diff --git a/.gitignore b/.gitignore index 1be44a1..a7ddd91 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,4 @@ /youngjin.han/dot-cdist/type/__my_computer/manifest~ /youngjin.han/cdist.org~ +/youngjin.han/dot-cdist/type/__colourful_file/file/colourful~ +/youngjin.han/dot-cdist/type/__colourful_file/manifest~ diff --git a/balazs/dot-cdist/manifest/init b/balazs/dot-cdist/manifest/init index 0a4061b..9fd9bdc 100644 --- a/balazs/dot-cdist/manifest/init +++ b/balazs/dot-cdist/manifest/init @@ -6,16 +6,14 @@ case "$__target_host" in # Copy a cool motd from the type's file directory __motd --source "$__files/motd" -# __package emacs --state present - __timezone Europe/Zurich __my_computer -# __my_nginx + __my_nginx - __my_nginx_site woo.com - __my_nginx_site chee.se + require="__my_nginx" __my_nginx_site woo.com + require="__my_nginx" __my_nginx_site chee.se ;; esac diff --git a/balazs/dot-cdist/type/__my_computer/manifest~ b/balazs/dot-cdist/type/__my_computer/manifest~ deleted file mode 100755 index a6ac13d..0000000 --- a/balazs/dot-cdist/type/__my_computer/manifest~ +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -e - -#This is a type for practice, used to learn cdist and configure a laptop. - - -for pkg in ndisc6 emacs zsh mosh nmap sipcalc; - do __package $pkg --state present; -done diff --git a/balazs/dot-cdist/type/__my_nginx_site/gencode-remote b/balazs/dot-cdist/type/__my_nginx_site/gencode-remote new file mode 100644 index 0000000..7a74b98 --- /dev/null +++ b/balazs/dot-cdist/type/__my_nginx_site/gencode-remote @@ -0,0 +1,23 @@ +os=$(cat "$__global/explorer/os") + +#if grep -q "$something_from_message_in" "$__messages_in"; then + +case "${os}" in + alpine|gentoo) + echo /etc/init.d/nginx reload + ;; + debian|ubuntu) + echo "/usr/bin/systemctl reload nginx" + ;; +esac + +#fi + + +#if grep -q "^__your_type/object/id:conf_file_changed" "$__messages_in"; then +# echo "$reload_command" +#fi + +# Testing env -> variables are not shared between the type's manifest and the gencode-remote script +# Maybe the variables are eval-ed on the local host and won't get transferred to the remote host? +#echo "echo \"$reload_command\" >> /tmp/cmd" \ No newline at end of file diff --git a/balazs/dot-cdist/type/__my_nginx_site/manifest b/balazs/dot-cdist/type/__my_nginx_site/manifest index 7bdad79..0dbfbb6 100644 --- a/balazs/dot-cdist/type/__my_nginx_site/manifest +++ b/balazs/dot-cdist/type/__my_nginx_site/manifest @@ -1,3 +1,8 @@ +os="$(cat "$__global/explorer/os")" + +# Note: __service nginx --action reload + + domain="$__object_id" nginx_config_dir="/etc/nginx/conf.d" @@ -15,3 +20,5 @@ server { } EOF +# Messaging is not needed because atm I assume that the config file will get overwritten every run, even if the contents are the same. +#echo "conf_file_changed" >> "$__messages_out" \ No newline at end of file diff --git a/balazs/dot-cdist/type/__my_nginx_site/manifest~ b/balazs/dot-cdist/type/__my_nginx_site/manifest~ deleted file mode 100644 index bbc7518..0000000 --- a/balazs/dot-cdist/type/__my_nginx_site/manifest~ +++ /dev/null @@ -1 +0,0 @@ -require="__package/nginx" __file $nginx_config_dir/"$__object_id".conf \ No newline at end of file diff --git a/kjg/dot-cdist/type/__all_in_one/parameter/optional_multiple~ b/kjg/dot-cdist/type/__all_in_one/parameter/optional_multiple~ new file mode 100644 index 0000000..d9d6344 --- /dev/null +++ b/kjg/dot-cdist/type/__all_in_one/parameter/optional_multiple~ @@ -0,0 +1 @@ +extra-packages \ No newline at end of file diff --git a/kjg/dot-cdist/type/__my_firewall/gencode-remote~ b/kjg/dot-cdist/type/__my_firewall/gencode-remote~ new file mode 100644 index 0000000..d263ed7 --- /dev/null +++ b/kjg/dot-cdist/type/__my_firewall/gencode-remote~ @@ -0,0 +1,5 @@ +#!/bin/sh -e + +if [! -f echo "diff /etc/my-nftables /etc/readnfrule"]; then + echo "nft -f /etc/my-nftables" +fi diff --git a/kjg/dot-cdist/type/__my_firewall/manifest~ b/kjg/dot-cdist/type/__my_firewall/manifest~ new file mode 100644 index 0000000..8f1f178 --- /dev/null +++ b/kjg/dot-cdist/type/__my_firewall/manifest~ @@ -0,0 +1,40 @@ +#!