Commit graph

6961 commits

Author SHA1 Message Date
aa80c09c80 [__letsencrypt_cert] Move hook contents generation out of manifest
While there address some minor issues in the comments in the hook contents.
2021-02-10 10:10:21 +01:00
b832af5e3b [__letsencrypt_cert] Don't mess with user script indentation
This could break in odd ways if they passed sth like:
cat <<eof
bla bla
eof
2021-02-09 20:53:58 +01:00
e49da474c4 [__letsencrypt_cert] Remove problematic trailing slash in sed.
Happy fingers are happy and like adding slashes places.
2021-02-09 20:29:17 +01:00
bc145bbc27 [__letsencrypt_cert] Fix various issues with hooks.
Closes #853, see issue for full description / discussion.

Short summary:
- There was about 6.53% chances of `--renewal-hook` not being applied
- Using --automatic-renewal in one cert and not in another was an error.
- It was not possible to use different hooks for different certificates.
- FreeBSD support was utterly broken.
2021-02-09 19:58:47 +01:00
Darko Poljak
65a6a2ed52 ++changelog 2021-02-08 08:28:31 +01:00
c8141d28c3 Merge branch 'fix/explorer/memory' into 'master'
explorer/memory: fix to return result in kiB for all systems and add support for Solaris

See merge request ungleich-public/cdist!967
2021-02-08 08:27:07 +01:00
cda17be38a [explorer/memory] Clean up, return kiB for all systems, add SunOS
BSDs were MiB before.
2021-02-08 08:27:03 +01:00
Darko Poljak
92a50da487 Fix pycodestyle issues 2021-01-18 06:28:09 +01:00
Darko Poljak
6e9b13d949 ++changelog 2021-01-18 06:22:32 +01:00
878a65a8b7 Merge branch 'fix/type/__sshd_config/error-on-invalid' into 'master'
sshd config: Produce error if invalid config is generated, fix processing of AuthenticationMethods and AuthorizedKeysFile, document explorer bug

See merge request ungleich-public/cdist!968
2021-01-18 06:22:02 +01:00
cce470b556 Merge branch 'bugfix/preos-debug' into 'master'
Fix debug parameter

Closes #849

See merge request ungleich-public/cdist!970
2021-01-18 06:17:36 +01:00
Nico Schottelius
f0e1b3b849 Merge branch 'master' of code.ungleich.ch:ungleich-public/cdist 2021-01-11 22:20:50 +01:00
Darko Poljak
c819548343 Fix debug parameter
-d was removed from cdist in favor of mulitple -v and -l parameters, but
-d was not removed from preos.

Resolve #849.
2021-01-11 09:51:52 +01:00
Dennis Camera
bd8ab8f26f [type/__sshd_config] Document "bug" in state explorer 2021-01-05 17:02:42 +01:00
Dennis Camera
8753b7eedf [type/__sshd_config] Make AuthenticationMethods and AuthorizedKeysFile singleton options
They were incorrectly treated as non-singleton options before.

cf. https://github.com/openssh/openssh-portable/blob/V_8_4/servconf.c#L2273
and https://github.com/openssh/openssh-portable/blob/V_8_4/servconf.c#L1899 resp.
2021-01-05 16:59:04 +01:00
Dennis Camera
766198912d [type/__sshd_config] Produce error if invalid config file is generated
Previously, cdist would silently swallow the error (no invalid config file was
generated).

Reason: `set -e` does not exit if a command in a sub-command group fails,
it merely returns with a non-zero exit status.

e.g. the following snippet does not abort the script if sshd -t returns with a
non-zero exit status:

    set -e
    cmp -s old new || {
        # check config file and update it
        sshd -t -f new \
        && cat new >old
    }

or compressed:

    set -e
    false || { false && true; }
    echo $?
    # prints 1
2021-01-05 15:50:21 +01:00
Darko Poljak
7cf85c4659 Release 6.9.4 2020-12-21 19:21:51 +01:00
Nico Schottelius
a10d43bc69 Merge branch 'master' of code.ungleich.ch:ungleich-public/cdist 2020-12-20 11:42:44 +01:00
Darko Poljak
4bae2863db ++changelog 2020-12-18 12:54:33 +01:00
3566901e1c Merge branch '__dot_file-dirmode' into 'master'
Added optional dirmode parameter to set the mode of (optional) the directory.

