pax_global_header00006660000000000000000000000064142715574470014532gustar00rootroot0000000000000052 comment=be6e7fcc08d5c4e98f7ce30b157ee087010cd126 cdist/000077500000000000000000000000001427155744700122045ustar00rootroot00000000000000cdist/.gitlab-ci.yml000066400000000000000000000006231427155744700146410ustar00rootroot00000000000000--- image: code.ungleich.ch:5050/ungleich-public/cdist/cdist-ci:latest stages: - test before_script: - ./bin/cdist-build-helper version shellcheck: stage: test script: - ./bin/cdist-build-helper shellcheck pycodestyle: stage: test script: - ./bin/cdist-build-helper pycodestyle unit_tests: stage: test script: - ./bin/cdist-build-helper test cdist/LICENSE000066400000000000000000001043771427155744700132250ustar00rootroot00000000000000 GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007 Copyright (C) 2007 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The GNU General Public License is a free, copyleft license for software and other kinds of works. The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users. We, the Free Software Foundation, use the GNU General Public License for most of our software; it applies also to any other work released this way by its authors. You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs, and that you know you can do these things. To protect your rights, we need to prevent others from denying you these rights or asking you to surrender the rights. Therefore, you have certain responsibilities if you distribute copies of the software, or if you modify it: responsibilities to respect the freedom of others. For example, if you distribute copies of such a program, whether gratis or for a fee, you must pass on to the recipients the same freedoms that you received. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. Developers that use the GNU GPL protect your rights with two steps: (1) assert copyright on the software, and (2) offer you this License giving you legal permission to copy, distribute and/or modify it. For the developers' and authors' protection, the GPL clearly explains that there is no warranty for this free software. For both users' and authors' sake, the GPL requires that modified versions be marked as changed, so that their problems will not be attributed erroneously to authors of previous versions. Some devices are designed to deny users access to install or run modified versions of the software inside them, although the manufacturer can do so. This is fundamentally incompatible with the aim of protecting users' freedom to change the software. The systematic pattern of such abuse occurs in the area of products for individuals to use, which is precisely where it is most unacceptable. Therefore, we have designed this version of the GPL to prohibit the practice for those products. If such problems arise substantially in other domains, we stand ready to extend this provision to those domains in future versions of the GPL, as needed to protect the freedom of users. Finally, every program is threatened constantly by software patents. States should not allow patents to restrict development and use of software on general-purpose computers, but in those that do, we wish to avoid the special danger that patents applied to a free program could make it effectively proprietary. To prevent this, the GPL assures that patents cannot be used to render the program non-free. The precise terms and conditions for copying, distribution and modification follow. TERMS AND CONDITIONS 0. Definitions. "This License" refers to version 3 of the GNU General Public License. "Copyright" also means copyright-like laws that apply to other kinds of works, such as semiconductor masks. "The Program" refers to any copyrightable work licensed under this License. Each licensee is addressed as "you". "Licensees" and "recipients" may be individuals or organizations. To "modify" a work means to copy from or adapt all or part of the work in a fashion requiring copyright permission, other than the making of an exact copy. The resulting work is called a "modified version" of the earlier work or a work "based on" the earlier work. A "covered work" means either the unmodified Program or a work based on the Program. To "propagate" a work means to do anything with it that, without permission, would make you directly or secondarily liable for infringement under applicable copyright law, except executing it on a computer or modifying a private copy. Propagation includes copying, distribution (with or without modification), making available to the public, and in some countries other activities as well. To "convey" a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying. An interactive user interface displays "Appropriate Legal Notices" to the extent that it includes a convenient and prominently visible feature that (1) displays an appropriate copyright notice, and (2) tells the user that there is no warranty for the work (except to the extent that warranties are provided), that licensees may convey the work under this License, and how to view a copy of this License. If the interface presents a list of user commands or options, such as a menu, a prominent item in the list meets this criterion. 1. Source Code. The "source code" for a work means the preferred form of the work for making modifications to it. "Object code" means any non-source form of a work. A "Standard Interface" means an interface that either is an official standard defined by a recognized standards body, or, in the case of interfaces specified for a particular programming language, one that is widely used among developers working in that language. The "System Libraries" of an executable work include anything, other than the work as a whole, that (a) is included in the normal form of packaging a Major Component, but which is not part of that Major Component, and (b) serves only to enable use of the work with that Major Component, or to implement a Standard Interface for which an implementation is available to the public in source code form. A "Major Component", in this context, means a major essential component (kernel, window system, and so on) of the specific operating system (if any) on which the executable work runs, or a compiler used to produce the work, or an object code interpreter used to run it. The "Corresponding Source" for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. However, it does not include the work's System Libraries, or general-purpose tools or generally available free programs which are used unmodified in performing those activities but which are not part of the work. For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those subprograms and other parts of the work. The Corresponding Source need not include anything that users can regenerate automatically from other parts of the Corresponding Source. The Corresponding Source for a work in source code form is that same work. 2. Basic Permissions. All rights granted under this License are granted for the term of copyright on the Program, and are irrevocable provided the stated conditions are met. This License explicitly affirms your unlimited permission to run the unmodified Program. The output from running a covered work is covered by this License only if the output, given its content, constitutes a covered work. This License acknowledges your rights of fair use or other equivalent, as provided by copyright law. You may make, run and propagate covered works that you do not convey, without conditions so long as your license otherwise remains in force. You may convey covered works to others for the sole purpose of having them make modifications exclusively for you, or provide you with facilities for running those works, provided that you comply with the terms of this License in conveying all material for which you do not control copyright. Those thus making or running the covered works for you must do so exclusively on your behalf, under your direction and control, on terms that prohibit them from making any copies of your copyrighted material outside their relationship with you. Conveying under any other circumstances is permitted solely under the conditions stated below. Sublicensing is not allowed; section 10 makes it unnecessary. 3. Protecting Users' Legal Rights From Anti-Circumvention Law. No covered work shall be deemed part of an effective technological measure under any applicable law fulfilling obligations under article 11 of the WIPO copyright treaty adopted on 20 December 1996, or similar laws prohibiting or restricting circumvention of such measures. When you convey a covered work, you waive any legal power to forbid circumvention of technological measures to the extent such circumvention is effected by exercising rights under this License with respect to the covered work, and you disclaim any intention to limit operation or modification of the work as a means of enforcing, against the work's users, your or third parties' legal rights to forbid circumvention of technological measures. 4. Conveying Verbatim Copies. You may convey verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice; keep intact all notices stating that this License and any non-permissive terms added in accord with section 7 apply to the code; keep intact all notices of the absence of any warranty; and give all recipients a copy of this License along with the Program. You may charge any price or no price for each copy that you convey, and you may offer support or warranty protection for a fee. 5. Conveying Modified Source Versions. You may convey a work based on the Program, or the modifications to produce it from the Program, in the form of source code under the terms of section 4, provided that you also meet all of these conditions: a) The work must carry prominent notices stating that you modified it, and giving a relevant date. b) The work must carry prominent notices stating that it is released under this License and any conditions added under section 7. This requirement modifies the requirement in section 4 to "keep intact all notices". c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License will therefore apply, along with any applicable section 7 additional terms, to the whole of the work, and all its parts, regardless of how they are packaged. This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it. d) If the work has interactive user interfaces, each must display Appropriate Legal Notices; however, if the Program has interactive interfaces that do not display Appropriate Legal Notices, your work need not make them do so. A compilation of a covered work with other separate and independent works, which are not by their nature extensions of the covered work, and which are not combined with it such as to form a larger program, in or on a volume of a storage or distribution medium, is called an "aggregate" if the compilation and its resulting copyright are not used to limit the access or legal rights of the compilation's users beyond what the individual works permit. Inclusion of a covered work in an aggregate does not cause this License to apply to the other parts of the aggregate. 6. Conveying Non-Source Forms. You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License, in one of these ways: a) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by the Corresponding Source fixed on a durable physical medium customarily used for software interchange. b) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by a written offer, valid for at least three years and valid for as long as you offer spare parts or customer support for that product model, to give anyone who possesses the object code either (1) a copy of the Corresponding Source for all the software in the product that is covered by this License, on a durable physical medium customarily used for software interchange, for a price no more than your reasonable cost of physically performing this conveying of source, or (2) access to copy the Corresponding Source from a network server at no charge. c) Convey individual copies of the object code with a copy of the written offer to provide the Corresponding Source. This alternative is allowed only occasionally and noncommercially, and only if you received the object code with such an offer, in accord with subsection 6b. d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge. You need not require recipients to copy the Corresponding Source along with the object code. If the place to copy the object code is a network server, the Corresponding Source may be on a different server (operated by you or a third party) that supports equivalent copying facilities, provided you maintain clear directions next to the object code saying where to find the Corresponding Source. Regardless of what server hosts the Corresponding Source, you remain obligated to ensure that it is available for as long as needed to satisfy these requirements. e) Convey the object code using peer-to-peer transmission, provided you inform other peers where the object code and Corresponding Source of the work are being offered to the general public at no charge under subsection 6d. A separable portion of the object code, whose source code is excluded from the Corresponding Source as a System Library, need not be included in conveying the object code work. A "User Product" is either (1) a "consumer product", which means any tangible personal property which is normally used for personal, family, or household purposes, or (2) anything designed or sold for incorporation into a dwelling. In determining whether a product is a consumer product, doubtful cases shall be resolved in favor of coverage. For a particular product received by a particular user, "normally used" refers to a typical or common use of that class of product, regardless of the status of the particular user or of the way in which the particular user actually uses, or expects or is expected to use, the product. A product is a consumer product regardless of whether the product has substantial commercial, industrial or non-consumer uses, unless such uses represent the only significant mode of use of the product. "Installation Information" for a User Product means any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in that User Product from a modified version of its Corresponding Source. The information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made. If you convey an object code work under this section in, or with, or specifically for use in, a User Product, and the conveying occurs as part of a transaction in which the right of possession and use of the User Product is transferred to the recipient in perpetuity or for a fixed term (regardless of how the transaction is characterized), the Corresponding Source conveyed under this section must be accompanied by the Installation Information. But this requirement does not apply if neither you nor any third party retains the ability to install modified object code on the User Product (for example, the work has been installed in ROM). The requirement to provide Installation Information does not include a requirement to continue to provide support service, warranty, or updates for a work that has been modified or installed by the recipient, or for the User Product in which it has been modified or installed. Access to a network may be denied when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network. Corresponding Source conveyed, and Installation Information provided, in accord with this section must be in a format that is publicly documented (and with an implementation available to the public in source code form), and must require no special password or key for unpacking, reading or copying. 7. Additional Terms. "Additional permissions" are terms that supplement the terms of this License by making exceptions from one or more of its conditions. Additional permissions that are applicable to the entire Program shall be treated as though they were included in this License, to the extent that they are valid under applicable law. If additional permissions apply only to part of the Program, that part may be used separately under those permissions, but the entire Program remains governed by this License without regard to the additional permissions. When you convey a copy of a covered work, you may at your option remove any additional permissions from that copy, or from any part of it. (Additional permissions may be written to require their own removal in certain cases when you modify the work.) You may place additional permissions on material, added by you to a covered work, for which you have or can give appropriate copyright permission. Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms: a) Disclaiming warranty or limiting liability differently from the terms of sections 15 and 16 of this License; or b) Requiring preservation of specified reasonable legal notices or author attributions in that material or in the Appropriate Legal Notices displayed by works containing it; or c) Prohibiting misrepresentation of the origin of that material, or requiring that modified versions of such material be marked in reasonable ways as different from the original version; or d) Limiting the use for publicity purposes of names of licensors or authors of the material; or e) Declining to grant rights under trademark law for use of some trade names, trademarks, or service marks; or f) Requiring indemnification of licensors and authors of that material by anyone who conveys the material (or modified versions of it) with contractual assumptions of liability to the recipient, for any liability that these contractual assumptions directly impose on those licensors and authors. All other non-permissive additional terms are considered "further restrictions" within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term. If a license document contains a further restriction but permits relicensing or conveying under this License, you may add to a covered work material governed by the terms of that license document, provided that the further restriction does not survive such relicensing or conveying. If you add terms to a covered work in accord with this section, you must place, in the relevant source files, a statement of the additional terms that apply to those files, or a notice indicating where to find the applicable terms. Additional terms, permissive or non-permissive, may be stated in the form of a separately written license, or stated as exceptions; the above requirements apply either way. 8. Termination. You may not propagate or modify a covered work except as expressly provided under this License. Any attempt otherwise to propagate or modify it is void, and will automatically terminate your rights under this License (including any patent licenses granted under the third paragraph of section 11). However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation. Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice. Termination of your rights under this section does not terminate the licenses of parties who have received copies or rights from you under this License. If your rights have been terminated and not permanently reinstated, you do not qualify to receive new licenses for the same material under section 10. 9. Acceptance Not Required for Having Copies. You are not required to accept this License in order to receive or run a copy of the Program. Ancillary propagation of a covered work occurring solely as a consequence of using peer-to-peer transmission to receive a copy likewise does not require acceptance. However, nothing other than this License grants you permission to propagate or modify any covered work. These actions infringe copyright if you do not accept this License. Therefore, by modifying or propagating a covered work, you indicate your acceptance of this License to do so. 10. Automatic Licensing of Downstream Recipients. Each time you convey a covered work, the recipient automatically receives a license from the original licensors, to run, modify and propagate that work, subject to this License. You are not responsible for enforcing compliance by third parties with this License. An "entity transaction" is a transaction transferring control of an organization, or substantially all assets of one, or subdividing an organization, or merging organizations. If propagation of a covered work results from an entity transaction, each party to that transaction who receives a copy of the work also receives whatever licenses to the work the party's predecessor in interest had or could give under the previous paragraph, plus a right to possession of the Corresponding Source of the work from the predecessor in interest, if the predecessor has it or can get it with reasonable efforts. You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License. For example, you may not impose a license fee, royalty, or other charge for exercise of rights granted under this License, and you may not initiate litigation (including a cross-claim or counterclaim in a lawsuit) alleging that any patent claim is infringed by making, using, selling, offering for sale, or importing the Program or any portion of it. 11. Patents. A "contributor" is a copyright holder who authorizes use under this License of the Program or a work on which the Program is based. The work thus licensed is called the contributor's "contributor version". A contributor's "essential patent claims" are all patent claims owned or controlled by the contributor, whether already acquired or hereafter acquired, that would be infringed by some manner, permitted by this License, of making, using, or selling its contributor version, but do not include claims that would be infringed only as a consequence of further modification of the contributor version. For purposes of this definition, "control" includes the right to grant patent sublicenses in a manner consistent with the requirements of this License. Each contributor grants you a non-exclusive, worldwide, royalty-free patent license under the contributor's essential patent claims, to make, use, sell, offer for sale, import and otherwise run, modify and propagate the contents of its contributor version. In the following three paragraphs, a "patent license" is any express agreement or commitment, however denominated, not to enforce a patent (such as an express permission to practice a patent or covenant not to sue for patent infringement). To "grant" such a patent license to a party means to make such an agreement or commitment not to enforce a patent against the party. If you convey a covered work, knowingly relying on a patent license, and the Corresponding Source of the work is not available for anyone to copy, free of charge and under the terms of this License, through a publicly available network server or other readily accessible means, then you must either (1) cause the Corresponding Source to be so available, or (2) arrange to deprive yourself of the benefit of the patent license for this particular work, or (3) arrange, in a manner consistent with the requirements of this License, to extend the patent license to downstream recipients. "Knowingly relying" means you have actual knowledge that, but for the patent license, your conveying the covered work in a country, or your recipient's use of the covered work in a country, would infringe one or more identifiable patents in that country that you have reason to believe are valid. If, pursuant to or in connection with a single transaction or arrangement, you convey, or propagate by procuring conveyance of, a covered work, and grant a patent license to some of the parties receiving the covered work authorizing them to use, propagate, modify or convey a specific copy of the covered work, then the patent license you grant is automatically extended to all recipients of the covered work and works based on it. A patent license is "discriminatory" if it does not include within the scope of its coverage, prohibits the exercise of, or is conditioned on the non-exercise of one or more of the rights that are specifically granted under this License. You may not convey a covered work if you are a party to an arrangement with a third party that is in the business of distributing software, under which you make payment to the third party based on the extent of your activity of conveying the work, and under which the third party grants, to any of the parties who would receive the covered work from you, a discriminatory patent license (a) in connection with copies of the covered work conveyed by you (or copies made from those copies), or (b) primarily for and in connection with specific products or compilations that contain the covered work, unless you entered into that arrangement, or that patent license was granted, prior to 28 March 2007. Nothing in this License shall be construed as excluding or limiting any implied license or other defenses to infringement that may otherwise be available to you under applicable patent law. 12. No Surrender of Others' Freedom. If conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot convey a covered work so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not convey it at all. For example, if you agree to terms that obligate you to collect a royalty for further conveying from those to whom you convey the Program, the only way you could satisfy both those terms and this License would be to refrain entirely from conveying the Program. 13. Use with the GNU Affero General Public License. Notwithstanding any other provision of this License, you have permission to link or combine any covered work with a work licensed under version 3 of the GNU Affero General Public License into a single combined work, and to convey the resulting work. The terms of this License will continue to apply to the part which is the covered work, but the special requirements of the GNU Affero General Public License, section 13, concerning interaction through a network will apply to the combination as such. 14. Revised Versions of this License. The Free Software Foundation may publish revised and/or new versions of the GNU General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies that a certain numbered version of the GNU General Public License "or any later version" applies to it, you have the option of following the terms and conditions either of that numbered version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the GNU General Public License, you may choose any version ever published by the Free Software Foundation. If the Program specifies that a proxy can decide which future versions of the GNU General Public License can be used, that proxy's public statement of acceptance of a version permanently authorizes you to choose that version for the Program. Later license versions may give you additional or different permissions. However, no additional obligations are imposed on any author or copyright holder as a result of your choosing to follow a later version. 15. Disclaimer of Warranty. THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 16. Limitation of Liability. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 17. Interpretation of Sections 15 and 16. If the disclaimer of warranty and limitation of liability provided above cannot be given local legal effect according to their terms, reviewing courts shall apply local law that most closely approximates an absolute waiver of all civil liability in connection with the Program, unless a warranty or assumption of liability accompanies a copy of the Program in return for a fee. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. cdist Copyright (C) 2019 ungleich-public This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . Also add information on how to contact you by electronic and paper mail. If the program does terminal interaction, make it output a short notice like this when it starts in an interactive mode: cdist Copyright (C) 2019 ungleich-public This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, your program's commands might be different; for a GUI interface, you would use an "about box". You should also get your employer (if you work as a programmer) or school, if any, to sign a "copyright disclaimer" for the program, if necessary. For more information on this, and how to apply and follow the GNU GPL, see . The GNU General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. But first, please read . cdist/MANIFEST.in000066400000000000000000000001541427155744700137420ustar00rootroot00000000000000include docs/changelog recursive-include docs/gfx *.png *.text recursive-include docs *.text *.html *.1 *.7 cdist/Makefile000066400000000000000000000105331427155744700136460ustar00rootroot00000000000000# # 2013 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # .PHONY: help help: @echo "Please use \`make ' where is one of" @echo "man build only man user documentation" @echo "html build only html user documentation" @echo "docs build both man and html user documentation" @echo "dotman build man pages for types in your ~/.cdist directory" @echo "speeches build speeches pdf files" @echo "install install in the system site-packages directory" @echo "install-user install in the user site-packages directory" @echo "docs-clean clean documentation" @echo "clean clean" DOCS_SRC_DIR=./docs/src SPEECHDIR=./docs/speeches TYPEDIR=./cdist/conf/type SPHINXM=$(MAKE) -C $(DOCS_SRC_DIR) man SPHINXH=$(MAKE) -C $(DOCS_SRC_DIR) html SPHINXC=$(MAKE) -C $(DOCS_SRC_DIR) clean ################################################################################ # Manpages # MAN7DSTDIR=$(DOCS_SRC_DIR)/man7 # Manpages #1: Types # Use shell / ls to get complete list - $(TYPEDIR)/*/man.rst does not work # Using ls does not work if no file with given pattern exist, so use wildcard MANTYPESRC=$(wildcard $(TYPEDIR)/*/man.rst) MANTYPEPREFIX=$(subst $(TYPEDIR)/,$(MAN7DSTDIR)/cdist-type,$(MANTYPESRC)) MANTYPES=$(subst /man.rst,.rst,$(MANTYPEPREFIX)) # Link manpage: do not create man.html but correct named file $(MAN7DSTDIR)/cdist-type%.rst: $(TYPEDIR)/%/man.rst mkdir -p $(MAN7DSTDIR) ln -sf "../../../$^" $@ # Manpages #2: reference DOCSREF=$(MAN7DSTDIR)/cdist-reference.rst DOCSREFSH=$(DOCS_SRC_DIR)/cdist-reference.rst.sh $(DOCSREF): $(DOCSREFSH) $(DOCSREFSH) # Html types list with references DOCSTYPESREF=$(MAN7DSTDIR)/cdist-types.rst DOCSTYPESREFSH=$(DOCS_SRC_DIR)/cdist-types.rst.sh $(DOCSTYPESREF): $(DOCSTYPESREFSH) $(DOCSTYPESREFSH) DOCSCFGSKEL=./configuration/cdist.cfg.skeleton configskel: $(DOCSCFGSKEL) cp -f "$(DOCSCFGSKEL)" "$(DOCS_SRC_DIR)/" version: @[ -f "cdist/version.py" ] || { \ printf "Missing 'cdist/version.py', please generate it first.\n" && exit 1; \ } # Manpages #3: generic part man: version configskel $(MANTYPES) $(DOCSREF) $(DOCSTYPESREF) $(SPHINXM) html: version configskel $(MANTYPES) $(DOCSREF) $(DOCSTYPESREF) $(SPHINXH) docs: man html docs-clean: $(SPHINXC) # Manpages: .cdist Types DOT_CDIST_PATH=${HOME}/.cdist DOTMAN7DSTDIR=$(MAN7DSTDIR) DOTTYPEDIR=$(DOT_CDIST_PATH)/type DOTMANTYPESRC=$(wildcard $(DOTTYPEDIR)/*/man.rst) DOTMANTYPEPREFIX=$(subst $(DOTTYPEDIR)/,$(DOTMAN7DSTDIR)/cdist-type,$(DOTMANTYPESRC)) DOTMANTYPES=$(subst /man.rst,.rst,$(DOTMANTYPEPREFIX)) # Link manpage: do not create man.html but correct named file $(DOTMAN7DSTDIR)/cdist-type%.rst: $(DOTTYPEDIR)/%/man.rst ln -sf "$^" $@ dotman: version configskel $(DOTMANTYPES) $(DOCSREF) $(DOCSTYPESREF) $(SPHINXM) ################################################################################ # Speeches # SPEECHESOURCES=$(SPEECHDIR)/*.tex SPEECHES=$(SPEECHESOURCES:.tex=.pdf) # Create speeches and ensure Toc is up-to-date $(SPEECHDIR)/%.pdf: $(SPEECHDIR)/%.tex pdflatex -output-directory $(SPEECHDIR) $^ pdflatex -output-directory $(SPEECHDIR) $^ pdflatex -output-directory $(SPEECHDIR) $^ speeches: $(SPEECHES) ################################################################################ # Misc # clean: docs-clean rm -f $(DOCS_SRC_DIR)/cdist-reference.rst rm -f $(DOCS_SRC_DIR)/cdist-types.rst rm -f $(DOCS_SRC_DIR)/cdist.cfg.skeleton find "$(DOCS_SRC_DIR)" -mindepth 2 -type l \ | xargs rm -f find * -name __pycache__ | xargs rm -rf # distutils rm -rf ./build ################################################################################ # install # install: python3 setup.py install install-user: python3 setup.py install --user cdist/PKGBUILD.in000077500000000000000000000012731427155744700137430ustar00rootroot00000000000000#!/bin/sh version="$1" outfile=${0%.in} cat << eof > "${outfile}" pkgname=cdist pkgver=$version pkgrel=1 pkgdesc='A Usable Configuration Management System"' arch=('any') url='https://www.cdi.st/' license=('GPL3') depends=('python>=3.2.0') source=("http://pypi.python.org/packages/source/c/cdist/cdist-\${pkgver}.tar.gz") package() { cd cdist-\${pkgver} python3 setup.py build install --root="\${pkgdir}" find "\$pkgdir" -type d -exec chmod 0755 {} \; find "\$pkgdir" -type f -exec chmod a+r {} \; } eof makepkg -g >> "${outfile}" # Fix this issue: # error: failed to upload cdist-3.1.6-1.src.tar.gz: Error - all files must have permissions of 644 or 755. chmod a+r "${outfile}" cdist/README.md000066400000000000000000000020411427155744700134600ustar00rootroot00000000000000# cdist **cdist** is a usable configuration management system. It adheres to the [**KISS principle**](https://en.wikipedia.org/wiki/KISS_principle) and is being used in small up to enterprise grade environments. For more information have a look at [**homepage**](https://cdi.st) or at **``docs/src``** for manual in **reStructuredText** format. ## Contributing Merge/Pull requests can be made in both [upstream **GitLab**](https://code.ungleich.ch/ungleich-public/cdist/merge_requests) (managed by [**ungleich**](https://ungleich.ch)) and [**GitHub** project](https://github.com/ungleich/cdist/pulls). Issues can be made and other project management activites happen [**only in GitLab**](https://code.ungleich.ch/ungleich-public/cdist) (needs [**ungleich** account](https://account.ungleich.ch)). For community-maintained types there is [**cdist-contrib** project](https://code.ungleich.ch/ungleich-public/cdist-contrib). ## Participating IRC: ``#cdist`` @ [libera](https://libera.chat) Matrix: ``#cdist:ungleich.ch`` Matrix and IRC are bridged. cdist/bin/000077500000000000000000000000001427155744700127545ustar00rootroot00000000000000cdist/bin/cdist000077500000000000000000000055631427155744700140210ustar00rootroot00000000000000#!/usr/bin/env python3 # -*- coding: utf-8 -*- # # 2010-2016 Nico Schottelius (nico-cdist at schottelius.org) # 2016 Darko Poljak (darko.poljak at gmail.com) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # import logging import os import sys # See if this file's parent is cdist module # and if so add it to module search path. cdist_dir = os.path.realpath( os.path.join( os.path.dirname(os.path.realpath(__file__)), os.pardir)) cdist_init_dir = os.path.join(cdist_dir, 'cdist', '__init__.py') if os.path.exists(cdist_init_dir): sys.path.insert(0, cdist_dir) import cdist # noqa 402 import cdist.argparse # noqa 402 import cdist.banner # noqa 402 import cdist.config # noqa 402 import cdist.install # noqa 402 import cdist.shell # noqa 402 import cdist.inventory # noqa 402 def commandline(): """Parse command line""" # preos subcommand hack if len(sys.argv) > 1 and sys.argv[1] == 'preos': return cdist.preos.PreOS.commandline(sys.argv[1:]) parser, cfg = cdist.argparse.parse_and_configure(sys.argv[1:]) args = cfg.get_args() # Work around python 3.3 bug: # http://bugs.python.org/issue16308 # http://bugs.python.org/issue9253 # FIXME: catching AttributeError also hides # real problems.. try a different way # FIXME: we always print main help, not # the help of the actual parser being used! try: getattr(args, "func") except AttributeError: parser['main'].print_help() sys.exit(0) args.func(args) if __name__ == "__main__": if sys.version_info[:3] < cdist.MIN_SUPPORTED_PYTHON_VERSION: print( 'Python >= {} is required on the source host.'.format( ".".join(map(str, cdist.MIN_SUPPORTED_PYTHON_VERSION))), file=sys.stderr) sys.exit(1) exit_code = 0 try: import re import os if re.match("__", os.path.basename(sys.argv[0])): import cdist.emulator emulator = cdist.emulator.Emulator(sys.argv) emulator.run() else: commandline() except KeyboardInterrupt: exit_code = 2 except cdist.Error as e: log = logging.getLogger("cdist") log.error(e) exit_code = 1 sys.exit(exit_code) cdist/bin/cdist-dump000077500000000000000000000144241427155744700147600ustar00rootroot00000000000000#!/bin/sh VERSION="0.0.1" RELEASE="" set -u # set -x hosts= cache_dir=~/.cdist/cache do_all=1 do_global_explorer= do_type_explorer= do_script_stdout= do_script_stderr= do_gencode= do_code= do_messages= do_parameter= delimiter=':' ln= filename_prefix=1 verbose=0 myname=${0##*/} print_version() { printf "%s %s %s\n" "${myname}" "${VERSION}" "${RELEASE}" } usage() { cat << eof ${myname}: [options] [host...] eof print_version cat << eof Dump data from cache directories. host Dump data for specified hosts. If not specified then all data from cache directory is dumped. Options -a dump all -C CACHE-DIR use specified CACHE-DIR (default: ~/.cdist/cache) -c dump code-* -d DELIMITER delimiter used for filename and line number prefix (default: ':') -E dump global explorers -e dump type explorers -F disable filename prefix (enabled by default) -f enable filename prefix (default) -g dump gencode-* -h show this help screen and exit -L disable line number prefix (default) -l enable line number prefix (disabled by default) -m dump messages -o dump executions' stdout -p dump parameters -r dump executions' stderr -V show version and exit -v increase verbosity eof } exit_err() { printf "%s\n" "$1" exit 1 } # parse options while [ "$#" -ge 1 ] do case "$1" in -a) do_all=1 ;; -C) if [ "$#" -ge 2 ] then case "$2" in -*) exit_err "Missing cache directory" ;; *) cache_dir="$2" shift ;; esac else exit_err "Missing cache directory" fi ;; -c) do_code=1 do_all= ;; -d) if [ "$#" -ge 2 ] then case "$2" in -*) exit_err "Missing delimiter" ;; *) delimiter="$2" shift ;; esac else exit_err "Missing delimiter" fi ;; -E) do_global_explorer=1 do_all= ;; -e) do_type_explorer=1 do_all= ;; -F) filename_prefix= ;; -f) filename_prefix=1 ;; -g) do_gencode=1 do_all= ;; -h) usage exit 0 ;; -L) ln= ;; -l) ln=1 ;; -m) do_messages=1 do_all= ;; -o) do_script_stdout=1 do_all= ;; -p) do_parameter=1 do_all= ;; -r) do_script_stderr=1 do_all= ;; -V) print_version exit 0 ;; -v) verbose=$((verbose + 1)) ;; *) hosts="${hosts} $1" break ;; esac shift done if [ "${ln}" = "1" ] then ln="NR \"${delimiter}\"" fi if [ "${filename_prefix}" = "1" ] then filename_prefix="{}${delimiter}" fi if [ "${do_all}" = "1" ] then do_global_explorer=1 do_type_explorer=1 do_script_stdout=1 do_script_stderr=1 do_gencode=1 do_code=1 do_messages=1 do_parameter=1 fi set -- -size +0 set -- "$@" \( or= print_verbose() { if [ "${verbose}" -ge "$1" ] then printf "%s\n" "$2" fi } hor_line() { if [ $# -gt 0 ] then c="$1" else c='=' fi printf "%78s\n" "" | tr ' ' "${c}" } if [ "${do_global_explorer}" ] then print_verbose 2 "Dumping global explorers" # shellcheck disable=SC2086 set -- "$@" ${or} \( \ -path "*/explorer/*" -a \ ! -path "*/conf/*" -a \ ! -path "*/object/*/explorer/*" \ \) or="-o" fi if [ "${do_type_explorer}" ] then print_verbose 2 "Dumping type explorers" set -- "$@" ${or} -path "*/object/*/explorer/*" or="-o" fi if [ "${do_script_stdout}" ] then print_verbose 2 "Dumping execution's stdout" set -- "$@" ${or} -path "*/stdout/*" or="-o" fi if [ "${do_script_stderr}" ] then print_verbose 2 "Dumping execution's stderr" set -- "$@" ${or} -path "*/stderr/*" or="-o" fi if [ "${do_gencode}" ] then print_verbose 2 "Dumping gencode-*" set -- "$@" ${or} \( -name "gencode-*" -a ! -path "*/stdout/*" -a ! -path "*/stderr/*" \) or="-o" fi if [ "${do_code}" ] then print_verbose 2 "Dumping code-*" set -- "$@" ${or} \( -name "code-*" -a ! -path "*/stdout/*" -a ! -path "*/stderr/*" \) or="-o" fi if [ "${do_messages}" ] then print_verbose 2 "Dumping messages" set -- "$@" ${or} -name "messages" or="-o" fi if [ "${do_parameter}" ] then print_verbose 2 "Dumping parameters" set -- "$@" ${or} -path "*/parameter/*" or="-o" fi set -- "$@" \) set -- '.' "$@" -exec awk -v prefix="${filename_prefix}" "{print prefix ${ln} \$0}" {} \; # printf "+ %s\n" "$*" print_verbose 2 "Using cache dir: ${cache_dir}" OLD_PWD=$(pwd) cd "${cache_dir}" || exit # If no host is specified then search all. [ -z "${hosts}" ] && hosts="-" for host in ${hosts} do [ "${host}" = "-" ] && host= # find host cache directory host_dir=$(find . -name target_host -exec grep -l "${host}" {} +) print_verbose 3 "found host directory files:" print_verbose 3 "${host_dir}" OLD_IFS="${IFS}" IFS=" " for d in ${host_dir} do dir=$(dirname "${d}") print_verbose 0 "target host: $(cat "${dir}/target_host"), host directory: ${dir}" hor_line '=' PREV_PWD=$(pwd) cd "${dir}" || exit # set -x find "$@" # set +x cd "${PREV_PWD}" || exit done IFS="${OLD_IFS}" done cd "${OLD_PWD}" || exit cdist/bin/cdist-new-type000077500000000000000000000057621427155744700155700ustar00rootroot00000000000000#!/bin/sh basename="${0##*/}" if [ $# -lt 3 ] then printf "usage: %s TYPE-NAME AUTHOR-NAME AUTHOR-EMAIL [TYPE-BASE-PATH] TYPE-NAME Name of the type. AUTHOR-NAME Type author's full name. AUTHOR-EMAIL Type author's email. TYPE-BASE-PATH Path to the base directory of the type. If not set it defaults to '\$PWD/type'.\n" "${basename}" exit 1 fi type_name="$1" shift author_name="$1" shift author_email="$1" shift if [ $# -ge 1 ] then type_base_path="$1" shift else #type_base_path=~/.cdist/type type_base_path="$PWD/type" fi error() { printf "%s\n" "$*" >&2 } die() { error "$@" exit 1 } cd "$type_base_path" || die "Could not change to type directory: $type_base_path. You have to specify type base path or run me from within a cdist conf directory, e.g. ~/.cdist." year=$(date +%Y) copyright="# $year $author_name ($author_email)" license="# This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # " set -e mkdir "$type_name" cd "$type_name" ### man page header="cdist-type${type_name}(7)" header_length="${#header}" cat >> man.rst << DONE $header $(while [ "${header_length}" -gt 0 ]; do printf "="; header_length=$((header_length - 1)); done; printf "\n";) NAME ---- cdist-type${type_name} - TODO DESCRIPTION ----------- This space intentionally left blank. REQUIRED PARAMETERS ------------------- None. OPTIONAL PARAMETERS ------------------- None. BOOLEAN PARAMETERS ------------------ None. EXAMPLES -------- .. code-block:: sh # TODO ${type_name} SEE ALSO -------- :strong:\`TODO\`\\ (7) AUTHORS ------- $author_name <$author_email> COPYING ------- Copyright \(C) $year $author_name. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. DONE ### manifest cat >> manifest << DONE #!/bin/sh -e # ${copyright} # ${license} os=\$(cat "\$__global/explorer/os") case "\$os" in *) printf "Your operating system (%s) is currently not supported by this type (%s)\n" "\$os" "\${__type##*/}" >&2 printf "Please contribute an implementation for it if you can.\n" >&2 exit 1 ;; esac DONE chmod +x manifest # gencode-remote cat >> gencode-remote << DONE #!/bin/sh -e # ${copyright} # ${license} DONE chmod +x gencode-remote printf "%s/%s\n" "$type_base_path" "$type_name" cdist/cdist/000077500000000000000000000000001427155744700133125ustar00rootroot00000000000000cdist/cdist/__init__.py000066400000000000000000000232001427155744700154200ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # 2010-2015 Nico Schottelius (nico-cdist at schottelius.org) # 2012-2017 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # import os import hashlib import subprocess import cdist.log VERSION = 'unknown version' try: import cdist.version VERSION = cdist.version.VERSION except ModuleNotFoundError: cdist_dir = os.path.abspath( os.path.join(os.path.dirname(__file__), os.pardir)) if os.path.isdir(os.path.join(cdist_dir, '.git')): try: VERSION = subprocess.check_output( ['git', 'describe', '--always'], cwd=cdist_dir, universal_newlines=True) except Exception: pass BANNER = """ .. . .x+=:. s dF @88> z` ^% :8 '88bu. %8P . 0: output = [] label_begin = name + ":" + header_name output.append(label_begin) output.append('\n') output.append('-' * len(label_begin)) output.append('\n') with open(path, 'r') as fd: output.append(fd.read()) output.append('\n') result[name].append(''.join(output)) except UnicodeError as ue: result[name].append(('Cannot output {}:{} due to: {}.\n' 'You can try to read the error file "{}"' ' yourself.').format( name, header_name, ue, path)) return result def _stderr(self): return self._stdpath(self.stderr_paths, 'stderr') def _stdout(self): return self._stdpath(self.stdout_paths, 'stdout') def _update_dict_list(self, target, source): for x in source: if x not in target: target[x] = [] target[x].extend(source[x]) @property def std_streams(self): std_dict = {} self._update_dict_list(std_dict, self._stdout()) self._update_dict_list(std_dict, self._stderr()) return std_dict def __str__(self): output = [] output.append(self.message) output.append('\n\n') header = "Error processing " + self.entity_name under_header = '=' * len(header) output.append(header) output.append('\n') output.append(under_header) output.append('\n') for param_name, param_value in self.entity_params: output.append(param_name + ': ' + str(param_value)) output.append('\n') output.append('\n') for x in self.std_streams: output.append(''.join(self.std_streams[x])) return ''.join(output) class CdistObjectError(CdistEntityError): """Something went wrong while working on a specific cdist object""" def __init__(self, cdist_object, subject=''): params = [ ('name', cdist_object.name, ), ('path', cdist_object.absolute_path, ), ('source', " ".join(cdist_object.source), ), ('type', os.path.realpath( cdist_object.cdist_type.absolute_path), ), ] stderr_paths = [] for stderr_name in os.listdir(cdist_object.stderr_path): stderr_path = os.path.join(cdist_object.stderr_path, stderr_name) stderr_paths.append((stderr_name, stderr_path, )) stdout_paths = [] for stdout_name in os.listdir(cdist_object.stdout_path): stdout_path = os.path.join(cdist_object.stdout_path, stdout_name) stdout_paths.append((stdout_name, stdout_path, )) super().__init__("object '{}'".format(cdist_object.name), params, stdout_paths, stderr_paths, subject) class CdistObjectExplorerError(CdistEntityError): """ Something went wrong while working on a specific cdist object explorer """ def __init__(self, cdist_object, explorer_name, explorer_path, stderr_path, subject=''): params = [ ('object name', cdist_object.name, ), ('object path', cdist_object.absolute_path, ), ('object source', " ".join(cdist_object.source), ), ('object type', os.path.realpath( cdist_object.cdist_type.absolute_path), ), ('explorer name', explorer_name, ), ('explorer path', explorer_path, ), ] stdout_paths = [] stderr_paths = [ ('remote', stderr_path, ), ] super().__init__("explorer '{}' of object '{}'".format( explorer_name, cdist_object.name), params, stdout_paths, stderr_paths, subject) class InitialManifestError(CdistEntityError): """Something went wrong while executing initial manifest""" def __init__(self, initial_manifest, stdout_path, stderr_path, subject=''): params = [ ('path', initial_manifest, ), ] stdout_paths = [ ('init', stdout_path, ), ] stderr_paths = [ ('init', stderr_path, ), ] super().__init__('initial manifest', params, stdout_paths, stderr_paths, subject) class GlobalExplorerError(CdistEntityError): """Something went wrong while executing global explorer""" def __init__(self, name, path, stderr_path, subject=''): params = [ ('name', name, ), ('path', path, ), ] stderr_paths = [ ('remote', stderr_path, ), ] super().__init__("global explorer '{}'".format(name), params, [], stderr_paths, subject) def file_to_list(filename): """Return list from \n seperated file""" if os.path.isfile(filename): file_fd = open(filename, "r") lines = file_fd.readlines() file_fd.close() # Remove \n from all lines lines = map(lambda s: s.strip(), lines) else: lines = [] return lines def str_hash(s): """Return hash of string s""" if isinstance(s, str): return hashlib.md5(s.encode('utf-8')).hexdigest() else: raise Error("Param should be string") def home_dir(): if 'HOME' in os.environ: home = os.environ['HOME'] if home: rv = os.path.join(home, ".cdist") else: rv = None else: rv = None return rv cdist/cdist/argparse.py000066400000000000000000000557321427155744700155040ustar00rootroot00000000000000import argparse import cdist import multiprocessing import logging import collections import functools import cdist.configuration import cdist.log import cdist.preos import cdist.info import cdist.scan.commandline # set of beta sub-commands BETA_COMMANDS = set(('install', 'inventory', 'scan', )) # set of beta arguments for sub-commands BETA_ARGS = { 'config': set(('tag', 'all_tagged_hosts', 'use_archiving', )), } EPILOG = "Get cdist at https://code.ungleich.ch/ungleich-public/cdist" # Parser others can reuse parser = None _verbosity_level_off = -2 _verbosity_level = { None: logging.WARNING, _verbosity_level_off: logging.OFF, -1: logging.ERROR, 0: logging.WARNING, 1: logging.INFO, 2: logging.VERBOSE, 3: logging.DEBUG, 4: logging.TRACE, } # Generate verbosity level constants: # VERBOSE_OFF, VERBOSE_ERROR, VERBOSE_WARNING, VERBOSE_INFO, VERBOSE_VERBOSE, # VERBOSE_DEBUG, VERBOSE_TRACE. this_globals = globals() for level in _verbosity_level: const = 'VERBOSE_' + logging.getLevelName(_verbosity_level[level]) this_globals[const] = level # All verbosity levels above 4 are TRACE. _verbosity_level = collections.defaultdict( lambda: logging.TRACE, _verbosity_level) def add_beta_command(cmd): BETA_COMMANDS.add(cmd) def add_beta_arg(cmd, arg): if cmd in BETA_ARGS: if arg not in BETA_ARGS[cmd]: BETA_ARGS[cmd].append(arg) else: BETA_ARGS[cmd] = set((arg, )) def check_beta(args_dict): if 'beta' not in args_dict: args_dict['beta'] = False # Check only if beta is not enabled: if beta option is specified then # raise error. if not args_dict['beta']: cmd = args_dict['command'] # first check if command is beta if cmd in BETA_COMMANDS: raise cdist.CdistBetaRequired(cmd) # then check if some command's argument is beta if cmd in BETA_ARGS: for arg in BETA_ARGS[cmd]: if arg in args_dict and args_dict[arg]: raise cdist.CdistBetaRequired(cmd, arg) def check_lower_bounded_int(value, lower_bound, name): try: val = int(value) except ValueError: raise argparse.ArgumentTypeError( "{} is invalid int value".format(value)) if val < lower_bound: raise argparse.ArgumentTypeError( "{} is invalid {} value".format(val, name)) return val def get_parsers(): global parser # Construct parser others can reuse if parser: return parser else: parser = {} # Options _all_ parsers have in common parser['loglevel'] = argparse.ArgumentParser(add_help=False) parser['loglevel'].add_argument( '-l', '--log-level', metavar='LOGLEVEL', type=functools.partial(check_lower_bounded_int, lower_bound=-1, name="log level"), help=('Set the specified verbosity level. ' 'The levels, in order from the lowest to the highest, are: ' 'ERROR (-1), WARNING (0), INFO (1), VERBOSE (2), DEBUG (3), ' 'TRACE (4 or higher). If used along with -v then -v ' 'increases last set value and -l overwrites last set ' 'value.'), action='store', dest='verbose', required=False) parser['loglevel'].add_argument( '-q', '--quiet', help='Quiet mode: disables logging, including WARNING and ERROR.', action='store_true', default=False) parser['loglevel'].add_argument( '-v', '--verbose', help=('Increase the verbosity level. Every instance of -v ' 'increments the verbosity level by one. Its default value ' 'is 0 which includes ERROR and WARNING levels. ' 'The levels, in order from the lowest to the highest, are: ' 'ERROR (-1), WARNING (0), INFO (1), VERBOSE (2), DEBUG (3) ' 'TRACE (4 or higher). If used along with -l then -l ' 'overwrites last set value and -v increases last set ' 'value.'), action='count', default=None) parser['colored_output'] = argparse.ArgumentParser(add_help=False) parser['colored_output'].add_argument( '--colors', metavar='WHEN', help="Colorize cdist's output based on log level; " "WHEN is 'always', 'never', or 'auto'.", action='store', dest='colored_output', required=False, choices=cdist.configuration.ColoredOutputOption.CHOICES) parser['beta'] = argparse.ArgumentParser(add_help=False) parser['beta'].add_argument( '-b', '--beta', help=('Enable beta functionality. '), action='store_true', dest='beta', default=None) # Main subcommand parser parser['main'] = argparse.ArgumentParser( description='cdist ' + cdist.VERSION) parser['main'].add_argument( '-V', '--version', help='Show version.', action='version', version='%(prog)s ' + cdist.VERSION) parser['sub'] = parser['main'].add_subparsers( title="Commands", dest="command") # Banner parser['banner'] = parser['sub'].add_parser( 'banner', parents=[parser['loglevel']]) parser['banner'].set_defaults(func=cdist.banner.banner) parser['inventory_common'] = argparse.ArgumentParser(add_help=False) parser['inventory_common'].add_argument( '-I', '--inventory', help=('Use specified custom inventory directory. ' 'Inventory directory is set up by the following rules: ' 'if cdist configuration resolves this value then specified ' 'directory is used, ' 'if HOME env var is set then ~/.cdist/inventory is ' 'used, otherwise distribution inventory directory is used.'), dest="inventory_dir", required=False) parser['common'] = argparse.ArgumentParser(add_help=False) parser['common'].add_argument( '-g', '--config-file', help=('Use specified custom configuration file.'), dest="config_file", required=False) # Config parser['config_main'] = argparse.ArgumentParser(add_help=False) parser['config_main'].add_argument( '-4', '--force-ipv4', help=('Force to use IPv4 addresses only. No influence for custom' ' remote commands.'), action='store_const', dest='force_ipv', const=4) parser['config_main'].add_argument( '-6', '--force-ipv6', help=('Force to use IPv6 addresses only. No influence for custom' ' remote commands.'), action='store_const', dest='force_ipv', const=6) parser['config_main'].add_argument( '-C', '--cache-path-pattern', help=('Specify custom cache path pattern. If ' 'it is not set then default hostdir is used.'), dest='cache_path_pattern', default=None) parser['config_main'].add_argument( '-c', '--conf-dir', help=('Add configuration directory (can be repeated, ' 'last one wins).'), action='append') parser['config_main'].add_argument( '-i', '--initial-manifest', help='Path to a cdist manifest or \'-\' to read from stdin.', dest='manifest', required=False) parser['config_main'].add_argument( '-j', '--jobs', nargs='?', type=functools.partial(check_lower_bounded_int, lower_bound=1, name="positive int"), help=('Operate in parallel in specified maximum number of jobs. ' 'Global explorers, object prepare and object run are ' 'supported. Without argument CPU count is used by default. '), action='store', dest='jobs', const=multiprocessing.cpu_count()) parser['config_main'].add_argument( '--log-server', action='store_true', help=('Start a log server for sub processes to use. ' 'This is mainly useful when running cdist nested ' 'from a code-local script. Log server is alwasy ' 'implicitly started for \'install\' command.')) parser['config_main'].add_argument( '-n', '--dry-run', help='Do not execute code.', action='store_true') parser['config_main'].add_argument( '-o', '--out-dir', help='Directory to save cdist output in.', dest="out_path") parser['config_main'].add_argument( '-P', '--timestamp', help=('Timestamp log messages with the current local date and time ' 'in the format: YYYYMMDDHHMMSS.us.'), action='store_true', dest='timestamp') parser['config_main'].add_argument( '-R', '--use-archiving', nargs='?', choices=('tar', 'tgz', 'tbz2', 'txz',), help=('Operate by using archiving with compression where ' 'appropriate. Supported values are: tar - tar archive, ' 'tgz - gzip tar archive (the default), ' 'tbz2 - bzip2 tar archive and txz - lzma tar archive. ' 'Currently in beta.'), action='store', dest='use_archiving', const='tgz') # remote-copy and remote-exec defaults are environment variables # if set; if not then None - these will be futher handled after # parsing to determine implementation default parser['config_main'].add_argument( '-r', '--remote-out-dir', help='Directory to save cdist output in on the target host.', dest="remote_out_path") parser['config_main'].add_argument( '--remote-copy', help='Command to use for remote copy (should behave like scp).', action='store', dest='remote_copy', default=None) parser['config_main'].add_argument( '--remote-exec', help=('Command to use for remote execution ' '(should behave like ssh).'), action='store', dest='remote_exec', default=None) parser['config_main'].add_argument( '-S', '--disable-saving-output-streams', help='Disable saving output streams.', action='store_false', dest='save_output_streams', default=True) # Config parser['config_args'] = argparse.ArgumentParser(add_help=False) parser['config_args'].add_argument( '-A', '--all-tagged', help=('Use all hosts present in tags db. Currently in beta.'), action="store_true", dest="all_tagged_hosts", default=False) parser['config_args'].add_argument( '-a', '--all', help=('List hosts that have all specified tags, ' 'if -t/--tag is specified.'), action="store_true", dest="has_all_tags", default=False) parser['config_args'].add_argument( '-f', '--file', help=('Read specified file for a list of additional hosts to ' 'operate on or if \'-\' is given, read stdin (one host per ' 'line).'), dest='hostfile', required=False) parser['config_args'].add_argument( '-p', '--parallel', nargs='?', metavar='HOST_MAX', type=functools.partial(check_lower_bounded_int, lower_bound=1, name="positive int"), help=('Operate on multiple hosts in parallel for specified maximum ' 'hosts at a time. Without argument CPU count is used by ' 'default.'), action='store', dest='parallel', const=multiprocessing.cpu_count()) parser['config_args'].add_argument( '-s', '--sequential', help='Operate on multiple hosts sequentially (default).', action='store_const', dest='parallel', const=0) parser['config_args'].add_argument( '-t', '--tag', help=('Host is specified by tag, not hostname/address; ' 'list all hosts that contain any of specified tags. ' 'Currently in beta.'), dest='tag', required=False, action="store_true", default=False) parser['config_args'].add_argument( 'host', nargs='*', help='Host(s) to operate on.') parser['config'] = parser['sub'].add_parser( 'config', parents=[parser['loglevel'], parser['beta'], parser['colored_output'], parser['common'], parser['config_main'], parser['inventory_common'], parser['config_args']]) parser['config'].set_defaults(func=cdist.config.Config.commandline) # Install parser['install'] = parser['sub'].add_parser('install', add_help=False, parents=[parser['config']]) parser['install'].set_defaults(func=cdist.install.Install.commandline) # Inventory parser['inventory'] = parser['sub'].add_parser('inventory') parser['invsub'] = parser['inventory'].add_subparsers( title="Inventory commands", dest="subcommand") parser['add-host'] = parser['invsub'].add_parser( 'add-host', parents=[parser['loglevel'], parser['beta'], parser['colored_output'], parser['common'], parser['inventory_common']]) parser['add-host'].add_argument( 'host', nargs='*', help='Host(s) to add.') parser['add-host'].add_argument( '-f', '--file', help=('Read additional hosts to add from specified file ' 'or from stdin if \'-\' (each host on separate line). '), dest='hostfile', required=False) parser['add-tag'] = parser['invsub'].add_parser( 'add-tag', parents=[parser['loglevel'], parser['beta'], parser['colored_output'], parser['common'], parser['inventory_common']]) parser['add-tag'].add_argument( 'host', nargs='*', help='List of host(s) for which tags are added.') parser['add-tag'].add_argument( '-f', '--file', help=('Read additional hosts to add tags from specified file ' 'or from stdin if \'-\' (each host on separate line). '), dest='hostfile', required=False) parser['add-tag'].add_argument( '-T', '--tag-file', help=('Read additional tags to add from specified file ' 'or from stdin if \'-\' (each tag on separate line). '), dest='tagfile', required=False) parser['add-tag'].add_argument( '-t', '--taglist', help=("Tag list to be added for specified host(s), comma separated" " values."), dest="taglist", required=False) parser['del-host'] = parser['invsub'].add_parser( 'del-host', parents=[parser['loglevel'], parser['beta'], parser['colored_output'], parser['common'], parser['inventory_common']]) parser['del-host'].add_argument( 'host', nargs='*', help='Host(s) to delete.') parser['del-host'].add_argument( '-a', '--all', help=('Delete all hosts.'), dest='all', required=False, action="store_true", default=False) parser['del-host'].add_argument( '-f', '--file', help=('Read additional hosts to delete from specified file ' 'or from stdin if \'-\' (each host on separate line). '), dest='hostfile', required=False) parser['del-tag'] = parser['invsub'].add_parser( 'del-tag', parents=[parser['loglevel'], parser['beta'], parser['colored_output'], parser['common'], parser['inventory_common']]) parser['del-tag'].add_argument( 'host', nargs='*', help='List of host(s) for which tags are deleted.') parser['del-tag'].add_argument( '-a', '--all', help=('Delete all tags for specified host(s).'), dest='all', required=False, action="store_true", default=False) parser['del-tag'].add_argument( '-f', '--file', help=('Read additional hosts to delete tags for from specified ' 'file or from stdin if \'-\' (each host on separate ' 'line). '), dest='hostfile', required=False) parser['del-tag'].add_argument( '-T', '--tag-file', help=('Read additional tags from specified file ' 'or from stdin if \'-\' (each tag on separate line). '), dest='tagfile', required=False) parser['del-tag'].add_argument( '-t', '--taglist', help=("Tag list to be deleted for specified host(s), " "comma separated values."), dest="taglist", required=False) parser['list'] = parser['invsub'].add_parser( 'list', parents=[parser['loglevel'], parser['beta'], parser['colored_output'], parser['common'], parser['inventory_common']]) parser['list'].add_argument( 'host', nargs='*', help='Host(s) to list.') parser['list'].add_argument( '-a', '--all', help=('List hosts that have all specified tags, ' 'if -t/--tag is specified.'), action="store_true", dest="has_all_tags", default=False) parser['list'].add_argument( '-f', '--file', help=('Read additional hosts to list from specified file ' 'or from stdin if \'-\' (each host on separate line). ' 'If no host or host file is specified then, by default, ' 'list all.'), dest='hostfile', required=False) parser['list'].add_argument( '-H', '--host-only', help=('Suppress tags listing.'), action="store_true", dest="list_only_host", default=False) parser['list'].add_argument( '-t', '--tag', help=('Host is specified by tag, not hostname/address; ' 'list all hosts that contain any of specified tags.'), action="store_true", default=False) parser['inventory'].set_defaults( func=cdist.inventory.Inventory.commandline) # PreOS parser['preos'] = parser['sub'].add_parser('preos', add_help=False) # Shell parser['shell'] = parser['sub'].add_parser( 'shell', parents=[parser['loglevel'], parser['colored_output']]) parser['shell'].add_argument( '-s', '--shell', help=('Select shell to use, defaults to current shell. Used shell' ' should be POSIX compatible shell.')) parser['shell'].set_defaults(func=cdist.shell.Shell.commandline) # Info parser['info'] = parser['sub'].add_parser('info') parser['info'].add_argument( '-a', '--all', help='Display all info. This is the default.', action='store_true', default=False) parser['info'].add_argument( '-c', '--conf-dir', help='Add configuration directory (can be repeated).', action='append') parser['info'].add_argument( '-e', '--global-explorers', help='Display info for global explorers.', action='store_true', default=False) parser['info'].add_argument( '-F', '--fixed-string', help='Interpret pattern as a fixed string.', action='store_true', default=False) parser['info'].add_argument( '-f', '--full', help='Display full details.', action='store_true', default=False) parser['info'].add_argument( '-g', '--config-file', help='Use specified custom configuration file.', dest="config_file", required=False) parser['info'].add_argument( '-t', '--types', help='Display info for types.', action='store_true', default=False) parser['info'].add_argument( 'pattern', nargs='?', help='Glob pattern.') parser['info'].set_defaults(func=cdist.info.Info.commandline) # Scan = config + further parser['scan'] = parser['sub'].add_parser('scan', add_help=False, parents=[parser['config']]) parser['scan'] = parser['sub'].add_parser( 'scan', parents=[parser['loglevel'], parser['beta'], parser['colored_output'], parser['common'], parser['config_main']]) parser['scan'].add_argument( '-m', '--mode', help='Which modes should run', action='append', default=[], choices=['scan', 'trigger', 'config']) parser['scan'].add_argument( '--list', action='store_true', help='List the known hosts and exit') parser['scan'].add_argument( '--config', action='store_true', help='Try to configure detected hosts') parser['scan'].add_argument( '-I', '--interface', action='append', default=[], required=True, help='On which interfaces to scan/trigger') parser['scan'].add_argument( '--name-mapper', action='store', default=None, help='Map addresses to names, required for config mode') parser['scan'].add_argument( '-d', '--config-delay', action='store', default=3600, type=int, help='How long (seconds) to wait before reconfiguring after last try') parser['scan'].add_argument( '-t', '--trigger-delay', action='store', default=5, type=int, help='How long (seconds) to wait between ICMPv6 echo requests') parser['scan'].set_defaults(func=cdist.scan.commandline.commandline) for p in parser: parser[p].epilog = EPILOG return parser def handle_loglevel(args): if hasattr(args, 'quiet') and args.quiet: args.verbose = _verbosity_level_off logging.getLogger().setLevel(_verbosity_level[args.verbose]) def handle_log_colors(args): if cdist.configuration.ColoredOutputOption.translate(args.colored_output): cdist.log.CdistFormatter.USE_COLORS = True def parse_and_configure(argv, singleton=True): parser = get_parsers() parser_args = parser['main'].parse_args(argv) try: cfg = cdist.configuration.Configuration(parser_args, singleton=singleton) args = cfg.get_args() except ValueError as e: raise cdist.Error(str(e)) # Loglevels are handled globally in here handle_loglevel(args) handle_log_colors(args) log = logging.getLogger("cdist") log.verbose("version %s", cdist.VERSION) log.trace('command line args: %s', cfg.command_line_args) log.trace('configuration: %s', cfg.get_config()) log.trace('configured args: %s', args) check_beta(vars(args)) return parser, cfg cdist/cdist/autil.py000066400000000000000000000033311427155744700150020ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # 2017 Darko Poljak (darko.poljak at gmail.com) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # import cdist import tarfile import os import glob import tempfile _ARCHIVING_MODES = { 'tar': '', 'tgz': 'gz', 'tbz2': 'bz2', 'txz': 'xz', } _UNARCHIVE_OPT = { 'tar': None, 'tgz': '-z', 'tbz2': '-j', 'txz': '-J', } # Archiving will be enabled if directory contains more than FILES_LIMIT files. FILES_LIMIT = 1 def get_extract_option(mode): return _UNARCHIVE_OPT[mode] def tar(source, mode="tgz"): if mode not in _ARCHIVING_MODES: raise cdist.Error("Unsupported archiving mode {}.".format(mode)) files = glob.glob1(source, '*') fcnt = len(files) if fcnt <= FILES_LIMIT: return None, fcnt tarmode = 'w:{}'.format(_ARCHIVING_MODES[mode]) _, tarpath = tempfile.mkstemp(suffix='.' + mode) with tarfile.open(tarpath, tarmode, dereference=True) as tar: if os.path.isdir(source): for f in files: tar.add(os.path.join(source, f), arcname=f) else: tar.add(source) return tarpath, fcnt cdist/cdist/banner.py000066400000000000000000000015461427155744700151370ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # 2011-2012 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # import logging import cdist log = logging.getLogger(__name__) def banner(args): """Guess what :-)""" print(cdist.BANNER) cdist/cdist/conf/000077500000000000000000000000001427155744700142375ustar00rootroot00000000000000cdist/cdist/conf/README000066400000000000000000000002261427155744700151170ustar00rootroot00000000000000This is a sample configuration that can be used as an example for /etc/cdist. For instance: [root@kr etc]# ln -s ~nico/p/cdist/conf/ /etc/cdist cdist/cdist/conf/explorer/000077500000000000000000000000001427155744700160775ustar00rootroot00000000000000cdist/cdist/conf/explorer/cpu_cores000077500000000000000000000023661427155744700200160ustar00rootroot00000000000000#!/bin/sh # # 2014 Daniel Heule (hda at sfs.biz) # 2014 Thomas Oettli (otho at sfs.biz) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # FIXME: other system types (not linux ...) os=$("$__explorer/os") case "$os" in "macosx") sysctl -n hw.physicalcpu ;; "openbsd") sysctl -n hw.ncpuonline ;; "freebsd"|"netbsd") PATH=$(getconf PATH) sysctl -n hw.ncpu ;; *) if [ -r /proc/cpuinfo ]; then cores="$(grep "core id" /proc/cpuinfo | sort | uniq | wc -l)" if [ "${cores}" -eq 0 ]; then cores="1" fi echo "$cores" fi ;; esac cdist/cdist/conf/explorer/cpu_sockets000077500000000000000000000022731427155744700203530ustar00rootroot00000000000000#!/bin/sh # # 2014 Daniel Heule (hda at sfs.biz) # 2014 Thomas Oettli (otho at sfs.biz) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # FIXME: other system types (not linux ...) os=$("$__explorer/os") case "$os" in "macosx") system_profiler SPHardwareDataType | grep "Number of Processors" | awk -F': ' '{print $2}' ;; *) if [ -r /proc/cpuinfo ]; then sockets="$(grep "physical id" /proc/cpuinfo | sort -u | wc -l)" if [ "${sockets}" -eq 0 ]; then sockets="$(grep -c "processor" /proc/cpuinfo)" fi echo "${sockets}" fi ;; esac cdist/cdist/conf/explorer/disks000077500000000000000000000042351427155744700171460ustar00rootroot00000000000000#!/bin/sh -e # # based on previous work by other people, modified by: # 2020 Dennis Camera # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # Finds disks of the system (excl. ram disks, floppy, cdrom) uname_s="$(uname -s)" case $uname_s in FreeBSD) sysctl -n kern.disks ;; OpenBSD) sysctl -n hw.disknames | grep -Eo '[lsw]d[0-9]+' ;; NetBSD) PATH=$(getconf PATH) sysctl -n hw.disknames | awk -v RS=' ' '/^[lsw]d[0-9]+/' ;; Linux) # list of major device numbers toexclude: # ram disks, floppies, cdroms # https://www.kernel.org/doc/Documentation/admin-guide/devices.txt ign_majors='1 2 11' if command -v lsblk >/dev/null 2>&1 then lsblk -e "$(echo "$ign_majors" | tr ' ' ',')" -dno name elif test -d /sys/block/ then # shellcheck disable=SC2012 ls -1 /sys/block/ \ | awk -v ign_majors="$(echo "$ign_majors" | tr ' ' '|')" ' { devfile = "/sys/block/" $0 "/dev" getline devno < devfile close(devfile) if (devno !~ "^(" ign_majors "):") print }' else echo "Don't know how to list disks on Linux without lsblk and sysfs." >&2 echo 'If you can, please submit a patch.'>&2 fi ;; *) printf "Don't know how to list disks for %s operating system.\n" "${uname_s}" >&2 printf 'If you can please submit a patch\n' >&2 ;; esac \ | xargs cdist/cdist/conf/explorer/hostname000077500000000000000000000014641427155744700176500ustar00rootroot00000000000000#!/bin/sh # # 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Retrieve the running hostname # if command -v hostname >/dev/null then hostname else uname -n fi cdist/cdist/conf/explorer/init000077500000000000000000000220001427155744700167620ustar00rootroot00000000000000#!/bin/sh -e # # 2016 Daniel Heule (hda at sfs.biz) # Copyright 2017, Philippe Gregoire # 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Returns the name of the init system (PID 1) # Expected values: # Linux: # Adélie Linux: # sysvinit+openrc # Alpine Linux: # busybox-init+openrc # ArchLinux: # systemd, sysvinit # CRUX: # sysvinit # Debian: # systemd, upstart, sysvinit, openrc, ??? # Devuan: # sysvinit, sysvinit+openrc # Gentoo: # sysvinit+openrc, openrc-init, systemd # OpenBMC: # systemd # OpenWrt: # procd, init??? # RedHat (RHEL, CentOS, Fedora, RedHat Linux, ...): # systemd, upstart, upstart-legacy, sysvinit # Slackware: # sysvinit # SuSE: # systemd, sysvinit # Ubuntu: # systemd, upstart, upstart-legacy, sysvinit # VoidLinux: # runit # # GNU: # Debian: # sysvinit, hurd-init # # BSD: # {Free,Open,Net}BSD: # init # # Mac OS X: # launchd, init+SystemStarter # # Solaris/Illumos: # smf, init??? # NOTE: init systems can be stacked. This is popular to run OpenRC on top of # sysvinit (Gentoo) or busybox-init (Alpine), but can also be used to run runit # as a systemd service. This makes init system detection very complicated # (which result is expected?) This script tries to untangle some combinations, # OpenRC on top of sysv or busybox (X+openrc), but will ignore others (runit as # a systemd service) # NOTE: When we have no idea, nothing will be printed! # NOTE: # When trying to gather information about the init system make sure to do so # without calling the binary! On some systems this triggers a reinitialisation # of the system which we don't want (e.g. embedded systems). set -e KERNEL_NAME=$(uname -s) KNOWN_INIT_SYSTEMS=$(cat </dev/null 2>&1 || return 1 launchctl getenv PATH >/dev/null || return 1 echo launchd } check_openrc() { test -f /run/openrc/softlevel || return 1 echo openrc } check_procd() ( procd_path=${1:-/sbin/procd} test -x "${procd_path}" || return 1 grep -q 'procd' "${procd_path}" || return 1 echo procd ) check_runit() { test -d /run/runit || return 1 echo runit } check_smf() { # XXX: Is this the correct way?? test -f /etc/svc/volatile/svc_nonpersist.db || return 1 echo smf } check_systemd() { # NOTE: sd_booted(3) test -d /run/systemd/system/ || return 1 # systemctl --version | sed -e '/^systemd/!d;s/^systemd //' echo systemd } check_systemstarter() { test -d /System/Library/StartupItems/ || return 1 test -f /System/Library/StartupItems/LoginWindow/StartupParameters.plist || return 1 echo init+SystemStarter } check_sysvinit() ( init_path=${1:-/sbin/init} test -x "${init_path}" || return 1 grep -q 'INIT_VERSION=sysvinit-[0-9.]*' "${init_path}" || return 1 # It is quite common to use SysVinit to stack other init systemd # (like OpenRC) on top of it. So we check for that, too. if stacked=$(check_openrc) then echo "sysvinit+${stacked}" else echo sysvinit fi unset stacked ) check_upstart() { test -x "$(command -v initctl)" || return 1 case $(initctl version) in *'(upstart '*')') if test -d /etc/init then # modern (DBus-based?) upstart >= 0.5 echo upstart elif test -d /etc/event.d then # ancient upstart echo upstart-legacy else # whatever... echo upstart fi ;; *) return 1 ;; esac } find_init_procfs() ( # First, check if the required file in procfs exists... test -h /proc/1/exe || return 1 # Find init executable init_exe=$(ls -l /proc/1/exe 2>/dev/null) || return 1 init_exe=${init_exe#* -> } if ! test -x "$init_exe" then # On some rare occasions it can happen that the # running init's binary has been replaced. In this # case Linux adjusts the symlink to "X (deleted)" # [root@fedora-12 ~]# readlink /proc/1/exe # /sbin/init (deleted) # [root@fedora-12 ~]# ls -l /proc/1/exe # lrwxrwxrwx. 1 root root 0 2020-01-30 23:00 /proc/1/exe -> /sbin/init (deleted) init_exe=${init_exe% (deleted)} test -x "$init_exe" || return 1 fi echo "${init_exe}" ) guess_by_path() { case $1 in /bin/busybox) check_busybox_init "$1" && return ;; /lib/systemd/systemd) check_systemd "$1" && return ;; /hurd/init) check_hurd_init "$1" && return ;; /sbin/launchd) check_launchd "$1" && return ;; /usr/bin/runit|/sbin/runit) check_runit "$1" && return ;; /sbin/openrc-init) if check_openrc "$1" >/dev/null then echo openrc-init return fi ;; /sbin/procd) check_procd "$1" && return ;; /sbin/init|*/init) # init: it could be anything -> (explicit) no match return 1 ;; esac # No match return 1 } guess_by_comm_name() { case $1 in busybox) check_busybox_init && return ;; openrc-init) if check_openrc >/dev/null then echo openrc-init return 0 fi ;; init) # init could be anything -> no match return 1 ;; *) # Run check function by comm name if available. # Fall back to comm name if either it does not exist or # returns non-zero. if type "check_$1" >/dev/null then "check_$1" && return else echo "$1" ; return 0 fi esac return 1 } check_list() ( # List must be a multi-line input on stdin (one name per line) while read -r init do "check_${init}" || continue return 0 done return 1 ) # BusyBox's versions of ps and pgrep do not support some options # depending on which compile-time options have been used. find_init_pgrep() { pgrep -P0 -fl 2>/dev/null | awk -F '[[:blank:]]' '$1 == 1 { print $2 }' } find_init_ps() { case $KERNEL_NAME in Darwin) ps -o command -p 1 2>/dev/null | tail -n +2 ;; FreeBSD) ps -o args= -p 1 2>/dev/null | cut -d ' ' -f 1 ;; Linux) ps -o comm= -p 1 2>/dev/null ;; NetBSD) ps -o comm= -p 1 2>/dev/null ;; OpenBSD) ps -o args -p 1 2>/dev/null | tail -n +2 | cut -d ' ' -f 1 ;; *) ps -o args= -p 1 2>/dev/null ;; esac | trim # trim trailing whitespace (some ps like Darwin add it) } find_init() { case $KERNEL_NAME in Linux|GNU|NetBSD) find_init_procfs || find_init_pgrep || find_init_ps ;; FreeBSD) find_init_procfs || find_init_ps ;; OpenBSD) find_init_pgrep || find_init_ps ;; Darwin|SunOS) find_init_ps ;; *) echo "Don't know how to determine init." >&2 echo 'Please send a patch.' >&2 exit 1 esac } # ----- init=$(find_init) # If we got a path, guess by the path first (fall back to file name if no match) # else guess by file name directly. # shellcheck disable=SC2015 { test -x "${init}" \ && guess_by_path "${init}" \ || guess_by_comm_name "$(basename "${init}")" } && exit 0 || true # Guessing based on the file path and name didn’t lead to a definitive result. # # We go through all of the checks until we find a match. To speed up the # process, common cases will be checked first based on the underlying kernel. { common_candidates_by_kernel; echo "${KNOWN_INIT_SYSTEMS}"; } \ | unique | check_list cdist/cdist/conf/explorer/interfaces000077500000000000000000000016411427155744700201520ustar00rootroot00000000000000#!/bin/sh -e # # 2019 Ander Punnar (ander-at-kvlt-dot-ee) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # if command -v ip >/dev/null then ip -o link show | sed -n 's/^[0-9]\+: \(.\+\): <.*/\1/p' elif command -v ifconfig >/dev/null then ifconfig -a | sed -n -E 's/^(.*)(:[[:space:]]*flags=|Link encap).*/\1/p' fi \ | sort -u cdist/cdist/conf/explorer/is-freebsd-jail000077500000000000000000000001101427155744700207550ustar00rootroot00000000000000#!/bin/sh sysctl -n security.jail.jailed 2>/dev/null | grep "1" || true cdist/cdist/conf/explorer/kernel_name000077500000000000000000000000231427155744700203000ustar00rootroot00000000000000#!/bin/sh uname -s cdist/cdist/conf/explorer/lsb_codename000077500000000000000000000021021427155744700204330ustar00rootroot00000000000000#!/bin/sh # # 2011 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # set +e case "$("$__explorer/os")" in checkpoint) awk '{printf("%s\n", $(NF-1))}' /etc/cp-release ;; openwrt) # shellcheck disable=SC1091 (. /etc/openwrt_release && echo "$DISTRIB_CODENAME") ;; *) lsb_release=$(command -v lsb_release) if [ -x "$lsb_release" ]; then $lsb_release --short --codename fi ;; esac cdist/cdist/conf/explorer/lsb_description000077500000000000000000000020541427155744700212110ustar00rootroot00000000000000#!/bin/sh # # 2011 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # set +e case "$("$__explorer/os")" in checkpoint) cat /etc/cp-release ;; openwrt) # shellcheck disable=SC1091 (. /etc/openwrt_release && echo "$DISTRIB_DESCRIPTION") ;; *) lsb_release=$(command -v lsb_release) if [ -x "$lsb_release" ]; then $lsb_release --short --description fi ;; esac cdist/cdist/conf/explorer/lsb_id000077500000000000000000000020301427155744700172540ustar00rootroot00000000000000#!/bin/sh # # 2011 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # set +e case "$("$__explorer/os")" in checkpoint) echo "CheckPoint" ;; openwrt) # shellcheck disable=SC1091 (. /etc/openwrt_release && echo "$DISTRIB_ID") ;; *) lsb_release=$(command -v lsb_release) if [ -x "$lsb_release" ]; then $lsb_release --short --id fi ;; esac cdist/cdist/conf/explorer/lsb_release000077500000000000000000000021141427155744700203030ustar00rootroot00000000000000#!/bin/sh # # 2011 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # set +e case "$("$__explorer/os")" in checkpoint) sed /etc/cp-release -e 's/.* R\([1-9][0-9]*\)\.[0-9]*$/\1/' ;; openwrt) # shellcheck disable=SC1091 (. /etc/openwrt_release && echo "$DISTRIB_RELEASE") ;; *) lsb_release=$(command -v lsb_release) if [ -x "$lsb_release" ]; then $lsb_release --short --release fi ;; esac cdist/cdist/conf/explorer/machine000077500000000000000000000014551427155744700174360ustar00rootroot00000000000000#!/bin/sh # # 2010-2011 Andi Brönnimann (andi-cdist at v-net.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # All os variables are lower case # # if command -v uname >/dev/null 2>&1 ; then uname -m fi cdist/cdist/conf/explorer/machine_type000077500000000000000000000521511427155744700204760ustar00rootroot00000000000000#!/bin/sh -e # # 2021 Dennis Camera (cdist at dtnr.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # This explorer tries to determine what type of machine the target to be # configured is (container, virtual machine, bare-metal). # # It will print one line for each layer it can detect. # The format of all lines is: TYPE[ VERB VENDOR] # # VERB does not have a special meaning, it is just for better readability. # # e.g. # container # container on lxc # virtual by kvm-spapr # # The third word of each line (except the first) can be composed of different # parts concatenated with a `-' (minus) character, with each component being # a specification of the previous, e.g.: # - lxc-libvirt (LXC container, managed by libvirt) # - lpar-s390 / lpar-power (LPAR running on IBM S/390 or POWER, respectively) # - xen-hvm / xen-pv (Xen HVM vs para-virtualization) # # If this explorer cannot collect enough information about virtualization it # will fall back to 'physical'. # # Add /sbin and /usr/sbin to the path so we can find system # binaries like dmidecode. PATH=$(getconf PATH 2>/dev/null) || PATH='/usr/bin:/bin' PATH="/sbin:/usr/sbin:${PATH}" export PATH arch=$(uname -m | sed -e 's/i.86/i386/' -e 's/arm.*/arm/') uname_s=$(uname -s) is_command() { command -v "$1" >/dev/null 2>&1; } files_same() { # shellcheck disable=SC2012 LC_ALL=C df -P "$1" "$2" 2>/dev/null | { read -r _ # skip header line read -r fs1 _ _ _ _ mp1 read -r fs2 _ _ _ _ mp2 test "${fs1}" = "${fs2}" -a "${mp1}" = "${mp2}" || return 1 } && ls -1Ldi "$1" "$2" 2>/dev/null | { read -r ino1 _ read -r ino2 _ test "${ino1}" = "${ino2}" || return 1 } } is_oneof() ( x=$1; shift for y do test "${x}" = "${y}" || continue return 0 done return 1 ) tolower() { LC_ALL=C tr '[:upper:]' '[:lower:]'; } # shellcheck disable=SC2086 glob_exists() { set -- $1; test -e "$1"; } get_dmi_field() { if is_oneof "${uname_s}" NetBSD then case $1 in (system-manufacturer) _mib=machdep.dmi.system-vendor ;; (system-product-name) _mib=machdep.dmi.system-product ;; (system-version|system-uuid) _mib=machdep.dmi.$1 ;; (bios-vendor|bios-version) _mib=machdep.dmi.$1 ;; (biod-release-date) _mib=machdep.dmi.bios-date ;; (*) _mib= ;; esac test -n "${_mib}" && get_sysctl "${_mib}" | grep -e . && return fi if is_command dmidecode then dmidecode -s "$1" elif test -d "${dmi_sysfs-}" then case $1 in (system-manufacturer) _filename=sys_vendor ;; (system-product-name) _filename=product_name ;; (*) _filename=$(echo "$1" | tr - _) ;; esac if test -r "${dmi_sysfs-}/${_filename}" then cat "${dmi_sysfs}/${_filename}" fi unset _filename elif test "${uname_s}" = OpenBSD then # NOTE: something similar to system-manufacutrer and system-product-name # is available on OpenBSD in sysctl case $1 in (system-manufacturer) _mib=hw.vendor ;; (system-product-name) _mib=hw.product ;; (*) _mib= ;; esac test -n "${_mib}" && get_sysctl "${_mib}" | grep -e . && return fi return 1 } has_cpuinfo() { test -e /proc/cpuinfo; } get_sysctl() { is_command sysctl && sysctl -n "$1" 2>/dev/null } detected_layer() { test -n "${_toplayer:-}" || echo "${_toplayer:=${1:?}}" } # Check for chroot has_chroot_systemd() { is_command systemd-detect-virt && systemd-detect-virt --help | grep -q -e '^ -r' } check_chroot_systemd() { systemd-detect-virt -r } has_chroot_debian_ischroot() { is_command ischroot } check_chroot_debian_ischroot() { ischroot --default-false } has_chroot_procfs() { test -d /proc/ } check_chroot_procfs() ( is_chroot=false # default if test -e /proc/1/root && ! files_same /proc/1/root / then is_chroot=true fi if test -e /proc/1/mountinfo -a -e /proc/self/mountinfo then has_mountinfo=true cmp -s /proc/1/mountinfo /proc/self/mountinfo || is_chroot=true fi if ${is_chroot} then # try to determine where the chroot has been mounted rootdev=$(LC_ALL=C df -P / | awk 'NR==2{print $1}') if test -e "${rootdev}" then # escape chroot to determine where the device containing the # chroot's / is mounted rootdevmnt=$(LC_ALL=C chroot /proc/1/root df -P "${rootdev}" | awk 'NR==2{print $6}') # shellcheck disable=SC2012 root_ino=$(ls -1di / | awk '{print $1}') # escape chroot and find mount point by inode chroot /proc/1/root find "${rootdevmnt}" -xdev -type d -inum "${root_ino}" elif ${has_mountinfo} then while read -r mntid _ _ _ cmntpnt _ do read -r _ _ _ _ hmntpnt _ <<-EOF $(grep -e "^$((mntid)) " /proc/1/mountinfo) EOF printf '%s\n' "${hmntpnt%${cmntpnt}}" done /dev/null) && case ${_ctengine} in (''|'none') return 1 ;; ('container-other') return 0 ;; ('systemd-nspawn') echo systemd_nspawn ;; (*) echo "${_ctengine}" ;; esac ) has_ct_pid_1() { test -r /run/systemd/container -o -r /proc/1/environ } translate_container_name() { case $1 in ('lxc') echo lxc ;; ('lxc-libvirt') echo lxc-libvirt ;; ('podman') echo podman ;; ('systemd-nspawn') echo systemd_nspawn ;; (*) return 1 ;; esac return 0 } check_ct_pid_1() { if test -r /run/systemd/container then translate_container_name "$(head -n1 /run/systemd/container)" \ && return 0 fi if test -r /proc/1/environ then translate_container_name "$( LC_ALL=C tr '\000' '\n' /dev/null then # https://github.com/Microsoft/WSL/issues/423#issuecomment-221627364 echo wsl elif test -d /var/.cagefs then # https://docs.cloudlinux.com/cloudlinux_os_components/#cagefs # CageFS is not "really" a container, but it isn't a chroot either. echo cagefs elif test -e /proc/self/status && grep -q -e '^VxID: [0-9]\{1,\}' /proc/self/status then # Linux-VServer if grep -q -x -F 'VxID: 0' /proc/self/status then # host return 1 else # guest echo linux_vserver fi else return 1 fi } check_ct_os_specific() ( if jailed=$(get_sysctl security.jail.jailed) && test "${jailed}" = 1 then # FreeBSD jail echo jail return 0 fi if is_command zonename && test "$(zonename)" != global then # Solaris zone echo zone return 0 fi return 1 ) # Check for hypervisor guess_hypervisor_from_cpu_model() { case $1 in (*\ KVM\ *) echo kvm ;; (*\ QEMU\ *|QEMU\ *) echo qemu ;; (*) return 1 ;; esac } has_vm_systemd() { is_command systemd-detect-virt && systemd-detect-virt --help | grep -q -e '^ -v' } check_vm_systemd() ( _hypervisor=$(systemd-detect-virt -v 2>/dev/null) && case ${_hypervisor} in (''|'none') return 1 ;; ('amazon') echo aws ;; ('bochs') echo kvm ;; ('microsoft') # assumption echo hyperv ;; ('oracle') echo virtualbox ;; ('vm-other') return 0 ;; (*) echo "${_hypervisor}" ;; esac ) has_vm_cpuinfo() { has_cpuinfo; } check_vm_cpuinfo() { if grep -q -F 'User Mode Linux' /proc/cpuinfo \ || grep -q -F 'UML' /proc/cpuinfo then # User Mode Linux echo uml elif grep -q -e '^vendor_id.*: PowerVM Lx86' /proc/cpuinfo then # IBM PowerVM Lx86 (Linux/x86 emulator) echo powervm_lx86 elif grep -q -e '^vendor_id.*: IBM/S390' /proc/cpuinfo then # IBM SystemZ (S/390) if test -f /proc/sysinfo then if grep -q -e '^VM[0-9]* Control Program: KVM/Linux' /proc/sysinfo then echo kvm-s390 return 0 elif grep -q -e '^VM[0-9]* Control Program: z/VM' /proc/sysinfo then echo zvm return 0 elif grep -q -e '^LPAR ' /proc/sysinfo then echo zvm-lpar return 0 fi fi return 1 else if grep -q -e '^model name.*:' /proc/cpuinfo then sed -n -e 's/^model name[^:]*: *//p' /proc/cpuinfo \ | while read -r _cpu_model do guess_hypervisor_from_cpu_model "${_cpu_model}" done \ | sort \ | uniq -c \ | awk ' { if ($1 > most_c) { most_c = $1; most_s = $2 } } END { if (most_s) print most_s exit !most_s }' \ && return 0 fi return 1 fi } check_vm_arch_specific() { case ${arch} in (ppc64|ppc64le) # Check PPC64 LPAR, KVM # example /proc/cpuinfo line indicating 'not baremetal' # platform : pSeries # # example /proc/ppc64/lparcfg systemtype line # system_type=IBM pSeries (emulated by qemu) if has_cpuinfo && grep -q -e 'platform.**pSeries' /proc/cpuinfo then if test -e /proc/ppc64/lparcfg then # Assume LPAR, now detect shared or dedicated if grep -q -x -F 'shared_processor_mode=1' /proc/ppc64/lparcfg then echo powervm-shared return 0 else echo powervm-dedicated return 0 fi fi fi ;; (sparc*) # Check for SPARC LDoms if test -e /dev/mdesc then if test -d /sys/class/vlds/ctrl -a -d /sys/class/vlds/sp then # control LDom return 1 else # guest LDom echo ldom-sparc fi # MDPROP=/usr/lib/ldoms/mdprop.py # if test -x "${MDPROP}" # then # if test -n "$("${MDPROP}" -v iodevice device-type=pciex)" # then # echo ldoms-root # echo ldoms-io # elif test -n "$("${MDPROP}" -v iov-device vf-id=0)" # then # echo ldoms-io # fi # fi return 0 fi ;; (i?86|x86*|amd64|i86pc) # VMM CPUID flag denotes that this system is running under a VMM if is_oneof "${uname_s}" Darwin then get_sysctl machdep.cpu.features | tr ' ' '\n' | grep -qixF VMM \ && return 0 fi if has_cpuinfo \ && grep -q -i -e '^flags.*:.*\(hypervisor\|vmm\)' /proc/cpuinfo then return 0 fi ;; (ia64) if test -d /sys/bus/xen -a ! -d /sys/bus/xen-backend then # PV-on-HVM drivers installed in a Xen guest echo xen-hvm return 0 fi ;; esac return 1 } has_vm_dmi() { # Check for various products in SMBIOS/DMI. # Note that DMI doesn't exist on all architectures (only x86 and some ARM). # On other architectures the $dmi variable will be empty. if test -d /sys/class/dmi/id/ then dmi_sysfs=/sys/class/dmi/id elif test -d /sys/devices/virtual/dmi/id/ then dmi_sysfs=/sys/devices/virtual/dmi/id fi # shellcheck disable=SC2015 { is_command dmidecode \ && ( # dmidecode needs to exit 0 and not print the No SMBIOS/DMI line dmi_out=$(dmidecode 2>&1) \ && ! printf '%s\n' "${dmi_out}" \ | grep -qF 'No SMBIOS nor DMI entry point found, sorry.' ) \ || test -d "${dmi_sysfs}" } } check_vm_dmi() { case $(get_dmi_field system-product-name) in (*.metal) if test "$(get_dmi_field system-manufacturer)" = 'Amazon EC2' then # AWS EC2 bare metal -> no virtualisation return 1 fi ;; ('BHYVE') echo bhyve return 0 ;; ('Google Compute Engine') echo gce return 0 ;; ('RHEV Hypervisor') # Red Hat Enterprise Virtualization echo rhev return 0 ;; ('KVM'|'Bochs'|'KVM Virtual Machine') echo kvm return 0 ;; ('Parallels Virtual Platform') echo parallels return 0 ;; ('VirtualBox') echo virtualbox return 0 ;; ('VMware Virtual Platform') echo vmware return 0 ;; esac case $(get_dmi_field system-manufacturer) in ('Alibaba'*) case $(get_dmi_field system-product-name) in ('Alibaba Cloud ECS') echo alibaba-ecs ;; (*) echo alibaba ;; esac return 0 ;; ('Amazon EC2') # AWS on bare-metal or KVM echo aws-ec2 return 0 ;; ('innotek GmbH'|'Oracle Corporation') echo virtualbox return 0 ;; ('Joyent') if test "$(get_dmi_field system-product-name)" = 'SmartDC HVM' then # SmartOS KVM echo kvm-smartdc_hvm return 0 fi ;; ('Microsoft Corporation'*) if test "$(get_dmi_field system-product-name)" = 'Virtual Machine' then if test -e /proc/irq/7/hyperv \ || expr "$(get_dmi_field bios-version)" : 'VRTUAL.*' >/dev/null then echo hyperv return 0 fi case $(get_dmi_field system-version) in (VPC[0-9]*|VS2005*|*[Vv]irtual*[Pp][Cc]*) echo virtualpc return 0 ;; (*) echo hyperv return 0 ;; esac fi ;; ('Nutanix') # Nutanix AHV. Similar to KVM. if test "$(get_dmi_field system-product-name)" = 'AHV' then echo nutanix_ahv return 0 fi ;; ('oVirt') echo ovirt return 0 ;; ('Parallels Software International Inc.') echo parallels return 0 ;; ('QEMU') echo qemu return 0 ;; ('VMware, Inc.') echo vmware return 0 ;; esac case $(get_dmi_field bios-vendor) in ('Amazon EC2') # AWS on bare-metal or KVM echo aws-ec2 return 0 ;; ('BHYVE') echo bhyve return 0 ;; ('innotek GmbH') echo virtualbox return 0 ;; ('Parallels Software International Inc.') echo parallels return 0 ;; ('Xen') if get_dmi_field bios-version | grep -q -e '\([0-9]\{1,\}\.\)\{2\}amazon' then # AWS on Xen echo aws-xen return 0 fi ;; esac return 1 } check_vm_hyp_specific() { if is_command vmware-checkvm && vmware-checkvm >/dev/null then # vmware-checkvm is provided by VMware's open-vm-tools echo vmware return 0 elif test -d /proc/xen then test -r /proc/xen/capabilities && if grep -q -F 'control_d' /proc/xen/capabilities 2>/dev/null then # Xen dom0 return 1 else # Xen domU echo xen return 0 fi fi return 1 } has_vm_dt() { # OpenFirmware/Das U-Boot device-tree test -d /proc/device-tree } check_vm_dt() { case ${arch} in (arm|aarch64) if test -r /proc/device-tree/hypervisor/compatible then if grep -q -F 'xen' /proc/device-tree/hypervisor/compatible then echo xen return 0 elif grep -q -F 'vmware' /proc/device-tree/hypervisor/compatible then # e.g. VMware ESXi on ARM echo vmware return 0 fi fi if glob_exists /proc/device-tree/fw-cfg@*/compatible then # qemu,fw-cfg-mmio sed -e 's/,.*$//' /proc/device-tree/fw-cfg@*/compatible | head -n1 return 0 fi if grep -q -F 'dummy-virt' /proc/device-tree/compatible then echo lkvm return 0 fi ;; (ppc64*) if test -d /proc/device-tree/hypervisor \ && grep -qF 'linux,kvm' /proc/device-tree/hypervisor/compatible then # We are running as a spapr KVM guest on ppc64 echo kvm-spapr return 0 fi if test -r /proc/device-tree/ibm,partition-name \ && test -r /proc/device-tree/hmc-managed\? \ && test -r /proc/device-tree/chosen/qemu,graphic-width then echo powervm fi ;; esac return 1 } has_vm_sys_hypervisor() { test -d /sys/hypervisor/ } check_vm_sys_hypervisor() { test -r /sys/hypervisor/type && case $(head -n1 /sys/hypervisor/type) in (xen) # Ordinary kernel with pv_ops. There does not seem to be # enough information at present to tell whether this is dom0 # or domU. echo xen return 0 ;; esac return 1 } check_vm_os_specific() { _hyp_generic=false case ${uname_s} in (Darwin) if hv_vmm_present=$(get_sysctl kern.hv_vmm_present) \ && test "${hv_vmm_present}" -ne 0 then _hyp_generic=true fi ;; (FreeBSD) # FreeBSD does not have /proc/cpuinfo even when procfs is used. # Instead there is a sysctl kern.vm_guest. # Which is 'none' if physical, else the virtualisation. vm_guest=$(get_sysctl kern.vm_guest | tolower) && case ${vm_guest} in (none) ;; (generic) _hyp_generic=true ;; (*) # kernel could detect hypervisor case ${vm_guest} in (hv) echo hyperv ;; (vbox) echo virtualbox ;; (*) echo "${vm_guest}" ;; esac return 0 ;; esac ;; (NetBSD) machdep_hv=$(get_sysctl machdep.hypervisor | tolower) && case ${machdep_hv} in (none) ;; (generic) _hyp_generic=true ;; (*) # kernel could detect hypervisor case ${machdep_hv} in (hyper-v) echo hyperv ;; (xenhvm*) echo xen-hvm ;; (xenpv*) echo xen-pv ;; (xen*) echo xen ;; (*) echo "${machdep_hv}" ;; esac return 0 ;; esac ;; (OpenBSD) if is_command hostctl && glob_exists /dev/pvbus[0-9]* then for _pvbus in /dev/pvbus[0-9]* do _h_out=$(hostctl -f "${_pvbus}" -t 2>/dev/null) || continue case $(expr "${_h_out}" : '[^:]*: *\(.*\)$') in (KVM) echo kvm ;; (Hyper-V) echo hyperv ;; (VMware) echo vmware ;; (Xen) echo xen ;; (bhyve) echo bhyve ;; (OpenBSD) echo openbsd_vmm ;; esac return 0 done fi ;; (SunOS) diag_conf=$(prtdiag | sed -n -e 's/.*Configuration: *//p' -e '/^$/q') # NOTE: Don't use -e or -F in Solaris grep if printf '%s\n' "${diag_conf}" | grep -q -i QEMU then echo qemu return 0 elif printf '%s\n' "${diag_conf}" | grep -q -i VMware then echo vmware return 0 fi ;; (Linux) if is_command dmesg then while read -r line do case ${line} in ('Booting paravirtualized kernel on ') case $(expr "${line}" : '.* kernel on \(.*\)') in ('Xen') echo xen-pv; return 0 ;; ('bare hardware') return 1 ;; esac ;; ('Hypervisor detected') case $(expr "${line}" : '.*: *\(.*\)') in ('ACRN') echo acrn ;; ('Jailhouse') echo jailhouse ;; ('KVM') echo kvm ;; ('Microsoft Hyper-V') echo hyperv ;; ('VMware') echo vmware ;; ('Xen HVM') echo xen-hvm ;; ('Xen PV') echo xen-pv ;; esac return 0 ;; (lpar:*' under hypervisor') return 0 ;; esac done <<-EOF $(dmesg 2>/dev/null | awk ' /Booting paravirtualized kernel on / /Hypervisor detected: / /lpar: .* under hypervisor/ ') EOF fi esac # Try to guess hypervisor based on CPU model (sysctl hw.model if available) if cpu_model=$(get_sysctl hw.model) then guess_hypervisor_from_cpu_model "${cpu_model}" && return 0 fi if ${_hyp_generic} then # cannot say which hypervisor, but one was detected return 0 else return 1 fi } run_stage() { if type "has_$1_$2" >/dev/null 2>&1 then "has_$1_$2" else true fi \ && "check_$1_$2" } # Execute chroot stages for stage in \ procfs debian_ischroot systemd do chrootpnt=$(run_stage chroot ${stage}) || continue is_chrooted=true detected_layer 'chroot' if test -n "${chrootpnt}" then echo chroot at "${chrootpnt}" break fi done if ${is_chrooted:-false} && test -z "${chrootpnt}" then # could determine chroot, but not its mount point echo chroot fi # Execute container stages for stage in \ systemd pid_1 cgroup files os_specific do ctengine=$(run_stage ct ${stage}) || continue detected_layer 'container' is_contained=true if test -n "${ctengine}" then echo container on "${ctengine}" break fi done if ${is_contained:-false} && test -z "${ctengine}" then # none of the stages could determine the specific container engine, but # we are running in some container. echo container fi # Execute virtual machine / hypervisor stages for stage in \ systemd os_specific hyp_specific sys_hypervisor dt dmi cpuinfo arch_specific do hypervisor=$(run_stage vm ${stage}) || continue detected_layer 'virtual machine' is_virtual=true if test -n "${hypervisor}" then echo virtual by "${hypervisor}" break fi done if ${is_virtual:-false} && test -z "${hypervisor}" then # none of the stages could determine the specific hypervisor, but # we are virtual. echo virtual fi # Fallback detected_layer physical cdist/cdist/conf/explorer/memory000077500000000000000000000057411427155744700173440ustar00rootroot00000000000000#!/bin/sh -e # # 2014 Daniel Heule (hda at sfs.biz) # 2014 Thomas Oettli (otho at sfs.biz) # Copyright 2017, Philippe Gregoire # 2020 Dennis Camera # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # Returns the amount of memory physically installed in the system, or if that # cannot be determined the amount available to the operating system kernel, # in kibibytes (kiB). str2bytes() { awk -F' ' ' $2 == "B" || !$2 { print $1 } $2 == "kB" { printf "%.f\n", ($1 * 1000) } $2 == "MB" { printf "%.f\n", ($1 * 1000 * 1000) } $2 == "GB" { printf "%.f\n", ($1 * 1000 * 1000 * 1000) } $2 == "TB" { printf "%.f\n", ($1 * 1000 * 1000 * 1000 * 1000) } $2 == "kiB" { printf "%.f\n", ($1 * 1024) } $2 == "MiB" { printf "%.f\n", ($1 * 1024 * 1024) } $2 == "GiB" { printf "%.f\n", ($1 * 1024 * 1024 * 1024) } $2 == "TiB" { printf "%.f\n", ($1 * 1024 * 1024 * 1024 * 1024) }' } bytes2kib() { awk '$0 > 0 { printf "%.f\n", ($0 / 1024) }' } case $(uname -s) in (Darwin) sysctl -n hw.memsize | bytes2kib ;; (FreeBSD) sysctl -n hw.realmem | bytes2kib ;; (NetBSD|OpenBSD) # NOTE: This reports "usable" memory, not physically installed memory. command -p sysctl -n hw.physmem | bytes2kib ;; (SunOS) # Make sure that awk from xpg4 is used for the scripts to work export PATH="/usr/xpg4/bin:${PATH}" prtconf \ | awk -F ': ' ' $1 == "Memory size" { sub(/Megabytes/, "MiB", $2); print $2 } /^$/ { exit }' \ | str2bytes \ | bytes2kib ;; (Linux) if test -d /sys/devices/system/memory then # Use memory blocks if the architecture (e.g. x86, PPC64, s390) # supports them (they denote physical memory) num_mem_blocks=$(cat /sys/devices/system/memory/memory[0-9]*/state | grep -cxF online) mem_block_size=$(cat /sys/devices/system/memory/block_size_bytes) echo $((num_mem_blocks * 0x$mem_block_size)) | bytes2kib && exit fi if test -r /proc/meminfo then # Fall back to meminfo file on other architectures (e.g. ARM, MIPS, # PowerPC) # NOTE: This is "usable" memory, not physically installed memory. awk -F ': +' '$1 == "MemTotal" { sub(/B$/, "iB", $2); print $2 }' /proc/meminfo \ | str2bytes \ | bytes2kib fi ;; (*) printf "Your kernel (%s) is currently not supported by the memory explorer\n" "$(uname -s)" >&2 printf "Please contribute an implementation for it if you can.\n" >&2 exit 1 ;; esac cdist/cdist/conf/explorer/os000077500000000000000000000067351427155744700164610ustar00rootroot00000000000000#!/bin/sh # # 2010-2011 Nico Schottelius (nico-cdist at schottelius.org) # Copyright 2017, Philippe Gregoire # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # All os variables are lower case. Keep this file in alphabetical # order by os variable except in cases where order otherwise matters, # in which case keep the primary os and its derivatives together in # a block (see Debian and Redhat examples below). # if grep -q ^Amazon /etc/system-release 2>/dev/null; then echo amazon exit 0 fi if [ -f /etc/arch-release ]; then echo archlinux exit 0 fi if [ -f /etc/cdist-preos ]; then echo cdist-preos exit 0 fi if [ -d /gnu/store ]; then echo guixsd exit 0 fi ### Debian and derivatives if grep -q ^DISTRIB_ID=Ubuntu /etc/lsb-release 2>/dev/null; then echo ubuntu exit 0 fi # devuan ascii has both devuan_version and debian_version, so we need to check devuan_version first! if [ -f /etc/devuan_version ]; then echo devuan exit 0 fi if [ -f /etc/debian_version ]; then echo debian exit 0 fi ### if [ -f /etc/gentoo-release ]; then echo gentoo exit 0 fi if [ -f /etc/openwrt_version ]; then echo openwrt exit 0 fi if [ -f /etc/owl-release ]; then echo owl exit 0 fi ### Redhat and derivatives if grep -q ^Scientific /etc/redhat-release 2>/dev/null; then echo scientific exit 0 fi if grep -q ^CentOS /etc/redhat-release 2>/dev/null; then echo centos exit 0 fi if grep -q ^Fedora /etc/redhat-release 2>/dev/null; then echo fedora exit 0 fi if grep -q ^Mitel /etc/redhat-release 2>/dev/null; then echo mitel exit 0 fi if [ -f /etc/redhat-release ]; then echo redhat exit 0 fi ### if [ -f /etc/SuSE-release ]; then echo suse exit 0 fi if [ -f /etc/slackware-version ]; then echo slackware exit 0 fi # Appliances if grep -q '^Check Point Gaia' /etc/cp-release 2>/dev/null; then echo checkpoint exit 0 fi uname_s="$(uname -s)" # Assume there is no tr on the client -> do lower case ourselves case "$uname_s" in Darwin) echo macosx exit 0 ;; NetBSD) echo netbsd exit 0 ;; FreeBSD) echo freebsd exit 0 ;; OpenBSD) echo openbsd exit 0 ;; SunOS) echo solaris exit 0 ;; esac if [ -f /etc/os-release ]; then # after sles15, suse don't provide an /etc/SuSE-release anymore, but there is almost no difference between sles and opensuse leap, so call it suse # shellcheck disable=SC1091 if (. /etc/os-release && echo "${ID_LIKE}" | grep -q '\(^\|\ \)suse\($\|\ \)') then echo suse exit 0 fi # already lowercase, according to: # https://www.freedesktop.org/software/systemd/man/os-release.html awk -F= '/^ID=/ { if ($2 ~ /^'"'"'(.*)'"'"'$/ || $2 ~ /^"(.*)"$/) { print substr($2, 2, length($2) - 2) } else { print $2 } }' /etc/os-release exit 0 fi echo "Unknown OS" >&2 exit 1 cdist/cdist/conf/explorer/os_release000066400000000000000000000023221427155744700201420ustar00rootroot00000000000000#!/bin/sh # # 2018 Adam Dej (dejko.a at gmail.com) # 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # See os-release(5) and http://0pointer.de/blog/projects/os-release if test -f /etc/os-release then # Linux and FreeBSD (usually a symlink) cat /etc/os-release elif test -f /usr/lib/os-release then # systemd cat /usr/lib/os-release elif test -f /var/run/os-release then # FreeBSD (created by os-release service) cat /var/run/os-release elif test -f /etc/cp-release then # Checkpoint firewall or management (actually linux based) cat /etc/cp-release fi cdist/cdist/conf/explorer/os_version000077500000000000000000000106571427155744700202240ustar00rootroot00000000000000#!/bin/sh -e # # 2010-2011 Nico Schottelius (nico-cdist at schottelius.org) # 2020-2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # All os variables are lower case # rc_getvar() { awk -F= -v varname="$2" ' function unquote(s) { if (s ~ /^".*"$/ || s ~ /^'\''.*'\''$/) return substr(s, 2, length(s) - 2) else return s } $1 == varname { print unquote(substr($0, index($0, "=") + 1)) }' "$1" } case $("${__explorer:?}/os") in amazon) cat /etc/system-release ;; archlinux) # empty, but well... cat /etc/arch-release ;; checkpoint) awk '{version=$NF; printf("%s\n", substr(version, 2))}' /etc/cp-release ;; debian) debian_version=$(cat /etc/debian_version) case $debian_version in testing/unstable) # previous to Debian 4.0 testing/unstable was used # cf. https://metadata.ftp-master.debian.org/changelogs/main/b/base-files/base-files_11_changelog echo 3.99 ;; */sid) # sid versions don't have a number, so we decode by codename: case $(expr "$debian_version" : '\([a-z]\{1,\}\)/') in trixie) echo 12.99 ;; bookworm) echo 11.99 ;; bullseye) echo 10.99 ;; buster) echo 9.99 ;; stretch) echo 8.99 ;; jessie) echo 7.99 ;; wheezy) echo 6.99 ;; squeeze) echo 5.99 ;; lenny) echo 4.99 ;; *) echo 99.99 ;; esac ;; *) echo "$debian_version" ;; esac ;; devuan) devuan_version=$(cat /etc/devuan_version) case ${devuan_version} in (*/ceres) # ceres versions don't have a number, so we decode by codename: case ${devuan_version} in (chimaera/ceres) echo 3.99 ;; (beowulf/ceres) echo 2.99 ;; (ascii/ceres) echo 1.99 ;; (*) exit 1 esac ;; (*) echo "${devuan_version}" ;; esac ;; fedora) cat /etc/fedora-release ;; gentoo) cat /etc/gentoo-release ;; macosx) # NOTE: Legacy versions (< 10.3) do not support options sw_vers | awk -F ':[ \t]+' '$1 == "ProductVersion" { print $2 }' ;; freebsd) # Apparently uname -r is not a reliable way to get the patch level. # See: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251743 if command -v freebsd-version >/dev/null 2>&1 then # get userland version freebsd-version -u else # fallback to kernel release for FreeBSD < 10.0 uname -r fi ;; *bsd|solaris) uname -r ;; openwrt) cat /etc/openwrt_version ;; owl) cat /etc/owl-release ;; redhat|centos|mitel|scientific) cat /etc/redhat-release ;; slackware) cat /etc/slackware-version ;; suse) if [ -f /etc/os-release ]; then cat /etc/os-release else cat /etc/SuSE-release fi ;; ubuntu) if command -v lsb_release >/dev/null 2>&1 then lsb_release -sr elif test -r /usr/lib/os-release then # fallback to /usr/lib/os-release if lsb_release is not present (like # on minimized Ubuntu installations) rc_getvar /usr/lib/os-release VERSION_ID elif test -r /etc/lsb-release then # extract DISTRIB_RELEASE= variable from /etc/lsb-release on old # versions without /usr/lib/os-release. rc_getvar /etc/lsb-release DISTRIB_RELEASE fi ;; alpine) cat /etc/alpine-release ;; esac cdist/cdist/conf/explorer/runlevel000077500000000000000000000014771427155744700176720ustar00rootroot00000000000000#!/bin/sh # # 2012 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # set +e executable=$(command -v runlevel) if [ -x "$executable" ]; then "$executable" | awk '{ print $2 }' fi cdist/cdist/conf/manifest/000077500000000000000000000000001427155744700160455ustar00rootroot00000000000000cdist/cdist/conf/manifest/sample-from-distribution000077500000000000000000000034161427155744700227360ustar00rootroot00000000000000## # ## # Sample manifest from cdist distribution ## # ## ## # Every machine becomes a marker, so sysadmins know that automatic ## # configurations are happening ## __file /etc/cdist-configured ## __cdistmarker ## ## case "$__target_host" in ## # Everybody has this ## localhost) ## require="__file/etc/cdist-configured" __link /tmp/cdist-testfile \ ## --source /etc/cdist-configured --type symbolic ## require="__directory/tmp/cdist-test-dir" __file /tmp/cdist-test-dir/test-file \ ## --mode 0750 --owner nobody --group root ## __directory /tmp/cdist-test-dir --mode 4777 ## ## require="__file/etc/cdist-configured __link/tmp/cdist-testfile" \ ## __file /tmp/cdist-another-testfile ## ## ;; ## ## # ## # Use an alias in /etc/hosts for localhost to use these hosts: ## # ## # 127.0.0.1 localhost.localdomain localhost cdist-archlinux ## # ## cdist-archlinux) ## # This is the specific package type for pacman ## __package_pacman zsh --state installed ## ## # The __package type autoselect the right type based on the os ## __package vim --state installed ## ## # If the type is a singleton, it does not take an object id ## __issue ## ;; ## # This is how it would look like on gentoo ## cdist-gentoo) ## # Same stuff for gentoo ## __package tree --state installed ## ;; ## ## cdist-debian) ## __package_apt atop --state installed ## __package apache2 --state removed ## ;; ## ## cdist-redhat) ## __issue ## __motd ## ;; ## ## # Real machines may be used with their hostname or fqdn, ## # depending on how you call cdist ## # ... ## # ;; ## # machine.example.org) ## # ... ## # ;; ## esac cdist/cdist/conf/type/000077500000000000000000000000001427155744700152205ustar00rootroot00000000000000cdist/cdist/conf/type/__acl/000077500000000000000000000000001427155744700162555ustar00rootroot00000000000000cdist/cdist/conf/type/__acl/explorer/000077500000000000000000000000001427155744700201155ustar00rootroot00000000000000cdist/cdist/conf/type/__acl/explorer/acl_is000077500000000000000000000017011427155744700212740ustar00rootroot00000000000000#!/bin/sh -e # # 2018 Ander Punnar (ander-at-kvlt-dot-ee) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # [ ! -e "/$__object_id" ] && exit 0 if ! command -v getfacl > /dev/null then echo 'getfacl not available' >&2 exit 1 fi getfacl "/$__object_id" 2>/dev/null \ | grep -Eo '^(default:)?(user|group|(mask|other):):[^:][[:graph:]]+' \ || true cdist/cdist/conf/type/__acl/explorer/file_is000077500000000000000000000016021427155744700214540ustar00rootroot00000000000000#!/bin/sh -e # # 2018 Ander Punnar (ander-at-kvlt-dot-ee) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # if [ -e "/$__object_id" ] then if [ -d "/$__object_id" ] then echo directory elif [ -f "/$__object_id" ] then echo regular else echo other fi else echo missing fi cdist/cdist/conf/type/__acl/explorer/getent000077500000000000000000000001461427155744700213320ustar00rootroot00000000000000#!/bin/sh -e getent passwd | awk -F: '{print "user:"$1}' getent group | awk -F: '{print "group:"$1}' cdist/cdist/conf/type/__acl/gencode-remote000077500000000000000000000075511427155744700211100ustar00rootroot00000000000000#!/bin/sh -e # # 2018 Ander Punnar (ander-at-kvlt-dot-ee) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # file_is="$( cat "$__object/explorer/file_is" )" if [ "$file_is" = 'missing' ] \ && [ -z "$__cdist_dry_run" ] \ && [ ! -f "$__object/parameter/file" ] \ && [ ! -f "$__object/parameter/directory" ] then exit 0 fi os="$( cat "$__global/explorer/os" )" acl_path="/$__object_id" acl_is="$( cat "$__object/explorer/acl_is" )" if [ -f "$__object/parameter/source" ] then acl_source="$( cat "$__object/parameter/source" )" if [ "$acl_source" = '-' ] then acl_should="$( cat "$__object/stdin" )" else acl_should="$( grep -Ev '^#|^$' "$acl_source" )" fi elif [ -f "$__object/parameter/entry" ] then acl_should="$( cat "$__object/parameter/entry" )" else echo 'no parameters set' >&2 exit 1 fi # instead of setfacl's non-helpful message "Option -m: Invalid argument near character X" # let's check if target has necessary users and groups, since mistyped or missing # users/groups in target is most common reason. echo "$acl_should" \ | grep -Po '(user|group):[^:]+' \ | sort -u \ | while read -r l do if ! grep "$l" -Fxq "$__object/explorer/getent" then echo "no $l' in target" | sed "s/:/ '/" >&2 exit 1 fi done if [ -f "$__object/parameter/default" ] then acl_should="$( echo "$acl_should" \ | sed 's/^default://' \ | sort -u \ | sed 's/\(.*\)/default:\1\n\1/' )" fi if [ "$file_is" = 'regular' ] \ && echo "$acl_should" | grep -Eq '^default:' then # only directories can have default ACLs, # but instead of error, # let's just remove default entries acl_should="$( echo "$acl_should" | grep -Ev '^default:' )" fi if echo "$acl_should" | awk -F: '{ print $NF }' | grep -Fq 'X' then [ "$file_is" = 'directory' ] && rep=x || rep=- acl_should="$( echo "$acl_should" | sed "s/\\(.*\\)X/\\1$rep/" )" fi setfacl_exec='setfacl' if [ -f "$__object/parameter/recursive" ] then if echo "$os" | grep -Fq 'freebsd' then echo "$os setfacl do not support recursive operations" >&2 else setfacl_exec="$setfacl_exec -R" fi fi if [ -f "$__object/parameter/remove" ] then echo "$acl_is" | while read -r acl do # skip wanted ACL entries which already exist # and skip mask and other entries, because we # can't actually remove them, but only change. if echo "$acl_should" | grep -Eq "^$acl" \ || echo "$acl" | grep -Eq '^(default:)?(mask|other)' then continue fi if echo "$os" | grep -Fq 'freebsd' then remove="$acl" else remove="$( echo "$acl" | sed 's/:...$//' )" fi echo "$setfacl_exec -x \"$remove\" \"$acl_path\"" echo "removed '$remove'" >> "$__messages_out" done fi for acl in $acl_should do if ! echo "$acl_is" | grep -Eq "^$acl" then if echo "$os" | grep -Fq 'freebsd' \ && echo "$acl" | grep -Eq '^default:' then echo "setting default ACL in $os is currently not supported" >&2 else echo "$setfacl_exec -m \"$acl\" \"$acl_path\"" echo "added '$acl'" >> "$__messages_out" fi fi done cdist/cdist/conf/type/__acl/man.rst000066400000000000000000000050521427155744700175640ustar00rootroot00000000000000cdist-type__acl(7) ================== NAME ---- cdist-type__acl - Set ACL entries DESCRIPTION ----------- Fully supported and tested on Linux (ext4 filesystem), partial support for FreeBSD. See ``setfacl`` and ``acl`` manpages for more details. One of ``--entry`` or ``--source`` must be used. OPTIONAL MULTIPLE PARAMETERS ---------------------------- entry Set ACL entry following ``getfacl`` output syntax. Must be used if ``--source`` is not used. OPTIONAL PARAMETERS ------------------- source Read ACL entries from stdin or file. Ordering of entries is not important. When reading from file, comments and empty lines are ignored. Must be used if ``--entry`` is not used. file Create/change file with ``__file`` using ``user:group:mode`` pattern. directory Create/change directory with ``__directory`` using ``user:group:mode`` pattern. BOOLEAN PARAMETERS ------------------ default Set all ACL entries as default too. Only directories can have default ACLs. Setting default ACL in FreeBSD is currently not supported. recursive Make ``setfacl`` recursive (Linux only), but not ``getfacl`` in explorer. remove Remove undefined ACL entries. ``mask`` and ``other`` entries can't be removed, but only changed. EXAMPLES -------- .. code-block:: sh __acl /srv/project \ --default \ --recursive \ --remove \ --entry user:alice:rwx \ --entry user:bob:r-x \ --entry group:project-group:rwx \ --entry group:some-other-group:r-x \ --entry mask::r-x \ --entry other::r-x # give Alice read-only access to subdir, # but don't allow her to see parent content. __acl /srv/project2 \ --remove \ --entry default:group:secret-project:rwx \ --entry group:secret-project:rwx \ --entry user:alice:--x __acl /srv/project2/subdir \ --default \ --remove \ --entry group:secret-project:rwx \ --entry user:alice:r-x # read acl from stdin echo 'user:alice:rwx' \ | __acl /path/to/directory --source - # create/change directory too __acl /path/to/directory \ --default \ --remove \ --directory root:root:770 \ --entry user:nobody:rwx AUTHORS ------- Ander Punnar COPYING ------- Copyright \(C) 2018 Ander Punnar. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__acl/manifest000077500000000000000000000005211427155744700200070ustar00rootroot00000000000000#!