ungleich-public/cdist
ungleich-public
/
cdist
7
3
Fork 10
Code Issues 57 Pull Requests 12 Projects Releases Wiki Activity

Feature requests and questions #153

New Issue
Closed
opened 2021-11-20 15:20:20 +00:00 by ungleich-gitea · 14 comments
ungleich-gitea commented 2021-11-20 15:20:20 +00:00
Owner
Copy Link

Created by: iredmail

  • doc: How about encourage user to install cdist with easy_install, pip from pypi? git version may be not so stable. And yum/apt packages in linux distributions may be out of date.
  • doc: where can i save ENVIRONMENT variables? It's easy to use export TMPDIR='/tmp' temporarily, but any config file i can store it?
  • doc: (ssh) how to use normal user with sudo instead of using root user directly?
  • doc: how to use non-standard ssh port number?
  • doc: -d option is deprecated, but doc doesn't mention this, and the replacement (-vvv).
  • Don't require ssh connection if the target host is localhost? It doesn't make much sense.
  • cdist should print target host name, task name and exist status automatically. currently you have to add a line like echo '[$__target_host] Create file xxx' manually for EACH task/type. Maybe add new attribute --name <text> for ALL types.
  • no error handle. I know we can check exist status with shell ($?), but any better way?
  • Require a new type: __service. Used to start/stop/restart network services. it should be a wrap of service command on CentOS/FreeBSD, and systemctl on systemd enabled Linux distros like CentOS (7)/Debian (8+)/Ubuntu, and rcctl on OpenBSD.
*Created by: iredmail* * [ ] doc: How about encourage user to install cdist with `easy_install`, `pip` from pypi? git version may be not so stable. And yum/apt packages in linux distributions may be out of date. * [ ] doc: where can i save ENVIRONMENT variables? It's easy to use `export TMPDIR='/tmp'` temporarily, but any config file i can store it? * [ ] doc: (ssh) how to use normal user with sudo instead of using root user directly? * [x] doc: how to use non-standard ssh port number? * [ ] doc: `-d` option is deprecated, but doc doesn't mention this, and the replacement (`-vvv`). * [ ] Don't require ssh connection if the target host is localhost? It doesn't make much sense. * [ ] cdist should print target host name, task name and exist status automatically. currently you have to add a line like `echo '[$__target_host] Create file xxx'` manually for EACH task/type. Maybe add new attribute `--name <text>` for ALL types. * [ ] no error handle. I know we can check exist status with shell (`$?`), but any better way? * [ ] Require a new type: `__service`. Used to start/stop/restart network services. it should be a wrap of `service` command on CentOS/FreeBSD, and `systemctl` on systemd enabled Linux distros like CentOS (7)/Debian (8+)/Ubuntu, and `rcctl` on OpenBSD.
ungleich-gitea added the
Stale
 label 2021-11-20 15:20:20 +00:00
ungleich-gitea commented 2021-11-20 15:44:20 +00:00
Author
Owner
Copy Link

closed

closed
ungleich-gitea commented 2021-11-20 15:44:21 +00:00
Author
Owner
Copy Link

Created by: telmich

@Unterstrichmoepunterstrich Not sure if I understand the request correctly - but cdist uses standard libc parsing, so it actually uses /etc/hosts by default

*Created by: telmich* @Unterstrichmoepunterstrich Not sure if I understand the request correctly - but cdist uses standard libc parsing, so it actually uses /etc/hosts by default
ungleich-gitea commented 2021-11-20 15:44:22 +00:00
Author
Owner
Copy Link

Created by: Unterstrichmoepunterstrich

Hello,

I have another feature request:

it would be great, when cdist would be able to parse the /etc/hosts.
E.g. you changed a dns entry and now you have to wait, so you make a entry in your hosts file. You can ping the host under the new name but you can't use ssh/cdist.

*Created by: Unterstrichmoepunterstrich* Hello, I have another feature request: it would be great, when cdist would be able to parse the /etc/hosts. E.g. you changed a dns entry and now you have to wait, so you make a entry in your hosts file. You can ping the host under the new name but you can't use ssh/cdist.
ungleich-gitea commented 2021-11-20 15:44:24 +00:00
Author
Owner
Copy Link

Created by: darko-poljak

@iredmail cdist man page and man page part of html docs in options list mentions that -d is deprecated and that -vvv should be used instead.

