Permalink
Browse files

added necessary dependent cookbooks for zabbix

  • Loading branch information...
1 parent 11ccbdd commit 38b459e26eb5765134b332b31358ecf6365e99fd Philip (flip) Kromer committed Nov 14, 2011
Showing with 2,422 additions and 981 deletions.
  1. +360 −0 cookbooks/database/README.md
  2. +97 −0 cookbooks/database/libraries/provider_database_mysql.rb
  3. +76 −0 cookbooks/database/libraries/provider_database_mysql_user.rb
  4. +109 −0 cookbooks/database/libraries/provider_database_sql_server.rb
  5. +106 −0 cookbooks/database/libraries/provider_database_sql_server_user.rb
  6. +59 −0 cookbooks/database/libraries/resource_database.rb
  7. +90 −0 cookbooks/database/libraries/resource_database_user.rb
  8. +34 −0 cookbooks/database/libraries/resource_mysql_database.rb
  9. +34 −0 cookbooks/database/libraries/resource_mysql_database_user.rb
  10. +34 −0 cookbooks/database/libraries/resource_sql_server_database.rb
  11. +34 −0 cookbooks/database/libraries/resource_sql_server_database_user.rb
  12. +20 −0 cookbooks/database/metadata.rb
  13. +20 −0 cookbooks/database/recipes/default.rb
  14. +89 −0 cookbooks/database/recipes/ebs_backup.rb
  15. +196 −0 cookbooks/database/recipes/ebs_volume.rb
  16. +78 −0 cookbooks/database/recipes/master.rb
  17. +62 −0 cookbooks/database/recipes/snapshot.rb
  18. +8 −0 cookbooks/database/templates/default/app_grants.sql.erb
  19. +3 −0 cookbooks/database/templates/default/aws_config.erb
  20. +10 −0 cookbooks/database/templates/default/chef-solo-database-snapshot.cron.erb
  21. +1 −0 cookbooks/database/templates/default/chef-solo-database-snapshot.json.erb
  22. +6 −0 cookbooks/database/templates/default/chef-solo-database-snapshot.rb.erb
  23. +2 −0 cookbooks/database/templates/default/ebs-backup-cron.erb
  24. +8 −0 cookbooks/database/templates/default/ebs-db-backup.sh.erb
  25. +10 −0 cookbooks/database/templates/default/ebs-db-restore.sh.erb
  26. +27 −0 cookbooks/database/templates/default/s3cfg.erb
  27. +144 −0 cookbooks/mysql/README.md
  28. +0 −143 cookbooks/mysql/README.rdoc
  29. +47 −35 cookbooks/mysql/attributes/server.rb
  30. +6 −2 cookbooks/mysql/libraries/database.rb
  31. +33 −0 cookbooks/mysql/libraries/helpers.rb
  32. +16 −4 cookbooks/mysql/metadata.rb
  33. +0 −28 cookbooks/mysql/providers/database.rb
  34. +21 −43 cookbooks/mysql/recipes/client.rb
  35. +33 −19 cookbooks/mysql/recipes/server.rb
  36. +6 −6 cookbooks/mysql/recipes/server_ec2.rb
  37. +0 −7 cookbooks/mysql/resources/database.rb
  38. +0 −12 cookbooks/mysql/templates/centos/my.cnf.erb
  39. +0 −156 cookbooks/mysql/templates/debian/my.cnf.erb
  40. +5 −4 cookbooks/mysql/templates/default/debian.cnf.erb
  41. +7 −4 cookbooks/mysql/templates/default/grants.sql.erb
  42. +45 −32 cookbooks/mysql/templates/default/my.cnf.erb
  43. +2 −2 cookbooks/mysql/templates/default/mysql-server.seed.erb
  44. +0 −12 cookbooks/mysql/templates/redhat/my.cnf.erb
  45. +0 −158 cookbooks/mysql/templates/ubuntu-10.04/my.cnf.erb
  46. +0 −156 cookbooks/mysql/templates/ubuntu-8.04/my.cnf.erb
  47. +0 −158 cookbooks/mysql/templates/ubuntu-9.10/my.cnf.erb
  48. +134 −0 cookbooks/ufw/README.md
  49. +2 −0 cookbooks/ufw/attributes/default.rb
  50. +13 −0 cookbooks/ufw/examples/data_bags/firewall/apache2.json
  51. +8 −0 cookbooks/ufw/examples/data_bags/firewall/apache2::mod_ssl.json
  52. +27 −0 cookbooks/ufw/examples/roles/fw_example.rb
  53. +12 −0 cookbooks/ufw/examples/roles/fw_https.rb
  54. +7 −0 cookbooks/ufw/examples/roles/securitylevel_green.rb
  55. +7 −0 cookbooks/ufw/examples/roles/securitylevel_red.rb
  56. +7 −0 cookbooks/ufw/examples/roles/securitylevel_yellow.rb
  57. +20 −0 cookbooks/ufw/metadata.rb
  58. +58 −0 cookbooks/ufw/recipes/databag.rb
  59. +84 −0 cookbooks/ufw/recipes/default.rb
  60. +23 −0 cookbooks/ufw/recipes/disable.rb
  61. +41 −0 cookbooks/ufw/recipes/recipes.rb
  62. +41 −0 cookbooks/ufw/recipes/securitylevel.rb
@@ -0,0 +1,360 @@
+Database Cookbook
+=================
+
+The main highlight of this cookbook is the `database` and `database_user` resources for managing databases and database users in a RDBMS. Providers for MySQL and SQL Server are also provided, see usage documentation below.