/bin/sh -e for p in file directory do [ ! -f "$__object/parameter/$p" ] && continue "__$p" "/$__object_id" \ --owner "$( awk -F: '{print $1}' "$__object/parameter/$p" )" \ --group "$( awk -F: '{print $2}' "$__object/parameter/$p" )" \ --mode "$( awk -F: '{print $3}' "$__object/parameter/$p" )" done cdist/cdist/conf/type/__acl/parameter/000077500000000000000000000000001427155744700202355ustar00rootroot00000000000000cdist/cdist/conf/type/__acl/parameter/boolean000066400000000000000000000000311427155744700215710ustar00rootroot00000000000000recursive default remove cdist/cdist/conf/type/__acl/parameter/optional000066400000000000000000000000261427155744700220030ustar00rootroot00000000000000source file directory cdist/cdist/conf/type/__acl/parameter/optional_multiple000066400000000000000000000000061427155744700237140ustar00rootroot00000000000000entry cdist/cdist/conf/type/__apt_backports/000077500000000000000000000000001427155744700203525ustar00rootroot00000000000000cdist/cdist/conf/type/__apt_backports/man.rst000066400000000000000000000046101427155744700216600ustar00rootroot00000000000000cdist-type__debian_backports(7) =============================== NAME ---- cdist-type__apt_backports - Install backports DESCRIPTION ----------- This singleton type installs backports for the current OS release. It aborts if backports are not supported for the specified OS or no version codename could be fetched (like Debian unstable). The package index will be automatically updated if required. It supports backports from following OSes: - Debian - Devuan - Ubuntu REQUIRED PARAMETERS ------------------- None. OPTIONAL PARAMETERS ------------------- state Represents the state of the backports repository. ``present`` or ``absent``, defaults to ``present``. Will be directly passed to :strong:`cdist-type__apt_source`\ (7). mirror The mirror to fetch the backports from. Will defaults to the generic mirror of the current OS. Will be directly passed to :strong:`cdist-type__apt_source`\ (7). BOOLEAN PARAMETERS ------------------ None. MESSAGES -------- None. EXAMPLES -------- .. code-block:: sh # setup the backports __apt_backports __apt_backports --state absent __apt_backports --state present --mirror "http://ftp.de.debian.org/debian/" # install a backports package # currently for the buster release backports require="__apt_backports" __package_apt wireguard \ --target-release buster-backports ABORTS ------ Aborts if the detected os is not Debian. Aborts if no distribuition codename could be detected. This is common for the unstable distribution, but there is no backports repository for it already. CAVEATS ------- For Ubuntu, it setup all componenents for the backports repository: ``main``, ``restricted``, ``universe`` and ``multiverse``. The user may not want to install proprietary packages, which will only be installed if the user explicitly uses the backports target-release. The user may change this behavior to install backports packages without the need of explicitly select it. SEE ALSO -------- `Official Debian Backports site `_ :strong:`cdist-type__apt_source`\ (7) AUTHORS ------- Matthias Stecher COPYING ------- Copyright \(C) 2020 Matthias Stecher. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__apt_backports/manifest000077500000000000000000000044631427155744700221150ustar00rootroot00000000000000#!/bin/sh -e # __apt_backports/manifest # # 2020 Matthias Stecher (matthiasstecher at gmx.de) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Enables/disables backports repository. Utilises __apt_source for it. # # Get the distribution codename by /etc/os-release. # is already executed in a subshell by string substitution # lsb_release may not be given in all installations codename_os_release() { # shellcheck disable=SC1090 # shellcheck disable=SC1091 . "$__global/explorer/os_release" printf "%s" "$VERSION_CODENAME" } # detect backport distribution os="$(cat "$__global/explorer/os")" case "$os" in debian) dist="$( codename_os_release )" components="main" mirror="http://deb.debian.org/debian/" ;; devuan) dist="$( codename_os_release )" components="main" mirror="http://deb.devuan.org/merged" ;; ubuntu) dist="$( codename_os_release )" components="main restricted universe multiverse" mirror="http://archive.ubuntu.com/ubuntu" ;; *) printf "Backports for %s are not supported!\n" "$os" >&2 exit 1 ;; esac # error if no codename given (e.g. on Debian unstable) if [ -z "$dist" ]; then printf "No backports for unkown version of distribution %s!\n" "$os" >&2 exit 1 fi # parameters state="$(cat "$__object/parameter/state")" # mirror already set for the os, only override user-values if [ -f "$__object/parameter/mirror" ]; then mirror="$(cat "$__object/parameter/mirror")" fi # install the given backports repository __apt_source "${dist}-backports" \ --state "$state" \ --distribution "${dist}-backports" \ --component "$components" \ --uri "$mirror" cdist/cdist/conf/type/__apt_backports/parameter/000077500000000000000000000000001427155744700223325ustar00rootroot00000000000000cdist/cdist/conf/type/__apt_backports/parameter/default/000077500000000000000000000000001427155744700237565ustar00rootroot00000000000000cdist/cdist/conf/type/__apt_backports/parameter/default/state000066400000000000000000000000101427155744700250100ustar00rootroot00000000000000present cdist/cdist/conf/type/__apt_backports/parameter/optional000066400000000000000000000000151427155744700240760ustar00rootroot00000000000000state mirror cdist/cdist/conf/type/__apt_backports/singleton000066400000000000000000000000001427155744700222650ustar00rootroot00000000000000cdist/cdist/conf/type/__apt_default_release/000077500000000000000000000000001427155744700215065ustar00rootroot00000000000000cdist/cdist/conf/type/__apt_default_release/man.rst000066400000000000000000000017111427155744700230130ustar00rootroot00000000000000cdist-type__apt_default_release(7) ================================== NAME ---- cdist-type__apt_default_release - Configure the default release for apt DESCRIPTION ----------- Configure the default release for apt, using the APT::Default-Release configuration value. REQUIRED PARAMETERS ------------------- release The value to set APT::Default-Release to. This can contain release name, codename or release version. Examples: 'stable', 'testing', 'unstable', 'stretch', 'buster', '4.0', '5.0*'. OPTIONAL PARAMETERS ------------------- None. EXAMPLES -------- .. code-block:: sh __apt_default_release --release stretch AUTHORS ------- Matthijs Kooijman COPYING ------- Copyright \(C) 2017 Matthijs Kooijman. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__apt_default_release/manifest000077500000000000000000000023761427155744700232520ustar00rootroot00000000000000#!/bin/sh -e # # 2014 Steven Armstrong (steven-cdist at armstrong.cc) # 2017 Matthijs Kooijman (matthijs at stdin.nl) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # os=$(cat "$__global/explorer/os") release="$(cat "$__object/parameter/release")" case "$os" in ubuntu|debian|devuan) __file /etc/apt/apt.conf.d/99-default-release \ --owner root --group root --mode 644 \ --source - << DONE APT::Default-Release "$release"; DONE ;; *) cat >&2 << DONE The developer of this type (${__type##*/}) did not think your operating system ($os) would have any use for it. If you think otherwise please submit a patch. DONE exit 1 ;; esac cdist/cdist/conf/type/__apt_default_release/parameter/000077500000000000000000000000001427155744700234665ustar00rootroot00000000000000cdist/cdist/conf/type/__apt_default_release/parameter/required000066400000000000000000000000101427155744700252200ustar00rootroot00000000000000release cdist/cdist/conf/type/__apt_default_release/singleton000066400000000000000000000000001427155744700234210ustar00rootroot00000000000000cdist/cdist/conf/type/__apt_key/000077500000000000000000000000001427155744700171525ustar00rootroot00000000000000cdist/cdist/conf/type/__apt_key/explorer/000077500000000000000000000000001427155744700210125ustar00rootroot00000000000000cdist/cdist/conf/type/__apt_key/explorer/state000077500000000000000000000030051427155744700220560ustar00rootroot00000000000000#!/bin/sh # # 2011-2014 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Get the current state of the apt key. # if [ -f "$__object/parameter/keyid" ]; then keyid="$(cat "$__object/parameter/keyid")" else keyid="$__object_id" fi # From apt-key(8): # Use of apt-key is deprecated, except for the use of apt-key del in # maintainer scripts to remove existing keys from the main keyring. # If such usage of apt-key is desired the additional installation of # the GNU Privacy Guard suite (packaged in gnupg) is required. if [ -f "${__object}/parameter/use-deprecated-apt-key" ]; then if apt-key export "$keyid" | head -n 1 | grep -Fqe "BEGIN PGP PUBLIC KEY BLOCK" then echo present else echo absent fi exit fi keydir="$(cat "$__object/parameter/keydir")" keyfile="$keydir/$__object_id.gpg" if [ -f "$keyfile" ] then echo present exit fi echo absent cdist/cdist/conf/type/__apt_key/gencode-remote000077500000000000000000000060221427155744700217750ustar00rootroot00000000000000#!/bin/sh -e # # 2011-2014 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # if [ -f "$__object/parameter/keyid" ]; then keyid="$(cat "$__object/parameter/keyid")" else keyid="$__object_id" fi state_should="$(cat "$__object/parameter/state")" state_is="$(cat "$__object/explorer/state")" method="$(cat "$__object/key_method")" keydir="$(cat "$__object/parameter/keydir")" keyfile="$keydir/$__object_id.gpg" case "$state_should" in present) keyserver="$(cat "$__object/parameter/keyserver")" # Using __download or __file as key source # Propagate messages if needed if [ "${method}" = "uri" ] || [ "${method}" = "source" ]; then if grep -Eq "^__(file|download)$keyfile" "$__messages_in"; then echo "added '$keyid'" >> "$__messages_out" fi exit 0 elif [ "${state_is}" = "present" ]; then exit 0 fi # Using key servers to fetch the key if [ ! -f "$__object/parameter/use-deprecated-apt-key" ]; then # we need to kill gpg after 30 seconds, because gpg # can get stuck if keyserver is not responding. # exporting env var and not exit 1, # because we need to clean up and kill dirmngr. cat << EOF gpgtmphome="\$( mktemp -d )" if timeout 30s \\ gpg --homedir "\$gpgtmphome" \\ --keyserver "$keyserver" \\ --recv-keys "$keyid" then gpg --homedir "\$gpgtmphome" \\ --export "$keyid" \\ > "$keyfile" else export GPG_GOT_STUCK=1 fi GNUPGHOME="\$gpgtmphome" gpgconf --kill dirmngr rm -rf "\$gpgtmphome" if [ -n "\$GPG_GOT_STUCK" ] then echo "GPG GOT STUCK - no response from keyserver after 30 seconds" >&2 exit 1 fi EOF else # fallback to deprecated apt-key echo "apt-key adv --keyserver \"$keyserver\" --recv-keys \"$keyid\"" fi echo "added '$keyid'" >> "$__messages_out" ;; absent) # Removal for keys added from a keyserver without this flag # is done in the manifest if [ "$state_is" != "absent" ] && \ [ -f "$__object/parameter/use-deprecated-apt-key" ]; then # fallback to deprecated apt-key echo "apt-key del \"$keyid\"" echo "removed '$keyid'" >> "$__messages_out" # Propagate messages if needed elif grep -Eq "^__file$keyfile" "$__messages_in"; then echo "removed '$keyid'" >> "$__messages_out" fi ;; esac cdist/cdist/conf/type/__apt_key/man.rst000066400000000000000000000064161427155744700204660ustar00rootroot00000000000000cdist-type__apt_key(7) ====================== NAME ---- cdist-type__apt_key - Manage the list of keys used by apt DESCRIPTION ----------- Manages the list of keys used by apt to authenticate packages. This is done by placing the requested key in a file named ``$__object_id.gpg`` in the ``keydir`` directory. This is supported by modern releases of Debian-based distributions. In order of preference, exactly one of: ``source``, ``uri`` or ``keyid`` must be specified. REQUIRED PARAMETERS ------------------- None. OPTIONAL PARAMETERS ------------------- keydir keyring directory, defaults to ``/etc/apt/trusted.pgp.d``, which is enabled system-wide by default. source path to a file containing the GPG key of the repository. Using this is recommended as it ensures that the manifest/type manintainer has validated the key. If ``-``, the GPG key is read from the type's stdin. state 'present' or 'absent'. Defaults to 'present' uri the URI from which to download the key. It is highly recommended that you only use protocols with TLS like HTTPS. This uses ``__download`` but does not use checksums, if you want to ensure that the key doesn't change, you are better off downloading it and using ``--source``. DEPRECATED OPTIONAL PARAMETERS ------------------------------ keyid the id of the key to download from the ``keyserver``. This is to be used in absence of ``--source`` and ``--uri`` or together with ``--use-deprecated-apt-key`` for key removal. Defaults to ``$__object_id``. keyserver the keyserver from which to fetch the key. Defaults to ``pool.sks-keyservers.net``. DEPRECATED BOOLEAN PARAMETERS ----------------------------- use-deprecated-apt-key ``apt-key(8)`` will last be available in Debian 11 and Ubuntu 22.04. You can use this parameter to force usage of ``apt-key(8)``. Please only use this parameter to *remove* keys from the keyring, in order to prepare for removal of ``apt-key``. Adding keys should be done without this parameter. This parameter will be removed when Debian 11 stops being supported. EXAMPLES -------- .. code-block:: sh # add a key that has been verified by a type maintainer __apt_key jitsi_meet_2021 \ --source cdist-contrib/type/__jitsi_meet/files/apt_2021.gpg # remove an old, deprecated or expired key __apt_key jitsi_meet_2016 --state absent # Get rid of a key that might have been added to # /etc/apt/trusted.gpg with apt-key __apt_key 0x40976EAF437D05B5 --use-deprecated-apt-key --state absent # add a key that we define in-line __apt_key jitsi_meet_2021 --source '-' < Ander Punnar Evilham COPYING ------- Copyright \(C) 2011-2021 Steven Armstrong, Ander Punnar and Evilham. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__apt_key/manifest000077500000000000000000000051061427155744700207100ustar00rootroot00000000000000#!/bin/sh -e __package gnupg state_should="$(cat "${__object}/parameter/state")" incompatible_args() { cat >> /dev/stderr <<-EOF This type does not support --${1} and --${method} simultaneously. EOF exit 1 } if [ -f "${__object}/parameter/source" ]; then method="source" src="$(cat "${__object}/parameter/source")" if [ "${src}" = "-" ]; then src="${__object}/stdin" fi fi if [ -f "${__object}/parameter/uri" ]; then if [ -n "${method}" ]; then incompatible_args uri fi method="uri" src="$(cat "${__object}/parameter/uri")" fi if [ -f "${__object}/parameter/keyid" ]; then if [ -n "${method}" ]; then incompatible_args keyid fi method="keyid" fi # Keep old default if [ -z "${method}" ]; then method="keyid" fi # Save this for later in gencode-remote echo "${method}" > "${__object}/key_method" # Required remotely (most likely already installed) __package dirmngr # We need this in case a key has to be dearmor'd __package gnupg export require="__package/gnupg" if [ -f "${__object}/parameter/use-deprecated-apt-key" ]; then # This is required if apt-key(8) is to be used if [ "${method}" = "source" ] || [ "${method}" = "uri" ]; then incompatible_args use-deprecated-apt-key fi else if [ "${state_should}" = "absent" ] && \ [ -f "${__object}/parameter/keyid" ]; then cat >> /dev/stderr <. # # # Get the current state of the apt key. # if [ -f "$__object/parameter/name" ]; then name="$(cat "$__object/parameter/name")" else name="$__object_id" fi apt-key list 2> /dev/null | grep -Fqe "$name" \ && echo present \ || echo absent cdist/cdist/conf/type/__apt_key_uri/gencode-remote000077500000000000000000000024351427155744700226600ustar00rootroot00000000000000#!/bin/sh -e # # 2011-2014 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # if [ -f "$__object/parameter/name" ]; then name="$(cat "$__object/parameter/name")" else name="$__object_id" fi state_should="$(cat "$__object/parameter/state")" state_is="$(cat "$__object/explorer/state")" if [ "$state_should" = "$state_is" ]; then # nothing to do exit 0 fi case "$state_should" in present) uri="$(cat "$__object/parameter/uri")" printf 'curl -s -L "%s" | apt-key add -\n' "$uri" ;; absent) cat << DONE keyid=\$(apt-key list | grep -B1 "$name" | awk '/pub/ { print \$2 }' | cut -d'/' -f 2) apt-key del \$keyid DONE ;; esac cdist/cdist/conf/type/__apt_key_uri/man.rst000066400000000000000000000020331427155744700213340ustar00rootroot00000000000000cdist-type__apt_key_uri(7) ========================== NAME ---- cdist-type__apt_key_uri - Add apt key from uri DESCRIPTION ----------- Download a key from an uri and add it to the apt keyring. REQUIRED PARAMETERS ------------------- uri the uri from which to download the key OPTIONAL PARAMETERS ------------------- state 'present' or 'absent', defaults to 'present' name a name for this key, used when testing if it is already installed. Defaults to __object_id EXAMPLES -------- .. code-block:: sh __apt_key_uri rabbitmq \ --name 'RabbitMQ Release Signing Key ' \ --uri http://www.rabbitmq.com/rabbitmq-signing-key-public.asc \ --state present AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2011-2014 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__apt_key_uri/manifest000077500000000000000000000013431427155744700215660ustar00rootroot00000000000000#!/bin/sh -e # # 2013-2014 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # __package curl cdist/cdist/conf/type/__apt_key_uri/parameter/000077500000000000000000000000001427155744700220115ustar00rootroot00000000000000cdist/cdist/conf/type/__apt_key_uri/parameter/default/000077500000000000000000000000001427155744700234355ustar00rootroot00000000000000cdist/cdist/conf/type/__apt_key_uri/parameter/default/state000066400000000000000000000000101427155744700244670ustar00rootroot00000000000000present cdist/cdist/conf/type/__apt_key_uri/parameter/optional000066400000000000000000000000131427155744700235530ustar00rootroot00000000000000state name cdist/cdist/conf/type/__apt_key_uri/parameter/required000066400000000000000000000000041427155744700235460ustar00rootroot00000000000000uri cdist/cdist/conf/type/__apt_mark/000077500000000000000000000000001427155744700173145ustar00rootroot00000000000000cdist/cdist/conf/type/__apt_mark/explorer/000077500000000000000000000000001427155744700211545ustar00rootroot00000000000000cdist/cdist/conf/type/__apt_mark/explorer/apt_version000077500000000000000000000020071427155744700234320ustar00rootroot00000000000000#!/bin/sh -e # # 2016 Ander Punnar (cdist at kvlt.ee) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # apt_version_is=$(dpkg-query --show --showformat '${Version}' apt) # from APT changelog: # apt (0.8.14.2) UNRELEASED; urgency=low # provide a 'dpkg --set-selections' wrapper to set/release holds apt_version_should=0.8.14.2 dpkg --compare-versions "$apt_version_should" le "$apt_version_is" \ && echo 0 \ || echo 1 cdist/cdist/conf/type/__apt_mark/explorer/package_installed000077500000000000000000000016671427155744700245460ustar00rootroot00000000000000#!/bin/sh -e # # 2016 Ander Punnar (cdist at kvlt.ee) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # if [ -f "$__object/parameter/name" ]; then name="$(cat "$__object/parameter/name")" else name="$__object_id" fi dpkg-query --show --showformat '${Status}' "$name" 2>/dev/null \ | grep -Fq 'ok installed' \ && echo 0 \ || echo 1 cdist/cdist/conf/type/__apt_mark/explorer/state000077500000000000000000000015711427155744700222260ustar00rootroot00000000000000#!/bin/sh -e # # 2016 Ander Punnar (cdist at kvlt.ee) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # if [ -f "$__object/parameter/name" ]; then name="$(cat "$__object/parameter/name")" else name="$__object_id" fi apt-mark showhold | grep -Fq "$name" && echo hold || echo unhold cdist/cdist/conf/type/__apt_mark/gencode-remote000077500000000000000000000026321427155744700221420ustar00rootroot00000000000000#!/bin/sh -e # # 2016 Ander Punnar (cdist at kvlt.ee) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # if [ -f "$__object/parameter/name" ]; then name="$(cat "$__object/parameter/name")" else name="$__object_id" fi apt_version="$(cat "$__object/explorer/apt_version")" if [ "$apt_version" != '0' ]; then echo 'APT version not supported' >&2 exit 1 fi package_installed="$(cat "$__object/explorer/package_installed")" if [ "$package_installed" != '0' ]; then exit 0 fi state_should="$(cat "$__object/parameter/state")" state_is="$(cat "$__object/explorer/state")" if [ "$state_should" = "$state_is" ]; then exit 0 fi case "$state_should" in hold|unhold) echo "apt-mark $state_should $name > /dev/null" ;; *) echo "Unknown state: $state_should" >&2 exit 1 ;; esac cdist/cdist/conf/type/__apt_mark/man.rst000066400000000000000000000015071427155744700206240ustar00rootroot00000000000000cdist-type__apt_mark(7) ======================= NAME ---- cdist-type__apt_mark - set package state as 'hold' or 'unhold' DESCRIPTION ----------- See apt-mark(8) for details. REQUIRED PARAMETERS ------------------- state Either "hold" or "unhold". OPTIONAL PARAMETERS ------------------- name If supplied, use the name and not the object id as the package name. EXAMPLES -------- .. code-block:: sh # hold package __apt_mark quagga --state hold # unhold package __apt_mark quagga --state unhold AUTHORS ------- Ander Punnar COPYING ------- Copyright \(C) 2016 Ander Punnar. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__apt_mark/parameter/000077500000000000000000000000001427155744700212745ustar00rootroot00000000000000cdist/cdist/conf/type/__apt_mark/parameter/optional000066400000000000000000000000051427155744700230370ustar00rootroot00000000000000name cdist/cdist/conf/type/__apt_mark/parameter/required000066400000000000000000000000061427155744700230330ustar00rootroot00000000000000state cdist/cdist/conf/type/__apt_norecommends/000077500000000000000000000000001427155744700210535ustar00rootroot00000000000000cdist/cdist/conf/type/__apt_norecommends/man.rst000066400000000000000000000014541427155744700223640ustar00rootroot00000000000000cdist-type__apt_norecommends(7) =============================== NAME ---- cdist-type__apt_norecommends - Configure apt to not install recommended packages DESCRIPTION ----------- Configure apt to not install any recommended or suggested packages. REQUIRED PARAMETERS ------------------- None. OPTIONAL PARAMETERS ------------------- None. EXAMPLES -------- .. code-block:: sh __apt_norecommends AUTHORS ------- Steven Armstrong Dennis Camera COPYING ------- Copyright \(C) 2014 Steven Armstrong, 2020 Dennis Camera. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__apt_norecommends/manifest000077500000000000000000000027721427155744700226170ustar00rootroot00000000000000#!/bin/sh -e # # 2014 Steven Armstrong (steven-cdist at armstrong.cc) # 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # os=$(cat "${__global:?}/explorer/os") case ${os} in (ubuntu|debian|devuan) __file /etc/apt/apt.conf.d/00InstallRecommends --state present \ --owner root --group root --mode 0644 --source - <<-'EOF' APT::Install-Recommends "false"; APT::Install-Suggests "false"; APT::AutoRemove::RecommendsImportant "false"; APT::AutoRemove::SuggestsImportant "false"; EOF # TODO: Remove the following object after some time require=__file/etc/apt/apt.conf.d/00InstallRecommends \ __file /etc/apt/apt.conf.d/99-no-recommends --state absent ;; (*) cat >&2 < COPYING ------- Copyright \(C) 2021 Daniel Fancsali. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__apt_pin/manifest000077500000000000000000000031471427155744700207110ustar00rootroot00000000000000#!/bin/sh -e # # 2021 Daniel Fancsali (fancsali@gmail.com) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # name="$__object_id" os=$(cat "$__global/explorer/os") state="$(cat "$__object/parameter/state")" if [ -f "$__object/parameter/package" ]; then package="$(cat "$__object/parameter/package")" else package=$name fi distribution="$(cat "$__object/parameter/distribution")" priority="$(cat "$__object/parameter/priority")" case "$os" in debian|ubuntu|devuan) ;; *) printf "This type is specific to Debian and it's derivatives" >&2 exit 1 ;; esac case $distribution in stable|testing|unstable|experimental) pin="release a=$distribution" ;; *) pin="release n=$distribution" ;; esac __file "/etc/apt/preferences.d/$name" \ --owner root --group root --mode 0644 \ --state "$state" \ --source - << EOF # Created by cdist ${__type##*/} # Do not change. Changes will be overwritten. # # $name Package: $package Pin: $pin Pin-Priority: $priority EOF cdist/cdist/conf/type/__apt_pin/nonparallel000066400000000000000000000000001427155744700213700ustar00rootroot00000000000000cdist/cdist/conf/type/__apt_pin/parameter/000077500000000000000000000000001427155744700211305ustar00rootroot00000000000000cdist/cdist/conf/type/__apt_pin/parameter/default/000077500000000000000000000000001427155744700225545ustar00rootroot00000000000000cdist/cdist/conf/type/__apt_pin/parameter/default/priority000066400000000000000000000000041427155744700243520ustar00rootroot00000000000000500 cdist/cdist/conf/type/__apt_pin/parameter/default/state000066400000000000000000000000101427155744700236060ustar00rootroot00000000000000present cdist/cdist/conf/type/__apt_pin/parameter/optional000066400000000000000000000000271427155744700226770ustar00rootroot00000000000000state package priority cdist/cdist/conf/type/__apt_pin/parameter/required000066400000000000000000000000151427155744700226670ustar00rootroot00000000000000distribution cdist/cdist/conf/type/__apt_ppa/000077500000000000000000000000001427155744700171425ustar00rootroot00000000000000cdist/cdist/conf/type/__apt_ppa/explorer/000077500000000000000000000000001427155744700210025ustar00rootroot00000000000000cdist/cdist/conf/type/__apt_ppa/explorer/state000077500000000000000000000020141427155744700220450ustar00rootroot00000000000000#!/bin/sh # # 2011 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Get the current state of the ppa. # name="$__object_id" # shellcheck disable=SC1091 . /etc/lsb-release repo_name="${name#ppa:}" repo_file_name="$(echo "$repo_name" | sed -e 's|[/:]|-|' -e 's|\.|_|')-${DISTRIB_CODENAME}.list" [ -s "/etc/apt/sources.list.d/${repo_file_name}" ] \ && echo present || echo absent cdist/cdist/conf/type/__apt_ppa/gencode-remote000077500000000000000000000020641427155744700217670ustar00rootroot00000000000000#!/bin/sh -e # # 2011 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # name="$__object_id" state_should="$(cat "$__object/parameter/state")" state_is="$(cat "$__object/explorer/state")" if [ "$state_should" = "$state_is" ]; then # Nothing to do, move along exit 0 fi case "$state_should" in present) echo "add-apt-repository -y '$name'" ;; absent) echo "add-apt-repository -r -y '$name'" ;; esac cdist/cdist/conf/type/__apt_ppa/man.rst000066400000000000000000000017301427155744700204500ustar00rootroot00000000000000cdist-type__apt_ppa(7) ====================== NAME ---- cdist-type__apt_ppa - Manage ppa repositories DESCRIPTION ----------- This cdist type allows manage ubuntu ppa repositories. REQUIRED PARAMETERS ------------------- state The state the ppa should be in, either 'present' or 'absent'. Defaults to 'present' OPTIONAL PARAMETERS ------------------- None. EXAMPLES -------- .. code-block:: sh # Enable a ppa repository __apt_ppa ppa:sans-intern/missing-bits # same as __apt_ppa ppa:sans-intern/missing-bits --state present # Disable a ppa repository __apt_ppa ppa:sans-intern/missing-bits --state absent AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2011-2014 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__apt_ppa/manifest000077500000000000000000000014461427155744700207030ustar00rootroot00000000000000#!/bin/sh -e # # 2011-2016 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # __package software-properties-common require="$__object_name" __apt_update_index cdist/cdist/conf/type/__apt_ppa/parameter/000077500000000000000000000000001427155744700211225ustar00rootroot00000000000000cdist/cdist/conf/type/__apt_ppa/parameter/default/000077500000000000000000000000001427155744700225465ustar00rootroot00000000000000cdist/cdist/conf/type/__apt_ppa/parameter/default/state000066400000000000000000000000101427155744700236000ustar00rootroot00000000000000present cdist/cdist/conf/type/__apt_ppa/parameter/optional000066400000000000000000000000061427155744700226660ustar00rootroot00000000000000state cdist/cdist/conf/type/__apt_source/000077500000000000000000000000001427155744700176625ustar00rootroot00000000000000cdist/cdist/conf/type/__apt_source/files/000077500000000000000000000000001427155744700207645ustar00rootroot00000000000000cdist/cdist/conf/type/__apt_source/files/source.list.template000077500000000000000000000004101427155744700247710ustar00rootroot00000000000000#!/bin/sh set -u entry="$uri $distribution $component" cat << DONE # Created by cdist ${__type##*/} # Do not change. Changes will be overwritten. # # $name deb ${options} $entry DONE if [ -f "$__object/parameter/include-src" ]; then echo "deb-src $entry" fi cdist/cdist/conf/type/__apt_source/gencode-remote000077500000000000000000000032111427155744700225020ustar00rootroot00000000000000#!/bin/sh -e # # 2018 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # name="$__object_id" destination="/etc/apt/sources.list.d/${name}.list" # There are special arguments to apt(8) to prevent aborts if apt woudn't been # updated after the 19th April 2021 till the bullseye release. The additional # arguments acknoledge the happend suite change (the apt(8) update does the # same by itself). # # Using '-o $config' instead of the --allow-releaseinfo-change-* parameter # allows backward compatablility to pre-buster Debian versions. # # See more: ticket #861 # https://code.ungleich.ch/ungleich-public/cdist/-/issues/861 apt_opts="-o Acquire::AllowReleaseInfoChange::Suite=true -o Acquire::AllowReleaseInfoChange::Version=true" # run 'apt-get update' only if something changed with our sources.list file # it will be run a second time on error as a redundancy messure to success if grep -q "^__file${destination}" "$__messages_in"; then printf 'apt-get %s update || apt-get %s update\n' "$apt_opts" "$apt_opts" fi cdist/cdist/conf/type/__apt_source/man.rst000066400000000000000000000033011427155744700211640ustar00rootroot00000000000000cdist-type__apt_source(7) ========================= NAME ---- cdist-type__apt_source - Manage apt sources DESCRIPTION ----------- This cdist type allows you to manage apt sources. It invokes index update internally when needed so call of index updating type is not needed. REQUIRED PARAMETERS ------------------- uri the uri to the apt repository OPTIONAL PARAMETERS ------------------- arch set this if you need to force and specific arch (ubuntu specific) signed-by provide a GPG key fingerprint or keyring path for signature checks state 'present' or 'absent', defaults to 'present' distribution the distribution codename to use. Defaults to DISTRIB_CODENAME from the targets /etc/lsb-release component space delimited list of components to enable. Defaults to an empty string. BOOLEAN PARAMETERS ------------------ include-src include deb-src entries EXAMPLES -------- .. code-block:: sh __apt_source rabbitmq \ --uri http://www.rabbitmq.com/debian/ \ --distribution testing \ --component main \ --include-src \ --state present __apt_source canonical_partner \ --uri http://archive.canonical.com/ \ --component partner --state present __apt_source goaccess \ --uri http://deb.goaccess.io/ \ --component main \ --signed-by C03B48887D5E56B046715D3297BD1A0133449C3D AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2011-2018 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__apt_source/manifest000077500000000000000000000032761427155744700214260ustar00rootroot00000000000000#!/bin/sh -e # # 2011-2018 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # name="$__object_id" state="$(cat "$__object/parameter/state")" uri="$(cat "$__object/parameter/uri")" if [ -f "$__object/parameter/distribution" ]; then distribution="$(cat "$__object/parameter/distribution")" else distribution="$(cat "$__global/explorer/lsb_codename")" fi component="$(cat "$__object/parameter/component")" if [ -f "$__object/parameter/arch" ]; then options="arch=$(cat "$__object/parameter/arch")" fi if [ -f "$__object/parameter/signed-by" ]; then options="$options signed-by=$(cat "$__object/parameter/signed-by")" fi if [ "$options" ]; then options="[$options]" fi # export variables for use in template export name export uri export distribution export component export options # generate file from template mkdir "$__object/files" "$__type/files/source.list.template" > "$__object/files/source.list" __file "/etc/apt/sources.list.d/${name}.list" \ --source "$__object/files/source.list" \ --owner root --group root --mode 0644 \ --state "$state" cdist/cdist/conf/type/__apt_source/nonparallel000066400000000000000000000000001427155744700221020ustar00rootroot00000000000000cdist/cdist/conf/type/__apt_source/parameter/000077500000000000000000000000001427155744700216425ustar00rootroot00000000000000cdist/cdist/conf/type/__apt_source/parameter/boolean000066400000000000000000000000141427155744700231770ustar00rootroot00000000000000include-src cdist/cdist/conf/type/__apt_source/parameter/default/000077500000000000000000000000001427155744700232665ustar00rootroot00000000000000cdist/cdist/conf/type/__apt_source/parameter/default/component000066400000000000000000000000001427155744700252010ustar00rootroot00000000000000cdist/cdist/conf/type/__apt_source/parameter/default/state000066400000000000000000000000101427155744700243200ustar00rootroot00000000000000present cdist/cdist/conf/type/__apt_source/parameter/optional000066400000000000000000000000541427155744700234110ustar00rootroot00000000000000state distribution component arch signed-by cdist/cdist/conf/type/__apt_source/parameter/required000066400000000000000000000000041427155744700233770ustar00rootroot00000000000000uri cdist/cdist/conf/type/__apt_unattended_upgrades/000077500000000000000000000000001427155744700224075ustar00rootroot00000000000000cdist/cdist/conf/type/__apt_unattended_upgrades/man.rst000066400000000000000000000034751427155744700237250ustar00rootroot00000000000000cdist-type__apt_unattended_upgrades(7) ====================================== NAME ---- cdist-type__apt_unattended_upgrades - automatic installation of updates DESCRIPTION ----------- Install and configure unattended-upgrades package. For more information see https://wiki.debian.org/UnattendedUpgrades. OPTIONAL MULTIPLE PARAMETERS ---------------------------- option Set options for unattended-upgrades. See examples. Supported options with default values (as of 2020-01-17) are: - AutoFixInterruptedDpkg, default is "true" - MinimalSteps, default is "true" - InstallOnShutdown, default is "false" - Mail, default is "" (empty) - MailOnlyOnError, default is "false" - Remove-Unused-Kernel-Packages, default is "true" - Remove-New-Unused-Dependencies, default is "true" - Remove-Unused-Dependencies, default is "false" - Automatic-Reboot, default is "false" - Automatic-Reboot-WithUsers, default is "true" - Automatic-Reboot-Time, default is "02:00" - SyslogEnable, default is "false" - SyslogFacility, default is "daemon" - OnlyOnACPower, default is "true" - Skip-Updates-On-Metered-Connections, default is "true" - Verbose, default is "false" - Debug, default is "false" blacklist Python regular expressions, matching packages to exclude from upgrading. EXAMPLES -------- .. code-block:: sh __apt_unattended_upgrades \ --option Mail=root \ --option MailOnlyOnError=true \ --blacklist multipath-tools \ --blacklist open-iscsi AUTHORS ------- Ander Punnar COPYING ------- Copyright \(C) 2020 Ander Punnar. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__apt_unattended_upgrades/manifest000077500000000000000000000040631427155744700241460ustar00rootroot00000000000000#!/bin/sh -e # # 2020 Ander Punnar (ander-at-kvlt-dot-ee) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # __package unattended-upgrades export require='__package/unattended-upgrades' # in normal circumstances 20auto-upgrades is managed # by debconf and it can only contain these lines __file /etc/apt/apt.conf.d/20auto-upgrades \ --owner root \ --group root \ --mode 644 \ --source - << EOF APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Unattended-Upgrade "1"; EOF # lets not write into upstream 50unattended-upgrades file, # but use our own config file to avoid clashes conf_file='/etc/apt/apt.conf.d/51unattended-upgrades-cdist' conf='# this file is managed by cdist' if [ -f "$__object/parameter/option" ] then o='' while read -r l do o="$( printf '%s\nUnattended-Upgrade::%s "%s";\n' "$o" "${l%%=*}" "${l#*=}" )" done \ < "$__object/parameter/option" conf="$( printf '%s\n%s\n' "$conf" "$o" )" fi if [ -f "$__object/parameter/blacklist" ] then b='Unattended-Upgrade::Package-Blacklist {' while read -r l do b="$( printf '%s\n"%s";\n' "$b" "$l" )" done \ < "$__object/parameter/blacklist" conf="$( printf '%s\n%s\n}\n' "$conf" "$b" )" fi if [ "$( echo "$conf" | wc -l )" -gt 1 ] then echo "$conf" \ | __file "$conf_file" \ --owner root \ --group root \ --mode 644 \ --source - else __file "$conf_file" --state absent fi cdist/cdist/conf/type/__apt_unattended_upgrades/parameter/000077500000000000000000000000001427155744700243675ustar00rootroot00000000000000cdist/cdist/conf/type/__apt_unattended_upgrades/parameter/optional_multiple000066400000000000000000000000211427155744700300430ustar00rootroot00000000000000option blacklist cdist/cdist/conf/type/__apt_unattended_upgrades/singleton000066400000000000000000000000001427155744700243220ustar00rootroot00000000000000cdist/cdist/conf/type/__apt_update_index/000077500000000000000000000000001427155744700210335ustar00rootroot00000000000000cdist/cdist/conf/type/__apt_update_index/gencode-remote000077500000000000000000000031301427155744700236530ustar00rootroot00000000000000#!/bin/sh -e # # 2011 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # There are special arguments to apt(8) to prevent aborts if apt woudn't been # updated after the 19th April 2021 till the bullseye release. The additional # arguments acknoledge the happend suite change (the apt(8) update does the # same by itself). # # Using '-o $config' instead of the --allow-releaseinfo-change-* parameter # allows backward compatablility to pre-buster Debian versions. # # See more: ticket #861 # https://code.ungleich.ch/ungleich-public/cdist/-/issues/861 apt_opts="-o Acquire::AllowReleaseInfoChange::Suite=true -o Acquire::AllowReleaseInfoChange::Version=true" # run 'apt-get update' if anything in /etc/apt is newer then /var/lib/apt/lists # it will be run a second time on error as a redundancy messure to success cat << DONE if find /etc/apt -mindepth 1 -cnewer /var/lib/apt/lists | grep . > /dev/null; then apt-get $apt_opts update || apt-get $apt_opts update fi DONE cdist/cdist/conf/type/__apt_update_index/man.rst000066400000000000000000000013251427155744700223410ustar00rootroot00000000000000cdist-type__apt_update_index(7) =============================== NAME ---- cdist-type__apt_update_index - Update apt's package index DESCRIPTION ----------- This cdist type runs apt-get update whenever any apt sources have changed. REQUIRED PARAMETERS ------------------- None. OPTIONAL PARAMETERS ------------------- None. EXAMPLES -------- .. code-block:: sh __apt_update_index AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2011 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__apt_update_index/singleton000066400000000000000000000000001427155744700227460ustar00rootroot00000000000000cdist/cdist/conf/type/__block/000077500000000000000000000000001427155744700166105ustar00rootroot00000000000000cdist/cdist/conf/type/__block/explorer/000077500000000000000000000000001427155744700204505ustar00rootroot00000000000000cdist/cdist/conf/type/__block/explorer/block000077500000000000000000000024451427155744700214750ustar00rootroot00000000000000#!/bin/sh # # 2013 Steven Armstrong (steven-cdist armstrong.cc) # 2014 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # file="$(cat "$__object/parameter/file" 2>/dev/null || echo "/$__object_id")" # file does not exist, nothing we could do [ -f "$file" ] || exit 0 prefix=$(cat "$__object/parameter/prefix" 2>/dev/null || echo "#cdist:__block/$__object_id") suffix=$(cat "$__object/parameter/suffix" 2>/dev/null || echo "#/cdist:__block/$__object_id") awk -v prefix="^$prefix\$" -v suffix="^$suffix\$" '{ if (match($0,prefix)) { triggered=1 } if (triggered) { if (match($0,suffix)) { triggered=0 } print } }' "$file" cdist/cdist/conf/type/__block/gencode-remote000077500000000000000000000046131427155744700214370ustar00rootroot00000000000000#!/bin/sh -e # # 2013 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # quote function from http://www.etalabs.net/sh_tricks.html quote() { printf '%s\n' "$1" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/'/" } file="$(cat "$__object/parameter/file" 2>/dev/null || echo "/$__object_id")" state_should=$(cat "$__object/parameter/state") prefix=$(cat "$__object/parameter/prefix" 2>/dev/null || echo "#cdist:__block/$__object_id") suffix=$(cat "$__object/parameter/suffix" 2>/dev/null || echo "#/cdist:__block/$__object_id") block="$__object/files/block" if [ ! -s "$__object/explorer/block" ]; then state_is='absent' else state_is=$(diff -q "$block" "$__object/explorer/block" >/dev/null \ && echo present \ || echo changed ) fi state_should="$(cat "$__object/parameter/state")" if [ "$state_should" = "$state_is" ]; then # Nothing to do, move along exit 0 fi remove_block() { cat << DONE tmpfile=\$(mktemp ${quoted_file}.cdist.XXXXXXXXXX) # preserve ownership and permissions of existing file if [ -f $quoted_file ]; then cp -p $quoted_file "\$tmpfile" fi awk -v prefix=$(quote "$prefix") -v suffix=$(quote "$suffix") ' { if (\$0 == prefix) { triggered=1 } if (triggered) { if (\$0 == suffix) { triggered=0 } } else { print } }' $quoted_file > "\$tmpfile" mv -f "\$tmpfile" $quoted_file DONE } quoted_file="$(quote "$file")" case "$state_should" in present) if [ "$state_is" = "changed" ]; then echo update >> "$__messages_out" remove_block else echo add >> "$__messages_out" fi cat << DONE cat >> $quoted_file << '${__type##*/}_DONE' $(cat "$block") ${__type##*/}_DONE DONE ;; absent) echo remove >> "$__messages_out" remove_block ;; esac cdist/cdist/conf/type/__block/man.rst000066400000000000000000000030471427155744700201210ustar00rootroot00000000000000cdist-type__block(7) ==================== NAME ---- cdist-type__block - Manage blocks of text in files DESCRIPTION ----------- Manage a block of text in an existing file. The block is identified using the prefix and suffix parameters. Everything between prefix and suffix is considered to be a managed block of text. REQUIRED PARAMETERS ------------------- text the text to manage. If text is '-' (dash), take what was written to stdin as the text. OPTIONAL PARAMETERS ------------------- file the file in which to manage the text block. Defaults to object_id. prefix the prefix to add before the text. Defaults to #cdist:__block/$__object_id suffix the suffix to add after the text. Defaults to #/cdist:__block/$__object_id state 'present' or 'absent', defaults to 'present' MESSAGES -------- add block was added update block was updated/changed remove block was removed EXAMPLES -------- .. code-block:: sh # text from argument __block /path/to/file \ --prefix '#start' \ --suffix '#end' \ --text 'some\nblock of\ntext' # text from stdin __block some-id \ --file /path/to/file \ --text - << DONE here some block of text DONE AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2013 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__block/manifest000077500000000000000000000022621427155744700203460ustar00rootroot00000000000000#!/bin/sh -e # # 2013-2014 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # prefix=$(cat "$__object/parameter/prefix" 2>/dev/null || echo "#cdist:__block/$__object_id") suffix=$(cat "$__object/parameter/suffix" 2>/dev/null || echo "#/cdist:__block/$__object_id") text=$(cat "$__object/parameter/text") mkdir "$__object/files" # Generate text block for inclusion in file block="$__object/files/block" echo "$prefix" > "$block" if [ "$text" = "-" ]; then cat "$__object/stdin" >> "$block" else echo "$text" >> "$block" fi echo "$suffix" >> "$block" cdist/cdist/conf/type/__block/parameter/000077500000000000000000000000001427155744700205705ustar00rootroot00000000000000cdist/cdist/conf/type/__block/parameter/default/000077500000000000000000000000001427155744700222145ustar00rootroot00000000000000cdist/cdist/conf/type/__block/parameter/default/state000066400000000000000000000000101427155744700232460ustar00rootroot00000000000000present cdist/cdist/conf/type/__block/parameter/optional000066400000000000000000000000311427155744700223320ustar00rootroot00000000000000file prefix state suffix cdist/cdist/conf/type/__block/parameter/required000066400000000000000000000000051427155744700223260ustar00rootroot00000000000000text cdist/cdist/conf/type/__ccollect_source/000077500000000000000000000000001427155744700206665ustar00rootroot00000000000000cdist/cdist/conf/type/__ccollect_source/explorer/000077500000000000000000000000001427155744700225265ustar00rootroot00000000000000cdist/cdist/conf/type/__ccollect_source/explorer/cksum000077500000000000000000000020101427155744700235670ustar00rootroot00000000000000#!/bin/sh # # 2011-2012 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Retrieve the md5sum of a file to be created, if it is already existing. # destination="/$__object_id" if [ -e "$destination" ]; then if [ -f "$destination" ]; then cksum < "$destination" else echo "NO REGULAR FILE" fi else echo "NO FILE FOUND, NO CHECKSUM CALCULATED." fi cdist/cdist/conf/type/__ccollect_source/explorer/stat000077500000000000000000000024731427155744700234350ustar00rootroot00000000000000#!/bin/sh # # 2013 Steven Armstrong (steven-cdist armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # destination="/$__object_id" # nothing to work with, nothing we could do [ -e "$destination" ] || exit 0 os=$("$__explorer/os") case "$os" in "freebsd"|"netbsd"|"openbsd") # FIXME: should be something like this based on man page, but can not test stat -f "type: %ST owner: %Du %Su group: %Dg %Sg mode: %Op %Sp size: %Dz links: %Dl " "$destination" ;; "macosx") stat -f "type: %HT owner: %Du %Su group: %Dg %Sg mode: %Lp %Sp size: %Dz links: %Dl " "$destination" ;; *) stat --printf="type: %F owner: %u %U group: %g %G mode: %a %A size: %s links: %h " "$destination" ;; esac cdist/cdist/conf/type/__ccollect_source/explorer/type000077500000000000000000000016761427155744700234470ustar00rootroot00000000000000#!/bin/sh # # 2013 Steven Armstrong (steven-cdist armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # destination="/$__object_id" if [ ! -e "$destination" ]; then echo none elif [ -h "$destination" ]; then echo symlink elif [ -f "$destination" ]; then echo file elif [ -d "$destination" ]; then echo directory else echo unknown fi cdist/cdist/conf/type/__ccollect_source/gencode-remote000077500000000000000000000050301427155744700235070ustar00rootroot00000000000000#!/bin/sh -e # # 2014 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # destination="/$__object_id" state_should="$(cat "$__object/parameter/state")" type="$(cat "$__object/explorer/type")" stat_file="$__object/explorer/stat" get_current_value() { if [ -s "$stat_file" ]; then _name="$1" _value="$2" case "$_value" in [0-9]*) _index=2 ;; *) _index=3 ;; esac awk '/'"$_name"':/ { print $'$_index' }' "$stat_file" unset _name _value _index fi } set_group() { echo "chgrp '$1' '$destination'" echo "chgrp '$1'" >> "$__messages_out" } set_owner() { echo "chown '$1' '$destination'" echo "chown '$1'" >> "$__messages_out" } set_mode() { echo "chmod '$1' '$destination'" echo "chmod '$1'" >> "$__messages_out" } case "$state_should" in present|exists) # Note: Mode - needs to happen last as a chown/chgrp can alter mode by # clearing S_ISUID and S_ISGID bits (see chown(2)) for attribute in group owner mode; do if [ -f "$__object/parameter/$attribute" ]; then value_should="$(cat "$__object/parameter/$attribute")" # change 0xxx format to xxx format => same as stat returns if [ "$attribute" = mode ]; then value_should="$(echo "$value_should" | sed 's/^0\(...\)/\1/')" fi value_is="$(get_current_value "$attribute" "$value_should")" if [ -f "$__object/files/set-attributes" ] || [ "$value_should" != "$value_is" ]; then "set_$attribute" "$value_should" fi fi done ;; absent) if [ "$type" = "file" ]; then echo "rm -f '$destination'" echo remove >> "$__messages_out" fi ;; *) echo "Unknown state: $state_should" >&2 exit 1 ;; esac cdist/cdist/conf/type/__ccollect_source/man.rst000066400000000000000000000031461427155744700221770ustar00rootroot00000000000000cdist-type__ccollect_source(7) ============================== NAME ---- cdist-type__ccollect_source - Manage ccollect sources DESCRIPTION ----------- This cdist type allows you to create or delete ccollect sources. REQUIRED PARAMETERS ------------------- source The source from which to backup destination The destination directory OPTIONAL PARAMETERS ------------------- state 'present' or 'absent', defaults to 'present' ccollectconf The CCOLLECT_CONF directory. Defaults to /etc/ccollect. OPTIONAL MULTIPLE PARAMETERS ---------------------------- exclude Paths to exclude of backup BOOLEAN PARAMETERS ------------------ verbose Whether to report backup verbosely create-destination Create the directory specified in the destination parameter on the remote host EXAMPLES -------- .. code-block:: sh __ccollect_source doc.ungleich.ch \ --source doc.ungleich.ch:/ \ --destination /backup/doc.ungleich.ch \ --exclude '/proc/*' --exclude '/sys/*' \ --verbose __ccollect_source doc.ungleich.ch \ --source doc.ungleich.ch:/ \ --destination /backup/doc.ungleich.ch \ --exclude '/proc/*' --exclude '/sys/*' \ --verbose \ --create-destination SEE ALSO -------- :strong:`ccollect`\ (1) AUTHORS ------- Nico Schottelius COPYING ------- Copyright \(C) 2014 Nico Schottelius. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__ccollect_source/manifest000077500000000000000000000036351427155744700224310ustar00rootroot00000000000000#!/bin/sh -e # # 2014 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # name="$__object_id" state="$(cat "$__object/parameter/state")" source="$(cat "$__object/parameter/source")" destination="$(cat "$__object/parameter/destination")" ccollectconf="$(sed 's,/$,,' "$__object/parameter/ccollectconf")" sourcedir="$ccollectconf/sources" basedir="$sourcedir/$name" destination_file="$basedir/destination" source_file="$basedir/source" exclude_file="$basedir/exclude" verbose_file="$basedir/verbose" __directory "$basedir" --state "$state" export require="__directory$basedir" echo "$destination" | __file "$destination_file" --source - --state "$state" echo "$source" | __file "$source_file" --source - --state "$state" ################################################################################ # Booleans if [ "${state}" = "absent" ]; then verbosestate="absent" elif [ -f "$__object/parameter/verbose" ]; then verbosestate="present" else verbosestate="absent" fi __file "$verbose_file" --state "$verbosestate" if [ -f "$__object/parameter/exclude" ]; then __file "$exclude_file" --source - --state "$state" \ < "$__object/parameter/exclude" fi if [ -f "$__object/parameter/create-destination" ]; then __directory "${destination}" --parents --state "${state}" fi cdist/cdist/conf/type/__ccollect_source/parameter/000077500000000000000000000000001427155744700226465ustar00rootroot00000000000000cdist/cdist/conf/type/__ccollect_source/parameter/boolean000066400000000000000000000000331427155744700242040ustar00rootroot00000000000000verbose create-destination cdist/cdist/conf/type/__ccollect_source/parameter/default/000077500000000000000000000000001427155744700242725ustar00rootroot00000000000000cdist/cdist/conf/type/__ccollect_source/parameter/default/ccollectconf000066400000000000000000000000161427155744700266500ustar00rootroot00000000000000/etc/ccollect cdist/cdist/conf/type/__ccollect_source/parameter/default/state000066400000000000000000000000101427155744700253240ustar00rootroot00000000000000present cdist/cdist/conf/type/__ccollect_source/parameter/optional000066400000000000000000000000231427155744700244110ustar00rootroot00000000000000ccollectconf state cdist/cdist/conf/type/__ccollect_source/parameter/optional_multiple000066400000000000000000000000101427155744700263200ustar00rootroot00000000000000exclude cdist/cdist/conf/type/__ccollect_source/parameter/required000066400000000000000000000000231427155744700244040ustar00rootroot00000000000000source destination cdist/cdist/conf/type/__cdist/000077500000000000000000000000001427155744700166245ustar00rootroot00000000000000cdist/cdist/conf/type/__cdist/man.rst000066400000000000000000000025031427155744700201310ustar00rootroot00000000000000cdist-type__cdist(7) ==================== NAME ---- cdist-type__cdist - Manage cdist installations DESCRIPTION ----------- This cdist type allows you to easily setup cdist on another box, to allow the other box to configure systems. This type is *NOT* required by target hosts. It is only helpful to build FROM which you configure other hosts. This type will use git to clone REQUIRED PARAMETERS ------------------- OPTIONAL PARAMETERS ------------------- username Select the user to create for the cdist installation. Defaults to "cdist". source Select the source from which to clone cdist from. Defaults to "git@code.ungleich.ch:ungleich-public/cdist.git". branch Select the branch to checkout from. Defaults to "master". EXAMPLES -------- .. code-block:: sh # Install cdist for user cdist in her home as subfolder cdist __cdist /home/cdist/cdist # Use alternative source __cdist --source "git@code.ungleich.ch:ungleich-public/cdist.git" /home/cdist/cdist AUTHORS ------- Nico Schottelius COPYING ------- Copyright \(C) 2013 Nico Schottelius. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__cdist/manifest000077500000000000000000000025431427155744700203640ustar00rootroot00000000000000#!/bin/sh -e # # 2013 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # directory="$__object_id" if [ -f "$__object/parameter/shell" ]; then shell="--shell $(cat "$__object/parameter/shell")" else shell="" fi username="$(cat "$__object/parameter/username")" branch="$(cat "$__object/parameter/branch")" source="$(cat "$__object/parameter/source")" # Currently hardcoded - if anyone cares, make a parameter # out of it home=/home/$username # shellcheck disable=SC2086 __user "$username" --home "$home" $shell require="__user/$username" __directory "$home" \ --owner "$username" require="__user/$username __directory/$home" __git "$directory" \ --source "$source" \ --owner "$username" --branch "$branch" cdist/cdist/conf/type/__cdist/parameter/000077500000000000000000000000001427155744700206045ustar00rootroot00000000000000cdist/cdist/conf/type/__cdist/parameter/default/000077500000000000000000000000001427155744700222305ustar00rootroot00000000000000cdist/cdist/conf/type/__cdist/parameter/default/branch000066400000000000000000000000071427155744700234050ustar00rootroot00000000000000master cdist/cdist/conf/type/__cdist/parameter/default/source000066400000000000000000000000571427155744700234550ustar00rootroot00000000000000git@code.ungleich.ch:ungleich-public/cdist.git cdist/cdist/conf/type/__cdist/parameter/default/username000066400000000000000000000000061427155744700237660ustar00rootroot00000000000000cdist cdist/cdist/conf/type/__cdist/parameter/optional000066400000000000000000000000351427155744700223520ustar00rootroot00000000000000branch source username shell cdist/cdist/conf/type/__cdistmarker/000077500000000000000000000000001427155744700200265ustar00rootroot00000000000000cdist/cdist/conf/type/__cdistmarker/gencode-remote000077500000000000000000000020541427155744700226520ustar00rootroot00000000000000#!/bin/sh -e # # Copyright (C) 2011 Daniel Maher (phrawzty+cdist at gmail.com) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # The marker file is established in the docs, but it isn't obligatory. destination="$(cat "$__object/parameter/destination")" # The basic output of date is usually good enough, but variety is the # spice of life... format="$(cat "$__object/parameter/format")" # Dump the timestamp in UTC to the marker echo "date $format > $destination" cdist/cdist/conf/type/__cdistmarker/man.rst000066400000000000000000000023001427155744700213260ustar00rootroot00000000000000cdist-type__cdistmarker(7) ========================== NAME ---- cdist-type__cdistmarker - Add a timestamped cdist marker. DESCRIPTION ----------- This type is used to add a common marker file which indicates that a given machine is being managed by cdist. The contents of this file consist of a timestamp, which can be used to determine the most recent time at which cdist was run against the machine in question. REQUIRED PARAMETERS ------------------- None. OPTIONAL PARAMETERS ------------------- destination The path and filename of the marker. Default: /etc/cdist-configured format The format of the timestamp. This is passed directly to system 'date'. Default: -u EXAMPLES -------- .. code-block:: sh # Creates the marker as normal. __cdistmarker # Creates the marker differently. __cdistmarker --destination /tmp/cdist_marker --format '+%s' AUTHORS ------- Daniel Maher COPYING ------- Copyright \(C) 2011 Daniel Maher. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__cdistmarker/parameter/000077500000000000000000000000001427155744700220065ustar00rootroot00000000000000cdist/cdist/conf/type/__cdistmarker/parameter/default/000077500000000000000000000000001427155744700234325ustar00rootroot00000000000000cdist/cdist/conf/type/__cdistmarker/parameter/default/destination000066400000000000000000000000261427155744700256740ustar00rootroot00000000000000/etc/cdist-configured cdist/cdist/conf/type/__cdistmarker/parameter/default/format000066400000000000000000000000031427155744700246360ustar00rootroot00000000000000-u cdist/cdist/conf/type/__cdistmarker/parameter/optional000066400000000000000000000000231427155744700235510ustar00rootroot00000000000000destination format cdist/cdist/conf/type/__cdistmarker/singleton000066400000000000000000000000001427155744700217410ustar00rootroot00000000000000cdist/cdist/conf/type/__check_messages/000077500000000000000000000000001427155744700204625ustar00rootroot00000000000000cdist/cdist/conf/type/__check_messages/gencode-remote000077500000000000000000000015271427155744700233120ustar00rootroot00000000000000#!/bin/sh -e # # 2019 Ander Punnar (ander-at-kvlt-dot-ee) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # if grep -Eq \ "$( cat "$__object/parameter/pattern" )" \ "$__messages_in" then tee "$__messages_out" < "$__object/parameter/execute" fi cdist/cdist/conf/type/__check_messages/man.rst000066400000000000000000000023651427155744700217750ustar00rootroot00000000000000cdist-type__check_messages(7) ============================= NAME ---- cdist-type__check_messages - Check messages for pattern and execute command on match. DESCRIPTION ----------- Check messages for pattern and execute command on match. This type is useful if you chain together multiple related types using dependencies and want to restart service if at least one type changes something. For more information about messages see `cdist messaging `_. For more information about dependencies and execution order see `cdist manifest `_ documentation. REQUIRED PARAMETERS ------------------- pattern Extended regular expression pattern for search (passed to ``grep -E``). execute Command to execute on pattern match. EXAMPLES -------- .. code-block:: sh __check_messages munin \ --pattern '^__(file|link|line)/etc/munin/' \ --execute 'service munin-node restart' AUTHORS ------- Ander Punnar COPYING ------- Copyright \(C) 2019 Ander Punnar. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__check_messages/parameter/000077500000000000000000000000001427155744700224425ustar00rootroot00000000000000cdist/cdist/conf/type/__check_messages/parameter/required000066400000000000000000000000201427155744700241750ustar00rootroot00000000000000pattern execute cdist/cdist/conf/type/__chroot_mount/000077500000000000000000000000001427155744700202365ustar00rootroot00000000000000cdist/cdist/conf/type/__chroot_mount/gencode-local000077500000000000000000000022351427155744700226620ustar00rootroot00000000000000#!/bin/sh -e # # 2016 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # chroot="/$__object_id" if [ -f "$__object/parameter/manage-resolv-conf" ]; then suffix="$(cat "$__object/parameter/manage-resolv-conf")" resolv_conf="${chroot}/etc/resolv.conf" original_resolv_conf="${resolv_conf}.${suffix}" cat << DONE $__remote_exec $__target_host << EOSSH if [ -f "${resolv_conf}" ]; then mv "${resolv_conf}" "${original_resolv_conf}" fi # copy hosts resolv.conf into chroot cp /etc/resolv.conf "${resolv_conf}" EOSSH DONE fi cdist/cdist/conf/type/__chroot_mount/gencode-remote000077500000000000000000000030311427155744700230560ustar00rootroot00000000000000#!/bin/sh -e # # 2012 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # chroot="/$__object_id" cat << DONE # Prepare chroot [ -d "${chroot}/proc" ] || mkdir "${chroot}/proc" mountpoint -q "${chroot}/proc" \ || mount -t proc -o nosuid,noexec,nodev proc "${chroot}/proc" [ -d "${chroot}/sys" ] || mkdir "${chroot}/sys" mountpoint -q "${chroot}/sys" \ || mount -t sysfs -o nosuid,noexec,nodev sys "${chroot}/sys" [ -d "${chroot}/dev" ] || mkdir "${chroot}/dev" mountpoint -q "${chroot}/dev" \ || mount -t devtmpfs -o mode=0755,nosuid udev "${chroot}/dev" [ -d "${chroot}/dev/pts" ] || mkdir "${chroot}/dev/pts" mountpoint -q "${chroot}/dev/pts" \ || mount -t devpts -o mode=0620,gid=5,nosuid,noexec devpts "${chroot}/dev/pts" [ -d "${chroot}/tmp" ] || mkdir -m 1777 "${chroot}/tmp" mountpoint -q "${chroot}/tmp" \ || mount -t tmpfs -o mode=1777,strictatime,nodev,nosuid tmpfs "${chroot}/tmp" DONE cdist/cdist/conf/type/__chroot_mount/man.rst000066400000000000000000000021601427155744700215420ustar00rootroot00000000000000cdist-type__chroot_mount(7) =========================== NAME ---- cdist-type__chroot_mount - mount a chroot DESCRIPTION ----------- Mount and prepare a chroot for running commands within it. REQUIRED PARAMETERS ------------------- None OPTIONAL PARAMETERS ------------------- manage-resolv-conf manage /etc/resolv.conf inside the chroot. Use the value of this parameter as the suffix to save a copy of the current /etc/resolv.conf to /etc/resolv.conf.$suffix. This is used by the __chroot_umount type to restore the initial file content when unmounting the chroot. BOOLEAN PARAMETERS ------------------ None. EXAMPLES -------- .. code-block:: sh __chroot_mount /path/to/chroot __chroot_mount /path/to/chroot \ --manage-resolv-conf "some-known-string" AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2012-2017 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__chroot_mount/parameter/000077500000000000000000000000001427155744700222165ustar00rootroot00000000000000cdist/cdist/conf/type/__chroot_mount/parameter/optional000066400000000000000000000000231427155744700237610ustar00rootroot00000000000000manage-resolv-conf cdist/cdist/conf/type/__chroot_umount/000077500000000000000000000000001427155744700204235ustar00rootroot00000000000000cdist/cdist/conf/type/__chroot_umount/gencode-local000077500000000000000000000023051427155744700230450ustar00rootroot00000000000000#!/bin/sh -e # # 2016 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # chroot="/$__object_id" if [ -f "$__object/parameter/manage-resolv-conf" ]; then suffix="$(cat "$__object/parameter/manage-resolv-conf")" resolv_conf="${chroot}/etc/resolv.conf" original_resolv_conf="${resolv_conf}.${suffix}" cat << DONE $__remote_exec $__target_host << EOSSH if [ -f "${original_resolv_conf}" ]; then # restore original /etc/resolv.conf that we moved out of the way # in __chroot_mount/gencode-local mv -f "${original_resolv_conf}" "${resolv_conf}" fi EOSSH DONE fi cdist/cdist/conf/type/__chroot_umount/gencode-remote000077500000000000000000000022341427155744700232470ustar00rootroot00000000000000#!/bin/sh -e # # 2012 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # chroot="/$__object_id" cat << DONE umount -l "${chroot}/tmp" umount -l "${chroot}/dev/pts" umount -l "${chroot}/dev" umount -l "${chroot}/sys" umount -l "${chroot}/proc" if [ -d "${chroot}/etc/resolvconf/resolv.conf.d" ]; then # ensure /etc/resolvconf/resolv.conf.d/tail is not linked to \ # e.g. /etc/resolvconf/resolv.conf.d/original rm -f "${chroot}/etc/resolvconf/resolv.conf.d/tail" touch "${chroot}/etc/resolvconf/resolv.conf.d/tail" fi DONE cdist/cdist/conf/type/__chroot_umount/man.rst000066400000000000000000000022151427155744700217300ustar00rootroot00000000000000cdist-type__chroot_umount(7) ============================ NAME ---- cdist-type__chroot_umount - unmount a chroot mounted by __chroot_mount DESCRIPTION ----------- Undo what __chroot_mount did. REQUIRED PARAMETERS ------------------- None OPTIONAL PARAMETERS ------------------- manage-resolv-conf manage /etc/resolv.conf inside the chroot. Use the value of this parameter as the suffix to find the backup file that was saved by the __chroot_mount. This is used by the to restore the initial file content when unmounting the chroot. BOOLEAN PARAMETERS ------------------ None. EXAMPLES -------- .. code-block:: sh __chroot_umount /path/to/chroot __chroot_umount /path/to/chroot \ --manage-resolv-conf "some-known-string" SEE ALSO -------- :strong:`cdist-type__chroot_mount`\ (7) AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2012-2017 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__chroot_umount/manifest000077500000000000000000000023051427155744700221570ustar00rootroot00000000000000#!/bin/sh -e # # 2016 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # chroot="/$__object_id" if [ -f "$__object/parameter/manage-resolv-conf" ]; then suffix="$(cat "$__object/parameter/manage-resolv-conf")" resolv_conf="${chroot}/etc/resolv.conf" original_resolv_conf="${resolv_conf}.${suffix}" cat << DONE $__remote_exec $__target_host << EOSSH if [ -f "${original_resolv_conf}" ]; then # restore original /etc/resolv.conf that we moved out of the way # in __chroot_mount/gencode-local mv -f "${original_resolv_conf}" "${resolv_conf}" fi EOSSH DONE fi cdist/cdist/conf/type/__chroot_umount/parameter/000077500000000000000000000000001427155744700224035ustar00rootroot00000000000000cdist/cdist/conf/type/__chroot_umount/parameter/optional000066400000000000000000000000231427155744700241460ustar00rootroot00000000000000manage-resolv-conf cdist/cdist/conf/type/__clean_path/000077500000000000000000000000001427155744700176145ustar00rootroot00000000000000cdist/cdist/conf/type/__clean_path/explorer/000077500000000000000000000000001427155744700214545ustar00rootroot00000000000000cdist/cdist/conf/type/__clean_path/explorer/list000077500000000000000000000022231427155744700223540ustar00rootroot00000000000000#!/bin/sh -e # # 2019 Ander Punnar (ander-at-kvlt-dot-ee) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # if [ -f "$__object/parameter/path" ] then path="$( cat "$__object/parameter/path" )" else path="/$__object_id" fi [ ! -d "$path" ] && exit 0 pattern="$( cat "$__object/parameter/pattern" )" if [ -f "$__object/parameter/exclude" ] then exclude="$( cat "$__object/parameter/exclude" )" find "$path" -mindepth 1 -maxdepth 1 -regex "$pattern" \ -and -not -regex "$exclude" else find "$path" -mindepth 1 -maxdepth 1 -regex "$pattern" fi cdist/cdist/conf/type/__clean_path/gencode-remote000077500000000000000000000026601427155744700224430ustar00rootroot00000000000000#!/bin/sh -e # # 2019 Ander Punnar (ander-at-kvlt-dot-ee) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # [ ! -s "$__object/explorer/list" ] && exit 0 if [ -f "$__object/parameter/path" ] then path="$( cat "$__object/parameter/path" )" else path="/$__object_id" fi pattern="$( cat "$__object/parameter/pattern" )" if [ -f "$__object/parameter/exclude" ] then exclude="$( cat "$__object/parameter/exclude" )" echo "find '$path' -mindepth 1 -maxdepth 1 -regex '$pattern'" \ "-and -not -regex '$exclude'" \ '-exec rm -rf {} \;' else echo "find '$path' -mindepth 1 -maxdepth 1 -regex '$pattern'" \ '-exec rm -rf {} \;' fi while read -r f do echo "removed '$f'" >> "$__messages_out" done \ < "$__object/explorer/list" if [ -f "$__object/parameter/onchange" ] then cat "$__object/parameter/onchange" fi cdist/cdist/conf/type/__clean_path/man.rst000066400000000000000000000030721427155744700211230ustar00rootroot00000000000000cdist-type__clean_path(7) ========================= NAME ---- cdist-type__clean_path - Remove files and directories which match the pattern. DESCRIPTION ----------- Remove files and directories which match the pattern. Provided path must be a directory. Patterns are passed to ``find``'s ``-regex`` - see ``find(1)`` for more details. Look up of files and directories is non-recursive (``-maxdepth 1``). Parent directory is excluded (``-mindepth 1``). This type is not POSIX compatible (sorry, Solaris users). REQUIRED PARAMETERS ------------------- pattern Pattern of files which are removed from path. OPTIONAL PARAMETERS ------------------- path Path which will be cleaned. Defaults to ``$__object_id``. exclude Pattern of files which are excluded from removal. onchange The code to run if files or directories were removed. EXAMPLES -------- .. code-block:: sh __clean_path /etc/apache2/conf-enabled \ --pattern '.+' \ --exclude '.+\(charset\.conf\|security\.conf\)' \ --onchange 'service apache2 restart' __clean_path apache2-conf-enabled \ --path /etc/apache2/conf-enabled \ --pattern '.+' \ --exclude '.+\(charset\.conf\|security\.conf\)' \ --onchange 'service apache2 restart' AUTHORS ------- Ander Punnar COPYING ------- Copyright \(C) 2019 Ander Punnar. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__clean_path/parameter/000077500000000000000000000000001427155744700215745ustar00rootroot00000000000000cdist/cdist/conf/type/__clean_path/parameter/optional000066400000000000000000000000261427155744700233420ustar00rootroot00000000000000exclude onchange path cdist/cdist/conf/type/__clean_path/parameter/required000066400000000000000000000000101427155744700233260ustar00rootroot00000000000000pattern cdist/cdist/conf/type/__config_file/000077500000000000000000000000001427155744700177625ustar00rootroot00000000000000cdist/cdist/conf/type/__config_file/gencode-remote000077500000000000000000000016121427155744700226050ustar00rootroot00000000000000#!/bin/sh -e # # 2015 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # destination="$__object_id" if [ -f "$__object/parameter/onchange" ]; then if grep -q "^__file/${destination}" "$__messages_in"; then cat "$__object/parameter/onchange" fi fi cdist/cdist/conf/type/__config_file/man.rst000066400000000000000000000024071427155744700212720ustar00rootroot00000000000000cdist-type__config_file(7) ========================== NAME ---- cdist-type__config_file - _Manages config files DESCRIPTION ----------- Deploy config files using the file type. Run the given code if the files changes. REQUIRED PARAMETERS ------------------- None. OPTIONAL PARAMETERS ------------------- group see cdist-type__file mode see cdist-type__file onchange the code to run if the file changes owner see cdist-type__file source Path to the config file. If source is '-' (dash), take what was written to stdin as the config file content. state see cdist-type__file EXAMPLES -------- .. code-block:: sh __config_file /etc/consul/conf.d/watch_foo.json \ --owner root --group consul --mode 640 \ --source "$__type/files/watch_foo.json" \ --state present \ --onchange 'service consul status >/dev/null && service consul reload || true' SEE ALSO -------- :strong:`cdist-type__file`\ (7) AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2015 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__config_file/manifest000077500000000000000000000023001427155744700215110ustar00rootroot00000000000000#!/bin/sh -e # # 2015 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # set -- "/${__object_id}" cd "$__object/parameter/" for param in *; do case "$param" in source) source="$(cat "$__object/parameter/source")" if [ "$source" = "-" ]; then source="$__object/stdin" fi set -- "$@" --source "$source" ;; owner|group|mode|state) set -- "$@" "--${param}" "$(cat "$__object/parameter/$param")" ;; *) # ignore unknown parameters : ;; esac done __file "$@" cdist/cdist/conf/type/__config_file/parameter/000077500000000000000000000000001427155744700217425ustar00rootroot00000000000000cdist/cdist/conf/type/__config_file/parameter/default/000077500000000000000000000000001427155744700233665ustar00rootroot00000000000000cdist/cdist/conf/type/__config_file/parameter/default/state000066400000000000000000000000101427155744700244200ustar00rootroot00000000000000present cdist/cdist/conf/type/__config_file/parameter/optional000066400000000000000000000000471427155744700235130ustar00rootroot00000000000000group mode onchange owner source state cdist/cdist/conf/type/__consul/000077500000000000000000000000001427155744700170215ustar00rootroot00000000000000cdist/cdist/conf/type/__consul/files/000077500000000000000000000000001427155744700201235ustar00rootroot00000000000000cdist/cdist/conf/type/__consul/files/versions/000077500000000000000000000000001427155744700217735ustar00rootroot00000000000000cdist/cdist/conf/type/__consul/files/versions/0.4.1/000077500000000000000000000000001427155744700224335ustar00rootroot00000000000000cdist/cdist/conf/type/__consul/files/versions/0.4.1/cksum000066400000000000000000000000321427155744700234730ustar00rootroot00000000000000428915666 15738724 consul cdist/cdist/conf/type/__consul/files/versions/0.4.1/source000066400000000000000000000000761427155744700236610ustar00rootroot00000000000000https://dl.bintray.com/mitchellh/consul/0.4.1_linux_amd64.zip cdist/cdist/conf/type/__consul/files/versions/0.5.0/000077500000000000000000000000001427155744700224335ustar00rootroot00000000000000cdist/cdist/conf/type/__consul/files/versions/0.5.0/cksum000066400000000000000000000000321427155744700234730ustar00rootroot00000000000000131560372 17734417 consul cdist/cdist/conf/type/__consul/files/versions/0.5.0/source000066400000000000000000000000761427155744700236610ustar00rootroot00000000000000https://dl.bintray.com/mitchellh/consul/0.5.0_linux_amd64.zip cdist/cdist/conf/type/__consul/files/versions/0.5.1/000077500000000000000000000000001427155744700224345ustar00rootroot00000000000000cdist/cdist/conf/type/__consul/files/versions/0.5.1/cksum000066400000000000000000000000331427155744700234750ustar00rootroot000000000000002564582176 18232733 consul cdist/cdist/conf/type/__consul/files/versions/0.5.1/source000066400000000000000000000000761427155744700236620ustar00rootroot00000000000000https://dl.bintray.com/mitchellh/consul/0.5.1_linux_amd64.zip cdist/cdist/conf/type/__consul/files/versions/0.5.2/000077500000000000000000000000001427155744700224355ustar00rootroot00000000000000cdist/cdist/conf/type/__consul/files/versions/0.5.2/cksum000066400000000000000000000000331427155744700234760ustar00rootroot000000000000002207534901 18245010 consul cdist/cdist/conf/type/__consul/files/versions/0.5.2/source000066400000000000000000000001111427155744700236510ustar00rootroot00000000000000https://releases.hashicorp.com/consul/0.5.2/consul_0.5.2_linux_amd64.zip cdist/cdist/conf/type/__consul/files/versions/0.6.0/000077500000000000000000000000001427155744700224345ustar00rootroot00000000000000cdist/cdist/conf/type/__consul/files/versions/0.6.0/cksum000066400000000000000000000000321427155744700234740ustar00rootroot00000000000000688442448 19798264 consul cdist/cdist/conf/type/__consul/files/versions/0.6.0/source000066400000000000000000000001111427155744700236500ustar00rootroot00000000000000https://releases.hashicorp.com/consul/0.6.0/consul_0.6.0_linux_amd64.zip cdist/cdist/conf/type/__consul/files/versions/0.6.1/000077500000000000000000000000001427155744700224355ustar00rootroot00000000000000cdist/cdist/conf/type/__consul/files/versions/0.6.1/cksum000066400000000000000000000000331427155744700234760ustar00rootroot000000000000003100584780 20416856 consul cdist/cdist/conf/type/__consul/files/versions/0.6.1/source000066400000000000000000000001111427155744700236510ustar00rootroot00000000000000https://releases.hashicorp.com/consul/0.6.1/consul_0.6.1_linux_amd64.zip cdist/cdist/conf/type/__consul/files/versions/0.6.2/000077500000000000000000000000001427155744700224365ustar00rootroot00000000000000cdist/cdist/conf/type/__consul/files/versions/0.6.2/cksum000066400000000000000000000000331427155744700234770ustar00rootroot000000000000002124180907 20416920 consul cdist/cdist/conf/type/__consul/files/versions/0.6.2/source000066400000000000000000000001111427155744700236520ustar00rootroot00000000000000https://releases.hashicorp.com/consul/0.6.2/consul_0.6.2_linux_amd64.zip cdist/cdist/conf/type/__consul/files/versions/0.6.3/000077500000000000000000000000001427155744700224375ustar00rootroot00000000000000cdist/cdist/conf/type/__consul/files/versions/0.6.3/cksum000066400000000000000000000000331427155744700235000ustar00rootroot000000000000001832669072 20417720 consul cdist/cdist/conf/type/__consul/files/versions/0.6.3/source000066400000000000000000000001111427155744700236530ustar00rootroot00000000000000https://releases.hashicorp.com/consul/0.6.3/consul_0.6.3_linux_amd64.zip cdist/cdist/conf/type/__consul/files/versions/0.6.4/000077500000000000000000000000001427155744700224405ustar00rootroot00000000000000cdist/cdist/conf/type/__consul/files/versions/0.6.4/cksum000066400000000000000000000000331427155744700235010ustar00rootroot000000000000003832641574 23002736 consul cdist/cdist/conf/type/__consul/files/versions/0.6.4/source000066400000000000000000000001111427155744700236540ustar00rootroot00000000000000https://releases.hashicorp.com/consul/0.6.4/consul_0.6.4_linux_amd64.zip cdist/cdist/conf/type/__consul/files/versions/0.7.0/000077500000000000000000000000001427155744700224355ustar00rootroot00000000000000cdist/cdist/conf/type/__consul/files/versions/0.7.0/cksum000066400000000000000000000000321427155744700234750ustar00rootroot00000000000000695240564 24003648 consul cdist/cdist/conf/type/__consul/files/versions/0.7.0/source000066400000000000000000000001111427155744700236510ustar00rootroot00000000000000https://releases.hashicorp.com/consul/0.7.0/consul_0.7.0_linux_amd64.zip cdist/cdist/conf/type/__consul/files/versions/0.7.1/000077500000000000000000000000001427155744700224365ustar00rootroot00000000000000cdist/cdist/conf/type/__consul/files/versions/0.7.1/cksum000066400000000000000000000000331427155744700234770ustar00rootroot000000000000003128343188 28402769 consul cdist/cdist/conf/type/__consul/files/versions/0.7.1/source000066400000000000000000000001111427155744700236520ustar00rootroot00000000000000https://releases.hashicorp.com/consul/0.7.1/consul_0.7.1_linux_amd64.zip cdist/cdist/conf/type/__consul/files/versions/0.8.1/000077500000000000000000000000001427155744700224375ustar00rootroot00000000000000cdist/cdist/conf/type/__consul/files/versions/0.8.1/cksum000066400000000000000000000000321427155744700234770ustar00rootroot00000000000000283033689 36101209 consul cdist/cdist/conf/type/__consul/files/versions/0.8.1/source000066400000000000000000000001111427155744700236530ustar00rootroot00000000000000https://releases.hashicorp.com/consul/0.8.1/consul_0.8.1_linux_amd64.zip cdist/cdist/conf/type/__consul/files/versions/1.0.6/000077500000000000000000000000001427155744700224355ustar00rootroot00000000000000cdist/cdist/conf/type/__consul/files/versions/1.0.6/cksum000066400000000000000000000000331427155744700234760ustar00rootroot000000000000004120550353 48801129 consul cdist/cdist/conf/type/__consul/files/versions/1.0.6/source000066400000000000000000000001111427155744700236510ustar00rootroot00000000000000https://releases.hashicorp.com/consul/1.0.6/consul_1.0.6_linux_amd64.zip cdist/cdist/conf/type/__consul/files/versions/1.2.3/000077500000000000000000000000001427155744700224345ustar00rootroot00000000000000cdist/cdist/conf/type/__consul/files/versions/1.2.3/cksum000066400000000000000000000000211427155744700234720ustar00rootroot00000000000000191982 110369685 cdist/cdist/conf/type/__consul/files/versions/1.2.3/source000066400000000000000000000001111427155744700236500ustar00rootroot00000000000000https://releases.hashicorp.com/consul/1.2.3/consul_1.2.3_linux_amd64.zip cdist/cdist/conf/type/__consul/files/versions/1.3.0/000077500000000000000000000000001427155744700224325ustar00rootroot00000000000000cdist/cdist/conf/type/__consul/files/versions/1.3.0/cksum000066400000000000000000000000331427155744700234730ustar00rootroot000000000000001714523667 98363467 consul cdist/cdist/conf/type/__consul/files/versions/1.3.0/source000066400000000000000000000001111427155744700236460ustar00rootroot00000000000000https://releases.hashicorp.com/consul/1.3.0/consul_1.3.0_linux_amd64.zip cdist/cdist/conf/type/__consul/files/versions/1.5.0/000077500000000000000000000000001427155744700224345ustar00rootroot00000000000000cdist/cdist/conf/type/__consul/files/versions/1.5.0/cksum000066400000000000000000000000331427155744700234750ustar00rootroot00000000000000886614099 103959898 consul cdist/cdist/conf/type/__consul/files/versions/1.5.0/source000066400000000000000000000001111427155744700236500ustar00rootroot00000000000000https://releases.hashicorp.com/consul/1.5.0/consul_1.5.0_linux_amd64.zip cdist/cdist/conf/type/__consul/gencode-remote000077500000000000000000000035611427155744700216510ustar00rootroot00000000000000#!/bin/sh -e # # 2018 Darko Poljak (darko.poljak at gmail.com) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # #set -x if [ ! -f "$__object/parameter/direct" ]; then # Nothing here, staged file is used. exit 0 fi state=$(cat "$__object/parameter/state") destination="/usr/local/bin/consul" if [ "$state" = "absent" ]; then printf 'rm -f "%s"' "$destination" exit 0 fi versions_dir="$__type/files/versions" version="$(cat "$__object/parameter/version")" version_dir="$versions_dir/$version" source=$(cat "$version_dir/source") source_file_name="${source##*/}" cksum_should=$(cut -d' ' -f1,2 "$version_dir/cksum") cat << eof tmpdir=\$(mktemp -d -p /tmp "${__type##*/}.XXXXXXXXXX") curl -s -L "$source" > "\$tmpdir/$source_file_name" unzip -p "\$tmpdir/$source_file_name" > "${destination}.tmp" rm -rf "\$tmpdir" cksum_is=\$(cksum "${destination}.tmp" | cut -d' ' -f1,2) if [ "\$cksum_is" = "$cksum_should" ]; then rm -f "${destination}" mv "${destination}.tmp" "${destination}" chown root:root "$destination" chmod 755 "$destination" else rm -f "${destination}.tmp" echo "Failed to verify checksum for $__object_name" >&2 exit 1 fi eof echo "/usr/local/bin/consul created" >> "$__messages_out" cdist/cdist/conf/type/__consul/man.rst000066400000000000000000000032261427155744700203310ustar00rootroot00000000000000cdist-type__consul(7) ===================== NAME ---- cdist-type__consul - Install consul DESCRIPTION ----------- Downloads and installs the consul binary from https://dl.bintray.com/mitchellh/consul. Note that the consul binary is downloaded on the server (the machine running cdist) and then deployed to the target host using the __file type unless --direct parameter is used. REQUIRED PARAMETERS ------------------- None. OPTIONAL PARAMETERS ------------------- state either 'present' or 'absent'. Defaults to 'present' version which version of consul to install. See ./files/versions for a list of supported versions. Defaults to the latest known version. BOOLEAN PARAMETERS ------------------ direct Download and deploy consul binary directly on the target machine. MESSAGES -------- If consul binary is created using __staged_file then underlaying __file type messages are emitted. If consul binary is created by direct method then the following messages are emitted: /usr/local/bin/consul created consul binary was created EXAMPLES -------- .. code-block:: sh # just install using defaults __consul # install by downloading consul binary directly on the target machine __consul --direct # specific version __consul \ --version 0.4.1 AUTHORS ------- | Steven Armstrong | Darko Poljak COPYING ------- Copyright \(C) 2015 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__consul/manifest000077500000000000000000000035421427155744700205610ustar00rootroot00000000000000#!/bin/sh -e # # 2015 Steven Armstrong (steven-cdist at armstrong.cc) # 2016 Nico Schottelius (nico-cdist at schottelius.org) # 2018 Darko Poljak (darko.poljak at gmail.com) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # os=$(cat "$__global/explorer/os") case "$os" in alpine|scientific|centos|redhat|ubuntu|debian|devuan|archlinux|gentoo) # any linux should work : ;; *) echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2 echo "Please contribute an implementation for it if you can." >&2 exit 1 ;; esac versions_dir="$__type/files/versions" version="$(cat "$__object/parameter/version")" version_dir="$versions_dir/$version" if [ ! -d "$version_dir" ]; then echo "Unknown consul version '$version'. Expected one of:" >&2 ls "$versions_dir" >&2 exit 1 fi if [ -f "$__object/parameter/direct" ]; then __package unzip __package curl else __staged_file /usr/local/bin/consul \ --source "$(cat "$version_dir/source")" \ --cksum "$(cat "$version_dir/cksum")" \ --fetch-command 'curl -s -L "%s"' \ --prepare-command 'unzip -p "%s"' \ --state "$(cat "$__object/parameter/state")" \ --group root \ --owner root \ --mode 755 fi cdist/cdist/conf/type/__consul/parameter/000077500000000000000000000000001427155744700210015ustar00rootroot00000000000000cdist/cdist/conf/type/__consul/parameter/boolean000066400000000000000000000000071427155744700223400ustar00rootroot00000000000000direct cdist/cdist/conf/type/__consul/parameter/default/000077500000000000000000000000001427155744700224255ustar00rootroot00000000000000cdist/cdist/conf/type/__consul/parameter/default/state000066400000000000000000000000101427155744700234570ustar00rootroot00000000000000present cdist/cdist/conf/type/__consul/parameter/default/version000066400000000000000000000000061427155744700240310ustar00rootroot000000000000001.0.6 cdist/cdist/conf/type/__consul/parameter/optional000066400000000000000000000000161427155744700225460ustar00rootroot00000000000000state version cdist/cdist/conf/type/__consul/singleton000066400000000000000000000000001427155744700207340ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_agent/000077500000000000000000000000001427155744700201775ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_agent/files/000077500000000000000000000000001427155744700213015ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_agent/files/consul-prepare.upstart000066400000000000000000000002231427155744700256610ustar00rootroot00000000000000start on starting consul task script mkdir -p /var/run/consul chown consul:consul /var/run/consul chmod 2770 /var/run/consul end script cdist/cdist/conf/type/__consul_agent/files/consul.sys-openrc000066400000000000000000000015311427155744700246300ustar00rootroot00000000000000#!/sbin/openrc-run # 2019 Nico Schottelius (nico-cdist at schottelius.org) description="consul agent" pidfile="${CONSUL_PIDFILE:-"/var/run/$RC_SVCNAME/pidfile"}" command="${CONSUL_BINARY:-"/usr/local/bin/consul"}" checkconfig() { if [ ! -d /var/run/consul ] ; then mkdir -p /var/run/consul || return 1 chown consul:consul /var/run/$NAME || return 1 chmod 2770 /var/run/$NAME || return 1 fi } start() { need net start-stop-daemon --start --quiet --oknodo \ --pidfile "$pidfile" --background \ --exec $command -- agent -pid-file="$pidfile" -config-dir /etc/consul/conf.d } start_pre() { checkconfig } stop() { if [ "${RC_CMD}" = "restart" ] ; then checkconfig || return 1 fi ebegin "Stopping $RC_SVCNAME" start-stop-daemon --stop --exec "$command" \ --pidfile "$pidfile" --quiet eend $? } cdist/cdist/conf/type/__consul_agent/files/consul.systemd000066400000000000000000000010621427155744700242150ustar00rootroot00000000000000[Unit] Description=Consul Agent Wants=basic.target After=basic.target network.target [Service] User=consul Group=consul Environment="GOMAXPROCS=2" # Run ExecStartPre with root-permissions PermissionsStartOnly=true ExecStartPre=/usr/bin/mkdir -p /var/run/consul ExecStartPre=/usr/bin/chown consul:consul /var/run/consul ExecStartPre=/usr/bin/chmod 2770 /var/run/consul ExecStart=/usr/local/bin/consul agent -config-dir /etc/consul/conf.d ExecReload=/bin/kill -HUP $MAINPID KillMode=process Restart=on-failure RestartSec=42s [Install] WantedBy=multi-user.target cdist/cdist/conf/type/__consul_agent/files/consul.sysv-debian000066400000000000000000000051151427155744700247540ustar00rootroot00000000000000#!/bin/sh # # 2015-2018 Nico Schottelius (nico-cdist at schottelius.org) # 2015 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # ### BEGIN INIT INFO # Provides: consul # Required-Start: $network $local_fs $remote_fs # Required-Stop: $local_fs # Should-Start: # Should-Stop: # Short-Description: consul # Description: consul agent # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 ### END INIT INFO if [ -f "/etc/default/consul" ]; then # shellcheck disable=SC1091 . /etc/default/consul fi # shellcheck disable=SC1091 . /lib/lsb/init-functions NAME=consul CONSUL=/usr/local/bin/consul CONFIG=/etc/$NAME/conf.d PID_FILE=/var/run/$NAME/pidfile mkdir -p /var/run/$NAME chown consul:consul /var/run/$NAME chmod 2770 /var/run/$NAME export PATH="${PATH:+$PATH:}/usr/sbin:/sbin" case "$1" in start) log_daemon_msg "Starting consul agent" "consul" || true if start-stop-daemon --start --quiet --oknodo \ --pidfile "$PID_FILE" --background \ --exec $CONSUL -- agent -pid-file="$PID_FILE" -config-dir "$CONFIG"; then log_end_msg 0 || true else log_end_msg 1 || true fi ;; stop) log_daemon_msg "Stopping consul agent" "consul" || true if start-stop-daemon --stop --quiet --oknodo --pidfile $PID_FILE; then log_end_msg 0 || true else log_end_msg 1 || true fi ;; reload) log_daemon_msg "Reloading consul agent" "consul" || true if start-stop-daemon --stop --signal HUP --quiet --oknodo --pidfile $PID_FILE --exec $CONSUL; then log_end_msg 0 || true else log_end_msg 1 || true fi ;; restart) $0 stop && $0 start ;; status) status_of_proc -p $PID_FILE $CONSUL consul && exit 0 || exit $? ;; *) log_action_msg "Usage: /etc/init.d/consul {start|stop|reload|restart|status}" exit 1 ;; esac cdist/cdist/conf/type/__consul_agent/files/consul.sysv-redhat000066400000000000000000000040441427155744700250010ustar00rootroot00000000000000#!/bin/bash # # /etc/rc.d/init.d/consul # # Daemonize the consul agent. # # chkconfig: 2345 95 95 # description: Service discovery and configuration made easy. \ # Distributed, highly available, and datacenter-aware. # processname: consul # pidfile: /var/run/consul/pidfile # Source function library. # shellcheck disable=SC1091 . /etc/init.d/functions NAME=consul CONSUL=/usr/local/bin/consul CONFIG="/etc/$NAME/conf.d" PID_FILE="/var/run/$NAME/pidfile" LOG_FILE="/var/log/$NAME" # shellcheck disable=SC1090 [ -e "/etc/sysconfig/$NAME" ] && . "/etc/sysconfig/$NAME" export GOMAXPROCS="${GOMAXPROCS:-2}" mkdir -p "/var/run/$NAME" chown consul:consul "/var/run/$NAME" chmod 2770 "/var/run/$NAME" start() { printf "Starting %s: " "$NAME" daemon --user=consul \ --pidfile="$PID_FILE" \ "$CONSUL" agent -pid-file="$PID_FILE" -config-dir "$CONFIG" >> "$LOG_FILE" & retcode=$? touch "/var/lock/subsys/$NAME" return "$retcode" } stop() { printf "Shutting down %s: " "$NAME" killproc -p "$PID_FILE" "$NAME" retcode=$? rm -f "/var/lock/subsys/$NAME" return "$retcode" } case "$1" in start) if status -p "$PID_FILE" "$NAME" >/dev/null; then echo "$NAME already running" else start fi ;; stop) if status -p "$PID_FILE" "$NAME" >/dev/null; then stop else echo "$NAME not running" fi ;; info) "$CONSUL" info ;; status) status -p "$PID_FILE" "$NAME" exit $? ;; restart) if status -p "$PID_FILE" "$NAME" >/dev/null; then stop fi start ;; reload) if status -p "$PID_FILE" "$NAME" >/dev/null; then kill -HUP "$(cat "$PID_FILE")" else echo "$NAME not running" fi ;; condrestart) if [ -f "/var/lock/subsys/$NAME" ]; then if status -p "$PID_FILE" "$NAME" >/dev/null; then stop fi start fi ;; *) echo "Usage: $NAME {start|stop|status|reload|restart|condrestart|info}" exit 1 ;; esac exit $? cdist/cdist/conf/type/__consul_agent/files/consul.upstart000066400000000000000000000003661427155744700242350ustar00rootroot00000000000000description "Consul Agent" start on (local-filesystems and net-device-up IFACE!=lo) stop on runlevel [06] setuid consul setgid consul respawn respawn limit 10 10 kill timeout 10 exec /usr/local/bin/consul agent -config-dir /etc/consul/conf.d cdist/cdist/conf/type/__consul_agent/gencode-remote000077500000000000000000000015701427155744700230250ustar00rootroot00000000000000#!/bin/sh -e # # 2015 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # service="consul" state="$(cat "$__object/parameter/state")" case "$state" in present) : ;; absent) echo "service $service stop || true" ;; esac cdist/cdist/conf/type/__consul_agent/man.rst000066400000000000000000000113511427155744700215050ustar00rootroot00000000000000cdist-type__consul_agent(7) =========================== NAME ---- cdist-type__consul_agent - Manage the consul agent DESCRIPTION ----------- Configure and manage the consul agent. REQUIRED PARAMETERS ------------------- None. OPTIONAL PARAMETERS ------------------- acl-datacenter only used by servers. This designates the datacenter which is authoritative for ACL information. acl-default-policy either "allow" or "deny"; defaults to "allow". The default policy controls the behavior of a token when there is no matching rule. acl-down-policy either "allow", "deny" or "extend-cache"; "extend-cache" is the default. acl-master-token only used for servers in the acl_datacenter. This token will be created with management-level permissions if it does not exist. It allows operators to bootstrap the ACL system with a token ID that is well-known. acl-token when provided, the agent will use this token when making requests to the Consul servers. acl-ttl used to control Time-To-Live caching of ACLs. bind-addr sets the bind address for cluster communication bootstrap-expect sets server to expect bootstrap mode ca-file-source path to a PEM encoded certificate authority file which will be uploaded and configure using the ca_file config option. cert-file-source path to a PEM encoded certificate file which will be uploaded and configure using the cert_file config option. client-addr sets the address to bind for client access datacenter datacenter of the agent encrypt provides the gossip encryption key group the primary group for the agent json-config path to a partial json config file without leading { and trailing }. If json-config is '-' (dash), take what was written to stdin as the file content. key-file-source path to a PEM encoded private key file which will be uploaded and configure using the key_file config option. node-name name of this node. Must be unique in the cluster retry-join address to attempt joining every retry_interval until at least one join works. Can be specified multiple times. user the user to run the agent as state if the agent is 'present' or 'absent'. Defaults to 'present'. Currently state=absent is not working due to some dependency issues. BOOLEAN PARAMETERS ------------------ disable-remote-exec disables support for remote execution. When set to true, the agent will ignore any incoming remote exec requests. disable-update-check disables automatic checking for security bulletins and new version releases leave-on-terminate gracefully leave cluster on SIGTERM rejoin-after-leave rejoin the cluster using the previous state after leaving server used to control if an agent is in server or client mode enable-syslog enables logging to syslog verify-incoming enforce the use of TLS and verify a client's authenticity on incoming connections verify-outgoing enforce the use of TLS and verify the peers authenticity on outgoing connections use-distribution-package uses distribution package instead of upstream binary EXAMPLES -------- .. code-block:: sh # configure as server, bootstrap and rejoin hostname="$(cat "$__global/explorer/hostname")" __consul_agent \ --datacenter dc1 \ --node-name "${hostname%%.*}" \ --disable-update-check \ --server \ --rejoin-after-leave \ --bootstrap-expect 3 \ --retry-join consul-01 \ --retry-join consul-02 \ --retry-join consul-03 # configure as server, bootstrap and rejoin with ssl support hostname="$(cat "$__global/explorer/hostname")" __consul_agent \ --datacenter dc1 \ --node-name "${hostname%%.*}" \ --disable-update-check \ --server \ --rejoin-after-leave \ --bootstrap-expect 3 \ --retry-join consul-01 \ --retry-join consul-02 \ --retry-join consul-03 \ --ca-file-source /path/to/ca.pem \ --cert-file-source /path/to/cert.pem \ --key-file-source /path/to/key.pem \ --verify-incoming \ --verify-outgoing # configure as client and try joining existing cluster __consul_agent \ --datacenter dc1 \ --node-name "${hostname%%.*}" \ --disable-update-check \ --retry-join consul-01 \ --retry-join consul-02 \ --retry-join consul-03 SEE ALSO -------- consul documentation at: . AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2015 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__consul_agent/manifest000077500000000000000000000231351427155744700217370ustar00rootroot00000000000000#!/bin/sh -e # # 2015 Steven Armstrong (steven-cdist at armstrong.cc) # 2015-2020 Nico Schottelius (nico-cdist at schottelius.org) # 2019 Timothée Floure (timothee.floure at ungleich.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # os=$(cat "$__global/explorer/os") ### # Type parameters. state="$(cat "$__object/parameter/state")" user="$(cat "$__object/parameter/user")" group="$(cat "$__object/parameter/group")" release=$(cat "$__global/explorer/lsb_release") if [ -f "$__object/parameter/use-distribution-package" ]; then use_distribution_package=1 fi ### # Those are default that might be overriden by os-specific logic. data_dir="/var/lib/consul" tls_dir="$conf_dir/tls" case "$os" in alpine) conf_dir="/etc/consul" conf_file="server.json" ;; *) conf_dir="/etc/consul/conf.d" conf_file="config.json" ;; esac ### # Sane deployment, based on distribution package when available. distribution_setup () { case "$os" in debian) # consul is only available starting Debian 10 (buster). # See https://packages.debian.org/buster/consul if [ "$release" -lt 10 ]; then echo "Consul is not available for your debian release." >&2 echo "Please use the 'manual' (i.e. non-package) installation or \ upgrade the target system." >&2 exit 1 fi # Override previously defined environment to match debian packaging. conf_dir='/etc/consul.d' user='consul' group='consul' ;; alpine) # consul is only available starting Alpine 3.12 (= edge during the 3.11 cycle). # See https://pkgs.alpinelinux.org/packages?name=consul&branch=edge # Override previously defined environment to match alpine packaging. conf_dir='/etc/consul' conf_file='server.json' data_dir='/var/consul' user='consul' group='consul' ;; *) echo "Your operating system ($os) is currently not supported with the \ --use-distribution-package flag (${__type##*/})." >&2 echo "Please use non-package installation or contribute an \ implementation for if you can." >&2 exit 1 ;; esac # Install consul package. __package consul --state "$state" export config_deployment_requires="__package/consul" } ### # LEGACY manual deployment, kept for compatibility reasons. init_sysvinit() { __file /etc/init.d/consul \ --owner root --group root --mode 0755 \ --state "$state" \ --source "$__type/files/consul.sysv-$1" require="__file/etc/init.d/consul" __start_on_boot consul } init_systemd() { __file /lib/systemd/system/consul.service \ --owner root --group root --mode 0644 \ --state "$state" \ --source "$__type/files/consul.systemd" require="__file/lib/systemd/system/consul.service" __start_on_boot consul } init_upstart() { __file /etc/init/consul-prepare.conf \ --owner root --group root --mode 0644 \ --state "$state" \ --source "$__type/files/consul-prepare.upstart" require="__file/etc/init/consul-prepare.conf" \ __file /etc/init/consul.conf \ --owner root --group root --mode 0644 \ --state "$state" \ --source "$__type/files/consul.upstart" require="__file/etc/init/consul.conf" __start_on_boot consul } manual_setup () { case "$os" in alpine|scientific|centos|debian|devuan|redhat|ubuntu) # whitelist safeguard : ;; *) echo "Your operating system ($os) is currently not supported by this \ type (${__type##*/})." >&2 echo "Please contribute an implementation for it if you can." >&2 exit 1 ;; esac # FIXME: there has got to be a better way to handle the dependencies in this case case "$state" in present) __group "$group" --system --state "$state" require="__group/$group" __user "$user" \ --system --gid "$group" --home "$data_dir" --state "$state" ;; *) echo "The $state state is not (yet?) supported by this type." >&2 exit 1 ;; esac # Create data directory. require="__user/consul" __directory "$data_dir" \ --owner "$user" --group "$group" --mode 770 --state "$state" # Create config directory. require="__user/consul" __directory "$conf_dir" \ --parents --owner root --group "$group" --mode 750 --state "$state" # Install init script to start on boot case "$os" in devuan) init_sysvinit debian ;; centos|redhat) os_version="$(sed 's/[^0-9.]//g' "$__global/explorer/os_version")" major_version="${os_version%%.*}" case "$major_version" in [456]) init_sysvinit redhat ;; 7) init_systemd ;; *) echo "Unsupported CentOS/Redhat version: $os_version" >&2 exit 1 ;; esac ;; debian) os_version=$(cat "$__global/explorer/os_version") major_version="${os_version%%.*}" case "$major_version" in [567]) init_sysvinit debian ;; [89]|10) init_systemd ;; *) echo "Unsupported Debian version $os_version" >&2 exit 1 ;; esac ;; ubuntu) init_upstart ;; esac config_deployment_requires="__user/consul __directory/$conf_dir" } ### # Trigger requested installation method. if [ $use_distribution_package ]; then distribution_setup else manual_setup fi ### # Install TLS certificates. if [ -f "$__object/parameter/ca-file-source" ] || \ [ -f "$__object/parameter/cert-file-source" ] || \ [ -f "$__object/parameter/key-file-source" ]; then requires="$config_deployment_requires" __directory "$tls_dir" \ --owner root --group "$group" --mode 750 --state "$state" # Append to service restart requirements. restart_requires="$restart_requires __directory/$conf_dir/tls" fi ### # Generate and deploy configuration. json_configuration=$( echo "{" # parameters we define ourself printf ' "data_dir": "%s"\n' "$data_dir" cd "$__object/parameter/" for param in *; do case "$param" in state|user|group|json-config|use-distribution-package) continue ;; ca-file-source|cert-file-source|key-file-source) source="$(cat "$__object/parameter/$param")" destination="$tls_dir/${source##*/}" require="__directory/$tls_dir" \ __file "$destination" \ --owner root --group consul --mode 640 \ --source "$source" \ --state "$state" key="$(echo "${param%-*}" | tr '-' '_')" printf ' ,"%s": "%s"\n' "$key" "$destination" ;; disable-remote-exec|disable-update-check|leave-on-terminate\ |rejoin-after-leave|server|enable-syslog|verify-incoming|verify-outgoing) # handle boolean parameters key="$(echo "$param" | tr '-' '_')" printf ' ,"%s": true\n' "$key" ;; retry-join) # join multiple parameters into json array retry_join="$(awk '{printf "\""$1"\","}' "$__object/parameter/retry-join")" # remove trailing , printf ' ,"retry_join": [%s]\n' "${retry_join%*,}" ;; retry-join-wan) # join multiple parameters into json array over wan retry_join_wan="$(awk '{printf "\""$1"\","}' "$__object/parameter/retry-join-wan")" # remove trailing , printf ' ,"retry_join_wan": [%s]\n' "${retry_join_wan%*,}" ;; bootstrap-expect) # integer key=value parameters key="$(echo "$param" | tr '-' '_')" printf ' ,"%s": %s\n' "$key" "$(cat "$__object/parameter/$param")" ;; *) # string key=value parameters key="$(echo "$param" | tr '-' '_')" printf ' ,"%s": "%s"\n' "$key" "$(cat "$__object/parameter/$param")" ;; esac done if [ -f "$__object/parameter/json-config" ]; then json_config="$(cat "$__object/parameter/json-config")" if [ "$json_config" = "-" ]; then json_config="$__object/stdin" fi # remove leading and trailing whitespace and commas from first and last line # indent each line with 3 spaces for consistency json=$(sed -e 's/^[ \t]*/ /' -e '1s/^[ \t,]*//' -e '$s/[ \t,]*$//' "$json_config") printf ' ,%s\n' "$json" fi echo "}" ) echo "$json_configuration" | require="$config_deployment_requires" \ __file "$conf_dir/$conf_file" \ --owner root --group "$group" --mode 640 \ --state "$state" \ --source - # Set configuration deployment as requirement for service restart. restart_requires="__file/$conf_dir/$conf_file" ### # Restart consul agent after everything else. require="$restart_requires" __service consul --action restart cdist/cdist/conf/type/__consul_agent/parameter/000077500000000000000000000000001427155744700221575ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_agent/parameter/boolean000066400000000000000000000002351427155744700235210ustar00rootroot00000000000000disable-remote-exec disable-update-check leave-on-terminate rejoin-after-leave server enable-syslog verify-incoming verify-outgoing use-distribution-package cdist/cdist/conf/type/__consul_agent/parameter/default/000077500000000000000000000000001427155744700236035ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_agent/parameter/default/group000066400000000000000000000000071427155744700246570ustar00rootroot00000000000000consul cdist/cdist/conf/type/__consul_agent/parameter/default/state000066400000000000000000000000101427155744700246350ustar00rootroot00000000000000present cdist/cdist/conf/type/__consul_agent/parameter/default/user000066400000000000000000000000071427155744700245010ustar00rootroot00000000000000consul cdist/cdist/conf/type/__consul_agent/parameter/optional000066400000000000000000000003641427155744700237320ustar00rootroot00000000000000acl-datacenter acl-default-policy acl-down-policy acl-master-token acl-token acl-ttl bind-addr bootstrap-expect ca-file-source cert-file-source client-addr datacenter encrypt group json-config key-file-source node-name user state advertise-wan cdist/cdist/conf/type/__consul_agent/parameter/optional_multiple000066400000000000000000000000321427155744700256350ustar00rootroot00000000000000retry-join retry-join-wan cdist/cdist/conf/type/__consul_agent/singleton000066400000000000000000000000001427155744700221120ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_check/000077500000000000000000000000001427155744700201565ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_check/explorer/000077500000000000000000000000001427155744700220165ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_check/explorer/conf-dir000077700000000000000000000000001427155744700326702../../__consul_service/explorer/conf-dirustar00rootroot00000000000000cdist/cdist/conf/type/__consul_check/man.rst000066400000000000000000000036311427155744700214660ustar00rootroot00000000000000cdist-type__consul_check(7) ============================= NAME ---- cdist-type__consul_check - Manages consul checks DESCRIPTION ----------- Generate and deploy check definitions for a consul agent. See http://www.consul.io/docs/agent/checks.html for parameter documentation. Use either script together with interval, or use ttl. REQUIRED PARAMETERS ------------------- None. OPTIONAL PARAMETERS ------------------- docker-container-id the id of the docker container to run http the url to check id The id of this check. interval the interval in which the check should run name The name of this check. Defaults to __object_id notes human readable description script the shell command to run service-id the id of the service this check is bound to shell the shell to run inside the docker container state if this check is 'present' or 'absent'. Defaults to 'present'. status specify the initial state of this health check tcp the host and port to check timeout after how long to timeout checks which take to long token ACL token to use for interacting with the catalog ttl how long a TTL check is considered healthy without being updated through the HTTP interface EXAMPLES -------- .. code-block:: sh __consul_check redis \ --script /usr/local/bin/check_redis.py \ --interval 10s __consul_check some-object-id \ --id web-app \ --name "Web App Status" \ --notes "Web app does a curl internally every 10 seconds" \ --ttl 30s SEE ALSO -------- :strong:`cdist-type__consul_agent`\ (7) AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2015-2016 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__consul_check/manifest000077500000000000000000000045301427155744700217140ustar00rootroot00000000000000#!/bin/sh -e # # 2015-2016 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # name="$(cat "$__object/parameter/name" 2>/dev/null || echo "$__object_id")" conf_dir=$(cat "$__object/explorer/conf-dir") conf_file="check_${name}.json" state="$(cat "$__object/parameter/state")" # Sanity checks if [ -f "$__object/parameter/ttl" ]; then for conflicts_ttl in 'docker-container-id' 'http' 'script' 'tcp' 'timeout'; do if [ -f "$__object/parameter/${conflicts_ttl}" ]; then echo "Can not use --ttl together with --${conflicts_ttl}." >&2 exit 1 fi done fi if [ ! -f "$__object/parameter/interval" ]; then for requires_interval in 'docker-id' 'http' 'script' 'tcp'; do if [ -f "$__object/parameter/${requires_interval}" ]; then echo "When using --${requires_interval} you must also define --interval." >&2 exit 1 fi done fi if [ -f "$__object/parameter/docker-container-id" ] && [ ! -f "$__object/parameter/script" ]; then echo "When using --docker-container-id you must also define --script." >&2 exit 1 fi # Generate json config file ( echo "{" printf ' "check": {\n' printf ' "name": "%s"\n' "$name" cd "$__object/parameter/" for param in *; do case "$param" in state|name) continue ;; *) key="$(echo "$param" | tr '-' '_')" printf ' ,"%s": "%s"\n' "$key" "$(cat "$__object/parameter/$param")" ;; esac done # end check echo " }" # end json file echo "}" ) | \ require="__directory${conf_dir}" \ __config_file "${conf_dir}/${conf_file}" \ --owner root --group consul --mode 640 \ --state "$state" \ --onchange 'service consul status >/dev/null && service consul reload || true' \ --source - cdist/cdist/conf/type/__consul_check/parameter/000077500000000000000000000000001427155744700221365ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_check/parameter/default/000077500000000000000000000000001427155744700235625ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_check/parameter/default/state000066400000000000000000000000101427155744700246140ustar00rootroot00000000000000present cdist/cdist/conf/type/__consul_check/parameter/optional000066400000000000000000000001531427155744700237050ustar00rootroot00000000000000docker-container-id http id interval name notes script service-id shell state status tcp timeout token ttl cdist/cdist/conf/type/__consul_reload/000077500000000000000000000000001427155744700203475ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_reload/gencode-remote000077500000000000000000000015471427155744700232010ustar00rootroot00000000000000#!/bin/sh -e # # 2015 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # service="consul" if grep -q "^__file/etc/consul/conf.d/" "$__messages_in"; then echo "service $service status && service $service reload || true" fi cdist/cdist/conf/type/__consul_reload/man.rst000066400000000000000000000012351427155744700216550ustar00rootroot00000000000000cdist-type__consul_reload(7) ============================ NAME ---- cdist-type__consul_reload - Reload consul DESCRIPTION ----------- Reload consul after configuration changes. REQUIRED PARAMETERS ------------------- None. OPTIONAL PARAMETERS ------------------- None. EXAMPLES -------- .. code-block:: sh __consul_reload AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2015 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__consul_reload/singleton000066400000000000000000000000001427155744700222620ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_service/000077500000000000000000000000001427155744700205415ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_service/explorer/000077500000000000000000000000001427155744700224015ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_service/explorer/conf-dir000066400000000000000000000004401427155744700240230ustar00rootroot00000000000000# Determine the configuration directory used by consul. check_dir () { if [ -d "$1" ]; then printf '%s' "$1" exit fi } check_dir '/etc/consul/conf.d' check_dir '/etc/consul.d' check_dir '/etc/consul' echo 'Could not determine consul configuration dir. Exiting.' >&2 exit 1 cdist/cdist/conf/type/__consul_service/man.rst000066400000000000000000000033241427155744700220500ustar00rootroot00000000000000cdist-type__consul_service(7) ============================= NAME ---- cdist-type__consul_service - Manages consul services DESCRIPTION ----------- Generate and deploy service definitions for a consul agent. See http://www.consul.io/docs/agent/services.html for parameter documentation. Use either script together with interval, or use ttl. REQUIRED PARAMETERS ------------------- None. OPTIONAL PARAMETERS ------------------- check-interval the interval in which the script given with --check-script should be run check-http the URL to check for HTTP 200-ish status every --check-interval check-script the shell command to run every --check-interval check-ttl how long a service is considered healthy without being updated through the HTTP interfave id Defaults to --name name The name of this service. Defaults to __object_id port the port at which this service can be reached state if this service is 'present' or 'absent'. Defaults to 'present'. tag a tag to add to this service. Can be specified multiple times. EXAMPLES -------- .. code-block:: sh __consul_service redis \ --tag master \ --tag production \ --port 8000 \ --check-script /usr/local/bin/check_redis.py \ --check-interval 10s __consul_service webapp \ --port 80 \ --check-ttl 10s SEE ALSO -------- :strong:`cdist-type__consul_agent`\ (7) AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2015 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__consul_service/manifest000077500000000000000000000064321427155744700223020ustar00rootroot00000000000000#!/bin/sh -e # # 2015 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # name="$(cat "$__object/parameter/name" 2>/dev/null || echo "$__object_id")" conf_dir=$(cat "$__object/explorer/conf-dir") conf_file="service_${name}.json" state="$(cat "$__object/parameter/state")" # Sanity checks if [ -f "$__object/parameter/check-script" ] && [ -f "$__object/parameter/check-ttl" ]; then echo "Use either --check-script together with --check-interval OR --check-ttl, but not both" >&2 exit 1 fi if [ -f "$__object/parameter/check-script" ] && [ ! -f "$__object/parameter/check-interval" ]; then echo "When using --check-script you must also define --check-interval" >&2 exit 1 fi if [ -f "$__object/parameter/check-http" ] && [ ! -f "$__object/parameter/check-interval" ]; then echo "When using --check-http you must also define --check-interval" >&2 exit 1 fi # Generate json config file ( echo "{" printf ' "service": {\n' printf ' "name": "%s"\n' "$name" cd "$__object/parameter/" for param in *; do case "$param" in state|name|check-interval|conf-dir) continue ;; check-script) printf ' ,"check": {\n' printf ' "script": "%s"\n' "$(cat "$__object/parameter/check-script")" printf ' ,"interval": "%s"\n' "$(cat "$__object/parameter/check-interval")" printf ' }\n' ;; check-ttl) printf ' ,"check": {\n' printf ' "ttl": "%s"\n' "$(cat "$__object/parameter/check-ttl")" printf ' }\n' ;; check-http) printf ' ,"check": {\n' printf ' "http": "%s"\n' "$(cat "$__object/parameter/check-http")" printf ' ,"interval": "%s"\n' "$(cat "$__object/parameter/check-interval")" printf ' }\n' ;; tag) # create json array from newline delimited file tags="$(awk '{printf "\""$1"\","}' "$__object/parameter/tag")" # remove trailing , printf ' ,"tags": [%s]\n' "${tags%*,}" ;; port) # integer key=value parameters key="$(echo "$param" | tr '-' '_')" printf ' ,"%s": %s\n' "$key" "$(cat "$__object/parameter/$param")" ;; *) # string key=value parameters key="$(echo "$param" | tr '-' '_')" printf ' ,"%s": "%s"\n' "$key" "$(cat "$__object/parameter/$param")" ;; esac done # end service echo " }" # end json file echo "}" ) | \ __config_file "${conf_dir}/${conf_file}" \ --owner root --group consul --mode 640 \ --state "$state" \ --onchange 'service consul status >/dev/null && service consul reload || true' \ --source - cdist/cdist/conf/type/__consul_service/parameter/000077500000000000000000000000001427155744700225215ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_service/parameter/default/000077500000000000000000000000001427155744700241455ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_service/parameter/default/state000066400000000000000000000000101427155744700251770ustar00rootroot00000000000000present cdist/cdist/conf/type/__consul_service/parameter/optional000066400000000000000000000001041427155744700242640ustar00rootroot00000000000000check-http check-interval check-script check-ttl id name port state cdist/cdist/conf/type/__consul_service/parameter/optional_multiple000066400000000000000000000000041427155744700261760ustar00rootroot00000000000000tag cdist/cdist/conf/type/__consul_template/000077500000000000000000000000001427155744700207145ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_template/files/000077500000000000000000000000001427155744700220165ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_template/files/consul-template.systemd000066400000000000000000000006331427155744700265460ustar00rootroot00000000000000[Unit] Description=Consul-Template Daemon Wants=basic.target After=basic.target network.target [Service] User=root Group=root Environment="CONSUL_TEMPLATE_LOG=info" Environment="GOMAXPROCS=2" ExecStart=/usr/local/bin/consul-template -config /etc/consul-template/conf.d ExecReload=/bin/kill -HUP $MAINPID KillMode=process Restart=on-failure RestartSec=10s LimitNOFILE=4096 [Install] WantedBy=multi-user.target cdist/cdist/conf/type/__consul_template/files/consul-template.sysv000066400000000000000000000037661427155744700260740ustar00rootroot00000000000000#!