json_config" = "-" ]; then
|
||||||
|
json_config="$__object/stdin"
|
||||||
|
fi
|
||||||
|
# remove leading and trailing whitespace and commas from first and last line
|
||||||
|
# indent each line with 3 spaces for consistency
|
||||||
|
json=$(sed -e 's/^[ \t]*/ /' -e '1s/^[ \t,]*//' -e '$s/[ \t,]*$//' "$json_config")
|
||||||
|
printf ' ,%s\n' "$json"
|
||||||
|
fi
|
||||||
|
echo "}"
|
||||||
|
)
|
||||||
|
echo "$json_configuration" | require="$config_deployment_requires" \
|
||||||
|
__file "$conf_dir/$conf_file" \
|
||||||
|
--owner root --group "$group" --mode 640 \
|
||||||
|
--state "$state" \
|
||||||
|
--source -
|
||||||
|
|
||||||
|
# Set configuration deployment as requirement for service restart.
|
||||||
|
restart_requires="__file/$conf_dir/$conf_file"
|
||||||
|
|
||||||
|
###
|
||||||
|
# Restart consul agent after everything else.
|
||||||
|
require="$restart_requires" __service consul --action restart
|
||||||
|
|
|
@ -6,3 +6,4 @@ server
|
||||||
enable-syslog
|
enable-syslog
|
||||||
verify-incoming
|
verify-incoming
|
||||||
verify-outgoing
|
verify-outgoing
|
||||||
|
use-distribution-package
|
||||||
|
|
1
cdist/conf/type/__consul_check/explorer/conf-dir
Symbolic link
1
cdist/conf/type/__consul_check/explorer/conf-dir
Symbolic link
|
@ -0,0 +1 @@
|
||||||
|
../../__consul_service/explorer/conf-dir
|
|
@ -19,7 +19,7 @@
|
||||||
#
|
#
|
||||||
|
|
||||||
name="$(cat "$__object/parameter/name" 2>/dev/null || echo "$__object_id")"
|
name="$(cat "$__object/parameter/name" 2>/dev/null || echo "$__object_id")"
|
||||||
conf_dir="/etc/consul/conf.d"
|
conf_dir=$(cat "$__object/explorer/conf-dir")
|
||||||
conf_file="check_${name}.json"
|
conf_file="check_${name}.json"
|
||||||
state="$(cat "$__object/parameter/state")"
|
state="$(cat "$__object/parameter/state")"
|
||||||
|
|
||||||
|
|
15
cdist/conf/type/__consul_service/explorer/conf-dir
Normal file
15
cdist/conf/type/__consul_service/explorer/conf-dir
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
# Determine the configuration directory used by consul.
|
||||||
|
|
||||||
|
check_dir () {
|
||||||
|
if [ -d "$1" ]; then
|
||||||
|
printf '%s' "$1"
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
check_dir '/etc/consul/conf.d'
|
||||||
|
check_dir '/etc/consul.d'
|
||||||
|
check_dir '/etc/consul'
|
||||||
|
|
||||||
|
echo 'Could not determine consul configuration dir. Exiting.' >&2
|
||||||
|
exit 1
|
|
@ -19,7 +19,7 @@
|
||||||
#
|
#
|
||||||
|
|
||||||
name="$(cat "$__object/parameter/name" 2>/dev/null || echo "$__object_id")"
|
name="$(cat "$__object/parameter/name" 2>/dev/null || echo "$__object_id")"
|
||||||
conf_dir="/etc/consul/conf.d"
|
conf_dir=$(cat "$__object/explorer/conf-dir")
|
||||||
conf_file="service_${name}.json"
|
conf_file="service_${name}.json"
|
||||||
state="$(cat "$__object/parameter/state")"
|
state="$(cat "$__object/parameter/state")"
|
||||||
|
|
||||||
|
@ -45,7 +45,7 @@ printf ' "name": "%s"\n' "$name"
|
||||||
cd "$__object/parameter/"
|
cd "$__object/parameter/"
|
||||||
for param in *; do
|
for param in *; do
|
||||||
case "$param" in
|
case "$param" in
|
||||||
state|name|check-interval) continue ;;
|
state|name|check-interval|conf-dir) continue ;;
|
||||||
check-script)
|
check-script)
|
||||||
printf ' ,"check": {\n'
|
printf ' ,"check": {\n'
|
||||||
printf ' "script": "%s"\n' "$(cat "$__object/parameter/check-script")"
|
printf ' "script": "%s"\n' "$(cat "$__object/parameter/check-script")"
|
||||||
|
@ -86,7 +86,6 @@ echo " }"
|
||||||
# end json file
|
# end json file
|
||||||
echo "}"
|
echo "}"
|
||||||
) | \
|
) | \
|
||||||
require="__directory${conf_dir}" \
|
|
||||||
__config_file "${conf_dir}/${conf_file}" \
|
__config_file "${conf_dir}/${conf_file}" \
|
||||||
--owner root --group consul --mode 640 \
|
--owner root --group consul --mode 640 \
|
||||||
--state "$state" \
|
--state "$state" \
|
||||||
|
|
1
cdist/conf/type/__consul_watch_checks/explorer/conf-dir
Symbolic link
1
cdist/conf/type/__consul_watch_checks/explorer/conf-dir
Symbolic link
|
@ -0,0 +1 @@
|
||||||
|
../../__consul_service/explorer/conf-dir
|
|
@ -20,7 +20,7 @@
|
||||||
|
|
||||||
cdist_type="${__type##*/}"
|
cdist_type="${__type##*/}"
|
||||||
watch_type="${cdist_type##*_}"
|
watch_type="${cdist_type##*_}"
|
||||||
conf_dir="/etc/consul/conf.d"
|
conf_dir=$(cat "$__object/explorer/conf-dir")
|
||||||
conf_file="watch_${watch_type}_${__object_id}.json"
|
conf_file="watch_${watch_type}_${__object_id}.json"
|
||||||
state="$(cat "$__object/parameter/state")"
|
state="$(cat "$__object/parameter/state")"
|
||||||
|
|
||||||
|
|
1
cdist/conf/type/__consul_watch_event/explorer/conf-dir
Symbolic link
1
cdist/conf/type/__consul_watch_event/explorer/conf-dir
Symbolic link
|
@ -0,0 +1 @@
|
||||||
|
../../__consul_service/explorer/conf-dir
|
|
@ -20,7 +20,7 @@
|
||||||
|
|
||||||
cdist_type="${__type##*/}"
|
cdist_type="${__type##*/}"
|
||||||
watch_type="${cdist_type##*_}"
|
watch_type="${cdist_type##*_}"
|
||||||
conf_dir="/etc/consul/conf.d"
|
conf_dir=$(cat "$__object/explorer/conf-dir")
|
||||||
conf_file="watch_${watch_type}_${__object_id}.json"
|
conf_file="watch_${watch_type}_${__object_id}.json"
|
||||||
state="$(cat "$__object/parameter/state")"
|
state="$(cat "$__object/parameter/state")"
|
||||||
|
|
||||||
|
|
1
cdist/conf/type/__consul_watch_key/explorer/conf-dir
Symbolic link
1
cdist/conf/type/__consul_watch_key/explorer/conf-dir
Symbolic link
|
@ -0,0 +1 @@
|
||||||
|
../../__consul_service/explorer/conf-dir
|
|
@ -20,7 +20,7 @@
|
||||||
|
|
||||||
cdist_type="${__type##*/}"
|
cdist_type="${__type##*/}"
|
||||||
watch_type="${cdist_type##*_}"
|
watch_type="${cdist_type##*_}"
|
||||||
conf_dir="/etc/consul/conf.d"
|
conf_dir=$(cat "$__object/explorer/conf-dir")
|
||||||
conf_file="watch_${watch_type}_${__object_id}.json"
|
conf_file="watch_${watch_type}_${__object_id}.json"
|
||||||
state="$(cat "$__object/parameter/state")"
|
state="$(cat "$__object/parameter/state")"
|
||||||
|
|
||||||
|
|
1
cdist/conf/type/__consul_watch_keyprefix/explorer/conf-dir
Symbolic link
1
cdist/conf/type/__consul_watch_keyprefix/explorer/conf-dir
Symbolic link
|
@ -0,0 +1 @@
|
||||||
|
../../__consul_service/explorer/conf-dir
|
|
@ -20,7 +20,7 @@
|
||||||
|
|
||||||
cdist_type="${__type##*/}"
|
cdist_type="${__type##*/}"
|
||||||
watch_type="${cdist_type##*_}"
|
watch_type="${cdist_type##*_}"
|
||||||
conf_dir="/etc/consul/conf.d"
|
conf_dir=$(cat "$__object/explorer/conf-dir")
|
||||||
conf_file="watch_${watch_type}_${__object_id}.json"
|
conf_file="watch_${watch_type}_${__object_id}.json"
|
||||||
state="$(cat "$__object/parameter/state")"
|
state="$(cat "$__object/parameter/state")"
|
||||||
|
|
||||||
|
|
1
cdist/conf/type/__consul_watch_nodes/explorer/conf-dir
Symbolic link
1
cdist/conf/type/__consul_watch_nodes/explorer/conf-dir
Symbolic link
|
@ -0,0 +1 @@
|
||||||
|
../../__consul_service/explorer/conf-dir
|
|
@ -20,7 +20,7 @@
|
||||||
|
|
||||||
cdist_type="${__type##*/}"
|
cdist_type="${__type##*/}"
|
||||||
watch_type="${cdist_type##*_}"
|
watch_type="${cdist_type##*_}"
|
||||||
conf_dir="/etc/consul/conf.d"
|
conf_dir=$(cat "$__object/explorer/conf-dir")
|
||||||
conf_file="watch_${watch_type}_${__object_id}.json"
|
conf_file="watch_${watch_type}_${__object_id}.json"
|
||||||
state="$(cat "$__object/parameter/state")"
|
state="$(cat "$__object/parameter/state")"
|
||||||
|
|
||||||
|
|
1
cdist/conf/type/__consul_watch_service/explorer/conf-dir
Symbolic link
1
cdist/conf/type/__consul_watch_service/explorer/conf-dir
Symbolic link
|
@ -0,0 +1 @@
|
||||||
|
../../__consul_service/explorer/conf-dir
|
|
@ -20,7 +20,7 @@
|
||||||
|
|
||||||
cdist_type="${__type##*/}"
|
cdist_type="${__type##*/}"
|
||||||
watch_type="${cdist_type##*_}"
|
watch_type="${cdist_type##*_}"
|
||||||
conf_dir="/etc/consul/conf.d"
|
conf_dir=$(cat "$__object/explorer/conf-dir")
|
||||||
conf_file="watch_${watch_type}_${__object_id}.json"
|
conf_file="watch_${watch_type}_${__object_id}.json"
|
||||||
state="$(cat "$__object/parameter/state")"
|
