Merge remote-tracking branch 'youngjin/master'
This commit is contained in:
commit
26ad54a5e3
15 changed files with 357 additions and 35 deletions
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -1,2 +1,4 @@
|
|||
/youngjin.han/dot-cdist/type/__my_computer/manifest~
|
||||
/youngjin.han/cdist.org~
|
||||
/youngjin.han/dot-cdist/type/__colourful_file/file/colourful~
|
||||
/youngjin.han/dot-cdist/type/__colourful_file/manifest~
|
||||
|
|
|
@ -1,3 +1,8 @@
|
|||
* cidst #5
|
||||
- gencode-remote : is executed on the target
|
||||
- remote code : behave as if it where ssh (e.g. ssh -o User=root)
|
||||
- gencode-local : is executed locally
|
||||
- __file has gencode-local that is need to excute and debug commands
|
||||
* singleton / non-singleton
|
||||
** non-singleton needs process ID.
|
||||
** singletion should be carried out by itself.
|
||||
|
|
|
@ -5,11 +5,17 @@ case "$__target_host" in
|
|||
__motd
|
||||
__timezone Asia/Seoul
|
||||
# __my_computer
|
||||
__colourful_file --colour yellow
|
||||
# __colourful_file --colour yellow --colour blue --colour red --colour green
|
||||
# __my_dotfiles
|
||||
# __my_nginx_site $__target_host
|
||||
;;
|
||||
jafo.laptop)
|
||||
__motd
|
||||
__timezone Asia/Seoul
|
||||
__my_computer
|
||||
# __my_computer
|
||||
;;
|
||||
*)
|
||||
# __my_nginx
|
||||
__my_nginx_site $__target_host
|
||||
;;
|
||||
esac
|
||||
|
|
|
@ -1,9 +0,0 @@
|
|||
colour=\
|
||||
yellow\
|
||||
black\
|
||||
white\
|
||||
grey\
|
||||
puple\
|
||||
green\
|
||||
red\
|
||||
blue
|
12
youngjin.han/dot-cdist/type/__colourful_file/manifest
Normal file → Executable file
12
youngjin.han/dot-cdist/type/__colourful_file/manifest
Normal file → Executable file
|
@ -1,14 +1,14 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
__file ~/colourful
|
||||
printf "colour=" > ~/colourful
|
||||
printf "colour=\n" > ~/colourful
|
||||
|
||||
# parameter with multiple values
|
||||
if [ -f "$__object/parameter/colour" ]; then
|
||||
colour="$(cat "$__object/parameter/colour")"
|
||||
echo $colour >> ~/colourful
|
||||
# for alias in $(cat "$__object/parameter/colour"); do
|
||||
# echo $alias >> ~/colourful
|
||||
# done
|
||||
# colour="$(cat "$__object/parameter/colour")"
|
||||
# printf "$colour\n" >> ~/colourful
|
||||
for alias in $(cat "$__object/parameter/colour"); do
|
||||
printf "$alias\n" >> ~/colourful
|
||||
done
|
||||
fi
|
||||
|
||||
|
|
115
youngjin.han/dot-cdist/type/__my_dotfiles/files/.bashrc
Normal file
115
youngjin.han/dot-cdist/type/__my_dotfiles/files/.bashrc
Normal file
|
@ -0,0 +1,115 @@
|
|||
# ~/.bashrc: executed by bash(1) for non-login shells.
|
||||
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
|
||||
# for examples
|
||||
|
||||
# If not running interactively, don't do anything
|
||||
case $- in
|
||||
*i*) ;;
|
||||
*) return;;