/bin/bash # # /etc/rc.d/init.d/consul-template # # Daemonize the consul-template agent. # # chkconfig: 2345 95 95 # description: Generic template rendering and notifications with Consul # processname: consul-template # pidfile: /var/run/consul-template/pidfile # Source function library. # shellcheck disable=SC1091 . /etc/init.d/functions NAME=consul-template CONSUL_TEMPLATE=/usr/local/bin/consul-template CONFIG="/etc/$NAME/conf.d" PID_FILE="/var/run/$NAME/pidfile" LOG_FILE="/var/log/$NAME" # shellcheck disable=SC1090 [ -e "/etc/sysconfig/$NAME" ] && . "/etc/sysconfig/$NAME" export CONSUL_TEMPLATE_LOG="${CONSUL_TEMPLATE_LOG:-info}" export GOMAXPROCS="${GOMAXPROCS:-2}" mkdir -p "/var/run/$NAME" start() { printf "Starting %s: " "$NAME" daemon --pidfile="$PID_FILE" \ "$CONSUL_TEMPLATE" -config "$CONFIG" >> "$LOG_FILE" 2>&1 & echo "$!" > "$PID_FILE" retcode=$? touch "/var/lock/subsys/$NAME" return "$retcode" } stop() { printf "Shutting down %s: " "$NAME" killproc -p "$PID_FILE" "$CONSUL_TEMPLATE" retcode=$? rm -f "/var/lock/subsys/$NAME" return "$retcode" } case "$1" in start) if status -p "$PID_FILE" "$NAME" >/dev/null; then echo "$NAME already running" else start fi ;; stop) if status -p "$PID_FILE" "$NAME" >/dev/null; then stop else echo "$NAME not running" fi ;; status) status -p "$PID_FILE" "$NAME" exit $? ;; restart) if status -p "$PID_FILE" "$NAME" >/dev/null; then stop fi start ;; reload) if status -p "$PID_FILE" "$NAME" >/dev/null; then kill -HUP "$(cat "$PID_FILE")" else echo "$NAME not running" fi ;; condrestart) if [ -f "/var/lock/subsys/$NAME" ]; then if status -p "$PID_FILE" "$NAME" >/dev/null; then stop fi start fi ;; *) echo "Usage: $NAME {start|stop|status|reload|restart}" exit 1 ;; esac exit $? cdist/cdist/conf/type/__consul_template/files/consul-template.upstart000066400000000000000000000005061427155744700265570ustar00rootroot00000000000000description "Consul-Template Daemon" start on (local-filesystems and net-device-up IFACE!=lo) stop on runlevel [06] env CONSUL_TEMPLATE_LOG=info env GOMAXPROCS=${GOMAXPROCS} exec /usr/local/bin/consul-template -config /etc/consul-template/conf.d >> /var/log/consul-template 2>&1 respawn respawn limit 10 10 kill timeout 10 cdist/cdist/conf/type/__consul_template/files/versions/000077500000000000000000000000001427155744700236665ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_template/files/versions/0.10.0/000077500000000000000000000000001427155744700244025ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_template/files/versions/0.10.0/cksum000066400000000000000000000000431427155744700254440ustar00rootroot000000000000003401777891 9273880 consul-template cdist/cdist/conf/type/__consul_template/files/versions/0.10.0/source000066400000000000000000000001351427155744700256240ustar00rootroot00000000000000https://releases.hashicorp.com/consul-template/0.10.0/consul-template_0.10.0_linux_amd64.zip cdist/cdist/conf/type/__consul_template/files/versions/0.15.0/000077500000000000000000000000001427155744700244075ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_template/files/versions/0.15.0/cksum000066400000000000000000000000441427155744700254520ustar00rootroot000000000000002643547924 12487232 consul-template cdist/cdist/conf/type/__consul_template/files/versions/0.15.0/source000066400000000000000000000001351427155744700256310ustar00rootroot00000000000000https://releases.hashicorp.com/consul-template/0.15.0/consul-template_0.15.0_linux_amd64.zip cdist/cdist/conf/type/__consul_template/man.rst000066400000000000000000000075601427155744700222310ustar00rootroot00000000000000cdist-type__consul_template(7) ============================== NAME ---- cdist-type__consul_template - Manage the consul-template service DESCRIPTION ----------- Downloads and installs the consul-template binary from https://github.com/hashicorp/consul-template/releases/download/. Generates a global config file and creates directory for per template config files. Note that the consul-template binary is downloaded on the server (the machine running cdist) and then deployed to the target host using the __file type. REQUIRED PARAMETERS ------------------- None. OPTIONAL PARAMETERS ------------------- auth-username specify a username for basic authentication. auth-password specify a password for basic authentication. batch-size the size of the batch when polling multiple dependencies. consul the location of the Consul instance to query (may be an IP address or FQDN) with port. Defaults to 'localhost:8500'. log-level The log level for output. This applies to the stdout/stderr logging as well as syslog logging (if enabled). Valid values are "debug", "info", "warn", and "err". The default value is "warn". max-stale the maximum staleness of a query. If specified, Consul will distribute work among all servers instead of just the leader. retry the amount of time to wait if Consul returns an error when communicating with the API. state either 'present' or 'absent'. Defaults to 'present' ssl-cert Path to an SSL client certificate to use to authenticate to the consul server. Useful if the consul server "verify_incoming" option is set. ssl-ca-cert Path to a CA certificate file, containing one or more CA certificates to use to validate the certificate sent by the consul server to us. This is a handy alternative to setting --ssl-no-verify if you are using your own CA. syslog-facility The facility to use when sending to syslog. This requires the use of --syslog. The default value is LOCAL0. token the Consul API token. vault-address the location of the Vault instance to query (may be an IP address or FQDN) with port. vault-token the Vault API token. vault-ssl-cert Path to an SSL client certificate to use to authenticate to the vault server. vault-ssl-ca-cert Path to a CA certificate file, containing one or more CA certificates to use to validate the certificate sent by the vault server to us. version which version of consul-template to install. See ./files/versions for a list of supported versions. Defaults to the latest known version. wait the minimum(:maximum) to wait before rendering a new template to disk and triggering a command, separated by a colon (:). If the optional maximum value is omitted, it is assumed to be 4x the required minimum value. BOOLEAN PARAMETERS ------------------ ssl use HTTPS while talking to Consul. Requires the Consul server to be configured to serve secure connections. ssl-no-verify ignore certificate warnings. Only used if ssl is enabled. syslog Send log output to syslog (in addition to stdout and stderr). vault-ssl use HTTPS while talking to Vault. Requires the Vault server to be configured to serve secure connections. vault-ssl-no-verify ignore certificate warnings. Only used if vault is enabled. EXAMPLES -------- .. code-block:: sh __consul_template \ --consul consul.service.consul:8500 \ --retry 30s # specific version __consul_template \ --version 0.6.5 \ --retry 30s SEE ALSO -------- consul documentation at: . AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2015 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__consul_template/manifest000077500000000000000000000145061427155744700224560ustar00rootroot00000000000000#!/bin/sh -e # # 2015 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # os=$(cat "$__global/explorer/os") case "$os" in scientific|centos|redhat) # whitelist safeguard service_onchange='service consul-template status >/dev/null && service consul-template reload || true' \ ;; archlinux) service_onchange="systemctl status consul-template >/dev/null && systemctl reload consul-template || true" ;; *) echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2 echo "Please contribute an implementation for it if you can." >&2 exit 1 ;; esac versions_dir="$__type/files/versions" version="$(cat "$__object/parameter/version")" version_dir="$versions_dir/$version" if [ ! -d "$version_dir" ]; then echo "Unknown consul-template version '$version'. Expected one of:" >&2 ls "$versions_dir" >&2 exit 1 fi state="$(cat "$__object/parameter/state")" __staged_file /usr/local/bin/consul-template \ --source "$(cat "$version_dir/source")" \ --cksum "$(cat "$version_dir/cksum")" \ --fetch-command 'curl -s -L "%s"' \ --prepare-command 'unzip -p "%s"' \ --state "$state" \ --group root \ --owner root \ --mode 755 conf_dir="/etc/consul-template/conf.d" conf_file="config.hcl" template_dir="/etc/consul-template/template" __directory /etc/consul-template \ --owner root --group root --mode 750 require="__directory/etc/consul-template" \ __directory "$conf_dir" \ --owner root --group root --mode 750 require="__directory/etc/consul-template" \ __directory "$template_dir" \ --owner root --group root --mode 750 # Generate hcl config file ( cd "$__object/parameter/" for param in *; do case "$param" in auth-password|state|ssl-*|syslog-*|version|vault-token|vault-ssl*) continue ;; auth-username) printf 'auth {\n' printf ' enabled = true\n' printf ' username = "%s"\n' "$(cat "$__object/parameter/auth-username")" if [ -f "$__object/parameter/auth-password" ]; then printf ' password = %s\n' "$(cat "$__object/parameter/auth-password")" fi printf '}\n' ;; ssl) printf 'ssl {\n' printf ' enabled = true\n' if [ -f "$__object/parameter/ssl-no-verify" ]; then printf ' verify = false\n' fi if [ -f "$__object/parameter/ssl-cert" ]; then printf ' cert = "%s"\n' "$(cat "$__object/parameter/ssl-cert")" fi if [ -f "$__object/parameter/ssl-ca-cert" ]; then printf ' ca_cert = "%s"\n' "$(cat "$__object/parameter/ssl-ca-cert")" fi printf '}\n' ;; syslog) printf 'syslog {\n' printf ' enabled = true\n' if [ -f "$__object/parameter/syslog-facility" ]; then printf ' facility = "%s"\n' "$(cat "$__object/parameter/syslog-facility")" fi printf '}\n' ;; vault-address) printf 'vault {\n' printf ' address = "%s"\n' "$(cat "$__object/parameter/vault-address")" if [ -f "$__object/parameter/vault-token" ]; then printf ' token = "%s"\n' "$(cat "$__object/parameter/vault-token")" fi if [ -f "$__object/parameter/vault-ssl" ]; then printf ' ssl {\n' printf ' enabled = true\n' if [ -f "$__object/parameter/vault-ssl-no-verify" ]; then printf ' verify = false\n' fi if [ -f "$__object/parameter/vault-ssl-cert" ]; then printf ' cert = "%s"\n' "$(cat "$__object/parameter/vault-ssl-cert")" fi if [ -f "$__object/parameter/vault-ssl-ca-cert" ]; then printf ' ca_cert = "%s"\n' "$(cat "$__object/parameter/vault-ssl-ca-cert")" fi printf ' }\n' fi printf '}\n' ;; *) # string key=value parameters key="$(echo "$param" | tr '-' '_')" printf '%s = "%s"\n' "$key" "$(cat "$__object/parameter/$param")" ;; esac done ) | \ require="__directory${conf_dir}" \ __config_file "${conf_dir}/${conf_file}" \ --owner root --group root --mode 640 \ --state "$state" \ --onchange "$service_onchange" \ --source - # Install init script to start on boot service="consul-template" case "$os" in centos|redhat) os_version="$(sed 's/[^0-9.]//g' "$__global/explorer/os_version")" major_version="${os_version%%.*}" case "$major_version" in 7) __file "/lib/systemd/system/${service}.service" \ --owner root --group root --mode 0555 \ --state "$state" \ --source "$__type/files/${service}.systemd" export require="__file/lib/systemd/system/${service}.service" ;; *) __file "/etc/init.d/${service}" \ --owner root --group root --mode 0555 \ --state "$state" \ --source "$__type/files/${service}.sysv" export require="__file/etc/init.d/${service}" ;; esac __start_on_boot "$service" --state "$state" ;; ubuntu) __file "/etc/init/${service}.conf" \ --owner root --group root --mode 0644 \ --state "$state" \ --source "$__type/files/${service}.upstart" export require="__file/etc/init/${service}.conf" __start_on_boot "$service" --state "$state" ;; archlinux) __file "/lib/systemd/system/${service}.service" \ --owner root --group root --mode 0555 \ --state "$state" \ --source "$__type/files/${service}.systemd" export require="__file/lib/systemd/system/${service}.service" __start_on_boot "$service" --state "$state" ;; esac cdist/cdist/conf/type/__consul_template/notes000066400000000000000000000040541427155744700217720ustar00rootroot00000000000000# < 0.7.0 ssl = true ssl_no_verify = true # >= 0.7.0 ssl { enabled = true verify = false } # >= 0.9.0 ssl-cert ssl-ca-cert -------------------------------------------------------------------------------- ### from docs ssl { enabled = true verify = false cert = "/path/to/client/cert.pem" ca_cert = "/path/to/ca/cert.pem" } ssl Use HTTPS while talking to Consul. Requires the Consul server to be configured to serve secure connections. The default value is false. ssl-verify Verify certificates when connecting via SSL. This requires the use of -ssl. The default value is true. ssl-cert Path to an SSL client certificate to use to authenticate to the consul server. Useful if the consul server "verify_incoming" option is set. ssl-ca-cert Path to a CA certificate file, containing one or more CA certificates to use to validate the certificate sent by the consul server to us. This is a handy alternative to setting --ssl-verify=false if you are using your own CA. -------------------------------------------------------------------------------- ### example config file from docs consul = "127.0.0.1:8500" token = "abcd1234" // May also be specified via the envvar CONSUL_TOKEN retry = "10s" max_stale = "10m" log_level = "warn" pid_file = "/path/to/pid" vault { address = "https://vault.service.consul:8200" token = "abcd1234" // May also be specified via the envvar VAULT_TOKEN ssl { enabled = true verify = true cert = "/path/to/client/cert.pem" ca_cert = "/path/to/ca/cert.pem" } } --auth-username --auth-password # if any are given enabled = true auth { enabled = true username = "test" password = "test" } ssl { enabled = true verify = false cert = "/path/to/client/cert.pem" ca_cert = "/path/to/ca/cert.pem" } syslog { enabled = true facility = "LOCAL5" } template { source = "/path/on/disk/to/template" destination = "/path/on/disk/where/template/will/render" command = "optional command to run when the template is updated" } template { // Multiple template definitions are supported } cdist/cdist/conf/type/__consul_template/parameter/000077500000000000000000000000001427155744700226745ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_template/parameter/boolean000066400000000000000000000000671427155744700242410ustar00rootroot00000000000000ssl ssl-no-verify syslog vault-ssl vault-ssl-no-verify cdist/cdist/conf/type/__consul_template/parameter/default/000077500000000000000000000000001427155744700243205ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_template/parameter/default/consul000066400000000000000000000000171427155744700255440ustar00rootroot00000000000000localhost:8500 cdist/cdist/conf/type/__consul_template/parameter/default/log-level000066400000000000000000000000051427155744700261240ustar00rootroot00000000000000warn cdist/cdist/conf/type/__consul_template/parameter/default/state000066400000000000000000000000101427155744700253520ustar00rootroot00000000000000present cdist/cdist/conf/type/__consul_template/parameter/default/syslog-facility000066400000000000000000000000071427155744700273620ustar00rootroot00000000000000LOCAL0 cdist/cdist/conf/type/__consul_template/parameter/default/version000066400000000000000000000000071427155744700257250ustar00rootroot000000000000000.15.0 cdist/cdist/conf/type/__consul_template/parameter/optional000066400000000000000000000003011427155744700244360ustar00rootroot00000000000000auth-username auth-password batch-size consul log-level max-stale retry state ssl-cert ssl-ca-cert syslog-facility token vault-address vault-token vault-ssl-cert vault-ssl-ca-cert version wait cdist/cdist/conf/type/__consul_template/singleton000066400000000000000000000000001427155744700226270ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_template_template/000077500000000000000000000000001427155744700226075ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_template_template/man.rst000066400000000000000000000045621427155744700241230ustar00rootroot00000000000000cdist-type__consul_template_template(7) ======================================= NAME ---- cdist-type__consul_template_template - Manage consul-template templates DESCRIPTION ----------- Generate and deploy template definitions for a consul-template. See https://github.com/hashicorp/consul-template#examples for documentation. Templates are written in the Go template format. Either the --source or the --source-file parameter must be given. REQUIRED PARAMETERS ------------------- destination the destination where the generated file should go. OPTIONAL PARAMETERS ------------------- command an optional command to run after rendering the template to its destination. source path to the template source. Conflicts --source-file. source-file path to a local file which is uploaded using the __file type and configured as the source. If source is '-' (dash), take what was written to stdin as the file content. Conflicts --source. state if this template is 'present' or 'absent'. Defaults to 'present'. wait The `minimum(:maximum)` time to wait before rendering a new template to disk and triggering a command, separated by a colon (`:`). If the optional maximum value is omitted, it is assumed to be 4x the required minimum value. This is a numeric time with a unit suffix ("5s"). There is no default value. The wait value for a template takes precedence over any globally-configured wait. EXAMPLES -------- .. code-block:: sh # configure template on the target __consul_template_template nginx \ --source /etc/my-consul-templates/nginx.ctmpl \ --destination /etc/nginx/nginx.conf \ --command 'service nginx restart' # upload a local file to the target and configure it __consul_template_template nginx \ --wait '2s:6s' \ --source-file "$__manifest/files/nginx.ctmpl" \ --destination /etc/nginx/nginx.conf \ --command 'service nginx restart' SEE ALSO -------- :strong:`cdist-type__consul_template`\ (7), :strong:`cdist-type__consul_template_config`\ (7) AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2015-2016 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__consul_template_template/manifest000077500000000000000000000047071427155744700243530ustar00rootroot00000000000000#!/bin/sh -e # # 2015 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # name="$(cat "$__object/parameter/name" 2>/dev/null || echo "$__object_id")" state="$(cat "$__object/parameter/state")" conf_dir="/etc/consul-template/conf.d" conf_file="template_${name}.hcl" template_dir="/etc/consul-template/template" require="" # Sanity checks if [ -f "$__object/parameter/source" ] && [ -f "$__object/parameter/source-file" ]; then echo "Use either --source OR --source-file, but not both." >&2 exit 1 fi if [ ! -f "$__object/parameter/source" ] && [ ! -f "$__object/parameter/source-file" ]; then echo "Either --source OR --source-file must be given." >&2 exit 1 fi if [ -f "$__object/parameter/source-file" ]; then destination="${template_dir}/${name}" require="__file${destination}" fi # Generate hcl config file { printf 'template {\n' cd "$__object/parameter/" for param in *; do case "$param" in source-file) source="$(cat "$__object/parameter/$param")" if [ "$source" = "-" ]; then source="$__object/stdin" fi require="__directory${template_dir}" \ __file "$destination" \ --owner root --group root --mode 640 \ --source "$source" \ --state "$state" printf ' source = "%s"\n' "$destination" ;; source|destination|command|wait) printf ' %s = "%s"\n' "$param" "$(cat "$__object/parameter/$param")" ;; *) # ignore unknown parameters : ;; esac done printf '}\n' } | \ require="$require __directory${conf_dir}" \ __config_file "${conf_dir}/${conf_file}" \ --owner root --group root --mode 640 \ --state "$state" \ --onchange 'service consul-template status >/dev/null && service consul-template reload || true' \ --source - cdist/cdist/conf/type/__consul_template_template/parameter/000077500000000000000000000000001427155744700245675ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_template_template/parameter/default/000077500000000000000000000000001427155744700262135ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_template_template/parameter/default/state000066400000000000000000000000101427155744700272450ustar00rootroot00000000000000present cdist/cdist/conf/type/__consul_template_template/parameter/optional000066400000000000000000000000461427155744700263370ustar00rootroot00000000000000command source source-file state wait cdist/cdist/conf/type/__consul_template_template/parameter/required000066400000000000000000000000141427155744700263250ustar00rootroot00000000000000destination cdist/cdist/conf/type/__consul_watch_checks/000077500000000000000000000000001427155744700215275ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_watch_checks/explorer/000077500000000000000000000000001427155744700233675ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_watch_checks/explorer/conf-dir000077700000000000000000000000001427155744700342412../../__consul_service/explorer/conf-dirustar00rootroot00000000000000cdist/cdist/conf/type/__consul_watch_checks/man.rst000066400000000000000000000031521427155744700230350ustar00rootroot00000000000000cdist-type__consul_watch_checks(7) ================================== NAME ---- cdist-type__consul_watch_checks - Manages consul checks watches DESCRIPTION ----------- Generate and deploy watch definitions of type 'checks' for a consul agent. See http://www.consul.io/docs/agent/watches.html for parameter documentation. REQUIRED PARAMETERS ------------------- handler the handler to invoke when the data view updates OPTIONAL PARAMETERS ------------------- datacenter can be provided to override the agent's default datacenter filter-service filter to a specific service. Conflicts with --filter-state. filter-state filter to a specific state. Conflicts with --filter-service. state if this watch is 'present' or 'absent'. Defaults to 'present'. token can be provided to override the agent's default ACL token EXAMPLES -------- .. code-block:: sh __consul_watch_checks some-id \ --handler /usr/bin/my-handler.sh __consul_watch_checks some-id \ --filter-service consul \ --handler /usr/bin/my-handler.sh __consul_watch_checks some-id \ --filter-state passing \ --handler /usr/bin/my-handler.sh SEE ALSO -------- :strong:`cdist-type__consul_agent`\ (7) consul documentation at: . AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2015 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__consul_watch_checks/manifest000077500000000000000000000036141427155744700232670ustar00rootroot00000000000000#!/bin/sh -e # # 2015 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # cdist_type="${__type##*/}" watch_type="${cdist_type##*_}" conf_dir=$(cat "$__object/explorer/conf-dir") conf_file="watch_${watch_type}_${__object_id}.json" state="$(cat "$__object/parameter/state")" # Sanity checks if [ -f "$__object/parameter/filter-service" ] && [ -f "$__object/parameter/filter-state" ]; then echo "Use either --filter-service or --filter-state but not both." >&2 exit 1 fi # Generate json config file ( echo "{" printf ' "watches": [{\n' printf ' "type": "%s"\n' "$watch_type" cd "$__object/parameter/" for param in *; do case "$param" in state) continue ;; filter-*) key="${param##*-}" printf ' ,"%s": "%s"\n' "$key" "$(cat "$__object/parameter/$param")" ;; *) key="$(echo "$param" | tr '-' '_')" printf ' ,"%s": "%s"\n' "$key" "$(cat "$__object/parameter/$param")" ;; esac done # end watches echo " }]" # end json file echo "}" ) | \ require="__directory${conf_dir}" \ __config_file "${conf_dir}/${conf_file}" \ --owner root --group consul --mode 640 \ --state "$state" \ --onchange 'service consul status >/dev/null && service consul reload || true' \ --source - cdist/cdist/conf/type/__consul_watch_checks/parameter/000077500000000000000000000000001427155744700235075ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_watch_checks/parameter/default/000077500000000000000000000000001427155744700251335ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_watch_checks/parameter/default/state000066400000000000000000000000101427155744700261650ustar00rootroot00000000000000present cdist/cdist/conf/type/__consul_watch_checks/parameter/optional000066400000000000000000000000631427155744700252560ustar00rootroot00000000000000datacenter filter-service filter-state state token cdist/cdist/conf/type/__consul_watch_checks/parameter/required000066400000000000000000000000101427155744700252410ustar00rootroot00000000000000handler cdist/cdist/conf/type/__consul_watch_event/000077500000000000000000000000001427155744700214105ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_watch_event/explorer/000077500000000000000000000000001427155744700232505ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_watch_event/explorer/conf-dir000077700000000000000000000000001427155744700341222../../__consul_service/explorer/conf-dirustar00rootroot00000000000000cdist/cdist/conf/type/__consul_watch_event/man.rst000066400000000000000000000026211427155744700227160ustar00rootroot00000000000000cdist-type__consul_watch_event(7) ================================= NAME ---- cdist-type__consul_watch_event - Manages consul event watches DESCRIPTION ----------- Generate and deploy watch definitions of type 'event' for a consul agent. See http://www.consul.io/docs/agent/watches.html for parameter documentation. REQUIRED PARAMETERS ------------------- handler the handler to invoke when the data view updates OPTIONAL PARAMETERS ------------------- datacenter can be provided to override the agent's default datacenter name restrict the watch to only events with the given name state if this watch is 'present' or 'absent'. Defaults to 'present'. token can be provided to override the agent's default ACL token EXAMPLES -------- .. code-block:: sh __consul_watch_event some-id \ --handler /usr/bin/my-handler.sh __consul_watch_event some-id \ --name web-deploy \ --handler /usr/bin/my-handler.sh SEE ALSO -------- :strong:`cdist-type__consul_agent`\ (7) consul documentation at: . AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2015 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__consul_watch_event/manifest000077500000000000000000000030721427155744700231460ustar00rootroot00000000000000#!/bin/sh -e # # 2015 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # cdist_type="${__type##*/}" watch_type="${cdist_type##*_}" conf_dir=$(cat "$__object/explorer/conf-dir") conf_file="watch_${watch_type}_${__object_id}.json" state="$(cat "$__object/parameter/state")" # Generate json config file ( echo "{" printf ' "watches": [{\n' printf ' "type": "%s"\n' "$watch_type" cd "$__object/parameter/" for param in *; do case "$param" in state) continue ;; *) key="$(echo "$param" | tr '-' '_')" printf ' ,"%s": "%s"\n' "$key" "$(cat "$__object/parameter/$param")" ;; esac done # end watches echo " }]" # end json file echo "}" ) | \ require="__directory${conf_dir}" \ __config_file "${conf_dir}/${conf_file}" \ --owner root --group consul --mode 640 \ --state "$state" \ --onchange 'service consul status >/dev/null && service consul reload || true' \ --source - cdist/cdist/conf/type/__consul_watch_event/parameter/000077500000000000000000000000001427155744700233705ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_watch_event/parameter/default/000077500000000000000000000000001427155744700250145ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_watch_event/parameter/default/state000066400000000000000000000000101427155744700260460ustar00rootroot00000000000000present cdist/cdist/conf/type/__consul_watch_event/parameter/optional000066400000000000000000000000341427155744700251350ustar00rootroot00000000000000datacenter name state token cdist/cdist/conf/type/__consul_watch_event/parameter/required000066400000000000000000000000101427155744700251220ustar00rootroot00000000000000handler cdist/cdist/conf/type/__consul_watch_key/000077500000000000000000000000001427155744700210575ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_watch_key/explorer/000077500000000000000000000000001427155744700227175ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_watch_key/explorer/conf-dir000077700000000000000000000000001427155744700335712../../__consul_service/explorer/conf-dirustar00rootroot00000000000000cdist/cdist/conf/type/__consul_watch_key/man.rst000066400000000000000000000024431427155744700223670ustar00rootroot00000000000000cdist-type__consul_watch_key(7) =============================== NAME ---- cdist-type__consul_watch_key - Manages consul key watches DESCRIPTION ----------- Generate and deploy watch definitions of type 'key' for a consul agent. See http://www.consul.io/docs/agent/watches.html for parameter documentation. REQUIRED PARAMETERS ------------------- handler the handler to invoke when the data view updates key the key to watch for changes OPTIONAL PARAMETERS ------------------- datacenter can be provided to override the agent's default datacenter state if this watch is 'present' or 'absent'. Defaults to 'present'. token can be provided to override the agent's default ACL token EXAMPLES -------- .. code-block:: sh __consul_watch_key some-id \ --key foo/bar/baz \ --handler /usr/bin/my-key-handler.sh SEE ALSO -------- :strong:`cdist-type__consul_agent`\ (7) consul documentation at: . AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2015 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__consul_watch_key/manifest000077500000000000000000000030721427155744700226150ustar00rootroot00000000000000#!/bin/sh -e # # 2015 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # cdist_type="${__type##*/}" watch_type="${cdist_type##*_}" conf_dir=$(cat "$__object/explorer/conf-dir") conf_file="watch_${watch_type}_${__object_id}.json" state="$(cat "$__object/parameter/state")" # Generate json config file ( echo "{" printf ' "watches": [{\n' printf ' "type": "%s"\n' "$watch_type" cd "$__object/parameter/" for param in *; do case "$param" in state) continue ;; *) key="$(echo "$param" | tr '-' '_')" printf ' ,"%s": "%s"\n' "$key" "$(cat "$__object/parameter/$param")" ;; esac done # end watches echo " }]" # end json file echo "}" ) | \ require="__directory${conf_dir}" \ __config_file "${conf_dir}/${conf_file}" \ --owner root --group consul --mode 640 \ --state "$state" \ --onchange 'service consul status >/dev/null && service consul reload || true' \ --source - cdist/cdist/conf/type/__consul_watch_key/parameter/000077500000000000000000000000001427155744700230375ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_watch_key/parameter/default/000077500000000000000000000000001427155744700244635ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_watch_key/parameter/default/state000066400000000000000000000000101427155744700255150ustar00rootroot00000000000000present cdist/cdist/conf/type/__consul_watch_key/parameter/optional000066400000000000000000000000271427155744700246060ustar00rootroot00000000000000datacenter state token cdist/cdist/conf/type/__consul_watch_key/parameter/required000066400000000000000000000000141427155744700245750ustar00rootroot00000000000000handler key cdist/cdist/conf/type/__consul_watch_keyprefix/000077500000000000000000000000001427155744700222755ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_watch_keyprefix/explorer/000077500000000000000000000000001427155744700241355ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_watch_keyprefix/explorer/conf-dir000077700000000000000000000000001427155744700350072../../__consul_service/explorer/conf-dirustar00rootroot00000000000000cdist/cdist/conf/type/__consul_watch_keyprefix/man.rst000066400000000000000000000025241427155744700236050ustar00rootroot00000000000000cdist-type__consul_watch_keyprefix(7) ===================================== NAME ---- cdist-type__consul_watch_keyprefix - Manages consul keyprefix watches DESCRIPTION ----------- Generate and deploy watch definitions of type 'keyprefix' for a consul agent. See http://www.consul.io/docs/agent/watches.html for parameter documentation. REQUIRED PARAMETERS ------------------- handler the handler to invoke when the data view updates prefix the prefix of keys to watch for changes OPTIONAL PARAMETERS ------------------- datacenter can be provided to override the agent's default datacenter state if this watch is 'present' or 'absent'. Defaults to 'present'. token can be provided to override the agent's default ACL token EXAMPLES -------- .. code-block:: sh __consul_watch_keyprefix some-id \ --prefix foo/ \ --handler /usr/bin/my-prefix-handler.sh SEE ALSO -------- :strong:`cdist-type__consul_agent`\ (7) consul documentation at: . AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2015 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__consul_watch_keyprefix/manifest000077500000000000000000000030721427155744700240330ustar00rootroot00000000000000#!/bin/sh -e # # 2015 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # cdist_type="${__type##*/}" watch_type="${cdist_type##*_}" conf_dir=$(cat "$__object/explorer/conf-dir") conf_file="watch_${watch_type}_${__object_id}.json" state="$(cat "$__object/parameter/state")" # Generate json config file ( echo "{" printf ' "watches": [{\n' printf ' "type": "%s"\n' "$watch_type" cd "$__object/parameter/" for param in *; do case "$param" in state) continue ;; *) key="$(echo "$param" | tr '-' '_')" printf ' ,"%s": "%s"\n' "$key" "$(cat "$__object/parameter/$param")" ;; esac done # end watches echo " }]" # end json file echo "}" ) | \ require="__directory${conf_dir}" \ __config_file "${conf_dir}/${conf_file}" \ --owner root --group consul --mode 640 \ --state "$state" \ --onchange 'service consul status >/dev/null && service consul reload || true' \ --source - cdist/cdist/conf/type/__consul_watch_keyprefix/parameter/000077500000000000000000000000001427155744700242555ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_watch_keyprefix/parameter/default/000077500000000000000000000000001427155744700257015ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_watch_keyprefix/parameter/default/state000066400000000000000000000000101427155744700267330ustar00rootroot00000000000000present cdist/cdist/conf/type/__consul_watch_keyprefix/parameter/optional000066400000000000000000000000271427155744700260240ustar00rootroot00000000000000datacenter state token cdist/cdist/conf/type/__consul_watch_keyprefix/parameter/required000066400000000000000000000000221427155744700260120ustar00rootroot00000000000000handler keyprefix cdist/cdist/conf/type/__consul_watch_nodes/000077500000000000000000000000001427155744700213775ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_watch_nodes/explorer/000077500000000000000000000000001427155744700232375ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_watch_nodes/explorer/conf-dir000077700000000000000000000000001427155744700341112../../__consul_service/explorer/conf-dirustar00rootroot00000000000000cdist/cdist/conf/type/__consul_watch_nodes/man.rst000066400000000000000000000023571427155744700227130ustar00rootroot00000000000000cdist-type__consul_watch_nodes(7) ================================= NAME ---- cdist-type__consul_watch_nodes - Manages consul nodes watches DESCRIPTION ----------- Generate and deploy watch definitions of type 'nodes' for a consul agent. See http://www.consul.io/docs/agent/watches.html for parameter documentation. REQUIRED PARAMETERS ------------------- handler the handler to invoke when the data view updates OPTIONAL PARAMETERS ------------------- datacenter can be provided to override the agent's default datacenter state if this watch is 'present' or 'absent'. Defaults to 'present'. token can be provided to override the agent's default ACL token EXAMPLES -------- .. code-block:: sh __consul_watch_nodes some-id \ --handler /usr/bin/my-key-handler.sh SEE ALSO -------- :strong:`cdist-type__consul_agent`\ (7) consul documentation at: . AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2015 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__consul_watch_nodes/manifest000077500000000000000000000030721427155744700231350ustar00rootroot00000000000000#!/bin/sh -e # # 2015 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # cdist_type="${__type##*/}" watch_type="${cdist_type##*_}" conf_dir=$(cat "$__object/explorer/conf-dir") conf_file="watch_${watch_type}_${__object_id}.json" state="$(cat "$__object/parameter/state")" # Generate json config file ( echo "{" printf ' "watches": [{\n' printf ' "type": "%s"\n' "$watch_type" cd "$__object/parameter/" for param in *; do case "$param" in state) continue ;; *) key="$(echo "$param" | tr '-' '_')" printf ' ,"%s": "%s"\n' "$key" "$(cat "$__object/parameter/$param")" ;; esac done # end watches echo " }]" # end json file echo "}" ) | \ require="__directory${conf_dir}" \ __config_file "${conf_dir}/${conf_file}" \ --owner root --group consul --mode 640 \ --state "$state" \ --onchange 'service consul status >/dev/null && service consul reload || true' \ --source - cdist/cdist/conf/type/__consul_watch_nodes/parameter/000077500000000000000000000000001427155744700233575ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_watch_nodes/parameter/default/000077500000000000000000000000001427155744700250035ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_watch_nodes/parameter/default/state000066400000000000000000000000101427155744700260350ustar00rootroot00000000000000present cdist/cdist/conf/type/__consul_watch_nodes/parameter/optional000066400000000000000000000000271427155744700251260ustar00rootroot00000000000000datacenter state token cdist/cdist/conf/type/__consul_watch_nodes/parameter/required000066400000000000000000000000101427155744700251110ustar00rootroot00000000000000handler cdist/cdist/conf/type/__consul_watch_service/000077500000000000000000000000001427155744700217275ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_watch_service/explorer/000077500000000000000000000000001427155744700235675ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_watch_service/explorer/conf-dir000077700000000000000000000000001427155744700344412../../__consul_service/explorer/conf-dirustar00rootroot00000000000000cdist/cdist/conf/type/__consul_watch_service/man.rst000066400000000000000000000033351427155744700232400ustar00rootroot00000000000000cdist-type__consul_watch_service(7) =================================== NAME ---- cdist-type__consul_watch_service - Manages consul service watches DESCRIPTION ----------- Generate and deploy watch definitions of type 'service' for a consul agent. See http://www.consul.io/docs/agent/watches.html for parameter documentation. REQUIRED PARAMETERS ------------------- handler the handler to invoke when the data view updates service the service to watch for changes OPTIONAL PARAMETERS ------------------- datacenter can be provided to override the agent's default datacenter state if this watch is 'present' or 'absent'. Defaults to 'present'. token can be provided to override the agent's default ACL token tag filter by tag BOOLEAN PARAMETERS ------------------ passingonly specifies if only hosts passing all checks are displayed EXAMPLES -------- .. code-block:: sh __consul_watch_service some-id \ --service consul \ --handler /usr/bin/my-handler.sh __consul_watch_service some-id \ --service redis \ --tag production \ --handler /usr/bin/my-handler.sh __consul_watch_service some-id \ --service redis \ --tag production \ --passingonly \ --handler /usr/bin/my-handler.sh SEE ALSO -------- :strong:`cdist-type__consul_agent`\ (7) consul documentation at: . AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2015 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__consul_watch_service/manifest000077500000000000000000000032051427155744700234630ustar00rootroot00000000000000#!/bin/sh -e # # 2015 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # cdist_type="${__type##*/}" watch_type="${cdist_type##*_}" conf_dir=$(cat "$__object/explorer/conf-dir") conf_file="watch_${watch_type}_${__object_id}.json" state="$(cat "$__object/parameter/state")" # Generate json config file ( echo "{" printf ' "watches": [{\n' printf ' "type": "%s"\n' "$watch_type" cd "$__object/parameter/" for param in *; do case "$param" in state) continue ;; passingonly) printf ' ,"passingonly": true\n' ;; *) key="$(echo "$param" | tr '-' '_')" printf ' ,"%s": "%s"\n' "$key" "$(cat "$__object/parameter/$param")" ;; esac done # end watches echo " }]" # end json file echo "}" ) | \ require="__directory${conf_dir}" \ __config_file "${conf_dir}/${conf_file}" \ --owner root --group consul --mode 640 \ --state "$state" \ --onchange 'service consul status >/dev/null && service consul reload || true' \ --source - cdist/cdist/conf/type/__consul_watch_service/parameter/000077500000000000000000000000001427155744700237075ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_watch_service/parameter/boolean000066400000000000000000000000141427155744700252440ustar00rootroot00000000000000passingonly cdist/cdist/conf/type/__consul_watch_service/parameter/default/000077500000000000000000000000001427155744700253335ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_watch_service/parameter/default/state000066400000000000000000000000101427155744700263650ustar00rootroot00000000000000present cdist/cdist/conf/type/__consul_watch_service/parameter/optional000066400000000000000000000000331427155744700254530ustar00rootroot00000000000000datacenter state tag token cdist/cdist/conf/type/__consul_watch_service/parameter/required000066400000000000000000000000201427155744700254420ustar00rootroot00000000000000handler service cdist/cdist/conf/type/__consul_watch_services/000077500000000000000000000000001427155744700221125ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_watch_services/explorer/000077500000000000000000000000001427155744700237525ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_watch_services/explorer/conf-dir000077700000000000000000000000001427155744700346242../../__consul_service/explorer/conf-dirustar00rootroot00000000000000cdist/cdist/conf/type/__consul_watch_services/man.rst000066400000000000000000000024011427155744700234140ustar00rootroot00000000000000cdist-type__consul_watch_services(7) ==================================== NAME ---- cdist-type__consul_watch_services - Manages consul services watches DESCRIPTION ----------- Generate and deploy watch definitions of type 'services' for a consul agent. See http://www.consul.io/docs/agent/watches.html for parameter documentation. REQUIRED PARAMETERS ------------------- handler the handler to invoke when the data view updates OPTIONAL PARAMETERS ------------------- datacenter can be provided to override the agent's default datacenter state if this watch is 'present' or 'absent'. Defaults to 'present'. token can be provided to override the agent's default ACL token EXAMPLES -------- .. code-block:: sh __consul_watch_services some-id \ --handler /usr/bin/my-key-handler.sh SEE ALSO -------- :strong:`cdist-type__consul_agent`\ (7) consul documentation at: . AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2015 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__consul_watch_services/manifest000077500000000000000000000030721427155744700236500ustar00rootroot00000000000000#!/bin/sh -e # # 2015 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # cdist_type="${__type##*/}" watch_type="${cdist_type##*_}" conf_dir=$(cat "$__object/explorer/conf-dir") conf_file="watch_${watch_type}_${__object_id}.json" state="$(cat "$__object/parameter/state")" # Generate json config file ( echo "{" printf ' "watches": [{\n' printf ' "type": "%s"\n' "$watch_type" cd "$__object/parameter/" for param in *; do case "$param" in state) continue ;; *) key="$(echo "$param" | tr '-' '_')" printf ' ,"%s": "%s"\n' "$key" "$(cat "$__object/parameter/$param")" ;; esac done # end watches echo " }]" # end json file echo "}" ) | \ require="__directory${conf_dir}" \ __config_file "${conf_dir}/${conf_file}" \ --owner root --group consul --mode 640 \ --state "$state" \ --onchange 'service consul status >/dev/null && service consul reload || true' \ --source - cdist/cdist/conf/type/__consul_watch_services/parameter/000077500000000000000000000000001427155744700240725ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_watch_services/parameter/default/000077500000000000000000000000001427155744700255165ustar00rootroot00000000000000cdist/cdist/conf/type/__consul_watch_services/parameter/default/state000066400000000000000000000000101427155744700265500ustar00rootroot00000000000000present cdist/cdist/conf/type/__consul_watch_services/parameter/optional000066400000000000000000000000271427155744700256410ustar00rootroot00000000000000datacenter state token cdist/cdist/conf/type/__consul_watch_services/parameter/required000066400000000000000000000000101427155744700256240ustar00rootroot00000000000000handler cdist/cdist/conf/type/__cron/000077500000000000000000000000001427155744700164575ustar00rootroot00000000000000cdist/cdist/conf/type/__cron/explorer/000077500000000000000000000000001427155744700203175ustar00rootroot00000000000000cdist/cdist/conf/type/__cron/explorer/entry000066400000000000000000000020771427155744700214110ustar00rootroot00000000000000#!/bin/sh # # 2011-2013 Steven Armstrong (steven-cdist at armstrong.cc) # 2013 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # name="$__object_name" user="$(cat "$__object/parameter/user")" if [ -f "$__object/parameter/raw_command" ]; then command="$(cat "$__object/parameter/command")" crontab -u "$user" -l 2>/dev/null | grep "^$command\$" || true else crontab -u "$user" -l 2>/dev/null | grep "# $name\$" || true fi cdist/cdist/conf/type/__cron/gencode-remote000077500000000000000000000062701427155744700213070ustar00rootroot00000000000000#!/bin/sh -e # # 2011 Steven Armstrong (steven-cdist at armstrong.cc) # 2013 Nico Schottelius (nico-cdist at schottelius.org) # 2013 Thomas Oettli (otho at sfs.biz) # 2017 Daniel Heule (hda at sfs.biz) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # name="$__object_name" user="$(cat "$__object/parameter/user")" command="$(cat "$__object/parameter/command")" if [ -f "$__object/parameter/raw" ]; then raw="$(cat "$__object/parameter/raw")" entry="$raw $command # $name" elif [ -f "$__object/parameter/raw_command" ]; then entry="$command" else minute="$(cat "$__object/parameter/minute")" hour="$(cat "$__object/parameter/hour")" day_of_month="$(cat "$__object/parameter/day_of_month")" month="$(cat "$__object/parameter/month")" day_of_week="$(cat "$__object/parameter/day_of_week")" entry="$minute $hour $day_of_month $month $day_of_week $command # $name" fi mkdir "$__object/files" echo "$entry" > "$__object/files/entry" if [ -s "$__object/explorer/entry" ]; then if diff -q "$__object/files/entry" "$__object/explorer/entry" >/dev/null; then state_is=present else state_is=modified fi else state_is=absent fi state_should="$(cat "$__object/parameter/state")" [ "$state_is" = "$state_should" ] && exit 0 # If anything is going to change, ensure the old entries are # not present anymore # These are the old markers prefix="#cdist:__cron/$__object_id" suffix="#/cdist:__cron/$__object_id" filter='^# DO NOT EDIT THIS FILE|^# \(.* installed on |^# \(Cron version V|^# \(Cronie version .\..\)$' cat << DONE crontab -u $user -l 2>/dev/null | grep -v -E "$filter" | awk -v prefix="$prefix" -v suffix="$suffix" ' { if (index(\$0,prefix)) { triggered=1 } if (triggered) { if (index(\$0,suffix)) { triggered=0 } } else { print } } ' | crontab -u $user - DONE case "$state_should" in present) # if we insert new entry, filter also all entrys out with the same id echo "(" echo "crontab -u $user -l 2>/dev/null | grep -v -E \"$filter\" | grep -v \"# $name\\$\" 2>/dev/null || true" echo "echo '$entry'" echo ") | crontab -u $user -" ;; absent) if [ -f "$__object/parameter/raw_command" ]; then echo "( crontab -u $user -l 2>/dev/null | grep -v -E \"$filter\" 2>/dev/null || true ) | \\" echo "grep -v \"^$entry\\$\" | crontab -u $user -" else echo "( crontab -u $user -l 2>/dev/null | grep -v -E \"$filter\" 2>/dev/null || true ) | \\" echo "grep -v \"# $name\\$\" | crontab -u $user -" fi ;; esac cdist/cdist/conf/type/__cron/man.rst000066400000000000000000000044331427155744700177700ustar00rootroot00000000000000cdist-type__cron(7) =================== NAME ---- cdist-type__cron - Installs and manages cron jobs DESCRIPTION ----------- This cdist type allows you to manage entries in a users crontab. REQUIRED PARAMETERS ------------------- user The user who's crontab is edited command The command to run. OPTIONAL PARAMETERS ------------------- **NOTE**: All time-related parameters (``--minute``, ``--hour``, ``--day_of_month`` ``--month`` and ``--day_of_week``) defaults to ``*``, which means to execute it **always**. If you set ``--hour 0`` to execute the cronjob only at midnight, it will execute **every** minute in the first hour of the morning all days. state Either present or absent. Defaults to present. minute See crontab(5). Defaults to * hour See crontab(5). Defaults to * day_of_month See crontab(5). Defaults to * month See crontab(5). Defaults to * day_of_week See crontab(5). Defaults to * raw Take whatever the user has given instead of time and date fields. If given, all other time and date fields are ignored. Can for example be used to specify cron EXTENSIONS like reboot, yearly etc. See crontab(5) for the extensions if any that your cron implementation implements. raw_command Take whatever the user has given in the command and ignore everything else. If given, the command will be added to crontab. Can for example be used to define variables like SHELL or MAILTO. EXAMPLES -------- .. code-block:: sh # run Monday to Saturday at 23:15 __cron some-id --user root --command "/path/to/script" \ --hour 23 --minute 15 --day_of_week 1-6 # run on reboot __cron some-id --user root --command "/path/to/script" \ --raw @reboot # remove cronjob __cron some-id --user root --command "/path/to/script" --state absent # define default shell __cron some-id --user root --raw_command --command "SHELL=/bin/bash" \ --state present SEE ALSO -------- :strong:`crontab`\ (5) AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2011-2013 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__cron/manifest000077500000000000000000000017611427155744700202200ustar00rootroot00000000000000#!/bin/sh -e # # 2013 Thomas Oettli (otho at sfs.biz) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # if [ -f "$__object/parameter/raw" ] && [ -f "$__object/parameter/raw_command" ]; then echo "ERROR: both raw and raw_command specified" >&2 exit 1 fi case "$(cat "$__object/parameter/state")" in present) ;; absent) ;; *) echo "ERROR: unkown cron state" >&2 exit 2 esac cdist/cdist/conf/type/__cron/nonparallel000066400000000000000000000000001427155744700206770ustar00rootroot00000000000000cdist/cdist/conf/type/__cron/parameter/000077500000000000000000000000001427155744700204375ustar00rootroot00000000000000cdist/cdist/conf/type/__cron/parameter/boolean000066400000000000000000000000141427155744700217740ustar00rootroot00000000000000raw_command cdist/cdist/conf/type/__cron/parameter/default/000077500000000000000000000000001427155744700220635ustar00rootroot00000000000000cdist/cdist/conf/type/__cron/parameter/default/day_of_month000066400000000000000000000000021427155744700244440ustar00rootroot00000000000000* cdist/cdist/conf/type/__cron/parameter/default/day_of_week000066400000000000000000000000021427155744700242520ustar00rootroot00000000000000* cdist/cdist/conf/type/__cron/parameter/default/hour000066400000000000000000000000021427155744700227530ustar00rootroot00000000000000* cdist/cdist/conf/type/__cron/parameter/default/minute000066400000000000000000000000021427155744700232770ustar00rootroot00000000000000* cdist/cdist/conf/type/__cron/parameter/default/month000066400000000000000000000000021427155744700231230ustar00rootroot00000000000000* cdist/cdist/conf/type/__cron/parameter/default/state000066400000000000000000000000101427155744700231150ustar00rootroot00000000000000present cdist/cdist/conf/type/__cron/parameter/optional000066400000000000000000000000651427155744700222100ustar00rootroot00000000000000state minute hour day_of_month month day_of_week raw cdist/cdist/conf/type/__cron/parameter/required000066400000000000000000000000151427155744700221760ustar00rootroot00000000000000user command cdist/cdist/conf/type/__daemontools/000077500000000000000000000000001427155744700200425ustar00rootroot00000000000000cdist/cdist/conf/type/__daemontools/files/000077500000000000000000000000001427155744700211445ustar00rootroot00000000000000cdist/cdist/conf/type/__daemontools/files/init.d-svscan000066400000000000000000000033301427155744700235460ustar00rootroot00000000000000#!/bin/bash ### BEGIN INIT INFO # Provides: svscan # Required-Start: # Required-Stop: # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: svscan # Description: djb svscan ### END INIT INFO # from https://gist.githubusercontent.com/pacojp/5766990/raw/2ed009ab19515afc9e58291b636d673c5ca864b3/init.d.svscan # written by Adam McKenna # edited by Kamila SouÄková export PATH=$PATH:/usr/local/bin l=/var/log/svscan if [ ! -d $l ]; then mkdir $l chown daemon $l fi case "$1" in start) printf "Starting daemontools: " if ! pidof svscan > /dev/null 2>&1; then printf "svscan " env - PATH="$PATH" svscan /service 2>&1 | setuidgid daemon multilog t /var/log/svscan & echo "." else echo "already running." fi ;; stop) printf "Stopping daemontools: " pids="$(pidof svscan)" if [ -n "${pids}" ] then printf "svscan" while [ -n "${pids}" ] do # shellcheck disable=SC2086 kill ${pids} printf "." pids="$(pidof svscan)" done fi printf " services" for i in /service/*; do svc -dx "$i" printf "." done printf " logging " for i in /service/*/log; do svc -dx "$i" printf "." done echo "" ;; restart|force-reload) $0 stop $0 start ;; *) echo 'Usage: /etc/init.d/svscan {start|stop|restart|force-reload}' exit 1 esac cdist/cdist/conf/type/__daemontools/man.rst000066400000000000000000000021071427155744700213470ustar00rootroot00000000000000cdist-type__daemontools(7) ========================== NAME ---- cdist-type__daemontools - Install daemontools DESCRIPTION ----------- Install djb daemontools and (optionally) an init script. REQUIRED PARAMETERS ------------------- None. OPTIONAL PARAMETERS ------------------- from-package Package to install. Must be compatible with the original daemontools. Example: daemontools-encore. Default: daemontools. servicedir Directory to scan for services. Default: `/service` BOOLEAN PARAMETERS ------------------ install-init-script Add an init script and set it to start on boot. EXAMPLES -------- .. code-block:: sh __daemontools --from-package daemontools-encore # if you prefer SEE ALSO -------- :strong:`cdist-type__daemontools_service`\ (7) AUTHORS ------- Kamila SouÄková COPYING ------- Copyright \(C) 2017 Kamila SouÄková. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__daemontools/manifest000077500000000000000000000023561427155744700216040ustar00rootroot00000000000000#!/bin/sh -e pkg=$(cat "$__object/parameter/from-package") servicedir=$(cat "$__object/parameter/servicedir") __package "$pkg" __directory "$servicedir" --mode 700 os=$(cat "$__global/explorer/os") init=$(cat "$__global/explorer/init") require="" case $os in freebsd) # TODO change to __start_on_boot once it supports freebsd __config_file /etc/rc.conf.d/svscan --source - <<-EOT svscan_enable="YES" svscan_servicedir="$servicedir" EOT require="$require __package/$pkg __directory/$servicedir __config_file/etc/rc.conf.d/svscan" \ __process svscan --name ".*/svscan $servicedir" --start 'service svscan start' ;; *) case $init in init) if [ -f "$__object/parameter/install-init-script" ]; then __config_file /etc/init.d/svscan --mode 755 --source "$__type/files/init.d-svscan" REQUIREEXTRA="__config_file/etc/init.d/svscan" fi require="$require $REQUIREEXTRA" __start_on_boot svscan require="$require __package/$pkg __directory/$servicedir __start_on_boot/svscan" \ __process svscan --name ".*/svscan $servicedir" --start 'service svscan start' ;; *) echo "Your init system ($init) is not supported by this type. Submit a patch at github.com/ungleich/cdist!" exit 1 ;; esac ;; esac cdist/cdist/conf/type/__daemontools/parameter/000077500000000000000000000000001427155744700220225ustar00rootroot00000000000000cdist/cdist/conf/type/__daemontools/parameter/boolean000066400000000000000000000000241427155744700233600ustar00rootroot00000000000000install-init-script cdist/cdist/conf/type/__daemontools/parameter/default/000077500000000000000000000000001427155744700234465ustar00rootroot00000000000000cdist/cdist/conf/type/__daemontools/parameter/default/from-package000066400000000000000000000000141427155744700257200ustar00rootroot00000000000000daemontools cdist/cdist/conf/type/__daemontools/parameter/default/servicedir000066400000000000000000000000111427155744700255200ustar00rootroot00000000000000/service cdist/cdist/conf/type/__daemontools/parameter/optional000066400000000000000000000000301427155744700235630ustar00rootroot00000000000000from-package servicedir cdist/cdist/conf/type/__daemontools/singleton000066400000000000000000000000001427155744700217550ustar00rootroot00000000000000cdist/cdist/conf/type/__daemontools_service/000077500000000000000000000000001427155744700215625ustar00rootroot00000000000000cdist/cdist/conf/type/__daemontools_service/explorer/000077500000000000000000000000001427155744700234225ustar00rootroot00000000000000cdist/cdist/conf/type/__daemontools_service/explorer/svc000077500000000000000000000000411427155744700241360ustar00rootroot00000000000000#!/bin/sh command -v svc || true cdist/cdist/conf/type/__daemontools_service/man.rst000066400000000000000000000027131427155744700230720ustar00rootroot00000000000000cdist-type__daemontools_service(7) ================================== NAME ---- cdist-type__daemontools_service - Create a daemontools-compatible service dir. DESCRIPTION ----------- Create a directory structure compatible with daemontools-like service management. Note that svc must be present on the target system. The object ID will be used as the service name. REQUIRED PARAMETERS ------------------- None. OPTIONAL PARAMETERS ------------------- run Command to run. exec-ing and stderr redirection will be added. One of run, run-file must be specified. Example: `my-program` run-file File to save as /run. One of run, run-file must be specified. Example: .. code-block:: sh #!/bin/sh exec 2>&1 exec my_program log-run Command to run for log consumption. Default: `multilog t ./main` servicedir Directory to install into. Default: `/service` BOOLEAN PARAMETERS ------------------ None. EXAMPLES -------- .. code-block:: sh require="__daemontools" __daemontools_service prometheus --run "setuidgid prometheus $GOBIN/prometheus $FLAGS" SEE ALSO -------- :strong:`cdist-type__daemontools`\ (7) AUTHORS ------- Kamila SouÄková COPYING ------- Copyright \(C) 2017 Kamila SouÄková. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__daemontools_service/manifest000077500000000000000000000020671427155744700233230ustar00rootroot00000000000000#!/bin/sh -e RUN_PREFIX="#!/bin/sh exec 2>&1 exec " # mind the space :D name=$__object_id servicedir=$(cat "$__object/parameter/servicedir") run=$(cat "$__object/parameter/run") runfile=$(cat "$__object/parameter/run-file") logrun=$(cat "$__object/parameter/log-run") svc=$(cat "$__type/explorer/svc") if [ -z "$svc" ]; then echo "svc not found! Install daemontools first: see __daemontools" exit 1 fi badusage() { echo "__daemontools_service/$__object_id: exactly one of --run, --run-file must be set" >&2 exit 1 } [ -z "$run$runfile" ] && badusage [ -n "$run" ] && [ -n "$runfile" ] && badusage __directory "$servicedir/$name/log/main" --parents echo "$RUN_PREFIX$run" | require="__directory/$servicedir/$name/log/main" __config_file "$servicedir/$name/run" \ --onchange "svc -t '$servicedir/$name' 2>/dev/null" \ --mode 755 \ --source "${runfile:--}" echo "$RUN_PREFIX$logrun" | require="__directory/$servicedir/$name/log/main" __config_file "$servicedir/$name/log/run" \ --onchange "svc -t '$servicedir/$name/log' 2>/dev/null" \ --mode 755 \ --source "-" cdist/cdist/conf/type/__daemontools_service/parameter/000077500000000000000000000000001427155744700235425ustar00rootroot00000000000000cdist/cdist/conf/type/__daemontools_service/parameter/default/000077500000000000000000000000001427155744700251665ustar00rootroot00000000000000cdist/cdist/conf/type/__daemontools_service/parameter/default/log-run000066400000000000000000000000221427155744700264660ustar00rootroot00000000000000multilog t ./main cdist/cdist/conf/type/__daemontools_service/parameter/default/run000066400000000000000000000000001427155744700257030ustar00rootroot00000000000000cdist/cdist/conf/type/__daemontools_service/parameter/default/run-file000066400000000000000000000000001427155744700266200ustar00rootroot00000000000000cdist/cdist/conf/type/__daemontools_service/parameter/default/servicedir000066400000000000000000000000111427155744700272400ustar00rootroot00000000000000/service cdist/cdist/conf/type/__daemontools_service/parameter/optional000066400000000000000000000000401427155744700253040ustar00rootroot00000000000000log-run run run-file servicedir cdist/cdist/conf/type/__debconf_set_selections/000077500000000000000000000000001427155744700222215ustar00rootroot00000000000000cdist/cdist/conf/type/__debconf_set_selections/explorer/000077500000000000000000000000001427155744700240615ustar00rootroot00000000000000cdist/cdist/conf/type/__debconf_set_selections/explorer/state000066400000000000000000000071131427155744700251260ustar00rootroot00000000000000#!/bin/sh -e # # 2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # Determine current debconf selections' state. # Prints one of: # present: all selections are already set as they should. # different: one or more of the selections have a different value. # absent: one or more of the selections are not (currently) defined. # test -x /usr/bin/perl || { # cannot find perl (no perl ~ no debconf) echo 'absent' exit 0 } linesfile="${__object:?}/parameter/line" test -s "${linesfile}" || { if test -s "${__object:?}/parameter/file" then echo absent else echo present fi exit 0 } # assert __type_explorer is set (because it is used by the Perl script) : "${__type_explorer:?}" /usr/bin/perl -- - "${linesfile}" <<'EOF' use strict; use warnings "all"; use Fcntl qw(:DEFAULT :flock); use Debconf::Db; use Debconf::Question; # Extract @known... arrays from debconf-set-selections # These values are required to distinguish flags and values in the given lines. # DC: I couldn't think of a more ugly solution to the problem… my @knownflags; my @knowntypes; my $debconf_set_selections = '/usr/bin/debconf-set-selections'; if (-e $debconf_set_selections) { my $sed_known = 's/^my \(@known\(flags\|types\) = qw([a-z ]*);\).*$/\1/p'; eval `sed -n '$sed_known' '$debconf_set_selections'`; } sub mungeline ($) { my $line = shift; chomp $line; $line =~ s/\r$//; return $line; } sub fatal { printf STDERR @_; exit 1; } my $state = 'present'; sub state { my $new = shift; if ($state eq 'present' or ($state eq 'different' and $new eq 'absent')) { $state = $new; } } # Load Debconf DB but manually lock on the state explorer script, # because Debconf aborts immediately if executed concurrently. # This is not really an ideal solution because the Debconf DB could be locked by # another process (e.g. apt-get), but no way to achieve this could be found. # If you know how to, please provide a patch. my $lockfile = "%ENV{'__type_explorer'}/state"; if (open my $lock_fh, '+<', $lockfile) { flock $lock_fh, LOCK_EX or die "Cannot lock $lockfile"; } { Debconf::Db->load(readonly => 'true'); } while (<>) { # Read and process lines (taken from debconf-set-selections) $_ = mungeline($_); while (/\\$/ && ! eof) { s/\\$//; $_ .= mungeline(<>); } next if /^\s*$/ || /^\s*\#/; my ($owner, $label, $type, $content) = /^\s*(\S+)\s+(\S+)\s+(\S+)(?:\s(.*))?/ or fatal "invalid line: %s\n", $_; $content = '' unless defined $content; # Compare is and should state my $q = Debconf::Question->get($label); unless (defined $q) { # probably a preseed state 'absent'; next; } if (grep { $_ eq $q->type } @knownflags) { # This line wants to set a flag, presumably. if ($q->flag($q->type) ne $content) { state 'different'; } } else { # Otherwise, it's probably a value… if ($q->value ne $content) { state 'different'; } unless (grep { $_ eq $owner } (split /, /, $q->owners)) { state 'different'; } } } printf "%s\n", $state; EOF cdist/cdist/conf/type/__debconf_set_selections/gencode-remote000077500000000000000000000026371427155744700250540ustar00rootroot00000000000000#!/bin/sh -e # # 2011-2014 Nico Schottelius (nico-cdist at schottelius.org) # 2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # if test -f "${__object:?}/parameter/line" then filename="${__object:?}/parameter/line" elif test -s "${__object:?}/parameter/file" then filename=$(cat "${__object:?}/parameter/file") if test "${filename}" = '-' then filename="${__object:?}/stdin" fi else printf 'Neither --line nor --file set.\n' >&2 exit 1 fi # setting no lines makes no sense test -s "${filename}" || exit 0 state_is=$(cat "${__object:?}/explorer/state") if test "${state_is}" != 'present' then cat <<-CODE debconf-set-selections <<'EOF' $(cat "${filename}") EOF CODE awk ' { printf "set %s %s %s %s\n", $1, $2, $3, $4 }' "${filename}" >>"${__messages_out:?}" fi cdist/cdist/conf/type/__debconf_set_selections/man.rst000066400000000000000000000034201427155744700235250ustar00rootroot00000000000000cdist-type__debconf_set_selections(7) ===================================== NAME ---- cdist-type__debconf_set_selections - Setup debconf selections DESCRIPTION ----------- On Debian and alike systems :strong:`debconf-set-selections`\ (1) can be used to setup configuration parameters. REQUIRED PARAMETERS ------------------- cf. ``--line``. OPTIONAL PARAMETERS ------------------- file Use the given filename as input for :strong:`debconf-set-selections`\ (1) If filename is ``-``, read from stdin. **This parameter is deprecated, because it doesn't work with state detection.** line A line in :strong:`debconf-set-selections`\ (1) compatible format. This parameter can be used multiple times to set multiple options. (This parameter is actually required, but marked optional because the deprecated ``--file`` is still accepted.) BOOLEAN PARAMETERS ------------------ None. EXAMPLES -------- .. code-block:: sh # Setup gitolite's gituser __debconf_set_selections nslcd --line 'gitolite gitolite/gituser string git' # Setup configuration for nslcd from a file. # NB: Multiple lines can be passed to --line, although this can be considered a hack. __debconf_set_selections nslcd --line "$(cat "${__files:?}/preseed/nslcd.debconf")" SEE ALSO -------- - :strong:`cdist-type__update_alternatives`\ (7) - :strong:`debconf-set-selections`\ (1) AUTHORS ------- | Nico Schottelius | Dennis Camera COPYING ------- Copyright \(C) 2011-2014 Nico Schottelius, 2021 Dennis Camera. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__debconf_set_selections/manifest000077500000000000000000000013461427155744700237610ustar00rootroot00000000000000#!/bin/sh -e # # 2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # __package_apt debconf cdist/cdist/conf/type/__debconf_set_selections/nonparallel000066400000000000000000000000001427155744700244410ustar00rootroot00000000000000cdist/cdist/conf/type/__debconf_set_selections/parameter/000077500000000000000000000000001427155744700242015ustar00rootroot00000000000000cdist/cdist/conf/type/__debconf_set_selections/parameter/deprecated/000077500000000000000000000000001427155744700263015ustar00rootroot00000000000000cdist/cdist/conf/type/__debconf_set_selections/parameter/deprecated/file000066400000000000000000000001201427155744700271340ustar00rootroot00000000000000'file' has been deprecated in favour of 'line' in order to provide idempotency. cdist/cdist/conf/type/__debconf_set_selections/parameter/optional000066400000000000000000000000051427155744700257440ustar00rootroot00000000000000file cdist/cdist/conf/type/__debconf_set_selections/parameter/optional_multiple000066400000000000000000000000051427155744700276570ustar00rootroot00000000000000line cdist/cdist/conf/type/__directory/000077500000000000000000000000001427155744700175225ustar00rootroot00000000000000cdist/cdist/conf/type/__directory/explorer/000077500000000000000000000000001427155744700213625ustar00rootroot00000000000000cdist/cdist/conf/type/__directory/explorer/stat000077500000000000000000000043551427155744700222720ustar00rootroot00000000000000#!/bin/sh # # 2013 Steven Armstrong (steven-cdist armstrong.cc) # 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # destination="/$__object_id" fallback() { # Patch the output together, manually ls_line=$(ls -ldn "$destination") uid=$(echo "$ls_line" | awk '{ print $3 }') gid=$(echo "$ls_line" | awk '{ print $4 }') owner=$(awk -F: -v uid="$uid" '$3 == uid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/passwd) group=$(awk -F: -v gid="$gid" '$3 == gid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/group) mode_text=$(echo "$ls_line" | awk '{ print $1 }') mode=$(echo "$mode_text" | awk '{for(i=8;i>=0;--i){c=substr($1,10-i,1);k+=((c~/[rwxst]/)*2^i);if(!(i%3))k+=(tolower(c)~/[lst]/)*2^(9+i/3)}printf("%04o",k)}') printf 'type: %s\nowner: %d %s\ngroup: %d %s\nmode: %s %s\n' \ "$("$__type_explorer/type")" \ "$uid" "$owner" \ "$gid" "$group" \ "$mode" "$mode_text" } # nothing to work with, nothing we could do [ -e "$destination" ] || exit 0 command -v stat >/dev/null 2>&1 || { fallback exit } case $("$__explorer/os") in freebsd|netbsd|openbsd|macosx) stat -f 'type: %HT owner: %Du %Su group: %Dg %Sg mode: %Mp%03Lp %Sp ' "$destination" | awk '/^type/ { print tolower($0); next } { print }' ;; *) # NOTE: Do not use --printf here as it is not supported by BusyBox stat. # NOTE: BusyBox's stat might not support the "-c" option, in which case # we fall through to the shell fallback. stat -c 'type: %F owner: %u %U group: %g %G mode: %04a %A' "$destination" 2>/dev/null || fallback ;; esac cdist/cdist/conf/type/__directory/explorer/type000077500000000000000000000016761427155744700223030ustar00rootroot00000000000000#!/bin/sh # # 2013 Steven Armstrong (steven-cdist armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # destination="/$__object_id" if [ ! -e "$destination" ]; then echo none elif [ -h "$destination" ]; then echo symlink elif [ -f "$destination" ]; then echo file elif [ -d "$destination" ]; then echo directory else echo unknown fi cdist/cdist/conf/type/__directory/gencode-remote000077500000000000000000000104411427155744700223450ustar00rootroot00000000000000#!/bin/sh -e # # 2011-2013 Nico Schottelius (nico-cdist at schottelius.org) # 2013 Steven Armstrong (steven-cdist armstrong.cc) # 2014 Daniel Heule (hda at sfs.biz) # 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # destination="/$__object_id" state_should=$(cat "$__object/parameter/state") type=$(cat "$__object/explorer/type") stat_file="$__object/explorer/stat" # variable to keep track if we have to set directory attributes set_attributes= mkdiropt="" [ -f "$__object/parameter/parents" ] && mkdiropt="-p" recursive="" if [ -f "$__object/parameter/recursive" ]; then recursive="-R" # need to allways set attributes when recursive is given # as we don't want to check all subfolders/files set_attributes=1 fi get_current_value() { if [ -s "$stat_file" ]; then _name="$1" _value="$2" case "$_value" in [0-9]*) _index=2 ;; *) _index=3 ;; esac awk '/'"$_name"':/ { print $'$_index' }' "$stat_file" unset _name _value _index fi } set_group() { echo "chgrp $recursive '$1' '$destination'" echo "chgrp $recursive '$1'" >> "$__messages_out" } set_owner() { echo "chown $recursive '$1' '$destination'" echo "chown $recursive '$1'" >> "$__messages_out" } set_mode() { echo "chmod $recursive '$1' '$destination'" echo "chmod $recursive '$1'" >> "$__messages_out" } case "$state_should" in present|exists) if [ "$type" != "directory" ]; then set_attributes=1 if [ "$type" != "none" ]; then # our destination is not a directory, remove whatever is there # and then create our directory and set all attributes echo "rm -f '$destination'" echo "remove non directory" >> "$__messages_out" fi echo "mkdir $mkdiropt '$destination'" echo "create" >> "$__messages_out" elif [ "$state_should" = 'exists' ]; then # The type is directory and --state exists. We are done and do not # check or set the attributes. exit 0 fi # Note: Mode - needs to happen last as a chown/chgrp can alter mode by # clearing S_ISUID and S_ISGID bits (see chown(2)) for attribute in group owner mode; do if [ -f "$__object/parameter/$attribute" ]; then value_should="$(cat "$__object/parameter/$attribute")" value_is="$(get_current_value "$attribute" "$value_should")" # format mode in four digits => same as stat returns if [ "$attribute" = mode ]; then # Convert to four-digit octal number (printf interprets # strings with leading 0s as octal!) value_should=$(printf '%04o' "0${value_should}") fi if [ "$set_attributes" = 1 ] || [ "$value_should" != "$value_is" ]; then "set_$attribute" "$value_should" fi fi done ;; pre-exists) case $type in directory) # all good exit 0 ;; none) printf 'Directory "%s" does not exist\n' "$destination" >&2 exit 1 ;; file|symlink) printf 'File "%s" exists and is a %s, but should be a directory\n' "$destination" "$type" >&2 exit 1 ;; *) printf 'File or directory "%s" is in an unknown state\n' "$destination" >&2 exit 1 ;; esac ;; absent) if [ "$type" = "directory" ]; then echo "rm -rf '$destination'" echo remove >> "$__messages_out" fi ;; *) echo "Unknown state: $state_should" >&2 exit 1 ;; esac cdist/cdist/conf/type/__directory/man.rst000066400000000000000000000047761427155744700210450ustar00rootroot00000000000000cdist-type__directory(7) ======================== NAME ---- cdist-type__directory - Manage a directory DESCRIPTION ----------- This cdist type allows you to create or remove directories on the target. REQUIRED PARAMETERS ------------------- None. OPTIONAL PARAMETERS ------------------- state 'present', 'absent', 'exists' or 'pre-exists', defaults to 'present' where: present the directory exists and the given attributes are set. absent the directory does not exist. exists the directory exists, but its attributes are not altered if it already existed. pre-exists check that the directory exists and is indeed a directory, but do not create or modify it. group Group to chgrp to. mode Unix permissions, suitable for chmod. owner User to chown to. BOOLEAN PARAMETERS ------------------ parents Whether to create parents as well (mkdir -p behaviour). Warning: all intermediate directory permissions default to whatever mkdir -p does. Usually this means root:root, 0700. recursive If supplied the chgrp and chown call will run recursively. This does *not* influence the behaviour of chmod. MESSAGES -------- chgrp Changed group membership chown Changed owner chmod Changed mode create Empty directory was created remove Directory exists, but state is absent, directory will be removed by generated code. remove non directory Something other than a directory with the same name exists and was removed prior to create. EXAMPLES -------- .. code-block:: sh # A silly example __directory /tmp/foobar # Remove a directory __directory /tmp/foobar --state absent # Ensure /etc exists correctly __directory /etc --owner root --group root --mode 0755 # Create nfs service directory, including parents __directory /home/services/nfs --parents # Change permissions recursively __directory /home/services --recursive --owner root --group root # Setup a temp directory __directory /local --mode 1777 # Take it all __directory /home/services/kvm --recursive --parents \ --owner root --group root --mode 0755 --state present AUTHORS ------- Nico Schottelius COPYING ------- Copyright \(C) 2011 Nico Schottelius. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__directory/parameter/000077500000000000000000000000001427155744700215025ustar00rootroot00000000000000cdist/cdist/conf/type/__directory/parameter/boolean000066400000000000000000000000221427155744700230360ustar00rootroot00000000000000parents recursive cdist/cdist/conf/type/__directory/parameter/default/000077500000000000000000000000001427155744700231265ustar00rootroot00000000000000cdist/cdist/conf/type/__directory/parameter/default/state000066400000000000000000000000101427155744700241600ustar00rootroot00000000000000present cdist/cdist/conf/type/__directory/parameter/optional000066400000000000000000000000271427155744700232510ustar00rootroot00000000000000state group mode owner cdist/cdist/conf/type/__docker/000077500000000000000000000000001427155744700167655ustar00rootroot00000000000000cdist/cdist/conf/type/__docker/man.rst000066400000000000000000000016621427155744700202770ustar00rootroot00000000000000cdist-type__docker(7) ===================== NAME ---- cdist-type__docker - install Docker CE DESCRIPTION ----------- Installs latest Docker Community Edition package. REQUIRED PARAMETERS ------------------- None. OPTIONAL PARAMETERS ------------------- state 'present' or 'absent', defaults to 'present' version The specific version to install. Defaults to the special value 'latest', meaning the version the package manager will install by default. BOOLEAN PARAMETERS ------------------ None. EXAMPLES -------- .. code-block:: sh # Install docker __docker # Remove docker __docker --state absent # Install specific version __docker --state present --version 18.03.0.ce AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2016 Steven Armstrong. Free use of this software is granted under the terms of the GNU General Public License version 3 (GPLv3). cdist/cdist/conf/type/__docker/manifest000077500000000000000000000075411427155744700205300ustar00rootroot00000000000000#!/bin/sh -e # # 2016 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # os=$(cat "$__global/explorer/os") state=$(cat "$__object/parameter/state") version=$(cat "$__object/parameter/version") case "$os" in centos) # shellcheck source=/dev/null if (. "$__global/explorer/os_release" && [ "${VERSION_ID}" = "7" ]); then __yum_repo docker-ce-stable \ --name 'Docker CE Stable' \ --baseurl "https://download.docker.com/linux/centos/7/\$basearch/stable" \ --enabled \ --gpgcheck 1 \ --gpgkey 'https://download.docker.com/linux/centos/gpg' \ --state "${state}" if [ "$version" != "latest" ]; then require="__yum_repo/docker-ce-stable" __package docker-ce --version "${version}" --state "${state}" else require="__yum_repo/docker-ce-stable" __package docker-ce --state "${state}" fi else echo "CentOS version 7 is required!" >&2 exit 1 fi ;; ubuntu|debian) if [ "${state}" = "present" ]; then __package apt-transport-https __package ca-certificates __package gnupg2 fi __apt_key_uri docker --name "Docker Release (CE deb) " \ --uri "https://download.docker.com/linux/${os}/gpg" --state "${state}" require="__apt_key_uri/docker" __apt_source docker \ --uri "https://download.docker.com/linux/${os}" \ --distribution "$(cat "$__global/explorer/lsb_codename")" \ --state "${state}" \ --component "stable" if [ "$version" != "latest" ]; then require="__apt_source/docker" __package docker-ce --version "${version}" --state "${state}" else require="__apt_source/docker" __package docker-ce --state "${state}" fi ;; devuan) os_version="$(cat "$__global/explorer/os_version")" case "$os_version" in ascii) distribution="stretch" ;; jessie) distribution="jessie" ;; *) echo "Your devuan release ($os_version) is currently not supported by this type (${__type##*/}).">&2 echo "Please contribute an implementation for it if you can." >&2 exit 1 ;; esac if [ "${state}" = "present" ]; then __package apt-transport-https __package ca-certificates __package gnupg2 fi __apt_key_uri docker --name "Docker Release (CE deb) " \ --uri "https://download.docker.com/linux/${os}/gpg" --state "${state}" require="__apt_key_uri/docker" __apt_source docker \ --uri "https://download.docker.com/linux/${os}" \ --distribution "${distribution}" \ --state "${state}" \ --component "stable" if [ "$version" != "latest" ]; then require="__apt_source/docker" __package docker-ce --version "${version}" --state "${state}" else require="__apt_source/docker" __package docker-ce --state "${state}" fi ;; *) echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2 echo "Please contribute an implementation for it if you can." >&2 exit 1 ;; esac cdist/cdist/conf/type/__docker/parameter/000077500000000000000000000000001427155744700207455ustar00rootroot00000000000000cdist/cdist/conf/type/__docker/parameter/default/000077500000000000000000000000001427155744700223715ustar00rootroot00000000000000cdist/cdist/conf/type/__docker/parameter/default/state000066400000000000000000000000101427155744700234230ustar00rootroot00000000000000present cdist/cdist/conf/type/__docker/parameter/default/version000066400000000000000000000000071427155744700237760ustar00rootroot00000000000000latest cdist/cdist/conf/type/__docker/parameter/optional000066400000000000000000000000161427155744700225120ustar00rootroot00000000000000state version cdist/cdist/conf/type/__docker/singleton000066400000000000000000000000001427155744700207000ustar00rootroot00000000000000cdist/cdist/conf/type/__docker_compose/000077500000000000000000000000001427155744700205125ustar00rootroot00000000000000cdist/cdist/conf/type/__docker_compose/gencode-remote000077500000000000000000000022771427155744700233450ustar00rootroot00000000000000#!/bin/sh -e # # 2016 Dominique Roux (dominique.roux at ungleich.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # Variables version="$(cat "$__object/parameter/version")" state="$(cat "$__object/parameter/state")" if [ "${state}" = "present" ]; then # Download docker-compose file #shellcheck disable=SC2016 echo 'curl -L "https://github.com/docker/compose/releases/download/'"${version}"'/docker-compose-$(uname -s)-$(uname -m)" -o /tmp/docker-compose' echo 'mv /tmp/docker-compose /usr/local/bin/docker-compose' # Change permissions echo 'chmod +x /usr/local/bin/docker-compose' fi cdist/cdist/conf/type/__docker_compose/man.rst000066400000000000000000000017471427155744700220300ustar00rootroot00000000000000cdist-type__docker_compose(7) ============================= NAME ---- cdist-type__docker_compose - install docker-compose DESCRIPTION ----------- Installs docker-compose package. State 'absent' will not remove docker binary itself, only docker-compose binary will be removed REQUIRED PARAMETERS ------------------- None. OPTIONAL PARAMETERS ------------------- version Define docker_compose version, defaults to "1.9.0" state 'present' or 'absent', defaults to 'present' BOOLEAN PARAMETERS ------------------ None. EXAMPLES -------- .. code-block:: sh # Install docker-compose __docker_compose # Install version 1.9.0-rc4 __docker_compose --version 1.9.0-rc4 # Remove docker-compose __docker_compose --state absent AUTHORS ------- Dominique Roux COPYING ------- Copyright \(C) 2016 Dominique Roux. Free use of this software is granted under the terms of the GNU General Public License version 3 or later (GPLv3+). cdist/cdist/conf/type/__docker_compose/manifest000077500000000000000000000017511427155744700222520ustar00rootroot00000000000000#!/bin/sh -e # # 2016 Dominique Roux (dominique.roux at ungleich.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # state="$(cat "$__object/parameter/state")" # Needed packages if [ "${state}" = "present" ]; then __docker __package curl elif [ "${state}" = "absent" ]; then __file /usr/local/bin/docker-compose --state absent else echo "Unknown state: ${state}" >&2 exit 1 fi cdist/cdist/conf/type/__docker_compose/parameter/000077500000000000000000000000001427155744700224725ustar00rootroot00000000000000cdist/cdist/conf/type/__docker_compose/parameter/default/000077500000000000000000000000001427155744700241165ustar00rootroot00000000000000cdist/cdist/conf/type/__docker_compose/parameter/default/state000066400000000000000000000000101427155744700251500ustar00rootroot00000000000000present cdist/cdist/conf/type/__docker_compose/parameter/default/version000066400000000000000000000000071427155744700255230ustar00rootroot000000000000001.14.0 cdist/cdist/conf/type/__docker_compose/parameter/optional000066400000000000000000000000161427155744700242370ustar00rootroot00000000000000state version cdist/cdist/conf/type/__docker_compose/singleton000066400000000000000000000000001427155744700224250ustar00rootroot00000000000000cdist/cdist/conf/type/__docker_config/000077500000000000000000000000001427155744700203125ustar00rootroot00000000000000cdist/cdist/conf/type/__docker_config/explorer/000077500000000000000000000000001427155744700221525ustar00rootroot00000000000000cdist/cdist/conf/type/__docker_config/explorer/config-data000077500000000000000000000015011427155744700242510ustar00rootroot00000000000000#!/bin/sh -e # # 2018 Ľubomír KuÄera # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # docker config inspect "${__object_id:?}" --format '{{json .Spec.Data}}' \ 2>/dev/null | tr -d '"' | base64 -d cdist/cdist/conf/type/__docker_config/explorer/config-exists000077500000000000000000000014461427155744700246670ustar00rootroot00000000000000#!/bin/sh -e # # 2018 Ľubomír KuÄera # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # if docker config ls | grep -q " ${__object_id:?} "; then echo yes else echo no fi cdist/cdist/conf/type/__docker_config/gencode-remote000077500000000000000000000031221427155744700231330ustar00rootroot00000000000000#!/bin/sh -e # # 2018 Ľubomír KuÄera # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # config="${__object_id:?}" config_exists=$(cat "${__object:?}/explorer/config-exists") state=$(cat "${__object:?}/parameter/state") case "${state}" in absent) if [ "${config_exists}" != "yes" ]; then exit 0 fi echo "docker config rm \"${config}\"" ;; present) source=$(cat "${__object}/parameter/source") if [ -z "${source}" ]; then exit 0 fi if [ "${source}" = "-" ]; then source="${__object}/stdin" fi if [ "${config_exists}" = "yes" ]; then if cmp -s "${source}" "${__object}/explorer/config-data"; then exit 0 else echo "docker config rm \"${config}\"" fi fi cat <<-EOF source_file="\$(mktemp cdist.XXXXXXXXXX)" base64 -d > "\${source_file}" << eof $(base64 "${source}") eof docker config create "${config}" "\${source_file}" rm "\${source_file}" EOF ;; *) echo "Unsupported state: ${state}" >&2 exit 1 ;; esac cdist/cdist/conf/type/__docker_config/man.rst000066400000000000000000000022031427155744700216140ustar00rootroot00000000000000cdist-type__docker_config(7) ============================ NAME ---- cdist-type__docker_config - Manage Docker configs DESCRIPTION ----------- This type manages Docker configs. OPTIONAL PARAMETERS ------------------- source Path to the source file. If it is '-' (dash), read standard input. state 'present' or 'absent', defaults to 'present' where: present if the config does not exist, it is created absent the config is removed CAVEATS ------- Since Docker configs cannot be updated once created, this type tries removing and recreating the config if it changes. If the config is used by a service at the time of removing, then this type will fail. EXAMPLES -------- .. code-block:: sh # Creates "foo" config from "bar" source file __docker_config foo --source bar AUTHORS ------- Ľubomír KuÄera COPYING ------- Copyright \(C) 2018 Ľubomír KuÄera. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__docker_config/parameter/000077500000000000000000000000001427155744700222725ustar00rootroot00000000000000cdist/cdist/conf/type/__docker_config/parameter/default/000077500000000000000000000000001427155744700237165ustar00rootroot00000000000000cdist/cdist/conf/type/__docker_config/parameter/default/source000066400000000000000000000000001427155744700251270ustar00rootroot00000000000000cdist/cdist/conf/type/__docker_config/parameter/default/state000066400000000000000000000000101427155744700247500ustar00rootroot00000000000000present cdist/cdist/conf/type/__docker_config/parameter/optional000066400000000000000000000000151427155744700240360ustar00rootroot00000000000000source state cdist/cdist/conf/type/__docker_secret/000077500000000000000000000000001427155744700203325ustar00rootroot00000000000000cdist/cdist/conf/type/__docker_secret/explorer/000077500000000000000000000000001427155744700221725ustar00rootroot00000000000000cdist/cdist/conf/type/__docker_secret/explorer/secret-exists000077500000000000000000000014461427155744700247270ustar00rootroot00000000000000#!/bin/sh -e # # 2018 Ľubomír KuÄera # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # if docker secret ls | grep -q " ${__object_id:?} "; then echo yes else echo no fi cdist/cdist/conf/type/__docker_secret/gencode-remote000077500000000000000000000027231427155744700231610ustar00rootroot00000000000000#!/bin/sh -e # # 2018 Ľubomír KuÄera # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # secret="${__object_id:?}" secret_exists=$(cat "${__object:?}/explorer/secret-exists") state=$(cat "${__object:?}/parameter/state") case "${state}" in absent) if [ "${secret_exists}" != "yes" ]; then exit 0 fi echo "docker secret rm ${secret}" ;; present) if [ "${secret_exists}" = "yes" ]; then exit 0 fi source=$(cat "${__object}/parameter/source") if [ -z "${source}" ]; then exit 0 fi if [ "${source}" = "-" ]; then source="${__object}/stdin" fi cat <<-EOF source_file="\$(mktemp cdist.XXXXXXXXXX)" base64 -d > "\${source_file}" << eof $(base64 "${source}") eof docker secret create "${secret}" "\${source_file}" rm "\${source_file}" EOF ;; *) echo "Unsupported state: ${state}" >&2 exit 1 ;; esac cdist/cdist/conf/type/__docker_secret/man.rst000066400000000000000000000020551427155744700216410ustar00rootroot00000000000000cdist-type__docker_secret(7) ============================ NAME ---- cdist-type__docker_secret - Manage Docker secrets DESCRIPTION ----------- This type manages Docker secrets. OPTIONAL PARAMETERS ------------------- source Path to the source file. If it is '-' (dash), read standard input. state 'present' or 'absent', defaults to 'present' where: present if the secret does not exist, it is created absent the secret is removed CAVEATS ------- Since Docker secrets cannot be updated once created, this type takes no action if the specified secret already exists. EXAMPLES -------- .. code-block:: sh # Creates "foo" secret from "bar" source file __docker_secret foo --source bar AUTHORS ------- Ľubomír KuÄera COPYING ------- Copyright \(C) 2018 Ľubomír KuÄera. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__docker_secret/parameter/000077500000000000000000000000001427155744700223125ustar00rootroot00000000000000cdist/cdist/conf/type/__docker_secret/parameter/default/000077500000000000000000000000001427155744700237365ustar00rootroot00000000000000cdist/cdist/conf/type/__docker_secret/parameter/default/source000066400000000000000000000000001427155744700251470ustar00rootroot00000000000000cdist/cdist/conf/type/__docker_secret/parameter/default/state000066400000000000000000000000101427155744700247700ustar00rootroot00000000000000present cdist/cdist/conf/type/__docker_secret/parameter/optional000066400000000000000000000000151427155744700240560ustar00rootroot00000000000000source state cdist/cdist/conf/type/__docker_stack/000077500000000000000000000000001427155744700201525ustar00rootroot00000000000000cdist/cdist/conf/type/__docker_stack/explorer/000077500000000000000000000000001427155744700220125ustar00rootroot00000000000000cdist/cdist/conf/type/__docker_stack/explorer/stack-exists000077500000000000000000000014421427155744700243630ustar00rootroot00000000000000#!/bin/sh -e # # 2018 Ľubomír KuÄera # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # if docker stack ls | grep -q "^${__object_id:?} "; then echo 1 else echo 0 fi cdist/cdist/conf/type/__docker_stack/gencode-remote000077500000000000000000000027501427155744700230010ustar00rootroot00000000000000#!/bin/sh -e # # 2018 Ľubomír KuÄera # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # stack="${__object_id:?}" state=$(cat "${__object:?}/parameter/state") case "${state}" in absent) stack_exists=$(cat "${__object:?}/explorer/stack-exists") if [ "${stack_exists}" -ne 1 ]; then exit 0 fi echo "docker stack rm ${stack}" ;; present) compose_file=$(cat "${__object}/parameter/compose-file") if [ -z "${compose_file}" ]; then exit 0 fi if [ "${compose_file}" = "-" ]; then compose_file="${__object}/stdin" fi cat <<-EOF compose_file="\$(mktemp cdist.XXXXXXXXXX)" base64 -d > "\${compose_file}" << eof $(base64 "${compose_file}") eof docker stack deploy --compose-file "\${compose_file}" \ --prune --with-registry-auth ${stack} rm "\${compose_file}" EOF ;; *) echo "Unsupported state: ${state}" >&2 exit 1 ;; esac cdist/cdist/conf/type/__docker_stack/man.rst000066400000000000000000000023421427155744700214600ustar00rootroot00000000000000cdist-type__docker_stack(7) =========================== NAME ---- cdist-type__docker_stack - Manage Docker stacks DESCRIPTION ----------- This type manages service stacks. .. note:: Since there is no easy way to tell whether a stack needs to be updated, `docker stack deploy` is being run every time this type is invoked. However, it does not mean this type is not idempotent. If Docker does not detect changes, the existing stack will not be updated. OPTIONAL PARAMETERS ------------------- compose-file Path to the compose file. If it is '-' (dash), read standard input. state 'present' or 'absent', defaults to 'present' where: present the stack is deployed absent the stack is removed EXAMPLES -------- .. code-block:: sh # Deploys 'foo' stack defined in 'docker-compose.yml' compose file __docker_stack foo --compose-file docker-compose.yml AUTHORS ------- Ľubomír KuÄera COPYING ------- Copyright \(C) 2018 Ľubomír KuÄera. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__docker_stack/parameter/000077500000000000000000000000001427155744700221325ustar00rootroot00000000000000cdist/cdist/conf/type/__docker_stack/parameter/default/000077500000000000000000000000001427155744700235565ustar00rootroot00000000000000cdist/cdist/conf/type/__docker_stack/parameter/default/compose-file000066400000000000000000000000001427155744700260510ustar00rootroot00000000000000cdist/cdist/conf/type/__docker_stack/parameter/default/state000066400000000000000000000000101427155744700246100ustar00rootroot00000000000000present cdist/cdist/conf/type/__docker_stack/parameter/optional000066400000000000000000000000231427155744700236750ustar00rootroot00000000000000compose-file state cdist/cdist/conf/type/__docker_swarm/000077500000000000000000000000001427155744700201765ustar00rootroot00000000000000cdist/cdist/conf/type/__docker_swarm/explorer/000077500000000000000000000000001427155744700220365ustar00rootroot00000000000000cdist/cdist/conf/type/__docker_swarm/explorer/swarm-state000077500000000000000000000014211427155744700242310ustar00rootroot00000000000000#!/bin/sh -e # # 2018 Ľubomír KuÄera # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # docker info 2>/dev/null | grep '^ *Swarm: ' | awk '{print $2}' cdist/cdist/conf/type/__docker_swarm/gencode-remote000077500000000000000000000024351427155744700230250ustar00rootroot00000000000000#!/bin/sh -e # # 2018 Ľubomír KuÄera # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # state=$(cat "${__object:?}/parameter/state") swarm_state="$(cat "${__object}/explorer/swarm-state")" if [ -z "${swarm_state}" ]; then echo "Unable to determine Swarm state. Is compatible version of Docker installed?" >&2 exit 1 fi case "${state}" in absent) if [ "${swarm_state}" = "active" ]; then echo "docker swarm leave --force" fi ;; present) if [ "${swarm_state}" = "inactive" ]; then echo "docker swarm init" fi ;; *) echo "Unsupported state: ${state}" >&2 exit 1 ;; esac cdist/cdist/conf/type/__docker_swarm/man.rst000066400000000000000000000016551427155744700215120ustar00rootroot00000000000000cdist-type__docker_swarm(7) =========================== NAME ---- cdist-type__docker_swarm - Manage Swarm DESCRIPTION ----------- This type can initialize Docker swarm mode. For more information about swarm mode, see `Swarm mode overview `_. OPTIONAL PARAMETERS ------------------- state 'present' or 'absent', defaults to 'present' where: present Swarm is initialized absent Swarm is left EXAMPLES -------- .. code-block:: sh # Initializes a swarm __docker_swarm # Leaves a swarm __docker_swarm --state absent AUTHORS ------- Ľubomír KuÄera COPYING ------- Copyright \(C) 2018 Ľubomír KuÄera. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__docker_swarm/parameter/000077500000000000000000000000001427155744700221565ustar00rootroot00000000000000cdist/cdist/conf/type/__docker_swarm/parameter/default/000077500000000000000000000000001427155744700236025ustar00rootroot00000000000000cdist/cdist/conf/type/__docker_swarm/parameter/default/state000066400000000000000000000000101427155744700246340ustar00rootroot00000000000000present cdist/cdist/conf/type/__docker_swarm/parameter/optional000066400000000000000000000000061427155744700237220ustar00rootroot00000000000000state cdist/cdist/conf/type/__docker_swarm/singleton000066400000000000000000000000001427155744700221110ustar00rootroot00000000000000cdist/cdist/conf/type/__dog_vdi/000077500000000000000000000000001427155744700171315ustar00rootroot00000000000000cdist/cdist/conf/type/__dog_vdi/explorer/000077500000000000000000000000001427155744700207715ustar00rootroot00000000000000cdist/cdist/conf/type/__dog_vdi/explorer/list000077500000000000000000000013721427155744700216750ustar00rootroot00000000000000#!/bin/sh # # 2014 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # name="$__object_id" dog vdi list -r "$name" cdist/cdist/conf/type/__dog_vdi/gencode-remote000077500000000000000000000022251427155744700217550ustar00rootroot00000000000000#!/bin/sh -e # # 2014 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # state_should="$(cat "$__object/parameter/state")" num_vdi_lines=$(wc -l < "$__object/explorer/list") name="$__object_id" if [ "$num_vdi_lines" = 1 ]; then state_is=present else state_is=absent fi [ "$state_is" = "$state_should" ] && exit 0 case "$state_should" in present) size="$(cat "$__object/parameter/size")" echo "dog vdi create '$name' '$size'" ;; absent) echo "dog vdi delete '$name'" ;; esac cdist/cdist/conf/type/__dog_vdi/man.rst000066400000000000000000000023121427155744700204340ustar00rootroot00000000000000cdist-type__dog_vdi(7) ====================== NAME ---- cdist-type__dog_vdi - Manage Sheepdog VM images DESCRIPTION ----------- The dog program is used to create images for sheepdog to be used in qemu. OPTIONAL PARAMETERS ------------------- state Either "present" or "absent", defaults to "present" size Size of the image in "dog vdi" compatible units. Required if state is "present". EXAMPLES -------- .. code-block:: sh # Create a 50G size image __dog_vdi nico-privat.sky.ungleich.ch --size 50G # Create a 50G size image (more explicit) __dog_vdi nico-privat.sky.ungleich.ch --size 50G --state present # Remove image __dog_vdi nico-privat.sky.ungleich.ch --state absent # Remove image - keeping --size is ok __dog_vdi nico-privat.sky.ungleich.ch --size 50G --state absent SEE ALSO -------- :strong:`qemu`\ (1), :strong:`dog`\ (8) AUTHORS ------- Nico Schottelius COPYING ------- Copyright \(C) 2014 Nico Schottelius. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__dog_vdi/manifest000077500000000000000000000020651427155744700206700ustar00rootroot00000000000000#!/bin/sh -e # # 2014 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # state_should="$(cat "$__object/parameter/state")" case "$state_should" in present) if [ ! -f "$__object/parameter/size" ]; then echo "Size is required when state is present" >&2 exit 1 fi ;; absent) : ;; *) echo "Unsupported state: $state_should" >&2 exit 1 ;; esac cdist/cdist/conf/type/__dog_vdi/parameter/000077500000000000000000000000001427155744700211115ustar00rootroot00000000000000cdist/cdist/conf/type/__dog_vdi/parameter/default/000077500000000000000000000000001427155744700225355ustar00rootroot00000000000000cdist/cdist/conf/type/__dog_vdi/parameter/default/state000066400000000000000000000000101427155744700235670ustar00rootroot00000000000000present cdist/cdist/conf/type/__dog_vdi/parameter/optional000066400000000000000000000000131427155744700226530ustar00rootroot00000000000000state size cdist/cdist/conf/type/__dot_file/000077500000000000000000000000001427155744700173035ustar00rootroot00000000000000cdist/cdist/conf/type/__dot_file/explorer/000077500000000000000000000000001427155744700211435ustar00rootroot00000000000000cdist/cdist/conf/type/__dot_file/explorer/home000077500000000000000000000016651427155744700220310ustar00rootroot00000000000000#!/bin/sh # Copyright (C) 2016 Dmitry Bogatov # Author: Dmitry Bogatov # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 3 # of the License, or (at your option) any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program. If not, see . set -eu user="$(cat "${__object}/parameter/user")" if command -v getent >/dev/null 2>&1; then line=$(getent passwd "${user}") else line=$(grep "^${user}:" /etc/passwd) fi printf '%s' "$line" | cut -d: -f6 cdist/cdist/conf/type/__dot_file/explorer/primary_group000077500000000000000000000014471427155744700237760ustar00rootroot00000000000000#!/bin/sh # Copyright (C) 2016 Dmitry Bogatov # Author: Dmitry Bogatov # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 3 # of the License, or (at your option) any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program. If not, see . set -eu user="$(cat "${__object}/parameter/user")" id -gn "${user}" cdist/cdist/conf/type/__dot_file/man.rst000066400000000000000000000044261427155744700206160ustar00rootroot00000000000000cdist-type__dot_file(7) ======================== NAME ---- cdist-type__dot_file - install file under user's home directory DESCRIPTION ----------- This type installs a file (=\ *__object_id*) under user's home directory, providing a way to install per-user configuration files. File owner and group is deduced from user, for who file is installed. Unlike regular __file type, you do not need make any assumptions, where user's home directory is. REQUIRED PARAMETERS ------------------- user User, for who file is installed OPTIONAL PARAMETERS ------------------- dirmode forwarded to :strong:`__directory` type as mode mode forwarded to :strong:`__file` type state forwarded to :strong:`__file` type source forwarded to :strong:`__file` type file forwarded to :strong:`__file` type This can be used if multiple users need to have a dotfile updated, which will result in duplicate object id errors. When using the file parameter the object id can be some unique value. MESSAGES -------- This type inherits all messages from :strong:`file` type, and do not add any new. EXAMPLES -------- .. code-block:: sh # Install .forward file for user 'alice'. Since state is 'present', # user is not meant to edit this file, all changes will be overridden. # It is good idea to put warning about it in file itself. __dot_file .forward --user alice --source "$__files/forward" # Install .muttrc for user 'bob', if not already present. User can safely # edit it, his changes will not be overwritten. __dot_file .muttrc --user bob --source "$__files/recommended_mutt_config" --state exists # Install default xmonad config for user 'eve'. Parent directory is created automatically. __dot_file .xmonad/xmonad.hs --user eve --state exists --source "$__files/xmonad.hs" # install .vimrc for root and some users for user in root userx usery userz; do __dot_file "${user}_dot_vimrc" \ --user $user \ --file .vimrc \ --state exists \ --source "$__files/$user/.vimrc" done SEE ALSO -------- **cdist-type__file**\ (7) COPYING ------- Copyright (C) 2015 Dmitry Bogatov. Free use of this software is granted under the terms of the GNU General Public License version 3 or later (GPLv3+). cdist/cdist/conf/type/__dot_file/manifest000077500000000000000000000045041427155744700210420ustar00rootroot00000000000000#!/bin/sh -e # # Copyright (C) 2016 Bogatov Dmitry # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . set -eu user="$(cat "${__object}/parameter/user")" home="$(cat "${__object}/explorer/home")" primary_group="$(cat "${__object}/explorer/primary_group")" dirmode="$(cat "${__object}/parameter/dirmode")" if [ -f "${__object}/parameter/file" ]; then file="$(cat "${__object}/parameter/file")" else file="${__object_id}" fi # Create parent directory. Type __directory has flag 'parents', but it # will leave us with root-owned directory in user home, which is not # acceptable. So we create parent directories one-by-one. XXX: maybe # it should be fixed in '__directory'? set -- subpath=${file} while subpath="$(dirname "${subpath}")" ; do [ "${subpath}" = . ] && break set -- "${subpath}" "$@" done unset subpath export CDIST_ORDER_DEPENDENCY for dir ; do __directory "${home}/${dir}" \ --group "${primary_group}" \ --mode "${dirmode}" \ --owner "${user}" done # These parameters are forwarded to __file type. 'mode' is always # present, since it have been given default. set -- for p in state mode source ; do if [ -f "${__object}/parameter/${p}" ] ; then value="$(cat "${__object}/parameter/${p}")" set -- "$@" "--${p}" "${value}" unset value fi done # If source is `-' we can't just forward it, since stdin is already # captured by __dot_file. So, we replace '-' with "$__object/stdin". # # It means that it is possible for __file to receive --source # parameter twice, but, since latest wins, it is okay. source="$(cat "${__object}/parameter/source")" if [ "${source}" = "-" ] ; then set -- "$@" --source "${__object}/stdin" fi unset source __file "${home}/${file}" --owner "$user" --group "$primary_group" "$@" cdist/cdist/conf/type/__dot_file/parameter/000077500000000000000000000000001427155744700212635ustar00rootroot00000000000000cdist/cdist/conf/type/__dot_file/parameter/default/000077500000000000000000000000001427155744700227075ustar00rootroot00000000000000cdist/cdist/conf/type/__dot_file/parameter/default/dirmode000066400000000000000000000000051427155744700242500ustar00rootroot000000000000000700 cdist/cdist/conf/type/__dot_file/parameter/default/mode000066400000000000000000000000041427155744700235500ustar00rootroot00000000000000600 cdist/cdist/conf/type/__dot_file/parameter/optional000066400000000000000000000000321427155744700230260ustar00rootroot00000000000000state mode source dirmode cdist/cdist/conf/type/__dot_file/parameter/required000066400000000000000000000000051427155744700230210ustar00rootroot00000000000000user cdist/cdist/conf/type/__download/000077500000000000000000000000001427155744700173255ustar00rootroot00000000000000cdist/cdist/conf/type/__download/explorer/000077500000000000000000000000001427155744700211655ustar00rootroot00000000000000cdist/cdist/conf/type/__download/explorer/remote_cmd_get000077500000000000000000000004221427155744700240660ustar00rootroot00000000000000#!/bin/sh -e if [ -f "$__object/parameter/cmd-get" ] then cat "$__object/parameter/cmd-get" elif command -v curl > /dev/null then echo "curl -sSL -o - '%s'" elif command -v fetch > /dev/null then echo "fetch -o - '%s'" else echo "wget -O - '%s'" fi cdist/cdist/conf/type/__download/explorer/remote_cmd_sum000077500000000000000000000032271427155744700241210ustar00rootroot00000000000000#!/bin/sh -e if [ ! -f "$__object/parameter/sum" ] then exit 0 fi if [ -f "$__object/parameter/cmd-sum" ] then cat "$__object/parameter/cmd-sum" exit 0 fi sum_should="$( cat "$__object/parameter/sum" )" if echo "$sum_should" | grep -Fq ':' then sum_hash="$( echo "$sum_should" | cut -d : -f 1 )" else if echo "$sum_should" | grep -Eq '^[0-9]+\s[0-9]+$' then sum_hash='cksum' elif echo "$sum_should" | grep -Eiq '^[a-f0-9]{32}$' then sum_hash='md5' elif echo "$sum_should" | grep -Eiq '^[a-f0-9]{40}$' then sum_hash='sha1' elif echo "$sum_should" | grep -Eiq '^[a-f0-9]{64}$' then sum_hash='sha256' else echo 'hash format detection failed' >&2 exit 1 fi fi os="$( "$__explorer/os" )" case "$sum_hash" in cksum) echo "cksum %s | awk '{print \$1\" \"\$2}'" ;; md5) case "$os" in freebsd) echo "md5 -q %s" ;; *) echo "md5sum %s | awk '{print \$1}'" ;; esac ;; sha1) case "$os" in freebsd) echo "sha1 -q %s" ;; *) echo "sha1sum %s | awk '{print \$1}'" ;; esac ;; sha256) case "$os" in freebsd) echo "sha256 -q %s" ;; *) echo "sha256sum %s | awk '{print \$1}'" ;; esac ;; *) # we arrive here only if --sum is given with unknown format prefix echo "unknown hash format: $sum_hash" >&2 exit 1 ;; esac cdist/cdist/conf/type/__download/explorer/state000077500000000000000000000013501427155744700222320ustar00rootroot00000000000000#!/bin/sh -e if [ -f "$__object/parameter/destination" ] then dst="$( cat "$__object/parameter/destination" )" else dst="/$__object_id" fi if [ ! -f "$dst" ] then echo 'absent' exit 0 fi if [ ! -f "$__object/parameter/sum" ] then echo 'present' exit 0 fi sum_should="$( cat "$__object/parameter/sum" )" if echo "$sum_should" | grep -Fq ':' then sum_should="$( echo "$sum_should" | cut -d : -f 2 )" fi sum_cmd="$( "$__type_explorer/remote_cmd_sum" )" # shellcheck disable=SC2059 sum_is="$( eval "$( printf "$sum_cmd" "'$dst'" )" )" if [ -z "$sum_is" ] then echo 'existing destination checksum failed' >&2 exit 1 fi if [ "$sum_is" = "$sum_should" ] then echo 'present' else echo 'mismatch' fi cdist/cdist/conf/type/__download/gencode-local000077500000000000000000000075731427155744700217630ustar00rootroot00000000000000#!/bin/sh -e download="$( cat "$__object/parameter/download" )" state_is="$( cat "$__object/explorer/state" )" if [ "$download" != 'local' ] || [ "$state_is" = 'present' ] then exit 0 fi url="$( cat "$__object/parameter/url" )" if [ -f "$__object/parameter/destination" ] then dst="$( cat "$__object/parameter/destination" )" else dst="/$__object_id" fi if [ -f "$__object/parameter/cmd-get" ] then cmd="$( cat "$__object/parameter/cmd-get" )" elif command -v curl > /dev/null then cmd="curl -sSL -o - '%s'" elif command -v fetch > /dev/null then cmd="fetch -o - '%s'" elif command -v wget > /dev/null then cmd="wget -O - '%s'" else echo 'local download failed, no usable utility' >&2 exit 1 fi echo "download_tmp=\"\$( mktemp )\"" # shellcheck disable=SC2059 printf "$cmd > \"\$download_tmp\"\n" "$url" if [ -f "$__object/parameter/sum" ] then sum_should="$( cat "$__object/parameter/sum" )" if [ -f "$__object/parameter/cmd-sum" ] then local_cmd_sum="$( cat "$__object/parameter/cmd-sum" )" else if echo "$sum_should" | grep -Fq ':' then sum_hash="$( echo "$sum_should" | cut -d : -f 1 )" sum_should="$( echo "$sum_should" | cut -d : -f 2 )" else if echo "$sum_should" | grep -Eq '^[0-9]+\s[0-9]+$' then sum_hash='cksum' elif echo "$sum_should" | grep -Eiq '^[a-f0-9]{32}$' then sum_hash='md5' elif echo "$sum_should" | grep -Eiq '^[a-f0-9]{40}$' then sum_hash='sha1' elif echo "$sum_should" | grep -Eiq '^[a-f0-9]{64}$' then sum_hash='sha256' else echo 'hash format detection failed' >&2 exit 1 fi fi case "$sum_hash" in cksum) local_cmd_sum="cksum %s | awk '{print \$1\" \"\$2}'" ;; md5) if command -v md5 > /dev/null then local_cmd_sum="md5 -q %s" elif command -v md5sum > /dev/null then local_cmd_sum="md5sum %s | awk '{print \$1}'" fi ;; sha1) if command -v sha1 > /dev/null then local_cmd_sum="sha1 -q %s" elif command -v sha1sum > /dev/null then local_cmd_sum="sha1sum %s | awk '{print \$1}'" fi ;; sha256) if command -v sha256 > /dev/null then local_cmd_sum="sha256 -q %s" elif command -v sha256sum > /dev/null then local_cmd_sum="sha256sum %s | awk '{print \$1}'" fi ;; *) # we arrive here only if --sum is given with unknown format prefix echo "unknown hash format: $sum_hash" >&2 exit 1 ;; esac if [ -z "$local_cmd_sum" ] then echo 'local checksum verification failed, no usable utility' >&2 exit 1 fi fi # shellcheck disable=SC2059 echo "sum_is=\"\$( $( printf "$local_cmd_sum" "\"\$download_tmp\"" ) )\"" echo "if [ \"\$sum_is\" != '$sum_should' ]; then" echo "echo 'local download checksum mismatch' >&2" echo "rm -f \"\$download_tmp\"" echo 'exit 1; fi' fi if echo "$__target_host" | grep -Eq '^[0-9a-fA-F:]+$' then target_host="[$__target_host]" else target_host="$__target_host" fi # shellcheck disable=SC2016 printf '%s "$download_tmp" %s:%s\n' \ "$__remote_copy" \ "$target_host" \ "$dst" echo "rm -f \"\$download_tmp\"" cdist/cdist/conf/type/__download/gencode-remote000077500000000000000000000030011427155744700221420ustar00rootroot00000000000000#!/bin/sh -e download="$( cat "$__object/parameter/download" )" state_is="$( cat "$__object/explorer/state" )" if [ "$download" = 'remote' ] && [ "$state_is" != 'present' ] then cmd_get="$( cat "$__object/explorer/remote_cmd_get" )" url="$( cat "$__object/parameter/url" )" if [ -f "$__object/parameter/destination" ] then dst="$( cat "$__object/parameter/destination" )" else dst="/$__object_id" fi echo "download_tmp=\"\$( mktemp )\"" # shellcheck disable=SC2059 printf "$cmd_get > \"\$download_tmp\"\n" "$url" if [ -f "$__object/parameter/sum" ] then sum_should="$( cat "$__object/parameter/sum" )" if [ -f "$__object/parameter/cmd-sum" ] then remote_cmd_sum="$( cat "$__object/parameter/cmd-sum" )" else remote_cmd_sum="$( cat "$__object/explorer/remote_cmd_sum" )" if echo "$sum_should" | grep -Fq ':' then sum_should="$( echo "$sum_should" | cut -d : -f 2 )" fi fi # shellcheck disable=SC2059 echo "sum_is=\"\$( $( printf "$remote_cmd_sum" "\"\$download_tmp\"" ) )\"" echo "if [ \"\$sum_is\" != '$sum_should' ]; then" echo "echo 'remote download checksum mismatch' >&2" echo "rm -f \"\$download_tmp\"" echo 'exit 1; fi' fi echo "mv \"\$download_tmp\" '$dst'" fi if [ -f "$__object/parameter/onchange" ] && [ "$state_is" != "present" ] then cat "$__object/parameter/onchange" fi cdist/cdist/conf/type/__download/man.rst000066400000000000000000000057701427155744700206430ustar00rootroot00000000000000cdist-type__download(7) ======================= NAME ---- cdist-type__download - Download a file DESCRIPTION ----------- By default type will try to use ``curl``, ``fetch`` or ``wget``. If download happens in target (see ``--download``) then type will fallback to (and install) ``wget``. If download happens in local machine, then environment variables like ``{http,https,ftp}_proxy`` etc can be used on cdist execution (``http_proxy=foo cdist config ...``). To change downloaded file's owner, group or permissions, use ``require='__download/path/to/file' __file ...``. REQUIRED PARAMETERS ------------------- url File's URL. OPTIONAL PARAMETERS ------------------- destination Downloaded file's destination in target. If unset, ``$__object_id`` is used. sum Supported formats: ``cksum`` output without file name, MD5, SHA1 and SHA256. Type tries to detect hash format with regexes, but prefixes ``cksum:``, ``md5:``, ``sha1:`` and ``sha256:`` are also supported. Checksum have two purposes - state check and post-download verification. In state check, if destination checksum mismatches, then content of URL will be downloaded to temporary file. If downloaded temporary file's checksum matches, then it will be moved to destination (overwritten). For local downloads it is expected that usable utilities for checksum calculation exist in the system. download If ``local`` (default), then file is downloaded to local storage and copied to target host. If ``remote``, then download happens in target. For local downloads it is expected that usable utilities for downloading exist in the system. Type will try to use ``curl``, ``fetch`` or ``wget``. cmd-get Command used for downloading. Command must output to ``stdout``. Parameter will be used for ``printf`` and must include only one format specification ``%s`` which will become URL. For example: ``wget -O - '%s'``. cmd-sum Command used for checksum calculation. Command output and ``--sum`` parameter must match. Parameter will be used for ``printf`` and must include only one format specification ``%s`` which will become destination. For example: ``md5sum '%s' | awk '{print $1}'``. onchange Execute this command after download. EXAMPLES -------- .. code-block:: sh __directory /opt/cpma require='__directory/opt/cpma' \ __download /opt/cpma/cnq3.zip \ --url https://cdn.playmorepromode.com/files/cnq3/cnq3-1.51.zip \ --sum 46da3021ca9eace277115ec9106c5b46 require='__download/opt/cpma/cnq3.zip' \ __unpack /opt/cpma/cnq3.zip \ --backup-destination \ --preserve-archive \ --destination /opt/cpma/server AUTHORS ------- Ander Punnar COPYING ------- Copyright \(C) 2021 Ander Punnar. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__download/manifest000077500000000000000000000001411427155744700210550ustar00rootroot00000000000000#!/bin/sh -e if grep -Eq '^wget' "$__object/explorer/remote_cmd_get" then __package wget fi cdist/cdist/conf/type/__download/parameter/000077500000000000000000000000001427155744700213055ustar00rootroot00000000000000cdist/cdist/conf/type/__download/parameter/default/000077500000000000000000000000001427155744700227315ustar00rootroot00000000000000cdist/cdist/conf/type/__download/parameter/default/download000066400000000000000000000000061427155744700244570ustar00rootroot00000000000000local cdist/cdist/conf/type/__download/parameter/optional000066400000000000000000000000621427155744700230530ustar00rootroot00000000000000cmd-get cmd-sum destination download onchange sum cdist/cdist/conf/type/__download/parameter/required000066400000000000000000000000041427155744700230420ustar00rootroot00000000000000url cdist/cdist/conf/type/__dpkg_architecture/000077500000000000000000000000001427155744700212055ustar00rootroot00000000000000cdist/cdist/conf/type/__dpkg_architecture/explorer/000077500000000000000000000000001427155744700230455ustar00rootroot00000000000000cdist/cdist/conf/type/__dpkg_architecture/explorer/architecture000077500000000000000000000015551427155744700254630ustar00rootroot00000000000000#!