/bin/sh + +os=$(cat "$__global/explorer/os") + +nft_path="/etc/my-nftables" + +case "$os" in + alpine) + os_pkgs="netcat-openbsd and tshark" + ;; + debian|devuan) + os_pkgs="netcat tshark" + ;; + fedora) + os_pkgs="nmap-ncat wireshark-cli" + ;; + *) + echo "OS $os currently not supported" >&2 + exit 1 + ;; +esac + +if [ ! -f "$__global/explorer/exists" ];then + echo "crrently no nft" >&2 + exit 1 +fi + +if ["-" -eq "$__object/parameter/file" ]; then + filename="$__object/stdin" + +else + filename=($__object/parameter/file) +fi + +__file ${nft_path} --mode 644 --source "$__type/files/${filename}" + + +if [ -f "$__global/explorer/nfrule" ]; then + echo "$__global/explorer//nfrule" > /etc/readrule +fi diff --git a/sami/.gitignore b/sami/.gitignore new file mode 100644 index 0000000..72e7b61 --- /dev/null +++ b/sami/.gitignore @@ -0,0 +1,21 @@ + +# Created by https://www.gitignore.io/api/linux +# Edit at https://www.gitignore.io/?templates=linux + +### Linux ### +*~ + +# temporary files which can be created if a process still has a handle open of a deleted file +.fuse_hidden* + +# KDE directory preferences +.directory + +# Linux trash folder which might appear on any partition or disk +.Trash-* + +# .nfs files are created when an open file is removed but is still being accessed +.nfs* + +# End of https://www.gitignore.io/api/linux + diff --git a/sami/my-cdist/.cdist/files/motd b/sami/my-cdist/.cdist/files/motd new file mode 100644 index 0000000..7ce6bf3 --- /dev/null +++ b/sami/my-cdist/.cdist/files/motd @@ -0,0 +1 @@ +my message of the day diff --git a/sami/my-cdist/.cdist/manifest/init b/sami/my-cdist/.cdist/manifest/init index e69de29..8f12e3b 100644 --- a/sami/my-cdist/.cdist/manifest/init +++ b/sami/my-cdist/.cdist/manifest/init @@ -0,0 +1,15 @@ +case "$__target_host" in + localhost) + #target is configured with cdist + __file /etc/cdist-configured + + # motd from th file directory + __motd --source "$__files/motd" + + __timezone Europe/Zurich + + # types to be used + __my_computer +;; +esac + diff --git a/sami/my-cdist/.cdist/sample b/sami/my-cdist/.cdist/sample deleted file mode 100644 index c28e3ac..0000000 --- a/sami/my-cdist/.cdist/sample +++ /dev/null @@ -1 +0,0 @@ -__sample_bottle_hosting --projectname sample --user app --domain $__target_host sample diff --git a/sami/my-cdist/.cdist/type/__all_in_one/manifest b/sami/my-cdist/.cdist/type/__all_in_one/manifest new file mode 100644 index 0000000..1869a29 --- /dev/null +++ b/sami/my-cdist/.cdist/type/__all_in_one/manifest @@ -0,0 +1,30 @@ +os="$(cat "$__global/explorer/os")" +case "$os" in + fedora) + __package nmap-ncat --state present + __package wireshark-cli --state present + +;; + debian) + + __package netcat --state present + __package tshark --state present + + + alpine) + + __package netcat-openbsd --state present + __package tshark --state present +;; + + +*) + echo "Don't know how to manage packages on: $os" >&2 + exit 1 + ;; +esac + + + __package socat --state present __package sipcalc --state present __package sudo --state present + + diff --git a/sami/my-cdist/.cdist/type/__all_in_one/parameter/boolean b/sami/my-cdist/.cdist/type/__all_in_one/parameter/boolean new file mode 100644 index 0000000..b776efe --- /dev/null +++ b/sami/my-cdist/.cdist/type/__all_in_one/parameter/boolean @@ -0,0 +1 @@ +--with-x diff --git a/sami/my-cdist/.cdist/type/__sample_nginx/gencode-remote b/sami/my-cdist/.cdist/type/__all_in_one/parameter/optional similarity index 100% rename from sami/my-cdist/.cdist/type/__sample_nginx/gencode-remote rename to sami/my-cdist/.cdist/type/__all_in_one/parameter/optional diff --git a/sami/my-cdist/.cdist/type/__all_in_one/singleton b/sami/my-cdist/.cdist/type/__all_in_one/singleton new file mode 100644 index 0000000..e69de29 diff --git a/sami/my-cdist/.cdist/type/__colorful_file/manifest b/sami/my-cdist/.cdist/type/__colorful_file/manifest new file mode 100644 index 0000000..746ea5e --- /dev/null +++ b/sami/my-cdist/.cdist/type/__colorful_file/manifest @@ -0,0 +1,24 @@ +# required parameter +#servername="$(cat "$__object/parameter/servername")" + +# optional parameter +if [ -f "$__object/parameter/optional" ]; then + logdirectory="$(cat "$__object/parameter/optional")" +fi + +# optional parameter with predefined default +#loglevel="$(cat "$__object/parameter/loglevel")" + +# boolean parameter +#if [ -f "$__object/parameter/use_ssl" ]; then + # file exists -> True + # do some fancy ssl stuff +#fi + +# parameter with multiple values +#if [ -f "$__object/parameter/server_colorful" ]; then + # for alias in $(cat "$__object/parameter/server_alias"); do + # echo $alias > /some/where/useful + #done +#fi + diff --git a/sami/my-cdist/.cdist/type/__colorful_file/parameter/optional b/sami/my-cdist/.cdist/type/__colorful_file/parameter/optional new file mode 100644 index 0000000..7169fdc --- /dev/null +++ b/sami/my-cdist/.cdist/type/__colorful_file/parameter/optional @@ -0,0 +1 @@ +colorful diff --git a/sami/my-cdist/.cdist/type/__my_computer/manifest b/sami/my-cdist/.cdist/type/__my_computer/manifest new file mode 100755 index 0000000..662e44c --- /dev/null +++ b/sami/my-cdist/.cdist/type/__my_computer/manifest @@ -0,0 +1,33 @@ +#!