From 2d42e5f7ddcaae867dc847cb479967f2c7d2e61c Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Thu, 7 Jan 2021 18:44:38 +0100 Subject: [PATCH] update bw to 4.3, add .provides() to metadata reactors --- Jenkinsfile | 12 ++++++++++++ bundles/apt/metadata.py | 4 +++- bundles/backup-client/metadata.py | 5 ++++- bundles/backup-server/metadata.py | 9 +++++++-- bundles/dhcpd/metadata.py | 12 +++++++++--- bundles/dovecot/metadata.py | 5 ++++- bundles/gitea/metadata.py | 8 ++++++-- bundles/icinga2/metadata.py | 4 +++- bundles/mautrix-telegram/metadata.py | 4 +++- bundles/mautrix-whatsapp/metadata.py | 4 +++- bundles/miniflux/metadata.py | 4 +++- bundles/netdata/metadata.py | 4 +++- bundles/nginx/metadata.py | 21 ++++++++++++++++----- bundles/octoprint/metadata.py | 4 +++- bundles/php/metadata.py | 4 +++- bundles/postfix/metadata.py | 9 +++++++-- bundles/powerdns/metadata.py | 20 +++++++++++++++----- bundles/pppd/metadata.py | 4 +++- bundles/riot-web/metadata.py | 4 +++- bundles/rspamd/metadata.py | 4 +++- bundles/smartd/metadata.py | 8 ++++++-- bundles/sshmon/metadata.py | 8 ++++++-- bundles/systemd-networkd/metadata.py | 4 +++- bundles/unbound/metadata.py | 9 +++++++-- bundles/users/metadata.py | 4 +++- bundles/vnstat/metadata.py | 9 +++++++-- bundles/wireguard/metadata.py | 12 +++++++++--- bundles/zfs/metadata.py | 4 +++- requirements.txt | 2 +- 29 files changed, 158 insertions(+), 47 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 60242a7..273591e 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -34,6 +34,18 @@ pipeline { """ } } + stage('reactor.provides') { + when { + branch 'main' + } + steps { + sh """ + . venv/bin/activate + export BW_VAULT_DUMMY_MODE=1 + bw test -p + """ + } + } stage('determinism') { steps { sh """ diff --git a/bundles/apt/metadata.py b/bundles/apt/metadata.py index e274cc5..e19f70e 100644 --- a/bundles/apt/metadata.py +++ b/bundles/apt/metadata.py @@ -11,7 +11,9 @@ defaults = { } -@metadata_reactor +@metadata_reactor.provides( + 'cron/upgrade-and-reboot' +) def patchday(metadata): day = metadata.get('apt/unattended_upgrades/day', 5) diff --git a/bundles/backup-client/metadata.py b/bundles/backup-client/metadata.py index 466f459..02ef5a0 100644 --- a/bundles/backup-client/metadata.py +++ b/bundles/backup-client/metadata.py @@ -9,7 +9,10 @@ defaults = { } -@metadata_reactor +@metadata_reactor.provides( + 'cron/backup', + 'icinga2_api/backup-client/services', +) def cron(metadata): if metadata.get('backups/exclude_from_backups', False): return {} diff --git a/bundles/backup-server/metadata.py b/bundles/backup-server/metadata.py index a84acfa..3afee7d 100644 --- a/bundles/backup-server/metadata.py +++ b/bundles/backup-server/metadata.py @@ -7,7 +7,9 @@ defaults = { }, } -@metadata_reactor +@metadata_reactor.provides( + 'backup-server/clients', +) def get_my_clients(metadata): my_clients = {} @@ -26,7 +28,10 @@ def get_my_clients(metadata): } -@metadata_reactor +@metadata_reactor.provides( + 'zfs/datasets', + 'zfs/snapshots/retain_per_dataset', +) def zfs(metadata): zfs_datasets = {} zfs_retains = {} diff --git a/bundles/dhcpd/metadata.py b/bundles/dhcpd/metadata.py index a1a44d4..fc8cad3 100644 --- a/bundles/dhcpd/metadata.py +++ b/bundles/dhcpd/metadata.py @@ -7,7 +7,9 @@ defaults = { } -@metadata_reactor +@metadata_reactor.provides( + 'dhcpd/fixed_allocations', +) def get_static_allocations(metadata): allocations = {} for rnode in repo.nodes: @@ -28,7 +30,9 @@ def get_static_allocations(metadata): } -@metadata_reactor +@metadata_reactor.provides( + 'dhcpd/listen_interfaces', +) def get_listen_interfaces(metadata): listen_interfaces = [] for identfier, subnet in node.metadata.get('dhcpd/subnets', {}).items(): @@ -41,7 +45,9 @@ def get_listen_interfaces(metadata): } -@metadata_reactor +@metadata_reactor.provides( + 'iptables/bundle_rules/dhcpd', +) def iptables(metadata): iptables = set() for identfier, subnet in node.metadata.get('dhcpd/subnets', {}).items(): diff --git a/bundles/dovecot/metadata.py b/bundles/dovecot/metadata.py index 2bcbcac..3faa914 100644 --- a/bundles/dovecot/metadata.py +++ b/bundles/dovecot/metadata.py @@ -44,7 +44,10 @@ if node.has_bundle('postfixadmin'): } -@metadata_reactor +@metadata_reactor.provides( + 'dovecot/admin_email', + 'dovecot/database/dbpass', +) def import_database_settings_from_postfixadmin(metadata): if not node.has_bundle('postfixadmin'): raise DoNotRunAgain diff --git a/bundles/gitea/metadata.py b/bundles/gitea/metadata.py index e7f6a5a..79c10c1 100644 --- a/bundles/gitea/metadata.py +++ b/bundles/gitea/metadata.py @@ -45,7 +45,9 @@ defaults = { } -@metadata_reactor +@metadata_reactor.provides( + 'nginx/vhosts', +) def nginx(metadata): if not node.has_bundle('nginx'): raise DoNotRunAgain @@ -67,7 +69,9 @@ def nginx(metadata): } -@metadata_reactor +@metadata_reactor.provides( + 'icinga2_api/gitea/services', +) def icinga_check_for_new_release(metadata): return { 'icinga2_api': { diff --git a/bundles/icinga2/metadata.py b/bundles/icinga2/metadata.py index 5a3f561..196e6dc 100644 --- a/bundles/icinga2/metadata.py +++ b/bundles/icinga2/metadata.py @@ -72,7 +72,9 @@ defaults = { }, } -@metadata_reactor +@metadata_reactor.provides( + 'icinga2/icinga_users', +) def add_users_from_json(metadata): with open(join(repo.path, 'users.json'), 'r') as f: json = loads(f.read()) diff --git a/bundles/mautrix-telegram/metadata.py b/bundles/mautrix-telegram/metadata.py index 47c9f6c..9f344c0 100644 --- a/bundles/mautrix-telegram/metadata.py +++ b/bundles/mautrix-telegram/metadata.py @@ -43,7 +43,9 @@ defaults = { } -@metadata_reactor +@metadata_reactor.provides( + 'icinga2_api/mautrix-telegram/services', +) def icinga_check_for_new_release(metadata): return { 'icinga2_api': { diff --git a/bundles/mautrix-whatsapp/metadata.py b/bundles/mautrix-whatsapp/metadata.py index 63509aa..5b9ecf2 100644 --- a/bundles/mautrix-whatsapp/metadata.py +++ b/bundles/mautrix-whatsapp/metadata.py @@ -47,7 +47,9 @@ defaults = { } -@metadata_reactor +@metadata_reactor.provides( + 'icinga2_api/mautrix-whatsapp/services', +) def icinga_check_for_new_release(metadata): return { 'icinga2_api': { diff --git a/bundles/miniflux/metadata.py b/bundles/miniflux/metadata.py index dede68d..6ac06f4 100644 --- a/bundles/miniflux/metadata.py +++ b/bundles/miniflux/metadata.py @@ -35,7 +35,9 @@ defaults = { } -@metadata_reactor +@metadata_reactor.provides( + 'nginx/vhosts', +) def nginx(metadata): if not node.has_bundle('nginx'): raise DoNotRunAgain diff --git a/bundles/netdata/metadata.py