|
||||
esac
|
||||
|
||||
# don't put duplicate lines or lines starting with space in the history.
|
||||
# See bash(1) for more options
|
||||
HISTCONTROL=ignoreboth
|
||||
|
||||
# append to the history file, don't overwrite it
|
||||
shopt -s histappend
|
||||
|
||||
# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
|
||||
HISTSIZE=1000
|
||||
HISTFILESIZE=2000
|
||||
|
||||
# check the window size after each command and, if necessary,
|
||||
# update the values of LINES and COLUMNS.
|
||||
shopt -s checkwinsize
|
||||
|
||||
# If set, the pattern "**" used in a pathname expansion context will
|
||||
# match all files and zero or more directories and subdirectories.
|
||||
#shopt -s globstar
|
||||
|
||||
# make less more friendly for non-text input files, see lesspipe(1)
|
||||
#[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
|
||||
|
||||
# set variable identifying the chroot you work in (used in the prompt below)
|
||||
if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then
|
||||
debian_chroot=$(cat /etc/debian_chroot)
|
||||
fi
|
||||
|
||||
# set a fancy prompt (non-color, unless we know we "want" color)
|
||||
case "$TERM" in
|
||||
xterm-color|*-256color) color_prompt=yes;;
|
||||
esac
|
||||
|
||||
# uncomment for a colored prompt, if the terminal has the capability; turned
|
||||
# off by default to not distract the user: the focus in a terminal window
|
||||
# should be on the output of commands, not on the prompt
|
||||
#force_color_prompt=yes
|
||||
|
||||
if [ -n "$force_color_prompt" ]; then
|
||||
if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
|
||||
# We have color support; assume it's compliant with Ecma-48
|
||||
# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
|
||||
# a case would tend to support setf rather than setaf.)
|
||||
color_prompt=yes
|
||||
else
|
||||
color_prompt=
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "$color_prompt" = yes ]; then
|
||||
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
|
||||
else
|
||||
PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
|
||||
fi
|
||||
unset color_prompt force_color_prompt
|
||||
|
||||
# If this is an xterm set the title to user@host:dir
|
||||
case "$TERM" in
|
||||
xterm*|rxvt*)
|
||||
PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
|
||||
;;
|
||||
*)
|
||||
;;
|
||||
esac
|
||||
|
||||
# enable color support of ls and also add handy aliases
|
||||
if [ -x /usr/bin/dircolors ]; then
|
||||
test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
|
||||
alias ls='ls --color=auto'
|
||||
alias dir='dir --color=auto'
|
||||
alias vdir='vdir --color=auto'
|
||||
|
||||
alias grep='grep --color=auto'
|
||||
alias fgrep='fgrep --color=auto'
|
||||
alias egrep='egrep --color=auto'
|
||||
fi
|
||||
|
||||
# colored GCC warnings and errors
|
||||
#export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'
|
||||
|
||||
export TERM=xterm-256color
|
||||
|
||||
# some more ls aliases
|
||||
alias ll='ls -alF'
|
||||
alias la='ls -A'
|
||||
alias l='ls -CF'
