Merge branch 'master' into beta
This commit is contained in:
commit
b47b9b1ba0
19 changed files with 156 additions and 103 deletions
|
@ -2,6 +2,7 @@
|
|||
#
|
||||
# 2014 Daniel Heule (hda at sfs.biz)
|
||||
# 2014 Thomas Oettli (otho at sfs.biz)
|
||||
# 2020 Evilham (contact at evilham.com)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
|
@ -18,63 +19,91 @@
|
|||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
#
|
||||
|
||||
# FIXME: other system types (not linux ...)
|
||||
os=$("$__explorer/os")
|
||||
|
||||
if [ -d "/proc/vz" ] && [ ! -d "/proc/bc" ]; then
|
||||
echo openvz
|
||||
exit
|
||||
fi
|
||||
|
||||
if [ -e "/proc/1/environ" ] &&
|
||||
tr '\000' '\n' < "/proc/1/environ" | grep -Eiq '^container='; then
|
||||
echo lxc
|
||||
exit
|
||||
fi
|
||||
|
||||
if [ -r /proc/cpuinfo ]; then
|
||||
# this should only exist on virtual guest machines,
|
||||
# tested on vmware, xen, kvm
|
||||
if grep -q "hypervisor" /proc/cpuinfo; then
|
||||
# this file is aviable in xen guest systems
|
||||
if [ -r /sys/hypervisor/type ]; then
|
||||
if grep -q -i "xen" /sys/hypervisor/type; then
|
||||
echo virtual_by_xen
|
||||
exit
|
||||
vendor_string_to_machine_type() {
|
||||
for vendor in vmware bochs kvm qemu virtualbox bhyve; do
|
||||
if echo "${1}" | grep -q -i "${vendor}"; then
|
||||
if [ "${vendor}" = "bochs" ] || [ "${vendor}" = "qemu" ]; then
|
||||
vendor="kvm"
|
||||
fi
|
||||
else
|
||||
if [ -r /sys/class/dmi/id/product_name ]; then
|
||||
if grep -q -i 'vmware' /sys/class/dmi/id/product_name; then
|
||||
echo "virtual_by_vmware"
|
||||
exit
|
||||
elif grep -q -i 'bochs' /sys/class/dmi/id/product_name; then
|
||||
echo "virtual_by_kvm"
|
||||
exit
|
||||
elif grep -q -i 'virtualbox' /sys/class/dmi/id/product_name; then
|
||||
echo "virtual_by_virtualbox"
|
||||
exit
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -r /sys/class/dmi/id/sys_vendor ]; then
|
||||
if grep -q -i 'qemu' /sys/class/dmi/id/sys_vendor; then
|
||||
echo "virtual_by_kvm"
|
||||
exit
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -r /sys/class/dmi/id/chassis_vendor ]; then
|
||||
if grep -q -i 'qemu' /sys/class/dmi/id/chassis_vendor; then
|
||||
echo "virtual_by_kvm"
|
||||
exit
|
||||
fi
|
||||
fi
|
||||
echo "virtual_by_${vendor}"
|
||||
exit
|
||||
fi
|
||||
echo "virtual_by_unknown"
|
||||
else
|
||||
echo "physical"
|
||||
fi
|
||||
else
|
||||
echo "unknown"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
case "$os" in
|
||||
"freebsd")
|
||||
# FreeBSD does not have /proc/cpuinfo even when procfs is used.
|
||||
# Instead there is a sysctl kern.vm_guest.
|
||||
# Which is 'none' if physical, else the virtualisation.
|
||||
vm_guest="$(sysctl -n kern.vm_guest 2>/dev/null || true)"
|
||||
if [ -n "${vm_guest}" ]; then
|
||||
if [ "${vm_guest}" = "none" ]; then
|
||||
echo "physical"
|
||||
exit
|
||||
fi
|
||||
echo "virtual_by_${vm_guest}"
|
||||
exit
|
||||
fi
|
||||
;;
|
||||
|
||||
"openbsd")