state="$(cat "$__object/parameter/state")"
|
||||||
|
|
||||||
|
|
1
cdist/conf/type/__consul_watch_services/explorer/conf-dir
Symbolic link
1
cdist/conf/type/__consul_watch_services/explorer/conf-dir
Symbolic link
|
@ -0,0 +1 @@
|
||||||
|
../../__consul_service/explorer/conf-dir
|
|
@ -20,7 +20,7 @@
|
||||||
|
|
||||||
cdist_type="${__type##*/}"
|
cdist_type="${__type##*/}"
|
||||||
watch_type="${cdist_type##*_}"
|
watch_type="${cdist_type##*_}"
|
||||||
conf_dir="/etc/consul/conf.d"
|
conf_dir=$(cat "$__object/explorer/conf-dir")
|
||||||
conf_file="watch_${watch_type}_${__object_id}.json"
|
conf_file="watch_${watch_type}_${__object_id}.json"
|
||||||
state="$(cat "$__object/parameter/state")"
|
state="$(cat "$__object/parameter/state")"
|
||||||
|
|
||||||
|
|
|
@ -31,24 +31,28 @@ if [ -f "$__object/parameter/raw" ]; then
|
||||||
elif [ -f "$__object/parameter/raw_command" ]; then
|
elif [ -f "$__object/parameter/raw_command" ]; then
|
||||||
entry="$command"
|
entry="$command"
|
||||||
else
|
else
|
||||||
minute="$(cat "$__object/parameter/minute" 2>/dev/null || echo "*")"
|
minute="$(cat "$__object/parameter/minute")"
|
||||||
hour="$(cat "$__object/parameter/hour" 2>/dev/null || echo "*")"
|
hour="$(cat "$__object/parameter/hour")"
|
||||||
day_of_month="$(cat "$__object/parameter/day_of_month" 2>/dev/null || echo "*")"
|
day_of_month="$(cat "$__object/parameter/day_of_month")"
|
||||||
month="$(cat "$__object/parameter/month" 2>/dev/null || echo "*")"
|
month="$(cat "$__object/parameter/month")"
|
||||||
day_of_week="$(cat "$__object/parameter/day_of_week" 2>/dev/null || echo "*")"
|
day_of_week="$(cat "$__object/parameter/day_of_week")"
|
||||||
entry="$minute $hour $day_of_month $month $day_of_week $command # $name"
|
entry="$minute $hour $day_of_month $month $day_of_week $command # $name"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
mkdir "$__object/files"
|
mkdir "$__object/files"
|
||||||
echo "$entry" > "$__object/files/entry"
|
echo "$entry" > "$__object/files/entry"
|
||||||
|
|
||||||
if diff -q "$__object/files/entry" "$__object/explorer/entry" >/dev/null; then
|
if [ -s "$__object/explorer/entry" ]; then
|
||||||
state_is=present
|
if diff -q "$__object/files/entry" "$__object/explorer/entry" >/dev/null; then
|
||||||
|
state_is=present
|
||||||
|
else
|
||||||
|
state_is=modified
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
state_is=absent
|
state_is=absent
|
||||||
fi
|
fi
|
||||||
|
|
||||||
state_should="$(cat "$__object/parameter/state" 2>/dev/null || echo "present")"
|
state_should="$(cat "$__object/parameter/state")"
|
||||||
|
|
||||||
[ "$state_is" = "$state_should" ] && exit 0
|
[ "$state_is" = "$state_should" ] && exit 0
|
||||||
|
|
||||||
|
|
|
@ -21,6 +21,11 @@ command
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
OPTIONAL PARAMETERS
|
||||||
-------------------
|
-------------------
|
||||||
|
**NOTE**: All time-related parameters (``--minute``, ``--hour``, ``--day_of_month``
|
||||||
|
``--month`` and ``--day_of_week``) defaults to ``*``, which means to execute it
|
||||||
|
**always**. If you set ``--hour 0`` to execute the cronjob only at midnight, it
|
||||||
|
will execute **every** minute in the first hour of the morning all days.
|
||||||
|
|
||||||
state
|
state
|
||||||
Either present or absent. Defaults to present.
|
Either present or absent. Defaults to present.
|
||||||
minute
|
minute
|
||||||
|
|
|
@ -22,3 +22,12 @@ if [ -f "$__object/parameter/raw" ] && [ -f "$__object/parameter/raw_command" ];
|
||||||
echo "ERROR: both raw and raw_command specified" >&2
|
echo "ERROR: both raw and raw_command specified" >&2
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
case "$(cat "$__object/parameter/state")" in
|
||||||
|
present) ;;
|
||||||
|
absent) ;;
|
||||||
|
|
||||||
|
*)
|
||||||
|
echo "ERROR: unkown cron state" >&2
|
||||||
|
exit 2
|
||||||
|
esac
|
||||||
|
|
0
cdist/conf/type/__cron/nonparallel
Normal file
0
cdist/conf/type/__cron/nonparallel
Normal file
1
cdist/conf/type/__cron/parameter/default/day_of_month
Normal file
1
cdist/conf/type/__cron/parameter/default/day_of_month
Normal file
|
@ -0,0 +1 @@
|
||||||
|
*
|
1
cdist/conf/type/__cron/parameter/default/day_of_week
Normal file
1
cdist/conf/type/__cron/parameter/default/day_of_week
Normal file
|
@ -0,0 +1 @@
|
||||||
|
*
|
1
cdist/conf/type/__cron/parameter/default/hour
Normal file
1
cdist/conf/type/__cron/parameter/default/hour
Normal file
|
@ -0,0 +1 @@
|
||||||
|
*
|
1
cdist/conf/type/__cron/parameter/default/minute
Normal file
1
cdist/conf/type/__cron/parameter/default/minute
Normal file
|
@ -0,0 +1 @@
|
||||||
|
*
|
1
cdist/conf/type/__cron/parameter/default/month
Normal file
1
cdist/conf/type/__cron/parameter/default/month
Normal file
|
@ -0,0 +1 @@
|
||||||
|
*
|
1
cdist/conf/type/__cron/parameter/default/state
Normal file
1
cdist/conf/type/__cron/parameter/default/state
Normal file
|
@ -0,0 +1 @@
|
||||||
|
present
|
|
@ -1,6 +1,7 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# 2013 Steven Armstrong (steven-cdist armstrong.cc)
|
# 2013 Steven Armstrong (steven-cdist armstrong.cc)
|
||||||
|
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
|
||||||
#
|
#
|
||||||
# This file is part of cdist.
|
# This file is part of cdist.
|
||||||
#
|
#
|
||||||
|
@ -20,24 +21,43 @@
|
||||||
|
|
||||||
destination="/$__object_id"
|
destination="/$__object_id"
|
||||||
|
|
||||||
|
fallback() {
|
||||||
|
# Patch the output together, manually
|
||||||
|
|
||||||
|
ls_line=$(ls -ldn "$destination")
|
||||||
|
|
||||||
|
uid=$(echo "$ls_line" | awk '{ print $3 }')
|
||||||
|
gid=$(echo "$ls_line" | awk '{ print $4 }')
|
||||||
|
|
||||||
|
owner=$(awk -F: -v uid="$uid" '$3 == uid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/passwd)
|
||||||
|
group=$(awk -F: -v uid="$uid" '$3 == uid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/group)
|
||||||
|
|
||||||
|
mode_text=$(echo "$ls_line" | awk '{ print $1 }')
|
||||||
|
mode=$(echo "$mode_text" | awk '{ k=0; for (i=0; i<=8; i++) k += ((substr($1, i+2, 1) ~ /[rwx]/) * 2^(8-i)); printf("%0o", k) }')
|
||||||
|
|
||||||
|
printf 'type: %s\nowner: %d %s\ngroup: %d %s\nmode: %s %s\n' \
|
||||||
|
"$("$__type_explorer/type")" \
|
||||||
|
"$uid" "$owner" \
|
||||||
|
"$gid" "$group" \
|
||||||
|
"$mode" "$mode_text"
|
||||||
|
}
|
||||||
|
|
||||||
# nothing to work with, nothing we could do
|
# nothing to work with, nothing we could do
|
||||||
[ -e "$destination" ] || exit 0
|
[ -e "$destination" ] || exit 0
|
||||||
|
|
||||||
os=$("$__explorer/os")
|
if ! command -v stat >/dev/null
|
||||||
case "$os" in
|
then
|
||||||
|
fallback
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
|
||||||
|
case $("$__explorer/os") in
|
||||||
"freebsd"|"netbsd"|"openbsd"|"macosx")
|
"freebsd"|"netbsd"|"openbsd"|"macosx")
|
||||||
stat -f "type: %HT
|
stat -f "type: %HT
|
||||||
owner: %Du %Su
|
owner: %Du %Su
|
||||||
group: %Dg %Sg
|
group: %Dg %Sg
|
||||||
mode: %Lp %Sp
|
mode: %Lp %Sp
|
||||||
" "$destination" | awk '/^type/ { print tolower($0); next; } { print; }'
|
" "$destination" | awk '/^type/ { print tolower($0); next } { print }'
|
||||||
;;
|
|
||||||
alpine)
|
|
||||||
stat -c "type: %F
|
|
||||||
owner: %u %U
|
|
||||||
group: %g %G
|
|
||||||
mode: %a %A
|
|
||||||
" "$destination"
|
|
||||||
;;
|
;;
|
||||||
solaris)
|
solaris)
|
||||||
ls1="$( ls -ld "$destination" )"
|
ls1="$( ls -ld "$destination" )"
|
||||||
|
@ -69,10 +89,12 @@ mode: %a %A
|
||||||
echo "mode: $octets $( echo "$ls1" | awk '{print $1}' )"
|
echo "mode: $octets $( echo "$ls1" | awk '{print $1}' )"
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
stat --printf="type: %F
|
# NOTE: Do not use --printf here as it is not supported by BusyBox stat.
|
||||||
|
# NOTE: BusyBox's stat might not support the "-c" option, in which case
|
||||||
|
# we fall through to the shell fallback.
|
||||||
|
stat -c "type: %F
|
||||||
owner: %u %U
|
owner: %u %U
|
||||||
group: %g %G
|
group: %g %G
|
||||||
mode: %a %A
|
mode: %a %A" "$destination" 2>/dev/null || fallback
|
||||||
" "$destination"
