From 9d6e6241954d001a5b49e4ea9a48c10e2a792958 Mon Sep 17 00:00:00 2001 From: "Chris St. Pierre" Date: Mon, 10 Dec 2012 17:19:54 -0600 Subject: generate XML schema docs from XML schemas themselves --- doc/client/tools/actions.txt | 22 +- doc/client/tools/yum.txt | 45 +- doc/conf.py | 11 +- doc/exts/xmlschema.py | 810 ++ doc/server/genshi-xml.txt | 24 + doc/server/index.txt | 1 + doc/server/info.txt | 100 +- doc/server/plugins/generators/packages.txt | 216 +- doc/server/plugins/generators/pkgmgr.txt | 91 +- doc/server/plugins/generators/rules.txt | 479 +- doc/server/plugins/generators/semodules.txt | 9 +- doc/server/plugins/generators/sslca.txt | 90 +- doc/server/plugins/grouping/metadata.txt | 236 +- doc/server/plugins/structures/bundler/index.txt | 2 + doc/unsorted/writing_specification.txt | 102 +- schemas/bundle.xsd | 68 +- schemas/clients.xsd | 161 +- schemas/deps.xsd | 21 +- schemas/fileprobes.xsd | 12 +- schemas/genshi.xsd | 290 +- schemas/info.xsd | 127 +- schemas/metadata.xsd | 165 +- schemas/nagiosgen.xsd | 12 +- schemas/packages.xsd | 219 +- schemas/pkglist.xsd | 86 +- schemas/pkgtype.xsd | 316 +- schemas/rules.xsd | 114 +- schemas/selinux.xsd | 302 + schemas/servicetype.xsd | 102 +- schemas/sslca-cert.xsd | 167 +- schemas/sslca-key.xsd | 76 +- schemas/types.xsd | 420 +- schemas/xs3p.xsl | 8503 -------------------- setup.py | 109 +- src/lib/Bcfg2/Client/Tools/POSIX/Hardlink.py | 1 + src/lib/Bcfg2/Client/Tools/VCS.py | 7 +- src/lib/Bcfg2/Server/Plugins/Metadata.py | 12 +- testsuite/Testschema/test_schema.py | 36 +- .../Testlib/TestServer/TestPlugins/TestMetadata.py | 3 - 39 files changed, 3558 insertions(+), 10009 deletions(-) create mode 100644 doc/exts/xmlschema.py create mode 100644 doc/server/genshi-xml.txt create mode 100644 schemas/selinux.xsd delete mode 100644 schemas/xs3p.xsl diff --git a/doc/client/tools/actions.txt b/doc/client/tools/actions.txt index 49488dfbe..81486ecd1 100644 --- a/doc/client/tools/actions.txt +++ b/doc/client/tools/actions.txt @@ -23,24 +23,7 @@ so they can be centrally observed. Actions look like: status='ignore|check' build='true|false'/> -+-----------+------------------+-------------------------------------------+ -| Attribute | Values | Meaning | -+===========+==================+===========================================+ -| timing | pre, post, both | When the action is run | -+-----------+------------------+-------------------------------------------+ -| name | freeform | action name | -+-----------+------------------+-------------------------------------------+ -| command | freeform | command text | -+-----------+------------------+-------------------------------------------+ -| when | always, modified | If the action is always run, or only when | -| | | a bundle should be or has been modified | -+-----------+------------------+-------------------------------------------+ -| status | ignore, check | If the return code of the action | -| | | should be reported or not | -+-----------+------------------+-------------------------------------------+ -| build | true, false | Also execute the action in build mode | -| | | (default: true) | -+-----------+------------------+-------------------------------------------+ +.. xml:type:: ActionType Note that the status attribute tells the bcfg2 client to ignore return status, causing failures to still not be centrally reported. If @@ -65,7 +48,8 @@ Then a corresponding entry must be included in the Rules directory, like: .. code-block:: xml - + This allows different clients to get different actions as a part of the diff --git a/doc/client/tools/yum.txt b/doc/client/tools/yum.txt index 10c3cf725..47ef3d5e9 100644 --- a/doc/client/tools/yum.txt +++ b/doc/client/tools/yum.txt @@ -298,46 +298,19 @@ not in the clients configuration. Ignoring Files during Verification ---------------------------------- -Ignore Tag -^^^^^^^^^^ - -The Ignore tag in Pkgmgr is used to "mask out" individual files from -the RPM verification. This is done by comparing the verification -failure results with the Ignore tag name. If there is a match, that -entry is not used by the client to determine if a package has failed +The :ref:`path-ignore` Path tag is used to exempt individual files +from the RPM verification. This is done by comparing the verification +failure results with the ignore Path. If there is a match, that entry +is not used by the client to determine if a package has failed verification. -Ignore tag entries can be specified at both the Package level, in which -case they apply to all Instances, and/or at the Instance level, in which -case they only apply to that instance. - -Ignore tag entries are used by the RPM driver. They can be specified -in both old and new style Pkgmgr files. - -The Ignore Tag supports the following attributes: - -+-----------+-------------+--------+ -| Attribute | Description | Values | -+===========+=============+========+ -| name | File name. | String | -+-----------+-------------+--------+ - -Example - -.. code-block:: xml - - - - - +Path ignore entries can be specified at both the Package level, in +which case they apply to all Instances, and/or at the Instance level, +in which case they only apply to that instance. -POSIX 'ignore' Path entries -^^^^^^^^^^^^^^^^^^^^^^^^^^^ +See :ref:`path-ignore` for more details. -The YUM analog to the Ignore Tag used by RPM is the use of Path -entries of type 'ignore'. The following shows an example for the -centos-release package which doesn't verify if you remove the default -repos and replace them with a custom repo. +Example: .. code-block:: xml diff --git a/doc/conf.py b/doc/conf.py index ab011b2a5..0b88ddf2f 100644 --- a/doc/conf.py +++ b/doc/conf.py @@ -21,6 +21,7 @@ import time # documentation root, use os.path.abspath to make it absolute, like shown here. sys.path.insert(0, os.path.abspath('../src/lib')) sys.path.insert(0, os.path.abspath('..')) +sys.path.insert(0, os.path.abspath('exts')) # -- General configuration ----------------------------------------------------- @@ -30,11 +31,15 @@ sys.path.insert(0, os.path.abspath('..')) # Add any Sphinx extension module names here, as strings. They can be extensions # coming with Sphinx (named 'sphinx.ext.*') or your custom ones. extensions = ['sphinx.ext.autodoc', 'sphinx.ext.doctest', - 'sphinx.ext.intersphinx', 'sphinx.ext.viewcode'] + 'sphinx.ext.intersphinx', 'sphinx.ext.viewcode', + 'xmlschema'] # Add any paths that contain templates here, relative to this directory. templates_path = ['_templates'] +# Path to XML schemas +xmlschema_path = "../schemas" + # The suffix of source filenames. source_suffix = '.txt' @@ -288,6 +293,7 @@ private_re = re.compile(r'^\s*\.\.\s*private-include:\s*(.+)$') private_include = [] + def skip_member_from_docstring(app, what, name, obj, skip, options): """ since sphinx 1.0 autodoc doesn't support the :private-members: directive, this function allows you to specify @@ -308,7 +314,7 @@ def skip_member_from_docstring(app, what, name, obj, skip, options): if match: private_include.extend(re.split(r',\s*', match.group(1))) return None - + if not skip: return None @@ -316,6 +322,7 @@ def skip_member_from_docstring(app, what, name, obj, skip, options): return False return None + def setup(app): app.connect('autodoc-skip-member', skip_member_from_docstring) diff --git a/doc/exts/xmlschema.py b/doc/exts/xmlschema.py new file mode 100644 index 000000000..fc5788107 --- /dev/null +++ b/doc/exts/xmlschema.py @@ -0,0 +1,810 @@ +""" Sphinx extension to generate documention from XML schemas. Known +to be woefully imcomplete, probably buggy, terrible error handling, +but it *works* for the subset of XML schema we use in Bcfg2. + +Provides the following directives: + +* ``.. xml:schema:: ``: Document an XML schema +* ``.. xml:type:: ``: Document a complexType or simpleType +* ``.. xml:group:: ``: Document an element group +* ``.. xml:attributegroup:: ``: Document an attributeGroup +* ``.. xml:element:: ``: Document an XML element + +Provides the following roles to link to the objects documented above: + +* ``:xml:schema:````: Link to an XML schema +* ``:xml:type:````: Link to a complexType or simpleType +* ``:xml:group:````: Link to an element group +* ``:xml:attributegroup:````: Link to an attributeGroup +* ``:xml:element:````: Link to an element +* ``:xml:attribute:`:```: Link to the attribute in the + given context. The context is the name of the containing object, + e.g., the parent attributeGroup, element, or complexType. +* ``:xml:datatype:````: Link to a built-in XML data type. + +Note that the entity being linked to does not need to have been +explicitly documented with a directive; e.g., if you document a schema +that contains a complexType, you can link to that type without having +used the ``xml:type::`` directive. + +Note also that it's far more reliable to link to a complexType than an +element, since element name collisions are fairly common. You should +avoid type name collisions whenever possible to maximize usability of +this extension. + +There are two configuration items that may be added to conf.py: + +* ``xmlschema_path`` gives the base path to all XML schemas. +* ``xmlschema_datatype_url`` gives a string pattern that will be used + to generate links to built-in XML types. It must contain a single + ``%s``, which will be replaced by the name of the type. +""" + +import os +import operator +import lxml.etree +from docutils import nodes +from sphinx import addnodes, roles +from docutils.statemachine import ViewList +from docutils.parsers.rst import directives +from sphinx.util.nodes import make_refnode, split_explicit_title, \ + nested_parse_with_titles +from sphinx.util.compat import Directive +from sphinx.domains import ObjType, Domain + +XS = "http://www.w3.org/2001/XMLSchema" +XS_NS = "{%s}" % XS +NSMAP = dict(xs=XS) + + +def comma_split(opt): + return opt.split(",") + + +def flag_or_split(opt): + try: + return opt.split(",") + except AttributeError: + return True + + +class _XMLDirective(Directive): + """ Superclass for the other XML schema directives. """ + required_arguments = 1 + option_spec = dict(namespace=directives.unchanged, + nochildren=directives.flag, + noattributegroups=directives.flag, + nodoc=directives.flag, + notext=directives.flag, + onlyattrs=comma_split, + requiredattrs=comma_split, + linktotype=flag_or_split, + noautodep=flag_or_split, + inlinetypes=comma_split) + types = [] + + def run(self): + name = self.arguments[0] + env = self.state.document.settings.env + ns_name = self.options.get('namespace') + try: + ns_uri = env.xmlschema_namespaces[ns_name] + except KeyError: + # URI given as namespace + ns_uri = ns_name + etype = None + for etype in self.types: + try: + entity = env.xmlschema_entities[ns_uri][etype][name] + break + except KeyError: + pass + else: + env.app.error("No XML %s %s found" % + (" or ".join(self.types), name)) + documentor = XMLDocumentor(entity, env, self.state, name=name, + ns_uri=ns_uri, + include=self.process_include(), + options=self.process_options()) + return documentor.document() + + def process_include(self): + return dict(children='nochildren' not in self.options, + attributegroups='noattributegroups' not in self.options, + doc='nodoc' not in self.options, + text='notext' not in self.options) + + def process_options(self): + return dict(onlyattrs=self.options.get('onlyattrs'), + requiredattrs=self.options.get('requiredattrs', []), + linktotype=self.options.get('linktotype', []), + noautodep=self.options.get('noautodep', False), + inlinetypes=self.options.get('inlinetypes', [])) + + +def XMLDirective(types): + class cls(_XMLDirective): + pass + + cls.__name__ = 'XML%sDirective' % types[0] + cls.types = types + return cls + + +class XMLDocumentor(object): + def __init__(self, entity, environment, state, name=None, ns_uri=None, + parent=None, include=None, options=None): + self.entity = entity + self.env = environment + self.entities = self.env.xmlschema_entities + self.namespaces = self.env.xmlschema_namespaces + self.namespaces_by_uri = self.env.xmlschema_namespaces_by_uri + self.state = state + self.include = include + self.options = options + self.app = self.env.app + + if name is None: + self.ns_uri = ns_uri + self.fqname = self.entity.get("name") + self.ns_name, self.name = self.split_ns(self.fqname) + if self.ns_uri is None and self.ns_name is not None: + self.ns_uri = self.namespaces[self.ns_name] + else: + self.ns_uri = ns_uri + self.ns_name = self.namespaces_by_uri[self.ns_uri] + self.name = name + if self.ns_name: + self.fqname = "%s:%s" % (self.ns_name, self.name) + else: + self.fqname = name + self.tname = nodes.strong(self.fqname, self.fqname) + self.tag = self.entity.tag[len(XS_NS):] + self.type = tag2type(self.tag) + self.parent = parent + if self.parent is None: + self.dependencies = [] + self.documented = [] + else: + self.dependencies = self.parent.dependencies + self.documented = self.parent.documented + + def document(self): + eid = (self.tag, self.fqname) + if eid in self.documented: + return [build_paragraph(get_xref(self.tag, eid[1]))] + else: + self.documented.append(eid) + + rv = [self.target_node(self.tag, self.ns_name, self.name)] + + data = addnodes.desc(objtype=self.tag) + targetid = get_target_id(self.tag, self.ns_name, self.name) + header = addnodes.desc_signature('', '', + first=True, + ids=[targetid]) + + if self.include['doc']: + header.extend([nodes.emphasis(self.tag, self.tag), + text(" "), self.tname]) + data.append(header) + contents = nodes.definition() + if self.include['doc']: + contents.append(self.get_doc(self.entity)) + contents.extend(getattr(self, "document_%s" % self.tag)()) + data.append(contents) + rv.append(data) + + if self.parent is None: + # avoid adding duplicate dependencies + added = [(self.type, self.name)] + for typ, name, entity in self.dependencies: + if not name: + name = entity.get('name') + if (typ, name) in added: + continue + ns_name, name = self.split_ns(name) + ns_uri = self.namespaces[ns_name] + if not entity: + try: + entity = self.entities[ns_uri][typ][name] + except KeyError: + self.app.warn("Dependency %s not found in schemas" % + get_target_id(typ, ns_name, name)) + continue + doc = self.get_documentor(entity, name=name, ns_uri=ns_uri) + rv.extend(doc.document()) + added.append((typ, name)) + return rv + + def document_schema(self): + element = self.entity.find("xs:element", namespaces=NSMAP) + if element is not None: + ns, name = self.split_ns(element.get("name")) + doc = self.get_documentor(element, name=name, + ns_uri=self.namespaces[ns]) + return doc.document() + else: + # no top-level element or group -- just a list of + # (abstract) complexTypes? + rv = [] + for ctype in self.entity.findall("xs:complexType", + namespaces=NSMAP): + ns, name = self.split_ns(ctype.get("name")) + doc = self.get_documentor(ctype, name=name, + ns_uri=self.namespaces[ns]) + rv.extend(doc.document()) + return rv + + def document_group(self): + rv = nodes.definition_list() + try: + (children, groups) = \ + self.get_child_elements(self.entity, nodeclass=nodes.paragraph) + except TypeError: + return [build_paragraph(nodes.strong("Any", "Any"), + " arbitrary element allowed")] + + append_node(rv, nodes.term, text("Elements:")) + append_node(rv, nodes.definition, *children) + if len(groups): + append_node(rv, nodes.term, text("Element groups:")) + append_node(rv, nodes.definition, *groups) + return rv + + def document_element(self): + fqtype = self.entity.get("type") + if fqtype: + (etype_ns, etype) = self.split_ns(fqtype) + ns_uri = self.get_namespace_uri(etype_ns) + values = self.get_values_from_type() + if values != "Any": + return [build_paragraph( + self.tname, + " takes only text content, which may be the ", + "following values: ", + values)] + elif etype in self.entities[ns_uri]["complexType"]: + if ((self.options['linktotype'] is True or + self.name in self.options['linktotype'] or + etype in self.options['linktotype'] or + fqtype in self.options['linktotype']) and + self.name not in self.options['inlinetypes'] and + etype not in self.options['inlinetypes']): + self.add_dep('complexType', fqtype, None) + return [build_paragraph("Type: ", + get_xref("type", fqtype))] + + typespec = self.entities[ns_uri]["complexType"][etype] + doc = self.get_documentor(typespec, + name=self.entity.get("name")) + rv = [self.target_node("complexType", etype_ns, etype)] + if self.include['doc'] and not self.get_doc(self.entity): + rv.append(self.get_doc(typespec)) + rv.extend(doc.document_complexType()) + return rv + else: + self.app.error("Unknown element type %s" % fqtype) + else: + rv = [] + typespec = self.entity.find("xs:complexType", namespaces=NSMAP) + if self.include['doc'] and not self.get_doc(self.entity): + rv.append(self.get_doc(typespec)) + if typespec is not None: + rv = [self.target_node("complexType", self.ns_name, self.name)] + doc = self.get_documentor(typespec) + rv.extend(doc.document_complexType()) + return rv + + def document_complexType(self): + rv = nodes.definition_list() + + ##### ATTRIBUTES ##### + table, tbody = self.get_attr_table() + attrs = self.get_attrs(self.entity) + if attrs: + tbody.extend(attrs) + + foreign_attr_groups = nodes.bullet_list() + for agroup in self.entity.xpath("xs:attributeGroup", + namespaces=NSMAP): + # if the attribute group is in another namespace, just + # link to it + ns, name = self.split_ns(agroup.get('ref')) + if ns != self.ns_name: + append_node( + foreign_attr_groups, + nodes.list_item, + build_paragraph(get_xref(tag2type("attributeGroup"), + ":".join([ns, name])))) + else: + tbody.extend(self.get_attrs( + self.entities['attributeGroup'][name])) + + if len(tbody): + append_node(rv, nodes.term, text("Attributes:")) + append_node(rv, nodes.definition, table) + if self.include['attributegroups'] and len(foreign_attr_groups): + append_node(rv, nodes.term, text("Attribute groups:")) + append_node(rv, nodes.definition, foreign_attr_groups) + + ##### ELEMENTS ##### + if self.include['children']: + # todo: distinguish between elements that may occur and + # elements that must occur + try: + (children, groups) = self.get_child_elements(self.entity) + except TypeError: + children = None + groups = None + rv.append(build_paragraph(nodes.strong("Any", "Any"), + " arbitrary child elements allowed")) + if children: + append_node(rv, nodes.term, text("Child elements:")) + append_node(rv, nodes.definition, + build_node(nodes.bullet_list, *children)) + + if groups: + append_node(rv, nodes.term, text("Element groups:")) + append_node(rv, nodes.definition, *groups) + + ##### TEXT CONTENT ##### + if (self.include['text'] and + self.entity.get("mixed", "false").lower() == "true"): + append_node(rv, nodes.term, text("Text content:")) + append_node(rv, nodes.definition, + build_paragraph(self.get_values_from_simpletype())) + return [rv] + + def document_attributeGroup(self): + attrs = self.get_attrs(self.entity) + if attrs: + table, tbody = self.get_attr_table() + tbody.extend(attrs) + return [table] + else: + return [] + + def get_attr_table(self): + atable = nodes.table() + atgroup = build_node(nodes.tgroup('', cols=5), + nodes.colspec(colwidth=10), + nodes.colspec(colwidth=50), + nodes.colspec(colwidth=20), + nodes.colspec(colwidth=10), + nodes.colspec(colwidth=10), + nodes.thead('', + build_table_row("Name", "Description", + "Values", "Required", + "Default"))) + atable.append(atgroup) + atable_body = nodes.tbody() + atgroup.append(atable_body) + return (atable, atable_body) + + def get_child_elements(self, el, nodeclass=None): + """ returns a tuple of (child element nodes, element group + nodes). HOWEVER, if _any_ child is allowed, returns True. """ + children = [] + groups = [] + if nodeclass is None: + nodeclass = nodes.list_item + + if el.find("xs:any", namespaces=NSMAP) is not None: + return True + + for child in el.findall("xs:element", namespaces=NSMAP): + node = nodeclass() + if child.get('ref'): + node.append(build_paragraph(get_xref('element', + child.get('ref')))) + else: + # child element given inline + doc = self.get_documentor(child, name=child.get('name')) + node.extend(doc.document()) + children.append(node) + + for group in el.findall("xs:group", namespaces=NSMAP): + if group.get('ref'): + name = group.get('ref') + node = nodeclass() + node.append(build_paragraph(get_xref('group', name))) + self.add_dep('group', name, None) + groups.append(node) + else: + rv = self.get_child_elements(group, nodeclass=nodeclass) + try: + children.extend(rv[0]) + groups.extend(rv[1]) + except TypeError: + return rv + + for container in el.xpath("xs:all|xs:choice|xs:sequence", + namespaces=NSMAP): + rv = self.get_child_elements(container, nodeclass=nodeclass) + try: + children.extend(rv[0]) + groups.extend(rv[1]) + except TypeError: + return rv + return (children, groups) + + def get_documentor(self, entity, name=None, ns_uri=None): + if name is None: + name = self.name + if ns_uri is None: + ns_uri = self.ns_uri + return XMLDocumentor(entity, self.env, self.state, name=name, + ns_uri=ns_uri, parent=self, options=self.options, + include=self.include) + + def get_attrs(self, el, context=None): + cnode = el + while context is None and cnode is not None: + context = cnode.get('name') + cnode = cnode.getparent() + + rows = [] + for attr in el.xpath("xs:attribute[@name]", namespaces=NSMAP): + name = attr.get("name") + if self.ns_name: + fqname = "%s:%s" % (self.ns_name, name) + else: + fqname = name + if (self.options['onlyattrs'] and + name not in self.options['onlyattrs'] and + fqname not in self.options['onlyattrs']): + continue + tag = attr.tag[len(XS_NS):] + row = [build_paragraph(self.target_node(tag, self.ns_name, context, + name), + nodes.literal(fqname, fqname))] + row.append(self.get_doc(attr)) + if attr.get("type") is not None: + row.append(build_paragraph( + self.get_values_from_type(entity=attr))) + else: + atype = attr.find("xs:simpleType", namespaces=NSMAP) + if atype: + row.append(self.get_values_from_simpletype(atype)) + else: + # todo: warn about no type found + pass + reqd = 0 + if (name in self.options['requiredattrs'] or + attr.get("use", "optional") == "required"): + row.append("Yes") + reqd = 1 + else: + row.append("No") + default = attr.get("default") + if default is None: + row.append("None") + else: + row.append(nodes.literal(default, default)) + # we record name and required separately to make sorting + # easier + rows.append((name, reqd, build_table_row(*row))) + rows.sort(key=operator.itemgetter(0)) + rows.sort(key=operator.itemgetter(1), reverse=True) + if not self.options['onlyattrs'] or '*' in self.options['onlyattrs']: + anyattr = el.find("xs:anyAttribute", namespaces=NSMAP) + if anyattr is not None: + rows.append((None, None, + build_table_row('*', self.get_doc(anyattr), + "Any", "No", "None"))) + return [r[2] for r in rows] + + def get_values_from_type(self, entity=None, typeattr='type'): + if entity is None: + entity = self.entity + ns_name, name = self.split_ns(entity.get(typeattr)) + ns_uri = self.get_namespace_uri(ns_name, entity=entity) + if ns_uri == XS: + return self.get_builtin_type(name) + elif name in self.entities[ns_uri]['simpleType']: + return self.get_values_from_simpletype( + self.entities[ns_uri]['simpleType'][name]) + else: + return "Any" + + def get_builtin_type(self, vtype): + if vtype == "boolean": + return get_value_list(["true", "false"]) + else: + return get_datatype_ref(vtype, vtype, + self.app.config.xmlschema_datatype_url) + + def get_doc(self, el): + try: + return self.parse(el.xpath("xs:annotation/xs:documentation", + namespaces=NSMAP)[0].text) + except IndexError: + return build_paragraph('') + + def parse(self, text): + node = nodes.paragraph() + vl = ViewList() + for line in text.splitlines(): + vl.append(line, '') + nested_parse_with_titles(self.state, vl, node) + try: + return node[0] + except IndexError: + return build_paragraph(text) + + def split_ns(self, name): + try: + (ns, name) = name.split(":") + except ValueError: + ns = self.ns_name + return (ns, name) + + def get_values_from_simpletype(self, entity=None): + if entity is None: + entity = self.entity + # todo: xs:union, xs:list + restriction = entity.find("xs:restriction", namespaces=NSMAP) + if restriction is None: + return "Any" + doc = self.get_doc(restriction) + if len(doc) == 1 and len(doc[0]) == 0: + # if get_doc returns a paragraph node with an empty Text + # node + enum = [e.get("value") + for e in restriction.findall("xs:enumeration", + namespaces=NSMAP)] + if len(enum): + return get_value_list(enum) + else: + return self.get_values_from_type(entity=restriction, + typeattr='base') + else: + return doc + + def add_dep(self, typ, name, entity): + try: + if name in self.options['noautodep']: + return + except TypeError: + if self.options['noautodep']: + return + self.dependencies.append((typ, name, entity)) + + def target_node(self, tag, ns, *extra): + targetid = get_target_id(tag, ns, *extra) + fqname = targetid[len(tag) + 1:] + rv = nodes.target('', '', ids=[targetid]) + self.add_domain_data(tag2type(tag), fqname, + (self.env.docname, targetid)) + return rv + + def add_domain_data(self, typ, key, data): + if key not in self.env.domaindata['xml'][typ]: + self.env.domaindata['xml'][typ][key] = data + + def get_namespace_uri(self, ns_name, entity=None): + if entity is None: + entity = self.entity + xs_ns = get_xs_ns(entity) + if ns_name == xs_ns: + return XS + else: + return self.namespaces[ns_name] + + +def tag2type(tag): + if tag in ['complexType', 'simpleType']: + return 'type' + elif tag == 'attributeGroup': + return 'attributegroup' + return tag + + +def text(txt): + return nodes.Text(txt, txt) + + +def append_node(parent, cls_or_node, *contents): + parent.append(build_node(cls_or_node, *contents)) + + +def build_node(cls_or_node, *contents): + if isinstance(cls_or_node, type): + rv = cls_or_node() + else: + rv = cls_or_node + rv.extend(contents) + return rv + + +def get_xref(typ, target, title=None): + if title is None: + title = target + ref = addnodes.pending_xref(title, + reftype=typ, + refdomain="xml", + reftarget=target) + ref.append(nodes.literal(title, title)) + return ref + + +def build_table_row(*vals): + rv = nodes.row('') + for val in vals: + if isinstance(val, nodes.Node): + node = val + else: + node = nodes.paragraph(val, val) + rv.append(nodes.entry(node, node)) + return rv + + +def build_paragraph(*args): + """ convenience method to build a paragraph node """ + rv = nodes.paragraph() + for content in args: + if isinstance(content, nodes.Node): + rv.append(content) + else: + rv.append(text(content)) + return rv + + +def get_target_id(etype, ns_name, *extra): + if ns_name: + return ":".join([etype, ns_name] + list(extra)) + else: + return ":".join([etype] + list(extra)) + + +def get_value_list(vals): + rv = nodes.paragraph() + if vals: + rv.append(nodes.literal(vals[0], vals[0])) + for i in range(1, len(vals)): + rv.append(text(" | ")) + rv.append(nodes.literal(vals[i], vals[i])) + return rv + + +def get_xs_ns(el): + return get_namespace_name(el, XS) + + +def get_namespace_name(el, ns_uri): + for name, ns in el.nsmap.items(): + if ns == ns_uri: + return name + return None + + +def get_datatype_ref(title, target, baseurl): + return build_node(nodes.reference('', '', refuri=baseurl % target), + nodes.literal(title, title)) + + +class XMLDatatypeRole(object): + def __init__(self, baseurl): + self.baseurl = baseurl + + def __call__(self, name, rawtext, text, lineno, inliner, options={}, + content=[]): + has_explicit_title, title, target = split_explicit_title(text) + return [get_datatype_ref(title, target, self.baseurl)], [] + + +class XMLXRefRole(roles.XRefRole): + def __init__(self, typ, **kwargs): + roles.XRefRole.__init__(self, **kwargs) + self.type = typ + + def process_link(self, env, refnode, has_explicit_title, title, target): + if (self.type == 'attribute' and + not has_explicit_title and + ':' in title): + title = title.split(':')[-1] + return roles.XRefRole.process_link(self, env, refnode, + has_explicit_title, title, target) + + +class XMLDomain(Domain): + name = "xml" + label = "XML" + + types = dict(schema=['schema'], + type=['complexType', 'simpleType'], + group=['group'], + attributegroup=['attributeGroup'], + element=['element'], + attribute=None) + + object_types = dict([(t, ObjType("XML %s" % t.title(), t)) + for t in types.keys()]) + directives = dict([(t, XMLDirective(h)) + for t, h in types.items() if h is not None]) + roles = dict([(t, XMLXRefRole(t)) for t in types.keys()]) + dangling_warnings = dict([(t, "unknown XML %s: %%(target)s" % t) + for t in types.keys()]) + initial_data = dict([(t, dict()) for t in types.keys()]) + data_version = 3 + + def clear_doc(self, docname): + to_del = [] + for dtype in self.types.keys(): + for key, (doc, _) in self.data[dtype].iteritems(): + if doc == docname: + to_del.append((dtype, key)) + for dtype, key in to_del: + del self.data[dtype][key] + + def resolve_xref(self, env, fromdocname, builder, typ, target, node, + contnode): + if target in self.data[typ]: + docname, labelid = self.data[typ][target] + else: + return None + return make_refnode(builder, fromdocname, docname, + labelid, contnode) + + def get_objects(self): + for dtype in self.types.keys(): + for name, (docname, tgtid) in self.data[dtype].iteritems(): + yield (name, name, dtype, docname, tgtid, + self.object_types[dtype].attrs['searchprio']) + + +def setup(app): + app.add_config_value('xmlschema_path', '.', False) + app.add_config_value('xmlschema_datatype_url', + 'http://www.w3.org/TR/xmlschema-2/#%s', False) + app.add_domain(XMLDomain) + app.connect('builder-inited', load_xml_schemas) + app.connect('builder-inited', add_xml_datatype_role) + + +def add_xml_datatype_role(app): + app.add_role_to_domain('xml', 'datatype', + XMLDatatypeRole(app.config.xmlschema_datatype_url)) + + +def load_xml_schemas(app): + entities = dict() + namespaces = dict() + namespaces_by_uri = dict() + schemapath = os.path.abspath(os.path.join(app.builder.env.srcdir, + app.config.xmlschema_path)) + for root, _, files in os.walk(schemapath): + for fname in files: + if not fname.endswith(".xsd"): + continue + path = os.path.join(root, fname) + relpath = path[len(schemapath):].strip("/") + schema = lxml.etree.parse(path).getroot() + + ns = schema.get("targetNamespace") + ns_name = get_namespace_name(schema, ns) + if ns_name not in namespaces: + namespaces[ns_name] = ns + if ns not in namespaces_by_uri: + namespaces_by_uri[ns] = ns_name + + if ns not in entities: + entities[ns] = dict(schema=dict(), + group=dict(), + attributeGroup=dict(), + element=dict(), + simpleType=dict(), + complexType=dict()) + # schemas don't require namespaces to be identified + # uniquely, but we let the user identify them either with + # or without the namespace + entities[None]['schema'][relpath] = schema + entities[ns]['schema'][relpath] = schema + for entity in schema.xpath("//xs:*[@name]", namespaces=NSMAP): + tag = entity.tag[len(XS_NS):] + if tag in entities[ns]: + entities[ns][tag][entity.get("name")] = entity + app.builder.env.xmlschema_namespaces = namespaces + app.builder.env.xmlschema_namespaces_by_uri = namespaces_by_uri + app.builder.env.xmlschema_entities = entities diff --git a/doc/server/genshi-xml.txt b/doc/server/genshi-xml.txt new file mode 100644 index 000000000..3216cc00d --- /dev/null +++ b/doc/server/genshi-xml.txt @@ -0,0 +1,24 @@ +.. -*- mode: rst -*- + +.. _xml-genshi-reference: + +=============================== + Genshi XML Template Reference +=============================== + +Genshi's XML templating language is used in +:ref:`server-plugins-structures-bundler-index` for templated bundles. +The language is described in depth at `Genshi +`_. The XML schema reference follows. + +Genshi Tags +=========== + +.. xml:group:: genshiElements + :namespace: py + +Genshi Attributes +================= + +.. xml:attributegroup:: genshiAttrs + :namespace: py diff --git a/doc/server/index.txt b/doc/server/index.txt index b02b5def8..2ccc9c923 100644 --- a/doc/server/index.txt +++ b/doc/server/index.txt @@ -33,3 +33,4 @@ clients. database caching encryption + genshi-xml diff --git a/doc/server/info.txt b/doc/server/info.txt index 6b74df2ac..b4d1f7113 100644 --- a/doc/server/info.txt +++ b/doc/server/info.txt @@ -18,38 +18,13 @@ for owner, read only for group and other). These options, and a few others, can be overridden through use of ``info.xml`` files. Each config file directory can have a ``info.xml`` file if needed. -An ``info.xml`` file consists of a ```` tag containing an -```` tag; the following attributes are allowed on the ```` tag: - -+------------+-----------------+------------------------------------+---------+ -| Field | Possible values | Description | Default | -+============+=================+====================================+=========+ -| encoding | ascii | base64 | Encoding of the file. Use 'base64' | ascii | -| | | for binary files | | -+------------+-----------------+------------------------------------+---------+ -| owner | Any valid user | Sets owner of the file | root | -+------------+-----------------+------------------------------------+---------+ -| group | Any valid group | Sets group of the file | root | -+------------+-----------------+------------------------------------+---------+ -| mode | Octal file mode | Sets the mode of the file (or | 0644 | -| | | 'inherit' | inherits from the files on disk | | -| | | if set to 'inherit'; deprecated) | | -+------------+-----------------+------------------------------------+---------+ -| secontext | SELinux context | Sets the SELinux context of the | default | -| | | '__default__' | file, or sets to the default | | -| | | context set by policy if set to | | -| | | '__default__' | | -+------------+-----------------+------------------------------------+---------+ -| important | true | false | Important entries are installed | false | -| | | first during client execution | | -+------------+-----------------+------------------------------------+---------+ -| paranoid | true | false | Backup file before replacement? | true | -+------------+-----------------+------------------------------------+---------+ -| sensitive | true | false | The contents of sensitive entries | false | -| | | aren't included in reports | | -+------------+-----------------+------------------------------------+---------+ - -A sample info file for CGI script on a web server might look like: +.. xml:schema:: info.xsd + :linktotype: + :inlinetypes: InfoType + :noautodep: ACLType + +A sample ``info.xml`` file for CGI script on a web server might look +like: .. code-block:: xml @@ -57,73 +32,38 @@ A sample info file for CGI script on a web server might look like: -Back to the fstab example again, our final ``Cfg/etc/fstab/`` directory -might look like:: - - info.xml - fstab - fstab.G50_server - fstab.G99_fileserver - fstab.H_host.example.com - -See :ref:`server-selinux` for more information on the ``secontext`` -attribute and managing SELinux in general. - -``info.xml`` files also have the ability to specify different sets of -file metadata on a group by group or host by host basis, or by path -(for files using :ref:`altsrc -`). These files are XML, and work -similarly to those used by :ref:`Rules -` or :ref:`Bundler -`. - -The following specifies a different global set of permissions -(root/sys/0651) than on clients in group webserver or named -"foo.example.com" (root/root/0652):: - - - - - - - - - - - -.. versionadded:: 1.2.0 +A more complex example for a template that generates both +``bcfg2.conf`` and ``bcfg2-web.conf`` might look like this: -You can also use the ```` directive to specify a different set -of permissions depending on the path of the file:: +.. code-block:: xml - + + + + + + -.. versionadded:: 1.3.0 - -You can also specify ACLs as children of ```` tags in -``info.xml``. See :ref:`server-plugins-generators-rules-acls` for -more information on the formatting of ACL tags. +See :ref:`server-selinux` for more information on the ``secontext`` +attribute and managing SELinux in general. :info and info files ==================== +.. deprecated:: 1.3.0 + Historically, Bcfg2 also accepted the use of ``:info`` and ``info`` files, which function the same as ``info.xml``, but are not XML. They lack the ability to specify different permissions based on client, group, or path, and cannot be used to specify ACLs, either. -.. note:: - - ``:info`` and ``info`` files are deprecated and will be removed in - a future release. - An example ``:info`` or ``info`` file would look like:: owner: www diff --git a/doc/server/plugins/generators/packages.txt b/doc/server/plugins/generators/packages.txt index 352c88f43..e45864ef9 100644 --- a/doc/server/plugins/generators/packages.txt +++ b/doc/server/plugins/generators/packages.txt @@ -18,14 +18,14 @@ through those channels. Limiting sources to groups ========================== -``Packages/sources.xml`` processes ```` and ```` tags -just like Bundles. In addition to any groups or clients specified -that way, clients must -be a member of the appropriate architecture group as specified in a -Source stanza. In total, in order for a source to be associated with -a client, the client must be in one of the magic groups (debian, -ubuntu, or nexenta), any explicit groups or clients specified in -``sources.xml``, and any specified architecture groups. +`sources.xml`_ processes ```` and ```` tags just like +Bundles. In addition to any groups or clients specified that way, +clients must be a member of the appropriate architecture group as +specified in a Source stanza. In total, in order for a source to be +associated with a client, the client must be in any explicit groups or +clients specified in `sources.xml`_, and any specified architecture +groups. If `"Magic Groups"`_ are enabled, then the client must be a +member of a matching magic group as well. Memberships in architecture groups is needed so that Packages can map software sources to clients. There is no other way to handle this than @@ -40,7 +40,7 @@ sources. To recap, a client needs to be a member of the **Architecture** group and any other groups defined in your - ``Packages/sources.xml`` file in order for the client to be + `sources.xml`_ file in order for the client to be associated to the proper sources. If you are using :ref:`server-plugins-generators-packages-magic-groups`, then a client must also be a member of the appropriate OS group. @@ -50,8 +50,7 @@ sources. "Magic Groups" ============== -.. note:: Magic groups are deprecated in 1.3.0 and will be removed in - a future release. They are disabled by default. +.. deprecated:: 1.3.0 Packages has the ability to use a feature known as "magic groups"; it is the only plugin to use that feature. Most plugins operate based on @@ -98,70 +97,31 @@ Setup Three basic steps are required for Packages to work properly. -#. Create ``Packages/sources.xml``. This file should look - approximately like the example below, and describes both which - software repositories should be used, and which clients are eligible - to use each one. +#. Create Packages/`sources.xml`_. This file should look + approximately like the example below, and describes both which + software repositories should be used, and which clients are + eligible to use each one. #. Ensure that clients are members of the proper groups. Each client - should be a member of one of the magic groups listed above, all of - the groups listed in the ``sources.xml`` (like ubuntu-intrepid or - centos-5.2 in the following examples), and one of the architecture - groups listed in the source configuration (i386, amd64 or x86_64 in - the following examples). '''Failure to do this will result in the - source either not applying to the client, or only architecture - independent packages being made available to the client.''' + should be a member of all of the groups listed in the `sources.xml` + (like ubuntu-intrepid or centos-5.2 in the following examples), one + of the architecture groups listed in the source configuration + (i386, amd64 or x86_64 in the following examples), and one of the + magic groups listed above, if magic groups are enabled. '''Failure + to do this will result in the source either not applying to the + client, or only architecture independent packages being made + available to the client.''' #. Add Package entries to bundles. #. Sit back and relax, as dependencies are resolved, and automatically added to client configurations. -Prerequisite Resolution -======================= - -Packages provides a prerequisite resolution mechanism which has no -analogue in Pkgmgr. During configuration generation, all structures are -processed. After this phase, but before entry binding, a list of packages -and the client metadata instance is passed into Packages' resolver. This -process determines a superset of packages that will fully satisfy -dependencies of all package entries included in structures, and reports -any prerequisites that cannot be satisfied. This facility should largely -remove the need to use the :ref:`Base ` -plugin. - -Disabling dependency resolution -------------------------------- - -.. versionadded:: 1.1.0 - -Dependency resolution can be disabled by adding the following setting -to ``bcfg2.conf`` in the ``packages`` section:: - - [packages] - resolver=0 - -All metadata processing can be disabled as well:: - - [packages] - metadata=0 - -This setting implies disabling the resolver. - -Blacklisting faulty dependencies --------------------------------- - -If you encounter an issue with faulty dependency resolution due to -Packages, please file a bug report so that we can fix the problem in -future releases. In the meantime, you can work around this issue by -blacklisting the offending Package in your Sources. The blacklist -element should immediately follow the Component section of your source -and should look like the following: +sources.xml +----------- -.. code-block:: xml +``sources.xml`` is where all package sources are configured for the +Packages plugin. It processes ```` and ```` tags just like +Bundles. The primary element in ``sources.xml`` is the Source tag: - unwanted-packagename - -If you use the built-in :ref:`Yum config generator -`, blacklisted packages will be added to -the ``exclude`` list for the source. +.. xml:element:: Source Handling GPG Keys ----------------- @@ -172,7 +132,7 @@ If you have yum libraries installed, Packages can automatically handle GPG signing keys for Yum and Pulp repositories. (You do not need to use the native yum resolver; if yum libraries are available, GPG signing keys can be handled automatically.) Simply specify the URL to -the GPG key(s) for a repository in ``sources.xml``: +the GPG key(s) for a repository with :xml:element:`GPGKey` elements: .. code-block:: xml @@ -201,8 +161,9 @@ You can specify arbitrary options to be added to the repository config on the server side, if you are using the native yum libraries, and on the client side if you are using the ability of Packages to automatically generate your Yum config. To do this, add an -```` tag to a Source; all of its attributes will be added -verbatim to the repository in the generated config. For instance: +:xml:element:`Options` tag to a :xml:element:`Source`; all of its +attributes will be added verbatim to the repository in the generated +config. For instance: .. code-block:: xml @@ -212,11 +173,13 @@ verbatim to the repository in the generated config. For instance: If you are using native yum libraries and need to set options only on -the Bcfg2 server, you can set the ``serveronly`` attribute to "true"; -or, if you need to set options only on the client, you can set the -``clientonly`` attribute to "true". For instance, if your Bcfg2 -server needed to use a proxy to access a repo, and you wanted to -expire metadata caches very quickly on the client, you could do: +the Bcfg2 server, you can set the +:xml:attribute:`RepoOptionsType:serveronly` attribute to "true"; or, +if you need to set options only on the client, you can set the +:xml:attribute:`RepoOptionsType:clientonly` attribute to "true". For +instance, if your Bcfg2 server needed to use a proxy to access a repo, +and you wanted to expire metadata caches very quickly on the client, +you could do: .. code-block:: xml @@ -226,12 +189,61 @@ expire metadata caches very quickly on the client, you could do: +Prerequisite Resolution +======================= + +Packages provides a prerequisite resolution mechanism which has no +analogue in Pkgmgr. During configuration generation, all structures are +processed. After this phase, but before entry binding, a list of packages +and the client metadata instance is passed into Packages' resolver. This +process determines a superset of packages that will fully satisfy +dependencies of all package entries included in structures, and reports +any prerequisites that cannot be satisfied. This facility should largely +remove the need to use the :ref:`Base ` +plugin. + +Disabling dependency resolution +------------------------------- + +.. versionadded:: 1.1.0 + +Dependency resolution can be disabled by adding the following setting +to ``bcfg2.conf`` in the ``packages`` section:: + + [packages] + resolver=0 + +All metadata processing can be disabled as well:: + + [packages] + metadata=0 + +This setting implies disabling the resolver. + +Blacklisting faulty dependencies +-------------------------------- + +If you encounter an issue with faulty dependency resolution due to +Packages, please file a bug report so that we can fix the problem in +future releases. In the meantime, you can work around this issue by +blacklisting the offending Package in your Sources. The +:xml:element:`Blacklist` element should immediately follow the +Component section of your source and should look like the following: + +.. code-block:: xml + + unwanted-packagename + +If you use the built-in :ref:`Yum config generator +`, blacklisted packages will be added to +the ``exclude`` list for the source. + .. _packages-exampleusage: Example usage ============= -Create a ``sources.xml`` file in the Packages directory that looks +Create a _`sources.xml` file in the Packages directory that looks something like this: .. code-block:: xml @@ -254,12 +266,13 @@ something like this: .. versionadded:: 1.1.0 The default behavior of the Packages plugin is to not make any - assumptions about which packages you want to have added automatically - [#f1]_. For that reason, neither **Recommended** nor **Suggested** - packages are added as dependencies by default. You will notice - that the default behavior for apt is to add