|
||||
# OpenBSD can also use the sysctl's: hw.vendor or hw.product.
|
||||
# Note we can be reasonably sure about a machine being virtualised
|
||||
# as long as we can identify the virtualisation technology.
|
||||
# But not so much about it being physical...
|
||||
# Patches are welcome / reach out if you have better ideas.
|
||||
for sysctl in hw.vendor hw.product; do
|
||||
# This exits if we can make a reasonable judgement
|
||||
vendor_string_to_machine_type "$(sysctl -n "${sysctl}")"
|
||||
done
|
||||
;;
|
||||
|
||||
*)
|
||||
# Defaulting to linux for compatibility with previous cdist behaviour
|
||||
|
||||
if [ -d "/proc/vz" ] && [ ! -d "/proc/bc" ]; then
|
||||
echo openvz
|
||||
exit
|
||||
fi
|
||||
|
||||
if [ -e "/proc/1/environ" ] &&
|
||||
tr '\000' '\n' < "/proc/1/environ" | grep -Eiq '^container='; then
|
||||
echo lxc
|
||||
exit
|
||||
fi
|
||||
|
||||
if [ -r /proc/cpuinfo ]; then
|
||||
# this should only exist on virtual guest machines,
|
||||
# tested on vmware, xen, kvm, bhyve
|
||||
if grep -q "hypervisor" /proc/cpuinfo; then
|
||||
# this file is aviable in xen guest systems
|
||||
if [ -r /sys/hypervisor/type ]; then
|
||||
if grep -q -i "xen" /sys/hypervisor/type; then
|
||||
echo virtual_by_xen
|
||||
exit
|
||||
fi
|
||||
else
|
||||
for vendor_file in /sys/class/dmi/id/product_name \
|
||||
/sys/class/dmi/id/sys_vendor \
|
||||
/sys/class/dmi/id/chasis_vendor; do
|
||||
if [ -r ${vendor_file} ]; then
|
||||
# This exits if we can make a reasonable judgement
|
||||
vendor_string_to_machine_type "$(cat "${vendor_file}")"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
echo "virtual_by_unknown"
|
||||
exit
|
||||
else
|
||||
echo "physical"
|
||||
exit
|
||||
fi
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
|
||||
echo "unknown"
|
||||
|
|
|
@ -21,6 +21,11 @@ command
|
|||
|
||||
OPTIONAL PARAMETERS
|
||||
-------------------
|
||||
**NOTE**: All time-related parameters (``--minute``, ``--hour``, ``--day_of_month``
|
||||
``--month`` and ``--day_of_week``) defaults to ``*``, which means to execute it
|
||||
**always**. If you set ``--hour 0`` to execute the cronjob only at midnight, it
|
||||
will execute **every** minute in the first hour of the morning all days.
|
||||
|
||||
state
|
||||
Either present or absent. Defaults to present.
|
||||
minute
|
||||
|
|
|
@ -50,13 +50,13 @@ state
|
|||
create or modify it
|
||||
|
||||
group
|
||||
Group to chgrp to.
|
||||
Group to chgrp to. Defaults to ``root``.
|
||||
|
||||
mode
|
||||
Unix permissions, suitable for chmod.
|
||||
Unix permissions, suitable for chmod. Defaults to a very secure ``0600``.
|
||||
|
||||
owner
|
||||
User to chown to.
|
||||
User to chown to. Defaults to ``root``.
|
||||
|
||||
source
|
||||
If supplied, copy this file from the host running cdist to the target.
|
||||
|
|
|
@ -88,7 +88,7 @@ if [ "$state" = "present" ]; then
|
|||
fi
|
||||
done
|
||||
if [ "$os" = "freebsd" ]; then
|
||||
echo pw groupadd "$@" "$name"
|
||||
echo pw groupadd "$name" "$@"
|
||||
else
|
||||
echo groupadd "$@" "$name"
|
||||
fi
|
||||
|
|
|
@ -91,6 +91,9 @@ if [ -z "${certbot_fullpath}" ]; then
|
|||
|
||||
certbot_fullpath=/usr/local/bin/certbot
|
||||
;;
|
||||
ubuntu)
|
||||
__package certbot
|
||||
;;
|
||||
*)
|
||||
echo "Unsupported os: $os" >&2
|
||||
exit 1
|
||||
|
|
|
@ -18,7 +18,7 @@ source
|
|||
Specifies the link source.
