441 lines
8.8 KiB
CFEngine3
441 lines
8.8 KiB
CFEngine3
#
|
|
#
|
|
#
|
|
|
|
body perms uperm(user,group,mode)
|
|
{
|
|
mode => "$(mode)";
|
|
rxdirs => "false";
|
|
groups => { "$(group)" };
|
|
owners => { "$(user)" };
|
|
}
|
|
|
|
|
|
#
|
|
# wmdelib.cf
|
|
#
|
|
|
|
bundle agent wmde_install_packages(pkgs,name)
|
|
{
|
|
packages:
|
|
freebsd::
|
|
"$(pkgs)"
|
|
policy => "present",
|
|
package_module => pkg,
|
|
handle => "$(name)_pkgs_installed",
|
|
classes => results("namespace","$(name)");
|
|
debian::
|
|
"$(pkgs)"
|
|
policy => "present",
|
|
package_module => apt_get,
|
|
handle => "$(name)_pkgs_installed",
|
|
classes => results("namespace","$(name)");
|
|
fedora|centos::
|
|
"$(pkgs)"
|
|
policy => "present",
|
|
package_module => yum,
|
|
handle => "$(name)_pkgs_installed",
|
|
classes => results("namespace","$(name)");
|
|
|
|
|
|
}
|
|
|
|
body perms wmde_perms(user,group,mode)
|
|
{
|
|
owners => { "$(user)" };
|
|
groups => { "$(group)" };
|
|
mode => "$(mode)";
|
|
rxdirs=>"false";
|
|
}
|
|
|
|
|
|
|
|
|
|
bundle agent wmde_srv(service_name,cmd)
|
|
{
|
|
|
|
classes:
|
|
"start" expression => strcmp("start","$(cmd)");
|
|
"restart" expression => strcmp("restart",cmd);
|
|
|
|
|
|
commands:
|
|
freebsd::
|
|
"/bin/sh"
|
|
args => "-c '/usr/sbin/service $(service_name) onestatus > /dev/null && echo +$(service_name)_running || echo -$(service_name)_running'",
|
|
inform => "false",
|
|
module => "true",
|
|
handle => "$(service_name)_status_tested";
|
|
|
|
"!$(service_name)_running&start"::
|
|
"/bin/sh"
|
|
args => "-c '/usr/sbin/service $(service_name) onestart 2> /dev/null > /dev/null && echo +$(service_name)_started || echo -$(service_name)_started'",
|
|
module => "true",
|
|
depends_on => {"$(service_name)_status_tested"};
|
|
|
|
"!$(service_name)_running&restart"::
|
|
"/bin/sh"
|
|
args => "-c '/usr/sbin/service $(service_name) onerestart 2> /dev/null > /dev/null && echo +$(service_name)_started || echo -$(service_name)_started'",
|
|
module => "true",
|
|
depends_on => {"$(service_name)_status_tested"};
|
|
|
|
|
|
|
|
reports:
|
|
start::
|
|
# "MUST START";
|
|
!start::
|
|
# "MUST NOT START";
|
|
|
|
# running::
|
|
# "Server $(service_name) - running";
|
|
# !running::
|
|
# "Server $(service_name) - not running";
|
|
|
|
|
|
}
|
|
|
|
|
|
body service_method wmde
|
|
{
|
|
service_type => "generic";
|
|
service_bundle => wmde_srv ($(this.promiser), $(this.service_policy));
|
|
}
|
|
|
|
|
|
bundle agent wmde_enable_service(bundlename)
|
|
{
|
|
vars:
|
|
freebsd::
|
|
# "cha" string => "$(bundlename).service_cfg_name";
|
|
"filename" string => "/etc/rc.conf.d/$($(bundlename).service_cfg_name)";
|
|
files:
|
|
freebsd::
|
|
"$(filename)"
|
|
create => "true",
|
|
perms => m("644"),
|
|
content => "$($(bundlename).service_cfg_name)_enable=YES";
|
|
|
|
reports:
|
|
# "FREEBSD: $(filename) $(cha)";
|
|
}
|
|
|
|
bundle agent wmde_service(service_name,start_cond, restart_cond)
|
|
{
|
|
classes:
|
|
freebsd::
|
|
"service_running" expression => returnszero("/usr/sbin/service $(service_name) onestatus >/dev/null 2>&1", "useshell");
|
|
|
|
commands:
|
|
|
|
"freebsd&(!service_running)&($(start_cond))"::
|
|
"/usr/sbin/service"
|
|
args => "$(service_name) onestart >/dev/null 2>&1",
|
|
contain => wmde_cmd_useshell,
|
|
handle => "$(handle)_service_started";
|
|