|
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
|
@ -3,6 +3,7 @@
|
||||||
# 2011-2013 Nico Schottelius (nico-cdist at schottelius.org)
|
# 2011-2013 Nico Schottelius (nico-cdist at schottelius.org)
|
||||||
# 2013 Steven Armstrong (steven-cdist armstrong.cc)
|
# 2013 Steven Armstrong (steven-cdist armstrong.cc)
|
||||||
# 2014 Daniel Heule (hda at sfs.biz)
|
# 2014 Daniel Heule (hda at sfs.biz)
|
||||||
|
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
|
||||||
#
|
#
|
||||||
# This file is part of cdist.
|
# This file is part of cdist.
|
||||||
#
|
#
|
||||||
|
@ -21,8 +22,8 @@
|
||||||
#
|
#
|
||||||
|
|
||||||
destination="/$__object_id"
|
destination="/$__object_id"
|
||||||
state_should="$(cat "$__object/parameter/state")"
|
state_should=$(cat "$__object/parameter/state")
|
||||||
type="$(cat "$__object/explorer/type")"
|
type=$(cat "$__object/explorer/type")
|
||||||
stat_file="$__object/explorer/stat"
|
stat_file="$__object/explorer/stat"
|
||||||
|
|
||||||
# variable to keep track if we have to set directory attributes
|
# variable to keep track if we have to set directory attributes
|
||||||
|
@ -72,7 +73,7 @@ set_mode() {
|
||||||
}
|
}
|
||||||
|
|
||||||
case "$state_should" in
|
case "$state_should" in
|
||||||
present)
|
present|exists)
|
||||||
if [ "$type" != "directory" ]; then
|
if [ "$type" != "directory" ]; then
|
||||||
set_attributes=1
|
set_attributes=1
|
||||||
if [ "$type" != "none" ]; then
|
if [ "$type" != "none" ]; then
|
||||||
|
@ -83,6 +84,10 @@ case "$state_should" in
|
||||||
fi
|
fi
|
||||||
echo "mkdir $mkdiropt '$destination'"
|
echo "mkdir $mkdiropt '$destination'"
|
||||||
echo "create" >> "$__messages_out"
|
echo "create" >> "$__messages_out"
|
||||||
|
elif [ "$state_should" = 'exists' ]; then
|
||||||
|
# The type is directory and --state exists. We are done and do not
|
||||||
|
# check or set the attributes.
|
||||||
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Note: Mode - needs to happen last as a chown/chgrp can alter mode by
|
# Note: Mode - needs to happen last as a chown/chgrp can alter mode by
|
||||||
|
@ -103,6 +108,26 @@ case "$state_should" in
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
;;
|
;;
|
||||||
|
pre-exists)
|
||||||
|
case $type in
|
||||||
|
directory)
|
||||||
|
# all good
|
||||||
|
exit 0
|
||||||
|
;;
|
||||||
|
none)
|
||||||
|
printf 'Directory "%s" does not exist\n' "$destination" >&2
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
file|symlink)
|
||||||
|
printf 'File "%s" exists and is a %s, but should be a directory\n' "$destination" "$type" >&2
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
printf 'File or directory "%s" is in an unknown state\n' "$destination" >&2
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
;;
|
||||||
absent)
|
absent)
|
||||||
if [ "$type" = "directory" ]; then
|
if [ "$type" = "directory" ]; then
|
||||||
echo "rm -rf '$destination'"
|
echo "rm -rf '$destination'"
|
||||||
|
|
|
@ -19,7 +19,18 @@ None.
|
||||||
OPTIONAL PARAMETERS
|
OPTIONAL PARAMETERS
|
||||||
-------------------
|
-------------------
|
||||||
state
|
state
|
||||||
'present' or 'absent', defaults to 'present'
|
'present', 'absent', 'exists' or 'pre-exists', defaults to 'present' where:
|
||||||
|
|
||||||
|
present
|
||||||
|
the directory exists and the given attributes are set.
|
||||||
|
absent
|
||||||
|
the directory does not exist.
|
||||||
|
exists
|
||||||
|
the directory exists, but its attributes are not altered if it already
|
||||||
|
existed.
|
||||||
|
pre-exists
|
||||||
|
check that the directory exists and is indeed a directory, but do not
|
||||||
|
create or modify it.
|
||||||
|
|
||||||
group
|
group
|
||||||
Group to chgrp to.
|
Group to chgrp to.
|
||||||
|
|
20
cdist/conf/type/__download/explorer/state
Executable file
20
cdist/conf/type/__download/explorer/state
Executable file
|
@ -0,0 +1,20 @@
|
||||||
|
#!/bin/sh -e
|
||||||
|
|
||||||
|
dst="/$__object_id"
|
||||||
|
|
||||||
|
# shellcheck disable=SC2059
|
||||||
|
cmd="$( printf "$( cat "$__object/parameter/cmd-sum" )" "$dst" )"
|
||||||
|
|
||||||
|
sum="$( cat "$__object/parameter/sum" )"
|
||||||
|
|
||||||
|
if [ -f "$dst" ]
|
||||||
|
then
|
||||||
|
if [ "$( eval "$cmd" )" = "$sum" ]
|
||||||
|
then
|
||||||
|
echo 'present'
|
||||||
|
else
|
||||||
|
echo 'mismatch'
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo 'absent'
|
||||||
|
fi
|
35
cdist/conf/type/__download/gencode-local
Executable file
35
cdist/conf/type/__download/gencode-local
Executable file
|
@ -0,0 +1,35 @@
|
||||||
|
#!/bin/sh -e
|
||||||
|
|
||||||
|
state_is="$( cat "$__object/explorer/state" )"
|
||||||
|
|
||||||
|
if [ "$state_is" = 'present' ]
|
||||||
|
then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
url="$( cat "$__object/parameter/url" )"
|
||||||
|
|
||||||
|
cmd="$( cat "$__object/parameter/cmd-get" )"
|
||||||
|
|
||||||
|
tmp="$( mktemp )"
|
||||||
|
|
||||||
|
dst="/$__object_id"
|
||||||
|
|
||||||
|
printf "$cmd > %s\n" \
|
||||||
|
"$url" \
|
||||||
|
"$tmp"
|
||||||
|
|
||||||
|
if echo "$__target_host" | grep -Eq '^[0-9a-fA-F:]+$'
|
||||||
|
then
|
||||||
|
target_host="[$__target_host]"
|
||||||
|
else
|
||||||
|
target_host="$__target_host"
|
||||||
|
fi
|
||||||
|
|
||||||
|
printf '%s %s %s:%s\n' \
|
||||||
|
"$__remote_copy" \
|
||||||
|
"$tmp" \
|
||||||
|
"$target_host" \
|
||||||
|
"$dst"
|
||||||
|
|
||||||
|
echo "rm -f '$tmp'"
|
66
cdist/conf/type/__download/man.rst
Normal file
66
cdist/conf/type/__download/man.rst
Normal file
|
@ -0,0 +1,66 @@
|
||||||
|
cdist-type__download(7)
|
||||||
|
=======================
|
||||||
|
|
||||||
|
NAME
|
||||||
|
----
|
||||||
|
cdist-type__download - Download file to local storage and copy it to target host
|
||||||
|
|
||||||
|
|
||||||
|
DESCRIPTION
|
||||||
|
-----------
|
||||||
|
You must use persistent storage in target host for destination file
|
||||||
|
(``$__object_id``) because it will be used for checksum calculation
|
||||||
|
in order to decide if file must be downloaded.
|
||||||
|
|
||||||
|
|
||||||
|
REQUIRED PARAMETERS
|
||||||
|
-------------------
|
||||||
|
url
|
||||||
|
URL from which to download the file.
|
||||||
|
|
||||||
|
sum
|
||||||
|
Checksum of downloaded file.
|
||||||
|
|
||||||
|
|
||||||
|
OPTIONAL PARAMETERS
|
||||||
|
-------------------
|
||||||
|
cmd-get
|
||||||
|
Command used for downloading.
|
||||||
|
Default is ``wget -O- '%s'``.
|
||||||
|
Command must output to ``stdout``.
|
||||||
|
|
||||||
|
cmd-sum
|
||||||
|
Command used for checksum calculation.
|
||||||
|
Default is ``md5sum '%s' | awk '{print $1}'``.
|
||||||
|
Command output and ``--sum`` parameter must match.
|
||||||
|
|
||||||
|
|
||||||
|
EXAMPLES
|
||||||
|
--------
|
||||||
|
|
||||||
|
.. code-block:: sh
|
||||||
|
|
||||||
|
__directory /opt/cpma
|
||||||
|
|
||||||
|
require='__directory/opt/cpma' \
|
||||||
|
__download /opt/cpma/cnq3.zip \
|
||||||
|
--url https://cdn.playmorepromode.com/files/cnq3/cnq3-1.51.zip \
|
||||||
|
--sum 46da3021ca9eace277115ec9106c5b46
|
||||||
|
|
||||||
|
require='__download/opt/cpma/cnq3.zip' \
|
||||||
|
__unpack /opt/cpma/cnq3.zip \
|
||||||
|
--move-existing-destination \
|
||||||
|
--destination /opt/cpma/server
|
||||||
|
|
||||||
|
|
||||||
|
AUTHORS
|
||||||
|
-------
|
||||||
|
Ander Punnar <ander-at-kvlt-dot-ee>
|
||||||
|
|
||||||
|
|
||||||
|
COPYING
|
||||||
|
-------
|
||||||
|
Copyright \(C) 2020 Ander Punnar. You can redistribute it
|
||||||
|
and/or modify it under the terms of the GNU General Public License as
|
||||||
|
published by the Free Software Foundation, either version 3 of the
|
||||||
|
License, or (at your option) any later version.