Recommended packages as - dependencies. You can configure the Packages plugin to add recommended - packages by adding the ``recommended`` attribute, e.g.: + assumptions about which packages you want to have added + automatically [#f1]_. For that reason, neither **Recommended** nor + **Suggested** packages are added as dependencies by default. You + will notice that the default behavior for apt is to add + Recommended packages as dependencies. You can configure the + Packages plugin to add recommended packages by adding the + :xml:attribute:`SourceType:recommended` attribute, e.g.: .. code-block:: xml @@ -270,7 +283,8 @@ something like this: .. [#f1] Bcfg2 will by default add **Essential** packages to the client specification. You can disable this behavior by - setting the ``essential`` attribute to *false*: + setting the :xml:attribute:`SourceType:essential` + attribute to *false*: .. code-block:: xml @@ -295,8 +309,8 @@ Yum sources can be similarly specified: -For sources with a **URL** attribute, the **Version** attribute is -also necessary. +For sources with a :xml:attribute:`SourceType:url` attribute, the +:xml:attribute:`SourceType:version` attribute is also necessary. :ref:`Pulp sources ` are very simple to specify due to the amount of data that can be queried from Pulp itself: @@ -388,8 +402,7 @@ download only missing sources.:: [0:3711] bcfg2-admin xcmd Packages.Reload True -This is done automatically any time ``Packages/sources.xml`` is -updated. +This is done automatically any time `sources.xml`_ is updated. Availability ============ @@ -397,19 +410,11 @@ Availability Support for clients using yum and apt is currently available. Support for other package managers (Portage, Zypper, IPS, etc) remain to be added. -Validation -========== - -A schema for ``Packages/sources.xml`` is included; ``sources.xml`` can -be validated using ``bcfg2-lint``. - -.. note:: The schema requires that elements be specified in the above order. - Package Checking and Verification ================================= -In order to do disable per-package verification Pkgmgr style, you will -need to use :ref:`BoundEntries `, e.g.: +In order to do disable per-package verification, you will need to use +:ref:`BoundEntries `, e.g.: .. code-block:: xml @@ -533,9 +538,9 @@ Package Groups -------------- Yum package groups are supported by the native Yum libraries. To -include a package group, use the ``group`` attribute of the -``Package`` tag. You can use either the short group ID or the long -group name: +include a package group, use the :xml:attribute:`PackageType:group` +attribute of the :xml:element:`Package` tag. You can use either the +short group ID or the long group name: .. code-block:: xml @@ -544,7 +549,7 @@ group name: By default, only those packages considered the "default" packages in a group will be installed. You can change this behavior using the -"type" attribute: +:xml:attribute:`PackageStructure:type` attribute: .. code-block:: xml @@ -558,6 +563,8 @@ Valid values of "type" are: * ``optional`` or ``all``: Install all packages in the group, including mandatory, default, and optional packages. +See :xml:element:`PackageStructure` for details. + You can view the packages in a group by category with the ``yum groupinfo`` command. More information about the different levels can be found at @@ -580,7 +587,7 @@ Bcfg2 contains explicit support for repositories managed by Pulp Due to the amount of data about a repository that can be retrieved directly from Pulp, the only thing necessary to configure a Pulp repo -is the repo ID: +is the repo ID, in :xml:attribute:`SourceType:pulp_id`: .. code-block:: xml @@ -668,7 +675,6 @@ TODO list * Zypper support * Portage support -* Explicit version pinning (a la Pkgmgr) .. _configuration: @@ -694,7 +700,7 @@ It understands the following directives: | metadata | Enable metadata processing. Disabling ``metadata`` | Boolean | True | | | implies disabling ``resolver`` as well. | | | +-------------+------------------------------------------------------+----------+-----------------------------+ -| yum_config | The path at which to generate Yum configs. | String | /etc/yum.repos.d/bcfg2.repo | +| yum_config | The path at which to generate Yum configs. | String | /etc/yum.repos.d/bcfg2.repo | +-------------+------------------------------------------------------+----------+-----------------------------+ | apt_config | The path at which to generate APT configs. | String | /etc/apt/sources.d/bcfg2 | +-------------+------------------------------------------------------+----------+-----------------------------+ diff --git a/doc/server/plugins/generators/pkgmgr.txt b/doc/server/plugins/generators/pkgmgr.txt index 0d992685c..ace7c16ef 100644 --- a/doc/server/plugins/generators/pkgmgr.txt +++ b/doc/server/plugins/generators/pkgmgr.txt @@ -40,94 +40,9 @@ Group membership may be negated. Tag Attributes in Pkgmgr ======================== -Package Tag -^^^^^^^^^^^ - -The package tag supports the name and pkg_checks attributes and -requires the use of Instance tag entries. - -+------------+---------------------------------------+------------------------+ -| Attribute | Description | Values | -+============+=======================================+========================+ -| name | Package name. | String | -+------------+---------------------------------------+------------------------+ -| pkg_checks | Do the version and rpm verify checks. | true(default) or false | -+------------+---------------------------------------+------------------------+ - -Instance Tag and Attributes -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -The instance tag supports the following attributes: - -+---------------------+----------------------------+--------------------------+ -| Attribute | Description | Values | -+=====================+============================+==========================+ -| simplefile | Package file name. | String (see Notes below) | -+---------------------+----------------------------+--------------------------+ -| epoch | Package epoch. | String (numeric only) | -| | | (optional) | -+---------------------+----------------------------+--------------------------+ -| version | Package version. | String | -+---------------------+----------------------------+--------------------------+ -| release | Package release. | String | -+---------------------+----------------------------+--------------------------+ -| arch | Package architecture. | Architecture String e.g. | -| | | (i386|i586|i686|x86_64) | -+---------------------+----------------------------+--------------------------+ -| verify_flags | Comma separated list of | nodeps, nodigest, | -| | rpm --verify options. See | nofiles, noscripts, | -| | the rpm man page for their | nosignature, nolinkto, | -| | details. | nomd5, nosize, nouser, | -| | | nogroup, nomtime, | -| | | nomode, nordev | -+---------------------+----------------------------+--------------------------+ -| pkg_verify | Do the rpm verify | true(default) or false | -+---------------------+----------------------------+--------------------------+ -| install_action | Install package instance | install(default) or none | -| | if it is not installed. | | -+---------------------+----------------------------+--------------------------+ -| version_fail_action | Upgrade package if the | upgrade(default) or none | -| | incorrect version is | | -| | installed. | | -+---------------------+----------------------------+--------------------------+ -| verify_fail_action | Reinstall the package | reinstall(default) or | -| | instance if the rpm verify | none | -| | failed | | -+---------------------+----------------------------+--------------------------+ - -Pkgmgr Group Tag ----------------- - -The Pkgmgr Group Tag may have the following attributes: - -+--------+----------------------------------------------+------------+ -| Name | Description | Values | -+========+==============================================+============+ -| name | Group Name | String | -+--------+----------------------------------------------+------------+ -| negate | Negate group membership (is not a member of) | True|False | -+--------+----------------------------------------------+------------+ - - -Client Tag ----------- - -The Client Tag is used in a PackageList for selecting the package entries -to include in the clients literal configuration. Its function is similar -to the Group tag in this context. It can be thought of as:: - - if client is name then - assign to literal config - -The Client Tag may have the following attributes: - -+--------+----------------------------------------------+------------+ -| Name | Description | Values | -+========+==============================================+============+ -| name | Client Name | String | -+--------+----------------------------------------------+------------+ -| negate | Negate client selection (if not client name) | True|False | -+--------+----------------------------------------------+------------+ +.. xml:schema:: pkglist.xsd + :linktotype: + :noautodep: PackageType Pkgmgr Directory ================ diff --git a/doc/server/plugins/generators/rules.txt b/doc/server/plugins/generators/rules.txt index ba188ae5c..a3f29a803 100644 --- a/doc/server/plugins/generators/rules.txt +++ b/doc/server/plugins/generators/rules.txt @@ -12,6 +12,9 @@ The Rules plugin resolves the following Abstract Configuration Entities: * Package * Path * Action +* All SELinux entries +* POSIXUser +* POSIXGroup to literal configuration entries suitable for the client drivers to consume. @@ -53,121 +56,27 @@ entry specified. Rules Tag --------- -The Rules Tag may have the following attributes: - -+----------+-------------------------------------+--------+ -| Name | Description | Values | -+==========+=====================================+========+ -| priority | Sets the priority for Rules in this | String | -| | Rules list.The higher value wins. | | -+----------+-------------------------------------+--------+ - -Group Tag ---------- - -The Group Tag may have the following attributes: - -+--------+-------------------------+--------------+ -| Name | Description | Values | -+========+=========================+==============+ -| name | Group Name | String | -+--------+-------------------------+--------------+ -| negate | Negate group membership | (true|false) | -| | (is not a member of) | | -+--------+-------------------------+--------------+ - -Client Tag ----------- - -The Client Tag is used in Rules for selecting the package entries to -include in the clients literal configuration. Its function is similar -to the Group tag in this context. It can be thought of as:: - - if client is name then - assign to literal config - -The Client Tag may have the following attributes: - -+--------+-------------------------+--------------+ -| Name | Description | Values | -+========+=========================+==============+ -| name | Client Name | String | -+--------+-------------------------+--------------+ -| negate | Negate client selection | (true|false) | -| | (if not client name) | | -+--------+-------------------------+--------------+ +.. xml:element:: Rules + :linktotype: + :noautodep: + :inlinetypes: PostInstall,RContainerType Package Tag ----------- -The Package Tag may have the following attributes: - -+------------+----------------------------------------------+----------+ -| Name | Description | Values | -+============+==============================================+==========+ -| name | Package name | String | -+------------+----------------------------------------------+----------+ -| version | Package Version or version='noverify' to | String | -| | not do version checking in the Yum driver | | -| | only (temporary work a round). | | -+------------+----------------------------------------------+----------+ -| file | Package file name. Several other attributes | String | -| | (name, version) can be automatically defined | | -| | based on regular expressions defined in the | | -| | Pkgmgr plugin. | | -+------------+----------------------------------------------+----------+ -| simplefile | Package file name. No name parsing is | String | -| | performed, so no extra fields get set | | -+------------+----------------------------------------------+----------+ -| verify | verify='false' - do not do package | String | -| | verification | | -+------------+----------------------------------------------+----------+ -| multiarch | Comma separated list of the architectures of | String | -| | this package that should be installed. | | -+------------+----------------------------------------------+----------+ -| srcs | Filename creation rules for multiarch | String | -| | packages. | | -+------------+----------------------------------------------+----------+ -| type | Package type. (rpm, yum, apt,sysv,blast) | String | -+------------+----------------------------------------------+----------+ +.. xml:type:: PackageType Action Tag ---------- -See :ref:`client-tools-actions` +.. xml:type:: ActionType + +See also :ref:`client-tools-actions`. Service Tag ----------- -+------------+-------------------------------+---------------------------------------------------------+ -| Name | Description | Values | -+============+===============================+=========================================================+ -| restart | Whether to restart the | ( true | false | interactive ) | -| | service when the bundle | | -| | changes (new in 1.3; replaces | | -| | "mode" attribute) | | -+------------+-------------------------------+---------------------------------------------------------+ -| install | Whether to install the | ( true | false ) | -| | service (new in 1.3; replaces | | -| | "mode" attribute) | | -+------------+-------------------------------+---------------------------------------------------------+ -| name | Service name | String | -+------------+-------------------------------+---------------------------------------------------------+ -| status | Should the service be on or | (on | off | ignore) | -| | off (default: off). | | -+------------+-------------------------------+---------------------------------------------------------+ -| target | Service command for restart | String | -| | (default: restart) | | -+------------+-------------------------------+---------------------------------------------------------+ -| type | Driver to use on the client | (chkconfig | deb | rc-update | smf | upstart | | -| | to manage this service. | systemd | freebsd | launchd ) | -+------------+-------------------------------+---------------------------------------------------------+ -| sequence | Order for service startup | integer | -| | (debian services only) | | -+------------+-------------------------------+---------------------------------------------------------+ -| parameters | Pass parameters to service | String | -| | (Upstart services only) | | -+------------+-------------------------------+---------------------------------------------------------+ +.. xml:type:: ServiceType Service mode specification ^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -175,7 +84,8 @@ Service mode specification .. versionadded:: 1.3.0 In the 1.3.0 release, the "mode" attribute has been replaced by a pair -of attributes, "restart" and "install," which control how a service is +of attributes, :xml:attribute:`ServiceType:restart` and +:xml:attribute:`ServiceType:install`, which control how a service is handled more granularly than the old "mode" attribute. The old "mode" attribute values are equivalent as follows: @@ -197,21 +107,6 @@ Previously, "supervised" could be used to start a service during the verification phase; this is no longer supported. Services that have been stopped on a client will be started during the install phase. -Service status descriptions -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* on - - * start the service at boot time - -* off - - * don't start the service at boot time - -* ignore - - * Don't perform service status checks. - Path Tag -------- @@ -227,106 +122,142 @@ the context of the file to the default set by policy. See Attributes common to all Path tags: -+----------+-------------+--------+ -| Name | Description | Values | -+==========+=============+========+ -| name | Full path | String | -+----------+-------------+--------+ +.. xml:type:: PathType + :nochildren: + :noattributegroups: + :nodoc: + :notext: + :onlyattrs: name,type device ^^^^^^ -+-----------+---------------------+-------------------+ -| Name | Description | Values | -+===========+=====================+===================+ -| dev_type | Type of device | (block|char|fifo) | -+-----------+---------------------+-------------------+ -| owner | Device owner | String | -+-----------+---------------------+-------------------+ -| group | Device group | String | -+-----------+---------------------+-------------------+ -| mode | Mode for the device | String | -+-----------+---------------------+-------------------+ -| secontext | SELinux context | String | -+-----------+---------------------+-------------------+ -| major | Major number (block | integer | -| | or char devices) | | -+-----------+---------------------+-------------------+ -| minor | Minor number (block | integer | -| | or char devices) | | -+-----------+---------------------+-------------------+ +Manage devices. + +.. xml:type:: PathType + :nochildren: + :noattributegroups: + :nodoc: + :notext: + :onlyattrs: dev_type,owner,group,mode,secontext,major,minor + :requiredattrs: dev_type,owner,group,mode directory ^^^^^^^^^ -+-----------+------------------------------+------------+ -| Name | Description | Values | -+===========+==============================+============+ -| mode | File mode of the directory | String | -+-----------+------------------------------+------------+ -| owner | Owner of the directory | String | -+-----------+------------------------------+------------+ -| group | Group Owner of the directory | String | -+-----------+------------------------------+------------+ -| secontext | SELinux context | String | -+-----------+------------------------------+------------+ -| prune | prune unspecified entries | true|false | -| | from the Directory | | -+-----------+------------------------------+------------+ +Entry represents a directory. :xml:attribute:`PathType:prune` can be +set to remove all contents from the directory that are not explicitly +specified in Bcfg2. + +.. xml:type:: PathType + :nochildren: + :noattributegroups: + :nodoc: + :notext: + :onlyattrs: owner,group,mode,secontext,prune + :requiredattrs: owner,group,mode + +file +^^^^ + +Distribute an file with content explicitly specified in-line (i.e., as +opposed to using :ref:`server-plugins-generators-cfg` for this file). +If the file has no content, :xml:attribute:`PathType:empty` *must* be +set to ``true``. + +.. xml:type:: PathType + :nochildren: + :noattributegroups: + :nodoc: + :onlyattrs: owner,group,mode,secontext,empty + :requiredattrs: owner,group,mode hardlink ^^^^^^^^ -+-----------+------------------------------+--------+ -| Name | Description | Values | -+===========+==============================+========+ -| to | File to link to | String | -+-----------+------------------------------+--------+ -| owner | Owner of the directory | String | -+-----------+------------------------------+--------+ -| group | Group Owner of the directory | String | -+-----------+------------------------------+--------+ -| secontext | SELinux context | String | -+-----------+------------------------------+--------+ +Manage a hard link. + +.. xml:type:: PathType + :nochildren: + :noattributegroups: + :nodoc: + :notext: + :onlyattrs: owner,group,mode,secontext,to + :requiredattrs: owner,group,mode,to + +.. _path-ignore: + +ignore +^^^^^^ + +``ignore`` lets you flag files that are distributed by system software +packages, but have been modified locally, to be ignored by package +verification routines. This is useful for, e.g., a package that +installs an initial version of a file and then modifies it +automatically. + +.. xml:type:: PathType + :nochildren: + :noattributegroups: + :nodoc: + :notext: + :onlyattrs: name + :requiredattrs: name nonexistent ^^^^^^^^^^^ -+-----------+--------------------+-------------+ -| Name | Description | Values | -+===========+====================+=============+ -| type | Type of file | nonexistent | -+-----------+--------------------+-------------+ -| recursive | Recursively remove | Boolean | -| | directory contents | | -+-----------+--------------------+-------------+ +Remove the specified file or directory. If +:xml:attribute:`PathType:recursive` is set, remove the directory +recursively (i.e., ``rm -rf``). + +.. xml:type:: PathType + :nochildren: + :noattributegroups: + :nodoc: + :notext: + :onlyattrs: recursive permissions ^^^^^^^^^^^ -+-----------+-----------------------------+---------+ -| Name | Description | Values | -+===========+=============================+=========+ -| mode | Mode of the file | String | -+-----------+-----------------------------+---------+ -| owner | Owner of the file | String | -+-----------+-----------------------------+---------+ -| group | Group of the file | String | -+-----------+-----------------------------+---------+ -| secontext | SELinux context | String | -+-----------+-----------------------------+---------+ -| recursive | Recursively set permissions | Boolean | -+-----------+-----------------------------+---------+ +Merely set permissions on the specified path, which is presumed to +already exist. + +.. xml:type:: PathType + :nochildren: + :noattributegroups: + :nodoc: + :notext: + :onlyattrs: owner,group,mode,secontext,recursive + :requiredattrs: owner,group,mode symlink ^^^^^^^ -+------+----------------------+--------+ -| Name | Description | Values | -+======+======================+========+ -| to | File to link to | String | -+------+----------------------+--------+ +Manage symlinks. + +.. xml:type:: PathType + :nochildren: + :noattributegroups: + :nodoc: + :notext: + :onlyattrs: to + :requiredattrs: to + +vcs +^^^ + +Check out the specified VCS repository to the given path. + +.. xml:type:: PathType + :nochildren: + :noattributegroups: + :nodoc: + :notext: + :onlyattrs: vcstype,revision,sourceurl + :requiredattrs: vcstype,revision,sourceurl .. _server-plugins-generators-rules-acls: @@ -346,31 +277,7 @@ child ```` tags. For instance: -The ACL tag has the following attributes: - -+-------+---------------------------------------------------+----------------+ -| Name | Description | Values | -+=======+===================================================+================+ -| type | ACL type | default|access | -+-------+---------------------------------------------------+----------------+ -| scope | ACL scope | user|group | -+-------+---------------------------------------------------+----------------+ -| user | User the ACL applies to ``(with scope="user"``) | String | -+-------+---------------------------------------------------+----------------+ -| group | Group the ACL applies to ``(with scope="group"``) | String | -+-------+---------------------------------------------------+----------------+ -| perms | Permissions for the ACL | See below | -+-------+---------------------------------------------------+----------------+ - -The ``perms`` attribute