Commit Graph

2203 Commits (10ca1c12fd25a9f2b92cebbc5d375a1723ed5e2f)

Author SHA1 Message Date
poljakowski c55397766e Merge branch 'feature/type/__sshd_config/whitelist-openbmc' into 'master'
__sshd_config: Whitelist OpenBMC

See merge request ungleich-public/cdist!980
2 years ago
Dennis Camera e47c4dd8a4 [type/__sshd_config] Whitelist OpenBMC in manifest 2 years ago
Dennis Camera fb19f34266 [type/__ssh_authorized_key] Only grep if file exists 2 years ago
Steven Armstrong ea0126dd81 Make local state dir available to custom remote scripts
Signed-off-by: Steven Armstrong <steven@icarus.ethz.ch>
2 years ago
poljakowski 1bc0d912bf Merge branch 'fix/type/__pyvenv/man-typo' into 'master'
__pyvenv: Fix user example

See merge request ungleich-public/cdist!978
2 years ago
Dennis Camera 8ef19d47f6 [type/__pyvenv] Fix example (--user -> --owner) 2 years ago
poljakowski 6358885d26 Merge branch 'feature/__package_pip/extras' into 'master'
__package_pip: add optional (extra) dependencies

See merge request ungleich-public/cdist!975
2 years ago
poljakowski b3a9c907ad Merge branch '__letsencrypt_cert-fix-hooks' into 'master'
[__letsencrypt_cert] Fix various issues with hooks.

Closes #853

See merge request ungleich-public/cdist!977
2 years ago
poljakowski e854db096e Merge branch 'fix/type/__postgres_role/implement-alter' into 'master'
__postgres_role: implement modification of roles

See merge request ungleich-public/cdist!973
2 years ago
matze d1f45d3524 __package_pip: corrected typo in man
.. by fully replacing it with a smaller sentence.
2 years ago
matze 2ce1fce767 __package_pip: match package names case insensitive
Pip matches them insensitive, so we need to do the same to avoid
problems by saying extras are not installed but already is there in
place.
2 years ago
matze 951712740f __package_pip: update man.rst
Adjusted comments for `explorer/extras` and updated the man page for the
new behaviour of updating the extras.
2 years ago
matze a9d7dfb2ed __package_pip: split extra 'all' to a list of all extras
This will fix if a package will be upgraded from some extras to all
extras. Previously, it will not work because some dependencies of 'all'
are already installed, so the feature 'all' is already installed.

Now, it will use a list of all extras to iterate over them separatly. This
will result it will never install all extras via `[all]`, but rather
`[foo,bar]`.
2 years ago
matze 7398382890 __package_pip: fix shellcheck
Useless `cat $file`, use `< $file` instead.
2 years ago
matze 2db0ef7c98 __package_pip: updating real detection of extras
As the previous detection took the wrong values, this explorer now
checks if packages for an extra are installed or not. If not, the extra
is not installed.

Based on the information of the explorer, it will install the package
again with the absent extras.
2 years ago
matze 8dc6ab9738 __package_pip: install not found extras
Compares the explorer against the parameters and install those extras
that are not already installed.
2 years ago
matze 4717e5ceff __package_pip: add extras explorer
The two new explorers detect all installed extras for this package.
2 years ago
evilham aa80c09c80 [__letsencrypt_cert] Move hook contents generation out of manifest
While there address some minor issues in the comments in the hook contents.
2 years ago
evilham b832af5e3b [__letsencrypt_cert] Don't mess with user script indentation
This could break in odd ways if they passed sth like:
cat <<eof
bla bla
eof
2 years ago
evilham e49da474c4 [__letsencrypt_cert] Remove problematic trailing slash in sed.
Happy fingers are happy and like adding slashes places.
2 years ago
evilham bc145bbc27 [__letsencrypt_cert] Fix various issues with hooks.
Closes #853, see issue for full description / discussion.