|
||||
|
||||
type
|
||||
Specifies the link type: Either hard or symoblic.
|
||||
Specifies the link type: Either hard or symbolic.
|
||||
|
||||
|
||||
OPTIONAL PARAMETERS
|
||||
|
|
|
@ -22,13 +22,6 @@
|
|||
os=$(cat "$__global/explorer/os")
|
||||
|
||||
case "$os" in
|
||||
debian|ubuntu|devuan)
|
||||
|
||||
# Debian and Ubuntu need to be updated,
|
||||
# as seen in /etc/init.d/bootlogs
|
||||
echo "uname -snrvm > /var/run/motd"
|
||||
echo "cat /etc/motd.tail >> /var/run/motd"
|
||||
;;
|
||||
freebsd)
|
||||
# FreeBSD only updates /etc/motd on boot,
|
||||
# as seen in /etc/rc.d/motd
|
||||
|
|
|
@ -33,10 +33,6 @@ os=$(cat "$__global/explorer/os")
|
|||
|
||||
|
||||
case "$os" in
|
||||
debian|ubuntu|devuan)
|
||||
# Debian-based systems use /etc/motd.tail as a template
|
||||
destination=/etc/motd.tail
|
||||
;;
|
||||
freebsd)
|
||||
# FreeBSD uses motd.template to prepend system information on boot
|
||||
# (this actually only applies starting with version 13,
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
#!/bin/sh -e
|
||||
#
|
||||
# 2016 Darko Poljak (darko.poljak at gmail.com)
|
||||
# 2020 Nico Schotetlius (nico.schottelius at ungleich.ch)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
|
@ -45,7 +46,7 @@ then
|
|||
pyvenv=$(cat "$pyvenvparam")
|
||||
else
|
||||
case "$os" in
|
||||
alpine) # no pyvenv on alpine - I assume others will follow
|
||||
alpine|ubuntu) # no pyvenv on alpine - I assume others will follow
|
||||
pyvenv="python3 -m venv"
|
||||
;;
|
||||
*)
|
||||
|
|
|
@ -9,7 +9,7 @@ cdist-type__pyvenv - Create or remove python virtual environment
|
|||
DESCRIPTION
|
||||
-----------
|
||||
This cdist type allows you to create or remove python virtual
|
||||
environment using pyvenv.
|
||||
environment using pyvenv on python3 -m venv.
|
||||
It assumes pyvenv is already installed. Concrete package depends
|
||||
on concrete OS and/or OS version/distribution.
|
||||
Ensure this for e.g. in your init manifest as in the following example:
|
||||
|
@ -57,7 +57,7 @@ EXAMPLES
|
|||
|
||||
__pyvenv /home/services/djangoenv
|
||||
|
||||
# Use specific pyvenv
|
||||
# Use specific pyvenv
|
||||
__pyvenv /home/foo/fooenv --pyvenv /usr/local/bin/pyvenv-3.4
|
||||
|
||||
# Create python virtualenv for user foo.
|
||||
|
@ -76,4 +76,3 @@ COPYING
|
|||
-------
|
||||
Copyright \(C) 2016 Darko Poljak. Free use of this software is
|
||||
granted under the terms of the GNU General Public License v3 or later (GPLv3+).
|
||||
|
||||
|
|
|
@ -15,25 +15,27 @@ This type was created to be used by the __ssh_authorized_keys type.
|
|||
REQUIRED PARAMETERS
|
||||
-------------------
|
||||
file
|
||||
the authorized_keys file to which the given key should be added
|
||||
The authorized_keys file where the given key should be managed.
|
||||
|
||||
key
|
||||
a string containing the ssh keytype, base 64 encoded key and optional
|
||||
trailing comment which shall be added to the given authorized_keys file.
|
||||
The ssh key which shall be managed in this authorized_keys file.
