Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

add chef cookbooks

- vendor cookbooks with berks
- add capistrano script to deploy and run chef on remote servers
- add run list
- add chef roles
  • Loading branch information...
commit 6d920bcfc4b1f7a1322ee40deca81ed3f04cb330 1 parent 6a3bb74
@deepak authored
Showing with 11,505 additions and 19 deletions.
  1. +8 −17 .gitignore
  2. +22 −0 Berksfile
  3. +13 −0 Berksfile.lock
  4. +221 −0 Capfile
  5. +34 −0 Gemfile
  6. +259 −0 Gemfile.lock
  7. +4 −2 README.md
  8. +21 −0 Rakefile
  9. +37 −0 Vagrantfile
  10. +17 −0 bin/chef
  11. +2 −0  bin/post_install.sh
  12. +1 −0  cookbooks/bundler/attributes/bundler.rb
  13. +7 −0 cookbooks/bundler/metadata.rb
  14. +3 −0  cookbooks/bundler/recipes/default.rb
  15. +1 −0  cookbooks/nginx/README.md
  16. +1 −0  cookbooks/nginx/attributes/nginx.rb
  17. +25 −0 cookbooks/nginx/files/backup/nginx-1.2.4/fastcgi_params
  18. +108 −0 cookbooks/nginx/files/backup/nginx-1.2.4/koi-utf
  19. +102 −0 cookbooks/nginx/files/backup/nginx-1.2.4/koi-win
  20. +79 −0 cookbooks/nginx/files/backup/nginx-1.2.4/mime.types
  21. +13 −0 cookbooks/nginx/files/backup/nginx-1.2.4/naxsi.rules
  22. +75 −0 cookbooks/nginx/files/backup/nginx-1.2.4/naxsi_core.rules
  23. +95 −0 cookbooks/nginx/files/backup/nginx-1.2.4/nginx.conf
  24. +3 −0  cookbooks/nginx/files/backup/nginx-1.2.4/proxy_params
  25. +14 −0 cookbooks/nginx/files/backup/nginx-1.2.4/scgi_params
  26. +120 −0 cookbooks/nginx/files/backup/nginx-1.2.4/sites-available/default
  27. +15 −0 cookbooks/nginx/files/backup/nginx-1.2.4/uwsgi_params
  28. +125 −0 cookbooks/nginx/files/backup/nginx-1.2.4/win-utf
  29. +8 −0 cookbooks/nginx/metadata.rb
  30. +52 −0 cookbooks/nginx/recipes/default.rb
  31. +19 −0 cookbooks/nginx/spec/default_nginx_spec.rb
  32. +125 −0 cookbooks/nginx/templates/default/acme-webapp.erb
  33. +160 −0 cookbooks/nginx/templates/default/nginx.conf.erb
  34. +13 −0 cookbooks/node/recipes/default.rb
  35. +2 −0  cookbooks/packages/README.md
  36. +1 −0  cookbooks/packages/attributes/packages.rb
  37. +53 −0 cookbooks/packages/files/default/unicornctl
  38. +9 −0 cookbooks/packages/metadata.rb
  39. +42 −0 cookbooks/packages/recipes/default.rb
  40. +14 −0 cookbooks/packages/recipes/scripts.rb
  41. +102 −0 cookbooks/packages/templates/default/compute_package_size.py.erb
  42. +5 −0 cookbooks/postgres/attributes/postgres.rb
  43. +99 −0 cookbooks/postgres/files/9.1/pg_hba.conf
  44. +556 −0 cookbooks/postgres/files/9.1/postgresql.conf
  45. +7 −0 cookbooks/postgres/metadata.rb
  46. +60 −0 cookbooks/postgres/recipes/default.rb
  47. +99 −0 cookbooks/postgres/templates/default/pg_hba_9.1.conf.erb
  48. +99 −0 cookbooks/postgres/templates/default/pg_hba_9.2.conf.erb
  49. +49 −0 cookbooks/rails/recipes/default.rb
  50. +118 −0 cookbooks/rails/templates/default/unicorn.conf.erb
  51. +1 −0  cookbooks/ruby/README.md
  52. +1 −0  cookbooks/ruby/attributes/ruby.rb
  53. BIN  cookbooks/ruby/files/ruby-1.9.3-p327.tar.gz
  54. +7 −0 cookbooks/ruby/metadata.rb
  55. +32 −0 cookbooks/ruby/recipes/default.rb
  56. +1 −0  cookbooks/timezone/attributes/timezone.rb
  57. +11 −0 cookbooks/timezone/metadata.rb
  58. +33 −0 cookbooks/timezone/recipes/default.rb
  59. +5 −0 cookbooks/users/README.md
  60. +8 −0 cookbooks/users/attributes/users.rb
  61. +8 −0 cookbooks/users/metadata.rb
  62. +90 −0 cookbooks/users/recipes/default.rb
  63. +11 −0 cookbooks/users/templates/default/.bash_aliases.erb
  64. +2 −0  cookbooks/users/templates/default/.gemrc.erb
  65. +23 −0 cookbooks/users/templates/default/.gitconfig.erb
  66. +15 −0 cookbooks/users/templates/default/.profile.erb
  67. +4 −0 cookbooks/users/templates/default/authorized_keys.erb
  68. +3 −0  dna.json
  69. +5 −0 dna/nodes.yml
  70. +18 −0 roles/basebox.rb
  71. +7 −0 roles/database.rb
  72. +12 −0 roles/ruby_webapp.rb
  73. +4 −0 solo.rb
  74. BIN  vendor/cache/CFPropertyList-2.0.17.gem
  75. BIN  vendor/cache/Platform-0.4.0.gem
  76. BIN  vendor/cache/activemodel-3.2.11.gem
  77. BIN  vendor/cache/activesupport-3.2.11.gem
  78. BIN  vendor/cache/addressable-2.3.2.gem
  79. BIN  vendor/cache/ansi-1.3.0.gem
  80. BIN  vendor/cache/archive-tar-minitar-0.5.2.gem
  81. BIN  vendor/cache/arr-pm-0.0.7.gem
  82. BIN  vendor/cache/backports-2.3.0.gem
  83. BIN  vendor/cache/berkshelf-1.1.2.gem
  84. BIN  vendor/cache/builder-3.0.4.gem
  85. BIN  vendor/cache/bunny-0.7.9.gem
  86. BIN  vendor/cache/cabin-0.4.4.gem
  87. BIN  vendor/cache/capistrano-2.14.2.gem
  88. BIN  vendor/cache/celluloid-0.12.4.gem
  89. BIN  vendor/cache/chef-10.16.6.gem
  90. BIN  vendor/cache/chefspec-0.9.0.gem
  91. BIN  vendor/cache/childprocess-0.3.6.gem
  92. BIN  vendor/cache/chozo-0.4.2.gem
  93. BIN  vendor/cache/ci_reporter-1.7.3.gem
  94. BIN  vendor/cache/clamp-0.5.0.gem
  95. BIN  vendor/cache/coderay-1.0.8.gem
  96. BIN  vendor/cache/cucumber-1.2.1.gem
  97. BIN  vendor/cache/diff-lcs-1.1.3.gem
  98. BIN  vendor/cache/erubis-2.7.0.gem
  99. BIN  vendor/cache/excon-0.16.10.gem
  100. BIN  vendor/cache/facter-1.6.17.gem
  101. BIN  vendor/cache/faraday-0.8.4.gem
  102. BIN  vendor/cache/ffi-1.3.1.gem
  103. BIN  vendor/cache/fission-0.4.0.gem
  104. BIN  vendor/cache/fog-1.7.0.gem
  105. BIN  vendor/cache/foodcritic-1.7.0.gem
  106. BIN  vendor/cache/formatador-0.2.4.gem
  107. BIN  vendor/cache/fpm-0.4.6.gem
  108. BIN  vendor/cache/gherkin-2.11.5.gem
  109. BIN  vendor/cache/gist-3.1.1.gem
  110. BIN  vendor/cache/grit-2.5.0.gem
  111. BIN  vendor/cache/hashie-1.2.0.gem
  112. BIN  vendor/cache/highline-1.6.15.gem
  113. BIN  vendor/cache/i18n-0.6.1.gem
  114. BIN  vendor/cache/ipaddress-0.8.0.gem
  115. BIN  vendor/cache/json-1.5.4.gem
  116. BIN  vendor/cache/libxml-ruby-2.3.3.gem
  117. BIN  vendor/cache/log4r-1.1.10.gem
  118. BIN  vendor/cache/method_source-0.7.1.gem
  119. BIN  vendor/cache/mime-types-1.19.gem
  120. BIN  vendor/cache/minitar-0.5.4.gem
  121. BIN  vendor/cache/minitest-4.3.0.gem
  122. BIN  vendor/cache/minitest-chef-handler-0.6.3.gem
  123. BIN  vendor/cache/mixlib-authentication-1.3.0.gem
  124. BIN  vendor/cache/mixlib-cli-1.3.0.gem
  125. BIN  vendor/cache/mixlib-config-1.1.2.gem
  126. BIN  vendor/cache/mixlib-log-1.4.1.gem
  127. BIN  vendor/cache/mixlib-shellout-1.1.0.gem
  128. BIN  vendor/cache/moneta-0.6.0.gem
  129. BIN  vendor/cache/multi_json-1.5.0.gem
  130. BIN  vendor/cache/multipart-post-1.1.5.gem
  131. BIN  vendor/cache/net-http-persistent-2.8.gem
  132. BIN  vendor/cache/net-scp-1.0.4.gem
  133. BIN  vendor/cache/net-sftp-2.0.5.gem
  134. BIN  vendor/cache/net-ssh-2.2.2.gem
  135. BIN  vendor/cache/net-ssh-gateway-1.1.0.gem
  136. BIN  vendor/cache/net-ssh-multi-1.1.gem
  137. BIN  vendor/cache/nokogiri-1.5.6.gem
  138. BIN  vendor/cache/ohai-6.16.0.gem
  139. BIN  vendor/cache/open4-1.3.0.gem
  140. BIN  vendor/cache/polyglot-0.3.3.gem
  141. BIN  vendor/cache/popen4-0.1.2.gem
  142. BIN  vendor/cache/posix-spawn-0.3.6.gem
  143. BIN  vendor/cache/progressbar-0.11.0.gem
  144. BIN  vendor/cache/pry-0.9.8.4.gem
  145. BIN  vendor/cache/rak-1.4.gem
  146. BIN  vendor/cache/rake-10.0.3.gem
  147. BIN  vendor/cache/rest-client-1.6.7.gem
  148. BIN  vendor/cache/ridley-0.6.3.gem
  149. BIN  vendor/cache/rspec-2.11.0.gem
  150. BIN  vendor/cache/rspec-core-2.11.1.gem
  151. BIN  vendor/cache/rspec-expectations-2.11.3.gem
  152. BIN  vendor/cache/rspec-mocks-2.11.3.gem
  153. BIN  vendor/cache/ruby-hmac-0.4.0.gem
  154. BIN  vendor/cache/ruby-vnc-1.0.1.gem
  155. BIN  vendor/cache/slop-2.4.4.gem
  156. BIN  vendor/cache/solve-0.4.1.gem
  157. BIN  vendor/cache/systemu-2.5.2.gem
  158. BIN  vendor/cache/thor-0.16.0.gem
  159. BIN  vendor/cache/timers-1.1.0.gem
  160. BIN  vendor/cache/treetop-1.4.12.gem
  161. BIN  vendor/cache/uuidtools-2.1.3.gem
