update bw to 4.3, add .provides() to metadata reactors
All checks were successful
bundlewrap/pipeline/head This commit looks good

This commit is contained in:
Franzi 2021-01-07 18:44:38 +01:00
parent 7f0fb7a6e2
commit 2d42e5f7dd
Signed by: kunsi
GPG key ID: 12E3D2136B818350
29 changed files with 158 additions and 47 deletions

12
Jenkinsfile vendored
View file

@ -34,6 +34,18 @@ pipeline {
""" """
} }
} }
stage('reactor.provides') {
when {
branch 'main'
}
steps {
sh """
. venv/bin/activate
export BW_VAULT_DUMMY_MODE=1
bw test -p
"""
}
}
stage('determinism') { stage('determinism') {
steps { steps {
sh """ sh """

View file

@ -11,7 +11,9 @@ defaults = {
} }
@metadata_reactor @metadata_reactor.provides(
'cron/upgrade-and-reboot'
)
def patchday(metadata): def patchday(metadata):
day = metadata.get('apt/unattended_upgrades/day', 5) day = metadata.get('apt/unattended_upgrades/day', 5)

View file

@ -9,7 +9,10 @@ defaults = {
} }
@metadata_reactor @metadata_reactor.provides(
'cron/backup',
'icinga2_api/backup-client/services',
)
def cron(metadata): def cron(metadata):
if metadata.get('backups/exclude_from_backups', False): if metadata.get('backups/exclude_from_backups', False):
return {} return {}

View file

@ -7,7 +7,9 @@ defaults = {
}, },
} }
@metadata_reactor @metadata_reactor.provides(
'backup-server/clients',
)
def get_my_clients(metadata): def get_my_clients(metadata):
my_clients = {} my_clients = {}
@ -26,7 +28,10 @@ def get_my_clients(metadata):
} }
@metadata_reactor @metadata_reactor.provides(
'zfs/datasets',
'zfs/snapshots/retain_per_dataset',
)
def zfs(metadata): def zfs(metadata):
zfs_datasets = {} zfs_datasets = {}
zfs_retains = {} zfs_retains = {}

View file

@ -7,7 +7,9 @@ defaults = {
} }
@metadata_reactor @metadata_reactor.provides(
'dhcpd/fixed_allocations',
)
def get_static_allocations(metadata): def get_static_allocations(metadata):
allocations = {} allocations = {}
for rnode in repo.nodes: for rnode in repo.nodes:
@ -28,7 +30,9 @@ def get_static_allocations(metadata):
} }
@metadata_reactor @metadata_reactor.provides(
'dhcpd/listen_interfaces',
)
def get_listen_interfaces(metadata): def get_listen_interfaces(metadata):
listen_interfaces = [] listen_interfaces = []
for identfier, subnet in node.metadata.get('dhcpd/subnets', {}).items(): for identfier, subnet in node.metadata.get('dhcpd/subnets', {}).items():
@ -41,7 +45,9 @@ def get_listen_interfaces(metadata):
} }
@metadata_reactor @metadata_reactor.provides(
'iptables/bundle_rules/dhcpd',
)
def iptables(metadata): def iptables(metadata):
iptables = set() iptables = set()
for identfier, subnet in node.metadata.get('dhcpd/subnets', {}).items(): for identfier, subnet in node.metadata.get('dhcpd/subnets', {}).items():

View file

@ -44,7 +44,10 @@ if node.has_bundle('postfixadmin'):
} }
@metadata_reactor @metadata_reactor.provides(
'dovecot/admin_email',
'dovecot/database/dbpass',
)
def import_database_settings_from_postfixadmin(metadata): def import_database_settings_from_postfixadmin(metadata):
if not node.has_bundle('postfixadmin'): if not node.has_bundle('postfixadmin'):
raise DoNotRunAgain raise DoNotRunAgain

View file

@ -45,7 +45,9 @@ defaults = {
} }
@metadata_reactor @metadata_reactor.provides(
'nginx/vhosts',
)
def nginx(metadata): def nginx(metadata):
if not node.has_bundle('nginx'): if not node.has_bundle('nginx'):
raise DoNotRunAgain raise DoNotRunAgain
@ -67,7 +69,9 @@ def nginx(metadata):
} }
@metadata_reactor @metadata_reactor.provides(
'icinga2_api/gitea/services',
)
def icinga_check_for_new_release(metadata): def icinga_check_for_new_release(metadata):
return { return {
'icinga2_api': { 'icinga2_api': {

