Browse Source

bundles: use metastack syntax for metadata.get()

pull/32/head
Franzi 8 months ago
parent
commit
b06532241b
Signed by: kunsi GPG Key ID: 12E3D2136B818350
  1. 6
      bundles/apt/items.py
  2. 6
      bundles/backup-client/items.py
  3. 2
      bundles/backup-server/items.py
  4. 2
      bundles/basic/files/hosts
  5. 6
      bundles/c3voc-addons/items.py
  6. 2
      bundles/icinga2/files/icinga2/api-users.conf
  7. 2
      bundles/icinga2/files/icinga2/downtimes.conf
  8. 4
      bundles/icinga2/files/icinga2/hosts.conf
  9. 2
      bundles/icinga2/files/icinga2/users.conf
  10. 2
      bundles/icinga2/items.py
  11. 2
      bundles/iptables/files/iptables-enforce
  12. 2
      bundles/iptables/items.py
  13. 2
      bundles/letsencrypt/files/domains.txt
  14. 4
      bundles/letsencrypt/files/hook.sh
  15. 2
      bundles/lldp/files/bundlewrap.conf
  16. 2
      bundles/nfs-client/items.py
  17. 4
      bundles/nginx/items.py
  18. 2
      bundles/octoprint/items.py
  19. 2
      bundles/openssh/items.py
  20. 2
      bundles/openvpn-client/items.py
  21. 2
      bundles/pacman/items.py
  22. 2
      bundles/postfix/files/aliases
  23. 4
      bundles/postfix/files/main.cf
  24. 2
      bundles/postfix/items.py
  25. 2
      bundles/postgresql/files/pg_hba.conf
  26. 6
      bundles/postgresql/items.py
  27. 8
      bundles/powerdns/items.py
  28. 2
      bundles/pppd/items.py
  29. 2
      bundles/radicale/items.py
  30. 4
      bundles/redis/files/redis.conf
  31. 2
      bundles/rspamd/files/ip_whitelist.map
  32. 2
      bundles/smartd/files/smartd.conf
  33. 4
      bundles/systemd-networkd/items.py
  34. 2
      bundles/systemd/items.py
  35. 2
      bundles/wireguard/files/pppd-ip-up
  36. 2
      bundles/zfs/files/zfs-modprobe.conf
  37. 6
      bundles/zfs/items.py
  38. 4
      hooks/test_backup_metadata.py

6
bundles/apt/items.py

@ -31,7 +31,7 @@ files = {
'content_type': 'mako',
'mode': '0700',
'context': {
'data': node.metadata.get('apt', {}).get('unattended-upgrades', {}),
'data': node.metadata.get('apt/unattended-upgrades', {}),
}
},
'/etc/cloud': {
@ -132,7 +132,7 @@ pkg_apt = {
}
for name, data in node.metadata.get('apt', {}).get('repos', {}).items():
for name, data in node.metadata.get('apt/repos', {}).items():
files['/etc/apt/sources.list.d/{}.list'.format(name)] = {
'content_type': 'mako',
'content': ("\n".join(sorted(data['items']))).format(
@ -156,6 +156,6 @@ for name, data in node.metadata.get('apt', {}).get('repos', {}).items():
},
}
if node.metadata.get('apt', {}).get('packages', {}):
if node.metadata.get('apt/packages', {}):
for package, options in node.metadata['apt']['packages'].items():
pkg_apt[package] = options

6
bundles/backup-client/items.py

@ -1,6 +1,6 @@
from os.path import join
if node.metadata['backups'].get('exclude_from_backups', False):
if node.metadata.get('backups/exclude_from_backups', False):
files['/etc/backup.priv'] = {
'delete': True,
}
@ -17,7 +17,7 @@ else:
'username': node.metadata['backup-client']['user-name'],
'server': server,
'port': port,
'paths': node.metadata.get('backups', {}).get('paths', {}),
'paths': node.metadata.get('backups/paths', {}),
},
'mode': '0700',
}
@ -34,7 +34,7 @@ directories['/etc/backup-pre-hooks.d'] = {
'purge': True,
}
for hname, hcontent in node.metadata['backup-client'].get('pre-hooks', {}).items():
for hname, hcontent in node.metadata.get('backup-client/pre-hooks', {}).items():
files[f'/etc/backup-pre-hooks.d/50-{hname}'] = {
'content': '#!/bin/sh\n\n' + hcontent,
'mode': '0700',

2
bundles/backup-server/items.py

@ -2,7 +2,7 @@ assert node.has_bundle('zfs')
from os.path import join
for nodename, config in node.metadata.get('backup-server', {}).get('clients', {}).items():
for nodename, config in node.metadata.get('backup-server/clients', {}).items():
with open(join(repo.path, 'data', 'backup', 'keys', f'{nodename}.pub'), 'r') as f:
pubkey = f.read().strip()

2
bundles/basic/files/hosts

@ -7,6 +7,6 @@ ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
% for ip, entries in sorted(node.metadata.get('hosts', {}).get('entries', {}).items()):
% for ip, entries in sorted(node.metadata.get('hosts/entries', {}).items()):
${ip} ${' '.join(sorted(entries))}
% endfor

6
bundles/c3voc-addons/items.py

@ -27,7 +27,7 @@ pkg_apt = {
'wget': {},
}
if node.metadata.get('apt', {}).get('packages', {}):
if node.metadata.get('apt/packages', {}):
for package, options in node.metadata['apt']['packages'].items():
pkg_apt[package] = options
@ -62,7 +62,7 @@ files = {
'content_type': 'mako',
'mode': '0700',
'context': {
'data': node.metadata.get('apt', {}).get('unattended-upgrades', {}),
'data': node.metadata.get('apt/unattended-upgrades', {}),
}
},
}
@ -76,7 +76,7 @@ for crontab, content in node.metadata.get('cron', {}).items():
}
}
for vhost, config in node.metadata.get('nginx', {}).get('vhosts', {}).items():
for vhost, config in node.metadata.get('nginx/vhosts', {}).items():
if not 'domain' in config:
config['domain'] = vhost

2
bundles/icinga2/files/icinga2/api-users.conf

@ -1,4 +1,4 @@
% for user, config in sorted(node.metadata.get('icinga2', {}).get('api_users', {}).items()):
% for user, config in sorted(node.metadata.get('icinga2/api_users', {}).items()):
object ApiUser "${user}" {
password = "${config['password']}"
permissions = [ "${'", "'.join(sorted(config['permissions']))}" ]

2
bundles/icinga2/files/icinga2/downtimes.conf

@ -9,7 +9,7 @@ object ScheduledDowntime "unattended_upgrades" {
fixed = true
ranges = {
"${days[monitored_node.metadata.get('apt', {}).get('unattended_upgrades', {}).get('day', 5)]}" = "01:${monitored_node.magic_number%30}-01:${(monitored_node.magic_number%30)+30}"
"${days[monitored_node.metadata.get('apt/unattended_upgrades/day', 5)]}" = "01:${monitored_node.magic_number%30}-01:${(monitored_node.magic_number%30)+30}"
}
child_options = "DowntimeTriggeredChildren"

4
bundles/icinga2/files/icinga2/hosts.conf

@ -2,14 +2,14 @@
object Host "${monitored_node.name}" {
import "generic-host"
address = "${monitored_node.metadata.get('icinga_options', {}).get('hostname', monitored_node.hostname)}"
address = "${monitored_node.metadata.get('icinga_options/hostname', monitored_node.hostname)}"
vars.os = "${monitored_node.os}"
vars.sla = "${monitored_node.metadata.get('sla', '24x7')}"
vars.period = "${sla_info[monitored_node.metadata.get('sla', '24x7')]}"
vars.location = "${monitored_node.metadata.get('location', 'unknown')}"
vars.bw_groups = [ "${'", "'.join(sorted({group.name for group in monitored_node.groups}))}" ]
vars.notification.sms = ${str(monitored_node.metadata.get('icinga_options', {}).get('vars.notification.sms', True)).lower()}
vars.notification.sms = ${str(monitored_node.metadata.get('icinga_options/vars.notification.sms', True)).lower()}
vars.notification.mail = true
}
% endfor

2
bundles/icinga2/files/icinga2/users.conf

@ -2,7 +2,7 @@ object UserGroup "on-call_sms" {
display_name = "On-Call Support (with SMS)"
}
% for username, config in sorted(node.metadata.get('icinga2', {}).get('icinga_users', {}).items()):
% for username, config in sorted(node.metadata.get('icinga2/icinga_users', {}).items()):
object User "${username}" {
display_name = "${username}"
enable_notifications = true

2
bundles/icinga2/items.py

@ -290,7 +290,7 @@ svc_systemd = {
monitored_nodes = repo.nodes
for n in monitored_nodes[:]:
if n.metadata.get('icinga_options', {}).get('exclude_from_monitoring', False):
if n.metadata.get('icinga_options/exclude_from_monitoring', False):
monitored_nodes.remove(n)
bundle_metadata = {}

2
bundles/iptables/files/iptables-enforce

@ -1,6 +1,6 @@
#!/bin/bash
% if not node.metadata.get('iptables', {}).get('enabled', True):
% if not node.metadata.get('iptables/enabled', True):
exit 0
% endif

2
bundles/iptables/items.py

@ -28,7 +28,7 @@ files = {
},
}
for bundle, rules in node.metadata.get('iptables', {}).get('bundle_rules', {}).items():
for bundle, rules in node.metadata.get('iptables/bundle_rules', {}).items():
files[f'/etc/iptables-rules.d/20-{bundle}'] = {
# We must never use sorted() here. Bundles might rely on their order.
'content': '\n'.join(rules) + '\n',

2
bundles/letsencrypt/files/domains.txt

@ -1,5 +1,5 @@
${node.metadata['hostname']}
% for domain, aliases in sorted(node.metadata.get('letsencrypt', {}).get('domains', {}).items()):
% for domain, aliases in sorted(node.metadata.get('letsencrypt/domains', {}).items()):
${domain} ${' '.join(sorted(aliases))}
% endfor

4
bundles/letsencrypt/files/hook.sh

@ -1,6 +1,6 @@
deploy_cert() {<%text>
local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}" TIMESTAMP="${6}"</%text>
% for service, config in node.metadata.get('letsencrypt', {}).get('concat_and_deploy', {}).items():
% for service, config in node.metadata.get('letsencrypt/concat_and_deploy', {}).items():
# concat_and_deploy ${service}
if [ "$DOMAIN" = "${config['match_domain']}" ]; then
@ -25,7 +25,7 @@ deploy_cert() {<%text>
exit_hook() {<%text>
local ERROR="${1:-}"</%text>
% for service in sorted(node.metadata.get('letsencrypt', {}).get('reload_after', set())):
% for service in sorted(node.metadata.get('letsencrypt/reload_after', set())):
systemctl reload-or-restart ${service}
% endfor
}

2
bundles/lldp/files/bundlewrap.conf

@ -6,5 +6,5 @@
#
# --> Diese Datei wird von BundleWrap verwaltet! <--
configure system hostname "${node.metadata.get('lldp', {}).get('hostname', node.name)}"
configure system hostname "${node.metadata.get('lldp/hostname', node.name)}"
configure system platform "${node.os}"

2
bundles/nfs-client/items.py

@ -1,4 +1,4 @@
for mount, data in node.metadata.get('nfs-client',{}).get('mounts',{}).items():
for mount, data in node.metadata.get('nfs-client/mounts',{}).items():
data['mount'] = mount
data['mount_options'] = set(data.get('mount_options', set()))

4
bundles/nginx/items.py

@ -60,7 +60,7 @@ if node.metadata['nginx']['use_ssl_for_all_connections']:
},
}
for vhost, config in node.metadata.get('nginx', {}).get('vhosts', {}).items():
for vhost, config in node.metadata.get('nginx/vhosts', {}).items():
if not 'domain' in config:
config['domain'] = vhost
@ -69,7 +69,7 @@ for vhost, config in node.metadata.get('nginx', {}).get('vhosts', {}).items():
'content_type': 'mako',
'context': {
'vhost': vhost,
'php_version': node.metadata.get('php', {}).get('version', ''),
'php_version': node.metadata.get('php/version', ''),
**config,
},
'needs': set(),

2
bundles/octoprint/items.py

@ -39,7 +39,7 @@ files = {
'mode': '0755',
'content_type': 'mako',
'context': {
'api_key': node.metadata.get('octoprint', {}).get('api_key', ''),
'api_key': node.metadata.get('octoprint/api_key', ''),
},
},
}

2
bundles/openssh/items.py

@ -1,5 +1,5 @@
users_from_metadata = set()
additional_users = node.metadata.get('openssh', {}).get('allowed_users', set())
additional_users = node.metadata.get('openssh/allowed_users', set())
for user, config in node.metadata.get('users', {}).items():
if 'ssh_pubkey' in config and not config.get('delete', False):

2
bundles/openvpn-client/items.py

@ -6,7 +6,7 @@ directories = {
},
}
for config in node.metadata.get('openvpn-client', {}).get('configs', set()):
for config in node.metadata.get('openvpn-client/configs', set()):
files[f'/etc/openvpn/client/{config}.conf'] = {
'content': repo.vault.decrypt_file(join('openvpn-client', f'{config}.conf.vault')),
'triggers': {

2
bundles/pacman/items.py

@ -15,5 +15,5 @@ pkg_pacman = {
'wpa_actiond': {},
}
for pkg, config in node.metadata.get('pacman', {}).get('packages', {}).items():
for pkg, config in node.metadata.get('pacman/packages', {}).items():
pkg_pacman[pkg] = config

2
bundles/postfix/files/aliases

@ -1,6 +1,6 @@
root: hostmaster@kunbox.net
postmaster: hostmaster@kunbox.net
% for source, target in node.metadata.get('postfix', {}).get('aliases', {}).items():
% for source, target in node.metadata.get('postfix/aliases', {}).items():
${source}: ${', '.join(sorted(target))}
% endfor

4
bundles/postfix/files/main.cf

@ -3,14 +3,14 @@ biff = no
append_dot_mydomain = no
readme_directory = no
compatibility_level = 2
myhostname = ${node.metadata.get('postfix', {}).get('myhostname', node.metadata['hostname'])}
myhostname = ${node.metadata.get('postfix/myhostname', node.metadata['hostname'])}
myorigin = /etc/mailname
mydestination = $myhostname, localhost
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_protocols = all
message_size_limit = ${node.metadata.get('postfix', {}).get('message_size_limit_mb', 10)*1024*1024}
message_size_limit = ${node.metadata.get('postfix/message_size_limit_mb', 10)*1024*1024}
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases

2
bundles/postfix/items.py

@ -3,7 +3,7 @@ if node.has_bundle('postfixadmin'):
files = {
'/etc/mailname': {
'content': node.metadata.get('postfix', {}).get('myhostname', node.metadata['hostname']),
'content': node.metadata.get('postfix/myhostname', node.metadata['hostname']),
'triggers': {
'svc_systemd:postfix:restart',
},

2
bundles/postgresql/files/pg_hba.conf

@ -1,4 +1,4 @@
% for custom_rule in sorted(node.metadata.get('postgresql', {}).get('custom_rules', [])):
% for custom_rule in sorted(node.metadata.get('postgresql/custom_rules', [])):
${custom_rule}
% endfor
local all postgres peer

6
bundles/postgresql/items.py

@ -63,7 +63,7 @@ if node.has_bundle('backup-client'): # and not node.has_bundle('zfs'):
'source': 'backup-pre-hook',
'content_type': 'mako',
'context': {
'databases': node.metadata.get('postgresql', {}).get('databases', {}).keys(),
'databases': node.metadata.get('postgresql/databases', {}).keys(),
},
'mode': '0700',
}
@ -89,7 +89,7 @@ svc_systemd = {
postgres_dbs = {}
for user, config in node.metadata.get('postgresql', {}).get('roles', {}).items():
for user, config in node.metadata.get('postgresql/roles', {}).items():
postgres_roles[user] = {
'password': config['password'],
'needs': {
@ -97,7 +97,7 @@ for user, config in node.metadata.get('postgresql', {}).get('roles', {}).items()
},
}
for database, config in node.metadata.get('postgresql', {}).get('databases', {}).items():
for database, config in node.metadata.get('postgresql/databases', {}).items():
postgres_dbs[database] = {
'owner': config['owner'],
'needs': {

8
bundles/powerdns/items.py

@ -24,7 +24,7 @@ $TTL 60
)
"""
for rnode in sorted(repo.nodes_in_group('dns')):
ZONE_HEADER += '@ IN NS {}.\n'.format(rnode.metadata.get('powerdns', {}).get('my_hostname', rnode.metadata['hostname']))
ZONE_HEADER += '@ IN NS {}.\n'.format(rnode.metadata.get('powerdns/my_hostname', rnode.metadata['hostname']))
directories = {
'/etc/powerdns/pdns.d': {
@ -85,7 +85,7 @@ actions = {
},
}
if node.metadata['powerdns'].get('features', {}).get('bind', False):
if node.metadata.get('powerdns/features/bind', False):
primary_zones = set()
for zone in listdir(zone_path):
if not isfile(join(zone_path, zone)) or zone.startswith(".") or zone.startswith("_"):
@ -103,7 +103,7 @@ if node.metadata['powerdns'].get('features', {}).get('bind', False):
'content_type': 'mako',
'context': {
'header': ZONE_HEADER.format(serial=serial),
'metadata_records': node.metadata.get('powerdns', {}).get('bind-zones', {}).get(zone, {}).get('records', []),
'metadata_records': node.metadata.get('powerdns/bind-zones/{}/records'.format(zone), []),
},
'source': 'bind-zones/{}'.format(zone),
'triggers': {
@ -142,7 +142,7 @@ if node.metadata['powerdns'].get('features', {}).get('bind', False):
},
}
if node.metadata['powerdns'].get('features', {}).get('pgsql', False):
if node.metadata.get('powerdns/features/pgsql', False):
files['/etc/powerdns/pdns.d/pgsql.conf'] = {
'content_type': 'mako',
'context': {

2
bundles/pppd/items.py

@ -71,7 +71,7 @@ files = {
'/etc/ppp/wait-until-stopped': {
'content_type': 'mako',
'context': {
'services': node.metadata.get('pppd', {}).get('wait-until-stopped', set()),
'services': node.metadata.get('pppd/wait-until-stopped', set()),
},
'mode': '0700',
},

2
bundles/radicale/items.py

@ -27,7 +27,7 @@ files = {
'/etc/radicale/htpasswd': {
'content_type': 'mako',
'context': {
'users': node.metadata.get('radicale', {}).get('users', {}),
'users': node.metadata.get('radicale/users', {}),
},
'triggers': {
'svc_systemd:radicale:restart',

4
bundles/redis/files/redis.conf

@ -3,10 +3,10 @@ aof-load-truncated yes
aof-rewrite-incremental-fsync yes
appendfilename "appendonly.aof"
appendfsync everysec
appendonly ${node.metadata.get('redis', {}).get('appendonly', "no")}
appendonly ${node.metadata.get('redis/appendonly', "no")}
auto-aof-rewrite-min-size 64mb
auto-aof-rewrite-percentage 100
bind ${node.metadata.get('redis', {}).get('bind', "127.0.0.1")}
bind ${node.metadata.get('redis/bind', '127.0.0.1')}
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit pubsub 32mb 8mb 60
client-output-buffer-limit slave 256mb 64mb 60

2
bundles/rspamd/files/ip_whitelist.map

@ -1,3 +1,3 @@
% for ip in sorted(node.metadata.get('rspamd', {}).get('ignore_spam_check_for_ips', set())):
% for ip in sorted(node.metadata.get('rspamd/ignore_spam_check_for_ips', set())):
${ip}
% endfor

2
bundles/smartd/files/smartd.conf

@ -1,4 +1,4 @@
DEFAULT -d auto -a -n standby,12
% for disk in sorted(node.metadata.get('smartd', {}).get('disks', set())):
% for disk in sorted(node.metadata.get('smartd/disks', set())):
${disk}
% endfor

4
bundles/systemd-networkd/items.py

@ -73,7 +73,7 @@ for interface, config in node.metadata['interfaces'].items():
},
}
for bond, config in node.metadata.get('systemd-networkd', {}).get('bonds', {}).items():
for bond, config in node.metadata.get('systemd-networkd/bonds', {}).items():
files['/etc/systemd/network/20-bond-{}.netdev'.format(bond)] = {
'source': 'template-bond.netdev',
'content_type': 'mako',
@ -104,7 +104,7 @@ for bond, config in node.metadata.get('systemd-networkd', {}).get('bonds', {}).i
},
}
for brname, config in node.metadata.get('systemd-networkd', {}).get('bridges', {}).items():
for brname, config in node.metadata.get('systemd-networkd/bridges', {}).items():
files['/etc/systemd/network/30-bridge-{}.netdev'.format(brname)] = {
'source': 'template-bridge.netdev',
'content_type': 'mako',

2
bundles/systemd/items.py

@ -31,7 +31,7 @@ files = {
'/etc/systemd/journald.conf': {
'content_type': 'mako',
'context': {
'journal': node.metadata.get('systemd', {}).get('journal', {}),
'journal': node.metadata.get('systemd/journal', {}),
},
'triggers': {
'svc_systemd:systemd-journald:restart',

2
bundles/wireguard/files/pppd-ip-up

@ -4,7 +4,7 @@
# it gets connected. Easiest way is to simply send some pings to the
# other side.
% for peer, config in node.metadata.get('wireguard', {}).get('peers', {}).items():
% for peer, config in node.metadata.get('wireguard/peers', {}).items():
% for ip in sorted(config['ips']):
# refresh connection to ${peer} ${ip}
/usr/bin/ping -c 4 ${ip.split('/')[0] if '/' in ip else ip}

2
bundles/zfs/files/zfs-modprobe.conf

@ -1,5 +1,5 @@
<%
arc_max_mb = node.metadata.get('zfs', {}).get('module_options', {}).get('zfs_arc_max_mb', 1024)
arc_max_mb = node.metadata.get('zfs/module_options/zfs_arc_max_mb', 1024)
%>\
% if arc_max_mb != 0:
options zfs zfs_arc_max=${arc_max_mb * 1024 * 1024}

6
bundles/zfs/items.py

@ -30,7 +30,7 @@ files = {
},
'/etc/zfs-snapshot-config.json': {
'content': dumps(
node.metadata.get('zfs', {}).get('snapshots', {}),
node.metadata.get('zfs/snapshots', {}),
cls=MetadataJSONEncoder, # turns sets into sorted lists
indent=4,
sort_keys=True,
@ -72,10 +72,10 @@ svc_systemd = {
},
}
zfs_datasets = node.metadata.get('zfs', {}).get('datasets', {})
zfs_datasets = node.metadata.get('zfs/datasets', {})
zfs_pools = {}
for name, attrs in node.metadata.get('zfs', {}).get('pools', {}).items():
for name, attrs in node.metadata.get('zfs/pools', {}).items():
zfs_pools[name] = attrs
# Not yet supported on debian buster

4
hooks/test_backup_metadata.py

@ -2,7 +2,7 @@ def test_node(repo, node, **kwargs):
if not node.has_bundle('backup-client'):
return
if node.metadata.get('backups', {}).get('exclude_from_backups', False):
if node.metadata.get('backups/exclude_from_backups', False):
return
assert len(node.metadata.get('backups', {}).get('paths', set())) > 0, f'{node.name} has backups configured, but no backup paths defined!'
assert len(node.metadata.get('backups/paths', set())) > 0, f'{node.name} has backups configured, but no backup paths defined!'

Loading…
Cancel
Save