|
1
cdist/conf/type/__download/parameter/default/cmd-get
Normal file
1
cdist/conf/type/__download/parameter/default/cmd-get
Normal file
|
@ -0,0 +1 @@
|
||||||
|
wget -O- '%s'
|
1
cdist/conf/type/__download/parameter/default/cmd-sum
Normal file
1
cdist/conf/type/__download/parameter/default/cmd-sum
Normal file
|
@ -0,0 +1 @@
|
||||||
|
md5sum '%s' | awk '{print $1}'
|
2
cdist/conf/type/__download/parameter/optional
Normal file
2
cdist/conf/type/__download/parameter/optional
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
cmd-get
|
||||||
|
cmd-sum
|
2
cdist/conf/type/__download/parameter/required
Normal file
2
cdist/conf/type/__download/parameter/required
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
url
|
||||||
|
sum
|
|
@ -2,6 +2,7 @@
|
||||||
#
|
#
|
||||||
# 2013 Steven Armstrong (steven-cdist armstrong.cc)
|
# 2013 Steven Armstrong (steven-cdist armstrong.cc)
|
||||||
# 2019 Nico Schottelius (nico-cdist at schottelius.org)
|
# 2019 Nico Schottelius (nico-cdist at schottelius.org)
|
||||||
|
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
|
||||||
#
|
#
|
||||||
# This file is part of cdist.
|
# This file is part of cdist.
|
||||||
#
|
#
|
||||||
|
@ -21,29 +22,54 @@
|
||||||
|
|
||||||
destination="/$__object_id"
|
destination="/$__object_id"
|
||||||
|
|
||||||
|
fallback() {
|
||||||
|
# Fallback: Patch the output together, manually.
|
||||||
|
|
||||||
|
ls_line=$(ls -ldn "$destination")
|
||||||
|
|
||||||
|
uid=$(echo "$ls_line" | awk '{ print $3 }')
|
||||||
|
gid=$(echo "$ls_line" | awk '{ print $4 }')
|
||||||
|
|
||||||
|
owner=$(awk -F: -v uid="$uid" '$3 == uid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/passwd)
|
||||||
|
group=$(awk -F: -v uid="$uid" '$3 == uid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/group)
|
||||||
|
|
||||||
|
mode_text=$(echo "$ls_line" | awk '{ print $1 }')
|
||||||
|
mode=$(echo "$mode_text" | awk '{ k=0; for (i=0; i<=8; i++) k += ((substr($1, i+2, 1) ~ /[rwx]/) * 2^(8-i)); printf("%0o", k) }')
|
||||||
|
|
||||||
|
size=$(echo "$ls_line" | awk '{ print $5 }')
|
||||||
|
links=$(echo "$ls_line" | awk '{ print $2 }')
|
||||||
|
|
||||||
|
printf 'type: %s\nowner: %d %s\ngroup: %d %s\nmode: %s %s\nsize: %d\nlinks: %d\n' \
|
||||||
|
"$("$__type_explorer/type")" \
|
||||||
|
"$uid" "$owner" \
|
||||||
|
"$gid" "$group" \
|
||||||
|
"$mode" "$mode_text" \
|
||||||
|
"$size" \
|
||||||
|
"$links"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
# nothing to work with, nothing we could do
|
# nothing to work with, nothing we could do
|
||||||
[ -e "$destination" ] || exit 0
|
[ -e "$destination" ] || exit 0
|
||||||
|
|
||||||
os=$("$__explorer/os")
|
|
||||||
case "$os" in
|
if ! command -v stat >/dev/null
|
||||||
"freebsd"|"netbsd"|"openbsd"|"macosx")
|
then
|
||||||
|
fallback
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
case $("$__explorer/os")
|
||||||
|
in
|
||||||
|
freebsd|netbsd|openbsd|macosx)
|
||||||
stat -f "type: %HT
|
stat -f "type: %HT
|
||||||
owner: %Du %Su
|
owner: %Du %Su
|
||||||
group: %Dg %Sg
|
group: %Dg %Sg
|
||||||
mode: %Lp %Sp
|
mode: %Lp %Sp
|
||||||
size: %Dz
|
size: %Dz
|
||||||
links: %Dl
|
links: %Dl
|
||||||
" "$destination" | awk '/^type/ { print tolower($0); next; } { print; }'
|
" "$destination" | awk '/^type/ { print tolower($0); next } { print }'
|
||||||
;;
|
|
||||||
alpine)
|
|
||||||
# busybox stat
|
|
||||||
stat -c "type: %F
|
|
||||||
owner: %u %U
|
|
||||||
group: %g %G
|
|
||||||
mode: %a %A
|
|
||||||
size: %s
|
|
||||||
links: %h
|
|
||||||
" "$destination"
|
|
||||||
;;
|
;;
|
||||||
solaris)
|
solaris)
|
||||||
ls1="$( ls -ld "$destination" )"
|
ls1="$( ls -ld "$destination" )"
|
||||||
|
@ -77,12 +103,14 @@ links: %h
|
||||||
echo "links: $( echo "$ls1" | awk '{print $2}' )"
|
echo "links: $( echo "$ls1" | awk '{print $2}' )"
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
stat --printf="type: %F
|
# NOTE: Do not use --printf here as it is not supported by BusyBox stat.
|
||||||
|
# NOTE: BusyBox's stat might not support the "-c" option, in which case
|
||||||
|
# we fall through to the shell fallback.
|
||||||
|
stat -c "type: %F
|
||||||
owner: %u %U
|
owner: %u %U
|
||||||
group: %g %G
|
group: %g %G
|
||||||
mode: %a %A
|
mode: %a %A
|
||||||
size: %s
|
size: %s
|
||||||
links: %h
|
links: %h" "$destination" 2>/dev/null || fallback
|
||||||
" "$destination"
|
;;
|
||||||
;;
|
|
||||||
esac
|
esac
|
||||||
|
|
|
@ -31,12 +31,24 @@ if [ "$state_should" = "pre-exists" ]; then
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$type" = "file" ]; then
|
case $type in
|
||||||
exit 0 # nothing to do
|
file)
|
||||||
else
|
# nothing to do
|
||||||
echo "File \"$destination\" does not exist"
|
exit 0
|
||||||
exit 1
|
;;
|
||||||
fi
|
none)
|
||||||
|
printf 'File "%s" does not exist\n' "$destination" >&2
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
directory|symlink)
|
||||||
|
printf 'File "%s" exists and is a %s, but should be a regular file\n' "$destination" "$type" >&2
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
printf 'File or directory "%s" is in an unknown state\n' "$destination" >&2
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
fi
|
fi
|
||||||
|
|
||||||
upload_file=
|
upload_file=
|
||||||
|
|
|
@ -55,37 +55,41 @@ set_owner() {
|
||||||
}
|
}
|
||||||
|
|
||||||
set_mode() {
|
set_mode() {
|
||||||
echo "chmod '$1' '$destination'"
|
echo "chmod '$1' '$destination'"
|
||||||
echo "chmod '$1'" >> "$__messages_out"
|
echo "chmod '$1'" >> "$__messages_out"
|
||||||
fire_onchange=1
|
fire_onchange=1
|
||||||
}
|
}
|
||||||
|
|
||||||
case "$state_should" in
|
case "$state_should" in
|
||||||
present|exists|pre-exists)
|
present|exists)
|
||||||
# Note: Mode - needs to happen last as a chown/chgrp can alter mode by
|
# Note: Mode - needs to happen last as a chown/chgrp can alter mode by
|
||||||
# clearing S_ISUID and S_ISGID bits (see chown(2))
|
# clearing S_ISUID and S_ISGID bits (see chown(2))
|
||||||
for attribute in group owner mode; do
|
for attribute in group owner mode; do
|
||||||
if [ -f "$__object/parameter/$attribute" ]; then
|
if [ -f "$__object/parameter/$attribute" ]; then
|
||||||
value_should="$(cat "$__object/parameter/$attribute")"
|
value_should="$(cat "$__object/parameter/$attribute")"
|
||||||
|
|
||||||
# change 0xxx format to xxx format => same as stat returns
|
# change 0xxx format to xxx format => same as stat returns
|
||||||
if [ "$attribute" = mode ]; then
|
if [ "$attribute" = mode ]; then
|
||||||
value_should="$(echo "$value_should" | sed 's/^0\(...\)/\1/')"
|
value_should="$(echo "$value_should" | sed 's/^0\(...\)/\1/')"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
value_is="$(get_current_value "$attribute" "$value_should")"
|
value_is="$(get_current_value "$attribute" "$value_should")"
|
||||||
if [ -f "$__object/files/set-attributes" ] || [ "$value_should" != "$value_is" ]; then
|
if [ -f "$__object/files/set-attributes" ] || [ "$value_should" != "$value_is" ]; then
|
||||||
"set_$attribute" "$value_should"
|
"set_$attribute" "$value_should"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
done
|
||||||
|
if [ -f "$__object/files/set-attributes" ]; then
|
||||||
|
# set-attributes is created if file is created or uploaded in gencode-local
|
||||||
|
fire_onchange=1
|
||||||
fi
|
fi
|
||||||
done
|
|
||||||
if [ -f "$__object/files/set-attributes" ]; then
|
|
||||||
# set-attributes is created if file is created or uploaded in gencode-local
|
|
||||||
fire_onchange=1
|
|
||||||
fi
|
|
||||||
|
|
||||||
;;
|
;;
|
||||||
|
|
||||||
|
pre-exists)
|
||||||
|
# pre-exists should never reach gencode-remote…
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
|
||||||
absent)
|
absent)
|
||||||
if [ "$type" = "file" ]; then
|
if [ "$type" = "file" ]; then
|
||||||
echo "rm -f '$destination'"
|
echo "rm -f '$destination'"
|
||||||
|
@ -101,7 +105,7 @@ case "$state_should" in
|
||||||
esac
|
esac
|
||||||
|
|
||||||
if [ -f "$__object/parameter/onchange" ]; then
|
if [ -f "$__object/parameter/onchange" ]; then
|
||||||
if [ -n "$fire_onchange" ]; then
|
if [ -n "$fire_onchange" ]; then
|
||||||
cat "$__object/parameter/onchange"
|
cat "$__object/parameter/onchange"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -50,13 +50,13 @@ state
|
||||||
create or modify it
|
create or modify it
|
||||||
|
|
||||||
group
|
group
|
||||||
Group to chgrp to.
|
Group to chgrp to. Defaults to ``root``.
|
||||||
|
|
||||||
mode
|
mode
|
||||||
Unix permissions, suitable for chmod.
|
Unix permissions, suitable for chmod. Defaults to a very secure ``0600``.
|
||||||
|
|
||||||
owner
|
owner
|
||||||
User to chown to.
|
User to chown to. Defaults to ``root``.
|
||||||
|
|
||||||
source
|
source
|
||||||
If supplied, copy this file from the host running cdist to the target.
|
If supplied, copy this file from the host running cdist to the target.
|
||||||
|
|
|
@ -88,7 +88,7 @@ if [ "$state" = "present" ]; then
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
if [ "$os" = "freebsd" ]; then
|
if [ "$os" = "freebsd" ]; then
|
||||||
echo pw groupadd "$@" "$name"
|
echo pw groupadd "$name" "$@"
|
||||||
else
|
else
|
||||||
echo groupadd "$@" "$name"
|
echo groupadd "$@" "$name"
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -59,13 +59,13 @@ MESSAGES
|
||||||
--------
|
--------
|
||||||
|
|
||||||
change
|
change
|
||||||
Certificte was changed.
|
Certificate was changed.
|
||||||
|
|
||||||
create
|
create
|
||||||
Certificte was created.
|
Certificate was created.
|
||||||
|
|
||||||
remove
|
remove
|
||||||
Certificte was removed.
|
Certificate was removed.
|
||||||
|
|
||||||
EXAMPLES
|
EXAMPLES
|
||||||
--------
|
--------
|
||||||
|
|
|
@ -91,6 +91,9 @@ if [ -z "${certbot_fullpath}" ]; then
|
||||||
|
|
||||||
certbot_fullpath=/usr/local/bin/certbot
|
certbot_fullpath=/usr/local/bin/certbot
|
||||||
;;
|
;;
|
||||||
|
ubuntu)
|
||||||
|
__package certbot
|
||||||
|
;;
|
||||||
*)
|
*)
|
||||||
echo "Unsupported os: $os" >&2
|
echo "Unsupported os: $os" >&2
|
||||||
exit 1
|
exit 1
|
||||||
|
|
|
@ -18,7 +18,7 @@ source
|
||||||
Specifies the link source.
