Merge branch 'master' into 4.0-pre-not-stable

This commit is contained in:
Nico Schottelius 2014-12-11 17:13:52 +01:00
commit 494b6cbbf9
77 changed files with 1292 additions and 142 deletions

View file

@ -1 +0,0 @@
2.1.0-pre1

View file

@ -170,17 +170,6 @@ $(ML_FILE): $(CHANGELOG_FILE)
ml-release: $(ML_FILE) ml-release: $(ML_FILE)
################################################################################
# Release: Freecode
#
FREECODE_FILE=.lock-freecode
$(FREECODE_FILE): $(CHANGELOG_FILE)
$(helper) freecode-release $(CHANGELOG_VERSION)
touch $@
freecode-release: $(FREECODE_FILE)
################################################################################ ################################################################################
# pypi # pypi
# #
@ -197,7 +186,7 @@ ARCHLINUX_FILE=.lock-archlinux
ARCHLINUXTAR=cdist-$(CHANGELOG_VERSION)-1.src.tar.gz ARCHLINUXTAR=cdist-$(CHANGELOG_VERSION)-1.src.tar.gz
$(ARCHLINUXTAR): PKGBUILD $(ARCHLINUXTAR): PKGBUILD
makepkg -c --source umask 022; mkaurball
PKGBUILD: PKGBUILD.in $(PYTHON_VERSION) PKGBUILD: PKGBUILD.in $(PYTHON_VERSION)
./PKGBUILD.in $(CHANGELOG_VERSION) ./PKGBUILD.in $(CHANGELOG_VERSION)

View file

@ -17,7 +17,13 @@ source=("http://pypi.python.org/packages/source/c/cdist/cdist-\${pkgver}.tar.gz"
package() { package() {
cd cdist-\${pkgver} cd cdist-\${pkgver}
python3 setup.py build install --root="\${pkgdir}" python3 setup.py build install --root="\${pkgdir}"
find "\$pkgdir" -type d -exec chmod 0755 {} \;
find "\$pkgdir" -type f -exec chmod a+r {} \;
} }
eof eof
makepkg -g >> "${outfile}" makepkg -g >> "${outfile}"
# Fix this issue:
# error: failed to upload cdist-3.1.6-1.src.tar.gz: Error - all files must have permissions of 644 or 755.
chmod a+r "${outfile}"

View file

@ -145,21 +145,6 @@ eof
;; ;;
freecode-release)
version=$1; shift
printf "Enter tag list for freecode release %s> " "$version"
read taglist
printf "Enter changelog for freecode release %s> " "$version"
read changelog
echo "Submitting to freecode ..."
python2 ~/p/foreign/freecode-submit-2.7/freecode-submit -P cdist \
-v "$version" -c "$changelog" \
-t "$taglist" \
-n
;;
release-git-tag) release-git-tag)
target_version=$($0 changelog-version) target_version=$($0 changelog-version)
if git rev-parse --verify refs/tags/$target_version 2>/dev/null; then if git rev-parse --verify refs/tags/$target_version 2>/dev/null; then
@ -258,9 +243,6 @@ eof
# Archlinux release is based on pypi # Archlinux release is based on pypi
make archlinux-release make archlinux-release
# Announce change on Freecode
make freecode-release
# Announce change on ML # Announce change on ML
make ml-release make ml-release

View file

@ -22,10 +22,19 @@
# FIXME: other system types (not linux ...) # FIXME: other system types (not linux ...)
if [ -r /proc/cpuinfo ]; then os=$("$__explorer/os")
cores="$(cat /proc/cpuinfo | grep "core id" | sort | uniq | wc -l)" case "$os" in
if [ ${cores} -eq 0 ]; then "macosx")
cores="1" echo "$(sysctl -n hw.physicalcpu)"
fi ;;
echo "${cores}"
fi *)
if [ -r /proc/cpuinfo ]; then
cores="$(grep "core id" /proc/cpuinfo | sort | uniq | wc -l)"
if [ ${cores} -eq 0 ]; then
cores="1"
fi
echo "$cores"
fi
;;
esac

View file

@ -22,10 +22,19 @@
# FIXME: other system types (not linux ...) # FIXME: other system types (not linux ...)
if [ -r /proc/cpuinfo ]; then os=$("$__explorer/os")
sockets="$(cat /proc/cpuinfo | grep "physical id" | sort | uniq | wc -l)" case "$os" in
if [ ${sockets} -eq 0 ]; then "macosx")
sockets="$(cat /proc/cpuinfo | grep "processor" | wc -l)" echo "$(system_profiler SPHardwareDataType | grep "Number of Processors" | awk -F': ' '{print $2}')"
;;
*)
if [ -r /proc/cpuinfo ]; then
sockets="$(grep "physical id" /proc/cpuinfo | sort | uniq | wc -l)"
if [ ${sockets} -eq 0 ]; then
sockets="$(cat /proc/cpuinfo | grep "processor" | wc -l)"
fi
echo "${sockets}"
fi fi
echo "${sockets}" ;;
fi esac

View file

@ -22,6 +22,15 @@
# FIXME: other system types (not linux ...) # FIXME: other system types (not linux ...)
if [ -r /proc/meminfo ]; then os=$("$__explorer/os")
echo "$(cat /proc/meminfo | grep "MemTotal:" | awk '{print $2}')" case "$os" in
fi "macosx")
echo "$(sysctl -n hw.memsize)/1024" | bc
;;
*)
if [ -r /proc/meminfo ]; then
grep "MemTotal:" /proc/meminfo | awk '{print $2}'
fi
;;
esac

View file

@ -5,7 +5,7 @@ Steven Armstrong <steven-cdist--@--armstrong.cc>
NAME NAME
---- ----
cdist-type__apt_update_index - update apt's package index cdist-type__apt_update_index - Update apt's package index
DESCRIPTION DESCRIPTION

View file

@ -1,5 +1,24 @@
#!/bin/sh #!/bin/sh
# 2013 Steven Armstrong (steven-cdist at armstrong.cc) #
# 2013 Steven Armstrong (steven-cdist armstrong.cc)
# 2014 Nico Schottelius (nico-cdist at schottelius.org)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
file="$(cat "$__object/parameter/file" 2>/dev/null || echo "/$__object_id")" file="$(cat "$__object/parameter/file" 2>/dev/null || echo "/$__object_id")"
@ -8,12 +27,12 @@ file="$(cat "$__object/parameter/file" 2>/dev/null || echo "/$__object_id")"
prefix=$(cat "$__object/parameter/prefix" 2>/dev/null || echo "#cdist:__block/$__object_id") prefix=$(cat "$__object/parameter/prefix" 2>/dev/null || echo "#cdist:__block/$__object_id")
suffix=$(cat "$__object/parameter/suffix" 2>/dev/null || echo "#/cdist:__block/$__object_id") suffix=$(cat "$__object/parameter/suffix" 2>/dev/null || echo "#/cdist:__block/$__object_id")
awk -v prefix="$prefix" -v suffix="$suffix" '{ awk -v prefix="^$prefix\$" -v suffix="^$suffix\$" '{
if (index($0,prefix)) { if (match($0,prefix)) {
triggered=1 triggered=1
} }
if (triggered) { if (triggered) {
if (index($0,suffix)) { if (match($0,suffix)) {
triggered=0 triggered=0
} }
print print