  162. BIN  vendor/cache/vagrant-1.0.5.gem
  163. BIN  vendor/cache/vagrant-list-0.0.5.gem
  164. BIN  vendor/cache/veewee-0.3.1.gem
  165. BIN  vendor/cache/yajl-ruby-1.1.0.gem
  166. BIN  vendor/chef/chef_ubuntu_12.04_x86_64.deb
  167. +60 −0 vendor/cookbooks/apt/CHANGELOG.md
  168. +29 −0 vendor/cookbooks/apt/CONTRIBUTING
  169. +3 −0  vendor/cookbooks/apt/Gemfile
  170. +201 −0 vendor/cookbooks/apt/LICENSE
  171. +209 −0 vendor/cookbooks/apt/README.md
  172. +2 −0  vendor/cookbooks/apt/attributes/default.rb
  173. +50 −0 vendor/cookbooks/apt/files/default/apt-proxy-v2.conf
  174. +34 −0 vendor/cookbooks/apt/metadata.json
  175. +14 −0 vendor/cookbooks/apt/metadata.rb
  176. +61 −0 vendor/cookbooks/apt/providers/preference.rb
  177. +132 −0 vendor/cookbooks/apt/providers/repository.rb
  178. +59 −0 vendor/cookbooks/apt/recipes/cacher-client.rb
  179. +43 −0 vendor/cookbooks/apt/recipes/cacher-ng.rb
  180. +68 −0 vendor/cookbooks/apt/recipes/default.rb
  181. +29 −0 vendor/cookbooks/apt/resources/preference.rb
  182. +40 −0 vendor/cookbooks/apt/resources/repository.rb
  183. +2 −0  vendor/cookbooks/apt/templates/default/01proxy.erb
  184. +276 −0 vendor/cookbooks/apt/templates/default/acng.conf.erb
  185. +31 −0 vendor/cookbooks/build-essential/CHANGELOG.md
  186. +29 −0 vendor/cookbooks/build-essential/CONTRIBUTING
  187. +3 −0  vendor/cookbooks/build-essential/Gemfile
  188. +201 −0 vendor/cookbooks/build-essential/LICENSE
  189. +129 −0 vendor/cookbooks/build-essential/README.md
  190. +33 −0 vendor/cookbooks/build-essential/attributes/default.rb
  191. +41 −0 vendor/cookbooks/build-essential/metadata.json
  192. +14 −0 vendor/cookbooks/build-essential/metadata.rb
  193. +92 −0 vendor/cookbooks/build-essential/recipes/default.rb
  194. +28 −0 vendor/cookbooks/chef_handler/CHANGELOG.md
  195. +29 −0 vendor/cookbooks/chef_handler/CONTRIBUTING
  196. +201 −0 vendor/cookbooks/chef_handler/LICENSE
  197. +103 −0 vendor/cookbooks/chef_handler/README.md
  198. +30 −0 vendor/cookbooks/chef_handler/attributes/default.rb
  199. +1 −0  vendor/cookbooks/chef_handler/files/default/handlers/README
  200. +29 −0 vendor/cookbooks/chef_handler/metadata.json
  201. +7 −0 vendor/cookbooks/chef_handler/metadata.rb
  202. +93 −0 vendor/cookbooks/chef_handler/providers/default.rb
  203. +33 −0 vendor/cookbooks/chef_handler/recipes/default.rb
  204. +28 −0 vendor/cookbooks/chef_handler/recipes/json_file.rb
  205. +34 −0 vendor/cookbooks/chef_handler/resources/default.rb
  206. +17 −0 vendor/cookbooks/dmg/CHANGELOG.md
  207. +29 −0 vendor/cookbooks/dmg/CONTRIBUTING
  208. +201 −0 vendor/cookbooks/dmg/LICENSE
  209. +142 −0 vendor/cookbooks/dmg/README.md
  210. +20 −0 vendor/cookbooks/dmg/attributes/default.rb
  211. +30 −0 vendor/cookbooks/dmg/metadata.json
  212. +8 −0 vendor/cookbooks/dmg/metadata.rb
  213. +82 −0 vendor/cookbooks/dmg/providers/package.rb
  214. +18 −0 vendor/cookbooks/dmg/recipes/default.rb
  215. +37 −0 vendor/cookbooks/dmg/resources/package.rb
  216. +49 −0 vendor/cookbooks/git/CHANGELOG.md
  217. +29 −0 vendor/cookbooks/git/CONTRIBUTING
  218. +201 −0 vendor/cookbooks/git/LICENSE
  219. +115 −0 vendor/cookbooks/git/README.md
  220. +37 −0 vendor/cookbooks/git/attributes/default.rb
  221. +48 −0 vendor/cookbooks/git/metadata.json
  222. +20 −0 vendor/cookbooks/git/metadata.rb
  223. +46 −0 vendor/cookbooks/git/recipes/default.rb
  224. +38 −0 vendor/cookbooks/git/recipes/server.rb
  225. +48 −0 vendor/cookbooks/git/recipes/source.rb
  226. +32 −0 vendor/cookbooks/git/recipes/windows.rb
  227. +2 −0  vendor/cookbooks/git/templates/default/sv-git-daemon-log-run.erb
  228. +3 −0  vendor/cookbooks/git/templates/default/sv-git-daemon-run.erb
  229. +45 −0 vendor/cookbooks/locale/README.md
  230. +3 −0  vendor/cookbooks/locale/attributes/default.rb
  231. +10 −0 vendor/cookbooks/locale/metadata.rb
  232. +43 −0 vendor/cookbooks/locale/recipes/default.rb
  233. +20 −0 vendor/cookbooks/newrelic-sysmond/LICENSE.txt
  234. +62 −0 vendor/cookbooks/newrelic-sysmond/README.md
  235. +35 −0 vendor/cookbooks/newrelic-sysmond/Rakefile
  236. +20 −0 vendor/cookbooks/newrelic-sysmond/attributes/default.rb
  237. +32 −0 vendor/cookbooks/newrelic-sysmond/metadata.json
  238. +12 −0 vendor/cookbooks/newrelic-sysmond/metadata.rb
  239. +29 −0 vendor/cookbooks/newrelic-sysmond/recipes/default.rb
  240. +131 −0 vendor/cookbooks/newrelic-sysmond/templates/default/nrsysmond.cfg.erb
  241. +39 −0 vendor/cookbooks/ntp/CHANGELOG.md
  242. +29 −0 vendor/cookbooks/ntp/CONTRIBUTING
  243. +201 −0 vendor/cookbooks/ntp/LICENSE
  244. +163 −0 vendor/cookbooks/ntp/README.md
  245. +19 −0 vendor/cookbooks/ntp/Rakefile
  246. +213 −0 vendor/cookbooks/ntp/TESTING.md
  247. +54 −0 vendor/cookbooks/ntp/attributes/default.rb
  248. +21 −0 vendor/cookbooks/ntp/attributes/ntpdate.rb
  249. +19 −0 vendor/cookbooks/ntp/chefignore
  250. +231 −0 vendor/cookbooks/ntp/files/default/ntp.leapseconds
  251. +117 −0 vendor/cookbooks/ntp/metadata.json
  252. +46 −0 vendor/cookbooks/ntp/metadata.rb
  253. +50 −0 vendor/cookbooks/ntp/recipes/default.rb
  254. +22 −0 vendor/cookbooks/ntp/recipes/disable.rb
  255. +36 −0 vendor/cookbooks/ntp/recipes/ntpdate.rb
  256. +36 −0 vendor/cookbooks/ntp/recipes/undo.rb
  257. +55 −0 vendor/cookbooks/ntp/templates/default/ntp.conf.erb
  258. +14 −0 vendor/cookbooks/ntp/templates/default/ntpdate.erb
  259. +22 −0 vendor/cookbooks/ohai/CHANGELOG.md
  260. +29 −0 vendor/cookbooks/ohai/CONTRIBUTING
  261. +201 −0 vendor/cookbooks/ohai/LICENSE
  262. +49 −0 vendor/cookbooks/ohai/README.md
  263. +24 −0 vendor/cookbooks/ohai/attributes/default.rb
  264. +1 −0  vendor/cookbooks/ohai/files/default/plugins/README
  265. +60 −0 vendor/cookbooks/ohai/metadata.json
  266. +23 −0 vendor/cookbooks/ohai/metadata.rb
  267. +52 −0 vendor/cookbooks/ohai/recipes/default.rb
  268. +3 −0  vendor/cookbooks/rbenv/Berksfile
  269. +5 −0 vendor/cookbooks/rbenv/Gemfile
  270. +201 −0 vendor/cookbooks/rbenv/LICENSE
  271. +155 −0 vendor/cookbooks/rbenv/README.md
  272. +96 −0 vendor/cookbooks/rbenv/Thorfile
  273. +62 −0 vendor/cookbooks/rbenv/Vagrantfile
  274. +31 −0 vendor/cookbooks/rbenv/attributes/default.rb
  275. +52 −0 vendor/cookbooks/rbenv/chefignore
  276. +93 −0 vendor/cookbooks/rbenv/libraries/chef_mixin_rbenv.rb
  277. +37 −0 vendor/cookbooks/rbenv/libraries/chef_mixin_ruby_build.rb
  278. +78 −0 vendor/cookbooks/rbenv/libraries/provider_rbenv_rubygems.rb
  279. +36 −0 vendor/cookbooks/rbenv/libraries/recipe_ext.rb
  280. +52 −0 vendor/cookbooks/rbenv/libraries/resource_ext.rb
  281. +21 −0 vendor/cookbooks/rbenv/metadata.rb
  282. +51 −0 vendor/cookbooks/rbenv/providers/ruby.rb
  283. +84 −0 vendor/cookbooks/rbenv/recipes/default.rb
  284. +36 −0 vendor/cookbooks/rbenv/recipes/ohai_plugin.rb
  285. +55 −0 vendor/cookbooks/rbenv/recipes/package_requirements.rb
  286. +30 −0 vendor/cookbooks/rbenv/recipes/rbenv_vars.rb
  287. +39 −0 vendor/cookbooks/rbenv/recipes/ruby_build.rb
  288. +37 −0 vendor/cookbooks/rbenv/resources/gem.rb
  289. +31 −0 vendor/cookbooks/rbenv/resources/ruby.rb
  290. +68 −0 vendor/cookbooks/rbenv/templates/default/plugins/rbenv.rb.erb
  291. +4 −0 vendor/cookbooks/rbenv/templates/default/rbenv.sh.erb
  292. +19 −0 vendor/cookbooks/runit/CHANGELOG.md
  293. +29 −0 vendor/cookbooks/runit/CONTRIBUTING
  294. +201 −0 vendor/cookbooks/runit/LICENSE
  295. +233 −0 vendor/cookbooks/runit/README.md
  296. +31 −0 vendor/cookbooks/runit/attributes/default.rb
  297. +189 −0 vendor/cookbooks/runit/definitions/runit_service.rb
  298. +1 −0  vendor/cookbooks/runit/files/default/runit.seed
  299. 0  vendor/cookbooks/runit/files/default/runsvdir
  300. +6 −0 vendor/cookbooks/runit/files/ubuntu-6.10/runsvdir
Sorry, we could not display the entire diff because too many files (414) changed.