/bin/sh -e # __dpkg_architecture/explorer/architecture # # 2020 Matthias Stecher # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # Get the main architecture of this machine # print or die in the gencode-remote dpkg --print-architecture || true cdist/cdist/conf/type/__dpkg_architecture/explorer/foreign-architectures000077500000000000000000000015701427155744700272720ustar00rootroot00000000000000#!/bin/sh -e # __dpkg_architecture/explorer/foreign-architectures # # 2020 Matthias Stecher # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # Print all additional architectures # print or die in the gencode-remote dpkg --print-foreign-architectures || true cdist/cdist/conf/type/__dpkg_architecture/gencode-remote000077500000000000000000000045731427155744700240410ustar00rootroot00000000000000#!/bin/sh -e # __dpkg_architecture/gencode-remote # # 2020 Matthias Stecher # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # Get parameter and explorer state_should="$(cat "$__object/parameter/state")" arch_wanted="$__object_id" main_arch="$(cat "$__object/explorer/architecture")" # Exit here if dpkg do not work (empty explorer) if [ -z "$main_arch" ]; then echo "dpkg is not available or unable to detect a architecture!" >&2 exit 1 fi # Check if requested architecture is the main one if [ "$arch_wanted" = "$main_arch" ]; then # higher than present; we can not remove it state_is="present" caution="yes" # Check if the architecture not already used elif grep -qFx "$arch_wanted" "$__object/explorer/foreign-architectures"; then state_is="present" # arch does not exist else state_is="absent" fi # Check what to do if [ "$state_is" != "$state_should" ]; then case "$state_should" in present) # print add code printf "dpkg --add-architecture '%s'\n" "$arch_wanted" # updating the index to make the new architecture available echo "apt update" echo added >> "$__messages_out" ;; absent) if [ "$caution" ]; then printf "can not remove the main arch '%s' of the system!\n" "$main_arch" >&2 exit 1 fi # removing all existing packages for the architecture printf "apt purge '.*:%s'\n" "$arch_wanted" # print remove code printf "dpkg --remove-architecture '%s'\n" "$arch_wanted" echo removed >> "$__messages_out" ;; *) printf "state '%s' is unknown!\n" "$state_should" >&2 exit 1 ;; esac fi cdist/cdist/conf/type/__dpkg_architecture/man.rst000066400000000000000000000046421427155744700225200ustar00rootroot00000000000000cdist-type__dpkg_architecture(7) ================================ NAME ---- cdist-type__dpkg_architecture - Handles foreign architectures on debian-like systems managed by `dpkg` DESCRIPTION ----------- This type handles foreign architectures on systems managed by :strong:`dpkg`\ (1). The object id is the name of the architecture accepted by `dpkg`, which should be added or removed. If the architecture is not setup on the system, it adds a new architecture as a new foreign architecture in `dpkg`. Then, it updates the apt package index to make packages from the new architecture available. If the architecture should be removed, it will remove it if it is not the base architecture on where the system was installed on. Before it, it will purge every package based on the "to be removed" architecture via `apt` to be able to remove the selected architecture. REQUIRED PARAMETERS ------------------- None. OPTIONAL PARAMETERS ------------------- state ``present`` or ``absent``. Defaults to ``present``. MESSAGES -------- added Added the specified architecture removed Removed the specified architecture ABORTS ------ Aborts in the following cases: If :strong:`dpkg`\ (1) is not available. It will abort with a proper error message. If the architecture is the same as the base architecture the system is build upon it (returned by ``dpkg --print-architecture``) and it should be removed. It will fail if it can not execute :strong:`apt`\ (8). It is assumed that it is already installed. EXAMPLES -------- .. code-block:: sh # add i386 (32 bit) architecture __dpkg_architecture i386 # remove it again :) __dpkg_architecture i386 --state absent SEE ALSO -------- `Multiarch on Debian systems `_ `How to setup multiarch on Debian `_ :strong:`dpkg`\ (1) :strong:`cdist-type__package_dpkg`\ (7) :strong:`cdist-type__package_apt`\ (7) Useful commands: .. code-block:: sh # base architecture installed on this system dpkg --print-architecture # extra architectures added dpkg --print-foreign-architectures AUTHORS ------- Matthias Stecher COPYING ------- Copyright \(C) 2020 Matthias Stecher. You can redistribute it and/or modify it under the terms of the GNU General Public License as ublished by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__dpkg_architecture/nonparallel000066400000000000000000000000001427155744700234250ustar00rootroot00000000000000cdist/cdist/conf/type/__dpkg_architecture/parameter/000077500000000000000000000000001427155744700231655ustar00rootroot00000000000000cdist/cdist/conf/type/__dpkg_architecture/parameter/default/000077500000000000000000000000001427155744700246115ustar00rootroot00000000000000cdist/cdist/conf/type/__dpkg_architecture/parameter/default/state000066400000000000000000000000101427155744700256430ustar00rootroot00000000000000present cdist/cdist/conf/type/__dpkg_architecture/parameter/optional000066400000000000000000000000061427155744700247310ustar00rootroot00000000000000state cdist/cdist/conf/type/__file/000077500000000000000000000000001427155744700164355ustar00rootroot00000000000000cdist/cdist/conf/type/__file/explorer/000077500000000000000000000000001427155744700202755ustar00rootroot00000000000000cdist/cdist/conf/type/__file/explorer/cksum000077500000000000000000000020101427155744700213360ustar00rootroot00000000000000#!/bin/sh # # 2011-2012 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Retrieve the md5sum of a file to be created, if it is already existing. # destination="/$__object_id" if [ -e "$destination" ]; then if [ -f "$destination" ]; then cksum < "$destination" else echo "NO REGULAR FILE" fi else echo "NO FILE FOUND, NO CHECKSUM CALCULATED." fi cdist/cdist/conf/type/__file/explorer/stat000077500000000000000000000047631427155744700212100ustar00rootroot00000000000000#!/bin/sh # # 2013 Steven Armstrong (steven-cdist armstrong.cc) # 2019 Nico Schottelius (nico-cdist at schottelius.org) # 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # destination="/$__object_id" fallback() { # Fallback: Patch the output together, manually. ls_line=$(ls -ldn "$destination") uid=$(echo "$ls_line" | awk '{ print $3 }') gid=$(echo "$ls_line" | awk '{ print $4 }') owner=$(awk -F: -v uid="$uid" '$3 == uid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/passwd) group=$(awk -F: -v gid="$gid" '$3 == gid { print $1; f=1 } END { if (!f) print "UNKNOWN" }' /etc/group) mode_text=$(echo "$ls_line" | awk '{ print $1 }') mode=$(echo "$mode_text" | awk '{for(i=8;i>=0;--i){c=substr($1,10-i,1);k+=((c~/[rwxst]/)*2^i);if(!(i%3))k+=(tolower(c)~/[lst]/)*2^(9+i/3)}printf("%04o",k)}') size=$(echo "$ls_line" | awk '{ print $5 }') links=$(echo "$ls_line" | awk '{ print $2 }') printf 'type: %s\nowner: %d %s\ngroup: %d %s\nmode: %s %s\nsize: %d\nlinks: %d\n' \ "$("$__type_explorer/type")" \ "$uid" "$owner" \ "$gid" "$group" \ "$mode" "$mode_text" \ "$size" \ "$links" } # nothing to work with, nothing we could do [ -e "$destination" ] || exit 0 command -v stat >/dev/null 2>&1 || { fallback exit } case $("$__explorer/os") in freebsd|netbsd|openbsd|macosx) stat -f 'type: %HT owner: %Du %Su group: %Dg %Sg mode: %Mp%03Lp %Sp size: %Dz links: %Dl ' "$destination" | awk '/^type/ { print tolower($0); next } { print }' ;; *) # NOTE: Do not use --printf here as it is not supported by BusyBox stat. # NOTE: BusyBox's stat might not support the "-c" option, in which case # we fall through to the shell fallback. stat -c 'type: %F owner: %u %U group: %g %G mode: %04a %A size: %s links: %h' "$destination" 2>/dev/null || fallback ;; esac cdist/cdist/conf/type/__file/explorer/type000077500000000000000000000016761427155744700212160ustar00rootroot00000000000000#!/bin/sh # # 2013 Steven Armstrong (steven-cdist armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # destination="/$__object_id" if [ ! -e "$destination" ]; then echo none elif [ -h "$destination" ]; then echo symlink elif [ -f "$destination" ]; then echo file elif [ -d "$destination" ]; then echo directory else echo unknown fi cdist/cdist/conf/type/__file/gencode-local000077500000000000000000000103151427155744700210570ustar00rootroot00000000000000#!/bin/sh -e # # 2011-2012 Nico Schottelius (nico-cdist at schottelius.org) # 2013-2022 Steven Armstrong (steven-cdist armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # destination="/$__object_id" state_should="$(cat "$__object/parameter/state")" type="$(cat "$__object/explorer/type")" [ "$state_should" = "exists" ] && [ "$type" = "file" ] && exit 0 # nothing to do if [ "$state_should" = "pre-exists" ]; then if [ -f "$__object/parameter/source" ]; then echo "--source cannot be used with --state pre-exists" exit 1 fi case $type in file) # nothing to do exit 0 ;; none) printf 'File "%s" does not exist\n' "$destination" >&2 exit 1 ;; directory|symlink) printf 'File "%s" exists and is a %s, but should be a regular file\n' "$destination" "$type" >&2 exit 1 ;; *) printf 'File or directory "%s" is in an unknown state\n' "$destination" >&2 exit 1 ;; esac fi upload_file= create_file= if [ "$state_should" = "present" ] || [ "$state_should" = "exists" ]; then if [ ! -f "$__object/parameter/source" ]; then remote_stat="$(cat "$__object/explorer/stat")" if [ -z "$remote_stat" ]; then create_file=1 echo create >> "$__messages_out" fi else source="$(cat "$__object/parameter/source")" if [ "$source" = "-" ]; then source="$__object/stdin" fi if [ ! -f "$source" ]; then echo "Source \"$source\" does not exist." >&2 exit 1 else if [ "$type" != "file" ]; then # destination is not a regular file, upload source to replace it upload_file=1 echo upload >> "$__messages_out" else local_cksum="$(cksum < "$source")" remote_cksum="$(cat "$__object/explorer/cksum")" if [ "$local_cksum" != "$remote_cksum" ]; then # destination is a regular file, but not the right one upload_file=1 fi fi fi fi if [ "$create_file" ] || [ "$upload_file" ]; then # tell gencode-remote that we created or uploaded a file and that it must # set all attributes no matter what the explorer retreived mkdir "$__object/files" touch "$__object/files/set-attributes" if [ "$create_file" ]; then # When creating an empty file we create it locally and then # upload it so that permissions can be set before moving the file # into place. source="$__object/files/empty" touch "$source" fi # upload file to temp location upload_destination="${destination}.cdist.${__cdist_object_marker}.$$" # Yes, we are aware that this is a race condition. # However: # a) cdist usually writes to directories that are not user writable # (probably > 99.9%) # b) if they are user owned, the user / attacker always wins # (probably < 0.1%) # c) the only case which we could improve are tmp directories and we # don't think managing tmp directories with cdist is a typical case # ("the rest %)" # Tell gencode-remote to where we uploaded the file so it can move # it to its final destination. echo "$upload_destination" > "$__object/files/upload-destination" # IPv6 fix if echo "${__target_host}" | grep -q -E '^[0-9a-fA-F:]+$' then my_target_host="[${__target_host}]" else my_target_host="${__target_host}" fi cat << DONE $__remote_copy "$source" "${my_target_host}:${upload_destination}" DONE fi fi cdist/cdist/conf/type/__file/gencode-remote000077500000000000000000000074641427155744700212730ustar00rootroot00000000000000#!/bin/sh -e # # 2011-2013 Nico Schottelius (nico-cdist at schottelius.org) # 2013-2022 Steven Armstrong (steven-cdist armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # destination="/$__object_id" state_should="$(cat "$__object/parameter/state")" type="$(cat "$__object/explorer/type")" stat_file="$__object/explorer/stat" fire_onchange='' get_current_value() { if [ -s "$stat_file" ]; then _name="$1" _value="$2" case "$_value" in [0-9]*) _index=2 ;; *) _index=3 ;; esac awk '/'"$_name"':/ { print $'$_index' }' "$stat_file" unset _name _value _index fi } set_group() { echo "chgrp '$1' '$destination'" echo "chgrp '$1'" >> "$__messages_out" fire_onchange=1 } set_owner() { echo "chown '$1' '$destination'" echo "chown '$1'" >> "$__messages_out" fire_onchange=1 } set_mode() { echo "chmod '$1' '$destination'" echo "chmod '$1'" >> "$__messages_out" fire_onchange=1 } case "$state_should" in present|exists) if [ -f "$__object/files/upload-destination" ]; then final_destination="$destination" # We change the 'global' $destination variable here so we can # change attributes of the new/uploaded file before moving it # to it's final destination. destination="$(cat "$__object/files/upload-destination")" fi # Note: Mode - needs to happen last as a chown/chgrp can alter mode by # clearing S_ISUID and S_ISGID bits (see chown(2)) for attribute in group owner mode; do if [ -f "$__object/parameter/$attribute" ]; then value_should="$(cat "$__object/parameter/$attribute")" # format mode in four digits => same as stat returns if [ "$attribute" = mode ]; then # Convert to four-digit octal number (printf interprets # strings with leading 0s as octal!) value_should=$(printf '%04o' "0${value_should}") fi value_is="$(get_current_value "$attribute" "$value_should")" if [ -f "$__object/files/set-attributes" ] || [ "$value_should" != "$value_is" ]; then "set_$attribute" "$value_should" fi fi done if [ -f "$__object/files/upload-destination" ]; then # move uploaded file into place printf 'rm -rf "%s"\n' "$final_destination" printf 'mv "%s" "%s"\n' "$destination" "$final_destination" fi if [ -f "$__object/files/set-attributes" ]; then # set-attributes is created if file is created or uploaded in gencode-local fire_onchange=1 fi ;; absent) if [ "$type" = "file" ]; then echo "rm -f '$destination'" echo remove >> "$__messages_out" fire_onchange=1 fi ;; pre-exists) : ;; *) echo "Unknown state: $state_should" >&2 exit 1 ;; esac if [ -f "$__object/parameter/onchange" ]; then if [ -n "$fire_onchange" ]; then cat "$__object/parameter/onchange" fi fi cdist/cdist/conf/type/__file/man.rst000066400000000000000000000062541427155744700177510ustar00rootroot00000000000000cdist-type__file(7) =================== NAME ---- cdist-type__file - Manage files. DESCRIPTION ----------- This cdist type allows you to create files, remove files and set file attributes on the target. If the file already exists on the target, then if it is a: regular file, and state is: present replace it with the source file if they are not equal exists do nothing symlink replace it with the source file directory replace it with the source file One exception is that when state is pre-exists, an error is raised if the file would have been created otherwise (e.g. it is not present or not a regular file). In any case, make sure that the file attributes are as specified. REQUIRED PARAMETERS ------------------- None. OPTIONAL PARAMETERS ------------------- state 'present', 'absent', 'exists' or 'pre-exists', defaults to 'present' where: present the file is exactly the one from source absent the file does not exist exists the file from source but only if it doesn't already exist pre-exists check that the file exists and is a regular file, but do not create or modify it group Group to chgrp to. Defaults to ``root``. mode Unix permissions, suitable for chmod. Defaults to a very secure ``0600``. owner User to chown to. Defaults to ``root``. source If supplied, copy this file from the host running cdist to the target. If not supplied, an empty file or directory will be created. If source is '-' (dash), take what was written to stdin as the file content. onchange The code to run if file is modified. MESSAGES -------- chgrp Changed group membership chown Changed owner chmod Changed mode create Empty file was created (no --source specified) remove File exists, but state is absent, file will be removed by generated code. upload File was uploaded EXAMPLES -------- .. code-block:: sh # Create /etc/cdist-configured as an empty file __file /etc/cdist-configured # The same thing __file /etc/cdist-configured --state present # Use __file from another type __file /etc/issue --source "$__type/files/archlinux" --state present # Delete existing file __file /etc/cdist-configured --state absent # Supply some more settings __file /etc/shadow --source "$__type/files/shadow" \ --owner root --group shadow --mode 0640 \ --state present # Provide a default file, but let the user change it __file /home/frodo/.bashrc --source "/etc/skel/.bashrc" \ --state exists \ --owner frodo --mode 0600 # Check that the file is present, show an error when it is not __file /etc/somefile --state pre-exists # Take file content from stdin __file /tmp/whatever --owner root --group root --mode 644 --source - << DONE Here goes the content for /tmp/whatever DONE AUTHORS ------- Nico Schottelius COPYING ------- Copyright \(C) 2011-2013 Nico Schottelius. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__file/parameter/000077500000000000000000000000001427155744700204155ustar00rootroot00000000000000cdist/cdist/conf/type/__file/parameter/default/000077500000000000000000000000001427155744700220415ustar00rootroot00000000000000cdist/cdist/conf/type/__file/parameter/default/state000066400000000000000000000000101427155744700230730ustar00rootroot00000000000000present cdist/cdist/conf/type/__file/parameter/optional000066400000000000000000000000471427155744700221660ustar00rootroot00000000000000state group mode owner source onchange cdist/cdist/conf/type/__filesystem/000077500000000000000000000000001427155744700177025ustar00rootroot00000000000000cdist/cdist/conf/type/__filesystem/explorer/000077500000000000000000000000001427155744700215425ustar00rootroot00000000000000cdist/cdist/conf/type/__filesystem/explorer/lsblk000066400000000000000000000025371427155744700226030ustar00rootroot00000000000000#!/bin/sh # # 2016 - 2016 Daniel Heule (hda at sfs.biz) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # os=$("${__explorer:?}/os") if [ -f "${__object:?}/parameter/device" ]; then blkdev="$(cat "$__object/parameter/device")" else blkdev="${__object_id:?}" fi case "$os" in alpine|centos|fedora|gentoo|redhat|suse|ubuntu) if [ ! -x "$(command -v lsblk)" ]; then echo "lsblk is required for __filesystem type" >&2 exit 1 else #echo -n $(lsblk -nd -P -o NAME,FSTYPE,LABEL,MOUNTPOINT "$blkdev" 2>/dev/null) lsblk -nd -P -o NAME,FSTYPE,LABEL,MOUNTPOINT "$blkdev" 2>/dev/null fi ;; *) echo "__filesystem type lacks implementation for os: $os" >&2 exit 1 ;; esac cdist/cdist/conf/type/__filesystem/gencode-remote000077500000000000000000000062071427155744700225320ustar00rootroot00000000000000#!/bin/sh -e # # 2016 - 2016 Daniel Heule (hda at sfs.biz) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # fstype="$(cat "$__object/parameter/fstype")" if [ -f "$__object/parameter/device" ]; then mydev="$(cat "$__object/parameter/device")" else mydev="$__object_id" fi label="$(cat "$__object/parameter/label")" mkfsoptions="$(cat "$__object/parameter/mkfsoptions")" if [ -f "$__object/parameter/force" ]; then # create filesystem even an other filesystem is on disk or the label is not correct, use with caution ! forcefs="true" else forcefs="false" fi blkdev_devname="$(grep -P -o 'NAME="\K[^"]*' "$__object/explorer/lsblk")" blkdev_fstype="$(grep -P -o 'FSTYPE="\K[^"]*' "$__object/explorer/lsblk")" blkdev_label="$(grep -P -o 'LABEL="\K[^"]*' "$__object/explorer/lsblk")" blkdev_mountpoint="$(grep -P -o 'MOUNTPOINT="\K[^"]*' "$__object/explorer/lsblk")" if [ -z "$blkdev_devname" ]; then echo "Specified device $mydev not found on target system" >&2 exit 1 fi [ "$blkdev_label" = "$label" ] && [ "$blkdev_fstype" = "$fstype" ] && exit 0 if [ -n "$blkdev_mountpoint" ]; then echo "Specified device $mydev is mounted on $blkdev_mountpoint, __filesystem does NOTHING with mountd devices" >&2 exit 0 fi if [ -n "$blkdev_fstype" ] && [ "$forcefs" != "true" ]; then if [ "$blkdev_label" != "$label" ]; then echo "Specified device $mydev has not the spezified label: $blkdev_label, but __filesystem does NOTHING in this case without the --force option" >&2 exit 0 fi if [ "$blkdev_fstype" != "$fstype" ]; then echo "Specified device $mydev has not the spezified filesystem: $blkdev_fstype, but __filesystem does NOTHING in this case without the --force option" >&2 exit 0 fi fi # ok, all conditions checked, we need to format the device, lets go opts="$mkfsoptions" if [ -n "$label" ]; then opts="$opts -L '$label'" fi case "$fstype" in ext2|ext3|ext4) if [ "$forcefs" = "true" ]; then opts="$opts -F" fi echo "mkfs.$fstype $opts /dev/$blkdev_devname" ;; btrfs) if [ "$forcefs" = "true" ]; then opts="$opts --force" fi echo "mkfs.btrfs $opts /dev/$blkdev_devname" ;; xfs) if [ "$forcefs" = "true" ]; then opts="$opts -f" fi echo "mkfs.xfs $opts /dev/$blkdev_devname" ;; *) echo "__filesystem type lacks implementation for filesystem: $fstype" >&2 exit 1 ;; esac echo "filesystem $fstype on $mydev : /dev/$blkdev_devname created" >> "$__messages_out" cdist/cdist/conf/type/__filesystem/man.rst000066400000000000000000000040731427155744700212130ustar00rootroot00000000000000cdist-type__filesystem(7) ========================= NAME ---- cdist-type__filesystem - Create Filesystems. DESCRIPTION ----------- This cdist type allows you to create filesystems on devices. If the device is mounted on target, it refuses to do anything. If the device has a filesystem other then the specified and/or the label is not correct, it only makes a new filesystem if you have specified --force option. REQUIRED PARAMETERS ------------------- fstype Filesystem type, for example 'ext3', 'btrfs' or 'xfs'. OPTIONAL PARAMETERS ------------------- device Blockdevice for filesystem, Defaults to object_id. On linux, it can be any lsblk accepted device notation. | | For example: | /dev/sdx | or /dev/disk/by-xxxx/xxx | or /dev/mapper/xxxx label Label which should be applied on the filesystem. mkfsoptions Additional options which are inserted to the mkfs.xxx call. BOOLEAN PARAMETERS ------------------ force Normally, this type does nothing if a filesystem is found on the target device. If you specify force, it's formatted if the filesystem type or label differs from parameters. Warning: This option can easily lead into data loss! MESSAGES -------- filesystem on \: created Filesystem was created on EXAMPLES -------- .. code-block:: sh # Ensures that device /dev/sdb is formatted with xfs __filesystem /dev/sdb --fstype xfs --label Testdisk1 # The same thing with btrfs and disk spezified by pci path to disk 1:0 on vmware __filesystem dev_sdb --fstype btrfs --device /dev/disk/by-path/pci-0000:0b:00.0-scsi-0:0:0:0 --label Testdisk2 # Make sure that a multipath san device has a filesystem ... __filesystem dev_sdb --fstype xfs --device /dev/mapper/360060e80432f560050202f22000023ff --label Testdisk3 AUTHORS ------- Daniel Heule COPYING ------- Copyright \(C) 2016 Daniel Heule. Free use of this software is granted under the terms of the GNU General Public License version 3 or any later version (GPLv3+). cdist/cdist/conf/type/__filesystem/parameter/000077500000000000000000000000001427155744700216625ustar00rootroot00000000000000cdist/cdist/conf/type/__filesystem/parameter/boolean000066400000000000000000000000061427155744700232200ustar00rootroot00000000000000force cdist/cdist/conf/type/__filesystem/parameter/default/000077500000000000000000000000001427155744700233065ustar00rootroot00000000000000cdist/cdist/conf/type/__filesystem/parameter/default/label000066400000000000000000000000001427155744700242760ustar00rootroot00000000000000cdist/cdist/conf/type/__filesystem/parameter/default/mkfsoptions000066400000000000000000000000001427155744700255730ustar00rootroot00000000000000cdist/cdist/conf/type/__filesystem/parameter/optional000066400000000000000000000000311427155744700234240ustar00rootroot00000000000000device label mkfsoptions cdist/cdist/conf/type/__filesystem/parameter/required000066400000000000000000000000071427155744700234220ustar00rootroot00000000000000fstype cdist/cdist/conf/type/__firewalld_rule/000077500000000000000000000000001427155744700205165ustar00rootroot00000000000000cdist/cdist/conf/type/__firewalld_rule/explorer/000077500000000000000000000000001427155744700223565ustar00rootroot00000000000000cdist/cdist/conf/type/__firewalld_rule/explorer/rule000066400000000000000000000021171427155744700232510ustar00rootroot00000000000000#!/bin/sh # # 2015 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # protocol="$(cat "$__object/parameter/protocol")" table="$(cat "$__object/parameter/table")" chain="$(cat "$__object/parameter/chain")" priority="$(cat "$__object/parameter/priority")" rule="$(cat "$__object/parameter/rule")" if firewall-cmd --permanent --direct --query-rule "$protocol" "$table" "$chain" "$priority" "$rule" >/dev/null; then echo present else echo absent fi cdist/cdist/conf/type/__firewalld_rule/gencode-remote000077500000000000000000000032171427155744700233440ustar00rootroot00000000000000#!/bin/sh -e # # 2015 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # state_should="$(cat "$__object/parameter/state")" state_is="$(cat "$__object/explorer/rule")" [ "$state_is" = "$state_should" ] && exit 0 protocol="$(cat "$__object/parameter/protocol")" table="$(cat "$__object/parameter/table")" chain="$(cat "$__object/parameter/chain")" priority="$(cat "$__object/parameter/priority")" rule="$(cat "$__object/parameter/rule")" case "$state_should" in present) echo "firewall-cmd --quiet --permanent --direct --add-rule '$protocol' '$table' '$chain' '$priority' $rule" echo "firewall-cmd --quiet --direct --add-rule '$protocol' '$table' '$chain' '$priority' $rule" ;; absent) echo "firewall-cmd --quiet --permanent --direct --remove-rule '$protocol' '$table' '$chain' '$priority' $rule" echo "firewall-cmd --quiet --direct --remove-rule '$protocol' '$table' '$chain' '$priority' $rule" ;; *) echo "Unknown state $state_should" >&2 exit 1 ;; esac cdist/cdist/conf/type/__firewalld_rule/man.rst000066400000000000000000000036671427155744700220370ustar00rootroot00000000000000cdist-type__firewalld_rule(7) ============================= NAME ---- cdist-type__firewalld_rule - Configure firewalld rules DESCRIPTION ----------- This cdist type allows you to manage rules in firewalld using the *direct* way (i.e. no zone support). REQUIRED PARAMETERS ------------------- rule The rule to apply. Essentially an firewalld command line without firewalld in front of it. protocol Either ipv4, ipv4 or eb. See firewall-cmd(1) table The table to use (like filter or nat). See firewall-cmd(1). chain The chain to use (like INPUT_direct or FORWARD_direct). See firewall-cmd(1). priority The priority to use (0 is topmost). See firewall-cmd(1). OPTIONAL PARAMETERS ------------------- state 'present' or 'absent', defaults to 'present' EXAMPLES -------- .. code-block:: sh # Allow access from entrance.place4.ungleich.ch __firewalld_rule entrance \ --protocol ipv4 \ --table filter \ --chain INPUT_direct \ --priority 0 \ --rule '-s entrance.place4.ungleich.ch -j ACCEPT' # Allow forwarding of traffic from br0 __firewalld_rule vm-forward --protocol ipv4 \ --table filter \ --chain FORWARD_direct \ --priority 0 \ --rule '-i br0 -j ACCEPT' # Ensure old rule is absent - warning, the rule part must stay the same! __firewalld_rule vm-forward --protocol ipv4 \ --table filter \ --chain FORWARD_direct \ --priority 0 \ --rule '-i br0 -j ACCEPT' \ --state absent SEE ALSO -------- :strong:`cdist-type__iptables_rule`\ (7), :strong:`firewalld`\ (8) AUTHORS ------- Nico Schottelius COPYING ------- Copyright \(C) 2015 Nico Schottelius. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__firewalld_rule/manifest000077500000000000000000000014351427155744700222550ustar00rootroot00000000000000#!/bin/sh -e # # 2015 David Hürlimann (david at ungleich.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # This type allows to configure the desired localtime timezone. __package firewalld cdist/cdist/conf/type/__firewalld_rule/parameter/000077500000000000000000000000001427155744700224765ustar00rootroot00000000000000cdist/cdist/conf/type/__firewalld_rule/parameter/default/000077500000000000000000000000001427155744700241225ustar00rootroot00000000000000cdist/cdist/conf/type/__firewalld_rule/parameter/default/state000066400000000000000000000000101427155744700251540ustar00rootroot00000000000000present cdist/cdist/conf/type/__firewalld_rule/parameter/optional000066400000000000000000000000061427155744700242420ustar00rootroot00000000000000state cdist/cdist/conf/type/__firewalld_rule/parameter/required000066400000000000000000000000431427155744700242360ustar00rootroot00000000000000chain priority protocol rule table cdist/cdist/conf/type/__firewalld_start/000077500000000000000000000000001427155744700207045ustar00rootroot00000000000000cdist/cdist/conf/type/__firewalld_start/gencode-remote000077500000000000000000000041621427155744700235320ustar00rootroot00000000000000#!/bin/sh -e # # 2016 Darko Poljak(darko.poljak at ungleich.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # startstate="$(cat "$__object/parameter/startstate")" init=$(cat "$__global/explorer/init") os=$(cat "$__global/explorer/os") os_version=$(cat "$__global/explorer/os_version") name="firewalld" case "${startstate}" in present) cmd="start" ;; absent) cmd="stop" ;; *) echo "Unknown startstate: ${startstate}" >&2 exit 1 ;; esac if [ "$init" = 'systemd' ]; then # this handles ALL linux distros with systemd # e.g. archlinux, gentoo in some cases, new RHEL and SLES versions echo "systemctl \"$cmd\" \"$name\"" else case "$os" in debian) case "$os_version" in [1-7]*) echo "service \"$name\" \"$cmd\"" ;; 8*) echo "systemctl \"$cmd\" \"$name\"" ;; *) echo "Unsupported version $os_version of $os" >&2 exit 1 ;; esac ;; gentoo) echo service \"$name\" \"$cmd\" ;; amazon|scientific|centos|fedora|owl|redhat|suse) echo service \"$name\" \"$cmd\" ;; openwrt) echo "/etc/init.d/\"$name\" \"$cmd\"" ;; ubuntu) echo "service \"$name\" \"$cmd\"" ;; *) echo "Unsupported os: $os" >&2 exit 1 ;; esac fi cdist/cdist/conf/type/__firewalld_start/man.rst000066400000000000000000000020311427155744700222050ustar00rootroot00000000000000cdist-type__firewalld_start(7) ============================== NAME ---- cdist-type__firewalld_start - start and enable firewalld DESCRIPTION ----------- This cdist type allows you to start and enable firewalld. REQUIRED PARAMETERS ------------------- None OPTIONAL PARAMETERS ------------------- startstate 'present' or 'absent', start/stop firewalld. Default is 'present'. bootstate 'present' or 'absent', enable/disable firewalld on boot. Default is 'present'. EXAMPLES -------- .. code-block:: sh # start and enable firewalld __firewalld_start # only enable firewalld to start on boot __firewalld_start --startstate present --bootstate absent SEE ALSO -------- :strong:`firewalld`\ (8) AUTHORS ------- Darko Poljak COPYING ------- Copyright \(C) 2016 Darko Poljak. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__firewalld_start/manifest000077500000000000000000000015371427155744700224460ustar00rootroot00000000000000#!/bin/sh -e # # 2016 Darko Poljak (darko.poljak at ungleich.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . bootstate="$(cat "$__object/parameter/bootstate")" __package firewalld require="__package/firewalld" __start_on_boot firewalld --state "${bootstate}" cdist/cdist/conf/type/__firewalld_start/parameter/000077500000000000000000000000001427155744700226645ustar00rootroot00000000000000cdist/cdist/conf/type/__firewalld_start/parameter/default/000077500000000000000000000000001427155744700243105ustar00rootroot00000000000000cdist/cdist/conf/type/__firewalld_start/parameter/default/bootstate000066400000000000000000000000101427155744700262260ustar00rootroot00000000000000present cdist/cdist/conf/type/__firewalld_start/parameter/default/startstate000066400000000000000000000000101427155744700264200ustar00rootroot00000000000000present cdist/cdist/conf/type/__firewalld_start/parameter/optional000066400000000000000000000000251427155744700244310ustar00rootroot00000000000000bootstate startstate cdist/cdist/conf/type/__firewalld_start/singleton000066400000000000000000000000001427155744700226170ustar00rootroot00000000000000cdist/cdist/conf/type/__git/000077500000000000000000000000001427155744700163015ustar00rootroot00000000000000cdist/cdist/conf/type/__git/explorer/000077500000000000000000000000001427155744700201415ustar00rootroot00000000000000cdist/cdist/conf/type/__git/explorer/group000066400000000000000000000010401427155744700212130ustar00rootroot00000000000000#!/bin/sh -e destination="/${__object_id:?}/.git" # shellcheck disable=SC2012 group_gid=$(ls -ldn "${destination}" | awk '{ print $4 }') # NOTE: +1 because $((notanum)) prints 0. if test $((group_gid + 1)) -ge 0 then group_should=$(cat "${__object:?}/parameter/group") if expr "${group_should}" : '[0-9]*$' >/dev/null then printf '%u\n' "${group_gid}" else if command -v getent > /dev/null then getent group "${group_gid}" | cut -d : -f 1 else awk -F: -v gid="${group_gid}" '$3 == gid { print $1 }' /etc/group fi fi fi cdist/cdist/conf/type/__git/explorer/owner000066400000000000000000000006431427155744700212210ustar00rootroot00000000000000#!/bin/sh -e destination="/${__object_id:?}/.git" # shellcheck disable=SC2012 owner_uid=$(ls -ldn "${destination}" | awk '{ print $3 }') # NOTE: +1 because $((notanum)) prints 0. if test $((owner_uid + 1)) -ge 0 then owner_should=$(cat "${__object:?}/parameter/owner") if expr "${owner_should}" : '[0-9]*$' >/dev/null then printf '%u\n' "${owner_uid}" else printf '%s\n' "$(id -u -n "${owner_uid}")" fi fi cdist/cdist/conf/type/__git/explorer/state000077500000000000000000000015331427155744700212110ustar00rootroot00000000000000#!/bin/sh # # 2012 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Check whether repository exists # destination="/$__object_id/.git" if [ -d "$destination" ]; then echo present else echo absent fi cdist/cdist/conf/type/__git/gencode-remote000077500000000000000000000040651427155744700211310ustar00rootroot00000000000000#!/bin/sh -e # # 2012 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # state_is=$(cat "$__object/explorer/state") owner_is=$(cat "$__object/explorer/owner") group_is=$(cat "$__object/explorer/group") state_should=$(cat "$__object/parameter/state") branch=$(cat "$__object/parameter/branch") source=$(cat "$__object/parameter/source") destination="/$__object_id" owner=$(cat "$__object/parameter/owner") group=$(cat "$__object/parameter/group") mode=$(cat "$__object/parameter/mode") [ -f "$__object/parameter/recursive" ] && recursive='--recurse-submodules' || recursive='' [ -f "$__object/parameter/shallow" ] && shallow='--depth 1 --shallow-submodules' || shallow='' [ "$state_should" = "$state_is" ] \ && [ "$owner" = "$owner_is" ] \ && [ "$group" = "$group_is" ] \ && [ -n "$mode" ] && exit 0 case $state_should in present) if [ "$state_should" != "$state_is" ]; then echo git clone --quiet "$recursive" "$shallow" --branch "$branch" "$source" "$destination" fi if { [ -n "$owner" ] && [ "$owner_is" != "$owner" ]; } || \ { [ -n "$group" ] && [ "$group_is" != "$group" ]; }; then echo chown -R "${owner}:${group}" "$destination" fi if [ -n "$mode" ]; then echo chmod -R "$mode" "$destination" fi ;; absent) # Handled in manifest ;; *) echo "Unknown state: $state_should" >&2 exit 1 ;; esac cdist/cdist/conf/type/__git/man.rst000066400000000000000000000025421427155744700176110ustar00rootroot00000000000000cdist-type__git(7) ================== NAME ---- cdist-type__git - Get and or keep git repositories up-to-date DESCRIPTION ----------- This cdist type allows you to clone git repositories REQUIRED PARAMETERS ------------------- source Specifies the git remote to clone from OPTIONAL PARAMETERS ------------------- state Either "present" or "absent", defaults to "present" branch Create this branch by checking out the remote branch of this name Default branch is "master" group Group to chgrp to. mode Unix permissions, suitable for chmod. owner User to chown to. recursive Passes the --recurse-submodules flag to git when cloning the repository. shallow Sets --depth=1 and --shallow-submodules for cloning repositories with big history. EXAMPLES -------- .. code-block:: sh __git /home/services/dokuwiki --source git://github.com/splitbrain/dokuwiki.git # Checkout cdist, stay on branch 2.1 __git /home/nico/cdist --source git@code.ungleich.ch:ungleich-public/cdist.git --branch 2.1 AUTHORS ------- Nico Schottelius COPYING ------- Copyright \(C) 2012 Nico Schottelius. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__git/manifest000077500000000000000000000024261427155744700200410ustar00rootroot00000000000000#!/bin/sh -e # # 2012 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Ensure git is present # __package git --state present state_should="$(cat "$__object/parameter/state")" owner="$(cat "$__object/parameter/owner")" group="$(cat "$__object/parameter/group")" mode="$(cat "$__object/parameter/mode")" # Let __directory handle removal of git repos case "$state_should" in present) : ;; absent) __directory "$__object_id" --state absent \ --owner "$owner" \ --group "$group" \ --mode "$mode" ;; *) echo "Unknown state: $state_should" >&2 exit 1 ;; esac cdist/cdist/conf/type/__git/parameter/000077500000000000000000000000001427155744700202615ustar00rootroot00000000000000cdist/cdist/conf/type/__git/parameter/boolean000066400000000000000000000000221427155744700216150ustar00rootroot00000000000000recursive shallow cdist/cdist/conf/type/__git/parameter/default/000077500000000000000000000000001427155744700217055ustar00rootroot00000000000000cdist/cdist/conf/type/__git/parameter/default/branch000066400000000000000000000000071427155744700230620ustar00rootroot00000000000000master cdist/cdist/conf/type/__git/parameter/default/group000066400000000000000000000000011427155744700227530ustar00rootroot00000000000000 cdist/cdist/conf/type/__git/parameter/default/mode000066400000000000000000000000011427155744700225430ustar00rootroot00000000000000 cdist/cdist/conf/type/__git/parameter/default/owner000066400000000000000000000000011427155744700227510ustar00rootroot00000000000000 cdist/cdist/conf/type/__git/parameter/default/state000066400000000000000000000000101427155744700227370ustar00rootroot00000000000000present cdist/cdist/conf/type/__git/parameter/optional000066400000000000000000000000361427155744700220300ustar00rootroot00000000000000state branch group owner mode cdist/cdist/conf/type/__git/parameter/required000066400000000000000000000000071427155744700220210ustar00rootroot00000000000000source cdist/cdist/conf/type/__go_get/000077500000000000000000000000001427155744700167625ustar00rootroot00000000000000cdist/cdist/conf/type/__go_get/explorer/000077500000000000000000000000001427155744700206225ustar00rootroot00000000000000cdist/cdist/conf/type/__go_get/explorer/go-executable000077500000000000000000000002711427155744700232740ustar00rootroot00000000000000#!/bin/sh # shellcheck disable=SC1091 [ -f /etc/environment ] && . /etc/environment # shellcheck disable=SC1091 [ -f /etc/profile ] && . /etc/profile go version 2>/dev/null || true cdist/cdist/conf/type/__go_get/gencode-remote000077500000000000000000000002771427155744700216130ustar00rootroot00000000000000#!/bin/sh -e package=$__object_id cat< COPYING ------- Copyright \(C) 2017 Kamila SouÄková. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__go_get/manifest000077500000000000000000000007501427155744700205200ustar00rootroot00000000000000#!/bin/sh -e go_executable=$(cat "$__object/explorer/go-executable") [ -z "$go_executable" ] && echo "__go_get: Cannot find go executable; make sure it is installed and in PATH" >&2 && exit 1 os=$(cat "$__global/explorer/os") case $os in debian|devuan|ubuntu) __package build-essential ;; *) echo "__go_get: Don't know how to install g++ on $os" >&2 echo "__go_get: Send a pull request or contact to add support for $os." >&2 exit 1 ;; esac __package git cdist/cdist/conf/type/__golang_from_vendor/000077500000000000000000000000001427155744700213655ustar00rootroot00000000000000cdist/cdist/conf/type/__golang_from_vendor/gencode-remote000077500000000000000000000011751427155744700242140ustar00rootroot00000000000000#!/bin/sh -e version=$(cat "$__object/parameter/version") kernel_name=$(tr '[:upper:]' '[:lower:]' < "$__global/explorer/kernel_name") machine=$(cat "$__global/explorer/machine") case $machine in x86_64|amd64) arch=amd64 ;; x86) arch=386 ;; *) arch=$machine # at least try... ;; esac PACKAGE="go${version}.${kernel_name}-${arch}" URL="https://storage.googleapis.com/golang/${PACKAGE}.tar.gz" cat </dev/null)" = "xgo$version" ] && exit 0 # already there wget --no-verbose "$URL" -O "/tmp/${PACKAGE}.tar.gz" rm -rf /usr/local/go tar -C /usr/local -xzf /tmp/${PACKAGE}.tar.gz EOF cdist/cdist/conf/type/__golang_from_vendor/man.rst000066400000000000000000000016771427155744700227050ustar00rootroot00000000000000cdist-type__golang_from_vendor(7) ================================= NAME ---- cdist-type__golang_from_vendor - Install any version of golang from golang.org DESCRIPTION ----------- This cdist type allows you to install golang from archives provided by https://golang.org/dl/. See https://golang.org/dl/ for the list of supported versions, operating systems and architectures. This is a singleton type. REQUIRED PARAMETERS ------------------- None. OPTIONAL PARAMETERS ------------------- version The golang version to install, defaults to 1.8.1 EXAMPLES -------- .. code-block:: sh __golang_from_vendor --version 1.8.1 AUTHORS ------- Kamila SouÄková COPYING ------- Copyright \(C) 2017 Kamila SouÄková. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__golang_from_vendor/manifest000077500000000000000000000001751427155744700231240ustar00rootroot00000000000000#!/bin/sh -e # shellcheck disable=SC2016 __line go_in_path --line 'export PATH=/usr/local/go/bin:$PATH' --file /etc/profile cdist/cdist/conf/type/__golang_from_vendor/parameter/000077500000000000000000000000001427155744700233455ustar00rootroot00000000000000cdist/cdist/conf/type/__golang_from_vendor/parameter/default/000077500000000000000000000000001427155744700247715ustar00rootroot00000000000000cdist/cdist/conf/type/__golang_from_vendor/parameter/default/version000066400000000000000000000000061427155744700263750ustar00rootroot000000000000001.8.1 cdist/cdist/conf/type/__golang_from_vendor/parameter/optional000066400000000000000000000000101427155744700251040ustar00rootroot00000000000000version cdist/cdist/conf/type/__golang_from_vendor/singleton000066400000000000000000000000001427155744700233000ustar00rootroot00000000000000cdist/cdist/conf/type/__grafana_dashboard/000077500000000000000000000000001427155744700211245ustar00rootroot00000000000000cdist/cdist/conf/type/__grafana_dashboard/man.rst000066400000000000000000000014271427155744700224350ustar00rootroot00000000000000cdist-type__grafana_dashboard(7) ================================ NAME ---- cdist-type__grafana_dashboard - Install Grafana (https://grafana.com) DESCRIPTION ----------- This cdist type adds the Grafana repository, installs the grafana package, and sets the server to start on boot. This is a singleton type. REQUIRED PARAMETERS ------------------- None. OPTIONAL PARAMETERS ------------------- None. EXAMPLES -------- .. code-block:: sh __grafana_dashboard AUTHORS ------- Kamila SouÄková COPYING ------- Copyright \(C) 2017 Kamila SouÄková. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__grafana_dashboard/manifest000077500000000000000000000032211427155744700226560ustar00rootroot00000000000000#!/bin/sh -e os=$(cat "$__global/explorer/os") os_version=$(cat "$__global/explorer/os_version") require="" case $os in debian|devuan) case $os_version in 8*|jessie) # Differntation not needed anymore apt_source_distribution=stable ;; 9*|ascii/ceres|ascii) # Differntation not needed anymore apt_source_distribution=stable ;; 10*|11*) # Differntation not needed anymore apt_source_distribution=stable ;; *) echo "Don't know how to install Grafana on $os $os_version. Send us a pull request!" >&2 exit 1 ;; esac __apt_key_uri grafana \ --name 'Grafana Release Signing Key' \ --uri https://packages.grafana.com/gpg.key require="$require __apt_key_uri/grafana" __apt_source grafana \ --uri https://packages.grafana.com/oss/deb \ --distribution $apt_source_distribution \ --component main __package apt-transport-https require="$require __apt_source/grafana" __apt_update_index require="$require __package/apt-transport-https __apt_update_index" __package grafana require="$require __package/grafana" __start_on_boot grafana-server require="$require __start_on_boot/grafana-server" __process grafana-server --start "service grafana-server start" ;; *) echo "Don't know how to install Grafana on $os. Send us a pull request!" >&2 exit 1 ;; esac cdist/cdist/conf/type/__grafana_dashboard/singleton000066400000000000000000000000001427155744700230370ustar00rootroot00000000000000cdist/cdist/conf/type/__group/000077500000000000000000000000001427155744700166525ustar00rootroot00000000000000cdist/cdist/conf/type/__group/explorer/000077500000000000000000000000001427155744700205125ustar00rootroot00000000000000cdist/cdist/conf/type/__group/explorer/group000077500000000000000000000023031427155744700215720ustar00rootroot00000000000000#!/bin/sh # # 2011-2015 Steven Armstrong (steven-cdist at armstrong.cc) # 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Get an existing groups group entry. # not_supported() { echo "Your operating system ($("$__explorer/os")) is currently not supported." >&2 echo "Cannot extract group information." >&2 echo "Please contribute an implementation for it if you can." >&2 exit 1 } name=$__object_id if command -v getent >/dev/null then getent group "$name" || true elif [ -f /etc/group ] then grep "^${name}:" /etc/group || true else not_supported fi cdist/cdist/conf/type/__group/explorer/gshadow000077500000000000000000000024641427155744700221020ustar00rootroot00000000000000#!/bin/sh # # 2011-2015 Steven Armstrong (steven-cdist at armstrong.cc) # 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Get an existing groups gshadow entry. # name=$__object_id os=$("$__explorer/os") not_supported() { echo "Your operating system ($os) is currently not supported." >&2 echo "Cannot extract group information." >&2 echo "Please contribute an implementation for it if you can." >&2 exit 1 } case $os in "freebsd"|"netbsd") echo "$os does not have getent gshadow" >&2 exit 0 ;; esac if command -v getent >/dev/null then getent gshadow "$name" || true elif [ -f /etc/gshadow ] then grep "^${name}:" /etc/gshadow || true else not_supported fi cdist/cdist/conf/type/__group/gencode-remote000077500000000000000000000062331427155744700215010ustar00rootroot00000000000000#!/bin/sh -e # # 2011-2015 Steven Armstrong (steven-cdist at armstrong.cc) # 2011 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Manage groups. # name="$__object_id" os="$(cat "$__global/explorer/os")" state="$(cat "$__object/parameter/state")" # Use short option names for portability shorten_property() { case "$1" in gid) echo " -g";; password) echo " -p";; system) echo " -r";; esac } if [ "$state" = "present" ]; then case "$os" in freebsd) supported_change_properties="gid" ;; *) supported_change_properties="gid password" ;; esac if grep -q "^${name}:" "$__object/explorer/group"; then # change existing for property in $supported_change_properties; do if [ -f "$__object/parameter/$property" ]; then new_value="$(cat "$__object/parameter/$property")" unset current_value case "$property" in password) current_value="$(awk -F: '{ print $2 }' "$__object/explorer/gshadow")" ;; gid) current_value="$(awk -F: '{ print $3 }' "$__object/explorer/group")" ;; esac if [ "$new_value" != "$current_value" ]; then set -- "$@" "$(shorten_property "$property")" \'"$new_value"\' echo "change $property $new_value $current_value" >> "$__messages_out" fi fi done if [ $# -gt 0 ]; then if [ "$os" = "freebsd" ]; then echo pw groupmod "$@" "$name" else echo groupmod "$@" "$name" fi echo mod >> "$__messages_out" fi else # create new for property in $supported_change_properties; do if [ -f "$__object/parameter/$property" ]; then new_value="$(cat "$__object/parameter/$property")" if [ -z "$new_value" ]; then # Boolean parameters have no value set -- "$@" "$(shorten_property "$property")" else set -- "$@" "$(shorten_property "$property")" \'"$new_value"\' fi fi done if [ "$os" = "freebsd" ]; then echo pw groupadd "$name" "$@" else echo groupadd "$@" "$name" fi fi else # delete existing if grep -q "^${name}:" "$__object/explorer/group"; then if [ "$os" = "freebsd" ]; then echo pw groupdel "$name" else echo groupdel "$name" fi echo remove >> "$__messages_out" fi fi cdist/cdist/conf/type/__group/man.rst000066400000000000000000000030411427155744700201550ustar00rootroot00000000000000cdist-type__group(7) ==================== NAME ---- cdist-type__group - Manage groups DESCRIPTION ----------- This cdist type allows you to create or modify groups on the target. REQUIRED PARAMETERS ------------------- None. OPTIONAL PARAMETERS ------------------- state absent or present, defaults to present gid see groupmod(8) password see above BOOLEAN PARAMETERS ------------------ system see groupadd(8), apply only on group creation MESSAGES -------- mod group is modified add New group added remove group is removed change Changed group property from current_value to new_value set set property to new value, property was not set before EXAMPLES -------- .. code-block:: sh # Create a group 'foobar' with operating system default settings __group foobar # Remove the 'foobar' group __group foobar --state absent # Create a system group 'myservice' with operating system default settings __group myservice --system # Same but with a specific gid __group foobar --gid 1234 # Same but with a gid and password __group foobar --gid 1234 --password 'crypted-password-string' AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2011-2015 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__group/parameter/000077500000000000000000000000001427155744700206325ustar00rootroot00000000000000cdist/cdist/conf/type/__group/parameter/boolean000066400000000000000000000000071427155744700221710ustar00rootroot00000000000000system cdist/cdist/conf/type/__group/parameter/default/000077500000000000000000000000001427155744700222565ustar00rootroot00000000000000cdist/cdist/conf/type/__group/parameter/default/state000066400000000000000000000000101427155744700233100ustar00rootroot00000000000000present cdist/cdist/conf/type/__group/parameter/optional000066400000000000000000000000231427155744700223750ustar00rootroot00000000000000gid password state cdist/cdist/conf/type/__haproxy_dualstack/000077500000000000000000000000001427155744700212435ustar00rootroot00000000000000cdist/cdist/conf/type/__haproxy_dualstack/files/000077500000000000000000000000001427155744700223455ustar00rootroot00000000000000cdist/cdist/conf/type/__haproxy_dualstack/files/http000066400000000000000000000001471427155744700232510ustar00rootroot00000000000000frontend http bind BIND@:80 mode http option httplog default_backend http backend http mode http cdist/cdist/conf/type/__haproxy_dualstack/files/https000066400000000000000000000002761427155744700234370ustar00rootroot00000000000000frontend https bind BIND@:443 mode tcp option tcplog tcp-request inspect-delay 5s tcp-request content accept if { req_ssl_hello_type 1 } default_backend https backend https mode tcp cdist/cdist/conf/type/__haproxy_dualstack/files/imaps000066400000000000000000000003171427155744700234020ustar00rootroot00000000000000frontend imaps bind BIND@:143 bind BIND@:993 mode tcp option tcplog tcp-request inspect-delay 5s tcp-request content accept if { req_ssl_hello_type 1 } default_backend imaps backend imaps mode tcp cdist/cdist/conf/type/__haproxy_dualstack/files/smtps000066400000000000000000000003161427155744700234360ustar00rootroot00000000000000frontend smtps bind BIND@:25 bind BIND@:465 mode tcp option tcplog tcp-request inspect-delay 5s tcp-request content accept if { req_ssl_hello_type 1 } default_backend smtps backend smtps mode tcp cdist/cdist/conf/type/__haproxy_dualstack/man.rst000066400000000000000000000106611427155744700225540ustar00rootroot00000000000000cdist-type__haproxy_dualstack(7) ================================ NAME ---- cdist-type__haproxy_dualstack - Proxy services from a dual-stack server DESCRIPTION ----------- This (singleton) type installs and configures haproxy to act as a dual-stack proxy for single-stack services. This can be useful to add IPv4 support to IPv6-only services while only using one IPv4 for many such services. By default this type uses the plain TCP proxy mode, which means that there is no need for TLS termination on this host when SNI is supported. This also means that proxied services will not receive the client's IP address, but will see the proxy's IP address instead (that of `$__target_host`). This can be solved by using the PROXY protocol, but do take into account that, e.g. nginx cannot serve both regular HTTP(S) and PROXY protocols on the same port, so you will need to use other ports for that. As a recommendation in this type: use TCP ports 8080 and 591 respectively to serve HTTP and HTTPS using the PROXY protocol. See the EXAMPLES for more details. OPTIONAL PARAMETERS ------------------- v4proxy Proxy incoming IPv4 connections to the equivalent IPv6 endpoint. In its simplest use, it must be a NAME with an `AAAA` DNS entry, which is the IP address actually providing the proxied services. The full format of this argument is: `[proxy:]NAME[[:PROTOCOL_1=PORT_1]...[:PROTOCOL_N=PORT_N]]` Where starting with `proxy:` determines that the PROXY protocol must be used and each `:PROTOCOL=PORT` (e.g. `:http=8080` or `:https=591`) is a PORT override for the given PROTOCOL (see `--protocol`), if not present the PROTOCOL's default port will be used. v6proxy Proxy incoming IPv6 connections to the equivalent IPv4 endpoint. In its simplest use, it must be a NAME with an `A` DNS entry, which is the IP address actually providing the proxied services. See `--v4proxy` for more options and details. protocol Can be passed multiple times or as a space-separated list of protocols. Currently supported protocols are: `http`, `https`, `imaps`, `smtps`. This defaults to: `http https imaps smtps`. EXAMPLES -------- .. code-block:: sh # Proxy the IPv6-only services so IPv4-only clients can access them # This uses HAProxy's TCP mode for http, https, imaps and smtps __haproxy_dualstack \ --v4proxy ipv6.chat \ --v4proxy matrix.ungleich.ch # Proxy the IPv6-only HTTP(S) services so IPv4-only clients can access them # Note this means that the backend IPv6-only server will only see # the IPv6 address of the haproxy host managed by cdist, which can be # troublesome if this information is relevant for analytics/security/... # See the PROXY example below __haproxy_dualstack \ --protocol http --protocol https \ --v4proxy ipv6.chat \ --v4proxy matrix.ungleich.ch # Use the PROXY protocol to proxy the IPv6-only HTTP(S) services enabling # IPv4-only clients to access them while maintaining the client's IP address __haproxy_dualstack \ --protocol http --protocol https \ --v4proxy proxy:ipv6.chat:http=8080:https=591 \ --v4proxy proxy:matrix.ungleich.ch:http=8080:https=591 # Note however that the PROXY protocol is not compatible with regular # HTTP(S) protocols, so your nginx will have to listen on different ports # with the PROXY settings. # Note that you will need to restrict access to the 8080 port to prevent # Client IP spoofing. # This can be something like: # server { # # listen for regular HTTP connections # listen [::]:80 default_server; # listen 80 default_server; # # listen for PROXY HTTP connections # listen [::]:8080 proxy_protocol; # # Accept the Client's IP from the PROXY protocol # real_ip_header proxy_protocol; # } SEE ALSO -------- - https://www.haproxy.com/blog/enhanced-ssl-load-balancing-with-server-name-indication-sni-tls-extension/ - https://www.haproxy.com/blog/haproxy/proxy-protocol/ - https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/ AUTHORS ------- ungleich Evilham COPYING ------- Copyright \(C) 2021 ungleich glarus ag. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__haproxy_dualstack/manifest000066400000000000000000000066651427155744700230110ustar00rootroot00000000000000#!/bin/sh -eu __package haproxy require="__package/haproxy" __start_on_boot haproxy tmpdir="$__object/files" mkdir "$tmpdir" configtmp="$__object/files/haproxy.cfg" os=$(cat "$__global/explorer/os") case $os in freebsd) CONFIG_FILE="/usr/local/etc/haproxy.conf" cat < "$configtmp" global maxconn 4000 user nobody group nogroup daemon EOF ;; *) CONFIG_FILE="/etc/haproxy/haproxy.cfg" cat < "$configtmp" global log [::1] local2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon # turn on stats unix socket stats socket /var/lib/haproxy/stats EOF ;; esac cat <> "$configtmp" defaults retries 3 log global timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s EOF dig_cmd="$(command -v dig || true)" get_ip() { # Usage: get_ip (ipv4|ipv6) NAME # uses "dig" if available, else fallback to "host" case $1 in ipv4) if [ -n "${dig_cmd}" ]; then ${dig_cmd} +short A "$2" else host -t A "$2" | cut -d ' ' -f 4 | grep -v 'found:' fi ;; ipv6) if [ -n "${dig_cmd}" ]; then ${dig_cmd} +short AAAA "$2" else host -t AAAA "$2" | cut -d ' ' -f 5 | grep -v 'NXDOMAIN' fi ;; esac } PROTOCOLS="$(cat "$__object/parameter/protocol")" for proxy in v4proxy v6proxy; do param=$__object/parameter/$proxy # no backend? skip generating code if [ ! -f "$param" ]; then continue fi # turn backend name into bind parameter: v4backend -> ipv4@ bind=$(echo $proxy | sed -e 's/^/ip/' -e 's/proxy//') case $bind in ipv4) backendproto=ipv6 ;; ipv6) backendproto=ipv4 ;; esac for proto in ${PROTOCOLS}; do # Add protocol "header" printf "\n# %s %s \n" "${bind}" "${proto}" >> "$configtmp" sed -e "s/BIND/$bind/" \ -e "s/\(frontend[[:space:]].*\)/\1$bind/" \ -e "s/\(backend[[:space:]].*\)/\\1$bind/" \ "$__type/files/$proto" >> "$configtmp" while read -r hostdefinition; do if echo "$hostdefinition" | grep -qE '^proxy:'; then # Proxy protocol was requested host="$(echo "$hostdefinition" | sed -E 's/^proxy:([^:]+).*$/\1/')" send_proxy=" send-proxy" else # Just use tcp proxy mode host="$hostdefinition" send_proxy="" fi if echo "$hostdefinition" | grep -qE ":${proto}="; then # Use custom port definition if requested port="$(echo "$hostdefinition" | sed -E "s/^(.*:)?${proto}=([0-9]+).*$/:\2/")" else # Else use the default port="" fi servername=$host res=$(get_ip "$bind" "$servername") if [ -z "$res" ]; then echo "$servername does not resolve - aborting config" >&2 exit 1 fi # Treat protocols without TLS+SNI specially if [ "$proto" = http ]; then echo " use-server $servername if { hdr(host) -i $host }" >> "$configtmp" else echo " use-server $servername if { req_ssl_sni -i $host }" >> "$configtmp" fi # Create the "server" itself. # Note that port and send_proxy will be empty unless # they were requested by the type user echo " server $servername ${backendproto}@${host}${port}${send_proxy}" >> "$configtmp" done < "$param" done done # Create config file require="__package/haproxy" __file ${CONFIG_FILE} --source "$configtmp" --mode 0644 require="__file${CONFIG_FILE}" __check_messages "haproxy_reload" \ --pattern "^__file${CONFIG_FILE}" \ --execute "service haproxy reload || service haproxy restart" cdist/cdist/conf/type/__haproxy_dualstack/parameter/000077500000000000000000000000001427155744700232235ustar00rootroot00000000000000cdist/cdist/conf/type/__haproxy_dualstack/parameter/default/000077500000000000000000000000001427155744700246475ustar00rootroot00000000000000cdist/cdist/conf/type/__haproxy_dualstack/parameter/default/protocol000066400000000000000000000000271427155744700264320ustar00rootroot00000000000000http https imaps smtps cdist/cdist/conf/type/__haproxy_dualstack/parameter/optional_multiple000066400000000000000000000000311427155744700267000ustar00rootroot00000000000000protocol v4proxy v6proxy cdist/cdist/conf/type/__haproxy_dualstack/singleton000066400000000000000000000000001427155744700231560ustar00rootroot00000000000000cdist/cdist/conf/type/__hostname/000077500000000000000000000000001427155744700173345ustar00rootroot00000000000000cdist/cdist/conf/type/__hostname/explorer/000077500000000000000000000000001427155744700211745ustar00rootroot00000000000000cdist/cdist/conf/type/__hostname/explorer/has_hostnamectl000077500000000000000000000014431427155744700243000ustar00rootroot00000000000000#!/bin/sh # # 2014 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Check whether system has hostnamectl # command -v hostnamectl 2>/dev/null || true cdist/cdist/conf/type/__hostname/explorer/max_len000066400000000000000000000002611427155744700225410ustar00rootroot00000000000000#!/bin/sh -e command -v getconf >/dev/null || exit 0 val=$(getconf HOST_NAME_MAX 2>/dev/null) || exit 0 if test -n "${val}" -a "${val}" != 'undefined' then echo "${val}" fi cdist/cdist/conf/type/__hostname/gencode-remote000077500000000000000000000066261427155744700221710ustar00rootroot00000000000000#!/bin/sh -e # # 2014-2017 Steven Armstrong (steven-cdist at armstrong.cc) # 2014 Nico Schottelius (nico-cdist at schottelius.org) # 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # os=$(cat "${__global:?}/explorer/os") name_running=$(cat "${__global:?}/explorer/hostname") has_hostnamectl=$(cat "${__object:?}/explorer/has_hostnamectl") if test -s "${__object:?}/parameter/name" then name_should=$(cat "${__object:?}/parameter/name") else case ${os} in # RedHat-derivatives and BSDs (centos|fedora|redhat|scientific|freebsd|macosx|netbsd|openbsd) # Hostname is FQDN name_should=${__target_host:?} ;; (*) # Hostname is only first component of FQDN name_should=${__target_host:?} name_should=${name_should%%.*} ;; esac fi ################################################################################ # Check if the (running) hostname is already correct # test "${name_running}" != "${name_should}" || exit 0 ################################################################################ # Setup hostname # echo 'changed' >>"${__messages_out:?}" # Use the good old way to set the hostname. case ${os} in (alpine|debian|devuan|ubuntu) echo 'hostname -F /etc/hostname' ;; (archlinux) echo 'command -v hostnamectl >/dev/null 2>&1' \ "&& hostnamectl set-hostname '${name_should}'" \ "|| hostname '${name_should}'" ;; (centos|fedora|redhat|scientific|freebsd|netbsd|openbsd|gentoo|void) echo "hostname '${name_should}'" ;; (openwrt) echo "echo '${name_should}' >/proc/sys/kernel/hostname" ;; (macosx) echo "scutil --set HostName '${name_should}'" ;; (solaris) echo "uname -S '${name_should}'" ;; (slackware|suse) # We do not read from /etc/HOSTNAME, because the running # hostname is the first component only while the file contains # the FQDN. echo "hostname '${name_should}'" ;; (*) # Fall back to set the hostname using hostnamectl, if available. if test -n "${has_hostnamectl}" then # Don't use hostnamectl as the primary means to set the hostname for # systemd systems, because it cannot be trusted to work reliably and # exit with non-zero when it fails (e.g. hostname too long, # D-Bus failure, etc.). echo "hostnamectl set-hostname \"\$(cat /etc/hostname)\"" echo "test \"\$(hostname)\" = \"\$(cat /etc/hostname)\"" \ " || hostname -F /etc/hostname" else printf "echo 'Unsupported OS: %s' >&2\n" "${os}" printf 'exit 1\n' fi ;; esac cdist/cdist/conf/type/__hostname/man.rst000066400000000000000000000017711427155744700206470ustar00rootroot00000000000000cdist-type__hostname(7) ======================= NAME ---- cdist-type__hostname - Set the hostname DESCRIPTION ----------- Sets the hostname on various operating systems. **Tip:** For advice on choosing a hostname, see `RFC 1178 `_. REQUIRED PARAMETERS ------------------- None. OPTIONAL PARAMETERS ------------------- name The hostname to set. Defaults to the first segment of __target_host (${__target_host%%.*}) MESSAGES -------- changed Changed the hostname EXAMPLES -------- .. code-block:: sh # take hostname from __target_host __hostname # set hostname explicitly __hostname --name some-static-hostname AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2012 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__hostname/manifest000077500000000000000000000154431427155744700210770ustar00rootroot00000000000000#!/bin/sh -e # # 2012 Steven Armstrong (steven-cdist at armstrong.cc) # 2014 Nico Schottelius (nico-cdist at schottelius.org) # 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # set_hostname_systemd() { echo "$1" | __file /etc/hostname --source - } os=$(cat "${__global:?}/explorer/os") max_len=$(cat "${__object:?}/explorer/max_len") has_hostnamectl=$(cat "${__object:?}/explorer/has_hostnamectl") if test -s "${__object:?}/parameter/name" then name_should=$(cat "${__object:?}/parameter/name") else case ${os} in # RedHat-derivatives and BSDs (centos|fedora|redhat|scientific|freebsd|netbsd|openbsd|slackware|suse) # Hostname is FQDN name_should=${__target_host:?} ;; *) # Hostname is only first component of FQDN on all other systems. name_should=${__target_host:?} name_should=${name_should%%.*} ;; esac fi if test -n "${max_len}" && test "$(printf '%s' "${name_should}" | wc -c)" -gt "${max_len}" then printf "Host name too long. Up to %u characters allowed.\n" "${max_len}" >&2 exit 1 fi case ${os} in (alpine|debian|devuan|ubuntu|void) echo "${name_should}" | __file /etc/hostname --source - ;; (archlinux) if test -n "${has_hostnamectl}" then set_hostname_systemd "${name_should}" else echo 'Ancient ArchLinux variants without hostnamectl are not supported.' >&2 exit 1 # Only for ancient ArchLinux, write to /etc/rc.conf on pre-systemd # versions. There are some versions which use /etc/hostname but not # systemd. It is unclear which ones these are. # __key_value '/etc/rc.conf:HOSTNAME' \ # --file /etc/rc.conf \ # --delimiter '=' --exact_delimiter \ # --key 'HOSTNAME' \ # --value "\"$name_should\"" fi ;; (centos|fedora|redhat|scientific) if test -z "${has_hostnamectl}" then # Only write to /etc/sysconfig/network on non-systemd versions. # On systemd-based versions this entry is ignored. __key_value '/etc/sysconfig/network:HOSTNAME' \ --file /etc/sysconfig/network \ --delimiter '=' --exact_delimiter \ --key HOSTNAME \ --value "\"${name_should}\"" else set_hostname_systemd "${name_should}" fi ;; (gentoo) # Only write to /etc/conf.d/hostname on OpenRC-based installations. # On systemd use hostnamectl(1) in gencode-remote. if test -z "${has_hostnamectl}" then __key_value '/etc/conf.d/hostname:hostname' \ --file /etc/conf.d/hostname \ --delimiter '=' --exact_delimiter \ --key 'hostname' \ --value "\"${name_should}\"" else set_hostname_systemd "$name_should" fi ;; (freebsd) __key_value '/etc/rc.conf:hostname' \ --file /etc/rc.conf \ --delimiter '=' --exact_delimiter \ --key 'hostname' \ --value "\"${name_should}\"" ;; (macosx) # handled in gencode-remote ;; (netbsd) __key_value '/etc/rc.conf:hostname' \ --file /etc/rc.conf \ --delimiter '=' --exact_delimiter \ --key 'hostname' \ --value "\"${name_should}\"" # To avoid confusion, ensure that the hostname is only stored once. __file /etc/myname --state absent ;; (openbsd) echo "${name_should}" | __file /etc/myname --source - ;; (openwrt) __uci system.@system[0].hostname --value "${name_should}" # --transaction hostname ;; (slackware) # We write the FQDN into /etc/HOSTNAME. But /etc/rc.d/rc.M will only # read the first component from this file and set it as the running # hostname on boot. echo "${name_should}" | __file /etc/HOSTNAME --source - ;; (solaris) echo "${name_should}" | __file /etc/nodename --source - ;; (suse) if test -s "${__global:?}/explorer/os_release" then # shellcheck source=/dev/null os_version=$(. "${__global:?}/explorer/os_release" && echo "${VERSION}") else os_version=$(sed -n 's/^VERSION\ *=\ *//p' "${__global:?}/explorer/os_version") fi os_major=$(expr "${os_version}" : '\([0-9]\{1,\}\)') # Classic SuSE stores the FQDN in /etc/HOSTNAME, while # systemd does not. The running hostname is the first # component in both cases. # In versions before 15.x, the FQDN is stored in /etc/hostname. if test -n "${has_hostnamectl}" \ && test "${os_major}" -ge 15 \ && test "${os_major}" -ne 42 then # strip away everything but the first part from $name_should name_should=${name_should%%.*} fi # Modern SuSE provides /etc/HOSTNAME as a symlink for # backwards-compatibility. Unfortunately it cannot be used # here as __file does not follow the symlink. # Therefore, we use the presence of the hostnamectl binary as # an indication of which file to use. This unfortunately does # not work correctly on openSUSE 12.x which provides # hostnamectl but not /etc/hostname. if test -n "${has_hostnamectl}" -a "${os_major}" -gt 12 then hostname_file=/etc/hostname else hostname_file=/etc/HOSTNAME fi echo "${name_should}" | __file "${hostname_file}" --source - ;; (*) # On other operating systems we fall back to systemd's # hostnamectl if available… if test -n "${has_hostnamectl}" then set_hostname_systemd "${name_should}" else echo "Your operating system (${os}) is currently not supported by this type (${__type##*/})." >&2 echo "Please contribute an implementation for it if you can." >&2 exit 1 fi ;; esac cdist/cdist/conf/type/__hostname/parameter/000077500000000000000000000000001427155744700213145ustar00rootroot00000000000000cdist/cdist/conf/type/__hostname/parameter/optional000066400000000000000000000000051427155744700230570ustar00rootroot00000000000000name cdist/cdist/conf/type/__hostname/singleton000066400000000000000000000000001427155744700212470ustar00rootroot00000000000000cdist/cdist/conf/type/__hosts/000077500000000000000000000000001427155744700166565ustar00rootroot00000000000000cdist/cdist/conf/type/__hosts/man.rst000066400000000000000000000027511427155744700201700ustar00rootroot00000000000000cdist-type__hosts(7) ==================== NAME ---- cdist-type__hosts - manage entries in /etc/hosts DESCRIPTION ----------- Add or remove entries from */etc/hosts* file. OPTIONAL PARAMETERS ------------------- state If state is ``present``, make *object_id* resolve to *ip*. If state is ``absent``, *object_id* will no longer resolve via */etc/hosts*, if it was previously configured with this type. Manually inserted entries are unaffected. ip IP address, to which hostname (=\ *object_id*) must resolve. If state is ``present``, this parameter is mandatory, if state is ``absent``, this parameter is silently ignored. alias An alias for the hostname. This parameter can be specified multiple times (once per alias). EXAMPLES -------- .. code-block:: sh # Now `funny' resolves to 192.168.1.76, __hosts funny --ip 192.168.1.76 # and `happy' no longer resolve via /etc/hosts if it was # previously configured via __hosts. __hosts happy --state absent __hosts srv1.example.com --ip 192.168.0.42 --alias srv1 SEE ALSO -------- :strong:`hosts`\ (5) AUTHORS ------- | Dmitry Bogatov | Dennis Camera COPYING ------- Copyright \(C) 2015-2016 Dmitry Bogatov, 2019 Dennis Camera. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__hosts/manifest000077500000000000000000000024721427155744700204170ustar00rootroot00000000000000#!/bin/sh -e # # Copyright (C) 2015 Bogatov Dmitry # 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # set -e hostname=$__object_id state=$(cat "${__object}/parameter/state") marker="# __hosts/${hostname}" if test "${state}" != 'absent' then ip=$(cat "${__object}/parameter/ip") if test -s "${__object}/parameter/alias" then aliases=$(while read -r a; do printf '\t%s' "$a"; done <"$__object/parameter/alias") fi set -- --line "$(printf '%s\t%s%s %s' \ "${ip}" "${hostname}" "${aliases}" "${marker}")" else set -- --regex "$(echo "${marker}" | sed -e 's/\./\\./')$" fi __line "/etc/hosts:${hostname}" --file /etc/hosts --state "${state}" "$@" cdist/cdist/conf/type/__hosts/parameter/000077500000000000000000000000001427155744700206365ustar00rootroot00000000000000cdist/cdist/conf/type/__hosts/parameter/default/000077500000000000000000000000001427155744700222625ustar00rootroot00000000000000cdist/cdist/conf/type/__hosts/parameter/default/state000066400000000000000000000000101427155744700233140ustar00rootroot00000000000000present cdist/cdist/conf/type/__hosts/parameter/optional000066400000000000000000000000111427155744700223760ustar00rootroot00000000000000state ip cdist/cdist/conf/type/__hosts/parameter/optional_multiple000066400000000000000000000000061427155744700243150ustar00rootroot00000000000000alias cdist/cdist/conf/type/__hwclock/000077500000000000000000000000001427155744700171505ustar00rootroot00000000000000cdist/cdist/conf/type/__hwclock/explorer/000077500000000000000000000000001427155744700210105ustar00rootroot00000000000000cdist/cdist/conf/type/__hwclock/explorer/adjtime_mode000077500000000000000000000017241427155744700233630ustar00rootroot00000000000000#!/bin/sh -e # # 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # Prints the clock mode read from the /etc/adjtime file, if present. # # not all operating systems use an adjfile test -f /etc/adjtime || exit 0 # 3rd line is clock mode # adjtime(5) https://man7.org/linux/man-pages/man5/adjtime.5.html sed -n 3p /etc/adjtime cdist/cdist/conf/type/__hwclock/explorer/timedatectl_localrtc000077500000000000000000000020031427155744700251130ustar00rootroot00000000000000#!/bin/sh -e # # 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # Prints the LocalRTC property using timedatectl on systemd-based systems. # command -v timedatectl >/dev/null 2>&1 || exit 0 # NOTE: Older versions of timedatectl do not support `timedatectl show' timedatectl --no-pager status \ | awk -F': ' '$1 ~ "RTC in local TZ$" { sub(/[ \t]*$/, "", $2); print $2 }' cdist/cdist/conf/type/__hwclock/gencode-remote000077500000000000000000000033651427155744700220020ustar00rootroot00000000000000#!/bin/sh -e # # 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # mode=$(cat "${__object:?}/parameter/mode") timedatectl_localrtc=$(cat "${__object:?}/explorer/timedatectl_localrtc") adjtime_mode=$(cat "${__object:?}/explorer/adjtime_mode") case ${mode} in (localtime) adjtime_str=LOCAL local_rtc_str=yes ;; (UTC|utc) adjtime_str=UTC local_rtc_str=no ;; (*) printf 'Invalid value for --mode: %s\n' "${mode}" >&2 printf 'Acceptable values are: localtime, utc.\n' >&2 exit 1 esac if test -n "${timedatectl_localrtc}" then # systemd timedatectl_should=${local_rtc_str} if test "${timedatectl_localrtc}" != "${timedatectl_should}" then printf 'timedatectl set-local-rtc %s\n' "${timedatectl_should}" fi elif test -n "${adjtime_mode}" then # others (update /etc/adjtime if present) if test "${adjtime_mode}" != "${adjtime_str}" then # Update /etc/adjtime (3rd line is clock mode) # adjtime(5) https://man7.org/linux/man-pages/man5/adjtime.5.html # FIXME: Should maybe add third line if adjfile only contains two lines printf "sed -i '3c\\\\\\n%s\\n' /etc/adjtime\\n" "${adjtime_str}" fi fi cdist/cdist/conf/type/__hwclock/man.rst000066400000000000000000000021611427155744700204550ustar00rootroot00000000000000cdist-type__hwclock(7) ====================== NAME ---- cdist-type__hwclock - Manage the hardware real time clock. DESCRIPTION ----------- This type can be used to control how the hardware clock is used by the operating system. REQUIRED PARAMETERS ------------------- mode What mode the hardware clock is in. Acceptable values: localtime The hardware clock is set to local time (common for systems also running Windows.) UTC The hardware clock is set to UTC (common on UNIX systems.) OPTIONAL PARAMETERS ------------------- None. BOOLEAN PARAMETERS ------------------ None. EXAMPLES -------- .. code-block:: sh # Make the operating system treat the time read from the hwclock as UTC. __hwclock --mode UTC SEE ALSO -------- :strong:`hwclock`\ (8) AUTHORS ------- Dennis Camera COPYING ------- Copyright \(C) 2020 Dennis Camera. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__hwclock/manifest000077500000000000000000000145341427155744700207130ustar00rootroot00000000000000#!/bin/sh -e # # 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # TODO: Consider supporting BADYEAR os=$(cat "${__global:?}/explorer/os") mode=$(cat "${__object:?}/parameter/mode") has_systemd_timedatectl=$(test -s "${__object:?}/explorer/timedatectl_localrtc" && echo true || echo false) case ${mode} in (localtime) local_clock=true ;; (UTC|utc) local_clock=false ;; (*) printf 'Invalid value for --mode: %s\n' "${mode}" >&2 printf 'Acceptable values are: UTC, localtime.\n' >&2 exit 1 esac case ${os} in (alpine|gentoo) if ! $has_systemd_timedatectl then # NOTE: Gentoo also supports systemd, in which case /etc/conf.d is # not used. So we check for systemd presence here and only # update /etc/conf.d if systemd is not installed. # https://wiki.gentoo.org/wiki/System_time#Hardware_clock export CDIST_ORDER_DEPENDENCY=true __file /etc/conf.d/hwclock --state present \ --owner root --group root --mode 0644 __key_value /etc/conf.d/hwclock:clock \ --file /etc/conf.d/hwclock \ --key clock \ --delimiter '=' --exact_delimiter \ --value "\"$($local_clock && echo local || echo UTC)\"" unset CDIST_ORDER_DEPENDENCY fi ;; (centos|fedora|redhat|scientific) os_version=$(cat "${__global:?}/explorer/os_version") os_major=$(expr "${os_version}" : '.* release \([0-9]*\)') case ${os} in (centos|scientific) update_sysconfig=$(test "${os_major}" -lt 6 && echo true || echo false) ;; (fedora) update_sysconfig=$(test "${os_major}" -lt 10 && echo true || echo false) ;; (redhat|*) case ${os_version} in ('Red Hat Enterprise Linux'*) update_sysconfig=$(test "${os_major}" -lt 6 && echo true || echo false) ;; ('Red Hat Linux'*) update_sysconfig=true ;; (*) printf 'Could not determine Red Hat distribution.\n' >&2 printf "Please contribute an implementation for it if you can.\n" >&2 exit 1 ;; esac ;; esac if ${update_sysconfig:?} then export CDIST_ORDER_DEPENDENCY=true __file /etc/sysconfig/clock --state present \ --owner root --group root --mode 0644 __key_value /etc/sysconfig/clock:UTC \ --file /etc/sysconfig/clock \ --key UTC \ --delimiter '=' --exact_delimiter \ --value "$($local_clock && echo false || echo true)" unset CDIST_ORDER_DEPENDENCY fi ;; (debian|devuan|ubuntu) os_major=$(sed 's/[^0-9].*$//' "${__global:?}/explorer/os_version") case ${os} in (debian) if test "${os_major}" -ge 7 then update_rcS=false elif test "${os_major}" -ge 3 then update_rcS=true else # Debian 2.2 should be supportable using rcS. # Debian 2.1 uses the ancient GMT key. # Debian 1.3 does not have rcS. printf "Your operating system (Debian %s) is currently not supported by this type (%s)\n" \ "$(cat "${__global:?}/explorer/os_version")" "${__type##*/}" >&2 printf "Please contribute an implementation for it if you can.\n" >&2 exit 1 fi ;; (devuan) update_rcS=false ;; (ubuntu) update_rcS=$(test "${os_major}" -lt 16 && echo true || echo false) ;; esac if ${update_rcS} then export CDIST_ORDER_DEPENDENCY=true __file /etc/default/rcS --state present \ --owner root --group root --mode 0644 __key_value /etc/default/rcS:UTC \ --file /etc/default/rcS \ --key UTC \ --delimiter '=' --exact_delimiter \ --value "$($local_clock && echo no || echo yes)" unset CDIST_ORDER_DEPENDENCY fi ;; (freebsd) # cf. adjkerntz(8) __file /etc/wall_cmos_clock \ --state "$($local_clock && echo present || echo absent)" \ --owner root --group wheel --mode 0444 ;; (netbsd) # https://wiki.netbsd.org/guide/boot/#index9h2 __key_value /etc/rc.conf:rtclocaltime \ --file /etc/rc.conf \ --key rtclocaltime \ --delimiter '=' --exact_delimiter \ --value "$($local_clock && echo YES || echo NO)" ;; (slackware) __file /etc/hardwareclock --owner root --group root --mode 0644 \ --source - <<-EOF # /etc/hardwareclock # # Tells how the hardware clock time is stored. # This file is managed by cdist. $($local_clock && echo localtime || echo UTC) EOF ;; (suse) if test -s "${__global:?}/explorer/os_release" then # shellcheck source=/dev/null os_version=$(. "${__global:?}/explorer/os_release" && echo "${VERSION}") else os_version=$(sed -n 's/^VERSION\ *=\ *//p' "${__global:?}/explorer/os_version") fi os_major=$(expr "${os_version}" : '\([0-9]\{1,\}\)') # TODO: Consider using `yast2 timezone set hwclock' instead if expr "${os_major}" \< 12 then # Starting with SuSE 12 (first systemd-based version) # /etc/sysconfig/clock does not contain the HWCLOCK line # anymore. # With SuSE 13, it has been reduced to TIMEZONE configuration. __key_value /etc/sysconfig/clock:HWCLOCK \ --file /etc/sysconfig/clock \ --delimiter '=' --exact_delimiter \ --key HWCLOCK \ --value "$($local_clock && echo '"--localtime"' || echo '"-u"')" fi ;; (void) export CDIST_ORDER_DEPENDENCY=true __file /etc/rc.conf \ --owner root --group root --mode 0644 \ --state present __key_value /etc/rc.conf:HARDWARECLOCK \ --file /etc/rc.conf \ --delimiter '=' --exact_delimiter \ --key HARDWARECLOCK \ --value "\"$($local_clock && echo localtime || echo UTC)\"" unset CDIST_ORDER_DEPENDENCY ;; (*) if ! $has_systemd_timedatectl then printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2 printf "Please contribute an implementation for it if you can.\n" >&2 exit 1 fi ;; esac # NOTE: timedatectl set-local-rtc for systemd is in gencode-remote # NOTE: /etc/adjtime is also updated in gencode-remote cdist/cdist/conf/type/__hwclock/parameter/000077500000000000000000000000001427155744700211305ustar00rootroot00000000000000cdist/cdist/conf/type/__hwclock/parameter/required000066400000000000000000000000051427155744700226660ustar00rootroot00000000000000mode cdist/cdist/conf/type/__hwclock/singleton000066400000000000000000000000001427155744700210630ustar00rootroot00000000000000cdist/cdist/conf/type/__install_bootloader_grub/000077500000000000000000000000001427155744700224155ustar00rootroot00000000000000cdist/cdist/conf/type/__install_bootloader_grub/explorer/000077500000000000000000000000001427155744700242555ustar00rootroot00000000000000cdist/cdist/conf/type/__install_bootloader_grub/explorer/target_os000077500000000000000000000042701427155744700261750ustar00rootroot00000000000000#!/bin/sh # # 2010-2011 Nico Schottelius (nico-cdist at schottelius.org) # 2014 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # All os variables are lower case. Keep this file in alphabetical # order by os variable except in cases where order otherwise matters, # in which case keep the primary os and its derivatives together in # a block (see Debian and Redhat examples below). # chroot="$(cat "$__object/parameter/chroot")" if grep -q ^Amazon "$chroot/etc/system-release" 2>/dev/null; then echo amazon exit 0 fi if [ -f "$chroot/etc/arch-release" ]; then echo archlinux exit 0 fi if [ -f "$chroot/etc/cdist-preos" ]; then echo cdist-preos exit 0 fi ### Debian and derivatives if grep -q ^DISTRIB_ID=Ubuntu "$chroot/etc/lsb-release" 2>/dev/null; then echo ubuntu exit 0 fi if [ -f "$chroot/etc/debian_version" ]; then echo debian exit 0 fi ### if [ -f "$chroot/etc/gentoo-release" ]; then echo gentoo exit 0 fi if [ -f "$chroot/etc/openwrt_version" ]; then echo openwrt exit 0 fi if [ -f "$chroot/etc/owl-release" ]; then echo owl exit 0 fi ### Redhat and derivatives if grep -q ^CentOS "$chroot/etc/redhat-release" 2>/dev/null; then echo centos exit 0 fi if grep -q ^Fedora "$chroot/etc/redhat-release" 2>/dev/null; then echo fedora exit 0 fi if [ -f "$chroot/etc/redhat-release" ]; then echo redhat exit 0 fi ### if [ -f "$chroot/etc/SuSE-release" ]; then echo suse exit 0 fi if [ -f "$chroot/etc/slackware-version" ]; then echo slackware exit 0 fi echo "Unknown OS" >&2 exit 1 cdist/cdist/conf/type/__install_bootloader_grub/gencode-remote000077500000000000000000000063671427155744700252540ustar00rootroot00000000000000#!/bin/sh -e # # 2011-2015 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # device="$(cat "$__object/parameter/device" 2>/dev/null || echo "/$__object_id")" chroot="$(cat "$__object/parameter/chroot")" target_os=$(cat "$__object/explorer/target_os") mkdir "$__object/files" install_script="$__object/files/install_script" # Link file descriptor #6 with stdout exec 6>&1 # Link stdout with $install_script exec > "$install_script" # Generate script to install bootloader on distro printf '#!/bin/sh -l\n' case "$target_os" in ubuntu|debian) if [ -s "$__global/explorer/efi" ]; then # FIXME: untested. maybe also just run update-grub for EFI system? printf 'grub-mkconfig --output=/boot/efi/EFI/%s/grub.cfg\n' "$target_os" printf 'mkdir -p /boot/efi/EFI/BOOT\n' printf 'cp /boot/efi/EFI/%s/grubx64.efi /boot/efi/EFI/BOOT/bootx64.efi' "$target_os" else printf 'grub-install "%s"\n' "$device" printf 'update-grub\n' fi ;; archlinux) if [ -s "$__global/explorer/efi" ]; then echo "EFI boot loader installation is on your operating system ($target_os) is currently not supported by this type (${__type##*/})." >&2 echo "Please contribute an implementation for it if you can." >&2 exit 1 else printf 'grub-install "%s"\n' "$device" # bugfix/workarround: rebuild initramfs # FIXME: doesn't belong here printf 'mkinitcpio -p linux\n' printf 'grub-mkconfig -o /boot/grub/grub.cfg\n' fi ;; centos) if [ -s "$__global/explorer/efi" ]; then printf 'grub2-mkconfig --output=/boot/efi/EFI/%s/grub.cfg\n' "$target_os" printf 'mkdir -p /boot/efi/EFI/BOOT\n' printf 'cp /boot/efi/EFI/%s/grubx64.efi /boot/efi/EFI/BOOT/bootx64.efi' "$target_os" else printf 'grub2-install "%s"\n' "$device" printf 'grub2-mkconfig --output=/boot/grub2/grub.cfg\n' fi ;; *) echo "Your operating system ($target_os) is currently not supported by this type (${__type##*/})." >&2 echo "If you can, please contribute an implementation for it." >&2 exit 1 ;; esac # Restore stdout and close file descriptor #6. exec 1>&6 6>&- cat << DONE # Ensure /tmp exists [ -d "${chroot}/tmp" ] || mkdir -m 1777 "${chroot}/tmp" # Generate script to run in chroot script=\$(mktemp "${chroot}/tmp/${__type##*/}.XXXXXXXXXX") cat > \$script << script_DONE $(cat "$install_script") script_DONE # Make script executable chmod +x "\$script" # Run script in chroot relative_script="\${script#$chroot}" chroot "$chroot" "\$relative_script" rm -rf \$script DONE cdist/cdist/conf/type/__install_bootloader_grub/install000066400000000000000000000000001427155744700237740ustar00rootroot00000000000000cdist/cdist/conf/type/__install_bootloader_grub/man.rst000066400000000000000000000017041427155744700237240ustar00rootroot00000000000000cdist-type__install_bootloader_grub(7) ====================================== NAME ---- cdist-type__install_bootloader_grub - install grub2 bootloader on given disk DESCRIPTION ----------- This cdist type allows you to install grub2 bootloader on given disk. REQUIRED PARAMETERS ------------------- None OPTIONAL PARAMETERS ------------------- device The device to install grub to. Defaults to object_id chroot where to chroot before running grub-install. Defaults to /target. EXAMPLES -------- .. code-block:: sh __install_bootloader_grub /dev/sda __install_bootloader_grub /dev/sda --chroot /mnt/foobar AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2011 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__install_bootloader_grub/parameter/000077500000000000000000000000001427155744700243755ustar00rootroot00000000000000cdist/cdist/conf/type/__install_bootloader_grub/parameter/default/000077500000000000000000000000001427155744700260215ustar00rootroot00000000000000cdist/cdist/conf/type/__install_bootloader_grub/parameter/default/chroot000066400000000000000000000000101427155744700272310ustar00rootroot00000000000000/target cdist/cdist/conf/type/__install_bootloader_grub/parameter/optional000066400000000000000000000000161427155744700261420ustar00rootroot00000000000000device chroot cdist/cdist/conf/type/__install_chroot_mount/000077500000000000000000000000001427155744700217645ustar00rootroot00000000000000cdist/cdist/conf/type/__install_chroot_mount/gencode-local000077700000000000000000000000001427155744700322462../__chroot_mount/gencode-localustar00rootroot00000000000000cdist/cdist/conf/type/__install_chroot_mount/gencode-remote000077700000000000000000000000001427155744700326502../__chroot_mount/gencode-remoteustar00rootroot00000000000000cdist/cdist/conf/type/__install_chroot_mount/install000066400000000000000000000000001427155744700233430ustar00rootroot00000000000000cdist/cdist/conf/type/__install_chroot_mount/man.rst000066400000000000000000000013551427155744700232750ustar00rootroot00000000000000cdist-type__install_chroot_mount(7) =================================== NAME ---- cdist-type__install_chroot_mount - mount a chroot with install command DESCRIPTION ----------- Mount and prepare a chroot for running commands within it. REQUIRED PARAMETERS ------------------- None OPTIONAL PARAMETERS ------------------- None EXAMPLES -------- .. code-block:: sh __install_chroot_mount /path/to/chroot AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2012 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__install_chroot_mount/parameter000077700000000000000000000000001427155744700310162../__chroot_mount/parameterustar00rootroot00000000000000cdist/cdist/conf/type/__install_chroot_umount/000077500000000000000000000000001427155744700221515ustar00rootroot00000000000000cdist/cdist/conf/type/__install_chroot_umount/gencode-remote000077700000000000000000000000001427155744700332222../__chroot_umount/gencode-remoteustar00rootroot00000000000000cdist/cdist/conf/type/__install_chroot_umount/install000066400000000000000000000000001427155744700235300ustar00rootroot00000000000000cdist/cdist/conf/type/__install_chroot_umount/man.rst000066400000000000000000000014571427155744700234650ustar00rootroot00000000000000cdist-type__install_chroot_umount(7) ==================================== NAME ---- cdist-type__install_chroot_umount - unmount a chroot mounted by __install_chroot_mount DESCRIPTION ----------- Undo what __install_chroot_mount did. REQUIRED PARAMETERS ------------------- None OPTIONAL PARAMETERS ------------------- None EXAMPLES -------- .. code-block:: sh __install_chroot_umount /path/to/chroot SEE ALSO -------- :strong:`cdist-type__install_chroot_mount`\ (7) AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2012 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__install_chroot_umount/manifest000077700000000000000000000000001427155744700310442../__chroot_umount/manifestustar00rootroot00000000000000cdist/cdist/conf/type/__install_chroot_umount/parameter000077700000000000000000000000001427155744700313702../__chroot_umount/parameterustar00rootroot00000000000000cdist/cdist/conf/type/__install_config/000077500000000000000000000000001427155744700205115ustar00rootroot00000000000000cdist/cdist/conf/type/__install_config/files/000077500000000000000000000000001427155744700216135ustar00rootroot00000000000000cdist/cdist/conf/type/__install_config/files/remote/000077500000000000000000000000001427155744700231065ustar00rootroot00000000000000cdist/cdist/conf/type/__install_config/files/remote/copy000077500000000000000000000025151427155744700240110ustar00rootroot00000000000000#!/bin/sh -e # # 2011-2017 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # __remote_copy script to run cdist against a chroot on a remote host via ssh. # # Usage: # __remote_copy="/path/to/this/script /path/to/your/chroot" cdist config target-id # log() { #echo "$@" | logger -t "__install_config copy" : } chroot="$1"; shift target_host="$__target_host" # postfix target_host with chroot location code="$(echo "$@" | sed "s|$target_host:|$target_host:$chroot|g")" log "target_host: $target_host" log "chroot: $chroot" log "@: $*" log "code: $code" # copy files into chroot # __default_remote_copy and code should be split # shellcheck disable=SC2086 $__default_remote_copy $code log "-----" cdist/cdist/conf/type/__install_config/files/remote/exec000077500000000000000000000027341427155744700237660ustar00rootroot00000000000000#!/bin/sh -e # # 2011-2017 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # __remote_exec script to run cdist against a chroot on a remote host via ssh. # # Usage: # __remote_exec="/path/to/this/script /path/to/your/chroot" cdist config target-id # log() { #echo "$@" | logger -t "__install_config exec" : } chroot="$1"; shift target_host="$__target_host" # In exec mode the first argument is the __target_host which we already got from env. Get rid of it. shift # escape ' with '"'"' code="$(echo "$@" | sed -e "s/'/'\"'\"'/g")" # shellcheck disable=SC2089 code="chroot $chroot sh -e -c '$code'" log "target_host: $target_host" log "chroot: $chroot" log "@: $*" log "code: $code" # Run the code # __default_remote_exec and code should be split # shellcheck disable=SC2086,SC2090 $__default_remote_exec "$target_host" $code log "-----" cdist/cdist/conf/type/__install_config/gencode-local000077500000000000000000000022031427155744700231300ustar00rootroot00000000000000#!/bin/sh -e # # 2011-2018 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # chroot="$(cat "$__object/parameter/chroot")" remote_exec="$__type/files/remote/exec" remote_copy="$__type/files/remote/copy" cat << DONE export __cdist_install_config=yes export __cdist_log_level=$__cdist_log_level export __default_remote_exec="$__remote_exec" export __default_remote_copy="$__remote_copy" cdist config \ --remote-exec="$remote_exec $chroot" \ --remote-copy="$remote_copy $chroot" \ $__target_host DONE cdist/cdist/conf/type/__install_config/install000066400000000000000000000000001427155744700220700ustar00rootroot00000000000000cdist/cdist/conf/type/__install_config/man.rst000066400000000000000000000017261427155744700220240ustar00rootroot00000000000000cdist-type__install_config(7) ============================= NAME ---- cdist-type__install_config - run cdist config as part of the installation DESCRIPTION ----------- This cdist type allows you to run cdist config as part of the installation. It does this by using a custom __remote_{copy,exec} prefix which runs cdist config against the /target chroot on the remote host. REQUIRED PARAMETERS ------------------- None OPTIONAL PARAMETERS ------------------- chroot where to chroot before running grub-install. Defaults to /target. EXAMPLES -------- .. code-block:: sh __install_config __install_config --chroot /mnt/somewhere AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2011 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__install_config/parameter/000077500000000000000000000000001427155744700224715ustar00rootroot00000000000000cdist/cdist/conf/type/__install_config/parameter/default/000077500000000000000000000000001427155744700241155ustar00rootroot00000000000000cdist/cdist/conf/type/__install_config/parameter/default/chroot000066400000000000000000000000101427155744700253250ustar00rootroot00000000000000/target cdist/cdist/conf/type/__install_config/parameter/optional000066400000000000000000000000071427155744700242360ustar00rootroot00000000000000chroot cdist/cdist/conf/type/__install_config/singleton000066400000000000000000000000001427155744700224240ustar00rootroot00000000000000cdist/cdist/conf/type/__install_coreos/000077500000000000000000000000001427155744700205365ustar00rootroot00000000000000cdist/cdist/conf/type/__install_coreos/gencode-remote000077500000000000000000000005761427155744700233710ustar00rootroot00000000000000#!/bin/sh -e device=$(cat "${__object:?}/parameter/device") ignition=$(cat "${__object}/parameter/ignition") cat < "\${ignition_file}" << eof $(base64 "${ignition}") eof coreos-install -d "${device}" \ \$(if [ -s "\${ignition_file}" ]; then printf -- "-i \${ignition_file}\\n" fi) rm "\${ignition_file}" EOF cdist/cdist/conf/type/__install_coreos/install000066400000000000000000000000001427155744700221150ustar00rootroot00000000000000cdist/cdist/conf/type/__install_coreos/man.rst000066400000000000000000000017201427155744700220430ustar00rootroot00000000000000cdist-type__install_coreos(7) ============================= NAME ---- cdist-type__install_coreos - Install CoreOS DESCRIPTION ----------- This type installs CoreOS to a given device using coreos-install_, which is present in CoreOS ISO by default. .. _coreos-install: https://raw.githubusercontent.com/coreos/init/master/bin/coreos-install REQUIRED PARAMETERS ------------------- device A device CoreOS will be installed to. OPTIONAL PARAMETERS ------------------- ignition Path to ignition config. EXAMPLES -------- .. code-block:: sh __install_coreos \ --device /dev/sda \ --ignition ignition.json AUTHORS ------- Ľubomír KuÄera COPYING ------- Copyright \(C) 2018 Ľubomír KuÄera. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__install_coreos/parameter/000077500000000000000000000000001427155744700225165ustar00rootroot00000000000000cdist/cdist/conf/type/__install_coreos/parameter/default/000077500000000000000000000000001427155744700241425ustar00rootroot00000000000000cdist/cdist/conf/type/__install_coreos/parameter/default/ignition000066400000000000000000000000001427155744700256730ustar00rootroot00000000000000cdist/cdist/conf/type/__install_coreos/parameter/optional000066400000000000000000000000111427155744700242560ustar00rootroot00000000000000ignition cdist/cdist/conf/type/__install_coreos/parameter/required000066400000000000000000000000071427155744700242560ustar00rootroot00000000000000device cdist/cdist/conf/type/__install_coreos/singleton000066400000000000000000000000001427155744700224510ustar00rootroot00000000000000cdist/cdist/conf/type/__install_directory/000077500000000000000000000000001427155744700212505ustar00rootroot00000000000000cdist/cdist/conf/type/__install_directory/explorer000077700000000000000000000000001427155744700273262../__directory/explorerustar00rootroot00000000000000cdist/cdist/conf/type/__install_directory/gencode-remote000077700000000000000000000000001427155744700314202../__directory/gencode-remoteustar00rootroot00000000000000cdist/cdist/conf/type/__install_directory/install000066400000000000000000000000001427155744700226270ustar00rootroot00000000000000cdist/cdist/conf/type/__install_directory/man.rst000066400000000000000000000043631427155744700225630ustar00rootroot00000000000000cdist-type__install_directory(7) ================================ NAME ---- cdist-type__install_directory - Manage a directory with install command DESCRIPTION ----------- This cdist type allows you to create or remove directories on the target. REQUIRED PARAMETERS ------------------- None. OPTIONAL PARAMETERS ------------------- state 'present' or 'absent', defaults to 'present' group Group to chgrp to. mode Unix permissions, suitable for chmod. owner User to chown to. BOOLEAN PARAMETERS ------------------ parents Whether to create parents as well (mkdir -p behaviour). Warning: all intermediate directory permissions default to whatever mkdir -p does. Usually this means root:root, 0700. recursive If supplied the chgrp and chown call will run recursively. This does *not* influence the behaviour of chmod. MESSAGES -------- chgrp Changed group membership chown Changed owner chmod Changed mode create Empty directory was created remove Directory exists, but state is absent, directory will be removed by generated code. remove non directory Something other than a directory with the same name exists and was removed prior to create. EXAMPLES -------- .. code-block:: sh # A silly example __install_directory /tmp/foobar # Remove a directory __install_directory /tmp/foobar --state absent # Ensure /etc exists correctly __install_directory /etc --owner root --group root --mode 0755 # Create nfs service directory, including parents __install_directory /home/services/nfs --parents # Change permissions recursively __install_directory /home/services --recursive --owner root --group root # Setup a temp directory __install_directory /local --mode 1777 # Take it all __install_directory /home/services/kvm --recursive --parents \ --owner root --group root --mode 0755 --state present AUTHORS ------- Nico Schottelius COPYING ------- Copyright \(C) 2011 Nico Schottelius. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__install_directory/parameter000077700000000000000000000000001427155744700275662../__directory/parameterustar00rootroot00000000000000cdist/cdist/conf/type/__install_file/000077500000000000000000000000001427155744700201635ustar00rootroot00000000000000cdist/cdist/conf/type/__install_file/explorer000077700000000000000000000000001427155744700251542../__file/explorerustar00rootroot00000000000000cdist/cdist/conf/type/__install_file/gencode-local000077700000000000000000000000001427155744700266442../__file/gencode-localustar00rootroot00000000000000cdist/cdist/conf/type/__install_file/gencode-remote000077700000000000000000000000001427155744700272462../__file/gencode-remoteustar00rootroot00000000000000cdist/cdist/conf/type/__install_file/install000066400000000000000000000000001427155744700215420ustar00rootroot00000000000000cdist/cdist/conf/type/__install_file/man.rst000066400000000000000000000063111427155744700214710ustar00rootroot00000000000000cdist-type__install_file(7) =========================== NAME ---- cdist-type__install_file - Manage files with install command. DESCRIPTION ----------- This cdist type allows you to create files, remove files and set file attributes on the target. If the file already exists on the target, then if it is a: regular file, and state is: present replace it with the source file if they are not equal exists do nothing symlink replace it with the source file directory replace it with the source file One exception is that when state is pre-exists, an error is raised if the file would have been created otherwise (e.g. it is not present or not a regular file). In any case, make sure that the file attributes are as specified. REQUIRED PARAMETERS ------------------- None. OPTIONAL PARAMETERS ------------------- state 'present', 'absent', 'exists' or 'pre-exists', defaults to 'present' where: present the file is exactly the one from source absent the file does not exist exists the file from source but only if it doesn't already exist pre-exists check that the file exists and is a regular file, but do not create or modify it group Group to chgrp to. mode Unix permissions, suitable for chmod. owner User to chown to. source If supplied, copy this file from the host running cdist to the target. If not supplied, an empty file or directory will be created. If source is '-' (dash), take what was written to stdin as the file content. onchange The code to run if file is modified. MESSAGES -------- chgrp Changed group membership chown Changed owner chmod Changed mode create Empty file was created (no --source specified) remove File exists, but state is absent, file will be removed by generated code. upload File was uploaded EXAMPLES -------- .. code-block:: sh # Create /etc/cdist-configured as an empty file __install_file /etc/cdist-configured # The same thing __install_file /etc/cdist-configured --state present # Use __file from another type __install_file /etc/issue --source "$__type/files/archlinux" --state present # Delete existing file __install_file /etc/cdist-configured --state absent # Supply some more settings __install_file /etc/shadow --source "$__type/files/shadow" \ --owner root --group shadow --mode 0640 \ --state present # Provide a default file, but let the user change it __install_file /home/frodo/.bashrc --source "/etc/skel/.bashrc" \ --state exists \ --owner frodo --mode 0600 # Check that the file is present, show an error when it is not __install_file /etc/somefile --state pre-exists # Take file content from stdin __install_file /tmp/whatever --owner root --group root --mode 644 --source - << DONE Here goes the content for /tmp/whatever DONE AUTHORS ------- Nico Schottelius COPYING ------- Copyright \(C) 2011-2013 Nico Schottelius. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__install_file/parameter000077700000000000000000000000001427155744700254142../__file/parameterustar00rootroot00000000000000cdist/cdist/conf/type/__install_fstab/000077500000000000000000000000001427155744700203435ustar00rootroot00000000000000cdist/cdist/conf/type/__install_fstab/install000066400000000000000000000000001427155744700217220ustar00rootroot00000000000000cdist/cdist/conf/type/__install_fstab/man.rst000066400000000000000000000017621427155744700216560ustar00rootroot00000000000000cdist-type__install_fstab(7) ============================ NAME ---- cdist-type__install_fstab - generate /etc/fstab during installation DESCRIPTION ----------- Uses __install_generate_fstab to generate a /etc/fstab file and uploads it to the target machine at ${prefix}/etc/fstab. REQUIRED PARAMETERS ------------------- None OPTIONAL PARAMETERS ------------------- prefix The prefix under which to generate the /etc/fstab file. Defaults to /target. EXAMPLES -------- .. code-block:: sh __install_fstab __install_fstab --prefix /mnt/target SEE ALSO -------- :strong:`cdist-type__install_generate_fstab`\ (7), :strong:`cdist-type__install_mount`\ (7) AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2011 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__install_fstab/manifest000077500000000000000000000021001427155744700220700ustar00rootroot00000000000000#!/bin/sh -e # # 2011 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # prefix="$(cat "$__object/parameter/prefix" 2>/dev/null || echo "/target")" [ -d "$__object/files" ] || mkdir "$__object/files" __install_generate_fstab --uuid --destination "$__object/files/fstab" require="__install_generate_fstab" \ __install_file "${prefix}/etc/fstab" --source "$__object/files/fstab" \ --mode 644 \ --owner root \ --group root cdist/cdist/conf/type/__install_fstab/parameter/000077500000000000000000000000001427155744700223235ustar00rootroot00000000000000cdist/cdist/conf/type/__install_fstab/parameter/optional000066400000000000000000000000051427155744700240660ustar00rootroot00000000000000file cdist/cdist/conf/type/__install_fstab/singleton000066400000000000000000000000001427155744700222560ustar00rootroot00000000000000cdist/cdist/conf/type/__install_generate_fstab/000077500000000000000000000000001427155744700222155ustar00rootroot00000000000000cdist/cdist/conf/type/__install_generate_fstab/files/000077500000000000000000000000001427155744700233175ustar00rootroot00000000000000cdist/cdist/conf/type/__install_generate_fstab/files/fstab.header000066400000000000000000000000561427155744700255710ustar00rootroot00000000000000# Generated by cdist __install_generate_fstab cdist/cdist/conf/type/__install_generate_fstab/gencode-local000077500000000000000000000036041427155744700246420ustar00rootroot00000000000000#!/bin/sh -e # # 2011 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # destination="$(cat "$__object/parameter/destination")" cat "$__type/files/fstab.header" > "$destination" mkdir "$__object/files" # get current UUID's from target_host $__remote_exec "$__target_host" blkid > "$__object/files/blkid" find "$__global/object/__install_mount" -type d -name "$__cdist_object_marker" | while IFS= read -r object do device="$(cat "$object/parameter/device")" dir="$(cat "$object/parameter/dir")" type="$(cat "$object/parameter/type")" if [ -f "$object/parameter/options" ]; then options="$(cat "$object/parameter/options")" else options="defaults" fi dump=0 case "$type" in swap) pass=0 dir="$type" ;; tmpfs) pass=0 ;; bind) pass=0 type=none options="bind,$options" ;; *) pass=1 ;; esac if [ -f "$__object/parameter/uuid" ]; then uuid="$(grep -w "$device" "$__object/files/blkid" | awk '{print $2}')" if [ -n "$uuid" ]; then echo "# $dir was on $device during installation" >> "$destination" device="$uuid" fi fi echo "$device $dir $type $options $dump $pass" >> "$destination" done cdist/cdist/conf/type/__install_generate_fstab/install000066400000000000000000000000001427155744700235740ustar00rootroot00000000000000cdist/cdist/conf/type/__install_generate_fstab/man.rst000066400000000000000000000021501427155744700235200ustar00rootroot00000000000000cdist-type__install_generate_fstab(7) ===================================== NAME ---- cdist-type__install_generate_fstab - generate /etc/fstab during installation DESCRIPTION ----------- Generates a /etc/fstab file from information retrieved from __install_mount definitions. REQUIRED PARAMETERS ------------------- destination The path where to store the generated fstab file. Note that this is a path on the server, where cdist is running, not the target host. OPTIONAL PARAMETERS ------------------- None BOOLEAN PARAMETERS ------------------- uuid use UUID instead of device in fstab EXAMPLES -------- .. code-block:: sh __install_generate_fstab --destination /path/where/you/want/fstab __install_generate_fstab --uuid --destination /path/where/you/want/fstab AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2012 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__install_generate_fstab/parameter/000077500000000000000000000000001427155744700241755ustar00rootroot00000000000000cdist/cdist/conf/type/__install_generate_fstab/parameter/boolean000066400000000000000000000000051427155744700255320ustar00rootroot00000000000000uuid cdist/cdist/conf/type/__install_generate_fstab/parameter/required000066400000000000000000000000141427155744700257330ustar00rootroot00000000000000destination cdist/cdist/conf/type/__install_generate_fstab/singleton000066400000000000000000000000001427155744700241300ustar00rootroot00000000000000cdist/cdist/conf/type/__install_mkfs/000077500000000000000000000000001427155744700202045ustar00rootroot00000000000000cdist/cdist/conf/type/__install_mkfs/gencode-remote000077500000000000000000000026201427155744700230270ustar00rootroot00000000000000#!/bin/sh -e # # 2011-2013 Steven Armstrong (steven-cdist at armstrong.cc) # 2017 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # device="$(cat "$__object/parameter/device")" type="$(cat "$__object/parameter/type")" case "$type" in swap) echo "mkswap -f $device" exit 0 ;; xfs) command="mkfs.xfs -f -q" ;; vfat) command="mkfs.vfat" ;; *) command="mkfs -t $type -q" ;; esac if [ -f "$__object/parameter/options" ]; then options="$(cat "$__object/parameter/options")" command="$command $options" fi command="$command $device" if [ -f "$__object/parameter/blocks" ]; then blocks="$(cat "$__object/parameter/blocks")" command="$command $blocks" fi echo "$command" cdist/cdist/conf/type/__install_mkfs/install000066400000000000000000000000001427155744700215630ustar00rootroot00000000000000cdist/cdist/conf/type/__install_mkfs/man.rst000066400000000000000000000022601427155744700215110ustar00rootroot00000000000000cdist-type__install_mkfs(7) =========================== NAME ---- cdist-type__install_mkfs - build a linux file system DESCRIPTION ----------- This cdist type is a wrapper for the mkfs command. REQUIRED PARAMETERS ------------------- type The filesystem type to use. Same as used with mkfs -t. OPTIONAL PARAMETERS ------------------- device defaults to object_id options file system-specific options to be passed to the mkfs command blocks the number of blocks to be used for the file system EXAMPLES -------- .. code-block:: sh # reiserfs /dev/sda5 __install_mkfs /dev/sda5 --type reiserfs # same thing with explicit device __install_mkfs whatever --device /dev/sda5 --type reiserfs # jfs with journal on /dev/sda2 __install_mkfs /dev/sda1 --type jfs --options "-j /dev/sda2" SEE ALSO -------- :strong:`mkfs`\ (8) AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2011 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__install_mkfs/manifest000077500000000000000000000015331427155744700217420ustar00rootroot00000000000000#!/bin/sh -e # # 2011 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # set defaults if [ ! -f "$__object/parameter/device" ]; then device="/$__object_id" echo "$device" > "$__object/parameter/device" fi cdist/cdist/conf/type/__install_mkfs/parameter/000077500000000000000000000000001427155744700221645ustar00rootroot00000000000000cdist/cdist/conf/type/__install_mkfs/parameter/optional000066400000000000000000000000261427155744700237320ustar00rootroot00000000000000device options blocks cdist/cdist/conf/type/__install_mkfs/parameter/required000066400000000000000000000000051427155744700237220ustar00rootroot00000000000000type cdist/cdist/conf/type/__install_mount/000077500000000000000000000000001427155744700204065ustar00rootroot00000000000000cdist/cdist/conf/type/__install_mount/gencode-remote000077500000000000000000000040251427155744700232320ustar00rootroot00000000000000#!/bin/sh -e # # 2011-2013 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # get_type_from_mkfs() { _device="$1" find "$__global/object/__install_mkfs" -type d -name "$__cdist_object_marker" | while IFS= read -r mkfs_object do mkfs_device="$(cat "$mkfs_object/parameter/device")" if [ "$_device" = "$mkfs_device" ]; then cat "$mkfs_object/parameter/type" break fi done unset _device unset mkfs_device unset mkfs_object } device="$(cat "$__object/parameter/device")" dir="$(cat "$__object/parameter/dir")" prefix="$(cat "$__object/parameter/prefix")" if [ -f "$__object/parameter/type" ]; then type="$(cat "$__object/parameter/type")" else type="$(get_type_from_mkfs "$device")" # store for later use by others echo "$type" > "$__object/parameter/type" fi [ -n "$type" ] || { echo "Can't determine type for $__object" >&2 exit 1 } if [ "$type" = "swap" ]; then printf 'swapon "%s"\n' "$device" else mount_point="${prefix}${dir}" printf '[ -d "%s" ] || mkdir -p "%s"\n' "$mount_point" "$mount_point" printf 'mount' if [ "$type" = "bind" ]; then printf ' --bind' device="${prefix}${device}" else printf ' -t "%s"' "$type" fi if [ -f "$__object/parameter/options" ]; then printf ' -o %s' "$(cat "$__object/parameter/options")" fi printf ' "%s"' "$device" printf ' "%s"\n' "$mount_point" fi cdist/cdist/conf/type/__install_mount/install000066400000000000000000000000001427155744700217650ustar00rootroot00000000000000cdist/cdist/conf/type/__install_mount/man.rst000066400000000000000000000027551427155744700217240ustar00rootroot00000000000000cdist-type__install_mount(7) ============================ NAME ---- cdist-type__install_mount - mount filesystems in the installer DESCRIPTION ----------- Mounts filesystems in the installer. Collects data to generate /etc/fstab. REQUIRED PARAMETERS ------------------- device the device to mount OPTIONAL PARAMETERS ------------------- dir where to mount device. Defaults to object_id. options mount options passed to mount(8) and used in /etc/fstab type filesystem type passed to mount(8) and used in /etc/fstab. If type is swap, 'dir' is ignored. Defaults to the filesystem used in __install_mkfs for the same 'device'. prefix the prefix to prepend to 'dir' when mounting in the installer. Defaults to /target. EXAMPLES -------- .. code-block:: sh __install_mount slash --dir / --device /dev/sda5 --options noatime require="__install_mount/slash" __install_mount /boot --device /dev/sda1 __install_mount swap --device /dev/sda2 --type swap require="__install_mount/slash" __install_mount /tmp --device tmpfs --type tmpfs SEE ALSO -------- :strong:`cdist-type__install_mkfs`\ (7), :strong:`cdist-type__install_mount_apply` (7) AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2011 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__install_mount/manifest000077500000000000000000000017061427155744700221460ustar00rootroot00000000000000#!/bin/sh -e # # 2011 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # set defaults if [ ! -f "$__object/parameter/dir" ]; then dir="/$__object_id" echo "$dir" > "$__object/parameter/dir" fi if [ ! -f "$__object/parameter/prefix" ]; then prefix="/target" echo "$prefix" > "$__object/parameter/prefix" fi cdist/cdist/conf/type/__install_mount/parameter/000077500000000000000000000000001427155744700223665ustar00rootroot00000000000000cdist/cdist/conf/type/__install_mount/parameter/optional000066400000000000000000000000211427155744700241270ustar00rootroot00000000000000dir type options cdist/cdist/conf/type/__install_mount/parameter/required000066400000000000000000000000071427155744700241260ustar00rootroot00000000000000device cdist/cdist/conf/type/__install_partition_msdos/000077500000000000000000000000001427155744700224625ustar00rootroot00000000000000cdist/cdist/conf/type/__install_partition_msdos/install000066400000000000000000000000001427155744700240410ustar00rootroot00000000000000cdist/cdist/conf/type/__install_partition_msdos/man.rst000066400000000000000000000037461427155744700240010ustar00rootroot00000000000000cdist-type__install_partition_msdos(7) ====================================== NAME ---- cdist-type__install_partition_msdos - creates msdos partitions DESCRIPTION ----------- This cdist type allows you to create msdos paritions. REQUIRED PARAMETERS ------------------- type the partition type used in fdisk (such as 82 or 83) or "extended" OPTIONAL PARAMETERS ------------------- device the device we're working on. Defaults to the string prefix of --partition minor the partition number we're working on. Defaults to the numeric suffix of --partition partition defaults to object_id bootable mark partition as bootable, true or false, defaults to false size the size of the partition (such as 32M or 15G, whole numbers only), '+' for remaining space, or 'n%' for percentage of remaining (these should only be used after all specific partition sizes are specified). Defaults to +. EXAMPLES -------- .. code-block:: sh # 128MB, linux, bootable __install_partition_msdos /dev/sda1 --type 83 --size 128M --bootable true # 512MB, swap __install_partition_msdos /dev/sda2 --type 82 --size 512M # 100GB, extended __install_partition_msdos /dev/sda3 --type extended --size 100G # 10GB, linux __install_partition_msdos /dev/sda5 --type 83 --size 10G # 50% of the free space of the extended partition, linux __install_partition_msdos /dev/sda6 --type 83 --size 50% # rest of the extended partition, linux __install_partition_msdos /dev/sda7 --type 83 --size + # nvm device partition 2 __install_partition_msdos /dev/nvme0n1p2 --device /dev/nvme0n1 --minor 2 --type 83 --size 128M --bootable true AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2011-2017 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__install_partition_msdos/manifest000077500000000000000000000030161427155744700242160ustar00rootroot00000000000000#!