Skip to content
Browse files

COOK-364, update cookbook metadata

  • Loading branch information...
1 parent c228a47 commit e48bbef31139d75c7d545f9a5d8ae3478f49ca1c @jtimberman jtimberman committed Oct 12, 2010
Showing with 1,135 additions and 1,138 deletions.
  1. +65 −65 chef/metadata.json
  2. +1 −1 chef/metadata.rb
  3. +250 −250 openldap/metadata.json
  4. +1 −1 openldap/metadata.rb
  5. +817 −820 riak/metadata.json
  6. +1 −1 riak/metadata.rb
View
130 chef/metadata.json
@@ -1,81 +1,81 @@
{
- "providing": {
- },
- "attributes": {
- },
- "replacing": {
- },
- "dependencies": {
- "xml": [
+ "name": "chef",
+ "description": "Installs and configures Chef for chef-client and chef-server",
+ "long_description": "BOOTSTRAP CHANGES\n=================\n\nThe `bootstrap` cookbook's recipes for configuring a RubyGem installation of Chef have been merged into this cookbook.\n\n bootstrap::client -> chef::bootstrap_client\n bootstrap::server -> chef::bootstrap_server\n\nBe aware of the following changes to this cookbook.\n\n* Bootstrap no longer generates a random password for the webui admin user. The default password is displayed on the webui login page and should be changed immediately after logging in.\n* Server configuration now has a setting for the cookbook tarballs. See the server.rb.erb template.\n* We now set the signing key/cert locations and set owner / group. See the server.rb.erb template.\n* The validation client name is configurable. See the attributes.\n\nDESCRIPTION\n===========\n\nThis cookbook is used to configure the system to be a Chef Client or a Chef Server. It is a complex cookbook, please read this entire document to understand how it works. For more information on how Chef itself works, see the [Chef Wiki](http://wiki.opscode.com)\n\nREQUIREMENTS\n============\n\nChef 0.8.16 or later is required.\n\nChef 0.9.0 or later is required to use the `chef.init_style` attribute value `init`, in order to have the init scripts available.\n\nPlatform\n--------\n\nIf using this cookbook to manage a Chef Server system that was installed from Debian/Ubuntu packages, note that in the packages, the configuration files are split up for server.rb, solr.rb and webui.rb, and the `chef::server` recipe may not work as desired.\n\nWe recommend using a recent version of Ubuntu or Debian for the Chef Server.\n\n* Ubuntu 9.10/10.04\n* Debian testing/unstable\n\nThese versions have newer versions of CouchDB and RabbitMQ packaged.\n\n`chef::client` is tested on Ubuntu 8.04+, Debian 5.0, CentOS 5.x, Fedora 10+, OpenBSD 4.6, FreeBSD 7.1 and Gentoo.\n\n`chef::bootstrap_client` is tested on the above. OpenSolaris 11 is also tested, but there's a bug in Ohai that requires some manual intervention (OHAI-122).\n\n`chef::server` is tested on Ubuntu 8.04+, Debian 5.0.\n\n`chef::bootstrap_server` is tested on Ubuntu 8.04+, Debian 5.0.\n\nClient\n------\n\n`runit` cookbook is suggested for RubyGems installation. No other cookbooks are required for clients.\n\nServer\n------\n\nThe `chef::bootstrap_server` recipe uses the following other cookbooks from the Opscode repository.\n\n* couchdb\n* `rabbitmq_chef`\n* openssl\n* zlib\n* xml\n* java\n\nThe `chef::server_proxy` recipe uses the following cookbook:\n\n* apache2\n\nATTRIBUTES\n==========\n\nThe attributes for configuring the `chef` cookbook are under the `chef` namespace on the node, i.e., `@node[:chef]` or `@node.chef`.\n\nWhen using the bootstrap recipe, set the desired attributes using a JSON file. See \"BOOTSTRAPPING\" for examples.\n\numask\n-----\n\nSets the umask for files created by the server process via `Chef::Config[:umask]` in `/etc/chef/server.rb`\n\nurl_type\n--------\n\nSet up the URLs the client should connect to with this. Default is `http`, which tells the client to connect to `http://server:4000`. If you set up your chef-server to use an SSL front-end for example with `chef::server_proxy`, set this to `https` for clients and the URLs will be `https://server/`.\n\nBy default the only URL config setting for Chef 0.8.x+ is `Chef::Config[:chef_server_url]`. The other older URLs are still supported so you can split out the various functions of the Chef Server, but configuration of those is outside the scope of this cookbook.\n\ninit_style\n----------\n\nSpecifies the init style to use. Default `runit`. Other possible values `init`, `bsd`, any other string will be treated as unknown and a message will be displayed during the Chef run.\n\nIf your platform doesn't have a `runit` package or if the cookbook doesn't detect it, but you still want to use runit, set `init_style` to `none` and install runit separately. You may need to configure the runit services separately.\n\nUsing the `init` value for this attribute will retrieve the init scripts that are distributed with the Chef gem. \n\nThis cookbook does not yet support Upstart for Ubuntu/Debian, but that is planned for a future release, and will be specified via this attribute.\n\npath\n----\n\nThis is the base location where Chef will store data and other artifacts. Default `/srv/chef` for RubyGems installed systems. If using Chef packages for your platform, the location preference varies. The default on Debian and Red Hat based systems is a filesystem hiearchy standard (FHS) suggestion. Some other locations you may consider, by platform:\n\nDebian and Red Hat based Linux distros (Ubuntu, CentOS, Fedora, etc):\n\n* `/var/lib/chef`\n\nAny BSD and Gentoo:\n\n* `/var/chef`\n\nrun_path\n--------\n\nLocation for pidfiles on systems using init scripts. Default `/var/run/chef`.\n\nIf `init_style` is `init`, this is used, and should match what the init script itself uses for the PID files.\n\ncache_path\n----------\n\nLocation where the client will cache cookbooks and other data. Default is `cache` underneath the `chef[:path]` location. Linux distributions adhering to the FHS prefer `/var/cache/chef` instead.\n\nBase directory for data that is easily regenerated such as cookbook tarballs (`Chef::Config[:cookbook_tarballs]`) on the server, downloaded cookbooks on the client, etc. See the config templates.\n\nbackup_path\n-----------\n\nLocation where backups of files, corresponds to the `file_backup_path` location. Defaults to `backup` under `chef[:path]` location. Set to `false` to use the old behavior which stores the backup files in the same directory as the target.\n\nFHS location suggestion: `/var/lib/chef/backup`.\n\nserve_path\n----------\n\nUsed by the Chef server as the base location to \"serve\" cookbooks, roles and other assets. Default is `/srv/chef`.\n\nserver_version\n--------------\n\nVersion of Chef to install for the server. Used by the `server_proxy` recipe to set the location of the DocumentRoot of the WebUI. Automatically determined via ohai's `chef_packages[:chef][:version]` by default.\n\nclient_version\n--------------\n\nVersion of Chef to install for the client. Used to display a log message about the location of the init scripts when `init_style` is `init`, and can be used to upgrade `chef` gem with the `chef::bootstrap_client` recipe. Automatically determined via ohai's `chef_packages[:chef][:version]` by default.