can either be a single octal digit (e.g., -``6`` would indicate read and write, but not execute), or a symbolic -mode including 'r', 'w', and 'x'. You can include '-' for operations -that are not permitted, but it's not required. I.e., all of the -following are identical:: - - perms="5" - perms="rx" - perms="r-x" +.. xml:element:: ACL It is not currently possible to manually set an effective rights mask; the mask will be automatically calculated from the given ACLs when @@ -420,108 +327,49 @@ See :ref:`server-selinux` for more information. SEBoolean Tag ^^^^^^^^^^^^^ -+-------+----------------------+---------+----------+ -| Name | Description | Values | Required | -+=======+======================+=========+==========+ -| name | Name of the boolean | String | Yes | -+-------+----------------------+---------+----------+ -| value | Value of the boolean | on|off | Yes | -+-------+----------------------+---------+----------+ +.. xml:type:: SEBooleanType SEPort Tag ^^^^^^^^^^ -+-------------+------------------------+---------------------------+----------+ -| Name | Description | Values | Required | -+=============+========================+===========================+==========+ -| name | Port number or range | ``/`` or | Yes | -| | and protocol (tcp|udp) | ``-/`` | | -+-------------+------------------------+---------------------------+----------+ -| selinuxtype | SELinux type to apply | String | Yes | -| | to this port | | | -+-------------+------------------------+---------------------------+----------+ +.. xml:type:: SEPortType SEFcontext Tag ^^^^^^^^^^^^^^ -+-------------+-------------------------+---------------------+----------+ -| Name | Description | Values | Required | -+=============+=========================+=====================+==========+ -| name | File specification | String | Yes | -+-------------+-------------------------+---------------------+----------+ -| selinuxtype | SELinux type to apply | String | Yes | -| | to files matching this | | | -| | specification | | | -+-------------+-------------------------+---------------------+----------+ -| filetype | File type to match. | (regular|directory| | No | -| | Default: all | symlink|pipe|all| | | -| | | socket|block|char) | | -+-------------+-------------------------+---------------------+----------+ +.. xml:type:: SEFcontextType SENode Tag ^^^^^^^^^^ -+-------------+------------------------------------+------------------+----------+ -| Name | Description | Values | Required | -+=============+====================================+==================+==========+ -| name | IP address and netmask of node. | / | Yes | -| | Netmask can be numeric (/16) or | | | -| | dotted-quad (/255.255.0.0) | | | -+-------------+------------------------------------+------------------+----------+ -| selinuxtype | SELinux type to apply to this node | String | Yes | -+-------------+------------------------------------+------------------+----------+ -| proto | Protocol | (ipv4|ipv6) | Yes | -+-------------+------------------------------------+------------------+----------+ +.. xml:type:: SENodeType SELogin Tag ^^^^^^^^^^^ -+-------------+-------------------------------+-----------+----------+ -| Name | Description | Values | Required | -+=============+===============================+===========+==========+ -| name | Unix username | String | Yes | -+-------------+-------------------------------+-----------+----------+ -| selinuxuser | SELinux username | String | Yes | -+-------------+-------------------------------+-----------+----------+ +.. xml:type:: SELoginType SEUser Tag ^^^^^^^^^^ -+-------------+-------------------------------+-----------+----------+ -| Name | Description | Values | Required | -+=============+===============================+===========+==========+ -| name | SELinux username | String | Yes | -+-------------+-------------------------------+-----------+----------+ -| roles | Space-separated list of roles | String | Yes | -+-------------+-------------------------------+-----------+----------+ -| prefix | Home directory context prefix | String | Yes | -+-------------+-------------------------------+-----------+----------+ +.. xml:type:: SEUserType SEInterface Tag ^^^^^^^^^^^^^^^ -+-------------+-------------------------+-------------+----------+ -| Name | Description | Values | Required | -+=============+=========================+=============+==========+ -| name | Interface name | String | Yes | -+-------------+-------------------------+-------------+----------+ -| selinuxtype | SELinux type to apply | String | Yes | -| | to this interface | | | -+-------------+-------------------------+-------------+----------+ +.. xml:type:: SEInterfaceType SEPermissive Tag ^^^^^^^^^^^^^^^^ -+-------------+------------------------------------+-------------+----------+ -| Name | Description | Values | Required | -+=============+====================================+=============+==========+ -| name | SELinux type to make permissive | String | Yes | -+-------------+------------------------------------+-------------+----------+ +.. xml:type:: SEPermissiveType SEModule Tag ^^^^^^^^^^^^ -See :ref:`server-plugins-generators-semodules` +.. xml:type:: SEModuleType + +See also :ref:`server-plugins-generators-semodules`. POSIXUser Tag ------------- @@ -534,39 +382,7 @@ POSIXUser Tag 1.3.0 since they require a client tool which is unavailable in previous versions. -The POSIXUser tag allows you to create users on client machines. It -takes the following attributes: - -+-------+-----------------------+---------+-------------------------------+ -| Name | Description | Values | Default | -+=======+=======================+=========+===============================+ -| name | Username | String | None | -+-------+-----------------------+---------+-------------------------------+ -| uid | User ID number | Integer | The client sets the uid | -+-------+-----------------------+---------+-------------------------------+ -| group | Name of the user's | String | The username | -| | primary group | | | -+-------+-----------------------+---------+-------------------------------+ -| gecos | Human-readable user | String | The username | -| | name or comment | | | -+-------+-----------------------+---------+-------------------------------+ -| home | User's home directory | String | /root (for "root"); | -| | | | /home/ otherwise | -+-------+-----------------------+---------+-------------------------------+ -| shell | User's shell | String | /bin/bash | -+-------+-----------------------+---------+-------------------------------+ - -The group specified will automatically be created if it does not -exist, even if there is no `POSIXGroup Tag`_ for it. If you need to -specify a particular GID for the group, you must specify that in a -``POSIXGroup`` tag. - -If you with to change the default shell, you can do so with :ref:`the -Defaults plugin `. - -Additionally, a user may be a member of supplementary groups. These -can be specified with the ``MemberOf`` child tag of the ``POSIXUser`` -tag. +.. xml:type:: POSIXUserType For example: @@ -579,6 +395,14 @@ For example: bin +The group specified will automatically be created if it does not +exist, even if there is no :xml:type:`POSIXGroup tag ` +for it. If you need to specify a particular GID for the group, you +must specify that in a ``POSIXGroup`` tag. + +If you with to change the default shell, you can do so with :ref:`the +Defaults plugin `. + See :ref:`client-tools-posixusers` for more information on managing users and groups. @@ -593,16 +417,7 @@ POSIXGroup Tag 1.3.0 since they require a client tool which is unavailable in previous versions. -The POSIXGroup tag allows you to create groups on client machines. It -takes the following attributes: - -+-------+-------------------+---------+-------------------------+ -| Name | Description | Values | Default | -+=======+===================+=========+=========================+ -| name | Name of the group | String | None | -+-------+-------------------+---------+-------------------------+ -| gid | Group ID number | Integer | The client sets the gid | -+-------+-------------------+---------+-------------------------+ +.. xml:type:: POSIXGroupType See :ref:`client-tools-posixusers` for more information on managing users and groups. diff --git a/doc/server/plugins/generators/semodules.txt b/doc/server/plugins/generators/semodules.txt index 4466738e6..04d72e139 100644 --- a/doc/server/plugins/generators/semodules.txt +++ b/doc/server/plugins/generators/semodules.txt @@ -37,24 +37,23 @@ For more information on this directory layout, see Entries ======= -SEModules handles ```` entries with the ``module`` type. For -instance: +SEModules handles ```` entries. For instance: .. code-block:: xml - + The ``.pp`` extension is optional. .. note:: - If you use a ``BoundSELinux`` tag, you must *not* include the + If you use a ``BoundSEModule`` tag, you must *not* include the ``.pp`` extension. This is not recommend, though. You can also install a disabled module: .. code-block:: xml - + diff --git a/doc/server/plugins/generators/sslca.txt b/doc/server/plugins/generators/sslca.txt index cabb4d730..cab7eb233 100644 --- a/doc/server/plugins/generators/sslca.txt +++ b/doc/server/plugins/generators/sslca.txt @@ -81,7 +81,7 @@ that CA must contain full (not relative) paths. something like ``/var/lib/bcfg2/SSLCA/etc/pki/tls/private/localhost.key``. -#. Within that directory, create a ``key.xml`` file containing the +#. Within that directory, create a `key.xml`_ file containing the following: .. code-block:: xml @@ -95,7 +95,7 @@ that CA must contain full (not relative) paths. keytype, or a different number of bits. #. Similarly, create the matching directory structure for the - certificate path, and a ``cert.xml`` containinng the following: + certificate path, and a `cert.xml`_ containing the following: .. code-block:: xml @@ -110,6 +110,8 @@ that CA must contain full (not relative) paths. using the CA matching the ca attribute. ie. ca="default" will match [sslca_default] in your ``/etc/bcfg2.conf`` +.. _sslca-configuration: + Configuration ============= @@ -144,67 +146,14 @@ Only ``config`` is required. cert.xml -------- -``cert.xml`` is an XML document describing an SSL certificate -generated from an SSL key that has also been generated by SSLCA. It -honors ``Group`` and ``Client`` tags much like Bundler. It must have -a top-level ``CertInfo`` tag and can contain two types of tags: - -Cert -^^^^ - -The ``Cert`` tag explains how the certificate should be generated. -There should be at least one ``Cert`` tag, and at most one ``Cert`` -tag should apply to any given client. - -+--------------+------------------------------------------+---------+---------+ -| Attribute | Description | Values | Default | -+==============+==========================================+=========+=========+ -| key | The full path to the key to use for this | String | None | -| | certificate. This is the only required | | | -| | attribute. | | | -+--------------+------------------------------------------+---------+---------+ -| format | The format of cert to produce. Currently | 'pem' | 'pem' | -| | only pem certificates are supported. | | | -+--------------+------------------------------------------+---------+---------+ -| ca | The name of the CA (from ``bcfg2.conf``) | String | default | -| | to use to generate this certificate. | | | -+--------------+------------------------------------------+---------+---------+ -| days | Time (in days) the certificate should be | Integer | 365 | -| | valid for | | | -+--------------+------------------------------------------+---------+---------+ -| c | Override the country set in the CA | String | None | -| | config | | | -+--------------+------------------------------------------+---------+---------+ -| l | Override the location set in the CA | String | None | -| | config | | | -+--------------+------------------------------------------+---------+---------+ -| st | Override the state set in the CA config | String | None | -+--------------+------------------------------------------+---------+---------+ -| ou | Override the organizational unit set in | String | None | -| | the CA config | | | -+--------------+------------------------------------------+---------+---------+ -| o | Override the organization set in the CA | String | None | -| | config | | | -+--------------+------------------------------------------+---------+---------+ -| emailaddress | Override the email address set in the CA | String | None | -| | config | | | -+--------------+------------------------------------------+---------+---------+ -| append_chain | Append the CA chain certificate to the | Boolean | False | -| | certificate (e.g., to produce a cert in | | | -| | the format required by Nginx) | | | -+--------------+------------------------------------------+---------+---------+ - -SubjectAltName -^^^^^^^^^^^^^^ - -The ``SubjectAltName`` tag contains text giving a subject alternative -name for the certificate. Any number of ``SubjectAltName`` tags may -be used. +.. xml:schema:: sslca-cert.xsd + :linktotype: + :inlinetypes: CertType Example ^^^^^^^ -.. code-block: xml +.. code-block:: xml test.example.com @@ -220,29 +169,14 @@ Example key.xml ------- -``key.xml`` is an XML document describing an SSL key. It also honors -``Group`` and ``Client`` tags. It contains a top-level ``KeyInfo`` -tag that contains at least one ``Key`` tag. - -Key -^^^ - -The ``Cert`` tag explains how the certificate should be generated. -There should be at least one ``Cert`` tag, and at most one ``Cert`` -tag should apply to any given client. - -+--------------+------------------------------------------+---------+---------+ -| Attribute | Description | Values | Default | -+==============+==========================================+=========+=========+ -| type | The key type | rsa|dsa | 'rsa' | -+--------------+------------------------------------------+---------+---------+ -| bits | The key length | Integer | 2048 | -+--------------+------------------------------------------+---------+---------+ +.. xml:schema:: sslca-key.xsd + :linktotype: + :inlinetypes: KeyType Example ^^^^^^^ -.. code-block: xml +.. code-block:: xml diff --git a/doc/server/plugins/grouping/metadata.txt b/doc/server/plugins/grouping/metadata.txt index ae4ebfe32..a6ed37f8e 100644 --- a/doc/server/plugins/grouping/metadata.txt +++ b/doc/server/plugins/grouping/metadata.txt @@ -10,27 +10,28 @@ The metadata mechanism has two types of information, client metadata and group metadata. The client metadata describes which top level group a client is associated with.The group metadata describes groups in terms of what bundles and other groups they include. Group data and -clients' memberships are reflected in the ``Metadata/groups.xml`` and -``Metadata/clients.xml`` files, respectively. +clients' memberships are reflected in the `groups.xml`_ and +`clients.xml`_ files, respectively. Usage of Groups in Metadata =========================== -Clients are assigned membership of groups in the Metadata descriptions. -Clients can be directly assigned to *'profile'* or *'public'* groups. -Client membership of all other groups is by those groups being -associated with the profile or public groups. This file can be indirectly -modified from clients through use of the ``-p`` flag to ``bcfg2``. +Clients are assigned membership of groups in the Metadata +descriptions. Clients can be directly assigned to *'profile'* or +*'public'* groups. Client membership of all other groups is by those +groups being associated with the profile or public groups. This file +can be indirectly modified from clients through use of the ``-p`` flag +to ``bcfg2``. -Clients are associated with profile groups in ``Metadata/clients.xml`` as -shown below. +Clients are associated with profile groups in `clients.xml`_ +as shown below. .. _server-plugins-grouping-metadata-clients-xml: -Metadata/clients.xml -==================== +clients.xml +=========== -The ``Metadata/clients.xml`` file contains the mappings of Profile Groups +The ``clients.xml`` file contains the mappings of Profile Groups to clients. The file is just a series of ** tags, each of which describe one host. A sample file is below: @@ -46,63 +47,7 @@ describe one host. A sample file is below: -Clients Tag ------------ - -The Clients tag has the following possible attributes: - -+---------+-----------------------+--------+ -| Name | Description | Values | -+=========+=======================+========+ -| version | Client schema version | String | -+---------+-----------------------+--------+ - -Client Tag ----------- - -Each entry in ``clients.xml`` **must** have the following properties: - -+---------+---------------------------------------+--------+ -| Name | Description | Values | -+=========+=======================================+========+ -| name | Host name of client. This needs to be | String | -| | the name (possibly a FQDN) returned | | -| | by a reverse lookup on the connecting | | -| | IP address. | | -+---------+---------------------------------------+--------+ -| profile | Profile group name to associate this | String | -| | client with. | | -+---------+---------------------------------------+--------+ - -Additionally, the following properties can be specified: - -+----------+----------------------------------------+----------------+ -| Name | Description | Values | -+==========+========================================+================+ -| Alias | Alternative name and address for the | XML Element | -| | client. | | -+----------+----------------------------------------+----------------+ -| address | Establishes an extra IP address that | ip address | -| | resolves to this client. | | -+----------+----------------------------------------+----------------+ -| floating | Allows requests to come from any IP, | true|false | -| | rather than requiring requests to come | | -| | from an IP associated with the client | | -+----------+----------------------------------------+----------------+ -| password | Establishes a per-node password that | String | -| | can be used instead of the global | | -| | password. | | -+----------+----------------------------------------+----------------+ -| secure | Requires the use of the per-client | true|false | -| | password for this client. | | -+----------+----------------------------------------+----------------+ -| uuid | Establishes a per-node name that can | String | -| | be used to bypass dns-based client | | -| | resolution. | | -+----------+----------------------------------------+----------------+ - -Floating can also be configured by setting ``location="floating"``, -but that is deprecated. +.. xml:schema:: clients.xsd For detailed information on client authentication see :ref:`appendix-guides-authentication` @@ -110,47 +55,46 @@ For detailed information on client authentication see .. _server-plugins-grouping-metadata-clients-database: Clients Database -~~~~~~~~~~~~~~~~ +---------------- .. versionadded:: 1.3.0 It is also possible to store client records in a database rather than -writing back to ``clients.xml``. This provides several advantages: +writing back to `clients.xml`_. This provides several advantages: -* ``clients.xml`` will never be written by the server, removing an +* `clients.xml`_ will never be written by the server, removing an area of contention between the user and server. -* ``clients.xml`` can be removed entirely for many sites. +* `clients.xml`_ can be removed entirely for many sites. * The Bcfg2 client list can be queried by other machines without - obtaining and parsing ``clients.xml``. + obtaining and parsing `clients.xml`_. * A single client list can be shared amongst multiple Bcfg2 servers. In general, storing clients in the database works almost the same as -``clients.xml``. ``groups.xml`` is parsed identically. If -``clients.xml`` is present, it is parsed, but ```` tags in -``clients.xml`` *do not* assert client existence; they are only used +`clients.xml`_. `groups.xml`_ is parsed identically. If +`clients.xml`_ is present, it is parsed, but ```` tags in +`clients.xml`_ *do not* assert client existence; they are only used to set client options *if* the client exists (in the database). That -is, the two purposes of ``clients.xml`` -- to track which clients +is, the two purposes of `clients.xml`_ -- to track which clients exist, and to set client options -- have been separated. -With the improvements in ``groups.xml`` parsing in 1.3, client groups -can now be set directly in ``groups.xml`` with ```` tags. (See -:ref:`metadata-client-tag` for more details.) As a result, -``clients.xml`` is only necessary if you need to set -options (e.g., aliases, floating clients, per-client passwords, etc.) -on clients. +With the improvements in `groups.xml`_ parsing in 1.3, client groups +can now be set directly in `groups.xml`_ with ```` tags. (See +:xml:type:`clientType` for more details.) As a result, `clients.xml`_ +is only necessary if you need to set options (e.g., aliases, floating +clients, per-client passwords, etc.) on clients. -To use the database backend instead of ``clients.xml``, set +To use the database backend instead of `clients.xml`_, set ``use_database`` in the ``[metadata]`` section of ``bcfg2.conf`` to ``true``. You will also need to configure the :ref:`Global Server Database Settings `. -The ``clients.xml``-based model remains the default. +The `clients.xml`_-based model remains the default. -Metadata/groups.xml -=================== +groups.xml +========== -The ``Metadata/groups.xml`` file contains Group and Profile -definitions. Here's a simple ``Metadata/groups.xml`` file: +The ``groups.xml`` file contains Group and Profile definitions. Here's +a simple ``groups.xml`` file: .. code-block:: xml @@ -197,8 +141,8 @@ groups; a RHEL 6 client that is a member of the ``mail-server`` profile group would be a member of the ``apache-server``, ``nfs-client``, ``server``, and ``postfix-server`` groups. -Client tags in ``groups.xml`` allow you to supplement the profile -group declarations in ``clients.xml`` and/or client group assignments +Client tags in `groups.xml`_ allow you to supplement the profile +group declarations in `clients.xml`_ and/or client group assignments with the :ref:`server-plugins-grouping-grouppatterns` plugin. They should be used sparingly. (They are more useful when you are using the database backend for client records.) @@ -235,101 +179,19 @@ groups: Nested Group conditionals, Client tags, and negated Group tags are all new in 1.3.0. -Order of ``groups.xml`` does not matter. - -Groups describe clients in terms for abstract, disjoint aspects. Groups -can be combined to form complex descriptions of clients that use -configuration commonality and inheritance. Groups have several attributes, -described below: - - -Metadata Groups Tag -------------------- - -The Groups tag has the following possible attributes: - -+----------+---------------------------------+--------+ -| Name | Description | Values | -+==========+=================================+========+ -| version | Group schema version | String | -+----------+---------------------------------+--------+ -| origin | URL of master version | String | -| | (for common repository) | | -+----------+---------------------------------+--------+ -| revision | Master version control revision | String | -+----------+---------------------------------+--------+ - -Metadata Group Tag ------------------- - -The Group Tag has the following possible attributes: - -+----------+----------------------------------------------+--------------+ -| Name | Description | Values | -+==========+==============================================+==============+ -| name | Name of the group | String | -+----------+----------------------------------------------+--------------+ -| profile | If a client can be directly associated with | True|False | -| | this group | | -+----------+----------------------------------------------+--------------+ -| public | If a client can freely associate itself with | True|False | -| | this group. For use with the ``bcfg2 -p`` | | -| | option on the client. | | -+----------+----------------------------------------------+--------------+ -| category | A group can only contain one instance of a | String | -| | group in any one category. This provides the | | -| | basis for representing groups which are | | -| | conjugates of one another in a rigorous way. | | -+----------+----------------------------------------------+--------------+ -| default | Set as the profile to use for clients that | True|False | -| | are not associated with a profile in | | -| | ``clients.xml`` | | -+----------+----------------------------------------------+--------------+ -| comment | English text description of group | String | -+----------+----------------------------------------------+--------------+ -| negate | When used as a conditional, only apply the | True|False | -| | children if the named group does not match. | | -| | When used as a declaration, do not apply | | -| | the named group to matching clients. | | -+----------+----------------------------------------------+--------------+ - -The ``profile``, ``public``, ``category``, ``default``, and -``comment`` attributes are only parsed if a Group tag either a) is the -direct child of a Groups tag (i.e., at the top level of an XML file); -or b) has no children. This matches legacy behavior in Bcfg2 1.2 and -earlier. - -Groups can also contain other groups, clients, and bundles. - -.. _metadata-client-tag: - -Metadata Client Tag -------------------- - -The Client Tag has the following possible attributes: - -+----------+-----------------------------------------------+--------------+ -| Name | Description | Values | -+==========+===============================================+==============+ -| name | Name of the client | String | -+----------+-----------------------------------------------+--------------+ -| negate | Only apply the child tags if the named client | True|False | -| | does not match. | | -+----------+-----------------------------------------------+--------------+ - -Clients can also contain groups, other clients (although that's likely -nonsensical), and bundles. - - -Use of XInclude -=============== +.. xml:schema:: metadata.xsd + + +XInclude +======== + +.. versionadded:: 0.9.0 `XInclude `_ is a W3C specification -for the inclusion of external XML documents into XML source -files. Much like the use of ``#include`` in C, this allows complex -definitions to be split into smaller, more manageable pieces. As of -bcfg2-0.9.0pre1, the `Metadata`_ plugin supports the use of XInclude -specifications to split the ``clients.xml`` and ``groups.xml`` +for the inclusion of external XML documents into XML source files, +allowing complex definitions to be split into smaller, more manageable +pieces. The `Metadata`_ plugin supports the use of XInclude +specifications to split the `clients.xml`_ and `groups.xml`_ files. This mechanism allows the following specification to produce useful results: @@ -358,7 +220,7 @@ Metadata Caching Client metadata can be cached in order to improve performance. This is particularly important if you have lots of templates that use -metadata from other clients (e.g., with the MetadataQuery interface +metadata from other clients (e.g., with the `MetadataQuery`_ interface described below. See :ref:`server-caching` for a full description of the caching features available. @@ -393,7 +255,7 @@ A special client metadata class is available to +------------+------------------------------------------------+---------------+ | connectors | connector plugins known to this client | List | +------------+------------------------------------------------+---------------+ -| query | MetadataQuery object | MetadataQuery | +| query | `MetadataQuery`_ object | MetadataQuery | +------------+------------------------------------------------+---------------+ diff --git a/doc/server/plugins/structures/bundler/index.txt b/doc/server/plugins/structures/bundler/index.txt index 1cc287ebd..a19959e66 100644 --- a/doc/server/plugins/structures/bundler/index.txt +++ b/doc/server/plugins/structures/bundler/index.txt @@ -154,6 +154,8 @@ Several variables are pre-defined inside templates: groups, you *must* use a Genshi conditional, not a ```` tag. The same caveats apply to ```` tags. +See also the :ref:`xml-genshi-reference`. + Troubleshooting --------------- diff --git a/doc/unsorted/writing_specification.txt b/doc/unsorted/writing_specification.txt index 5a6eec231..700c1ab72 100644 --- a/doc/unsorted/writing_specification.txt +++ b/doc/unsorted/writing_specification.txt @@ -38,7 +38,6 @@ configuration is then used to generate the clients literal configuration. For instance the above abstract configuration entry may generate a literal configuration of - .. code-block:: xml @@ -243,105 +242,20 @@ can be used in bundles) Bundle Tag ^^^^^^^^^^ -The Bundle Tag has the following possible attributes: - -+----------+-----------------------------------------+--------+ -| Name | Description | Values | -+==========+=========================================+========+ -| name | The name of the bundle | String | -+----------+-----------------------------------------+--------+ -| version | Bundle schema version | String | -+----------+-----------------------------------------+--------+ -| origin | URL of master version (for common repo) | String | -+----------+-----------------------------------------+--------+ -| revision | Master version control revision | String | -+----------+-----------------------------------------+--------+ +.. xml:type:: BundleType + :nochildren: As mentioned above the Configuration Entity Tags may only have the name attribute in Bundle definitions. -Abstract Group Tag -^^^^^^^^^^^^^^^^^^ - -In the Abstract Configuration plugins (Base and Bundle) the Group Tag -may have the following attributes: - -+--------+------------------------------+---------------+ -| Name | Description | Values | -+========+==============================+===============+ -| name | Name of group. | String | -+--------+------------------------------+---------------+ -| negate | Negate the group association | (True|False*) | -| | (is not a member of) | | -+--------+------------------------------+---------------+ - -An abstract group may contain any of the Configuration Entity types and other groups. - -Using Base -^^^^^^^^^^ - -The Base plugin provides a mechanism to add independent configuration -entities to a client's abstract configuration. All files in the Base/ -subdirectory of the repository are processed, and all entries that fall -within the scope of the client metadata are included in its abstract -configuration.:: - - $ ls Base/ - centos-4-x86.xml - fedora-core-4-x86.xml - rhel-as-4-x86.xml - rhel-es-4-x86.xml - rhel-ws-4-x86_64.xml - rhel-ws-4-x86.xml - -.. code-block:: xml - - - - - - - - - - .... - - - - - - - - -The format of the Base files are similar to those used by the Bundler. -The majority of the elements are usually Packages, but Paths of any type -may all be defined. A partial example is below: - -Base Tag -^^^^^^^^ - -The Base Tag has no attributes - -As mentioned above the Configuration Entity Tags contained in a Base -definition may only have the name attribute in Base definitions. - -Abstract Group Tag -^^^^^^^^^^^^^^^^^^ - -In the Abstract Configuration plugins (Base and Bundle) the Group Tag -may have the following attributes: +Group and Client Tags +^^^^^^^^^^^^^^^^^^^^^ -+--------+------------------------------+---------------+ -| Name | Description | Values | -+========+==============================+===============+ -| name | Name of group. | String | -+--------+------------------------------+---------------+ -| negate | Negate the group association | (True|False*) | -| | (is not a member of) | | -+--------+------------------------------+---------------+ +.. xml:type:: BundlerGroupType + :nochildren: -An abstract group may contain any of the Configuration Entity types and -other groups. +An abstract group may contain any of the Configuration Entity types +and other groups. Literal Configuration (Generators) ================================== diff --git a/schemas/bundle.xsd b/schemas/bundle.xsd index 1fcf82c27..0fe61e838 100644 --- a/schemas/bundle.xsd +++ b/schemas/bundle.xsd @@ -139,7 +139,7 @@ - + Elements within Group tags only apply to clients that are @@ -148,7 +148,7 @@ - + Elements within Client tags only apply to the named client @@ -167,21 +167,34 @@ - + + + + A **BundlerGroupType** is a tag used to provide logic. Child + entries of a BundlerGroupType tag only apply to machines that + match the condition specified -- either membership in a group, + or a matching client name. + :xml:attribute:`BundlerGroupType:negate` can be set to negate + the sense of the match. + + - The group name + + The group name + - Negate the sense of this group; i.e., entries within this - tag are only used on clients that are not members of the - group + Negate the sense of this group or client; i.e., entries + within this tag are only used on clients that are not + members of the group, or that have hostnames that do not + match. @@ -192,11 +205,42 @@ - - - - - + + + + Freeform description of the bundle. + + + + + + + The name of the bundle. This must match the bundle + filename, minus the extension. + + + + + + + Bundle schema version. + + + + + + + URL of master version (for common repo) + + + + + + + Master version control revision. + + + diff --git a/schemas/clients.xsd b/schemas/clients.xsd index 3b98c5fc3..20a77b0dd 100644 --- a/schemas/clients.xsd +++ b/schemas/clients.xsd @@ -1,44 +1,169 @@ - - client schema for bcfg2 - Narayan Desai, Argonne National Laboratory + Bcfg2 client list schema + + + + + + + + + + + Describe a Bcfg2 client machine. + + + + + **Alias** allows you to set alternative hostname and IP + address pairs that also resolve to this client. + + - - + + + + Hostname of the alternative client name-address pair. + + + + + + + IP address of the alternative client name-address pair. + + + - - - - - - - - - - - - + + + + Hostname of client. This needs to be the name (probably + FQDN) returned by a reverse lookup on the connecting IP + address. + + + + + + + Profile group naem to associate this client with. + + + + + + + Deprecated. + + + + + + + Authentication mode for the client. See + :ref:`appendix-guides-authentication` for details on the + values available. + + + + + + + Establishes a name for this cilent that can be used to + bypass dns-based client resolution. + + + + + + + Establishes a per-client password that can be used instead + of the global password. + + + + + + + Deprecated. Use :xml:attribute:`ClientType:floating` instead. + + + + + + + Allows requests to come from any IP address, rather than + requiring requests to come from an IP associated with this + client. Note that, since this forces the Bcfg2 server to + trust any connection that claims to be from this hostname, + it can introduce security issues. + + + + + + + Requires the use of :xml:attribute:`ClientType:password` for + this client. + + + + + + + Deprecated. + + + + + + + Establishes an extra IP address that resolves to this client. + + + + + + + The version of the Bcfg2 client running on this machine. + You should not have to set this manually, but can let the + Bcfg2 server set it automatically. + + + + + + Metadata client list top-level tag + + - + + + + Client schema version + + + diff --git a/schemas/deps.xsd b/schemas/deps.xsd index b1400c320..58d19f699 100644 --- a/schemas/deps.xsd +++ b/schemas/deps.xsd @@ -1,5 +1,4 @@ - dependency schema for bcfg2 @@ -7,21 +6,21 @@ - + - - + + - + - - - + + + @@ -30,9 +29,9 @@ - - - + + + diff --git a/schemas/fileprobes.xsd b/schemas/fileprobes.xsd index e10dc51dd..0dfb8cdd2 100644 --- a/schemas/fileprobes.xsd +++ b/schemas/fileprobes.xsd @@ -1,4 +1,4 @@ - + FileProbes plugin config schema for bcfg2 @@ -6,11 +6,11 @@ - + - - + + @@ -26,8 +26,8 @@ - - + + diff --git a/schemas/genshi.xsd b/schemas/genshi.xsd index 35d81e2f1..0131363be 100644 --- a/schemas/genshi.xsd +++ b/schemas/genshi.xsd @@ -6,67 +6,202 @@ elementFormDefault="qualified"> - Genshi schema - Chris St. Pierre + Genshi XML templating language schema + + + `for directive + <http://genshi.edgewall.org/wiki/Documentation/xml-templates.html#id3>`_ + + - + + + + The loop iterator + + + + + + `if directive + <http://genshi.edgewall.org/wiki/Documentation/xml-templates.html#id1>`_ + + - + + + + The statement giving the value to test + + + + + + `match directive + <http://genshi.edgewall.org/wiki/Documentation/xml-templates.html#id5>`_ + + - - - - + + + + XPath expression to search for in the template. + + + + + + + Whether the engine should stop looking for more matching + elements after the first match. Use this on match templates + that match elements that can only occur once in the stream, + such as the <head> or <body> elements in an HTML + template, or elements with a specific ID. + + + + + + + Whether the matched content should be buffered in + memory. Buffering can improve performance a bit at the cost + of needing more memory during rendering. Buffering is + *required* for match templates that contain more than one + invocation of the ``select()`` function. If there is only + one call, and the matched content can potentially be very + long, consider disabling buffering to avoid excessive memory + use. + + + + + + + Whether the match template should be applied to its own + output. Note that once implies non-recursive behavior, so + this attribute only needs to be set for match templates that + don't also have once set. + + + + + + `def directive + <http://genshi.edgewall.org/wiki/Documentation/xml-templates.html#id4>`_ + + - + + + + The function prototype + + + + + + `with directive + <http://genshi.edgewall.org/wiki/Documentation/xml-templates.html#py-with>`_ + + - + + + + A semicolon-delimited list of variables to define and their + values. + + + + + + `replace directive + <http://genshi.edgewall.org/wiki/Documentation/xml-templates.html#id8>`_ + + - + + + + The value to replace the contents with. + + + + + + `choose directive + <http://genshi.edgewall.org/wiki/Documentation/xml-templates.html#id2>`_ + + - + + + + The ``when`` directive is used inside + :xml:type:`py:chooseType` or + :xml:attribute:`py:genshiAttrs:choose` to handle a single + specific condition. + + + + minOccurs="0"/> - + + + + If ``test`` is set, the child :xml:element:`py:when` + directives are tested for equality to the value of the + expression. + + + + + + The ``otherwise`` directive is used inside + :xml:type:`py:chooseType` or + :xml:attribute:`py:genshiAttrs:choose` to handle all + conditions not handled by a :xml:element:`py:when`. + + @@ -74,6 +209,13 @@ + + + Most Genshi templating directives can be used either as + standalone elements or as attributes on existing elements. + This element group defines the standalone tags. + + @@ -87,17 +229,113 @@ - - - - - - - - - - - - + + + Most Genshi templating directives can be used either as + standalone elements or as attributes on existing elements. + This attribute group defines the attribute directives. + + + + + + `if directive + <http://genshi.edgewall.org/wiki/Documentation/xml-templates.html#id1>`_ + + + + + + + + `choose directive + <http://genshi.edgewall.org/wiki/Documentation/xml-templates.html#id2>`_ + + + + + + + The ``when`` directive is used inside + :xml:type:`py:chooseType` or + :xml:attribute:`py:genshiAttrs:choose` to handle a single + specific condition. + + + + + + + The ``otherwise`` directive is used inside + :xml:type:`py:chooseType` or + :xml:attribute:`py:genshiAttrs:choose` to handle all + conditions not handled by a :xml:element:`py:when`. + + + + + + + `for directive + <http://genshi.edgewall.org/wiki/Documentation/xml-templates.html#id3>`_ + + + + + + + `def directive + <http://genshi.edgewall.org/wiki/Documentation/xml-templates.html#id4>`_ + + + + + + + `match directive + <http://genshi.edgewall.org/wiki/Documentation/xml-templates.html#id5>`_ + + + + + + + `with directive + <http://genshi.edgewall.org/wiki/Documentation/xml-templates.html#py-with>`_ + + + + + + + `attrs directive + <http://genshi.edgewall.org/wiki/Documentation/xml-templates.html#id6>`_ + + + + + + + `content directive + <http://genshi.edgewall.org/wiki/Documentation/xml-templates.html#id7>`_ + + + + + + + `replace directive + <http://genshi.edgewall.org/wiki/Documentation/xml-templates.html#id8>`_ + + + + + + + `strip directive + <http://genshi.edgewall.org/wiki/Documentation/xml-templates.html#id9>`_ + + + diff --git a/schemas/info.xsd b/schemas/info.xsd index 83a8173d2..24538ffe3 100644 --- a/schemas/info.xsd +++ b/schemas/info.xsd @@ -1,8 +1,7 @@ - - info.xml schema for bcfg2 + ``info.xml`` schema for Bcfg2 @@ -10,39 +9,129 @@ + + + The Info tag specifies metadata (ownership, permissions, etc.) + for entries that are generated by various plugins. + + - - - - - - - - + + + + Encoding of the file for tranfer to the client. Use + ``base64`` for binary files. + + + + + + + Sets group of the file. + + + + + + + Important entries are installed first during client + execution. + + + + + + + Sets owner of the file. + + + + + + + Sets the mode of the file from the octal value given. + + + + + + + Sets the SELinux context of the file, or sets to the default + context for that path set by policy if set to the special + value ``__default__``. + + + + + + + If true, files that are replaced will be backed up first. + + + + + + + The contents of sensitive entries aren't included in reports. + + + - + + + + An **InfoGroupType** is a ``info.xml`` tag used to provide + logic. Child entries of such a tag only apply to machines + that match the condition specified -- membership in a group, a + matching client name, or a matching path for the file being + generated. :xml:attribute:`InfoGroupType:negate` can be set + to negate the sense of the match. + + - - - - - + + + + The name of the client or group, or the full path to match + on. Child entries will only apply to this client or group + (unless :xml:attribute:`InfoGroupType:negate` is set). + + + + + + + Negate the sense of the match, so that child entries only + apply to a client if it is not a member of the given group, + does not have the given client name, or the path names do + not match. + + + + + + Top-level tag for ``info.xml``. + + - - - + + + diff --git a/schemas/metadata.xsd b/schemas/metadata.xsd index 84d7436c9..8e81c837e 100644 --- a/schemas/metadata.xsd +++ b/schemas/metadata.xsd @@ -3,8 +3,8 @@ - metadata schema for bcfg2 - Narayan Desai, Argonne National Laboratory + Bcfg2 schema for declaring groups and associating groups with + bundles. @@ -14,47 +14,170 @@ schemaLocation="xinclude.xsd"/> - + + + Declaration of a bundle as a member of a group. + + + + + + The bundle name + + + - + + + + The Group tag serves two purposes: + + * If it is at the top level of ``groups.xml`` (i.e., its + direct parent is :xml:element:`Groups`), or if it has no + children, then it is considered to declare a new group, and + :xml:attribute:`MetadataGroupType:profile`, + :xml:attribute:`MetadataGroupType:public`, + :xml:attribute:`MetadataGroupType:category`, and + :xml:attribute:`MetadataGroupType:default` are parsed. + + * If it is not at the top level of ``groups.xml`` *and* it has + children, then it is considered to be a conditional; its + children only apply to clients that are already members in + the group. The attributes listed above are not parsed. + + - + - - - - - - - - + + + + Name of the group + + + + + + + Mark the group as a profile, which allows a client to be + directly associated with this group in + :ref:`server-plugins-grouping-metadata-clients-xml`. + + + + + + + Mark the group as public, which allows any client to assert + membership in the group with ``bcfg2 -p``. + + + + + + + Set as the profile to use for clients that are not + associated with any profile explicitly in + :ref:`server-plugins-grouping-metadata-clients-xml`. + Setting ``default`` to ``true`` requires setting + :xml:attribute:`MetadataGroupType:profile` to ``true`` as + well. + + + + + + + Assign the group to the given category. A client can only + be a member of one group in a given category. + + + + + + + When the Group tag is used as a conditional, only apply the + child elements if the named group does not match. When the + Group tag is used as a declaration, do not apply the named + group to matching clients. + + + + + + Client tags are conditionals, and can be used to set + per-client groups and bundles. + + - + - - + + + + The name of the client. + + + + + + + Only apply the child tags if the named client does not + match. + + + + + + Metadata group list top-level tag + + - + - + + + + Nested ``Groups`` tags allowed to support XInclude + + + - - - + + + + Group schema version + + + + + + + URI of master version (for common repository) + + + + + + + Master version control revision + + + diff --git a/schemas/nagiosgen.xsd b/schemas/nagiosgen.xsd index 080994cd1..99d6b91c6 100644 --- a/schemas/nagiosgen.xsd +++ b/schemas/nagiosgen.xsd @@ -1,4 +1,4 @@ - + NagiosGen config schema for bcfg2 @@ -6,11 +6,11 @@ - + - - + + @@ -23,8 +23,8 @@ - - + + diff --git a/schemas/packages.xsd b/schemas/packages.xsd index c4252194f..dbee2f31b 100644 --- a/schemas/packages.xsd +++ b/schemas/packages.xsd @@ -1,5 +1,4 @@ - packages config schema for bcfg2 @@ -10,7 +9,7 @@ - + @@ -19,50 +18,212 @@ - - - + + + **RepoOptionsType** can be used to specify arbitrary + repository options. + + + + + + The options given in this tag will only be used on the Bcfg2 + server, not on the clients. + + + + + + + The options given in this tag will only be used on the Bcfg2 + clients, not on the server. + + + + + + + All other (arbitrary) attributes will be added to the + repository configuration. + + + - + + + + **SourceType** elements are used to specify software sources + (i.e., repositories) for the Packages plugin. + + - - - - + + + + Components are used to build multiple repository URLs from + a single :xml:element:`Source` tag. This is only + meaningful if the :xml:attribute:`SourceType:url` + attribute is specified; see that attribute above for more + detail. + + + + + + + The architecture(s) of the repository. A client must be a + member of one of the listed architecture groups in order + for this source to apply to the client. Additionally, if + the :xml:attribute:`SourceType:url` attribute is + specified, the :xml:element:`Arch` tag is used to generate + URLs. See :xml:attribute:`the url