|
Specifies the link source.
|
||||||
|
|
||||||
type
|
type
|
||||||
Specifies the link type: Either hard or symoblic.
|
Specifies the link type: Either hard or symbolic.
|
||||||
|
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
OPTIONAL PARAMETERS
|
||||||
|
|
|
@ -26,7 +26,7 @@
|
||||||
os=$(cat "$__global/explorer/os")
|
os=$(cat "$__global/explorer/os")
|
||||||
|
|
||||||
case "$os" in
|
case "$os" in
|
||||||
debian|ubuntu)
|
debian|devuan|ubuntu)
|
||||||
locale_conf="/etc/default/locale"
|
locale_conf="/etc/default/locale"
|
||||||
;;
|
;;
|
||||||
archlinux)
|
archlinux)
|
||||||
|
|
|
@ -22,14 +22,18 @@
|
||||||
os=$(cat "$__global/explorer/os")
|
os=$(cat "$__global/explorer/os")
|
||||||
|
|
||||||
case "$os" in
|
case "$os" in
|
||||||
debian|ubuntu|devuan)
|
freebsd)
|
||||||
|
# FreeBSD only updates /etc/motd on boot,
|
||||||
# Debian and Ubuntu need to be updated,
|
# as seen in /etc/rc.d/motd
|
||||||
# as seen in /etc/init.d/bootlogs
|
echo "uname -sri > /etc/motd"
|
||||||
echo "uname -snrvm > /var/run/motd"
|
echo "cat /etc/motd.template >> /etc/motd"
|
||||||
echo "cat /etc/motd.tail >> /var/run/motd"
|
# FreeBSD 13 starts treating motd slightly different from previous
|
||||||
|
# versions this ensures hosts have the expected config.
|
||||||
|
echo "rm /etc/motd.template || true"
|
||||||
|
echo "service motd start"
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
|
# Other OS tend to treat /etc/motd statically
|
||||||
exit 0
|
exit 0
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
|
@ -10,6 +10,13 @@ DESCRIPTION
|
||||||
-----------
|
-----------
|
||||||
This cdist type allows you to easily setup /etc/motd.
|
This cdist type allows you to easily setup /etc/motd.
|
||||||
|
|
||||||
|
.. note::
|
||||||
|
In some OS, motd is a bit special, check `motd(5)`.
|
||||||
|
Currently Debian, Devuan, Ubuntu and FreeBSD are taken into account.
|
||||||
|
If your OS of choice does something besides /etc/motd, check the source
|
||||||
|
and contribute support for it.
|
||||||
|
Otherwise it will likely just work.
|
||||||
|
|
||||||
|
|
||||||
REQUIRED PARAMETERS
|
REQUIRED PARAMETERS
|
||||||
-------------------
|
-------------------
|
||||||
|
@ -20,6 +27,7 @@ OPTIONAL PARAMETERS
|
||||||
-------------------
|
-------------------
|
||||||
source
|
source
|
||||||
If supplied, copy this file from the host running cdist to the target.
|
If supplied, copy this file from the host running cdist to the target.
|
||||||
|
If source is '-' (dash), take what was written to stdin as the file content.
|
||||||
If not supplied, a default message will be placed onto the target.
|
If not supplied, a default message will be placed onto the target.
|
||||||
|
|
||||||
|
|
||||||
|
@ -34,6 +42,15 @@ EXAMPLES
|
||||||
# Supply source file from a different type
|
# Supply source file from a different type
|
||||||
__motd --source "$__type/files/my-motd"
|
__motd --source "$__type/files/my-motd"
|
||||||
|
|
||||||
|
# Supply source from stdin
|
||||||
|
__motd --source "-" <<EOF
|
||||||
|
Take this kiss upon the brow!
|
||||||
|
And, in parting from you now,
|
||||||
|
Thus much let me avow-
|
||||||
|
You are not wrong, who deem
|
||||||
|
That my days have been a dream
|
||||||
|
EOF
|
||||||
|
|
||||||
|
|
||||||
AUTHORS
|
AUTHORS
|
||||||
-------
|
-------
|
||||||
|
@ -42,7 +59,7 @@ Nico Schottelius <nico-cdist--@--schottelius.org>
|
||||||
|
|
||||||
COPYING
|
COPYING
|
||||||
-------
|
-------
|
||||||
Copyright \(C) 2011 Nico Schottelius. You can redistribute it
|
Copyright \(C) 2020 Nico Schottelius. You can redistribute it
|
||||||
and/or modify it under the terms of the GNU General Public License as
|
and/or modify it under the terms of the GNU General Public License as
|
||||||
published by the Free Software Foundation, either version 3 of the
|
published by the Free Software Foundation, either version 3 of the
|
||||||
License, or (at your option) any later version.
|
License, or (at your option) any later version.
|
||||||
|
|
|
@ -33,10 +33,14 @@ os=$(cat "$__global/explorer/os")
|
||||||
|
|
||||||
|
|
||||||
case "$os" in
|
case "$os" in
|
||||||
debian|ubuntu|devuan)
|
freebsd)
|
||||||
destination=/etc/motd.tail
|
# FreeBSD uses motd.template to prepend system information on boot
|
||||||
|
# (this actually only applies starting with version 13,
|
||||||
|
# but we fix that for whatever version in gencode-remote)
|
||||||
|
destination=/etc/motd.template
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
|
# Most UNIX systems, including other Linux and OpenBSD just use /etc/motd
|
||||||
destination=/etc/motd
|
destination=/etc/motd
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
|
@ -30,7 +30,7 @@ host="$( cat "$__object/parameter/host" )"
|
||||||
|
|
||||||
check_privileges="$(
|
check_privileges="$(
|
||||||
mysql -B -N -e "show grants for '$user'@'$host'" \
|
mysql -B -N -e "show grants for '$user'@'$host'" \
|
||||||
| grep -Ei "^grant $privileges on .$database.\..$table. to " || true )"
|
| grep -Ei "^grant $privileges on .$database.\..?$table.? to " || true )"
|
||||||
|
|
||||||
if [ -n "$check_privileges" ]
|
if [ -n "$check_privileges" ]
|
||||||
then
|
then
|
||||||
|
|
|
@ -37,13 +37,19 @@ user="$( cat "$__object/parameter/user" )"
|
||||||
|
|
||||||
host="$( cat "$__object/parameter/host" )"
|
host="$( cat "$__object/parameter/host" )"
|
||||||
|
|
||||||
|
if [ "$table" != '*' ]
|
||||||
|
then
|
||||||
|
# shellcheck disable=SC2016
|
||||||
|
table="$( printf '`%s`' "$table" )"
|
||||||
|
fi
|
||||||
|
|
||||||
case "$state_should" in
|
case "$state_should" in
|
||||||
present)
|
present)
|
||||||
echo "mysql -e 'grant $privileges on \`$database\`.\`$table\` to \`$user\`@\`$host\`'"
|
echo "mysql -e 'grant $privileges on \`$database\`.$table to \`$user\`@\`$host\`'"
|
||||||
echo "grant $privileges on $database.$table to $user@$host" >> "$__messages_out"
|
echo "grant $privileges on $database.$table to $user@$host" >> "$__messages_out"
|
||||||
;;
|
;;
|
||||||
absent)
|
absent)
|
||||||
echo "mysql -e 'revoke $privileges on \`$database\`.\`$table\` from \`$user\`@\`$host\`'"
|
echo "mysql -e 'revoke $privileges on \`$database\`.$table from \`$user\`@\`$host\`'"
|
||||||
echo "revoke $privileges on $database.$table from $user@$host" >> "$__messages_out"
|
echo "revoke $privileges on $database.$table from $user@$host" >> "$__messages_out"
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
|
@ -17,7 +17,7 @@ REQUIRED PARAMETERS
|
||||||
database
|
database
|
||||||
Name of database.
|
Name of database.
|
||||||
|
|
||||||
User
|
user
|
||||||
Name of user.
|
Name of user.
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -92,6 +92,9 @@ tls-ca
|
||||||
Required if `tls-cert` is defined.
|
Required if `tls-cert` is defined.
|
||||||
Path in the remote hosts to the PEM-encoded CA certificate file.
|
Path in the remote hosts to the PEM-encoded CA certificate file.
|
||||||
|
|
||||||
|
extra-config
|
||||||
|
Custom settings to be added in `slapd.conf(5)`.
|
||||||
|
|
||||||
|
|
||||||
OPTIONAL MULTIPLE PARAMETERS
|
OPTIONAL MULTIPLE PARAMETERS
|
||||||
----------------------------
|
----------------------------
|
||||||
|
|
|
@ -9,6 +9,7 @@ slapd_modules=$(cat "${__object}/parameter/module" 2>/dev/null || true)
|
||||||
schemas=$(cat "${__object}/parameter/schema")
|
schemas=$(cat "${__object}/parameter/schema")
|
||||||
slapd_urls=$(tr '\n' ' ' < "${__object}/parameter/slapd-url")
|
slapd_urls=$(tr '\n' ' ' < "${__object}/parameter/slapd-url")
|
||||||
tls_cipher_suite=$(cat "${__object}/parameter/tls-cipher-suite" 2>/dev/null || true)
|
tls_cipher_suite=$(cat "${__object}/parameter/tls-cipher-suite" 2>/dev/null || true)
|
||||||
|
extra_config=$(cat "${__object}/parameter/extra-config" || true)
|
||||||
|
|
||||||
|
|
||||||
os="$(cat "${__global}/explorer/os")"
|
os="$(cat "${__global}/explorer/os")"
|
||||||
|
@ -168,6 +169,7 @@ if [ -z "${_skip_letsencrypt_cert}" ]; then
|
||||||
staging=""
|
staging=""
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# shellcheck disable=SC2086
|
||||||
__letsencrypt_cert "${name}" --admin-email "${admin_email}" \
|
__letsencrypt_cert "${name}" --admin-email "${admin_email}" \
|
||||||
--renew-hook "cp ${ETC}/letsencrypt/live/${name}/*.pem ${SLAPD_DIR}/sasl2 && chown -R openldap:openldap ${SLAPD_DIR}/sasl2 && service slapd restart" \
|
--renew-hook "cp ${ETC}/letsencrypt/live/${name}/*.pem ${SLAPD_DIR}/sasl2 && chown -R openldap:openldap ${SLAPD_DIR}/sasl2 && service slapd restart" \
|
||||||
--automatic-renewal ${staging}
|
--automatic-renewal ${staging}
|
||||||
|
@ -230,6 +232,8 @@ index uid,memberUid eq,pres,sub
|
||||||
index nisMapName,nisMapEntry eq,pres,sub
|
index nisMapName,nisMapEntry eq,pres,sub
|
||||||
index entryCSN,entryUUID eq
|
index entryCSN,entryUUID eq
|
||||||
|
|
||||||
|
${extra_config}
|
||||||
|
|
||||||
serverid ${serverid}
|
serverid ${serverid}
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
|
|
|
@ -6,3 +6,4 @@ tls-cipher-suite
|
||||||
tls-cert
|
tls-cert
|
||||||
tls-privkey
|
tls-privkey
|
||||||
tls-ca
|
tls-ca
|
||||||
|
extra-config
|
||||||
|
|
|
@ -74,6 +74,14 @@ fi
|
||||||
|
|
||||||
case "$state_should" in
|
case "$state_should" in
|
||||||
present)
|
present)