See merge request ungleich-public/cdist!966
2020-12-18 12:50:30 +01:00
Mark Verboom
8dc2c4207c Added optional dirmode parameter to set the mode of (optional) the directory. 2020-12-18 11:16:28 +01:00
Darko Poljak
71f2283117 ++changelog 2020-12-13 16:03:39 +01:00
f87da8150c Merge branch 'type/__debian_backports' into 'master'
__apt_backports type

See merge request ungleich-public/cdist!964
2020-12-13 16:03:31 +01:00
ae747ac021 Merge branch 'os_version-freebsd' into 'master'
[explorer/os_version] Improve FreeBSD support.

See merge request ungleich-public/cdist!965
2020-12-13 16:00:45 +01:00
27aca06fb8 __apt_backports: undo __apt_update_index call
Becuase it is already done by __apt_source.
2020-12-12 17:34:51 +01:00
fca35fc858 __apt_backports: fix explorer call
s/-/_/ because the explorers are following an other convention :-)
2020-12-12 17:29:58 +01:00
645734c629 [explorer/os_version] Improve FreeBSD support.
It looks like uname -r is not the most reliable way to get the target patch
level for the target system.

For more information see:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251743
2020-12-12 12:15:17 +01:00
fafa3d9ea5 __apt_backports: update index if required
This type now automatically calls the type __apt_update_index to update
the package index if something changed.
2020-12-12 10:00:23 +01:00
49aec0b5e4 __apt_backports: list supported OSes
The manpage now lists all OSes where this type supports backports.
2020-12-12 09:40:47 +01:00
c4d19a2319 __debian_backports -> __apt_backports; add wider os support
As discussed in the chat, this type now supports a broader list of OSes
which it supports backports for. Because of this, it was renamed to
something more generic. "apt" should fit in.
2020-12-12 09:36:17 +01:00
Nico Schottelius
69b8bc9af0 Merge branch 'master' of code.ungleich.ch:ungleich-public/cdist 2020-12-11 19:38:03 +01:00
Nico Schottelius
bc2948a8a5 ++scan stuff 2020-12-11 19:37:53 +01:00
0d96b31b56 __debian_backports: pass shellcheck for sourced file
Because the sourced explorer can't be detected by shellcheck, it will be
completely disabled. Changing the path to /etc/os-release isn't
deterministic either.

The shellcheck wiki page suggests to use `source=/dev/null` instead of
`disable=SC1090`, but it was choosen to completely avoid that check ..
2020-12-11 18:13:44 +01:00
a5169ad858 new type __debian_backports
This new type will setup the backports distribution for the current
Debian release.
2020-12-10 21:24:26 +01:00
Darko Poljak
a58f5ffa7f ++changelog 2020-12-08 19:36:44 +01:00
0546d6e476 Merge branch 'fix/__block/escape' into 'master'
__block: fix escaping in here-doc

Closes #838

See merge request ungleich-public/cdist!962
2020-12-08 19:36:45 +01:00
Darko Poljak
14c81d6c7e ++changelog 2020-12-08 07:16:26 +01:00
a1987fe410 Merge branch 'feature/__iptables_rule/ipv6' into 'master'
__iptables*: add IPv6 support

See merge request ungleich-public/cdist!959
2020-12-08 07:10:29 +01:00
c5ca4cd2e1 __block: securly quote via the quote function
Because the function already exists, it will be used for the file to be
changed, too. Therefor, no quotes are required for that value.

The prefix and suffix match was also improved: There is no regex check
any more (the regex did checked the whole line); instead it will do it
simple.
2020-12-07 19:59:05 +01:00
Darko Poljak
2966296173 ++changelog 2020-12-07 19:47:52 +01:00
226f665fb5 Merge branch 'imp-deprecation' into 'master'
Deal with deprecation of imp module.

See merge request ungleich-public/cdist!963
2020-12-07 19:48:08 +01:00
1c61989c03 Merge branch 'fix/type/__package_pkgng_freebsd/bootstrap' into 'master'
__package_pkgng_freebsd: Fix bootstrapping pkg(7)

See merge request ungleich-public/cdist!961
2020-12-07 19:42:21 +01:00
bed08c2c5c Deal with deprecation of imp module.
importlib has been a thing since Python 3.1, and imp has been deprecated since
3.4.

