diff --git a/Berksfile b/Berksfile index 653b3dfb..47f76351 100644 --- a/Berksfile +++ b/Berksfile @@ -1,17 +1,16 @@ source "https://supermarket.getchef.com" -cookbook 'apache2', '~> 3.0.1' -cookbook 'apt', '~> 2.6.1' -cookbook 'build-essential', '~> 2.1.3' -cookbook 'composer', '~> 2.0.0' -cookbook 'git', '~> 4.1.0' +cookbook 'apache2', '~> 3.1.0' +cookbook 'apt', '~> 2.8.2' +cookbook 'build-essential', '~> 2.2.3' +cookbook 'composer', '~> 2.2.0' +cookbook 'git', '~> 4.3.4' cookbook 'magento-toolbox', '~> 0.0.3' -cookbook 'mysql', '~> 6.0.15' -cookbook 'nodejs', '~> 2.2.0' -cookbook 'npm', '~> 0.1.2' -cookbook 'percona', '~> 0.15.5' +cookbook 'mysql', '~> 6.1.0' +cookbook 'nodejs', '~> 2.4.2' +cookbook 'percona', '~> 0.16.1' cookbook 'phing', '~> 0.0.3' -cookbook 'php', '~> 1.5.0' +cookbook 'php', '~> 1.7.2' cookbook 'python', '~> 1.4.6' cookbook 'mailhog', '~> 0.1.0' -cookbook 'postfix', '~> 3.6.2' +cookbook 'postfix', '~> 3.7.0' diff --git a/Berksfile.lock b/Berksfile.lock index 6fea6ba6..0c45e732 100644 --- a/Berksfile.lock +++ b/Berksfile.lock @@ -1,96 +1,93 @@ DEPENDENCIES - apache2 (~> 3.0.1) - apt (~> 2.6.1) - build-essential (~> 2.1.3) - composer (~> 2.0.0) - git (~> 4.1.0) + apache2 (~> 3.1.0) + apt (~> 2.8.2) + build-essential (~> 2.2.3) + composer (~> 2.2.0) + git (~> 4.3.4) magento-toolbox (~> 0.0.3) mailhog (~> 0.1.0) - mysql (~> 6.0.15) - nodejs (~> 2.2.0) - npm (~> 0.1.2) - percona (~> 0.15.5) + mysql (~> 6.1.0) + nodejs (~> 2.4.2) + percona (~> 0.16.1) phing (~> 0.0.3) - php (~> 1.5.0) - postfix (~> 3.6.2) + php (~> 1.7.2) + postfix (~> 3.7.0) python (~> 1.4.6) GRAPH 7-zip (1.0.2) windows (>= 1.2.2) - apache2 (3.0.1) - iptables (>= 0.0.0) - logrotate (>= 0.0.0) - apt (2.6.1) + apache2 (3.1.0) + apt (2.8.2) ark (0.9.0) 7-zip (>= 0.0.0) windows (>= 0.0.0) - build-essential (2.1.3) - chef-sugar (3.0.1) - chef_handler (1.1.6) - composer (2.0.0) + build-essential (2.2.3) + chef-sugar (3.1.1) + chef-vault (1.3.0) + chef_handler (1.2.0) + composer (2.2.0) php (>= 0.0.0) windows (>= 0.0.0) dmg (2.2.2) - git (4.1.0) + git (4.3.4) build-essential (>= 0.0.0) dmg (>= 0.0.0) - runit (>= 1.0) windows (>= 0.0.0) - yum (~> 3.0) yum-epel (>= 0.0.0) - iis (4.1.0) + homebrew (1.13.0) + build-essential (>= 2.1.2) + iis (4.1.1) windows (>= 1.34.6) - iptables (0.14.1) - logrotate (1.9.1) magento-toolbox (0.0.3) php (>= 0.0.0) mailhog (0.1.0) runit (>= 0.0.0) - mysql (6.0.17) + mysql (6.1.1) smf (>= 0.0.0) yum-mysql-community (>= 0.0.0) - nodejs (2.2.0) + nodejs (2.4.2) apt (>= 0.0.0) ark (>= 0.0.0) build-essential (>= 0.0.0) + homebrew (>= 0.0.0) yum-epel (>= 0.0.0) - npm (0.1.2) - nodejs (>= 0.0.0) - openssl (4.0.0) - chef-sugar (>= 0.0.0) - percona (0.15.5) - apt (>= 1.9) + openssl (4.4.0) + chef-sugar (>= 3.1.1) + packagecloud (0.1.0) + percona (0.16.1) + apt (>= 2.7.0) + build-essential (>= 0.0.0) + chef-vault (>= 0.0.0) openssl (>= 0.0.0) yum (~> 3.0) + yum-epel (>= 0.0.0) phing (0.0.3) composer (>= 0.0.0) php (>= 0.0.0) - php (1.5.0) + php (1.7.2) build-essential (>= 0.0.0) iis (>= 0.0.0) - mysql (>= 0.0.0) + mysql (>= 6.0.0) windows (>= 0.0.0) xml (>= 0.0.0) yum-epel (>= 0.0.0) - postfix (3.6.2) + postfix (3.7.0) python (1.4.6) build-essential (>= 0.0.0) yum-epel (>= 0.0.0) - rbac (1.0.2) - runit (1.5.18) - build-essential (>= 0.0.0) - yum (~> 3.0) - yum-epel (>= 0.0.0) - smf (2.2.6) + rbac (1.0.3) + runit (1.7.2) + packagecloud (>= 0.0.0) + smf (2.2.7) rbac (>= 1.0.1) - windows (1.36.6) + windows (1.38.2) chef_handler (>= 0.0.0) xml (1.2.13) build-essential (>= 0.0.0) chef-sugar (>= 0.0.0) - yum (3.5.3) - yum-epel (0.6.0) - yum (~> 3.0) - yum-mysql-community (0.1.14) + yum (3.7.1) + yum-epel (0.6.3) + yum (~> 3.2) + yum-mysql-community (0.1.18) yum (>= 3.0) diff --git a/CHANGELOG.md b/CHANGELOG.md index b9201ee9..7d9d4ffb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,22 @@ # Change Log +## [1.0.2] - 2015-09-25 + +### Fixed +- Check if vagrant-berkshelf plugin is installed before trying to disable it +- Fix keyserver override for Percona repository +- Replace Apache event MPM with prefork +- Fix phpmyadmin installation + +### Changed +- Update name of base box provided by Chef +- Upgrade vendor cookbooks +- Upgrade node.js version +- Use nodejs cookbook to install npm modules + +### Removed +- Remove deprecated apache template + ## [1.0.1] - 2015-04-12 ### Fixed diff --git a/Vagrantfile b/Vagrantfile index fac9569f..e4945f0d 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -9,7 +9,7 @@ Vagrant.configure("2") do |config| # please see the online documentation at vagrantup.com. # Every Vagrant virtual environment requires a box to build off of. - config.vm.box = "chef/ubuntu-14.04" + config.vm.box = "bento/ubuntu-14.04" if Vagrant.has_plugin? 'vagrant-omnibus' # Set Chef version for Omnibus @@ -20,6 +20,12 @@ Vagrant.configure("2") do |config| "vagrant plugin install vagrant-omnibus" end + # Disable vagrant-berkshelf because it overrides chef cookbooks path + # See https://github.com/berkshelf/vagrant-berkshelf/issues/274 + if Vagrant.has_plugin? 'vagrant-berkshelf' + config.berkshelf.enabled = false + end + # Create a forwarded port mapping which allows access to a specific port # within the machine from a port on the host machine. # Forward MySql port on 33066, used for connecting admin-clients to localhost:33066 @@ -49,7 +55,7 @@ Vagrant.configure("2") do |config| # path, and data_bags path (all relative to this Vagrantfile), and adding # some recipes and/or roles. config.vm.provision :chef_zero do |chef| - chef.cookbooks_path = ["berks-cookbooks", "cookbooks"] + chef.cookbooks_path = ["berks-cookbooks", "cookbooks"] chef.data_bags_path = "data_bags" # List of recipes to run diff --git a/berks-cookbooks/apache2/CHANGELOG.md b/berks-cookbooks/apache2/CHANGELOG.md index 452c16e7..e89bc993 100644 --- a/berks-cookbooks/apache2/CHANGELOG.md +++ b/berks-cookbooks/apache2/CHANGELOG.md @@ -2,11 +2,34 @@ apache2 Cookbook Changelog ========================== This file is used to list changes made in each version of the apache2 cookbook. +v3.1.0 (2015-05-25) +------------------- + +- [GH-315] Fix `apache.default_site_name` .conf extension references to ensure deletion +- [GH-258] Use `apache.default_site_name` for consistency, minimize hardcoding of filenames +- [GH-259] Add `&& sleep 1` to end of apache restart command on rhel-based systems using apache2.2 +- [GH-271] Remove FreeBSD 9.x, Red Hat and CentOS 5.x and OpenSUSE 11.x Series from tests and focus on newer releases +- [GH-276] Add psych gem to development gems +- [GH-293] Add `apache.mod_fastcgi.install_method` flag to allow install of mod_fastcgi from source (even on Debian family) +- [GH-285] Made `apache.devel_package` configurable based on platform, including support for Amazon Linux. +- [GH-316] Update Opscode references to Chef +- [GH-318] Apply default recipe in all definitions +- [GH-320] Add attribute to adjust `apache.default_site_port` +- [GH-321] Fix issue with default_site name in not_if guards +- [GH-322] Add `apache.mod_ssl.pkg_name` to allow custom mod_ssl package names. Set defaults for supported platforms including Amazon Linux +- [GH-323] Don't create the default site configuration file in `sites-available` unless it is enabled. +- [GH-324] Add `apache.mod_ssl.port` to set the default ssl port to something other than 443 +- [GH-328] Add the ability to pass in a pipe as to log +- [GH-332] `SSLStrictSNIVHostCheck` is only written to config if enabled to avoid breaking apache prior to 2.2.12. +- [GH-334] Removed `iptables`, `god-monitor`, and `logrotate` recipes to avoid having external dependencies. These services should be managed in a wrapper cookbook going forward. +- [GH-339] Allow custom names for php so_filename (`node['apache']['mod_php5']['so_filename']`) + + v3.0.1 (2015-02-11) ------------------- - [GH-310] Ubuntu Apache 2.2 requires the lock_dir to be owned by www-data -- [GH-307] Clarify that apache.version is a string +- [GH-309] Clarify that apache.version is a string - [GH-305] Restart service after MPM changes - [GH-304] Don't install systemd module on Amazon Linux - [GH-298] Add non-threaded MPM break notice for PHP users @@ -131,7 +154,7 @@ v1.10.2 (2014-04-09) - [COOK-4492] - Fix service[apache2] CHEF-3694 duplication - [COOK-4493] - Fix template[ports.conf] CHEF-3694 duplication -As of 2014-04-04 and per [Community Cookbook Diversification](https://wiki.opscode.com/display/chef/Community+Cookbook+Diversification) this cookbook now maintained by OneHealth Solutions. Please be patient as we get into the swing of things. +As of 2014-04-04 and per [Community Cookbook Diversification](https://wiki.chef.io/display/chef/Community+Cookbook+Diversification) this cookbook now maintained by OneHealth Solutions. Please be patient as we get into the swing of things. v1.10.0 (2014-03-28) -------------------- @@ -158,16 +181,16 @@ v1.9.1 (2014-02-27) v1.9.0 (2014-02-21) ------------------- ### Improvement -- **[COOK-4076](https://tickets.opscode.com/browse/COOK-4076)** - foodcritic: dependencies are not defined properly -- **[COOK-2572](https://tickets.opscode.com/browse/COOK-2572)** - Add mod_pagespeed recipe to apache2 +- **[COOK-4076](https://tickets.chef.io/browse/COOK-4076)** - foodcritic: dependencies are not defined properly +- **[COOK-2572](https://tickets.chef.io/browse/COOK-2572)** - Add mod_pagespeed recipe to apache2 ### Bug -- **[COOK-4043](https://tickets.opscode.com/browse/COOK-4043)** - apache2 cookbook does not depend on 'iptables' -- **[COOK-3919](https://tickets.opscode.com/browse/COOK-3919)** - Move the default pidfile for apache2 on Ubuntu 13.10 or greater -- **[COOK-3863](https://tickets.opscode.com/browse/COOK-3863)** - Add recipe for mod_jk -- **[COOK-3804](https://tickets.opscode.com/browse/COOK-3804)** - Fix incorrect datatype for apache/default_modules, use recipes option in metadata -- **[COOK-3800](https://tickets.opscode.com/browse/COOK-3800)** - Cannot load modules that use non-standard module identifiers -- **[COOK-1689](https://tickets.opscode.com/browse/COOK-1689)** - The perl package name should be configurable +- **[COOK-4043](https://tickets.chef.io/browse/COOK-4043)** - apache2 cookbook does not depend on 'iptables' +- **[COOK-3919](https://tickets.chef.io/browse/COOK-3919)** - Move the default pidfile for apache2 on Ubuntu 13.10 or greater +- **[COOK-3863](https://tickets.chef.io/browse/COOK-3863)** - Add recipe for mod_jk +- **[COOK-3804](https://tickets.chef.io/browse/COOK-3804)** - Fix incorrect datatype for apache/default_modules, use recipes option in metadata +- **[COOK-3800](https://tickets.chef.io/browse/COOK-3800)** - Cannot load modules that use non-standard module identifiers +- **[COOK-1689](https://tickets.chef.io/browse/COOK-1689)** - The perl package name should be configurable v1.8.14 @@ -198,36 +221,36 @@ Locking yum dependency to '< 3' v1.8.4 ------ ### Bug -- **[COOK-3769](https://tickets.opscode.com/browse/COOK-3769)** - Fix a critical bug where the `apache_module` could not enable modules +- **[COOK-3769](https://tickets.chef.io/browse/COOK-3769)** - Fix a critical bug where the `apache_module` could not enable modules v1.8.2 ------ ### Bug -- **[COOK-3766](https://tickets.opscode.com/browse/COOK-3766)** - Fix an issue where the `mod_ssl` recipe fails due to a missing attribute +- **[COOK-3766](https://tickets.chef.io/browse/COOK-3766)** - Fix an issue where the `mod_ssl` recipe fails due to a missing attribute v1.8.0 ------ ### Bug -- **[COOK-3680](https://tickets.opscode.com/browse/COOK-3680)** - Update template paths -- **[COOK-3570](https://tickets.opscode.com/browse/COOK-3570)** - Apache cookbook breaks on RHEL / CentOS 6 -- **[COOK-2944](https://tickets.opscode.com/browse/COOK-2944)** - Fix foodcritic failures -- **[COOK-2893](https://tickets.opscode.com/browse/COOK-2893)** - Improve mod_auth_openid recipe with guards and idempotency -- **[COOK-2758](https://tickets.opscode.com/browse/COOK-2758)** - Fix use of non-existent attribute +- **[COOK-3680](https://tickets.chef.io/browse/COOK-3680)** - Update template paths +- **[COOK-3570](https://tickets.chef.io/browse/COOK-3570)** - Apache cookbook breaks on RHEL / CentOS 6 +- **[COOK-2944](https://tickets.chef.io/browse/COOK-2944)** - Fix foodcritic failures +- **[COOK-2893](https://tickets.chef.io/browse/COOK-2893)** - Improve mod_auth_openid recipe with guards and idempotency +- **[COOK-2758](https://tickets.chef.io/browse/COOK-2758)** - Fix use of non-existent attribute ### New Feature -- **[COOK-3665](https://tickets.opscode.com/browse/COOK-3665)** - Add recipe for mod_userdir -- **[COOK-3646](https://tickets.opscode.com/browse/COOK-3646)** - Add recipe for mod_cloudflare -- **[COOK-3213](https://tickets.opscode.com/browse/COOK-3213)** - Add recipe for mod_info +- **[COOK-3665](https://tickets.chef.io/browse/COOK-3665)** - Add recipe for mod_userdir +- **[COOK-3646](https://tickets.chef.io/browse/COOK-3646)** - Add recipe for mod_cloudflare +- **[COOK-3213](https://tickets.chef.io/browse/COOK-3213)** - Add recipe for mod_info ### Improvement -- **[COOK-3656](https://tickets.opscode.com/browse/COOK-3656)** - Parameterize apache2 binary -- **[COOK-3562](https://tickets.opscode.com/browse/COOK-3562)** - Allow mod_proxy settings to be configured as attributes -- **[COOK-3326](https://tickets.opscode.com/browse/COOK-3326)** - Fix default_test to use ServerTokens attribute -- **[COOK-2635](https://tickets.opscode.com/browse/COOK-2635)** - Add support for SVG mime types -- **[COOK-2598](https://tickets.opscode.com/browse/COOK-2598)** - FastCGI Module only works on Debian-based platforms -- **[COOK-1984](https://tickets.opscode.com/browse/COOK-1984)** - Add option to configure the address apache listens to +- **[COOK-3656](https://tickets.chef.io/browse/COOK-3656)** - Parameterize apache2 binary +- **[COOK-3562](https://tickets.chef.io/browse/COOK-3562)** - Allow mod_proxy settings to be configured as attributes +- **[COOK-3326](https://tickets.chef.io/browse/COOK-3326)** - Fix default_test to use ServerTokens attribute +- **[COOK-2635](https://tickets.chef.io/browse/COOK-2635)** - Add support for SVG mime types +- **[COOK-2598](https://tickets.chef.io/browse/COOK-2598)** - FastCGI Module only works on Debian-based platforms +- **[COOK-1984](https://tickets.chef.io/browse/COOK-1984)** - Add option to configure the address apache listens to v1.7.0 diff --git a/berks-cookbooks/apache2/README.md b/berks-cookbooks/apache2/README.md index d4d1a654..6de7c9ff 100644 --- a/berks-cookbooks/apache2/README.md +++ b/berks-cookbooks/apache2/README.md @@ -1,7 +1,9 @@ apache2 Cookbook ================ -[![Build Status](https://travis-ci.org/svanzoest/apache2-cookbook.svg?branch=master)](https://travis-ci.org/svanzoest/apache2-cookbook) -[![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/svanzoest/apache2-cookbook?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge) +[![Cookbook Version](https://img.shields.io/cookbook/v/apache2.svg?style=flat)](https://supermarket.chef.io/cookbooks/apache2) +[![Build Status](https://travis-ci.org/svanzoest-cookbooks/apache2.svg?branch=master)](https://travis-ci.org/svanzoest-cookbooks/apache2) +[![Dependency Status](http://img.shields.io/gemnasium/svanzoest-cookbooks/apache2.svg?style=flat)](https://gemnasium.com/svanzoest-cookbooks/apache2) +[![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/svanzoest-cookbooks/apache2?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge) This cookbook provides a complete Debian/Ubuntu style Apache HTTPD configuration. Non-Debian based distributions such as Red Hat/CentOS, @@ -39,8 +41,7 @@ this cookbook](https://supermarket.chef.io/cookbooks/apache2/versions/1.1.16). ## Cookbooks: -This cookbook doesn't have direct dependencies on other cookbooks, as -none are needed for the default recipe or the general use cases. +This cookbook has no direct external dependencies. Depending on your OS configuration and security policy, you may need additional recipes or cookbooks for this cookbook's recipes to @@ -64,7 +65,7 @@ contains a `permissive` recipe that can be used to set SELinux to by the user to address SELinux permissions. The easiest but **certainly not ideal way** to deal with IPtables is -to flush all rules. Opscode does provide an `iptables` cookbook but is +to flush all rules. Chef Software does provide an `iptables` cookbook but is migrating from the approach used there to a more robust solution utilizing a general "firewall" LWRP that would have an "iptables" provider. Alternately, you can use ufw, with Opscode's `ufw` and @@ -83,10 +84,6 @@ role). This is not an explicit dependency because it is only required for this single recipe and platform; the pacman default recipe performs `pacman -Sy` to keep pacman's package cache updated. -The `apache2::god_monitor` recipe uses a definition from the `god` -cookbook. Include `recipe[god]` in the node's expanded run list to -ensure that the cookbook is available to the node, and to set up `god`. - ## Platforms: The following platforms and versions are tested and supported using @@ -127,7 +124,7 @@ Tests ===== This cookbook in the -[source repository](https://github.com/svanzoest/apache2-cookbook/) +[source repository](https://github.com/svanzoest-cookbooks/apache2/) contains chefspec, serverspec and cucumber tests. This is an initial proof of concept that will be fleshed out with more supporting infrastructure at a future time. @@ -229,6 +226,15 @@ configuration. * `node['apache']['event']['maxrequestworkers']` - Maximum number of connections that will be processed simultaneously. * `node['apache']['event']['maxconnectionsperchild']` - Limit on the number of connections that an individual child server will handle during its life. +Other/Unsupported MPM +--------------------- + +To use the cookbook with an unsupported mpm (other than prefork, event or worker): + +* set `node['apache']['mpm']` to the name of the module (e.g. `itk`) +* in your cookbook, after `include_recipe 'apache2'` use the `apache_module` definition to enable/disable the required module(s) + + mod\_auth\_openid attributes ---------------------------- @@ -252,7 +258,7 @@ For general information on this attributes see http://httpd.apache.org/docs/curr * `node['apache']['mod_ssl']['cipher_suite']` - sets the SSLCiphersuite value to the specified string. The default is considered "sane" but you may need to change it for your local security policy, e.g. if you have PCI-DSS requirements. Additional commentary on the - [original pull request](https://github.com/svanzoest/apache2-cookbook/pull/15#commitcomment-1605406). + [original pull request](https://github.com/svanzoest-cookbooks/apache2/pull/15#commitcomment-1605406). * `node['apache']['mod_ssl']['honor_cipher_order']` - Option to prefer the server's cipher preference order. Default 'On'. * `node['apache']['mod_ssl']['insecure_renegotiation']` - Option to enable support for insecure renegotiation. Default 'Off'. * `node['apache']['mod_ssl']['strict_sni_vhost_check']` - Whether to allow non-SNI clients to access a name-based virtual host. Default 'Off'. @@ -305,13 +311,6 @@ The default recipe does a number of things to set up Apache HTTPd. It also includes a number of modules based on the attribute `node['apache']['default_modules']` as recipes. -logrotate ---------- - -Logrotate adds a logrotate entry for your apache2 logs. This recipe -requires the `logrotate` cookbook; ensure that `recipe[logrotate]` is -in the node's expanded run list. - mod\_auth\_cas -------------- @@ -403,18 +402,6 @@ Besides installing and enabling `mod_ssl`, this recipe will append port 443 to the `node['apache']['listen_ports']` attribute array and update the ports.conf. -god\_monitor ------------- - -Sets up a `god` monitor for Apache. External requirements are the -`god` and `runit` cookbooks from Opscode. When using this recipe, -include `recipe[god]` in the node's expanded run list to ensure the -client downloads it; `god` depends on runit so that will also be -downloaded. - -**Note** This recipe is not tested under test-kitchen yet and is - pending fix in COOK-744. - Definitions =========== @@ -703,8 +690,8 @@ respective sections above. License and Authors =================== -* Author:: Adam Jacob -* Author:: Joshua Timberman +* Author:: Adam Jacob +* Author:: Joshua Timberman * Author:: Bryan McLellan * Author:: Dave Esposito * Author:: David Abdemoulaie @@ -714,13 +701,13 @@ License and Authors * Author:: Matthew Kent * Author:: Nathen Harvey * Author:: Ringo De Smet -* Author:: Sean OMeara -* Author:: Seth Chisamore +* Author:: Sean OMeara +* Author:: Seth Chisamore * Author:: Gilles Devaux * Author:: Sander van Zoest * Author:: Taylor Price -* Copyright:: 2009-2012, Opscode, Inc +* Copyright:: 2009-2012, Chef Software, Inc * Copyright:: 2011, Atriso * Copyright:: 2011, CustomInk, LLC. * Copyright:: 2013-2014, OneHealth Solutions, Inc. diff --git a/berks-cookbooks/apache2/attributes/default.rb b/berks-cookbooks/apache2/attributes/default.rb index 1d846327..043915e0 100644 --- a/berks-cookbooks/apache2/attributes/default.rb +++ b/berks-cookbooks/apache2/attributes/default.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Attributes:: default # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # Copyright 2014, Viverae, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -55,7 +55,12 @@ '2.4' end when 'rhel' - node['platform_version'].to_f >= 7.0 ? '2.4' : '2.2' + case node['platform'] + when 'amazon' + node['platform_version'].to_f >= 2013.09 ? '2.4' : '2.2' + else + node['platform_version'].to_f >= 7.0 ? '2.4' : '2.2' + end when 'fedora' node['platform_version'].to_f >= 18 ? '2.4' : '2.2' when 'suse' @@ -79,6 +84,8 @@ case node['platform'] when 'redhat', 'centos', 'scientific', 'fedora', 'amazon', 'oracle' default['apache']['package'] = 'httpd' + default['apache']['service_name'] = 'httpd' + default['apache']['devel_package'] = 'httpd-devel' default['apache']['perl_pkg'] = 'perl' default['apache']['apachectl'] = '/usr/sbin/apachectl' default['apache']['dir'] = '/etc/httpd' @@ -91,10 +98,18 @@ default['apache']['conf_dir'] = '/etc/httpd/conf' default['apache']['docroot_dir'] = '/var/www/html' default['apache']['cgibin_dir'] = '/var/www/cgi-bin' - default['apache']['icondir'] = '/var/www/icons' + if node['apache']['version'] == '2.4' + default['apache']['icondir'] = '/usr/share/httpd/icons' + else + default['apache']['icondir'] = '/var/www/icons' + end default['apache']['cache_dir'] = '/var/cache/httpd' default['apache']['run_dir'] = '/var/run/httpd' default['apache']['lock_dir'] = '/var/run/httpd' + if node['platform'] == 'amazon' && node['apache']['version'] == '2.4' + default['apache']['package'] = 'httpd24' + default['apache']['devel_package'] = 'httpd24-devel' + end if node['platform_version'].to_f >= 6 default['apache']['pid_file'] = '/var/run/httpd/httpd.pid' else @@ -105,6 +120,7 @@ when 'suse', 'opensuse' default['apache']['package'] = 'apache2' default['apache']['perl_pkg'] = 'perl' + default['apache']['devel_package'] = 'httpd-devel' default['apache']['apachectl'] = '/usr/sbin/apache2ctl' default['apache']['dir'] = '/etc/apache2' default['apache']['log_dir'] = '/var/log/apache2' @@ -130,6 +146,11 @@ when 'debian', 'ubuntu' default['apache']['package'] = 'apache2' default['apache']['perl_pkg'] = 'perl' + if node['apache']['mpm'] == 'prefork' + default['apache']['devel_package'] = 'apache2-prefork-dev' + else + default['apache']['devel_package'] = 'apache2-dev' + end default['apache']['apachectl'] = '/usr/sbin/apache2ctl' default['apache']['dir'] = '/etc/apache2' default['apache']['log_dir'] = '/var/log/apache2' @@ -152,8 +173,9 @@ default['apache']['pid_file'] = '/var/run/apache2.pid' default['apache']['docroot_dir'] = '/var/www' end - default['apache']['lib_dir'] = '/usr/lib/apache2' - default['apache']['libexec_dir'] = "#{node['apache']['lib_dir']}/modules" + default['apache']['lib_dir'] = '/usr/lib/apache2' + default['apache']['build_dir'] = '/usr/share/apache2' + default['apache']['libexec_dir'] = "#{node['apache']['lib_dir']}/modules" default['apache']['default_site_name'] = '000-default' when 'arch' default['apache']['package'] = 'apache' @@ -200,6 +222,7 @@ default['apache']['lock_dir'] = '/var/run' default['apache']['lib_dir'] = '/usr/local/libexec/apache22' end + default['apache']['devel_package'] = 'httpd-devel' default['apache']['perl_pkg'] = 'perl5' default['apache']['apachectl'] = '/usr/local/sbin/apachectl' default['apache']['pid_file'] = '/var/run/httpd.pid' @@ -213,6 +236,7 @@ default['apache']['libexec_dir'] = node['apache']['lib_dir'] else default['apache']['package'] = 'apache2' + default['apache']['devel_package'] = 'apache2-dev' default['apache']['perl_pkg'] = 'perl' default['apache']['dir'] = '/etc/apache2' default['apache']['log_dir'] = '/var/log/apache2' @@ -239,7 +263,9 @@ ### # General settings -default['apache']['service_name'] = default['apache']['package'] +if node['apache']['service_name'].nil? + default['apache']['service_name'] = node['apache']['package'] +end default['apache']['listen_addresses'] = %w(*) default['apache']['listen_ports'] = %w(80) default['apache']['contact'] = 'ops@example.com' @@ -250,6 +276,8 @@ default['apache']['locale'] = 'C' default['apache']['sysconfig_additional_params'] = {} default['apache']['default_site_enabled'] = false +default['apache']['default_site_port'] = '80' +default['apache']['access_file_name'] = '.htaccess' # Security default['apache']['servertokens'] = 'Prod' @@ -268,6 +296,9 @@ # mod_info Allow list, space seprated list of allowed entries. default['apache']['info_allow_list'] = '127.0.0.1 ::1' +# Supported mpm list +default['apache']['mpm_support'] = %w(prefork worker event) + # Prefork Attributes default['apache']['prefork']['startservers'] = 16 default['apache']['prefork']['minspareservers'] = 16 diff --git a/berks-cookbooks/apache2/attributes/mod_auth_cas.rb b/berks-cookbooks/apache2/attributes/mod_auth_cas.rb index 4716fe7d..76e9fd6c 100644 --- a/berks-cookbooks/apache2/attributes/mod_auth_cas.rb +++ b/berks-cookbooks/apache2/attributes/mod_auth_cas.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Attributes:: mod_auth_cas # -# Copyright 2013, Opscode, Inc. +# Copyright 2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/attributes/mod_auth_openid.rb b/berks-cookbooks/apache2/attributes/mod_auth_openid.rb index bba4feb9..4436d69e 100644 --- a/berks-cookbooks/apache2/attributes/mod_auth_openid.rb +++ b/berks-cookbooks/apache2/attributes/mod_auth_openid.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Attributes:: mod_auth_cas # -# Copyright 2013, Opscode, Inc. +# Copyright 2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/attributes/mod_fastcgi.rb b/berks-cookbooks/apache2/attributes/mod_fastcgi.rb index 0583c9fe..28865b56 100644 --- a/berks-cookbooks/apache2/attributes/mod_fastcgi.rb +++ b/berks-cookbooks/apache2/attributes/mod_fastcgi.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Attributes:: mod_fastcgi # -# Copyright 2013, Opscode, Inc. +# Copyright 2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,3 +18,4 @@ # default['apache']['mod_fastcgi']['download_url'] = 'http://www.fastcgi.com/dist/mod_fastcgi-current.tar.gz' +default['apache']['mod_fastcgi']['install_method'] = 'package' diff --git a/berks-cookbooks/apache2/attributes/mod_php5.rb b/berks-cookbooks/apache2/attributes/mod_php5.rb index f335a5e9..06aea8b2 100644 --- a/berks-cookbooks/apache2/attributes/mod_php5.rb +++ b/berks-cookbooks/apache2/attributes/mod_php5.rb @@ -17,3 +17,8 @@ # limitations under the License. default['apache']['mod_php5']['install_method'] = 'package' +default['apache']['mod_php5']['so_filename'] = 'libphp5.so' + +if node['platform'] == 'amazon' && node['apache']['version'] == '2.4' + default['apache']['mod_php5']['so_filename'] = 'libphp.so' +end diff --git a/berks-cookbooks/apache2/attributes/mod_ssl.rb b/berks-cookbooks/apache2/attributes/mod_ssl.rb index d7cb950a..061664eb 100644 --- a/berks-cookbooks/apache2/attributes/mod_ssl.rb +++ b/berks-cookbooks/apache2/attributes/mod_ssl.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Attributes:: mod_ssl # -# Copyright 2012-2013, Opscode, Inc. +# Copyright 2012-2013, Chef Software, Inc. # Copyright 2014, Viverae, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -18,6 +18,7 @@ # limitations under the License. # +default['apache']['mod_ssl']['port'] = 443 default['apache']['mod_ssl']['protocol'] = 'All -SSLv2 -SSLv3' default['apache']['mod_ssl']['cipher_suite'] = 'EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4!aNULL!eNULL!LOW!3DES!MD5!EXP!PSK!SRP!DSS' default['apache']['mod_ssl']['honor_cipher_order'] = 'On' @@ -33,6 +34,7 @@ default['apache']['mod_ssl']['pass_phrase_dialog'] = 'builtin' default['apache']['mod_ssl']['mutex'] = 'file:/var/run/apache2/ssl_mutex' default['apache']['mod_ssl']['directives'] = {} +default['apache']['mod_ssl']['pkg_name'] = 'mod_ssl' case node['platform_family'] when 'debian' @@ -46,6 +48,12 @@ default['apache']['mod_ssl']['session_cache'] = 'shmcb:/var/run/ssl_scache(512000)' default['apache']['mod_ssl']['mutex'] = 'file:/var/run/ssl_mutex' when 'rhel', 'fedora', 'suse' + case node['platform'] + when 'amazon' + if node['apache']['version'] == '2.4' + default['apache']['mod_ssl']['pkg_name'] = 'mod24_ssl' + end + end default['apache']['mod_ssl']['session_cache'] = 'shmcb:/var/cache/mod_ssl/scache(512000)' default['apache']['mod_ssl']['mutex'] = 'default' end diff --git a/berks-cookbooks/apache2/definitions/apache_conf.rb b/berks-cookbooks/apache2/definitions/apache_conf.rb index 30a5de72..ec8d77ee 100644 --- a/berks-cookbooks/apache2/definitions/apache_conf.rb +++ b/berks-cookbooks/apache2/definitions/apache_conf.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Definition:: apache_conf # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,6 +18,8 @@ # define :apache_conf, :enable => true do + include_recipe 'apache2::default' + conf_name = "#{params[:name]}.conf" params[:conf_path] = params[:conf_path] || "#{node['apache']['dir']}/conf-available" diff --git a/berks-cookbooks/apache2/definitions/apache_config.rb b/berks-cookbooks/apache2/definitions/apache_config.rb index f779ab10..b28cc3d6 100644 --- a/berks-cookbooks/apache2/definitions/apache_config.rb +++ b/berks-cookbooks/apache2/definitions/apache_config.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Definition:: apache_config # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/definitions/apache_mod.rb b/berks-cookbooks/apache2/definitions/apache_mod.rb index 06bcb2a4..5d7656d9 100644 --- a/berks-cookbooks/apache2/definitions/apache_mod.rb +++ b/berks-cookbooks/apache2/definitions/apache_mod.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Definition:: apache_mod # -# Copyright 2008-20013, Opscode, Inc. +# Copyright 2008-20013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,6 +18,8 @@ # define :apache_mod do + include_recipe 'apache2::default' + template "#{node['apache']['dir']}/mods-available/#{params[:name]}.conf" do source "mods/#{params[:name]}.conf.erb" mode '0644' diff --git a/berks-cookbooks/apache2/definitions/apache_module.rb b/berks-cookbooks/apache2/definitions/apache_module.rb index c3c27564..63560202 100644 --- a/berks-cookbooks/apache2/definitions/apache_module.rb +++ b/berks-cookbooks/apache2/definitions/apache_module.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Definition:: apache_module # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/definitions/apache_site.rb b/berks-cookbooks/apache2/definitions/apache_site.rb index 4bd8cd7e..866076e7 100644 --- a/berks-cookbooks/apache2/definitions/apache_site.rb +++ b/berks-cookbooks/apache2/definitions/apache_site.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Definition:: apache_site # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/definitions/web_app.rb b/berks-cookbooks/apache2/definitions/web_app.rb index 79140396..6bb93929 100644 --- a/berks-cookbooks/apache2/definitions/web_app.rb +++ b/berks-cookbooks/apache2/definitions/web_app.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Definition:: web_app # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/metadata.json b/berks-cookbooks/apache2/metadata.json index 3ac1e253..91717946 100644 --- a/berks-cookbooks/apache2/metadata.json +++ b/berks-cookbooks/apache2/metadata.json @@ -1,84 +1 @@ -{ - "name": "apache2", - "version": "3.0.1", - "description": "Installs and configures all aspects of apache2 using Debian style symlinks with helper definitions", - "long_description": "apache2 Cookbook\n================\n[![Build Status](https://travis-ci.org/svanzoest/apache2-cookbook.svg?branch=master)](https://travis-ci.org/svanzoest/apache2-cookbook)\n[![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/svanzoest/apache2-cookbook?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)\n\nThis cookbook provides a complete Debian/Ubuntu style Apache HTTPD\nconfiguration. Non-Debian based distributions such as Red Hat/CentOS,\nArchLinux and others supported by this cookbook will have a\nconfiguration that mimics Debian/Ubuntu style as it is easier to\nmanage with Chef.\n\nDebian-style Apache configuration uses scripts to manage modules and\nsites (vhosts). The scripts are:\n\n* a2ensite\n* a2dissite\n* a2enmod\n* a2dismod\n* a2enconf\n* a2disconf\n\nThis cookbook ships with templates of these scripts for non\nDebian/Ubuntu platforms. The scripts are used in the __Definitions__\nbelow.\n\nRequirements\n============\n\n## Ohai and Chef:\n\n* Ohai: 0.6.12+\n* Chef: 0.10.10+\n\nAs of v1.2.0, this cookbook makes use of `node['platform_family']` to\nsimplify platform selection logic. This attribute was introduced in\nOhai v0.6.12. The recipe methods were introduced in Chef v0.10.10. If\nyou must run an older version of Chef or Ohai, use [version 1.1.16 of\nthis cookbook](https://supermarket.chef.io/cookbooks/apache2/versions/1.1.16).\n\n## Cookbooks:\n\nThis cookbook doesn't have direct dependencies on other cookbooks, as\nnone are needed for the default recipe or the general use cases.\n\nDepending on your OS configuration and security policy, you may need\nadditional recipes or cookbooks for this cookbook's recipes to\nconverge on the node. In particular, the following Operating System\nsettings may affect the behavior of this cookbook:\n\n* apt cache outdated\n* SELinux enabled\n* IPtables\n* Compile tools\n* 3rd party repositories\n\nOn Ubuntu/Debian, use Opscode's `apt` cookbook to ensure the package\ncache is updated so Chef can install packages, or consider putting\napt-get in your bootstrap process or\n[knife bootstrap template](http://docs.chef.io/knife_bootstrap.html)\n\nOn RHEL, SELinux is enabled by default. The `selinux` cookbook\ncontains a `permissive` recipe that can be used to set SELinux to\n\"Permissive\" state. Otherwise, additional recipes need to be created\nby the user to address SELinux permissions.\n\nThe easiest but **certainly not ideal way** to deal with IPtables is\nto flush all rules. Opscode does provide an `iptables` cookbook but is\nmigrating from the approach used there to a more robust solution\nutilizing a general \"firewall\" LWRP that would have an \"iptables\"\nprovider. Alternately, you can use ufw, with Opscode's `ufw` and\n`firewall` cookbooks to set up rules. See those cookbooks' READMEs for\ndocumentation.\n\nBuild/compile tools may not be installed on the system by default.\nSome recipes (e.g., `apache2::mod_auth_openid`) build the module from\nsource. Use Opscode's `build-essential` cookbook to get essential\nbuild packages installed.\n\nOn ArchLinux, if you are using the `apache2::mod_auth_openid` recipe,\nyou also need the `pacman` cookbook for the `pacman_aur` LWRP. Put\n`recipe[pacman]` on the node's expanded run list (on the node or in a\nrole). This is not an explicit dependency because it is only required\nfor this single recipe and platform; the pacman default recipe\nperforms `pacman -Sy` to keep pacman's package cache updated.\n\nThe `apache2::god_monitor` recipe uses a definition from the `god`\ncookbook. Include `recipe[god]` in the node's expanded run list to\nensure that the cookbook is available to the node, and to set up `god`.\n\n## Platforms:\n\nThe following platforms and versions are tested and supported using\n[test-kitchen](http://kitchen.ci/)\n\n* Ubuntu 12.04, 14.04\n* Debian 7.6\n* CentOS 6.5, 7.0\n\nThe following platform families are supported in the code, and are\nassumed to work based on the successful testing on Ubuntu and CentOS.\n\n* Red Hat (rhel)\n* Fedora\n* Amazon Linux\n\nThe following platforms are also supported in the code, have been\ntested manually but are not tested under test-kitchen.\n\n* SUSE/OpenSUSE\n* ArchLinux\n* FreeBSD\n\n### Notes for RHEL Family:\n\nOn Red Hat Enterprise Linux and derivatives, the EPEL repository may\nbe necessary to install packages used in certain recipes. The\n`apache2::default` recipe, however, does not require any additional\nrepositories. Opscode's `yum-epel` cookbook can be used to add the\nEPEL repository. See __Examples__ for more information.\n\n### Notes for FreeBSD:\n\nVersion 2.0 has been had some basic testing against FreeBSD 10.0 using\nChef 11.14.2 which has support for pkgng (CHEF-4637).\n\nTests\n=====\n\nThis cookbook in the\n[source repository](https://github.com/svanzoest/apache2-cookbook/)\ncontains chefspec, serverspec and cucumber tests. This is an initial proof of\nconcept that will be fleshed out with more supporting infrastructure\nat a future time.\n\nPlease see the CONTRIBUTING file for information on how to add tests\nfor your contributions.\n\nAttributes\n==========\n\nThis cookbook uses many attributes, broken up into a few different\nkinds.\n\nPlatform specific\n-----------------\n\nIn order to support the broadest number of platforms, several\nattributes are determined based on the node's platform. See the\nattributes/default.rb file for default values in the case statement at\nthe top of the file.\n\n* `node['apache']['package']` - Package name for Apache2\n* `node['apache']['perl_pkg']` - Package name for Perl\n* `node['apache']['dir']` - Location for the Apache configuration\n* `node['apache']['log_dir']` - Location for Apache logs\n* `node['apache']['error_log']` - Location for the default error log\n* `node['apache']['access_log']` - Location for the default access log\n* `node['apache']['user']` - User Apache runs as\n* `node['apache']['group']` - Group Apache runs as\n* `node['apache']['binary']` - Apache httpd server daemon\n* `node['apache']['conf_dir']` - Location for the main config file (e.g apache2.conf or httpd.conf)\n* `node['apache']['docroot_dir']` - Location for docroot\n* `node['apache']['cgibin_dir']` - Location for cgi-bin\n* `node['apache']['icondir']` - Location for icons\n* `node['apache']['cache_dir']` - Location for cached files used by Apache itself or recipes\n* `node['apache']['pid_file']` - Location of the PID file for Apache httpd\n* `node['apache']['lib_dir']` - Location for shared libraries\n* `node['apache']['default_site_enabled']` - Default site enabled. Default is false.\n* `node['apache']['ext_status']` - if true, enables ExtendedStatus for `mod_status`\n* `node['apache']['locale'] - Locale to set in sysconfig or envvars and used for subprocesses and modules (like mod_dav and mod_wsgi). On debian systems Uses system-local if set to 'system', defaults to 'C'.\n\nGeneral settings\n----------------\n\nThese are general settings used in recipes and templates. Default\nvalues are noted.\n\n* `node['apache']['version']` - Specifing 2.4 triggers apache 2.4 support. If the platform is known during our test to install 2.4 by default, it will be set to 2.4 for you. Otherwise it falls back to 2.2. This value should be specified as a string.\n* `node['apache']['listen_addresses']` - Addresses that httpd should listen on. Default is any (\"*\").\n* `node['apache']['listen_ports']` - Ports that httpd should listen on. Default is port 80.\n* `node['apache']['contact']` - Value for ServerAdmin directive. Default \"ops@example.com\".\n* `node['apache']['timeout']` - Value for the Timeout directive. Default is 300.\n* `node['apache']['keepalive']` - Value for the KeepAlive directive. Default is On.\n* `node['apache']['keepaliverequests']` - Value for MaxKeepAliveRequests. Default is 100.\n* `node['apache']['keepalivetimeout']` - Value for the KeepAliveTimeout directive. Default is 5.\n* `node['apache']['sysconfig_additional_params']` - Additionals variables set in sysconfig file. Default is empty.\n* `node['apache']['default_modules']` - Array of module names. Can take \"mod_FOO\" or \"FOO\" as names, where FOO is the apache module, e.g. \"`mod_status`\" or \"`status`\".\n* `node['apache']['mpm']` - With apache.version 2.4, specifies what Multi-Processing Module to enable. Default is \"prefork\".\n\nThe modules listed in `default_modules` will be included as recipes in `recipe[apache::default]`.\n\nPrefork attributes\n------------------\n\nPrefork attributes are used for tuning the Apache HTTPD [prefork MPM](http://httpd.apache.org/docs/current/mod/prefork.html) configuration.\n\n* `node['apache']['prefork']['startservers']` - initial number of server processes to start. Default is 16.\n* `node['apache']['prefork']['minspareservers']` - minimum number of spare server processes. Default 16.\n* `node['apache']['prefork']['maxspareservers']` - maximum number of spare server processes. Default 32.\n* `node['apache']['prefork']['serverlimit']` - upper limit on configurable server processes. Default 400.\n* `node['apache']['prefork']['maxrequestworkers']` - Maximum number of connections that will be processed simultaneously\n* `node['apache']['prefork']['maxconnectionsperchild']` - Maximum number of request a child process will handle. Default 10000.\n\nWorker attributes\n-----------------\n\nWorker attributes are used for tuning the Apache HTTPD [worker MPM](http://httpd.apache.org/docs/current/mod/worker.html)\nconfiguration.\n\n* `node['apache']['worker']['startservers']` - Initial number of server processes to start. Default 4\n* `node['apache']['worker']['serverlimit']` - Upper limit on configurable server processes. Default 16.\n* `node['apache']['worker']['minsparethreads']` - Minimum number of spare worker threads. Default 64\n* `node['apache']['worker']['maxsparethreads']` - Maximum number of spare worker threads. Default 192.\n* `node['apache']['worker']['maxrequestworkers']` - Maximum number of simultaneous connections. Default 1024.\n* `node['apache']['worker']['maxconnectionsperchild']` - Limit on the number of connections that an individual child server will handle during its life.\n\nEvent attributes\n----------------\n\nEvent attributes are used for tuning the Apache HTTPD [event MPM](http://httpd.apache.org/docs/current/mod/event.html)\nconfiguration.\n\n* `node['apache']['event']['startservers']` - Initial number of child server processes created at startup. Default 4.\n* `node['apache']['event']['serverlimit']` - Upper limit on configurable number of processes. Default 16.\n* `node['apache']['event']['minsparethreads']` - Minimum number of spare worker threads. Default 64\n* `node['apache']['event']['maxsparethreads']` - Maximum number of spare worker threads. Default 192.\n* `node['apache']['event']['threadlimit']` - Upper limit on the configurable number of threads per child process. Default 192.\n* `node['apache']['event']['threadsperchild']` - Number of threads created by each child process. Default 64.\n* `node['apache']['event']['maxrequestworkers']` - Maximum number of connections that will be processed simultaneously.\n* `node['apache']['event']['maxconnectionsperchild']` - Limit on the number of connections that an individual child server will handle during its life.\n\nmod\\_auth\\_openid attributes\n----------------------------\n\nThe following attributes are in the `attributes/mod_auth_openid.rb`\nfile. Like all Chef attributes files, they are loaded as well, but\nthey're logistically unrelated to the others, being specific to the\n`mod_auth_openid` recipe.\n\n* `node['apache']['mod_auth_openid']['checksum']` - sha256sum of the tarball containing the source.\n* `node['apache']['mod_auth_openid']['ref']` - Any sha, tag, or branch found from https://github.com/bmuller/mod_auth_openid\n* `node['apache']['mod_auth_openid']['version']` - directory name version within the tarball\n* `node['apache']['mod_auth_openid']['cache_dir']` - the cache directory is where the sqlite3 database is stored. It is separate so it can be managed as a directory resource.\n* `node['apache']['mod_auth_openid']['dblocation']` - filename of the sqlite3 database used for directive `AuthOpenIDDBLocation`, stored in the `cache_dir` by default.\n* `node['apache']['mod_auth_openid']['configure_flags']` - optional array of configure flags passed to the `./configure` step in the compilation of the module.\n\nmod\\_ssl attributes\n-------------------\n\nFor general information on this attributes see http://httpd.apache.org/docs/current/mod/mod_ssl.html\n\n* `node['apache']['mod_ssl']['cipher_suite']` - sets the SSLCiphersuite value to the specified string. The default is\n considered \"sane\" but you may need to change it for your local security policy, e.g. if you have PCI-DSS requirements. Additional\n commentary on the\n [original pull request](https://github.com/svanzoest/apache2-cookbook/pull/15#commitcomment-1605406).\n* `node['apache']['mod_ssl']['honor_cipher_order']` - Option to prefer the server's cipher preference order. Default 'On'.\n* `node['apache']['mod_ssl']['insecure_renegotiation']` - Option to enable support for insecure renegotiation. Default 'Off'.\n* `node['apache']['mod_ssl']['strict_sni_vhost_check']` - Whether to allow non-SNI clients to access a name-based virtual host. Default 'Off'.\n* `node['apache']['mod_ssl']['session_cache']` - Configures the OCSP stapling cache. Default `shmcb:/var/run/apache2/ssl_scache`\n* `node['apache']['mod_ssl']['session_cache_timeout']` - Number of seconds before an SSL session expires in the Session Cache. Default 300.\n* `node['apache']['mod_ssl']['compression']` - \tEnable compression on the SSL level. Default 'Off'.\n* `node['apache']['mod_ssl']['use_stapling']` - Enable stapling of OCSP responses in the TLS handshake. Default 'Off'.\n* `node['apache']['mod_ssl']['stapling_responder_timeout']` - \tTimeout for OCSP stapling queries. Default 5\n* `node['apache']['mod_ssl']['stapling_return_responder_errors']` - Pass stapling related OCSP errors on to client. Default 'Off'\n* `node['apache']['mod_ssl']['stapling_cache']` - Configures the OCSP stapling cache. Default `shmcb:/var/run/ocsp(128000)`\n* `node['apache']['mod_ssl']['pass_phrase_dialog']` - Configures SSLPassPhraseDialog. Default `builtin`\n* `node['apache']['mod_ssl']['mutex']` - Configures SSLMutex. Default `file:/var/run/apache2/ssl_mutex`\n* `node['apache']['mod_ssl']['directives']` - Hash for add any custom directive.\n\nFor more information on these directives and how to best secure your site see\n- https://bettercrypto.org/\n- https://wiki.mozilla.org/Security/Server_Side_TLS\n- https://www.insecure.ws/linux/apache_ssl.html\n- https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/\n- https://istlsfastyet.com/\n- https://www.ssllabs.com/projects/best-practices/\n\nRecipes\n=======\n\nMost of the recipes in the cookbook are for enabling Apache modules.\nWhere additional configuration or behavior is used, it is documented\nbelow in more detail.\n\nThe following recipes merely enable the specified module: `mod_alias`,\n`mod_auth_basic`, `mod_auth_digest`, `mod_authn_file`, `mod_authnz_ldap`,\n`mod_authz_default`, `mod_authz_groupfile`, `mod_authz_host`,\n`mod_authz_user`, `mod_autoindex`, `mod_cgi`, `mod_dav_fs`,\n`mod_dav_svn`, `mod_deflate`, `mod_dir`, `mod_env`, `mod_expires`,\n`mod_headers`, `mod_ldap`, `mod_log_config`, `mod_mime`,\n`mod_negotiation`, `mod_proxy`, `mod_proxy_ajp`, `mod_proxy_balancer`,\n`mod_proxy_connect`, `mod_proxy_http`, `mod_python`, `mod_rewrite`,\n`mod_setenvif`, `mod_status`, `mod_wsgi`, `mod_xsendfile`.\n\nOn RHEL Family distributions, certain modules ship with a config file\nwith the package. The recipes here may delete those configuration\nfiles to ensure they don't conflict with the settings from the\ncookbook, which will use per-module configuration in\n`/etc/httpd/mods-enabled`.\n\ndefault\n-------\n\nThe default recipe does a number of things to set up Apache HTTPd. It\nalso includes a number of modules based on the attribute\n`node['apache']['default_modules']` as recipes.\n\nlogrotate\n---------\n\nLogrotate adds a logrotate entry for your apache2 logs. This recipe\nrequires the `logrotate` cookbook; ensure that `recipe[logrotate]` is\nin the node's expanded run list.\n\nmod\\_auth\\_cas\n--------------\n\nThis recipe installs the proper package and enables the `auth_cas`\nmodule. It can install from source or package. Package is the default,\nset the attribute `node['apache']['mod_auth_cas']['from_source']` to\ntrue to enable source installation. Modify the version to install by\nchanging the attribute\n`node['apache']['mod_auth_cas']['source_revision']`. It is a version\ntag by default, but could be master, or another tag, or branch.\n\nThe module configuration is written out with the `CASCookiePath` set,\notherwise an error loading the module may cause Apache to not start.\n\n**Note**: This recipe does not work on EL 6 platforms unless\nepel-testing repository is enabled (outside the scope of this\ncookbook), or the package version 1.0.8.1-3.el6 or higher is otherwise\navailable to the system due to this bug:\n\nhttps://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=708550\n\nmod\\_auth\\_openid\n-----------------\n\n**Changed via COOK-915**\n\nThis recipe compiles the module from source. In addition to\n`build-essential`, some other packages are included for installation\nlike the GNU C++ compiler and development headers.\n\nTo use the module in your own cookbooks to authenticate systems using\nOpenIDs, specify an array of OpenIDs that are allowed to authenticate\nwith the attribute `node['apache']['allowed_openids']`. Use the\nfollowing in a vhost to protect with OpenID authentication:\n\n AuthType OpenID require user <%= node['apache']['allowed_openids'].join(' ') %>\n AuthOpenIDDBLocation <%= node['apache']['mod_auth_openid']['dblocation'] %>\n\nChange the DBLocation with the attribute as required; this file is in\na different location than previous versions, see below. It should be a\nsane default for most platforms, though, see\n`attributes/mod_auth_openid.rb`.\n\n### Changes from COOK-915:\n\n* `AuthType OpenID` instead of `AuthOpenIDEnabled On`.\n* `require user` instead of `AuthOpenIDUserProgram`.\n* A bug(?) in `mod_auth_openid` causes it to segfault when attempting\n to update the database file if the containing directory is not\n writable by the HTTPD process owner (e.g., www-data), even if the\n file is writable. In order to not interfere with other settings from\n the default recipe in this cookbook, the db file is moved.\n\nmod\\_fastcgi\n------------\n\nInstall the fastcgi package and enable the module.\n\nOnly work on Debian/Ubuntu\n\nmod\\_fcgid\n----------\n\nInstalls the fcgi package and enables the module. Requires EPEL on\nRHEL family.\n\nOn RHEL family, this recipe will delete the fcgid.conf and on version\n6+, create the /var/run/httpd/mod_fcgid` directory, which prevents the\nemergency error:\n\n [emerg] (2)No such file or directory: mod_fcgid: Can't create shared memory for size XX bytes\n\nmod\\_php5\n--------\n\nSimply installs the appropriate package on Debian, Ubuntu and\nArchLinux.\n\nOn Red Hat family distributions including Fedora, the php.conf that\ncomes with the package is removed. On RHEL platforms less than v6, the\n`php53` package is used.\n\n* `node['apache']['mod_php5']['install_method']` - default `package` can be overridden to avoid package installs.\n\nmod\\_ssl\n--------\n\nBesides installing and enabling `mod_ssl`, this recipe will append\nport 443 to the `node['apache']['listen_ports']` attribute array and\nupdate the ports.conf.\n\ngod\\_monitor\n------------\n\nSets up a `god` monitor for Apache. External requirements are the\n`god` and `runit` cookbooks from Opscode. When using this recipe,\ninclude `recipe[god]` in the node's expanded run list to ensure the\nclient downloads it; `god` depends on runit so that will also be\ndownloaded.\n\n**Note** This recipe is not tested under test-kitchen yet and is\n pending fix in COOK-744.\n\nDefinitions\n===========\n\nThe cookbook provides a few definitions. At some point in the future\nthese definitions may be refactored into lightweight resources and\nproviders as suggested by\n[foodcritic rule FC015](http://acrmp.github.com/foodcritic/#FC015).\n\napache\\_config\n------------\n\nSets up configuration file for Apache from a template. The\ntemplate should be in the same cookbook where the definition is used. This is used by the `apache_conf` definition and is not often used directly.\n\nIt will use `a2enconf` and `a2disconf` to control the symlinking of configuration files between `conf-available` and `conf-enabled`.\n\nEnable or disable an Apache config file in\n`#{node['apache']['dir']}/conf-available` by calling `a2enmod` or\n`a2dismod` to manage the symbolic link in\n`#{node['apache']['dir']}/conf-enabled`. These config files should be created in your cookbook, and placed on the system using `apache_conf`\n\n### Parameters:\n\n* `name` - Name of the config enabled or disabled with the `a2enconf` or `a2disconf` scripts.\n* `source` - The location of a template file. The default `name.erb`.\n* `cookbook` - The cookbook in which the configuration template is located (if it is not located in the current cookbook). The default value is the current cookbook.\n* `enable` - Default true, which uses `a2enconf` to enable the config. If false, the config will be disabled with `a2disconf`.\n\n### Examples:\n\nEnable the example config.\n\n``````\n apache_config 'example' do\n enable true\n end\n``````\n\nDisable a module:\n\n``````\n apache_config 'disabled_example' do\n enable false\n end\n``````\n\nSee the recipes directory for many more examples of `apache_config`.\n\napache\\_conf\n------------\n\nWrites conf files to the `conf-available` folder, and passes enabled values to `apache_config`.\n\nThis definition should generally be called over `apache_config`.\n\n### Parameters:\n\n* `name` - Name of the config placed and enabled or disabled with the `a2enconf` or `a2disconf` scripts.\n* `enable` - Default true, which uses `a2enconf` to enable the config. If false, the config will be disabled with `a2disconf`.\n* `conf_path` - path to put the config in if you need to override the default `conf-available`.\n\n### Examples:\n\nPlace and enable the example conf:\n\n``````\n apache_conf 'example' do\n enable true\n end\n``````\n\nPlace and disable (or never enable to begin with) the example conf:\n\n``````\n apache_conf 'example' do\n enable false\n end\n``````\n\nPlace the example conf, which has a different path than the default (conf-*):\n\n``````\n apache_conf 'example' do\n conf_path '/random/example/path'\n enable false\n end\n``````\n\napache\\_mod\n------------\n\nSets up configuration file for an Apache module from a template. The\ntemplate should be in the same cookbook where the definition is used.\nThis is used by the `apache_module` definition and is not often used\ndirectly.\n\nThis will use a template resource to write the module's configuration\nfile in the `mods-available` under the Apache configuration directory\n(`node['apache']['dir']`). This is a platform-dependent location. See\n__apache\\_module__.\n\n### Parameters:\n\n* `name` - Name of the template. When used from the `apache_module`,\n it will use the same name as the module.\n\n### Examples:\n\nCreate `#{node['apache']['dir']}/mods-available/alias.conf`.\n\n``````\n apache_mod \"alias\"\n``````\n\napache\\_module\n--------------\n\nEnable or disable an Apache module in\n`#{node['apache']['dir']}/mods-available` by calling `a2enmod` or\n`a2dismod` to manage the symbolic link in\n`#{node['apache']['dir']}/mods-enabled`. If the module has a\nconfiguration file, a template should be created in the cookbook where\nthe definition is used. See __Examples__.\n\n### Parameters:\n\n* `name` - Name of the module enabled or disabled with the `a2enmod` or `a2dismod` scripts.\n* `identifier` - String to identify the module for the `LoadModule` directive. Not typically needed, defaults to `#{name}_module`\n* `enable` - Default true, which uses `a2enmod` to enable the module. If false, the module will be disabled with `a2dismod`.\n* `conf` - Default false. Set to true if the module has a config file, which will use `apache_mod` for the file.\n* `filename` - specify the full name of the file, e.g.\n\n### Examples:\n\nEnable the ssl module, which also has a configuration template in `templates/default/mods/ssl.conf.erb`.\n\n``````\n apache_module \"ssl\" do\n conf true\n end\n``````\n\nEnable the php5 module, which has a different filename than the module default:\n\n``````\n apache_module \"php5\" do\n filename \"libphp5.so\"\n end\n``````\n\nDisable a module:\n\n``````\n apache_module \"disabled_module\" do\n enable false\n end\n``````\n\nSee the recipes directory for many more examples of `apache_module`.\n\napache\\_site\n------------\n\nEnable or disable a VirtualHost in\n`#{node['apache']['dir']}/sites-available` by calling a2ensite or\na2dissite to manage the symbolic link in\n`#{node['apache']['dir']}/sites-enabled`.\n\nThe template for the site must be managed as a separate resource. To\ncombine the template with enabling a site, see `web_app`.\n\n### Parameters:\n\n* `name` - Name of the site.\n* `enable` - Default true, which uses `a2ensite` to enable the site. If false, the site will be disabled with `a2dissite`.\n\nweb\\_app\n--------\n\nManage a template resource for a VirtualHost site, and enable it with\n`apache_site`. This is commonly done for managing web applications\nsuch as Ruby on Rails, PHP or Django, and the default behavior\nreflects that. However it is flexible.\n\nThis definition includes some recipes to make sure the system is\nconfigured to have Apache and some sane default modules:\n\n* `apache2`\n* `apache2::mod_rewrite`\n* `apache2::mod_deflate`\n* `apache2::mod_headers`\n\nIt will then configure the template (see __Parameters__ and\n__Examples__ below), and enable or disable the site per the `enable`\nparameter.\n\n### Parameters:\n\nCurrent parameters used by the definition:\n\n* `name` - The name of the site. The template will be written to\n `#{node['apache']['dir']}/sites-available/#{params['name']}.conf`\n* `cookbook` - Optional. Cookbook where the source template is. If\n this is not defined, Chef will use the named template in the\n cookbook where the definition is used.\n* `template` - Default `web_app.conf.erb`, source template file.\n* `enable` - Default true. Passed to the `apache_site` definition.\n\nAdditional parameters can be defined when the definition is called in\na recipe, see __Examples__.\n\n### Examples:\n\nThe recommended way to use the `web_app` definition is in a application specific cookbook named \"my_app\".\nThe following example would look for a template named 'web_app.conf.erb' in your cookbook containing\nthe apache httpd directives defining the `VirtualHost` that would serve up \"my_app\".\n\n``````\n web_app \"my_app\" do\n template 'web_app.conf.erb'\n server_name node['my_app']['hostname']\n end\n``````\n\nAll parameters are passed into the template. You can use whatever you\nlike. The apache2 cookbook comes with a `web_app.conf.erb` template as\nan example. The following parameters are used in the template:\n\n* `server_name` - ServerName directive.\n* `server_aliases` - ServerAlias directive. Must be an array of aliases.\n* `docroot` - DocumentRoot directive.\n* `application_name` - Used in RewriteLog directive. Will be set to the `name` parameter.\n* `directory_index` - Allow overriding the default DirectoryIndex setting, optional\n* `directory_options` - Override Options on the docroot, for example to add parameters like Includes or Indexes, optional.\n* `allow_override` - Modify the AllowOverride directive on the docroot to support apps that need .htaccess to modify configuration or require authentication.\n\nTo use the default web_app, for example:\n\n``````\n web_app \"my_site\" do\n server_name node['hostname']\n server_aliases [node['fqdn'], \"my-site.example.com\"]\n docroot \"/srv/www/my_site\"\n cookbook 'apache2'\n end\n``````\n\nThe parameters specified will be used as:\n\n* `@params[:server_name]`\n* `@params[:server_aliases]`\n* `@params[:docroot]`\n\nIn the template. When you write your own, the `@` is significant.\n\nFor more information about Definitions and parameters, see the\n[Chef Wiki](http://docs.chef.io/definitions.html)\n\nUsage\n=====\n\nUsing this cookbook is relatively straightforward. Add the desired\nrecipes to the run list of a node, or create a role. Depending on your\nenvironment, you may have multiple roles that use different recipes\nfrom this cookbook. Adjust any attributes as desired. For example, to\ncreate a basic role for web servers that provide both HTTP and HTTPS:\n\n``````\n % cat roles/webserver.rb\n name \"webserver\"\n description \"Systems that serve HTTP and HTTPS\"\n run_list(\n \"recipe[apache2]\",\n \"recipe[apache2::mod_ssl]\"\n )\n default_attributes(\n \"apache\" => {\n \"listen_ports\" => [\"80\", \"443\"]\n }\n )\n``````\n\nFor examples of using the definitions in your own recipes, see their\nrespective sections above.\n\nLicense and Authors\n===================\n\n* Author:: Adam Jacob \n* Author:: Joshua Timberman \n* Author:: Bryan McLellan \n* Author:: Dave Esposito \n* Author:: David Abdemoulaie \n* Author:: Edmund Haselwanter \n* Author:: Eric Rochester \n* Author:: Jim Browne \n* Author:: Matthew Kent \n* Author:: Nathen Harvey \n* Author:: Ringo De Smet \n* Author:: Sean OMeara \n* Author:: Seth Chisamore \n* Author:: Gilles Devaux \n* Author:: Sander van Zoest \n* Author:: Taylor Price \n\n* Copyright:: 2009-2012, Opscode, Inc\n* Copyright:: 2011, Atriso\n* Copyright:: 2011, CustomInk, LLC.\n* Copyright:: 2013-2014, OneHealth Solutions, Inc.\n* Copyright:: 2014, Viverae, Inc.\n* Copyright:: 2015, Alexander van Zoest\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n", - "maintainer": "OneHealth Solutions, Inc.", - "maintainer_email": "cookbooks@onehealth.com", - "license": "Apache 2.0", - "platforms": { - "debian": ">= 0.0.0", - "ubuntu": ">= 0.0.0", - "redhat": ">= 0.0.0", - "centos": ">= 0.0.0", - "fedora": ">= 0.0.0", - "amazon": ">= 0.0.0", - "scientific": ">= 0.0.0", - "freebsd": ">= 0.0.0", - "suse": ">= 0.0.0", - "opensuse": ">= 0.0.0", - "arch": ">= 0.0.0" - }, - "dependencies": { - "iptables": ">= 0.0.0", - "logrotate": ">= 0.0.0" - }, - "recommendations": { - }, - "suggestions": { - }, - "conflicting": { - }, - "providing": { - }, - "replacing": { - }, - "attributes": { - }, - "groupings": { - }, - "recipes": { - "apache2": "Main Apache configuration", - "apache2::logrotate": "Rotate apache2 logs. Requires logrotate cookbook", - "apache2::mod_alias": "Apache module \"alias\" with config file", - "apache2::mod_apreq2": "Apache module \"apreq\"", - "apache2::mod_auth_basic": "Apache module \"auth_basic\"", - "apache2::mod_auth_digest": "Apache module \"auth_digest\"", - "apache2::mod_auth_openid": "Apache module \"authopenid\"", - "apache2::mod_authn_file": "Apache module \"authn_file\"", - "apache2::mod_authnz_ldap": "Apache module \"authnz_ldap\"", - "apache2::mod_authz_core": "Apache module \"authz_core\"", - "apache2::mod_authz_groupfile": "Apache module \"authz_groupfile\"", - "apache2::mod_authz_host": "Apache module \"authz_host\"", - "apache2::mod_authz_user": "Apache module \"authz_user\"", - "apache2::mod_autoindex": "Apache module \"autoindex\" with config file", - "apache2::mod_cgi": "Apache module \"cgi\"", - "apache2::mod_dav": "Apache module \"dav\"", - "apache2::mod_dav_svn": "Apache module \"dav_svn\"", - "apache2::mod_deflate": "Apache module \"deflate\" with config file", - "apache2::mod_dir": "Apache module \"dir\" with config file", - "apache2::mod_env": "Apache module \"env\"", - "apache2::mod_expires": "Apache module \"expires\"", - "apache2::mod_fcgid": "Apache module \"fcgid\", package on ubuntu/debian, rhel/centos, compile source on suse; with config file", - "apache2::mod_headers": "Apache module \"headers\"", - "apache2::mod_include": "Apache module \"include\"", - "apache2::mod_ldap": "Apache module \"ldap\"", - "apache2::mod_log_config": "Apache module \"log_config\"", - "apache2::mod_mime": "Apache module \"mime\" with config file", - "apache2::mod_negotiation": "Apache module \"negotiation\" with config file", - "apache2::mod_pagespeed": "Apache module \"pagespeed\" with config file", - "apache2::mod_perl": "Apache module \"perl\"", - "apache2::mod_php5": "Apache module \"php5\"", - "apache2::mod_proxy": "Apache module \"proxy\" with config file", - "apache2::mod_proxy_ajp": "Apache module \"proxy_ajp\"", - "apache2::mod_proxy_balancer": "Apache module \"proxy_balancer\"", - "apache2::mod_proxy_connect": "Apache module \"proxy_connect\"", - "apache2::mod_proxy_http": "Apache module \"proxy_http\"", - "apache2::mod_python": "Apache module \"python\"", - "apache2::mod_rewrite": "Apache module \"rewrite\"", - "apache2::mod_setenvif": "Apache module \"setenvif\" with config file", - "apache2::mod_ssl": "Apache module \"ssl\" with config file, adds port 443 to listen_ports", - "apache2::mod_status": "Apache module \"status\" with config file", - "apache2::mod_xsendfile": "Apache module \"xsendfile\"" - } -} \ No newline at end of file +{"name":"apache2","version":"3.1.0","description":"Installs and configures all aspects of apache2 using Debian style symlinks with helper definitions","long_description":"apache2 Cookbook\n================\n[![Cookbook Version](https://img.shields.io/cookbook/v/apache2.svg?style=flat)](https://supermarket.chef.io/cookbooks/apache2)\n[![Build Status](https://travis-ci.org/svanzoest-cookbooks/apache2.svg?branch=master)](https://travis-ci.org/svanzoest-cookbooks/apache2)\n[![Dependency Status](http://img.shields.io/gemnasium/svanzoest-cookbooks/apache2.svg?style=flat)](https://gemnasium.com/svanzoest-cookbooks/apache2)\n[![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/svanzoest-cookbooks/apache2?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)\n\nThis cookbook provides a complete Debian/Ubuntu style Apache HTTPD\nconfiguration. Non-Debian based distributions such as Red Hat/CentOS,\nArchLinux and others supported by this cookbook will have a\nconfiguration that mimics Debian/Ubuntu style as it is easier to\nmanage with Chef.\n\nDebian-style Apache configuration uses scripts to manage modules and\nsites (vhosts). The scripts are:\n\n* a2ensite\n* a2dissite\n* a2enmod\n* a2dismod\n* a2enconf\n* a2disconf\n\nThis cookbook ships with templates of these scripts for non\nDebian/Ubuntu platforms. The scripts are used in the __Definitions__\nbelow.\n\nRequirements\n============\n\n## Ohai and Chef:\n\n* Ohai: 0.6.12+\n* Chef: 0.10.10+\n\nAs of v1.2.0, this cookbook makes use of `node['platform_family']` to\nsimplify platform selection logic. This attribute was introduced in\nOhai v0.6.12. The recipe methods were introduced in Chef v0.10.10. If\nyou must run an older version of Chef or Ohai, use [version 1.1.16 of\nthis cookbook](https://supermarket.chef.io/cookbooks/apache2/versions/1.1.16).\n\n## Cookbooks:\n\nThis cookbook has no direct external dependencies.\n\nDepending on your OS configuration and security policy, you may need\nadditional recipes or cookbooks for this cookbook's recipes to\nconverge on the node. In particular, the following Operating System\nsettings may affect the behavior of this cookbook:\n\n* apt cache outdated\n* SELinux enabled\n* IPtables\n* Compile tools\n* 3rd party repositories\n\nOn Ubuntu/Debian, use Opscode's `apt` cookbook to ensure the package\ncache is updated so Chef can install packages, or consider putting\napt-get in your bootstrap process or\n[knife bootstrap template](http://docs.chef.io/knife_bootstrap.html)\n\nOn RHEL, SELinux is enabled by default. The `selinux` cookbook\ncontains a `permissive` recipe that can be used to set SELinux to\n\"Permissive\" state. Otherwise, additional recipes need to be created\nby the user to address SELinux permissions.\n\nThe easiest but **certainly not ideal way** to deal with IPtables is\nto flush all rules. Chef Software does provide an `iptables` cookbook but is\nmigrating from the approach used there to a more robust solution\nutilizing a general \"firewall\" LWRP that would have an \"iptables\"\nprovider. Alternately, you can use ufw, with Opscode's `ufw` and\n`firewall` cookbooks to set up rules. See those cookbooks' READMEs for\ndocumentation.\n\nBuild/compile tools may not be installed on the system by default.\nSome recipes (e.g., `apache2::mod_auth_openid`) build the module from\nsource. Use Opscode's `build-essential` cookbook to get essential\nbuild packages installed.\n\nOn ArchLinux, if you are using the `apache2::mod_auth_openid` recipe,\nyou also need the `pacman` cookbook for the `pacman_aur` LWRP. Put\n`recipe[pacman]` on the node's expanded run list (on the node or in a\nrole). This is not an explicit dependency because it is only required\nfor this single recipe and platform; the pacman default recipe\nperforms `pacman -Sy` to keep pacman's package cache updated.\n\n## Platforms:\n\nThe following platforms and versions are tested and supported using\n[test-kitchen](http://kitchen.ci/)\n\n* Ubuntu 12.04, 14.04\n* Debian 7.6\n* CentOS 6.5, 7.0\n\nThe following platform families are supported in the code, and are\nassumed to work based on the successful testing on Ubuntu and CentOS.\n\n* Red Hat (rhel)\n* Fedora\n* Amazon Linux\n\nThe following platforms are also supported in the code, have been\ntested manually but are not tested under test-kitchen.\n\n* SUSE/OpenSUSE\n* ArchLinux\n* FreeBSD\n\n### Notes for RHEL Family:\n\nOn Red Hat Enterprise Linux and derivatives, the EPEL repository may\nbe necessary to install packages used in certain recipes. The\n`apache2::default` recipe, however, does not require any additional\nrepositories. Opscode's `yum-epel` cookbook can be used to add the\nEPEL repository. See __Examples__ for more information.\n\n### Notes for FreeBSD:\n\nVersion 2.0 has been had some basic testing against FreeBSD 10.0 using\nChef 11.14.2 which has support for pkgng (CHEF-4637).\n\nTests\n=====\n\nThis cookbook in the\n[source repository](https://github.com/svanzoest-cookbooks/apache2/)\ncontains chefspec, serverspec and cucumber tests. This is an initial proof of\nconcept that will be fleshed out with more supporting infrastructure\nat a future time.\n\nPlease see the CONTRIBUTING file for information on how to add tests\nfor your contributions.\n\nAttributes\n==========\n\nThis cookbook uses many attributes, broken up into a few different\nkinds.\n\nPlatform specific\n-----------------\n\nIn order to support the broadest number of platforms, several\nattributes are determined based on the node's platform. See the\nattributes/default.rb file for default values in the case statement at\nthe top of the file.\n\n* `node['apache']['package']` - Package name for Apache2\n* `node['apache']['perl_pkg']` - Package name for Perl\n* `node['apache']['dir']` - Location for the Apache configuration\n* `node['apache']['log_dir']` - Location for Apache logs\n* `node['apache']['error_log']` - Location for the default error log\n* `node['apache']['access_log']` - Location for the default access log\n* `node['apache']['user']` - User Apache runs as\n* `node['apache']['group']` - Group Apache runs as\n* `node['apache']['binary']` - Apache httpd server daemon\n* `node['apache']['conf_dir']` - Location for the main config file (e.g apache2.conf or httpd.conf)\n* `node['apache']['docroot_dir']` - Location for docroot\n* `node['apache']['cgibin_dir']` - Location for cgi-bin\n* `node['apache']['icondir']` - Location for icons\n* `node['apache']['cache_dir']` - Location for cached files used by Apache itself or recipes\n* `node['apache']['pid_file']` - Location of the PID file for Apache httpd\n* `node['apache']['lib_dir']` - Location for shared libraries\n* `node['apache']['default_site_enabled']` - Default site enabled. Default is false.\n* `node['apache']['ext_status']` - if true, enables ExtendedStatus for `mod_status`\n* `node['apache']['locale'] - Locale to set in sysconfig or envvars and used for subprocesses and modules (like mod_dav and mod_wsgi). On debian systems Uses system-local if set to 'system', defaults to 'C'.\n\nGeneral settings\n----------------\n\nThese are general settings used in recipes and templates. Default\nvalues are noted.\n\n* `node['apache']['version']` - Specifing 2.4 triggers apache 2.4 support. If the platform is known during our test to install 2.4 by default, it will be set to 2.4 for you. Otherwise it falls back to 2.2. This value should be specified as a string.\n* `node['apache']['listen_addresses']` - Addresses that httpd should listen on. Default is any (\"*\").\n* `node['apache']['listen_ports']` - Ports that httpd should listen on. Default is port 80.\n* `node['apache']['contact']` - Value for ServerAdmin directive. Default \"ops@example.com\".\n* `node['apache']['timeout']` - Value for the Timeout directive. Default is 300.\n* `node['apache']['keepalive']` - Value for the KeepAlive directive. Default is On.\n* `node['apache']['keepaliverequests']` - Value for MaxKeepAliveRequests. Default is 100.\n* `node['apache']['keepalivetimeout']` - Value for the KeepAliveTimeout directive. Default is 5.\n* `node['apache']['sysconfig_additional_params']` - Additionals variables set in sysconfig file. Default is empty.\n* `node['apache']['default_modules']` - Array of module names. Can take \"mod_FOO\" or \"FOO\" as names, where FOO is the apache module, e.g. \"`mod_status`\" or \"`status`\".\n* `node['apache']['mpm']` - With apache.version 2.4, specifies what Multi-Processing Module to enable. Default is \"prefork\".\n\nThe modules listed in `default_modules` will be included as recipes in `recipe[apache::default]`.\n\nPrefork attributes\n------------------\n\nPrefork attributes are used for tuning the Apache HTTPD [prefork MPM](http://httpd.apache.org/docs/current/mod/prefork.html) configuration.\n\n* `node['apache']['prefork']['startservers']` - initial number of server processes to start. Default is 16.\n* `node['apache']['prefork']['minspareservers']` - minimum number of spare server processes. Default 16.\n* `node['apache']['prefork']['maxspareservers']` - maximum number of spare server processes. Default 32.\n* `node['apache']['prefork']['serverlimit']` - upper limit on configurable server processes. Default 400.\n* `node['apache']['prefork']['maxrequestworkers']` - Maximum number of connections that will be processed simultaneously\n* `node['apache']['prefork']['maxconnectionsperchild']` - Maximum number of request a child process will handle. Default 10000.\n\nWorker attributes\n-----------------\n\nWorker attributes are used for tuning the Apache HTTPD [worker MPM](http://httpd.apache.org/docs/current/mod/worker.html)\nconfiguration.\n\n* `node['apache']['worker']['startservers']` - Initial number of server processes to start. Default 4\n* `node['apache']['worker']['serverlimit']` - Upper limit on configurable server processes. Default 16.\n* `node['apache']['worker']['minsparethreads']` - Minimum number of spare worker threads. Default 64\n* `node['apache']['worker']['maxsparethreads']` - Maximum number of spare worker threads. Default 192.\n* `node['apache']['worker']['maxrequestworkers']` - Maximum number of simultaneous connections. Default 1024.\n* `node['apache']['worker']['maxconnectionsperchild']` - Limit on the number of connections that an individual child server will handle during its life.\n\nEvent attributes\n----------------\n\nEvent attributes are used for tuning the Apache HTTPD [event MPM](http://httpd.apache.org/docs/current/mod/event.html)\nconfiguration.\n\n* `node['apache']['event']['startservers']` - Initial number of child server processes created at startup. Default 4.\n* `node['apache']['event']['serverlimit']` - Upper limit on configurable number of processes. Default 16.\n* `node['apache']['event']['minsparethreads']` - Minimum number of spare worker threads. Default 64\n* `node['apache']['event']['maxsparethreads']` - Maximum number of spare worker threads. Default 192.\n* `node['apache']['event']['threadlimit']` - Upper limit on the configurable number of threads per child process. Default 192.\n* `node['apache']['event']['threadsperchild']` - Number of threads created by each child process. Default 64.\n* `node['apache']['event']['maxrequestworkers']` - Maximum number of connections that will be processed simultaneously.\n* `node['apache']['event']['maxconnectionsperchild']` - Limit on the number of connections that an individual child server will handle during its life.\n\nOther/Unsupported MPM\n---------------------\n\nTo use the cookbook with an unsupported mpm (other than prefork, event or worker):\n\n* set `node['apache']['mpm']` to the name of the module (e.g. `itk`)\n* in your cookbook, after `include_recipe 'apache2'` use the `apache_module` definition to enable/disable the required module(s)\n\n\nmod\\_auth\\_openid attributes\n----------------------------\n\nThe following attributes are in the `attributes/mod_auth_openid.rb`\nfile. Like all Chef attributes files, they are loaded as well, but\nthey're logistically unrelated to the others, being specific to the\n`mod_auth_openid` recipe.\n\n* `node['apache']['mod_auth_openid']['checksum']` - sha256sum of the tarball containing the source.\n* `node['apache']['mod_auth_openid']['ref']` - Any sha, tag, or branch found from https://github.com/bmuller/mod_auth_openid\n* `node['apache']['mod_auth_openid']['version']` - directory name version within the tarball\n* `node['apache']['mod_auth_openid']['cache_dir']` - the cache directory is where the sqlite3 database is stored. It is separate so it can be managed as a directory resource.\n* `node['apache']['mod_auth_openid']['dblocation']` - filename of the sqlite3 database used for directive `AuthOpenIDDBLocation`, stored in the `cache_dir` by default.\n* `node['apache']['mod_auth_openid']['configure_flags']` - optional array of configure flags passed to the `./configure` step in the compilation of the module.\n\nmod\\_ssl attributes\n-------------------\n\nFor general information on this attributes see http://httpd.apache.org/docs/current/mod/mod_ssl.html\n\n* `node['apache']['mod_ssl']['cipher_suite']` - sets the SSLCiphersuite value to the specified string. The default is\n considered \"sane\" but you may need to change it for your local security policy, e.g. if you have PCI-DSS requirements. Additional\n commentary on the\n [original pull request](https://github.com/svanzoest-cookbooks/apache2/pull/15#commitcomment-1605406).\n* `node['apache']['mod_ssl']['honor_cipher_order']` - Option to prefer the server's cipher preference order. Default 'On'.\n* `node['apache']['mod_ssl']['insecure_renegotiation']` - Option to enable support for insecure renegotiation. Default 'Off'.\n* `node['apache']['mod_ssl']['strict_sni_vhost_check']` - Whether to allow non-SNI clients to access a name-based virtual host. Default 'Off'.\n* `node['apache']['mod_ssl']['session_cache']` - Configures the OCSP stapling cache. Default `shmcb:/var/run/apache2/ssl_scache`\n* `node['apache']['mod_ssl']['session_cache_timeout']` - Number of seconds before an SSL session expires in the Session Cache. Default 300.\n* `node['apache']['mod_ssl']['compression']` - \tEnable compression on the SSL level. Default 'Off'.\n* `node['apache']['mod_ssl']['use_stapling']` - Enable stapling of OCSP responses in the TLS handshake. Default 'Off'.\n* `node['apache']['mod_ssl']['stapling_responder_timeout']` - \tTimeout for OCSP stapling queries. Default 5\n* `node['apache']['mod_ssl']['stapling_return_responder_errors']` - Pass stapling related OCSP errors on to client. Default 'Off'\n* `node['apache']['mod_ssl']['stapling_cache']` - Configures the OCSP stapling cache. Default `shmcb:/var/run/ocsp(128000)`\n* `node['apache']['mod_ssl']['pass_phrase_dialog']` - Configures SSLPassPhraseDialog. Default `builtin`\n* `node['apache']['mod_ssl']['mutex']` - Configures SSLMutex. Default `file:/var/run/apache2/ssl_mutex`\n* `node['apache']['mod_ssl']['directives']` - Hash for add any custom directive.\n\nFor more information on these directives and how to best secure your site see\n- https://bettercrypto.org/\n- https://wiki.mozilla.org/Security/Server_Side_TLS\n- https://www.insecure.ws/linux/apache_ssl.html\n- https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/\n- https://istlsfastyet.com/\n- https://www.ssllabs.com/projects/best-practices/\n\nRecipes\n=======\n\nMost of the recipes in the cookbook are for enabling Apache modules.\nWhere additional configuration or behavior is used, it is documented\nbelow in more detail.\n\nThe following recipes merely enable the specified module: `mod_alias`,\n`mod_auth_basic`, `mod_auth_digest`, `mod_authn_file`, `mod_authnz_ldap`,\n`mod_authz_default`, `mod_authz_groupfile`, `mod_authz_host`,\n`mod_authz_user`, `mod_autoindex`, `mod_cgi`, `mod_dav_fs`,\n`mod_dav_svn`, `mod_deflate`, `mod_dir`, `mod_env`, `mod_expires`,\n`mod_headers`, `mod_ldap`, `mod_log_config`, `mod_mime`,\n`mod_negotiation`, `mod_proxy`, `mod_proxy_ajp`, `mod_proxy_balancer`,\n`mod_proxy_connect`, `mod_proxy_http`, `mod_python`, `mod_rewrite`,\n`mod_setenvif`, `mod_status`, `mod_wsgi`, `mod_xsendfile`.\n\nOn RHEL Family distributions, certain modules ship with a config file\nwith the package. The recipes here may delete those configuration\nfiles to ensure they don't conflict with the settings from the\ncookbook, which will use per-module configuration in\n`/etc/httpd/mods-enabled`.\n\ndefault\n-------\n\nThe default recipe does a number of things to set up Apache HTTPd. It\nalso includes a number of modules based on the attribute\n`node['apache']['default_modules']` as recipes.\n\nmod\\_auth\\_cas\n--------------\n\nThis recipe installs the proper package and enables the `auth_cas`\nmodule. It can install from source or package. Package is the default,\nset the attribute `node['apache']['mod_auth_cas']['from_source']` to\ntrue to enable source installation. Modify the version to install by\nchanging the attribute\n`node['apache']['mod_auth_cas']['source_revision']`. It is a version\ntag by default, but could be master, or another tag, or branch.\n\nThe module configuration is written out with the `CASCookiePath` set,\notherwise an error loading the module may cause Apache to not start.\n\n**Note**: This recipe does not work on EL 6 platforms unless\nepel-testing repository is enabled (outside the scope of this\ncookbook), or the package version 1.0.8.1-3.el6 or higher is otherwise\navailable to the system due to this bug:\n\nhttps://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=708550\n\nmod\\_auth\\_openid\n-----------------\n\n**Changed via COOK-915**\n\nThis recipe compiles the module from source. In addition to\n`build-essential`, some other packages are included for installation\nlike the GNU C++ compiler and development headers.\n\nTo use the module in your own cookbooks to authenticate systems using\nOpenIDs, specify an array of OpenIDs that are allowed to authenticate\nwith the attribute `node['apache']['allowed_openids']`. Use the\nfollowing in a vhost to protect with OpenID authentication:\n\n AuthType OpenID require user <%= node['apache']['allowed_openids'].join(' ') %>\n AuthOpenIDDBLocation <%= node['apache']['mod_auth_openid']['dblocation'] %>\n\nChange the DBLocation with the attribute as required; this file is in\na different location than previous versions, see below. It should be a\nsane default for most platforms, though, see\n`attributes/mod_auth_openid.rb`.\n\n### Changes from COOK-915:\n\n* `AuthType OpenID` instead of `AuthOpenIDEnabled On`.\n* `require user` instead of `AuthOpenIDUserProgram`.\n* A bug(?) in `mod_auth_openid` causes it to segfault when attempting\n to update the database file if the containing directory is not\n writable by the HTTPD process owner (e.g., www-data), even if the\n file is writable. In order to not interfere with other settings from\n the default recipe in this cookbook, the db file is moved.\n\nmod\\_fastcgi\n------------\n\nInstall the fastcgi package and enable the module.\n\nOnly work on Debian/Ubuntu\n\nmod\\_fcgid\n----------\n\nInstalls the fcgi package and enables the module. Requires EPEL on\nRHEL family.\n\nOn RHEL family, this recipe will delete the fcgid.conf and on version\n6+, create the /var/run/httpd/mod_fcgid` directory, which prevents the\nemergency error:\n\n [emerg] (2)No such file or directory: mod_fcgid: Can't create shared memory for size XX bytes\n\nmod\\_php5\n--------\n\nSimply installs the appropriate package on Debian, Ubuntu and\nArchLinux.\n\nOn Red Hat family distributions including Fedora, the php.conf that\ncomes with the package is removed. On RHEL platforms less than v6, the\n`php53` package is used.\n\n* `node['apache']['mod_php5']['install_method']` - default `package` can be overridden to avoid package installs.\n\nmod\\_ssl\n--------\n\nBesides installing and enabling `mod_ssl`, this recipe will append\nport 443 to the `node['apache']['listen_ports']` attribute array and\nupdate the ports.conf.\n\nDefinitions\n===========\n\nThe cookbook provides a few definitions. At some point in the future\nthese definitions may be refactored into lightweight resources and\nproviders as suggested by\n[foodcritic rule FC015](http://acrmp.github.com/foodcritic/#FC015).\n\napache\\_config\n------------\n\nSets up configuration file for Apache from a template. The\ntemplate should be in the same cookbook where the definition is used. This is used by the `apache_conf` definition and is not often used directly.\n\nIt will use `a2enconf` and `a2disconf` to control the symlinking of configuration files between `conf-available` and `conf-enabled`.\n\nEnable or disable an Apache config file in\n`#{node['apache']['dir']}/conf-available` by calling `a2enmod` or\n`a2dismod` to manage the symbolic link in\n`#{node['apache']['dir']}/conf-enabled`. These config files should be created in your cookbook, and placed on the system using `apache_conf`\n\n### Parameters:\n\n* `name` - Name of the config enabled or disabled with the `a2enconf` or `a2disconf` scripts.\n* `source` - The location of a template file. The default `name.erb`.\n* `cookbook` - The cookbook in which the configuration template is located (if it is not located in the current cookbook). The default value is the current cookbook.\n* `enable` - Default true, which uses `a2enconf` to enable the config. If false, the config will be disabled with `a2disconf`.\n\n### Examples:\n\nEnable the example config.\n\n``````\n apache_config 'example' do\n enable true\n end\n``````\n\nDisable a module:\n\n``````\n apache_config 'disabled_example' do\n enable false\n end\n``````\n\nSee the recipes directory for many more examples of `apache_config`.\n\napache\\_conf\n------------\n\nWrites conf files to the `conf-available` folder, and passes enabled values to `apache_config`.\n\nThis definition should generally be called over `apache_config`.\n\n### Parameters:\n\n* `name` - Name of the config placed and enabled or disabled with the `a2enconf` or `a2disconf` scripts.\n* `enable` - Default true, which uses `a2enconf` to enable the config. If false, the config will be disabled with `a2disconf`.\n* `conf_path` - path to put the config in if you need to override the default `conf-available`.\n\n### Examples:\n\nPlace and enable the example conf:\n\n``````\n apache_conf 'example' do\n enable true\n end\n``````\n\nPlace and disable (or never enable to begin with) the example conf:\n\n``````\n apache_conf 'example' do\n enable false\n end\n``````\n\nPlace the example conf, which has a different path than the default (conf-*):\n\n``````\n apache_conf 'example' do\n conf_path '/random/example/path'\n enable false\n end\n``````\n\napache\\_mod\n------------\n\nSets up configuration file for an Apache module from a template. The\ntemplate should be in the same cookbook where the definition is used.\nThis is used by the `apache_module` definition and is not often used\ndirectly.\n\nThis will use a template resource to write the module's configuration\nfile in the `mods-available` under the Apache configuration directory\n(`node['apache']['dir']`). This is a platform-dependent location. See\n__apache\\_module__.\n\n### Parameters:\n\n* `name` - Name of the template. When used from the `apache_module`,\n it will use the same name as the module.\n\n### Examples:\n\nCreate `#{node['apache']['dir']}/mods-available/alias.conf`.\n\n``````\n apache_mod \"alias\"\n``````\n\napache\\_module\n--------------\n\nEnable or disable an Apache module in\n`#{node['apache']['dir']}/mods-available` by calling `a2enmod` or\n`a2dismod` to manage the symbolic link in\n`#{node['apache']['dir']}/mods-enabled`. If the module has a\nconfiguration file, a template should be created in the cookbook where\nthe definition is used. See __Examples__.\n\n### Parameters:\n\n* `name` - Name of the module enabled or disabled with the `a2enmod` or `a2dismod` scripts.\n* `identifier` - String to identify the module for the `LoadModule` directive. Not typically needed, defaults to `#{name}_module`\n* `enable` - Default true, which uses `a2enmod` to enable the module. If false, the module will be disabled with `a2dismod`.\n* `conf` - Default false. Set to true if the module has a config file, which will use `apache_mod` for the file.\n* `filename` - specify the full name of the file, e.g.\n\n### Examples:\n\nEnable the ssl module, which also has a configuration template in `templates/default/mods/ssl.conf.erb`.\n\n``````\n apache_module \"ssl\" do\n conf true\n end\n``````\n\nEnable the php5 module, which has a different filename than the module default:\n\n``````\n apache_module \"php5\" do\n filename \"libphp5.so\"\n end\n``````\n\nDisable a module:\n\n``````\n apache_module \"disabled_module\" do\n enable false\n end\n``````\n\nSee the recipes directory for many more examples of `apache_module`.\n\napache\\_site\n------------\n\nEnable or disable a VirtualHost in\n`#{node['apache']['dir']}/sites-available` by calling a2ensite or\na2dissite to manage the symbolic link in\n`#{node['apache']['dir']}/sites-enabled`.\n\nThe template for the site must be managed as a separate resource. To\ncombine the template with enabling a site, see `web_app`.\n\n### Parameters:\n\n* `name` - Name of the site.\n* `enable` - Default true, which uses `a2ensite` to enable the site. If false, the site will be disabled with `a2dissite`.\n\nweb\\_app\n--------\n\nManage a template resource for a VirtualHost site, and enable it with\n`apache_site`. This is commonly done for managing web applications\nsuch as Ruby on Rails, PHP or Django, and the default behavior\nreflects that. However it is flexible.\n\nThis definition includes some recipes to make sure the system is\nconfigured to have Apache and some sane default modules:\n\n* `apache2`\n* `apache2::mod_rewrite`\n* `apache2::mod_deflate`\n* `apache2::mod_headers`\n\nIt will then configure the template (see __Parameters__ and\n__Examples__ below), and enable or disable the site per the `enable`\nparameter.\n\n### Parameters:\n\nCurrent parameters used by the definition:\n\n* `name` - The name of the site. The template will be written to\n `#{node['apache']['dir']}/sites-available/#{params['name']}.conf`\n* `cookbook` - Optional. Cookbook where the source template is. If\n this is not defined, Chef will use the named template in the\n cookbook where the definition is used.\n* `template` - Default `web_app.conf.erb`, source template file.\n* `enable` - Default true. Passed to the `apache_site` definition.\n\nAdditional parameters can be defined when the definition is called in\na recipe, see __Examples__.\n\n### Examples:\n\nThe recommended way to use the `web_app` definition is in a application specific cookbook named \"my_app\".\nThe following example would look for a template named 'web_app.conf.erb' in your cookbook containing\nthe apache httpd directives defining the `VirtualHost` that would serve up \"my_app\".\n\n``````\n web_app \"my_app\" do\n template 'web_app.conf.erb'\n server_name node['my_app']['hostname']\n end\n``````\n\nAll parameters are passed into the template. You can use whatever you\nlike. The apache2 cookbook comes with a `web_app.conf.erb` template as\nan example. The following parameters are used in the template:\n\n* `server_name` - ServerName directive.\n* `server_aliases` - ServerAlias directive. Must be an array of aliases.\n* `docroot` - DocumentRoot directive.\n* `application_name` - Used in RewriteLog directive. Will be set to the `name` parameter.\n* `directory_index` - Allow overriding the default DirectoryIndex setting, optional\n* `directory_options` - Override Options on the docroot, for example to add parameters like Includes or Indexes, optional.\n* `allow_override` - Modify the AllowOverride directive on the docroot to support apps that need .htaccess to modify configuration or require authentication.\n\nTo use the default web_app, for example:\n\n``````\n web_app \"my_site\" do\n server_name node['hostname']\n server_aliases [node['fqdn'], \"my-site.example.com\"]\n docroot \"/srv/www/my_site\"\n cookbook 'apache2'\n end\n``````\n\nThe parameters specified will be used as:\n\n* `@params[:server_name]`\n* `@params[:server_aliases]`\n* `@params[:docroot]`\n\nIn the template. When you write your own, the `@` is significant.\n\nFor more information about Definitions and parameters, see the\n[Chef Wiki](http://docs.chef.io/definitions.html)\n\nUsage\n=====\n\nUsing this cookbook is relatively straightforward. Add the desired\nrecipes to the run list of a node, or create a role. Depending on your\nenvironment, you may have multiple roles that use different recipes\nfrom this cookbook. Adjust any attributes as desired. For example, to\ncreate a basic role for web servers that provide both HTTP and HTTPS:\n\n``````\n % cat roles/webserver.rb\n name \"webserver\"\n description \"Systems that serve HTTP and HTTPS\"\n run_list(\n \"recipe[apache2]\",\n \"recipe[apache2::mod_ssl]\"\n )\n default_attributes(\n \"apache\" => {\n \"listen_ports\" => [\"80\", \"443\"]\n }\n )\n``````\n\nFor examples of using the definitions in your own recipes, see their\nrespective sections above.\n\nLicense and Authors\n===================\n\n* Author:: Adam Jacob \n* Author:: Joshua Timberman \n* Author:: Bryan McLellan \n* Author:: Dave Esposito \n* Author:: David Abdemoulaie \n* Author:: Edmund Haselwanter \n* Author:: Eric Rochester \n* Author:: Jim Browne \n* Author:: Matthew Kent \n* Author:: Nathen Harvey \n* Author:: Ringo De Smet \n* Author:: Sean OMeara \n* Author:: Seth Chisamore \n* Author:: Gilles Devaux \n* Author:: Sander van Zoest \n* Author:: Taylor Price \n\n* Copyright:: 2009-2012, Chef Software, Inc\n* Copyright:: 2011, Atriso\n* Copyright:: 2011, CustomInk, LLC.\n* Copyright:: 2013-2014, OneHealth Solutions, Inc.\n* Copyright:: 2014, Viverae, Inc.\n* Copyright:: 2015, Alexander van Zoest\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n","maintainer":"Sander van Zoest","maintainer_email":"sander+cookbooks@vanzoest.com","license":"Apache 2.0","platforms":{"debian":">= 0.0.0","ubuntu":">= 0.0.0","redhat":">= 0.0.0","centos":">= 0.0.0","fedora":">= 0.0.0","amazon":">= 0.0.0","scientific":">= 0.0.0","freebsd":">= 0.0.0","suse":">= 0.0.0","opensuse":">= 0.0.0","arch":">= 0.0.0"},"dependencies":{},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{}} \ No newline at end of file diff --git a/berks-cookbooks/apache2/recipes/default.rb b/berks-cookbooks/apache2/recipes/default.rb index 841ea12c..697577b9 100644 --- a/berks-cookbooks/apache2/recipes/default.rb +++ b/berks-cookbooks/apache2/recipes/default.rb @@ -2,7 +2,8 @@ # Cookbook Name:: apache2 # Recipe:: default # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. +# Copyright 2014-2015, Alexander van Zoest # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -29,14 +30,16 @@ end end -%w(default 000-default).each do |site| +%w(default default.conf 000-default 000-default.conf).each do |site| link "#{node['apache']['dir']}/sites-enabled/#{site}" do action :delete + not_if { site == "#{node['apache']['default_site_name']}.conf" && node['apache']['default_site_enabled'] } end file "#{node['apache']['dir']}/sites-available/#{site}" do action :delete backup false + not_if { site == "#{node['apache']['default_site_name']}.conf" && node['apache']['default_site_enabled'] } end end @@ -181,7 +184,11 @@ if node['apache']['version'] == '2.4' && !platform_family?('freebsd') # on freebsd the prefork mpm is staticly compiled in - include_recipe "apache2::mpm_#{node['apache']['mpm']}" + if node['apache']['mpm_support'].include?(node['apache']['mpm']) + include_recipe "apache2::mpm_#{node['apache']['mpm']}" + else + Chef::Log.warn("apache2: #{node['apache']['mpm']} module is not supported and must be handled separately!") + end end node['apache']['default_modules'].each do |mod| @@ -189,20 +196,18 @@ include_recipe "apache2::#{module_recipe_name}" end -web_app 'default' do - template 'default-site.conf.erb' - path "#{node['apache']['dir']}/sites-available/default.conf" - enable node['apache']['default_site_enabled'] -end - -apache_site node['apache']['default_site_name'] do - enable node['apache']['default_site_enabled'] +if node['apache']['default_site_enabled'] + web_app node['apache']['default_site_name'] do + template 'default-site.conf.erb' + enable node['apache']['default_site_enabled'] + end end service 'apache2' do service_name node['apache']['service_name'] case node['platform_family'] when 'rhel' + restart_command '/sbin/service httpd restart && sleep 1' if node['apache']['version'] == '2.2' reload_command '/sbin/service httpd graceful' when 'debian' provider Chef::Provider::Service::Debian diff --git a/berks-cookbooks/apache2/recipes/god_monitor.rb b/berks-cookbooks/apache2/recipes/god_monitor.rb deleted file mode 100644 index a64b5280..00000000 --- a/berks-cookbooks/apache2/recipes/god_monitor.rb +++ /dev/null @@ -1,33 +0,0 @@ -# -# Cookbook Name:: apache2 -# Recipe:: god_monitor -# -# Copyright 2008-2013, Opscode, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -apache_service = service 'apache2' do - action :nothing -end - -start_command = apache_service.start_command -stop_command = apache_service.stop_command -restart_command = apache_service.restart_command - -god_monitor 'apache2' do - config 'apache2.god.erb' - start start_command || "/etc/init.d/#{apache_service.service_name} start" - restart restart_command || "/etc/init.d/#{apache_service.service_name} restart" - stop stop_command || "/etc/init.d/#{apache_service.service_name} stop" -end diff --git a/berks-cookbooks/apache2/recipes/mod_actions.rb b/berks-cookbooks/apache2/recipes/mod_actions.rb index 31dbc1c8..98b8f418 100644 --- a/berks-cookbooks/apache2/recipes/mod_actions.rb +++ b/berks-cookbooks/apache2/recipes/mod_actions.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_actions # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/recipes/mod_alias.rb b/berks-cookbooks/apache2/recipes/mod_alias.rb index 142553b1..60ac1954 100644 --- a/berks-cookbooks/apache2/recipes/mod_alias.rb +++ b/berks-cookbooks/apache2/recipes/mod_alias.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_alias # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/recipes/mod_apreq2.rb b/berks-cookbooks/apache2/recipes/mod_apreq2.rb index b6902e1b..005c72c0 100644 --- a/berks-cookbooks/apache2/recipes/mod_apreq2.rb +++ b/berks-cookbooks/apache2/recipes/mod_apreq2.rb @@ -4,7 +4,7 @@ # # modified from the python recipe by Jeremy Bingham # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/recipes/mod_asis.rb b/berks-cookbooks/apache2/recipes/mod_asis.rb index e4950e02..bba792ee 100644 --- a/berks-cookbooks/apache2/recipes/mod_asis.rb +++ b/berks-cookbooks/apache2/recipes/mod_asis.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_asis # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2009, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/recipes/mod_auth_basic.rb b/berks-cookbooks/apache2/recipes/mod_auth_basic.rb index 3c980609..8906a253 100644 --- a/berks-cookbooks/apache2/recipes/mod_auth_basic.rb +++ b/berks-cookbooks/apache2/recipes/mod_auth_basic.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_auth_basic # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/recipes/mod_auth_cas.rb b/berks-cookbooks/apache2/recipes/mod_auth_cas.rb index 8b85dabf..45c9058d 100644 --- a/berks-cookbooks/apache2/recipes/mod_auth_cas.rb +++ b/berks-cookbooks/apache2/recipes/mod_auth_cas.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_auth_cas # -# Copyright 2013, Opscode, Inc. +# Copyright 2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,12 +20,7 @@ include_recipe 'apache2::default' if node['apache']['mod_auth_cas']['from_source'] - package 'httpd-devel' do - package_name value_for_platform_family( - %w(rhel fedora suse) => 'httpd-devel', - 'debian' => 'apache2-dev' - ) - end + package node['apache']['devel_package'] git '/tmp/mod_auth_cas' do repository 'git://github.com/Jasig/mod_auth_cas.git' diff --git a/berks-cookbooks/apache2/recipes/mod_auth_digest.rb b/berks-cookbooks/apache2/recipes/mod_auth_digest.rb index cfd66e29..ca2e094f 100644 --- a/berks-cookbooks/apache2/recipes/mod_auth_digest.rb +++ b/berks-cookbooks/apache2/recipes/mod_auth_digest.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_auth_digest # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/recipes/mod_auth_openid.rb b/berks-cookbooks/apache2/recipes/mod_auth_openid.rb index 07dd7d01..280fba46 100644 --- a/berks-cookbooks/apache2/recipes/mod_auth_openid.rb +++ b/berks-cookbooks/apache2/recipes/mod_auth_openid.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_auth_openid # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,9 +18,9 @@ # openid_dev_pkgs = value_for_platform_family( - 'debian' => %w(automake make g++ apache2-prefork-dev libopkele-dev libopkele3 libtool), - 'suse' => %w(automake make g++ apache2-prefork-dev libopkele-dev libopkele3 libtool), - %w(rhel fedora) => %w(gcc-c++ httpd-devel curl-devel libtidy libtidy-devel sqlite-devel pcre-devel openssl-devel make libtool), + 'debian' => %W(automake make g++ #{node['apache']['devel_package']} libopkele-dev libopkele3 libtool), + 'suse' => %W(automake make g++ #{node['apache']['devel_package']} libopkele-dev libopkele3 libtool), + %w(rhel fedora) => %W(gcc-c++ #{node['apache']['devel_package']} curl-devel libtidy libtidy-devel sqlite-devel pcre-devel openssl-devel make libtool), 'arch' => %w(libopkele), 'freebsd' => %w(libopkele pcre sqlite3) ) diff --git a/berks-cookbooks/apache2/recipes/mod_authn_file.rb b/berks-cookbooks/apache2/recipes/mod_authn_file.rb index 253f0863..5cb0bff6 100644 --- a/berks-cookbooks/apache2/recipes/mod_authn_file.rb +++ b/berks-cookbooks/apache2/recipes/mod_authn_file.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_authn_file # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/recipes/mod_authnz_ldap.rb b/berks-cookbooks/apache2/recipes/mod_authnz_ldap.rb index ac232313..1c7f3eab 100644 --- a/berks-cookbooks/apache2/recipes/mod_authnz_ldap.rb +++ b/berks-cookbooks/apache2/recipes/mod_authnz_ldap.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_authnz_ldap # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/recipes/mod_authz_default.rb b/berks-cookbooks/apache2/recipes/mod_authz_default.rb index d9b4cca7..7a551a07 100644 --- a/berks-cookbooks/apache2/recipes/mod_authz_default.rb +++ b/berks-cookbooks/apache2/recipes/mod_authz_default.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_authz_default # -# Copyright 2013, Opscode, Inc. +# Copyright 2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/recipes/mod_authz_groupfile.rb b/berks-cookbooks/apache2/recipes/mod_authz_groupfile.rb index 513faa38..f0358386 100644 --- a/berks-cookbooks/apache2/recipes/mod_authz_groupfile.rb +++ b/berks-cookbooks/apache2/recipes/mod_authz_groupfile.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_authz_groupfile # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/recipes/mod_authz_host.rb b/berks-cookbooks/apache2/recipes/mod_authz_host.rb index 12fbac2e..e3881904 100644 --- a/berks-cookbooks/apache2/recipes/mod_authz_host.rb +++ b/berks-cookbooks/apache2/recipes/mod_authz_host.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_authz_host # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/recipes/mod_authz_user.rb b/berks-cookbooks/apache2/recipes/mod_authz_user.rb index 29b23bc4..e646ed46 100644 --- a/berks-cookbooks/apache2/recipes/mod_authz_user.rb +++ b/berks-cookbooks/apache2/recipes/mod_authz_user.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_authz_user # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/recipes/mod_autoindex.rb b/berks-cookbooks/apache2/recipes/mod_autoindex.rb index 5a689aef..da2f6a6f 100644 --- a/berks-cookbooks/apache2/recipes/mod_autoindex.rb +++ b/berks-cookbooks/apache2/recipes/mod_autoindex.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_autoindex # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/recipes/mod_cgi.rb b/berks-cookbooks/apache2/recipes/mod_cgi.rb index 31065732..7b6f8b40 100644 --- a/berks-cookbooks/apache2/recipes/mod_cgi.rb +++ b/berks-cookbooks/apache2/recipes/mod_cgi.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_cgi # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # Copyright 2014, Viverae, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/berks-cookbooks/apache2/recipes/mod_cloudflare.rb b/berks-cookbooks/apache2/recipes/mod_cloudflare.rb index 5755a66c..f6ed37e3 100644 --- a/berks-cookbooks/apache2/recipes/mod_cloudflare.rb +++ b/berks-cookbooks/apache2/recipes/mod_cloudflare.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_cloudflare # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/recipes/mod_dav.rb b/berks-cookbooks/apache2/recipes/mod_dav.rb index 98f2b527..2f4f223c 100644 --- a/berks-cookbooks/apache2/recipes/mod_dav.rb +++ b/berks-cookbooks/apache2/recipes/mod_dav.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_dav # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/recipes/mod_dav_svn.rb b/berks-cookbooks/apache2/recipes/mod_dav_svn.rb index b7487f55..901f1672 100644 --- a/berks-cookbooks/apache2/recipes/mod_dav_svn.rb +++ b/berks-cookbooks/apache2/recipes/mod_dav_svn.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_dav_svn # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2009, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/recipes/mod_deflate.rb b/berks-cookbooks/apache2/recipes/mod_deflate.rb index f98556f9..9ecd6193 100644 --- a/berks-cookbooks/apache2/recipes/mod_deflate.rb +++ b/berks-cookbooks/apache2/recipes/mod_deflate.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_deflate # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/recipes/mod_dir.rb b/berks-cookbooks/apache2/recipes/mod_dir.rb index 5c46ec3b..86fdf9a1 100644 --- a/berks-cookbooks/apache2/recipes/mod_dir.rb +++ b/berks-cookbooks/apache2/recipes/mod_dir.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_dir # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/recipes/mod_env.rb b/berks-cookbooks/apache2/recipes/mod_env.rb index b94b00b6..b5b30fc7 100644 --- a/berks-cookbooks/apache2/recipes/mod_env.rb +++ b/berks-cookbooks/apache2/recipes/mod_env.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_env # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/recipes/mod_expires.rb b/berks-cookbooks/apache2/recipes/mod_expires.rb index bf4382a6..5c475e27 100644 --- a/berks-cookbooks/apache2/recipes/mod_expires.rb +++ b/berks-cookbooks/apache2/recipes/mod_expires.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_expires # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/recipes/mod_fastcgi.rb b/berks-cookbooks/apache2/recipes/mod_fastcgi.rb index ddc00ee0..9eb43825 100644 --- a/berks-cookbooks/apache2/recipes/mod_fastcgi.rb +++ b/berks-cookbooks/apache2/recipes/mod_fastcgi.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_fastcgi # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,14 +18,21 @@ # if platform_family?('debian') - package 'libapache2-mod-fastcgi' + if node['apache']['mod_fastcgi']['install_method'] == 'source' + package 'build-essential' + package node['apache']['devel_package'] + else + package 'libapache2-mod-fastcgi' + end elsif platform_family?('rhel') - %w(gcc make libtool httpd-devel apr-devel apr).each do |package| + %W(gcc make libtool #{node['apache']['devel_package']} apr-devel apr).each do |package| yum_package package do action :upgrade end end +end +if platform_family?('rhel') || (platform_family?('debian') && node['apache']['mod_fastcgi']['install_method'] == 'source') src_filepath = "#{Chef::Config['file_cache_path']}/fastcgi.tar.gz" remote_file 'download fastcgi source' do source node['apache']['mod_fastcgi']['download_url'] @@ -33,9 +40,14 @@ backup false end - top_dir = node['apache']['lib_dir'] + if platform_family?('debian') + top_dir = node['apache']['build_dir'] + else + top_dir = node['apache']['lib_dir'] + end + include_recipe 'apache2::default' bash 'compile fastcgi source' do - notifies :run, 'execute[generate-module-list]', :immediately + notifies :run, 'execute[generate-module-list]', :immediately if platform_family?('rhel') not_if "test -f #{node['apache']['dir']}/mods-available/fastcgi.conf" cwd ::File.dirname(src_filepath) code <<-EOH diff --git a/berks-cookbooks/apache2/recipes/mod_fcgid.rb b/berks-cookbooks/apache2/recipes/mod_fcgid.rb index 128cc70f..ddfc52eb 100644 --- a/berks-cookbooks/apache2/recipes/mod_fcgid.rb +++ b/berks-cookbooks/apache2/recipes/mod_fcgid.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_fcgid # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -38,7 +38,7 @@ elsif platform_family?('suse') apache_lib_path = node['apache']['lib_dir'] - package 'httpd-devel' + package node['apache']['devel_package'] bash 'install-fcgid' do code <<-EOH diff --git a/berks-cookbooks/apache2/recipes/mod_filter.rb b/berks-cookbooks/apache2/recipes/mod_filter.rb index ec6c2fbd..a9b73c53 100644 --- a/berks-cookbooks/apache2/recipes/mod_filter.rb +++ b/berks-cookbooks/apache2/recipes/mod_filter.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_filter # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/recipes/mod_headers.rb b/berks-cookbooks/apache2/recipes/mod_headers.rb index 1cc93b55..4ca36284 100644 --- a/berks-cookbooks/apache2/recipes/mod_headers.rb +++ b/berks-cookbooks/apache2/recipes/mod_headers.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_headers # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/recipes/mod_include.rb b/berks-cookbooks/apache2/recipes/mod_include.rb index dcc4187c..ffe57a17 100644 --- a/berks-cookbooks/apache2/recipes/mod_include.rb +++ b/berks-cookbooks/apache2/recipes/mod_include.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_include # -# Copyright 2012-2013, Opscode, Inc. +# Copyright 2012-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/recipes/mod_info.rb b/berks-cookbooks/apache2/recipes/mod_info.rb index c9c6a132..c30f704f 100644 --- a/berks-cookbooks/apache2/recipes/mod_info.rb +++ b/berks-cookbooks/apache2/recipes/mod_info.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_info # -# Copyright 2013, Opscode, Inc. +# Copyright 2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/recipes/mod_jk.rb b/berks-cookbooks/apache2/recipes/mod_jk.rb index 39f383ba..5d468c55 100644 --- a/berks-cookbooks/apache2/recipes/mod_jk.rb +++ b/berks-cookbooks/apache2/recipes/mod_jk.rb @@ -3,7 +3,7 @@ # Recipe:: jk # # Copyright 2013, Mike Babineau -# Copyright 2013, Opscode, Inc. +# Copyright 2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/recipes/mod_ldap.rb b/berks-cookbooks/apache2/recipes/mod_ldap.rb index 23080668..2425f5df 100644 --- a/berks-cookbooks/apache2/recipes/mod_ldap.rb +++ b/berks-cookbooks/apache2/recipes/mod_ldap.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_ldap # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/recipes/mod_log_config.rb b/berks-cookbooks/apache2/recipes/mod_log_config.rb index 36df6c4e..2f7633e9 100644 --- a/berks-cookbooks/apache2/recipes/mod_log_config.rb +++ b/berks-cookbooks/apache2/recipes/mod_log_config.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_log_config # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/recipes/mod_logio.rb b/berks-cookbooks/apache2/recipes/mod_logio.rb index 15f864cc..ca7a6dc9 100644 --- a/berks-cookbooks/apache2/recipes/mod_logio.rb +++ b/berks-cookbooks/apache2/recipes/mod_logio.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_logio # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/recipes/mod_mime.rb b/berks-cookbooks/apache2/recipes/mod_mime.rb index 9618af74..45d840e8 100644 --- a/berks-cookbooks/apache2/recipes/mod_mime.rb +++ b/berks-cookbooks/apache2/recipes/mod_mime.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_mime # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/recipes/mod_negotiation.rb b/berks-cookbooks/apache2/recipes/mod_negotiation.rb index 3b0f29ec..60aba012 100644 --- a/berks-cookbooks/apache2/recipes/mod_negotiation.rb +++ b/berks-cookbooks/apache2/recipes/mod_negotiation.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_negotiation # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/recipes/mod_perl.rb b/berks-cookbooks/apache2/recipes/mod_perl.rb index 77849ad7..1200712a 100644 --- a/berks-cookbooks/apache2/recipes/mod_perl.rb +++ b/berks-cookbooks/apache2/recipes/mod_perl.rb @@ -4,7 +4,7 @@ # # adapted from the mod_python recipe by Jeremy Bingham # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/recipes/mod_php5.rb b/berks-cookbooks/apache2/recipes/mod_php5.rb index c4d8200b..d252cf5d 100644 --- a/berks-cookbooks/apache2/recipes/mod_php5.rb +++ b/berks-cookbooks/apache2/recipes/mod_php5.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_php5 # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # Copyright 2014, OneHealth Solutions, Inc. # Copyright 2014, Viverae, Inc. # @@ -68,5 +68,5 @@ apache_module 'php5' do conf true - filename 'libphp5.so' + filename node['apache']['mod_php5']['so_filename'] end diff --git a/berks-cookbooks/apache2/recipes/mod_proxy.rb b/berks-cookbooks/apache2/recipes/mod_proxy.rb index d6ca10a6..5f0afe36 100644 --- a/berks-cookbooks/apache2/recipes/mod_proxy.rb +++ b/berks-cookbooks/apache2/recipes/mod_proxy.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_proxy # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/recipes/mod_proxy_ajp.rb b/berks-cookbooks/apache2/recipes/mod_proxy_ajp.rb index 6ccc7f2f..786cc552 100644 --- a/berks-cookbooks/apache2/recipes/mod_proxy_ajp.rb +++ b/berks-cookbooks/apache2/recipes/mod_proxy_ajp.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_proxy_ajp # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/recipes/mod_proxy_balancer.rb b/berks-cookbooks/apache2/recipes/mod_proxy_balancer.rb index c4deac47..3c1773fe 100644 --- a/berks-cookbooks/apache2/recipes/mod_proxy_balancer.rb +++ b/berks-cookbooks/apache2/recipes/mod_proxy_balancer.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_proxy_balancer # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # Copyright 2014, OneHealth Solutions, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/berks-cookbooks/apache2/recipes/mod_proxy_connect.rb b/berks-cookbooks/apache2/recipes/mod_proxy_connect.rb index e77c6561..a25514ea 100644 --- a/berks-cookbooks/apache2/recipes/mod_proxy_connect.rb +++ b/berks-cookbooks/apache2/recipes/mod_proxy_connect.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_proxy_connect # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/recipes/mod_proxy_html.rb b/berks-cookbooks/apache2/recipes/mod_proxy_html.rb index 611d09ff..8f0faa83 100644 --- a/berks-cookbooks/apache2/recipes/mod_proxy_html.rb +++ b/berks-cookbooks/apache2/recipes/mod_proxy_html.rb @@ -3,6 +3,7 @@ # Recipe:: mod_proxy_html # # Copyright 2013, OneHealth Solutions, Inc. +# Copyright 2015, Alexander van Zoest # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,4 +18,8 @@ # limitations under the License. # +if node['apache']['version'] != '2.4' && platform_family == 'debian' + package 'libapache2-mod-proxy-html' +end + apache_module 'proxy_html' diff --git a/berks-cookbooks/apache2/recipes/mod_proxy_http.rb b/berks-cookbooks/apache2/recipes/mod_proxy_http.rb index 95cba083..358d2443 100644 --- a/berks-cookbooks/apache2/recipes/mod_proxy_http.rb +++ b/berks-cookbooks/apache2/recipes/mod_proxy_http.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_proxy_http # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/recipes/mod_python.rb b/berks-cookbooks/apache2/recipes/mod_python.rb index f42f466b..f1a3681c 100644 --- a/berks-cookbooks/apache2/recipes/mod_python.rb +++ b/berks-cookbooks/apache2/recipes/mod_python.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_python # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/recipes/mod_rewrite.rb b/berks-cookbooks/apache2/recipes/mod_rewrite.rb index 297f6c1b..778cbae7 100644 --- a/berks-cookbooks/apache2/recipes/mod_rewrite.rb +++ b/berks-cookbooks/apache2/recipes/mod_rewrite.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_rewrite # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/recipes/mod_setenvif.rb b/berks-cookbooks/apache2/recipes/mod_setenvif.rb index 27078ae4..25c122fc 100644 --- a/berks-cookbooks/apache2/recipes/mod_setenvif.rb +++ b/berks-cookbooks/apache2/recipes/mod_setenvif.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_setenvif # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/recipes/mod_ssl.rb b/berks-cookbooks/apache2/recipes/mod_ssl.rb index 419c39f6..0d749b07 100644 --- a/berks-cookbooks/apache2/recipes/mod_ssl.rb +++ b/berks-cookbooks/apache2/recipes/mod_ssl.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_ssl # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,14 +16,14 @@ # See the License for the specific language governing permissions and # limitations under the License. # -unless node['apache']['listen_ports'].include?('443') - node.set['apache']['listen_ports'] = node['apache']['listen_ports'] + ['443'] +unless node['apache']['listen_ports'].include?(node['apache']['mod_ssl']['port']) + node.default['apache']['listen_ports'] = node['apache']['listen_ports'] + [node['apache']['mod_ssl']['port']] end include_recipe 'apache2::default' if platform_family?('rhel', 'fedora', 'suse') - package 'mod_ssl' do + package node['apache']['mod_ssl']['pkg_name'] do notifies :run, 'execute[generate-module-list]', :immediately end diff --git a/berks-cookbooks/apache2/recipes/mod_status.rb b/berks-cookbooks/apache2/recipes/mod_status.rb index aced9cdb..60f5f752 100644 --- a/berks-cookbooks/apache2/recipes/mod_status.rb +++ b/berks-cookbooks/apache2/recipes/mod_status.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_status # -# Copyright 2008-2012, Opscode, Inc. +# Copyright 2008-2012, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/recipes/mod_systemd.rb b/berks-cookbooks/apache2/recipes/mod_systemd.rb index 41a5895b..d3f979d6 100644 --- a/berks-cookbooks/apache2/recipes/mod_systemd.rb +++ b/berks-cookbooks/apache2/recipes/mod_systemd.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_systemd # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/recipes/mod_userdir.rb b/berks-cookbooks/apache2/recipes/mod_userdir.rb index 2ccdf587..7d519d4e 100644 --- a/berks-cookbooks/apache2/recipes/mod_userdir.rb +++ b/berks-cookbooks/apache2/recipes/mod_userdir.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_userdir # -# Copyright 2013, Opscode, Inc. +# Copyright 2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/recipes/mod_wsgi.rb b/berks-cookbooks/apache2/recipes/mod_wsgi.rb index 6f9fc46c..3505e824 100644 --- a/berks-cookbooks/apache2/recipes/mod_wsgi.rb +++ b/berks-cookbooks/apache2/recipes/mod_wsgi.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Recipe:: mod_wsgi # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apache2/recipes/mpm_event.rb b/berks-cookbooks/apache2/recipes/mpm_event.rb index 5019a094..3f27aeab 100644 --- a/berks-cookbooks/apache2/recipes/mpm_event.rb +++ b/berks-cookbooks/apache2/recipes/mpm_event.rb @@ -17,7 +17,7 @@ # limitations under the License. # -apache_module('mpm_itk') { enable false } +# apache_module('mpm_itk') { enable false } apache_module('mpm_prefork') { enable false } apache_module('mpm_worker') { enable false } diff --git a/berks-cookbooks/apache2/recipes/mpm_prefork.rb b/berks-cookbooks/apache2/recipes/mpm_prefork.rb index 69c21029..de308212 100644 --- a/berks-cookbooks/apache2/recipes/mpm_prefork.rb +++ b/berks-cookbooks/apache2/recipes/mpm_prefork.rb @@ -17,7 +17,7 @@ # limitations under the License. # -apache_module('mpm_itk') { enable false } +# apache_module('mpm_itk') { enable false } apache_module('mpm_event') { enable false } apache_module('mpm_worker') { enable false } diff --git a/berks-cookbooks/apache2/recipes/mpm_worker.rb b/berks-cookbooks/apache2/recipes/mpm_worker.rb index d04d7b5b..86a01a59 100644 --- a/berks-cookbooks/apache2/recipes/mpm_worker.rb +++ b/berks-cookbooks/apache2/recipes/mpm_worker.rb @@ -17,7 +17,7 @@ # limitations under the License. # -apache_module('mpm_itk') { enable false } +# apache_module('mpm_itk') { enable false } apache_module('mpm_event') { enable false } apache_module('mpm_prefork') { enable false } diff --git a/berks-cookbooks/apache2/templates/default/apache2.conf.erb b/berks-cookbooks/apache2/templates/default/apache2.conf.erb index e22a7ac4..72f93bf1 100644 --- a/berks-cookbooks/apache2/templates/default/apache2.conf.erb +++ b/berks-cookbooks/apache2/templates/default/apache2.conf.erb @@ -51,7 +51,7 @@ Group <%= node['apache']['group'] %> <% if node['apache']['version'] == '2.4' -%> # Sets the default security model of the Apache2 HTTPD server. It does -# not allow access to the root filesystem outside of /usr/share and node['apache']['docroot_dir']. +# not allow access to the root filesystem outside of /usr/share and <%= node['apache']['docroot_dir'] %>. # If your system is serving content from a sub-directory in /srv you must allow # access in conf-enabled, or in any related virtual host. e.g. # @@ -85,13 +85,20 @@ Group <%= node['apache']['group'] %> # directive. # -AccessFileName .htaccess +AccessFileName <%= node['apache']['access_file_name'] %> # # The following lines prevent .htaccess and .htpasswd files from being # viewed by Web clients. # - +<% access_file_name_prefix = node['apache']['access_file_name'][0..2] if !node['apache']['access_file_name'].empty? + if access_file_name_prefix != '.ht' + file_name_prefix = '(' + access_file_name_prefix + '|.ht)' + else + file_name_prefix = '.ht' + end +%> +"> <% if node['apache']['version'] == '2.2' -%> Order allow,deny Deny from all @@ -129,7 +136,7 @@ HostnameLookups Off # logged here. If you *do* define an error logfile for a # container, that host's errors will be logged there and not here. # -<% if node['apache']['error_log'] =~ /^syslog:/ %> +<% if node['apache']['error_log'] =~ /^syslog:/ || node['apache']['error_log'] =~ /^\|/ %> ErrorLog <%= node['apache']['error_log'] %> <% else %> ErrorLog <%= node['apache']['log_dir'] %>/<%= node['apache']['error_log'] %> @@ -164,37 +171,6 @@ IncludeOptional <%= node['apache']['dir'] %>/mods-enabled/*.conf # Include ports listing Include <%= node['apache']['dir'] %>/ports.conf -<% if node['apache']['version'] == '2.4' -%> -# Sets the default security model of the Apache2 HTTPD server. It does -# not allow access to the root filesystem outside of /usr/share and /var/www. -# The former is used by web applications packaged in Debian, -# the latter may be used for local directories served by the web server. If -# your system is serving content from a sub-directory in /srv you must allow -# access here, or in any related virtual host. - - Options FollowSymLinks - AllowOverride None - Require all denied - - - - AllowOverride None - Require all granted - - -> - Options Indexes FollowSymLinks - AllowOverride None - Require all granted - - -# -# Options Indexes FollowSymLinks -# AllowOverride None -# Require all granted -# -<% end -%> - # # The following directives define some format nicknames for use with # a CustomLog directive (see below). diff --git a/berks-cookbooks/apache2/templates/default/apache2.god.erb b/berks-cookbooks/apache2/templates/default/apache2.god.erb deleted file mode 100644 index d32ff25e..00000000 --- a/berks-cookbooks/apache2/templates/default/apache2.god.erb +++ /dev/null @@ -1,19 +0,0 @@ -God.watch do |w| - w.name = "apache2" - w.interval = 30.seconds # default - w.start = "<%= @params[:start] %>" - w.stop = "<%= @params[:stop] %>" - w.restart = "<%= @params[:restart] %>" - w.start_grace = 10.seconds - w.restart_grace = 10.seconds - w.pid_file = "<%= node['apache']['pid_file'] %>" - w.behavior(:clean_pid_file) - - w.start_if do |start| - start.condition(:process_running) do |c| - c.interval = 5.seconds - c.running = false - c.notify = 'admin' - end - end -end diff --git a/berks-cookbooks/apache2/templates/default/default-site.conf.erb b/berks-cookbooks/apache2/templates/default/default-site.conf.erb index 02568d3c..d0e299ad 100644 --- a/berks-cookbooks/apache2/templates/default/default-site.conf.erb +++ b/berks-cookbooks/apache2/templates/default/default-site.conf.erb @@ -1,4 +1,4 @@ - +> ServerAdmin <%= node['apache']['contact'] %> DocumentRoot <%= node['apache']['docroot_dir'] %>/ diff --git a/berks-cookbooks/apache2/templates/default/envvars.erb b/berks-cookbooks/apache2/templates/default/envvars.erb index 35120dc7..d0bc03cf 100644 --- a/berks-cookbooks/apache2/templates/default/envvars.erb +++ b/berks-cookbooks/apache2/templates/default/envvars.erb @@ -12,7 +12,6 @@ export APACHE_RUN_GROUP=<%= node['apache']['group'] %> export APACHE_PID_FILE=<%= node['apache']['pid_file'] %> export APACHE_RUN_DIR=<%= node['apache']['run_dir'] %> export APACHE_LOCK_DIR=<%= node['apache']['lock_dir'] %> -# Only /var/log/apache2 is handled by /etc/logrotate.d/apache2. export APACHE_LOG_DIR=<%= node['apache']['log_dir'] %> ## The locale used by some modules like mod_dav diff --git a/berks-cookbooks/apache2/templates/default/mods/include.conf.erb b/berks-cookbooks/apache2/templates/default/mods/include.conf.erb index 46f5547c..44f54e47 100644 --- a/berks-cookbooks/apache2/templates/default/mods/include.conf.erb +++ b/berks-cookbooks/apache2/templates/default/mods/include.conf.erb @@ -1,4 +1,4 @@ AddType text/html .shtml AddOutputFilter INCLUDES .shtml - \ No newline at end of file + diff --git a/berks-cookbooks/apache2/templates/default/mods/include.erb b/berks-cookbooks/apache2/templates/default/mods/include.erb index d5fbbedf..06c3e0ad 100644 --- a/berks-cookbooks/apache2/templates/default/mods/include.erb +++ b/berks-cookbooks/apache2/templates/default/mods/include.erb @@ -1,4 +1,4 @@ AddType text/html .shtml AddOutputFilter INCLUDES .shtml - \ No newline at end of file + diff --git a/berks-cookbooks/apache2/templates/default/mods/pagespeed.conf.erb b/berks-cookbooks/apache2/templates/default/mods/pagespeed.conf.erb index e744b071..6d5f3ce3 100644 --- a/berks-cookbooks/apache2/templates/default/mods/pagespeed.conf.erb +++ b/berks-cookbooks/apache2/templates/default/mods/pagespeed.conf.erb @@ -290,4 +290,4 @@ Allow from 127.0.0.1 SetHandler mod_pagespeed_referer_statistics - \ No newline at end of file + diff --git a/berks-cookbooks/apache2/templates/default/mods/ssl.conf.erb b/berks-cookbooks/apache2/templates/default/mods/ssl.conf.erb index b722ebf4..b5f9e495 100644 --- a/berks-cookbooks/apache2/templates/default/mods/ssl.conf.erb +++ b/berks-cookbooks/apache2/templates/default/mods/ssl.conf.erb @@ -76,9 +76,11 @@ # secure renegotiation protocol. Default: Off SSLInsecureRenegotiation <%= node['apache']['mod_ssl']['insecure_renegotiation'] %> +<% unless node['apache']['mod_ssl']['strict_sni_vhost_check'] == "Off"%> # Whether to forbid non-SNI clients to access name based virtual hosts. # Default: Off SSLStrictSNIVHostCheck <%= node['apache']['mod_ssl']['strict_sni_vhost_check'] %> +<% end %> <% if node['apache']['version'] == '2.4' -%> # Enable compression on the SSL level diff --git a/berks-cookbooks/apache2/templates/default/port_apache.erb b/berks-cookbooks/apache2/templates/default/port_apache.erb index 45aa56e6..64a0f8e8 100644 --- a/berks-cookbooks/apache2/templates/default/port_apache.erb +++ b/berks-cookbooks/apache2/templates/default/port_apache.erb @@ -1,3 +1,3 @@ <% node['apache']['listen_ports'].each do |port| -%> -A FWR -p tcp -m tcp --dport <%= port %> -j ACCEPT -<% end %> \ No newline at end of file +<% end %> diff --git a/berks-cookbooks/apt/CHANGELOG.md b/berks-cookbooks/apt/CHANGELOG.md index 7b40b593..e20d8aef 100644 --- a/berks-cookbooks/apt/CHANGELOG.md +++ b/berks-cookbooks/apt/CHANGELOG.md @@ -1,6 +1,24 @@ apt Cookbook CHANGELOG ====================== +v2.8.1 (2015-08-18) +------------------- +- Handle keyservers as URLs and bare hostnames + +v2.8.0 (2015-08-18) +------------------- +- Access keyservers on port 80 +- Adds key\_proxy as LWRP attribute for apt\_repository +- Fix wildcard glob preferences files +- Fix text output verification for non en\_US locales +- Quote repo URLs to deal with spaces + +v2.7.0 (2015-03-23) +------------------- +- Support Debian 8.0 +- Filename verification for LWRPs +- Support SSL enabled apt repositories + v2.6.1 (2014-12-29) ------------------- - Remove old preference files without .pref extension from previous versions @@ -43,7 +61,7 @@ v2.3.10 (2014-04-23) v2.3.8 (2014-02-14) ------------------- ### Bug -- **[COOK-4287](https://tickets.opscode.com/browse/COOK-4287)** - Cleanup the Kitchen +- **[COOK-4287](https://tickets.chef.io/browse/COOK-4287)** - Cleanup the Kitchen v2.3.6 @@ -73,32 +91,32 @@ v2.3.2 v2.3.0 ------ ### Bug -- **[COOK-3812](https://tickets.opscode.com/browse/COOK-3812)** - Add a way to bypass the apt existence check +- **[COOK-3812](https://tickets.chef.io/browse/COOK-3812)** - Add a way to bypass the apt existence check ### Improvement -- **[COOK-3567](https://tickets.opscode.com/browse/COOK-3567)** - Allow users to bypass apt-cache via attributes +- **[COOK-3567](https://tickets.chef.io/browse/COOK-3567)** - Allow users to bypass apt-cache via attributes v2.2.1 ------ ### Improvement -- **[COOK-664](https://tickets.opscode.com/browse/COOK-664)** - Check platform before running apt-specific commands +- **[COOK-664](https://tickets.chef.io/browse/COOK-664)** - Check platform before running apt-specific commands v2.2.0 ------ ### Bug -- **[COOK-3707](https://tickets.opscode.com/browse/COOK-3707)** - multiple nics confuse apt::cacher-client +- **[COOK-3707](https://tickets.chef.io/browse/COOK-3707)** - multiple nics confuse apt::cacher-client v2.1.2 ------ ### Improvement -- **[COOK-3551](https://tickets.opscode.com/browse/COOK-3551)** - Allow user to set up a trusted APT repository +- **[COOK-3551](https://tickets.chef.io/browse/COOK-3551)** - Allow user to set up a trusted APT repository v2.1.1 ------ ### Bug -- **[COOK-1856](https://tickets.opscode.com/browse/COOK-1856)** - Match GPG keys without case sensitivity +- **[COOK-1856](https://tickets.chef.io/browse/COOK-1856)** - Match GPG keys without case sensitivity v2.1.0 ------ diff --git a/berks-cookbooks/apt/README.md b/berks-cookbooks/apt/README.md index f1f873b2..80306529 100644 --- a/berks-cookbooks/apt/README.md +++ b/berks-cookbooks/apt/README.md @@ -1,11 +1,10 @@ apt Cookbook ============ -[![Gitter](https://badges.gitter.im/Join Chat.svg)](https://gitter.im/opscode-cookbooks/apt?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) -[![Cookbook Version](http://img.shields.io/cookbook/v/apt.svg)][cookbook] -[![Build Status](http://img.shields.io/travis/opscode-cookbooks/apt.svg)][travis] +[![Build Status](https://img.shields.io/travis/opscode-cookbooks/apt.svg)][travis] +[![Cookbook Version](https://img.shields.io/cookbook/v/apt.svg)][cookbook] -[cookbook]: https://community.opscode.com/cookbooks/apt -[travis]: http://travis-ci.org/opscode-cookbooks/apt +[cookbook]: https://community.chef.io/cookbooks/apt +[travis]: https://travis-ci.org/opscode-cookbooks/apt This cookbook includes recipes to execute apt-get update to ensure the local APT package cache is up to date. There are recipes for managing the apt-cacher-ng caching proxy and proxy clients. It also includes a LWRP for managing APT repositories in /etc/apt/sources.list.d as well as an LWRP for pinning packages via /etc/apt/preferences.d. @@ -32,7 +31,7 @@ May work with or without modification on other Debian derivatives. ------- ### default -This recipe installs the `update-notifier-common` package to provide the timestamp file used to only run `apt-get update` if the cache is more than one day old. +This recipe manually updates the timestamp file used to only run `apt-get update` if the cache is more than one day old. This recipe should appear first in the run list of Debian or Ubuntu nodes to ensure that the package cache is up to date before managing any `package` resources with Chef. @@ -50,11 +49,9 @@ To do this, you need to override the `cache_bypass` attribute with an array of r ```json { - ..., - 'apt': { - ..., - 'cache_bypass': { - URL: PROTOCOL + "apt": { + "cache_bypass": { + "URL": "PROTOCOL" } } } @@ -64,9 +61,9 @@ For example, to prevent caching and directly connect to the repository at `downl ```json { - 'apt': { - 'cache_bypass': { - 'download.oracle.com': 'http' + "apt": { + "cache_bypass": { + "download.oracle.com": "http" } } } @@ -77,18 +74,45 @@ Installs the `apt-cacher-ng` package and service so the system can provide APT c If you wish to help the `cacher-ng` recipe seed itself, you must now explicitly include the `cacher-client` recipe in your run list **after** `cacher-ng` or you will block your ability to install any packages (ie. `apt-cacher-ng`). +### unattended-upgrades + +Installs and configures the `unattended-upgrades` package to provide automatic package updates. This can be configured to upgrade all packages or to just install security updates by setting `['apt']['unattended_upgrades']['allowed_origins']`. + +To pull just security updates, you'd set `allowed_origins` to something link `["Ubuntu trusty-security"]` (for Ubuntu trusty) or `["Debian wheezy-security"]` (for Debian wheezy). + Attributes ---------- + +### General +* `['apt']['compile_time_update']` - force the default recipe to run `apt-get update` at compile time. +* `['apt']['periodic_update_min_delay']` - minimum delay (in seconds) beetween two actual executions of `apt-get update` by the `execute[apt-get-update-periodic]` resource, default is '86400' (24 hours) + +### Caching + * `['apt']['cacher_ipaddress']` - use a cacher server (or standard proxy server) not available via search -* `['apt']['cacher_interface]` - interface to connect to the cacher-ng service, no default. +* `['apt']['cacher_interface']` - interface to connect to the cacher-ng service, no default. * `['apt']['cacher_port']` - port for the cacher-ng service (either client or server), default is '3142' +* `['apt']['cacher_ssl_support']` - indicates whether the cacher supports upstream SSL servers, default is 'false' * `['apt']['cacher_dir']` - directory used by cacher-ng service, default is '/var/cache/apt-cacher-ng' * `['apt']['cacher-client']['restrict_environment']` - restrict your node to using the `apt-cacher-ng` server in your Environment, default is 'false' * `['apt']['compiletime']` - force the `cacher-client` recipe to run before other recipes. It forces apt to use the proxy before other recipes run. Useful if your nodes have limited access to public apt repositories. This is overridden if the `cacher-ng` recipe is in your run list. Default is 'false' -* `['apt']['compile_time_update']` - force the default recipe to run `apt-get update` at compile time. * `['apt']['cache_bypass']` - array of URLs to bypass the cache. Accepts the URL and protocol to fetch directly from the remote repository and not attempt to cache -* `['apt']['periodic_update_min_delay']` - minimum delay (in seconds) beetween two actual executions of `apt-get update` by the `execute[apt-get-update-periodic]` resource, default is '86400' (24 hours) + +### Unattended Upgrades + +* `['apt']['unattended_upgrades']['enable']` - enables unattended upgrades, default is false +* `['apt']['unattended_upgrades']['update_package_lists']` - automatically update package list (`apt-get update`) daily, default is true +* `['apt']['unattended_upgrades']['allowed_origins']` - array of allowed apt origins from which to pull automatic upgrades, defaults to a guess at the system's main origin and should almost always be overridden +* `['apt']['unattended_upgrades']['package_blacklist']` - an array of package which should never be automatically upgraded, defaults to none +* `['apt']['unattended_upgrades']['auto_fix_interrupted_dpkg']` - attempts to repair dpkg state with `dpkg --force-confold --configure -a` if it exits uncleanly, defaults to false (contrary to the unattended-upgrades default) +* `['apt']['unattended_upgrades']['minimal_steps']` - Split the upgrade into the smallest possible chunks. This makes the upgrade a bit slower but it has the benefit that shutdown while a upgrade is running is possible (with a small delay). Defaults to false. +* `['apt']['unattended_upgrades']['install_on_shutdown']` - Install upgrades when the machine is shuting down instead of doing it in the background while the machine is running. This will (obviously) make shutdown slower. Defaults to false. +* `['apt']['unattended_upgrades']['mail']` - Send email to this address for problems or packages upgrades. Defaults to no email. +* `['apt']['unattended_upgrades']['mail_only_on_error']` - If set, email will only be set on upgrade errors. Otherwise, an email will be sent after each upgrade. Defaults to true. +* `['apt']['unattended_upgrades']['remove_unused_dependencies']` Do automatic removal of new unused dependencies after the upgrade. Defaults to false. +* `['apt']['unattended_upgrades']['automatic_reboot']` - Automatically reboots *without confirmation* if a restart is required after the upgrade. Defaults to false. +* `['apt']['unattended_upgrades']['dl_limit']` - Limits the bandwidth used by apt to download packages. Value given as an integer in kb/sec. Defaults to nil (no limit). Libraries --------- @@ -127,6 +151,17 @@ apt_repository 'zenoss' do end ``` +Enable Ubuntu [multiverse](https://help.ubuntu.com/community/Repositories/Ubuntu) repositories: + +```ruby +apt_repository 'security-ubuntu-multiverse' do + uri 'http://security.ubuntu.com/ubuntu' + distribution 'trusty-security' + components ['multiverse'] + deb_src 'true' +end +``` + Add the Nginx PPA, autodetect the key and repository url: ```ruby @@ -136,16 +171,17 @@ apt_repository 'nginx-php' do end ``` -Add the Nginx PPA, grab the key from the keyserver, and add source repo: +Add the JuJu PPA, grab the key from the keyserver, and add source repo: ```ruby -apt_repository 'nginx-php' do - uri 'http://ppa.launchpad.net/nginx/php5/ubuntu' - distribution node['lsb']['codename'] - components ['main'] - keyserver 'keyserver.ubuntu.com' - key 'C300EE8C' - deb_src true +apt_repository 'juju' do + uri 'http://ppa.launchpad.net/juju/stable/ubuntu' + components ['main'] + distribution 'trusty' + key 'C8068B11' + keyserver 'keyserver.ubuntu.com' + action :add + deb_src true end ``` @@ -232,12 +268,12 @@ If you want to cleanup unused packages, there is also the `apt-get autoclean` an License & Authors ----------------- -- Author:: Joshua Timberman (joshua@opscode.com) -- Author:: Matt Ray (matt@opscode.com) -- Author:: Seth Chisamore (schisamo@opscode.com) +- Author:: Joshua Timberman (joshua@chef.io) +- Author:: Matt Ray (matt@chef.io) +- Author:: Seth Chisamore (schisamo@chef.io) ```text -Copyright 2009-2013, Opscode, Inc. +Copyright:: 2009-2015, Chef Software, Inc Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apt/attributes/default.rb b/berks-cookbooks/apt/attributes/default.rb index 62cabbee..02a44427 100644 --- a/berks-cookbooks/apt/attributes/default.rb +++ b/berks-cookbooks/apt/attributes/default.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apt # Attributes:: default # -# Copyright 2009-2013, Opscode, Inc. +# Copyright 2009-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,6 +21,7 @@ default['apt']['cacher_dir'] = '/var/cache/apt-cacher-ng' default['apt']['cacher_interface'] = nil default['apt']['cacher_port'] = 3142 +default['apt']['cacher_ssl_support'] = false default['apt']['caching_server'] = false default['apt']['compiletime'] = false default['apt']['compile_time_update'] = false @@ -43,4 +44,5 @@ default['apt']['unattended_upgrades']['mail_only_on_error'] = true default['apt']['unattended_upgrades']['remove_unused_dependencies'] = false default['apt']['unattended_upgrades']['automatic_reboot'] = false +default['apt']['unattended_upgrades']['automatic_reboot_time'] = 'now' default['apt']['unattended_upgrades']['dl_limit'] = nil diff --git a/berks-cookbooks/apt/files/default/15update-stamp b/berks-cookbooks/apt/files/default/15update-stamp new file mode 100644 index 00000000..14ead837 --- /dev/null +++ b/berks-cookbooks/apt/files/default/15update-stamp @@ -0,0 +1 @@ +APT::Update::Post-Invoke-Success {"touch /var/lib/apt/periodic/update-success-stamp 2>/dev/null || true";}; diff --git a/berks-cookbooks/apt/libraries/helpers.rb b/berks-cookbooks/apt/libraries/helpers.rb index a7f9655c..2adf9d27 100644 --- a/berks-cookbooks/apt/libraries/helpers.rb +++ b/berks-cookbooks/apt/libraries/helpers.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apt # Library:: helpers # -# Copyright 2013 Opscode, Inc. +# Copyright 2013 Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -31,7 +31,7 @@ def apt_installed? # # @return [String, nil] def which(cmd) - ENV["PATH"] = "" if ENV["PATH"].nil? + ENV['PATH'] = '' if ENV['PATH'].nil? paths = (ENV['PATH'].split(::File::PATH_SEPARATOR) + %w(/bin /usr/bin /sbin /usr/sbin)) paths.each do |path| diff --git a/berks-cookbooks/apt/libraries/network.rb b/berks-cookbooks/apt/libraries/network.rb index 8535d6dc..828bf031 100644 --- a/berks-cookbooks/apt/libraries/network.rb +++ b/berks-cookbooks/apt/libraries/network.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apt # library:: network # -# Copyright 2013, Opscode, Inc. +# Copyright 2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apt/metadata.json b/berks-cookbooks/apt/metadata.json index 946ef143..25abc018 100644 --- a/berks-cookbooks/apt/metadata.json +++ b/berks-cookbooks/apt/metadata.json @@ -1,54 +1 @@ -{ - "name": "apt", - "version": "2.6.1", - "description": "Configures apt and apt services and LWRPs for managing apt repositories and preferences", - "long_description": "apt Cookbook\n============\n[![Gitter](https://badges.gitter.im/Join Chat.svg)](https://gitter.im/opscode-cookbooks/apt?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)\n[![Cookbook Version](http://img.shields.io/cookbook/v/apt.svg)][cookbook]\n[![Build Status](http://img.shields.io/travis/opscode-cookbooks/apt.svg)][travis]\n\n[cookbook]: https://community.opscode.com/cookbooks/apt\n[travis]: http://travis-ci.org/opscode-cookbooks/apt\n\nThis cookbook includes recipes to execute apt-get update to ensure the local APT package cache is up to date. There are recipes for managing the apt-cacher-ng caching proxy and proxy clients. It also includes a LWRP for managing APT repositories in /etc/apt/sources.list.d as well as an LWRP for pinning packages via /etc/apt/preferences.d.\n\n\nRequirements\n------------\n**Version 2.0.0+ of this cookbook requires Chef 11.0.0 or later**. If your Chef version is earlier than 11.0.0, use version 1.10.0 of this cookbook.\n\nVersion 1.8.2 to 1.10.0 of this cookbook requires **Chef 10.16.4** or later.\n\nIf your Chef version is earlier than 10.16.4, use version 1.7.0 of this cookbook.\n\n### Platform\nPlease refer to the [TESTING file](TESTING.md) to see the currently (and passing) tested platforms. The release was tested on:\n\n* Ubuntu 10.04\n* Ubuntu 12.04\n* Ubuntu 13.04\n* Debian 7.1\n* Debian 6.0 (have with manual testing)\n\nMay work with or without modification on other Debian derivatives.\n\n\n-------\n### default\nThis recipe installs the `update-notifier-common` package to provide the timestamp file used to only run `apt-get update` if the cache is more than one day old.\n\nThis recipe should appear first in the run list of Debian or Ubuntu nodes to ensure that the package cache is up to date before managing any `package` resources with Chef.\n\nThis recipe also sets up a local cache directory for preseeding packages.\n\n**Including the default recipe on a node that does not support apt (such as Windows) results in a noop.**\n\n### cacher-client\nConfigures the node to use the `apt-cacher-ng` server as a client.\n\n#### Bypassing the cache\nOccasionally you may come across repositories that do not play nicely when the node is using an `apt-cacher-ng` server. You can configure `cacher-client` to bypass the server and connect directly to the repository with the `cache_bypass` attribute.\n\nTo do this, you need to override the `cache_bypass` attribute with an array of repositories, with each array key as the repository URL and value as the protocol to use:\n\n```json\n{\n ...,\n 'apt': {\n ...,\n 'cache_bypass': {\n URL: PROTOCOL\n }\n }\n}\n```\n\nFor example, to prevent caching and directly connect to the repository at `download.oracle.com` via http:\n\n```json\n{\n 'apt': {\n 'cache_bypass': {\n 'download.oracle.com': 'http'\n }\n }\n}\n```\n\n### cacher-ng\nInstalls the `apt-cacher-ng` package and service so the system can provide APT caching. You can check the usage report at http://{hostname}:3142/acng-report.html.\n\nIf you wish to help the `cacher-ng` recipe seed itself, you must now explicitly include the `cacher-client` recipe in your run list **after** `cacher-ng` or you will block your ability to install any packages (ie. `apt-cacher-ng`).\n\n\nAttributes\n----------\n* `['apt']['cacher_ipaddress']` - use a cacher server (or standard proxy server) not available via search\n* `['apt']['cacher_interface]` - interface to connect to the cacher-ng service, no default.\n* `['apt']['cacher_port']` - port for the cacher-ng service (either client or server), default is '3142'\n* `['apt']['cacher_dir']` - directory used by cacher-ng service, default is '/var/cache/apt-cacher-ng'\n* `['apt']['cacher-client']['restrict_environment']` - restrict your node to using the `apt-cacher-ng` server in your Environment, default is 'false'\n* `['apt']['compiletime']` - force the `cacher-client` recipe to run before other recipes. It forces apt to use the proxy before other recipes run. Useful if your nodes have limited access to public apt repositories. This is overridden if the `cacher-ng` recipe is in your run list. Default is 'false'\n* `['apt']['compile_time_update']` - force the default recipe to run `apt-get update` at compile time.\n* `['apt']['cache_bypass']` - array of URLs to bypass the cache. Accepts the URL and protocol to fetch directly from the remote repository and not attempt to cache\n* `['apt']['periodic_update_min_delay']` - minimum delay (in seconds) beetween two actual executions of `apt-get update` by the `execute[apt-get-update-periodic]` resource, default is '86400' (24 hours)\n\nLibraries\n---------\nThere is an `interface_ipaddress` method that returns the IP address for a particular host and interface, used by the `cacher-client` recipe. To enable it on the server use the `['apt']['cacher_interface']` attribute.\n\nResources/Providers\n-------------------\n### `apt_repository`\nThis LWRP provides an easy way to manage additional APT repositories. Adding a new repository will notify running the `execute[apt-get-update]` resource immediately.