|
||||
|
||||
# Alias definitions.
|
||||
# You may want to put all your additions into a separate file like
|
||||
# ~/.bash_aliases, instead of adding them here directly.
|
||||
# See /usr/share/doc/bash-doc/examples in the bash-doc package.
|
||||
|
||||
if [ -f ~/.bash_aliases ]; then
|
||||
. ~/.bash_aliases
|
||||
fi
|
||||
|
||||
# enable programmable completion features (you don't need to enable
|
||||
# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
|
||||
# sources /etc/bash.bashrc).
|
||||
if ! shopt -oq posix; then
|
||||
if [ -f /usr/share/bash-completion/bash_completion ]; then
|
||||
. /usr/share/bash-completion/bash_completion
|
||||
elif [ -f /etc/bash_completion ]; then
|
||||
. /etc/bash_completion
|
||||
fi
|
||||
fi
|
24
youngjin.han/dot-cdist/type/__my_dotfiles/files/.profile
Normal file
24
youngjin.han/dot-cdist/type/__my_dotfiles/files/.profile
Normal file
|
@ -0,0 +1,24 @@
|
|||
# ~/.profile: executed by the command interpreter for login shells.
|
||||
# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
|
||||
# exists.
|
||||
# see /usr/share/doc/bash/examples/startup-files for examples.
|
||||
# the files are located in the bash-doc package.
|
||||
|
||||
# the default umask is set in /etc/profile; for setting the umask
|
||||
# for ssh logins, install and configure the libpam-umask package.
|
||||
#umask 022
|
||||
|
||||
# if running bash
|
||||
if [ -n "$BASH_VERSION" ]; then
|
||||
# include .bashrc if it exists
|
||||
if [ -f "$HOME/.bashrc" ]; then
|
||||
. "$HOME/.bashrc"
|
||||
fi
|
||||
fi
|
||||
|
||||
# set PATH so it includes user's private bin if it exists
|
||||
if [ -d "$HOME/bin" ] ; then
|
||||
PATH="$HOME/bin:$PATH"
|
||||
fi
|
||||
|
||||
export PATH=$PATH:/sbin:/usr/sbin
|
10
youngjin.han/dot-cdist/type/__my_dotfiles/manifest
Executable file
10
youngjin.han/dot-cdist/type/__my_dotfiles/manifest
Executable file
|
@ -0,0 +1,10 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
cd "$__type/files/"
|
||||
dotfiles=$(ls -a .[A-z]*)
|
||||
|
||||
for df in $dotfiles; do
|
||||
__file ~/$df \
|
||||
--mode 0644 --source "$__type/files/$df"
|
||||
done
|
||||
|
0
youngjin.han/dot-cdist/type/__my_dotfiles/singleton
Normal file
0
youngjin.han/dot-cdist/type/__my_dotfiles/singleton
Normal file
8
youngjin.han/dot-cdist/type/__my_nginx/manifest
Executable file
8
youngjin.han/dot-cdist/type/__my_nginx/manifest
Executable file
|
@ -0,0 +1,8 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
# update package index
|
||||
__apt_update_index
|
||||
|
||||
require="__apt_update_index" __package nginx --state=present
|
||||
|
||||
|
0
youngjin.han/dot-cdist/type/__my_nginx/singleton
Normal file
0
youngjin.han/dot-cdist/type/__my_nginx/singleton
Normal file
|
@ -0,0 +1 @@
|
|||
echo "sudo service nginx reload"
|
54
youngjin.han/dot-cdist/type/__my_nginx_site/manifest
Executable file
54
youngjin.han/dot-cdist/type/__my_nginx_site/manifest
Executable file
|
@ -0,0 +1,54 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
os=$(cat "$__global/explorer/os")
|
||||
|
||||
case "$os" in
|
||||
devuan)
|
||||
:
|
||||
;;
|
||||
*)
|
||||
echo "OS $os currently not supported" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
nginx_config_dir="/etc/nginx/conf.d"
|
||||
domain="$__object_id"
|
||||
|
||||
__directory /var/www/html/$domain \
|
||||
--parents --mode 0755
|
||||
|
||||
require="__directory//var/www/html/$domain" \
|
||||
__file /var/www/html/$domain/index.html \
|
||||
--mode 0644 --source - << EOF
|
||||
Hello Cdist!!!
|
||||
EOF
|
||||
|
||||
__my_nginx
|
||||
|
||||
# configure nginx
|
||||
require="__my_nginx" \
|
||||
__file "$nginx_config_dir/${domain}.conf" \
|
||||
--mode 0644 --source - << EOF
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name $domain;