View file

@ -72,7 +72,9 @@ defaults = {
}, },
} }
@metadata_reactor @metadata_reactor.provides(
'icinga2/icinga_users',
)
def add_users_from_json(metadata): def add_users_from_json(metadata):
with open(join(repo.path, 'users.json'), 'r') as f: with open(join(repo.path, 'users.json'), 'r') as f:
json = loads(f.read()) json = loads(f.read())

View file

@ -43,7 +43,9 @@ defaults = {
} }
@metadata_reactor @metadata_reactor.provides(
'icinga2_api/mautrix-telegram/services',
)
def icinga_check_for_new_release(metadata): def icinga_check_for_new_release(metadata):
return { return {
'icinga2_api': { 'icinga2_api': {

View file

@ -47,7 +47,9 @@ defaults = {
} }
@metadata_reactor @metadata_reactor.provides(
'icinga2_api/mautrix-whatsapp/services',
)
def icinga_check_for_new_release(metadata): def icinga_check_for_new_release(metadata):
return { return {
'icinga2_api': { 'icinga2_api': {

View file

@ -35,7 +35,9 @@ defaults = {
} }
@metadata_reactor @metadata_reactor.provides(
'nginx/vhosts',
)
def nginx(metadata): def nginx(metadata):
if not node.has_bundle('nginx'): if not node.has_bundle('nginx'):
raise DoNotRunAgain raise DoNotRunAgain

View file

@ -16,7 +16,9 @@ defaults = {
} }
@metadata_reactor @metadata_reactor.provides(
'iptables/bundle_rules/netdata',
)
def iptables(metadata): def iptables(metadata):
interfaces = metadata.get('netdata/restrict-to-interfaces', set()) interfaces = metadata.get('netdata/restrict-to-interfaces', set())
iptables = [] iptables = []

View file

@ -35,7 +35,9 @@ defaults = {
} }
@metadata_reactor @metadata_reactor.provides(
'nginx/worker_processes',
)
def worker_processes(metadata): def worker_processes(metadata):
return { return {
'nginx': { 'nginx': {
@ -44,7 +46,10 @@ def worker_processes(metadata):
} }
@metadata_reactor @metadata_reactor.provides(
'letsencrypt/domains',
'letsencrypt/reload_after',
)
def letsencrypt(metadata): def letsencrypt(metadata):
if not node.has_bundle('letsencrypt'): if not node.has_bundle('letsencrypt'):
raise DoNotRunAgain raise DoNotRunAgain
@ -65,7 +70,9 @@ def letsencrypt(metadata):
} }
@metadata_reactor @metadata_reactor.provides(
'nginx/vhosts',
)
def index_files(metadata): def index_files(metadata):
vhosts = {} vhosts = {}
@ -89,7 +96,9 @@ def index_files(metadata):
} }
@metadata_reactor @metadata_reactor.provides(
'icinga2_api/nginx/services',
)
def monitoring(metadata): def monitoring(metadata):
services = {} services = {}
@ -133,7 +142,9 @@ def monitoring(metadata):
} }
@metadata_reactor @metadata_reactor.provides(
'iptables/bundle_rules/nginx',
)
def iptables(metadata): def iptables(metadata):
interfaces = metadata.get('nginx/restrict-to-interfaces', set()) interfaces = metadata.get('nginx/restrict-to-interfaces', set())
iptables = [] iptables = []

View file

@ -20,7 +20,9 @@ defaults = {
} }
@metadata_reactor @metadata_reactor.provides(
'icinga2_api/octoprint/services',
)
def icinga(metadata): def icinga(metadata):
if 'api_key' not in metadata.get('octoprint', {}): if 'api_key' not in metadata.get('octoprint', {}):
return {} return {}

View file

@ -11,7 +11,9 @@ defaults = {
} }
@metadata_reactor @metadata_reactor.provides(
'apt/packages',
)
def php_packages_with_features(metadata): def php_packages_with_features(metadata):
version = metadata.get('php/version') version = metadata.get('php/version')

View file

@ -46,7 +46,9 @@ else:
# FIXME find a working, non-shitty check for that # FIXME find a working, non-shitty check for that
#@metadata_reactor #@metadata_reactor.provides(
# 'icinga2_api/postfix/services',
#)
def fill_icinga_spam_blocklist_check_with_hostname(metadata): def fill_icinga_spam_blocklist_check_with_hostname(metadata):
checks = {} checks = {}
@ -67,7 +69,10 @@ def fill_icinga_spam_blocklist_check_with_hostname(metadata):
} }
@metadata_reactor @metadata_reactor.provides(
'letsencrypt/domains',
'letsencrypt/reload_after',
)
def letsencrypt(metadata): def letsencrypt(metadata):
if not node.has_bundle('letsencrypt'): if not node.has_bundle('letsencrypt'):
raise DoNotRunAgain raise DoNotRunAgain

View file

@ -38,7 +38,9 @@ defaults = {
} }
@metadata_reactor @metadata_reactor.provides(
'icinga2_api/powerdns/services',
)
def monitoring_for_primary_nameserver(metadata): def monitoring_for_primary_nameserver(metadata):
if metadata.get('powerdns/is_secondary', False): if metadata.get('powerdns/is_secondary', False):
return {} return {}
@ -56,7 +58,9 @@ def monitoring_for_primary_nameserver(metadata):
} }
@metadata_reactor @metadata_reactor.provides(
'powerdns/my_secondary_servers',
)
def get_ips_of_secondary_nameservers(metadata): def get_ips_of_secondary_nameservers(metadata):
if metadata.get('powerdns/is_secondary', False): if metadata.get('powerdns/is_secondary', False):
return {} return {}
@ -73,7 +77,9 @@ def get_ips_of_secondary_nameservers(metadata):
}, },
} }
@metadata_reactor @metadata_reactor.provides(
'powerdns/my_primary_servers',
)
def get_ips_of_primary_nameservers(metadata): def get_ips_of_primary_nameservers(metadata):
if not metadata.get('powerdns/is_secondary', False): if not metadata.get('powerdns/is_secondary', False):
return {} return {}
@ -91,7 +97,9 @@ def get_ips_of_primary_nameservers(metadata):
} }
@metadata_reactor @metadata_reactor.provides(
'powerdns/bind-zones/kunbox.net/records',
)
def generate_dns_entries_for_nodes(metadata): def generate_dns_entries_for_nodes(metadata):
results = set() results = set()
@ -133,7 +141,9 @@ def generate_dns_entries_for_nodes(metadata):
} }
@metadata_reactor @metadata_reactor.provides(
'hosts/entries',
)
def hosts_entries_for_all_dns_servers(metadata): def hosts_entries_for_all_dns_servers(metadata):
entries = {} entries = {}

View file

@ -26,7 +26,9 @@ defaults = {
} }
@metadata_reactor @metadata_reactor.provides(
'icinga2_api/pppd/services',
)
def icinga_dyndns(metadata): def icinga_dyndns(metadata):
if 'dyndns' not in metadata.get('pppd'): if 'dyndns' not in metadata.get('pppd'):
return {} return {}

View file

@ -1,4 +1,6 @@
@metadata_reactor @metadata_reactor.provides(
'nginx/vhosts',
)
def nginx_config(metadata): def nginx_config(metadata):
return { return {
'nginx': { 'nginx': {

View file

@ -57,7 +57,9 @@ defaults = {
# Nodes managed by us should always be able to send mail to all other # Nodes managed by us should always be able to send mail to all other
# servers. # servers.
@metadata_reactor @metadata_reactor.provides(
'rspamd/ignore_spam_check_for_ips',
)
def populate_permitted_ips_list_with_ips_from_repo(metadata): def populate_permitted_ips_list_with_ips_from_repo(metadata):
ips = set() ips = set()

View file

@ -16,7 +16,9 @@ defaults = {
} }
@metadata_reactor @metadata_reactor.provides(
'smartd/disks',
)
def zfs_disks_to_metadata(metadata): def zfs_disks_to_metadata(metadata):
disks = set() disks = set()
@ -35,7 +37,9 @@ def zfs_disks_to_metadata(metadata):
} }
@metadata_reactor @metadata_reactor.provides(
'icinga2_api/smartd/services',
)
def icinga(metadata): def icinga(metadata):
services = {} services = {}