attribute + <SourceType:url>` for more detail. + + + + + + + The GPG key(s) for the repository. This only applies to + sources with :xml:attribute:`SourceType:type` = ``yum``. + If GPG keys are specified, then GPG checking will be + automatically enabled for the repository, both on the + Bcfg2 server (if :ref:`yum libraries + <native-yum-libraries>` are in use) and on the Bcfg2 + client (if you use + :ref:`server-plugins-generators-packages` to + :ref:`generate your Yum config + <generating-client-configs>`). + + + + + + + Arbitrary options to be used in the repository + configuration. + + + - - + + + + Blacklist the given package(s) from the + :ref:`server-plugins-generators-packages` plugin. This + prevents them from being included in + automatically-resolved dependencies. + + + + + + + If **Whitelist** is specified, *only* packages listed + will be included by the + :ref:`server-plugins-generators-packages` plugin. + + + - - - - - - + + + + Include packages recommended as dependencies by APT. This + only applies to sources with + :xml:attribute:`SourceType:type` = ``apt``. You must + regenerate the Packages cache after changing this attribute. + + + + + + + Include essential packages from this repo by default (i.e., + without needing to specify them in a bundle). This only + applies to sources with :xml:attribute:`SourceType:type` = + ``apt``. + + + + + + + The type of the repository. This corresponds to the + Packages plugin driver that will handle the source. + + + + + + + The :ref:`Pulp <pulp-source-support>` repository ID + for this repo. This only applies to sources with + :xml:attribute:`SourceType:type` = ``yum``. Due to the + amount of data that can be queried directly from Pulp, + there's rarely a need to supply other attributes. + + + + + + + The base URL to use when generating URLs for this source. + If :xml:attribute:`SourceType:url` is used, you must also + provide the :xml:element:`Arch` tag, at least one + :xml:element:`Component` tag, and the + :xml:attribute:`SourceType:version` attribute. You must not + specify :xml:attribute:`SourceType:rawurl`. For each + combination of component and Arch tag, a URL is created in + the format:: + + <url>/<version>/<component>/<arch> + + + + + + + The raw URL to the (single) repository defined by this + source. :xml:element:`Component` and + :xml:attribute:`SourceType:version` are ignored if this is + given. + + + + + + + The OS version this source applies to. This is used to + generate URLs if the :xml:attribute:`SourceType:url` + attribute is given, and ignored otherwise. + + + - + - - - - + + + + - + - - - - + + + + - + diff --git a/schemas/pkglist.xsd b/schemas/pkglist.xsd index c0d449f54..1f278d477 100644 --- a/schemas/pkglist.xsd +++ b/schemas/pkglist.xsd @@ -1,36 +1,104 @@ - + package list schema for bcfg2 Narayan Desai, Argonne National Laboratory - + + + + An **PackageContainerType** is a tag used to provide logic. + Child entries of an PackageContainerType tag only apply to + machines that match the condition specified -- either + membership in a group, or a matching client name. + :xml:attribute:`PackageContainerType:negate` can be set to + negate the sense of the match. + + - - + + + + The name of the client or group to match on. Child entries + will only apply to this client or group (unless + :xml:attribute:`PackageContainerType:negate` is set). + + + + + + + Negate the sense of the match, so that child entries only + apply to a client if it is not a member of the given group + or does not have the given name. + + + + + + The top-level tag in a :ref:`server-plugins-generators-pkgmgr` + XML package list. + + + - - - - - + + + + Sets the priority for rules in this file for + :ref:`server-plugins-generators-rules`. The higher value + wins. + + + + + + + The package type, which determines which client driver will + handle installation of packages in this package list. + + + + + + + The URI to the repository that data in this package list + file was parsed from. + + + + + + + Comma-separated list of architectures of packages in this + package list that should be installed. + + + + + + + Filename creation rules for multiarch packages. + + + diff --git a/schemas/pkgtype.xsd b/schemas/pkgtype.xsd index cbee6f317..18eda88ab 100644 --- a/schemas/pkgtype.xsd +++ b/schemas/pkgtype.xsd @@ -13,48 +13,304 @@ schemaLocation="genshi.xsd"/> - - - - + + + Abstract description of a package or package group to be + installed. + + + + + + Install the named package. Either ``name`` or + :xml:attribute:`PackageStructure:group` must be specified. + + + + + + + Install the named package group. Package groups are only + supported for Yum :xml:element:`Source` repositories, and + only if the :ref:`yum libraries + <native-yum-libraries>` are in use. Either ``group`` + or :xml:attribute:`PackageStructure:name` must be specified. + + + + + + + Whether or not to verify the package. + + + + + + + The package set to select from a given package group. Only + meaningful if :xml:attribute:`PackageStructure:group` is + specified. + + + + + + Concrete specification of a package to be installed. A + package can be specified in one of two ways: + + * A single Package tag that lists all of the attributes for + the single instance of the package that should be installed. + + * A Package tag with any number of :xml:element:`Instance` + children, each of which lists the attributes of an instance + of the package that should be installed. In this case, the + Package tag should only have + :xml:attribute:`PackageType:name` and + :xml:attribute:`PackageType:type`. + + Note that many of the attributes listed below are specific to + one or a few package drivers. + + + + + An Instance element describes a single instance of a + package that may have several different versions, arches, + etc., installed at once. + + - - - - - - - - - - + + + + The architecture of the package to be installed. + + + + + + + The epoch of the package to be installed. + + + + + + + The version of the package to be installed. See + :xml:attribute:`PackageType:version` for details. + + + + + + + The release of the package to be installed. + + + + + + + Package file name. No name parsing is performed, so no + extra fields get set. This is only used for manual + maintenance of ``gpg-pubkey`` packages with the + :ref:`YUM, YUM24, or RPM <client-tools-yum>` + driver. + + + + + + + Whether or not to perform full package verification (file + integrity, etc.) on this package with the :ref:`YUM, YUM24, + or RPM <client-tools-yum>` driver. + + + + + + + Comma-separated list of flags to pass to the package + verification routines of the :ref:`YUM, YUM24, or RPM + <client-tools-yum>` driver. See ``man rpm`` for + details on the flags. + + + + + + + If this is set to any value other than "install", + package installation will be suppressed with the + :ref:`YUM24 and RPM <client-tools-yum>` drivers. + + + + + + + If this is set to any value other than "upgrade", a + package that has the incorrect version installed will + not be fixed with the :ref:`YUM24 and RPM + <client-tools-yum>` drivers. Note that + "upgrade" is misleading; if a package is installed + that is newer than the desired version, it will not be + downgraded if this attribute is set to anything other + than "upgrade". + + + + + + + If this is set to any value other than "reinstall", a + package that fails package verification will not be + reinstalled with the :ref:`YUM24 and RPM + <client-tools-yum>` drivers. + + + - - - - - - - - - - - - - - - + + + + Package name. + + + + + + + The architecture of the package to be installed. + + + + + + + The version of the package to be installed. This should + *only* be the version, i.e., not the release. Release should + be specified in :xml:attribute:`PackageType:release`, and it + is an error to append the release to this. + + This can also be one of two "special" values: + + * ``auto`` will select the newest version of the package + available. + * ``any`` will select any version of the package, and can be + used to ensure that a package is installed without + requiring any particular version. + + + + + + + The release of the package to be installed. + + + + + + + Package file name. Several other attributes (name, version) + can be automatically defined based on regular expressions + defined in the :ref:`server-plugins-generators-pkgmgr` + plugin, which is the only plugin with which this is useful. + + + + + + + Whether or not to perform package verification. This is not + supported by the :ref:`YUM <client-tools-yum>` driver. + + + + + + + Package file name. No name parsing is performed, so no extra + fields get set. This is only used for some edge cases with + :ref:`server-plugins-generators-pkgmgr`. + + + + + + + Comma-separated list of architectures of this package that + should be installed. This is only used by the + :ref:`server-plugins-generators-pkgmgr` plugin. + + + + + + + Filename creation rules for multiarch packages. This is only + used by the :ref:`server-plugins-generators-pkgmgr` plugin. + + + + + + + The package type, which determines which client driver will + handle installation of this package. + + + + + + + The name of the package for installing (as opposed to the + name when verifying) with the Blast and OpenCSW drivers. + + + + + + + Whether or not to perform basic package checks (version, + release, etc.) on this package with the :ref:`YUM, YUM24, or + RPM <client-tools-yum>` driver. + + + + + + + Whether or not to perform full package verification (file + integrity, etc.) on this package with the :ref:`YUM, YUM24, + or RPM <client-tools-yum>` driver. + + + + + + + Flags to pass to the package verification routines of the + :ref:`YUM, YUM24, or RPM <client-tools-yum>` driver. + + + diff --git a/schemas/rules.xsd b/schemas/rules.xsd index 241ffe5bf..ddfb7ad0d 100644 --- a/schemas/rules.xsd +++ b/schemas/rules.xsd @@ -1,6 +1,5 @@ - string enumeration definitions for bcfg2 @@ -50,10 +49,66 @@ - + + + + Fully bound description of an SELinux boolean entry. + + + + - Fully bound description of an SELinux entry. + Fully bound description of an SELinux port entry. + + + + + + + Fully bound description of an SELinux file context entry. + + + + + + + Fully bound description of an SELinux node entry. + + + + + + + Fully bound description of an SELinux login entry. + + + + + + + Fully bound description of an SELinux user entry. + + + + + + + Fully bound description of an SELinux interface entry. + + + + + + + Fully bound description of an SELinux permissive domain entry. + + + + + + + Fully bound description of an SELinux module entry. @@ -84,8 +139,8 @@ Elements within Group tags only apply to clients that are - members of that group (or vice-versa; see #element_negate - below) + members of that group (or vice-versa, if + :xml:attribute:`RContainerType:negate` is set) @@ -93,7 +148,8 @@ Elements within Client tags only apply to the named client - (or vice-versa; see #element_negate below) + (or vice-versa, if :xml:attribute:`RContainerType:negate` + is set) @@ -101,20 +157,60 @@ + + + An **RContainerType** is a Rules tag used to provide logic. + Child entries of an RContainerType tag only apply to machines + that match the condition specified -- either membership in a + group, or a matching client name. + :xml:attribute:`RContainerType:negate` can be set to negate + the sense of the match. + + - - + + + + The name of the client or group to match on. Child entries + will only apply to this client or group (unless + :xml:attribute:`RContainerType:negate` is set). + + + + + + + Negate the sense of the match, so that child entries only + apply to a client if it is not a member of the given group + or does not have the given name. + + + + + + The top-level tag for concrete descriptions of entries in + :ref:`server-plugins-generators-rules`. + + - + + + + Sets the priority for rules in this file for + :ref:`server-plugins-generators-rules`. The higher value + wins. + + + diff --git a/schemas/selinux.xsd b/schemas/selinux.xsd new file mode 100644 index 000000000..760953e34 --- /dev/null +++ b/schemas/selinux.xsd @@ -0,0 +1,302 @@ + + + + + SELinux element definitions for bcfg2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Concrete SELinux boolean entry + + + + + + Name of the boolean + + + + + + + Value of the boolean + + + + + + + + + + Concrete SELinux port entry + + + + + + Port number or range and protocol + + + + + + + SELinux type to apply to this port + + + + + + + + + + Port number or range and protocol for SEPort entries. + + + + + + ``<port>/<proto>`` or + ``<start>-<end>/<proto>`` + + + + + + + + + + Concrete SELinux file context ("fcontext") entry + + + + + + Regular expression file specification + + + + + + + SELinux type to apply to files matching this specification + + + + + + + File type to match + + + + + + + + + + Concrete SELinux node entry + + + + + + IP address and netmask of node + + + + + + + SELinux type to apply to this node + + + + + + + Protocol + + + + + + + + + + IP address and netmask for SENode entries. Netmask can be + numeric or dotted-quad. + + + + + + ``<addr>/<netmask>``. Netmask can be numeric + (``/16``) or dotted-quad (``/255.255.0.0``). + + + + + + + + + + + + + + + + + Concrete SELinux login entry + + + + + + Unix username + + + + + + + SELinux username + + + + + + + + + + Concrete SELinux user entry + + + + + + SELinux username + + + + + + + Space-separated list of rules + + + + + + + Home directory context prefix + + + + + + + + + + Concrete SELinux interface entry + + + + + + Interface name + + + + + + + SELinux type to apply to this interface + + + + + + + + + + Concrete SELinux permissive domain entry + + + + + + SELinux type to make permissive + + + + + + + + + + Concrete SELinux module entry + + + + + + SELinux module name or filename + + + + + + + Disable this module + + + + + + diff --git a/schemas/servicetype.xsd b/schemas/servicetype.xsd index 7de847c7f..4d5ac7c31 100644 --- a/schemas/servicetype.xsd +++ b/schemas/servicetype.xsd @@ -1,6 +1,5 @@ - services schema for bcfg2 @@ -16,35 +15,88 @@ - - - - - - - - - - - - - - - - - - - - - - - + + + Concrete description of a service entry. Note that, due to + the great proliferation of init systems, many of the + attributes listed only apply to one or a few client tools. + + + + + + The name of the service. + + + + + + + Whether the service should start at boot. If this is set to + "ignore", then the boot-time status of the service will not + be checked. + + + + + + + Whether or not to restart the service when the bundle is + modified. (New in 1.3; replaces "mode" attribute.) + + + + + + + Whether or not to install the service initially. (New in + 1.3; replaces "mode" attribute.) + + + + + + + Driver to use on the client to manage this service. + + + + + + + The resource identifier for SMF services. + + + + + + + Order for service startup. Only meaningful for DebInit + services. + + + + + + + Command to pass to the service management system when + restarting a service. + + + + + + + Parameters to pass to the service. Only meaningful for + Upstart services. + + + - diff --git a/schemas/sslca-cert.xsd b/schemas/sslca-cert.xsd index 07baf3390..a9c01fb29 100644 --- a/schemas/sslca-cert.xsd +++ b/schemas/sslca-cert.xsd @@ -1,43 +1,166 @@ - SSLCA cert.xml schema for bcfg2 - Chris St. Pierre + Schema for :ref:`server-plugins-generators-sslca` ``cert.xml`` - + + + + An **SSLCACertGroupType** is a tag used to provide logic. + Child entries of an SSLCACertGroupType tag only apply to + machines that match the condition specified -- either + membership in a group, or a matching client name. + :xml:attribute:`SSLCACertGroupType:negate` can be set to negate + the sense of the match. + + - - - + + + - - + + + + The name of the client or group to match on. Child entries + will only apply to this client or group (unless + :xml:attribute:`SSLCACertGroupType:negate` is set). + + + + + + + Negate the sense of the match, so that child entries only + apply to a client if it is not a member of the given group + or does not have the given name. + + + + + + + Available certificate formats + + + + + + + + + + + Explicitly specify subject alternative names for the generated + certificate. + + + + + - - - - - - - - - - - + + + + The full path to the key entry to use for this certificate. + This is the *client* path; e.g., for a key defined at + ``/var/lib/bcfg2/SSLCA/etc/pki/tls/private/foo.key/key.xml``, + **key** should be ``/etc/pki/tls/private/foo.key``. + + + + + + + The certificate format to produce. + + + + + + + The name of the CA (from :ref:`bcfg2.conf + <sslca-configuration>`) to use to generate this + certificate. + + + + + + + Time (in days) the certificate will be valid for. + + + + + + + Override the country set in the CA config + + + + + + + Override the location set in the CA config + + + + + + + Override the state set in the CA config + + + + + + + Override the organizational unit set in the CA config + + + + + + + Override the organization set in the CA config + + + + + + + Override the email address set in the CA config + + + + + + + Append the CA chain certificate to the generated certificate + (e.g., to produce a certificate in the format required by Nginx.) + + + + + + Top-level tag for describing an SSLCA generated certificate. + + - - - + + + diff --git a/schemas/sslca-key.xsd b/schemas/sslca-key.xsd index e807ea037..efd4abd58 100644 --- a/schemas/sslca-key.xsd +++ b/schemas/sslca-key.xsd @@ -1,32 +1,86 @@ - SSLCA key.xml schema for bcfg2 - Chris St. Pierre + Schema for :ref:`server-plugins-generators-sslca` ``key.xml`` - + + + + An **SSLCAKeyGroupType** is a tag used to provide logic. + Child entries of an SSLCAKeyGroupType tag only apply to + machines that match the condition specified -- either + membership in a group, or a matching client name. + :xml:attribute:`SSLCAKeyGroupType:negate` can be set to negate + the sense of the match. + + - - + + - - + + + + The name of the client or group to match on. Child entries + will only apply to this client or group (unless + :xml:attribute:`SSLCAKeyGroupType:negate` is set). + + + + + + + Negate the sense of the match, so that child entries only + apply to a client if it is not a member of the given group + or does not have the given name. + + + + + + + Available generated key types + + + + + + + + - - + + + + The key type + + + + + + + The key length + + + + + + Top-level tag for describing an SSLCA generated key. + + - - + + diff --git a/schemas/types.xsd b/schemas/types.xsd index a36693b2d..6262d9bb6 100644 --- a/schemas/types.xsd +++ b/schemas/types.xsd @@ -8,6 +8,7 @@ + @@ -91,12 +92,62 @@ - - - - - - + + + Action entries are external shell commands that are executed + either before bundle installation, after bundle installation + or both. + + + + + + + When the action is run. + + + + + + + If the action is always run, or is only run when a bundle + has been modified. Actions that run before bundle + installation ("pre" and "both") ignore the setting of + ``when`` and are always run regardless. + + + + + + + Whether or not to check the return code of the action. If + this is "check", then a non-zero return code will result in + the entry being flagged as bad. + + + + + + + Also execute the action in build mode. + + + + + + + The freeform name of the action. + + + + + + + The command to run. The command is executed within a shell, + so flow control and other shell-specific things can be used. + + + @@ -123,118 +174,287 @@ - - - - - + + + Define POSIX ACLs for a Path entry. + + + + + + + ACL type + + + + + + + ACL scope. This is omitted for + :xml:attribute:`ACLType:type` = ``default``. + + + + + + + Permissions for the ACL. This can either be a single octal + digit (e.g., ``6`` would indicate read and write, but not + execute), or a symbolic mode including 'r', 'w', and 'x'. + You can include '-' for operations that are not permitted, + but it's not required. I.e., all of the following are + identical:: + + perms="5" + perms="rx" + perms="r-x" + + + + + + + User the ACL applies to (with :xml:attribute:`ACLType:scope` + = ``user``). + + + + + + + Group the ACL applies to (with + :xml:attribute:`ACLType:scope` = ``group``). + + + - + + + + Manage filesystem paths -- files, directories, symlinks, etc. + + + - - - - - - - - - - - - - - - + + + + Type of path to manage. + + + + + + + Full path. + + + + + + + Type of device. + + + + + + + Major device number (``block`` and ``char`` devices only). + + + + + + + Minor device number (``block`` and ``char`` devices only). + + + + + + + Permissions mode in octal format. + + + + + + + Owner username or UID number + + + + + + + Group name or GID number + + + + + + + SELinux context for the path. This should be a full + context, not just the type. E.g., + ``system_u:object_r:etc_t:s0``, not just ``etc_t``. You can + also specify ``__default__``, which will restore the context + of the file to the default set by policy. See + :ref:`server-selinux` for more information. + + + + + + + Recursively remove files or set permissions, as appropriate. + + + + + + + Remove entries that are not in the Bcfg2 specification from + the directory. + + + + + + + File to link to + + + + + + + The file entry has no content. This must be set as a + safeguard against accidentally empty content. + + + + + + + The VCS backend to checkout contents from. + + + + + + + The revision to checkout. + + + + + + + The VCS URL to checkout. + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + - - - - - - - - - + + - - - - - - - - - - - - - - - - - - - - + + + The POSIXUser tag allows you to create users on client machines. + + - + + + + Specify additional supplementary groups for the POSIXUser + + + - - - - - - + + + + Username + + + + + + + User ID number. If this is not specified, each client is + allowed to set the UID. + + + + + + + Name of the user's primary group. If this is not set, the + user's primary group will be the same as the username. + + + + + + + Human-readable user name or comment. If this is not set, + the GECOS will be the same as the username. + + + + + + + User's home directory. Default is ``/root`` for the root + user, ``/home/<username>`` otherwise. + + + + + + + User's shell + + + + - - + + + The POSIXGroup tag allows you to create groups on client + machines. + + + + + + Username + + + + + + + Group ID number. If this is not specified, each client is + allowed to set the GID. + + + + diff --git a/schemas/xs3p.xsl b/schemas/xs3p.xsl deleted file mode 100644 index b127948be..000000000 --- a/schemas/xs3p.xsl +++ /dev/null @@ -1,8503 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - true - - - true - - - true - - - true - - - true - - - true - - - true - - - false - - - false - - - - - - - - - - - - - - - http://www.w3.org/2001/XMLSchema - - - http://www.w3.org/XML/1998/namespace - - - 1.5 - - - 0.5 - - - XML Schema Documentation - - - - type_ - - attribute_ - - attributeGroup_ - - - - element_ - - key_ - - group_ - - notation_ - - ns_ - - - - term_ - - - - - - - - - - - - true - -'linksFile' variable must be provided if either -'searchIncludedSchemas' or 'searchImportedSchemas' is true. - - - - - - - - - - - - - - - - - - - - <xsl:value-of select="$actualTitle"/> - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - -

Table of Contents

- - - - -

Schema Document Properties

- - - -

Declared Namespaces

- - - - - - - - - -

Redefined Schema Components

- - - - - - - - - -

Global Declarations

- - - - - - - -

Global Definitions

- - - - - - - - -

Global Schema Components

- - - - - - -
-

Legend

- - -
- - - - -
-

Glossary

- - -
- - - -

- Generated by - xs3p (old link) - . - - Last modified: - - document.write(document.lastModified); - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
PrefixNamespace
- Default namespace - - - - - - - - - - - -
- - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - -
  • - - - - - : - - -
    • -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -var pc = getElementObject("printerControls"); -if (pc != null) { - pc.style.display="block"; -} - - - - - - - -var gc = getElementObject("globalControls"); -if (gc != null) { - gc.style.display="block"; -} - - -
    -     -     - - - - - - - - - - - - - - - - - - - - - -

    - - - - - - - - - - - - - : - - - - -

    -     - - - - - -
    -     - - - - - /* IDs of XML Instance Representation boxes */ - - var xiBoxes = new Array( - - - , - - ' - - - - _xibox' - - ); - - - /* IDs of Schema Component Representation boxes */ - - var scBoxes = new Array('schema_scbox' - - , ' - - - - _scbox' - - ); - - - -/** - * Can get the ID of the button controlling - * a collapseable box by concatenating - * this string onto the ID of the box itself. - */ -var B_SFIX = "_button"; - -/** - * Counter of documentation windows - * Used to give each window a unique name - */ -var windowCount = 0; - -/** - * Returns an element in the current HTML document. - * - * @param elementID Identifier of HTML element - * @return HTML element object - */ -function getElementObject(elementID) { - var elemObj = null; - if (document.getElementById) { - elemObj = document.getElementById(elementID); - } - return elemObj; -} - -/** - * Closes a collapseable box. - * - * @param boxObj Collapseable box - * @param buttonObj Button controlling box - */ -function closeBox(boxObj, buttonObj) { - if (boxObj == null || buttonObj == null) { - // Box or button not found - } else { - // Change 'display' CSS property of box - boxObj.style.display="none"; - - // Change text of button - if (boxObj.style.display=="none") { - buttonObj.value=" + "; - } - } -} - -/** - * Opens a collapseable box. - * - * @param boxObj Collapseable box - * @param buttonObj Button controlling box - */ -function openBox(boxObj, buttonObj) { - if (boxObj == null || buttonObj == null) { - // Box or button not found - } else { - // Change 'display' CSS property of box - boxObj.style.display="block"; - - // Change text of button - if (boxObj.style.display=="block") { - buttonObj.value=" - "; - } - } -} - -/** - * Sets the state of a collapseable box. - * - * @param boxID Identifier of box - * @param open If true, box is "opened", - * Otherwise, box is "closed". - */ -function setState(boxID, open) { - var boxObj = getElementObject(boxID); - var buttonObj = getElementObject(boxID+B_SFIX); - if (boxObj == null || buttonObj == null) { - // Box or button not found - } else if (open) { - openBox(boxObj, buttonObj); - // Make button visible - buttonObj.style.display="inline"; - } else { - closeBox(boxObj, buttonObj); - // Make button visible - buttonObj.style.display="inline"; - } -} - -/** - * Switches the state of a collapseable box, e.g. - * if it's opened, it'll be closed, and vice versa. - * - * @param boxID Identifier of box - */ -function switchState(boxID) { - var boxObj = getElementObject(boxID); - var buttonObj = getElementObject(boxID+B_SFIX); - if (boxObj == null || buttonObj == null) { - // Box or button not found - } else if (boxObj.style.display=="none") { - // Box is closed, so open it - openBox(boxObj, buttonObj); - } else if (boxObj.style.display=="block") { - // Box is opened, so close it - closeBox(boxObj, buttonObj); - } -} - -/** - * Closes all boxes in a given list. - * - * @param boxList Array of box IDs - */ -function collapseAll(boxList) { - var idx; - for (idx = 0; idx < boxList.length; idx++) { - var boxObj = getElementObject(boxList[idx]); - var buttonObj = getElementObject(boxList[idx]+B_SFIX); - closeBox(boxObj, buttonObj); - } -} - -/** - * Open all boxes in a given list. - * - * @param boxList Array of box IDs - */ -function expandAll(boxList) { - var idx; - for (idx = 0; idx < boxList.length; idx++) { - var boxObj = getElementObject(boxList[idx]); - var buttonObj = getElementObject(boxList[idx]+B_SFIX); - openBox(boxObj, buttonObj); - } -} - -/** - * Makes all the control buttons of boxes appear. - * - * @param boxList Array of box IDs - */ -function viewControlButtons(boxList) { - var idx; - for (idx = 0; idx < boxList.length; idx++) { - buttonObj = getElementObject(boxList[idx]+B_SFIX); - if (buttonObj != null) { - buttonObj.style.display = "inline"; - } - } -} - -/** - * Makes all the control buttons of boxes disappear. - * - * @param boxList Array of box IDs - */ -function hideControlButtons(boxList) { - var idx; - for (idx = 0; idx < boxList.length; idx++) { - buttonObj = getElementObject(boxList[idx]+B_SFIX); - if (buttonObj != null) { - buttonObj.style.display = "none"; - } - } -} - -/** - * Sets the page for either printing mode - * or viewing mode. In printing mode, the page - * is made to be more readable when printing it out. - * In viewing mode, the page is more browsable. - * - * @param isPrinterVersion If true, display in - * printing mode; otherwise, - * in viewing mode - */ -function displayMode(isPrinterVersion) { - var obj; - if (isPrinterVersion) { - // Hide global control buttons - obj = getElementObject("globalControls"); - if (obj != null) { - obj.style.visibility = "hidden"; - } - // Hide Legend - obj = getElementObject("legend"); - if (obj != null) { - obj.style.display = "none"; - } - obj = getElementObject("legendTOC"); - if (obj != null) { - obj.style.display = "none"; - } - // Hide Glossary - obj = getElementObject("glossary"); - if (obj != null) { - obj.style.display = "none"; - } - obj = getElementObject("glossaryTOC"); - if (obj != null) { - obj.style.display = "none"; - } - - // Expand all XML Instance Representation tables - expandAll(xiBoxes); - // Expand all Schema Component Representation tables - expandAll(scBoxes); - - // Hide Control buttons - hideControlButtons(xiBoxes); - hideControlButtons(scBoxes); - } else { - // View global control buttons - obj = getElementObject("globalControls"); - if (obj != null) { - obj.style.visibility = "visible"; - } - // View Legend - obj = getElementObject("legend"); - if (obj != null) { - obj.style.display = "block"; - } - obj = getElementObject("legendTOC"); - if (obj != null) { - obj.style.display = "block"; - } - // View Glossary - obj = getElementObject("glossary"); - if (obj != null) { - obj.style.display = "block"; - } - obj = getElementObject("glossaryTOC"); - if (obj != null) { - obj.style.display = "block"; - } - - // Expand all XML Instance Representation tables - expandAll(xiBoxes); - // Collapse all Schema Component Representation tables - collapseAll(scBoxes); - - // View Control buttons - viewControlButtons(xiBoxes); - viewControlButtons(scBoxes); - } -} - -/** - * Opens up a window displaying the documentation - * of a schema component in the XML Instance - * Representation table. - * - * @param compDesc Description of schema component - * @param compName Name of schema component - * @param docTextArray Array containing the paragraphs - * of the new document - */ -function viewDocumentation(compDesc, compName, docTextArray) { - var width = 400; - var height = 200; - var locX = 100; - var locY = 200; - - /* Generate content */ - var actualText = "<html>"; - actualText += "<head><title>"; - actualText += compDesc; - if (compName != '') { - actualText += ": " + compName; - } - actualText += "</title></head>"; - actualText += "<body bgcolor=\"#FFFFEE\">"; - // Title - actualText += "<p style=\"font-family: Arial, sans-serif; font-size: 12pt; font-weight: bold; letter-spacing:1px;\">"; - actualText += compDesc; - if (compName != '') { - actualText += ": <span style=\"color:#006699\">" + compName + "</span>"; - } - actualText += "</p>"; - // Documentation - var idx; - for (idx = 0; idx < docTextArray.length; idx++) { - actualText += "<p style=\"font-family: Arial, sans-serif; font-size: 10pt;\">" + docTextArray[idx] + "</p>"; - } - // Link to close window - actualText += "<a href=\"javascript:void(0)\" onclick=\"window.close();\" style=\"font-family: Arial, sans-serif; font-size: 8pt;\">Close</a>"; - actualText += "</body></html>"; - - /* Display window */ - windowCount++; - var docWindow = window.open("", "documentation"+windowCount, "toolbar=no,location=no,status=no,menubar=no,scrollbars=yes,resizable,alwaysRaised,dependent,titlebar=no,width="+width+",height="+height+",screenX="+locX+",left="+locX+",screenY="+locY+",top="+locY); - docWindow.document.write(actualText); -} - - - - - - -/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */ -/* More-configurable styles */ - -/******** General ********/ - -/* Document body */ -body { - color: Black; - background-color: White; - font-family: Arial, sans-serif; - font-size: 10pt; -} -/* Horizontal rules */ -hr { - color: black; -} -/* Document title */ -h1 { - font-size: 18pt; - letter-spacing: 2px; - border-bottom: 1px #ccc solid; - padding-top: 5px; - padding-bottom: 5px; -} -/* Main section headers */ -h2 { - font-size: 14pt; - letter-spacing: 1px; -} -/* Sub-section headers */ -h3, h3 a, h3 span { - font-size: 12pt; - font-weight: bold; - color: black; -} -/* Table displaying the properties of the schema components or the - schema document itself */ -table.properties th, table.properties th a { - color: black; - background-color: #F99; /* Pink */ -} -table.properties td { - background-color: #eee; /* Gray */ -} - - -/******** Table of Contents Section ********/ - -/* Controls for switching between printing and viewing modes */ -div#printerControls { - color: #963; /* Orange-brown */ -} -/* Controls that can collapse or expand all XML Instance - Representation and Schema Component Representation boxes */ -div#globalControls { - border: 2px solid #999; -} - - -/******** Schema Document Properties Section ********/ - -/* Table displaying the namespaces declared in the schema */ -table.namespaces th { - background-color: #ccc; -} -table.namespaces td { - background-color: #eee; -} -/* Target namespace of the schema */ -span.targetNS { - color: #06C; - font-weight: bold; -} - - -/******** Schema Components' Sections ********/ - -/* Name of schema component */ -.name { - color: #F93; /* Orange */ -} - -/* Hierarchy table */ -table.hierarchy { - border: 2px solid #999; /* Gray */ -} - -/* XML Instance Representation table */ -div.sample div.contents { - border: 2px dashed black; -} - -/* Schema Component Representation table */ -div.schemaComponent div.contents { - border: 2px black solid; -} - - -/******** Glossary Section ********/ - -/* Glossary Terms */ -.glossaryTerm { - color: #036; /* Blue */ -} - - -/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */ -/* Printer-version styles */ - -@media print { - -/* Ensures that controls are hidden when printing */ -div#printerControls { - visibility: hidden; -} -div#globalControls { - visibility: hidden; -} -#legend { - display: none; -} -#legendTOC { - display: none; -} -#glossary { - display: none; -} -#glossaryTOC { - display: none; -} - -} - -/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */ -/* Base styles */ - -/******** General ********/ - -/* Unordered lists */ -ul { - margin-left: 1.5em; - margin-bottom: 0em; -} -/* Tables */ -table { - margin-top: 10px; - margin-bottom: 10px; - margin-left: 2px; - margin-right: 2px; -} -table th, table td { - font-size: 10pt; - vertical-align: top; - padding-top: 3px; - padding-bottom: 3px; - padding-left: 10px; - padding-right: 10px; -} -table th { - font-weight: bold; - text-align: left; -} -/* Table displaying the properties of the schema components or the - schema document itself */ -table.properties { - width: 90%; -} -table.properties th { - width: 30%; -} -/* Boxes that can make its content appear and disappear*/ -div.box { - margin: 1em; -} - /* Box caption */ -div.box span.caption { - font-weight: bold; -} - /* Button to open and close the box */ -div.box input.control { - width: 1.4em; - height: 1.4em; - text-align: center; - vertical-align: middle; - font-size: 11pt; -} - /* Box contents */ -div.box div.contents { - margin-top: 3px; -} - - -/******** Table of Contents Section ********/ - -/* Controls for switching between printing and viewing modes */ -div#printerControls { - white-space: nowrap; - font-weight: bold; - padding: 5px; - margin: 5px; -} -/* Controls that can collapse or expand all XML Instance - Representation and Schema Component Representation boxes */ -div#globalControls { - padding: 10px; - margin: 5px; -} - - -/******** Schema Document Properties Section ********/ - -/* Table displaying the namespaces declared in the schema */ -table.namespaces th { -} -table.namespaces td { -} -/* Target namespace of the schema */ -span.targetNS { -} - - -/******** Schema Components' Sections ********/ - -/* Name of schema component */ -.name { -} - -/* Hierarchy table */ -table.hierarchy { - width: 90%; -} -table.hierarchy th { - font-weight: normal; - font-style: italic; - width: 20%; -} -table.hierarchy th, table.hierarchy td { - padding: 5px; -} - -/* XML Instance Representation table */ -div.sample { - width: 90%; -} -div.sample div.contents { - padding: 5px; - font-family: Courier New, sans-serif; - font-size: 10pt; -} - /* Normal elements and attributes */ -div.sample div.contents, div.sample div.contents a { - color: black; -} - /* Group Headers */ -div.sample div.contents .group, div.sample div.contents .group a { - color: #999; /* Light gray */ -} - /* Type Information */ -div.sample div.contents .type, div.sample div.contents .type a { - color: #999; /* Light gray */ -} - /* Occurrence Information */ -div.sample div.contents .occurs, div.sample div.contents .occurs a { - color: #999; /* Light gray */ -} - /* Fixed values */ -div.sample div.contents .fixed { - color: #063; /* Green */ - font-weight: bold; -} - /* Simple type constraints */ -div.sample div.contents .constraint, div.sample div.contents .constraint a { - color: #999; /* Light gray */ -} - /* Elements and attributes inherited from base type */ -div.sample div.contents .inherited, div.sample div.contents .inherited a { - color: #666; /* Dark gray */ -} - /* Elements and attributes added to or changed from base type */ -div.sample div.contents .newFields { - font-weight: bold; -} - /* Other type of information */ -div.sample div.contents .other, div.sample div.contents .other a { - color: #369; /* Blue */ - font-style: italic; -} - /* Link to open up window displaying documentation */ -div.sample div.contents a.documentation { - text-decoration: none; - padding-left: 3px; - padding-right: 3px; - padding-top: 0px; - padding-bottom: 0px; - font-weight: bold; - font-size: 11pt; - background-color: #FFD; - color: #069; -} - /* Invert colors when hovering over link to open up window - displaying documentation */ -div.sample div.contents a.documentation:hover { - color: #FFD; - background-color: #069; -} - -/* Schema Component Representation table */ -div.schemaComponent { - width: 90%; -} -div.schemaComponent div.contents { - font-family: Courier New, sans-serif; - font-size: 10pt; - padding: 5px; -} - /* Syntax characters */ -div.schemaComponent div.contents { - color: #00f; /* blue */ -} - /* Element and attribute tags */ -div.schemaComponent div.contents .scTag { - color: #933; /* maroon */ -} - /* Element and attribute content */ -div.schemaComponent div.contents .scContent, div.schemaComponent div.contents .scContent a { - color: black; - font-weight: bold; -} - /* Comments */ -div.schemaComponent div.contents .comment { - color: #999; /* Light gray */ -} - -/******** Legend Section ********/ - -div#legend table, div#legend div { - margin-bottom: 3px; -} -div#legend div.hint { - color: #999; /* Light gray */ - width: 90%; - margin-left: 1em; - margin-bottom: 2em; -} - - -/******** Glossary Section ********/ - -/* Glossary Terms */ -.glossaryTerm { - font-weight: bold; -} - - -/******** Footer ********/ - -.footer { - font-size: 8pt; -} - - - - - - -
    -

    Complex Type:

    -
    Schema Component Type
    -
    -
    -

    AusAddress

    -
    Schema Component Name
    -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Super-types: - Address - < - AusAddress - (by extension) - Parent type: - Address - (derivation method: extension) -
    Sub-types: -
      -
    • - QLDAddress - (by restriction) -
      • -
    -     		Direct sub-types: -
      -
    • - QLDAddress - (by restriction) -
      • -
    -
    -
    If this schema component is a type definition, its type hierarchy is shown in a gray-bordered box.
    - - - - - - - - - - - -
    NameAusAddress
    - Abstract - no
    -
    The table above displays the properties of this schema component.
    - - -
    -
    - XML Instance Representation -
    -
    - <... - - country="Australia" - - >
    - <unitNo> string </unitNo> [0..1]
    - <houseNo> string </houseNo> [1]
    - <street> string </street> [1]
    - Start Choice [1]
    - <city> string </city> [1]
    - <town> string </town> [1]
    - End Choice
    - - <state> AusStates </state> [1]
    - <postcode> string <<pattern = [1-9][0-9]{3}>> </postcode> [1] - - ? - -
    -     - </...>
    -
    -
    -
    -

    The XML Instance Representation table above shows the schema component's content as an XML instance.

    -
      -
    • The minimum and maximum occurrence of elements and attributes are provided in square brackets, e.g. [0..1].
      • -
    • Model group information are shown in gray, e.g. Start Choice ... End Choice.
      • -
    • For type derivations, the elements and attributes that have been added to or changed from the base type's content are shown in bold.
      • -
    • If an element/attribute has a fixed value, the fixed value is shown in green, e.g. country="Australia".
      • -
    • Otherwise, the type of the element/attribute is displayed. -
        -
      • If the element/attribute's type is in the schema, a link is provided to it.
        • - -
      • For local simple type definitions, the constraints are displayed in angle brackets, e.g. <<pattern = [1-9][0-9]{3}>>.
        • -
      -
      • - -
    • If a local element/attribute has documentation, it will be displayed in a window that pops up when the question mark inside the attribute or next to the element is clicked, e.g. <postcode>.
      • -       -
    -
    - - -
    -
    - Schema Component Representation -
    -
    - <complexType name="AusAddress">
    - <complexContent>
    - <extension base="Address">
    - <sequence>
    - <element name="state" type="AusStates"/>
    - <element name="postcode">
    - <simpleType>
    - <restriction base="string">
    - <pattern value="[1-9][0-9]{3}"/>
    - </restriction>
    - </simpleType>
    - </element>
    - </sequence>
    - <attribute name="country" type="string" fixed="Australia"/>
    - </extension>
    - </complexContent>
    - </complexType>
    -
    -
    -
    The Schema Component Representation table above displays the underlying XML representation of the schema component. (Annotations are not shown.)
    -     - - - - - Abstract - Abstract - - (Applies to complex type definitions and element declarations). - An abstract element or complex type cannot used to validate an element instance. - If there is a reference to an abstract element, only element declarations that can substitute the abstract element can be used to validate the instance. - For references to abstract type definitions, only derived types can be used. - - - - - All - All Model Group - - Child elements can be provided - - in any order - - in instances. - - http://www.w3.org/TR/xmlschema-1/#element-all - - - - Choice - Choice Model Group - - - Only one - - from the list of child elements and model groups can be provided in instances. - - http://www.w3.org/TR/xmlschema-1/#element-choice - - - - CollapseWS - Collapse Whitespace Policy - Replace tab, line feed, and carriage return characters with space character (Unicode character 32). Then, collapse contiguous sequences of space characters into single space character, and remove leading and trailing space characters. - - - - ElemBlock - Disallowed Substitutions - - (Applies to element declarations). - If - substitution - is specified, then - - SubGroup - substitution group - - members cannot be used in place of the given element declaration to validate element instances. - - If - derivation methods - , e.g. extension, restriction, are specified, then the given element declaration will not validate element instances that have types derived from the element declaration's type using the specified derivation methods. - Normally, element instances can override their declaration's type by specifying an - xsi:type - attribute. - - - - - Key - Key Constraint - - Like - - Unique - Uniqueness Constraint - - , but additionally requires that the specified value(s) must be provided. - - http://www.w3.org/TR/xmlschema-1/#cIdentity-constraint_Definitions - - - - KeyRef - Key Reference Constraint - - Ensures that the specified value(s) must match value(s) from a - - Key - Key Constraint - - or - - Unique - Uniqueness Constraint - - . - - http://www.w3.org/TR/xmlschema-1/#cIdentity-constraint_Definitions - - - - ModelGroup - Model Group - - Groups together element content, specifying the order in which the element content can occur and the number of times the group of element content may be repeated. - - http://www.w3.org/TR/xmlschema-1/#Model_Groups - - - - Nillable - Nillable - - (Applies to element declarations). - If an element declaration is nillable, instances can use the - xsi:nil - attribute. - The - xsi:nil - attribute is the boolean attribute, - nil - , from the - http://www.w3.org/2001/XMLSchema-instance - namespace. - If an element instance has an - xsi:nil - attribute set to true, it can be left empty, even though its element declaration may have required content. - - - - - Notation - Notation - A notation is used to identify the format of a piece of data. Values of elements and attributes that are of type, NOTATION, must come from the names of declared notations. - http://www.w3.org/TR/xmlschema-1/#cNotation_Declarations - - - - PreserveWS - Preserve Whitespace Policy - Preserve whitespaces exactly as they appear in instances. - - - - TypeFinal - Prohibited Derivations - - (Applies to type definitions). - Derivation methods that cannot be used to create sub-types from a given type definition. - - - - - TypeBlock - Prohibited Substitutions - - (Applies to complex type definitions). - Prevents sub-types that have been derived using the specified derivation methods from validating element instances in place of the given type definition. - - - - - ReplaceWS - Replace Whitespace Policy - Replace tab, line feed, and carriage return characters with space character (Unicode character 32). - - - - Sequence - Sequence Model Group - - Child elements and model groups must be provided - - in the specified order - - in instances. - - http://www.w3.org/TR/xmlschema-1/#element-sequence - - - - SubGroup - Substitution Group - - Elements that are - - members - - of a substitution group can be used wherever the - - head - - element of the substitution group is referenced. - - - - - ElemFinal - Substitution Group Exclusions - - (Applies to element declarations). - Prohibits element declarations from nominating themselves as being able to substitute a given element declaration, if they have types that are derived from the original element's type using the specified derivation methods. - - - - - TargetNS - Target Namespace - The target namespace identifies the namespace that components in this schema belongs to. If no target namespace is provided, then the schema components do not belong to any namespace. - - - - Unique - Uniqueness Constraint - Ensures uniqueness of an element/attribute value, or a combination of values, within a specified scope. - http://www.w3.org/TR/xmlschema-1/#cIdentity-constraint_Definitions - - - - - - - - - - -

    - - - - - - - See: - - - - . - -

    -     - - - - - - - - -
      - - - -
    -     - - - true - - - - - - - - -
    -
      - - -
    • - This element can be used wherever the following element is referenced: -
        -
      • - - - -
        • -
      -
      • -       - - -
    • - The following elements can be used wherever this element is referenced: - -
      • -       -
    -
    -     -     - - - - - - - - - - - - - - -
    - - - Super-types: - - - Parent type: - - - - - - - - - - - None - - -
    - - - Sub-types: - - - Direct sub-types: - - - - - - -
    -     - - - - - - - - - - - - - - -
    - - - Super-types: - - - Parent type: - - - - - - - - - - - None - - -
    - - - Sub-types: - - - Direct sub-types: - - - - - - -
    -     - - - - - - - - - - - - - -
  • - - false - - Circular element reference to: - - - -
    • -     - - - - - - - - - - - - - - - - - - -
  • - - - -
    • - - - - - - - -     -     -     -     - - - - - true - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Local type definition - - - - - - - - - - - - - - extension - - - restriction - - - - - - restriction - - - - - - - - - - - - < - - - - - - - - - - - - - - - - - false - - - - - - - - - - - - < - - - - - - - - - - - - - - - - - - - (by - - ) - - - - - - - - - - - - - - - - - - - - - (derivation method: - - ) - - - - - - - - - - - true - - - - - - - - - - - -
      - -
    • - - - - - - - (by - - ) - - - - - false - - - -
      • -       -
    -     - - - - - - - None - - -     -     -     - - - - - true - - - - - - - - - - - -
      - -
    • - - - - - - - (by restriction) - - - - - false - - - -
      • -       -
    -     - - -
      - -
    • - - - - - - - (by - - ) - - - - - false - - - -
      • -       -
    -     - - - - true - - - - - true - - - - - - - - - - - - - - None - - -     -     -     - - - - - - - - - - - - - - - - - - -
    - More information at: - - - - . -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Name
    Type - - - Locally-defined simple type - - - - - - - - anySimpleType - - -
    Default Value
    Fixed Value
    -     - - - - - - - - - - - - - -
    Name
    -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Name
    - - Abstract - Abstract - - - - - -
    - - TypeFinal - Prohibited Derivations - -
    - - TypeBlock - Prohibited Substitutions - -
    -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Name
    Type - - - Locally-defined simple type - - - Locally-defined complex type - - - - - - - - anyType - - -
    - - Nillable - Nillable - - - - - -
    - - Abstract - Abstract - - - - - -
    Default Value
    Fixed Value
    - - ElemFinal - Substitution Group Exclusions - -
    - - ElemBlock - Disallowed Substitutions - -
    -     - - - - - - - - - - - - - - - - - - - - - - - - - -
    Name
    Public Identifier
    System Identifier
    -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - TargetNS - Target Namespace - - - - - - - - - - None - - -
    Version
    Language
    Element and Attribute Namespaces -
      -
    • Global element and attribute declarations belong to this schema's target namespace.
      • -
    • - - - By default, local element declarations belong to this schema's target namespace. - - - By default, local element declarations have no namespace. - - -
      • -
    • - - - By default, local attribute declarations belong to this schema's target namespace. - - - By default, local attribute declarations have no namespace. - - -
      • -
    -
    Schema Composition -
      - - -
    • - This schema imports schema(s) from the following namespace(s): -
        - -
      • - - - (at - - - - ) - -
        • -         -
      -
      • -       - - -
    • - This schema includes components from the following schema document(s): -
        - -
      • - - - -
        • -         -
      -
      • -       - - -
    • - This schema includes components from the following schema document(s), where some of the components have been redefined: -
        - -
      • - - - -
        • -         -
      - See Redefined Schema Components section. -
      • -       -
    -
    -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Name
    Content - - - -
    - - TypeFinal - Prohibited Derivations - -
    -     - - - - - - - - - - - Documentation - - -