b/bundles/netdata/metadata.py index cd12370..f959a02 100644 --- a/bundles/netdata/metadata.py +++ b/bundles/netdata/metadata.py @@ -16,7 +16,9 @@ defaults = { } -@metadata_reactor +@metadata_reactor.provides( + 'iptables/bundle_rules/netdata', +) def iptables(metadata): interfaces = metadata.get('netdata/restrict-to-interfaces', set()) iptables = [] diff --git a/bundles/nginx/metadata.py b/bundles/nginx/metadata.py index c711368..f0f18b2 100644 --- a/bundles/nginx/metadata.py +++ b/bundles/nginx/metadata.py @@ -35,7 +35,9 @@ defaults = { } -@metadata_reactor +@metadata_reactor.provides( + 'nginx/worker_processes', +) def worker_processes(metadata): return { 'nginx': { @@ -44,7 +46,10 @@ def worker_processes(metadata): } -@metadata_reactor +@metadata_reactor.provides( + 'letsencrypt/domains', + 'letsencrypt/reload_after', +) def letsencrypt(metadata): if not node.has_bundle('letsencrypt'): raise DoNotRunAgain @@ -65,7 +70,9 @@ def letsencrypt(metadata): } -@metadata_reactor +@metadata_reactor.provides( + 'nginx/vhosts', +) def index_files(metadata): vhosts = {} @@ -89,7 +96,9 @@ def index_files(metadata): } -@metadata_reactor +@metadata_reactor.provides( + 'icinga2_api/nginx/services', +) def monitoring(metadata): services = {} @@ -133,7 +142,9 @@ def monitoring(metadata): } -@metadata_reactor +@metadata_reactor.provides( + 'iptables/bundle_rules/nginx', +) def iptables(metadata): interfaces = metadata.get('nginx/restrict-to-interfaces', set()) iptables = [] diff --git a/bundles/octoprint/metadata.py b/bundles/octoprint/metadata.py index c066a20..66a103f 100644 --- a/bundles/octoprint/metadata.py +++ b/bundles/octoprint/metadata.py @@ -20,7 +20,9 @@ defaults = { } -@metadata_reactor +@metadata_reactor.provides( + 'icinga2_api/octoprint/services', +) def icinga(metadata): if 'api_key' not in metadata.get('octoprint', {}): return {} diff --git a/bundles/php/metadata.py b/bundles/php/metadata.py index 8b9ef49..d14954e 100644 --- a/bundles/php/metadata.py +++ b/bundles/php/metadata.py @@ -11,7 +11,9 @@ defaults = { } -@metadata_reactor +@metadata_reactor.provides( + 'apt/packages', +) def php_packages_with_features(metadata): version = metadata.get('php/version') diff --git a/bundles/postfix/metadata.py b/bundles/postfix/metadata.py index 3fcf04d..9c47974 100644 --- a/bundles/postfix/metadata.py +++ b/bundles/postfix/metadata.py @@ -46,7 +46,9 @@ else: # FIXME find a working, non-shitty check for that -#@metadata_reactor +#@metadata_reactor.provides( +# 'icinga2_api/postfix/services', +#) def fill_icinga_spam_blocklist_check_with_hostname(metadata): checks = {} @@ -67,7 +69,10 @@ def fill_icinga_spam_blocklist_check_with_hostname(metadata): } -@metadata_reactor +@metadata_reactor.provides( + 'letsencrypt/domains', + 'letsencrypt/reload_after', +) def letsencrypt(metadata): if not node.has_bundle('letsencrypt'): raise DoNotRunAgain diff --git a/bundles/powerdns/metadata.py b/bundles/powerdns/metadata.py index 02927ae..ab3ca82 100644 --- a/bundles/powerdns/metadata.py +++ b/bundles/powerdns/metadata.py @@ -38,7 +38,9 @@ defaults = { } -@metadata_reactor +@metadata_reactor.provides( + 'icinga2_api/powerdns/services', +) def monitoring_for_primary_nameserver(metadata): if metadata.get('powerdns/is_secondary', False): return {} @@ -56,7 +58,9 @@ def monitoring_for_primary_nameserver(metadata): } -@metadata_reactor +@metadata_reactor.provides( + 'powerdns/my_secondary_servers', +) def get_ips_of_secondary_nameservers(metadata): if metadata.get('powerdns/is_secondary', False): return {} @@ -73,7 +77,9 @@ def get_ips_of_secondary_nameservers(metadata): }, } -@metadata_reactor +@metadata_reactor.provides( + 'powerdns/my_primary_servers', +) def get_ips_of_primary_nameservers(metadata): if not metadata.get('powerdns/is_secondary', False): return {} @@ -91,7 +97,9 @@ def get_ips_of_primary_nameservers(metadata): } -@metadata_reactor +@metadata_reactor.provides( + 'powerdns/bind-zones/kunbox.net/records', +) def generate_dns_entries_for_nodes(metadata): results = set() @@ -133,7 +141,9 @@ def generate_dns_entries_for_nodes(metadata): } -@metadata_reactor +@metadata_reactor.provides( + 'hosts/entries', +) def hosts_entries_for_all_dns_servers(metadata): entries = {} diff --git a/bundles/pppd/metadata.py b/bundles/pppd/metadata.py index 42ea384..c54db57 100644 --- a/bundles/pppd/metadata.py +++ b/bundles/pppd/metadata.py @@ -26,7 +26,9 @@ defaults = { } -@metadata_reactor +@metadata_reactor.provides( + 'icinga2_api/pppd/services', +) def icinga_dyndns(metadata): if 'dyndns' not in metadata.get('pppd'): return {} diff --git a/bundles/riot-web/metadata.py b/bundles/riot-web/metadata.py index 5d7dcaa..5a27cef 100644 --- a/bundles/riot-web/metadata.py +++ b/bundles/riot-web/metadata.py @@ -1,4 +1,6 @@ -@metadata_reactor +@metadata_reactor.provides( + 'nginx/vhosts', +) def nginx_config(metadata): return { 'nginx': { diff --git a/bundles/rspamd/metadata.py b/bundles/rspamd/metadata.py index eaff93d..5a96464 100644 --- a/bundles/rspamd/metadata.py +++ b/bundles/rspamd/metadata.py @@ -57,7 +57,9 @@ defaults = { # Nodes managed by us should always be able to send mail to all other # servers. -@metadata_reactor +@metadata_reactor.provides( + 'rspamd/ignore_spam_check_for_ips', +) def populate_permitted_ips_list_with_ips_from_repo(metadata): ips = set() diff --git a/bundles/smartd/metadata.py b/bundles/smartd/metadata.py index ad4a636..f951a1b 100644 --- a/bundles/smartd/metadata.py +++ b/bundles/smartd/metadata.py @@ -16,7 +16,9 @@ defaults = { } -@metadata_reactor +@metadata_reactor.provides( + 'smartd/disks', +) def zfs_disks_to_metadata(metadata): disks = set() @@ -35,7 +37,9 @@ def zfs_disks_to_metadata(metadata): } -@metadata_reactor +@metadata_reactor.provides( + 'icinga2_api/smartd/services', +) def icinga(metadata): services = {} diff --git a/bundles/sshmon/metadata.py b/bundles/sshmon/metadata.py index 47c6338..2038d06 100644 --- a/bundles/sshmon/metadata.py +++ b/bundles/sshmon/metadata.py @@ -37,7 +37,9 @@ defaults = { } -@metadata_reactor +@metadata_reactor.provides( + 'icinga2_api', +) def autogenerate_sshmon_command(metadata): result = { 'icinga2_api': {}, @@ -59,7 +61,9 @@ def autogenerate_sshmon_command(metadata): return result -@metadata_reactor +@metadata_reactor.provides( + 'icinga2_api/basic/services', +) def default_checks(metadata): disk_space_warning = metadata.get('sshmon/disk_space/warning', 15) disk_space_critical = metadata.get('sshmon/disk_space/critical', 5) diff --git a/bundles/systemd-networkd/metadata.py b/bundles/systemd-networkd/metadata.py