\n\nclient_interval\n---------------\n\nNumber of seconds to run chef-client periodically. Default `1800` (30 minutes).\n\nclient_splay\n------------\n\nSplay interval to randomly add to interval. Default `20`.\n\nlog_dir\n-------\n\nWhen `init_style` is `init`, this directory needs to be created. The default is `/var/log/chef`.\n\nclient_log, indexer_log, server_log\n-----------------------------------\n\nThese options are deprecated to reduce complexity and potential confusion.\n\nserver_port\n-----------\n\nPort for the Server API service to listen on. Default `4000`.\n\nwebui_port\n----------\n\nPort for the Server WebUI service to listen on. Default `4040`.\n\nwebui_enabled\n-------------\n\nAs of version 0.8.x+, the WebUI part of the Chef Server is optional, and disabled by default. To enable it, set this to true.\n\nserver_fqdn\n-----------\n\nFully qualified domain name of the server. Default is `chef.domain` where domain is detected by Ohai. You should configure a DNS entry for your Chef Server.\n\nOn servers, this specifies the URL the server expects to use by default `Chef::Config[:chef_server_url]`, plus it is used in the `server_ssl_req` as the canonical name (CN) and in `server_proxy` for the vhost name.\n\nOn clients, this specifies the URL the client uses to connect to the server as `Chef::Config[:chef_server_url]`.\n\nserver_url\n----------\n\nFull URI for the Chef Server. Used for `chef_server_url` config setting. The default value combines the attributes `chef.url_type`, `chef.server_fqdn` and `chef.server_port`, creating for example \"http://chef.example.com:4000\". If you are using the Opscode Platform, set this to \"https://api.opscode.com/organizations/ORGNAME\", where ORGNAME is your organization's simple string name.\n\nSERVER PROXY\n------------\n\nThe following attributes are used by the `server_proxy.rb` recipe, and are stored in the `server_proxy.rb` attributes file.\n\ndoc_root\n--------\n\nDocumentRoot for the WebUI. Also gets set in the vhost for the API, but it is not used since the vhost merely proxies to the server on port 4000.\n\nserver_ssl_req\n--------------\n\nUsed by the `server_proxy` recipe, this attribute can be used to set up a self-signed SSL certificate automatically using OpenSSL. Fields:\n\n* C: country (two letter code)\n* ST: state/province\n* L: locality or city\n* O: organization\n* OU: organizational unit\n* CN: canonical name, usually the fully qualified domain name of the server (FQDN)\n* emailAddress: contact email address\n\nThis attribute is now in the `server_proxy.rb` attributes file, as it is specific to that context.\n\nserver_proxy.css_expire_hours\n-----------------------------\n\nSets expiration time for CSS in the WebUI.\n\nserver_proxy.js_expire_hours\n----------------------------\n\nSets expiration time for JavaScript in the WebUI.\n\nRECIPES AND USAGE\n=================\n\nThis section describes the recipes in the cookbook and how to use them in your environment.\n\nBOOTSTRAPPING\n-------------\n\nThe first two recipes described are for \"bootstrapping\" a system to be a Chef Client or Chef Server, respectively. Only use these recipes with RubyGems installations of Chef.\n\nThese recipes are typically used with chef-solo using a JSON file of attributes and a run list, and a solo config file. For more information see [Bootstrap Chef RubyGems Installation](http://wiki.opscode.com/display/chef/Bootstrap+Chef+RubyGems+Installation) on the Chef Wiki.\n\nbootstrap_client\n----------------\n\nONLY FOR RUBYGEMS INSTALLATIONS. Do not use this recipe if you installed Chef from packages for your platform.\n\nUse this recipe to \"bootstrap\" a client so it can connect to a Chef Server. This recipe does the following:\n\n* Ensures the gem installed matches the version desired (`client_version` attribute).\n* Sets up the `chef-client` service depending on the `init_style` attribute (see above).\n* Sets up some directories for Chef to use.\n* Creates the client configuration file `/etc/chef/client.rb` based on the configuration passed via JSON.\n\nFor configuring a new client to connect to the Opscode Platform:\n\n {\n \"chef\": {\n \"server_url\": \"https://api.opscode.com/organizations/ORGNAME\"\n },\n \"run_list\": \"recipe[chef::bootstrap_client]\"\n }\n\nFor configuring a new client to connect to a local Chef Server:\n\n {\n \"chef\": {\n \"server_url\": \"http://chef.example.com:4000\"\n },\n \"run_list\": \"recipe[chef::bootstrap_client]\"\n }\n\nThis is the minimal JSON to use for the client configuration. See the ATTRIBUTES section above for more options.\n\nbootstrap_server\n----------------\n\nONLY FOR RUBYGEMS INSTALLATIONS. Do not use this recipe if you installed Chef from packages for your platform.\n\nUse this recipe to \"bootstrap\" a system to become a Chef Server. This recipe does the following:\n\n* Includes the `chef::bootstrap_client` recipe to configure itself to be its own client.\n* Installs CouchDB from package or source depending on the platform.\n* Installs Java for the `chef-solr` search engine.\n* Installs RabbitMQ (`rabbitmq_chef` cookbook) for the `chef-solr-indexer` consumer.\n* Installs all the Server-related Gems.\n* Creates the server configuration file `/etc/chef/server.rb` based on the configuration passed via JSON.\n* Sets up some directories for the server to use.\n* Sets up the `chef-server`, `chef-solr`, `chef-solr-indexer` services depending on the `init_style` attribute (see above).\n\nMinimal JSON to use for the server configuration:\n\n {\n \"chef\": {\n \"server_url\": \"http://localhost.localdomain:4000\",\n },\n \"run_list\": \"recipe[chef::bootstrap_server]\"\n }\n\nNote that the `chef-server-webui` is optional and can be enabled if desired by adding this to the JSON under \"chef\":\n\n \"webui_enabled\": true\n\nclient\n------\n\nThe client recipe is used to manage the configuration of an already-installed and configured Chef client. It can be used after a RubyGems installation bootstrap (per above), or with clients that were installed from platform packaging.\n\nThe recipe itself manages the `/etc/chef/client.rb` config file based on the attributes in this cookbook. When the client config is updated, the recipe will also reread the configuration during the Chef run, so the current Chef run can be dynamically changed.\n\nThis recipe does not manage the `chef-client` service. It is assumed to have been set up and started from the `bootstrap_client` recipe above, or from OS / distribution packaging. The `chef-client` service should not be restarted as a result of `/etc/chef/client.rb` changing, as that can cause the current process running the client to be restarted, having unpredictable results.\n\ndefault\n-------\n\nThere is no spoon :-).\n\ndelete_validation\n-----------------\n\nThis is a standalone recipe that merely deletes the validation certificate (default `/etc/chef/validation.pem`). Use this if managing the client config file is not required in your environment.