|
||||
Must be a string containing the ssh keytype, base 64 encoded key and
|
||||
optional trailing comment which shall be added to the given
|
||||
authorized_keys file.
|
||||
|
||||
|
||||
OPTIONAL PARAMETERS
|
||||
-------------------
|
||||
comment
|
||||
explicit comment instead of the one which may be trailing the given key
|
||||
Use this comment instead of the one which may be trailing in the key.
|
||||
|
||||
option
|
||||
an option to set for this authorized_key entry.
|
||||
An option to set for this authorized_key entry.
|
||||
Can be specified multiple times.
|
||||
See sshd(8) for available options.
|
||||
|
||||
state
|
||||
if the given keys should be 'present' or 'absent', defaults to 'present'.
|
||||
If the managed key should be 'present' or 'absent', defaults to 'present'.
|
||||
|
||||
|
||||
MESSAGES
|
||||
|
@ -64,7 +66,7 @@ EXAMPLES
|
|||
|
||||
SEE ALSO
|
||||
--------
|
||||
:strong:`cdist__ssh_authorized_keys`\ (7), :strong:`sshd`\ (8)
|
||||
:strong:`cdist-type__ssh_authorized_keys`\ (7), :strong:`sshd`\ (8)
|
||||
|
||||
|
||||
AUTHORS
|
||||
|
|
|
@ -20,42 +20,45 @@ then left to the user to ensure that the file exists and that ownership and
|
|||
permissions work with ssh.
|
||||
|
||||
|
||||
REQUIRED PARAMETERS
|
||||
-------------------
|
||||
REQUIRED MULTIPLE PARAMETERS
|
||||
----------------------------
|
||||
key
|
||||
the ssh key which shall be added to this authorized_keys file.
|
||||
Must be a string and can be specified multiple times.
|
||||
An ssh key which shall be managed in this authorized_keys file.
|
||||
Must be a string containing the ssh keytype, base 64 encoded key and
|
||||
optional trailing comment which shall be added to the given
|
||||
authorized_keys file.
|
||||
Can be specified multiple times.
|
||||
|
||||
|
||||
OPTIONAL PARAMETERS
|
||||
-------------------
|
||||
comment
|
||||
explicit comment instead of the one which may be trailing the given key
|
||||
Use this comment instead of the one which may be trailing in each key.
|
||||
|
||||
file
|
||||
an alternative destination file, defaults to ~$owner/.ssh/authorized_keys
|
||||
An alternative destination file, defaults to ~$owner/.ssh/authorized_keys.
|
||||
|
||||
option
|
||||
an option to set for all created authorized_key entries.
|
||||
An option to set for all authorized_key entries in the key parameter.
|
||||
Can be specified multiple times.
|
||||
See sshd(8) for available options.
|
||||
|
||||
owner
|
||||
the user owning the authorized_keys file, defaults to object_id.
|
||||
The user owning the authorized_keys file, defaults to object_id.
|
||||
|
||||
state
|
||||
if the given keys should be 'present' or 'absent', defaults to 'present'.
|
||||
If the given keys should be 'present' or 'absent', defaults to 'present'.
|
||||
|
||||
|
||||
BOOLEAN PARAMETERS
|
||||
------------------
|
||||
noparent
|
||||
don't create or change ownership and permissions of the directory containing
|
||||
the authorized_keys file
|
||||
Don't create or change ownership and permissions of the directory containing
|
||||
the authorized_keys file.
|
||||
|
||||
nofile
|
||||
don't manage existence, ownership and permissions of the the authorized_keys
|
||||
file
|
||||
Don't manage existence, ownership and permissions of the the authorized_keys
|
||||
file.