index 99d694a..ba3cb37 100644 --- a/bundles/systemd-networkd/metadata.py +++ b/bundles/systemd-networkd/metadata.py @@ -1,4 +1,6 @@ -@metadata_reactor +@metadata_reactor.provides( + 'interfaces', +) def add_vlan_infos_to_interface(metadata): interfaces = {} diff --git a/bundles/unbound/metadata.py b/bundles/unbound/metadata.py index f2fed5c..05a5e95 100644 --- a/bundles/unbound/metadata.py +++ b/bundles/unbound/metadata.py @@ -22,7 +22,10 @@ defaults = { } -@metadata_reactor +@metadata_reactor.provides( + 'unbound/threads', + 'unbound/cache_slabs', +) def cpu_cores_to_config_values(metadata): num_cpus = metadata.get('vm/cpu', 1) @@ -34,7 +37,9 @@ def cpu_cores_to_config_values(metadata): } -@metadata_reactor +@metadata_reactor.provides( + 'iptables/bundle_rules/unbound', +) def iptables(metadata): interfaces = metadata.get('unbound/restrict-to-interfaces', set()) iptables = [] diff --git a/bundles/users/metadata.py b/bundles/users/metadata.py index 8640121..958ffec 100644 --- a/bundles/users/metadata.py +++ b/bundles/users/metadata.py @@ -18,7 +18,9 @@ defaults = { } -@metadata_reactor +@metadata_reactor.provides( + 'users', +) def add_users_from_json(metadata): with open(join(repo.path, 'users.json'), 'r') as f: json = loads(f.read()) diff --git a/bundles/vnstat/metadata.py b/bundles/vnstat/metadata.py index fba4e13..69b8d0e 100644 --- a/bundles/vnstat/metadata.py +++ b/bundles/vnstat/metadata.py @@ -20,7 +20,9 @@ defaults = { } -@metadata_reactor +@metadata_reactor.provides( + 'vnstat/interface', +) def get_default_interface(metadata): interfaces = sorted(metadata.get('interfaces', {}).keys()) @@ -34,7 +36,10 @@ def get_default_interface(metadata): return {} -@metadata_reactor +@metadata_reactor.provides( + 'cron', + 'nginx/vhosts/vnstat', +) def nginx_dashboard(metadata): if not node.has_bundle('nginx'): raise DoNotRunAgain diff --git a/bundles/wireguard/metadata.py b/bundles/wireguard/metadata.py index e2219cb..b3580c5 100644 --- a/bundles/wireguard/metadata.py +++ b/bundles/wireguard/metadata.py @@ -26,7 +26,9 @@ defaults = { } -@metadata_reactor +@metadata_reactor.provides( + 'wireguard/network', +) def get_wireguard_network_from_server(metadata): # FIXME This will break if more than one node sets 'wireguard/network' for rnode in repo.nodes: @@ -46,7 +48,9 @@ def get_wireguard_network_from_server(metadata): return {} -@metadata_reactor +@metadata_reactor.provides( + 'wireguard/peers', +) def get_my_wireguard_peers(metadata): peers = {} @@ -76,7 +80,9 @@ def get_my_wireguard_peers(metadata): } -@metadata_reactor +@metadata_reactor.provides( + 'icinga2_api/wireguard/services', +) def icinga2(metadata): services = {} diff --git a/bundles/zfs/metadata.py b/bundles/zfs/metadata.py index 5636dea..06d171a 100644 --- a/bundles/zfs/metadata.py +++ b/bundles/zfs/metadata.py @@ -87,7 +87,9 @@ if node.has_bundle('sshmon'): }) -@metadata_reactor +@metadata_reactor.provides( + 'cron/zfs-scrub', +) def zfs_scrub_cronjob(metadata): when = metadata.get('zfs/scrub/cron', '{} 0 * * sun'.format((node.magic_number % 60))) return { diff --git a/requirements.txt b/requirements.txt index c866f5b..aa7e2d9 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,2 +1,2 @@ -bundlewrap>=4.2.0 +bundlewrap>=4.3.0 PyNaCl