Releases: basvandervlies/cf_surfsara_lib
Releases · basvandervlies/cf_surfsara_lib
1.8.2
Version: 1.8.2 (2025-09-26)
SCL enhancements:
scl_override_json_service_hookmust be run after loading all json data and before calling the service bundlesscl_service_copy_dirswhenexclude_dirswas set in json data it did not exclude the directories from copying- when using
template_methodfor files, do not usecreateattribute scl_service_rotate_filetransformer changed togzip --force
These services have bug fixes or new features:
- slurm:
- added
"preempt_section": {},to configure the preemptive directives, eg:
- added
"preempt_section": {
"PreemptMode": "REQUEUE",
"PreemptType": "preempt/partition_prio"
},
- rsyslog:
- Added support for syslog over TLS on port 6514 with the GNU TLS module
- Slightly modernised the configuration for the Global definitions
- node_exporter, slurm_prometheus_exporter and nvidia_gpu_prometheus_exporter
- systemd mustache template update remove the redirection
>/dev/null 2>&1
- systemd mustache template update remove the redirection
- apache; Fixed order for the tuning of the mpm_event_module after loading the module
- cron; Not only configure but also install cron
1.8.0
SCL enhancements:
- removed support for cfengine 3.12 and lower
- rewrote logic for scl json reading and merging. It is easier to debug and read
scl_show_data:- only allow one argument instead of two (https://tracker.mender.io/browse/CFE-2434 solved)
- remove
date_expand. Show raw variables for debuging no expansion required.
scl_service_install_tarballs:- Added check for
software_dirand create it if not exists
- Added check for
- These variables can be used in the mustache template to show which files are used for rendering
scl.template_file--> The mustache template used for renderingscl.json_files--> The json files used for rendering
- After parsing all service json files bundle(s) with tag
scl_override_json_service_hookwill run to allow overriding variables with classes set by the service json files - new bundle
scl_json_merge_data:- Here you can override service variables with the aid of json data, eg:
bundle agent service_override_json_data
{
meta:
"tags" slist => { "scl_override_json_service_hook" };
vars:
QUOBYTE_CLIENT::
"fuse_data" data => parsejson('{ "allow" : "user_allow_other" }'),
comment => "Needed for quobyte mounts";
methods:
QUOBYTE_CLIENT::
"" usebundle => scl_json_merge_data("fuse", "@(fuse_data)");
}
These services have bug fixes or new features:
- ssh:
- added Ciphers and MACs entries to improve security
- cron:
- the created files should be world reabable to enable cron for an user.
- jupyterhub:
- make rewriterule flags configurable
apache_rewriterule_flags - software directory can be different then configuration directory
sw_dir - hub configurtion files can also access OIDC variables
oauth_client_idandoauth_client_secret
- make rewriterule flags configurable
- tripwire:
- set
TRIPWIRE<file>class if hash has been changed so we can use it other service files
- set
- pam_radius:
- debian fix for >=3.0.0 detect if
/libis a directory instead of symlink to/usr/lib
- debian fix for >=3.0.0 detect if
- postfix:
- Enabled restart when postmap is used for generating hash files
- rootfiles:
- Must use
stepping_stone_authorized_keysinsteadstepping_stone
- Must use
- slurm
- Use standard
/sbinpath for service files
- Use standard
1.7.0 (Lena)
There is now a Matrix room to discuss or ask questions: #scl:surf.nl
SCL enhancements:
- added scl_dri_fixed_perms to set rw permissions on /dev/dri/* for all owners
- scl_service_install_tarballs extract when tarball is copied even if check_dir exists (bug fix)
- renamed scl_template_local_dcp to scl_dereference_dcp. Is also useful in other service files
- renamed boot_run to scl_boot_run. It is a SCL agent bundle.
- added a new variable that can be used in mustache to show which json_files are used, eg:
- scl.<service_name>_json_files --> scl.resolv_json_files
These services have bug fixes or new features:
- apt:
- added run_class to repo json file, eg: only generate repo file on x86_64 systems
amdgpu: {
run_class: linux_x86_64,
key_file: rocm.asc,
repo: [
{
name: amd_repo,
desc: amd gpu,
url: deb https://repo.radeon.com/amdgpu/$(rocm.driver_version)/ubuntu $(rocm.distribution) main
}
]
* APT_DIST_UPGRADE will be obsolete and is replaced by APT_OS_VERSION_CHECK
* apt_autoremove bundle also purged leftovers from removed packages.