|
||||||
|
# following is bit ugly, but important hack.
|
||||||
|
# due to how cdist config run works, there isn't
|
||||||
|
# currently better way to do it :(
|
||||||
|
cat << EOF
|
||||||
|
if [ ! -f /var/cache/apt/pkgcache.bin ] || [ "\$( stat --format %Y /var/cache/apt/pkgcache.bin )" -lt "\$( date +%s -d '-1 day' )" ]
|
||||||
|
then echo apt-get update > /dev/null 2>&1 || true
|
||||||
|
fi
|
||||||
|
EOF
|
||||||
if [ -n "$version" ]; then
|
if [ -n "$version" ]; then
|
||||||
name="${name}=${version}"
|
name="${name}=${version}"
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -11,6 +11,9 @@ DESCRIPTION
|
||||||
apt-get is usually used on Debian and variants (like Ubuntu) to
|
apt-get is usually used on Debian and variants (like Ubuntu) to
|
||||||
manage packages.
|
manage packages.
|
||||||
|
|
||||||
|
This type will also update package index, if it is older
|
||||||
|
than one day, to avoid missing package error messages.
|
||||||
|
|
||||||
|
|
||||||
REQUIRED PARAMETERS
|
REQUIRED PARAMETERS
|
||||||
-------------------
|
-------------------
|
||||||
|
|
|
@ -1,7 +1,8 @@
|
||||||
#!/bin/sh
|
#!/bin/sh -e
|
||||||
#
|
#
|
||||||
# 2011 Nico Schottelius (nico-cdist at schottelius.org)
|
# 2011 Nico Schottelius (nico-cdist at schottelius.org)
|
||||||
# 2012 Giel van Schijndel (giel plus cdist at mortis dot eu)
|
# 2012 Giel van Schijndel (giel plus cdist at mortis dot eu)
|
||||||
|
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
|
||||||
#
|
#
|
||||||
# This file is part of cdist.
|
# This file is part of cdist.
|
||||||
#
|
#
|
||||||
|
@ -19,21 +20,78 @@
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
#
|
#
|
||||||
#
|
#
|
||||||
# Retrieve the status of a package - parsed opkg output
|
# Retrieve the status of a package - parses opkg output
|
||||||
#
|
#
|
||||||
|
|
||||||
if [ -f "$__object/parameter/name" ]; then
|
readonly __type_path=${__object%%${__object_id}*}
|
||||||
name="$(cat "$__object/parameter/name")"
|
test -d "${__type_path}" || { echo 'Cannot determine __type_path' >&2; exit 1; }
|
||||||
|
readonly LOCKFILE="${__type_path:?}/.cdist_opkg.lock"
|
||||||
|
|
||||||
|
if command -v flock >/dev/null 2>&1
|
||||||
|
then
|
||||||
|
# use flock (if available) on FD 9
|
||||||
|
_lock() {
|
||||||
|
exec 9<>"${LOCKFILE:?}"
|
||||||
|
flock -x 9
|
||||||
|
echo $$>&9
|
||||||
|
}
|
||||||
|
_unlock() {
|
||||||
|
:>"${LOCKFILE:?}"
|
||||||
|
flock -u 9
|
||||||
|
exec 9<&-
|
||||||
|
}
|
||||||
else
|
else
|
||||||
name="$__object_id"
|
# fallback to mkdir if flock is missing
|
||||||
|
_lock() {
|
||||||
|
until mkdir "${LOCKFILE:?}.dir" 2>/dev/null
|
||||||
|
do
|
||||||
|
while test -d "${LOCKFILE}.dir"
|
||||||
|
do
|
||||||
|
# DEBUG:
|
||||||
|
# printf 'Locked by PID: %u\n' "$(cat "${LOCKFILE}.dir/pid")"
|
||||||
|
sleep 1
|
||||||
|
done
|
||||||
|
done
|
||||||
|
echo $$ >"${LOCKFILE:?}.dir/pid"
|
||||||
|
}
|
||||||
|
_unlock() {
|
||||||
|
test -d "${LOCKFILE}.dir" || return 0
|
||||||
|
if test -s "${LOCKFILE}.dir/pid"
|
||||||
|
then
|
||||||
|
test "$(cat "${LOCKFILE}.dir/pid")" = $$ || return 1
|
||||||
|
rm "${LOCKFILE:?}.dir/pid"
|
||||||
|
fi
|
||||||
|
rmdir "${LOCKFILE:?}.dir"
|
||||||
|
}
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Except dpkg failing, if package is not known / installed
|
|
||||||
if opkg status "$name" 2>/dev/null | grep -q "^Status: install user installed$"; then
|
if test -f "${__object}/parameter/name"
|
||||||
echo "present"
|
then
|
||||||
exit 0
|
pkg_name=$(cat "${__object}/parameter/name")
|
||||||
elif [ "$(opkg info "$name" 2> /dev/null | wc -l)" -eq 0 ]; then
|
else
|
||||||
echo "absent notpresent"
|
pkg_name=$__object_id
|
||||||
exit 0
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
# NOTE: We need to lock parallel execution of type explorers and code-remote
|
||||||
|
# because opkg will try to acquire the OPKG lock (usually /var/lock/opkg.lock)
|
||||||
|
# using lockf(2) for every operation.
|
||||||
|
# It will not wait for the lock but terminate with an error.
|
||||||
|
# This leads to incorrect 'absent notpresent' statuses when parallel execution
|
||||||
|
# is enabled.
|
||||||
|
trap _unlock EXIT
|
||||||
|
_lock
|
||||||
|
|
||||||
|
|
||||||
|
# Except opkg failing, if package is not known / installed
|
||||||
|
if opkg status "${pkg_name}" 2>/dev/null \
|
||||||
|
| grep -q -e '^Status: [^ ][^ ]* [^ ][^ ]* installed$'
|
||||||
|
then
|
||||||
|
echo 'present'
|
||||||
|
elif opkg info "${pkg_name}" 2>/dev/null | grep -q .
|
||||||
|
then
|
||||||
|
echo 'absent notpresent'
|
||||||
|
else
|
||||||
|
echo 'absent'
|
||||||
fi
|
fi
|
||||||
echo "absent"
|
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
#
|
#
|
||||||
# 2011,2013 Nico Schottelius (nico-cdist at schottelius.org)
|
# 2011,2013 Nico Schottelius (nico-cdist at schottelius.org)
|
||||||
# 2012 Giel van Schijndel (giel plus cdist at mortis dot eu)
|
# 2012 Giel van Schijndel (giel plus cdist at mortis dot eu)
|
||||||
|
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
|
||||||
#
|
#
|
||||||
# This file is part of cdist.
|
# This file is part of cdist.
|
||||||
#
|
#
|
||||||
|
@ -19,41 +20,50 @@
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
#
|
#
|
||||||
#
|
#
|
||||||
# Manage packages on OpenWRT and co.
|
# Manage packages on OpenWrt, optware, and co.
|
||||||
#
|
#
|
||||||
|
|
||||||
if [ -f "$__object/parameter/name" ]; then
|
if test -f "${__object}/parameter/name"
|
||||||
name="$(cat "$__object/parameter/name")"
|
then
|
||||||
|
name=$(cat "${__object}/parameter/name")
|
||||||
else
|
else
|
||||||
name="$__object_id"
|
name=$__object_id
|
||||||
fi
|
fi
|
||||||
|
|
||||||
state_should="$(cat "$__object/parameter/state")"
|
state_should=$(cat "${__object}/parameter/state")
|
||||||
|
state_is=$(cat "${__object}/explorer/pkg_status")
|
||||||
|
|
||||||
state_is="$(cat "$__object/explorer/pkg_status")"
|
case $state_is
|
||||||
case "$state_is" in
|
in
|
||||||
absent*)
|
(absent*)
|
||||||
present="$(echo "$state_is" | cut -d ' ' -f 2)"
|
presence=$(echo "${state_is}" | cut -d ' ' -f 2)
|
||||||
state_is="absent"
|
state_is='absent'
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
[ "$state_is" = "$state_should" ] && exit 0
|
if test "${state_is}" = "${state_should}"
|
||||||
|
then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
case "$state_should" in
|
|
||||||
present)
|
case $state_should
|
||||||
if [ "$present" = "notpresent" ]; then
|
in
|
||||||
echo "opkg --verbosity=0 update"
|
(present)
|
||||||
fi
|
if test "${presence}" = 'notpresent'
|
||||||
echo "opkg --verbosity=0 install '$name'"
|
then
|
||||||
echo "installed" >> "$__messages_out"
|
echo 'opkg --verbosity=0 update'
|
||||||
;;
|
fi
|
||||||
absent)
|
|
||||||
echo "opkg --verbosity=0 remove '$name'"
|
printf "opkg --verbosity=0 install '%s'\n" "${name}"
|
||||||
echo "removed" >> "$__messages_out"
|
echo 'installed' >>"${__messages_out}"
|
||||||
;;
|
;;
|
||||||
*)
|
(absent)
|
||||||
echo "Unknown state: ${state_should}" >&2
|
printf "opkg --verbosity=0 remove '%s'" "${name}"
|
||||||
exit 1
|
echo 'removed' >>"${__messages_out}"
|
||||||
;;
|
;;
|
||||||
|
(*)
|
||||||
|
printf 'Unknown state: %s\n' "${state_should}" >&2
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
|
@ -24,18 +24,18 @@ case "$type" in
|
||||||
if [ -f "/var/cache/apt/pkgcache.bin" ]; then
|
if [ -f "/var/cache/apt/pkgcache.bin" ]; then
|
||||||
echo $(($(date +"%s")-$(stat --format '%Y' /var/cache/apt/pkgcache.bin)))
|
echo $(($(date +"%s")-$(stat --format '%Y' /var/cache/apt/pkgcache.bin)))
|
||||||
else
|
else
|
||||||
echo 0
|
echo -- -1
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
pacman)
|
pacman)
|
||||||
if [ -d "/var/lib/pacman/sync" ]; then
|
if [ -d "/var/lib/pacman/sync" ]; then
|
||||||
echo $(($(date +"%s")-$(stat --format '%Y' /var/lib/pacman/sync)))
|
echo $(($(date +"%s")-$(stat --format '%Y' /var/lib/pacman/sync)))
|
||||||
else
|
else
|
||||||
echo 0
|
echo -- -1
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
alpine)
|
alpine)
|
||||||
echo 0
|
echo -- -1
|
||||||
;;
|
;;
|
||||||
*) echo "Your specified type ($type) is currently not supported." >&2
|
*) echo "Your specified type ($type) is currently not supported." >&2
|
||||||
echo "Please contribute an implementation for it if you can." >&2
|
echo "Please contribute an implementation for it if you can." >&2
|
||||||
|
|
|
@ -31,7 +31,8 @@ if [ -n "$maxage" ]; then
|
||||||
if [ "$type" != "apt" ] && [ "$type" != "pacman" ]; then
|
if [ "$type" != "apt" ] && [ "$type" != "pacman" ]; then
|
||||||
echo "ERROR: \"--maxage\" only supported for \"apt\" or \"pacman\" pkg-manager." >&2
|
echo "ERROR: \"--maxage\" only supported for \"apt\" or \"pacman\" pkg-manager." >&2
|
||||||
exit 1
|
exit 1
|
||||||
elif [ "$currage" -lt "$maxage" ]; then
|
# do not exit if no value found (represented as -1)
|
||||||
|
elif [ "$currage" -ne -1 ] && [ "$currage" -lt "$maxage" ]; then
|
||||||
exit 0 # no need to update
|
exit 0 # no need to update
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
1
cdist/conf/type/__pf_apply/deprecated
Normal file
1
cdist/conf/type/__pf_apply/deprecated
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Consider moving to __pf_apply_anchor. Get in touch if you need __pf_apply.