Insert random complaint here about not being able to use f-strings because they
were introduced in Python 3.6 and apparently we support Python 3.5 >,<.

Output diff before to after for ./bin/cdist-build-helper test (on heavy load):
```
1,2d0
< /usr/home/evilham/s/cdist/cdist/cdist/test/__main__.py:23: DeprecationWarning: the imp module is deprecated in favour of importlib; see the module's documentation for alternative uses
<   import imp
72c70
< ERROR: cdisttesthost: __file/tmp/foobar requires object __file without object id. Defined at /tmp/tmp.cdist.test.g87lx7c8/tmp.cdist.test.6ramsakx
---
> ERROR: cdisttesthost: __file/tmp/foobar requires object __file without object id. Defined at /tmp/tmp.cdist.test.aqdf6vjz/tmp.cdist.test.jgv3udel
76c74
< test_nonexistent_type_requirement (cdist.test.emulator.EmulatorTestCase) ... ERROR: cdisttesthost: __file/tmp/foobar requires object __does-not-exist/some-id, but type __does-not-exist does not exist. Defined at /tmp/tmp.cdist.test.mma5j8ln/tmp.cdist.test.3zg4by4d
---
> test_nonexistent_type_requirement (cdist.test.emulator.EmulatorTestCase) ... ERROR: cdisttesthost: __file/tmp/foobar requires object __does-not-exist/some-id, but type __does-not-exist does not exist. Defined at /tmp/tmp.cdist.test.t8d6ockr/tmp.cdist.test.uimxurg9
86c84
< test_initial_manifest_environment (cdist.test.manifest.ManifestTestCase) ... VERBOSE: cdisttesthost: Running initial manifest /tmp/tmp.cdist.test.uvid60ij/759547ff4356de6e3d9e08522b0d0807/data/conf/manifest/dump_environment
---
> test_initial_manifest_environment (cdist.test.manifest.ManifestTestCase) ... VERBOSE: cdisttesthost: Running initial manifest /tmp/tmp.cdist.test._cttcnrj/759547ff4356de6e3d9e08522b0d0807/data/conf/manifest/dump_environment
89c87
< test_type_manifest_environment (cdist.test.manifest.ManifestTestCase) ... VERBOSE: cdisttesthost: Running type manifest /tmp/tmp.cdist.test.k1i2onpb/759547ff4356de6e3d9e08522b0d0807/data/conf/type/__dump_environment/manifest for object __dump_environment/whatever
---
> test_type_manifest_environment (cdist.test.manifest.ManifestTestCase) ... VERBOSE: cdisttesthost: Running type manifest /tmp/tmp.cdist.test.ukr7lrzd/759547ff4356de6e3d9e08522b0d0807/data/conf/type/__dump_environment/manifest for object __dump_environment/whatever
272c270
< Ran 225 tests in 44.457s
---
> Ran 225 tests in 43.750s
```
2020-12-06 20:24:00 +01:00
3930f69456 __block: fix escaping in here-doc
This changes the here-document to do not interpret any shell-things. It
also single-quotes some more strings that are printed to code-remote.

Fixes #838
2020-12-06 16:45:58 +01:00
087be130fa __iptables_apply: shorten copyright header
Do we need all the copyright header or is this sufficient? The licence
is given for cdist, but not on the target host. But it should be clear
anyway.
2020-12-04 19:23:49 +01:00
Dennis Camera
2d19856840 [type/__package_pkgng_freebsd] Set ASSUME_ALWAYS_YES instead of -y 2020-12-04 18:26:03 +01:00
ba7d16a155 __iptables_*: correct manpage spelling 2020-12-04 17:57:55 +01:00
Darko Poljak
d44b5cfdc9 Release 6.9.3 2020-12-04 15:31:35 +01:00
Darko Poljak
c7fa2efe6b ++changelog 2020-12-04 15:30:08 +01:00
74426a7827 Merge branch 'fix/pip-install' into 'master'
Hotfix: Add cdist.scan to packages

See merge request ungleich-public/cdist!960
2020-12-04 15:30:12 +01:00