Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fixes #10842: Update write test for 4.1 and add generation for a node
- Loading branch information
Showing
195 changed files
with
11,714 additions
and
2,653 deletions.
There are no files selected for viewing
15 changes: 15 additions & 0 deletions
15
...hare/node-cfe-with-two-directives/rules/cfengine-community/Create_file/1.0/Create_file.cf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
# @name Create a file | ||
# @description Create a file and a directory | ||
# @version 1.0 | ||
|
||
bundle agent Create_file | ||
{ | ||
vars: | ||
"class_prefix" string => canonify(join("_", "this.callers_promisers")); | ||
|
||
methods: | ||
"method_call" usebundle => directory_create("/tmp/foo"), | ||
ifvarclass => concat("any"); | ||
"method_call" usebundle => file_create("/tmp/foo/bar"), | ||
ifvarclass => concat("directory_create__tmp_foo_ok"); | ||
} |
13 changes: 13 additions & 0 deletions
13
...node-cfe-with-two-directives/rules/cfengine-community/Create_file/1.0/rudder_reporting.cf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
bundle agent Create_file_rudder_reporting | ||
{ | ||
vars: | ||
"promisers" slist => { @{this.callers_promisers}, cf_null }, policy => "ifdefined"; | ||
"class_prefix" string => canonify(join("_", "promisers")); | ||
"args" slist => { }; | ||
|
||
methods: | ||
|
||
!(directory_create__tmp_foo_ok):: | ||
"dummy_report" usebundle => _classes_noop("file_create__tmp_foo_bar"); | ||
"dummy_report" usebundle => log_rudder("File create /tmp/foo/bar if directory_create__tmp_foo_ok", "file_create__tmp_foo_bar", "${class_prefix}", @{args}); | ||
} |
146 changes: 146 additions & 0 deletions
146
...ected-share/node-cfe-with-two-directives/rules/cfengine-community/common/1.0/cf-served.cf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,146 @@ | ||
##################################################################################### | ||
# Copyright 2011 Normation SAS | ||
##################################################################################### | ||
# | ||
# This program is free software: you can redistribute it and/or modify | ||
# it under the terms of the GNU General Public License as published by | ||
# the Free Software Foundation, Version 3. | ||
# | ||
# This program is distributed in the hope that it will be useful, | ||
# but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
# GNU General Public License for more details. | ||
# | ||
# You should have received a copy of the GNU General Public License | ||
# along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
# | ||
##################################################################################### | ||
|
||
####################################################### | ||
# | ||
# Server specific configuration | ||
# | ||
####################################################### | ||
|
||
bundle server access_rules | ||
{ | ||
# Access rules are only defined on a policy server. Standard nodes should not share any files. | ||
access: | ||
|
||
policy_server|role_rudder_relay_promises_only:: | ||
"${def.dir_masterfiles}" | ||
handle => "grant_access_policy", | ||
comment => "Grant access to the policy updates", | ||
maproot => { @{def.acl} }, | ||
admit => { @{def.acl} }; | ||
|
||
"${g.rudder_tools}" | ||
maproot => { @{def.acl} }, | ||
admit => { @{def.acl} }; | ||
|
||
# Allow server to remotely run the agent | ||
# Using ${sys.cf_agent} fails, as cf-serverd cannot canonize its path | ||
windows:: | ||
"${sys.workdir}\bin\cf-agent.exe" | ||
admit => { host2ip("${server_info.cfserved}"), string_downcase(escape("${server_info.cfserved}")) }; | ||
|
||
!windows:: | ||
"${g.rudder_command}" comment => "Grant access to rudder agent command for cfruncommand", | ||
admit => { host2ip("${server_info.cfserved}"), string_downcase(escape("${server_info.cfserved}")) }; | ||
|
||
roles: | ||
# Allow user root to set any class | ||
".*" authorize => { "root" }; | ||
} | ||
|
||
bundle common def | ||
{ | ||
vars: | ||
"policy_server_file" | ||
string => translatepath("${sys.workdir}/policy_server.dat"), | ||
comment => "Path to file containing address to policy server"; | ||
|
||