View
25 .gitignore
@@ -1,18 +1,9 @@
-*.gem
-*.rbc
-.bundle
-.config
-coverage
-InstalledFiles
-lib/bundler/man
-pkg
-rdoc
-spec/reports
-test/tmp
-test/version_tmp
-tmp
+.vagrant
+.rvmrc
+.DS_STORE
-# YARD artifacts
-.yardoc
-_yardoc
-doc/
+# temporary file created by emacs
+.#*
+\#*
+
+vendor/tmp
View
22 Berksfile
@@ -0,0 +1,22 @@
+site :opscode
+
+# has been updated. check
+cookbook "apt"
+cookbook "build-essential"
+
+# dependency for rbenv
+cookbook "ohai"
+
+cookbook "ntp"
+cookbook "locale", github: "deepak/chef-locale", ref: "deepak/release/v1"
+
+cookbook "git"
+cookbook "rbenv", github: "deepak/rbenv-cookbook", ref: "deepak/release/v1"
+cookbook "newrelic-sysmond"
+
+# cookbook "mysql"
+
+# to check
+# Chef cookbooks to deal with minor annoyances for various operating systems
+# https://github.com/mattray/annoyances-cookbook
+#
View
13 Berksfile.lock
@@ -0,0 +1,13 @@
+cookbook 'apt', :locked_version => '1.8.0'
+cookbook 'build-essential', :locked_version => '1.3.2'
+cookbook 'ohai', :locked_version => '1.1.6'
+cookbook 'ntp', :locked_version => '1.3.2'
+cookbook 'locale', :git => 'git://github.com/deepak/chef-locale.git', :ref => 'deepak/release/v1'
+cookbook 'git', :locked_version => '2.1.2'
+cookbook 'rbenv', :git => 'git://github.com/deepak/rbenv-cookbook.git', :ref => 'deepak/release/v1'
+cookbook 'newrelic-sysmond', :locked_version => '1.2.1'
+cookbook 'dmg', :locked_version => '1.1.0'
+cookbook 'runit', :locked_version => '0.16.2'
+cookbook 'yum', :locked_version => '2.1.0'
+cookbook 'windows', :locked_version => '1.7.0'
+cookbook 'chef_handler', :locked_version => '1.1.4'
View
221 Capfile
@@ -0,0 +1,221 @@
+#
+# Chef-Solo Capistrano Bootstrap
+#
+# usage:
+# SERVER_NAME=<server-name> cap chef:bootstrap
+# <server-name> is an entry in dna/nodes.yml
+# the dna file is tried at dna/#{server-name}.json
+# otherwise the default is taken at dna.json
+#
+
+# sequence of commands
+# 1. run once
+# SERVER_NAME=server1.acme.com cap chef:ssh_copy_id
+# 2. SERVER_NAME=server1.acme.com cap chef:init_serv
+# 3. SERVER_NAME=server1.acme.com cap chef:bootstrap
+
+# TODO:
+# SERVER_NAME=all cap chef:bootstrap
+
+require 'yaml'
+
+# configuration
+default_run_options[:pty] = true # fix to display interactive password prompts
+
+# enable ssh port-forwarding. this way do not need to authenticate
+# every node to github. the key only needs to exist on one machine
+ssh_options[:forward_agent] = true
+ssh_options[:keys] = [File.join(ENV["HOME"], ".ssh", "id_rsa")]
+
+def usage
+ puts <<-USAGE
+ usage:
+ SERVER_NAME=<server-name> cap chef:bootstrap
+
+ <server-name> is an entry in dna/nodes.yml
+ the dna file is tried at dna/#{server-name}.json
+ otherwise the default is taken at dna.json
+ USAGE
+end
+
+NODES = YAML.load_file('dna/nodes.yml')
+
+set :user, "root"
+set :port, 22
+
+node_fqdn = ENV['SERVER_NAME']
+target = NODES[node_fqdn] && NODES[node_fqdn]["ip_address"]
+
+#if "all" == node_fqdn
+# target = NODES.map {|_,v| v["ip_address"] }.uniq.compact
+#end
+
+if target
+ puts "node ip-address is #{target.inspect}"
+else
+ puts "[ERROR] CLI arguments not proper"
+ usage
+ return
+end
+role :target, target
+
+if File.exists?("dna/#{node_fqdn}.json")
+ dna_file = "dna/#{node_fqdn}.json"
+else
+ puts "default dna.json"
+ dna_file = "dna.json"
+end
+
+namespace :chef do
+
+ desc "Initialize a fresh Ubuntu 12.04 LTS install for chef"
+ task :init_server, roles: :target do
+ # create users, groups, upload pubkey, etc.
+
+ # not idempotent. run it manually once
+ # ssh_copy_id
+
+ configure_gemrc
+ install_packages
+
+ status, msg = add_to_known_host "github.com"
+ unless status
+ puts "[ERROR] #{msg}"
+ next
+ end
+
+ install_chef
+ create_chef_cookbook
+ end
+
+ # NOTE: not idempotent. do not care as the first cgef run will
+ # override it anyways
+ desc "install your public key in a remote machine's authorized_keys"
+ task :ssh_copy_id, roles: :target do
+ find_servers_for_task(current_task).each do |server|
+ puts `ssh-copy-id #{user}@#{server}`
+ end
+ end
+
+ # desc "install your public key in a remote machine's authorized_keys"
+ # task :ssh_copy_id, roles: :target do
+ # pub_key = `cat ~/.ssh/id_rsa.pub`
+ # conf_file = "~/.ssh/authorized-keys"
+ # # cat ~/.ssh/id_dsa.pub | ssh user@remotehost "cat - >> ~/.ssh/authorized_keys"
+ # run "echo '#{pub_key.shellescape} | sort -u - #{conf_file} > /tmp/ssh"
+ # end
+
+ desc "Bootstrap an Ubuntu 12.04 server and kick-start Chef-Solo"
+ task :bootstrap, roles: :target do
+ sync_chef_cookbook
+ run_chef
+ puts "chef:bootstrap done"
+ end
+
+ desc "create chef cookbook to /vagrant"
+ task :create_chef_cookbook, roles: :target do
+ begin
+ run "git clone --quiet https://github.com/deepak/chef_cookbooks.git /vagrant && echo 'git clone done'"
+ rescue Capistrano::Error
+ puts "handeling create_chef_cookbook. most probably /vagrant dir already exists"
+ sync_chef_cookbook
+ end
+ end
+
+ desc "sync chef cookbook with its git url"
+ task :sync_chef_cookbook, roles: :target do
+ run "cd /vagrant && git pull --quiet --rebase"
+ end
+
+ task :install_chef, roles: :target do
+ run "curl -L https://www.opscode.com/chef/install.sh | sudo bash"
+ end
+
+ task :run_chef, roles: :target do
+ run "cd /vagrant && ./bin/chef"
+ end
+
+ # chef is distributed as gem. we do not want to download ri and rdoc
+ # files. for faster download as network IO will be reduced
+ task :configure_gemrc, roles: :target do
+ gemrc = <<-CONFIG
+install: --no-rdoc --no-ri
+update: --no-rdoc --no-ri
+CONFIG
+ run "echo '#{gemrc}' > ~/.gemrc"
+ end
+
+ # needed to install chef
+ task :install_packages, roles: :target do
+ mrun [
+ "apt-get install -y --quiet curl",
+ "apt-get install -y --quiet git"
+ ]
+ end
+end
+
+# helpers
+def sudo_env(cmd)
+ run "#{sudo} -i #{cmd}"
+end
+
+def msudo(cmds)
+ cmds.each do |cmd|
+ sudo cmd
+ end
+end
+
+def mrun(cmds)
+ cmds.each do |cmd|
+ run cmd
+ end
+end
+
+def rsync(from, to)
+ find_servers_for_task(current_task).each do |server|
+ puts `rsync -avz -e "ssh -p#{port}" "#{from}" "#{ENV['USER']}@#{server}:#{to}" \
+ --exclude ".svn" --exclude ".git"`
+ end
+end
+
+def bash(cmd)
+ run %Q(echo "#{cmd}" > /tmp/bash)
+ run "sh /tmp/bash"
+ #run "rm /tmp/bash"
+end
+
+def bash_sudo(cmd)
+ run %Q(echo "#{cmd}" > /tmp/bash)
+ sudo_env "sh /tmp/bash"
+ run "rm /tmp/bash"
+end
+
+# http://community.opscode.com/cookbooks/known_host/source
+# http://serverfault.com/questions/132970/can-i-automatically-add-a-new-host-to-known-hosts
+def add_to_known_host host
+ key = `ssh-keyscan -H #{host} 2>&1`
+ comment = key.split("\n").first
+
+ if key =~ /^getaddrinfo/
+ return [false, "Could not resolve #{host}"]
+ end
+
+ conf_file = "/etc/ssh/ssh_known_hosts"
+
+ # adds only if not already added
+ mrun [
+ "touch #{conf_file}",
+ "ssh-keyscan -H #{host} 2>&1 | sort -u - #{conf_file} > #{conf_file}"
+ ]
+
+ # "ssh-keyscan -t rsa,dsa #{host} 2>&1 | sort -u - #{conf_file} > #{conf_file}"
+ #run "[ ! -s #{conf_file} ] && echo '# This file must contain at least one line. This is that line.' > #{conf_file}"
+ #run "if ! grep -q '#{host}' #{conf_file}; then echo '#{key}' >> #{conf_file}; fi"
+
+ [true, "#{host} resolved"]
+end
+
+# https://help.github.com/articles/generating-ssh-keys
+def verify_github_added_to_known_host host
+ run "ssh -T git@github.com"
+end
View
34 Gemfile
@@ -0,0 +1,34 @@
+# A sample Gemfile
+source "https://rubygems.org"
+
+group :system_setup do
+ gem "chef", "~> 10.16.2"
+ gem "chefspec", "~> 0.9.0"
+ gem "foodcritic", "~> 1.7.0"
+ gem "berkshelf", "~> 1.1.2"
+end
+
+group :vagrant do
+ gem "vagrant", "~> 1.0.5"
+ gem "vagrant-list", "~> 0.0.5"
+end
+
+# one time setup of: vagrant box
+group :master_setup do
+ gem "veewee", "~> 0.3.1"
+ gem "fpm", "~> 0.4.6"
+end
+
+group :deployment do
+ gem "capistrano", "~> 2.14.1"
+end
+
+# berkshelf git master has some failing tests and the last release was
+# broken. check after some time. managing external cookbooks manually
+# for now
+# Bundler could not find compatible versions for gem "thor":
+# In Gemfile:
+# berkshelf (>= 0) ruby depends on
+# thor (~> 0.15.2) ruby
+# veewee (>= 0) ruby depends on
+# thor (0.16.0)
View
259 Gemfile.lock
@@ -0,0 +1,259 @@
+GEM
+ remote: https://rubygems.org/
+ specs:
+ CFPropertyList (2.0.17)
+ libxml-ruby (>= 1.1.0)
+ rake (>= 0.7.0)
+ Platform (0.4.0)
+ activemodel (3.2.11)
+ activesupport (= 3.2.11)
+ builder (~> 3.0.0)
+ activesupport (3.2.11)
+ i18n (~> 0.6)
+ multi_json (~> 1.0)
+ addressable (2.3.2)
+ ansi (1.3.0)
+ archive-tar-minitar (0.5.2)
+ arr-pm (0.0.7)
+ cabin (> 0)
+ backports (2.3.0)
+ berkshelf (1.1.2)
+ activesupport
+ chef (>= 10.16.2)
+ chozo (>= 0.2.3)
+ hashie
+ minitar
+ multi_json (>= 1.3.0)
+ ridley (>= 0.6.3)
+ solve (>= 0.4.0.rc1)
+ thor (~> 0.16.0)
+ vagrant (~> 1.0.5)
+ yajl-ruby
+ builder (3.0.4)
+ bunny (0.7.9)
+ cabin (0.4.4)
+ json
+ capistrano (2.14.2)
+ highline
+ net-scp (>= 1.0.0)
+ net-sftp (>= 2.0.0)
+ net-ssh (>= 2.0.14)
+ net-ssh-gateway (>= 1.1.0)
+ celluloid (0.12.4)