\n\n#### Actions\n- :add: creates a repository file and builds the repository listing (default)\n- :remove: removes the repository file\n\n#### Attribute Parameters\n- repo_name: name attribute. The name of the channel to discover\n- uri: the base of the Debian distribution\n- distribution: this is usually your release's codename...ie something like `karmic`, `lucid` or `maverick`\n- components: package groupings... when in doubt use `main`\n- arch: constrain package to a particular arch like `i386`, `amd64` or even `armhf` or `powerpc`. Defaults to nil.\n- trusted: treat all packages from this repository as authenticated regardless of signature\n- deb_src: whether or not to add the repository as a source repo as well - value can be `true` or `false`, default `false`.\n- keyserver: the GPG keyserver where the key for the repo should be retrieved\n- key: if a `keyserver` is provided, this is assumed to be the fingerprint, otherwise it can be either the URI to the GPG key for the repo, or a cookbook_file.\n- key_proxy: if set, pass the specified proxy via `http-proxy=` to GPG.\n- cookbook: if key should be a cookbook_file, specify a cookbook where the key is located for files/default. Defaults to nil, so it will use the cookbook where the resource is used.\n\n#### Examples\n\nAdd the Zenoss repo:\n\n```ruby\napt_repository 'zenoss' do\n uri 'http://dev.zenoss.org/deb'\n components ['main', 'stable']\nend\n```\n\nAdd the Nginx PPA, autodetect the key and repository url:\n\n```ruby\napt_repository 'nginx-php' do\n uri 'ppa:nginx/stable'\n distribution node['lsb']['codename']\nend\n```\n\nAdd the Nginx PPA, grab the key from the keyserver, and add source repo:\n\n```ruby\napt_repository 'nginx-php' do\n uri 'http://ppa.launchpad.net/nginx/php5/ubuntu'\n distribution node['lsb']['codename']\n components ['main']\n keyserver 'keyserver.ubuntu.com'\n key 'C300EE8C'\n deb_src true\nend\n```\n\nAdd the Cloudera Repo of CDH4 packages for Ubuntu 12.04 on AMD64:\n\n```ruby\napt_repository 'cloudera' do\n uri 'http://archive.cloudera.com/cdh4/ubuntu/precise/amd64/cdh'\n arch 'amd64'\n distribution 'precise-cdh4'\n components ['contrib']\n key 'http://archive.cloudera.com/debian/archive.key'\nend\n```\n\nRemove Zenoss repo:\n\n```ruby\napt_repository 'zenoss' do\n action :remove\nend\n```\n\n### `apt_preference`\nThis LWRP provides an easy way to pin packages in /etc/apt/preferences.d. Although apt-pinning is quite helpful from time to time please note that Debian does not encourage its use without thorough consideration.\n\nFurther information regarding apt-pinning is available via http://wiki.debian.org/AptPreferences.\n\n#### Actions\n- :add: creates a preferences file under /etc/apt/preferences.d\n- :remove: Removes the file, therefore unpin the package\n\n#### Attribute Parameters\n- package_name: name attribute. The name of the package\n- glob: Pin by glob() expression or regexp surrounded by /.\n- pin: The package version/repository to pin\n- pin_priority: The pinning priority aka \"the highest package version wins\"\n\n#### Examples\nPin libmysqlclient16 to version 5.1.49-3:\n\n```ruby\napt_preference 'libmysqlclient16' do\n pin 'version 5.1.49-3'\n pin_priority '700'\nend\n```\n\nUnpin libmysqlclient16:\n\n```ruby\napt_preference 'libmysqlclient16' do\n action :remove\nend\n```\n\nPin all packages from dotdeb.org:\n\n```ruby\napt_preference 'dotdeb' do\n glob '*'\n pin 'origin packages.dotdeb.org'\n pin_priority '700'\nend\n```\n\n\nUsage\n-----\nPut `recipe[apt]` first in the run list. If you have other recipes that you want to use to configure how apt behaves, like new sources, notify the execute resource to run, e.g.:\n\n```ruby\ntemplate '/etc/apt/sources.list.d/my_apt_sources.list' do\n notifies :run, 'execute[apt-get update]', :immediately\nend\n```\n\nThe above will run during execution phase since it is a normal template resource, and should appear before other package resources that need the sources in the template.\n\nPut `recipe[apt::cacher-ng]` in the run_list for a server to provide APT caching and add `recipe[apt::cacher-client]` on the rest of the Debian-based nodes to take advantage of the caching server.\n\nIf you want to cleanup unused packages, there is also the `apt-get autoclean` and `apt-get autoremove` resources provided for automated cleanup.\n\n\nLicense & Authors\n-----------------\n- Author:: Joshua Timberman (joshua@opscode.com)\n- Author:: Matt Ray (matt@opscode.com)\n- Author:: Seth Chisamore (schisamo@opscode.com)\n\n```text\nCopyright 2009-2013, Opscode, Inc.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n", - "maintainer": "Chef Software, Inc.", - "maintainer_email": "cookbooks@opscode.com", - "license": "Apache 2.0", - "platforms": { - "ubuntu": ">= 0.0.0", - "debian": ">= 0.0.0" - }, - "dependencies": { - }, - "recommendations": { - }, - "suggestions": { - }, - "conflicting": { - }, - "providing": { - }, - "replacing": { - }, - "attributes": { - "apt/cacher-client/restrict_environment": { - "description": "Whether to restrict the search for the caching server to the same environment as this node", - "default": "false" - }, - "apt/cacher_port": { - "description": "Default listen port for the caching server", - "default": "3142" - }, - "apt/cacher_interface": { - "description": "Default listen interface for the caching server", - "default": null - }, - "apt/key_proxy": { - "description": "Passed as the proxy passed to GPG for the apt_repository resource", - "default": "" - }, - "apt/caching_server": { - "description": "Set this to true if the node is a caching server", - "default": "false" - } - }, - "groupings": { - }, - "recipes": { - "apt": "Runs apt-get update during compile phase and sets up preseed directories", - "apt::cacher-ng": "Set up an apt-cacher-ng caching proxy", - "apt::cacher-client": "Client for the apt::cacher-ng caching proxy" - } -} \ No newline at end of file +{"name":"apt","version":"2.8.2","description":"Configures apt and apt services and LWRPs for managing apt repositories and preferences","long_description":"apt Cookbook\n============\n[![Build Status](https://img.shields.io/travis/opscode-cookbooks/apt.svg)][travis]\n[![Cookbook Version](https://img.shields.io/cookbook/v/apt.svg)][cookbook]\n\n[cookbook]: https://community.chef.io/cookbooks/apt\n[travis]: https://travis-ci.org/opscode-cookbooks/apt\n\nThis cookbook includes recipes to execute apt-get update to ensure the local APT package cache is up to date. There are recipes for managing the apt-cacher-ng caching proxy and proxy clients. It also includes a LWRP for managing APT repositories in /etc/apt/sources.list.d as well as an LWRP for pinning packages via /etc/apt/preferences.d.\n\n\nRequirements\n------------\n**Version 2.0.0+ of this cookbook requires Chef 11.0.0 or later**. If your Chef version is earlier than 11.0.0, use version 1.10.0 of this cookbook.\n\nVersion 1.8.2 to 1.10.0 of this cookbook requires **Chef 10.16.4** or later.\n\nIf your Chef version is earlier than 10.16.4, use version 1.7.0 of this cookbook.\n\n### Platform\nPlease refer to the [TESTING file](TESTING.md) to see the currently (and passing) tested platforms. The release was tested on:\n\n* Ubuntu 10.04\n* Ubuntu 12.04\n* Ubuntu 13.04\n* Debian 7.1\n* Debian 6.0 (have with manual testing)\n\nMay work with or without modification on other Debian derivatives.\n\n\n-------\n### default\nThis recipe manually updates the timestamp file used to only run `apt-get update` if the cache is more than one day old.\n\nThis recipe should appear first in the run list of Debian or Ubuntu nodes to ensure that the package cache is up to date before managing any `package` resources with Chef.\n\nThis recipe also sets up a local cache directory for preseeding packages.\n\n**Including the default recipe on a node that does not support apt (such as Windows) results in a noop.**\n\n### cacher-client\nConfigures the node to use the `apt-cacher-ng` server as a client.\n\n#### Bypassing the cache\nOccasionally you may come across repositories that do not play nicely when the node is using an `apt-cacher-ng` server. You can configure `cacher-client` to bypass the server and connect directly to the repository with the `cache_bypass` attribute.\n\nTo do this, you need to override the `cache_bypass` attribute with an array of repositories, with each array key as the repository URL and value as the protocol to use:\n\n```json\n{\n \"apt\": {\n \"cache_bypass\": {\n \"URL\": \"PROTOCOL\"\n }\n }\n}\n```\n\nFor example, to prevent caching and directly connect to the repository at `download.oracle.com` via http:\n\n```json\n{\n \"apt\": {\n \"cache_bypass\": {\n \"download.oracle.com\": \"http\"\n }\n }\n}\n```\n\n### cacher-ng\nInstalls the `apt-cacher-ng` package and service so the system can provide APT caching. You can check the usage report at http://{hostname}:3142/acng-report.html.\n\nIf you wish to help the `cacher-ng` recipe seed itself, you must now explicitly include the `cacher-client` recipe in your run list **after** `cacher-ng` or you will block your ability to install any packages (ie. `apt-cacher-ng`).\n\n### unattended-upgrades\n\nInstalls and configures the `unattended-upgrades` package to provide automatic package updates. This can be configured to upgrade all packages or to just install security updates by setting `['apt']['unattended_upgrades']['allowed_origins']`.\n\nTo pull just security updates, you'd set `allowed_origins` to something link `[\"Ubuntu trusty-security\"]` (for Ubuntu trusty) or `[\"Debian wheezy-security\"]` (for Debian wheezy). \n\n\nAttributes\n----------\n\n### General \n* `['apt']['compile_time_update']` - force the default recipe to run `apt-get update` at compile time.\n* `['apt']['periodic_update_min_delay']` - minimum delay (in seconds) beetween two actual executions of `apt-get update` by the `execute[apt-get-update-periodic]` resource, default is '86400' (24 hours)\n\n### Caching\n\n* `['apt']['cacher_ipaddress']` - use a cacher server (or standard proxy server) not available via search\n* `['apt']['cacher_interface']` - interface to connect to the cacher-ng service, no default.\n* `['apt']['cacher_port']` - port for the cacher-ng service (either client or server), default is '3142'\n* `['apt']['cacher_ssl_support']` - indicates whether the cacher supports upstream SSL servers, default is 'false'\n* `['apt']['cacher_dir']` - directory used by cacher-ng service, default is '/var/cache/apt-cacher-ng'\n* `['apt']['cacher-client']['restrict_environment']` - restrict your node to using the `apt-cacher-ng` server in your Environment, default is 'false'\n* `['apt']['compiletime']` - force the `cacher-client` recipe to run before other recipes. It forces apt to use the proxy before other recipes run. Useful if your nodes have limited access to public apt repositories. This is overridden if the `cacher-ng` recipe is in your run list. Default is 'false'\n* `['apt']['cache_bypass']` - array of URLs to bypass the cache. Accepts the URL and protocol to fetch directly from the remote repository and not attempt to cache\n\n### Unattended Upgrades\n\n* `['apt']['unattended_upgrades']['enable']` - enables unattended upgrades, default is false\n* `['apt']['unattended_upgrades']['update_package_lists']` - automatically update package list (`apt-get update`) daily, default is true\n* `['apt']['unattended_upgrades']['allowed_origins']` - array of allowed apt origins from which to pull automatic upgrades, defaults to a guess at the system's main origin and should almost always be overridden\n* `['apt']['unattended_upgrades']['package_blacklist']` - an array of package which should never be automatically upgraded, defaults to none\n* `['apt']['unattended_upgrades']['auto_fix_interrupted_dpkg']` - attempts to repair dpkg state with `dpkg --force-confold --configure -a` if it exits uncleanly, defaults to false (contrary to the unattended-upgrades default)\n* `['apt']['unattended_upgrades']['minimal_steps']` - Split the upgrade into the smallest possible chunks. This makes the upgrade a bit slower but it has the benefit that shutdown while a upgrade is running is possible (with a small delay). Defaults to false.\n* `['apt']['unattended_upgrades']['install_on_shutdown']` - Install upgrades when the machine is shuting down instead of doing it in the background while the machine is running. This will (obviously) make shutdown slower. Defaults to false.\n* `['apt']['unattended_upgrades']['mail']` - Send email to this address for problems or packages upgrades. Defaults to no email.\n* `['apt']['unattended_upgrades']['mail_only_on_error']` - If set, email will only be set on upgrade errors. Otherwise, an email will be sent after each upgrade. Defaults to true.\n* `['apt']['unattended_upgrades']['remove_unused_dependencies']` Do automatic removal of new unused dependencies after the upgrade. Defaults to false.\n* `['apt']['unattended_upgrades']['automatic_reboot']` - Automatically reboots *without confirmation* if a restart is required after the upgrade. Defaults to false.\n* `['apt']['unattended_upgrades']['dl_limit']` - Limits the bandwidth used by apt to download packages. Value given as an integer in kb/sec. Defaults to nil (no limit).\n\nLibraries\n---------\nThere is an `interface_ipaddress` method that returns the IP address for a particular host and interface, used by the `cacher-client` recipe. To enable it on the server use the `['apt']['cacher_interface']` attribute.\n\nResources/Providers\n-------------------\n### `apt_repository`\nThis LWRP provides an easy way to manage additional APT repositories. Adding a new repository will notify running the `execute[apt-get-update]` resource immediately.\n\n#### Actions\n- :add: creates a repository file and builds the repository listing (default)\n- :remove: removes the repository file\n\n#### Attribute Parameters\n- repo_name: name attribute. The name of the channel to discover\n- uri: the base of the Debian distribution\n- distribution: this is usually your release's codename...ie something like `karmic`, `lucid` or `maverick`\n- components: package groupings... when in doubt use `main`\n- arch: constrain package to a particular arch like `i386`, `amd64` or even `armhf` or `powerpc`. Defaults to nil.\n- trusted: treat all packages from this repository as authenticated regardless of signature\n- deb_src: whether or not to add the repository as a source repo as well - value can be `true` or `false`, default `false`.\n- keyserver: the GPG keyserver where the key for the repo should be retrieved\n- key: if a `keyserver` is provided, this is assumed to be the fingerprint, otherwise it can be either the URI to the GPG key for the repo, or a cookbook_file.\n- key_proxy: if set, pass the specified proxy via `http-proxy=` to GPG.\n- cookbook: if key should be a cookbook_file, specify a cookbook where the key is located for files/default. Defaults to nil, so it will use the cookbook where the resource is used.\n\n#### Examples\n\nAdd the Zenoss repo:\n\n```ruby\napt_repository 'zenoss' do\n uri 'http://dev.zenoss.org/deb'\n components ['main', 'stable']\nend\n```\n\nEnable Ubuntu [multiverse](https://help.ubuntu.com/community/Repositories/Ubuntu) repositories:\n\n```ruby\napt_repository 'security-ubuntu-multiverse' do\n uri 'http://security.ubuntu.com/ubuntu'\n distribution 'trusty-security'\n components ['multiverse']\n deb_src 'true'\nend\n```\n\nAdd the Nginx PPA, autodetect the key and repository url:\n\n```ruby\napt_repository 'nginx-php' do\n uri 'ppa:nginx/stable'\n distribution node['lsb']['codename']\nend\n```\n\nAdd the JuJu PPA, grab the key from the keyserver, and add source repo:\n\n```ruby\napt_repository 'juju' do\n uri 'http://ppa.launchpad.net/juju/stable/ubuntu'\n components ['main']\n distribution 'trusty'\n key 'C8068B11'\n keyserver 'keyserver.ubuntu.com'\n action :add\n deb_src true\nend\n```\n\nAdd the Cloudera Repo of CDH4 packages for Ubuntu 12.04 on AMD64:\n\n```ruby\napt_repository 'cloudera' do\n uri 'http://archive.cloudera.com/cdh4/ubuntu/precise/amd64/cdh'\n arch 'amd64'\n distribution 'precise-cdh4'\n components ['contrib']\n key 'http://archive.cloudera.com/debian/archive.key'\nend\n```\n\nRemove Zenoss repo:\n\n```ruby\napt_repository 'zenoss' do\n action :remove\nend\n```\n\n### `apt_preference`\nThis LWRP provides an easy way to pin packages in /etc/apt/preferences.d. Although apt-pinning is quite helpful from time to time please note that Debian does not encourage its use without thorough consideration.\n\nFurther information regarding apt-pinning is available via http://wiki.debian.org/AptPreferences.\n\n#### Actions\n- :add: creates a preferences file under /etc/apt/preferences.d\n- :remove: Removes the file, therefore unpin the package\n\n#### Attribute Parameters\n- package_name: name attribute. The name of the package\n- glob: Pin by glob() expression or regexp surrounded by /.\n- pin: The package version/repository to pin\n- pin_priority: The pinning priority aka \"the highest package version wins\"\n\n#### Examples\nPin libmysqlclient16 to version 5.1.49-3:\n\n```ruby\napt_preference 'libmysqlclient16' do\n pin 'version 5.1.49-3'\n pin_priority '700'\nend\n```\n\nUnpin libmysqlclient16:\n\n```ruby\napt_preference 'libmysqlclient16' do\n action :remove\nend\n```\n\nPin all packages from dotdeb.org:\n\n```ruby\napt_preference 'dotdeb' do\n glob '*'\n pin 'origin packages.dotdeb.org'\n pin_priority '700'\nend\n```\n\n\nUsage\n-----\nPut `recipe[apt]` first in the run list. If you have other recipes that you want to use to configure how apt behaves, like new sources, notify the execute resource to run, e.g.:\n\n```ruby\ntemplate '/etc/apt/sources.list.d/my_apt_sources.list' do\n notifies :run, 'execute[apt-get update]', :immediately\nend\n```\n\nThe above will run during execution phase since it is a normal template resource, and should appear before other package resources that need the sources in the template.\n\nPut `recipe[apt::cacher-ng]` in the run_list for a server to provide APT caching and add `recipe[apt::cacher-client]` on the rest of the Debian-based nodes to take advantage of the caching server.\n\nIf you want to cleanup unused packages, there is also the `apt-get autoclean` and `apt-get autoremove` resources provided for automated cleanup.\n\n\nLicense & Authors\n-----------------\n- Author:: Joshua Timberman (joshua@chef.io)\n- Author:: Matt Ray (matt@chef.io)\n- Author:: Seth Chisamore (schisamo@chef.io)\n\n```text\nCopyright:: 2009-2015, Chef Software, Inc\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache 2.0","platforms":{"ubuntu":">= 0.0.0","debian":">= 0.0.0"},"dependencies":{},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{"apt/cacher-client/restrict_environment":{"description":"Whether to restrict the search for the caching server to the same environment as this node","default":"false"},"apt/cacher_port":{"description":"Default listen port for the caching server","default":"3142"},"apt/cacher_ssl_support":{"description":"The caching server supports upstream SSL servers via CONNECT","default":"false"},"apt/cacher_interface":{"description":"Default listen interface for the caching server","default":null},"apt/key_proxy":{"description":"Passed as the proxy passed to GPG for the apt_repository resource","default":""},"apt/caching_server":{"description":"Set this to true if the node is a caching server","default":"false"}},"groupings":{},"recipes":{"apt":"Runs apt-get update during compile phase and sets up preseed directories","apt::cacher-ng":"Set up an apt-cacher-ng caching proxy","apt::cacher-client":"Client for the apt::cacher-ng caching proxy"},"source_url":"https://github.com/opscode-cookbooks/apt","issues_url":"https://github.com/opscode-cookbooks/apt/issues"} \ No newline at end of file diff --git a/berks-cookbooks/apt/providers/preference.rb b/berks-cookbooks/apt/providers/preference.rb index 865eb4bd..20ca079d 100644 --- a/berks-cookbooks/apt/providers/preference.rb +++ b/berks-cookbooks/apt/providers/preference.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apt # Provider:: preference # -# Copyright 2010-2011, Opscode, Inc. +# Copyright 2010-2011, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,56 +17,68 @@ # limitations under the License. # +use_inline_resources if defined?(use_inline_resources) + +def whyrun_supported? + true +end + # Build preferences.d file contents def build_pref(package_name, pin, pin_priority) "Package: #{package_name}\nPin: #{pin}\nPin-Priority: #{pin_priority}\n" end -action :add do - new_resource.updated_by_last_action(false) +def safe_name(name) + name.tr('.', '_').gsub('*', 'wildcard') +end +action :add do preference = build_pref( new_resource.glob || new_resource.package_name, new_resource.pin, new_resource.pin_priority - ) + ) - preference_dir = directory '/etc/apt/preferences.d' do + directory '/etc/apt/preferences.d' do owner 'root' group 'root' mode 00755 recursive true - action :nothing + action :create end - preference_old_file = file "/etc/apt/preferences.d/#{new_resource.name}" do - action :nothing - if ::File.exists?("/etc/apt/preferences.d/#{new_resource.name}") + name = safe_name(new_resource.name) + + file "/etc/apt/preferences.d/#{new_resource.name}.pref" do + action :delete + if ::File.exist?("/etc/apt/preferences.d/#{new_resource.name}.pref") + Chef::Log.warn "Replacing #{new_resource.name}.pref with #{name}.pref in /etc/apt/preferences.d/" + end + only_if { name != new_resource.name } + end + + file "/etc/apt/preferences.d/#{new_resource.name}" do + action :delete + if ::File.exist?("/etc/apt/preferences.d/#{new_resource.name}") Chef::Log.warn "Replacing #{new_resource.name} with #{new_resource.name}.pref in /etc/apt/preferences.d/" end end - preference_file = file "/etc/apt/preferences.d/#{new_resource.name}.pref" do + file "/etc/apt/preferences.d/#{name}.pref" do owner 'root' group 'root' mode 00644 content preference - action :nothing + action :create end - - preference_dir.run_action(:create) - # write out the preference file, replace it if it already exists - preference_file.run_action(:create) - # remove preference files from previous apt cookbook version - preference_old_file.run_action(:delete) end action :remove do - if ::File.exists?("/etc/apt/preferences.d/#{new_resource.name}") - Chef::Log.info "Un-pinning #{new_resource.name} from /etc/apt/preferences.d/" - file "/etc/apt/preferences.d/#{new_resource.name}" do + name = safe_name(new_resource.name) + if ::File.exist?("/etc/apt/preferences.d/#{name}.pref") + Chef::Log.info "Un-pinning #{name} from /etc/apt/preferences.d/" + file "/etc/apt/preferences.d/#{name}.pref" do action :delete end - new_resource.updated_by_last_action(true) end end diff --git a/berks-cookbooks/apt/providers/repository.rb b/berks-cookbooks/apt/providers/repository.rb index fe96b7fc..05371ebf 100644 --- a/berks-cookbooks/apt/providers/repository.rb +++ b/berks-cookbooks/apt/providers/repository.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apt # Provider:: repository # -# Copyright 2010-2011, Opscode, Inc. +# Copyright 2010-2011, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -24,25 +24,35 @@ def whyrun_supported? end # install apt key from keyserver -def install_key_from_keyserver(key, keyserver) +def install_key_from_keyserver(key, keyserver, key_proxy) execute "install-key #{key}" do - if !node['apt']['key_proxy'].empty? - command "apt-key adv --keyserver-options http-proxy=#{node['apt']['key_proxy']} --keyserver hkp://#{keyserver}:80 --recv #{key}" - else + if keyserver.start_with?('hkp://') command "apt-key adv --keyserver #{keyserver} --recv #{key}" + elsif key_proxy.empty? + command "apt-key adv --keyserver hkp://#{keyserver}:80 --recv #{key}" + else + command "apt-key adv --keyserver-options http-proxy=#{key_proxy} --keyserver hkp://#{keyserver}:80 --recv #{key}" end action :run not_if do - extract_fingerprints_from_cmd('apt-key finger').any? do |fingerprint| + key_present = extract_fingerprints_from_cmd('apt-key finger').any? do |fingerprint| fingerprint.end_with?(key.upcase) end + + key_present && key_is_valid('apt-key list', key.upcase) + end + end + + ruby_block "validate-key #{key}" do + block do + fail "The key #{key} is no longer valid and cannot be used for an apt repository." unless key_is_valid('apt-key list', key.upcase) end end end # run command and extract gpg ids def extract_fingerprints_from_cmd(cmd) - so = Mixlib::ShellOut.new(cmd) + so = Mixlib::ShellOut.new(cmd, env: { 'LANG' => 'en_US', 'LANGUAGE' => 'en_US' }) so.run_command so.stdout.split(/\n/).map do |t| if z = t.match(/^ +Key fingerprint = ([0-9A-F ]+)/) @@ -51,9 +61,28 @@ def extract_fingerprints_from_cmd(cmd) end.compact end +# determine whether apt thinks the key is still valid +def key_is_valid(cmd, key) + valid = true + + so = Mixlib::ShellOut.new(cmd, env: { 'LANG' => 'en_US', 'LANGUAGE' => 'en_US' }) + so.run_command + # rubocop:disable Style/Next + so.stdout.split(/\n/).map do |t| + if t.match(%r{^\/#{key}.*\[expired: .*\]$}) + Chef::Log.debug "Found expired key: #{t}" + valid = false + break + end + end + + Chef::Log.debug "key #{key} validity: #{valid}" + valid +end + # install apt key from URI def install_key_from_uri(uri) - key_name = uri.split(/\//).last + key_name = uri.split(%r{\/}).last cached_keyfile = "#{Chef::Config[:file_cache_path]}/#{key_name}" if new_resource.key =~ /http/ remote_file cached_keyfile do @@ -68,6 +97,12 @@ def install_key_from_uri(uri) mode 00644 action :create end + + ruby_block "validate-key #{cached_keyfile}" do + block do + fail "The key #{cached_keyfile} is no longer valid and cannot be used for an apt repository." unless key_is_valid("gpg #{cached_keyfile}", '') + end + end end execute "install-key #{key_name}" do @@ -83,19 +118,19 @@ def install_key_from_uri(uri) # build repo file contents def build_repo(uri, distribution, components, trusted, arch, add_deb_src) + uri = '"' + uri + '"' unless uri.start_with?("\"", "'") components = components.join(' ') if components.respond_to?(:join) repo_options = [] repo_options << "arch=#{arch}" if arch repo_options << 'trusted=yes' if trusted - repo_options = '[' + repo_options.join(' ') + ']' unless repo_options.empty? - repo_info = "#{uri} #{distribution} #{components}\n" - repo_info = "#{repo_options} #{repo_info}" unless repo_options.empty? + repo_opts = '[' + repo_options.join(' ') + ']' unless repo_options.empty? + repo_info = "#{repo_opts} #{uri} #{distribution} #{components}\n".lstrip repo = "deb #{repo_info}" repo << "deb-src #{repo_info}" if add_deb_src repo end -def get_ppa_key(ppa_owner, ppa_repo) +def get_ppa_key(ppa_owner, ppa_repo, key_proxy) # Launchpad has currently only one stable API which is marked as EOL April 2015. # The new api in devel still uses the same api call for +archive, so I made the version # configurable to provide some sort of workaround if api 1.0 ceases to exist. @@ -104,7 +139,7 @@ def get_ppa_key(ppa_owner, ppa_repo) default_keyserver = 'keyserver.ubuntu.com' require 'open-uri' - api_query = sprintf("#{launchpad_ppa_api}/signing_key_fingerprint", ppa_owner, ppa_repo) + api_query = format("#{launchpad_ppa_api}/signing_key_fingerprint", ppa_owner, ppa_repo) begin key_id = open(api_query).read.delete('"') rescue OpenURI::HTTPError => e @@ -115,12 +150,12 @@ def get_ppa_key(ppa_owner, ppa_repo) raise error end - install_key_from_keyserver(key_id, default_keyserver) + install_key_from_keyserver(key_id, default_keyserver, key_proxy) end # fetch ppa key, return full repo url -def get_ppa_url(ppa) - repo_schema = 'http://ppa.launchpad.net/%s/%s/ubuntu' +def get_ppa_url(ppa, key_proxy) + repo_schema = 'http://ppa.launchpad.net/%s/%s/ubuntu' # ppa:user/repo logic ported from # http://bazaar.launchpad.net/~ubuntu-core-dev/software-properties/main/view/head:/softwareproperties/ppa.py#L86 @@ -131,15 +166,15 @@ def get_ppa_url(ppa) ppa_repo = ppa_name.split('/')[1] ppa_repo = 'ppa' if ppa_repo.nil? - get_ppa_key(ppa_owner, ppa_repo) + get_ppa_key(ppa_owner, ppa_repo, key_proxy) - sprintf(repo_schema, ppa_owner, ppa_repo) + format(repo_schema, ppa_owner, ppa_repo) end action :add do # add key if new_resource.keyserver && new_resource.key - install_key_from_keyserver(new_resource.key, new_resource.keyserver) + install_key_from_keyserver(new_resource.key, new_resource.keyserver, new_resource.key_proxy) elsif new_resource.key install_key_from_uri(new_resource.key) end @@ -163,13 +198,13 @@ def get_ppa_url(ppa) if new_resource.uri.start_with?('ppa:') # build ppa repo file repository = build_repo( - get_ppa_url(new_resource.uri), + get_ppa_url(new_resource.uri, new_resource.key_proxy), new_resource.distribution, 'main', new_resource.trusted, new_resource.arch, new_resource.deb_src - ) + ) else # build repo file repository = build_repo( @@ -179,7 +214,7 @@ def get_ppa_url(ppa) new_resource.trusted, new_resource.arch, new_resource.deb_src - ) + ) end file "/etc/apt/sources.list.d/#{new_resource.name}.list" do @@ -194,7 +229,7 @@ def get_ppa_url(ppa) end action :remove do - if ::File.exists?("/etc/apt/sources.list.d/#{new_resource.name}.list") + if ::File.exist?("/etc/apt/sources.list.d/#{new_resource.name}.list") Chef::Log.info "Removing #{new_resource.name} repository from /etc/apt/sources.list.d/" file "/etc/apt/sources.list.d/#{new_resource.name}.list" do action :delete diff --git a/berks-cookbooks/apt/recipes/cacher-client.rb b/berks-cookbooks/apt/recipes/cacher-client.rb index bee010f1..e1a2a5ef 100644 --- a/berks-cookbooks/apt/recipes/cacher-client.rb +++ b/berks-cookbooks/apt/recipes/cacher-client.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apt # Recipe:: cacher-client # -# Copyright 2011-2013 Opscode, Inc. +# Copyright 2011-2013 Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -35,7 +35,8 @@ class ::Chef::Recipe cacher.default.name = node['apt']['cacher_ipaddress'] cacher.default.ipaddress = node['apt']['cacher_ipaddress'] cacher.default.apt.cacher_port = node['apt']['cacher_port'] - cacher.default.apt_cacher_interface = node['apt']['cacher_interface'] + cacher.default.apt.cacher_interface = node['apt']['cacher_interface'] + cacher.default.apt.cacher_ssl_support = node['apt']['cacher_ssl_support'] servers << cacher elsif node['apt']['caching_server'] node.override['apt']['compiletime'] = false @@ -65,8 +66,9 @@ class ::Chef::Recipe variables( :proxy => cacher_ipaddress, :port => servers[0]['apt']['cacher_port'], + :proxy_ssl => servers[0]['apt']['cacher_ssl_support'], :bypass => node['apt']['cache_bypass'] - ) + ) action(node['apt']['compiletime'] ? :nothing : :create) notifies :run, 'execute[apt-get update]', :immediately end diff --git a/berks-cookbooks/apt/recipes/cacher-ng.rb b/berks-cookbooks/apt/recipes/cacher-ng.rb index 8629dcfa..c20d5c93 100644 --- a/berks-cookbooks/apt/recipes/cacher-ng.rb +++ b/berks-cookbooks/apt/recipes/cacher-ng.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apt # Recipe:: cacher-ng # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the 'License'); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/apt/recipes/default.rb b/berks-cookbooks/apt/recipes/default.rb index f9ed9e65..bfeabbd0 100644 --- a/berks-cookbooks/apt/recipes/default.rb +++ b/berks-cookbooks/apt/recipes/default.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apt # Recipe:: default # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # Copyright 2009, Bryan McLellan # # Licensed under the Apache License, Version 2.0 (the 'License'); @@ -25,10 +25,17 @@ Chef::Log.debug 'apt is not installed. Apt-specific resources will not be executed.' unless apt_installed? -first_run_file = File.join(Chef::Config[:file_cache_path], "apt_compile_time_update_first_run") +first_run_file = File.join(Chef::Config[:file_cache_path], 'apt_compile_time_update_first_run') + +file '/var/lib/apt/periodic/update-success-stamp' do + owner 'root' + group 'root' + only_if { apt_installed? } + action :nothing +end # If compile_time_update run apt-get update at compile time -if node['apt']['compile_time_update'] && ( !::File.exist?('/var/lib/apt/periodic/update-success-stamp') || !::File.exist?(first_run_file) ) +if node['apt']['compile_time_update'] && (!::File.exist?('/var/lib/apt/periodic/update-success-stamp') || !::File.exist?(first_run_file)) e = bash 'apt-get-update at compile time' do code <<-EOH apt-get update @@ -37,16 +44,27 @@ ignore_failure true only_if { apt_installed? } action :nothing + notifies :touch, 'file[/var/lib/apt/periodic/update-success-stamp]', :immediately end e.run_action(:run) end +# Updates 'apt-get update' timestamp after each update success +directory '/etc/apt/apt.conf.d' do + recursive true +end + +cookbook_file '/etc/apt/apt.conf.d/15update-stamp' do + source '15update-stamp' +end + # Run apt-get update to create the stamp file execute 'apt-get-update' do command 'apt-get update' ignore_failure true only_if { apt_installed? } not_if { ::File.exist?('/var/lib/apt/periodic/update-success-stamp') } + notifies :touch, 'file[/var/lib/apt/periodic/update-success-stamp]', :immediately end # For other recipes to call to force an update @@ -55,6 +73,7 @@ ignore_failure true only_if { apt_installed? } action :nothing + notifies :touch, 'file[/var/lib/apt/periodic/update-success-stamp]', :immediately end # Automatically remove packages that are no longer needed for dependencies @@ -71,27 +90,22 @@ action :nothing end -# provides /var/lib/apt/periodic/update-success-stamp on apt-get update -package 'update-notifier-common' do - notifies :run, 'execute[apt-get-update]', :immediately - only_if { apt_installed? } -end - execute 'apt-get-update-periodic' do command 'apt-get update' ignore_failure true only_if do apt_installed? && - ::File.exist?('/var/lib/apt/periodic/update-success-stamp') && - ::File.mtime('/var/lib/apt/periodic/update-success-stamp') < Time.now - node['apt']['periodic_update_min_delay'] + ::File.exist?('/var/lib/apt/periodic/update-success-stamp') && + ::File.mtime('/var/lib/apt/periodic/update-success-stamp') < Time.now - node['apt']['periodic_update_min_delay'] end + notifies :touch, 'file[/var/lib/apt/periodic/update-success-stamp]', :immediately end -%w{/var/cache/local /var/cache/local/preseeding}.each do |dirname| +%w(/var/cache/local /var/cache/local/preseeding).each do |dirname| directory dirname do owner 'root' group 'root' - mode 00755 + mode 00755 action :create only_if { apt_installed? } end diff --git a/berks-cookbooks/apt/recipes/unattended-upgrades.rb b/berks-cookbooks/apt/recipes/unattended-upgrades.rb index d8a14f44..88fccd8e 100644 --- a/berks-cookbooks/apt/recipes/unattended-upgrades.rb +++ b/berks-cookbooks/apt/recipes/unattended-upgrades.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apt # Recipe:: unattended-upgrades # -# Copyright 2014, Opscode, Inc. +# Copyright 2014, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the 'License'); # you may not use this file except in compliance with the License. @@ -28,8 +28,8 @@ action :install end -if node['apt']['unattended_upgrades']['mail'] - package 'mailutils' +package 'bsd-mailx' do + only_if { node['apt']['unattended_upgrades']['mail'] } end template '/etc/apt/apt.conf.d/20auto-upgrades' do diff --git a/berks-cookbooks/apt/resources/preference.rb b/berks-cookbooks/apt/resources/preference.rb index 21589eec..471873ba 100644 --- a/berks-cookbooks/apt/resources/preference.rb +++ b/berks-cookbooks/apt/resources/preference.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apt # Resource:: preference # -# Copyright 2010-2013, Opscode, Inc. +# Copyright 2010-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -26,7 +26,12 @@ def initialize(*args) @action = :add end -attribute :package_name, :kind_of => String, :name_attribute => true +state_attrs :glob, + :package_name, + :pin, + :pin_priority + +attribute :package_name, :kind_of => String, :name_attribute => true, :regex => [/^([a-z]|[A-Z]|[0-9]|_|-|\.|\*)+$/] attribute :glob, :kind_of => String attribute :pin, :kind_of => String attribute :pin_priority, :kind_of => String diff --git a/berks-cookbooks/apt/resources/repository.rb b/berks-cookbooks/apt/resources/repository.rb index be737fee..f40f855b 100644 --- a/berks-cookbooks/apt/resources/repository.rb +++ b/berks-cookbooks/apt/resources/repository.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apt # Resource:: repository # -# Copyright 2010-2013, Opscode, Inc. +# Copyright 2010-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -26,8 +26,21 @@ def initialize(*args) @action = :add end +state_attrs :arch, + :cache_rebuild, + :components, + :cookbook, + :deb_src, + :distribution, + :key, + :keyserver, + :key_proxy, + :repo_name, + :trusted, + :uri + # name of the repo, used for source.list filename -attribute :repo_name, :kind_of => String, :name_attribute => true +attribute :repo_name, :kind_of => String, :name_attribute => true, :regex => [/^([a-z]|[A-Z]|[0-9]|_|-|\.)+$/] attribute :uri, :kind_of => String attribute :distribution, :kind_of => String attribute :components, :kind_of => Array, :default => [] @@ -37,6 +50,7 @@ def initialize(*args) attribute :deb_src, :default => false attribute :keyserver, :kind_of => String, :default => nil attribute :key, :kind_of => String, :default => nil +attribute :key_proxy, :kind_of => String, :default => node['apt']['key_proxy'] attribute :cookbook, :kind_of => String, :default => nil # trigger cache rebuild # If not you can trigger in the recipe itself after checking the status of resource.updated{_by_last_action}? diff --git a/berks-cookbooks/apt/templates/default/01proxy.erb b/berks-cookbooks/apt/templates/default/01proxy.erb index 37bce877..1cd22565 100644 --- a/berks-cookbooks/apt/templates/default/01proxy.erb +++ b/berks-cookbooks/apt/templates/default/01proxy.erb @@ -1,5 +1,9 @@ Acquire::http::Proxy "http://<%= @proxy %>:<%= @port %>"; +<% if @proxy_ssl %> +Acquire::https::Proxy "http://<%= @proxy %>:<%= @port %>"; +<% else %> Acquire::https::Proxy "DIRECT"; +<% end %> <% @bypass.each do |bypass, type| %> Acquire::<%= type %>::Proxy::<%= bypass %> "DIRECT"; <% end %> diff --git a/berks-cookbooks/apt/templates/default/20auto-upgrades.erb b/berks-cookbooks/apt/templates/default/20auto-upgrades.erb index e3e51355..54449b6a 100644 --- a/berks-cookbooks/apt/templates/default/20auto-upgrades.erb +++ b/berks-cookbooks/apt/templates/default/20auto-upgrades.erb @@ -1,2 +1,2 @@ APT::Periodic::Update-Package-Lists "<%= node['apt']['unattended_upgrades']['update_package_lists'] ? 1 : 0 %>"; -APT::Periodic::Unattended-Upgrade "<%= node['apt']['unattended_upgrades']['enabled'] ? 1 : 0 %>"; +APT::Periodic::Unattended-Upgrade "<%= node['apt']['unattended_upgrades']['enable'] ? 1 : 0 %>"; diff --git a/berks-cookbooks/apt/templates/default/50unattended-upgrades.erb b/berks-cookbooks/apt/templates/default/50unattended-upgrades.erb index d8688b81..9984973f 100644 --- a/berks-cookbooks/apt/templates/default/50unattended-upgrades.erb +++ b/berks-cookbooks/apt/templates/default/50unattended-upgrades.erb @@ -54,6 +54,12 @@ Unattended-Upgrade::Remove-Unused-Dependencies "<%= node['apt']['unattended_upgr // the file /var/run/reboot-required is found after the upgrade Unattended-Upgrade::Automatic-Reboot "<%= node['apt']['unattended_upgrades']['automatic_reboot'] ? 'true' : 'false' %>"; +// If automatic reboot is enabled and needed, reboot at the specific +// time instead of immediately +// Default: "now" +<% if node['apt']['unattended_upgrades']['automatic_reboot'] -%> +Unattended-Upgrade::Automatic-Reboot-Time "<%= node['apt']['unattended_upgrades']['automatic_reboot_time'] %>"; +<% end %> // Use apt bandwidth limit feature, this example limits the download // speed to 70kb/sec diff --git a/berks-cookbooks/build-essential/.envrc b/berks-cookbooks/build-essential/.envrc new file mode 100644 index 00000000..8edeaaf8 --- /dev/null +++ b/berks-cookbooks/build-essential/.envrc @@ -0,0 +1,3 @@ + +# Force ChefDK's environment +source_env ~/.envrc_chefdk diff --git a/berks-cookbooks/build-essential/.gitignore b/berks-cookbooks/build-essential/.gitignore new file mode 100644 index 00000000..4e95ff61 --- /dev/null +++ b/berks-cookbooks/build-essential/.gitignore @@ -0,0 +1,16 @@ +.vagrant +Berksfile.lock +Gemfile.lock +*~ +*# +.#* +\#*# +.*.sw[a-z] +*.un~ +.bundle +.cache +.kitchen +.rspec +bin +.kitchen.local.yml +.coverage diff --git a/berks-cookbooks/build-essential/.kitchen.cloud.yml b/berks-cookbooks/build-essential/.kitchen.cloud.yml new file mode 100644 index 00000000..e9b4dc15 --- /dev/null +++ b/berks-cookbooks/build-essential/.kitchen.cloud.yml @@ -0,0 +1,165 @@ +#<% require 'kitchen-sync' %> +--- +driver_config: + digitalocean_client_id: <%= ENV['DIGITAL_OCEAN_CLIENT_ID'] %> + google_client_email: <%= ENV['GOOGLE_CLIENT_EMAIL'] %> + google_key_location: <%= ENV['GOOGLE_KEY_LOCATION'] %> + google_project: <%= ENV['GOOGLE_PROJECT'] %> + joyent_username: <%= ENV['SDC_CLI_ACCOUNT'] %> + joyent_keyfile: <%= ENV['SDC_CLI_IDENTITY'] %> + joyent_keyname: <%= ENV['SDC_CLI_KEY_ID'] %> + joyent_url: <%= ENV['SDC_CLI_URL'] %> + aws_access_key_id: <%= ENV['AWS_ACCESS_KEY_ID'] %> + aws_secret_access_key: <%= ENV['AWS_SECRET_ACCESS_KEY'] %> + aws_ssh_key_id: <%= ENV['AWS_KEYPAIR_NAME'] %> + flavor_id: <%= ENV['EC2_FLAVOR_ID'] %> + availability_zone: <%= ENV['AWS_AVAILABILITY_ZONE'] %> + +provisioner: + name: chef_zero + # require_chef_omnibus: 11.16.4 + require_chef_omnibus: 12.0.3 + +platforms: +- name: centos-5.8 + driver_plugin: digital_ocean + driver_config: + size: 2gb + image: centos-5-8-x64 + region: <%= ENV['DIGITAL_OCEAN_REGION'] %> + ssh_key_ids: <%= ENV['DIGITAL_OCEAN_SSH_KEY_IDS'] %> + ssh_key: <%= ENV['DIGITAL_OCEAN_SSH_KEY_PATH'] %> + +- name: centos-6.5 + driver_plugin: digital_ocean + driver_config: + size: 2gb + image: centos-6-5-x64 + region: <%= ENV['DIGITAL_OCEAN_REGION'] %> + ssh_key_ids: <%= ENV['DIGITAL_OCEAN_SSH_KEY_IDS'] %> + ssh_key: <%= ENV['DIGITAL_OCEAN_SSH_KEY_PATH'] %> + +- name: centos-7.0 + driver_plugin: digital_ocean + driver_config: + size: 2gb + image: centos-7-0-x64 + region: <%= ENV['DIGITAL_OCEAN_REGION'] %> + ssh_key_ids: <%= ENV['DIGITAL_OCEAN_SSH_KEY_IDS'] %> + ssh_key: <%= ENV['DIGITAL_OCEAN_SSH_KEY_PATH'] %> + +- name: amazon-2014.09 + driver_plugin: ec2 + driver_config: + image_id: ami-9a6ed3f2 + username: ec2-user + ssh_key: <%= ENV['EC2_SSH_KEY_PATH'] %> + +# - name: redhat-6.5 +# driver_plugin: ec2 +# driver_config: +# image_id: ami-8d756fe4 +# username: ec2-user +# ssh_key: <%= ENV['EC2_SSH_KEY_PATH'] %> +# run_list: +# - recipe[selinux::disabled] + +- name: redhat-7.0 + driver_plugin: ec2 + driver_config: + image_id: ami-a8d369c0 + username: ec2-user + ssh_key: <%= ENV['EC2_SSH_KEY_PATH'] %> + run_list: + - recipe[selinux::disabled] + +- name: fedora-20 + driver_plugin: digital_ocean + driver_config: + size: 2gb + image: fedora-20-x64 + region: <%= ENV['DIGITAL_OCEAN_REGION'] %> + ssh_key_ids: <%= ENV['DIGITAL_OCEAN_SSH_KEY_IDS'] %> + ssh_key: <%= ENV['DIGITAL_OCEAN_SSH_KEY_PATH'] %> + +- name: suse-11.3 + driver_plugin: ec2 + driver_config: + image_id: ami-e8084981 + username: root + ssh_key: <%= ENV['EC2_SSH_KEY_PATH'] %> + +- name: debian-7.0 + driver_plugin: gce + driver_config: + image_name: debian-7-wheezy-v20131120 + zone: <%= ENV['GCE_ZONE'] %> + area: <%= ENV['GCE_AREA'] %> + network: <%= ENV['GCE_NETWORK'] %> + username: <%= ENV['GCE_USERNAME'] %> + public_key_path: <%= ENV['GCE_PUBLIC_KEY_PATH'] %> + ssh_key: <%= ENV['GCE_SSH_KEY_PATH'] %> + run_list: + - recipe[apt] + +- name: ubuntu-10.04 + driver_plugin: digital_ocean + driver_config: + size: 2gb + image: ubuntu-10-04-x64 + region: <%= ENV['DIGITAL_OCEAN_REGION'] %> + ssh_key_ids: <%= ENV['DIGITAL_OCEAN_SSH_KEY_IDS'] %> + ssh_key: <%= ENV['DIGITAL_OCEAN_SSH_KEY_PATH'] %> + run_list: + - recipe[apt] + +- name: ubuntu-12.04 + driver_plugin: digital_ocean + driver_config: + size: 2gb + image: ubuntu-12-04-x64 + region: <%= ENV['DIGITAL_OCEAN_REGION'] %> + ssh_key_ids: <%= ENV['DIGITAL_OCEAN_SSH_KEY_IDS'] %> + ssh_key: <%= ENV['DIGITAL_OCEAN_SSH_KEY_PATH'] %> + run_list: + - recipe[apt] + +- name: ubuntu-14.04 + driver_plugin: digital_ocean + driver_config: + size: 2gb + image: ubuntu-14-04-x64 + region: <%= ENV['DIGITAL_OCEAN_REGION'] %> + ssh_key_ids: <%= ENV['DIGITAL_OCEAN_SSH_KEY_IDS'] %> + ssh_key: <%= ENV['DIGITAL_OCEAN_SSH_KEY_PATH'] %> + run_list: + - recipe[apt] + +# - name: omnios-151006 +# driver_plugin: ec2 +# driver_config: +# image_id: ami-35eb835c +# flavor_id: m3.large +# username: root +# ssh_key: <%= ENV['EC2_SSH_KEY_PATH'] %> +# run_list: +# - recipe[ips-omniti] + +# - name: smartos-14.3.0 +# driver_plugin: joyent +# driver_config: +# joyent_image_id: 62f148f8-6e84-11e4-82c5-efca60348b9f +# joyent_flavor_id: g3-standard-4-smartos +# username: root +# ssh_key: <%= ENV['SDC_CLI_IDENTITY'] %> +# busser: +# ruby_bindir: '/opt/local/bin/' +# provisioner: +# sudo: false +# chef_omnibus_url: https://raw.github.com/test-kitchen/kitchen-joyent/master/scripts/install-smartos.sh + +suites: +- name: default + run_list: + - recipe[build-essential::default] + attributes: {} diff --git a/berks-cookbooks/build-essential/.kitchen.yml b/berks-cookbooks/build-essential/.kitchen.yml new file mode 100644 index 00000000..4bae9acc --- /dev/null +++ b/berks-cookbooks/build-essential/.kitchen.yml @@ -0,0 +1,24 @@ +driver: + name: vagrant + +platforms: + - name: centos-5.10 + - name: centos-6.5 + - name: fedora-19 + - name: freebsd-9.2 + run_list: freebsd::portsnap + - name: freebsd-10.0 + run_list: freebsd::portsnap + - name: macosx-10.9 + - name: debian-7.4 + run_list: apt::default + - name: ubuntu-10.04 + run_list: apt::default + - name: ubuntu-12.04 + run_list: apt::default + - name: ubuntu-13.10 + run_list: apt::default + +suites: + - name: default + run_list: build-essential::default diff --git a/berks-cookbooks/build-essential/.rubocop.yml b/berks-cookbooks/build-essential/.rubocop.yml new file mode 100644 index 00000000..d89e28ed --- /dev/null +++ b/berks-cookbooks/build-essential/.rubocop.yml @@ -0,0 +1,30 @@ +AllCops: + Exclude: + - bin/**/* + - script/**/* + - vendor/**/* + +AbcSize: + Max: 50 +AlignParameters: + Enabled: false +ClassAndModuleChildren: + Enabled: false +Documentation: + Enabled: false +DoubleNegation: + Enabled: false +Encoding: + Enabled: false +GuardClause: + Enabled: false +LineLength: + Max: 120 +MethodLength: + Max: 20 +PercentLiteralDelimiters: + Enabled: false +SignalException: + Enabled: false +SingleSpaceBeforeFirstArg: + Enabled: false diff --git a/berks-cookbooks/build-essential/.travis.yml b/berks-cookbooks/build-essential/.travis.yml new file mode 100644 index 00000000..67f451d9 --- /dev/null +++ b/berks-cookbooks/build-essential/.travis.yml @@ -0,0 +1,40 @@ +# Use Travis's cointainer based infrastructure +sudo: false +addons: + apt: + sources: + - chef-stable-precise + packages: + - chefdk + +# Don't `bundle install` +install: echo "skip bundle install" + +branches: + only: + - master + +# Ensure we make ChefDK's Ruby the default +before_script: + - eval "$(/opt/chefdk/bin/chef shell-init bash)" + # We have to install chef-sugar for ChefSpec + - /opt/chefdk/embedded/bin/chef gem install chef-sugar +script: + - /opt/chefdk/embedded/bin/chef --version + - /opt/chefdk/embedded/bin/rubocop --version + - /opt/chefdk/embedded/bin/rubocop + - /opt/chefdk/embedded/bin/foodcritic --version + - /opt/chefdk/embedded/bin/foodcritic . --exclude spec + - /opt/chefdk/embedded/bin/rspec spec + +notifications: + hipchat: + on_change: true + on_failure: true + on_success: false + on_pull_requests: false + rooms: + # Build Statuses + - secure: fk4NTplcjE097Oan2HgZc+Lxx8X9k2QDolwBKZMDNrreFImBgw6HJBwHUv6Hfay2xh7Y720iNFeTTN3Ep0/M4YgmBrwhry3jSMN8TX7SAOGPCC8zIB0ELGGAyQKxDjwwsA18KTbuDkV5yboiUzvY86G5bWT8vfWEd1ljTEnIazQ= + # Release Engineering + - secure: X35KY6kImjVyYiT9gOlRJd26MKh5KQFwxcQm3fF9Y+pnB1v7uB3w6+jzoxhvPN5O2US3xGQsaJOSAB1uhZh+FZOKfZ/ewyXVUcTXrUTC9Mjofd3n33xD68qoI22mntEQilugvC+OPhq9uWyX0OlRhnnT+J56Vq7feSI4ez9e9Og= diff --git a/berks-cookbooks/build-essential/Berksfile b/berks-cookbooks/build-essential/Berksfile new file mode 100644 index 00000000..50e57a37 --- /dev/null +++ b/berks-cookbooks/build-essential/Berksfile @@ -0,0 +1,8 @@ +source 'https://supermarket.chef.io' + +metadata + +group :integration do + cookbook 'apt' + cookbook 'freebsd' +end diff --git a/berks-cookbooks/build-essential/CHANGELOG.md b/berks-cookbooks/build-essential/CHANGELOG.md index 8efb8ea9..c2a5a105 100644 --- a/berks-cookbooks/build-essential/CHANGELOG.md +++ b/berks-cookbooks/build-essential/CHANGELOG.md @@ -2,6 +2,26 @@ build-essential Cookbook CHANGELOG ================================== This file is used to list changes made in each version of the build-essential cookbook. +v2.2.3 (2015-04-15) +------------------- +* Don’t install omnibus-build-essential on Solaris 10 - We decided it’s easier to use the old GCC that ships with Solaris 10. +* Use ChefDK for all Travis testing. + +v2.2.2 (2015-03-27) +------------------- +* Update Solar 10’s omnibus-build-essential to 0.0.5 + +v2.2.1 (2015-03-23) +------------------- +* Install GNU Patch on Solaris 11 + +v2.2.0 (2015-03-18) +------------------- +* [solaris] Differentiate between Solaris 10 and 11 +* [solaris] Add ucb compat package +* [solaris] Solaris 10 build essential setup +* Fix metadata to use a string instead of a bool (see #56, #57) + v2.1.3 (2014-11-18) ------------------- * Update metadata for supported versions of OS X (10.7+) as noted from @@ -56,13 +76,13 @@ v1.4.4 (2014-02-27) v1.4.2 ------ ### Bug -- **[COOK-3318](https://tickets.opscode.com/browse/COOK-3318)** - Use Mixlib::ShellOut instead of Chef::ShellOut +- **[COOK-3318](https://tickets.chef.io/browse/COOK-3318)** - Use Mixlib::ShellOut instead of Chef::ShellOut ### New Feature -- **[COOK-3093](https://tickets.opscode.com/browse/COOK-3093)** - Add OmniOS support +- **[COOK-3093](https://tickets.chef.io/browse/COOK-3093)** - Add OmniOS support ### Improvement -- **[COOK-3024](https://tickets.opscode.com/browse/COOK-3024)** - Use newer package on SmartOS +- **[COOK-3024](https://tickets.chef.io/browse/COOK-3024)** - Use newer package on SmartOS v1.4.0 ------ diff --git a/berks-cookbooks/build-essential/CONTRIBUTING b/berks-cookbooks/build-essential/CONTRIBUTING new file mode 100644 index 00000000..e781c979 --- /dev/null +++ b/berks-cookbooks/build-essential/CONTRIBUTING @@ -0,0 +1,29 @@ +If you would like to contribute, please open a ticket in JIRA: + +* http://tickets.chef.io + +Create the ticket in the COOK project and use the cookbook name as the +component. + +For all code contributions, we ask that contributors sign a +contributor license agreement (CLA). Instructions may be found here: + +* http://wiki.chef.io/display/chef/How+to+Contribute + +When contributing changes to individual cookbooks, please do not +modify the version number in the metadata.rb. Also please do not +update the CHANGELOG.md for a new version. Not all changes to a +cookbook may be merged and released in the same versions. Chef Software will +handle the version updates during the release process. You are welcome +to correct typos or otherwise make updates to documentation in the +README. + +If a contribution adds new platforms or platform versions, indicate +such in the body of the commit message(s), and update the relevant +COOK ticket. When writing commit messages, it is helpful for others if +you indicate the COOK ticket. For example: + + git commit -m '[COOK-1041] Updated pool resource to correctly delete.' + +In the ticket itself, it is also helpful if you include log output of +a successful Chef run, but this is not absolutely required. diff --git a/berks-cookbooks/build-essential/Gemfile b/berks-cookbooks/build-essential/Gemfile new file mode 100644 index 00000000..c1d9ad32 --- /dev/null +++ b/berks-cookbooks/build-essential/Gemfile @@ -0,0 +1,38 @@ +source 'https://rubygems.org' + +group :lint do + gem 'foodcritic', '~> 3.0' + gem 'rubocop', '= 0.26.1' +end + +group :unit do + gem 'berkshelf', '~> 3.1' + gem 'chefspec', '~> 4.0' +end + +group :kitchen_common do + gem 'test-kitchen', '~> 1.2' +end + +group :kitchen_vagrant do + gem 'kitchen-vagrant', '~> 0.15' +end + +group :kitchen_cloud do + gem 'kitchen-digitalocean', '~> 0.8' + gem 'kitchen-ec2', '~> 0.8' + gem 'kitchen-joyent', '~> 0.1' + gem 'kitchen-gce', '~> 0.2' +end + +group :development do + gem 'ruby_gntp' + gem 'growl' + gem 'rb-fsevent' + gem 'guard', '~> 2.4' + gem 'guard-kitchen' + gem 'guard-foodcritic' + gem 'guard-rspec' + gem 'guard-rubocop' + gem 'rake' +end diff --git a/berks-cookbooks/build-essential/Guardfile b/berks-cookbooks/build-essential/Guardfile new file mode 100644 index 00000000..b8783004 --- /dev/null +++ b/berks-cookbooks/build-essential/Guardfile @@ -0,0 +1,35 @@ +# A sample Guardfile +# More info at https://github.com/guard/guard#readme + +# guard 'kitchen' do +# watch(%r{test/.+}) +# watch(%r{^recipes/(.+)\.rb$}) +# watch(%r{^attributes/(.+)\.rb$}) +# watch(%r{^files/(.+)}) +# watch(%r{^templates/(.+)}) +# watch(%r{^providers/(.+)\.rb}) +# watch(%r{^resources/(.+)\.rb}) +# end + +guard 'foodcritic', cookbook_paths: '.', all_on_start: false do + watch(/attributes\/.+\.rb$/) + watch(/providers\/.+\.rb$/) + watch(/recipes\/.+\.rb$/) + watch(/resources\/.+\.rb$/) + watch('metadata.rb') +end + +guard 'rubocop', all_on_start: false do + watch(/attributes\/.+\.rb$/) + watch(/providers\/.+\.rb$/) + watch(/recipes\/.+\.rb$/) + watch(/resources\/.+\.rb$/) + watch('metadata.rb') +end + +guard :rspec, cmd: 'bundle exec rspec', all_on_start: false, notification: false do + watch(/^libraries\/(.+)\.rb$/) + watch(/^spec\/(.+)_spec\.rb$/) + watch(/^(recipes)\/(.+)\.rb$/) { |m| "spec/#{m[1]}_spec.rb" } + watch('spec/spec_helper.rb') { 'spec' } +end diff --git a/berks-cookbooks/logrotate/LICENSE b/berks-cookbooks/build-essential/LICENSE similarity index 100% rename from berks-cookbooks/logrotate/LICENSE rename to berks-cookbooks/build-essential/LICENSE diff --git a/berks-cookbooks/build-essential/README.md b/berks-cookbooks/build-essential/README.md index 0d985029..bd94ff9e 100644 --- a/berks-cookbooks/build-essential/README.md +++ b/berks-cookbooks/build-essential/README.md @@ -1,10 +1,10 @@ Description =========== [![Cookbook Version](http://img.shields.io/cookbook/v/build-essential.svg)][cookbook] -[![Build Status](http://img.shields.io/travis/opscode-cookbooks/build-essential.svg)][travis] +[![Build Status](http://img.shields.io/travis/chef-cookbooks/build-essential.svg)][travis] -[cookbook]: https://community.opscode.com/cookbooks/build-essential -[travis]: http://travis-ci.org/opscode-cookbooks/build-essential +[cookbook]: https://community.chef.io/cookbooks/build-essential +[travis]: http://travis-ci.org/chef-cookbooks/build-essential Installs packages required for compiling C software from source. Use this cookbook if you wish to compile C programs, or install RubyGems with native @@ -15,7 +15,7 @@ Requirements Chef 11+ and Ohai 6.14+ are required. For the latest list of supported platforms, please see the `metadata.rb`. -**Note for Debian platform family:** On Debian platform-family systems, it is recommended that `apt-get update` be run, to ensure that the package cache is updated. It's not in the scope of this cookbook to do that, as it can [create a duplicate resource](https://tickets.opscode.com/browse/CHEF-3694). We recommend using the [apt](https://supermarket.getchef.com/cookbooks/apt) cookbook to do this. +**Note for Debian platform family:** On Debian platform-family systems, it is recommended that `apt-get update` be run, to ensure that the package cache is updated. It's not in the scope of this cookbook to do that, as it can [create a duplicate resource](https://tickets.chef.io/browse/CHEF-3694). We recommend using the [apt](https://supermarket.chef.io/cookbooks/apt) cookbook to do this. **Note for OmniOS**: Currently, OmniOS's Ruby package is built with GCC 4.6.3, and the path is hardcoded, as the gcc binaries are not @@ -87,11 +87,11 @@ extension: License & Authors ----------------- - Author: Seth Vargo () -- Author: Joshua Timberman () -- Author: Seth Chisamore () +- Author: Joshua Timberman () +- Author: Seth Chisamore () ```text -Copyright 2009-2014, Chef Software, Inc. () +Copyright 2009-2014, Chef Software, Inc. () Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -105,3 +105,4 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ``` + diff --git a/berks-cookbooks/build-essential/Rakefile b/berks-cookbooks/build-essential/Rakefile new file mode 100644 index 00000000..0efd590f --- /dev/null +++ b/berks-cookbooks/build-essential/Rakefile @@ -0,0 +1,65 @@ +require 'bundler/setup' + +# Style tests. Rubocop and Foodcritic +namespace :style do + require 'rubocop/rake_task' + desc 'Run Ruby style checks' + RuboCop::RakeTask.new(:ruby) + + require 'foodcritic' + desc 'Run Chef style checks' + FoodCritic::Rake::LintTask.new(:chef) do |t| + t.options = { + fail_tags: ['any'], + tags: ['~FC005'] + } + end +end + +desc 'Run all style checks' +task style: ['style:chef', 'style:ruby'] + +# Rspec and ChefSpec +require 'rspec/core/rake_task' +desc 'Run ChefSpec examples' +RSpec::Core::RakeTask.new(:spec) + +# Integration tests. Kitchen.ci +require 'kitchen' +namespace :integration do + desc 'Run Test Kitchen with Vagrant' + task :vagrant do + Kitchen.logger = Kitchen.default_file_logger + Kitchen::Config.new.instances.each do |instance| + instance.test(:always) + end + end + + desc 'Run Test Kitchen with cloud plugins' + task :cloud do + run_kitchen = true + if ENV['TRAVIS'] == 'true' && ENV['TRAVIS_PULL_REQUEST'] != 'false' + run_kitchen = false + end + + if run_kitchen + Kitchen.logger = Kitchen.default_file_logger + @loader = Kitchen::Loader::YAML.new(project_config: './.kitchen.cloud.yml') + config = Kitchen::Config.new(loader: @loader) + config.instances.each do |instance| + instance.test(:always) + end + end + end +end + +namespace :travis do + desc 'Run tests on Travis' + task ci: %w(style spec) +end + +# The default rake task should just run it all +task default: %w(travis:ci integration) + +# The default rake task should just run it all +task default: ['style', 'spec', 'integration:vagrant'] diff --git a/berks-cookbooks/build-essential/attributes/default.rb b/berks-cookbooks/build-essential/attributes/default.rb index 156c00e2..ca383eeb 100644 --- a/berks-cookbooks/build-essential/attributes/default.rb +++ b/berks-cookbooks/build-essential/attributes/default.rb @@ -2,7 +2,7 @@ # Cookbook Name:: build-essential # Attributes:: default # -# Copyright 2008-2012, Opscode, Inc. +# Copyright 2008-2012, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/build-essential/libraries/xcode_command_line_tools.rb b/berks-cookbooks/build-essential/libraries/xcode_command_line_tools.rb index 4b16197f..1f4f049b 100644 --- a/berks-cookbooks/build-essential/libraries/xcode_command_line_tools.rb +++ b/berks-cookbooks/build-essential/libraries/xcode_command_line_tools.rb @@ -42,7 +42,7 @@ def initialize(name, run_context = nil) If you have tested and verified OSX #{node['platform_version']} and you are sick of seeing this warning in your Chef Client runs, please submit a Pull Request to -https://github.com/opscode-cookbooks/build-essential and add this version of OSX +https://github.com/chef-cookbooks/build-essential and add this version of OSX to provider list. EOH Provider::XcodeCommandLineToolsFromSoftwareUpdate diff --git a/berks-cookbooks/build-essential/matrix b/berks-cookbooks/build-essential/matrix new file mode 100644 index 00000000..c7ea4137 --- /dev/null +++ b/berks-cookbooks/build-essential/matrix @@ -0,0 +1,10 @@ + matrix: + - KITCHEN_INSTANCE='default-centos-58 + - KITCHEN_INSTANCE='default-centos-64 + - KITCHEN_INSTANCE='default-amazon-201309 + - KITCHEN_INSTANCE='default-fedora-19 + - KITCHEN_INSTANCE='default-debian-70 + - KITCHEN_INSTANCE='default-ubuntu-1004 + - KITCHEN_INSTANCE='default-ubuntu-1204 + - KITCHEN_INSTANCE='default-ubuntu-1310 + - KITCHEN_INSTANCE='default-smartos-1330 diff --git a/berks-cookbooks/build-essential/metadata.json b/berks-cookbooks/build-essential/metadata.json index 4462cc3a..bed677ff 100644 --- a/berks-cookbooks/build-essential/metadata.json +++ b/berks-cookbooks/build-essential/metadata.json @@ -1,10 +1,9 @@ { "name": "build-essential", - "version": "2.1.3", "description": "Installs C compiler / build tools", "long_description": "", "maintainer": "Chef Software, Inc.", - "maintainer_email": "cookbooks@getchef.com", + "maintainer_email": "cookbooks@chef.io", "license": "Apache 2.0", "platforms": { "amazon": ">= 0.0.0", @@ -22,23 +21,44 @@ "ubuntu": ">= 0.0.0" }, "dependencies": { + }, "recommendations": { + }, "suggestions": { "pkgutil": ">= 0.0.0" }, "conflicting": { + }, "providing": { + }, "replacing": { + }, "attributes": { + "build-essential/compile_time": { + "display_name": "Build Essential Compile Time Execution", + "description": "Execute resources at compile time.", + "default": "false", + "recipes": [ + "build-essential::default" + ], + "choice": [ + + ], + "calculated": false, + "type": "string", + "required": "optional" + } }, "groupings": { + }, "recipes": { "build-essential": "Installs packages required for compiling C software from source." - } -} \ No newline at end of file + }, + "version": "2.2.3" +} diff --git a/berks-cookbooks/build-essential/recipes/_debian.rb b/berks-cookbooks/build-essential/recipes/_debian.rb index 3f76b438..217032bd 100644 --- a/berks-cookbooks/build-essential/recipes/_debian.rb +++ b/berks-cookbooks/build-essential/recipes/_debian.rb @@ -2,7 +2,7 @@ # Cookbook Name:: build-essential # Recipe:: debian # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/build-essential/recipes/_fedora.rb b/berks-cookbooks/build-essential/recipes/_fedora.rb index 22beef7f..72715b7d 100644 --- a/berks-cookbooks/build-essential/recipes/_fedora.rb +++ b/berks-cookbooks/build-essential/recipes/_fedora.rb @@ -2,7 +2,7 @@ # Cookbook Name:: build-essential # Recipe:: fedora # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/build-essential/recipes/_mac_os_x.rb b/berks-cookbooks/build-essential/recipes/_mac_os_x.rb index 831a032f..f5776134 100644 --- a/berks-cookbooks/build-essential/recipes/_mac_os_x.rb +++ b/berks-cookbooks/build-essential/recipes/_mac_os_x.rb @@ -2,7 +2,7 @@ # Cookbook Name:: build-essential # Recipe:: mac_os_x # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/build-essential/recipes/_omnios.rb b/berks-cookbooks/build-essential/recipes/_omnios.rb index ac77b912..cba2bd77 100644 --- a/berks-cookbooks/build-essential/recipes/_omnios.rb +++ b/berks-cookbooks/build-essential/recipes/_omnios.rb @@ -2,7 +2,7 @@ # Cookbook Name:: build-essential # Recipe:: omnios # -# Copyright 2013, Opscode, Inc. +# Copyright 2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/build-essential/recipes/_rhel.rb b/berks-cookbooks/build-essential/recipes/_rhel.rb index 3a26bcfb..e2b08a68 100644 --- a/berks-cookbooks/build-essential/recipes/_rhel.rb +++ b/berks-cookbooks/build-essential/recipes/_rhel.rb @@ -2,7 +2,7 @@ # Cookbook Name:: build-essential # Recipe:: rhel # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/build-essential/recipes/_smartos.rb b/berks-cookbooks/build-essential/recipes/_smartos.rb index 930c7d2d..f969bb84 100644 --- a/berks-cookbooks/build-essential/recipes/_smartos.rb +++ b/berks-cookbooks/build-essential/recipes/_smartos.rb @@ -2,7 +2,7 @@ # Cookbook Name:: build-essential # Recipe:: smartos # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/build-essential/recipes/_solaris2.rb b/berks-cookbooks/build-essential/recipes/_solaris2.rb index 5ba594fb..32ed8a71 100644 --- a/berks-cookbooks/build-essential/recipes/_solaris2.rb +++ b/berks-cookbooks/build-essential/recipes/_solaris2.rb @@ -2,7 +2,7 @@ # Cookbook Name:: build-essential # Recipe:: solaris2 # -# Copyright 2013, Opscode, Inc. +# Copyright 2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,19 +17,32 @@ # limitations under the License. # -potentially_at_compile_time do - package 'autoconf' - package 'automake' - package 'bison' - package 'coreutils' - package 'flex' - package 'gcc4core' - package 'gcc4g++' - package 'gcc4objc' - package 'gcc3core' - package 'gcc3g++' - package 'ggrep' - package 'gmake' - package 'gtar' - package 'pkgconfig' +case node['platform_version'].to_f +when 5.10 + # You should install the following packages from the Solaris 10 DVD: + # + # SUNWbison + # SUNWgcc + # SUNWggrp + # SUNWgmake + # SUNWgtar + # +when 5.11 + potentially_at_compile_time do + package 'autoconf' + package 'automake' + package 'bison' + package 'gnu-coreutils' + package 'flex' + package 'gcc' + package 'gcc-3' + package 'gnu-grep' + package 'gnu-make' + package 'gnu-patch' + package 'gnu-tar' + package 'pkg-config' + package 'ucb' + end +else + raise "Sorry, we don't support Solaris version #{node['platform_version']} at this juncture." end diff --git a/berks-cookbooks/build-essential/recipes/_suse.rb b/berks-cookbooks/build-essential/recipes/_suse.rb index e80a19d5..6618c0ee 100644 --- a/berks-cookbooks/build-essential/recipes/_suse.rb +++ b/berks-cookbooks/build-essential/recipes/_suse.rb @@ -2,7 +2,7 @@ # Cookbook Name:: build-essential # Recipe:: suse # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2008-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/build-essential/recipes/default.rb b/berks-cookbooks/build-essential/recipes/default.rb index 8dfa0072..46bcad7a 100644 --- a/berks-cookbooks/build-essential/recipes/default.rb +++ b/berks-cookbooks/build-essential/recipes/default.rb @@ -2,7 +2,7 @@ # Cookbook Name:: build-essential # Recipe:: default # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2008-2009, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/chef-sugar/CHANGELOG.md b/berks-cookbooks/chef-sugar/CHANGELOG.md index a81d091c..d0a52d59 100644 --- a/berks-cookbooks/chef-sugar/CHANGELOG.md +++ b/berks-cookbooks/chef-sugar/CHANGELOG.md @@ -2,6 +2,14 @@ Chef Sugar Changelog ========================= This file is used to list changes made in each version of the chef-sugar cookbook and gem. +v3.0.2 (2015-03-26) +------------------- +### Improvements +- Add helpers for `ppc64` and `ppc64le` architecture + +### Bug Fixes +- Adjustments to error message + v3.0.1 (2015-03-20) ------------------- ### Breaking Changes diff --git a/berks-cookbooks/chef-sugar/README.md b/berks-cookbooks/chef-sugar/README.md index f4417834..5f502590 100644 --- a/berks-cookbooks/chef-sugar/README.md +++ b/berks-cookbooks/chef-sugar/README.md @@ -4,7 +4,7 @@ Chef Sugar [![Build Status](http://img.shields.io/travis/sethvargo/chef-sugar.svg?style=flat-square)][travis] [gem]: https://rubygems.org/gems/chef-sugar -[travis]: http://travis-ci.org/sethvargo/chef-suguar +[travis]: http://travis-ci.org/sethvargo/chef-sugar Chef Sugar is a Gem & Chef Recipe that includes series of helpful sugar of the Chef core and other resources to make a cleaner, more lean recipe DSL, enforce DRY principles, and make writing Chef recipes an awesome experience! @@ -80,6 +80,8 @@ API - `_32_bit?` - `intel?` - `sparc?` +- `ppc64?` +- `ppc64le?` #### Examples ```ruby diff --git a/berks-cookbooks/chef-sugar/metadata.json b/berks-cookbooks/chef-sugar/metadata.json index b766fc2b..a05b757f 100644 --- a/berks-cookbooks/chef-sugar/metadata.json +++ b/berks-cookbooks/chef-sugar/metadata.json @@ -1,29 +1 @@ -{ - "name": "chef-sugar", - "version": "3.0.1", - "description": "Installs chef-sugar. Please see the chef-sugar Ruby gem for more information.", - "long_description": "Chef Sugar is a Gem & Chef Recipe that includes series of helpful syntactic\nsugars on top of the Chef core and other resources to make a cleaner, more lean\nrecipe DSL, enforce DRY principles, and make writing Chef recipes an awesome and\nfun experience!\n\nFor the most up-to-date information and documentation, please visit the [Chef\nSugar project page on GitHub](https://github.com/sethvargo/chef-sugar).\n", - "maintainer": "Seth Vargo", - "maintainer_email": "sethvargo@gmail.com", - "license": "Apache 2.0", - "platforms": { - }, - "dependencies": { - }, - "recommendations": { - }, - "suggestions": { - }, - "conflicting": { - }, - "providing": { - }, - "replacing": { - }, - "attributes": { - }, - "groupings": { - }, - "recipes": { - } -} \ No newline at end of file +{"name":"chef-sugar","version":"3.1.1","description":"Installs chef-sugar. Please see the chef-sugar Ruby gem for more information.","long_description":"Chef Sugar is a Gem & Chef Recipe that includes series of helpful syntactic\nsugars on top of the Chef core and other resources to make a cleaner, more lean\nrecipe DSL, enforce DRY principles, and make writing Chef recipes an awesome and\nfun experience!\n\nFor the most up-to-date information and documentation, please visit the [Chef\nSugar project page on GitHub](https://github.com/sethvargo/chef-sugar).\n","maintainer":"Seth Vargo","maintainer_email":"sethvargo@gmail.com","license":"Apache 2.0","platforms":{},"dependencies":{},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{}} \ No newline at end of file diff --git a/berks-cookbooks/chef-sugar/recipes/default.rb b/berks-cookbooks/chef-sugar/recipes/default.rb index 89200b87..93256c71 100644 --- a/berks-cookbooks/chef-sugar/recipes/default.rb +++ b/berks-cookbooks/chef-sugar/recipes/default.rb @@ -19,9 +19,16 @@ gem_version = run_context.cookbook_collection[cookbook_name].metadata.version -chef_gem('chef-sugar') do - version gem_version - action :nothing -end.run_action(:install) +if Chef::Resource::ChefGem.instance_methods(false).include?(:compile_time) + chef_gem 'chef-sugar' do + version gem_version + compile_time true + end +else + chef_gem 'chef-sugar' do + version gem_version + action :nothing + end.run_action(:install) +end require 'chef/sugar' diff --git a/berks-cookbooks/chef-vault/CHANGELOG.md b/berks-cookbooks/chef-vault/CHANGELOG.md new file mode 100644 index 00000000..dafe1f6e --- /dev/null +++ b/berks-cookbooks/chef-vault/CHANGELOG.md @@ -0,0 +1,79 @@ +chef-vault +========== + +v1.3.0 (2015-04-09) +------------------- + +- #28, Fixes chef vault item loading and regular data bag fallback +- #24, Add ability to specify source for chef-vault gem installation + +v1.2.5 (2015-03-19) +------------------- + +- #22, fixes `chef_gem` compile time usage, also in conjunction with `chef-sugar` and Chef 11 + +v1.2.4 (2015-02-18) +------------------- + +- ripping out the `chef_gem` `compile_time` stuff + +v1.2.3 (2015-02-18) +------------------- + +- `chef_gem` `Chef::Resource::ChefGem.method_defined?(:compile_time)` + +v1.2.2 (2015-02-18) +------------------- + +- Fixing `chef_gem`c for Chef below 12.1.0 + +v1.2.1 (2015-02-17) +------------------- + +- Being explicit about usage of the `chef_gem`'s `compile_time` property. +- Eliminating future deprecation warnings in Chef 12.1.0. + +v1.2.0 (2015-02-04) +------------------- + +- COOK-4672: Make the library helper into a module instead of adding into Chef::Recipe +- Prevent variable masking +- Fix inverted existence check for `current_resource` + +v1.1.5 (2014-09-25) +------------------- +- Adding ChefVault::Exceptions::SecretDecryption exception handling + +v1.1.4 (2014-09-12) +------------------- + +- Fix loading of current resource in `chef_vault_secret` (Nathan Huff) +- Allow `chef_vault_item` to fall back to plain data bags +- Set default version of `chef-vault` gem to one required by libraries + +v1.1.2 (2014-06-02) +------------------- + +### Bug +- **[COOK-4591](https://tickets.opscode.com/browse/COOK-4591)** - resource to create chef-vault-encrypted-items in recipes + + +v1.1.0 (2014-06-02) +------------------- + +- [COOK-4591]: add a resource to create chef-vault-encrypted-items in recipes + +v1.0.4 (2014-01-14) +------------------- + +- Provide an fallback to regular data bag item loading when a "development mode" attribute is set. + +v1.0.2 (2013-09-10) +------------------- + +- Add Chef::Recipe helper method (`chef_vault_item`) + +v1.0.0 (2013-09-10) +------------------- + +- Initial Release diff --git a/berks-cookbooks/chef-vault/README.md b/berks-cookbooks/chef-vault/README.md new file mode 100644 index 00000000..8a15ac20 --- /dev/null +++ b/berks-cookbooks/chef-vault/README.md @@ -0,0 +1,222 @@ +chef-vault Cookbook +=================== + +This cookbook is responsible for installing the `chef-vault` gem and +providing some helper methods to load encrypted data bags that are in +The Vault. It also provides a resource that can be used to store +secrets as a Chef Vault item in a recipe. + +Chef Vault is a library by Nordstrom's infrastructure operations team +that helps manage encrypted data bags. + +* https://github.com/Nordstrom/chef-vault + +## Requirements + +This cookbook should work on any system/platform that is supported by +Chef. + +This cookbook is specifically tested on Ubuntu and CentOS platforms +using Test Kitchen. See `.kitchen.yml` for platforms and test suites. + +The helper methods in this cookbook use the Chef Vault v2 API, so the +default version will match `~> 2.2` to ensure a reasonably updated +version of the gem is installed. + +## Helper Method + +This cookbook provides a nice helper method for the Chef Recipe DSL so +you can write: + + chef_vault_item("secrets", "dbpassword") + +Instead of: + + ChefVault::Item.load("secrets", "dbpassword") + +This has logic in place to fall back to using data bags if the desired item +isn't encrypted. If the vault item fails to load because of missing vault +metadata (a `vaultname_keys` data bag), then `chef_vault_item` will attempt to +load the specified item as a regular Data Bag Item with +`Chef::DataBagItem.load`. This is intended to be used only for testing, and +not as a fall back to avoid issues loading encrypted items. + +## Attributes + +* `node['chef-vault']['version']` - Specify a version of the + chef-vault gem if required. Default is `~> 2.2`, as that version was + used for testing. + +## Resources + +### chef_vault_secret + +The `chef_vault_secret` resource can be used in recipes to store +secrets in Chef Vault items. Where possible and relevant, this +resource attempts to map behavior and functionality to the `knife +vault` sub-commands. + +#### Actions + +The actions generally map to the `knife vault` sub-commands, with an +exception that `create` does an update, because the resource enforces +declarative state. To get the `knife vault create` behavior, use +`create_if_missing`. + +* `:create` - *Default action*. Creates the item, or updates it if it + already exists. +* `:create_if_missing` - Calls the `create` action unless it exists. +* `:delete` - Deletes the item *and* the item's keys ("id"_keys). + +#### Attributes + +* `id` - *Name attribute*. The name of the data bag item. +* `data_bag` - *Required*. The data bag that contains the item. +* `admins` - A list of admin users who should have access to the item. + Corresponds to the "admin" option when using the chef-vault knife + plugin. Can be specified as a comma separated string or an array. + See examples, below. +* `clients` - A search query for the nodes' API clients that should + have access to the item. +* `search` - Search query that would match the same used for the + clients, gets stored as a field in the item. +* `raw_data` - The raw data, as a Ruby Hash, that will be stored in + the item. See examples, below. + +At least one of `admins` or `clients` should be specified, otherwise +nothing will have access to the item. + +#### Examples + +From the test cookbook embedded in this repository. + +```ruby +chef_vault_secret 'clean-energy' do + data_bag 'green' + raw_data({'auth' => 'Forged in a mold'}) + admins 'hydroelectric' + search '*:*' +end +``` + +Assuming that the `green` data bag exists, this will create the +`clean-energy` item as a ChefVault encrypted item, which also creates +`clean-energy_keys` that has the list of admins, clients, and the +shared secrets. For example, the content looks like this in plaintext: + +```json +{ + "id": "clean-energy", + "auth": { + "encrypted_data": "y+l7H4okLu4wisryCaIT+7XeAgomcdgFo3v3p6RKWnXvgvimdzjFGMUfdGId\nq+pP\n", + "iv": "HLr0uyy9BrieTDmS0TbbmA==\n", + "version": 1, + "cipher": "aes-256-cbc" + } +} +``` + +And the encrypted data decrypted using the specified client: + +```sh +$ knife vault show green clean-energy -z -u hydroelectric -k clients/hydroelectric.pem +auth: Forged in a mold +id: clean-energy +``` + +Another example, showing multiple admins allowed access to an item +using a comma-separated string, or an array: + +```ruby +chef_vault_secret 'root-password' do + admins 'jtimberman,paulmooring' + data_bag 'secrets' + raw_data({'auth' => 'DontUseThisPasswordForRoot'}) + search '*:*' +end +chef_vault_secret 'root-password' do + admins ['jtimberman', 'paulmooring'] + data_bag 'secrets' + raw_data({'auth' => 'DontUseThisPasswordForRoot'}) + search '*:*' +end +``` + +Internally, the provider will convert the admins array to a +comma-delimited string. + +When using the `chef_vault_secret` resource, the `data_bag` must exist +first. If it doesn't, you can create it in your recipe with a +`ruby_block`: + +```ruby +begin + data_bag('secrets') +rescue + ruby_block "create-data_bag-secrets" do + block do + Chef::DataBag.validate_name!('secrets') + databag = Chef::DataBag.new + databag.name('secrets') + databag.save + end + action :create + end +end +``` + +Or, use the `cheffish` gem, which provides resources for Chef objects +(nodes, roles, data bags, etc): + +```ruby +chef_data_bag 'secrets' +``` + +Note that there is a bug in versions of cheffish prior to 0.5.beta.3. +Also, cheffish requires the `openssl-pkcs8` gem, which has C +extensions, so openssl development headers and C build tools need to +be installed. To use this, you can create a recipe like the one in +the [test cookbook](test/fixtures/cookbooks/test/recipes/chef_vault_secret.rb). + +## Usage + +Include the recipe before using the Chef Vault library in recipes. + + include_recipe 'chef-vault' + secret_stuff = ChefVault::Item.load("secrets", "a_secret") + +Or, use the helper library method: + + secret_stuff = chef_vault_item("secrets", "a_secret") + +If you need a specific version of the `chef-vault` RubyGem, then +specify it with the attribute, `node['chef-vault']['version']`. + +To use the `chef_vault_secret` resource in your cookbooks' recipes, +declare a dependency on this cookbook, and then use the resource as +described in the Examples above. + +## Contributing + +This repository contains a `CONTRIBUTING` file that describes the +contribution process for Chef cookbooks. + +## License and Authors + +- Author: Joshua Timberman +- Copyright (c) 2013 Opscode, Inc. +- Copyright (c) 2014-2015 Chef Software, Inc. + +License:: Apache License, Version 2.0 + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/berks-cookbooks/chef-vault/attributes/default.rb b/berks-cookbooks/chef-vault/attributes/default.rb new file mode 100644 index 00000000..bb193703 --- /dev/null +++ b/berks-cookbooks/chef-vault/attributes/default.rb @@ -0,0 +1,22 @@ +# +# Cookbook Name:: chef-vault +# Attributes:: default +# +# Author: Joshua Timberman +# Copyright (c) 2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +default['chef-vault']['version'] = '~> 2.2' +default['chef-vault']['databag_fallback'] = true +default['chef-vault']['gem_source'] = nil diff --git a/berks-cookbooks/chef-vault/libraries/chef_vault_item.rb b/berks-cookbooks/chef-vault/libraries/chef_vault_item.rb new file mode 100644 index 00000000..fd8616cf --- /dev/null +++ b/berks-cookbooks/chef-vault/libraries/chef_vault_item.rb @@ -0,0 +1,53 @@ +# +# Cookbook Name:: chef-vault +# Library:: chef_vault_item +# +# Author: Joshua Timberman +# +# Copyright (c) 2013, Opscode, Inc. +# Copyright (c) 2014, Chef Software, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +module ChefVaultItem + # This is a nice helper method for the Chef Recipe DSL so you can + # write: + # chef_vault_item("secrets", "dbpassword") + # Instead of: + # ChefVault::Item.load("secrets", "dbpassword") + # + # Falls back to normal data bag item loading if the item isn't actually a + # vault item. + def chef_vault_item(bag, item) + if Chef::DataBag.load(bag).key?("#{item}_keys") + # We have a vault item + begin + require 'chef-vault' + rescue LoadError + raise("Missing gem 'chef-vault', use recipe[chef-vault] to install it first.") + end + ChefVault::Item.load(bag, item) + else + # We don't have a vault item, it must be a regular data bag + if node['chef-vault']['databag_fallback'] + Chef::DataBagItem.load(bag, item) + else + raise "Trying to load a regular data bag item #{item} from #{bag}, and databag_fallback is disabled" + end + end + end +end + +class Chef::Recipe ; include ChefVaultItem ; end +class Chef::Resource ; include ChefVaultItem ; end diff --git a/berks-cookbooks/chef-vault/libraries/chef_vault_secret_provider.rb b/berks-cookbooks/chef-vault/libraries/chef_vault_secret_provider.rb new file mode 100644 index 00000000..3c102a3a --- /dev/null +++ b/berks-cookbooks/chef-vault/libraries/chef_vault_secret_provider.rb @@ -0,0 +1,98 @@ +# +# Author:: Joshua Timberman +# Copyright:: Copyright (c) 2014, Chef Software, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'chef/provider/lwrp_base' +begin + require 'chef-vault' +rescue LoadError + Chef::Log.debug("could not load chef-vault whilst loading #{__FILE__}, it should be") + Chef::Log.debug('available after running the chef-vault recipe.') +end + +class Chef::Provider::ChefVaultSecret < Chef::Provider::LWRPBase + use_inline_resources if defined?(:use_inline_resources) + + def whyrun_supported? + true + end + + action :create do + converge_by("create #{new_resource.id} in #{new_resource.data_bag} with Chef::Vault") do + item = ChefVault::Item.new(new_resource.data_bag, new_resource.id) + item.raw_data = new_resource.raw_data.merge('id' => new_resource.id) + Chef::Log.debug("#{new_resource.id} search query: '#{new_resource.search}'") + item.search(new_resource.search) + Chef::Log.debug("#{new_resource.clients} clients: '#{new_resource.clients}'") + item.clients(new_resource.clients) + Chef::Log.debug("#{new_resource.admins} admins (users): '#{new_resource.admins}'") + item.admins(join_comma) + item.save + end + end + + # this is for those who want the behavior of `knife vault create`. + action :create_if_missing do + action_create unless vault_item_exists? + end + + action :delete do + converge_by("remove #{new_resource.id} and #{new_resource.id}_keys from #{new_resource.data_bag}") do + chef_data_bag_item new_resource.id do + action :delete + end + chef_data_bag_item [new_resource.id, 'keys'].join('_') do + action :delete + end + end + end + + def load_current_resource + begin + Chef::Log.debug("Attempting to load #{new_resource.id} from #{new_resource.data_bag}") + json = ::ChefVault::Item.load(new_resource.data_bag, new_resource.id) + resource = Chef::Resource::ChefVaultSecret.new(new_resource.id) + resource.raw_data json.to_hash + self.current_resource = resource + rescue Net::HTTPServerException => e + if e.response.code == '404' + self.current_resource = nil + else + raise + end + rescue ChefVault::Exceptions::KeysNotFound + self.current_resource = nil + rescue OpenSSL::PKey::RSAError + raise "#{$!.message} - on #{Chef::Config[:client_key]}, is the vault item encrypted with this client/user?" + end + end + + def join_comma + admins = new_resource.admins + case admins + when String + admins + when Array + admins.join(',') + end + admins + end + + def vault_item_exists? + !current_resource.nil? + end +end diff --git a/berks-cookbooks/chef-vault/libraries/chef_vault_secret_resource.rb b/berks-cookbooks/chef-vault/libraries/chef_vault_secret_resource.rb new file mode 100644 index 00000000..b571d805 --- /dev/null +++ b/berks-cookbooks/chef-vault/libraries/chef_vault_secret_resource.rb @@ -0,0 +1,44 @@ +# +# Author:: Joshua Timberman +# Copyright:: Copyright (c) 2014, Chef Software, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'chef/resource/lwrp_base' + +class Chef::Resource::ChefVaultSecret < Chef::Resource::LWRPBase + self.resource_name = 'chef_vault_secret' + + actions :create, :create_if_missing, :update, :delete + default_action :create + + attribute :id, + :kind_of => String, + :name_attribute => true + attribute :data_bag, + :kind_of => String, + :required => true + attribute :admins, + :kind_of => [String, Array], + :required => true + attribute :clients, + :kind_of => String + attribute :search, + :kind_of => String, + :required => true, + :default => '*:*' + attribute :raw_data, + :kind_of => [Mash, Hash] +end diff --git a/berks-cookbooks/chef-vault/metadata.json b/berks-cookbooks/chef-vault/metadata.json new file mode 100644 index 00000000..a4062345 --- /dev/null +++ b/berks-cookbooks/chef-vault/metadata.json @@ -0,0 +1,29 @@ +{ + "name": "chef-vault", + "version": "1.3.0", + "description": "Installs the chef-vault gem and provides chef_vault_item recipe helper", + "long_description": "", + "maintainer": "Chef Software, Inc.", + "maintainer_email": "cookbooks@chef.io", + "license": "Apache 2.0", + "platforms": { + }, + "dependencies": { + }, + "recommendations": { + }, + "suggestions": { + }, + "conflicting": { + }, + "providing": { + }, + "replacing": { + }, + "attributes": { + }, + "groupings": { + }, + "recipes": { + } +} \ No newline at end of file diff --git a/berks-cookbooks/apache2/recipes/logrotate.rb b/berks-cookbooks/chef-vault/recipes/default.rb similarity index 51% rename from berks-cookbooks/apache2/recipes/logrotate.rb rename to berks-cookbooks/chef-vault/recipes/default.rb index 111136f4..350b300e 100644 --- a/berks-cookbooks/apache2/recipes/logrotate.rb +++ b/berks-cookbooks/chef-vault/recipes/default.rb @@ -1,31 +1,28 @@ # -# Cookbook Name:: apache2 -# Recipe:: logrotate +# Cookbook Name:: chef-vault +# Recipe:: default # -# Copyright 2012, Opscode, Inc. +# Author: Joshua Timberman +# +# Copyright (c) 2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -# -apache_service = service 'apache2' do - action :nothing +chef_gem 'chef-vault' do + version node['chef-vault']['version'] + compile_time true if Chef::Resource::ChefGem.instance_methods(false). + include?(:compile_time) + source node['chef-vault']['gem_source'] if node['chef-vault']['gem_source'] end -begin - include_recipe 'logrotate' -rescue - Chef::Log.warn('The apache::logrotate recipe requires the logrotate cookbook. Install the cookbook with `knife cookbook site install logrotate`.') -end -logrotate_app apache_service.service_name do - path "#{node['apache']['log_dir']}/*.log" -end +require 'chef-vault' diff --git a/berks-cookbooks/chef_handler/CHANGELOG.md b/berks-cookbooks/chef_handler/CHANGELOG.md index ed380f42..8054d2f0 100644 --- a/berks-cookbooks/chef_handler/CHANGELOG.md +++ b/berks-cookbooks/chef_handler/CHANGELOG.md @@ -1,6 +1,24 @@ chef_handler cookbook CHANGELOG =============================== +v1.2.0 (2015-06-25) +------------------- +Move to support Chef 12+ only. +Removes old 'handler class reload' behavior - it isn't necessary + because chef-client forks and doesn't share a process between runs. + +v1.1.9 (2015-05-26) +------------------- +Bugfixes from 1.1.8 - loading without source is not allowed again. +Class unloading is performed more carefully. +Tests for resource providers. + +v1.1.8 (2015-05-14) +------------------- +Updated Contribution and Readme docs. +Fix ChefSpec matchers. +Allow handler to load classes when no source is provided. + v1.1.6 (2014-04-09) ------------------- [COOK-4494] - Add ChefSpec matchers diff --git a/berks-cookbooks/chef_handler/README.md b/berks-cookbooks/chef_handler/README.md index 06f93472..6a7712e2 100644 --- a/berks-cookbooks/chef_handler/README.md +++ b/berks-cookbooks/chef_handler/README.md @@ -1,7 +1,13 @@ Description =========== -Creates a configured handler path for distributing [Chef report and exception handlers](http://docs.opscode.com/handlers.html). Also exposes an LWRP for enabling Chef handlers from within recipe code (as opposed to hard coding in the client.rb file). This is useful for cookbook authors who may want to ship a product specific handler (see the `cloudkick` cookbook for an example) with their cookbook. +Creates a configured handler path for distributing [Chef report and exception handlers](http://docs.chef.io/handlers.html). Also exposes an LWRP for enabling Chef handlers from within recipe code (as opposed to hard coding in the client.rb file). This is useful for cookbook authors who may want to ship a product specific handler (see the `cloudkick` cookbook for an example) with their cookbook. + +Requirements +============ + +* Ruby >= 1.9 +* Chef >= 12 Attributes ========== @@ -28,10 +34,11 @@ It is best to declare `chef_handler` resources early on in the compile phase so - class_name: name attribute. The name of the handler class (can be module name-spaced). - source: full path to the handler file. can also be a gem path if the handler ships as part of a Ruby gem. - arguments: an array of arguments to pass the handler's class initializer -- supports: type of Chef Handler to register as, ie :report, :exception or both. default is `:report => true, :exception => true` +- supports: type of Chef Handler to register as, i.e. :report, :exception or both. default is `:report => true, :exception => true` ### Example +```ruby # register the Chef::Handler::JsonFile handler # that ships with the Chef gem chef_handler "Chef::Handler::JsonFile" do @@ -65,6 +72,7 @@ It is best to declare `chef_handler` resources early on in the compile phase so arguments [node['cloudkick']['oauth_key'], node['cloudkick']['oauth_secret']] action :enable end +``` Usage @@ -76,19 +84,35 @@ default Put the recipe `chef_handler` at the start of the node's run list to make sure that custom handlers are dropped off early on in the Chef run and available for later recipes. For information on how to write report and exception handlers for Chef, please see the Chef wiki pages: -http://wiki.opscode.com/display/chef/Exception+and+Report+Handlers +https://docs.chef.io/handlers.html json_file --------- Leverages the `chef_handler` LWRP to automatically register the `Chef::Handler::JsonFile` handler that ships as part of Chef. This handler serializes the run status data to a JSON file located at `/var/chef/reports`. + +Unit Testing +================== + +chef_handler provides built in [chefspec](https://github.com/sethvargo/chefspec) matchers for assisting unit tests. These matchers will only be loaded if chefspec is already loaded. Following is an example of asserting against the jsonfile handler: + + +```ruby + expect(runner).to enable_chef_handler("Chef::Handler::JsonFile").with( + source: "chef/handler/json_file", + arguments: { :path => '/var/chef/reports'}, + supports: {:exception => true} + ) + end +``` + License and Author ================== -Author:: Seth Chisamore () +Author:: Seth Chisamore () -Copyright:: 2011, Opscode, Inc +Copyright:: 2011, Chef Software, Inc Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/chef_handler/attributes/default.rb b/berks-cookbooks/chef_handler/attributes/default.rb index 19d2fec9..e4a7b8cb 100644 --- a/berks-cookbooks/chef_handler/attributes/default.rb +++ b/berks-cookbooks/chef_handler/attributes/default.rb @@ -1,9 +1,9 @@ # -# Author:: Seth Chisamore () +# Author:: Seth Chisamore () # Cookbook Name:: chef_handlers # Attribute:: default # -# Copyright 2011-2013, Opscode, Inc +# Copyright 2011-2013, Chef Software, Inc # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/chef_handler/libraries/helpers.rb b/berks-cookbooks/chef_handler/libraries/helpers.rb new file mode 100644 index 00000000..00d92a9a --- /dev/null +++ b/berks-cookbooks/chef_handler/libraries/helpers.rb @@ -0,0 +1,57 @@ +# +# Author:: Kartik Cating-Subramanian () +# Copyright:: Copyright (c) 2015 Chef, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +module ChefHandler + module Helpers + + # Registers a handler in Chef::Config. + # + # @param handler_type [Symbol] such as :report or :exception. + # @param handler [Chef::Handler] handler to register. + def register_handler(handler_type, handler) + Chef::Log.info("Enabling #{handler.class.name} as a #{handler_type} handler.") + Chef::Config.send("#{handler_type.to_s}_handlers") << handler + end + + # Removes all handlers that match the given class name in Chef::Config. + # + # @param handler_type [Symbol] such as :report or :exception. + # @param class_full_name [String] such as 'Chef::Handler::ErrorReport'. + def unregister_handler(handler_type, class_full_name) + Chef::Log.info("Disabling #{class_full_name} as a #{handler_type} handler.") + Chef::Config.send("#{handler_type.to_s}_handlers").delete_if { |v| v.class.name == class_full_name } + end + + # Walks down the namespace heirarchy to return the class object for the given class name. + # If the class is not available, NameError is thrown. + # + # @param class_full_name [String] full class name such as 'Chef::Handler::Foo' or 'MyHandler'. + # @return [Array] parent class and child class. + def get_class(class_full_name) + ancestors = class_full_name.split('::') + class_name = ancestors.pop + + # We need to search the ancestors only for the first/uppermost namespace of the class, so we + # need to enable the #const_get inherit paramenter only when we are searching in Kernel scope + # (see COOK-4117). + parent = ancestors.inject(Kernel) { |scope, const_name| scope.const_get(const_name, scope === Kernel) } + child = parent.const_get(class_name, parent === Kernel) + return parent, child + end + end +end diff --git a/berks-cookbooks/chef_handler/libraries/matchers.rb b/berks-cookbooks/chef_handler/libraries/matchers.rb index bfebc333..f82bf8a1 100644 --- a/berks-cookbooks/chef_handler/libraries/matchers.rb +++ b/berks-cookbooks/chef_handler/libraries/matchers.rb @@ -19,6 +19,15 @@ # if defined?(ChefSpec) + chefspec_version = Gem.loaded_specs["chefspec"].version + if chefspec_version < Gem::Version.new('4.1.0') + define_method = ChefSpec::Runner.method(:define_runner_method) + else + define_method = ChefSpec.method(:define_matcher) + end + + define_method.call :chef_handler + def enable_chef_handler(resource_name) ChefSpec::Matchers::ResourceMatcher.new(:chef_handler, :enable, resource_name) end diff --git a/berks-cookbooks/chef_handler/metadata.json b/berks-cookbooks/chef_handler/metadata.json index 274c87fa..211696cb 100644 --- a/berks-cookbooks/chef_handler/metadata.json +++ b/berks-cookbooks/chef_handler/metadata.json @@ -1,29 +1 @@ -{ - "name": "chef_handler", - "version": "1.1.6", - "description": "Distribute and enable Chef Exception and Report handlers", - "long_description": "Description\n===========\n\nCreates a configured handler path for distributing [Chef report and exception handlers](http://docs.opscode.com/handlers.html). Also exposes an LWRP for enabling Chef handlers from within recipe code (as opposed to hard coding in the client.rb file). This is useful for cookbook authors who may want to ship a product specific handler (see the `cloudkick` cookbook for an example) with their cookbook.\n\nAttributes\n==========\n\n`node[\"chef_handler\"][\"handler_path\"]` - location to drop off handlers directory, default is `/var/chef/handlers`.\n\nResource/Provider\n=================\n\n`chef_handler`\n--------------\n\nRequires, configures and enables handlers on the node for the current Chef run. Also has the ability to pass arguments to the handlers initializer. This allows initialization data to be pulled from a node's attribute data.\n\nIt is best to declare `chef_handler` resources early on in the compile phase so they are available to fire for any exceptions during the Chef run. If you have a base role you would want any recipes that register Chef handlers to come first in the run_list.\n\n### Actions\n\n- :enable: Enables the Chef handler for the current Chef run on the current node\n- :disable: Disables the Chef handler for the current Chef run on the current node\n\n### Attribute Parameters\n\n- class_name: name attribute. The name of the handler class (can be module name-spaced).\n- source: full path to the handler file. can also be a gem path if the handler ships as part of a Ruby gem.\n- arguments: an array of arguments to pass the handler's class initializer\n- supports: type of Chef Handler to register as, ie :report, :exception or both. default is `:report => true, :exception => true`\n\n### Example\n\n # register the Chef::Handler::JsonFile handler\n # that ships with the Chef gem\n chef_handler \"Chef::Handler::JsonFile\" do\n source \"chef/handler/json_file\"\n arguments :path => '/var/chef/reports'\n action :enable\n end\n\n # do the same but during the compile phase\n chef_handler \"Chef::Handler::JsonFile\" do\n source \"chef/handler/json_file\"\n arguments :path => '/var/chef/reports'\n action :nothing\n end.run_action(:enable)\n\n # handle exceptions only\n chef_handler \"Chef::Handler::JsonFile\" do\n source \"chef/handler/json_file\"\n arguments :path => '/var/chef/reports'\n supports :exception => true\n action :enable\n end\n\n\n # enable the CloudkickHandler which was\n # dropped off in the default handler path.\n # passes the oauth key/secret to the handler's\n # intializer.\n chef_handler \"CloudkickHandler\" do\n source \"#{node['chef_handler']['handler_path']}/cloudkick_handler.rb\"\n arguments [node['cloudkick']['oauth_key'], node['cloudkick']['oauth_secret']]\n action :enable\n end\n\n\nUsage\n=====\n\ndefault\n-------\n\nPut the recipe `chef_handler` at the start of the node's run list to make sure that custom handlers are dropped off early on in the Chef run and available for later recipes.\n\nFor information on how to write report and exception handlers for Chef, please see the Chef wiki pages:\nhttp://wiki.opscode.com/display/chef/Exception+and+Report+Handlers\n\njson_file\n---------\n\nLeverages the `chef_handler` LWRP to automatically register the `Chef::Handler::JsonFile` handler that ships as part of Chef. This handler serializes the run status data to a JSON file located at `/var/chef/reports`.\n\nLicense and Author\n==================\n\nAuthor:: Seth Chisamore ()\n\nCopyright:: 2011, Opscode, Inc\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n", - "maintainer": "Opscode, Inc.", - "maintainer_email": "cookbooks@opscode.com", - "license": "Apache 2.0", - "platforms": { - }, - "dependencies": { - }, - "recommendations": { - }, - "suggestions": { - }, - "conflicting": { - }, - "providing": { - }, - "replacing": { - }, - "attributes": { - }, - "groupings": { - }, - "recipes": { - } -} \ No newline at end of file +{"name":"chef_handler","version":"1.2.0","description":"Distribute and enable Chef Exception and Report handlers","long_description":"Description\n===========\n\nCreates a configured handler path for distributing [Chef report and exception handlers](http://docs.chef.io/handlers.html). Also exposes an LWRP for enabling Chef handlers from within recipe code (as opposed to hard coding in the client.rb file). This is useful for cookbook authors who may want to ship a product specific handler (see the `cloudkick` cookbook for an example) with their cookbook.\n\nRequirements\n============\n\n* Ruby >= 1.9\n* Chef >= 12\n\nAttributes\n==========\n\n`node[\"chef_handler\"][\"handler_path\"]` - location to drop off handlers directory, default is `/var/chef/handlers`.\n\nResource/Provider\n=================\n\n`chef_handler`\n--------------\n\nRequires, configures and enables handlers on the node for the current Chef run. Also has the ability to pass arguments to the handlers initializer. This allows initialization data to be pulled from a node's attribute data.\n\nIt is best to declare `chef_handler` resources early on in the compile phase so they are available to fire for any exceptions during the Chef run. If you have a base role you would want any recipes that register Chef handlers to come first in the run_list.\n\n### Actions\n\n- :enable: Enables the Chef handler for the current Chef run on the current node\n- :disable: Disables the Chef handler for the current Chef run on the current node\n\n### Attribute Parameters\n\n- class_name: name attribute. The name of the handler class (can be module name-spaced).\n- source: full path to the handler file. can also be a gem path if the handler ships as part of a Ruby gem.\n- arguments: an array of arguments to pass the handler's class initializer\n- supports: type of Chef Handler to register as, i.e. :report, :exception or both. default is `:report => true, :exception => true`\n\n### Example\n\n```ruby\n # register the Chef::Handler::JsonFile handler\n # that ships with the Chef gem\n chef_handler \"Chef::Handler::JsonFile\" do\n source \"chef/handler/json_file\"\n arguments :path => '/var/chef/reports'\n action :enable\n end\n\n # do the same but during the compile phase\n chef_handler \"Chef::Handler::JsonFile\" do\n source \"chef/handler/json_file\"\n arguments :path => '/var/chef/reports'\n action :nothing\n end.run_action(:enable)\n\n # handle exceptions only\n chef_handler \"Chef::Handler::JsonFile\" do\n source \"chef/handler/json_file\"\n arguments :path => '/var/chef/reports'\n supports :exception => true\n action :enable\n end\n\n\n # enable the CloudkickHandler which was\n # dropped off in the default handler path.\n # passes the oauth key/secret to the handler's\n # intializer.\n chef_handler \"CloudkickHandler\" do\n source \"#{node['chef_handler']['handler_path']}/cloudkick_handler.rb\"\n arguments [node['cloudkick']['oauth_key'], node['cloudkick']['oauth_secret']]\n action :enable\n end\n```\n\n\nUsage\n=====\n\ndefault\n-------\n\nPut the recipe `chef_handler` at the start of the node's run list to make sure that custom handlers are dropped off early on in the Chef run and available for later recipes.\n\nFor information on how to write report and exception handlers for Chef, please see the Chef wiki pages:\nhttps://docs.chef.io/handlers.html\n\njson_file\n---------\n\nLeverages the `chef_handler` LWRP to automatically register the `Chef::Handler::JsonFile` handler that ships as part of Chef. This handler serializes the run status data to a JSON file located at `/var/chef/reports`.\n\n\nUnit Testing\n==================\n\nchef_handler provides built in [chefspec](https://github.com/sethvargo/chefspec) matchers for assisting unit tests. These matchers will only be loaded if chefspec is already loaded. Following is an example of asserting against the jsonfile handler:\n\n\n```ruby\n expect(runner).to enable_chef_handler(\"Chef::Handler::JsonFile\").with(\n source: \"chef/handler/json_file\",\n arguments: { :path => '/var/chef/reports'},\n supports: {:exception => true}\n )\n end\n```\n\nLicense and Author\n==================\n\nAuthor:: Seth Chisamore ()\n\nCopyright:: 2011, Chef Software, Inc\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache 2.0","platforms":{},"dependencies":{},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{"chef_handler":"Deploys all handlers to the handler path early during the run.","chef_handler::json_file":"Enables Chef::Handler::JsonFile to serialize run status data to /var/chef/reports."}} \ No newline at end of file diff --git a/berks-cookbooks/chef_handler/providers/default.rb b/berks-cookbooks/chef_handler/providers/default.rb index aa2ee550..8175dfb3 100644 --- a/berks-cookbooks/chef_handler/providers/default.rb +++ b/berks-cookbooks/chef_handler/providers/default.rb @@ -1,9 +1,9 @@ # -# Author:: Seth Chisamore +# Author:: Seth Chisamore # Cookbook Name:: chef_handler # Provider:: default # -# Copyright:: 2011-2013, Opscode, Inc +# Copyright:: 2011-2013, Chef Software, Inc # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,66 +18,57 @@ # limitations under the License. # +include ::ChefHandler::Helpers + def whyrun_supported? true end +# This action needs to find an rb file that presumably contains the indicated class in it and the +# load that file. It then instantiates that class by name and registers it as a handler. action :enable do - # use load instead of require to ensure the handler file - # is reloaded into memory each chef run. fixes COOK-620 - handler = nil - converge_by("load #{@new_resource.source}") do - begin - Object.send(:remove_const, klass) - GC.start - rescue - Chef::Log.debug("#{@new_resource.class_name} has not been loaded.") + class_name = new_resource.class_name + new_resource.supports.each do |type, enable| + if enable + converge_by("disable #{class_name} as a #{type} handler") do + unregister_handler(type, class_name) + end end - file_name = @new_resource.source - file_name << ".rb" unless file_name =~ /.*\.rb$/ - load file_name - handler = klass.send(:new, *collect_args(@new_resource.arguments)) end - @new_resource.supports.each do |type, enable| + + handler = nil + converge_by("load #{class_name} from #{new_resource.source}") do + require new_resource.source + _, klass = get_class(class_name) + handler = klass.send(:new, *collect_args(new_resource.arguments)) + end + + new_resource.supports.each do |type, enable| if enable - # we have to re-enable the handler every chef run - # to ensure daemonized Chef always has the latest - # handler code. TODO: add a :reload action - converge_by("enable #{@new_resource} as a #{type} handler") do - Chef::Log.info("Enabling #{@new_resource} as a #{type} handler") - Chef::Config.send("#{type.to_s}_handlers").delete_if { |v| v.class.to_s.include? @new_resource.class_name.split('::', 3).last } - Chef::Config.send("#{type.to_s}_handlers") << handler + converge_by("enable #{new_resource} as a #{type} handler") do + register_handler(type, handler) end end end end action :disable do - @new_resource.supports.each_key do |type| - if enabled?(type) - converge_by("disable #{@new_resource} as a #{type} handler") do - Chef::Log.info("Disabling #{@new_resource} as a #{type} handler") - Chef::Config.send("#{type.to_s}_handlers").delete_if { |v| v.class.to_s.include? @new_resource.class_name.split('::', 3).last } - end + new_resource.supports.each_key do |type| + converge_by("disable #{new_resource} as a #{type} handler") do + unregister_handler(type, new_resource.class_name) end end end def load_current_resource - @current_resource = Chef::Resource::ChefHandler.new(@new_resource.name) - @current_resource.class_name(@new_resource.class_name) - @current_resource.source(@new_resource.source) + @current_resource = Chef::Resource::ChefHandler.new(new_resource.name) + @current_resource.class_name(new_resource.class_name) + @current_resource.source(new_resource.source) @current_resource end private -def enabled?(type) - Chef::Config.send("#{type.to_s}_handlers").select do |handler| - handler.class.to_s.include? @new_resource.class_name - end.size >= 1 -end - def collect_args(resource_args = []) if resource_args.is_a? Array resource_args @@ -86,12 +77,3 @@ def collect_args(resource_args = []) end end -def klass - @klass ||= begin - # we need to search the ancestors only for the - # first/uppermost namespace of the class, so we need - # to enable the #const_get inherit paramenter only when - # we are searching in Kernel scope (see COOK-4117). - @new_resource.class_name.split('::').inject(Kernel) { |scope, const_name| scope.const_get(const_name, scope === Kernel) } - end -end diff --git a/berks-cookbooks/chef_handler/recipes/default.rb b/berks-cookbooks/chef_handler/recipes/default.rb index 540a5ffa..b8935c58 100644 --- a/berks-cookbooks/chef_handler/recipes/default.rb +++ b/berks-cookbooks/chef_handler/recipes/default.rb @@ -1,9 +1,9 @@ # -# Author:: Seth Chisamore () +# Author:: Seth Chisamore () # Cookbook Name:: chef_handlers # Recipe:: default # -# Copyright 2011, Opscode, Inc. +# Copyright 2011, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/chef_handler/recipes/json_file.rb b/berks-cookbooks/chef_handler/recipes/json_file.rb index d2fab105..cd831bd0 100644 --- a/berks-cookbooks/chef_handler/recipes/json_file.rb +++ b/berks-cookbooks/chef_handler/recipes/json_file.rb @@ -1,9 +1,9 @@ # -# Author:: Seth Chisamore () +# Author:: Seth Chisamore () # Cookbook Name:: chef_handlers # Recipe:: json_file # -# Copyright 2011, Opscode, Inc. +# Copyright 2011, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/chef_handler/resources/default.rb b/berks-cookbooks/chef_handler/resources/default.rb index f74aafa6..7b2ebd2d 100644 --- a/berks-cookbooks/chef_handler/resources/default.rb +++ b/berks-cookbooks/chef_handler/resources/default.rb @@ -1,9 +1,9 @@ # -# Author:: Seth Chisamore +# Author:: Seth Chisamore # Cookbook Name:: chef_handler # Resource:: default # -# Copyright:: 2011-2013, Opscode, Inc +# Copyright:: 2011-2013, Chef Software, Inc # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/composer/Gemfile.lock b/berks-cookbooks/composer/Gemfile.lock index ac791397..cb8d823d 100644 --- a/berks-cookbooks/composer/Gemfile.lock +++ b/berks-cookbooks/composer/Gemfile.lock @@ -1,27 +1,30 @@ GEM remote: https://rubygems.org/ specs: - addressable (2.3.6) + addressable (2.3.8) ast (2.0.0) - astrolabe (1.3.0) - parser (>= 2.2.0.pre.3, < 3.0) - berkshelf (3.1.5) + astrolabe (1.3.1) + parser (~> 2.2) + berkshelf (3.3.0) addressable (~> 2.3.4) berkshelf-api-client (~> 1.2) buff-config (~> 1.0) buff-extensions (~> 1.0) buff-shell_out (~> 0.1) - celluloid (~> 0.16.0.pre) - celluloid-io (~> 0.16.0.pre) + celluloid (~> 0.16.0) + celluloid-io (~> 0.16.1) + cleanroom (~> 1.0) faraday (~> 0.9.0) + httpclient (~> 2.6.0) minitar (~> 0.5.4) octokit (~> 3.0) - retryable (~> 1.3.3) + retryable (~> 2.0) ridley (~> 4.0) solve (~> 1.1) - thor (~> 0.18) - berkshelf-api-client (1.2.0) + thor (~> 0.19) + berkshelf-api-client (1.3.0) faraday (~> 0.9.0) + httpclient (~> 2.6.0) buff-config (1.0.1) buff-extensions (~> 1.0) varia_model (~> 0.4) @@ -30,38 +33,49 @@ GEM buff-ruby_engine (0.1.0) buff-shell_out (0.2.0) buff-ruby_engine (~> 0.1.0) + builder (3.2.2) celluloid (0.16.0) timers (~> 4.0.0) - celluloid-io (0.16.0) + celluloid-io (0.16.2) celluloid (>= 0.16.0) - nio4r (>= 1.0.0) - chef (11.16.0) - chef-zero (~> 2.1, >= 2.1.4) + nio4r (>= 1.1.0) + chef (12.4.1) + chef-config (= 12.4.1) + chef-zero (~> 4.2, >= 4.2.2) diff-lcs (~> 1.2, >= 1.2.4) erubis (~> 2.7) - ffi-yajl (~> 1.0) + ffi-yajl (~> 2.2) highline (~> 1.6, >= 1.6.9) - mime-types (~> 1.16) mixlib-authentication (~> 1.3) mixlib-cli (~> 1.4) - mixlib-config (~> 2.0) mixlib-log (~> 1.3) - mixlib-shellout (~> 1.4) + mixlib-shellout (>= 2.0.0.rc.0, < 3.0) net-ssh (~> 2.6) net-ssh-multi (~> 1.1) - ohai (~> 7.4) + ohai (~> 8.0) plist (~> 3.1.0) pry (~> 0.9) - rest-client (>= 1.0.4, <= 1.6.7) - chef-zero (2.2) + rspec-core (~> 3.2) + rspec-expectations (~> 3.2) + rspec-mocks (~> 3.2) + rspec_junit_formatter (~> 0.2.0) + serverspec (~> 2.7) + specinfra (~> 2.10) + syslog-logger (~> 1.6) + chef-config (12.4.1) + mixlib-config (~> 2.0) + mixlib-shellout (~> 2.0) + chef-zero (4.2.3) + ffi-yajl (>= 1.1, < 3.0) hashie (~> 2.0) - json mixlib-log (~> 1.3) rack - chefspec (3.4.0) - chef (~> 11.0) + uuidtools (~> 2.1) + chefspec (4.3.0) + chef (>= 11.14) fauxhai (~> 2.0) - rspec (~> 2.14) + rspec (~> 3.0) + cleanroom (1.0.0) coderay (1.1.0) dep-selector-libgecode (1.0.2) dep_selector (1.0.3) @@ -69,15 +83,14 @@ GEM ffi (~> 1.9) diff-lcs (1.2.5) erubis (2.7.0) - faraday (0.9.0) + faraday (0.9.1) multipart-post (>= 1.2, < 3) - fauxhai (2.2.0) + fauxhai (2.3.0) net-ssh ohai - ffi (1.9.3) - ffi-yajl (1.1.0) - ffi (~> 1.5) - libyajl2 (~> 1.0) + ffi (1.9.9) + ffi-yajl (2.2.2) + libyajl2 (~> 1.2) foodcritic (3.0.3) erubis gherkin (~> 2.11.7) @@ -88,114 +101,131 @@ GEM gherkin (2.11.8) multi_json (~> 1.3) hashie (2.1.2) - highline (1.6.21) + highline (1.7.2) hitimes (1.2.2) + httpclient (2.6.0.1) ipaddress (0.8.0) - json (1.8.1) - kitchen-vagrant (0.15.0) - test-kitchen (~> 1.0) - libyajl2 (1.0.1) + json (1.8.3) + kitchen-vagrant (0.18.0) + test-kitchen (~> 1.4) + libyajl2 (1.2.0) method_source (0.8.2) - mime-types (1.25.1) + mime-types (2.6.1) minitar (0.5.4) mixlib-authentication (1.3.0) mixlib-log mixlib-cli (1.5.0) - mixlib-config (2.1.0) + mixlib-config (2.2.1) mixlib-log (1.6.0) - mixlib-shellout (1.4.0) - multi_json (1.10.1) + mixlib-shellout (2.1.0) + multi_json (1.11.2) multipart-post (2.0.0) net-http-persistent (2.9.4) net-scp (1.2.1) net-ssh (>= 2.6.5) - net-ssh (2.9.1) + net-ssh (2.9.2) net-ssh-gateway (1.2.0) net-ssh (>= 2.6.5) - net-ssh-multi (1.2.0) + net-ssh-multi (1.2.1) net-ssh (>= 2.6.5) net-ssh-gateway (>= 1.2.0) - nio4r (1.0.1) + net-telnet (0.1.1) + nio4r (1.1.1) nokogiri (1.5.11) - octokit (3.3.1) - sawyer (~> 0.5.3) - ohai (7.4.0) + octokit (3.8.0) + sawyer (~> 0.6.0, >= 0.5.3) + ohai (8.5.0) ffi (~> 1.9) - ffi-yajl (~> 1.0) + ffi-yajl (~> 2.2) ipaddress - mime-types (~> 1.16) + mime-types (~> 2.0) mixlib-cli mixlib-config (~> 2.0) mixlib-log - mixlib-shellout (~> 1.2) + mixlib-shellout (~> 2.0) + rake (~> 10.1) systemu (~> 2.6.4) wmi-lite (~> 1.0) - parser (2.2.0.pre.4) + parser (2.2.2.6) ast (>= 1.1, < 3.0) - slop (~> 3.4, >= 3.4.5) plist (3.1.0) polyglot (0.3.5) - powerpack (0.0.9) + powerpack (0.1.1) pry (0.10.1) coderay (~> 1.1.0) method_source (~> 0.8.1) slop (~> 3.4) - rack (1.5.2) + rack (1.6.4) rainbow (2.0.0) - rake (10.3.2) - rest-client (1.6.7) - mime-types (>= 1.16) - retryable (1.3.6) - ridley (4.0.0) + rake (10.4.2) + retryable (2.0.1) + ridley (4.2.0) addressable buff-config (~> 1.0) buff-extensions (~> 1.0) buff-ignore (~> 1.1) buff-shell_out (~> 0.1) - celluloid (~> 0.16.0.pre) - celluloid-io (~> 0.16.0.pre) + celluloid (~> 0.16.0) + celluloid-io (~> 0.16.1) erubis faraday (~> 0.9.0) hashie (>= 2.0.2, < 3.0.0) json (>= 1.7.7) mixlib-authentication (>= 1.3.0) net-http-persistent (>= 2.8) - retryable + retryable (~> 2.0) semverse (~> 1.1) varia_model (~> 0.4) - rspec (2.14.1) - rspec-core (~> 2.14.0) - rspec-expectations (~> 2.14.0) - rspec-mocks (~> 2.14.0) - rspec-core (2.14.8) - rspec-expectations (2.14.5) - diff-lcs (>= 1.1.3, < 2.0) - rspec-mocks (2.14.6) - rubocop (0.26.0) + rspec (3.3.0) + rspec-core (~> 3.3.0) + rspec-expectations (~> 3.3.0) + rspec-mocks (~> 3.3.0) + rspec-core (3.3.2) + rspec-support (~> 3.3.0) + rspec-expectations (3.3.1) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.3.0) + rspec-its (1.2.0) + rspec-core (>= 3.0.0) + rspec-expectations (>= 3.0.0) + rspec-mocks (3.3.2) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.3.0) + rspec-support (3.3.0) + rspec_junit_formatter (0.2.3) + builder (< 4) + rspec-core (>= 2, < 4, != 2.12.0) + rubocop (0.32.1) astrolabe (~> 1.3) - parser (>= 2.2.0.pre.4, < 3.0) - powerpack (~> 0.0.6) + parser (>= 2.2.2.5, < 3.0) + powerpack (~> 0.1) rainbow (>= 1.99.1, < 3.0) ruby-progressbar (~> 1.4) - ruby-progressbar (1.5.1) - safe_yaml (1.0.3) - sawyer (0.5.5) + ruby-progressbar (1.7.5) + safe_yaml (1.0.4) + sawyer (0.6.0) addressable (~> 2.3.5) faraday (~> 0.8, < 0.10) semverse (1.2.1) - serverspec (1.7.0) - highline - net-ssh - rspec (~> 2.13) - specinfra (~> 1.13) + serverspec (2.20.0) + multi_json + rspec (~> 3.0) + rspec-its + specinfra (~> 2.38) + sfl (2.2) slop (3.6.0) solve (1.2.1) dep_selector (~> 1.0) semverse (~> 1.1) - specinfra (1.27.0) - systemu (2.6.4) - test-kitchen (1.2.1) - mixlib-shellout (~> 1.2) + specinfra (2.38.0) + net-scp + net-ssh (~> 2.7) + net-telnet + sfl + syslog-logger (1.6.8) + systemu (2.6.5) + test-kitchen (1.4.1) + mixlib-shellout (>= 1.2, < 3.0) net-scp (~> 1.1) net-ssh (~> 2.7) safe_yaml (~> 1.0) @@ -206,6 +236,7 @@ GEM treetop (1.4.15) polyglot polyglot (>= 0.3.1) + uuidtools (2.1.5) varia_model (0.4.0) buff-extensions (~> 1.0) hashie (>= 2.0.2, < 3.0.0) diff --git a/berks-cookbooks/composer/README.md b/berks-cookbooks/composer/README.md index 06f233b1..e4bb6641 100644 --- a/berks-cookbooks/composer/README.md +++ b/berks-cookbooks/composer/README.md @@ -54,8 +54,10 @@ This cookbook includes an LWRP for managing a Composer project #### Actions - :install: Reads the composer.json file from the current directory, resolves the dependencies, and installs them into vendor - this is the default action +- :require Create composer.json file using specified vendor and downloads vendor. - :update: Gets the latest versions of the dependencies and updates the composer.lock file - :dump_autoload: Updates the autoloader without having to go through an install or update (eg. because of new classes in a classmap package) +- :remove Removes vendor from composer.json and uninstalls #### Attribute parameters - project_dir: The directory where your project's composer.json can be found @@ -73,6 +75,14 @@ composer_project "/path/to/project" do action :install end +#require project vendor +composer_project "/path/to/project" do + dev false + quiet true + prefer_dist false + action :require +end + #update project vendors composer_project "/path/to/project" do dev false @@ -86,6 +96,12 @@ composer_project "/path/to/project" do quiet true action :dump_autoload end + +#remove project vendor +composer_project "/path/to/project" do + vendor 'repo/vendor' + action :remove +end ``` Usage diff --git a/berks-cookbooks/composer/metadata.json b/berks-cookbooks/composer/metadata.json index 69e030c9..11d7d53b 100644 --- a/berks-cookbooks/composer/metadata.json +++ b/berks-cookbooks/composer/metadata.json @@ -1,7 +1,7 @@ { "name": "composer", "description": "Installs/Configures Composer", - "long_description": "[![Build Status](https://travis-ci.org/escapestudios-cookbooks/composer.png)](https://travis-ci.org/escapestudios-cookbooks/composer)\n\nDescription\n===========\n\nThis cookbook provides an easy way to install Composer, a dependency manager for PHP.\n\nMore information?\nhttp://getcomposer.org/\n\nRequirements\n============\n\n## Cookbooks:\n\n* php\n\nThis cookbook recommends the following cookbooks:\n\n* windows\n\n### Depending on your environment, these recommended cookbooks are actual dependencies (depends):\n* Using the community PHP cookbook to get PHP installed? You'll need the php cookbook to be available.\n* Running on Windows? You'll need the windows cookbook to be available.\n\n## Platforms:\n\n* Ubuntu\n* Debian\n* RHEL\n* CentOS\n* Fedora\n* Windows\n\nAttributes\n==========\n\n* `node['composer']['url']` - Location of the source\n* `node['composer']['install_dir']` - Installation target directory (absolute or relative path) if installing locally\n* `node['composer']['bin']` - bin directory\n* `node['composer']['install_globally']` - Installation method, ':source' or ':package' - default true\n* `node['composer']['mask']` - Mask for composer.phar - 0755\n* `node['composer']['link_type']` - link type for composer.phar link - default :symbolic\n* `node['composer']['global_configs']` - Hash with global config options for users, eg. { \"userX\" => { \"github-oauth\" => { \"github.com\" => \"userX_oauth_token\" }, \"vendor-dir\" => \"myvendordir\" } } - default {}\n* `node['composer']['home_dir']` - COMPOSER_HOME, defaults to nil (in which case install_dir will be used), please do read the [Composer documentation on COMPOSER_HOME](https://getcomposer.org/doc/03-cli.md#composer-home) when setting a custom home_dir\n* `node['composer']['php_recipe']` - The php recipe to include, defaults to \"php::default\"\n\nResources / Providers\n=====================\n\nThis cookbook includes an LWRP for managing a Composer project\n\n### `composer_project`\n\n#### Actions\n- :install: Reads the composer.json file from the current directory, resolves the dependencies, and installs them into vendor - this is the default action\n- :update: Gets the latest versions of the dependencies and updates the composer.lock file\n- :dump_autoload: Updates the autoloader without having to go through an install or update (eg. because of new classes in a classmap package)\n\n#### Attribute parameters\n- project_dir: The directory where your project's composer.json can be found\n- dev: Install packages listed in require-dev, default false\n- quiet: Do not output any message, default true\n- optimize_autoloader: Optimize PSR0 packages to use classmaps, default false\n\n#### Examples\n```\n#install project vendors\ncomposer_project \"/path/to/project\" do\n dev false\n quiet true\n prefer_dist false\n action :install\nend\n\n#update project vendors\ncomposer_project \"/path/to/project\" do\n dev false\n quiet true\n action :update\nend\n\n#dump-autoload for project\ncomposer_project \"/path/to/project\" do\n dev false\n quiet true\n action :dump_autoload\nend\n```\n\nUsage\n=====\n\n1) include `recipe[composer]` in a run list\n2) tweak the attributes via attributes/default.rb\n --- OR ---\n override the attribute on a higher level (http://wiki.opscode.com/display/chef/Attributes#Attributes-AttributesPrecedence)\n\nReferences\n==========\n\n* [Composer home page] (http://getcomposer.org/)\n\nLicense and Authors\n===================\n\nAuthor: David Joos \nAuthor: Escape Studios Development \nCopyright: 2012-2014, Escape Studios\n\nUnless otherwise noted, all files are released under the MIT license,\npossible exceptions will contain licensing information in them.\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in\nall copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN\nTHE SOFTWARE.\n", + "long_description": "[![Build Status](https://travis-ci.org/escapestudios-cookbooks/composer.png)](https://travis-ci.org/escapestudios-cookbooks/composer)\n\nDescription\n===========\n\nThis cookbook provides an easy way to install Composer, a dependency manager for PHP.\n\nMore information?\nhttp://getcomposer.org/\n\nRequirements\n============\n\n## Cookbooks:\n\n* php\n\nThis cookbook recommends the following cookbooks:\n\n* windows\n\n### Depending on your environment, these recommended cookbooks are actual dependencies (depends):\n* Using the community PHP cookbook to get PHP installed? You'll need the php cookbook to be available.\n* Running on Windows? You'll need the windows cookbook to be available.\n\n## Platforms:\n\n* Ubuntu\n* Debian\n* RHEL\n* CentOS\n* Fedora\n* Windows\n\nAttributes\n==========\n\n* `node['composer']['url']` - Location of the source\n* `node['composer']['install_dir']` - Installation target directory (absolute or relative path) if installing locally\n* `node['composer']['bin']` - bin directory\n* `node['composer']['install_globally']` - Installation method, ':source' or ':package' - default true\n* `node['composer']['mask']` - Mask for composer.phar - 0755\n* `node['composer']['link_type']` - link type for composer.phar link - default :symbolic\n* `node['composer']['global_configs']` - Hash with global config options for users, eg. { \"userX\" => { \"github-oauth\" => { \"github.com\" => \"userX_oauth_token\" }, \"vendor-dir\" => \"myvendordir\" } } - default {}\n* `node['composer']['home_dir']` - COMPOSER_HOME, defaults to nil (in which case install_dir will be used), please do read the [Composer documentation on COMPOSER_HOME](https://getcomposer.org/doc/03-cli.md#composer-home) when setting a custom home_dir\n* `node['composer']['php_recipe']` - The php recipe to include, defaults to \"php::default\"\n\nResources / Providers\n=====================\n\nThis cookbook includes an LWRP for managing a Composer project\n\n### `composer_project`\n\n#### Actions\n- :install: Reads the composer.json file from the current directory, resolves the dependencies, and installs them into vendor - this is the default action\n- :require Create composer.json file using specified vendor and downloads vendor.\n- :update: Gets the latest versions of the dependencies and updates the composer.lock file\n- :dump_autoload: Updates the autoloader without having to go through an install or update (eg. because of new classes in a classmap package)\n- :remove Removes vendor from composer.json and uninstalls\n\n#### Attribute parameters\n- project_dir: The directory where your project's composer.json can be found\n- dev: Install packages listed in require-dev, default false\n- quiet: Do not output any message, default true\n- optimize_autoloader: Optimize PSR0 packages to use classmaps, default false\n\n#### Examples\n```\n#install project vendors\ncomposer_project \"/path/to/project\" do\n dev false\n quiet true\n prefer_dist false\n action :install\nend\n\n#require project vendor\ncomposer_project \"/path/to/project\" do\n dev false\n quiet true\n prefer_dist false\n action :require \nend\n\n#update project vendors\ncomposer_project \"/path/to/project\" do\n dev false\n quiet true\n action :update\nend\n\n#dump-autoload for project\ncomposer_project \"/path/to/project\" do\n dev false\n quiet true\n action :dump_autoload\nend\n\n#remove project vendor\ncomposer_project \"/path/to/project\" do\n vendor 'repo/vendor'\n action :remove\nend\n```\n\nUsage\n=====\n\n1) include `recipe[composer]` in a run list\n2) tweak the attributes via attributes/default.rb\n --- OR ---\n override the attribute on a higher level (http://wiki.opscode.com/display/chef/Attributes#Attributes-AttributesPrecedence)\n\nReferences\n==========\n\n* [Composer home page] (http://getcomposer.org/)\n\nLicense and Authors\n===================\n\nAuthor: David Joos \nAuthor: Escape Studios Development \nCopyright: 2012-2014, Escape Studios\n\nUnless otherwise noted, all files are released under the MIT license,\npossible exceptions will contain licensing information in them.\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in\nall copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN\nTHE SOFTWARE.\n", "maintainer": "Escape Studios", "maintainer_email": "dev@escapestudios.com", "license": "MIT", @@ -45,5 +45,7 @@ "composer::self_update": "Installs (if applicable) and self-updates composer.", "composer::global_configs": "Sets up global config options via `composer config --global`" }, - "version": "2.0.0" + "version": "2.2.0", + "source_url": "", + "issues_url": "" } diff --git a/berks-cookbooks/composer/providers/project.rb b/berks-cookbooks/composer/providers/project.rb index e81d2caa..a7ca7f2c 100644 --- a/berks-cookbooks/composer/providers/project.rb +++ b/berks-cookbooks/composer/providers/project.rb @@ -16,6 +16,10 @@ def whyrun_supported? new_resource.updated_by_last_action(true) end +action :require do + make_require +end + action :update do make_execute 'update' new_resource.updated_by_last_action(true) @@ -26,15 +30,20 @@ def whyrun_supported? new_resource.updated_by_last_action(true) end +action :remove do + remove_vendor 'remove' +end + def make_execute(cmd) dev = new_resource.dev ? '--dev' : '--no-dev' quiet = new_resource.quiet ? '--quiet' : '' optimize = new_resource.optimize_autoloader ? optimize_flag(cmd) : '' prefer_dist = new_resource.prefer_dist ? '--prefer-dist' : '' + prefer_source = new_resource.prefer_source ? '--prefer-source' : '' execute "#{cmd}-composer-for-project" do cwd new_resource.project_dir - command "#{node['composer']['bin']} #{cmd} --no-interaction --no-ansi #{quiet} #{dev} #{optimize} #{prefer_dist}" + command "#{node['composer']['bin']} #{cmd} --no-interaction --no-ansi #{quiet} #{dev} #{optimize} #{prefer_dist} #{prefer_source}" environment 'COMPOSER_HOME' => Composer.home_dir(node) action :run only_if 'which composer' @@ -44,6 +53,35 @@ def make_execute(cmd) end end +def make_require + dev = new_resource.dev ? '--dev' : '--update-no-dev' + vendor = new_resource.vendor + prefer_dist = new_resource.prefer_dist ? '--prefer-dist' : '' + + execute 'Install-composer-for-single-project' do + cwd new_resource.project_dir + command "#{node['composer']['bin']} require #{vendor} #{dev} #{prefer_dist}" + environment 'COMPOSER_HOME' => Composer.home_dir(node) + action :run + only_if 'which composer' + user new_resource.user + group new_resource.group + umask new_resource.umask + end +end + +def remove_vendor(cmd) + vendor = new_resource.vendor + + execute "#{cmd}-composer-for-project" do + cwd new_resource.project_dir + command "#{node['composer']['bin']} remove #{vendor}" + environment 'COMPOSER_HOME' => Composer.home_dir(node) + action :run + only_if 'which composer' + end +end + def optimize_flag(cmd) (%(install update).include? cmd) ? '--optimize-autoloader' : '--optimize' end diff --git a/berks-cookbooks/composer/recipes/global_configs.rb b/berks-cookbooks/composer/recipes/global_configs.rb index 9b10cd36..2fc4cce9 100644 --- a/berks-cookbooks/composer/recipes/global_configs.rb +++ b/berks-cookbooks/composer/recipes/global_configs.rb @@ -23,7 +23,7 @@ value.each_pair do |value_k, value_v| execute "composer-config-for-#{user}" do command "composer config --global #{option}.#{value_k} #{value_v}" - environment 'COMPOSER_HOME' => Composer.home_dir(node) + environment 'COMPOSER_HOME' => Dir.home(user) user user group user action :run @@ -32,7 +32,7 @@ else execute "composer-config-for-#{user}" do command "composer config --global #{option} #{value}" - environment 'COMPOSER_HOME' => Composer.home_dir(node) + environment 'COMPOSER_HOME' => Dir.home(user) user user group user action :run diff --git a/berks-cookbooks/composer/resources/project.rb b/berks-cookbooks/composer/resources/project.rb index c8980dfe..66579264 100644 --- a/berks-cookbooks/composer/resources/project.rb +++ b/berks-cookbooks/composer/resources/project.rb @@ -5,14 +5,17 @@ # Copyright 2012-2014, Escape Studios # -actions :install, :update, :dump_autoload +actions :install, :single, :require, :update, :dump_autoload, :remove default_action :install attribute :project_dir, :kind_of => String, :name_attribute => true +attribute :vendor, :kind_of => String, :name_attribute => true, :required => true +attribute :path, :kind_of => String, :default => nil attribute :dev, :kind_of => [TrueClass, FalseClass], :default => false attribute :quiet, :kind_of => [TrueClass, FalseClass], :default => true attribute :optimize_autoloader, :kind_of => [TrueClass, FalseClass], :default => false attribute :prefer_dist, :kind_of => [TrueClass, FalseClass], :default => false +attribute :prefer_source, :kind_of => [TrueClass, FalseClass], :default => false attribute :user, :kind_of => String, :default => 'root' attribute :group, :kind_of => String, :default => 'root' attribute :umask, :kind_of => [String, Fixnum], :default => 0002 diff --git a/berks-cookbooks/git/CHANGELOG.md b/berks-cookbooks/git/CHANGELOG.md index fc8ab32f..9094d4d2 100644 --- a/berks-cookbooks/git/CHANGELOG.md +++ b/berks-cookbooks/git/CHANGELOG.md @@ -2,12 +2,64 @@ git Cookbook CHANGELOG ====================== This file is used to list changes made in each version of the git cookbook. +v4.3.4 (2015-09-06) +------------------- +- Fixing package_id on OSX +- Adding 2.5.1 data for Windows + +v4.3.3 (2015-07-27) +------------------- +- #76: Use checksum keyname instead of value in source recipe + +v4.3.2 (2015-07-27) +------------------- +- Fixing up Windows provider (issue #73) +- Supporting changes to source_prefix in source provider (#62) + +v4.3.1 (2015-07-23) +------------------- +- Fixing up osx_dmg_source_url + +v4.3.0 (2015-07-20) +------------------- +- Removing references to node attributes from provider code +- Name-spacing of client resource property names +- Addition of windows recipe +- Creation of package recipe + +v4.2.4 (2015-07-19) +------------------- +- Fixing source provider selection bug from 4.2.3 + +v4.2.3 (2015-07-18) +------------------- +- mac_os_x provider mapping +- various rubocops + +v4.2.2 (2015-04-23) +------------------- +- Fix up action in Chef::Resource::GitService +- Adding matchers + +v4.2.1 (2015-04-17) +------------------- +- Fixing Chef 11 support. +- Adding provider mapping file + +v4.2.0 (2015-04-15) +------------------- +- Converting recipes to resources. +- Keeping recipe interface for backwards compat + +v4.1.0 (2014-12-23) +------------------- +- Fixing windows package checksums +- Various test coverage additions v4.0.2 (2014-04-23) ------------------- - [COOK-4482] - Add FreeBSD support for installing git client - v4.0.0 (2014-03-18) ------------------- - [COOK-4397] Only use_inline_resources on Chef 11 @@ -57,16 +109,16 @@ v2.8.0 v2.7.0 ------ ### Bug -- **[COOK-3624](https://tickets.opscode.com/browse/COOK-3624)** - Don't restart `xinetd` on each Chef client run -- **[COOK-3482](https://tickets.opscode.com/browse/COOK-3482)** - Force git to add itself to the current process' PATH +- **[COOK-3624](https://tickets.chef.io/browse/COOK-3624)** - Don't restart `xinetd` on each Chef client run +- **[COOK-3482](https://tickets.chef.io/browse/COOK-3482)** - Force git to add itself to the current process' PATH ### New Feature -- **[COOK-3223](https://tickets.opscode.com/browse/COOK-3223)** - Support Omnios and SmartOS package installs +- **[COOK-3223](https://tickets.chef.io/browse/COOK-3223)** - Support Omnios and SmartOS package installs v2.6.0 ------ ### Improvement -- **[COOK-3193](https://tickets.opscode.com/browse/COOK-3193)** - Add proper debian packages +- **[COOK-3193](https://tickets.chef.io/browse/COOK-3193)** - Add proper debian packages v2.5.2 ------ diff --git a/berks-cookbooks/git/README.md b/berks-cookbooks/git/README.md index 85a92958..145219ca 100644 --- a/berks-cookbooks/git/README.md +++ b/berks-cookbooks/git/README.md @@ -1,45 +1,122 @@ -Description -=========== - -Installs git and optionally sets up a git server as a daemon under runit. - -Requirements +Git Cookbook ============ -## Ohai and Chef: - -* Ohai: 6.14.0+ - -This cookbook makes use of `node['platform_family']` to simplify platform -selection logic. This attribute was introduced in Ohai v0.6.12. - -## Platform: - -The following platform families are supported: - -* Debian -* Arch -* RHEL -* Fedora -* FreeBSD (client only) -* Mac OS X (10.6.0+) -* Windows -## Cookbooks: +Installs git_client from package or source. +Optionally sets up a git service under xinetd. -* runit (for `git::server`) -* build-essential (for `git::source`) -* dmg (for OS X installation) -* yum (for RHEL 5 installation) +Scope +----- +This cookbook is concerned with the Git SCM utility. It does not +address ecosystem tooling or related projects. -### Windows Dependencies -The [`windows_package`](https://github.com/opscode-cookbooks/windows#windows_package) resource from the Windows cookbook is required to -install the git package on Windows. - -## Attributes +Requirements +------------ +- Chef 11 or higher +- Ruby 1.9 or higher (preferably from the Chef full-stack installer) +- Network accessible package repositories or a web server hosting source tarballs. + +Platform Support +---------------- +The following platforms have been tested with Test Kitchen: + +``` +|--------------+-------| +| centos-5 | X | +|--------------+-------| +| centos-6 | X | +|--------------+-------| +| centos-7 | X | +|--------------+-------| +| fedora-21 | X | +|--------------+-------| +| debian-7.0 | X | +|--------------+-------| +| ubuntu-12.04 | X | +|--------------+-------| +| ubuntu-14.04 | X | +|--------------+-------| +| ubuntu-15.04 | X | +|--------------+-------| +``` + +Cookbook Dependencies +--------------------- +- depends 'build-essential' - For compiling from source +- depends 'dmg' - For OSX Support +- depends 'windows' - For Windows support +- depends 'yum-epel' - For older RHEL platform_family support -### default -The following attributes are platform-specific. +Usage +----- +- Add `git::default`, `git::source`, of `git::windows` to your run_list +OR +- Add ```depends 'git', '~> 4.3'``` to your cookbook's metadata.rb +- include_recipe one of the recipes from your cookbook +OR +- Use the git_client resource directly, the same way you'd use core + Chef resources (file, template, directory, package, etc). + +Resources Overview +------------------ +- `git_client`: Manages a Git client installation on a machine. Acts + as a singleton when using the (default) package provider. Source + provider available as well. + +- `git_service`: Sets up a Git service via xinetd. WARNING: This is + insecure and will probably be removed in the future + +### git_client + +The `git_client` resource manages the installation of a Git client on +a machine. + +#### Example +``` +git_client 'default' do + action :install +end +``` + +#### Properties +Currently, there are distinct sets of resource properties, used by the +providers for source, package, osx, and windows. + +# used by linux package providers +- `package_name` - Package name to install on Linux machines. Defaults to a calculated value based on platform. +- `package_version` - Defaults to nil. +- `package_action` - Defaults to `:install` + +# used by source providers +- `source_prefix` - Defaults to '/usr/local' +- `source_url` - Defaults to a calculated URL based on source_version +- `source_version` - Defaults to 1.9.5 +- `source_use_pcre` - configure option for build. Defaults to false +- `source_checksum` - Defaults to a known value for the 1.9.5 source tarball + +# used by OSX package providers +- `osx_dmg_app_name` - Defaults to 'git-1.9.5-intel-universal-snow-leopard' +- `osx_dmg_package_id` - Defaults to 'GitOSX.Installer.git195.git.pkg' +- `osx_dmg_volumes_dir` - Defaults to 'Git 1.9.5 Snow Leopard Intel Universal' +- `osx_dmg_url` - Defaults to Sourceforge +- `osx_dmg_checksum` - Defaults to the value for 1.9.5 + +# used by the Windows package providers +- `windows_display_name` - Windows display name +- `windows_package_url` - Defaults to the Internet +- `windows_package_checksum` - Defaults to the value for 1.9.5 +Recipes +------- +This cookbook ships with ready to use, attribute driven recipes that utilize the +`git_client` and `git_service` resources. As of cookbook 4.x, they utilize the same +attributes layout scheme from the 3.x. Due to some overlap, it is currently +impossible to simultaneously install the Git client as a package and +from source by using the "manipulate a the node attributes and run a +recipe" technique. If you need both, you'll need to utilize the +git_client resource in a recipe. + +Attributes +---------- #### Windows * `node['git']['version']` - git version to install @@ -58,50 +135,14 @@ The following attributes are platform-specific. * `node['git']['version']` - git version to install * `node['git']['url']` - URL to git tarball * `node['git']['checksum']` - tarball SHA256 checksum - -Recipes -======= - -## default - -Installs base git packages based on platform. - -## server - -Sets up a git daemon to provide a server. - -## source - -Installs git from source. - -## windows - -Installs git client on Windows - -Usage -===== - - -This cookbook primarily installs git core packages. It can also be -used to serve git repositories. - -To install git client (all supported platforms): - - include_recipe 'git' - -To install git server: - - include_recipe "git::server" - -This creates the directory specified by git/server/base_path (default is /srv/git) -and starts a git daemon, exporting all repositories found. Repositories need to be -added manually, but will be available once they are created. +* `node['git']['use_pcre']` - if true, builds git with PCRE enabled License and Author ================== -- Author:: Joshua Timberman () -- Copyright:: 2009-2014, Chef Software, Inc. +- Author:: Joshua Timberman () +- Author:: Sean OMeara () +- Copyright:: 2009-2015, Chef Software, Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/git/attributes/default.rb b/berks-cookbooks/git/attributes/default.rb index e2abf800..1c2631e7 100644 --- a/berks-cookbooks/git/attributes/default.rb +++ b/berks-cookbooks/git/attributes/default.rb @@ -16,17 +16,17 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - case node['platform_family'] when 'windows' - default['git']['version'] = '1.9.5-preview20141217' - default['git']['url'] = "https://github.com/msysgit/msysgit/releases/download/Git-#{node['git']['version']}/Git-#{node['git']['version']}.exe" - default['git']['checksum'] = 'd7e78da2251a35acd14a932280689c57ff9499a474a448ae86e6c43b882692dd' - default['git']['display_name'] = "Git version #{ node['git']['version'] }" + default['git']['version'] = '2.5.1' + default['git']['architecture'] = '32' + default['git']['url'] = "https://github.com/git-for-windows/git/releases/download/v#{node['git']['version']}.windows.1/Git-#{node['git']['version']}-#{node['git']['architecture']}-bit.exe" + default['git']['checksum'] = 'f1a6a1b96f2497331afbefda7c720995d7deb0ba55caeb7307bcee27dae8e157' + default['git']['display_name'] = "Git version #{node['git']['version']}" when 'mac_os_x' default['git']['osx_dmg']['app_name'] = 'git-1.9.5-intel-universal-snow-leopard' default['git']['osx_dmg']['volumes_dir'] = 'Git 1.9.5 Snow Leopard Intel Universal' - default['git']['osx_dmg']['package_id'] = 'GitOSX.Installer.git195.git.pkg' + default['git']['osx_dmg']['package_id'] = 'GitOSX.Installer.git195Universal.git.pkg' default['git']['osx_dmg']['url'] = 'http://sourceforge.net/projects/git-osx-installer/files/git-1.9.5-intel-universal-snow-leopard.dmg/download' default['git']['osx_dmg']['checksum'] = '61b8a9fda547725f6f0996c3d39a62ec3334e4c28a458574bc2aea356ebe94a1' else @@ -34,7 +34,8 @@ default['git']['version'] = '1.9.5' default['git']['url'] = "https://nodeload.github.com/git/git/tar.gz/v#{node['git']['version']}" default['git']['checksum'] = '0f30984828d573da01d9f8e78210d5f4c56da1697fd6d278bad4cfa4c22ba271' + default['git']['use_pcre'] = false end default['git']['server']['base_path'] = '/srv/git' -default['git']['server']['export_all'] = 'true' +default['git']['server']['export_all'] = 'true' # ? diff --git a/berks-cookbooks/git/libraries/helpers.rb b/berks-cookbooks/git/libraries/helpers.rb new file mode 100644 index 00000000..07020deb --- /dev/null +++ b/berks-cookbooks/git/libraries/helpers.rb @@ -0,0 +1,49 @@ +module GitCookbook + module Helpers + # linux packages default to distro offering + def parsed_package_name + return new_resource.package_name if new_resource.package_name + return 'git-core' if node['platform'] == 'ubuntu' && node['platform_version'].to_f < 10.10 + return 'developer/versioning/git' if node['platform'] == 'omnios' + return 'scmgit' if node['platform'] == 'smartos' + 'git' + end + + def parsed_package_version + return new_resource.package_version if new_resource.package_version + end + + # source + def parsed_source_url + return new_resource.source_url if new_resource.source_url + return "https://nodeload.github.com/git/git/tar.gz/v#{new_resource.source_version}" + end + + def parsed_source_checksum + return new_resource.source_checksum if new_resource.source_checksum + return '0f30984828d573da01d9f8e78210d5f4c56da1697fd6d278bad4cfa4c22ba271' # 1.9.5 tarball + end + + # windows + def parsed_windows_display_name + return new_resource.windows_display_name if new_resource.windows_display_name + "Git version #{parsed_windows_package_version}" + end + + def parsed_windows_package_version + return new_resource.windows_package_version if new_resource.windows_package_version + '1.9.5-preview20141217' + end + + def parsed_windows_package_url + return new_resource.windows_package_url if new_resource.windows_package_url + "https://github.com/msysgit/msysgit/releases/download/Git-#{parsed_windows_package_version}/Git-#{parsed_windows_package_version}.exe" + end + + def parsed_windows_package_checksum + return new_resource.windows_package_checksum if new_resource.windows_package_checksum + 'd7e78da2251a35acd14a932280689c57ff9499a474a448ae86e6c43b882692dd' + end + + end +end diff --git a/berks-cookbooks/git/libraries/matchers.rb b/berks-cookbooks/git/libraries/matchers.rb index 9b31a58e..2e046044 100644 --- a/berks-cookbooks/git/libraries/matchers.rb +++ b/berks-cookbooks/git/libraries/matchers.rb @@ -1,5 +1,13 @@ if defined?(ChefSpec) - def set_git_config(resource_name) + def set_git_config(resource_name) # rubocop:disable Style/AccessorMethodName ChefSpec::Matchers::ResourceMatcher.new(:git_config, :set, resource_name) end + + def install_git_client(resource_name) + ChefSpec::Matchers::ResourceMatcher.new(:git_client, :install, resource_name) + end + + def install_git_service(resource_name) + ChefSpec::Matchers::ResourceMatcher.new(:git_service, :install, resource_name) + end end diff --git a/berks-cookbooks/git/libraries/provider_git_client.rb b/berks-cookbooks/git/libraries/provider_git_client.rb new file mode 100644 index 00000000..41d7cfdf --- /dev/null +++ b/berks-cookbooks/git/libraries/provider_git_client.rb @@ -0,0 +1,13 @@ +class Chef + class Provider + class GitClient < Chef::Provider::LWRPBase + use_inline_resources + + def whyrun_supported? + true + end + + include GitCookbook::Helpers + end + end +end diff --git a/berks-cookbooks/git/libraries/provider_git_client_osx.rb b/berks-cookbooks/git/libraries/provider_git_client_osx.rb new file mode 100644 index 00000000..37af722a --- /dev/null +++ b/berks-cookbooks/git/libraries/provider_git_client_osx.rb @@ -0,0 +1,26 @@ +class Chef + class Provider + class GitClient + class Osx < Chef::Provider::GitClient + include Chef::DSL::IncludeRecipe + + provides :git_client, os: 'mac_os_x' if respond_to?(:provides) + + action :install do + dmg_package 'GitOSX-Installer' do + app new_resource.osx_dmg_app_name + package_id new_resource.osx_dmg_package_id + volumes_dir new_resource.osx_dmg_volumes_dir + source new_resource.osx_dmg_url + checksum new_resource.osx_dmg_checksum + type 'pkg' + action :install + end + end + + action :delete do + end + end + end + end +end diff --git a/berks-cookbooks/git/libraries/provider_git_client_package.rb b/berks-cookbooks/git/libraries/provider_git_client_package.rb new file mode 100644 index 00000000..df81ac4e --- /dev/null +++ b/berks-cookbooks/git/libraries/provider_git_client_package.rb @@ -0,0 +1,27 @@ +class Chef + class Provider + class GitClient + class Package < Chef::Provider::GitClient + include Chef::DSL::IncludeRecipe + + provides :git_client, os: 'linux' if respond_to?(:provides) + + action :install do + # FIXME: rhel 5 + include_recipe 'yum-epel' if node['platform_family'] == 'rhel' && node['platform_version'].to_i == 5 + + # Software installation + package "#{new_resource.name} :create #{parsed_package_name}" do + package_name parsed_package_name + version parsed_package_version + action new_resource.package_action + action :install + end + end + + action :delete do + end + end + end + end +end diff --git a/berks-cookbooks/git/libraries/provider_git_client_source.rb b/berks-cookbooks/git/libraries/provider_git_client_source.rb new file mode 100644 index 00000000..03f5cbf7 --- /dev/null +++ b/berks-cookbooks/git/libraries/provider_git_client_source.rb @@ -0,0 +1,65 @@ +class Chef + class Provider + class GitClient + class Source < Chef::Provider::GitClient + include Chef::DSL::IncludeRecipe + + action :install do + return "#{node['platform']} is not supported by the #{cookbook_name}::#{recipe_name} recipe" if node['platform'] == 'windows' + + include_recipe 'build-essential' + include_recipe 'yum-epel' if node['platform_family'] == 'rhel' && node['platform_version'].to_i < 6 + + # move this to attributes. + case node['platform_family'] + when 'fedora' + pkgs = %w(openssl-devel libcurl-devel expat-devel perl-ExtUtils-MakeMaker) + when 'rhel' + case node['platform_version'].to_i + when 5 + pkgs = %w(expat-devel gettext-devel curl-devel openssl-devel zlib-devel) + pkgs += %w{ pcre-devel } if new_resource.source_use_pcre + when 6, 7 + pkgs = %w(expat-devel gettext-devel libcurl-devel openssl-devel perl-ExtUtils-MakeMaker zlib-devel) + pkgs += %w{ pcre-devel } if new_resource.source_use_pcre + else + pkgs = %w(expat-devel gettext-devel curl-devel openssl-devel perl-ExtUtils-MakeMaker zlib-devel) if node['platform'] == 'amazon' + pkgs += %w{ pcre-devel } if new_resource.source_use_pcre + end + when 'debian' + pkgs = %w(libcurl4-gnutls-dev libexpat1-dev gettext libz-dev libssl-dev) + pkgs += %w{ libpcre3-dev } if new_resource.source_use_pcre + end + + pkgs.each do |pkg| + package pkg + end + + # reduce line-noise-eyness + remote_file "#{Chef::Config['file_cache_path']}/git-#{new_resource.source_version}.tar.gz" do + source parsed_source_url # helpers.rb + checksum parsed_source_checksum # helpers.rb + mode '0644' + not_if "test -f #{Chef::Config['file_cache_path']}/git-#{new_resource.source_version}.tar.gz" + end + + # reduce line-noise-eyness + execute "Extracting and Building Git #{new_resource.source_version} from Source" do + cwd Chef::Config['file_cache_path'] + additional_make_params = "" + additional_make_params += "USE_LIBPCRE=1" if new_resource.source_use_pcre + command <<-COMMAND + (mkdir git-#{new_resource.source_version} && tar -zxf git-#{new_resource.source_version}.tar.gz -C git-#{new_resource.source_version} --strip-components 1) + (cd git-#{new_resource.source_version} && make prefix=#{new_resource.source_prefix} #{additional_make_params} install) + COMMAND + not_if "git --version | grep #{new_resource.source_version}" + not_if "#{new_resource.source_prefix}/bin/git --version | grep #{new_resource.source_version}" + end + end + + action :delete do + end + end + end + end +end diff --git a/berks-cookbooks/git/libraries/provider_git_client_windows.rb b/berks-cookbooks/git/libraries/provider_git_client_windows.rb new file mode 100644 index 00000000..0969cea8 --- /dev/null +++ b/berks-cookbooks/git/libraries/provider_git_client_windows.rb @@ -0,0 +1,44 @@ +class Chef + class Provider + class GitClient + class Windows < Chef::Provider::GitClient + include Chef::DSL::IncludeRecipe + + provides :git_client, os: 'windows' if respond_to?