\n\nBeware if using this on your Chef Server. First copy the validation.pem certificate file to another location, such as your knife configuration directory (`~/.chef`) or [Chef Repository](http://wiki.opscode.com/display/chef/Chef+Repository).\n\nserver\n------\n\nThe server recipe includes the `chef::client` recipe above.\n\nThe recipe itself manages the services and the Server config file `/etc/chef/server.rb`. See above under Platform requirements for cavaet when running Chef Server installed via Debian/Ubuntu packages. Changes to the recipe to manage additional templates may be required.\n\nThe following services are managed:\n\n* chef-solr\n* chef-solr-indexer\n* chef-server\n* chef-webui (if installed)\n\nChanges to the `/etc/chef/server.rb` will trigger a restart of these services.\n\nSince the Chef Server itself typically runs the CouchDB service for the data store, the recipe will do a compaction on the Chef database and all the views associated with the Chef Server. These compactions only occur if the database/view size is more than 100Mb. It will use the configured CouchDB URL, which is `http://localhost:5984` by default. The actual value used for the CouchDB server is from the `Chef::Config[:couchdb_url]`, so this can be dynamically changed.\n\nserver_proxy\n------------\n\nThis recipe sets up an Apache2 VirtualHost to proxy HTTPS for the Chef Server API and WebUI.\n\nThe API will be proxied on port 443. If the `chef-serer-webui` is installed, it will be proxied on port 444. The recipe dynamically creates the OpenSSL certificate based on the `chef.server_ssl_req` attribute. It uses some additional configuration for Apache to improve performance of the webui. The virtual host template is `chef_server.conf.erb`. The DocumentRoot setting is used for the WebUI, but not the API, and is set with the attribute `chef.doc_root`.\n\nTEMPLATES\n=========\n\nchef_server.conf.erb\n--------------------\n\nVirtualHost file used by Apache2 in the `chef::server_proxy` recipe.\n\nclient.rb.erb\n-------------\n\nConfiguration for the client, lands in `/etc/chef/client.rb`.\n\nserver.rb.erb\n-------------\n\nConfiguration for the server and server components, lands in `/etc/chef/server.rb`. See above regarding Debian/Ubuntu packaging config files when using packages to install Chef.\n\nsv-*run.erb\n-----------\n\nVarious runit \"run\" scripts for the Chef services that get configured when `init_style` is \"runit\".\n\nLICENSE AND AUTHORS\n===================\n\n* Author: Joshua Timberman <joshua@opscode.com>\n* Author: Joshua Sierles <joshua@37signals.com>\n\n* Copyright 2008-2010, Opscode, Inc\n* Copyright 2009, 37signals\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\n",
+ "maintainer": "Opscode, Inc.",
+ "maintainer_email": "cookbooks@opscode.com",
+ "license": "Apache 2.0",
+ "platforms": {
+ "ubuntu": [
- ],
- "zlib": [
+ ],
+ "debian": [
- ],
- "runit": [
+ ],
+ "redhat": [
- ],
- "couchdb": [
+ ],
+ "centos": [
- ],
- "java": [
+ ],
+ "fedora": [
- ],
- "openssl": [
+ ],
+ "freebsd": [
- ],
- "rabbitmq_chef": [
+ ],
+ "openbsd": [
- ],
- "apache2": [
+ ]
+ },
+ "dependencies": {
+ "runit": [
- ]
- },
- "groupings": {
- },
- "recommendations": {
- },
- "platforms": {
- "openbsd": [
+ ],
+ "couchdb": [
- ],
- "debian": [
+ ],
+ "rabbitmq_chef": [
- ],
- "fedora": [
+ ],
+ "apache2": [
- ],
- "centos": [
+ ],
+ "openssl": [
- ],
- "freebsd": [
+ ],
+ "zlib": [
- ],
- "ubuntu": [
+ ],
+ "xml": [
- ],
- "redhat": [
+ ],
+ "java": [
- ]
- },
- "license": "Apache 2.0",
- "version": "0.21.2",
- "maintainer": "Opscode, Inc.",
- "suggestions": {
- },
- "recipes": {
- "chef::server": "Configures a chef API server as a merb application",
- "chef::server_proxy": "Configures Apache2 proxy for API and WebUI",
- "chef::bootstrap_server": "Set up rubygem installed chef server",
- "chef": "Default recipe is empty, use one of the other recipes.",
- "chef::bootstrap_client": "Set up rubygem installed chef client",
- "chef::delete_validation": "Deletes validation.pem after client registers",
- "chef::client": "Sets up a client to talk to a chef-server"
- },
- "maintainer_email": "cookbooks@opscode.com",
- "name": "chef",
- "conflicting": {
- },
- "description": "Installs and configures Chef for chef-client and chef-server",
- "long_description": "BOOTSTRAP CHANGES\n=================\n\nThe `bootstrap` cookbook's recipes for configuring a RubyGem installation of Chef have been merged into this cookbook.\n\n bootstrap::client -> chef::bootstrap_client\n bootstrap::server -> chef::bootstrap_server\n\nBe aware of the following changes to this cookbook.\n\n* Bootstrap no longer generates a random password for the webui admin user. The default password is displayed on the webui login page and should be changed immediately after logging in.\n* Server configuration now has a setting for the cookbook tarballs. See the server.rb.erb template.\n* We now set the signing key/cert locations and set owner / group. See the server.rb.erb template.\n* The validation client name is configurable. See the attributes.\n\nDESCRIPTION\n===========\n\nThis cookbook is used to configure the system to be a Chef Client or a Chef Server. It is a complex cookbook, please read this entire document to understand how it works. For more information on how Chef itself works, see the [Chef Wiki](http://wiki.opscode.com)\n\nREQUIREMENTS\n============\n\nChef 0.8.16 or later is required.\n\nChef 0.9.0 or later is required to use the `chef.init_style` attribute value `init`, in order to have the init scripts available.\n\nPlatform\n--------\n\nIf using this cookbook to manage a Chef Server system that was installed from Debian/Ubuntu packages, note that in the packages, the configuration files are split up for server.rb, solr.rb and webui.rb, and the `chef::server` recipe may not work as desired.\n\nWe recommend using a recent version of Ubuntu or Debian for the Chef Server.\n\n* Ubuntu 9.10/10.04\n* Debian testing/unstable\n\nThese versions have newer versions of CouchDB and RabbitMQ packaged.\n\n`chef::client` is tested on Ubuntu 8.04+, Debian 5.0, CentOS 5.x, Fedora 10+, OpenBSD 4.6, FreeBSD 7.1 and Gentoo.\n\n`chef::bootstrap_client` is tested on the above. OpenSolaris 11 is also tested, but there's a bug in Ohai that requires some manual intervention (OHAI-122).\n\n`chef::server` is tested on Ubuntu 8.04+, Debian 5.0.\n\n`chef::bootstrap_server` is tested on Ubuntu 8.04+, Debian 5.0.\n\nClient\n------\n\n`runit` cookbook is suggested for RubyGems installation. No other cookbooks are required for clients.\n\nServer\n------\n\nThe `chef::bootstrap_server` recipe uses the following other cookbooks from the Opscode repository.\n\n* couchdb\n* `rabbitmq_chef`\n* openssl\n* zlib\n* xml\n* java\n\nThe `chef::server_proxy` recipe uses the following cookbook:\n\n* apache2\n\nATTRIBUTES\n==========\n\nThe attributes for configuring the `chef` cookbook are under the `chef` namespace on the node, i.e., `@node[:chef]` or `@node.chef`.\n\nWhen using the bootstrap recipe, set the desired attributes using a JSON file. See \"BOOTSTRAPPING\" for examples.