# Use "rudder" as default policy_server if no policy_server.dat exists | ||
"policy_server" | ||
string => ifelse(fileexists("${policy_server_file}"), | ||
readfile("${policy_server_file}", 2048), | ||
"rudder"), | ||
comment => "IP address or hostname to locate your policy host."; | ||
|
||
!windows:: | ||
"cf_runagent_shell" | ||
string => "/bin/sh", | ||
comment => "Define path to shell used by cf-runagent"; | ||
|
||
any:: | ||
|
||
"dir_masterfiles" string => translatepath("${sys.workdir}/masterfiles"); | ||
|
||
# List here the IP masks that we grant access to on the server | ||
|
||
policy_server:: | ||
"acl" slist => { | ||
"127.0.0.0/8" , "::1", | ||
host2ip("${def.policy_server}"), # the policy server can connect to a relay | ||
"192.168.49.0/24", | ||
}; | ||
|
||
!policy_server:: | ||
"acl" slist => { | ||
"${def.policy_server}", host2ip("${def.policy_server}") | ||
}; | ||
|
||
} | ||
|
||
|
||
body server control | ||
{ | ||
trustkeysfrom => { | ||
@{def.acl} , | ||
|
||
}; #trustkey allows the exchange of keys | ||
|
||
allowconnects => { | ||
@{def.acl} , | ||
|
||
}; | ||
|
||
|
||
allowallconnects => { | ||
@{def.acl} , | ||
|
||
}; | ||
|
||
maxconnections => "1000"; | ||
logallconnections => "true"; | ||
|
||
allowlegacyconnects => { | ||
host2ip("${def.policy_server}"), # the policy server can connect | ||
"192.168.49.0/24", | ||
|
||
}; | ||
|
||
windows:: | ||
cfruncommand => "${sys.cf_agent} -I -D cfruncommand -f \"failsafe.cf\" & | ||
${sys.cf_agent} -I -D cfruncommand"; | ||
|
||
!windows:: | ||
# last single quote in cfruncommand is left open, so that | ||
# arguments (like -K and --remote-bundles) are properly appended. | ||
cfruncommand => "${g.rudder_command} agent run -uR"; | ||
|
||
allowusers => { | ||
"root", | ||
}; | ||
|
||
denybadclocks => "true"; | ||
|
||
community_edition.!debug_port:: | ||
port => "5309"; | ||
community_edition.debug_port:: | ||
port => "5310"; | ||
|
||
} | ||
|
||
####################################################### | ||
|
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
50 changes: 50 additions & 0 deletions
50
...node-cfe-with-two-directives/rules/cfengine-community/common/1.0/environment-variables.cf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
##################################################################################### | ||
# Copyright 2014 Normation SAS | ||
##################################################################################### | ||
# | ||
# This program is free software: you can redistribute it and/or modify | ||
# it under the terms of the GNU General Public License as published by | ||
# the Free Software Foundation, Version 3. | ||
# | ||
# This program is distributed in the hope that it will be useful, | ||
# but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
# GNU General Public License for more details. | ||
# | ||
# You should have received a copy of the GNU General Public License | ||
# along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
# | ||
##################################################################################### | ||
|
||
# Define module script to read environment variables, in the module format | ||
# Store them in the node.env context | ||
bundle agent get_environment_variables | ||
{ | ||
vars: | ||
!windows:: | ||
"env_vars_list_cmd" string => "awk 'BEGIN { for (k in ENVIRON) { print k }; }'"; | ||
"env_vars" slist => splitstring( execresult("${env_vars_list_cmd}","useshell"), "\n" , 2000); | ||
"node.env[${env_vars}]" string => getenv( "${env_vars}", 5000); | ||
|
||
# This script output the environment variables, in the format | ||
# =node.env[ENV_NAME]=ENV_VALUE | ||
# Using the module protocole, the agent will read it, and the variable | ||
# will be available using the syntax ${node.env[ENV_NAME]} | ||
windows:: | ||
"script" string => "@echo off | ||
for /F \"tokens=1,2* delims==\" %%G IN ('SET') DO ECHO =node.env[%%G]=%%H"; | ||
|
||
files: | ||
windows:: | ||
"${sys.workdir}/modules/env.bat" | ||
create => "true", | ||
edit_line => insert_lines("${script}"), | ||
edit_defaults => empty, | ||
perms => m("755"); | ||
|
||
commands: | ||
windows:: | ||
"\"${sys.workdir}/modules/env.bat\"" | ||
module => "true"; | ||
|
||
} |
File renamed without changes.