Short summary:
- There was about 6.53% chances of `--renewal-hook` not being applied
- Using --automatic-renewal in one cert and not in another was an error.
- It was not possible to use different hooks for different certificates.
- FreeBSD support was utterly broken.
2 years ago
ssrq cda17be38a [explorer/memory] Clean up, return kiB for all systems, add SunOS
BSDs were MiB before.
2 years ago
matze 73a03d75d7 __package_pip: fix shellcheck 2 years ago
matze 8eccacec59 __package_pip: add optional dependencies
This is a poor implementation of optional dependencies for pip packages.
It ensures to install them if the package will be installed, but does
not take into account if they must be added/removed after the package is
already installed. Also, it will not be autoremoved, as all dependencies
will not be removed.
2 years ago
Dennis Camera 35cde3e666 [type/__postgres_role] Fix state explorer when stored password is empty 2 years ago
Darko Poljak 92a50da487 Fix pycodestyle issues 2 years ago
poljakowski 878a65a8b7 Merge branch 'fix/type/__sshd_config/error-on-invalid' into 'master'
sshd config: Produce error if invalid config is generated, fix processing of AuthenticationMethods and AuthorizedKeysFile, document explorer bug

See merge request ungleich-public/cdist!968
2 years ago
poljakowski cce470b556 Merge branch 'bugfix/preos-debug' into 'master'
Fix debug parameter

Closes #849

See merge request ungleich-public/cdist!970
2 years ago
Dennis Camera 2954347771 [type/__postgres_role] Add note regarding empty passwords 2 years ago
Darko Poljak c819548343 Fix debug parameter
-d was removed from cdist in favor of mulitple -v and -l parameters, but
-d was not removed from preos.

Resolve #849.
2 years ago
Dennis Camera bd8ab8f26f [type/__sshd_config] Document "bug" in state explorer 2 years ago
Dennis Camera 8753b7eedf [type/__sshd_config] Make AuthenticationMethods and AuthorizedKeysFile singleton options
They were incorrectly treated as non-singleton options before.

cf. https://github.com/openssh/openssh-portable/blob/V_8_4/servconf.c#L2273
and https://github.com/openssh/openssh-portable/blob/V_8_4/servconf.c#L1899 resp.
2 years ago
Dennis Camera 766198912d [type/__sshd_config] Produce error if invalid config file is generated
Previously, cdist would silently swallow the error (no invalid config file was
generated).

Reason: `set -e` does not exit if a command in a sub-command group fails,
it merely returns with a non-zero exit status.

e.g. the following snippet does not abort the script if sshd -t returns with a
non-zero exit status:

    set -e
    cmp -s old new || {
        # check config file and update it
        sshd -t -f new \
        && cat new >old
    }

or compressed:

    set -e
    false || { false && true; }
    echo $?
    # prints 1
2 years ago
Nico Schottelius a10d43bc69 Merge branch 'master' of code.ungleich.ch:ungleich-public/cdist 2 years ago
Mark Verboom 8dc2c4207c Added optional dirmode parameter to set the mode of (optional) the directory. 2 years ago
Dennis Camera 99d82fd0d5 [type/__postgres_role] Always set psql -q 3 years ago
Dennis Camera 1180f13ed6 [type/__postgres_role] Fix setting password
We need to make sure that the password does not end up in ~/.psql_history.
3 years ago
Dennis Camera 4859c27900 [type/__postgres_role] Refactor gencode-remote 3 years ago
Dennis Camera 7b7ca4d385 [type/__postgres_role] Handle password changes 3 years ago
Dennis Camera c36df82882 [type/__postgres_role] ALTER ROLE when parameters change 3 years ago
Dennis Camera 932e2496ed [type/__postgres_role] Lint 3 years ago
poljakowski f87da8150c Merge branch 'type/__debian_backports' into 'master'
__apt_backports type

See merge request ungleich-public/cdist!964
3 years ago
matze 27aca06fb8 __apt_backports: undo __apt_update_index call
Becuase it is already done by __apt_source.
3 years ago
matze fca35fc858 __apt_backports: fix explorer call
s/-/_/ because the explorers are following an other convention :-)
3 years ago
evilham 645734c629 [explorer/os_version] Improve FreeBSD support.
It looks like uname -r is not the most reliable way to get the target patch
level for the target system.

For more information see:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251743
3 years ago
matze fafa3d9ea5 __apt_backports: update index if required
This type now automatically calls the type __apt_update_index to update
the package index if something changed.
3 years ago
matze 49aec0b5e4 __apt_backports: list supported OSes
The manpage now lists all OSes where this type supports backports.
3 years ago
matze c4d19a2319 __debian_backports -> __apt_backports; add wider os support
As discussed in the chat, this type now supports a broader list of OSes
which it supports backports for. Because of this, it was renamed to
something more generic. "apt" should fit in.
3 years ago
Nico Schottelius 69b8bc9af0 Merge branch 'master' of code.ungleich.ch:ungleich-public/cdist 3 years ago
Nico Schottelius bc2948a8a5 ++scan stuff 3 years ago