|
|
@ -1,6 +1,6 @@
|
||||||
#!/bin/sh
|
#!/bin/sh -e
|
||||||
#
|
#
|
||||||
# 2012 Jake Guffey (jake.guffey at eprotex.com)
|
# 2016 Kamila Součková (coding at kamila.is)
|
||||||
#
|
#
|
||||||
# This file is part of cdist.
|
# This file is part of cdist.
|
||||||
#
|
#
|
||||||
|
@ -18,24 +18,16 @@
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
#
|
#
|
||||||
#
|
#
|
||||||
# Get the 256 bit SHA2 checksum of the pf ruleset on the target host.
|
# Apply pf(4) ruleset on *BSD
|
||||||
#
|
#
|
||||||
|
|
||||||
# Debug
|
ANCHORS_DIR="/etc/pf.d"
|
||||||
#exec >&2
|
|
||||||
#set -x
|
|
||||||
|
|
||||||
# Check /etc/rc.conf for pf's configuration file name. Default to /etc/pf.conf
|
if [ -f "${__object}/parameter/anchor_name" ]; then
|
||||||
# See if file exists and if so, get checksum
|
anchor_name="$(cat "${__object}/parameter/anchor_name")"
|
||||||
|
else
|
||||||
RC="/etc/rc.conf"
|
anchor_name="${__object_id}"
|
||||||
TMP="$(grep '^pf_rules=' ${RC} | cut -d= -f2 | sed 's/"//g')"
|
|
||||||
PFCONF="${TMP:-"/etc/pf.conf"}"
|
|
||||||
|
|
||||||
if [ -f "${PFCONF}" ]; then # The pf config file exists, find its cksum.
|
|
||||||
cksum -o 1 "${PFCONF}" | cut -d= -f2 | awk '{print $1}'
|
|
||||||
fi
|
fi
|
||||||
|
anchor_file="${ANCHORS_DIR}/${anchor_name}"
|
||||||
|
|
||||||
# Debug
|
echo "pfctl -a \"${anchor_name}\" -f \"${anchor_file}\""
|
||||||
#set +x
|
|
||||||
|
|
62
cdist/conf/type/__pf_apply_anchor/man.rst
Normal file
62
cdist/conf/type/__pf_apply_anchor/man.rst
Normal file
|
@ -0,0 +1,62 @@
|
||||||
|
cdist-type__pf_apply_anchor(7)
|
||||||
|
==============================
|
||||||
|
|
||||||
|
NAME
|
||||||
|
----
|
||||||
|
cdist-type__pf_apply_anchor - Apply a pf(4) anchor on $__target_host
|
||||||
|
|
||||||
|
|
||||||
|
DESCRIPTION
|
||||||
|
-----------
|
||||||
|
This type is used on \*BSD systems to manage anchors for the pf firewall.
|
||||||
|
|
||||||
|
Notice this type does not take care of copying the ruleset, that must be
|
||||||
|
done by the user with, e.g. `__file`.
|
||||||
|
|
||||||
|
|
||||||
|
OPTIONAL PARAMETERS
|
||||||
|
-------------------
|
||||||
|
anchor_name
|
||||||
|
The name of the anchor to apply. If not set, `${__object_id}` is used.
|
||||||
|
This type requires `/etc/pf.d/${anchor_name}` to exist on
|
||||||
|
`$__target_host`.
|
||||||
|
|
||||||
|
|
||||||
|
EXAMPLES
|
||||||
|
--------
|
||||||
|
|
||||||
|
.. code-block:: sh
|
||||||
|
|
||||||
|
# Copy anchor file to ${__target_host}
|
||||||
|
__file "/etc/pf.d/80_dns" --source - <<EOF
|
||||||
|
# Managed remotely, changes will be lost
|
||||||
|
|
||||||
|
pass quick proto {tcp,udp} from any to any port domain
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Apply the anchor
|
||||||
|
require="__file/etc/pf.d/80_dns" __pf_apply_anchor 80_dns
|
||||||
|
# This is roughly equivalent to:
|
||||||
|
# pfctl -a "${anchor_name}" -f "/etc/pf.d/${anchor_name}"
|
||||||
|
|
||||||
|
|
||||||
|
SEE ALSO
|
||||||
|
--------
|
||||||
|
:strong:`pf`\ (4)
|
||||||
|
|
||||||
|
|
||||||
|
AUTHORS
|
||||||
|
-------
|
||||||
|
Evilham <contact--@--evilham.com>
|
||||||
|
Kamila Součková <coding--@--kamila.is>
|
||||||
|
Jake Guffey <jake.guffey--@--eprotex.com>
|
||||||
|
|
||||||
|
|
||||||
|
COPYING
|
||||||
|
-------
|
||||||
|
Copyright \(C) 2020 Evilham.
|
||||||
|
Copyright \(C) 2016 Kamila Součková.
|
||||||
|
Copyright \(C) 2012 Jake Guffey. You can redistribute it
|
||||||
|
and/or modify it under the terms of the GNU General Public License as
|
||||||
|
published by the Free Software Foundation, either version 3 of the
|
||||||
|
License, or (at your option) any later version.
|
1
cdist/conf/type/__pf_apply_anchor/parameter/optional
Normal file
1
cdist/conf/type/__pf_apply_anchor/parameter/optional
Normal file
|
@ -0,0 +1 @@
|
||||||
|
anchor_name
|
|
@ -1,81 +0,0 @@
|
||||||
#!/bin/sh -e
|
|
||||||
#
|
|
||||||
# 2012 Jake Guffey (jake.guffey at eprotex.com)
|
|
||||||
#
|
|
||||||
# This file is part of cdist.
|
|
||||||
#
|
|
||||||
# cdist is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# cdist is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
#
|
|
||||||
#
|
|
||||||
# Manage pf(4) on *BSD
|
|
||||||
#
|
|
||||||
|
|
||||||
# Debug
|
|
||||||
#exec >&2
|
|
||||||
#set -x
|
|
||||||
|
|
||||||
# Send files to $__target_host via $__remote_copy
|
|
||||||
|
|
||||||
uname=$(uname) # Need to know what the cdist host is running so we know how to compute the ruleset's checksum
|
|
||||||
state=$(cat "$__object/parameter/state")
|
|
||||||
|
|
||||||
if [ "$state" = "absent" ]; then # There is nothing more for a *local* script to do
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -f "$__object/parameter/source" ]; then
|
|
||||||
source=$(cat "$__object/parameter/source")
|
|
||||||
fi
|
|
||||||
|
|
||||||
rcvar=$(cat "$__object/explorer/rcvar")
|
|
||||||
cksum=$(cat "$__object/explorer/cksum")
|
|
||||||
|
|
||||||
|
|
||||||
cat <<EOF
|
|
||||||
case $uname in
|
|
||||||
Darwin)
|
|
||||||
currentSum=\$(cksum -o 1 ${source} | cut '-d ' -f1)
|
|
||||||
;;
|
|
||||||
Linux)
|
|
||||||
currentSum=\$(cksum ${source} | cut '-d ' -f1)
|
|
||||||
;;
|
|
||||||
FreeBSD)
|
|
||||||
currentSum=\$(cksum -o 1 ${source} | cut -d= -f2 | sed 's/ //g')
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
echo "Sorry, I do not know how to find a cksum on ${uname}." >&2
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
# IPv6 fix
|
|
||||||
if $(echo "${__target_host}" | grep -q -E '^[0-9a-fA-F:]+$')
|
|
||||||
then
|
|
||||||
my_target_host="[${__target_host}]"
|
|
||||||
else
|
|
||||||
my_target_host="${__target_host}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -n "${cksum}" ]; then
|
|
||||||
if [ ! "\${currentSum}" = "${cksum}" ]; then
|
|
||||||
$__remote_copy "${source}" "\${my_target_host}:${rcvar}.new"
|
|
||||||
fi
|
|
||||||
else # File just doesn't exist yet
|
|
||||||
$__remote_copy "${source}" "\${my_target_host}:${rcvar}.new"
|
|
||||||
fi
|
|
||||||
EOF
|
|
||||||
|
|
||||||
# Debug
|
|
||||||
#exec +x
|
|
||||||
|
|
|
@ -10,6 +10,9 @@ DESCRIPTION
|
||||||
-----------
|
-----------
|
||||||
This type is used on \*BSD systems to manage the pf firewall's ruleset.
|
This type is used on \*BSD systems to manage the pf firewall's ruleset.
|
||||||
|
|
||||||
|
It will also enable and disable the pf firewall as requested in the `state`
|
||||||
|
parameter.
|
||||||
|
|
||||||
|
|
||||||
REQUIRED PARAMETERS
|
REQUIRED PARAMETERS
|
||||||
-------------------
|
-------------------
|
||||||
|
@ -20,9 +23,8 @@ state
|
||||||
OPTIONAL PARAMETERS
|
OPTIONAL PARAMETERS
|
||||||
-------------------
|
-------------------
|
||||||
source
|
source
|
||||||
If supplied, use to define the ruleset to load onto the $__target_host for pf(4).
|
Required when state is "present".