\n\numask\n-----\n\nSets the umask for files created by the server process via `Chef::Config[:umask]` in `/etc/chef/server.rb`\n\nurl_type\n--------\n\nSet up the URLs the client should connect to with this. Default is `http`, which tells the client to connect to `http://server:4000`. If you set up your chef-server to use an SSL front-end for example with `chef::server_proxy`, set this to `https` for clients and the URLs will be `https://server/`.\n\nBy default the only URL config setting for Chef 0.8.x+ is `Chef::Config[:chef_server_url]`. The other older URLs are still supported so you can split out the various functions of the Chef Server, but configuration of those is outside the scope of this cookbook.\n\ninit_style\n----------\n\nSpecifies the init style to use. Default `runit`. Other possible values `init`, `bsd`, any other string will be treated as unknown and a message will be displayed during the Chef run.\n\nIf your platform doesn't have a `runit` package or if the cookbook doesn't detect it, but you still want to use runit, set `init_style` to `none` and install runit separately. You may need to configure the runit services separately.\n\nUsing the `init` value for this attribute will retrieve the init scripts that are distributed with the Chef gem. \n\nThis cookbook does not yet support Upstart for Ubuntu/Debian, but that is planned for a future release, and will be specified via this attribute.\n\npath\n----\n\nThis is the base location where Chef will store data and other artifacts. Default `/srv/chef` for RubyGems installed systems. If using Chef packages for your platform, the location preference varies. The default on Debian and Red Hat based systems is a filesystem hiearchy standard (FHS) suggestion. Some other locations you may consider, by platform:\n\nDebian and Red Hat based Linux distros (Ubuntu, CentOS, Fedora, etc):\n\n* `/var/lib/chef`\n\nAny BSD and Gentoo:\n\n* `/var/chef`\n\nrun_path\n--------\n\nLocation for pidfiles on systems using init scripts. Default `/var/run/chef`.\n\nIf `init_style` is `init`, this is used, and should match what the init script itself uses for the PID files.\n\ncache_path\n----------\n\nLocation where the client will cache cookbooks and other data. Default is `cache` underneath the `chef[:path]` location. Linux distributions adhering to the FHS prefer `/var/cache/chef` instead.\n\nBase directory for data that is easily regenerated such as cookbook tarballs (`Chef::Config[:cookbook_tarballs]`) on the server, downloaded cookbooks on the client, etc. See the config templates.\n\nbackup_path\n-----------\n\nLocation where backups of files, corresponds to the `file_backup_path` location. Defaults to `backup` under `chef[:path]` location. Set to `false` to use the old behavior which stores the backup files in the same directory as the target.\n\nFHS location suggestion: `/var/lib/chef/backup`.\n\nserve_path\n----------\n\nUsed by the Chef server as the base location to \"serve\" cookbooks, roles and other assets. Default is `/srv/chef`.\n\nserver_version\n--------------\n\nVersion of Chef to install for the server. Used by the `server_proxy` recipe to set the location of the DocumentRoot of the WebUI. Automatically determined via ohai's `chef_packages[:chef][:version]` by default.\n\nclient_version\n--------------\n\nVersion of Chef to install for the client. Used to display a log message about the location of the init scripts when `init_style` is `init`, and can be used to upgrade `chef` gem with the `chef::bootstrap_client` recipe. Automatically determined via ohai's `chef_packages[:chef][:version]` by default.\n\nclient_interval\n---------------\n\nNumber of seconds to run chef-client periodically. Default `1800` (30 minutes).\n\nclient_splay\n------------\n\nSplay interval to randomly add to interval. Default `20`.\n\nlog_dir\n-------\n\nWhen `init_style` is `init`, this directory needs to be created. The default is `/var/log/chef`.\n\nclient_log, indexer_log, server_log\n-----------------------------------\n\nThese options are deprecated to reduce complexity and potential confusion.\n\nserver_port\n-----------\n\nPort for the Server API service to listen on. Default `4000`.\n\nwebui_port\n----------\n\nPort for the Server WebUI service to listen on. Default `4040`.\n\nwebui_enabled\n-------------\n\nAs of version 0.8.x+, the WebUI part of the Chef Server is optional, and disabled by default. To enable it, set this to true.\n\nserver_fqdn\n-----------\n\nFully qualified domain name of the server. Default is `chef.domain` where domain is detected by Ohai. You should configure a DNS entry for your Chef Server.\n\nOn servers, this specifies the URL the server expects to use by default `Chef::Config[:chef_server_url]`, plus it is used in the `server_ssl_req` as the canonical name (CN) and in `server_proxy` for the vhost name.\n\nOn clients, this specifies the URL the client uses to connect to the server as `Chef::Config[:chef_server_url]`.\n\nserver_url\n----------\n\nFull URI for the Chef Server. Used for `chef_server_url` config setting. The default value combines the attributes `chef.url_type`, `chef.server_fqdn` and `chef.server_port`, creating for example \"http://chef.example.com:4000\". If you are using the Opscode Platform, set this to \"https://api.opscode.com/organizations/ORGNAME\", where ORGNAME is your organization's simple string name.\n\nSERVER PROXY\n------------\n\nThe following attributes are used by the `server_proxy.rb` recipe, and are stored in the `server_proxy.rb` attributes file.\n\ndoc_root\n--------\n\nDocumentRoot for the WebUI. Also gets set in the vhost for the API, but it is not used since the vhost merely proxies to the server on port 4000.\n\nserver_ssl_req\n--------------\n\nUsed by the `server_proxy` recipe, this attribute can be used to set up a self-signed SSL certificate automatically using OpenSSL. Fields:\n\n* C: country (two letter code)\n* ST: state/province\n* L: locality or city\n* O: organization\n* OU: organizational unit\n* CN: canonical name, usually the fully qualified domain name of the server (FQDN)\n* emailAddress: contact email address\n\nThis attribute is now in the `server_proxy.rb` attributes file, as it is specific to that context.\n\nserver_proxy.css_expire_hours\n-----------------------------\n\nSets expiration time for CSS in the WebUI.\n\nserver_proxy.js_expire_hours\n----------------------------\n\nSets expiration time for JavaScript in the WebUI.\n\nRECIPES AND USAGE\n=================\n\nThis section describes the recipes in the cookbook and how to use them in your environment.\n\nBOOTSTRAPPING\n-------------\n\nThe first two recipes described are for \"bootstrapping\" a system to be a Chef Client or Chef Server, respectively. Only use these recipes with RubyGems installations of Chef.\n\nThese recipes are typically used with chef-solo using a JSON file of attributes and a run list, and a solo config file. For more information see [Bootstrap Chef RubyGems Installation](http://wiki.opscode.com/display/chef/Bootstrap+Chef+RubyGems+Installation) on the Chef Wiki.\n\nbootstrap_client\n----------------\n\nONLY FOR RUBYGEMS INSTALLATIONS. Do not use this recipe if you installed Chef from packages for your platform.