# # # body perms uperm(user,group,mode) { mode => "$(mode)"; rxdirs => "false"; groups => { "$(group)" }; owners => { "$(user)" }; } # # wmdelib.cf # bundle agent wmde_install_packages(pkgs,name) { packages: freebsd:: "$(pkgs)" policy => "present", package_module => pkg, handle => "$(name)_pkgs_installed", classes => results("namespace","$(name)"); debian:: "$(pkgs)" policy => "present", package_module => apt_get, handle => "$(name)_pkgs_installed", classes => results("namespace","$(name)"); fedora|centos:: "$(pkgs)" policy => "present", package_module => yum, handle => "$(name)_pkgs_installed", classes => results("namespace","$(name)"); } body perms wmde_perms(user,group,mode) { owners => { "$(user)" }; groups => { "$(group)" }; mode => "$(mode)"; rxdirs=>"false"; } bundle agent wmde_srv(service_name,cmd) { classes: "start" expression => strcmp("start","$(cmd)"); "restart" expression => strcmp("restart",cmd); commands: freebsd:: "/bin/sh" args => "-c '/usr/sbin/service $(service_name) onestatus > /dev/null && echo +$(service_name)_running || echo -$(service_name)_running'", inform => "false", module => "true", handle => "$(service_name)_status_tested"; "!$(service_name)_running&start":: "/bin/sh" args => "-c '/usr/sbin/service $(service_name) onestart 2> /dev/null > /dev/null && echo +$(service_name)_started || echo -$(service_name)_started'", module => "true", depends_on => {"$(service_name)_status_tested"}; "!$(service_name)_running&restart":: "/bin/sh" args => "-c '/usr/sbin/service $(service_name) onerestart 2> /dev/null > /dev/null && echo +$(service_name)_started || echo -$(service_name)_started'", module => "true", depends_on => {"$(service_name)_status_tested"}; reports: start:: # "MUST START"; !start:: # "MUST NOT START"; # running:: # "Server $(service_name) - running"; # !running:: # "Server $(service_name) - not running"; } body service_method wmde { service_type => "generic"; service_bundle => wmde_srv ($(this.promiser), $(this.service_policy)); } bundle agent wmde_service(service_name,start_cond, restart_cond) { classes: freebsd:: "service_running" expression => returnszero("/usr/sbin/service $(service_name) onestatus >/dev/null 2>&1", "useshell"); commands: "freebsd&(!service_running)&($(start_cond))":: "/usr/sbin/service" args => "$(service_name) onestart >/dev/null 2>&1", contain => wmde_cmd_useshell, handle => "$(handle)_service_started"; "freebsd&(service_running)&($(start_cond))":: "/usr/bin/true" inform => "false", handle => "$(handle)_service_started"; "freebsd&($(restart_cond))":: "/usr/sbin/service" args => "$(service_name) onerestart >/dev/null 2>&1", contain => wmde_cmd_useshell, handle => "$(handle)_service_restarted"; services: "(!freebsd)&($(start_cond))":: "$(service_name)" service_policy => "start", handle => "$(handle)_service_started"; "(!freebsd)&($(restart_cond))":: "$(service_name)" service_policy => "restart", handle => "$(handle)_service_restarted"; reports: } bundle agent wmde_restart_service(service_name, id) { commands: debian|centos|fedora:: "/bin/sh -c " args => "'/bin/echo $(id) > /dev/null && /usr/bin/systemctl restart $(service_name)'"; freebsd:: "/bin/sh -c " args => "'/bin/echo $(id) > /dev/null && /usr/sbin/service $(service_name) onerestart'"; } body contain wmde_cmd_useshell { useshell=>"useshell"; } bundle agent download_and_untar( name, sync_src, sync_dst, install_dir, test_file ) { classes: "$(name)_untar" expression => not(fileexists("$(test_file)")); files: "$(sync_dst)" copy_from => sync_cp("$(sync_src)","$(sys.policy_hub)"), handle => "$(name)_tgz_copied", classes => if_repaired ("$(name)_untar"), perms => m(644); commands: "$(name)_untar":: "/usr/bin/tar" args => "xzvf $(sync_dst) -C $(install_dir)", depends_on => {"$(name)_tgz_copied"}, handle => "$(name)_untarred"; reports: # "TESTFILE: $(test_file)"; } bundle agent install_apt_repo(name,repo_src,key_src,key_name) { classes: debian|ubuntu:: "do_install" expression => not(fileexists("/etc/apt/sources.list.d/$(name).list")); vars: do_install:: "pkgs" slist => { "curl", "ca-certificates", "lsb-release" }; "add_repo_cmd" string => "/usr/bin/add-apt-repository"; methods: do_install:: "any" usebundle => install_wget; "any" usebundle => wmde_install_packages(@(pkgs),"apt_repo"); commands: do_install:: "/bin/sh" args => "$(sys.workdir)/inputs/$(def.wmde_libdir)/scripts/install-php-repo.sh $(name) $(repo_src) $(key_src) $(key_name)", depends_on => { "wget_pkgs_installed", "apt_repo_pkgs_installed" }; } bundle agent install_server_tools { vars: debian|fedora|centos:: "pkgs" slist => { "net-tools", "telnet", "tcpdump", "nmap" }; methods: debian|fedora|centos:: "any" usebundle => wmde_install_packages(@(pkgs),"server_tools"); } bundle agent install_system_repos { classes: centos:: "centos_9_and_later" expression => isgreaterthan("$(sys.os_version_major)", "8") ; commands: vars: # centos:: # "pkgs" slist => { # "epel-release" # }; # !centos:: # "pkgs" slist => {}, # handle => "system_repos_pkgs_installed"; commands: centos:: "/usr/bin/yum" args => "install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-$(sys.os_version_major).noarch.rpm", if => not(returnszero("rpm -q epel-release > /dev/null","useshell")), handle=>"system_repos_pkgs_installed"; centos_8:: "/usr/bin/dnf" inform => "false", args => "config-manager --set-enabled powertools"; centos_9_and_later:: "/usr/bin/dnf" inform => "false", args => "config-manager --set-enabled crb"; methods: # "any" usebundle => wmde_install_packages(@(pkgs),"system_repos"); reports: } bundle agent download_file(method,src,dst,cls,prms_arg) { vars: "prms_default" data => '{ "m":"600", "o":"$(sys.user_data[uid])", "g":"$(sys.user_data[gid])" }'; "prms" data => mergedata(@(prms_default),parsejson($(prms_arg))); classes: "$(method)"; wget:: "run_wget" expression => not(fileexists($(dst))); files: policyhub:: "$(dst)" copy_from => remote_dcp("$(src)","$(sys.policy_hub)"), classes => if_repaired("$(cls)_repaired"), perms => mog ("$(prms[m])","$(prms[o])","$(prms[g])"); methods: wget:: "any" usebundle => "install_wget", handle=>"wget_installed"; commands: run_wget:: "$(wget.exe)" args => "-q -O $(dst) $(src) || (rm -f $(dst) && /usr/bin/false) ", contain => wmde_cmd_useshell, handle => "$(cls)_downloaded", classes => results("namespace","$(cls)"), depends_on => {"wget_installed"}, inform => "true"; "/usr/bin/true" inform => "false", depends_on => {"$(cls)_downloaded"}, classes => if_repaired("$(cls)_kept"); (!run_wget)&(wget):: "/usr/bin/true" inform => "false", classes => if_repaired("$(cls)_kept"); files: "$(dst)" perms => mog ("$(prms[m])","$(prms[o])","$(prms[g])"), depends_on => {"$(cls)_downloaded"}; reports: }