File renamed without changes.
71 changes: 71 additions & 0 deletions
71
...cted-share/node-cfe-with-two-directives/rules/cfengine-community/common/1.0/properties.cf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,71 @@ | ||
##################################################################################### | ||
# Copyright 2016 Normation SAS | ||
##################################################################################### | ||
# | ||
# This program is free software: you can redistribute it and/or modify | ||
# it under the terms of the GNU General Public License as published by | ||
# the Free Software Foundation, Version 3. | ||
# | ||
# This program is distributed in the hope that it will be useful, | ||
# but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
# GNU General Public License for more details. | ||
# | ||
# You should have received a copy of the GNU General Public License | ||
# along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
# | ||
##################################################################################### | ||
|
||
# Read node properties and put them into the node namespace | ||
# | ||
# Properties are available using the node.namespace container that contains the values | ||
# Those values are read from /var/rudder/cfengine-community/properties/*.json | ||
# All files are taken in order and overrides the previous one, the last one wins. | ||
# | ||
# Each file must contain at least a 2 levels JSON content, the first level is the namespace level | ||
# and the second level is the key level. | ||
# The namespace name must comply with CFEngine variable names rules (ie [a-zA-Z_]+) | ||
# | ||
# The merge is a first level merge done at the namespace level. | ||
# This means that: | ||
# - a key in a namespace is fully overridden by the same key in the same namespace in a later file. | ||
# - a key in a namespace is never overriden by the same key in a different namespace | ||
# - a key that is overriden never retain original data even if it is a data container itself | ||
# | ||
|
||
# The result key is available in the node.<namespace> data variable | ||
# usage example: ${node.properties[my_key]} | ||
# | ||
# To get the original data (for debug only) there is the properties.property_<fileid> variable | ||
# usage example: ${properties.property__var_rudder_cfengine_community_inputs_properties_properties_json[properties][my_key]} | ||
# | ||
bundle agent properties | ||
{ | ||
vars: | ||
# The files to read | ||
"properties_files" slist => findfiles("${this.promise_dirname}/../../properties.d/*.json"); | ||
|
||
# The sorted file list | ||
"_sorted_files" slist => sort("properties_files", "lex"); | ||
# cfengine iterates over lists in promises in the reverse order, so we need the inverted list | ||
"sorted_files" slist => reverse("_sorted_files"); | ||
|
||
# Canonified sorted file list | ||
"file_id[${sorted_files}]" string => canonify("${sorted_files}"); | ||
|
||
# Read the files, 10MB maximum | ||
# Read into a property_<canonified filename> because cfengine doesn't support to read data into property[<filename>] | ||
"property_${file_id[${sorted_files}]}" data => readjson("${sorted_files}", "10000000"); | ||
|
||
# Get namespace names | ||
"namespace[${sorted_files}]" slist => getindices("property_${file_id[${sorted_files}]}"); | ||
|
||
# Initialize all namespace variables (mergedata refuses to merge undefined variables) | ||
"node.${namespace[${sorted_files}]}" data => parsejson('{}'); | ||
|
||
# First level merge within each namespace, in file name order | ||
"node.${namespace[${sorted_files}]}" data => mergedata("node.${namespace[${sorted_files}]}", | ||
"property_${file_id[${sorted_files}]}[${namespace[${sorted_files}]}]"); | ||
|
||
# That's all, now we have a node.namespace data that contains the overriden values | ||
} |
Oops, something went wrong.