View file

@ -46,13 +46,13 @@ tmpfile=\$(mktemp ${file}.cdist.XXXXXXXXXX)
if [ -f "$file" ]; then if [ -f "$file" ]; then
cp -p "$file" "\$tmpfile" cp -p "$file" "\$tmpfile"
fi fi
awk -v prefix="$prefix" -v suffix="$suffix" ' awk -v prefix="^$prefix\$" -v suffix="^$suffix\$" '
{ {
if (index(\$0,prefix)) { if (match(\$0,prefix)) {
triggered=1 triggered=1
} }
if (triggered) { if (triggered) {
if (index(\$0,suffix)) { if (match(\$0,suffix)) {
triggered=0 triggered=0
} }
} else { } else {

View file

@ -40,7 +40,7 @@ EXAMPLES
__cdistmarker __cdistmarker
# Creates the marker differently. # Creates the marker differently.
__cdistmarker --file /tmp/cdist_marker --format '+%s' __cdistmarker --destination /tmp/cdist_marker --format '+%s'
-------------------------------------------------------------------------------- --------------------------------------------------------------------------------

View file

@ -67,7 +67,7 @@ DONE
if [ "$upload_file" ]; then if [ "$upload_file" ]; then
echo upload >> "$__messages_out" echo upload >> "$__messages_out"
cat << DONE cat << DONE
$__remote_copy $source ${__target_host}:\$destination_upload $__remote_copy "$source" "${__target_host}:\$destination_upload"
DONE DONE
fi fi
# move uploaded file into place # move uploaded file into place

View file

@ -45,4 +45,14 @@ case $1 in
restart) restart)
"$0" stop && "$0" start "$0" stop && "$0" start
;; ;;
reset)
for table in INPUT FORWARD OUTPUT; do
iptables -P "$table" ACCEPT
iptables -F "$table"
done
for table in PREROUTING POSTROUTING OUTPUT; do
iptables -t nat -P "$table" ACCEPT
iptables -t nat -F "$table"
done
;;
esac esac

View file

@ -29,7 +29,7 @@ case "$os" in
# Debian needs a seperate package # Debian needs a seperate package
__package locales --state present __package locales --state present
;; ;;
suse) archlinux|suse)
: :
;; ;;
*) *)

View file

@ -0,0 +1,27 @@
#!/bin/sh
#
# 2014 Jake Guffey (jake.guffey at eprotex.com)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# Retrieve the status of a package - parsed dpkg output
#
if [ "$($__explorer/os)" = "freebsd" ]; then
command -v pkg
fi

View file

@ -19,7 +19,7 @@
# #
# #
# __package is an abstract type which dispatches to the lower level # __package is an abstract type which dispatches to the lower level
# __package_$name types which do the actual interaction with the packaging # __package_$type types which do the actual interaction with the packaging
# system. # system.
# #
@ -33,7 +33,13 @@ else
amazon|centos|fedora|redhat) type="yum" ;; amazon|centos|fedora|redhat) type="yum" ;;
archlinux) type="pacman" ;; archlinux) type="pacman" ;;
debian|ubuntu) type="apt" ;; debian|ubuntu) type="apt" ;;
freebsd) type="pkg_freebsd" ;; freebsd)
if [ -n "$(cat "$__object/explorer/pkgng_exists")" ]; then
type="pkgng_freebsd"
else
type="pkg_freebsd"
fi
;;
gentoo) type="emerge" ;; gentoo) type="emerge" ;;
suse) type="zypper" ;; suse) type="zypper" ;;
openwrt) type="opkg" ;; openwrt) type="opkg" ;;

View file

@ -33,6 +33,14 @@ else
state_should="present" state_should="present"
fi fi
if [ -f "$__object/parameter/target-release" ]; then
target_release="--target-release $(cat "$__object/parameter/target-release")"
else
target_release=""
fi
# FIXME: use grep directly, state is a list, not a line! # FIXME: use grep directly, state is a list, not a line!
state_is="$(cat "$__object/explorer/state")" state_is="$(cat "$__object/explorer/state")"
case "$state_is" in case "$state_is" in
@ -44,13 +52,13 @@ esac
# Hint if we need to avoid questions at some point: # Hint if we need to avoid questions at some point:
# DEBIAN_PRIORITY=critical can reduce the number of questions # DEBIAN_PRIORITY=critical can reduce the number of questions
aptget="DEBIAN_FRONTEND=noninteractive apt-get --quiet --yes --no-install-recommends -o DPkg::Options::=\"--force-confold\"" aptget="DEBIAN_FRONTEND=noninteractive apt-get --quiet --yes --no-install-recommends -o Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\""
[ "$state_is" = "$state_should" ] && exit 0 [ "$state_is" = "$state_should" ] && exit 0
case "$state_should" in case "$state_should" in
present) present)
echo $aptget install \"$name\" echo $aptget install $target_release \"$name\"
;; ;;
absent) absent)
echo $aptget remove \"$name\" echo $aptget remove \"$name\"

View file

@ -27,6 +27,9 @@ name::
state:: state::
Either "present" or "absent", defaults to "present" Either "present" or "absent", defaults to "present"
target-release::
Passed on to apt-get install, see apt-get(8).
Essentially allows you to retrieve packages from a different release
EXAMPLES EXAMPLES
-------- --------

View file

@ -1,3 +1,4 @@
name name
version version
state state
target-release

View file

@ -27,37 +27,40 @@ else
name="$__object_id" name="$__object_id"
fi fi
if [ -f "$__object/parameter/state" ]; then state_should="$(cat "$__object/parameter/state")"
state_should="$(cat "$__object/parameter/state")"
else version="$(cat "$__object/parameter/version")"
state_should="present"
if [ -n "$version" ]; then
name="=$name-$version"
fi fi
pkg_version="$(cat "$__object/explorer/pkg_version")" pkg_version="$(cat "$__object/explorer/pkg_version")"
if [ -z "$pkg_version" ]; then if [ -z "$pkg_version" ]; then
state_is="absent" state_is="absent"
elif [ $(echo "$pkg_version" | wc -l) -gt 1 ]; then elif [ -z "$version" -a $(echo "$pkg_version" | wc -l) -gt 1 ]; then
echo "Package name is not unique! The following packages are installed:"
echo "$pkg_version"
exit 1
elif [ -n "$version" -a $(echo "$pkg_version" | cut -d " " -f 1 | sort | uniq | wc -l) -gt 1 ]; then
echo "Package name is not unique! The following packages are installed:" echo "Package name is not unique! The following packages are installed:"
echo "$pkg_version" echo "$pkg_version"
exit 1 exit 1
else else
state_is="present" state_is="present"
installed_version="$(echo "$pkg_version" | cut -d " " -f 2)" if [ -n "$version" ] && echo "$pkg_version" | cut -d " " -f 2 | grep -q -x "$version"; then
installed_version="$(echo "$pkg_version" | cut -d " " -f 2 | grep -x "$version")"
else
installed_version="$(echo "$pkg_version" | cut -d " " -f 2 | tail -n 1)"
fi
fi fi
if [ -f "$__object/parameter/version" ]; then
version="$(cat "$__object/parameter/version")"
if [ ! -z "$version" ]; then
name="=$name-$version"
fi
else
version=""
fi
# Exit if nothing is needed to be done # Exit if nothing is needed to be done
[ "$state_is" = "$state_should" ] && ( [ -z "$version" ] || [ "$installed_version" = "$version" ] ) && exit 0 [ "$state_is" = "$state_should" ] && ( [ -z "$version" ] || [ "$installed_version" = "$version" ] ) && exit 0
[ "$state_should" = "absent" ] && [ ! -z "$version" ] && [ "$installed_version" != "$version" ] && exit 0 [ "$state_should" = "absent" ] && [ ! -z "$version" ] && [ "$installed_version" != "$version" ] && exit 0
case "$state_should" in case "$state_should" in
present) present)
echo "emerge \"$name\" &>/dev/null || exit 1" echo "emerge \"$name\" &>/dev/null || exit 1"