    - -     - - -     - - - Application Data - - -

    - -     - - -     -     - - - - - - - - - - - - - - - - -
    • - List of: - - - - - - - - - -
        -
      • - Locally defined type: - - - - -
        • -
      -       -       -
    -     - - -
    • - Union of following types: -
        - - - - - type - true - - - - -
      • - Locally defined type: - - - - -
        • -         -
      -
    -     -     -     - - - - - - - - - - - - -
  • - - false - - Circular type reference to ' - - ' in type hierarchy. - - -
    • -     - - - - - - - - - - - - - - - - - - - - - - - - -
    • - Base XSD Type: - - - - - - - - - - - - -
    -     - - - - - - - - - - - - - -
    • - ' - - ' super type was not found in this schema. - Its facets could not be printed out. -
    -     -     -     -     -     -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      - -
    • - -
      • -       - -
    • - -
      • -       - -
    • - -
      • -       - -
    • - -
      • -       - -
    • - -
      • -       - -
    • - -
      • -       - -
    • - -
      • -       -
    -     -     - - - - - - - - - - - - - - - - - - - sample - XML Instance Representation - - - - true - - - - - - - 0 - false - false - this - - - - - - Start - - All - All - - - - - - - - - - -
    - - - - - - - - - - - - - End All -
    -     -     - - - - 0 - -
    - - - - attribute - element - - - - - - - -
    -     - - - - - false - false - 0 - false - this - - - - - - - - - - - - - - - - -
    - - - - - newFields - - - inherited - - - - - - - - - - - - - - - =" - - - - - - - - - - - - - - - - - - - - - - - anySimpleType - - - - - - - - - - - - - - - - - " - -     -     -     - - - - - false - false - 0 - false - this - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - - newFields - - - inherited - - - - - - - - - =" - - - - - - - - - - - - - - - - - " - -     -     -     - - - - this - - - - - - true - - - false - - - - - - - - - - - - - - - false - false - 0 - - this - - - - - - - - - - - - - false - - Circular attribute group reference: - - - - - - - - - - attribute group - - - - - - -
    - Attribute group reference (not shown): - - - - - - - - -
    -     - - - - - - - - - - true - - - - - - - - - - - - - true - - - -     -     -     -     - - - - 0 - false - false - - this - - - - - - Start - - Choice - Choice - - - - - - - - - - -
    - - - - - - - - - - - - - - End Choice -
    -     -     - - - - this - - - - - - - - - - 0 - false - false - this - - - - - - - - - - - - - - - - - - - - - - - complex type - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 0 - false - false - this - - - - - - - - - - - - - - - this - - - - - - - - - - - - 0 - false - false - - this - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - Circular model group reference: - - - - - - - - -
    -     - - - - - - group - - - - - - -
    - Model group reference (not shown): - - - - - - - - -
    -     - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -     -     -     -     - - - - 0 - false - false - - this - - - - - - - - - - - - - - - Start - - Sequence - Sequence - - - - - - - - -
    -     - - - - - - - - - - - - - - - - - - - - - - - - End Sequence -
    -     -     -     - - - - this - - - - - - - - - - - - this - - - - - - - - - - - - 0 - this - -
    - <!--
    - - - - - Unique - Uniqueness - - - - - Key - Key - - - - - KeyRef - Key Reference - - - - Constraint - - - - - - - - - - - - - - - -
    - - Selector - - - -
    - - Field(s) - - - - , - - - - - -
    - - - Refers to - - - - - -
    -     - - --> -
    -     - - - - - - - - - - - - - - - true - -A local schema component contains two dashes in -'documentation' elements within its 'annotation' element. - - - - - - , - - ' - - - More information at: - - - - . - - - - - - - - ' - - - - - - - - docArray = new Array( - - ); viewDocumentation(' - - - - ', ' - - - - - - - - - - - ', docArray); - - ? - - - - - - - - - - - - ' - \' - - - - - - " - \" - - - - - - - - 0 - false - false - - - - - - this - - - - - - - Start Group: - - - - - - - - -
    -     - - - - - - - - - - - - - - - - - - - - - - - - - End Group: - -
    -     -     - - - - - 0 - false - false - this - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - newFields - - - inherited - - - - - < - - > - - - - - - - - - - - - - - - - - - - - - - - - - ... - - - - - - - - - - - - - - </ - - > - - - - - - - - - - - - -
    -     - - - - - - 0 - false - false - this - - - - - - - - - - - - - - - - - - - - - - - ... - - - - - - - - true - - - false - - - - -
    - - - newFields - - - inherited - - - - - < - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - true - - - true - - - false - - - - - - - - true - - - - - - - - - /> - - - - - - - - - - - - - - - - - > - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - <!-- Restricts : - - - - - --> - -     - - -
    - <!-- Extends : - - - - - --> - -     -     - - - -
    - <!-- Mixed content --> - -     - - - - - - </ - - > -     -     -
    -     -     -     - - - - - - false - false - false - 0 - this - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - false - false - false - 0 - this - - - - - - - - - - - - - - - - - - - complex type - - - - - - - - - - - - - true - - - false - - - - - - - - - - - - - - - - - - - - - - - - true - - - false - - - - - - - - - - - - - - - - - - - - - true - - - false - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - false - false - 0 - this - - - - - - - true - - - - - - - - 0 - false - false - false - true - this - - -
    - - - - - - - - - - - - - - - - - - - complex type - - - - - - -
    - <!-- ' - - - - - ' super type was not found in this schema. Some elements and attributes may be missing. --> -
    -     - - - - -     - - - - - - - - - - - true - - - false - - - - - - - -     - - - - - - - - - - - - -
    - <-- Extends: - - - - - (Circular type hierarchy) --> -
    -     - - - - - - complex type - - - - - - - - - - - - - - true - - - false - - - - - - false - - - - - - -
    - <!-- ' - - - - - ' super type was not found in this schema. Some elements and attributes may be missing. --> -
    -     - - - - - - - - - - true - - - false - - - - - - false - - - - -     - - - - - - - - - - - true - - - false - - - - - - - -     -     -     - - - - - - - - - -
    -     - - - - - - - - - - -
    -     - - - - - - - - - - - - -     -     - - - - - 0 - false - false - this - - - - - - - - - - - - - - - - - this - - - - - - - - - - - - - - - - list of: - - - - - - - list of: [ - - - - - ] - - - - - - union of: [ - - - - true - - - - - - type - , - - - - - - , - - [ - - - - - ] - - - ] - - - - - - - - this - - - - - - - - - - false - - Circular type reference to ' - - ' in type hierarchy. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ( - - - - ) - - - ( - - ) - - - ( - - ) - - - ( - - - - ) - - - ( - - - - ) - - - ( - - ) - - - ( - - - - ) - - - - - - - - - - - - - - - - - - schemaComponent - Schema Component Representation - - - - false - - - - - - 0 - - - - - - - - name - - - - - - type - - - - - - - - - - - *name+*type+ - - - *annotation+ - - - - - - 0 - - - - - - - - name - - - - - - *name+ - - - *annotation+ - - - - - - 0 - - - - - - - - ref - - - - - - - - - - *ref+ - - - *annotation+ - - - - - - 0 - - - - - - - - ref - - - - - - - - - - *ref+ - - - *annotation+ - - - - - - 0 - - - - - - - - ref - - - - - - - - - - *ref+ - - - *annotation+ - - - - - - 0 - - - - - - - - ref - - - - - - - - - - *ref+ - - - *annotation+ - - - - - - 0 - - - - - - - - - source - - - - - - - - - - - *source+ - - - true - - - - - - 0 - - - - - - - - name - - - - - refer - - - - - - - - - - - - *name+*refer+ - - - *annotation+ - - - - - - 0 - - - - - - - - - base - - - - - - - - - - - *base+ - - - *annotation+ - - - - - - 0 - - - - - - - - - itemType - - - - - - - - - - - *itemType+ - - - *annotation+ - - - - - - 0 - - - - - - - - - memberTypes - - - - type - - - - - - - - *memberTypes+ - - - *annotation+ - - - - - - 0 - - - - - - - - - xml:lang - - - - - - - *lang+ - - - *include+*import+*redefine+ - - - - - - 0 - - - - - - - - - - *annotation+ - - - - - - 0 - -
    - <-- - - --> -
    -     - - - - - - 0 - false - - - - - - - - - true - - - - -
    - - < - - - - - - - - - - - - - -
    ...
    -     - - - - - - - - -
    - -
    -     - - - - - - -     -     - - - - - - > - - - - - - </ - - - - > - - - - - /> - - -
    -     - - - - - - - - - - - =" - - - - - - " - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - html - - - - - - - - - - - - - - xpp - - - - - - - - - - - -
    - <-- - - --> -
    -     - - - - - xpp - - - < - - - - - - - - - - - - - =" - - " - - - - - - > - - - - - - -
    - -
    -     -     - - </ - - - - - - - - - > -     - - - /> - -     -     - - - - - - - - - - - - - - - - - - [term] - - - - - - - - - - - - - - this - - - - - - - - - - - - - - - - - - - Unknown namespace prefix, - - . - - - - - - - - - - - - - - this - - - - - - attribute - - - - - - - attribute - - - - - - - - - - - this - - - - - - attribute group - - - - - - - attribute group - - - - - - - - - - - this - - - - - - element - - - - - - - element - - - - - - - - - - - this - - - - - - group - - - - - - - group - - - - - - - - - - - this - - - - - - uniqueness/key constraint - - - - - - - uniqueness/key constraint - - - - - - - - - - - this - - - - - - - type - - - - - - - - - type - - - - - - - - - - - - - this - - - - - - - declaration - - - definition - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - "" - - - - - - - Jump to " - - " - - - - - - (located in external schema documentation) - - - - . - - - - - - - - javascript:void(0) - - - - - - - - - - - - - - - externalLink - - - - - - alert(' - - '); - - - - - - - - - - - - this - - - - - - declaration - - - definition - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - could not be found - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - xsd - - - - xml - - - - - - - - this - - - - - - - - - - - 1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1 - - - - - - - - - - - - - - - 1 - - - - - - - - - - - - - - - - - - false - - - - true - - - - true - - - - true - - - - true - - - - true - - - - true - - - - true - - - - false - - - - - - - - - - 1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - false - - - -
    -
    - - - - - - - - - - - - - - - - - - - -
    - - -
    - -
    - - - setState('', ); - - -
    -     - - - - - - - - - - - - - - - - - - - - - - - - - - - All Model Group - - - Attribute - - - Attribute Group - - - Choice Model Group - - - Complex Type - - - Element - - - Model Group - - - Notation - - - Sequence Model Group - - - Simple Type - - - - true - -Unknown schema component, . - - - - - - - - - - - - - schema - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - true - -Unknown schema component, . - - - - - - - - - - - - - Notation - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - true - -Documentation file for the schema at, , -was not specified in the links file, . - - - - - - - - - - - - - - yes - - - no - - - - - - - - false - this - - - - - - - - - - - - - - : - - - - - - - - - - - - - - - - 1 - - - 0 - - - - - - - - - - - - - 1 - - - - - - - - - - - - 0 - - - 1 - - - - - - - * - - - - - - - - - 1 - - - - - - - - - - [1] - - - [ - - .. - - ] - - - - - - - - - - - - restriction, extension, substitution - - - - - - - - - - - - - - restriction, extension - - - - - - - - - - - - - - restriction, list, union - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - false - - true - this - - - - - - - - - - - - - - - - - - - - - - - false - - - - - - - - - - - - - - - - - - - - - - - - - - false - - true - this - - - - - - - - - - - - - - - - - - -
  • - -
    • -     - - - - - - - - - - - - - - -     -     - - - - element - - - - - - Allow any - - s from - - - - - any namespace - - - - a namespace other than this schema's namespace - - - - - - - true - - - - - - true - - - - - - - - - - - - - - - - - - - - - - - - - - - - true - - - - - no namespace - - - - - - and - - - , - - - this schema's namespace - - - - - - , and - - - and - - - the following namespace(s): - - - , - - - - - - ( - - - - - - strict - - - validation) - . - - - - - - - - - - - - - - - - - pattern - = - - - - - - - - - - total no. of digits - = - - - - - - - - - - - no. of fraction digits - - = - - - - - - - - - - value - comes from list: { - - - - | - - ' - - ' - - - } - - - - - - - - - - - length - - = - - - - - length - - >= - - - - - length - - <= - - - - - - - - - - - - - - Whitespace policy: - - PreserveWS - preserve - - - - Whitespace policy: - - ReplaceWS - replace - - - - Whitespace policy: - - CollapseWS - collapse - - - - - - - - - - - - - - - <= - - - - < - - - - value - - - - <= - - - - < - - - - - - - value - - >= - - - - - value - - > - - - - - value - - <= - - - - - value - - < - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - false - - - - - XS3P ERROR: - - - - - - ERROR: - - - - - -     \ No newline at end of file diff --git a/setup.py b/setup.py index e486afb5f..3fb42e585 100755 --- a/setup.py +++ b/setup.py @@ -1,11 +1,7 @@ #!/usr/bin/env python from setuptools import setup -from setuptools import Command -from fnmatch import fnmatch from glob import glob -import os -import os.path import sys vfile = 'src/lib/Bcfg2/version.py' @@ -22,114 +18,11 @@ version = sys.version_info[:2] if version < (2, 6): need_m2crypto = True - -class BuildDTDDoc (Command): - """Build DTD documentation""" - - description = "Build DTD documentation" - - # List of option tuples: long name, short name (None if no short - # name), and help string. - user_options = [ - ('links-file=', 'l', 'Links file'), - ('source-dir=', 's', 'Source directory'), - ('build-dir=', None, 'Build directory'), - ('xslt=', None, 'XSLT file'), - ] - - def initialize_options(self): - """Set default values for all the options that this command - supports.""" - - self.build_links = False - self.links_file = None - self.source_dir = None - self.build_dir = None - self.xslt = None - - def finalize_options(self): - """Set final values for all the options that this command - supports.""" - if self.source_dir is None: - if os.path.isdir('schemas'): - for root, dirnames, filenames in os.walk('schemas'): - for filename in filenames: - if fnmatch(filename, '*.xsd'): - self.source_dir = root - self.announce('Using source directory %s' % root) - break - self.ensure_dirname('source_dir') - self.source_dir = os.path.abspath(self.source_dir) - - if self.build_dir is None: - build = self.get_finalized_command('build') - self.build_dir = os.path.join(build.build_base, 'dtd') - self.mkpath(self.build_dir) - - if self.links_file is None: - self.links_file = "links.xml" - if os.path.isfile(os.path.join(self.source_dir, "links.xml")): - self.announce("Using linksFile links.xml") - else: - self.build_links = True - - if self.xslt is None: - xsl_files = glob(os.path.join(self.source_dir, '*.xsl')) - if xsl_files: - self.xslt = xsl_files[0] - self.announce("Using XSLT file %s" % self.xslt) - self.ensure_filename('xslt') - - def run(self): - """Perform XSLT transforms, writing output to self.build_dir""" - - xslt = lxml.etree.parse(self.xslt).getroot() - transform = lxml.etree.XSLT(xslt) - - if self.build_links: - self.announce("Building linksFile %s" % self.links_file) - links_xml = \ - lxml.etree.Element('links', - attrib={'xmlns': "http://titanium.dstc.edu.au/xml/xs3p"}) - for filename in glob(os.path.join(self.source_dir, '*.xsd')): - attrib = {'file-location': os.path.basename(filename), - 'docfile-location': os.path.splitext(os.path.basename(filename))[0] + ".html"} - links_xml.append(lxml.etree.Element('schema', attrib=attrib)) - open(os.path.join(self.source_dir, self.links_file), - "w").write(lxml.etree.tostring(links_xml)) - - # build parameter dict - params = {'printLegend': "'false'", - 'printGlossary': "'false'", - 'sortByComponent': "'false'"} - if self.links_file is not None: - params['linksFile'] = "'%s'" % self.links_file - params['searchIncludedSchemas'] = "'true'" - - for filename in glob(os.path.join(self.source_dir, '*.xsd')): - outfile = \ - os.path.join(self.build_dir, - os.path.splitext(os.path.basename(filename))[0] + - ".html") - self.announce("Transforming %s to %s" % (filename, outfile)) - xml = lxml.etree.parse(filename).getroot() - xhtml = str(transform(xml, **params)) - open(outfile, 'w').write(xhtml) - -cmdclass = {} - -try: - import lxml.etree - cmdclass['build_dtddoc'] = BuildDTDDoc -except ImportError: - pass - inst_reqs = ['lxml'] if need_m2crypto: inst_reqs.append('M2Crypto') -setup(cmdclass=cmdclass, - name="Bcfg2", +setup(name="Bcfg2", version="1.3.0pre2", description="Bcfg2 Server", author="Narayan Desai", diff --git a/src/lib/Bcfg2/Client/Tools/POSIX/Hardlink.py b/src/lib/Bcfg2/Client/Tools/POSIX/Hardlink.py index 64a0b1e15..896ca5f49 100644 --- a/src/lib/Bcfg2/Client/Tools/POSIX/Hardlink.py +++ b/src/lib/Bcfg2/Client/Tools/POSIX/Hardlink.py @@ -12,4 +12,5 @@ class POSIXHardlink(POSIXLinkTool): return os.path.samefile(entry.get('name'), entry.get('to')) def _link(self, entry): + ## TODO: set permissions return os.link(entry.get('to'), entry.get('name')) diff --git a/src/lib/Bcfg2/Client/Tools/VCS.py b/src/lib/Bcfg2/Client/Tools/VCS.py index 6c4c77426..fa3d22e1d 100644 --- a/src/lib/Bcfg2/Client/Tools/VCS.py +++ b/src/lib/Bcfg2/Client/Tools/VCS.py @@ -28,7 +28,6 @@ import Bcfg2.Client.Tools class VCS(Bcfg2.Client.Tools.Tool): """VCS support.""" - name = 'VCS' __handles__ = [('Path', 'vcs')] __req__ = {'Path': ['name', 'type', @@ -36,10 +35,6 @@ class VCS(Bcfg2.Client.Tools.Tool): 'sourceurl', 'revision']} - def __init__(self, logger, cfg, setup): - Bcfg2.Client.Tools.Tool.__init__(self, logger, cfg, setup) - self.cfg = cfg - def git_write_index(self, entry): """Write the git index""" pass @@ -72,7 +67,7 @@ class VCS(Bcfg2.Client.Tools.Tool): else: os.remove(destname) except OSError: - self.logger.info('Failed to remove %s' % \ + self.logger.info('Failed to remove %s' % destname) return False diff --git a/src/lib/Bcfg2/Server/Plugins/Metadata.py b/src/lib/Bcfg2/Server/Plugins/Metadata.py index 0ab72f2c5..5519d42b5 100644 --- a/src/lib/Bcfg2/Server/Plugins/Metadata.py +++ b/src/lib/Bcfg2/Server/Plugins/Metadata.py @@ -358,15 +358,15 @@ class MetadataGroup(tuple): """ representation of a metadata group. basically just a named tuple """ # pylint: disable=R0913,W0613 - def __new__(cls, name, bundles=None, category=None, - is_profile=False, is_public=False, is_private=False): + def __new__(cls, name, bundles=None, category=None, is_profile=False, + is_public=False): if bundles is None: bundles = set() return tuple.__new__(cls, (bundles, category)) # pylint: enable=W0613 - def __init__(self, name, bundles=None, category=None, - is_profile=False, is_public=False, is_private=False): + def __init__(self, name, bundles=None, category=None, is_profile=False, + is_public=False): if bundles is None: bundles = set() tuple.__init__(self) @@ -375,7 +375,6 @@ class MetadataGroup(tuple): self.category = category self.is_profile = is_profile self.is_public = is_public - self.is_private = is_private # record which clients we've warned about category suppression self.warned = [] # pylint: enable=R0913 @@ -795,8 +794,7 @@ class Metadata(Bcfg2.Server.Plugin.Metadata, for b in grp.findall("Bundle")], category=grp.get("category"), is_profile=grp.get("profile", "false") == "true", - is_public=grp.get("public", "false") == "true", - is_private=grp.get("public", "true") == "false") + is_public=grp.get("public", "false") == "true") if grp.get('default', 'false') == 'true': self.default = grp.get('name') diff --git a/testsuite/Testschema/test_schema.py b/testsuite/Testschema/test_schema.py index 56fe76205..ddfe4775f 100644 --- a/testsuite/Testschema/test_schema.py +++ b/testsuite/Testschema/test_schema.py @@ -1,7 +1,7 @@ import os -import re import sys import glob +import lxml.etree from subprocess import Popen, PIPE, STDOUT # add all parent testsuite directories to sys.path to allow (most) @@ -27,14 +27,46 @@ except OSError: HAS_XMLLINT = False +XS = "http://www.w3.org/2001/XMLSchema" +XS_NS = "{%s}" % XS +NSMAP = dict(xs=XS) + + class TestSchemas(Bcfg2TestCase): schema_url = "http://www.w3.org/2001/XMLSchema.xsd" @skipUnless(HAS_XMLLINT, "xmllint not installed") def test_valid(self): - schemas = [s for s in glob.glob(os.path.join(srcpath,'*.xsd'))] + schemas = [s for s in glob.glob(os.path.join(srcpath, '*.xsd'))] xmllint = Popen(['xmllint', '--xinclude', '--noout', '--schema', self.schema_url] + schemas, stdout=PIPE, stderr=STDOUT) print(xmllint.communicate()[0]) self.assertEqual(xmllint.wait(), 0) + + def test_duplicates(self): + entities = dict() + for root, _, files in os.walk(srcpath): + for fname in files: + if not fname.endswith(".xsd"): + continue + path = os.path.join(root, fname) + relpath = path[len(srcpath):].strip("/") + schema = lxml.etree.parse(path).getroot() + ns = schema.get("targetNamespace") + if ns not in entities: + entities[ns] = dict(group=dict(), + attributeGroup=dict(), + simpleType=dict(), + complexType=dict()) + for entity in schema.xpath("//xs:*[@name]", namespaces=NSMAP): + tag = entity.tag[len(XS_NS):] + if tag not in entities[ns]: + continue + name = entity.get("name") + if name in entities[ns][tag]: + self.assertNotIn(name, entities[ns][tag], + "Duplicate %s %s (in %s and %s)" % + (tag, name, fname, + entities[ns][tag][name])) + entities[ns][tag][name] = fname diff --git a/testsuite/Testsrc/Testlib/TestServer/TestPlugins/TestMetadata.py b/testsuite/Testsrc/Testlib/TestServer/TestPlugins/TestMetadata.py index 430368238..f627e4465 100644 --- a/testsuite/Testsrc/Testlib/TestServer/TestPlugins/TestMetadata.py +++ b/testsuite/Testsrc/Testlib/TestServer/TestPlugins/TestMetadata.py @@ -807,9 +807,6 @@ class TestMetadata(_TestMetadata, TestStatistics, TestDatabaseBacked): self.assertTrue(metadata.groups['group1'].is_public) self.assertTrue(metadata.groups['group2'].is_public) self.assertFalse(metadata.groups['group3'].is_public) - self.assertFalse(metadata.groups['group1'].is_private) - self.assertFalse(metadata.groups['group2'].is_private) - self.assertTrue(metadata.groups['group3'].is_private) self.assertTrue(metadata.groups['group1'].is_profile) self.assertTrue(metadata.groups['group2'].is_profile) self.assertFalse(metadata.groups['group3'].is_profile) -- cgit v1.2.3-1-g7c22