\n\nUse this recipe to \"bootstrap\" a client so it can connect to a Chef Server. This recipe does the following:\n\n* Ensures the gem installed matches the version desired (`client_version` attribute).\n* Sets up the `chef-client` service depending on the `init_style` attribute (see above).\n* Sets up some directories for Chef to use.\n* Creates the client configuration file `/etc/chef/client.rb` based on the configuration passed via JSON.\n\nFor configuring a new client to connect to the Opscode Platform:\n\n {\n \"chef\": {\n \"server_url\": \"https://api.opscode.com/organizations/ORGNAME\"\n },\n \"run_list\": \"recipe[chef::bootstrap_client]\"\n }\n\nFor configuring a new client to connect to a local Chef Server:\n\n {\n \"chef\": {\n \"server_url\": \"http://chef.example.com:4000\"\n },\n \"run_list\": \"recipe[chef::bootstrap_client]\"\n }\n\nThis is the minimal JSON to use for the client configuration. See the ATTRIBUTES section above for more options.\n\nbootstrap_server\n----------------\n\nONLY FOR RUBYGEMS INSTALLATIONS. Do not use this recipe if you installed Chef from packages for your platform.\n\nUse this recipe to \"bootstrap\" a system to become a Chef Server. This recipe does the following:\n\n* Includes the `chef::bootstrap_client` recipe to configure itself to be its own client.\n* Installs CouchDB from package or source depending on the platform.\n* Installs Java for the `chef-solr` search engine.\n* Installs RabbitMQ (`rabbitmq_chef` cookbook) for the `chef-solr-indexer` consumer.\n* Installs all the Server-related Gems.\n* Creates the server configuration file `/etc/chef/server.rb` based on the configuration passed via JSON.\n* Sets up some directories for the server to use.\n* Sets up the `chef-server`, `chef-solr`, `chef-solr-indexer` services depending on the `init_style` attribute (see above).\n\nMinimal JSON to use for the server configuration:\n\n {\n \"chef\": {\n \"server_url\": \"http://localhost.localdomain:4000\",\n },\n \"run_list\": \"recipe[chef::bootstrap_server]\"\n }\n\nNote that the `chef-server-webui` is optional and can be enabled if desired by adding this to the JSON under \"chef\":\n\n \"webui_enabled\": true\n\nclient\n------\n\nThe client recipe is used to manage the configuration of an already-installed and configured Chef client. It can be used after a RubyGems installation bootstrap (per above), or with clients that were installed from platform packaging.\n\nThe recipe itself manages the `/etc/chef/client.rb` config file based on the attributes in this cookbook. When the client config is updated, the recipe will also reread the configuration during the Chef run, so the current Chef run can be dynamically changed.\n\nThis recipe does not manage the `chef-client` service. It is assumed to have been set up and started from the `bootstrap_client` recipe above, or from OS / distribution packaging. The `chef-client` service should not be restarted as a result of `/etc/chef/client.rb` changing, as that can cause the current process running the client to be restarted, having unpredictable results.\n\ndefault\n-------\n\nThere is no spoon :-).\n\ndelete_validation\n-----------------\n\nThis is a standalone recipe that merely deletes the validation certificate (default `/etc/chef/validation.pem`). Use this if managing the client config file is not required in your environment.\n\nBeware if using this on your Chef Server. First copy the validation.pem certificate file to another location, such as your knife configuration directory (`~/.chef`) or [Chef Repository](http://wiki.opscode.com/display/chef/Chef+Repository).\n\nserver\n------\n\nThe server recipe includes the `chef::client` recipe above.\n\nThe recipe itself manages the services and the Server config file `/etc/chef/server.rb`. See above under Platform requirements for cavaet when running Chef Server installed via Debian/Ubuntu packages. Changes to the recipe to manage additional templates may be required.\n\nThe following services are managed:\n\n* chef-solr\n* chef-solr-indexer\n* chef-server\n* chef-webui (if installed)\n\nChanges to the `/etc/chef/server.rb` will trigger a restart of these services.\n\nSince the Chef Server itself typically runs the CouchDB service for the data store, the recipe will do a compaction on the Chef database and all the views associated with the Chef Server. These compactions only occur if the database/view size is more than 100Mb. It will use the configured CouchDB URL, which is `http://localhost:5984` by default. The actual value used for the CouchDB server is from the `Chef::Config[:couchdb_url]`, so this can be dynamically changed.\n\nserver_proxy\n------------\n\nThis recipe sets up an Apache2 VirtualHost to proxy HTTPS for the Chef Server API and WebUI.\n\nThe API will be proxied on port 443. If the `chef-serer-webui` is installed, it will be proxied on port 444. The recipe dynamically creates the OpenSSL certificate based on the `chef.server_ssl_req` attribute. It uses some additional configuration for Apache to improve performance of the webui. The virtual host template is `chef_server.conf.erb`. The DocumentRoot setting is used for the WebUI, but not the API, and is set with the attribute `chef.doc_root`.\n\nTEMPLATES\n=========\n\nchef_server.conf.erb\n--------------------\n\nVirtualHost file used by Apache2 in the `chef::server_proxy` recipe.\n\nclient.rb.erb\n-------------\n\nConfiguration for the client, lands in `/etc/chef/client.rb`.\n\nserver.rb.erb\n-------------\n\nConfiguration for the server and server components, lands in `/etc/chef/server.rb`. See above regarding Debian/Ubuntu packaging config files when using packages to install Chef.\n\nsv-*run.erb\n-----------\n\nVarious runit \"run\" scripts for the Chef services that get configured when `init_style` is \"runit\".\n\nLICENSE AND AUTHORS\n===================\n\n* Author: Joshua Timberman <joshua@opscode.com>\n* Author: Joshua Sierles <joshua@37signals.com>\n\n* Copyright 2008-2010, Opscode, Inc\n* Copyright 2009, 37signals\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\n"
- }
+ ]
+ },
+ "recommendations": {
+ },
+ "suggestions": {
+ },
+ "conflicting": {
+ },
+ "providing": {
+ },
+ "replacing": {
+ },
+ "attributes": {
+ },
+ "groupings": {
+ },
+ "recipes": {
+ "chef": "Default recipe is empty, use one of the other recipes.",
+ "chef::client": "Sets up a client to talk to a chef-server",
+ "chef::bootstrap_client": "Set up rubygem installed chef client",
+ "chef::delete_validation": "Deletes validation.pem after client registers",
+ "chef::server": "Configures a chef API server as a merb application",
+ "chef::bootstrap_server": "Set up rubygem installed chef server",
+ "chef::server_proxy": "Configures Apache2 proxy for API and WebUI"
+ },
+ "version": "0.21.3"
+}
View
2 chef/metadata.rb
@@ -3,7 +3,7 @@
license "Apache 2.0"
description "Installs and configures Chef for chef-client and chef-server"
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version "0.21.2"
+version "0.21.3"
recipe "chef", "Default recipe is empty, use one of the other recipes."