+ facter (>= 1.6.12)
+ timers (>= 1.0.0)
+ chef (10.16.6)
+ bunny (>= 0.6.0, < 0.8.0)
+ erubis
+ highline (>= 1.6.9)
+ json (>= 1.4.4, <= 1.6.1)
+ mixlib-authentication (>= 1.3.0)
+ mixlib-cli (>= 1.1.0)
+ mixlib-config (>= 1.1.2)
+ mixlib-log (>= 1.3.0)
+ mixlib-shellout
+ moneta (< 0.7.0)
+ net-ssh (~> 2.2.2)
+ net-ssh-multi (~> 1.1.0)
+ ohai (>= 0.6.0)
+ rest-client (>= 1.0.4, < 1.7.0)
+ treetop (~> 1.4.9)
+ uuidtools
+ yajl-ruby (~> 1.1)
+ chefspec (0.9.0)
+ chef (>= 0.9.12)
+ erubis
+ minitest-chef-handler (~> 0.6.0)
+ rspec (~> 2.11.0)
+ childprocess (0.3.6)
+ ffi (~> 1.0, >= 1.0.6)
+ chozo (0.4.2)
+ activesupport (>= 3.2.0)
+ hashie
+ multi_json (>= 1.3.0)
+ ci_reporter (1.7.3)
+ builder (>= 2.1.2)
+ clamp (0.5.0)
+ coderay (1.0.8)
+ cucumber (1.2.1)
+ builder (>= 2.1.2)
+ diff-lcs (>= 1.1.3)
+ gherkin (~> 2.11.0)
+ json (>= 1.4.6)
+ diff-lcs (1.1.3)
+ erubis (2.7.0)
+ excon (0.16.10)
+ facter (1.6.17)
+ faraday (0.8.4)
+ multipart-post (~> 1.1)
+ ffi (1.3.1)
+ fission (0.4.0)
+ CFPropertyList (~> 2.0.17)
+ fog (1.7.0)
+ builder
+ excon (~> 0.14)
+ formatador (~> 0.2.0)
+ mime-types
+ multi_json (~> 1.0)
+ net-scp (~> 1.0.4)
+ net-ssh (>= 2.1.3)
+ nokogiri (~> 1.5.0)
+ ruby-hmac
+ foodcritic (1.7.0)
+ erubis
+ gherkin (~> 2.11.1)
+ gist (~> 3.1.0)
+ nokogiri (~> 1.5.4)
+ pry (~> 0.9.8.4)
+ rak (~> 1.4)
+ treetop (~> 1.4.10)
+ yajl-ruby (~> 1.1.0)
+ formatador (0.2.4)
+ fpm (0.4.6)
+ arr-pm (~> 0.0.7)
+ backports (= 2.3.0)
+ cabin (~> 0.4.3)
+ clamp
+ json
+ gherkin (2.11.5)
+ json (>= 1.4.6)
+ gist (3.1.1)
+ grit (2.5.0)
+ diff-lcs (~> 1.1)
+ mime-types (~> 1.15)
+ posix-spawn (~> 0.3.6)
+ hashie (1.2.0)
+ highline (1.6.15)
+ i18n (0.6.1)
+ ipaddress (0.8.0)
+ json (1.5.4)
+ libxml-ruby (2.3.3)
+ log4r (1.1.10)
+ method_source (0.7.1)
+ mime-types (1.19)
+ minitar (0.5.4)
+ minitest (4.3.0)
+ minitest-chef-handler (0.6.3)
+ chef
+ ci_reporter
+ minitest
+ mixlib-authentication (1.3.0)
+ mixlib-log
+ mixlib-cli (1.3.0)
+ mixlib-config (1.1.2)
+ mixlib-log (1.4.1)
+ mixlib-shellout (1.1.0)
+ moneta (0.6.0)
+ multi_json (1.5.0)
+ multipart-post (1.1.5)
+ net-http-persistent (2.8)
+ net-scp (1.0.4)
+ net-ssh (>= 1.99.1)
+ net-sftp (2.0.5)
+ net-ssh (>= 2.0.9)
+ net-ssh (2.2.2)
+ net-ssh-gateway (1.1.0)
+ net-ssh (>= 1.99.1)
+ net-ssh-multi (1.1)
+ net-ssh (>= 2.1.4)
+ net-ssh-gateway (>= 0.99.0)
+ nokogiri (1.5.6)
+ ohai (6.16.0)
+ ipaddress
+ mixlib-cli
+ mixlib-config
+ mixlib-log
+ mixlib-shellout
+ systemu
+ yajl-ruby
+ open4 (1.3.0)
+ polyglot (0.3.3)
+ popen4 (0.1.2)
+ Platform (>= 0.4.0)
+ open4 (>= 0.4.0)
+ posix-spawn (0.3.6)
+ progressbar (0.11.0)
+ pry (0.9.8.4)
+ coderay (~> 1.0.5)
+ method_source (~> 0.7.1)
+ slop (>= 2.4.4, < 3)
+ rak (1.4)
+ rake (10.0.3)
+ rest-client (1.6.7)
+ mime-types (>= 1.16)
+ ridley (0.6.3)
+ activemodel (>= 3.2.0)
+ activesupport (>= 3.2.0)
+ addressable
+ celluloid
+ chozo (>= 0.2.2)
+ erubis
+ faraday
+ json (>= 1.5.0)
+ mixlib-authentication
+ mixlib-log
+ multi_json (>= 1.0.4)
+ net-http-persistent (>= 2.8)
+ net-ssh
+ rspec (2.11.0)
+ rspec-core (~> 2.11.0)
+ rspec-expectations (~> 2.11.0)
+ rspec-mocks (~> 2.11.0)
+ rspec-core (2.11.1)
+ rspec-expectations (2.11.3)
+ diff-lcs (~> 1.1.3)
+ rspec-mocks (2.11.3)
+ ruby-hmac (0.4.0)
+ ruby-vnc (1.0.1)
+ slop (2.4.4)
+ solve (0.4.1)
+ json
+ systemu (2.5.2)
+ thor (0.16.0)
+ timers (1.1.0)
+ treetop (1.4.12)
+ polyglot
+ polyglot (>= 0.3.1)
+ uuidtools (2.1.3)
+ vagrant (1.0.5)
+ archive-tar-minitar (= 0.5.2)
+ childprocess (~> 0.3.1)
+ erubis (~> 2.7.0)
+ i18n (~> 0.6.0)
+ json (~> 1.5.1)
+ log4r (~> 1.1.9)
+ net-scp (~> 1.0.4)
+ net-ssh (~> 2.2.2)
+ vagrant-list (0.0.5)
+ vagrant
+ veewee (0.3.1)
+ ansi (~> 1.3.0)
+ childprocess
+ cucumber (>= 1.0.0)
+ fission (= 0.4.0)
+ fog (~> 1.4)
+ grit
+ highline
+ i18n
+ net-ssh (~> 2.2.0)
+ popen4 (~> 0.1.2)
+ progressbar
+ rspec (~> 2.5)
+ ruby-vnc (~> 1.0.0)
+ thor (> 0.14)
+ vagrant (>= 0.9)
+ yajl-ruby (1.1.0)
+
+PLATFORMS
+ ruby
+
+DEPENDENCIES
+ berkshelf (~> 1.1.2)
+ capistrano (~> 2.14.1)
+ chef (~> 10.16.2)
+ chefspec (~> 0.9.0)
+ foodcritic (~> 1.7.0)
+ fpm (~> 0.4.6)
+ vagrant (~> 1.0.5)
+ vagrant-list (~> 0.0.5)
+ veewee (~> 0.3.1)
View
6 README.md
@@ -1,4 +1,6 @@
-milaap_chef_cookbooks
+chef_cookbooks
=====================
-Chef Cookbooks in use at milaap.org. uses chef-solo
+uses chef-solo
+
+
View
21 Rakefile
@@ -0,0 +1,21 @@
+require 'rspec'
+require 'rspec/core/rake_task'
+require 'foodcritic'
+
+desc "Run all examples"
+RSpec::Core::RakeTask.new(:spec) do |t|
+ t.pattern = 'cookbooks/*/spec/*_spec.rb'
+ t.rspec_opts = %w[--color]
+end
+
+task :default => [:spec]
+
+task :default => [:foodcritic]
+FoodCritic::Rake::LintTask.new do |t|
+ t.files = 'cookbooks'
+end
+
+# uninstall all gems
+# gem list | cut -d" " -f1 | xargs gem uninstall -aIx
+
+# TODO: extract TODO snippets from ./cookbooks
View
37 Vagrantfile
@@ -0,0 +1,37 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+Vagrant::Config.run do |config|
+ # All Vagrant configuration is done here. The most common configuration
+ # options are documented and commented below. For a complete reference,
+ # please see the online documentation at vagrantup.com.
+
+ # Every Vagrant virtual environment requires a box to build off of.
+ config.vm.box = "precise64-ruby193"
+
+ # Assign this VM to a host-only network IP, allowing you to access it
+ # via the IP. Host-only networks can talk to the host machine as well as
+ # any other machines on the same network, but cannot be accessed (through this
+ # network interface) by any external networks.
+ config.vm.network :hostonly, "192.168.33.10"
+
+ # Assign this VM to a bridged network, allowing you to connect directly to a
+ # network using the host's network device. This makes the VM appear as another
+ # physical device on your network.
+ # config.vm.network :bridged
+
+ # Forward a port from the guest to the host, which allows for outside
+ # computers to access the VM, whereas host only networking does not.
+ # config.vm.forward_port 80, 8080
+
+ # TODO: mount on /etc/chef/cookbooks. because the folder structure will
+ # |_cookbooks
+ # |_data_bags
+ # |_environments
+
+ # Share an additional folder to the guest VM. The first argument is
+ # an identifier, the second is the path on the guest to mount the
+ # folder, and the third is the path on the host to the actual folder.
+ config.vm.share_folder "v-cookbooks", "/cookbooks", "./cookbooks"
+ config.vm.share_folder "v-vendor", "/vendor", "./vendor"
+end
View
17 bin/chef
@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+
+# will run as root
+# --log_level debug
+
+if [ -s /etc/profile.d/rbenv.sh ]; then
+ source /etc/profile.d/rbenv.sh
+fi
+
+# can pass-in variables like
+# CHEF_DEPLOY_USER=deployer
+# and access it in ruby (role files etc)
+# like ENV['CHEF_DEPLOY_USER']
+
+# /etc/chef/solo.rb is the default but we are running it at /vagrant
+# TODO: temporary measure. not needed on production
+chef-solo --config `pwd -L | tr -d "\n"`/solo.rb -j dna.json
View
2  bin/post_install.sh
@@ -0,0 +1,2 @@
+bundle exec berks install --path vendor/cookbooks
+bundle pack
View
1  cookbooks/bundler/attributes/bundler.rb
@@ -0,0 +1 @@
+default.bundler[:version] = '1.2.3'
View
7 cookbooks/bundler/metadata.rb
@@ -0,0 +1,7 @@
+name "bundler"
+maintainer "Deepak Kannan"
+maintainer_email "kannan.deepak@gmail.com"
+description "installs bundler"
+version "0.0.1"
+
+depends "ruby"
View
3  cookbooks/bundler/recipes/default.rb
@@ -0,0 +1,3 @@
+rbenv_gem "bundler" do
+ ruby_version node['ruby']['app']['version']
+end
View
1  cookbooks/nginx/README.md
@@ -0,0 +1 @@
+Install ngixn via APT using an Ubuntu PPA
View
1  cookbooks/nginx/attributes/nginx.rb
@@ -0,0 +1 @@
+default['nginx']['worker_processes'] = 4
View
25 cookbooks/nginx/files/backup/nginx-1.2.4/fastcgi_params
@@ -0,0 +1,25 @@
+fastcgi_param QUERY_STRING $query_string;
+fastcgi_param REQUEST_METHOD $request_method;
+fastcgi_param CONTENT_TYPE $content_type;
+fastcgi_param CONTENT_LENGTH $content_length;
+
+fastcgi_param SCRIPT_FILENAME $request_filename;
+fastcgi_param SCRIPT_NAME $fastcgi_script_name;
+fastcgi_param REQUEST_URI $request_uri;
+fastcgi_param DOCUMENT_URI $document_uri;
+fastcgi_param DOCUMENT_ROOT $document_root;
+fastcgi_param SERVER_PROTOCOL $server_protocol;
+
+fastcgi_param GATEWAY_INTERFACE CGI/1.1;
+fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
+
+fastcgi_param REMOTE_ADDR $remote_addr;
+fastcgi_param REMOTE_PORT $remote_port;
+fastcgi_param SERVER_ADDR $server_addr;
+fastcgi_param SERVER_PORT $server_port;
+fastcgi_param SERVER_NAME $server_name;
+
+fastcgi_param HTTPS $https;
+
+# PHP only, required if PHP was built with --enable-force-cgi-redirect
+fastcgi_param REDIRECT_STATUS 200;
View
108 cookbooks/nginx/files/backup/nginx-1.2.4/koi-utf
@@ -0,0 +1,108 @@
+# This map is not a full koi8-r <> utf8 map: it does not contain
+# box-drawing and some other characters. Besides this map contains
+# several koi8-u and Byelorussian letters which are not in koi8-r.