View file

@ -0,0 +1 @@
present

View file

@ -0,0 +1,37 @@
#!/bin/sh
#
# 2014 Jake Guffey (jake.guffey at eprotex.com)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# Retrieve the status of a package - parsed dpkg output
#
if [ -f "$__object/parameter/name" ]; then
name="$(cat "$__object/parameter/name")"
else
name="$__object_id"
fi
# Don't produce "no pkgs installed" output -- breaks things
PKG_OUTPUT=$(pkg info 2>&1)
echo -n "$(echo "$PKG_OUTPUT" \
| awk '{print $1}' \
| sed 's/^\(.*\)-\([^-]*\)$/name:\1 ver:\2/g' \
| grep "name:$name ver:" \
| sed 's/^.*ver:\(.*\)/\1/g')"

View file

@ -0,0 +1,139 @@
#!/bin/sh
#
# 2014 Jake Guffey (jake.guffey at eprotex.com)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# Manage packages with pkg on FreeBSD
#
# Debug
#exec >&2
#set -x
if [ -f "$__object/parameter/name" ]; then
name="$(cat "$__object/parameter/name")"
else
name="$__object_id"
fi
if [ -f "$__object/parameter/flavor" ]; then
flavor="$(cat "$__object/parameter/flavor")"
fi
if [ -f "$__object/parameter/version" ]; then
version="$(cat "$__object/parameter/version")"
fi
if [ -f "$__object/parameter/upgrade" ]; then
upgrade="true"
else
upgrade="false"
fi
if [ -f "$__object/parameter/repo" ]; then
repo="$(cat "$__object/parameter/repo")"
fi
if [ -f "$__object/parameter/state" ]; then
state="$(cat "$__object/parameter/state")"
else
state="present"
fi
curr_version="$(cat "$__object/explorer/pkg_version")"
add_cmd="pkg install -y"
rm_cmd="pkg delete -y"
upg_cmd="pkg upgrade -y"
cmd=""
# Print the command to be executed
# Parms: $1 -- mode, "rm", "add", or "upg"
# $2 -- the command to be echoed
execcmd(){
local _cmd=""
case "$1" in
add)
_cmd="${add_cmd} $2"
;;
rm)
_cmd="${rm_cmd} $2"
;;
upg)
_cmd="${upg_cmd} $2"
;;
*)
printf "Error. Don't understand command: %s" "$1" >&2
exit 1
;;
esac
echo "$_cmd 2>&- >&-" # Silence the output of the command
echo "status=\$?"
echo "if [ \"\$status\" -ne \"0\" ]; then"
echo " echo \"Error: ${_cmd} exited nonzero with \$status\"'!' >&2"
echo " exit 1"
echo "fi"
}
if [ -n "$curr_version" ]; then # PKG *is* installed
if [ -n "$repo" ]; then
cmd="-r ${repo} ${name}"
else
cmd="${name}"
fi
if [ -n "$flavor" ]; then
cmd="${cmd}-${flavor}"
fi
# PKG is supposed to be removed
if [ "$state" = "absent" ]; then
execcmd "rm" "${cmd}"
# PKG is supposed to be installed to a particular version
elif [ -n "$version" ] && [ "$version" != "$curr_version" ]; then
if [ "$upgrade" = "true" ]; then
execcmd "upg" "${cmd}"
else
printf "Version %s is already installed and pkg-ng can't upgrade directly to version %s.\nTo upgrade to the latest version, use the --upgrade flag.\n" "$curr_version" "$version" >&2
exit 1
fi
# PKG is supposed to be installed to the latest version
else
: # Do nothing.
fi
else # PKG *isn't* installed
if [ "$state" = "absent" ]; then # Shouldn't be installed
exit 0
else # Should be installed
if [ -n "$repo" ]; then
cmd="-r ${repo} ${name}"
else
cmd="${name}"
fi
if [ -n "$flavor" ]; then
cmd="${cmd}-${flavor}"
fi
if [ -n "$version" ]; then
cmd="${cmd}-${version}"
fi
execcmd "add" "$cmd"
exit 0
fi
fi
# Debug
#set +x

View file

@ -0,0 +1,97 @@
cdist-type__package_pkgng_freebsd(7)
==================================
Jake Guffey <jake.guffey--@--eprotex.com>
NAME
----
cdist-type__package_pkgng_freebsd - Manage FreeBSD packages with pkg-ng
DESCRIPTION
-----------
This type is usually used on FreeBSD to manage packages.
REQUIRED PARAMETERS
-------------------
None
OPTIONAL PARAMETERS
-------------------
name::
If supplied, use the name and not the object id as the package name.
flavor::
If supplied, use to avoid ambiguity.
version::
If supplied, use to install a specific version of the package named.
repo::
If supplied, use to install the package named from a particular repo.
state::
Either "present" or "absent", defaults to "present"
BOOLEAN PARAMETERS
------------------
upgrade::
If supplied, allow upgrading to the latest version of a package.
CAVEATS
-------
This type requires that repository definitions already exist in /etc/pkg/*.conf.
Ensure that they exist prior to use of this type with __file.
pkg-ng can't upgrade a package to a specific version. If this type needs to
upgrade a package, it can only ugprade to the latest available version. If the
"upgrade" parameter is not given and an upgrade needs to occur, an error will result.
MESSAGES
--------
install::
The package was installed
remove::
The package was removed
upgrade::
The package was upgraded
exist::
The package was already present and thus not installed
EXAMPLES
--------
--------------------------------------------------------------------------------
# Ensure zsh is installed
__package_pkgng_freebsd zsh --state present
# Ensure vim is installed, use flavor no_x11
__package_pkgng_freebsd vim --state present --flavor no_x11
# If you don't want to follow pythonX packages, but always use python
__package_pkgng_freebsd python --state present --name python2
# Install a package from a particular repository when multiples exist
__package_pkgng_freebsd bash --state present --repo myrepo
# Remove obsolete package
__package_pkgng_freebsd puppet --state absent
--------------------------------------------------------------------------------
SEE ALSO
--------
- cdist-type(7)
- cdist-type__package(7)
COPYING
-------
Copyright \(C) 2014 Jake Guffey. Free use of this software is
granted under the terms of the GNU General Public License version 3 (GPLv3).