|
||||
|
||||
access_log /var/log/nginx/access.log;
|
||||
|
||||
client_max_body_size 256m;
|
||||
|
||||
location / {
|
||||
root /var/www/html/$domain;
|
||||
index index.html index.htm;
|
||||
}
|
||||
|
||||
error_page 500 502 503 504 /50x.html;
|
||||
|
||||
location = /50x.html {
|
||||
root /var/www/html/$domain;
|
||||
}
|
||||
}
|
||||
EOF
|
|
@ -1,24 +1,130 @@
|
|||
* 2020-05-15
|
||||
*** cdist #6: Glueing it together
|
||||
**** Lecture content
|
||||
***** Objective
|
||||
- Apply learnings from the previous cdist sessions
|
||||
***** Steps 1: *__all_in_one* (1.25h)
|
||||
- Create a new type named *__all_in_one*
|
||||
- Decide yourself whether it is a singleton or not
|
||||
- Reason why in your cdist.org file
|
||||
- It should work on alpine, debian and fedora
|
||||
- It accepts the following parameters:
|
||||
- *--with-x* (boolean)
|
||||
- *--extra-packages* (optional multiple)
|
||||
- On Alpine, it should install netcat-openbsd and tshark
|
||||
- On Debian, it should install netcat tshark
|
||||
- On Fedora, it should install nmap-ncat wireshark-cli
|
||||
- On all operating systems install socat sipcalc sudo
|
||||
- If the detected operating system is neither
|
||||
Alpine/Debian/Fedora, output an error message and abort the
|
||||
manifest with exit code 1
|
||||
- Additionally install all packages specified by the *--extra-packages* parameter
|
||||
***** Steps 2: *__firewall* (1.25h)
|
||||
- Create a new type *__my_firewall*
|
||||
- Add a *type explorer* to find out whether nft is present on
|
||||
the target system
|
||||
- Add a required parameter named *file*
|
||||
- If the type explorer does not detect nft on the target system,
|
||||
abort with an error message
|
||||
- Deploy the specified file to */etc/my-nftables*
|
||||
- Add a *type explorer* that reads the current nft rules
|
||||
- If the rules are different on the target host, apply the new
|
||||
ruleset by generating code in *gencode-remote*
|
||||
- If the filename specified by the *file* parameter is *-* (the
|
||||
minus sign), then the type should read from *stdin*
|
||||
***** Step 3: manifest (0.5h)
|
||||
- Create a new manifest in the folder that contains the initial manifest
|
||||
- Name the new manifest *firewall*
|
||||
- Source the *firewall* manifest in the *initial* manifest
|
||||
- In the *firewall* manifest, match on *localhost*
|
||||
- Install nftables
|
||||
- Use the *__firewall* type
|
||||
- Use correct *require* parameter to ensure that nftables is
|
||||
installed before the *__firewall* type is run
|
||||
* 2020-05-13
|
||||
*** cdist #5: Generating Code & Exploring
|
||||
**** Lecture content
|
||||
***** Objective
|
||||
- Understand how to *generate code* and when to use it
|
||||
- Exploring explorers
|
||||
***** DONE Code generation steps
|
||||
CLOSED: [2020-05-14 목 00:54]
|
||||
- Modify the previously created type *__my_nginx_site*
|
||||
- Read about cdist messaging
|
||||
- If there was a change in the nginx configuration file, reload nginx
|
||||
***** DONE Explorer steps
|
||||
CLOSED: [2020-05-14 목 00:54]
|
||||
- Modify the *__my_nginx_site* type to use the *os explorer*
|
||||
- Adjust your type to work on Alpine Linux and Debian (or two
|
||||
other Linux distributions of your choice)
|
||||
- Set the nginx configuration directory accordingly
|
||||
***** DONE Documentation
|
||||
CLOSED: [2020-05-14 목 00:54]
|
||||
- Explain the following in your cdist.org file
|
||||
- What is the difference between gencode-remote and the remote code?
|
||||
- What is the difference between gencode-local and gencode-remote?
|
||||
- Locate a type that comes with upstream cdist that uses
|
||||
gencode-local - which one is it? Why does it need gencode-local?