+# If you need a full and standard map, use contrib/unicode2nginx/koi-utf
+# map instead.
+
+charset_map koi8-r utf-8 {
+
+ 80 E282AC; # euro
+
+ 95 E280A2; # bullet
+
+ 9A C2A0; # &nbsp;
+
+ 9E C2B7; # &middot;
+
+ A3 D191; # small yo
+ A4 D194; # small Ukrainian ye
+
+ A6 D196; # small Ukrainian i
+ A7 D197; # small Ukrainian yi
+
+ AD D291; # small Ukrainian soft g
+ AE D19E; # small Byelorussian short u
+
+ B0 C2B0; # &deg;
+
+ B3 D081; # capital YO
+ B4 D084; # capital Ukrainian YE
+
+ B6 D086; # capital Ukrainian I
+ B7 D087; # capital Ukrainian YI
+
+ B9 E28496; # numero sign
+
+ BD D290; # capital Ukrainian soft G
+ BE D18E; # capital Byelorussian short U
+
+ BF C2A9; # (C)
+
+ C0 D18E; # small yu
+ C1 D0B0; # small a
+ C2 D0B1; # small b
+ C3 D186; # small ts
+ C4 D0B4; # small d
+ C5 D0B5; # small ye
+ C6 D184; # small f
+ C7 D0B3; # small g
+ C8 D185; # small kh
+ C9 D0B8; # small i
+ CA D0B9; # small j
+ CB D0BA; # small k
+ CC D0BB; # small l
+ CD D0BC; # small m
+ CE D0BD; # small n
+ CF D0BE; # small o
+
+ D0 D0BF; # small p
+ D1 D18F; # small ya
+ D2 D180; # small r
+ D3 D181; # small s
+ D4 D182; # small t
+ D5 D183; # small u
+ D6 D0B6; # small zh
+ D7 D0B2; # small v
+ D8 D18C; # small soft sign
+ D9 D18B; # small y
+ DA D0B7; # small z
+ DB D188; # small sh
+ DC D18D; # small e
+ DD D189; # small shch
+ DE D187; # small ch
+ DF D18A; # small hard sign
+
+ E0 D0AE; # capital YU
+ E1 D090; # capital A
+ E2 D091; # capital B
+ E3 D0A6; # capital TS
+ E4 D094; # capital D
+ E5 D095; # capital YE
+ E6 D0A4; # capital F
+ E7 D093; # capital G
+ E8 D0A5; # capital KH
+ E9 D098; # capital I
+ EA D099; # capital J
+ EB D09A; # capital K
+ EC D09B; # capital L
+ ED D09C; # capital M
+ EE D09D; # capital N
+ EF D09E; # capital O
+
+ F0 D09F; # capital P
+ F1 D0AF; # capital YA
+ F2 D0A0; # capital R
+ F3 D0A1; # capital S
+ F4 D0A2; # capital T
+ F5 D0A3; # capital U
+ F6 D096; # capital ZH
+ F7 D092; # capital V
+ F8 D0AC; # capital soft sign
+ F9 D0AB; # capital Y
+ FA D097; # capital Z
+ FB D0A8; # capital SH
+ FC D0AD; # capital E
+ FD D0A9; # capital SHCH
+ FE D0A7; # capital CH
+ FF D0AA; # capital hard sign
+}
View
102 cookbooks/nginx/files/backup/nginx-1.2.4/koi-win
@@ -0,0 +1,102 @@
+charset_map koi8-r windows-1251 {
+
+ 80 88; # euro
+
+ 95 95; # bullet
+
+ 9A A0; # &nbsp;
+
+ 9E B7; # &middot;
+
+ A3 B8; # small yo
+ A4 BA; # small Ukrainian ye
+
+ A6 B3; # small Ukrainian i
+ A7 BF; # small Ukrainian yi
+
+ AD B4; # small Ukrainian soft g
+ AE A2; # small Byelorussian short u
+
+ B0 B0; # &deg;
+
+ B3 A8; # capital YO
+ B4 AA; # capital Ukrainian YE
+
+ B6 B2; # capital Ukrainian I
+ B7 AF; # capital Ukrainian YI
+
+ B9 B9; # numero sign
+
+ BD A5; # capital Ukrainian soft G
+ BE A1; # capital Byelorussian short U
+
+ BF A9; # (C)
+
+ C0 FE; # small yu
+ C1 E0; # small a
+ C2 E1; # small b
+ C3 F6; # small ts
+ C4 E4; # small d
+ C5 E5; # small ye
+ C6 F4; # small f
+ C7 E3; # small g
+ C8 F5; # small kh
+ C9 E8; # small i
+ CA E9; # small j
+ CB EA; # small k
+ CC EB; # small l
+ CD EC; # small m
+ CE ED; # small n
+ CF EE; # small o
+
+ D0 EF; # small p
+ D1 FF; # small ya
+ D2 F0; # small r
+ D3 F1; # small s
+ D4 F2; # small t
+ D5 F3; # small u
+ D6 E6; # small zh
+ D7 E2; # small v
+ D8 FC; # small soft sign
+ D9 FB; # small y
+ DA E7; # small z
+ DB F8; # small sh
+ DC FD; # small e
+ DD F9; # small shch
+ DE F7; # small ch
+ DF FA; # small hard sign
+
+ E0 DE; # capital YU
+ E1 C0; # capital A
+ E2 C1; # capital B
+ E3 D6; # capital TS
+ E4 C4; # capital D
+ E5 C5; # capital YE
+ E6 D4; # capital F
+ E7 C3; # capital G
+ E8 D5; # capital KH
+ E9 C8; # capital I
+ EA C9; # capital J
+ EB CA; # capital K
+ EC CB; # capital L
+ ED CC; # capital M
+ EE CD; # capital N
+ EF CE; # capital O
+
+ F0 CF; # capital P
+ F1 DF; # capital YA
+ F2 D0; # capital R
+ F3 D1; # capital S
+ F4 D2; # capital T
+ F5 D3; # capital U
+ F6 C6; # capital ZH
+ F7 C2; # capital V
+ F8 DC; # capital soft sign
+ F9 DB; # capital Y
+ FA C7; # capital Z
+ FB D8; # capital SH
+ FC DD; # capital E
+ FD D9; # capital SHCH
+ FE D7; # capital CH
+ FF DA; # capital hard sign
+}
View
79 cookbooks/nginx/files/backup/nginx-1.2.4/mime.types
@@ -0,0 +1,79 @@
+types {
+ text/html html htm shtml;
+ text/css css;
+ text/xml xml rss;
+ image/gif gif;
+ image/jpeg jpeg jpg;
+ application/x-javascript js;
+ application/atom+xml atom;
+
+ text/mathml mml;
+ text/plain txt;
+ text/vnd.sun.j2me.app-descriptor jad;
+ text/vnd.wap.wml wml;
+ text/x-component htc;
+
+ image/png png;
+ image/tiff tif tiff;
+ image/vnd.wap.wbmp wbmp;
+ image/x-icon ico;
+ image/x-jng jng;
+ image/x-ms-bmp bmp;
+ image/svg+xml svg svgz;
+
+ application/java-archive jar war ear;
+ application/json json;
+ application/mac-binhex40 hqx;
+ application/msword doc;
+ application/pdf pdf;
+ application/postscript ps eps ai;
+ application/rtf rtf;
+ application/vnd.ms-excel xls;
+ application/vnd.ms-powerpoint ppt;
+ application/vnd.wap.wmlc wmlc;
+ application/vnd.google-earth.kml+xml kml;
+ application/vnd.google-earth.kmz kmz;
+ application/x-7z-compressed 7z;
+ application/x-cocoa cco;
+ application/x-java-archive-diff jardiff;
+ application/x-java-jnlp-file jnlp;
+ application/x-makeself run;
+ application/x-perl pl pm;
+ application/x-pilot prc pdb;
+ application/x-rar-compressed rar;
+ application/x-redhat-package-manager rpm;
+ application/x-sea sea;
+ application/x-shockwave-flash swf;
+ application/x-stuffit sit;
+ application/x-tcl tcl tk;
+ application/x-x509-ca-cert der pem crt;
+ application/x-xpinstall xpi;
+ application/xhtml+xml xhtml;
+ application/zip zip;
+
+ application/octet-stream bin exe dll;
+ application/octet-stream deb;
+ application/octet-stream dmg;
+ application/octet-stream eot;
+ application/octet-stream iso img;
+ application/octet-stream msi msp msm;
+ application/ogg ogx;
+
+ audio/midi mid midi kar;
+ audio/mpeg mpga mpega mp2 mp3 m4a;
+ audio/ogg oga ogg spx;
+ audio/x-realaudio ra;
+ audio/webm weba;
+
+ video/3gpp 3gpp 3gp;
+ video/mp4 mp4;
+ video/mpeg mpeg mpg mpe;
+ video/ogg ogv;
+ video/quicktime mov;
+ video/webm webm;
+ video/x-flv flv;
+ video/x-mng mng;
+ video/x-ms-asf asx asf;
+ video/x-ms-wmv wmv;
+ video/x-msvideo avi;
+}
View
13 cookbooks/nginx/files/backup/nginx-1.2.4/naxsi.rules
@@ -0,0 +1,13 @@
+# Sample rules file for default vhost.