View file

@ -0,0 +1 @@
upgrade

View file

@ -0,0 +1,5 @@
name
flavor
version
repo
state

View file

@ -0,0 +1,50 @@
#!/bin/sh
#
# 2014 Ricardo Catalinas Jiménez (jimenezrick at gmail.com)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# Update the package index with the appropriate package manager
#
type="$__object/parameter/type"
if [ -f "$type" ]; then
type="$(cat "$type")"
else
# By default determine package manager based on operating system
os="$(cat "$__global/explorer/os")"
case "$os" in
amazon|centos|fedora|redhat) type="yum" ;;
debian|ubuntu) type="apt" ;;
archlinux) type="pacman" ;;
*)
echo "Don't know how to manage packages on: $os" >&2
exit 1
;;
esac
fi
case "$type" in
yum) ;;
apt) echo "apt-get --quiet update" ;;
pacman) echo "pacman --noprogressbar --sync --refresh" ;;
*)
echo "Don't know how to manage packages on: $os" >&2
exit 1
;;
esac

View file

@ -0,0 +1,52 @@
cdist-type__package_update_index(7)
===================================
Ricardo Catalinas Jiménez <jimenezrick--@--gmail.com>
NAME
----
cdist-type__package_update_index - Update the package index
DESCRIPTION
-----------
This cdist type allows you to update the package index on the target.
It will automatically use the appropriate package manager.
REQUIRED PARAMETERS
-------------------
None
OPTIONAL PARAMETERS
-------------------
type::
The package manager to use. Default is determined based on the $os
explorer variable.
e.g. apt for Debian
yum for Red Hat
pacman for Arch Linux
EXAMPLES
--------
--------------------------------------------------------------------------------
# Update the package index on the target
__package_update_index
# Force use of a specific package manager
__package_update_index --type apt
--------------------------------------------------------------------------------
SEE ALSO
--------
- cdist-type(7)
COPYING
-------
Copyright \(C) 2014 Ricardo Catalinas Jiménez. Free use of this software is
granted under the terms of the GNU General Public License version 3 (GPLv3).

View file

@ -0,0 +1 @@
type

View file

@ -0,0 +1,62 @@
#!/bin/sh
#
# 2014 Ricardo Catalinas Jiménez (jimenezrick at gmail.com)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# Upgrade all the already installed packages with the appropriate package
# manager
#
type="$__object/parameter/type"
if [ -f "$type" ]; then
type="$(cat "$type")"
else
# By default determine package manager based on operating system
os="$(cat "$__global/explorer/os")"
case "$os" in
amazon|centos|fedora|redhat) type="yum" ;;
debian|ubuntu) type="apt" ;;
archlinux) type="pacman" ;;
*)
echo "Don't know how to manage packages on: $os" >&2
exit 1
;;
esac
fi
aptget="DEBIAN_FRONTEND=noninteractive apt-get --quiet --yes --no-install-recommends -o Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\""
case "$type" in
yum)
echo "yum --quiet --assumeyes update"
echo "yum --quiet clean all"
;;
apt)
echo $aptget dist-upgrade
echo "apt-get --quiet autoclean"
;;
pacman)
echo "pacman --noprogressbar --noconfirm --sync --sysupgrade"
echo "pacman --noprogressbar --noconfirm --sync --clean"
;;
*)
echo "Don't know how to manage packages on: $os" >&2
exit 1
;;
esac

View file

@ -0,0 +1,52 @@
cdist-type__package_upgrade_all(7)
==================================
Ricardo Catalinas Jiménez <jimenezrick--@--gmail.com>
NAME
----
cdist-type__package_upgrade_all - Upgrade all the installed packages
DESCRIPTION
-----------
This cdist type allows you to upgrade all the installed packages on the
target. It will automatically use the appropriate package manager.
REQUIRED PARAMETERS
-------------------
None
OPTIONAL PARAMETERS
-------------------
type::
The package manager to use. Default is determined based on the $os
explorer variable.
e.g. apt for Debian
yum for Red Hat
pacman for Arch Linux
EXAMPLES
--------
--------------------------------------------------------------------------------
# Upgrade all the installed packages on the target
__package_upgrade_all
# Force use of a specific package manager
__package_upgrade_all --type apt
--------------------------------------------------------------------------------
SEE ALSO
--------
- cdist-type(7)
COPYING
-------
Copyright \(C) 2014 Ricardo Catalinas Jiménez. Free use of this software is
granted under the terms of the GNU General Public License version 3 (GPLv3).

View file

@ -0,0 +1 @@
type

View file

@ -1,5 +1,5 @@
cdist-type__qemu_img(7) cdist-type__qemu_img(7)
======================== =======================
Nico Schottelius <nico-cdist--@--schottelius.org> Nico Schottelius <nico-cdist--@--schottelius.org>

View file

@ -0,0 +1,26 @@
#!/bin/sh
#
# 2014 Steven Armstrong (steven-cdist at armstrong.cc)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# extract the keytype and base64 encoded key ignoring any options and comment
type_and_key="$(cat "$__object/parameter/key" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }')"
file="$(cat $__object/parameter/file)"
# get any entries that match the type and key
grep ".*$type_and_key[ \n]" "$file" || true

View file

@ -0,0 +1,109 @@
#!/bin/sh
#
# 2014 Steven Armstrong (steven-cdist at armstrong.cc)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
set -u
remove_line() {
file="$1"
line="$2"
cat << DONE
tmpfile=\$(mktemp ${file}.cdist.XXXXXXXXXX)
# preserve ownership and permissions of existing file
if [ -f "$file" ]; then
cp -p "$file" "\$tmpfile"
fi
grep -v -F -x '$line' '$file' > \$tmpfile || true
mv -f "\$tmpfile" "$file"
DONE
}
add_line() {
file="$1"
line="$2"
# escape single quotes
line_sanitised=$(echo "$line" | sed -e "s/'/'\"'\"'/g")
printf '%s' "printf '%s\n' '$line_sanitised' >> $file"
}
file="$(cat "$__object/parameter/file")"
mkdir "$__object/files"
# Generate the entry as it should be
(
if [ -f "$__object/parameter/option" ]; then
# comma seperated list of options
options="$(cat "$__object/parameter/option" | tr '\n' ',')"
printf '%s ' "${options%*,}"
fi
if [ -f "$__object/parameter/comment" ]; then
# extract the keytype and base64 encoded key ignoring any options and comment
printf '%s ' "$(cat "$__object/parameter/key" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }')"
# override the comment with the one explicitly given
printf '%s' "$(cat "$__object/parameter/comment")"
else
printf '%s' "$(cat "$__object/parameter/key")"
fi
printf '\n'
) > "$__object/files/should"
# Remove conflicting entries if any
if [ -s "$__object/explorer/entry" ]; then
# Note that the files have to be sorted for comparison with `comm`.
sort "$__object/explorer/entry" > "$__object/files/is"
comm -13 "$__object/files/should" "$__object/files/is" | {
while read entry; do
remove_line "$file" "$entry"
done
}
fi
# Determine the current state
entry="$(cat "$__object/files/should")"
state_should="$(cat "$__object/parameter/state")"
num_existing_entries=$(grep -c -F -x "$entry" "$__object/explorer/entry" || true)
if [ $num_existing_entries -eq 1 ]; then
state_is="present"
else
# Posix grep does not define the -m option, so we can not remove a single
# occurence of a string from a file in the `remove_line` function. Instead
# _all_ occurences are removed.
# By using `comm` to detect conflicting entries this could lead to the
# situation that the key we want to add is actually removed.
# To workaround this we must treat 0 or more then 1 existing entries to
# mean current state is 'absent'. By doing this, the key is readded
# again after cleaning up conflicting entries.
state_is="absent"
fi
# Manage the actual entry as it should be
if [ "$state_should" = "$state_is" ]; then
# Nothing to do
exit 0
fi
case "$state_should" in
present)
add_line "$file" "$entry"
;;
absent)
remove_line "$file" "$entry"
;;
esac