(:provides) + + action :install do + windows_package parsed_windows_display_name do + action :install + source parsed_windows_package_url + checksum parsed_windows_package_checksum + installer_type :inno + end + + # Git is installed to Program Files (x86) on 64-bit machines and + # 'Program Files' on 32-bit machines + PROGRAM_FILES = ENV['ProgramFiles(x86)'] || ENV['ProgramFiles'] + GIT_PATH = "#{PROGRAM_FILES}\\Git\\Cmd" + + # COOK-3482 - windows_path resource doesn't change the current process + # environment variables. Therefore, git won't actually be on the PATH + # until the next chef-client run + ruby_block 'Add Git Path' do + block do + ENV['PATH'] += ";#{GIT_PATH}" + end + not_if { ENV['PATH'] =~ /GIT_PATH/ } + action :nothing + end + + windows_path GIT_PATH do + notifies :create, 'ruby_block[Add Git Path]', :immediately + action :add + end + end + + action :delete do + end + end + end + end +end diff --git a/berks-cookbooks/git/libraries/provider_git_service.rb b/berks-cookbooks/git/libraries/provider_git_service.rb new file mode 100644 index 00000000..b4c00d23 --- /dev/null +++ b/berks-cookbooks/git/libraries/provider_git_service.rb @@ -0,0 +1,57 @@ +class Chef + class Provider + class GitClient < Chef::Provider::LWRPBase + use_inline_resources + + def whyrun_supported? + true + end + + include Chef::DSL::IncludeRecipe + include GitCookbook::Helpers + + provides :git_service, os: 'linux' if respond_to?(:provides) + + action :create do + return "#{node['platform']} is not supported by the #{cookbook_name}::#{recipe_name} recipe" if node['platform'] == 'windows' + + include_recipe 'git' + + directory new_resource.service_base_path do + owner 'root' + group 'root' + mode '0755' + end + + case node['platform_family'] + when 'debian' + package 'xinetd' + when 'rhel' + package 'git-daemon' + else + log 'Platform requires setting up a git daemon service script.' + log "Hint: /usr/bin/git daemon --export-all --user=nobody --group=daemon --base-path=#{new_resource.service_base_path}" + return + end + + template '/etc/xinetd.d/git' do + backup false + source 'git-xinetd.d.erb' + owner 'root' + group 'root' + mode '0644' + variables( + git_daemon_binary: value_for_platform_family( + 'debian' => '/usr/lib/git-core/git-daemon', + 'rhel' => '/usr/libexec/git-core/git-daemon' + ) + ) + end + + service 'xinetd' do + action [:enable, :restart] + end + end + end + end +end diff --git a/berks-cookbooks/git/libraries/provider_git_service_xinetd.rb b/berks-cookbooks/git/libraries/provider_git_service_xinetd.rb new file mode 100644 index 00000000..74b524ec --- /dev/null +++ b/berks-cookbooks/git/libraries/provider_git_service_xinetd.rb @@ -0,0 +1,55 @@ +class Chef + class Provider + class GitClient < Chef::Provider::LWRPBase + use_inline_resources + + def whyrun_supported? + true + end + + include Chef::DSL::IncludeRecipe + include GitCookbook::Helpers + + action :create do + return "#{node['platform']} is not supported by the #{cookbook_name}::#{recipe_name} recipe" if node['platform'] == 'windows' + + include_recipe 'git' + + directory new_resource.service_base_path do + owner 'root' + group 'root' + mode '0755' + end + + case node['platform_family'] + when 'debian' + package 'xinetd' + when 'rhel' + package 'git-daemon' + else + log 'Platform requires setting up a git daemon service script.' + log "Hint: /usr/bin/git daemon --export-all --user=nobody --group=daemon --base-path=#{new_resource.service_base_path}" + return + end + + template '/etc/xinetd.d/git' do + backup false + source 'git-xinetd.d.erb' + owner 'root' + group 'root' + mode '0644' + variables( + git_daemon_binary: value_for_platform_family( + 'debian' => '/usr/lib/git-core/git-daemon', + 'rhel' => '/usr/libexec/git-core/git-daemon' + ) + ) + end + + service 'xinetd' do + action [:enable, :restart] + end + end + end + end +end diff --git a/berks-cookbooks/git/libraries/resource_git_client.rb b/berks-cookbooks/git/libraries/resource_git_client.rb new file mode 100644 index 00000000..b16cbfa2 --- /dev/null +++ b/berks-cookbooks/git/libraries/resource_git_client.rb @@ -0,0 +1,38 @@ +require 'chef/resource/lwrp_base' + +class Chef + class Resource + class GitClient < Chef::Resource::LWRPBase + self.resource_name = :git_client + actions :install, :remove + default_action :install + + provides :git_client + + # used by source providers + attribute :source_checksum, kind_of: String, default: nil + attribute :source_prefix, kind_of: String, default: '/usr/local' + attribute :source_url, kind_of: String, default: nil + attribute :source_use_pcre, kind_of: [TrueClass, FalseClass], default: false + attribute :source_version, kind_of: String, default: nil + + # used by linux package providers + attribute :package_name, kind_of: String, default: nil + attribute :package_version, kind_of: String, default: nil + attribute :package_action, kind_of: Symbol, default: :install + + # used by OSX package providers + attribute :osx_dmg_app_name, kind_of: String, default: 'git-1.9.5-intel-universal-snow-leopard' + attribute :osx_dmg_package_id, kind_of: String, default: 'GitOSX.Installer.git195.git.pkg' + attribute :osx_dmg_volumes_dir, kind_of: String, default: 'Git 1.9.5 Snow Leopard Intel Universal' + attribute :osx_dmg_url, kind_of: String, default: 'http://sourceforge.net/projects/git-osx-installer/files/git-1.9.5-intel-universal-snow-leopard.dmg/download' + attribute :osx_dmg_checksum, kind_of: String, default: '61b8a9fda547725f6f0996c3d39a62ec3334e4c28a458574bc2aea356ebe94a1' # 1.9.5 + + # used by Windows providers + attribute :windows_display_name, kind_of: String, default: nil + attribute :windows_package_url, kind_of: String, default: nil + attribute :windows_package_checksum, kind_of: String, default: nil + attribute :windows_package_version, kind_of: String, default: nil + end + end +end diff --git a/berks-cookbooks/git/libraries/resource_git_service.rb b/berks-cookbooks/git/libraries/resource_git_service.rb new file mode 100644 index 00000000..a1f23431 --- /dev/null +++ b/berks-cookbooks/git/libraries/resource_git_service.rb @@ -0,0 +1,16 @@ +require 'chef/resource/lwrp_base' + +class Chef + class Resource + class GitService < Chef::Resource::LWRPBase + self.resource_name = :git_service + actions :create + default_action :create + + provides :git_service + + # used by the service xinetd provider + attribute :service_base_path, kind_of: String, default: '/srv/git' + end + end +end diff --git a/berks-cookbooks/git/libraries/z_provider_mapping.rb b/berks-cookbooks/git/libraries/z_provider_mapping.rb new file mode 100644 index 00000000..b636a7e0 --- /dev/null +++ b/berks-cookbooks/git/libraries/z_provider_mapping.rb @@ -0,0 +1,16 @@ +# provider mappings for Chef 11 + +######### +# client +######### +Chef::Platform.set platform: :amazon, resource: :git_client, provider: Chef::Provider::GitClient::Package +Chef::Platform.set platform: :centos, resource: :git_client, provider: Chef::Provider::GitClient::Package +Chef::Platform.set platform: :debian, resource: :git_client, provider: Chef::Provider::GitClient::Package +Chef::Platform.set platform: :fedora, resource: :git_client, provider: Chef::Provider::GitClient::Package +Chef::Platform.set platform: :mac_os_x, resource: :git_client, provider: Chef::Provider::GitClient::Osx +Chef::Platform.set platform: :redhat, resource: :git_client, provider: Chef::Provider::GitClient::Package +Chef::Platform.set platform: :scientific, resource: :git_client, provider: Chef::Provider::GitClient::Package +Chef::Platform.set platform: :smartos, resource: :git_client, provider: Chef::Provider::GitClient::Package +Chef::Platform.set platform: :solaris2, resource: :git_client, provider: Chef::Provider::GitClient::Package +Chef::Platform.set platform: :suse, resource: :git_client, provider: Chef::Provider::GitClient::Package +Chef::Platform.set platform: :ubuntu, resource: :git_client, provider: Chef::Provider::GitClient::Package diff --git a/berks-cookbooks/git/metadata.json b/berks-cookbooks/git/metadata.json index 0e647ca6..30d4cb56 100644 --- a/berks-cookbooks/git/metadata.json +++ b/berks-cookbooks/git/metadata.json @@ -1,72 +1 @@ -{ - "name": "git", - "version": "4.1.0", - "description": "Installs git and/or sets up a Git server daemon", - "long_description": "Description\n===========\n\nInstalls git and optionally sets up a git server as a daemon under runit.\n\nRequirements\n============\n## Ohai and Chef:\n\n* Ohai: 6.14.0+\n\nThis cookbook makes use of `node['platform_family']` to simplify platform\nselection logic. This attribute was introduced in Ohai v0.6.12.\n\n## Platform:\n\nThe following platform families are supported:\n\n* Debian\n* Arch\n* RHEL\n* Fedora\n* FreeBSD (client only)\n* Mac OS X (10.6.0+)\n* Windows\n\n## Cookbooks:\n\n* runit (for `git::server`)\n* build-essential (for `git::source`)\n* dmg (for OS X installation)\n* yum (for RHEL 5 installation)\n\n### Windows Dependencies\nThe [`windows_package`](https://github.com/opscode-cookbooks/windows#windows_package) resource from the Windows cookbook is required to\ninstall the git package on Windows.\n\n## Attributes\n\n### default\nThe following attributes are platform-specific.\n\n#### Windows\n\n* `node['git']['version']` - git version to install\n* `node['git']['url']` - URL to git package\n* `node['git']['checksum']` - package SHA256 checksum\n* `node['git']['display_name']` - `windows_package` resource Display Name (makes the package install idempotent)\n\n#### Mac OS X\n\n* `node['git']['osx_dmg']['url']` - URL to git package\n* `node['git']['osx_dmg']['checksum']` - package SHA256 checksum\n\n#### Linux\n\n* `node['git']['prefix']` - git install directory\n* `node['git']['version']` - git version to install\n* `node['git']['url']` - URL to git tarball\n* `node['git']['checksum']` - tarball SHA256 checksum\n\nRecipes\n=======\n\n## default\n\nInstalls base git packages based on platform.\n\n## server\n\nSets up a git daemon to provide a server.\n\n## source\n\nInstalls git from source.\n\n## windows\n\nInstalls git client on Windows\n\nUsage\n=====\n\n\nThis cookbook primarily installs git core packages. It can also be\nused to serve git repositories.\n\nTo install git client (all supported platforms):\n\n include_recipe 'git'\n\nTo install git server:\n\n include_recipe \"git::server\"\n\nThis creates the directory specified by git/server/base_path (default is /srv/git)\nand starts a git daemon, exporting all repositories found. Repositories need to be\nadded manually, but will be available once they are created.\n\nLicense and Author\n==================\n\n- Author:: Joshua Timberman ()\n- Copyright:: 2009-2014, Chef Software, Inc.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n", - "maintainer": "Chef Software, Inc.", - "maintainer_email": "cookbooks@opscode.com", - "license": "Apache 2.0", - "platforms": { - "amazon": ">= 0.0.0", - "arch": ">= 0.0.0", - "centos": ">= 0.0.0", - "debian": ">= 0.0.0", - "fedora": ">= 0.0.0", - "freebsd": ">= 0.0.0", - "mac_os_x": ">= 10.6.0", - "omnios": ">= 0.0.0", - "oracle": ">= 0.0.0", - "redhat": ">= 0.0.0", - "smartos": ">= 0.0.0", - "scientific": ">= 0.0.0", - "ubuntu": ">= 0.0.0", - "windows": ">= 0.0.0" - }, - "dependencies": { - "build-essential": ">= 0.0.0", - "dmg": ">= 0.0.0", - "runit": ">= 1.0", - "windows": ">= 0.0.0", - "yum": "~> 3.0", - "yum-epel": ">= 0.0.0" - }, - "recommendations": { - }, - "suggestions": { - }, - "conflicting": { - }, - "providing": { - }, - "replacing": { - }, - "attributes": { - "git/server/base_path": { - "display_name": "Git Daemon Base Path", - "description": "A directory containing git repositories to be exposed by the git-daemon", - "default": "/srv/git", - "recipes": [ - "git::server" - ] - }, - "git/server/export_all": { - "display_name": "Git Daemon Export All", - "description": "Adds the --export-all option to the git-daemon parameters, making all repositories publicly readable even if they lack the 'git-daemon-export-ok' file", - "choice": [ - "true", - "false" - ], - "default": "true", - "recipes": [ - "git::server" - ] - } - }, - "groupings": { - }, - "recipes": { - "git": "Installs git", - "git::server": "Sets up a runit_service for git daemon", - "git::source": "Installs git from source" - } -} \ No newline at end of file +{"name":"git","version":"4.3.4","description":"Installs git and/or sets up a Git server daemon","long_description":"Git Cookbook\n============\n\nInstalls git_client from package or source.\nOptionally sets up a git service under xinetd.\n\nScope\n-----\nThis cookbook is concerned with the Git SCM utility. It does not\naddress ecosystem tooling or related projects.\n\nRequirements\n------------\n- Chef 11 or higher\n- Ruby 1.9 or higher (preferably from the Chef full-stack installer)\n- Network accessible package repositories or a web server hosting source tarballs.\n\nPlatform Support\n----------------\nThe following platforms have been tested with Test Kitchen:\n\n```\n|--------------+-------|\n| centos-5 | X |\n|--------------+-------|\n| centos-6 | X |\n|--------------+-------|\n| centos-7 | X |\n|--------------+-------|\n| fedora-21 | X |\n|--------------+-------|\n| debian-7.0 | X |\n|--------------+-------|\n| ubuntu-12.04 | X |\n|--------------+-------|\n| ubuntu-14.04 | X |\n|--------------+-------|\n| ubuntu-15.04 | X |\n|--------------+-------|\n```\n\nCookbook Dependencies\n---------------------\n- depends 'build-essential' - For compiling from source\n- depends 'dmg' - For OSX Support\n- depends 'windows' - For Windows support\n- depends 'yum-epel' - For older RHEL platform_family support\n\nUsage\n-----\n- Add `git::default`, `git::source`, of `git::windows` to your run_list\nOR\n- Add ```depends 'git', '~> 4.3'``` to your cookbook's metadata.rb\n- include_recipe one of the recipes from your cookbook\nOR\n- Use the git_client resource directly, the same way you'd use core\n Chef resources (file, template, directory, package, etc).\n\nResources Overview\n------------------\n- `git_client`: Manages a Git client installation on a machine. Acts\n as a singleton when using the (default) package provider. Source\n provider available as well.\n\n- `git_service`: Sets up a Git service via xinetd. WARNING: This is\n insecure and will probably be removed in the future\n\n### git_client\n\nThe `git_client` resource manages the installation of a Git client on\na machine.\n\n#### Example\n```\ngit_client 'default' do\n action :install\nend\n```\n\n#### Properties\nCurrently, there are distinct sets of resource properties, used by the\nproviders for source, package, osx, and windows. \n\n# used by linux package providers\n- `package_name` - Package name to install on Linux machines. Defaults to a calculated value based on platform.\n- `package_version` - Defaults to nil.\n- `package_action` - Defaults to `:install`\n\n# used by source providers\n- `source_prefix` - Defaults to '/usr/local'\n- `source_url` - Defaults to a calculated URL based on source_version\n- `source_version` - Defaults to 1.9.5\n- `source_use_pcre` - configure option for build. Defaults to false\n- `source_checksum` - Defaults to a known value for the 1.9.5 source tarball\n\n# used by OSX package providers\n- `osx_dmg_app_name` - Defaults to 'git-1.9.5-intel-universal-snow-leopard'\n- `osx_dmg_package_id` - Defaults to 'GitOSX.Installer.git195.git.pkg'\n- `osx_dmg_volumes_dir` - Defaults to 'Git 1.9.5 Snow Leopard Intel Universal'\n- `osx_dmg_url` - Defaults to Sourceforge\n- `osx_dmg_checksum` - Defaults to the value for 1.9.5\n\n# used by the Windows package providers\n- `windows_display_name` - Windows display name\n- `windows_package_url` - Defaults to the Internet\n- `windows_package_checksum` - Defaults to the value for 1.9.5\n\nRecipes\n-------\nThis cookbook ships with ready to use, attribute driven recipes that utilize the\n`git_client` and `git_service` resources. As of cookbook 4.x, they utilize the same\nattributes layout scheme from the 3.x. Due to some overlap, it is currently\nimpossible to simultaneously install the Git client as a package and\nfrom source by using the \"manipulate a the node attributes and run a\nrecipe\" technique. If you need both, you'll need to utilize the\ngit_client resource in a recipe.\n\nAttributes\n----------\n#### Windows\n\n* `node['git']['version']` - git version to install\n* `node['git']['url']` - URL to git package\n* `node['git']['checksum']` - package SHA256 checksum\n* `node['git']['display_name']` - `windows_package` resource Display Name (makes the package install idempotent)\n\n#### Mac OS X\n\n* `node['git']['osx_dmg']['url']` - URL to git package\n* `node['git']['osx_dmg']['checksum']` - package SHA256 checksum\n\n#### Linux\n\n* `node['git']['prefix']` - git install directory\n* `node['git']['version']` - git version to install\n* `node['git']['url']` - URL to git tarball\n* `node['git']['checksum']` - tarball SHA256 checksum\n* `node['git']['use_pcre']` - if true, builds git with PCRE enabled\n\nLicense and Author\n==================\n\n- Author:: Joshua Timberman ()\n- Author:: Sean OMeara ()\n- Copyright:: 2009-2015, Chef Software, Inc.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache 2.0","platforms":{"amazon":">= 0.0.0","arch":">= 0.0.0","centos":">= 0.0.0","debian":">= 0.0.0","fedora":">= 0.0.0","freebsd":">= 0.0.0","mac_os_x":">= 10.6.0","omnios":">= 0.0.0","oracle":">= 0.0.0","redhat":">= 0.0.0","smartos":">= 0.0.0","scientific":">= 0.0.0","ubuntu":">= 0.0.0","windows":">= 0.0.0"},"dependencies":{"build-essential":">= 0.0.0","dmg":">= 0.0.0","windows":">= 0.0.0","yum-epel":">= 0.0.0"},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{"git/server/base_path":{"display_name":"Git Daemon Base Path","description":"A directory containing git repositories to be exposed by the git-daemon","default":"/srv/git","recipes":["git::server"]},"git/server/export_all":{"display_name":"Git Daemon Export All","description":"Adds the --export-all option to the git-daemon parameters, making all repositories publicly readable even if they lack the 'git-daemon-export-ok' file","choice":["true","false"],"default":"true","recipes":["git::server"]}},"groupings":{},"recipes":{"git":"Installs git","git::server":"Sets up a runit_service for git daemon","git::source":"Installs git from source"}} \ No newline at end of file diff --git a/berks-cookbooks/git/providers/config.rb b/berks-cookbooks/git/providers/config.rb index 78cbc4a5..c99d3394 100644 --- a/berks-cookbooks/git/providers/config.rb +++ b/berks-cookbooks/git/providers/config.rb @@ -6,14 +6,14 @@ def whyrun_supported? action :set do if @current_resource.exists - Chef::Log.info "#{ @new_resource } already exists - nothing to do." + Chef::Log.info "#{@new_resource} already exists - nothing to do." else execute "#{config_cmd} #{new_resource.key} \"#{new_resource.value}\"" do cwd new_resource.path user new_resource.user group new_resource.user environment cmd_env - Chef::Log.info "#{ @new_resource } created." + Chef::Log.info "#{@new_resource} created." end end end @@ -39,7 +39,7 @@ def cmd_env def config cmd = [config_cmd, new_resource.key].join(' ') - git_config = Mixlib::ShellOut.new(cmd, :user => new_resource.user, :group => new_resource.user, :cwd => new_resource.path, :env => cmd_env) + git_config = Mixlib::ShellOut.new(cmd, user: new_resource.user, group: new_resource.user, cwd: new_resource.path, env: cmd_env) Chef::Log.debug("Current config cmd: #{git_config.inspect}") git_config.run_command.stdout.chomp end diff --git a/berks-cookbooks/git/recipes/default.rb b/berks-cookbooks/git/recipes/default.rb index 296ef17b..3ef3ad7e 100644 --- a/berks-cookbooks/git/recipes/default.rb +++ b/berks-cookbooks/git/recipes/default.rb @@ -2,7 +2,7 @@ # Cookbook Name:: git # Recipe:: default # -# Copyright 2008-2014, Chef Software, Inc. +# Copyright 2008-2015, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,38 +16,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -case node['platform_family'] -when 'debian' - if node['platform'] == 'ubuntu' && node['platform_version'].to_f < 10.10 - package 'git-core' - else - package 'git' - end -when 'rhel', 'fedora' - case node['platform_version'].to_i - when 5 - include_recipe 'yum-epel' - end - package 'git' -when 'windows' - include_recipe 'git::windows' -when 'mac_os_x' - dmg_package 'GitOSX-Installer' do - app node['git']['osx_dmg']['app_name'] - package_id node['git']['osx_dmg']['package_id'] - volumes_dir node['git']['osx_dmg']['volumes_dir'] - source node['git']['osx_dmg']['url'] - checksum node['git']['osx_dmg']['checksum'] - type 'pkg' - action :install - end -else - package 'git' do - package_name case node['platform'] - when 'omnios' - 'developer/versioning/git' - when 'smartos' - 'scmgit' - end - end -end +include_recipe 'git::package' diff --git a/berks-cookbooks/git/recipes/package.rb b/berks-cookbooks/git/recipes/package.rb new file mode 100644 index 00000000..fea80de5 --- /dev/null +++ b/berks-cookbooks/git/recipes/package.rb @@ -0,0 +1,35 @@ +# +# Cookbook Name:: git +# Recipe:: package +# +# Copyright 2008-2015, Chef Software, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +case node['platform'] +when 'mac_os_x' + # FIXME: The resource has three distinct groups of properties used in + # different providers... should we make multiple resource types instead? + git_client 'default' do + osx_dmg_app_name node['git']['osx_dmg']['app_name'] + osx_dmg_package_id node['git']['osx_dmg']['package_id'] + osx_dmg_volumes_dir node['git']['osx_dmg']['volumes_dir'] + osx_dmg_url node['git']['osx_dmg']['url'] + osx_dmg_checksum node['git']['osx_dmg']['checksum'] + action :install + end +else + git_client 'default' do + action :install + end +end diff --git a/berks-cookbooks/git/recipes/server.rb b/berks-cookbooks/git/recipes/server.rb index a465f5b1..213b7dbd 100644 --- a/berks-cookbooks/git/recipes/server.rb +++ b/berks-cookbooks/git/recipes/server.rb @@ -16,41 +16,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -return "#{node['platform']} is not supported by the #{cookbook_name}::#{recipe_name} recipe" if node['platform'] == 'windows' - -include_recipe 'git' - -directory node['git']['server']['base_path'] do - owner 'root' - group 'root' - mode '0755' -end - -case node['platform_family'] -when 'debian' - package 'xinetd' -when 'rhel' - package 'git-daemon' -else - log 'Platform requires setting up a git daemon service script.' - log "Hint: /usr/bin/git daemon --export-all --user=nobody --group=daemon --base-path=#{node['git']['server']['base_path']}" - return -end - -template '/etc/xinetd.d/git' do - backup false - source 'git-xinetd.d.erb' - owner 'root' - group 'root' - mode '0644' - variables( - :git_daemon_binary => value_for_platform_family( - 'debian' => '/usr/lib/git-core/git-daemon', - 'rhel' => '/usr/libexec/git-core/git-daemon' - ) - ) -end - -service 'xinetd' do - action [:enable, :restart] +git_service 'default' do + service_base_path node['git']['server']['base_path'] + action :create end diff --git a/berks-cookbooks/git/recipes/source.rb b/berks-cookbooks/git/recipes/source.rb index 2c1657bd..87c96ea0 100644 --- a/berks-cookbooks/git/recipes/source.rb +++ b/berks-cookbooks/git/recipes/source.rb @@ -16,46 +16,13 @@ # See the License for the specific language governing permissions and # limitations under the License. -return "#{node['platform']} is not supported by the #{cookbook_name}::#{recipe_name} recipe" if node['platform'] == 'windows' - -include_recipe 'build-essential' -include_recipe 'yum-epel' if node['platform_family'] == 'rhel' && node['platform_version'].to_i < 6 - -# move this to attributes. -case node['platform_family'] -when 'fedora' - pkgs = %w{ openssl-devel libcurl-devel expat-devel perl-ExtUtils-MakeMaker } -when 'rhel' - case node['platform_version'].to_i - when 5 - pkgs = %w{ expat-devel gettext-devel curl-devel openssl-devel zlib-devel } - when 6, 7 - pkgs = %w{ expat-devel gettext-devel libcurl-devel openssl-devel perl-ExtUtils-MakeMaker zlib-devel } - else - pkgs = %w{ expat-devel gettext-devel curl-devel openssl-devel perl-ExtUtils-MakeMaker zlib-devel } if node['platform'] == 'amazon' - end -when 'debian' - pkgs = %w{ libcurl4-gnutls-dev libexpat1-dev gettext libz-dev libssl-dev } -end - -pkgs.each do |pkg| - package pkg -end - -# reduce line-noise-eyness -remote_file "#{Chef::Config['file_cache_path']}/git-#{node['git']['version']}.tar.gz" do - source node['git']['url'] - checksum node['git']['checksum'] - mode '0644' - not_if "test -f #{Chef::Config['file_cache_path']}/git-#{node['git']['version']}.tar.gz" -end - -# reduce line-noise-eyness -execute "Extracting and Building Git #{node['git']['version']} from Source" do - cwd Chef::Config['file_cache_path'] - command <<-COMMAND - (mkdir git-#{node['git']['version']} && tar -zxf git-#{node['git']['version']}.tar.gz -C git-#{node['git']['version']} --strip-components 1) - (cd git-#{node['git']['version']} && make prefix=#{node['git']['prefix']} install) - COMMAND - not_if "git --version | grep #{node['git']['version']}" +# drive version from node attributes +git_client 'default' do + provider Chef::Provider::GitClient::Source + source_checksum node['git']['checksum'] + source_prefix node['git']['prefix'] + source_url node['git']['url'] + source_use_pcre node['git']['use_pcre'] + source_version node['git']['version'] + action :install end diff --git a/berks-cookbooks/git/recipes/windows.rb b/berks-cookbooks/git/recipes/windows.rb index 97b27d97..9ec58900 100644 --- a/berks-cookbooks/git/recipes/windows.rb +++ b/berks-cookbooks/git/recipes/windows.rb @@ -16,29 +16,9 @@ # See the License for the specific language governing permissions and # limitations under the License. -windows_package node['git']['display_name'] do +git_client 'default' do + windows_display_name node['windows']['display_name'] + windows_package_url node['windows']['url'] + windows_package_checksum node['windows']['checksum'] action :install - source node['git']['url'] - checksum node['git']['checksum'] - installer_type :inno -end - -# Git is installed to Program Files (x86) on 64-bit machines and -# 'Program Files' on 32-bit machines -PROGRAM_FILES = ENV['ProgramFiles(x86)'] || ENV['ProgramFiles'] -GIT_PATH = "#{ PROGRAM_FILES }\\Git\\Cmd" - -# COOK-3482 - windows_path resource doesn't change the current process -# environment variables. Therefore, git won't actually be on the PATH -# until the next chef-client run -ruby_block 'Add Git Path' do - block do - ENV['PATH'] += ";#{GIT_PATH}" - end - action :nothing -end - -windows_path GIT_PATH do - action :add - notifies :create, 'ruby_block[Add Git Path]', :immediately end diff --git a/berks-cookbooks/git/resources/config.rb b/berks-cookbooks/git/resources/config.rb index 95984ce9..8aaa2b77 100644 --- a/berks-cookbooks/git/resources/config.rb +++ b/berks-cookbooks/git/resources/config.rb @@ -1,11 +1,11 @@ actions :set default_action :set -attribute :key, :kind_of => String, :name_attribute => true -attribute :value, :kind_of => String, :required => true -attribute :scope, :equal_to => %w(local global system), :default => 'global' -attribute :path, :kind_of => String -attribute :user, :kind_of => String -attribute :options, :kind_of => String +attribute :key, kind_of: String, name_attribute: true +attribute :value, kind_of: String, required: true +attribute :scope, equal_to: %w(local global system), default: 'global' +attribute :path, kind_of: String +attribute :user, kind_of: String +attribute :options, kind_of: String attr_accessor :exists diff --git a/berks-cookbooks/homebrew/CHANGELOG.md b/berks-cookbooks/homebrew/CHANGELOG.md new file mode 100644 index 00000000..248367a5 --- /dev/null +++ b/berks-cookbooks/homebrew/CHANGELOG.md @@ -0,0 +1,146 @@ +homebrew Cookbook CHANGELOG +=========================== +This file is used to list changes made in each version of the homebrew cookbook. + +v1.13.0 (2015-06-23) +-------------------- + +- #72 Massage Chef12HomebrewUser.find_homebrew_uid into username +- #69 Add options to cask + +v1.12.0 (2015-01-29) +-------------------- + +- #67 Add attribute and recipe for installing homebrew taps + +v1.11.0 (2015-01-12) +-------------------- + +- #59 Update Homebrew Cask if auto-update attribute is true +- #52 Manage Homebrew Cask's install directories +- #56 Fix check for existing casks +- #61 Fix owner class for Chef 12 +- Depend on build-essential cookbook 2.1.2+ to support OS X 10.10 +- #64, #66 add and fix ChefSpec tests for default recipe + +v1.10.0 (2014-12-09) +-------------------- + +- #55 This cookbook no longer sets its `homebrew_package` as the + `package` provider for OS X when running under Chef 12 +- List CHEF as the maintainer instead of Chef. + +v1.9.2 (2014-10-09) +------------------- + +Bug Fixes: + +- #57 Update url per homebrew error: Upstream, the homebrew project + has changed the URL for the installation script. All users of this + cookbook are advised to update to this version. + +v1.9.0 (2014-07-29) +------------------- + +Improvements: + +- #35 Modernize the cask provider (use why run mode, inline resources) +- #43 Use `brew cask list` to determine if casks are installed +- #45 Add `default_action` and print warning messages on earlier + versions of Chef (10.10) + +New Features: + +- #44 Add `:install` and `:uninstall` actions and alias previous `:cask`, + `:uncask` actions to them + +Bug Fixes: + +- #27 Fix name for taps adding the `/homebrew` prefix +- #28 Set `RUBYOPT` to `nil` so Chef can execute in a bundle (bundler + sets `RUBYOPT` and this can cause issues when running the + underlying `brew` commands) +- #40 Fix regex for cask to match current homebrew conventions +- #42 Fix attribute for list of formulas to match the README and + maintain backward compat for 6 day old version + +v1.8.0 (2014-07-23) +------------------- +- Add recipes to install an array of formulas/casks + +v1.7.2 (2014-06-26) +------------------- +- Implement attribute to control auto-update + + +v1.7.0 (2014-06-26) +------------------- +#38 - Add homebrew::cask recipe + + +v1.6.6 (2014-05-29) +------------------- +- [COOK-3283] Use homebrew_owner for cask and tap +- [COOK-4670] homebrew_tap provider is not idempotent +- [COOK-4671] Syntax Error in README + + +v1.6.4 (2014-05-08) +------------------- +- Fixing cask provider correctly this time. "brew cask list" + + +v1.6.2 (2014-05-08) +------------------- +- Fixing typo in cask provider: 's/brew brew/brew/' + + +v1.6.0 (2014-04-23) +------------------- +- [COOK-3960] Added LWRP for brew cask +- [COOK-4508] Add ChefSpec matchers for homebrew_tap +- [COOK-4566] Guard against "HEAD only" formulae + + +v1.5.4 +------ +- [COOK-4023] Fix installer script's URL. +- Fixing up style for rubocop + + +v1.5.2 +------ +- [COOK-3825] setting $HOME on homebrew_package + + +v1.5.0 +------ +### Bug +- **[COOK-3589](https://tickets.chef.io/browse/COOK-3589)** - Add homebrew as the default package manager on OS X Server + +v1.4.0 +------ +### Bug +- **[COOK-3283](https://tickets.chef.io/browse/COOK-3283)** - Support running homebrew cookbook as root user, with sudo, or a non-privileged user + +v1.3.2 +------ +- [COOK-1793] - use homebrew "go" script to install homebrew +- [COOK-1821] - Discovered version using Homebrew Formula factory fails check that verifies that version is a String +- [COOK-1843] - Homebrew README.md contains non-ASCII characters, triggering same issue as COOK-522 + +v1.3.0 +------ +- [COOK-1425] - use new json output format for formula +- [COOK-1578] - Use shell_out! instead of popen4 + +v1.2.0 +------ +Chef Software has taken maintenance of this cookbook as the original author has other commitments. This is the initial release with Chef Software as maintainer. + +Changes in this release: + +- [pull/2] - support for option passing to brew +- [pull/3] - add brew upgrade and control return value from command +- [pull/9] - added LWRP for "brew tap" +- README is now markdown, not rdoc. diff --git a/berks-cookbooks/homebrew/README.md b/berks-cookbooks/homebrew/README.md new file mode 100644 index 00000000..59d4c938 --- /dev/null +++ b/berks-cookbooks/homebrew/README.md @@ -0,0 +1,167 @@ +# Homebrew Cookbook + +This cookbook installs [Homebrew](http://mxcl.github.com/homebrew/) and under Chef 11 and earlier versions, its package provider replaces MacPorts as the *default package provider* for the package resource on OS X systems. + +This cookbook is maintained by CHEF. The original author, maintainer and copyright holder is Graeme Mathieson. The cookbook remains licensed under the Apache License version 2. + +[Original blog post by Graeme](http://woss.name/2011/01/23/converging-your-home-directory-with-chef/) + +# Requirements + +Chef 12: The package provider is not necessary on Chef 12, as the default [OS X package provider](https://github.com/chef/chef-rfc/blob/master/rfc016-homebrew-osx-package-provider.md) is homebrew. + +Chef <= 11: The package provider will be set as the default provider for OS X. + +## Prerequisites + +In order for this recipe to work, your userid must own `/usr/local`. This is outside the scope of the cookbook because it's possible that you'll run the cookbook as your own user, not root and you'd have to be root to take ownership of the directory. Easiest way to get started: + +```bash +sudo chown -R `whoami`:staff /usr/local +``` + +Bear in mind that this will take ownership of the entire folder and its contents, so if you've already got stuff in there (eg MySQL owned by a `mysql` user) you'll need to be a touch more careful. This is a recommendation from the Homebrew project. + +**Note** This cookbook *only* supports installing in `/usr/local`. While the Homebrew project itself allows for alternative installations, this cookbook doesn't. + +## Platform + +- Mac OS X (10.6+) + +The only platform supported by Homebrew itself at the time of this writing is Mac OS X. It should work fine on Server edition as well, and on platforms that Homebrew supports in the future. + +## Cookbooks + +- build-essential: homebrew itself doesn't work well if XCode is not installed. + +# Attributes + +- `node['homebrew']['owner']` - The user that will own the Homebrew installation and packages. Setting this will override the default behavior which is to use the non-privileged user that has invoked the Chef run (or the `SUDO_USER` if invoked with sudo). The default is `nil`. +- `node['homebrew']['auto-update']` - Whether the default recipe should automatically update homebrew each run or not. The default is `true` to maintain compatibility. Set to false or nil to disable. Note that disabling this feature may cause formula to not work. +- `node['homebrew']['formulas']` - An Array of formula that should be installed using homebrew by default, used only in the `homebrew::install_formulas` recipe. +- `node['homebrew']['casks']` - An Array of casks that should be installed using brew cask by default, used only in the `homebrew::install_casks` recipe. +- `node['homebrew']['taps']` - An Array of taps that should be installed using brew tap by default, used only in the `homebrew::install_taps` recipe. + +# Resources and Providers + +This cookbook includes a package resource provider to use homebrew. Under Chef 12+, this is not necessary, and the code doesn't actually get used on Chef 12+. This was preserved to maintain backwards compatiblity with older versions of Chef. + +## package / homebrew\_package + +This cookbook provides a package provider called `homebrew_package` which will install/remove packages using Homebrew. This becomes the default provider for `package` if your platform is Mac OS X. + +As this extends the built-in package resource/provider in Chef, it has all the resource attributes and actions available to the package resource. However, a couple notes: + +- Homebrew itself doesn't have a notion of "upgrade" per se. The "upgrade" action will simply perform an install, and if the Homebrew Formula for the package is newer, it will upgrade. +- Likewise, Homebrew doesn't have a purge, but the "purge" action will act like "remove". + +#### Examples + +```ruby +package 'mysql' do + action :install +end + +homebrew_package 'mysql' + +package 'mysql' do + provider Chef::Provider::Package::Homebrew +end + +package 'wireshark' do + options '--with-qt --devel' +end +``` + +### homebrew\_tap + +LWRP for `brew tap`, a Homebrew command used to add additional formula repositories. From the `brew` man page: + +```text +tap [tap] + Tap a new formula repository from GitHub, or list existing taps. + + tap is of the form user/repo, e.g. brew tap homebrew/dupes. +``` + +Default action is `:tap` which enables the repository. Use `:untap` to disable a tapped repository. + +#### Examples + +```ruby +homebrew_tap 'homebrew/dupes' + +homebrew_tap 'homebrew/dupes' do + action :untap +end +``` + +## homebrew\_cask + +LWRP for `brew cask`, a Homebrew-style CLI workflow for the administration +of Mac applications distributed as binaries. It's implemented as a homebrew +"external command" called cask. + +[homebrew-cask on GitHub](https://github.com/caskroom/homebrew-cask) + +### Prerequisites + +You must have the homebrew-cask repository tapped. + +```ruby +homebrew_tap 'caskroom/cask' +``` + +And then install the homebrew cask package before using this LWRP. + +```ruby +package "brew-cask" do + action :install + end +``` + +You can include the `homebrew::cask` recipe to do this. + +### Examples + +```ruby +homebrew_cask "google-chrome" + +homebrew_cask "google-chrome" do + action :uncask +end +``` + +Default action is `:cask` which installs the Application binary . Use `:uncask` to +uninstall a an Application. + +[View the list of available Casks](https://github.com/caskroom/homebrew-cask/tree/master/Casks) + +# Usage + +We strongly recommend that you put "recipe[homebrew]" in your node's run list, to ensure that it is available on the system and that Homebrew itself gets installed. Putting an explicit dependency in the metadata will cause the cookbook to be downloaded and the library loaded, thus resulting in changing the package provider on Mac OS X, so if you have systems you want to use the default (Mac Ports), they would be changed to Homebrew. + +The default recipe also ensures that Homebrew is installed and up to date if the auto update attribute (above) is true (default). + +# License and Authors + +- Author:: Graeme Mathieson () +- Author:: Joshua Timberman () + +```text +Copyright:: 2011, Graeme Mathieson +Copyright:: 2012, Chef Software, Inc +Copyright:: 2014-2015, Chef Software, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); you may +not use this file except in compliance with the License. You may obtain +a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +``` diff --git a/berks-cookbooks/logrotate/recipes/default.rb b/berks-cookbooks/homebrew/attributes/default.rb similarity index 57% rename from berks-cookbooks/logrotate/recipes/default.rb rename to berks-cookbooks/homebrew/attributes/default.rb index 34862717..06d2380d 100644 --- a/berks-cookbooks/logrotate/recipes/default.rb +++ b/berks-cookbooks/homebrew/attributes/default.rb @@ -1,8 +1,10 @@ # -# Cookbook Name:: logrotate -# Recipe:: default +# Author:: Joshua Timberman () +# Author:: Graeme Mathieson () +# Cookbook Name:: homebrew +# Attributes:: default # -# Copyright 2009-2013, Chef Software, Inc. +# Copyright 2011-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,19 +19,8 @@ # limitations under the License. # -package 'logrotate' - -directory "/etc/logrotate.d" do - owner "root" - group "root" - mode "0755" - action :create -end - -if platform? "solaris2" # ~FC023 style preference - cron "logrotate" do - minute "35" - hour "7" - command "/usr/sbin/logrotate /etc/logrotate.conf" - end -end +default['homebrew']['owner'] = nil +default['homebrew']['auto-update'] = true +default['homebrew']['casks'] = [] +default['homebrew']['formulas'] = node['homebrew']['formula'] || [] +default['homebrew']['taps'] = [] diff --git a/berks-cookbooks/homebrew/libraries/homebrew_mixin.rb b/berks-cookbooks/homebrew/libraries/homebrew_mixin.rb new file mode 100644 index 00000000..2d8eda47 --- /dev/null +++ b/berks-cookbooks/homebrew/libraries/homebrew_mixin.rb @@ -0,0 +1,67 @@ +# +# Author:: Joshua Timberman () +# Author:: Graeme Mathieson () +# Cookbook Name:: homebrew +# Libraries:: homebrew_mixin +# +# Copyright 2011-2013, Chef Software, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Include the mixin from Chef 12 if its defined, when we get to the +# #homebrew_owner method below... +class Chef12HomebrewUser + include Chef::Mixin::HomebrewUser if defined?(Chef::Mixin::HomebrewUser) +end + +module Homebrew + # Homebrew + module Mixin + def homebrew_owner + if defined?(Chef::Mixin::HomebrewUser) + begin + require 'etc' + @homebrew_owner ||= ::Etc.getpwuid(Chef12HomebrewUser.new.find_homebrew_uid).name + rescue Chef::Exceptions::CannotDetermineHomebrewOwner + @homebrew_owner ||= calculate_owner + end + else + @homebrew_owner ||= calculate_owner + end + end + + private + + def calculate_owner + owner = homebrew_owner_attr || sudo_user || current_user + if owner == 'root' + fail Chef::Exceptions::User, + "Homebrew owner is 'root' which is not supported. " + + "To set an explicit owner, please set node['homebrew']['owner']." + end + owner + end + + def homebrew_owner_attr + node['homebrew']['owner'] + end + + def sudo_user + ENV['SUDO_USER'] + end + + def current_user + ENV['USER'] + end + end +end diff --git a/berks-cookbooks/homebrew/libraries/homebrew_package.rb b/berks-cookbooks/homebrew/libraries/homebrew_package.rb new file mode 100644 index 00000000..859ae883 --- /dev/null +++ b/berks-cookbooks/homebrew/libraries/homebrew_package.rb @@ -0,0 +1,115 @@ +# +# Author:: Joshua Timberman () +# Author:: Graeme Mathieson () +# Cookbook Name:: homebrew +# Libraries:: homebrew_package +# +# Copyright 2011-2013, Chef Software, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# cookbook libraries are unconditionally included if the cookbook is +# present on a node. This approach should avoid creating this class if +# the node already has Chef::Provider::Package::Homebrew, such as with +# Chef 12. +# https://github.com/chef/chef-rfc/blob/master/rfc016-homebrew-osx-package-provider.md +unless defined?(Chef::Provider::Package::Homebrew) && Chef::Platform.find('mac_os_x', nil)[:package] == Chef::Provider::Package::Homebrew + require 'chef/provider/package' + require 'chef/resource/package' + require 'chef/platform' + require 'chef/mixin/shell_out' + + class Chef + class Provider + class Package + # Package + class Homebrew < Package + # Homebrew packagex + include Chef::Mixin::ShellOut + include ::Homebrew::Mixin + + def load_current_resource + @current_resource = Chef::Resource::Package.new(@new_resource.name) + @current_resource.package_name(@new_resource.package_name) + @current_resource.version(current_installed_version) + + @current_resource + end + + def install_package(name, version) + brew('install', @new_resource.options, name) + end + + def upgrade_package(name, version) + brew('upgrade', name) + end + + def remove_package(name, version) + brew('uninstall', @new_resource.options, name) + end + + # Homebrew doesn't really have a notion of purging, so just remove. + def purge_package(name, version) + @new_resource.options = ((@new_resource.options || '') << ' --force').strip + remove_package(name, version) + end + + protected + + def brew(*args) + get_response_from_command("brew #{args.join(' ')}") + end + + def current_installed_version + pkg = get_version_from_formula + versions = pkg.to_hash['installed'].map { |v| v['version'] } + versions.join(' ') unless versions.empty? + end + + def candidate_version + pkg = get_version_from_formula + pkg.stable ? pkg.stable.version.to_s : pkg.version.to_s + end + + def get_version_from_command(command) + version = get_response_from_command(command).chomp + version.empty? ? nil : version + end + + def get_version_from_formula + brew_cmd = shell_out!('brew --prefix', :user => homebrew_owner) + libpath = ::File.join(brew_cmd.stdout.chomp, 'Library', 'Homebrew') + $LOAD_PATH.unshift(libpath) + + require 'global' + require 'cmd/info' + + Formula[new_resource.package_name] + end + + def get_response_from_command(command) + require 'etc' + home_dir = Etc.getpwnam(homebrew_owner).dir + + Chef::Log.debug "Executing '#{command}' as #{homebrew_owner}" + output = shell_out!(command, :user => homebrew_owner, :environment => { 'HOME' => home_dir, 'RUBYOPT' => nil }) + output.stdout + end + end + end + end + end + + Chef::Platform.set :platform => :mac_os_x_server, :resource => :package, :provider => Chef::Provider::Package::Homebrew + Chef::Platform.set :platform => :mac_os_x, :resource => :package, :provider => Chef::Provider::Package::Homebrew +end diff --git a/berks-cookbooks/homebrew/libraries/matchers.rb b/berks-cookbooks/homebrew/libraries/matchers.rb new file mode 100644 index 00000000..26795283 --- /dev/null +++ b/berks-cookbooks/homebrew/libraries/matchers.rb @@ -0,0 +1,43 @@ +if defined?(ChefSpec) + + def install_homebrew_package(pkg) + ChefSpec::Matchers::ResourceMatcher.new(:homebrew_package, :install, pkg) + end + + def upgrade_homebrew_package(pkg) + ChefSpec::Matchers::ResourceMatcher.new(:homebrew_package, :upgrade, pkg) + end + + def remove_homebrew_package(pkg) + ChefSpec::Matchers::ResourceMatcher.new(:homebrew_package, :remove, pkg) + end + + def purge_homebrew_package(pkg) + ChefSpec::Matchers::ResourceMatcher.new(:homebrew_package, :purge, pkg) + end + + def tap_homebrew_tap(tap) + ChefSpec::Matchers::ResourceMatcher.new(:homebrew_tap, :tap, tap) + end + + def untap_homebrew_tap(tap) + ChefSpec::Matchers::ResourceMatcher.new(:homebrew_tap, :untap, tap) + end + + def cask_homebrew_cask(cask) + ChefSpec::Matchers::ResourceMatcher.new(:homebrew_cask, :cask, cask) + end + + def uncask_homebrew_cask(cask) + ChefSpec::Matchers::ResourceMatcher.new(:homebrew_cask, :uncask, cask) + end + + def install_homebrew_cask(cask) + ChefSpec::Matchers::ResourceMatcher.new(:homebrew_cask, :install, cask) + end + + def uninstall_homebrew_cask(cask) + ChefSpec::Matchers::ResourceMatcher.new(:homebrew_cask, :uninstall, cask) + end + +end diff --git a/berks-cookbooks/homebrew/metadata.json b/berks-cookbooks/homebrew/metadata.json new file mode 100644 index 00000000..a4873567 --- /dev/null +++ b/berks-cookbooks/homebrew/metadata.json @@ -0,0 +1,33 @@ +{ + "name": "homebrew", + "version": "1.13.0", + "description": "Install Homebrew, and use it as the OS X package provider on Chef versions =< 11", + "long_description": "", + "maintainer": "Chef Software, Inc.", + "maintainer_email": "cookbooks@chef.io", + "license": "Apache 2.0", + "platforms": { + "mac_os_x": ">= 0.0.0", + "mac_os_x_server": ">= 0.0.0" + }, + "dependencies": { + "build-essential": ">= 2.1.2" + }, + "recommendations": { + }, + "suggestions": { + }, + "conflicting": { + }, + "providing": { + }, + "replacing": { + }, + "attributes": { + }, + "groupings": { + }, + "recipes": { + "homebrew": "Install Homebrew" + } +} \ No newline at end of file diff --git a/berks-cookbooks/homebrew/providers/cask.rb b/berks-cookbooks/homebrew/providers/cask.rb new file mode 100644 index 00000000..0863358d --- /dev/null +++ b/berks-cookbooks/homebrew/providers/cask.rb @@ -0,0 +1,36 @@ +require 'chef/mixin/shell_out' +include Chef::Mixin::ShellOut +include ::Homebrew::Mixin + +use_inline_resources if defined?(:use_inline_resources) + +def whyrun_supported? + true +end + +def load_current_resource + @cask = Chef::Resource::HomebrewCask.new(new_resource.name) + Chef::Log.debug("Checking whether #{new_resource.name} is installed") + @cask.casked shell_out("/usr/local/bin/brew cask list | grep #{new_resource.name}").exitstatus == 0 +end + +action :install do + unless @cask.casked + execute "installing cask #{new_resource.name}" do + command "/usr/local/bin/brew cask install #{new_resource.name} #{new_resource.options}" + user homebrew_owner + end + end +end + +action :uninstall do + if @cask.casked + execute "uninstalling cask #{new_resource.name}" do + command "/usr/local/bin/brew cask uninstall #{new_resource.name}" + user homebrew_owner + end + end +end + +alias_method :action_cask, :action_install +alias_method :action_uncask, :action_uninstall diff --git a/berks-cookbooks/homebrew/providers/tap.rb b/berks-cookbooks/homebrew/providers/tap.rb new file mode 100644 index 00000000..900db522 --- /dev/null +++ b/berks-cookbooks/homebrew/providers/tap.rb @@ -0,0 +1,54 @@ +# +# Author:: Joshua Timberman () +# Author:: Graeme Mathieson () +# Cookbook Name:: homebrew +# Providers:: tap +# +# Copyright 2011-2013, Chef Software, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include ::Homebrew::Mixin + +def load_current_resource + @tap = Chef::Resource::HomebrewTap.new(new_resource.name) + tap_dir = @tap.name.gsub('/', '/homebrew-') + + Chef::Log.debug("Checking whether we've already tapped #{new_resource.name}") + if ::File.directory?("/usr/local/Library/Taps/#{tap_dir}") + @tap.tapped true + else + @tap.tapped false + end +end + +action :tap do + unless @tap.tapped + execute "tapping #{new_resource.name}" do + command "/usr/local/bin/brew tap #{new_resource.name}" + not_if "/usr/local/bin/brew tap | grep #{new_resource.name}" + user homebrew_owner + end + end +end + +action :untap do + if @tap.tapped + execute "untapping #{new_resource.name}" do + command "/usr/local/bin/brew untap #{new_resource.name}" + only_if "/usr/local/bin/brew tap | grep #{new_resource.name}" + user homebrew_owner + end + end +end diff --git a/berks-cookbooks/homebrew/recipes/cask.rb b/berks-cookbooks/homebrew/recipes/cask.rb new file mode 100644 index 00000000..523004ec --- /dev/null +++ b/berks-cookbooks/homebrew/recipes/cask.rb @@ -0,0 +1,39 @@ +# +# Cookbook Name:: homebrew +# Recipes:: cask +# +# Copyright 2014, Chef Software, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +Chef::Resource.send(:include, Homebrew::Mixin) + +homebrew_tap 'caskroom/cask' + +package 'brew-cask' + +execute 'update homebrew cask from github' do + user node['homebrew']['owner'] || homebrew_owner + command '/usr/local/bin/brew upgrade brew-cask && /usr/local/bin/brew cask cleanup || true' + only_if { node['homebrew']['auto-update'] } +end + +directory '/opt/homebrew-cask' do + owner node['homebrew']['owner'] || homebrew_owner + mode 00775 +end + +directory '/opt/homebrew-cask/Caskroom' do + owner node['homebrew']['owner'] || homebrew_owner + mode 00775 +end diff --git a/berks-cookbooks/homebrew/recipes/default.rb b/berks-cookbooks/homebrew/recipes/default.rb new file mode 100644 index 00000000..8c2fdb06 --- /dev/null +++ b/berks-cookbooks/homebrew/recipes/default.rb @@ -0,0 +1,49 @@ +# +# Author:: Joshua Timberman () +# Author:: Graeme Mathieson () +# Cookbook Name:: homebrew +# Recipes:: default +# +# Copyright 2011-2013, Chef Software, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +Chef::Resource.send(:include, Homebrew::Mixin) +Chef::Recipe.send(:include, Homebrew::Mixin) + +homebrew_go = "#{Chef::Config[:file_cache_path]}/homebrew_go" + +Chef::Log.debug("Homebrew owner is '#{homebrew_owner}'") + +remote_file homebrew_go do + source 'https://raw.githubusercontent.com/Homebrew/install/master/install' + mode 00755 +end + +execute 'install homebrew' do + command homebrew_go + user node['homebrew']['owner'] || homebrew_owner + not_if { ::File.exist? '/usr/local/bin/brew' } +end + +if node['homebrew']['auto-update'] + package 'git' do + not_if 'which git' + end + + execute 'update homebrew from github' do + user homebrew_owner + command '/usr/local/bin/brew update || true' + end +end diff --git a/berks-cookbooks/iptables/recipes/disabled.rb b/berks-cookbooks/homebrew/recipes/install_casks.rb similarity index 70% rename from berks-cookbooks/iptables/recipes/disabled.rb rename to berks-cookbooks/homebrew/recipes/install_casks.rb index d9166a05..5a16ce82 100644 --- a/berks-cookbooks/iptables/recipes/disabled.rb +++ b/berks-cookbooks/homebrew/recipes/install_casks.rb @@ -1,8 +1,8 @@ # -# Cookbook Name:: iptables -# Recipe:: default +# Cookbook Name:: homebrew +# Recipes:: install_casks # -# Copyright 2008-2009, Opscode, Inc. +# Copyright 2014, Chef Software, Inc # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,8 +17,8 @@ # limitations under the License. # -package "iptables" -service "iptables" do - action [ :disable, :stop ] - supports :status => true, :start => true, :stop => true, :restart => true +include_recipe 'homebrew::cask' + +node['homebrew']['casks'].each do |cask| + homebrew_cask cask end diff --git a/berks-cookbooks/npm/attributes/default.rb b/berks-cookbooks/homebrew/recipes/install_formulas.rb similarity index 73% rename from berks-cookbooks/npm/attributes/default.rb rename to berks-cookbooks/homebrew/recipes/install_formulas.rb index 259dbc58..55b7956d 100644 --- a/berks-cookbooks/npm/attributes/default.rb +++ b/berks-cookbooks/homebrew/recipes/install_formulas.rb @@ -1,9 +1,8 @@ # -# Cookbook Name:: npm +# Cookbook Name:: homebrew +# Recipes:: install_casks # -# Author:: Sergey Balbeko -# -# Copyright 2012, Sergey Balbeko +# Copyright 2014, Chef Software, Inc # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,5 +17,8 @@ # limitations under the License. # -default['npm']['version'] = '1.1.0-3' -#default['npm'][''] = '' \ No newline at end of file +include_recipe 'homebrew' + +node['homebrew']['formulas'].each do |formula| + package formula +end diff --git a/berks-cookbooks/apache2/recipes/iptables.rb b/berks-cookbooks/homebrew/recipes/install_taps.rb similarity index 74% rename from berks-cookbooks/apache2/recipes/iptables.rb rename to berks-cookbooks/homebrew/recipes/install_taps.rb index 0bf928b4..9dac2bc0 100644 --- a/berks-cookbooks/apache2/recipes/iptables.rb +++ b/berks-cookbooks/homebrew/recipes/install_taps.rb @@ -1,8 +1,8 @@ # -# Cookbook Name:: apache2 -# Recipe:: iptables +# Cookbook Name:: homebrew +# Recipes:: install_taps # -# Copyright 2012-2013, Opscode, Inc. +# Copyright 2015, Chef Software, Inc # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,6 +16,9 @@ # See the License for the specific language governing permissions and # limitations under the License. # -include_recipe 'iptables::default' -iptables_rule 'port_apache' +include_recipe 'homebrew' + +node['homebrew']['taps'].each do |tap| + homebrew_tap tap +end diff --git a/berks-cookbooks/homebrew/resources/cask.rb b/berks-cookbooks/homebrew/resources/cask.rb new file mode 100644 index 00000000..7de9591d --- /dev/null +++ b/berks-cookbooks/homebrew/resources/cask.rb @@ -0,0 +1,22 @@ +actions :cask, :uncask, :install, :uninstall +attribute :name, + :name_attribute => true, + :kind_of => String, + :regex => /^[\w-]+$/ + +attribute :casked, + :kind_of => [TrueClass, FalseClass] + +attribute :options, + :kind_of => String + +if defined?(:default_action) + default_action :install +else + Chef::Log.warn("It appears you have Chef version #{Chef::VERSION},") + Chef::Log.warn('homebrew_cask resource will remove support for versions of Chef < 10.10 in the next major release of the cookbook') + def initialize(*args) + super + @action = :install + end +end diff --git a/berks-cookbooks/logrotate/recipes/global.rb b/berks-cookbooks/homebrew/resources/tap.rb similarity index 53% rename from berks-cookbooks/logrotate/recipes/global.rb rename to berks-cookbooks/homebrew/resources/tap.rb index 2180c92c..f3f72af7 100644 --- a/berks-cookbooks/logrotate/recipes/global.rb +++ b/berks-cookbooks/homebrew/resources/tap.rb @@ -1,8 +1,10 @@ # -# Cookbook Name:: logrotate -# Recipe:: default +# Author:: Joshua Timberman () +# Author:: Graeme Mathieson () +# Cookbook Name:: homebrew +# Resources:: tap # -# Copyright 2009-2013, Chef Software, Inc. +# Copyright 2011-2013, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,14 +19,17 @@ # limitations under the License. # -include_recipe 'logrotate::default' +actions :tap, :untap +attribute :name, + :name_attribute => true, + :kind_of => String, + :regex => /^[\w-]+(?:\/[\w-]+)+$/ -parsed_configuration = CookbookLogrotate::LogrotateConfiguration.from_hash(node['logrotate']['global'].to_hash) +attribute :tapped, + :kind_of => [TrueClass, FalseClass] -template '/etc/logrotate.conf' do - source 'logrotate-global.erb' - mode '0644' - variables( - :configuration => parsed_configuration - ) +### hax for default action +def initialize(*args) + super + @action = :tap end diff --git a/berks-cookbooks/iis/CHANGELOG.md b/berks-cookbooks/iis/CHANGELOG.md index 7afabbe0..fc4a4894 100644 --- a/berks-cookbooks/iis/CHANGELOG.md +++ b/berks-cookbooks/iis/CHANGELOG.md @@ -1,3 +1,11 @@ +v4.1.1 (2015-05-07) +------------------- +- Detects changes in the physical path of apps. +- Adds support for gMSA identity. +- Performing add on a site will now reconfigure it if necessary. +- Lock and unlock commands on configuration sections now use -commit:apphost. +- Fix issue where popeline_mode was ignored during configuration of a pool. + v4.1.0 (2015-03-04) ------------------- - Removed iis_pool attribute 'set_profile_environment' incompatible with < IIS-8. diff --git a/berks-cookbooks/iis/README.md b/berks-cookbooks/iis/README.md index 8f208789..36fcddf3 100644 --- a/berks-cookbooks/iis/README.md +++ b/berks-cookbooks/iis/README.md @@ -441,8 +441,9 @@ License and Author * Author:: Seth Chisamore () * Author:: Julian Dunn () +* Author:: Justin Schuhmann () -Copyright:: 2011-2013, Chef Software, Inc. +Copyright:: 2011-2015, Chef Software, Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/iis/libraries/helper.rb b/berks-cookbooks/iis/libraries/helper.rb index 1d2040e0..b036774e 100644 --- a/berks-cookbooks/iis/libraries/helper.rb +++ b/berks-cookbooks/iis/libraries/helper.rb @@ -21,6 +21,7 @@ module Opscode module IIS + # Contains functions that are used throughout this cookbook module Helper if RUBY_PLATFORM =~ /mswin|mingw32|windows/ require 'chef/win32/version' @@ -34,12 +35,12 @@ def self.older_than_windows2008r2? if RUBY_PLATFORM =~ /mswin|mingw32|windows/ win_version = Chef::ReservedNames::Win32::Version.new win_version.windows_server_2008? || - win_version.windows_vista? || - win_version.windows_server_2003_r2? || - win_version.windows_home_server? || - win_version.windows_server_2003? || - win_version.windows_xp? || - win_version.windows_2000? + win_version.windows_vista? || + win_version.windows_server_2003_r2? || + win_version.windows_home_server? || + win_version.windows_server_2003? || + win_version.windows_xp? || + win_version.windows_2000? end end @@ -47,32 +48,33 @@ def self.older_than_windows2012? if RUBY_PLATFORM =~ /mswin|mingw32|windows/ win_version = Chef::ReservedNames::Win32::Version.new win_version.windows_7? || - win_version.windows_server_2008_r2? || - win_version.windows_server_2008? || - win_version.windows_vista? || - win_version.windows_server_2003_r2? || - win_version.windows_home_server? || - win_version.windows_server_2003? || - win_version.windows_xp? || - win_version.windows_2000? + win_version.windows_server_2008_r2? || + win_version.windows_server_2008? || + win_version.windows_vista? || + win_version.windows_server_2003_r2? || + win_version.windows_home_server? || + win_version.windows_server_2003? || + win_version.windows_xp? || + win_version.windows_2000? end end - def windows_cleanpath(path) - if defined?(Chef::Util::PathHelper.cleanpath) != nil - Chef::Util::PathHelper.cleanpath(path) + if !defined?(Chef::Util::PathHelper.cleanpath).nil? + path = Chef::Util::PathHelper.cleanpath(path) else - win_friendly_path(path) + path = win_friendly_path(path) end + # Remove any trailing slashes to prevent them from accidentally escaping any quotes. + path.chomp('/').chomp('\\') end - def is_new_value?(document, xpath, value_to_check) + def new_value?(document, xpath, value_to_check) XPath.first(document, xpath).to_s != value_to_check.to_s end - def is_new_or_empty_value?(document, xpath, value_to_check) - value_to_check.to_s != '' && is_new_value?(document, xpath, value_to_check) + def new_or_empty_value?(document, xpath, value_to_check) + value_to_check.to_s != '' && new_value?(document, xpath, value_to_check) end def appcmd(node) diff --git a/berks-cookbooks/iis/libraries/matcher.rb b/berks-cookbooks/iis/libraries/matcher.rb index 734defde..d146d21e 100644 --- a/berks-cookbooks/iis/libraries/matcher.rb +++ b/berks-cookbooks/iis/libraries/matcher.rb @@ -39,7 +39,7 @@ def config_iis_config(command) ) end - [:config].each do |action| + [:config].each do |action| self.class.send(:define_method, "#{action}_iis_unlock", proc do |section| ChefSpec::Matchers::ResourceMatcher.new(:iis_unlock, action, section) end @@ -53,7 +53,7 @@ def config_iis_config(command) ) end - define_method = (Gem.loaded_specs["chefspec"].version < Gem::Version.new('4.1.0')) ? + define_method = (Gem.loaded_specs['chefspec'].version < Gem::Version.new('4.1.0')) ? ChefSpec::Runner.method(:define_runner_method) : ChefSpec.method(:define_matcher) diff --git a/berks-cookbooks/iis/metadata.json b/berks-cookbooks/iis/metadata.json index 32da40cf..10fc6e88 100644 --- a/berks-cookbooks/iis/metadata.json +++ b/berks-cookbooks/iis/metadata.json @@ -1,31 +1 @@ -{ - "name": "iis", - "version": "4.1.0", - "description": "Installs/Configures Microsoft Internet Information Services", - "long_description": "Description\n===========\n\nInstalls and configures Microsoft Internet Information Services (IIS) 7.0/7.5/8.0\n\nRequirements\n============\n\nPlatform\n--------\n\n* Windows Vista\n* Windows 7\n* Windows 8\n* Windows Server 2008 (R1, R2)\n* Windows Server 2012\n* Windows Server 2012R2\n\nWindows 2003R2 is *not* supported because it lacks Add/Remove Features.\n\nCookbooks\n---------\n\n* windows\n\nAttributes\n==========\n\n* `node['iis']['home']` - IIS main home directory. default is `%WINDIR%\\System32\\inetsrv`\n* `node['iis']['conf_dir']` - location where main IIS configs lives. default is `%WINDIR%\\System32\\inetsrv\\config`\n* `node['iis']['pubroot']` - . default is `%SYSTEMDRIVE%\\inetpub`\n* `node['iis']['docroot']` - IIS web site home directory. default is `%SYSTEMDRIVE%\\inetpub\\wwwroot`\n* `node['iis']['log_dir']` - location of IIS logs. default is `%SYSTEMDRIVE%\\inetpub\\logs\\LogFiles`\n* `node['iis']['cache_dir']` - location of cached data. default is `%SYSTEMDRIVE%\\inetpub\\temp`\n\nResource/Provider\n=================\n\niis_site\n---------\n\nAllows easy management of IIS virtual sites (ie vhosts).\n\n### Actions\n\n- `:add` - add a new virtual site\n- `:config` - apply configuration to an existing virtual site\n- `:delete` - delete an existing virtual site\n- `:start` - start a virtual site\n- `:stop` - stop a virtual site\n- `:restart` - restart a virtual site\n\n### Attribute Parameters\n\n- `product_id` - name attribute. Specifies the ID of a product to install.\n- `site_name` - name attribute.\n- `site_id` - if not given IIS generates a unique ID for the site\n- `path` - IIS will create a root application and a root virtual directory mapped to this specified local path\n- `protocol` - http protocol type the site should respond to. valid values are :http, :https. default is :http\n- `port` - port site will listen on. default is 80\n- `host_header` - host header (also known as domains or host names) the site should map to. default is all host headers\n- `options` - additional options to configure the site\n- `bindings` - Advanced options to configure the information required for requests to communicate with a Web site. See http://www.iis.net/configreference/system.applicationhost/sites/site/bindings/binding for parameter format. When binding is used, port protocol and host_header should not be used.\n- `application_pool` - set the application pool of the site\n- `options` - support for additional options -logDir, -limits, -ftpServer, etc...\n- `log_directory` - specifies the logging directory, where the log file and logging-related support files are stored.\n- `log_period` - specifies how often iis creates a new log file\n- `log_truncsize` - specifies the maximum size of the log file (in bytes) after which to create a new log file.\n\n### Examples\n\n```ruby\n# stop and delete the default site\niis_site 'Default Web Site' do\n action [:stop, :delete]\nend\n```\n\n```ruby\n# create and start a new site that maps to\n# the physical location C:\\inetpub\\wwwroot\\testfu\niis_site 'Testfu Site' do\n protocol :http\n port 80\n path \"#{node['iis']['docroot']}/testfu\"\n action [:add,:start]\nend\n```\n\n```ruby\n# do the same but map to testfu.chef.io domain\niis_site 'Testfu Site' do\n protocol :http\n port 80\n path \"#{node['iis']['docroot']}/testfu\"\n host_header \"testfu.chef.io\"\n action [:add,:start]\nend\n```\n\n```ruby\n# create and start a new site that maps to\n# the physical C:\\inetpub\\wwwroot\\testfu\n# also adds bindings to http and https\n# binding http to the ip address 10.12.0.136,\n# the port 80, and the host header www.domain.com\n# also binding https to any ip address,\n# the port 443, and the host header www.domain.com\niis_site 'FooBar Site' do\n bindings \"http/10.12.0.136:80:www.domain.com,https/*:443:www.domain.com\n path \"#{node['iis']['docroot']}/testfu\"\n action [:add,:start]\nend\n```\n\niis_config\n-----------\nRuns a config command on your IIS instance.\n\n### Actions\n\n- `:config` - Runs the configuration command\n\n### Attribute Parameters\n\n- `cfg_cmd` - name attribute. What ever command you would pass in after \"appcmd.exe set config\"\n\n### Example\n\n```ruby\n# Sets up logging\niis_config \"/section:system.applicationHost/sites /siteDefaults.logfile.directory:\\\"D:\\\\logs\\\"\" do\n action :config\nend\n```\n\n```ruby\n# Loads an array of commands from the node\ncfg_cmds = node['iis']['cfg_cmd']\ncfg_cmds.each do |cmd|\n iis_config \"#{cmd}\" do\n action :config\n end\nend\n```\n\niis_pool\n---------\nCreates an application pool in IIS.\n\n### Actions\n\n- `:add` - add a new application pool\n- `:config` - apply configuration to an existing application pool\n- `:delete` - delete an existing application pool\n- `:start` - start a application pool\n- `:stop` - stop a application pool\n- `:restart` - restart a application pool\n- `:recycle` - recycle an application pool\n\n### Attribute Parameters\n\n#### Root Items\n- `pool_name` - name attribute. Specifies the name of the pool to create.\n- `runtime_version` - specifies what .NET version of the runtime to use.\n- `pipeline_mode` - specifies what pipeline mode to create the pool with, valid values are :Integrated or :Classic, the default is :Integrated\n- `no_managed_code` - allow Unmanaged Code in setting up IIS app pools is shutting down. - default is true - optional\n\n#### Add Items\n- `start_mode` - Specifies the startup type for the application pool - default :OnDemand (:OnDemand, :AlwaysRunning) - optional\n- `auto_start` - When true, indicates to the World Wide Web Publishing Service (W3SVC) that the application pool should be automatically started when it is created or when IIS is started. - boolean: default true - optional\n- `queue_length` - Indicates to HTTP.sys how many requests to queue for an application pool before rejecting future requests. - default is 1000 - optional\n- `thirty_two_bit` - set the pool to run in 32 bit mode, valid values are true or false, default is false - optional\n\n#### Process Model Items\n- `max_proc` - specifies the number of worker processes associated with the pool.\n- `load_user_profile` - This property is used only when a service starts in a named user account. - Default is false - optional\n- `pool_identity` - the account identity that they app pool will run as, valid values are :SpecificUser, :NetworkService, :LocalService, :LocalSystem, :ApplicationPoolIdentity\n- `pool_username` - username for the identity for the application pool\n- `pool_password` password for the identity for the application pool is started. Default is true - optional\n- `logon_type` - Specifies the logon type for the process identity. (For additional information about [logon types](http://msdn.microsoft.com/en-us/library/aa378184%28VS.85%29.aspx), see the LogonUser Function topic on Microsoft's MSDN Web site.) - Available [:LogonBatch, :LogonService] - default is :LogonBatch - optional\n- `manual_group_membership` - Specifies whether the IIS_IUSRS group Security Identifier (SID) is added to the worker process token. When false, IIS automatically uses an application pool identity as though it were a member of the built-in IIS_IUSRS group, which has access to necessary file and system resources. When true, an application pool identity must be explicitly added to all resources that a worker process requires at runtime. - default is false - optional\n- `idle_timeout` - Specifies how long (in minutes) a worker process should run idle if no new requests are received and the worker process is not processing requests. After the allocated time passes, the worker process should request that it be shut down by the WWW service. - default is '00:20:00' - optional\n- `shutdown_time_limit` - Specifies the time that the W3SVC service waits after it initiated a recycle. If the worker process does not shut down within the shutdownTimeLimit, it will be terminated by the W3SVC service. - default is '00:01:30' - optional\n- `startup_time_limit` - Specifies the time that IIS waits for an application pool to start. If the application pool does not startup within the startupTimeLimit, the worker process is terminated and the rapid-fail protection count is incremented. - default is '00:01:30' - optional\n- `pinging_enabled` - Specifies whether pinging is enabled for the worker process. - default is true - optional\n- `ping_interval` - Specifies the time between health-monitoring pings that the WWW service sends to a worker process - default is '00:00:30' - optional\n- `ping_response_time` - Specifies the time that a worker process is given to respond to a health-monitoring ping. After the time limit is exceeded, the WWW service terminates the worker process - default is '00:01:30' - optional\n\n#### Recycling Items\n- `disallow_rotation_on_config_change` - The DisallowRotationOnConfigChange property specifies whether or not the World Wide Web Publishing Service (WWW Service) should rotate worker processes in an application pool when the configuration has changed. - Default is false - optional\n- `disallow_overlapping_rotation` - Specifies whether the WWW Service should start another worker process to replace the existing worker process while that process\n- `recycle_after_time` - specifies a pool to recycle at regular time intervals, d.hh:mm:ss, d optional\n- `recycle_at_time` - schedule a pool to recycle at a specific time, d.hh:mm:ss, d optional\n- `private_mem` - specifies the amount of private memory (in kilobytes) after which you want the pool to recycle\n\n#### Failure Items\n- `load_balancer_capabilities` - Specifies behavior when a worker process cannot be started, such as when the request queue is full or an application pool is in rapid-fail protection. - default is :HttpLevel - optional\n- `orphan_worker_process` - Specifies whether to assign a worker process to an orphan state instead of terminating it when an application pool fails. - default is false - optional\n- `orphan_action_exe` - Specifies an executable to run when the WWW service orphans a worker process (if the orphanWorkerProcess attribute is set to true). You can use the orphanActionParams attribute to send parameters to the executable. - optional\n- `orphan_action_params` - Indicates command-line parameters for the executable named by the orphanActionExe attribute. To specify the process ID of the orphaned process, use %1%. - optional\n- `rapid_fail_protection` - Setting to true instructs the WWW service to remove from service all applications that are in an application pool - default is true - optional\n- `rapid_fail_protection_interval` - Specifies the number of minutes before the failure count for a process is reset. - default is '00:05:00' - optional\n- `rapid_fail_protection_max_crashes` - Specifies the maximum number of failures that are allowed within the number of minutes specified by the rapidFailProtectionInterval attribute. - default is 5 - optional\n- `auto_shutdown_exe` - Specifies an executable to run when the WWW service shuts down an application pool. - optional\n- `auto_shutdown_params` - Specifies command-line parameters for the executable that is specified in the autoShutdownExe attribute. - optional\n\n#### CPU Items\n- `cpu_action` - Configures the action that IIS takes when a worker process exceeds its configured CPU limit. The action attribute is configured on a per-application pool basis. - Available options [:NoAction, :KillW3wp, :Throttle, :ThrottleUnderLoad] - default is :NoAction - optional\n- `cpu_limit` - Configures the maximum percentage of CPU time (in 1/1000ths of one percent) that the worker processes in an application pool are allowed to consume over a period of time as indicated by the resetInterval attribute. If the limit set by the limit attribute is exceeded, an event is written to the event log and an optional set of events can be triggered. These optional events are determined by the action attribute. - default is 0 - optional\n- `cpu_reset_interval` - Specifies the reset period (in minutes) for CPU monitoring and throttling limits on an application pool. When the number of minutes elapsed since the last process accounting reset equals the number specified by this property, IIS resets the CPU timers for both the logging and limit intervals. - default is '00:05:00' - optional\n- `cpu_smp_affinitized` - Specifies whether a particular worker process assigned to an application pool should also be assigned to a given CPU. - default is false - optional\n- `smp_processor_affinity_mask` - Specifies the hexadecimal processor mask for multi-processor computers, which indicates to which CPU the worker processes in an application pool should be bound. Before this property takes effect, the smpAffinitized attribute must be set to true for the application pool. - default is 4294967295 - optional\n- `smp_processor_affinity_mask_2` - Specifies the high-order DWORD hexadecimal processor mask for 64-bit multi-processor computers, which indicates to which CPU the worker processes in an application pool should be bound. Before this property takes effect, the smpAffinitized attribute must be set to true for the application pool. - default is 4294967295 - optional\n\n### Example\n\n```ruby\n# creates a new app pool\niis_pool 'myAppPool_v1_1' do\n runtime_version \"2.0\"\n pipeline_mode :Classic\n action :add\nend\n```\n\niis_app\n--------\n\nCreates an application in IIS.\n\n### Actions\n\n- `:add` - add a new application pool\n- `:delete` - delete an existing application pool\n\n### Attribute Parameters\n\n- `site_name` - name attribute. The name of the site to add this app to\n- `path` -The virtual path for this application\n- `application_pool` - The pool this application belongs to\n- `physical_path` - The physical path where this app resides.\n- `enabled_protocols` - The enabled protocols that this app provides (http, https, net.pipe, net.tcp, etc)\n\n### Example\n\n```ruby\n# creates a new app\niis_app \"myApp\" do\n path \"/v1_1\"\n application_pool \"myAppPool_v1_1\"\n physical_path \"#{node['iis']['docroot']}/testfu/v1_1\"\n enabled_protocols \"http,net.pipe\"\n action :add\nend\n```\n\niis_vdir\n---------\n\nAllows easy management of IIS virtual directories (i.e. vdirs).\n\n### Actions\n\n- :add: - add a new virtual directory\n- :delete: - delete an existing virtual directory\n- :config: - configure a virtual directory\n\n### Attribute Parameters\n\n- `application_name`: name attribute. Specifies the name of the application attribute. This is the name of the website or application you are adding it to.\n- `path`: The virtual directory path on the site.\n- `physical_path`: The physical path of the virtual directory on the disk.\n- `username`: (optional) The username required to logon to the physical_path. If set to \"\" will clear username and password.\n- `password`: (optional) The password required to logon to the physical_path\n- `logon_method`: (optional, default: :ClearText) The method used to logon (:Interactive, :Batch, :Network, :ClearText). For more information on these types, see \"LogonUser Function\", Read more at [MSDN](http://msdn2.microsoft.com/en-us/library/aa378184.aspx)\n- `allow_sub_dir_config`: (optional, default: true) Boolean that specifies whether or not the Web server will look for configuration files located in the subdirectories of this virtual directory. Setting this to false can improve performance on servers with very large numbers of web.config files, but doing so prevents IIS configuration from being read in subdirectories.\n\n### Examples\n\n```ruby\n# add a virtual directory to default application\niis_vdir 'Default Web Site/' do\n action :add\n path '/Content/Test'\n physical_path 'C:\\wwwroot\\shared\\test'\nend\n```\n\n```ruby\n# add a virtual directory to an application under a site\niis_vdir 'Default Web Site/my application' do\n action :add\n path '/Content/Test'\n physical_path 'C:\\wwwroot\\shared\\test'\nend\n```\n\n```ruby\n# adds a virtual directory to default application which points to a smb share. (Remember to escape the \"\\\"'s)\niis_vdir 'Default Web Site/' do\n action :add\n path '/Content/Test'\n physical_path '\\\\\\\\sharename\\\\sharefolder\\\\1'\nend\n```\n\n```ruby\n# configure a virtual directory to have a username and password\niis_vdir 'Default Web Site/' do\n action :config\n path '/Content/Test'\n username 'domain\\myspecialuser'\n password 'myspecialpassword'\nend\n```\n\n```ruby\n# delete a virtual directory from the default application\niis_vdir 'Default Web Site/' do\n action :delete\n path '/Content/Test'\nend\n```\n\niis_section\n---------\n\nAllows for the locking/unlocking of sections ([listed here](http://www.iis.net/configreference) or via the command `appcmd list config \\\"\\\" /config:* /xml`)\n\nThis is valuable to allow the `web.config` of an individual application/website control it's own settings.\n\n### Actions\n\n- `:lock`: - locks the `section` passed\n- `:unlock`: - unlocks the `section` passed\n\n### Attribute Parameters\n\n- `section`: The name of the section to lock.\n- `returns`: The result of the `shell_out` command.\n\n### Examples\n\n```ruby\n# Sets the IIS global windows authentication to be locked globally\niis_section 'locks global configuration of windows auth' do\n section 'system.webServer/security/authentication/windowsAuthentication'\n action :lock\nend\n```\n\n```ruby\n# Sets the IIS global Basic authentication to be locked globally\niis_section 'locks global configuration of Basic auth' do\n section 'system.webServer/security/authentication/basicAuthentication'\n action :lock\nend\n```\n\n```ruby\n# Sets the IIS global windows authentication to be unlocked globally\niis_section 'unlocked web.config globally for windows auth' do\n action :unlock\n section 'system.webServer/security/authentication/windowsAuthentication'\nend\n```\n\n```ruby\n# Sets the IIS global Basic authentication to be unlocked globally\niis_section 'unlocked web.config globally for Basic auth' do\n action :unlock\n section 'system.webServer/security/authentication/basicAuthentication'\nend\n```\n\niis_module\n--------\n\nManages modules globally or on a per site basis.\n\n### Actions\n\n- `:add` - add a new module\n- `:delete` - delete a module\n\n### Attribute Parameters\n\n- `module_name` - The name of the module to add or delete\n- `type` - The type of module\n- `precondition` - precondition for module\n- `application` - The application or site to add the module to\n\n### Example\n\n```ruby\n# Adds a module called \"My 3rd Party Module\" to mySite/\niis_module \"My 3rd Party Module\" do\n application \"mySite/\"\n precondition \"bitness64\"\n action :add\nend\n```\n\n```ruby\n# Adds a module called \"MyModule\" to all IIS sites on the server\niis_module \"MyModule\"\n```\n\n\nUsage\n=====\n\ndefault\n-------\n\nInstalls and configures IIS 7.0/7.5/8.0 using the default configuration.\n\nmod_*\n-----\n\nThis cookbook also contains recipes for installing individual IIS modules (extensions). These recipes can be included in a node's run_list to build the minimal desired custom IIS installation.\n\n* `mod_aspnet` - installs ASP.NET runtime components\n* `mod_aspnet45` - installs ASP.NET 4.5 runtime components\n* `mod_auth_basic` - installs Basic Authentication support\n* `mod_auth_windows` - installs Windows Authentication (authenticate clients by using NTLM or Kerberos) support\n* `mod_compress_dynamic` - installs dynamic content compression support. *PLEASE NOTE* - enabling dynamic compression always gives you more efficient use of bandwidth, but if your server's processor utilization is already very high, the CPU load imposed by dynamic compression might make your site perform more slowly.\n* `mod_compress_static` - installs static content compression support\n* `mod_iis6_metabase_compat` - installs IIS 6 Metabase Compatibility component.\n* `mod_isapi` - installs ISAPI (Internet Server Application Programming Interface) extension and filter support.\n* `mod_logging` - installs and enables HTTP Logging (logging of Web site activity), Logging Tools (logging tools and scripts) and Custom Logging (log any of the HTTP request/response headers, IIS server variables, and client-side fields with simple configuration) support\n* `mod_management` - installs Web server Management Console which supports management of local and remote Web servers\n* `mod_security` - installs URL Authorization (Authorizes client access to the URLs that comprise a Web application), Request Filtering (configures rules to block selected client requests) and IP Security (allows or denies content access based on IP address or domain name) support.\n* `mod_tracing` - installs support for tracing ASP.NET applications and failed requests.\n\nNote: Not every possible IIS module has a corresponding recipe. The foregoing recipes are included for convenience, but users may also place additional IIS modules that are installable as Windows features into the ``node['iis']['components']`` array.\n\nLicense and Author\n==================\n\n* Author:: Seth Chisamore ()\n* Author:: Julian Dunn ()\n\nCopyright:: 2011-2013, Chef Software, Inc.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n", - "maintainer": "Chef Software, Inc.", - "maintainer_email": "cookbooks@chef.io", - "license": "Apache 2.0", - "platforms": { - "windows": ">= 0.0.0" - }, - "dependencies": { - "windows": ">= 1.34.6" - }, - "recommendations": { - }, - "suggestions": { - }, - "conflicting": { - }, - "providing": { - }, - "replacing": { - }, - "attributes": { - }, - "groupings": { - }, - "recipes": { - } -} \ No newline at end of file +{"name":"iis","version":"4.1.1","description":"Installs/Configures Microsoft Internet Information Services","long_description":"Description\n===========\n\nInstalls and configures Microsoft Internet Information Services (IIS) 7.0/7.5/8.0\n\nRequirements\n============\n\nPlatform\n--------\n\n* Windows Vista\n* Windows 7\n* Windows 8\n* Windows Server 2008 (R1, R2)\n* Windows Server 2012\n* Windows Server 2012R2\n\nWindows 2003R2 is *not* supported because it lacks Add/Remove Features.\n\nCookbooks\n---------\n\n* windows\n\nAttributes\n==========\n\n* `node['iis']['home']` - IIS main home directory. default is `%WINDIR%\\System32\\inetsrv`\n* `node['iis']['conf_dir']` - location where main IIS configs lives. default is `%WINDIR%\\System32\\inetsrv\\config`\n* `node['iis']['pubroot']` - . default is `%SYSTEMDRIVE%\\inetpub`\n* `node['iis']['docroot']` - IIS web site home directory. default is `%SYSTEMDRIVE%\\inetpub\\wwwroot`\n* `node['iis']['log_dir']` - location of IIS logs. default is `%SYSTEMDRIVE%\\inetpub\\logs\\LogFiles`\n* `node['iis']['cache_dir']` - location of cached data. default is `%SYSTEMDRIVE%\\inetpub\\temp`\n\nResource/Provider\n=================\n\niis_site\n---------\n\nAllows easy management of IIS virtual sites (ie vhosts).\n\n### Actions\n\n- `:add` - add a new virtual site\n- `:config` - apply configuration to an existing virtual site\n- `:delete` - delete an existing virtual site\n- `:start` - start a virtual site\n- `:stop` - stop a virtual site\n- `:restart` - restart a virtual site\n\n### Attribute Parameters\n\n- `product_id` - name attribute. Specifies the ID of a product to install.\n- `site_name` - name attribute.\n- `site_id` - if not given IIS generates a unique ID for the site\n- `path` - IIS will create a root application and a root virtual directory mapped to this specified local path\n- `protocol` - http protocol type the site should respond to. valid values are :http, :https. default is :http\n- `port` - port site will listen on. default is 80\n- `host_header` - host header (also known as domains or host names) the site should map to. default is all host headers\n- `options` - additional options to configure the site\n- `bindings` - Advanced options to configure the information required for requests to communicate with a Web site. See http://www.iis.net/configreference/system.applicationhost/sites/site/bindings/binding for parameter format. When binding is used, port protocol and host_header should not be used.\n- `application_pool` - set the application pool of the site\n- `options` - support for additional options -logDir, -limits, -ftpServer, etc...\n- `log_directory` - specifies the logging directory, where the log file and logging-related support files are stored.\n- `log_period` - specifies how often iis creates a new log file\n- `log_truncsize` - specifies the maximum size of the log file (in bytes) after which to create a new log file.\n\n### Examples\n\n```ruby\n# stop and delete the default site\niis_site 'Default Web Site' do\n action [:stop, :delete]\nend\n```\n\n```ruby\n# create and start a new site that maps to\n# the physical location C:\\inetpub\\wwwroot\\testfu\niis_site 'Testfu Site' do\n protocol :http\n port 80\n path \"#{node['iis']['docroot']}/testfu\"\n action [:add,:start]\nend\n```\n\n```ruby\n# do the same but map to testfu.chef.io domain\niis_site 'Testfu Site' do\n protocol :http\n port 80\n path \"#{node['iis']['docroot']}/testfu\"\n host_header \"testfu.chef.io\"\n action [:add,:start]\nend\n```\n\n```ruby\n# create and start a new site that maps to\n# the physical C:\\inetpub\\wwwroot\\testfu\n# also adds bindings to http and https\n# binding http to the ip address 10.12.0.136,\n# the port 80, and the host header www.domain.com\n# also binding https to any ip address,\n# the port 443, and the host header www.domain.com\niis_site 'FooBar Site' do\n bindings \"http/10.12.0.136:80:www.domain.com,https/*:443:www.domain.com\n path \"#{node['iis']['docroot']}/testfu\"\n action [:add,:start]\nend\n```\n\niis_config\n-----------\nRuns a config command on your IIS instance.\n\n### Actions\n\n- `:config` - Runs the configuration command\n\n### Attribute Parameters\n\n- `cfg_cmd` - name attribute. What ever command you would pass in after \"appcmd.exe set config\"\n\n### Example\n\n```ruby\n# Sets up logging\niis_config \"/section:system.applicationHost/sites /siteDefaults.logfile.directory:\\\"D:\\\\logs\\\"\" do\n action :config\nend\n```\n\n```ruby\n# Loads an array of commands from the node\ncfg_cmds = node['iis']['cfg_cmd']\ncfg_cmds.each do |cmd|\n iis_config \"#{cmd}\" do\n action :config\n end\nend\n```\n\niis_pool\n---------\nCreates an application pool in IIS.\n\n### Actions\n\n- `:add` - add a new application pool\n- `:config` - apply configuration to an existing application pool\n- `:delete` - delete an existing application pool\n- `:start` - start a application pool\n- `:stop` - stop a application pool\n- `:restart` - restart a application pool\n- `:recycle` - recycle an application pool\n\n### Attribute Parameters\n\n#### Root Items\n- `pool_name` - name attribute. Specifies the name of the pool to create.\n- `runtime_version` - specifies what .NET version of the runtime to use.\n- `pipeline_mode` - specifies what pipeline mode to create the pool with, valid values are :Integrated or :Classic, the default is :Integrated\n- `no_managed_code` - allow Unmanaged Code in setting up IIS app pools is shutting down. - default is true - optional\n\n#### Add Items\n- `start_mode` - Specifies the startup type for the application pool - default :OnDemand (:OnDemand, :AlwaysRunning) - optional\n- `auto_start` - When true, indicates to the World Wide Web Publishing Service (W3SVC) that the application pool should be automatically started when it is created or when IIS is started. - boolean: default true - optional\n- `queue_length` - Indicates to HTTP.sys how many requests to queue for an application pool before rejecting future requests. - default is 1000 - optional\n- `thirty_two_bit` - set the pool to run in 32 bit mode, valid values are true or false, default is false - optional\n\n#### Process Model Items\n- `max_proc` - specifies the number of worker processes associated with the pool.\n- `load_user_profile` - This property is used only when a service starts in a named user account. - Default is false - optional\n- `pool_identity` - the account identity that they app pool will run as, valid values are :SpecificUser, :NetworkService, :LocalService, :LocalSystem, :ApplicationPoolIdentity\n- `pool_username` - username for the identity for the application pool\n- `pool_password` password for the identity for the application pool is started. Default is true - optional\n- `logon_type` - Specifies the logon type for the process identity. (For additional information about [logon types](http://msdn.microsoft.com/en-us/library/aa378184%28VS.85%29.aspx), see the LogonUser Function topic on Microsoft's MSDN Web site.) - Available [:LogonBatch, :LogonService] - default is :LogonBatch - optional\n- `manual_group_membership` - Specifies whether the IIS_IUSRS group Security Identifier (SID) is added to the worker process token. When false, IIS automatically uses an application pool identity as though it were a member of the built-in IIS_IUSRS group, which has access to necessary file and system resources. When true, an application pool identity must be explicitly added to all resources that a worker process requires at runtime. - default is false - optional\n- `idle_timeout` - Specifies how long (in minutes) a worker process should run idle if no new requests are received and the worker process is not processing requests. After the allocated time passes, the worker process should request that it be shut down by the WWW service. - default is '00:20:00' - optional\n- `shutdown_time_limit` - Specifies the time that the W3SVC service waits after it initiated a recycle. If the worker process does not shut down within the shutdownTimeLimit, it will be terminated by the W3SVC service. - default is '00:01:30' - optional\n- `startup_time_limit` - Specifies the time that IIS waits for an application pool to start. If the application pool does not startup within the startupTimeLimit, the worker process is terminated and the rapid-fail protection count is incremented. - default is '00:01:30' - optional\n- `pinging_enabled` - Specifies whether pinging is enabled for the worker process. - default is true - optional\n- `ping_interval` - Specifies the time between health-monitoring pings that the WWW service sends to a worker process - default is '00:00:30' - optional\n- `ping_response_time` - Specifies the time that a worker process is given to respond to a health-monitoring ping. After the time limit is exceeded, the WWW service terminates the worker process - default is '00:01:30' - optional\n\n#### Recycling Items\n- `disallow_rotation_on_config_change` - The DisallowRotationOnConfigChange property specifies whether or not the World Wide Web Publishing Service (WWW Service) should rotate worker processes in an application pool when the configuration has changed. - Default is false - optional\n- `disallow_overlapping_rotation` - Specifies whether the WWW Service should start another worker process to replace the existing worker process while that process\n- `recycle_after_time` - specifies a pool to recycle at regular time intervals, d.hh:mm:ss, d optional\n- `recycle_at_time` - schedule a pool to recycle at a specific time, d.hh:mm:ss, d optional\n- `private_mem` - specifies the amount of private memory (in kilobytes) after which you want the pool to recycle\n\n#### Failure Items\n- `load_balancer_capabilities` - Specifies behavior when a worker process cannot be started, such as when the request queue is full or an application pool is in rapid-fail protection. - default is :HttpLevel - optional\n- `orphan_worker_process` - Specifies whether to assign a worker process to an orphan state instead of terminating it when an application pool fails. - default is false - optional\n- `orphan_action_exe` - Specifies an executable to run when the WWW service orphans a worker process (if the orphanWorkerProcess attribute is set to true). You can use the orphanActionParams attribute to send parameters to the executable. - optional\n- `orphan_action_params` - Indicates command-line parameters for the executable named by the orphanActionExe attribute. To specify the process ID of the orphaned process, use %1%. - optional\n- `rapid_fail_protection` - Setting to true instructs the WWW service to remove from service all applications that are in an application pool - default is true - optional\n- `rapid_fail_protection_interval` - Specifies the number of minutes before the failure count for a process is reset. - default is '00:05:00' - optional\n- `rapid_fail_protection_max_crashes` - Specifies the maximum number of failures that are allowed within the number of minutes specified by the rapidFailProtectionInterval attribute. - default is 5 - optional\n- `auto_shutdown_exe` - Specifies an executable to run when the WWW service shuts down an application pool. - optional\n- `auto_shutdown_params` - Specifies command-line parameters for the executable that is specified in the autoShutdownExe attribute. - optional\n\n#### CPU Items\n- `cpu_action` - Configures the action that IIS takes when a worker process exceeds its configured CPU limit. The action attribute is configured on a per-application pool basis. - Available options [:NoAction, :KillW3wp, :Throttle, :ThrottleUnderLoad] - default is :NoAction - optional\n- `cpu_limit` - Configures the maximum percentage of CPU time (in 1/1000ths of one percent) that the worker processes in an application pool are allowed to consume over a period of time as indicated by the resetInterval attribute. If the limit set by the limit attribute is exceeded, an event is written to the event log and an optional set of events can be triggered. These optional events are determined by the action attribute. - default is 0 - optional\n- `cpu_reset_interval` - Specifies the reset period (in minutes) for CPU monitoring and throttling limits on an application pool. When the number of minutes elapsed since the last process accounting reset equals the number specified by this property, IIS resets the CPU timers for both the logging and limit intervals. - default is '00:05:00' - optional\n- `cpu_smp_affinitized` - Specifies whether a particular worker process assigned to an application pool should also be assigned to a given CPU. - default is false - optional\n- `smp_processor_affinity_mask` - Specifies the hexadecimal processor mask for multi-processor computers, which indicates to which CPU the worker processes in an application pool should be bound. Before this property takes effect, the smpAffinitized attribute must be set to true for the application pool. - default is 4294967295 - optional\n- `smp_processor_affinity_mask_2` - Specifies the high-order DWORD hexadecimal processor mask for 64-bit multi-processor computers, which indicates to which CPU the worker processes in an application pool should be bound. Before this property takes effect, the smpAffinitized attribute must be set to true for the application pool. - default is 4294967295 - optional\n\n### Example\n\n```ruby\n# creates a new app pool\niis_pool 'myAppPool_v1_1' do\n runtime_version \"2.0\"\n pipeline_mode :Classic\n action :add\nend\n```\n\niis_app\n--------\n\nCreates an application in IIS.\n\n### Actions\n\n- `:add` - add a new application pool\n- `:delete` - delete an existing application pool\n\n### Attribute Parameters\n\n- `site_name` - name attribute. The name of the site to add this app to\n- `path` -The virtual path for this application\n- `application_pool` - The pool this application belongs to\n- `physical_path` - The physical path where this app resides.\n- `enabled_protocols` - The enabled protocols that this app provides (http, https, net.pipe, net.tcp, etc)\n\n### Example\n\n```ruby\n# creates a new app\niis_app \"myApp\" do\n path \"/v1_1\"\n application_pool \"myAppPool_v1_1\"\n physical_path \"#{node['iis']['docroot']}/testfu/v1_1\"\n enabled_protocols \"http,net.pipe\"\n action :add\nend\n```\n\niis_vdir\n---------\n\nAllows easy management of IIS virtual directories (i.e. vdirs).\n\n### Actions\n\n- :add: - add a new virtual directory\n- :delete: - delete an existing virtual directory\n- :config: - configure a virtual directory\n\n### Attribute Parameters\n\n- `application_name`: name attribute. Specifies the name of the application attribute. This is the name of the website or application you are adding it to.\n- `path`: The virtual directory path on the site.\n- `physical_path`: The physical path of the virtual directory on the disk.\n- `username`: (optional) The username required to logon to the physical_path. If set to \"\" will clear username and password.\n- `password`: (optional) The password required to logon to the physical_path\n- `logon_method`: (optional, default: :ClearText) The method used to logon (:Interactive, :Batch, :Network, :ClearText). For more information on these types, see \"LogonUser Function\", Read more at [MSDN](http://msdn2.microsoft.com/en-us/library/aa378184.aspx)\n- `allow_sub_dir_config`: (optional, default: true) Boolean that specifies whether or not the Web server will look for configuration files located in the subdirectories of this virtual directory. Setting this to false can improve performance on servers with very large numbers of web.config files, but doing so prevents IIS configuration from being read in subdirectories.\n\n### Examples\n\n```ruby\n# add a virtual directory to default application\niis_vdir 'Default Web Site/' do\n action :add\n path '/Content/Test'\n physical_path 'C:\\wwwroot\\shared\\test'\nend\n```\n\n```ruby\n# add a virtual directory to an application under a site\niis_vdir 'Default Web Site/my application' do\n action :add\n path '/Content/Test'\n physical_path 'C:\\wwwroot\\shared\\test'\nend\n```\n\n```ruby\n# adds a virtual directory to default application which points to a smb share. (Remember to escape the \"\\\"'s)\niis_vdir 'Default Web Site/' do\n action :add\n path '/Content/Test'\n physical_path '\\\\\\\\sharename\\\\sharefolder\\\\1'\nend\n```\n\n```ruby\n# configure a virtual directory to have a username and password\niis_vdir 'Default Web Site/' do\n action :config\n path '/Content/Test'\n username 'domain\\myspecialuser'\n password 'myspecialpassword'\nend\n```\n\n```ruby\n# delete a virtual directory from the default application\niis_vdir 'Default Web Site/' do\n action :delete\n path '/Content/Test'\nend\n```\n\niis_section\n---------\n\nAllows for the locking/unlocking of sections ([listed here](http://www.iis.net/configreference) or via the command `appcmd list config \\\"\\\" /config:* /xml`)\n\nThis is valuable to allow the `web.config` of an individual application/website control it's own settings.\n\n### Actions\n\n- `:lock`: - locks the `section` passed\n- `:unlock`: - unlocks the `section` passed\n\n### Attribute Parameters\n\n- `section`: The name of the section to lock.\n- `returns`: The result of the `shell_out` command.\n\n### Examples\n\n```ruby\n# Sets the IIS global windows authentication to be locked globally\niis_section 'locks global configuration of windows auth' do\n section 'system.webServer/security/authentication/windowsAuthentication'\n action :lock\nend\n```\n\n```ruby\n# Sets the IIS global Basic authentication to be locked globally\niis_section 'locks global configuration of Basic auth' do\n section 'system.webServer/security/authentication/basicAuthentication'\n action :lock\nend\n```\n\n```ruby\n# Sets the IIS global windows authentication to be unlocked globally\niis_section 'unlocked web.config globally for windows auth' do\n action :unlock\n section 'system.webServer/security/authentication/windowsAuthentication'\nend\n```\n\n```ruby\n# Sets the IIS global Basic authentication to be unlocked globally\niis_section 'unlocked web.config globally for Basic auth' do\n action :unlock\n section 'system.webServer/security/authentication/basicAuthentication'\nend\n```\n\niis_module\n--------\n\nManages modules globally or on a per site basis.\n\n### Actions\n\n- `:add` - add a new module\n- `:delete` - delete a module\n\n### Attribute Parameters\n\n- `module_name` - The name of the module to add or delete\n- `type` - The type of module\n- `precondition` - precondition for module\n- `application` - The application or site to add the module to\n\n### Example\n\n```ruby\n# Adds a module called \"My 3rd Party Module\" to mySite/\niis_module \"My 3rd Party Module\" do\n application \"mySite/\"\n precondition \"bitness64\"\n action :add\nend\n```\n\n```ruby\n# Adds a module called \"MyModule\" to all IIS sites on the server\niis_module \"MyModule\"\n```\n\n\nUsage\n=====\n\ndefault\n-------\n\nInstalls and configures IIS 7.0/7.5/8.0 using the default configuration.\n\nmod_*\n-----\n\nThis cookbook also contains recipes for installing individual IIS modules (extensions). These recipes can be included in a node's run_list to build the minimal desired custom IIS installation.\n\n* `mod_aspnet` - installs ASP.NET runtime components\n* `mod_aspnet45` - installs ASP.NET 4.5 runtime components\n* `mod_auth_basic` - installs Basic Authentication support\n* `mod_auth_windows` - installs Windows Authentication (authenticate clients by using NTLM or Kerberos) support\n* `mod_compress_dynamic` - installs dynamic content compression support. *PLEASE NOTE* - enabling dynamic compression always gives you more efficient use of bandwidth, but if your server's processor utilization is already very high, the CPU load imposed by dynamic compression might make your site perform more slowly.\n* `mod_compress_static` - installs static content compression support\n* `mod_iis6_metabase_compat` - installs IIS 6 Metabase Compatibility component.\n* `mod_isapi` - installs ISAPI (Internet Server Application Programming Interface) extension and filter support.\n* `mod_logging` - installs and enables HTTP Logging (logging of Web site activity), Logging Tools (logging tools and scripts) and Custom Logging (log any of the HTTP request/response headers, IIS server variables, and client-side fields with simple configuration) support\n* `mod_management` - installs Web server Management Console which supports management of local and remote Web servers\n* `mod_security` - installs URL Authorization (Authorizes client access to the URLs that comprise a Web application), Request Filtering (configures rules to block selected client requests) and IP Security (allows or denies content access based on IP address or domain name) support.\n* `mod_tracing` - installs support for tracing ASP.NET applications and failed requests.\n\nNote: Not every possible IIS module has a corresponding recipe. The foregoing recipes are included for convenience, but users may also place additional IIS modules that are installable as Windows features into the ``node['iis']['components']`` array.\n\nLicense and Author\n==================\n\n* Author:: Seth Chisamore ()\n* Author:: Julian Dunn ()\n* Author:: Justin Schuhmann ()\n\nCopyright:: 2011-2015, Chef Software, Inc.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache 2.0","platforms":{"windows":">= 0.0.0"},"dependencies":{"windows":">= 1.34.6"},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{}} \ No newline at end of file diff --git a/berks-cookbooks/iis/providers/app.rb b/berks-cookbooks/iis/providers/app.rb index 95792c36..0e61a4d1 100644 --- a/berks-cookbooks/iis/providers/app.rb +++ b/berks-cookbooks/iis/providers/app.rb @@ -27,7 +27,7 @@ include Opscode::IIS::Helper action :add do - unless @current_resource.exists + if !@current_resource.exists cmd = "#{appcmd(node)} add app /site.name:\"#{new_resource.site_name}\"" cmd << " /path:\"#{new_resource.path}\"" cmd << " /applicationPool:\"#{new_resource.application_pool}\"" if new_resource.application_pool @@ -36,7 +36,7 @@ Chef::Log.debug(cmd) shell_out!(cmd) new_resource.updated_by_last_action(true) - Chef::Log.info("App created") + Chef::Log.info('App created') else Chef::Log.debug("#{new_resource} app already exists - nothing to do") end @@ -50,47 +50,48 @@ if cmd_current_values.stderr.empty? xml = cmd_current_values.stdout doc = Document.new(xml) - is_new_path = is_new_or_empty_value?(doc.root, "APP/application/@path", new_resource.path.to_s) - is_new_application_pool = is_new_or_empty_value?(doc.root, "APP/application/@applicationPool", new_resource.application_pool.to_s) - is_new_enabled_protocols = is_new_or_empty_value?(doc.root, "APP/application/@enabledProtocols", new_resource.enabled_protocols.to_s) - is_new_physical_path = is_new_or_empty_value?(doc.root, "APP/application/virtualDirectory/@physicalPath", new_resource.physical_path.to_s) + is_new_path = new_or_empty_value?(doc.root, 'APP/application/@path', new_resource.path.to_s) + is_new_application_pool = new_or_empty_value?(doc.root, 'APP/application/@applicationPool', new_resource.application_pool.to_s) + is_new_enabled_protocols = new_or_empty_value?(doc.root, 'APP/application/@enabledProtocols', new_resource.enabled_protocols.to_s) + is_new_physical_path = new_or_empty_value?(doc.root, 'APP/application/virtualDirectory/@physicalPath', new_resource.physical_path.to_s) - #only get the beginning of the command if there is something that changeds - cmd = "#{appcmd(node)} set app \"#{site_identifier}\"" if ((new_resource.path && is_new_path) or - (new_resource.application_pool && is_new_application_pool) or + # only get the beginning of the command if there is something that changeds + cmd = "#{appcmd(node)} set app \"#{site_identifier}\"" if ((new_resource.path && is_new_path) || + (new_resource.application_pool && is_new_application_pool) || (new_resource.enabled_protocols && is_new_enabled_protocols)) - #adds path to the cmd + # adds path to the cmd cmd << " /path:\"#{new_resource.path}\"" if new_resource.path && is_new_path - #adds applicationPool to the cmd + # adds applicationPool to the cmd cmd << " /applicationPool:\"#{new_resource.application_pool}\"" if new_resource.application_pool && is_new_application_pool - #adds enabledProtocols to the cmd + # adds enabledProtocols to the cmd cmd << " /enabledProtocols:\"#{new_resource.enabled_protocols}\"" if new_resource.enabled_protocols && is_new_enabled_protocols Chef::Log.debug(cmd) - - if(cmd == nil) + + if (cmd.nil?) Chef::Log.debug("#{new_resource} application - nothing to do") else shell_out!(cmd) - - if ((new_resource.path && is_new_path) or - (new_resource.application_pool && is_new_application_pool) or - (new_resource.enabled_protocols && is_new_enabled_protocols)) - was_updated = true - end + was_updated = true + end - if new_resource.physical_path && is_new_physical_path - was_updated = true - cmd = "#{appcmd(node)} set vdir /vdir.name:\"#{vdir_identifier}\"" - cmd << " /physicalPath:\"#{windows_cleanpath(new_resource.physical_path)}\"" - Chef::Log.debug(cmd) - shell_out!(cmd) - end - if was_updated - new_resource.updated_by_last_action(true) - Chef::Log.info("#{new_resource} configured application") - else - Chef::Log.debug("#{new_resource} application - nothing to do") - end + if ((new_resource.path && is_new_path) || + (new_resource.application_pool && is_new_application_pool) || + (new_resource.enabled_protocols && is_new_enabled_protocols)) + was_updated = true + end + + if new_resource.physical_path && is_new_physical_path + was_updated = true + cmd = "#{appcmd(node)} set vdir /vdir.name:\"#{vdir_identifier}\"" + cmd << " /physicalPath:\"#{windows_cleanpath(new_resource.physical_path)}\"" + Chef::Log.debug(cmd) + shell_out!(cmd) + end + if was_updated + new_resource.updated_by_last_action(true) + Chef::Log.info("#{new_resource} configured application") + else + Chef::Log.debug("#{new_resource} application - nothing to do") end else log "Failed to run iis_app action :config, #{cmd_current_values.stderr}" do @@ -117,7 +118,7 @@ def load_current_resource cmd = shell_out("#{appcmd(node)} list app") Chef::Log.debug("#{new_resource} list app command output: #{cmd.stdout}") regex = /^APP\s\"#{new_resource.site_name}#{new_resource.path}\"/ - Chef::Log.debug("Running regex") + Chef::Log.debug('Running regex') if cmd.stderr.empty? result = cmd.stdout.match(regex) Chef::Log.debug("#{new_resource} current_resource match output:#{result}") @@ -134,11 +135,12 @@ def load_current_resource end private - def site_identifier - "#{new_resource.site_name}#{new_resource.path}" - end - #Ensure VDIR identifier has a trailing slash - def vdir_identifier - site_identifier.end_with?("/") ? site_identifier : site_identifier + "/" - end +def site_identifier + "#{new_resource.site_name}#{new_resource.path}" +end + +# Ensure VDIR identifier has a trailing slash +def vdir_identifier + site_identifier.end_with?('/') ? site_identifier : site_identifier + '/' +end diff --git a/berks-cookbooks/iis/providers/config.rb b/berks-cookbooks/iis/providers/config.rb index e1994d6f..37a37875 100644 --- a/berks-cookbooks/iis/providers/config.rb +++ b/berks-cookbooks/iis/providers/config.rb @@ -27,7 +27,7 @@ action :config do cmd = "#{appcmd(node)} set config #{new_resource.cfg_cmd}" Chef::Log.debug(cmd) - shell_out!(cmd, :returns => new_resource.returns) - Chef::Log.info("IIS Config command run") + shell_out!(cmd, returns: new_resource.returns) + Chef::Log.info('IIS Config command run') new_resource.updated_by_last_action(true) end diff --git a/berks-cookbooks/iis/providers/module.rb b/berks-cookbooks/iis/providers/module.rb index 8eb1ea40..83151076 100644 --- a/berks-cookbooks/iis/providers/module.rb +++ b/berks-cookbooks/iis/providers/module.rb @@ -30,7 +30,7 @@ def whyrun_supported? # appcmd syntax for adding modules # appcmd add module /name:string /type:string /preCondition:string action :add do - unless @current_resource.exists + if !@current_resource.exists converge_by("add IIS module #{new_resource.module_name}") do cmd = "#{appcmd(node)} add module /module.name:\"#{new_resource.module_name}\"" @@ -46,7 +46,7 @@ def whyrun_supported? cmd << " /preCondition:\"#{new_resource.precondition}\"" end - shell_out!(cmd, {:returns => [0,42]}) + shell_out!(cmd, returns: [0, 42]) Chef::Log.info("#{new_resource} added module '#{new_resource.module_name}'") end @@ -58,13 +58,12 @@ def whyrun_supported? action :delete do if @current_resource.exists converge_by("delete IIS module #{new_resource.module_name}") do - cmd = "#{appcmd(node)} delete module /module.name:\"#{new_resource.module_name}\"" if new_resource.application cmd << " /app.name:\"#{new_resource.application}\"" end - shell_out!(cmd, {:returns => [0,42]}) + shell_out!(cmd, returns: [0, 42]) end Chef::Log.info("#{new_resource} deleted") diff --git a/berks-cookbooks/iis/providers/pool.rb b/berks-cookbooks/iis/providers/pool.rb index c8336099..e3f2373d 100644 --- a/berks-cookbooks/iis/providers/pool.rb +++ b/berks-cookbooks/iis/providers/pool.rb @@ -27,16 +27,16 @@ include Opscode::IIS::Helper action :add do - unless @current_resource.exists + if !@current_resource.exists cmd = "#{appcmd(node)} add apppool /name:\"#{new_resource.pool_name}\"" - cmd << " /managedRuntimeVersion:" if new_resource.runtime_version || new_resource.no_managed_code + cmd << ' /managedRuntimeVersion:' if new_resource.runtime_version || new_resource.no_managed_code cmd << "v#{new_resource.runtime_version}" if new_resource.runtime_version && !new_resource.no_managed_code cmd << " /managedPipelineMode:#{new_resource.pipeline_mode.capitalize}" if new_resource.pipeline_mode Chef::Log.debug(cmd) shell_out!(cmd) configure new_resource.updated_by_last_action(true) - Chef::Log.info("App pool created") + Chef::Log.info('App pool created') else Chef::Log.debug("#{new_resource} pool already exists - nothing to do") end @@ -57,7 +57,7 @@ end action :start do - unless @current_resource.running + if !@current_resource.running shell_out!("#{appcmd(node)} start apppool \"#{site_identifier}\"") new_resource.updated_by_last_action(true) Chef::Log.info("#{new_resource} started") @@ -115,6 +115,7 @@ def load_current_resource end private + def site_identifier new_resource.pool_name end @@ -129,55 +130,56 @@ def configure doc = Document.new(xml) # root items - is_new_managed_runtime_version = is_new_value?(doc.root, "APPPOOL/@RuntimeVersion", "v#{new_resource.runtime_version}") - + is_new_managed_runtime_version = new_value?(doc.root, 'APPPOOL/@RuntimeVersion', "v#{new_resource.runtime_version}") + is_new_pipeline_mode = new_value?(doc.root, 'APPPOOL/@PipelineMode'.capitalize, "#{new_resource.pipeline_mode}".to_s.capitalize) + # add items - is_new_start_mode = is_new_value?(doc.root, "APPPOOL/add/@startMode", new_resource.start_mode.to_s) - is_new_auto_start = is_new_value?(doc.root, "APPPOOL/add/@autoStart", new_resource.auto_start.to_s) - is_new_queue_length = is_new_value?(doc.root, "APPPOOL/add/@queueLength", new_resource.queue_length.to_s) - is_new_enable_32_bit_app_on_win_64 = is_new_value?(doc.root, "APPPOOL/add/@enable32BitAppOnWin64", new_resource.thirty_two_bit.to_s) - + is_new_start_mode = new_value?(doc.root, 'APPPOOL/add/@startMode', new_resource.start_mode.to_s) + is_new_auto_start = new_value?(doc.root, 'APPPOOL/add/@autoStart', new_resource.auto_start.to_s) + is_new_queue_length = new_value?(doc.root, 'APPPOOL/add/@queueLength', new_resource.queue_length.to_s) + is_new_enable_32_bit_app_on_win_64 = new_value?(doc.root, 'APPPOOL/add/@enable32BitAppOnWin64', new_resource.thirty_two_bit.to_s) + # processModel items - is_new_max_processes = is_new_or_empty_value?(doc.root, "APPPOOL/add/processModel/@maxProcesses", new_resource.max_proc.to_s) - is_new_load_user_profile = is_new_value?(doc.root, "APPPOOL/add/processModel/@loadUserProfile", new_resource.load_user_profile.to_s) - is_new_identity_type = is_new_value?(doc.root, "APPPOOL/add/processModel/@identityType", new_resource.pool_identity.to_s) - is_new_user_name = is_new_or_empty_value?(doc.root, "APPPOOL/add/processModel/@userName", new_resource.pool_username.to_s) - is_new_password = is_new_or_empty_value?(doc.root, "APPPOOL/add/processModel/@password", new_resource.pool_password.to_s) - is_new_logon_type = is_new_value?(doc.root, "APPPOOL/add/processModel/@logonType", new_resource.logon_type.to_s) - is_new_manual_group_membership = is_new_value?(doc.root, "APPPOOL/add/processModel/@manualGroupMembership", new_resource.manual_group_membership.to_s) - is_new_idle_timeout = is_new_value?(doc.root, "APPPOOL/add/processModel/@idleTimeout", new_resource.idle_timeout.to_s) - is_new_shutdown_time_limit = is_new_value?(doc.root, "APPPOOL/add/processModel/@shutdownTimeLimit", new_resource.shutdown_time_limit.to_s) - is_new_startup_time_limit = is_new_value?(doc.root, "APPPOOL/add/processModel/@startupTimeLimit", new_resource.startup_time_limit.to_s) - is_new_pinging_enabled = is_new_value?(doc.root, "APPPOOL/add/processModel/@pingingEnabled", new_resource.pinging_enabled.to_s) - is_new_ping_interval = is_new_value?(doc.root, "APPPOOL/add/processModel/@pingInterval", new_resource.ping_interval.to_s) - is_new_ping_response_time = is_new_value?(doc.root, "APPPOOL/add/processModel/@pingResponseTime", new_resource.ping_response_time.to_s) - + is_new_max_processes = new_or_empty_value?(doc.root, 'APPPOOL/add/processModel/@maxProcesses', new_resource.max_proc.to_s) + is_new_load_user_profile = new_value?(doc.root, 'APPPOOL/add/processModel/@loadUserProfile', new_resource.load_user_profile.to_s) + is_new_identity_type = new_value?(doc.root, 'APPPOOL/add/processModel/@identityType', new_resource.pool_identity.to_s) + is_new_user_name = new_or_empty_value?(doc.root, 'APPPOOL/add/processModel/@userName', new_resource.pool_username.to_s) + is_new_password = new_or_empty_value?(doc.root, 'APPPOOL/add/processModel/@password', new_resource.pool_password.to_s) + is_new_logon_type = new_value?(doc.root, 'APPPOOL/add/processModel/@logonType', new_resource.logon_type.to_s) + is_new_manual_group_membership = new_value?(doc.root, 'APPPOOL/add/processModel/@manualGroupMembership', new_resource.manual_group_membership.to_s) + is_new_idle_timeout = new_value?(doc.root, 'APPPOOL/add/processModel/@idleTimeout', new_resource.idle_timeout.to_s) + is_new_shutdown_time_limit = new_value?(doc.root, 'APPPOOL/add/processModel/@shutdownTimeLimit', new_resource.shutdown_time_limit.to_s) + is_new_startup_time_limit = new_value?(doc.root, 'APPPOOL/add/processModel/@startupTimeLimit', new_resource.startup_time_limit.to_s) + is_new_pinging_enabled = new_value?(doc.root, 'APPPOOL/add/processModel/@pingingEnabled', new_resource.pinging_enabled.to_s) + is_new_ping_interval = new_value?(doc.root, 'APPPOOL/add/processModel/@pingInterval', new_resource.ping_interval.to_s) + is_new_ping_response_time = new_value?(doc.root, 'APPPOOL/add/processModel/@pingResponseTime', new_resource.ping_response_time.to_s) + # failure items - is_new_load_balancer_capabilities = is_new_value?(doc.root, "APPPOOL/add/failure/@loadBalancerCapabilities", new_resource.load_balancer_capabilities.to_s) - is_new_orphan_worker_process = is_new_value?(doc.root, "APPPOOL/add/failure/@orphanWorkerProcess", new_resource.orphan_worker_process.to_s) - is_new_orphan_action_exe = is_new_or_empty_value?(doc.root, "APPPOOL/add/failure/@orphanActionExe", new_resource.orphan_action_exe.to_s) - is_new_orphan_action_params = is_new_or_empty_value?(doc.root, "APPPOOL/add/failure/@orphanActionParams", new_resource.orphan_action_params.to_s) - is_new_rapid_fail_protection = is_new_value?(doc.root, "APPPOOL/add/failure/@rapidFailProtection", new_resource.rapid_fail_protection.to_s) - is_new_rapid_fail_protection_interval = is_new_value?(doc.root, "APPPOOL/add/failure/@rapidFailProtectionInterval", new_resource.rapid_fail_protection_interval.to_s) - is_new_rapid_fail_protection_max_crashes = is_new_value?(doc.root, "APPPOOL/add/failure/@rapidFailProtectionMaxCrashes", new_resource.rapid_fail_protection_max_crashes.to_s) - is_new_auto_shutdown_exe = is_new_or_empty_value?(doc.root, "APPPOOL/add/failure/@autoShutdownExe", new_resource.auto_shutdown_exe.to_s) - is_new_auto_shutdown_params = is_new_or_empty_value?(doc.root, "APPPOOL/add/failure/@autoShutdownParams", new_resource.auto_shutdown_params.to_s) - + is_new_load_balancer_capabilities = new_value?(doc.root, 'APPPOOL/add/failure/@loadBalancerCapabilities', new_resource.load_balancer_capabilities.to_s) + is_new_orphan_worker_process = new_value?(doc.root, 'APPPOOL/add/failure/@orphanWorkerProcess', new_resource.orphan_worker_process.to_s) + is_new_orphan_action_exe = new_or_empty_value?(doc.root, 'APPPOOL/add/failure/@orphanActionExe', new_resource.orphan_action_exe.to_s) + is_new_orphan_action_params = new_or_empty_value?(doc.root, 'APPPOOL/add/failure/@orphanActionParams', new_resource.orphan_action_params.to_s) + is_new_rapid_fail_protection = new_value?(doc.root, 'APPPOOL/add/failure/@rapidFailProtection', new_resource.rapid_fail_protection.to_s) + is_new_rapid_fail_protection_interval = new_value?(doc.root, 'APPPOOL/add/failure/@rapidFailProtectionInterval', new_resource.rapid_fail_protection_interval.to_s) + is_new_rapid_fail_protection_max_crashes = new_value?(doc.root, 'APPPOOL/add/failure/@rapidFailProtectionMaxCrashes', new_resource.rapid_fail_protection_max_crashes.to_s) + is_new_auto_shutdown_exe = new_or_empty_value?(doc.root, 'APPPOOL/add/failure/@autoShutdownExe', new_resource.auto_shutdown_exe.to_s) + is_new_auto_shutdown_params = new_or_empty_value?(doc.root, 'APPPOOL/add/failure/@autoShutdownParams', new_resource.auto_shutdown_params.to_s) + # recycling items - is_new_disallow_overlapping_rotation = is_new_value?(doc.root, "APPPOOL/add/recycling/@disallowOverlappingRotation", new_resource.disallow_overlapping_rotation.to_s) - is_new_disallow_rotation_on_config_change = is_new_value?(doc.root, "APPPOOL/add/recycling/@disallowRotationOnConfigChange", new_resource.disallow_rotation_on_config_change.to_s) - is_new_recycle_after_time = is_new_or_empty_value?(doc.root, "APPPOOL/add/recycling/periodicRestart/@time", new_resource.recycle_after_time.to_s) - is_new_recycle_at_time = is_new_or_empty_value?(doc.root, "APPPOOL/add/recycling/periodicRestart/schedule/add/@value", new_resource.recycle_at_time.to_s) - is_new_private_memory = is_new_or_empty_value?(doc.root, "APPPOOL/add/recycling/periodicRestart/@privateMemory", new_resource.private_mem.to_s) - is_new_log_event_on_recycle = is_new_value?(doc.root, "APPPOOL/add/recycling/@logEventOnRecycle", "Time, Requests, Schedule, Memory, IsapiUnhealthy, OnDemand, ConfigChange, PrivateMemory") + is_new_disallow_overlapping_rotation = new_value?(doc.root, 'APPPOOL/add/recycling/@disallowOverlappingRotation', new_resource.disallow_overlapping_rotation.to_s) + is_new_disallow_rotation_on_config_change = new_value?(doc.root, 'APPPOOL/add/recycling/@disallowRotationOnConfigChange', new_resource.disallow_rotation_on_config_change.to_s) + is_new_recycle_after_time = new_or_empty_value?(doc.root, 'APPPOOL/add/recycling/periodicRestart/@time', new_resource.recycle_after_time.to_s) + is_new_recycle_at_time = new_or_empty_value?(doc.root, 'APPPOOL/add/recycling/periodicRestart/schedule/add/@value', new_resource.recycle_at_time.to_s) + is_new_private_memory = new_or_empty_value?(doc.root, 'APPPOOL/add/recycling/periodicRestart/@privateMemory', new_resource.private_mem.to_s) + is_new_log_event_on_recycle = new_value?(doc.root, 'APPPOOL/add/recycling/@logEventOnRecycle', 'Time, Requests, Schedule, Memory, IsapiUnhealthy, OnDemand, ConfigChange, PrivateMemory') # cpu items - is_new_cpu_action = is_new_value?(doc.root, "APPPOOL/add/cpu/@action", new_resource.cpu_action.to_s) - is_new_cpu_limit = is_new_value?(doc.root, "APPPOOL/add/cpu/@limit", new_resource.cpu_limit.to_s) - is_new_cpu_smp_affinitized = is_new_value?(doc.root, "APPPOOL/add/cpu/@smpAffinitized", new_resource.cpu_smp_affinitized.to_s) - is_new_cpu_reset_interval = is_new_value?(doc.root, "APPPOOL/add/cpu/@resetInterval", new_resource.cpu_reset_interval.to_s) - is_new_smp_processor_affinity_mask = is_new_value?(doc.root, "APPPOOL/add/cpu/@smpProcessorAffinityMask", new_resource.smp_processor_affinity_mask.to_s) - is_new_smp_processor_affinity_mask_2 = is_new_value?(doc.root, "APPPOOL/add/cpu/@smpProcessorAffinityMask2", new_resource.smp_processor_affinity_mask_2.to_s) + is_new_cpu_action = new_value?(doc.root, 'APPPOOL/add/cpu/@action', new_resource.cpu_action.to_s) + is_new_cpu_limit = new_value?(doc.root, 'APPPOOL/add/cpu/@limit', new_resource.cpu_limit.to_s) + is_new_cpu_smp_affinitized = new_value?(doc.root, 'APPPOOL/add/cpu/@smpAffinitized', new_resource.cpu_smp_affinitized.to_s) + is_new_cpu_reset_interval = new_value?(doc.root, 'APPPOOL/add/cpu/@resetInterval', new_resource.cpu_reset_interval.to_s) + is_new_smp_processor_affinity_mask = new_value?(doc.root, 'APPPOOL/add/cpu/@smpProcessorAffinityMask', new_resource.smp_processor_affinity_mask.to_s) + is_new_smp_processor_affinity_mask_2 = new_value?(doc.root, 'APPPOOL/add/cpu/@smpProcessorAffinityMask2', new_resource.smp_processor_affinity_mask_2.to_s) # Application Pool Config @cmd = "#{appcmd(node)} set config /section:applicationPools" @@ -186,6 +188,7 @@ def configure configure_application_pool(is_new_auto_start, "autoStart:#{new_resource.auto_start}") configure_application_pool(is_new_start_mode, "startMode:#{new_resource.start_mode}") configure_application_pool(new_resource.runtime_version && is_new_managed_runtime_version, "managedRuntimeVersion:v#{new_resource.runtime_version}") + configure_application_pool(new_resource.pipeline_mode && is_new_pipeline_mode, "managedPipelineMode:#{new_resource.pipeline_mode}") configure_application_pool(new_resource.thirty_two_bit && is_new_enable_32_bit_app_on_win_64, "enable32BitAppOnWin64:#{new_resource.thirty_two_bit}") configure_application_pool(new_resource.queue_length && is_new_queue_length, "queueLength:#{new_resource.queue_length}") @@ -200,10 +203,10 @@ def configure configure_application_pool(is_new_pinging_enabled, "processModel.pingingEnabled:#{new_resource.pinging_enabled}") configure_application_pool(is_new_ping_interval, "processModel.pingInterval:#{new_resource.ping_interval}") configure_application_pool(is_new_ping_response_time, "processModel.pingResponseTime:#{new_resource.ping_response_time}") - + # recycling items ## Special case this collection removal for now. - if(new_resource.recycle_at_time && is_new_recycle_at_time) + if (new_resource.recycle_at_time && is_new_recycle_at_time) @was_updated = true cmd = "#{appcmd(node)} set config /section:applicationPools \"/-[name='#{new_resource.pool_name}'].recycling.periodicRestart.schedule\"" Chef::Log.debug(@cmd) @@ -211,7 +214,7 @@ def configure end configure_application_pool(new_resource.recycle_after_time && is_new_recycle_after_time, "recycling.periodicRestart.time:#{new_resource.recycle_after_time}") configure_application_pool(new_resource.recycle_at_time && is_new_recycle_at_time, "recycling.periodicRestart.schedule.[value='#{new_resource.recycle_at_time}']", '+') - configure_application_pool(is_new_log_event_on_recycle, "recycling.logEventOnRecycle:PrivateMemory,Memory,Schedule,Requests,Time,ConfigChange,OnDemand,IsapiUnhealthy") + configure_application_pool(is_new_log_event_on_recycle, 'recycling.logEventOnRecycle:PrivateMemory,Memory,Schedule,Requests,Time,ConfigChange,OnDemand,IsapiUnhealthy') configure_application_pool(new_resource.private_mem && is_new_private_memory, "recycling.periodicRestart.privateMemory:#{new_resource.private_mem}") configure_application_pool(is_new_disallow_rotation_on_config_change, "recycling.disallowRotationOnConfigChange:#{new_resource.disallow_rotation_on_config_change}") configure_application_pool(is_new_disallow_overlapping_rotation, "recycling.disallowOverlappingRotation:#{new_resource.disallow_overlapping_rotation}") @@ -235,26 +238,23 @@ def configure configure_application_pool(is_new_smp_processor_affinity_mask, "cpu.smpProcessorAffinityMask:#{new_resource.smp_processor_affinity_mask}") configure_application_pool(is_new_smp_processor_affinity_mask_2, "cpu.smpProcessorAffinityMask2:#{new_resource.smp_processor_affinity_mask_2}") - if(@cmd != "#{appcmd(node)} set config /section:applicationPools") + if (@cmd != "#{appcmd(node)} set config /section:applicationPools") Chef::Log.debug(@cmd) shell_out!(@cmd) end # Application Pool Identity Settings - if ((new_resource.pool_username && new_resource.pool_username != '') and - (new_resource.pool_password && new_resource.pool_password != '') and - is_new_user_name and - is_new_password) + if ((new_resource.pool_username && new_resource.pool_username != '') && (is_new_user_name || is_new_password)) @was_updated = true cmd = "#{appcmd(node)} set config /section:applicationPools" cmd << " \"/[name='#{new_resource.pool_name}'].processModel.identityType:SpecificUser\"" cmd << " \"/[name='#{new_resource.pool_name}'].processModel.userName:#{new_resource.pool_username}\"" - cmd << " \"/[name='#{new_resource.pool_name}'].processModel.password:#{new_resource.pool_password}\"" + cmd << " \"/[name='#{new_resource.pool_name}'].processModel.password:#{new_resource.pool_password}\"" if (new_resource.pool_password && new_resource.pool_password != '' && is_new_password) Chef::Log.debug(cmd) shell_out!(cmd) - elsif ((new_resource.pool_username.nil? || new_resource.pool_username == '') and - (new_resource.pool_password.nil? || new_resource.pool_username == '') and - (is_new_identity_type and new_resource.pool_identity != "SpecificUser")) + elsif ((new_resource.pool_username.nil? || new_resource.pool_username == '') && + (new_resource.pool_password.nil? || new_resource.pool_username == '') && + (is_new_identity_type && new_resource.pool_identity != 'SpecificUser')) @was_updated = true cmd = "#{appcmd(node)} set config /section:applicationPools" cmd << " \"/[name='#{new_resource.pool_name}'].processModel.identityType:#{new_resource.pool_identity}\"" @@ -276,9 +276,12 @@ def configure end private + def configure_application_pool(condition, config, add_remove = '') - if(condition) - @was_updated = true - @cmd << " \"/#{add_remove}[name='#{new_resource.pool_name}'].#{config}\"" + unless condition + return end + + @was_updated = true + @cmd << " \"/#{add_remove}[name='#{new_resource.pool_name}'].#{config}\"" end diff --git a/berks-cookbooks/iis/providers/section.rb b/berks-cookbooks/iis/providers/section.rb index b327039b..a96132f3 100644 --- a/berks-cookbooks/iis/providers/section.rb +++ b/berks-cookbooks/iis/providers/section.rb @@ -26,28 +26,28 @@ include Opscode::IIS::Helper action :lock do - @current_resource.exists = is_new_value?(doc.root, "CONFIG/@overrideMode", "Deny") + @current_resource.exists = new_value?(doc.root, 'CONFIG/@overrideMode', 'Deny') - unless @current_resource.exists - cmd = "#{appcmd(node)} lock config -section:\"#{new_resource.section}\"" + if !@current_resource.exists + cmd = "#{appcmd(node)} lock config -section:\"#{new_resource.section}\" -commit:apphost" Chef::Log.debug(cmd) - shell_out!(cmd, :returns => new_resource.returns) + shell_out!(cmd, returns: new_resource.returns) new_resource.updated_by_last_action(true) - Chef::Log.info("IIS Config command run") + Chef::Log.info('IIS Config command run') else Chef::Log.debug("#{new_resource.section} already locked - nothing to do") end end action :unlock do - @current_resource.exists = is_new_value?(doc.root, "CONFIG/@overrideMode", "Allow") + @current_resource.exists = new_value?(doc.root, 'CONFIG/@overrideMode', 'Allow') - unless @current_resource.exists - cmd = "#{appcmd(node)} unlock config -section:\"#{new_resource.section}\"" + if !@current_resource.exists + cmd = "#{appcmd(node)} unlock config -section:\"#{new_resource.section}\" -commit:apphost" Chef::Log.debug(cmd) - shell_out!(cmd, :returns => new_resource.returns) + shell_out!(cmd, returns: new_resource.returns) new_resource.updated_by_last_action(true) - Chef::Log.info("IIS Config command run") + Chef::Log.info('IIS Config command run') else Chef::Log.debug("#{new_resource.section} already unlocked - nothing to do") end @@ -63,9 +63,9 @@ def doc Chef::Log.debug(cmd_current_values) cmd_current_values = shell_out(cmd_current_values) if cmd_current_values.stderr.empty? - xml = cmd_current_values.stdout - return Document.new(xml) + xml = cmd_current_values.stdout + return Document.new(xml) end - cmd_current_values.error! + cmd_current_values.error! end diff --git a/berks-cookbooks/iis/providers/site.rb b/berks-cookbooks/iis/providers/site.rb index 1f01dc78..8d6f9bfa 100644 --- a/berks-cookbooks/iis/providers/site.rb +++ b/berks-cookbooks/iis/providers/site.rb @@ -26,7 +26,7 @@ include Opscode::IIS::Helper action :add do - unless @current_resource.exists + if !@current_resource.exists cmd = "#{appcmd(node)} add site /name:\"#{new_resource.site_name}\"" cmd << " /id:#{new_resource.site_id}" if new_resource.site_id cmd << " /physicalPath:\"#{windows_cleanpath(new_resource.path)}\"" if new_resource.path @@ -42,10 +42,12 @@ if new_resource.options cmd << " #{new_resource.options}" end - shell_out!(cmd, {:returns => [0,42]}) + shell_out!(cmd, returns: [0, 42]) + + configure if new_resource.application_pool - shell_out!("#{appcmd(node)} set app \"#{new_resource.site_name}/\" /applicationPool:\"#{new_resource.application_pool}\"", {:returns => [0,42]}) + shell_out!("#{appcmd(node)} set app \"#{new_resource.site_name}/\" /applicationPool:\"#{new_resource.application_pool}\"", returns: [0, 42]) end new_resource.updated_by_last_action(true) Chef::Log.info("#{new_resource} added new site '#{new_resource.site_name}'") @@ -55,93 +57,13 @@ end action :config do - was_updated = false - cmd_current_values = "#{appcmd(node)} list site \"#{new_resource.site_name}\" /config:* /xml" - Chef::Log.debug(cmd_current_values) - cmd_current_values = shell_out(cmd_current_values) - if cmd_current_values.stderr.empty? - xml = cmd_current_values.stdout - doc = Document.new(xml) - is_new_bindings = is_new_value?(doc.root, "SITE/@bindings", new_resource.bindings.to_s) - is_new_physical_path = is_new_or_empty_value?(doc.root, "SITE/site/application/virtualDirectory/@physicalPath", new_resource.path.to_s) - is_new_port_host_provided = !"#{XPath.first(doc.root, "SITE/@bindings").to_s},".include?("#{new_resource.protocol.to_s}/*:#{new_resource.port}:#{new_resource.host_header},") - is_new_site_id = is_new_value?(doc.root, "SITE/site/@id", new_resource.site_id.to_s) - is_new_log_directory = is_new_or_empty_value?(doc.root,"SITE/logFiles/@directory",new_resource.log_directory.to_s) - is_new_log_period = is_new_or_empty_value?(doc.root, "SITE/logFile/@period", new_resource.log_period.to_s) - is_new_log_trunc = is_new_or_empty_value?(doc.root, "SITE/logFiles/@truncateSize",new_resource.log_truncsize.to_s) - - if (new_resource.bindings && is_new_bindings) - was_updated = true - cmd = "#{appcmd(node)} set site /site.name:\"#{new_resource.site_name}\"" - cmd << " /bindings:\"#{new_resource.bindings}\"" - shell_out!(cmd) - new_resource.updated_by_last_action(true) - elsif (((new_resource.port || new_resource.host_header || new_resource.protocol) and is_new_port_host_provided) && !new_resource.bindings) - was_updated = true - cmd = "#{appcmd(node)} set site \"#{new_resource.site_name}\"" - cmd << " /bindings:#{new_resource.protocol.to_s}/*:#{new_resource.port}:#{new_resource.host_header}" - Chef::Log.debug(cmd) - shell_out!(cmd) - new_resource.updated_by_last_action(true) - end - - if new_resource.path && is_new_physical_path - was_updated = true - cmd = "#{appcmd(node)} set vdir \"#{new_resource.site_name}/\"" - cmd << " /physicalPath:\"#{windows_cleanpath(new_resource.path)}\"" - Chef::Log.debug(cmd) - shell_out!(cmd) - end - - if new_resource.site_id && is_new_site_id - cmd = "#{appcmd(node)} set site \"#{new_resource.site_name}\"" - cmd << " /id:#{new_resource.site_id}" - Chef::Log.debug(cmd) - shell_out!(cmd) - new_resource.updated_by_last_action(true) - end - - if new_resource.log_directory && is_new_log_directory - cmd = "#{appcmd(node)} set site \"#{new_resource.site_name}\"" - cmd << " /logFile.directory:#{windows_cleanpath(new_resource.log_directory)}" - Chef::Log.debug(cmd) - shell_out!(cmd) - new_resource.updated_by_last_action(true) - end - - if new_resource.log_period && is_new_log_period - cmd = "#{appcmd(node)} set site \"#{new_resource.site_name}\"" - cmd << " /logFile.period:#{new_resource.log_period}" - Chef::Log.debug(cmd) - shell_out!(cmd) - new_resource.updated_by_last_action(true) - end - - if new_resource.log_truncsize && is_new_log_trunc - cmd = "#{appcmd(node)} set site \"#{new_resource.site_name}\"" - cmd << " /logFile.truncateSize:#{new_resource.log_truncsize}" - Chef::Log.debug(cmd) - shell_out!(cmd) - new_resource.updated_by_last_action(true) - end - - if was_updated - new_resource.updated_by_last_action(true) - Chef::Log.info("#{new_resource} configured site '#{new_resource.site_name}'") - else - Chef::Log.debug("#{new_resource} site - nothing to do") - end - else - log "Failed to run iis_site action :config, #{cmd_current_values.stderr}" do - level :warn - end - end + configure end action :delete do if @current_resource.exists Chef::Log.info("#{appcmd(node)} stop site /site.name:\"#{new_resource.site_name}\"") - shell_out!("#{appcmd(node)} delete site /site.name:\"#{new_resource.site_name}\"", {:returns => [0,42]}) + shell_out!("#{appcmd(node)} delete site /site.name:\"#{new_resource.site_name}\"", returns: [0, 42]) new_resource.updated_by_last_action(true) Chef::Log.info("#{new_resource} deleted") else @@ -150,8 +72,8 @@ end action :start do - unless @current_resource.running - shell_out!("#{appcmd(node)} start site /site.name:\"#{new_resource.site_name}\"", {:returns => [0,42]}) + if !@current_resource.running + shell_out!("#{appcmd(node)} start site /site.name:\"#{new_resource.site_name}\"", returns: [0, 42]) new_resource.updated_by_last_action(true) Chef::Log.info("#{new_resource} started") else @@ -162,7 +84,7 @@ action :stop do if @current_resource.running Chef::Log.info("#{appcmd(node)} stop site /site.name:\"#{new_resource.site_name}\"") - shell_out!("#{appcmd(node)} stop site /site.name:\"#{new_resource.site_name}\"", {:returns => [0,42]}) + shell_out!("#{appcmd(node)} stop site /site.name:\"#{new_resource.site_name}\"", returns: [0, 42]) new_resource.updated_by_last_action(true) Chef::Log.info("#{new_resource} stopped") else @@ -171,9 +93,9 @@ end action :restart do - shell_out!("#{appcmd(node)} stop site /site.name:\"#{new_resource.site_name}\"", {:returns => [0,42]}) + shell_out!("#{appcmd(node)} stop site /site.name:\"#{new_resource.site_name}\"", returns: [0, 42]) sleep 2 - shell_out!("#{appcmd(node)} start site /site.name:\"#{new_resource.site_name}\"", {:returns => [0,42]}) + shell_out!("#{appcmd(node)} start site /site.name:\"#{new_resource.site_name}\"", returns: [0, 42]) new_resource.updated_by_last_action(true) Chef::Log.info("#{new_resource} restarted") end @@ -192,7 +114,7 @@ def load_current_resource if result @current_resource.site_id(result[2].to_i) @current_resource.exists = true - bindings = result[3] + @current_resource.bindings(result[3]) @current_resource.running = (result[4] =~ /Started/) ? true : false else @current_resource.exists = false @@ -204,3 +126,96 @@ def load_current_resource end end end + +private + def configure + was_updated = false + cmd_current_values = "#{appcmd(node)} list site \"#{new_resource.site_name}\" /config:* /xml" + Chef::Log.debug(cmd_current_values) + cmd_current_values = shell_out(cmd_current_values) + if cmd_current_values.stderr.empty? + xml = cmd_current_values.stdout + doc = Document.new(xml) + is_new_bindings = new_value?(doc.root, 'SITE/@bindings', new_resource.bindings.to_s) + is_new_physical_path = new_or_empty_value?(doc.root, 'SITE/site/application/virtualDirectory/@physicalPath', new_resource.path.to_s) + is_new_port_host_provided = !"#{XPath.first(doc.root, 'SITE/@bindings')},".include?("#{new_resource.protocol}/*:#{new_resource.port}:#{new_resource.host_header},") + is_new_site_id = new_value?(doc.root, 'SITE/site/@id', new_resource.site_id.to_s) + is_new_log_directory = new_or_empty_value?(doc.root, 'SITE/logFiles/@directory', new_resource.log_directory.to_s) + is_new_log_period = new_or_empty_value?(doc.root, 'SITE/logFile/@period', new_resource.log_period.to_s) + is_new_log_trunc = new_or_empty_value?(doc.root, 'SITE/logFiles/@truncateSize', new_resource.log_truncsize.to_s) + is_new_application_pool = new_value?(doc.root, 'SITE/site/application/@applicationPool', new_resource.application_pool) + + if (new_resource.bindings && is_new_bindings) + was_updated = true + cmd = "#{appcmd(node)} set site /site.name:\"#{new_resource.site_name}\"" + cmd << " /bindings:\"#{new_resource.bindings}\"" + shell_out!(cmd) + new_resource.updated_by_last_action(true) + elsif (((new_resource.port || new_resource.host_header || new_resource.protocol) && is_new_port_host_provided) && !new_resource.bindings) + was_updated = true + cmd = "#{appcmd(node)} set site \"#{new_resource.site_name}\"" + cmd << " /bindings:#{new_resource.protocol}/*:#{new_resource.port}:#{new_resource.host_header}" + Chef::Log.debug(cmd) + shell_out!(cmd) + new_resource.updated_by_last_action(true) + end + + if new_resource.application_pool && is_new_application_pool + was_updated = true + cmd = "#{appcmd(node)} set app \"#{new_resource.site_name}/\" /applicationPool:\"#{new_resource.application_pool}\"" + Chef::Log.debug(cmd) + shell_out!(cmd, returns: [0, 42]) + end + + if new_resource.path && is_new_physical_path + was_updated = true + cmd = "#{appcmd(node)} set vdir \"#{new_resource.site_name}/\"" + cmd << " /physicalPath:\"#{windows_cleanpath(new_resource.path)}\"" + Chef::Log.debug(cmd) + shell_out!(cmd) + end + + if new_resource.site_id && is_new_site_id + cmd = "#{appcmd(node)} set site \"#{new_resource.site_name}\"" + cmd << " /id:#{new_resource.site_id}" + Chef::Log.debug(cmd) + shell_out!(cmd) + new_resource.updated_by_last_action(true) + end + + if new_resource.log_directory && is_new_log_directory + cmd = "#{appcmd(node)} set site \"#{new_resource.site_name}\"" + cmd << " /logFile.directory:#{windows_cleanpath(new_resource.log_directory)}" + Chef::Log.debug(cmd) + shell_out!(cmd) + new_resource.updated_by_last_action(true) + end + + if new_resource.log_period && is_new_log_period + cmd = "#{appcmd(node)} set site \"#{new_resource.site_name}\"" + cmd << " /logFile.period:#{new_resource.log_period}" + Chef::Log.debug(cmd) + shell_out!(cmd) + new_resource.updated_by_last_action(true) + end + + if new_resource.log_truncsize && is_new_log_trunc + cmd = "#{appcmd(node)} set site \"#{new_resource.site_name}\"" + cmd << " /logFile.truncateSize:#{new_resource.log_truncsize}" + Chef::Log.debug(cmd) + shell_out!(cmd) + new_resource.updated_by_last_action(true) + end + + if was_updated + new_resource.updated_by_last_action(true) + Chef::Log.info("#{new_resource} configured site '#{new_resource.site_name}'") + else + Chef::Log.debug("#{new_resource} site - nothing to do") + end + else + log "Failed to run iis_site action :config, #{cmd_current_values.stderr}" do + level :warn + end + end + end diff --git a/berks-cookbooks/iis/providers/vdir.rb b/berks-cookbooks/iis/providers/vdir.rb index bc875fda..b2d2332c 100644 --- a/berks-cookbooks/iis/providers/vdir.rb +++ b/berks-cookbooks/iis/providers/vdir.rb @@ -26,17 +26,17 @@ include Opscode::IIS::Helper action :add do - unless @current_resource.exists + if !@current_resource.exists cmd = "#{appcmd(node)} add vdir /app.name:\"#{new_resource.application_name}\"" cmd << " /path:\"#{new_resource.path}\"" cmd << " /physicalPath:\"#{windows_cleanpath(new_resource.physical_path)}\"" cmd << " /userName:\"#{new_resource.username}\"" if new_resource.username cmd << " /password:\"#{new_resource.password}\"" if new_resource.password - cmd << " /logonMethod:#{new_resource.logon_method.to_s}" if new_resource.logon_method + cmd << " /logonMethod:#{new_resource.logon_method}" if new_resource.logon_method cmd << " /allowSubDirConfig:#{new_resource.allow_sub_dir_config}" if new_resource.allow_sub_dir_config Chef::Log.info(cmd) - shell_out!(cmd, {:returns => [0,42]}) + shell_out!(cmd, returns: [0, 42, 183]) new_resource.updated_by_last_action(true) Chef::Log.info("#{new_resource} added new virtual directory to application: '#{new_resource.application_name}'") else @@ -52,11 +52,11 @@ if cmd_current_values.stderr.empty? xml = cmd_current_values.stdout doc = Document.new(xml) - is_new_physical_path = is_new_or_empty_value?(doc.root, "VDIR/@physicalPath", new_resource.physical_path.to_s) - is_new_user_name = is_new_or_empty_value?(doc.root, "VDIR/virtualDirectory/@userName", new_resource.username.to_s) - is_new_password = is_new_or_empty_value?(doc.root, "VDIR/virtualDirectory/@password", new_resource.password.to_s) - is_new_logon_method = is_new_or_empty_value?(doc.root, "VDIR/virtualDirectory/@logonMethod", new_resource.logon_method.to_s) - is_new_allow_sub_dir_config = is_new_or_empty_value?(doc.root, "VDIR/virtualDirectory/@allowSubDirConfig", new_resource.allow_sub_dir_config.to_s) + is_new_physical_path = new_or_empty_value?(doc.root, 'VDIR/@physicalPath', new_resource.physical_path.to_s) + is_new_user_name = new_or_empty_value?(doc.root, 'VDIR/virtualDirectory/@userName', new_resource.username.to_s) + is_new_password = new_or_empty_value?(doc.root, 'VDIR/virtualDirectory/@password', new_resource.password.to_s) + is_new_logon_method = new_or_empty_value?(doc.root, 'VDIR/virtualDirectory/@logonMethod', new_resource.logon_method.to_s) + is_new_allow_sub_dir_config = new_or_empty_value?(doc.root, 'VDIR/virtualDirectory/@allowSubDirConfig', new_resource.allow_sub_dir_config.to_s) if new_resource.physical_path && is_new_physical_path was_updated = true @@ -81,7 +81,7 @@ if new_resource.logon_method && is_new_logon_method was_updated = true - cmd = "#{appcmd(node)} set vdir \"#{application_identifier}\" /logonMethod:#{new_resource.logon_method.to_s}" + cmd = "#{appcmd(node)} set vdir \"#{application_identifier}\" /logonMethod:#{new_resource.logon_method}" Chef::Log.debug(cmd) shell_out!(cmd) end @@ -108,7 +108,7 @@ action :delete do if @current_resource.exists - shell_out!("#{appcmd(node)} delete vdir \"#{application_identifier}\"", {:returns => [0,42]}) + shell_out!("#{appcmd(node)} delete vdir \"#{application_identifier}\"", returns: [0, 42]) new_resource.updated_by_last_action(true) Chef::Log.info("#{new_resource} deleted") else @@ -125,7 +125,7 @@ def load_current_resource Chef::Log.debug("#{ new_resource } list vdir command output: #{ cmd.stdout }") if cmd.stderr.empty? - #VDIR "Testfu Site/Content/Test" + # VDIR "Testfu Site/Content/Test" result = cmd.stdout.match(/^VDIR\s\"#{Regexp.escape(application_identifier)}\"/) Chef::Log.debug("#{ new_resource } current_resource match output: #{ result }") if result @@ -141,14 +141,15 @@ def load_current_resource end private - def application_identifier - new_resource.application_name.chomp('/') + new_resource.path - end - def application_name_check - if !new_resource.application_name.include?('/') && !new_resource.application_name.end_with?('/') - new_resource.application_name("#{new_resource.application_name}/") - elsif new_resource.application_name.chomp('/').include?('/') && new_resource.application_name.end_with?('/') - new_resource.application_name(new_resource.application_name.chomp('/')) - end +def application_identifier + new_resource.application_name.chomp('/') + new_resource.path +end + +def application_name_check + if !new_resource.application_name.include?('/') && !new_resource.application_name.end_with?('/') + new_resource.application_name("#{new_resource.application_name}/") + elsif new_resource.application_name.chomp('/').include?('/') && new_resource.application_name.end_with?