|
||||
|
||||
|
||||
EXAMPLES
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
comment
|
||||
file
|
||||
option
|
||||
owner
|
||||
state
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
option
|
|
@ -135,11 +135,19 @@ elif [ "$state" = "absent" ]; then
|
|||
if grep -q "^${name}:" "$__object/explorer/passwd"; then
|
||||
#user exists, but state != present, so delete it
|
||||
if [ -f "$__object/parameter/remove-home" ]; then
|
||||
printf "userdel -r '%s' >/dev/null 2>&1\\n" "${name}"
|
||||
echo "userdel -r" >> "$__messages_out"
|
||||
if [ "$os" = "freebsd" ]; then
|
||||
printf "pw userdel '%s' -r >/dev/null 2>&1\\n" "${name}"
|
||||
else
|
||||
printf "userdel -r '%s' >/dev/null 2>&1\\n" "${name}"
|
||||
fi
|
||||
echo "userdel -r" >> "$__messages_out"
|
||||
else
|
||||
printf "userdel '%s' >/dev/null 2>&1\\n" "${name}"
|
||||
echo "userdel" >> "$__messages_out"
|
||||
if [ "$os" = "freebsd" ]; then
|
||||
printf "pw userdel '%s' >/dev/null 2>&1\\n" "${name}"
|
||||
else
|
||||
printf "userdel '%s' >/dev/null 2>&1\\n" "${name}"
|
||||
fi
|
||||
echo "userdel" >> "$__messages_out"
|
||||
fi
|
||||
fi
|
||||
else
|
||||
|
|
|
@ -64,6 +64,7 @@ class DefaultLog(logging.Logger):
|
|||
|
||||
def __init__(self, name):
|
||||
super().__init__(name)
|
||||
self.propagate = False
|
||||
|
||||
formatter = logging.Formatter(self.FORMAT)
|
||||
|
||||
|
|
|
@ -26,7 +26,7 @@
|
|||
#
|
||||
# init_manifest
|
||||
# Specify default initial manifest.
|
||||
# init_mainfest = <path-to-init-manifst>
|
||||
# init_manifest = <path-to-init-manifest>
|
||||
#
|
||||
# inventory_dir
|
||||
# Specify inventory directory.
|
||||
|
|
|
@ -5,6 +5,19 @@ next:
|
|||
* Core: Add trigger functionality (Nico Schottelius, Darko Poljak)
|
||||
* Core: Implement core support for python types (Darko Poljak)
|
||||
|
||||
6.5.6: 2020-05-25
|
||||
* Type __pyvenv: Switch to python3 -m venv for Ubuntu (Nico Schottelius)
|
||||
* Type __letsencrypt_cert: Whitelist Ubuntu (Nico Schottelius)
|
||||
* Types __cron, __file, __link: Improve manpages (Matthias Stecher)
|
||||
* Explorer machine_type: Add support for FreeBSD and OpenBSD, and simplify Linux code (Evil Ham)
|
||||
* Type __ssh_authorized_key, __ssh_authorized_keys: Improve manpages (Evil Ham)
|
||||
* Type __ssh_authorized_keys: Fix bug where --option was not multiple (Evil Ham)
|
||||
* Type __motd: Debian/Ubuntu/Devuan use /etc/motd (Ander Punnar)
|
||||
* Type __group: Fix --gid on FreeBSD (Ander Punnar)
|
||||
* Configuration: Fix typos in cdist.cfg.skeleton (Jaak Ristioja)
|
||||
* Type __user: Fix user deletion on FreeBSD (Ander Punnar)
|
||||
* Core: Fix double log lines (Darko Poljak)
|
||||
|
||||
6.5.5: 2020-05-01
|
||||
* Core: Fix XDG_CONFIG_HOME config file location (Joachim Desroches)
|
||||
* Type __postgres_database: Add encoding, lc-collate, lc-ctype, template parameters (Timothée Floure)
|
||||
|
|
|
@ -3,7 +3,7 @@ Support
|
|||
|
||||
Chat
|
||||
~~~~
|
||||
Chat with us: `ungleich chat <https://chat.ungleich.ch/ungleich/channels/cdist>`_.
|
||||
Chat with us on `#cdist:ungleich.ch <https://ungleich.ch/u/projects/open-chat/>`_.
|
||||
|
||||
Mailing list
|
||||
~~~~~~~~~~~~
|
||||
|
|
Loading…
Reference in a new issue