/bin/sh -e +# +# 2012 Nico Schottelius (nico-cdist at schottelius.org) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# +# Ensure sipcalc is present + + +__package sipcalc --state present + +__package emacs --state present + +__package firefox --state present + +__package nmap --state present + +__package zsh --state present + diff --git a/sami/my-cdist/.cdist/type/__my_computer/singleton b/sami/my-cdist/.cdist/type/__my_computer/singleton new file mode 100644 index 0000000..e69de29 diff --git a/sami/my-cdist/.cdist/type/__my_firewall/explorer/package-ensured b/sami/my-cdist/.cdist/type/__my_firewall/explorer/package-ensured new file mode 100644 index 0000000..0a37062 --- /dev/null +++ b/sami/my-cdist/.cdist/type/__my_firewall/explorer/package-ensured @@ -0,0 +1,9 @@ +if [ -f "$__object/parameter/name" ]; then + name="$(cat "$__object/parameter/name")" +else + name="$__object_id" +fi + +# Expect dpkg failing, if package is not known / installed +dpkg -s "$name" 2>/dev/null || exit 0 + diff --git a/sami/my-cdist/.cdist/type/__my_firewall/manifest b/sami/my-cdist/.cdist/type/__my_firewall/manifest new file mode 100644 index 0000000..e69de29 diff --git a/sami/my-cdist/.cdist/type/__my_firewall/parameter/required b/sami/my-cdist/.cdist/type/__my_firewall/parameter/required new file mode 100644 index 0000000..f73f309 --- /dev/null +++ b/sami/my-cdist/.cdist/type/__my_firewall/parameter/required @@ -0,0 +1 @@ +file diff --git a/sami/my-cdist/.cdist/type/__nginx/manifest b/sami/my-cdist/.cdist/type/__nginx/manifest new file mode 100644 index 0000000..f9b246e --- /dev/null +++ b/sami/my-cdist/.cdist/type/__nginx/manifest @@ -0,0 +1 @@ +__package nginx --state present diff --git a/sami/my-cdist/.cdist/type/__nginx/singleton b/sami/my-cdist/.cdist/type/__nginx/singleton new file mode 100644 index 0000000..e69de29 diff --git a/sami/my-cdist/.cdist/type/__sample_nginx_http_letsencrypt_and_ssl_redirect/gencode-remote b/sami/my-cdist/.cdist/type/__nginx_site/gencode-remote similarity index 54% rename from sami/my-cdist/.cdist/type/__sample_nginx_http_letsencrypt_and_ssl_redirect/gencode-remote rename to sami/my-cdist/.cdist/type/__nginx_site/gencode-remote index 9adb30b..2c5a080 100644 --- a/sami/my-cdist/.cdist/type/__sample_nginx_http_letsencrypt_and_ssl_redirect/gencode-remote +++ b/sami/my-cdist/.cdist/type/__nginx_site/gencode-remote @@ -1 +1,3 @@ +# Reacting on message + echo "service nginx reload" diff --git a/sami/my-cdist/.cdist/type/__nginx_site/manifest b/sami/my-cdist/.cdist/type/__nginx_site/manifest new file mode 100644 index 0000000..3fa56dc --- /dev/null +++ b/sami/my-cdist/.cdist/type/__nginx_site/manifest @@ -0,0 +1,21 @@ + +os=$(cat "$__global/explorer/os") + +domain="$__object_id" +nginx_config_dir="/etc/nginx/conf.d" + +require="__package/nginx" __file $nginx_config_dir/$domain.conf --source - << EOF + +server { + + server_name $domain; + listen [::]:80 ; + + location / { + autoindex on; + root /var/www/html/$domain; + } +} +EOF + + diff --git a/sami/my-cdist/.cdist/type/__sample_bottle_hosting/gencode-remote b/sami/my-cdist/.cdist/type/__sample_bottle_hosting/gencode-remote deleted file mode 100644 index a4cceb5..0000000 --- a/sami/my-cdist/.cdist/type/__sample_bottle_hosting/gencode-remote +++ /dev/null @@ -1 +0,0 @@ -echo "service nginx restart" diff --git a/sami/my-cdist/.cdist/type/__sample_bottle_hosting/manifest b/sami/my-cdist/.cdist/type/__sample_bottle_hosting/manifest deleted file mode 100644 index d0b9ecd..0000000 --- a/sami/my-cdist/.cdist/type/__sample_bottle_hosting/manifest +++ /dev/null @@ -1,43 +0,0 @@ -os=$(cat "$__global/explorer/os") - -case "$os" in - ubuntu) - : - ;; - *) - echo "OS $os currently not supported" >&2 - exit 1 - ;; -esac - - -user="$(cat "$__object/parameter/user")" -home="/home/$user" -apphome="$home/app" - -# create user -__user "$user" --home "$home" --shell /bin/bash -# create user home dir -require="__user/$user" __directory "$home" \ - --owner "$user" --group "$user" --mode 0755 -# create app home dir -require="__user/$user __directory/$home" __directory "$apphome" \ - --state present --owner "$user" --group "$user" --mode 0755 - - -# define packages that need to be installed -packages_to_install="nginx uwsgi-plugin-python3 python3-dev python3-pip postgresql postgresql-contrib libpq-dev python3-venv uwsgi python3-psycopg2" - -# update package index -__apt_update_index -# install packages -for package in $packages_to_install - do require="__apt_update_index" __package $package --state=present -done - -# install pip3 packages -for package in bottle bottle-pgsql; do - __package_pip --pip pip3 $package -done - - diff --git a/sami/my-cdist/.cdist/type/__sample_bottle_hosting/parameter/required b/sami/my-cdist/.cdist/type/__sample_bottle_hosting/parameter/required deleted file