('/') + new_resource.application_name(new_resource.application_name.chomp('/')) end +end diff --git a/berks-cookbooks/iis/recipes/default.rb b/berks-cookbooks/iis/recipes/default.rb index f48acc41..5c8c6e53 100644 --- a/berks-cookbooks/iis/recipes/default.rb +++ b/berks-cookbooks/iis/recipes/default.rb @@ -24,11 +24,11 @@ (node['iis']['components'] + [default]).each do |feature| windows_feature feature do action :install - all (!Opscode::IIS::Helper.older_than_windows2012?) + all !Opscode::IIS::Helper.older_than_windows2012? end end -service "iis" do - service_name "W3SVC" +service 'iis' do + service_name 'W3SVC' action [:enable, :start] end diff --git a/berks-cookbooks/iis/recipes/mod_application_initialization.rb b/berks-cookbooks/iis/recipes/mod_application_initialization.rb index e27c3fc6..b9c05cb4 100644 --- a/berks-cookbooks/iis/recipes/mod_application_initialization.rb +++ b/berks-cookbooks/iis/recipes/mod_application_initialization.rb @@ -18,12 +18,12 @@ # limitations under the License. # -include_recipe "iis" +include_recipe 'iis' if Opscode::IIS::Helper.older_than_windows2008r2? - log "Application Initialization module is not supported on Windows 2008 or lower, ignoring" + log 'Application Initialization module is not supported on Windows 2008 or lower, ignoring' else - windows_feature "IIS-ApplicationInit" do + windows_feature 'IIS-ApplicationInit' do action :install end end diff --git a/berks-cookbooks/iis/recipes/mod_aspnet.rb b/berks-cookbooks/iis/recipes/mod_aspnet.rb index ebd12f66..403a16fa 100644 --- a/berks-cookbooks/iis/recipes/mod_aspnet.rb +++ b/berks-cookbooks/iis/recipes/mod_aspnet.rb @@ -18,13 +18,13 @@ # limitations under the License. # -include_recipe "iis" -include_recipe "iis::mod_isapi" +include_recipe 'iis' +include_recipe 'iis::mod_isapi' if Opscode::IIS::Helper.older_than_windows2008r2? - features = %w{NET-Framework} + features = %w(NET-Framework) else - features = %w{IIS-NetFxExtensibility IIS-ASPNET} + features = %w(IIS-NetFxExtensibility IIS-ASPNET) end features.each do |feature| diff --git a/berks-cookbooks/iis/recipes/mod_aspnet45.rb b/berks-cookbooks/iis/recipes/mod_aspnet45.rb index bf45ff2b..92c0f0d2 100644 --- a/berks-cookbooks/iis/recipes/mod_aspnet45.rb +++ b/berks-cookbooks/iis/recipes/mod_aspnet45.rb @@ -18,13 +18,13 @@ # limitations under the License. # -include_recipe "iis" -include_recipe "iis::mod_isapi" +include_recipe 'iis' +include_recipe 'iis::mod_isapi' if Opscode::IIS::Helper.older_than_windows2008r2? - features = %w{NET-Framework} + features = %w(NET-Framework) else - features = %w{NetFx4Extended-ASPNET45 IIS-NetFxExtensibility45 IIS-ASPNET45} + features = %w(NetFx4Extended-ASPNET45 IIS-NetFxExtensibility45 IIS-ASPNET45) end features.each do |feature| diff --git a/berks-cookbooks/iis/recipes/mod_auth_anonymous.rb b/berks-cookbooks/iis/recipes/mod_auth_anonymous.rb index 5d3a8a1c..cc909c92 100644 --- a/berks-cookbooks/iis/recipes/mod_auth_anonymous.rb +++ b/berks-cookbooks/iis/recipes/mod_auth_anonymous.rb @@ -18,9 +18,9 @@ # limitations under the License. # -include_recipe "iis" +include_recipe 'iis' iis_section 'unlocks anonymous authentication control in web.config' do - section "system.webServer/security/authentication/anonymousAuthentication" + section 'system.webServer/security/authentication/anonymousAuthentication' action :unlock end diff --git a/berks-cookbooks/iis/recipes/mod_auth_basic.rb b/berks-cookbooks/iis/recipes/mod_auth_basic.rb index 8e5f1648..68bf16ab 100644 --- a/berks-cookbooks/iis/recipes/mod_auth_basic.rb +++ b/berks-cookbooks/iis/recipes/mod_auth_basic.rb @@ -18,7 +18,7 @@ # limitations under the License. # -include_recipe "iis" +include_recipe 'iis' if Opscode::IIS::Helper.older_than_windows2008r2? feature = 'Web-Basic-Auth' @@ -31,6 +31,6 @@ end iis_section 'unlocks basic authentication control in web.config' do - section "system.webServer/security/authentication/basicAuthentication" + section 'system.webServer/security/authentication/basicAuthentication' action :unlock end diff --git a/berks-cookbooks/iis/recipes/mod_auth_digest.rb b/berks-cookbooks/iis/recipes/mod_auth_digest.rb index 75d2eeb2..e7ce1893 100644 --- a/berks-cookbooks/iis/recipes/mod_auth_digest.rb +++ b/berks-cookbooks/iis/recipes/mod_auth_digest.rb @@ -18,7 +18,7 @@ # limitations under the License. # -include_recipe "iis" +include_recipe 'iis' if Opscode::IIS::Helper.older_than_windows2008r2? feature = 'Web-Digest-Auth' @@ -31,6 +31,6 @@ end iis_section 'unlocks digest authentication control in web.config' do - section "system.webServer/security/authentication/digestAuthentication" + section 'system.webServer/security/authentication/digestAuthentication' action :unlock end diff --git a/berks-cookbooks/iis/recipes/mod_auth_windows.rb b/berks-cookbooks/iis/recipes/mod_auth_windows.rb index 9a9430c7..bb89d79b 100644 --- a/berks-cookbooks/iis/recipes/mod_auth_windows.rb +++ b/berks-cookbooks/iis/recipes/mod_auth_windows.rb @@ -18,8 +18,7 @@ # limitations under the License. # -include_recipe "iis" - +include_recipe 'iis' if Opscode::IIS::Helper.older_than_windows2008r2? feature = 'Web-Windows-Auth' @@ -32,6 +31,6 @@ end iis_section 'unlocks windows authentication control in web.config' do - section "system.webServer/security/authentication/windowsAuthentication" + section 'system.webServer/security/authentication/windowsAuthentication' action :unlock end diff --git a/berks-cookbooks/iis/recipes/mod_cgi.rb b/berks-cookbooks/iis/recipes/mod_cgi.rb index ddadbcee..f10f3004 100644 --- a/berks-cookbooks/iis/recipes/mod_cgi.rb +++ b/berks-cookbooks/iis/recipes/mod_cgi.rb @@ -18,8 +18,7 @@ # limitations under the License. # -include_recipe "iis" - +include_recipe 'iis' if Opscode::IIS::Helper.older_than_windows2008r2? feature = 'Web-CGI' diff --git a/berks-cookbooks/iis/recipes/mod_compress_dynamic.rb b/berks-cookbooks/iis/recipes/mod_compress_dynamic.rb index bbc0b23b..4603b791 100644 --- a/berks-cookbooks/iis/recipes/mod_compress_dynamic.rb +++ b/berks-cookbooks/iis/recipes/mod_compress_dynamic.rb @@ -18,8 +18,7 @@ # limitations under the License. # -include_recipe "iis" - +include_recipe 'iis' if Opscode::IIS::Helper.older_than_windows2008r2? feature = 'Web-Dyn-Compression' diff --git a/berks-cookbooks/iis/recipes/mod_compress_static.rb b/berks-cookbooks/iis/recipes/mod_compress_static.rb index dc4a0106..a5a99a2f 100644 --- a/berks-cookbooks/iis/recipes/mod_compress_static.rb +++ b/berks-cookbooks/iis/recipes/mod_compress_static.rb @@ -18,7 +18,7 @@ # limitations under the License. # -include_recipe "iis" +include_recipe 'iis' if Opscode::IIS::Helper.older_than_windows2008r2? feature = 'Web-Stat-Compression' diff --git a/berks-cookbooks/iis/recipes/mod_ftp.rb b/berks-cookbooks/iis/recipes/mod_ftp.rb index b3fdb18f..aa176c81 100644 --- a/berks-cookbooks/iis/recipes/mod_ftp.rb +++ b/berks-cookbooks/iis/recipes/mod_ftp.rb @@ -18,12 +18,12 @@ # limitations under the License. # -include_recipe "iis" +include_recipe 'iis' if Opscode::IIS::Helper.older_than_windows2008r2? - features = %w{Web-Ftp-Server Web-Ftp-Service Web-Ftp-Ext} + features = %w(Web-Ftp-Server Web-Ftp-Service Web-Ftp-Ext) else - features = %w{IIS-FTPServer IIS-FTPSvc IIS-FTPExtensibility} + features = %w(IIS-FTPServer IIS-FTPSvc IIS-FTPExtensibility) end features.each do |f| diff --git a/berks-cookbooks/iis/recipes/mod_iis6_metabase_compat.rb b/berks-cookbooks/iis/recipes/mod_iis6_metabase_compat.rb index 614cc327..698fe8b1 100644 --- a/berks-cookbooks/iis/recipes/mod_iis6_metabase_compat.rb +++ b/berks-cookbooks/iis/recipes/mod_iis6_metabase_compat.rb @@ -18,12 +18,12 @@ # limitations under the License. # -include_recipe "iis" +include_recipe 'iis' if Opscode::IIS::Helper.older_than_windows2008r2? - features = %w{Web-Mgmt-Compat Web-Metabase} + features = %w(Web-Mgmt-Compat Web-Metabase) else - features = %w{IIS-IIS6ManagementCompatibility IIS-Metabase} + features = %w(IIS-IIS6ManagementCompatibility IIS-Metabase) end features.each do |f| diff --git a/berks-cookbooks/iis/recipes/mod_isapi.rb b/berks-cookbooks/iis/recipes/mod_isapi.rb index f91762c7..9bb2249c 100644 --- a/berks-cookbooks/iis/recipes/mod_isapi.rb +++ b/berks-cookbooks/iis/recipes/mod_isapi.rb @@ -18,12 +18,12 @@ # limitations under the License. # -include_recipe "iis" +include_recipe 'iis' if Opscode::IIS::Helper.older_than_windows2008r2? - features = %w{Web-ISAPI-Filter Web-ISAPI-Ext} + features = %w(Web-ISAPI-Filter Web-ISAPI-Ext) else - features = %w{IIS-ISAPIFilter IIS-ISAPIExtensions} + features = %w(IIS-ISAPIFilter IIS-ISAPIExtensions) end features.each do |feature| diff --git a/berks-cookbooks/iis/recipes/mod_logging.rb b/berks-cookbooks/iis/recipes/mod_logging.rb index 0ef862c5..21a1b921 100644 --- a/berks-cookbooks/iis/recipes/mod_logging.rb +++ b/berks-cookbooks/iis/recipes/mod_logging.rb @@ -18,7 +18,7 @@ # limitations under the License. # -include_recipe "iis" +include_recipe 'iis' if Opscode::IIS::Helper.older_than_windows2008r2? feature = 'Web-Http-Logging' diff --git a/berks-cookbooks/iis/recipes/mod_management.rb b/berks-cookbooks/iis/recipes/mod_management.rb index 24d692be..ee98a875 100644 --- a/berks-cookbooks/iis/recipes/mod_management.rb +++ b/berks-cookbooks/iis/recipes/mod_management.rb @@ -18,12 +18,12 @@ # limitations under the License. # -include_recipe "iis" +include_recipe 'iis' if Opscode::IIS::Helper.older_than_windows2008r2? - features = %w{Web-Mgmt-Console Web-Mgmt-Service} + features = %w(Web-Mgmt-Console Web-Mgmt-Service) else - features = %w{IIS-ManagementConsole IIS-ManagementService} + features = %w(IIS-ManagementConsole IIS-ManagementService) end features.each do |feature| diff --git a/berks-cookbooks/iis/recipes/mod_security.rb b/berks-cookbooks/iis/recipes/mod_security.rb index 109b3f05..37d7b402 100644 --- a/berks-cookbooks/iis/recipes/mod_security.rb +++ b/berks-cookbooks/iis/recipes/mod_security.rb @@ -18,12 +18,12 @@ # limitations under the License. # -include_recipe "iis" +include_recipe 'iis' if Opscode::IIS::Helper.older_than_windows2008r2? - features = %w{Web-Url-Auth Web-Filtering Web-IP-Security} + features = %w(Web-Url-Auth Web-Filtering Web-IP-Security) else - features = %w{IIS-URLAuthorization IIS-RequestFiltering IIS-IPSecurity} + features = %w(IIS-URLAuthorization IIS-RequestFiltering IIS-IPSecurity) end features.each do |feature| diff --git a/berks-cookbooks/iis/recipes/mod_tracing.rb b/berks-cookbooks/iis/recipes/mod_tracing.rb index 4053e9c6..54a7168e 100644 --- a/berks-cookbooks/iis/recipes/mod_tracing.rb +++ b/berks-cookbooks/iis/recipes/mod_tracing.rb @@ -18,7 +18,7 @@ # limitations under the License. # -include_recipe "iis" +include_recipe 'iis' if Opscode::IIS::Helper.older_than_windows2008r2? feature = 'Web-Http-Tracing' diff --git a/berks-cookbooks/iis/recipes/remove_default_site.rb b/berks-cookbooks/iis/recipes/remove_default_site.rb index 6b1eb106..606f0577 100644 --- a/berks-cookbooks/iis/recipes/remove_default_site.rb +++ b/berks-cookbooks/iis/recipes/remove_default_site.rb @@ -23,5 +23,5 @@ end iis_pool 'DefaultAppPool' do - action [:stop , :delete] + action [:stop, :delete] end diff --git a/berks-cookbooks/iis/resources/app.rb b/berks-cookbooks/iis/resources/app.rb index 52a1757f..b3993e42 100644 --- a/berks-cookbooks/iis/resources/app.rb +++ b/berks-cookbooks/iis/resources/app.rb @@ -21,9 +21,9 @@ actions :add, :delete, :config default_action :add -attribute :site_name, :kind_of => String, :name_attribute => true -attribute :path, :kind_of => String, :default => '/' -attribute :application_pool, :kind_of => String -attribute :physical_path, :kind_of => String -attribute :enabled_protocols, :kind_of => String +attribute :site_name, kind_of: String, name_attribute: true +attribute :path, kind_of: String, default: '/' +attribute :application_pool, kind_of: String +attribute :physical_path, kind_of: String +attribute :enabled_protocols, kind_of: String attr_accessor :exists, :running diff --git a/berks-cookbooks/iis/resources/config.rb b/berks-cookbooks/iis/resources/config.rb index b1b9d5f0..ad65fe85 100644 --- a/berks-cookbooks/iis/resources/config.rb +++ b/berks-cookbooks/iis/resources/config.rb @@ -21,5 +21,5 @@ actions :config default_action :config -attribute :cfg_cmd, :kind_of => String, :name_attribute => true -attribute :returns, :kind_of => [Integer, Array], :default => 0 +attribute :cfg_cmd, kind_of: String, name_attribute: true +attribute :returns, kind_of: [Integer, Array], default: 0 diff --git a/berks-cookbooks/iis/resources/module.rb b/berks-cookbooks/iis/resources/module.rb index 0377cfd7..4ca8360f 100644 --- a/berks-cookbooks/iis/resources/module.rb +++ b/berks-cookbooks/iis/resources/module.rb @@ -21,9 +21,9 @@ actions :add, :delete default_action :add -attribute :module_name, :kind_of => String, :name_attribute => true -attribute :type, :kind_of => String, :default => nil -attribute :precondition, :kind_of => String, :default => nil -attribute :application, :kind_of => String, :default => nil +attribute :module_name, kind_of: String, name_attribute: true +attribute :type, kind_of: String, default: nil +attribute :precondition, kind_of: String, default: nil +attribute :application, kind_of: String, default: nil attr_accessor :exists diff --git a/berks-cookbooks/iis/resources/pool.rb b/berks-cookbooks/iis/resources/pool.rb index e874afba..72a2a16f 100644 --- a/berks-cookbooks/iis/resources/pool.rb +++ b/berks-cookbooks/iis/resources/pool.rb @@ -23,56 +23,56 @@ default_action :add # root -attribute :pool_name, :kind_of => String, :name_attribute => true -attribute :no_managed_code, :kind_of => [TrueClass, FalseClass], :default => false -attribute :pipeline_mode, :kind_of => Symbol, :equal_to => [:Integrated, :Classic] -attribute :runtime_version, :kind_of => String +attribute :pool_name, kind_of: String, name_attribute: true +attribute :no_managed_code, kind_of: [TrueClass, FalseClass], default: false +attribute :pipeline_mode, kind_of: Symbol, equal_to: [:Integrated, :Classic] +attribute :runtime_version, kind_of: String # add items -attribute :start_mode, :kind_of => Symbol, :equal_to => [:AlwaysRunning, :OnDemand], :default => :OnDemand -attribute :auto_start, :kind_of => [TrueClass, FalseClass], :default => true -attribute :queue_length, :kind_of => Integer, :default => 1000 -attribute :thirty_two_bit, :kind_of => [TrueClass, FalseClass], :default => false +attribute :start_mode, kind_of: Symbol, equal_to: [:AlwaysRunning, :OnDemand], default: :OnDemand +attribute :auto_start, kind_of: [TrueClass, FalseClass], default: true +attribute :queue_length, kind_of: Integer, default: 1000 +attribute :thirty_two_bit, kind_of: [TrueClass, FalseClass], default: false # processModel items -attribute :max_proc, :kind_of => Integer -attribute :load_user_profile, :kind_of => [TrueClass, FalseClass], :default => false -attribute :pool_identity, :kind_of => Symbol, :equal_to => [:SpecificUser, :NetworkService, :LocalService, :LocalSystem, :ApplicationPoolIdentity ], :default => :ApplicationPoolIdentity -attribute :pool_username, :kind_of => String -attribute :pool_password, :kind_of => String -attribute :logon_type, :kind_of => Symbol, :equal_to => [:LogonBatch, :LogonService], :default => :LogonBatch -attribute :manual_group_membership, :kind_of => [TrueClass, FalseClass], :default => false -attribute :idle_timeout, :kind_of => String, :default => '00:20:00' -attribute :shutdown_time_limit, :kind_of => String, :default => '00:01:30' -attribute :startup_time_limit, :kind_of => String, :default => '00:01:30' -attribute :pinging_enabled, :kind_of => [TrueClass, FalseClass], :default => true -attribute :ping_interval, :kind_of => String, :default => '00:00:30' -attribute :ping_response_time, :kind_of => String, :default => '00:01:30' +attribute :max_proc, kind_of: Integer +attribute :load_user_profile, kind_of: [TrueClass, FalseClass], default: false +attribute :pool_identity, kind_of: Symbol, equal_to: [:SpecificUser, :NetworkService, :LocalService, :LocalSystem, :ApplicationPoolIdentity], default: :ApplicationPoolIdentity +attribute :pool_username, kind_of: String +attribute :pool_password, kind_of: String +attribute :logon_type, kind_of: Symbol, equal_to: [:LogonBatch, :LogonService], default: :LogonBatch +attribute :manual_group_membership, kind_of: [TrueClass, FalseClass], default: false +attribute :idle_timeout, kind_of: String, default: '00:20:00' +attribute :shutdown_time_limit, kind_of: String, default: '00:01:30' +attribute :startup_time_limit, kind_of: String, default: '00:01:30' +attribute :pinging_enabled, kind_of: [TrueClass, FalseClass], default: true +attribute :ping_interval, kind_of: String, default: '00:00:30' +attribute :ping_response_time, kind_of: String, default: '00:01:30' # recycling items -attribute :disallow_rotation_on_config_change, :kind_of => [TrueClass, FalseClass], :default => false -attribute :disallow_overlapping_rotation, :kind_of => [TrueClass, FalseClass], :default => false -attribute :recycle_after_time, :kind_of => String -attribute :recycle_at_time, :kind_of => String -attribute :private_mem, :kind_of => Integer +attribute :disallow_rotation_on_config_change, kind_of: [TrueClass, FalseClass], default: false +attribute :disallow_overlapping_rotation, kind_of: [TrueClass, FalseClass], default: false +attribute :recycle_after_time, kind_of: String +attribute :recycle_at_time, kind_of: String +attribute :private_mem, kind_of: Integer # failure items -attribute :load_balancer_capabilities, :kind_of => Symbol, :equal_to => [:HttpLevel, :TcpLevel], :default => :HttpLevel -attribute :orphan_worker_process, :kind_of => [TrueClass, FalseClass], :default => false -attribute :orphan_action_exe, :kind_of => String -attribute :orphan_action_params, :kind_of => String -attribute :rapid_fail_protection, :kind_of => [TrueClass, FalseClass], :default => true -attribute :rapid_fail_protection_interval, :kind_of => String, :default => '00:05:00' -attribute :rapid_fail_protection_max_crashes, :kind_of => Integer, :default => 5 -attribute :auto_shutdown_exe, :kind_of => String -attribute :auto_shutdown_params, :kind_of => String +attribute :load_balancer_capabilities, kind_of: Symbol, equal_to: [:HttpLevel, :TcpLevel], default: :HttpLevel +attribute :orphan_worker_process, kind_of: [TrueClass, FalseClass], default: false +attribute :orphan_action_exe, kind_of: String +attribute :orphan_action_params, kind_of: String +attribute :rapid_fail_protection, kind_of: [TrueClass, FalseClass], default: true +attribute :rapid_fail_protection_interval, kind_of: String, default: '00:05:00' +attribute :rapid_fail_protection_max_crashes, kind_of: Integer, default: 5 +attribute :auto_shutdown_exe, kind_of: String +attribute :auto_shutdown_params, kind_of: String -#cpu items -attribute :cpu_action, :kind_of => Symbol, :equal_to => [:NoAction, :KillW3wp, :Throttle, :ThrottleUnderLoad], :default => :NoAction -attribute :cpu_limit, :kind_of => Integer, :default => 0 -attribute :cpu_reset_interval, :kind_of => String, :default => '00:05:00' -attribute :cpu_smp_affinitized, :kind_of => [TrueClass, FalseClass], :default => false -attribute :smp_processor_affinity_mask, :kind_of => Bignum, :default => 4294967295 -attribute :smp_processor_affinity_mask_2, :kind_of => Bignum, :default => 4294967295 +# cpu items +attribute :cpu_action, kind_of: Symbol, equal_to: [:NoAction, :KillW3wp, :Throttle, :ThrottleUnderLoad], default: :NoAction +attribute :cpu_limit, kind_of: Integer, default: 0 +attribute :cpu_reset_interval, kind_of: String, default: '00:05:00' +attribute :cpu_smp_affinitized, kind_of: [TrueClass, FalseClass], default: false +attribute :smp_processor_affinity_mask, kind_of: Bignum, default: 4_294_967_295 +attribute :smp_processor_affinity_mask_2, kind_of: Bignum, default: 4_294_967_295 attr_accessor :exists, :running diff --git a/berks-cookbooks/iis/resources/section.rb b/berks-cookbooks/iis/resources/section.rb index 76744e6a..7d57614f 100644 --- a/berks-cookbooks/iis/resources/section.rb +++ b/berks-cookbooks/iis/resources/section.rb @@ -21,7 +21,7 @@ actions :lock, :unlock default_action :lock -attribute :section, :kind_of => String -attribute :returns, :kind_of => [Integer, Array], :default => 0 +attribute :section, kind_of: String +attribute :returns, kind_of: [Integer, Array], default: 0 attr_accessor :exists diff --git a/berks-cookbooks/iis/resources/site.rb b/berks-cookbooks/iis/resources/site.rb index 78928420..0b952150 100644 --- a/berks-cookbooks/iis/resources/site.rb +++ b/berks-cookbooks/iis/resources/site.rb @@ -21,17 +21,17 @@ actions :add, :delete, :start, :stop, :restart, :config default_action :add -attribute :site_name, :kind_of => String, :name_attribute => true -attribute :site_id, :kind_of => Integer -attribute :port, :kind_of => Integer, :default => 80 -attribute :path, :kind_of => String -attribute :protocol, :kind_of => Symbol, :default => :http, :equal_to => [:http, :https] -attribute :host_header, :kind_of => String, :default => nil -attribute :bindings, :kind_of => String, :default => nil -attribute :application_pool, :kind_of => String, :default => nil -attribute :options, :kind_of => String, :default => '' -attribute :log_directory, :kind_of => String, :default => "#{node['iis']['pubroot']}\\logs\\LogFiles" -attribute :log_period, :kind_of => Symbol, :default => :Daily, :equal_to => [:Daily, :Hourly, :MaxSize, :Monthly, :Weekly] -attribute :log_truncsize, :kind_of => Integer, :default => 1048576 +attribute :site_name, kind_of: String, name_attribute: true +attribute :site_id, kind_of: Integer +attribute :port, kind_of: Integer, default: 80 +attribute :path, kind_of: String +attribute :protocol, kind_of: Symbol, default: :http, equal_to: [:http, :https] +attribute :host_header, kind_of: String, default: nil +attribute :bindings, kind_of: String, default: nil +attribute :application_pool, kind_of: String, default: nil +attribute :options, kind_of: String, default: '' +attribute :log_directory, kind_of: String, default: "#{node['iis']['pubroot']}\\logs\\LogFiles" +attribute :log_period, kind_of: Symbol, default: :Daily, equal_to: [:Daily, :Hourly, :MaxSize, :Monthly, :Weekly] +attribute :log_truncsize, kind_of: Integer, default: 1_048_576 attr_accessor :exists, :running diff --git a/berks-cookbooks/iis/resources/vdir.rb b/berks-cookbooks/iis/resources/vdir.rb index d3b4a9ef..980f55dd 100644 --- a/berks-cookbooks/iis/resources/vdir.rb +++ b/berks-cookbooks/iis/resources/vdir.rb @@ -21,12 +21,12 @@ actions :add, :delete, :config default_action :add -attribute :application_name, :kind_of => String, :name_attribute => true -attribute :path, :kind_of => String -attribute :physical_path, :kind_of => String -attribute :username, :kind_of => String, :default => nil -attribute :password, :kind_of => String, :default => nil -attribute :logon_method, :kind_of => Symbol, :default => :ClearText, :equal_to => [:Interactive, :Batch, :Network, :ClearText] -attribute :allow_sub_dir_config, :kind_of => [TrueClass, FalseClass], :default => true +attribute :application_name, kind_of: String, name_attribute: true +attribute :path, kind_of: String +attribute :physical_path, kind_of: String +attribute :username, kind_of: String, default: nil +attribute :password, kind_of: String, default: nil +attribute :logon_method, kind_of: Symbol, default: :ClearText, equal_to: [:Interactive, :Batch, :Network, :ClearText] +attribute :allow_sub_dir_config, kind_of: [TrueClass, FalseClass], default: true attr_accessor :exists diff --git a/berks-cookbooks/iptables/CHANGELOG.md b/berks-cookbooks/iptables/CHANGELOG.md deleted file mode 100644 index 680519cc..00000000 --- a/berks-cookbooks/iptables/CHANGELOG.md +++ /dev/null @@ -1,41 +0,0 @@ -v0.14.1 (2015-01-01) --------------------- -- Fixing File.exists is deprecated for File.exist - -v0.14.0 (2014-08-31) --------------------- -- [#14] Adds basic testing suite including Berksfile -- [#14] Adds basic integration/post-converge tests -- [#14] Adds default prefix and postfix rules to disalow traffic - -v0.13.2 (2014-04-09) --------------------- -- [COOK-4496] Added Amazon Linux support - - -v0.13.0 (2014-03-19) --------------------- -- [COOK-3927] Substitute Perl version of rebuild-iptables with Ruby version - - -v0.12.2 (2014-03-18) --------------------- -- [COOK-4411] - Add newling to iptables.snat - - -v0.12.0 -------- -- [COOK-2213] - iptables disabled recipe - -v0.11.0 --------- -- [COOK-1883] - add perl package so rebuild script works - -v0.10.0 -------- -- [COOK-641] - be able to save output on rhel-family -- [COOK-655] - use a template from other cookbooks - -v0.9.3 ------- -- Current public release. diff --git a/berks-cookbooks/iptables/README.md b/berks-cookbooks/iptables/README.md deleted file mode 100644 index 7e58d0e8..00000000 --- a/berks-cookbooks/iptables/README.md +++ /dev/null @@ -1,113 +0,0 @@ -Description -=========== - -Sets up iptables to use a script to maintain firewall rules. However -this cookbook may be deprecated or heavily modified in favor of the -general firewall cookbook, see __Roadmap__. - -Roadmap -------- - -* [COOK-652] - create a firewall cookbook -* [COOK-688] - create iptables providers for all resources - -Requirements -============ - -## Platform: - -* Ubuntu/Debian -* RHEL/CentOS - -Recipes -======= - -default -------- - -The default recipe will install iptables and provides a ruby script -(installed in `/usr/sbin/rebuild-iptables`) to manage rebuilding -firewall rules from files dropped off in `/etc/iptables.d`. - -Definitions -=========== - -See __Roadmap__ for plans to replace the definition with LWRPs. - -iptables\_rule --------------- - -The definition drops off a template in `/etc/iptables.d` after the -`name` parameter. The rule will get added to the local system firewall -through notifying the `rebuild-iptables` script. See __Examples__ below. - -Usage -===== - -Ensure that the system is set up to use the definition and rebuild -script with `recipe[iptables]`. Then create templates with the -firewall rules in the cookbook where the definition will be used. See -__Examples__. - -Since certain chains can be used with multiple tables (e.g., _PREROUTING_), -you might have to include the name of the table explicitly (i.e., _*nat_, -_*mangle_, etc.), so that the `/usr/sbin/rebuild-iptables` script can infer -how to assemble final ruleset file that is going to be loaded. Please note, -that unless specified otherwise, rules will be added under the __filter__ -table by default. - -Examples --------- - -To enable port 80, e.g. in an `httpd` cookbook, create the following -template: - - # Port 80 for http - -A FWR -p tcp -m tcp --dport 80 -j ACCEPT - -This would go in the cookbook, -`httpd/templates/default/http.erb`. Then to use it in -`recipe[httpd]`: - - iptables_rule "http" - -To redirect port 80 to local port 8080, e.g., in the aforementioned `httpd` -cookbook, created the following template: - - *nat - # Redirect anything on eth0 coming to port 80 to local port 8080 - -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080 - -Please note, that we explicitly add name of the table (being _*nat_ in this -example above) where the rules should be added. - -This would most likely go in the cookbook, -`httpd/templates/default/http_8080.erb`. Then to use it in -`recipe[httpd]`: - - iptables_rule "http_8080" - -Attributes -========== - - default["iptables"]["install_rules"] = true # install the default rules - -License and Author -================== - -Author:: Adam Jacob -Author:: Joshua Timberman - -Copyright:: 2008-2011, Opscode, Inc - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/berks-cookbooks/iptables/attributes/default.rb b/berks-cookbooks/iptables/attributes/default.rb deleted file mode 100644 index eb1dbb1a..00000000 --- a/berks-cookbooks/iptables/attributes/default.rb +++ /dev/null @@ -1 +0,0 @@ -default["iptables"]["install_rules"] = true diff --git a/berks-cookbooks/iptables/definitions/iptables_rule.rb b/berks-cookbooks/iptables/definitions/iptables_rule.rb deleted file mode 100644 index fc335394..00000000 --- a/berks-cookbooks/iptables/definitions/iptables_rule.rb +++ /dev/null @@ -1,36 +0,0 @@ -# -# Cookbook Name:: iptables -# Definition:: iptables_rule -# -# Copyright 2008-2009, Opscode, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -define :iptables_rule, :enable => true, :source => nil, :variables => {}, :cookbook => nil do - template_source = params[:source] ? params[:source] : "#{params[:name]}.erb" - - template "/etc/iptables.d/#{params[:name]}" do - source template_source - mode 0644 - cookbook params[:cookbook] if params[:cookbook] - variables params[:variables] - backup false - notifies :run, resources(:execute => "rebuild-iptables") - if params[:enable] - action :create - else - action :delete - end - end -end diff --git a/berks-cookbooks/iptables/metadata.json b/berks-cookbooks/iptables/metadata.json deleted file mode 100644 index 3b7d0249..00000000 --- a/berks-cookbooks/iptables/metadata.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "name": "iptables", - "version": "0.14.1", - "description": "Sets up iptables to use a script to maintain rules", - "long_description": "", - "maintainer": "Opscode, Inc.", - "maintainer_email": "cookbooks@opscode.com", - "license": "Apache 2.0", - "platforms": { - "redhat": ">= 0.0.0", - "centos": ">= 0.0.0", - "debian": ">= 0.0.0", - "ubuntu": ">= 0.0.0", - "amazon": ">= 0.0.0" - }, - "dependencies": { - }, - "recommendations": { - }, - "suggestions": { - }, - "conflicting": { - }, - "providing": { - }, - "replacing": { - }, - "attributes": { - }, - "groupings": { - }, - "recipes": { - "iptables": "Installs iptables and sets up .d style config directory of iptables rules" - } -} \ No newline at end of file diff --git a/berks-cookbooks/iptables/recipes/default.rb b/berks-cookbooks/iptables/recipes/default.rb deleted file mode 100644 index c6202d57..00000000 --- a/berks-cookbooks/iptables/recipes/default.rb +++ /dev/null @@ -1,61 +0,0 @@ -# -# Cookbook Name:: iptables -# Recipe:: default -# -# Copyright 2008-2009, Opscode, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - - - -if platform_family?("rhel") && node["platform_version"].to_i == 7 - package "iptables-services" -else - package "iptables" -end - -execute "rebuild-iptables" do - command "/usr/sbin/rebuild-iptables" - action :nothing -end - -directory "/etc/iptables.d" do - action :create -end - -template "/usr/sbin/rebuild-iptables" do - source "rebuild-iptables.erb" - mode 0755 - variables( - :hashbang => ::File.exist?('/usr/bin/ruby') ? '/usr/bin/ruby' : '/opt/chef/embedded/bin/ruby' - ) -end - -case node[:platform] -when "ubuntu", "debian" - iptables_save_file = "/etc/iptables/general" - - template "/etc/network/if-pre-up.d/iptables_load" do - source "iptables_load.erb" - mode 0755 - variables :iptables_save_file => iptables_save_file - end -end - -if node["iptables"]["install_rules"] - iptables_rule "all_established" - iptables_rule "all_icmp" - iptables_rule "prefix" - iptables_rule "postfix" -end diff --git a/berks-cookbooks/iptables/templates/default/all_established.erb b/berks-cookbooks/iptables/templates/default/all_established.erb deleted file mode 100644 index c309b117..00000000 --- a/berks-cookbooks/iptables/templates/default/all_established.erb +++ /dev/null @@ -1,2 +0,0 @@ -# Any established connection is money --A FWR -m state --state RELATED,ESTABLISHED -j ACCEPT diff --git a/berks-cookbooks/iptables/templates/default/all_icmp.erb b/berks-cookbooks/iptables/templates/default/all_icmp.erb deleted file mode 100644 index e73aa496..00000000 --- a/berks-cookbooks/iptables/templates/default/all_icmp.erb +++ /dev/null @@ -1,2 +0,0 @@ -# ICMP --A FWR -p icmp -j ACCEPT \ No newline at end of file diff --git a/berks-cookbooks/iptables/templates/default/iptables_load.erb b/berks-cookbooks/iptables/templates/default/iptables_load.erb deleted file mode 100644 index d19862f5..00000000 --- a/berks-cookbooks/iptables/templates/default/iptables_load.erb +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh -/sbin/iptables-restore < <%= @iptables_save_file %> -exit 0 diff --git a/berks-cookbooks/iptables/templates/default/postfix.erb b/berks-cookbooks/iptables/templates/default/postfix.erb deleted file mode 100644 index 37b22d39..00000000 --- a/berks-cookbooks/iptables/templates/default/postfix.erb +++ /dev/null @@ -1,2 +0,0 @@ --A FWR -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j REJECT --reject-with icmp-port-unreachable --A FWR -p udp -j REJECT --reject-with icmp-port-unreachable diff --git a/berks-cookbooks/iptables/templates/default/prefix.erb b/berks-cookbooks/iptables/templates/default/prefix.erb deleted file mode 100644 index ddb00954..00000000 --- a/berks-cookbooks/iptables/templates/default/prefix.erb +++ /dev/null @@ -1,2 +0,0 @@ --A INPUT -j FWR --A FWR -i lo -j ACCEPT diff --git a/berks-cookbooks/iptables/templates/default/rebuild-iptables.erb b/berks-cookbooks/iptables/templates/default/rebuild-iptables.erb deleted file mode 100644 index b128e2e5..00000000 --- a/berks-cookbooks/iptables/templates/default/rebuild-iptables.erb +++ /dev/null @@ -1,146 +0,0 @@ -#!<%= @hashbang %> -w - -# -# rebuild-iptables.rb -- Construct an iptables rules file from fragments. -# -# Written by Phil Cohen -# Copyright 2011, Phil Cohen -# -# Constructs an iptables rules file from the prefix, standard, and suffix -# files in the iptables configuration area, adding any additional modules -# specified in the command line, and prints the resulting iptables rules to -# standard output (suitable for saving into /var/lib/iptables or some other -# appropriate location on the system). - -############################################################################## -# Modules and declarations -############################################################################## - -# Path to the iptables template area. -TEMPLATE_PATH = "/etc/iptables.d" - -############################################################################## -# Installation -############################################################################## - -# Read in a file, processing includes as required. -def read_iptables(file, table = :filter) - file = File.join(TEMPLATE_PATH, file) unless File.dirname(file) =~ /iptables\.d/ - rule = File.readlines(file).map{ |line| line.chomp } - rule.each do |line| - if line =~ /^\s*include\s+(\S+)$/ - read_iptables($1, table) - elsif line =~ /^\s*\*([a-z]+)\s*$/ - table = $1.to_sym - elsif line =~ /^\s*:([-a-zA-Z0-9_]+)(?:\s+([A-Z]+(?:\s*\[.*?\])))?$/ - @data[table][:chains][$1] = $2 || '-' - elsif line !~ /^\s*COMMIT\s*$/ - #detect new chains - if chain = line.match(/\-[ADRILFZN]\s+([-a-zA-Z0-9_]+)\s/) - @data[table][:chains][chain[1]] ||= '-' - end - @data[table][:rules].push line - end - end -end - -# Write a file carefully. -def write_iptables(file, data) - File.open("#{file}.new", "w") { |f| f.write(data) } - File.rename("#{file}.new", file) -end - -# Install iptables on a Red Hat system. Takes the new iptables data. -def install_redhat(data) - write_iptables("/etc/sysconfig/iptables", data) - system("/sbin/service", "iptables", "restart") -end - -# Install iptables on a Debian system. Takes the new iptables data. -def install_debian(data) - Dir.mkdir("/etc/iptables") unless File.directory?("/etc/iptables") - write_iptables("/etc/iptables/general", data) - system("/sbin/iptables-restore < /etc/iptables/general") -end - -############################################################################## -# Main routine -############################################################################## - -@data = { - :filter => { - :chains => { - 'INPUT' => 'ACCEPT [0,0]', - 'FORWARD' => 'ACCEPT [0,0]', - 'OUTPUT' => 'ACCEPT [0,0]' - }, - :rules => [] - }, - :mangle => { - :chains => { - 'PREROUTING' => 'ACCEPT [0,0]', - 'INPUT' => 'ACCEPT [0,0]', - 'FORWARD' => 'ACCEPT [0,0]', - 'OUTPUT' => 'ACCEPT [0,0]', - 'POSTROUTING' => 'ACCEPT [0,0]' - }, - :rules => [] - }, - :nat => { - :chains => { - 'PREROUTING' => 'ACCEPT [0,0]', - 'POSTROUTING' => 'ACCEPT [0,0]', - 'OUTPUT' => 'ACCEPT [0,0]' - }, - :rules => [], - }, - :raw => { - :chains => { - 'PREROUTING' => 'ACCEPT [0,0]', - 'OUTPUT' => 'ACCEPT [0,0]' - }, - :rules => [], - }, - :security => { - :chains => { - 'INPUT' => 'ACCEPT [0,0]', - 'FORWARD' => 'ACCEPT [0,0]', - 'OUTPUT' => 'ACCEPT [0,0]' - }, - :rules => [] - } -} - -templates = Dir["#{TEMPLATE_PATH}/*"].sort.delete_if do |template| - %w[prefix suffix postfix].include?(File.basename(template)) -end - -templates.unshift 'prefix' if File.exist? "#{TEMPLATE_PATH}/prefix" -templates.push 'suffix' if File.exist? "#{TEMPLATE_PATH}/suffix" -templates.push 'postfix' if File.exist? "#{TEMPLATE_PATH}/postfix" - -templates.each { |template| read_iptables(template) } - -iptables_rules = "" -@data.each do |table, table_data| - if table_data[:rules].any? - iptables_rules << "*#{table.to_s}\n" - table_data[:chains].each do |chain, rule| - iptables_rules << ":#{chain} #{rule}\n" - end - iptables_rules << table_data[:rules].join("\n") - iptables_rules << "\nCOMMIT\n" - end -end - -if File.exist?("/etc/debian_version") - install_debian(iptables_rules) -elsif File.exist?("/etc/redhat-release") - install_redhat(iptables_rules) -elsif File.exist?("/etc/system-release") # Amazon Linux - install_redhat(iptables_rules) -else - raise "#{$0}: cannot figure out whether this is Red Hat or Debian\n"; -end - -exit 0 diff --git a/berks-cookbooks/logrotate/.gitignore b/berks-cookbooks/logrotate/.gitignore deleted file mode 100644 index f14bce1e..00000000 --- a/berks-cookbooks/logrotate/.gitignore +++ /dev/null @@ -1,25 +0,0 @@ -*~ -*# -.#* -\#*# -.*.sw[a-z] -*.un~ -*.tmp -*.bk -*.bkup -.kitchen.local.yml -Berksfile.lock - -.bundle/ -.cache/ -.kitchen/ -.vagrant/ -.vagrant.d/ -bin/ -tmp/ -vendor/ - -# RVM -.ruby-version -.ruby-gemset -.rvmrc \ No newline at end of file diff --git a/berks-cookbooks/logrotate/.kitchen.yml b/berks-cookbooks/logrotate/.kitchen.yml deleted file mode 100644 index 8ae09884..00000000 --- a/berks-cookbooks/logrotate/.kitchen.yml +++ /dev/null @@ -1,20 +0,0 @@ -driver_plugin: vagrant -driver_config: - require_chef_omnibus: true - -platforms: - - name: ubuntu-12.04 - run_list: - - recipe[fake::prep] - - name: centos-6.5 - -suites: - - name: default - run_list: - - recipe[logrotate::default] - - name: definition - run_list: - - recipe[fake::definition] - - name: global - run_list: - - recipe[logrotate::global] diff --git a/berks-cookbooks/logrotate/.rubocop.yml b/berks-cookbooks/logrotate/.rubocop.yml deleted file mode 100644 index 3e61476e..00000000 --- a/berks-cookbooks/logrotate/.rubocop.yml +++ /dev/null @@ -1,4 +0,0 @@ -AllCops: - Exclude: - - vendor/** - - .kitchen/** \ No newline at end of file diff --git a/berks-cookbooks/logrotate/.travis.yml b/berks-cookbooks/logrotate/.travis.yml deleted file mode 100644 index 3b392bf5..00000000 --- a/berks-cookbooks/logrotate/.travis.yml +++ /dev/null @@ -1,6 +0,0 @@ -rvm: - - 2.0.0 -script: - - bundle exec foodcritic -f any . --tags ~FC015 - - bundle exec rspec --color --format progress - - bundle exec rubocop -l diff --git a/berks-cookbooks/logrotate/CHANGELOG.md b/berks-cookbooks/logrotate/CHANGELOG.md deleted file mode 100644 index b3fe95ba..00000000 --- a/berks-cookbooks/logrotate/CHANGELOG.md +++ /dev/null @@ -1,108 +0,0 @@ -logrotate Cookbook CHANGELOG -============================ -This file is used to list changes made in each version of the -logrotate cookbook. - -v1.8.0 ------- - -### Resolved Bugs - -- `su` parameter now supported in global config. - -### Improvements - -- firstaction and lastaction attributes documented in the README -- rotate attribute documented in the README -- Use hash-rocket syntax in rspec matcher to maintain 1.9 support. - -v1.7.0 ------- - -### Bugs - -- Use `raise` rather than Application.fatal! to prevent killing a - daemonized chef-client - -### Improvements - -- Chefspec matcher for logrotate_app definition -- Support the following options: compressoptions, maxage, - shred/shredcycles, extension, tabooext -- Add Solaris support - - -v1.6.0 ------- - -### Bugs - -- Fix documentation error - -### Improvements - -- Support for options "compresscmd", "uncompresscmd", "compressext" -- Allow nodateext as parameter for logrotate_app definition -- Move to chefspec ~> 3.0 - -v1.5.0 ------- - -### Bugs -- Fix missing end tag in template -- Don't re-initialize constants. -- Fix rubocop finding - -### Improvements -- [COOK-3911] Allow to use maxsize parameter. -- [COOK-4000] Allow to use dateyesterday option. -- [COOK-4024] Allow to use su parameter. -- [COOK-4175] Allows use of the dateformat parameter. -- Loosen test-kitchen version constraint -- Add rvm files to gitignore - - -v1.4.0 ------- -### Bug -- **[COOK-3632](https://tickets.chef.io/browse/COOK-3632)** - Raise Exception when adding more than one invalid option -- **[COOK-3141](https://tickets.chef.io/browse/COOK-3141)** - Do not duplicate template entires for multiple paths -- **[COOK-3034](https://tickets.chef.io/browse/COOK-3034)** - Update logrotate_app params to accept arrays and strings - -### Improvement -- **[COOK-2646](https://tickets.chef.io/browse/COOK-2646)** - Add ability to choose file mode for logrotate template - -v1.3.0 ------- -### Improvement -- **[COOK-3341](https://tickets.chef.io/browse/COOK-3341)** - Add optional `frequency` and `rotate` params when defined globally -- **[COOK-3298](https://tickets.chef.io/browse/COOK-3298)** - Use `Array` instead of `respond_to?(:each)` -- **[COOK-3285](https://tickets.chef.io/browse/COOK-3285)** - Change `logrotate.d` config file mode to `0644` -- **[COOK-3250](https://tickets.chef.io/browse/COOK-3250)** - Add `minsize` - -### Bug -- **[COOK-3274](https://tickets.chef.io/browse/COOK-3274)** - Fix README typo that suggested the opposite action - -### New Feature -- **[COOK-2923](https://tickets.chef.io/browse/COOK-2923)** - Add `olddir` option -- **[COOK-1651](https://tickets.chef.io/browse/COOK-1651)** - Add `dateext` ability - -v1.2.2 ------ -### Bug -- [COOK-2872]: Add firstaction/lastaction ability to logrotate -- [COOK-2908]: Argument error in `logrotate_app` definition - -v1.2.0 ------ -- [COOK-2401] - Add the ability to manage the global logrotate configuration - -v1.1.0 ------ -- [COOK-2218] - Logrotate size parameter - -v1.0.2 ------ -- [COOK-1027] - Add support for pre-/post-rotate commands -- [COOK-1338] - Update log rotate for more flexibility of rotate options -- [COOK-1598] - "Create" isn't a mandatory option diff --git a/berks-cookbooks/logrotate/CONTRIBUTING.md b/berks-cookbooks/logrotate/CONTRIBUTING.md deleted file mode 100644 index 85e6c26d..00000000 --- a/berks-cookbooks/logrotate/CONTRIBUTING.md +++ /dev/null @@ -1,16 +0,0 @@ -## Contribution Guidelines - -- Please submit improvements and bug fixes via Github pull requests or - by sending an email to steve@chef.io in git's format-patch - format. - -- All patches should have well-written commit message. The first line - should summarize the change while the rest of the commit message - should explain the reason the change is needed. - -- Please ensure all tests and lint checking pass before submitting - pull requests. - -## Testing - -Please read TESTING.md for details on testing this cookbook. diff --git a/berks-cookbooks/logrotate/Gemfile b/berks-cookbooks/logrotate/Gemfile deleted file mode 100644 index 5857ea6f..00000000 --- a/berks-cookbooks/logrotate/Gemfile +++ /dev/null @@ -1,9 +0,0 @@ -source 'https://rubygems.org' -gem 'chefspec', '~> 4.0' -gem 'foodcritic', '~> 4.0' -gem 'rubocop', '~> 0.12' - -group :integration do - gem 'test-kitchen', '~> 1.0' - gem 'kitchen-vagrant', '~> 0.11' -end diff --git a/berks-cookbooks/logrotate/Gemfile.lock b/berks-cookbooks/logrotate/Gemfile.lock deleted file mode 100644 index bdefc519..00000000 --- a/berks-cookbooks/logrotate/Gemfile.lock +++ /dev/null @@ -1,150 +0,0 @@ -GEM - remote: https://rubygems.org/ - specs: - ast (2.0.0) - astrolabe (1.3.0) - parser (>= 2.2.0.pre.3, < 3.0) - chef (12.0.3) - chef-zero (~> 3.2) - diff-lcs (~> 1.2, >= 1.2.4) - erubis (~> 2.7) - ffi-yajl (~> 1.2) - highline (~> 1.6, >= 1.6.9) - mixlib-authentication (~> 1.3) - mixlib-cli (~> 1.4) - mixlib-config (~> 2.0) - mixlib-log (~> 1.3) - mixlib-shellout (>= 2.0.0.rc.0, < 3.0) - net-ssh (~> 2.6) - net-ssh-multi (~> 1.1) - ohai (~> 8.0) - plist (~> 3.1.0) - pry (~> 0.9) - chef-zero (3.2.1) - ffi-yajl (~> 1.1) - hashie (~> 2.0) - mixlib-log (~> 1.3) - rack - uuidtools (~> 2.1) - chefspec (4.2.0) - chef (>= 11.14) - fauxhai (~> 2.0) - rspec (~> 3.0) - coderay (1.1.0) - diff-lcs (1.2.5) - erubis (2.7.0) - fauxhai (2.3.0) - net-ssh - ohai - ffi (1.9.6) - ffi-yajl (1.4.0) - ffi (~> 1.5) - libyajl2 (~> 1.2) - foodcritic (4.0.0) - erubis - gherkin (~> 2.11) - nokogiri (~> 1.5) - rake - rufus-lru (~> 1.0) - treetop (~> 1.4) - yajl-ruby (~> 1.1) - gherkin (2.12.2) - multi_json (~> 1.3) - hashie (2.1.2) - highline (1.7.1) - ipaddress (0.8.0) - kitchen-vagrant (0.15.0) - test-kitchen (~> 1.0) - libyajl2 (1.2.0) - method_source (0.8.2) - mime-types (2.4.3) - mini_portile (0.6.2) - mixlib-authentication (1.3.0) - mixlib-log - mixlib-cli (1.5.0) - mixlib-config (2.1.0) - mixlib-log (1.6.0) - mixlib-shellout (2.0.1) - multi_json (1.10.1) - net-dhcp (1.3.2) - net-scp (1.2.1) - net-ssh (>= 2.6.5) - net-ssh (2.9.2) - net-ssh-gateway (1.2.0) - net-ssh (>= 2.6.5) - net-ssh-multi (1.2.0) - net-ssh (>= 2.6.5) - net-ssh-gateway (>= 1.2.0) - nokogiri (1.6.6.2) - mini_portile (~> 0.6.0) - ohai (8.1.1) - ffi (~> 1.9) - ffi-yajl (~> 1.1) - ipaddress - mime-types (~> 2.0) - mixlib-cli - mixlib-config (~> 2.0) - mixlib-log - mixlib-shellout (~> 2.0) - net-dhcp - rake (~> 10.1) - systemu (~> 2.6.4) - wmi-lite (~> 1.0) - parser (2.2.0.3) - ast (>= 1.1, < 3.0) - plist (3.1.0) - polyglot (0.3.5) - powerpack (0.1.0) - pry (0.10.1) - coderay (~> 1.1.0) - method_source (~> 0.8.1) - slop (~> 3.4) - rack (1.6.0) - rainbow (2.0.0) - rake (10.4.2) - rspec (3.2.0) - rspec-core (~> 3.2.0) - rspec-expectations (~> 3.2.0) - rspec-mocks (~> 3.2.0) - rspec-core (3.2.0) - rspec-support (~> 3.2.0) - rspec-expectations (3.2.0) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.2.0) - rspec-mocks (3.2.0) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.2.0) - rspec-support (3.2.1) - rubocop (0.29.1) - astrolabe (~> 1.3) - parser (>= 2.2.0.1, < 3.0) - powerpack (~> 0.1) - rainbow (>= 1.99.1, < 3.0) - ruby-progressbar (~> 1.4) - ruby-progressbar (1.7.1) - rufus-lru (1.0.5) - safe_yaml (1.0.4) - slop (3.6.0) - systemu (2.6.4) - test-kitchen (1.3.1) - mixlib-shellout (>= 1.2, < 3.0) - net-scp (~> 1.1) - net-ssh (~> 2.7) - safe_yaml (~> 1.0) - thor (~> 0.18) - thor (0.19.1) - treetop (1.5.3) - polyglot (~> 0.3) - uuidtools (2.1.5) - wmi-lite (1.0.0) - yajl-ruby (1.2.1) - -PLATFORMS - ruby - -DEPENDENCIES - chefspec (~> 4.0) - foodcritic (~> 4.0) - kitchen-vagrant (~> 0.11) - rubocop (~> 0.12) - test-kitchen (~> 1.0) diff --git a/berks-cookbooks/logrotate/README.md b/berks-cookbooks/logrotate/README.md deleted file mode 100644 index 62e1d4f0..00000000 --- a/berks-cookbooks/logrotate/README.md +++ /dev/null @@ -1,171 +0,0 @@ -logrotate Cookbook -================== -[![Build Status](https://secure.travis-ci.org/stevendanna/logrotate.png?branch=master)](http://travis-ci.org/stevendanna/logrotate) - -Manages the logrotate package and provides a definition to manage application specific logrotate configuration. - - -Requirements ------------- -Should work on any platform that includes a 'logrotate' package and writes logrotate configuration to /etc/logrotate.d. Tested on Ubuntu, Debian and Red Hat/CentOS. - - -Recipes -------- -### global -Generates and controls a global `/etc/logrotate.conf` file that will include additional files generated by the `logrotate_app` definition (see below). The contents of the configuration file is controlled through node attributes under `node['logrotate']['global']`. The default attributes are based on the configuration from the Ubuntu logrotate package. - -To define a valueless directive (e.g. `compress`, `copy`) simply add an attribute named for the directive with a truthy value : - -```ruby -node['logrotate']['global']['compress'] = 'any value here' -``` - -Note that defining a valueless directive with a falsey value will not make it false, but will remove it: - -```ruby -# Removes a defaulted 'compress' directive; does not add a 'nocompress' directive. -node.override['logrotate']['global']['compress'] = false -``` - -To fully override a booleanish directive like `compress`, you should probably remove the positive form and add the negative form: - -```ruby -node.override['logrotate']['global']['compress'] = false -node.override['logrotate']['global']['nocompress'] = true -``` - -The same is true of frequency directives; to be certain the frequency directive you want is included in the global configuration, you should override the ones you don't want as false: - -```ruby -%w[ daily weekly yearly ].each do |freq| - node.override['logrotate']['global'][freq] = false -end -node.override['logrotate']['global']['monthly'] = true -``` - -To define a parameter with a value (e.g. `create`, `mail`) add an attribute with the desired value: - -```ruby -node['logrotate']['global']['create'] = '0644 root adm' -``` - -To define a path stanza in the global configuration (generally unneeded because of the `logrotate_app` definition) just add an attribute with the path as the name and a hash containing directives and parameters as described above: - -```ruby -node['logrotate']['global']['/var/log/wtmp'] = { - 'missingok' => true, - 'monthly' => true, - 'create' => '0660 root utmp', - 'rotate' => 1 -} -``` - -`firstaction`, `prerotate`, `postrotate`, and `lastaction` scripts can be defined either as arrays of the lines to put in the script or multiline strings: - -```ruby -node['logrotate']['global']['/var/log/foo/*.log'] = { - 'missingok' => true, - 'monthly' => true, - 'create' => '0660 root adm', - 'rotate' => 1, - 'prerotate' => ['service foo start_rotate', 'logger started foo service log rotation'], - 'postrotate' => <<-EOF - service foo end_rotate - logger completed foo service log rotation - EOF -} -``` - - -Definitions ------------ -### logrotate_app -This definition can be used to drop off customized logrotate config files on a per application basis. - -The definition takes the following params: - -- `path`: specifies a single path (string) or multiple paths (array) that should have logrotation stanzas created in the config file. No default, this must be specified. -- `enable`: true/false, if true it will create the template in /etc/logrotate.d. -- `frequency`: sets the frequency for rotation. Default value is 'weekly'. Valid values are: daily, weekly, monthly, yearly, see the logrotate man page for more information. -- `dateformat`: specifies date extension with %Y, %m, %d, and %s. The default value is -%Y%m%d. -- `size`: Log files are rotated when they grow bigger than size bytes. -- `maxsize`: Log files are rotated when they grow bigger than size bytes even before the additionally specified time interval. -- `su`: Rotate log files set under this user and group instead of using default user/group. -- `template`: sets the template source, default is "logrotate.erb". -- `template_mode`: the mode to create the logrotate template with (default "0440") -- `template_owner`: the owner of the logrotate template (default "root") -- `template_group`: the group of the logrotate template (default "root") -- `cookbook`: select the template source from the specified cookbook. By default it will use the template from the logrotate cookbook. -- `create`: creation parameters for the logrotate "create" config, follows the form "mode owner group". This is an optional parameter, and is nil by default. -- `firstaction`: lines to be executed once before all log files that match the wildcarded pattern are rotated, before pre-rotate script is run and only if at least one log will actually be rotated -- `postrotate`: lines to be executed after the log file is rotated -- `prerotate`: lines to be executed before the log file is rotated -- `lastaction`: lines to be executed once after all log files that match the wildcarded pattern are rotated, after postrotate script is run and only if at least one log is rotated -- `rotate`: Log files are rotated this many times before being removed or mailed. -- `sharedscripts`: if true, the sharedscripts options is specified which makes sure prescript and postscript commands are run only once (even if multiple files match the path) - - -Usage ------ -The default recipe will ensure logrotate is always up to date. - -To create application specific logrotate configs, use the `logrotate_app` definition. For example, to rotate logs for a tomcat application named myapp that writes its log file to `/var/log/tomcat/myapp.log`: - -```ruby -logrotate_app 'tomcat-myapp' do - cookbook 'logrotate' - path '/var/log/tomcat/myapp.log' - frequency 'daily' - rotate 30 - create '644 root adm' -end -``` - -To rotate multiple logfile paths, specify the path as an array: - -```ruby -logrotate_app 'tomcat-myapp' do - cookbook 'logrotate' - path ['/var/log/tomcat/myapp.log', '/opt/local/tomcat/catalina.out'] - frequency 'daily' - create '644 root adm' - rotate 7 -end -``` - -To specify which logrotate options, specify the options as an array: - -```ruby -logrotate_app 'tomcat-myapp' do - cookbook 'logrotate' - path '/var/log/tomcat/myapp.log' - options ['missingok', 'delaycompress', 'notifempty'] - frequency 'daily' - rotate 30 - create '644 root adm' -end -``` - - -License & Authors ------------------ -- Author:: Scott M. Likens () -- Author:: Joshua Timberman () - -```text -Copyright 2009, Scott M. Likens -Copyright 2011-2012, Chef Software, Inc. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -``` diff --git a/berks-cookbooks/logrotate/TESTING.md b/berks-cookbooks/logrotate/TESTING.md deleted file mode 100644 index 0484b9fa..00000000 --- a/berks-cookbooks/logrotate/TESTING.md +++ /dev/null @@ -1,49 +0,0 @@ -This cookbook uses a variety of testing components: - -- Unit tests: [ChefSpec](https://github.com/acrmp/chefspec) -- Integration tests: [Test Kitchen](https://github.com/chef/test-kitchen) -- Chef Style lints: [Foodcritic](https://github.com/acrmp/foodcritic) -- Ruby Style lints: [Rubocop](https://github.com/bbatsov/rubocop) - - -Prerequisites -------------- -To develop on this cookbook, you must have a sane Ruby 1.9+ environment. Given the nature of this installation process (and it's variance across multiple operating systems), we will leave this installation process to the user. - -You must also have `bundler` installed: - - $ gem install bundler - -You must also have Vagrant and VirtualBox installed: - -- [Vagrant](https://vagrantup.com) -- [VirtualBox](https://virtualbox.org) - -Once installed, you must install the `vagrant-berkshelf` plugin: - - $ vagrant plugin install vagrant-berkshelf - - -Development ------------ -1. Clone the git repository from GitHub: - - $ git clone git@github.com:stevendanna/logrotate.git - -2. Install the dependencies using bundler: - - $ bundle install - -3. Create a branch for your changes: - - $ git checkout -b my_bug_fix - -4. Make any changes -5. Write tests to support those changes. It is highly recommended you write both unit and integration tests. -6. Run the tests: - - `bundle exec rspec` - - `bundle exec foodcritic .` - - `bundle exec rubocop -l ` - - `bundle exec kitchen test` - -7. Assuming the tests pass, open a Pull Request on GitHub diff --git a/berks-cookbooks/logrotate/definitions/logrotate_app.rb b/berks-cookbooks/logrotate/definitions/logrotate_app.rb deleted file mode 100644 index 133a6016..00000000 --- a/berks-cookbooks/logrotate/definitions/logrotate_app.rb +++ /dev/null @@ -1,77 +0,0 @@ -# -# Cookbook Name:: logrotate -# Definition:: logrotate_instance -# -# Copyright 2009, Scott M. Likens -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -log_rotate_params = { - :enable => true, - :frequency => 'weekly', - :template => 'logrotate.erb', - :cookbook => 'logrotate', - :template_mode => '0440', - :template_owner => 'root', - :template_group => 'root', - :postrotate => nil, - :prerotate => nil, - :firstaction => nil, - :lastaction => nil, - :sharedscripts => false -} - -define(:logrotate_app, log_rotate_params) do - include_recipe 'logrotate::default' - - options_tmp = params[:options] ||= %w(missingok compress delaycompress copytruncate notifempty) - options = options_tmp.respond_to?(:each) ? options_tmp : options_tmp.split - options << 'sharedscripts' if params[:sharedscripts] - - if params[:enable] - invalid_options = options - CookbookLogrotate::DIRECTIVES - - unless invalid_options.empty? - Chef::Log.error("Invalid option(s) passed to logrotate: #{invalid_options.join(', ')}") - raise - end - - logrotate_config = { - :path => Array(params[:path]).map { |path| path.to_s.inspect }.join(' '), - :frequency => params[:frequency], - :options => options - } - CookbookLogrotate::VALUES.each do |opt_name| - logrotate_config[opt_name.to_sym] = params[opt_name.to_sym] - end - - CookbookLogrotate::SCRIPTS.each do |script_name| - logrotate_config[script_name.to_sym] = Array(params[script_name.to_sym]).join("\n") - end - - template "/etc/logrotate.d/#{params[:name]}" do - source params[:template] - cookbook params[:cookbook] - mode params[:template_mode] - owner params[:template_owner] - group params[:template_group] - backup false - variables logrotate_config - end - else - file "/etc/logrotate.d/#{params[:name]}" do - action :delete - end - end -end diff --git a/berks-cookbooks/logrotate/libraries/logrotate_config.rb b/berks-cookbooks/logrotate/libraries/logrotate_config.rb deleted file mode 100644 index 479a291b..00000000 --- a/berks-cookbooks/logrotate/libraries/logrotate_config.rb +++ /dev/null @@ -1,88 +0,0 @@ -# -# Cookbook Name:: logrotate -# Library:: CookbookLogrotate -# -# Copyright 2013, Chef -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -# Helper module for Logrotate configuration module CookbookLogrotate -module CookbookLogrotate - DIRECTIVES = %w(compress copy copytruncate daily dateext - dateyesterday delaycompress hourly ifempty mailfirst maillast - missingok monthly nocompress nocopy nocopytruncate nocreate - nodelaycompress nodateext nomail nomissingok noolddir - nosharedscripts noshred notifempty sharedscripts shred weekly - yearly) unless const_defined?(:DIRECTIVES) - - VALUES = %w(compresscmd uncompresscmd compressext compressoptions - create dateformat include mail extension maxage minsize maxsize - rotate size shredcycles start tabooext su olddir) unless const_defined?(:VALUES) - - SCRIPTS = %w(firstaction prerotate postrotate lastaction preremove) unless const_defined?(:SCRIPTS) - - DIRECTIVES_AND_VALUES = DIRECTIVES + VALUES unless const_defined?(:DIRECTIVES_AND_VALUES) - - # Helper class for creating configurations - class LogrotateConfiguration - attr_reader :directives, :values, :paths - - class << self - def from_hash(hash) - new(hash) - end - - def directives_from(hash) - hash.select { |k, v| DIRECTIVES.include?(k) && v }.keys - end - - def values_from(hash) - hash.select { |k| VALUES.include?(k) } - end - - def paths_from(hash) - hash.select { |k| !(DIRECTIVES_AND_VALUES.include?(k)) }.reduce({}) do | accum_paths, (path, config) | - accum_paths[path] = { - 'directives' => directives_from(config), - 'values' => values_from(config), - 'scripts' => scripts_from(config) - } - - accum_paths - end - end - - def scripts_from(hash) - defined_scripts = hash.select { |k| SCRIPTS.include?(k) } - defined_scripts.reduce({}) do | accum_scripts, (script, lines) | - if lines.respond_to?(:join) - accum_scripts[script] = lines.join("\n") - else - accum_scripts[script] = lines - end - - accum_scripts - end - end - end - - private - - def initialize(hash) - @directives = LogrotateConfiguration.directives_from(hash) - @values = LogrotateConfiguration.values_from(hash) - @paths = LogrotateConfiguration.paths_from(hash) - end - end -end diff --git a/berks-cookbooks/logrotate/libraries/matchers.rb b/berks-cookbooks/logrotate/libraries/matchers.rb deleted file mode 100644 index e8c759fd..00000000 --- a/berks-cookbooks/logrotate/libraries/matchers.rb +++ /dev/null @@ -1,154 +0,0 @@ -if defined?(ChefSpec) - def enable_logrotate_app(name) - LogrotateAppMatcher.new(name) - end - - class LogrotateAppMatcher - def initialize(name) - @name = name - end - - def with(parameters = {}) - params.merge!(parameters) - self - end - - def at_compile_time - raise ArgumentError, 'Cannot specify both .at_converge_time and .at_compile_time!' if @converge_time - @compile_time = true - self - end - - def at_converge_time - raise ArgumentError, 'Cannot specify both .at_compile_time and .at_converge_time!' if @compile_time - @converge_time = true - self - end - - # - # Allow users to specify fancy #with matchers. - # - def method_missing(m, *args, &block) - if m.to_s =~ /^with_(.+)$/ - with($1.to_sym => args.first) - self - else - super - end - end - - def description - %Q{"enable" #{@name} "logrotate_app"} - end - - def matches?(runner) - @runner = runner - - if resource - resource.performed_action?('create') && unmatched_parameters.empty? && correct_phase? - else - false - end - end - - def failure_message_for_should - if resource - if resource.performed_action?('create') - if unmatched_parameters.empty? - if @compile_time - %Q{expected "#{resource}" to be run at compile time} - else - %Q{expected "#{resource}" to be run at converge time} - end - else - %Q{expected "#{resource}" to have parameters:} \ - "\n\n" \ - " " + unmatched_parameters.collect { |parameter, h| - "#{parameter} #{h[:expected].inspect}, was #{h[:actual].inspect}" - }.join("\n ") - end - else - %Q{expected "#{resource}" actions #{resource.performed_actions.inspect}} \ - " to include : create" - end - else - %Q{expected "logrotate_app[#{@name}] with"} \ - " enable : true to be in Chef run. Other" \ - " #{@name} resources:" \ - "\n\n" \ - " " + similar_resources.map(&:to_s).join("\n ") + "\n " - end - end - - def failure_message_for_should_not - if resource - message = %Q{expected "#{resource}" actions #{resource.performed_actions.inspect} to not exist} - else - message = %Q{expected "#{resource}" to not exist} - end - - message << " at compile time" if @compile_time - message << " at converge time" if @converge_time - message - end - - private - def unmatched_parameters - return @_unmatched_parameters if @_unmatched_parameters - - @_unmatched_parameters = {} - - params.each do |parameter, expected| - unless matches_parameter?(parameter, expected) - @_unmatched_parameters[parameter] = { - :expected => expected, - :actual => safe_send(parameter), - } - end - end - - @_unmatched_parameters - end - - def matches_parameter?(parameter, expected) - # Chef 11+ stores the source parameter internally as an Array - # - case parameter - when :cookbook - expected === safe_send(parameter) - when :path - Array(expected == safe_send('variables')[parameter]) - else - expected == safe_send('variables')[parameter] - end - end - - def correct_phase? - if @compile_time - resource.performed_action('create')[:compile_time] - elsif @converge_time - resource.performed_action('create')[:converge_time] - else - true - end - end - - def safe_send(parameter) - resource.send(parameter) - rescue NoMethodError - nil - end - - def similar_resources - @_similar_resources ||= @runner.find_resources('template') - end - - def resource - @_resource ||= @runner.find_resource('template', "/etc/logrotate.d/#{@name}") - end - - def params - @_params ||= {} - end - end -end diff --git a/berks-cookbooks/logrotate/metadata.json b/berks-cookbooks/logrotate/metadata.json deleted file mode 100644 index e484e175..00000000 --- a/berks-cookbooks/logrotate/metadata.json +++ /dev/null @@ -1,48 +0,0 @@ -{ - "name": "logrotate", - "description": "Installs logrotate package and provides a definition for logrotate configs", - "long_description": "Installs the logrotate package, manages /etc/logrotate.conf, and provides a logrotate_app definition.", - "maintainer": "Steven Danna", - "maintainer_email": "steve@chef.io", - "license": "Apache 2.0", - "platforms": { - "amazon": ">= 0.0.0", - "centos": ">= 0.0.0", - "debian": ">= 0.0.0", - "fedora": ">= 0.0.0", - "redhat": ">= 0.0.0", - "scientific": ">= 0.0.0", - "solaris2": ">= 0.0.0", - "ubuntu": ">= 0.0.0" - }, - "dependencies": { - - }, - "recommendations": { - - }, - "suggestions": { - - }, - "conflicting": { - - }, - "providing": { - "logrotate_app": ">= 0.0.0" - }, - "replacing": { - - }, - "attributes": { - - }, - "groupings": { - - }, - "recipes": { - "logrotate": "Installs logrotate package" - }, - "version": "1.9.1", - "source_url": "", - "issues_url": "" -} diff --git a/berks-cookbooks/logrotate/templates/default/logrotate-global.erb b/berks-cookbooks/logrotate/templates/default/logrotate-global.erb deleted file mode 100644 index 96ba5041..00000000 --- a/berks-cookbooks/logrotate/templates/default/logrotate-global.erb +++ /dev/null @@ -1,29 +0,0 @@ -# This file was generated by Chef for <%= node['fqdn'] %>. -# Do not modify this file by hand! - -<% @configuration.directives.each do |d| -%> -<%= d %> -<% end -%> - -<% @configuration.values.each do |k, v| -%> -<%= k %> <%= v %> -<% end -%> - -include /etc/logrotate.d - -<% @configuration.paths.each do |path, path_config| -%> -<%= path %> { - <% path_config['directives'].each do |d|-%> - <%= d %> - <% end -%> - <% path_config['values'].each do | k, v | -%> - <%= k %> <%= v %> - <% end -%> - <% path_config['scripts'].each do | scripttype, body | -%> - <%= scripttype %> - <%= body %> - endscript - <% end -%> -} - -<% end -%> diff --git a/berks-cookbooks/logrotate/templates/default/logrotate.erb b/berks-cookbooks/logrotate/templates/default/logrotate.erb deleted file mode 100644 index f8e8d8dd..00000000 --- a/berks-cookbooks/logrotate/templates/default/logrotate.erb +++ /dev/null @@ -1,23 +0,0 @@ -# This file was generated by Chef for <%= node['fqdn'] %>. -# Do not modify this file by hand! - -<%= @path %> { -<%- if @frequency %> - <%= @frequency %> -<%- end %> -<%- CookbookLogrotate::VALUES.each do |opt_name| %> - <% if instance_variable_get("@#{opt_name}") %> - <%= "#{opt_name} #{instance_variable_get("@#{opt_name}")}" %> - <%- end %> -<%- end %> -<% @options.each do |o| -%> - <%= o %> -<% end -%> -<%- CookbookLogrotate::SCRIPTS.each do |script_name| %> - <% unless instance_variable_get("@#{script_name}").empty? %> - <%= script_name %> - <%= instance_variable_get("@#{script_name}") %> - endscript - <%- end %> -<%- end %> -} diff --git a/berks-cookbooks/mysql/CHANGELOG.md b/berks-cookbooks/mysql/CHANGELOG.md index b7c810fd..03391155 100644 --- a/berks-cookbooks/mysql/CHANGELOG.md +++ b/berks-cookbooks/mysql/CHANGELOG.md @@ -1,7 +1,76 @@ mysql Cookbook CHANGELOG ======================== -v6.0.15 (2015-03-13) +v6.1.1 (2015-09-24) +-------------------- +- Completing ChefSpec matchers + +v6.1.0 (2015-07-17) +-------------------- +- Adding tunables for tmp_dir, error_log, and pid_file +- Adding mysqld_options hash interface for main my.cnf template + +v6.0.31 (2015-07-13) +-------------------- +- Reverting create_stop_system_service checks + +v6.0.30 (2015-07-13) +-------------------- +- Ubuntu 15.04 support +- Check for scripts and unit files during create_stop_system_service + +v6.0.29 (2015-07-12) +-------------------- +- Patch to allow blank root password +- Adding package information for Suse 12.0 + +v6.0.28 (2015-07-10) +-------------------- +- Fixes for 12.4.x + +v6.0.27 (2015-07-09) +-------------------- +- Allowing integer value for port number + +v6.0.26 (2015-07-07) +-------------------- +- Reverting breaking changes introduced in 6.0.25 + +v6.0.25 (2015-07-06) +-------------------- +- Fixes for 12.4.1 + +v6.0.24 (2015-06-27) +-------------------- +- #341 - Changing default GRANT for root from '%' to 'localhost' and '127.0.0.1' + +v6.0.23 (2015-06-21) +-------------------- +- #354 Better handling of long MySQL startup times + +v6.0.22 (2015-05-07) +-------------------- +- Debian 8 (Jessie) support + +v6.0.21 (2015-04-08) +-------------------- +- Fix to Upstart prestart script when using custom socket +- Adding --explicit_defaults_for_timestamp mysql_install_db_cmd for + 5.6 and above + +v6.0.20 (2015-03-27) +-------------------- +- #318 - Fixing Upstart pre-start script to handle custom socket paths + +v6.0.19 (2015-03-25) +-------------------- +- Adding support for Amazon Linux 2015.03 + +v6.0.18 (2015-03-24) +-------------------- +- Adding support for 5.6 and 5.7 packages from dotdeb repos on Debian 7 + +v6.0.17 (2015-03-13) -------------------- - Updated for MySQL 5.7.6. - Handing removal of mysql_install_db and mysqld_safe diff --git a/berks-cookbooks/mysql/README.md b/berks-cookbooks/mysql/README.md index 5154148a..07be6b25 100644 --- a/berks-cookbooks/mysql/README.md +++ b/berks-cookbooks/mysql/README.md @@ -1,6 +1,8 @@ MySQL Cookbook ===================== +[![Join the chat at https://gitter.im/chef-cookbooks/mysql](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/chef-cookbooks/mysql?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) + The Mysql Cookbook is a library cookbook that provides resource primitives (LWRPs) for use in recipes. It is designed to be a reference example for creating highly reusable cross-platform cookbooks. @@ -35,6 +37,8 @@ The following platforms have been tested with Test Kitchen: |----------------+-----+-----+-----+-----+-----| | ubuntu-14.04 | | | X | X | | |----------------+-----+-----+-----+-----+-----| +| ubuntu-15.04 | | | | X | | +|----------------+-----+-----+-----+-----+-----| | centos-5 | X | X | X | X | X | |----------------+-----+-----+-----+-----+-----| | centos-6 | | X | X | X | X | @@ -68,20 +72,87 @@ depends 'mysql', '~> 6.0' Then, in a recipe: ```ruby -mysql_service 'default' do +mysql_service 'foo' do port '3306' version '5.5' initial_root_password 'change me' action [:create, :start] end +``` + +The service name on the OS is `mysql-foo`. You can manually start and +stop it with `service mysql-foo start` and `service mysql-foo stop`. + +The configuration file is at `/etc/mysql-foo/my.cnf`. It contains the +minimum options to get the service running. It looks like this. + +``` +# Chef generated my.cnf for instance mysql-foo + +[client] +default-character-set = utf8 +port = 3306 +socket = /var/run/mysql-foo/mysqld.sock + +[mysql] +default-character-set = utf8 + +[mysqld] +user = mysql +pid-file = /var/run/mysql-foo/mysqld.pid +socket = /var/run/mysql-foo/mysqld.sock +port = 3306 +datadir = /var/lib/mysql-foo +tmpdir = /tmp +log-error = /var/log/mysql-foo/error.log +!includedir /etc/mysql-foo/conf.d + +[mysqld_safe] +socket = /var/run/mysql-foo/mysqld.sock +``` -mysql_config 'default' do - source 'mysite.cnf.erb' - notifies :restart, 'mysql_service[default]' +You can put extra configuration into the conf.d directory by using the +`mysql_config` resource, like this: + +```ruby +mysql_service 'foo' do + port '3306' + version '5.5' + initial_root_password 'change me' + action [:create, :start] +end + +mysql_config 'foo' do + source 'my_extra_settings.erb' + notifies :restart, 'mysql_service[foo]' action :create end ``` +You are responsible for providing `my_extra_settings.erb` in your own +cookbook's templates folder. + +Connecting with the mysql CLI command +------------------------------------- +Logging into the machine and typing `mysql` with no extra arguments +will fail. You need to explicitly connect over the socket with `mysql +-S /var/run/mysql-foo/mysqld.sock`, or over the network with `mysql -h +127.0.0.1` + +Upgrading from older version of the mysql cookbook +-------------------------------------------------- +- It is strongly recommended that you rebuild the machine from + scratch. This is easy if you have your `data_dir` on a dedicated + mount point. If you *must* upgrade in-place, follow the instructions + below. + +- The 6.x series supports multiple service instances on a single + machine. It dynamically names the support directories and service + names. `/etc/mysql becomes /etc/mysql-instance_name`. Other support + directories in `/var` `/run` etc work the same way. Make sure to + specify the `data_dir` property on the `mysql_service` resource to + point to the old `/var/lib/mysql` directory. + Resources Overview ------------------ ### mysql_service @@ -126,6 +197,8 @@ to reference is `mysql_service[name]`, not `service[mysql]`. on the machine. This is useful when mounting external storage. When omitted, it will default to the platform's native location. +- `error_log` - Tunable location of the error_log + - `initial_root_password` - allows the user to specify the initial root password for mysql when initializing new databases. This can be set explicitly in a recipe, driven from a node @@ -150,6 +223,14 @@ omitted, it will default to the platform's native location. that particular address. If the address is "0.0.0.0" (IPv4) or "::" (IPv6), the server accepts TCP/IP connections on all IPv4 or IPv6 interfaces. +- `mysqld_options` - A key value hash of options to be rendered into + the main my.cnf. WARNING - It is highly recommended that you use the + `mysql_config` resource instead of sending extra config into a + `mysql_service` resource. This will allow you to set up + notifications and subscriptions between the service and its + configuration. That being said, this can be useful for adding extra + options needed for database initialization at first run. + - `port` - determines the listen port for the mysqld service. When omitted, it will default to '3306'. @@ -159,11 +240,15 @@ omitted, it will default to the platform's native location. - `run_user` - The name of the system user the `mysql_service` should run as. Defaults to 'mysql'. +- `pid_file` - Tunable location of the pid file. + - `socket` - determines where to write the socket file for the `mysql_service` instance. Useful when configuring clients on the same machine to talk over socket and skip the networking stack. Defaults to a calculated value based on platform and instance name. +- `tmp_dir` - Tunable location of the tmp_dir + - `version` - allows the user to select from the versions available for the platform, where applicable. When omitted, it will install the default MySQL version for the target platform. Available version @@ -186,28 +271,28 @@ but you can specify one if your platform support it. mysql_service[instance-1] do port '1234' data_dir '/mnt/lottadisk' - provider Chef::Provider::MysqlService::Sysvinit + provider Chef::Provider::MysqlServiceSysvinit action [:create, :start] end ``` -- `Chef::Provider::MysqlService` - Configures everything needed t run +- `Chef::Provider::MysqlServiceBase` - Configures everything needed t run a MySQL service except the platform service facility. This provider should never be used directly. The `:start`, `:stop`, `:restart`, and `:reload` actions are stubs meant to be overridden by the providers below. -- `Chef::Provider::MysqlService::Smf` - Starts a `mysql_service` using +- `Chef::Provider::MysqlServiceSmf` - Starts a `mysql_service` using the Service Management Facility, used by Solaris and IllumOS. Manages the FMRI and method script. -- `Chef::Provider::MysqlService::Systemd` - Starts a `mysql_service` +- `Chef::Provider::MysqlServiceSystemd` - Starts a `mysql_service` using SystemD. Manages the unit file and activation state -- `Chef::Provider::MysqlService::Sysvinit` - Starts a `mysql_service` +- `Chef::Provider::MysqlServiceSysvinit` - Starts a `mysql_service` using SysVinit. Manages the init script and status. -- `Chef::Provider::MysqlService::Upstart` - Starts a `mysql_service` +- `Chef::Provider::MysqlServiceUpstart` - Starts a `mysql_service` using Upstart. Manages job definitions and status. ### mysql_config @@ -428,11 +513,22 @@ like this one: `Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock'` -To connect to a database from the command line, you'll need to specify -additional flags and connect over the network.. +This is because MySQL is hardcoded to read the defined default my.cnf +file, typically at /etc/my.cnf, and this LWRP deletes it to prevent +overlap among multiple MySQL configurations. + +To connect to the socket from the command line, check the socket in the relevant my.cnf file and use something like this: + +`mysql -S /var/run/mysql-foo/mysqld.sock -Pwhatever` + +Or to connect over the network, use something like this: +connect over the network.. `mysql -h 127.0.0.1 -Pwhatever` +These network or socket ssettings can also be put in you +$HOME/.my.cnf, if preferred. + ### What about MariaDB, Percona, Drizzle, WebScaleSQL, etc. MySQL forks are purposefully out of scope for this cookbook. This is @@ -445,6 +541,9 @@ version numbers, supported platform matrices, and the availability of software such as XtraDB and Galera are the main reasons that creating multiple cookbooks to make sense. +Warnings +-------- + Hacking / Testing / TODO ------------------------- Please refer to the HACKING.md diff --git a/berks-cookbooks/mysql/libraries/helpers.rb b/berks-cookbooks/mysql/libraries/helpers.rb index 71a4e071..8d9f0dd4 100644 --- a/berks-cookbooks/mysql/libraries/helpers.rb +++ b/berks-cookbooks/mysql/libraries/helpers.rb @@ -34,6 +34,7 @@ def defaults_file end def error_log + return new_resource.error_log if new_resource.error_log "#{log_dir}/error.log" end @@ -105,6 +106,24 @@ def v57plus true end + def password_column_name + return 'authentication_string' if v57plus + 'password' + end + + def password_expired + return ", password_expired='N'" if v57plus + '' + end + + def root_password + if new_resource.initial_root_password == '' + Chef::Log.info('Root password is empty') + return '' + end + Shellwords.escape(new_resource.initial_root_password) + end + # database and initial records # initialization commands @@ -121,6 +140,7 @@ def mysql_install_db_cmd cmd = mysql_install_db_bin cmd << " --defaults-file=#{etc_dir}/my.cnf" cmd << " --datadir=#{parsed_data_dir}" + cmd << ' --explicit_defaults_for_timestamp' if v56plus return "scl enable #{scl_name} \"#{cmd}\"" if scl_package? cmd end @@ -147,10 +167,11 @@ def init_records_script mkdir /tmp/#{mysql_name} cat > /tmp/#{mysql_name}/my.sql <<-EOSQL -DELETE FROM mysql.user ; -CREATE USER 'root'@'%' IDENTIFIED BY '#{Shellwords.escape(new_resource.initial_root_password)}' ; -GRANT ALL ON *.* TO 'root'@'%' WITH GRANT OPTION ; +UPDATE mysql.user SET #{password_column_name}=PASSWORD('#{root_password}')#{password_expired} WHERE user = 'root'; +DELETE FROM mysql.user WHERE USER LIKE ''; +DELETE FROM mysql.user WHERE user = 'root' and host NOT IN ('127.0.0.1', 'localhost'); FLUSH PRIVILEGES; +DELETE FROM mysql.db WHERE db LIKE 'test%'; DROP DATABASE IF EXISTS test ; EOSQL @@ -203,6 +224,7 @@ def mysqld_safe_bin end def pid_file + return new_resource.pid_file if new_resource.pid_file "#{run_dir}/mysqld.pid" end @@ -221,7 +243,13 @@ def socket_file "#{run_dir}/mysqld.sock" end + def socket_dir + return File.dirname(new_resource.socket) if new_resource.socket + run_dir + end + def tmp_dir + return new_resource.tmp_dir if new_resource.tmp_dir '/tmp' end @@ -250,18 +278,32 @@ def self.pkginfo @pkginfo.set['debian']['14.10']['5.5']['server_package'] = 'mysql-server-5.5' @pkginfo.set['debian']['14.10']['5.6']['client_package'] = %w(mysql-client-5.6 libmysqlclient-dev) @pkginfo.set['debian']['14.10']['5.6']['server_package'] = 'mysql-server-5.6' + @pkginfo.set['debian']['15.04']['5.6']['client_package'] = %w(mysql-client-5.6 libmysqlclient-dev) + @pkginfo.set['debian']['15.04']['5.6']['server_package'] = 'mysql-server-5.6' @pkginfo.set['debian']['6']['5.1']['client_package'] = %w(mysql-client libmysqlclient-dev) @pkginfo.set['debian']['6']['5.1']['server_package'] = 'mysql-server-5.1' @pkginfo.set['debian']['7']['5.5']['client_package'] = %w(mysql-client libmysqlclient-dev) @pkginfo.set['debian']['7']['5.5']['server_package'] = 'mysql-server-5.5' - @pkginfo.set['debian']['jessie/sid']['5.5']['client_package'] = %w(mysql-client libmysqlclient-dev) - @pkginfo.set['debian']['jessie/sid']['5.5']['server_package'] = 'mysql-server-5.5' + @pkginfo.set['debian']['7']['5.6']['client_package'] = %w(mysql-client libmysqlclient-dev) # apt-repo from dotdeb + @pkginfo.set['debian']['7']['5.6']['server_package'] = 'mysql-server-5.6' + @pkginfo.set['debian']['7']['5.7']['client_package'] = %w(mysql-client libmysqlclient-dev) # apt-repo from dotdeb + @pkginfo.set['debian']['7']['5.7']['server_package'] = 'mysql-server-5.7' + @pkginfo.set['debian']['8']['5.5']['client_package'] = %w(mysql-client libmysqlclient-dev) + @pkginfo.set['debian']['8']['5.5']['server_package'] = 'mysql-server-5.5' @pkginfo.set['fedora']['20']['5.5']['client_package'] = %w(community-mysql community-mysql-devel) @pkginfo.set['fedora']['20']['5.5']['server_package'] = 'community-mysql-server' @pkginfo.set['fedora']['20']['5.6']['client_package'] = %w(mysql-community-client mysql-community-devel) @pkginfo.set['fedora']['20']['5.6']['server_package'] = 'mysql-community-server' @pkginfo.set['fedora']['20']['5.7']['client_package'] = %w(mysql-community-client mysql-community-devel) @pkginfo.set['fedora']['20']['5.7']['server_package'] = 'mysql-community-server' + @pkginfo.set['fedora']['21']['5.6']['client_package'] = %w(mysql-community-client mysql-community-devel) + @pkginfo.set['fedora']['21']['5.6']['server_package'] = 'mysql-community-server' + @pkginfo.set['fedora']['21']['5.7']['client_package'] = %w(mysql-community-client mysql-community-devel) + @pkginfo.set['fedora']['21']['5.7']['server_package'] = 'mysql-community-server' + @pkginfo.set['fedora']['22']['5.6']['client_package'] = %w(mysql-community-client mysql-community-devel) + @pkginfo.set['fedora']['22']['5.6']['server_package'] = 'mysql-community-server' + @pkginfo.set['fedora']['22']['5.7']['client_package'] = %w(mysql-community-client mysql-community-devel) + @pkginfo.set['fedora']['22']['5.7']['server_package'] = 'mysql-community-server' @pkginfo.set['freebsd']['10']['5.5']['client_package'] = %w(mysql55-client) @pkginfo.set['freebsd']['10']['5.5']['server_package'] = 'mysql55-server' @pkginfo.set['freebsd']['9']['5.5']['client_package'] = %w(mysql55-client) @@ -278,6 +320,14 @@ def self.pkginfo @pkginfo.set['rhel']['2014.09']['5.6']['server_package'] = 'mysql-community-server' @pkginfo.set['rhel']['2014.09']['5.7']['client_package'] = %w(mysql-community-client mysql-community-devel) @pkginfo.set['rhel']['2014.09']['5.7']['server_package'] = 'mysql-community-server' + @pkginfo.set['rhel']['2015.03']['5.1']['server_package'] = %w(mysql51 mysql51-devel) + @pkginfo.set['rhel']['2015.03']['5.1']['server_package'] = 'mysql51-server' + @pkginfo.set['rhel']['2015.03']['5.5']['client_package'] = %w(mysql-community-client mysql-community-devel) + @pkginfo.set['rhel']['2015.03']['5.5']['server_package'] = 'mysql-community-server' + @pkginfo.set['rhel']['2015.03']['5.6']['client_package'] = %w(mysql-community-client mysql-community-devel) + @pkginfo.set['rhel']['2015.03']['5.6']['server_package'] = 'mysql-community-server' + @pkginfo.set['rhel']['2015.03']['5.7']['client_package'] = %w(mysql-community-client mysql-community-devel) + @pkginfo.set['rhel']['2015.03']['5.7']['server_package'] = 'mysql-community-server' @pkginfo.set['rhel']['5']['5.0']['client_package'] = %w(mysql mysql-devel) @pkginfo.set['rhel']['5']['5.0']['server_package'] = 'mysql-server' @pkginfo.set['rhel']['5']['5.1']['client_package'] = %w(mysql51-mysql) @@ -308,6 +358,8 @@ def self.pkginfo @pkginfo.set['smartos']['5.11']['5.6']['server_package'] = 'mysql-server' @pkginfo.set['suse']['11.3']['5.5']['client_package'] = %w(mysql-client) @pkginfo.set['suse']['11.3']['5.5']['server_package'] = 'mysql' + @pkginfo.set['suse']['12.0']['5.5']['client_package'] = %w(mysql-client) + @pkginfo.set['suse']['12.0']['5.5']['server_package'] = 'mysql' @pkginfo end @@ -354,7 +406,7 @@ def client_package node['platform_version'], parsed_version, :client_package - ) + ) end def server_package @@ -364,7 +416,7 @@ def server_package node['platform_version'], parsed_version, :server_package - ) + ) end def server_package_name @@ -383,15 +435,17 @@ def parsed_version return '5.5' if node['platform_family'] == 'debian' && node['platform_version'] == '13.10' return '5.5' if node['platform_family'] == 'debian' && node['platform_version'] == '14.04' return '5.5' if node['platform_family'] == 'debian' && node['platform_version'] == '14.10' - return '5.5' if node['platform_family'] == 'debian' && node['platform_version'] == 'jessie/sid' return '5.5' if node['platform_family'] == 'debian' && node['platform_version'].to_i == 7 - return '5.5' if node['platform_family'] == 'fedora' + return '5.5' if node['platform_family'] == 'debian' && node['platform_version'].to_i == 8 return '5.5' if node['platform_family'] == 'freebsd' return '5.5' if node['platform_family'] == 'omnios' return '5.5' if node['platform_family'] == 'rhel' && node['platform_version'].to_i == 2014 + return '5.5' if node['platform_family'] == 'rhel' && node['platform_version'].to_i == 2015 return '5.5' if node['platform_family'] == 'rhel' && node['platform_version'].to_i == 7 return '5.5' if node['platform_family'] == 'smartos' return '5.5' if node['platform_family'] == 'suse' + return '5.6' if node['platform_family'] == 'fedora' + return '5.6' if node['platform_family'] == 'debian' && node['platform_version'] == '15.04' end end end diff --git a/berks-cookbooks/mysql/libraries/matchers.rb b/berks-cookbooks/mysql/libraries/matchers.rb index f806d00e..373e3cb9 100644 --- a/berks-cookbooks/mysql/libraries/matchers.rb +++ b/berks-cookbooks/mysql/libraries/matchers.rb @@ -1,4 +1,17 @@ if defined?(ChefSpec) + if ChefSpec.respond_to?(:define_matcher) + # ChefSpec >= 4.1 + ChefSpec.define_matcher :mysql_config + ChefSpec.define_matcher :mysql_service + ChefSpec.define_matcher :mysql_client + elsif defined?(ChefSpec::Runner) && + ChefSpec::Runner.respond_to?(:define_runner_method) + # ChefSpec < 4.1 + ChefSpec::Runner.define_runner_method :mysql_config + ChefSpec::Runner.define_runner_method :mysql_service + ChefSpec::Runner.define_runner_method :mysql_client + end + # config def create_mysql_config(resource_name) ChefSpec::Matchers::ResourceMatcher.new(:mysql_config, :create, resource_name) @@ -17,6 +30,22 @@ def delete_mysql_service(resource_name) ChefSpec::Matchers::ResourceMatcher.new(:mysql_service, :delete, resource_name) end + def start_mysql_service(resource_name) + ChefSpec::Matchers::ResourceMatcher.new(:mysql_service, :start, resource_name) + end + + def stop_mysql_service(resource_name) + ChefSpec::Matchers::ResourceMatcher.new(:mysql_service, :stop, resource_name) + end + + def restart_mysql_service(resource_name) + ChefSpec::Matchers::ResourceMatcher.new(:mysql_service, :restart, resource_name) + end + + def reload_mysql_service(resource_name) + ChefSpec::Matchers::ResourceMatcher.new(:mysql_service, :reload, resource_name) + end + # client def create_mysql_client(resource_name) ChefSpec::Matchers::ResourceMatcher.new(:mysql_client, :create, resource_name) diff --git a/berks-cookbooks/mysql/libraries/provider_mysql_client.rb b/berks-cookbooks/mysql/libraries/provider_mysql_client.rb index 0aca4e22..c796d115 100644 --- a/berks-cookbooks/mysql/libraries/provider_mysql_client.rb +++ b/berks-cookbooks/mysql/libraries/provider_mysql_client.rb @@ -5,6 +5,7 @@ class Chef class Provider class MysqlClient < Chef::Provider::LWRPBase include MysqlCookbook::Helpers + provides :mysql_client if defined?(provides) use_inline_resources if defined?(use_inline_resources) diff --git a/berks-cookbooks/mysql/libraries/provider_mysql_config.rb b/berks-cookbooks/mysql/libraries/provider_mysql_config.rb index dc277ab8..3732c1c3 100644 --- a/berks-cookbooks/mysql/libraries/provider_mysql_config.rb +++ b/berks-cookbooks/mysql/libraries/provider_mysql_config.rb @@ -5,6 +5,7 @@ class Chef class Provider class MysqlConfig < Chef::Provider::LWRPBase include MysqlCookbook::Helpers + provides :mysql_config if defined?(provides) use_inline_resources if defined?(use_inline_resources) diff --git a/berks-cookbooks/mysql/libraries/provider_mysql_service.rb b/berks-cookbooks/mysql/libraries/provider_mysql_service_base.rb similarity index 98% rename from berks-cookbooks/mysql/libraries/provider_mysql_service.rb rename to berks-cookbooks/mysql/libraries/provider_mysql_service_base.rb index 3784fab5..5f19a45c 100644 --- a/berks-cookbooks/mysql/libraries/provider_mysql_service.rb +++ b/berks-cookbooks/mysql/libraries/provider_mysql_service_base.rb @@ -3,8 +3,7 @@ class Chef class Provider - class MysqlService < Chef::Provider::LWRPBase - # Chef 11 LWRP DSL Methods + class MysqlServiceBase < Chef::Provider::LWRPBase use_inline_resources if defined?(use_inline_resources) def whyrun_supported? @@ -138,7 +137,7 @@ def whyrun_supported? socket_file: socket_file, tmp_dir: tmp_dir, data_dir: parsed_data_dir - ) + ) action :create end @@ -234,7 +233,7 @@ def configure_apparmor run_dir: run_dir, pid_file: pid_file, socket_file: socket_file - ) + ) action :create notifies :restart, "service[#{new_resource.name} :create apparmor]", :immediately end diff --git a/berks-cookbooks/mysql/libraries/provider_mysql_service_smf.rb b/berks-cookbooks/mysql/libraries/provider_mysql_service_smf.rb index 3b247ca2..7fe35b68 100644 --- a/berks-cookbooks/mysql/libraries/provider_mysql_service_smf.rb +++ b/berks-cookbooks/mysql/libraries/provider_mysql_service_smf.rb @@ -1,83 +1,89 @@ class Chef class Provider - class MysqlService - class Smf < Chef::Provider::MysqlService - action :start do - method_script_path = "/lib/svc/method/#{mysql_name}" if node['platform'] == 'omnios' - method_script_path = "/opt/local/lib/svc/method/#{mysql_name}" if node['platform'] == 'smartos' + class MysqlServiceSmf < Chef::Provider::MysqlServiceBase + # FIXME: we should have a service_helper to determine if the platform supports SMF similarly + # to how we handle systemd on linux + if defined?(provides) + provides :mysql_service, os: %w(solaris2 omnios smartos openindiana opensolaris nexentacore) do + File.exist?('/usr/sbin/svccfg') + end + end - template "#{new_resource.name} :start #{method_script_path}" do - path method_script_path - cookbook 'mysql' - source 'smf/svc.method.mysqld.erb' - owner 'root' - group 'root' - mode '0555' - variables( - base_dir: base_dir, - data_dir: parsed_data_dir, - defaults_file: defaults_file, - error_log: error_log, - mysql_name: mysql_name, - mysqld_bin: mysqld_bin, - pid_file: pid_file - ) - action :create - end + action :start do + method_script_path = "/lib/svc/method/#{mysql_name}" if node['platform'] == 'omnios' + method_script_path = "/opt/local/lib/svc/method/#{mysql_name}" if node['platform'] == 'smartos' - smf "#{new_resource.name} :start #{mysql_name}" do - name mysql_name - user new_resource.run_user - group new_resource.run_group - start_command "#{method_script_path} start" - end + template "#{new_resource.name} :start #{method_script_path}" do + path method_script_path + cookbook 'mysql' + source 'smf/svc.method.mysqld.erb' + owner 'root' + group 'root' + mode '0555' + variables( + base_dir: base_dir, + data_dir: parsed_data_dir, + defaults_file: defaults_file, + error_log: error_log, + mysql_name: mysql_name, + mysqld_bin: mysqld_bin, + pid_file: pid_file + ) + action :create + end - service "#{new_resource.name} :start #{mysql_name}" do - service_name mysql_name - provider Chef::Provider::Service::Solaris - supports restart: true - action [:enable] - end + smf "#{new_resource.name} :start #{mysql_name}" do + name mysql_name + user new_resource.run_user + group new_resource.run_group + start_command "#{method_script_path} start" end - action :stop do - service "#{new_resource.name} :stop #{mysql_name}" do - service_name mysql_name - provider Chef::Provider::Service::Solaris - supports restart: true - action :stop - end + service "#{new_resource.name} :start #{mysql_name}" do + service_name mysql_name + provider Chef::Provider::Service::Solaris + supports restart: true + action [:enable] end + end - action :restart do - service "#{new_resource.name} :restart #{mysql_name}" do - service_name mysql_name - provider Chef::Provider::Service::Solaris - supports restart: true - action :restart - end + action :stop do + service "#{new_resource.name} :stop #{mysql_name}" do + service_name mysql_name + provider Chef::Provider::Service::Solaris + supports restart: true + action :stop end + end - action :reload do - service "#{new_resource.name} :reload #{mysql_name}" do - provider Chef::Provider::Service::Solaris - service_name mysql_name - supports reload: true - action :reload - end + action :restart do + service "#{new_resource.name} :restart #{mysql_name}" do + service_name mysql_name + provider Chef::Provider::Service::Solaris + supports restart: true + action :restart end + end - def create_stop_system_service - # nothing to do here + action :reload do + service "#{new_resource.name} :reload #{mysql_name}" do + provider Chef::Provider::Service::Solaris + service_name mysql_name + supports reload: true + action :reload end + end + + def create_stop_system_service + # nothing to do here + end - def delete_stop_service - service "#{new_resource.name} :delete #{mysql_name}" do - service_name mysql_name - provider Chef::Provider::Service::Solaris - supports restart: true - action :stop - end + def delete_stop_service + service "#{new_resource.name} :delete #{mysql_name}" do + service_name mysql_name + provider Chef::Provider::Service::Solaris + supports restart: true + action :stop end end end diff --git a/berks-cookbooks/mysql/libraries/provider_mysql_service_systemd.rb b/berks-cookbooks/mysql/libraries/provider_mysql_service_systemd.rb index 2fccfb45..07ee6e14 100644 --- a/berks-cookbooks/mysql/libraries/provider_mysql_service_systemd.rb +++ b/berks-cookbooks/mysql/libraries/provider_mysql_service_systemd.rb @@ -1,119 +1,133 @@ +require_relative 'provider_mysql_service_base' + class Chef class Provider - class MysqlService - class Systemd < Chef::Provider::MysqlService - action :start do - # this script is called by the main systemd unit file, and - # spins around until the service is actually up and running. - template "#{new_resource.name} :start /usr/libexec/#{mysql_name}-wait-ready" do - path "/usr/libexec/#{mysql_name}-wait-ready" - source 'systemd/mysqld-wait-ready.erb' - owner 'root' - group 'root' - mode '0755' - variables(socket_file: socket_file) - cookbook 'mysql' - action :create - end + class MysqlServiceSystemd < Chef::Provider::MysqlServiceBase + if defined?(provides) + provides :mysql_service, os: 'linux' do + Chef::Platform::ServiceHelpers.service_resource_providers.include?(:systemd) + end + end - # this is the main systemd unit file - template "#{new_resource.name} :start /usr/lib/systemd/system/#{mysql_name}.service" do - path "/usr/lib/systemd/system/#{mysql_name}.service" - source 'systemd/mysqld.service.erb' - owner 'root' - group 'root' - mode '0644' - variables( - config: new_resource, - etc_dir: etc_dir, - base_dir: base_dir, - mysqld_bin: mysqld_bin - ) - cookbook 'mysql' - notifies :run, "execute[#{new_resource.name} :start systemctl daemon-reload]", :immediately - action :create - end + action :start do + # Needed for Debian / Ubuntu + directory '/usr/libexec' do + owner 'root' + group 'root' + mode '0755' + action :create + end - # avoid 'Unit file changed on disk' warning - execute "#{new_resource.name} :start systemctl daemon-reload" do - command '/usr/bin/systemctl daemon-reload' - action :nothing - end + # this script is called by the main systemd unit file, and + # spins around until the service is actually up and running. + template "#{new_resource.name} :start /usr/libexec/#{mysql_name}-wait-ready" do + path "/usr/libexec/#{mysql_name}-wait-ready" + source 'systemd/mysqld-wait-ready.erb' + owner 'root' + group 'root' + mode '0755' + variables(socket_file: socket_file) + cookbook 'mysql' + action :create + end - # tmpfiles.d config so the service survives reboot - template "#{new_resource.name} :start /usr/lib/tmpfiles.d/#{mysql_name}.conf" do - path "/usr/lib/tmpfiles.d/#{mysql_name}.conf" - source 'tmpfiles.d.conf.erb' - owner 'root' - group 'root' - mode '0644' - variables( - run_dir: run_dir, - run_user: new_resource.run_user, - run_group: new_resource.run_group - ) - cookbook 'mysql' - action :create - end + # this is the main systemd unit file + template "#{new_resource.name} :start /lib/systemd/system/#{mysql_name}.service" do + path "/lib/systemd/system/#{mysql_name}.service" + source 'systemd/mysqld.service.erb' + owner 'root' + group 'root' + mode '0644' + variables( + config: new_resource, + etc_dir: etc_dir, + base_dir: base_dir, + mysqld_bin: mysqld_bin + ) + cookbook 'mysql' + notifies :run, "execute[#{new_resource.name} :start systemctl daemon-reload]", :immediately + action :create + end - # service management resource - service "#{new_resource.name} :start #{mysql_name}" do - service_name mysql_name - provider Chef::Provider::Service::Systemd - supports restart: true, status: true - action [:enable, :start] - end + # avoid 'Unit file changed on disk' warning + execute "#{new_resource.name} :start systemctl daemon-reload" do + command '/bin/systemctl daemon-reload' + action :nothing end - action :stop do - # service management resource - service "#{new_resource.name} :stop #{mysql_name}" do - service_name mysql_name - provider Chef::Provider::Service::Systemd - supports status: true - action [:disable, :stop] - only_if { ::File.exist?("/usr/lib/systemd/system/#{mysql_name}.service") } - end + # tmpfiles.d config so the service survives reboot + template "#{new_resource.name} :start /usr/lib/tmpfiles.d/#{mysql_name}.conf" do + path "/usr/lib/tmpfiles.d/#{mysql_name}.conf" + source 'tmpfiles.d.conf.erb' + owner 'root' + group 'root' + mode '0644' + variables( + run_dir: run_dir, + run_user: new_resource.run_user, + run_group: new_resource.run_group + ) + cookbook 'mysql' + action :create end - action :restart do - # service management resource - service "#{new_resource.name} :restart #{mysql_name}" do - service_name mysql_name - provider Chef::Provider::Service::Systemd - supports restart: true - action :restart - end + # service management resource + service "#{new_resource.name} :start #{mysql_name}" do + service_name mysql_name + provider Chef::Provider::Service::Systemd + supports restart: true, status: true + action [:enable, :start] end + end - action :reload do - # service management resource - service "#{new_resource.name} :reload #{mysql_name}" do - service_name mysql_name - provider Chef::Provider::Service::Systemd - action :reload - end + action :stop do + # service management resource + service "#{new_resource.name} :stop #{mysql_name}" do + service_name mysql_name + provider Chef::Provider::Service::Systemd + supports status: true + action [:disable, :stop] + only_if { ::File.exist?("/usr/lib/systemd/system/#{mysql_name}.service") } end + end - def create_stop_system_service - # service management resource - service "#{new_resource.name} :create mysql" do - service_name 'mysqld' - provider Chef::Provider::Service::Systemd - supports status: true - action [:stop, :disable] - end + action :restart do + # service management resource + service "#{new_resource.name} :restart #{mysql_name}" do + service_name mysql_name + provider Chef::Provider::Service::Systemd + supports restart: true + action :restart end + end + + action :reload do + # service management resource + service "#{new_resource.name} :reload #{mysql_name}" do + service_name mysql_name + provider Chef::Provider::Service::Systemd + action :reload + end + end + + def create_stop_system_service + # service management resource + service "#{new_resource.name} :create mysql" do + service_name system_service_name + provider Chef::Provider::Service::Systemd + supports status: true + action [:stop, :disable] + end + end - def delete_stop_service - # service management resource - service "#{new_resource.name} :delete #{mysql_name}" do - service_name mysql_name - provider Chef::Provider::Service::Systemd - supports status: true - action [:disable, :stop] - only_if { ::File.exist?("/usr/lib/systemd/system/#{mysql_name}.service") } - end + def delete_stop_service + # service management resource + service "#{new_resource.name} :delete #{mysql_name}" do + service_name mysql_name + provider Chef::Provider::Service::Systemd + supports status: true + action [:disable, :stop] + only_if { ::File.exist?("/usr/lib/systemd/system/#{mysql_name}.service") } end end end diff --git a/berks-cookbooks/mysql/libraries/provider_mysql_service_sysvinit.rb b/berks-cookbooks/mysql/libraries/provider_mysql_service_sysvinit.rb index 5b197ac7..b3f2259d 100644 --- a/berks-cookbooks/mysql/libraries/provider_mysql_service_sysvinit.rb +++ b/berks-cookbooks/mysql/libraries/provider_mysql_service_sysvinit.rb @@ -1,85 +1,87 @@ +require_relative 'provider_mysql_service_base' + class Chef class Provider - class MysqlService - class Sysvinit < Chef::Provider::MysqlService - action :start do - template "#{new_resource.name} :start /etc/init.d/#{mysql_name}" do - path "/etc/init.d/#{mysql_name}" - source 'sysvinit/mysqld.erb' - owner 'root' - group 'root' - mode '0755' - variables( - config: new_resource, - defaults_file: defaults_file, - error_log: error_log, - mysql_name: mysql_name, - mysqladmin_bin: mysqladmin_bin, - mysqld_safe_bin: mysqld_safe_bin, - pid_file: pid_file, - scl_name: scl_name - ) - cookbook 'mysql' - action :create - end + class MysqlServiceSysvinit < Chef::Provider::MysqlServiceBase + provides :mysql_service, os: '!windows' if defined?(provides) + + action :start do + template "#{new_resource.name} :start /etc/init.d/#{mysql_name}" do + path "/etc/init.d/#{mysql_name}" + source 'sysvinit/mysqld.erb' + owner 'root' + group 'root' + mode '0755' + variables( + config: new_resource, + defaults_file: defaults_file, + error_log: error_log, + mysql_name: mysql_name, + mysqladmin_bin: mysqladmin_bin, + mysqld_safe_bin: mysqld_safe_bin, + pid_file: pid_file, + scl_name: scl_name + ) + cookbook 'mysql' + action :create + end - service "#{new_resource.name} :start #{mysql_name}" do - service_name mysql_name - provider Chef::Provider::Service::Init::Redhat if node['platform_family'] == 'redhat' - provider Chef::Provider::Service::Init::Insserv if node['platform_family'] == 'debian' - supports restart: true, status: true - action [:enable, :start] - end + service "#{new_resource.name} :start #{mysql_name}" do + service_name mysql_name + provider Chef::Provider::Service::Init::Redhat if node['platform_family'] == 'redhat' + provider Chef::Provider::Service::Init::Insserv if node['platform_family'] == 'debian' + supports restart: true, status: true + action [:enable, :start] end + end - action :stop do - service "#{new_resource.name} :stop #{mysql_name}" do - service_name mysql_name - provider Chef::Provider::Service::Init::Redhat if node['platform_family'] == 'redhat' - provider Chef::Provider::Service::Init::Insserv if node['platform_family'] == 'debian' - supports restart: true, status: true - action [:stop] - end + action :stop do + service "#{new_resource.name} :stop #{mysql_name}" do + service_name mysql_name + provider Chef::Provider::Service::Init::Redhat if node['platform_family'] == 'redhat' + provider Chef::Provider::Service::Init::Insserv if node['platform_family'] == 'debian' + supports restart: true, status: true + action [:stop] end + end - action :restart do - service "#{new_resource.name} :restart #{mysql_name}" do - service_name mysql_name - provider Chef::Provider::Service::Init::Redhat if node['platform_family'] == 'redhat' - provider Chef::Provider::Service::Init::Insserv if node['platform_family'] == 'debian' - supports restart: true - action :restart - end + action :restart do + service "#{new_resource.name} :restart #{mysql_name}" do + service_name mysql_name + provider Chef::Provider::Service::Init::Redhat if node['platform_family'] == 'redhat' + provider Chef::Provider::Service::Init::Insserv if node['platform_family'] == 'debian' + supports restart: true + action :restart end + end - action :reload do - service "#{new_resource.name} :reload #{mysql_name}" do - service_name mysql_name - provider Chef::Provider::Service::Init::Redhat if node['platform_family'] == 'redhat' - provider Chef::Provider::Service::Init::Insserv if node['platform_family'] == 'debian' - action :reload - end + action :reload do + service "#{new_resource.name} :reload #{mysql_name}" do + service_name mysql_name + provider Chef::Provider::Service::Init::Redhat if node['platform_family'] == 'redhat' + provider Chef::Provider::Service::Init::Insserv if node['platform_family'] == 'debian' + action :reload end + end - def create_stop_system_service - service "#{new_resource.name} :create #{system_service_name}" do - service_name system_service_name - provider Chef::Provider::Service::Init::Redhat if node['platform_family'] == 'redhat' - provider Chef::Provider::Service::Init::Insserv if node['platform_family'] == 'debian' - supports status: true - action [:stop, :disable] - end + def create_stop_system_service + service "#{new_resource.name} :create #{system_service_name}" do + service_name system_service_name + provider Chef::Provider::Service::Init::Redhat if node['platform_family'] == 'redhat' + provider Chef::Provider::Service::Init::Insserv if node['platform_family'] == 'debian' + supports status: true + action [:stop, :disable] end + end - def delete_stop_service - service "#{new_resource.name} :delete #{mysql_name}" do - service_name mysql_name - provider Chef::Provider::Service::Init::Redhat if node['platform_family'] == 'redhat' - provider Chef::Provider::Service::Init::Insserv if node['platform_family'] == 'debian' - supports status: true - action [:disable, :stop] - only_if { ::File.exist?("#{etc_dir}/init.d/#{mysql_name}") } - end + def delete_stop_service + service "#{new_resource.name} :delete #{mysql_name}" do + service_name mysql_name + provider Chef::Provider::Service::Init::Redhat if node['platform_family'] == 'redhat' + provider Chef::Provider::Service::Init::Insserv if node['platform_family'] == 'debian' + supports status: true + action [:disable, :stop] + only_if { ::File.exist?("#{etc_dir}/init.d/#{mysql_name}") } end end end diff --git a/berks-cookbooks/mysql/libraries/provider_mysql_service_upstart.rb b/berks-cookbooks/mysql/libraries/provider_mysql_service_upstart.rb index 30be494a..8e532c0a 100644 --- a/berks-cookbooks/mysql/libraries/provider_mysql_service_upstart.rb +++ b/berks-cookbooks/mysql/libraries/provider_mysql_service_upstart.rb @@ -1,105 +1,112 @@ +require_relative 'provider_mysql_service_base' + class Chef class Provider - class MysqlService - class Upstart < Chef::Provider::MysqlService - action :start do - template "#{new_resource.name} :start /usr/sbin/#{mysql_name}-wait-ready" do - path "/usr/sbin/#{mysql_name}-wait-ready" - source 'upstart/mysqld-wait-ready.erb' - owner 'root' - group 'root' - mode '0755' - variables(socket_file: socket_file) - cookbook 'mysql' - action :create - end + class MysqlServiceUpstart < Chef::Provider::MysqlServiceBase + if defined?(provides) + provides :mysql_service, os: 'linux' do + Chef::Platform::ServiceHelpers.service_resource_providers.include?(:upstart) && + !Chef::Platform::ServiceHelpers.service_resource_providers.include?(:redhat) + end + end - template "#{new_resource.name} :start /etc/init/#{mysql_name}.conf" do - path "/etc/init/#{mysql_name}.conf" - source 'upstart/mysqld.erb' - owner 'root' - group 'root' - mode '0644' - variables( - defaults_file: defaults_file, - mysql_name: mysql_name, - run_group: new_resource.run_group, - run_user: new_resource.run_user, - socket_file: socket_file - ) - cookbook 'mysql' - action :create - end + action :start do + template "#{new_resource.name} :start /usr/sbin/#{mysql_name}-wait-ready" do + path "/usr/sbin/#{mysql_name}-wait-ready" + source 'upstart/mysqld-wait-ready.erb' + owner 'root' + group 'root' + mode '0755' + variables(socket_file: socket_file) + cookbook 'mysql' + action :create + end - service "#{new_resource.name} :start #{mysql_name}" do - service_name mysql_name - provider Chef::Provider::Service::Upstart - supports status: true - action [:start] - end + template "#{new_resource.name} :start /etc/init/#{mysql_name}.conf" do + path "/etc/init/#{mysql_name}.conf" + source 'upstart/mysqld.erb' + owner 'root' + group 'root' + mode '0644' + variables( + defaults_file: defaults_file, + mysql_name: mysql_name, + run_group: new_resource.run_group, + run_user: new_resource.run_user, + socket_dir: socket_dir + ) + cookbook 'mysql' + action :create end - action :stop do - service "#{new_resource.name} :stop #{mysql_name}" do - service_name mysql_name - provider Chef::Provider::Service::Upstart - supports restart: true, status: true - action [:stop] - end + service "#{new_resource.name} :start #{mysql_name}" do + service_name mysql_name + provider Chef::Provider::Service::Upstart + supports status: true + action [:start] end + end - action :restart do - # With Upstart, restarting the service doesn't behave "as expected". - # We want the post-start stanzas, which wait until the - # service is available before returning - # - # http://upstart.ubuntu.com/cookbook/#restart - service "#{new_resource.name} :restart stop #{mysql_name}" do - service_name mysql_name - provider Chef::Provider::Service::Upstart - action :stop - end + action :stop do + service "#{new_resource.name} :stop #{mysql_name}" do + service_name mysql_name + provider Chef::Provider::Service::Upstart + supports restart: true, status: true + action [:stop] + end + end - service "#{new_resource.name} :restart start #{mysql_name}" do - service_name mysql_name - provider Chef::Provider::Service::Upstart - action :start - end + action :restart do + # With Upstart, restarting the service doesn't behave "as expected". + # We want the post-start stanzas, which wait until the + # service is available before returning + # + # http://upstart.ubuntu.com/cookbook/#restart + service "#{new_resource.name} :restart stop #{mysql_name}" do + service_name mysql_name + provider Chef::Provider::Service::Upstart + action :stop end - action :reload do - # With Upstart, reload just sends a HUP signal to the process. - # As far as I can tell, this doesn't work the way it's - # supposed to, so we need to actually restart the service. - service "#{new_resource.name} :reload stop #{mysql_name}" do - service_name mysql_name - provider Chef::Provider::Service::Upstart - action :stop - end + service "#{new_resource.name} :restart start #{mysql_name}" do + service_name mysql_name + provider Chef::Provider::Service::Upstart + action :start + end + end + + action :reload do + # With Upstart, reload just sends a HUP signal to the process. + # As far as I can tell, this doesn't work the way it's + # supposed to, so we need to actually restart the service. + service "#{new_resource.name} :reload stop #{mysql_name}" do + service_name mysql_name + provider Chef::Provider::Service::Upstart + action :stop + end - service "#{new_resource.name} :reload start #{mysql_name}" do - service_name mysql_name - provider Chef::Provider::Service::Upstart - action :start - end + service "#{new_resource.name} :reload start #{mysql_name}" do + service_name mysql_name + provider Chef::Provider::Service::Upstart + action :start end + end - def create_stop_system_service - service "#{new_resource.name} :create #{system_service_name}" do - service_name system_service_name - provider Chef::Provider::Service::Upstart - supports status: true - action [:stop, :disable] - end + def create_stop_system_service + service "#{new_resource.name} :create #{system_service_name}" do + service_name system_service_name + provider Chef::Provider::Service::Upstart + supports status: true + action [:stop, :disable] end + end - def delete_stop_service - service "#{new_resource.name} :delete #{mysql_name}" do - service_name mysql_name - provider Chef::Provider::Service::Upstart - action [:disable, :stop] - only_if { ::File.exist?("#{etc_dir}/init/#{mysql_name}") } - end + def delete_stop_service + service "#{new_resource.name} :delete #{mysql_name}" do + service_name mysql_name + provider Chef::Provider::Service::Upstart + action [:disable, :stop] + only_if { ::File.exist?("#{etc_dir}/init/#{mysql_name}") } end end end diff --git a/berks-cookbooks/mysql/libraries/provider_priority_linux.rb b/berks-cookbooks/mysql/libraries/provider_priority_linux.rb new file mode 100644 index 00000000..e2840256 --- /dev/null +++ b/berks-cookbooks/mysql/libraries/provider_priority_linux.rb @@ -0,0 +1,45 @@ + +begin + require 'chef/platform/provider_priority_map' +rescue LoadError +end + +require_relative 'provider_mysql_service_smf' +require_relative 'provider_mysql_service_systemd' +require_relative 'provider_mysql_service_sysvinit' +require_relative 'provider_mysql_service_upstart' +require_relative 'provider_mysql_config' +require_relative 'provider_mysql_client' + +if defined? Chef::Platform::ProviderPriorityMap + Chef::Platform::ProviderPriorityMap.instance.priority( + :mysql_service, + [Chef::Provider::MysqlServiceSystemd, Chef::Provider::MysqlServiceUpstart, Chef::Provider::MysqlServiceSysvinit], + os: 'linux' + ) +else + # provider mappings for Chef 11 + + # systemd service + Chef::Platform.set platform: :fedora, version: '>= 19', resource: :mysql_service, provider: Chef::Provider::MysqlServiceSystemd + Chef::Platform.set platform: :redhat, version: '>= 7.0', resource: :mysql_service, provider: Chef::Provider::MysqlServiceSystemd + Chef::Platform.set platform: :centos, version: '>= 7.0', resource: :mysql_service, provider: Chef::Provider::MysqlServiceSystemd + Chef::Platform.set platform: :scientific, version: '>= 7.0', resource: :mysql_service, provider: Chef::Provider::MysqlServiceSystemd + Chef::Platform.set platform: :oracle, version: '>= 7.0', resource: :mysql_service, provider: Chef::Provider::MysqlServiceSystemd + + # smf service + Chef::Platform.set platform: :omnios, resource: :mysql_service, provider: Chef::Provider::MysqlServiceSmf + Chef::Platform.set platform: :smartos, resource: :mysql_service, provider: Chef::Provider::MysqlServiceSmf + + # upstart service + Chef::Platform.set platform: :ubuntu, resource: :mysql_service, provider: Chef::Provider::MysqlServiceUpstart + + # default service + Chef::Platform.set resource: :mysql_service, provider: Chef::Provider::MysqlServiceSysvinit + + # config + Chef::Platform.set resource: :mysql_config, provider: Chef::Provider::MysqlConfig + + # client + Chef::Platform.set resource: :mysql_client, provider: Chef::Provider::MysqlClient +end diff --git a/berks-cookbooks/mysql/libraries/resource_mysql_client.rb b/berks-cookbooks/mysql/libraries/resource_mysql_client.rb index 59405052..8585dbe4 100644 --- a/berks-cookbooks/mysql/libraries/resource_mysql_client.rb +++ b/berks-cookbooks/mysql/libraries/resource_mysql_client.rb @@ -3,6 +3,8 @@ class Chef class Resource class MysqlClient < Chef::Resource::LWRPBase + provides :mysql_client + self.resource_name = :mysql_client actions :create, :delete default_action :create diff --git a/berks-cookbooks/mysql/libraries/resource_mysql_config.rb b/berks-cookbooks/mysql/libraries/resource_mysql_config.rb index 3a5305f2..a8767ce6 100644 --- a/berks-cookbooks/mysql/libraries/resource_mysql_config.rb +++ b/berks-cookbooks/mysql/libraries/resource_mysql_config.rb @@ -3,6 +3,8 @@ class Chef class Resource class MysqlConfig < Chef::Resource::LWRPBase + provides :mysql_config + self.resource_name = :mysql_config actions :create, :delete default_action :create diff --git a/berks-cookbooks/mysql/libraries/resource_mysql_service.rb b/berks-cookbooks/mysql/libraries/resource_mysql_service.rb index 5c85f2d5..8d4f5d35 100644 --- a/berks-cookbooks/mysql/libraries/resource_mysql_service.rb +++ b/berks-cookbooks/mysql/libraries/resource_mysql_service.rb @@ -3,6 +3,8 @@ class Chef class Resource class MysqlService < Chef::Resource::LWRPBase + provides :mysql_service + self.resource_name = :mysql_service actions :create, :delete, :start, :stop, :restart, :reload default_action :create @@ -15,11 +17,15 @@ class MysqlService < Chef::Resource::LWRPBase attribute :package_name, kind_of: String, default: nil attribute :package_version, kind_of: String, default: nil attribute :bind_address, kind_of: String, default: nil - attribute :port, kind_of: String, default: '3306' + attribute :port, kind_of: [String, Integer], default: '3306' attribute :run_group, kind_of: String, default: 'mysql' attribute :run_user, kind_of: String, default: 'mysql' attribute :socket, kind_of: String, default: nil + attribute :mysqld_options, kind_of: Hash, default: {} attribute :version, kind_of: String, default: nil + attribute :error_log, kind_of: String, default: nil + attribute :tmp_dir, kind_of: String, default: nil + attribute :pid_file, kind_of: String, default: nil end end end diff --git a/berks-cookbooks/mysql/libraries/z_provider_mapping.rb b/berks-cookbooks/mysql/libraries/z_provider_mapping.rb deleted file mode 100644 index 7c70bdec..00000000 --- a/berks-cookbooks/mysql/libraries/z_provider_mapping.rb +++ /dev/null @@ -1,47 +0,0 @@ -# provider mappings for Chef 11 - -######### -# service -######### -Chef::Platform.set platform: :amazon, resource: :mysql_service, provider: Chef::Provider::MysqlService::Sysvinit -Chef::Platform.set platform: :centos, version: '< 7.0', resource: :mysql_service, provider: Chef::Provider::MysqlService::Sysvinit -Chef::Platform.set platform: :centos, version: '>= 7.0', resource: :mysql_service, provider: Chef::Provider::MysqlService::Systemd -Chef::Platform.set platform: :debian, resource: :mysql_service, provider: Chef::Provider::MysqlService::Sysvinit -Chef::Platform.set platform: :fedora, version: '< 19', resource: :mysql_service, provider: Chef::Provider::MysqlService::Sysvinit -Chef::Platform.set platform: :fedora, version: '>= 19', resource: :mysql_service, provider: Chef::Provider::MysqlService::Systemd -Chef::Platform.set platform: :omnios, resource: :mysql_service, provider: Chef::Provider::MysqlService::Smf -Chef::Platform.set platform: :redhat, version: '< 7.0', resource: :mysql_service, provider: Chef::Provider::MysqlService::Sysvinit -Chef::Platform.set platform: :redhat, version: '>= 7.0', resource: :mysql_service, provider: Chef::Provider::MysqlService::Systemd -Chef::Platform.set platform: :scientific, version: '< 7.0', resource: :mysql_service, provider: Chef::Provider::MysqlService::Sysvinit -Chef::Platform.set platform: :scientific, version: '>= 7.0', resource: :mysql_service, provider: Chef::Provider::MysqlService::Systemd -Chef::Platform.set platform: :smartos, resource: :mysql_service, provider: Chef::Provider::MysqlService::Smf -Chef::Platform.set platform: :suse, resource: :mysql_service, provider: Chef::Provider::MysqlService::Sysvinit -Chef::Platform.set platform: :ubuntu, resource: :mysql_service, provider: Chef::Provider::MysqlService::Upstart - -######### -# config -######### -Chef::Platform.set platform: :amazon, resource: :mysql_config, provider: Chef::Provider::MysqlConfig -Chef::Platform.set platform: :centos, resource: :mysql_config, provider: Chef::Provider::MysqlConfig -Chef::Platform.set platform: :debian, resource: :mysql_config, provider: Chef::Provider::MysqlConfig -Chef::Platform.set platform: :fedora, resource: :mysql_config, provider: Chef::Provider::MysqlConfig -Chef::Platform.set platform: :omnios, resource: :mysql_config, provider: Chef::Provider::MysqlConfig -Chef::Platform.set platform: :redhat, resource: :mysql_config, provider: Chef::Provider::MysqlConfig -Chef::Platform.set platform: :scientific, resource: :mysql_config, provider: Chef::Provider::MysqlConfig -Chef::Platform.set platform: :smartos, resource: :mysql_config, provider: Chef::Provider::MysqlConfig -Chef::Platform.set platform: :suse, resource: :mysql_config, provider: Chef::Provider::MysqlConfig -Chef::Platform.set platform: :ubuntu, resource: :mysql_config, provider: Chef::Provider::MysqlConfig - -######### -# client -######### -Chef::Platform.set platform: :amazon, resource: :mysql_client, provider: Chef::Provider::MysqlClient -Chef::Platform.set platform: :centos, resource: :mysql_client, provider: Chef::Provider::MysqlClient -Chef::Platform.set platform: :debian, resource: :mysql_client, provider: Chef::Provider::MysqlClient -Chef::Platform.set platform: :fedora, resource: :mysql_client, provider: Chef::Provider::MysqlClient -Chef::Platform.set platform: :omnios, resource: :mysql_client, provider: Chef::Provider::MysqlClient -Chef::Platform.set platform: :redhat, resource: :mysql_client, provider: Chef::Provider::MysqlClient -Chef::Platform.set platform: :scientific, resource: :mysql_client, provider: Chef::Provider::MysqlClient -Chef::Platform.set platform: :smartos, resource: :mysql_client, provider: Chef::Provider::MysqlClient -Chef::Platform.set platform: :suse, resource: :mysql_client, provider: Chef::Provider::MysqlClient -Chef::Platform.set platform: :ubuntu, resource: :mysql_client, provider: Chef::Provider::MysqlClient diff --git a/berks-cookbooks/mysql/metadata.json b/berks-cookbooks/mysql/metadata.json index 639d614d..93469198 100644 --- a/berks-cookbooks/mysql/metadata.json +++ b/berks-cookbooks/mysql/metadata.json @@ -1,41 +1 @@ -{ - "name": "mysql", - "version": "6.0.17", - "description": "Provides mysql_service, mysql_config, and mysql_client resources", - "long_description": "", - "maintainer": "Chef Software, Inc.", - "maintainer_email": "cookbooks@chef.io", - "license": "Apache 2.0", - "platforms": { - "amazon": ">= 0.0.0", - "redhat": ">= 0.0.0", - "centos": ">= 0.0.0", - "scientific": ">= 0.0.0", - "fedora": ">= 0.0.0", - "debian": ">= 0.0.0", - "ubuntu": ">= 0.0.0", - "smartos": ">= 0.0.0", - "omnios": ">= 0.0.0", - "suse": ">= 0.0.0" - }, - "dependencies": { - "yum-mysql-community": ">= 0.0.0", - "smf": ">= 0.0.0" - }, - "recommendations": { - }, - "suggestions": { - }, - "conflicting": { - }, - "providing": { - }, - "replacing": { - }, - "attributes": { - }, - "groupings": { - }, - "recipes": { - } -} \ No newline at end of file +{"name":"mysql","version":"6.1.1","description":"Provides mysql_service, mysql_config, and mysql_client resources","long_description":"","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache 2.0","platforms":{"amazon":">= 0.0.0","redhat":">= 0.0.0","centos":">= 0.0.0","scientific":">= 0.0.0","fedora":">= 0.0.0","debian":">= 0.0.0","ubuntu":">= 0.0.0","smartos":">= 0.0.0","omnios":">= 0.0.0","suse":">= 0.0.0"},"dependencies":{"yum-mysql-community":">= 0.0.0","smf":">= 0.0.0"},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{}} \ No newline at end of file diff --git a/berks-cookbooks/mysql/templates/default/my.cnf.erb b/berks-cookbooks/mysql/templates/default/my.cnf.erb index 15dc9c2e..faa8d3e1 100644 --- a/berks-cookbooks/mysql/templates/default/my.cnf.erb +++ b/berks-cookbooks/mysql/templates/default/my.cnf.erb @@ -38,6 +38,9 @@ datadir = <%= @data_dir %> <% if @tmp_dir %> tmpdir = <%= @tmp_dir %> <% end %> +<% @config.mysqld_options.each do |option,value| %> +<%= option %> = <%= value %> +<% end %> <% if @lc_messages_dir %> lc-messages-dir = <%= @lc_messages_dir %> <% end %> diff --git a/berks-cookbooks/mysql/templates/default/sysvinit/mysqld.erb b/berks-cookbooks/mysql/templates/default/sysvinit/mysqld.erb index c167fa72..45b952d0 100644 --- a/berks-cookbooks/mysql/templates/default/sysvinit/mysqld.erb +++ b/berks-cookbooks/mysql/templates/default/sysvinit/mysqld.erb @@ -30,8 +30,9 @@ # Variables #### -STARTTIMEOUT=30 -STOPTIMEOUT=15 +STARTTIMEOUT=900 +STOPTIMEOUT=900 +PID_DELAY=60 #### # Helper functions @@ -131,6 +132,7 @@ print_stop_failure() { start_command() { # Attempt to start <%= @mysql_name %> echo "Starting MySQL instance <%= @mysql_name %>" + local scl_name="<%= @scl_name %>" if [ -z $scl_name ]; then @@ -176,21 +178,32 @@ start() { if running; then break fi + + let CURRENT_DELAY=${STARTTIMEOUT}-${TIMEOUT} + if [ $CURRENT_DELAY -gt $PID_DELAY ] \ + && ! pid_exists; then + break + fi + sleep 1 let TIMEOUT=${TIMEOUT}-1 done - # Handle timeout - if [ $TIMEOUT -eq 0 ]; then + if running; then + # successbaby.gif + print_start_success + return 0 + elif ! pid_exists; then + # Handle startup failure + print_start_failure + return 3 + elif [ $TIMEOUT -eq 0 ]; then + # Handle timeout print_start_failure # clean up kill $start_pid 2>/dev/null return 1 fi - - # successbaby.gif - print_start_success - return 0 } # Reload <%= @mysql_name %> diff --git a/berks-cookbooks/mysql/templates/default/upstart/mysqld.erb b/berks-cookbooks/mysql/templates/default/upstart/mysqld.erb index df557363..4ac214c9 100644 --- a/berks-cookbooks/mysql/templates/default/upstart/mysqld.erb +++ b/berks-cookbooks/mysql/templates/default/upstart/mysqld.erb @@ -16,6 +16,7 @@ kill timeout 300 pre-start script [ -d /run/<%= @mysql_name %> ] || install -m 755 -o <%= @run_user %> -g <%= @run_group %> -d /run/<%= @mysql_name %> +[ -d <%= @socket_dir %> ] || install -m 755 -o <%= @run_user %> -g <%= @run_group %> -d <%= @socket_dir %> end script exec /usr/sbin/mysqld --defaults-file=<%= @defaults_file %> diff --git a/berks-cookbooks/nodejs/CHANGELOG.md b/berks-cookbooks/nodejs/CHANGELOG.md index a159124b..762b738e 100644 --- a/berks-cookbooks/nodejs/CHANGELOG.md +++ b/berks-cookbooks/nodejs/CHANGELOG.md @@ -1,4 +1,29 @@ -## v2.0.0 (unreleased) +## v2.4.2 + * Fix check version + * Support iojs package install + +## v2.4.0 + * Move `npm_packages` to his own recipe + * Fix different race conditions when using direct recipe call + * Fix npm recipe + +## v2.3.2 + * Fix package recipe + +## v2.3.0 + * Support io.js. Use node['nodejs']['engine']. + * Add MacOS support via homebrew + +## v2.2.0 + * Add node['nodejs']['keyserver'] + * Update arm checksum + * Fix `npm_packages` JSON + +## v2.1.0 + * Use official nodesource repository + * Add node['nodejs']['npm_packages'] to install npm package with `default` recipe + +## v2.0.0 * Travis integration * Gems updated * Rewrite cookbook dependencies diff --git a/berks-cookbooks/nodejs/README.md b/berks-cookbooks/nodejs/README.md index e87df824..5726f96e 100644 --- a/berks-cookbooks/nodejs/README.md +++ b/berks-cookbooks/nodejs/README.md @@ -4,7 +4,7 @@ ## DESCRIPTION -Installs Node.js and manage npm +Installs node.js/io.js and manage npm ## USAGE @@ -12,7 +12,16 @@ Include the nodejs recipe to install node on your system based on the default in ```chef include_recipe "nodejs" ``` -Installation method can be customized with attribute `node['nodejs']['install_method']` + +### Engine + +You can select different engine by setting `node['nodejs']['engine']` +``` +node['nodejs']['engine'] => 'node' # default +node['nodejs']['engine'] => 'iojs' +``` + +You can also use recipes `nodejs::nodejs` or `nodejs::iojs`. ### Install methods @@ -81,7 +90,52 @@ You can append more specific options to npm command with `attribute :options` ar This LWRP try to use npm bare as much as possible (no custom wrapper). -#### [Examples](test/cookbooks/nodejs_test/recipes/npm.rb) +### Packages + +```ruby +nodejs_npm "express" + +nodejs_npm "async" do + version "0.6.2" +end + +nodejs_npm "request" do + url "github mikeal/request" +end + +nodejs_npm "grunt" do + path "/home/random/grunt" + json true + user "random" +end +``` +[Working Examples](test/cookbooks/nodejs_test/recipes/npm.rb) + +Or add packages via attributes (which accept the same attributes as the LWRP above): + +```json +"nodejs": { + "npm_packages": [ + { + "name": "express" + }, + { + "name": "async", + "version": "0.6.2" + }, + { + "name": "request", + "url": "github mikeal/request" + } + { + "name": "grunt", + "path": "/home/random/grunt", + "json": true, + "user": "random" + } + ] +} +``` ## AUTHORS diff --git a/berks-cookbooks/nodejs/attributes/default.rb b/berks-cookbooks/nodejs/attributes/default.rb index c067b212..7498018a 100644 --- a/berks-cookbooks/nodejs/attributes/default.rb +++ b/berks-cookbooks/nodejs/attributes/default.rb @@ -18,17 +18,18 @@ # case node['platform_family'] -when 'smartos', 'rhel', 'debian', 'fedora' +when 'smartos', 'rhel', 'debian', 'fedora', 'mac_os_x' default['nodejs']['install_method'] = 'package' else default['nodejs']['install_method'] = 'source' end -default['nodejs']['version'] = '0.10.26' +default['nodejs']['engine'] = 'node' # or iojs -default['nodejs']['prefix_url'] = 'http://nodejs.org/dist/' +default['nodejs']['version'] = '0.10.26' -default['nodejs']['install_repo'] = true +default['nodejs']['prefix_url']['node'] = 'http://nodejs.org/dist/' +default['nodejs']['prefix_url']['iojs'] = 'http://iojs.org/dist/' default['nodejs']['source']['url'] = nil # Auto generated default['nodejs']['source']['checksum'] = 'ef5e4ea6f2689ed7f781355012b942a2347e0299da0804a58de8e6281c4b1daa' diff --git a/berks-cookbooks/nodejs/attributes/packages.rb b/berks-cookbooks/nodejs/attributes/packages.rb index 095b62e3..64442e8c 100644 --- a/berks-cookbooks/nodejs/attributes/packages.rb +++ b/berks-cookbooks/nodejs/attributes/packages.rb @@ -1,16 +1,14 @@ include_attribute 'nodejs::default' +include_attribute 'nodejs::repo' -case node['platform_family'] -when 'debian' - default['nodejs']['repo'] = 'https://deb.nodesource.com/node' - default['nodejs']['keyserver'] = 'keyserver.ubuntu.com' - default['nodejs']['key'] = '1655a0ab68576280' - default['nodejs']['packages'] = node['nodejs']['install_repo'] ? %w(nodejs) : %w(nodejs npm nodejs-dev) -when 'rhel', 'fedora' - default['nodejs']['packages'] = %w(nodejs nodejs-devel npm) -when 'smartos' - default['nodejs']['packages'] = %w(nodejs) -else - Chef::Log.error 'There are no nodejs packages for this platform; please use the source or binary method to install node' - return +case node['nodejs']['engine'] +when 'node' + default['nodejs']['packages'] = value_for_platform_family( + 'debian' => node['nodejs']['install_repo'] ? ['nodejs'] : ['nodejs', 'npm', 'nodejs-dev'], + ['rhel', 'fedora'] => ['nodejs', 'nodejs-devel', 'npm'], + 'mac_os_x' => ['node'], + 'default' => ['nodejs'] + ) +when 'iojs' + default['nodejs']['packages'] = ['iojs'] end diff --git a/berks-cookbooks/nodejs/attributes/repo.rb b/berks-cookbooks/nodejs/attributes/repo.rb new file mode 100644 index 00000000..64f7aa07 --- /dev/null +++ b/berks-cookbooks/nodejs/attributes/repo.rb @@ -0,0 +1,22 @@ +case node['nodejs']['engine'] +when 'node' + case node['platform_family'] + when 'debian' + default['nodejs']['install_repo'] = true + + default['nodejs']['repo'] = 'https://deb.nodesource.com/node' + default['nodejs']['keyserver'] = 'keyserver.ubuntu.com' + default['nodejs']['key'] = '1655a0ab68576280' + when 'rhel' + default['nodejs']['install_repo'] = true + end +when 'iojs' + case node['platform_family'] + when 'debian' + default['nodejs']['install_repo'] = true + + default['nodejs']['repo'] = 'https://deb.nodesource.com/iojs_2.x' + default['nodejs']['keyserver'] = 'keyserver.ubuntu.com' + default['nodejs']['key'] = '1655a0ab68576280' + end +end diff --git a/berks-cookbooks/nodejs/libraries/nodejs_helper.rb b/berks-cookbooks/nodejs/libraries/nodejs_helper.rb index 4ab74e6b..0924fe3a 100644 --- a/berks-cookbooks/nodejs/libraries/nodejs_helper.rb +++ b/berks-cookbooks/nodejs/libraries/nodejs_helper.rb @@ -14,12 +14,6 @@ def npm_dist end end - def install_not_needed? - cmd = Mixlib::ShellOut.new("#{node['nodejs']['node_bin']} --version") - version = cmd.run_command.stdout.chomp - ::File.exist?("#{node['nodejs']['dir']}/bin/node") && version == "v#{node['nodejs']['version']}" - end - def npm_list(path = nil) require 'json' if path @@ -30,10 +24,18 @@ def npm_list(path = nil) JSON.parse(cmd.run_command.stdout, :max_nesting => false) end + def url_valid?(list, package) + list.fetch(package, {}).fetch('resolved', '').include?('url') + end + + def version_valid?(list, package, version) + (version ? list[package]['version'] == version : true) + end + def npm_package_installed?(package, version = nil, path = nil) list = npm_list(path)['dependencies'] # Return true if package installed and installed to good version - (!list.nil?) && list.key?(package) && (version ? list[package]['version'] == version : true) + (!list.nil?) && list.key?(package) && version_valid?(list, package, version) && url_valid?(list, package) end end end diff --git a/berks-cookbooks/nodejs/metadata.json b/berks-cookbooks/nodejs/metadata.json index 9b1b546d..dfbccba7 100644 --- a/berks-cookbooks/nodejs/metadata.json +++ b/berks-cookbooks/nodejs/metadata.json @@ -1,40 +1 @@ -{ - "name": "nodejs", - "version": "2.2.0", - "description": "Installs/Configures nodejs", - "long_description": "# [nodejs-cookbook](https://github.com/redguide/nodejs)\n[![CK Version](http://img.shields.io/cookbook/v/nodejs.svg)](https://supermarket.getchef.com/cookbooks/nodejs) [![Build Status](https://img.shields.io/travis/redguide/nodejs.svg)](https://travis-ci.org/redguide/nodejs)\n[![Gitter chat](https://badges.gitter.im/redguide/nodejs.png)](https://gitter.im/redguide/nodejs)\n\n## DESCRIPTION\n\nInstalls Node.js and manage npm\n\n## USAGE\n\nInclude the nodejs recipe to install node on your system based on the default installation method:\n```chef\ninclude_recipe \"nodejs\"\n```\nInstallation method can be customized with attribute `node['nodejs']['install_method']`\n\n### Install methods\n\n#### Package\n\nInstall node from packages:\n\n```chef\nnode['nodejs']['install_method'] = 'package' # Not necessary because it's the default\ninclude_recipe \"nodejs\"\n# Or\ninclude_recipe \"nodejs::nodejs_from_package\"\n```\nNote that only apt (Ubuntu, Debian) appears to have up to date packages available. \nCentos, RHEL, etc are non-functional (try `nodejs_from_binary` for those).\n\n#### Binary\n\nInstall node from official prebuilt binaries:\n```chef\nnode['nodejs']['install_method'] = 'binary'\ninclude_recipe \"nodejs\"\n# Or\ninclude_recipe \"nodejs::nodejs_from_binary\"\n```\n\n#### Source\n\nInstall node from sources:\n```chef\nnode['nodejs']['install_method'] = 'source'\ninclude_recipe \"nodejs\"\n# Or\ninclude_recipe \"nodejs::nodejs_from_source\"\n```\n\n## NPM\n\nNpm is included in nodejs installs by default.\nBy default, we are using it and call it `embedded`.\nAdding recipe `nodejs::npm` assure you to have npm installed and let you choose install method with `node['nodejs']['npm']['install_method']`\n```chef\ninclude_recipe \"nodejs::npm\"\n```\n_Warning:_ This recipe will include the `nodejs` recipe, which by default includes `nodejs::nodejs_from_package` if you did not set `node['nodejs']['install_method']`.\n\n## LWRP\n\n### nodejs_npm\n\n`nodejs_npm` let you install npm packages from various sources:\n* npm registry:\n * name: `attribute :package`\n * version: `attribute :version` (optionnal)\n* url: `attribute :url`\n * for git use `git://{your_repo}`\n* from a json (packages.json by default): `attribute :json`\n * use `true` for default\n * use a `String` to specify json file\n \nPackages can be installed globally (by default) or in a directory (by using `attribute :path`)\n\nYou can append more specific options to npm command with `attribute :options` array : \n * use an array of options (w/ dash), they will be added to npm call.\n * ex: `['--production','--force']` or `['--force-latest']`\n \nThis LWRP try to use npm bare as much as possible (no custom wrapper).\n\n#### [Examples](test/cookbooks/nodejs_test/recipes/npm.rb)\n\n## AUTHORS\n\n* Marius Ducea (marius@promethost.com)\n* Nathan L Smith (nlloyds@gmail.com)\n* Guilhem Lettron (guilhem@lettron.fr)\n* Barthelemy Vessemont (bvessemont@gmail.com)\n", - "maintainer": "redguide", - "maintainer_email": "guilhem@lettron.fr", - "license": "Apache 2.0", - "platforms": { - "debian": ">= 0.0.0", - "ubuntu": ">= 0.0.0", - "centos": ">= 0.0.0", - "redhat": ">= 0.0.0", - "smartos": ">= 0.0.0" - }, - "dependencies": { - "yum-epel": ">= 0.0.0", - "build-essential": ">= 0.0.0", - "ark": ">= 0.0.0", - "apt": ">= 0.0.0" - }, - "recommendations": { - }, - "suggestions": { - "application_nodejs": ">= 0.0.0" - }, - "conflicting": { - "node": ">= 0.0.0" - }, - "providing": { - }, - "replacing": { - }, - "attributes": { - }, - "groupings": { - }, - "recipes": { - } -} \ No newline at end of file +{"name":"nodejs","version":"2.4.2","description":"Installs/Configures node.js & io.js","long_description":"# [nodejs-cookbook](https://github.com/redguide/nodejs)\n[![CK Version](http://img.shields.io/cookbook/v/nodejs.svg)](https://supermarket.getchef.com/cookbooks/nodejs) [![Build Status](https://img.shields.io/travis/redguide/nodejs.svg)](https://travis-ci.org/redguide/nodejs)\n[![Gitter chat](https://badges.gitter.im/redguide/nodejs.png)](https://gitter.im/redguide/nodejs)\n\n## DESCRIPTION\n\nInstalls node.js/io.js and manage npm\n\n## USAGE\n\nInclude the nodejs recipe to install node on your system based on the default installation method:\n```chef\ninclude_recipe \"nodejs\"\n```\n\n### Engine\n\nYou can select different engine by setting `node['nodejs']['engine']`\n```\nnode['nodejs']['engine'] => 'node' # default\nnode['nodejs']['engine'] => 'iojs'\n```\n\nYou can also use recipes `nodejs::nodejs` or `nodejs::iojs`.\n\n### Install methods\n\n#### Package\n\nInstall node from packages:\n\n```chef\nnode['nodejs']['install_method'] = 'package' # Not necessary because it's the default\ninclude_recipe \"nodejs\"\n# Or\ninclude_recipe \"nodejs::nodejs_from_package\"\n```\nNote that only apt (Ubuntu, Debian) appears to have up to date packages available. \nCentos, RHEL, etc are non-functional (try `nodejs_from_binary` for those).\n\n#### Binary\n\nInstall node from official prebuilt binaries:\n```chef\nnode['nodejs']['install_method'] = 'binary'\ninclude_recipe \"nodejs\"\n# Or\ninclude_recipe \"nodejs::nodejs_from_binary\"\n```\n\n#### Source\n\nInstall node from sources:\n```chef\nnode['nodejs']['install_method'] = 'source'\ninclude_recipe \"nodejs\"\n# Or\ninclude_recipe \"nodejs::nodejs_from_source\"\n```\n\n## NPM\n\nNpm is included in nodejs installs by default.\nBy default, we are using it and call it `embedded`.\nAdding recipe `nodejs::npm` assure you to have npm installed and let you choose install method with `node['nodejs']['npm']['install_method']`\n```chef\ninclude_recipe \"nodejs::npm\"\n```\n_Warning:_ This recipe will include the `nodejs` recipe, which by default includes `nodejs::nodejs_from_package` if you did not set `node['nodejs']['install_method']`.\n\n## LWRP\n\n### nodejs_npm\n\n`nodejs_npm` let you install npm packages from various sources:\n* npm registry:\n * name: `attribute :package`\n * version: `attribute :version` (optionnal)\n* url: `attribute :url`\n * for git use `git://{your_repo}`\n* from a json (packages.json by default): `attribute :json`\n * use `true` for default\n * use a `String` to specify json file\n \nPackages can be installed globally (by default) or in a directory (by using `attribute :path`)\n\nYou can append more specific options to npm command with `attribute :options` array : \n * use an array of options (w/ dash), they will be added to npm call.\n * ex: `['--production','--force']` or `['--force-latest']`\n \nThis LWRP try to use npm bare as much as possible (no custom wrapper).\n\n### Packages\n\n```ruby\nnodejs_npm \"express\"\n\nnodejs_npm \"async\" do\n version \"0.6.2\"\nend\n\nnodejs_npm \"request\" do\n url \"github mikeal/request\"\nend\n\nnodejs_npm \"grunt\" do\n path \"/home/random/grunt\"\n json true\n user \"random\"\nend\n```\n[Working Examples](test/cookbooks/nodejs_test/recipes/npm.rb)\n\nOr add packages via attributes (which accept the same attributes as the LWRP above):\n\n```json\n\"nodejs\": {\n \"npm_packages\": [\n {\n \"name\": \"express\"\n },\n {\n \"name\": \"async\",\n \"version\": \"0.6.2\"\n },\n {\n \"name\": \"request\",\n \"url\": \"github mikeal/request\"\n }\n {\n \"name\": \"grunt\",\n \"path\": \"/home/random/grunt\",\n \"json\": true,\n \"user\": \"random\"\n }\n ]\n}\n```\n\n## AUTHORS\n\n* Marius Ducea (marius@promethost.com)\n* Nathan L Smith (nlloyds@gmail.com)\n* Guilhem Lettron (guilhem@lettron.fr)\n* Barthelemy Vessemont (bvessemont@gmail.com)\n","maintainer":"redguide","maintainer_email":"guilhem@lettron.fr","license":"Apache 2.0","platforms":{"debian":">= 0.0.0","ubuntu":">= 0.0.0","centos":">= 0.0.0","redhat":">= 0.0.0","smartos":">= 0.0.0","mac_os_x":">= 0.0.0"},"dependencies":{"yum-epel":">= 0.0.0","build-essential":">= 0.0.0","ark":">= 0.0.0","apt":">= 0.0.0","homebrew":">= 0.0.0"},"recommendations":{},"suggestions":{"application_nodejs":">= 0.0.0"},"conflicting":{"node":">= 0.0.0"},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{}} \ No newline at end of file diff --git a/berks-cookbooks/nodejs/recipes/default.rb b/berks-cookbooks/nodejs/recipes/default.rb index 3f0164a2..2d904145 100644 --- a/berks-cookbooks/nodejs/recipes/default.rb +++ b/berks-cookbooks/nodejs/recipes/default.rb @@ -18,16 +18,6 @@ # limitations under the License. # -include_recipe 'nodejs::nodejs' +include_recipe 'nodejs::install' include_recipe 'nodejs::npm' - -node['nodejs']['npm_packages'].each do |pkg| - f = nodejs_npm pkg['name'] do - action :nothing - end - pkg.each do |key, value| - f.send(key, value) unless key == 'name' || key == 'action' - end - action = pkg.key?('action') ? pkg['action'] : :install - f.action(action) -end if node['nodejs'].key?('npm_packages') +include_recipe 'nodejs::npm_packages' diff --git a/berks-cookbooks/nodejs/recipes/install.rb b/berks-cookbooks/nodejs/recipes/install.rb new file mode 100644 index 00000000..962e77d9 --- /dev/null +++ b/berks-cookbooks/nodejs/recipes/install.rb @@ -0,0 +1,21 @@ +# +# Author:: Marius Ducea (marius@promethost.com) +# Cookbook Name:: nodejs +# Recipe:: install +# +# Copyright 2010-2012, Promet Solutions +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "nodejs::nodejs_from_#{node['nodejs']['install_method']}" diff --git a/berks-cookbooks/nodejs/recipes/iojs.rb b/berks-cookbooks/nodejs/recipes/iojs.rb new file mode 100644 index 00000000..744731c5 --- /dev/null +++ b/berks-cookbooks/nodejs/recipes/iojs.rb @@ -0,0 +1,23 @@ +# +# Author:: Marius Ducea (marius@promethost.com) +# Cookbook Name:: nodejs +# Recipe:: iojs +# +# Copyright 2010-2012, Promet Solutions +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +node.default['nodejs']['engine'] = 'iojs' + +include_recipe 'nodejs::install' diff --git a/berks-cookbooks/nodejs/recipes/nodejs.rb b/berks-cookbooks/nodejs/recipes/nodejs.rb index 3458c0ab..1b3a20cf 100644 --- a/berks-cookbooks/nodejs/recipes/nodejs.rb +++ b/berks-cookbooks/nodejs/recipes/nodejs.rb @@ -1,7 +1,7 @@ # # Author:: Marius Ducea (marius@promethost.com) # Cookbook Name:: nodejs -# Recipe:: default +# Recipe:: nodejs # # Copyright 2010-2012, Promet Solutions # @@ -18,4 +18,6 @@ # limitations under the License. # -include_recipe "nodejs::nodejs_from_#{node['nodejs']['install_method']}" +node.default['nodejs']['engine'] = 'node' + +include_recipe 'nodejs::install' diff --git a/berks-cookbooks/nodejs/recipes/nodejs_from_binary.rb b/berks-cookbooks/nodejs/recipes/nodejs_from_binary.rb index 2f841c64..94aac4a9 100644 --- a/berks-cookbooks/nodejs/recipes/nodejs_from_binary.rb +++ b/berks-cookbooks/nodejs/recipes/nodejs_from_binary.rb @@ -16,7 +16,9 @@ # limitations under the License. # -Chef::Resource::User.send(:include, NodeJs::Helper) +Chef::Recipe.send(:include, NodeJs::Helper) + +node.force_override['nodejs']['install_method'] = 'binary' # ~FC019 # Shamelessly borrowed from http://docs.opscode.com/dsl_recipe_method_platform.html # Surely there's a more canonical way to get arch? @@ -28,19 +30,30 @@ # package_stub is for example: "node-v0.8.20-linux-x64.tar.gz" version = "v#{node['nodejs']['version']}/" -filename = "node-v#{node['nodejs']['version']}-linux-#{arch}.tar.gz" +prefix = node['nodejs']['prefix_url'][node['nodejs']['engine']] + +if node['nodejs']['engine'] == 'iojs' + filename = "iojs-v#{node['nodejs']['version']}-linux-#{arch}.tar.gz" + archive_name = 'iojs-binary' + binaries = ['bin/iojs', 'bin/node', 'bin/npm'] +else + filename = "node-v#{node['nodejs']['version']}-linux-#{arch}.tar.gz" + archive_name = 'nodejs-binary' + binaries = ['bin/node', 'bin/npm'] +end + if node['nodejs']['binary']['url'] nodejs_bin_url = node['nodejs']['binary']['url'] checksum = node['nodejs']['binary']['checksum'] else - nodejs_bin_url = ::URI.join(node['nodejs']['prefix_url'], version, filename).to_s + nodejs_bin_url = ::URI.join(prefix, version, filename).to_s checksum = node['nodejs']['binary']['checksum']["linux_#{arch}"] end -ark 'nodejs-binary' do +ark archive_name do url nodejs_bin_url version node['nodejs']['version'] checksum checksum - has_binaries ['bin/node', 'bin/npm'] + has_binaries binaries action :install end diff --git a/berks-cookbooks/nodejs/recipes/nodejs_from_package.rb b/berks-cookbooks/nodejs/recipes/nodejs_from_package.rb index 61df2f21..34812394 100644 --- a/berks-cookbooks/nodejs/recipes/nodejs_from_package.rb +++ b/berks-cookbooks/nodejs/recipes/nodejs_from_package.rb @@ -20,8 +20,16 @@ # limitations under the License. # +node.force_override['nodejs']['install_method'] = 'package' # ~FC019 + include_recipe 'nodejs::repo' if node['nodejs']['install_repo'] +unless node['nodejs']['packages'] + Chef::Log.error 'No package for nodejs' + Chef::Log.warn 'Please use the source or binary method to install node' + return +end + node['nodejs']['packages'].each do |node_pkg| package node_pkg end diff --git a/berks-cookbooks/nodejs/recipes/nodejs_from_source.rb b/berks-cookbooks/nodejs/recipes/nodejs_from_source.rb index 9003134c..e8eb94d6 100644 --- a/berks-cookbooks/nodejs/recipes/nodejs_from_source.rb +++ b/berks-cookbooks/nodejs/recipes/nodejs_from_source.rb @@ -18,7 +18,9 @@ # limitations under the License. # -Chef::Resource::User.send(:include, NodeJs::Helper) +Chef::Recipe.send(:include, NodeJs::Helper) + +node.force_override['nodejs']['install_method'] = 'source' # ~FC019 include_recipe 'build-essential' @@ -30,10 +32,19 @@ end version = "v#{node['nodejs']['version']}/" -filename = "node-v#{node['nodejs']['version']}.tar.gz" -nodejs_src_url = node['nodejs']['source']['url'] || ::URI.join(node['nodejs']['prefix_url'], version, filename).to_s +prefix = node['nodejs']['prefix_url'][node['nodejs']['engine']] + +if node['nodejs']['engine'] == 'iojs' + filename = "iojs-v#{node['nodejs']['version']}.tar.gz" + archive_name = 'iojs-source' +else + filename = "node-v#{node['nodejs']['version']}.tar.gz" + archive_name = 'nodejs-source' +end + +nodejs_src_url = node['nodejs']['source']['url'] || ::URI.join(prefix, version, filename).to_s -ark 'nodejs-source' do +ark archive_name do url nodejs_src_url version node['nodejs']['version'] checksum node['nodejs']['source']['checksum'] diff --git a/berks-cookbooks/nodejs/recipes/npm.rb b/berks-cookbooks/nodejs/recipes/npm.rb index c39088fd..b8ba5be6 100644 --- a/berks-cookbooks/nodejs/recipes/npm.rb +++ b/berks-cookbooks/nodejs/recipes/npm.rb @@ -20,7 +20,7 @@ case node['nodejs']['npm']['install_method'] when 'embedded' - include_recipe 'nodejs::nodejs' + include_recipe 'nodejs::install' when 'source' include_recipe 'nodejs::npm_from_source' else diff --git a/berks-cookbooks/nodejs/recipes/npm_from_source.rb b/berks-cookbooks/nodejs/recipes/npm_from_source.rb index 79996164..aa421841 100644 --- a/berks-cookbooks/nodejs/recipes/npm_from_source.rb +++ b/berks-cookbooks/nodejs/recipes/npm_from_source.rb @@ -20,7 +20,9 @@ Chef::Recipe.send(:include, NodeJs::Helper) -include_recipe 'nodejs::nodejs' +node.force_override['nodejs']['npm']['install_method'] = 'source' # ~FC019 + +include_recipe 'nodejs::install' dist = npm_dist diff --git a/berks-cookbooks/nodejs/recipes/npm_packages.rb b/berks-cookbooks/nodejs/recipes/npm_packages.rb new file mode 100644 index 00000000..b5728013 --- /dev/null +++ b/berks-cookbooks/nodejs/recipes/npm_packages.rb @@ -0,0 +1,10 @@ +node['nodejs']['npm_packages'].each do |pkg| + f = nodejs_npm pkg['name'] do + action :nothing + end + pkg.each do |key, value| + f.send(key, value) unless key == 'name' || key == 'action' + end + action = pkg.key?('action') ? pkg['action'] : :install + f.action(action) +end if node['nodejs'].key?('npm_packages') diff --git a/berks-cookbooks/npm/.gitignore b/berks-cookbooks/npm/.gitignore deleted file mode 100644 index e43b0f98..00000000 --- a/berks-cookbooks/npm/.gitignore +++ /dev/null @@ -1 +0,0 @@ -.DS_Store diff --git a/berks-cookbooks/npm/.recipe-tester.json b/berks-cookbooks/npm/.recipe-tester.json deleted file mode 100644 index 709dda7f..00000000 --- a/berks-cookbooks/npm/.recipe-tester.json +++ /dev/null @@ -1,13 +0,0 @@ -{ - "type": "chef-solo", - "chef_version": "11.4.4", - "ami": "ami-e7582d8e", - "run_list": [ - "recipe[chef-npm::default]" - ], - "node_attributes": { - "npm": { - "version": "1.2" - } - } -} diff --git a/berks-cookbooks/npm/README.md b/berks-cookbooks/npm/README.md deleted file mode 100644 index d5d5a59c..00000000 --- a/berks-cookbooks/npm/README.md +++ /dev/null @@ -1,64 +0,0 @@ -[![Build Status](https://recipe-tester.com/repo/spulec/chef-npm/badge.png)](https://recipe-tester.com/repo/spulec/chef-npm/) - - -# Cookbook for Node Package Manager -http://community.opscode.com/cookbooks/npm - -##DESCRIPTION: -This cookbook grown up from mdxp's nodejs::npm recipe -It provides some LWRP's for simple management of node packages - -##REQUIREMENTS: -This cookbook depends on https://github.com/mdxp/cookbooks/tree/master/nodejs/ - -##ATTRIBUTES: -The only attribute default['npm']['version'] specifies a version of npm should be installed. - -_NOTE:_ this cookbook will not work with npm <= 1.0.0 - -##USAGE: -Use recipe['npm'] to install npm it self. -To install some packge system-wide use - - npm_package "foo@0.3.2" - -or - - npm_package "foo" do - version "0.3.2" - action :install - end - -To install some package under your project root try to: - - npm_package "foo" do - version "0.3.2" - path "/your/project/path/goes/here" - action :install_local - end - -or - - npm_package do - path "/path/to/code" - action :install_from_json - end - -To uninstall some package - obviously you can do something like - - npm_package "bad_one" do - version "0.3.2" - action :uninstall - end - -or - - npm_package "bad_local_one" do - version "0.3.2" - path "/your/project/path/goes/here" - action :uninstall_local - end - - -## TODO -- wrap other features of npm to LWRP diff --git a/berks-cookbooks/npm/metadata.json b/berks-cookbooks/npm/metadata.json deleted file mode 100644 index 8880b52b..00000000 --- a/berks-cookbooks/npm/metadata.