/bin/sh -e # # 2011 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # set defaults if [ -f "$__object/parameter/partition" ]; then partition="(cat "$__object/parameter/partition")" else partition="/$__object_id" echo "$partition" > "$__object/parameter/partition" fi if [ ! -f "$__object/parameter/device" ]; then device="$(echo "$partition" | sed 's/[0-9]//g')" echo "$device" > "$__object/parameter/device" fi if [ ! -f "$__object/parameter/minor" ]; then minor="$(echo "$partition" | sed 's/[^0-9]//g')" echo "$minor" > "$__object/parameter/minor" fi if [ ! -f "$__object/parameter/bootable" ]; then echo "false" > "$__object/parameter/bootable" fi if [ ! -f "$__object/parameter/size" ]; then echo "+" > "$__object/parameter/size" fi # pull in the type that actually does something with the above parameters require="$__object_name" __install_partition_msdos_apply cdist/cdist/conf/type/__install_partition_msdos/parameter/000077500000000000000000000000001427155744700244425ustar00rootroot00000000000000cdist/cdist/conf/type/__install_partition_msdos/parameter/optional000066400000000000000000000000451427155744700262110ustar00rootroot00000000000000device minor partition bootable size cdist/cdist/conf/type/__install_partition_msdos/parameter/required000066400000000000000000000000051427155744700262000ustar00rootroot00000000000000type cdist/cdist/conf/type/__install_partition_msdos_apply/000077500000000000000000000000001427155744700236675ustar00rootroot00000000000000cdist/cdist/conf/type/__install_partition_msdos_apply/explorer/000077500000000000000000000000001427155744700255275ustar00rootroot00000000000000cdist/cdist/conf/type/__install_partition_msdos_apply/explorer/partitions000077500000000000000000000000401427155744700276430ustar00rootroot00000000000000#!/bin/sh cat /proc/partitions cdist/cdist/conf/type/__install_partition_msdos_apply/files/000077500000000000000000000000001427155744700247715ustar00rootroot00000000000000cdist/cdist/conf/type/__install_partition_msdos_apply/files/lib.sh000066400000000000000000000030171427155744700260740ustar00rootroot00000000000000#!/bin/sh die() { echo "[__install_partition_msdos_apply] $*" >&2 exit 1 } debug() { #echo "[__install_partition_msdos_apply] $*" >&2 : } fdisk_command() { device="$1" cmd="$2" debug fdisk_command "running fdisk command '${cmd}' on device ${device}" printf '%s\nw\n' "${cmd}" | fdisk -c -u "$device" ret=$? # give disk some time sleep 1 return $ret } create_disklabel() { device=$1 debug create_disklabel "creating new msdos disklabel" fdisk_command "${device}" "o" return $? } toggle_bootable() { device="$1" minor="$2" fdisk_command "${device}" "a\\n${minor}\\n" return $? } create_partition() { device="$1" minor="$2" size="$3" type="$4" primary_count="$5" if [ "$type" = "extended" ] || [ "$type" = "5" ]; then # Extended partition primary_extended='e\n' first_minor="${minor}\\n" [ "${minor}" = "4" ] && first_minor="" type_minor="${minor}\\n" [ "${minor}" = "1" ] && type_minor="" type="5" elif [ "${minor}" -lt "5" ]; then primary_extended='p\n' first_minor="${minor}\\n" [ "${minor}" = "4" ] && first_minor="" type_minor="${minor}\\n" [ "${minor}" = "1" ] && type_minor="" else # Logical partitions first_minor="${minor}\\n" type_minor="${minor}\\n" primary_extended='l\n' [ "$primary_count" -gt "3" ] && primary_extended="" fi [ -n "${size}" ] && size="+${size}M" fdisk_command "${device}" "n\\n${primary_extended}${first_minor}\\n${size}\\nt\\n${type_minor}${type}\\n" return $? } cdist/cdist/conf/type/__install_partition_msdos_apply/gencode-remote000077500000000000000000000115251427155744700265160ustar00rootroot00000000000000#!/bin/sh -e # # 2011-2013 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # #set -x die() { echo "[__install_partition_msdos_apply] $*" >&2 exit 1 } debug() { #echo "[__install_partition_msdos_apply] $*" >&2 : } # Convert a size specifier 1G 100M or 50% into the corresponding numeric MB. size_to_mb() { size=$1 available_size="$2" number_suffix="$(echo "${size}" | sed -e 's:\.[0-9]\+::' -e 's:\([0-9]\+\)\([KkMmGg%]\)[Bb]\?:\1|\2:')" number="$(echo "${number_suffix}" | cut -d '|' -f1)" suffix="$(echo "${number_suffix}" | cut -d '|' -f2)" case "$suffix" in K|k) size="$(( number / 1024 ))" ;; M|m) size="$number" ;; G|g) size="$(( number * 1024 ))" ;; %) size="$(( available_size * number / 100 ))" ;; *) size="-1" esac echo "$size" } get_objects() { objects_file=$(mktemp) find "$__global/object/__install_partition_msdos" -type d -name "$__cdist_object_marker" | while IFS= read -r object do object_device="$(cat "$object/parameter/device")" object_minor="$(cat "$object/parameter/minor")" echo "$object_device $object_minor $object" >> "$objects_file" done sort -k 1,2 "$objects_file" | cut -d' ' -f 3 rm "$objects_file" unset objects_file unset object unset object_device unset object_minor } # include function library for use on target cat "$__type/files/lib.sh" partitions="$__object/explorer/partitions" objects=$(get_objects) current_device="" available_device_size= available_extended_size= available_size= primary_count=0 for object in $objects; do device="$(cat "$object/parameter/device")" if [ "$current_device" != "$device" ]; then echo "create_disklabel '$device' || die 'Failed to create disklabel for $device'" current_device="$device" device_name=$(echo "${device}" | sed -e 's:^/dev/::;s:/:\\/:g') available_device_size=$(( $(awk "/${device_name}\$/ { print \$3; }" "$partitions") / 1024)) # make sure we don't go past the end of the drive available_device_size=$((available_device_size - 2)) available_extended_size=0 primary_count=0 debug "----- $device" debug "current_device=$current_device" debug "available_device_size=$available_device_size" fi type="$(cat "$object/parameter/type")" partition="$(cat "$object/parameter/partition")" minor="$(cat "$object/parameter/minor")" bootable="$(cat "$object/parameter/bootable")" size="$(cat "$object/parameter/size")" if [ "${minor}" -lt "5" ]; then # Primary partitions primary_count=$(( primary_count + 1 )) available_size=$available_device_size else # Logical partitions available_size=$available_extended_size fi if [ "$size" = "+" ]; then # use rest of device partition_size="" available_size=0 else partition_size=$(size_to_mb "$size" "$available_size") available_size="$(( available_size - partition_size ))" fi if [ "${minor}" -lt "5" ]; then # Primary partitions available_device_size=$available_size if [ "$type" = "extended" ] || [ "$type" = "5" ]; then # Extended partition available_extended_size=$partition_size fi else # Logical paritions available_extended_size=$available_size fi [ "$partition_size" = "-1" ] && die "could not translate size '$size' to a usable value" debug "----- $partition" debug "primary_count=$primary_count" debug "current_device=$current_device" debug "device=$device" debug "type=$type" debug "partition=$partition" debug "minor=$minor" debug "bootable=$bootable" debug "size=$size" debug "partition_size=$partition_size" debug "available_size=$available_size" debug "available_device_size=$available_device_size" debug "available_extended_size=$available_extended_size" debug "----------" echo "create_partition '$device' '$minor' '$partition_size' '$type' '$primary_count' \ || die 'Failed to create partition: $partition'" if [ "$bootable" = "true" ]; then echo "toggle_bootable '$device' '$minor' || die 'Failed to toogle bootable flag for partition: $partition'" fi done cdist/cdist/conf/type/__install_partition_msdos_apply/install000066400000000000000000000000001427155744700252460ustar00rootroot00000000000000cdist/cdist/conf/type/__install_partition_msdos_apply/man.rst000066400000000000000000000015111427155744700251720ustar00rootroot00000000000000cdist-type__install_partition_msdos_apply(7) ============================================ NAME ---- cdist-type__install_partition_msdos_apply - Apply dos partition settings DESCRIPTION ----------- Create the partitions defined with __install_partition_msdos REQUIRED PARAMETERS ------------------- None OPTIONAL PARAMETERS ------------------- None EXAMPLES -------- .. code-block:: sh __install_partition_msdos_apply SEE ALSO -------- :strong:`cdist-type__install_partition_msdos_apply`\ (7) AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2011 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__install_partition_msdos_apply/singleton000066400000000000000000000000001427155744700256020ustar00rootroot00000000000000cdist/cdist/conf/type/__install_reboot/000077500000000000000000000000001427155744700205365ustar00rootroot00000000000000cdist/cdist/conf/type/__install_reboot/gencode-remote000077500000000000000000000016641427155744700233700ustar00rootroot00000000000000#!/bin/sh -e # # 2011 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # #echo "reboot $options" cat << DONE echo 1 > /proc/sys/kernel/sysrq echo s > /proc/sysrq-trigger # close file descriptors to detach from ssh sh -c 'sleep 3; echo b > /proc/sysrq-trigger' > /dev/null 2>&1 COPYING ------- Copyright \(C) 2011 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__install_reboot/singleton000066400000000000000000000000001427155744700224510ustar00rootroot00000000000000cdist/cdist/conf/type/__install_reset_disk/000077500000000000000000000000001427155744700214005ustar00rootroot00000000000000cdist/cdist/conf/type/__install_reset_disk/gencode-remote000077500000000000000000000037161427155744700242320ustar00rootroot00000000000000#!/bin/sh -e # # 2012 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # disk="/$__object_id" disk_name="${disk##*/}" cat << DONE debug() { echo "[DEBUG] \$@" >&2 } find_md_device_names() { local disk_name="\$1" for slave in \$(find /sys/devices/virtual/block/*/slaves/ -name "\${disk_name}*"); do debug "slave: \$slave" for holder in \$slave/holders/*; do debug "holder: \$holder" if [ -d "\$holder/md" ]; then debug "mdadm found at \$holder" holder_name="\${holder##*/}" echo "\$holder_name" fi done done } # disable any enabled volume group if command -v vgchange >/dev/null; then vgchange -a n else echo "WARNING: vgchange command not found" >&2 fi # disable any running mdadm arrays related to $disk for md_name in \$(find_md_device_names "$disk_name" | sort | uniq); do echo "md_name: \$md_name" if command -v mdadm >/dev/null; then mdadm --stop "/dev/\$md_name" else echo "WARNING: mdadm command not found" >&2 echo "WARNING: could not stop active mdadm raid for disk $disk" >&2 fi done # clean disks from any legacy signatures if command -v wipefs >/dev/null; then wipefs -a "$disk" || true fi # erase partition table dd if=/dev/zero of=$disk bs=512 count=1 printf 'w\\n' | fdisk -u -c $disk || true DONE cdist/cdist/conf/type/__install_reset_disk/install000066400000000000000000000000001427155744700227570ustar00rootroot00000000000000cdist/cdist/conf/type/__install_reset_disk/man.rst000066400000000000000000000013231427155744700227040ustar00rootroot00000000000000cdist-type__install_reset_disk(7) ================================= NAME ---- cdist-type__install_reset_disk - reset a disk DESCRIPTION ----------- Remove partition table. Remove all lvm labels. Remove mdadm superblock. REQUIRED PARAMETERS ------------------- None OPTIONAL PARAMETERS ------------------- None EXAMPLES -------- .. code-block:: sh __install_reset_disk /dev/sdb AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2012 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__install_stage/000077500000000000000000000000001427155744700203475ustar00rootroot00000000000000cdist/cdist/conf/type/__install_stage/gencode-remote000077500000000000000000000020751427155744700231760ustar00rootroot00000000000000#!/bin/sh -e # # 2011-2013 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # uri="$(cat "$__object/parameter/uri" 2>/dev/null \ || echo "$__object_id")" target="$(cat "$__object/parameter/target")" if [ "$__cdist_log_level" -le "10" ] then curl="curl" tar="tar -xvzp" else curl="curl -s" tar="tar -xzp" fi if [ -f "$__object/parameter/insecure" ] ; then curl="$curl -k" fi echo "$curl '$uri' | $tar -C '$target'" cdist/cdist/conf/type/__install_stage/install000066400000000000000000000000001427155744700217260ustar00rootroot00000000000000cdist/cdist/conf/type/__install_stage/man.rst000066400000000000000000000026021427155744700216540ustar00rootroot00000000000000cdist-type__install_stage(7) ============================ NAME ---- cdist-type__install_stage - download and unpack a stage file DESCRIPTION ----------- Downloads a operating system stage using curl and unpacks it to /target using tar. The stage tarball is expected to be gzip compressed. REQUIRED PARAMETERS ------------------- uri The uri from which to fetch the tarball. Can be anything understood by curl, e.g: | http://path/to/stage.tgz | tftp:///path/to/stage.tgz | file:///local/path/stage.tgz OPTIONAL PARAMETERS ------------------- target where to unpack the tarball to. Defaults to /target. BOOLEAN PARAMETERS ------------------ insecure run curl in insecure mode so it does not check the servers ssl certificate EXAMPLES -------- .. code-block:: sh __install_stage --uri tftp:///path/to/stage.tgz __install_stage --uri http://path/to/stage.tgz --target /mnt/foobar __install_stage --uri file:///path/to/stage.tgz --target /target __install_stage --uri https://path/to/stage.tgz --target /mnt/foobar --insecure AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2011 - 2013 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__install_stage/parameter/000077500000000000000000000000001427155744700223275ustar00rootroot00000000000000cdist/cdist/conf/type/__install_stage/parameter/boolean000066400000000000000000000000111427155744700236610ustar00rootroot00000000000000insecure cdist/cdist/conf/type/__install_stage/parameter/default/000077500000000000000000000000001427155744700237535ustar00rootroot00000000000000cdist/cdist/conf/type/__install_stage/parameter/default/target000066400000000000000000000000101427155744700251530ustar00rootroot00000000000000/target cdist/cdist/conf/type/__install_stage/parameter/optional000066400000000000000000000000071427155744700240740ustar00rootroot00000000000000target cdist/cdist/conf/type/__install_stage/parameter/required000066400000000000000000000000041427155744700240640ustar00rootroot00000000000000uri cdist/cdist/conf/type/__install_stage/singleton000066400000000000000000000000001427155744700222620ustar00rootroot00000000000000cdist/cdist/conf/type/__install_umount/000077500000000000000000000000001427155744700205735ustar00rootroot00000000000000cdist/cdist/conf/type/__install_umount/gencode-remote000077500000000000000000000015171427155744700234220ustar00rootroot00000000000000#!/bin/sh -e # # 2011 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # target="$(cat "$__object/parameter/target")" echo "swapoff -a" echo "umount -l ${target}/* || true" echo "umount -l ${target}" cdist/cdist/conf/type/__install_umount/install000066400000000000000000000000001427155744700221520ustar00rootroot00000000000000cdist/cdist/conf/type/__install_umount/man.rst000066400000000000000000000014111427155744700220750ustar00rootroot00000000000000cdist-type__install_umount(7) ============================= NAME ---- cdist-type__install_umount - umount target directory DESCRIPTION ----------- This cdist type allows you to recursively umount the given target directory. REQUIRED PARAMETERS ------------------- None OPTIONAL PARAMETERS ------------------- target the mount point to umount. Defaults to object_id EXAMPLES -------- .. code-block:: sh __install_umount /target AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2011 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__install_umount/parameter/000077500000000000000000000000001427155744700225535ustar00rootroot00000000000000cdist/cdist/conf/type/__install_umount/parameter/default/000077500000000000000000000000001427155744700241775ustar00rootroot00000000000000cdist/cdist/conf/type/__install_umount/parameter/default/target000066400000000000000000000000101427155744700253770ustar00rootroot00000000000000/target cdist/cdist/conf/type/__install_umount/parameter/optional000066400000000000000000000000071427155744700243200ustar00rootroot00000000000000target cdist/cdist/conf/type/__iptables_apply/000077500000000000000000000000001427155744700205265ustar00rootroot00000000000000cdist/cdist/conf/type/__iptables_apply/files/000077500000000000000000000000001427155744700216305ustar00rootroot00000000000000cdist/cdist/conf/type/__iptables_apply/files/init-script000066400000000000000000000050351427155744700240230ustar00rootroot00000000000000#!/bin/sh ### BEGIN INIT INFO # Provides: iptables # Required-Start: $local_fs $remote_fs # Required-Stop: $local_fs $remote_fs # X-Start-Before: fail2ban # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Applies iptables ruleset # Description: Applies all rules found in /etc/iptables.d # and saves/restores previous status ### END INIT INFO # Originally written by: # Nico Schottelius # Zürisee, Mon Sep 2 18:38:27 CEST 2013 # # 2013 Nico Schottelius (nico-cdist at schottelius.org) # 2020 Matthias Stecher (matthiasstecher at gmx.de) # # This file is distributed with cdist and licenced under the # GNU GPLv3+ WITHOUT ANY WARRANTY. # Read files and execute the content with the given commands # # Arguments: # 1: Directory # 2..n: Commands which should be used to execute the file content gothrough() { cd "$1" || return shift # iterate through all rules and continue if it's not a file for rule in *; do [ -f "$rule" ] || continue echo "Appling iptables rule $rule ..." # execute it with all commands specificed ruleparam="$(cat "$rule")" for cmd in "$@"; do # Command and Rule should be split. # shellcheck disable=SC2046 command $cmd $ruleparam done done } # Shortcut for iptables command to do IPv4 and v6 # only applies to the "reset" target iptables() { command iptables "$@" command ip6tables "$@" } basedir=/etc/iptables.d status4="${basedir}/.pre-start" status6="${basedir}/.pre-start6" case $1 in start) # Save status iptables-save > "$status4" ip6tables-save > "$status6" # Apply our ruleset gothrough "$basedir" iptables #gothrough "$basedir/v4" iptables # conflicts with $basedir gothrough "$basedir/v6" ip6tables gothrough "$basedir/all" iptables ip6tables ;; stop) # Restore from status before, if there is something to restore if [ -f "$status4" ]; then iptables-restore < "$status4" fi if [ -f "$status6" ]; then ip6tables-restore < "$status6" fi ;; restart) "$0" stop && "$0" start ;; reset) for table in INPUT FORWARD OUTPUT; do iptables -P "$table" ACCEPT iptables -F "$table" done for table in PREROUTING POSTROUTING OUTPUT; do iptables -t nat -P "$table" ACCEPT iptables -t nat -F "$table" done ;; esac cdist/cdist/conf/type/__iptables_apply/gencode-remote000077500000000000000000000001631427155744700233510ustar00rootroot00000000000000#!/bin/sh -e if grep -q "^__file/etc/iptables.d/" "$__messages_in"; then echo /etc/init.d/iptables restart fi cdist/cdist/conf/type/__iptables_apply/man.rst000066400000000000000000000031351427155744700220350ustar00rootroot00000000000000cdist-type__iptables_apply(7) ============================= NAME ---- cdist-type__iptables_apply - Apply the rules DESCRIPTION ----------- This cdist type deploys an init script that triggers the configured rules and also re-applies them on configuration. Rules are written from __iptables_rule into the folder ``/etc/iptables.d/``. It reads all rules from the base folder as rules for IPv4. Rules in the subfolder ``v6/`` are IPv6 rules. Rules in the subfolder ``all/`` are applied to both rule tables. All files contain the arguments for a single ``iptables`` and/or ``ip6tables`` command. Rules are applied in the following order: 1. All IPv4 rules 2. All IPv6 rules 2. All rules that should be applied to both tables The order of the rules that will be applied are definite from the result the shell glob returns, which should be alphabetical. If rules must be applied in a special order, prefix them with a number like ``02-some-rule``. REQUIRED PARAMETERS ------------------- None OPTIONAL PARAMETERS ------------------- None EXAMPLES -------- None (__iptables_apply is used by __iptables_rule automatically) SEE ALSO -------- :strong:`cdist-type__iptables_rule`\ (7), :strong:`iptables`\ (8) AUTHORS ------- Nico Schottelius Matthias Stecher COPYING ------- Copyright \(C) 2013 Nico Schottelius. Copyright \(C) 2020 Matthias Stecher. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__iptables_apply/manifest000077500000000000000000000016001427155744700222570ustar00rootroot00000000000000#!/bin/sh -e # # 2013 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # __file /etc/init.d/iptables \ --source "$__type/files/init-script" \ --state present \ --mode 0755 require="__file/etc/init.d/iptables" __start_on_boot iptables cdist/cdist/conf/type/__iptables_apply/singleton000066400000000000000000000000001427155744700224410ustar00rootroot00000000000000cdist/cdist/conf/type/__iptables_rule/000077500000000000000000000000001427155744700203505ustar00rootroot00000000000000cdist/cdist/conf/type/__iptables_rule/man.rst000066400000000000000000000054331427155744700216620ustar00rootroot00000000000000cdist-type__iptables_rule(7) ============================ NAME ---- cdist-type__iptables_rule - Deploy iptable rulesets DESCRIPTION ----------- This cdist type allows you to manage iptable rules in a distribution independent manner. See :strong:`cdist-type__iptables_apply`\ (7) for the execution order of these rules. It will be executed automaticly to apply all rules non-volaite. REQUIRED PARAMETERS ------------------- rule The rule to apply. Essentially an iptables command line without iptables in front of it. OPTIONAL PARAMETERS ------------------- state 'present' or 'absent', defaults to 'present' BOOLEAN PARAMETERS ------------------ All rules without any of these parameters will be treated like ``--v4`` because of backward compatibility. v4 Explicitly set it as rule for IPv4. If IPv6 is set, too, it will be threaten like ``--all``. Will be the default if nothing else is set. v6 Explicitly set it as rule for IPv6. If IPv4 is set, too, it will be threaten like ``--all``. all Set the rule for both IPv4 and IPv6. It will be saved separately from the other rules. EXAMPLES -------- .. code-block:: sh # Deploy some policies __iptables_rule policy-in --rule "-P INPUT DROP" __iptables_rule policy-out --rule "-P OUTPUT ACCEPT" __iptables_rule policy-fwd --rule "-P FORWARD DROP" # The usual established rule __iptables_rule established --rule "-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT" # Some service rules __iptables_rule http --rule "-A INPUT -p tcp --dport 80 -j ACCEPT" __iptables_rule ssh --rule "-A INPUT -p tcp --dport 22 -j ACCEPT" __iptables_rule https --rule "-A INPUT -p tcp --dport 443 -j ACCEPT" # Ensure some rules are not present anymore __iptables_rule munin --rule "-A INPUT -p tcp --dport 4949 -j ACCEPT" \ --state absent # IPv4-only rule for ICMPv4 __iptables_rule icmp-v4 --v4 --rule "-A INPUT -p icmp -j ACCEPT" # IPv6-only rule for ICMPv6 __iptables_rule icmp-v6 --v6 --rule "-A INPUT -p icmpv6 -j ACCEPT" # doing something for the dual stack __iptables_rule fwd-eth0-eth1 --v4 --v6 --rule "-A INPUT -i eth0 -o eth1 -j ACCEPT" __iptables_rule fwd-eth1-eth0 --all --rule "-A -o eth1 -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT" SEE ALSO -------- :strong:`cdist-type__iptables_apply`\ (7), :strong:`iptables`\ (8) AUTHORS ------- Nico Schottelius Matthias Stecher COPYING ------- Copyright \(C) 2013 Nico Schottelius. Copyright \(C) 2020 Matthias Stecher. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__iptables_rule/manifest000077500000000000000000000042341427155744700221070ustar00rootroot00000000000000#!/bin/sh -e # # 2013 Nico Schottelius (nico-cdist at schottelius.org) # 2020 Matthias Stecher (matthiasstecher at gmx.de) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # base_dir=/etc/iptables.d name="$__object_id" state="$(cat "$__object/parameter/state")" if [ -f "$__object/parameter/v4" ]; then only_v4="yes" # $specific_dir is $base_dir fi if [ -f "$__object/parameter/v6" ]; then only_v6="yes" specific_dir="$base_dir/v6" fi # If rules should be set for both protocols if { [ "$only_v4" = "yes" ] && [ "$only_v6" = "yes" ]; } || [ -f "$__object/parameter/all" ]; then # all to a specific directory specific_dir="$base_dir/all" fi # set rule directory based on if it's the base or subdirectory rule_dir="${specific_dir:-$base_dir}" ################################################################################ # Basic setup # __directory "$base_dir" --state present # sub-directory if required if [ "$specific_dir" ]; then require="__directory/$base_dir" __directory "$specific_dir" --state present fi # Have apply do the real job require="$__object_name" __iptables_apply ################################################################################ # The rule # for dir in "$base_dir" "$base_dir/v6" "$base_dir/all"; do # defaults to absent except the directory that should contain the file if [ "$rule_dir" = "$dir" ]; then curr_state="$state" else curr_state="absent" fi require="__directory/$rule_dir" __file "$dir/$name" \ --source "$__object/parameter/rule" \ --state "$curr_state" done cdist/cdist/conf/type/__iptables_rule/parameter/000077500000000000000000000000001427155744700223305ustar00rootroot00000000000000cdist/cdist/conf/type/__iptables_rule/parameter/boolean000066400000000000000000000000121427155744700236630ustar00rootroot00000000000000all v4 v6 cdist/cdist/conf/type/__iptables_rule/parameter/default/000077500000000000000000000000001427155744700237545ustar00rootroot00000000000000cdist/cdist/conf/type/__iptables_rule/parameter/default/state000066400000000000000000000000101427155744700250060ustar00rootroot00000000000000present cdist/cdist/conf/type/__iptables_rule/parameter/optional000066400000000000000000000000061427155744700240740ustar00rootroot00000000000000state cdist/cdist/conf/type/__iptables_rule/parameter/required000066400000000000000000000000051427155744700240660ustar00rootroot00000000000000rule cdist/cdist/conf/type/__issue/000077500000000000000000000000001427155744700166465ustar00rootroot00000000000000cdist/cdist/conf/type/__issue/files/000077500000000000000000000000001427155744700177505ustar00rootroot00000000000000cdist/cdist/conf/type/__issue/files/archlinux000066400000000000000000000000541427155744700216670ustar00rootroot00000000000000Arch Linux \r (\n) (\l) (cdist automated) cdist/cdist/conf/type/__issue/files/default000066400000000000000000000000521427155744700213140ustar00rootroot00000000000000Some OS \r (\n) (\l) (cdist automated) cdist/cdist/conf/type/__issue/files/redhat000066400000000000000000000001061427155744700211370ustar00rootroot00000000000000Red Hat Enterprise Linux Server (cdist-automated) Kernel \r on an \m cdist/cdist/conf/type/__issue/man.rst000066400000000000000000000014421427155744700201540ustar00rootroot00000000000000cdist-type__issue(7) ==================== NAME ---- cdist-type__issue - Manage issue DESCRIPTION ----------- This cdist type allows you to easily setup /etc/issue. REQUIRED PARAMETERS ------------------- None. OPTIONAL PARAMETERS ------------------- source If supplied, use this file as /etc/issue instead of default. EXAMPLES -------- .. code-block:: sh __issue # When called from another type __issue --source "$__type/files/myfancyissue" AUTHORS ------- Nico Schottelius COPYING ------- Copyright \(C) 2011 Nico Schottelius. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__issue/manifest000077500000000000000000000022271427155744700204050ustar00rootroot00000000000000#!/bin/sh -e # # 2011-2012 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # destination=/etc/issue os="$(cat "$__global/explorer/os")" if [ -f "$__object/parameter/source" ]; then source="$(cat "$__object/parameter/source")" if [ "$source" = "-" ]; then source="${__object}/stdin" fi else case "$os" in archlinux|redhat) source="$__type/files/$os" ;; *) source="$__type/files/default" ;; esac fi __file "$destination" --source "$source" cdist/cdist/conf/type/__issue/parameter/000077500000000000000000000000001427155744700206265ustar00rootroot00000000000000cdist/cdist/conf/type/__issue/parameter/optional000066400000000000000000000000071427155744700223730ustar00rootroot00000000000000source cdist/cdist/conf/type/__issue/singleton000066400000000000000000000000001427155744700205610ustar00rootroot00000000000000cdist/cdist/conf/type/__jail/000077500000000000000000000000001427155744700164355ustar00rootroot00000000000000cdist/cdist/conf/type/__jail/man.rst000066400000000000000000000061201427155744700177410ustar00rootroot00000000000000cdist-type__jail(7) =================== NAME ---- cdist-type__jail - Manage FreeBSD jails DESCRIPTION ----------- This type is used on FreeBSD to manage jails by calling the appropriate per-version subtype. REQUIRED PARAMETERS ------------------- state Either "present" or "absent", defaults to "present". jailbase The location of the .tgz archive containing the base fs for your jails. OPTIONAL PARAMETERS ------------------- name The name of the jail. Default is to use the object_id as the jail name. ip The ifconfig style IP/netmask combination to use for the jail guest. If the state parameter is "present," this parameter is required. hostname The FQDN to use for the jail guest. Defaults to the name parameter. interface The name of the physical interface on the jail server to bind the jail to. Defaults to the first interface found in the output of ifconfig -l. devfs-ruleset The name of the devfs ruleset to associate with the jail. Defaults to "jailrules." This ruleset must be copied to the server via another type. To use this option, devfs-enable must be "true." jaildir The location on the remote server to use for hosting jail filesystems. Defaults to /usr/jail. BOOLEAN PARAMETERS ------------------ stopped Do not start the jail devfs-disable Whether to disallow devfs mounting within the jail onboot Whether to add the jail to rc.conf's jail_list variable. CAVEATS ------- This type does not currently support modification of jail options. If, for example a jail needs to have its IP address or netmask changed, the jail must be removed then re-added with the correct IP address/netmask or the appropriate line (jail__ip="...") modified within rc.conf through some alternate means. MESSAGES -------- start The jail was started stop The jail was stopped create: The jail was created delete The jail was deleted onboot The jail was configured to start on boot EXAMPLES -------- .. code-block:: sh # Create a jail called www __jail www --state present --ip "192.168.1.2" --jailbase /my/jail/base.tgz # Remove the jail called www __jail www --state absent --jailbase /my/jail/base.tgz # The jail www should not be started __jail www --state present --stopped \ --ip "192.168.1.2 netmask 255.255.255.0" \ --jailbase /my/jail/base.tgz # Use the name variable explicitly __jail thisjail --state present --name www \ --ip "192.168.1.2" \ --jailbase /my/jail/base.tgz # Go nuts __jail lotsofoptions --state present --name testjail \ --ip "192.168.1.100 netmask 255.255.255.0" \ --hostname "testjail.example.com" --interface "em0" \ --onboot --jailbase /my/jail/base.tgz --jaildir /jails SEE ALSO -------- :strong:`jail`\ (8) AUTHORS ------- Jake Guffey COPYING ------- Copyright \(C) 2012,2016 Jake Guffey. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__jail/manifest000077500000000000000000000025511427155744700201740ustar00rootroot00000000000000#!/bin/sh -e # # 2012 Jake Guffey (jake.guffey at eprotex.com) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # The __jail type creates, configures, and deletes FreeBSD jails for use as # virtual machines. # # Debug #exec >&2 #set -x # Can only be used on FreeBSD os="$(cat "$__global/explorer/os")" if [ ! "$os" = "freebsd" ]; then echo "__jail can only be used on FreeBSD targets!" >&2 exit 1 fi jaildir="$(cat "$__object/parameter/jaildir")" __directory "${jaildir}" --parents set -- "$@" "$__object_id" cd "$__object/parameter" for property in *; do set -- "$@" "--$property" "$(cat "$property")" done if grep -q '^10\.' "$(cat "$__global/explorer/os_version")" ; then # Version is 10.x __jail_freebsd10 "$@" else __jail_freebsd9 "$@" fi # Debug #set +x cdist/cdist/conf/type/__jail/parameter/000077500000000000000000000000001427155744700204155ustar00rootroot00000000000000cdist/cdist/conf/type/__jail/parameter/boolean000066400000000000000000000000351427155744700217550ustar00rootroot00000000000000onboot stopped devfs-disable cdist/cdist/conf/type/__jail/parameter/default/000077500000000000000000000000001427155744700220415ustar00rootroot00000000000000cdist/cdist/conf/type/__jail/parameter/default/devfs-ruleset000066400000000000000000000000121427155744700245450ustar00rootroot00000000000000jailrules cdist/cdist/conf/type/__jail/parameter/default/jailbase000066400000000000000000000000011427155744700235250ustar00rootroot00000000000000 cdist/cdist/conf/type/__jail/parameter/default/jaildir000066400000000000000000000000121427155744700233730ustar00rootroot00000000000000/usr/jail cdist/cdist/conf/type/__jail/parameter/default/state000066400000000000000000000000101427155744700230730ustar00rootroot00000000000000present cdist/cdist/conf/type/__jail/parameter/optional000066400000000000000000000001001427155744700221540ustar00rootroot00000000000000name ip hostname interface devfs-ruleset jaildir jailbase state cdist/cdist/conf/type/__jail_freebsd10/000077500000000000000000000000001427155744700202705ustar00rootroot00000000000000cdist/cdist/conf/type/__jail_freebsd10/explorer/000077500000000000000000000000001427155744700221305ustar00rootroot00000000000000cdist/cdist/conf/type/__jail_freebsd10/explorer/basepresent000077500000000000000000000022321427155744700243700ustar00rootroot00000000000000#!/bin/sh # # 2012 Jake Guffey (jake.guffey at eprotex.com) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # See if the jailbase.tgz or $jaildir/base dir exists # # Debug #exec >&2 #set -x if [ -f "$__object/parameter/jaildir" ]; then jaildir="$(cat "$__object/parameter/jaildir")" else jaildir="/usr/jail" fi name="base:jailbase.tgz" out="" save_IFS="$IFS" IFS=":" for cur in $name; do if [ -e "${jaildir}/$cur" ]; then out="${out}:${cur}" fi done IFS="$save_IFS" if [ -z "$out" ]; then echo "NONE" else echo "${out}" fi # Debug #set +x cdist/cdist/conf/type/__jail_freebsd10/explorer/present000077500000000000000000000021041427155744700235330ustar00rootroot00000000000000#!/bin/sh # # 2012 Jake Guffey (jake.guffey at eprotex.com) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # See if the requested jail exists # # Debug #exec >&2 #set -x if [ -f "$__object/parameter/name" ]; then name="$(cat "$__object/parameter/name")" else name=$__object_id fi if [ -f "$__object/parameter/jaildir" ]; then jaildir="$(cat "$__object/parameter/jaildir")" else jaildir="/usr/jail" fi [ -d "${jaildir}/$name" ] && echo "EXISTS" || echo "NOTEXIST" #set +x cdist/cdist/conf/type/__jail_freebsd10/explorer/status000077500000000000000000000023601427155744700234020ustar00rootroot00000000000000#!/bin/sh # # 2012 Jake Guffey (jake.guffey at eprotex.com) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # See if the requested jail is started # # Debug #exec >&2 #set -x if [ -f "$__object/parameter/name" ]; then name="$(cat "$__object/parameter/name")" else name="$__object_id" fi if [ -f "$__object/parameter/jaildir" ]; then jaildir="$(cat "$__object/parameter/jaildir")" else jaildir="/usr/jail" fi # backslash-escaped $jaildir sjaildir="$(echo ${jaildir} | sed 's#/#\\/#g')" jls_output="$(jls | grep "[ ]${sjaildir}\\/${name}\$")" || true if [ -n "${jls_output}" ]; then echo "STARTED" else echo "NOTSTART" fi # Debug #set +x cdist/cdist/conf/type/__jail_freebsd10/gencode-local000077500000000000000000000031361427155744700227150ustar00rootroot00000000000000#!/bin/sh -e # # 2012 Jake Guffey (jake.guffey at eprotex.com) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # The __jail type creates, configures, and deletes FreeBSD jails for use as # virtual machines. # # Debug #exec >&2 #set -x jaildir="$(cat "$__object/parameter/jaildir")" jailbase="$(cat "$__object/parameter/jailbase")" state="$(cat "$__object/parameter/state")" if [ "$state" = "present" ] && [ -z "$jailbase" ]; then exec >&2 echo "jailbase is a REQUIRED parameter when state=present!" exit 1 fi remotebase="${jaildir}/jailbase.tgz" basepresent="$(cat "$__object/explorer/basepresent")" if [ "$state" = "present" ]; then if [ "$basepresent" = "NONE" ]; then # IPv6 fix if echo "${__target_host}" | grep -q -E '^[0-9a-fA-F:]+$' then my_target_host="[${__target_host}]" else my_target_host="${__target_host}" fi echo "$__remote_copy" "${jailbase}" "${my_target_host}:${remotebase}" fi # basepresent=NONE fi # state=present # Debug #set +x cdist/cdist/conf/type/__jail_freebsd10/gencode-remote000077500000000000000000000264011427155744700231160ustar00rootroot00000000000000#!/bin/sh -e # # 2012,2014,2016 Jake Guffey (jake.guffey at jointheirstm.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # The __jail_freebsd10 type creates, configures, and deletes FreeBSD # jails for use as virtual machines on FreeBSD 10.x. # # Debug #exec >&2 #set -x if [ -f "$__object/parameter/name" ]; then name="$(cat "$__object/parameter/name")" else name="$__object_id" fi state="$(cat "$__object/parameter/state")" started="true" # If the user wants the jail gone, it implies it shouldn't be started. { [ -f "$__object/parameter/stopped" ] || [ "$state" = "absent" ]; } && started="false" if [ -f "$__object/parameter/ip" ]; then ip="$(cat "$__object/parameter/ip")" else # IP is an optional param when $state=absent, but # when $state=present, it's required. Enforce this. if [ "$state" = "present" ]; then exec >&2 printf 'If --state is "present", --ip must be given\!\n' exit 1 fi fi if [ -f "$__object/parameter/hostname" ]; then hostname="$(cat "$__object/parameter/hostname")" else hostname="$name" fi if [ -f "$__object/parameter/devfs-disable" ]; then devfsenable="false" else devfsenable="true" fi devfsruleset="$(cat "$__object/parameter/devfs-ruleset")" # devfs_ruleset being defined without devfs_enable being true # is pointless. Treat this as an error. if [ -n "$devfsruleset" ] && [ "$devfsenable" = "false" ]; then exec >&2 echo "Can't have --devfs-ruleset defined with --devfs-disable" exit 1 fi if [ -f "$__object/parameter/onboot" ]; then onboot="true" fi jaildir="$(cat "$__object/parameter/jaildir")" present="$(cat "$__object/explorer/present")" #present="$(cat "$__type/explorer/present")" status="$(cat "$__object/explorer/status")" # Handle ip="addr, addr" format if [ "$(expr "${ip}" : ".*, .*")" -gt "0" ]; then SAVE_IFS="$IFS" IFS=", " for cur_ip in ${ip}; do # Just get the last IP address for SSH to listen on mgmt_ip=$(echo "${cur_ip}" | cut '-d ' -f1) # In case using "ip netmask" format rather than CIDR done IFS="$SAVE_IFS" else mgmt_ip=$(echo "${ip}" | cut '-d ' -f1) # In case using "ip netmask" format rather than CIDR fi stopJail() { # Check $status before issuing command if [ "$status" = "STARTED" ]; then echo "/etc/rc.d/jail stop ${name}" echo "stop" >> "$__messages_out" fi } startJail() { # Check $status before issuing command if [ "$status" = "NOTSTART" ]; then echo "/etc/rc.d/jail start ${name}" echo "start" >> "$__messages_out" fi } deleteJail() { # Unmount the jail's mountpoints if necessary cat <=1 rw mount is mounted still for DIR in "\${output}"; do umount -F "/etc/fstab.${name}" "\$(echo "${DIR}" | awk '{print \$3}')" done fi output="\$(mount | grep "\\/${name} (")" || true if [ -n "\${output}" ]; then # ro mount is mounted still umount -F "/etc/fstab.${name}" "\$(echo "\${output}" | awk '{print \$3}')" fi EOF # Remove the jail's rw mountpoints echo "rm -rf \"${jaildir}/rw/${name}\"" # Remove the jail directory echo "rm -rf \"${jaildir}/${name}\"" # Remove the jail's fstab echo "rm -f \"/etc/fstab.${name}\"" # Remove jail entry from jail.conf cat <> "$__messages_out" } createJail() { # Create the jail directory cat <> "$__messages_out" # Create the ro+rw mountpoint entries in fstab cat </etc/fstab.${name} <>/etc/rc.conf elif [ ! "\$(echo \$jail_enable | tr '[a-z]' '[A-Z]' | tr -d '"')" = "YES" ]; then # jail_enable="NO" sed -i '.bak' 's/^jail_enable=.*$/jail_enable="YES"/g' /etc/rc.conf # fix this -^ rm -f /etc/rc.conf.bak fi jailfile=/etc/jail.conf jailheader="${name} {" jaildata="path=\"${jaildir}/${name}\";" if [ "$devfsenable" = "true" ]; then jaildata="\$jaildata mount.devfs;" else jaildata="\$jaildata mount.nodevfs;" fi jaildata="\$jaildata host.hostname=\"${hostname}\"; ip4.addr=\"${ip}\"; exec.start=\"/bin/sh /etc/rc\"; exec.stop=\"/bin/sh /etc/rc.shutdown\"; exec.consolelog=\"/var/log/jail_${name}_console.log\"; mount.fstab=\"/etc/fstab.${name}\"; allow.mount; exec.clean; allow.set_hostname=0; allow.sysvipc=0; allow.raw_sockets=0;" jailtrailer="}" if [ "$devfsenable" = "true" ] && [ "${devfsruleset}" = "jailrules" ]; then # The default ruleset is to be used if [ ! -f /etc/devfs.rules ]; then touch /etc/devfs.rules fi if [ -z "\$(grep '\\[jailrules=' /etc/devfs.rules)" ]; then # The default ruleset doesn't exist # Get the highest-numbered ruleset highest="\$(sed -n 's/\\[.*=\\([0-9]*\\)\\]/\\1/pg' /etc/devfs.rules | sort -u | tail -n 1)" || true # increment by 1 [ -z "\$highest" ] && highest=10 let num="\${highest}+1" 2>&1 >/dev/null # Close the FD==fail... # add default ruleset cat >>/etc/devfs.rules <>\"\$jailfile\"" # Add $name to jail_list if $onboot=yes if [ "$onboot" = "yes" ]; then # first check to see whether jail_enable="YES" exists in rc.conf or not and add it # if necessary cat <> "$__messages_out" fi # Add the normal entries into the jail's rc.conf cat <"${jaildir}/rw/${name}/etc/rc.conf" echo sshd_enable=\"YES\" >>"${jaildir}/rw/${name}/etc/rc.conf" echo sendmail_enable=\"NONE\" >>"${jaildir}/rw/${name}/etc/rc.conf" echo syslogd_enable=\"YES\" >>"${jaildir}/rw/${name}/etc/rc.conf" echo syslogd_flags=\"-ss\" >>"${jaildir}/rw/${name}/etc/rc.conf" EOF # Configure SSHd's listening address cat <= 10.0 to manage jails. REQUIRED PARAMETERS ------------------- state Either "present" or "absent", defaults to "present". jailbase The location of the .tgz archive containing the base fs for your jails. OPTIONAL PARAMETERS ------------------- name The name of the jail. Default is to use the object_id as the jail name. ip The ifconfig style IP/netmask combination to use for the jail guest. If the state parameter is "present," this parameter is required. hostname The FQDN to use for the jail guest. Defaults to the name parameter. interface The name of the physical interface on the jail server to bind the jail to. Defaults to the first interface found in the output of ifconfig -l. devfs-ruleset The name of the devfs ruleset to associate with the jail. Defaults to "jailrules." This ruleset must be copied to the server via another type. To use this option, devfs-enable must be "true." jaildir The location on the remote server to use for hosting jail filesystems. Defaults to /usr/jail. BOOLEAN PARAMETERS ------------------ stopped Do not start the jail devfs-disable Whether to disallow devfs mounting within the jail onboot Whether to add the jail to rc.conf's jail_list variable. CAVEATS ------- This type does not currently support modification of jail options. If, for example a jail needs to have its IP address or netmask changed, the jail must be removed then re-added with the correct IP address/netmask or the appropriate modifications to jail.conf need to be made through alternate means. MESSAGES -------- start The jail was started stop The jail was stopped create: The jail was created delete The jail was deleted onboot The jail was configured to start on boot EXAMPLES -------- .. code-block:: sh # Create a jail called www __jail_freebsd10 www --state present --ip "192.168.1.2" --jailbase /my/jail/base.tgz # Remove the jail called www __jail_freebsd10 www --state absent --jailbase /my/jail/base.tgz # The jail www should not be started __jail_freebsd10 www --state present --stopped \ --ip "192.168.1.2 netmask 255.255.255.0" \ --jailbase /my/jail/base.tgz # Use the name variable explicitly __jail_freebsd10 thisjail --state present --name www \ --ip "192.168.1.2" \ --jailbase /my/jail/base.tgz # Go nuts __jail_freebsd10 lotsofoptions --state present --name testjail \ --ip "192.168.1.100 netmask 255.255.255.0" \ --hostname "testjail.example.com" --interface "em0" \ --onboot --jailbase /my/jail/base.tgz --jaildir /jails SEE ALSO -------- :strong:`jail`\ (8) AUTHORS ------- Jake Guffey COPYING ------- Copyright \(C) 2012-2016 Jake Guffey. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__jail_freebsd10/parameter/000077500000000000000000000000001427155744700222505ustar00rootroot00000000000000cdist/cdist/conf/type/__jail_freebsd10/parameter/boolean000066400000000000000000000000351427155744700236100ustar00rootroot00000000000000onboot stopped devfs-disable cdist/cdist/conf/type/__jail_freebsd10/parameter/default/000077500000000000000000000000001427155744700236745ustar00rootroot00000000000000cdist/cdist/conf/type/__jail_freebsd10/parameter/default/devfs-ruleset000066400000000000000000000000121427155744700264000ustar00rootroot00000000000000jailrules cdist/cdist/conf/type/__jail_freebsd10/parameter/default/jailbase000066400000000000000000000000011427155744700253600ustar00rootroot00000000000000 cdist/cdist/conf/type/__jail_freebsd10/parameter/default/jaildir000066400000000000000000000000121427155744700252260ustar00rootroot00000000000000/usr/jail cdist/cdist/conf/type/__jail_freebsd10/parameter/default/state000066400000000000000000000000101427155744700247260ustar00rootroot00000000000000present cdist/cdist/conf/type/__jail_freebsd10/parameter/optional000066400000000000000000000001001427155744700240070ustar00rootroot00000000000000name ip hostname interface devfs-ruleset jaildir jailbase state cdist/cdist/conf/type/__jail_freebsd9/000077500000000000000000000000001427155744700202205ustar00rootroot00000000000000cdist/cdist/conf/type/__jail_freebsd9/explorer/000077500000000000000000000000001427155744700220605ustar00rootroot00000000000000cdist/cdist/conf/type/__jail_freebsd9/explorer/basepresent000077500000000000000000000022321427155744700243200ustar00rootroot00000000000000#!/bin/sh # # 2012 Jake Guffey (jake.guffey at eprotex.com) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # See if the jailbase.tgz or $jaildir/base dir exists # # Debug #exec >&2 #set -x if [ -f "$__object/parameter/jaildir" ]; then jaildir="$(cat "$__object/parameter/jaildir")" else jaildir="/usr/jail" fi name="base:jailbase.tgz" out="" save_IFS="$IFS" IFS=":" for cur in $name; do if [ -e "${jaildir}/$cur" ]; then out="${out}:${cur}" fi done IFS="$save_IFS" if [ -z "$out" ]; then echo "NONE" else echo "${out}" fi # Debug #set +x cdist/cdist/conf/type/__jail_freebsd9/explorer/present000077500000000000000000000021041427155744700234630ustar00rootroot00000000000000#!/bin/sh # # 2012 Jake Guffey (jake.guffey at eprotex.com) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # See if the requested jail exists # # Debug #exec >&2 #set -x if [ -f "$__object/parameter/name" ]; then name="$(cat "$__object/parameter/name")" else name=$__object_id fi if [ -f "$__object/parameter/jaildir" ]; then jaildir="$(cat "$__object/parameter/jaildir")" else jaildir="/usr/jail" fi [ -d "${jaildir}/$name" ] && echo "EXISTS" || echo "NOTEXIST" #set +x cdist/cdist/conf/type/__jail_freebsd9/explorer/status000077500000000000000000000023601427155744700233320ustar00rootroot00000000000000#!/bin/sh # # 2012 Jake Guffey (jake.guffey at eprotex.com) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # See if the requested jail is started # # Debug #exec >&2 #set -x if [ -f "$__object/parameter/name" ]; then name="$(cat "$__object/parameter/name")" else name="$__object_id" fi if [ -f "$__object/parameter/jaildir" ]; then jaildir="$(cat "$__object/parameter/jaildir")" else jaildir="/usr/jail" fi # backslash-escaped $jaildir sjaildir="$(echo ${jaildir} | sed 's#/#\\/#g')" jls_output="$(jls | grep "[ ]${sjaildir}\\/${name}\$")" || true if [ -n "${jls_output}" ]; then echo "STARTED" else echo "NOTSTART" fi # Debug #set +x cdist/cdist/conf/type/__jail_freebsd9/gencode-local000077500000000000000000000030621427155744700226430ustar00rootroot00000000000000#!/bin/sh -e # # 2012 Jake Guffey (jake.guffey at eprotex.com) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # The __jail type creates, configures, and deletes FreeBSD jails for use as # virtual machines. # jaildir="$(cat "$__object/parameter/jaildir")" jailbase="$(cat "$__object/parameter/jailbase")" state="$(cat "$__object/parameter/state")" if [ "$state" = "present" ] && [ -z "$jailbase" ]; then exec >&2 echo "jailbase is a REQUIRED parameter when state=present!" exit 1 fi remotebase="${jaildir}/jailbase.tgz" basepresent="$(cat "$__object/explorer/basepresent")" if [ "$state" = "present" ]; then if [ "$basepresent" = "NONE" ]; then # IPv6 fix if echo "${__target_host}" | grep -q -E '^[0-9a-fA-F:]+$' then my_target_host="[${__target_host}]" else my_target_host="${__target_host}" fi echo "$__remote_copy" "${jailbase}" "${my_target_host}:${remotebase}" fi # basepresent=NONE fi # state=present cdist/cdist/conf/type/__jail_freebsd9/gencode-remote000077500000000000000000000255161427155744700230540ustar00rootroot00000000000000#!/bin/sh -e # # 2012,2014,2016 Jake Guffey (jake.guffey at jointheirstm.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # The __jail_freebsd9 type creates, configures, and deletes FreeBSD jails # for use as virtual machines on FreeBSD 9.x and before. # # Debug #exec >&2 #set -x if [ -f "$__object/parameter/name" ]; then name="$(cat "$__object/parameter/name")" else name="$__object_id" fi state="$(cat "$__object/parameter/state")" started="true" # If the user wants the jail gone, it implies it shouldn't be started. { [ -f "$__object/parameter/stopped" ] || [ "$state" = "absent" ]; } && started="false" if [ -f "$__object/parameter/ip" ]; then ip="$(cat "$__object/parameter/ip")" else # IP is an optional param when $state=absent, but # when $state=present, it's required. Enforce this. if [ "$state" = "present" ]; then exec >&2 printf 'If --state is "present", --ip must be given\!\n' exit 1 fi fi if [ -f "$__object/parameter/hostname" ]; then hostname="$(cat "$__object/parameter/hostname")" else hostname="$name" fi if [ -f "$__object/parameter/interface" ]; then interface="$(cat "$__object/parameter/interface")" fi if [ -f "$__object/parameter/devfs-disable" ]; then devfsenable="false" else devfsenable="true" fi devfsruleset="$(cat "$__object/parameter/devfs-ruleset")" # devfs_ruleset being defined without devfs_enable being true # is pointless. Treat this as an error. if [ -n "$devfsruleset" ] && [ "$devfsenable" = "false" ]; then exec >&2 echo "Can't have --devfs-ruleset defined with --devfs-disable" exit 1 fi if [ -f "$__object/parameter/onboot" ]; then onboot="true" fi jaildir="$(cat "$__object/parameter/jaildir")" present="$(cat "$__object/explorer/present")" status="$(cat "$__object/explorer/status")" # Handle ip="iface|addr, iface|addr" format if [ "$(expr "${ip}" : ".*|.*")" -gt "0" ]; then # If we have multiple IPs defined, $interface doesn't make sense because ip="iface|addr, iface|addr" implies it interface="" SAVE_IFS="$IFS" IFS=", " for cur_ip in ${ip}; do # Just get the last IP address for SSH to listen on mgmt_ip=$(echo "${cur_ip}" | sed -E -e 's/^.*\|(.*)\/[0-9]+$/\1/') done IFS="$SAVE_IFS" else mgmt_ip=$(echo "${ip}" | cut '-d ' -f1) fi stopJail() { # Check $status before issuing command if [ "$status" = "STARTED" ]; then echo "/etc/rc.d/jail stop ${name}" echo "stop" >> "$__messages_out" fi } startJail() { # Check $status before issuing command if [ "$status" = "NOTSTART" ]; then echo "/etc/rc.d/jail start ${name}" echo "start" >> "$__messages_out" fi } deleteJail() { # Unmount the jail's mountpoints if necessary cat <=1 rw mount is mounted still for DIR in "\${output}"; do umount -F "/etc/fstab.${name}" "\$(echo "${DIR}" | awk '{print \$3}')" done fi output="\$(mount | grep "\\/${name} (")" || true if [ -n "\${output}" ]; then # ro mount is mounted still umount -F "/etc/fstab.${name}" "\$(echo "\${output}" | awk '{print \$3}')" fi EOF # Remove the jail's rw mountpoints echo "rm -rf \"${jaildir}/rw/${name}\"" # Remove the jail directory echo "rm -rf \"${jaildir}/${name}\"" # Remove the jail's fstab echo "rm -f \"/etc/fstab.${name}\"" # Remove jail_$name_* lines from rc.conf cat <> "$__messages_out" } createJail() { # Create the jail directory cat <> "$__messages_out" # Create the ro+rw mountpoint entries in fstab cat </etc/fstab.${name} <>/etc/rc.conf elif [ ! "\$(echo \$jail_enable | tr '[a-z]' '[A-Z]')" = "YES" ]; then # jail_enable="NO" sed -i '.bak' 's/^jail_enable=.*$/jail_enable="YES"/g' /etc/rc.conf # fix this -^ rm -f /etc/rc.conf.bak fi cat >>/etc/rc.conf <>/etc/rc.conf <>/etc/rc.conf <>/etc/rc.conf <&- >&- # add default ruleset cat >>/etc/devfs.rules <> "$__messages_out" fi # Add the normal entries into the jail's rc.conf cat <"${jaildir}/rw/${name}/etc/rc.conf" echo sshd_enable=\"YES\" >>"${jaildir}/rw/${name}/etc/rc.conf" echo sendmail_enable=\"NONE\" >>"${jaildir}/rw/${name}/etc/rc.conf" echo syslogd_enable=\"YES\" >>"${jaildir}/rw/${name}/etc/rc.conf" echo syslogd_flags=\"-ss\" >>"${jaildir}/rw/${name}/etc/rc.conf" EOF # Configure SSHd's listening address cat <_ip="...") modified within rc.conf through some alternate means. MESSAGES -------- start The jail was started stop The jail was stopped create: The jail was created delete The jail was deleted onboot The jail was configured to start on boot EXAMPLES -------- .. code-block:: sh # Create a jail called www __jail_freebsd9 www --state present --ip "192.168.1.2" --jailbase /my/jail/base.tgz # Remove the jail called www __jail_freebsd9 www --state absent --jailbase /my/jail/base.tgz # The jail www should not be started __jail_freebsd9 www --state present --stopped \ --ip "192.168.1.2 netmask 255.255.255.0" \ --jailbase /my/jail/base.tgz # Use the name variable explicitly __jail_freebsd9 thisjail --state present --name www \ --ip "192.168.1.2" \ --jailbase /my/jail/base.tgz # Go nuts __jail_freebsd9 lotsofoptions --state present --name testjail \ --ip "192.168.1.100 netmask 255.255.255.0" \ --hostname "testjail.example.com" --interface "em0" \ --onboot --jailbase /my/jail/base.tgz --jaildir /jails SEE ALSO -------- :strong:`jail`\ (8) AUTHORS ------- Jake Guffey COPYING ------- Copyright \(C) 2012-2016 Jake Guffey. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__jail_freebsd9/parameter/000077500000000000000000000000001427155744700222005ustar00rootroot00000000000000cdist/cdist/conf/type/__jail_freebsd9/parameter/boolean000066400000000000000000000000351427155744700235400ustar00rootroot00000000000000onboot stopped devfs-disable cdist/cdist/conf/type/__jail_freebsd9/parameter/default/000077500000000000000000000000001427155744700236245ustar00rootroot00000000000000cdist/cdist/conf/type/__jail_freebsd9/parameter/default/devfs-ruleset000066400000000000000000000000121427155744700263300ustar00rootroot00000000000000jailrules cdist/cdist/conf/type/__jail_freebsd9/parameter/default/jailbase000066400000000000000000000000011427155744700253100ustar00rootroot00000000000000 cdist/cdist/conf/type/__jail_freebsd9/parameter/default/jaildir000066400000000000000000000000121427155744700251560ustar00rootroot00000000000000/usr/jail cdist/cdist/conf/type/__jail_freebsd9/parameter/default/state000066400000000000000000000000101427155744700246560ustar00rootroot00000000000000present cdist/cdist/conf/type/__jail_freebsd9/parameter/optional000066400000000000000000000001001427155744700237370ustar00rootroot00000000000000name ip hostname interface devfs-ruleset jaildir jailbase state cdist/cdist/conf/type/__key_value/000077500000000000000000000000001427155744700175025ustar00rootroot00000000000000cdist/cdist/conf/type/__key_value/explorer/000077500000000000000000000000001427155744700213425ustar00rootroot00000000000000cdist/cdist/conf/type/__key_value/explorer/state000077500000000000000000000060421427155744700224120ustar00rootroot00000000000000#!/bin/sh # # 2011 Steven Armstrong (steven-cdist at armstrong.cc) # 2014 Daniel Heule (hda at sfs.biz) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # key="$(cat "$__object/parameter/key" 2>/dev/null \ || echo "$__object_id")" state="$(cat "$__object/parameter/state")" file="$(cat "$__object/parameter/file")" if [ ! -f "$file" ]; then echo "nosuchfile" exit fi delimiter="$(cat "$__object/parameter/delimiter")" value="$(cat "$__object/parameter/value" 2>/dev/null \ || echo "__CDIST_NOTSET__")" if [ -f "$__object/parameter/exact_delimiter" ]; then exact_delimiter=1 else exact_delimiter=0 fi export key state delimiter value exact_delimiter awk_bin=$(PATH=$(getconf PATH 2>/dev/null) && command -v awk || echo awk) "${awk_bin}" -f - "$file" <<"AWK_EOF" BEGIN { state=ENVIRON["state"] key=ENVIRON["key"] delimiter=ENVIRON["delimiter"] value=ENVIRON["value"] exact_delimiter=ENVIRON["exact_delimiter"] found=0 } # enter the main loop { i = index($0,key) if(i == 1) { delval = substr($0,length(key)+1) delpos = index(delval,delimiter) if(delpos == 0) { # in this case, the delimiter was not found next } if(delpos > 1) { spaces = substr(delval,1,delpos-1) sub(/[ \t]*/,"",spaces) if( length(spaces) > 0 ) { # if there are not only spaces between key and delimiter, # continue since we we are on the wrong line next } if( exact_delimiter == 1) { # we have key and delimiter, but since additional spaces are not alowed # return wrongformat found=1 print "wrongformat" exit } } found=1 if(state == "absent") { # on state absent, only the ocurance is relevant, so exit here print "present" exit } linevalue=substr(delval,delpos + length(delimiter)) if(exact_delimiter == 0){ #ok, now strip tabs and whitespaces at the beginning of the value sub(/[ \t]*/,"",linevalue) } # Key with separator found if(linevalue == value) { # exact match found, so state is present print "present" } else { print "wrongvalue" } exit } } END { if(found == 0) print "absent" } AWK_EOF cdist/cdist/conf/type/__key_value/files/000077500000000000000000000000001427155744700206045ustar00rootroot00000000000000cdist/cdist/conf/type/__key_value/files/remote_script.sh000066400000000000000000000057271427155744700240320ustar00rootroot00000000000000#!/bin/sh key="$(cat "$__object/parameter/key" 2>/dev/null \ || echo "$__object_id")" state="$(cat "$__object/parameter/state")" file="$(cat "$__object/parameter/file")" delimiter="$(cat "$__object/parameter/delimiter")" value="$(cat "$__object/parameter/value" 2>/dev/null \ || echo "__CDIST_NOTSET__")" export key state delimiter value if [ -f "$__object/parameter/exact_delimiter" ]; then exact_delimiter=1 else exact_delimiter=0 fi export exact_delimiter tmpfile=$(mktemp "${file}.cdist.XXXXXXXXXX") # preserve ownership and permissions by copying existing file over tmpfile if [ -f "$file" ]; then cp -p "$file" "$tmpfile" else touch "$file" fi awk_bin=$(PATH=$(getconf PATH 2>/dev/null) && command -v awk || echo awk) "${awk_bin}" -f - "$file" >"$tmpfile" <<"AWK_EOF" BEGIN { # import variables in a secure way .. state=ENVIRON["state"] key=ENVIRON["key"] delimiter=ENVIRON["delimiter"] value=ENVIRON["value"] comment=ENVIRON["comment"] exact_delimiter=ENVIRON["exact_delimiter"] inserted=0 lastline="" lastlinepopulated=0 line=key delimiter value } # enter the main loop { # I dont use regex, this is by design, so we can match against every value without special meanings of chars ... i = index($0,key) if(i == 1) { delval = substr($0,length(key)+1) delpos = index(delval,delimiter) if(delpos > 1) { spaces = substr(delval,1,delpos-1) sub(/[ \t]*/,"",spaces) if( length(spaces) > 0 ) { # if there are not only spaces between key and delimiter, # continue since we we are on the wrong line if(lastlinepopulated == 1) { print lastline } lastline=$0 lastlinepopulated=1 next } } if(state == "absent") { if(lastline == comment) { # if comment is present, clear lastlinepopulated flag lastlinepopulated=0 } # if absent, simple yump over this line next } else { # if comment is present and not present in last line if (lastlinepopulated == 1) { print lastline if( comment != "" && lastline != comment) { print comment } lastlinepopulated=0 } inserted=1 # state is present, so insert correct line here print line lastline=line next } } else { if(lastlinepopulated == 1) { print lastline } lastline=$0 lastlinepopulated=1 } } END { if(lastlinepopulated == 1) { print lastline } if(inserted == 0 && state == "present" ) { if(comment != "" && lastline != comment){ print comment } print line } } AWK_EOF mv -f "$tmpfile" "$file" cdist/cdist/conf/type/__key_value/gencode-remote000077500000000000000000000044161427155744700223320ustar00rootroot00000000000000#!/bin/sh -e # # 2011 Steven Armstrong (steven-cdist at armstrong.cc) # 2012-2014 Nico Schottelius (nico-cdist at schottelius.org) # 2014 Daniel Heule (hda at sfs.biz) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # state_should="$(cat "$__object/parameter/state")" state_is="$(cat "$__object/explorer/state")" fire_onchange='' if [ "$state_is" = "$state_should" ]; then exit 0 fi # here we check only if the states are valid, # emit messages and # let awk do the work ... case "$state_should" in absent) case "$state_is" in absent|nosuchfile) # nothing to do ;; wrongformat|wrongvalue|present) echo "remove" >> "$__messages_out" fire_onchange=1 ;; *) echo "Unknown explorer state: $state_is" >&2 exit 1 ;; esac ;; present) case "$state_is" in nosuchfile) echo "create" >> "$__messages_out" fire_onchange=1 ;; absent) echo "insert" >> "$__messages_out" fire_onchange=1 ;; wrongformated|wrongvalue) echo "change" >> "$__messages_out" fire_onchange=1 ;; present) # nothing to do ;; *) echo "Unknown explorer state: $state_is" >&2 exit 1 ;; esac ;; *) echo "Unknown state: $state_should" >&2 exit 1 ;; esac cat "$__type/files/remote_script.sh" if [ -n "$fire_onchange" ]; then cat "$__object/parameter/onchange" fi cdist/cdist/conf/type/__key_value/man.rst000066400000000000000000000046541427155744700210200ustar00rootroot00000000000000cdist-type__key_value(7) ======================== NAME ---- cdist-type__key_value - Change property values in files DESCRIPTION ----------- This cdist type allows you to change values in a key value based config file. REQUIRED PARAMETERS ------------------- file The file to operate on. delimiter The delimiter which separates the key from the value. OPTIONAL PARAMETERS ------------------- state present or absent, defaults to present. If present, sets the key to value, if absent, removes the key from the file. key The key to change. Defaults to object_id. value The value for the key. Optional if state=absent, required otherwise. comment If supplied, the value will be inserted before the line with the key, but only if the key or value must be changed. You need to ensure yourself that the line is prefixed with the correct comment sign. (for example # or ; or wathever ..) onchange The code to run if the key or value changes (i.e. is inserted, removed or replaced). BOOLEAN PARAMETERS ------------------ exact_delimiter If supplied, treat additional whitespaces between key, delimiter and value as wrong value. MESSAGES -------- remove Removed existing key and value insert Added key and value change Changed value of existing key create A new line was inserted in a new file EXAMPLES -------- .. code-block:: sh # Set the maximum system user id __key_value SYS_UID_MAX --file /etc/login.defs --value 666 --delimiter ' ' # Same with fancy id __key_value my-fancy-id --file /etc/login.defs --key SYS_UID_MAX --value 666 \ --delimiter ' ' # Enable packet forwarding __key_value net.ipv4.ip_forward --file /etc/sysctl.conf --value 1 \ --delimiter ' = ' --comment '# my linux kernel should act as a router' # Remove existing key/value __key_value LEGACY_KEY --file /etc/somefile --state absent --delimiter '=' MORE INFORMATION ---------------- This type try to handle as many values as possible, so it doesn't use regexes. So you need to exactly specify the key and delimiter. Delimiter can be of any length. AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2011 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__key_value/manifest000077500000000000000000000017121427155744700212370ustar00rootroot00000000000000#!/bin/sh -e # # 2011 Steven Armstrong (steven-cdist at armstrong.cc) # 2012 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # state_should="$(cat "$__object/parameter/state")" if [ "$state_should" = "present" ] && [ ! -f "$__object/parameter/value" ]; then echo "Missing required parameter 'value'" >&2 exit 1 fi cdist/cdist/conf/type/__key_value/parameter/000077500000000000000000000000001427155744700214625ustar00rootroot00000000000000cdist/cdist/conf/type/__key_value/parameter/boolean000066400000000000000000000000201427155744700230140ustar00rootroot00000000000000exact_delimiter cdist/cdist/conf/type/__key_value/parameter/default/000077500000000000000000000000001427155744700231065ustar00rootroot00000000000000cdist/cdist/conf/type/__key_value/parameter/default/comment000066400000000000000000000000011427155744700244620ustar00rootroot00000000000000 cdist/cdist/conf/type/__key_value/parameter/default/onchange000066400000000000000000000000001427155744700246010ustar00rootroot00000000000000cdist/cdist/conf/type/__key_value/parameter/default/state000066400000000000000000000000101427155744700241400ustar00rootroot00000000000000present cdist/cdist/conf/type/__key_value/parameter/optional000066400000000000000000000000411427155744700232250ustar00rootroot00000000000000key value state comment onchange cdist/cdist/conf/type/__key_value/parameter/required000066400000000000000000000000171427155744700232230ustar00rootroot00000000000000file delimiter cdist/cdist/conf/type/__keyboard/000077500000000000000000000000001427155744700173165ustar00rootroot00000000000000cdist/cdist/conf/type/__keyboard/man.rst000066400000000000000000000011241427155744700206210ustar00rootroot00000000000000cdist-type__keyboard(7) ======================= NAME ---- cdit-type__keyboard - Set keyboard layout DESCRIPTION ----------- This cdist type allows you to modify keyboard layout. REQUIRED PARAMETERS ------------------- type Any valid type, for example "us" EXAMPLES -------- .. code-block:: sh # Set keyboard type to "us" __keyboard --type "us" AUTHORS ------- Carlos Ortigoza COPYING ------- Copyright \(C) 2016 Carlos Ortigoza. Free use of this software is granted under the terms of the GNU General Public License v3 or later (GPLv3+). cdist/cdist/conf/type/__keyboard/manifest000077500000000000000000000032011427155744700210460ustar00rootroot00000000000000#!/bin/sh -e # # Carlos Ortigoza (carlos.ortigoza at ungleich.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Configure keyboard type by modifying /etc/sysconfig/keyboard file. # os=$(cat "$__global/explorer/os") keyboard_type="$(cat "$__object/parameter/type")" case "$os" in centos) __file /etc/sysconfig/keyboard \ --owner root --group root --mode 644 \ --state exists require="__file/etc/sysconfig/keyboard" \ __key_value KEYTABLE \ --file /etc/sysconfig/keyboard \ --delimiter '=' \ --value "\"$keyboard_type\"" require="__file/etc/sysconfig/keyboard" \ __key_value LAYOUT \ --file /etc/sysconfig/keyboard \ --delimiter '=' \ --value "\"$keyboard_type\"" ;; *) echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2 echo "Please contribute an implementation for it if you can." >&2 exit 1 ;; esac cdist/cdist/conf/type/__keyboard/parameter/000077500000000000000000000000001427155744700212765ustar00rootroot00000000000000cdist/cdist/conf/type/__keyboard/parameter/required000066400000000000000000000000051427155744700230340ustar00rootroot00000000000000type cdist/cdist/conf/type/__keyboard/singleton000066400000000000000000000000001427155744700212310ustar00rootroot00000000000000cdist/cdist/conf/type/__letsencrypt_cert/000077500000000000000000000000001427155744700211075ustar00rootroot00000000000000cdist/cdist/conf/type/__letsencrypt_cert/explorer/000077500000000000000000000000001427155744700227475ustar00rootroot00000000000000cdist/cdist/conf/type/__letsencrypt_cert/explorer/certificate-data000077500000000000000000000035751427155744700261000ustar00rootroot00000000000000#!/bin/sh -e certbot_path="$(command -v certbot 2>/dev/null || true)" # Defaults certificate_exists="no" certificate_is_test="no" if [ -n "${certbot_path}" ]; then # Find python executable that has access to certbot's module python_path=$(sed -n '1s/^#! *//p' "${certbot_path}") # Use a lock for cdist due to certbot not exiting with failure # or having any flags for concurrent use. _certbot() { ${python_path} - 2>/dev/null <> /dev/stderr exit 1 ;; esac hook_contents_tail="$(cat <> "${__messages_out:?}" ;; present) domain_param_file="${__object}/parameter/domain" requested_domains=$(mktemp "${TMPDIR:-/tmp}/domain.cdist.XXXXXXXXXX") if [ -f "${domain_param_file}" ]; then cp "${domain_param_file}" "${requested_domains}" else echo "$__object_id" >> "${requested_domains}" fi staging=no if [ -f "${__object}/parameter/staging" ]; then staging=yes fi if [ "${certificate_exists}" = "yes" ]; then existing_domains=$(mktemp "${TMPDIR:-/tmp}/existing_domains.cdist.XXXXXXXXXX") tail -n +4 "${__object:?}/explorer/certificate-data" | grep -v '^$' > "${existing_domains}" certificate_is_test="$(_explorer_var certificate_is_test)" sort -uo "${requested_domains}" "${requested_domains}" sort -uo "${existing_domains}" "${existing_domains}" if [ -z "$(comm -23 "${requested_domains}" "${existing_domains}")" ] && \ [ "${certificate_is_test}" = "${staging}" ]; then exit 0 fi fi admin_email="$(cat "$__object/parameter/admin-email")" webroot="$(cat "$__object/parameter/webroot")" cat <<-EOF certbot certonly \ --agree-tos \ --cert-name '${name}' \ --email '${admin_email}' \ --expand \ --non-interactive \ --quiet \ $(if [ "${staging}" = "yes" ]; then echo "--staging" elif [ "${certificate_is_test}" != "${staging}" ]; then echo "--force-renewal" fi) \ $(if [ -z "${webroot}" ]; then echo "--standalone" else echo "--webroot --webroot-path '${webroot}'" fi) \ $(while read -r domain; do echo "--domain '${domain}' \\" done < "${requested_domains}") EOF rm -f "${requested_domains}" if [ "${certificate_exists}" = "no" ]; then echo create >> "${__messages_out}" else echo change >> "${__messages_out}" fi ;; *) echo "Unsupported state: ${state}" >&2 exit 1 ;; esac cdist/cdist/conf/type/__letsencrypt_cert/man.rst000066400000000000000000000115541427155744700224220ustar00rootroot00000000000000cdist-type__letsencrypt_cert(7) =============================== NAME ---- cdist-type__letsencrypt_cert - Get an SSL certificate from Let's Encrypt DESCRIPTION ----------- Automatically obtain a Let's Encrypt SSL certificate using Certbot. This type attempts to setup automatic renewals always. In many Linux distributions, that is the case out of the box, see: https://certbot.eff.org/docs/using.html#automated-renewals For Alpine Linux and Arch Linux, we setup a system-wide cronjob that attempts to renew certificates daily. If you are using FreeBSD, we configure periodic(8) as recommended by the port mantainer, so there will be a weekly attempt at renewal. If your OS is not mentioned here or on Certbot's docs as having support for automated renewals, please make sure you check your OS and possibly patch this type so the system-wide cronjob is installed. REQUIRED PARAMETERS ------------------- object id A cert name. If domain parameter is not specified then it is used as a domain to be included in the certificate. admin-email Where to send Let's Encrypt emails like "certificate needs renewal". OPTIONAL PARAMETERS ------------------- state 'present' or 'absent', defaults to 'present' where: present if the certificate does not exist, it will be obtained absent the certificate will be removed webroot The path to your webroot, as set up in your webserver config. If this parameter is not present, Certbot will be run in standalone mode. OPTIONAL MULTIPLE PARAMETERS ---------------------------- domain Domains to be included in the certificate. When specified then object id is not used as a domain. deploy-hook Command to be executed only when the certificate associated with this ``$__object_id`` is issued or renewed. You can specify it multiple times, but any failure will prevent further commands from being executed. For this command, the shell variable ``$RENEWED_LINEAGE`` will point to the config live subdirectory (for example, ``/etc/letsencrypt/live/${__object_id}``) containing the new certificates and keys; the shell variable ``$RENEWED_DOMAINS`` will contain a space-delimited list of renewed certificate domains (for example, ``example.com www.example.com``) pre-hook Command to be run in a shell before obtaining any certificates. You can specify it multiple times, but any failure will prevent further commands from being executed. Note these run regardless of which certificate is attempted, you may want to manage these system-wide hooks with ``__file`` in ``/etc/letsencrypt/renewal-hooks/pre/``. Intended primarily for renewal, where it can be used to temporarily shut down a webserver that might conflict with the standalone plugin. This will only be called if a certificate is actually to be obtained/renewed. post-hook Command to be run in a shell after attempting to obtain/renew certificates. You can specify it multiple times, but any failure will prevent further commands from being executed. Note these run regardless of which certificate was attempted, you may want to manage these system-wide hooks with ``__file`` in ``/etc/letsencrypt/renewal-hooks/post/``. Can be used to deploy renewed certificates, or to restart any servers that were stopped by --pre-hook. This is only run if an attempt was made to obtain/renew a certificate. BOOLEAN PARAMETERS ------------------ staging Obtain a test certificate from a staging server. MESSAGES -------- change Certificate was changed. create Certificate was created. remove Certificate was removed. EXAMPLES -------- .. code-block:: sh # use object id as domain __letsencrypt_cert example.com \ --admin-email root@example.com \ --deploy-hook "service nginx reload" \ --webroot /data/letsencrypt/root .. code-block:: sh # domain parameter is specified so object id is not used as domain # and example.com needs to be included again with domain parameter __letsencrypt_cert example.com \ --admin-email root@example.com \ --domain example.com \ --domain foo.example.com \ --domain bar.example.com \ --deploy-hook "service nginx reload" \ --webroot /data/letsencrypt/root AUTHORS ------- | Nico Schottelius | Kamila SouÄková | Darko Poljak | Ľubomír KuÄera | Evilham COPYING ------- Copyright \(C) 2017-2021 Nico Schottelius, Kamila SouÄková, Darko Poljak and Ľubomír KuÄera. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__letsencrypt_cert/manifest000066400000000000000000000102341427155744700226400ustar00rootroot00000000000000#!/bin/sh certbot_fullpath="$(grep "^certbot_path:" "${__object:?}/explorer/certificate-data" | cut -d ':' -f 2-)" state=$(cat "${__object}/parameter/state") os="$(cat "${__global:?}/explorer/os")" if [ -z "${certbot_fullpath}" ]; then os_version="$(cat "${__global}/explorer/os_version")" # Use this, very common value, as a default. It is OS-dependent certbot_fullpath="/usr/bin/certbot" case "$os" in archlinux) __package certbot ;; alpine) __package certbot ;; debian) case "$os_version" in 8*) __apt_source jessie-backports \ --uri http://http.debian.net/debian \ --distribution jessie-backports \ --component main require="__apt_source/jessie-backports" __package_apt python-certbot \ --target-release jessie-backports require="__apt_source/jessie-backports" __package_apt certbot \ --target-release jessie-backports # Seems to be a missing dependency on debian 8 __package python-ndg-httpsclient ;; 9*) __apt_source stretch-backports \ --uri http://http.debian.net/debian \ --distribution stretch-backports \ --component main require="__apt_source/stretch-backports" __package_apt python-certbot \ --target-release stretch-backports require="__apt_source/stretch-backports" __package_apt certbot \ --target-release stretch-backports ;; 10*|11*) __package_apt certbot ;; *) echo "Unsupported OS version: $os_version" >&2 exit 1 ;; esac ;; devuan) case "$os_version" in jessie) __apt_source jessie-backports \ --uri http://auto.mirror.devuan.org/merged \ --distribution jessie-backports \ --component main require="__apt_source/jessie-backports" __package_apt python-certbot \ --target-release jessie-backports require="__apt_source/jessie-backports" __package_apt certbot \ --target-release jessie-backports # Seems to be a missing dependency on debian 8 __package python-ndg-httpsclient ;; ascii*) __apt_source ascii-backports \ --uri http://auto.mirror.devuan.org/merged \ --distribution ascii-backports \ --component main require="__apt_source/ascii-backports" __package_apt certbot \ --target-release ascii-backports ;; beowulf*) __package_apt certbot ;; *) echo "Unsupported OS version: $os_version" >&2 exit 1 ;; esac ;; freebsd) __package py37-certbot certbot_fullpath="/usr/local/bin/certbot" ;; ubuntu) __package certbot ;; *) echo "Unsupported os: $os" >&2 exit 1 ;; esac fi # Other OS-dependent values that we want to set every time LE_DIR="/etc/letsencrypt" certbot_cronjob_state="absent" case "$os" in archlinux|alpine) certbot_cronjob_state="present" ;; freebsd) LE_DIR="/usr/local/etc/letsencrypt" # FreeBSD uses periodic(8) instead of crontabs for this __line "periodic.conf_weekly_certbot" \ --file "/etc/periodic.conf" \ --regex "^(#[[:space:]]*)?weekly_certbot_enable=.*" \ --state "replace" \ --line 'weekly_certbot_enable="YES"' ;; *) ;; esac # This is only necessary in certain OS __cron letsencrypt-certbot \ --user root \ --command "${certbot_fullpath} renew -q" \ --hour 0 \ --minute 47 \ --state "${certbot_cronjob_state}" # Ensure hook directories HOOKS_DIR="${LE_DIR}/renewal-hooks" __directory "${LE_DIR}" --mode 0755 require="__directory/${LE_DIR}" __directory "${HOOKS_DIR}" --mode 0755 if [ -f "${__object}/parameter/domain" ]; then domains="$(sort "${__object}/parameter/domain")" else domains="${__object_id}" fi # Install hooks as needed for hook in deploy pre post; do # Using something unique and specific to this object hook_file="${HOOKS_DIR}/${hook}/${__object_id}.cdist.sh" # This defines hook_contents # shellcheck source=cdist/conf/type/__letsencrypt_cert/files/gen_hook.sh . "${__type}/files/gen_hook.sh" # Ensure hook directory exists require="__directory/${HOOKS_DIR}" __directory "${HOOKS_DIR}/${hook}" \ --mode 0755 require="__directory/${HOOKS_DIR}/${hook}" __file "${hook_file}" \ --mode 0555 \ --source '-' \ --state "${hook_state}" <. # if [ -f "$__object/parameter/file" ]; then file=$(cat "$__object/parameter/file") else file="/$__object_id" fi [ -f "$file" ] || exit 0 if [ -f "$__object/parameter/before" ]; then position="before" elif [ -f "$__object/parameter/after" ]; then position="after" else # By default we append to the end of the file. position="end" fi if [ -f "$__object/parameter/regex" ]; then needle="regex" else needle="line" fi awk -v position="$position" -v needle="$needle" ' function _find(_text, _pattern) { if (needle == "regex") { return match(_text, _pattern) } else { return index(_text, _pattern) == 1 } } BEGIN { getline anchor < (ENVIRON["__object"] "/parameter/" position) getline pattern < (ENVIRON["__object"] "/parameter/" needle) getline line < (ENVIRON["__object"] "/parameter/line") found_line = 0 correct_line = 0 correct_pos = (position != "after" && position != "before") } { if (position == "after") { if (match($0, anchor)) { getline if (_find($0, pattern)) { found_line++ if (index($0, line) == 1) { correct_line++ } correct_pos = 1 exit 0 } } else if (_find($0, pattern)) { found_line++ if (index($0, line) == 1) { correct_line++ } } } else if (position == "before") { if (_find($0, pattern)) { found_line++ if (index($0, line) == 1) { correct_line++ } getline if (match($0, anchor)) { correct_pos = 1 exit 0 } } } else { if (_find($0, pattern)) { found_line++ if (index($0, line) == 1) { correct_line++ } exit 0 } } } END { if (found_line && correct_pos) { if (correct_line) { print "present" } else { print "matching" } } else if (found_line) { print "wrongposition" } else { print "absent" } } ' "$file" cdist/cdist/conf/type/__line/gencode-remote000077500000000000000000000070751427155744700213010ustar00rootroot00000000000000#!/bin/sh -e # # 2018 Steven Armstrong (steven-cdist at armstrong.cc) # 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # if [ -f "$__object/parameter/before" ] && [ -f "$__object/parameter/after" ]; then echo "Use either --before OR --after but not both." >&2 exit 1 fi if [ -f "$__object/parameter/file" ]; then file="$(cat "$__object/parameter/file")" else file="/$__object_id" fi state_should="$(cat "$__object/parameter/state")" state_is="$(cat "$__object/explorer/state")" if [ -z "$state_is" ]; then printf 'The file "%s" is missing. Please create it before using %s on it.\n' "$file" "${__type##*/}" >&2 exit 1 fi if [ "$state_should" = "$state_is" ] || \ { [ "$state_should" = "present" ] && [ "$state_is" = "matching" ] ;} || \ { [ "$state_should" = "replace" ] && [ "$state_is" = "present" ] ;} ; then # If state matches already, or 'present' is used and regex matches # or 'replace' is used and the exact line is present, then there is # nothing to do exit 0 fi if [ -f "$__object/parameter/before" ]; then position="before" elif [ -f "$__object/parameter/after" ]; then position="after" else # By default we append to the end of the file. position="end" fi if [ -f "$__object/parameter/regex" ]; then needle="regex" else needle="line" fi add=0 remove=0 case "$state_should" in present|replace) if [ "$state_is" = "wrongposition" ] || [ "$state_is" = "matching" ]; then echo updated >> "$__messages_out" remove=1 else echo added >> "$__messages_out" fi add=1 ;; absent) echo removed >> "$__messages_out" remove=1 ;; esac cat << DONE tmpfile=\$(mktemp ${file}.cdist.XXXXXXXXXX) # preserve ownership and permissions of existing file if [ -f "$file" ]; then cp -p "$file" "\$tmpfile" fi awk -v position="$position" -v needle="$needle" -v remove=$remove -v add=$add ' function _find(_text, _pattern) { if (needle == "regex") { return match(_text, _pattern) } else { return index(_text, _pattern) } } BEGIN { line_file = ENVIRON["__object"] "/parameter/line" getline line < line_file # Need to close line file as it may be re-read as pattern below. close(line_file) getline pattern < (ENVIRON["__object"] "/parameter/" needle) getline anchor < (ENVIRON["__object"] "/parameter/" position) } { if (remove) { if (_find(\$0, pattern)) { # skip over this line -> remove it next } } if (add) { if (anchor && match(\$0, anchor)) { if (position == "before") { print line add = 0 print } else if (position == "after") { print print line add = 0 } next } } print } END { if (add) { print line } } ' "$file" > "\$tmpfile" mv -f "\$tmpfile" "$file" DONE if [ -f "$__object/parameter/onchange" ]; then cat "$__object/parameter/onchange" fi cdist/cdist/conf/type/__line/man.rst000066400000000000000000000056161427155744700177620ustar00rootroot00000000000000cdist-type__line(7) =================== NAME ---- cdist-type__line - Manage lines in files DESCRIPTION ----------- This cdist type allows you to add lines and remove lines from files. REQUIRED PARAMETERS ------------------- None. OPTIONAL PARAMETERS ------------------- after Insert the given line after this pattern. before Insert the given line before this pattern. file If supplied, use this as the destination file. Otherwise the object_id is used. line Specifies the line which should be absent or present. Must be present, if state is 'present' or 'replace'. Ignored if regex is given and state is 'absent'. regex If state is 'present', search for this pattern and if it matches add the given line. If state is 'absent', ensure all lines matching the regular expression are absent. If state is 'replace', ensure all lines matching the regular expression are exactly 'line'. The regular expression is interpreted by awk's match function. state 'present', 'absent' or 'replace', defaults to 'present'. onchange The code to run if line is added, removed or updated. BOOLEAN PARAMETERS ------------------ None. MESSAGES -------- added The line was added. updated The line or its position was changed. removed The line was removed. EXAMPLES -------- .. code-block:: sh # Manage a hosts entry for www.example.com. __line /etc/hosts \ --line '127.0.0.2 www.example.com' # Manage another hosts entry for test.example.com. __line hosts:test.example.com \ --file /etc/hosts \ --line '127.0.0.3 test.example.com' # Remove the line starting with TIMEZONE from the /etc/rc.conf file. __line legacy_timezone \ --file /etc/rc.conf \ --regex 'TIMEZONE=.*' \ --state absent # Insert a line before another one. __line password-auth-local:classify \ --file /etc/pam.d/password-auth-local \ --line '-session required pam_exec.so debug log=/tmp/classify.log /usr/local/libexec/classify' \ --before '^session[[:space:]]+include[[:space:]]+password-auth-ac$' # Insert a line after another one. __line password-auth-local:classify \ --file /etc/pam.d/password-auth-local \ --line '-session required pam_exec.so debug log=/tmp/classify.log /usr/local/libexec/classify' \ --after '^session[[:space:]]+include[[:space:]]+password-auth-ac$' # Uncomment as needed and set a value in a configuration file. __line /etc/example.conf \ --line 'SomeSetting SomeValue' \ --regex '^(#[[:space:]]*)?SomeSetting[[:space:]]' \ --state replace SEE ALSO -------- :strong:`cdist-type`\ (7) AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2018 Steven Armstrong. Free use of this software is granted under the terms of the GNU General Public License version 3 (GPLv3). cdist/cdist/conf/type/__line/parameter/000077500000000000000000000000001427155744700204255ustar00rootroot00000000000000cdist/cdist/conf/type/__line/parameter/default/000077500000000000000000000000001427155744700220515ustar00rootroot00000000000000cdist/cdist/conf/type/__line/parameter/default/state000066400000000000000000000000101427155744700231030ustar00rootroot00000000000000present cdist/cdist/conf/type/__line/parameter/optional000066400000000000000000000000541427155744700221740ustar00rootroot00000000000000after before file line regex state onchange cdist/cdist/conf/type/__link/000077500000000000000000000000001427155744700164535ustar00rootroot00000000000000cdist/cdist/conf/type/__link/explorer/000077500000000000000000000000001427155744700203135ustar00rootroot00000000000000cdist/cdist/conf/type/__link/explorer/state000077500000000000000000000042511427155744700213630ustar00rootroot00000000000000#!/bin/sh # # 2012-2014 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # destination="/$__object_id" type="$(cat "$__object/parameter/type")" source="$(cat "$__object/parameter/source")" # no destination? -> state is absent if [ ! -e "$destination" ]; then echo absent exit 0 fi destination_dir="${destination%/*}" case "$type" in symbolic) cd "$destination_dir" || exit 1 if [ -h "$destination" ]; then source_is=$(readlink "$destination") # ignore trailing slashes for comparison if [ "${source_is%/}" = "${source%/}" ]; then echo present else echo wrongsource fi else echo absent fi ;; hard) cd "$destination_dir" || exit 1 # check source relative to destination_dir if [ ! -e "$source" ]; then echo sourcemissing exit 0 fi # Currently not worth the effor to change it, stat is not defined by POSIX # and different OSes has different implementations for it. # shellcheck disable=SC2012 destination_inode=$(ls -i "$destination" | awk '{print $1}') # Currently not worth the effor to change it, stat is not defined by POSIX # and different OSes has different implementations for it. # shellcheck disable=SC2012 source_inode=$(ls -i "$source" | awk '{print $1}') if [ "$destination_inode" -eq "$source_inode" ]; then echo present else echo absent fi ;; *) echo "Unknown type: $type" >&2 exit 1 ;; esac cdist/cdist/conf/type/__link/explorer/type000077500000000000000000000026771427155744700212360ustar00rootroot00000000000000#!/bin/sh # # 2013 Steven Armstrong (steven-cdist armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Mostly a wrapper for ln # destination="/$__object_id" if [ ! -e "$destination" ]; then echo none elif [ -h "$destination" ]; then echo symlink elif [ -f "$destination" ]; then type="$(cat "$__object/parameter/type")" case "$type" in hard) # Currently not worth the effor to change it, stat is not defined by POSIX # and different OSes has different implementations for it. # shellcheck disable=SC2012 link_count=$(ls -l "$destination" | awk '{ print $2 }') if [ "$link_count" -gt 1 ]; then echo hardlink exit 0 fi ;; esac echo file elif [ -d "$destination" ]; then echo directory else echo unknown fi cdist/cdist/conf/type/__link/gencode-remote000077500000000000000000000045141427155744700213020ustar00rootroot00000000000000#!/bin/sh -e # # 2011-2012 Nico Schottelius (nico-cdist at schottelius.org) # 2013-2014 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # destination="/$__object_id" type="$(cat "$__object/parameter/type")" source="$(cat "$__object/parameter/source")" case "$type" in symbolic) lnopt="-s" ;; hard) lnopt="" ;; *) echo "Unknown link type: $type" >&2 exit 1 ;; esac state_is="$(cat "$__object/explorer/state")" state_should="$(cat "$__object/parameter/state")" [ "$state_should" = "$state_is" ] && exit 0 file_type="$(cat "$__object/explorer/type")" case "$state_should" in present) if [ "$file_type" = "directory" ]; then # our destination is currently a directory, delete it printf 'rm -rf "%s" &&\n' "$destination" echo "removed '$destination' (directory)" >> "$__messages_out" else if [ "$state_is" = "wrongsource" ]; then # our destination is a symlink but points to the wrong source, # delete it printf 'rm -f "%s" &&\n' "$destination" echo "removed '$destination' (wrongsource)" >> "$__messages_out" fi fi # create our link printf 'ln %s -f "%s" "%s"\n' "$lnopt" "$source" "$destination" echo "created '$destination'" >> "$__messages_out" ;; absent) # only delete if it is a sym/hard link if [ "$file_type" = "symlink" ] || [ "$file_type" = "hardlink" ]; then printf 'rm -f "%s"\n' "$destination" echo "removed '$destination'" >> "$__messages_out" fi ;; *) echo "Unknown state: $state_should" >&2 exit 1 ;; esac cdist/cdist/conf/type/__link/man.rst000066400000000000000000000031731427155744700177640ustar00rootroot00000000000000cdist-type__link(7) =================== NAME ---- cdist-type__link - Manage links (hard and symbolic) DESCRIPTION ----------- This cdist type allows you to manage hard and symbolic links. The given object id is the destination for the link. REQUIRED PARAMETERS ------------------- source Specifies the link source. type Specifies the link type: Either hard or symbolic. OPTIONAL PARAMETERS ------------------- state 'present' or 'absent', defaults to 'present' MESSAGES -------- created Link to destination was created. removed Link to destination was removed. removed (directory) Destination was removed because state is ``present`` and destination was directory. removed (wrongsource) Destination was removed because state is ``present`` and destination link source was wrong. EXAMPLES -------- .. code-block:: sh # Create hard link of /etc/shadow __link /root/shadow --source /etc/shadow --type hard # Relative symbolic link __link /etc/apache2/sites-enabled/www.test.ch \ --source ../sites-available/www.test.ch \ --type symbolic # Absolute symbolic link __link /opt/plone --source /home/services/plone --type symbolic # Remove link __link /opt/plone --state absent AUTHORS ------- Nico Schottelius COPYING ------- Copyright \(C) 2011-2012 Nico Schottelius. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__link/parameter/000077500000000000000000000000001427155744700204335ustar00rootroot00000000000000cdist/cdist/conf/type/__link/parameter/default/000077500000000000000000000000001427155744700220575ustar00rootroot00000000000000cdist/cdist/conf/type/__link/parameter/default/state000066400000000000000000000000101427155744700231110ustar00rootroot00000000000000present cdist/cdist/conf/type/__link/parameter/optional000066400000000000000000000000061427155744700221770ustar00rootroot00000000000000state cdist/cdist/conf/type/__link/parameter/required000066400000000000000000000000141427155744700221710ustar00rootroot00000000000000source type cdist/cdist/conf/type/__locale/000077500000000000000000000000001427155744700167555ustar00rootroot00000000000000cdist/cdist/conf/type/__locale/deprecated000066400000000000000000000000711427155744700207760ustar00rootroot00000000000000This type is deprecated. Please use __localedef instead. cdist/cdist/conf/type/__locale/explorer/000077500000000000000000000000001427155744700206155ustar00rootroot00000000000000cdist/cdist/conf/type/__locale/explorer/state000077500000000000000000000022261427155744700216650ustar00rootroot00000000000000#!/bin/sh -e # __locale/explorer/state # # 2020 Matthias Stecher (matthiasstecher at gmx.de) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Check if the locale is already installed on the system. # Outputs 'present' or 'absent' depending if the locale exists. # # Get user-defined locale # locale name is echoed differently than the user propably set it (for UTF-8) locale="$(echo "$__object_id" | sed 's/UTF-8/utf8/')" # Check if the given locale exists on the system if localedef --list-archive | grep -qFx "$locale"; then echo present else echo absent fi cdist/cdist/conf/type/__locale/files/000077500000000000000000000000001427155744700200575ustar00rootroot00000000000000cdist/cdist/conf/type/__locale/files/locale.gen000066400000000000000000000000661427155744700220130ustar00rootroot00000000000000de_CH.UTF-8 UTF-8 de_DE.UTF-8 UTF-8 en_US.UTF-8 UTF-8 cdist/cdist/conf/type/__locale/gencode-remote000077500000000000000000000033161427155744700216030ustar00rootroot00000000000000#!/bin/sh -e # # 2013-2019 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Let localedef do the magic # locale="$__object_id" state_is=$(cat "$__object/explorer/state") state_should=$(cat "$__object/parameter/state") # short circuit if there is nothing to do if [ "$state_is" = "$state_should" ]; then exit 0 fi # Hardcoded, create a pull request with # branching on $os in case it is at another location alias=/usr/share/locale/locale.alias input=$(echo "$locale" | cut -d . -f 1) charmap=$(echo "$locale" | cut -d . -f 2) # Adding locale? The name is de_CH.UTF-8 # Removing locale? The name is de_CH.utf8. # W-T-F! locale_remove=$(echo "$locale" | sed 's/UTF-8/utf8/') os=$(cat "$__global/explorer/os") # Nothing to be done on alpine case "$os" in alpine) exit 0 ;; esac case "$state_should" in present) echo localedef -A "$alias" -f "$charmap" -i "$input" "$locale" ;; absent) echo localedef --delete-from-archive "$locale_remove" ;; *) echo "Unsupported state: $state_should" >&2 exit 1 ;; esac cdist/cdist/conf/type/__locale/man.rst000066400000000000000000000016711427155744700202670ustar00rootroot00000000000000cdist-type__locale(7) ===================== NAME ---- cdist-type__locale - Configure locales DESCRIPTION ----------- This cdist type allows you to setup locales. On systems that don't support locale setting like alpine/musl libc, it is a no-op. OPTIONAL PARAMETERS ------------------- state 'present' or 'absent', defaults to present EXAMPLES -------- .. code-block:: sh # Add locale de_CH.UTF-8 __locale de_CH.UTF-8 # Same as above, but more explicit __locale de_CH.UTF-8 --state present # Remove colourful British English __locale en_GB.UTF-8 --state absent SEE ALSO -------- :strong:`locale`\ (1), :strong:`localedef`\ (1), :strong:`cdist-type__locale_system`\ (7) AUTHORS ------- Nico Schottelius COPYING ------- Copyright \(C) 2013-2019 Nico Schottelius. Free use of this software is granted under the terms of the GNU General Public License version 3 or later (GPLv3+). cdist/cdist/conf/type/__locale/manifest000077500000000000000000000022521427155744700205120ustar00rootroot00000000000000#!/bin/sh -e # # 2013-2019 Nico Schottelius (nico-cdist at schottelius.org) # 2015 David Hürlimann (david at ungleich.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Install required packages # os=$(cat "$__global/explorer/os") case "$os" in debian|devuan) # Debian needs a seperate package __package locales --state present ;; archlinux|suse|ubuntu|scientific|centos|alpine) : ;; *) echo "Sorry, do not know how to handle os: $os" >&2 echo "Please edit the type ${__type##*/} to fix this." >&2 exit 1 ;; esac cdist/cdist/conf/type/__locale/parameter/000077500000000000000000000000001427155744700207355ustar00rootroot00000000000000cdist/cdist/conf/type/__locale/parameter/default/000077500000000000000000000000001427155744700223615ustar00rootroot00000000000000cdist/cdist/conf/type/__locale/parameter/default/state000066400000000000000000000000101427155744700234130ustar00rootroot00000000000000present cdist/cdist/conf/type/__locale/parameter/optional000066400000000000000000000000061427155744700225010ustar00rootroot00000000000000state cdist/cdist/conf/type/__locale_system/000077500000000000000000000000001427155744700203615ustar00rootroot00000000000000cdist/cdist/conf/type/__locale_system/man.rst000066400000000000000000000026061427155744700216720ustar00rootroot00000000000000cdist-type__locale_system(7) ============================ NAME ---- cdist-type__locale_system - Set system-wide locale DESCRIPTION ----------- This cdist type allows you to modify system-wide locale. The name of the locale category is given as the object id (usually you are probably interested in using LANG). OPTIONAL PARAMETERS ------------------- state present or absent, defaults to present. If present, sets the locale category to the given value. If absent, removes the locale category from the system file. value The value for the locale category. Defaults to en_US.UTF-8. EXAMPLES -------- .. code-block:: sh # Set LANG to en_US.UTF-8 __locale_system LANG # Same as above, but more explicit __locale_system LANG --value en_US.UTF-8 # Set category LC_MESSAGES to de_CH.UTF-8 __locale_system LC_MESSAGES --value de_CH.UTF-8 # Remove setting for LC_ALL __locale_system LC_ALL --state absent SEE ALSO -------- :strong:`locale`\ (1), :strong:`localedef`\ (1), :strong:`cdist-type__locale`\ (7) AUTHORS ------- | Steven Armstrong | Carlos Ortigoza | Nico Schottelius COPYING ------- Copyright \(C) 2016 Nico Schottelius. Free use of this software is granted under the terms of the GNU General Public License version 3 or later (GPLv3+). cdist/cdist/conf/type/__locale_system/manifest000077500000000000000000000160621427155744700221220ustar00rootroot00000000000000#!/bin/sh -e # # 2012-2016 Steven Armstrong (steven-cdist at armstrong.cc) # 2016 Carlos Ortigoza (carlos.ortigoza at ungleich.ch) # 2016 Nico Schottelius (nico.schottelius at ungleich.ch) # 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Configure system-wide locale by modifying i18n file. # version_ge() { awk -F '[^0-9.]' -v target="${1:?}" ' function max(x, y) { return x > y ? x : y } BEGIN { getline nx = split($1, x, ".") ny = split(target, y, ".") for (i = 1; i <= max(nx, ny); ++i) { diff = int(x[i]) - int(y[i]) if (diff == 0) continue exit (diff < 0) } }' } key=$__object_id onchange_cmd= # none, by default quote_value=false catval() { # shellcheck disable=SC2059 printf "$($quote_value && echo '"%s"' || echo '%s')" "$(cat "$1")" } state_should=$(cat "${__object}/parameter/state") os=$(cat "$__global/explorer/os") case $os in debian) if version_ge 4 <"${__global}/explorer/os_version" then # Debian 4 (etch) and later locale_conf="/etc/default/locale" else locale_conf="/etc/environment" fi ;; devuan) locale_conf="/etc/default/locale" ;; ubuntu) if version_ge 6.10 <"${__global}/explorer/os_version" then # Ubuntu 6.10 (edgy) and later locale_conf="/etc/default/locale" else locale_conf="/etc/environment" fi ;; archlinux) locale_conf="/etc/locale.conf" ;; centos|redhat|scientific) # shellcheck source=/dev/null version_id=$(. "${__global}/explorer/os_release" && echo "${VERSION_ID:-0}") if echo "${version_id}" | version_ge 7 then locale_conf="/etc/locale.conf" else locale_conf="/etc/sysconfig/i18n" fi ;; fedora) # shellcheck source=/dev/null version_id=$(. "${__global}/explorer/os_release" && echo "${VERSION_ID:-0}") if echo "${version_id}" | version_ge 18 then locale_conf="/etc/locale.conf" quote_value=false else locale_conf="/etc/sysconfig/i18n" fi ;; gentoo) case $(cat "${__global}/explorer/init") in (*openrc*) locale_conf="/etc/env.d/02locale" onchange_cmd="env-update --no-ldconfig" quote_value=true ;; (systemd) locale_conf="/etc/locale.conf" ;; esac ;; freebsd|netbsd) # NetBSD doesn't have a separate configuration file to set locales. # In FreeBSD locales could be configured via /etc/login.conf but parsing # that would be annoying, so the shell login file will have to do. # "Non-POSIX" shells like csh will not be updated here. locale_conf="/etc/profile" quote_value=true value="$(catval "${__object}/parameter/value"); export ${key}" ;; solaris) locale_conf="/etc/default/init" locale_conf_group="sys" if version_ge 5.11 <"${__global}/explorer/os_version" then # mode on Oracle Solaris 11 is actually 0444, # but the write bit makes sense, IMO locale_conf_mode=0644 # Oracle Solaris 11.2 and later uses SMF to store environment info. # This is a hack, but I didn't feel like modifying the whole type # just for some Oracle nonsense. # 11.3 apparently added nlsadm(1m), but it is missing from 11.2. # Illumos continues to use /etc/default/init # NOTE: Remember not to use "cool" POSIX features like -q or -e with # Solaris grep. release_regex='Oracle Solaris 11.[2-9][0-9]*' case $state_should in (present) svccfg_cmd="svccfg -s svc:/system/environment:init setprop environment/${key} = astring: '$(cat "${__object}/parameter/value")'" ;; (absent) svccfg_cmd="svccfg -s svc:/system/environment:init delprop environment/${key}" ;; esac refresh_cmd='svcadm refresh svc:/system/environment' onchange_cmd="grep '${release_regex}' /etc/release >&- || exit 0; ${svccfg_cmd:-:} && ${refresh_cmd}" else locale_conf_mode=0555 fi ;; slackware) # NOTE: lang.csh (csh config) is ignored here. locale_conf="/etc/profile.d/lang.sh" locale_conf_mode=0755 key="export ${__object_id}" ;; suse) if test -s "${__global}/explorer/os_release" then # shellcheck source=/dev/null os_version=$(. "${__global}/explorer/os_release" && echo "${VERSION}") else os_version=$(sed -n 's/^VERSION\ *=\ *//p' "${__global}/explorer/os_version") fi os_major=$(expr "${os_version}" : '\([0-9]\{1,\}\)') # https://documentation.suse.com/sles/15-SP2/html/SLES-all/cha-suse.html#sec-suse-l10n if expr "${os_major}" '>=' 15 \& "${os_major}" != 42 then # It seems that starting with SuSE 15 the systemd /etc/locale.conf # is the preferred way to set locales, although # /etc/sysconfig/language is still available. # Older documentation doesn't mention /etc/locale.conf, even though # is it created when localectl is used. locale_conf="/etc/locale.conf" else locale_conf="/etc/sysconfig/language" quote_value=true key="RC_${__object_id}" fi ;; voidlinux) locale_conf="/etc/locale.conf" ;; *) echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2 echo "Please contribute an implementation for it if you can." >&2 exit 1 ;; esac __file "${locale_conf}" --state exists \ --owner "${locale_conf_owner:-0}" \ --group "${locale_conf_group:-0}" \ --mode "${locale_conf_mode:-0644}" require="__file/${locale_conf}" \ __key_value "${locale_conf}:${key#export }" \ --file "${locale_conf}" \ --key "${key}" \ --delimiter '=' --exact_delimiter \ --state "${state_should}" \ --value "${value:-$(catval "${__object}/parameter/value")}" \ --onchange "${onchange_cmd}" cdist/cdist/conf/type/__locale_system/parameter/000077500000000000000000000000001427155744700223415ustar00rootroot00000000000000cdist/cdist/conf/type/__locale_system/parameter/default/000077500000000000000000000000001427155744700237655ustar00rootroot00000000000000cdist/cdist/conf/type/__locale_system/parameter/default/state000066400000000000000000000000101427155744700250170ustar00rootroot00000000000000present cdist/cdist/conf/type/__locale_system/parameter/default/value000066400000000000000000000000141427155744700250170ustar00rootroot00000000000000en_US.UTF-8 cdist/cdist/conf/type/__locale_system/parameter/optional000066400000000000000000000000141427155744700241040ustar00rootroot00000000000000state value cdist/cdist/conf/type/__localedef/000077500000000000000000000000001427155744700174345ustar00rootroot00000000000000cdist/cdist/conf/type/__localedef/explorer/000077500000000000000000000000001427155744700212745ustar00rootroot00000000000000cdist/cdist/conf/type/__localedef/explorer/state000077500000000000000000000061461427155744700223510ustar00rootroot00000000000000#!/bin/sh -e # # 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # This explorer determines if the locale is defined on the target system. # Will print nothing on error. # # Possible output: # present: # the main locale (and possibly aliases) is present # absent: # neither the main locale nor any aliases are present # alias-present: # the main locale is absent, but at least one of its aliases is present # # Hardcoded, create a pull request in case it is at another location for # some other distro. (cf. gencode-remote) aliasfile='/usr/share/locale/locale.alias' command -v locale >/dev/null 2>&1 || exit 0 locales=$(locale -a) parse_locale() { # This function will split locales into their parts. Locale strings are # usually of the form: [language[_territory][.codeset][@modifier]] # For simplicity, language and territory are not separated by this function. # Old Linux systems were also using "english" or "german" as locale strings. # Usage: parse_locale locale_str lang_var codeset_var modifier_var eval "${2:?}"="$(expr "$1" : '\([^.@]*\)')" eval "${3:?}"="$(expr "$1" : '[^.]*\.\([^@]*\)')" eval "${4:?}"="$(expr "$1" : '.*@\(.*\)$')" } format_locale() { # Usage: format_locale language codeset modifier printf '%s' "$1" test -z "$2" || printf '.%s' "$2" test -z "$3" || printf '@%s' "$3" printf '\n' } gnu_normalize_codeset() { # reimplementation of glibc/locale/programs/localedef.c normalize_codeset() echo "$*" | tr '[:upper:]' '[:lower:]' | tr -cd '[:alnum:]' } locale_available() ( echo "${locales}" | grep -qxF "$1" || { # glibc uses "normalized" locale names in archives. # If a locale is stored in an archive, the normalized name will be # printed by locale, so that needs to be checked, too. localename=$( parse_locale "$1" _lang _codeset _modifier \ && format_locale "${_lang:?}" "$(gnu_normalize_codeset "${_codeset?}")" \ "${_modifier?}") echo "${locales}" | grep -qxF "${localename}" } ) if locale_available "${__object_id:?}" then echo present else # NOTE: locale.alias can be symlinked. if test -e "${aliasfile}" then # Check if one of the aliases of the locale is defined baselocale=$( parse_locale "${__object_id:?}" _lang _codeset _modifiers \ && format_locale "${_lang}" "${_codeset}") while read -r _alias _localename do if test "${_localename}" = "${baselocale}" \ && echo "${locales}" | grep -qxF "${_alias}" then echo alias-present exit 0 fi done <"${aliasfile}" fi echo absent fi cdist/cdist/conf/type/__localedef/files/000077500000000000000000000000001427155744700205365ustar00rootroot00000000000000cdist/cdist/conf/type/__localedef/files/lib/000077500000000000000000000000001427155744700213045ustar00rootroot00000000000000cdist/cdist/conf/type/__localedef/files/lib/glibc.sh000066400000000000000000000002021427155744700227120ustar00rootroot00000000000000# -*- mode: sh; indent-tabs-mode: t -*- gnu_normalize_codeset() { echo "$*" | tr -cd '[:alnum:]' | tr '[:upper:]' '[:lower:]' } cdist/cdist/conf/type/__localedef/files/lib/locale.sh000066400000000000000000000013411427155744700230760ustar00rootroot00000000000000# -*- mode: sh; indent-tabs-mode:t -*- parse_locale() { # This function will split locales into their parts. Locale strings are # usually of the form: [language[_territory][.codeset][@modifier]] # For simplicity, language and territory are not separated by this function. # Old Linux systems were also using "english" or "german" as locale strings. # Usage: parse_locale locale_str lang_var codeset_var modifier_var eval "${2:?}"="$(expr "$1" : '\([^.@]*\)')" eval "${3:?}"="$(expr "$1" : '[^.]*\.\([^@]*\)')" eval "${4:?}"="$(expr "$1" : '.*@\(.*\)$')" } format_locale() { # Usage: format_locale language codeset modifier printf '%s' "$1" test -z "$2" || printf '.%s' "$2" test -z "$3" || printf '@%s' "$3" printf '\n' } cdist/cdist/conf/type/__localedef/gencode-remote000077500000000000000000000077111427155744700222650ustar00rootroot00000000000000#!/bin/sh -e # # 2013-2019 Nico Schottelius (nico-cdist at schottelius.org) # 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # Manage system locales using localedef(1). # # shellcheck source=cdist/conf/type/__localedef/files/lib/locale.sh . "${__type:?}/files/lib/locale.sh" # shellcheck source=cdist/conf/type/__localedef/files/lib/glibc.sh . "${__type:?}/files/lib/glibc.sh" state_is=$(cat "${__object:?}/explorer/state") state_should=$(cat "${__object:?}/parameter/state") test "${state_should}" = 'present' -o "${state_should}" = 'absent' || { printf 'Invalid state: %s\n' "${state_should}" >&2 exit 1 } # NOTE: If state explorer fails (e.g. locale(1) missing), the following check # will always fail and let definition/removal run. if test "${state_is}" = "${state_should}" then exit 0 fi locale=${__object_id:?} os=$(cat "${__global:?}/explorer/os") if expr "${locale}" : '.*/' >/dev/null then printf 'Paths as locales are not supported.\n' >&2 printf '__object_id is: %s\n' "${locale}" >&2 exit 1 fi : "${lang=}" "${codeset=}" "${modifier=}" # declare variables for shellcheck parse_locale "${locale}" lang codeset modifier case ${os} in (alpine|openwrt) printf '%s does not support locales.\n' "${os}" >&2 exit 1 ;; (archlinux|debian|devuan|ubuntu|suse|centos|fedora|redhat|scientific) # FIXME: The code below only works for glibc-based installations. # NOTE: Hardcoded, create a pull request in case it is at another # location for some opther distro. # NOTE: locale.alias can be symlinked (e.g. Debian) aliasfile='/usr/share/locale/locale.alias' case ${state_should} in (present) input=$(format_locale "${lang}" '' "${modifier}") cat <<-EOF set -- if test -e '${aliasfile}' then set -- -A '${aliasfile}' fi localedef -i '${input}' -f '${codeset}' "\$@" '${locale}' EOF ;; (absent) main_localename=$(format_locale "${lang}" "$(gnu_normalize_codeset "${codeset}")" "${modifier}") cat <<-EOF while read -r _alias _localename do if test "\${_localename}" = '$(format_locale "${lang}" "${codeset}")' then localedef --delete-from-archive "\${_alias}" fi done <'${aliasfile}' EOF if test "${state_is}" = present then printf "localedef --delete-from-archive '%s'\n" "${main_localename}" fi ;; esac ;; (freebsd) case ${state_should} in (present) if expr "$(grep -oe '^[0-9]*' "${__global:?}/explorer/os_version")" '>=' 11 >/dev/null then # localedef(1) is available with FreeBSD >= 11 printf "localedef -i '%s' -f '%s' '%s'\n" "${input}" "${codeset}" "${locale}" else printf 'localedef(1) was added to FreeBSD starting with version 11.\n' >&2 printf 'Please upgrade your FreeBSD installation to use %s.\n' "${__type##*/}" >&2 exit 1 fi ;; (absent) printf "rm -R '/usr/share/locale/%s'\n" "${locale}" ;; esac ;; (netbsd|openbsd) # NetBSD/OpenBSD are missing localedef(1). # We also do not delete defined locales because they can't be recreated. echo "${os} is lacking localedef(1). Locale management unavailable." >&2 exit 1 ;; (*) echo "Your operating system (${os}) is currently not supported by this type (${__type##*/})." >&2 echo "Please contribute an implementation for it if you can." >&2 exit 1 ;; esac cdist/cdist/conf/type/__localedef/man.rst000066400000000000000000000025521427155744700207450ustar00rootroot00000000000000cdist-type__localedef(7) ======================== NAME ---- cdist-type__localedef - Define and remove system locales DESCRIPTION ----------- This cdist type allows you to define locales on the system using :strong:`localedef`\ (1) or remove them. On systems that don't support definition of new locales, the type will raise an error. **NB:** This type respects the glibc ``locale.alias`` file, i.e. it defines alias locales or deletes aliases of a locale when it is removed. It is not possible, however, to use alias names to define locales or only remove certain aliases of a locale. OPTIONAL PARAMETERS ------------------- state ``present`` or ``absent``. Defaults to ``present``. EXAMPLES -------- .. code-block:: sh # Add locale de_CH.UTF-8 __localedef de_CH.UTF-8 # Same as above, but more explicit __localedef de_CH.UTF-8 --state present # Remove colourful British English __localedef en_GB.UTF-8 --state absent SEE ALSO -------- :strong:`locale`\ (1), :strong:`localedef`\ (1), :strong:`cdist-type__locale_system`\ (7) AUTHORS ------- | Dennis Camera | Nico Schottelius COPYING ------- Copyright \(C) 2013-2019 Nico Schottelius, 2020 Dennis Camera. Free use of this software is granted under the terms of the GNU General Public License version 3 or later (GPLv3+). cdist/cdist/conf/type/__localedef/manifest000077500000000000000000000017111427155744700211700ustar00rootroot00000000000000#!/bin/sh -e # # 2013-2019 Nico Schottelius (nico-cdist at schottelius.org) # 2015 David Hürlimann (david at ungleich.ch) # 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # Install required packages. # case $(cat "${__global:?}/explorer/os") in (debian|devuan) __package_apt locales --state present ;; esac cdist/cdist/conf/type/__localedef/parameter/000077500000000000000000000000001427155744700214145ustar00rootroot00000000000000cdist/cdist/conf/type/__localedef/parameter/default/000077500000000000000000000000001427155744700230405ustar00rootroot00000000000000cdist/cdist/conf/type/__localedef/parameter/default/state000066400000000000000000000000101427155744700240720ustar00rootroot00000000000000present cdist/cdist/conf/type/__localedef/parameter/optional000066400000000000000000000000061427155744700231600ustar00rootroot00000000000000state cdist/cdist/conf/type/__motd/000077500000000000000000000000001427155744700164615ustar00rootroot00000000000000cdist/cdist/conf/type/__motd/files/000077500000000000000000000000001427155744700175635ustar00rootroot00000000000000cdist/cdist/conf/type/__motd/files/motd000066400000000000000000000011511427155744700204470ustar00rootroot00000000000000 .. . .x+=:. s dF @88> z` ^% :8 '88bu. %8P . . # # os=$(cat "$__global/explorer/os") case "$os" in freebsd) # FreeBSD only updates /etc/motd on boot, # as seen in /etc/rc.d/motd echo "uname -sri > /etc/motd" echo "cat /etc/motd.template >> /etc/motd" # FreeBSD 13 starts treating motd slightly different from previous # versions this ensures hosts have the expected config. echo "rm /etc/motd.template || true" echo "service motd start" ;; *) # Other OS tend to treat /etc/motd statically exit 0 ;; esac cdist/cdist/conf/type/__motd/man.rst000066400000000000000000000027741427155744700200000ustar00rootroot00000000000000cdist-type__motd(7) =================== NAME ---- cdist-type__motd - Manage message of the day DESCRIPTION ----------- This cdist type allows you to easily setup /etc/motd. .. note:: In some OS, motd is a bit special, check `motd(5)`. Currently Debian, Devuan, Ubuntu and FreeBSD are taken into account. If your OS of choice does something besides /etc/motd, check the source and contribute support for it. Otherwise it will likely just work. REQUIRED PARAMETERS ------------------- None. OPTIONAL PARAMETERS ------------------- source If supplied, copy this file from the host running cdist to the target. If source is '-' (dash), take what was written to stdin as the file content. If not supplied, a default message will be placed onto the target. EXAMPLES -------- .. code-block:: sh # Use cdist defaults __motd # Supply source file from a different type __motd --source "$__type/files/my-motd" # Supply source from stdin __motd --source "-" < COPYING ------- Copyright \(C) 2020 Nico Schottelius. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__motd/manifest000077500000000000000000000026331427155744700202210ustar00rootroot00000000000000#!