mode 100644 index 719e766..0000000 --- a/sami/my-cdist/.cdist/type/__sample_bottle_hosting/parameter/required +++ /dev/null @@ -1,4 +0,0 @@ -# required parameter -projectname -user -domain diff --git a/sami/my-cdist/.cdist/type/__sample_nginx/manifest b/sami/my-cdist/.cdist/type/__sample_nginx/manifest deleted file mode 100644 index 14a9ac9..0000000 --- a/sami/my-cdist/.cdist/type/__sample_nginx/manifest +++ /dev/null @@ -1,13 +0,0 @@ -domain="$(cat "$__object/parameter/domain")" -webroot="/var/www/html" -__sample_nginx_http_letsencrypt_and_ssl_redirect "$domain" --webroot "$webroot" - - -# create SSL cert -require="__package/nginx __sample_nginx_http_letsencrypt_and_ssl_redirect/$domain" \ - __letsencrypt_cert --admin-email samuel.hailu@ungleich.ch \ - --webroot "$webroot" \ - --automatic-renewal \ - --renew-hook "service nginx reload" \ - --domain "$domain" \ - "$domain" diff --git a/sami/my-cdist/.cdist/type/__sample_nginx_http_letsencrypt_and_ssl_redirect/manifest b/sami/my-cdist/.cdist/type/__sample_nginx_http_letsencrypt_and_ssl_redirect/manifest deleted file mode 100644 index 38ca444..0000000 --- a/sami/my-cdist/.cdist/type/__sample_nginx_http_letsencrypt_and_ssl_redirect/manifest +++ /dev/null @@ -1,25 +0,0 @@ -domain="$__object_id" -webroot="$(cat "$__object/parameter/webroot")" -# make sure we have nginx package -__package nginx -# setup Let's Encrypt HTTP acme challenge, redirect HTTP to HTTPS -require="__package/nginx" __file "/etc/nginx/sites-enabled/http-$domain" \ - --source - --mode 0644 << EOF -server { - listen *:80; - listen [::]:80; - - server_name $domain; - - # Let's Encrypt - location /.well-known/acme-challenge/ { - root $webroot; - } - - # Everything else -> SSL - location / { - return 301 https://\$host\$request_uri; - } -} - -EOF diff --git a/sami/my-cdist/.cdist/type/__sample_nginx_http_letsencrypt_and_ssl_redirect/parameter/required b/sami/my-cdist/.cdist/type/__sample_nginx_http_letsencrypt_and_ssl_redirect/parameter/required deleted file mode 100644 index fc7c3e9..0000000 --- a/sami/my-cdist/.cdist/type/__sample_nginx_http_letsencrypt_and_ssl_redirect/parameter/required +++ /dev/null @@ -1 +0,0 @@ -webroot diff --git a/sami/my-org-files/.git.ignore b/sami/my-org-files/.git.ignore new file mode 100644 index 0000000..e69de29 diff --git a/sami/my-org-files/cdist.org/cdist#1-intro.org b/sami/my-org-files/cdist.org/cdist#1-intro.org new file mode 100644 index 0000000..89f31bc --- /dev/null +++ b/sami/my-org-files/cdist.org/cdist#1-intro.org @@ -0,0 +1,38 @@ +*** cdist #1: Introduction +**** Lecture content +***** Objective +****** Begin to use cdist +***** Steps +****** Install cdist locally https://www.cdi.st/manual/latest/cdist-quickstart.html +****** Create a new cdist configuration directory in ~/ungleich-learning-circle/USERNAME/dot-cdist +****** Create an empty initial manifest +****** Commit that status +****** Ensure that you can login as root to localhost via ssh without a password +****** Configure cdist to configures the motd of your localhost +******* Ensure you have a case block matching on $__target_host +******* Use the -c parameter to cdist to specify the configuration directory +******* Use the -vv parameter to get more verbose output +****** Configure cdist to create the file /etc/cdist-configured +****** Configure cdist to setup the timezone on your local computer +****** Configure cdist to ensure emacs is installed +****** Ensure that in the end all changes are committed in your repository + +* init.file +- sami@cdist/manifest$ cat init +case "$__target_host" in + localhost) + #target is configured with cdist + __file /etc/cdist-configured + + # motd from th file directory + __motd --source "$__files/motd" + + __timezone Europe/Zurich + + +;; +esac + + +* Types manifest for installing packages or insuring that packages are installed +- __package emacs --state present diff --git a/sami/my-org-files/cdist.org/cdist#2-type.org b/sami/my-org-files/cdist.org/cdist#2-type.org new file mode 100644 index 0000000..614d705 --- /dev/null +++ b/sami/my-org-files/cdist.org/cdist#2-type.org @@ -0,0 +1,24 @@ +*** cdist #2: Your first cdist type +**** Lecture content +***** Objective +****** Begin to understand how cdist types function +******* Types are the main component of cdist and define functionality. If you use cdist, you'll write a type for every functionality you would like to use. +***** Steps +****** Create a new type named `__my_computer` + - Mark the type as a singleton type (If a type is flagged as a singleton, it may be used only once per host.) + - Create a `manifest` file in it + - Use this type to install the following packages: zsh, mosh, emacs, nmap, sipcalc + - Edit