recipe "chef::client", "Sets up a client to talk to a chef-server"
recipe "chef::bootstrap_client", "Set up rubygem installed chef client"
View
500 openldap/metadata.json
@@ -1,269 +1,269 @@
{
- "providing": {
+ "name": "openldap",
+ "description": "Configures a server to be an OpenLDAP master, replication slave or client for auth",
+ "long_description": "= DESCRIPTION:\n\nConfigures a server to be an OpenLDAP master, OpenLDAP replication slave, or OpenLDAP client.\n\n= REQUIREMENTS:\n\n== Platform:\n\nUbuntu 8.10 was primarily used in testing this cookbook. Other Ubuntu versions and Debian may work. CentOS and Red Hat are not fully supported, but we take patches.\n\n== Recipes:\n\n* openssh \n* nscd\n\n= ATTRIBUTES:\n\nBe aware of the attributes used by this cookbook and adjust the defaults for your environment where required, in attributes/openldap.rb.\n\n== Client node attributes\n\n* openldap[:basedn] - basedn \n* openldap[:server] - the LDAP server fully qualified domain name, default 'ldap'.node[:domain].\n\n== Server node attributes\n\n* openldap[:slapd_type] - master | slave\n* openldap[:slapd_rid] - unique integer ID, required if type is slave.\n* openldap[:slapd_master] - hostname of slapd master, attempts to search for slapd_type master.\n\n== Apache configuration attributes\n\nAttributes useful for Apache authentication with LDAP.\n\nCOOK-128 - set automatically based on openldap[:server] and openldap[:basedn] if those attributes are set. openldap[:auth_bindpw] remains nil by default as a default value is not easily predicted.\n\n* openldap[:auth_type] - determine whether binddn and bindpw are required (openldap no, ad yes)\n* openldap[:auth_url] - AuthLDAPURL\n* openldap[:auth_binddn] - AuthLDAPBindDN\n* openldap[:auth_bindpw] - AuthLDAPBindPassword\n\n= USAGE:\n\nEdit Rakefile variables for SSL certificate.\n\nOn client systems, \n\n include_recipe \"openldap::auth\"\n \nThis will get the required packages and configuration for client systems. This will be required on server systems as well, so this is a good candidate for inclusion in a site-cookbooks/base.\n\nOn server systems, set the server node attributes in the Chef node, or in a JSON attributes file. Include the openldap::server recipe:\n\n include_recipe \"openldap::server\"\n \nWhen initially installing a brand new LDAP master server on Ubuntu 8.10, the configuration directory may need to be removed and recreated before slapd will start successfully. Doing this programmatically may cause other issues, so fix the directory manually :-).\n\n $ sudo slaptest -F /etc/ldap/slapd.d\n str2entry: invalid value for attributeType objectClass #1 (syntax 1.3.6.1.4.1.1466.115.121.1.38)\n => ldif_enum_tree: failed to read entry for /etc/ldap/slapd.d/cn=config/olcDatabase={1}bdb.ldif\n slaptest: bad configuration directory!\n\nSimply remove the configuration, rerun chef-client. For some reason slapd isn't getting started even though the service resource is notified to start, so start it manually. \n\n $ sudo rm -rf /etc/ldap/slapd.d/ /etc/ldap/slapd.conf\n $ sudo chef-client\n $ sudo /etc/init.d/slapd start\n \n=== A note about certificates\n\nCertificates created by the Rakefile are self signed. If you have a purchased CA, that can be used. Be sure to update the certificate locations in the templates as required. We suggest copying this cookbook to the site-cookbooks for such modifications, so you can still pull from our master for updates, and then merge your changes in.\n \n== NEW DIRECTORY:\n\nIf installing for the first time, the initial directory needs to be created. Create an ldif file, and start populating the directory.\n \n== PASSWORDS:\n\nSet the password, openldap[:rootpw] for the rootdn in the node's attributes. This should be a password hash generated from slappasswd. The default slappasswd command on Ubuntu 8.10 and Mac OS X 10.5 will generate a SHA1 hash:\n\n $ slappasswd -s \"secretsauce\"\n {SSHA}6BjlvtSbVCL88li8IorkqMSofkLio58/\n \nSet this by default in the attributes file, or on the node's entry in the webui. \n \n== LICENSE & AUTHOR:\n\nAuthor:: Joshua Timberman (<joshua@opscode.com>)\nCopyright:: 2009, Opscode, Inc\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n",
+ "maintainer": "Opscode, Inc.",
+ "maintainer_email": "cookbooks@opscode.com",
+ "license": "Apache 2.0",
+ "platforms": {
+ "ubuntu": [
+
+ ],
+ "debian": [
+
+ ]
+ },
+ "dependencies": {
+ "openssh": [
+
+ ],
+ "nscd": [
+
+ ]
+ },
+ "recommendations": {
+ },
+ "suggestions": {
+ },
+ "conflicting": {
+ },
+ "providing": {
+ },
+ "replacing": {
+ },
+ "attributes": {
+ "openldap/basedn": {
+ "display_name": "OpenLDAP BaseDN",
+ "description": "BaseDN for the LDAP directory",
+ "default": "dc=domain,dc=com",
+ "choice": [
+
+ ],
+ "calculated": false,
+ "type": "string",
+ "required": "optional",
+ "recipes": [
+
+ ]
},
- "attributes": {
- "openldap/auth_binddn": {
- "required": "optional",
- "calculated": false,
- "choice": [
-
- ],
- "default": "ou=people,openldap_basedn",
- "type": "string",
- "recipes": [
-
- ],
- "description": "Used in auth_url and Apache configs, AuthBindDN",
- "display_name": "OpenLDAP Auth BindDN"
- },
- "openldap/slapd_rid": {
- "required": "optional",
- "calculated": false,
- "choice": [
-
- ],
- "default": "102",
- "type": "string",
- "recipes": [
-
- ],
- "description": "Slave's ID, must be unique",
- "display_name": "OpenLDAP Slapd Replication ID"
- },
- "openldap/slapd_replpw": {
- "required": "optional",
- "calculated": false,
- "choice": [
-
- ],
- "default": "nil",
- "type": "string",
- "recipes": [
-
- ],
- "description": "Password for slaves to replicate from master",
- "display_name": "OpenLDAP Slapd Replication Password"
- },
- "openldap/server": {
- "required": "optional",
- "calculated": false,
- "choice": [
-
- ],
- "default": "ldap.domain",
- "type": "string",
- "recipes": [
-
- ],
- "description": "LDAP Server, used for URIs",
- "display_name": "OpenLDAP Server"
- },
- "openldap/auth_url": {
- "required": "optional",
- "calculated": false,
- "choice": [
-
- ],
- "default": "ldap://openldap_server/openldap_auth_binddn?uid?sub?(objectClass=*)",
- "type": "string",
- "recipes": [
-
- ],
- "description": "Used in Apache configs, AuthLDAPURL",
- "display_name": "OpenLDAP Auth URL"
- },
- "openldap/cafile": {
- "required": "optional",
- "calculated": false,
- "choice": [
-
- ],
- "default": "openldap_dir_ssl/ca.crt",
- "type": "string",
- "recipes": [
-
- ],