View file

@ -0,0 +1,67 @@
cdist-type__ssh_authorized_key(7)
=================================
Steven Armstrong <steven-cdist--@--armstrong.cc>
NAME
----
cdist-type__ssh_authorized_key - manage a single ssh authorized key entry
DESCRIPTION
-----------
Manage a single authorized key entry in an authorized_key file.
This type was created to be used by the __ssh_authorized_keys type.
REQUIRED PARAMETERS
-------------------
file::
the authorized_keys file to which the given key should be added
key::
a string containing the ssh keytype, base 64 encoded key and optional
trailing comment which shall be added to the given authorized_keys file.
OPTIONAL PARAMETERS
-------------------
comment::
explicit comment instead of the one which may be trailing the given key
option::
an option to set for this authorized_key entry.
Can be specified multiple times.
See sshd(8) for available options.
state::
if the given keys should be 'present' or 'absent', defaults to 'present'.
EXAMPLES
--------
--------------------------------------------------------------------------------
__ssh_authorized_key some-id \
--file "/home/user/.ssh/autorized_keys" \
--key "$(cat ~/.ssh/id_rsa.pub)"
__ssh_authorized_key some-id \
--file "/home/user/.ssh/autorized_keys" \
--key "$(cat ~/.ssh/id_rsa.pub)" \
--option 'command="/path/to/script"' \
--option 'environment="FOO=bar"' \
--comment 'one to rule them all'
--------------------------------------------------------------------------------
SEE ALSO
--------
- cdist-type(7)
- cdist__ssh_authorized_keys(7)
- sshd(8)
COPYING
-------
Copyright \(C) 2014 Steven Armstrong. Free use of this software is
granted under the terms of the GNU General Public License version 3 (GPLv3).

View file

@ -0,0 +1 @@
present

View file

@ -0,0 +1,2 @@
comment
state

View file

@ -0,0 +1 @@
option

View file

@ -0,0 +1,2 @@
file
key

View file

@ -0,0 +1,27 @@
#!/bin/sh
#
# 2014 Steven Armstrong (steven-cdist at armstrong.cc)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
if [ -f "$__object/parameter/file" ]; then
cat "$__object/parameter/file"
else
owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")"
home=$(getent passwd "$owner" | cut -d':' -f 6)
echo "$home/.ssh/authorized_keys"
fi

View file

@ -18,5 +18,6 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
gid="$("$__type_explorer/passwd" | cut -d':' -f 4)" owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")"
gid="$(getent passwd "$owner" | cut -d':' -f 4)"
getent group "$gid" || true getent group "$gid" || true

View file

@ -12,13 +12,13 @@ DESCRIPTION
----------- -----------
Adds or removes ssh keys from a authorized_keys file. Adds or removes ssh keys from a authorized_keys file.
This type also manages the directory containing the authorized_keys This type uses the __ssh_dot_ssh type to manage the directory containing
file and sets strict ownership and permissions. You can disable this feature the authorized_keys file. You can disable this feature with the --noparent
with the --noparent boolean parameter. boolean parameter.
The existence, ownership and permissions of the authorized_keys file itself are The existence, ownership and permissions of the authorized_keys file itself are
also managed. This can be disabled with the --nofile boolean parameter. It is also managed. This can be disabled with the --nofile boolean parameter. It is
then left to the user to ensure that the file exists and that ownership and then left to the user to ensure that the file exists and that ownership and
permissions work with ssh. permissions work with ssh.
@ -31,15 +31,23 @@ key::
OPTIONAL PARAMETERS OPTIONAL PARAMETERS
------------------- -------------------
comment::
explicit comment instead of the one which may be trailing the given key
file::
an alternative destination file, defaults to ~$owner/.ssh/authorized_keys
option::
an option to set for all created authorized_key entries.
Can be specified multiple times.
See sshd(8) for available options.
owner:: owner::
the user owning the authorized_keys file, defaults to object_id. the user owning the authorized_keys file, defaults to object_id.
state:: state::
if the given keys should be 'present' or 'absent', defaults to 'present'. if the given keys should be 'present' or 'absent', defaults to 'present'.
file::
an alternative destination file, defaults to ~$owner/.ssh/authorized_keys
BOOLEAN PARAMETERS BOOLEAN PARAMETERS
------------------ ------------------
@ -64,13 +72,24 @@ __ssh_authorized_keys root \
__ssh_authorized_keys user-name \ __ssh_authorized_keys user-name \
--key "ssh-rsa AXYZAAB3NzaC1yc2..." --key "ssh-rsa AXYZAAB3NzaC1yc2..."
# allow key to login as user-name with options and expicit comment
__ssh_authorized_keys user-name \
--key "ssh-rsa AXYZAAB3NzaC1yc2..." \
--option no-agent-forwarding \
--option 'from="*.example.com"' \
--comment 'backup server'
# same as above, but with explicit owner and two keys # same as above, but with explicit owner and two keys
# note that the options are set for all given keys
__ssh_authorized_keys some-fancy-id \ __ssh_authorized_keys some-fancy-id \
--owner user-name \ --owner user-name \
--key "ssh-rsa AXYZAAB3NzaC1yc2..." \ --key "ssh-rsa AXYZAAB3NzaC1yc2..." \
--key "ssh-rsa AZXYAAB3NzaC1yc2..." --key "ssh-rsa AZXYAAB3NzaC1yc2..." \
--option no-agent-forwarding \
--option 'from="*.example.com"' \
--comment 'backup server'
# same as above, but authorized_keys file in non standard location # authorized_keys file in non standard location
__ssh_authorized_keys some-fancy-id \ __ssh_authorized_keys some-fancy-id \
--file /etc/ssh/keys/user-name/authorized_keys \ --file /etc/ssh/keys/user-name/authorized_keys \
--owner user-name \ --owner user-name \
@ -89,6 +108,7 @@ __ssh_authorized_keys some-fancy-id \
SEE ALSO SEE ALSO
-------- --------
- cdist-type(7) - cdist-type(7)
- sshd(8)
COPYING COPYING