the *initial manifest* and use **__my_computer** - Here we have to simply add __my_computer in the types file + **localhost** + - Match using the $__target_host variable +****** Modify your type to use a *for loop* to install the packages +****** Deploy / manage your ~/.emacs file in this type + - Ensure that permissions and ownership are correct +****** Use different *verbosity* levels when configuring +****** Ensure that all your changes are committed and pushed in your ungleich-learning-circle repository + - Use magit inside emacs for that +***** Documentation steps to be done in cdist.org + - Create a new org document named `cdist.org` in the safind . -name "~/.emacs"me folder as the learning.org file + - Explain the difference between a singleton and non-singleton type + - Explain the difference between the different verbosity levels + - Document (copy&paste) some of the cdist runs in a "log" section```find . -name "~/.emacs" diff --git a/sami/my-org-files/cdist.org/cdist#5-messsaging b/sami/my-org-files/cdist.org/cdist#5-messsaging new file mode 100644 index 0000000..16c809f --- /dev/null +++ b/sami/my-org-files/cdist.org/cdist#5-messsaging @@ -0,0 +1,15 @@ +cdist #5: Generating Code & Exploring + +* Understanding how to generate code and when to use it +** define gencode-remote script: ~/.cdist/type/__nginx_site. After manifest is applied it should restart services so configuration is active. Our gencode-remote looks like echo "service nginx restart" + +* Modify the previously created type *__my_nginx_site* +** We modify the previously created type so that the gencode-remote script reacts accordingly +- echo "if_configurationfile_changes" >> "$__messages_out" + +* Read about cdist messaging +** cdist has a simple but powerful way of allowing communication between the initial manifest and types as well as types and types. +* What is the difference between gencode-local and gencode-remote? + +** gencode-remote used to generate code to be executed on the target host +** gencode-local used to generate code to be executed on the source host diff --git a/sami/my-org-files/cdist.org/cdist.org b/sami/my-org-files/cdist.org/cdist.org new file mode 100644 index 0000000..a6bb386 --- /dev/null +++ b/sami/my-org-files/cdist.org/cdist.org @@ -0,0 +1,15 @@ +* cdist #5: Generating Code & Exploring + +* Understanding how to generate code and when to use it +** define gencode-remote script: ~/.cdist/type/__nginx_site. After manifest is applied it should restart services so configuration is active. Our gencode-remote looks like echo "service nginx restart" + +* Modify the previously created type *__my_nginx_site* +** We modify the previously created type so that the gencode-remote script reacts accordingly +- echo "if_configurationfile_changes" >> "$__messages_out" + +* Read about cdist messaging +** cdist has a simple but powerful way of allowing communication between the initial manifest and types as well as types and types. +* What is the difference between gencode-local and gencode-remote? + +** gencode-remote used to generate code to be executed on the target host +** gencode-local used to generate code to be executed on the source host \ No newline at end of file diff --git a/youngjin.han/cdist.org b/youngjin.han/cdist.org index 4609010..4e9c0bc 100644 --- a/youngjin.han/cdist.org +++ b/youngjin.han/cdist.org @@ -1,3 +1,8 @@ +* cidst #5 + - gencode-remote : is executed on the target + - remote code : behave as if it where ssh (e.g. ssh -o User=root) + - gencode-local : is executed locally + - __file has gencode-local that is need to excute and debug commands * singleton / non-singleton ** non-singleton needs process ID. ** singletion should be carried out by itself. diff --git a/youngjin.han/dot-cdist/manifest/init b/youngjin.han/dot-cdist/manifest/init index 1645f89..48e4995 100644 --- a/youngjin.han/dot-cdist/manifest/init +++ b/youngjin.han/dot-cdist/manifest/init @@ -4,6 +4,18 @@ case "$__target_host" in localhost) __motd __timezone Asia/Seoul - __my_computer +# __my_computer +# __colourful_file --colour yellow --colour blue --colour red --colour green +# __my_dotfiles +# __my_nginx_site $__target_host + ;; + jafo.laptop) + __motd + __timezone Asia/Seoul +# __my_computer + ;; + *) +# __my_nginx + __my_nginx_site $__target_host ;; esac diff --git a/youngjin.han/dot-cdist/type/__colourful_file/manifest b/youngjin.han/dot-cdist/type/__colourful_file/manifest new file mode 100755 index 0000000..493b7d1 --- /dev/null +++ b/youngjin.han/dot-cdist/type/__colourful_file/manifest @@ -0,0 +1,14 @@ +#!