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "name": "npm", - "description": "Installs/Configures npm", - "long_description": "[![Build Status](https://recipe-tester.com/repo/spulec/chef-npm/badge.png)](https://recipe-tester.com/repo/spulec/chef-npm/)\n\n\n# Cookbook for Node Package Manager\nhttp://community.opscode.com/cookbooks/npm\n\n##DESCRIPTION:\nThis cookbook grown up from mdxp's nodejs::npm recipe\nIt provides some LWRP's for simple management of node packages\n\n##REQUIREMENTS:\nThis cookbook depends on https://github.com/mdxp/cookbooks/tree/master/nodejs/\n\n##ATTRIBUTES:\nThe only attribute default['npm']['version'] specifies a version of npm should be installed.\n\n_NOTE:_ this cookbook will not work with npm <= 1.0.0\n\n##USAGE:\nUse recipe['npm'] to install npm it self. \nTo install some packge system-wide use\n\n npm_package \"foo@0.3.2\"\n\nor\n\n npm_package \"foo\" do\n version \"0.3.2\"\n action :install\n end \n\nTo install some package under your project root try to:\n\n npm_package \"foo\" do\n\t version \"0.3.2\"\n\t path \"/your/project/path/goes/here\"\n\t action :install_local\n\tend\n\nor\n\n\tnpm_package do\n \t path \"/path/to/code\"\n \t action :install_from_json\n\tend\n\t\nTo uninstall some package - obviously you can do something like\n\n npm_package \"bad_one\" do\n\t version \"0.3.2\"\n\t action :uninstall\n\tend\n\t\nor\n\n npm_package \"bad_local_one\" do\n\t version \"0.3.2\"\n\t path \"/your/project/path/goes/here\"\n\t action :uninstall_local\n\tend\n\n\n## TODO\n- wrap other features of npm to LWRP\n", - "maintainer": "Sergey Balbeko", - "maintainer_email": "sergey@balbeko.com", - "license": "Apache License, Version 2.0", - "platforms": { - }, - "dependencies": { - "nodejs": ">= 0.0.0" - }, - "recommendations": { - }, - "suggestions": { - }, - "conflicting": { - }, - "providing": { - }, - "replacing": { - }, - "attributes": { - }, - "groupings": { - }, - "recipes": { - }, - "version": "0.1.2" -} \ No newline at end of file diff --git a/berks-cookbooks/npm/providers/package.rb b/berks-cookbooks/npm/providers/package.rb deleted file mode 100644 index a2c1b5aa..00000000 --- a/berks-cookbooks/npm/providers/package.rb +++ /dev/null @@ -1,50 +0,0 @@ -# encoding: utf-8 - -action :install do - pkg_id = new_resource.name - pkg_id += "@#{new_resource.version}" if new_resource.version - execute "install NPM package #{new_resource.name}" do - command "npm -g install #{pkg_id}" - not_if "npm -g ls 2> /dev/null | grep '^[├└]─[─┬] #{pkg_id}'" - end -end - -action :install_local do - path = new_resource.path if new_resource.path - pkg_id = new_resource.name - pkg_id += "@#{new_resource.version}" if new_resource.version - execute "install NPM package #{new_resource.name} into #{path}" do - cwd path - command "npm install #{pkg_id}" - not_if "cd #{path} && npm ls 2> /dev/null | grep '^[├└]─[─┬] #{pkg_id}'" - end -end - -action :install_from_json do - path = new_resource.path - cmd = "npm install" - execute "install NPM packages from package.json at #{path}" do - cwd path - command cmd - end -end - -action :uninstall do - pkg_id = new_resource.name - pkg_id += "@#{new_resource.version}" if new_resource.version - execute "uninstall NPM package #{new_resource.name}" do - command "npm -g uninstall #{pkg_id}" - only_if "npm -g ls 2> /dev/null | grep '^[├└]─[─┬] #{pkg_id}'" - end -end - -action :uninstall_local do - path = new_resource.path if new_resource.path - pkg_id = new_resource.name - pkg_id += "@#{new_resource.version}" if new_resource.version - execute "uninstall NPM package #{new_resource.name} from #{path}" do - cwd path - command "npm uninstall #{pkg_id}" - only_if "cd #{path} && npm ls 2> /dev/null | grep '^[├└]─[─┬] #{pkg_id}'" - end -end diff --git a/berks-cookbooks/npm/recipes/default.rb b/berks-cookbooks/npm/recipes/default.rb deleted file mode 100644 index 1c7795b8..00000000 --- a/berks-cookbooks/npm/recipes/default.rb +++ /dev/null @@ -1,38 +0,0 @@ -# -# Cookbook Name:: npm -# Recipe:: default -# -# Author:: Marius Ducea (marius@promethost.com) -# Author:: Sergey Balbeko -# -# Copyright 2010, Promet Solutions -# Copyright 2012, Sergey Balbeko -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -include_recipe "nodejs" - -package "curl" - -bash "install npm - package manager for node" do - cwd "/usr/local/src" - user "root" - code <<-EOF - mkdir -p npm-v#{node[:npm][:version]} && \ - cd npm-v#{node[:npm][:version]} - curl -L http://registry.npmjs.org/npm/-/npm-#{node[:npm][:version]}.tgz | tar xzf - --strip-components=1 && \ - make uninstall dev - EOF - not_if "npm -v 2>&1 | grep '#{node[:npm][:version]}'" -end diff --git a/berks-cookbooks/openssl/CHANGELOG.md b/berks-cookbooks/openssl/CHANGELOG.md index c2975595..4c67fbc1 100644 --- a/berks-cookbooks/openssl/CHANGELOG.md +++ b/berks-cookbooks/openssl/CHANGELOG.md @@ -2,13 +2,54 @@ openssl Cookbook CHANGELOG ========================== This file is used to list changes made in each version of the openssl cookbook. -v4.0.0 (2014-02-19) +v4.4.0 (2015-08-28) +------------------- +- NEW: x509 certificates are now signed via SHA-256 instead of SHA-1 +- FIX: gen_dhparam error now correctly fails with TypeError instead of ArgumentError if Generator argument isn't an integer + +v4.3.2 (2015-08-01) +------------------- +- FIX: Updated changelog + +v4.3 (2015-08-01) +------------------- +- NEW: Add rsa_key lwrp +- FIX: dhparam lwrp now correctly honors the generator parameter + +v4.2 (2015-06-23) +------------------- +- NEW: Add dhparam lwrp +- FIX: x509 lwrp now updates resource count correctly + +v4.1.2 (2015-06-20) +------------------- +- Add Serverspec suite +- Removed update suite from .kitchen.yml +- Add explicit license to test cookbook recipes +- Add Whyrun support to x509 LWRP +- Expand Chefspec tests for x509 LWRP to step_into LWRP +- Add helper library +- Update x509 LWRP to verify existing keys, if specified + +v4.1.1 (2015-06-11) +------------------- +- README.md fixes + +v4.1.0 (2015-06-11) +------------------- +- Add new random_password Mixin (Thanks, Seth!) +- Rewritten README.md +- Refactor specs +- Clear Rubocop violations + +v4.0.0 (2015-02-19) ------------------- - Reverting to Opscode module namespace -v3.0.2 (2014-12-30) +v3.0.2 (2015-12-18) ------------------- - Accidently released 2.0.2 as 3.0.2 +- Re-namespaced `Opscode::OpenSSL::Password` module as `Chef::OpenSSL::Password` v2.0.2 (2014-12-30) ------------------- diff --git a/berks-cookbooks/openssl/README.md b/berks-cookbooks/openssl/README.md index 6f0b13c5..f329accc 100644 --- a/berks-cookbooks/openssl/README.md +++ b/berks-cookbooks/openssl/README.md @@ -1,105 +1,199 @@ -openssl Cookbook +OpenSSL Cookbook ================ +[![Build Status](https://travis-ci.org/opscode-cookbooks/openssl.svg?branch=master)](https://travis-ci.org/opscode-cookbooks/openssl) -This cookbook provides a library method to generate secure random passwords in recipes using the Ruby OpenSSL library. - -It also provides an attribute-driven recipe for upgrading OpenSSL packages. +This cookbook provides tools for working with the Ruby OpenSSL library. It includes: +- A library method to generate secure random passwords in recipes, using the Ruby SecureRandom library. +- An LWRP for generating RSA private keys. +- An LWRP for generating x509 certificates. +- An LWRP for generating dhparam.pem files. +- An attribute-driven recipe for upgrading OpenSSL packages. Requirements ------------ -The `secure_password` works on any platform with OpenSSL Ruby bindings installed, which are a requirement for Chef anyway. +The `random_password` mixin works on any platform with the Ruby SecureRandom module. This module is already included with Chef. + +The `openssl_x509`, `openssl_rsa_key` and `openssl_dhparam` LWRPs work on any platform with the OpenSSL Ruby bindings installed. These bindings are already included with Chef. -The upgrade recipe works on the following tested platforms: +The `upgrade` recipe has been tested on the following platforms: * Ubuntu 12.04, 14.04 * Debian 7.4 * CentOS 6.5 -It may work on other platforms or versions of the above platforms with or without modification. +The recipe may work on other platforms or different versions of the above platforms, but this has not been tested. + +Dependencies +------------ -[Chef Sugar](https://github.com/sethvargo/chef-sugar) was introduced as a dependency to provide helpers that make the default attribute settings (see Attributes) easier to reason about. +This cookbook depends on the [Chef Sugar](http://supermarket.chef.io/cookbooks/chef-sugar/) cookbook. [Chef Sugar](http://supermarket.chef.io/cookbooks/chef-sugar/) is used to make the default attribute settings easier to reason about. (See [Attributes](#attributes)) Attributes ---------- -* `node['openssl']['packages']` - An array of packages of openssl. The default attributes attempt to be smart about which packages are the default, but this may need to be changed by users of the `openssl::upgrade` recipe. -* `node['openssl']['restart_services']` - An array of service resources that use the `node['openssl']['packages']`. This is empty by default as Chef has no reliably reasonable way to detect which applications or services are compiled against these packages. *Note* These each need to be "`service`" resources specified somewhere in the recipes in the node's run list. +* `node['openssl']['packages']` - An array of packages required to use openssl. The default attributes attempt to be smart about which packages are the default, but this may need to be changed by users of the `openssl::upgrade` recipe. +* `node['openssl']['restart_services']` - An array of service resources that depend on the packages listed in the `node['openssl']['packages']` attribute. This array is empty by default, as Chef has no reasonable way to detect which applications or services are compiled against these packages. *Note* Each service listed in this array should represent a "`service`" resource specified in the recipes of the node's run list. Recipes ------- +### default + +An empty placeholder recipe. Takes no action. + ### upgrade -The upgrade recipe iterates over the list of packages in the `node['openssl']['packages']` attribute and manages them with the `:upgrade` action. Each package will send `:restart` notification to service resources named by the `node['openssl']['restart_services']` attribute. +The upgrade recipe iterates over the list of packages in the `node['openssl']['packages']` attribute, and manages them with the `:upgrade` action. Each package will send a `:restart` notification to service resources named in the `node['openssl']['restart_services']` attribute. -Usage ------ +#### Example Usage -Most often this will be used to generate a secure password for an attribute. In a recipe: +In this example, assume the node is running the `stats_collector` daemon, which depends on the openssl library. Imagine that a new openssl vulnerability has been disclosed, and the operating system vendor has released an update to openssl to address this vulnerability. In order to protect the node, an administrator crafts this recipe: ```ruby -::Chef::Recipe.send(:include, Chef::OpenSSL::Password) -node.set_unless[:my_password] = secure_password +node.default['openssl']['restart_services'] = ['stats_collector'] + +# other recipe code here... +service 'stats_collector' do + action [:enable, :start] +end + +include_recipe 'openssl::upgrade' ``` -To use the `openssl::upgrade` recipe, set the attributes as mentioned above. For example, we have a "stats_collector" service that uses openssl. It has a recipe that looks like this: +When executed, this recipe will ensure that openssl is upgraded to the latest version, and that the `stats_collector` service is restarted to pick up the latest security fixes released in the openssl package. -LWRP -==== +Libraries & LWRPs +----------------- -This cookbook includes an LWRP for generating Self Signed Certificates +There are two mixins packaged with this cookbook. -## openssl_x509 -generate a pem formatted x509 cert + key +### random_password (`OpenSSLCookbook::RandomPassword`) -### Attributes -`common_name` A String representing the `CN` ssl field -`org` A String representing the `O` ssl field -`org_unit` A String representing the `OU` ssl field -`country` A String representing the `C` ssl field -`expire` A Fixnum reprenting the number of days from _now_ to expire the cert -`key_file` Optional A string to the key file to use. If no key is present it will generate and store one. -`key_pass` A String that is the key's passphrase -`key_length` A Fixnum reprenting your desired Bit Length _Default: 2048_ -`owner` The owner of the files _Default: "root"_ -`group` The group of the files _Default: "root"_ -`mode` The mode to store the files in _Default: "0400"_ +The `RandomPassword` mixin can be used to generate secure random passwords in Chef cookbooks, usually for assignment to a variable or an attribute. `random_password` uses Ruby's SecureRandom library and is customizable. -### Example usage +#### Example Usage +```ruby +Chef::Recipe.send(:include, OpenSSLCookbook::RandomPassword) +node.set['my_secure_attribute'] = random_password +node.set_unless['my_secure_attribute'] = random_password +node.set['my_secure_attribute'] = random_password(length: 50) +node.set['my_secure_attribute'] = random_password(length: 50, mode: :base64) +node.set['my_secure_attribute'] = random_password(length: 50, mode: :base64, encoding: 'ASCII') +``` - openssl_x509 "/tmp/mycert.pem" do - common_name "www.f00bar.com" - org "Foo Bar" - org_unit "Lab" - country "US" - end +Note that node attributes are widely accessible. Storing unencrypted passwords in node attributes, as in this example, carries risk. - -License and Author -================== +### ~~secure_password (`Opscode::OpenSSL::Password`)~~ -Author:: Jesse Nelson () -Author:: Joshua Timberman () -======= +This library should be considered deprecated and will be removed in a future version. Please use `OpenSSLCookbook::RandomPassword` instead. The documentation is kept here for historical reasons. + +#### ~~Example Usage~~ +```ruby +::Chef::Recipe.send(:include, Opscode::OpenSSL::Password) +node.set_unless['my_password'] = secure_password +``` +~~Note that node attributes are widely accessible. Storing unencrypted passwords in node attributes, as in this example, carries risk.~~ + +### openssl_x509 + +This LWRP generates self-signed, PEM-formatted x509 certificates. If no existing key is specified, the LWRP will automatically generate a passwordless key with the certificate. + +#### Attributes +| Name | Type | Description | +| ----- | ---- | ------------ | +| `common_name` | String (Required) | Value for the `CN` certificate field. | +| `org` | String (Required) | Value for the `O` certificate field. | +| `org_unit` | String (Required) | Value for the `OU` certificate field. | +| `country` | String (Required) | Value for the `C` ssl field. | +| `expire` | Fixnum (Optional) | Value representing the number of days from _now_ through which the issued certificate cert will remain valid. The certificate will expire after this period. | +| `key_file` | String (Optional) | The path to a certificate key file on the filesystem. If the `key_file` attribute is specified, the LWRP will attempt to source a key from this location. If no key file is found, the LWRP will generate a new key file at this location. If the `key_file` attribute is not specified, the LWRP will generate a key file in the same directory as the generated certificate, with the same name as the generated certificate. +| `key_pass` | String (Optional) | The passphrase for an existing key's passphrase +| `key_length` | Fixnum (Optional) | The desired Bit Length of the generated key. _Default: 2048_ | +| `owner` | String (optional) | The owner of all files created by the LWRP. _Default: "root"_ | +| `group` | String (optional) | The group of all files created by the LWRP. _Default: "root"_ | +| `mode` | String or Fixnum (Optional) | The permission mode of all files created by the LWRP. _Default: "0400"_ | + +#### Example Usage + +In this example, an administrator wishes to create a self-signed x509 certificate for use with a web server. In order to create the certificate, the administrator crafts this recipe: ```ruby -node.default['openssl']['restart_services'] = ['stats_collector'] +openssl_x509 '/etc/httpd/ssl/mycert.pem' do + common_name 'www.f00bar.com' + org 'Foo Bar' + org_unit 'Lab' + country 'US' +end +``` -# other recipe code here... -service 'stats_collector' do - action [:enable, :start] +When executed, this recipe will generate a key certificate at `/etc/httpd/ssl/mycert.key`. It will then use that key to generate a new certificate file at `/etc/httpd/ssl/mycert.pem`. + +### openssl_dhparam + +This LWRP generates dhparam.pem files. If a valid dhparam.pem file is found at the specified location, no new file will be created. If a file is found at the specified location but it is not a valid dhparam file, it will be overwritten. + +#### Attributes +| Name | Type | Description | +| ----- | ---- | ------------ | +| `key_length` | Fixnum (Optional) | The desired Bit Length of the generated key. _Default: 2048_ | +| `generator` | Fixnum (Optional) | The desired Diffie-Hellmann generator. Can be _2_ or _5_. | +| `owner` | String (optional) | The owner of all files created by the LWRP. _Default: "root"_ | +| `group` | String (optional) | The group of all files created by the LWRP. _Default: "root"_ | +| `mode` | String or Fixnum (Optional) | The permission mode of all files created by the LWRP. _Default: "0644"_ | + +#### Example Usage + +In this example, an administrator wishes to create a dhparam.pem file for use with a web server. In order to create the .pem file, the administrator crafts this recipe: + +```ruby +openssl_dhparam '/etc/httpd/ssl/dhparam.pem' do + key_length 2048 + generator 2 end +``` -include_recipe 'openssl::upgrade' +When executed, this recipe will generate a dhparam file at `/etc/httpd/ssl/dhparam.pem`. + +### openssl_rsa_key + +This LWRP generates rsa key files. If a valid rsa key file can be opened at the specified location, no new file will be created. If the RSA key file cannot be opened, either because it does not exist or because the password to the RSA key file does not match the password in the recipe, it will be overwritten. + +#### Attributes +| Name | Type | Description | +| ----- | ---- | ------------ | +| `key_length` | Fixnum (Optional) | The desired Bit Length of the generated key. _Default: 2048_ | +| `key_pass` | String (Optional) | The desired passphrase for the key. | +| `owner` | String (optional) | The owner of all files created by the LWRP. _Default: "root"_ | +| `group` | String (optional) | The group of all files created by the LWRP. _Default: "root"_ | +| `mode` | String or Fixnum (Optional) | The permission mode of all files created by the LWRP. _Default: "0644"_ | + +#### Example Usage + +In this example, an administrator wishes to create a new RSA private key file in order to generate other certificates and public keys. In order to create the key file, the administrator crafts this recipe: + +```ruby +openssl_rsa_key '/etc/httpd/ssl/server.key' do + key_length 2048 +end ``` -This will ensure that openssl is upgraded to the latest version so the `stats_collector` service won't be exploited (hopefully!). +When executed, this recipe will generate a passwordless RSA key file at `/etc/httpd/ssl/server.key`. + + +License and Author +------------------ + +Author:: Jesse Nelson () +Author:: Seth Vargo () +Author:: Charles Johnson () +Author:: Joshua Timberman () + +======= ```text -Copyright:: 2009-2011, Chef Software, Inc -Copyright:: 2014, Chef Software, Inc +Copyright:: 2009-2015, Chef Software, Inc Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/openssl/libraries/helpers.rb b/berks-cookbooks/openssl/libraries/helpers.rb new file mode 100644 index 00000000..bb81dffa --- /dev/null +++ b/berks-cookbooks/openssl/libraries/helpers.rb @@ -0,0 +1,60 @@ +module OpenSSLCookbook + # Helper functions for the OpenSSL cookbook. + module Helpers + def self.included(_base) + require 'openssl' unless defined?(OpenSSL) + end + + # Path helpers + def get_key_filename(cert_filename) + cert_file_path, cert_filename = ::File.split(cert_filename) + cert_filename = ::File.basename(cert_filename, ::File.extname(cert_filename)) + cert_file_path + ::File::SEPARATOR + cert_filename + '.key' + end + + # Validation helpers + def key_length_valid?(number) + number >= 1024 && number & (number - 1) == 0 + end + + def dhparam_pem_valid?(dhparam_pem_path) + # Check if the dhparam.pem file exists + # Verify the dhparam.pem file contains a key + return false unless File.exist?(dhparam_pem_path) + dhparam = OpenSSL::PKey::DH.new File.read(dhparam_pem_path) + dhparam.params_ok? + end + + def key_file_valid?(key_file_path, key_password = nil) + # Check if the key file exists + # Verify the key file contains a private key + return false unless File.exist?(key_file_path) + key = OpenSSL::PKey::RSA.new File.read(key_file_path), key_password + key.private? + end + + # Generators + def gen_dhparam(key_length, generator) + fail ArgumentError, 'Key length must be a power of 2 greater than or equal to 1024' unless key_length_valid?(key_length) + fail TypeError, 'Generator must be an integer' unless generator.is_a?(Integer) + + OpenSSL::PKey::DH.new(key_length, generator) + end + + def gen_rsa_key(key_length) + fail ArgumentError, 'Key length must be a power of 2 greater than or equal to 1024' unless key_length_valid?(key_length) + + OpenSSL::PKey::RSA.new(key_length) + end + + # Key manipulation helpers + # Returns a pem string + def encrypt_rsa_key(rsa_key, key_password) + fail TypeError, 'rsa_key must be a Ruby OpenSSL::PKey::RSA object' unless rsa_key.is_a?(OpenSSL::PKey::RSA) + fail TypeError, 'RSA key password must be a string' unless key_password.is_a?(String) + + cipher = OpenSSL::Cipher::Cipher.new('des3') + rsa_key.to_pem(cipher, key_password) + end + end +end diff --git a/berks-cookbooks/openssl/libraries/matchers.rb b/berks-cookbooks/openssl/libraries/matchers.rb new file mode 100644 index 00000000..59ee84c1 --- /dev/null +++ b/berks-cookbooks/openssl/libraries/matchers.rb @@ -0,0 +1,13 @@ +if defined?(ChefSpec) + def create_x509_certificate(name) + ChefSpec::Matchers::ResourceMatcher.new(:openssl_x509, :create, name) + end + + def create_dhparam_pem(name) + ChefSpec::Matchers::ResourceMatcher.new(:openssl_dhparam, :create, name) + end + + def create_rsa_key(name) + ChefSpec::Matchers::ResourceMatcher.new(:openssl_rsa_key, :create, name) + end +end diff --git a/berks-cookbooks/openssl/libraries/random_password.rb b/berks-cookbooks/openssl/libraries/random_password.rb new file mode 100644 index 00000000..c4883013 --- /dev/null +++ b/berks-cookbooks/openssl/libraries/random_password.rb @@ -0,0 +1,82 @@ +# +# Cookbook Name:: openssl +# Library:: random_password +# Author:: Seth Vargo +# +# Copyright 2015, Seth Vargo +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# rubocop:disable UnusedMethodArgument, Style/RaiseArgs + +module OpenSSLCookbook + module RandomPassword + # Override the included method to require securerandom if it is not defined. + # This avoids the need to load the class on each Chef run unless the user is + # explicitly requiring it. + def self.included(base) + require 'securerandom' unless defined?(SecureRandom) + end + + class InvalidPasswordMode < StandardError + def initialize(given, acceptable) + super <<-EOH +The given password mode '#{given}' is not valid. Valid password modes are :hex, +:base64, and :random_bytes! +EOH + end + end + + # + # Generates a random password using {SecureRandom}. + # + # @example Generating a random (hex) password (of 20 characters) + # random_password #=> "1930e99aa035083bdd93d1d8f11cb7ac8f625c9c" + # + # @example Generating a random base64 password that is 50 characters + # random_password(mode: :base64, length: 50) #=> "72o5oVbKHHEVYj1nOgFB2EijnzZfnrbfasVuF+oRH8wMgb0QWoYZF/OkrQricp1ENoI=" + # + # @example Generate a password with a forced encoding + # random_password(encoding: "ASCII") + # + # @param [Hash] options + # @option options [Fixnum] :length + # the number of bits to use in the password + # @option options [Symbol] :mode + # the type of random password to generate - valid values are + # `:hex`, `:base64`, or `:random_bytes` + # @option options [String, Symbol, Constant] :encoding + # the encoding to force (default is "UTF-8") + # + # @return [String] + # + def random_password(options = {}) + length = options[:length] || 20 + mode = options[:mode] || :hex + encoding = options[:encoding] || 'UTF-8' + + # Convert to a "proper" length, since the size is actually in bytes + length = case mode + when :hex + length / 2 + when :base64 + length * 3 / 4 + when :random_bytes + length + else + fail InvalidPasswordMode.new(mode) + end + + SecureRandom.send(mode, length).force_encoding(encoding) + end + end +end diff --git a/berks-cookbooks/openssl/libraries/secure_password.rb b/berks-cookbooks/openssl/libraries/secure_password.rb index ee8ec7f0..75f7f508 100644 --- a/berks-cookbooks/openssl/libraries/secure_password.rb +++ b/berks-cookbooks/openssl/libraries/secure_password.rb @@ -18,13 +18,14 @@ # limitations under the License. # -require 'openssl' +include OpenSSLCookbook::Helpers module Opscode module OpenSSL + # Generate secure passwords with OpenSSL module Password def secure_password(length = 20) - pw = String.new + pw = '' while pw.length < length pw << ::OpenSSL::Random.random_bytes(1).gsub(/\W/, '') diff --git a/berks-cookbooks/openssl/metadata.json b/berks-cookbooks/openssl/metadata.json index 04077bbf..aef92df4 100644 --- a/berks-cookbooks/openssl/metadata.json +++ b/berks-cookbooks/openssl/metadata.json @@ -1,31 +1 @@ -{ - "name": "openssl", - "version": "4.0.0", - "description": "Provides a library with a method for generating secure random passwords.", - "long_description": "openssl Cookbook\n================\n\nThis cookbook provides a library method to generate secure random passwords in recipes using the Ruby OpenSSL library.\n\nIt also provides an attribute-driven recipe for upgrading OpenSSL packages.\n\nRequirements\n------------\n\nThe `secure_password` works on any platform with OpenSSL Ruby bindings installed, which are a requirement for Chef anyway.\n\nThe upgrade recipe works on the following tested platforms:\n\n* Ubuntu 12.04, 14.04\n* Debian 7.4\n* CentOS 6.5\n\nIt may work on other platforms or versions of the above platforms with or without modification.\n\n[Chef Sugar](https://github.com/sethvargo/chef-sugar) was introduced as a dependency to provide helpers that make the default attribute settings (see Attributes) easier to reason about.\n\nAttributes\n----------\n\n* `node['openssl']['packages']` - An array of packages of openssl. The default attributes attempt to be smart about which packages are the default, but this may need to be changed by users of the `openssl::upgrade` recipe.\n* `node['openssl']['restart_services']` - An array of service resources that use the `node['openssl']['packages']`. This is empty by default as Chef has no reliably reasonable way to detect which applications or services are compiled against these packages. *Note* These each need to be \"`service`\" resources specified somewhere in the recipes in the node's run list.\n\nRecipes\n-------\n\n### upgrade\n\nThe upgrade recipe iterates over the list of packages in the `node['openssl']['packages']` attribute and manages them with the `:upgrade` action. Each package will send `:restart` notification to service resources named by the `node['openssl']['restart_services']` attribute.\n\nUsage\n-----\n\nMost often this will be used to generate a secure password for an attribute. In a recipe:\n\n```ruby\n::Chef::Recipe.send(:include, Chef::OpenSSL::Password)\nnode.set_unless[:my_password] = secure_password\n```\n\nTo use the `openssl::upgrade` recipe, set the attributes as mentioned above. For example, we have a \"stats_collector\" service that uses openssl. It has a recipe that looks like this:\n\nLWRP\n==== \n\nThis cookbook includes an LWRP for generating Self Signed Certificates\n\n## openssl_x509\ngenerate a pem formatted x509 cert + key \n\n### Attributes\n`common_name` A String representing the `CN` ssl field\n`org` A String representing the `O` ssl field\n`org_unit` A String representing the `OU` ssl field\n`country` A String representing the `C` ssl field\n`expire` A Fixnum reprenting the number of days from _now_ to expire the cert\n`key_file` Optional A string to the key file to use. If no key is present it will generate and store one. \n`key_pass` A String that is the key's passphrase\n`key_length` A Fixnum reprenting your desired Bit Length _Default: 2048_\n`owner` The owner of the files _Default: \"root\"_\n`group` The group of the files _Default: \"root\"_\n`mode` The mode to store the files in _Default: \"0400\"_\n\n### Example usage\n\n openssl_x509 \"/tmp/mycert.pem\" do\n common_name \"www.f00bar.com\"\n org \"Foo Bar\"\n org_unit \"Lab\"\n country \"US\"\n end\n\n \nLicense and Author\n==================\n\nAuthor:: Jesse Nelson ()\nAuthor:: Joshua Timberman ()\n=======\n\n\n```ruby\nnode.default['openssl']['restart_services'] = ['stats_collector']\n\n# other recipe code here...\nservice 'stats_collector' do\n action [:enable, :start]\nend\n\ninclude_recipe 'openssl::upgrade'\n```\n\nThis will ensure that openssl is upgraded to the latest version so the `stats_collector` service won't be exploited (hopefully!).\n\n```text\nCopyright:: 2009-2011, Chef Software, Inc\nCopyright:: 2014, Chef Software, Inc \n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n", - "maintainer": "Chef Software, Inc.", - "maintainer_email": "cookbooks@chef.io", - "license": "Apache 2.0", - "platforms": { - }, - "dependencies": { - "chef-sugar": ">= 0.0.0" - }, - "recommendations": { - }, - "suggestions": { - }, - "conflicting": { - }, - "providing": { - }, - "replacing": { - }, - "attributes": { - }, - "groupings": { - }, - "recipes": { - "openssl": "Empty, this cookbook provides a library, see README.md" - } -} \ No newline at end of file +{"name":"openssl","version":"4.4.0","description":"Provides a library with a method for generating secure random passwords.","long_description":"OpenSSL Cookbook\n================\n[![Build Status](https://travis-ci.org/opscode-cookbooks/openssl.svg?branch=master)](https://travis-ci.org/opscode-cookbooks/openssl)\n\nThis cookbook provides tools for working with the Ruby OpenSSL library. It includes:\n- A library method to generate secure random passwords in recipes, using the Ruby SecureRandom library.\n- An LWRP for generating RSA private keys.\n- An LWRP for generating x509 certificates.\n- An LWRP for generating dhparam.pem files.\n- An attribute-driven recipe for upgrading OpenSSL packages.\n\nRequirements\n------------\n\nThe `random_password` mixin works on any platform with the Ruby SecureRandom module. This module is already included with Chef.\n\nThe `openssl_x509`, `openssl_rsa_key` and `openssl_dhparam` LWRPs work on any platform with the OpenSSL Ruby bindings installed. These bindings are already included with Chef.\n\nThe `upgrade` recipe has been tested on the following platforms:\n\n* Ubuntu 12.04, 14.04\n* Debian 7.4\n* CentOS 6.5\n\nThe recipe may work on other platforms or different versions of the above platforms, but this has not been tested.\n\nDependencies\n------------\n\nThis cookbook depends on the [Chef Sugar](http://supermarket.chef.io/cookbooks/chef-sugar/) cookbook. [Chef Sugar](http://supermarket.chef.io/cookbooks/chef-sugar/) is used to make the default attribute settings easier to reason about. (See [Attributes](#attributes))\n\nAttributes\n----------\n\n* `node['openssl']['packages']` - An array of packages required to use openssl. The default attributes attempt to be smart about which packages are the default, but this may need to be changed by users of the `openssl::upgrade` recipe.\n* `node['openssl']['restart_services']` - An array of service resources that depend on the packages listed in the `node['openssl']['packages']` attribute. This array is empty by default, as Chef has no reasonable way to detect which applications or services are compiled against these packages. *Note* Each service listed in this array should represent a \"`service`\" resource specified in the recipes of the node's run list.\n\nRecipes\n-------\n\n### default\n\nAn empty placeholder recipe. Takes no action.\n\n### upgrade\n\nThe upgrade recipe iterates over the list of packages in the `node['openssl']['packages']` attribute, and manages them with the `:upgrade` action. Each package will send a `:restart` notification to service resources named in the `node['openssl']['restart_services']` attribute.\n\n#### Example Usage\n\nIn this example, assume the node is running the `stats_collector` daemon, which depends on the openssl library. Imagine that a new openssl vulnerability has been disclosed, and the operating system vendor has released an update to openssl to address this vulnerability. In order to protect the node, an administrator crafts this recipe:\n\n```ruby\nnode.default['openssl']['restart_services'] = ['stats_collector']\n\n# other recipe code here...\nservice 'stats_collector' do\n action [:enable, :start]\nend\n\ninclude_recipe 'openssl::upgrade'\n```\n\nWhen executed, this recipe will ensure that openssl is upgraded to the latest version, and that the `stats_collector` service is restarted to pick up the latest security fixes released in the openssl package.\n\nLibraries & LWRPs\n-----------------\n\nThere are two mixins packaged with this cookbook.\n\n### random_password (`OpenSSLCookbook::RandomPassword`)\n\nThe `RandomPassword` mixin can be used to generate secure random passwords in Chef cookbooks, usually for assignment to a variable or an attribute. `random_password` uses Ruby's SecureRandom library and is customizable.\n\n#### Example Usage\n```ruby\nChef::Recipe.send(:include, OpenSSLCookbook::RandomPassword)\nnode.set['my_secure_attribute'] = random_password\nnode.set_unless['my_secure_attribute'] = random_password\nnode.set['my_secure_attribute'] = random_password(length: 50)\nnode.set['my_secure_attribute'] = random_password(length: 50, mode: :base64)\nnode.set['my_secure_attribute'] = random_password(length: 50, mode: :base64, encoding: 'ASCII')\n```\n\nNote that node attributes are widely accessible. Storing unencrypted passwords in node attributes, as in this example, carries risk.\n\n### ~~secure_password (`Opscode::OpenSSL::Password`)~~\n\nThis library should be considered deprecated and will be removed in a future version. Please use `OpenSSLCookbook::RandomPassword` instead. The documentation is kept here for historical reasons.\n\n#### ~~Example Usage~~\n```ruby\n::Chef::Recipe.send(:include, Opscode::OpenSSL::Password)\nnode.set_unless['my_password'] = secure_password\n```\n\n~~Note that node attributes are widely accessible. Storing unencrypted passwords in node attributes, as in this example, carries risk.~~\n\n### openssl_x509\n\nThis LWRP generates self-signed, PEM-formatted x509 certificates. If no existing key is specified, the LWRP will automatically generate a passwordless key with the certificate.\n\n#### Attributes\n| Name | Type | Description |\n| ----- | ---- | ------------ |\n| `common_name` | String (Required) | Value for the `CN` certificate field. |\n| `org` | String (Required) | Value for the `O` certificate field. |\n| `org_unit` | String (Required) | Value for the `OU` certificate field. |\n| `country` | String (Required) | Value for the `C` ssl field. |\n| `expire` | Fixnum (Optional) | Value representing the number of days from _now_ through which the issued certificate cert will remain valid. The certificate will expire after this period. |\n| `key_file` | String (Optional) | The path to a certificate key file on the filesystem. If the `key_file` attribute is specified, the LWRP will attempt to source a key from this location. If no key file is found, the LWRP will generate a new key file at this location. If the `key_file` attribute is not specified, the LWRP will generate a key file in the same directory as the generated certificate, with the same name as the generated certificate.\n| `key_pass` | String (Optional) | The passphrase for an existing key's passphrase \n| `key_length` | Fixnum (Optional) | The desired Bit Length of the generated key. _Default: 2048_ |\n| `owner` | String (optional) | The owner of all files created by the LWRP. _Default: \"root\"_ |\n| `group` | String (optional) | The group of all files created by the LWRP. _Default: \"root\"_ |\n| `mode` | String or Fixnum (Optional) | The permission mode of all files created by the LWRP. _Default: \"0400\"_ |\n\n#### Example Usage\n\nIn this example, an administrator wishes to create a self-signed x509 certificate for use with a web server. In order to create the certificate, the administrator crafts this recipe:\n\n```ruby\nopenssl_x509 '/etc/httpd/ssl/mycert.pem' do\n common_name 'www.f00bar.com'\n org 'Foo Bar'\n org_unit 'Lab'\n country 'US'\nend\n```\n\nWhen executed, this recipe will generate a key certificate at `/etc/httpd/ssl/mycert.key`. It will then use that key to generate a new certificate file at `/etc/httpd/ssl/mycert.pem`.\n\n### openssl_dhparam\n\nThis LWRP generates dhparam.pem files. If a valid dhparam.pem file is found at the specified location, no new file will be created. If a file is found at the specified location but it is not a valid dhparam file, it will be overwritten.\n\n#### Attributes\n| Name | Type | Description |\n| ----- | ---- | ------------ |\n| `key_length` | Fixnum (Optional) | The desired Bit Length of the generated key. _Default: 2048_ |\n| `generator` | Fixnum (Optional) | The desired Diffie-Hellmann generator. Can be _2_ or _5_. |\n| `owner` | String (optional) | The owner of all files created by the LWRP. _Default: \"root\"_ |\n| `group` | String (optional) | The group of all files created by the LWRP. _Default: \"root\"_ |\n| `mode` | String or Fixnum (Optional) | The permission mode of all files created by the LWRP. _Default: \"0644\"_ |\n\n#### Example Usage\n\nIn this example, an administrator wishes to create a dhparam.pem file for use with a web server. In order to create the .pem file, the administrator crafts this recipe:\n\n```ruby\nopenssl_dhparam '/etc/httpd/ssl/dhparam.pem' do\n key_length 2048 \n generator 2\nend\n```\n\nWhen executed, this recipe will generate a dhparam file at `/etc/httpd/ssl/dhparam.pem`.\n\n### openssl_rsa_key\n\nThis LWRP generates rsa key files. If a valid rsa key file can be opened at the specified location, no new file will be created. If the RSA key file cannot be opened, either because it does not exist or because the password to the RSA key file does not match the password in the recipe, it will be overwritten.\n\n#### Attributes\n| Name | Type | Description |\n| ----- | ---- | ------------ |\n| `key_length` | Fixnum (Optional) | The desired Bit Length of the generated key. _Default: 2048_ |\n| `key_pass` | String (Optional) | The desired passphrase for the key. |\n| `owner` | String (optional) | The owner of all files created by the LWRP. _Default: \"root\"_ |\n| `group` | String (optional) | The group of all files created by the LWRP. _Default: \"root\"_ |\n| `mode` | String or Fixnum (Optional) | The permission mode of all files created by the LWRP. _Default: \"0644\"_ |\n\n#### Example Usage\n\nIn this example, an administrator wishes to create a new RSA private key file in order to generate other certificates and public keys. In order to create the key file, the administrator crafts this recipe:\n\n```ruby\nopenssl_rsa_key '/etc/httpd/ssl/server.key' do\n key_length 2048 \nend\n```\n\nWhen executed, this recipe will generate a passwordless RSA key file at `/etc/httpd/ssl/server.key`.\n\n\nLicense and Author\n------------------\n\nAuthor:: Jesse Nelson () \nAuthor:: Seth Vargo () \nAuthor:: Charles Johnson () \nAuthor:: Joshua Timberman ()\n\n=======\n\n```text\nCopyright:: 2009-2015, Chef Software, Inc \n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache 2.0","platforms":{},"dependencies":{"chef-sugar":">= 3.1.1"},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{"openssl":"Empty, this cookbook provides a library, see README.md","upgrade":"Upgrade OpenSSL library and restart dependent services"}} \ No newline at end of file diff --git a/berks-cookbooks/openssl/providers/dhparam.rb b/berks-cookbooks/openssl/providers/dhparam.rb new file mode 100644 index 00000000..4b6e4c31 --- /dev/null +++ b/berks-cookbooks/openssl/providers/dhparam.rb @@ -0,0 +1,33 @@ +# +# dhparam.pem provider +# +# Author:: Charles Johnson +# + +include OpenSSLCookbook::Helpers + +use_inline_resources + +def whyrun_supported? + true +end + +action :create do + converge_by("Create a dhparam file #{@new_resource}") do + unless dhparam_pem_valid?(new_resource.name) + dhparam_content = gen_dhparam(new_resource.key_length, new_resource.generator).to_pem + + log "Generating #{new_resource.key_length} bit "\ + "dhparam file at #{new_resource.name}, this may take some time" + + file new_resource.name do + action :create + owner new_resource.owner + group new_resource.group + mode new_resource.mode + sensitive true + content dhparam_content + end + end + end +end diff --git a/berks-cookbooks/openssl/providers/rsa_key.rb b/berks-cookbooks/openssl/providers/rsa_key.rb new file mode 100644 index 00000000..0a4dd424 --- /dev/null +++ b/berks-cookbooks/openssl/providers/rsa_key.rb @@ -0,0 +1,39 @@ +# +# dhparam.pem provider +# +# Author:: Charles Johnson +# + +include OpenSSLCookbook::Helpers + +use_inline_resources + +def whyrun_supported? + true +end + +action :create do + converge_by("Create an RSA key #{@new_resource}") do + unless key_file_valid?(new_resource.name, new_resource.key_pass) + + log "Generating #{new_resource.key_length} bit "\ + "RSA key file at #{new_resource.name}, this may take some time" + + if new_resource.key_pass + unencrypted_rsa_key = gen_rsa_key(new_resource.key_length) + rsa_key_content = encrypt_rsa_key(unencrypted_rsa_key, new_resource.key_pass) + else + rsa_key_content = gen_rsa_key(new_resource.key_length).to_pem + end + + file new_resource.name do + action :create + owner new_resource.owner + group new_resource.group + mode new_resource.mode + sensitive true + content rsa_key_content + end + end + end +end diff --git a/berks-cookbooks/openssl/providers/x509.rb b/berks-cookbooks/openssl/providers/x509.rb index 120e20ca..433300ac 100644 --- a/berks-cookbooks/openssl/providers/x509.rb +++ b/berks-cookbooks/openssl/providers/x509.rb @@ -3,51 +3,61 @@ # # Author:: Jesse Nelson # -require 'openssl' + +include OpenSSLCookbook::Helpers use_inline_resources +def whyrun_supported? + true +end + attr_reader :key_file, :key, :cert, :ef -action :create do - unless ::File.exists? new_resource.name - create_keys - cert_content = cert.to_pem - key_content = key.to_pem +action :create do + converge_by("Create #{@new_resource}") do + unless ::File.exist? new_resource.name + create_keys + cert_content = cert.to_pem + key_content = key.to_pem - file new_resource.name do - action :create_if_missing - mode new_resource.mode - owner new_resource.owner - group new_resource.group - content cert_content - end + file new_resource.name do + action :create_if_missing + mode new_resource.mode + owner new_resource.owner + group new_resource.group + sensitive true + content cert_content + end - file new_resource.key_file do - action :create_if_missing - mode new_resource.mode - owner new_resource.owner - group new_resource.group - content key_content + file new_resource.key_file do + action :create_if_missing + mode new_resource.mode + owner new_resource.owner + group new_resource.group + sensitive true + content key_content + end + new_resource.updated_by_last_action(true) end - end end protected + # rubocop:disable Metrics/AbcSize, Style/IndentationConsistency def key_file unless new_resource.key_file - path, file= ::File.split(new_resource.name) - filename = ::File.basename(file, ::File.extname(file) ) - new_resource.key_file path + "/" + filename + ".key" + path, file = ::File.split(new_resource.name) + filename = ::File.basename(file, ::File.extname(file)) + new_resource.key_file path + '/' + filename + '.key' end new_resource.key_file end def key - @key ||= if ::File.exists? key_file - OpenSSL::PKey::RSA.new File.read(key_file), new_resource.key_pass + @key ||= if key_file_valid?(key_file, new_resource.key_pass) + OpenSSL::PKey::RSA.new ::File.read(key_file), new_resource.key_pass else OpenSSL::PKey::RSA.new(new_resource.key_length) end @@ -69,16 +79,16 @@ def gen_cert end def subject - @subject ||= "/C=" + new_resource.country + - "/O=" + new_resource.org + - "/OU=" + new_resource.org_unit + - "/CN=" + new_resource.common_name + @subject ||= '/C=' + new_resource.country + + '/O=' + new_resource.org + + '/OU=' + new_resource.org_unit + + '/CN=' + new_resource.common_name end def extensions [ - ef.create_extension("basicConstraints","CA:TRUE", true), - ef.create_extension("subjectKeyIdentifier", "hash"), + ef.create_extension('basicConstraints', 'CA:TRUE', true), + ef.create_extension('subjectKeyIdentifier', 'hash') ] end @@ -88,7 +98,7 @@ def create_keys ef.subject_certificate = cert ef.issuer_certificate = cert cert.extensions = extensions - cert.add_extension ef.create_extension("authorityKeyIdentifier", - "keyid:always,issuer:always") - cert.sign key, OpenSSL::Digest::SHA1.new + cert.add_extension ef.create_extension('authorityKeyIdentifier', + 'keyid:always,issuer:always') + cert.sign key, OpenSSL::Digest::SHA256.new end diff --git a/berks-cookbooks/openssl/recipes/upgrade.rb b/berks-cookbooks/openssl/recipes/upgrade.rb index 7698e7e5..c31923b7 100644 --- a/berks-cookbooks/openssl/recipes/upgrade.rb +++ b/berks-cookbooks/openssl/recipes/upgrade.rb @@ -2,7 +2,7 @@ # Cookbook Name:: openssl # Recipe:: upgrade # -# Copyright 2014, Chef Software, Inc. +# Copyright 2015, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,16 +18,18 @@ # include_recipe 'chef-sugar' -node.default['openssl']['packages'] = case - when debian_before_or_at_squeeze?, ubuntu_before_or_at_lucid? - %w{libssl0.9.8 openssl} - when debian_after_or_at_wheezy?, ubuntu_after_or_at_precise? - %w{libssl1.0.0 openssl} - when rhel? - %w{openssl} - else - [] - end +# Attributes are set here and not in attributes/default.rb because of the +# chef-sugar dependency for the methods evaluated in the case statement. +case +when debian_before_or_at_squeeze?, ubuntu_before_or_at_lucid? + node.default['openssl']['packages'] = %w(libssl0.9.8 openssl) +when debian_after_or_at_wheezy?, ubuntu_after_or_at_precise? + node.default['openssl']['packages'] = %w(libssl1.0.0 openssl) +when rhel? + node.default['openssl']['packages'] = %w(openssl) +else + node.default['openssl']['packages'] = [] +end node['openssl']['packages'].each do |ssl_pkg| package ssl_pkg do diff --git a/berks-cookbooks/openssl/resources/dhparam.rb b/berks-cookbooks/openssl/resources/dhparam.rb new file mode 100644 index 00000000..1a8bd140 --- /dev/null +++ b/berks-cookbooks/openssl/resources/dhparam.rb @@ -0,0 +1,10 @@ + +actions [:create] +default_action :create + +attribute :name, :kind_of => String, :name_attribute => true +attribute :key_length, :equal_to => [1024, 2048, 4096, 8192], :default => 2048 +attribute :generator, :equal_to => [2, 5], :default => 2 +attribute :owner, :kind_of => String +attribute :group, :kind_of => String +attribute :mode, :kind_of => [Integer, String] diff --git a/berks-cookbooks/openssl/resources/rsa_key.rb b/berks-cookbooks/openssl/resources/rsa_key.rb new file mode 100644 index 00000000..f1e46bb8 --- /dev/null +++ b/berks-cookbooks/openssl/resources/rsa_key.rb @@ -0,0 +1,10 @@ + +actions [:create] +default_action :create + +attribute :name, :kind_of => String, :name_attribute => true +attribute :key_length, :equal_to => [1024, 2048, 4096, 8192], :default => 2048 +attribute :key_pass, :kind_of => String, :default => nil +attribute :owner, :kind_of => String +attribute :group, :kind_of => String +attribute :mode, :kind_of => [Integer, String] diff --git a/berks-cookbooks/openssl/resources/x509.rb b/berks-cookbooks/openssl/resources/x509.rb index 77d14854..56857782 100644 --- a/berks-cookbooks/openssl/resources/x509.rb +++ b/berks-cookbooks/openssl/resources/x509.rb @@ -1,16 +1,16 @@ -actions [ :create ] +actions [:create] default_action :create -attribute :name, :kind_of => String, :name_attribute => true +attribute :name, :kind_of => String, :name_attribute => true attribute :owner, :kind_of => String -attribute :group, :kind_of => String -attribute :expire, :kind_of => Fixnum -attribute :mode -attribute :org, :kind_of => String, :required => true -attribute :org_unit, :kind_of => String, :required => true -attribute :country, :kind_of => String, :required => true +attribute :group, :kind_of => String +attribute :expire, :kind_of => Integer +attribute :mode, :kind_of => [Integer, String] +attribute :org, :kind_of => String, :required => true +attribute :org_unit, :kind_of => String, :required => true +attribute :country, :kind_of => String, :required => true attribute :common_name, :kind_of => String, :required => true -attribute :key_file, :kind_of => String, :default => nil -attribute :key_pass, :kind_of => String, :default => nil -attribute :key_length, :kind_of => Fixnum, :default => 2048 +attribute :key_file, :kind_of => String, :default => nil +attribute :key_pass, :kind_of => String, :default => nil +attribute :key_length, :equal_to => [1024, 2048, 4096, 8192], :default => 2048 diff --git a/berks-cookbooks/packagecloud/CHANGELOG.md b/berks-cookbooks/packagecloud/CHANGELOG.md new file mode 100644 index 00000000..d5f156d7 --- /dev/null +++ b/berks-cookbooks/packagecloud/CHANGELOG.md @@ -0,0 +1,12 @@ +packagecloud +=============== +This is the Changelog for the packagecloud cookbook + +v0.0.1 (2014-06-05) +------------------- +Initial release. + + +v0.0.1 (2014-06-05) +------------------- +Initial release! diff --git a/berks-cookbooks/packagecloud/README.md b/berks-cookbooks/packagecloud/README.md new file mode 100644 index 00000000..1dc61e61 --- /dev/null +++ b/berks-cookbooks/packagecloud/README.md @@ -0,0 +1,80 @@ +# packagecloud cookbook + +This cookbook provides an LWRP for installing https://packagecloud.io repositories. + +NOTE: Please see the Changelog below for important changes if upgrading from 0.0.19 to 0.1.0. + +## Usage + +Be sure to depend on `packagecloud` in `metadata.rb` so that the packagecloud +resource will be loaded. + +For public repos: + +```ruby +packagecloud_repo "computology/packagecloud-cookbook-test-public" do + type "deb" +end +``` + +For private repos, you need to supply a `master_token`: + +```ruby +packagecloud_repo "computology/packagecloud-cookbook-test-private" do + type "deb" + master_token "762748f7ae0bfdb086dd539575bdc8cffdca78c6a9af0db9" +end +``` + +For packagecloud:enterprise users, add `base_url` to your resource: + +``` +packagecloud_repo "computology/packagecloud-cookbook-test-private" do + base_url "https://packages.example.com" + type "deb" + master_token "762748f7ae0bfdb086dd539575bdc8cffdca78c6a9af0db9" +end +``` + +Valid options for `type` include `deb`, `rpm`, and `gem`. + +## Interactions with other cookbooks + +On CentOS 5, the official chef yum cookbook overwrites the file +`/etc/yum.conf` setting some default values. When it does this, the `cachedir` +value is changed from the CentOS5 default to the default value in the +cookbook. The result of this change is that any packagecloud repository +installed *before* a repository installed with the yum cookbook will appear as +though it's gpg keys were not imported. + +There are a few potential workarounds for this: + +- Pass the "-y" flag to package resource using the `options` attribute. This + should cause yum to import the GPG key automatically if it was not imported + already. +- Move your packagecloud repos so that they are installed last, after any/all + repos installed via the yum cookbook. +- Set the cachedir option in the chef yum cookbook to the system default value + of `/var/cache/yum` using the `yum_globalconfig` resource. + +CentOS 6 and 7 are not affected as the default `cachedir` value provided by +the yum chef cookbook is set to the system default, unless you use the +`yum_globalconfig` resource to set a custom cachedir. If you do set a custom +`cachedir`, you should make sure to setup packagecloud repos after that +resource is set so that the GPG keys end up in the right place. + +## Changelog + +packagecloud cookbook versions 0.0.19 used an attribute called +`default['packagecloud']['hostname']` for caching the local machine's hostname +to avoid regenerating read tokens. + +This attribute has been removed as it is confusing and in some edge cases, +buggy. + +Beginning in 0.1.0, you can use +`default['packagecloud']['hostname_override']` to specify a hostname if ohai +is unable to determine the hostname of the node on its own. + +## Credits +Computology, LLC. diff --git a/berks-cookbooks/packagecloud/attributes/default.rb b/berks-cookbooks/packagecloud/attributes/default.rb new file mode 100644 index 00000000..ac77e20a --- /dev/null +++ b/berks-cookbooks/packagecloud/attributes/default.rb @@ -0,0 +1,8 @@ +default['packagecloud']['base_repo_path'] = "/install/repositories/" +default['packagecloud']['gpg_key_path'] = "/gpg.key" +default['packagecloud']['hostname_override'] = nil + +default['packagecloud']['default_type'] = value_for_platform_family( + 'debian' => 'deb', + ['rhel', 'fedora'] => 'rpm' +) diff --git a/berks-cookbooks/packagecloud/libraries/helper.rb b/berks-cookbooks/packagecloud/libraries/helper.rb new file mode 100644 index 00000000..e5487486 --- /dev/null +++ b/berks-cookbooks/packagecloud/libraries/helper.rb @@ -0,0 +1,43 @@ +require 'net/https' + +module PackageCloud + module Helper + def get(uri, params) + uri.query = URI.encode_www_form(params) + req = Net::HTTP::Get.new(uri.request_uri) + + req.basic_auth uri.user, uri.password if uri.user + + http = Net::HTTP.new(uri.hostname, uri.port) + http.use_ssl = true + + resp = http.start { |h| h.request(req) } + + case resp + when Net::HTTPSuccess + resp + else + raise resp.inspect + end + end + + def post(uri, params) + req = Net::HTTP::Post.new(uri.request_uri) + req.form_data = params + + req.basic_auth uri.user, uri.password if uri.user + + http = Net::HTTP.new(uri.hostname, uri.port) + http.use_ssl = true + + resp = http.start { |h| h.request(req) } + + case resp + when Net::HTTPSuccess + resp + else + raise resp.inspect + end + end + end +end diff --git a/berks-cookbooks/packagecloud/libraries/matcher.rb b/berks-cookbooks/packagecloud/libraries/matcher.rb new file mode 100644 index 00000000..e518177d --- /dev/null +++ b/berks-cookbooks/packagecloud/libraries/matcher.rb @@ -0,0 +1,7 @@ +if defined?(ChefSpec) + + def create_packagecloud_repo(resource_name) + ChefSpec::Matchers::ResourceMatcher.new(:packagecloud_repo, :add, resource_name) + end + +end diff --git a/berks-cookbooks/packagecloud/metadata.json b/berks-cookbooks/packagecloud/metadata.json new file mode 100644 index 00000000..71a307bc --- /dev/null +++ b/berks-cookbooks/packagecloud/metadata.json @@ -0,0 +1 @@ +{"name":"packagecloud","version":"0.1.0","description":"Installs/Configures packagecloud.io repositories.","long_description":"Installs/Configures packagecloud.io repositories.","maintainer":"Joe Damato","maintainer_email":"joe@packagecloud.io","license":"Apache 2.0","platforms":{},"dependencies":{},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{}} \ No newline at end of file diff --git a/berks-cookbooks/packagecloud/providers/repo.rb b/berks-cookbooks/packagecloud/providers/repo.rb new file mode 100644 index 00000000..5d59dabb --- /dev/null +++ b/berks-cookbooks/packagecloud/providers/repo.rb @@ -0,0 +1,212 @@ +include ::PackageCloud::Helper + +require 'uri' + +use_inline_resources if defined?(use_inline_resources) + +action :add do + case new_resource.type + when 'deb' + install_deb + when 'rpm' + install_rpm + when 'gem' + install_gem + else + raise "#{new_resource.type} is an unknown package type." + end +end + +def install_deb + base_url = new_resource.base_url + repo_url = construct_uri_with_options({base_url: base_url, repo: new_resource.repository, endpoint: node['platform']}) + + Chef::Log.debug("#{new_resource.name} deb repo url = #{repo_url}") + + package 'apt-transport-https' + + template "/etc/apt/sources.list.d/#{filename}.list" do + source 'apt.erb' + cookbook 'packagecloud' + mode '0644' + variables :base_url => read_token(repo_url).to_s, + :distribution => node['lsb']['codename'], + :component => 'main' + + notifies :run, "execute[apt-key-add-#{filename}]", :immediately + notifies :run, "execute[apt-get-update-#{filename}]", :immediately + end + + gpg_key_url = ::File.join(base_url, node['packagecloud']['gpg_key_path']) + + execute "apt-key-add-#{filename}" do + command "wget -qO - #{gpg_key_url} | apt-key add -" + action :nothing + end + + execute "apt-get-update-#{filename}" do + command "apt-get update -o Dir::Etc::sourcelist=\"sources.list.d/#{filename}.list\"" \ + " -o Dir::Etc::sourceparts=\"-\"" \ + " -o APT::Get::List-Cleanup=\"0\"" + action :nothing + end +end + +def install_rpm + given_base_url = new_resource.base_url + + base_repo_url = ::File.join(given_base_url, node['packagecloud']['base_repo_path']) + + base_url_endpoint = construct_uri_with_options({base_url: base_repo_url, repo: new_resource.repository, endpoint: 'rpm_base_url'}) + + gpg_filename = URI.parse(base_repo_url).host.gsub!('.', '_') + + if new_resource.master_token + base_url_endpoint.user = new_resource.master_token + base_url_endpoint.password = '' + end + + base_url = URI(get(base_url_endpoint, install_endpoint_params).body.chomp) + + Chef::Log.debug("#{new_resource.name} rpm base url = #{base_url}") + + package 'pygpgme' do + ignore_failure true + end + + log 'pygpgme_warning' do + message 'The pygpgme package could not be installed. This means GPG verification is not possible for any RPM installed on your system. ' \ + 'To fix this, add a repository with pygpgme. Usualy, the EPEL repository for your system will have this. ' \ + 'More information: https://fedoraproject.org/wiki/EPEL#How_can_I_use_these_extra_packages.3F and https://github.com/opscode-cookbooks/yum-epel' + + level :warn + not_if 'rpm -qa | grep -qw pygpgme' + end + + ruby_block 'disable repo_gpgcheck if no pygpgme' do + block do + template = run_context.resource_collection.find(:template => "/etc/yum.repos.d/#{filename}.repo") + template.variables[:repo_gpgcheck] = 0 + end + not_if 'rpm -qa | grep -qw pygpgme' + end + + remote_file "/etc/pki/rpm-gpg/RPM-GPG-KEY-#{gpg_filename}" do + source ::File.join(given_base_url, node['packagecloud']['gpg_key_path']) + mode '0644' + end + + template "/etc/yum.repos.d/#{filename}.repo" do + source 'yum.erb' + cookbook 'packagecloud' + mode '0644' + variables :base_url => read_token(base_url).to_s, + :gpg_filename => gpg_filename, + :name => filename, + :repo_gpgcheck => 1, + :description => filename, + :priority => new_resource.priority, + :metadata_expire => new_resource.metadata_expire + + notifies :run, "execute[yum-makecache-#{filename}]", :immediately + notifies :create, "ruby_block[yum-cache-reload-#{filename}]", :immediately + end + + # get the metadata for this repo only + execute "yum-makecache-#{filename}" do + command "yum -q makecache -y --disablerepo=* --enablerepo=#{filename}" + action :nothing + end + + # reload internal Chef yum cache + ruby_block "yum-cache-reload-#{filename}" do + block { Chef::Provider::Package::Yum::YumCache.instance.reload } + action :nothing + end +end + +def install_gem + base_url = new_resource.base_url + + repo_url = construct_uri_with_options({base_url: base_url, repo: new_resource.repository}) + repo_url = read_token(repo_url, true).to_s + + + execute "install packagecloud #{new_resource.name} repo as gem source" do + command "gem source --add #{repo_url}" + not_if "gem source --list | grep #{repo_url}" + end +end + + +def read_token(repo_url, gems=false) + return repo_url unless new_resource.master_token + + base_url = new_resource.base_url + + base_repo_url = ::File.join(base_url, node['packagecloud']['base_repo_path']) + + uri = construct_uri_with_options({base_url: base_repo_url, repo: new_resource.repository, endpoint: 'tokens.text'}) + uri.user = new_resource.master_token + uri.password = '' + + resp = post(uri, install_endpoint_params) + + Chef::Log.debug("#{new_resource.name} TOKEN = #{resp.body.chomp}") + + if is_rhel5? && !gems + repo_url + else + repo_url.user = resp.body.chomp + repo_url.password = '' + repo_url + end +end + +def install_endpoint_params + dist = value_for_platform_family( + 'debian' => node['lsb']['codename'], + ['rhel', 'fedora'] => node['platform_version'], + ) + + hostname = node['packagecloud']['hostname_override'] || + node['fqdn'] || + node['hostname'] + + if !hostname + raise("Can't determine hostname! Set node['packagecloud']['hostname_override'] " \ + "if it cannot be automatically determined by Ohai.") + end + + { :os => node['platform'], + :dist => dist, + :name => hostname } +end + +def filename + new_resource.name.gsub(/[^0-9A-z.\-]/, '_') +end + +def is_rhel5? + platform_family?('rhel') && node['platform_version'].to_i == 5 +end + +def construct_uri_with_options(options) + required_options = [:base_url, :repo] + + required_options.each do |opt| + if !options[opt] + raise ArgumentError, + "A required option :#{opt} was not specified" + end + end + + options[:base_url] = append_trailing_slash(options[:base_url]) + options[:repo] = append_trailing_slash(options[:repo]) + + URI.join(options.delete(:base_url), options.inject([]) {|mem, opt| mem << opt[1]}.join) +end + +def append_trailing_slash(str) + str.end_with?("/") ? str : str + "/" +end diff --git a/berks-cookbooks/packagecloud/resources/repo.rb b/berks-cookbooks/packagecloud/resources/repo.rb new file mode 100644 index 00000000..6167e15b --- /dev/null +++ b/berks-cookbooks/packagecloud/resources/repo.rb @@ -0,0 +1,10 @@ +actions :add +default_action :add + +attribute :repository, :kind_of => String, :name_attribute => true +attribute :master_token, :kind_of => String +attribute :type, :kind_of => String, :equal_to => ['deb', 'rpm', 'gem'], :default => node['packagecloud']['default_type'] +attribute :base_url, :kind_of => String, :default => "https://packagecloud.io" +attribute :gpg_key_url, :kind_of => String, :default => node['packagecloud']['gpg_key_url'] +attribute :priority, :kind_of => [Fixnum, TrueClass, FalseClass], :default => false +attribute :metadata_expire, :kind_of => String, :regex => [/^\d+[d|h|m]?$/], :default => nil diff --git a/berks-cookbooks/packagecloud/templates/.kitchen/logs/kitchen.log b/berks-cookbooks/packagecloud/templates/.kitchen/logs/kitchen.log new file mode 100644 index 00000000..e02e7ba6 --- /dev/null +++ b/berks-cookbooks/packagecloud/templates/.kitchen/logs/kitchen.log @@ -0,0 +1,29 @@ +I, [2014-10-14T14:05:34.449954 #11620] INFO -- Kitchen: -----> Starting Kitchen (v1.2.1) +E, [2014-10-14T14:05:34.450470 #11620] ERROR -- Kitchen: ------Exception------- +E, [2014-10-14T14:05:34.450533 #11620] ERROR -- Kitchen: Class: Kitchen::UserError +E, [2014-10-14T14:05:34.450587 #11620] ERROR -- Kitchen: Message: Kitchen YAML file /Users/joe/code/packagecloud/templates/.kitchen.yml does not exist. +E, [2014-10-14T14:05:34.450645 #11620] ERROR -- Kitchen: ------Backtrace------- +E, [2014-10-14T14:05:34.450685 #11620] ERROR -- Kitchen: /Users/joe/.rbenv/versions/2.1.0/lib/ruby/gems/2.1.0/gems/test-kitchen-1.2.1/lib/kitchen/loader/yaml.rb:74:in `read' +E, [2014-10-14T14:05:34.450711 #11620] ERROR -- Kitchen: /Users/joe/.rbenv/versions/2.1.0/lib/ruby/gems/2.1.0/gems/test-kitchen-1.2.1/lib/kitchen/config.rb:78:in `data' +E, [2014-10-14T14:05:34.450735 #11620] ERROR -- Kitchen: /Users/joe/.rbenv/versions/2.1.0/lib/ruby/gems/2.1.0/gems/test-kitchen-1.2.1/lib/kitchen/config.rb:66:in `suites' +E, [2014-10-14T14:05:34.450829 #11620] ERROR -- Kitchen: /Users/joe/.rbenv/versions/2.1.0/lib/ruby/gems/2.1.0/gems/test-kitchen-1.2.1/lib/kitchen/config.rb:90:in `filter_instances' +E, [2014-10-14T14:05:34.450853 #11620] ERROR -- Kitchen: /Users/joe/.rbenv/versions/2.1.0/lib/ruby/gems/2.1.0/gems/test-kitchen-1.2.1/lib/kitchen/config.rb:72:in `build_instances' +E, [2014-10-14T14:05:34.450875 #11620] ERROR -- Kitchen: /Users/joe/.rbenv/versions/2.1.0/lib/ruby/gems/2.1.0/gems/test-kitchen-1.2.1/lib/kitchen/config.rb:52:in `instances' +E, [2014-10-14T14:05:34.450897 #11620] ERROR -- Kitchen: /Users/joe/.rbenv/versions/2.1.0/lib/ruby/gems/2.1.0/gems/test-kitchen-1.2.1/lib/kitchen/command.rb:64:in `get_filtered_instances' +E, [2014-10-14T14:05:34.450919 #11620] ERROR -- Kitchen: /Users/joe/.rbenv/versions/2.1.0/lib/ruby/gems/2.1.0/gems/test-kitchen-1.2.1/lib/kitchen/command.rb:85:in `parse_subcommand' +E, [2014-10-14T14:05:34.450940 #11620] ERROR -- Kitchen: /Users/joe/.rbenv/versions/2.1.0/lib/ruby/gems/2.1.0/gems/test-kitchen-1.2.1/lib/kitchen/command/action.rb:37:in `block in call' +E, [2014-10-14T14:05:34.450962 #11620] ERROR -- Kitchen: /Users/joe/.rbenv/versions/2.1.0/lib/ruby/2.1.0/benchmark.rb:279:in `measure' +E, [2014-10-14T14:05:34.450984 #11620] ERROR -- Kitchen: /Users/joe/.rbenv/versions/2.1.0/lib/ruby/gems/2.1.0/gems/test-kitchen-1.2.1/lib/kitchen/command/action.rb:36:in `call' +E, [2014-10-14T14:05:34.451006 #11620] ERROR -- Kitchen: /Users/joe/.rbenv/versions/2.1.0/lib/ruby/gems/2.1.0/gems/test-kitchen-1.2.1/lib/kitchen/cli.rb:47:in `perform' +E, [2014-10-14T14:05:34.451028 #11620] ERROR -- Kitchen: /Users/joe/.rbenv/versions/2.1.0/lib/ruby/gems/2.1.0/gems/test-kitchen-1.2.1/lib/kitchen/cli.rb:118:in `block (2 levels) in ' +E, [2014-10-14T14:05:34.451050 #11620] ERROR -- Kitchen: /Users/joe/.rbenv/versions/2.1.0/lib/ruby/gems/2.1.0/gems/thor-0.19.1/lib/thor/command.rb:27:in `run' +E, [2014-10-14T14:05:34.451072 #11620] ERROR -- Kitchen: /Users/joe/.rbenv/versions/2.1.0/lib/ruby/gems/2.1.0/gems/thor-0.19.1/lib/thor/invocation.rb:126:in `invoke_command' +E, [2014-10-14T14:05:34.451094 #11620] ERROR -- Kitchen: /Users/joe/.rbenv/versions/2.1.0/lib/ruby/gems/2.1.0/gems/test-kitchen-1.2.1/lib/kitchen/cli.rb:233:in `invoke_task' +E, [2014-10-14T14:05:34.451116 #11620] ERROR -- Kitchen: /Users/joe/.rbenv/versions/2.1.0/lib/ruby/gems/2.1.0/gems/thor-0.19.1/lib/thor.rb:359:in `dispatch' +E, [2014-10-14T14:05:34.451137 #11620] ERROR -- Kitchen: /Users/joe/.rbenv/versions/2.1.0/lib/ruby/gems/2.1.0/gems/thor-0.19.1/lib/thor/base.rb:440:in `start' +E, [2014-10-14T14:05:34.451159 #11620] ERROR -- Kitchen: /Users/joe/.rbenv/versions/2.1.0/lib/ruby/gems/2.1.0/gems/test-kitchen-1.2.1/bin/kitchen:13:in `block in ' +E, [2014-10-14T14:05:34.451181 #11620] ERROR -- Kitchen: /Users/joe/.rbenv/versions/2.1.0/lib/ruby/gems/2.1.0/gems/test-kitchen-1.2.1/lib/kitchen/errors.rb:81:in `with_friendly_errors' +E, [2014-10-14T14:05:34.451203 #11620] ERROR -- Kitchen: /Users/joe/.rbenv/versions/2.1.0/lib/ruby/gems/2.1.0/gems/test-kitchen-1.2.1/bin/kitchen:13:in `' +E, [2014-10-14T14:05:34.451240 #11620] ERROR -- Kitchen: /Users/joe/.rbenv/versions/2.1.0/bin/kitchen:23:in `load' +E, [2014-10-14T14:05:34.451266 #11620] ERROR -- Kitchen: /Users/joe/.rbenv/versions/2.1.0/bin/kitchen:23:in `
' +E, [2014-10-14T14:05:34.451333 #11620] ERROR -- Kitchen: ---------------------- diff --git a/berks-cookbooks/packagecloud/templates/default/apt.erb b/berks-cookbooks/packagecloud/templates/default/apt.erb new file mode 100644 index 00000000..a38981cb --- /dev/null +++ b/berks-cookbooks/packagecloud/templates/default/apt.erb @@ -0,0 +1,2 @@ +deb <%= @base_url %> <%= @distribution %> <%= @component %> +deb-src <%= @base_url %> <%= @distribution %> <%= @component %> diff --git a/berks-cookbooks/packagecloud/templates/default/yum.erb b/berks-cookbooks/packagecloud/templates/default/yum.erb new file mode 100644 index 00000000..f862018c --- /dev/null +++ b/berks-cookbooks/packagecloud/templates/default/yum.erb @@ -0,0 +1,15 @@ +[<%= @name %>] +name=<%= @description %> +baseurl=<%= @base_url %> +repo_gpgcheck=<%= @repo_gpgcheck %> +<% if @priority -%> +priority=<%=@priority %> +<% end -%> +gpgcheck=0 +enabled=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-<%= @gpg_filename %> +sslverify=1 +sslcacert=/etc/pki/tls/certs/ca-bundle.crt +<% if @metadata_expire %> +metadata_expire=<%= @metadata_expire %> +<% end %> diff --git a/berks-cookbooks/percona/.ruby-version b/berks-cookbooks/percona/.ruby-version deleted file mode 100644 index eca07e4c..00000000 --- a/berks-cookbooks/percona/.ruby-version +++ /dev/null @@ -1 +0,0 @@ -2.1.2 diff --git a/berks-cookbooks/percona/Berksfile b/berks-cookbooks/percona/Berksfile deleted file mode 100644 index 2e1a070f..00000000 --- a/berks-cookbooks/percona/Berksfile +++ /dev/null @@ -1,3 +0,0 @@ -source "https://api.berkshelf.com" - -metadata diff --git a/berks-cookbooks/percona/Berksfile.lock b/berks-cookbooks/percona/Berksfile.lock deleted file mode 100644 index ca43509d..00000000 --- a/berks-cookbooks/percona/Berksfile.lock +++ /dev/null @@ -1,13 +0,0 @@ -DEPENDENCIES - percona - path: . - metadata: true - -GRAPH - apt (2.4.0) - openssl (1.1.0) - percona (0.15.4) - apt (>= 1.9.0) - openssl (>= 0.0.0) - yum (~> 3.0) - yum (3.2.0) diff --git a/berks-cookbooks/percona/Gemfile b/berks-cookbooks/percona/Gemfile deleted file mode 100644 index e562dcb9..00000000 --- a/berks-cookbooks/percona/Gemfile +++ /dev/null @@ -1,19 +0,0 @@ -source "https://rubygems.org" - -chef_version = ENV.fetch("CHEF_VERSION", "11.10") - -gem "chef", "~> #{chef_version}" -gem "chefspec", "~> 3.4" if chef_version =~ /^11/ - -gem "berkshelf", "~> 3.1.3" -gem "foodcritic", "~> 4.0.0" -gem "rake" -gem "rspec", "~> 2.99" -gem "rubocop", "~> 0.23.0" -gem "serverspec", "~> 1.9.0" - -group :integration do - gem "busser-serverspec", "~> 0.2.6" - gem "kitchen-vagrant", "~> 0.15.0" - gem "test-kitchen", "~> 1.2.1" -end diff --git a/berks-cookbooks/percona/Gemfile.lock b/berks-cookbooks/percona/Gemfile.lock deleted file mode 100644 index 0d4a4d92..00000000 --- a/berks-cookbooks/percona/Gemfile.lock +++ /dev/null @@ -1,230 +0,0 @@ -GEM - remote: https://rubygems.org/ - specs: - addressable (2.3.6) - ast (2.0.0) - berkshelf (3.1.3) - addressable (~> 2.3.4) - berkshelf-api-client (~> 1.2) - buff-config (~> 1.0) - buff-extensions (~> 1.0) - buff-shell_out (~> 0.1) - celluloid (~> 0.16.0.pre) - celluloid-io (~> 0.16.0.pre) - faraday (~> 0.9.0) - minitar (~> 0.5.4) - octokit (~> 3.0) - retryable (~> 1.3.3) - ridley (~> 4.0) - solve (~> 1.1) - thor (~> 0.18) - berkshelf-api-client (1.2.0) - faraday (~> 0.9.0) - buff-config (1.0.0) - buff-extensions (~> 1.0) - varia_model (~> 0.4) - buff-extensions (1.0.0) - buff-ignore (1.1.1) - buff-ruby_engine (0.1.0) - buff-shell_out (0.1.1) - buff-ruby_engine (~> 0.1.0) - busser (0.6.0) - thor - busser-serverspec (0.2.6) - busser - celluloid (0.16.0.pre) - timers (~> 2.0.0) - celluloid-io (0.16.0.pre) - celluloid (>= 0.16.0.pre) - nio4r (>= 1.0.0) - chef (11.12.8) - chef-zero (>= 2.0.2, < 2.1) - diff-lcs (~> 1.2, >= 1.2.4) - erubis (~> 2.7) - highline (~> 1.6, >= 1.6.9) - json (>= 1.4.4, <= 1.8.1) - mime-types (~> 1.16) - mixlib-authentication (~> 1.3) - mixlib-cli (~> 1.4) - mixlib-config (~> 2.0) - mixlib-log (~> 1.3) - mixlib-shellout (~> 1.4) - net-ssh (~> 2.6) - net-ssh-multi (~> 1.1) - ohai (~> 7.0.4) - pry (~> 0.9) - rest-client (>= 1.0.4, < 1.7.0) - yajl-ruby (~> 1.1) - chef-zero (2.0.2) - hashie (~> 2.0) - json - mixlib-log (~> 1.3) - rack - chefspec (3.4.0) - chef (~> 11.0) - fauxhai (~> 2.0) - rspec (~> 2.14) - coderay (1.1.0) - dep-selector-libgecode (1.0.2) - dep_selector (1.0.3) - dep-selector-libgecode (~> 1.0) - ffi (~> 1.9) - diff-lcs (1.2.5) - erubis (2.7.0) - faraday (0.9.0) - multipart-post (>= 1.2, < 3) - fauxhai (2.1.2) - net-ssh - ohai - ffi (1.9.3) - foodcritic (4.0.0) - erubis - gherkin (~> 2.11) - nokogiri (~> 1.5) - rake - rufus-lru (~> 1.0) - treetop (~> 1.4) - yajl-ruby (~> 1.1) - gherkin (2.12.2) - multi_json (~> 1.3) - hashie (2.1.2) - highline (1.6.21) - hitimes (1.2.1) - ipaddress (0.8.0) - json (1.8.1) - kitchen-vagrant (0.15.0) - test-kitchen (~> 1.0) - method_source (0.8.2) - mime-types (1.25.1) - mini_portile (0.6.0) - minitar (0.5.4) - mixlib-authentication (1.3.0) - mixlib-log - mixlib-cli (1.5.0) - mixlib-config (2.1.0) - mixlib-log (1.6.0) - mixlib-shellout (1.4.0) - multi_json (1.10.1) - multipart-post (2.0.0) - net-http-persistent (2.9.4) - net-scp (1.2.1) - net-ssh (>= 2.6.5) - net-ssh (2.9.1) - net-ssh-gateway (1.2.0) - net-ssh (>= 2.6.5) - net-ssh-multi (1.2.0) - net-ssh (>= 2.6.5) - net-ssh-gateway (>= 1.2.0) - nio4r (1.0.0) - nokogiri (1.6.2.1) - mini_portile (= 0.6.0) - octokit (3.1.2) - sawyer (~> 0.5.3) - ohai (7.0.4) - ipaddress - mime-types (~> 1.16) - mixlib-cli - mixlib-config (~> 2.0) - mixlib-log - mixlib-shellout (~> 1.2) - systemu (~> 2.5.2) - yajl-ruby - parser (2.1.9) - ast (>= 1.1, < 3.0) - slop (~> 3.4, >= 3.4.5) - polyglot (0.3.5) - powerpack (0.0.9) - pry (0.10.0) - coderay (~> 1.1.0) - method_source (~> 0.8.1) - slop (~> 3.4) - rack (1.5.2) - rainbow (2.0.0) - rake (10.3.2) - rest-client (1.6.7) - mime-types (>= 1.16) - retryable (1.3.5) - ridley (4.0.0) - addressable - buff-config (~> 1.0) - buff-extensions (~> 1.0) - buff-ignore (~> 1.1) - buff-shell_out (~> 0.1) - celluloid (~> 0.16.0.pre) - celluloid-io (~> 0.16.0.pre) - erubis - faraday (~> 0.9.0) - hashie (>= 2.0.2, < 3.0.0) - json (>= 1.7.7) - mixlib-authentication (>= 1.3.0) - net-http-persistent (>= 2.8) - retryable - semverse (~> 1.1) - varia_model (~> 0.4) - rspec (2.99.0) - rspec-core (~> 2.99.0) - rspec-expectations (~> 2.99.0) - rspec-mocks (~> 2.99.0) - rspec-core (2.99.1) - rspec-expectations (2.99.1) - diff-lcs (>= 1.1.3, < 2.0) - rspec-its (1.0.1) - rspec-core (>= 2.99.0.beta1) - rspec-expectations (>= 2.99.0.beta1) - rspec-mocks (2.99.1) - rubocop (0.23.0) - json (>= 1.7.7, < 2) - parser (~> 2.1.9) - powerpack (~> 0.0.6) - rainbow (>= 1.99.1, < 3.0) - ruby-progressbar (~> 1.4) - ruby-progressbar (1.5.1) - rufus-lru (1.0.5) - safe_yaml (1.0.3) - sawyer (0.5.4) - addressable (~> 2.3.5) - faraday (~> 0.8, < 0.10) - semverse (1.1.0) - serverspec (1.9.0) - highline - net-ssh - rspec (~> 2.13) - rspec-its - specinfra (~> 1.18) - slop (3.5.0) - solve (1.2.0) - dep_selector (~> 1.0) - semverse (~> 1.1) - specinfra (1.18.2) - systemu (2.5.2) - test-kitchen (1.2.1) - mixlib-shellout (~> 1.2) - net-scp (~> 1.1) - net-ssh (~> 2.7) - safe_yaml (~> 1.0) - thor (~> 0.18) - thor (0.19.1) - timers (2.0.0) - hitimes - treetop (1.5.3) - polyglot (~> 0.3) - varia_model (0.4.0) - buff-extensions (~> 1.0) - hashie (>= 2.0.2, < 3.0.0) - yajl-ruby (1.2.1) - -PLATFORMS - ruby - -DEPENDENCIES - berkshelf (~> 3.1.3) - busser-serverspec (~> 0.2.6) - chef (~> 11.10) - chefspec (~> 3.4) - foodcritic (~> 4.0.0) - kitchen-vagrant (~> 0.15.0) - rake - rspec (~> 2.99) - rubocop (~> 0.23.0) - serverspec (~> 1.9.0) - test-kitchen (~> 1.2.1) diff --git a/berks-cookbooks/percona/LICENSE.txt b/berks-cookbooks/percona/LICENSE.txt index 0f5b8d72..b3d06e01 100644 --- a/berks-cookbooks/percona/LICENSE.txt +++ b/berks-cookbooks/percona/LICENSE.txt @@ -1,5 +1,5 @@ The MIT License (MIT) -Copyright (c) 2012-2014 Phil Cohen +Copyright (c) 2012-2015 Phil Cohen Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal diff --git a/berks-cookbooks/percona/README.md b/berks-cookbooks/percona/README.md index 2784d85b..f18000f2 100644 --- a/berks-cookbooks/percona/README.md +++ b/berks-cookbooks/percona/README.md @@ -1,7 +1,15 @@ # chef-percona +## Flair + +[![Cookbook Version](https://img.shields.io/cookbook/v/percona.svg)](https://supermarket.chef.io/cookbooks/percona) +[![License](https://img.shields.io/badge/license-MIT-blue.svg)](http://phlipper.mit-license.org/2012-2015/license.html) [![Build Status](http://img.shields.io/travis-ci/phlipper/chef-percona.png)](https://travis-ci.org/phlipper/chef-percona) [![Code Climate](https://codeclimate.com/github/phlipper/chef-percona.png)](https://codeclimate.com/github/phlipper/chef-percona) +[![Gitter](https://img.shields.io/badge/Gitter%2Eim-Join_Chat_→-yellow.svg)](https://gitter.im/phlipper/chef-percona) +![It Works On My Machine™](https://img.shields.io/badge/It_Works-On_My_Machine%E2%84%A2-orange.svg) +[![Tip](http://img.shields.io/gratipay/phlipper.png)](https://gratipay.com/phlipper/) +[![Endorse](http://api.coderwall.com/phlipper/endorsecount.png)](http://coderwall.com/phlipper) ## Description @@ -25,9 +33,12 @@ availability and high scalability solution for MySQL. We provide an expanding set of tests against the following 64-bit platforms: -* Ubuntu Precise 12.04 LTS -* Ubuntu Trusty 14.04 LTS +* Amazon 2014.03 * CentOS 6.5 +* CentOS 7.0 +* Debian 7.8 +* Ubuntu 12.04 LTS +* Ubuntu 14.04 LTS Although we don't test against all possible platform verions, we expect the following to be supported. Please submit an issue if this is not the @@ -43,13 +54,16 @@ cause, and we'll make reasonable efforts to improve support: ### Cookbooks -* [apt](http://community.opscode.com/cookbooks/apt) Opscode LWRP Cookbook -* [openssl](http://community.opscode.com/cookbooks/openssl) Opscode Cookbook -* [yum](http://community.opscode.com/cookbooks/yum) Opscode LWRP Cookbook +* [apt](https://supermarket.getchef.com/cookbooks/apt) Chef LWRP Cookbook +* [openssl](https://supermarket.getchef.com/cookbooks/openssl) Chef Cookbook +* [yum](https://supermarket.getchef.com/cookbooks/yum) Chef LWRP Cookbook +* [yum-epel](https://supermarket.getchef.com/cookbooks/yum-epel) Chef LWRP Cookbook ### Chef -We aim to test the most recent releases of Chef 10 and 11. You can view +This cookbook requires Chef >= 11.14.2 due to the use of the `sensitive` attribute for some resources. + +We aim to test the most recent releases of Chef. You can view the [currently tested versions](https://github.com/phlipper/chef-percona/blob/master/.travis.yml). (Feel free to submit a pull request if they're out of date!) @@ -80,6 +94,8 @@ To use encrypted passwords, you must create an encrypted data bag. This cookbook This cookbook expects a `mysql` item and a `system` item. Please refer to the official documentation on how to get this setup. It actually uses a MySQL example so it can be mostly copied. Ensure you cover the data bag items as described below. +You also may set expected item names via attributes `node["percona"]["encrypted_data_bag_item_mysql"]` and `node["percona"]["encrypted_data_bag_item_system"]`. + ### Skip passwords Set the `["percona"]["skip_passwords"]` attribute to skip setting up passwords. Removes the need for the encrypted data bag if using chef-solo. Is useful for setting up development and ci environments where you just want to use the root user with no password. If you are doing this you may want to set `[:percona][:server][:debian_username]` to be `"root"` also. @@ -114,6 +130,27 @@ Example: "passwords" data bag - this example assumes that `node[:percona][:serve Above shows the encrypted password in the data bag. Check out the `encrypted_data_bag_secret` setting in `knife.rb` to setup your data bag secret during bootstrapping. +### Replication over SSL +To enable SSL based replication, you will need to flip the attribute `node[:percona][:server][:replication][:ssl_enabled]` to `true` and add a new data_bag item +to the percona encrypted data_bag (see`node[:percona][:encrypted_data_bag]` attribute) with the id `ssl_replication` ( see `node["percona"]["encrypted_data_bag_item_ssl_replication"]` attribute) that contains this data: + +```javascript +{ + "id": "ssl_replication", + "ca-cert": "CA_CERTIFICATE_STRING", + "server": { + "server-cert": "SERVER_CERTIFICATE_STRING", + "server-key": "SERVER_KEY_STRING" + }, + "client": { + "client-cert": "CLIENT_CERTIFICATE_STRING", + "client-key": "CLIENT_KEY_STRING" + } +} +``` +All certificates and keys have to be converted to a string (easiest way is to use ruby: */usr/bin/env ruby -e 'p ARGF.read'* **filename**) and placed +instead of CA_CERTIFICATE_STRING, SERVER_CERTIFICATE_STRING, SERVER_KEY_STRING, CLIENT_CERTIFICATE_STRING, CLIENT_KEY_STRING. + ### Percona XtraDB Cluster Below is a minimal example setup to bootstrap a Percona XtraDB Cluster. Please see the [official documentation](http://www.percona.com/doc/percona-xtradb-cluster/5.6/index.html) for more information. This is not a perfect example. It is just a sample to get you started. @@ -189,183 +226,252 @@ Now you need to bring three servers up one at a time with the percona role appli ## Attributes ```ruby -version = default["percona"]["version"] = "5.6" +default["percona"]["version"] = "5.6" +version = node["percona"]["version"] # Always restart percona on configuration changes default["percona"]["auto_restart"] = true case node["platform_family"] when "debian" - default["percona"]["server"]["socket"] = "/var/run/mysqld/mysqld.sock" - default["percona"]["server"]["default_storage_engine"] = "InnoDB" - default["percona"]["server"]["includedir"] = "/etc/mysql/conf.d/" - default["percona"]["server"]["pidfile"] = "/var/run/mysqld/mysqld.pid" - default["percona"]["server"]["package"] = "percona-server-server-#{version}" + default["percona"]["server"]["socket"] = "/var/run/mysqld/mysqld.sock" + default["percona"]["server"]["default_storage_engine"] = "InnoDB" + default["percona"]["server"]["includedir"] = "/etc/mysql/conf.d/" + default["percona"]["server"]["pidfile"] = "/var/run/mysqld/mysqld.pid" + default["percona"]["server"]["package"] = "percona-server-server-#{version}" when "rhel" - default["percona"]["server"]["socket"] = "/var/lib/mysql/mysql.sock" - default["percona"]["server"]["default_storage_engine"] = "innodb" - default["percona"]["server"]["includedir"] = "" - default["percona"]["server"]["pidfile"] = "/var/lib/mysql/mysqld.pid" - default["percona"]["server"]["package"] = "Percona-Server-server-#{version.tr('.', '')}" - default["percona"]["server"]["shared_pkg"] = "Percona-Server-shared-#{version.tr('.', '')}" + default["percona"]["server"]["socket"] = "/var/lib/mysql/mysql.sock" + default["percona"]["server"]["default_storage_engine"] = "innodb" + default["percona"]["server"]["includedir"] = "" + default["percona"]["server"]["pidfile"] = "/var/lib/mysql/mysqld.pid" + default["percona"]["server"]["package"] = "Percona-Server-server-#{version.tr(".", "")}" + default["percona"]["server"]["shared_pkg"] = "Percona-Server-shared-#{version.tr(".", "")}" end # Cookbook Settings -default["percona"]["main_config_file"] = "/etc/my.cnf" -default["percona"]["keyserver"] = "keys.gnupg.net" -default["percona"]["encrypted_data_bag"] = "passwords" -default["percona"]["encrypted_data_bag_secret_file"] = "" -default["percona"]["use_percona_repos"] = true +default["percona"]["main_config_file"] = value_for_platform_family( + "debian" => "/etc/mysql/my.cnf", + "rhel" => "/etc/my.cnf" +) +default["percona"]["apt"]["keyserver"] = "hkp://keys.gnupg.net:80" +default["percona"]["encrypted_data_bag"] = "passwords" +default["percona"]["encrypted_data_bag_secret_file"] = "" +default["percona"]["use_chef_vault"] = false +default["percona"]["skip_passwords"] = false +default["percona"]["skip_configure"] = false # Start percona server on boot -default["percona"]["server"]["enable"] = true +default["percona"]["server"]["enable"] = true + +# install vs. upgrade packages +default["percona"]["server"]["package_action"] = "install" # Basic Settings -default["percona"]["server"]["role"] = "standalone" -default["percona"]["server"]["username"] = "mysql" -default["percona"]["server"]["datadir"] = "/var/lib/mysql" -default["percona"]["server"]["logdir"] = "/var/log/mysql" -default["percona"]["server"]["tmpdir"] = "/tmp" -default["percona"]["server"]["debian_username"] = "debian-sys-maint" -default["percona"]["server"]["jemalloc"] = false -default["percona"]["server"]["jemalloc_lib"] = value_for_platform_family( - "debian" => value_for_platform( - "ubuntu" => { - "trusty" => "/usr/lib/x86_64-linux-gnu/libjemalloc.so.1", - "precise" => "/usr/lib/libjemalloc.so.1" - } - ), - "rhel" => "/usr/lib64/libjemalloc.so.1" - ) -default["percona"]["server"]["nice"] = 0 -default["percona"]["server"]["open_files_limit"] = 16384 -default["percona"]["server"]["hostname"] = "localhost" -default["percona"]["server"]["basedir"] = "/usr" -default["percona"]["server"]["port"] = 3306 -default["percona"]["server"]["character_set"] = "utf8" -default["percona"]["server"]["collation"] = "utf8_unicode_ci" -default["percona"]["server"]["language"] = "/usr/share/mysql/english" -default["percona"]["server"]["skip_name_resolve"] = false -default["percona"]["server"]["skip_external_locking"] = true -default["percona"]["server"]["net_read_timeout"] = 120 -default["percona"]["server"]["connect_timeout"] = 10 -default["percona"]["server"]["wait_timeout"] = 28_800 -default["percona"]["server"]["old_passwords"] = 0 -default["percona"]["server"]["bind_address"] = "127.0.0.1" +default["percona"]["server"]["role"] = ["standalone"] +default["percona"]["server"]["username"] = "mysql" +default["percona"]["server"]["datadir"] = "/var/lib/mysql" +default["percona"]["server"]["logdir"] = "/var/log/mysql" +default["percona"]["server"]["tmpdir"] = "/tmp" +default["percona"]["server"]["slave_load_tmpdir"] = "/tmp" +default["percona"]["server"]["debian_username"] = "debian-sys-maint" +default["percona"]["server"]["jemalloc"] = false +default["percona"]["server"]["jemalloc_lib"] = value_for_platform_family( + "debian" => value_for_platform( + "ubuntu" => { + "trusty" => "/usr/lib/x86_64-linux-gnu/libjemalloc.so.1", + "precise" => "/usr/lib/libjemalloc.so.1" + } + ), + "rhel" => "/usr/lib64/libjemalloc.so.1" +) +default["percona"]["server"]["nice"] = 0 +default["percona"]["server"]["open_files_limit"] = 16_384 +default["percona"]["server"]["hostname"] = "localhost" +default["percona"]["server"]["basedir"] = "/usr" +default["percona"]["server"]["port"] = 3306 +default["percona"]["server"]["language"] = "/usr/share/mysql/english" +default["percona"]["server"]["character_set"] = "utf8" +default["percona"]["server"]["collation"] = "utf8_unicode_ci" +default["percona"]["server"]["skip_name_resolve"] = false +default["percona"]["server"]["skip_external_locking"] = true +default["percona"]["server"]["net_read_timeout"] = 120 +default["percona"]["server"]["connect_timeout"] = 10 +default["percona"]["server"]["wait_timeout"] = 28_800 +default["percona"]["server"]["old_passwords"] = 0 +default["percona"]["server"]["bind_address"] = "127.0.0.1" +default["percona"]["server"]["federated"] = false + %w[debian_password root_password].each do |attribute| - next if defined?(node["percona"]["server"][attribute]) - default["percona"]["server"][attribute] = secure_password + next if attribute?(node["percona"]["server"][attribute]) + default["percona"]["server"][attribute] = secure_password end # Fine Tuning -default["percona"]["server"]["key_buffer"] = "16M" -default["percona"]["server"]["max_allowed_packet"] = "64M" -default["percona"]["server"]["thread_stack"] = "192K" -default["percona"]["server"]["query_alloc_block_size"] = "16K" -default["percona"]["server"]["memlock"] = false -default["percona"]["server"]["transaction_isolation"] = "REPEATABLE-READ" -default["percona"]["server"]["tmp_table_size"] = "64M" -default["percona"]["server"]["max_heap_table_size"] = "64M" -default["percona"]["server"]["sort_buffer_size"] = "8M" -default["percona"]["server"]["join_buffer_size"] = "8M" -default["percona"]["server"]["thread_cache_size"] = 16 -default["percona"]["server"]["back_log"] = 50 -default["percona"]["server"]["max_connections"] = 30 -default["percona"]["server"]["max_connect_errors"] = 9999999 -default["percona"]["server"]["table_cache"] = 8192 -default["percona"]["server"]["group_concat_max_len"] = 4096 -default["percona"]["server"]["expand_fast_index_creation"] = false +default["percona"]["server"]["key_buffer_size"] = "16M" +default["percona"]["server"]["max_allowed_packet"] = "64M" +default["percona"]["server"]["thread_stack"] = "192K" +default["percona"]["server"]["query_alloc_block_size"] = "16K" +default["percona"]["server"]["memlock"] = false +default["percona"]["server"]["transaction_isolation"] = "REPEATABLE-READ" +default["percona"]["server"]["tmp_table_size"] = "64M" +default["percona"]["server"]["max_heap_table_size"] = "64M" +default["percona"]["server"]["sort_buffer_size"] = "8M" +default["percona"]["server"]["join_buffer_size"] = "8M" +default["percona"]["server"]["thread_cache_size"] = 16 +default["percona"]["server"]["back_log"] = 50 +default["percona"]["server"]["max_connections"] = 30 +default["percona"]["server"]["max_connect_errors"] = 9_999_999 +default["percona"]["server"]["sql_modes"] = [] +default["percona"]["server"]["table_cache"] = 8192 +default["percona"]["server"]["group_concat_max_len"] = 4096 +default["percona"]["server"]["expand_fast_index_creation"] = false +default["percona"]["server"]["read_rnd_buffer_size"] = 262_144 # Query Cache Configuration -default["percona"]["server"]["query_cache_size"] = "64M" -default["percona"]["server"]["query_cache_limit"] = "2M" +default["percona"]["server"]["query_cache_size"] = "64M" +default["percona"]["server"]["query_cache_limit"] = "2M" # Logging and Replication -default["percona"]["server"]["sync_binlog"] = 1 -default["percona"]["server"]["slow_query_log"] = 1 -default["percona"]["server"]["slow_query_log_file"] = "/var/log/mysql/mysql-slow.log" -default["percona"]["server"]["long_query_time"] = 2 -default["percona"]["server"]["server_id"] = 1 -default["percona"]["server"]["binlog_do_db"] = [] -default["percona"]["server"]["expire_logs_days"] = 10 -default["percona"]["server"]["max_binlog_size"] = "100M" -default["percona"]["server"]["binlog_cache_size"] = "1M" -default["percona"]["server"]["binlog_format"] = "MIXED" -default["percona"]["server"]["log_bin"] = "master-bin" -default["percona"]["server"]["relay_log"] = "slave-relay-bin" -default["percona"]["server"]["log_slave_updates"] = false -default["percona"]["server"]["log_warnings"] = true -default["percona"]["server"]["log_long_format"] = false -default["percona"]["server"]["bulk_insert_buffer_size"] = "64M" +default["percona"]["server"]["sync_binlog"] = (node["percona"]["server"]["role"] == "cluster" ? 0 : 1) +default["percona"]["server"]["slow_query_log"] = 1 +default["percona"]["server"]["slow_query_logdir"] = "/var/log/mysql" +default["percona"]["server"]["slow_query_log_file"] = "#{node["percona"]["server"]["slow_query_logdir"]}/mysql-slow.log" +default["percona"]["server"]["long_query_time"] = 2 +default["percona"]["server"]["server_id"] = 1 +default["percona"]["server"]["binlog_do_db"] = [] +default["percona"]["server"]["binlog_ignore_db"] = [] +default["percona"]["server"]["expire_logs_days"] = 10 +default["percona"]["server"]["max_binlog_size"] = "100M" +default["percona"]["server"]["binlog_cache_size"] = "1M" +default["percona"]["server"]["binlog_format"] = "MIXED" +default["percona"]["server"]["log_bin"] = "master-bin" +default["percona"]["server"]["relay_log"] = "slave-relay-bin" +default["percona"]["server"]["log_slave_updates"] = false +default["percona"]["server"]["log_warnings"] = true +default["percona"]["server"]["log_long_format"] = false +default["percona"]["server"]["bulk_insert_buffer_size"] = "64M" # MyISAM Specific -default["percona"]["server"]["myisam_recover"] = "BACKUP" -default["percona"]["server"]["myisam_sort_buffer_size"] = "128M" -default["percona"]["server"]["myisam_max_sort_file_size"] = "10G" -default["percona"]["server"]["myisam_repair_threads"] = 1 +default["percona"]["server"]["myisam_recover_options"] = "BACKUP" +default["percona"]["server"]["myisam_sort_buffer_size"] = "128M" +default["percona"]["server"]["myisam_max_sort_file_size"] = "10G" +default["percona"]["server"]["myisam_repair_threads"] = 1 +default["percona"]["server"]["read_buffer_size"] = "8M" # InnoDB Specific -default["percona"]["server"]["skip_innodb"] = false +default["percona"]["server"]["skip_innodb"] = false default["percona"]["server"]["innodb_additional_mem_pool_size"] = "32M" -default["percona"]["server"]["innodb_buffer_pool_size"] = "128M" -default["percona"]["server"]["innodb_data_file_path"] = "ibdata1:10M:autoextend" -default["percona"]["server"]["innodb_file_per_table"] = true -default["percona"]["server"]["innodb_data_home_dir"] = "" -default["percona"]["server"]["innodb_thread_concurrency"] = 16 -default["percona"]["server"]["innodb_flush_log_at_trx_commit"] = 1 -default["percona"]["server"]["innodb_fast_shutdown"] = false -default["percona"]["server"]["innodb_log_buffer_size"] = "64M" -default["percona"]["server"]["innodb_log_file_size"] = "5M" -default["percona"]["server"]["innodb_log_files_in_group"] = 2 -default["percona"]["server"]["innodb_max_dirty_pages_pct"] = 80 -default["percona"]["server"]["innodb_flush_method"] = "O_DIRECT" -default["percona"]["server"]["innodb_lock_wait_timeout"] = 120 +default["percona"]["server"]["innodb_buffer_pool_size"] = "128M" +default["percona"]["server"]["innodb_data_file_path"] = "ibdata1:10M:autoextend" +default["percona"]["server"]["innodb_autoextend_increment"] = "128M" +default["percona"]["server"]["innodb_open_files"] = 2000 +default["percona"]["server"]["innodb_file_per_table"] = true +default["percona"]["server"]["innodb_file_format"] = "Antelope" +default["percona"]["server"]["innodb_data_home_dir"] = "" +default["percona"]["server"]["innodb_thread_concurrency"] = 16 +default["percona"]["server"]["innodb_flush_log_at_trx_commit"] = 1 +default["percona"]["server"]["innodb_fast_shutdown"] = false +default["percona"]["server"]["innodb_log_buffer_size"] = "64M" +default["percona"]["server"]["innodb_log_file_size"] = "5M" +default["percona"]["server"]["innodb_log_files_in_group"] = 2 +default["percona"]["server"]["innodb_max_dirty_pages_pct"] = 80 +default["percona"]["server"]["innodb_flush_method"] = "O_DIRECT" +default["percona"]["server"]["innodb_lock_wait_timeout"] = 120 +default["percona"]["server"]["innodb_import_table_from_xtrabackup"] = 0 + +# Performance Schema +default["percona"]["server"]["performance_schema"] = false # Replication Settings -default["percona"]["server"]["replication"]["read_only"] = false -default["percona"]["server"]["replication"]["host"] = "" -default["percona"]["server"]["replication"]["username"] = "" -default["percona"]["server"]["replication"]["password"] = "" -default["percona"]["server"]["replication"]["port"] = 3306 +default["percona"]["server"]["replication"]["read_only"] = false +default["percona"]["server"]["replication"]["host"] = "" +default["percona"]["server"]["replication"]["username"] = "" +default["percona"]["server"]["replication"]["password"] = "" +default["percona"]["server"]["replication"]["port"] = 3306 +default["percona"]["server"]["replication"]["ignore_db"] = [] +default["percona"]["server"]["replication"]["ignore_table"] = [] +default["percona"]["server"]["replication"]["ssl_enabled"] = false +default["percona"]["server"]["replication"]["suppress_1592"] = false +default["percona"]["server"]["replication"]["skip_slave_start"] = false +default["percona"]["server"]["replication"]["slave_transaction_retries"] = 10 # XtraBackup Settings -default["percona"]["backup"]["configure"] = false -default["percona"]["backup"]["username"] = "backup" -unless defined?(node["percona"]["backup"]["password"]) - default["percona"]["backup"]["password"] = secure_password +default["percona"]["backup"]["configure"] = false +default["percona"]["backup"]["username"] = "backup" +unless attribute?(node["percona"]["backup"]["password"]) + default["percona"]["backup"]["password"] = secure_password end # XtraDB Cluster Settings -default["percona"]["cluster"]["package"] = "percona-xtradb-cluster-55" -default["percona"]["cluster"]["binlog_format"] = "ROW" -default["percona"]["cluster"]["wsrep_provider"] = value_for_platform_family( - "debian" => "/usr/lib/libgalera_smm.so", - "rhel" => "/usr/lib64/libgalera_smm.so" - ) -default["percona"]["cluster"]["wsrep_cluster_address"] = "" -default["percona"]["cluster"]["wsrep_slave_threads"] = 2 -default["percona"]["cluster"]["wsrep_cluster_name"] = "" -default["percona"]["cluster"]["wsrep_sst_method"] = "rsync" -default["percona"]["cluster"]["wsrep_node_name"] = "" -default["percona"]["cluster"]["wsrep_notify_cmd"] = "" -default["percona"]["cluster"]["wsrep_sst_auth"] = "" +default["percona"]["cluster"]["package"] = value_for_platform_family( + "debian" => "percona-xtradb-cluster-#{version.tr(".", "")}", + "rhel" => "Percona-XtraDB-Cluster-#{version.tr(".", "")}" +) +default["percona"]["cluster"]["binlog_format"] = "ROW" +default["percona"]["cluster"]["wsrep_provider"] = value_for_platform_family( + "debian" => "/usr/lib/libgalera_smm.so", + "rhel" => "/usr/lib64/libgalera_smm.so" +) +default["percona"]["cluster"]["wsrep_provider_options"] = "" +default["percona"]["cluster"]["wsrep_cluster_address"] = "" +default["percona"]["cluster"]["wsrep_slave_threads"] = 2 +default["percona"]["cluster"]["wsrep_cluster_name"] = "" +default["percona"]["cluster"]["wsrep_sst_method"] = "rsync" +default["percona"]["cluster"]["wsrep_node_name"] = "" +default["percona"]["cluster"]["wsrep_notify_cmd"] = "" +default["percona"]["cluster"]["wsrep_sst_auth"] = "" # These both are used to build wsrep_sst_receive_address -default["percona"]["cluster"]["wsrep_sst_receive_interface"] = nil # Works like node["percona"]["server"]["bind_to"] -default["percona"]["cluster"]["wsrep_sst_receive_port"] = "4444" +default["percona"]["cluster"]["wsrep_sst_receive_interface"] = nil # Works like node["percona"]["server"]["bind_to"] +default["percona"]["cluster"]["wsrep_sst_receive_port"] = "4444" default["percona"]["cluster"]["innodb_locks_unsafe_for_binlog"] = 1 -default["percona"]["cluster"]["innodb_autoinc_lock_mode"] = 2 +default["percona"]["cluster"]["innodb_autoinc_lock_mode"] = 2 ``` -### Monitoring.rb +### client.rb + +```ruby +# install vs. upgrade packages +default["percona"]["client"]["package_action"] = "install" + +version = value_for_platform_family( + "debian" => node["percona"]["version"], + "rhel" => node["percona"]["version"].tr(".", "") +) + +case node["platform_family"] +when "debian" + abi_version = case version + when "5.5" then "18" + when "5.6" then "18.1" + else "" + end + + default["percona"]["client"]["packages"] = %W[ + libperconaserverclient#{abi_version}-dev percona-server-client-#{version} + ] +when "rhel" + if Array(node["percona"]["server"]["role"]).include?("cluster") + default["percona"]["client"]["packages"] = %W[ + Percona-XtraDB-Cluster-devel-#{version} Percona-XtraDB-Cluster-client-#{version} + ] + else + default["percona"]["client"]["packages"] = %W[ + Percona-Server-devel-#{version} Percona-Server-client-#{version} + ] + end +end +``` + +### monitoring.rb ```ruby default["percona"]["plugins_version"] = "1.1.3" default["percona"]["plugins_packages"] = %w[percona-nagios-plugins percona-zabbix-templates percona-cacti-templates] ``` -### Package_repo.rb +### package_repo.rb ```ruby default["percona"]["yum"]["description"] = "Percona Packages" @@ -398,6 +504,28 @@ slow_query_log_file = /var/lib/mysql/data/mysql-slow.log There's a special attribute `node["percona"]["server"]["bind_to"]` that allows you to dynamically set the bind address. This attribute accepts the values `"public_ip"`, `"private_ip"`, `"loopback"`, or and interface name like `"eth0"`. Based on this, the recipe will find a corresponding ipv4 address, and override the `node["percona"]["server"]["bind_address"]` attribute. +## MySQL Gems + +This cookbook provides a MySQL and MySQL2 gem installer specifically designed for +use with Percona. Since they share namespaces with other providers you most +likely want to call them directly targeting the provider, example provided below: + +```ruby +mysql2_chef_gem 'default' do + provider Chef::Provider::Mysql2ChefGem::Percona + action :install +end + +mysql_chef_gem 'default' do + provider Chef::Provider::MysqlChefGem::Percona + action :install +end +``` + +Also keep in mind that since these providers are subclasses of the mysql_chef_gem +and mysql2_chef_gem cookbooks they need to be added to your metadata.rb file as +depends to ensure they pull in the needed resource files. + ## Goals In no particular order: @@ -405,12 +533,11 @@ In no particular order: * Be the most flexible way to setup a MySQL distribution through Chef * Support for Chef Solo * Support for Chef Server -* Leverage to official Opscode MySQL cookbook as much as possible. * Support the following common database infrastructures: * Single server instance * Traditional Master/Slave replication * Multi-master cluster replication -* Support the most recent Chef 10 & 11 runtime environments +* Support the most recent Chef runtime environments * Be the easiest way to setup a MySQL distribution through Chef @@ -474,6 +601,7 @@ Many thanks go to the following [contributors](https://github.com/phlipper/chef- * **[@jesseadams](https://github.com/jesseadams)** * fixes for custom datadir setting use case * add more Percona XtraDB cluster options + * XtraDB cluster support for replication over ssl * **[@see0](https://github.com/see0)** * fix incorrect root password reference * **[@baldur](https://github.com/baldur)** @@ -527,6 +655,13 @@ Many thanks go to the following [contributors](https://github.com/phlipper/chef- * add cluster support for `wsrep_sst_auth` configuration * update default for `wsrep_provider` on Debian * enable InnoDB tuning for standalone and cluster + * set proper `my.cnf` location based on platform family + * add missing tunables to 'cluster' `my.cnf` template + * fix regression in cluster configuration template + * centralize `jemalloc` configuration for cluster and server configurations + * sync cluster configuration file with main configuration + * add `innodb_autoextend_increment` and `innodb_open_files` attributes + * fix cluster template regression * **[@achied](https://github.com/achied)** * fix setting passwords if attribute not defined * **[@akshah123](https://github.com/akshah123)** @@ -553,12 +688,72 @@ Many thanks go to the following [contributors](https://github.com/phlipper/chef- * honor `skip_configure` attribute in cluster recipe * **[@paustin01](https://github.com/paustin01)** * add `encrypted_data_bag_secret_file` attribute +* **[@ajardan](https://github.com/ajardan)** + * support master-master replication in the `replication_master.sql` template + * extend master-master capabilities and add ssl support +* **[@realloc](https://github.com/realloc)** + * add `mysql2` gem provider + * add ability to set data bag item names using attributes +* **[@tbunnyman](https://github.com/tbunnyman)** + * make `ignore_db` attribute into an array & add matching `ignore_table` attribute + * add `suppress_1592` replication attribute + * add `sql_modes` attribute +* **[@mzdrale](https://github.com/mzdrale)** + * fix cluster package name on RHEL systems +* **[@Sauraus](https://github.com/Sauraus)** + * fix cluster dependency package installation on RHEL systems + * fix `slow_query_logdir` path creation +* **[@jim80net](https://github.com/jim80net)** + * fix toolkit installation for version 5.6 on RHEL systems +* **[@helgi](https://github.com/helgi)** + * use `mysql` command vs. a file to check the root password + * generate configuration file before setting up data directory + * ensure `includedir` is created if provided + * add attribute `performance_schema` + * fix mysql root password update check +* **[@arnesund](https://github.com/arnesund)** + * fix package list for clusters based on CentOS + * avoid uninstall of `mysql-libs` when not needed + * fix XtraDB Cluster 5.6 installation on CentOS 7 + * add support for `chef-vault` +* **[@n3bulous](https://github.com/n3bulous)** + * add `federated` and `read_rnd_buffer_size` attributes +* **[@runwaldarshu](https://github.com/runwaldarshu)** + * add `sensitive` attribute for resources +* **[@vermut](https://github.com/vermut)** + * fix `ConfigHelper` definitions to make them available from `module_function` +* **[@dng-dev](https://github.com/dng-dev)** + * add `innodb_import_table_from_xtrabackup` attribute +* **[@washingtoneg](https://github.com/washingtoneg)** + * add `myisam_read_buffer_size` attribute +* **[@cmjosh](https://github.com/cmjosh)** + * fix version-dependent package attribute issues +* **[@cybermerc](https://github.com/cybermerc)** + * fix provider superclass mismatch +* **[@drywheat](https://github.com/drywheat)** + * add `skip_slave_start` attribute +* **[@joelhandwell](https://github.com/joelhandwell)** + * fix duplication of slow query log directory creation + * suppress warning CHEF-3694 for log dir +* **[@bitpusher-real](https://github.com/bitpusher-real)** + * add `binlog_ignore_db` attribute + * add version restrictions on three MySQL directives + * only set `old_passwords` only when a value defined + * add `slave_transaction_retries` attribute + * add `slave_load_tmpdir` attribute +* **[@cyberflow](https://github.com/cyberflow)** + * add `replication_sql` attribute +* **[@jklare](https://github.com/jklare)** + * fix cluster specific settings for `my.cnf` and client packages +* **[@whiteley](https://github.com/whiteley)** + * remove duplicated attributes + * namespace apt attributes following yum example ## License **chef-percona** -* Freely distributable and licensed under the [MIT license](http://phlipper.mit-license.org/2012-2014/license.html). -* Copyright (c) 2012-2014 Phil Cohen (github@phlippers.net) [![endorse](http://api.coderwall.com/phlipper/endorsecount.png)](http://coderwall.com/phlipper) [![Gittip](http://img.shields.io/gittip/phlipper.png)](https://www.gittip.com/phlipper/) +* Freely distributable and licensed under the [MIT license](http://phlipper.mit-license.org/2012-2015/license.html). +* Copyright (c) 2012-2015 Phil Cohen (github@phlippers.net) * http://phlippers.net/ diff --git a/berks-cookbooks/percona/Rakefile b/berks-cookbooks/percona/Rakefile index 52903cd0..af455346 100644 --- a/berks-cookbooks/percona/Rakefile +++ b/berks-cookbooks/percona/Rakefile @@ -4,7 +4,14 @@ desc "Run all tests except `kitchen`" task test: [:rubocop, :foodcritic, :chefspec] desc "Run all tests" -task all_tests: [:rubocop, :foodcritic, :chefspec, "kitchen:all"] +task all_tests: [ + :license_finder, :rubocop, :foodcritic, :chefspec, "kitchen:all" +] + +# license finder +task :license_finder do + sh "bundle exec license_finder --quiet" +end # rubocop style checker require "rubocop/rake_task" diff --git a/berks-cookbooks/percona/attributes/client.rb b/berks-cookbooks/percona/attributes/client.rb index e4bd27c0..6b55105e 100644 --- a/berks-cookbooks/percona/attributes/client.rb +++ b/berks-cookbooks/percona/attributes/client.rb @@ -3,6 +3,9 @@ # Attributes:: client # +# install vs. upgrade packages +default["percona"]["client"]["package_action"] = "install" + version = value_for_platform_family( "debian" => node["percona"]["version"], "rhel" => node["percona"]["version"].tr(".", "") @@ -16,11 +19,23 @@ else "" end - default["percona"]["client"]["packages"] = %W[ - libperconaserverclient#{abi_version}-dev percona-server-client-#{version} - ] + if Array(node["percona"]["server"]["role"]).include?("cluster") + default["percona"]["client"]["packages"] = %W[ + libperconaserverclient#{abi_version}-dev percona-xtradb-cluster-client-#{version} + ] + else + default["percona"]["client"]["packages"] = %W[ + libperconaserverclient#{abi_version}-dev percona-server-client-#{version} + ] + end when "rhel" - default["percona"]["client"]["packages"] = %W[ - Percona-Server-devel-#{version} Percona-Server-client-#{version} - ] + if Array(node["percona"]["server"]["role"]).include?("cluster") + default["percona"]["client"]["packages"] = %W[ + Percona-XtraDB-Cluster-devel-#{version} Percona-XtraDB-Cluster-client-#{version} + ] + else + default["percona"]["client"]["packages"] = %W[ + Percona-Server-devel-#{version} Percona-Server-client-#{version} + ] + end end diff --git a/berks-cookbooks/percona/attributes/default.rb b/berks-cookbooks/percona/attributes/default.rb index f21fc7e0..868c021c 100644 --- a/berks-cookbooks/percona/attributes/default.rb +++ b/berks-cookbooks/percona/attributes/default.rb @@ -3,175 +3,208 @@ # Attributes:: default # -::Chef::Node.send(:include, Opscode::OpenSSL::Password) +# include the openssl cookbook password library +if defined?(::Opscode::OpenSSL::Password) + ::Chef::Node.send(:include, ::Opscode::OpenSSL::Password) +elsif defined?(::OpenSSLCookbook::Password) + ::Chef::Node.send(:include, ::OpenSSLCookbook::Password) +elsif defined?(::Chef::OpenSSL::Password) + ::Chef::Node.send(:include, ::Chef::OpenSSL::Password) +end -version = default["percona"]["version"] = "5.6" +default["percona"]["version"] = "5.6" # Always restart percona on configuration changes default["percona"]["auto_restart"] = true case node["platform_family"] when "debian" - default["percona"]["server"]["socket"] = "/var/run/mysqld/mysqld.sock" - default["percona"]["server"]["default_storage_engine"] = "InnoDB" - default["percona"]["server"]["includedir"] = "/etc/mysql/conf.d/" - default["percona"]["server"]["pidfile"] = "/var/run/mysqld/mysqld.pid" - default["percona"]["server"]["package"] = "percona-server-server-#{version}" + default["percona"]["server"]["socket"] = "/var/run/mysqld/mysqld.sock" + default["percona"]["server"]["default_storage_engine"] = "InnoDB" + default["percona"]["server"]["includedir"] = "/etc/mysql/conf.d/" + default["percona"]["server"]["pidfile"] = "/var/run/mysqld/mysqld.pid" when "rhel" - default["percona"]["server"]["socket"] = "/var/lib/mysql/mysql.sock" - default["percona"]["server"]["default_storage_engine"] = "innodb" - default["percona"]["server"]["includedir"] = "" - default["percona"]["server"]["pidfile"] = "/var/lib/mysql/mysqld.pid" - default["percona"]["server"]["package"] = "Percona-Server-server-#{version.tr(".", "")}" - default["percona"]["server"]["shared_pkg"] = "Percona-Server-shared-#{version.tr(".", "")}" + default["percona"]["server"]["socket"] = "/var/lib/mysql/mysql.sock" + default["percona"]["server"]["default_storage_engine"] = "innodb" + default["percona"]["server"]["includedir"] = "" + default["percona"]["server"]["pidfile"] = "/var/lib/mysql/mysqld.pid" end # Cookbook Settings -default["percona"]["main_config_file"] = "/etc/my.cnf" -default["percona"]["keyserver"] = "keys.gnupg.net" -default["percona"]["encrypted_data_bag"] = "passwords" -default["percona"]["encrypted_data_bag_secret_file"] = "" -default["percona"]["skip_passwords"] = false -default["percona"]["skip_configure"] = false +default["percona"]["main_config_file"] = value_for_platform_family( + "debian" => "/etc/mysql/my.cnf", + "rhel" => "/etc/my.cnf" +) +default["percona"]["encrypted_data_bag"] = "passwords" +default["percona"]["encrypted_data_bag_secret_file"] = "" +default["percona"]["encrypted_data_bag_item_mysql"] = "mysql" +default["percona"]["encrypted_data_bag_item_system"] = "system" +default["percona"]["encrypted_data_bag_item_ssl_replication"] = "ssl_replication" +default["percona"]["use_chef_vault"] = false +default["percona"]["skip_passwords"] = false +default["percona"]["skip_configure"] = false # Start percona server on boot -default["percona"]["server"]["enable"] = true +default["percona"]["server"]["enable"] = true + +# install vs. upgrade packages +default["percona"]["server"]["package_action"] = "install" # Basic Settings -default["percona"]["server"]["role"] = "standalone" -default["percona"]["server"]["username"] = "mysql" -default["percona"]["server"]["datadir"] = "/var/lib/mysql" -default["percona"]["server"]["logdir"] = "/var/log/mysql" -default["percona"]["server"]["tmpdir"] = "/tmp" -default["percona"]["server"]["debian_username"] = "debian-sys-maint" -default["percona"]["server"]["jemalloc"] = false -default["percona"]["server"]["jemalloc_lib"] = value_for_platform_family( - "debian" => value_for_platform( - "ubuntu" => { - "trusty" => "/usr/lib/x86_64-linux-gnu/libjemalloc.so.1", - "precise" => "/usr/lib/libjemalloc.so.1" - } - ), - "rhel" => "/usr/lib64/libjemalloc.so.1" - ) -default["percona"]["server"]["nice"] = 0 -default["percona"]["server"]["open_files_limit"] = 16_384 -default["percona"]["server"]["hostname"] = "localhost" -default["percona"]["server"]["basedir"] = "/usr" -default["percona"]["server"]["port"] = 3306 -default["percona"]["server"]["language"] = "/usr/share/mysql/english" -default["percona"]["server"]["character_set"] = "utf8" -default["percona"]["server"]["collation"] = "utf8_unicode_ci" -default["percona"]["server"]["skip_name_resolve"] = false -default["percona"]["server"]["skip_external_locking"] = true -default["percona"]["server"]["net_read_timeout"] = 120 -default["percona"]["server"]["connect_timeout"] = 10 -default["percona"]["server"]["wait_timeout"] = 28_800 -default["percona"]["server"]["old_passwords"] = 0 -default["percona"]["server"]["bind_address"] = "127.0.0.1" +default["percona"]["server"]["role"] = ["standalone"] +default["percona"]["server"]["username"] = "mysql" +default["percona"]["server"]["datadir"] = "/var/lib/mysql" +default["percona"]["server"]["logdir"] = "/var/log/mysql" +default["percona"]["server"]["tmpdir"] = "/tmp" +default["percona"]["server"]["slave_load_tmpdir"] = "/tmp" +default["percona"]["server"]["debian_username"] = "debian-sys-maint" +default["percona"]["server"]["jemalloc"] = false +default["percona"]["server"]["jemalloc_lib"] = value_for_platform_family( + "debian" => value_for_platform( + "ubuntu" => { + "trusty" => "/usr/lib/x86_64-linux-gnu/libjemalloc.so.1", + "precise" => "/usr/lib/libjemalloc.so.1" + } + ), + "rhel" => "/usr/lib64/libjemalloc.so.1" +) +default["percona"]["server"]["nice"] = 0 +default["percona"]["server"]["open_files_limit"] = 16_384 +default["percona"]["server"]["hostname"] = "localhost" +default["percona"]["server"]["basedir"] = "/usr" +default["percona"]["server"]["port"] = 3306 +default["percona"]["server"]["language"] = "/usr/share/mysql/english" +default["percona"]["server"]["character_set"] = "utf8" +default["percona"]["server"]["collation"] = "utf8_unicode_ci" +default["percona"]["server"]["skip_name_resolve"] = false +default["percona"]["server"]["skip_external_locking"] = true +default["percona"]["server"]["net_read_timeout"] = 120 +default["percona"]["server"]["connect_timeout"] = 10 +default["percona"]["server"]["wait_timeout"] = 28_800 +default["percona"]["server"]["old_passwords"] = 0 +default["percona"]["server"]["bind_address"] = "127.0.0.1" +default["percona"]["server"]["federated"] = false + %w[debian_password root_password].each do |attribute| next if attribute?(node["percona"]["server"][attribute]) - default["percona"]["server"][attribute] = secure_password + default["percona"]["server"][attribute] = secure_password end # Fine Tuning -default["percona"]["server"]["key_buffer"] = "16M" -default["percona"]["server"]["max_allowed_packet"] = "64M" -default["percona"]["server"]["thread_stack"] = "192K" -default["percona"]["server"]["query_alloc_block_size"] = "16K" -default["percona"]["server"]["memlock"] = false -default["percona"]["server"]["transaction_isolation"] = "REPEATABLE-READ" -default["percona"]["server"]["tmp_table_size"] = "64M" -default["percona"]["server"]["max_heap_table_size"] = "64M" -default["percona"]["server"]["sort_buffer_size"] = "8M" -default["percona"]["server"]["join_buffer_size"] = "8M" -default["percona"]["server"]["thread_cache_size"] = 16 -default["percona"]["server"]["back_log"] = 50 -default["percona"]["server"]["max_connections"] = 30 -default["percona"]["server"]["max_connect_errors"] = 9_999_999 -default["percona"]["server"]["table_cache"] = 8192 -default["percona"]["server"]["group_concat_max_len"] = 4096 -default["percona"]["server"]["expand_fast_index_creation"] = false +default["percona"]["server"]["key_buffer_size"] = "16M" +default["percona"]["server"]["max_allowed_packet"] = "64M" +default["percona"]["server"]["thread_stack"] = "192K" +default["percona"]["server"]["query_alloc_block_size"] = "16K" +default["percona"]["server"]["memlock"] = false +default["percona"]["server"]["transaction_isolation"] = "REPEATABLE-READ" +default["percona"]["server"]["tmp_table_size"] = "64M" +default["percona"]["server"]["max_heap_table_size"] = "64M" +default["percona"]["server"]["sort_buffer_size"] = "8M" +default["percona"]["server"]["join_buffer_size"] = "8M" +default["percona"]["server"]["thread_cache_size"] = 16 +default["percona"]["server"]["back_log"] = 50 +default["percona"]["server"]["max_connections"] = 30 +default["percona"]["server"]["max_connect_errors"] = 9_999_999 +default["percona"]["server"]["sql_modes"] = [] +default["percona"]["server"]["table_cache"] = 8192 +default["percona"]["server"]["group_concat_max_len"] = 4096 +default["percona"]["server"]["expand_fast_index_creation"] = false +default["percona"]["server"]["read_rnd_buffer_size"] = 262_144 # Query Cache Configuration -default["percona"]["server"]["query_cache_size"] = "64M" -default["percona"]["server"]["query_cache_limit"] = "2M" +default["percona"]["server"]["query_cache_size"] = "64M" +default["percona"]["server"]["query_cache_limit"] = "2M" # Logging and Replication -default["percona"]["server"]["sync_binlog"] = 1 -default["percona"]["server"]["slow_query_log"] = 1 -default["percona"]["server"]["slow_query_log_file"] = "/var/log/mysql/mysql-slow.log" -default["percona"]["server"]["long_query_time"] = 2 -default["percona"]["server"]["server_id"] = 1 -default["percona"]["server"]["binlog_do_db"] = [] -default["percona"]["server"]["expire_logs_days"] = 10 -default["percona"]["server"]["max_binlog_size"] = "100M" -default["percona"]["server"]["binlog_cache_size"] = "1M" -default["percona"]["server"]["binlog_format"] = "MIXED" -default["percona"]["server"]["log_bin"] = "master-bin" -default["percona"]["server"]["relay_log"] = "slave-relay-bin" -default["percona"]["server"]["log_slave_updates"] = false -default["percona"]["server"]["log_warnings"] = true -default["percona"]["server"]["log_long_format"] = false -default["percona"]["server"]["bulk_insert_buffer_size"] = "64M" +default["percona"]["server"]["sync_binlog"] = (node["percona"]["server"]["role"] == "cluster" ? 0 : 1) +default["percona"]["server"]["slow_query_log"] = 1 +default["percona"]["server"]["slow_query_logdir"] = "/var/log/mysql" +default["percona"]["server"]["slow_query_log_file"] = "#{node["percona"]["server"]["slow_query_logdir"]}/mysql-slow.log" +default["percona"]["server"]["long_query_time"] = 2 +default["percona"]["server"]["server_id"] = 1 +default["percona"]["server"]["binlog_do_db"] = [] +default["percona"]["server"]["binlog_ignore_db"] = [] +default["percona"]["server"]["expire_logs_days"] = 10 +default["percona"]["server"]["max_binlog_size"] = "100M" +default["percona"]["server"]["binlog_cache_size"] = "1M" +default["percona"]["server"]["binlog_format"] = "MIXED" +default["percona"]["server"]["log_bin"] = "master-bin" +default["percona"]["server"]["relay_log"] = "slave-relay-bin" +default["percona"]["server"]["log_slave_updates"] = false +default["percona"]["server"]["log_warnings"] = true +default["percona"]["server"]["log_long_format"] = false +default["percona"]["server"]["bulk_insert_buffer_size"] = "64M" # MyISAM Specific -default["percona"]["server"]["myisam_recover"] = "BACKUP" -default["percona"]["server"]["myisam_sort_buffer_size"] = "128M" -default["percona"]["server"]["myisam_max_sort_file_size"] = "10G" -default["percona"]["server"]["myisam_repair_threads"] = 1 +default["percona"]["server"]["myisam_recover_options"] = "BACKUP" +default["percona"]["server"]["myisam_sort_buffer_size"] = "128M" +default["percona"]["server"]["myisam_max_sort_file_size"] = "10G" +default["percona"]["server"]["myisam_repair_threads"] = 1 +default["percona"]["server"]["read_buffer_size"] = "8M" # InnoDB Specific -default["percona"]["server"]["skip_innodb"] = false +default["percona"]["server"]["skip_innodb"] = false default["percona"]["server"]["innodb_additional_mem_pool_size"] = "32M" -default["percona"]["server"]["innodb_buffer_pool_size"] = "128M" -default["percona"]["server"]["innodb_data_file_path"] = "ibdata1:10M:autoextend" -default["percona"]["server"]["innodb_file_per_table"] = true -default["percona"]["server"]["innodb_file_format"] = "Antelope" -default["percona"]["server"]["innodb_data_home_dir"] = "" -default["percona"]["server"]["innodb_thread_concurrency"] = 16 -default["percona"]["server"]["innodb_flush_log_at_trx_commit"] = 1 -default["percona"]["server"]["innodb_fast_shutdown"] = false -default["percona"]["server"]["innodb_log_buffer_size"] = "64M" -default["percona"]["server"]["innodb_log_file_size"] = "5M" -default["percona"]["server"]["innodb_log_files_in_group"] = 2 -default["percona"]["server"]["innodb_max_dirty_pages_pct"] = 80 -default["percona"]["server"]["innodb_flush_method"] = "O_DIRECT" -default["percona"]["server"]["innodb_lock_wait_timeout"] = 120 +default["percona"]["server"]["innodb_buffer_pool_size"] = "128M" +default["percona"]["server"]["innodb_data_file_path"] = "ibdata1:10M:autoextend" +default["percona"]["server"]["innodb_autoextend_increment"] = "128M" +default["percona"]["server"]["innodb_open_files"] = 2000 +default["percona"]["server"]["innodb_file_per_table"] = true +default["percona"]["server"]["innodb_file_format"] = "Antelope" +default["percona"]["server"]["innodb_data_home_dir"] = "" +default["percona"]["server"]["innodb_thread_concurrency"] = 16 +default["percona"]["server"]["innodb_flush_log_at_trx_commit"] = 1 +default["percona"]["server"]["innodb_fast_shutdown"] = false +default["percona"]["server"]["innodb_log_buffer_size"] = "64M" +default["percona"]["server"]["innodb_log_file_size"] = "5M" +default["percona"]["server"]["innodb_log_files_in_group"] = 2 +default["percona"]["server"]["innodb_max_dirty_pages_pct"] = 80 +default["percona"]["server"]["innodb_flush_method"] = "O_DIRECT" +default["percona"]["server"]["innodb_lock_wait_timeout"] = 120 +default["percona"]["server"]["innodb_import_table_from_xtrabackup"] = 0 + +# Performance Schema +default["percona"]["server"]["performance_schema"] = false # Replication Settings -default["percona"]["server"]["replication"]["read_only"] = false -default["percona"]["server"]["replication"]["host"] = "" -default["percona"]["server"]["replication"]["username"] = "" -default["percona"]["server"]["replication"]["password"] = "" -default["percona"]["server"]["replication"]["port"] = 3306 -default["percona"]["server"]["replication"]["ignore_db"] = "" +default["percona"]["server"]["replication"]["read_only"] = false +default["percona"]["server"]["replication"]["host"] = "" +default["percona"]["server"]["replication"]["username"] = "" +default["percona"]["server"]["replication"]["password"] = "" +default["percona"]["server"]["replication"]["port"] = 3306 +default["percona"]["server"]["replication"]["ignore_db"] = [] +default["percona"]["server"]["replication"]["ignore_table"] = [] +default["percona"]["server"]["replication"]["ssl_enabled"] = false +default["percona"]["server"]["replication"]["suppress_1592"] = false +default["percona"]["server"]["replication"]["skip_slave_start"] = false +default["percona"]["server"]["replication"]["replication_sql"] = "/etc/mysql/replication.sql" +default["percona"]["server"]["replication"]["slave_transaction_retries"] = 10 # XtraBackup Settings -default["percona"]["backup"]["configure"] = false -default["percona"]["backup"]["username"] = "backup" +default["percona"]["backup"]["configure"] = false +default["percona"]["backup"]["username"] = "backup" unless attribute?(node["percona"]["backup"]["password"]) - default["percona"]["backup"]["password"] = secure_password + default["percona"]["backup"]["password"] = secure_password end # XtraDB Cluster Settings -default["percona"]["cluster"]["package"] = "percona-xtradb-cluster-55" -default["percona"]["cluster"]["binlog_format"] = "ROW" -default["percona"]["cluster"]["wsrep_provider"] = value_for_platform_family( - "debian" => "/usr/lib/libgalera_smm.so", - "rhel" => "/usr/lib64/libgalera_smm.so" - ) -default["percona"]["cluster"]["wsrep_cluster_address"] = "" -default["percona"]["cluster"]["wsrep_slave_threads"] = 2 -default["percona"]["cluster"]["wsrep_cluster_name"] = "" -default["percona"]["cluster"]["wsrep_sst_method"] = "rsync" -default["percona"]["cluster"]["wsrep_node_name"] = "" -default["percona"]["cluster"]["wsrep_notify_cmd"] = "" -default["percona"]["cluster"]["wsrep_sst_auth"] = "" +default["percona"]["cluster"]["binlog_format"] = "ROW" +default["percona"]["cluster"]["wsrep_provider"] = value_for_platform_family( + "debian" => "/usr/lib/libgalera_smm.so", + "rhel" => "/usr/lib64/libgalera_smm.so" +) +default["percona"]["cluster"]["wsrep_provider_options"] = "" +default["percona"]["cluster"]["wsrep_cluster_address"] = "" +default["percona"]["cluster"]["wsrep_slave_threads"] = 2 +default["percona"]["cluster"]["wsrep_cluster_name"] = "" +default["percona"]["cluster"]["wsrep_sst_method"] = "rsync" +default["percona"]["cluster"]["wsrep_node_name"] = "" +default["percona"]["cluster"]["wsrep_notify_cmd"] = "" +default["percona"]["cluster"]["wsrep_sst_auth"] = "" # These both are used to build wsrep_sst_receive_address -default["percona"]["cluster"]["wsrep_sst_receive_interface"] = nil # Works like node["percona"]["server"]["bind_to"] -default["percona"]["cluster"]["wsrep_sst_receive_port"] = "4444" +default["percona"]["cluster"]["wsrep_sst_receive_interface"] = nil # Works like node["percona"]["server"]["bind_to"] +default["percona"]["cluster"]["wsrep_sst_receive_port"] = "4444" default["percona"]["cluster"]["innodb_locks_unsafe_for_binlog"] = 1 -default["percona"]["cluster"]["innodb_autoinc_lock_mode"] = 2 +default["percona"]["cluster"]["innodb_autoinc_lock_mode"] = 2 diff --git a/berks-cookbooks/percona/attributes/package_repo.rb b/berks-cookbooks/percona/attributes/package_repo.rb index 46862c5a..6bef7f2f 100644 --- a/berks-cookbooks/percona/attributes/package_repo.rb +++ b/berks-cookbooks/percona/attributes/package_repo.rb @@ -4,12 +4,16 @@ # default["percona"]["use_percona_repos"] = true -default["percona"]["apt_uri"] = "http://repo.percona.com/apt" -default["percona"]["apt_keyserver"] = "keys.gnupg.net" -default["percona"]["apt_key"] = "CD2EFD2A" arch = node["kernel"]["machine"] == "x86_64" ? "x86_64" : "i386" -pversion = node["platform_version"].to_i +pversion = value_for_platform( + "amazon" => { "default" => "latest" }, + "default" => node["platform_version"].to_i +) + +default["percona"]["apt"]["key"] = "0x1C4CBDCDCD2EFD2A" +default["percona"]["apt"]["keyserver"] = "hkp://keys.gnupg.net:80" +default["percona"]["apt"]["uri"] = "http://repo.percona.com/apt" default["percona"]["yum"]["description"] = "Percona Packages" default["percona"]["yum"]["baseurl"] = "http://repo.percona.com/centos/#{pversion}/os/#{arch}/" diff --git a/berks-cookbooks/percona/libraries/config_helper.rb b/berks-cookbooks/percona/libraries/config_helper.rb index b7250dfb..de8966fe 100644 --- a/berks-cookbooks/percona/libraries/config_helper.rb +++ b/berks-cookbooks/percona/libraries/config_helper.rb @@ -43,7 +43,7 @@ def bind_to(node, interface) private - def find_public_ip(node) + def self.find_public_ip(node) if node["cloud"] && node["cloud"]["public_ipv4"] node["cloud"]["public_ipv4"] else @@ -51,7 +51,7 @@ def find_public_ip(node) end end - def find_private_ip(node) + def self.find_private_ip(node) if node["cloud"] && node["cloud"]["local_ipv4"] node["cloud"]["local_ipv4"] elsif node["cloud"] && node["cloud"]["private_ipv4"] @@ -63,11 +63,11 @@ def find_private_ip(node) end end - def find_loopback_ip(node) + def self.find_loopback_ip(node) find_ip(node, :loopback) end - def find_ip(node, scope) + def self.find_ip(node, scope) node["network"]["interfaces"].each do |_, attrs| next unless attrs["addresses"] attrs["addresses"].each do |addr, data| diff --git a/berks-cookbooks/percona/libraries/passwords.rb b/berks-cookbooks/percona/libraries/passwords.rb index 6dbba17c..181bdfdf 100644 --- a/berks-cookbooks/percona/libraries/passwords.rb +++ b/berks-cookbooks/percona/libraries/passwords.rb @@ -8,17 +8,24 @@ def initialize(node, bag = "passwords") @node = node @bag = bag @secret_file = node["percona"]["encrypted_data_bag_secret_file"] + @mysql_item = node["percona"]["encrypted_data_bag_item_mysql"] + @system_item = node["percona"]["encrypted_data_bag_item_system"] end # helper for passwords def find_password(item, user, default = nil) begin + # attribute that controls use of chef-vault or encrypted data bags + vault = node["percona"]["use_chef_vault"] + # load password from the vault + pwds = ChefVault::Item.load(bag, item) if vault # load the encrypted data bag item, using a secret if specified - passwords = Chef::EncryptedDataBagItem.load(@bag, item, data_bag_secret) + pwds = Chef::EncryptedDataBagItem.load(@bag, item, secret) unless vault # now, let's look for the user password - password = passwords[user] + password = pwds[user] rescue - Chef::Log.info("Using non-encrypted password for #{user}, #{item}") + Chef::Log.info("Unable to load password for #{user}, #{item},"\ + "fall back to non-encrypted password") end # password will be nil if no encrypted data bag was loaded # fall back to the attribute on this node @@ -27,32 +34,33 @@ def find_password(item, user, default = nil) # mysql root def root_password - find_password "mysql", "root", node_server["root_password"] + find_password @mysql_item, "root", node_server["root_password"] end # debian script user password def debian_password find_password( - "system", node_server["debian_username"], node_server["debian_password"] + @system_item, node_server["debian_username"], + node_server["debian_password"] ) end # ? def old_passwords - find_password "mysql", "old_passwords", node_server["old_passwords"] + find_password @mysql_item, "old_passwords", node_server["old_passwords"] end # password for user responsbile for replicating in master/slave environment def replication_password find_password( - "mysql", "replication", node_server["replication"]["password"] + @mysql_item, "replication", node_server["replication"]["password"] ) end # password for user responsbile for running xtrabackup def backup_password backup = node["percona"]["backup"] - find_password "mysql", backup["username"], backup["password"] + find_password @mysql_item, backup["username"], backup["password"] end private @@ -67,17 +75,13 @@ def data_bag_secret_file secret_file elsif !Chef::Config[:encrypted_data_bag_secret].empty? Chef::Config[:encrypted_data_bag_secret] - else - nil end end - def data_bag_secret - if data_bag_secret_file - Chef::EncryptedDataBagItem.load_secret(data_bag_secret_file) - else - nil - end + def secret + return unless data_bag_secret_file + + Chef::EncryptedDataBagItem.load_secret(data_bag_secret_file) end end end diff --git a/berks-cookbooks/percona/libraries/provider_mysql2_chef_gem.rb b/berks-cookbooks/percona/libraries/provider_mysql2_chef_gem.rb new file mode 100644 index 00000000..4849e9c8 --- /dev/null +++ b/berks-cookbooks/percona/libraries/provider_mysql2_chef_gem.rb @@ -0,0 +1,33 @@ +class Chef + class Provider + class Mysql2ChefGem + # Provider to install MySQL2 gem on systems using Percona databases + class Percona < Chef::Provider::LWRPBase + use_inline_resources if defined?(use_inline_resources) + + def whyrun_supported? + true + end + + def action_install + converge_by "install mysql2 chef_gem and dependencies" do + recipe_eval do + run_context.include_recipe "build-essential" + run_context.include_recipe "percona::client" + end + + chef_gem "mysql2" do + action :install + end + end + end + + def action_remove + chef_gem "mysql2" do + action :remove + end + end + end + end + end +end diff --git a/berks-cookbooks/percona/libraries/provider_mysql_chef_gem.rb b/berks-cookbooks/percona/libraries/provider_mysql_chef_gem.rb index 5acc3722..63623c29 100644 --- a/berks-cookbooks/percona/libraries/provider_mysql_chef_gem.rb +++ b/berks-cookbooks/percona/libraries/provider_mysql_chef_gem.rb @@ -1,22 +1,30 @@ class Chef class Provider - # rubocop:disable LineLength - # - # Public: - # Monkey patch to not install mysql client dev libraries over ours - # https://github.com/opscode-cookbooks/mysql/blob/master/libraries/provider_mysql_client_ubuntu.rb - # - # rubocop:enable LineLength - class MysqlChefGem < Chef::Provider::LWRPBase - def action_install - converge_by "install mysql chef_gem and dependencies" do - recipe_eval do - run_context.include_recipe "build-essential::default" - run_context.include_recipe "percona::client" + class MysqlChefGem + # Provider to install MySQL gem on systems using Percona databases + class Percona < Chef::Provider::LWRPBase + use_inline_resources if defined?(use_inline_resources) + + def whyrun_supported? + true + end + + def action_install + converge_by "install mysql chef_gem and dependencies" do + recipe_eval do + run_context.include_recipe "build-essential" + run_context.include_recipe "percona::client" + end + + chef_gem "mysql" do + action :install + end end + end + def action_remove chef_gem "mysql" do - action :install + action :remove end end end diff --git a/berks-cookbooks/percona/metadata.json b/berks-cookbooks/percona/metadata.json index 45ea1fa3..badf6b8a 100644 --- a/berks-cookbooks/percona/metadata.json +++ b/berks-cookbooks/percona/metadata.json @@ -15,23 +15,33 @@ "redhat": ">= 0.0.0" }, "dependencies": { - "apt": ">= 1.9", + "apt": ">= 2.7.0", + "build-essential": ">= 0.0.0", + "openssl": ">= 0.0.0", "yum": "~> 3.0", - "openssl": ">= 0.0.0" + "yum-epel": ">= 0.0.0", + "chef-vault": ">= 0.0.0" }, "recommendations": { + }, "suggestions": { + }, "conflicting": { + }, "providing": { + }, "replacing": { + }, "attributes": { + }, "groupings": { + }, "recipes": { "percona": "Includes the client recipe to configure a client", @@ -46,5 +56,7 @@ "percona::access_grants": "Used internally to grant permissions for recipes", "percona::monitoring": "Installs Percona monitoring plugins for Nagios" }, - "version": "0.15.5" -} \ No newline at end of file + "version": "0.16.1", + "source_url": "", + "issues_url": "" +} diff --git a/berks-cookbooks/percona/recipes/access_grants.rb b/berks-cookbooks/percona/recipes/access_grants.rb index 405f9740..d008d4e4 100644 --- a/berks-cookbooks/percona/recipes/access_grants.rb +++ b/berks-cookbooks/percona/recipes/access_grants.rb @@ -17,6 +17,7 @@ owner "root" group "root" mode "0600" + sensitive true end # execute access grants @@ -24,10 +25,11 @@ # Intent is to check whether the root_password works, and use it to # load the grants if so. If not, try loading without a password # and see if we get lucky - execute "mysql-install-privileges" do + execute "mysql-install-privileges" do # ~FC009 - `sensitive` command "/usr/bin/mysql -p'#{passwords.root_password}' -e '' &> /dev/null > /dev/null &> /dev/null ; if [ $? -eq 0 ] ; then /usr/bin/mysql -p'#{passwords.root_password}' < /etc/mysql/grants.sql ; else /usr/bin/mysql < /etc/mysql/grants.sql ; fi ;" # rubocop:disable LineLength action :nothing subscribes :run, resources("template[/etc/mysql/grants.sql]"), :immediately + sensitive true end else # Simpler path... just try running the grants command @@ -35,5 +37,6 @@ command "/usr/bin/mysql < /etc/mysql/grants.sql" action :nothing subscribes :run, resources("template[/etc/mysql/grants.sql]"), :immediately + sensitive true end end diff --git a/berks-cookbooks/percona/recipes/client.rb b/berks-cookbooks/percona/recipes/client.rb index e1774f54..9fb8861b 100644 --- a/berks-cookbooks/percona/recipes/client.rb +++ b/berks-cookbooks/percona/recipes/client.rb @@ -6,5 +6,7 @@ include_recipe "percona::package_repo" node["percona"]["client"]["packages"].each do |percona_client_pkg| - package percona_client_pkg + package percona_client_pkg do + action node["percona"]["client"]["package_action"].to_sym + end end diff --git a/berks-cookbooks/percona/recipes/cluster.rb b/berks-cookbooks/percona/recipes/cluster.rb index f8933015..8afb22d6 100644 --- a/berks-cookbooks/percona/recipes/cluster.rb +++ b/berks-cookbooks/percona/recipes/cluster.rb @@ -14,6 +14,13 @@ node.set["percona"]["cluster"]["wsrep_sst_receive_address"] = address end +# set default package attributes +version = node["percona"]["version"] +node.default["percona"]["cluster"]["package"] = value_for_platform_family( + "debian" => "percona-xtradb-cluster-#{version.tr(".", "")}", + "rhel" => "Percona-XtraDB-Cluster-#{version.tr(".", "")}" +) + # install packages case node["platform_family"] when "debian" @@ -26,8 +33,13 @@ when "rhel" package "mysql-libs" do action :remove + not_if "rpm -qa | grep -q '#{node["percona"]["cluster"]["package"]}'" end + # This is required for `socat` per: + # www.percona.com/doc/percona-xtradb-cluster/5.6/installation/yum_repo.html + include_recipe "yum-epel" + package node["percona"]["cluster"]["package"] end diff --git a/berks-cookbooks/percona/recipes/configure_server.rb b/berks-cookbooks/percona/recipes/configure_server.rb index f282e6d5..5d385010 100644 --- a/berks-cookbooks/percona/recipes/configure_server.rb +++ b/berks-cookbooks/percona/recipes/configure_server.rb @@ -8,15 +8,28 @@ conf = percona["conf"] mysqld = (conf && conf["mysqld"]) || {} +# install chef-vault if needed +include_recipe "chef-vault" if node["percona"]["use_chef_vault"] + # construct an encrypted passwords helper -- giving it the node and bag name passwords = EncryptedPasswords.new(node, percona["encrypted_data_bag"]) +if node["percona"]["server"]["jemalloc"] + package_name = value_for_platform_family( + "debian" => "libjemalloc1", + "rhel" => "jemalloc" + ) + + package package_name +end + template "/root/.my.cnf" do variables(root_password: passwords.root_password) owner "root" group "root" mode "0600" source "my.cnf.root.erb" + sensitive true not_if { node["percona"]["skip_passwords"] } end @@ -33,10 +46,12 @@ end end -datadir = mysqld["datadir"] || server["datadir"] -logdir = mysqld["logdir"] || server["logdir"] -tmpdir = mysqld["tmpdir"] || server["tmpdir"] -user = mysqld["username"] || server["username"] +datadir = mysqld["datadir"] || server["datadir"] +logdir = mysqld["logdir"] || server["logdir"] +tmpdir = mysqld["tmpdir"] || server["tmpdir"] +includedir = mysqld["includedir"] || server["includedir"] +user = mysqld["username"] || server["username"] +slow_query_logdir = mysqld["slow_query_logdir"] || server["slow_query_logdir"] # this is where we dump sql templates for replication, etc. directory "/etc/mysql" do @@ -53,7 +68,8 @@ end # setup the log directory -directory logdir do +directory "log directory" do + path logdir owner user group user recursive true @@ -66,6 +82,24 @@ recursive true end +# setup the configuration include directory +unless includedir.empty? # ~FC023 + directory includedir do # don't evaluate an empty `directory` resource + owner user + group user + recursive true + end +end + +# setup slow_query_logdir directory +directory "slow query log directory" do + path slow_query_logdir + owner user + group user + recursive true + not_if { slow_query_logdir.eql? logdir } +end + # define the service service "mysql" do supports restart: true @@ -74,17 +108,28 @@ # install db to the data directory execute "setup mysql datadir" do - command "mysql_install_db --user=#{user} --datadir=#{datadir}" + command "mysql_install_db --defaults-file=#{percona["main_config_file"]} --user=#{user}" # rubocop:disable LineLength not_if "test -f #{datadir}/mysql/user.frm" + action :nothing +end + +# install SSL certificates before config phase +if node["percona"]["server"]["replication"]["ssl_enabled"] + include_recipe "percona::ssl" end # setup the main server config file template percona["main_config_file"] do - source "my.cnf.#{conf ? "custom" : server["role"]}.erb" + if Array(server["role"]).include?("cluster") + source "my.cnf.cluster.erb" + else + source "my.cnf.main.erb" + end owner "root" group "root" mode "0644" - + sensitive true + notifies :run, "execute[setup mysql datadir]", :immediately if node["percona"]["auto_restart"] notifies :restart, "service[mysql]", :immediately end @@ -92,10 +137,12 @@ # now let's set the root password only if this is the initial install unless node["percona"]["skip_passwords"] - execute "Update MySQL root password" do - root_pw = passwords.root_password + root_pw = passwords.root_password + + execute "Update MySQL root password" do # ~FC009 - `sensitive` command "mysqladmin --user=root --password='' password '#{root_pw}'" - not_if "test -f /etc/mysql/grants.sql" + only_if "mysqladmin --user=root --password='' version" + sensitive true end end @@ -106,6 +153,7 @@ owner "root" group "root" mode "0640" + sensitive true if node["percona"]["auto_restart"] notifies :restart, "service[mysql]", :immediately end diff --git a/berks-cookbooks/percona/recipes/monitoring.rb b/berks-cookbooks/percona/recipes/monitoring.rb index 35adf6f2..53f72f4a 100644 --- a/berks-cookbooks/percona/recipes/monitoring.rb +++ b/berks-cookbooks/percona/recipes/monitoring.rb @@ -5,7 +5,6 @@ node["percona"]["plugins_packages"].each do |pkg| package pkg do - action :install version node["percona"]["plugins_version"] end end diff --git a/berks-cookbooks/percona/recipes/package_repo.rb b/berks-cookbooks/percona/recipes/package_repo.rb index 5591862d..e3b5a044 100644 --- a/berks-cookbooks/percona/recipes/package_repo.rb +++ b/berks-cookbooks/percona/recipes/package_repo.rb @@ -17,12 +17,11 @@ end apt_repository "percona" do - uri node["percona"]["apt_uri"] + uri node["percona"]["apt"]["uri"] distribution node["lsb"]["codename"] components ["main"] - keyserver node["percona"]["apt_keyserver"] - key node["percona"]["apt_key"] - action :add + keyserver node["percona"]["apt"]["keyserver"] + key node["percona"]["apt"]["key"] end when "rhel" @@ -34,6 +33,5 @@ gpgkey node["percona"]["yum"]["gpgkey"] gpgcheck node["percona"]["yum"]["gpgcheck"] sslverify node["percona"]["yum"]["sslverify"] - action :create end end diff --git a/berks-cookbooks/percona/recipes/replication.rb b/berks-cookbooks/percona/recipes/replication.rb index cd8470dc..d485f33f 100644 --- a/berks-cookbooks/percona/recipes/replication.rb +++ b/berks-cookbooks/percona/recipes/replication.rb @@ -6,25 +6,28 @@ require "shellwords" passwords = EncryptedPasswords.new(node, node["percona"]["encrypted_data_bag"]) -replication_sql = "/etc/mysql/replication.sql" server = node["percona"]["server"] +replication_sql = server["replication"]["replication_sql"] # define access grants template replication_sql do - source "replication_#{server["role"]}.sql.erb" + source "replication.sql.erb" variables(replication_password: passwords.replication_password) owner "root" group "root" mode "0600" - - only_if { server["replication"]["host"] != "" || server["role"] == "master" } + sensitive true + only_if do + server["replication"]["host"] != "" || server["role"].include?("master") + end end root_pass = passwords.root_password.to_s root_pass = Shellwords.escape(root_pass).prepend("-p") unless root_pass.empty? -execute "mysql-set-replication" do +execute "mysql-set-replication" do # ~FC009 - `sensitive` command "/usr/bin/mysql #{root_pass} < #{replication_sql}" action :nothing subscribes :run, resources("template[#{replication_sql}]"), :immediately + sensitive true end diff --git a/berks-cookbooks/percona/recipes/server.rb b/berks-cookbooks/percona/recipes/server.rb index 789710c8..fd4fb8eb 100644 --- a/berks-cookbooks/percona/recipes/server.rb +++ b/berks-cookbooks/percona/recipes/server.rb @@ -5,14 +5,21 @@ include_recipe "percona::package_repo" +version = node["percona"]["version"] + # install packages case node["platform_family"] when "debian" + node.default["percona"]["server"]["package"] = "percona-server-server-#{version}" # rubocop:disable LineLength + package node["percona"]["server"]["package"] do - action :install options "--force-yes" + action node["percona"]["server"]["package_action"].to_sym end when "rhel" + node.default["percona"]["server"]["package"] = "Percona-Server-server-#{version.tr(".", "")}" # rubocop:disable LineLength + node.default["percona"]["server"]["shared_pkg"] = "Percona-Server-shared-#{version.tr(".", "")}" # rubocop:disable LineLength + # Need to remove this to avoid conflicts package "mysql-libs" do action :remove @@ -23,19 +30,10 @@ include_recipe "percona::client" package node["percona"]["server"]["package"] do - action :install + action node["percona"]["server"]["package_action"].to_sym end end -if node["percona"]["server"]["jemalloc"] - package_name = value_for_platform_family( - "debian" => "libjemalloc1", - "rhel" => "jemalloc" - ) - - package package_name -end - unless node["percona"]["skip_configure"] include_recipe "percona::configure_server" end diff --git a/berks-cookbooks/percona/recipes/ssl.rb b/berks-cookbooks/percona/recipes/ssl.rb new file mode 100644 index 00000000..e9cf1d5d --- /dev/null +++ b/berks-cookbooks/percona/recipes/ssl.rb @@ -0,0 +1,41 @@ +# +# Cookbook Name:: percona +# Recipe:: ssl +# + +certs_path = "/etc/mysql/ssl" +server = node["percona"]["server"] +data_bag = node["percona"]["encrypted_data_bag"] + +directory certs_path do + owner node["percona"]["server"]["username"] + mode "0700" +end + +certs = Chef::EncryptedDataBagItem.load( + data_bag, + node["percona"]["encrypted_data_bag_item_ssl_replication"] +) + +# place the CA certificate, it should be present on both master and slave +file "#{certs_path}/cacert.pem" do + content certs["ca-cert"] + sensitive true +end + +%w[cert key].each do |file| + # place certificate and key for master + file "#{certs_path}/server-#{file}.pem" do + content certs["server"]["server-#{file}"] + sensitive true + only_if { server["role"].include?("master") } + end + + # because in a master-master setup a master could also be a slave + # place slave certificate and key + file "#{certs_path}/client-#{file}.pem" do + content certs["client"]["client-#{file}"] + sensitive true + only_if { server["role"].include?("slave") } + end +end diff --git a/berks-cookbooks/percona/recipes/toolkit.rb b/berks-cookbooks/percona/recipes/toolkit.rb index cbeebea1..fcced0fa 100644 --- a/berks-cookbooks/percona/recipes/toolkit.rb +++ b/berks-cookbooks/percona/recipes/toolkit.rb @@ -8,7 +8,9 @@ # Workaround a bug in the RPM packaging of percona-toolkit. Otherwise, it'll # try to pull in Percona-Server-shared-51, which will conflict with 5.5. # https://bugs.launchpad.net/percona-toolkit/+bug/1031427 -package "Percona-Server-shared-compat" if platform_family?("rhel") +if platform_family?("rhel") && node["percona"]["version"].match(/5\.[15]/) + package "Percona-Server-shared-compat" +end package "percona-toolkit" do options "--force-yes" if platform_family?