- "description": "Location for CA certificate",
- "display_name": "OpenLDAP CA File"
- },
- "openldap/module_dir": {
- "required": "optional",
- "calculated": false,
- "choice": [
-
- ],
- "default": "/usr/lib/ldap",
- "type": "string",
- "recipes": [
-
- ],
- "description": "Location for OpenLDAP add-on modules",
- "display_name": "OpenLDAP Module Directory"
- },
- "openldap/run_dir": {
- "required": "optional",
- "calculated": false,
- "choice": [
-
- ],
- "default": "/var/run/slapd",
- "type": "string",
- "recipes": [
-
- ],
- "description": "Run directory for LDAP server processes",
- "display_name": "OpenLDAP Run Directory"
- },
- "openldap/ssl_dir": {
- "required": "optional",
- "calculated": false,
- "choice": [
-
- ],
- "default": "openldap_dir/ssl",
- "type": "string",
- "recipes": [
-
- ],
- "description": "Location for LDAP SSL certificates",
- "display_name": "OpenLDAP SSL Directory"
- },
- "openldap/dir": {
- "required": "optional",
- "calculated": false,
- "choice": [
-
- ],
- "default": "/etc/ldap",
- "type": "string",
- "recipes": [
-
- ],
- "description": "Main configuration directory for OpenLDAP",
- "display_name": "OpenLDAP Dir"
- },
- "openldap/auth_bindpw": {
- "required": "optional",
- "calculated": false,
- "choice": [
-
- ],
- "default": "nil",
- "type": "string",
- "recipes": [
-
- ],
- "description": "Used in Apache configs, AuthBindPassword",
- "display_name": "OpenLDAP Auth Bind Password"
- },
- "openldap/slapd_master": {
- "required": "optional",
- "calculated": false,
- "choice": [
-
- ],
- "default": "nil",
- "type": "string",
- "recipes": [
-
- ],
- "description": "Search nodes for attribute slapd_type master, for slaves",
- "display_name": "OpenLDP Slapd Master"
- },
- "openldap/slapd_type": {
- "required": "optional",
- "calculated": false,
- "choice": [
-
- ],
- "default": "nil",
- "type": "string",
- "recipes": [
-
- ],
- "description": "Whether the server is a master or slave",
- "display_name": "OpenLDAP Slapd Type"
- },
- "openldap/basedn": {
- "required": "optional",
- "calculated": false,
- "choice": [
-
- ],
- "default": "dc=domain,dc=com",
- "type": "string",
- "recipes": [
-
- ],
- "description": "BaseDN for the LDAP directory",
- "display_name": "OpenLDAP BaseDN"
- },
- "openldap/rootpw": {
- "required": "optional",
- "calculated": false,
- "choice": [
-
- ],
- "default": "nil",
- "type": "string",
- "recipes": [
-
- ],
- "description": "Password for 'admin' root user, should be a SHA hash that OpenLDAP supports",
- "display_name": "OpenLDAP Root Password"
- },
- "openldap/auth_type": {
- "required": "optional",
- "calculated": false,
- "choice": [
-
- ],
- "default": "openldap",
- "type": "string",
- "recipes": [
-
- ],
- "description": "Used in Apache configs, AuthBasicProvider",
- "display_name": "OpenLDAP Auth Type"
- }
+ "openldap/server": {
+ "display_name": "OpenLDAP Server",
+ "description": "LDAP Server, used for URIs",
+ "default": "ldap.domain",
+ "choice": [
+
+ ],
+ "calculated": false,
+ "type": "string",
+ "required": "optional",
+ "recipes": [
+
+ ]
},
- "replacing": {
+ "openldap/rootpw": {
+ "display_name": "OpenLDAP Root Password",
+ "description": "Password for 'admin' root user, should be a SHA hash that OpenLDAP supports",
+ "default": "nil",
+ "choice": [
+
+ ],
+ "calculated": false,
+ "type": "string",
+ "required": "optional",
+ "recipes": [
+
+ ]
},
- "dependencies": {
- "nscd": [
+ "openldap/dir": {
+ "display_name": "OpenLDAP Dir",
+ "description": "Main configuration directory for OpenLDAP",
+ "default": "/etc/ldap",
+ "choice": [
],
- "openssh": [
+ "calculated": false,
+ "type": "string",
+ "required": "optional",
+ "recipes": [
]
},
- "groupings": {
+ "openldap/run_dir": {
+ "display_name": "OpenLDAP Run Directory",
+ "description": "Run directory for LDAP server processes",
+ "default": "/var/run/slapd",
+ "choice": [
+
+ ],
+ "calculated": false,
+ "type": "string",
+ "required": "optional",
+ "recipes": [
+
+ ]
},
- "recommendations": {
+ "openldap/module_dir": {
+ "display_name": "OpenLDAP Module Directory",
+ "description": "Location for OpenLDAP add-on modules",
+ "default": "/usr/lib/ldap",
+ "choice": [
+
+ ],
+ "calculated": false,
+ "type": "string",
+ "required": "optional",
+ "recipes": [
+
+ ]
},
- "platforms": {
- "debian": [
+ "openldap/ssl_dir": {
+ "display_name": "OpenLDAP SSL Directory",
+ "description": "Location for LDAP SSL certificates",
+ "default": "openldap_dir/ssl",
+ "choice": [
],
- "ubuntu": [
+ "calculated": false,
+ "type": "string",
+ "required": "optional",
+ "recipes": [
]
},
- "license": "Apache 2.0",
- "version": "0.9.2",
- "maintainer": "Opscode, Inc.",
- "suggestions": {
+ "openldap/cafile": {
+ "display_name": "OpenLDAP CA File",
+ "description": "Location for CA certificate",
+ "default": "openldap_dir_ssl/ca.crt",
+ "choice": [
+
+ ],
+ "calculated": false,
+ "type": "string",
+ "required": "optional",
+ "recipes": [
+
+ ]
},
- "recipes": {
- "openldap::auth": "Set up openldap for user authentication",
- "openldap": "Empty, use one of the other recipes",
- "openldap::server": "Set up openldap to be a slapd server",
- "openldap::client": "Install openldap client packages"
+ "openldap/slapd_type": {
+ "display_name": "OpenLDAP Slapd Type",
+ "description": "Whether the server is a master or slave",
+ "default": "nil",
+ "choice": [
+
+ ],
+ "calculated": false,
+ "type": "string",
+ "required": "optional",
+ "recipes": [
+
+ ]
},
- "maintainer_email": "cookbooks@opscode.com",
- "name": "openldap",
- "conflicting": {
+ "openldap/slapd_master": {
+ "display_name": "OpenLDP Slapd Master",
+ "description": "Search nodes for attribute slapd_type master, for slaves",
+ "default": "nil",
+ "choice": [
+
+ ],
+ "calculated": false,
+ "type": "string",
+ "required": "optional",
+ "recipes": [
+
+ ]
+ },
+ "openldap/slapd_replpw": {
+ "display_name": "OpenLDAP Slapd Replication Password",
+ "description": "Password for slaves to replicate from master",
+ "default": "nil",
+ "choice": [
+
+ ],
+ "calculated": false,
+ "type": "string",
+ "required": "optional",
+ "recipes": [
+
+ ]
+ },
+ "openldap/slapd_rid": {
+ "display_name": "OpenLDAP Slapd Replication ID",
+ "description": "Slave's ID, must be unique",
+ "default": "102",
+ "choice": [
+
+ ],
+ "calculated": false,
+ "type": "string",
+ "required": "optional",
+ "recipes": [
+
+ ]
+ },
+ "openldap/auth_type": {
+ "display_name": "OpenLDAP Auth Type",
+ "description": "Used in Apache configs, AuthBasicProvider",