View file

@ -21,16 +21,7 @@
owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")" owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")"
state="$(cat "$__object/parameter/state" 2>/dev/null)" state="$(cat "$__object/parameter/state" 2>/dev/null)"
if [ -f "$__object/parameter/file" ]; then file="$(cat "$__object/explorer/file")"
file="$(cat "$__object/parameter/file")"
else
home="$(cut -d':' -f 6 "$__object/explorer/passwd")"
if [ -z "$home" ]; then
echo "Failed to get home directory from explorer." >&2
exit 1
fi
file="$home/.ssh/authorized_keys"
fi
if [ ! -f "$__object/parameter/noparent" -o ! -f "$__object/parameter/nofile" ]; then if [ ! -f "$__object/parameter/noparent" -o ! -f "$__object/parameter/nofile" ]; then
group="$(cut -d':' -f 1 "$__object/explorer/group")" group="$(cut -d':' -f 1 "$__object/explorer/group")"
@ -40,12 +31,8 @@ if [ ! -f "$__object/parameter/noparent" -o ! -f "$__object/parameter/nofile" ];
fi fi
if [ ! -f "$__object/parameter/noparent" ]; then if [ ! -f "$__object/parameter/noparent" ]; then
# Ensure that the directory in which the authorized_keys shall be exists and __ssh_dot_ssh "$owner"
# has the right permissions. export require="__ssh_dot_ssh/$owner"
ssh_directory="${file%/*}"
__directory "$ssh_directory" --state present --parents \
--owner "$owner" --group "$group" --mode 0700
export require="__directory/$ssh_directory"
fi fi
if [ ! -f "$__object/parameter/nofile" ]; then if [ ! -f "$__object/parameter/nofile" ]; then
# Ensure that authorized_keys file exists and has the right permissions. # Ensure that authorized_keys file exists and has the right permissions.
@ -54,6 +41,7 @@ if [ ! -f "$__object/parameter/noparent" -o ! -f "$__object/parameter/nofile" ];
--group "$group" \ --group "$group" \
--mode 0600 \ --mode 0600 \
--state exists --state exists
export require="__file/$file"
fi fi
fi fi
@ -67,22 +55,25 @@ __block "$__object_name" \
--text - << DONE --text - << DONE
remove legacy block remove legacy block
DONE DONE
export require="__block/$__object_name"
_cksum() { _cksum() {
echo "$1" | cksum | cut -d' ' -f 1 echo "$1" | cksum | cut -d' ' -f 1
} }
while read key; do while read key; do
cksum_key="$(_cksum "$key")" type_and_key="$(echo "$key" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }')"
line_id="${owner}-${cksum_key}" object_id="$(_cksum "$file")-$(_cksum "$type_and_key")"
set -- "$object_id"
set -- "$line_id"
set -- "$@" --file "$file" set -- "$@" --file "$file"
set -- "$@" --regex ".*$key.*" set -- "$@" --key "$key"
if [ "$state" = 'present' ]; then
set -- "$@" --line "$key"
fi
set -- "$@" --state "$state" set -- "$@" --state "$state"
# Ensure __line does not read stdin if [ -f "$__object/parameter/option" ]; then
require="__block/$__object_name" __line "$@" < /dev/null set -- "$@" --option "$(cat "$__object/parameter/option")"
fi
if [ -f "$__object/parameter/comment" ]; then
set -- "$@" --comment "$(cat "$__object/parameter/comment")"
fi
# Ensure __ssh_authorized_key does not read stdin
__ssh_authorized_key "$@" < /dev/null
done < "$__object/parameter/key" done < "$__object/parameter/key"

View file

@ -1,3 +1,5 @@
comment
file
option
owner owner
state state
file

View file

@ -0,0 +1,22 @@
#!/bin/sh
#
# 2014 Steven Armstrong (steven-cdist at armstrong.cc)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
gid="$("$__type_explorer/passwd" | cut -d':' -f 4)"
getent group "$gid" || true

View file

@ -1,6 +1,7 @@
#!/bin/sh #!/bin/sh
# #
# 2012 Steven Armstrong (steven-cdist at armstrong.cc) # 2012 Steven Armstrong (steven-cdist at armstrong.cc)
# 2014 Nico Schottelius (nico-cdist at schottelius.org)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -18,6 +19,6 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")" owner="$__object_id"
getent passwd "$owner" || true getent passwd "$owner" || true

View file

@ -0,0 +1,44 @@
cdist-type__ssh_dot_ssh(7)
==========================
Nico Schottelius <nico-cdist--@--schottelius.org>
NAME
----
cdist-type__ssh_dot_ssh - Manage .ssh directory
DESCRIPTION
-----------
Adds or removes .ssh directory to a user home.
This type is being used by __ssh_authorized_keys.
OPTIONAL PARAMETERS
-------------------
state::
if the directory should be 'present' or 'absent', defaults to 'present'.
EXAMPLES
--------
--------------------------------------------------------------------------------
# Ensure root has ~/.ssh with the right permissions
__ssh_dot_ssh root
# Nico does not need ~/.ssh anymore
__ssh_dot_ssh nico --state absent
--------------------------------------------------------------------------------
SEE ALSO
--------
- cdist-type(7)
- cdist-type__ssh_authorized_keys(7)
COPYING
-------
Copyright \(C) 2014 Nico Schottelius. Free use of this software is
granted under the terms of the GNU General Public License version 3 (GPLv3).

View file

@ -0,0 +1,44 @@
#!/bin/sh
#
# 2012-2014 Steven Armstrong (steven-cdist at armstrong.cc)
# 2014 Nico Schottelius (nico-cdist at schottelius.org)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# Hacked in Kalamata, Greece
#
owner="$__object_id"
state="$(cat "$__object/parameter/state")"
group="$(cut -d':' -f 1 "$__object/explorer/group")"
if [ -z "$group" ]; then
echo "Failed to get owners group from explorer." >&2
exit 1
fi
home="$(cut -d':' -f 6 "$__object/explorer/passwd")"
if [ -z "$home" ]; then
echo "Failed to get home directory from explorer." >&2
exit 1
fi
ssh_directory="${home}/.ssh"
# Ensure that the directory in which the authorized_keys shall be exists and
# has the right permissions.
__directory "$ssh_directory" \
--state "$state" \
--owner "$owner" --group "$group" --mode 0700

View file

@ -0,0 +1 @@
present

View file

@ -0,0 +1 @@
state

View file

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
# #
# 2013 Daniel Heule (hda at sfs.biz) # 2013-2014 Daniel Heule (hda at sfs.biz)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -26,4 +26,4 @@ if [ -f "$__object/parameter/uri" ]; then
else else
uri="$__object_id" uri="$__object_id"
fi fi
echo $(zypper lr -u | grep -E "\<$uri\>" | cut -d'|' -f 1 | grep -E '^[0-9]' ) echo $(zypper lr -u | grep -F "$uri" | cut -d'|' -f 1 | grep -E '^[0-9]' )