("debian") diff --git a/berks-cookbooks/percona/templates/default/my.cnf.cluster.erb b/berks-cookbooks/percona/templates/default/my.cnf.cluster.erb index e3d53dfc..c8f4879b 100644 --- a/berks-cookbooks/percona/templates/default/my.cnf.cluster.erb +++ b/berks-cookbooks/percona/templates/default/my.cnf.cluster.erb @@ -33,7 +33,13 @@ open-files-limit = <%= node["percona"]["server"]["open_files_limit"] %> malloc-lib = <%= node["percona"]["server"]["jemalloc_lib"] %> <% end %> +# *** Application-specific options follow here *** + +# +# The MySQL server +# [mysqld] + # # * Basic Settings # @@ -44,11 +50,15 @@ port = <%= node["percona"]["server"]["port"] %> basedir = <%= node["percona"]["server"]["basedir"] %> datadir = <%= node["percona"]["server"]["datadir"] %> tmpdir = <%= node["percona"]["server"]["tmpdir"] %> -slave_load_tmpdir = <%= node["percona"]["server"]["tmpdir"] %> +slave_load_tmpdir = <%= node["percona"]["server"]["slave_load_tmpdir"] %> # language = <%= node["percona"]["server"]["language"] %> character_set_server = <%= node["percona"]["server"]["character_set"] %> collation_server = <%= node["percona"]["server"]["collation"] %> +<% if node["percona"]["server"]["federated"] %> +federated +<% end %> + <% if node["percona"]["server"]["skip_name_resolve"] %> skip-name-resolve <% end %> @@ -66,6 +76,7 @@ wait_timeout = <%= node["percona"]["server"]["wait_timeout"] %> # binlog_format = <%= node["percona"]["cluster"]["binlog_format"] %> wsrep_provider = <%= node["percona"]["cluster"]["wsrep_provider"] %> +wsrep_provider_options = <%= node["percona"]["cluster"]["wsrep_provider_options"] %> wsrep_cluster_address = <%= node["percona"]["cluster"]["wsrep_cluster_address"] %> wsrep_slave_threads = <%= node["percona"]["cluster"]["wsrep_slave_threads"] %> wsrep_cluster_name = <%= node["percona"]["cluster"]["wsrep_cluster_name"] %> @@ -80,22 +91,30 @@ innodb_locks_unsafe_for_binlog = <%= node["percona"]["cluster"]["innodb_locks_un innodb_autoinc_lock_mode = <%= node["percona"]["cluster"]["innodb_autoinc_lock_mode"] %> +<% if @old_passwords %> # # For compatibility to other Debian packages that still use # libmysqlclient10 and libmysqlclient12. old_passwords = <%= @old_passwords %> +<% end %> # # Instead of skip-networking the default is now to listen only on # localhost which is more compatible and is not less secure. -<% if !node["percona"]["server"]["bind_address"].empty? %> +<% unless node["percona"]["server"]["bind_address"].empty? %> bind-address = <%= node["percona"]["server"]["bind_address"] %> <% end %> +<%- if node["percona"]["version"] >= "5.5" %> +# As of 5.6.6 performance_schema is enabled by default. This allows it to be +# explicitly turned on or off as needed across all mysql versions +performance_schema=<%= node["percona"]["server"]["performance_schema"] ? "ON" : "OFF" %> +<% end %> + # # * Fine Tuning # -key_buffer = <%= node["percona"]["server"]["key_buffer"] %> +key_buffer_size = <%= node["percona"]["server"]["key_buffer_size"] %> # The maximum size of a query packet the server can handle as well as # maximum query size server can process (Important when working with @@ -107,8 +126,13 @@ group_concat_max_len = <%= node["percona"]["server"]["group_concat_max_len"] %> <% if node["percona"]["server"]["expand_fast_index_creation"] %> expand_fast_index_creation +<% end %> +<% if node["percona"]["server"]["read_rnd_buffer_size"] %> +# used for some sorts to optimally read rows after the sort +read_rnd_buffer_size = <%= node["percona"]["server"]["read_rnd_buffer_size"] %> <% end %> + # Thread stack size to use. This amount of memory is always reserved at # connection time. MySQL itself usually needs no more than 64K of # memory, while if you use your own stack hungry UDF functions or your @@ -116,15 +140,106 @@ expand_fast_index_creation # to a higher value. thread_stack = <%= node["percona"]["server"]["thread_stack"] %> +# query_alloc_block_size controls how much memory is reserved for +# parsing SQL statements and some other junk. I increase it on boxes +# that run complex queries to reduce possible memory fragmentation. YMMV +# default is 8k +query_alloc_block_size = <%= node["percona"]["server"]["query_alloc_block_size"] %> + +# if your OS supports it, you can lock the buffer pool into memory +# with this option to prevent swapping. I'm not sure if linux supports this +# but Solaris does. On linux, using the swapiness sysctl is probably nearly +# as effective. +<% if node["percona"]["server"]["memlock"] %> +memlock +<% end %> + +# Set the default transaction isolation level. Levels available are: +# READ-UNCOMMITTED, READ-COMMITTED, REPEATABLE-READ, SERIALIZABLE + +# REPEATABLE-READ requires next-key locks. If your application isn't sensitive # to 'phantom rows', (it probably isn't) then read-committed is fine. Feel +# free to change this to REPEATABLE-READ at a small performance penalty if it +# makes you feel better. +transaction_isolation = <%= node["percona"]["server"]["transaction_isolation"] %> + +# Maximum size for internal (in-memory) temporary tables. If a table +# grows larger than this value, it is automatically converted to disk +# based table This limitation is for a single table. There can be many +# of them. Also, if max_heap_table_size < tmp_table_size, it will be used +# as the limit instead, so making it bigger than that is not useful. +tmp_table_size = <%= node["percona"]["server"]["tmp_table_size"] %> + +# Storage engine which is used by default when creating new tables, if not +# specified differently during the CREATE TABLE statement. +default_storage_engine = <%= node["percona"]["server"]["default_storage_engine"] %> + +# Maximum allowed size for a single HEAP (in memory) table. This option +# is a protection against the accidential creation of a very large HEAP +# table which could otherwise use up all memory resources. +max_heap_table_size = <%= node["percona"]["server"]["max_heap_table_size"] %> + +# Sort buffer is used to perform sorts for some ORDER BY and GROUP BY +# queries. If sorted data does not fit into the sort buffer, a disk +# based merge sort is used instead - See the "Sort_merge_passes" +# status variable. Allocated per thread if sort is needed. +sort_buffer_size = <%= node["percona"]["server"]["sort_buffer_size"] %> + +# This buffer is used for the optimization of full JOINs (JOINs without +# indexes). Such JOINs are very bad for performance in most cases +# anyway, but setting this variable to a large value reduces the +# performance impact. See the "Select_full_join" status variable for a +# count of full JOINs. Allocated per thread if full join is found +join_buffer_size = <%= node["percona"]["server"]["join_buffer_size"] %> + +# How many threads we should keep in a cache for reuse. When a client +# disconnects, the client's threads are put in the cache if there aren't +# more than thread_cache_size threads from before. This greatly reduces +# the amount of thread creations needed if you have a lot of new +# connections. (Normally this doesn't give a notable performance +# improvement if you have a good thread implementation.) thread_cache_size = <%= node["percona"]["server"]["thread_cache_size"] %> # This replaces the startup script and checks MyISAM tables if needed # the first time they are touched -myisam-recover = <%= node["percona"]["server"]["myisam_recover"] %> -#max_connections = 100 -#table_cache = 64 +<%- if node["percona"]["version"] < "5.5" %> +myisam-recover = <%= node["percona"]["server"]["myisam_recover_options"] %> +<% else %> +myisam-recover-options = <%= node["percona"]["server"]["myisam_recover_options"] %> +<% end %> + + +# back_log is the number of connections the operating system can keep in +# the listen queue, before the MySQL connection manager thread has +# processed them. If you have a very high connection rate and experience +# "connection refused" errors, you might need to increase this value. +# Check your OS documentation for the maximum value of this parameter. +# Attempting to set back_log higher than your operating system limit +# will have no effect. +back_log = <%= node["percona"]["server"]["back_log"] %> +max_connections = <%= node["percona"]["server"]["max_connections"] %> + +# I don't know why 0 doesn't disable max_connect_errors checking +# but it doesn't, so set it to a high value to prevent MySQL from +# refusing to accept connections from a flaky host, especially if you +# are using a load balancer! +max_connect_errors = <%= node["percona"]["server"]["max_connect_errors"] %> + +<% unless node["percona"]["server"]["sql_modes"].empty? %> +sql-mode = <%= node["percona"]["server"]["sql_modes"].join(",") %> +<% end %> + +# The number of open tables for all threads. +# make sure that the open file limit is at least twice this in the +# mysqld_safe section +<%- if node["percona"]["version"] >= "5.6" %> +table_open_cache = <%= node["percona"]["server"]["table_cache"] %> +<%- else %> +table_cache = <%= node["percona"]["server"]["table_cache"] %> +<%- end %> + #thread_concurrency = 10 # +# # * Query Cache Configuration # query_cache_limit = <%= node["percona"]["server"]["query_cache_limit"] %> @@ -138,23 +253,157 @@ query_cache_size = <%= node["percona"]["server"]["query_cache_size"] %> # As of 5.1 you can enable the at runtime! #log_type = FILE #general_log = /var/log/mysql/mysql.log + +# sync_binlog ensures that all writes to the binary log are immediately +# flushed to disk. This is important, especially for replication, because +# if the server crashes and has not written all of the binary log to disk (and flushed it) +# then some rows will not make it to the slave +sync_binlog = <%= node["percona"]["server"]["sync_binlog"] %> + # # Error logging goes to syslog due to /etc/mysql/conf.d/mysqld_safe_syslog.cnf. # # Here you can see queries with especially long duration -#log_slow_queries = /var/log/mysql/mysql-slow.log -#long_query_time = 2 -#log-queries-not-using-indexes +# Slow queries are queries which take more than the +# amount of time defined in "long_query_time" or which do not use +# indexes well, if log_long_format is enabled. It is normally good idea +# to have this turned on if you frequently add new queries to the +# system. +slow_query_log = <%= node["percona"]["server"]["slow_query_log"] %> +slow_query_log_file = <%= node["percona"]["server"]["slow_query_log_file"] %> + +# All queries taking more than this amount of time (in seconds) will be +# trated as slow. Do not use "1" as a value here, as this will result in +# even very fast queries being logged from time to time (as MySQL +# currently measures time with second accuracy only). +long_query_time = <%= node["percona"]["server"]["long_query_time"] %> + +# log-queries-not-using-indexes # # The following can be used as easy to replay backup logs or for replication. # note: if you are setting up a replication slave, see README.Debian about # other settings you may need to change. + +# Unique server identification number between 1 and 2^32-1. This value +# is required for both master and slave hosts. It defaults to 1 if +# "master-host" is not set, but will MySQL will not function as a master +# if it is omitted. #server-id = 1 -#log_bin = /var/log/mysql/mysql-bin.log + +<% unless node["percona"]["server"]["replication"]["ignore_db"].empty? %> +# Tells the slave SQL thread not to replicate any statement where the default database is. +<% Array(node["percona"]["server"]["replication"]["ignore_db"]).each do |ignore_db| -%> +replicate-ignore-db = <%= ignore_db %> +<% end -%> +<% end -%> + +<% unless node["percona"]["server"]["replication"]["ignore_table"].empty? %> +# Creates a replication filter by telling the slave SQL thread not to replicate any statement that updates the specified table, even if any other tables might be updated by the same statement. +<% node["percona"]["server"]["replication"]["ignore_table"].each do |ignore_table| -%> +replicate-ignore-table = <%= ignore_table %> +<% end -%> +<% end -%> + + +<% if node["percona"]["server"]["replication"]["suppress_1592"] %> +#turns off this statement is unsafe in statement-based replication +<% if node["percona"]["version"] < "5.5" -%> +suppress_log_warning_1592 +<% else %> +log_warnings_suppress=1592 +<% end %> +<% end %> + +# Make the slave read-only. Only users with the SUPER privilege and the +# replication slave thread will be able to modify data on it. You can +# use this to ensure that no applications will accidently modify data on +# the slave instead of the master +<% if node["percona"]["server"]["replication"]["read_only"] %> +read_only +<% end %> + +# Tells the slave server not to start the slave threads when the server starts. +# This will allow you to tweak system and/or server settings prior to starting +# replication. +<% if node["percona"]["server"]["replication"]["skip_slave_start"] %> +skip-slave-start +<% end %> + +# Number of times the slave SQL thread will retry a transaction in case it +# failed with a deadlock or elapsed lock wait timeout, before giving up and +# stopping. +slave_transaction_retries = <%= node["percona"]["server"]["replication"]["slave_transaction_retries"] %> + +log_bin = <%= node["percona"]["server"]["datadir"] %>/mysql-bin.log expire_logs_days = <%= node["percona"]["server"]["expire_logs_days"] %> max_binlog_size = <%= node["percona"]["server"]["max_binlog_size"] %> -#binlog_do_db = include_database_name -#binlog_ignore_db = include_database_name + +<% node["percona"]["server"]["binlog_do_db"].each do |db_name| %> +binlog-do-db = <%= db_name %> +<% end -%> + +<% node["percona"]["server"]["binlog_ignore_db"].each do |db_name| %> +binlog-ignore-db = <%= db_name %> +<% end %> + +# The size of the cache to hold the SQL statements for the binary log +# during a transaction. If you often use big, multi-statement +# transactions you can increase this value to get more performance. All +# statements from transactions are buffered in the binary log cache and +# are being written to the binary log at once after the COMMIT. If the +# transaction is larger than this value, temporary file on disk is used +# instead. This buffer is allocated per connection on first update +# statement in transaction +binlog_cache_size = <%= node["percona"]["server"]["binlog_cache_size"] %> + +# Enable the full query log. Every query (even ones with incorrect +# syntax) that the server receives will be logged. This is useful for +# debugging, it is usually disabled in production use. +#log + +# Log warnings to the error log +<% if node["percona"]["server"]["log_warnings"] %> +log_warnings +<% end %> + +# Log more information in the slow query log. Normally it is good to +# have this turned on. This will enable logging of queries that are not +# using indexes in addition to long running queries. +<% if node["percona"]["server"]["log_long_format"] %> +log_long_format +<% end %> + +# MyISAM uses special tree-like cache to make bulk inserts (that is, +# INSERT ... SELECT, INSERT ... VALUES (...), (...), ..., and LOAD DATA +# INFILE) faster. This variable limits the size of the cache tree in +# bytes per thread. Setting it to 0 will disable this optimisation. Do +# not set it larger than "key_buffer_size" for optimal performance. +# This buffer is allocated when a bulk insert is detected. +bulk_insert_buffer_size = <%= node["percona"]["server"]["bulk_insert_buffer_size"] %> + +# This buffer is allocated when MySQL needs to rebuild the index in +# REPAIR, OPTIMIZE, ALTER table statements as well as in LOAD DATA INFILE +# into an empty table. It is allocated per thread so be careful with +# large settings. +myisam_sort_buffer_size = <%= node["percona"]["server"]["myisam_sort_buffer_size"] %> + +# The maximum size of the temporary file MySQL is allowed to use while +# recreating the index (during REPAIR, ALTER TABLE or LOAD DATA INFILE. +# If the file-size would be bigger than this, the index will be created +# through the key cache (which is slower). +myisam_max_sort_file_size = <%= node["percona"]["server"]["myisam_max_sort_file_size"] %> + +# If a table has more than one index, MyISAM can use more than one +# thread to repair them by sorting in parallel. This makes sense if you +# have multiple CPUs and plenty of memory. +myisam_repair_threads = <%= node["percona"]["server"]["myisam_repair_threads"] %> + +# Automatically check and repair not properly closed MyISAM tables. +<% if node["percona"]["server"]["myisam_recover_options"] %> +myisam_recover +<% end %> + + # # * InnoDB # @@ -193,7 +442,7 @@ innodb_buffer_pool_size = <%= node["percona"]["server"]["innodb_buffer_pool_size # can't specify tablespace sizes for innodb-file-per-table tablespaces # so using a big autoextend is preferable in those cases. innodb_data_file_path = <%= node["percona"]["server"]["innodb_data_file_path"] %> -# innodb_autoextend_increment = 128M +innodb_autoextend_increment = <%= node["percona"]["server"]["innodb_autoextend_increment"] %> <% if node["percona"]["server"]["innodb_file_per_table"] %> innodb_file_per_table <% end %> @@ -206,7 +455,7 @@ innodb_file_format = <%= node["percona"]["server"]["innodb_file_format"] %> # Set this option if you would like the InnoDB tablespace files to be # stored in another location. By default this is the MySQL datadir. -<% if !node["percona"]["server"]["innodb_data_home_dir"].empty? %> +<% unless node["percona"]["server"]["innodb_data_home_dir"].empty? %> innodb_data_home_dir = <%= node["percona"]["server"]["innodb_data_home_dir"] %> <% end %> @@ -293,7 +542,7 @@ innodb_lock_wait_timeout = <%= node["percona"]["server"]["innodb_lock_wait_timeo # isolation level isn't serializable. innodb_commit_concurrency=0 -innodb_open_files=2000 +innodb_open_files=<%= node["percona"]["server"]["innodb_open_files"] %> # # * Security Features @@ -318,7 +567,19 @@ max_allowed_packet = <%= node["percona"]["server"]["max_allowed_packet"] %> #no-auto-rehash # faster start of mysql but no tab completition [isamchk] -key_buffer = <%= node["percona"]["server"]["key_buffer"] %> +key_buffer_size = <%= node["percona"]["server"]["key_buffer_size"] %> + +##### custom configurations go here +<% unless node["percona"]["conf"].nil? or node["percona"]["conf"].empty? %> +<% node["percona"]["conf"].keys.each do |category| %> + + <%= "[#{category}]" %> + <% node["percona"]["conf"][category].keys.each do |key| %> + <%= "#{key} = #{node["percona"]["conf"][category][key]}" %> + <% end %> + +<% end %> +<% end %> # # * IMPORTANT: Additional settings that can override those from this file! diff --git a/berks-cookbooks/percona/templates/default/my.cnf.custom.erb b/berks-cookbooks/percona/templates/default/my.cnf.custom.erb deleted file mode 100644 index 1ffda700..00000000 --- a/berks-cookbooks/percona/templates/default/my.cnf.custom.erb +++ /dev/null @@ -1,11 +0,0 @@ -# generated by Chef for node <%= node["fqdn"] %> -# -# The MySQL database server configuration file. -<% node["percona"]["conf"].keys.each do |category| %> - -<%= "[#{category}]" %> -<% node["percona"]["conf"][category].keys.each do |key| %> - <%= "#{key} = #{node["percona"]["conf"][category][key]}" %> -<% end %> - -<% end %> diff --git a/berks-cookbooks/percona/templates/default/my.cnf.slave.erb b/berks-cookbooks/percona/templates/default/my.cnf.main.erb similarity index 82% rename from berks-cookbooks/percona/templates/default/my.cnf.slave.erb rename to berks-cookbooks/percona/templates/default/my.cnf.main.erb index 0af47176..652a01f3 100644 --- a/berks-cookbooks/percona/templates/default/my.cnf.slave.erb +++ b/berks-cookbooks/percona/templates/default/my.cnf.main.erb @@ -1,3 +1,4 @@ +# generated by Chef for node <%= node["fqdn"] %> # # The MySQL database server configuration file. # @@ -52,11 +53,15 @@ port = <%= node["percona"]["server"]["port"] %> basedir = <%= node["percona"]["server"]["basedir"] %> datadir = <%= node["percona"]["server"]["datadir"] %> tmpdir = <%= node["percona"]["server"]["tmpdir"] %> -slave_load_tmpdir = <%= node["percona"]["server"]["tmpdir"] %> +slave_load_tmpdir = <%= node["percona"]["server"]["slave_load_tmpdir"] %> # language = <%= node["percona"]["server"]["language"] %> character_set_server = <%= node["percona"]["server"]["character_set"] %> collation_server = <%= node["percona"]["server"]["collation"] %> +<% if node["percona"]["server"]["federated"] %> +federated +<% end %> + <% if node["percona"]["server"]["skip_name_resolve"] %> skip-name-resolve <% end %> @@ -69,22 +74,30 @@ net_read_timeout = <%= node["percona"]["server"]["net_read_timeout"] %> connect_timeout = <%= node["percona"]["server"]["connect_timeout"] %> wait_timeout = <%= node["percona"]["server"]["wait_timeout"] %> +<% if @old_passwords %> # # For compatibility to other Debian packages that still use # libmysqlclient10 and libmysqlclient12. old_passwords = <%= @old_passwords %> +<% end %> # # Instead of skip-networking the default is now to listen only on # localhost which is more compatible and is not less secure. -<% if !node["percona"]["server"]["bind_address"].empty? %> +<% unless node["percona"]["server"]["bind_address"].empty? %> bind-address = <%= node["percona"]["server"]["bind_address"] %> <% end %> # +<%- if node["percona"]["version"] >= "5.5" %> +# As of 5.6.6 performance_schema is enabled by default. This allows it to be +# explicitly turned on or off as needed across all mysql versions +performance_schema=<%= node["percona"]["server"]["performance_schema"] ? "ON" : "OFF" %> +<% end %> + # * Fine Tuning # -key_buffer = <%= node["percona"]["server"]["key_buffer"] %> +key_buffer_size = <%= node["percona"]["server"]["key_buffer_size"] %> # The maximum size of a query packet the server can handle as well as # maximum query size server can process (Important when working with @@ -96,8 +109,13 @@ group_concat_max_len = <%= node["percona"]["server"]["group_concat_max_len"] %> <% if node["percona"]["server"]["expand_fast_index_creation"] %> expand_fast_index_creation +<% end %> +<% if node["percona"]["server"]["read_rnd_buffer_size"] %> +# used for some sorts to optimally read rows after the sort +read_rnd_buffer_size = <%= node["percona"]["server"]["read_rnd_buffer_size"] %> <% end %> + # Thread stack size to use. This amount of memory is always reserved at # connection time. MySQL itself usually needs no more than 64K of # memory, while if you use your own stack hungry UDF functions or your @@ -166,7 +184,11 @@ thread_cache_size = <%= node["percona"]["server"]["thread_cache_size"] %> # This replaces the startup script and checks MyISAM tables if needed # the first time they are touched -myisam-recover = <%= node["percona"]["server"]["myisam_recover"] %> +<%- if node["percona"]["version"] < "5.5" %> +myisam-recover = <%= node["percona"]["server"]["myisam_recover_options"] %> +<% else %> +myisam-recover-options = <%= node["percona"]["server"]["myisam_recover_options"] %> +<% end %> # back_log is the number of connections the operating system can keep in # the listen queue, before the MySQL connection manager thread has @@ -184,6 +206,10 @@ max_connections = <%= node["percona"]["server"]["max_connections"] %> # are using a load balancer! max_connect_errors = <%= node["percona"]["server"]["max_connect_errors"] %> +<% unless node["percona"]["server"]["sql_modes"].empty? %> +sql-mode = <%= node["percona"]["server"]["sql_modes"].join(",") %> +<% end %> + # The number of open tables for all threads. # make sure that the open file limit is at least twice this in the # mysqld_safe section @@ -259,8 +285,29 @@ long_query_time = <%= node["percona"]["server"]["long_query_time"] %> # if it is omitted. server-id = <%= node["percona"]["server"]["server_id"] %> +<% unless node["percona"]["server"]["replication"]["ignore_db"].empty? %> # Tells the slave SQL thread not to replicate any statement where the default database is. -replicate-ignore-db = <%= node["percona"]["server"]["replication"]["ignore_db"] %> +<% Array(node["percona"]["server"]["replication"]["ignore_db"]).each do |ignore_db| -%> +replicate-ignore-db = <%= ignore_db %> +<% end -%> +<% end -%> + +<% unless node["percona"]["server"]["replication"]["ignore_table"].empty? %> +# Creates a replication filter by telling the slave SQL thread not to replicate any statement that updates the specified table, even if any other tables might be updated by the same statement. +<% node["percona"]["server"]["replication"]["ignore_table"].each do |ignore_table| -%> +replicate-ignore-table = <%= ignore_table %> +<% end -%> +<% end -%> + + +<% if node["percona"]["server"]["replication"]["suppress_1592"] %> +#turns off this statement is unsafe in statement-based replication +<% if node["percona"]["version"] < "5.5" -%> +suppress_log_warning_1592 +<% else %> +log_warnings_suppress=1592 +<% end %> +<% end %> # Make the slave read-only. Only users with the SUPER privilege and the # replication slave thread will be able to modify data on it. You can @@ -270,6 +317,18 @@ replicate-ignore-db = <%= node["percona"]["server"]["replication"]["ignore_db"] read_only <% end %> +# Tells the slave server not to start the slave threads when the server starts. +# This will allow you to tweak system and/or server settings prior to starting +# replication. +<% if node["percona"]["server"]["replication"]["skip_slave_start"] %> +skip-slave-start +<% end %> + +# Number of times the slave SQL thread will retry a transaction in case it +# failed with a deadlock or elapsed lock wait timeout, before giving up and +# stopping. +slave_transaction_retries = <%= node["percona"]["server"]["replication"]["slave_transaction_retries"] %> + log_bin = <%= node["percona"]["server"]["datadir"] %>/mysql-bin.log expire_logs_days = <%= node["percona"]["server"]["expire_logs_days"] %> max_binlog_size = <%= node["percona"]["server"]["max_binlog_size"] %> @@ -279,6 +338,10 @@ binlog_format = <%= node["percona"]["server"]["binlog_format"] %> binlog-do-db = <%= db_name %> <% end -%> +<% node["percona"]["server"]["binlog_ignore_db"].each do |db_name| %> +binlog-ignore-db = <%= db_name %> +<% end %> + # The size of the cache to hold the SQL statements for the binary log # during a transaction. If you often use big, multi-statement # transactions you can increase this value to get more performance. All @@ -295,11 +358,11 @@ binlog_cache_size = <%= node["percona"]["server"]["binlog_cache_size"] %> # it is recommened to specify a filename for the binary log, hopefully # something that is not host specific. I've chosen master-bin. -<% if !node["percona"]["server"]["log_bin"].empty? %> +<% unless node["percona"]["server"]["log_bin"].empty? %> log-bin = <%= node["percona"]["server"]["log_bin"] %> <% end %> -<% if !node["percona"]["server"]["relay_log"].empty? %> +<% unless node["percona"]["server"]["relay_log"].empty? %> relay-log = <%= node["percona"]["server"]["relay_log"] %> <% end %> @@ -342,6 +405,19 @@ bulk_insert_buffer_size = <%= node["percona"]["server"]["bulk_insert_buffer_size # large settings. myisam_sort_buffer_size = <%= node["percona"]["server"]["myisam_sort_buffer_size"] %> +# This buffer is allocated when MySQL does a sequential scan for a MyISAM +# table. It is allocated per thread so be careful with large settings. +# Note that the maximum permissible setting for read_buffer_size is 2GB. +# The value of this variable should be a multiple of 4KB. If it is set to +# a value that is not a multiple of 4KB, its value will be rounded down +# to the nearest multiple of 4KB. +# This option is also used in the following context for all search engines: +# For caching the indexes in a temporary file (not a temporary table), when +# sorting rows for ORDER BY. +# For bulk insert into partitions. +# For caching results of nested queries. +read_buffer_size = <%= node["percona"]["server"]["read_buffer_size"] %> + # The maximum size of the temporary file MySQL is allowed to use while # recreating the index (during REPAIR, ALTER TABLE or LOAD DATA INFILE. # If the file-size would be bigger than this, the index will be created @@ -354,13 +430,11 @@ myisam_max_sort_file_size = <%= node["percona"]["server"]["myisam_max_sort_file_ myisam_repair_threads = <%= node["percona"]["server"]["myisam_repair_threads"] %> # Automatically check and repair not properly closed MyISAM tables. -<% if node["percona"]["server"]["myisam_recover"] %> +<% if node["percona"]["server"]["myisam_recover_options"] %> myisam_recover <% end %> -#binlog_do_db = include_database_name -#binlog_ignore_db = include_database_name # # * InnoDB # @@ -399,7 +473,7 @@ innodb_buffer_pool_size = <%= node["percona"]["server"]["innodb_buffer_pool_size # can't specify tablespace sizes for innodb-file-per-table tablespaces # so using a big autoextend is preferable in those cases. innodb_data_file_path = <%= node["percona"]["server"]["innodb_data_file_path"] %> -# innodb_autoextend_increment = 128M +innodb_autoextend_increment = <%= node["percona"]["server"]["innodb_autoextend_increment"] %> <% if node["percona"]["server"]["innodb_file_per_table"] %> innodb_file_per_table <% end %> @@ -412,7 +486,7 @@ innodb_file_format = <%= node["percona"]["server"]["innodb_file_format"] %> # Set this option if you would like the InnoDB tablespace files to be # stored in another location. By default this is the MySQL datadir. -<% if !node["percona"]["server"]["innodb_data_home_dir"].empty? %> +<% unless node["percona"]["server"]["innodb_data_home_dir"].empty? %> innodb_data_home_dir = <%= node["percona"]["server"]["innodb_data_home_dir"] %> <% end %> @@ -499,7 +573,12 @@ innodb_lock_wait_timeout = <%= node["percona"]["server"]["innodb_lock_wait_timeo # isolation level isn't serializable. innodb_commit_concurrency=0 -innodb_open_files=2000 +innodb_open_files=<%= node["percona"]["server"]["innodb_open_files"] %> + +<% if node["percona"]["version"] == "5.5" %> +# set this to 1 if you like to import single tables from xtrabackup snapshot +innodb_import_table_from_xtrabackup = <%= node["percona"]["server"]["innodb_import_table_from_xtrabackup"] %> +<% end %> # # * Security Features @@ -509,9 +588,11 @@ innodb_open_files=2000 # # For generating SSL certificates I recommend the OpenSSL GUI "tinyca". # -# ssl-ca=/etc/mysql/cacert.pem -# ssl-cert=/etc/mysql/server-cert.pem -# ssl-key=/etc/mysql/server-key.pem +<% if node["percona"]["server"]["replication"]["ssl_enabled"] %> + ssl-ca=/etc/mysql/ssl/cacert.pem + ssl-cert=/etc/mysql/ssl/server-cert.pem + ssl-key=/etc/mysql/ssl/server-key.pem +<% end %> [mysqldump] @@ -523,7 +604,19 @@ max_allowed_packet = <%= node["percona"]["server"]["max_allowed_packet"] %> #no-auto-rehash # faster start of mysql but no tab completition [isamchk] -key_buffer = <%= node["percona"]["server"]["key_buffer"] %> +key_buffer_size = <%= node["percona"]["server"]["key_buffer_size"] %> + +##### custom configurations go here +<% unless node["percona"]["conf"].nil? or node["percona"]["conf"].empty? %> +<% node["percona"]["conf"].keys.each do |category| %> + + <%= "[#{category}]" %> + <% node["percona"]["conf"][category].keys.each do |key| %> + <%= "#{key} = #{node["percona"]["conf"][category][key]}" %> + <% end %> + +<% end %> +<% end %> # # * IMPORTANT: Additional settings that can override those from this file! diff --git a/berks-cookbooks/percona/templates/default/my.cnf.master.erb b/berks-cookbooks/percona/templates/default/my.cnf.master.erb deleted file mode 100644 index 31e016e8..00000000 --- a/berks-cookbooks/percona/templates/default/my.cnf.master.erb +++ /dev/null @@ -1,524 +0,0 @@ -# -# The MySQL database server configuration file. -# -# You can copy this to one of: -# - "/etc/mysql/my.cnf" to set global options, -# - "~/.my.cnf" to set user-specific options. -# -# One can use all long options that the program supports. -# Run program with --help to get a list of available options and with -# --print-defaults to see which it would actually understand and use. -# -# For explanations see -# http://dev.mysql.com/doc/mysql/en/server-system-variables.html - -# This will be passed to all mysql clients -# It has been reported that passwords should be enclosed with ticks/quotes -# escpecially if they contain "#" chars... -# Remember to edit /etc/mysql/debian.cnf when changing the socket location. -[client] -port = <%= node["percona"]["server"]["port"] %> -socket = <%= node["percona"]["server"]["socket"] %> - -# Here is entries for some specific programs -# The following values assume you have at least 32M ram - -[mysqlhotcopy] -interactive-timeout - -# This was formally known as [safe_mysqld]. Both versions are currently parsed. -[mysqld_safe] -socket = <%= node["percona"]["server"]["socket"] %> -nice = <%= node["percona"]["server"]["nice"] %> -open-files-limit = <%= node["percona"]["server"]["open_files_limit"] %> -<% if node["percona"]["server"]["jemalloc"] %> -malloc-lib = <%= node["percona"]["server"]["jemalloc_lib"] %> -<% end %> - -# *** Application-specific options follow here *** - -# -# The MySQL server -# -[mysqld] - -# -# * Basic Settings -# -user = <%= node["percona"]["server"]["username"] %> -pid-file = <%= node["percona"]["server"]["pidfile"] %> -socket = <%= node["percona"]["server"]["socket"] %> -port = <%= node["percona"]["server"]["port"] %> -basedir = <%= node["percona"]["server"]["basedir"] %> -datadir = <%= node["percona"]["server"]["datadir"] %> -tmpdir = <%= node["percona"]["server"]["tmpdir"] %> -slave_load_tmpdir = <%= node["percona"]["server"]["tmpdir"] %> -# language = <%= node["percona"]["server"]["language"] %> -character_set_server = <%= node["percona"]["server"]["character_set"] %> -collation_server = <%= node["percona"]["server"]["collation"] %> - -<% if node["percona"]["server"]["skip_name_resolve"] %> -skip-name-resolve -<% end %> - -<% if node["percona"]["server"]["skip_external_locking"] %> -skip-external-locking -<% end %> - -net_read_timeout = <%= node["percona"]["server"]["net_read_timeout"] %> -connect_timeout = <%= node["percona"]["server"]["connect_timeout"] %> -wait_timeout = <%= node["percona"]["server"]["wait_timeout"] %> - -# -# For compatibility to other Debian packages that still use -# libmysqlclient10 and libmysqlclient12. -old_passwords = <%= @old_passwords %> - -# -# Instead of skip-networking the default is now to listen only on -# localhost which is more compatible and is not less secure. -<% if !node["percona"]["server"]["bind_address"].empty? %> -bind-address = <%= node["percona"]["server"]["bind_address"] %> -<% end %> -# - -# * Fine Tuning -# -key_buffer = <%= node["percona"]["server"]["key_buffer"] %> - -# The maximum size of a query packet the server can handle as well as -# maximum query size server can process (Important when working with -# large BLOBs). enlarged dynamically, for each connection. -max_allowed_packet = <%= node["percona"]["server"]["max_allowed_packet"] %> - -# Maximum String length size of a group concat result -group_concat_max_len = <%= node["percona"]["server"]["group_concat_max_len"] %> - -<% if node["percona"]["server"]["expand_fast_index_creation"] %> -expand_fast_index_creation - -<% end %> -# Thread stack size to use. This amount of memory is always reserved at -# connection time. MySQL itself usually needs no more than 64K of -# memory, while if you use your own stack hungry UDF functions or your -# OS requires more stack for some operations, you might need to set this -# to a higher value. -thread_stack = <%= node["percona"]["server"]["thread_stack"] %> - -# query_alloc_block_size controls how much memory is reserved for -# parsing SQL statements and some other junk. I increase it on boxes -# that run complex queries to reduce possible memory fragmentation. YMMV -# default is 8k -query_alloc_block_size = <%= node["percona"]["server"]["query_alloc_block_size"] %> - -# if your OS supports it, you can lock the buffer pool into memory -# with this option to prevent swapping. I'm not sure if linux supports this -# but Solaris does. On linux, using the swapiness sysctl is probably nearly -# as effective. -<% if node["percona"]["server"]["memlock"] %> -memlock -<% end %> - -# Set the default transaction isolation level. Levels available are: -# READ-UNCOMMITTED, READ-COMMITTED, REPEATABLE-READ, SERIALIZABLE - -# REPEATABLE-READ requires next-key locks. If your application isn't sensitive # to 'phantom rows', (it probably isn't) then read-committed is fine. Feel -# free to change this to REPEATABLE-READ at a small performance penalty if it -# makes you feel better. -transaction_isolation = <%= node["percona"]["server"]["transaction_isolation"] %> - -# Maximum size for internal (in-memory) temporary tables. If a table -# grows larger than this value, it is automatically converted to disk -# based table This limitation is for a single table. There can be many -# of them. Also, if max_heap_table_size < tmp_table_size, it will be used -# as the limit instead, so making it bigger than that is not useful. -tmp_table_size = <%= node["percona"]["server"]["tmp_table_size"] %> - -# Storage engine which is used by default when creating new tables, if not -# specified differently during the CREATE TABLE statement. -default_storage_engine = <%= node["percona"]["server"]["default_storage_engine"] %> - -# Maximum allowed size for a single HEAP (in memory) table. This option -# is a protection against the accidential creation of a very large HEAP -# table which could otherwise use up all memory resources. -max_heap_table_size = <%= node["percona"]["server"]["max_heap_table_size"] %> - -# Sort buffer is used to perform sorts for some ORDER BY and GROUP BY -# queries. If sorted data does not fit into the sort buffer, a disk -# based merge sort is used instead - See the "Sort_merge_passes" -# status variable. Allocated per thread if sort is needed. -sort_buffer_size = <%= node["percona"]["server"]["sort_buffer_size"] %> - -# This buffer is used for the optimization of full JOINs (JOINs without -# indexes). Such JOINs are very bad for performance in most cases -# anyway, but setting this variable to a large value reduces the -# performance impact. See the "Select_full_join" status variable for a -# count of full JOINs. Allocated per thread if full join is found -join_buffer_size = <%= node["percona"]["server"]["join_buffer_size"] %> - -# How many threads we should keep in a cache for reuse. When a client -# disconnects, the client's threads are put in the cache if there aren't -# more than thread_cache_size threads from before. This greatly reduces -# the amount of thread creations needed if you have a lot of new -# connections. (Normally this doesn't give a notable performance -# improvement if you have a good thread implementation.) -thread_cache_size = <%= node["percona"]["server"]["thread_cache_size"] %> - -# This replaces the startup script and checks MyISAM tables if needed -# the first time they are touched -myisam-recover = <%= node["percona"]["server"]["myisam_recover"] %> - -# back_log is the number of connections the operating system can keep in -# the listen queue, before the MySQL connection manager thread has -# processed them. If you have a very high connection rate and experience -# "connection refused" errors, you might need to increase this value. -# Check your OS documentation for the maximum value of this parameter. -# Attempting to set back_log higher than your operating system limit -# will have no effect. -back_log = <%= node["percona"]["server"]["back_log"] %> -max_connections = <%= node["percona"]["server"]["max_connections"] %> - -# I don't know why 0 doesn't disable max_connect_errors checking -# but it doesn't, so set it to a high value to prevent MySQL from -# refusing to accept connections from a flaky host, especially if you -# are using a load balancer! -max_connect_errors = <%= node["percona"]["server"]["max_connect_errors"] %> - -# The number of open tables for all threads. -# make sure that the open file limit is at least twice this in the -# mysqld_safe section -<%- if node["percona"]["version"] >= "5.6" %> -table_open_cache = <%= node["percona"]["server"]["table_cache"] %> -<%- else %> -table_cache = <%= node["percona"]["server"]["table_cache"] %> -<%- end %> - -#thread_concurrency = 10 -# -# * Query Cache Configuration -# - -# Query cache is used to cache SELECT results and later return them -# without actual executing the same query once again. Having the query -# cache enabled may result in significant speed improvements, if your -# have a lot of identical queries and rarely changing tables. See the -# "Qcache_lowmem_prunes" status variable to check if the current value -# is high enough for your load. -# Note: In case your tables change very often or if your queries are -# textually different every time, the query cache may result in a -# slowdown instead of a performance improvement. -query_cache_size = <%= node["percona"]["server"]["query_cache_size"] %> - -# Only cache result sets that are smaller than this limit. This is to -# protect the query cache of a very large result set overwriting all -# other query results. -query_cache_limit = <%= node["percona"]["server"]["query_cache_limit"] %> - -# -# * Logging and Replication -# -# Both location gets rotated by the cronjob. -# Be aware that this log type is a performance killer. -# As of 5.1 you can enable the at runtime! -#log_type = FILE -#general_log = /var/log/mysql/mysql.log - -# sync_binlog ensures that all writes to the binary log are immediately -# flushed to disk. This is important, especially for replication, because -# if the server crashes and has not written all of the binary log to disk (and flushed it) -# then some rows will not make it to the slave -sync_binlog = <%= node["percona"]["server"]["sync_binlog"] %> - -# -# Error logging goes to syslog due to /etc/mysql/conf.d/mysqld_safe_syslog.cnf. -# -# Here you can see queries with especially long duration -# Slow queries are queries which take more than the -# amount of time defined in "long_query_time" or which do not use -# indexes well, if log_long_format is enabled. It is normally good idea -# to have this turned on if you frequently add new queries to the -# system. -slow_query_log = <%= node["percona"]["server"]["slow_query_log"] %> -slow_query_log_file = <%= node["percona"]["server"]["slow_query_log_file"] %> - -# All queries taking more than this amount of time (in seconds) will be -# trated as slow. Do not use "1" as a value here, as this will result in -# even very fast queries being logged from time to time (as MySQL -# currently measures time with second accuracy only). -long_query_time = <%= node["percona"]["server"]["long_query_time"] %> - -# log-queries-not-using-indexes -# -# The following can be used as easy to replay backup logs or for replication. -# note: if you are setting up a replication slave, see README.Debian about -# other settings you may need to change. - -# Unique server identification number between 1 and 2^32-1. This value -# is required for both master and slave hosts. It defaults to 1 if -# "master-host" is not set, but will MySQL will not function as a master -# if it is omitted. -server-id = <%= node["percona"]["server"]["server_id"] %> - -# Make the slave read-only. Only users with the SUPER privilege and the -# replication slave thread will be able to modify data on it. You can -# use this to ensure that no applications will accidently modify data on -# the slave instead of the master -#read_only - -log_bin = <%= node["percona"]["server"]["datadir"] %>/mysql-bin.log -expire_logs_days = <%= node["percona"]["server"]["expire_logs_days"] %> -max_binlog_size = <%= node["percona"]["server"]["max_binlog_size"] %> -binlog_format = <%= node["percona"]["server"]["binlog_format"] %> - -<% node["percona"]["server"]["binlog_do_db"].each do |db_name| %> -binlog-do-db = <%= db_name %> -<% end -%> - -# The size of the cache to hold the SQL statements for the binary log -# during a transaction. If you often use big, multi-statement -# transactions you can increase this value to get more performance. All -# statements from transactions are buffered in the binary log cache and -# are being written to the binary log at once after the COMMIT. If the -# transaction is larger than this value, temporary file on disk is used -# instead. This buffer is allocated per connection on first update -# statement in transaction -binlog_cache_size = <%= node["percona"]["server"]["binlog_cache_size"] %> - -# Enable binary logging. This is required for acting as a MASTER in a -# replication configuration. You also need the binary log if you need -# the ability to do point in time recovery from your latest backup. - -# it is recommened to specify a filename for the binary log, hopefully -# something that is not host specific. I've chosen master-bin. -<% if !node["percona"]["server"]["log_bin"].empty? %> -log-bin = <%= node["percona"]["server"]["log_bin"] %> -<% end %> - -# If you're using replication with chained slaves (A->B->C), you need to -# enable this option on server B. It enables logging of updates done by -# the slave thread into the slave's binary log. -<% if node["percona"]["server"]["log_slave_updates"] %> -log_slave_updates -<% end %> - -# Enable the full query log. Every query (even ones with incorrect -# syntax) that the server receives will be logged. This is useful for -# debugging, it is usually disabled in production use. -#log - -# Log warnings to the error log -<% if node["percona"]["server"]["log_warnings"] %> -log_warnings -<% end %> - -# Log more information in the slow query log. Normally it is good to -# have this turned on. This will enable logging of queries that are not -# using indexes in addition to long running queries. -<% if node["percona"]["server"]["log_long_format"] %> -log_long_format -<% end %> - -# MyISAM uses special tree-like cache to make bulk inserts (that is, -# INSERT ... SELECT, INSERT ... VALUES (...), (...), ..., and LOAD DATA -# INFILE) faster. This variable limits the size of the cache tree in -# bytes per thread. Setting it to 0 will disable this optimisation. Do -# not set it larger than "key_buffer_size" for optimal performance. -# This buffer is allocated when a bulk insert is detected. -bulk_insert_buffer_size = <%= node["percona"]["server"]["bulk_insert_buffer_size"] %> - -# This buffer is allocated when MySQL needs to rebuild the index in -# REPAIR, OPTIMIZE, ALTER table statements as well as in LOAD DATA INFILE -# into an empty table. It is allocated per thread so be careful with -# large settings. -myisam_sort_buffer_size = <%= node["percona"]["server"]["myisam_sort_buffer_size"] %> - -# The maximum size of the temporary file MySQL is allowed to use while -# recreating the index (during REPAIR, ALTER TABLE or LOAD DATA INFILE. -# If the file-size would be bigger than this, the index will be created -# through the key cache (which is slower). -myisam_max_sort_file_size = <%= node["percona"]["server"]["myisam_max_sort_file_size"] %> - -# If a table has more than one index, MyISAM can use more than one -# thread to repair them by sorting in parallel. This makes sense if you -# have multiple CPUs and plenty of memory. -myisam_repair_threads = <%= node["percona"]["server"]["myisam_repair_threads"] %> - -# Automatically check and repair not properly closed MyISAM tables. -<% if node["percona"]["server"]["myisam_recover"] %> -myisam_recover -<% end %> - - -#binlog_do_db = include_database_name -#binlog_ignore_db = include_database_name -# -# * InnoDB -# -# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/. -# Read the manual for more InnoDB related options. There are many! - -# Use this option if you have a MySQL server with InnoDB support enabled -# but you do not plan to use it. This will save memory and disk space -# and speed up some things. -<% if node["percona"]["server"]["skip_innodb"] %> -skip-innodb -<% end %> - -# Additional memory pool that is used by InnoDB to store metadata -# information. If InnoDB requires more memory for this purpose it will -# start to allocate it from the OS. As this is fast enough on most -# recent operating systems, you normally do not need to change this -# value. SHOW INNODB STATUS will display the current amount used. -innodb_additional_mem_pool_size = <%= node["percona"]["server"]["innodb_additional_mem_pool_size"] %> - -# This config file assumes a main memory of at least 8G -innodb_buffer_pool_size = <%= node["percona"]["server"]["innodb_buffer_pool_size"] %> - -# InnoDB stores data in one or more data files forming the tablespace. -# If you have a single logical drive for your data, a single -# autoextending file would be good enough. In other cases, a single file -# per device is often a good choice. You can configure InnoDB to use raw -# disk partitions as well - please refer to the manual for more info -# about this. - -# to prevent fragmentation of the InnoDB tablespace, either create a -# very big initial datafile, or set the autoextend amount to a large -# value. The disadvantage of using a large autoextend size is that the -# server may take some time to extend the file when needed - -# can't specify tablespace sizes for innodb-file-per-table tablespaces -# so using a big autoextend is preferable in those cases. -innodb_data_file_path = <%= node["percona"]["server"]["innodb_data_file_path"] %> -# innodb_autoextend_increment = 128M -<% if node["percona"]["server"]["innodb_file_per_table"] %> -innodb_file_per_table -<% end %> - -# The file format to use for new InnoDB tables. -# Currently Antelope and Barracuda are supported. -# This applies only for tables that have their own tablespace, -# so for it to have an effect innodb_file_per_table must be enabled. -innodb_file_format = <%= node["percona"]["server"]["innodb_file_format"] %> - -# Set this option if you would like the InnoDB tablespace files to be -# stored in another location. By default this is the MySQL datadir. -<% if !node["percona"]["server"]["innodb_data_home_dir"].empty? %> -innodb_data_home_dir = <%= node["percona"]["server"]["innodb_data_home_dir"] %> -<% end %> - -# Number of threads allowed inside the InnoDB kernel. The optimal value -# depends highly on the application, hardware as well as the OS -# scheduler properties. A too high value may lead to thread thrashing. -innodb_thread_concurrency = <%= node["percona"]["server"]["innodb_thread_concurrency"] %> - -# If set to 1, InnoDB will flush (fsync) the transaction logs to the -# disk at each commit, which offers full ACID behavior. If you are -# willing to compromise this safety, and you are running small -# transactions, you may set this to 0 or 2 to reduce disk I/O to the -# logs. Value 0 means that the log is only written to the log file and -# the log file flushed to disk approximately once per second. Value 2 -# means the log is written to the log file at each commit, but the log -# file is only flushed to disk approximately once per second. -innodb_flush_log_at_trx_commit = <%= node["percona"]["server"]["innodb_flush_log_at_trx_commit"] %> - -# Speed up InnoDB shutdown. This will disable InnoDB to do a full purge -# and insert buffer merge on shutdown. It may increase shutdown time a -# lot, but InnoDB will have to do it on the next startup instead. -<% if node["percona"]["server"]["innodb_fast_shutdown"] %> -innodb_fast_shutdown -<% end %> - -# The size of the buffer InnoDB uses for buffering log data. As soon as -# it is full, InnoDB will have to flush it to disk. As it is flushed -# once per second anyway, it does not make sense to have it very large -# (even with long transactions). -innodb_log_buffer_size = <%= node["percona"]["server"]["innodb_log_buffer_size"] %> - -# Size of each log file in a log group. You should set the combined size -# of log files to about 25%-100% of your buffer pool size to avoid -# unneeded buffer pool flush activity on log file overwrite. However, -# note that a larger logfile size will increase the time needed for the -# recovery process. - -# make sure the log files are large enough that you don't hold up -# checkpoints when the logs rotate! -innodb_log_file_size = <%= node["percona"]["server"]["innodb_log_file_size"] %> - -# Total number of files in the log group. A value of 2-3 is usually good -# enough. -innodb_log_files_in_group = <%= node["percona"]["server"]["innodb_log_files_in_group"] %> - -# Location of the InnoDB log files. Default is the MySQL datadir. You -# may wish to point it to a dedicated hard drive or a RAID1 volume for -# improved performance - -# be careful if you use LVM and plan to snapshot your filesystem for hot -# backup. your log files must be on the same logical volume as your data -# files in order for this to work. - -#innodb_log_group_home_dir - -# Maximum allowed percentage of dirty pages in the InnoDB buffer pool. -# If it is reached, InnoDB will start flushing them out agressively to -# not run out of clean pages at all. This is a soft limit, not -# guaranteed to be held. -innodb_max_dirty_pages_pct = <%= node["percona"]["server"]["innodb_max_dirty_pages_pct"] %> - -# The flush method InnoDB will use for Log. The tablespace always uses -# doublewrite flush logic. The default value is "fdatasync", another -# option is "O_DSYNC". - -# use directIO to bypass filesystem cache where possible -innodb_flush_method = <%= node["percona"]["server"]["innodb_flush_method"] %> - -# How long an InnoDB transaction should wait for a lock to be granted -# before being rolled back. InnoDB automatically detects transaction -# deadlocks in its own lock table and rolls back the transaction. If you -# use the LOCK TABLES command, or other transaction-safe storage engines -# than InnoDB in the same transaction, then a deadlock may arise which -# InnoDB cannot notice. In cases like this the timeout is useful to -# resolve the situation. -innodb_lock_wait_timeout = <%= node["percona"]["server"]["innodb_lock_wait_timeout"] %> - -# Let as many clients commit at once as necessary -# If you have a very intensive write application or if you have -# innodb_flush_logs_at_trx <> 1 it may make sense to play with this. - -# with this configuration it probably won't matter anyway, because binary -# logging is enabled, which enforces serialized commits, even when the -# isolation level isn't serializable. -innodb_commit_concurrency=0 - -innodb_open_files=2000 - -# -# * Security Features -# -# Read the manual, too, if you want chroot! -# chroot = /var/lib/mysql/ -# -# For generating SSL certificates I recommend the OpenSSL GUI "tinyca". -# -# ssl-ca=/etc/mysql/cacert.pem -# ssl-cert=/etc/mysql/server-cert.pem -# ssl-key=/etc/mysql/server-key.pem - - -[mysqldump] -quick -quote-names -max_allowed_packet = <%= node["percona"]["server"]["max_allowed_packet"] %> - -[mysql] -#no-auto-rehash # faster start of mysql but no tab completition - -[isamchk] -key_buffer = <%= node["percona"]["server"]["key_buffer"] %> - -# -# * IMPORTANT: Additional settings that can override those from this file! -# The files must end with '.cnf', otherwise they'll be ignored. -# -<% if !node["percona"]["server"]["includedir"].empty? %> -!includedir <%= node["percona"]["server"]["includedir"] %> -<% end %> diff --git a/berks-cookbooks/percona/templates/default/my.cnf.standalone.erb b/berks-cookbooks/percona/templates/default/my.cnf.standalone.erb deleted file mode 100644 index d0f5db81..00000000 --- a/berks-cookbooks/percona/templates/default/my.cnf.standalone.erb +++ /dev/null @@ -1,310 +0,0 @@ -# generated by Chef for node <%= node["fqdn"] %> -# -# The MySQL database server configuration file. -# -# You can copy this to one of: -# - "/etc/mysql/my.cnf" to set global options, -# - "~/.my.cnf" to set user-specific options. -# -# One can use all long options that the program supports. -# Run program with --help to get a list of available options and with -# --print-defaults to see which it would actually understand and use. -# -# For explanations see -# http://dev.mysql.com/doc/mysql/en/server-system-variables.html - -# This will be passed to all mysql clients -# It has been reported that passwords should be enclosed with ticks/quotes -# escpecially if they contain "#" chars... -# Remember to edit /etc/mysql/debian.cnf when changing the socket location. -[client] -port = <%= node["percona"]["server"]["port"] %> -socket = <%= node["percona"]["server"]["socket"] %> - -# Here is entries for some specific programs -# The following values assume you have at least 32M ram - -# This was formally known as [safe_mysqld]. Both versions are currently parsed. -[mysqld_safe] -socket = <%= node["percona"]["server"]["socket"] %> -nice = <%= node["percona"]["server"]["nice"] %> -open-files-limit = <%= node["percona"]["server"]["open_files_limit"] %> -<% if node["percona"]["server"]["jemalloc"] %> -malloc-lib = <%= node["percona"]["server"]["jemalloc_lib"] %> -<% end %> - -[mysqld] -# -# * Basic Settings -# -user = <%= node["percona"]["server"]["username"] %> -pid-file = <%= node["percona"]["server"]["pidfile"] %> -socket = <%= node["percona"]["server"]["socket"] %> -port = <%= node["percona"]["server"]["port"] %> -basedir = <%= node["percona"]["server"]["basedir"] %> -datadir = <%= node["percona"]["server"]["datadir"] %> -tmpdir = <%= node["percona"]["server"]["tmpdir"] %> -slave_load_tmpdir = <%= node["percona"]["server"]["tmpdir"] %> -# language = <%= node["percona"]["server"]["language"] %> -character_set_server = <%= node["percona"]["server"]["character_set"] %> -collation_server = <%= node["percona"]["server"]["collation"] %> - -<% if node["percona"]["server"]["skip_name_resolve"] %> -skip-name-resolve -<% end %> - -<% if node["percona"]["server"]["skip_external_locking"] %> -skip-external-locking -<% end %> - -net_read_timeout = <%= node["percona"]["server"]["net_read_timeout"] %> -connect_timeout = <%= node["percona"]["server"]["connect_timeout"] %> -wait_timeout = <%= node["percona"]["server"]["wait_timeout"] %> - -# -# For compatibility to other Debian packages that still use -# libmysqlclient10 and libmysqlclient12. -old_passwords = <%= @old_passwords %> - -# -# Instead of skip-networking the default is now to listen only on -# localhost which is more compatible and is not less secure. -<% if !node["percona"]["server"]["bind_address"].empty? %> -bind-address = <%= node["percona"]["server"]["bind_address"] %> -<% end %> - -# -# * Fine Tuning -# -key_buffer = <%= node["percona"]["server"]["key_buffer"] %> - -# The maximum size of a query packet the server can handle as well as -# maximum query size server can process (Important when working with -# large BLOBs). enlarged dynamically, for each connection. -max_allowed_packet = <%= node["percona"]["server"]["max_allowed_packet"] %> - -# Maximum String length size of a group concat result -group_concat_max_len = <%= node["percona"]["server"]["group_concat_max_len"] %> - -<% if node["percona"]["server"]["expand_fast_index_creation"] %> -expand_fast_index_creation - -<% end %> -# Thread stack size to use. This amount of memory is always reserved at -# connection time. MySQL itself usually needs no more than 64K of -# memory, while if you use your own stack hungry UDF functions or your -# OS requires more stack for some operations, you might need to set this -# to a higher value. -thread_stack = <%= node["percona"]["server"]["thread_stack"] %> - -thread_cache_size = <%= node["percona"]["server"]["thread_cache_size"] %> - -# This replaces the startup script and checks MyISAM tables if needed -# the first time they are touched -myisam-recover = <%= node["percona"]["server"]["myisam_recover"] %> -#max_connections = 100 -#table_cache = 64 -#thread_concurrency = 10 -# -# * Query Cache Configuration -# -query_cache_limit = <%= node["percona"]["server"]["query_cache_limit"] %> -query_cache_size = <%= node["percona"]["server"]["query_cache_size"] %> - -# -# * Logging and Replication -# -# Both location gets rotated by the cronjob. -# Be aware that this log type is a performance killer. -# As of 5.1 you can enable the at runtime! -#log_type = FILE -#general_log = /var/log/mysql/mysql.log -# -# Error logging goes to syslog due to /etc/mysql/conf.d/mysqld_safe_syslog.cnf. -# -# Here you can see queries with especially long duration -#log_slow_queries = /var/log/mysql/mysql-slow.log -#long_query_time = 2 -#log-queries-not-using-indexes -# -# The following can be used as easy to replay backup logs or for replication. -# note: if you are setting up a replication slave, see README.Debian about -# other settings you may need to change. -#server-id = 1 -#log_bin = /var/log/mysql/mysql-bin.log -expire_logs_days = <%= node["percona"]["server"]["expire_logs_days"] %> -max_binlog_size = <%= node["percona"]["server"]["max_binlog_size"] %> -#binlog_do_db = include_database_name -#binlog_ignore_db = include_database_name -# -# * InnoDB -# -# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/. -# Read the manual for more InnoDB related options. There are many! - -# Use this option if you have a MySQL server with InnoDB support enabled -# but you do not plan to use it. This will save memory and disk space -# and speed up some things. -<% if node["percona"]["server"]["skip_innodb"] %> -skip-innodb -<% end %> - -# Additional memory pool that is used by InnoDB to store metadata -# information. If InnoDB requires more memory for this purpose it will -# start to allocate it from the OS. As this is fast enough on most -# recent operating systems, you normally do not need to change this -# value. SHOW INNODB STATUS will display the current amount used. -innodb_additional_mem_pool_size = <%= node["percona"]["server"]["innodb_additional_mem_pool_size"] %> - -# This config file assumes a main memory of at least 8G -innodb_buffer_pool_size = <%= node["percona"]["server"]["innodb_buffer_pool_size"] %> - -# InnoDB stores data in one or more data files forming the tablespace. -# If you have a single logical drive for your data, a single -# autoextending file would be good enough. In other cases, a single file -# per device is often a good choice. You can configure InnoDB to use raw -# disk partitions as well - please refer to the manual for more info -# about this. - -# to prevent fragmentation of the InnoDB tablespace, either create a -# very big initial datafile, or set the autoextend amount to a large -# value. The disadvantage of using a large autoextend size is that the -# server may take some time to extend the file when needed - -# can't specify tablespace sizes for innodb-file-per-table tablespaces -# so using a big autoextend is preferable in those cases. -innodb_data_file_path = <%= node["percona"]["server"]["innodb_data_file_path"] %> -# innodb_autoextend_increment = 128M -<% if node["percona"]["server"]["innodb_file_per_table"] %> -innodb_file_per_table -<% end %> - -# The file format to use for new InnoDB tables. -# Currently Antelope and Barracuda are supported. -# This applies only for tables that have their own tablespace, -# so for it to have an effect innodb_file_per_table must be enabled. -innodb_file_format = <%= node["percona"]["server"]["innodb_file_format"] %> - -# Set this option if you would like the InnoDB tablespace files to be -# stored in another location. By default this is the MySQL datadir. -<% if !node["percona"]["server"]["innodb_data_home_dir"].empty? %> -innodb_data_home_dir = <%= node["percona"]["server"]["innodb_data_home_dir"] %> -<% end %> - -# Number of threads allowed inside the InnoDB kernel. The optimal value -# depends highly on the application, hardware as well as the OS -# scheduler properties. A too high value may lead to thread thrashing. -innodb_thread_concurrency = <%= node["percona"]["server"]["innodb_thread_concurrency"] %> - -# If set to 1, InnoDB will flush (fsync) the transaction logs to the -# disk at each commit, which offers full ACID behavior. If you are -# willing to compromise this safety, and you are running small -# transactions, you may set this to 0 or 2 to reduce disk I/O to the -# logs. Value 0 means that the log is only written to the log file and -# the log file flushed to disk approximately once per second. Value 2 -# means the log is written to the log file at each commit, but the log -# file is only flushed to disk approximately once per second. -innodb_flush_log_at_trx_commit = <%= node["percona"]["server"]["innodb_flush_log_at_trx_commit"] %> - -# Speed up InnoDB shutdown. This will disable InnoDB to do a full purge -# and insert buffer merge on shutdown. It may increase shutdown time a -# lot, but InnoDB will have to do it on the next startup instead. -<% if node["percona"]["server"]["innodb_fast_shutdown"] %> -innodb_fast_shutdown -<% end %> - -# The size of the buffer InnoDB uses for buffering log data. As soon as -# it is full, InnoDB will have to flush it to disk. As it is flushed -# once per second anyway, it does not make sense to have it very large -# (even with long transactions). -innodb_log_buffer_size = <%= node["percona"]["server"]["innodb_log_buffer_size"] %> - -# Size of each log file in a log group. You should set the combined size -# of log files to about 25%-100% of your buffer pool size to avoid -# unneeded buffer pool flush activity on log file overwrite. However, -# note that a larger logfile size will increase the time needed for the -# recovery process. - -# make sure the log files are large enough that you don't hold up -# checkpoints when the logs rotate! -innodb_log_file_size = <%= node["percona"]["server"]["innodb_log_file_size"] %> - -# Total number of files in the log group. A value of 2-3 is usually good -# enough. -innodb_log_files_in_group = <%= node["percona"]["server"]["innodb_log_files_in_group"] %> - -# Location of the InnoDB log files. Default is the MySQL datadir. You -# may wish to point it to a dedicated hard drive or a RAID1 volume for -# improved performance - -# be careful if you use LVM and plan to snapshot your filesystem for hot -# backup. your log files must be on the same logical volume as your data -# files in order for this to work. - -#innodb_log_group_home_dir - -# Maximum allowed percentage of dirty pages in the InnoDB buffer pool. -# If it is reached, InnoDB will start flushing them out agressively to -# not run out of clean pages at all. This is a soft limit, not -# guaranteed to be held. -innodb_max_dirty_pages_pct = <%= node["percona"]["server"]["innodb_max_dirty_pages_pct"] %> - -# The flush method InnoDB will use for Log. The tablespace always uses -# doublewrite flush logic. The default value is "fdatasync", another -# option is "O_DSYNC". - -# use directIO to bypass filesystem cache where possible -innodb_flush_method = <%= node["percona"]["server"]["innodb_flush_method"] %> - -# How long an InnoDB transaction should wait for a lock to be granted -# before being rolled back. InnoDB automatically detects transaction -# deadlocks in its own lock table and rolls back the transaction. If you -# use the LOCK TABLES command, or other transaction-safe storage engines -# than InnoDB in the same transaction, then a deadlock may arise which -# InnoDB cannot notice. In cases like this the timeout is useful to -# resolve the situation. -innodb_lock_wait_timeout = <%= node["percona"]["server"]["innodb_lock_wait_timeout"] %> - -# Let as many clients commit at once as necessary -# If you have a very intensive write application or if you have -# innodb_flush_logs_at_trx <> 1 it may make sense to play with this. - -# with this configuration it probably won't matter anyway, because binary -# logging is enabled, which enforces serialized commits, even when the -# isolation level isn't serializable. -innodb_commit_concurrency=0 - -innodb_open_files=2000 - -# -# * Security Features -# -# Read the manual, too, if you want chroot! -# chroot = /var/lib/mysql/ -# -# For generating SSL certificates I recommend the OpenSSL GUI "tinyca". -# -# ssl-ca=/etc/mysql/cacert.pem -# ssl-cert=/etc/mysql/server-cert.pem -# ssl-key=/etc/mysql/server-key.pem - - - -[mysqldump] -quick -quote-names -max_allowed_packet = <%= node["percona"]["server"]["max_allowed_packet"] %> - -[mysql] -#no-auto-rehash # faster start of mysql but no tab completition - -[isamchk] -key_buffer = <%= node["percona"]["server"]["key_buffer"] %> - -# -# * IMPORTANT: Additional settings that can override those from this file! -# The files must end with '.cnf', otherwise they'll be ignored. -# -<% if !node["percona"]["server"]["includedir"].empty? %> -!includedir <%= node["percona"]["server"]["includedir"] %> -<% end %> diff --git a/berks-cookbooks/percona/templates/default/replication.sql.erb b/berks-cookbooks/percona/templates/default/replication.sql.erb new file mode 100644 index 00000000..19283e10 --- /dev/null +++ b/berks-cookbooks/percona/templates/default/replication.sql.erb @@ -0,0 +1,21 @@ +-- Generated by Chef for <%= node["hostname"] %>. +-- Local modifications will be overwritten. + +GRANT REPLICATION SLAVE ON *.* TO '<%=node["percona"]["server"]["replication"]["username"]%>'@'%' + IDENTIFIED BY '<%= @replication_password %>' <% if node["percona"]["server"]["replication"]["ssl_enabled"] %>REQUIRE SSL<% end %>; +FLUSH PRIVILEGES; + +<% unless node["percona"]["server"]["replication"]["host"].empty? %> +CHANGE MASTER TO + MASTER_HOST='<%= node["percona"]["server"]["replication"]["host"] %>', + MASTER_PORT=<%= node["percona"]["server"]["replication"]["port"] %>, + MASTER_USER='<%= node["percona"]["server"]["replication"]["username"] %>', + <% if node["percona"]["server"]["replication"]["ssl_enabled"] %> + MASTER_SSL=1, + MASTER_SSL_CA='/etc/mysql/ssl/cacert.pem', + MASTER_SSL_CERT='/etc/mysql/ssl/client-cert.pem', + MASTER_SSL_KEY='/etc/mysql/ssl/client-key.pem', + <% end %> + MASTER_PASSWORD='<%= @replication_password %>'; +START SLAVE; +<% end %> diff --git a/berks-cookbooks/percona/templates/default/replication_master.sql.erb b/berks-cookbooks/percona/templates/default/replication_master.sql.erb deleted file mode 100644 index 9ed69c3d..00000000 --- a/berks-cookbooks/percona/templates/default/replication_master.sql.erb +++ /dev/null @@ -1,8 +0,0 @@ --- Generated by Chef for <%= node["hostname"] %>. --- Local modifications will be overwritten. - -GRANT REPLICATION SLAVE ON *.* TO '<%=node["percona"]["server"]["replication"]["username"]%>'@'%' - IDENTIFIED BY '<%= @replication_password %>'; -FLUSH PRIVILEGES; -STOP SLAVE; -RESET SLAVE; diff --git a/berks-cookbooks/percona/templates/default/replication_slave.sql.erb b/berks-cookbooks/percona/templates/default/replication_slave.sql.erb deleted file mode 100644 index f3feba12..00000000 --- a/berks-cookbooks/percona/templates/default/replication_slave.sql.erb +++ /dev/null @@ -1,9 +0,0 @@ --- Generated by Chef for <%= node["hostname"] %>. --- Local modifications will be overwritten. - -CHANGE MASTER TO - MASTER_HOST='<%= node["percona"]["server"]["replication"]["host"] %>', - MASTER_PORT=<%= node["percona"]["server"]["replication"]["port"] %>, - MASTER_USER='<%= node["percona"]["server"]["replication"]["username"] %>', - MASTER_PASSWORD='<%= @replication_password %>'; -START SLAVE; diff --git a/berks-cookbooks/php/CHANGELOG.md b/berks-cookbooks/php/CHANGELOG.md index ece8dcba..b56c7118 100644 --- a/berks-cookbooks/php/CHANGELOG.md +++ b/berks-cookbooks/php/CHANGELOG.md @@ -2,6 +2,31 @@ php Cookbook CHANGELOG ====================== This file is used to list changes made in each version of the php cookbook. +v1.7.2 (2015-8-24) +------------------ +- Correct spelling in fpm_pool_start_servers (was servres) + +v1.7.1 (2015-8-17) +------------------ +- Correct permissions on ext_conf_dir folder (644 -> 755) + +v1.7.0 (2015-7-31) +------------------ +- NOTICE - This version changes the way the ['php']['directives'] is placed into configuration files. Quotes are no longer automatically placed around these aditional directives. Please take care when rolling out this version. +- Allow additional PHP FPM config +- Add recipe to recompile PHP from source +- Move source dependencies to attributes file +- Misc bug fixes + +v1.6.0 (2015-7-6) +----------------- +- Added ChefSpec matchers +- Added basic PHP-FPM Support (Pre-Release) +- Added support for FreeBSD +- Updated cookbook to use MySQL 6.0 cookbook +- Update cookbook to use php5enmod on supported platforms +- Allow users to override php-mysql package + v1.5.0 (2014-10-06) ------------------- - Adding package_options attribute, utilizing in package resource diff --git a/berks-cookbooks/php/README.md b/berks-cookbooks/php/README.md index df386dec..cdd1195a 100644 --- a/berks-cookbooks/php/README.md +++ b/berks-cookbooks/php/README.md @@ -1,6 +1,11 @@ php Cookbook ============ -Installs and configures PHP 5.3 and the PEAR package management system. Also includes LWRPs for managing PEAR (and PECL) packages along with PECL channels. + +[![Join the chat at https://gitter.im/opscode-cookbooks/php](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/opscode-cookbooks/php?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) +[![Cookbook Version](https://img.shields.io/cookbook/v/php.svg)](https://supermarket.chef.io/cookbooks/php) +[![Build Status](https://travis-ci.org/opscode-cookbooks/php.svg?branch=master)](https://travis-ci.org/opscode-cookbooks/php) + +Installs and configures PHP 5.3 and the PEAR package management system. Also includes LWRPs for managing PEAR (and PECL) packages, PECL channels, and PHP-FPM pools. Requirements ------------ @@ -150,6 +155,42 @@ php_pear "YAML" do end ``` +### `php_fpm_pool` +Installs the `php-fpm` package appropriate for your distro (if using packages) +and configures a FPM pool for you. Currently only supported in Debian-family +operating systems and CentOS 7 (or at least tested with such, YMMV if you are +using source). + +Please consider FPM functionally pre-release, and test it thoroughly in your environment before using it in production + +More info: http://php.net/manual/en/install.fpm.php + +#### Actions +- :install: Installs the FPM pool (default). +- :uninstall: Removes the FPM pool. + +#### Attribute Parameters +- pool_name: name attribute. The name of the FPM pool. +- listen: The listen address. Default: `/var/run/php5-fpm.sock` +- user: The user to run the FPM under. Default should be the webserver user for + your distro. +- group: The group to run the FPM under. Default should be the webserver group + for your distro. +- process_manager: Process manager to use - see + http://php.net/manual/en/install.fpm.configuration.php. Default: `dynamic` +- max_children: Max children to scale to. Default: 5 +- start_servers: Number of servers to start the pool with. Default: 2 +- min_spare_servers: Minimum number of servers to have as spares. Default: 1 +- max_spare_servers: Maximum number of servers to have as spares. Default: 3 +- chdir: The startup working directory of the pool. Default: `/` + +#### Examples +```ruby +# Install a FPM pool named "default" +php_fpm_pool "default" do + action :install +end +``` Recipes ------- @@ -244,12 +285,12 @@ This section details "quick development" steps. For a detailed explanation, see License & Authors ----------------- -- Author:: Seth Chisamore () -- Author:: Joshua Timberman () +- Author:: Seth Chisamore () +- Author:: Joshua Timberman () - Author:: Julian C. Dunn () ```text -Copyright:: 2013, Chef Software, Inc. +Copyright:: 2013-2014, Chef Software, Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -269,29 +310,29 @@ Microsoft Windows platform only to correct an (upstream bug)[http://pear.php.net `go-pear.phar` is licensed under the (PHP License version 2.02)[http://www.php.net/license/2_02.txt]: ``` --------------------------------------------------------------------- +-------------------------------------------------------------------- The PHP License, version 2.02 Copyright (c) 1999 - 2002 The PHP Group. All rights reserved. --------------------------------------------------------------------- +-------------------------------------------------------------------- Redistribution and use in source and binary forms, with or without modification, is permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following + notice, this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - - 3. The name "PHP" must not be used to endorse or promote products - derived from this software without prior permission from the + + 3. The name "PHP" must not be used to endorse or promote products + derived from this software without prior permission from the PHP Group. This does not apply to add-on libraries or tools that work in conjunction with PHP. In such a case the PHP name may be used to indicate that the product supports PHP. - + 4. The PHP Group may publish revised and/or new versions of the license from time to time. Each version will be given a distinguishing version number. @@ -318,30 +359,30 @@ are met: modify the Zend Engine, or any portion thereof, your use of the separated or modified Zend Engine software shall not be governed by this license, and instead shall be governed by the license - set forth at http://www.zend.com/license/ZendLicense/. + set forth at http://www.zend.com/license/ZendLicense/. -THIS SOFTWARE IS PROVIDED BY THE PHP DEVELOPMENT TEAM ``AS IS'' AND +THIS SOFTWARE IS PROVIDED BY THE PHP DEVELOPMENT TEAM ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, -THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE PHP -DEVELOPMENT TEAM OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, -INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +DEVELOPMENT TEAM OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, +INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --------------------------------------------------------------------- +-------------------------------------------------------------------- This software consists of voluntary contributions made by many individuals on behalf of the PHP Group. The PHP Group can be contacted via Email at group@php.net. -For more information on the PHP Group and the PHP project, +For more information on the PHP Group and the PHP project, please see . ``` diff --git a/berks-cookbooks/php/attributes/default.rb b/berks-cookbooks/php/attributes/default.rb index 2c67f7d6..233322d3 100644 --- a/berks-cookbooks/php/attributes/default.rb +++ b/berks-cookbooks/php/attributes/default.rb @@ -1,9 +1,9 @@ # -# Author:: Seth Chisamore () +# Author:: Seth Chisamore () # Cookbook Name:: php # Attribute:: default # -# Copyright 2011, Opscode, Inc. +# Copyright 2011-2014, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -34,23 +34,51 @@ default['php']['fpm_user'] = 'nobody' default['php']['fpm_group'] = 'nobody' default['php']['ext_dir'] = "/usr/#{lib_dir}/php/modules" + default['php']['src_deps'] = %w(bzip2-devel libc-client-devel curl-devel freetype-devel gmp-devel libjpeg-devel krb5-devel libmcrypt-devel libpng-devel openssl-devel t1lib-devel mhash-devel) if node['platform_version'].to_f < 6 - default['php']['packages'] = %w{ php53 php53-devel php53-cli php-pear } + default['php']['packages'] = %w(php53 php53-devel php53-cli php-pear) + default['php']['mysql']['package'] = 'php53-mysql' else - default['php']['packages'] = %w{ php php-devel php-cli php-pear } + default['php']['packages'] = %w(php php-devel php-cli php-pear) + default['php']['mysql']['package'] = 'php-mysql' + default['php']['fpm_package'] = 'php-fpm' + default['php']['fpm_pooldir'] = '/etc/php-fpm.d' + default['php']['fpm_default_conf'] = '/etc/php-fpm.d/www.conf' + default['php']['fpm_service'] = 'php-fpm' + if node['php']['install_method'] == 'package' + default['php']['fpm_user'] = 'apache' + default['php']['fpm_group'] = 'apache' + end end when 'debian' default['php']['conf_dir'] = '/etc/php5/cli' - default['php']['ext_conf_dir'] = '/etc/php5/conf.d' + case node['platform'] + when 'ubuntu' + if node['platform_version'].to_f >= 12.10 + default['php']['ext_conf_dir'] = '/etc/php5/mods-available' + else + default['php']['ext_conf_dir'] = '/etc/php5/conf.d' + end + else + default['php']['ext_conf_dir'] = '/etc/php5/conf.d' + end + default['php']['src_deps'] = %w(libbz2-dev libc-client2007e-dev libcurl4-gnutls-dev libfreetype6-dev libgmp3-dev libjpeg62-dev libkrb5-dev libmcrypt-dev libpng12-dev libssl-dev libt1-dev) + default['php']['packages'] = %w(php5-cgi php5 php5-dev php5-cli php-pear) + default['php']['mysql']['package'] = 'php5-mysql' + default['php']['fpm_package'] = 'php5-fpm' + default['php']['fpm_pooldir'] = '/etc/php5/fpm/pool.d' default['php']['fpm_user'] = 'www-data' default['php']['fpm_group'] = 'www-data' - default['php']['packages'] = %w{ php5-cgi php5 php5-dev php5-cli php-pear } + default['php']['fpm_service'] = 'php5-fpm' + default['php']['fpm_default_conf'] = '/etc/php5/fpm/pool.d/www.conf' when 'suse' default['php']['conf_dir'] = '/etc/php5/cli' default['php']['ext_conf_dir'] = '/etc/php5/conf.d' + default['php']['src_deps'] = %w(libbz2-dev libc-client2007e-dev libcurl4-gnutls-dev libfreetype6-dev libgmp3-dev libjpeg62-dev libkrb5-dev libmcrypt-dev libpng12-dev libssl-dev libt1-dev) default['php']['fpm_user'] = 'wwwrun' default['php']['fpm_group'] = 'www' - default['php']['packages'] = %w{ apache2-mod_php5 php5-pear } + default['php']['packages'] = %w(apache2-mod_php5 php5-pear) + default['php']['mysql']['package'] = 'php5-mysql' lib_dir = node['kernel']['machine'] =~ /x86_64/ ? 'lib64' : 'lib' when 'windows' default['php']['windows']['msi_name'] = 'PHP 5.3.28' @@ -59,24 +87,34 @@ default['php']['conf_dir'] = 'C:\Program Files (x86)\PHP' default['php']['ext_conf_dir'] = node['php']['conf_dir'] # These extensions are installed by default by the GUI MSI - default['php']['packages'] = %w{ cgi ScriptExecutable PEAR - iis4FastCGI ext_php_bz2 ext_php_curl - ext_php_exif ext_php_gd2 ext_php_gettext - ext_php_gmp ext_php_imap ext_php_mbstring - ext_php_mysql ext_php_mysqli ext_php_openssl - ext_php_pdo_mysql ext_php_pdo_odbc ext_php_pdo_sqlite - ext_php_pgsql ext_php_soap ext_php_sockets - ext_php_sqlite3 ext_php_tidy ext_php_xmlrpc - } - default['php']['package_options'] = "" # Use this to customise your yum or apt command + default['php']['packages'] = %w(cgi ScriptExecutable PEAR + iis4FastCGI ext_php_bz2 ext_php_curl + ext_php_exif ext_php_gd2 ext_php_gettext + ext_php_gmp ext_php_imap ext_php_mbstring + ext_php_mysql ext_php_mysqli ext_php_openssl + ext_php_pdo_mysql ext_php_pdo_odbc ext_php_pdo_sqlite + ext_php_pgsql ext_php_soap ext_php_sockets + ext_php_sqlite3 ext_php_tidy ext_php_xmlrpc + ) + default['php']['package_options'] = '' # Use this to customise your yum or apt command default['php']['pear'] = 'pear.bat' default['php']['pecl'] = 'pecl.bat' +when 'freebsd' + default['php']['conf_dir'] = '/usr/local/etc' + default['php']['ext_conf_dir'] = '/usr/local/etc/php' + default['php']['src_deps'] = %w(libbz2-dev libc-client2007e-dev libcurl4-gnutls-dev libfreetype6-dev libgmp3-dev libjpeg62-dev libkrb5-dev libmcrypt-dev libpng12-dev libssl-dev libt1-dev) + default['php']['fpm_user'] = 'www' + default['php']['fpm_group'] = 'www' + default['php']['packages'] = %w( php56 pear ) + default['php']['mysql']['package'] = 'php56-mysqli' else default['php']['conf_dir'] = '/etc/php5/cli' default['php']['ext_conf_dir'] = '/etc/php5/conf.d' + default['php']['src_deps'] = %w(libbz2-dev libc-client2007e-dev libcurl4-gnutls-dev libfreetype6-dev libgmp3-dev libjpeg62-dev libkrb5-dev libmcrypt-dev libpng12-dev libssl-dev libt1-dev) default['php']['fpm_user'] = 'www-data' default['php']['fpm_group'] = 'www-data' - default['php']['packages'] = %w{ php5-cgi php5 php5-dev php5-cli php-pear } + default['php']['packages'] = %w(php5-cgi php5 php5-dev php5-cli php-pear) + default['php']['mysql']['package'] = 'php5-mysql' end default['php']['url'] = 'http://us1.php.net/get' @@ -84,7 +122,7 @@ default['php']['checksum'] = '378de162efdaeeb725ed38d7fe956c9f0b9084ff' default['php']['prefix_dir'] = '/usr/local' -default['php']['configure_options'] = %W{--prefix=#{php['prefix_dir']} +default['php']['configure_options'] = %W(--prefix=#{php['prefix_dir']} --with-libdir=#{lib_dir} --with-config-file-path=#{php['conf_dir']} --with-config-file-scan-dir=#{php['ext_conf_dir']} @@ -120,7 +158,7 @@ --with-mysql-sock --with-sqlite3 --with-pdo-mysql - --with-pdo-sqlite} + --with-pdo-sqlite) -default['php']['ini']['template'] = "php.ini.erb" -default['php']['ini']['cookbook'] = "php" +default['php']['ini']['template'] = 'php.ini.erb' +default['php']['ini']['cookbook'] = 'php' diff --git a/berks-cookbooks/php/libraries/helpers.rb b/berks-cookbooks/php/libraries/helpers.rb index f58873e8..24d9fcbe 100644 --- a/berks-cookbooks/php/libraries/helpers.rb +++ b/berks-cookbooks/php/libraries/helpers.rb @@ -1,5 +1,5 @@ # -# Author:: Joshua Timberman () +# Author:: Joshua Timberman () # Cookbook Name:: php # Libraries:: helpers # diff --git a/berks-cookbooks/php/libraries/matchers.rb b/berks-cookbooks/php/libraries/matchers.rb new file mode 100644 index 00000000..3546e5f4 --- /dev/null +++ b/berks-cookbooks/php/libraries/matchers.rb @@ -0,0 +1,35 @@ +if defined?(ChefSpec) + ChefSpec.define_matcher :php_pear + def install_php_pear(resource_name) + ChefSpec::Matchers::ResourceMatcher.new(:php_pear, :install, resource_name) + end + + def remove_php_pear(resource_name) + ChefSpec::Matchers::ResourceMatcher.new(:php_pear, :remove, resource_name) + end + + def upgrade_php_pear(resource_name) + ChefSpec::Matchers::ResourceMatcher.new(:php_pear, :upgrade, resource_name) + end + + def purge_php_pear(resource_name) + ChefSpec::Matchers::ResourceMatcher.new(:php_pear, :purge, resource_name) + end + + ChefSpec.define_matcher :php_pear_channel + def discover_php_pear_channel(resource_name) + ChefSpec::Matchers::ResourceMatcher.new(:php_pear_channel, :discover, resource_name) + end + + def remove_php_pear_channel(resource_name) + ChefSpec::Matchers::ResourceMatcher.new(:php_pear_channel, :remove, resource_name) + end + + def update_php_pear_channel(resource_name) + ChefSpec::Matchers::ResourceMatcher.new(:php_pear_channel, :update, resource_name) + end + + def add_php_pear_channel(resource_name) + ChefSpec::Matchers::ResourceMatcher.new(:php_pear_channel, :add, resource_name) + end +end diff --git a/berks-cookbooks/php/metadata.json b/berks-cookbooks/php/metadata.json index 63fbf2f9..0f777579 100644 --- a/berks-cookbooks/php/metadata.json +++ b/berks-cookbooks/php/metadata.json @@ -1,57 +1 @@ -{ - "name": "php", - "version": "1.5.0", - "description": "Installs and maintains php and php modules", - "long_description": "", - "maintainer": "Opscode, Inc.", - "maintainer_email": "cookbooks@opscode.com", - "license": "Apache 2.0", - "platforms": { - "debian": ">= 0.0.0", - "ubuntu": ">= 0.0.0", - "centos": ">= 0.0.0", - "redhat": ">= 0.0.0", - "fedora": ">= 0.0.0", - "scientific": ">= 0.0.0", - "amazon": ">= 0.0.0", - "windows": ">= 0.0.0", - "oracle": ">= 0.0.0" - }, - "dependencies": { - "build-essential": ">= 0.0.0", - "xml": ">= 0.0.0", - "mysql": ">= 0.0.0", - "yum-epel": ">= 0.0.0", - "windows": ">= 0.0.0", - "iis": ">= 0.0.0" - }, - "recommendations": { - }, - "suggestions": { - }, - "conflicting": { - }, - "providing": { - }, - "replacing": { - }, - "attributes": { - }, - "groupings": { - }, - "recipes": { - "php": "Installs php", - "php::package": "Installs php using packages.", - "php::source": "Installs php from source.", - "php::module_apc": "Install the php5-apc package", - "php::module_curl": "Install the php5-curl package", - "php::module_fileinfo": "Install the php5-fileinfo package", - "php::module_fpdf": "Install the php-fpdf package", - "php::module_gd": "Install the php5-gd package", - "php::module_ldap": "Install the php5-ldap package", - "php::module_memcache": "Install the php5-memcache package", - "php::module_mysql": "Install the php5-mysql package", - "php::module_pgsql": "Install the php5-pgsql packag", - "php::module_sqlite3": "Install the php5-sqlite3 package" - } -} \ No newline at end of file +{"name":"php","version":"1.7.2","description":"Installs and maintains php and php modules","long_description":"","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@getchef.com","license":"Apache 2.0","platforms":{"debian":">= 0.0.0","ubuntu":">= 0.0.0","centos":">= 0.0.0","redhat":">= 0.0.0","fedora":">= 0.0.0","scientific":">= 0.0.0","amazon":">= 0.0.0","windows":">= 0.0.0","oracle":">= 0.0.0"},"dependencies":{"build-essential":">= 0.0.0","xml":">= 0.0.0","mysql":">= 6.0.0","yum-epel":">= 0.0.0","windows":">= 0.0.0","iis":">= 0.0.0"},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{"php":"Installs php","php::package":"Installs php using packages.","php::source":"Installs php from source.","php::module_apc":"Install the php5-apc package","php::module_curl":"Install the php5-curl package","php::module_fileinfo":"Install the php5-fileinfo package","php::module_fpdf":"Install the php-fpdf package","php::module_gd":"Install the php5-gd package","php::module_ldap":"Install the php5-ldap package","php::module_memcache":"Install the php5-memcache package","php::module_mysql":"Install the php5-mysql package","php::module_pgsql":"Install the php5-pgsql packag","php::module_sqlite3":"Install the php5-sqlite3 package"}} \ No newline at end of file diff --git a/berks-cookbooks/php/providers/fpm_pool.rb b/berks-cookbooks/php/providers/fpm_pool.rb new file mode 100644 index 00000000..c44df54d --- /dev/null +++ b/berks-cookbooks/php/providers/fpm_pool.rb @@ -0,0 +1,86 @@ +# +# Author:: Chris Marchesi +# Cookbook Name:: php +# Provider:: fpm_pool +# +# Copyright:: 2015, Opscode, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +def whyrun_supported? + true +end + +def install_fpm_package + # Install the FPM pacakge for this platform, if it's available + # Fail the run if it's an unsupported OS (FPM pacakge name not populated) + # also, this is skipped for source + return if node['php']['install_method'] == 'source' + + if node['php']['fpm_package'].nil? + raise 'PHP-FPM package not found (you probably have an unsupported distro)' + else + file node['php']['fpm_default_conf'] do + action :nothing + end + package node['php']['fpm_package'] do + action :install + notifies :delete, "file[#{node['php']['fpm_default_conf']}]" + end + end +end + +def register_fpm_service + service node['php']['fpm_service'] do + action :enable + end +end + +action :install do + # Ensure the FPM pacakge is installed, and the service is registered + install_fpm_package + register_fpm_service + # I wanted to have this as a function in itself, but doing this seems to + # break testing suites? + t = template "#{node['php']['fpm_pooldir']}/#{new_resource.pool_name}.conf" do + source 'fpm-pool.conf.erb' + action :create + cookbook 'php' + variables ({ + :fpm_pool_name => new_resource.pool_name, + :fpm_pool_user => new_resource.user, + :fpm_pool_group => new_resource.group, + :fpm_pool_listen => new_resource.listen, + :fpm_pool_manager => new_resource.process_manager, + :fpm_pool_max_children => new_resource.max_children, + :fpm_pool_start_servers => new_resource.start_servers, + :fpm_pool_min_spare_servers => new_resource.min_spare_servers, + :fpm_pool_max_spare_servers => new_resource.max_spare_servers, + :fpm_pool_chdir => new_resource.chdir, + :fpm_pool_additional_config => new_resource.additional_config + }) + notifies :restart, "service[#{node['php']['fpm_package']}]" + end + new_resource.updated_by_last_action(t.updated_by_last_action?) +end + +action :uninstall do + # Ensure the FPM pacakge is installed, and the service is registered + register_fpm_service + # Delete the FPM pool. + f = file "#{node['php']['fpm_pooldir']}/#{new_resource.pool_name}" do + action :delete + end + new_resource.updated_by_last_action(f.updated_by_last_action?) +end diff --git a/berks-cookbooks/php/providers/pear.rb b/berks-cookbooks/php/providers/pear.rb index ae5a63dc..a21715b1 100644 --- a/berks-cookbooks/php/providers/pear.rb +++ b/berks-cookbooks/php/providers/pear.rb @@ -1,9 +1,9 @@ # -# Author:: Seth Chisamore +# Author:: Seth Chisamore # Cookbook Name:: php # Provider:: pear_package # -# Copyright:: 2011, Opscode, Inc +# Copyright:: 2011, Opscode, Inc # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -64,7 +64,6 @@ def whyrun_supported? Chef::Log.info("Removing #{@new_resource}") remove_package(@current_resource.package_name, @new_resource.version) end - else end end @@ -117,10 +116,9 @@ def load_current_resource def current_installed_version @current_installed_version ||= begin - v = nil version_check_cmd = "#{@bin} -d " - version_check_cmd << " preferred_state=#{can_haz(@new_resource, "preferred_state")}" - version_check_cmd << " list#{expand_channel(can_haz(@new_resource, "channel"))}" + version_check_cmd << " preferred_state=#{can_haz(@new_resource, 'preferred_state')}" + version_check_cmd << " list#{expand_channel(can_haz(@new_resource, 'channel'))}" p = shell_out(version_check_cmd) response = nil response = grep_for_version(p.stdout, @new_resource.package_name) if p.stdout =~ /\.?Installed packages/i @@ -131,9 +129,9 @@ def current_installed_version def candidate_version @candidate_version ||= begin candidate_version_cmd = "#{@bin} -d " - candidate_version_cmd << "preferred_state=#{can_haz(@new_resource, "preferred_state")}" - candidate_version_cmd << " search#{expand_channel(can_haz(@new_resource, "channel"))}" - candidate_version_cmd << "#{@new_resource.package_name}" + candidate_version_cmd << "preferred_state=#{can_haz(@new_resource, 'preferred_state')}" + candidate_version_cmd << " search#{expand_channel(can_haz(@new_resource, 'channel'))}" + candidate_version_cmd << " #{@new_resource.package_name}" p = shell_out(candidate_version_cmd) response = nil response = grep_for_version(p.stdout, @new_resource.package_name) if p.stdout =~ /\.?Matched packages/i @@ -142,32 +140,47 @@ def candidate_version end def install_package(name, version) - command = "echo \"\r\" | #{@bin} -d" - command << " preferred_state=#{can_haz(@new_resource, "preferred_state")}" + command = "printf \"\r\" | #{@bin} -d" + command << " preferred_state=#{can_haz(@new_resource, 'preferred_state')}" command << " install -a#{expand_options(@new_resource.options)}" - command << " #{prefix_channel(can_haz(@new_resource, "channel"))}#{name}" + command << " #{prefix_channel(can_haz(@new_resource, 'channel'))}#{name}" command << "-#{version}" if version && !version.empty? pear_shell_out(command) manage_pecl_ini(name, :create, can_haz(@new_resource, 'directives'), can_haz(@new_resource, 'zend_extensions')) if pecl? + enable_package(name) end def upgrade_package(name, version) - command = "echo \"\r\" | #{@bin} -d" - command << " preferred_state=#{can_haz(@new_resource, "preferred_state")}" + command = "printf \"\r\" | #{@bin} -d" + command << " preferred_state=#{can_haz(@new_resource, 'preferred_state')}" command << " upgrade -a#{expand_options(@new_resource.options)}" - command << " #{prefix_channel(can_haz(@new_resource, "channel"))}#{name}" + command << " #{prefix_channel(can_haz(@new_resource, 'channel'))}#{name}" command << "-#{version}" if version && !version.empty? pear_shell_out(command) manage_pecl_ini(name, :create, can_haz(@new_resource, 'directives'), can_haz(@new_resource, 'zend_extensions')) if pecl? + enable_package(name) end def remove_package(name, version) command = "#{@bin} uninstall" command << " #{expand_options(@new_resource.options)}" - command << " #{prefix_channel(can_haz(@new_resource, "channel"))}#{name}" + command << " #{prefix_channel(can_haz(@new_resource, 'channel'))}#{name}" command << "-#{version}" if version && !version.empty? pear_shell_out(command) - manage_pecl_ini(name, :delete) if pecl? + disable_package(name) + manage_pecl_ini(name, :delete, nil, nil) if pecl? +end + +def enable_package(name) + execute "/usr/sbin/php5enmod #{name}" do + only_if { platform?('ubuntu') && node['platform_version'].to_f >= 12.04 && ::File.exist?('/usr/sbin/php5enmod') } + end +end + +def disable_package(name) + execute "/usr/sbin/php5dismod #{name}" do + only_if { platform?('ubuntu') && node['platform_version'].to_f >= 12.04 && ::File.exist?('/usr/sbin/php5dismod') } + end end def pear_shell_out(command) @@ -216,14 +229,21 @@ def manage_pecl_ini(name, action, directives, zend_extensions) files = get_extension_files(name) extensions = Hash[ - files.map do |filepath| - rel_file = filepath.clone - rel_file.slice! ext_prefix if rel_file.start_with? ext_prefix - zend = zend_extensions.include?(rel_file) - [(zend ? filepath : rel_file) , zend] - end + files.map do |filepath| + rel_file = filepath.clone + rel_file.slice! ext_prefix if rel_file.start_with? ext_prefix + zend = zend_extensions.include?(rel_file) + [(zend ? filepath : rel_file), zend] + end ] + directory "#{node['php']['ext_conf_dir']}" do + owner 'root' + group 'root' + mode '0755' + recursive true + end + template "#{node['php']['ext_conf_dir']}/#{name}.ini" do source 'extension.ini.erb' cookbook 'php' @@ -259,9 +279,9 @@ def pecl? @pecl ||= begin # search as a pear first since most 3rd party channels will report pears as pecls! - search_args = String.new - search_args << " -d preferred_state=#{can_haz(@new_resource, "preferred_state")}" - search_args << " search#{expand_channel(can_haz(@new_resource, "channel"))} #{@new_resource.package_name}" + search_args = '' + search_args << " -d preferred_state=#{can_haz(@new_resource, 'preferred_state')}" + search_args << " search#{expand_channel(can_haz(@new_resource, 'channel'))} #{@new_resource.package_name}" if grep_for_version(shell_out(node['php']['pear'] + search_args).stdout, @new_resource.package_name) false diff --git a/berks-cookbooks/php/providers/pear_channel.rb b/berks-cookbooks/php/providers/pear_channel.rb index 34ab648c..daa4f48d 100644 --- a/berks-cookbooks/php/providers/pear_channel.rb +++ b/berks-cookbooks/php/providers/pear_channel.rb @@ -1,9 +1,9 @@ # -# Author:: Seth Chisamore +# Author:: Seth Chisamore # Cookbook Name:: php # Provider:: pear_channel # -# Copyright:: 2011, Opscode, Inc +# Copyright:: 2011, Opscode, Inc # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -84,10 +84,8 @@ def load_current_resource private def exists? - begin - shell_out!("#{node['php']['pear']} channel-info #{@current_resource.channel_name}") - true - rescue Mixlib::ShellOut::ShellCommandFailed - false - end + shell_out!("#{node['php']['pear']} channel-info #{@current_resource.channel_name}") + true +rescue Mixlib::ShellOut::ShellCommandFailed + false end diff --git a/berks-cookbooks/php/recipes/default.rb b/berks-cookbooks/php/recipes/default.rb index 38ca7f4c..e94b6c4e 100644 --- a/berks-cookbooks/php/recipes/default.rb +++ b/berks-cookbooks/php/recipes/default.rb @@ -1,10 +1,10 @@ # -# Author:: Joshua Timberman () -# Author:: Seth Chisamore () +# Author:: Joshua Timberman () +# Author:: Seth Chisamore () # Cookbook Name:: php # Recipe:: default # -# Copyright 2009-2011, Opscode, Inc. +# Copyright 2009-2014, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -30,4 +30,4 @@ action :update end -include_recipe "php::ini" +include_recipe 'php::ini' diff --git a/berks-cookbooks/php/recipes/ini.rb b/berks-cookbooks/php/recipes/ini.rb index b3d737aa..ee0f15ec 100644 --- a/berks-cookbooks/php/recipes/ini.rb +++ b/berks-cookbooks/php/recipes/ini.rb @@ -3,7 +3,7 @@ # Cookbook Name:: php # Recipe:: ini # -# Copyright 2011, Opscode, Inc. +# Copyright 2011-2014, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,12 +19,12 @@ # template "#{node['php']['conf_dir']}/php.ini" do - source node['php']['ini']['template'] - cookbook node['php']['ini']['cookbook'] - unless platform?('windows') - owner 'root' - group 'root' - mode '0644' - end - variables(:directives => node['php']['directives']) + source node['php']['ini']['template'] + cookbook node['php']['ini']['cookbook'] + unless platform?('windows') + owner 'root' + group node['root_group'] + mode '0644' + end + variables(:directives => node['php']['directives']) end diff --git a/berks-cookbooks/php/recipes/module_apc.rb b/berks-cookbooks/php/recipes/module_apc.rb index e45d7ebf..a3b69aba 100644 --- a/berks-cookbooks/php/recipes/module_apc.rb +++ b/berks-cookbooks/php/recipes/module_apc.rb @@ -1,10 +1,10 @@ # -# Author:: Joshua Timberman () -# Author:: Seth Chisamore () +# Author:: Joshua Timberman () +# Author:: Seth Chisamore () # Cookbook Name:: php # Recipe:: module_apc # -# Copyright 2009-2011, Opscode, Inc. +# Copyright 2009-2014, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,7 +21,7 @@ case node['platform_family'] when 'rhel', 'fedora' - %w{ httpd-devel pcre pcre-devel }.each do |pkg| + %w(httpd-devel pcre pcre-devel).each do |pkg| package pkg do action :install end diff --git a/berks-cookbooks/php/recipes/module_curl.rb b/berks-cookbooks/php/recipes/module_curl.rb index 3848672e..7fa7abd4 100644 --- a/berks-cookbooks/php/recipes/module_curl.rb +++ b/berks-cookbooks/php/recipes/module_curl.rb @@ -1,10 +1,10 @@ # -# Author:: Joshua Timberman () -# Author:: Seth Chisamore () +# Author:: Joshua Timberman () +# Author:: Seth Chisamore () # Cookbook Name:: php # Recipe:: module_curl # -# Copyright 2009-2011, Opscode, Inc. +# Copyright 2009-2014, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/php/recipes/module_fpdf.rb b/berks-cookbooks/php/recipes/module_fpdf.rb index 519fe934..673de15c 100644 --- a/berks-cookbooks/php/recipes/module_fpdf.rb +++ b/berks-cookbooks/php/recipes/module_fpdf.rb @@ -1,10 +1,10 @@ # -# Author:: Joshua Timberman () -# Author:: Seth Chisamore () +# Author:: Joshua Timberman () +# Author:: Seth Chisamore () # Cookbook Name:: php # Recipe:: module_fpdf # -# Copyright 2009-2011, Opscode, Inc. +# Copyright 2009-2014, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/php/recipes/module_gd.rb b/berks-cookbooks/php/recipes/module_gd.rb index 14823237..4236389b 100644 --- a/berks-cookbooks/php/recipes/module_gd.rb +++ b/berks-cookbooks/php/recipes/module_gd.rb @@ -1,10 +1,10 @@ # -# Author:: Joshua Timberman () -# Author:: Seth Chisamore () +# Author:: Joshua Timberman () +# Author:: Seth Chisamore () # Cookbook Name:: php # Recipe:: module_gd # -# Copyright 2009-2011, Opscode, Inc. +# Copyright 2009-2014, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -24,6 +24,9 @@ el5_range => 'php53-gd', 'default' => 'php-gd' }, + 'freebsd' => { + 'default' => 'php56-gd' + }, 'default' => 'php5-gd' ) diff --git a/berks-cookbooks/php/recipes/module_ldap.rb b/berks-cookbooks/php/recipes/module_ldap.rb index bb919ed9..0b8e8bff 100644 --- a/berks-cookbooks/php/recipes/module_ldap.rb +++ b/berks-cookbooks/php/recipes/module_ldap.rb @@ -1,10 +1,10 @@ # -# Author:: Joshua Timberman () -# Author:: Seth Chisamore () +# Author:: Joshua Timberman () +# Author:: Seth Chisamore () # Cookbook Name:: php # Recipe:: module_ldap # -# Copyright 2009-2011, Opscode, Inc. +# Copyright 2009-2014, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/php/recipes/module_memcache.rb b/berks-cookbooks/php/recipes/module_memcache.rb index 8f3669ca..4c05266c 100644 --- a/berks-cookbooks/php/recipes/module_memcache.rb +++ b/berks-cookbooks/php/recipes/module_memcache.rb @@ -1,10 +1,10 @@ # -# Author:: Joshua Timberman () -# Author:: Seth Chisamore () +# Author:: Joshua Timberman () +# Author:: Seth Chisamore () # Cookbook Name:: php # Recipe:: module_memcache # -# Copyright 2009-2011, Opscode, Inc. +# Copyright 2009-2014, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,7 +21,7 @@ case node['platform_family'] when 'rhel', 'fedora' - %w{ zlib-devel }.each do |pkg| + %w(zlib-devel).each do |pkg| package pkg do action :install end diff --git a/berks-cookbooks/php/recipes/module_mysql.rb b/berks-cookbooks/php/recipes/module_mysql.rb index 44a8b800..7b7d2abd 100644 --- a/berks-cookbooks/php/recipes/module_mysql.rb +++ b/berks-cookbooks/php/recipes/module_mysql.rb @@ -1,10 +1,10 @@ # -# Author:: Joshua Timberman () -# Author:: Seth Chisamore () +# Author:: Joshua Timberman () +# Author:: Seth Chisamore () # Cookbook Name:: php # Recipe:: module_mysql # -# Copyright 2009-2011, Opscode, Inc. +# Copyright 2009-2014, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,14 +19,6 @@ # limitations under the License. # -pkg = value_for_platform( - %w(centos redhat scientific fedora amazon oracle) => { - el5_range => 'php53-mysql', - 'default' => 'php-mysql' - }, - 'default' => 'php5-mysql' -) - -package pkg do +package node['php']['mysql']['package'] do action :install end diff --git a/berks-cookbooks/php/recipes/module_pgsql.rb b/berks-cookbooks/php/recipes/module_pgsql.rb index fef279eb..f7837d8d 100644 --- a/berks-cookbooks/php/recipes/module_pgsql.rb +++ b/berks-cookbooks/php/recipes/module_pgsql.rb @@ -1,10 +1,10 @@ # -# Author:: Joshua Timberman () -# Author:: Seth Chisamore () +# Author:: Joshua Timberman () +# Author:: Seth Chisamore () # Cookbook Name:: php # Recipe:: module_pgsql # -# Copyright 2009-2011, Opscode, Inc. +# Copyright 2009-2014, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/php/recipes/module_sqlite3.rb b/berks-cookbooks/php/recipes/module_sqlite3.rb index 2542d527..5d887c1e 100644 --- a/berks-cookbooks/php/recipes/module_sqlite3.rb +++ b/berks-cookbooks/php/recipes/module_sqlite3.rb @@ -1,10 +1,10 @@ # -# Author:: Joshua Timberman () -# Author:: Seth Chisamore () +# Author:: Joshua Timberman () +# Author:: Seth Chisamore () # Cookbook Name:: php # Recipe:: module_sqlite3 # -# Copyright 2009-2011, Opscode, Inc. +# Copyright 2009-2014, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/php/recipes/package.rb b/berks-cookbooks/php/recipes/package.rb index 890c83b5..06799efb 100644 --- a/berks-cookbooks/php/recipes/package.rb +++ b/berks-cookbooks/php/recipes/package.rb @@ -1,10 +1,10 @@ # -# Author:: Seth Chisamore () -# Author:: Lucas Hansen () +# Author:: Seth Chisamore () +# Author:: Lucas Hansen () # Cookbook Name:: php # Recipe:: package # -# Copyright 2013, Opscode, Inc. +# Copyright 2013-2014, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -28,11 +28,11 @@ source node['php']['windows']['msi_source'] installer_type :msi - options %W[ - /quiet - INSTALLDIR="#{install_dir}" - ADDLOCAL=#{node['php']['packages'].join(',')} - ].join(' ') + options %W( + /quiet + INSTALLDIR="#{install_dir}" + ADDLOCAL=#{node['php']['packages'].join(',')} + ).join(' ') end # WARNING: This is not the out-of-the-box go-pear.phar. It's been modified to patch this bug: @@ -63,4 +63,4 @@ end end -include_recipe "php::ini" +include_recipe 'php::ini' diff --git a/berks-cookbooks/php/recipes/recompile.rb b/berks-cookbooks/php/recipes/recompile.rb new file mode 100644 index 00000000..1a090cd9 --- /dev/null +++ b/berks-cookbooks/php/recipes/recompile.rb @@ -0,0 +1,51 @@ +# +# Author:: David Kinzer () +# Cookbook Name:: php +# Recipe:: recompile +# +# Copyright 2014, David Kinzer +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +version = node['php']['version'] +configure_options = node['php']['configure_options'].join(' ') +ext_dir_prefix = node['php']['ext_dir'] ? "EXTENSION_DIR=#{node['php']['ext_dir']}" : '' + +node['php']['src_deps'].each do |pkg| + package pkg do + action 'install' + end +end + +remote_file "#{Chef::Config[:file_cache_path]}/php-#{version}.tar.gz" do + source "#{node['php']['url']}/php-#{version}.tar.gz/from/this/mirror" + checksum node['php']['checksum'] + mode '0644' + action 'create_if_missing' +end + +bash 'un-pack php' do + cwd Chef::Config[:file_cache_path] + code "tar -zxf php-#{version}.tar.gz" + creates "#{node['php']['url']}/php-#{version}" +end + +bash 're-build php' do + cwd "#{Chef::Config[:file_cache_path]}/php-#{version}" + code <<-EOF + (make clean) + (#{ext_dir_prefix} ./configure #{configure_options}) + (make && make install) + EOF +end diff --git a/berks-cookbooks/php/recipes/source.rb b/berks-cookbooks/php/recipes/source.rb index 48050347..9825911c 100644 --- a/berks-cookbooks/php/recipes/source.rb +++ b/berks-cookbooks/php/recipes/source.rb @@ -1,9 +1,9 @@ # -# Author:: Seth Chisamore () +# Author:: Seth Chisamore () # Cookbook Name:: php # Recipe:: package # -# Copyright 2011, Opscode, Inc. +# Copyright 2011-2014, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,16 +22,14 @@ include_recipe 'build-essential' include_recipe 'xml' -include_recipe 'mysql::client' if configure_options =~ /mysql/ include_recipe 'yum-epel' if node['platform_family'] == 'rhel' -pkgs = value_for_platform_family( - %w{ rhel fedora } => %w{ bzip2-devel libc-client-devel curl-devel freetype-devel gmp-devel libjpeg-devel krb5-devel libmcrypt-devel libpng-devel openssl-devel t1lib-devel mhash-devel }, - %w{ debian ubuntu } => %w{ libbz2-dev libc-client2007e-dev libcurl4-gnutls-dev libfreetype6-dev libgmp3-dev libjpeg62-dev libkrb5-dev libmcrypt-dev libpng12-dev libssl-dev libt1-dev }, - 'default' => %w{ libbz2-dev libc-client2007e-dev libcurl4-gnutls-dev libfreetype6-dev libgmp3-dev libjpeg62-dev libkrb5-dev libmcrypt-dev libpng12-dev libssl-dev libt1-dev } - ) +mysql_client 'default' do + action :create + only_if { configure_options =~ /mysql/ } +end -pkgs.each do |pkg| +node['php']['src_deps'].each do |pkg| package pkg do action :install end @@ -82,4 +80,4 @@ recursive true end -include_recipe "php::ini" +include_recipe 'php::ini' diff --git a/berks-cookbooks/php/resources/fpm_pool.rb b/berks-cookbooks/php/resources/fpm_pool.rb new file mode 100644 index 00000000..0a6c6ab5 --- /dev/null +++ b/berks-cookbooks/php/resources/fpm_pool.rb @@ -0,0 +1,34 @@ +# +# Author:: Chris Marchesi +# Cookbook Name:: php +# Resource:: fpm_pool +# +# Copyright:: 2015, Opscode, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +default_action :install +actions :install, :uninstall + +attribute :pool_name, :kind_of => String, :name_attribute => true +attribute :listen, :default => '/var/run/php5-fpm.sock' +attribute :user, :kind_of => String, :default => node['php']['fpm_user'] +attribute :group, :kind_of => String, :default => node['php']['fpm_user'] +attribute :process_manager, :kind_of => String, :default => 'dynamic' +attribute :max_children, :kind_of => Integer, :default => 5 +attribute :start_servers, :kind_of => Integer, :default => 2 +attribute :min_spare_servers, :kind_of => Integer, :default => 1 +attribute :max_spare_servers, :kind_of => Integer, :default => 3 +attribute :chdir, :kind_of => String, :default => '/' +attribute :additional_config, :kind_of => Hash, :default => {} diff --git a/berks-cookbooks/php/resources/pear.rb b/berks-cookbooks/php/resources/pear.rb index d5485319..90523934 100644 --- a/berks-cookbooks/php/resources/pear.rb +++ b/berks-cookbooks/php/resources/pear.rb @@ -1,9 +1,9 @@ # -# Author:: Seth Chisamore +# Author:: Seth Chisamore # Cookbook Name:: php # Resource:: pear_package # -# Copyright:: 2011, Opscode, Inc +# Copyright:: 2011-2014, Chef Software, Inc # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,6 +21,14 @@ default_action :install actions :install, :upgrade, :remove, :purge +state_attrs :channel, + :directives, + :options, + :package_name, + :preferred_state, + :version, + :zend_extensions + attribute :package_name, :kind_of => String, :name_attribute => true attribute :version, :default => nil attribute :channel, :kind_of => String diff --git a/berks-cookbooks/php/resources/pear_channel.rb b/berks-cookbooks/php/resources/pear_channel.rb index 2a88f05b..33c33f93 100644 --- a/berks-cookbooks/php/resources/pear_channel.rb +++ b/berks-cookbooks/php/resources/pear_channel.rb @@ -1,9 +1,9 @@ # -# Author:: Seth Chisamore +# Author:: Seth Chisamore # Cookbook Name:: php # Resource:: pear_channel # -# Copyright:: 2011, Opscode, Inc +# Copyright:: 2011-2014, Chef Software, Inc # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,6 +21,9 @@ default_action :discover actions :discover, :add, :update, :remove +state_attrs :channel_name, + :channel_xml + attribute :channel_name, :kind_of => String, :name_attribute => true attribute :channel_xml, :kind_of => String diff --git a/berks-cookbooks/php/templates/centos/php.ini.erb b/berks-cookbooks/php/templates/centos/php.ini.erb index c84d60d0..a9e5d16b 100644 --- a/berks-cookbooks/php/templates/centos/php.ini.erb +++ b/berks-cookbooks/php/templates/centos/php.ini.erb @@ -1221,5 +1221,5 @@ soap.wsdl_cache_ttl=86400 ; End: <% @directives.sort_by { |key, val| key }.each do |directive, value| -%> -<%= "#{directive}=\"#{value}\"" %> +<%= "#{directive}=#{value}" %> <% end -%> diff --git a/berks-cookbooks/php/templates/debian/php.ini.erb b/berks-cookbooks/php/templates/debian/php.ini.erb index 1bd0a47f..95889254 100644 --- a/berks-cookbooks/php/templates/debian/php.ini.erb +++ b/berks-cookbooks/php/templates/debian/php.ini.erb @@ -1853,5 +1853,5 @@ ldap.max_links = -1 ; End: <% @directives.sort_by { |key, val| key }.each do |directive, value| -%> -<%= "#{directive}=\"#{value}\"" %> +<%= "#{directive}=#{value}" %> <% end -%> diff --git a/berks-cookbooks/php/templates/default/extension.ini.erb b/berks-cookbooks/php/templates/default/extension.ini.erb index 11a9830c..13c51223 100644 --- a/berks-cookbooks/php/templates/default/extension.ini.erb +++ b/berks-cookbooks/php/templates/default/extension.ini.erb @@ -3,5 +3,5 @@ <%= 'zend_' if zend %>extension=<%= filepath %> <% end -%> <% @directives.each do |k,v| -%> -<%= "#{@name}.#{k}=\"#{v}\"" %> +<%= "#{@name}.#{k}=#{v}" %> <% end -%> diff --git a/berks-cookbooks/php/templates/default/fpm-pool.conf.erb b/berks-cookbooks/php/templates/default/fpm-pool.conf.erb new file mode 100644 index 00000000..aa01b8f2 --- /dev/null +++ b/berks-cookbooks/php/templates/default/fpm-pool.conf.erb @@ -0,0 +1,15 @@ +[<%= @fpm_pool_name %>] +user = <%= @fpm_pool_user %> +group = <%= @fpm_pool_group %> +listen = <%= @fpm_pool_listen %> +listen.owner = <%= @fpm_pool_user %> +listen.group = <%= @fpm_pool_group %> +pm = <%= @fpm_pool_manager %> +pm.max_children = <%= @fpm_pool_max_children %> +pm.start_servers = <%= @fpm_pool_start_servers %> +pm.min_spare_servers = <%= @fpm_pool_min_spare_servers %> +pm.max_spare_servers = <%= @fpm_pool_max_spare_servers %> +chdir = <%= @fpm_pool_chdir %> +<% @fpm_pool_additional_config.each do |key, value| %> +<%= key %> = <%= value %> +<% end %> diff --git a/berks-cookbooks/php/templates/default/php.ini.erb b/berks-cookbooks/php/templates/default/php.ini.erb index 55efd4c0..7fcb3b7c 100644 --- a/berks-cookbooks/php/templates/default/php.ini.erb +++ b/berks-cookbooks/php/templates/default/php.ini.erb @@ -1896,5 +1896,5 @@ ldap.max_links = -1 ; End: <% @directives.sort_by { |key, val| key }.each do |directive, value| -%> -<%= "#{directive}=\"#{value}\"" %> +<%= "#{directive}=#{value}" %> <% end -%> diff --git a/berks-cookbooks/php/templates/redhat/php.ini.erb b/berks-cookbooks/php/templates/redhat/php.ini.erb index c84d60d0..a9e5d16b 100644 --- a/berks-cookbooks/php/templates/redhat/php.ini.erb +++ b/berks-cookbooks/php/templates/redhat/php.ini.erb @@ -1221,5 +1221,5 @@ soap.wsdl_cache_ttl=86400 ; End: <% @directives.sort_by { |key, val| key }.each do |directive, value| -%> -<%= "#{directive}=\"#{value}\"" %> +<%= "#{directive}=#{value}" %> <% end -%> diff --git a/berks-cookbooks/php/templates/ubuntu/php.ini.erb b/berks-cookbooks/php/templates/ubuntu/php.ini.erb index 1bd0a47f..95889254 100644 --- a/berks-cookbooks/php/templates/ubuntu/php.ini.erb +++ b/berks-cookbooks/php/templates/ubuntu/php.ini.erb @@ -1853,5 +1853,5 @@ ldap.max_links = -1 ; End: <% @directives.sort_by { |key, val| key }.each do |directive, value| -%> -<%= "#{directive}=\"#{value}\"" %> +<%= "#{directive}=#{value}" %> <% end -%> diff --git a/berks-cookbooks/php/templates/windows/php.ini.erb b/berks-cookbooks/php/templates/windows/php.ini.erb index e492f09c..0a0caaa9 100644 --- a/berks-cookbooks/php/templates/windows/php.ini.erb +++ b/berks-cookbooks/php/templates/windows/php.ini.erb @@ -1931,5 +1931,5 @@ extension=php_exif.dll include_path=".;<%= node['php']['conf_dir'].gsub('/', '\\') %>" <% @directives.each do |directive, value| -%> -<%= "#{directive}=\"#{value}\"" %> +<%= "#{directive}=#{value}" %> <% end -%> diff --git a/berks-cookbooks/postfix/CHANGELOG.md b/berks-cookbooks/postfix/CHANGELOG.md index 173cbad8..b2f7f2e4 100644 --- a/berks-cookbooks/postfix/CHANGELOG.md +++ b/berks-cookbooks/postfix/CHANGELOG.md @@ -2,6 +2,11 @@ postfix Cookbook CHANGELOG ========================== This file is used to list changes made in each version of the postfix cookbook. +v3.7.0 (2015-04-30) +------------------- +- Adding support for relay restrictions +- Update chefspec and serverspec tests + v3.6.2 (2014-10-31) ------------------- - Fix FreeBSDisms @@ -71,47 +76,47 @@ v3.1.4 (2014-02-27) v3.1.2 (2014-02-19) ------------------- ### Bug -- **[COOK-4357](https://tickets.opscode.com/browse/COOK-4357)** - postfix::sasl_auth recipe fails to converge +- **[COOK-4357](https://tickets.chef.io/browse/COOK-4357)** - postfix::sasl_auth recipe fails to converge v3.1.0 (2014-02-19) ------------------- ### Bug -- **[COOK-4322](https://tickets.opscode.com/browse/COOK-4322)** - Postfix cookbook has incorrect default path for sasl_passwd +- **[COOK-4322](https://tickets.chef.io/browse/COOK-4322)** - Postfix cookbook has incorrect default path for sasl_passwd ### New Feature -- **[COOK-4086](https://tickets.opscode.com/browse/COOK-4086)** - use conf_dir attribute for sasl recipe, and add omnios support -- **[COOK-2551](https://tickets.opscode.com/browse/COOK-2551)** - Support creating the sender_canonical map file +- **[COOK-4086](https://tickets.chef.io/browse/COOK-4086)** - use conf_dir attribute for sasl recipe, and add omnios support +- **[COOK-2551](https://tickets.chef.io/browse/COOK-2551)** - Support creating the sender_canonical map file v3.0.4 ------ ### Bug -- **[COOK-3824](https://tickets.opscode.com/browse/COOK-3824)** - main.cf.erb mishandles lists +- **[COOK-3824](https://tickets.chef.io/browse/COOK-3824)** - main.cf.erb mishandles lists ### Improvement -- **[COOK-3822](https://tickets.opscode.com/browse/COOK-3822)** - postfix cookbook readme has an incorrect example +- **[COOK-3822](https://tickets.chef.io/browse/COOK-3822)** - postfix cookbook readme has an incorrect example - Got rubocop errors down to 32 ### New Feature -- **[COOK-2551](https://tickets.opscode.com/browse/COOK-2551)** - Support creating the sender_canonical map file +- **[COOK-2551](https://tickets.chef.io/browse/COOK-2551)** - Support creating the sender_canonical map file v3.0.2 ------ ### Bug -- **[COOK-3617](https://tickets.opscode.com/browse/COOK-3617)** - Fix error when no there is no FQDN -- **[COOK-3530](https://tickets.opscode.com/browse/COOK-3530)** - Update `client.rb` after 3.0.0 refactor -- **[COOK-2499](https://tickets.opscode.com/browse/COOK-2499)** - Do not use resource cloning +- **[COOK-3617](https://tickets.chef.io/browse/COOK-3617)** - Fix error when no there is no FQDN +- **[COOK-3530](https://tickets.chef.io/browse/COOK-3530)** - Update `client.rb` after 3.0.0 refactor +- **[COOK-2499](https://tickets.chef.io/browse/COOK-2499)** - Do not use resource cloning ### Improvement -- **[COOK-3116](https://tickets.opscode.com/browse/COOK-3116)** - Add SmartOS support +- **[COOK-3116](https://tickets.chef.io/browse/COOK-3116)** - Add SmartOS support v3.0.0 ------ ### Improvement -- **[COOK-3328](https://tickets.opscode.com/browse/COOK-3328)** - Postfix main/master and attributes refactor +- **[COOK-3328](https://tickets.chef.io/browse/COOK-3328)** - Postfix main/master and attributes refactor **Breaking changes**: - Attributes are namespaced as `node['postfix']`, `node['postfix']['main']`, and `node['postfix']['master']`. diff --git a/berks-cookbooks/postfix/README.md b/berks-cookbooks/postfix/README.md index bce9a32b..586881aa 100644 --- a/berks-cookbooks/postfix/README.md +++ b/berks-cookbooks/postfix/README.md @@ -29,6 +29,7 @@ See `attributes/default.rb` for default values. * `node['postfix']['use_transport_maps']` - set to true if you want the cookbook to use/configure transport maps * `node['postfix']['use_access_maps']` - set to true if you want the cookbook to use/configure access maps * `node['postfix']['use_virtual_aliases']` - set to true if you want the cookbook to use/configure virtual alias maps +* `node['postfix']['use_relay_restrictions_maps']` - set to true if you want the cookbook to use/configure a list of domains to which postfix will allow relay * `node['postfix']['aliases']` - hash of aliases to create with `recipe[postfix::aliases]`, see below under __Recipes__ for more information. * `node['postfix']['transports']` - hash of transports to create with `recipe[postfix::transports]`, see below under __Recipes__ for more information. * `node['postfix']['access']` - hash of access to create with `recipe[postfix::access]`, see below under __Recipes__ for more information. @@ -121,8 +122,12 @@ Manage `/etc/postfix/access` with this recipe. ### virtual_aliases Manage `/etc/postfix/virtual` with this recipe. +### relay_restrictions +Manage `/etc/postfix/relay_restriction` with this recipe +The postfix option smtpd_relay_restrictions in main.cf will point to this hash map db. -http://wiki.opscode.com/display/chef/Templates#Templates-TemplateLocationSpecificity + +http://wiki.chef.io/display/chef/Templates#Templates-TemplateLocationSpecificity Usage @@ -268,9 +273,24 @@ override_attributes( ) ``` +To use relay restrictions override the relay restrictions attribute in this format: + +```ruby +override_attributes( + "postfix" => { + "use_relay_restrictions_maps" => true, + "relay_restrictions" => { + "chef.io" => "OK", + ".chef.io" => "OK", + "example.com" => "OK" + } + } +) +``` + License & Authors ----------------- -- Author:: Joshua Timberman +- Author:: Joshua Timberman ```text Copyright:: 2009-2014, Chef Software, Inc diff --git a/berks-cookbooks/postfix/attributes/default.rb b/berks-cookbooks/postfix/attributes/default.rb index e8269327..f14a4cf2 100644 --- a/berks-cookbooks/postfix/attributes/default.rb +++ b/berks-cookbooks/postfix/attributes/default.rb @@ -1,5 +1,5 @@ # encoding: utf-8 -# Author:: Joshua Timberman +# Author:: Joshua Timberman # Copyright:: Copyright 2009-2014, Chef Software, Inc. # License:: Apache License, Version 2.0 # @@ -25,6 +25,7 @@ default['postfix']['use_access_maps'] = false default['postfix']['use_virtual_aliases'] = false default['postfix']['use_virtual_aliases_domains'] = false +default['postfix']['use_relay_restirictions_maps'] = false default['postfix']['transports'] = {} default['postfix']['access'] = {} default['postfix']['virtual_aliases'] = {} @@ -47,6 +48,7 @@ default['postfix']['access_db'] = '/opt/local/etc/postfix/access' default['postfix']['virtual_alias_db'] = '/opt/local/etc/postfix/virtual' default['postfix']['virtual_alias_domains_db'] = '/opt/local/etc/postfix/virtual_domains' + default['postfix']['relay_restrictions_db'] = '/opt/local/etc/postfix/relay_restrictions' when 'freebsd' default['postfix']['conf_dir'] = '/usr/local/etc/postfix' default['postfix']['aliases_db'] = '/etc/aliases' @@ -54,6 +56,7 @@ default['postfix']['access_db'] = '/usr/local/etc/postfix/access' default['postfix']['virtual_alias_db'] = '/usr/local/etc/postfix/virtual' default['postfix']['virtual_alias_domains_db'] = '/usr/local/etc/postfix/virtual_domains' + default['postfix']['relay_restrictions_db'] = '/etc/postfix/relay_restrictions' when 'omnios' default['postfix']['conf_dir'] = '/opt/omni/etc/postfix' default['postfix']['aliases_db'] = '/opt/omni/etc/postfix/aliases' @@ -61,6 +64,7 @@ default['postfix']['access_db'] = '/opt/omni/etc/postfix/access' default['postfix']['virtual_alias_db'] = '/etc/omni/etc/postfix/virtual' default['postfix']['virtual_alias_domains_db'] = '/etc/omni/etc/postfix/virtual_domains' + default['postfix']['relay_restrictions_db'] = '/opt/omni/etc/postfix/relay_restrictions' default['postfix']['uid'] = 11 else default['postfix']['conf_dir'] = '/etc/postfix' @@ -69,6 +73,7 @@ default['postfix']['access_db'] = '/etc/postfix/access' default['postfix']['virtual_alias_db'] = '/etc/postfix/virtual' default['postfix']['virtual_alias_domains_db'] = '/etc/postfix/virtual_domains' + default['postfix']['relay_restrictions_db'] = '/etc/postfix/relay_restrictions' end # Non-default main.cf attributes @@ -87,6 +92,8 @@ # Conditional attributes, also reference _attributes recipe case node['platform_family'] +when 'debian' + default['postfix']['cafile'] = '/etc/ssl/certs/ca-certificates.crt' when 'smartos' default['postfix']['main']['smtpd_use_tls'] = 'no' default['postfix']['main']['smtp_use_tls'] = 'no' @@ -113,7 +120,6 @@ # Master.cf attributes default['postfix']['master']['submission'] = false - # OS Aliases case node['platform'] when 'freebsd' @@ -135,3 +141,8 @@ else default['postfix']['aliases'] = {} end + +if node['postfix']['use_relay_restirictions_maps'] + default['postfix']['main']['smtpd_relay_restrictions'] = "hash:#{node['postfix']['relay_restrictions_db']}, reject" +end + diff --git a/berks-cookbooks/postfix/metadata.json b/berks-cookbooks/postfix/metadata.json index 256f8424..5371d014 100644 --- a/berks-cookbooks/postfix/metadata.json +++ b/berks-cookbooks/postfix/metadata.json @@ -1,89 +1 @@ -{ - "name": "postfix", - "version": "3.6.2", - "description": "Installs and configures postfix for client or outbound relayhost, or to do SASL auth", - "long_description": "", - "maintainer": "Chef Software, Inc.", - "maintainer_email": "cookbooks@getchef.com", - "license": "Apache 2.0", - "platforms": { - "ubuntu": ">= 0.0.0", - "debian": ">= 0.0.0", - "redhat": ">= 0.0.0", - "centos": ">= 0.0.0", - "amazon": ">= 0.0.0", - "scientific": ">= 0.0.0", - "smartos": ">= 0.0.0" - }, - "dependencies": { - }, - "recommendations": { - }, - "suggestions": { - }, - "conflicting": { - }, - "providing": { - }, - "replacing": { - }, - "attributes": { - "postfix/main": { - "display_name": "postfix/main", - "description": "Hash of Postfix main.cf attributes", - "type": "hash" - }, - "postfix/aliases": { - "display_name": "Postfix Aliases", - "description": "Hash of Postfix aliases mapping a name to a value. Example 'root' => 'operator@example.com'. See aliases man page for details.", - "type": "hash" - }, - "postfix/transports": { - "display_name": "Postfix Transports", - "description": "Hash of Postfix transports mapping a destination to a smtp server. Example 'my.domain' => 'smtp:outbound-relay.my.domain'. See transport man page for details.", - "type": "hash" - }, - "postfix/access": { - "display_name": "Postfix Access Table", - "description": "Hash of Postfix accesses mapping a pattern to a action. Example 'domain.tld' => 'OK'. See access man page for details.", - "type": "hash" - }, - "postfix/mail_type": { - "display_name": "Postfix Mail Type", - "description": "Is this node a client or server?", - "default": "client" - }, - "postfix/smtp_sasl_user_name": { - "display_name": "Postfix SMTP SASL Username", - "description": "User to auth SMTP via SASL", - "default": "" - }, - "postfix/smtp_sasl_passwd": { - "display_name": "Postfix SMTP SASL Password", - "description": "Password for smtp_sasl_user_name", - "default": "" - }, - "postfix/relayhost_role": { - "display_name": "Postfix Relayhost's role", - "description": "String containing the role name", - "default": "relayhost" - }, - "postfix/use_procmail": { - "display_name": "Postfix Use procmail?", - "description": "Whether procmail should be used as the local delivery agent for a server", - "default": "no" - } - }, - "groupings": { - }, - "recipes": { - "postfix": "Installs and configures postfix", - "postfix::sasl_auth": "Set up postfix to auth to a server with sasl", - "postfix::aliases": "Manages /etc/aliases", - "postfix::transports": "Manages /etc/postfix/transport", - "postfix::access": "Manages /etc/postfix/access", - "postfix::virtual_aliases": "Manages /etc/postfix/virtual", - "postfix::client": "Searches for the relayhost based on an attribute", - "postfix::server": "Sets the mail_type attribute to master" - } -} \ No newline at end of file +{"name":"postfix","version":"3.7.0","description":"Installs and configures postfix for client or outbound relayhost, or to do SASL auth","long_description":"","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache 2.0","platforms":{"ubuntu":">= 0.0.0","debian":">= 0.0.0","redhat":">= 0.0.0","centos":">= 0.0.0","amazon":">= 0.0.0","scientific":">= 0.0.0","smartos":">= 0.0.0"},"dependencies":{},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{"postfix/main":{"display_name":"postfix/main","description":"Hash of Postfix main.cf attributes","type":"hash"},"postfix/aliases":{"display_name":"Postfix Aliases","description":"Hash of Postfix aliases mapping a name to a value. Example 'root' => 'operator@example.com'. See aliases man page for details.","type":"hash"},"postfix/transports":{"display_name":"Postfix Transports","description":"Hash of Postfix transports mapping a destination to a smtp server. Example 'my.domain' => 'smtp:outbound-relay.my.domain'. See transport man page for details.","type":"hash"},"postfix/access":{"display_name":"Postfix Access Table","description":"Hash of Postfix accesses mapping a pattern to a action. Example 'domain.tld' => 'OK'. See access man page for details.","type":"hash"},"postfix/mail_type":{"display_name":"Postfix Mail Type","description":"Is this node a client or server?","default":"client"},"postfix/smtp_sasl_user_name":{"display_name":"Postfix SMTP SASL Username","description":"User to auth SMTP via SASL","default":""},"postfix/smtp_sasl_passwd":{"display_name":"Postfix SMTP SASL Password","description":"Password for smtp_sasl_user_name","default":""},"postfix/relayhost_role":{"display_name":"Postfix Relayhost's role","description":"String containing the role name","default":"relayhost"},"postfix/use_procmail":{"display_name":"Postfix Use procmail?","description":"Whether procmail should be used as the local delivery agent for a server","default":"no"}},"groupings":{},"recipes":{"postfix":"Installs and configures postfix","postfix::sasl_auth":"Set up postfix to auth to a server with sasl","postfix::aliases":"Manages /etc/aliases","postfix::transports":"Manages /etc/postfix/transport","postfix::access":"Manages /etc/postfix/access","postfix::virtual_aliases":"Manages /etc/postfix/virtual","postfix::client":"Searches for the relayhost based on an attribute","postfix::server":"Sets the mail_type attribute to master"},"source_url":"https://github.com/opscode-cookbooks/postfix","issues_url":"https://github.com/opscode-cookbooks/postfix/issues"} \ No newline at end of file diff --git a/berks-cookbooks/postfix/recipes/_attributes.rb b/berks-cookbooks/postfix/recipes/_attributes.rb index 0a84eeaf..01d7ca84 100644 --- a/berks-cookbooks/postfix/recipes/_attributes.rb +++ b/berks-cookbooks/postfix/recipes/_attributes.rb @@ -40,15 +40,15 @@ end if node['postfix']['use_alias_maps'] - node.default['postfix']['main']['alias_maps'] = ["hash:#{node['postfix']['aliases_db']}"] + node.default['postfix']['main']['alias_maps'] = ["hash:#{node['postfix']['aliases_db']}"] end if node['postfix']['use_transport_maps'] - node.default['postfix']['main']['transport_maps'] = ["hash:#{node['postfix']['transport_db']}"] + node.default['postfix']['main']['transport_maps'] = ["hash:#{node['postfix']['transport_db']}"] end if node['postfix']['use_access_maps'] - node.default['postfix']['main']['access_maps'] = ["hash:#{node['postfix']['access_db']}"] + node.default['postfix']['main']['access_maps'] = ["hash:#{node['postfix']['access_db']}"] end if node['postfix']['use_virtual_aliases'] diff --git a/berks-cookbooks/postfix/recipes/_common.rb b/berks-cookbooks/postfix/recipes/_common.rb index c91483a7..b8fc106b 100644 --- a/berks-cookbooks/postfix/recipes/_common.rb +++ b/berks-cookbooks/postfix/recipes/_common.rb @@ -1,5 +1,5 @@ # encoding: utf-8 -# Author:: Joshua Timberman() +# Author:: Joshua Timberman() # Cookbook Name:: common # Recipe:: default # @@ -110,7 +110,7 @@ end end -%w{main master}.each do |cfg| +%w( main master ).each do |cfg| template "#{node['postfix']['conf_dir']}/#{cfg}.cf" do source "#{cfg}.cf.erb" owner 'root' diff --git a/berks-cookbooks/postfix/recipes/access.rb b/berks-cookbooks/postfix/recipes/access.rb index eb75bb6e..b28ab075 100644 --- a/berks-cookbooks/postfix/recipes/access.rb +++ b/berks-cookbooks/postfix/recipes/access.rb @@ -1,5 +1,5 @@ # encoding: utf-8 -# Copyright:: Copyright (c) 2012, Opscode, Inc. +# Copyright:: Copyright (c) 2012, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/postfix/recipes/client.rb b/berks-cookbooks/postfix/recipes/client.rb index c6817ff7..2f304f14 100644 --- a/berks-cookbooks/postfix/recipes/client.rb +++ b/berks-cookbooks/postfix/recipes/client.rb @@ -1,5 +1,5 @@ # encoding: utf-8 -# Author:: Joshua Timberman() +# Author:: Joshua Timberman() # Cookbook Name:: postfix # Recipe:: client # diff --git a/berks-cookbooks/postfix/recipes/default.rb b/berks-cookbooks/postfix/recipes/default.rb index 1aecbd35..ba28cdca 100644 --- a/berks-cookbooks/postfix/recipes/default.rb +++ b/berks-cookbooks/postfix/recipes/default.rb @@ -1,5 +1,5 @@ # encoding: utf-8 -# Author:: Joshua Timberman() +# Author:: Joshua Timberman() # Cookbook Name:: postfix # Recipe:: default # @@ -43,3 +43,8 @@ if node['postfix']['use_virtual_aliases_domains'] include_recipe 'postfix::virtual_aliases_domains' end + +if node['postfix']['use_relay_restrictions_maps'] + include_recipe 'postfix::relay_restrictions' +end + diff --git a/berks-cookbooks/postfix/recipes/relay_restrictions.rb b/berks-cookbooks/postfix/recipes/relay_restrictions.rb new file mode 100644 index 00000000..a96d482f --- /dev/null +++ b/berks-cookbooks/postfix/recipes/relay_restrictions.rb @@ -0,0 +1,29 @@ +# encoding: utf-8 +# Copyright:: Copyright (c) 2012, Chef Software, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe 'postfix::_common' + +execute 'update-postfix-relay-restrictions' do + command "postmap #{node['postfix']['relay_restrictions_db']}" + environment PATH: "#{ENV['PATH']}:/opt/omni/bin:/opt/omni/sbin" if platform_family?('omnios') + action :nothing +end + +template node['postfix']['relay_restrictions_db'] do + source 'relay_restrictions.erb' + notifies :run, 'execute[update-postfix-relay-restrictions]' +end + diff --git a/berks-cookbooks/postfix/recipes/sasl_auth.rb b/berks-cookbooks/postfix/recipes/sasl_auth.rb index bf47568f..519798d5 100644 --- a/berks-cookbooks/postfix/recipes/sasl_auth.rb +++ b/berks-cookbooks/postfix/recipes/sasl_auth.rb @@ -1,6 +1,6 @@ # encoding: utf-8 # -# Author:: Joshua Timberman() +# Author:: Joshua Timberman() # Cookbook Name:: postfix # Recipe:: sasl_auth # @@ -49,6 +49,7 @@ end template node['postfix']['sasl_password_file'] do + sensitive true source 'sasl_passwd.erb' owner 'root' group node['root_group'] diff --git a/berks-cookbooks/postfix/recipes/server.rb b/berks-cookbooks/postfix/recipes/server.rb index 3f26a520..e733d479 100644 --- a/berks-cookbooks/postfix/recipes/server.rb +++ b/berks-cookbooks/postfix/recipes/server.rb @@ -1,6 +1,6 @@ # encoding: utf-8 # -# Author:: Joshua Timberman() +# Author:: Joshua Timberman() # Cookbook Name:: postfix # Recipe:: server # diff --git a/berks-cookbooks/postfix/recipes/transports.rb b/berks-cookbooks/postfix/recipes/transports.rb index 709d0d43..24e610df 100644 --- a/berks-cookbooks/postfix/recipes/transports.rb +++ b/berks-cookbooks/postfix/recipes/transports.rb @@ -1,5 +1,5 @@ # encoding: utf-8 -# Copyright:: Copyright (c) 2012, Opscode, Inc. +# Copyright:: Copyright (c) 2012, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/postfix/recipes/virtual_aliases.rb b/berks-cookbooks/postfix/recipes/virtual_aliases.rb index c2c3acfc..dadde7f8 100644 --- a/berks-cookbooks/postfix/recipes/virtual_aliases.rb +++ b/berks-cookbooks/postfix/recipes/virtual_aliases.rb @@ -1,5 +1,5 @@ # encoding: utf-8 -# Copyright:: Copyright (c) 2012, Opscode, Inc. +# Copyright:: Copyright (c) 2012, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/postfix/recipes/virtual_aliases_domains.rb b/berks-cookbooks/postfix/recipes/virtual_aliases_domains.rb index 3e91e999..2c708c04 100644 --- a/berks-cookbooks/postfix/recipes/virtual_aliases_domains.rb +++ b/berks-cookbooks/postfix/recipes/virtual_aliases_domains.rb @@ -1,5 +1,5 @@ # encoding: utf-8 -# Copyright:: Copyright (c) 2012, Opscode, Inc. +# Copyright:: Copyright (c) 2012, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/postfix/templates/default/relay_restrictions.erb b/berks-cookbooks/postfix/templates/default/relay_restrictions.erb new file mode 100644 index 00000000..4c404c4b --- /dev/null +++ b/berks-cookbooks/postfix/templates/default/relay_restrictions.erb @@ -0,0 +1,11 @@ +# +# This file is generated by Chef for <%= node['fqdn'] %> +# +# Local changes will be overwritten +# +# Attribute name is the domain name, Attribute value is either OK or REJECT + +<% node['postfix']['relay_restrictions'].each do |name, value| %> +<%= name %> <%= value %> +<% end unless node['postfix']['relay_restrictions'].nil? %> +* REJECT diff --git a/berks-cookbooks/rbac/CONTRIBUTORS.md b/berks-cookbooks/rbac/CONTRIBUTORS.md deleted file mode 100644 index 4f1e71bb..00000000 --- a/berks-cookbooks/rbac/CONTRIBUTORS.md +++ /dev/null @@ -1,6 +0,0 @@ -Contributors -============ - -* Eric Saxby -* Geoff Nix - diff --git a/berks-cookbooks/rbac/LICENSE b/berks-cookbooks/rbac/LICENSE deleted file mode 100644 index e9ad3aa0..00000000 --- a/berks-cookbooks/rbac/LICENSE +++ /dev/null @@ -1,22 +0,0 @@ -The MIT License (MIT) - -Copyright (c) 2013 Eric Saxby - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -THE SOFTWARE. - diff --git a/berks-cookbooks/rbac/metadata.json b/berks-cookbooks/rbac/metadata.json index f6ce2966..08c1d916 100644 --- a/berks-cookbooks/rbac/metadata.json +++ b/berks-cookbooks/rbac/metadata.json @@ -10,22 +10,33 @@ "smartos": ">= 0.0.0" }, "dependencies": { + }, "recommendations": { + }, "suggestions": { + }, "conflicting": { + }, "providing": { + }, "replacing": { + }, "attributes": { + }, "groupings": { + }, "recipes": { + }, - "version": "1.0.2" -} \ No newline at end of file + "version": "1.0.3", + "source_url": "", + "issues_url": "" +} diff --git a/berks-cookbooks/runit/.gitignore b/berks-cookbooks/runit/.gitignore new file mode 100644 index 00000000..119031f6 --- /dev/null +++ b/berks-cookbooks/runit/.gitignore @@ -0,0 +1,24 @@ +metadata.json +.vagrant +Berksfile.lock +Cheffile.lock +*~ +*# +.#* +\#*# +.*.sw[a-z] +*.un~ +/cookbooks +.librarian +tmp/ + +# Bundler +Gemfile.lock +bin/* +.bundle/* +.kitchen/ +.kitchen.local.yml + +## ignore ruby versioning? +.ruby-version +.ruby-gemset diff --git a/berks-cookbooks/runit/.kitchen.cloud.yml b/berks-cookbooks/runit/.kitchen.cloud.yml new file mode 100644 index 00000000..891b09b6 --- /dev/null +++ b/berks-cookbooks/runit/.kitchen.cloud.yml @@ -0,0 +1,103 @@ +#<% require 'kitchen-sync' %> +--- +driver_config: + digitalocean_api_token: <%= ENV['DIGITALOCEAN_API_TOKEN'] %> + aws_access_key_id: <%= ENV['AWS_ACCESS_KEY_ID'] %> + aws_secret_access_key: <%= ENV['AWS_SECRET_ACCESS_KEY'] %> + aws_ssh_key_id: <%= ENV['AWS_KEYPAIR_NAME'] %> + flavor_id: <%= ENV['EC2_FLAVOR_ID'] %> + availability_zone: <%= ENV['AWS_AVAILABILITY_ZONE'] %> + +provisioner: + name: chef_zero + require_chef_omnibus: latest + +platforms: +- name: centos-5.8 + driver_plugin: digital_ocean + driver_config: + size: 2gb + image: centos-5-8-x64 + region: <%= ENV['DIGITALOCEAN_REGION'] %> + ssh_key_ids: <%= ENV['DIGITALOCEAN_SSH_KEYS'] %> + ssh_key: <%= ENV['DIGITALOCEAN_SSH_KEY_PATH'] %> + run_list: + - recipe[yum-epel] + +- name: centos-6.5 + driver_plugin: digital_ocean + driver_config: + size: 2gb + image: centos-6-5-x64 + region: <%= ENV['DIGITALOCEAN_REGION'] %> + ssh_key_ids: <%= ENV['DIGITALOCEAN_SSH_KEYS'] %> + ssh_key: <%= ENV['DIGITALOCEAN_SSH_KEY_PATH'] %> + +- name: centos-7.0 + driver_plugin: digital_ocean + driver_config: + size: 2gb + image: centos-7-0-x64 + region: <%= ENV['DIGITALOCEAN_REGION'] %> + ssh_key_ids: <%= ENV['DIGITALOCEAN_SSH_KEYS'] %> + ssh_key: <%= ENV['DIGITALOCEAN_SSH_KEY_PATH'] %> + +- name: amazon-2014.09 + driver_plugin: ec2 + driver_config: + image_id: ami-9a6ed3f2 + username: ec2-user + ssh_key: <%= ENV['EC2_SSH_KEY_PATH'] %> + +- name: fedora-21 + driver_plugin: digital_ocean + driver_config: + size: 2gb + image: fedora-21-x64 + region: <%= ENV['DIGITALOCEAN_REGION'] %> + ssh_key_ids: <%= ENV['DIGITALOCEAN_SSH_KEYS'] %> + ssh_key: <%= ENV['DIGITALOCEAN_SSH_KEY_PATH'] %> + +- name: debian-7.0 + driver_plugin: digital_ocean + driver_config: + size: 2gb + image: debian-7-0-x64 + region: <%= ENV['DIGITALOCEAN_REGION'] %> + ssh_key_ids: <%= ENV['DIGITALOCEAN_SSH_KEYS'] %> + ssh_key: <%= ENV['DIGITALOCEAN_SSH_KEY_PATH'] %> + run_list: + - recipe[apt] + +- name: ubuntu-12.04 + driver_plugin: digital_ocean + driver_config: + size: 2gb + image: ubuntu-12-04-x64 + region: <%= ENV['DIGITALOCEAN_REGION'] %> + ssh_key_ids: <%= ENV['DIGITALOCEAN_SSH_KEYS'] %> + ssh_key: <%= ENV['DIGITALOCEAN_SSH_KEY_PATH'] %> + run_list: + - recipe[apt] + +- name: ubuntu-14.04 + driver_plugin: digital_ocean + driver_config: + size: 2gb + image: ubuntu-14-04-x64 + region: <%= ENV['DIGITALOCEAN_REGION'] %> + ssh_key_ids: <%= ENV['DIGITALOCEAN_SSH_KEYS'] %> + ssh_key: <%= ENV['DIGITALOCEAN_SSH_KEY_PATH'] %> + run_list: + - recipe[apt] + +suites: +- name: default + run_list: + - recipe[runit_test] + attributes: {} + +- name: service + run_list: + - recipe[runit_test::service] + attributes: {} diff --git a/berks-cookbooks/runit/.kitchen.disabled.yml b/berks-cookbooks/runit/.kitchen.disabled.yml new file mode 100644 index 00000000..effa01e0 --- /dev/null +++ b/berks-cookbooks/runit/.kitchen.disabled.yml @@ -0,0 +1,3 @@ +--- +provisioner: + name: teapot diff --git a/berks-cookbooks/runit/.kitchen.yml b/berks-cookbooks/runit/.kitchen.yml new file mode 100644 index 00000000..ff784d41 --- /dev/null +++ b/berks-cookbooks/runit/.kitchen.yml @@ -0,0 +1,38 @@ +driver: + name: vagrant + +provisioner: + name: chef_zero + +platforms: + - name: centos-5.11 + run_list: + - recipe[yum-epel] + - name: centos-6.6 + run_list: + - recipe[yum-epel] + - name: centos-7.0 + - name: fedora-21 + - name: ubuntu-10.04 + run_list: + - recipe[apt] + - name: ubuntu-12.04 + run_list: + - recipe[apt] + - name: ubuntu-14.04 + run_list: + - recipe[apt] + - name: debian-7.8 + run_list: + - recipe[apt] + +suites: +- name: default + run_list: + - recipe[runit_test] + attributes: {} + +- name: service + run_list: + - recipe[runit_test::service] + attributes: {} diff --git a/berks-cookbooks/runit/.rubocop.yml b/berks-cookbooks/runit/.rubocop.yml new file mode 100644 index 00000000..d9173319 --- /dev/null +++ b/berks-cookbooks/runit/.rubocop.yml @@ -0,0 +1,41 @@ +AlignParameters: + Enabled: false + +Encoding: + Enabled: false + +ClassLength: + Enabled: false + +MethodLength: + Enabled: false + +LineLength: + Enabled: false + +# HashSyntax: +# EnforcedStyle: hash_rockets + +Documentation: + Enabled: false + +PerceivedComplexity: + Enabled: false + +CyclomaticComplexity: + Enabled: false + +Style/FileName: + Enabled: false + +Metrics/AbcSize: + Enabled: false + +AllCops: + Exclude: + - 'Guardfile' + - 'tmp/**/*' + - 'cookbooks/**/*' + +Style/GuardClause: + Enabled: false diff --git a/berks-cookbooks/runit/Berksfile.disabled b/berks-cookbooks/runit/Berksfile.disabled new file mode 100644 index 00000000..87ff9d56 --- /dev/null +++ b/berks-cookbooks/runit/Berksfile.disabled @@ -0,0 +1,11 @@ +source 'https://supermarket.chef.io' + +metadata + +group :integration do + cookbook 'apt' + cookbook 'yum-epel' +end + +cookbook 'runit_test', path: 'test/cookbooks/runit_test' +cookbook 'runit_other_test', path: 'test/cookbooks/runit_other_test' \ No newline at end of file diff --git a/berks-cookbooks/runit/CHANGELOG.md b/berks-cookbooks/runit/CHANGELOG.md index 92c9de1a..b8ff7740 100644 --- a/berks-cookbooks/runit/CHANGELOG.md +++ b/berks-cookbooks/runit/CHANGELOG.md @@ -2,6 +2,28 @@ runit Cookbook CHANGELOG ======================== This file is used to list changes made in each version of the runit cookbook. +v1.7.2 (2015-06-19) +---------- +* Re-add missing runit_service actions start, stop, reload and status + +v1.7.0 (2015-06-18) +---------- +* Modernize runit_service provider by rewriting pure Ruby as LWRP (#107) +* Modernize integration tests by rewriting Minitest suites as ServerSpec (#107) +* Fix regression in support for alternate sv binary on debian platforms (#92, #123) +* Fix regression in default logger's config location (#117) +* Tighten permissions on environment variable config files from 0644 to 0640 (#125) +* Add `start_down` and `delete_downfile` attributes to support configuring services with default state of 'down' (#105) + +v1.6.0 (2015-04-06) +-------------------- +* Fedora 21 support +* Kitchen platform updates +* use imeyer’s packagecloud repo for RHEL +* fix converge_by usage +* do_action helper to set updated_by_last_action +* style fixes to provider + v1.5.18 (2015-03-13) -------------------- * Add helper methods to detect installation presence diff --git a/berks-cookbooks/runit/CONTRIBUTING.md b/berks-cookbooks/runit/CONTRIBUTING.md new file mode 100644 index 00000000..999dfad6 --- /dev/null +++ b/berks-cookbooks/runit/CONTRIBUTING.md @@ -0,0 +1,266 @@ +# Contributing to Chef Software Cookbooks + +We are glad you want to contribute to Chef Software Cookbooks! The first +step is the desire to improve the project. + +You can find the answers to additional frequently asked questions +[on the wiki](http://wiki.chef.io/display/chef/How+to+Contribute). + +You can find additional information about +[contributing to cookbooks](http://wiki.chef.io/display/chef/How+to+Contribute+to+Chef+Cookbooks) +on the wiki as well. + +## Quick-contribute + +* Create an account on our [bug tracker](http://tickets.chef.io) +* Sign our contributor agreement (CLA) +[ online](https://secure.echosign.com/public/hostedForm?formid=PJIF5694K6L) +(keep reading if you're contributing on behalf of your employer) +* Create a ticket for your change on the + [bug tracker](http://tickets.chef.io) +* Link to your patch as a rebased git branch or pull request from the + ticket +* Resolve the ticket as fixed + +We regularly review contributions and will get back to you if we have +any suggestions or concerns. + +## The Apache License and the CLA/CCLA + +Licensing is very important to open source projects, it helps ensure +the software continues to be available under the terms that the author +desired. Chef uses the Apache 2.0 license to strike a balance between +open contribution and allowing you to use the software however you +would like to. + +The license tells you what rights you have that are provided by the +copyright holder. It is important that the contributor fully +understands what rights they are licensing and agrees to them. +Sometimes the copyright holder isn't the contributor, most often when +the contributor is doing work for a company. + +To make a good faith effort to ensure these criteria are met, Chef +requires a Contributor License Agreement (CLA) or a Corporate +Contributor License Agreement (CCLA) for all contributions. This is +without exception due to some matters not being related to copyright +and to avoid having to continually check with our lawyers about small +patches. + +It only takes a few minutes to complete a CLA, and you retain the +copyright to your contribution. + +You can complete our contributor agreement (CLA) +[ online](https://secure.echosign.com/public/hostedForm?formid=PJIF5694K6L). +If you're contributing on behalf of your employer, have your employer +fill out our +[Corporate CLA](https://secure.echosign.com/public/hostedForm?formid=PIE6C7AX856) +instead. + +## Ticket Tracker (JIRA) + +The [ticket tracker](http://tickets.chef.io) is the most important +documentation for the code base. It provides significant historical +information, such as: + +* Which release a bug fix is included in +* Discussion regarding the design and merits of features +* Error output to aid in finding similar bugs + +Each ticket should aim to fix one bug or add one feature. + +## Using git + +You can get a quick copy of the repository for this cookbook by +running `git clone +git://github.com/chef-coobkooks/COOKBOOKNAME.git`. + +For collaboration purposes, it is best if you create a Github account +and fork the repository to your own account. Once you do this you will +be able to push your changes to your Github repository for others to +see and use. + +If you have another repository in your GitHub account named the same +as the cookbook, we suggest you suffix the repository with -cookbook. + +### Branches and Commits + +You should submit your patch as a git branch named after the ticket, +such as COOK-1337. This is called a _topic branch_ and allows users to +associate a branch of code with the ticket. + +It is a best practice to have your commit message have a _summary +line_ that includes the ticket number, followed by an empty line and +then a brief description of the commit. This also helps other +contributors understand the purpose of changes to the code. + + [COOK-1757] - platform_family and style + + * use platform_family for platform checking + * update notifies syntax to "resource_type[resource_name]" instead of + resources() lookup + * COOK-692 - delete config files dropped off by packages in conf.d + * dropped debian 4 support because all other platforms have the same + values, and it is older than "old stable" debian release + +Remember that not all users use Chef in the same way or on the same +operating systems as you, so it is helpful to be clear about your use +case and change so they can understand it even when it doesn't apply +to them. + +### Github and Pull Requests + +All of Chef's open source cookbook projects are available on +[Github](http://www.github.com/chef-cookbooks). + +We don't require you to use Github, and we will even take patch diffs +attached to tickets on the tracker. However Github has a lot of +convenient features, such as being able to see a diff of changes +between a pull request and the main repository quickly without +downloading the branch. + +If you do choose to use a pull request, please provide a link to the +pull request from the ticket __and__ a link to the ticket from the +pull request. Because pull requests only have two states, open and +closed, we can't easily filter pull requests that are waiting for a +reply from the author for various reasons. + +### More information + +Additional help with git is available on the +[Working with Git](http://wiki.chef.io/display/chef/Working+with+Git) +wiki page. + +## Functional and Unit Tests + +This cookbook is set up to run unit tests under [ChefSpec](http://sethvargo.github.io/chefspec/) +and integration tests under [Test Kitchen](https://github.com/chef/test-kitchen). After Test Kitchen +has converged a node, it runs [ServerSpec](http://serverspec.org) tests +to verify the node's state. + +You can execute the unit tests by running +``` +bundle exec rake spec +``` + +You can execute the integration tests by running +``` +bundle exec kitchen test +``` + +Test kitchen should run completely without exception using the default +[baseboxes provided by Chef](https://github.com/chef/bento). +Because Test Kitchen creates VirtualBox machines and runs through +every configuration in the `.kitchen.yml` config file, it may take some time for +these tests to complete. + +If you are adding a new recipe, or other functionality such as a +LWRP or definition, please add appropriate tests and ensure they +run with Test Kitchen. + +If any don't pass, investigate them before submitting your patch. + +Any new feature should have unit tests included with the patch with +good code coverage to help protect it from future changes. Similarly, +patches that fix a bug or regression should have a _regression test_. +Simply put, this is a test that would fail without your patch but +passes with it. The goal is to ensure this bug doesn't regress in the +future. Consider a regular expression that doesn't match a certain +pattern that it should, so you provide a patch and a test to ensure +that the part of the code that uses this regular expression works as +expected. Later another contributor may modify this regular expression +in a way that breaks your use cases. The test you wrote will fail, +signalling to them to research your ticket and use case and accounting +for it. + +If you need help writing tests, please ask on the Chef Developer's +mailing list, or the #chef-hacking IRC channel. + +## Code Review + +Chef Software regularly reviews code contributions and provides suggestions +for improvement in the code itself or the implementation. + +We find contributions by searching the ticket tracker for _resolved_ +tickets with a status of _fixed_. If we have feedback we will reopen +the ticket and you should resolve it again when you've made the +changes or have a response to our feedback. When we believe the patch +is ready to be merged, we will tag the _Code Reviewed_ field with +_Reviewed_. + +Depending on the project, these tickets are then merged within a week +or two, depending on the current release cycle. + +## Release Cycle + +The versioning for Chef Software Cookbook projects is X.Y.Z. + +* X is a major release, which may not be fully compatible with prior + major releases +* Y is a minor release, which adds both new features and bug fixes +* Z is a patch release, which adds just bug fixes + +A released version of a cookbook will end in an even number, e.g. +"1.2.4" or "0.8.0". When development for the next version of the +cookbook begins, the "Z" patch number is incremented to the next odd +number, however the next release of the cookbook may be a major or +minor incrementing version. + +Releases of Chef's cookbooks are usually announced on the Chef user +mailing list. Releases of several cookbooks may be batched together +and announced on the [Chef Software Blog](http://www.chef.io/blog). + +## Working with the community + +These resources will help you learn more about Chef and connect to +other members of the Chef community: + +* [chef](http://lists.chef.io/sympa/info/chef) and + [chef-dev](http://lists.chef.io/sympa/info/chef-dev) mailing + lists +* #chef and #chef-hacking IRC channels on irc.freenode.net +* [Community Cookbook site](http://community.chef.io) +* [Chef wiki](http://wiki.chef.io/display/chef) +* Chef Software Chef [product page](http://www.chef.io/chef) + + +## Cookbook Contribution Do's and Don't's + +Please do include tests for your contribution. If you need help, ask +on the +[chef-dev mailing list](http://lists.chef.io/sympa/info/chef-dev) +or the +[#chef-hacking IRC channel](http://community.chef.io/chat/chef-hacking). +Not all platforms that a cookbook supports may be supported by Test +Kitchen. Please provide evidence of testing your contribution if it +isn't trivial so we don't have to duplicate effort in testing. Chef +10.14+ "doc" formatted output is sufficient. + +Please do indicate new platform (families) or platform versions in the +commit message, and update the relevant ticket. + +If a contribution adds new platforms or platform versions, indicate +such in the body of the commit message(s), and update the relevant +COOK ticket. When writing commit messages, it is helpful for others if +you indicate the COOK ticket. For example: + + git commit -m '[COOK-1041] - Updated pool resource to correctly + delete.' + +Please do use [foodcritic](http://acrmp.github.com/foodcritic) to +lint-check the cookbook. Except FC007, it should pass all correctness +rules. FC007 is okay as long as the dependent cookbooks are *required* +for the default behavior of the cookbook, such as to support an +uncommon platform, secondary recipe, etc. + +Please do ensure that your changes do not break or modify behavior for +other platforms supported by the cookbook. For example if your changes +are for Debian, make sure that they do not break on CentOS. + +Please do not modify the version number in the metadata.rb, Chef +will select the appropriate version based on the release cycle +information above. + +Please do not update the CHANGELOG.md for a new version. Not all +changes to a cookbook may be merged and released in the same versions. +Chef Software will update the CHANGELOG.md when releasing a new version of +the cookbook. diff --git a/berks-cookbooks/runit/Cheffile b/berks-cookbooks/runit/Cheffile new file mode 100644 index 00000000..e874d523 --- /dev/null +++ b/berks-cookbooks/runit/Cheffile @@ -0,0 +1,11 @@ +#!/usr/bin/env ruby + +site 'https://supermarket.chef.io/api/v1' + +# loosely coupled prerequisites for test-kitchen +cookbook 'apt' +cookbook 'yum-epel' + +cookbook 'runit', path: '.' +cookbook 'runit_test', path: './test/cookbooks/runit_test' +cookbook 'runit_other_test', path: './test/cookbooks/runit_other_test' diff --git a/berks-cookbooks/runit/Gemfile b/berks-cookbooks/runit/Gemfile new file mode 100644 index 00000000..753cb997 --- /dev/null +++ b/berks-cookbooks/runit/Gemfile @@ -0,0 +1,17 @@ +source 'https://rubygems.org' + +gem 'berkshelf', '~> 3.0' +gem 'chefspec', '~> 4.0' +gem 'foodcritic', '~> 3.0' +gem 'rubocop' + +group :integration do + gem 'test-kitchen' + gem 'kitchen-vagrant' + gem 'librarian-chef' +end + +group :release do + gem 'emeril' + gem 'rake' +end diff --git a/berks-cookbooks/runit/LICENSE b/berks-cookbooks/runit/LICENSE new file mode 100644 index 00000000..11069edd --- /dev/null +++ b/berks-cookbooks/runit/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/berks-cookbooks/runit/README.md b/berks-cookbooks/runit/README.md index 2fef30cb..6318d871 100644 --- a/berks-cookbooks/runit/README.md +++ b/berks-cookbooks/runit/README.md @@ -16,6 +16,8 @@ Requirements - Gentoo - RHEL +### Cookbooks +- packagecloud (for RHEL) Attributes ---------- @@ -32,23 +34,19 @@ See `attributes/default.rb` for defaults generated per platform. ### Optional Attributes for RHEL systems -- `node['runit']['use_package_from_yum']` - If `true`, attempts to install - runit without building an RPM first. This is for users who already have - the package in their own Yum repository. - +- `node['runit']['prefer_local_yum']` - If `true`, assumes that a `runit` package is available on an already configured local yum repository. By default, the recipe installs the `runit` package from a Package Cloud repository (see below). This is set to the value of `node['runit']['use_package_from_yum']` for backwards compatibility, but otherwise defaults to `false`. Recipes ------- ### default The default recipe installs runit and starts `runsvdir` to supervise the services in runit's service directory (e.g., `/etc/service`). -On RHEL family systems, it will build the runit RPM using [Ian Meyer's runit RPM SPEC](https://github.com/imeyer/runit-rpm) unless the attribute `node['runit']['use_package_from_yum']` is set to `true`. In which case it will try and install runit through the normal package installation mechanism. +On RHEL-family systems, it will install the runit RPM using [Ian Meyer's Package Cloud repository](https://packagecloud.io/imeyer/runit) for runit. This replaces the previous functionality where the RPM was build using his [runit RPM SPEC](https://github.com/imeyer/runit-rpm). However, if the attribute `node['runit']['prefer_local_yum']` is set to `true`, the packagecloud repository creation will be skipped and it is assumed that a `runit` package is available on an otherwise configured (outside this cookbook) local repository. On Debian family systems, the runit packages are maintained by the runit author, Gerrit Pape, and the recipe will use that for installation. On Gentoo, the runit ebuild package is installed. - Resource/Provider ----------------- This cookbook has a resource, `runit_service`, for managing services under runit. This service subclasses the Chef `service` resource. @@ -170,6 +168,9 @@ Many of these parameters are only used in the `:enable` action. - **restart_on_update** - Whether the service should be restarted when the run script is updated. Defaults to `true`. Set to `false` if the service shouldn't be restarted when the run script is updated. +- **start_down** - Set the default state of the runit service to 'down' by creating + `/down` file +- **delete_downfile** - Delete previously created `/down` file Unlike previous versions of the cookbook using the `runit_service` definition, the `runit_service` resource can be notified. See __Usage__ examples below. @@ -187,7 +188,7 @@ exec svlogd -tt /var/log/service_name ``` ### Examples -These are example use cases of the `runit_service` resource described above. There are others in the `runit_test` cookbook that is included in the [git repository](https://github.com/chef-cookbooks/runit). +These are example use cases of the `runit_service` resource described above. There are others in the `runit_test` cookbook that is included in the [git repository](https://github.com/hw-cookbooks/runit). **Default Example** @@ -398,16 +399,17 @@ end **More Examples** -For more examples, see the `runit_test` cookbook's `service` recipe in the [git repository](https://github.com/chef-cookbooks/runit). +For more examples, see the `runit_test` cookbook's `service` recipe in the [git repository](https://github.com/hw-cookbooks/runit). License & Authors ----------------- - Author:: Adam Jacob - Author:: Joshua Timberman +- Author:: Sean OMeara ```text -Copyright:: 2008-2013, Chef Software, Inc +Copyright:: 2008-2016, Chef Software, Inc Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/runit/Rakefile b/berks-cookbooks/runit/Rakefile new file mode 100644 index 00000000..029db27e --- /dev/null +++ b/berks-cookbooks/runit/Rakefile @@ -0,0 +1,23 @@ +require 'rubygems' +require 'bundler' +Bundler.setup + +require 'rake' +require 'foodcritic' +require 'rspec/core/rake_task' + +task default: [:spec] + +RSpec::Core::RakeTask.new(:spec) do |t| + t.pattern = './spec{,/*/**}/*_spec.rb' +end + +FoodCritic::Rake::LintTask.new do |t| + t.options = { fail_tags: ['correctness'] } +end + +begin + require 'emeril/rake' +rescue LoadError + puts '>>>>> Emerial gem not loaded, omitting taskes' unless ENV['CI'] +end diff --git a/berks-cookbooks/runit/TESTING.md b/berks-cookbooks/runit/TESTING.md new file mode 100644 index 00000000..689bf0fe --- /dev/null +++ b/berks-cookbooks/runit/TESTING.md @@ -0,0 +1,26 @@ +Testing +======= +This cookbook has tests in the GitHub repository. To run the tests: + + git clone git://github.com/hw-cookbooks/runit.git + cd runit + bundle install + +There are two kinds of tests, unit tests and integration tests. + +## Unit Tests + +The resource/provider code is unit tested with rspec. To run these +tests, use rake: + + bundle exec rake spec + +## Integration Tests + +Integration tests are setup to run under minitest-chef. They are +automatically run under test kitchen. + + bundle exec kitchen test + +This tests the default recipe ("default" configuration), and various +uses of the `runit_service` resource ("service" configuration). diff --git a/berks-cookbooks/runit/attributes/default.rb b/berks-cookbooks/runit/attributes/default.rb index 55e51d13..f201c8bc 100644 --- a/berks-cookbooks/runit/attributes/default.rb +++ b/berks-cookbooks/runit/attributes/default.rb @@ -36,14 +36,14 @@ default['runit']['reload'] = 'reload runsvdir' end -when 'rhel' +when 'rhel', 'fedora' default['runit']['sv_bin'] = '/sbin/sv' default['runit']['chpst_bin'] = '/sbin/chpst' default['runit']['service_dir'] = '/etc/service' default['runit']['sv_dir'] = '/etc/sv' default['runit']['lsb_init_dir'] = '/etc/init.d' default['runit']['executable'] = '/sbin/runit' - default['runit']['use_package_from_yum'] = false + default['runit']['prefer_local_yum'] = node['runit']['use_package_from_yum'] || false default['runit']['start'] = '/etc/init.d/runit-start start' default['runit']['stop'] = '/etc/init.d/runit-start stop' default['runit']['reload'] = '/etc/init.d/runit-start reload' diff --git a/berks-cookbooks/runit/files/default/.kitchen/logs/kitchen.log b/berks-cookbooks/runit/files/default/.kitchen/logs/kitchen.log deleted file mode 100644 index de8a8f53..00000000 --- a/berks-cookbooks/runit/files/default/.kitchen/logs/kitchen.log +++ /dev/null @@ -1,87 +0,0 @@ -I, [2015-03-09T15:26:19.370686 #59376] INFO -- Kitchen: -----> Starting Kitchen (v1.2.1) -E, [2015-03-09T15:26:19.371117 #59376] ERROR -- Kitchen: ------Exception------- -E, [2015-03-09T15:26:19.371178 #59376] ERROR -- Kitchen: Class: Kitchen::UserError -E, [2015-03-09T15:26:19.371216 #59376] ERROR -- Kitchen: Message: Kitchen YAML file /Users/aaronb/Planet/hw/hw-cookbooks/runit/files/default/.kitchen.yml does not exist. -E, [2015-03-09T15:26:19.371258 #59376] ERROR -- Kitchen: ------Backtrace------- -E, [2015-03-09T15:26:19.371284 #59376] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/lib/kitchen/loader/yaml.rb:74:in `read' -E, [2015-03-09T15:26:19.371338 #59376] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/lib/kitchen/config.rb:78:in `data' -E, [2015-03-09T15:26:19.371362 #59376] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/lib/kitchen/config.rb:66:in `suites' -E, [2015-03-09T15:26:19.371379 #59376] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/lib/kitchen/config.rb:90:in `filter_instances' -E, [2015-03-09T15:26:19.371394 #59376] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/lib/kitchen/config.rb:72:in `build_instances' -E, [2015-03-09T15:26:19.371409 #59376] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/lib/kitchen/config.rb:52:in `instances' -E, [2015-03-09T15:26:19.371428 #59376] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/lib/kitchen/command.rb:64:in `get_filtered_instances' -E, [2015-03-09T15:26:19.371452 #59376] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/lib/kitchen/command.rb:85:in `parse_subcommand' -E, [2015-03-09T15:26:19.371484 #59376] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/lib/kitchen/command/action.rb:37:in `block in call' -E, [2015-03-09T15:26:19.371500 #59376] ERROR -- Kitchen: /usr/local/rvm/rubies/ruby-2.1.2/lib/ruby/2.1.0/benchmark.rb:279:in `measure' -E, [2015-03-09T15:26:19.371514 #59376] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/lib/kitchen/command/action.rb:36:in `call' -E, [2015-03-09T15:26:19.371529 #59376] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/lib/kitchen/cli.rb:47:in `perform' -E, [2015-03-09T15:26:19.371543 #59376] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/lib/kitchen/cli.rb:118:in `block (2 levels) in ' -E, [2015-03-09T15:26:19.371557 #59376] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/thor-0.18.1/lib/thor/command.rb:27:in `run' -E, [2015-03-09T15:26:19.371571 #59376] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/thor-0.18.1/lib/thor/invocation.rb:120:in `invoke_command' -E, [2015-03-09T15:26:19.371584 #59376] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/lib/kitchen/cli.rb:233:in `invoke_task' -E, [2015-03-09T15:26:19.371601 #59376] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/thor-0.18.1/lib/thor.rb:363:in `dispatch' -E, [2015-03-09T15:26:19.371615 #59376] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/thor-0.18.1/lib/thor/base.rb:439:in `start' -E, [2015-03-09T15:26:19.371629 #59376] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/bin/kitchen:13:in `block in ' -E, [2015-03-09T15:26:19.371643 #59376] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/lib/kitchen/errors.rb:81:in `with_friendly_errors' -E, [2015-03-09T15:26:19.371657 #59376] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/bin/kitchen:13:in `' -E, [2015-03-09T15:26:19.371671 #59376] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/bin/kitchen:23:in `load' -E, [2015-03-09T15:26:19.371685 #59376] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/bin/kitchen:23:in `