*Created by: darko-poljak* @iredmail cdist man page and man page part of html docs in options list mentions that -d is deprecated and that -vvv should be used instead.
ungleich-gitea commented 2021-11-20 15:44:25 +00:00
Author
Owner
Copy Link

Created by: 4nd3r

isn't there a way to bridge irc and rocket.chat?

matrix has rocket.chat bridges, for example.

*Created by: 4nd3r* isn't there a way to bridge irc and rocket.chat? matrix has rocket.chat bridges, for example.
ungleich-gitea commented 2021-11-20 15:44:26 +00:00
Author
Owner
Copy Link

Created by: telmich

@iredmail the reason why we moved away from IRC is exactly what happens in IRC: when you are away, we cannot continue the discussion / you don't see the messages that I wrote while you are away

*Created by: telmich* @iredmail the reason why we moved away from IRC is exactly what happens in IRC: when you are away, we cannot continue the discussion / you don't see the messages that I wrote while you are away
ungleich-gitea commented 2021-11-20 15:44:28 +00:00
Author
Owner
Copy Link

Created by: iredmail

How about use existing irc.freenode.net #cstar channel? My id is "zhb".

*Created by: iredmail* How about use existing irc.freenode.net #cstar channel? My id is "zhb".
ungleich-gitea commented 2021-11-20 15:44:29 +00:00
Author
Owner
Copy Link

Created by: telmich

@iredmail can I invite you to https://chat.ungleich.ch on channel #cdist for further discussion? Specifically we are debating about the macos problem that you have shown (and is actually pretty nasty)

*Created by: telmich* @iredmail can I invite you to https://chat.ungleich.ch on channel #cdist for further discussion? Specifically we are debating about the macos problem that you have shown (and is actually pretty nasty)
ungleich-gitea commented 2021-11-20 15:44:30 +00:00
Author
Owner
Copy Link

Created by: iredmail

using cdist straight from git checkout is easy, but I agree that maybe it needs some clarification. but if you are already picking cdist and shell scripting, you should be knowing what are you doing anyway eg how PATH works etc :>

about stability of git master branch - maybe keep all development under different branch (we already have beta branch, lets have next or develop?) and let master always be latest stable?

The point of using pypi edition is user always get the LATEST STABLE release, You can also mention git way (for advanced user or hacker). It's terrible that it doesn't work when user first tries it.

this can be useful if every admin has local user account with auth/sudo logging (with central syslog) so you can have lightweight solution for auditing admin actions, but this solution has some problems and I wouldn't recommend it. or you maintain complex patterns in sudoers file for type execution and... I'm not even sure if it will fly. other than that I don't see other usefulness. YMMV.

So many Amazon EC2 users use only ubuntu user with sudo.

but ssh-config is (almost) so flexible place with all matching and other clever rules etc. reimplementing all this flexibility in cdist seems bit waste of time.

I would suggest don't mess up ~/.ssh/config. This way you have to put ~/.ssh/config in same git repo of your manifest files. With Ansible, i just put all target hosts related ssh info in its inventory file.

*Created by: iredmail* > using cdist straight from git checkout is easy, but I agree that maybe it needs some clarification. but if you are already picking cdist and shell scripting, you should be knowing what are you doing anyway eg how PATH works etc :> > > about stability of git master branch - maybe keep all development under different branch (we already have beta branch, lets have next or develop?) and let master always be latest stable? The point of using pypi edition is user always get the LATEST STABLE release, You can also mention git way (for advanced user or hacker). It's terrible that it doesn't work when user first tries it. > this can be useful if every admin has local user account with auth/sudo logging (with central syslog) so you can have lightweight solution for auditing admin actions, but this solution has some problems and I wouldn't recommend it. or you maintain complex patterns in sudoers file for type execution and... I'm not even sure if it will fly. other than that I don't see other usefulness. YMMV. So many Amazon EC2 users use only `ubuntu` user with sudo. > but ssh-config is (almost) so flexible place with all matching and other clever rules etc. reimplementing all this flexibility in cdist seems bit waste of time. I would suggest don't mess up `~/.ssh/config`. This way you have to put `~/.ssh/config` in same git repo of your manifest files. With Ansible, i just put all target hosts related ssh info in its inventory file.
ungleich-gitea commented 2021-11-20 15:44:32 +00:00
Author
Owner
Copy Link