"freebsd&(service_running)&($(start_cond))"::
|
|
"/usr/bin/true"
|
|
inform => "false",
|
|
handle => "$(handle)_service_started";
|
|
|
|
"freebsd&($(restart_cond))"::
|
|
"/usr/sbin/service"
|
|
args => "$(service_name) onerestart >/dev/null 2>&1",
|
|
contain => wmde_cmd_useshell,
|
|
handle => "$(handle)_service_restarted";
|
|
|
|
services:
|
|
"(!freebsd)&($(start_cond))"::
|
|
"$(service_name)"
|
|
service_policy => "start",
|
|
handle => "$(handle)_service_started";
|
|
|
|
"(!freebsd)&($(restart_cond))"::
|
|
"$(service_name)"
|
|
service_policy => "restart",
|
|
handle => "$(handle)_service_restarted";
|
|
reports:
|
|
}
|
|
|
|
|
|
bundle agent wmde_restart_service(service_name, id)
|
|
{
|
|
commands:
|
|
debian|centos|fedora::
|
|
"/bin/sh -c "
|
|
args => "'/bin/echo $(id) > /dev/null && /usr/bin/systemctl restart $(service_name)'";
|
|
freebsd::
|
|
"/bin/sh -c "
|
|
args => "'/bin/echo $(id) > /dev/null && /usr/sbin/service $(service_name) onerestart'";
|
|
}
|
|
|
|
|
|
|
|
|
|
body contain wmde_cmd_useshell
|
|
{
|
|
useshell=>"useshell";
|
|
}
|
|
|
|
|
|
|
|
bundle agent download_and_untar(
|
|
name,
|
|
sync_src,
|
|
sync_dst,
|
|
install_dir,
|
|
test_file
|
|
)
|
|
{
|
|
classes:
|
|
"$(name)_untar" expression => not(fileexists("$(test_file)"));
|
|
|
|
files:
|
|
"$(sync_dst)"
|
|
copy_from => sync_cp("$(sync_src)","$(sys.policy_hub)"),
|
|
handle => "$(name)_tgz_copied",
|
|
classes => if_repaired ("$(name)_untar"),
|
|
perms => m(644);
|
|
|
|
commands:
|
|
|
|
"$(name)_untar"::
|
|
"/usr/bin/tar"
|
|
args => "xzvf $(sync_dst) -C $(install_dir)",
|
|
depends_on => {"$(name)_tgz_copied"},
|
|
handle => "$(name)_untarred";
|
|
reports:
|
|
# "TESTFILE: $(test_file)";
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bundle agent install_apt_repo(name,repo_src,key_src,key_name)
|
|
{
|
|
classes:
|
|
debian|ubuntu::
|
|
"do_install" expression => not(fileexists("/etc/apt/sources.list.d/$(name).list"));
|
|
|
|
|
|
vars:
|
|
do_install::
|
|
"pkgs" slist => {
|
|
"curl",
|
|
"ca-certificates",
|
|
"lsb-release"
|
|
};
|
|
|
|
"add_repo_cmd" string => "/usr/bin/add-apt-repository";
|
|
|
|
methods:
|
|
do_install::
|
|
"any" usebundle => install_wget;
|
|
"any" usebundle => wmde_install_packages(@(pkgs),"apt_repo");
|
|
|
|
commands:
|
|
do_install::
|
|
"/bin/sh"
|
|
args => "$(sys.workdir)/inputs/$(def.wmde_libdir)/scripts/install-php-repo.sh $(name) $(repo_src) $(key_src) $(key_name)",
|
|
depends_on => {
|
|
"wget_pkgs_installed",
|
|
"apt_repo_pkgs_installed"
|
|
};
|
|
|
|
}
|
|
|
|
|
|
bundle agent install_server_tools
|
|
{
|
|
vars:
|
|
|
|
debian|fedora|centos::
|
|
"pkgs" slist => {
|
|
"net-tools",
|
|
"telnet",
|
|
"tcpdump",
|
|
"nmap"
|
|
};
|
|
methods:
|
|
debian|fedora|centos::
|
|
"any" usebundle => wmde_install_packages(@(pkgs),"server_tools");
|
|
|
|
}
|
|
|
|
bundle agent install_system_repos
|
|
|
|
{
|
|
classes:
|
|
centos::
|
|
"centos_9_and_later" expression => isgreaterthan("$(sys.os_version_major)", "8") ;
|
|
|
|
commands:
|
|
|
|
vars:
|
|
# centos::
|
|
# "pkgs" slist => {
|
|
# "epel-release"
|
|
# };
|
|
# !centos::
|
|
# "pkgs" slist => {},
|
|
# handle => "system_repos_pkgs_installed";
|
|
|
|
commands:
|
|
centos::
|
|
"/usr/bin/yum"
|
|
args => "install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-$(sys.os_version_major).noarch.rpm",
|
|