/bin/sh -e # # 2011 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Select motd source if [ -f "$__object/parameter/source" ]; then source="$(cat "$__object/parameter/source")" if [ "$source" = "-" ]; then source="${__object}/stdin" fi else source="$__type/files/motd" fi os=$(cat "$__global/explorer/os") case "$os" in freebsd) # FreeBSD uses motd.template to prepend system information on boot # (this actually only applies starting with version 13, # but we fix that for whatever version in gencode-remote) destination=/etc/motd.template ;; *) # Most UNIX systems, including other Linux and OpenBSD just use /etc/motd destination=/etc/motd ;; esac __file "$destination" --source "$source" --mode 0644 cdist/cdist/conf/type/__motd/parameter/000077500000000000000000000000001427155744700204415ustar00rootroot00000000000000cdist/cdist/conf/type/__motd/parameter/optional000066400000000000000000000000071427155744700222060ustar00rootroot00000000000000source cdist/cdist/conf/type/__motd/singleton000066400000000000000000000000001427155744700203740ustar00rootroot00000000000000cdist/cdist/conf/type/__mount/000077500000000000000000000000001427155744700166605ustar00rootroot00000000000000cdist/cdist/conf/type/__mount/explorer/000077500000000000000000000000001427155744700205205ustar00rootroot00000000000000cdist/cdist/conf/type/__mount/explorer/mounted000077500000000000000000000015301427155744700221200ustar00rootroot00000000000000#!/bin/sh # # 2014 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # path="$(cat "$__object/parameter/path" 2>/dev/null || echo "/$__object_id")" if mountpoint -q "$path"; then echo yes else echo no fi cdist/cdist/conf/type/__mount/gencode-remote000077500000000000000000000032101427155744700214770ustar00rootroot00000000000000#!/bin/sh -e # # 2014 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # path="$(cat "$__object/parameter/path" 2>/dev/null || echo "/$__object_id")" state_should="$(cat "$__object/parameter/state")" state_is="$(grep -q -x yes "$__object/explorer/mounted" && echo present || echo absent)" if [ "$state_should" = "$state_is" ]; then # nothing to do exit 0 fi case "$state_should" in present) if [ -f "$__object/parameter/nofstab" ]; then # mount manually printf 'mount' if [ -f "$__object/parameter/type" ]; then printf ' -t %s' "$(cat "$__object/parameter/type")" fi if [ -f "$__object/parameter/options" ]; then printf ' -o %s' "$(cat "$__object/parameter/options")" fi printf ' %s' "$(cat "$__object/parameter/device")" printf ' %s\n' "$path" else # mount using existing fstab entry printf 'mount "%s"\n' "$path" fi ;; absent) printf 'umount "%s"\n' "$path" ;; esac cdist/cdist/conf/type/__mount/man.rst000066400000000000000000000031231427155744700201640ustar00rootroot00000000000000cdist-type__mount(7) ==================== NAME ---- cdit-type__mount - Manage filesystem mounts DESCRIPTION ----------- Manage filesystem mounts either via /etc/fstab or manually. REQUIRED PARAMETERS ------------------- None. OPTIONAL PARAMETERS ------------------- device device to mount at path, defaults to 'none'. see mount(8) dump value for the dump field in fstab. see fstab(5) defaults to 0. This parameter is ignored, if the nofstab parameter is given. options comma separated string of options, see mount(8) pass value for the pass field in fstab. see fstab(5) defaults to 0. This parameter is ignored, if the nofstab parameter is given. path mount point where to mount the device, see mount(8). Defaults to __object_id state either present or absent. Defaults to present. type vfstype, see mount(8) BOOLEAN PARAMETERS ------------------ nofstab do not manage an entry in /etc/fstab EXAMPLES -------- .. code-block:: sh __mount /some/dir \ --device /dev/sdc3 \ --type xfs \ --options "defaults,ro" --dump 0 \ --pass 1 __mount /var/lib/one \ --device mfsmount \ --type fuse \ --options "mfsmaster=mfsmaster.domain.tld,mfssubfolder=/one,nonempty,_netdev" AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2014 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__mount/manifest000077500000000000000000000025771427155744700204270ustar00rootroot00000000000000#!/bin/sh -e # # 2014 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # path="$(cat "$__object/parameter/path" 2>/dev/null || echo "/$__object_id")" state="$(cat "$__object/parameter/state")" if [ ! -f "$__object/parameter/nofstab" ]; then # Generate an entry for /etc/fstab ( printf "%s" "$(cat "$__object/parameter/device")" printf " %s" "$path" type="$(cat "$__object/parameter/type")" printf " %s" "$type" options="$(cat "$__object/parameter/options")" printf " %s" "$options" printf " %s" "$(cat "$__object/parameter/dump")" printf ' %s\n' "$(cat "$__object/parameter/pass")" ) | \ __block "$__object_name" \ --file "/etc/fstab" \ --prefix "#cdist:$__object_name" \ --suffix "#/cdist:$__object_name" \ --state "$state" \ --text - fi cdist/cdist/conf/type/__mount/parameter/000077500000000000000000000000001427155744700206405ustar00rootroot00000000000000cdist/cdist/conf/type/__mount/parameter/boolean000066400000000000000000000000101427155744700221710ustar00rootroot00000000000000nofstab cdist/cdist/conf/type/__mount/parameter/default/000077500000000000000000000000001427155744700222645ustar00rootroot00000000000000cdist/cdist/conf/type/__mount/parameter/default/device000066400000000000000000000000051427155744700234410ustar00rootroot00000000000000none cdist/cdist/conf/type/__mount/parameter/default/dump000066400000000000000000000000021427155744700231440ustar00rootroot000000000000000 cdist/cdist/conf/type/__mount/parameter/default/options000066400000000000000000000000111427155744700236720ustar00rootroot00000000000000defaults cdist/cdist/conf/type/__mount/parameter/default/pass000066400000000000000000000000021427155744700231450ustar00rootroot000000000000000 cdist/cdist/conf/type/__mount/parameter/default/state000066400000000000000000000000101427155744700233160ustar00rootroot00000000000000present cdist/cdist/conf/type/__mount/parameter/default/type000066400000000000000000000000051427155744700231630ustar00rootroot00000000000000auto cdist/cdist/conf/type/__mount/parameter/optional000066400000000000000000000000511427155744700224040ustar00rootroot00000000000000device dump options pass path state type cdist/cdist/conf/type/__mysql_database/000077500000000000000000000000001427155744700205075ustar00rootroot00000000000000cdist/cdist/conf/type/__mysql_database/explorer/000077500000000000000000000000001427155744700223475ustar00rootroot00000000000000cdist/cdist/conf/type/__mysql_database/explorer/state000077500000000000000000000016551427155744700234240ustar00rootroot00000000000000#!/bin/sh -e # # 2020 Ander Punnar (ander-at-kvlt-dot-ee) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # if [ -f "$__object/parameter/name" ] then name="$( cat "$__object/parameter/name" )" else name="$__object_id" fi if [ -n "$( mysql -B -N -e "show databases like '$name'" )" ] then echo 'present' else echo 'absent' fi cdist/cdist/conf/type/__mysql_database/gencode-remote000077500000000000000000000023671427155744700233420ustar00rootroot00000000000000#!/bin/sh -e # # 2020 Ander Punnar (ander-at-kvlt-dot-ee) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # state_is="$( cat "$__object/explorer/state" )" state_should="$( cat "$__object/parameter/state" )" if [ "$state_is" = "$state_should" ] then exit 0 fi if [ -f "$__object/parameter/name" ] then name="$( cat "$__object/parameter/name" )" else name="$__object_id" fi case "$state_should" in present) echo "mysql -e 'create database \`$name\`'" echo "create database $name" >> "$__messages_out" ;; absent) echo "mysql -e 'drop database \`$name\`'" echo "drop database $name" >> "$__messages_out" ;; esac cdist/cdist/conf/type/__mysql_database/man.rst000066400000000000000000000020441427155744700220140ustar00rootroot00000000000000cdist-type__mysql_database(7) ============================= NAME ---- cdist-type__mysql_database - Manage a MySQL database DESCRIPTION ----------- Create MySQL database and optionally user with all privileges. OPTIONAL PARAMETERS ------------------- name Name of database. Defaults to object id. user Create user and give all privileges to database. password Password for user. state Defaults to present. If absent and user is also set, both will be removed (with privileges). EXAMPLES -------- .. code-block:: sh # just create database __mysql_database foo # create database with respective user with all privileges to database __mysql_database bar \ --user name \ --password secret AUTHORS ------- Ander Punnar COPYING ------- Copyright \(C) 2020 Ander Punnar. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__mysql_database/manifest000077500000000000000000000027311427155744700222460ustar00rootroot00000000000000#!/bin/sh -e # # 2020 Ander Punnar (ander-at-kvlt-dot-ee) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # if [ -f "$__object/parameter/user" ] then user="$( cat "$__object/parameter/user" )" fi if [ -f "$__object/parameter/password" ] then password="$( cat "$__object/parameter/password" )" fi if [ -n "$user" ] && [ -n "$password" ] then if [ -f "$__object/parameter/name" ] then database="$( cat "$__object/parameter/name" )" else database="$__object_id" fi state_should="$( cat "$__object/parameter/state" )" __mysql_user "$user" \ --password "$password" \ --state "$state_should" # removing user should remove all user's privileges require="__mysql_user/$user" \ __mysql_privileges "$database/$user" \ --database "$database" \ --user "$user" \ --state "$state_should" fi cdist/cdist/conf/type/__mysql_database/parameter/000077500000000000000000000000001427155744700224675ustar00rootroot00000000000000cdist/cdist/conf/type/__mysql_database/parameter/default/000077500000000000000000000000001427155744700241135ustar00rootroot00000000000000cdist/cdist/conf/type/__mysql_database/parameter/default/state000066400000000000000000000000101427155744700251450ustar00rootroot00000000000000present cdist/cdist/conf/type/__mysql_database/parameter/optional000066400000000000000000000000311427155744700242310ustar00rootroot00000000000000name user password state cdist/cdist/conf/type/__mysql_privileges/000077500000000000000000000000001427155744700211145ustar00rootroot00000000000000cdist/cdist/conf/type/__mysql_privileges/explorer/000077500000000000000000000000001427155744700227545ustar00rootroot00000000000000cdist/cdist/conf/type/__mysql_privileges/explorer/state000077500000000000000000000022451427155744700240250ustar00rootroot00000000000000#!/bin/sh -e # # 2020 Ander Punnar (ander-at-kvlt-dot-ee) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # privileges="$( cat "$__object/parameter/privileges" )" database="$( cat "$__object/parameter/database" )" table="$( cat "$__object/parameter/table" )" user="$( cat "$__object/parameter/user" )" host="$( cat "$__object/parameter/host" )" check_privileges="$( mysql -B -N -e "show grants for '$user'@'$host'" \ | grep -Ei "^grant $privileges on .$database.\..?$table.? to " || true )" if [ -n "$check_privileges" ] then echo 'present' else echo 'absent' fi cdist/cdist/conf/type/__mysql_privileges/gencode-remote000077500000000000000000000031551427155744700237430ustar00rootroot00000000000000#!/bin/sh -e # # 2020 Ander Punnar (ander-at-kvlt-dot-ee) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # state_is="$( cat "$__object/explorer/state" )" state_should="$( cat "$__object/parameter/state" )" if [ "$state_is" = "$state_should" ] then exit 0 fi privileges="$( cat "$__object/parameter/privileges" )" database="$( cat "$__object/parameter/database" )" table="$( cat "$__object/parameter/table" )" user="$( cat "$__object/parameter/user" )" host="$( cat "$__object/parameter/host" )" if [ "$table" != '*' ] then # shellcheck disable=SC2016 table="$( printf '`%s`' "$table" )" fi case "$state_should" in present) echo "mysql -e 'grant $privileges on \`$database\`.$table to \`$user\`@\`$host\`'" echo "grant $privileges on $database.$table to $user@$host" >> "$__messages_out" ;; absent) echo "mysql -e 'revoke $privileges on \`$database\`.$table from \`$user\`@\`$host\`'" echo "revoke $privileges on $database.$table from $user@$host" >> "$__messages_out" ;; esac cdist/cdist/conf/type/__mysql_privileges/man.rst000066400000000000000000000016231427155744700224230ustar00rootroot00000000000000cdist-type__mysql_privileges(7) =============================== NAME ---- cdist-type__mysql_privileges - Manage MySQL privileges DESCRIPTION ----------- Grant and revoke privileges of MySQL user. REQUIRED PARAMETERS ------------------- database Name of database. user Name of user. OPTIONAL PARAMETERS ------------------- privileges Defaults to "all". table Defaults to "*". host Defaults to localhost. state "present" grants and "absent" revokes. Defaults to present. EXAMPLES -------- .. code-block:: sh __mysql_privileges user-to-db --database db --user user AUTHORS ------- Ander Punnar COPYING ------- Copyright \(C) 2020 Ander Punnar. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__mysql_privileges/parameter/000077500000000000000000000000001427155744700230745ustar00rootroot00000000000000cdist/cdist/conf/type/__mysql_privileges/parameter/default/000077500000000000000000000000001427155744700245205ustar00rootroot00000000000000cdist/cdist/conf/type/__mysql_privileges/parameter/default/host000066400000000000000000000000121427155744700254110ustar00rootroot00000000000000localhost cdist/cdist/conf/type/__mysql_privileges/parameter/default/privileges000066400000000000000000000000171427155744700266120ustar00rootroot00000000000000all privileges cdist/cdist/conf/type/__mysql_privileges/parameter/default/state000066400000000000000000000000101427155744700255520ustar00rootroot00000000000000present cdist/cdist/conf/type/__mysql_privileges/parameter/default/table000066400000000000000000000000021427155744700255220ustar00rootroot00000000000000* cdist/cdist/conf/type/__mysql_privileges/parameter/optional000066400000000000000000000000341427155744700246410ustar00rootroot00000000000000privileges table host state cdist/cdist/conf/type/__mysql_privileges/parameter/required000066400000000000000000000000161427155744700246340ustar00rootroot00000000000000database user cdist/cdist/conf/type/__mysql_user/000077500000000000000000000000001427155744700177215ustar00rootroot00000000000000cdist/cdist/conf/type/__mysql_user/explorer/000077500000000000000000000000001427155744700215615ustar00rootroot00000000000000cdist/cdist/conf/type/__mysql_user/explorer/state000077500000000000000000000027201427155744700226300ustar00rootroot00000000000000#!/bin/sh -e # # 2020 Ander Punnar (ander-at-kvlt-dot-ee) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # if [ -f "$__object/parameter/name" ] then name="$( cat "$__object/parameter/name" )" else name="$__object_id" fi if [ -f "$__object/parameter/password" ] then password="$( cat "$__object/parameter/password" )" else password='' fi host="$( cat "$__object/parameter/host" )" check_user="$( mysql -B -N -e "select user from mysql.user where user = '$name' and host = '$host'" )" if [ -n "$check_user" ] then if [ -n "$password" ] then check_password="$( mysql -B -N -e "select user from mysql.user where user = '$name' and host = '$host' and password = password( '$password' )" )" fi if [ -n "$password" ] && [ -z "$check_password" ] then echo 'change-password' else echo 'present' fi else echo 'absent' fi cdist/cdist/conf/type/__mysql_user/gencode-remote000077500000000000000000000036641427155744700225550ustar00rootroot00000000000000#!/bin/sh -e # # 2020 Ander Punnar (ander-at-kvlt-dot-ee) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # state_is="$( cat "$__object/explorer/state" )" state_should="$( cat "$__object/parameter/state" )" if [ "$state_is" = "$state_should" ] then exit 0 fi if [ -f "$__object/parameter/name" ] then name="$( cat "$__object/parameter/name" )" else name="$__object_id" fi host="$( cat "$__object/parameter/host" )" if [ -f "$__object/parameter/password" ] then password="$( cat "$__object/parameter/password" )" else if [ "$state_should" = 'present' ] then echo '--password needed' >&2 exit 1 else password='' fi fi if [ "$state_is" = 'absent' ] && [ "$state_should" = 'present' ] then echo "mysql -e 'create user \`$name\`@\`$host\` identified by \"$password\"'" echo "create user $name@$host" >> "$__messages_out" elif [ "$state_is" != 'absent' ] && [ "$state_should" = 'absent' ] then echo "mysql -e 'drop user \`$name\`@\`$host\`'" echo "drop user $name@$host" >> "$__messages_out" elif [ "$state_is" = 'change-password' ] then # this only works with MySQL 5.7.6 and later or MariaDB 10.1.20 and later echo "mysql -e 'alter user \`$name\`@\`$host\` identified by \"$password\"'" echo "mysql -e 'flush privileges'" echo "change password $name@$host" >> "$__messages_out" fi cdist/cdist/conf/type/__mysql_user/man.rst000066400000000000000000000014111427155744700212230ustar00rootroot00000000000000cdist-type__mysql_user(7) ========================= NAME ---- cdist-type__mysql_user - Manage a MySQL user DESCRIPTION ----------- Create MySQL user or change password for the user. OPTIONAL PARAMETERS ------------------- name Name of user. Defaults to object id. host Host of user. Defaults to localhost. password Password of user. state Defaults to present. EXAMPLES -------- .. code-block:: sh __mysql_user user --password secret AUTHORS ------- Ander Punnar COPYING ------- Copyright \(C) 2020 Ander Punnar. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__mysql_user/parameter/000077500000000000000000000000001427155744700217015ustar00rootroot00000000000000cdist/cdist/conf/type/__mysql_user/parameter/default/000077500000000000000000000000001427155744700233255ustar00rootroot00000000000000cdist/cdist/conf/type/__mysql_user/parameter/default/host000066400000000000000000000000121427155744700242160ustar00rootroot00000000000000localhost cdist/cdist/conf/type/__mysql_user/parameter/default/state000066400000000000000000000000101427155744700243570ustar00rootroot00000000000000present cdist/cdist/conf/type/__mysql_user/parameter/optional000066400000000000000000000000311427155744700234430ustar00rootroot00000000000000name host password state cdist/cdist/conf/type/__openldap_server/000077500000000000000000000000001427155744700207065ustar00rootroot00000000000000cdist/cdist/conf/type/__openldap_server/gencode-remote000066400000000000000000000023241427155744700235270ustar00rootroot00000000000000#!/bin/sh manager_dn=$(cat "${__object}/parameter/manager-dn") manager_password=$(cat "${__object}/parameter/manager-password") description=$(cat "${__object}/parameter/description") suffix=$(cat "${__object}/parameter/suffix") suffix_dc=$(printf "%s" "${suffix}" | awk -F',' '{print $1}' | awk -F'=' '{print $2}') SLAPD_IPC=$(tr '\n' ' ' < "${__object}/parameter/slapd-url" | awk '{ print $1}') cat <&1 > /dev/null; then # Already exists, use ldapmodify ldapmodify -xZ -D "${manager_dn}" -w "${manager_password}" -H '${SLAPD_IPC}' < Evilham COPYING ------- Copyright \(C) 2020 ungleich glarus ag. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__openldap_server/manifest000066400000000000000000000214121427155744700224370ustar00rootroot00000000000000#!/bin/sh name="${__target_host}" manager_dn=$(cat "${__object}/parameter/manager-dn") manager_password_hash=$(cat "${__object}/parameter/manager-password-hash") serverid=$(cat "${__object}/parameter/serverid") suffix=$(cat "${__object}/parameter/suffix") slapd_modules=$(cat "${__object}/parameter/module" 2>/dev/null || true) schemas=$(cat "${__object}/parameter/schema") slapd_urls=$(tr '\n' ' ' < "${__object}/parameter/slapd-url") tls_cipher_suite=$(cat "${__object}/parameter/tls-cipher-suite" 2>/dev/null || true) extra_config=$(cat "${__object}/parameter/extra-config" || true) os="$(cat "${__global}/explorer/os")" # Setup OS-dependent vars CONF_OWNER="root" CONF_GROUP="root" case "${os}" in freebsd) PKGS="openldap-server" ETC="/usr/local/etc" SLAPD_DIR="/usr/local/etc/openldap" SLAPD_DATA_DIR="/var/db/openldap-data" SLAPD_RUN_DIR="/var/run/openldap" SLAPD_MODULE_PATH="/usr/local/libexec/openldap" SLAPD_MODULE_TYPE="la" if [ -z "${slapd_modules}" ]; then # It looks like ppolicy and syncprov must be compiled slapd_modules="back_mdb back_monitor" fi CONF_OWNER="ldap" CONF_GROUP="ldap" if [ -z "${tls_cipher_suite}" ]; then # TODO: research default for FreeBSD. 'NORMAL' appears to not work tls_cipher_suite="HIGH:MEDIUM:+SSLv2" fi ;; debian|ubuntu|devuan) PKGS="slapd ldap-utils" ETC="/etc" SLAPD_DIR="/etc/ldap" SLAPD_DATA_DIR="/var/lib/ldap" SLAPD_RUN_DIR="/var/run/slapd" SLAPD_MODULE_PATH="/usr/lib/ldap" SLAPD_MODULE_TYPE="la" if [ -z "${slapd_modules}" ]; then slapd_modules="back_mdb ppolicy syncprov back_monitor" fi CONF_OWNER="openldap" CONF_GROUP="openldap" if [ -z "${tls_cipher_suite}" ]; then tls_cipher_suite="NORMAL" fi ;; alpine) PKGS="openldap openldap-clients" ETC="/etc" SLAPD_DIR="/etc/openldap" SLAPD_DATA_DIR="/var/lib/openldap" SLAPD_RUN_DIR="/var/run/openldap" SLAPD_MODULE_PATH="/usr/lib/openldap" SLAPD_MODULE_TYPE="so" if [ -z "${slapd_modules}" ]; then slapd_modules="back_mdb ppolicy syncprov back_monitor" PKGS="$PKGS openldap-back-mdb openldap-back-monitor openldap-overlay-all" fi CONF_OWNER="ldap" CONF_GROUP="$SLAPD_USER" if [ -z "${tls_cipher_suite}" ]; then tls_cipher_suite="DEFAULT" fi ;; *) echo "Don't know the openldap defaults for: $os" >&2 exit 1 ;; esac PKG_MAIN=$(echo "${PKGS}" | awk '{print $1;}') # Determine if __letsencrypt_cert is to be used and setup vars accordingly if [ -f "${__object}/parameter/tls-cert" ]; then tls_cert=$(cat "${__object}/parameter/tls-cert") if [ ! -f "${__object}/parameter/tls-privkey" ]; then echo "When tls-cert is defined, tls-privkey is also required." >&2 exit 1 fi tls_privkey=$(cat "${__object}/parameter/tls-privkey") if [ ! -f "${__object}/parameter/tls-ca" ]; then echo "When tls-cert is defined, tls-ca is also required." >&2 exit 1 fi tls_ca=$(cat "${__object}/parameter/tls-ca") _skip_letsencrypt_cert="YES" else if [ ! -f "${__object}/parameter/admin-email" ]; then echo "When using __letsencrypt_cert, admin-email is also required." >&2 exit 1 fi admin_email=$(cat "${__object}/parameter/admin-email") tls_cert="${SLAPD_DIR}/sasl2/cert.pem" tls_privkey="${SLAPD_DIR}/sasl2/privkey.pem" tls_ca="${SLAPD_DIR}/sasl2/chain.pem" fi mkdir "${__object}/files" ldapconf="${__object}/files/ldapconf" replication="" if [ -f "${__object}/parameter/replicate" ]; then replication=yes if [ ! -f "${__object}/parameter/syncrepl-searchbase" ]; then echo "Requiring the searchbase for replication" >&2 exit 1 fi syncrepl_searchbase=$(cat "${__object}/parameter/syncrepl-searchbase") if [ ! -f "${__object}/parameter/syncrepl-credentials" ]; then echo "Requiring credentials for replication" >&2 exit 1 fi syncrepl_credentials=$(cat "${__object}/parameter/syncrepl-credentials") if [ ! -f "${__object}/parameter/syncrepl-host" ]; then echo "Requiring host(s) for replication" >&2 exit 1 fi syncrepl_hosts=$(cat "${__object}/parameter/syncrepl-host") fi # Install required packages for pkg in ${PKGS}; do __package "${pkg}" done require="__package/${PKG_MAIN}" __start_on_boot slapd # Setup -h flag for the listeners. See man slapd (-h flag). case "${os}" in freebsd) require="__start_on_boot/slapd" __key_value \ --file "/etc/rc.conf" \ --key "slapd_flags" \ --value "\"-h '${slapd_urls}'\"" \ --delimiter "=" \ --comment "# LDAP Listener URLs" \ "${__target_host}__slapd_flags" ;; debian|ubuntu|devuan) require="__package/${PKG_MAIN}" __line rm_slapd_conf \ --file ${ETC}/default/slapd \ --regex 'SLAPD_CONF=.*' \ --state absent require="__package/${PKG_MAIN}" __line rm_slapd_services \ --file ${ETC}/default/slapd \ --regex 'SLAPD_SERVICES=.*' \ --state absent require="__line/rm_slapd_conf" __line add_slapd_conf \ --file ${ETC}/default/slapd \ --line "SLAPD_CONF=${SLAPD_DIR}/slapd.conf" \ --state present require="__line/rm_slapd_services" __line add_slapd_services \ --file ${ETC}/default/slapd \ --line "SLAPD_SERVICES=\"${slapd_urls}\"" \ --state present ;; alpine) require="__package/${PKG_MAIN}" __line add_slapd_services \ --file ${ETC}/conf.d/slapd \ --line "command_args=\"-h '${slapd_urls}'\"" \ --state present ;; *) # Nothing to do here, move on. ;; esac if [ -z "${_skip_letsencrypt_cert}" ]; then if [ -f "${__object}/parameter/staging" ]; then staging="--staging" else staging="" fi # shellcheck disable=SC2086 __directory ${SLAPD_DIR}/sasl2 require="__directory/${SLAPD_DIR}/sasl2" __letsencrypt_cert "${name}" \ --admin-email "${admin_email}" \ --renew-hook "cp ${ETC}/letsencrypt/live/${name}/*.pem ${SLAPD_DIR}/sasl2 && chown -R ${CONF_OWNER}:${CONF_GROUP} ${SLAPD_DIR}/sasl2 && service slapd restart" \ --automatic-renewal "${staging}" fi require="__package/${PKG_MAIN}" __directory ${SLAPD_DIR}/slapd.d --state absent if [ -z "${_skip_letsencrypt_cert}" ]; then require="__package/${PKG_MAIN} __letsencrypt_cert/${name}" \ __file "${SLAPD_DIR}/slapd.conf" --owner "${CONF_OWNER}" --group "${CONF_GROUP}" --mode 644 \ --source "${ldapconf}" else require="__package/${PKG_MAIN}" \ __file "${SLAPD_DIR}/slapd.conf" --owner "${CONF_OWNER}" --group "${CONF_GROUP}" --mode 644 \ --source "${ldapconf}" fi # Start slapd.conf cat << EOF > "${ldapconf}" pidfile ${SLAPD_RUN_DIR}/slapd.pid argsfile ${SLAPD_RUN_DIR}/slapd.args TLSCipherSuite ${tls_cipher_suite} TLSCertificateFile ${tls_cert} TLSCertificateKeyFile ${tls_privkey} TLSCACertificateFile ${tls_ca} disallow bind_anon require bind security tls=1 EOF # Add specified schemas for schema in ${schemas}; do echo "include ${SLAPD_DIR}/schema/${schema}.schema" >> "${ldapconf}" done # Add specified modules echo "modulepath ${SLAPD_MODULE_PATH}" >> "${ldapconf}" for module in ${slapd_modules}; do echo "moduleload ${module}.${SLAPD_MODULE_TYPE}" >> "${ldapconf}" done # Rest of the config cat << EOF >> "${ldapconf}" loglevel 1024 database mdb maxsize 1073741824 suffix "${suffix}" directory ${SLAPD_DATA_DIR} rootdn "${manager_dn}" rootpw "${manager_password_hash}" index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub index entryCSN,entryUUID eq ${extra_config} serverid ${serverid} EOF # Setup replication if [ "${replication}" ]; then rid=1; for syncrepl in ${syncrepl_hosts}; do cat <> "${ldapconf}" syncrepl rid=${rid} provider=ldap://${syncrepl} bindmethod=simple starttls=yes binddn="${manager_dn}" credentials=${syncrepl_credentials} searchbase="${syncrepl_searchbase}" type=refreshAndPersist retry="5 + 5 +" interval=00:00:00:05 EOF rid=$((rid + 1)) done cat <> "${ldapconf}" mirrormode true overlay syncprov syncprov-checkpoint 100 5 syncprov-sessionlog 100 database monitor limits dn.exact="${manager_dn}" time=unlimited size=unlimited EOF fi cdist/cdist/conf/type/__openldap_server/parameter/000077500000000000000000000000001427155744700226665ustar00rootroot00000000000000cdist/cdist/conf/type/__openldap_server/parameter/boolean000066400000000000000000000000221427155744700242220ustar00rootroot00000000000000staging replicate cdist/cdist/conf/type/__openldap_server/parameter/default/000077500000000000000000000000001427155744700243125ustar00rootroot00000000000000cdist/cdist/conf/type/__openldap_server/parameter/default/description000066400000000000000000000000501427155744700265530ustar00rootroot00000000000000Managed by cdist, do not edit manually. cdist/cdist/conf/type/__openldap_server/parameter/default/schema000066400000000000000000000001331427155744700254720ustar00rootroot00000000000000corba core cosine duaconf dyngroup inetorgperson java misc nis openldap ppolicy collective cdist/cdist/conf/type/__openldap_server/parameter/optional000066400000000000000000000001731427155744700244370ustar00rootroot00000000000000description syncrepl-credentials syncrepl-searchbase admin-email tls-cipher-suite tls-cert tls-privkey tls-ca extra-config cdist/cdist/conf/type/__openldap_server/parameter/optional_multiple000066400000000000000000000000341427155744700263460ustar00rootroot00000000000000syncrepl-host module schema cdist/cdist/conf/type/__openldap_server/parameter/required000066400000000000000000000001021427155744700244220ustar00rootroot00000000000000manager-dn manager-password manager-password-hash serverid suffix cdist/cdist/conf/type/__openldap_server/parameter/required_multiple000066400000000000000000000000111427155744700263340ustar00rootroot00000000000000slapd-urlcdist/cdist/conf/type/__openldap_server/singleton000066400000000000000000000000001427155744700226210ustar00rootroot00000000000000cdist/cdist/conf/type/__package/000077500000000000000000000000001427155744700171115ustar00rootroot00000000000000cdist/cdist/conf/type/__package/explorer/000077500000000000000000000000001427155744700207515ustar00rootroot00000000000000cdist/cdist/conf/type/__package/explorer/pkgng_exists000077500000000000000000000015061427155744700234060ustar00rootroot00000000000000#!/bin/sh # # 2014 Jake Guffey (jake.guffey at eprotex.com) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Retrieve the status of a package - parsed dpkg output # if [ "$("$__explorer/os")" = "freebsd" ]; then command -v pkg fi cdist/cdist/conf/type/__package/man.rst000066400000000000000000000026611427155744700204230ustar00rootroot00000000000000cdist-type__package(7) ====================== NAME ---- cdist-type__package - Manage packages DESCRIPTION ----------- This cdist type allows you to install or uninstall packages on the target. It dispatches the actual work to the package system dependent types. REQUIRED PARAMETERS ------------------- None OPTIONAL PARAMETERS ------------------- name The name of the package to install. Default is to use the object_id as the package name. version The version of the package to install. Default is to install the version chosen by the local package manager. type The package type to use. Default is determined based on the $os explorer variable. e.g. * __package_apt for Debian * __package_emerge for Gentoo state Either "present" or "absent", defaults to "present" EXAMPLES -------- .. code-block:: sh # Install the package vim on the target __package vim --state present # Same but install specific version __package vim --state present --version 7.3.50 # Force use of a specific package type __package vim --state present --type __package_apt AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2011 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__package/manifest000077500000000000000000000040371427155744700206510ustar00rootroot00000000000000#!/bin/sh -e # # 2011-2013 Steven Armstrong (steven-cdist at armstrong.cc) # 2019 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # __package is an abstract type which dispatches to the lower level # __package_$type types which do the actual interaction with the packaging # system. # type="$__object/parameter/type" if [ -f "$type" ]; then type="$(cat "$type")" else # By default determine package manager based on operating system os="$(cat "$__global/explorer/os")" case "$os" in amazon|scientific|centos|fedora|redhat) type="yum" ;; archlinux) type="pacman" ;; debian|ubuntu|devuan) type="apt" ;; freebsd) if [ -n "$(cat "$__object/explorer/pkgng_exists")" ]; then type="pkgng_freebsd" else type="pkg_freebsd" fi ;; gentoo) type="emerge" ;; suse) type="zypper" ;; openwrt) type="opkg" ;; openbsd) type="pkg_openbsd" ;; alpine) type="apk" ;; *) echo "Don't know how to manage packages on: $os" >&2 exit 1 ;; esac fi state="$(cat "$__object/parameter/state")" set -- "$@" "$__object_id" "--state" "$state" cd "$__object/parameter" for property in *; do if [ "$property" != "type" ] && [ "$property" != "state" ]; then set -- "$@" "--$property" "$(cat "$property")" fi done __package_$type "$@" cdist/cdist/conf/type/__package/nonparallel000066400000000000000000000000001427155744700213310ustar00rootroot00000000000000cdist/cdist/conf/type/__package/parameter/000077500000000000000000000000001427155744700210715ustar00rootroot00000000000000cdist/cdist/conf/type/__package/parameter/boolean000066400000000000000000000000101427155744700224220ustar00rootroot00000000000000upgrade cdist/cdist/conf/type/__package/parameter/default/000077500000000000000000000000001427155744700225155ustar00rootroot00000000000000cdist/cdist/conf/type/__package/parameter/default/state000066400000000000000000000000101427155744700235470ustar00rootroot00000000000000present cdist/cdist/conf/type/__package/parameter/optional000066400000000000000000000000531427155744700226370ustar00rootroot00000000000000name version type pkgsite state ptype repo cdist/cdist/conf/type/__package_apk/000077500000000000000000000000001427155744700177445ustar00rootroot00000000000000cdist/cdist/conf/type/__package_apk/explorer/000077500000000000000000000000001427155744700216045ustar00rootroot00000000000000cdist/cdist/conf/type/__package_apk/explorer/state000077500000000000000000000021241427155744700226510ustar00rootroot00000000000000#!/bin/sh # # 2019 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Retrieve the status of a package - parsed apk output # if [ -f "$__object/parameter/name" ]; then name="$(cat "$__object/parameter/name")" else name="$__object_id" fi # Remove the @.. repo tag for finding out whether it is installed # f.i. pass@testing => pass name="$(echo "$name" | sed 's/@.*//')" if [ "$(apk list -I "$name")" ]; then echo present else echo absent fi cdist/cdist/conf/type/__package_apk/gencode-remote000077500000000000000000000025001427155744700225640ustar00rootroot00000000000000#!/bin/sh -e # # 2019 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Manage packages on Debian and co. # if [ -f "$__object/parameter/name" ]; then name="$(cat "$__object/parameter/name")" else name="$__object_id" fi state_should="$(cat "$__object/parameter/state")" state_is="$(cat "$__object/explorer/state")" # Nothing to be done [ "$state_is" = "$state_should" ] && exit 0 case "$state_should" in present) echo "apk add -q '$name'" echo "installed" >> "$__messages_out" ;; absent) echo "apk del -q '$name'" echo "removed" >> "$__messages_out" ;; *) echo "Unknown state: $state_should" >&2 exit 1 ;; esac cdist/cdist/conf/type/__package_apk/man.rst000066400000000000000000000017251427155744700212560ustar00rootroot00000000000000cdist-type__package_akp(7) ========================== NAME ---- cdist-type__package_akp - Manage packages with akp DESCRIPTION ----------- apk is usually used on Alpine to manage packages. REQUIRED PARAMETERS ------------------- None OPTIONAL PARAMETERS ------------------- name If supplied, use the name and not the object id as the package name. state Either "present" or "absent", defaults to "present" EXAMPLES -------- .. code-block:: sh # Ensure zsh in installed __package_apk zsh --state present # Remove package __package_apk apache2 --state absent SEE ALSO -------- :strong:`cdist-type__package`\ (7) AUTHORS ------- Nico Schottelius COPYING ------- Copyright \(C) 2019 Nico Schottelius. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__package_apk/nonparallel000066400000000000000000000000001427155744700221640ustar00rootroot00000000000000cdist/cdist/conf/type/__package_apk/parameter/000077500000000000000000000000001427155744700217245ustar00rootroot00000000000000cdist/cdist/conf/type/__package_apk/parameter/default/000077500000000000000000000000001427155744700233505ustar00rootroot00000000000000cdist/cdist/conf/type/__package_apk/parameter/default/state000066400000000000000000000000101427155744700244020ustar00rootroot00000000000000present cdist/cdist/conf/type/__package_apk/parameter/optional000066400000000000000000000000131427155744700234660ustar00rootroot00000000000000name state cdist/cdist/conf/type/__package_apt/000077500000000000000000000000001427155744700177555ustar00rootroot00000000000000cdist/cdist/conf/type/__package_apt/explorer/000077500000000000000000000000001427155744700216155ustar00rootroot00000000000000cdist/cdist/conf/type/__package_apt/explorer/state000077500000000000000000000024501427155744700226640ustar00rootroot00000000000000#!/bin/sh # # 2011-2012 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Retrieve the status of a package - parsed dpkg output # if [ -f "$__object/parameter/name" ]; then name="$(cat "$__object/parameter/name")" else name="$__object_id" fi # Except dpkg failing, if package is not known / installed packages="$(apt-cache showpkg "$name" | sed -e "1,/Reverse Provides:/d" | cut -d ' ' -f 1) $name" for p in $packages; do if dpkg -s "$p" 2>/dev/null | grep --quiet "^Status: install ok installed$" ; then version=$(dpkg -s "$p" 2>/dev/null | grep "^Version:" | cut -d ' ' -f 2) echo "present $p $version" exit 0 fi done echo absent cdist/cdist/conf/type/__package_apt/gencode-remote000077500000000000000000000072371427155744700226110ustar00rootroot00000000000000#!/bin/sh -e # # 2011-2013 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Manage packages on Debian and co. # if [ -f "$__object/parameter/name" ]; then name="$(cat "$__object/parameter/name")" else name="$__object_id" fi state_should="$(cat "$__object/parameter/state")" version_param="$__object/parameter/version" version="" if [ -f "$version_param" ]; then version="$(cat "$version_param")" fi if [ -f "$__object/parameter/target-release" ]; then target_release="--target-release $(cat "$__object/parameter/target-release")" else target_release="" fi if [ -f "$__object/parameter/install-recommends" ]; then # required if __apt_norecommends is used recommendsparam="-o APT::Install-Recommends=1" else recommendsparam="-o APT::Install-Recommends=0" fi if [ -f "$__object/parameter/purge-if-absent" ]; then purgeparam="--purge" else purgeparam="" fi # FIXME: use grep directly, state is a list, not a line! state_is="$(cat "$__object/explorer/state")" case "$state_is" in present*) name="$(echo "$state_is" | cut -d ' ' -f 2)" version_is="$(echo "$state_is" | cut -d ' ' -f 3)" state_is="present" ;; *) version_is="" ;; esac if [ "$state_is" = "$state_should" ]; then if [ -z "$version" ] || [ "$version" = "$version_is" ]; then exit 0; fi fi # Hint if we need to avoid questions at some point: # DEBIAN_PRIORITY=critical can reduce the number of questions aptget="DEBIAN_FRONTEND=noninteractive apt-get --quiet --yes -o Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\"" case "$state_should" in present) # There are special arguments to apt(8) to prevent aborts if apt woudn't been # updated after the 19th April 2021 till the bullseye release. The additional # arguments acknoledge the happend suite change (the apt(8) update does the # same by itself). # # Using '-o $config' instead of the --allow-releaseinfo-change-* parameter # allows backward compatablility to pre-buster Debian versions. # # See more: ticket #861 # https://code.ungleich.ch/ungleich-public/cdist/-/issues/861 apt_opts="-o Acquire::AllowReleaseInfoChange::Suite=true -o Acquire::AllowReleaseInfoChange::Version=true" # following is bit ugly, but important hack. # due to how cdist config run works, there isn't # currently better way to do it :( cat << EOF if [ ! -f /var/cache/apt/pkgcache.bin ] || [ "\$( stat --format %Y /var/cache/apt/pkgcache.bin )" -lt "\$( date +%s -d '-1 day' )" ] then echo apt-get $apt_opts update > /dev/null 2>&1 || true fi EOF if [ -n "$version" ]; then name="${name}=${version}" fi echo "$aptget $recommendsparam install $target_release '$name'" echo "installed" >> "$__messages_out" ;; absent) echo "$aptget remove $purgeparam '$name'" echo "removed" >> "$__messages_out" ;; *) echo "Unknown state: $state_should" >&2 exit 1 ;; esac cdist/cdist/conf/type/__package_apt/man.rst000066400000000000000000000043251427155744700212660ustar00rootroot00000000000000cdist-type__package_apt(7) ========================== NAME ---- cdist-type__package_apt - Manage packages with apt-get DESCRIPTION ----------- apt-get is usually used on Debian and variants (like Ubuntu) to manage packages. The package will be installed without recommended or suggested packages. If such packages are required, install them separatly or use the parameter ``--install-recommends``. This type will also update package index, if it is older than one day, to avoid missing package error messages. REQUIRED PARAMETERS ------------------- None OPTIONAL PARAMETERS ------------------- name If supplied, use the name and not the object id as the package name. state Either "present" or "absent", defaults to "present" target-release Passed on to apt-get install, see apt-get(8). Essentially allows you to retrieve packages from a different release version The version of the package to install. Default is to install the version chosen by the local package manager. BOOLEAN PARAMETERS ------------------ install-recommends If the package will be installed, it also installs recommended packages with it. It will not install recommended packages if the original package is already installed. In most cases, it is recommended to install recommended packages separatly to control which additional packages will be installed to avoid useless installed packages. purge-if-absent If this parameter is given when state is `absent`, the package is purged from the system (using `--purge`). EXAMPLES -------- .. code-block:: sh # Ensure zsh in installed __package_apt zsh --state present # In case you only want *a* webserver, but don't care which one __package_apt webserver --state present --name nginx # Remove obsolete package __package_apt puppet --state absent SEE ALSO -------- :strong:`cdist-type__package`\ (7) AUTHORS ------- Nico Schottelius COPYING ------- Copyright \(C) 2011-2012 Nico Schottelius. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__package_apt/nonparallel000066400000000000000000000000001427155744700221750ustar00rootroot00000000000000cdist/cdist/conf/type/__package_apt/notes.txt000066400000000000000000000001241427155744700216430ustar00rootroot00000000000000# All you ever wanted to know about apt/apt-get http://wiki.ubuntuusers.de/apt-get cdist/cdist/conf/type/__package_apt/parameter/000077500000000000000000000000001427155744700217355ustar00rootroot00000000000000cdist/cdist/conf/type/__package_apt/parameter/boolean000066400000000000000000000000431427155744700232740ustar00rootroot00000000000000install-recommends purge-if-absent cdist/cdist/conf/type/__package_apt/parameter/default/000077500000000000000000000000001427155744700233615ustar00rootroot00000000000000cdist/cdist/conf/type/__package_apt/parameter/default/state000066400000000000000000000000101427155744700244130ustar00rootroot00000000000000present cdist/cdist/conf/type/__package_apt/parameter/optional000066400000000000000000000000421427155744700235010ustar00rootroot00000000000000name version state target-release cdist/cdist/conf/type/__package_dpkg/000077500000000000000000000000001427155744700201165ustar00rootroot00000000000000cdist/cdist/conf/type/__package_dpkg/explorer/000077500000000000000000000000001427155744700217565ustar00rootroot00000000000000cdist/cdist/conf/type/__package_dpkg/explorer/pkg_state000066400000000000000000000004401427155744700236600ustar00rootroot00000000000000#!/bin/sh -e package=$( basename "$__object_id" ) dpkg_status="$(dpkg-query --show --showformat='${db:Status-Abbrev} ${binary:Package}_${Version}_${Architecture}.deb\n' "${package%%_*}" 2>/dev/null || true)" if echo "$dpkg_status" | grep -q '^ii'; then echo "${dpkg_status##* }" fi cdist/cdist/conf/type/__package_dpkg/gencode-remote000077500000000000000000000036171427155744700227500ustar00rootroot00000000000000#!/bin/sh -e # # 2013 Tomas Pospisek (tpo_deb sourcepole.ch) # 2018 Thomas Eckert (tom at it-eckert.de) # # This file is based on cdist's __file/gencode-local and part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # This __package_dpkg type does not check whether a *.deb package is # allready installed. It just copies the *.deb package over to the # destination and installs it. We could use __package_apt to check # whether a *.deb package is allready installed and only install it # if we're given a --force argument or similar (would be clever not # to conflict with dpkg's --force options). But currently we don't # do any checks or --force'ing. # state=$( cat "$__object/parameter/state" ) package=$( basename "$__object_id" ) state_is="$(cat "$__object/explorer/pkg_state")" state_should="" [ "$state" = "absent" ] || state_should="$package" [ "$state_is" = "$state_should" ] && exit 0 case "$state" in present) echo "dpkg --install /var/cache/apt/archives/$__object_id" echo "installed" >> "$__messages_out" ;; absent) [ -f "$__object/parameter/purge-if-absent" ] \ && action="--purge" \ || action="--remove" echo "dpkg $action ${__object_id%%_*}" echo "removed ($action)" >> "$__messages_out" ;; *) echo "ERROR: unknown state '$state'" >&2 ;; esac cdist/cdist/conf/type/__package_dpkg/man.rst000066400000000000000000000041741427155744700214310ustar00rootroot00000000000000cdist-type__package_dpkg(7) =========================== NAME ---- cdist-type__package_dpkg - Manage packages with dpkg DESCRIPTION ----------- This type is used on Debian and variants (like Ubuntu) to install packages that are provided locally as \*.deb files. The object given to this type must be the name of the deb package. The filename of the deb package has to follow Debian naming conventions, i.e. `${binary:Package}_${Version}_${Architecture}.deb` (see `dpkg-query(1)` for details). OPTIONAL PARAMETERS ------------------- state `present` or `absent`, defaults to `present`. REQUIRED PARAMETERS ------------------- source path to the \*.deb package BOOLEAN PARAMETERS ------------------ purge-if-absent If this parameter is given when state is `absent`, the package is purged from the system (using `--purge`). EXPLORER -------- pkg_state Returns the full package name if package is installed, empty otherwise. MESSAGES -------- installed The deb-file was installed. removed (--remove) The package was removed, keeping config. removed (--purge) The package was removed including config (purged). EXAMPLES -------- .. code-block:: sh # Install foo and bar packages __package_dpkg foo_0.1_all.deb --source /tmp/foo_0.1_all.deb __package_dpkg bar_1.4.deb --source $__type/files/bar_1.4.deb # uninstall baz: __package_dpkg baz_1.4_amd64.deb \ --source $__type/files/baz_1.4_amd64.deb \ --state "absent" # uninstall baz and also purge config-files: __package_dpkg baz_1.4_amd64.deb \ --source $__type/files/baz_1.4_amd64.deb \ --purge-if-absent \ --state "absent" SEE ALSO -------- :strong:`cdist-type__package`\ (7), :strong:`dpkg-query`\ (1) AUTHORS ------- | Tomas Pospisek | Thomas Eckert COPYING ------- Copyright \(C) 2013 Tomas Pospisek. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This type is based on __package_apt. cdist/cdist/conf/type/__package_dpkg/manifest000077500000000000000000000027461427155744700216630ustar00rootroot00000000000000#!/bin/sh -e # # 2013 Tomas Pospisek (tpo_deb sourcepole.ch) # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # This __package_dpkg type does not check whether a *.deb package is # allready installed. It just copies the *.deb package over to the # destination and installs it. We could use __package_apt to check # whether a *.deb package is allready installed and only install it # if we're given a --force argument or similar (would be clever not # to conflict with dpkg's --force options). But currently we don't # do any checks or --force'ing. state=$( cat "$__object/parameter/state" ) package_path=$( cat "$__object/parameter/source" ) package=$( basename "$__object_id" ) state_is="$(cat "$__object/explorer/pkg_state")" state_should="" [ "$state" = "absent" ] || state_should="$package" [ "$state_is" = "$state_should" ] && exit 0 __file "/var/cache/apt/archives/$package" \ --source "$package_path" \ --state "$state" cdist/cdist/conf/type/__package_dpkg/nonparallel000066400000000000000000000000001427155744700223360ustar00rootroot00000000000000cdist/cdist/conf/type/__package_dpkg/parameter/000077500000000000000000000000001427155744700220765ustar00rootroot00000000000000cdist/cdist/conf/type/__package_dpkg/parameter/boolean000066400000000000000000000000201427155744700234300ustar00rootroot00000000000000purge-if-absent cdist/cdist/conf/type/__package_dpkg/parameter/default/000077500000000000000000000000001427155744700235225ustar00rootroot00000000000000cdist/cdist/conf/type/__package_dpkg/parameter/default/state000066400000000000000000000000101427155744700245540ustar00rootroot00000000000000present cdist/cdist/conf/type/__package_dpkg/parameter/optional000066400000000000000000000000061427155744700236420ustar00rootroot00000000000000state cdist/cdist/conf/type/__package_dpkg/parameter/required000066400000000000000000000000071427155744700236360ustar00rootroot00000000000000source cdist/cdist/conf/type/__package_emerge/000077500000000000000000000000001427155744700204355ustar00rootroot00000000000000cdist/cdist/conf/type/__package_emerge/explorer/000077500000000000000000000000001427155744700222755ustar00rootroot00000000000000cdist/cdist/conf/type/__package_emerge/explorer/pkg_version000066400000000000000000000020031427155744700245410ustar00rootroot00000000000000#!/bin/sh # # 2013 Thomas Oettli (otho at sfs.biz) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Retrieve the status of a package # if [ ! -x /usr/bin/equery ]; then echo "gentoolkit not installed!" 1>&2 exit 1 fi if [ -f "$__object/parameter/name" ]; then name="$(cat "$__object/parameter/name")" else name="$__object_id" fi # shellcheck disable=SC2016 equery -q l -F '$cp $fullversion' "$name" || true cdist/cdist/conf/type/__package_emerge/gencode-remote000077500000000000000000000046511427155744700232660ustar00rootroot00000000000000#!/bin/sh -e # # 2013 Thomas Oettli (otho at sfs.biz) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Manage packages with Portage (mostly gentoo) # if [ -f "$__object/parameter/name" ]; then name="$__object/parameter/name" else name="$__object_id" fi state_should="$(cat "$__object/parameter/state")" version="$(cat "$__object/parameter/version")" if [ -n "$version" ]; then name="=$name-$version" fi pkg_version="$(cat "$__object/explorer/pkg_version")" if [ -z "$pkg_version" ]; then state_is="absent" elif [ -z "$version" ] && [ "$(echo "$pkg_version" | wc -l)" -gt 1 ]; then echo "Package name is not unique! The following packages are installed:" >&2 echo "$pkg_version" >&2 exit 1 elif [ -n "$version" ] && [ "$(echo "$pkg_version" | cut -d " " -f 1 | sort | uniq | wc -l)" -gt 1 ]; then echo "Package name is not unique! The following packages are installed:" >&2 echo "$pkg_version" >&2 exit 1 else state_is="present" if [ -n "$version" ] && echo "$pkg_version" | cut -d " " -f 2 | grep -q -x "$version"; then installed_version="$(echo "$pkg_version" | cut -d " " -f 2 | grep -x "$version")" else installed_version="$(echo "$pkg_version" | cut -d " " -f 2 | tail -n 1)" fi fi # Exit if nothing is needed to be done [ "$state_is" = "$state_should" ] && { [ -z "$version" ] || [ "$installed_version" = "$version" ]; } && exit 0 [ "$state_should" = "absent" ] && [ -n "$version" ] && [ "$installed_version" != "$version" ] && exit 0 case "$state_should" in present) echo "emerge '$name' &>/dev/null || exit 1" echo "installed" >> "$__messages_out" ;; absent) echo "emerge -C '$name' &>/dev/null || exit 1" echo "removed" >> "$__messages_out" ;; *) echo "Unknown state: $state_should" >&2 exit 1 ;; esac cdist/cdist/conf/type/__package_emerge/man.rst000066400000000000000000000027161427155744700217500ustar00rootroot00000000000000cdist-type__package_emerge(7) ============================= NAME ---- cdist-type__package_emerge - Manage packages with portage DESCRIPTION ----------- Portage is usually used on the gentoo distribution to manage packages. This type requires app-portage/gentoolkit installed on the target host. cdist-type__package_emerge_dependencies is supposed to install the needed packages on the target host. REQUIRED PARAMETERS ------------------- None OPTIONAL PARAMETERS ------------------- name If supplied, use the name and not the object id as the package name. state Either "present" or "absent", defaults to "present". version If supplied, use to install or uninstall a specific version of the package named. EXAMPLES -------- .. code-block:: sh # Ensure sys-devel/gcc is installed __package_emerge sys-devel/gcc --state present # If you want a specific version of a package __package_emerge app-portage/gentoolkit --state present --version 0.3.0.8-r2 # Remove package __package_emerge sys-devel/gcc --state absent SEE ALSO -------- :strong:`cdist-type__package`\ (7), :strong:`cdist-type__package_emerge_dependencies`\ (7) AUTHORS ------- Thomas Oettli COPYING ------- Copyright \(C) 2013 Thomas Oettli. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__package_emerge/nonparallel000066400000000000000000000000001427155744700226550ustar00rootroot00000000000000cdist/cdist/conf/type/__package_emerge/parameter/000077500000000000000000000000001427155744700224155ustar00rootroot00000000000000cdist/cdist/conf/type/__package_emerge/parameter/default/000077500000000000000000000000001427155744700240415ustar00rootroot00000000000000cdist/cdist/conf/type/__package_emerge/parameter/default/state000066400000000000000000000000101427155744700250730ustar00rootroot00000000000000present cdist/cdist/conf/type/__package_emerge/parameter/default/version000066400000000000000000000000001427155744700254370ustar00rootroot00000000000000cdist/cdist/conf/type/__package_emerge/parameter/optional000066400000000000000000000000231427155744700241600ustar00rootroot00000000000000name state version cdist/cdist/conf/type/__package_emerge_dependencies/000077500000000000000000000000001427155744700231435ustar00rootroot00000000000000cdist/cdist/conf/type/__package_emerge_dependencies/explorer/000077500000000000000000000000001427155744700250035ustar00rootroot00000000000000cdist/cdist/conf/type/__package_emerge_dependencies/explorer/flaggie_installed000066400000000000000000000001251427155744700303610ustar00rootroot00000000000000#!/bin/sh if [ -x /usr/bin/flaggie ]; then echo "true" else echo "false" fi cdist/cdist/conf/type/__package_emerge_dependencies/explorer/gentoolkit_installed000066400000000000000000000001171427155744700311430ustar00rootroot00000000000000#!/bin/sh if [ -x /usr/bin/q ]; then echo "true" else echo "false" fi cdist/cdist/conf/type/__package_emerge_dependencies/gencode-remote000077500000000000000000000011001427155744700257560ustar00rootroot00000000000000#!/bin/sh -e gentoolkit_installed="$(cat "$__object/explorer/gentoolkit_installed")" flaggie_installed="$(cat "$__object/explorer/flaggie_installed")" if [ "${gentoolkit_installed}" != "true" ]; then # emerge app-portage/gentoolkit echo "emerge app-portage/gentoolkit &> /dev/null || exit 1" echo "installed app-portage/gentoolkit" >> "$__messages_out" fi if [ "${flaggie_installed}" != "true" ]; then # emerge app-portage/flaggie echo "emerge app-portage/flaggie &> /dev/null || exit 1" echo "installed app-portage/flaggie" >> "$__messages_out" fi cdist/cdist/conf/type/__package_emerge_dependencies/man.rst000066400000000000000000000020531427155744700244500ustar00rootroot00000000000000cdist-type__package_emerge_dependencies(7) ========================================== NAME ---- cdist-type__package_emerge_dependencies - Install dependencies for __package_emerge DESCRIPTION ----------- Portage is usually used on the gentoo distribution to manage packages. This type installs the following tools which are required by __package_emerge to work: * app-portage/flaggie * app-portage/gentoolkit REQUIRED PARAMETERS ------------------- None OPTIONAL PARAMETERS ------------------- None EXAMPLES -------- .. code-block:: sh # Ensure app-portage/flaggie and app-portage/gentoolkit are installed __package_emerge_dependencies SEE ALSO -------- :strong:`cdist-type__package`\ (7), :strong:`cdist-type__package_emerge`\ (7) AUTHORS ------- Thomas Oettli COPYING ------- Copyright \(C) 2013 Thomas Oettli. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__package_emerge_dependencies/nonparallel000066400000000000000000000000001427155744700253630ustar00rootroot00000000000000cdist/cdist/conf/type/__package_emerge_dependencies/singleton000066400000000000000000000000001427155744700250560ustar00rootroot00000000000000cdist/cdist/conf/type/__package_luarocks/000077500000000000000000000000001427155744700210145ustar00rootroot00000000000000cdist/cdist/conf/type/__package_luarocks/explorer/000077500000000000000000000000001427155744700226545ustar00rootroot00000000000000cdist/cdist/conf/type/__package_luarocks/explorer/pkg_status000077500000000000000000000017431427155744700247730ustar00rootroot00000000000000#!/bin/sh # # 2012 SwellPath, Inc. # Christian G. Warden # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # Retrieve the status of a rock # if [ -f "$__object/parameter/name" ]; then name="$(cat "$__object/parameter/name")" else name="$__object_id" fi # Accept luarocks failing if package is not known/installed luarocks list "$name" | grep -E -A1 "^$name$" || exit 0 cdist/cdist/conf/type/__package_luarocks/gencode-remote000077500000000000000000000026421427155744700236430ustar00rootroot00000000000000#!/bin/sh -e # # 2012 SwellPath, Inc. # Christian G. Warden # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Manage LuaRocks packages # if [ -f "$__object/parameter/name" ]; then name="$(cat "$__object/parameter/name")" else name="$__object_id" fi state_should="$(cat "$__object/parameter/state")" if grep -q "(installed)" "$__object/explorer/pkg_status"; then state_is="present" else state_is="absent" fi # Leave if nothing is to be done [ "$state_is" = "$state_should" ] && exit 0 case "$state_should" in present) echo "luarocks install '$name'" echo "installed" >> "$__messages_out" ;; absent) echo "luarocks remove '$name'" echo "removed" >> "$__messages_out" ;; *) echo "Unknown state: $state_should" >&2 exit 1 ;; esac cdist/cdist/conf/type/__package_luarocks/man.rst000066400000000000000000000017771427155744700223350ustar00rootroot00000000000000cdist-type__package_luarocks(7) =============================== NAME ---- cdist-type__package_luarocks - Manage luarocks packages DESCRIPTION ----------- LuaRocks is a deployment and management system for Lua modules. REQUIRED PARAMETERS ------------------- None OPTIONAL PARAMETERS ------------------- name If supplied, use the name and not the object id as the package name. state Either "present" or "absent", defaults to "present" EXAMPLES -------- .. code-block:: sh # Ensure luasocket is installed __package_luarocks luasocket --state present # Remove package __package_luarocks luasocket --state absent SEE ALSO -------- :strong:`cdist-type__package`\ (7) AUTHORS ------- Christian G. Warden COPYING ------- Copyright \(C) 2012 SwellPath, Inc. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__package_luarocks/manifest000077500000000000000000000014371427155744700225550ustar00rootroot00000000000000#!/bin/sh -e # # 2012 SwellPath, Inc. # Christian G. Warden # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # __package luarocks --state installed __package make --state installed cdist/cdist/conf/type/__package_luarocks/nonparallel000066400000000000000000000000001427155744700232340ustar00rootroot00000000000000cdist/cdist/conf/type/__package_luarocks/parameter/000077500000000000000000000000001427155744700227745ustar00rootroot00000000000000cdist/cdist/conf/type/__package_luarocks/parameter/default/000077500000000000000000000000001427155744700244205ustar00rootroot00000000000000cdist/cdist/conf/type/__package_luarocks/parameter/default/state000066400000000000000000000000101427155744700254520ustar00rootroot00000000000000present cdist/cdist/conf/type/__package_luarocks/parameter/optional000066400000000000000000000000131427155744700245360ustar00rootroot00000000000000name state cdist/cdist/conf/type/__package_opkg/000077500000000000000000000000001427155744700201315ustar00rootroot00000000000000cdist/cdist/conf/type/__package_opkg/explorer/000077500000000000000000000000001427155744700217715ustar00rootroot00000000000000cdist/cdist/conf/type/__package_opkg/explorer/pkg_status000077500000000000000000000050321427155744700241030ustar00rootroot00000000000000#!/bin/sh -e # # 2011 Nico Schottelius (nico-cdist at schottelius.org) # 2012 Giel van Schijndel (giel plus cdist at mortis dot eu) # 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Retrieve the status of a package - parses opkg output # readonly __type_path=${__object%%${__object_id}*} test -d "${__type_path}" || { echo 'Cannot determine __type_path' >&2; exit 1; } readonly LOCKFILE="${__type_path:?}/.cdist_opkg.lock" if command -v flock >/dev/null 2>&1 then # use flock (if available) on FD 9 _lock() { exec 9<>"${LOCKFILE:?}" flock -x 9 echo $$>&9 } _unlock() { :>"${LOCKFILE:?}" flock -u 9 exec 9<&- } else # fallback to mkdir if flock is missing _lock() { until mkdir "${LOCKFILE:?}.dir" 2>/dev/null do while test -d "${LOCKFILE}.dir" do # DEBUG: # printf 'Locked by PID: %u\n' "$(cat "${LOCKFILE}.dir/pid")" sleep 1 done done echo $$ >"${LOCKFILE:?}.dir/pid" } _unlock() { test -d "${LOCKFILE}.dir" || return 0 if test -s "${LOCKFILE}.dir/pid" then test "$(cat "${LOCKFILE}.dir/pid")" = $$ || return 1 rm "${LOCKFILE:?}.dir/pid" fi rmdir "${LOCKFILE:?}.dir" } fi if test -f "${__object}/parameter/name" then pkg_name=$(cat "${__object}/parameter/name") else pkg_name=$__object_id fi # NOTE: We need to lock parallel execution of type explorers and code-remote # because opkg will try to acquire the OPKG lock (usually /var/lock/opkg.lock) # using lockf(2) for every operation. # It will not wait for the lock but terminate with an error. # This leads to incorrect 'absent notpresent' statuses when parallel execution # is enabled. trap _unlock EXIT _lock # Except opkg failing, if package is not known / installed if opkg status "${pkg_name}" 2>/dev/null \ | grep -q -e '^Status: [^ ][^ ]* [^ ][^ ]* installed$' then echo 'present' elif opkg info "${pkg_name}" 2>/dev/null | grep -q . then echo 'absent notpresent' else echo 'absent' fi cdist/cdist/conf/type/__package_opkg/gencode-remote000077500000000000000000000032251427155744700227560ustar00rootroot00000000000000#!/bin/sh -e # # 2011,2013 Nico Schottelius (nico-cdist at schottelius.org) # 2012 Giel van Schijndel (giel plus cdist at mortis dot eu) # 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Manage packages on OpenWrt, optware, and co. # if test -f "${__object}/parameter/name" then name=$(cat "${__object}/parameter/name") else name=$__object_id fi state_should=$(cat "${__object}/parameter/state") state_is=$(cat "${__object}/explorer/pkg_status") case $state_is in (absent*) presence=$(echo "${state_is}" | cut -d ' ' -f 2) state_is='absent' ;; esac if test "${state_is}" = "${state_should}" then exit 0 fi case $state_should in (present) if test "${presence}" = 'notpresent' then echo 'opkg --verbosity=0 update' fi printf "opkg --verbosity=0 install '%s'\n" "${name}" echo 'installed' >>"${__messages_out}" ;; (absent) printf "opkg --verbosity=0 remove '%s'" "${name}" echo 'removed' >>"${__messages_out}" ;; (*) printf 'Unknown state: %s\n' "${state_should}" >&2 exit 1 ;; esac cdist/cdist/conf/type/__package_opkg/man.rst000066400000000000000000000017451427155744700214450ustar00rootroot00000000000000cdist-type__package_opkg(7) =========================== NAME ---- cdist-type__package_opkg - Manage packages with opkg DESCRIPTION ----------- opkg is usually used on OpenWRT to manage packages. REQUIRED PARAMETERS ------------------- None OPTIONAL PARAMETERS ------------------- name If supplied, use the name and not the object id as the package name. state Either "present" or "absent", defaults to "present" EXAMPLES -------- .. code-block:: sh # Ensure lsof is installed __package_opkg lsof --state present # Remove obsolete package __package_opkg dnsmasq --state absent SEE ALSO -------- :strong:`cdist-type__package`\ (7) AUTHORS ------- Giel van Schijndel COPYING ------- Copyright \(C) 2012 Giel van Schijndel. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__package_opkg/nonparallel000066400000000000000000000000001427155744700223510ustar00rootroot00000000000000cdist/cdist/conf/type/__package_opkg/parameter/000077500000000000000000000000001427155744700221115ustar00rootroot00000000000000cdist/cdist/conf/type/__package_opkg/parameter/default/000077500000000000000000000000001427155744700235355ustar00rootroot00000000000000cdist/cdist/conf/type/__package_opkg/parameter/default/state000066400000000000000000000000101427155744700245670ustar00rootroot00000000000000present cdist/cdist/conf/type/__package_opkg/parameter/optional000066400000000000000000000000131427155744700236530ustar00rootroot00000000000000name state cdist/cdist/conf/type/__package_pacman/000077500000000000000000000000001427155744700204305ustar00rootroot00000000000000cdist/cdist/conf/type/__package_pacman/explorer/000077500000000000000000000000001427155744700222705ustar00rootroot00000000000000cdist/cdist/conf/type/__package_pacman/explorer/pkg_version000077500000000000000000000016721427155744700245520ustar00rootroot00000000000000#!/bin/sh # # 2011-2012 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Retrieve the status of a package - parsed pacman output # if [ -f "$__object/parameter/name" ]; then name="$(cat "$__object/parameter/name")" else name="$__object_id" fi pacman -Q "$name" 2>/dev/null | awk '{ print $2 }' cdist/cdist/conf/type/__package_pacman/gencode-remote000077500000000000000000000030171427155744700232540ustar00rootroot00000000000000#!/bin/sh -e # # 2011-2012 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Manage packages with Pacman (mostly archlinux) # # Debug # exec >&2 # set -x if [ -f "$__object/parameter/name" ]; then name="$__object/parameter/name" else name="$__object_id" fi state_should="$(cat "$__object/parameter/state")" pkg_version="$(cat "$__object/explorer/pkg_version")" if [ -z "$pkg_version" ]; then state_is="absent" else state_is="present" fi # Exit if nothing is needed to be done [ "$state_is" = "$state_should" ] && exit 0 case "$state_should" in present) echo "pacman --needed --noconfirm --noprogressbar -S '$name'" echo "installed" >> "$__messages_out" ;; absent) echo "pacman --noconfirm --noprogressbar -R '$name'" echo "removed" >> "$__messages_out" ;; *) echo "Unknown state: $state_should" >&2 exit 1 ;; esac cdist/cdist/conf/type/__package_pacman/man.rst000066400000000000000000000022221427155744700217330ustar00rootroot00000000000000cdist-type__package_pacman(7) ============================= NAME ---- cdist-type__package_pacman - Manage packages with pacman DESCRIPTION ----------- Pacman is usually used on the Archlinux distribution to manage packages. REQUIRED PARAMETERS ------------------- None OPTIONAL PARAMETERS ------------------- name If supplied, use the name and not the object id as the package name. state Either "present" or "absent", defaults to "present" EXAMPLES -------- .. code-block:: sh # Ensure zsh in installed __package_pacman zsh --state present # If you don't want to follow pythonX packages, but always use python __package_pacman python --state present --name python2 # Remove obsolete package __package_pacman puppet --state absent SEE ALSO -------- :strong:`cdist-type__package`\ (7) AUTHORS ------- Nico Schottelius COPYING ------- Copyright \(C) 2011-2012 Nico Schottelius. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__package_pacman/nonparallel000066400000000000000000000000001427155744700226500ustar00rootroot00000000000000cdist/cdist/conf/type/__package_pacman/parameter/000077500000000000000000000000001427155744700224105ustar00rootroot00000000000000cdist/cdist/conf/type/__package_pacman/parameter/default/000077500000000000000000000000001427155744700240345ustar00rootroot00000000000000cdist/cdist/conf/type/__package_pacman/parameter/default/state000066400000000000000000000000101427155744700250660ustar00rootroot00000000000000present cdist/cdist/conf/type/__package_pacman/parameter/optional000066400000000000000000000000131427155744700241520ustar00rootroot00000000000000name state cdist/cdist/conf/type/__package_pip/000077500000000000000000000000001427155744700177615ustar00rootroot00000000000000cdist/cdist/conf/type/__package_pip/explorer/000077500000000000000000000000001427155744700216215ustar00rootroot00000000000000cdist/cdist/conf/type/__package_pip/explorer/distinfo-dir000077500000000000000000000025511427155744700241450ustar00rootroot00000000000000#!/bin/sh # # 2021 Matthias Stecher (matthiasstecher at gmx.de) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # nameparam="$__object/parameter/name" if [ -f "$nameparam" ]; then name=$(cat "$nameparam") else name="$__object_id" fi pipparam="$__object/parameter/pip" if [ -f "$pipparam" ]; then pip=$(cat "$pipparam") else pip="$( "$__type_explorer/pip" )" fi if command -v "$pip" >/dev/null 2>&1; then # assemble the path where pip stores all pip package info "$pip" show "$name" \ | awk -F': ' ' $1 == "Name" {name=$2; gsub(/-/,"_",name); next} $1 == "Version" {version=$2; next} $1 == "Location" {location=$2; next} END {if (version != "") printf "%s/%s-%s.dist-info", location, name, version}' fi cdist/cdist/conf/type/__package_pip/explorer/extras000077500000000000000000000050201427155744700230520ustar00rootroot00000000000000#!/bin/sh # # 2021 Matthias Stecher (matthiasstecher at gmx.de) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Checks if the given extras are really installed or not. It will be # done by querring all dependencies for that extra and return it as # "to be installed" if no dependency was found. # distinfo_dir="$("$__type_explorer/distinfo-dir")" # check if we have something to check if [ "$distinfo_dir" ] && [ -s "$__object/parameter/extra" ] then # save cause freezing is slow mkdir "$__object/files" pip_freeze="$__object/files/pip-freeze.tmp" pip3 freeze > "$pip_freeze" # If all is set, it searches all available extras to separatly check them. # It would work with just 'all' (cause dependencies are specified for # 'all'), but will not update if one extra is already present. Side effect # is that it will not use [all] but instead name all extras seperatly. for extra in $(if grep -qFx all "$__object/parameter/extra"; then awk -F': ' '$1 == "Provides-Extra" && $2 != "all"{print $2}' "$distinfo_dir/METADATA"; else tr ',' '\n' < "$__object/parameter/extra"; fi) do # create a grep BRE pattern to search all packages # maybe a file full of patterns for -F could be written grep_pattern="$( awk -F'(: | ; )' -v check="$extra" ' $1 == "Requires-Dist" { split($2, r, " "); sub("extra == ", "", $3); gsub("'"'"'", "", $3); if($3 == check) print r[1] }' "$distinfo_dir/METADATA" \ | sed ':a; $!N; s/\n/\\|/; ta' )" # echo the extra if no packages where found for it # if there is no pattern, we don't need to search ;-) # pip matches packages case-insensetive, we need to do that, too if [ "$grep_pattern" ] && ! grep -qi "$grep_pattern" "$pip_freeze" then echo "$extra" fi done fi cdist/cdist/conf/type/__package_pip/explorer/pip000077500000000000000000000002041427155744700223330ustar00rootroot00000000000000#!/bin/sh -e for bin in pip3 pip do if check="$( command -v "$bin" )" then echo "$check" break fi done cdist/cdist/conf/type/__package_pip/explorer/state000077500000000000000000000024751427155744700226770ustar00rootroot00000000000000#!/bin/sh # # 2012 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Development supported by Local AG (www.local.ch) # nameparam="$__object/parameter/name" if [ -f "$nameparam" ]; then name=$(cat "$nameparam") else name="$__object_id" fi pipparam="$__object/parameter/pip" if [ -f "$pipparam" ]; then pip=$(cat "$pipparam") else pip="$( "$__type_explorer/pip" )" fi # If there is no pip, it may get created from somebody else. # If it will be created, there is probably no package installed. if ! command -v "$pip" >/dev/null 2>&1; then echo absent else if "$pip" freeze | grep -i -q "^$name=="; then echo present else echo absent fi fi cdist/cdist/conf/type/__package_pip/gencode-remote000077500000000000000000000047261427155744700226150ustar00rootroot00000000000000#!/bin/sh -e # # 2012 Nico Schottelius (nico-cdist at schottelius.org) # 2016 Darko Poljak (darko.poljak at gmail.com) # 2021 Matthias Stecher (matthiasstecher at gmx.de) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Development supported by Local AG (www.local.ch) # state_is=$(cat "$__object/explorer/state") state_should="$(cat "$__object/parameter/state")" # short circuit if state is the same and no extras to install [ "$state_is" = "$state_should" ] && ! [ -s "$__object/explorer/extras" ] \ && exit 0 nameparam="$__object/parameter/name" if [ -f "$nameparam" ]; then name=$(cat "$nameparam") else name="$__object_id" fi pipparam="$__object/parameter/pip" if [ -f "$pipparam" ]; then pip=$(cat "$pipparam") else pip="$( cat "$__object/explorer/pip" )" if [ -z "$pip" ] then echo 'pip not found in path' >&2 exit 1 fi fi runasparam="$__object/parameter/runas" if [ -f "$runasparam" ] then runas=$(cat "$runasparam") else runas="" fi case "$state_should" in present) if [ -s "$__object/explorer/extras" ] then # all extras are passed to pip in a comma-separated list in the name # sed loops through all input lines and add commas between them extras="$(sed ':a; $!N; s/\n/,/; ta' "$__object/explorer/extras")" name="${name}[${extras}]" fi if [ "$runas" ] then echo "su -c '$pip install -q $name' $runas" else echo "$pip" install -q "$name" fi echo "installed" >> "$__messages_out" ;; absent) if [ "$runas" ] then echo "su -c '$pip uninstall -q -y $name' $runas" else echo "$pip" uninstall -q -y "$name" fi echo "removed" >> "$__messages_out" ;; *) echo "Unknown state: $state_should" >&2 exit 1 ;; esac cdist/cdist/conf/type/__package_pip/man.rst000066400000000000000000000045221427155744700212710ustar00rootroot00000000000000cdist-type__package_pip(7) ========================== NAME ---- cdist-type__package_pip - Manage packages with pip DESCRIPTION ----------- Pip is used in Python environments to install packages. It is also included in the python virtualenv environment. REQUIRED PARAMETERS ------------------- None OPTIONAL PARAMETERS ------------------- name If supplied, use the name and not the object id as the package name. extra Extra optional dependencies which should be installed along the selected package. Can be specified multiple times. Multiple extras can be passed in one `--extra` as a comma-separated list. Extra optional dependencies will be installed even when the base package is already installed. Notice that the type will not remove installed extras that are not explicitly named for the type because pip does not offer a management for orphaned packages and they may be used by other packages. pip Instead of using pip from PATH, use the specific pip path. state Either "present" or "absent", defaults to "present" runas Run pip as specified user. By default it runs as root. EXAMPLES -------- .. code-block:: sh # Install a package __package_pip pyro --state present # Use pip in a virtualenv located at /root/shinken_virtualenv __package_pip pyro --state present --pip /root/shinken_virtualenv/bin/pip # Use pip in a virtualenv located at /foo/shinken_virtualenv as user foo __package_pip pyro --state present --pip /foo/shinken_virtualenv/bin/pip --runas foo # Install package with optional dependencies __package_pip mautrix-telegram --extra speedups --extra webp_convert --extra hq_thumbnails # the extras can also be specified comma-separated __package_pip mautrix-telegram --extra speedups,webp_convert,hq_thumbnails --extra postgres # or take all extras __package_pip mautrix-telegram --extra all SEE ALSO -------- :strong:`cdist-type__package`\ (7) AUTHORS ------- | Nico Schottelius | Matthias Stecher COPYING ------- Copyright \(C) 2012 Nico Schottelius, 2021 Matthias Stecher. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__package_pip/nonparallel000066400000000000000000000000001427155744700222010ustar00rootroot00000000000000cdist/cdist/conf/type/__package_pip/parameter/000077500000000000000000000000001427155744700217415ustar00rootroot00000000000000cdist/cdist/conf/type/__package_pip/parameter/default/000077500000000000000000000000001427155744700233655ustar00rootroot00000000000000cdist/cdist/conf/type/__package_pip/parameter/default/state000066400000000000000000000000101427155744700244170ustar00rootroot00000000000000present cdist/cdist/conf/type/__package_pip/parameter/optional000066400000000000000000000000251427155744700235060ustar00rootroot00000000000000name pip state runas cdist/cdist/conf/type/__package_pip/parameter/optional_multiple000066400000000000000000000000061427155744700254200ustar00rootroot00000000000000extra cdist/cdist/conf/type/__package_pkg_freebsd/000077500000000000000000000000001427155744700214445ustar00rootroot00000000000000cdist/cdist/conf/type/__package_pkg_freebsd/explorer/000077500000000000000000000000001427155744700233045ustar00rootroot00000000000000cdist/cdist/conf/type/__package_pkg_freebsd/explorer/pkg_version000077500000000000000000000023011427155744700255540ustar00rootroot00000000000000#!/bin/sh # # 2012 Jake Guffey (jake.guffey at eprotex.com) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Retrieve the status of a package - parsed dpkg output # if [ -f "$__object/parameter/name" ]; then name="$(cat "$__object/parameter/name")" else name="$__object_id" fi # Don't produce "no pkgs installed" output -- breaks things PKG_OUTPUT=$(pkg_info 2>&1) if [ ! "$PKG_OUTPUT" = "pkg_info: no packages installed" ]; then printf "%s" "$(echo "$PKG_OUTPUT" \ | awk '{print $1}' \ | sed 's/^\(.*\)-\([^-]*\)$/name:\1 ver:\2/g' \ | grep "name:$name ver:" \ | sed 's/^.*ver:\(.*\)/\1/g')" fi cdist/cdist/conf/type/__package_pkg_freebsd/gencode-remote000077500000000000000000000071611427155744700242740ustar00rootroot00000000000000#!/bin/sh -e # # 2012 Jake Guffey (jake.guffey at eprotex.com) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Manage packages with pkg on FreeBSD # assert () # If condition false, { #+ exit from script with error message. E_PARAM_ERR=98 E_ASSERT_FAILED=99 if [ -z "$2" ] # Not enough parameters passed. then return $E_PARAM_ERR # No damage done. fi lineno=$2 if [ ! "$1" ] then echo "Assertion failed: \"$1\"" # shellcheck disable=SC2039 # shellcheck disable=SC3044 echo "File \"$0\", line $lineno, called by $(caller 0)" exit $E_ASSERT_FAILED fi } # Debug #exec >&2 #set -x if [ -f "$__object/parameter/name" ]; then name="$(cat "$__object/parameter/name")" else name="$__object_id" fi flavor="$(cat "$__object/parameter/flavor")" version="$(cat "$__object/parameter/version")" pkgsite="$(cat "$__object/parameter/pkgsite")" state="$(cat "$__object/parameter/state")" curr_version="$(cat "$__object/explorer/pkg_version")" add_cmd="pkg_add" rm_cmd="pkg_delete" cmd="" # Print the command to be executed # Parms: $1 -- mode, "remove" or "add" # $2 -- the command to be echoed # FIXME: This is ugly. execcmd(){ # Set the PACKAGESITE if we're ADDing a new package if [ "$1" = "add" ] && [ -n "$pkgsite" ]; then # Use http.../All/ if we know the exact version we want, use .../Latest/ otherwise pkgsite="export PACKAGESITE=${pkgsite}" [ -n "$version" ] && pkgsite="${pkgsite}/All/" || pkgsite="${pkgsite}/Latest/" echo "${pkgsite}" fi echo "${2} 2>&- >&-" # Silence the output of the command echo "status=\$?" echo "if [ \"\$status\" -ne \"0\" ]; then" echo " echo \"Error: ${cmd} exited nonzero with \$status\"'!' >&2" echo " exit 1" echo "fi" } if [ -n "$curr_version" ]; then # PKG *is* installed if [ "$state" = "absent" ]; then # Shouldn't be installed if [ -n "$flavor" ]; then cmd="${rm_cmd} ${name}-${flavor}-${curr_version}" else cmd="${rm_cmd} ${name}-${curr_version}" fi execcmd "remove" "${cmd}" echo "removed" >> "$__messages_out" exit 0 else # Should be installed if [ -n "$version" ]; then # Want a specific version if [ "$version" = "$curr_version" ]; then # Current version is correct exit 0 else # Current version is wrong, fix #updatepkg "$name" "$version" # shellcheck disable=SC2039 assert "! ${version} = ${curr_version}" $LINENO cmd="${rm_cmd} ${name}-${curr_version}" execcmd "remove" "${cmd}" cmd="${add_cmd} -r ${name}-${version}" execcmd "add" "${cmd}" echo "installed" >> "$__messages_out" fi else # Don't care what version to use exit 0 fi fi else # PKG *isn't* installed if [ "$state" = "absent" ]; then # Shouldn't be installed exit 0 elif [ "$state" = "present" ]; then # Is not currently installed, should be if [ -n "$flavor" ]; then cmd="${add_cmd} -r ${name}-${flavor}" else cmd="${add_cmd} -r ${name}" fi if [ -n "$version" ]; then cmd="${cmd}-${version}" fi execcmd "add" "${cmd}" echo "installed" >> "$__messages_out" exit 0 fi fi # Debug #set +x cdist/cdist/conf/type/__package_pkg_freebsd/man.rst000066400000000000000000000027131427155744700227540ustar00rootroot00000000000000cdist-type__package_pkg_freebsd(7) ================================== NAME ---- cdist-type__package_pkg_freebsd - Manage FreeBSD packages DESCRIPTION ----------- This type is usually used on FreeBSD to manage packages. REQUIRED PARAMETERS ------------------- None OPTIONAL PARAMETERS ------------------- name If supplied, use the name and not the object id as the package name. flavor If supplied, use to avoid ambiguity. version If supplied, use to install a specific version of the package named. pkgsite If supplied, use to install from a specific package repository. state Either "present" or "absent", defaults to "present" EXAMPLES -------- .. code-block:: sh # Ensure zsh is installed __package_pkg_freebsd zsh --state present # Ensure vim is installed, use flavor no_x11 __package_pkg_freebsd vim --state present --flavor no_x11 # If you don't want to follow pythonX packages, but always use python __package_pkg_freebsd python --state present --name python2 # Remove obsolete package __package_pkg_freebsd puppet --state absent SEE ALSO -------- :strong:`cdist-type__package`\ (7) AUTHORS ------- Jake Guffey COPYING ------- Copyright \(C) 2012 Jake Guffey. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__package_pkg_freebsd/nonparallel000066400000000000000000000000001427155744700236640ustar00rootroot00000000000000cdist/cdist/conf/type/__package_pkg_freebsd/parameter/000077500000000000000000000000001427155744700234245ustar00rootroot00000000000000cdist/cdist/conf/type/__package_pkg_freebsd/parameter/default/000077500000000000000000000000001427155744700250505ustar00rootroot00000000000000cdist/cdist/conf/type/__package_pkg_freebsd/parameter/default/flavor000066400000000000000000000000001427155744700262520ustar00rootroot00000000000000cdist/cdist/conf/type/__package_pkg_freebsd/parameter/default/pkgsite000066400000000000000000000000001427155744700264270ustar00rootroot00000000000000cdist/cdist/conf/type/__package_pkg_freebsd/parameter/default/state000066400000000000000000000000101427155744700261020ustar00rootroot00000000000000present cdist/cdist/conf/type/__package_pkg_freebsd/parameter/default/version000066400000000000000000000000001427155744700264460ustar00rootroot00000000000000cdist/cdist/conf/type/__package_pkg_freebsd/parameter/optional000066400000000000000000000000421427155744700251700ustar00rootroot00000000000000name flavor version pkgsite state cdist/cdist/conf/type/__package_pkg_openbsd/000077500000000000000000000000001427155744700214645ustar00rootroot00000000000000cdist/cdist/conf/type/__package_pkg_openbsd/explorer/000077500000000000000000000000001427155744700233245ustar00rootroot00000000000000cdist/cdist/conf/type/__package_pkg_openbsd/explorer/has_installurl000077500000000000000000000020301427155744700262710ustar00rootroot00000000000000#!/bin/sh # # Copyright 2017, Philippe Gregoire # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Retrieve the installurl(5), as introduced in OpenBSD 6.1 # # As of 6.1, the file is supposed to contained a single line # with the URL used to install from during install or upgrade. # # Allow for expansion and take the first non-commented (#) line. # if [ -f /etc/installurl ]; then printf 'yes' else printf 'no' fi exit 0 cdist/cdist/conf/type/__package_pkg_openbsd/explorer/pkg_state000077500000000000000000000025641427155744700252420ustar00rootroot00000000000000#!/bin/sh # # Copyright 2018, Takashi Yoshi # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Retrieve the status of a package - parsed pkg_info output # if [ -f "${__object}/parameter/name" ] then pkgid="$(cat "${__object}/parameter/name")" else pkgid="${__object_id}" fi if [ -f "${__object}/parameter/version" ] then pkgid="${pkgid}-$(cat "${__object}/parameter/version")" fi if [ -f "${__object}/parameter/flavor" ] then # If a flavor but no version is given we need to add another -, # otherwise pkg_info confuses the flavor with the version. [ -f "${__object}/parameter/version" ] || pkgid="${pkgid}-" pkgid="${pkgid}-$(cat "${__object}/parameter/flavor")" fi pkg_info -q -I "inst:${pkgid}" >/dev/null 2>&1 \ && echo 'present' || echo 'absent' exit 0 cdist/cdist/conf/type/__package_pkg_openbsd/gencode-remote000077500000000000000000000064141427155744700243140ustar00rootroot00000000000000#!/bin/sh -e # # 2011 Andi Brönnimann (andi-cdist at v-net.ch) # 2012 Nico Schottelius (nico-cdist at schottelius.org) # 2018 Takashi Yoshi # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Manage packages with pkg on OpenBSD # os_version=$(cat "${__global}/explorer/os_version") machine=$(cat "${__global}/explorer/machine") if [ -f "${__object}/parameter/version" ]; then version=$(cat "${__object}/parameter/version") fi if [ -f "${__object}/parameter/flavor" ]; then flavor=$(cat "${__object}/parameter/flavor") fi # Do not show progress bar pkgopts='-x' name="${__object_id}" if [ -f "${__object}/parameter/name" ]; then name=$(cat "${__object}/parameter/name") fi if [ -n "${version}" ] && [ -n "${flavor}" ]; then pkgid="${name}-${version}-${flavor}" elif [ -n "${version}" ]; then pkgid="${name}-${version}" elif [ -f "${__object}/parameter/flavor" ]; then pkgid="${name}--${flavor}" else pkgid="${name}" fi state_should=$(cat "${__object}/parameter/state") if [ -f "${__object}/parameter/pkg_path" ]; then pkg_path=$(cat "${__object}/parameter/pkg_path") else has_installurl=$(cat "${__object}/explorer/has_installurl") if [ 'yes' != "${has_installurl}" ]; then # There is no default PKG_PATH, try to provide one pkg_path="ftp://ftp.openbsd.org/pub/OpenBSD/${os_version}/packages/${machine}/" fi fi state_is=$(cat "${__object}/explorer/pkg_state") [ "${state_is}" = "${state_should}" ] && exit 0 case "${state_should}" in present) if [ -n "${pkg_path}" ]; then echo "export PKG_PATH='${pkg_path}'" fi # Use this because pkg_add doesn't properly handle errors cat <&1 || true) if ! pkg_info -q -I 'inst:${pkgid}' | grep -q '^${name}-${version}.*${flavor}$' 2>/dev/null then # We didn't find the package in the list of 'installed packages', so it failed. # This is necessary because pkg_add doesn't return properly if [ -z "\${status}" ]; then status='Failed to add package, uncaught exception.' fi echo "Error: \${status}" >&2 exit 1 fi EOF echo 'installed' >> "${__messages_out}" ;; absent) # Use this because pkg_delete doesn't properly handle errors cat <&1 || true) if pkg_info -q -I 'inst:${pkgid}' | grep -q '^${name}-${version}.*${flavor}' 2>/dev/null then # We found the package in the list of 'installed packages'. # This would indicate that pkg_delete failed, send the output of pkg_delete if [ -z "\${status}" ]; then status='Failed to remove package, uncaught exception.' fi echo "Error: \${status}" >&2 exit 1 fi EOF echo 'removed' >> "${__messages_out}" ;; *) echo "Unknown state: ${state_should}" >&2 exit 1 ;; esac cdist/cdist/conf/type/__package_pkg_openbsd/man.rst000066400000000000000000000026771427155744700230050ustar00rootroot00000000000000cdist-type__package_pkg(7) ========================== NAME ---- cdist-type__package_pkg - Manage OpenBSD packages DESCRIPTION ----------- This type is usually used on OpenBSD to manage packages. REQUIRED PARAMETERS ------------------- None OPTIONAL PARAMETERS ------------------- name If supplied, use the name and not the object id as the package name. flavor If supplied, use to avoid ambiguity. version If supplied, use to avoid ambiguity. state Either "present" or "absent", defaults to "present" pkg_path Manually specify a PKG_PATH to add packages from. EXAMPLES -------- .. code-block:: sh # Ensure zsh is installed __package_pkg_openbsd zsh --state present # Ensure vim is installed, use flavor no_x11 __package_pkg_openbsd vim --state present --flavor no_x11 # If you don't want to follow pythonX packages, but always use python __package_pkg_openbsd python --state present --name python2 # Remove obsolete package __package_pkg_openbsd puppet --state absent # Add a package using a particular mirror __package_pkg_openbsd bash \ --pkg_path http://openbsd.mirrorcatalogs.com/snapshots/packages/amd64 SEE ALSO -------- :strong:`cdist-type__package`\ (7) AUTHORS ------- Andi Brönnimann COPYING ------- Copyright \(C) 2011 Andi Brönnimann. Free use of this software is granted under the terms of the GNU General Public License version 3 (GPLv3). cdist/cdist/conf/type/__package_pkg_openbsd/nonparallel000066400000000000000000000000001427155744700237040ustar00rootroot00000000000000cdist/cdist/conf/type/__package_pkg_openbsd/parameter/000077500000000000000000000000001427155744700234445ustar00rootroot00000000000000cdist/cdist/conf/type/__package_pkg_openbsd/parameter/default/000077500000000000000000000000001427155744700250705ustar00rootroot00000000000000cdist/cdist/conf/type/__package_pkg_openbsd/parameter/default/state000066400000000000000000000000101427155744700261220ustar00rootroot00000000000000present cdist/cdist/conf/type/__package_pkg_openbsd/parameter/optional000066400000000000000000000000431427155744700252110ustar00rootroot00000000000000name version flavor state pkg_path cdist/cdist/conf/type/__package_pkgng_freebsd/000077500000000000000000000000001427155744700217715ustar00rootroot00000000000000cdist/cdist/conf/type/__package_pkgng_freebsd/explorer/000077500000000000000000000000001427155744700236315ustar00rootroot00000000000000cdist/cdist/conf/type/__package_pkgng_freebsd/explorer/pkg_bootstrapped000077500000000000000000000000741427155744700271270ustar00rootroot00000000000000#!/bin/sh -e if pkg -N >/dev/null 2>&1; then echo "YES" fi cdist/cdist/conf/type/__package_pkgng_freebsd/explorer/pkg_version000077500000000000000000000023351427155744700261100ustar00rootroot00000000000000#!/bin/sh # # 2014 Jake Guffey (jake.guffey at eprotex.com) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Retrieve the status of a package - parsed pkgng output # if ! pkg -N >/dev/null 2>&1; then # Nothing to do if pkg is not bootstrapped exit fi if [ -f "$__object/parameter/name" ]; then name="$(cat "$__object/parameter/name")" else name="$__object_id" fi # Don't produce "no pkgs installed" output -- breaks things PKG_OUTPUT=$(pkg info 2>&1) printf "%s" "$(echo "$PKG_OUTPUT" \ | awk '{print $1}' \ | sed 's/^\(.*\)-\([^-]*\)$/name:\1 ver:\2/g' \ | grep "name:$name ver:" \ | sed 's/^.*ver:\(.*\)/\1/g')" cdist/cdist/conf/type/__package_pkgng_freebsd/gencode-remote000077500000000000000000000067721427155744700246300ustar00rootroot00000000000000#!/bin/sh -e # # 2014 Jake Guffey (jake.guffey at eprotex.com) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Manage packages with pkg on FreeBSD # # Debug #exec >&2 #set -x if [ -f "$__object/parameter/name" ]; then name="$(cat "$__object/parameter/name")" else name="$__object_id" fi flavor="$(cat "$__object/parameter/flavor")" version="$(cat "$__object/parameter/version")" if [ -f "$__object/parameter/upgrade" ]; then upgrade="true" else upgrade="false" fi repo="$(cat "$__object/parameter/repo")" state="$(cat "$__object/parameter/state")" curr_version="$(cat "$__object/explorer/pkg_version")" pkg_bootstrapped="$(cat "$__object/explorer/pkg_bootstrapped")" add_cmd="pkg install -y" rm_cmd="pkg delete -y" upg_cmd="pkg upgrade -y" cmd="" # Print the command to be executed # Parms: $1 -- mode, "rm", "add", or "upg" # $2 -- the command to be echoed execcmd(){ _cmd="" case "$1" in add) _cmd="${add_cmd} $2" echo "installed" >> "$__messages_out" ;; rm) _cmd="${rm_cmd} $2" echo "removed" >> "$__messages_out" ;; upg) _cmd="${upg_cmd} $2" echo "installed" >> "$__messages_out" ;; *) printf "Error. Don't understand command: %s" "$1" >&2 exit 1 ;; esac if [ -z "${pkg_bootstrapped}" ]; then echo "ASSUME_ALWAYS_YES=yes pkg bootstrap >/dev/null 2>&1" fi echo "$_cmd >/dev/null 2>&1" # Silence the output of the command echo "status=\$?" echo "if [ \"\$status\" -ne \"0\" ]; then" echo " echo \"Error: ${_cmd} exited nonzero with \$status\"'!' >&2" echo " exit 1" echo "fi" } if [ -n "$curr_version" ]; then # PKG *is* installed if [ -n "$repo" ]; then cmd="-r ${repo} ${name}" else cmd="${name}" fi if [ -n "$flavor" ]; then cmd="${cmd}-${flavor}" fi # PKG is supposed to be removed if [ "$state" = "absent" ]; then execcmd "rm" "${cmd}" # PKG is supposed to be installed to a particular version elif [ -n "$version" ] && [ "$version" != "$curr_version" ]; then if [ "$upgrade" = "true" ]; then execcmd "upg" "${cmd}" else printf 'Version %s is already installed and pkg-ng cannot upgrade directly to version %s.\nTo upgrade to the latest version, use the --upgrade flag.\n' "$curr_version" "$version" >&2 exit 1 fi # PKG is supposed to be installed to the latest version else : # Do nothing. fi else # PKG *isn't* installed if [ "$state" = "absent" ]; then # Shouldn't be installed exit 0 else # Should be installed if [ -n "$repo" ]; then cmd="-r ${repo} ${name}" else cmd="${name}" fi if [ -n "$flavor" ]; then cmd="${cmd}-${flavor}" fi if [ -n "$version" ]; then cmd="${cmd}-${version}" fi execcmd "add" "$cmd" exit 0 fi fi # Debug #set +x cdist/cdist/conf/type/__package_pkgng_freebsd/man.rst000066400000000000000000000044711427155744700233040ustar00rootroot00000000000000cdist-type__package_pkgng_freebsd(7) ==================================== NAME ---- cdist-type__package_pkgng_freebsd - Manage FreeBSD packages with pkg-ng DESCRIPTION ----------- This type is usually used on FreeBSD to manage packages. REQUIRED PARAMETERS ------------------- None OPTIONAL PARAMETERS ------------------- name If supplied, use the name and not the object id as the package name. flavor If supplied, use to avoid ambiguity. version If supplied, use to install a specific version of the package named. repo If supplied, use to install the package named from a particular repo. state Either "present" or "absent", defaults to "present" BOOLEAN PARAMETERS ------------------ upgrade If supplied, allow upgrading to the latest version of a package. CAVEATS ------- This type requires that repository definitions already exist in /etc/pkg/\*.conf. Ensure that they exist prior to use of this type with __file. pkg-ng can't upgrade a package to a specific version. If this type needs to upgrade a package, it can only ugprade to the latest available version. If the "upgrade" parameter is not given and an upgrade needs to occur, an error will result. MESSAGES -------- install The package was installed remove The package was removed upgrade The package was upgraded exist The package was already present and thus not installed EXAMPLES -------- .. code-block:: sh # Ensure zsh is installed __package_pkgng_freebsd zsh --state present # Ensure vim is installed, use flavor no_x11 __package_pkgng_freebsd vim --state present --flavor no_x11 # If you don't want to follow pythonX packages, but always use python __package_pkgng_freebsd python --state present --name python2 # Install a package from a particular repository when multiples exist __package_pkgng_freebsd bash --state present --repo myrepo # Remove obsolete package __package_pkgng_freebsd puppet --state absent SEE ALSO -------- :strong:`cdist-type__package`\ (7) AUTHORS ------- Jake Guffey COPYING ------- Copyright \(C) 2014 Jake Guffey. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__package_pkgng_freebsd/nonparallel000066400000000000000000000000001427155744700242110ustar00rootroot00000000000000cdist/cdist/conf/type/__package_pkgng_freebsd/parameter/000077500000000000000000000000001427155744700237515ustar00rootroot00000000000000cdist/cdist/conf/type/__package_pkgng_freebsd/parameter/boolean000066400000000000000000000000071427155744700253100ustar00rootroot00000000000000upgradecdist/cdist/conf/type/__package_pkgng_freebsd/parameter/default/000077500000000000000000000000001427155744700253755ustar00rootroot00000000000000cdist/cdist/conf/type/__package_pkgng_freebsd/parameter/default/flavor000066400000000000000000000000001427155744700265770ustar00rootroot00000000000000cdist/cdist/conf/type/__package_pkgng_freebsd/parameter/default/repo000066400000000000000000000000001427155744700262530ustar00rootroot00000000000000cdist/cdist/conf/type/__package_pkgng_freebsd/parameter/default/state000066400000000000000000000000101427155744700264270ustar00rootroot00000000000000present cdist/cdist/conf/type/__package_pkgng_freebsd/parameter/default/version000066400000000000000000000000001427155744700267730ustar00rootroot00000000000000cdist/cdist/conf/type/__package_pkgng_freebsd/parameter/optional000066400000000000000000000000371427155744700255210ustar00rootroot00000000000000name flavor version repo state cdist/cdist/conf/type/__package_rubygem/000077500000000000000000000000001427155744700206435ustar00rootroot00000000000000cdist/cdist/conf/type/__package_rubygem/explorer/000077500000000000000000000000001427155744700225035ustar00rootroot00000000000000cdist/cdist/conf/type/__package_rubygem/explorer/pkg_status000077500000000000000000000017031427155744700246160ustar00rootroot00000000000000#!/bin/sh # # 2011 Chase Allen James (nx-cdist@nu-ex.com) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # Retrieve the status of a rubygem # if [ -f "$__object/parameter/name" ]; then name="$(cat "$__object/parameter/name")" else name="$__object_id" fi # Except gem failing, if package is not known / installed gem list -i "$name" 2>/dev/null || exit 0 cdist/cdist/conf/type/__package_rubygem/gencode-remote000077500000000000000000000025561427155744700234760ustar00rootroot00000000000000#!/bin/sh -e # # 2011 Chase Allen James # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Manage Rubygem packages # if [ -f "$__object/parameter/name" ]; then name="$(cat "$__object/parameter/name")" else name="$__object_id" fi state_should="$(cat "$__object/parameter/state")" if grep -q true "$__object/explorer/pkg_status"; then state_is="present" else state_is="absent" fi [ "$state_is" = "$state_should" ] && exit 0 case "$state_should" in present) echo "gem install '$name' --no-ri --no-rdoc" echo "installed" >> "$__messages_out" ;; absent) echo "gem uninstall '$name'" echo "removed" >> "$__messages_out" ;; *) echo "Unknown state: $state_should" >&2 exit 1 ;; esac cdist/cdist/conf/type/__package_rubygem/man.rst000066400000000000000000000020111427155744700221420ustar00rootroot00000000000000cdist-type__package_rubygem(7) ============================== NAME ---- cdist-type__package_rubygem - Manage rubygem packages DESCRIPTION ----------- Rubygems is the default package management system for the Ruby programming language. REQUIRED PARAMETERS ------------------- None OPTIONAL PARAMETERS ------------------- name If supplied, use the name and not the object id as the package name. state Either "present" or "absent", defaults to "present" EXAMPLES -------- .. code-block:: sh # Ensure sinatra is installed __package_rubygem sinatra --state present # Remove package __package_rubygem rails --state absent SEE ALSO -------- :strong:`cdist-type__package`\ (7) AUTHORS ------- Chase Allen James COPYING ------- Copyright \(C) 2011 Chase Allen James. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__package_rubygem/nonparallel000066400000000000000000000000001427155744700230630ustar00rootroot00000000000000cdist/cdist/conf/type/__package_rubygem/parameter/000077500000000000000000000000001427155744700226235ustar00rootroot00000000000000cdist/cdist/conf/type/__package_rubygem/parameter/default/000077500000000000000000000000001427155744700242475ustar00rootroot00000000000000cdist/cdist/conf/type/__package_rubygem/parameter/default/state000066400000000000000000000000101427155744700253010ustar00rootroot00000000000000present cdist/cdist/conf/type/__package_rubygem/parameter/optional000066400000000000000000000000131427155744700243650ustar00rootroot00000000000000name state cdist/cdist/conf/type/__package_update_index/000077500000000000000000000000001427155744700216425ustar00rootroot00000000000000cdist/cdist/conf/type/__package_update_index/explorer/000077500000000000000000000000001427155744700235025ustar00rootroot00000000000000cdist/cdist/conf/type/__package_update_index/explorer/currage000066400000000000000000000025231427155744700250570ustar00rootroot00000000000000#!/bin/sh # # 2018 Thomas Eckert (tom at it-eckert.de) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . type="$("$__type_explorer/type")" case "$type" in apt) if [ -f "/var/cache/apt/pkgcache.bin" ]; then echo $(($(date +"%s")-$(stat --format '%Y' /var/cache/apt/pkgcache.bin))) else echo -- -1 fi ;; pacman) if [ -d "/var/lib/pacman/sync" ]; then echo $(($(date +"%s")-$(stat --format '%Y' /var/lib/pacman/sync))) else echo -- -1 fi ;; alpine) echo -- -1 ;; *) echo "Your specified type ($type) is currently not supported." >&2 echo "Please contribute an implementation for it if you can." >&2 ;; esac cdist/cdist/conf/type/__package_update_index/explorer/type000066400000000000000000000022511427155744700244060ustar00rootroot00000000000000#!/bin/sh # # 2018 Stu Zhao (z12y12l12 at gmail.com) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . if [ -f "$__object/parameter/type" ]; then cat "$__object/parameter/type" else # By default determine package manager based on operating system os="$("$__explorer/os")" case "$os" in amazon|scientific|centos|fedora|redhat) echo "yum" ;; debian|ubuntu|devuan) echo "apt" ;; archlinux) echo "pacman" ;; alpine) echo "apk" ;; *) echo "Don't know how to manage packages on: $os" >&2 exit 1 ;; esac fi cdist/cdist/conf/type/__package_update_index/gencode-remote000077500000000000000000000050131427155744700244640ustar00rootroot00000000000000#!/bin/sh -e # # 2014 Ricardo Catalinas Jiménez (jimenezrick at gmail.com) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Update the package index with the appropriate package manager # type=$(cat "$__object/explorer/type") currage="$(cat "$__object/explorer/currage")" if [ -f "$__object/parameter/maxage" ]; then maxage="$(cat "$__object/parameter/maxage")" fi if [ -n "$maxage" ]; then if [ "$type" != "apt" ] && [ "$type" != "pacman" ]; then echo "ERROR: \"--maxage\" only supported for \"apt\" or \"pacman\" pkg-manager." >&2 exit 1 # do not exit if no value found (represented as -1) elif [ "$currage" -ne -1 ] && [ "$currage" -lt "$maxage" ]; then exit 0 # no need to update fi fi case "$type" in yum) ;; apt) # There are special arguments to apt(8) to prevent aborts if apt woudn't been # updated after the 19th April 2021 till the bullseye release. The additional # arguments acknoledge the happend suite change (the apt(8) update does the # same by itself). # # Using '-o $config' instead of the --allow-releaseinfo-change-* parameter # allows backward compatablility to pre-buster Debian versions. # # See more: ticket #861 # https://code.ungleich.ch/ungleich-public/cdist/-/issues/861 apt_opts="-o Acquire::AllowReleaseInfoChange::Suite=true -o Acquire::AllowReleaseInfoChange::Version=true" echo "apt-get --quiet $apt_opts update" echo "apt-cache updated (age was: $currage)" >> "$__messages_out" ;; pacman) echo "pacman --noprogressbar --sync --refresh" echo "pacman package database synced (age was: $currage)" >> "$__messages_out" ;; apk) echo "apk update" echo "apk package database updated." >>"$__messages_out" ;; *) echo "Don't know how to manage packages for type: $type" >&2 exit 1 ;; esac cdist/cdist/conf/type/__package_update_index/man.rst000066400000000000000000000032221427155744700231460ustar00rootroot00000000000000cdist-type__package_update_index(7) =================================== NAME ---- cdist-type__update_index - Update the package index DESCRIPTION ----------- This cdist type allows you to update the package index on the target. It will automatically use the appropriate package manager. REQUIRED PARAMETERS ------------------- None OPTIONAL PARAMETERS ------------------- type The package manager to use. Default is determined based on the $os explorer variable. e.g. * apt for Debian * yum for Red Hat * pacman for Arch Linux maxage Available for package manager apt and pacman, max time in seconds since last update. Repo update is skipped if maxage is not reached yet. MESSAGES -------- apt-cache updated (age was: currage) apt-cache was updated (run of `apt-get update`). `currage` is the time in seconds since the previous run. EXAMPLES -------- .. code-block:: sh # Update the package index on the target __package_update_index # Force use of a specific package manager __package_update_index --type apt # Only update every hour: __package_update_index --maxage 3600 --type apt # same as above (on apt-type systems): __package_update_index --maxage 3600 AUTHORS ------- | Ricardo Catalinas Jiménez | Thomas Eckert | Stu Zhao COPYING ------- Copyright \(C) 2014 Ricardo Catalinas Jiménez. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__package_update_index/nonparallel000066400000000000000000000000001427155744700240620ustar00rootroot00000000000000cdist/cdist/conf/type/__package_update_index/parameter/000077500000000000000000000000001427155744700236225ustar00rootroot00000000000000cdist/cdist/conf/type/__package_update_index/parameter/optional000066400000000000000000000000141427155744700253650ustar00rootroot00000000000000type maxage cdist/cdist/conf/type/__package_update_index/singleton000066400000000000000000000000001427155744700235550ustar00rootroot00000000000000cdist/cdist/conf/type/__package_upgrade_all/000077500000000000000000000000001427155744700214505ustar00rootroot00000000000000cdist/cdist/conf/type/__package_upgrade_all/gencode-remote000077500000000000000000000044271427155744700243020ustar00rootroot00000000000000#!/bin/sh -e # # 2014 Ricardo Catalinas Jiménez (jimenezrick at gmail.com) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Upgrade all the already installed packages with the appropriate package # manager # type="$__object/parameter/type" apt_clean="$__object/parameter/apt-clean" apt_dist_upgrade="$__object/parameter/apt-dist-upgrade" if [ -f "$__object/parameter/apt-with-new-pkgs" ]; then apt_with_new_pkgs="--with-new-pkgs" fi if [ -f "$type" ]; then type="$(cat "$type")" else # By default determine package manager based on operating system os="$(cat "$__global/explorer/os")" case "$os" in amazon|scientific|centos|fedora|redhat) type="yum" ;; debian|ubuntu|devuan) type="apt" ;; archlinux) type="pacman" ;; *) echo "Don't know how to manage packages on: $os" >&2 exit 1 ;; esac fi aptget="DEBIAN_FRONTEND=noninteractive apt-get --quiet --yes --no-install-recommends -o Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\"" case "$type" in yum) echo "yum --quiet --assumeyes update" echo "yum --quiet clean all" ;; apt) if [ -f "$apt_dist_upgrade" ] then echo "$aptget dist-upgrade" else echo "$aptget $apt_with_new_pkgs upgrade" fi if [ -f "$apt_clean" ] then echo "apt-get --quiet clean" else echo "apt-get --quiet autoclean" fi ;; pacman) echo "pacman --noprogressbar --noconfirm --sync --sysupgrade" echo "pacman --noprogressbar --noconfirm --sync --clean" ;; *) echo "Don't know how to manage packages on: $os" >&2 exit 1 ;; esac cdist/cdist/conf/type/__package_upgrade_all/man.rst000066400000000000000000000032551427155744700227620ustar00rootroot00000000000000cdist-type__package_upgrade_all(7) ================================== NAME ---- cdist-type__package_upgrade_all - Upgrade all the installed packages DESCRIPTION ----------- This cdist type allows you to upgrade all the installed packages on the target. It will automatically use the appropriate package manager. REQUIRED PARAMETERS ------------------- None OPTIONAL PARAMETERS ------------------- type The package manager to use. Default is determined based on the $os explorer variable. e.g. * apt for Debian * yum for Red Hat * pacman for Arch Linux BOOLEAN PARAMETERS ------------------ apt-dist-upgrade Do dist-upgrade instead of upgrade. apt-with-new-pkg Allow installing new packages when used in conjunction with upgrade. This is useful if the update of an installed package requires new dependencies to be installed. Instead of holding the package back upgrade will upgrade the package and install the new dependencies. Note that upgrade with this option will never remove packages, only allow adding new ones. apt-clean Clean out the local repository of retrieved package files. EXAMPLES -------- .. code-block:: sh # Upgrade all the installed packages on the target __package_upgrade_all # Force use of a specific package manager __package_upgrade_all --type apt AUTHORS ------- Ricardo Catalinas Jiménez COPYING ------- Copyright \(C) 2014 Ricardo Catalinas Jiménez. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__package_upgrade_all/nonparallel000066400000000000000000000000001427155744700236700ustar00rootroot00000000000000cdist/cdist/conf/type/__package_upgrade_all/parameter/000077500000000000000000000000001427155744700234305ustar00rootroot00000000000000cdist/cdist/conf/type/__package_upgrade_all/parameter/boolean000066400000000000000000000000551427155744700247720ustar00rootroot00000000000000apt-clean apt-dist-upgrade apt-with-new-pkgs cdist/cdist/conf/type/__package_upgrade_all/parameter/optional000066400000000000000000000000051427155744700251730ustar00rootroot00000000000000type cdist/cdist/conf/type/__package_upgrade_all/singleton000066400000000000000000000000001427155744700233630ustar00rootroot00000000000000cdist/cdist/conf/type/__package_yum/000077500000000000000000000000001427155744700200035ustar00rootroot00000000000000cdist/cdist/conf/type/__package_yum/explorer/000077500000000000000000000000001427155744700216435ustar00rootroot00000000000000cdist/cdist/conf/type/__package_yum/explorer/pkg_version000077500000000000000000000017001427155744700241150ustar00rootroot00000000000000#!/bin/sh # # 2011-2012 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Retrieve the status of a package # if [ -f "$__object/parameter/name" ]; then name="$(cat "$__object/parameter/name")" else name="$__object_id" fi rpm -q "$name" 2>/dev/null || rpm -q --whatprovides "$name" 2>/dev/null || true cdist/cdist/conf/type/__package_yum/gencode-remote000077500000000000000000000036021427155744700226270ustar00rootroot00000000000000#!/bin/sh -e # # 2011-2014 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Manage packages with yum (mostly Fedora) # if [ -f "$__object/parameter/name" ]; then name="$(cat "$__object/parameter/name")" else name="$__object_id" fi # Support installing from an URL if [ -f "$__object/parameter/url" ]; then install_name="$(cat "$__object/parameter/url")" else install_name="$name" fi state_should="$(cat "$__object/parameter/state")" if grep -q -E "(scientific|centos|redhat|amazon)" "$__global/explorer/os"; then opts="-y --quiet" else opts="--assumeyes --quiet" fi not_provided="^no package provides" not_installed='is not installed$' if grep -q "$not_provided" "$__object/explorer/pkg_version"; then if grep -q "$not_installed" "$__object/explorer/pkg_version"; then state_is="absent" else state_is="present" fi else state_is="present" fi [ "$state_is" = "$state_should" ] && exit 0 case "$state_should" in present) echo "yum $opts install '$install_name'" echo "installed" >> "$__messages_out" ;; absent) echo "yum $opts remove '$name'" echo "removed" >> "$__messages_out" ;; *) echo "Unknown state: $state_should" >&2 exit 1 ;; esac cdist/cdist/conf/type/__package_yum/man.rst000066400000000000000000000026061427155744700213140ustar00rootroot00000000000000cdist-type__package_yum(7) ========================== NAME ---- cdist-type__package_yum - Manage packages with yum DESCRIPTION ----------- Yum is usually used on the Fedora distribution to manage packages. If you specify an unknown package, yum will display the slightly confusing error message "Error: Nothing to do". REQUIRED PARAMETERS ------------------- None OPTIONAL PARAMETERS ------------------- name If supplied, use the name and not the object id as the package name. state Either "present" or "absent", defaults to "present" url URL to use for the package EXAMPLES -------- .. code-block:: sh # Ensure zsh in installed __package_yum zsh --state present # If you don't want to follow pythonX packages, but always use python __package_yum python --state present --name python2 # Remove obsolete package __package_yum puppet --state absent __package epel-release-6-8 \ --url http://mirror.switch.ch/ftp/mirror/epel/6/i386/epel-release-6-8.noarch.rpm SEE ALSO -------- :strong:`cdist-type__package`\ (7) AUTHORS ------- Nico Schottelius COPYING ------- Copyright \(C) 2011-2012 Nico Schottelius. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__package_yum/nonparallel000066400000000000000000000000001427155744700222230ustar00rootroot00000000000000cdist/cdist/conf/type/__package_yum/parameter/000077500000000000000000000000001427155744700217635ustar00rootroot00000000000000cdist/cdist/conf/type/__package_yum/parameter/default/000077500000000000000000000000001427155744700234075ustar00rootroot00000000000000cdist/cdist/conf/type/__package_yum/parameter/default/state000066400000000000000000000000101427155744700244410ustar00rootroot00000000000000present cdist/cdist/conf/type/__package_yum/parameter/optional000066400000000000000000000000171427155744700235310ustar00rootroot00000000000000name state url cdist/cdist/conf/type/__package_zypper/000077500000000000000000000000001427155744700205225ustar00rootroot00000000000000cdist/cdist/conf/type/__package_zypper/explorer/000077500000000000000000000000001427155744700223625ustar00rootroot00000000000000cdist/cdist/conf/type/__package_zypper/explorer/pkg_version000066400000000000000000000027101427155744700246330ustar00rootroot00000000000000#!/bin/sh # # 2011-2012 Nico Schottelius (nico-cdist at schottelius.org) # 2013 Daniel Heule (hda at sfs.biz) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Retrieve the status of a package of different types # if [ -f "$__object/parameter/name" ]; then name="$(cat "$__object/parameter/name")" else name="$__object_id" fi if [ -f "$__object/parameter/ptype" ]; then ptype="$(cat "$__object/parameter/ptype")" else ptype="package" fi case "$ptype" in package) zypper search --details --match-exact --installed-only --type "$ptype" "$name" | grep -E '^i' | cut -d " " -f 3,7 || true ;; patch|pattern|product|srcpackage) zypper search --match-exact --installed-only --type "$ptype" "$name" | grep -E '^i' | cut -d " " -f 3 || true ;; *) echo "unknown ptype in __package_zypper explorer" >&2 exit 1 ;; esac cdist/cdist/conf/type/__package_zypper/gencode-remote000077500000000000000000000050201427155744700233420ustar00rootroot00000000000000#!/bin/sh -e # # 2012 Nico Schottelius (nico-cdist at schottelius.org) # 2013 Daniel Heule (hda at sfs.biz) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Manage packages with Zypper (mostly suse) # # Debug # exec >&2 # set -x globalopts="--quiet --non-interactive" if [ -f "$__object/parameter/name" ]; then name="$__object/parameter/name" else name="$__object_id" fi state_should="$(cat "$__object/parameter/state")" ptype="$(cat "$__object/parameter/ptype")" if [ -f "$__object/parameter/version" ]; then version_should="$(cat "$__object/parameter/version")" if [ "$ptype" != "package" ]; then echo "version support only for type package implemented" >&2 exit 2 fi else version_should="" fi pkg_version="$(cat "$__object/explorer/pkg_version")" if [ -z "$pkg_version" ]; then state_is="absent" version_is="" else state_is="present" version_is=${pkg_version##* } fi case "$state_should" in present) if [ -z "$version_should" ]; then [ "$state_is" = "present" ] && exit 0 # if state is present, we dont need to do anything echo "zypper $globalopts install --type '$ptype' --auto-agree-with-licenses '$name' >/dev/null" echo "removed" >> "$__messages_out" else [ "$state_is" = "present" ] && [ "$version_should" = "$version_is" ] && exit 0 # if state is present and version is correct, we dont need to do anything echo "zypper $globalopts install --oldpackage --type '$ptype' --auto-agree-with-licenses '$name' = '$version_should' >/dev/null" echo "installed" >> "$__messages_out" fi ;; absent) [ "$state_is" = "absent" ] && exit 0 # if state is absent, we dont need to do anything echo "zypper $globalopts remove --type '$ptype' '$name' >/dev/null" echo "removed" >> "$__messages_out" ;; *) echo "Unknown state: $state_should" >&2 exit 1 ;; esac cdist/cdist/conf/type/__package_zypper/man.rst000066400000000000000000000033741427155744700220360ustar00rootroot00000000000000cdist-type__package_zypper(7) ============================= NAME ---- cdist-type__package_zypper - Manage packages with zypper DESCRIPTION ----------- Zypper is usually used on the SuSE distribution to manage packages. REQUIRED PARAMETERS ------------------- None OPTIONAL PARAMETERS ------------------- name If supplied, use the name and not the object id as the package name. state Either "present" or "absent", defaults to "present" version The version of the package to install. Default is to install the version chosen by the local package manager. For a list of available versions, have a look at the output of "zypper se -s packagename" ptype Either "package", "patch", "pattern", "product" or "srcpackage", defaults to "package". For a description see man zypper. EXAMPLES -------- .. code-block:: sh # Ensure zsh is installed __package_zypper zsh --state present # If you don't want to follow pythonX packages, but always use python __package_zypper python --state present --name python2 # Ensure binutils is installed and the version is forced to be 2.23.1-0.19.2 __package_zypper binutils --state present --version 2.23.1-0.19.2 # Remove package __package_zypper cfengine --state absent # install all packages which belongs to pattern x11 __package_zypper x11 --ptype pattern --state present SEE ALSO -------- :strong:`cdist-type__package`\ (7) AUTHORS ------- Daniel Heule COPYING ------- Copyright \(C) 2012 Nico Schottelius. Copyright \(C) 2013 Daniel Heule. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__package_zypper/nonparallel000066400000000000000000000000001427155744700227420ustar00rootroot00000000000000cdist/cdist/conf/type/__package_zypper/parameter/000077500000000000000000000000001427155744700225025ustar00rootroot00000000000000cdist/cdist/conf/type/__package_zypper/parameter/default/000077500000000000000000000000001427155744700241265ustar00rootroot00000000000000cdist/cdist/conf/type/__package_zypper/parameter/default/ptype000066400000000000000000000000101427155744700252010ustar00rootroot00000000000000package cdist/cdist/conf/type/__package_zypper/parameter/default/state000066400000000000000000000000101427155744700251600ustar00rootroot00000000000000present cdist/cdist/conf/type/__package_zypper/parameter/optional000066400000000000000000000000311427155744700242440ustar00rootroot00000000000000name state ptype version cdist/cdist/conf/type/__pacman_conf/000077500000000000000000000000001427155744700177625ustar00rootroot00000000000000cdist/cdist/conf/type/__pacman_conf/man.rst000066400000000000000000000032461427155744700212740ustar00rootroot00000000000000cdist-type__pacman_conf(7) ========================== NAME ---- cdist-type__pacman_conf - Manage pacman configuration DESCRIPTION ----------- The type allows you to configure options section, add or delete repositories and manage mirrorlists REQUIRED PARAMETERS ------------------- section 'options' for configure options section Otherwise it specifies a repository or a plain file key Specifies the key which will be set If section = 'options' or file is not set the key will be checked against available keys from pacman.conf value Specifies the value which will be set against the key OPTIONAL PARAMETERS ------------------- state 'present' or 'absent', defaults to 'present' file Specifies the filename. The managed file will be named like 'plain_file_filename' If supplied the key will not be checked. EXAMPLES -------- .. code-block:: sh # Manage options section in pacman.conf __pacman_conf options_Architecture --section options --key Architecture --value auto # Add new repository __pacman_conf localrepo_Server --section localrepo --key Server --value "file:///var/cache/pacman/pkg" # Add mirror to a mirrorlist __pacman_conf customlist_Server --file customlist --section customlist --key Server\ --value "file:///var/cache/pacman/pkg" SEE ALSO -------- :strong:`grep`\ (1) AUTHORS ------- Dominique Roux COPYING ------- Copyright \(C) 2015 Dominique Roux. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__pacman_conf/manifest000077500000000000000000000100561427155744700215200ustar00rootroot00000000000000#!/bin/sh -e # # 2015 Dominique Roux (dominique.roux4 at gmail.com) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # #get params section=$(cat "$__object/parameter/section") key=$(cat "$__object/parameter/key") value=$(cat "$__object/parameter/value") file=$(cat "$__object/parameter/file" 2>/dev/null) state=$(cat "$__object/parameter/state" 2>/dev/null) #path variable default /etc/pacman.d sec_path="/etc/pacman.d" #allowed keys (from man pacman.conf) allowed_option_keys="RootDir DBPath CacheDir GPGDir LogFile HoldPkg IgnorePkg IgnoreGroup Include Architecture XferCommand NoUpgrade NoExtract CleanMethod SigLevel LocalFileSigLevel RemoteFileSigLevel" boolean_option_keys="UseSyslog Color UseDelta TotalDownload CheckSpace VerbosePkgLists" allowed_repo_keys="Include Server SigLevel Usage" #set global variables MATCH=0 #function for check if array contain string contains_element() { MATCH=0 target=$1 shift for key in "$@"; do if [ "${key}" = "${target}" ]; then MATCH=1 return 0 fi done MATCH=0 } if [ "${file}" ]; then __file "${sec_path}/plain_file_${file}"\ --state exists --mode 666 if [ "${state}" = "present" ]; then require="__file/${sec_path}/plain_file_${file}" __key_value "${file}_${key}" \ --file "${sec_path}/plain_file_${file}" --key "${key}" --value "${value}" --delimiter ' = ' exit 0 elif [ "${state}" = "absent" ]; then require="__file/${sec_path}/plain_file_${file}" __key_value "${file}_${key}" \ --state absent exit 0 else echo "ERROR: Unknown state: ${state}" >&2 exit 0 fi fi if [ "${section}" = "options" ]; then __file "${sec_path}/${section}"\ --state exists --mode 666 --source - << eof [${section}] eof #check if key is valid #check for boolean value contains_element "${key}" "${boolean_option_keys}" if [ "${MATCH}" -eq 1 ]; then if [ "${value}" = "on" ]; then require="__file/${sec_path}/${section}" __line "${key}_${value}" \ --file "${sec_path}/${section}" --line "${key}" elif [ "${value}" = "off" ]; then require="__file/${sec_path}/${section}" __line "${key}_${value}" \ --file "${sec_path}/${section}" --line "${key}" --state absent fi else contains_element "${key}" "${allowed_option_keys}" if [ "${MATCH}" -eq 1 ]; then require="__file/${sec_path}/${section}" __key_value "${section}_${key}" \ --file "${sec_path}/${section}" --key "${key}" --value "${value}" --delimiter ' = ' else echo "Key: ${key} is not valid. Have a look at man pacman.conf" >&2 fi fi else __file "${sec_path}/repo_${section}"\ --state exists --mode 666 --source - << eof [${section}] eof if [ "${state}" = "present" ]; then #check if key is valid contains_element "${key}" "${allowed_repo_keys}" if [ ${MATCH} -eq 0 ]; then exit fi require="__file/${sec_path}/repo_${section}" __key_value "${section}_${key}" \ --file "${sec_path}/repo_${section}" --key "${key}" --value "${value}" --delimiter ' = ' elif [ "${state}" = "absent" ]; then require="__file/${sec_path}/repo_${section}" __key_value "${section}_${key}" \ --state absent else echo "ERROR: Unknown state: ${state}" >&2 fi fi cdist/cdist/conf/type/__pacman_conf/parameter/000077500000000000000000000000001427155744700217425ustar00rootroot00000000000000cdist/cdist/conf/type/__pacman_conf/parameter/default/000077500000000000000000000000001427155744700233665ustar00rootroot00000000000000cdist/cdist/conf/type/__pacman_conf/parameter/default/file000066400000000000000000000000021427155744700242200ustar00rootroot00000000000000 cdist/cdist/conf/type/__pacman_conf/parameter/default/state000066400000000000000000000000101427155744700244200ustar00rootroot00000000000000present cdist/cdist/conf/type/__pacman_conf/parameter/optional000066400000000000000000000000131427155744700235040ustar00rootroot00000000000000file state cdist/cdist/conf/type/__pacman_conf/parameter/required000066400000000000000000000000221427155744700234770ustar00rootroot00000000000000section key value cdist/cdist/conf/type/__pacman_conf_integrate/000077500000000000000000000000001427155744700220245ustar00rootroot00000000000000cdist/cdist/conf/type/__pacman_conf_integrate/files/000077500000000000000000000000001427155744700231265ustar00rootroot00000000000000cdist/cdist/conf/type/__pacman_conf_integrate/files/mirrorlist000066400000000000000000000346111427155744700252640ustar00rootroot00000000000000## ## Arch Linux repository mirrorlist ## Generated on 2015-03-15 ## ## Worldwide #Server = http://mirror.rackspace.com/archlinux/$repo/os/$arch ## Australia #Server = http://mirror.aarnet.edu.au/pub/archlinux/$repo/os/$arch #Server = http://archlinux.mirror.digitalpacific.com.au/$repo/os/$arch #Server = http://ftp.iinet.net.au/pub/archlinux/$repo/os/$arch #Server = http://mirror.internode.on.net/pub/archlinux/$repo/os/$arch #Server = http://mirror.rackcentral.com.au/archlinux/$repo/os/$arch #Server = http://ftp.swin.edu.au/archlinux/$repo/os/$arch #Server = http://archlinux.mirror.uber.com.au/$repo/os/$arch ## Austria #Server = http://mirror.easyname.at/archlinux/$repo/os/$arch #Server = http://mirror1.htu.tugraz.at/archlinux/$repo/os/$arch ## Bangladesh #Server = http://mirrors.ispros.com.bd/archlinux/$repo/os/$arch ## Belarus #Server = http://ftp.byfly.by/pub/archlinux/$repo/os/$arch #Server = http://mirror.datacenter.by/pub/archlinux/$repo/os/$arch ## Belgium #Server = http://archlinux.cu.be/$repo/os/$arch #Server = http://archlinux.mirror.kangaroot.net/$repo/os/$arch ## Brazil #Server = http://archlinux.c3sl.ufpr.br/$repo/os/$arch #Server = http://www.las.ic.unicamp.br/pub/archlinux/$repo/os/$arch #Server = http://pet.inf.ufsc.br/mirrors/archlinux/$repo/os/$arch ## Bulgaria #Server = http://mirror.telepoint.bg/archlinux/$repo/os/$arch ## Canada #Server = http://archlinux.dropswitch.net/archlinux/$repo/os/$arch #Server = http://mirror.clibre.uqam.ca/archlinux/$repo/os/$arch #Server = http://mirror.csclub.uwaterloo.ca/archlinux/$repo/os/$arch #Server = http://mirror.its.dal.ca/archlinux/$repo/os/$arch #Server = http://archlinux.mirror.rafal.ca/$repo/os/$arch #Server = http://archlinux.mirror.vexxhost.com/$repo/os/$arch ## Chile #Server = http://mirror.archlinux.cl/$repo/os/$arch ## China #Server = http://mirrors.163.com/archlinux/$repo/os/$arch #Server = http://mirror.bjtu.edu.cn/archlinux/$repo/os/$arch #Server = http://mirrors.cqu.edu.cn/archlinux/$repo/os/$arch #Server = http://mirrors.hust.edu.cn/archlinux/$repo/os/$arch #Server = http://mirrors.hustunique.com/archlinux/$repo/os/$arch #Server = http://mirrors.neusoft.edu.cn/archlinux/$repo/os/$arch #Server = http://run.hit.edu.cn/archlinux/$repo/os/$arch #Server = http://mirrors.tuna.tsinghua.edu.cn/archlinux/$repo/os/$arch #Server = http://mirrors.ustc.edu.cn/archlinux/$repo/os/$arch #Server = https://mirrors.ustc.edu.cn/archlinux/$repo/os/$arch #Server = http://mirrors.zju.edu.cn/archlinux/$repo/os/$arch ## Colombia #Server = http://mirror.edatel.net.co/archlinux/$repo/os/$arch #Server = http://www.laqee.unal.edu.co/archlinux/$repo/os/$arch ## Croatia #Server = http://archlinux.iskon.hr/$repo/os/$arch ## Czech Republic #Server = http://archlinux.mirror.dkm.cz/pub/archlinux/$repo/os/$arch #Server = http://gluttony.sin.cvut.cz/arch/$repo/os/$arch #Server = http://mirror.oss.maxcdn.com/archlinux/$repo/os/$arch #Server = http://mirrors.nic.cz/archlinux/$repo/os/$arch #Server = http://mirror.vpsfree.cz/archlinux/$repo/os/$arch ## Denmark #Server = http://mirrors.dotsrc.org/archlinux/$repo/os/$arch #Server = http://mirror.one.com/archlinux/$repo/os/$arch ## Ecuador #Server = http://mirror.cedia.org.ec/archlinux/$repo/os/$arch #Server = http://mirror.espoch.edu.ec/archlinux/$repo/os/$arch #Server = http://mirror.uta.edu.ec/archlinux/$repo/os/$arch ## Estonia #Server = http://ftp.eenet.ee/pub/archlinux/$repo/os/$arch ## France #Server = http://archlinux.aubrac-medical.fr/$repo/os/$arch #Server = http://mirror.archlinux.ikoula.com/archlinux/$repo/os/$arch #Server = http://archlinux.vi-di.fr/$repo/os/$arch #Server = http://mir.art-software.fr/arch/$repo/os/$arch #Server = http://fooo.biz/archlinux/$repo/os/$arch #Server = https://fooo.biz/archlinux/$repo/os/$arch #Server = http://mirror.lastmikoi.net/archlinux/$repo/os/$arch #Server = http://mirror.lightcone.eu/archlinux/$repo/os/$arch #Server = http://archlinux.mailtunnel.eu/$repo/os/$arch #Server = https://www.mailtunnel.eu/archlinux/$repo/os/$arch #Server = http://mir.archlinux.fr/$repo/os/$arch #Server = http://arch.nimukaito.net/$repo/os/$arch #Server = http://archlinux.mirrors.ovh.net/archlinux/$repo/os/$arch #Server = http://archlinux.mirror.pkern.at/$repo/os/$arch #Server = https://archlinux.mirror.pkern.at/$repo/os/$arch #Server = http://archlinux.polymorf.fr/$repo/os/$arch #Server = http://arch.static.lu/$repo/os/$arch #Server = https://arch.static.lu/$repo/os/$arch #Server = http://arch.tamcore.eu/$repo/os/$arch #Server = http://mirror.tyborek.pl/arch/$repo/os/$arch #Server = http://ftp.u-strasbg.fr/linux/distributions/archlinux/$repo/os/$arch #Server = http://arch.yourlabs.org/$repo/os/$arch ## Germany #Server = http://mirror.23media.de/archlinux/$repo/os/$arch #Server = http://archlinux.limun.org/$repo/os/$arch #Server = https://archlinux.limun.org/$repo/os/$arch #Server = http://artfiles.org/archlinux.org/$repo/os/$arch #Server = http://ftp.fau.de/archlinux/$repo/os/$arch #Server = https://ftp.fau.de/archlinux/$repo/os/$arch #Server = http://mirror.flipez.de/archlinux/$repo/os/$arch #Server = http://mirror.fluxent.de/archlinux/$repo/os/$arch #Server = http://mirror.gnomus.de/$repo/os/$arch #Server = http://arch.packages.gnp-tec.net/$repo/os/$arch #Server = http://ftp5.gwdg.de/pub/linux/archlinux/$repo/os/$arch #Server = http://mirror.hactar.bz/$repo/os/$arch #Server = http://ftp.hawo.stw.uni-erlangen.de/archlinux/$repo/os/$arch #Server = http://ftp.hosteurope.de/mirror/ftp.archlinux.org/$repo/os/$arch #Server = http://ftp-stud.hs-esslingen.de/pub/Mirrors/archlinux/$repo/os/$arch #Server = http://mirror.js-webcoding.de/pub/archlinux/$repo/os/$arch #Server = http://mirror.k42.ch/archlinux/$repo/os/$arch #Server = http://mirror.de.leaseweb.net/archlinux/$repo/os/$arch #Server = http://mirror.metalgamer.eu/archlinux/$repo/os/$arch #Server = http://mirror.michael-eckert.net/archlinux/$repo/os/$arch #Server = http://archlinux.my-universe.com/$repo/os/$arch #Server = https://archlinux.my-universe.com/$repo/os/$arch #Server = http://mirrors.n-ix.net/archlinux/$repo/os/$arch #Server = http://mirror.netcologne.de/archlinux/$repo/os/$arch #Server = http://mirrors.niyawe.de/archlinux/$repo/os/$arch #Server = http://ftp.halifax.rwth-aachen.de/archlinux/$repo/os/$arch #Server = http://linux.rz.rub.de/archlinux/$repo/os/$arch #Server = http://mirror.selfnet.de/archlinux/$repo/os/$arch #Server = http://ftp.spline.inf.fu-berlin.de/mirrors/archlinux/$repo/os/$arch #Server = http://ftp.tu-chemnitz.de/pub/linux/archlinux/$repo/os/$arch #Server = http://ftp.tuxdroid.org/archlinux/$repo/os/$arch #Server = http://ftp.uni-bayreuth.de/linux/archlinux/$repo/os/$arch #Server = http://ftp.uni-hannover.de/archlinux/$repo/os/$arch #Server = http://ftp.uni-kl.de/pub/linux/archlinux/$repo/os/$arch #Server = http://mirror.united-gameserver.de/archlinux/$repo/os/$arch ## Greece #Server = http://ftp.cc.uoc.gr/mirrors/linux/archlinux/$repo/os/$arch #Server = http://foss.aueb.gr/mirrors/linux/archlinux/$repo/os/$arch #Server = https://foss.aueb.gr/mirrors/linux/archlinux/$repo/os/$arch #Server = http://mirrors.myaegean.gr/linux/archlinux/$repo/os/$arch #Server = http://ftp.ntua.gr/pub/linux/archlinux/$repo/os/$arch #Server = http://ftp.otenet.gr/linux/archlinux/$repo/os/$arch ## Hungary #Server = http://ftp.mfa.kfki.hu/pub/mirrors/ftp.archlinux.org/$repo/os/$arch ## Iceland #Server = http://mirror.system.is/arch/$repo/os/$arch #Server = https://mirror.system.is/arch/$repo/os/$arch ## India #Server = http://mirror.cse.iitk.ac.in/archlinux/$repo/os/$arch #Server = http://ftp.iitm.ac.in/archlinux/$repo/os/$arch ## Indonesia #Server = http://mirror.kavalinux.com/archlinux/$repo/os/$arch #Server = http://mirror.poliwangi.ac.id/archlinux/$repo/os/$arch #Server = http://suro.ubaya.ac.id/archlinux/$repo/os/$arch ## Iran #Server = http://mirror.yazd.ac.ir/arch/$repo/os/$arch ## Ireland #Server = http://ftp.heanet.ie/mirrors/ftp.archlinux.org/$repo/os/$arch ## Israel #Server = http://mirror.isoc.org.il/pub/archlinux/$repo/os/$arch ## Italy #Server = http://archlinux.openlabto.org/archlinux/$repo/os/$arch #Server = http://archlinux.beccacervello.it/archlinux/$repo/os/$arch #Server = http://mirrors.prometeus.net/archlinux/$repo/os/$arch ## Japan #Server = http://ftp.tsukuba.wide.ad.jp/Linux/archlinux/$repo/os/$arch #Server = http://ftp.jaist.ac.jp/pub/Linux/ArchLinux/$repo/os/$arch ## Kazakhstan #Server = http://mirror.neolabs.kz/archlinux/$repo/os/$arch ## Latvia #Server = http://archlinux.koyanet.lv/archlinux/$repo/os/$arch ## Lithuania #Server = http://archlinux.akmc.lt/$repo/os/$arch #Server = http://atviras.lt/veidrodziai/archlinux/$repo/os/$arch ## Luxembourg #Server = http://archlinux.mirror.root.lu/$repo/os/$arch ## Macedonia #Server = http://arch.softver.org.mk/archlinux/$repo/os/$arch #Server = http://mirror.t-home.mk/archlinux/$repo/os/$arch ## Netherlands #Server = http://arch.apt-get.eu/$repo/os/$arch #Server = http://mirror.i3d.net/pub/archlinux/$repo/os/$arch #Server = https://mirror.i3d.net/pub/archlinux/$repo/os/$arch #Server = http://mirror.nl.leaseweb.net/archlinux/$repo/os/$arch #Server = http://ftp.nluug.nl/os/Linux/distr/archlinux/$repo/os/$arch #Server = http://ftp.snt.utwente.nl/pub/os/linux/archlinux/$repo/os/$arch ## New Caledonia #Server = http://mirror.lagoon.nc/pub/archlinux/$repo/os/$arch #Server = http://archlinux.nautile.nc/archlinux/$repo/os/$arch ## New Zealand #Server = http://mirror.xnet.co.nz/pub/archlinux/$repo/os/$arch ## Norway #Server = http://mirror.archlinux.no/$repo/os/$arch #Server = http://archlinux.uib.no/$repo/os/$arch #Server = http://archlinux.neuf.no/$repo/os/$arch ## Philippines #Server = http://mirror.pregi.net/pub/Linux/archlinux/$repo/os/$arch ## Poland #Server = http://mirror.chmuri.net/archmirror/$repo/os/$arch #Server = http://arch.midov.pl/arch/$repo/os/$arch #Server = http://piotrkosoft.net/pub/mirrors/ftp.archlinux.org/$repo/os/$arch #Server = http://ftp.vectranet.pl/archlinux/$repo/os/$arch ## Portugal #Server = http://archlinux.dcc.fc.up.pt/$repo/os/$arch #Server = http://ftp.rnl.tecnico.ulisboa.pt/pub/archlinux/$repo/os/$arch ## Romania #Server = http://mirror.archlinux.ro/archlinux/$repo/os/$arch #Server = http://archlinux.mirrors.linux.ro/$repo/os/$arch ## Russia #Server = http://mirror.rol.ru/archlinux/$repo/os/$arch #Server = http://mirror.yandex.ru/archlinux/$repo/os/$arch ## Serbia #Server = http://mirror.pmf.kg.ac.rs/archlinux/$repo/os/$arch ## Singapore #Server = http://download.nus.edu.sg/mirror/arch/$repo/os/$arch #Server = http://mirror.nus.edu.sg/archlinux/$repo/os/$arch ## Slovakia #Server = http://mirror.lnx.sk/pub/linux/archlinux/$repo/os/$arch #Server = http://tux.rainside.sk/archlinux/$repo/os/$arch ## South Africa #Server = http://ftp.wa.co.za/pub/archlinux/$repo/os/$arch ## South Korea #Server = http://ftp.kaist.ac.kr/ArchLinux/$repo/os/$arch #Server = http://mirror.premi.st/archlinux/$repo/os/$arch ## Spain #Server = http://osl.ugr.es/archlinux/$repo/os/$arch #Server = http://sunsite.rediris.es/mirror/archlinux/$repo/os/$arch ## Sweden #Server = http://ftp.df.lth.se/pub/archlinux/$repo/os/$arch #Server = http://ftp.lysator.liu.se/pub/archlinux/$repo/os/$arch #Server = https://ftp.lysator.liu.se/pub/archlinux/$repo/os/$arch #Server = http://ftp.myrveln.se/pub/linux/archlinux/$repo/os/$arch #Server = http://ftp.portlane.com/pub/os/linux/archlinux/$repo/os/$arch ## Switzerland #Server = http://archlinux.puzzle.ch/$repo/os/$arch ## Taiwan #Server = http://archlinux.cs.nctu.edu.tw/$repo/os/$arch #Server = http://shadow.ind.ntou.edu.tw/archlinux/$repo/os/$arch #Server = http://ftp.tku.edu.tw/Linux/ArchLinux/$repo/os/$arch #Server = http://ftp.yzu.edu.tw/Linux/archlinux/$repo/os/$arch ## Turkey #Server = http://ftp.linux.org.tr/archlinux/$repo/os/$arch ## Ukraine #Server = http://mirrors.nix.org.ua/linux/archlinux/$repo/os/$arch ## United Kingdom #Server = http://mirror.bytemark.co.uk/archlinux/$repo/os/$arch #Server = http://mirror.cinosure.com/archlinux/$repo/os/$arch #Server = http://mirrors.manchester.m247.com/arch-linux/$repo/os/$arch #Server = http://www.mirrorservice.org/sites/ftp.archlinux.org/$repo/os/$arch #Server = http://arch.serverspace.co.uk/arch/$repo/os/$arch #Server = http://archlinux.mirrors.uk2.net/$repo/os/$arch ## United States #Server = http://mirrors.abscission.net/archlinux/$repo/os/$arch #Server = http://mirrors.acm.wpi.edu/archlinux/$repo/os/$arch #Server = http://mirrors.advancedhosters.com/archlinux/$repo/os/$arch #Server = http://mirrors.aggregate.org/archlinux/$repo/os/$arch #Server = http://archlinux.surlyjake.com/archlinux/$repo/os/$arch #Server = http://mirrors.cat.pdx.edu/archlinux/$repo/os/$arch #Server = http://mirror.cc.columbia.edu/pub/linux/archlinux/$repo/os/$arch #Server = http://mirrors.cdndepo.com/archlinux/$repo/os/$arch #Server = https://mirrors.cdndepo.com/archlinux/$repo/os/$arch #Server = http://mirrors.cecsresearch.org/archlinux/$repo/os/$arch #Server = http://cosmos.cites.illinois.edu/pub/archlinux/$repo/os/$arch #Server = http://mirror.cs.pitt.edu/archlinux/$repo/os/$arch #Server = http://mirror.es.its.nyu.edu/archlinux/$repo/os/$arch #Server = http://mirrors.gigenet.com/archlinux/$repo/os/$arch #Server = http://mirror.grig.io/archlinux/$repo/os/$arch #Server = http://www.gtlib.gatech.edu/pub/archlinux/$repo/os/$arch #Server = http://mirror.ancl.hawaii.edu/linux/archlinux/$repo/os/$arch #Server = http://mirror.jmu.edu/pub/archlinux/$repo/os/$arch #Server = http://mirrors.kernel.org/archlinux/$repo/os/$arch #Server = https://mirrors.kernel.org/archlinux/$repo/os/$arch #Server = http://mirror.us.leaseweb.net/archlinux/$repo/os/$arch #Server = http://mirrors.liquidweb.com/archlinux/$repo/os/$arch #Server = http://arch.localmsp.org/arch/$repo/os/$arch #Server = https://arch.localmsp.org/arch/$repo/os/$arch #Server = http://lug.mtu.edu/archlinux/$repo/os/$arch #Server = http://mirror.metrocast.net/archlinux/$repo/os/$arch #Server = http://mirror.nexcess.net/archlinux/$repo/os/$arch #Server = http://ftp.osuosl.org/pub/archlinux/$repo/os/$arch #Server = http://archlinux.pallissard.net/archlinux/$repo/os/$arch #Server = http://mirror.rit.edu/archlinux/$repo/os/$arch #Server = http://mirrors.rutgers.edu/archlinux/$repo/os/$arch #Server = http://mirror.umd.edu/archlinux/$repo/os/$arch #Server = http://mirror.vtti.vt.edu/archlinux/$repo/os/$arch #Server = http://mirrors.xmission.com/archlinux/$repo/os/$arch #Server = http://mirror.yellowfiber.net/archlinux/$repo/os/$arch ## Vietnam #Server = http://f.archlinuxvn.org/archlinux/$repo/os/$arch #Server = http://mirror-fpt-telecom.fpt.net/archlinux/$repo/os/$arch cdist/cdist/conf/type/__pacman_conf_integrate/files/options000066400000000000000000000002021427155744700245360ustar00rootroot00000000000000[options] HoldPkg = pacman glibc Architecture = auto CheckSpace SigLevel = Required DatabaseOptional LocalFileSigLevel = Optional cdist/cdist/conf/type/__pacman_conf_integrate/files/pacman.conf.cdist000066400000000000000000000002101427155744700263320ustar00rootroot00000000000000# # cdist managed - do not change # Include = /etc/pacman.d/options Include = /etc/pacman.d/repo_* Include = /etc/pacman.d/plain_file_* cdist/cdist/conf/type/__pacman_conf_integrate/files/pacman.conf.pacman000066400000000000000000000054561427155744700265040ustar00rootroot00000000000000# # /etc/pacman.conf # # See the pacman.conf(5) manpage for option and repository directives # # GENERAL OPTIONS # [options] # The following paths are commented out with their default values listed. # If you wish to use different paths, uncomment and update the paths. #RootDir = / #DBPath = /var/lib/pacman/ #CacheDir = /var/cache/pacman/pkg/ #LogFile = /var/log/pacman.log #GPGDir = /etc/pacman.d/gnupg/ HoldPkg = pacman glibc #XferCommand = /usr/bin/curl -C - -f %u > %o #XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u #CleanMethod = KeepInstalled #UseDelta = 0.7 Architecture = auto # Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup #IgnorePkg = #IgnoreGroup = #NoUpgrade = #NoExtract = # Misc options #UseSyslog #Color #TotalDownload CheckSpace #VerbosePkgLists # By default, pacman accepts packages signed by keys that its local keyring # trusts (see pacman-key and its man page), as well as unsigned packages. SigLevel = Required DatabaseOptional LocalFileSigLevel = Optional #RemoteFileSigLevel = Required # NOTE: You must run `pacman-key --init` before first using pacman; the local # keyring can then be populated with the keys of all official Arch Linux # packagers with `pacman-key --populate archlinux`. # # REPOSITORIES # - can be defined here or included from another file # - pacman will search repositories in the order defined here # - local/custom mirrors can be added here or in separate files # - repositories listed first will take precedence when packages # have identical names, regardless of version number # - URLs will have $repo replaced by the name of the current repo # - URLs will have $arch replaced by the name of the architecture # # Repository entries are of the format: # [repo-name] # Server = ServerName # Include = IncludePath # # The header [repo-name] is crucial - it must be present and # uncommented to enable the repo. # # The testing repositories are disabled by default. To enable, uncomment the # repo name header and Include lines. You can add preferred servers immediately # after the header, and they will be used before the default mirrors. #[testing] #Include = /etc/pacman.d/mirrorlist [core] Include = /etc/pacman.d/mirrorlist [extra] Include = /etc/pacman.d/mirrorlist #[community-testing] #Include = /etc/pacman.d/mirrorlist [community] Include = /etc/pacman.d/mirrorlist # If you want to run 32 bit applications on your x86_64 system, # enable the multilib repositories as required here. #[multilib-testing] #Include = /etc/pacman.d/mirrorlist #[multilib] #Include = /etc/pacman.d/mirrorlist # An example of a custom package repository. See the pacman manpage for # tips on creating your own repositories. #[custom] #SigLevel = Optional TrustAll #Server = file:///home/custompkgs cdist/cdist/conf/type/__pacman_conf_integrate/man.rst000066400000000000000000000017671427155744700233440ustar00rootroot00000000000000cdist-type__pacman_conf_integrate(7) ==================================== NAME ---- cdist-type__pacman_conf_integrate - Integrate default pacman.conf to cdist conform and vice versa DESCRIPTION ----------- The type allows you to convert the default pacman.conf to a cdist conform one and vice versa REQUIRED PARAMETERS ------------------- None. OPTIONAL PARAMETERS ------------------- state 'present' or 'absent', defaults to 'present' EXAMPLES -------- .. code-block:: sh # Convert normal to cdist conform __pacman_conf_integrate convert # Convert cdist conform to normal __pacman_conf_integrate convert --state absent SEE ALSO -------- :strong:`grep`\ (1) AUTHORS ------- Dominique Roux COPYING ------- Copyright \(C) 2015 Dominique Roux. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__pacman_conf_integrate/manifest000077500000000000000000000033571427155744700235700ustar00rootroot00000000000000#!/bin/sh -e # # 2015 Dominique Roux (dominique.roux4 at gmail.com # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # state=$(cat "$__object/parameter/state" 2>/dev/null) if [ "${state}" = "present" ]; then __file /etc/pacman.conf\ --owner root --group root --mode 644 --source "$__type/files/pacman.conf.cdist" __file /etc/pacman.d/options\ --owner root --group root --mode 644 --source "$__type/files/options" __file /etc/pacman.d/repo_empty_placeholder\ --owner root --group root --mode 644 __file /etc/pacman.d/plain_file_empty_placeholder\ --owner root --group root --mode 644 elif [ "${state}" = "absent" ]; then __file /etc/pacman.conf\ --owner root --group root --mode 644 --source "$__type/files/pacman.conf.pacman" __file /etc/pacman.d/mirrorlist\ --owner root --group root --mode 644 --source "$__type/files/mirrorlist" __file /etc/pacman.d/options\ --state absent __file /etc/pacman.d/repo_empty_placeholder\ --state absent __file /etc/pacman.d/plain_file_empty_placeholder\ --state absent else echo "ERROR: Unknown state: ${state}" >&2 fi cdist/cdist/conf/type/__pacman_conf_integrate/parameter/000077500000000000000000000000001427155744700240045ustar00rootroot00000000000000cdist/cdist/conf/type/__pacman_conf_integrate/parameter/default/000077500000000000000000000000001427155744700254305ustar00rootroot00000000000000cdist/cdist/conf/type/__pacman_conf_integrate/parameter/default/state000066400000000000000000000000101427155744700264620ustar00rootroot00000000000000present cdist/cdist/conf/type/__pacman_conf_integrate/parameter/optional000066400000000000000000000000061427155744700255500ustar00rootroot00000000000000state cdist/cdist/conf/type/__pf_apply_anchor/000077500000000000000000000000001427155744700206625ustar00rootroot00000000000000cdist/cdist/conf/type/__pf_apply_anchor/gencode-remote000077500000000000000000000020021427155744700234770ustar00rootroot00000000000000#!/bin/sh -e # # 2016 Kamila SouÄková (coding at kamila.is) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Apply pf(4) ruleset on *BSD # ANCHORS_DIR="/etc/pf.d" if [ -f "${__object}/parameter/anchor_name" ]; then anchor_name="$(cat "${__object}/parameter/anchor_name")" else anchor_name="${__object_id}" fi anchor_file="${ANCHORS_DIR}/${anchor_name}" echo "pfctl -a \"${anchor_name}\" -f \"${anchor_file}\"" cdist/cdist/conf/type/__pf_apply_anchor/man.rst000066400000000000000000000027301427155744700221710ustar00rootroot00000000000000cdist-type__pf_apply_anchor(7) ============================== NAME ---- cdist-type__pf_apply_anchor - Apply a pf(4) anchor on $__target_host DESCRIPTION ----------- This type is used on \*BSD systems to manage anchors for the pf firewall. Notice this type does not take care of copying the ruleset, that must be done by the user with, e.g. `__file`. OPTIONAL PARAMETERS ------------------- anchor_name The name of the anchor to apply. If not set, `${__object_id}` is used. This type requires `/etc/pf.d/${anchor_name}` to exist on `$__target_host`. EXAMPLES -------- .. code-block:: sh # Copy anchor file to ${__target_host} __file "/etc/pf.d/80_dns" --source - < Kamila SouÄková Jake Guffey COPYING ------- Copyright \(C) 2020 Evilham. Copyright \(C) 2016 Kamila SouÄková. Copyright \(C) 2012 Jake Guffey. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__pf_apply_anchor/parameter/000077500000000000000000000000001427155744700226425ustar00rootroot00000000000000cdist/cdist/conf/type/__pf_apply_anchor/parameter/optional000066400000000000000000000000141427155744700244050ustar00rootroot00000000000000anchor_name cdist/cdist/conf/type/__pf_ruleset/000077500000000000000000000000001427155744700176665ustar00rootroot00000000000000cdist/cdist/conf/type/__pf_ruleset/explorer/000077500000000000000000000000001427155744700215265ustar00rootroot00000000000000cdist/cdist/conf/type/__pf_ruleset/explorer/rcvar000077500000000000000000000017631427155744700226000ustar00rootroot00000000000000#!/bin/sh # # 2012 Jake Guffey (jake.guffey at eprotex.com) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Get the location of the pf ruleset on the target host. # # Debug #exec >&2 #set -x # Check /etc/rc.conf for pf's configuration file name. Default to /etc/pf.conf RC="/etc/rc.conf" PFCONF="$(grep '^pf_rules=' ${RC} | cut -d= -f2 | sed 's/"//g')" echo "${PFCONF:-"/etc/pf.conf"}" # Debug #set +x cdist/cdist/conf/type/__pf_ruleset/man.rst000066400000000000000000000024221427155744700211730ustar00rootroot00000000000000cdist-type__pf_ruleset(7) ========================= NAME ---- cdist-type__pf_ruleset - Copy a pf(4) ruleset to $__target_host DESCRIPTION ----------- This type is used on \*BSD systems to manage the pf firewall's ruleset. It will also enable and disable the pf firewall as requested in the `state` parameter. REQUIRED PARAMETERS ------------------- state Either "absent" (no ruleset at all) or "present", defaults to "present". OPTIONAL PARAMETERS ------------------- source Required when state is "present". Defines the ruleset to load onto the $__target_host for `pf(4)`. EXAMPLES -------- .. code-block:: sh # Remove the current ruleset in place and disable pf __pf_ruleset --state absent # Enable pf with the ruleset defined in $__manifest/files/pf.conf __pf_ruleset --state present --source $__manifest/files/pf.conf SEE ALSO -------- :strong:`pf`\ (4) AUTHORS ------- Kamila SouÄková Jake Guffey COPYING ------- Copyright \(C) 2016 Kamila SouÄková. Copyright \(C) 2012 Jake Guffey. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__pf_ruleset/manifest000077500000000000000000000025131427155744700214230ustar00rootroot00000000000000#!/bin/sh -e # # 2016 Kamila SouÄková (coding at kamila.is) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Manage pf(4) on *BSD # rcvar="$(cat "${__object}/explorer/rcvar")" state="$(cat "${__object}/parameter/state")" if [ -f "${__object}/parameter/source" ]; then source="$(cat "${__object}/parameter/source")" fi if [ "${state}" = "absent" ]; then action="/etc/rc.d/pf stop" else action="/etc/rc.d/pf reload || /etc/rc.d/pf start" fi __key_value __pf_ruleset/rcvar \ --state "${state}" \ --file /etc/rc.conf \ --delimiter "=" \ --key "pf_enable" \ --value "YES" require="__key_value/__pf_ruleset/rcvar" __config_file "${rcvar}" \ --source "${source}" \ --state "${state}" \ --onchange "${action}" cdist/cdist/conf/type/__pf_ruleset/parameter/000077500000000000000000000000001427155744700216465ustar00rootroot00000000000000cdist/cdist/conf/type/__pf_ruleset/parameter/default/000077500000000000000000000000001427155744700232725ustar00rootroot00000000000000cdist/cdist/conf/type/__pf_ruleset/parameter/default/state000066400000000000000000000000101427155744700243240ustar00rootroot00000000000000present cdist/cdist/conf/type/__pf_ruleset/parameter/optional000066400000000000000000000000151427155744700234120ustar00rootroot00000000000000source state cdist/cdist/conf/type/__pf_ruleset/singleton000066400000000000000000000000001427155744700216010ustar00rootroot00000000000000cdist/cdist/conf/type/__ping/000077500000000000000000000000001427155744700164535ustar00rootroot00000000000000cdist/cdist/conf/type/__ping/gencode-remote000066400000000000000000000002271427155744700212740ustar00rootroot00000000000000#!/bin/sh -e # # Copyright (C) 2018 Olliver Schinagl # # SPDX-License-Identifier: GPL-3.0+ # set -eu echo "echo 'pong'" exit 0 cdist/cdist/conf/type/__ping/man.rst000066400000000000000000000013451427155744700177630ustar00rootroot00000000000000cdist-type__ping(7) ================================== NAME ---- cdist-type__ping - Try to connect to host and return 'pong' on success DESCRIPTION ----------- A simple type which tries to connect to a remote host and runs a simple command to ensure everything is working. REQUIRED PARAMETERS ------------------- None. OPTIONAL PARAMETERS ------------------- None. EXAMPLES -------- .. code-block:: sh __ping AUTHORS ------- Olliver Schinagl COPYING ------- Copyright \(C) 2018 Schinagl. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__ping/singleton000066400000000000000000000000001427155744700203660ustar00rootroot00000000000000cdist/cdist/conf/type/__postfix/000077500000000000000000000000001427155744700172125ustar00rootroot00000000000000cdist/cdist/conf/type/__postfix/man.rst000066400000000000000000000012011427155744700205110ustar00rootroot00000000000000cdist-type__postfix(7) ====================== NAME ---- cdist-type__postfix - Install postfix DESCRIPTION ----------- This space intentionally left blank. REQUIRED PARAMETERS ------------------- None. OPTIONAL PARAMETERS ------------------- None. EXAMPLES -------- .. code-block:: sh __postfix AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2012 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__postfix/manifest000077500000000000000000000014561427155744700207540ustar00rootroot00000000000000#!/bin/sh -e # # 2012-2014 Steven Armstrong (steven-cdist at armstrong.cc) # 2019 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # __package postfix --state present cdist/cdist/conf/type/__postfix/singleton000066400000000000000000000000001427155744700211250ustar00rootroot00000000000000cdist/cdist/conf/type/__postfix_master/000077500000000000000000000000001427155744700205655ustar00rootroot00000000000000cdist/cdist/conf/type/__postfix_master/explorer/000077500000000000000000000000001427155744700224255ustar00rootroot00000000000000cdist/cdist/conf/type/__postfix_master/explorer/entry000077500000000000000000000022021427155744700235100ustar00rootroot00000000000000#!/bin/sh # # 2011 - 2012 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # config="/etc/postfix/master.cf" # no master.cf, nothing we could do [ -f "$config" ] || exit 0 # NOTE: keep variables in sync in manifest,explorer,gencode-* prefix="#cdist:$__object_name" suffix="#/cdist:$__object_name" awk -v prefix="$prefix" -v suffix="$suffix" '{ if (index($0,prefix)) { triggered=1 } if (triggered) { if (index($0,suffix)) { triggered=0 } print } }' "$config" cdist/cdist/conf/type/__postfix_master/gencode-remote000077500000000000000000000036221427155744700234130ustar00rootroot00000000000000#!/bin/sh -e # # 2012 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # config="/etc/postfix/master.cf" entry="$__object/files/entry" state_should="$(cat "$__object/parameter/state")" if [ ! -s "$__object/explorer/entry" ]; then state_is='absent' else state_is=$(diff -q "$entry" "$__object/explorer/entry" >/dev/null \ && echo present \ || echo changed ) fi if [ "$state_should" = "$state_is" ]; then # Nothing to do, move along exit 0 fi remove_entry() { # NOTE: keep variables in sync in manifest/explorer/gencode-* prefix="#cdist:$__object_name" suffix="#/cdist:$__object_name" cat << DONE tmpfile=\$(mktemp ${config}.cdist.XXXXXXXXXX) # preserve ownership and permissions of existing file cp -p "$config" "\$tmpfile" awk -v prefix="$prefix" -v suffix="$suffix" ' { if (index(\$0,prefix)) { triggered=1 } if (triggered) { if (index(\$0,suffix)) { triggered=0 } } else { print } }' "$config" > "\$tmpfile" mv -f "\$tmpfile" "$config" DONE } case "$state_should" in present) if [ "$state_is" = "changed" ]; then remove_entry fi cat << DONE cat >> "$config" << "${__type##*/}_DONE" $(cat "$entry") ${__type##*/}_DONE DONE ;; absent) remove_entry ;; esac cdist/cdist/conf/type/__postfix_master/man.rst000066400000000000000000000027271427155744700221020ustar00rootroot00000000000000cdist-type__postfix_master(7) ============================= NAME ---- cdist-type__postfix_master - Configure postfix master.cf DESCRIPTION ----------- See master(5) for more information. REQUIRED PARAMETERS ------------------- type See master(5) command See master(5) BOOLEAN PARAMETERS ------------------ noreload don't reload postfix after changes OPTIONAL PARAMETERS ------------------- state present or absent, defaults to present service private unpriv chroot wakeup maxproc option Pass an option to a service. Same as using -o in master.cf. Can be specified multiple times. comment a textual comment to add with the master.cf entry EXAMPLES -------- .. code-block:: sh __postfix_master smtp --type inet --command smtpd __postfix_master smtp --type inet --chroot y --command smtpd \ --option smtpd_enforce_tls=yes \ --option smtpd_sasl_auth_enable=yes \ --option smtpd_client_restrictions=permit_sasl_authenticated,reject __postfix_master submission --type inet --command smtpd \ --comment "Run alternative smtp on submission port" SEE ALSO -------- :strong:`master`\ (5) AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2012 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__postfix_master/manifest000077500000000000000000000045451427155744700223310ustar00rootroot00000000000000#!/bin/sh -e # # 2012-2014 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # os=$(cat "$__global/explorer/os") case "$os" in ubuntu|debian|archlinux|scientific|centos|devuan) : ;; *) echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2 echo "Please contribute an implementation for it if you can." >&2 exit 1 ;; esac __postfix # Default to object_id service="$(cat "$__object/parameter/service" 2>/dev/null || echo "$__object_id")" # NOTE: keep variables in sync in manifest,explorer,gencode-* prefix="#cdist:$__object_name" suffix="#/cdist:$__object_name" # Generate entry for inclusion in master.cf mkdir "$__object/files" entry="$__object/files/entry" ( echo "$prefix" if [ -f "$__object/parameter/comment" ]; then echo "# $(cat "$__object/parameter/comment")" fi printf "%s " "$service" for parameter in type private unpriv chroot wakeup maxproc; do printf "%s " "$(cat "$__object/parameter/$parameter")" done command="$(cat "$__object/parameter/command")" # ensure we have a trailing newline echo "$command" options="$(cat "$__object/parameter/option" 2>/dev/null || true)" for option in $options; do echo " -o $option" done echo "$suffix" ) > "$entry" # Reload postfix after changes if [ ! -f "$__object/parameter/noreload" ]; then state_should="$(cat "$__object/parameter/state")" if [ ! -s "$__object/explorer/entry" ]; then state_is='absent' else state_is=$(diff -q "$entry" "$__object/explorer/entry" >/dev/null \ && echo present \ || echo changed ) fi if [ "$state_is" != "$state_should" ]; then require="$__object_name" __postfix_reload fi fi cdist/cdist/conf/type/__postfix_master/parameter/000077500000000000000000000000001427155744700225455ustar00rootroot00000000000000cdist/cdist/conf/type/__postfix_master/parameter/boolean000066400000000000000000000000111427155744700240770ustar00rootroot00000000000000noreload cdist/cdist/conf/type/__postfix_master/parameter/default/000077500000000000000000000000001427155744700241715ustar00rootroot00000000000000cdist/cdist/conf/type/__postfix_master/parameter/default/chroot000066400000000000000000000000021427155744700254020ustar00rootroot00000000000000- cdist/cdist/conf/type/__postfix_master/parameter/default/maxproc000066400000000000000000000000021427155744700255550ustar00rootroot00000000000000- cdist/cdist/conf/type/__postfix_master/parameter/default/private000066400000000000000000000000021427155744700255560ustar00rootroot00000000000000- cdist/cdist/conf/type/__postfix_master/parameter/default/state000066400000000000000000000000101427155744700252230ustar00rootroot00000000000000present cdist/cdist/conf/type/__postfix_master/parameter/default/unpriv000066400000000000000000000000021427155744700254270ustar00rootroot00000000000000- cdist/cdist/conf/type/__postfix_master/parameter/default/wakeup000066400000000000000000000000021427155744700254000ustar00rootroot00000000000000- cdist/cdist/conf/type/__postfix_master/parameter/optional000066400000000000000000000000731427155744700243150ustar00rootroot00000000000000service private unpriv chroot wakeup maxproc comment state cdist/cdist/conf/type/__postfix_master/parameter/optional_multiple000066400000000000000000000000071427155744700262250ustar00rootroot00000000000000option cdist/cdist/conf/type/__postfix_master/parameter/required000066400000000000000000000000151427155744700243040ustar00rootroot00000000000000type command cdist/cdist/conf/type/__postfix_postconf/000077500000000000000000000000001427155744700211255ustar00rootroot00000000000000cdist/cdist/conf/type/__postfix_postconf/explorer/000077500000000000000000000000001427155744700227655ustar00rootroot00000000000000cdist/cdist/conf/type/__postfix_postconf/explorer/value000077500000000000000000000021621427155744700240300ustar00rootroot00000000000000#!/bin/sh # # 2012-2014 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # os=$("$__explorer/os") case "$os" in alpine|ubuntu|debian|archlinux|suse|scientific|centos|devuan) : ;; *) echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2 echo "Please contribute an implementation for it if you can." >&2 exit 1 ;; esac key="$(cat "$__object/parameter/key" 2>/dev/null || echo "$__object_id")" postconf -h "$key" cdist/cdist/conf/type/__postfix_postconf/gencode-remote000077500000000000000000000033441427155744700237540ustar00rootroot00000000000000#!/bin/sh -e # # 2012-2014 Steven Armstrong (steven-cdist at armstrong.cc) # 2019 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # os=$(cat "$__global/explorer/os") case "$os" in alpine|archlinux|centos|debian|devuan|suse|scientific|ubuntu) : ;; *) echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2 echo "Please contribute an implementation for it if you can." >&2 exit 1 ;; esac state_should="$(cat "$__object/parameter/state")" if [ ! -s "$__object/explorer/value" ]; then state_is='absent' else state_is=$(diff -q "$__object/parameter/value" "$__object/explorer/value" >/dev/null \ && echo present \ || echo changed ) fi if [ "$state_should" = "$state_is" ]; then # Nothing to do, move along exit 0 fi key="$(cat "$__object/parameter/key" 2>/dev/null || echo "$__object_id")" value="$(cat "$__object/parameter/value")" case "$state_should" in absent) # revert parameter to its default value echo "postconf -# $key" ;; present) echo "postconf -e '$key=$value'" ;; esac cdist/cdist/conf/type/__postfix_postconf/man.rst000066400000000000000000000020511427155744700224300ustar00rootroot00000000000000cdist-type__postfix_postconf(7) =============================== NAME ---- cdist-type__postfix_postconf - Configure postfix main.cf DESCRIPTION ----------- See postconf(5) for possible keys and values. Note that this type directly runs the postconf executable. It does not make changes to /etc/postfix/main.cf itself. REQUIRED PARAMETERS ------------------- value the value for the postfix parameter OPTIONAL PARAMETERS ------------------- key the name of the parameter. Defaults to __object_id EXAMPLES -------- .. code-block:: sh __postfix_postconf mydomain --value somedomain.com __postfix_postconf bind-to-special-ip --key smtp_bind_address --value 127.0.0.5 SEE ALSO -------- :strong:`postconf`\ (5) AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2012 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__postfix_postconf/manifest000077500000000000000000000013361427155744700226640ustar00rootroot00000000000000#!/bin/sh -e # # 2012-2014 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # __postfix cdist/cdist/conf/type/__postfix_postconf/parameter/000077500000000000000000000000001427155744700231055ustar00rootroot00000000000000cdist/cdist/conf/type/__postfix_postconf/parameter/default/000077500000000000000000000000001427155744700245315ustar00rootroot00000000000000cdist/cdist/conf/type/__postfix_postconf/parameter/default/state000066400000000000000000000000101427155744700255630ustar00rootroot00000000000000present cdist/cdist/conf/type/__postfix_postconf/parameter/optional000066400000000000000000000000121427155744700246460ustar00rootroot00000000000000key state cdist/cdist/conf/type/__postfix_postconf/parameter/required000066400000000000000000000000061427155744700246440ustar00rootroot00000000000000value cdist/cdist/conf/type/__postfix_postmap/000077500000000000000000000000001427155744700207555ustar00rootroot00000000000000cdist/cdist/conf/type/__postfix_postmap/gencode-remote000077500000000000000000000013541427155744700236030ustar00rootroot00000000000000#!/bin/sh -e # # 2012 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # echo "postmap /$__object_id" cdist/cdist/conf/type/__postfix_postmap/man.rst000066400000000000000000000013041427155744700222600ustar00rootroot00000000000000cdist-type__postfix_postmap(7) ============================== NAME ---- cdist-type__postfix_postmap - Run postmap on the given file DESCRIPTION ----------- This space intentionally left blank. REQUIRED PARAMETERS ------------------- None. OPTIONAL PARAMETERS ------------------- None. EXAMPLES -------- .. code-block:: sh __postfix_postmap /etc/postfix/generic AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2012 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__postfix_postmap/manifest000077500000000000000000000013361427155744700225140ustar00rootroot00000000000000#!/bin/sh -e # # 2012-2014 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # __postfix cdist/cdist/conf/type/__postfix_reload/000077500000000000000000000000001427155744700205405ustar00rootroot00000000000000cdist/cdist/conf/type/__postfix_reload/gencode-remote000077500000000000000000000020511427155744700233610ustar00rootroot00000000000000#!/bin/sh -e # # 2012-2014 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # os=$(cat "$__global/explorer/os") case "$os" in ubuntu|debian|archlinux|scientific|centos|devuan) echo "postfix reload" ;; *) echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2 echo "Please contribute an implementation for it if you can." >&2 exit 1 ;; esac cdist/cdist/conf/type/__postfix_reload/man.rst000066400000000000000000000012661427155744700220520ustar00rootroot00000000000000cdist-type__postfix_reload(7) ============================= NAME ---- cdist-type__postfix_reload - Tell postfix to reload its configuration DESCRIPTION ----------- This space intentionally left blank. REQUIRED PARAMETERS ------------------- None. OPTIONAL PARAMETERS ------------------- None. EXAMPLES -------- .. code-block:: sh __postfix_reload AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2012 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__postfix_reload/manifest000077500000000000000000000013361427155744700222770ustar00rootroot00000000000000#!/bin/sh -e # # 2012-2014 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # __postfix cdist/cdist/conf/type/__postfix_reload/singleton000066400000000000000000000000001427155744700224530ustar00rootroot00000000000000cdist/cdist/conf/type/__postgres_conf/000077500000000000000000000000001427155744700203715ustar00rootroot00000000000000cdist/cdist/conf/type/__postgres_conf/explorer/000077500000000000000000000000001427155744700222315ustar00rootroot00000000000000cdist/cdist/conf/type/__postgres_conf/explorer/postgres_user000066400000000000000000000030071427155744700250600ustar00rootroot00000000000000#!/bin/sh -e # -*- mode: sh; indent-tabs-mode: t -*- # # 2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # os=$("${__explorer:?}/os") case ${os} in (alpine) echo 'postgres' ;; (centos|rhel|scientific) echo 'postgres' ;; (debian|devuan|ubuntu) echo 'postgres' ;; (freebsd) test -x /usr/local/etc/rc.d/postgresql || { printf 'could not find postgresql rc script./n' >&2 exit 1 } pg_status=$(/usr/local/etc/rc.d/postgresql onestatus) || { printf 'postgresql daemon is not running.\n' >&2 exit 1 } pg_pid=$(printf '%s\n' "${pg_status}" \ | sed -n 's/^pg_ctl:.*(PID: *\([0-9]*\))$/\1/p') # PostgreSQL < 9.6: pgsql # PostgreSQL >= 9.6: postgres ps -o user -p "${pg_pid}" | sed -n '2p' ;; (netbsd) echo 'pgsql' ;; (openbsd) echo '_postgresql' ;; (suse) echo 'postgres' ;; (*) echo "Unsupported OS: ${os}" >&2 exit 1 ;; esac cdist/cdist/conf/type/__postgres_conf/explorer/state000066400000000000000000000126021427155744700232750ustar00rootroot00000000000000#!/bin/sh -e # -*- mode: sh; indent-tabs-mode: t -*- # # 2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # postgres_user=$("${__type_explorer:?}/postgres_user") conf_name=${__object_id:?} tolower() { printf '%s' "$*" | tr '[:upper:]' '[:lower:]'; } tobytes() { # NOTE: This function treats everything as base 2. # It is not compatible with SI units. awk 'BEGIN { FS = "\n" } /TB$/ { $0 = ($0 * 1024) "GB" } /GB$/ { $0 = ($0 * 1024) "MB" } /MB$/ { $0 = ($0 * 1024) "kB" } /kB$/ { $0 = ($0 * 1024) "B" } /B?$/ { sub(/ *B?$/, "") } ($0*1) == $0 # is number ' <<-EOF $1 EOF } tomillisecs() { awk 'BEGIN { FS = "\n" } /d$/ { $0 = ($0 * 24) "h" } /h$/ { $0 = ($0 * 60) "min" } /min$/ { $0 = ($0 * 60) "s" } /[^m]s$/ { $0 = ($0 * 1000) "ms" } /ms$/ { $0 *= 1 } ($0*1) == $0 # is number ' <<-EOF $1 EOF } tobool() { # prints either 'on' or 'off' case $(tolower "$1") in (t|true|y|yes|on|1) echo 'on' ;; (f|false|n|no|off|0) echo 'off' ;; (*) printf 'Inavlid bool value: %s\n' "$2" >&2 return 1 ;; esac return 0 } quote() { printf '%s\n' "$*" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/'/"; } psql_exec() { su - "${postgres_user}" -c "psql postgres -twAc $(quote "$*")" } psql_conf_source() { # NOTE: SHOW/SET are case-insentitive, so this command should also be. psql_exec "SELECT CASE WHEN source = 'default' OR setting = boot_val THEN 'default' ELSE source END FROM pg_settings WHERE lower(name) = lower('$1')" } psql_conf_cmp() ( IFS='|' read -r lower_name vartype setting unit <<-EOF $(psql_exec "SELECT lower(name), vartype, setting, unit FROM pg_settings WHERE lower(name) = lower('$1')") EOF should_value=$2 is_value=${setting} # The following case contains special cases for special settings. case ${lower_name} in (archive_command) if test "${setting}" = '(disabled)' then # DAFUQ PostgreSQL?! # PostgreSQL returns (disabled) if the feature is inactive. # We cannot compare the values unless it is enabled, first. return 0 fi ;; (archive_mode|backslash_quote|constraint_exclusion|force_parallel_mode|huge_pages|synchronous_commit) # Although only 'on', 'off' are documented, PostgreSQL accepts all # the "likely" variants of "on" and "off". case $(tolower "${should_value}") in (on|off|true|false|yes|no|1|0) should_value=$(tobool "${should_value}") ;; esac ;; esac case ${vartype} in (bool) test -z "${unit}" || { # please fix the explorer if this error occurs. printf 'units are not supported for vartype: %s\n' "${vartype}" >&2 exit 1 } should_value=$(tobool "${should_value}") test "${is_value}" = "${should_value}" ;; (enum) test -z "${unit}" || { # please fix the explorer if this error occurs. printf 'units are not supported with vartype: %s\n' "${vartype}" >&2 exit 1 } # NOTE: All enums that are currently defined are lower case, but # PostgreSQL also accepts upper case spelling. should_value=$(tolower "$2") test "${is_value}" = "${should_value}" ;; (integer) # split multiples from unit, first (e.g. 8kB -> 8, kB) case ${unit} in ([0-9]*) multiple=${unit%%[!0-9]*} unit=${unit##*[0-9 ]} ;; (*) multiple=1 ;; esac is_value=$((setting * multiple))${unit} if expr "${should_value}" : '-\{0,1\}[0-9]*$' >/dev/null then # default unit should_value=$((should_value * multiple))${unit} fi # then, do conversion # NOTE: these conversions work for integers only! case ${unit} in (B|[kMGT]B) # bytes is_bytes=$(tobytes "${is_value}") should_bytes=$(tobytes "${should_value}") test $((is_bytes)) -eq $((should_bytes)) ;; (ms|s|min|h|d) # seconds is_ms=$(tomillisecs "${is_value}") should_ms=$(tomillisecs "${should_value}") test $((is_ms)) -eq $((should_ms)) ;; ('') # no unit is_int=${is_value} should_int=${should_value} test $((is_int)) -eq $((should_int)) ;; esac ;; (real|string) # NOTE: reals could possibly have units, but currently there none. test -z "${unit}" || { # please fix the explorer if this error occurs. printf 'units are not supported with vartype: %s\n' "${vartype}" >&2 exit 1 } test "${is_value}" = "${should_value}" ;; esac ) psql_exec 'SELECT 1' >/dev/null || { echo 'Connection to PostgreSQL server failed' >&2 exit 1 } case $(psql_conf_source "${conf_name}") in ('') printf 'Invalid configuration parameter: %s\n' "${conf_name}" >&2 exit 1 ;; (default) echo absent ;; (*) if ! test -f "${__object:?}/parameter/value" then echo present elif psql_conf_cmp "${conf_name}" "$(cat "${__object:?}/parameter/value")" then echo present else echo different fi ;; esac cdist/cdist/conf/type/__postgres_conf/gencode-remote000077500000000000000000000060621427155744700232200ustar00rootroot00000000000000#!/bin/sh -e # -*- mode: sh; indent-tabs-mode: t -*- # # 2019-2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # 2020 Beni Ruef (bernhard.ruef at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # state_is=$(cat "${__object:?}/explorer/state") state_should=$(cat "${__object:?}/parameter/state") postgres_user=$(cat "${__object:?}/explorer/postgres_user") conf_name=${__object_id:?} if test "${state_is}" = "${state_should}" then exit 0 fi quote() { for _arg do shift if test -n "$(printf '%s' "${_arg}" | tr -d -c '\t\n \042-\047\050-\052\073-\077\133\\`|~' | tr -c '' '.')" then # needs quoting set -- "$@" "'$(printf '%s' "${_arg}" | sed -e "s/'/'\\\\''/g")'" else set -- "$@" "${_arg}" fi done unset _arg # NOTE: Use printf because POSIX echo interprets escape sequences printf '%s' "$*" } psql_cmd() { printf 'su - %s -c %s\n' "$(quote "${postgres_user}")" "$(quote "$(quote psql "$@")")" } case ${state_should} in (present) test -n "${__object:?}/parameter/value" || { echo 'Missing required parameter --value' >&2 exit 1 } cat <<-EOF exec 3< "\${__object:?}/parameter/value" $(psql_cmd postgres -tAwq -o /dev/null -v ON_ERROR_STOP=on) <<'SQL' \\set conf_value \`cat <&3\` ALTER SYSTEM SET ${conf_name} = :'conf_value'; SELECT pg_reload_conf(); SQL exec 3<&- EOF ;; (absent) psql_cmd postgres -qwc "ALTER SYSTEM SET ${conf_name} TO DEFAULT" ;; (*) printf 'Invalid --state: %s\n' "${state_should}" >&2 printf 'Only "present" and "absent" are acceptable.\n' >&2 exit 1 ;; esac # Restart PostgreSQL server if required to apply new configuration value cat <&2 exit 1 esac ;; (*) printf "Don't know how to restart services with your init (%s)\n" "${init}" >&2 exit 1 esac ) fi EOF cdist/cdist/conf/type/__postgres_conf/man.rst000066400000000000000000000021741427155744700217020ustar00rootroot00000000000000cdist-type__postgres_conf(7) ============================ NAME ---- cdist-type__postgres_conf - Alter PostgreSQL configuration DESCRIPTION ----------- Configure a running PostgreSQL server using ``ALTER SYSTEM``. REQUIRED PARAMETERS ------------------- value The value to set (can be omitted if ``--state`` is set to ``absent``). OPTIONAL PARAMETERS ------------------- state ``present`` or ``absent``. Defaults to ``present``. BOOLEAN PARAMETERS ------------------ None. EXAMPLES -------- .. code-block:: sh # set timezone __postgres_conf timezone --value Europe/Zurich # reset maximum number of concurrent connections to default (normally 100) __postgres_conf max_connections --state absent SEE ALSO -------- None. AUTHORS ------- Beni Ruef (bernhard.ruef--@--ssrq-sds-fds.ch) Dennis Camera (dennis.camera--@--ssrq-sds-fds.ch) COPYING ------- Copyright \(C) 2019-2021 SSRQ (www.ssrq-sds-fds.ch). You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__postgres_conf/parameter/000077500000000000000000000000001427155744700223515ustar00rootroot00000000000000cdist/cdist/conf/type/__postgres_conf/parameter/default/000077500000000000000000000000001427155744700237755ustar00rootroot00000000000000cdist/cdist/conf/type/__postgres_conf/parameter/default/state000066400000000000000000000000101427155744700250270ustar00rootroot00000000000000present cdist/cdist/conf/type/__postgres_conf/parameter/optional000066400000000000000000000000141427155744700241140ustar00rootroot00000000000000state value cdist/cdist/conf/type/__postgres_database/000077500000000000000000000000001427155744700212105ustar00rootroot00000000000000cdist/cdist/conf/type/__postgres_database/explorer/000077500000000000000000000000001427155744700230505ustar00rootroot00000000000000cdist/cdist/conf/type/__postgres_database/explorer/postgres_user000077700000000000000000000000001427155744700361602../../__postgres_conf/explorer/postgres_userustar00rootroot00000000000000cdist/cdist/conf/type/__postgres_database/explorer/state000077500000000000000000000021561427155744700241220ustar00rootroot00000000000000#!/bin/sh # # 2011 Steven Armstrong (steven-cdist at armstrong.cc) # 2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # postgres_user=$("${__type_explorer:?}/postgres_user") dbname=${__object_id:?} quote() { printf '%s\n' "$*" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/'/"; } psql_exec() { su - "${postgres_user}" -c "psql $(quote "$1") -twAc $(quote "$2")" } if psql_exec postgres "SELECT datname FROM pg_database" | grep -qFx "${dbname}" then echo 'present' else echo 'absent' fi cdist/cdist/conf/type/__postgres_database/gencode-remote000077500000000000000000000037021427155744700240350ustar00rootroot00000000000000#!/bin/sh -e # # 2011 Steven Armstrong (steven-cdist at armstrong.cc) # 2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # quote() { for _arg do shift if test -n "$(printf '%s' "${_arg}" | tr -d -c '\t\n \042-\047\050-\052\073-\077\133\\`|~' | tr -c '' '.')" then # needs quoting set -- "$@" "'$(printf '%s' "${_arg}" | sed -e "s/'/'\\\\''/g")'" else set -- "$@" "${_arg}" fi done unset _arg # NOTE: Use printf because POSIX echo interprets escape sequences printf '%s' "$*" } postgres_user=$(cat "${__object:?}/explorer/postgres_user") dbname=${__object_id:?} state_should=$(cat "${__object:?}/parameter/state") state_is=$(cat "${__object:?}/explorer/state") if test "${state_should}" = "$state_is" then exit 0 fi case ${state_should} in (present) set -- while read -r param_name opt do if test -f "${__object:?}/parameter/${param_name}" then set -- "$@" "${opt}" "$(cat "${__object:?}/parameter/${param_name}")" fi done <<-'EOF' owner -O template --template encoding --encoding lc_collate --lc-collate lc_ctype --lc-ctype EOF set -- "$@" "${dbname}" cat <<-EOF su - $(quote "${postgres_user}") -c $(quote "$(quote createdb "$@")") EOF ;; (absent) cat <<-EOF su - $(quote "${postgres_user}") -c $(quote "$(quote dropdb "${dbname}")") EOF ;; esac cdist/cdist/conf/type/__postgres_database/man.rst000066400000000000000000000022641427155744700225210ustar00rootroot00000000000000cdist-type__postgres_database(7) ================================ NAME ---- cdist-type__postgres_database - Create/drop postgres databases DESCRIPTION ----------- This cdist type allows you to create or drop postgres databases. OPTIONAL PARAMETERS ------------------- state Either 'present' or 'absent', defaults to 'present'. owner Specifies the database user who will own the new database. encoding Specifies the character encoding scheme to be used in this database. lc-collate Specifies the LC_COLLATE setting to be used in this database. lc-ctype Specifies the LC_CTYPE setting to be used in this database. template Specifies the template database from which to build this database. EXAMPLES -------- .. code-block:: sh __postgres_database mydbname --owner mydbusername SEE ALSO -------- :strong:`cdist-type__postgres_role`\ (7) AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2011 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__postgres_database/parameter/000077500000000000000000000000001427155744700231705ustar00rootroot00000000000000cdist/cdist/conf/type/__postgres_database/parameter/default/000077500000000000000000000000001427155744700246145ustar00rootroot00000000000000cdist/cdist/conf/type/__postgres_database/parameter/default/state000066400000000000000000000000101427155744700256460ustar00rootroot00000000000000present cdist/cdist/conf/type/__postgres_database/parameter/optional000066400000000000000000000000621427155744700247360ustar00rootroot00000000000000state owner encoding lc-collate lc-ctype template cdist/cdist/conf/type/__postgres_extension/000077500000000000000000000000001427155744700214605ustar00rootroot00000000000000cdist/cdist/conf/type/__postgres_extension/explorer/000077500000000000000000000000001427155744700233205ustar00rootroot00000000000000cdist/cdist/conf/type/__postgres_extension/explorer/postgres_user000077700000000000000000000000001427155744700364302../../__postgres_conf/explorer/postgres_userustar00rootroot00000000000000cdist/cdist/conf/type/__postgres_extension/explorer/state000066400000000000000000000023261427155744700243660ustar00rootroot00000000000000#!/bin/sh -e # -*- mode: sh; indent-tabs-mode: t -*- # # 2021 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # Prints "present" if the extension is currently installed. # "absent" otherwise. quote() { printf '%s\n' "$*" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/'/"; } postgres_user=$("${__type_explorer:?}/postgres_user") IFS=: read -r dbname extname <. # postgres_user=$(cat "${__object:?}/explorer/postgres_user") quote() { printf '%s\n' "$*" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/'/"; } psql_cmd() { printf 'su - %s -c %s\n' \ "$(quote "${postgres_user}")" \ "$(quote psql "$(quote "$1")" -c "$(quote "$2")")" } IFS=: read -r dbname extname <&2 exit 1 ;; esac cdist/cdist/conf/type/__postgres_extension/man.rst000066400000000000000000000035461427155744700227750ustar00rootroot00000000000000cdist-type__postgres_extension(7) ================================= NAME ---- cdist-type__postgres_extension - Manage PostgreSQL extensions DESCRIPTION ----------- This cdist type allows you to manage PostgreSQL extensions. The ``__object_id`` to pass to ``__postgres_extension`` is of the form ``dbname:extension``, e.g.: .. code-block:: sh rails_test:unaccent **CAUTION!** Be careful when installing extensions from (untrusted) third-party sources: | Installing an extension as superuser requires trusting that the extension's author wrote the extension installation script in a secure fashion. It is not terribly difficult for a malicious user to create trojan-horse objects that will compromise later execution of a carelessly-written extension script, allowing that user to acquire superuser privileges. | – ``_ OPTIONAL PARAMETERS ------------------- state either ``present`` or ``absent``, defaults to ``present``. EXAMPLES -------- .. code-block:: sh # Install extension unaccent into database rails_test __postgres_extension rails_test:unaccent # Drop extension unaccent from database fails_test __postgres_extension rails_test:unaccent --state absent SEE ALSO -------- - :strong:`cdist-type__postgres_database`\ (7) - PostgreSQL "CREATE EXTENSION" documentation at: ``_. AUTHORS ------- | Tomas Pospisek | Dennis Camera COPYING ------- Copyright \(C) 2014 Tomas Pospisek, 2021 Dennis Camera. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__postgres_extension/parameter/000077500000000000000000000000001427155744700234405ustar00rootroot00000000000000cdist/cdist/conf/type/__postgres_extension/parameter/default/000077500000000000000000000000001427155744700250645ustar00rootroot00000000000000cdist/cdist/conf/type/__postgres_extension/parameter/default/state000066400000000000000000000000101427155744700261160ustar00rootroot00000000000000present cdist/cdist/conf/type/__postgres_extension/parameter/optional000066400000000000000000000000061427155744700252040ustar00rootroot00000000000000state cdist/cdist/conf/type/__postgres_role/000077500000000000000000000000001427155744700204055ustar00rootroot00000000000000cdist/cdist/conf/type/__postgres_role/explorer/000077500000000000000000000000001427155744700222455ustar00rootroot00000000000000cdist/cdist/conf/type/__postgres_role/explorer/postgres_user000077700000000000000000000000001427155744700353552../../__postgres_conf/explorer/postgres_userustar00rootroot00000000000000cdist/cdist/conf/type/__postgres_role/explorer/state000077500000000000000000000075001427155744700233150ustar00rootroot00000000000000#!/bin/sh -e # # 2011 Steven Armstrong (steven-cdist at armstrong.cc) # 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # postgres_user=$("${__type_explorer:?}/postgres_user") rolename=${__object_id:?} psql_query() { su -l "${postgres_user}" -c "$( printf "psql -q -F '\034' -R '\036' -wAc '%s'" \ "$(printf %s "$*" | sed "s/'/'\\\\''/g")" )" } password_check_login() ( PGPASSWORD=$(cat "${__object:?}/parameter/password"; printf .) PGPASSWORD=${PGPASSWORD%?.} export PGPASSWORD psql -q -w -h localhost -U "${rolename}" template1 -c '\q' >/dev/null 2>&1 ) role_properties=$( psql_query "SELECT * FROM pg_roles WHERE rolname = '${rolename}'" \ | awk ' BEGIN { RS = "\036"; FS = "\034" } /^\([0-9]+ rows?\)/ { exit } NR == 1 { for (i = 1; i <= NF; i++) cols[i] = $i; next } NR == 2 { for (i = 1; i <= NF; i++) printf "%s=%s\n", cols[i], $i }' ) if test -n "${role_properties}" then # Check if the user's properties match the parameters for prop in login createdb createrole superuser do bool_should=$(test -f "${__object:?}/parameter/${prop}" && echo 't' || echo 'f') bool_is=$( printf '%s\n' "${role_properties}" | awk -F '=' -v key="${prop}" ' BEGIN { if (key == "login") key = "canlogin" else if (key == "superuser") key = "super" key = "rol" key } $1 == key { sub(/^[^=]*=/, "") print } ' ) test "${bool_is}" = "${bool_should}" || { state='different properties' } done # Check password passwd_stored=$( psql_query "SELECT rolpassword FROM pg_authid WHERE rolname = '${rolename}'" \ | awk 'BEGIN { RS = "\036" } NR == 2 { printf "%s.", $0 }') passwd_stored=${passwd_stored%.} if test -s "${__object:?}/parameter/password" then passwd_should=$(cat "${__object:?}/parameter/password"; printf .) fi passwd_should=${passwd_should%?.} if test -z "${passwd_stored}" then test -z "${passwd_should}" || state="${state:-different} password" elif expr "${passwd_stored}" : 'SCRAM-SHA-256\$.*$' >/dev/null then # SCRAM-SHA-256 "encrypted" password # NOTE: There is currently no easy way to check SCRAM passwords without # logging in password_check_login || state="${state:-different} password" elif expr "${passwd_stored}" : 'md5[0-9a-f]\{32\}$' >/dev/null then # MD5 "encrypted" password if command -v md5sum >/dev/null 2>&1 then should_md5=$( printf '%s%s' "${passwd_should}" "${rolename}" \ | md5sum - | sed -e 's/[^0-9a-f]*$//') elif command -v gmd5sum >/dev/null 2>&1 then should_md5=$( printf '%s%s' "${passwd_should}" "${rolename}" \ | gmd5sum - | sed -e 's/[^0-9a-f]*$//') elif command -v openssl >/dev/null 2>&1 then should_md5=$( printf '%s%s' "${passwd_should}" "${rolename}" \ | openssl dgst -md5 | sed 's/^.* //') fi if test -n "${should_md5}" then test "${passwd_stored}" = "md5${should_md5}" \ || state="${state:-different} password" else password_check_login || state="${state:-different} password" fi else # unencrypted password (unsupported since PostgreSQL 10) test "${passwd_stored}" = "${passwd_should}" \ || state="${state:-different} password" fi test -n "${state}" || state='present' else state='absent' fi echo "${state}" cdist/cdist/conf/type/__postgres_role/gencode-remote000077500000000000000000000055131427155744700232340ustar00rootroot00000000000000#!/bin/sh -e # # 2011 Steven Armstrong (steven-cdist at armstrong.cc) # 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # quote() { if test $# -gt 0 then printf '%s' "$*" else cat - fi | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/'/" } postgres_user=$(cat "${__object:?}/explorer/postgres_user") rolename=${__object_id:?} state_is=$(cat "${__object:?}/explorer/state") state_should=$(cat "${__object:?}/parameter/state") if test "${state_is}" = "${state_should}" then exit 0 fi psql_query() { printf 'su -l %s -c %s\n' \ "$(quote "${postgres_user}")" \ "$(quote "psql postgres -q -w -c $(quote "$1")")" } psql_set_password() { # NOTE: Always make sure that the password does not end up in psql_history! # NOTE: Never set an empty string as the password, because it can be # interpreted differently by different tooling. if test -s "${__object:?}/parameter/password" then cat <<-EOF exec 3< "\${__object:?}/parameter/password" su -l '${postgres_user}' -c 'psql -q -w postgres' <<'SQL' \set HISTFILE /dev/null \set pw \`cat <&3\` ALTER ROLE "${rolename}" WITH PASSWORD :'pw'; SQL exec 3<&- EOF else psql_query "ALTER ROLE \"${rolename}\" WITH PASSWORD NULL;" fi } role_properties_should() { _props= for _prop in login createdb createrole superuser do _props="${_props}${_props:+ }$( if test -f "${__object:?}/parameter/${_prop}" then echo "${_prop}" else echo "no${_prop}" fi \ | tr '[:lower:]' '[:upper:]')" done printf '%s\n' "${_props}" unset _prop _props } case ${state_should} in (present) case ${state_is} in (absent) psql_query "CREATE ROLE \"${rolename}\" WITH $(role_properties_should);" psql_set_password ;; (different*) if expr "${state_is}" : 'different.*properties' >/dev/null then psql_query "ALTER ROLE \"${rolename}\" WITH $(role_properties_should);" fi if expr "${state_is}" : 'different.*password' >/dev/null then psql_set_password fi ;; (*) printf 'Invalid state reported by state explorer: %s\n' "${state_is}" >&2 exit 1 ;; esac ;; (absent) printf 'su -l %s -c %s\n' \ "$(quote "${postgres_user}")" \ "$(quote "dropuser $(quote "${rolename}")")" ;; esac cdist/cdist/conf/type/__postgres_role/man.rst000066400000000000000000000024331427155744700217140ustar00rootroot00000000000000cdist-type__postgres_role(7) ============================ NAME ---- cdist-type__postgres_role - Manage postgres roles DESCRIPTION ----------- This cdist type allows you to create or drop postgres roles. OPTIONAL PARAMETERS ------------------- state Either "present" or "absent", defaults to "present" All other parameters map directly to the corresponding postgres createrole parameters. password BOOLEAN PARAMETERS ------------------ All parameter map directly to the corresponding postgres createrole parameters. login createdb createrole superuser inherit EXAMPLES -------- .. code-block:: sh __postgres_role myrole __postgres_role myrole --password 'secret' __postgres_role admin --password 'very-secret' --superuser __postgres_role dbcustomer --password 'bla' --createdb SEE ALSO -------- :strong:`cdist-type__postgres_database`\ (7) postgresql documentation at: . AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2011 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__postgres_role/parameter/000077500000000000000000000000001427155744700223655ustar00rootroot00000000000000cdist/cdist/conf/type/__postgres_role/parameter/boolean000066400000000000000000000000541427155744700237260ustar00rootroot00000000000000login createdb createrole superuser inherit cdist/cdist/conf/type/__postgres_role/parameter/default/000077500000000000000000000000001427155744700240115ustar00rootroot00000000000000cdist/cdist/conf/type/__postgres_role/parameter/default/state000066400000000000000000000000101427155744700250430ustar00rootroot00000000000000present cdist/cdist/conf/type/__postgres_role/parameter/optional000066400000000000000000000000171427155744700241330ustar00rootroot00000000000000state password cdist/cdist/conf/type/__process/000077500000000000000000000000001427155744700171745ustar00rootroot00000000000000cdist/cdist/conf/type/__process/explorer/000077500000000000000000000000001427155744700210345ustar00rootroot00000000000000cdist/cdist/conf/type/__process/explorer/runs000077500000000000000000000016121427155744700217510ustar00rootroot00000000000000#!/bin/sh # # 2011-2012 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Check whether a process runs # if [ -f "$__object/parameter/name" ]; then name="$(cat "$__object/parameter/name")" else name="$__object_id" fi pgrep -x -f "$name" || true cdist/cdist/conf/type/__process/gencode-remote000077500000000000000000000032711427155744700220220ustar00rootroot00000000000000#!/bin/sh -e # # 2011-2012 Nico Schottelius (nico-cdist at schottelius.org) # 2014 Steven Armstrong (steven-cdist at armstrong.cc) # 2017 Thomas Eckert (tom at it-eckert.de) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # if [ -f "$__object/parameter/name" ]; then name="$(cat "$__object/parameter/name")" else name="$__object_id" fi state_should="$(cat "$__object/parameter/state")" if [ -s "$__object/explorer/runs" ]; then state_is="present" else state_is="absent" fi if [ "$state_is" = "$state_should" ]; then # nothing to do exit 0 fi case "$state_should" in present) if [ -f "$__object/parameter/start" ]; then cat "$__object/parameter/start" else echo "$name" fi echo "started" >> "$__messages_out" ;; absent) if [ -f "$__object/parameter/stop" ]; then cat "$__object/parameter/stop" else echo kill "$(cat "$__object/parameter/runs")" fi echo "stopped" >> "$__messages_out" ;; *) echo "Unknown state: $state_should" >&2 exit 1 ;; esac cdist/cdist/conf/type/__process/man.rst000066400000000000000000000037171427155744700205110ustar00rootroot00000000000000cdist-type__process(7) ====================== NAME ---- cdist-type__process - Start or stop process DESCRIPTION ----------- This cdist type allows you to define the state of a process. OPTIONAL PARAMETERS ------------------- state Either "present" or "absent", defaults to "present" name Process name to match on when using pgrep -f -x. This is useful, if the name starts with a "/", because the leading slash is stripped away from the object id by cdist. stop Executable to use for stopping the process. start Executable to use for starting the process. MESSAGES -------- started The process was started. stopped The process was stopped. EXAMPLES -------- .. code-block:: sh # Start if not running __process /usr/sbin/syslog-ng --state present # Start if not running with a different binary __process /usr/sbin/nginx --state present --start "/etc/rc.d/nginx start" # Stop the process using kill (the type default) - DO NOT USE THIS __process /usr/sbin/sshd --state absent # Stop the process using /etc/rc.d/sshd stop - THIS ONE NOT AS WELL __process /usr/sbin/sshd --state absent --stop "/etc/rc.d/sshd stop" # Ensure cups is running, which runs with -C ...: __process cups --start "/etc/rc.d/cups start" --state present \ --name "/usr/sbin/cupsd -C /etc/cups/cupsd.conf" # Ensure rpc.statd is running (which usually runs with -L) using a regexp __process rpcstatd --state present --start "/etc/init.d/statd start" \ --name "rpc.statd.*" SEE ALSO -------- :strong:`cdist-type__start_on_boot`\ (7) AUTHORS ------- | Nico Schottelius | Thomas Eckert COPYING ------- Copyright \(C) 2011-2012 Nico Schottelius. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__process/parameter/000077500000000000000000000000001427155744700211545ustar00rootroot00000000000000cdist/cdist/conf/type/__process/parameter/default/000077500000000000000000000000001427155744700226005ustar00rootroot00000000000000cdist/cdist/conf/type/__process/parameter/default/state000066400000000000000000000000101427155744700236320ustar00rootroot00000000000000present cdist/cdist/conf/type/__process/parameter/optional000066400000000000000000000000261427155744700227220ustar00rootroot00000000000000name stop start state cdist/cdist/conf/type/__prometheus_alertmanager/000077500000000000000000000000001427155744700224335ustar00rootroot00000000000000cdist/cdist/conf/type/__prometheus_alertmanager/man.rst000066400000000000000000000034011427155744700237360ustar00rootroot00000000000000cdist-type__prometheus_alertmanager(7) ====================================== NAME ---- cdist-type__prometheus_alertmanager - install Alertmanager DESCRIPTION ----------- Install and configure Prometheus Alertmanager (https://prometheus.io/docs/alerting/alertmanager/). Note that due to significant differences between Prometheus 1.x and 2.x, only 2.x is supported. It is your responsibility to make sure that your package manager installs 2.x. (On Devuan Ascii, the parameter `--install-from-backports` helps.) REQUIRED PARAMETERS ------------------- config Alertmanager configuration file. It will be saved as /etc/alertmanager/alertmanager.yml on the target. OPTIONAL PARAMETERS ------------------- storage-path Where to put data. Default: /data/alertmanager. (Directory will be created if needed.) retention-days How long to retain data. Default: 90 days. BOOLEAN PARAMETERS ------------------ install-from-backports Valid on Devuan only. Will enable the backports apt source and install the package from there. Useful for getting a newer version. EXAMPLES -------- .. code-block:: sh __prometheus_alertmanager \ --install-from-backports \ --config "$__manifest/files/alertmanager.yml" \ --storage-path /data/alertmanager SEE ALSO -------- :strong:`cdist-type__prometheus_server`\ (7), :strong:`cdist-type__grafana_dashboard`\ (7), Prometheus alerting documentation: https://prometheus.io/docs/alerting/overview/ AUTHORS ------- Kamila SouÄková COPYING ------- Copyright \(C) 2018 Kamila SouÄková. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__prometheus_alertmanager/manifest000077500000000000000000000051261427155744700241730ustar00rootroot00000000000000#!/bin/sh -e ##### HARD-CODED CONFIG ##################################################### CONF_DIR=/etc/prometheus CONF=$CONF_DIR/alertmanager.yml ##### GET SETTINGS ########################################################## config="$(cat "$__object/parameter/config")" retention_days="$(cat "$__object/parameter/retention-days")" storage_path="$(cat "$__object/parameter/storage-path")" # listen_address="$(cat "$__object/parameter/listen-address")" ##### INSTALL THE PACKAGE ################################################### require_pkg="" # what to require if I want to require "the package" require="" if [ -f "$__object/parameter/install-from-backports" ]; then os=$(cat "$__global/explorer/os") os_version=$(cat "$__global/explorer/os_version") case $os in devuan) [ "$os_version" = "ascii/ceres" ] && os_version='ascii' # "ascii" used in the repo URLs __apt_source backports --uri http://auto.mirror.devuan.org/merged --distribution $os_version-backports --component main require="$require __apt_source/backports" __package_apt prometheus-alertmanager --target-release $os_version-backports require_pkg="__package_apt/prometheus-alertmanager" ;; *) echo "--install-from-backports is only supported on Devuan -- ignoring." >&2 echo "Send a pull request if you require it." >&2 exit 1 ;; esac else __package prometheus-alertmanager require_pkg="__package/prometheus-alertmanager" fi ##### PREPARE PATHS AND SUCH ################################################ require="$require $require_pkg" __directory "$storage_path" --owner prometheus --parents # TODO this is a bug in the init script, patching it like this is awful and it should be reported require="$require $require_pkg" \ __key_value alertmanager_fix_init_script --file /etc/init.d/prometheus-alertmanager \ --key "NAME" --value "prometheus-alertmanager" --delimiter "=" \ --onchange "service prometheus-alertmanager restart" ##### CONFIGURE ############################################################# FLAGS="--storage.path $storage_path --data.retention $((retention_days*24))h --web.listen-address [::]:9093 --cluster.advertise-address [::]:9093" require="$require $require_pkg" \ __key_value alertmanager_args --file /etc/default/prometheus-alertmanager \ --key "ARGS" --value "\"$FLAGS\"" --delimiter "=" \ --onchange "service prometheus-alertmanager restart" require="$require __directory/$storage_path $require_pkg" \ __config_file $CONF \ --source "$config" \ --group prometheus --mode 640 \ --onchange "service prometheus-alertmanager restart" # TODO when a config-check tool is available, check config here cdist/cdist/conf/type/__prometheus_alertmanager/parameter/000077500000000000000000000000001427155744700244135ustar00rootroot00000000000000cdist/cdist/conf/type/__prometheus_alertmanager/parameter/boolean000066400000000000000000000000271427155744700257540ustar00rootroot00000000000000install-from-backports cdist/cdist/conf/type/__prometheus_alertmanager/parameter/default/000077500000000000000000000000001427155744700260375ustar00rootroot00000000000000cdist/cdist/conf/type/__prometheus_alertmanager/parameter/default/retention-days000066400000000000000000000000031427155744700307200ustar00rootroot0000000000000090 cdist/cdist/conf/type/__prometheus_alertmanager/parameter/default/storage-path000066400000000000000000000000231427155744700303530ustar00rootroot00000000000000/data/alertmanager cdist/cdist/conf/type/__prometheus_alertmanager/parameter/optional000066400000000000000000000000341427155744700261600ustar00rootroot00000000000000storage-path retention-days cdist/cdist/conf/type/__prometheus_alertmanager/parameter/required000066400000000000000000000000071427155744700261530ustar00rootroot00000000000000config cdist/cdist/conf/type/__prometheus_alertmanager/singleton000066400000000000000000000000001427155744700243460ustar00rootroot00000000000000cdist/cdist/conf/type/__prometheus_exporter/000077500000000000000000000000001427155744700216415ustar00rootroot00000000000000cdist/cdist/conf/type/__prometheus_exporter/files/000077500000000000000000000000001427155744700227435ustar00rootroot00000000000000cdist/cdist/conf/type/__prometheus_exporter/files/blackbox.yml000066400000000000000000000031431427155744700252540ustar00rootroot00000000000000modules: http_2xx: prober: http timeout: 3s http: method: GET no_follow_redirects: false fail_if_ssl: false fail_if_not_ssl: false # http_post_2xx: # prober: http # timeout: 5s # http: # method: POST # headers: # Content-Type: application/json # body: '{}' # tcp_connect_v4_example: # prober: tcp # timeout: 5s # tcp: # protocol: "tcp4" # irc_banner_example: # prober: tcp # timeout: 5s # tcp: # query_response: # - send: "NICK prober" # - send: "USER prober prober prober :prober" # - expect: "PING :([^ ]+)" # send: "PONG ${1}" # - expect: "^:[^ ]+ 001" # icmp_example: # prober: icmp # timeout: 5s # icmp: # protocol: "icmp" # preferred_ip_protocol: "ip4" # dns_udp_example: # prober: dns # timeout: 5s # dns: # query_name: "www.prometheus.io" # query_type: "A" # valid_rcodes: # - NOERROR # validate_answer_rrs: # fail_if_matches_regexp: # - ".*127.0.0.1" # fail_if_not_matches_regexp: # - "www.prometheus.io.\t300\tIN\tA\t127.0.0.1" # validate_authority_rrs: # fail_if_matches_regexp: # - ".*127.0.0.1" # validate_additional_rrs: # fail_if_matches_regexp: # - ".*127.0.0.1" # dns_tcp_example: # prober: dns # dns: # protocol: "tcp" # accepts "tcp/tcp4/tcp6/udp/udp4/udp6", defaults to "udp" # preferred_ip_protocol: "ip4" # used for "udp/tcp", defaults to "ip6" # query_name: "www.prometheus.io" cdist/cdist/conf/type/__prometheus_exporter/man.rst000066400000000000000000000034341427155744700231520ustar00rootroot00000000000000cdist-type__prometheus_exporter(7) ================================== NAME ---- cdist-type__prometheus_exporter - install some Prometheus exporters DESCRIPTION ----------- Install and configure some exporters to be used by the Prometheus monitoring system (https://prometheus.io/). This type creates a daemontools-compatible service directory under /service/$__object_id. Daemontools (or something compatible) must be installed (in particular, the command `svc` must be executable). This type installs and builds the latest version from git, using go get. A recent version of golang as well as build tools (make, g++, etc.) must be available. Currently supported exporters: - node - blackbox - ceph REQUIRED PARAMETERS ------------------- None OPTIONAL PARAMETERS ------------------- exporter Which exporter to install and configure. Default: $__object_id. Currently supported: node, blackbox, ceph. BOOLEAN PARAMETERS ------------------ add-consul-service Add this exporter as a Consul service for automatic service discovery. EXAMPLES -------- .. code-block:: sh __daemontools __golang_from_vendor --version 1.9 # required for prometheus and many exporters require="__daemontools __golang_from_vendor" __prometheus_exporter node SEE ALSO -------- :strong:`cdist-type__daemontools`\ (7), :strong:`cdist-type__golang_from_vendor`\ (7), :strong:`cdist-type__prometheus_server`\ (7), Prometheus documentation: https://prometheus.io/docs/introduction/overview/ AUTHORS ------- Kamila SouÄková COPYING ------- Copyright \(C) 2017 Kamila SouÄková. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__prometheus_exporter/manifest000066400000000000000000000036621427155744700234010ustar00rootroot00000000000000#!/bin/sh export GOBIN=/opt/gocode/bin # where to find go binaries exporter="$(cat "$__object/parameter/exporter")" [ -z "$exporter" ] && exporter="$__object_id" __user prometheus require="__user/prometheus" __group prometheus require="__group/prometheus" __user_groups prometheus --group prometheus require="__user_groups/prometheus" case $exporter in node) TEXTFILES=/service/node-exporter/textfiles # path for the textfiles collector __directory $TEXTFILES --parents --mode 777 require="$require __golang_from_vendor" __go_get github.com/prometheus/node_exporter port=9100 run="setuidgid prometheus $GOBIN/node_exporter -web.listen-address :$port -collector.textfile.directory=$TEXTFILES" ;; blackbox) require="$require __daemontools_service/${exporter}-exporter __user/prometheus" __config_file "/service/${exporter}-exporter/blackbox.yml" \ --source "$__type/files/blackbox.yml" \ --group prometheus --mode 640 \ --onchange "svc -h /service/${exporter}-exporter" require="$require __golang_from_vendor" __go_get github.com/prometheus/blackbox_exporter port=9115 run="setuidgid prometheus $GOBIN/blackbox_exporter -config.file=/service/${exporter}-exporter/blackbox.yml" ;; ceph) __package librados-dev # dependency of ceph_exporter require="$require __golang_from_vendor __package/librados-dev" __go_get github.com/digitalocean/ceph_exporter port=9128 run="setuidgid ceph $GOBIN/ceph_exporter -ceph.config /etc/ceph/ceph.conf -telemetry.addr :$port" ;; *) echo "Unsupported exporter: $exporter." >&2 exit 1 ;; esac require="$require __daemontools" __daemontools_service "${exporter}-exporter" --run "$run" if [ -f "$__object/parameter/add-consul-service" ]; then __consul_service "${exporter}-exporter" --port "$port" --check-http "http://localhost:$port/metrics" --check-interval 10s fi #__daemontools --install-init-script __daemontools __golang_from_vendor --version 1.9 # required for many exporters cdist/cdist/conf/type/__prometheus_exporter/parameter/000077500000000000000000000000001427155744700236215ustar00rootroot00000000000000cdist/cdist/conf/type/__prometheus_exporter/parameter/boolean000066400000000000000000000000231427155744700251560ustar00rootroot00000000000000add-consul-service cdist/cdist/conf/type/__prometheus_exporter/parameter/default/000077500000000000000000000000001427155744700252455ustar00rootroot00000000000000cdist/cdist/conf/type/__prometheus_exporter/parameter/default/exporter000066400000000000000000000000001427155744700270260ustar00rootroot00000000000000cdist/cdist/conf/type/__prometheus_exporter/parameter/optional000066400000000000000000000000111427155744700253610ustar00rootroot00000000000000exporter cdist/cdist/conf/type/__prometheus_server/000077500000000000000000000000001427155744700212775ustar00rootroot00000000000000cdist/cdist/conf/type/__prometheus_server/man.rst000066400000000000000000000037441427155744700226140ustar00rootroot00000000000000cdist-type__prometheus_server(7) ================================ NAME ---- cdist-type__prometheus_server - install Prometheus DESCRIPTION ----------- Install and configure Prometheus (https://prometheus.io/). Note that due to significant differences between Prometheus 1.x and 2.x, only 2.x is supported. It is your responsibility to make sure that your package manager installs 2.x. (On Devuan Ascii, the parameter `--install-from-backports` helps.) REQUIRED PARAMETERS ------------------- config Prometheus configuration file. It will be saved as /etc/prometheus/prometheus.yml on the target. OPTIONAL PARAMETERS ------------------- retention-days How long to keep data. Default: 30 rule-files Path to rule files. They will be installed under /etc/prometheus/. You need to include `rule_files: [/etc/prometheus/]` in the config file if you use this. storage-path Where to put data. Default: /data/prometheus. (Directory will be created if needed.) BOOLEAN PARAMETERS ------------------ install-from-backports Valid on Devuan only. Will enable the backports apt source and install the package from there. Useful for getting a newer version. EXAMPLES -------- .. code-block:: sh PROMPORT=9090 ALERTPORT=9093 __prometheus_server \ --install-from-backports \ --config "$__manifest/files/prometheus.yml" \ --retention-days 14 \ --storage-path /data/prometheus \ --rule-files "$__manifest/files/*.rules" SEE ALSO -------- :strong:`cdist-type__prometheus_alertmanager`\ (7), :strong:`cdist-type__grafana_dashboard`\ (7), Prometheus documentation: https://prometheus.io/docs/introduction/overview/ AUTHORS ------- Kamila SouÄková COPYING ------- Copyright \(C) 2018 Kamila SouÄková. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__prometheus_server/manifest000077500000000000000000000052701427155744700230370ustar00rootroot00000000000000#!/bin/sh -e ##### HARD-CODED CONFIG ##################################################### CONF_DIR=/etc/prometheus CONF=$CONF_DIR/prometheus.yml ##### GET SETTINGS ########################################################## config="$(cat "$__object/parameter/config")" retention_days="$(cat "$__object/parameter/retention-days")" storage_path="$(cat "$__object/parameter/storage-path")" rule_files="$(cat "$__object/parameter/rule-files")" # explorer in kB => convert; by default we go with 1/2 RAM [ "$target_heap_size" = "auto" ] && target_heap_size=$(($(cat "$__global/explorer/memory")*1024/2)) ##### INSTALL THE PACKAGE ################################################### require_pkg="" # what to require if I want to require "the package" require="" if [ -f "$__object/parameter/install-from-backports" ]; then os=$(cat "$__global/explorer/os") os_version=$(cat "$__global/explorer/os_version") case $os in devuan) [ "$os_version" = "ascii/ceres" ] && os_version='ascii' # "ascii" used in the repo URLs __apt_source backports --uri http://auto.mirror.devuan.org/merged --distribution $os_version-backports --component main require="$require __apt_source/backports" __package_apt prometheus --target-release $os_version-backports require_pkg="__package_apt/prometheus" ;; *) echo "--install-from-backports is only supported on Devuan -- ignoring." >&2 echo "Send a pull request if you require it." >&2 exit 1 ;; esac else __package prometheus __package prometheus-blackbox-exporter require_pkg="__package/prometheus __package/prometheus-blackbox-exporter" fi ##### PREPARE PATHS AND SUCH ################################################ require="$require $require_pkg" __directory "$storage_path" --owner prometheus --parents ##### CONFIGURE ############################################################# FLAGS="--storage.tsdb.path $storage_path --storage.tsdb.retention $((retention_days*24))h --web.listen-address [::]:9090" # TODO it would be neat to restart prometheus on change -- __key_value really should have an --onchange parameter require="$require $require_pkg" \ __key_value prometheus_args --file /etc/default/prometheus \ --key "ARGS" --value "\"$FLAGS\"" --delimiter "=" \ --onchange "service prometheus restart" require="$require __directory/$storage_path $require_pkg" \ __config_file $CONF \ --source "$config" \ --group prometheus --mode 640 \ --onchange "promtool check config $CONF && service prometheus restart" for file in $rule_files; do dest=$CONF_DIR/$(basename "$file") require="$require $require_pkg" \ __config_file "$dest" \ --source "$file" \ --owner prometheus \ --onchange "promtool check rules '$dest' && service prometheus restart" done cdist/cdist/conf/type/__prometheus_server/parameter/000077500000000000000000000000001427155744700232575ustar00rootroot00000000000000cdist/cdist/conf/type/__prometheus_server/parameter/boolean000066400000000000000000000000271427155744700246200ustar00rootroot00000000000000install-from-backports cdist/cdist/conf/type/__prometheus_server/parameter/default/000077500000000000000000000000001427155744700247035ustar00rootroot00000000000000cdist/cdist/conf/type/__prometheus_server/parameter/default/retention-days000066400000000000000000000000031427155744700275640ustar00rootroot0000000000000030 cdist/cdist/conf/type/__prometheus_server/parameter/default/rule-files000066400000000000000000000000001427155744700266630ustar00rootroot00000000000000cdist/cdist/conf/type/__prometheus_server/parameter/default/storage-path000066400000000000000000000000211427155744700272150ustar00rootroot00000000000000/data/prometheus cdist/cdist/conf/type/__prometheus_server/parameter/optional000066400000000000000000000000471427155744700250300ustar00rootroot00000000000000retention-days rule-files storage-path cdist/cdist/conf/type/__prometheus_server/parameter/required000066400000000000000000000000071427155744700250170ustar00rootroot00000000000000config cdist/cdist/conf/type/__prometheus_server/singleton000066400000000000000000000000001427155744700232120ustar00rootroot00000000000000cdist/cdist/conf/type/__pyvenv/000077500000000000000000000000001427155744700170455ustar00rootroot00000000000000cdist/cdist/conf/type/__pyvenv/explorer/000077500000000000000000000000001427155744700207055ustar00rootroot00000000000000cdist/cdist/conf/type/__pyvenv/explorer/group000077500000000000000000000010371427155744700217700ustar00rootroot00000000000000#!/bin/sh -e destination="/${__object_id:?}" # shellcheck disable=SC2012 group_gid=$(ls -ldn "${destination}" | awk '{ print $4 }') # NOTE: +1 because $((notanum)) prints 0. if test $((group_gid + 1)) -ge 0 then group_should=$(cat "${__object:?}/parameter/group") if expr "${group_should}" : '[0-9]*$' >/dev/null then printf '%u\n' "${group_gid}" else if command -v getent >/dev/null 2>&1 then getent group "${group_gid}" | cut -d : -f 1 else awk -F: -v gid="${group_gid}" '$3 == gid { print $1 }' /etc/group fi fi fi cdist/cdist/conf/type/__pyvenv/explorer/owner000077500000000000000000000006361427155744700217720ustar00rootroot00000000000000#!/bin/sh -e destination="/${__object_id:?}" # shellcheck disable=SC2012 owner_uid=$(ls -ldn "${destination}" | awk '{ print $3 }') # NOTE: +1 because $((notanum)) prints 0. if test $((owner_uid + 1)) -ge 0 then owner_should=$(cat "${__object:?}/parameter/owner") if expr "${owner_should}" : '[0-9]*$' >/dev/null then printf '%u\n' "${owner_uid}" else printf '%s\n' "$(id -u -n "${owner_uid}")" fi fi cdist/cdist/conf/type/__pyvenv/explorer/state000077500000000000000000000001561427155744700217550ustar00rootroot00000000000000#!/bin/sh destination="/$__object_id" if [ -d "$destination" ]; then echo present else echo absent fi cdist/cdist/conf/type/__pyvenv/gencode-remote000077500000000000000000000042521427155744700216730ustar00rootroot00000000000000#!/bin/sh -e # # 2016 Darko Poljak (darko.poljak at gmail.com) # 2020 Nico Schotetlius (nico.schottelius at ungleich.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # state_is="$(cat "$__object/explorer/state")" owner_is="$(cat "$__object/explorer/owner")" group_is="$(cat "$__object/explorer/group")" state_should="$(cat "$__object/parameter/state")" owner="$(cat "$__object/parameter/owner")" group="$(cat "$__object/parameter/group")" mode="$(cat "$__object/parameter/mode")" [ "$state_should" = "$state_is" ] && \ [ "$owner" = "$owner_is" ] && \ [ "$group" = "$group_is" ] && \ [ -n "$mode" ] && exit 0 destination="/$__object_id" venvparams="$(cat "$__object/parameter/venvparams")" pyvenvparam="$__object/parameter/pyvenv" os=$(cat "$__global/explorer/os") if [ -f "$pyvenvparam" ] then pyvenv=$(cat "$pyvenvparam") else case "$os" in alpine|ubuntu) # no pyvenv on alpine - I assume others will follow pyvenv="python3 -m venv" ;; *) pyvenv="pyvenv" ;; esac fi case $state_should in present) if [ "$state_should" != "$state_is" ]; then echo "$pyvenv $venvparams $destination" fi if { [ -n "$owner" ] && [ "$owner_is" != "$owner" ]; } || \ { [ -n "$group" ] && [ "$group_is" != "$group" ]; }; then echo chown -R "${owner}:${group}" "$destination" fi if [ -n "$mode" ]; then echo chmod -R "$mode" "$destination" fi ;; absent) ;; *) echo "Unknown state: $state_should" >&2 exit 1 ;; esac cdist/cdist/conf/type/__pyvenv/man.rst000066400000000000000000000034671427155744700203640ustar00rootroot00000000000000cdist-type__pyvenv(7) ===================== NAME ---- cdist-type__pyvenv - Create or remove python virtual environment DESCRIPTION ----------- This cdist type allows you to create or remove python virtual environment using pyvenv on python3 -m venv. It assumes pyvenv is already installed. Concrete package depends on concrete OS and/or OS version/distribution. Ensure this for e.g. in your init manifest as in the following example: .. code-block sh case "$__target_host" in localhost) __package python3-venv --state present require="__package/python3-venv" __pyvenv /home/darko/testenv --pyvenv "pyvenv-3.4" --owner darko --group darko --mode 740 --state present require="__pyvenv/home/darko/testenv" __package_pip docopt --pip /home/darko/testenv/bin/pip --runas darko --state present ;; esac REQUIRED PARAMETERS ------------------- None OPTIONAL PARAMETERS ------------------- state Either "present" or "absent", defaults to "present" group Group to chgrp to mode Unix permissions, suitable for chmod owner User to chown to pyvenv Use this specific pyvenv venvparams Specific parameters to pass to pyvenv invocation EXAMPLES -------- .. code-block:: sh __pyvenv /home/services/djangoenv # Use specific pyvenv __pyvenv /home/foo/fooenv --pyvenv /usr/local/bin/pyvenv-3.4 # Create python virtualenv for user foo. __pyvenv /home/foo/fooenv --group foo --owner foo # Create python virtualenv with specific parameters. __pyvenv /home/services/djangoenv --venvparams "--copies --system-site-packages" AUTHORS ------- Darko Poljak COPYING ------- Copyright \(C) 2016 Darko Poljak. Free use of this software is granted under the terms of the GNU General Public License v3 or later (GPLv3+). cdist/cdist/conf/type/__pyvenv/manifest000077500000000000000000000024661427155744700206110ustar00rootroot00000000000000#!/bin/sh -e # # 2016 Darko Poljak (darko.poljak at gmail.com) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # It assumes pyvenv is already installed. Concrete packages # or installation procedures depend on concrete OS and/or OS # version/distribution. state_should="$(cat "$__object/parameter/state")" owner="$(cat "$__object/parameter/owner")" group="$(cat "$__object/parameter/group")" mode="$(cat "$__object/parameter/mode")" case "$state_should" in present) : ;; absent) __directory "$__object_id" --state absent \ --owner "$owner" \ --group "$group" \ --mode "$mode" ;; *) echo "Unknown state: $state_should" >&2 exit 1 ;; esac cdist/cdist/conf/type/__pyvenv/parameter/000077500000000000000000000000001427155744700210255ustar00rootroot00000000000000cdist/cdist/conf/type/__pyvenv/parameter/default/000077500000000000000000000000001427155744700224515ustar00rootroot00000000000000cdist/cdist/conf/type/__pyvenv/parameter/default/group000077500000000000000000000000011427155744700235220ustar00rootroot00000000000000 cdist/cdist/conf/type/__pyvenv/parameter/default/mode000077500000000000000000000000011427155744700233120ustar00rootroot00000000000000 cdist/cdist/conf/type/__pyvenv/parameter/default/owner000077500000000000000000000000011427155744700235200ustar00rootroot00000000000000 cdist/cdist/conf/type/__pyvenv/parameter/default/state000077500000000000000000000000101427155744700235060ustar00rootroot00000000000000present cdist/cdist/conf/type/__pyvenv/parameter/default/venvparams000066400000000000000000000000011427155744700245450ustar00rootroot00000000000000 cdist/cdist/conf/type/__pyvenv/parameter/optional000077500000000000000000000000511427155744700225740ustar00rootroot00000000000000state group owner mode venvparams pyvenv cdist/cdist/conf/type/__qemu_img/000077500000000000000000000000001427155744700173215ustar00rootroot00000000000000cdist/cdist/conf/type/__qemu_img/explorer/000077500000000000000000000000001427155744700211615ustar00rootroot00000000000000cdist/cdist/conf/type/__qemu_img/explorer/exists000077500000000000000000000014771427155744700224370ustar00rootroot00000000000000#!/bin/sh # # 2011 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Check whether file exists or not # destination="/$__object_id" if [ -e "$destination" ]; then echo yes fi cdist/cdist/conf/type/__qemu_img/gencode-remote000077500000000000000000000012001427155744700221350ustar00rootroot00000000000000#!/bin/sh -e # ################################################################################ # State: absent is handled by manifest - we need only to do stuff if image is # not existing and state != absent # state="$(cat "$__object/parameter/state")" [ "$state" = "absent" ] && exit 0 exists="$(cat "$__object/explorer/exists")" [ "$exists" ] && exit 0 ################################################################################ # Still there? Create image # format="$(cat "$__object/parameter/format")" size="$(cat "$__object/parameter/size")" diskimage="/$__object_id" echo "qemu-img create -f '$format' '$diskimage' '$size'" cdist/cdist/conf/type/__qemu_img/man.rst000066400000000000000000000017731427155744700206360ustar00rootroot00000000000000cdist-type__qemu_img(7) ======================= NAME ---- cdist-type__qemu_img - Manage VM disk images DESCRIPTION ----------- The qemu-img program is used to create qemu images for qemu and (qemu-)kvm. OPTIONAL PARAMETERS ------------------- state Either "present" or "absent", defaults to "present" size Size of the image in qemu-img compatible units. Required if state is "present". EXAMPLES -------- .. code-block:: sh # Create a 50G size image __qemu_img /home/services/kvm/vm/myvmname/system-disk --size 50G # Remove image __qemu_img /home/services/kvm/vm/myoldvm/system-disk --state absent SEE ALSO -------- :strong:`qemu-img`\ (1) AUTHORS ------- Nico Schottelius COPYING ------- Copyright \(C) 2012-2014 Nico Schottelius. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__qemu_img/manifest000077500000000000000000000011261427155744700210550ustar00rootroot00000000000000#!/bin/sh -e # ################################################################################ # Default settings # state_should="$(cat "$__object/parameter/state")" diskimage="/$__object_id" case "$state_should" in present) if [ ! -f "$__object/parameter/size" ]; then echo "Size is required when state is present" >&2 exit 1 fi ;; absent) # Absent is ensured by __file, present by gencode-remote __file "$diskimage" --state absent ;; *) echo "Unsupported state: $state_should" >&2 exit 1 ;; esac cdist/cdist/conf/type/__qemu_img/parameter/000077500000000000000000000000001427155744700213015ustar00rootroot00000000000000cdist/cdist/conf/type/__qemu_img/parameter/default/000077500000000000000000000000001427155744700227255ustar00rootroot00000000000000cdist/cdist/conf/type/__qemu_img/parameter/default/format000066400000000000000000000000061427155744700241340ustar00rootroot00000000000000qcow2 cdist/cdist/conf/type/__qemu_img/parameter/default/state000066400000000000000000000000101427155744700237570ustar00rootroot00000000000000present cdist/cdist/conf/type/__qemu_img/parameter/optional000066400000000000000000000000221427155744700230430ustar00rootroot00000000000000format state size cdist/cdist/conf/type/__rbenv/000077500000000000000000000000001427155744700166325ustar00rootroot00000000000000cdist/cdist/conf/type/__rbenv/man.rst000066400000000000000000000020131427155744700201330ustar00rootroot00000000000000cdist-type__rbenv(7) ==================== NAME ---- cdist-type__rbenv - Manage rbenv installation DESCRIPTION ----------- This cdist type allows you to manage rbenv installations. It also installs ruby-build. OPTIONAL PARAMETERS ------------------- state Either "present" or "absent", defaults to "present" owner Which user should own the rbenv installation, defaults to root EXAMPLES -------- .. code-block:: sh # Install rbenv including ruby-build for nico __rbenv /home/nico # Install rbenv including ruby-build for nico __rbenv /home/nico --owner nico # Bastian does not need rbenv anymore, he began to code C99 __rbenv /home/bastian --state absent AUTHORS ------- Nico Schottelius COPYING ------- Copyright \(C) 2012-2014 Nico Schottelius. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__rbenv/manifest000077500000000000000000000022631427155744700203710ustar00rootroot00000000000000#!/bin/sh -e # # 2012-2014 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # homedir="$__object_id" state_should="$(cat "$__object/parameter/state")" owner="$(cat "$__object/parameter/owner")" rbenvdir="$homedir/.rbenv" rubybuilddir="$rbenvdir/plugins/ruby-build" __git "$rbenvdir" \ --source git://github.com/sstephenson/rbenv.git \ --owner "$owner" \ --state "$state_should" require="__git/$rbenvdir" __git "$rubybuilddir" \ --source git://github.com/sstephenson/ruby-build.git \ --owner "$owner" \ --state "$state_should" cdist/cdist/conf/type/__rbenv/parameter/000077500000000000000000000000001427155744700206125ustar00rootroot00000000000000cdist/cdist/conf/type/__rbenv/parameter/default/000077500000000000000000000000001427155744700222365ustar00rootroot00000000000000cdist/cdist/conf/type/__rbenv/parameter/default/state000066400000000000000000000000101427155744700232700ustar00rootroot00000000000000present cdist/cdist/conf/type/__rbenv/parameter/optional000066400000000000000000000000061427155744700223560ustar00rootroot00000000000000state cdist/cdist/conf/type/__rbenv/parameter/required000066400000000000000000000000061427155744700223510ustar00rootroot00000000000000owner cdist/cdist/conf/type/__rsync/000077500000000000000000000000001427155744700166545ustar00rootroot00000000000000cdist/cdist/conf/type/__rsync/gencode-local000077500000000000000000000050311427155744700212750ustar00rootroot00000000000000#!/bin/sh -e if ! command -v rsync > /dev/null then echo 'rsync is missing in local machine' >&2 exit 1 fi src="$( cat "$__object/parameter/source" )" if [ ! -e "$src" ] then echo "$src not found" >&2 exit 1 fi if [ -f "$__object/parameter/destination" ] then dst="$( cat "$__object/parameter/destination" )" else dst="/$__object_id" fi # if source is directory, then make sure that # source and destination are ending with slash, # because this is what you almost always want when # rsyncing two directories. if [ -d "$src" ] then if ! echo "$src" | grep -Eq '/$' then src="$src/" fi if ! echo "$dst" | grep -Eq '/$' then dst="$dst/" fi fi remote_user="$( cat "$__object/parameter/remote-user" )" options="$( cat "$__object/parameter/options" )" if [ -f "$__object/parameter/option" ] then while read -r l do # there's a limitation in argparse: value can't begin with '-'. # to workaround this, let's prefix opts with '\' in manifest and remove here. # read more about argparse issue: https://bugs.python.org/issue9334 options="$options $( echo "$l" | sed 's/\\//g' )" done \ < "$__object/parameter/option" fi if [ -f "$__object/parameter/owner" ] || [ -f "$__object/parameter/group" ] then options="$options --chown=" if [ -f "$__object/parameter/owner" ] then owner="$( cat "$__object/parameter/owner" )" options="$options$owner" fi if [ -f "$__object/parameter/group" ] then group="$( cat "$__object/parameter/group" )" options="$options:$group" fi fi if [ -f "$__object/parameter/mode" ] then mode="$( cat "$__object/parameter/mode" )" options="$options --chmod=$mode" fi # IMPORTANT # # 1. we first dry-run rsync with change summary to find out # if there are any changes and code generation is needed. # 2. normally, to get current state or target host, we run # such operations in type explorers, but that's not # possible due to how rsync works. # 3. redirecting output of dry-run to stderr to ease debugging. # 4. to understand how that cryptic regex works, please # open rsync manpage and read about --itemize-changes. export RSYNC_RSH="$__remote_exec" # shellcheck disable=SC2086 if ! rsync --dry-run --itemize-changes $options "$src" "$remote_user@$__target_host:$dst" \ | grep -E '^(<|>|c|h|\.|\*)[fdL][cstTpogunbax\.\+\?]+\s' >&2 then exit 0 fi echo "export RSYNC_RSH='$__remote_exec'" echo "rsync $options $src $remote_user@$__target_host:$dst" cdist/cdist/conf/type/__rsync/man.rst000066400000000000000000000033571427155744700201710ustar00rootroot00000000000000cdist-type__rsync(7) ==================== NAME ---- cdist-type__rsync - Mirror directories using ``rsync`` DESCRIPTION ----------- The purpose of this type is to bring power of ``rsync`` into ``cdist``. REQUIRED PARAMETERS ------------------- source Source directory in local machine. If source is directory, slash (``/``) will be added to source and destination paths. OPTIONAL PARAMETERS ------------------- destination Destination directory. Defaults to ``$__object_id``. owner Will be passed to ``rsync`` as ``--chown=OWNER``. Read ``rsync(1)`` for more details. group Will be passed to ``rsync`` as ``--chown=:GROUP``. Read ``rsync(1)`` for more details. mode Will be passed to ``rsync`` as ``--chmod=MODE``. Read ``rsync(1)`` for more details. options Defaults to ``--recursive --links --perms --times``. Due to `bug in Python's argparse`_, value must be prefixed with ``\``. remote-user Defaults to ``root``. OPTIONAL MULTIPLE PARAMETERS ---------------------------- option Pass additional options to ``rsync``. See ``rsync(1)`` for all possible options. Due to `bug in Python's argparse`_, value must be prefixed with ``\``. EXAMPLES -------- .. code-block:: sh __rsync /var/www/example.com \ --owner root \ --group www-data \ --mode 'D750,F640' \ --source "$__files/example.com/www" AUTHORS ------- Ander Punnar COPYING ------- Copyright \(C) 2021 Ander Punnar. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__rsync/manifest000077500000000000000000000000361427155744700204070ustar00rootroot00000000000000#!/bin/sh -e __package rsync cdist/cdist/conf/type/__rsync/parameter/000077500000000000000000000000001427155744700206345ustar00rootroot00000000000000cdist/cdist/conf/type/__rsync/parameter/default/000077500000000000000000000000001427155744700222605ustar00rootroot00000000000000cdist/cdist/conf/type/__rsync/parameter/default/options000066400000000000000000000000441427155744700236740ustar00rootroot00000000000000--recursive --links --perms --times cdist/cdist/conf/type/__rsync/parameter/default/remote-user000066400000000000000000000000051427155744700244450ustar00rootroot00000000000000root cdist/cdist/conf/type/__rsync/parameter/optional000066400000000000000000000000611427155744700224010ustar00rootroot00000000000000destination group mode options owner remote-user cdist/cdist/conf/type/__rsync/parameter/optional_multiple000066400000000000000000000000071427155744700243140ustar00rootroot00000000000000option cdist/cdist/conf/type/__rsync/parameter/required000066400000000000000000000000071427155744700223740ustar00rootroot00000000000000source cdist/cdist/conf/type/__rvm/000077500000000000000000000000001427155744700163225ustar00rootroot00000000000000cdist/cdist/conf/type/__rvm/explorer/000077500000000000000000000000001427155744700201625ustar00rootroot00000000000000cdist/cdist/conf/type/__rvm/explorer/state000077500000000000000000000020021427155744700212220ustar00rootroot00000000000000#!/bin/sh # # 2012 Evax Software # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # user="$__object_id" # RVM behaves differently if root is the username / uid == 0 if [ "$user" = "root" ]; then if [ -d /usr/local/rvm ]; then echo present else echo absent fi else if su - "$user" -c "[ -d \"\$HOME/.rvm\" ]" ; then echo "present" else echo "absent" fi fi cdist/cdist/conf/type/__rvm/gencode-remote000077500000000000000000000024771427155744700211570ustar00rootroot00000000000000#!/bin/sh -e # # 2012 Evax Software # 2012 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # user="$__object_id" state_is="$(cat "$__object/explorer/state")" state_should="$(cat "$__object/parameter/state")" [ "$state_is" = "$state_should" ] && exit 0 case "$state_should" in present) cat << DONE su - $user -c "unset rvm_path; unset rvm_bin_path; unset rvm_prefix; unset rvm_version; curl -L get.rvm.io | bash -s stable" DONE ;; absent) cat << DONE su - $user -c "rm -Rf \"\\\$HOME/.rvm\"; sed '/rvm\\/scripts\\/rvm/d' \"\\\$HOME/.bashrc\" > \"\\\$HOME/.bashrc.cdist-tmp\" mv \"\\\$HOME/.bashrc.cdist-tmp\" \"\\\$HOME/.bashrc\"" DONE ;; esac cdist/cdist/conf/type/__rvm/man.rst000066400000000000000000000014341427155744700176310ustar00rootroot00000000000000cdist-type__rvm(7) ================== NAME ---- cdist-type__rvm - Install rvm for a given user DESCRIPTION ----------- RVM is the Ruby enVironment Manager for the Ruby programming language. REQUIRED PARAMETERS ------------------- state Either "present" or "absent", defaults to "present". EXAMPLES -------- .. code-block:: sh # Install rvm for user billie __rvm billie --state present # Remove rvm __rvm billie --state absent SEE ALSO -------- :strong:`cdist-type__rvm_gem`\ (7), :strong:`cdist-type__rvm_gemset`\ (7), :strong:`cdist-type__rvm_ruby`\ (7) AUTHORS ------- Evax Software COPYING ------- Copyright \(C) 2012 Evax Software. Free use of this software is granted under the terms of the GNU General Public License version 3 (GPLv3). cdist/cdist/conf/type/__rvm/manifest000077500000000000000000000015301427155744700200550ustar00rootroot00000000000000#!/bin/sh -e # # 2012 Evax Software # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # rvm core dependencies __package bash --state present __package curl --state present __package git-core --state present __package patch --state present cdist/cdist/conf/type/__rvm/parameter/000077500000000000000000000000001427155744700203025ustar00rootroot00000000000000cdist/cdist/conf/type/__rvm/parameter/default/000077500000000000000000000000001427155744700217265ustar00rootroot00000000000000cdist/cdist/conf/type/__rvm/parameter/default/state000066400000000000000000000000101427155744700227600ustar00rootroot00000000000000present cdist/cdist/conf/type/__rvm/parameter/optional000066400000000000000000000000061427155744700220460ustar00rootroot00000000000000state cdist/cdist/conf/type/__rvm_gem/000077500000000000000000000000001427155744700171525ustar00rootroot00000000000000cdist/cdist/conf/type/__rvm_gem/explorer/000077500000000000000000000000001427155744700210125ustar00rootroot00000000000000cdist/cdist/conf/type/__rvm_gem/explorer/state000077500000000000000000000025401427155744700220610ustar00rootroot00000000000000#!/bin/sh # # 2012 Evax Software # 2012 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # gem="$__object_id" gemset="$(cat "$__object/parameter/gemset")" ruby="$(echo "$gemset" | cut -d '@' -f 1)" gemsetname="$(echo "$gemset" | cut -d '@' -f2)" user="$(cat "$__object/parameter/user")" if su - "$user" -c "[ ! -d \"\$HOME/.rvm\" ]" ; then echo "absent" exit 0 fi if su - "$user" -c "source \"\$HOME/.rvm/scripts/rvm\" rvm list | grep -q $ruby"; then if su - "$user" -c "source \"\$HOME/.rvm/scripts/rvm\" rvm use $ruby > /dev/null 2>&1; rvm gemset list | grep -q $gemsetname && rvm use $gemset > /dev/null 2>&1 && gem list | grep -q $gem"; then echo "present" exit 0 fi fi echo "absent" cdist/cdist/conf/type/__rvm_gem/gencode-remote000077500000000000000000000024101427155744700217720ustar00rootroot00000000000000#!