+
+LearningMode;
+SecRulesEnabled;
+#SecRulesDisabled;
+DeniedUrl "/RequestDenied";
+
+## check rules
+CheckRule "$SQL >= 8" BLOCK;
+CheckRule "$RFI >= 8" BLOCK;
+CheckRule "$TRAVERSAL >= 4" BLOCK;
+CheckRule "$EVADE >= 4" BLOCK;
+CheckRule "$XSS >= 8" BLOCK;
View
75 cookbooks/nginx/files/backup/nginx-1.2.4/naxsi_core.rules
@@ -0,0 +1,75 @@
+##################################
+## INTERNAL RULES IDS:1-10 ##
+##################################
+#weird_request : 1
+#big_body : 2
+#no_content_type : 3
+
+#MainRule "str:yesone" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:42" id:1999;
+
+##################################
+## SQL Injections IDs:1000-1099 ##
+##################################
+MainRule "rx:select|union|update|delete|insert|table|from|ascii|hex|unhex" "msg:sql keywords" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1000;
+MainRule "str:\"" "msg:double quote" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1001;
+MainRule "str:0x" "msg:0x, possible hex encoding" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:2" id:1002;
+## Hardcore rules
+MainRule "str:/*" "msg:mysql comment (/*)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1003;
+MainRule "str:*/" "msg:mysql comment (*/)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1004;
+MainRule "str:|" "msg:mysql keyword (|)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005;
+MainRule "rx:&&" "msg:mysql keyword (&&)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1006;
+## end of hardcore rules
+MainRule "str:--" "msg:mysql comment (--)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1007;
+MainRule "str:;" "msg:; in stuff" "mz:BODY|URL|ARGS" "s:$SQL:4" id:1008;
+MainRule "str:=" "msg:equal in var, probable sql/xss" "mz:ARGS|BODY" "s:$SQL:2" id:1009;
+MainRule "str:(" "msg:parenthesis, probable sql/xss" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1010;
+MainRule "str:)" "msg:parenthesis, probable sql/xss" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1011;
+MainRule "str:'" "msg:simple quote" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1013;
+MainRule "str:\"" "msg:double quote" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1014;
+MainRule "str:," "msg:, in stuff" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1015;
+MainRule "str:#" "msg:mysql comment (#)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1016;
+
+###############################
+## OBVIOUS RFI IDs:1100-1199 ##
+###############################
+MainRule "str:http://" "msg:html comment tag" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1100;
+MainRule "str:https://" "msg:html comment tag" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1101;
+MainRule "str:ftp://" "msg:html comment tag" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1102;
+MainRule "str:php://" "msg:html comment tag" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1103;
+
+#######################################
+## Directory traversal IDs:1200-1299 ##
+#######################################
+MainRule "str:.." "msg:html comment tag" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1200;
+MainRule "str:/etc/passwd" "msg:html comment tag" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1202;
+MainRule "str:c:\\" "msg:html comment tag" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1203;
+MainRule "str:cmd.exe" "msg:html comment tag" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1204;
+MainRule "str:\\" "msg:html comment tag" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1205;
+#MainRule "str:/" "msg:slash in args" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:2" id:1206;
+########################################
+## Cross Site Scripting IDs:1300-1399 ##
+########################################
+MainRule "str:<" "msg:html open tag" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1302;
+MainRule "str:>" "msg:html close tag" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1303;
+MainRule "str:'" "msg:simple quote" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1306;
+MainRule "str:\"" "msg:double quote" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1307;
+MainRule "str:(" "msg:parenthesis" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1308;
+MainRule "str:)" "msg:parenthesis" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1309;
+MainRule "str:[" "msg:html close comment tag" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1310;
+MainRule "str:]" "msg:html close comment tag" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
+MainRule "str:~" "msg:html close comment tag" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
+MainRule "str:;" "msg:semi coma" "mz:ARGS|URL|BODY" "s:$XSS:8" id:1313;
+MainRule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
+MainRule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
+
+####################################
+## Evading tricks IDs: 1400-1500 ##
+####################################
+MainRule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
+MainRule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
+MainRule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
+
+#############################
+## File uploads: 1500-1600 ##
+#############################
+MainRule "rx:.ph*|.asp*" "msg:asp/php file upload!" "mz:FILE_EXT" "s:$UPLOAD:8" id:1500;
View
95 cookbooks/nginx/files/backup/nginx-1.2.4/nginx.conf
@@ -0,0 +1,95 @@
+user www-data;
+worker_processes 4;
+pid /var/run/nginx.pid;
+
+events {
+ worker_connections 768;
+ # multi_accept on;
+}
+
+http {
+
+ ##
+ # Basic Settings
+ ##
+
+ sendfile on;
+ tcp_nopush on;
+ tcp_nodelay on;
+ keepalive_timeout 65;
+ types_hash_max_size 2048;
+ # server_tokens off;
+
+ # server_names_hash_bucket_size 64;
+ # server_name_in_redirect off;
+
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+
+ ##
+ # Logging Settings
+ ##
+
+ access_log /var/log/nginx/access.log;
+ error_log /var/log/nginx/error.log;
+
+ ##
+ # Gzip Settings
+ ##
+
+ gzip on;
+ gzip_disable "msie6";
+
+ # gzip_vary on;
+ # gzip_proxied any;
+ # gzip_comp_level 6;
+ # gzip_buffers 16 8k;
+ # gzip_http_version 1.1;
+ # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+
+ ##
+ # nginx-naxsi config
+ ##
+ # Uncomment it if you installed nginx-naxsi
+ ##
+
+ #include /etc/nginx/naxsi_core.rules;
+
+ ##
+ # nginx-passenger config
+ ##
+ # Uncomment it if you installed nginx-passenger
+ ##
+
+ #passenger_root /usr;
+ #passenger_ruby /usr/bin/ruby;
+
+ ##
+ # Virtual Host Configs
+ ##
+
+ include /etc/nginx/conf.d/*.conf;
+ include /etc/nginx/sites-enabled/*;
+}
+
+
+#mail {
+# # See sample authentication script at:
+# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
+#
+# # auth_http localhost/auth.php;
+# # pop3_capabilities "TOP" "USER";
+# # imap_capabilities "IMAP4rev1" "UIDPLUS";
+#
+# server {
+# listen localhost:110;
+# protocol pop3;
+# proxy on;
+# }
+#
+# server {
+# listen localhost:143;
+# protocol imap;
+# proxy on;
+# }
+#}
View
3  cookbooks/nginx/files/backup/nginx-1.2.4/proxy_params
@@ -0,0 +1,3 @@
+proxy_set_header Host $host;
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
View
14 cookbooks/nginx/files/backup/nginx-1.2.4/scgi_params
@@ -0,0 +1,14 @@
+scgi_param REQUEST_METHOD $request_method;
+scgi_param REQUEST_URI $request_uri;
+scgi_param QUERY_STRING $query_string;
+scgi_param CONTENT_TYPE $content_type;
+
+scgi_param DOCUMENT_URI $document_uri;
+scgi_param DOCUMENT_ROOT $document_root;
+scgi_param SCGI 1;
+scgi_param SERVER_PROTOCOL $server_protocol;
+
+scgi_param REMOTE_ADDR $remote_addr;
+scgi_param REMOTE_PORT $remote_port;
+scgi_param SERVER_PORT $server_port;
+scgi_param SERVER_NAME $server_name;
View
120 cookbooks/nginx/files/backup/nginx-1.2.4/sites-available/default
@@ -0,0 +1,120 @@
+# You may add here your
+# server {
+# ...
+# }
+# statements for each of your virtual hosts to this file
+
+##
+# You should look at the following URL's in order to grasp a solid understanding
+# of Nginx configuration files in order to fully unleash the power of Nginx.
+# http://wiki.nginx.org/Pitfalls
+# http://wiki.nginx.org/QuickStart
+# http://wiki.nginx.org/Configuration
+#
+# Generally, you will want to move this file somewhere, and start with a clean
+# file but keep this around for reference. Or just disable in sites-enabled.
+#
+# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
+##
+
+server {
+ #listen 80; ## listen for ipv4; this line is default and implied
+ #listen [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+ root /usr/share/nginx/html;
+ index index.html index.htm;
+
+ # Make site accessible from http://localhost/
+ server_name localhost;
+
+ location / {
+ # First attempt to serve request as file, then
+ # as directory, then fall back to displaying a 404.
+ try_files $uri $uri/ /index.html;
+ # Uncomment to enable naxsi on this location
+ # include /etc/nginx/naxsi.rules
+ }
+
+ location /doc/ {
+ alias /usr/share/doc/;
+ autoindex on;
+ allow 127.0.0.1;
+ allow ::1;
+ deny all;
+ }
+
+ # Only for nginx-naxsi used with nginx-naxsi-ui : process denied requests
+ #location /RequestDenied {
+ # proxy_pass http://127.0.0.1:8080;
+ #}
+
+ #error_page 404 /404.html;
+
+ # redirect server error pages to the static page /50x.html
+ #
+ #error_page 500 502 503 504 /50x.html;
+ #location = /50x.html {
+ # root /usr/share/nginx/html;
+ #}
+
+ # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+ #
+ #location ~ \.php$ {
+ # fastcgi_split_path_info ^(.+\.php)(/.+)$;
+ # # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
+ #
+ # # With php5-cgi alone:
+ # fastcgi_pass 127.0.0.1:9000;
+ # # With php5-fpm:
+ # fastcgi_pass unix:/var/run/php5-fpm.sock;
+ # fastcgi_index index.php;
+ # include fastcgi_params;
+ #}
+
+ # deny access to .htaccess files, if Apache's document root
+ # concurs with nginx's one
+ #
+ #location ~ /\.ht {
+ # deny all;
+ #}
+}
+
+
+# another virtual host using mix of IP-, name-, and port-based configuration
+#
+#server {
+# listen 8000;
+# listen somename:8080;
+# server_name somename alias another.alias;
+# root html;
+# index index.html index.htm;
+#
+# location / {
+# try_files $uri $uri/ =404;
+# }
+#}
+
+
+# HTTPS server
+#
+#server {
+# listen 443;
+# server_name localhost;
+#
+# root html;
+# index index.html index.htm;
+#
+# ssl on;
+# ssl_certificate cert.pem;
+# ssl_certificate_key cert.key;
+#
+# ssl_session_timeout 5m;
+#
+# ssl_protocols SSLv3 TLSv1;
+# ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
+# ssl_prefer_server_ciphers on;
+#
+# location / {
+# try_files $uri $uri/ =404;
+# }
+#}
View
15 cookbooks/nginx/files/backup/nginx-1.2.4/uwsgi_params
@@ -0,0 +1,15 @@
+uwsgi_param QUERY_STRING $query_string;
+uwsgi_param REQUEST_METHOD $request_method;
+uwsgi_param CONTENT_TYPE $content_type;
+uwsgi_param CONTENT_LENGTH $content_length;
+
+uwsgi_param REQUEST_URI $request_uri;
+uwsgi_param PATH_INFO $document_uri;
+uwsgi_param DOCUMENT_ROOT $document_root;
+uwsgi_param SERVER_PROTOCOL $server_protocol;
+uwsgi_param UWSGI_SCHEME $scheme;
+
+uwsgi_param REMOTE_ADDR $remote_addr;
+uwsgi_param REMOTE_PORT $remote_port;
+uwsgi_param SERVER_PORT $server_port;
+uwsgi_param SERVER_NAME $server_name;
View
125 cookbooks/nginx/files/backup/nginx-1.2.4/win-utf
@@ -0,0 +1,125 @@
+# This map is not a full windows-1251 <> utf8 map: it does not
+# contain Serbian and Macedonian letters. If you need a full map,
+# use contrib/unicode2nginx/win-utf map instead.
