wmdeit-cf-wmdelib/lib.cf

350 lines
7.1 KiB
CFEngine3

#
#
#
body perms uperm(user,group,mode)
{
mode => "$(mode)";
rxdirs => "false";
groups => { "$(group)" };
owners => { "$(user)" };
}
#
# wmdelib.cf
#
bundle agent wmde_install_packages(pkgs,name)
{
packages:
freebsd::
"$(pkgs)"
policy => "present",
package_module => pkg,
handle => "$(name)_pkgs_installed",
classes => results("namespace","$(name)");
debian::
"$(pkgs)"
policy => "present",
package_module => apt_get,
handle => "$(name)_pkgs_installed",
classes => results("namespace","$(name)");
fedora|centos::
"$(pkgs)"
policy => "present",
package_module => yum,
handle => "$(name)_pkgs_installed",
classes => results("namespace","$(name)");
}
body perms wmde_perms(user,group,mode)
{
owners => { "$(user)" };
groups => { "$(group)" };
mode => "$(mode)";
rxdirs=>"false";
}
bundle agent wmde_srv(service_name,cmd)
{
classes:
"start" expression => strcmp("start","$(cmd)");
"restart" expression => strcmp("restart",cmd);
commands:
freebsd::
"/bin/sh"
args => "-c '/usr/sbin/service $(service_name) onestatus > /dev/null && echo +$(service_name)_running || echo -$(service_name)_running'",
inform => "false",
module => "true",
handle => "$(service_name)_status_tested";
"!$(service_name)_running&start"::
"/bin/sh"
args => "-c '/usr/sbin/service $(service_name) onestart 2> /dev/null > /dev/null && echo +$(service_name)_started || echo -$(service_name)_started'",
module => "true",
depends_on => {"$(service_name)_status_tested"};
"!$(service_name)_running&restart"::
"/bin/sh"
args => "-c '/usr/sbin/service $(service_name) onerestart 2> /dev/null > /dev/null && echo +$(service_name)_started || echo -$(service_name)_started'",
module => "true",
depends_on => {"$(service_name)_status_tested"};
reports:
start::
# "MUST START";
!start::
# "MUST NOT START";
# running::
# "Server $(service_name) - running";
# !running::
# "Server $(service_name) - not running";
}
body service_method wmde
{
service_type => "generic";
service_bundle => wmde_srv ($(this.promiser), $(this.service_policy));
}
bundle agent wmde_service(service_name,start_cond, restart_cond)
{
classes:
freebsd::
"service_running" expression => returnszero("/usr/sbin/service $(service_name) onestatus >/dev/null 2>&1", "useshell");
commands:
"freebsd&(!service_running)&($(start_cond))"::
"/usr/sbin/service"
args => "$(service_name) onestart >/dev/null 2>&1",
contain => wmde_cmd_useshell,
handle => "$(handle)_service_started";
"freebsd&(service_running)&($(start_cond))"::
"/usr/bin/true"
inform => "false",
handle => "$(handle)_service_started";
"freebsd&($(restart_cond))"::
"/usr/sbin/service"
args => "$(service_name) onerestart >/dev/null 2>&1",
contain => wmde_cmd_useshell,
handle => "$(handle)_service_restarted";
services:
"(!freebsd)&($(start_cond))"::
"$(service_name)"
service_policy => "start",
handle => "$(handle)_service_started";
"(!freebsd)&($(restart_cond))"::
"$(service_name)"
service_policy => "restart",
handle => "$(handle)_service_restarted";
reports:
}
bundle agent wmde_restart_service(service_name, id)
{
commands:
debian|centos|fedora::
"/bin/sh -c "
args => "'/bin/echo $(id) > /dev/null && /usr/bin/systemctl restart $(service_name)'";
freebsd::
"/bin/sh -c "
args => "'/bin/echo $(id) > /dev/null && /usr/sbin/service $(service_name) onerestart'";
}
body contain wmde_cmd_useshell
{
useshell=>"useshell";
}