/bin/sh -e + +__file ~/colourful +printf "colour=\n" > ~/colourful + +# parameter with multiple values +if [ -f "$__object/parameter/colour" ]; then +# colour="$(cat "$__object/parameter/colour")" +# printf "$colour\n" >> ~/colourful + for alias in $(cat "$__object/parameter/colour"); do + printf "$alias\n" >> ~/colourful + done +fi + diff --git a/youngjin.han/dot-cdist/type/__colourful_file/parameter/optional_multiple b/youngjin.han/dot-cdist/type/__colourful_file/parameter/optional_multiple new file mode 100644 index 0000000..b0d95fa --- /dev/null +++ b/youngjin.han/dot-cdist/type/__colourful_file/parameter/optional_multiple @@ -0,0 +1 @@ +colour diff --git a/youngjin.han/dot-cdist/type/__colourful_file/singleton b/youngjin.han/dot-cdist/type/__colourful_file/singleton new file mode 100644 index 0000000..e69de29 diff --git a/youngjin.han/dot-cdist/type/__my_dotfiles/files/.bashrc b/youngjin.han/dot-cdist/type/__my_dotfiles/files/.bashrc new file mode 100644 index 0000000..2a25145 --- /dev/null +++ b/youngjin.han/dot-cdist/type/__my_dotfiles/files/.bashrc @@ -0,0 +1,115 @@ +# ~/.bashrc: executed by bash(1) for non-login shells. +# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc) +# for examples + +# If not running interactively, don't do anything +case $- in + *i*) ;; + *) return;; +esac + +# don't put duplicate lines or lines starting with space in the history. +# See bash(1) for more options +HISTCONTROL=ignoreboth + +# append to the history file, don't overwrite it +shopt -s histappend + +# for setting history length see HISTSIZE and HISTFILESIZE in bash(1) +HISTSIZE=1000 +HISTFILESIZE=2000 + +# check the window size after each command and, if necessary, +# update the values of LINES and COLUMNS. +shopt -s checkwinsize + +# If set, the pattern "**" used in a pathname expansion context will +# match all files and zero or more directories and subdirectories. +#shopt -s globstar + +# make less more friendly for non-text input files, see lesspipe(1) +#[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)" + +# set variable identifying the chroot you work in (used in the prompt below) +if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then + debian_chroot=$(cat /etc/debian_chroot) +fi + +# set a fancy prompt (non-color, unless we know we "want" color) +case "$TERM" in + xterm-color|*-256color) color_prompt=yes;; +esac + +# uncomment for a colored prompt, if the terminal has the capability; turned +# off by default to not distract the user: the focus in a terminal window +# should be on the output of commands, not on the prompt +#force_color_prompt=yes + +if [ -n "$force_color_prompt" ]; then + if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then + # We have color support; assume it's compliant with Ecma-48 + # (ISO/IEC-6429). (Lack of such support is extremely rare, and such + # a case would tend to support setf rather than setaf.) + color_prompt=yes + else + color_prompt= + fi +fi + +if [ "$color_prompt" = yes ]; then + PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ ' +else + PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ ' +fi +unset color_prompt force_color_prompt + +# If this is an xterm set the title to user@host:dir +case "$TERM" in +xterm*|rxvt*) + PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1" + ;; +*) + ;; +esac + +# enable color support of ls and also add handy aliases +if [ -x /usr/bin/dircolors ]; then + test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" + alias ls='ls --color=auto' + alias dir='dir --color=auto' + alias vdir='vdir --color=auto' + + alias grep='grep --color=auto' + alias fgrep='fgrep --color=auto' + alias egrep='egrep --color=auto' +fi + +# colored GCC warnings and errors +#export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01' + +export TERM=xterm-256color + +# some more ls aliases +alias ll='ls -alF' +alias la='ls -A' +alias l='ls -CF' + +# Alias definitions. +# You may want to put all your additions into a separate file like +# ~/.bash_aliases, instead of adding them here directly. +# See /usr/share/doc/bash-doc/examples in the bash-doc package. + +if [ -f ~/.bash_aliases ]; then + . ~/.bash_aliases +fi + +# enable programmable completion features (you don't need to enable +# this, if it's already enabled in /etc/bash.bashrc and /etc/profile +# sources /etc/bash.bashrc). +if ! shopt -oq posix; then + if [ -f /usr/share/bash-completion/bash_completion ]; then + . /usr/share/bash-completion/bash_completion + elif [ -f /etc/bash_completion ]; then + . /etc/bash_completion + fi +fi diff --git a/youngjin.han/dot-cdist/type/__my_dotfiles/files/.profile b/youngjin.han/dot-cdist/type/__my_dotfiles/files/.profile new file mode 100644 index 0000000..6a098ff --- /dev/null +++ b/youngjin.han/dot-cdist/type/__my_dotfiles/files/.profile @@ -0,0 +1,24 @@ +# ~/.profile: executed