+
+charset_map windows-1251 utf-8 {
+
+ 82 E2809A; # single low-9 quotation mark
+
+ 84 E2809E; # double low-9 quotation mark
+ 85 E280A6; # ellipsis
+ 86 E280A0; # dagger
+ 87 E280A1; # double dagger
+ 88 E282AC; # euro
+ 89 E280B0; # per mille
+
+ 91 E28098; # left single quotation mark
+ 92 E28099; # right single quotation mark
+ 93 E2809C; # left double quotation mark
+ 94 E2809D; # right double quotation mark
+ 95 E280A2; # bullet
+ 96 E28093; # en dash
+ 97 E28094; # em dash
+
+ 99 E284A2; # trade mark sign
+
+ A0 C2A0; # &nbsp;
+ A1 D18E; # capital Byelorussian short U
+ A2 D19E; # small Byelorussian short u
+
+ A4 C2A4; # currency sign
+ A5 D290; # capital Ukrainian soft G
+ A6 C2A6; # borken bar
+ A7 C2A7; # section sign
+ A8 D081; # capital YO
+ A9 C2A9; # (C)
+ AA D084; # capital Ukrainian YE
+ AB C2AB; # left-pointing double angle quotation mark
+ AC C2AC; # not sign
+ AD C2AD; # soft hypen
+ AE C2AE; # (R)
+ AF D087; # capital Ukrainian YI
+
+ B0 C2B0; # &deg;
+ B1 C2B1; # plus-minus sign
+ B2 D086; # capital Ukrainian I
+ B3 D196; # small Ukrainian i
+ B4 D291; # small Ukrainian soft g
+ B5 C2B5; # micro sign
+ B6 C2B6; # pilcrow sign
+ B7 C2B7; # &middot;
+ B8 D191; # small yo
+ B9 E28496; # numero sign
+ BA D194; # small Ukrainian ye
+ BB C2BB; # right-pointing double angle quotation mark
+
+ BF D197; # small Ukrainian yi
+
+ C0 D090; # capital A
+ C1 D091; # capital B
+ C2 D092; # capital V
+ C3 D093; # capital G
+ C4 D094; # capital D
+ C5 D095; # capital YE
+ C6 D096; # capital ZH
+ C7 D097; # capital Z
+ C8 D098; # capital I
+ C9 D099; # capital J
+ CA D09A; # capital K
+ CB D09B; # capital L
+ CC D09C; # capital M
+ CD D09D; # capital N
+ CE D09E; # capital O
+ CF D09F; # capital P
+
+ D0 D0A0; # capital R
+ D1 D0A1; # capital S
+ D2 D0A2; # capital T
+ D3 D0A3; # capital U
+ D4 D0A4; # capital F
+ D5 D0A5; # capital KH
+ D6 D0A6; # capital TS
+ D7 D0A7; # capital CH
+ D8 D0A8; # capital SH
+ D9 D0A9; # capital SHCH
+ DA D0AA; # capital hard sign
+ DB D0AB; # capital Y
+ DC D0AC; # capital soft sign
+ DD D0AD; # capital E
+ DE D0AE; # capital YU
+ DF D0AF; # capital YA
+
+ E0 D0B0; # small a
+ E1 D0B1; # small b
+ E2 D0B2; # small v
+ E3 D0B3; # small g
+ E4 D0B4; # small d
+ E5 D0B5; # small ye
+ E6 D0B6; # small zh
+ E7 D0B7; # small z
+ E8 D0B8; # small i
+ E9 D0B9; # small j
+ EA D0BA; # small k
+ EB D0BB; # small l
+ EC D0BC; # small m
+ ED D0BD; # small n
+ EE D0BE; # small o
+ EF D0BF; # small p
+
+ F0 D180; # small r
+ F1 D181; # small s
+ F2 D182; # small t
+ F3 D183; # small u
+ F4 D184; # small f
+ F5 D185; # small kh
+ F6 D186; # small ts
+ F7 D187; # small ch
+ F8 D188; # small sh
+ F9 D189; # small shch
+ FA D18A; # small hard sign
+ FB D18B; # small y
+ FC D18C; # small soft sign
+ FD D18D; # small e
+ FE D18E; # small yu
+ FF D18F; # small ya
+}
View
8 cookbooks/nginx/metadata.rb
@@ -0,0 +1,8 @@
+name "nginx"
+maintainer "Deepak Kannan"
+maintainer_email "kannan.deepak@gmail.com"
+description "installs and configures nginx"
+version "0.0.1"
+
+depends "apt"
+
View
52 cookbooks/nginx/recipes/default.rb
@@ -0,0 +1,52 @@
+apt_repository "nginx-stable" do
+ uri "http://ppa.launchpad.net/nginx/stable/ubuntu"
+ distribution node['lsb']['codename']
+ components ["main"]
+ keyserver "keyserver.ubuntu.com"
+ key "C300EE8C"
+ notifies :run, resources(:execute => "apt-get-update"), :immediately
+end
+
+package "nginx"
+
+service "nginx" do
+ supports status: true, restart: true, reload: true
+ action [:enable, :start]
+end
+
+template "/etc/nginx/nginx.conf" do
+ owner "root"
+ group "root"
+ mode 0644
+ notifies :reload, "service[nginx]"
+end
+
+# TODO: do we reload here ? :-)
+link "/etc/nginx/sites-enabled/default" do
+ action :delete
+end
+
+applications = node[:rails][:apps]
+
+metadata = node[:rails][:apps_metadata]
+
+applications.each do |app_name|
+ template "/etc/nginx/sites-available/#{app_name}" do
+ owner "root"
+ group "root"
+ mode 0644
+ # TODO: how to DRY up with the rails cookbook
+ # upstream milaap_webapp_server
+ # server unix:/u/apps/milaap-webapp/shared/sockets/unicorn.sock fail_timeout=0;
+ variables(:app_name => app_name.gsub('-', '_'),
+ :app_root => metadata[app_name]["app_root"],
+ :socket_path => metadata[app_name]["socket_path"],
+ :workers => 4)
+ end
+
+ # TODO: check that nginx not started every time
+ link "/etc/nginx/sites-enabled/#{app_name}" do
+ to "/etc/nginx/sites-available/#{app_name}"
+ notifies :reload, "service[nginx]"
+ end
+end
View
19 cookbooks/nginx/spec/default_nginx_spec.rb
@@ -0,0 +1,19 @@
+require 'chefspec'
+
+describe 'nginx::default' do
+ let(:chef_run) { ChefSpec::ChefRunner.new.converge 'nginx::default' }
+
+ it 'should install nginx' do
+ chef_run.should install_package 'nginx'
+ end
+
+ it 'should create nginx config file' do
+ chef_run.should create_file "/etc/nginx/nginx.conf"
+ end
+
+ it 'should initialize and start services' do
+ chef_run.should start_service 'nginx'
+ chef_run.should set_service_to_start_on_boot 'nginx'
+ end
+
+end
View
125 cookbooks/nginx/templates/default/acme-webapp.erb
@@ -0,0 +1,125 @@
+# this can be any application server, not just Unicorn/Rainbows!
+
+<% upstream_name = "#{@app_name}_server" %>
+<% root_path = "#{@app_root}/current/public" %>
+
+upstream <%= upstream_name %> {
+ # fail_timeout=0 means we always retry an upstream even if it failed
+ # to return a good HTTP response (in case the Unicorn master nukes a
+ # single worker for timing out).
+
+ # for UNIX domain socket setups:
+ server unix:<%= @socket_path %>/unicorn.sock fail_timeout=0;
+
+ # for TCP setups, point these to your backend servers
+ # server 192.168.0.7:8080 fail_timeout=0;
+ # server 192.168.0.8:8080 fail_timeout=0;
+ # server 192.168.0.9:8080 fail_timeout=0;
+}
+
+server {
+ # enable one of the following if you're on Linux or FreeBSD
+ listen 80 default deferred; # for Linux
+ # listen 80 default accept_filter=httpready; # for FreeBSD
+
+ # If you have IPv6, you'll likely want to have two separate listeners.
+ # One on IPv4 only (the default), and another on IPv6 only instead
+ # of a single dual-stack listener. A dual-stack listener will make
+ # for ugly IPv4 addresses in $remote_addr (e.g ":ffff:10.0.0.1"
+ # instead of just "10.0.0.1") and potentially trigger bugs in
+ # some software.
+ # listen [::]:80 ipv6only=on; # deferred or accept_filter recommended
+
+ client_max_body_size 4G;
+ server_name _;
+
+ # [apt-get-conf] has keepalive_timeout 65;
+ # ~2 seconds is often enough for most folks to parse HTML/CSS and
+ # retrieve needed images/icons/frames, connections are cheap in
+ # nginx so increasing this is generally safe...
+ keepalive_timeout 5;
+
+ # path for static files
+ root <%= root_path %>;
+
+ # Prefer to serve static files directly from nginx to avoid unnecessary
+ # data copies from the application server.
+ #
+ # try_files directive appeared in in nginx 0.7.27 and has stabilized
+ # over time. Older versions of nginx (e.g. 0.6.x) requires
+ # "if (!-f $request_filename)" which was less efficient:
+ # http://bogomips.org/unicorn.git/tree/examples/nginx.conf?id=v3.3.1#n127
+ try_files $uri/index.html $uri.html $uri @app;
+
+ location @app {
+ # an HTTP header important enough to have its own Wikipedia entry:
+ # http://en.wikipedia.org/wiki/X-Forwarded-For
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+ # enable this if you forward HTTPS traffic to unicorn,
+ # this helps Rack set the proper URL scheme for doing redirects:
+ # proxy_set_header X-Forwarded-Proto $scheme;
+
+ # pass the Host: header from the client right along so redirects
+ # can be set properly within the Rack application
+ proxy_set_header Host $http_host;
+
+ # we don't want nginx trying to do something clever with
+ # redirects, we set the Host: header above already.
+ proxy_redirect off;
+
+ # set "proxy_buffering off" *only* for Rainbows! when doing
+ # Comet/long-poll/streaming. It's also safe to set if you're using
+ # only serving fast clients with Unicorn + nginx, but not slow
+ # clients. You normally want nginx to buffer responses to slow
+ # clients, even with Rails 3.1 streaming because otherwise a slow
+ # client can become a bottleneck of Unicorn.
+ #
+ # The Rack application may also set "X-Accel-Buffering (yes|no)"
+ # in the response headers do disable/enable buffering on a
+ # per-response basis.
+ # proxy_buffering off;
+
+ proxy_pass http://<%= upstream_name %>;
+ }
+ # end location @app
+
+ # Rails error pages
+ error_page 500 502 503 504 /500.html;
+ location = /500.html {
+ root <%= root_path %>;
+ }
+
+ # https://github.com/h5bp/server-configs/blob/master/nginx/conf/expires.conf
+ # No default expire rule. This config mirrors that of apache as outlined in the
+ # html5-boilerplate .htaccess file. However, nginx applies rules by location,
+ # the apache rules are defined by type. A concequence of this difference is that
+ # if you use no file extension in the url and serve html, with apache you get an
+ # expire time of 0s, with nginx you'd get an expire header of one month in the
+ # future (if the default expire rule is 1 month). Therefore, do not use a
+ # default expire rule with nginx unless your site is completely static
+
+ # cache.appcache, your document html and data
+ location ~* \.(?:manifest|appcache|html|xml|json)$ {
+ expires -1;
+ # click tracking!
+ access_log /var/log/nginx/static.log combined;
+ }
+
+ location ~ ^/(assets)/ {
+ root <% root_path %>;
+ gzip_static on; # to serve pre-gzipped version
+ expires max;
+ add_header Cache-Control public;
+
+ # Some browsers still send conditional-GET requests if there's a
+ # Last-Modified header or an ETag header even if they haven't
+ # reached the expiry date sent in the Expires header.
+ add_header ETag "";
+ # add_header Last-Modified "";
+ access_log off;
+ break;
+ }
+
+}
+# server
View
160 cookbooks/nginx/templates/default/nginx.conf.erb
@@ -0,0 +1,160 @@
+# NOTE: [apt-get-conf] means the config created by the apt-get package
+
+# The only setting we feel strongly about is the fail_timeout=0
+# directive in the "upstream" block. max_fails=0 also has the same
+# effect as fail_timeout=0 for current versions of nginx and may be
+# used in its place.