|
||||
* 2020-05-11
|
||||
*** cdist #4: Requirements
|
||||
**** Lecture content
|
||||
***** Objective
|
||||
- Understand how requirements work
|
||||
***** DONE Create a new type *__my_nginx*
|
||||
CLOSED: [2020-05-12 화 02:22]
|
||||
- Make it a *singleton*
|
||||
- Make it install nginx
|
||||
- Configure a host with it
|
||||
- Usually nginx is configured includes some files
|
||||
- On the target host find out which directory nginx includes
|
||||
- We name this directory *nginx_config_dir*
|
||||
***** DONE Create a new type *__my_nginx_site*
|
||||
CLOSED: [2020-05-12 화 02:22]
|
||||
- Assume the *object_id* is a *domain*
|
||||
- In the __my_nginx_site create a file inside the *nginx_config_dir*
|
||||
- The filename is *${domain}.conf*
|
||||
- When using *__file*, it should *require* the *nginx package*
|
||||
- Read about cdist dependencies
|
||||
- The file should be a valid nginx configuration
|
||||
- The *server name* should be set to the specified domain
|
||||
- The *root* directive should point to /var/www/html/DOMAIN
|
||||
- (replace DOMAIN with the actual domain)
|
||||
***** DONE Use both types in the initial manifest to configure the target host
|
||||
CLOSED: [2020-05-15 금 21:07]
|
||||
- Create at least two domains
|
||||
***** DONE Configure the target host
|
||||
CLOSED: [2020-05-15 금 21:08]
|
||||
- Verify that the configuration files are properly created
|
||||
***** DONE Delete the nginx package manually on the target host
|
||||
CLOSED: [2020-05-15 금 21:08]
|
||||
***** DONE Comment out *__my_nginx* from the initial manifest, keep the *__my_nginx_site*
|
||||
CLOSED: [2020-05-15 금 21:08]
|
||||
- Explain the error that you get (in your cdist.org file)
|
||||
* 2020-05-08
|
||||
*** cdist #3: type parameters
|
||||
**** Lecture content
|
||||
***** TODO Create a new type named *__colourful_file*
|
||||
****** TODO The objective is to create a type that creates colourful file
|
||||
****** TODO The content of the file should be "colour=...", where "..." is a colour specified by a parameter
|
||||
****** TODO Add an *optional parameter* named *colour*
|
||||
****** TODO Use the **__file** type inside your type to create a file
|
||||
****** TODO Use the *$__object_id* variable inside your type
|
||||
***** TODO Extend your type to be more colourful
|
||||
****** TODO Modify the *optional parameter* to be able to be specified *multiple times*
|
||||
****** TODO For each time it is specified, add a line "colour=..." to the file
|
||||
***** TODO Create a new type *__my_dotfiles*
|
||||
****** TODO Objective is to manage the dotfiles in your home directory
|
||||
****** TODO Make it a *singleton* type
|
||||
****** TODO Create a sub directory *files* in the type
|
||||
****** TODO Add your .emacs config to the files folder
|
||||
****** TODO Add a *for* loop to your type to deploy .[A-z]* to your home directory
|
||||
****** TODO Add a .bashrc or .zshrc to the files folder (depending on your shell)
|
||||
****** TODO In the initial manifest, add __my_dotfiles when the target host is localhost
|
||||
***** TODO As usual commit all changes to your ungleich-learning-circle repo
|
||||
***** DONE Create a new type named *__colourful_file*
|
||||
CLOSED: [2020-05-15 금 20:29]
|
||||
- The objective is to create a type that creates colourful file
|
||||
- The content of the file should be "colour=...", where "..." is a colour specified by a parameter
|
||||
- Add an *optional parameter* named *colour*
|
||||
- Use the **__file** type inside your type to create a file
|
||||
- Use the *$__object_id* variable inside your type
|
||||
***** DONE Extend your type to be more colourful
|
||||
CLOSED: [2020-05-15 금 20:29]
|
||||
- Modify the *optional parameter* to be able to be specified *multiple times*
|
||||
- For each time it is specified, add a line "colour=..." to the file
|
||||
***** DONE Create a new type *__my_dotfiles*
|
||||
CLOSED: [2020-05-15 금 21:07]
|
||||
- Objective is to manage the dotfiles in your home directory
|
||||
- Make it a *singleton* type
|
||||
- Create a sub directory *files* in the type
|
||||
- Add your .emacs config to the files folder
|
||||
- Add a *for* loop to your type to deploy .[A-z]* to your home directory
|
||||
- Add a .bashrc or .zshrc to the files folder (depending on your shell)
|
||||
- In the initial manifest, add __my_dotfiles when the target host is localhost
|
||||
***** DONE As usual commit all changes to your ungleich-learning-circle repo
|
||||
CLOSED: [2020-05-15 금 21:07]
|
||||
* 2020-05-06
|
||||
** cdist #2: Your first cdist type
|
||||
**** Lecture content
|
||||
|
|
Loading…
Reference in a new issue