Created by: 4nd3r

doc: How about encourage user to install cdisk with easy_install, pip from pypi? git version may be not so stable. And yum/apt packages in linux distributions may be out of date.

using cdist straight from git checkout is easy, but I agree that maybe it needs some clarification. but if you are already picking cdist and shell scripting, you should be knowing what are you doing anyway eg how PATH works etc :>

about stability of git master branch - maybe keep all development under different branch (we already have beta branch, lets have next or develop?) and let master always be latest stable?

doc: (ssh) how to use normal user with sudo instead of using root user directly?

this can be useful if every admin has local user account with auth/sudo logging (with central syslog) so you can have lightweight solution for auditing admin actions, but this solution has some problems and I wouldn't recommend it. or you maintain complex patterns in sudoers file for type execution and... I'm not even sure if it will fly. other than that I don't see other usefulness. YMMV.

cdist should print target host name, task name and exist status automatically.
doc: -d option is deprecated, but doc doesn't mention this, and the replacement (-vvv).

oh really? didn't know that :> and I still find -v vs -vv bit confusing. I would excpect some very light verbosity with -v, like <host> executing <type> and that's it.

Require a new type: __service. Used to start/stop/restart network services. it should be a wrap of service command on CentOS/FreeBSD, and systemctl on systemd enabled Linux distros like CentOS (7)/Debian (8+)/Ubuntu, and rcctl on OpenBSD.

that would be useful writing cross distro/os types.

For example, we can use : as target host.
better not add an entry in ~/.ssh/config for each host i manage.

but ssh-config is (almost) so flexible place with all matching and other clever rules etc. reimplementing all this flexibility in cdist seems bit waste of time.

one thing I would maybe like to see, is ability to define specific ssh-config per inventory tag. for example I have some hosts tagged with "special-rules-for-those-hosts" etc. and then if, for example, .cdist/ssh-config-special-rules-for-those-hosts exists, it will be added to ssh command with -F. but downside here is that multiple -F <configfile> with configs merge isn't supported, so it kinda breaks purpose of tagging. it's a struggle with many hosts, which are easy to tag in cdist, but then I also need extra Match rule in .ssh/config too.

so there can be definitely some improvements, but how? :>

*Created by: 4nd3r* > doc: How about encourage user to install cdisk with easy_install, pip from pypi? git version may be not so stable. And yum/apt packages in linux distributions may be out of date. using `cdist` straight from git checkout is easy, but I agree that maybe it needs some clarification. but if you are already picking `cdist` and shell scripting, you should be knowing what are you doing anyway eg how PATH works etc :> about stability of git master branch - maybe keep all development under different branch (we already have beta branch, lets have next or develop?) and let master always be latest stable? > doc: (ssh) how to use normal user with sudo instead of using root user directly? this can be useful if every admin has local user account with auth/sudo logging (with central syslog) so you can have lightweight solution for auditing admin actions, but this solution has some problems and I wouldn't recommend it. or you maintain complex patterns in sudoers file for type execution and... I'm not even sure if it will fly. other than that I don't see other usefulness. YMMV. > cdist should print target host name, task name and exist status automatically. > doc: -d option is deprecated, but doc doesn't mention this, and the replacement (-vvv). oh really? didn't know that :> and I still find `-v` vs `-vv` bit confusing. I would excpect some very light verbosity with `-v`, like `<host> executing <type>` and that's it. > Require a new type: __service. Used to start/stop/restart network services. it should be a wrap of service command on CentOS/FreeBSD, and systemctl on systemd enabled Linux distros like CentOS (7)/Debian (8+)/Ubuntu, and rcctl on OpenBSD. that would be useful writing cross distro/os types. > For example, we can use <server>:<port> as target host. > better not add an entry in ~/.ssh/config for each host i manage. but ssh-config is (almost) so flexible place with all matching and other clever rules etc. reimplementing all this flexibility in cdist seems bit waste of time. one thing I would maybe like to see, is ability to define specific ssh-config per inventory tag. for example I have some hosts tagged with "special-rules-for-those-hosts" etc. and then if, for example, `.cdist/ssh-config-special-rules-for-those-hosts` exists, it will be added to ssh command with `-F`. but downside here is that multiple `-F <configfile>` with configs merge isn't supported, so it kinda breaks purpose of tagging. it's a struggle with many hosts, which are easy to tag in cdist, but then I also need extra Match rule in `.ssh/config` too. so there can be definitely some improvements, but how? :>
ungleich-gitea commented 2021-11-20 15:44:33 +00:00
Author
Owner
Copy Link