View file

@ -37,7 +37,9 @@ defaults = {
} }
@metadata_reactor @metadata_reactor.provides(
'icinga2_api',
)
def autogenerate_sshmon_command(metadata): def autogenerate_sshmon_command(metadata):
result = { result = {
'icinga2_api': {}, 'icinga2_api': {},
@ -59,7 +61,9 @@ def autogenerate_sshmon_command(metadata):
return result return result
@metadata_reactor @metadata_reactor.provides(
'icinga2_api/basic/services',
)
def default_checks(metadata): def default_checks(metadata):
disk_space_warning = metadata.get('sshmon/disk_space/warning', 15) disk_space_warning = metadata.get('sshmon/disk_space/warning', 15)
disk_space_critical = metadata.get('sshmon/disk_space/critical', 5) disk_space_critical = metadata.get('sshmon/disk_space/critical', 5)

View file

@ -1,4 +1,6 @@
@metadata_reactor @metadata_reactor.provides(
'interfaces',
)
def add_vlan_infos_to_interface(metadata): def add_vlan_infos_to_interface(metadata):
interfaces = {} interfaces = {}

View file

@ -22,7 +22,10 @@ defaults = {
} }
@metadata_reactor @metadata_reactor.provides(
'unbound/threads',
'unbound/cache_slabs',
)
def cpu_cores_to_config_values(metadata): def cpu_cores_to_config_values(metadata):
num_cpus = metadata.get('vm/cpu', 1) num_cpus = metadata.get('vm/cpu', 1)
@ -34,7 +37,9 @@ def cpu_cores_to_config_values(metadata):
} }
@metadata_reactor @metadata_reactor.provides(
'iptables/bundle_rules/unbound',
)
def iptables(metadata): def iptables(metadata):
interfaces = metadata.get('unbound/restrict-to-interfaces', set()) interfaces = metadata.get('unbound/restrict-to-interfaces', set())
iptables = [] iptables = []

View file

@ -18,7 +18,9 @@ defaults = {
} }
@metadata_reactor @metadata_reactor.provides(
'users',
)
def add_users_from_json(metadata): def add_users_from_json(metadata):
with open(join(repo.path, 'users.json'), 'r') as f: with open(join(repo.path, 'users.json'), 'r') as f:
json = loads(f.read()) json = loads(f.read())

View file

@ -20,7 +20,9 @@ defaults = {
} }
@metadata_reactor @metadata_reactor.provides(
'vnstat/interface',
)
def get_default_interface(metadata): def get_default_interface(metadata):
interfaces = sorted(metadata.get('interfaces', {}).keys()) interfaces = sorted(metadata.get('interfaces', {}).keys())
@ -34,7 +36,10 @@ def get_default_interface(metadata):
return {} return {}
@metadata_reactor @metadata_reactor.provides(
'cron',
'nginx/vhosts/vnstat',
)
def nginx_dashboard(metadata): def nginx_dashboard(metadata):
if not node.has_bundle('nginx'): if not node.has_bundle('nginx'):
raise DoNotRunAgain raise DoNotRunAgain

View file

@ -26,7 +26,9 @@ defaults = {
} }
@metadata_reactor @metadata_reactor.provides(
'wireguard/network',
)
def get_wireguard_network_from_server(metadata): def get_wireguard_network_from_server(metadata):
# FIXME This will break if more than one node sets 'wireguard/network' # FIXME This will break if more than one node sets 'wireguard/network'
for rnode in repo.nodes: for rnode in repo.nodes:
@ -46,7 +48,9 @@ def get_wireguard_network_from_server(metadata):
return {} return {}
@metadata_reactor @metadata_reactor.provides(
'wireguard/peers',
)
def get_my_wireguard_peers(metadata): def get_my_wireguard_peers(metadata):
peers = {} peers = {}
@ -76,7 +80,9 @@ def get_my_wireguard_peers(metadata):
} }
@metadata_reactor @metadata_reactor.provides(
'icinga2_api/wireguard/services',
)
def icinga2(metadata): def icinga2(metadata):
services = {} services = {}

View file

@ -87,7 +87,9 @@ if node.has_bundle('sshmon'):
}) })
@metadata_reactor @metadata_reactor.provides(
'cron/zfs-scrub',
)
def zfs_scrub_cronjob(metadata): def zfs_scrub_cronjob(metadata):
when = metadata.get('zfs/scrub/cron', '{} 0 * * sun'.format((node.magic_number % 60))) when = metadata.get('zfs/scrub/cron', '{} 0 * * sun'.format((node.magic_number % 60)))
return { return {

View file

@ -1,2 +1,2 @@
bundlewrap>=4.2.0 bundlewrap>=4.3.0
PyNaCl PyNaCl