View file

@ -144,4 +144,4 @@ class Manifest(object):
type_manifest = os.path.join(self.local.type_path, cdist_object.cdist_type.manifest_path) type_manifest = os.path.join(self.local.type_path, cdist_object.cdist_type.manifest_path)
message_prefix = cdist_object.name message_prefix = cdist_object.name
if os.path.isfile(type_manifest): if os.path.isfile(type_manifest):
self.local.run_script(type_manifest, env=self.env_type_manifest(cdist_object)) self.local.run_script(type_manifest, env=self.env_type_manifest(cdist_object), message_prefix=message_prefix)

View file

@ -37,12 +37,14 @@ class Message(object):
self.prefix = prefix self.prefix = prefix
self.global_messages = messages self.global_messages = messages
self.messages_in = tempfile.mkstemp(suffix='.cdist_message_in')[1] in_fd, self.messages_in = tempfile.mkstemp(suffix='.cdist_message_in')
self.messages_out = tempfile.mkstemp(suffix='.cdist_message_out')[1] out_fd, self.messages_out = tempfile.mkstemp(suffix='.cdist_message_out')
os.close(in_fd)
os.close(out_fd)
self._copy_messages() self._copy_messages()
@property @property
def env(self): def env(self):
env = {} env = {}

View file

@ -15,12 +15,41 @@ Changelog
* Core: Integrate initial preos support * Core: Integrate initial preos support
3.1.6: 3.1.10:
* Core: Fix too many open files bug (#343)
* Type __ssh_authorized_keys: Remove unneeded explorer (Steven Armstrong)
* Type __ssh_authorized_keys: Fix empty output bug of entry explorer (Steven Armstrong)
* Type __package_apt: Add support for --target-release
3.1.9: 2014-10-17
* Type __package_emerge: Fix handling of slotted packages (Daniel Heule)
* Type __package_apt: Use --force-confdef (Ricardo Catalinas Jiménez)
* Type __package_update_index: Decrease verbosity (Ricardo Catalinas Jiménez)
* Type __package_upgrade_all: Decrease verbosity (Ricardo Catalinas Jiménez)
3.1.8: 2014-10-01
* New Type: __package_update_index (Ricardo Catalinas Jiménez)
* New Type: __package_upgrade_all (Ricardo Catalinas Jiménez)
3.1.7: 2014-09-29
* Type __cdistmarker: Fix typo (Ricardo Catalinas Jiménez)
* Core: Bugfix: Export messaging to manifests (Ricardo Catalinas Jiménez)
* Explorer cpu_cores, cpu_sockets, memory: Add Mac OS X support (Manuel Hutter)
* Type __ssh_authorized_keys: Ensure keys are correctly added (Steven Armstrong)
* New Type: __ssh_authorized_key (Steven Armstrong)
* New Type: __package_pkgng_freebsd (Jake Guffey)
3.1.6: 2014-08-18
* New Type: __ssh_dot_ssh
* Type __package_yum: Support retrieving package via URL * Type __package_yum: Support retrieving package via URL
* Type __hostname: Support SuSE and have CentOS use sysconfig value * Type __hostname: Support SuSE and have CentOS use sysconfig value
* Type __locale: Support SuSE * Type __locale: Support SuSE
* Type __locale: Support Archlinux
* Type __timezone: Support SuSE * Type __timezone: Support SuSE
* Type __file: Support MacOS X (Manuel Hutter) * Type __file: Support MacOS X (Manuel Hutter)
* Type __iptables_apply: Add "reset" to init.d script of iptables
* Type __ssh_authorized_key: Use new type __ssh_dot_ssh
* Type __zypper_repo: Bugfix for pattern matching (Daniel Heule)
3.1.5: 2014-05-05 3.1.5: 2014-05-05
* Type __zypper_repo: Automatically import gpg keys (Daniel Heule) * Type __zypper_repo: Automatically import gpg keys (Daniel Heule)

View file

@ -0,0 +1,18 @@
cdist preos keyramfs --keyfile --keyfile
[17:51] freiheit:vcs% mkdir preos-keys
[17:51] freiheit:vcs% mkdir -p preos-keys/root/.ssh
[17:56] freiheit:vcs%
chown root:root -R preos-keys/
chmod 0600 preos-keys/root/.ssh/authorized_keys
chmod 0700 preos-keys/root/
chmod 0700 preos-keys/root/.ssh/
[18:20:17] freiheit:/home/users/nico/.ungleich/ungleich/vcs/preos-keys# find . | cpio -H newc -o | gzip -9 > ../initramfs.cpio.gz
4 blocks
[18:21:08] freiheit:/home/users/nico/.ungleich/ungleich/vcs/preos-keys#

View file

@ -0,0 +1,104 @@
- logging/cache destination
local:
~/.cdist/log/by-host/$__target/host/config/YYYY/MM/DD/hhmmss/
~/.cdist/log/by-session/YYYY/MM/DD/hhmmss/$__target_host/
config/
install/
export/
remote:
/var/lib/cdist/YYYY-MM-DD-hhmmss-$sourcehost.$pid
rm old directories on remote side
- support for tags
- for partial configuration
- supports also install
- on object definition, define
- a) don't care (i.e. no tags)
- b) require tag (only if this tag is setup)
- c) require not tag (only if this tag is *not* setup)
- d) what if both given (conflicting)
- names for parameters:
- cdist config / cdist type
--if-tag / --not-if-tag / --require-tag
--not-if-tag
- logging
- command line
- stdin of cdist
- stdout/stderr/stdin of types
- new: stdout/stderr
- initial manifest
- if coming from stdin
- logging configurable
- to be discussed
- sudo remote
- cp to tmp & mv
- umask issue?
- install
- via tagged types
-
- export
- one /export script per type
- exports of type running after object's code is done
- global export should also exist after everything
- PR & merge
- change DONE status to CODE_DONE
- introduce EXPORT_DONE
- preos
- merge with debian support only
- we are open to support --os-type later
- stackable remotes
- change API for remote_exec and remote_copy
- new minor version
- PR & merge
- locking
- optional
- remote lock
- based on $(ls /var/lib/cdist/) > 0
- ideas for parallelisation
- run explorer in parallel
- type
- object
- objects without dependencies can be run in parallel
- connection test
- just implement
- multi user environment
- not really needed [at the moment]
- can be implemented by
- git branches
- setting the output dir
- python2 support with __future__
- steven votes against it
- nico does not care too much to object
- pull based
- sshd / stdin + stdout
- use Use ProxyCommand with stdin/stdout
- http://www.nico.schottelius.org/blog/openssh-6.2-add-callback-functionality-using-dynamic-remote-port-forwarding/
- cdist grant-pull-access <targethost>
- generate user
- ssh pubkeypair
- call wraper script on targethost
- it is shell!
- ssh cdistuser@controlhost
- config replay/redo/undo
- not now
- have a new discussion about handling uris