by the command interpreter for login shells. +# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login +# exists. +# see /usr/share/doc/bash/examples/startup-files for examples. +# the files are located in the bash-doc package. + +# the default umask is set in /etc/profile; for setting the umask +# for ssh logins, install and configure the libpam-umask package. +#umask 022 + +# if running bash +if [ -n "$BASH_VERSION" ]; then + # include .bashrc if it exists + if [ -f "$HOME/.bashrc" ]; then + . "$HOME/.bashrc" + fi +fi + +# set PATH so it includes user's private bin if it exists +if [ -d "$HOME/bin" ] ; then + PATH="$HOME/bin:$PATH" +fi + +export PATH=$PATH:/sbin:/usr/sbin diff --git a/youngjin.han/dot-cdist/type/__my_dotfiles/manifest b/youngjin.han/dot-cdist/type/__my_dotfiles/manifest new file mode 100755 index 0000000..b3de322 --- /dev/null +++ b/youngjin.han/dot-cdist/type/__my_dotfiles/manifest @@ -0,0 +1,10 @@ +#!/bin/sh -e + +cd "$__type/files/" +dotfiles=$(ls -a .[A-z]*) + +for df in $dotfiles; do + __file ~/$df \ + --mode 0644 --source "$__type/files/$df" +done + diff --git a/youngjin.han/dot-cdist/type/__my_dotfiles/singleton b/youngjin.han/dot-cdist/type/__my_dotfiles/singleton new file mode 100644 index 0000000..e69de29 diff --git a/youngjin.han/dot-cdist/type/__my_nginx/manifest b/youngjin.han/dot-cdist/type/__my_nginx/manifest new file mode 100755 index 0000000..90602ab --- /dev/null +++ b/youngjin.han/dot-cdist/type/__my_nginx/manifest @@ -0,0 +1,8 @@ +#!/bin/sh -e + +# update package index +__apt_update_index + +require="__apt_update_index" __package nginx --state=present + + diff --git a/youngjin.han/dot-cdist/type/__my_nginx/singleton b/youngjin.han/dot-cdist/type/__my_nginx/singleton new file mode 100644 index 0000000..e69de29 diff --git a/youngjin.han/dot-cdist/type/__my_nginx_site/gencode-remote b/youngjin.han/dot-cdist/type/__my_nginx_site/gencode-remote new file mode 100644 index 0000000..608991e --- /dev/null +++ b/youngjin.han/dot-cdist/type/__my_nginx_site/gencode-remote @@ -0,0 +1 @@ +echo "sudo service nginx reload" diff --git a/youngjin.han/dot-cdist/type/__my_nginx_site/manifest b/youngjin.han/dot-cdist/type/__my_nginx_site/manifest new file mode 100755 index 0000000..d0330fc --- /dev/null +++ b/youngjin.han/dot-cdist/type/__my_nginx_site/manifest @@ -0,0 +1,54 @@ +#!/bin/sh -e + +os=$(cat "$__global/explorer/os") + +case "$os" in + devuan) + : + ;; + *) + echo "OS $os currently not supported" >&2 + exit 1 + ;; +esac + +nginx_config_dir="/etc/nginx/conf.d" +domain="$__object_id" + +__directory /var/www/html/$domain \ + --parents --mode 0755 + +require="__directory//var/www/html/$domain" \ + __file /var/www/html/$domain/index.html \ + --mode 0644 --source - << EOF +Hello Cdist!!! +EOF + +__my_nginx + +# configure nginx +require="__my_nginx" \ + __file "$nginx_config_dir/${domain}.conf" \ + --mode 0644 --source - << EOF +server { + listen 80; + listen [::]:80; + + server_name $domain; + + access_log /var/log/nginx/access.log; + + client_max_body_size 256m; + + location / { + root /var/www/html/$domain; + index index.html index.htm; + } + + error_page 500 502 503 504 /50x.html; + + location = /50x.html { + root /var/www/html/$domain; + } +} +EOF diff --git a/youngjin.han/learning-node02-2020.org b/youngjin.han/learning-node02-2020.org index 1fb6d2c..2034589 100644 --- a/youngjin.han/learning-node02-2020.org +++ b/youngjin.han/learning-node02-2020.org @@ -1,3 +1,130 @@ +* 2020-05-15 +*** cdist #6: Glueing it together +**** Lecture content +***** Objective + - Apply learnings from the previous cdist sessions +***** Steps 1: *__all_in_one* (1.25h) + - Create a new type named *__all_in_one* + - Decide yourself whether it is a singleton or not + - Reason why in your cdist.org file + - It should work on alpine, debian and fedora + - It accepts the following parameters: + - *--with-x* (boolean) + - *--extra-packages* (optional multiple) + - On Alpine, it should install netcat-openbsd and tshark + - On Debian, it should install netcat tshark + - On Fedora, it should install nmap-ncat wireshark-cli + - On all operating systems install socat sipcalc sudo + - If the detected operating system is neither + Alpine/Debian/Fedora, output an error message and abort the + manifest with exit code 1 + - Additionally install all packages specified by the *--extra-packages* parameter +***** Steps 2: *__firewall* (1.25h) + - Create a new type *__my_firewall* + - Add a *type explorer* to find out whether nft is present on + the target system + - Add a required parameter named *file* + - If the type explorer does not detect nft on the target system, + abort with an error message + - Deploy the specified file