+ "default": "openldap",
+ "choice": [
+
+ ],
+ "calculated": false,
+ "type": "string",
+ "required": "optional",
+ "recipes": [
+
+ ]
+ },
+ "openldap/auth_binddn": {
+ "display_name": "OpenLDAP Auth BindDN",
+ "description": "Used in auth_url and Apache configs, AuthBindDN",
+ "default": "ou=people,openldap_basedn",
+ "choice": [
+
+ ],
+ "calculated": false,
+ "type": "string",
+ "required": "optional",
+ "recipes": [
+
+ ]
},
- "description": "Configures a server to be an OpenLDAP master, replication slave or client for auth",
- "long_description": "= DESCRIPTION:\n\nConfigures a server to be an OpenLDAP master, OpenLDAP replication slave, or OpenLDAP client.\n\n= REQUIREMENTS:\n\n== Platform:\n\nUbuntu 8.10 was primarily used in testing this cookbook. Other Ubuntu versions and Debian may work. CentOS and Red Hat are not fully supported, but we take patches.\n\n== Recipes:\n\n* openssh \n* nscd\n\n= ATTRIBUTES:\n\nBe aware of the attributes used by this cookbook and adjust the defaults for your environment where required, in attributes/openldap.rb.\n\n== Client node attributes\n\n* openldap[:basedn] - basedn \n* openldap[:server] - the LDAP server fully qualified domain name, default 'ldap'.node[:domain].\n\n== Server node attributes\n\n* openldap[:slapd_type] - master | slave\n* openldap[:slapd_rid] - unique integer ID, required if type is slave.\n* openldap[:slapd_master] - hostname of slapd master, attempts to search for slapd_type master.\n\n== Apache configuration attributes\n\nAttributes useful for Apache authentication with LDAP.\n\nCOOK-128 - set automatically based on openldap[:server] and openldap[:basedn] if those attributes are set. openldap[:auth_bindpw] remains nil by default as a default value is not easily predicted.\n\n* openldap[:auth_type] - determine whether binddn and bindpw are required (openldap no, ad yes)\n* openldap[:auth_url] - AuthLDAPURL\n* openldap[:auth_binddn] - AuthLDAPBindDN\n* openldap[:auth_bindpw] - AuthLDAPBindPassword\n\n= USAGE:\n\nEdit Rakefile variables for SSL certificate.\n\nOn client systems, \n\n include_recipe \"openldap::auth\"\n \nThis will get the required packages and configuration for client systems. This will be required on server systems as well, so this is a good candidate for inclusion in a site-cookbooks/base.\n\nOn server systems, set the server node attributes in the Chef node, or in a JSON attributes file. Include the openldap::server recipe:\n\n include_recipe \"openldap::server\"\n \nWhen initially installing a brand new LDAP master server on Ubuntu 8.10, the configuration directory may need to be removed and recreated before slapd will start successfully. Doing this programmatically may cause other issues, so fix the directory manually :-).\n\n $ sudo slaptest -F /etc/ldap/slapd.d\n str2entry: invalid value for attributeType objectClass #1 (syntax 1.3.6.1.4.1.1466.115.121.1.38)\n => ldif_enum_tree: failed to read entry for /etc/ldap/slapd.d/cn=config/olcDatabase={1}bdb.ldif\n slaptest: bad configuration directory!\n\nSimply remove the configuration, rerun chef-client. For some reason slapd isn't getting started even though the service resource is notified to start, so start it manually. \n\n $ sudo rm -rf /etc/ldap/slapd.d/ /etc/ldap/slapd.conf\n $ sudo chef-client\n $ sudo /etc/init.d/slapd start\n \n=== A note about certificates\n\nCertificates created by the Rakefile are self signed. If you have a purchased CA, that can be used. Be sure to update the certificate locations in the templates as required. We suggest copying this cookbook to the site-cookbooks for such modifications, so you can still pull from our master for updates, and then merge your changes in.\n \n== NEW DIRECTORY:\n\nIf installing for the first time, the initial directory needs to be created. Create an ldif file, and start populating the directory.\n \n== PASSWORDS:\n\nSet the password, openldap[:rootpw] for the rootdn in the node's attributes. This should be a password hash generated from slappasswd. The default slappasswd command on Ubuntu 8.10 and Mac OS X 10.5 will generate a SHA1 hash:\n\n $ slappasswd -s \"secretsauce\"\n {SSHA}6BjlvtSbVCL88li8IorkqMSofkLio58/\n \nSet this by default in the attributes file, or on the node's entry in the webui. \n \n== LICENSE & AUTHOR:\n\nAuthor:: Joshua Timberman (<joshua@opscode.com>)\nCopyright:: 2009, Opscode, Inc\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n"
- }
+ "openldap/auth_bindpw": {
+ "display_name": "OpenLDAP Auth Bind Password",
+ "description": "Used in Apache configs, AuthBindPassword",
+ "default": "nil",
+ "choice": [
+
+ ],
+ "calculated": false,
+ "type": "string",
+ "required": "optional",
+ "recipes": [
+
+ ]
+ },
+ "openldap/auth_url": {
+ "display_name": "OpenLDAP Auth URL",
+ "description": "Used in Apache configs, AuthLDAPURL",
+ "default": "ldap://openldap_server/openldap_auth_binddn?uid?sub?(objectClass=*)",
+ "choice": [
+
+ ],
+ "calculated": false,
+ "type": "string",
+ "required": "optional",
+ "recipes": [
+
+ ]
+ }
+ },
+ "groupings": {
+ },
+ "recipes": {
+ "openldap": "Empty, use one of the other recipes",
+ "openldap::auth": "Set up openldap for user authentication",
+ "openldap::client": "Install openldap client packages",
+ "openldap::server": "Set up openldap to be a slapd server"
+ },
+ "version": "0.9.3"
+}
View
2 openldap/metadata.rb
@@ -3,7 +3,7 @@
license "Apache 2.0"
description "Configures a server to be an OpenLDAP master, replication slave or client for auth"
long_description IO.read(File.join(File.dirname(__FILE__), 'README.rdoc'))
-version "0.9.2"
+version "0.9.3"
recipe "openldap", "Empty, use one of the other recipes"
recipe "openldap::auth", "Set up openldap for user authentication"
recipe "openldap::client", "Install openldap client packages"
View
1,637 riak/metadata.json
817 additions, 820 deletions not shown because the diff is too large. Please use a local Git client to view these changes.
View
2 riak/metadata.rb
@@ -22,7 +22,7 @@
maintainer_email "riak@basho.com"
license "Apache 2.0"
description "Installs and configures Riak distributed data store (v0.10 and later)"
-version "0.12.0"
+version "0.12.1"
recipe "riak", "Installs Riak"
recipe "riak::autoconf", "Automatically configure nodes from chef-server information."
recipe "riak::innostore", "Install and configure the Innostore backend."

0 comments on commit e48bbef

Please sign in to comment.
Something went wrong with that request. Please try again.