View file

@ -5,10 +5,6 @@ Feel free to pick one!
CORE CORE
---- ----
- support default parameter
- document and add paremeters for remote-copy and remote-exec!
- remove hack, make a feature of it
- remove var=foo calls on remote side. Use -o SendEnv (yeah, see ssh_config(5)) - remove var=foo calls on remote side. Use -o SendEnv (yeah, see ssh_config(5))
TESTS TESTS
@ -23,9 +19,6 @@ TESTS
USER INTERFACE USER INTERFACE
-------------- --------------
- How to cleanly implement "restart service if config file changed"
-> document
- Cache - Cache
- add example how to use - add example how to use
- export variable $__cache - export variable $__cache
@ -45,7 +38,6 @@ TYPES
- Add testing framework (proposed by Evax Software) - Add testing framework (proposed by Evax Software)
- __user - __user
add option to include --create-home add option to include --create-home
- Merge __addifnosuchline and __removeline into __line + --state present|absent
- __cron: Support --file to be used instead of user cron (probably direct support - __cron: Support --file to be used instead of user cron (probably direct support
of /etc/cron.d) of /etc/cron.d)

View file

@ -203,10 +203,10 @@ __global::
Directory that contains generic output like explorer. Directory that contains generic output like explorer.
Available for: initial manifest, type manifest, type gencode, shell Available for: initial manifest, type manifest, type gencode, shell
__messages_in:: __messages_in::
File to read messages from File to read messages from.
Available for: initial manifest, type manifest, type gencode Available for: initial manifest, type manifest, type gencode
__messages_out:: __messages_out::
File to write messages File to write messages.
Available for: initial manifest, type manifest, type gencode Available for: initial manifest, type manifest, type gencode
__object:: __object::
Directory that contains the current object. Directory that contains the current object.

View file

@ -50,7 +50,7 @@ else
name="$__object_id" name="$__object_id"
fi fi
# Except dpkg failing, if package is not known / installed # Expect dpkg failing, if package is not known / installed
dpkg -s "$name" 2>/dev/null || exit 0 dpkg -s "$name" 2>/dev/null || exit 0
-------------------------------------------------------------------------------- --------------------------------------------------------------------------------
@ -64,5 +64,5 @@ SEE ALSO
COPYING COPYING
------- -------
Copyright \(C) 2010-2012 Nico Schottelius. Free use of this software is Copyright \(C) 2010-2014 Nico Schottelius. Free use of this software is
granted under the terms of the GNU General Public License version 3 (GPLv3). granted under the terms of the GNU General Public License version 3 (GPLv3).

View file

@ -110,6 +110,7 @@ setup the variable "require" to contain the requirements. Multiple
requirements can be added white space separated. requirements can be added white space separated.
-------------------------------------------------------------------------------- --------------------------------------------------------------------------------
1 # No dependency 1 # No dependency
2 __file /etc/cdist-configured 2 __file /etc/cdist-configured
3 3
@ -121,21 +122,43 @@ requirements can be added white space separated.
9 require="__file/etc/cdist-configured __link/tmp/cdist-testfile" \ 9 require="__file/etc/cdist-configured __link/tmp/cdist-testfile" \
10 __file /tmp/cdist-another-testfile 10 __file /tmp/cdist-another-testfile
-------------------------------------------------------------------------------- --------------------------------------------------------------------------------
Above the "require" variable is only set for the command that is Above the "require" variable is only set for the command that is
immediately following it. Dependencies should allways be declared that way. immediately following it. Dependencies should always be declared that way.
On line 4 you can see that the instantion of a type "__link" object needs On line 4 you can see that the instantion of a type "\__link" object needs
the object "__file/etc/cdist-configured" to be present, before it can proceed. the object "__file/etc/cdist-configured" to be present, before it can proceed.
This also means that the "__link" command must make sure, that either This also means that the "\__link" command must make sure, that either
"__file/etc/cdist-configured" allready is present, or, if it's not, it needs "\__file/etc/cdist-configured" allready is present, or, if it's not, it needs
to be created. The task of cdist is to make sure, that the dependency will be to be created. The task of cdist is to make sure, that the dependency will be
resolved appropriately and thus "__file/etc/cdist-configured" be created resolved appropriately and thus "\__file/etc/cdist-configured" be created
if necessary before "__link" proceeds (or to abort execution with an error). if necessary before "__link" proceeds (or to abort execution with an error).
If you really need to make all types depend on a common dependency, you can
export the "require" variable as well. But then, if you need to add extra
dependencies to a specific type, you have to make sure that you append these
to the globally already defined one.
--------------------------------------------------------------------------------
# First of all, update the package index
__package_update_index
# Upgrade all the installed packages afterwards
require="__package_update_index" __package_upgrade_all
# Create a common dependency for all the next types so that they get to
# be executed only after the package upgrade has finished
export require="__package_upgrade_all"
# Ensure that lighttpd is installed after we have upgraded all the packages
__package lighttpd --state present
# Ensure that munin is installed after lighttpd is present and after all
# the packages are upgraded
require="$require __package/lighttpd" __package munin --state present
--------------------------------------------------------------------------------
All objects that are created in a type manifest are automatically required All objects that are created in a type manifest are automatically required
from the type that is calling them. This is called "autorequirement" in from the type that is calling them. This is called "autorequirement" in
cdist jargon. cdist jargon.

View file

@ -57,6 +57,48 @@ if grep -q "^__your_type/object/id:something" "$__messages_in"; then
fi fi
-------------------------------------------------------------------------------- --------------------------------------------------------------------------------
Some real life examples:
--------------------------------------------------------------------------------
# Reacting on changes from block for keepalive
if grep -q "^__block/keepalive-vrrp" "$__messages_in"; then
echo /etc/init.d/keepalived restart
fi
# Reacting on changes of configuration files
if grep -q "^__file/etc/one" $__messages_in; then
echo 'for init in /etc/init.d/opennebula*; do $init restart; done'
fi
--------------------------------------------------------------------------------
Restart sshd on changes
--------------------------------------------------------------------------------
os="$(cat "$__global/explorer/os")"
case "$os" in
centos|redhat|suse)
restart="/etc/init.d/sshd restart"
;;
debian|ubuntu)
restart="/etc/init.d/ssh restart"
;;
*)
cat << eof >&2
Unsupported os $os.
If you would like to have this type running on $os,
you can either develop the changes and send a pull
request or ask for a quote at www.ungleich.ch
eof
exit 1
;;
esac
if grep -q "^__key_value/PermitRootLogin" "$__messages_in"; then
echo $restart
fi
--------------------------------------------------------------------------------
SEE ALSO SEE ALSO
-------- --------

View file

@ -100,7 +100,7 @@ echo use_ssl >> cdist/conf/type/__nginx_vhost/parameter/boolean
USING PARAMETERS USING PARAMETERS
---------------- ----------------
The parameters given to a type can be accessed and used in all type scripts The parameters given to a type can be accessed and used in all type scripts
(e.g manifest, gencode-*, explorer/*). Note that boolean parameters are (e.g manifest, gencode, explorer). Note that boolean parameters are
represented by file existence. File exists -> True, represented by file existence. File exists -> True,
file does not exist -> False file does not exist -> False
@ -281,7 +281,7 @@ on the target, there must be another type that provides this tool and the first
type should create an object of the specific type. type should create an object of the specific type.
If your type wants to save temporary data, that may be used by other types If your type wants to save temporary data, that may be used by other types
later on (for instance __file), you can save them in the subdirectory later on (for instance \__file), you can save them in the subdirectory
"files" below $__object (but you must create it yourself). "files" below $__object (but you must create it yourself).
cdist will not touch this directory. cdist will not touch this directory.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.