bundle agent download_and_untar(
name,
sync_src,
sync_dst,
install_dir,
test_file
)
{
classes:
"$(name)_untar" expression => not(fileexists("$(test_file)"));
files:
"$(sync_dst)"
copy_from => sync_cp("$(sync_src)","$(sys.policy_hub)"),
handle => "$(name)_tgz_copied",
classes => if_repaired ("$(name)_untar"),
perms => m(644);
commands:
"$(name)_untar"::
"/usr/bin/tar"
args => "xzvf $(sync_dst) -C $(install_dir)",
depends_on => {"$(name)_tgz_copied"},
handle => "$(name)_untarred";
reports:
# "TESTFILE: $(test_file)";
}
bundle agent install_apt_repo(name,repo_src,key_src,key_name)
{
classes:
debian|ubuntu::
"do_install" expression => not(fileexists("/etc/apt/sources.list.d/$(name).list"));
vars:
do_install::
"pkgs" slist => {
"curl",
"ca-certificates",
"lsb-release"
};
"add_repo_cmd" string => "/usr/bin/add-apt-repository";
methods:
do_install::
"any" usebundle => install_wget;
"any" usebundle => wmde_install_packages(@(pkgs),"apt_repo");
commands:
do_install::
"/bin/sh"
args => "$(sys.workdir)/inputs/$(def.wmde_libdir)/scripts/install-php-repo.sh $(name) $(repo_src) $(key_src) $(key_name)",
depends_on => {
"wget_pkgs_installed",
"apt_repo_pkgs_installed"
};
}
bundle agent install_server_tools
{
vars:
debian|fedora|centos::
"pkgs" slist => {
"net-tools",
"telnet",
"tcpdump",
"nmap"
};
methods:
debian|fedora|centos::
"any" usebundle => wmde_install_packages(@(pkgs),"server_tools");
}
bundle agent install_system_repos
{
classes:
centos::
"centos_9_and_later" expression => isgreaterthan("$(sys.os_version_major)", "8") ;
commands:
vars:
# centos::
# "pkgs" slist => {
# "epel-release"
# };
# !centos::
# "pkgs" slist => {},
# handle => "system_repos_pkgs_installed";
commands:
centos::
"/usr/bin/yum"
args => "install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-$(sys.os_version_major).noarch.rpm",
if => not(returnszero("rpm -q epel-release > /dev/null","useshell")),
handle=>"system_repos_pkgs_installed";
centos_8::
"/usr/bin/dnf"
inform => "false",
args => "config-manager --set-enabled powertools";
centos_9_and_later::
"/usr/bin/dnf"
inform => "false",
args => "config-manager --set-enabled crb";
methods:
# "any" usebundle => wmde_install_packages(@(pkgs),"system_repos");
reports:
}
bundle agent download_file(method,src,dst,cls,prms_arg)
{
vars:
"prms_default" data => '{
"m":"600",
"o":"$(sys.user_data[uid])",
"g":"$(sys.user_data[gid])"
}';
"prms" data => mergedata(@(prms_default),parsejson($(prms_arg)));
classes:
"$(method)";
wget::
"run_wget" expression => not(fileexists($(dst)));
files:
policyhub::
"$(dst)"
copy_from => remote_dcp("$(src)","$(sys.policy_hub)"),
classes => if_repaired("$(cls)_repaired"),
perms => mog ("$(prms[m])","$(prms[o])","$(prms[g])");
methods:
wget::
"any" usebundle => "install_wget", handle=>"wget_installed";
commands:
run_wget::
"$(wget.exe)"
args => "-q -O $(dst) $(src) || (rm -f $(dst) && /usr/bin/false) ",
contain => wmde_cmd_useshell,
handle => "$(cls)_downloaded",
classes => results("namespace","$(cls)"),
depends_on => {"wget_installed"},
inform => "true";
"/usr/bin/true"
inform => "false",
depends_on => {"$(cls)_downloaded"},
classes => if_repaired("$(cls)_kept");
(!run_wget)&(wget)::
"/usr/bin/true"
inform => "false",
classes => if_repaired("$(cls)_kept");
files:
"$(dst)"
perms => mog ("$(prms[m])","$(prms[o])","$(prms[g])"),
depends_on => {"$(cls)_downloaded"};
reports:
}