if => not(returnszero("rpm -q epel-release > /dev/null","useshell")),
|
|
handle=>"system_repos_pkgs_installed";
|
|
|
|
|
|
|
|
centos_8::
|
|
"/usr/bin/dnf"
|
|
inform => "false",
|
|
args => "config-manager --set-enabled powertools";
|
|
|
|
centos_9_and_later::
|
|
"/usr/bin/dnf"
|
|
inform => "false",
|
|
args => "config-manager --set-enabled crb";
|
|
|
|
"/usr/bin/update-crypto-policies"
|
|
inform => "false",
|
|
contain => wmde_cmd_useshell,
|
|
args => "--set LEGACY > /dev/null";
|
|
|
|
methods:
|
|
# "any" usebundle => wmde_install_packages(@(pkgs),"system_repos");
|
|
|
|
reports:
|
|
}
|
|
|
|
|
|
bundle agent download_file(method,src,dst,cls,prms_arg)
|
|
{
|
|
vars:
|
|
"prms_default" data => '{
|
|
"m":"600",
|
|
"o":"$(sys.user_data[uid])",
|
|
"g":"$(sys.user_data[gid])"
|
|
}';
|
|
|
|
"prms" data => mergedata(@(prms_default),parsejson($(prms_arg)));
|
|
|
|
classes:
|
|
"$(method)";
|
|
wget::
|
|
"run_wget" expression => not(fileexists($(dst)));
|
|
|
|
files:
|
|
policyhub::
|
|
"$(dst)"
|
|
copy_from => remote_dcp("$(src)","$(sys.policy_hub)"),
|
|
classes => if_repaired("$(cls)_repaired"),
|
|
perms => mog ("$(prms[m])","$(prms[o])","$(prms[g])");
|
|
methods:
|
|
wget::
|
|
"any" usebundle => "install_wget"; #, handle=>"wget_installed";
|
|
|
|
commands:
|
|
run_wget::
|
|
"$(wget.exe)"
|
|
args => "-q -O $(dst) $(src) || (rm -f $(dst) && /usr/bin/false) ",
|
|
contain => wmde_cmd_useshell,
|
|
handle => "$(cls)_downloaded",
|
|
classes => results("namespace","$(cls)"),
|
|
depends_on => {"wget_installed"},
|
|
inform => "true";
|
|
|
|
"/usr/bin/true"
|
|
inform => "false",
|
|
depends_on => {"$(cls)_downloaded"},
|
|
classes => if_repaired("$(cls)_kept");
|
|
|
|
|
|
(!run_wget)&(wget)::
|
|
"/usr/bin/true"
|
|
inform => "false",
|
|
classes => if_repaired("$(cls)_kept");
|
|
|
|
|
|
files:
|
|
"$(dst)"
|
|
perms => mog ("$(prms[m])","$(prms[o])","$(prms[g])"),
|
|
depends_on => {"$(cls)_downloaded"};
|
|
|
|
reports:
|
|
}
|
|
|
|
|
|
bundle edit_line bind_mount(src,dst)
|
|
{
|
|
insert_lines:
|
|
freebsd::
|
|
"$(src) $(dst) nullfs rw,late 0 0";
|
|
centos::
|
|
"$(src) $(dst) none defaults,bind 0 0";
|
|
|
|
}
|
|
|
|
bundle agent bind_mount(src,dst)
|
|
{
|
|
|
|
files:
|
|
"/etc/fstab"
|
|
edit_line => bind_mount("$(src)","$(dst)"),
|
|
classes => if_repaired(bind_mount_fstab_changed);
|
|
commands:
|
|
bind_mount_fstab_changed::
|
|
"echo '$(src)$(dst)' > /dev/null && mount"
|
|
contain=>wmde_cmd_useshell,
|
|
args => "-a";
|
|
}
|
|
|
|
|
|
|
|
bundle agent etc_hosts(hosts)
|
|
{
|
|
vars:
|
|
"idx" slist => getindices(@(hosts));
|
|
"settings[$(idx)]" string => "$(hosts[$(idx)])";
|
|
files:
|
|
"/etc/hosts"
|
|
create => "true",
|
|
perms => m("644"),
|
|
edit_line => set_config_values("$(this.bundle).settings"),
|
|
classes => results("namespace","etc_hosts");
|
|
}
|
|
|
|
|
|
bundle agent cron
|
|
{
|
|
vars:
|
|
"cron_d" string => "/etc/cron.d";
|
|
freebsd::
|
|
"cron_d" string => "/usr/local/etc/cron.d";
|
|
files:
|
|
"$(cron_d)/."
|
|
create => "true",
|
|
handle => "cron_d_created";
|
|
|
|
}
|
|
|
|
bundle agent create_cron_job(name,time,command)
|
|
{
|
|
methods:
|
|
"any" usebundle => cron;
|
|
files:
|
|
"$(cron.cron_d)/$(name)"
|
|
create => "true",
|
|
content => "#
|
|
# Managed by CFEngin
|
|
#
|
|
|
|
$(time) $(command)
|
|
",
|
|
depends_on => {"cron_d_created"};
|
|
}
|
|
|