|
||||||
Note that this type is almost useless without a ruleset defined, but it's technically not
|
Defines the ruleset to load onto the $__target_host for `pf(4)`.
|
||||||
needed, e.g. for the case of disabling the firewall temporarily.
|
|
||||||
|
|
||||||
|
|
||||||
EXAMPLES
|
EXAMPLES
|
||||||
|
@ -30,10 +32,10 @@ EXAMPLES
|
||||||
|
|
||||||
.. code-block:: sh
|
.. code-block:: sh
|
||||||
|
|
||||||
# Remove the current ruleset in place
|
# Remove the current ruleset in place and disable pf
|
||||||
__pf_ruleset --state absent
|
__pf_ruleset --state absent
|
||||||
|
|
||||||
# Enable the firewall with the ruleset defined in $__manifest/files/pf.conf
|
# Enable pf with the ruleset defined in $__manifest/files/pf.conf
|
||||||
__pf_ruleset --state present --source $__manifest/files/pf.conf
|
__pf_ruleset --state present --source $__manifest/files/pf.conf
|
||||||
|
|
||||||
|
|
||||||
|
@ -44,11 +46,13 @@ SEE ALSO
|
||||||
|
|
||||||
AUTHORS
|
AUTHORS
|
||||||
-------
|
-------
|
||||||
|
Kamila Součková <coding--@--kamila.is>
|
||||||
Jake Guffey <jake.guffey--@--eprotex.com>
|
Jake Guffey <jake.guffey--@--eprotex.com>
|
||||||
|
|
||||||
|
|
||||||
COPYING
|
COPYING
|
||||||
-------
|
-------
|
||||||
|
Copyright \(C) 2016 Kamila Součková.
|
||||||
Copyright \(C) 2012 Jake Guffey. You can redistribute it
|
Copyright \(C) 2012 Jake Guffey. You can redistribute it
|
||||||
and/or modify it under the terms of the GNU General Public License as
|
and/or modify it under the terms of the GNU General Public License as
|
||||||
published by the Free Software Foundation, either version 3 of the
|
published by the Free Software Foundation, either version 3 of the
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
#!/bin/sh -e
|
#!/bin/sh -e
|
||||||
#
|
#
|
||||||
# 2012 Jake Guffey (jake.guffey at eprotex.com)
|
# 2016 Kamila Součková (coding at kamila.is)
|
||||||
#
|
#
|
||||||
# This file is part of cdist.
|
# This file is part of cdist.
|
||||||
#
|
#
|
||||||
|
@ -21,29 +21,26 @@
|
||||||
# Manage pf(4) on *BSD
|
# Manage pf(4) on *BSD
|
||||||
#
|
#
|
||||||
|
|
||||||
# Debug
|
rcvar="$(cat "${__object}/explorer/rcvar")"
|
||||||
#exec >&2
|
state="$(cat "${__object}/parameter/state")"
|
||||||
#set -x
|
if [ -f "${__object}/parameter/source" ]; then
|
||||||
|
source="$(cat "${__object}/parameter/source")"
|
||||||
# Remove ${rcvar} in the case of --state absent
|
|
||||||
|
|
||||||
state=$(cat "$__object/parameter/state")
|
|
||||||
rcvar=$(cat "$__object/explorer/rcvar")
|
|
||||||
|
|
||||||
if [ "$state" = "present" ]; then # There is nothing more for a *remote* script to do
|
|
||||||
exit 0
|
|
||||||
elif [ "$state" = "absent" ]; then
|
|
||||||
# --state absent, so ensure that .new doesn't exist and that conf is renamed to .old
|
|
||||||
cat <<EOF
|
|
||||||
if [ -f "${rcvar}.new" ]; then
|
|
||||||
rm "${rcvar}.new"
|
|
||||||
fi
|
|
||||||
if [ -f "${rcvar}" ]; then
|
|
||||||
mv "${rcvar}" "${rcvar}.old"
|
|
||||||
fi
|
|
||||||
EOF
|
|
||||||
else
|
|
||||||
echo "Unknown state ${state}!" >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ "${state}" = "absent" ]; then
|
||||||
|
action="/etc/rc.d/pf stop"
|
||||||
|
else
|
||||||
|
action="/etc/rc.d/pf reload || /etc/rc.d/pf start"
|
||||||
|
fi
|
||||||
|
|
||||||
|
__key_value __pf_ruleset/rcvar \
|
||||||
|
--state "${state}" \
|
||||||
|
--file /etc/rc.conf \
|
||||||
|
--delimiter "=" \
|
||||||
|
--key "pf_enable" \
|
||||||
|
--value "YES"
|
||||||
|
|
||||||
|
require="__key_value/__pf_ruleset/rcvar" __config_file "${rcvar}" \
|
||||||
|
--source "${source}" \
|
||||||
|
--state "${state}" \
|
||||||
|
--onchange "${action}"
|
|
@ -19,16 +19,4 @@
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
#
|
#
|
||||||
|
|
||||||
|
__package postfix --state present
|
||||||
os=$(cat "$__global/explorer/os")
|
|
||||||
|
|
||||||
case "$os" in
|
|
||||||
alpine|ubuntu|debian|archlinux|suse|scientific|centos|devuan)
|
|
||||||
__package postfix --state present
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
|
|
||||||
echo "Please contribute an implementation for it if you can." >&2
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
|
@ -43,8 +43,29 @@ if [ "$state_should" != "$state_is" ]; then
|
||||||
if [ -f "$__object/parameter/owner" ]; then
|
if [ -f "$__object/parameter/owner" ]; then
|
||||||
owner="-O \"$(cat "$__object/parameter/owner")\""
|
owner="-O \"$(cat "$__object/parameter/owner")\""
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
template=""
|
||||||
|
if [ -f "$__object/parameter/template" ]; then
|
||||||
|
template="--template \"$(cat "$__object/parameter/template")\""
|
||||||
|
fi
|
||||||
|
|
||||||
|
encoding=""
|
||||||
|
if [ -f "$__object/parameter/encoding" ]; then
|
||||||
|
encoding="--encoding \"$(cat "$__object/parameter/encoding")\""
|
||||||
|
fi
|
||||||
|
|
||||||
|
lc_collate=""
|
||||||
|
if [ -f "$__object/parameter/lc-collate" ]; then
|
||||||
|
lc_collate="--lc-collate \"$(cat "$__object/parameter/lc-collate")\""
|
||||||
|
fi
|
||||||
|
|
||||||
|
lc_ctype=""
|
||||||
|
if [ -f "$__object/parameter/lc-ctype" ]; then
|
||||||
|
lc_ctype="--lc-ctype \"$(cat "$__object/parameter/lc-ctype")\""
|
||||||
|
fi
|
||||||
|
|
||||||
cat << EOF
|
cat << EOF
|
||||||
su - '$postgres_user' -c "createdb $owner \"$name\""
|
su - '$postgres_user' -c "createdb $owner \"$name\" $template $encoding $lc_collate $lc_ctype"
|
||||||
EOF
|
EOF
|
||||||
;;
|
;;
|
||||||
absent)
|
absent)
|
||||||
|
|
|
@ -14,10 +14,22 @@ This cdist type allows you to create or drop postgres databases.
|
||||||
OPTIONAL PARAMETERS
|
OPTIONAL PARAMETERS
|
||||||
-------------------
|
-------------------
|
||||||
state
|
state
|
||||||
either 'present' or 'absent', defaults to 'present'.
|
Either 'present' or 'absent', defaults to 'present'.
|
||||||
|
|
||||||
owner
|
owner
|
||||||
the role owning this database
|
Specifies the database user who will own the new database.
|
||||||
|
|
||||||
|
encoding
|
||||||
|
Specifies the character encoding scheme to be used in this database.
|
||||||
|
|
||||||
|
lc-collate
|
||||||
|
Specifies the LC_COLLATE setting to be used in this database.
|
||||||
|
|
||||||
|
lc-ctype
|
||||||
|
Specifies the LC_CTYPE setting to be used in this database.
|
||||||
|
|
||||||
|
template
|
||||||
|
Specifies the template database from which to build this database.
|
||||||
|
|
||||||
|
|
||||||
EXAMPLES
|
EXAMPLES
|
||||||
|
|
|
@ -1,2 +1,6 @@
|
||||||
state
|
state
|
||||||
owner
|
owner
|
||||||
|
encoding
|
||||||
|
lc-collate
|
||||||
|
lc-ctype
|
||||||
|
template
|
||||||
|
|
|
@ -54,7 +54,7 @@ case "$state_should" in
|
||||||
|
|
||||||
[ -n "$password" ] && password="PASSWORD '$password'"
|
[ -n "$password" ] && password="PASSWORD '$password'"
|
||||||
cat << EOF
|
cat << EOF
|
||||||
su - '$postgres_user' -c "psql postgres -wc 'CREATE ROLE \"$name\" WITH $password $booleans;'"
|
su - '$postgres_user' -c "psql postgres -wc \"CREATE ROLE \\\\\"$name\\\\\" WITH $password $booleans;\""
|
||||||
EOF
|
EOF
|
||||||
;;
|
;;
|
||||||
absent)
|
absent)
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
#!/bin/sh -e
|
#!/bin/sh -e
|
||||||
#
|
#
|
||||||
# 2016 Darko Poljak (darko.poljak at gmail.com)
|
# 2016 Darko Poljak (darko.poljak at gmail.com)
|
||||||
|
# 2020 Nico Schotetlius (nico.schottelius at ungleich.ch)
|
||||||
#
|
#
|
||||||
# This file is part of cdist.
|
# This file is part of cdist.
|
||||||
#
|
#
|
||||||
|
@ -37,11 +38,21 @@ mode="$(cat "$__object/parameter/mode")"
|
||||||
destination="/$__object_id"
|
destination="/$__object_id"
|
||||||
venvparams="$(cat "$__object/parameter/venvparams")"
|
venvparams="$(cat "$__object/parameter/venvparams")"
|
||||||
pyvenvparam="$__object/parameter/pyvenv"
|
pyvenvparam="$__object/parameter/pyvenv"
|
||||||
|
|
||||||
|
os=$(cat "$__global/explorer/os")
|
||||||
|
|
||||||
if [ -f "$pyvenvparam" ]
|
if [ -f "$pyvenvparam" ]
|
||||||
then
|
then
|
||||||
pyvenv=$(cat "$pyvenvparam")
|
pyvenv=$(cat "$pyvenvparam")
|
||||||
else
|
else
|
||||||
pyvenv="pyvenv"
|
case "$os" in
|
||||||
|
alpine|ubuntu) # no pyvenv on alpine - I assume others will follow
|
||||||
|
pyvenv="python3 -m venv"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
pyvenv="pyvenv"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
fi
|
fi
|
||||||
|
|
||||||
case $state_should in
|
case $state_should in
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue