14. Manifest

14.1. Description

Manifests are used to define which objects to create. Objects are instances of types, like in object oriented programming languages. An object is represented by the combination of type + slash + object name: __file/etc/cdist-configured is an object of the type __file with the name etc/cdist-configured.

All available types can be found in the cdist/conf/type/ directory, use ls cdist/conf/type to get the list of available types. If you have setup the MANPATH correctly, you can use man cdist-reference to access the reference with pointers to the manpages.

Types in manifests are used like normal command line tools. Let's have a look at an example:

# Create object of type __package with the parameter state = absent
__package apache2 --state absent

# Same with the __directory type
__directory /tmp/cdist --state present

These two lines create objects, which will later be used to realise the configuration on the target host.

Manifests are executed locally as a shell script using /bin/sh -e. The resulting objects are stored in an internal database.

The same object can be redefined in multiple different manifests as long as the parameters are exactly the same.

In general, manifests are used to define which types are used depending on given conditions.

14.2. Initial and type manifests

Cdist knows about two types of manifests: The initial manifest and type manifests. The initial manifest is used to define, which configurations to apply to which hosts. The type manifests are used to create objects from types. More about manifests in types can be found in cdist type.

14.3. Define state in the initial manifest

The initial manifest is the entry point for cdist to find out, which objects to configure on the selected host. Cdist expects the initial manifest at cdist/conf/manifest/init.

Within this initial manifest you define which objects should be created on which host. To distinguish between hosts, you can use the environment variable __target_host and/or __target_hostname and/or __target_fqdn. Let's have a look at a simple example:

__cdistmarker

case "$__target_host" in
   localhost)
        __directory /home/services/kvm-vm --parents yes
   ;;
esac

This manifest says: Independent of the host, always use the type __cdistmarker, which creates the file /etc/cdist-configured, with the timestamp as content. The directory /home/services/kvm-vm, including all parent directories, is only created on the host localhost.

As you can see, there is no magic involved, the manifest is simple shell code that utilises cdist types. Every available type can be executed like a normal command.

14.4. Splitting up the initial manifest

If you want to split up your initial manifest, you can create other shell scripts in cdist/conf/manifest/ and include them in cdist/conf/manifest/init. Cdist provides the environment variable __manifest to reference the directory containing the initial manifest (see cdist reference).

The following example would include every file with a .sh suffix:

# Include *.sh
for manifest in $__manifest/*.sh; do
    # And source scripts into our shell environment
    . "$manifest"
done

14.5. Dependencies

If you want to describe that something requires something else, just setup the variable "require" to contain the requirements. Multiple requirements can be added white space separated.

 1 # No dependency
 2 __file /etc/cdist-configured
 3
 4 # Require above object
 5 require="__file/etc/cdist-configured" __link /tmp/cdist-testfile \
 6    --source /etc/cdist-configured  --type symbolic
 7
 8 # Require two objects
 9 require="__file/etc/cdist-configured __link/tmp/cdist-testfile" \
10    __file /tmp/cdist-another-testfile

Above the "require" variable is only set for the command that is immediately following it. Dependencies should always be declared that way.

On line 4 you can see that the instantiation of a type "__link" object needs the object "__file/etc/cdist-configured" to be present, before it can proceed.

This also means that the "__link" command must make sure, that either "__file/etc/cdist-configured" already is present, or, if it's not, it needs to be created. The task of cdist is to make sure, that the dependency will be resolved appropriately and thus "__file/etc/cdist-configured" be created if necessary before "__link" proceeds (or to abort execution with an error).

If you really need to make all types depend on a common dependency, you can export the "require" variable as well. But then, if you need to add extra dependencies to a specific type, you have to make sure that you append these to the globally already defined one.

# First of all, update the package index
__package_update_index
# Upgrade all the installed packages afterwards
require="__package_update_index" __package_upgrade_all
# Create a common dependency for all the next types so that they get to
# be executed only after the package upgrade has finished
export require="__package_upgrade_all"

# Ensure that lighttpd is installed after we have upgraded all the packages
__package lighttpd --state present
# Ensure that munin is installed after lighttpd is present and after all
# the packages are upgraded
require="$require __package/lighttpd" __package munin --state present

All objects that are created in a type manifest are automatically required from the type that is calling them. This is called "autorequirement" in cdist jargon.

You can find a more in depth description of the flow execution of manifests in cdist execution stages and of how types work in cdist type.

14.6. Create dependencies from execution order

You can tell cdist to execute all types in the order in which they are created in the manifest by setting up the variable CDIST_ORDER_DEPENDENCY. When cdist sees that this variable is setup, the current created object automatically depends on the previously created object.

It essentially helps you to build up blocks of code that build upon each other (like first creating the directory xyz than the file below the directory).

Read also about perils of CDIST_ORDER_DEPENDENCY.

14.7. Overrides

In some special cases, you would like to create an already defined object with different parameters. In normal situations this leads to an error in cdist. If you wish, you can setup the environment variable CDIST_OVERRIDE (any value or even empty is ok) to tell cdist, that this object override is wanted and should be accepted. ATTENTION: Only use this feature if you are 100% sure in which order cdist encounters the affected objects, otherwise this results in an undefined situation.

If CDIST_OVERRIDE and CDIST_ORDER_DEPENDENCY are set for an object, CDIST_ORDER_DEPENDENCY will be ignored, because adding a dependency in case of overrides would result in circular dependencies, which is an error.

14.8. Examples

The initial manifest may for instance contain the following code:

# Always create this file, so other sysadmins know cdist is used.
__file /etc/cdist-configured

case "$__target_host" in
   my.server.name)
      __directory /root/bin/
      __file /etc/issue.net --source "$__manifest/issue.net
   ;;
esac

The manifest of the type "nologin" may look like this:

__file /etc/nologin --source "$__type/files/default.nologin"

This example makes use of dependencies:

# Ensure that lighttpd is installed
__package lighttpd --state present
# Ensure that munin makes use of lighttpd instead of the default webserver
# package as decided by the package manager
require="__package/lighttpd" __package munin --state present

How to override objects:

# for example in the initial manifest

# create user account foobar with some hash for password
__user foobar --password 'some_fancy_hash' --home /home/foobarexample

# ... many statements and includes in the manifest later ...
# somewhere in a conditionally sourced manifest
# (e.g. for example only sourced if a special application is on the target host)

# this leads to an error ...
__user foobar --password 'some_other_hash'

# this tells cdist, that you know that this is an override and should be accepted
CDIST_OVERRIDE=yes __user foobar --password 'some_other_hash'
# it's only an override, means the parameter --home is not touched
# and stays at the original value of /home/foobarexample

Dependencies defined by execution order work as following:

# Tells cdist to execute all types in the order in which they are created ...
export CDIST_ORDER_DEPENDENCY=on
__sample_type 1
require="__some_type_somewhere/id" __sample_type 2
__example_type 23
# Now this types are executed in the creation order until the variable is unset
unset CDIST_ORDER_DEPENDENCY
# all now following types cdist makes the order ..
__not_in_order_type 42

# how it works :
# this lines above are translated to:
__sample_type 1
require="__some_type_somewhere/id __sample_type/1" __sample_type 2
require="__sample_type/2" __example_type 23
__not_in_order_type 42