* we can now control how the OS will be upgrade and which repo's will be used (default.json), eg:
"upgrade_options": [
"Dir::Etc::sourceparts=/dev/null",
"Dir::Etc::SourceList=$(apt.repos_dir)/debian_security.list",
"Dir::Etc::SourceList=$(apt.repos_dir)/debian.list",
"Dpkg::Options::=--force-confdef",
"Dpkg::Options::=--force-confold"
]
- munge:
- Make sure that log_dir exists.
- ntp:
- ntp becomes ntpsec by default. Bundle tested on Debian 11 & 12.
- resolv:
- Fixed a bug in generating options line in resolv.conf
- rootfiles:
- use the some function to test if var has a value
- slurm:
- Added reboot_node string that can be used to reboot node through Slurm
- Added a new class SLURM_INSTALL_ONLY. This will only install the software via packages or tarball
- You can now set all user atrtibutes like homedir and shell
- Added support for environment file in slurmd systemd service, default: /etc/default/slurmd
1.6.0
SCL enhancements:
- scl_mustache_service_autorun bug fix if called 2 times for same service with different bundles
- scl_service_copy_dirs will also set the destination directory permission to the specified perm
- renamed run_def_json.sh copy CLASSES ( eg, -DTEMPLATE_LOCAL_COPY, MUSTACHE_LOCAL_COPY and JSON_LOCAL_COPY ) to SCLOCAL
- DEBUG service (eg, -DDEBUG_slurm) will show for which classes the service is enabled
R: scl_services_run: 'slurm' is only enabled for class: `{ "SLURM_CLIENT", "SLURM_SERVER" }`
These services have bug fixes or new features:
- apache:
- service/daemon check matched unwanted processes, replace is with services: proise type
- apt:
- Added new class to be set on commandline to byopass schedule for debconf, APT_DEBCONF
- debian 12 and higher use non-free-firmware instead of non-free
- pam:
- made /etc/security/limits.sh configurable via mustache/json
- slurm:
- Added generation of job_container.conf, default mode is ignore the file JobContainerType=job_container/none
- Added support for slurmrestd service
- systemd service files are more configurable via mustache/json
- switch to group promise type and create slurm/slurmrestd logins for tarball installations
- Added nodeset_section to define Nodesets with as keyword the name of the Nodeset
- Added support for job_container_tmpfs
- Enabled default jwt support needed from slurmrestd, See AuthAlt keyword
1.5.0
- drop support for CFengine 3.7 and 3.10 Code is removed
- Added
run_classoption tocopy_files scl_mustach_copycan now handle debug output for string and listscl_service_rotate_fileslogic rewrite so that it works as expectedscl_copy_filesandscl_service_install_tarballsfix for run_bundle did not work must use class<file>_repaired- added new scl library bodies:
scl_cmd_kept: Only set class<value>_succededwhen command exits with value 0
- The json filenames that must be loaded can now contain variable names, eg:
"ssh": {
"json_files": [
"soil_$(def.cluster_role).json"
]
- New method for copy/expanding mustache templates
scl_mustache_service_autorun, Each bundle can define templates to be used, eg:scl_mustache_service_autorun("resolv", ""), usesresolv.template_2_destinationscl_mustache_service_autorun("resolv", "resolv_other_bundle"), usesresolv_other_bundle.template_2_destination
1.4.1
- ported to cfengine => 3.20,
rxdirsdefault option changed tofalsefor those release (scl_service_copy_dirswill fail)
1.4.0
- A class will be set for each service that is enabled, eg:
SCL_SERVICE_NTP_ENABLED - A class will be set for each inventory modules that is enabled, eg:
SCL_INVENTORY_LSCPU_ENABLED sara_datais replaced bysclfor all json/mustache filescf_bundles_diris replaced by standard shortcutdatafor all json/mustache files- Added some new scl bundlies:
scl_tidy_directory,scl_tidy_files - Added some new scl bodies:
scl_days_old_by_atime
Service variables are better resolved
- lscpu inventory module report if
jqnot found (#100) - jupyterhub, slurm, munge, resolv, node_exporter have bug fixes or new features
Version 1.2.0 resolve issue with undefined bodies/bundles
- Some service bundle still referenced an old company library
- Added a new bundle that can be used by services
scl_service_rotate_files. - Jupyterhub and Postfix service enhancements
Version 1.1.0 added cfbs support
- Added support for CFEngine build system (cbfs)
- template directory has been changed to
templates/scl copy_files,copy_dirsandinstall_tarballsset classes if a file, directory or tarball has been changed- nsswitch, postifx (a lot of configs are supported), slurm have bug fixes or new features
- Added a new service
sssd(System Security Services Daemon)