to */etc/my-nftables* + - Add a *type explorer* that reads the current nft rules + - If the rules are different on the target host, apply the new + ruleset by generating code in *gencode-remote* + - If the filename specified by the *file* parameter is *-* (the + minus sign), then the type should read from *stdin* +***** Step 3: manifest (0.5h) + - Create a new manifest in the folder that contains the initial manifest + - Name the new manifest *firewall* + - Source the *firewall* manifest in the *initial* manifest + - In the *firewall* manifest, match on *localhost* + - Install nftables + - Use the *__firewall* type + - Use correct *require* parameter to ensure that nftables is + installed before the *__firewall* type is run +* 2020-05-13 +*** cdist #5: Generating Code & Exploring +**** Lecture content +***** Objective + - Understand how to *generate code* and when to use it + - Exploring explorers +***** DONE Code generation steps + CLOSED: [2020-05-14 목 00:54] + - Modify the previously created type *__my_nginx_site* + - Read about cdist messaging + - If there was a change in the nginx configuration file, reload nginx +***** DONE Explorer steps + CLOSED: [2020-05-14 목 00:54] + - Modify the *__my_nginx_site* type to use the *os explorer* + - Adjust your type to work on Alpine Linux and Debian (or two + other Linux distributions of your choice) + - Set the nginx configuration directory accordingly +***** DONE Documentation + CLOSED: [2020-05-14 목 00:54] + - Explain the following in your cdist.org file + - What is the difference between gencode-remote and the remote code? + - What is the difference between gencode-local and gencode-remote? + - Locate a type that comes with upstream cdist that uses + gencode-local - which one is it? Why does it need gencode-local? +* 2020-05-11 +*** cdist #4: Requirements +**** Lecture content +***** Objective + - Understand how requirements work +***** DONE Create a new type *__my_nginx* + CLOSED: [2020-05-12 화 02:22] + - Make it a *singleton* + - Make it install nginx + - Configure a host with it + - Usually nginx is configured includes some files + - On the target host find out which directory nginx includes + - We name this directory *nginx_config_dir* +***** DONE Create a new type *__my_nginx_site* + CLOSED: [2020-05-12 화 02:22] + - Assume the *object_id* is a *domain* + - In the __my_nginx_site create a file inside the *nginx_config_dir* + - The filename is *${domain}.conf* + - When using *__file*, it should *require* the *nginx package* + - Read about cdist dependencies + - The file should be a valid nginx configuration + - The *server name* should be set to the specified domain + - The *root* directive should point to /var/www/html/DOMAIN + - (replace DOMAIN with the actual domain) +***** DONE Use both types in the initial manifest to configure the target host + CLOSED: [2020-05-15 금 21:07] + - Create at least two domains +***** DONE Configure the target host + CLOSED: [2020-05-15 금 21:08] + - Verify that the configuration files are properly created +***** DONE Delete the nginx package manually on the target host + CLOSED: [2020-05-15 금 21:08] +***** DONE Comment out *__my_nginx* from the initial manifest, keep the *__my_nginx_site* + CLOSED: [2020-05-15 금 21:08] + - Explain the error that you get (in your cdist.org file) +* 2020-05-08 +*** cdist #3: type parameters +**** Lecture content +***** DONE Create a new type named *__colourful_file* + CLOSED: [2020-05-15 금 20:29] + - The objective is to create a type that creates colourful file + - The content of the file should be "colour=...", where "..." is a colour specified by a parameter + - Add an *optional parameter* named *colour* + - Use the **__file** type inside your type to create a file + - Use the *$__object_id* variable inside your type +***** DONE Extend your type to be more colourful + CLOSED: [2020-05-15 금 20:29] + - Modify the *optional parameter* to be able to be specified *multiple times* + - For each time it is specified, add a line "colour=..." to the file +***** DONE Create a new type *__my_dotfiles* + CLOSED: [2020-05-15 금 21:07] + - Objective is to manage the dotfiles in your home directory + - Make it a *singleton* type + - Create a sub directory *files* in the type + - Add your .emacs config to the files folder + - Add a *for* loop to your type to deploy .[A-z]* to your home directory + - Add a .bashrc or .zshrc to the files folder (depending on your shell) + - In the initial manifest, add __my_dotfiles when the target host is localhost +***** DONE As usual commit all changes to your ungleich-learning-circle repo + CLOSED: [2020-05-15 금 21:07] * 2020-05-06 ** cdist #2: Your first cdist type **** Lecture content