Created by: iredmail

We need to support more ssh options in a HOSTFILE, these options are so common and we need them for daily work. for example:

  • target host server name/address. This is ok right now since cdist requires one host per line.
  • ssh port number
  • ssh login username
  • the shell used to execute our type

Personally i think the Ansible style inventory file is very good. for example:

[group_name]
u16.mydomain.com ansible_host=172.16.100.138 ansible_port=1234 ansible_user=ubuntu
localhost ansible_connection=local ansible_python_interpreter=/usr/local/bin/python

Those ansible_* variables are officially supported by Ansible, but it's easy to extend by adding your custom variable names.

Of course i don't mean we make cdist an Ansible clone, but this inventory file is much better than cdist one.

*Created by: iredmail* We need to support more ssh options in a HOSTFILE, these options are so common and we need them for daily work. for example: * target host server name/address. This is ok right now since cdist requires one host per line. * ssh port number * ssh login username * the shell used to execute our `type` Personally i think the Ansible style inventory file is very good. for example: ``` [group_name] u16.mydomain.com ansible_host=172.16.100.138 ansible_port=1234 ansible_user=ubuntu localhost ansible_connection=local ansible_python_interpreter=/usr/local/bin/python ``` Those `ansible_*` variables are officially supported by Ansible, but it's easy to extend by adding your custom variable names. Of course i don't mean we make cdist an Ansible clone, but this inventory file is much better than cdist one.
ungleich-gitea commented 2021-11-20 15:44:34 +00:00
Author
Owner
Copy Link

Created by: telmich

Btw, thanks for opening the issue here - it's a good place to discuss!

*Created by: telmich* Btw, thanks for opening the issue here - it's a good place to discuss!
ungleich-gitea commented 2021-11-20 15:44:36 +00:00
Author
Owner
Copy Link

Created by: iredmail

I disagree.

I would prefer to do it with just cdist. For example, we can use <server>:<port> as target host. i don't want to touch other config files, better not add an entry in ~/.ssh/config for each host i manage.

*Created by: iredmail* I disagree. I would prefer to do it with just cdist. For example, we can use `<server>:<port>` as target host. i don't want to touch other config files, better not add an entry in `~/.ssh/config` for each host i manage.
ungleich-gitea commented 2021-11-20 15:44:37 +00:00
Author
Owner
Copy Link

Created by: telmich

non standard port: use ~/.ssh/config - it's not cdist's role to care about that (or in other words: ssh can do it much better)