' -E, [2015-03-09T15:26:19.371699 #59376] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/bin/ruby_executable_hooks:15:in `eval' -E, [2015-03-09T15:26:19.371713 #59376] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/bin/ruby_executable_hooks:15:in `
' -E, [2015-03-09T15:26:19.371738 #59376] ERROR -- Kitchen: ---------------------- -E, [2015-03-09T15:30:57.463151 #59636] ERROR -- Kitchen: ------Exception------- -E, [2015-03-09T15:30:57.463234 #59636] ERROR -- Kitchen: Class: Kitchen::UserError -E, [2015-03-09T15:30:57.463257 #59636] ERROR -- Kitchen: Message: Kitchen YAML file /Users/aaronb/Planet/hw/hw-cookbooks/runit/files/default/.kitchen.yml does not exist. -E, [2015-03-09T15:30:57.463274 #59636] ERROR -- Kitchen: ------Backtrace------- -E, [2015-03-09T15:30:57.463289 #59636] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/lib/kitchen/loader/yaml.rb:74:in `read' -E, [2015-03-09T15:30:57.463334 #59636] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/lib/kitchen/config.rb:78:in `data' -E, [2015-03-09T15:30:57.463350 #59636] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/lib/kitchen/config.rb:66:in `suites' -E, [2015-03-09T15:30:57.463364 #59636] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/lib/kitchen/config.rb:90:in `filter_instances' -E, [2015-03-09T15:30:57.463378 #59636] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/lib/kitchen/config.rb:72:in `build_instances' -E, [2015-03-09T15:30:57.463392 #59636] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/lib/kitchen/config.rb:52:in `instances' -E, [2015-03-09T15:30:57.463406 #59636] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/lib/kitchen/command.rb:64:in `get_filtered_instances' -E, [2015-03-09T15:30:57.463420 #59636] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/lib/kitchen/command.rb:85:in `parse_subcommand' -E, [2015-03-09T15:30:57.463435 #59636] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/lib/kitchen/command/login.rb:31:in `call' -E, [2015-03-09T15:30:57.463448 #59636] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/lib/kitchen/cli.rb:47:in `perform' -E, [2015-03-09T15:30:57.463462 #59636] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/lib/kitchen/cli.rb:161:in `login' -E, [2015-03-09T15:30:57.463476 #59636] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/thor-0.18.1/lib/thor/command.rb:27:in `run' -E, [2015-03-09T15:30:57.463491 #59636] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/thor-0.18.1/lib/thor/invocation.rb:120:in `invoke_command' -E, [2015-03-09T15:30:57.463505 #59636] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/lib/kitchen/cli.rb:233:in `invoke_task' -E, [2015-03-09T15:30:57.463519 #59636] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/thor-0.18.1/lib/thor.rb:363:in `dispatch' -E, [2015-03-09T15:30:57.463543 #59636] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/thor-0.18.1/lib/thor/base.rb:439:in `start' -E, [2015-03-09T15:30:57.463568 #59636] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/bin/kitchen:13:in `block in ' -E, [2015-03-09T15:30:57.463590 #59636] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/lib/kitchen/errors.rb:81:in `with_friendly_errors' -E, [2015-03-09T15:30:57.463606 #59636] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/bin/kitchen:13:in `' -E, [2015-03-09T15:30:57.463620 #59636] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/bin/kitchen:23:in `load' -E, [2015-03-09T15:30:57.463634 #59636] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/bin/kitchen:23:in `
' -E, [2015-03-09T15:30:57.463647 #59636] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/bin/ruby_executable_hooks:15:in `eval' -E, [2015-03-09T15:30:57.463702 #59636] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/bin/ruby_executable_hooks:15:in `
' -E, [2015-03-09T15:30:57.463718 #59636] ERROR -- Kitchen: ---------------------- -E, [2015-03-09T15:42:23.094973 #60543] ERROR -- Kitchen: ------Exception------- -E, [2015-03-09T15:42:23.097105 #60543] ERROR -- Kitchen: Class: Kitchen::UserError -E, [2015-03-09T15:42:23.097656 #60543] ERROR -- Kitchen: Message: Kitchen YAML file /Users/aaronb/Planet/hw/hw-cookbooks/runit/files/default/.kitchen.yml does not exist. -E, [2015-03-09T15:42:23.097749 #60543] ERROR -- Kitchen: ------Backtrace------- -E, [2015-03-09T15:42:23.097829 #60543] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/lib/kitchen/loader/yaml.rb:74:in `read' -E, [2015-03-09T15:42:23.097857 #60543] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/lib/kitchen/config.rb:78:in `data' -E, [2015-03-09T15:42:23.097880 #60543] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/lib/kitchen/config.rb:66:in `suites' -E, [2015-03-09T15:42:23.097904 #60543] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/lib/kitchen/config.rb:90:in `filter_instances' -E, [2015-03-09T15:42:23.097926 #60543] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/lib/kitchen/config.rb:72:in `build_instances' -E, [2015-03-09T15:42:23.097957 #60543] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/lib/kitchen/config.rb:52:in `instances' -E, [2015-03-09T15:42:23.097979 #60543] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/lib/kitchen/command.rb:64:in `get_filtered_instances' -E, [2015-03-09T15:42:23.098055 #60543] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/lib/kitchen/command.rb:85:in `parse_subcommand' -E, [2015-03-09T15:42:23.098118 #60543] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/lib/kitchen/command/login.rb:31:in `call' -E, [2015-03-09T15:42:23.098150 #60543] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/lib/kitchen/cli.rb:47:in `perform' -E, [2015-03-09T15:42:23.098170 #60543] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/lib/kitchen/cli.rb:161:in `login' -E, [2015-03-09T15:42:23.098188 #60543] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/thor-0.18.1/lib/thor/command.rb:27:in `run' -E, [2015-03-09T15:42:23.098205 #60543] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/thor-0.18.1/lib/thor/invocation.rb:120:in `invoke_command' -E, [2015-03-09T15:42:23.098223 #60543] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/lib/kitchen/cli.rb:233:in `invoke_task' -E, [2015-03-09T15:42:23.098239 #60543] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/thor-0.18.1/lib/thor.rb:363:in `dispatch' -E, [2015-03-09T15:42:23.098256 #60543] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/thor-0.18.1/lib/thor/base.rb:439:in `start' -E, [2015-03-09T15:42:23.098273 #60543] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/bin/kitchen:13:in `block in ' -E, [2015-03-09T15:42:23.098294 #60543] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/lib/kitchen/errors.rb:81:in `with_friendly_errors' -E, [2015-03-09T15:42:23.098311 #60543] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/gems/test-kitchen-1.2.1/bin/kitchen:13:in `' -E, [2015-03-09T15:42:23.098328 #60543] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/bin/kitchen:23:in `load' -E, [2015-03-09T15:42:23.098344 #60543] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/bin/kitchen:23:in `
' -E, [2015-03-09T15:42:23.098404 #60543] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/bin/ruby_executable_hooks:15:in `eval' -E, [2015-03-09T15:42:23.098422 #60543] ERROR -- Kitchen: /usr/local/rvm/gems/ruby-2.1.2/bin/ruby_executable_hooks:15:in `
' -E, [2015-03-09T15:42:23.098439 #60543] ERROR -- Kitchen: ---------------------- diff --git a/berks-cookbooks/runit/files/default/runit-2.1.1.tar.gz b/berks-cookbooks/runit/files/default/runit-2.1.1.tar.gz deleted file mode 100644 index 9c236460..00000000 Binary files a/berks-cookbooks/runit/files/default/runit-2.1.1.tar.gz and /dev/null differ diff --git a/berks-cookbooks/runit/libraries/helpers.rb b/berks-cookbooks/runit/libraries/helpers.rb index fc47d66f..bd07be1c 100644 --- a/berks-cookbooks/runit/libraries/helpers.rb +++ b/berks-cookbooks/runit/libraries/helpers.rb @@ -2,8 +2,9 @@ # Cookbook:: runit # Libraries:: helpers # -# Author: Joshua Timberman -# Copyright (c) 2014, Chef Software, Inc. +# Author: Joshua Timberman +# Author: Sean OMeara +# Copyright 2008-2015, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,28 +19,171 @@ # limitations under the License. # -require 'chef/mixin/shell_out' -include Chef::Mixin::ShellOut -module Runit +module RunitCookbook module Helpers - def runit_installed? - return true if runit_rpm_installed? || (runit_executable? && runit_sv_works?) + + # include Chef::Mixin::ShellOut if it is not already included in the calling class + def self.included(klass) + unless(klass.ancestors.include?(Chef::Mixin::ShellOut)) + klass.class_eval{ include Chef::Mixin::ShellOut } + end + end + + # Default settings for resource properties. + def parsed_sv_bin + return new_resource.sv_bin if new_resource.sv_bin + '/usr/bin/sv' + end + + def parsed_sv_dir + return new_resource.sv_dir if new_resource.sv_dir + '/etc/sv' + end + + def parsed_service_dir + return new_resource.service_dir if new_resource.service_dir + '/etc/service' + end + + def parsed_lsb_init_dir + return new_resource.lsb_init_dir if new_resource.lsb_init_dir + '/etc/init.d' + end + + # misc helper functions + def inside_docker? + results = `cat /proc/1/cgroup`.strip.split("\n") + results.any? { |val| /docker/ =~ val } + end + + def down_file + "#{sv_dir_name}/down" + end + + def env_dir + "#{sv_dir_name}/env" end - def runit_executable? - ::File.executable?(node['runit']['executable']) + def extra_env_files? + files = [] + Dir.glob("#{service_dir_name}/env/*").each do |f| + files << File.basename(f) + end + return true if files.sort != new_resource.env.keys.sort + false + end + + def zap_extra_env_files + Dir.glob("#{service_dir_name}/env/*").each do |f| + unless new_resource.env.key?(File.basename(f)) + File.unlink(f) + Chef::Log.info("removing file #{f}") + end + end + end + + def wait_for_service + unless inside_docker? + sleep 1 until ::FileTest.pipe?("#{service_dir_name}/supervise/ok") + + if new_resource.log + sleep 1 until ::FileTest.pipe?("#{service_dir_name}/log/supervise/ok") + end + end end def runit_sv_works? - sv = shell_out("#{node['runit']['sv_bin']} --help") + sv = shell_out("#{sv_bin} --help") sv.exitstatus == 100 && sv.stderr =~ /usage: sv .* command service/ end - def runit_rpm_installed? - shell_out('rpm -qa | grep -q "^runit"').exitstatus == 0 + def runit_send_signal(signal, friendly_name = nil) + friendly_name ||= signal + converge_by("send #{friendly_name} to #{new_resource}") do + shell_out!("#{sv_bin} #{sv_args}#{signal} #{service_dir_name}") + Chef::Log.info("#{new_resource} sent #{friendly_name}") + end + end + + def running? + cmd = shell_out("#{sv_bin} #{sv_args}status #{service_dir_name}") + (cmd.stdout =~ /^run:/ && cmd.exitstatus == 0) + end + + def log_running? + cmd = shell_out("#{sv_bin} #{sv_args}status #{service_dir_name}/log") + (cmd.stdout =~ /^run:/ && cmd.exitstatus == 0) + end + + def enabled? + ::File.exist?("#{service_dir_name}/run") + end + + def log_service_name + "#{new_resource.service_name}/log" + end + + def sv_dir_name + "#{parsed_sv_dir}/#{new_resource.service_name}" + end + + def sv_args + sv_args = '' + sv_args += "-w '#{new_resource.sv_timeout}' " unless new_resource.sv_timeout.nil? + sv_args += '-v ' if new_resource.sv_verbose + sv_args + end + + def sv_bin + parsed_sv_bin + end + + def service_dir_name + "#{new_resource.service_dir}/#{new_resource.service_name}" + end + + def log_dir_name + "#{new_resource.service_dir}/#{new_resource.service_name}/log" + end + + def template_cookbook + new_resource.cookbook.nil? ? new_resource.cookbook_name.to_s : new_resource.cookbook + end + + def default_logger_content + <<-EOS +#!/bin/sh +exec svlogd -tt /var/log/#{new_resource.service_name} + EOS + end + + def disable_service + shell_out("#{new_resource.sv_bin} #{sv_args}down #{service_dir_name}") + FileUtils.rm(service_dir_name) + end + + def start_service + shell_out!("#{new_resource.sv_bin} #{sv_args}start #{service_dir_name}") + end + + def stop_service + shell_out!("#{new_resource.sv_bin} #{sv_args}stop #{service_dir_name}") + end + + def restart_service + shell_out!("#{new_resource.sv_bin} #{sv_args}restart #{service_dir_name}") + end + + def restart_log_service + shell_out!("#{new_resource.sv_bin} #{sv_args}restart #{service_dir_name}/log") + end + + def reload_service + shell_out!("#{new_resource.sv_bin} #{sv_args}force-reload #{service_dir_name}") + end + + def reload_log_service + shell_out!("#{new_resource.sv_bin} #{sv_args}force-reload #{service_dir_name}/log") end end end - -Chef::Recipe.send(:include, Runit::Helpers) -Chef::Resource.send(:include, Runit::Helpers) diff --git a/berks-cookbooks/runit/libraries/matchers.rb b/berks-cookbooks/runit/libraries/matchers.rb index c7c6d296..760156e6 100644 --- a/berks-cookbooks/runit/libraries/matchers.rb +++ b/berks-cookbooks/runit/libraries/matchers.rb @@ -1,5 +1,7 @@ if defined?(ChefSpec) + ChefSpec.define_matcher(:runit_service) + def start_runit_service(service) ChefSpec::Matchers::ResourceMatcher.new(:runit_service, :start, service) end diff --git a/berks-cookbooks/runit/libraries/provider_runit_service.rb b/berks-cookbooks/runit/libraries/provider_runit_service.rb index 3927495b..4504a540 100644 --- a/berks-cookbooks/runit/libraries/provider_runit_service.rb +++ b/berks-cookbooks/runit/libraries/provider_runit_service.rb @@ -2,8 +2,9 @@ # Cookbook Name:: runit # Provider:: service # -# Copyright 2011, Joshua Timberman -# Copyright 2011, Chef Software, Inc. +# Author:: Joshua Timberman +# Author:: Sean OMeara +# Copyright 2011-2015, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,520 +19,280 @@ # limitations under the License. # -require 'chef/provider/service' -require 'chef/provider/link' -require 'chef/resource/link' -require 'chef/provider/directory' -require 'chef/resource/directory' -require 'chef/provider/template' -require 'chef/resource/template' -require 'chef/provider/file' -require 'chef/resource/file' -require 'chef/mixin/shell_out' -require 'chef/mixin/language' - class Chef class Provider - class Service - class Runit < Chef::Provider::Service - # refactor this whole thing into a Chef11 LWRP - include Chef::Mixin::ShellOut - - def initialize(*args) - super - @sv_dir = nil - @run_script = nil - @log_dir = nil - @log_main_dir = nil - @default_log_dir = nil - @log_run_script = nil - @log_config_file = nil - @env_dir = nil - @env_files = nil - @check_script = nil - @finish_script = nil - @control_dir = nil - @control_signal_files = nil - @lsb_init = nil - @service_link = nil - @new_resource.supports[:status] = true - end - - def load_current_resource - @current_resource = Chef::Resource::RunitService.new(new_resource.name) - @current_resource.service_name(new_resource.service_name) - - Chef::Log.debug("Checking status of service #{new_resource.service_name}") + class RunitService < Chef::Provider::LWRPBase + use_inline_resources if defined?(use_inline_resources) - # verify Runit was installed properly - unless ::File.exist?(new_resource.sv_bin) && ::File.executable?(new_resource.sv_bin) - no_runit_message = "Could not locate main runit sv_bin at \"#{new_resource.sv_bin}\". " - no_runit_message << "Did you remember to install runit before declaring a \"runit_service\" resource? " - no_runit_message << "\n\nTry adding the following to the top of your recipe:\n\ninclude_recipe \"runit\"" - fail no_runit_message - end + def whyrun_supported? + true + end - @current_resource.running(running?) - @current_resource.enabled(enabled?) - @current_resource.env(get_current_env) - @current_resource - end + # Mix in helpers from libraries/helpers.rb + include RunitCookbook::Helpers - # - # Chef::Provider::Service overrides - # + # actions + action :create do + # sv_templates + if new_resource.sv_templates - def action_create - converge_by("configure service without enabling #{@new_resource}") do - configure_service # Do this every run, even if service is already enabled and running - Chef::Log.info("#{@new_resource} configured") + directory sv_dir_name do + owner new_resource.owner + group new_resource.group + mode '0755' + recursive true + action :create end - end - def action_enable - converge_by("configure service #{@new_resource}") do - configure_service # Do this every run, even if service is already enabled and running - Chef::Log.info("#{@new_resource} configured") + template "#{sv_dir_name}/run" do + owner new_resource.owner + group new_resource.group + source "sv-#{new_resource.run_template_name}-run.erb" + cookbook template_cookbook + mode '0755' + variables(options: new_resource.options) + action :create end - if @current_resource.enabled - Chef::Log.debug("#{@new_resource} already enabled - nothing to do") - else - converge_by("enable service #{@new_resource}") do - enable_service - Chef::Log.info("#{@new_resource} enabled") + + # log stuff + if new_resource.log + directory "#{sv_dir_name}/log" do + owner new_resource.owner + group new_resource.group + recursive true + action :create end - end - load_new_resource_state - @new_resource.enabled(true) - restart_service if @new_resource.restart_on_update && run_script.updated_by_last_action? - restart_log_service if @new_resource.restart_on_update && log_run_script.updated_by_last_action? - restart_log_service if @new_resource.restart_on_update && log_config_file.updated_by_last_action? - end - def configure_service - if new_resource.sv_templates - Chef::Log.debug("Creating sv_dir for #{new_resource.service_name}") - sv_dir.run_action(:create) - Chef::Log.debug("Creating run_script for #{new_resource.service_name}") - run_script.run_action(:create) - - if new_resource.log - Chef::Log.debug("Setting up svlog for #{new_resource.service_name}") - log_dir.run_action(:create) - log_main_dir.run_action(:create) - default_log_dir.run_action(:create) if new_resource.default_logger - log_run_script.run_action(:create) - log_config_file.run_action(:create) - else - Chef::Log.debug("log not specified for #{new_resource.service_name}, continuing") + directory "#{sv_dir_name}/log/main" do + owner new_resource.owner + group new_resource.group + mode '0755' + recursive true + action :create end - unless new_resource.env.empty? - Chef::Log.debug("Setting up environment files for #{new_resource.service_name}") - env_dir.run_action(:create) - env_files.each do |file| - file.action.each { |action| file.run_action(action) } + if new_resource.default_logger + directory "/var/log/#{new_resource.service_name}" do + owner new_resource.owner + group new_resource.group + mode '00755' + recursive true + action :create end - else - Chef::Log.debug("Environment not specified for #{new_resource.service_name}, continuing") - end - if new_resource.check - Chef::Log.debug("Creating check script for #{new_resource.service_name}") - check_script.run_action(:create) - else - Chef::Log.debug("Check script not specified for #{new_resource.service_name}, continuing") - end + link "/var/log/#{new_resource.service_name}/config" do + to "#{sv_dir_name}/log/config" + end - if new_resource.finish - Chef::Log.debug("Creating finish script for #{new_resource.service_name}") - finish_script.run_action(:create) + file "#{sv_dir_name}/log/run" do + content default_logger_content + owner new_resource.owner + group new_resource.group + mode '00755' + action :create + end else - Chef::Log.debug("Finish script not specified for #{new_resource.service_name}, continuing") + template "#{sv_dir_name}/log/run" do + owner new_resource.owner + group new_resource.group + mode '00755' + source "sv-#{new_resource.log_template_name}-log-run.erb" + cookbook template_cookbook + variables(options: new_resource.options) + action :create + end end - unless new_resource.control.empty? - Chef::Log.debug("Creating control signal scripts for #{new_resource.service_name}") - control_dir.run_action(:create) - control_signal_files.each { |file| file.run_action(:create) } - else - Chef::Log.debug("Control signals not specified for #{new_resource.service_name}, continuing") + template "#{sv_dir_name}/log/config" do + owner new_resource.owner + group new_resource.group + mode '00644' + cookbook 'runit' + source 'log-config.erb' + variables(config: new_resource) + action :create end end - Chef::Log.debug("Creating lsb_init compatible interface #{new_resource.service_name}") - lsb_init.run_action(:create) - end - - def enable_service - Chef::Log.debug("Creating symlink in service_dir for #{new_resource.service_name}") - service_link.run_action(:create) - - unless inside_docker? - Chef::Log.debug("waiting until named pipe #{service_dir_name}/supervise/ok exists.") - until ::FileTest.pipe?("#{service_dir_name}/supervise/ok") - sleep 1 - Chef::Log.debug('.') - end + # environment stuff + directory "#{sv_dir_name}/env" do + owner new_resource.owner + group new_resource.group + mode '00755' + action :create + end - if new_resource.log - Chef::Log.debug("waiting until named pipe #{service_dir_name}/log/supervise/ok exists.") - until ::FileTest.pipe?("#{service_dir_name}/log/supervise/ok") - sleep 1 - Chef::Log.debug('.') - end + new_resource.env.map do |var, value| + file "#{sv_dir_name}/env/#{var}" do + owner new_resource.owner + group new_resource.group + content value + mode 00640 + action :create end - else - Chef::Log.debug("skipping */supervise/ok check inside docker") end - end - - def disable_service - shell_out("#{new_resource.sv_bin} #{sv_args}down #{service_dir_name}") - Chef::Log.debug("#{new_resource} down") - FileUtils.rm(service_dir_name) - Chef::Log.debug("#{new_resource} service symlink removed") - end - def start_service - shell_out!("#{new_resource.sv_bin} #{sv_args}start #{service_dir_name}") - end - - def stop_service - shell_out!("#{new_resource.sv_bin} #{sv_args}stop #{service_dir_name}") - end - - def restart_service - shell_out!("#{new_resource.sv_bin} #{sv_args}restart #{service_dir_name}") - end - - def restart_log_service - shell_out!("#{new_resource.sv_bin} #{sv_args}restart #{service_dir_name}/log") - end - - def reload_service - shell_out!("#{new_resource.sv_bin} #{sv_args}force-reload #{service_dir_name}") - end - - def reload_log_service - shell_out!("#{new_resource.sv_bin} #{sv_args}force-reload #{service_dir_name}/log") - end - - # - # Addtional Runit-only actions - # + ruby_block 'zap extra env files' do + block { zap_extra_env_files } + only_if { extra_env_files? } + action :run + end - # only take action if the service is running - [:down, :hup, :int, :term, :kill, :quit].each do |signal| - define_method "action_#{signal}".to_sym do - if @current_resource.running - runit_send_signal(signal) - else - Chef::Log.debug("#{new_resource} not running - nothing to do") + if new_resource.check + template "#{sv_dir_name}/check" do + owner new_resource.owner + group new_resource.group + mode '00755' + cookbook template_cookbook + source "sv-#{new_resource.check_script_template_name}-check.erb" + variables(options: new_resource.options) + action :create end end - end - # only take action if service is *not* running - [:up, :once, :cont].each do |signal| - define_method "action_#{signal}".to_sym do - if @current_resource.running - Chef::Log.debug("#{new_resource} already running - nothing to do") - else - runit_send_signal(signal) + if new_resource.finish + template "#{sv_dir_name}/finish" do + owner new_resource.owner + group new_resource.group + mode '00755' + source "sv-#{new_resource.finish_script_template_name}-finish.erb" + cookbook template_cookbook + variables(options: new_resource.options) if new_resource.options.respond_to?(:has_key?) + action :create end end - end - - def action_usr1 - runit_send_signal(1, :usr1) - end - def action_usr2 - runit_send_signal(2, :usr2) - end - - private - - def runit_send_signal(signal, friendly_name = nil) - friendly_name ||= signal - converge_by("send #{friendly_name} to #{new_resource}") do - shell_out!("#{new_resource.sv_bin} #{sv_args}#{signal} #{service_dir_name}") - Chef::Log.info("#{new_resource} sent #{friendly_name}") - new_resource.updated_by_last_action(true) + directory "#{sv_dir_name}/control" do + owner new_resource.owner + group new_resource.group + mode '00755' + action :create end - end - def running? - cmd = shell_out("#{new_resource.sv_bin} #{sv_args}status #{service_dir_name}") - (cmd.stdout =~ /^run:/ && cmd.exitstatus == 0) - end - - def log_running? - cmd = shell_out("#{new_resource.sv_bin} #{sv_args}status #{service_dir_name}/log") - (cmd.stdout =~ /^run:/ && cmd.exitstatus == 0) - end - - def enabled? - ::File.exists?(::File.join(service_dir_name, 'run')) - end - - def log_service_name - ::File.join(new_resource.service_name, 'log') - end - - def sv_dir_name - ::File.join(new_resource.sv_dir, new_resource.service_name) - end - - def sv_args - sv_args = '' - sv_args += "-w '#{new_resource.sv_timeout}' " unless new_resource.sv_timeout.nil? - sv_args += '-v ' if new_resource.sv_verbose - sv_args - end - - def service_dir_name - ::File.join(new_resource.service_dir, new_resource.service_name) - end - - def log_dir_name - ::File.join(new_resource.service_dir, new_resource.service_name, log) - end + new_resource.control.map do |signal| + template "#{sv_dir_name}/control/#{signal}" do + owner new_resource.owner + group new_resource.group + mode '0755' + source "sv-#{new_resource.control_template_names[signal]}-#{signal}.erb" + cookbook template_cookbook + variables(options: new_resource.options) + action :create + end + end - def template_cookbook - new_resource.cookbook.nil? ? new_resource.cookbook_name.to_s : new_resource.cookbook - end + # lsb_init + if node['platform'] == 'debian' + ruby_block "unlink #{parsed_lsb_init_dir}/#{new_resource.service_name}" do + block { ::File.unlink("#{parsed_lsb_init_dir}/#{new_resource.service_name}") } + only_if { ::File.symlink?("#{parsed_lsb_init_dir}/#{new_resource.service_name}") } + end - def default_logger_content - "#!/bin/sh -exec svlogd -tt /var/log/#{new_resource.service_name}" - end + template "#{parsed_lsb_init_dir}/#{new_resource.service_name}" do + owner 'root' + group 'root' + mode '00755' + cookbook 'runit' + source 'init.d.erb' + variables( + name: new_resource.service_name, + sv_bin: new_resource.sv_bin, + init_dir: ::File.join(parsed_lsb_init_dir, '') + ) + action :create + end + else + link "#{parsed_lsb_init_dir}/#{new_resource.service_name}" do + to sv_bin + action :create + end + end - # - # Helper Resources - # - def sv_dir - return @sv_dir unless @sv_dir.nil? - @sv_dir = Chef::Resource::Directory.new(sv_dir_name, run_context) - @sv_dir.recursive(true) - @sv_dir.owner(new_resource.owner) - @sv_dir.group(new_resource.group) - @sv_dir.mode(00755) - @sv_dir - end + # Create/Delete service down file + # To prevent unexpected behavior, require users to explicitly set + # delete_downfile to remove any down file that may already exist + df_action = :nothing + if new_resource.start_down + df_action = :create + elsif new_resource.delete_downfile + df_action = :delete + end - def run_script - return @run_script unless @run_script.nil? - @run_script = Chef::Resource::Template.new(::File.join(sv_dir_name, 'run'), run_context) - @run_script.owner(new_resource.owner) - @run_script.group(new_resource.group) - @run_script.source("sv-#{new_resource.run_template_name}-run.erb") - @run_script.cookbook(template_cookbook) - @run_script.mode(00755) - @run_script.variables(:options => new_resource.options) if new_resource.options.respond_to?(:has_key?) - @run_script + file down_file do + mode 00644 + backup false + content '# File created and managed by chef!' + action df_action + end end + end - def log_dir - return @log_dir unless @log_dir.nil? - @log_dir = Chef::Resource::Directory.new(::File.join(sv_dir_name, 'log'), run_context) - @log_dir.recursive(true) - @log_dir.owner(new_resource.owner) - @log_dir.group(new_resource.group) - @log_dir.mode(00755) - @log_dir + action :disable do + ruby_block "disable #{new_resource.service_name}" do + block { disable_service } + only_if { enabled? } end + end - def log_main_dir - return @log_main_dir unless @log_main_dir.nil? - @log_main_dir = Chef::Resource::Directory.new(::File.join(sv_dir_name, 'log', 'main'), run_context) - @log_main_dir.recursive(true) - @log_main_dir.owner(new_resource.owner) - @log_main_dir.group(new_resource.group) - @log_main_dir.mode(00755) - @log_main_dir - end + action :enable do + # FIXME: remove action_create in next major version + action_create - def default_log_dir - return @default_log_dir unless @default_log_dir.nil? - @default_log_dir = Chef::Resource::Directory.new(::File.join("/var/log/#{new_resource.service_name}"), run_context) - @default_log_dir.recursive(true) - @default_log_dir.owner(new_resource.owner) - @default_log_dir.group(new_resource.group) - @default_log_dir.mode(00755) - @default_log_dir + link "#{service_dir_name}" do + to sv_dir_name + action :create end - def log_run_script - return @log_run_script unless @log_run_script.nil? - if new_resource.default_logger - @log_run_script = Chef::Resource::File.new( - ::File.join(sv_dir_name, 'log', 'run'), - run_context - ) - @log_run_script.content(default_logger_content) - @log_run_script.owner(new_resource.owner) - @log_run_script.group(new_resource.group) - @log_run_script.mode(00755) - else - @log_run_script = Chef::Resource::Template.new( - ::File.join(sv_dir_name, 'log', 'run'), - run_context - ) - @log_run_script.owner(new_resource.owner) - @log_run_script.group(new_resource.group) - @log_run_script.mode(00755) - @log_run_script.source("sv-#{new_resource.log_template_name}-log-run.erb") - @log_run_script.cookbook(template_cookbook) - @log_run_script.variables(:options => new_resource.options) if new_resource.options.respond_to?(:has_key?) - end - @log_run_script - end - - def log_config_file - return @log_config_file unless @log_config_file.nil? - @log_config_file = Chef::Resource::Template.new(::File.join(sv_dir_name, 'log', 'config'), run_context) - @log_config_file.owner(new_resource.owner) - @log_config_file.group(new_resource.group) - @log_config_file.mode(00644) - @log_config_file.cookbook('runit') - @log_config_file.source('log-config.erb') - @log_config_file.variables( - :size => new_resource.log_size, - :num => new_resource.log_num, - :min => new_resource.log_min, - :timeout => new_resource.log_timeout, - :processor => new_resource.log_processor, - :socket => new_resource.log_socket, - :prefix => new_resource.log_prefix, - :append => new_resource.log_config_append - ) - @log_config_file - end + # FIXME: replace me + # ruby_block 'wait_for_service' do + # block wait_for_service + # end + end - def env_dir - return @env_dir unless @env_dir.nil? - @env_dir = Chef::Resource::Directory.new(::File.join(sv_dir_name, 'env'), run_context) - @env_dir.owner(new_resource.owner) - @env_dir.group(new_resource.group) - @env_dir.mode(00755) - @env_dir + # signals + [:down, :hup, :int, :term, :kill, :quit].each do |signal| + action signal do + runit_send_signal(signal) end + end - def env_files - return @env_files unless @env_files.nil? - create_files = new_resource.env.map do |var, value| - env_file = Chef::Resource::File.new(::File.join(sv_dir_name, 'env', var), run_context) - env_file.owner(new_resource.owner) - env_file.group(new_resource.group) - env_file.content(value) - env_file.action(:create) - env_file - end - extra_env = @current_resource.env.reject { |k,_| new_resource.env.key?(k) } - delete_files = extra_env.map do |k,_| - env_file = Chef::Resource::File.new(::File.join(sv_dir_name, 'env', k), run_context) - env_file.action(:delete) - env_file - end - @env_files = create_files + delete_files - @env_files + [:up, :once, :cont].each do |signal| + action signal do + runit_send_signal(signal) end + end - def get_current_env - env_dir = ::File.join(sv_dir_name, 'env') - return {} unless ::File.directory? env_dir - files = ::Dir.glob(::File.join(env_dir,'*')) - env = files.reduce({}) do |c,o| - contents = ::IO.read(o).rstrip - c.merge!(::File.basename(o) => contents) - end - env - end + action :usr1 do + runit_send_signal(1, :usr1) + end - def check_script - return @check_script unless @check_script.nil? - @check_script = Chef::Resource::Template.new(::File.join(sv_dir_name, 'check'), run_context) - @check_script.owner(new_resource.owner) - @check_script.group(new_resource.group) - @check_script.source("sv-#{new_resource.check_script_template_name}-check.erb") - @check_script.cookbook(template_cookbook) - @check_script.mode(00755) - @check_script.variables(:options => new_resource.options) if new_resource.options.respond_to?(:has_key?) - @check_script - end + action :usr2 do + runit_send_signal(2, :usr2) + end - def finish_script - return @finish_script unless @finish_script.nil? - @finish_script = Chef::Resource::Template.new(::File.join(sv_dir_name, 'finish'), run_context) - @finish_script.owner(new_resource.owner) - @finish_script.group(new_resource.group) - @finish_script.mode(00755) - @finish_script.source("sv-#{new_resource.finish_script_template_name}-finish.erb") - @finish_script.cookbook(template_cookbook) - @finish_script.variables(:options => new_resource.options) if new_resource.options.respond_to?(:has_key?) - @finish_script - end + action :nothing do + end - def control_dir - return @control_dir unless @control_dir.nil? - @control_dir = Chef::Resource::Directory.new(::File.join(sv_dir_name, 'control'), run_context) - @control_dir.owner(new_resource.owner) - @control_dir.group(new_resource.group) - @control_dir.mode(00755) - @control_dir - end + action :restart do + restart_service + end - def control_signal_files - return @control_signal_files unless @control_signal_files.nil? - @control_signal_files = new_resource.control.map do |signal| - control_signal_file = Chef::Resource::Template.new( - ::File.join(sv_dir_name, 'control', signal), - run_context - ) - control_signal_file.owner(new_resource.owner) - control_signal_file.group(new_resource.group) - control_signal_file.mode(00755) - control_signal_file.source("sv-#{new_resource.control_template_names[signal]}-#{signal}.erb") - control_signal_file.cookbook(template_cookbook) - control_signal_file.variables(:options => new_resource.options) if new_resource.options.respond_to?(:has_key?) - control_signal_file - end - @control_signal_files - end + action :start do + start_service + end - def lsb_init - return @lsb_init unless @lsb_init.nil? - initfile = ::File.join(new_resource.lsb_init_dir, new_resource.service_name) - if node['platform'] == 'debian' - ::File.unlink(initfile) if ::File.symlink?(initfile) - @lsb_init = Chef::Resource::Template.new(initfile, run_context) - @lsb_init.owner('root') - @lsb_init.group('root') - @lsb_init.mode(00755) - @lsb_init.cookbook('runit') - @lsb_init.source('init.d.erb') - @lsb_init.variables(:name => new_resource.service_name) - else - @lsb_init = Chef::Resource::Link.new(initfile, run_context) - @lsb_init.to(new_resource.sv_bin) - end - @lsb_init - end + action :stop do + stop_service + end - def service_link - return @service_link unless @service_link.nil? - @service_link = Chef::Resource::Link.new(::File.join(service_dir_name), run_context) - @service_link.to(sv_dir_name) - @service_link - end + action :reload do + reload_service + end - def inside_docker? - results = `cat /proc/1/cgroup`.strip.split("\n") - results.any?{|val| /docker/ =~ val} - end + action :status do + running? end + end end end diff --git a/berks-cookbooks/runit/libraries/resource_runit_service.rb b/berks-cookbooks/runit/libraries/resource_runit_service.rb index ec651de6..c29b7e6b 100644 --- a/berks-cookbooks/runit/libraries/resource_runit_service.rb +++ b/berks-cookbooks/runit/libraries/resource_runit_service.rb @@ -29,8 +29,8 @@ def initialize(name, run_context = nil) super runit_node = runit_attributes_from_node(run_context) @resource_name = :runit_service - @provider = Chef::Provider::Service::Runit - @supports = { :restart => true, :reload => true, :status => true } + @provider = Chef::Provider::RunitService + @supports = { restart: true, reload: true, status: true } @action = :enable @allowed_actions = [:nothing, :start, :stop, :enable, :disable, :restart, :reload, :status, :once, :hup, :cont, :term, :kill, :up, :down, :usr1, :usr2, :create] @@ -47,6 +47,8 @@ def initialize(name, run_context = nil) @log = true @cookbook = nil @check = false + @start_down = false + @delete_downfile = false @finish = false @owner = nil @group = nil @@ -94,103 +96,111 @@ def initialize(name, run_context = nil) end def sv_bin(arg = nil) - set_or_return(:sv_bin, arg, :kind_of => [String]) + set_or_return(:sv_bin, arg, kind_of: [String]) end def sv_dir(arg = nil) - set_or_return(:sv_dir, arg, :kind_of => [String, FalseClass]) + set_or_return(:sv_dir, arg, kind_of: [String, FalseClass]) end def sv_timeout(arg = nil) - set_or_return(:sv_timeout, arg, :kind_of => [Fixnum]) + set_or_return(:sv_timeout, arg, kind_of: [Fixnum]) end def sv_verbose(arg = nil) - set_or_return(:sv_verbose, arg, :kind_of => [TrueClass, FalseClass]) + set_or_return(:sv_verbose, arg, kind_of: [TrueClass, FalseClass]) end def service_dir(arg = nil) - set_or_return(:service_dir, arg, :kind_of => [String]) + set_or_return(:service_dir, arg, kind_of: [String]) end def lsb_init_dir(arg = nil) - set_or_return(:lsb_init_dir, arg, :kind_of => [String]) + set_or_return(:lsb_init_dir, arg, kind_of: [String]) end def control(arg = nil) - set_or_return(:control, arg, :kind_of => [Array]) + set_or_return(:control, arg, kind_of: [Array]) end def options(arg = nil) - @env.empty? ? opts = @options : opts = @options.merge!(:env_dir => ::File.join(@sv_dir, @service_name, 'env')) + @env.empty? ? opts = @options : opts = @options.merge!(env_dir: ::File.join(@sv_dir, @service_name, 'env')) set_or_return( :options, arg, - :kind_of => [Hash], - :default => opts + kind_of: [Hash], + default: opts ) end def env(arg = nil) - set_or_return(:env, arg, :kind_of => [Hash]) + set_or_return(:env, arg, kind_of: [Hash]) end ## set log to current instance value if nothing is passed. def log(arg = @log) - set_or_return(:log, arg, :kind_of => [TrueClass, FalseClass]) + set_or_return(:log, arg, kind_of: [TrueClass, FalseClass]) end def cookbook(arg = nil) - set_or_return(:cookbook, arg, :kind_of => [String]) + set_or_return(:cookbook, arg, kind_of: [String]) end def finish(arg = nil) - set_or_return(:finish, arg, :kind_of => [TrueClass, FalseClass]) + set_or_return(:finish, arg, kind_of: [TrueClass, FalseClass]) end def check(arg = nil) - set_or_return(:check, arg, :kind_of => [TrueClass, FalseClass]) + set_or_return(:check, arg, kind_of: [TrueClass, FalseClass]) + end + + def start_down(arg = nil) + set_or_return(:start_down, arg, :kind_of => [TrueClass, FalseClass]) + end + + def delete_downfile(arg = nil) + set_or_return(:delete_downfile, arg, :kind_of => [TrueClass, FalseClass]) end def owner(arg = nil) - set_or_return(:owner, arg, :regex => [Chef::Config[:user_valid_regex]]) + set_or_return(:owner, arg, regex: [Chef::Config[:user_valid_regex]]) end def group(arg = nil) - set_or_return(:group, arg, :regex => [Chef::Config[:group_valid_regex]]) + set_or_return(:group, arg, regex: [Chef::Config[:group_valid_regex]]) end def default_logger(arg = nil) - set_or_return(:default_logger, arg, :kind_of => [TrueClass, FalseClass]) + set_or_return(:default_logger, arg, kind_of: [TrueClass, FalseClass]) end def restart_on_update(arg = nil) - set_or_return(:restart_on_update, arg, :kind_of => [TrueClass, FalseClass]) + set_or_return(:restart_on_update, arg, kind_of: [TrueClass, FalseClass]) end def run_template_name(arg = nil) - set_or_return(:run_template_name, arg, :kind_of => [String]) + set_or_return(:run_template_name, arg, kind_of: [String]) end alias_method :template_name, :run_template_name def log_template_name(arg = nil) - set_or_return(:log_template_name, arg, :kind_of => [String]) + set_or_return(:log_template_name, arg, kind_of: [String]) end def check_script_template_name(arg = nil) - set_or_return(:check_script_template_name, arg, :kind_of => [String]) + set_or_return(:check_script_template_name, arg, kind_of: [String]) end def finish_script_template_name(arg = nil) - set_or_return(:finish_script_template_name, arg, :kind_of => [String]) + set_or_return(:finish_script_template_name, arg, kind_of: [String]) end def control_template_names(arg = nil) set_or_return( :control_template_names, arg, - :kind_of => [Hash], - :default => set_control_template_names + kind_of: [Hash], + default: set_control_template_names ) end @@ -202,39 +212,39 @@ def set_control_template_names end def sv_templates(arg = nil) - set_or_return(:sv_templates, arg, :kind_of => [TrueClass, FalseClass]) + set_or_return(:sv_templates, arg, kind_of: [TrueClass, FalseClass]) end def log_size(arg = nil) - set_or_return(:log_size, arg, :kind_of => [Integer]) + set_or_return(:log_size, arg, kind_of: [Integer]) end def log_num(arg = nil) - set_or_return(:log_num, arg, :kind_of => [Integer]) + set_or_return(:log_num, arg, kind_of: [Integer]) end def log_min(arg = nil) - set_or_return(:log_min, arg, :kind_of => [Integer]) + set_or_return(:log_min, arg, kind_of: [Integer]) end def log_timeout(arg = nil) - set_or_return(:log_timeout, arg, :kind_of => [Integer]) + set_or_return(:log_timeout, arg, kind_of: [Integer]) end def log_processor(arg = nil) - set_or_return(:log_processor, arg, :kind_of => [String]) + set_or_return(:log_processor, arg, kind_of: [String]) end def log_socket(arg = nil) - set_or_return(:log_socket, arg, :kind_of => [String, Hash]) + set_or_return(:log_socket, arg, kind_of: [String, Hash]) end def log_prefix(arg = nil) - set_or_return(:log_prefix, arg, :kind_of => [String]) + set_or_return(:log_prefix, arg, kind_of: [String]) end def log_config_append(arg = nil) - set_or_return(:log_config_append, arg, :kind_of => [String]) + set_or_return(:log_config_append, arg, kind_of: [String]) end def runit_attributes_from_node(run_context) diff --git a/berks-cookbooks/runit/metadata.json b/berks-cookbooks/runit/metadata.json index 3d79cab2..c40690e8 100644 --- a/berks-cookbooks/runit/metadata.json +++ b/berks-cookbooks/runit/metadata.json @@ -1,7 +1,7 @@ { "name": "runit", "description": "Installs runit and provides runit_service definition", - "long_description": "runit Cookbook\n==============\nInstalls runit and provides the `runit_service` service resource for managing processes (services) under runit.\n\nThis cookbook does not use runit to replace system init, nor are ther plans to do so.\n\nFor more information about runit:\n\n- http://smarden.org/runit/\n\n\nRequirements\n------------\n### Platforms\n- Debian/Ubuntu\n- Gentoo\n- RHEL\n\n\nAttributes\n----------\nSee `attributes/default.rb` for defaults generated per platform.\n\n- `node['runit']['sv_bin']` - Full path to the `sv` binary.\n- `node['runit']['chpst_bin']` - Full path to the `chpst` binary.\n- `node['runit']['service_dir']` - Full path to the default \"services\" directory where enabled services are linked.\n- `node['runit']['sv_dir']` - Full path to the directory where service lives, which gets linked to `service_dir`.\n- `node['runit']['lsb_init_dir']` - Full path to the directory where the LSB-compliant init script interface will be created.\n- `node['runit']['start']` - Command to start the runsvdir service\n- `node['runit']['stop]` - Command to stop the runsvdir service\n- `node['runit']['reload']` - Command to reload the runsvdir service\n\n### Optional Attributes for RHEL systems\n\n- `node['runit']['use_package_from_yum']` - If `true`, attempts to install\n runit without building an RPM first. This is for users who already have\n the package in their own Yum repository.\n\n\nRecipes\n-------\n### default\nThe default recipe installs runit and starts `runsvdir` to supervise the services in runit's service directory (e.g., `/etc/service`).\n\nOn RHEL family systems, it will build the runit RPM using [Ian Meyer's runit RPM SPEC](https://github.com/imeyer/runit-rpm) unless the attribute `node['runit']['use_package_from_yum']` is set to `true`. In which case it will try and install runit through the normal package installation mechanism.\n\nOn Debian family systems, the runit packages are maintained by the runit author, Gerrit Pape, and the recipe will use that for installation.\n\nOn Gentoo, the runit ebuild package is installed.\n\n\nResource/Provider\n-----------------\nThis cookbook has a resource, `runit_service`, for managing services under runit. This service subclasses the Chef `service` resource.\n\n**This resource replaces the runit_service definition. See the CHANGELOG.md file in this cookbook for breaking change information and any actions you may need to take to update cookbooks using runit_service.**\n\n### Actions\n- **enable** - enables the service, creating the required run scripts and symlinks. This is the default action.\n- **start** - starts the service with `sv start`\n- **stop** - stops the service with `sv stop`\n- **disable** - stops the service with `sv down` and removes the service symlink\n- **create** - create the service directory, but don't enable the service with symlink\n- **restart** - restarts the service with `sv restart`\n- **reload** - reloads the service with `sv force-reload`\n- **once** - starts the service with `sv once`.\n- **hup** - sends the `HUP` signal to the service with `sv hup`\n- **cont** - sends the `CONT` signal to the service\n- **term** - sends the `TERM` signal to the service\n- **kill** - sends the `KILL` signal to the service\n- **up** - starts the service with `sv up`\n- **down** - downs the service with `sv down`\n- **usr1** - sends the `USR1` signal to the service with `sv 1`\n- **usr2** - sends the `USR2` signal to the service with `sv 2`\n\nService management actions are taken with runit's \"`sv`\" program.\n\nRead the `sv(8)` [man page](http://smarden.org/runit/sv.8.html) for more information on the `sv` program.\n\n### Parameter Attributes\n\nThe first three parameters, `sv_dir`, `service_dir`, and `sv_bin` will attempt to use the corresponding node attributes, and fall back to hardcoded default values that match the settings used on Debian platform systems.\n\nMany of these parameters are only used in the `:enable` action.\n\n- **sv_dir** - The base \"service directory\" for the services managed by\n the resource. By default, this will attempt to use the\n `node['runit']['sv_dir']` attribute, and falls back to `/etc/sv`.\n- **service_dir** - The directory where services are symlinked to be\n supervised by `runsvdir`. By default, this will attempt to use the\n `node['runit']['service_dir']` attribute, and falls back to\n `/etc/service`.\n- **lsb_init_dir** - The directory where an LSB-compliant init script\n interface will be created. By default, this will attempt to use the\n `node['runit']['lsb_init_dir']` attribute, and falls back to\n `/etc/init.d`.\n- **sv_bin** - The path to the `sv` program binary. This will attempt\n to use the `node['runit']['sv_bin']` attribute, and falls back to\n `/usr/bin/sv`.\n- **service_name** - *Name attribute*. The name of the service. This\n will be used in the directory of the managed service in the\n `sv_dir` and `service_dir`.\n- **sv_timeout** - Override the default `sv` timeout of 7 seconds.\n- **sv_verbose** - Whether to enable `sv` verbose mode. Default is\n `false`.\n- **sv_templates** - If true, the `:enable` action will create the\n service directory with the appropriate templates. Default is\n `true`. Set this to `false` if the service has a package that\n provides its own service directory. See __Usage__ examples.\n- **options** - Options passed as variables to templates, for\n compatibility with legacy runit service definition. Default is an\n empty hash.\n- **env** - A hash of environment variables with their values as content\n used in the service's `env` directory. Default is an empty hash.\n- **log** - Whether to start the service's logger with svlogd, requires\n a template `sv-service_name-log-run.erb` to configure the log's run\n script. Default is true.\n- **default_logger** - Whether a default `log/run` script should be set\n up. If true, the default content of the run script will use\n `svlogd` to write logs to `/var/log/service_name`. Default is false.\n- **log_size** - The maximum size a log file can grow to before it is\n automatically rotated. See svlogd(8) for the default value.\n- **log_num** - The maximum number of log files that will be retained\n after rotation. See svlogd(8) for the default value.\n- **log_min** - The minimum number of log files that will be retained\n after rotation (if svlogd cannot create a new file and the minimum\n has not been reached, it will block). Default is no minimum.\n- **log_timeout** - The maximum age a log file can get to before it is\n automatically rotated, whether it has reached `log_size` or not.\n Default is no timeout.\n- **log_processor** - A string containing a path to a program that\n rotated log files will be fed through. See the **PROCESSOR** section\n of svlogd(8) for details. Default is no processor.\n- **log_socket** - An string containing an IP:port pair identifying a UDP\n socket that log lines will be copied to. Default is none.\n- **log_prefix** - A string that will be prepended to each line as it\n is logged. Default is no prefix.\n- **log_config_append** - A string containing optional additional lines to add\n to the log service configuration. See svlogd(8) for more details.\n- **cookbook** - A cookbook where templates are located instead of\n where the resource is used. Applies for all the templates in the\n `enable` action.\n- **check** - whether the service has a check script, requires a\n template `sv-service_name-check.erb`\n- **finish** - whether the service has a finish script, requires a\n template `sv-service_name-finish.erb`\n- **control** - An array of signals to customize control of the service,\n see [runsv man page](http://smarden.org/runit/runsv.8.html) on how\n to use this. This requires that each template be created with the\n name `sv-service_name-signal.erb`.\n- **owner** - user that should own the templates created to enable the\n service\n- **group** - group that should own the templates created to enable the\n service\n- **run_template_name** - alternate filename of the run run script to\n use replacing `service_name`.\n- **log_template_name** - alternate filename of the log run script to\n use replacing `service_name`.\n- **check_script_template_name** - alternate filename of the check\n script to use, replacing `service_name`.\n- **finish_script_template_name** - alternate filename of the finish\n script to use, replacing `service_name`.\n- **control_template_names** - a hash of control signals (see *control*\n above) and their alternate template name(s) replacing\n `service_name`.\n- **status_command** - The command used to check the status of the\n service to see if it is enabled/running (if it's running, it's\n enabled). This hardcodes the location of the sv program to\n `/usr/bin/sv` due to the aforementioned cookbook load order.\n- **restart_on_update** - Whether the service should be restarted when\n the run script is updated. Defaults to `true`. Set to `false` if\n the service shouldn't be restarted when the run script is updated.\n\nUnlike previous versions of the cookbook using the `runit_service` definition, the `runit_service` resource can be notified. See __Usage__ examples below.\n\n\nUsage\n-----\nTo get runit installed on supported platforms, use `recipe[runit]`. Once it is installed, use the `runit_service` resource to set up services to be managed by runit.\n\nIn order to use the `runit_service` resource in your cookbook(s), each service managed will also need to have `sv-service_name-run.erb` and `sv-service_name-log-run.erb` templates created. If the `log` parameter is false, the log run script isn't created. If the `log` parameter is true, and `default_logger` is also true, the log run\nscript will be created with the default content:\n\n```bash\n#!/bin/sh\nexec svlogd -tt /var/log/service_name\n```\n\n### Examples\nThese are example use cases of the `runit_service` resource described above. There are others in the `runit_test` cookbook that is included in the [git repository](https://github.com/chef-cookbooks/runit).\n\n**Default Example**\n\nThis example uses all the defaults in the `:enable` action to set up the service.\n\nWe'll set up `chef-client` to run as a service under runit, such as is done in the `chef-client` cookbook. This example will be more simple than in that cookbook. First, create the required run template, `chef-client/templates/default/sv-chef-client-run.erb`.\n\n```bash\n#!/bin/sh\nexec 2>&1\nexec /usr/bin/env chef-client -i 1800 -s 30\n```\n\nThen create the required log/run template, `chef-client/templates/default/sv-chef-client-log-run.erb`.\n\n```bash\n#!/bin/sh\nexec svlogd -tt ./main\n```\n\n__Note__ This will cause output of the running process to go to `/etc/sv/chef-client/log/main/current`. Some people may not like this, see the following example. This is preserved for compatibility reasons.\n\nFinally, set up the service in the recipe with:\n\n```ruby\nrunit_service \"chef-client\"\n```\n\n**Default Logger Example**\n\nTo use a default logger with svlogd which will log to `/var/log/chef-client/current`, instead, use the `default_logger` option.\n\n```ruby\nrunit_service \"chef-client\" do\n default_logger true\nend\n```\n\n**No Log Service**\n\nIf there isn't an appendant log service, set `log` to false, and the log/run script won't be created.\n\n```ruby\nrunit_service \"no-svlog\" do\n log false\nend\n```\n\n**Check Script**\n\nTo create a service that has a check script in its service directory, set the `check` parameter to `true`, and create a `sv-checker-check.erb` template.\n\n```ruby\nrunit_service \"checker\" do\n check true\nend\n```\n\nThis will create `/etc/sv/checker/check`.\n\n**Finish Script**\n\nTo create a service that has a finish script in its service directory, set the `finish` parameter to `true`, and create a `sv-finisher-finish.erb` template.\n\n```ruby\nrunit_service \"finisher\" do\n finish true\nend\n```\n\nThis will create `/etc/sv/finisher/finish`.\n\n**Alternate service directory**\n\nIf the service directory for the managed service isn't the `sv_dir` (`/etc/sv`), then specify it:\n\n```ruby\nrunit_service \"custom_service\" do\n sv_dir \"/etc/custom_service/runit\"\nend\n```\n\n**No Service Directory**\n\nIf the service to manage has a package that provides its service directory, such as `git-daemon` on Debian systems, set `sv_templates` to false.\n\n```ruby\npackage \"git-daemon-run\"\n\nrunit_service \"git-daemon\" do\n sv_templates false\nend\n```\n\nThis will create the service symlink in `/etc/service`, but it will not manage any templates in the service directory.\n\n**User Controlled Services**\n\nTo set up services controlled by a non-privileged user, we follow the recommended configuration in the [runit documentation](http://smarden.org/runit/faq.html#user) (Is it possible to allow a user other than root to control a service?).\n\nSuppose the user's name is floyd, and floyd wants to run floyds-app. Assuming that the floyd user and group are already managed with Chef, create a `runsvdir-floyd` runit_service.\n\n```ruby\nrunit_service \"runsvdir-floyd\"\n```\n\nCreate the `sv-runsvdir-floyd-log-run.erb` template, or add `log false`. Also create the `sv-runsvdir-floyd-run.erb` with the following content:\n\n```bash\n#!/bin/sh\nexec 2>&1\nexec chpst -ufloyd runsvdir /home/floyd/service\n```\n\nNext, create the `runit_service` resource for floyd's app:\n\n```ruby\nrunit_service \"floyds-app\" do\n sv_dir \"/home/floyd/sv\"\n service_dir \"/home/floyd/service\"\n owner \"floyd\"\n group \"floyd\"\nend\n```\n\nAnd now floyd can manage the service with sv:\n\n```text\n$ id\nuid=1000(floyd) gid=1001(floyd) groups=1001(floyd)\n$ sv stop /home/floyd/service/floyds-app/\nok: down: /home/floyd/service/floyds-app/: 0s, normally up\n$ sv start /home/floyd/service/floyds-app/\nok: run: /home/floyd/service/floyds-app/: (pid 5287) 0s\n$ sv status /home/floyd/service/floyds-app/\nrun: /home/floyd/service/floyds-app/: (pid 5287) 13s; run: log: (pid 4691) 726s\n```\n\n**Options**\n\nNext, let's set up memcached under runit with some additional options using the `options` parameter. First, the `memcached/templates/default/sv-memcached-run.erb` template:\n\n```bash\n#!/bin/sh\nexec 2>&1\nexec chpst -u <%= @options[:user] %> /usr/bin/memcached -v -m <%= @options[:memory] %> -p <%= @options[:port] %>\n```\n\nNote that the script uses `chpst` (which comes with runit) to set the user option, then starts memcached on the specified memory and port (see below).\n\nThe log/run template, `memcached/templates/default/sv-memcached-log-run.erb`:\n\n```bash\n#!/bin/sh\nexec svlogd -tt ./main\n```\n\nFinally, the `runit_service` in our recipe:\n\n```ruby\nrunit_service \"memcached\" do\n options({\n :memory => node[:memcached][:memory],\n :port => node[:memcached][:port],\n :user => node[:memcached][:user]}.merge(params)\n })\nend\n```\n\nThis is where the user, port and memory options used in the run template are used.\n\n**Notifying Runit Services**\n\nIn previous versions of this cookbook where the definition was used, it created a `service` resource that could be notified. With the `runit_service` resource, recipes need to use the full resource name.\n\nFor example:\n\n```ruby\nrunit_service \"my-service\"\n\ntemplate \"/etc/my-service.conf\" do\n notifies :restart, \"runit_service[my-service]\"\nend\n```\n\nBecause the resource implements actions for various commands that `sv` can send to the service, any of those actions could be used for notification. For example, `chef-client` supports triggering a Chef run with a USR1 signal.\n\n```ruby\ntemplate \"/tmp/chef-notifier\" do\n notifies :usr1, \"runit_service[chef-client]\"\nend\n```\n\nFor older implementations of services that used `runit_service` as a definition, but may support alternate service styles, use a conditional, such as based on an attribute:\n\n```ruby\nservice_to_notify = case node['nginx']['init_style']\n when \"runit\"\n \"runit_service[nginx]\"\n else\n \"service[nginx]\"\n end\n\ntemplate \"/etc/nginx/nginx.conf\" do\n notifies :restart, service_to_notify\nend\n```\n\n**More Examples**\n\nFor more examples, see the `runit_test` cookbook's `service` recipe in the [git repository](https://github.com/chef-cookbooks/runit).\n\n\nLicense & Authors\n-----------------\n- Author:: Adam Jacob \n- Author:: Joshua Timberman \n\n```text\nCopyright:: 2008-2013, Chef Software, Inc\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n", + "long_description": "runit Cookbook\n==============\nInstalls runit and provides the `runit_service` service resource for managing processes (services) under runit.\n\nThis cookbook does not use runit to replace system init, nor are ther plans to do so.\n\nFor more information about runit:\n\n- http://smarden.org/runit/\n\n\nRequirements\n------------\n### Platforms\n- Debian/Ubuntu\n- Gentoo\n- RHEL\n\n### Cookbooks\n- packagecloud (for RHEL)\n\nAttributes\n----------\nSee `attributes/default.rb` for defaults generated per platform.\n\n- `node['runit']['sv_bin']` - Full path to the `sv` binary.\n- `node['runit']['chpst_bin']` - Full path to the `chpst` binary.\n- `node['runit']['service_dir']` - Full path to the default \"services\" directory where enabled services are linked.\n- `node['runit']['sv_dir']` - Full path to the directory where service lives, which gets linked to `service_dir`.\n- `node['runit']['lsb_init_dir']` - Full path to the directory where the LSB-compliant init script interface will be created.\n- `node['runit']['start']` - Command to start the runsvdir service\n- `node['runit']['stop]` - Command to stop the runsvdir service\n- `node['runit']['reload']` - Command to reload the runsvdir service\n\n### Optional Attributes for RHEL systems\n\n- `node['runit']['prefer_local_yum']` - If `true`, assumes that a `runit` package is available on an already configured local yum repository. By default, the recipe installs the `runit` package from a Package Cloud repository (see below). This is set to the value of `node['runit']['use_package_from_yum']` for backwards compatibility, but otherwise defaults to `false`.\n\nRecipes\n-------\n### default\nThe default recipe installs runit and starts `runsvdir` to supervise the services in runit's service directory (e.g., `/etc/service`).\n\nOn RHEL-family systems, it will install the runit RPM using [Ian Meyer's Package Cloud repository](https://packagecloud.io/imeyer/runit) for runit. This replaces the previous functionality where the RPM was build using his [runit RPM SPEC](https://github.com/imeyer/runit-rpm). However, if the attribute `node['runit']['prefer_local_yum']` is set to `true`, the packagecloud repository creation will be skipped and it is assumed that a `runit` package is available on an otherwise configured (outside this cookbook) local repository.\n\nOn Debian family systems, the runit packages are maintained by the runit author, Gerrit Pape, and the recipe will use that for installation.\n\nOn Gentoo, the runit ebuild package is installed.\n\nResource/Provider\n-----------------\nThis cookbook has a resource, `runit_service`, for managing services under runit. This service subclasses the Chef `service` resource.\n\n**This resource replaces the runit_service definition. See the CHANGELOG.md file in this cookbook for breaking change information and any actions you may need to take to update cookbooks using runit_service.**\n\n### Actions\n- **enable** - enables the service, creating the required run scripts and symlinks. This is the default action.\n- **start** - starts the service with `sv start`\n- **stop** - stops the service with `sv stop`\n- **disable** - stops the service with `sv down` and removes the service symlink\n- **create** - create the service directory, but don't enable the service with symlink\n- **restart** - restarts the service with `sv restart`\n- **reload** - reloads the service with `sv force-reload`\n- **once** - starts the service with `sv once`.\n- **hup** - sends the `HUP` signal to the service with `sv hup`\n- **cont** - sends the `CONT` signal to the service\n- **term** - sends the `TERM` signal to the service\n- **kill** - sends the `KILL` signal to the service\n- **up** - starts the service with `sv up`\n- **down** - downs the service with `sv down`\n- **usr1** - sends the `USR1` signal to the service with `sv 1`\n- **usr2** - sends the `USR2` signal to the service with `sv 2`\n\nService management actions are taken with runit's \"`sv`\" program.\n\nRead the `sv(8)` [man page](http://smarden.org/runit/sv.8.html) for more information on the `sv` program.\n\n### Parameter Attributes\n\nThe first three parameters, `sv_dir`, `service_dir`, and `sv_bin` will attempt to use the corresponding node attributes, and fall back to hardcoded default values that match the settings used on Debian platform systems.\n\nMany of these parameters are only used in the `:enable` action.\n\n- **sv_dir** - The base \"service directory\" for the services managed by\n the resource. By default, this will attempt to use the\n `node['runit']['sv_dir']` attribute, and falls back to `/etc/sv`.\n- **service_dir** - The directory where services are symlinked to be\n supervised by `runsvdir`. By default, this will attempt to use the\n `node['runit']['service_dir']` attribute, and falls back to\n `/etc/service`.\n- **lsb_init_dir** - The directory where an LSB-compliant init script\n interface will be created. By default, this will attempt to use the\n `node['runit']['lsb_init_dir']` attribute, and falls back to\n `/etc/init.d`.\n- **sv_bin** - The path to the `sv` program binary. This will attempt\n to use the `node['runit']['sv_bin']` attribute, and falls back to\n `/usr/bin/sv`.\n- **service_name** - *Name attribute*. The name of the service. This\n will be used in the directory of the managed service in the\n `sv_dir` and `service_dir`.\n- **sv_timeout** - Override the default `sv` timeout of 7 seconds.\n- **sv_verbose** - Whether to enable `sv` verbose mode. Default is\n `false`.\n- **sv_templates** - If true, the `:enable` action will create the\n service directory with the appropriate templates. Default is\n `true`. Set this to `false` if the service has a package that\n provides its own service directory. See __Usage__ examples.\n- **options** - Options passed as variables to templates, for\n compatibility with legacy runit service definition. Default is an\n empty hash.\n- **env** - A hash of environment variables with their values as content\n used in the service's `env` directory. Default is an empty hash.\n- **log** - Whether to start the service's logger with svlogd, requires\n a template `sv-service_name-log-run.erb` to configure the log's run\n script. Default is true.\n- **default_logger** - Whether a default `log/run` script should be set\n up. If true, the default content of the run script will use\n `svlogd` to write logs to `/var/log/service_name`. Default is false.\n- **log_size** - The maximum size a log file can grow to before it is\n automatically rotated. See svlogd(8) for the default value.\n- **log_num** - The maximum number of log files that will be retained\n after rotation. See svlogd(8) for the default value.\n- **log_min** - The minimum number of log files that will be retained\n after rotation (if svlogd cannot create a new file and the minimum\n has not been reached, it will block). Default is no minimum.\n- **log_timeout** - The maximum age a log file can get to before it is\n automatically rotated, whether it has reached `log_size` or not.\n Default is no timeout.\n- **log_processor** - A string containing a path to a program that\n rotated log files will be fed through. See the **PROCESSOR** section\n of svlogd(8) for details. Default is no processor.\n- **log_socket** - An string containing an IP:port pair identifying a UDP\n socket that log lines will be copied to. Default is none.\n- **log_prefix** - A string that will be prepended to each line as it\n is logged. Default is no prefix.\n- **log_config_append** - A string containing optional additional lines to add\n to the log service configuration. See svlogd(8) for more details.\n- **cookbook** - A cookbook where templates are located instead of\n where the resource is used. Applies for all the templates in the\n `enable` action.\n- **check** - whether the service has a check script, requires a\n template `sv-service_name-check.erb`\n- **finish** - whether the service has a finish script, requires a\n template `sv-service_name-finish.erb`\n- **control** - An array of signals to customize control of the service,\n see [runsv man page](http://smarden.org/runit/runsv.8.html) on how\n to use this. This requires that each template be created with the\n name `sv-service_name-signal.erb`.\n- **owner** - user that should own the templates created to enable the\n service\n- **group** - group that should own the templates created to enable the\n service\n- **run_template_name** - alternate filename of the run run script to\n use replacing `service_name`.\n- **log_template_name** - alternate filename of the log run script to\n use replacing `service_name`.\n- **check_script_template_name** - alternate filename of the check\n script to use, replacing `service_name`.\n- **finish_script_template_name** - alternate filename of the finish\n script to use, replacing `service_name`.\n- **control_template_names** - a hash of control signals (see *control*\n above) and their alternate template name(s) replacing\n `service_name`.\n- **status_command** - The command used to check the status of the\n service to see if it is enabled/running (if it's running, it's\n enabled). This hardcodes the location of the sv program to\n `/usr/bin/sv` due to the aforementioned cookbook load order.\n- **restart_on_update** - Whether the service should be restarted when\n the run script is updated. Defaults to `true`. Set to `false` if\n the service shouldn't be restarted when the run script is updated.\n- **start_down** - Set the default state of the runit service to 'down' by creating\n `/down` file\n- **delete_downfile** - Delete previously created `/down` file\n\nUnlike previous versions of the cookbook using the `runit_service` definition, the `runit_service` resource can be notified. See __Usage__ examples below.\n\n\nUsage\n-----\nTo get runit installed on supported platforms, use `recipe[runit]`. Once it is installed, use the `runit_service` resource to set up services to be managed by runit.\n\nIn order to use the `runit_service` resource in your cookbook(s), each service managed will also need to have `sv-service_name-run.erb` and `sv-service_name-log-run.erb` templates created. If the `log` parameter is false, the log run script isn't created. If the `log` parameter is true, and `default_logger` is also true, the log run\nscript will be created with the default content:\n\n```bash\n#!/bin/sh\nexec svlogd -tt /var/log/service_name\n```\n\n### Examples\nThese are example use cases of the `runit_service` resource described above. There are others in the `runit_test` cookbook that is included in the [git repository](https://github.com/hw-cookbooks/runit).\n\n**Default Example**\n\nThis example uses all the defaults in the `:enable` action to set up the service.\n\nWe'll set up `chef-client` to run as a service under runit, such as is done in the `chef-client` cookbook. This example will be more simple than in that cookbook. First, create the required run template, `chef-client/templates/default/sv-chef-client-run.erb`.\n\n```bash\n#!/bin/sh\nexec 2>&1\nexec /usr/bin/env chef-client -i 1800 -s 30\n```\n\nThen create the required log/run template, `chef-client/templates/default/sv-chef-client-log-run.erb`.\n\n```bash\n#!/bin/sh\nexec svlogd -tt ./main\n```\n\n__Note__ This will cause output of the running process to go to `/etc/sv/chef-client/log/main/current`. Some people may not like this, see the following example. This is preserved for compatibility reasons.\n\nFinally, set up the service in the recipe with:\n\n```ruby\nrunit_service \"chef-client\"\n```\n\n**Default Logger Example**\n\nTo use a default logger with svlogd which will log to `/var/log/chef-client/current`, instead, use the `default_logger` option.\n\n```ruby\nrunit_service \"chef-client\" do\n default_logger true\nend\n```\n\n**No Log Service**\n\nIf there isn't an appendant log service, set `log` to false, and the log/run script won't be created.\n\n```ruby\nrunit_service \"no-svlog\" do\n log false\nend\n```\n\n**Check Script**\n\nTo create a service that has a check script in its service directory, set the `check` parameter to `true`, and create a `sv-checker-check.erb` template.\n\n```ruby\nrunit_service \"checker\" do\n check true\nend\n```\n\nThis will create `/etc/sv/checker/check`.\n\n**Finish Script**\n\nTo create a service that has a finish script in its service directory, set the `finish` parameter to `true`, and create a `sv-finisher-finish.erb` template.\n\n```ruby\nrunit_service \"finisher\" do\n finish true\nend\n```\n\nThis will create `/etc/sv/finisher/finish`.\n\n**Alternate service directory**\n\nIf the service directory for the managed service isn't the `sv_dir` (`/etc/sv`), then specify it:\n\n```ruby\nrunit_service \"custom_service\" do\n sv_dir \"/etc/custom_service/runit\"\nend\n```\n\n**No Service Directory**\n\nIf the service to manage has a package that provides its service directory, such as `git-daemon` on Debian systems, set `sv_templates` to false.\n\n```ruby\npackage \"git-daemon-run\"\n\nrunit_service \"git-daemon\" do\n sv_templates false\nend\n```\n\nThis will create the service symlink in `/etc/service`, but it will not manage any templates in the service directory.\n\n**User Controlled Services**\n\nTo set up services controlled by a non-privileged user, we follow the recommended configuration in the [runit documentation](http://smarden.org/runit/faq.html#user) (Is it possible to allow a user other than root to control a service?).\n\nSuppose the user's name is floyd, and floyd wants to run floyds-app. Assuming that the floyd user and group are already managed with Chef, create a `runsvdir-floyd` runit_service.\n\n```ruby\nrunit_service \"runsvdir-floyd\"\n```\n\nCreate the `sv-runsvdir-floyd-log-run.erb` template, or add `log false`. Also create the `sv-runsvdir-floyd-run.erb` with the following content:\n\n```bash\n#!/bin/sh\nexec 2>&1\nexec chpst -ufloyd runsvdir /home/floyd/service\n```\n\nNext, create the `runit_service` resource for floyd's app:\n\n```ruby\nrunit_service \"floyds-app\" do\n sv_dir \"/home/floyd/sv\"\n service_dir \"/home/floyd/service\"\n owner \"floyd\"\n group \"floyd\"\nend\n```\n\nAnd now floyd can manage the service with sv:\n\n```text\n$ id\nuid=1000(floyd) gid=1001(floyd) groups=1001(floyd)\n$ sv stop /home/floyd/service/floyds-app/\nok: down: /home/floyd/service/floyds-app/: 0s, normally up\n$ sv start /home/floyd/service/floyds-app/\nok: run: /home/floyd/service/floyds-app/: (pid 5287) 0s\n$ sv status /home/floyd/service/floyds-app/\nrun: /home/floyd/service/floyds-app/: (pid 5287) 13s; run: log: (pid 4691) 726s\n```\n\n**Options**\n\nNext, let's set up memcached under runit with some additional options using the `options` parameter. First, the `memcached/templates/default/sv-memcached-run.erb` template:\n\n```bash\n#!/bin/sh\nexec 2>&1\nexec chpst -u <%= @options[:user] %> /usr/bin/memcached -v -m <%= @options[:memory] %> -p <%= @options[:port] %>\n```\n\nNote that the script uses `chpst` (which comes with runit) to set the user option, then starts memcached on the specified memory and port (see below).\n\nThe log/run template, `memcached/templates/default/sv-memcached-log-run.erb`:\n\n```bash\n#!/bin/sh\nexec svlogd -tt ./main\n```\n\nFinally, the `runit_service` in our recipe:\n\n```ruby\nrunit_service \"memcached\" do\n options({\n :memory => node[:memcached][:memory],\n :port => node[:memcached][:port],\n :user => node[:memcached][:user]}.merge(params)\n })\nend\n```\n\nThis is where the user, port and memory options used in the run template are used.\n\n**Notifying Runit Services**\n\nIn previous versions of this cookbook where the definition was used, it created a `service` resource that could be notified. With the `runit_service` resource, recipes need to use the full resource name.\n\nFor example:\n\n```ruby\nrunit_service \"my-service\"\n\ntemplate \"/etc/my-service.conf\" do\n notifies :restart, \"runit_service[my-service]\"\nend\n```\n\nBecause the resource implements actions for various commands that `sv` can send to the service, any of those actions could be used for notification. For example, `chef-client` supports triggering a Chef run with a USR1 signal.\n\n```ruby\ntemplate \"/tmp/chef-notifier\" do\n notifies :usr1, \"runit_service[chef-client]\"\nend\n```\n\nFor older implementations of services that used `runit_service` as a definition, but may support alternate service styles, use a conditional, such as based on an attribute:\n\n```ruby\nservice_to_notify = case node['nginx']['init_style']\n when \"runit\"\n \"runit_service[nginx]\"\n else\n \"service[nginx]\"\n end\n\ntemplate \"/etc/nginx/nginx.conf\" do\n notifies :restart, service_to_notify\nend\n```\n\n**More Examples**\n\nFor more examples, see the `runit_test` cookbook's `service` recipe in the [git repository](https://github.com/hw-cookbooks/runit).\n\n\nLicense & Authors\n-----------------\n- Author:: Adam Jacob \n- Author:: Joshua Timberman \n- Author:: Sean OMeara \n\n```text\nCopyright:: 2008-2016, Chef Software, Inc\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n", "maintainer": "Heavy Water Operations, LLC.", "maintainer_email": "support@hw-ops.com", "license": "Apache 2.0", @@ -17,26 +17,33 @@ "enterpriseenterprise": ">= 0.0.0" }, "dependencies": { - "build-essential": ">= 0.0.0", - "yum": "~> 3.0", - "yum-epel": ">= 0.0.0" + "packagecloud": ">= 0.0.0" }, "recommendations": { + }, "suggestions": { + }, "conflicting": { + }, "providing": { + }, "replacing": { + }, "attributes": { + }, "groupings": { + }, "recipes": { "runit": "Installs and configures runit" }, - "version": "1.5.18" -} \ No newline at end of file + "version": "1.7.2", + "source_url": "", + "issues_url": "" +} diff --git a/berks-cookbooks/runit/recipes/default.rb b/berks-cookbooks/runit/recipes/default.rb index 5e49e196..a11e5035 100644 --- a/berks-cookbooks/runit/recipes/default.rb +++ b/berks-cookbooks/runit/recipes/default.rb @@ -37,49 +37,14 @@ end case node['platform_family'] -when 'rhel' +when 'rhel', 'fedora' - if node['runit']['use_package_from_yum'] - package 'runit' - else - include_recipe 'build-essential' - # `rpmdevtools` is in EPEL repo in EL <= 5 - include_recipe 'yum-epel' if node['platform_version'].to_i == 5 + packagecloud_repo 'imeyer/runit' unless node['runit']['prefer_local_yum'] + package 'runit' - packages = %w{rpm-build rpmdevtools tar gzip} - packages.each do |p| - package p - end - - if node['platform_version'].to_i >= 6 - package 'glibc-static' - else - package 'buildsys-macros' - end - - # This is the rpm spec and associated files to build a package of - # runit from source; the package will be installed. - cookbook_file "#{Chef::Config[:file_cache_path]}/runit-2.1.1.tar.gz" do - source 'runit-2.1.1.tar.gz' - not_if { runit_installed? } - notifies :run, 'bash[rhel_build_install]', :immediately - end - - # This bash resource does the rpm install because we need to - # dynamically detect where the rpm output directory is from the - # rpm config directive '%{_rpmdir}' - bash 'rhel_build_install' do - user 'root' - cwd Chef::Config[:file_cache_path] - code <<-EOH - tar xzf runit-2.1.1.tar.gz - cd runit-2.1.1 - ./build.sh - rpm_root_dir=`rpm --eval '%{_rpmdir}'` - rpm -ivh "${rpm_root_dir}/runit-2.1.1.rpm" - EOH - action :run - not_if { runit_installed? } + if node['platform_version'].to_i == 7 + service 'runsvdir-start' do + action [:start, :enable] end end diff --git a/berks-cookbooks/runit/templates/debian/init.d.erb b/berks-cookbooks/runit/templates/debian/init.d.erb index 48b5367d..491d53fb 100644 --- a/berks-cookbooks/runit/templates/debian/init.d.erb +++ b/berks-cookbooks/runit/templates/debian/init.d.erb @@ -13,8 +13,8 @@ PATH=/sbin:/usr/sbin:/bin:/usr/bin DESC="runit-managed <%= @name %>" NAME=<%= @name %> -RUNIT=/usr/bin/sv -SCRIPTNAME=/etc/init.d/$NAME +RUNIT=<%= @sv_bin %> +SCRIPTNAME=<%= @init_dir %>$NAME # Exit if runit is not installed [ -x $RUNIT ] || exit 0 diff --git a/berks-cookbooks/runit/templates/default/log-config.erb b/berks-cookbooks/runit/templates/default/log-config.erb index 6e33db18..68322b6d 100644 --- a/berks-cookbooks/runit/templates/default/log-config.erb +++ b/berks-cookbooks/runit/templates/default/log-config.erb @@ -1,24 +1,24 @@ -<% if @size -%> -s<%= @size %> +<% if @config.log_size -%> +s<%= @config.log_size %> <% end -%> -<% if @num -%> -n<%= @num %> +<% if @config.log_num -%> +n<%= @config.log_num %> <% end -%> -<% if @min -%> -N<%= @min %> +<% if @config.log_min -%> +N<%= @config.log_min %> <% end -%> -<% if @timeout -%> -t<%= @timeout %> +<% if @config.log_timeout -%> +t<%= @config.log_timeout %> <% end -%> -<% if @processor -%> -!<%= @processor %> +<% if @config.log_processor -%> +!<%= @config.log_processor %> <% end -%> -<% if @socket -%> -u<%= @socket %> +<% if @config.log_socket -%> +u<%= @config.log_socket %> <% end -%> -<% if @prefix -%> -p<%= @prefix %> +<% if @config.log_prefix -%> +p<%= @config.log_prefix %> <% end -%> -<% if @append -%> -<%= @append %> +<% if @config.log_config_append -%> +<%= @config.log_config_append %> <% end -%> diff --git a/berks-cookbooks/smf/README.md b/berks-cookbooks/smf/README.md index 13f6e6eb..a1dabb03 100644 --- a/berks-cookbooks/smf/README.md +++ b/berks-cookbooks/smf/README.md @@ -30,29 +30,29 @@ Note that we run the `smf::default` recipe before using LWRPs from this cookbook. ```ruby -include_recipe "smf" +include_recipe 'smf' -smf "my-service" do - user "non-root-user" - start_command "my-service start" +smf 'my-service' do + user 'non-root-user' + start_command 'my-service start' start_timeout 10 - stop_command "pkill my-service" - stop_command 5 - restart_command "my-service restart" + stop_command 'pkill my-service' + stop_timeout 5 + restart_command 'my-service restart' restart_timeout 60 - environment "PATH" => "/home/non-root-user/bin", - "RAILS_ENV" => "staging" - locale "C" - manifest_type "application" - service_path "/var/svc/manifest" - notify :restart, 'service[my-service]' + environment 'PATH' => '/home/non-root-user/bin', + 'RAILS_ENV' => 'staging' + locale 'C' + manifest_type 'application' + service_path '/var/svc/manifest' + notifies :restart, 'service[my-service]' end -service "my-service" do +service 'my-service' do action :enable end -service "my-service" do +service 'my-service' do action :restart end ``` @@ -65,7 +65,7 @@ Ownership: * `group` - Group to run service commands as RBAC -* `authorization` — What management and value authorizations should be +* `authorization` - What management and value authorizations should be created for this service. Defaults to the service name. Dependency management: @@ -93,7 +93,7 @@ Process management: if core dumps in children are handled by a master process and you don't want SMF thinking the service is exploding, you can ignore ["core", "signal"]. -* `privileges` — Array — An array of privileges to be allowed for started processes. +* `privileges` - Array - An array of privileges to be allowed for started processes. Defaults to ['basic', 'net_privaddr'] * `property_groups` - Hash - This should be in the form `{"group name" => {"type" => "application", "key" => "value", ...}}` * `working_directory` - PWD that SMF should cd to in order to run commands diff --git a/berks-cookbooks/smf/metadata.json b/berks-cookbooks/smf/metadata.json index 9bad5387..c18edb30 100644 --- a/berks-cookbooks/smf/metadata.json +++ b/berks-cookbooks/smf/metadata.json @@ -1,7 +1,7 @@ { "name": "smf", "description": "A light weight resource provider (LWRP) for SMF (Service Management Facility)", - "long_description": "SMF\n===\n\n## Description\n\nService Management Facility (SMF) is a tool in many Illumos and Solaris-derived operating systems\nthat treats services as first class objects of the system. It provides an XML syntax for \ndeclaring how the system can interact with and control a service.\n\nThe SMF cookbook contains providers for creating or modifying a service within the SMF framework.\n\n\n## Requirements\n\nAny operating system that uses SMF, ie Solaris, SmartOS, OpenIndiana etc.\n\nThe `smf` provider depends on the `builder` gem, which can be installed\nvia the `smf::default` recipe.\n\nRequires the RBAC cookbook, which can be found at .\n\nProcesses can be run inside a project wrapper. In this case, look to the Resource Control cookbook,\nwhich can be found at . Note that the SMF LWRP\ndoes not create or manage the project.\n\n\n## Basic Usage\n\nNote that we run the `smf::default` recipe before using LWRPs from this\ncookbook.\n\n```ruby\ninclude_recipe \"smf\"\n\nsmf \"my-service\" do\n user \"non-root-user\"\n start_command \"my-service start\"\n start_timeout 10\n stop_command \"pkill my-service\"\n stop_command 5\n restart_command \"my-service restart\"\n restart_timeout 60\n environment \"PATH\" => \"/home/non-root-user/bin\",\n \"RAILS_ENV\" => \"staging\"\n locale \"C\"\n manifest_type \"application\"\n service_path \"/var/svc/manifest\"\n notify :restart, 'service[my-service]'\nend\n\nservice \"my-service\" do\n action :enable\nend\n\nservice \"my-service\" do\n action :restart\nend\n```\n\n\n## Attributes\n\nOwnership:\n* `user` - User to run service commands as\n* `group` - Group to run service commands as\n\nRBAC\n* `authorization` — What management and value authorizations should be\n created for this service. Defaults to the service name.\n\nDependency management:\n* `include_default_dependencies` - Service should depend on file system\n and network services. Defaults to `true`. See [Dependencies](#dependencies)\n for more info.\n* `dependency` - an optional array of hashes signifying service and path\n dependencies for this service to run. See [Dependencies](#dependencies).\n\nProcess management:\n* `project` - Name of project to run commands in\n* `start_command`\n* `start_timeout`\n* `stop_command` - defaults to `:kill`, which basically means it will destroy every PID generated from the start command\n* `stop_timeout`\n* `restart_command` - defaults to `stop_command`, then `start_command`\n* `restart_timeout`\n* `refresh_command` - by default SMF treats this as `true`. This will be called when the SMF definition changes or\n when a `notify :reload, 'service[thing]'` is called.\n* `refresh_timeout`\n* `duration` - Can be either `contract`, `wait`, `transient` or\n `child`, but defaults to `contract`. See the [Duration](#duration) section below.\n* `environment` - Hash - Environment variables to set while running commands\n* `ignore` - Array - Faults to ignore in subprocesses. For example, \n if core dumps in children are handled by a master process and you \n don't want SMF thinking the service is exploding, you can ignore \n [\"core\", \"signal\"].\n* `privileges` — Array — An array of privileges to be allowed for started processes.\n Defaults to ['basic', 'net_privaddr']\n* `property_groups` - Hash - This should be in the form `{\"group name\" => {\"type\" => \"application\", \"key\" => \"value\", ...}}`\n* `working_directory` - PWD that SMF should cd to in order to run commands\n* `locale` - Character encoding to use (default \"C\")\n\nManifest/FMRI metadata:\n* `service_path` - defaults to `/var/svc/manifest`\n* `manifest_type` - defaults to `application`\n* `stability` - String - defaults to \"Evolving\". Valid options are\n \"Standard\", \"Stable\", \"Evolving\", \"Unstable\", \"External\" and\n \"Obsolete\"\n\nDeprecated:\n* `credentials_user` - deprecated in favor of `user`\n\n\n## Provider Actions\n\n### :install (default)\n\nThis will drop a manifest XML file into `#{service_path}/#{manifest_type}/#{name}.xml`. If there is already a service\nwith a name that is matched by `new_resource.name` then the FMRI of our manifest will be set to the FMRI of the \npre-existing service. In this case, our properties will be merged into the properties of the pre-existing service.\n\nIn this way, updates to recipes that use the SMF provider will not delete existing service properties, but will add \nor overwrite them.\n\nBecause of this, the SMF provider can be used to update properties for\nservices that are installed via a package manager.\n\n### :delete\n\nRemove an SMF definition. This stops the service if it is running.\n\n### :add_rbac\n\nThis uses the `rbac` cookbook to define permissions that can then be applied to a user. This can be useful when local\nusers should manage services that are added via packages.\n\n```ruby\nsmf \"nginx\" do\n action :add_rbac\nend\n\nrbac_auth \"Allow my user to manage nginx\" do\n user \"my_user\"\n auth \"nginx\"\nend\n```\n\n\n## Resource Notes\n\n### `user`, `working_directory` and `environment`\n\nSMF does a remarkably good job running services as delegated users, and removes a lot of pain if you configure a \nservice correctly. There are many examples online (blogs, etc) of users wrapping their services in shell scripts with \n`start`, `stop`, `restart` arguments. In general it seems as if the intention of these scripts is to take care of the\nproblem of setting environment variables and shelling out as another user.\n\nThe use of init scripts to wrap executables can be unnecessary with SMF, as it provides hooks for all of these use cases. \nWhen using `user`, SMF will assume that the `working_directory` is the user's home directory. This can be\neasily overwritten (to `/home/user/app/current` for a Rails application, for example). One thing to be careful of is \nthat shell profile files will not be loaded. For this reason, if environment variables (such as PATH) are different \non your system or require additional entries arbitrary key/values may be set using the `environment` attribute.\n\nAll things considered, one should think carefully about the need for an init script when working with SMF. For \nwell-behaved applications with simple configuration, an init script is overkill. Applications with endless command-line \noptions or that need a real login shell (for instance ruby applications that use RVM) an init script may make life\neasier.\n\n### Role Based Authorization\n\nBy default the SMF definition creates authorizations based on the\nservice name. The service user is then granted these authorizations. If\nthe service is named `asplosions`, then `solaris.smf.manage.asplosions`\nand `solaris.smf.value.asplosions` will be created.\n\nThe authorization can be changed by manually setting `authorization` on\nthe smf block:\n\n```ruby\nsmf 'asplosions' do\n user 'monkeyking'\n start_command 'asplode'\n authorization 'booms'\nend\n```\n\nThis can be helpful if there are many services configured on a single\nhost, as multiple services can be collapsed into the same\nauthorizations. For instance: https://illumos.org/issues/4968 \n\n### Dependencies\n\nSMF allows services to explicitly list their dependencies on other\nservices. Among other things, this ensures that services are enabled in\nthe proper order on boot, so that a service doesn't fail to start\nbecause another service has not yet been started.\n\nBy default, services created by the SMF LWRP depend on the following other services:\n* svc:/milestone/sysconfig\n* svc:/system/filesystem/local\n* svc:/milestone/name-services\n* svc:/milestone/network\n\nOn Solaris11, `svc:/milestone/sysconfig` is replaced with\n`svc:/milestone/config`.\n\nThese are configured with the attribute `include_default_dependencies`,\nwhich defaults to `true`.\n\nOther dependencies can be specified with the `dependencies` attribute,\nwhich takes an array of hashes as follows:\n\n```ruby\nsmf 'redis'\n\nsmf 'redis-6999' do\n start_command \"...\"\n dependencies [\n {name: 'redis', fmris: ['svc:/application/management/redis'],\n grouping: 'require_all', restart_on: 'restart', type: 'service'}\n ]\nend\n```\n\nValid options for grouping:\n* require_all - All listed FMRIs must be online\n* require_any - Any of the listed FMRIs must be online\n* exclude_all - None of the listed FMRIs can be online\n* optional_all - FMRIs are either online or unable to come online\n\nValid options for restart_on:\n* error - Hardware fault\n* restart - Restarts service if the depedency is restarted\n* refresh - Restarted if the dependency is restarted or refreshed for\n any reason\n* none - Don't do anything\n\nValid options for type:\n* service - expects dependency FMRIs to be other services ie: svc:/type/of/service:instance\n* path - expects FMRIs to be paths, ie file://localhost/etc/redis/redis.conf\n\nNote: the provider currently does not do any validation of these values. Also, type:path has not been extensively\ntested. Use this at your own risk, or improve the provider's compatibility with type:path and submit a pull request!\n\n### Duration\n\nThere are several different ways that SMF can track your service. By default it uses `contract`. \nBasically, this means that it will keep track of the PIDs of all daemonized processes generated from `start_command`.\nIf SMF sees that processes are cycling, it may try to restart the service. If things get too hectic, it\nmay think that your service is flailing and put it into maintenance mode. If this is normal for your service,\nfor instance if you have a master that occasionally reaps processes, you may want to specify additional\nconfiguration options.\n\nIf you have a job that you want managed by SMF, but which is not daemonized, another duration option is\n`transient`. In this mode, SMF will not watch any processes, but will expect that the main process exits cleanly.\nThis can be used, for instance, for a script that must be run at boot time, or for a script that you want to delegate\nto particular users with Role Based Access Control. In this case, the script can be registered with SMF to run as root,\nbut with the start_command delegated to your user.\n\nA third option is `wait`. This covers non-daemonized processes.\n\nA fourth option is `child`.\n\n### Ignore\n\nSometimes you have a case where your service behaves poorly. The Ruby server Unicorn, for example, has a master \nprocess that likes to kill its children. This causes core dumps that SMF will interpret to be a failing service.\nInstead you can `ignore [\"core\", \"signal\"]` and SMF will stop caring about core dumps.\n\n### Privileges\n\nSome system calls require privileges generally only granted to superusers or particular roles. In Solaris, an\nSMF definition can also set specific privileges for contracted processes.\n\nBy default the SMF provider will grant 'basic' and 'net_privaddr' permissions, but this can be set as follows:\n\n```ruby\nsmf 'elasticsearch' do\n start_command 'elasticsearch'\n privileges ['basic', 'proc_lock_memory']\nend\n```\n\nSee the (privileges man page)[https://www.illumos.org/man/5/privileges] for more information.\n\n### Property Groups\n\nProperty Groups are where you can store extra information for SMF to use later. They should be used in the\nfollowing format:\n\n```ruby\nsmf \"my-service\" do\n start_command \"do-something\"\n property_groups({\n \"config\" => {\n \"type\" => \"application\",\n \"my-property\" => \"property value\"\n }\n })\nend\n```\n\n`type` will default to `application`, and is used in the manifest XML to declare how the property group will be\nused. For this reason, `type` can not be used as a property name (ie variable).\n\nOne way to use property groups is to pass variables on to commands, as follows:\n\n```ruby\nrails_env = node[\"from-chef-environment\"][\"rails-env\"]\n\nsmf \"unicorn\" do\n start_command \"bundle exec unicorn_rails -c /home/app_user/app/current/config/%{config/rails_env} -E %{config/rails_env} -D\"\n start_timeout 300\n restart_command \":kill -SIGUSR2\"\n restart_timeout 300\n working_directory \"/home/app_user/app/current\"\n property_groups({\n \"config\" => {\n \"rails_env\" => rails_env\n }\n })\nend\n```\n\nThis is especially handy if you have a case where your commands may come from role attributes, but can\nonly work if they have access to variables set in an environment or computed in a recipe.\n\n### Stability\n\nThis is for reference more than anything, so that administrators of a service know what to expect of possible changes to \nthe service definition.\n\nSee: \n\n\n## Working Examples\n\nPlease see the [examples](https://github.com/livinginthepast/smf/blob/master/EXAMPLES.md) page for\nexample usages.\n\n\n## Cookbook upgrades, possible side effects\n\nChanges to this cookbook may change the way that its internal checksums are generated for a service.\nIf you `notify :restart` any service from within the `smf` block or include a `refresh_command`, please\nbe aware that upgrading this cookbook may trigger a refresh or a registered notification on the first\nsubsequent chef run.\n\n## Contributing\n\n* fork\n* file an issue to track updates/communication\n* add tests\n* rebase master into your branch\n* issue a pull request\n\nPlease do not increment the cookbook version in a fork. Version updates\nwill be done on the master branch after any pull requests are merged.\n\nWhen upstream changes are added to the master branch while you are\nworking on a contribution, please rebase master into your branch and\nforce push. A pull request should be able to be merged through a\nfast-forward, without a merge commit.\n\n## Testing\n\n```bash\nbundle\nvagrant plugin install vagrant-smartos-zones\nbundle exec strainer test\n```\n", + "long_description": "SMF\n===\n\n## Description\n\nService Management Facility (SMF) is a tool in many Illumos and Solaris-derived operating systems\nthat treats services as first class objects of the system. It provides an XML syntax for \ndeclaring how the system can interact with and control a service.\n\nThe SMF cookbook contains providers for creating or modifying a service within the SMF framework.\n\n\n## Requirements\n\nAny operating system that uses SMF, ie Solaris, SmartOS, OpenIndiana etc.\n\nThe `smf` provider depends on the `builder` gem, which can be installed\nvia the `smf::default` recipe.\n\nRequires the RBAC cookbook, which can be found at .\n\nProcesses can be run inside a project wrapper. In this case, look to the Resource Control cookbook,\nwhich can be found at . Note that the SMF LWRP\ndoes not create or manage the project.\n\n\n## Basic Usage\n\nNote that we run the `smf::default` recipe before using LWRPs from this\ncookbook.\n\n```ruby\ninclude_recipe 'smf'\n\nsmf 'my-service' do\n user 'non-root-user'\n start_command 'my-service start'\n start_timeout 10\n stop_command 'pkill my-service'\n stop_timeout 5\n restart_command 'my-service restart'\n restart_timeout 60\n environment 'PATH' => '/home/non-root-user/bin',\n 'RAILS_ENV' => 'staging'\n locale 'C'\n manifest_type 'application'\n service_path '/var/svc/manifest'\n notifies :restart, 'service[my-service]'\nend\n\nservice 'my-service' do\n action :enable\nend\n\nservice 'my-service' do\n action :restart\nend\n```\n\n\n## Attributes\n\nOwnership:\n* `user` - User to run service commands as\n* `group` - Group to run service commands as\n\nRBAC\n* `authorization` - What management and value authorizations should be\n created for this service. Defaults to the service name.\n\nDependency management:\n* `include_default_dependencies` - Service should depend on file system\n and network services. Defaults to `true`. See [Dependencies](#dependencies)\n for more info.\n* `dependency` - an optional array of hashes signifying service and path\n dependencies for this service to run. See [Dependencies](#dependencies).\n\nProcess management:\n* `project` - Name of project to run commands in\n* `start_command`\n* `start_timeout`\n* `stop_command` - defaults to `:kill`, which basically means it will destroy every PID generated from the start command\n* `stop_timeout`\n* `restart_command` - defaults to `stop_command`, then `start_command`\n* `restart_timeout`\n* `refresh_command` - by default SMF treats this as `true`. This will be called when the SMF definition changes or\n when a `notify :reload, 'service[thing]'` is called.\n* `refresh_timeout`\n* `duration` - Can be either `contract`, `wait`, `transient` or\n `child`, but defaults to `contract`. See the [Duration](#duration) section below.\n* `environment` - Hash - Environment variables to set while running commands\n* `ignore` - Array - Faults to ignore in subprocesses. For example, \n if core dumps in children are handled by a master process and you \n don't want SMF thinking the service is exploding, you can ignore \n [\"core\", \"signal\"].\n* `privileges` - Array - An array of privileges to be allowed for started processes.\n Defaults to ['basic', 'net_privaddr']\n* `property_groups` - Hash - This should be in the form `{\"group name\" => {\"type\" => \"application\", \"key\" => \"value\", ...}}`\n* `working_directory` - PWD that SMF should cd to in order to run commands\n* `locale` - Character encoding to use (default \"C\")\n\nManifest/FMRI metadata:\n* `service_path` - defaults to `/var/svc/manifest`\n* `manifest_type` - defaults to `application`\n* `stability` - String - defaults to \"Evolving\". Valid options are\n \"Standard\", \"Stable\", \"Evolving\", \"Unstable\", \"External\" and\n \"Obsolete\"\n\nDeprecated:\n* `credentials_user` - deprecated in favor of `user`\n\n\n## Provider Actions\n\n### :install (default)\n\nThis will drop a manifest XML file into `#{service_path}/#{manifest_type}/#{name}.xml`. If there is already a service\nwith a name that is matched by `new_resource.name` then the FMRI of our manifest will be set to the FMRI of the \npre-existing service. In this case, our properties will be merged into the properties of the pre-existing service.\n\nIn this way, updates to recipes that use the SMF provider will not delete existing service properties, but will add \nor overwrite them.\n\nBecause of this, the SMF provider can be used to update properties for\nservices that are installed via a package manager.\n\n### :delete\n\nRemove an SMF definition. This stops the service if it is running.\n\n### :add_rbac\n\nThis uses the `rbac` cookbook to define permissions that can then be applied to a user. This can be useful when local\nusers should manage services that are added via packages.\n\n```ruby\nsmf \"nginx\" do\n action :add_rbac\nend\n\nrbac_auth \"Allow my user to manage nginx\" do\n user \"my_user\"\n auth \"nginx\"\nend\n```\n\n\n## Resource Notes\n\n### `user`, `working_directory` and `environment`\n\nSMF does a remarkably good job running services as delegated users, and removes a lot of pain if you configure a \nservice correctly. There are many examples online (blogs, etc) of users wrapping their services in shell scripts with \n`start`, `stop`, `restart` arguments. In general it seems as if the intention of these scripts is to take care of the\nproblem of setting environment variables and shelling out as another user.\n\nThe use of init scripts to wrap executables can be unnecessary with SMF, as it provides hooks for all of these use cases. \nWhen using `user`, SMF will assume that the `working_directory` is the user's home directory. This can be\neasily overwritten (to `/home/user/app/current` for a Rails application, for example). One thing to be careful of is \nthat shell profile files will not be loaded. For this reason, if environment variables (such as PATH) are different \non your system or require additional entries arbitrary key/values may be set using the `environment` attribute.\n\nAll things considered, one should think carefully about the need for an init script when working with SMF. For \nwell-behaved applications with simple configuration, an init script is overkill. Applications with endless command-line \noptions or that need a real login shell (for instance ruby applications that use RVM) an init script may make life\neasier.\n\n### Role Based Authorization\n\nBy default the SMF definition creates authorizations based on the\nservice name. The service user is then granted these authorizations. If\nthe service is named `asplosions`, then `solaris.smf.manage.asplosions`\nand `solaris.smf.value.asplosions` will be created.\n\nThe authorization can be changed by manually setting `authorization` on\nthe smf block:\n\n```ruby\nsmf 'asplosions' do\n user 'monkeyking'\n start_command 'asplode'\n authorization 'booms'\nend\n```\n\nThis can be helpful if there are many services configured on a single\nhost, as multiple services can be collapsed into the same\nauthorizations. For instance: https://illumos.org/issues/4968 \n\n### Dependencies\n\nSMF allows services to explicitly list their dependencies on other\nservices. Among other things, this ensures that services are enabled in\nthe proper order on boot, so that a service doesn't fail to start\nbecause another service has not yet been started.\n\nBy default, services created by the SMF LWRP depend on the following other services:\n* svc:/milestone/sysconfig\n* svc:/system/filesystem/local\n* svc:/milestone/name-services\n* svc:/milestone/network\n\nOn Solaris11, `svc:/milestone/sysconfig` is replaced with\n`svc:/milestone/config`.\n\nThese are configured with the attribute `include_default_dependencies`,\nwhich defaults to `true`.\n\nOther dependencies can be specified with the `dependencies` attribute,\nwhich takes an array of hashes as follows:\n\n```ruby\nsmf 'redis'\n\nsmf 'redis-6999' do\n start_command \"...\"\n dependencies [\n {name: 'redis', fmris: ['svc:/application/management/redis'],\n grouping: 'require_all', restart_on: 'restart', type: 'service'}\n ]\nend\n```\n\nValid options for grouping:\n* require_all - All listed FMRIs must be online\n* require_any - Any of the listed FMRIs must be online\n* exclude_all - None of the listed FMRIs can be online\n* optional_all - FMRIs are either online or unable to come online\n\nValid options for restart_on:\n* error - Hardware fault\n* restart - Restarts service if the depedency is restarted\n* refresh - Restarted if the dependency is restarted or refreshed for\n any reason\n* none - Don't do anything\n\nValid options for type:\n* service - expects dependency FMRIs to be other services ie: svc:/type/of/service:instance\n* path - expects FMRIs to be paths, ie file://localhost/etc/redis/redis.conf\n\nNote: the provider currently does not do any validation of these values. Also, type:path has not been extensively\ntested. Use this at your own risk, or improve the provider's compatibility with type:path and submit a pull request!\n\n### Duration\n\nThere are several different ways that SMF can track your service. By default it uses `contract`. \nBasically, this means that it will keep track of the PIDs of all daemonized processes generated from `start_command`.\nIf SMF sees that processes are cycling, it may try to restart the service. If things get too hectic, it\nmay think that your service is flailing and put it into maintenance mode. If this is normal for your service,\nfor instance if you have a master that occasionally reaps processes, you may want to specify additional\nconfiguration options.\n\nIf you have a job that you want managed by SMF, but which is not daemonized, another duration option is\n`transient`. In this mode, SMF will not watch any processes, but will expect that the main process exits cleanly.\nThis can be used, for instance, for a script that must be run at boot time, or for a script that you want to delegate\nto particular users with Role Based Access Control. In this case, the script can be registered with SMF to run as root,\nbut with the start_command delegated to your user.\n\nA third option is `wait`. This covers non-daemonized processes.\n\nA fourth option is `child`.\n\n### Ignore\n\nSometimes you have a case where your service behaves poorly. The Ruby server Unicorn, for example, has a master \nprocess that likes to kill its children. This causes core dumps that SMF will interpret to be a failing service.\nInstead you can `ignore [\"core\", \"signal\"]` and SMF will stop caring about core dumps.\n\n### Privileges\n\nSome system calls require privileges generally only granted to superusers or particular roles. In Solaris, an\nSMF definition can also set specific privileges for contracted processes.\n\nBy default the SMF provider will grant 'basic' and 'net_privaddr' permissions, but this can be set as follows:\n\n```ruby\nsmf 'elasticsearch' do\n start_command 'elasticsearch'\n privileges ['basic', 'proc_lock_memory']\nend\n```\n\nSee the (privileges man page)[https://www.illumos.org/man/5/privileges] for more information.\n\n### Property Groups\n\nProperty Groups are where you can store extra information for SMF to use later. They should be used in the\nfollowing format:\n\n```ruby\nsmf \"my-service\" do\n start_command \"do-something\"\n property_groups({\n \"config\" => {\n \"type\" => \"application\",\n \"my-property\" => \"property value\"\n }\n })\nend\n```\n\n`type` will default to `application`, and is used in the manifest XML to declare how the property group will be\nused. For this reason, `type` can not be used as a property name (ie variable).\n\nOne way to use property groups is to pass variables on to commands, as follows:\n\n```ruby\nrails_env = node[\"from-chef-environment\"][\"rails-env\"]\n\nsmf \"unicorn\" do\n start_command \"bundle exec unicorn_rails -c /home/app_user/app/current/config/%{config/rails_env} -E %{config/rails_env} -D\"\n start_timeout 300\n restart_command \":kill -SIGUSR2\"\n restart_timeout 300\n working_directory \"/home/app_user/app/current\"\n property_groups({\n \"config\" => {\n \"rails_env\" => rails_env\n }\n })\nend\n```\n\nThis is especially handy if you have a case where your commands may come from role attributes, but can\nonly work if they have access to variables set in an environment or computed in a recipe.\n\n### Stability\n\nThis is for reference more than anything, so that administrators of a service know what to expect of possible changes to \nthe service definition.\n\nSee: \n\n\n## Working Examples\n\nPlease see the [examples](https://github.com/livinginthepast/smf/blob/master/EXAMPLES.md) page for\nexample usages.\n\n\n## Cookbook upgrades, possible side effects\n\nChanges to this cookbook may change the way that its internal checksums are generated for a service.\nIf you `notify :restart` any service from within the `smf` block or include a `refresh_command`, please\nbe aware that upgrading this cookbook may trigger a refresh or a registered notification on the first\nsubsequent chef run.\n\n## Contributing\n\n* fork\n* file an issue to track updates/communication\n* add tests\n* rebase master into your branch\n* issue a pull request\n\nPlease do not increment the cookbook version in a fork. Version updates\nwill be done on the master branch after any pull requests are merged.\n\nWhen upstream changes are added to the master branch while you are\nworking on a contribution, please rebase master into your branch and\nforce push. A pull request should be able to be merged through a\nfast-forward, without a merge commit.\n\n## Testing\n\n```bash\nbundle\nvagrant plugin install vagrant-smartos-zones\nbundle exec strainer test\n```\n", "maintainer": "Eric Saxby", "maintainer_email": "sax@livinginthepast.org", "license": "MIT", @@ -28,5 +28,5 @@ }, "recipes": { }, - "version": "2.2.6" + "version": "2.2.7" } \ No newline at end of file diff --git a/berks-cookbooks/windows/CHANGELOG.md b/berks-cookbooks/windows/CHANGELOG.md index a3521838..c2f4ad89 100644 --- a/berks-cookbooks/windows/CHANGELOG.md +++ b/berks-cookbooks/windows/CHANGELOG.md @@ -2,6 +2,36 @@ windows Cookbook CHANGELOG ======================= This file is used to list changes made in each version of the windows cookbook. +v1.38.2 +-------------------- +- Lazy-load windows-pr gem library files. Chef 12.5 no longer includes the windows-pr gem. Earlier versions of this cookbook will not compile on Chef 12.5. + +v1.38.1 (2015-07-28) +-------------------- +- Publishing without extended metadata + +v1.38.0 (2015-07-27) +-------------------- +- Do not set new_resource.password to nil, Fixes #219, Fixes #220 +- Add `windows_certificate` resource #212 +- Add `windows_http_acl` resource #214 + +v1.37.0 (2015-05-14) +-------------------- +- fix `windows_package` `Chef.set_resource_priority_array` warning +- update `windows_task` to support tasks in folders +- fix `windows_task` delete action +- replace `windows_task` name attribute with 'task_name' +- add :end action to 'windows_task' +- Tasks created with the `windows_task` resource default to the SYSTEM account +- The force attribute for `windows_task` makes the :create action update the definition. +- `windows_task` :create action will force an update of the task if the user or command differs from the currently configured setting. +- add default provider for `windows_feature` +- add a helper to make sure `WindowsRebootHandler` works in ChefSpec +- added a source and issues url to the metadata for Supermarket +- updated the Gemfile and .kitchen.yml to reflect the latest test-kitchen windows guest support +- started tests using the kitchen-pester verifier + v1.36.6 (2014-12-18) -------------------- - reverting all chef_gem compile_time work diff --git a/berks-cookbooks/windows/README.md b/berks-cookbooks/windows/README.md index 35592815..ca0bceae 100644 --- a/berks-cookbooks/windows/README.md +++ b/berks-cookbooks/windows/README.md @@ -1,21 +1,24 @@ Windows Cookbook ================ +[![Build Status](https://travis-ci.org/chef-cookbooks/windows.svg?branch=master)](http://travis-ci.org/chef-cookbooks/windows) +[![Cookbook Version](https://img.shields.io/cookbook/v/windows.svg)](https://supermarket.chef.io/cookbooks/windows) + Provides a set of Windows-specific primitives (Chef resources) meant to aid in the creation of cookbooks/recipes targeting the Windows platform. Requirements ------------- -Version 1.3.0+ of this cookbook requires Chef 0.10.10+. +Chef 11+ is required to run this cookbook ### Platforms -* Windows XP * Windows Vista -* Windows Server 2003 R2 * Windows 7 * Windows Server 2008 (R1, R2) +* Windows 8, 8.1 +* Windows Server 2012 (R2) -The `windows_task` LWRP requires Windows Server 2008 due to its API usage. +The `windows_task` LWRP requires Windows Server 2008 and above due to its API usage. ### Cookbooks The following cookbooks provided by Chef Software are required as noted: @@ -53,7 +56,7 @@ end ``` ### windows_batch -(Chef 11.6.0 includes a built-in [batch](http://docs.chef.io/resource_batch.html) resource, so use that in preference to `windows_batch` if possible.) +This resource is now deprecated and will be removed in a future version of this cookbook. Chef >= 11.6.0 includes a built-in [batch](http://docs.chef.io/resource_batch.html) resource. Execute a batch script using the cmd.exe interpreter (much like the script resources for bash, csh, powershell, perl, python and ruby). A temporary file is created and executed like other script resources, rather than run inline. By their nature, Script resources are not idempotent, as they are completely up to the user's imagination. Use the `not_if` or `only_if` meta parameters to guard the resource for idempotence. @@ -90,6 +93,79 @@ windows_batch 'echo some env vars' do end ``` +### windows_certificate + +Installs a certificate into the Windows certificate store from a file, and grants read-only access to the private key for designated accounts. +Due to current limitations in winrm, installing certificated remotely may not work if the operation requires a user profile. Operations on the local machine store should still work. + +#### Actions +- :create: creates or updates a certificate. +- :delete: deletes a certificate. +- :acl_add: adds read-only entries to a certificate's private key ACL. + +#### Attribute Parameters +- source: name attribute. The source file (for create and acl_add), thumprint (for delete and acl_add) or subject (for delete). +- pfx_password: the password to access the source if it is a pfx file. +- private_key_acl: array of 'domain\account' entries to be granted read-only access to the certificate's private key. This is not idempotent. +- store_name: the certificate store to maniplate. One of MY (default : personal store), CA (trusted intermediate store) or ROOT (trusted root store). +- user_store: if false (default) then use the local machine store; if true then use the current user's store. + +#### Examples +```ruby +# Add PFX cert to local machine personal store and grant accounts read-only access to private key +windows_certificate "c:/test/mycert.pfx" do + pfx_password "password" + private_key_acl ["acme\fred", "pc\jane"] +end +``` + +```ruby +# Add cert to trusted intermediate store +windows_certificate "c:/test/mycert.cer" do + store_name "CA" +end +``` + +```ruby +# Remove all certicates matching the subject +windows_certificate "me.acme.com" do + action :delete +end +``` + +### windows_certificate_binding + +Binds a certificate to an HTTP port in order to enable TLS communication. + +#### Actions +- :create: creates or updates a binding. +- :delete: deletes a binding. + +#### Attribute Parameters +- cert_name: name attribute. The thumprint(hash) or subject that identifies the certicate to be bound. +- name_kind: indicates the type of cert_name. One of :subject (default) or :hash. +- address: the address to bind against. Default is 0.0.0.0 (all IP addresses). +- port: the port to bind against. Default is 443. +- app_id: the GUID that defines the application that owns the binding. Default is the values used by IIS. +- store_name: the store to locate the certificate in. One of MY (default : personal store), CA (trusted intermediate store) or ROOT (trusted root store). + +#### Examples +```ruby +# Bind the first certificate matching the subject to the default TLS port +windows_certificate_binding "me.acme.com" do +end +``` + +```ruby +# Bind a cert from the CA store with the given hash to port 4334 +windows_certificate_binding "me.acme.com" do + cert_name "d234567890a23f567c901e345bc8901d34567890" + name_kind :hash + store_name "CA" + port 4334 +end +``` + ### windows_feature Windows Roles and Features can be thought of as built-in operating system packages that ship with the OS. A server role is a set of software programs that, when they are installed and properly configured, lets a computer perform a specific function for multiple users or other computers within a network. A Role can have multiple Role Services that provide functionality to the Role. Role services are software programs that provide the functionality of a role. Features are software programs that, although they are not directly parts of roles, can support or augment the functionality of one or more roles, or improve the functionality of the server, regardless of which roles are installed. Collectively we refer to all of these attributes as 'features'. @@ -156,6 +232,16 @@ Disable Telnet client/server end ``` +Add SMTP Feature with powershell provider + +```ruby +windows_feature "smtp-server" do + action :install + all true + provider :windows_feature_powershell +end +``` + ### windows_font Installs a font. @@ -173,6 +259,31 @@ Font files should be included in the cookbooks windows_font 'Code New Roman.otf' ``` +### windows_http_acl +Sets the Access Control List for an http URL to grant non-admin accounts permission to open HTTP endpoints. + +#### Actions +- :create: creates or updates the ACL for a URL. +- :delete: deletes the ACL from a URL. + +#### Attribute Parameters +- url: the name of the url to be created/deleted. +- user: the name (domain\user) of the user or group to be granted permission to the URL. Mandatory for create. Only one user or group can be granted permission so this replaces any previously defined entry. + +#### Examples + +```ruby +windows_http_acl 'http://+:50051/' do + user 'pc\\fred' +end +``` + +```ruby +windows_http_acl 'http://+:50051/' do + action :delete +end +``` + ### windows_package Manage Windows application packages in an unattended, idempotent way. @@ -367,6 +478,8 @@ end ``` ### windows_reboot +This resource is now deprecated and will be removed in a future version of this cookbook. Chef >= 12.0.0 includes a built-in [reboot](http://docs.chef.io/resource_reboot.html) resource. + Sets required data in the node's run_state to notify `WindowsRebootHandler` a reboot is requested. If Chef run completes successfully a reboot will occur if the `WindowsRebootHandler` is properly registered as a report handler. As an action of `:request` will cause a node to reboot every Chef run, this resource is usually notified by other resources...ie restart node after a package is installed (see example below). #### Actions @@ -399,7 +512,7 @@ end ``` ### windows_registry -(Chef 11.6.0 includes a built-in [registry_key](http://docs.chef.io/resource_registry_key.html) resource, so use that in preference to `windows_registry` if possible.) +This resource is now deprecated and will be removed in a future version of this cookbook. Chef >= 11.6.0 includes a built-in [registry_key](http://docs.chef.io/resource_registry_key.html) resource. Creates and modifies Windows registry keys. @@ -459,6 +572,34 @@ windows_registry 'HKCU\Software\Test' do end ``` +### windows_shortcut +Creates and modifies Windows shortcuts. + +#### Actions +- :create: create or modify a windows shortcut + +#### Attribute Parameters +- name: name attribute. The shortcut to create/modify. +- target: what the shortcut links to +- arguments: arguments to pass to the target when the shortcut is executed +- description: +- cwd: Working directory to used when the target is executed +- iconlocation: Icon to use, in the format of ```"path, index"``` where index is which icon in that file to use (See [WshShortcut.IconLocation](https://msdn.microsoft.com/en-us/library/3s9bx7at.aspx)) + +#### Examples + +Add a shortcut all users desktop: +```ruby +require 'win32ole' +all_users_desktop = WIN32OLE.new("WScript.Shell").SpecialFolders("AllUsersDesktop") + +windows_shortcut "#{all_users_desktop}/Notepad.lnk" do + target "C:\\WINDOWS\\notepad.exe" + description "Launch Notepad" + iconlocation "C:\\windows\\notepad.exe, 0" +end +``` + #### Library Methods ```ruby @@ -496,24 +637,28 @@ Creates, deletes or runs a Windows scheduled task. Requires Windows Server 2008 due to API usage. #### Actions -- :create: creates a task +- :create: creates a task (or updates existing if user or command has changed) - :delete: deletes a task - :run: runs a task +- :end: ends a task - :change: changes the un/pw or command of a task - :enable: enable a task - :disable: disable a task #### Attribute Parameters -- name: name attribute, The task name. +- task_name: name attribute, The task name. ("Task Name" or "/Task Name") +- force: When used with create, will update the task. - command: The command the task will run. - cwd: The directory the task will be run from. -- user: The user to run the task as. (requires password) +- user: The user to run the task as. (defaults to 'SYSTEM') - password: The user's password. (requires user) - run_level: Run with limited or highest privileges. -- frequency: Frequency with which to run the task. (hourly, daily, ect.) +- frequency: Frequency with which to run the task. (default is :hourly. Other valid values include :minute, :hourly, :daily, :weekly, :monthly, :once, :on_logon, :onstart, :on_idle) \*:once requires start_time - frequency_modifier: Multiple for frequency. (15 minutes, 2 days) - start_day: Specifies the first date on which the task runs. Optional string (MM/DD/YYYY) -- start_time: Specifies the start time to run the task. Optional string (HH:mm) +- start_time: Specifies the start time to run the task. Optional string (HH:mm) 24 Hour time +- interactive_enabled: (Allow task to run interactively or non-interactively. Requires user and password.) +- day: For monthly or weekly tasks, the day(s) on which the task runs. (MON - SUN, *, 1 - 31) #### Examples @@ -522,8 +667,8 @@ Run Chef every 15 minutes windows_task 'Chef client' do user 'Administrator' password '$ecR3t' - cwd 'C:\chef\bin' - command 'chef-client -L C:\tmp\' + cwd 'C:\\chef\\bin' + command 'chef-client -L C:\\tmp\\' run_level :highest frequency :minute frequency_modifier 15 @@ -535,8 +680,8 @@ Update Chef Client task with new password and log location windows_task 'Chef client' do user 'Administrator' password 'N3wPassW0Rd' - cwd 'C:\chef\bin' - command 'chef-client -L C:\chef\logs\' + cwd 'C:\\chef\\bin' + command 'chef-client -L C:\\chef\\logs\\' action :change end ``` @@ -730,7 +875,7 @@ License & Authors - Author:: Doug Ireton () ```text -Copyright 2011-2013, Chef Software, Inc. +Copyright 2011-2015, Chef Software, Inc. Copyright 2010, VMware, Inc. Copyright 2011, Business Intelligence Associates, Inc Copyright 2012, Nordstrom, Inc. diff --git a/berks-cookbooks/windows/files/default/handlers/windows_reboot_handler.rb b/berks-cookbooks/windows/files/default/handlers/windows_reboot_handler.rb index 95382ecf..37ab9c4a 100644 --- a/berks-cookbooks/windows/files/default/handlers/windows_reboot_handler.rb +++ b/berks-cookbooks/windows/files/default/handlers/windows_reboot_handler.rb @@ -19,7 +19,7 @@ class WindowsRebootHandler < Chef::Handler include Chef::Mixin::ShellOut - def initialize(allow_pending_reboots = true, timeout = 60, reason = "Chef Software Chef initiated reboot") + def initialize(allow_pending_reboots = true, timeout = 60, reason = "Chef client run") @allow_pending_reboots = allow_pending_reboots @timeout = timeout @reason = reason @@ -51,19 +51,25 @@ def reboot_requested? node.run_state[:reboot_requested] == true end - # reboot cause WIN says so: - # reboot pending because of some configuration action we performed - def reboot_pending? - # Any files listed here means reboot needed - (Registry.key_exists?('HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations') && - Registry.get_value('HKLM\SYSTEM\CurrentControlSet\Control\Session Manager','PendingFileRenameOperations').any?) || - # 1 for any value means reboot pending - # "9306cdfc-c4a1-4a22-9996-848cb67eddc3"=1 - (Registry.key_exists?('HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired') && - Registry.get_values('HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired').select{|v| v[2] == 1 }.any?) || - # 1 or 2 for 'Flags' value means reboot pending - (Registry.key_exists?('HKLM\SOFTWARE\Microsoft\Updates\UpdateExeVolatile') && - [1,2].include?(Registry::get_value('HKLM\SOFTWARE\Microsoft\Updates\UpdateExeVolatile','Flags'))) + if Chef::VERSION > '11.12' + include Chef::DSL::RebootPending + else + # reboot cause WIN says so: + # reboot pending because of some configuration action we performed + def reboot_pending? + # this key will only exit if the system need a reboot to update some file currently in use + # see http://technet.microsoft.com/en-us/library/cc960241.aspx + Registry.value_exists?('HKLM\SYSTEM\CurrentControlSet\Control\Session Manager', 'PendingFileRenameOperations') || + # 1 for any value means reboot pending + # "9306cdfc-c4a1-4a22-9996-848cb67eddc3"=1 + (Registry.key_exists?('HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired') && + Registry.get_values('HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired').select{|v| v[2] == 1 }.any?) || + # this key will only exit if the system is pending a reboot + ::Registry.key_exists?('HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending') || + # 1, 2 or 3 for 'Flags' value means reboot pending + (Registry.key_exists?('HKLM\SOFTWARE\Microsoft\Updates\UpdateExeVolatile') && + [1, 2, 3].include?(Registry.get_value('HKLM\SOFTWARE\Microsoft\Updates\UpdateExeVolatile', 'Flags'))) + end end def timeout diff --git a/berks-cookbooks/windows/libraries/powershell_out.rb b/berks-cookbooks/windows/libraries/powershell_out.rb index 9edeb573..2481338c 100644 --- a/berks-cookbooks/windows/libraries/powershell_out.rb +++ b/berks-cookbooks/windows/libraries/powershell_out.rb @@ -1,78 +1,90 @@ -class Chef - module Mixin - module PowershellOut - include Chef::Mixin::ShellOut - begin - include Chef::Mixin::WindowsArchitectureHelper - rescue - # nothing to do, as the include will happen when windows_architecture_helper.rb - # is loaded. This is for ease of removal of that library when either - # powershell_out is core chef or powershell cookbook depends upon version - # of chef that has Chef::Mixin::WindowsArchitectureHelper in core chef - end +# +# WARNING +# +# THIS CODE HAS BEEN MOVED TO CORE CHEF. DO NOT SUMBIT PULL REQUESTS AGAINST THIS +# CODE. IT WILL BE REMOVED IN THE FUTURE. +# - def powershell_out(*command_args) - script = command_args.first - options = command_args.last.is_a?(Hash) ? command_args.last : nil +unless defined? Chef::Mixin::PowershellOut + class Chef + module Mixin + module PowershellOut + include Chef::Mixin::ShellOut - run_command(script, options) - end + begin + include Chef::Mixin::WindowsArchitectureHelper + rescue + # nothing to do, as the include will happen when windows_architecture_helper.rb + # is loaded. This is for ease of removal of that library when either + # powershell_out is core chef or powershell cookbook depends upon version + # of chef that has Chef::Mixin::WindowsArchitectureHelper in core chef + end - def powershell_out!(*command_args) - cmd = powershell_out(*command_args) - cmd.error! - cmd - end + def powershell_out(*command_args) + Chef::Log.warn "The powershell_out library in the windows cookbook is deprecated." + Chef::Log.warn "Please upgrade to Chef 12.4.0 or later where it is built-in to core chef." + script = command_args.first + options = command_args.last.is_a?(Hash) ? command_args.last : nil - private - def run_command(script, options) - if options && options[:architecture] - architecture = options[:architecture] - options.delete(:architecture) - else - architecture = node_windows_architecture(node) + run_command(script, options) end - disable_redirection = wow64_architecture_override_required?(node, architecture) - - if disable_redirection - original_redirection_state = disable_wow64_file_redirection(node) + def powershell_out!(*command_args) + cmd = powershell_out(*command_args) + cmd.error! + cmd end - command = build_command(script) + private + def run_command(script, options) + if options && options[:architecture] + architecture = options[:architecture] + options.delete(:architecture) + else + architecture = node_windows_architecture(node) + end - if options - cmd = shell_out(command, options) - else - cmd = shell_out(command) - end + disable_redirection = wow64_architecture_override_required?(node, architecture) - if disable_redirection - restore_wow64_file_redirection(node, original_redirection_state) - end + if disable_redirection + original_redirection_state = disable_wow64_file_redirection(node) + end - cmd - end + command = build_command(script) + + if options + cmd = shell_out(command, options) + else + cmd = shell_out(command) + end + + if disable_redirection + restore_wow64_file_redirection(node, original_redirection_state) + end - def build_command(script) - flags = [ - # Hides the copyright banner at startup. - "-NoLogo", - # Does not present an interactive prompt to the user. - "-NonInteractive", - # Does not load the Windows PowerShell profile. - "-NoProfile", - # always set the ExecutionPolicy flag - # see http://technet.microsoft.com/en-us/library/ee176961.aspx - "-ExecutionPolicy RemoteSigned", - # Powershell will hang if STDIN is redirected - # http://connect.microsoft.com/PowerShell/feedback/details/572313/powershell-exe-can-hang-if-stdin-is-redirected - "-InputFormat None" - ] + cmd + end + + def build_command(script) + flags = [ + # Hides the copyright banner at startup. + "-NoLogo", + # Does not present an interactive prompt to the user. + "-NonInteractive", + # Does not load the Windows PowerShell profile. + "-NoProfile", + # always set the ExecutionPolicy flag + # see http://technet.microsoft.com/en-us/library/ee176961.aspx + "-ExecutionPolicy RemoteSigned", + # Powershell will hang if STDIN is redirected + # http://connect.microsoft.com/PowerShell/feedback/details/572313/powershell-exe-can-hang-if-stdin-is-redirected + "-InputFormat None" + ] - command = "powershell.exe #{flags.join(' ')} -Command \"#{script}\"" - command + command = "powershell.exe #{flags.join(' ')} -Command \"#{script}\"" + command + end end end end diff --git a/berks-cookbooks/windows/libraries/windows_helper.rb b/berks-cookbooks/windows/libraries/windows_helper.rb index f19cf624..890acdf9 100644 --- a/berks-cookbooks/windows/libraries/windows_helper.rb +++ b/berks-cookbooks/windows/libraries/windows_helper.rb @@ -26,7 +26,7 @@ module Helper AUTO_RUN_KEY = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'.freeze unless defined?(AUTO_RUN_KEY) ENV_KEY = 'HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment'.freeze unless defined?(ENV_KEY) - ExpandEnvironmentStrings = Win32API.new('kernel32', 'ExpandEnvironmentStrings', ['P', 'P', 'L'], 'L') if Chef::Platform.windows? + ExpandEnvironmentStrings = Win32API.new('kernel32', 'ExpandEnvironmentStrings', ['P', 'P', 'L'], 'L') if Chef::Platform.windows? && !defined?