/bin/sh # # 2012 Evax Software # 2012 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # gem="$__object_id" gemset="$(cat "$__object/parameter/gemset")" state_is="$(cat "$__object/explorer/state")" user="$(cat "$__object/parameter/user")" state_should="$(cat "$__object/parameter/state")" [ "$state_is" = "$state_should" ] && exit 0 case "$state_should" in present) cat << DONE su - "$user" -c 'source ~/.rvm/scripts/rvm; rvm use "$gemset"; gem install "$gem"' DONE ;; absent) cat << DONE su - "$user" -c 'source ~/.rvm/scripts/rvm; rvm use "$gemset"; gem uninstall "$gem"' DONE ;; esac cdist/cdist/conf/type/__rvm_gem/man.rst000066400000000000000000000024101427155744700204540ustar00rootroot00000000000000cdist-type__rvm_gemset(7) ========================== NAME ---- cdist-type__rvm_gemset - Manage Ruby gems through rvm DESCRIPTION ----------- RVM is the Ruby enVironment Manager for the Ruby programming language. REQUIRED PARAMETERS ------------------- user The remote user account to use gemset The gemset to use state Either "present" or "absent", defaults to "present". OPTIONAL PARAMETERS ------------------- default Make the selected gemset the default EXAMPLES -------- .. code-block:: sh # Install the rails gem in gemset ruby-1.9.3-p0@myset for user bill __rvm_gemset rails --gemset ruby-1.9.3-p0@myset --user bill --state present # Do the same and also make ruby-1.9.3-p0@myset the default gemset __rvm_gemset rails --gemset ruby-1.9.3-p0@myset --user bill \ --state present --default # Remove it __rvm_ruby rails --gemset ruby-1.9.3-p0@myset --user bill --state absent SEE ALSO -------- :strong:`cdist-type__rvm`\ (7), :strong:`cdist-type__rvm_gemset`\ (7), :strong:`cdist-type__rvm_ruby`\ (7) AUTHORS ------- Evax Software COPYING ------- Copyright \(C) 2012 Evax Software. Free use of this software is granted under the terms of the GNU General Public License version 3 (GPLv3). cdist/cdist/conf/type/__rvm_gem/parameter/000077500000000000000000000000001427155744700211325ustar00rootroot00000000000000cdist/cdist/conf/type/__rvm_gem/parameter/default/000077500000000000000000000000001427155744700225565ustar00rootroot00000000000000cdist/cdist/conf/type/__rvm_gem/parameter/default/state000066400000000000000000000000101427155744700236100ustar00rootroot00000000000000present cdist/cdist/conf/type/__rvm_gem/parameter/optional000066400000000000000000000000161427155744700226770ustar00rootroot00000000000000default state cdist/cdist/conf/type/__rvm_gem/parameter/required000066400000000000000000000000141427155744700226700ustar00rootroot00000000000000gemset user cdist/cdist/conf/type/__rvm_gemset/000077500000000000000000000000001427155744700176665ustar00rootroot00000000000000cdist/cdist/conf/type/__rvm_gemset/explorer/000077500000000000000000000000001427155744700215265ustar00rootroot00000000000000cdist/cdist/conf/type/__rvm_gemset/explorer/state000077500000000000000000000022361427155744700225770ustar00rootroot00000000000000#!/bin/sh # # 2012 Evax Software # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # user="$(cat "$__object/parameter/user")" if [ ! -e "~$user/.rvm/scripts/rvm" ] ; then echo "absent" exit 0 fi # shellcheck disable=SC2016 if su - "$user" -c 'source ~/.rvm/scripts/rvm; rvm list strings | grep -q "^$ruby\$"'; then # shellcheck disable=SC2016 if su - "$user" -c 'source ~/.rvm/scripts/rvm; rvm use "$ruby" > /dev/null; rvm gemset list strings | cut -f 1 -d " " | grep -q "^$gemsetname\$"'; then echo "present" exit 0 fi fi echo "absent" cdist/cdist/conf/type/__rvm_gemset/gencode-remote000077500000000000000000000027371427155744700225220ustar00rootroot00000000000000#!/bin/sh -e # # 2012 Evax Software # 2012 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # gemset="$__object_id" ruby="$(echo "$gemset" | cut -d '@' -f 1)" gemsetname="$(echo "$gemset" | cut -d '@' -f 2)" state_is="$(cat "$__object/explorer/state")" user="$(cat "$__object/parameter/user")" state_should="$(cat "$__object/parameter/state")" [ "$state_is" = "$state_should" ] && exit 0 case "$state_should" in present) cat << DONE su - "$user" -c "source ~/.rvm/scripts/rvm; rvm $gemset --create" DONE if [ -f "$__object/parameter/default" ]; then cat << DONE su - "$user" -c "source ~/.rvm/scripts/rvm; rvm use --default $gemset" DONE fi ;; absent) cat << DONE su - "$user" -c "source ~/.rvm/scripts/rvm; rvm use $ruby; rvm --force gemset delete $gemsetname" DONE ;; esac cdist/cdist/conf/type/__rvm_gemset/man.rst000066400000000000000000000023101427155744700211670ustar00rootroot00000000000000cdist-type__rvm_gemset(7) ========================== NAME ---- cdist-type__rvm_gemset - Manage gemsets through rvm DESCRIPTION ----------- RVM is the Ruby enVironment Manager for the Ruby programming language. REQUIRED PARAMETERS ------------------- user The remote user account to use state Either "present" or "absent", defaults to "present". BOOLEAN PARAMETERS ------------------- default If present, set the given gemset as default. EXAMPLES -------- .. code-block:: sh # Install the gemset @myset for user charles on based on ruby-1.9.3-0 __rvm_gemset ruby-1.9.3-p0@myset --user charles --state present # Do the same and make ruby-1.9.3-p0@myset the default gemset __rvm_gemset ruby-1.9.3-p0@myset --user charles --state present --default # Remove the gemset @myset for user john __rvm_ruby ruby-1.9.3-p0@myset --user john --state absent SEE ALSO -------- :strong:`cdist-type__rvm`\ (7), :strong:`cdist-type__rvm_gem`\ (7), :strong:`cdist-type__rvm_ruby`\ (7) AUTHORS ------- Evax Software COPYING ------- Copyright \(C) 2012 Evax Software. Free use of this software is granted under the terms of the GNU General Public License version 3 (GPLv3). cdist/cdist/conf/type/__rvm_gemset/parameter/000077500000000000000000000000001427155744700216465ustar00rootroot00000000000000cdist/cdist/conf/type/__rvm_gemset/parameter/boolean000066400000000000000000000000101427155744700231770ustar00rootroot00000000000000default cdist/cdist/conf/type/__rvm_gemset/parameter/default/000077500000000000000000000000001427155744700232725ustar00rootroot00000000000000cdist/cdist/conf/type/__rvm_gemset/parameter/default/state000066400000000000000000000000101427155744700243240ustar00rootroot00000000000000present cdist/cdist/conf/type/__rvm_gemset/parameter/optional000066400000000000000000000000061427155744700234120ustar00rootroot00000000000000state cdist/cdist/conf/type/__rvm_gemset/parameter/required000066400000000000000000000000051427155744700234040ustar00rootroot00000000000000user cdist/cdist/conf/type/__rvm_ruby/000077500000000000000000000000001427155744700173635ustar00rootroot00000000000000cdist/cdist/conf/type/__rvm_ruby/explorer/000077500000000000000000000000001427155744700212235ustar00rootroot00000000000000cdist/cdist/conf/type/__rvm_ruby/explorer/state000077500000000000000000000017201427155744700222710ustar00rootroot00000000000000#!/bin/sh # # 2012 Evax Software # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # ruby="$__object_id" user="$(cat "$__object/parameter/user")" if su - "$user" -c "[ ! -d \"\$HOME/.rvm\" ]" ; then echo "absent" exit 0 fi if su - "$user" -c "source \"\$HOME/.rvm/scripts/rvm\" rvm list | grep -q $ruby"; then echo "present" else echo "absent" fi cdist/cdist/conf/type/__rvm_ruby/gencode-remote000077500000000000000000000026401427155744700222100ustar00rootroot00000000000000#!/bin/sh -e # # 2012 Evax Software # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # ruby="$__object_id" state_is="$(cat "$__object/explorer/state")" user="$(cat "$__object/parameter/user")" state_should="$(cat "$__object/parameter/state")" [ "$state_is" = "$state_should" ] && exit 0 case "$state_should" in present) echo "su - \"$user\" -c \"source \\\$HOME/.rvm/scripts/rvm;"\ "rvm install $ruby\"" if [ -f "$__object/parameter/default" ]; then echo "su - \"$user\" -c \"source \\\$HOME/.rvm/scripts/rvm;"\ "rvm use --default $ruby\"" fi ;; absent) echo "su - \"$user\" -c \"source \\\$HOME/.rvm/scripts/rvm;"\ "rvm remove $ruby\"" ;; *) echo "Unknown state $state_should" >&2 exit 1 ;; esac cdist/cdist/conf/type/__rvm_ruby/man.rst000066400000000000000000000022431427155744700206710ustar00rootroot00000000000000cdist-type__rvm_ruby(7) ======================= NAME ---- cdist-type__rvm_ruby - Manage ruby installations through rvm DESCRIPTION ----------- RVM is the Ruby enVironment Manager for the Ruby programming language. REQUIRED PARAMETERS ------------------- user The remote user account to use state Either "present" or "absent", defaults to "present". BOOLEAN PARAMETERS ------------------ default Set the given version as default EXAMPLES -------- .. code-block:: sh # Install ruby 1.9.3 through rvm for user thelonious __rvm_ruby ruby-1.9.3-p0 --user thelonious --state present # Install ruby 1.9.3 through rvm for user ornette and make it the default __rvm_ruby ruby-1.9.3-p0 --user ornette --state present --default # Remove ruby 1.9.3 for user john __rvm_ruby ruby-1.9.3-p0 --user john --state absent SEE ALSO -------- :strong:`cdist-type__rvm`\ (7), :strong:`cdist-type__rvm_gem`\ (7), :strong:`cdist-type__rvm_gemset`\ (7) AUTHORS ------- Evax Software COPYING ------- Copyright \(C) 2012 Evax Software. Free use of this software is granted under the terms of the GNU General Public License version 3 (GPLv3). cdist/cdist/conf/type/__rvm_ruby/manifest000077500000000000000000000015101427155744700211140ustar00rootroot00000000000000#!/bin/sh -e # # 2012 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Required packages for building ruby for package in bzip2 gcc make; do __package "$package" --state present done cdist/cdist/conf/type/__rvm_ruby/parameter/000077500000000000000000000000001427155744700213435ustar00rootroot00000000000000cdist/cdist/conf/type/__rvm_ruby/parameter/boolean000066400000000000000000000000101427155744700226740ustar00rootroot00000000000000default cdist/cdist/conf/type/__rvm_ruby/parameter/default/000077500000000000000000000000001427155744700227675ustar00rootroot00000000000000cdist/cdist/conf/type/__rvm_ruby/parameter/default/state000066400000000000000000000000101427155744700240210ustar00rootroot00000000000000present cdist/cdist/conf/type/__rvm_ruby/parameter/optional000066400000000000000000000000061427155744700231070ustar00rootroot00000000000000state cdist/cdist/conf/type/__rvm_ruby/parameter/required000066400000000000000000000000051427155744700231010ustar00rootroot00000000000000user cdist/cdist/conf/type/__sed/000077500000000000000000000000001427155744700162715ustar00rootroot00000000000000cdist/cdist/conf/type/__sed/explorer/000077500000000000000000000000001427155744700201315ustar00rootroot00000000000000cdist/cdist/conf/type/__sed/explorer/file000077500000000000000000000003411427155744700207740ustar00rootroot00000000000000#!/bin/sh -e if [ -f "$__object/parameter/file" ] then file="$( cat "$__object/parameter/file" )" else file="/$__object_id" fi if [ ! -e "$file" ] then echo "$file does not exist" >&2 exit 1 fi cat "$file" cdist/cdist/conf/type/__sed/gencode-remote000077500000000000000000000023071427155744700211160ustar00rootroot00000000000000#!/bin/sh -e if [ -f "$__object/parameter/file" ] then file="$( cat "$__object/parameter/file" )" else file="/$__object_id" fi script="$( cat "$__object/parameter/script" )" if [ "$script" = '-' ] then script="$( cat "$__object/stdin" )" fi # since stdin is not available in explorer, we pull file from target with explorer file_from_target="$__object/explorer/file" sed_cmd='sed' if [ -f "$__object/parameter/regexp-extended" ] then sed_cmd="$sed_cmd -E" fi # do sed dry run, diff result and if no change, then there's nothing to do # also redirect diff's output to stderr for debugging purposes if echo "$script" | "$sed_cmd" -f - "$file_from_target" | diff -u "$file_from_target" - >&2 then exit 0 fi # we can't use -i, because it's not posix, so we fly with tempfile and cp # and we use cp because we want to preserve destination file's attributes # shellcheck disable=SC2016 echo 'tmp="$__object/tempfile"' echo "$sed_cmd -f - '$file' > \"\$tmp\" << EOF" echo "$script" echo 'EOF' echo "cp \"\$tmp\" '$file'" # shellcheck disable=SC2016 echo 'rm -f "$tmp"' echo 'change' >> "$__messages_out" if [ -f "$__object/parameter/onchange" ] then cat "$__object/parameter/onchange" fi cdist/cdist/conf/type/__sed/man.rst000066400000000000000000000020741427155744700176010ustar00rootroot00000000000000cdist-type__sed(7) ================== NAME ---- cdist-type__sed - Transform text files with ``sed`` DESCRIPTION ----------- Transform text files with ``sed``. REQUIRED MULTIPLE PARAMETERS ---------------------------- script ``sed`` script. If ``-`` then the script is read from ``stdin``. OPTIONAL PARAMETERS ------------------- file Path to the file. Defaults to ``$__object_id``. onchange Execute this command if ``sed`` changes file. BOOLEAN PARAMETERS ------------------ regexp-extended Use extended regular expressions in the script. Might not be supported with every ``sed`` version. EXAMPLES -------- .. code-block:: sh __sed /tmp/foobar --script 's/foo/bar/' echo 's/foo/bar/' | __sed foobar --file /tmp/foobar --script - AUTHORS ------- Ander Punnar COPYING ------- Copyright \(C) 2021 Ander Punnar. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__sed/parameter/000077500000000000000000000000001427155744700202515ustar00rootroot00000000000000cdist/cdist/conf/type/__sed/parameter/boolean000066400000000000000000000000201427155744700216030ustar00rootroot00000000000000regexp-extended cdist/cdist/conf/type/__sed/parameter/optional000066400000000000000000000000161427155744700220160ustar00rootroot00000000000000file onchange cdist/cdist/conf/type/__sed/parameter/required_multiple000066400000000000000000000000071427155744700237240ustar00rootroot00000000000000script cdist/cdist/conf/type/__sensible_editor/000077500000000000000000000000001427155744700206705ustar00rootroot00000000000000cdist/cdist/conf/type/__sensible_editor/explorer/000077500000000000000000000000001427155744700225305ustar00rootroot00000000000000cdist/cdist/conf/type/__sensible_editor/explorer/editor_path000066400000000000000000000063471427155744700247670ustar00rootroot00000000000000#!/bin/sh -e # # 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Check if the given editor is present on the target system and determine its # absolute path. # die() { echo "$@" >&2 exit 1 } editor_missing() { die "Editor '$1' is missing on the target system."; } editor_no_alternative() { die "Editor '$1' is not in the alternatives list of the target system." \ "$(test -n "${editors}" && printf '\nPlease choose one of:\n\n%s\n' "${editors}")" } # No need to check for the path if the file is supposed to be removed. test "$(cat "${__object}/parameter/state")" != 'absent' || exit 0 case $("${__explorer}/os") in debian|devuan|ubuntu) has_alternatives=true # NOTE: Old versions do not support `--list`, in this case ignore the errors. # This will require an absolute path to be provided, though. editors=$(update-alternatives --list editor 2>/dev/null) ;; *) # NOTE: RedHat has an alternatives system but it doesn't usually track # editors and it is a pain to extract the list. has_alternatives=false ;; esac # Read --editor parameter and check its value since it is "optional" editor=$(cat "${__object}/parameter/editor" 2>/dev/null) || true test -n "${editor}" || die 'Please provide an --editor to configure.' case $editor in /*) is_abspath=true ;; */*) die 'Relative editor paths are not supported' ;; *) is_abspath=false ;; esac if $has_alternatives && test -n "${editors}" then IFS=' ' if ! $is_abspath then # First, try to resolve the absolute path using $editors. while true do for e in $editors do if test "$(basename "${e}")" = "${editor}" then editor="${e}" break 2 # break out of both loops fi done # Iterating through alternatives did not yield a result editor_no_alternative "${editor}" break done fi # Check if editor is present test -f "${editor}" || editor_missing "${editor}" for e in $editors do if test "${editor}" = "${e}" then # Editor is part of the alternatives list -> use it! echo "${editor}" exit 0 fi done editor_no_alternative "${editor}" else # NOTE: This branch is mostly for RedHat-based systems which do # not track editor alternatives. To make this type useful # on RedHat at all we allow an absoloute path to be provided # in any case. if $is_abspath then test -x "${editor}" || editor_missing "${editor}" echo "${editor}" exit 0 else die "The target doesn't list any editor alternatives. " \ "Please specify an absolute path or populate the alternatives list." fi fi # The script should never reach this statement! exit 1 cdist/cdist/conf/type/__sensible_editor/explorer/group000066400000000000000000000014571427155744700236160ustar00rootroot00000000000000#!/bin/sh -e # # 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Determines the primary group of the user. # user=$__object_id id -gn "${user}" 2>/dev/null cdist/cdist/conf/type/__sensible_editor/explorer/user_home000066400000000000000000000016651427155744700244510ustar00rootroot00000000000000#!/bin/sh -e # # 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Determines the home folder of the target user. # user=$__object_id home=$(getent passwd "${user}" | cut -d':' -f6) if ! test -d "${home}" then echo "Cannot find home directory of user ${user}" >&2 exit 1 fi echo "${home}" cdist/cdist/conf/type/__sensible_editor/man.rst000066400000000000000000000035441427155744700222030ustar00rootroot00000000000000cdist-type__sensible_editor(7) ============================== NAME ---- cdist-type__sensible_editor - Select the sensible-editor DESCRIPTION ----------- This cdist type allows you to select the :strong:`sensible-editor` for a given user. REQUIRED PARAMETERS ------------------- editor Name or path of the editor to be selected. On systems other than Debian derivatives an absolute path is required. It is permissible to omit this parameter if --state is absent. OPTIONAL PARAMETERS ------------------- state 'present', 'absent', or 'exists'. Defaults to 'present', where: present the sensible-editor is exactly what is specified in --editor. absent no sensible-editor configuration is present. exists the sensible-editor will be set to what is specified in --editor, unless there already is a configuration on the target system. EXAMPLES -------- .. code-block:: sh __sensible_editor root --editor /bin/ed # ed(1) is the standard __sensible_editor noob --editor nano LIMITATIONS ----------- This type depends upon the :strong:`sensible-editor`\ (1) script which is part of the sensible-utils package. Therefore, the following operating systems are supported: * Debian 8 (jessie) or later * Devuan * Ubuntu 8.10 (intrepid) or later * RHEL/CentOS 7 or later (EPEL repo required) * Fedora 21 or later Note: on old versions of Ubuntu the sensible-* utils are part of the debianutils package. SEE ALSO -------- :strong:`select-editor`\ (1), :strong:`sensible-editor`\ (1). AUTHOR ------- Dennis Camera COPYING ------- Copyright \(C) 2019 Dennis Camera. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__sensible_editor/manifest000066400000000000000000000044531427155744700224270ustar00rootroot00000000000000#!/bin/sh -e # -*- mode: sh; indent-tabs-mode: t -*- # # 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # version_ge() { awk -F '[^0-9.]' -v target="${1:?}" ' function max(x, y) { return x > y ? x : y; } BEGIN { getline; nx = split($1, x, "."); ny = split(target, y, "."); for (i = 1; i <= max(nx, ny); ++i) { diff = int(x[i]) - int(y[i]); if (diff < 0) exit 1; else if (diff > 0) exit 0; else continue; } }' } not_supported() { echo "OS ${os} does not support __sensible_editor." >&2 echo 'If it does, please provide a patch.' >&2 exit 1 } os=$(cat "${__global}/explorer/os") os_version=$(cat "${__global}/explorer/os_version") state=$(cat "${__object}/parameter/state") user=$__object_id if test "${state}" != 'present' && test "${state}" != 'exists' && test "${state}" != 'absent' then echo 'Only "present", "exists", and "absent" are allowed for --state' >&2 exit 1 fi package_name='sensible-utils' case $os in debian) pkg_type='apt' ;; devuan) pkg_type='apt' ;; ubuntu) (echo "${os_version}" | version_ge 10.04) || package_name='debianutils' pkg_type='apt' ;; centos|fedora|redhat|scientific) pkg_type='yum' ;; *) not_supported ;; esac if test "${state}" != 'absent' then __package "${package_name}" --state present \ --type "${pkg_type}" export require="__package/${package_name}" fi editor_path=$(cat "${__object}/explorer/editor_path") user_home=$(cat "${__object}/explorer/user_home") group=$(cat "${__object}/explorer/group") __file "${user_home}/.selected_editor" --state "${state}" \ --owner "${user}" --group "${group}" --mode 0644 \ --source - < COPYING ------- Copyright \(C) 2019 Timothée Floure. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__service/manifest000066400000000000000000000005771427155744700207200ustar00rootroot00000000000000#!/bin/sh manager="$(cat "$__object/explorer/service-manager")" name=$__object_id action="$(cat "$__object/parameter/action")" case "$manager" in systemd) test "$action" = "start" && action="running" test "$action" = "stop" && action="stopped" __systemd_service "$name" --state "$action" ;; *) # Unknown: handled by `service $NAME $action` in gencode-remote. ;; esac cdist/cdist/conf/type/__service/parameter/000077500000000000000000000000001427155744700211365ustar00rootroot00000000000000cdist/cdist/conf/type/__service/parameter/required000066400000000000000000000000071427155744700226760ustar00rootroot00000000000000action cdist/cdist/conf/type/__snakeoil_cert/000077500000000000000000000000001427155744700203405ustar00rootroot00000000000000cdist/cdist/conf/type/__snakeoil_cert/explorer/000077500000000000000000000000001427155744700222005ustar00rootroot00000000000000cdist/cdist/conf/type/__snakeoil_cert/explorer/ssl-cert-group000077500000000000000000000001441427155744700250130ustar00rootroot00000000000000#!/bin/sh -e if grep -Eq '^ssl-cert:' /etc/group then echo 'present' else echo 'absent' fi cdist/cdist/conf/type/__snakeoil_cert/explorer/state000077500000000000000000000007441427155744700232530ustar00rootroot00000000000000#!/bin/sh -e key_path="$( cat "$__object/parameter/key-path" )" if echo "$key_path" | grep -Fq '%s' then # shellcheck disable=SC2059 key_path="$( printf "$key_path" "$__object_id" )" fi cert_path="$( cat "$__object/parameter/cert-path" )" if echo "$cert_path" | grep -Fq '%s' then # shellcheck disable=SC2059 cert_path="$( printf "$cert_path" "$__object_id" )" fi if [ ! -f "$key_path" ] || [ ! -f "$cert_path" ] then echo 'absent' else echo 'present' fi cdist/cdist/conf/type/__snakeoil_cert/gencode-remote000077500000000000000000000030301427155744700231570ustar00rootroot00000000000000#!/bin/sh -e state="$( cat "$__object/explorer/state" )" if [ "$state" = 'present' ] then exit 0 fi if [ -f "$__object/parameter/common-name" ] then common_name="$( cat "$__object/parameter/common-name" )" else common_name="$__object_id" fi key_path="$( cat "$__object/parameter/key-path" )" if echo "$key_path" | grep -Fq '%s' then # shellcheck disable=SC2059 key_path="$( printf "$key_path" "$__object_id" )" fi cert_path="$( cat "$__object/parameter/cert-path" )" if echo "$cert_path" | grep -Fq '%s' then # shellcheck disable=SC2059 cert_path="$( printf "$cert_path" "$__object_id" )" fi key_type="$( cat "$__object/parameter/key-type" )" key_type_arg="$( echo "$key_type" | cut -d : -f 2 )" case "$key_type" in rsa:*) echo "openssl genrsa -out '$key_path' $key_type_arg" ;; ec:*) echo "openssl ecparam -name $key_type_arg -genkey -noout -out '$key_path'" ;; esac # shellcheck disable=SC2016 echo 'csr_path="$( mktemp )"' echo "openssl req -new -subj '/CN=$common_name' -key '$key_path' -out \"\$csr_path\"" echo "openssl x509 -req -sha256 -days 3650 -in \"\$csr_path\" -signkey '$key_path' -out '$cert_path'" # shellcheck disable=SC2016 echo 'rm -f "$csr_path"' if [ "$( cat "$__object/explorer/ssl-cert-group" )" = 'present' ] then key_group='ssl-cert' else key_group='root' fi echo "chmod 640 '$key_path'" echo "chown root '$key_path'" echo "chgrp $key_group '$key_path'" echo "chmod 644 '$cert_path'" echo "chown root '$cert_path'" echo "chgrp root '$cert_path'" cdist/cdist/conf/type/__snakeoil_cert/man.rst000066400000000000000000000027701427155744700216530ustar00rootroot00000000000000cdist-type__snakeoil_cert(7) ============================ NAME ---- cdist-type__snakeoil_cert - Generate self-signed certificate DESCRIPTION ----------- The purpose of this type is to generate **self-signed** certificate and private key for **testing purposes**. Certificate will expire in 3650 days. Certificate's and key's access bits will be ``644`` and ``640`` respectively. If target system has ``ssl-cert`` group, then it will be used as key's group. Use ``require='__snakeoil_cert/...' __file ...`` to override. OPTIONAL PARAMETERS ------------------- common-name Defaults to ``$__object_id``. key-path ``%s`` in path will be replaced with ``$__object_id``. Defaults to ``/etc/ssl/private/%s.pem``. key-type Possible values are ``rsa:$bits`` and ``ec:$name``. For possible EC names see ``openssl ecparam -list_curves``. Defaults to ``rsa:2048``. cert-path ``%s`` in path will be replaced with ``$__object_id``. Defaults to ``/etc/ssl/certs/%s.pem``. EXAMPLES -------- .. code-block:: sh __snakeoil_cert localhost-rsa \ --common-name localhost \ --key-type rsa:4096 __snakeoil_cert localhost-ec \ --common-name localhost \ --key-type ec:prime256v1 AUTHORS ------- Ander Punnar COPYING ------- Copyright \(C) 2021 Ander Punnar. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__snakeoil_cert/parameter/000077500000000000000000000000001427155744700223205ustar00rootroot00000000000000cdist/cdist/conf/type/__snakeoil_cert/parameter/default/000077500000000000000000000000001427155744700237445ustar00rootroot00000000000000cdist/cdist/conf/type/__snakeoil_cert/parameter/default/cert-path000066400000000000000000000000261427155744700255540ustar00rootroot00000000000000/etc/ssl/certs/%s.pem cdist/cdist/conf/type/__snakeoil_cert/parameter/default/key-path000066400000000000000000000000301427155744700254020ustar00rootroot00000000000000/etc/ssl/private/%s.pem cdist/cdist/conf/type/__snakeoil_cert/parameter/default/key-type000066400000000000000000000000111427155744700254260ustar00rootroot00000000000000rsa:2048 cdist/cdist/conf/type/__snakeoil_cert/parameter/optional000066400000000000000000000000501427155744700240630ustar00rootroot00000000000000common-name key-path key-type cert-path cdist/cdist/conf/type/__ssh_authorized_key/000077500000000000000000000000001427155744700214215ustar00rootroot00000000000000cdist/cdist/conf/type/__ssh_authorized_key/explorer/000077500000000000000000000000001427155744700232615ustar00rootroot00000000000000cdist/cdist/conf/type/__ssh_authorized_key/explorer/entry000077500000000000000000000026141427155744700243530ustar00rootroot00000000000000#!/bin/sh # # 2014 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # extract the keytype and base64 encoded key ignoring any options and comment type_and_key="$(tr ' ' '\n' < "$__object/parameter/key"| awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }')" # If type_and_key is empty, which is the case with an invalid key, do not grep $file because it results # in greping everything in file and all entries from file are removed. if [ -n "${type_and_key}" ] then file="$(cat "$__object/parameter/file")" test -e "$file" || exit 0 # get any entries that match the type and key # NOTE: Do not match from the beginning of the line as there may be options # preceeding the key. grep "${type_and_key}\\([ \\n].*\\)*$" "$file" || true fi cdist/cdist/conf/type/__ssh_authorized_key/gencode-remote000077500000000000000000000073231427155744700242510ustar00rootroot00000000000000#!/bin/sh -e # # 2014 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # set -u the_key="$(cat "$__object/parameter/key")" # validate key validated_key="$(echo "${the_key}" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }')" if [ -z "${validated_key}" ] then echo "Key is invalid: \"${the_key}\"" >&2 exit 1 fi remove_line() { file="$1" line="$2" cat << DONE tmpfile=\$(mktemp ${file}.cdist.XXXXXXXXXX) # preserve ownership and permissions of existing file if [ -f "$file" ]; then cp -p "$file" "\$tmpfile" grep -v -F -x '$line' '$file' >\$tmpfile fi cat "\$tmpfile" >"$file" rm -f "\$tmpfile" DONE } add_line() { file="$1" line="$2" # escape single quotes line_sanitised=$(echo "$line" | sed -e "s/'/'\"'\"'/g") printf '%s' "printf '%s\\n' '$line_sanitised' >> $file" } file="$(cat "$__object/parameter/file")" mkdir "$__object/files" # Generate the entry as it should be ( if [ -f "$__object/parameter/option" ]; then # comma seperated list of options options="$(tr '\n' ',' < "$__object/parameter/option")" printf '%s ' "${options%*,}" fi if [ -f "$__object/parameter/comment" ]; then # extract the keytype and base64 encoded key ignoring any options and comment printf '%s ' "$(echo "${the_key}" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }')" # override the comment with the one explicitly given printf '%s' "$(cat "$__object/parameter/comment")" else printf '%s' "${the_key}" fi printf '\n' ) > "$__object/files/should" # Remove conflicting entries if any if [ -s "$__object/explorer/entry" ]; then # Note that the files have to be sorted for comparison with `comm`. sort "$__object/explorer/entry" > "$__object/files/is" comm -13 "$__object/files/should" "$__object/files/is" | { while read -r entry; do remove_line "$file" "$entry" done } fi # Determine the current state entry="$(cat "$__object/files/should")" state_should="$(cat "$__object/parameter/state")" num_existing_entries=$(grep -c -F -x "$entry" "$__object/explorer/entry" || true) if [ "$num_existing_entries" -eq 1 ]; then state_is="present" else # Posix grep does not define the -m option, so we can not remove a single # occurence of a string from a file in the `remove_line` function. Instead # _all_ occurences are removed. # By using `comm` to detect conflicting entries this could lead to the # situation that the key we want to add is actually removed. # To workaround this we must treat 0 or more then 1 existing entries to # mean current state is 'absent'. By doing this, the key is readded # again after cleaning up conflicting entries. state_is="absent" fi # Manage the actual entry as it should be if [ "$state_should" = "$state_is" ]; then # Nothing to do exit 0 fi case "$state_should" in present) add_line "$file" "$entry" echo "added to $file ($entry)" >> "$__messages_out" ;; absent) remove_line "$file" "$entry" echo "removed from $file ($entry)" >> "$__messages_out" ;; esac cdist/cdist/conf/type/__ssh_authorized_key/man.rst000066400000000000000000000040001427155744700227200ustar00rootroot00000000000000cdist-type__ssh_authorized_key(7) ================================= NAME ---- cdist-type__ssh_authorized_key - Manage a single ssh authorized key entry DESCRIPTION ----------- Manage a single authorized key entry in an authorized_key file. This type was created to be used by the __ssh_authorized_keys type. REQUIRED PARAMETERS ------------------- file The authorized_keys file where the given key should be managed. key The ssh key which shall be managed in this authorized_keys file. Must be a string containing the ssh keytype, base 64 encoded key and optional trailing comment which shall be added to the given authorized_keys file. OPTIONAL PARAMETERS ------------------- comment Use this comment instead of the one which may be trailing in the key. option An option to set for this authorized_key entry. Can be specified multiple times. See sshd(8) for available options. state If the managed key should be 'present' or 'absent', defaults to 'present'. MESSAGES -------- added to `file` (`entry`) The key `entry` (with optional comment) was added to `file`. removed from `file` (`entry`) The key `entry` (with optional comment) was removed from `file`. EXAMPLES -------- .. code-block:: sh __ssh_authorized_key some-id \ --file "/home/user/.ssh/autorized_keys" \ --key "$(cat ~/.ssh/id_rsa.pub)" __ssh_authorized_key some-id \ --file "/home/user/.ssh/autorized_keys" \ --key "$(cat ~/.ssh/id_rsa.pub)" \ --option 'command="/path/to/script"' \ --option 'environment="FOO=bar"' \ --comment 'one to rule them all' SEE ALSO -------- :strong:`cdist-type__ssh_authorized_keys`\ (7), :strong:`sshd`\ (8) AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2014 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__ssh_authorized_key/parameter/000077500000000000000000000000001427155744700234015ustar00rootroot00000000000000cdist/cdist/conf/type/__ssh_authorized_key/parameter/default/000077500000000000000000000000001427155744700250255ustar00rootroot00000000000000cdist/cdist/conf/type/__ssh_authorized_key/parameter/default/state000066400000000000000000000000101427155744700260570ustar00rootroot00000000000000present cdist/cdist/conf/type/__ssh_authorized_key/parameter/optional000066400000000000000000000000161427155744700251460ustar00rootroot00000000000000comment state cdist/cdist/conf/type/__ssh_authorized_key/parameter/optional_multiple000066400000000000000000000000071427155744700270610ustar00rootroot00000000000000option cdist/cdist/conf/type/__ssh_authorized_key/parameter/required000066400000000000000000000000111427155744700251340ustar00rootroot00000000000000file key cdist/cdist/conf/type/__ssh_authorized_keys/000077500000000000000000000000001427155744700216045ustar00rootroot00000000000000cdist/cdist/conf/type/__ssh_authorized_keys/explorer/000077500000000000000000000000001427155744700234445ustar00rootroot00000000000000cdist/cdist/conf/type/__ssh_authorized_keys/explorer/file000077500000000000000000000031041427155744700243070ustar00rootroot00000000000000#!/bin/sh # # 2014 Steven Armstrong (steven-cdist at armstrong.cc) # 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # if [ -f "$__object/parameter/file" ]; then cat "$__object/parameter/file" else if [ -s "$__object/parameter/owner" ] then owner=$(cat "$__object/parameter/owner") else owner="$__object_id" fi if command -v getent >/dev/null then owner_line=$(getent passwd "$owner") elif [ -f /etc/passwd ] then case $owner in [0-9][0-9]*) owner_line=$(awk -F: "\$3 == \"${owner}\" { print }" /etc/passwd) ;; *) owner_line=$(awk -F: "\$1 == \"${owner}\" { print }" /etc/passwd) ;; esac fi if [ "$owner_line" ] then home=$(echo "$owner_line" | cut -d':' -f6) fi if [ ! -d "$home" ] then # Don't know how to determine user's home directory, fall back to ~ home="~$owner" command -v realpath >/dev/null && home=$(realpath "$home") fi [ -d "$home" ] && echo "$home/.ssh/authorized_keys" fi cdist/cdist/conf/type/__ssh_authorized_keys/explorer/group000077500000000000000000000024001427155744700245220ustar00rootroot00000000000000#!/bin/sh # # 2014 Steven Armstrong (steven-cdist at armstrong.cc) # 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # if [ -s "$__object/parameter/owner" ] then owner=$(cat "$__object/parameter/owner") else owner="$__object_id" fi if command -v getent >/dev/null then gid=$(getent passwd "$owner" | cut -d':' -f4) getent group "$gid" || true else # Fallback to local file scanning case $owner in [0-9][0-9]*) gid=$(awk -F: "\$3 == \"${owner}\" { print \$4 }" /etc/passwd) ;; *) gid=$(awk -F: "\$1 == \"${owner}\" { print \$4 }" /etc/passwd) ;; esac awk -F: "\$3 == \"$gid\" { print }" /etc/group fi cdist/cdist/conf/type/__ssh_authorized_keys/explorer/keys000077500000000000000000000002271427155744700243460ustar00rootroot00000000000000#!/bin/sh -e # shellcheck disable=SC1090 # shellcheck disable=SC1091 file="$( . "$__type_explorer/file" )" if [ -f "$file" ] then cat "$file" fi cdist/cdist/conf/type/__ssh_authorized_keys/man.rst000066400000000000000000000073651427155744700231240ustar00rootroot00000000000000cdist-type__ssh_authorized_keys(7) ================================== NAME ---- cdist-type__ssh_authorized_keys - Manage ssh authorized_keys files DESCRIPTION ----------- Adds or removes ssh keys from a authorized_keys file. This type uses the __ssh_dot_ssh type to manage the directory containing the authorized_keys file. You can disable this feature with the --noparent boolean parameter. The existence, ownership and permissions of the authorized_keys file itself are also managed. This can be disabled with the --nofile boolean parameter. It is then left to the user to ensure that the file exists and that ownership and permissions work with ssh. REQUIRED MULTIPLE PARAMETERS ---------------------------- key An ssh key which shall be managed in this authorized_keys file. Must be a string containing the ssh keytype, base 64 encoded key and optional trailing comment which shall be added to the given authorized_keys file. Can be specified multiple times. OPTIONAL PARAMETERS ------------------- comment Use this comment instead of the one which may be trailing in each key. file An alternative destination file, defaults to ~$owner/.ssh/authorized_keys. option An option to set for all authorized_key entries in the key parameter. Can be specified multiple times. See sshd(8) for available options. owner The user owning the authorized_keys file, defaults to object_id. state If the given keys should be 'present' or 'absent', defaults to 'present'. BOOLEAN PARAMETERS ------------------ noparent Don't create or change ownership and permissions of the directory containing the authorized_keys file. nofile Don't manage existence, ownership and permissions of the the authorized_keys file. remove-unknown Remove undefined keys. EXAMPLES -------- .. code-block:: sh # add your ssh key to remote root's authorized_keys file __ssh_authorized_keys root \ --key "$(cat ~/.ssh/id_rsa.pub)" # same as above, but make sure your key is only key in # root's authorized_keys file __ssh_authorized_keys root \ --key "$(cat ~/.ssh/id_rsa.pub)" \ --remove-unknown # allow key to login as user-name __ssh_authorized_keys user-name \ --key "ssh-rsa AXYZAAB3NzaC1yc2..." # allow key to login as user-name with options and expicit comment __ssh_authorized_keys user-name \ --key "ssh-rsa AXYZAAB3NzaC1yc2..." \ --option no-agent-forwarding \ --option 'from="*.example.com"' \ --comment 'backup server' # same as above, but with explicit owner and two keys # note that the options are set for all given keys __ssh_authorized_keys some-fancy-id \ --owner user-name \ --key "ssh-rsa AXYZAAB3NzaC1yc2..." \ --key "ssh-rsa AZXYAAB3NzaC1yc2..." \ --option no-agent-forwarding \ --option 'from="*.example.com"' \ --comment 'backup server' # authorized_keys file in non standard location __ssh_authorized_keys some-fancy-id \ --file /etc/ssh/keys/user-name/authorized_keys \ --owner user-name \ --key "ssh-rsa AXYZAAB3NzaC1yc2..." # same as above, but directory and authorized_keys file is created elswhere __ssh_authorized_keys some-fancy-id \ --file /etc/ssh/keys/user-name/authorized_keys \ --owner user-name \ --noparent \ --nofile \ --key "ssh-rsa AXYZAAB3NzaC1yc2..." SEE ALSO -------- :strong:`sshd`\ (8) AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2012-2014 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__ssh_authorized_keys/manifest000077500000000000000000000060371427155744700233460ustar00rootroot00000000000000#!/bin/sh -e # # 2012-2014 Steven Armstrong (steven-cdist at armstrong.cc) # 2014 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # owner="$(cat "$__object/parameter/owner" 2>/dev/null || echo "$__object_id")" state="$(cat "$__object/parameter/state" 2>/dev/null)" file="$(cat "$__object/explorer/file")" if [ ! -f "$__object/parameter/nofile" ] && [ -z "$file" ] then echo "Cannot determine path of authorized_keys file" >&2 exit 1 fi if [ ! -f "$__object/parameter/noparent" ] || [ ! -f "$__object/parameter/nofile" ]; then group="$(cut -d':' -f 1 "$__object/explorer/group")" if [ -z "$group" ]; then echo "Failed to get owners group from explorer." >&2 exit 1 fi if [ ! -f "$__object/parameter/noparent" ]; then __ssh_dot_ssh "$owner" export require="__ssh_dot_ssh/$owner" fi if [ ! -f "$__object/parameter/nofile" ]; then # Ensure that authorized_keys file exists and has the right permissions. __file "$file" \ --owner "$owner" \ --group "$group" \ --mode 0600 \ --state exists export require="__file/$file" fi fi _cksum() { echo "$1" | cksum | cut -d' ' -f 1 } _type_and_key() { echo "$1" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }' } while read -r key; do type_and_key="$( _type_and_key "$key" )" object_id="$(_cksum "$file")-$(_cksum "$type_and_key")" set -- "$object_id" set -- "$@" --file "$file" set -- "$@" --key "$key" set -- "$@" --state "$state" if [ -f "$__object/parameter/option" ]; then # shellcheck disable=SC2046 set -- "$@" $(printf -- '--option %s ' $(cat "$__object/parameter/option")) fi if [ -f "$__object/parameter/comment" ]; then set -- "$@" --comment "$(cat "$__object/parameter/comment")" fi # Ensure __ssh_authorized_key does not read stdin __ssh_authorized_key "$@" < /dev/null done < "$__object/parameter/key" if [ -f "$__object/parameter/remove-unknown" ] && [ -s "$__object/explorer/keys" ] then while read -r key do type_and_key="$( _type_and_key "$key" )" if grep -Fq "$type_and_key" "$__object/parameter/key" then continue fi __ssh_authorized_key "remove-$( _cksum "$file$key" )" \ --file "$file" \ --key "$key" \ --state absent \ < /dev/null done \ < "$__object/explorer/keys" fi cdist/cdist/conf/type/__ssh_authorized_keys/parameter/000077500000000000000000000000001427155744700235645ustar00rootroot00000000000000cdist/cdist/conf/type/__ssh_authorized_keys/parameter/boolean000066400000000000000000000000371427155744700251260ustar00rootroot00000000000000noparent nofile remove-unknown cdist/cdist/conf/type/__ssh_authorized_keys/parameter/default/000077500000000000000000000000001427155744700252105ustar00rootroot00000000000000cdist/cdist/conf/type/__ssh_authorized_keys/parameter/default/state000066400000000000000000000000101427155744700262420ustar00rootroot00000000000000present cdist/cdist/conf/type/__ssh_authorized_keys/parameter/optional000066400000000000000000000000311427155744700253260ustar00rootroot00000000000000comment file owner state cdist/cdist/conf/type/__ssh_authorized_keys/parameter/optional_multiple000066400000000000000000000000071427155744700272440ustar00rootroot00000000000000option cdist/cdist/conf/type/__ssh_authorized_keys/parameter/required_multiple000066400000000000000000000000041427155744700272340ustar00rootroot00000000000000key cdist/cdist/conf/type/__ssh_dot_ssh/000077500000000000000000000000001427155744700200365ustar00rootroot00000000000000cdist/cdist/conf/type/__ssh_dot_ssh/explorer/000077500000000000000000000000001427155744700216765ustar00rootroot00000000000000cdist/cdist/conf/type/__ssh_dot_ssh/explorer/group000077500000000000000000000016601427155744700227630ustar00rootroot00000000000000#!/bin/sh # # 2014 Steven Armstrong (steven-cdist at armstrong.cc) # 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # gid=$("$__type_explorer/passwd" | cut -d':' -f4) if command -v getent >/dev/null then getent group "$gid" || true else awk -F: "\$3 == \"$gid\" { print }" /etc/group fi cdist/cdist/conf/type/__ssh_dot_ssh/explorer/passwd000077500000000000000000000021521427155744700231250ustar00rootroot00000000000000#!/bin/sh # # 2012 Steven Armstrong (steven-cdist at armstrong.cc) # 2014 Nico Schottelius (nico-cdist at schottelius.org) # 2019 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # owner="$__object_id" if command -v getent >/dev/null then getent passwd "$owner" || true else case $owner in [0-9][0-9]*) awk -F: "\$3 == \"$owner\" { print }" /etc/passwd ;; *) grep "^$owner:" /etc/passwd || true ;; esac fi cdist/cdist/conf/type/__ssh_dot_ssh/man.rst000066400000000000000000000017001427155744700213410ustar00rootroot00000000000000cdist-type__ssh_dot_ssh(7) ========================== NAME ---- cdist-type__ssh_dot_ssh - Manage .ssh directory DESCRIPTION ----------- Adds or removes .ssh directory to a user home. This type is being used by __ssh_authorized_keys. OPTIONAL PARAMETERS ------------------- state if the directory should be 'present' or 'absent', defaults to 'present'. EXAMPLES -------- .. code-block:: sh # Ensure root has ~/.ssh with the right permissions __ssh_dot_ssh root # Nico does not need ~/.ssh anymore __ssh_dot_ssh nico --state absent SEE ALSO -------- :strong:`cdist-type__ssh_authorized_keys`\ (7) AUTHORS ------- Nico Schottelius COPYING ------- Copyright \(C) 2014 Nico Schottelius. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__ssh_dot_ssh/manifest000077500000000000000000000026061427155744700215760ustar00rootroot00000000000000#!/bin/sh -e # # 2012-2014 Steven Armstrong (steven-cdist at armstrong.cc) # 2014 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # Hacked in Kalamata, Greece # owner="$__object_id" state="$(cat "$__object/parameter/state")" group="$(cut -d':' -f 1 "$__object/explorer/group")" if [ -z "$group" ]; then echo "Failed to get owners group from explorer." >&2 exit 1 fi home="$(cut -d':' -f 6 "$__object/explorer/passwd")" if [ -z "$home" ]; then echo "Failed to get home directory from explorer." >&2 exit 1 fi ssh_directory="${home}/.ssh" # Ensure that the directory in which the authorized_keys shall be exists and # has the right permissions. __directory "$ssh_directory" \ --state "$state" \ --owner "$owner" --group "$group" --mode 0700 cdist/cdist/conf/type/__ssh_dot_ssh/parameter/000077500000000000000000000000001427155744700220165ustar00rootroot00000000000000cdist/cdist/conf/type/__ssh_dot_ssh/parameter/default/000077500000000000000000000000001427155744700234425ustar00rootroot00000000000000cdist/cdist/conf/type/__ssh_dot_ssh/parameter/default/state000066400000000000000000000000101427155744700244740ustar00rootroot00000000000000present cdist/cdist/conf/type/__ssh_dot_ssh/parameter/optional000066400000000000000000000000061427155744700235620ustar00rootroot00000000000000state cdist/cdist/conf/type/__sshd_config/000077500000000000000000000000001427155744700200045ustar00rootroot00000000000000cdist/cdist/conf/type/__sshd_config/explorer/000077500000000000000000000000001427155744700216445ustar00rootroot00000000000000cdist/cdist/conf/type/__sshd_config/explorer/state000066400000000000000000000063051427155744700227130ustar00rootroot00000000000000#!/bin/sh -e # # 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # Determines the current state of the config option. # Possible output: # - present: "should" option present in config file # - default: the "should" option is the default -> don’t know if present # - absent: no such option present in config file # joinlines() { sed -n -e H -e "\${x;s/^\\n//;s/\\n/${1:?}/g;p;}"; } trlower() { tr '[:upper:]' '[:lower:]'; } tolower() { printf '%s' "$*" | trlower; } default_value() { sshd -T -f /dev/null -C "$(make_conn_spec)" \ | sed -n -e 's/^'"$(tolower "${1:?}")"'[[:blank:]]\{1,\}//p' } make_conn_spec() { if test -s "${__object:?}/parameter/match" then _match_file="${__object:?}/parameter/match" else _match_file='/dev/null' fi for _kw in \ addr=Address \ user=User \ host=Host \ laddr=LocalAddress \ lport=LocalPort \ rdomain=RDomain do _specname=${_kw%%=*} _confname=$(tolower "${_kw#*=}") while read -r _k _v do if test "$(tolower "${_k}")" = "${_confname}" then printf '%s=%s\n' "${_specname}" "${_v}" continue 2 fi done <"${_match_file}" # NOTE: Print test spec even for empty keys to suppress errors like: # 'Match User' in configuration but 'user' not in connection test specification. # except lport: # Invalid port '' in test mode specification lport= test "${_specname}" = 'lport' || printf '%s=\n' "${_specname}" done \ | joinlines ',' unset _match_file } sshd_config_file=$(cat "${__object:?}/parameter/file") state_should=$(cat "${__object:?}/parameter/state") if test -s "${__object:?}/parameter/option" then option_name=$(cat "${__object:?}/parameter/option") else option_name=${__object_id:?} fi value_should=$(cat "${__object:?}/parameter/value" 2>/dev/null) \ || test "${state_should}" = absent || exit 0 # param optional if --state absent command -v sshd >/dev/null 2>&1 || { echo 'Cannot find sshd.' >&2 exit 1 } test -e "${sshd_config_file}" || { echo 'absent' exit 0 } value_is=$( sshd -T -f "${sshd_config_file}" -C "$(make_conn_spec)" \ | sed -n -e 's/^'"$(tolower "${option_name}")"'[[:blank:]]\{1,\}//p') if printf '%s\n' "${value_is}" | { if test -n "${value_should}" then grep -q -x -F "${value_should}" else # if no value provided, assume "any" value grep -q -e . fi } then if default_value "${option_name}" | grep -q -x -F "${value_is}" then # Might produce false positives for default values. # TODO: Manual checking should be done, but for simplicity, this case is # currently ignored here. echo default else echo present fi else echo absent fi cdist/cdist/conf/type/__sshd_config/files/000077500000000000000000000000001427155744700211065ustar00rootroot00000000000000cdist/cdist/conf/type/__sshd_config/files/update_sshd_config.awk000066400000000000000000000147521427155744700254530ustar00rootroot00000000000000# -*- mode: awk; indent-tabs-mode: t -*- function usage() { print_err("Usage: awk -f update_sshd_config.awk -- -o set|unset [-m 'User git'] -l 'X11Forwarding no' /etc/ssh/sshd_config") } function print_err(s) { print s | "cat >&2" } function alength(a, i) { for (i = 0; (i + 1) in a; ++i); return i } function join(sep, a, i, s) { for (i = i ? i : 1; i in a; i++) s = s sep a[i] return substr(s, 2) } function getopt(opts, argv, target, files, i, c, lv, idx, nf) { # trivial getopt(3) implementation; only basic functionality if (argv[1] == "--") i++ for (i += 1; i in argv; i++) { if (lv) { target[c] = argv[i]; lv = 0; continue } if (argv[i] ~ /^-/) { c = substr(argv[i], 2, 1) idx = index(opts, c) if (!idx) { print_err(sprintf("invalid option -%c\n", c)) continue } if (substr(opts, idx + 1, 1) == ":") { # option takes argument if (length(argv[i]) > 2) target[c] = substr(argv[i], 3) else lv = 1 } else { target[c] = 1 } } else files[++nf] = argv[i] } } # tokenise configuration line # this function mimics the counterpart in OpenSSH (misc.c) # but it returns two (next token SUBSEP rest) because I didn’t want to have to # simulate any pointer magic. function strdelim_internal(s, split_equals, old) { if (!s) return "" old = s if (!match(s, WHITESPACE "|" QUOTE "" (split_equals ? "|" EQUALS : ""))) return s s = substr(s, RSTART) old = substr(old, 1, RSTART - 1) if (s ~ "^" QUOTE) { old = substr(old, 2) # Find matching quote if (match(s, QUOTE)) { old = substr(old, 1, RSTART) # s = substr() if (match(s, "^" WHITESPACE "*")) s = substr(s, RLENGTH) return old } else { # no matching quote return "" } } if (match(s, "^" WHITESPACE "+")) { sub("^" WHITESPACE "+", "", s) if (split_equals) sub(EQUALS WHITESPACE "*", "", s) } else if (s ~ "^" EQUALS) { s = substr(s, 2) } return old SUBSEP s } function strdelim(s) { return strdelim_internal(s, 1) } function strdelimw(s) { return strdelim_internal(s, 0) } function singleton_option(opt) { return tolower(opt) !~ /^(acceptenv|allowgroups|allowusers|denygroups|denyusers|hostcertificate|hostkey|listenaddress|logverbose|permitlisten|permitopen|port|setenv|subsystem)$/ } function print_update() { if (mode) { if (match_only) printf "\t" printf "%s\n", line_should updated = 1 } } BEGIN { FS = "\n" # disable field splitting WHITESPACE = "[ \t]" # servconf.c, misc.c:strdelim_internal (without line breaks, cf. bugs) QUOTE = "[\"]" # misc.c:strdelim_internal EQUALS = "[=]" split("", opts) split("", files) getopt("ho:l:m:", ARGV, opts, files) if (opts["h"]) { usage(); exit (e="0") } line_should = opts["l"] match_only = opts["m"] num_files = alength(files) if (num_files != 1 || !opts["o"] || !line_should) { usage() exit (e=126) } if (opts["o"] == "set") { mode = 1 } else if (opts["o"] == "unset") { mode = 0 } else { print_err(sprintf("invalid mode %s\n", mode)) exit (e=1) } if (mode) { # loop over sshd_config twice! ARGV[2] = ARGV[1] = files[1] ARGC = 3 } else { # only loop once ARGV[1] = files[1] ARGC = 2 } split(strdelim(line_should), should, SUBSEP) option_should = tolower(should[1]) value_should = should[2] } { line = $0 # Strip trailing whitespace. Allow \f (form feed) at EOL only sub("(" WHITESPACE "|\f)*$", "", line) # Strip leading whitespace sub("^" WHITESPACE "*", "", line) if (match(line, "^#" WHITESPACE "*")) { prefix = substr(line, RSTART, RLENGTH) line = substr(line, RSTART + RLENGTH) } else { prefix = "" } line_type = "invalid" option_is = value_is = "" if (line) { split(strdelim(line), toks, SUBSEP) if (tolower(toks[1]) == "match") { MATCH = (prefix ~ /^#/ ? "#" : "") join(" ", toks, 2) line_type = "match" } else if (toks[1] ~ /^[A-Za-z][A-Za-z0-9]+$/) { # This could be an option line line_type = "option" option_is = tolower(toks[1]) value_is = toks[2] } } else { line_type = "empty" } } # mode: unset !mode { # delete matching config if (prefix !~ /^#/) if (MATCH == match_only && option_is == option_should) if (!value_should || value_should == value_is) next print next } # mode: set mode && NR == FNR { if (line_type == "option") { if (MATCH !~ /^#/) { if (prefix ~ /^#/) { # comment line last_occ[MATCH, "#" option_is] = FNR } else { # option line last_occ[MATCH, option_is] = FNR } last_occ[MATCH] = FNR } } else if (line_type == "invalid" && !prefix) { # INVALID LINE print_err(sprintf("%s: syntax error on line %u\n", ARGV[0], FNR)) } next } # before second pass prepare hashes containing location information to be used # in the second pass. mode && NR > FNR && FNR == 1 { # First we drop the locations of commented-out options if a non-commented # option is available. If a non-commented option is available, we will # append new config options there to have them all at one place. for (k in last_occ) { if (k ~ /^#/) { # delete entries of commented out match blocks delete last_occ[k] continue } split(k, parts, SUBSEP) if (parts[2] ~ /^#/ && ((parts[1], substr(parts[2], 2)) in last_occ)) delete last_occ[k] } # Reverse the option => line mapping. The line_map allows for easier lookups # in the second pass. # We only keep options, not top-level keywords, because we can only have # one entry per line and there are conflicts with last lines of "sections". for (k in last_occ) { if (!index(k, SUBSEP)) continue line_map[last_occ[k]] = k } } # Second pass mode && line_map[FNR] == match_only SUBSEP option_should && !updated { split(line_map[FNR], parts, SUBSEP) # If option allows multiple values, print current value if (!singleton_option(parts[2])) { if (value_should != value_is) print } print_update() next } mode { print } # Is a comment option mode && line_map[FNR] == match_only SUBSEP "#" option_should && !updated { print_update() } # Last line of the should match section mode && last_occ[match_only] == FNR && !updated { # NOTE: Inserting empty lines is only cosmetic. It is only done if # different options are next to each other and not in a match block # (match blocks are usually not in the default config and thus don’t # contain commented blocks.) if (line && option_is != option_should && !MATCH) print "" print_update() } END { if (e) exit e if (mode && !updated) { if (match_only && MATCH != match_only) { printf "\nMatch %s\n", match_only } print_update() } } cdist/cdist/conf/type/__sshd_config/gencode-remote000077500000000000000000000052631427155744700226350ustar00rootroot00000000000000#!/bin/sh -e # # 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # joinlines() { sed -n -e H -e "\${x;s/^\\n//;s/\\n/${1:?}/g;p;}"; } state_is=$(cat "${__object:?}/explorer/state") state_should=$(cat "${__object:?}/parameter/state") if test "${state_is}" = "${state_should}" -o "${state_is}" = 'default' then # nothing to do (if the value is the default, ignore its state) exit 0 fi case ${state_should} in (present) mode='set' ;; (absent) mode='unset' ;; (*) printf 'Invalid --state: %s\n' "${state_should}" >&2 exit 1 ;; esac sshd_config_file=$(cat "${__object:?}/parameter/file") quote() { printf "'%s'" "$(printf '%s' "$*" | sed -e "s/'/'\\\\''/g")"; } drop_awk_comments() { quote "$(sed '/^[[:blank:]]*#.*$/d;/^$/d' "$@")"; } # Ensure the sshd_config file is there cat <$(quote "${sshd_config_file}") chown 0:0 $(quote "${sshd_config_file}") chmod 0644 $(quote "${sshd_config_file}") } EOF match_only= if test -s "${__object:?}/parameter/match" then match_only=$(joinlines ' ' <"${__object:?}/parameter/match") fi if test -s "${__object:?}/parameter/option" then option_line=$(cat "${__object:?}/parameter/option") else option_line=${__object_id:?} fi if test -s "${__object:?}/parameter/value" then option_line="${option_line} $(cat "${__object:?}/parameter/value")" fi # Send message on config update printf '%s%s %s\n' "${mode}" "${match_only:+ [${match_only}]}" \ "${option_line}" >>"${__messages_out:?}" # Update sshd_config (remote code) cat <$(quote "${sshd_config_file}.tmp") \\ || exit cmp -s $(quote "${sshd_config_file}") $(quote "${sshd_config_file}.tmp") || { sshd -t -f $(quote "${sshd_config_file}.tmp") \\ && cat $(quote "${sshd_config_file}.tmp") >$(quote "${sshd_config_file}") \\ || exit # stop if sshd_config file check fails } rm -f $(quote "${sshd_config_file}.tmp") EOF cdist/cdist/conf/type/__sshd_config/man.rst000066400000000000000000000052071427155744700213150ustar00rootroot00000000000000cdist-type__sshd_config(7) ========================== NAME ---- cdist-type__sshd_config - Manage options in sshd_config DESCRIPTION ----------- This space intentionally left blank. REQUIRED PARAMETERS ------------------- None. OPTIONAL PARAMETERS ------------------- file The path to the sshd_config file to edit. Defaults to ``/etc/ssh/sshd_config``. match Restrict this option to apply only for certain connections. Allowed values are what would be allowed to be written after a ``Match`` keyword in ``sshd_config``, e.g. ``--match 'User anoncvs'``. Can be used multiple times. All of the values are ANDed together. option The name of the option to manipulate. Defaults to ``__object_id``. state Can be: - ``present``: ensure a matching config line is present (or the default value). - ``absent``: ensure no matching config line is present. value The option's value to be assigned to the option (if ``--state present``) or removed (if ``--state absent``). This option is required if ``--state present``. If not specified and ``--state absent``, all values for the given option are removed. BOOLEAN PARAMETERS ------------------ None. EXAMPLES -------- .. code-block:: sh # Disallow root logins with password __sshd_config PermitRootLogin --value without-password # Disallow password-based authentication __sshd_config PasswordAuthentication --value no # Accept the EDITOR environment variable __sshd_config AcceptEnv:EDITOR --option AcceptEnv --value EDITOR # Force command for connections as git user __sshd_config git@ForceCommand --match 'User git' --option ForceCommand \ --value 'cd ~git && exec git-shell ${SSH_ORIGINAL_COMMAND:+-c "${SSH_ORIGINAL_COMMAND}"}' SEE ALSO -------- :strong:`sshd_config`\ (5) BUGS ---- - This type assumes a nicely formatted config file, i.e. no config options spanning multiple lines. - ``Include`` directives are ignored. - Config options are not added/removed to/from the config file if their value is the default value. - | The explorer will incorrectly report ``absent`` if OpenSSH internally transforms one value to another (e.g. ``permitrootlogin prohibit-password`` is transformed to ``permitrootlogin without-password``). | Workaround: Use the value that OpenSSH uses internally. AUTHORS ------- Dennis Camera COPYING ------- Copyright \(C) 2020 Dennis Camera. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__sshd_config/manifest000077500000000000000000000031271427155744700215430ustar00rootroot00000000000000#!/bin/sh -e # # 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # os=$(cat "${__global:?}/explorer/os") state_should=$(cat "${__object:?}/parameter/state") case ${os} in (alpine|centos|fedora|redhat|scientific|debian|devuan|ubuntu) if test "${state_should}" != 'absent' then __package openssh-server --state present fi ;; (archlinux|gentoo|slackware|suse) if test "${state_should}" != 'absent' then __package openssh --state present fi ;; (freebsd|netbsd|openbsd) # whitelist ;; (openbmc-phosphor) # whitelist # OpenBMC can be configured with dropbear and OpenSSH. # If dropbear is used, the state explorer will already fail because it # cannot find the sshd binary. ;; (*) : "${__type:?}" # make shellcheck happy printf 'Your operating system (%s) is currently not supported by this type (%s)\n' \ "${os}" "${__type##*/}" >&2 printf 'Please contribute an implementation for it if you can.\n' >&2 exit 1 ;; esac cdist/cdist/conf/type/__sshd_config/parameter/000077500000000000000000000000001427155744700217645ustar00rootroot00000000000000cdist/cdist/conf/type/__sshd_config/parameter/default/000077500000000000000000000000001427155744700234105ustar00rootroot00000000000000cdist/cdist/conf/type/__sshd_config/parameter/default/file000066400000000000000000000000251427155744700242470ustar00rootroot00000000000000/etc/ssh/sshd_config cdist/cdist/conf/type/__sshd_config/parameter/default/state000066400000000000000000000000101427155744700244420ustar00rootroot00000000000000present cdist/cdist/conf/type/__sshd_config/parameter/optional000066400000000000000000000000301427155744700235250ustar00rootroot00000000000000file option state value cdist/cdist/conf/type/__sshd_config/parameter/optional_multiple000066400000000000000000000000061427155744700254430ustar00rootroot00000000000000match cdist/cdist/conf/type/__staged_file/000077500000000000000000000000001427155744700177645ustar00rootroot00000000000000cdist/cdist/conf/type/__staged_file/gencode-local000077500000000000000000000052061427155744700224110ustar00rootroot00000000000000#!/bin/sh -e # # 2015 Steven Armstrong (steven-cdist at armstrong.cc) # 2015 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # #set -x destination="$__object_id" source="$(cat "$__object/parameter/source")" stage_dir="$(cat "$__object/parameter/stage-dir")" state="$(cat "$__object/parameter/state")" fetch_command="$(cat "$__object/parameter/fetch-command")" stage_file="${stage_dir}/${destination}" stage_file_dir="${stage_file%/*}" source_file_name="${source##*/}" if [ "$state" = "absent" ]; then # nothing to do exit 0 fi #printf 'set -x\n' if [ ! -d "$stage_dir" ]; then printf 'mkdir -p "%s"\n' "$stage_dir" printf 'chmod 700 "%s"\n' "$stage_dir" fi if [ ! -d "$stage_file_dir" ]; then printf 'mkdir -p "%s"\n' "$stage_file_dir" fi get_file() { if [ -f "$__object/parameter/prepare-command" ]; then fetch_and_prepare_file else fetch_file fi } fetch_file() { # shellcheck disable=SC2059 printf "$fetch_command" "$source" printf ' > "%s"\n' "$stage_file" } fetch_and_prepare_file() { # shellcheck disable=SC2016 printf 'tmpdir="$(mktemp -d -p "/tmp" "%s")"\n' "${__type##*/}.XXXXXXXXXX" # shellcheck disable=SC2016 printf 'cd "$tmpdir"\n' # shellcheck disable=SC2059 printf "$fetch_command > \"%s\"\\n" "$source" "$source_file_name" prepare_command="$(cat "$__object/parameter/prepare-command")" # shellcheck disable=SC2059 printf "$prepare_command > \"%s\"\\n" "$source_file_name" "$stage_file" printf 'cd - >/dev/null\n' # shellcheck disable=SC2016 printf 'rm -rf "$tmpdir"\n' } cat << DONE verify_cksum() { cksum_is="\$(cksum "$stage_file" | cut -d' ' -f1,2)" cksum_should="$(cut -d' ' -f1,2 "$__object/parameter/cksum")" if [ "\$cksum_is" = "\$cksum_should" ]; then return 0 else return 1 fi } DONE if [ ! -f "$stage_file" ]; then get_file else printf 'verify_cksum || {\n' get_file printf '}\n' fi cat << DONE verify_cksum || { echo "Failed to verify checksum for $__object_name" >&2 exit 1 } DONE cdist/cdist/conf/type/__staged_file/man.rst000066400000000000000000000060701427155744700212740ustar00rootroot00000000000000cdist-type__staged_file(7) ========================== NAME ---- cdist-type__staged_file - Manage staged files DESCRIPTION ----------- Manages a staged file that is downloaded on the server (the machine running cdist) and then deployed to the target host using the __file type. REQUIRED PARAMETERS ------------------- source the URL from which to retrieve the source file. e.g. * https://dl.bintray.com/mitchellh/consul/0.4.1_linux_amd64.zip * file:///path/to/local/file cksum the output of running the command: `cksum $source-file` e.g.:: $ echo foobar > /tmp/foobar $ cksum /tmp/foobar 857691210 7 /tmp/foobar If either checksum or file size has changed the file will be (re)fetched from the --source. The file name can be omitted and is ignored if given. OPTIONAL PARAMETERS ------------------- fetch-command the command used to fetch the staged file using printf formatting. Where a single %s will be replaced with the value of the given --source parameter. The --fetch-command is expected to output the fetched file to stdout. Defaults to 'curl -s -L "%s"'. group see cdist-type__file owner see cdist-type__file mode see cdist-type__file prepare-command the optional command used to prepare or preprocess the staged file for later use by the file type. If given, it must be a string in printf formatting where a single %s will be replaced with the last segment (filename) of the value of the given --source parameter. It is executed in the same directory into which the fetched file has been saved. The --prepare-command is expected to output the final file to stdout. So for example given a --source of https://example.com/my-zip.zip, and a --prepare-command of 'unzip -p "%s"', the code `unzip -p "my-zip.zip"` will be executed in the folder containing the downloaded file my-zip.zip. A more complex example might be --prepare-command 'tar -xz "%s"; cat path/from/archive' stage-dir the directory in which to store downloaded and prepared files. Defaults to '/var/tmp/cdist/__staged_file' state see cdist-type__file EXAMPLES -------- .. code-block:: sh __staged_file /usr/local/bin/consul \ --source file:///path/to/local/copy/consul \ --cksum '428915666 15738724' \ --state present \ --group root \ --owner root \ --mode 755 __staged_file /usr/local/bin/consul \ --source https://dl.bintray.com/mitchellh/consul/0.4.1_linux_amd64.zip \ --cksum '428915666 15738724' \ --fetch-command 'curl -s -L "%s"' \ --prepare-command 'unzip -p "%s"' \ --state present \ --group root \ --owner root \ --mode 755 SEE ALSO -------- :strong:`cdist-type__file`\ (7) AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2015 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__staged_file/manifest000077500000000000000000000021261427155744700215210ustar00rootroot00000000000000#!/bin/sh -e # # 2015 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # destination="$__object_id" stage_dir="$(cat "$__object/parameter/stage-dir")" stage_file="${stage_dir}/${destination}" set -- "/${destination}" for param in owner group mode state; do if [ -f "$__object/parameter/$param" ]; then set -- "$@" "--${param}" "$(cat "$__object/parameter/$param")" fi done set -- "$@" --source "$stage_file" require="$__object_name" \ __file "$@" cdist/cdist/conf/type/__staged_file/parameter/000077500000000000000000000000001427155744700217445ustar00rootroot00000000000000cdist/cdist/conf/type/__staged_file/parameter/default/000077500000000000000000000000001427155744700233705ustar00rootroot00000000000000cdist/cdist/conf/type/__staged_file/parameter/default/fetch-command000066400000000000000000000000201427155744700260100ustar00rootroot00000000000000curl -s -L "%s" cdist/cdist/conf/type/__staged_file/parameter/default/stage-dir000066400000000000000000000000351427155744700251700ustar00rootroot00000000000000/var/tmp/cdist/__staged_file cdist/cdist/conf/type/__staged_file/parameter/default/state000066400000000000000000000000101427155744700244220ustar00rootroot00000000000000present cdist/cdist/conf/type/__staged_file/parameter/optional000066400000000000000000000000771427155744700235200ustar00rootroot00000000000000fetch-command group owner mode prepare-command stage-dir state cdist/cdist/conf/type/__staged_file/parameter/required000066400000000000000000000000151427155744700235030ustar00rootroot00000000000000cksum source cdist/cdist/conf/type/__start_on_boot/000077500000000000000000000000001427155744700203725ustar00rootroot00000000000000cdist/cdist/conf/type/__start_on_boot/explorer/000077500000000000000000000000001427155744700222325ustar00rootroot00000000000000cdist/cdist/conf/type/__start_on_boot/explorer/state000066400000000000000000000060751427155744700233050ustar00rootroot00000000000000#!/bin/sh # # 2012-2019 Nico Schottelius (nico-cdist at schottelius.org) # 2013 Daniel Heule (hda at sfs.biz) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # Check whether the given name will be started on boot or not # os=$("$__explorer/os") runlevel=$("$__explorer/runlevel") init=$("$__explorer/init") target_runlevel="$(cat "$__object/parameter/target_runlevel")" name="$__object_id" if [ "$init" = 'systemd' ]; then # this handles ALL linux distros with systemd # e.g. archlinux, gentoo, new RHEL and SLES versions state=$(systemctl is-enabled "$name" >/dev/null 2>&1 \ && echo present \ || echo absent) else case "$os" in debian|openwrt|devuan) state="absent" for file in "/etc/rc$runlevel.d/S"??"$name" do if [ -f "$file" ] then state="present" break fi done ;; ubuntu) state="absent" for file in "/etc/rc$runlevel.d/S"??"$name" do if [ -f "$file" ] then state="present" break fi done [ -f "/etc/init/${name}.conf" ] && state="present" ;; amazon|scientific|centos|fedora|owl|redhat) state=$(chkconfig --level "$runlevel" "$name" || echo absent) [ "$state" ] || state="present" ;; suse) # check for target if set, usable for boot. services in runlevel B if [ "$target_runlevel" != 'default' ]; then runlevel="$target_runlevel" fi # suses chkconfig has the same name, but works different ... state=$(chkconfig --check "$name" "$runlevel" || echo absent) [ "$state" ] || state="present" ;; gentoo|alpine) state="absent" for d in /etc/runlevels/*; do if [ -f "/etc/runlevels/${d}/${name}" ];then state="present" break fi done ;; freebsd) state="absent" service -e | grep "/$name$" && state="present" ;; openbsd) state='absent' # OpenBSD 5.7 and higher rcctl ls on | grep "^${name}$" && state='present' ;; *) echo "Unsupported os: $os" >&2 exit 1 ;; esac fi echo $state cdist/cdist/conf/type/__start_on_boot/gencode-remote000077500000000000000000000102611427155744700232150ustar00rootroot00000000000000#!/bin/sh -e # # 2012-2013 Nico Schottelius (nico-cdist at schottelius.org) # 2016 Daniel Heule (hda at sfs.biz) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # state_should="$(cat "$__object/parameter/state")" state_is=$(cat "$__object/explorer/state") init=$(cat "$__global/explorer/init") target_runlevel="$(cat "$__object/parameter/target_runlevel")" # Short circuit if nothing is to be done [ "$state_should" = "$state_is" ] && exit 0 os=$(cat "$__global/explorer/os") os_version=$(cat "$__global/explorer/os_version") name="$__object_id" case "$state_should" in present) if [ "$init" = 'systemd' ]; then # this handles ALL linux distros with systemd # e.g. archlinux, gentoo in some cases, new RHEL and SLES versions echo "systemctl -q enable '$name'" else case "$os" in debian) case "$os_version" in [1-7]*) echo "update-rc.d '$name' defaults >/dev/null" ;; 8*) echo "systemctl enable '$name'" ;; *) echo "Unsupported version $os_version of $os" >&2 exit 1 ;; esac ;; devuan) echo "update-rc.d '$name' defaults >/dev/null" ;; alpine|gentoo) echo "rc-update add '$name' '$target_runlevel'" ;; amazon|scientific|centos|fedora|owl|redhat|suse) echo "chkconfig '$name' on" ;; openwrt) # 'enable' can be successful and still return a non-zero exit # code, deal with it by checking for success ourselves in that # case (the || ... part). echo "'/etc/init.d/$name' enable || [ -f /etc/rc.d/S??'$name' ]" ;; ubuntu) echo "update-rc.d '$name' defaults >/dev/null" ;; freebsd) : # handled in manifest ;; openbsd) # OpenBSD 5.7 and higher echo "rcctl enable '$name'" ;; *) echo "Unsupported os: $os" >&2 exit 1 ;; esac fi ;; absent) if [ "$init" = 'systemd' ]; then # this handles ALL linux distros with systemd # e.g. archlinux, gentoo in some cases, new RHEL and SLES versions echo "systemctl -q disable '$name'" else case "$os" in debian|ubuntu|devuan) echo "update-rc.d -f '$name' remove" ;; alpine|gentoo) echo "rc-update del '$name' '$target_runlevel'" ;; centos|fedora|owl|redhat|suse) echo "chkconfig '$name' off" ;; openwrt) echo "'/etc/init.d/$name' disable" ;; openbsd) # OpenBSD 5.7 and higher echo "rcctl disable '$name'" ;; *) echo "Unsupported os: $os" >&2 exit 1 ;; esac fi ;; *) echo "Unknown state: $state_should" >&2 exit 1 ;; esac cdist/cdist/conf/type/__start_on_boot/man.rst000066400000000000000000000023771427155744700217100ustar00rootroot00000000000000cdist-type__start_on_boot(7) ============================ NAME ---- cdist-type__start_on_boot - Manage stuff to be started at boot DESCRIPTION ----------- This cdist type allows you to enable or disable stuff to be started at boot of your operating system. Warning: This type has not been tested intensively and is not fully supported. REQUIRED PARAMETERS ------------------- None. OPTIONAL PARAMETERS ------------------- state Either "present" or "absent", defaults to "present" target_runlevel Runlevel which should be modified, defaults to "default" (only used on gentoo systems). EXAMPLES -------- .. code-block:: sh # Ensure snmpd is started at boot __start_on_boot snmpd # Same, but more explicit __start_on_boot snmpd --state present # Ensure legacy configuration management will not be started __start_on_boot puppet --state absent SEE ALSO -------- :strong:`cdist-type__process`\ (7) AUTHORS ------- Nico Schottelius COPYING ------- Copyright \(C) 2012-2019 Nico Schottelius. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__start_on_boot/manifest000066400000000000000000000010701427155744700221210ustar00rootroot00000000000000#!/bin/sh -e state_should="$(cat "$__object/parameter/state")" state_is=$(cat "$__object/explorer/state") name="$__object_id" # Short circuit if nothing is to be done [ "$state_should" = "$state_is" ] && exit 0 os=$(cat "$__global/explorer/os") case "$os" in freebsd) if [ "$state_should" = 'present' ]; then value='YES' else value='NO' fi __key_value "rcconf-$name-enable" \ --file /etc/rc.conf \ --key "${name}_enable" \ --value "\"$value\"" \ --delimiter '=' ;; *) : # handled in gencode-remote ;; esac cdist/cdist/conf/type/__start_on_boot/parameter/000077500000000000000000000000001427155744700223525ustar00rootroot00000000000000cdist/cdist/conf/type/__start_on_boot/parameter/default/000077500000000000000000000000001427155744700237765ustar00rootroot00000000000000cdist/cdist/conf/type/__start_on_boot/parameter/default/state000066400000000000000000000000101427155744700250300ustar00rootroot00000000000000present cdist/cdist/conf/type/__start_on_boot/parameter/default/target_runlevel000066400000000000000000000000101427155744700271120ustar00rootroot00000000000000default cdist/cdist/conf/type/__start_on_boot/parameter/optional000066400000000000000000000000261427155744700241200ustar00rootroot00000000000000state target_runlevel cdist/cdist/conf/type/__sysctl/000077500000000000000000000000001427155744700170375ustar00rootroot00000000000000cdist/cdist/conf/type/__sysctl/explorer/000077500000000000000000000000001427155744700206775ustar00rootroot00000000000000cdist/cdist/conf/type/__sysctl/explorer/conf-path000077500000000000000000000014731427155744700225110ustar00rootroot00000000000000#!/bin/sh # # 2018 Darko Poljak (darko.poljak at gmail.com) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # if [ -d "/etc/sysctl.d" ]; then echo "/etc/sysctl.d/99-Z-sysctl-cdist.conf"; else echo "/etc/sysctl.conf"; fi cdist/cdist/conf/type/__sysctl/explorer/value000077500000000000000000000015201427155744700217370ustar00rootroot00000000000000#!/bin/sh -e # # 2014 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # if test "$(uname -s)" = NetBSD then PATH=$(getconf PATH) fi # get the current runtime value sysctl -n "${__object_id}" || true cdist/cdist/conf/type/__sysctl/gencode-remote000077500000000000000000000030771427155744700216710ustar00rootroot00000000000000#!/bin/sh -e # # 2014 Steven Armstrong (steven-cdist at armstrong.cc) # 2018 Takashi Yoshi (takashi at yoshi.email) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # value_should="$(cat "$__object/parameter/value")" value_is="$(cat "$__object/explorer/value")" if [ "$value_should" = "$value_is" ]; then # Nothing to do exit 0 fi os=$(cat "$__global/explorer/os") case "$os" in # Linux redhat|centos|ubuntu|debian|devuan|archlinux|gentoo|coreos) flag='-w' ;; # BusyBox alpine|openwrt) flag='-w' ;; macosx) # NOTE: Older versions of Mac OS X require the -w option. # Even though the flag is not mentioned in new man pages anymore, # it still works. flag='-w' ;; netbsd) # shellcheck disable=SC2016 echo 'PATH=$(getconf PATH)' flag='-w' ;; freebsd|openbsd) flag='' ;; esac # set the current runtime value printf 'sysctl %s %s="%s"\n' "$flag" "$__object_id" "$value_should" cdist/cdist/conf/type/__sysctl/man.rst000066400000000000000000000020241427155744700203420ustar00rootroot00000000000000cdist-type__sysctl(7) ===================== NAME ---- cdist-type__sysctl - manage sysctl settings DESCRIPTION ----------- Manages permanent as well as runtime sysctl settings. Permament settings are set by managing entries in /etc/sysctl.conf. Runtime settings are set by directly calling the sysctl executable. REQUIRED PARAMETERS ------------------- value The value to set for the given key (object_id) EXAMPLES -------- .. code-block:: sh __sysctl net.ipv4.ip_forward --value 1 # On some operating systems, e.g. NetBSD, to prevent an error if the # MIB style name does not exist (e.g. optional kernel components), # name and value can be separated by `?=`. The same effect can be achieved # in cdist by appending a `?` to the key: __sysctl ddb.onpanic? --value -1 AUTHORS ------- Steven Armstrong COPYING ------- Copyright \(C) 2014 Steven Armstrong. Free use of this software is granted under the terms of the GNU General Public License version 3 or later (GPLv3+). cdist/cdist/conf/type/__sysctl/manifest000077500000000000000000000026171427155744700206010ustar00rootroot00000000000000#!/bin/sh -e # # 2014 Steven Armstrong (steven-cdist at armstrong.cc) # 2018 Takashi Yoshi (takashi at yoshi.email) # 2019 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # os=$(cat "$__global/explorer/os") case "$os" in # Linux alpine|redhat|centos|ubuntu|debian|devuan|archlinux|coreos) : ;; # BSD freebsd|macosx|netbsd|openbsd) : ;; *) echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2 echo "Please contribute an implementation for it if you can." >&2 exit 1 ;; esac conf_path=$(cat "$__object/explorer/conf-path") __key_value "$__object_name" \ --key "$__object_id" \ --file "${conf_path}" \ --value "$(cat "$__object/parameter/value")" \ --delimiter '=' cdist/cdist/conf/type/__sysctl/parameter/000077500000000000000000000000001427155744700210175ustar00rootroot00000000000000cdist/cdist/conf/type/__sysctl/parameter/required000066400000000000000000000000061427155744700225560ustar00rootroot00000000000000value cdist/cdist/conf/type/__systemd_service/000077500000000000000000000000001427155744700207265ustar00rootroot00000000000000cdist/cdist/conf/type/__systemd_service/explorer/000077500000000000000000000000001427155744700225665ustar00rootroot00000000000000cdist/cdist/conf/type/__systemd_service/explorer/state000077500000000000000000000027311427155744700236370ustar00rootroot00000000000000#!/bin/sh -e # explorer/state # # 2020 Matthias Stecher # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # Check if the service is running or stopped. # # The explorer must check before if the service exist, because 'systemctl is-active' # will return "inactive" even if there is no service there: # systemctl cat foo # does not exist # systemctl is-active foo # is "inactive" # get name of the service if [ -f "$__object/parameter/name" ]; then name="$(cat "$__object/parameter/name")" else name="$__object_id" fi # check if the service exist, else exit without output (also if systemd doesn't exist) # do not exit here with an error code, will be done in the gencode-remote script systemctl cat "$name" > /dev/null 2>&1 || exit 0 # print if the service is running or not systemctl is-active -q "$name" && printf "running" || printf "stopped" cdist/cdist/conf/type/__systemd_service/gencode-remote000077500000000000000000000054441427155744700235600ustar00rootroot00000000000000#!/bin/sh -e # gencode-remote # # 2020 Matthias Stecher # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # Checks the given state of the service and set it to the given # state. Optionally, it executes the action if service running. # get name of the service name="$__object/parameter/name" if [ -f "$name" ]; then name="$(cat "$name")" else name="$__object_id" fi # read current status and parameters state="$(cat "$__object/explorer/state")" should="$(cat "$__object/parameter/state")" # if systemd/service does not exist if [ -z "$state" ]; then printf "systemd or service '%s' does not exist!\n" "$name" >&2 exit 1 fi # save the action required required_action="" # check the state of the service that should be if [ "$state" != "$should" ]; then # select what to do to get the $should state case "$should" in running) if [ "$state" = "stopped" ]; then required_action="start"; fi ;; stopped) if [ "$state" = "running" ]; then required_action="stop"; fi ;; esac fi # check if the action can be achieved if given if [ -f "$__object/parameter/action" ] \ && [ -z "$required_action" ] && [ "$state" = "running" ]; then # there must be an action action="$(cat "$__object/parameter/action")" # select the action to the required element case "$action" in restart) required_action="restart" ;; reload) required_action="reload" ;; *) printf "action '%s' does not exist!" "$action" >&2 exit 2 esac # Make a special check: only do this action if a dependency did something # it is required that the dependencies write there action to $__messages_in if [ -f "$__object/parameter/if-required" ]; then # exit here if there are no changes from the dependencies affected (nothing to do) if ! grep -q -f "$__object/require" "$__messages_in"; then exit 0; fi fi fi # print the execution command if a action given if [ -n "$required_action" ]; then # also print it as message echo "$required_action" >> "$__messages_out" echo "systemctl $required_action '$name'" fi cdist/cdist/conf/type/__systemd_service/man.rst000066400000000000000000000046401427155744700222370ustar00rootroot00000000000000cdist-type__systemd_service(7) ============================== NAME ---- cdist-type__systemd_service - Controls a systemd service state DESCRIPTION ----------- This type controls systemd services to define a state of the service, or an action like reloading or restarting. It is useful to reload a service after configuration applied or shutdown one service. The activation or deactivation is out of scope. Look for the :strong:`cdist-type__systemd_util`\ (7) type instead. REQUIRED PARAMETERS ------------------- None. OPTIONAL PARAMETERS ------------------- name String which will used as name instead of the object id. state The state which the service should be in: running Service should run (default) stopped Service should be stopped action Executes an action on on the service. It will only execute it if the service keeps the state ``running``. There are following actions, where: reload Reloads the service restart Restarts the service BOOLEAN PARAMETERS ------------------ if-required Only execute the action if at minimum one required type outputs a message to ``$__messages_out``. Through this, the action should only executed if a dependency did something. The action will not executed if no dependencies given. MESSAGES -------- start Started the service stop Stopped the service restart Restarted the service reload Reloaded the service ABORTS ------ Aborts in following cases: systemd or the service does not exist EXAMPLES -------- .. code-block:: sh # service must run __systemd_service nginx # service must stopped __systemd_service sshd \ --state stopped # restart the service __systemd_service apache2 \ --action restart # makes sure the service exist with an alternative name __systemd_service foo \ --name sshd # reload the service for a modified configuration file # only reloads the service if the file really changed require="__file/etc/foo.conf" __systemd_service foo \ --action reload --if-required AUTHORS ------- Matthias Stecher COPYRIGHT --------- Copyright \(C) 2020 Matthias Stecher. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__systemd_service/parameter/000077500000000000000000000000001427155744700227065ustar00rootroot00000000000000cdist/cdist/conf/type/__systemd_service/parameter/boolean000066400000000000000000000000141427155744700242430ustar00rootroot00000000000000if-required cdist/cdist/conf/type/__systemd_service/parameter/default/000077500000000000000000000000001427155744700243325ustar00rootroot00000000000000cdist/cdist/conf/type/__systemd_service/parameter/default/state000066400000000000000000000000101427155744700253640ustar00rootroot00000000000000running cdist/cdist/conf/type/__systemd_service/parameter/optional000066400000000000000000000000221427155744700244500ustar00rootroot00000000000000name state action cdist/cdist/conf/type/__systemd_unit/000077500000000000000000000000001427155744700202455ustar00rootroot00000000000000cdist/cdist/conf/type/__systemd_unit/explorer/000077500000000000000000000000001427155744700221055ustar00rootroot00000000000000cdist/cdist/conf/type/__systemd_unit/explorer/enablement-state000066400000000000000000000014111427155744700252550ustar00rootroot00000000000000#!/bin/sh # # 2017 Ľubomír KuÄera # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # systemctl is-enabled "${__object_id}" 2>/dev/null || true cdist/cdist/conf/type/__systemd_unit/explorer/systemctl-present000066400000000000000000000014111427155744700255320ustar00rootroot00000000000000#!/bin/sh # # 2017 Ľubomír KuÄera # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # command -v systemctl > /dev/null 2>&1 && echo 0 || echo 1 cdist/cdist/conf/type/__systemd_unit/explorer/unit-status000066400000000000000000000013741427155744700243350ustar00rootroot00000000000000#!/bin/sh # # 2017 Ľubomír KuÄera # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # systemctl is-active "${__object_id}" || true cdist/cdist/conf/type/__systemd_unit/gencode-remote000066400000000000000000000042701427155744700230700ustar00rootroot00000000000000#!/bin/sh -e # # 2017 Ľubomír KuÄera # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # name="${__object_id}" state=$(cat "${__object}/parameter/state") current_enablement_state=$(cat "${__object}/explorer/enablement-state") if [ "${state}" = "absent" ]; then if [ -n "${current_enablement_state}" ]; then echo "systemctl --now disable ${name}" echo "rm -f /etc/systemd/system/${name}" echo "systemctl daemon-reload" fi exit 0 fi unit_status=$(cat "${__object}/explorer/unit-status") desired_enablement_state=$(cat "${__object}/parameter/enablement-state") if [ "${current_enablement_state}" = "masked" ] && \ [ "${desired_enablement_state}" != "masked" ]; then echo "systemctl unmask ${name}" fi if [ -f "${__object}/parameter/restart" ]; then if [ "${desired_enablement_state}" = "masked" ]; then if [ "${unit_status}" = "active" ]; then echo "systemctl stop ${name}" fi elif grep -q "^__file/etc/systemd/system/${name}" "${__messages_in}" || \ [ "${unit_status}" != "active" ]; then echo "systemctl restart ${name} || true" fi fi if [ "${current_enablement_state}" = "${desired_enablement_state}" ]; then exit 0 fi case "${desired_enablement_state}" in "") # Do nothing : ;; enabled) echo "systemctl enable ${name}" ;; disabled) echo "systemctl disable ${name}" ;; masked) echo "systemctl mask ${name}" ;; *) echo "Unsupported unit status: ${desired_enablement_state}" >&2 exit 1 ;; esac cdist/cdist/conf/type/__systemd_unit/man.rst000066400000000000000000000037431427155744700215610ustar00rootroot00000000000000cdist-type__systemd_unit(7) =========================== NAME ---- cdist-type__systemd_unit - Install a systemd unit DESCRIPTION ----------- This type manages systemd units in ``/etc/systemd/system/``. It can install, enable and start a systemd unit. This is particularly useful on systems which take advantage of systemd heavily (e.g., CoreOS). For more information about systemd units, see SYSTEMD.UNIT(5). REQUIRED PARAMETERS ------------------- None. OPTIONAL PARAMETERS ------------------- enablement-state 'enabled', 'disabled' or 'masked', where: enabled enables the unit disabled disables the unit masked masks the unit source Path to the config file. If source is '-' (dash), take what was written to stdin as the config file content. state 'present' or 'absent', defaults to 'present' where: present the unit (or its mask) is installed absent The unit is stopped, disabled and uninstalled. If the unit was masked, the mask is removed. BOOLEAN PARAMETERS ------------------ restart Start the unit if it was inactive. Restart the unit if the unit file changed. Stop the unit if new ``enablement-state`` is ``masked``. MESSAGES -------- None. EXAMPLES -------- .. code-block:: sh # Installs, enables and starts foobar.service __systemd_unit foobar.service \ --source "${__manifest}/files/foobar.service" \ --enablement-state enabled \ --restart # Disables the unit __systemd_unit foobar.service --enablement-state disabled # Stops, disables and uninstalls foobar.service __systemd_unit foobar.service --state absent AUTHORS ------- Ľubomír KuÄera COPYING ------- Copyright \(C) 2017 Ľubomír KuÄera. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__systemd_unit/manifest000066400000000000000000000036231427155744700220020ustar00rootroot00000000000000#!/bin/sh -e # # 2017 Ľubomír KuÄera # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # systemctl_present=$(cat "${__object}/explorer/systemctl-present") if [ "${systemctl_present}" -ne 0 ]; then echo "systemctl does not seem to be present on this system" >&2 exit 1 fi name="${__object_id}" source=$(cat "${__object}/parameter/source") state=$(cat "${__object}/parameter/state") enablement_state=$(cat "${__object}/parameter/enablement-state") # The unit must be disabled before removing its unit file. The unit file is # therefore removed by gencode-remote of this type, not here. if [ -z "${source}" ] || [ "${state}" = "absent" ]; then exit 0 fi # stdin is not propagated automatically to sub-objects if [ "${source}" = "-" ]; then source="${__object}/stdin" fi unitfile_state="${state}" if [ "${enablement_state}" = "masked" ]; then # Masking creates a symlink from /etc/systemd/system/ to /dev/null. # This process fails with "Failed to execute operation: Invalid argument" # if file /etc/systemd/system/ already exists. We must therefore # remove it. unitfile_state="absent" fi __config_file "/etc/systemd/system/${name}" \ --mode 644 \ --onchange "systemctl daemon-reload" \ --source "${source}" \ --state "${unitfile_state}" cdist/cdist/conf/type/__systemd_unit/parameter/000077500000000000000000000000001427155744700222255ustar00rootroot00000000000000cdist/cdist/conf/type/__systemd_unit/parameter/boolean000066400000000000000000000000101427155744700235560ustar00rootroot00000000000000restart cdist/cdist/conf/type/__systemd_unit/parameter/default/000077500000000000000000000000001427155744700236515ustar00rootroot00000000000000cdist/cdist/conf/type/__systemd_unit/parameter/default/enablement-state000066400000000000000000000000001427155744700270120ustar00rootroot00000000000000cdist/cdist/conf/type/__systemd_unit/parameter/default/source000066400000000000000000000000001427155744700250620ustar00rootroot00000000000000cdist/cdist/conf/type/__systemd_unit/parameter/default/state000066400000000000000000000000101427155744700247030ustar00rootroot00000000000000present cdist/cdist/conf/type/__systemd_unit/parameter/optional000066400000000000000000000000361427155744700237740ustar00rootroot00000000000000enablement-state source state cdist/cdist/conf/type/__timezone/000077500000000000000000000000001427155744700173505ustar00rootroot00000000000000cdist/cdist/conf/type/__timezone/explorer/000077500000000000000000000000001427155744700212105ustar00rootroot00000000000000cdist/cdist/conf/type/__timezone/explorer/timezone_is000077500000000000000000000013611427155744700234640ustar00rootroot00000000000000#!/bin/sh -e # # 2017 Ander Punnar (cdist at kvlt.ee) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # [ -f /etc/timezone ] && cat /etc/timezone exit 0 cdist/cdist/conf/type/__timezone/gencode-remote000077500000000000000000000022071427155744700221740ustar00rootroot00000000000000#!/bin/sh -e # # 2012 Steven Armstrong (steven-cdist at armstrong.cc) # 2019 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # This type allows to configure the desired localtime timezone. timezone_is=$(cat "$__object/explorer/timezone_is") timezone_should=$(cat "$__object/parameter/tz") os=$(cat "$__global/explorer/os") if [ "$timezone_is" = "$timezone_should" ]; then exit 0 fi case "$os" in ubuntu|debian|devuan|coreos|alpine) echo "echo \"$timezone_should\" > /etc/timezone" ;; esac cdist/cdist/conf/type/__timezone/man.rst000066400000000000000000000021101427155744700206470ustar00rootroot00000000000000cdist-type__timezone(7) ======================= NAME ---- cdist-type__timezone - Allows one to configure the desired localtime timezone. DESCRIPTION ----------- This type creates a symlink (/etc/localtime) to the selected timezone (which should be available in /usr/share/zoneinfo). REQUIRED PARAMETERS ------------------- tz The name of timezone to set. OPTIONAL PARAMETERS ------------------- None. EXAMPLES -------- .. code-block:: sh # Set up Europe/Andorra as our timezone. __timezone --tz Europe/Andorra # Set up US/Central as our timezone. __timezone --tz US/Central AUTHORS ------- | Steven Armstrong | Nico Schottelius | Ramon Salvadó | Dennis Camera COPYING ------- Copyright \(C) 2012-2020 the `AUTHORS`_. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__timezone/manifest000077500000000000000000000037741427155744700211170ustar00rootroot00000000000000#!/bin/sh -e # # 2011 Ramon Salvadó (rsalvado at gnuine dot com) # 2012-2015 Steven Armstrong (steven-cdist at armstrong.cc) # 2012-2019 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # # This type allows to configure the desired localtime timezone. timezone=$(cat "$__object/parameter/tz") os=$(cat "$__global/explorer/os") case "$os" in archlinux|debian|ubuntu|devuan|alpine) __package tzdata export require="__package/tzdata" ;; suse) __package timezone export require="__package/timezone" ;; freebsd|netbsd|openbsd) # whitelist : ;; coreos) # whitelist : ;; scientific|centos) __package tzdata --state present export require="__package/tzdata" __file /etc/sysconfig/clock \ --owner root --group root --mode 644 \ --state exists require="__file/etc/sysconfig/clock" \ __key_value ZONE \ --file /etc/sysconfig/clock \ --delimiter '=' \ --value "\"$timezone\"" ;; *) echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2 echo "Please contribute an implementation for it if you can." >&2 exit 1 ;; esac __link /etc/localtime \ --source "/usr/share/zoneinfo/${timezone}" \ --type symbolic cdist/cdist/conf/type/__timezone/parameter/000077500000000000000000000000001427155744700213305ustar00rootroot00000000000000cdist/cdist/conf/type/__timezone/parameter/required000066400000000000000000000000031427155744700230640ustar00rootroot00000000000000tz cdist/cdist/conf/type/__timezone/singleton000066400000000000000000000000001427155744700212630ustar00rootroot00000000000000cdist/cdist/conf/type/__uci/000077500000000000000000000000001427155744700162765ustar00rootroot00000000000000cdist/cdist/conf/type/__uci/explorer/000077500000000000000000000000001427155744700201365ustar00rootroot00000000000000cdist/cdist/conf/type/__uci/explorer/state000066400000000000000000000050141427155744700212010ustar00rootroot00000000000000#!/bin/sh # # 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # This explorer retrieves the current state of the configuration option # The output of this explorer is one of these values: # present # The configuration option is present and has the value of the # parameter --value. # absent # The configuration option is not defined. # different # The configuration option is present but has a different value than the # parameter --value. # rearranged # The configuration option is present (a list) and has the same values as # the parameter --value, but in a different order. RS=$(printf '\036') option=${__object_id:?} values_is=$(uci -s -N -d "${RS}" get "${option}" 2>/dev/null) || { echo absent exit 0 } if test -f "${__object:?}/parameter/value" then should_file="${__object:?}/parameter/value" else should_file='/dev/null' fi # strip off trailing newline printf '%s' "${values_is}" \ | awk ' function unquote(s) { # simplified dequoting of single quoted strings if (s ~ /^'\''.*'\''$/) { s = substr(s, 2, length(s) - 2) sub(/'"'\\\\''"'/, "'\''", s) } return s } BEGIN { state = "present" # assume all is fine } NR == FNR { # memoize "should" state should[FNR] = $0 should_count++ # go to next line (important!) next } # compare "is" state { $0 = unquote($0) } $0 == should[FNR] { next } FNR > should_count { # there are more "is" records than "should" -> definitely different state = "different" exit } { # see if we can find the value somewhere in should for (i in should) { if ($0 == should[i]) { # ... value found -> rearranged # FIXME: Duplicate values are not properly handled here. Do they matter? state = "rearranged" next } } state = "different" exit } END { if (FNR < should_count) { # "is" was shorter than "should" -> different state = "different" } print state } ' "${should_file}" RS="${RS}" - cdist/cdist/conf/type/__uci/files/000077500000000000000000000000001427155744700174005ustar00rootroot00000000000000cdist/cdist/conf/type/__uci/files/functions.sh000066400000000000000000000027061427155744700217510ustar00rootroot00000000000000# -*- mode: sh; indent-tabs-mode: t -*- in_list() { printf '%s\n' "$@" | { grep -qxF "$(read -r ndl; echo "${ndl}")"; } } quote() { for _arg do shift if test -n "$(printf %s "${_arg}" | tr -d -c '\t\n \042-\047\050-\052\073-\077\133\\`|~' | tr -c '' '.')" then # needs quoting set -- "$@" "$(printf "'%s'" "$(printf %s "${_arg}" | sed -e "s/'/'\\\\''/g")")" else set -- "$@" "${_arg}" fi done unset _arg # NOTE: Use printf because POSIX echo interprets escape sequences printf '%s' "$*" } uci_cmd() { # Usage: uci_cmd [UCI ARGUMENTS]... mkdir -p "${__object:?}/files" printf '%s\n' "$(quote "$@")" >>"${__object:?}/files/uci_batch.txt" } uci_validate_name() { # like util.c uci_validate_name() test -n "$*" && test -z "$(echo "$*" | tr -d '[:alnum:]_')" } uci_validate_tuple() ( tok=${1:?} case $tok in (*.*.*) # check option option=${tok##*.} uci_validate_name "${option}" || { printf 'Invalid option: %s\n' "${option}" >&2 return 1 } tok=${tok%.*} ;; (*.*) # no option (section definition) ;; (*) printf 'Invalid tuple: %s\n' "$1" >&2 return 1 ;; esac case ${tok#*.} in (@*) section=$(expr "${tok#*.}" : '@\(.*\)\[-*[0-9]*\]$') ;; (*) section=${tok#*.} ;; esac uci_validate_name "${section}" || { printf 'Invalid section: %s\n' "${1#*.}" >&2 return 1 } config=${tok%%.*} uci_validate_name "${config}" || { printf 'Invalid config: %s\n' "${config}" >&2 return 1 } ) cdist/cdist/conf/type/__uci/files/uci_apply.sh000066400000000000000000000016721427155744700217270ustar00rootroot00000000000000changes=$(uci changes) if test -n "${changes}" then echo 'Uncommited UCI changes were found on the target:' printf '%s\n\n' "${changes}" echo 'This can be caused by manual changes or due to a previous failed run.' echo 'Please investigate the situation, revert or commit the changes, and try again.' exit 1 fi >&2 check_errors() { # reads stdin and forwards non-empty lines to stderr. # returns 0 if stdin is empty, else 1. ! grep -e . >&2 } commit() { uci commit } rollback() { printf '\nAn error occurred when trying to commit UCI transaction!\n' >&2 uci changes \ | sed -e 's/^-//' -e 's/\..*\$//' \ | sort -u \ | while read -r _package do uci revert "${_package}" echo "${_package}" # for logging done \ | awk ' BEGIN { printf "Reverted changes in: " } { printf "%s%s", (FNR > 1 ? ", " : ""), $0 } END { printf "\n" }' >&2 return 1 } uci_apply() { uci batch 2>&1 | check_errors && commit || rollback } cdist/cdist/conf/type/__uci/gencode-remote000077500000000000000000000045461427155744700211320ustar00rootroot00000000000000#!/bin/sh -e # # 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # shellcheck source=cdist/conf/type/__uci/files/functions.sh . "${__type:?}/files/functions.sh" state_is=$(cat "${__object:?}/explorer/state") state_should=$(cat "${__object:?}/parameter/state") config=${__object_id:?} uci_validate_tuple "${config}" case ${state_should} in (present) if in_list "${state_is}" 'present' 'rearranged' then # NOTE: order is ignored so rearranged is also fine. exit 0 fi # Determine type type=$(cat "${__object:?}/parameter/type" 2>/dev/null || true) case ${type} in (option|list) ;; ('') # Guess type by the number of values test "$(wc -l "${__object:?}/parameter/value")" -gt 1 \ && type=list \ || type=option ;; (*) printf 'Invalid --type: %s\n' "${type}" >&2 exit 1 ;; esac case ${type} in (list) printf 'set_list %s\n' "${config}" >>"${__messages_out:?}" if test "${state_is}" != 'absent' then uci_cmd delete "${config}" fi while read -r value do uci_cmd add_list "${config}"="${value}" done <"${__object:?}/parameter/value" ;; (option) printf 'set %s\n' "${config}" >>"${__messages_out:?}" value=$(cat "${__object:?}/parameter/value") uci_cmd set "${config}"="${value}" ;; esac ;; (absent) if in_list "${state_is}" 'absent' then exit 0 fi printf 'delete %s\n' "${config}" >>"${__messages_out:?}" uci_cmd delete "${config}" ;; (*) printf 'Invalid --state: %s\n' "${state_should}" >&2 exit 1 ;; esac if test -s "${__object:?}/files/uci_batch.txt" then cat "${__type:?}/files/uci_apply.sh" printf "uci_apply <<'EOF'\n" cat "${__object:?}/files/uci_batch.txt" printf '\nEOF\n' fi cdist/cdist/conf/type/__uci/man.rst000066400000000000000000000037021427155744700176050ustar00rootroot00000000000000cdist-type__uci(7) ================== NAME ---- cdist-type__uci - Manage configuration values in UCI DESCRIPTION ----------- This cdist type can be used to alter configuration options in OpenWrt's Unified Configuration Interface (UCI) system. REQUIRED PARAMETERS ------------------- value The value to be set. Can be used multiple times. This parameter is ignored if ``--state`` is ``absent``. Due to the way cdist handles arguments, values **must not** contain newline characters. Values do not need special quoting for UCI. The only requirement is that the value is passed to the type as a single shell argument. OPTIONAL PARAMETERS ------------------- state ``present`` or ``absent``, defaults to ``present``. type If the type should generate an option or a list. One of: ``option`` or ``list``. Defaults to auto-detect based on the number of ``--value`` parameters. BOOLEAN PARAMETERS ------------------ None. EXAMPLES -------- .. code-block:: sh # Set the system hostname __uci system.@system[0].hostname --value 'OpenWrt' # Set DHCP option 252: tell DHCP clients to not ask for proxy information. __uci dhcp.lan.dhcp_option --type list --value '252,"\n"' # Enable NTP and NTPd (each is applied individually) __uci system.ntp.enabled --value 1 __uci system.ntp.enable_server --value 1 __uci system.ntp.server --type list \ --value '0.openwrt.pool.ntp.org' \ --value '1.openwrt.pool.ntp.org' \ --value '2.openwrt.pool.ntp.org' \ --value '3.openwrt.pool.ntp.org' SEE ALSO -------- - https://openwrt.org/docs/guide-user/base-system/uci AUTHORS ------- Dennis Camera COPYING ------- Copyright \(C) 2020 Dennis Camera. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cdist/cdist/conf/type/__uci/manifest000077500000000000000000000024261427155744700200360ustar00rootroot00000000000000#!/bin/sh -e # # 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # os=$(cat "${__global:?}/explorer/os") state_should=$(cat "${__object:?}/parameter/state") case ${os} in (openwrt) # okay ;; (*) printf "Your operating system (%s) is currently not supported by this type (%s)\n" "${os}" "${__type##*/}" >&2 printf "Please contribute an implementation for it if you can.\n" >&2 exit 1 ;; esac case ${state_should} in (present) test -s "${__object:?}/parameter/value" || { echo 'The parameter --value is required.' >&2 exit 1 } ;; (absent) ;; (*) printf 'Invalid --state: %s\n' "${state_should}" >&2 exit 1 ;; esac cdist/cdist/conf/type/__uci/nonparallel000066400000000000000000000000001427155744700205160ustar00rootroot00000000000000cdist/cdist/conf/type/__uci/parameter/000077500000000000000000000000001427155744700202565ustar00rootroot00000000000000cdist/cdist/conf/type/__uci/parameter/default/000077500000000000000000000000001427155744700217025ustar00rootroot00000000000000cdist/cdist/conf/type/__uci/parameter/default/state000066400000000000000000000000101427155744700227340ustar00rootroot00000000000000present cdist/cdist/conf/type/__uci/parameter/optional000066400000000000000000000000131427155744700220200ustar00rootroot00000000000000state type cdist/cdist/conf/type/__uci/parameter/optional_multiple000066400000000000000000000000061427155744700237350ustar00rootroot00000000000000value cdist/cdist/conf/type/__uci_section/000077500000000000000000000000001427155744700200225ustar00rootroot00000000000000cdist/cdist/conf/type/__uci_section/explorer/000077500000000000000000000000001427155744700216625ustar00rootroot00000000000000cdist/cdist/conf/type/__uci_section/explorer/match000066400000000000000000000061531427155744700227060ustar00rootroot00000000000000#!/bin/sh -e # # 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # This explorer determines the "prefix" of the --type section matching --match # if set, or __object_id otherwise. RS=$(printf '\036') NL=$(printf '\n '); NL=${NL% } squote_values() { sed -e '/=".*"$/{s/="/='\''/;s/"$/'\''/}' \ -e "/='.*'$/"'!{s/=/='\''/;s/$/'\''/}' } count_lines() ( IFS=${NL?} # shellcheck disable=SC2048,SC2086 set -f -- $*; echo $# ) echo "${__object_id:?}" | grep -q -e '^[^.]\{1,\}\.[^.]\{1,\}$' || { echo 'Section identifiers are a package and section name separated by a "." (period).' >&2 exit 1 } test -s "${__object:?}/parameter/match" || { # If no --match is given, we take the __object_id as the section identifier. echo "${__object_id:?}" exit 0 } test -s "${__object:?}/parameter/type" || { echo 'Parameters --match and --type must be used together.' >&2 exit 1 } sect_type_param=$(cat "${__object:?}/parameter/type") expr "${sect_type_param}" : '[^.]\{1,\}\.[^.]\{1,\}$' >/dev/null 2>&1 || { echo 'Section types are a package name and section type separated by a "." (period).' >&2 exit 1 } package_filter=${sect_type_param%%.*} section_filter=${sect_type_param#*.} # Find by --match # NOTE: Apart from section types all values are printed in single quotes by uci show. match=$(head -n 1 "${__object:?}/parameter/match" | squote_values) if uci -s -N get "${__object_id:?}" >/dev/null 2>&1 then # Named section exists: ensure if --match applies to it # if the "matched" option does not exist (e.g. empty section) we use the # section unconditionally. if match_value_is=$(uci -s -N get "${__object_id:?}.${match%%=*}" 2>/dev/null) then match_value_should=$(expr "${match}" : ".*='\\(.*\\)'$") test "${match_value_is}" = "${match_value_should}" || { printf 'Named section "%s" does not match --match "%s"\n' \ "${__object_id:?}" "${match}" >&2 exit 1 } fi echo "${__object_id:?}" exit 0 fi # No correctly named section exists already: find one to which --match applies regex="^${package_filter}\\.@${section_filter}\\[[0-9]\\{1,\\}\\]\\.${match%%=*}=" matched_sections=$( uci -s -N -d "${RS}" show "${package_filter}" 2>/dev/null \ | grep -e "${regex}" \ | while read -r _line do if test "${_line#*=}" = "${match#*=}" then echo "${_line}" fi done \ | sed -e 's/\.[^.]*=.*$//') test "$(count_lines "${matched_sections}")" -le 1 || { printf 'Found multiple matching sections:\n%s\n' "${matched_sections}" >&2 exit 1 } echo "${matched_sections}" cdist/cdist/conf/type/__uci_section/explorer/options000066400000000000000000000026201427155744700233000ustar00rootroot00000000000000#!/bin/sh -e # # 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # This explorer retrieves the current options of the configuration section. RS=$(printf '\036') section=$("${__type_explorer:?}/match") test -n "${section}" || exit 0 uci -s -N -d "${RS}" show "${section}" 2>/dev/null \ | awk -v VSEP="${RS}" ' { # Strip off the config and section parts is_opt = sub(/^([^.]*\.){2}/, "") if (!is_opt) { # this line represents the section -> skip next } if (index($0, VSEP)) { # Put values each on a line, like --option and --list parameters opt = substr($0, 1, index($0, "=") - 1) split(substr($0, length(opt) + 2), values, VSEP) for (i in values) { printf "%s=%s\n", opt, values[i] } } else { print } }' cdist/cdist/conf/type/__uci_section/explorer/type000066400000000000000000000015731427155744700225740ustar00rootroot00000000000000#!/bin/sh -e # # 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # This explorer retrieves the current section type. section=$("${__type_explorer:?}/match") test -n "${section}" || exit 0 uci -s -N get "${section}" 2>/dev/null || true cdist/cdist/conf/type/__uci_section/files/000077500000000000000000000000001427155744700211245ustar00rootroot00000000000000cdist/cdist/conf/type/__uci_section/files/functions.sh000066400000000000000000000021771427155744700234770ustar00rootroot00000000000000# -*- mode: sh; indent-tabs-mode: t -*- NL=$(printf '\n '); NL=${NL% } grep_line() { { shift; printf '%s\n' "$@"; } | grep -qxF "$1" } print_errors() { awk -v prefix="${1:-Found errors:}" -v suffix="${2-}" ' BEGIN { if (getline) { print prefix print rc = 1 } } { print } END { if (rc && suffix) print suffix exit rc }' >&2 } quote() { for _arg do shift if test -n "$(printf %s "${_arg}" | tr -d -c '\t\n \042-\047\050-\052\073-\077\133\\`|~' | tr -c '' '.')" then # needs quoting set -- "$@" "$(printf "'%s'" "$(printf %s "${_arg}" | sed -e "s/'/'\\\\''/g")")" else set -- "$@" "${_arg}" fi done unset _arg printf '%s' "$*" } uci_cmd() { # Usage: uci_cmd [UCI ARGUMENTS]... mkdir -p "${__object:?}/files" printf '%s\n' "$(quote "$@")" >>"${__object:?}/files/uci_batch.txt" } uci_validate_name() { # like util.c uci_validate_name() test -n "$*" && test -z "$(printf %s "$*" | tr -d '[:alnum:]_' | tr -c '' .)" } unquote_lines() { sed -e '/^".*"$/{s/^"//;s/"$//}' \ -e '/'"^'.*'"'$/{s/'"^'"'//;s/'"'$"'//}' } validate_options() { grep -shv -e '^[[:alnum:]_]\{1,\}=' "$@" } cdist/cdist/conf/type/__uci_section/files/option_state.awk000066400000000000000000000034621427155744700243450ustar00rootroot00000000000000# -*- mode: awk; indent-tabs-mode:t -*- # Usage: awk -f option_state.awk option_type option_name # e.g. awk -f option_state.awk option title # awk -f option_state.awk list entry function unquote(s) { # simplified dequoting of single quoted strings if (s ~ /^'.*'$/) { s = substr(s, 2, length(s) - 2) sub(/'\\''/, "'", s) } return s } function valueof(line) { if (line !~ /^[[:alpha:]_]+=/) return 0 return unquote(substr(line, index(line, "=") + 1)) } BEGIN { __object = ENVIRON["__object"] if (!__object) exit 1 opttype = ARGV[1] optname = ARGV[2] if (opttype !~ /^(option|list)/ || !optname) { print "invalid" exit (e=1) } ARGV[1] = __object "/parameter/" opttype ARGV[2] = __object "/explorer/options" state = "present" } NR == FNR { # memoize "should" state if (index($0, optname "=") == 1) { should[++should_count] = valueof($0) } # go to next line (important!) next } { # compare "is" state if (index($0, optname "=") != 1) next ++is_count v = valueof($0) if (v == should[is_count]) { # looks good, but can't say definitely just from this line } else if (is_count > should_count) { # there are more "is" records than "should" -> definitely different state = "different" exit } else { # see if we can find the "is" value somewhere in "should" for (i in should) { if (v == should[i]) { # value found -> could be rearranged # FIXME: Duplicate values are not properly handled here. Do they matter? state = "rearranged" next } } # "is" value could not be found in "should" -> definitely different state = "different" exit } } END { if (e) exit if (!is_count) { # no "is" values -> absent state = "absent" } else if (is_count < should_count) { # "is" was shorter than "should" -> different state = "different" } print state } cdist/cdist/conf/type/__uci_section/files/uci_apply.sh000077700000000000000000000000001427155744700305672../../__uci/files/uci_apply.shustar00rootroot00000000000000cdist/cdist/conf/type/__uci_section/gencode-remote000077500000000000000000000110131427155744700226410ustar00rootroot00000000000000#!/bin/sh -e # # 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # # shellcheck source=cdist/conf/type/__uci_section/files/functions.sh . "${__type:?}/files/functions.sh" section=$(cat "${__object:?}/explorer/match") state_is=$(test -s "${__object:?}/explorer/type" && echo present || echo absent) state_should=$(cat "${__object:?}/parameter/state") case $state_should in (present) test -f "${__object:?}/parameter/type" || { echo 'Parameter --type is required.' >&2 exit 1 } type_is=$(cat "${__object:?}/explorer/type") type_should=$(cat "${__object:?}/parameter/type") if test -n "${type_is}" then sect_type=${type_is} else sect_type=${type_should##*.} fi if test -z "${section}" then # No section exists and --match was used. # So we generate a new section identifier from $__object_id. case ${__object_id:?} in (*.*) section=${__object_id:?} ;; (*) section="${type_should%%.*}.${__object_id:?}" ;; esac fi # Collect option names if test -f "${__object:?}/parameter/list" then listnames_should=$( sed -e 's/=.*$//' "${__object:?}/parameter/list" | sort -u) fi if test -f "${__object:?}/parameter/option" then optnames_should=$( sed -e 's/=.*$//' "${__object:?}/parameter/option" | sort -u) fi # Make sure the section itself is present if test "${state_is}" = absent \ || test "${type_is}" != "${type_should#*.}" then printf 'set %s\n' "${section}" >>"${__messages_out:?}" # shellcheck disable=SC2140 uci_cmd set "${section}"="${sect_type}" fi # Delete options/lists not in "should" sed -e 's/=.*$//' "${__object:?}/explorer/options" \ | while read -r _optname do grep_line "${_optname}" "${listnames_should}" "${optnames_should}" || { printf 'delete %s\n' "${section}.${_optname}" >>"${__messages_out:?}" uci_cmd delete "${section}.${_optname}" } &2 exit 1 } # Set "should" options echo "${optnames_should}" \ | grep -e . \ | while read -r _optname do _opt_state=$(awk -f "${__type:?}/files/option_state.awk" option "${_optname}") \ || opt_proc_error "${_optname}" case ${_opt_state} in (invalid) opt_proc_error "${_optname}" ;; (present) ;; (*) printf 'set %s\n' "${section}.${_optname}" >>"${__messages_out:?}" # shellcheck disable=SC2140 uci_cmd set "${section}.${_optname}"="$( grep -e "^${_optname}=" "${__object:?}/parameter/option" \ | sed -e 's/^.*=//' \ | unquote_lines \ | head -n 1)" ;; esac done echo "${listnames_should}" \ | grep -e . \ | while read -r _optname do _list_state=$(awk -f "${__type:?}/files/option_state.awk" list "${_optname}") \ || opt_proc_error "${_optname}" case ${_list_state} in (invalid) opt_proc_error "${_optname}" ;; (present) ;; (*) printf 'set_list %s\n' "${section}.${_optname}" >>"${__messages_out:?}" if test "${_list_state}" != absent then uci_cmd delete "${section}.${_optname}" fi grep "^${_optname}=" "${__object:?}/parameter/list" \ | sed -e 's/^.*=//' \ | unquote_lines \ | while read -r _value do # shellcheck disable=SC2140 uci_cmd add_list "${section}.${_optname}"="${_value}" done ;; esac done ;; (absent) if test "${state_is}" = absent then # if explorer found no section there is nothing to delete exit 0 fi printf 'delete %s\n' "${section}" >>"${__messages_out:?}" uci_cmd delete "${section}" ;; esac if test -s "${__object:?}/files/uci_batch.txt" then cat "${__type:?}/files/uci_apply.sh" printf "uci_apply <<'EOF'\n" cat "${__object:?}/files/uci_batch.txt" printf '\nEOF\n' fi cdist/cdist/conf/type/__uci_section/man.rst000066400000000000000000000067441427155744700213420ustar00rootroot00000000000000cdist-type__uci_section(7) ========================== NAME ---- cdist-type__uci_section - Manage configuration sections in UCI DESCRIPTION ----------- This cdist type can be used to replace whole configuration sections in OpenWrt's Unified Configuration Interface (UCI) system. It can be thought of as syntactic sugar for :strong:`cdist-type__uci`\ (7), as this type will generate the required `__uci` objects to make the section contain exactly the options specified using ``--option``. Since many default UCI sections are unnamed, this type allows to find the matching section by one of its options using the ``--match`` parameter. **NOTE:** Options already present on the target and not listed in ``--option`` or ``--list`` will be deleted. REQUIRED PARAMETERS ------------------- None. OPTIONAL PARAMETERS ------------------- list An option that is part of a list and should be present in the section (as part of a list). Lists with multiple options can be expressed by using the same ``