+
+# NOTE: 4 was [apt-get-conf]. unicorn default conf suggests 1 and gives the following advise
+# you generally only need one nginx worker unless you're serving
+# large amounts of static files which require blocking disk reads
+worker_processes <%= @node[:nginx][:worker_processes] %>;
+
+# # drop privileges, root is needed on most systems for binding to port 80
+# # (or anything < 1024). Capability-based security may be available for
+# # your system and worth checking out so you won't need to be root to
+# # start nginx to bind on 80
+# user nobody nogroup; # for systems with a "nogroup"
+# user nobody nobody; # for systems with "nobody" as a group instead
+
+# TODO: hardcoded. should be in user cookbook
+# TODO: check comparative perms security wise
+# TODO: check perms of uploaded files in rails app
+user www-data;
+# user deployer;
+
+# Feel free to change all paths to suite your needs here, of course
+pid /var/run/nginx.pid;
+
+error_log /var/log/nginx/error.log;
+
+events {
+ # [apt-get-conf] recommends 768
+ worker_connections 1024; # increase if you have lots of clients
+ accept_mutex on; # "on" if nginx worker_processes > 1
+ use epoll; # enable for Linux 2.6+
+ # use kqueue; # enable for FreeBSD, OSX
+ # multi_accept on;
+}
+
+http {
+ ##
+ # Basic Settings
+ ##
+
+ # TODO: check with rackspace
+ # NOTE: vagrant has a bug with sendfile
+ # you generally want to serve static files with nginx since neither
+ # Unicorn nor Rainbows! is optimized for it at the moment
+ sendfile on;
+
+ # [apt-get-conf] has
+ # tcp_nopush on;
+ # tcp_nodelay on;
+
+ tcp_nopush on; # off may be better for *some* Comet/long-poll stuff
+ tcp_nodelay off; # on may be better for some Comet/long-poll stuff
+
+ # set in the server block
+ # keepalive_timeout 2;
+
+ types_hash_max_size 2048;
+ # [apt-get-conf] default is on
+ # but off is better for security
+ server_tokens off;
+
+ # server_names_hash_bucket_size 64;
+ # server_name_in_redirect off;
+
+ include /etc/nginx/mime.types;
+
+ # fallback in case we can't determine a type
+ default_type application/octet-stream;
+
+ ##
+ # Logging Settings
+ ##
+
+ # click tracking!
+ access_log /var/log/nginx/access.log combined;
+
+ # [apt-get-conf] puts it here but we put in the top most block
+ # error_log /var/log/nginx/error.log;
+
+ ##
+ # Gzip Settings
+ ##
+
+ # we haven't checked to see if Rack::Deflate on the app server is
+ # faster or not than doing compression via nginx. It's easier
+ # to configure it all in one place here for static files and also
+ # to disable gzip for clients who don't get gzip/deflate right.
+ # There are other gzip settings that may be needed used to deal with
+ # bad clients out there, see http://wiki.nginx.org/NginxHttpGzipModule
+ gzip on;
+ gzip_http_version 1.0;
+ gzip_proxied any;
+ gzip_min_length 500;
+ gzip_disable "MSIE [1-6]\.";
+ gzip_types text/plain text/html text/xml text/css
+ text/comma-separated-values
+ text/javascript application/x-javascript
+ application/atom+xml;
+
+ # extra conf
+ gzip_comp_level 6;
+
+ # [apt-get-conf]
+ # gzip on;
+ # gzip_disable "msie6";
+ ## gzip_vary on;
+ ## gzip_proxied any;
+ ## gzip_comp_level 6;
+ ## gzip_buffers 16 8k;
+ ## gzip_http_version 1.1;
+ ## gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+
+ ##
+ # nginx-naxsi config
+ ##
+ # Uncomment it if you installed nginx-naxsi
+ ##
+ #include /etc/nginx/naxsi_core.rules;
+
+ ##
+ # nginx-passenger config
+ ##
+ # Uncomment it if you installed nginx-passenger
+ ##
+ #passenger_root /usr;
+ #passenger_ruby /usr/bin/ruby;
+
+ ##
+ # Virtual Host Configs
+ ##
+
+ include /etc/nginx/conf.d/*.conf;
+ include /etc/nginx/sites-enabled/*;
+}
+# http
+
+#mail {
+# # See sample authentication script at:
+# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
+#
+# # auth_http localhost/auth.php;
+# # pop3_capabilities "TOP" "USER";
+# # imap_capabilities "IMAP4rev1" "UIDPLUS";
+#
+# server {
+# listen localhost:110;
+# protocol pop3;
+# proxy on;
+# }
+#
+# server {
+# listen localhost:143;
+# protocol imap;
+# proxy on;
+# }
+#}
View
13 cookbooks/node/recipes/default.rb
@@ -0,0 +1,13 @@
+include_recipe 'apt'
+
+apt_repository 'chris-lea-node' do
+ uri 'http://ppa.launchpad.net/chris-lea/node.js/ubuntu'
+ distribution node[:lsb][:codename]
+ components %w(main)
+ keyserver 'keyserver.ubuntu.com'
+ key 'C7917B12'
+ action :add
+end
+
+# installing it for precompiling assets for rails asset-pipeline
+package "nodejs"
View
2  cookbooks/packages/README.md
@@ -0,0 +1,2 @@
+Install certain packages like git and rsync and installs some scriots
+into
View
1  cookbooks/packages/attributes/packages.rb
@@ -0,0 +1 @@
+default['packages']['scripts_dir'] = "/opt/scripts"
View
53 cookbooks/packages/files/default/unicornctl
@@ -0,0 +1,53 @@
+#!/usr/local/bin/ruby
+#
+# Control a unicorn master process
+# See http://unicorn.bogomips.org/SIGNALS.html for an explanation of each signal
+#
+
+# TODO: +/- workers will not persist the count for a future fresh
+# run
+
+SIGNALS_MAP = {"restart" => "USR2", "force_shutdown" => "TERM", "graceful_shutdown" => "QUIT",
+ "reopen_logs" => "USR1", "restart_workers" => "HUP", "stop_workers" => "WINCH", "add_worker" => "TTIN", "remove_worker" => "TTOU"}
+
+def usage
+ puts "unicornctl <command> [pid_path]"
+ puts "Provide one of the following commands:"
+ puts SIGNALS_MAP.keys.join(", ")
+ puts
+ puts "Pid path default relative to the current directory: tmp/pids/unicorn.pid"
+ exit
+end
+
+usage unless ARGV[0] && SIGNALS_MAP.keys.include?(ARGV[0])
+
+pid_path = ARGV[1] || Dir.pwd + "/tmp/pids/unicorn.pid"
+
+if File.exists?(pid_path)
+ old_pid = File.read(pid_path).strip
+ command = ARGV[0].downcase
+
+ puts "Restarting pid #{old_pid}..."
+ Process.kill(SIGNALS_MAP[command], File.read(pid_path).to_i)
+
+ tries = 0
+ begin
+ sleep 2
+ new_pid = File.read(pid_path).strip
+ rescue => e
+ tries += 1
+ retry unless tries >= 3
+ puts "WARNING: Restart failed. Error: #{e.message}."
+ end
+ if new_pid == old_pid
+ if command == "restart"
+ puts "PID #{new_pid} has not changed, so the deploy may have failed. Check the unicorn log for issues."
+ else
+ puts "Since this app does not preload, the master unicorn process keeps the same PID of #{new_pid}."
+ end
+ else
+ puts "New pid is #{new_pid}."
+ end
+else
+ puts "WARNING: no pid file found at #{pid_path}"
+end
View
9 cookbooks/packages/metadata.rb
@@ -0,0 +1,9 @@
+name "packages"
+maintainer "Deepak Kannan"
+maintainer_email "kannan.deepak@gmail.com"
+description "installs and configures nginx"
+version "0.0.1"
+
+depends "git"
+depends "apt"
+depends "ntp"
View
42 cookbooks/packages/recipes/default.rb
@@ -0,0 +1,42 @@
+include_recipe "apt"
+include_recipe 'git'
+
+# clock can drift without NTP
+include_recipe "ntp"
+
+# useful for moving stuff
+package "rsync"
+package "curl"
+
+# suggested by apt-get install git also "rvm requirements"
+# useful for applying patches to ruby src
+package "patch"
+
+package "finger"
+package "mtr"
+
+package "tree"
+
+# Shows the members of a group; by default
+package "members"
+
+# almost-definately will be already installed
+package "bash"
+package "tar"
+package "grep"
+package "less"
+package "ssl-cert"
+# always installed on ubuntu
+# package "sudo"
+
+package "vim"
+# package "emacs"
+
+# package "openssh-server", "openssh-client"
+# https://github.com/opscode-cookbooks/openssh/
+# include_recipe 'openssh'
+
+# for automated installs of debs
+package "debconf-utils"
+
+include_recipe 'packages::scripts'
View
14 cookbooks/packages/recipes/scripts.rb
@@ -0,0 +1,14 @@
+scripts_dir = node['packages']['scripts_dir']
+
+directory scripts_dir do
+ owner "root"
+ group "root"
+ mode 0755
+end
+
+package "apt-rdepends"
+template "#{scripts_dir}/compute_package_size.py" do
+ owner "root"
+ group "root"
+ mode 0755
+end
View
102 cookbooks/packages/templates/default/compute_package_size.py.erb
@@ -0,0 +1,102 @@
+#!/usr/bin/env python
+import sys
+from subprocess import Popen,PIPE,STDOUT
+
+# source: http://ubuntuforums.org/showthread.php?t=1154940&highlight=get_dependencies
+
+__usage__='''
+compute_total_pkg_size.py emacs
+'''
+
+pkg=sys.argv[1]
+
+
+def report_lines(alist,max_len,vdiv,hline):
+ '''
+ alist is a list of tuples
+ report_lines returns a list of strings
+ '''
+ result=[]
+ svs=' '+vdiv+' '
+ for row in alist:
+ if row[0]=='-':
+ line_string=hline
+ else:
+ data_justified=[str(elt).rjust(num) for elt,num in zip(row,max_len)]
+ data_svs=svs.join(data_justified)
+ line_list=[vdiv,data_svs,vdiv]
+ line_string=' '.join(line_list)
+ result.append(line_string)
+ return result
+
+def report_table(alist,corner='+',hdiv='-',vdiv='|',header=True):
+ max_len=max_col_len(alist)
+ hline_l=[corner,
+ corner.join([hdiv.ljust(max_num+2,hdiv)
+ for max_num in max_len]),
+ corner]
+ hline=''.join(hline_l)
+ result=report_lines(alist,max_len,vdiv,hline)
+ if header:
+ new_result=[hline,result[0],hline,]
+ new_result.extend(result[1:])
+ else:
+ new_result=[hline,]
+ new_result.extend(result)
+ new_result.append(hline)
+ result='\n'.join(new_result)+'\n'
+ return result
+
+def max_col_len(alist):
+ return [max([len(str(elt)) for elt in column]) for column in zip(*alist)]
+
+def find_installed():
+ '''
+ Returns a list of all the packages installed on the computer
+ '''
+ proc=Popen("dpkg --get-selections | awk '/install/{print $1}'",
+ shell=True, stdout=PIPE, stderr=open('/dev/null'),)
+ return proc.communicate()[0].split()
+
+def get_size(pkg):
+ '''
+ Returns (download size, installed size) in KiB
+ '''
+ cmd='apt-cache show %s'%pkg
+ proc=Popen(cmd, shell=True, stdout=PIPE, )
+ size=0
+ install_size=0
+ for line in proc.communicate()[0].split('\n'):
+ if line.startswith('Size: '):
+ size=line.split()[-1]
+ elif line.startswith('Installed-Size: '):
+ install_size=line.split()[-1]
+ return (int(size)/1024,int(install_size))
+
+def get_dependencies(pkg):
+ '''
+ Returns all the (recursive) dependencies of a package
+ '''
+ cmd='apt-rdepends -s=DEPENDS %s'%pkg
+ proc=Popen(cmd, shell=True, stdout=PIPE, )
+ return proc.communicate()[0].strip().split('\n')
+
+deps=get_dependencies(pkg)
+installed_packages=find_installed()
+needed_packages=list(set(deps)-set(installed_packages))
+(sizes_dep,sizes_dep_installed)=zip(*[get_size(pkg) for pkg in deps])
+(sizes_needed,sizes_needed_installed)=zip(*[get_size(pkg) for pkg in needed_packages])
+data=[('Package (*=needed)','Download size (KiB)','Installed size (KiB)')]
+for apkg,size,install_size in zip(deps,sizes_dep,sizes_dep_installed):
+ if apkg in needed_packages:
+ data.append(('%s *'%apkg,size,install_size))
+ else:
+ data.append((apkg,size,install_size))
+print(report_table(data))