(ExpandEnvironmentStrings) # returns windows friendly version of the provided path, # ensures backslashes are used everywhere @@ -63,13 +63,23 @@ def win_version @win_version ||= Windows::Version.new end + # Helper function to properly parse a URI + def as_uri(source) + begin + URI.parse(source) + rescue URI::InvalidURIError + Chef::Log.warn("#{source} was an invalid URI. Trying to escape invalid characters") + URI.parse(URI.escape(source)) + end + end + # if a file is local it returns a windows friendly path version # if a file is remote it caches it locally def cached_file(source, checksum=nil, windows_path=true) @installer_file_path ||= begin - if source =~ ::URI::ABS_URI && %w[ftp http https].include?(URI.parse(source).scheme) - uri = ::URI.parse(source) + if source =~ /^(file|ftp|http|https):\/\// + uri = as_uri(source) cache_file_path = "#{Chef::Config[:file_cache_path]}/#{::File.basename(::URI.unescape(uri.path))}" Chef::Log.debug("Caching a copy of file #{source} at #{cache_file_path}") r = Chef::Resource::RemoteFile.new(cache_file_path, run_context) diff --git a/berks-cookbooks/windows/libraries/windows_package.rb b/berks-cookbooks/windows/libraries/windows_package.rb index cfa26a13..cb4c26c4 100644 --- a/berks-cookbooks/windows/libraries/windows_package.rb +++ b/berks-cookbooks/windows/libraries/windows_package.rb @@ -193,7 +193,9 @@ def installer_type class Chef class Resource class WindowsCookbookPackage < Chef::Resource::LWRPBase - if Gem::Version.new(Chef::VERSION) >= Gem::Version.new('12') + if Gem::Version.new(Chef::VERSION) >= Gem::Version.new('12.4.0') + provides :windows_package, os: "windows", override: true + elsif Gem::Version.new(Chef::VERSION) >= Gem::Version.new('12') provides :windows_package, os: "windows" end actions :install, :remove @@ -219,6 +221,18 @@ def initialize(*args) end if Gem::Version.new(Chef::VERSION) < Gem::Version.new('12') + # this wires up the cookbook version of the windows_package resource as Chef::Resource::WindowsPackage, + # which is kinda hella janky Chef::Resource.send(:remove_const, :WindowsPackage) if defined? Chef::Resource::WindowsPackage Chef::Resource.const_set("WindowsPackage", Chef::Resource::WindowsCookbookPackage) +else + if Chef.respond_to?(:set_resource_priority_array) + # this wires up the dynamic resource resolver to favor the cookbook version of windows_package over + # the internal version (but the internal Chef::Resource::WindowsPackage is still the internal version + # and a wrapper cookbook can override this e.g. for users that want to use the windows cookbook but + # want the internal windows_package resource) + Chef.set_resource_priority_array(:windows_package, [ Chef::Resource::WindowsCookbookPackage ], platform: "windows") + end end + + diff --git a/berks-cookbooks/windows/libraries/windows_privileged.rb b/berks-cookbooks/windows/libraries/windows_privileged.rb index f8688358..3f5823dc 100644 --- a/berks-cookbooks/windows/libraries/windows_privileged.rb +++ b/berks-cookbooks/windows/libraries/windows_privileged.rb @@ -20,24 +20,13 @@ # limitations under the License. # -if RUBY_PLATFORM =~ /mswin|mingw32|windows/ - require 'windows/error' - require 'windows/registry' - require 'windows/process' - require 'windows/security' -end - #helpers for Windows API calls that require privilege adjustments class Chef class WindowsPrivileged - if RUBY_PLATFORM =~ /mswin|mingw32|windows/ - include Windows::Error - include Windows::Registry - include Windows::Process - include Windows::Security - end #File -> Load Hive... in regedit.exe def reg_load_key(name, file) + load_deps + run(SE_BACKUP_NAME, SE_RESTORE_NAME) do rc = RegLoadKey(HKEY_USERS, name.to_s, file) if rc == ERROR_SUCCESS @@ -52,6 +41,8 @@ def reg_load_key(name, file) #File -> Unload Hive... in regedit.exe def reg_unload_key(name) + load_deps + run(SE_BACKUP_NAME, SE_RESTORE_NAME) do rc = RegUnLoadKey(HKEY_USERS, name.to_s) if rc != ERROR_SUCCESS @@ -61,6 +52,8 @@ def reg_unload_key(name) end def run(*privileges) + load_deps + token = [0].pack('L') unless OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY, token) @@ -84,11 +77,28 @@ def run(*privileges) end def adjust_privilege(token, priv, attr=0) + load_deps + luid = [0,0].pack('Ll') if LookupPrivilegeValue(nil, priv, luid) new_state = [1, luid.unpack('Ll'), attr].flatten.pack('LLlL') AdjustTokenPrivileges(token, 0, new_state, new_state.size, 0, 0) end end + + private + def load_deps + if RUBY_PLATFORM =~ /mswin|mingw32|windows/ + require 'windows/error' + require 'windows/registry' + require 'windows/process' + require 'windows/security' + + include Windows::Error + include Windows::Registry + include Windows::Process + include Windows::Security + end + end end end diff --git a/berks-cookbooks/windows/metadata.json b/berks-cookbooks/windows/metadata.json index 617ddeaa..adeb9fcb 100644 --- a/berks-cookbooks/windows/metadata.json +++ b/berks-cookbooks/windows/metadata.json @@ -1,31 +1 @@ -{ - "name": "windows", - "version": "1.36.6", - "description": "Provides a set of useful Windows-specific primitives.", - "long_description": "Windows Cookbook\n================\nProvides a set of Windows-specific primitives (Chef resources) meant to aid in the creation of cookbooks/recipes targeting the Windows platform.\n\n\nRequirements\n-------------\nVersion 1.3.0+ of this cookbook requires Chef 0.10.10+.\n\n\n### Platforms\n* Windows XP\n* Windows Vista\n* Windows Server 2003 R2\n* Windows 7\n* Windows Server 2008 (R1, R2)\n\nThe `windows_task` LWRP requires Windows Server 2008 due to its API usage.\n\n### Cookbooks\nThe following cookbooks provided by Chef Software are required as noted:\n\n* chef_handler (`windows::reboot_handler` leverages the chef_handler LWRP)\n\nAttributes\n----------\n* `node['windows']['allow_pending_reboots']` - used to configure the `WindowsRebootHandler` (via the `windows::reboot_handler` recipe) to act on pending reboots. default is true (ie act on pending reboots). The value of this attribute only has an effect if the `windows::reboot_handler` is in a node's run list.\n* `node['windows']['allow_reboot_on_failure']` - used to register the `WindowsRebootHandler` (via the `windows::reboot_handler` recipe) as an exception handler too to act on reboots not only at the end of successful Chef runs, but even at the end of failed runs. default is false (ie reboot only after successful runs). The value of this attribute only has an effect if the `windows::reboot_handler` is in a node's run list.\n\n\nResource/Provider\n-----------------\n### windows_auto_run\n#### Actions\n- :create: Create an item to be run at login\n- :remove: Remove an item that was previously setup to run at login\n\n#### Attribute Parameters\n- :name: Name attribute. The name of the value to be stored in the registry\n- :program: The program to be run at login\n- :args: The arguments for the program\n\n#### Examples\nRun BGInfo at login\n\n```ruby\nwindows_auto_run 'BGINFO' do\n program 'C:/Sysinternals/bginfo.exe'\n args '\\'C:/Sysinternals/Config.bgi\\' /NOLICPROMPT /TIMER:0'\n not_if { Registry.value_exists?(AUTO_RUN_KEY, 'BGINFO') }\n action :create\nend\n```\n\n### windows_batch\n(Chef 11.6.0 includes a built-in [batch](http://docs.chef.io/resource_batch.html) resource, so use that in preference to `windows_batch` if possible.)\n\nExecute a batch script using the cmd.exe interpreter (much like the script resources for bash, csh, powershell, perl, python and ruby). A temporary file is created and executed like other script resources, rather than run inline. By their nature, Script resources are not idempotent, as they are completely up to the user's imagination. Use the `not_if` or `only_if` meta parameters to guard the resource for idempotence.\n\n#### Actions\n- :run: run the batch file\n\n#### Attribute Parameters\n- command: name attribute. Name of the command to execute.\n- code: quoted string of code to execute.\n- creates: a file this command creates - if the file exists, the command will not be run.\n- cwd: current working directory to run the command from.\n- flags: command line flags to pass to the interpreter when invoking.\n- user: A user name or user ID that we should change to before running this command.\n- group: A group name or group ID that we should change to before running this command.\n\n#### Examples\n```ruby\nwindows_batch 'unzip_and_move_ruby' do\n code <<-EOH\n 7z.exe x #{Chef::Config[:file_cache_path]}/ruby-1.8.7-p352-i386-mingw32.7z -oC:\\\\source -r -y\n xcopy C:\\\\source\\\\ruby-1.8.7-p352-i386-mingw32 C:\\\\ruby /e /y\n EOH\nend\n```\n\n```ruby\nwindows_batch 'echo some env vars' do\n code <<-EOH\n echo %TEMP%\n echo %SYSTEMDRIVE%\n echo %PATH%\n echo %WINDIR%\n EOH\nend\n```\n\n### windows_feature\nWindows Roles and Features can be thought of as built-in operating system packages that ship with the OS. A server role is a set of software programs that, when they are installed and properly configured, lets a computer perform a specific function for multiple users or other computers within a network. A Role can have multiple Role Services that provide functionality to the Role. Role services are software programs that provide the functionality of a role. Features are software programs that, although they are not directly parts of roles, can support or augment the functionality of one or more roles, or improve the functionality of the server, regardless of which roles are installed. Collectively we refer to all of these attributes as 'features'.\n\nThis resource allows you to manage these 'features' in an unattended, idempotent way.\n\nThere are two providers for the `windows_features` which map into Microsoft's two major tools for managing roles/features: [Deployment Image Servicing and Management (DISM)](http://msdn.microsoft.com/en-us/library/dd371719%28v=vs.85%29.aspx) and [Servermanagercmd](http://technet.microsoft.com/en-us/library/ee344834%28WS.10%29.aspx) (The CLI for Server Manager). As Servermanagercmd is deprecated, Chef will set the default provider to `Chef::Provider::WindowsFeature::DISM` if DISM is present on the system being configured. The default provider will fall back to `Chef::Provider::WindowsFeature::ServerManagerCmd`.\n\nFor more information on Roles, Role Services and Features see the [Microsoft TechNet article on the topic](http://technet.microsoft.com/en-us/library/cc754923.aspx). For a complete list of all features that are available on a node type either of the following commands at a command prompt:\n\n```text\ndism /online /Get-Features\nservermanagercmd -query\n```\n\n#### Actions\n- :install: install a Windows role/feature\n- :remove: remove a Windows role/feature\n\n#### Attribute Parameters\n- feature_name: name of the feature/role to install. The same feature may have different names depending on the provider used (ie DHCPServer vs DHCP; DNS-Server-Full-Role vs DNS).\n- all: Boolean. Optional. Default: false. DISM provider only. Forces all dependencies to be installed.\n- source: String. Optional. DISM provider only. Uses local repository for feature install.\n\n#### Providers\n- **Chef::Provider::WindowsFeature::DISM**: Uses Deployment Image Servicing and Management (DISM) to manage roles/features.\n- **Chef::Provider::WindowsFeature::ServerManagerCmd**: Uses Server Manager to manage roles/features.\n- **Chef::Provider::WindowsFeaturePowershell**: Uses Powershell to manage roles/features. (see [COOK-3714](https://tickets.chef.io/browse/COOK-3714)\n\n#### Examples\nEnable the node as a DHCP Server\n\n```ruby\nwindows_feature 'DHCPServer' do\n action :install\nend\n```\n\nEnable TFTP\n\n```ruby\nwindows_feature 'TFTP' do\n action :install\nend\n```\n\nEnable .Net 3.5.1 on Server 2012 using repository files on DVD and\ninstall all dependencies\n\n```ruby\nwindows_feature \"NetFx3\" do\n action :install\n all true\n source \"d:\\sources\\sxs\"\nend\n```\n\nDisable Telnet client/server\n\n```ruby\n%w[TelnetServer TelnetClient].each do |feature|\n windows_feature feature do\n action :remove\n end\nend\n```\n\n### windows_font\nInstalls a font.\n\nFont files should be included in the cookbooks\n\n#### Actions\n- :install: install a font to the system fonts directory.\n\n#### Attribute Parameters\n- file: The name of the font file name to install. It should exist in the files/default directory of the cookbook you're calling windows_font from. Defaults to the resource name.\n\n#### Examples\n\n```ruby\nwindows_font 'Code New Roman.otf'\n```\n\n### windows_package\nManage Windows application packages in an unattended, idempotent way.\n\nThe following application installers are currently supported:\n\n* MSI packages\n* InstallShield\n* Wise InstallMaster\n* Inno Setup\n* Nullsoft Scriptable Install System\n\nIf the proper installer type is not passed into the resource's installer_type attribute, the provider will do it's best to identify the type by introspecting the installation package. If the installation type cannot be properly identified the `:custom` value can be passed into the installer_type attribute along with the proper flags for silent/quiet installation (using the `options` attribute..see example below).\n\n__PLEASE NOTE__ - For proper idempotence the resource's `package_name` should be the same as the 'DisplayName' registry value in the uninstallation data that is created during package installation. The easiest way to definitively find the proper 'DisplayName' value is to install the package on a machine and search for the uninstall information under the following registry keys:\n\n* `HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall`\n* `HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall`\n* `HKEY_LOCAL_MACHINE\\Software\\Wow6464Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall`\n\nFor maximum flexibility the `source` attribute supports both remote and local installation packages.\n\n#### Actions\n- :install: install a package\n- :remove: remove a package. The remove action is completely hit or miss as many application uninstallers do not support a full silent/quiet mode.\n\n#### Attribute Parameters\n- package_name: name attribute. The 'DisplayName' of the application installation package.\n- source: The source of the windows installer. This can either be a URI or a local path.\n- installer_type: They type of windows installation package. valid values are: :msi, :inno, :nsis, :wise, :installshield, :custom. If this value is not provided, the provider will do it's best to identify the installer type through introspection of the file.\n- checksum: useful if source is remote, the SHA-256 checksum of the file--if the local file matches the checksum, Chef will not download it\n- options: Additional options to pass the underlying installation command\n- timeout: set a timeout for the package download (default 600 seconds)\n- version: The version number of this package, as indicated by the 'DisplayVersion' value in one of the 'Uninstall' registry keys. If the given version number does equal the 'DisplayVersion' in the registry, the package will be installed.\n- success_codes: set an array of possible successful installation\n return codes. Previously this was hardcoded, but certain MSIs may\n have a different return code, e.g. 3010 for reboot required. Must be\n an array, and defaults to `[0, 42, 127]`.\n\n#### Examples\n\nInstall PuTTY (InnoSetup installer)\n```ruby\nwindows_package 'PuTTY version 0.60' do\n source 'http://the.earth.li/~sgtatham/putty/latest/x86/putty-0.60-installer.exe'\n installer_type :inno\n action :install\nend\n```\n\nInstall 7-Zip (MSI installer)\n```ruby\nwindows_package '7-Zip 9.20 (x64 edition)' do\n source 'http://downloads.sourceforge.net/sevenzip/7z920-x64.msi'\n action :install\nend\n```\n\nInstall Notepad++ (Y U No Emacs?) using a local installer\n```ruby\nwindows_package 'Notepad++' do\n source 'c:/installation_files/npp.5.9.2.Installer.exe'\n action :install\nend\n```\n\nInstall VLC for that Xvid (NSIS installer)\n```ruby\nwindows_package 'VLC media player 1.1.10' do\n source 'http://superb-sea2.dl.sourceforge.net/project/vlc/1.1.10/win32/vlc-1.1.10-win32.exe'\n action :install\nend\n```\n\nInstall Firefox as custom installer and manually set the silent install flags\n```ruby\nwindows_package 'Mozilla Firefox 5.0 (x86 en-US)' do\n source 'http://archive.mozilla.org/pub/mozilla.org/mozilla.org/firefox/releases/5.0/win32/en-US/Firefox%20Setup%205.0.exe'\n options '-ms'\n installer_type :custom\n action :install\nend\n```\n\nGoogle Chrome FTW (MSI installer)\n```ruby\nwindows_package 'Google Chrome' do\n source 'https://dl-ssl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7B806F36C0-CB54-4A84-A3F3-0CF8A86575E0%7D%26lang%3Den%26browser%3D3%26usagestats%3D0%26appname%3DGoogle%2520Chrome%26needsadmin%3Dfalse/edgedl/chrome/install/GoogleChromeStandaloneEnterprise.msi'\n action :install\nend\n```\n\nRemove Google Chrome\n```ruby\nwindows_package 'Google Chrome' do\n action :remove\nend\n```\n\nRemove 7-Zip\n```ruby\nwindows_package '7-Zip 9.20 (x64 edition)' do\n action :remove\nend\n```\n\n### windows_printer_port\n\nCreate and delete TCP/IPv4 printer ports.\n\n#### Actions\n- :create: Create a TCIP/IPv4 printer port. This is the default action.\n- :delete: Delete a TCIP/IPv4 printer port\n\n#### Attribute Parameters\n- :ipv4_address: Name attribute. Required. IPv4 address, e.g. '10.0.24.34'\n- :port_name: Port name. Optional. Defaults to 'IP_' + :ipv4_address\n- :port_number: Port number. Optional. Defaults to 9100.\n- :port_description: Port description. Optional.\n- :snmp_enabled: Boolean. Optional. Defaults to false.\n- :port_protocol: Port protocol, 1 (RAW), or 2 (LPR). Optional. Defaults to 1.\n\n#### Examples\n\nCreate a TCP/IP printer port named 'IP_10.4.64.37' with all defaults\n```ruby\nwindows_printer_port '10.4.64.37' do\nend\n```\n\nDelete a printer port\n```ruby\nwindows_printer_port '10.4.64.37' do\n action :delete\nend\n```\n\nDelete a port with a custom port_name\n```ruby\nwindows_printer_port '10.4.64.38' do\n port_name 'My awesome port'\n action :delete\nend\n```\n\nCreate a port with more options\n```ruby\nwindows_printer_port '10.4.64.39' do\n port_name 'My awesome port'\n snmp_enabled true\n port_protocol 2\nend\n```\n\n### windows_printer\n\nCreate Windows printer. Note that this doesn't currently install a printer\ndriver. You must already have the driver installed on the system.\n\nThe Windows Printer LWRP will automatically create a TCP/IP printer port for you using the `ipv4_address` property. If you want more granular control over the printer port, just create it using the `windows_printer_port` LWRP before creating the printer.\n\n#### Actions\n- :create: Create a new printer\n- :delete: Delete a new printer\n\n#### Attribute Parameters\n- :device_id: Name attribute. Required. Printer queue name, e.g. 'HP LJ 5200 in fifth floor copy room'\n- :comment: Optional string describing the printer queue.\n- :default: Boolean. Optional. Defaults to false. Note that Windows sets the first printer defined to the default printer regardless of this setting.\n- :driver_name: String. Required. Exact name of printer driver. Note that the printer driver must already be installed on the node.\n- :location: Printer location, e.g. 'Fifth floor copy room', or 'US/NYC/Floor42/Room4207'\n- :shared: Boolean. Defaults to false.\n- :share_name: Printer share name.\n- :ipv4_address: Printer IPv4 address, e.g. '10.4.64.23'. You don't have to be able to ping the IP addresss to set it. Required.\n\nAn error of \"Set-WmiInstance : Generic failure\" is most likely due to the printer driver name not matching or not being installed.\n\n#### Examples\n\nCreate a printer\n```ruby\nwindows_printer 'HP LaserJet 5th Floor' do\n driver_name 'HP LaserJet 4100 Series PCL6'\n ipv4_address '10.4.64.38'\nend\n```\n\nDelete a printer. Note: this doesn't delete the associated printer port. See `windows_printer_port` above for how to delete the port.\n```ruby\nwindows_printer 'HP LaserJet 5th Floor' do\n action :delete\nend\n```\n\n### windows_reboot\nSets required data in the node's run_state to notify `WindowsRebootHandler` a reboot is requested. If Chef run completes successfully a reboot will occur if the `WindowsRebootHandler` is properly registered as a report handler. As an action of `:request` will cause a node to reboot every Chef run, this resource is usually notified by other resources...ie restart node after a package is installed (see example below).\n\n#### Actions\n- :request: requests a reboot at completion of successful Cher run. requires `WindowsRebootHandler` to be registered as a report handler.\n- :cancel: remove reboot request from node.run_state. this will cancel *ALL* previously requested reboots as this is a binary state.\n\n#### Attribute Parameters\n- :timeout: Name attribute. timeout delay in seconds to wait before proceeding with the requested reboot. default is 60 seconds\n- :reason: comment on the reason for the reboot. default is 'Chef Software Chef initiated reboot'\n\n#### Examples\nIf the package installs, schedule a reboot at end of chef run\n```ruby\nwindows_reboot 60 do\n reason 'cause chef said so'\n action :nothing\nend\n\nwindows_package 'some_package' do\n action :install\n notifies :request, 'windows_reboot[60]'\nend\n```\n\nCancel the previously requested reboot\n```ruby\nwindows_reboot 60 do\n action :cancel\nend\n```\n\n### windows_registry\n(Chef 11.6.0 includes a built-in [registry_key](http://docs.chef.io/resource_registry_key.html) resource, so use that in preference to `windows_registry` if possible.)\n\nCreates and modifies Windows registry keys.\n\n*Change in v1.3.0: The Win32 classes use `::Win32` to avoid namespace conflict with `Chef::Win32` (introduced in Chef 0.10.10).*\n\n#### Actions\n- :create: create a new registry key with the provided values.\n- :modify: modify an existing registry key with the provided values.\n- :force_modify: modify an existing registry key with the provided values. ensures the value is actually set by checking multiple times. useful for fighting race conditions where two processes are trying to set the same registry key. This will be updated in the near future to use 'RegNotifyChangeKeyValue' which is exposed by the WinAPI and allows a process to register for notification on a registry key change.\n- :remove: removes a value from an existing registry key\n\n#### Attribute Parameters\n- key_name: name attribute. The registry key to create/modify.\n- values: hash of the values to set under the registry key. The individual hash items will become respective 'Value name' => 'Value data' items in the registry key.\n- type: Type of key to create, defaults to REG_SZ. Must be a symbol, see the overview below for valid values.\n\n#### Registry key types\n- :binary: REG_BINARY\n- :string: REG_SZ\n- :multi_string: REG_MULTI_SZ\n- :expand_string: REG_EXPAND_SZ\n- :dword: REG_DWORD\n- :dword_big_endian: REG_DWORD_BIG_ENDIAN\n- :qword: REG_QWORD\n\n#### Examples\n\nMake the local windows proxy match the one set for Chef\n```ruby\nproxy = URI.parse(Chef::Config[:http_proxy])\nwindows_registry 'HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings' do\n values 'ProxyEnable' => 1, 'ProxyServer' => \"#{proxy.host}:#{proxy.port}\", 'ProxyOverride' => ''\nend\n```\n\nEnable Remote Desktop and poke the firewall hole\n```ruby\nwindows_registry 'HKLM\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server' do\n values 'FdenyTSConnections' => 0\nend\n```\n\nDelete an item from the registry\n```ruby\nwindows_registry 'HKCU\\Software\\Test' do\n #Key is the name of the value that you want to delete the value is always empty\n values 'ValueToDelete' => ''\n action :remove\nend\n```\n\nAdd a REG_MULTI_SZ value to the registry\n```ruby\nwindows_registry 'HKCU\\Software\\Test' do\n values 'MultiString' => ['line 1', 'line 2', 'line 3']\n type :multi_string\nend\n```\n\n#### Library Methods\n\n```ruby\nRegistry.value_exists?('HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run','BGINFO')\nRegistry.key_exists?('HKLM\\SOFTWARE\\Microsoft')\nBgInfo = Registry.get_value('HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run','BGINFO')\n```\n\n### windows_path\n#### Actions\n- :add: Add an item to the system path\n- :remove: Remove an item from the system path\n\n#### Attribute Parameters\n- :path: Name attribute. The name of the value to add to the system path\n\n#### Examples\n\nAdd Sysinternals to the system path\n```ruby\nwindows_path 'C:\\Sysinternals' do\n action :add\nend\n```\n\nRemove 7-Zip from the system path\n```ruby\nwindows_path 'C:\\7-Zip' do\n action :remove\nend\n```\n\n### windows_task\nCreates, deletes or runs a Windows scheduled task. Requires Windows\nServer 2008 due to API usage.\n\n#### Actions\n- :create: creates a task\n- :delete: deletes a task\n- :run: runs a task\n- :change: changes the un/pw or command of a task\n- :enable: enable a task\n- :disable: disable a task\n\n#### Attribute Parameters\n- name: name attribute, The task name.\n- command: The command the task will run.\n- cwd: The directory the task will be run from.\n- user: The user to run the task as. (requires password)\n- password: The user's password. (requires user)\n- run_level: Run with limited or highest privileges.\n- frequency: Frequency with which to run the task. (hourly, daily, ect.)\n- frequency_modifier: Multiple for frequency. (15 minutes, 2 days)\n- start_day: Specifies the first date on which the task runs. Optional string (MM/DD/YYYY)\n- start_time: Specifies the start time to run the task. Optional string (HH:mm)\n\n#### Examples\n\nRun Chef every 15 minutes\n```ruby\nwindows_task 'Chef client' do\n user 'Administrator'\n password '$ecR3t'\n cwd 'C:\\chef\\bin'\n command 'chef-client -L C:\\tmp\\'\n run_level :highest\n frequency :minute\n frequency_modifier 15\nend\n```\n\nUpdate Chef Client task with new password and log location\n```ruby\nwindows_task 'Chef client' do\n user 'Administrator'\n password 'N3wPassW0Rd'\n cwd 'C:\\chef\\bin'\n command 'chef-client -L C:\\chef\\logs\\'\n action :change\nend\n```\n\nDelete a taks named 'old task'\n```ruby\nwindows_task 'old task' do\n action :delete\nend\n```\n\nEnable a task named 'Chef client'\n```ruby\nwindows_task 'Chef client' do\n action :enable\nend\n```\n\nDisable a task named 'Chef client'\n```ruby\nwindows_task 'Chef client' do\n action :disable\nend\n```\n\n### windows_zipfile\nMost version of Windows do not ship with native cli utility for managing compressed files. This resource provides a pure-ruby implementation for managing zip files. Be sure to use the `not_if` or `only_if` meta parameters to guard the resource for idempotence or action will be taken every Chef run.\n\n#### Actions\n- :unzip: unzip a compressed file\n- :zip: zip a directory (recursively)\n\n#### Attribute Parameters\n- path: name attribute. The path where files will be (un)zipped to.\n- source: source of the zip file (either a URI or local path) for :unzip, or directory to be zipped for :zip.\n- overwrite: force an overwrite of the files if they already exist.\n- checksum: for :unzip, useful if source is remote, if the local file matches the SHA-256 checksum, Chef will not download it.\n\n#### Examples\n\nUnzip a remote zip file locally\n```ruby\nwindows_zipfile 'c:/bin' do\n source 'http://download.sysinternals.com/Files/SysinternalsSuite.zip'\n action :unzip\n not_if {::File.exists?('c:/bin/PsExec.exe')}\nend\n```\n\nUnzip a local zipfile\n```ruby\nwindows_zipfile 'c:/the_codez' do\n source 'c:/foo/baz/the_codez.zip'\n action :unzip\nend\n```\n\nCreate a local zipfile\n```ruby\nwindows_zipfile 'c:/foo/baz/the_codez.zip' do\n source 'c:/the_codez'\n action :zip\nend\n```\n\nLibraries\n-------------------------\n### WindowsHelper\n\nHelper that allows you to use helpful functions in windows\n\n#### installed_packages\nReturns a hash of all DisplayNames installed\n```ruby\n# usage in a recipe\n::Chef::Recipe.send(:include, Windows::Helper)\nhash_of_installed_packages = installed_packages\n```\n\n#### is_package_installed?\n- `package_name`: The name of the package you want to query to see if it is installed\n- `returns`: true if the package is installed, false if it the package is not installed\n\nDownload a file if a package isn't installed\n```ruby\n# usage in a recipe to not download a file if package is already installed\n::Chef::Recipe.send(:include, Windows::Helper)\nis_win_sdk_installed = is_package_installed?('Windows Software Development Kit')\n\nremote_file 'C:\\windows\\temp\\windows_sdk.zip' do\n source 'http://url_to_download/windows_sdk.zip'\n action :create_if_missing\n not_if {is_win_sdk_installed}\nend\n```\nDo something if a package is installed\n```ruby\n# usage in a provider\ninclude Windows::Helper\nif is_package_installed?('Windows Software Development Kit')\n # do something if package is installed\nend\n```\n\nException/Report Handlers\n-------------------------\n### WindowsRebootHandler\nRequired reboots are a necessary evil of configuring and managing Windows nodes. This report handler (ie fires at the end of Chef runs) acts on requested (Chef initiated) or pending (as determined by the OS per configuration action we performed) reboots. The `allow_pending_reboots` initialization argument should be set to false if you do not want the handler to automatically reboot a node if it has been determined a reboot is pending. Reboots can still be requested explicitly via the `windows_reboot` LWRP.\n\n### Initialization Arguments\n- `allow_pending_reboots`: indicator on whether the handler should act on a the Window's 'pending reboot' state. default is true\n- `timeout`: timeout delay in seconds to wait before proceeding with the reboot. default is 60 seconds\n- `reason`: comment on the reason for the reboot. default is 'Chef Software Chef initiated reboot'\n\n\nWindows ChefSpec Matchers\n-------------------------\nThe Windows cookbook includes custom [ChefSpec](https://github.com/sethvargo/chefspec) matchers you can use to test your own cookbooks that consume Windows cookbook LWRPs.\n\n###Example Matcher Usage\n```ruby\nexpect(chef_run).to install_windows_package('Node.js').with(\n source: 'http://nodejs.org/dist/v0.10.26/x64/node-v0.10.26-x64.msi')\n```\n\n###Windows Cookbook Matchers\n* install_windows_package\n* remove_windows_package\n* install_windows_feature\n* remove_windows_feature\n* delete_windows_feature\n* create_windows_task\n* delete_windows_task\n* run_windows_task\n* change_windows_task\n* add_windows_path\n* remove_windows_path\n* run_windows_batch\n* set_windows_pagefile\n* unzip_windows_zipfile_to\n* zip_windows_zipfile_to\n* create_windows_shortcut\n* create_windows_auto_run\n* remove_windows_auto_run\n* create_windows_printer\n* delete_windows_printer\n* create_windows_printer_port\n* delete_windows_printer_port\n* request_windows_reboot\n* cancel_windows_reboot\n* create_windows_shortcut\n\n\nUsage\n-----\n\nPlace an explicit dependency on this cookbook (using depends in the cookbook's metadata.rb) from any cookbook where you would like to use the Windows-specific resources/providers that ship with this cookbook.\n\n```ruby\ndepends 'windows'\n```\n\n### default\nConvenience recipe that installs supporting gems for many of the resources/providers that ship with this cookbook.\n\n*Change in v1.3.0: Uses chef_gem instead of gem_package to ensure gem installation in Chef 0.10.10.*\n\n### reboot_handler\nLeverages the `chef_handler` LWRP to register the `WindowsRebootHandler` report handler that ships as part of this cookbook. By default this handler is set to automatically act on pending reboots. If you would like to change this behavior override `node['windows']['allow_pending_reboots']` and set the value to false. For example:\n\n```ruby\nname 'base'\ndescription 'base role'\noverride_attributes(\n 'windows' => {\n 'allow_pending_reboots' => false\n }\n)\n```\n\nThis will still allow a reboot to be explicitly requested via the `windows_reboot` LWRP.\n\nBy default, the handler will only be registered as a report handler, meaning that it will only fire at the end of successful Chef runs. If the run fails, pending or requested reboots will be ignored. This can lead to a situation where some package was installed and notified a reboot request via the `windows_reboot` LWRP, and then the run fails for some unrelated reason, and the reboot request gets dropped because the resource that notified the reboot request will already be up-to-date at the next run and will not request a reboot again, and thus the requested reboot will never be performed. To change this behavior and register the handler as an exception handler that fires at the end of failed runs too, override `node['windows']['allow_reboot_on_failure']` and set the value to true.\n\n\nLicense & Authors\n-----------------\n- Author:: Seth Chisamore ()\n- Author:: Doug MacEachern ()\n- Author:: Paul Morton ()\n- Author:: Doug Ireton ()\n\n```text\nCopyright 2011-2013, Chef Software, Inc.\nCopyright 2010, VMware, Inc.\nCopyright 2011, Business Intelligence Associates, Inc\nCopyright 2012, Nordstrom, Inc.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n", - "maintainer": "Chef Software, Inc.", - "maintainer_email": "cookbooks@chef.io", - "license": "Apache 2.0", - "platforms": { - "windows": ">= 0.0.0" - }, - "dependencies": { - "chef_handler": ">= 0.0.0" - }, - "recommendations": { - }, - "suggestions": { - }, - "conflicting": { - }, - "providing": { - }, - "replacing": { - }, - "attributes": { - }, - "groupings": { - }, - "recipes": { - } -} \ No newline at end of file +{"name":"windows","version":"1.38.2","description":"Provides a set of useful Windows-specific primitives.","long_description":"Windows Cookbook\n================\n[![Build Status](https://travis-ci.org/chef-cookbooks/windows.svg?branch=master)](http://travis-ci.org/chef-cookbooks/windows)\n[![Cookbook Version](https://img.shields.io/cookbook/v/windows.svg)](https://supermarket.chef.io/cookbooks/windows)\n\nProvides a set of Windows-specific primitives (Chef resources) meant to aid in the creation of cookbooks/recipes targeting the Windows platform.\n\n\nRequirements\n-------------\nChef 11+ is required to run this cookbook\n\n\n### Platforms\n* Windows Vista\n* Windows 7\n* Windows Server 2008 (R1, R2)\n* Windows 8, 8.1\n* Windows Server 2012 (R2)\n\nThe `windows_task` LWRP requires Windows Server 2008 and above due to its API usage.\n\n### Cookbooks\nThe following cookbooks provided by Chef Software are required as noted:\n\n* chef_handler (`windows::reboot_handler` leverages the chef_handler LWRP)\n\nAttributes\n----------\n* `node['windows']['allow_pending_reboots']` - used to configure the `WindowsRebootHandler` (via the `windows::reboot_handler` recipe) to act on pending reboots. default is true (ie act on pending reboots). The value of this attribute only has an effect if the `windows::reboot_handler` is in a node's run list.\n* `node['windows']['allow_reboot_on_failure']` - used to register the `WindowsRebootHandler` (via the `windows::reboot_handler` recipe) as an exception handler too to act on reboots not only at the end of successful Chef runs, but even at the end of failed runs. default is false (ie reboot only after successful runs). The value of this attribute only has an effect if the `windows::reboot_handler` is in a node's run list.\n\n\nResource/Provider\n-----------------\n### windows_auto_run\n#### Actions\n- :create: Create an item to be run at login\n- :remove: Remove an item that was previously setup to run at login\n\n#### Attribute Parameters\n- :name: Name attribute. The name of the value to be stored in the registry\n- :program: The program to be run at login\n- :args: The arguments for the program\n\n#### Examples\nRun BGInfo at login\n\n```ruby\nwindows_auto_run 'BGINFO' do\n program 'C:/Sysinternals/bginfo.exe'\n args '\\'C:/Sysinternals/Config.bgi\\' /NOLICPROMPT /TIMER:0'\n not_if { Registry.value_exists?(AUTO_RUN_KEY, 'BGINFO') }\n action :create\nend\n```\n\n### windows_batch\nThis resource is now deprecated and will be removed in a future version of this cookbook. Chef >= 11.6.0 includes a built-in [batch](http://docs.chef.io/resource_batch.html) resource.\n\nExecute a batch script using the cmd.exe interpreter (much like the script resources for bash, csh, powershell, perl, python and ruby). A temporary file is created and executed like other script resources, rather than run inline. By their nature, Script resources are not idempotent, as they are completely up to the user's imagination. Use the `not_if` or `only_if` meta parameters to guard the resource for idempotence.\n\n#### Actions\n- :run: run the batch file\n\n#### Attribute Parameters\n- command: name attribute. Name of the command to execute.\n- code: quoted string of code to execute.\n- creates: a file this command creates - if the file exists, the command will not be run.\n- cwd: current working directory to run the command from.\n- flags: command line flags to pass to the interpreter when invoking.\n- user: A user name or user ID that we should change to before running this command.\n- group: A group name or group ID that we should change to before running this command.\n\n#### Examples\n```ruby\nwindows_batch 'unzip_and_move_ruby' do\n code <<-EOH\n 7z.exe x #{Chef::Config[:file_cache_path]}/ruby-1.8.7-p352-i386-mingw32.7z -oC:\\\\source -r -y\n xcopy C:\\\\source\\\\ruby-1.8.7-p352-i386-mingw32 C:\\\\ruby /e /y\n EOH\nend\n```\n\n```ruby\nwindows_batch 'echo some env vars' do\n code <<-EOH\n echo %TEMP%\n echo %SYSTEMDRIVE%\n echo %PATH%\n echo %WINDIR%\n EOH\nend\n```\n\n### windows_certificate\n\nInstalls a certificate into the Windows certificate store from a file, and grants read-only access to the private key for designated accounts.\nDue to current limitations in winrm, installing certificated remotely may not work if the operation requires a user profile. Operations on the local machine store should still work.\n\n#### Actions\n- :create: creates or updates a certificate.\n- :delete: deletes a certificate.\n- :acl_add: adds read-only entries to a certificate's private key ACL.\n\n#### Attribute Parameters\n- source: name attribute. The source file (for create and acl_add), thumprint (for delete and acl_add) or subject (for delete).\n- pfx_password: the password to access the source if it is a pfx file.\n- private_key_acl: array of 'domain\\account' entries to be granted read-only access to the certificate's private key. This is not idempotent.\n- store_name: the certificate store to maniplate. One of MY (default : personal store), CA (trusted intermediate store) or ROOT (trusted root store).\n- user_store: if false (default) then use the local machine store; if true then use the current user's store.\n\n#### Examples\n```ruby\n# Add PFX cert to local machine personal store and grant accounts read-only access to private key\nwindows_certificate \"c:/test/mycert.pfx\" do\n\tpfx_password\t\"password\"\n\tprivate_key_acl\t[\"acme\\fred\", \"pc\\jane\"]\nend\n```\n\n```ruby\n# Add cert to trusted intermediate store\nwindows_certificate \"c:/test/mycert.cer\" do\n\tstore_name\t\"CA\"\nend\n```\n\n```ruby\n# Remove all certicates matching the subject\nwindows_certificate \"me.acme.com\" do\n\taction :delete\nend\n```\n\n### windows_certificate_binding\n\nBinds a certificate to an HTTP port in order to enable TLS communication.\n\n#### Actions\n- :create: creates or updates a binding.\n- :delete: deletes a binding.\n\n#### Attribute Parameters\n- cert_name: name attribute. The thumprint(hash) or subject that identifies the certicate to be bound.\n- name_kind: indicates the type of cert_name. One of :subject (default) or :hash.\n- address: the address to bind against. Default is 0.0.0.0 (all IP addresses).\n- port: the port to bind against. Default is 443.\n- app_id: the GUID that defines the application that owns the binding. Default is the values used by IIS.\n- store_name: the store to locate the certificate in. One of MY (default : personal store), CA (trusted intermediate store) or ROOT (trusted root store).\n\n#### Examples\n```ruby\n# Bind the first certificate matching the subject to the default TLS port\nwindows_certificate_binding \"me.acme.com\" do\nend\n```\n\n```ruby\n# Bind a cert from the CA store with the given hash to port 4334\nwindows_certificate_binding \"me.acme.com\" do\n\tcert_name\t\"d234567890a23f567c901e345bc8901d34567890\"\n\tname_kind\t:hash\n\tstore_name\t\"CA\"\n\tport\t\t4334\nend\n```\n\n### windows_feature\nWindows Roles and Features can be thought of as built-in operating system packages that ship with the OS. A server role is a set of software programs that, when they are installed and properly configured, lets a computer perform a specific function for multiple users or other computers within a network. A Role can have multiple Role Services that provide functionality to the Role. Role services are software programs that provide the functionality of a role. Features are software programs that, although they are not directly parts of roles, can support or augment the functionality of one or more roles, or improve the functionality of the server, regardless of which roles are installed. Collectively we refer to all of these attributes as 'features'.\n\nThis resource allows you to manage these 'features' in an unattended, idempotent way.\n\nThere are two providers for the `windows_features` which map into Microsoft's two major tools for managing roles/features: [Deployment Image Servicing and Management (DISM)](http://msdn.microsoft.com/en-us/library/dd371719%28v=vs.85%29.aspx) and [Servermanagercmd](http://technet.microsoft.com/en-us/library/ee344834%28WS.10%29.aspx) (The CLI for Server Manager). As Servermanagercmd is deprecated, Chef will set the default provider to `Chef::Provider::WindowsFeature::DISM` if DISM is present on the system being configured. The default provider will fall back to `Chef::Provider::WindowsFeature::ServerManagerCmd`.\n\nFor more information on Roles, Role Services and Features see the [Microsoft TechNet article on the topic](http://technet.microsoft.com/en-us/library/cc754923.aspx). For a complete list of all features that are available on a node type either of the following commands at a command prompt:\n\n```text\ndism /online /Get-Features\nservermanagercmd -query\n```\n\n#### Actions\n- :install: install a Windows role/feature\n- :remove: remove a Windows role/feature\n\n#### Attribute Parameters\n- feature_name: name of the feature/role to install. The same feature may have different names depending on the provider used (ie DHCPServer vs DHCP; DNS-Server-Full-Role vs DNS).\n- all: Boolean. Optional. Default: false. DISM provider only. Forces all dependencies to be installed.\n- source: String. Optional. DISM provider only. Uses local repository for feature install.\n\n#### Providers\n- **Chef::Provider::WindowsFeature::DISM**: Uses Deployment Image Servicing and Management (DISM) to manage roles/features.\n- **Chef::Provider::WindowsFeature::ServerManagerCmd**: Uses Server Manager to manage roles/features.\n- **Chef::Provider::WindowsFeaturePowershell**: Uses Powershell to manage roles/features. (see [COOK-3714](https://tickets.chef.io/browse/COOK-3714)\n\n#### Examples\nEnable the node as a DHCP Server\n\n```ruby\nwindows_feature 'DHCPServer' do\n action :install\nend\n```\n\nEnable TFTP\n\n```ruby\nwindows_feature 'TFTP' do\n action :install\nend\n```\n\nEnable .Net 3.5.1 on Server 2012 using repository files on DVD and\ninstall all dependencies\n\n```ruby\nwindows_feature \"NetFx3\" do\n action :install\n all true\n source \"d:\\sources\\sxs\"\nend\n```\n\nDisable Telnet client/server\n\n```ruby\n%w[TelnetServer TelnetClient].each do |feature|\n windows_feature feature do\n action :remove\n end\nend\n```\n\nAdd SMTP Feature with powershell provider \n\n```ruby\nwindows_feature \"smtp-server\" do\n action :install\n all true\n provider :windows_feature_powershell\nend\n```\n\n### windows_font\nInstalls a font.\n\nFont files should be included in the cookbooks\n\n#### Actions\n- :install: install a font to the system fonts directory.\n\n#### Attribute Parameters\n- file: The name of the font file name to install. It should exist in the files/default directory of the cookbook you're calling windows_font from. Defaults to the resource name.\n\n#### Examples\n\n```ruby\nwindows_font 'Code New Roman.otf'\n```\n\n### windows_http_acl\nSets the Access Control List for an http URL to grant non-admin accounts permission to open HTTP endpoints.\n\n#### Actions\n- :create: creates or updates the ACL for a URL.\n- :delete: deletes the ACL from a URL.\n\n#### Attribute Parameters\n- url: the name of the url to be created/deleted.\n- user: the name (domain\\user) of the user or group to be granted permission to the URL. Mandatory for create. Only one user or group can be granted permission so this replaces any previously defined entry.\n\n#### Examples\n\n```ruby\nwindows_http_acl 'http://+:50051/' do\n\tuser 'pc\\\\fred'\nend\n```\n\n```ruby\nwindows_http_acl 'http://+:50051/' do\n\taction :delete\nend\n```\n\n### windows_package\nManage Windows application packages in an unattended, idempotent way.\n\nThe following application installers are currently supported:\n\n* MSI packages\n* InstallShield\n* Wise InstallMaster\n* Inno Setup\n* Nullsoft Scriptable Install System\n\nIf the proper installer type is not passed into the resource's installer_type attribute, the provider will do it's best to identify the type by introspecting the installation package. If the installation type cannot be properly identified the `:custom` value can be passed into the installer_type attribute along with the proper flags for silent/quiet installation (using the `options` attribute..see example below).\n\n__PLEASE NOTE__ - For proper idempotence the resource's `package_name` should be the same as the 'DisplayName' registry value in the uninstallation data that is created during package installation. The easiest way to definitively find the proper 'DisplayName' value is to install the package on a machine and search for the uninstall information under the following registry keys:\n\n* `HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall`\n* `HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall`\n* `HKEY_LOCAL_MACHINE\\Software\\Wow6464Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall`\n\nFor maximum flexibility the `source` attribute supports both remote and local installation packages.\n\n#### Actions\n- :install: install a package\n- :remove: remove a package. The remove action is completely hit or miss as many application uninstallers do not support a full silent/quiet mode.\n\n#### Attribute Parameters\n- package_name: name attribute. The 'DisplayName' of the application installation package.\n- source: The source of the windows installer. This can either be a URI or a local path.\n- installer_type: They type of windows installation package. valid values are: :msi, :inno, :nsis, :wise, :installshield, :custom. If this value is not provided, the provider will do it's best to identify the installer type through introspection of the file.\n- checksum: useful if source is remote, the SHA-256 checksum of the file--if the local file matches the checksum, Chef will not download it\n- options: Additional options to pass the underlying installation command\n- timeout: set a timeout for the package download (default 600 seconds)\n- version: The version number of this package, as indicated by the 'DisplayVersion' value in one of the 'Uninstall' registry keys. If the given version number does equal the 'DisplayVersion' in the registry, the package will be installed.\n- success_codes: set an array of possible successful installation\n return codes. Previously this was hardcoded, but certain MSIs may\n have a different return code, e.g. 3010 for reboot required. Must be\n an array, and defaults to `[0, 42, 127]`.\n\n#### Examples\n\nInstall PuTTY (InnoSetup installer)\n```ruby\nwindows_package 'PuTTY version 0.60' do\n source 'http://the.earth.li/~sgtatham/putty/latest/x86/putty-0.60-installer.exe'\n installer_type :inno\n action :install\nend\n```\n\nInstall 7-Zip (MSI installer)\n```ruby\nwindows_package '7-Zip 9.20 (x64 edition)' do\n source 'http://downloads.sourceforge.net/sevenzip/7z920-x64.msi'\n action :install\nend\n```\n\nInstall Notepad++ (Y U No Emacs?) using a local installer\n```ruby\nwindows_package 'Notepad++' do\n source 'c:/installation_files/npp.5.9.2.Installer.exe'\n action :install\nend\n```\n\nInstall VLC for that Xvid (NSIS installer)\n```ruby\nwindows_package 'VLC media player 1.1.10' do\n source 'http://superb-sea2.dl.sourceforge.net/project/vlc/1.1.10/win32/vlc-1.1.10-win32.exe'\n action :install\nend\n```\n\nInstall Firefox as custom installer and manually set the silent install flags\n```ruby\nwindows_package 'Mozilla Firefox 5.0 (x86 en-US)' do\n source 'http://archive.mozilla.org/pub/mozilla.org/mozilla.org/firefox/releases/5.0/win32/en-US/Firefox%20Setup%205.0.exe'\n options '-ms'\n installer_type :custom\n action :install\nend\n```\n\nGoogle Chrome FTW (MSI installer)\n```ruby\nwindows_package 'Google Chrome' do\n source 'https://dl-ssl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7B806F36C0-CB54-4A84-A3F3-0CF8A86575E0%7D%26lang%3Den%26browser%3D3%26usagestats%3D0%26appname%3DGoogle%2520Chrome%26needsadmin%3Dfalse/edgedl/chrome/install/GoogleChromeStandaloneEnterprise.msi'\n action :install\nend\n```\n\nRemove Google Chrome\n```ruby\nwindows_package 'Google Chrome' do\n action :remove\nend\n```\n\nRemove 7-Zip\n```ruby\nwindows_package '7-Zip 9.20 (x64 edition)' do\n action :remove\nend\n```\n\n### windows_printer_port\n\nCreate and delete TCP/IPv4 printer ports.\n\n#### Actions\n- :create: Create a TCIP/IPv4 printer port. This is the default action.\n- :delete: Delete a TCIP/IPv4 printer port\n\n#### Attribute Parameters\n- :ipv4_address: Name attribute. Required. IPv4 address, e.g. '10.0.24.34'\n- :port_name: Port name. Optional. Defaults to 'IP_' + :ipv4_address\n- :port_number: Port number. Optional. Defaults to 9100.\n- :port_description: Port description. Optional.\n- :snmp_enabled: Boolean. Optional. Defaults to false.\n- :port_protocol: Port protocol, 1 (RAW), or 2 (LPR). Optional. Defaults to 1.\n\n#### Examples\n\nCreate a TCP/IP printer port named 'IP_10.4.64.37' with all defaults\n```ruby\nwindows_printer_port '10.4.64.37' do\nend\n```\n\nDelete a printer port\n```ruby\nwindows_printer_port '10.4.64.37' do\n action :delete\nend\n```\n\nDelete a port with a custom port_name\n```ruby\nwindows_printer_port '10.4.64.38' do\n port_name 'My awesome port'\n action :delete\nend\n```\n\nCreate a port with more options\n```ruby\nwindows_printer_port '10.4.64.39' do\n port_name 'My awesome port'\n snmp_enabled true\n port_protocol 2\nend\n```\n\n### windows_printer\n\nCreate Windows printer. Note that this doesn't currently install a printer\ndriver. You must already have the driver installed on the system.\n\nThe Windows Printer LWRP will automatically create a TCP/IP printer port for you using the `ipv4_address` property. If you want more granular control over the printer port, just create it using the `windows_printer_port` LWRP before creating the printer.\n\n#### Actions\n- :create: Create a new printer\n- :delete: Delete a new printer\n\n#### Attribute Parameters\n- :device_id: Name attribute. Required. Printer queue name, e.g. 'HP LJ 5200 in fifth floor copy room'\n- :comment: Optional string describing the printer queue.\n- :default: Boolean. Optional. Defaults to false. Note that Windows sets the first printer defined to the default printer regardless of this setting.\n- :driver_name: String. Required. Exact name of printer driver. Note that the printer driver must already be installed on the node.\n- :location: Printer location, e.g. 'Fifth floor copy room', or 'US/NYC/Floor42/Room4207'\n- :shared: Boolean. Defaults to false.\n- :share_name: Printer share name.\n- :ipv4_address: Printer IPv4 address, e.g. '10.4.64.23'. You don't have to be able to ping the IP addresss to set it. Required.\n\nAn error of \"Set-WmiInstance : Generic failure\" is most likely due to the printer driver name not matching or not being installed.\n\n#### Examples\n\nCreate a printer\n```ruby\nwindows_printer 'HP LaserJet 5th Floor' do\n driver_name 'HP LaserJet 4100 Series PCL6'\n ipv4_address '10.4.64.38'\nend\n```\n\nDelete a printer. Note: this doesn't delete the associated printer port. See `windows_printer_port` above for how to delete the port.\n```ruby\nwindows_printer 'HP LaserJet 5th Floor' do\n action :delete\nend\n```\n\n### windows_reboot\nThis resource is now deprecated and will be removed in a future version of this cookbook. Chef >= 12.0.0 includes a built-in [reboot](http://docs.chef.io/resource_reboot.html) resource.\n\nSets required data in the node's run_state to notify `WindowsRebootHandler` a reboot is requested. If Chef run completes successfully a reboot will occur if the `WindowsRebootHandler` is properly registered as a report handler. As an action of `:request` will cause a node to reboot every Chef run, this resource is usually notified by other resources...ie restart node after a package is installed (see example below).\n\n#### Actions\n- :request: requests a reboot at completion of successful Cher run. requires `WindowsRebootHandler` to be registered as a report handler.\n- :cancel: remove reboot request from node.run_state. this will cancel *ALL* previously requested reboots as this is a binary state.\n\n#### Attribute Parameters\n- :timeout: Name attribute. timeout delay in seconds to wait before proceeding with the requested reboot. default is 60 seconds\n- :reason: comment on the reason for the reboot. default is 'Chef Software Chef initiated reboot'\n\n#### Examples\nIf the package installs, schedule a reboot at end of chef run\n```ruby\nwindows_reboot 60 do\n reason 'cause chef said so'\n action :nothing\nend\n\nwindows_package 'some_package' do\n action :install\n notifies :request, 'windows_reboot[60]'\nend\n```\n\nCancel the previously requested reboot\n```ruby\nwindows_reboot 60 do\n action :cancel\nend\n```\n\n### windows_registry\nThis resource is now deprecated and will be removed in a future version of this cookbook. Chef >= 11.6.0 includes a built-in [registry_key](http://docs.chef.io/resource_registry_key.html) resource.\n\nCreates and modifies Windows registry keys.\n\n*Change in v1.3.0: The Win32 classes use `::Win32` to avoid namespace conflict with `Chef::Win32` (introduced in Chef 0.10.10).*\n\n#### Actions\n- :create: create a new registry key with the provided values.\n- :modify: modify an existing registry key with the provided values.\n- :force_modify: modify an existing registry key with the provided values. ensures the value is actually set by checking multiple times. useful for fighting race conditions where two processes are trying to set the same registry key. This will be updated in the near future to use 'RegNotifyChangeKeyValue' which is exposed by the WinAPI and allows a process to register for notification on a registry key change.\n- :remove: removes a value from an existing registry key\n\n#### Attribute Parameters\n- key_name: name attribute. The registry key to create/modify.\n- values: hash of the values to set under the registry key. The individual hash items will become respective 'Value name' => 'Value data' items in the registry key.\n- type: Type of key to create, defaults to REG_SZ. Must be a symbol, see the overview below for valid values.\n\n#### Registry key types\n- :binary: REG_BINARY\n- :string: REG_SZ\n- :multi_string: REG_MULTI_SZ\n- :expand_string: REG_EXPAND_SZ\n- :dword: REG_DWORD\n- :dword_big_endian: REG_DWORD_BIG_ENDIAN\n- :qword: REG_QWORD\n\n#### Examples\n\nMake the local windows proxy match the one set for Chef\n```ruby\nproxy = URI.parse(Chef::Config[:http_proxy])\nwindows_registry 'HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings' do\n values 'ProxyEnable' => 1, 'ProxyServer' => \"#{proxy.host}:#{proxy.port}\", 'ProxyOverride' => ''\nend\n```\n\nEnable Remote Desktop and poke the firewall hole\n```ruby\nwindows_registry 'HKLM\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server' do\n values 'FdenyTSConnections' => 0\nend\n```\n\nDelete an item from the registry\n```ruby\nwindows_registry 'HKCU\\Software\\Test' do\n #Key is the name of the value that you want to delete the value is always empty\n values 'ValueToDelete' => ''\n action :remove\nend\n```\n\nAdd a REG_MULTI_SZ value to the registry\n```ruby\nwindows_registry 'HKCU\\Software\\Test' do\n values 'MultiString' => ['line 1', 'line 2', 'line 3']\n type :multi_string\nend\n```\n\n### windows_shortcut\nCreates and modifies Windows shortcuts.\n\n#### Actions\n- :create: create or modify a windows shortcut\n\n#### Attribute Parameters\n- name: name attribute. The shortcut to create/modify.\n- target: what the shortcut links to\n- arguments: arguments to pass to the target when the shortcut is executed\n- description:\n- cwd: Working directory to used when the target is executed\n- iconlocation: Icon to use, in the format of ```\"path, index\"``` where index is which icon in that file to use (See [WshShortcut.IconLocation](https://msdn.microsoft.com/en-us/library/3s9bx7at.aspx))\n\n#### Examples\n\nAdd a shortcut all users desktop:\n```ruby\nrequire 'win32ole'\nall_users_desktop = WIN32OLE.new(\"WScript.Shell\").SpecialFolders(\"AllUsersDesktop\")\n\nwindows_shortcut \"#{all_users_desktop}/Notepad.lnk\" do\n target \"C:\\\\WINDOWS\\\\notepad.exe\"\n description \"Launch Notepad\"\n iconlocation \"C:\\\\windows\\\\notepad.exe, 0\"\nend\n```\n\n#### Library Methods\n\n```ruby\nRegistry.value_exists?('HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run','BGINFO')\nRegistry.key_exists?('HKLM\\SOFTWARE\\Microsoft')\nBgInfo = Registry.get_value('HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run','BGINFO')\n```\n\n### windows_path\n#### Actions\n- :add: Add an item to the system path\n- :remove: Remove an item from the system path\n\n#### Attribute Parameters\n- :path: Name attribute. The name of the value to add to the system path\n\n#### Examples\n\nAdd Sysinternals to the system path\n```ruby\nwindows_path 'C:\\Sysinternals' do\n action :add\nend\n```\n\nRemove 7-Zip from the system path\n```ruby\nwindows_path 'C:\\7-Zip' do\n action :remove\nend\n```\n\n### windows_task\nCreates, deletes or runs a Windows scheduled task. Requires Windows\nServer 2008 due to API usage.\n\n#### Actions\n- :create: creates a task (or updates existing if user or command has changed)\n- :delete: deletes a task\n- :run: runs a task\n- :end: ends a task\n- :change: changes the un/pw or command of a task\n- :enable: enable a task\n- :disable: disable a task\n\n#### Attribute Parameters\n- task_name: name attribute, The task name. (\"Task Name\" or \"/Task Name\")\n- force: When used with create, will update the task.\n- command: The command the task will run.\n- cwd: The directory the task will be run from.\n- user: The user to run the task as. (defaults to 'SYSTEM')\n- password: The user's password. (requires user)\n- run_level: Run with limited or highest privileges.\n- frequency: Frequency with which to run the task. (default is :hourly. Other valid values include :minute, :hourly, :daily, :weekly, :monthly, :once, :on_logon, :onstart, :on_idle) \\*:once requires start_time\n- frequency_modifier: Multiple for frequency. (15 minutes, 2 days)\n- start_day: Specifies the first date on which the task runs. Optional string (MM/DD/YYYY)\n- start_time: Specifies the start time to run the task. Optional string (HH:mm) 24 Hour time\n- interactive_enabled: (Allow task to run interactively or non-interactively. Requires user and password.)\n- day: For monthly or weekly tasks, the day(s) on which the task runs. (MON - SUN, *, 1 - 31)\n\n#### Examples\n\nRun Chef every 15 minutes\n```ruby\nwindows_task 'Chef client' do\n user 'Administrator'\n password '$ecR3t'\n cwd 'C:\\\\chef\\\\bin'\n command 'chef-client -L C:\\\\tmp\\\\'\n run_level :highest\n frequency :minute\n frequency_modifier 15\nend\n```\n\nUpdate Chef Client task with new password and log location\n```ruby\nwindows_task 'Chef client' do\n user 'Administrator'\n password 'N3wPassW0Rd'\n cwd 'C:\\\\chef\\\\bin'\n command 'chef-client -L C:\\\\chef\\\\logs\\\\'\n action :change\nend\n```\n\nDelete a taks named 'old task'\n```ruby\nwindows_task 'old task' do\n action :delete\nend\n```\n\nEnable a task named 'Chef client'\n```ruby\nwindows_task 'Chef client' do\n action :enable\nend\n```\n\nDisable a task named 'Chef client'\n```ruby\nwindows_task 'Chef client' do\n action :disable\nend\n```\n\n### windows_zipfile\nMost version of Windows do not ship with native cli utility for managing compressed files. This resource provides a pure-ruby implementation for managing zip files. Be sure to use the `not_if` or `only_if` meta parameters to guard the resource for idempotence or action will be taken every Chef run.\n\n#### Actions\n- :unzip: unzip a compressed file\n- :zip: zip a directory (recursively)\n\n#### Attribute Parameters\n- path: name attribute. The path where files will be (un)zipped to.\n- source: source of the zip file (either a URI or local path) for :unzip, or directory to be zipped for :zip.\n- overwrite: force an overwrite of the files if they already exist.\n- checksum: for :unzip, useful if source is remote, if the local file matches the SHA-256 checksum, Chef will not download it.\n\n#### Examples\n\nUnzip a remote zip file locally\n```ruby\nwindows_zipfile 'c:/bin' do\n source 'http://download.sysinternals.com/Files/SysinternalsSuite.zip'\n action :unzip\n not_if {::File.exists?('c:/bin/PsExec.exe')}\nend\n```\n\nUnzip a local zipfile\n```ruby\nwindows_zipfile 'c:/the_codez' do\n source 'c:/foo/baz/the_codez.zip'\n action :unzip\nend\n```\n\nCreate a local zipfile\n```ruby\nwindows_zipfile 'c:/foo/baz/the_codez.zip' do\n source 'c:/the_codez'\n action :zip\nend\n```\n\nLibraries\n-------------------------\n### WindowsHelper\n\nHelper that allows you to use helpful functions in windows\n\n#### installed_packages\nReturns a hash of all DisplayNames installed\n```ruby\n# usage in a recipe\n::Chef::Recipe.send(:include, Windows::Helper)\nhash_of_installed_packages = installed_packages\n```\n\n#### is_package_installed?\n- `package_name`: The name of the package you want to query to see if it is installed\n- `returns`: true if the package is installed, false if it the package is not installed\n\nDownload a file if a package isn't installed\n```ruby\n# usage in a recipe to not download a file if package is already installed\n::Chef::Recipe.send(:include, Windows::Helper)\nis_win_sdk_installed = is_package_installed?('Windows Software Development Kit')\n\nremote_file 'C:\\windows\\temp\\windows_sdk.zip' do\n source 'http://url_to_download/windows_sdk.zip'\n action :create_if_missing\n not_if {is_win_sdk_installed}\nend\n```\nDo something if a package is installed\n```ruby\n# usage in a provider\ninclude Windows::Helper\nif is_package_installed?('Windows Software Development Kit')\n # do something if package is installed\nend\n```\n\nException/Report Handlers\n-------------------------\n### WindowsRebootHandler\nRequired reboots are a necessary evil of configuring and managing Windows nodes. This report handler (ie fires at the end of Chef runs) acts on requested (Chef initiated) or pending (as determined by the OS per configuration action we performed) reboots. The `allow_pending_reboots` initialization argument should be set to false if you do not want the handler to automatically reboot a node if it has been determined a reboot is pending. Reboots can still be requested explicitly via the `windows_reboot` LWRP.\n\n### Initialization Arguments\n- `allow_pending_reboots`: indicator on whether the handler should act on a the Window's 'pending reboot' state. default is true\n- `timeout`: timeout delay in seconds to wait before proceeding with the reboot. default is 60 seconds\n- `reason`: comment on the reason for the reboot. default is 'Chef Software Chef initiated reboot'\n\n\nWindows ChefSpec Matchers\n-------------------------\nThe Windows cookbook includes custom [ChefSpec](https://github.com/sethvargo/chefspec) matchers you can use to test your own cookbooks that consume Windows cookbook LWRPs.\n\n###Example Matcher Usage\n```ruby\nexpect(chef_run).to install_windows_package('Node.js').with(\n source: 'http://nodejs.org/dist/v0.10.26/x64/node-v0.10.26-x64.msi')\n```\n\n###Windows Cookbook Matchers\n* install_windows_package\n* remove_windows_package\n* install_windows_feature\n* remove_windows_feature\n* delete_windows_feature\n* create_windows_task\n* delete_windows_task\n* run_windows_task\n* change_windows_task\n* add_windows_path\n* remove_windows_path\n* run_windows_batch\n* set_windows_pagefile\n* unzip_windows_zipfile_to\n* zip_windows_zipfile_to\n* create_windows_shortcut\n* create_windows_auto_run\n* remove_windows_auto_run\n* create_windows_printer\n* delete_windows_printer\n* create_windows_printer_port\n* delete_windows_printer_port\n* request_windows_reboot\n* cancel_windows_reboot\n* create_windows_shortcut\n\n\nUsage\n-----\n\nPlace an explicit dependency on this cookbook (using depends in the cookbook's metadata.rb) from any cookbook where you would like to use the Windows-specific resources/providers that ship with this cookbook.\n\n```ruby\ndepends 'windows'\n```\n\n### default\nConvenience recipe that installs supporting gems for many of the resources/providers that ship with this cookbook.\n\n*Change in v1.3.0: Uses chef_gem instead of gem_package to ensure gem installation in Chef 0.10.10.*\n\n### reboot_handler\nLeverages the `chef_handler` LWRP to register the `WindowsRebootHandler` report handler that ships as part of this cookbook. By default this handler is set to automatically act on pending reboots. If you would like to change this behavior override `node['windows']['allow_pending_reboots']` and set the value to false. For example:\n\n```ruby\nname 'base'\ndescription 'base role'\noverride_attributes(\n 'windows' => {\n 'allow_pending_reboots' => false\n }\n)\n```\n\nThis will still allow a reboot to be explicitly requested via the `windows_reboot` LWRP.\n\nBy default, the handler will only be registered as a report handler, meaning that it will only fire at the end of successful Chef runs. If the run fails, pending or requested reboots will be ignored. This can lead to a situation where some package was installed and notified a reboot request via the `windows_reboot` LWRP, and then the run fails for some unrelated reason, and the reboot request gets dropped because the resource that notified the reboot request will already be up-to-date at the next run and will not request a reboot again, and thus the requested reboot will never be performed. To change this behavior and register the handler as an exception handler that fires at the end of failed runs too, override `node['windows']['allow_reboot_on_failure']` and set the value to true.\n\n\nLicense & Authors\n-----------------\n- Author:: Seth Chisamore ()\n- Author:: Doug MacEachern ()\n- Author:: Paul Morton ()\n- Author:: Doug Ireton ()\n\n```text\nCopyright 2011-2015, Chef Software, Inc.\nCopyright 2010, VMware, Inc.\nCopyright 2011, Business Intelligence Associates, Inc\nCopyright 2012, Nordstrom, Inc.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache 2.0","platforms":{"windows":">= 0.0.0"},"dependencies":{"chef_handler":">= 0.0.0"},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{}} \ No newline at end of file diff --git a/berks-cookbooks/windows/providers/certificate.rb b/berks-cookbooks/windows/providers/certificate.rb new file mode 100644 index 00000000..4be1fdc5 --- /dev/null +++ b/berks-cookbooks/windows/providers/certificate.rb @@ -0,0 +1,169 @@ +# +# Author:: Richard Lavey (richard.lavey@calastone.com) +# Cookbook Name:: windows +# Provider:: certificate +# +# Copyright:: 2015, Calastone Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# See this for info on certutil +# https://technet.microsoft.com/en-gb/library/cc732443.aspx + +include Windows::Helper + +# Support whyrun +def whyrun_supported? + true +end + +use_inline_resources + +action :create do + hash = '$cert.GetCertHashString()' + code_script = cert_script(true) << + within_store_script {|store| store + '.Add($cert)'} << + acl_script(hash) + + guard_script = cert_script(false) << + cert_exists_script(hash) + + powershell_script new_resource.name do + code code_script + not_if guard_script + end +end + +# acl_add is a modify-if-exists operation : not idempotent +action :acl_add do + if ::File.exists?(new_resource.source) + hash = '$cert.GetCertHashString()' + code_script = guard_script = cert_script(false) + else + # make sure we have no spaces in the hash string + hash = "\"#{new_resource.source.gsub(/\s/, '')}\"" + code_script = guard_script = '' + end + code_script << acl_script(hash) + guard_script << cert_exists_script(hash) + + powershell_script @new_resource.name do + code code_script + only_if guard_script + end +end + +action :delete do + # do we have a hash or a subject? + # TODO: It's a bit annoying to know the thumbprint of a cert you want to remove when you already + # have the file. Support reading the hash directly from the file if provided. + if new_resource.source.match(/^[a-fA-F0-9]{40}$/) + search = "Thumbprint -eq '#{new_resource.source}'" + else + search = "Subject -like '*#{new_resource.source.sub(/\*/, '`*')}*'" # escape any * in the source + end + cert_command = "Get-ChildItem Cert:\\#{@location}\\#{new_resource.store_name} | where { $_.#{search} }" + + code_script = within_store_script do |store| <<-EOH +foreach ($c in #{cert_command}) +{ + #{store}.Remove($c) +} +EOH + end + guard_script = "@(#{cert_command}).Count -gt 0\n" + + powershell_script new_resource.name do + code code_script + only_if guard_script + end +end + +def load_current_resource + # Currently we don't read out the cert acl here and converge it in a very Chef-y way. + # We also don't read if the private key is available or populate "exists". This means + # that if you converged a cert without persisting the private key once, we won't do it + # again, even if you have a cert with the keys now. + # TODO: Make this more Chef-y and follow a more state-based patten of convergence. + @current_resource = Chef::Resource::WindowsCertificate.new(new_resource.name) + # TODO: Change to allow source to be read from the cookbook. It makes testing + # and loading certs from the cookbook much easier. + @current_resource.source(new_resource.source) + @current_resource.pfx_password(new_resource.pfx_password) + @current_resource.private_key_acl(new_resource.private_key_acl) + @current_resource.store_name(new_resource.store_name) + @current_resource.user_store(new_resource.user_store) + @location = @current_resource.user_store ? 'CurrentUser' : 'LocalMachine' +end + +private + +def cert_script(persist) + cert_script = '$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2' + file = win_friendly_path(new_resource.source) + cert_script << " \"#{file}\"" + if ::File.extname(file.downcase) == '.pfx' + cert_script << ", \"#{new_resource.pfx_password}\"" + if persist && new_resource.user_store + cert_script << ', [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet' + elsif persist + cert_script << ', ([System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet -bor [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::MachineKeyset)' + end + end + cert_script << "\n" +end + +def cert_exists_script(hash) + <<-EOH +$hash = #{hash} +Test-Path "Cert:\\#{@location}\\#{new_resource.store_name}\\$hash" +EOH +end + +def within_store_script + inner_script = yield '$store' + <<-EOH +$store = New-Object System.Security.Cryptography.X509Certificates.X509Store "#{new_resource.store_name}", ([System.Security.Cryptography.X509Certificates.StoreLocation]::#{@location}) +$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite) +#{inner_script} +$store.Close() +EOH +end + +def acl_script(hash) + return '' if new_resource.private_key_acl.nil? || new_resource.private_key_acl.length == 0 + # this PS came from http://blogs.technet.com/b/operationsguy/archive/2010/11/29/provide-access-to-private-keys-commandline-vs-powershell.aspx + # and from https://msdn.microsoft.com/en-us/library/windows/desktop/bb204778(v=vs.85).aspx + set_acl_script = <<-EOH +$hash = #{hash} +$storeCert = Get-ChildItem "cert:\\#{@location}\\#{@new_resource.store_name}\\$hash" +if ($storeCert -eq $null) { throw 'no key exists.' } +$keyname = $storeCert.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName +if ($keyname -eq $null) { throw 'no private key exists.' } +if ($storeCert.PrivateKey.CspKeyContainerInfo.MachineKeyStore) +{ +$fullpath = "$Env:ProgramData\\Microsoft\\Crypto\\RSA\\MachineKeys\\$keyname" +} +else +{ +$currentUser = New-Object System.Security.Principal.NTAccount($Env:UserDomain, $Env:UserName) +$userSID = $currentUser.Translate([System.Security.Principal.SecurityIdentifier]).Value +$fullpath = "$Env:ProgramData\\Microsoft\\Crypto\\RSA\\$userSID\\$keyname" +} +EOH + new_resource.private_key_acl.each do | name | + set_acl_script << "$uname='#{name}'; icacls $fullpath /grant $uname`:RX\n" + end + set_acl_script +end diff --git a/berks-cookbooks/windows/providers/certificate_binding.rb b/berks-cookbooks/windows/providers/certificate_binding.rb new file mode 100644 index 00000000..6533d067 --- /dev/null +++ b/berks-cookbooks/windows/providers/certificate_binding.rb @@ -0,0 +1,131 @@ +# +# Author:: Richard Lavey (richard.lavey@calastone.com) +# Cookbook Name:: windows +# Provider:: certificate_binding +# +# Copyright:: 2015, Calastone Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# See https://msdn.microsoft.com/en-us/library/windows/desktop/cc307236%28v=vs.85%29.aspx for netsh info + +include Chef::Mixin::ShellOut +include Chef::Mixin::PowershellOut +include Windows::Helper + +# Support whyrun +def whyrun_supported? + true +end + +action :create do + hash = @new_resource.name_kind == :subject ? getHashFromSubject() : @new_resource.cert_name + + if @current_resource.exists + needsChange = (hash.casecmp(@current_hash) != 0) + + if needsChange + converge_by("Changing #{@current_resource.address}:#{@current_resource.port}") do + deleteBinding + setBinding hash + end + else + Chef::Log.debug("#{@current_resource.address}:#{@current_resource.port} already bound to #{hash} - nothing to do") + end + else + converge_by("Binding #{@current_resource.address}:#{@current_resource.port}") do + setBinding hash + end + end +end + +action :delete do + if @current_resource.exists + converge_by("Deleting #{@current_resource.address}:#{@current_resource.port}") do + deleteBinding + end + else + Chef::Log.debug("#{@current_resource.address}:#{@current_resource.port} not bound - nothing to do") + end +end + +def load_current_resource + @current_resource = Chef::Resource::WindowsCertificateBinding.new(@new_resource.name) + @current_resource.cert_name(@new_resource.cert_name) + @current_resource.name_kind(@new_resource.name_kind) + @current_resource.address(@new_resource.address) + @current_resource.port(@new_resource.port) + + @command = locate_sysnative_cmd("netsh.exe") + getCurrentHash +end + +private +def getCurrentHash() + cmd = shell_out("#{@command} http show sslcert ipport=#{@current_resource.address}:#{@current_resource.port}") + Chef::Log.debug "netsh reports: #{cmd.stdout}" + + if cmd.exitstatus == 0 + m = cmd.stdout.scan(/Certificate Hash\s+:\s?([A-Fa-f0-9]{40})/) + if m.length == 0 + raise "Failed to extract hash from command output #{cmd.stdout}" + else + @current_hash = m[0][0] + @current_resource.exists = true + end + else + @current_resource.exists = false + end +end + +def setBinding(hash) + cmd = "#{@command} http add sslcert" + cmd << " ipport=#{@current_resource.address}:#{@current_resource.port}" + cmd << " certhash=#{hash}" + cmd << " appid=#{@current_resource.app_id}" + cmd << " certstorename=#{@current_resource.store_name}" + checkHash hash + + shell_out!(cmd) +end + +def deleteBinding() + shell_out!("#{@command} http delete sslcert ipport=#{@current_resource.address}:#{@current_resource.port}") +end + +def checkHash(hash) + p = powershell_out!("Test-Path \"cert:\\LocalMachine\\#{@current_resource.store_name}\\#{hash}\"") + + if !(p.stderr.empty? && p.stdout =~ /True/i) + raise "A Cert with hash of #{hash} doesn't exist in keystore LocalMachine\\#{@current_resource.store_name}" + end + return +end + +def getHashFromSubject() + # escape wildcard subject name (*.acme.com) + subject = @current_resource.cert_name.sub(/\*/, '`*') + ps_script = "& { gci cert:\\localmachine\\#{@current_resource.store_name} | where subject -like '*#{subject}*' | select -first 1 -expandproperty Thumbprint }" + + Chef::Log.debug "Running PS script #{ps_script}" + p = powershell_out!(ps_script) + + if (!p.stderr.nil? && p.stderr.length > 0) + raise "#{ps_script} failed with #{p.stderr}" + elsif (p.stdout.nil? || p.stdout.length == 0) + raise "Couldn't find thumbprint for subject #{@current_resource.cert_name}" + end + + p.stdout.strip +end diff --git a/berks-cookbooks/windows/providers/http_acl.rb b/berks-cookbooks/windows/providers/http_acl.rb new file mode 100644 index 00000000..952d2909 --- /dev/null +++ b/berks-cookbooks/windows/providers/http_acl.rb @@ -0,0 +1,90 @@ +# +# Author:: Richard Lavey (richard.lavey@calastone.com) +# Cookbook Name:: windows +# Provider:: http_acl +# +# Copyright:: 2015, Calastone Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# See https://msdn.microsoft.com/en-us/library/windows/desktop/cc307236%28v=vs.85%29.aspx for netsh info + +include Chef::Mixin::ShellOut +include Windows::Helper + +# Support whyrun +def whyrun_supported? + true +end + +action :create do + raise "No user property set" if @new_resource.user.nil? || @new_resource.user.empty? + + if @current_resource.exists + needsChange = (@current_resource.user.casecmp(@new_resource.user) != 0) + + if needsChange + converge_by("Changing #{@current_resource.url}") do + deleteAcl + setAcl + end + else + Chef::Log.debug("#{@current_resource.url} already set - nothing to do") + end + else + converge_by("Setting #{@current_resource.url}") do + setAcl + end + end +end + +action :delete do + if @current_resource.exists + converge_by("Deleting #{@current_resource.url}") do + deleteAcl + end + else + Chef::Log.debug("#{@current_resource.url} does not exist - nothing to do") + end +end + +def load_current_resource + @current_resource = Chef::Resource::WindowsHttpAcl.new(@new_resource.name) + @current_resource.url(@new_resource.url) + + @command = locate_sysnative_cmd("netsh.exe") + getCurrentAcl +end + +private +def getCurrentAcl() + cmd = shell_out!("#{@command} http show urlacl url=#{@current_resource.url}") + Chef::Log.debug "netsh reports: #{cmd.stdout}" + + m = cmd.stdout.scan(/User:\s*(\S+)/) + if m.length == 0 + @current_resource.exists = false + else + @current_resource.user(m[0][0]) + @current_resource.exists = true + end +end + +def setAcl() + shell_out!("#{@command} http add urlacl url=#{@new_resource.url} user=#{@new_resource.user}") +end + +def deleteAcl() + shell_out!("#{@command} http delete urlacl url=#{@new_resource.url}") +end diff --git a/berks-cookbooks/windows/providers/shortcut.rb b/berks-cookbooks/windows/providers/shortcut.rb index 9fd9a88a..55499a8f 100644 --- a/berks-cookbooks/windows/providers/shortcut.rb +++ b/berks-cookbooks/windows/providers/shortcut.rb @@ -29,6 +29,7 @@ def load_current_resource @current_resource.arguments(@link.Arguments) @current_resource.description(@link.Description) @current_resource.cwd(@link.WorkingDirectory) + @current_resource.iconlocation(@link.IconLocation) end # Check to see if the shorcut needs any changes @@ -37,7 +38,7 @@ def load_current_resource # :: If a change is required # :: If the shorcuts are identical def compare_shortcut - [:target, :arguments, :description, :cwd].any? do |attr| + [:target, :arguments, :description, :cwd, :iconlocation].any? do |attr| !@new_resource.send(attr).nil? && @current_resource.send(attr) != @new_resource.send(attr) end end @@ -48,7 +49,8 @@ def action_create @link.Arguments = @new_resource.arguments if @new_resource.arguments != nil @link.Description = @new_resource.description if @new_resource.description != nil @link.WorkingDirectory = @new_resource.cwd if @new_resource.cwd != nil - #ignoring: WindowStyle, Hotkey, IconLocation + @link.IconLocation = @new_resource.iconlocation if @new_resource.iconlocation != nil + #ignoring: WindowStyle, Hotkey @link.Save Chef::Log.info("Added #{@new_resource} shortcut") new_resource.updated_by_last_action(true) diff --git a/berks-cookbooks/windows/providers/task.rb b/berks-cookbooks/windows/providers/task.rb index 24a35c0b..e1f73f7e 100644 --- a/berks-cookbooks/windows/providers/task.rb +++ b/berks-cookbooks/windows/providers/task.rb @@ -21,23 +21,32 @@ require 'chef/mixin/shell_out' include Chef::Mixin::ShellOut +use_inline_resources + action :create do - if @current_resource.exists + if @current_resource.exists && (not (task_need_update? || @new_resource.force)) Chef::Log.info "#{@new_resource} task already exists - nothing to do" else - if @new_resource.user and @new_resource.password.nil? then Chef::Log.debug "#{@new_resource} did not specify a password, creating task without a password" end - use_force = @new_resource.force ? '/F' : '' - cmd = "schtasks /Create #{use_force} /TN \"#{@new_resource.name}\" " + validate_user_and_password + validate_interactive_setting + validate_create_day + schedule = @new_resource.frequency == :on_logon ? "ONLOGON" : @new_resource.frequency - cmd += "/SC #{schedule} " - cmd += "/MO #{@new_resource.frequency_modifier} " if [:minute, :hourly, :daily, :weekly, :monthly].include?(@new_resource.frequency) - cmd += "/SD \"#{@new_resource.start_day}\" " unless @new_resource.start_day.nil? - cmd += "/ST \"#{@new_resource.start_time}\" " unless @new_resource.start_time.nil? - cmd += "/TR \"#{@new_resource.command}\" " - cmd += "/RU \"#{@new_resource.user}\" " if @new_resource.user - cmd += "/RP \"#{@new_resource.password}\" " if @new_resource.user and @new_resource.password - cmd += "/RL HIGHEST " if @new_resource.run_level == :highest - shell_out!(cmd, {:returns => [0]}) + frequency_modifier_allowed = [:minute, :hourly, :daily, :weekly, :monthly] + options = Hash.new + options['F'] = '' if @new_resource.force || task_need_update? + options['SC'] = schedule + options['MO'] = @new_resource.frequency_modifier if frequency_modifier_allowed.include?(@new_resource.frequency) + options['SD'] = @new_resource.start_day unless @new_resource.start_day.nil? + options['ST'] = @new_resource.start_time unless @new_resource.start_time.nil? + options['TR'] = "\"#{@new_resource.command}\" " + options['RU'] = @new_resource.user + options['RP'] = @new_resource.password if use_password? + options['RL'] = 'HIGHEST' if @new_resource.run_level == :highest + options['IT'] = '' if @new_resource.interactive_enabled + options['D'] = @new_resource.day if @new_resource.day + + run_schtasks 'CREATE', options new_resource.updated_by_last_action true Chef::Log.info "#{@new_resource} task created" end @@ -48,8 +57,7 @@ if @current_resource.status == :running Chef::Log.info "#{@new_resource} task is currently running, skipping run" else - cmd = "schtasks /Run /TN \"#{@current_resource.name}\"" - shell_out!(cmd, {:returns => [0]}) + run_schtasks 'RUN' new_resource.updated_by_last_action true Chef::Log.info "#{@new_resource} task ran" end @@ -60,14 +68,18 @@ action :change do if @current_resource.exists - cmd = "schtasks /Change /TN \"#{@current_resource.name}\" " - cmd += "/TR \"#{@new_resource.command}\" " if @new_resource.command - if @new_resource.user && @new_resource.password - cmd += "/RU \"#{@new_resource.user}\" /RP \"#{@new_resource.password}\" " - elsif (@new_resource.user and !@new_resource.password) || (@new_resource.password and !@new_resource.user) - Chef::Log.fatal "#{@new_resource.name}: Can't specify user or password without both!" - end - shell_out!(cmd, {:returns => [0]}) + validate_user_and_password + validate_interactive_setting + + options = Hash.new + options['TR'] = "\"#{@new_resource.command}\" " if @new_resource.command + options['RU'] = @new_resource.user if @new_resource.user + options['RP'] = @new_resource.password if @new_resource.password + options['SD'] = @new_resource.start_day unless @new_resource.start_day.nil? + options['ST'] = @new_resource.start_time unless @new_resource.start_time.nil? + options['IT'] = '' if @new_resource.interactive_enabled + + run_schtasks 'CHANGE', options new_resource.updated_by_last_action true Chef::Log.info "Change #{@new_resource} task ran" else @@ -77,9 +89,8 @@ action :delete do if @current_resource.exists - use_force = @new_resource.force ? '/F' : '' - cmd = "schtasks /Delete #{use_force} /TN \"#{@current_resource.name}\"" - shell_out!(cmd, {:returns => [0]}) + # always need to force deletion + run_schtasks 'DELETE', {'F' => ''} new_resource.updated_by_last_action true Chef::Log.info "#{@new_resource} task deleted" else @@ -87,14 +98,27 @@ end end +action :end do + if @current_resource.exists + if @current_resource.status != :running + Chef::Log.debug "#{@new_resource} is not running - nothing to do" + else + run_schtasks 'END' + @new_resource.updated_by_last_action true + Chef::Log.info "#{@new_resource} task ended" + end + else + Chef::Log.fatal "#{@new_resource} task doesn't exist - nothing to do" + raise Errno::ENOENT, "#{@new_resource}: task does not exist, cannot end" + end +end + action :enable do if @current_resource.exists if @current_resource.enabled Chef::Log.debug "#{@new_resource} already enabled - nothing to do" else - cmd = "schtasks /Change /TN \"#{@current_resource.name}\" " - cmd += "/ENABLE" - shell_out!(cmd, {:returns => [0]}) + run_schtasks 'CHANGE', {'ENABLE' => ''} @new_resource.updated_by_last_action true Chef::Log.info "#{@new_resource} task enabled" end @@ -107,9 +131,7 @@ action :disable do if @current_resource.exists if @current_resource.enabled - cmd = "schtasks /Change /TN \"#{@current_resource.name}\" " - cmd += "/DISABLE" - shell_out!(cmd, {:returns => [0]}) + run_schtasks 'CHANGE', {'DISABLE' => ''} @new_resource.updated_by_last_action true Chef::Log.info "#{@new_resource} task disabled" else @@ -123,10 +145,12 @@ def load_current_resource @current_resource = Chef::Resource::WindowsTask.new(@new_resource.name) - @current_resource.name(@new_resource.name) + @current_resource.task_name(@new_resource.task_name) + - task_hash = load_task_hash(@current_resource.name) - if task_hash[:TaskName] == '\\' + @new_resource.name + pathed_task_name = @new_resource.task_name[0,1] == '\\' ? @new_resource.task_name : @new_resource.task_name.prepend('\\') + task_hash = load_task_hash(@current_resource.task_name) + if task_hash[:TaskName] == pathed_task_name @current_resource.exists = true if task_hash[:Status] == "Running" @current_resource.status = :running @@ -141,6 +165,20 @@ def load_current_resource end private +def run_schtasks(task_action, options={}) + cmd = "schtasks /#{task_action} /TN \"#{@new_resource.task_name}\" " + options.keys.each do |option| + cmd += "/#{option} #{options[option]} " + end + Chef::Log.debug("running: ") + Chef::Log.debug(" #{cmd}") + shell_out!(cmd, {:returns => [0]}) +end + +def task_need_update? + @current_resource.command != @new_resource.command || + @current_resource.user != @new_resource.user +end def load_task_hash(task_name) Chef::Log.debug "looking for existing tasks" @@ -165,3 +203,41 @@ def load_task_hash(task_name) task end + +SYSTEM_USERS = ['NT AUTHORITY\SYSTEM', 'SYSTEM', 'NT AUTHORITY\LOCALSERVICE', 'NT AUTHORITY\NETWORKSERVICE'] + +def validate_user_and_password + if @new_resource.user && use_password? + if @new_resource.password.nil? + Chef::Log.fatal "#{@new_resource.task_name}: Can't specify a non-system user without a password!" + end + end + +end + +def validate_interactive_setting + if @new_resource.interactive_enabled && password.nil? + Chef::Log.fatal "#{new_resource} did not provide a password when attempting to set interactive/non-interactive." + end +end + +def validate_create_day + if not @new_resource.day then + return + end + if not [:weekly, :monthly].include?(@new_resource.frequency) then + raise "day attribute is only valid for tasks that run weekly or monthly" + end + if @new_resource.day.is_a? String then + days = @new_resource.day.split(",") + days.each do |day| + if not ["mon", "tue", "wed", "thu", "fri", "sat", "sun", "*"].include?(day.strip.downcase) then + raise "day attribute invalid. Only valid values are: MON, TUE, WED, THU, FRI, SAT, SUN and *. Multiple values must be separated by a comma." + end + end + end +end + +def use_password? + @use_password ||= !SYSTEM_USERS.include?(@new_resource.user.upcase) +end diff --git a/berks-cookbooks/windows/resources/batch.rb b/berks-cookbooks/windows/resources/batch.rb index 4b1e6bea..e8590d17 100644 --- a/berks-cookbooks/windows/resources/batch.rb +++ b/berks-cookbooks/windows/resources/batch.rb @@ -33,4 +33,11 @@ def initialize(name, run_context=nil) super @action = :run @command = name + Chef::Log.warn <<-EOF +Please use the batch resource in Chef Client 11 and 12. +windows_batch will be removed in the next major version release +of the Windows cookbook. +EOF + + end diff --git a/berks-cookbooks/logrotate/attributes/default.rb b/berks-cookbooks/windows/resources/certificate.rb similarity index 50% rename from berks-cookbooks/logrotate/attributes/default.rb rename to berks-cookbooks/windows/resources/certificate.rb index 70f86fd6..fea3be34 100644 --- a/berks-cookbooks/logrotate/attributes/default.rb +++ b/berks-cookbooks/windows/resources/certificate.rb @@ -1,8 +1,9 @@ # -# Cookbook Name:: logrotate -# Attribute:: default +# Author:: Richard Lavey (richard.lavey@calastone.com) +# Cookbook Name:: windows +# Resource:: certificate # -# Copyright 2013, Chef +# Copyright:: 2015, Calastone Ltd. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,22 +18,11 @@ # limitations under the License. # -default['logrotate']['global'] = { - 'weekly' => true, - 'rotate' => 4, - 'create' => '', +actions :create, :delete, :acl_add +default_action :create - '/var/log/wtmp' => { - 'missingok' => true, - 'monthly' => true, - 'create' => '0664 root utmp', - 'rotate' => 1 - }, - - '/var/log/btmp' => { - 'missingok' => true, - 'monthly' => true, - 'create' => '0660 root utmp', - 'rotate' => 1 - } -} +attribute :source, :kind_of => String, :name_attribute => true, :required => true +attribute :pfx_password, :kind_of => String +attribute :private_key_acl, :kind_of => Array +attribute :store_name, :kind_of => String, :default => 'MY', :regex => /^(?:MY|CA|ROOT)$/ +attribute :user_store, :kind_of => [TrueClass, FalseClass], :default => false diff --git a/berks-cookbooks/windows/resources/certificate_binding.rb b/berks-cookbooks/windows/resources/certificate_binding.rb new file mode 100644 index 00000000..c93a35ca --- /dev/null +++ b/berks-cookbooks/windows/resources/certificate_binding.rb @@ -0,0 +1,31 @@ +# +# Author:: Richard Lavey (richard.lavey@calastone.com) +# Cookbook Name:: windows +# Resource:: certificate_binding +# +# Copyright:: 2015, Calastone Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +actions :create, :delete +default_action :create + +attribute :cert_name, :kind_of => String, :name_attribute => true, :required => true +attribute :name_kind, :kind_of => Symbol, :equal_to => [:hash, :subject], :default => :subject +attribute :address, :kind_of => String, :default => '0.0.0.0' +attribute :port, :kind_of => Integer, :default => 443 +attribute :app_id, :kind_of => String, :default => '{4dc3e181-e14b-4a21-b022-59fc669b0914}' +attribute :store_name, :kind_of => String, :default => 'MY', :regex => /^(?:MY|CA|ROOT)$/ + +attr_accessor :exists diff --git a/berks-cookbooks/windows/resources/feature.rb b/berks-cookbooks/windows/resources/feature.rb index 4adf758c..9f25b373 100644 --- a/berks-cookbooks/windows/resources/feature.rb +++ b/berks-cookbooks/windows/resources/feature.rb @@ -40,5 +40,7 @@ def locate_default_provider :windows_feature_dism elsif ::File.exists?(locate_sysnative_cmd('servermanagercmd.exe')) :windows_feature_servermanagercmd + else + :windows_feature_powershell end end diff --git a/berks-cookbooks/npm/resources/package.rb b/berks-cookbooks/windows/resources/http_acl.rb similarity index 60% rename from berks-cookbooks/npm/resources/package.rb rename to berks-cookbooks/windows/resources/http_acl.rb index 25ad4b86..28da54c4 100644 --- a/berks-cookbooks/npm/resources/package.rb +++ b/berks-cookbooks/windows/resources/http_acl.rb @@ -1,10 +1,9 @@ # -# Cookbook Name:: npm -# Resource:: npm +# Author:: Richard Lavey (richard.lavey@calastone.com) +# Cookbook Name:: windows +# Resource:: http_acl # -# Author:: Sergey Balbeko -# -# Copyright 2012, Sergey Balbeko +# Copyright:: 2015, Calastone Ltd. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,13 +18,10 @@ # limitations under the License. # -actions :install, :install_local, :install_from_json, :uninstall, :uninstall_local +actions :create, :delete +default_action :create -attribute :name, :name_attribute => true -attribute :version, :default => nil -attribute :path, :default => nil +attribute :url, :kind_of => String, :name_attribute => true, :required => true +attribute :user, :kind_of => String -def initialize(*args) - super - @action = :install -end +attr_accessor :exists diff --git a/berks-cookbooks/windows/resources/reboot.rb b/berks-cookbooks/windows/resources/reboot.rb index 014e2016..1d18bb14 100644 --- a/berks-cookbooks/windows/resources/reboot.rb +++ b/berks-cookbooks/windows/resources/reboot.rb @@ -21,9 +21,14 @@ actions :request, :cancel attribute :timeout, :kind_of => Integer, :name_attribute => true -attribute :reason, :kind_of => String, :default => '' +attribute :reason, :kind_of => String, :default => 'Chef client run' def initialize(name,run_context=nil) super @action = :request + Chef::Log.warn <<-EOF +The windows_reboot resource is deprecated. Please use the reboot resource in +Chef Client 12. windows_reboot will be removed in the next major version +release of the Windows cookbook. +EOF end diff --git a/berks-cookbooks/windows/resources/registry.rb b/berks-cookbooks/windows/resources/registry.rb index ffe6cf2c..3bd18fb4 100644 --- a/berks-cookbooks/windows/resources/registry.rb +++ b/berks-cookbooks/windows/resources/registry.rb @@ -30,5 +30,10 @@ def initialize(name, run_context=nil) super @action = :modify @key_name = name - Chef::Log.warn("Please use the registry_key resource in Chef Client 11. The windows_registry LWRP is still supported for Chef Client 10, but is deprecated in future versions.") + Chef::Log.warn <<-EOF +Please use the registry_key resource in Chef Client 11 and 12. +windows_registry will be removed in the next major version release +of the Windows cookbook. +EOF + end diff --git a/berks-cookbooks/windows/resources/shortcut.rb b/berks-cookbooks/windows/resources/shortcut.rb index eb6268b4..0525d877 100644 --- a/berks-cookbooks/windows/resources/shortcut.rb +++ b/berks-cookbooks/windows/resources/shortcut.rb @@ -27,6 +27,7 @@ attribute :arguments, :kind_of => String attribute :description, :kind_of => String attribute :cwd, :kind_of => String +attribute :iconlocation, :kind_of => String # Covers 0.10.8 and earlier def initialize(*args) diff --git a/berks-cookbooks/windows/resources/task.rb b/berks-cookbooks/windows/resources/task.rb index fa1fab4c..b48750d7 100644 --- a/berks-cookbooks/windows/resources/task.rb +++ b/berks-cookbooks/windows/resources/task.rb @@ -20,15 +20,17 @@ # Passwords can't be loaded for existing tasks, making :modify both confusing # and not very useful -actions :create, :delete, :run, :change, :enable, :disable +actions :create, :delete, :run, :end, :change, :enable, :disable -attribute :name, :kind_of => String, :name_attribute => true, :regex => [ /\A[^\\\/\:\*\?\<\>\|]+\z/ ] + +attribute :task_name, :kind_of => String, :name_attribute => true, :regex => [ /\A[^\/\:\*\?\<\>\|]+\z/ ] attribute :command, :kind_of => String attribute :cwd, :kind_of => String -attribute :user, :kind_of => String, :default => nil +attribute :user, :kind_of => String, :default => 'SYSTEM' attribute :password, :kind_of => String, :default => nil attribute :run_level, :equal_to => [:highest, :limited], :default => :limited attribute :force, :kind_of => [ TrueClass, FalseClass ], :default => false +attribute :interactive_enabled, :kind_of => [ TrueClass, FalseClass ], :default => false attribute :frequency_modifier, :kind_of => Integer, :default => 1 attribute :frequency, :equal_to => [:minute, :hourly, @@ -41,6 +43,7 @@ :on_idle], :default => :hourly attribute :start_day, :kind_of => String, :default => nil attribute :start_time, :kind_of => String, :default => nil +attribute :day, :kind_of => [ String, Integer ], :default => nil attr_accessor :exists, :status, :enabled diff --git a/berks-cookbooks/yum-epel/CHANGELOG.md b/berks-cookbooks/yum-epel/CHANGELOG.md index 14e5662f..dce9b053 100644 --- a/berks-cookbooks/yum-epel/CHANGELOG.md +++ b/berks-cookbooks/yum-epel/CHANGELOG.md @@ -1,5 +1,29 @@ yum-epel Cookbook CHANGELOG ====================== +This file is used to list changes made in each version of the yum-epel cookbook. + +v0.6.3 (2015-09-22) +------------------- +- Added standard Chef gitignore and chefignore files +- Added the standard chef rubocop config +- Update contributing, maintainers, and testing docs +- Update Chefspec config to 4.X format +- Update distro versions in the Kitchen config +- Add Travis CI and cookbook version badges in the readme +- Expand the requirements section in the readme +- Add additional distros to the metadata +- Added source_url and issues_url metadata + +v0.6.2 (2015-06-21) +------------------- +- Depending on yum ~> 3.2 +- Support for the password attribute wasn't added to the + yum_repository LWRP until yum 3.2.0. + +v0.6.1 (2015-06-21) +------------------- +- Switching to https for URL links +- Using metalink URLs v0.6.0 (2015-01-03) ------------------- @@ -22,42 +46,34 @@ v0.4.0 (2014-07-27) ------------------- - [#9] Allowing list of repositories to reference configurable. - v0.3.6 (2014-04-09) ------------------- - [COOK-4509] add RHEL7 support to yum-epel cookbook - v0.3.4 (2014-02-19) ------------------- COOK-4353 - Fixing typo in readme - v0.3.2 (2014-02-13) ------------------- Updating README to explain the 'managed' parameter - v0.3.0 (2014-02-12) ------------------- [COOK-4292] - Do not manage secondary repos by default - v0.2.0 ------ Adding Amazon Linux support - v0.1.6 ------ Fixing up attribute values for EL6 - v0.1.4 ------ Adding CHANGELOG.md - v0.1.0 ------ initial release diff --git a/berks-cookbooks/yum-epel/README.md b/berks-cookbooks/yum-epel/README.md index 54eb2871..561f3824 100644 --- a/berks-cookbooks/yum-epel/README.md +++ b/berks-cookbooks/yum-epel/README.md @@ -1,5 +1,7 @@ yum-epel Cookbook ============ +[![Build Status](https://travis-ci.org/chef-cookbooks/yum-epel.svg?branch=master)](http://travis-ci.org/chef-cookbooks/yum-epel) +[![Cookbook Version](https://img.shields.io/cookbook/v/yum-epel.svg)](https://supermarket.chef.io/cookbooks/yum-epel) The yum-epel cookbook takes over management of the default repositoryids shipped with epel-release. It allows attribute @@ -8,8 +10,16 @@ manipulation of `epel`, `epel-debuginfo`, `epel-source`, `epel-testing`, Requirements ------------ -* Chef 11 or higher -* yum cookbook version 3.0.0 or higher +#### Platforms +* RHEL/CentOS and derivatives +* Fedora + +#### Chef +* Chef 11+ + +#### Cookbooks +* yum version 3.2.0 or higher + Attributes ---------- @@ -143,11 +153,11 @@ include_recipe 'yum-epel' License & Authors ----------------- -- Author:: Sean OMeara () -```text -Copyright:: 2011-2013 Opscode, Inc. +**Author:** Cookbook Engineering Team () +**Copyright:** 2011-2015, Chef Software, Inc. +``` Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at diff --git a/berks-cookbooks/yum-epel/attributes/epel-debuginfo.rb b/berks-cookbooks/yum-epel/attributes/epel-debuginfo.rb index 0e72757b..b466e15e 100644 --- a/berks-cookbooks/yum-epel/attributes/epel-debuginfo.rb +++ b/berks-cookbooks/yum-epel/attributes/epel-debuginfo.rb @@ -14,11 +14,11 @@ when 6 default['yum']['epel-debuginfo']['description'] = 'Extra Packages for Enterprise Linux 6 - $basearch - Debug' default['yum']['epel-debuginfo']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch' - default['yum']['epel-debuginfo']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' + default['yum']['epel-debuginfo']['gpgkey'] = 'https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' when 7 default['yum']['epel-debuginfo']['description'] = 'Extra Packages for Enterprise Linux 7 - $basearch - Debug' default['yum']['epel-debuginfo']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=epel-debug-7&arch=$basearch' - default['yum']['epel-debuginfo']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7' + default['yum']['epel-debuginfo']['gpgkey'] = 'https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7' end end diff --git a/berks-cookbooks/yum-epel/attributes/epel-source.rb b/berks-cookbooks/yum-epel/attributes/epel-source.rb index 1433eed0..9b1b3445 100644 --- a/berks-cookbooks/yum-epel/attributes/epel-source.rb +++ b/berks-cookbooks/yum-epel/attributes/epel-source.rb @@ -13,12 +13,12 @@ default['yum']['epel-source']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL' when 6 default['yum']['epel-source']['description'] = 'Extra Packages for Enterprise Linux 6 - $basearch - Source' - default['yum']['epel-source']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-source-6&arch=$basearch' - default['yum']['epel-source']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' + default['yum']['epel-source']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=epel-source-6&arch=$basearch' + default['yum']['epel-source']['gpgkey'] = 'https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' when 7 default['yum']['epel-source']['description'] = 'Extra Packages for Enterprise Linux 7 - $basearch - Source' - default['yum']['epel-source']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-source-7&arch=$basearch' - default['yum']['epel-source']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7' + default['yum']['epel-source']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=epel-source-7&arch=$basearch' + default['yum']['epel-source']['gpgkey'] = 'https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7' end end diff --git a/berks-cookbooks/yum-epel/attributes/epel.rb b/berks-cookbooks/yum-epel/attributes/epel.rb index 07dceb6d..4a15a4aa 100644 --- a/berks-cookbooks/yum-epel/attributes/epel.rb +++ b/berks-cookbooks/yum-epel/attributes/epel.rb @@ -13,12 +13,12 @@ default['yum']['epel']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL' when 6 default['yum']['epel']['description'] = 'Extra Packages for Enterprise Linux 6 - $basearch' - default['yum']['epel']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-6&arch=$basearch' - default['yum']['epel']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' + default['yum']['epel']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch' + default['yum']['epel']['gpgkey'] = 'https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' when 7 default['yum']['epel']['description'] = 'Extra Packages for Enterprise Linux 7 - $basearch' - default['yum']['epel']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-7&arch=$basearch' - default['yum']['epel']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7' + default['yum']['epel']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch' + default['yum']['epel']['gpgkey'] = 'https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7' end end diff --git a/berks-cookbooks/yum-epel/metadata.json b/berks-cookbooks/yum-epel/metadata.json index f60c0d80..2f731d30 100644 --- a/berks-cookbooks/yum-epel/metadata.json +++ b/berks-cookbooks/yum-epel/metadata.json @@ -1,34 +1 @@ -{ - "name": "yum-epel", - "version": "0.6.0", - "description": "Installs/Configures yum-epel", - "long_description": "", - "maintainer": "Chef", - "maintainer_email": "Sean OMeara ", - "license": "Apache 2.0", - "platforms": { - "redhat": ">= 0.0.0", - "centos": ">= 0.0.0", - "scientific": ">= 0.0.0", - "amazon": ">= 0.0.0" - }, - "dependencies": { - "yum": "~> 3.0" - }, - "recommendations": { - }, - "suggestions": { - }, - "conflicting": { - }, - "providing": { - }, - "replacing": { - }, - "attributes": { - }, - "groupings": { - }, - "recipes": { - } -} \ No newline at end of file +{"name":"yum-epel","version":"0.6.3","description":"Installs and configures the EPEL Yum repository","long_description":"yum-epel Cookbook\n============\n[![Build Status](https://travis-ci.org/chef-cookbooks/yum-epel.svg?branch=master)](http://travis-ci.org/chef-cookbooks/yum-epel)\n[![Cookbook Version](https://img.shields.io/cookbook/v/yum-epel.svg)](https://supermarket.chef.io/cookbooks/yum-epel)\n\nThe yum-epel cookbook takes over management of the default\nrepositoryids shipped with epel-release. It allows attribute\nmanipulation of `epel`, `epel-debuginfo`, `epel-source`, `epel-testing`,\n`epel-testing-debuginfo`, and `epel-testing-source`.\n\nRequirements\n------------\n#### Platforms\n* RHEL/CentOS and derivatives\n* Fedora\n\n#### Chef\n* Chef 11+\n\n#### Cookbooks\n* yum version 3.2.0 or higher\n\n\nAttributes\n----------\nThe following attributes are set by default\n\n``` ruby\ndefault['yum-epel']['repositories'] = %w{epel epel-debuginfo epel-source epel-testing epel-testing-debuginfo epel-testing-source}\n```\n\n``` ruby\ndefault['yum']['epel']['repositoryid'] = 'epel'\ndefault['yum']['epel']['description'] = 'Extra Packages for Enterprise Linux 6 - $basearch'\ndefault['yum']['epel']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=$basearch'\ndefault['yum']['epel']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6'\ndefault['yum']['epel']['failovermethod'] = 'priority'\ndefault['yum']['epel']['gpgcheck'] = true\ndefault['yum']['epel']['enabled'] = true\ndefault['yum']['epel']['managed'] = true\n```\n\n``` ruby\ndefault['yum']['epel-debuginfo']['repositoryid'] = 'epel-debuginfo'\ndefault['yum']['epel-debuginfo']['description'] = 'Extra Packages for Enterprise Linux 6 - $basearch - Debug'\ndefault['yum']['epel-debuginfo']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch'\ndefault['yum']['epel-debuginfo']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6'\ndefault['yum']['epel-debuginfo']['failovermethod'] = 'priority'\ndefault['yum']['epel-debuginfo']['gpgcheck'] = true\ndefault['yum']['epel-debuginfo']['enabled'] = false\ndefault['yum']['epel-debuginfo']['managed'] = false\n```\n\n``` ruby\ndefault['yum']['epel-source']['repositoryid'] = 'epel-source'\ndefault['yum']['epel-source']['description'] = 'Extra Packages for Enterprise Linux 6 - $basearch - Source'\ndefault['yum']['epel-source']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-source-6&arch=$basearch'\ndefault['yum']['epel-source']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6'\ndefault['yum']['epel-source']['failovermethod'] = 'priority'\ndefault['yum']['epel-source']['gpgcheck'] = true\ndefault['yum']['epel-source']['enabled'] = false\ndefault['yum']['epel-source']['managed'] = false\n```\n\n``` ruby\ndefault['yum']['epel-testing']['repositoryid'] = 'epel-testing'\ndefault['yum']['epel-testing']['description'] = 'Extra Packages for Enterprise Linux 6 - Testing - $basearch'\ndefault['yum']['epel-testing']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=testing-epel6&arch=$basearch'\ndefault['yum']['epel-testing']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6r'\ndefault['yum']['epel-testing']['failovermethod'] = 'priority'\ndefault['yum']['epel-testing']['gpgcheck'] = true\ndefault['yum']['epel-testing']['enabled'] = false\ndefault['yum']['epel-testing']['managed'] = false\n```\n\n``` ruby\ndefault['yum']['epel-testing-debuginfo']['repositoryid'] = 'epel-testing-debuginfo'\ndefault['yum']['epel-testing-debuginfo']['description'] = 'Extra Packages for Enterprise Linux 6 - Testing - $basearch Debug'\ndefault['yum']['epel-testing-debuginfo']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=testing-debug-epel6&arch=$basearch'\ndefault['yum']['epel-testing-debuginfo']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6'\ndefault['yum']['epel-testing-debuginfo']['failovermethod'] = 'priority'\ndefault['yum']['epel-testing-debuginfo']['gpgcheck'] = true\ndefault['yum']['epel-testing-debuginfo']['enabled'] = false\ndefault['yum']['epel-testing-debuginfo']['managed'] = false\n```\n\n``` ruby\ndefault['yum']['epel-testing-source']['repositoryid'] = 'epel-testing-source'\ndefault['yum']['epel-testing-source']['description'] = 'Extra Packages for Enterprise Linux 6 - Testing - $basearch Source'\ndefault['yum']['epel-testing-source']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=testing-source-epel6&arch=$basearch'\ndefault['yum']['epel-testing-source']['gpgkey'] = 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6'\ndefault['yum']['epel-testing-source']['failovermethod'] = 'priority'\ndefault['yum']['epel-testing-source']['gpgcheck'] = true\ndefault['yum']['epel-testing-source']['enabled'] = false\ndefault['yum']['epel-testing-source']['managed'] = false\n```\n\nRecipes\n-------\n* default - Walks through node attributes and feeds a yum_resource\n parameters. The following is an example a resource generated by the\n recipe during compilation.\n\n```ruby\n yum_repository 'epel' do\n mirrorlist 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=$basearch'\n description 'Extra Packages for Enterprise Linux 5 - $basearch'\n enabled true\n gpgcheck true\n gpgkey 'http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL'\n end\n```\n\nUsage Example\n-------------\nTo disable the epel repository through a Role or Environment definition\n\n```\ndefault_attributes(\n :yum => {\n :epel => {\n :enabled => {\n false\n }\n }\n }\n )\n```\n\nUncommonly used repositoryids are not managed by default. This is\nspeeds up integration testing pipelines by avoiding yum-cache builds\nthat nobody cares about. To enable the epel-testing repository with a\nwrapper cookbook, place the following in a recipe:\n\n```\nnode.default['yum']['epel-testing']['enabled'] = true\nnode.default['yum']['epel-testing']['managed'] = true\ninclude_recipe 'yum-epel'\n```\n\nMore Examples\n-------------\nPoint the epel repositories at an internally hosted server.\n\n```\nnode.default['yum']['epel']['enabled'] = true\nnode.default['yum']['epel']['mirrorlist'] = nil\nnode.default['yum']['epel']['baseurl'] = 'https://internal.example.com/centos/6/os/x86_64'\nnode.default['yum']['epel']['sslverify'] = false\n\ninclude_recipe 'yum-epel'\n```\n\nLicense & Authors\n-----------------\n\n**Author:** Cookbook Engineering Team ()\n\n**Copyright:** 2011-2015, Chef Software, Inc.\n```\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache 2.0","platforms":{"amazon":">= 0.0.0","centos":">= 0.0.0","fedora":">= 0.0.0","oracle":">= 0.0.0","redhat":">= 0.0.0","scientific":">= 0.0.0"},"dependencies":{"yum":"~> 3.2"},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{},"source_url":"https://github.com/chef-cookbooks/yum-epel","issues_url":"https://github.com/chef-cookbooks/yum-epel/issues"} \ No newline at end of file diff --git a/berks-cookbooks/yum-epel/recipes/default.rb b/berks-cookbooks/yum-epel/recipes/default.rb index 8ed695e7..60241b67 100644 --- a/berks-cookbooks/yum-epel/recipes/default.rb +++ b/berks-cookbooks/yum-epel/recipes/default.rb @@ -1,8 +1,9 @@ # -# Author:: Sean OMeara () -# Recipe:: yum-epel::default +# Author:: Sean OMeara () +# Cookbook Name:: yum-epel +# Recipe:: default # -# Copyright 2013, Chef +# Copyright 2013-2015, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,45 +18,44 @@ # limitations under the License. node['yum-epel']['repositories'].each do |repo| + next unless node['yum'][repo]['managed'] - if node['yum'][repo]['managed'] - yum_repository repo do - baseurl node['yum'][repo]['baseurl'] - cost node['yum'][repo]['cost'] - description node['yum'][repo]['description'] - enabled node['yum'][repo]['enabled'] - enablegroups node['yum'][repo]['enablegroups'] - exclude node['yum'][repo]['exclude'] - failovermethod node['yum'][repo]['failovermethod'] - fastestmirror_enabled node['yum'][repo]['fastestmirror_enabled'] - gpgcheck node['yum'][repo]['gpgcheck'] - gpgkey node['yum'][repo]['gpgkey'] - http_caching node['yum'][repo]['http_caching'] - include_config node['yum'][repo]['include_config'] - includepkgs node['yum'][repo]['includepkgs'] - keepalive node['yum'][repo]['keepalive'] - max_retries node['yum'][repo]['max_retries'] - metadata_expire node['yum'][repo]['metadata_expire'] - mirror_expire node['yum'][repo]['mirror_expire'] - mirrorlist node['yum'][repo]['mirrorlist'] - mirrorlist_expire node['yum'][repo]['mirrorlist_expire'] - password node['yum'][repo]['password'] - priority node['yum'][repo]['priority'] - proxy node['yum'][repo]['proxy'] - proxy_username node['yum'][repo]['proxy_username'] - proxy_password node['yum'][repo]['proxy_password'] - report_instanceid node['yum'][repo]['report_instanceid'] - repositoryid node['yum'][repo]['repositoryid'] - skip_if_unavailable node['yum'][repo]['skip_if_unavailable'] - source node['yum'][repo]['source'] - sslcacert node['yum'][repo]['sslcacert'] - sslclientcert node['yum'][repo]['sslclientcert'] - sslclientkey node['yum'][repo]['sslclientkey'] - sslverify node['yum'][repo]['sslverify'] - timeout node['yum'][repo]['timeout'] - username node['yum'][repo]['username'] + yum_repository repo do + baseurl node['yum'][repo]['baseurl'] + cost node['yum'][repo]['cost'] + description node['yum'][repo]['description'] + enabled node['yum'][repo]['enabled'] + enablegroups node['yum'][repo]['enablegroups'] + exclude node['yum'][repo]['exclude'] + failovermethod node['yum'][repo]['failovermethod'] + fastestmirror_enabled node['yum'][repo]['fastestmirror_enabled'] + gpgcheck node['yum'][repo]['gpgcheck'] + gpgkey node['yum'][repo]['gpgkey'] + http_caching node['yum'][repo]['http_caching'] + include_config node['yum'][repo]['include_config'] + includepkgs node['yum'][repo]['includepkgs'] + keepalive node['yum'][repo]['keepalive'] + max_retries node['yum'][repo]['max_retries'] + metadata_expire node['yum'][repo]['metadata_expire'] + mirror_expire node['yum'][repo]['mirror_expire'] + mirrorlist node['yum'][repo]['mirrorlist'] + mirrorlist_expire node['yum'][repo]['mirrorlist_expire'] + password node['yum'][repo]['password'] + priority node['yum'][repo]['priority'] + proxy node['yum'][repo]['proxy'] + proxy_username node['yum'][repo]['proxy_username'] + proxy_password node['yum'][repo]['proxy_password'] + report_instanceid node['yum'][repo]['report_instanceid'] + repositoryid node['yum'][repo]['repositoryid'] + skip_if_unavailable node['yum'][repo]['skip_if_unavailable'] + source node['yum'][repo]['source'] + sslcacert node['yum'][repo]['sslcacert'] + sslclientcert node['yum'][repo]['sslclientcert'] + sslclientkey node['yum'][repo]['sslclientkey'] + sslverify node['yum'][repo]['sslverify'] + timeout node['yum'][repo]['timeout'] + username node['yum'][repo]['username'] - action :create - end + action :create end end diff --git a/berks-cookbooks/yum-mysql-community/CHANGELOG.md b/berks-cookbooks/yum-mysql-community/CHANGELOG.md index 8a07fb91..05eb5eaa 100644 --- a/berks-cookbooks/yum-mysql-community/CHANGELOG.md +++ b/berks-cookbooks/yum-mysql-community/CHANGELOG.md @@ -2,6 +2,32 @@ yum-mysql-community Cookbook CHANGELOG ====================== This file is used to list changes made in each version of the yum-mysql-community cookbook. +v0.1.18 (2015-09-21) +-------------------- +- Added Travis CI config for lint and unit testing +- Added Chef standard Rubocop file and resolved all warnings +- Added Chef standard chefignore and .gitignore files +- Add supported platforms to the metadata +- Added source_url and issues_url to the metadata +- Added long_description to the metadata +- Updated and expanded development dependencies in the Gemfile +- Added contributing, testing, and maintainers docs +- Added platform requirements to the readme +- Added Travis and cookbook version badges to the readme +- Update Chefspec to 4.X format + +v0.1.17 (2015-04-06) +-------------------- +- Updating pubkey link from someara to chef-client github orgs + +v0.1.16 (2015-03-25) +-------------------- +- Adding support Amazon Linux 2015.03 to all channels + +v0.1.15 (2015-03-25) +-------------------- +- Added support for amazon linux 2015.03 + v0.1.14 (2015-03-12) -------------------- - The content of 0.1.13 is questionable: didn't have changelog entry, may have had merged attribute change, but let's be clear and say at least this version 0.1.14 is the right thing. diff --git a/berks-cookbooks/yum-mysql-community/README.md b/berks-cookbooks/yum-mysql-community/README.md index c642ab10..3154c220 100644 --- a/berks-cookbooks/yum-mysql-community/README.md +++ b/berks-cookbooks/yum-mysql-community/README.md @@ -1,15 +1,26 @@ yum-mysql-community Cookbook ============ +[![Build Status](https://travis-ci.org/chef-cookbooks/yum-mysql-community.svg?branch=master)](http://travis-ci.org/chef-cookbooks/yum-mysql-community) +[![Cookbook Version](https://img.shields.io/cookbook/v/yum-mysql-community.svg)](https://supermarket.chef.io/cookbooks/yum-mysql-community) The yum-mysql-community cookbook takes over management of the default -repositoryids shipped with epel-release. It allows attribute +repository ids shipped with epel-release. It allows attribute manipulation of `mysql-connectors-community`, `mysql56-community`, and `mysql57-community-dmr`. Requirements ------------ -* Chef 11 or higher -* yum cookbook version 3.0.0 or higher +#### Platforms +* RHEL/CentOS and derivatives +* Fedora + +#### Chef +* Chef 11+ + +#### Cookbooks +* yum version 3.0.0 or higher +* yum-epel + Attributes ---------- @@ -118,11 +129,11 @@ include_recipe 'mysql56-community' License & Authors ----------------- -- Author:: Sean OMeara () -```text -Copyright:: 2011-2015, Chef Software, Inc. +**Author:** Cookbook Engineering Team () +**Copyright:** 2011-2015, Chef Software, Inc. +``` Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at diff --git a/berks-cookbooks/yum-mysql-community/attributes/mysql-connectors-community.rb b/berks-cookbooks/yum-mysql-community/attributes/mysql-connectors-community.rb index 76ebb776..2ffd3d68 100644 --- a/berks-cookbooks/yum-mysql-community/attributes/mysql-connectors-community.rb +++ b/berks-cookbooks/yum-mysql-community/attributes/mysql-connectors-community.rb @@ -1,5 +1,5 @@ default['yum']['mysql-connectors-community']['repositoryid'] = 'mysql-connectors-community' -default['yum']['mysql-connectors-community']['gpgkey'] = 'https://raw.githubusercontent.com/someara/yum-mysql-community/master/files/default/mysql_pubkey.asc' +default['yum']['mysql-connectors-community']['gpgkey'] = 'https://raw.githubusercontent.com/chef-cookbooks/yum-mysql-community/master/files/default/mysql_pubkey.asc' default['yum']['mysql-connectors-community']['description'] = 'MySQL Connectors Community' default['yum']['mysql-connectors-community']['failovermethod'] = 'priority' default['yum']['mysql-connectors-community']['gpgcheck'] = true @@ -14,6 +14,8 @@ default['yum']['mysql-connectors-community']['baseurl'] = 'http://repo.mysql.com/yum/mysql-connectors-community/el/6/$basearch/' when 2014 default['yum']['mysql-connectors-community']['baseurl'] = 'http://repo.mysql.com/yum/mysql-connectors-community/el/6/$basearch/' + when 2015 + default['yum']['mysql-connectors-community']['baseurl'] = 'http://repo.mysql.com/yum/mysql-connectors-community/el/6/$basearch/' end when 'redhat' case node['platform_version'].to_i diff --git a/berks-cookbooks/yum-mysql-community/attributes/mysql55-community.rb b/berks-cookbooks/yum-mysql-community/attributes/mysql55-community.rb index 8f905739..73e2efd8 100644 --- a/berks-cookbooks/yum-mysql-community/attributes/mysql55-community.rb +++ b/berks-cookbooks/yum-mysql-community/attributes/mysql55-community.rb @@ -1,5 +1,5 @@ default['yum']['mysql55-community']['repositoryid'] = 'mysql55-community' -default['yum']['mysql55-community']['gpgkey'] = 'https://raw.githubusercontent.com/someara/yum-mysql-community/master/files/default/mysql_pubkey.asc' +default['yum']['mysql55-community']['gpgkey'] = 'https://raw.githubusercontent.com/chef-cookbooks/yum-mysql-community/master/files/default/mysql_pubkey.asc' default['yum']['mysql55-community']['description'] = 'MySQL 5.5 Community Server' default['yum']['mysql55-community']['failovermethod'] = 'priority' default['yum']['mysql55-community']['gpgcheck'] = true @@ -14,6 +14,8 @@ default['yum']['mysql55-community']['baseurl'] = 'http://repo.mysql.com/yum/mysql-5.5-community/el/6/$basearch/' when 2014 default['yum']['mysql55-community']['baseurl'] = 'http://repo.mysql.com/yum/mysql-5.5-community/el/6/$basearch/' + when 2015 + default['yum']['mysql55-community']['baseurl'] = 'http://repo.mysql.com/yum/mysql-5.5-community/el/6/$basearch/' end when 'redhat' case node['platform_version'].to_i diff --git a/berks-cookbooks/yum-mysql-community/attributes/mysql56-community.rb b/berks-cookbooks/yum-mysql-community/attributes/mysql56-community.rb index 94d0d0e6..c301a571 100644 --- a/berks-cookbooks/yum-mysql-community/attributes/mysql56-community.rb +++ b/berks-cookbooks/yum-mysql-community/attributes/mysql56-community.rb @@ -1,5 +1,5 @@ default['yum']['mysql56-community']['repositoryid'] = 'mysql56-community' -default['yum']['mysql56-community']['gpgkey'] = 'https://raw.githubusercontent.com/someara/yum-mysql-community/master/files/default/mysql_pubkey.asc' +default['yum']['mysql56-community']['gpgkey'] = 'https://raw.githubusercontent.com/chef-cookbooks/yum-mysql-community/master/files/default/mysql_pubkey.asc' default['yum']['mysql56-community']['description'] = 'MySQL 5.6 Community Server' default['yum']['mysql56-community']['failovermethod'] = 'priority' default['yum']['mysql56-community']['gpgcheck'] = true @@ -14,6 +14,8 @@ default['yum']['mysql56-community']['baseurl'] = 'http://repo.mysql.com/yum/mysql-5.6-community/el/6/$basearch/' when 2014 default['yum']['mysql56-community']['baseurl'] = 'http://repo.mysql.com/yum/mysql-5.6-community/el/6/$basearch/' + when 2015 + default['yum']['mysql56-community']['baseurl'] = 'http://repo.mysql.com/yum/mysql-5.6-community/el/6/$basearch/' end when 'redhat' case node['platform_version'].to_i diff --git a/berks-cookbooks/yum-mysql-community/attributes/mysql57-community.rb b/berks-cookbooks/yum-mysql-community/attributes/mysql57-community.rb index 08bd16c2..ad8e55cb 100644 --- a/berks-cookbooks/yum-mysql-community/attributes/mysql57-community.rb +++ b/berks-cookbooks/yum-mysql-community/attributes/mysql57-community.rb @@ -1,5 +1,5 @@ default['yum']['mysql57-community']['repositoryid'] = 'mysql57-community' -default['yum']['mysql57-community']['gpgkey'] = 'https://raw.githubusercontent.com/someara/yum-mysql-community/master/files/default/mysql_pubkey.asc' +default['yum']['mysql57-community']['gpgkey'] = 'https://raw.githubusercontent.com/chef-cookbooks/yum-mysql-community/master/files/default/mysql_pubkey.asc' default['yum']['mysql57-community']['description'] = 'MySQL 5.7 Community Server' default['yum']['mysql57-community']['failovermethod'] = 'priority' default['yum']['mysql57-community']['gpgcheck'] = true @@ -14,6 +14,8 @@ default['yum']['mysql57-community']['baseurl'] = 'http://repo.mysql.com/yum/mysql-5.7-community/el/6/$basearch/' when 2014 default['yum']['mysql57-community']['baseurl'] = 'http://repo.mysql.com/yum/mysql-5.7-community/el/6/$basearch/' + when 2015 + default['yum']['mysql57-community']['baseurl'] = 'http://repo.mysql.com/yum/mysql-5.7-community/el/6/$basearch/' end when 'redhat' case node['platform_version'].to_i diff --git a/berks-cookbooks/yum-mysql-community/metadata.json b/berks-cookbooks/yum-mysql-community/metadata.json index 7766fc11..fe9d8e21 100644 --- a/berks-cookbooks/yum-mysql-community/metadata.json +++ b/berks-cookbooks/yum-mysql-community/metadata.json @@ -1,30 +1 @@ -{ - "name": "yum-mysql-community", - "version": "0.1.14", - "description": "Installs/Configures yum-mysql-community", - "long_description": "", - "maintainer": "Chef Software, Inc", - "maintainer_email": "Sean OMeara ", - "license": "Apache 2.0", - "platforms": { - }, - "dependencies": { - "yum": ">= 3.0" - }, - "recommendations": { - }, - "suggestions": { - }, - "conflicting": { - }, - "providing": { - }, - "replacing": { - }, - "attributes": { - }, - "groupings": { - }, - "recipes": { - } -} \ No newline at end of file +{"name":"yum-mysql-community","version":"0.1.18","description":"Installs/Configures yum-mysql-community","long_description":"yum-mysql-community Cookbook\n============\n[![Build Status](https://travis-ci.org/chef-cookbooks/yum-mysql-community.svg?branch=master)](http://travis-ci.org/chef-cookbooks/yum-mysql-community)\n[![Cookbook Version](https://img.shields.io/cookbook/v/yum-mysql-community.svg)](https://supermarket.chef.io/cookbooks/yum-mysql-community)\n\nThe yum-mysql-community cookbook takes over management of the default\nrepository ids shipped with epel-release. It allows attribute\nmanipulation of `mysql-connectors-community`, `mysql56-community`, and\n`mysql57-community-dmr`.\n\nRequirements\n------------\n#### Platforms\n* RHEL/CentOS and derivatives\n* Fedora\n\n#### Chef\n* Chef 11+\n\n#### Cookbooks\n* yum version 3.0.0 or higher\n* yum-epel\n\n\nAttributes\n----------\nThe following attributes are set by default\n\n``` ruby\ndefault['yum']['mysql-connectors-community']['repositoryid'] = 'mysql-connectors-community'\ndefault['yum']['mysql-connectors-community']['description'] = 'MySQL Connectors Community'\ndefault['yum']['mysql-connectors-community']['baseurl'] = 'http://repo.mysql.com/yum/mysql-connectors-community/el/$releasever/$basearch/'\ndefault['yum']['mysql-connectors-community']['gpgkey'] = 'https://raw.githubusercontent.com/rs-services/equinix-public/master/cookbooks/db_mysql/files/centos/mysql_pubkey.asc'\ndefault['yum']['mysql-connectors-community']['failovermethod'] = 'priority'\ndefault['yum']['mysql-connectors-community']['gpgcheck'] = true\ndefault['yum']['mysql-connectors-community']['enabled'] = true\n```\n\n``` ruby\ndefault['yum']['mysql56-community']['repositoryid'] = 'mysql56-community'\ndefault['yum']['mysql56-community']['description'] = 'MySQL 5.6 Community Server'\ndefault['yum']['mysql56-community']['baseurl'] = 'http://repo.mysql.com/yum/mysql56-community/el/$releasever/$basearch/'\ndefault['yum']['mysql56-community']['gpgkey'] = 'https://raw.githubusercontent.com/rs-services/equinix-public/master/cookbooks/db_mysql/files/centos/mysql_pubkey.asc'\ndefault['yum']['mysql56-community']['failovermethod'] = 'priority'\ndefault['yum']['mysql56-community']['gpgcheck'] = true\ndefault['yum']['mysql56-community']['enabled'] = true\n```\n\n``` ruby\ndefault['yum']['mysql57-community-dmr']['repositoryid'] = 'mysql57-community-dmr'\ndefault['yum']['mysql57-community-dmr']['description'] = 'MySQL 5.7 Community Server Development Milestone Release'\ndefault['yum']['mysql57-community-dmr']['baseurl'] = 'http://repo.mysql.com/yum/mysql56-community/el/$releasever/$basearch/'\ndefault['yum']['mysql57-community-dmr']['gpgkey'] = 'https://raw.githubusercontent.com/rs-services/equinix-public/master/cookbooks/db_mysql/files/centos/mysql_pubkey.asc'\ndefault['yum']['mysql57-community-dmr']['failovermethod'] = 'priority'\ndefault['yum']['mysql57-community-dmr']['gpgcheck'] = true\ndefault['yum']['mysql57-community-dmr']['enabled'] = true\n```\n\nRecipes\n-------\n* mysql55 - Sets up the mysql56-community repository on supported\n platforms\n\n```ruby\n yum_repository 'mysql55-community' do\n mirrorlist 'http://repo.mysql.com/yum/mysql55-community/el/$releasever/$basearch/'\n description ''\n enabled true\n gpgcheck true\n end\n```\n\n* mysql56 - Sets up the mysql56-community repository on supported\n platforms\n\n```ruby\n yum_repository 'mysql56-community' do\n mirrorlist 'http://repo.mysql.com/yum/mysql56-community/el/$releasever/$basearch/'\n description ''\n enabled true\n gpgcheck true\n end\n```\n\n\n* connectors - Sets up the mysql-connectors-community repository on supported\n platforms\n\n\nUsage Example\n-------------\nTo disable the epel repository through a Role or Environment definition\n\n```\ndefault_attributes(\n :yum => {\n :mysql57-community-dmr => {\n :enabled => {\n false\n }\n }\n }\n )\n```\n\nUncommonly used repositoryids are not managed by default. This is\nspeeds up integration testing pipelines by avoiding yum-cache builds\nthat nobody cares about. To enable the epel-testing repository with a\nwrapper cookbook, place the following in a recipe:\n\n```\nnode.default['yum']['mysql57-community-dmr']['enabled'] = true\nnode.default['yum']['mysql57-community-dmr']['managed'] = true\ninclude_recipe 'mysql57-community-dmr'\n```\n\nMore Examples\n-------------\nPoint the mysql56-community repositories at an internally hosted server.\n\n```\nnode.default['yum']['mysql56-community']['enabled'] = true\nnode.default['yum']['mysql56-community']['mirrorlist'] = nil\nnode.default['yum']['mysql56-community']['baseurl'] = 'https://internal.example.com/mysql/mysql56-community/'\nnode.default['yum']['mysql56-community']['sslverify'] = false\n\ninclude_recipe 'mysql56-community'\n```\n\nLicense & Authors\n-----------------\n\n**Author:** Cookbook Engineering Team ()\n\n**Copyright:** 2011-2015, Chef Software, Inc.\n```\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache 2.0","platforms":{"amazon":">= 0.0.0","centos":">= 0.0.0","fedora":">= 0.0.0","oracle":">= 0.0.0","redhat":">= 0.0.0","scientific":">= 0.0.0"},"dependencies":{"yum":">= 3.0"},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{},"source_url":"https://github.com/chef-cookbooks/yum-mysql-community","issues_url":"https://github.com/chef-cookbooks/yum-mysql-community/issues"} \ No newline at end of file diff --git a/berks-cookbooks/yum/CHANGELOG.md b/berks-cookbooks/yum/CHANGELOG.md index fc886629..c162ba6e 100644 --- a/berks-cookbooks/yum/CHANGELOG.md +++ b/berks-cookbooks/yum/CHANGELOG.md @@ -2,6 +2,41 @@ yum Cookbook CHANGELOG ====================== This file is used to list changes made in each version of the yum cookbook. +v3.7.1 (2015-09-08) +------------------- +- #135 - reverting "yum clean headers" as it breaks dnf compat + +v3.7.0 (2015-09-05) +------------------- +- Adding deltarpm toggle +- Cleaning 'headers' rather than 'all' + +v3.6.3 (2015-07-13) +------------------- +- Normalizing sslverify option rendering behavior +- Setting default value on the resource to nil +- Explictly setting string to render in template if value is supplied +- Behavior should default to "True", per man page + +v3.6.2 (2015-07-13) +------------------- +- Adding -y to makecache, to import key when repo_gpgcheck = true. +- Accepting Integer value for max_retries + +v3.6.1 (2015-06-04) +------------------- +- Executing yum clean before makecache +- Adding repo_gpgcheck + +v3.6.0 (2015-04-23) +------------------- +- Adding "yum clean" before "yum makecache" in yum_repository :create +- Adding why_run support to yum_globalconfig + +v3.5.4 (2015-04-07) +------------------- +- Changing tolerant config line to stringified integer + v3.5.3 (2015-01-16) ------------------- - Adding reposdir to globalconfig template @@ -108,7 +143,7 @@ Updating default.rb to consume node['yum']['main']['proxy'] v3.0.4 (2013-12-29) ------------------- ### Bug -- **[COOK-4156](https://tickets.opscode.com/browse/COOK-4156)** - yum cookbook creates a yum.conf with "cachefir" directive +- **[COOK-4156](https://tickets.chef.io/browse/COOK-4156)** - yum cookbook creates a yum.conf with "cachefir" directive v3.0.2 @@ -149,14 +184,14 @@ v2.4.0 v2.3.4 ------ ### Improvement -- **[COOK-3689](https://tickets.opscode.com/browse/COOK-3689)** - Fix warnings about resource cloning -- **[COOK-3574](https://tickets.opscode.com/browse/COOK-3574)** - Add missing "description" field in metadata +- **[COOK-3689](https://tickets.chef.io/browse/COOK-3689)** - Fix warnings about resource cloning +- **[COOK-3574](https://tickets.chef.io/browse/COOK-3574)** - Add missing "description" field in metadata v2.3.2 ------ ### Bug -- **[COOK-3145](https://tickets.opscode.com/browse/COOK-3145)** - Use correct download URL for epel `key_url` +- **[COOK-3145](https://tickets.chef.io/browse/COOK-3145)** - Use correct download URL for epel `key_url` v2.3.0 ------ diff --git a/berks-cookbooks/yum/README.md b/berks-cookbooks/yum/README.md index d84a5d3b..7ee1918b 100644 --- a/berks-cookbooks/yum/README.md +++ b/berks-cookbooks/yum/README.md @@ -1,8 +1,7 @@ yum Cookbook ============ - -[![Cookbook Version](https://img.shields.io/cookbook/v/yum.svg)](https://supermarket.getchef.com/cookbooks/yum) -[![Travis status](http://img.shields.io/travis/opscode-cookbooks/yum.svg)](https://travis-ci.org/opscode-cookbooks/yum) +[![Build Status](https://travis-ci.org/chef-cookbooks/yum.svg?branch=master)](http://travis-ci.org/chef-cookbooks/yum) +[![Cookbook Version](https://img.shields.io/cookbook/v/yum.svg)](https://supermarket.chef.io/cookbooks/yum) The Yum cookbook exposes the `yum_globalconfig` and `yum_repository` resources that allows a user to both control global behavior and make @@ -256,9 +255,9 @@ yum_repository resource. License & Authors ----------------- - Author:: Eric G. Wolfe -- Author:: Matt Ray () -- Author:: Joshua Timberman () -- Author:: Sean OMeara () +- Author:: Matt Ray () +- Author:: Joshua Timberman () +- Author:: Sean OMeara () ```text Copyright:: 2011 Eric G. Wolfe @@ -276,3 +275,5 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ``` + +This is a test diff --git a/berks-cookbooks/yum/attributes/main.rb b/berks-cookbooks/yum/attributes/main.rb index 9c0012c6..b4159c86 100644 --- a/berks-cookbooks/yum/attributes/main.rb +++ b/berks-cookbooks/yum/attributes/main.rb @@ -36,6 +36,7 @@ default['yum']['main']['color_update_local'] = nil # /.*/ default['yum']['main']['color_update_remote'] = nil # /.*/ default['yum']['main']['commands'] = nil # /.*/ +default['yum']['main']['deltarpm'] = nil # [TrueClass, FalseClass] default['yum']['main']['debuglevel'] = nil # /^\d+$/ default['yum']['main']['diskspacecheck'] = nil # [TrueClass, FalseClass] default['yum']['main']['enable_group_conditionals'] = nil # [TrueClass, FalseClass] diff --git a/berks-cookbooks/yum/metadata.json b/berks-cookbooks/yum/metadata.json index d1969710..14336417 100644 --- a/berks-cookbooks/yum/metadata.json +++ b/berks-cookbooks/yum/metadata.json @@ -1,34 +1 @@ -{ - "name": "yum", - "version": "3.5.3", - "description": "Configures various yum components on Red Hat-like systems", - "long_description": "", - "maintainer": "Chef", - "maintainer_email": "cookbooks@getchef.com", - "license": "Apache 2.0", - "platforms": { - "redhat": ">= 0.0.0", - "centos": ">= 0.0.0", - "scientific": ">= 0.0.0", - "amazon": ">= 0.0.0", - "fedora": ">= 0.0.0" - }, - "dependencies": { - }, - "recommendations": { - }, - "suggestions": { - }, - "conflicting": { - }, - "providing": { - }, - "replacing": { - }, - "attributes": { - }, - "groupings": { - }, - "recipes": { - } -} \ No newline at end of file +{"name":"yum","version":"3.7.1","description":"Configures various yum components on Red Hat-like systems","long_description":"","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache 2.0","platforms":{"amazon":">= 0.0.0","centos":">= 0.0.0","fedora":">= 0.0.0","oracle":">= 0.0.0","redhat":">= 0.0.0","scientific":">= 0.0.0"},"dependencies":{},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{}} \ No newline at end of file diff --git a/berks-cookbooks/yum/providers/globalconfig.rb b/berks-cookbooks/yum/providers/globalconfig.rb index 84354e1b..dfd9db59 100644 --- a/berks-cookbooks/yum/providers/globalconfig.rb +++ b/berks-cookbooks/yum/providers/globalconfig.rb @@ -2,7 +2,7 @@ # Cookbook Name:: yum # Provider:: repository # -# Author:: Sean OMeara +# Author:: Sean OMeara # Copyright 2013, Chef # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -21,6 +21,10 @@ # Allow for Chef 10 support use_inline_resources if defined?(use_inline_resources) +def whyrun_supported? + true +end + action :create do template new_resource.path do source 'main.erb' diff --git a/berks-cookbooks/yum/providers/repository.rb b/berks-cookbooks/yum/providers/repository.rb index 96fedef5..612e458e 100644 --- a/berks-cookbooks/yum/providers/repository.rb +++ b/berks-cookbooks/yum/providers/repository.rb @@ -2,7 +2,7 @@ # Cookbook Name:: yum # Provider:: repository # -# Author:: Sean OMeara +# Author:: Sean OMeara # Copyright 2013, Chef # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -46,14 +46,20 @@ def whyrun_supported? mode new_resource.mode variables(:config => new_resource) if new_resource.make_cache + notifies :run, "execute[yum clean #{new_resource.repositoryid}]", :immediately notifies :run, "execute[yum-makecache-#{new_resource.repositoryid}]", :immediately notifies :create, "ruby_block[yum-cache-reload-#{new_resource.repositoryid}]", :immediately end end + execute "yum clean #{new_resource.repositoryid}" do + command "yum clean all --disablerepo=* --enablerepo=#{new_resource.repositoryid}" + action :nothing + end + # get the metadata for this repo only execute "yum-makecache-#{new_resource.repositoryid}" do - command "yum -q makecache --disablerepo=* --enablerepo=#{new_resource.repositoryid}" + command "yum -q -y makecache --disablerepo=* --enablerepo=#{new_resource.repositoryid}" action :nothing only_if { new_resource.enabled } end diff --git a/berks-cookbooks/yum/recipes/default.rb b/berks-cookbooks/yum/recipes/default.rb index 37de4179..2b41e4ac 100644 --- a/berks-cookbooks/yum/recipes/default.rb +++ b/berks-cookbooks/yum/recipes/default.rb @@ -1,9 +1,9 @@ # -# Author:: Sean OMeara () -# Author:: Joshua Timberman () +# Author:: Sean OMeara () +# Author:: Joshua Timberman () # Recipe:: yum::default # -# Copyright 2013-2014, Chef Software, Inc () +# Copyright 2013-2014, Chef Software, Inc () # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/berks-cookbooks/yum/resources/globalconfig.rb b/berks-cookbooks/yum/resources/globalconfig.rb index e355fd93..7d500fb1 100644 --- a/berks-cookbooks/yum/resources/globalconfig.rb +++ b/berks-cookbooks/yum/resources/globalconfig.rb @@ -2,7 +2,7 @@ # Cookbook Name:: yum # Resource:: repository # -# Author:: Sean OMeara +# Author:: Sean OMeara # Copyright 2013, Chef # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -44,6 +44,7 @@ attribute :color_update_remote, :kind_of => String, :regex => /.*/, :default => nil attribute :commands, :kind_of => String, :regex => /.*/, :default => nil attribute :debuglevel, :kind_of => String, :regex => /^\d+$/, :default => '2' +attribute :deltarpm, :kind_of => [TrueClass, FalseClass], :default => nil attribute :diskspacecheck, :kind_of => [TrueClass, FalseClass], :default => nil attribute :distroverpkg, :kind_of => String, :regex => /.*/, :default => nil attribute :enable_group_conditionals, :kind_of => [TrueClass, FalseClass], :default => nil diff --git a/berks-cookbooks/yum/resources/repository.rb b/berks-cookbooks/yum/resources/repository.rb index 5a350955..02383535 100644 --- a/berks-cookbooks/yum/resources/repository.rb +++ b/berks-cookbooks/yum/resources/repository.rb @@ -2,7 +2,7 @@ # Cookbook Name:: yum # Resource:: repository # -# Author:: Sean OMeara +# Author:: Sean OMeara # Copyright 2013, Chef # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -38,7 +38,7 @@ attribute :includepkgs, :kind_of => String, :regex => /.*/, :default => nil attribute :keepalive, :kind_of => [TrueClass, FalseClass], :default => nil attribute :make_cache, :kind_of => [TrueClass, FalseClass], :default => true -attribute :max_retries, :kind_of => String, :regex => /.*/, :default => nil +attribute :max_retries, :kind_of => [String, Integer], :default => nil attribute :metadata_expire, :kind_of => String, :regex => [/^\d+$/, /^\d+[mhd]$/, /never/], :default => nil attribute :mirrorexpire, :kind_of => String, :regex => /.*/, :default => nil attribute :mirrorlist, :kind_of => String, :regex => /.*/, :default => nil @@ -51,6 +51,7 @@ attribute :proxy_password, :kind_of => String, :regex => /.*/, :default => nil attribute :username, :kind_of => String, :regex => /.*/, :default => nil attribute :password, :kind_of => String, :regex => /.*/, :default => nil +attribute :repo_gpgcheck, :kind_of => [TrueClass, FalseClass], :default => nil attribute :report_instanceid, :kind_of => [TrueClass, FalseClass], :default => nil attribute :repositoryid, :kind_of => String, :regex => /.*/, :name_attribute => true attribute :skip_if_unavailable, :kind_of => [TrueClass, FalseClass], :default => nil @@ -58,7 +59,7 @@ attribute :sslcacert, :kind_of => String, :regex => /.*/, :default => nil attribute :sslclientcert, :kind_of => String, :regex => /.*/, :default => nil attribute :sslclientkey, :kind_of => String, :regex => /.*/, :default => nil -attribute :sslverify, :kind_of => [TrueClass, FalseClass], :default => true +attribute :sslverify, :kind_of => [TrueClass, FalseClass], :default => nil attribute :timeout, :kind_of => String, :regex => /^\d+$/, :default => nil attribute :options, :kind_of => Hash diff --git a/berks-cookbooks/yum/templates/default/main.erb b/berks-cookbooks/yum/templates/default/main.erb index 32871590..11f3d4b9 100644 --- a/berks-cookbooks/yum/templates/default/main.erb +++ b/berks-cookbooks/yum/templates/default/main.erb @@ -65,6 +65,11 @@ commands=<%= @config.commands %> <% if @config.debuglevel %> debuglevel=<%= @config.debuglevel %> <% end %> +<% if @config.deltarpm == true %> +deltarpm=1 +<% elsif @config.deltarpm == false %> +deltarpm=0 +<% end %> <% if @config.diskspacecheck %> diskspacecheck=<%= @config.diskspacecheck %> <% end %> @@ -226,7 +231,7 @@ sslclientcert=<%= @config.sslclientcert %> sslclientkey=<%= @config.sslclientkey %> <% end %> <% unless @config.sslverify.nil? %> -sslverify=<%= @config.sslverify %> +sslverify=<%= ( @config.sslverify ) ? 'True' : 'False' %> <% end %> <% if @config.syslog_device %> syslog_device=<%= @config.syslog_device %> @@ -244,7 +249,7 @@ throttle=<%= @config.throttle %> timeout=<%= @config.timeout %> <% end %> <% if @config.tolerant %> -tolerant=<%= @config.tolerant %> +tolerant=<%= ( @config.tolerant ) ? '1' : '0' %> <% end %> <% if @config.tsflags %> tsflags=<%= @config.tsflags %> diff --git a/berks-cookbooks/yum/templates/default/repo.erb b/berks-cookbooks/yum/templates/default/repo.erb index 06409da5..84202c19 100644 --- a/berks-cookbooks/yum/templates/default/repo.erb +++ b/berks-cookbooks/yum/templates/default/repo.erb @@ -81,6 +81,9 @@ username=<%= @config.username %> <% if @config.password %> password=<%= @config.password %> <% end %> +<% if @config.repo_gpgcheck %> +repo_gpgcheck=1 +<% end %> <% if @config.max_retries %> retries=<%= @config.max_retries %> <% end %> @@ -100,7 +103,7 @@ sslclientcert=<%= @config.sslclientcert %> sslclientkey=<%= @config.sslclientkey %> <% end %> <% unless @config.sslverify.nil? %> -sslverify=<%= @config.sslverify %> +sslverify=<%= ( @config.sslverify ) ? 'True' : 'False' %> <% end %> <% if @config.timeout %> timeout=<%= @config.timeout %> diff --git a/cookbooks/vagrant_main/attributes/default.rb b/cookbooks/vagrant_main/attributes/default.rb index a094b736..7549c960 100644 --- a/cookbooks/vagrant_main/attributes/default.rb +++ b/cookbooks/vagrant_main/attributes/default.rb @@ -1,17 +1,18 @@ +override['apache']['mpm'] = 'prefork' + override['mysql']['version'] = '5.5' override['mysql']['port'] = '3306' +override['mysql']['data_dir'] = '/var/lib/mysql' override['mysql']['socket'] = '/var/run/mysqld/mysqld.sock' override['mysql']['initial_root_password'] = 'vagrant' -override['percona']['apt_keyserver'] = 'keyserver.ubuntu.com' +override['percona']['apt']['keyserver'] = 'hkp://keyserver.ubuntu.com:80' override['nodejs']['install_method'] = 'binary' -override['nodejs']['version'] = '0.12.0' -override['nodejs']['source']['checksum'] = '9700e23af4e9b3643af48cef5f2ad20a1331ff531a12154eef2bfb0bb1682e32' -override['nodejs']['binary']['checksum']['linux_x64'] = '3bdb7267ca7ee24ac59c54ae146741f70a6ae3a8a8afd42d06204647fe9d4206' -override['nodejs']['binary']['checksum']['linux_x86'] = 'd4130512228439bf9115b7057fe145b095c1e49fa8e62c8d3e192b3dd3fe821b' - -override['npm']['version'] = '2.7.4' +override['nodejs']['version'] = '4.1.1' +override['nodejs']['source']['checksum'] = '6a610935ff52de713cf2af6a26002322e24fd7933a444436f0817a2b84e15a58' +override['nodejs']['binary']['checksum']['linux_x64'] = 'f5f7e11a503c997486d50d8683741a554bdda1d1181125a05ac5844cb29d1572' +override['nodejs']['binary']['checksum']['linux_x86'] = '3f9836b8a7e6e3d6591af6ef59e6055255439420518c3f77e0e65832a8486be1' override['postfix']['main']['relayhost'] = 'localhost:1025' diff --git a/cookbooks/vagrant_main/files/default/phpmyadmin.deb.conf b/cookbooks/vagrant_main/files/default/phpmyadmin.deb.conf index ebe2a0e0..70efd59c 100644 --- a/cookbooks/vagrant_main/files/default/phpmyadmin.deb.conf +++ b/cookbooks/vagrant_main/files/default/phpmyadmin.deb.conf @@ -1 +1,5 @@ -phpmyadmin phpmyadmin/reconfigure-webserver multiselect apache2 \ No newline at end of file +phpmyadmin phpmyadmin/reconfigure-webserver multiselect apache2 +phpmyadmin phpmyadmin/dbconfig-install boolean true +phpmyadmin phpmyadmin/mysql/admin-pass password vagrant +phpmyadmin phpmyadmin/mysql/app-pass password vagrant +phpmyadmin phpmyadmin/app-password-confirm password vagrant diff --git a/cookbooks/vagrant_main/metadata.rb b/cookbooks/vagrant_main/metadata.rb index 5fb7d569..287a5a94 100644 --- a/cookbooks/vagrant_main/metadata.rb +++ b/cookbooks/vagrant_main/metadata.rb @@ -14,7 +14,6 @@ depends "magento-toolbox" depends "mysql" depends "nodejs" -depends "npm" depends "percona" depends "phing" depends "php" diff --git a/cookbooks/vagrant_main/recipes/nodejs.rb b/cookbooks/vagrant_main/recipes/nodejs.rb index 80341718..ed093d81 100644 --- a/cookbooks/vagrant_main/recipes/nodejs.rb +++ b/cookbooks/vagrant_main/recipes/nodejs.rb @@ -1,8 +1,13 @@ include_recipe "build-essential" include_recipe "nodejs" -include_recipe "npm" +include_recipe "nodejs::npm" + +# Set npm global prefix +execute 'npm-set-prefix' do + command 'npm config set prefix /usr/local' +end # Install npm modules %w{ coffee-script grunt-cli bower yo less csslint }.each do |a_package| - npm_package a_package + nodejs_npm a_package end diff --git a/cookbooks/vagrant_main/templates/default/sites.conf.erb b/cookbooks/vagrant_main/templates/default/sites.conf.erb deleted file mode 100644 index b43f5371..00000000 --- a/cookbooks/vagrant_main/templates/default/sites.conf.erb +++ /dev/null @@ -1,81 +0,0 @@ - - ServerName <%= @params[:server_name] %> - ServerAlias <% @params[:server_aliases].each do |a| %><%= "#{a}" %> <% end %> - DocumentRoot <%= @params[:docroot] %> - <% if @params[:server_include] %> - <% @params[:server_include].each do |b| %>Include <%= "#{b}" %> - <% end %> - <% end %> - RewriteEngine On - - > - Options FollowSymLinks - AllowOverride All - Order allow,deny - Allow from all - - - - Options FollowSymLinks - AllowOverride None - - - - SetHandler server-status - - Order Allow,Deny - Allow from all - - - LogLevel info - ErrorLog <%= node[:apache][:log_dir] %>/<%= @params[:name] %>-error.log - CustomLog <%= node[:apache][:log_dir] %>/<%= @params[:name] %>-access.log combined - - RewriteEngine On - RewriteLog <%= node[:apache][:log_dir] %>/<%= @application_name %>-rewrite.log - # level 0 => Do not log rewrite - RewriteLogLevel 0 - - - - ServerName <%= @params[:server_name] %> - ServerAlias <% @params[:server_aliases].each do |a| %><%= "#{a}" %> <% end %> - DocumentRoot <%= @params[:docroot] %> - <% if @params[:server_include] %> - <% @params[:server_include].each do |b| %>Include <%= "#{b}" %> - <% end %> - <% end %> - RewriteEngine On - - > - Options FollowSymLinks - AllowOverride All - Order allow,deny - Allow from all - - - - Options FollowSymLinks - AllowOverride None - - - - SetHandler server-status - - Order Allow,Deny - Allow from all - - - LogLevel info - ErrorLog <%= node[:apache][:log_dir] %>/<%= @params[:name] %>-error.log - CustomLog <%= node[:apache][:log_dir] %>/<%= @params[:name] %>-access.log combined - - RewriteEngine On - RewriteLog <%= node[:apache][:log_dir] %>/<%= @application_name %>-rewrite.log - # level 0 => Do not log rewrite - RewriteLogLevel 0 - - SSLEngine on - SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem - SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key -