*Created by: telmich* non standard port: use ~/.ssh/config - it's not cdist's role to care about that (or in other words: ssh can do it much better)
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
master
7.0
6.9
py3.10
ander/__package_apt_update_index
haproxy-dualstack
ander/__sed
beta
ander/os_version_debian_sid
evilham-compatibility-fixes
ander/__rsync
__snakeoil_cert
ander/update_readme
__download_improvements
feature/onchange
cleanup/string-formatting
feature/type-relationship-graph
cleanup/ssh-auth-keys-types
__letsencrypt_cert-fix-hooks
bugfix/preos-debug
bugfix/in-script-import
6.8
bugfix/sphinx-docs-build
6.7
cherry-pick-2f433a14
bugfix/make-code-consistent
6.6
regain-py3.2-support
6.5
bugfix/multiple-log-lines
matterbridge
coturn
alpinefix
matrix
new-type/network-interface
feature/process
6.4
feature/info-command
feature/libexec
6.3
preos-plugins-dir-opt
gitlab-ci
6.2
order-dep-fix
6.1
6.0
build/support-pip-from-git
feature/shell-lib
5.1
feature/support-type-deprecation
5.0
feature/python-types
4.11
4.10
shellcheck
4.9
4.8
freebsd-improvements
new-prometheus
key_value-onchange
feature/output_streams
AnotherKamila-patch-1
__letsencrypt_cert-fixes
letsencrypt-cron-fix
4.7
newtype-__letsencrypt_cert
os_explorer_devuan_fix
prometheus-exporter-fixes
daemontools-for-fbsd
type-prometheus-exporter-from-master
prometheus-more-fixes
4.6
4.5
fix-j
steven-backport
4.4
prometheus-fixes
grafana_dashboard
prometheus
daemontools
consul_improvements
feature/trigger
4.3
4.0-pre-not-stable
4.2
4.1
4.0
feature_install_and_preos
3.1
no-dot-cdist
random_dot_cdist
feature_yum_url
feature_files_export
3.0
2.3
2.2
2.1
ssh_callback
2.0
archive_shell_function_approach
1.7
1.6
1.5
1.4
1.3
1.2
1.1
1.0
7.0.0
6.9.8
6.9.7
6.9.6
6.9.5
6.9.4
6.9.3
6.9.2
6.9.1
6.9.0
6.8.0
6.7.0
6.6.0
6.5.6
6.5.5
6.5.4
6.5.3
6.5.2
6.5.1
6.5.0
6.4.0
6.3.0
6.2.0
6.1.1
6.1.0
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.1.3
5.1.2
5.1.1
5.1.0
5.0.2
5.0.1
5.0.0
4.11.1
4.11.0
4.10.11
4.10.10
4.10.9
4.10.8
4.10.7
4.10.6
4.10.5
4.10.4
4.10.3
4.10.2
4.10.1
4.10.0
4.9.1
4.9.0
4.8.4
4.8.3
4.8.2
4.8.1
4.8.0
4.7.3
4.7.2
4.7.1
4.7.0
4.6.1
4.6.0
4.5.0
4.4.4
4.4.3
4.4.2
4.4.1
4.4.0
4.3.2
4.3.1
4.3.0
4.2.2
4.2.1
4.2.0
4.1.0
4.0.0
3.1.13
tn1
3.1.12
3.1.11
3.1.10
3.1.9
3.1.8
3.1.7
3.1.6
4.0.0pre3
3.1.5
3.1.4
3.1.3
3.1.2
3.1.1
3.1.0
4.0.0pre2
3.0.9
3.0.8
3.0.7
3.0.6
3.0.5
3.0.4
3.0.3
4.0.0pre1
3.0.2
3.0.1
3.0.0
2.3.7
2.3.6
2.3.5
2.3.4
2.3.3
2.3.2
2.3.1
2.3.0
2.2.0
2.1.2
2.1.1
2.1.0
2.1.0pre8
2.1.0pre7
2.1.0pre6
2.0.15
2.1.0pre5
2.1.0pre4
2.1.0pre3
2.1.0pre2
2.1.0pre1
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.1
2.0.0
1.7.1
1.7.0
1.6.2
1.6.1
1.6.0
1.5.0
1.4.1
1.4.0
1.3.2
1.3.1
1.3.0
1.2.0
1.1.0
1.0.4
1.0.3
1.0.2
1.0.1
1.0.0
0.9.9
0.9.8
0.9.7
0.9.6
0.9.5
0.9.4
0.9.3
0.9.2
0.9.1
0.9
0.8
0.7
0.6
0.5
0.4
0.3
0.2
0.1
Labels
Clear labels   
bugfix

   
cleanup

   
discussion

   
documentation

   
doing

   
done

   
feature

   
improvement

   
packaging

   
Stale

   
testing

   
TODO
No Label
bugfix
cleanup
discussion
documentation
doing
done
feature
improvement
packaging
Stale
testing
TODO
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: ungleich-public/cdist#153
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?