+
+This cookbook also contains recipes to configure mysql database masters and slaves and uses EBS for storage, integrating together with the application cookbook utilizing data bags for application related information. These recipes are written primarily to use MySQL and the Opscode mysql cookbook. Other RDBMS may be supported at a later date. This cookbook does not automatically restore database dumps, but does install tools to help with that.
+
+Requirements
+============
+
+Chef 0.10.0 or higher required (for Chef environment use).
+
+Platform
+--------
+
+* Debian, Ubuntu
+* Red Hat, CentOS Fedora
+
+Cookbooks
+---------
+
+The following Opscode cookbooks are dependencies:
+
+* mysql
+* xfs
+* aws
+
+Resources/Providers
+===================
+
+These resources aim to expose an abstraction layer for interacting with different RDBMS in a general way. Currently the cookbook ships with providers for MySQL and SQL Server. Please see specific usage in the __Example__ sections below. The providers use specific Ruby gems to execute commands and carry out actions. These gems will need to be installed before the providers can operate correctly. Specific notes for each RDBS flavor:
+
+- MySQL: leverages the `mysql` gem which is installed as part of the `mysql::client` recipe.
+- SQL Server: leverages the `tiny_tds` gem which is installed as part of the `sql_server::client` recipe.
+
+`database`
+----------
+
+Manage databases in a RDBMS. Use the proper shortcut resource depending on your RDBMS: `mysql_database` or `sql_server_database`.
+
+### Actions
+
+- :create: create a named database
+- :drop: drop a named database
+- :query: execute an arbitrary query against a named database
+
+### Attribute Parameters
+
+- database_name: name attribute. Name of the database to interact with
+- connection: hash of connection info. valid keys include :host, :port, :username, :password
+- sql: string of sql to execute against the database. used by :query action only
+
+### Providers
+
+- **Chef::Provider::Database::Mysql**: shortcut resource `mysql_database`
+- **Chef::Provider::Database::SqlServer**: shortcut resource `sql_server_database`
+
+### Examples
+
+ # create a mysql database
+ mysql_database 'oracle_rules' do
+ connection {:host => "localhost", :username => 'root', :password => node['mysql']['server_root_password']}
+ action :create
+ end
+
+ # create a sql server database
+ sql_server_database 'mr_softie' do
+ connection {:host => "127.0.0.1", :port => node['sql_server']['port'], :username => 'sa', :password => node['sql_server']['server_sa_password']}
+ action :create
+ end
+
+ # externalize conection info in a ruby hash
+ mysql_connection_info = {:host => "localhost", :username => 'root', :password => node['mysql']['server_root_password']}
+ sql_server_connection_info = {:host => "localhost", :port => node['sql_server']['port'], :username => 'sa', :password => node['sql_server']['server_sa_password']}
+
+ # same create commands, connection info as an external hash
+ mysql_database 'foo' do
+ connection mysql_connection_info
+ action :create
+ end
+ sql_server_database 'foo' do
+ connection sql_server_connection_info
+ action :create
+ end
+
+ # create database, set provider in resource parameter
+ database 'bar' do
+ connection mysql_connection_info
+ provider Chef::Provider::Database::Mysql
+ action :create
+ end
+ database 'bar' do
+ connection connection_info
+ provider Chef::Provider::Database::SqlServer
+ action :create
+ end
+
+ # drop a database
+ mysql_database "baz" do
+ connection mysql_connection_info
+ action :drop
+ end
+
+ # query a database
+ mysql_database "flush the privileges" do
+ connection mysql_connection_info
+ sql "flush privileges"
+ action :query
+ end
+
+`database_user`
+---------------
+
+Manage users and user privileges in a RDBMS. Use the proper shortcut resource depending on your RDBMS: `mysql_database_user` or `sql_server_database_user`.
+
+### Actions
+
+- :create: create a user
+- :drop: drop a user
+- :grant: manipulate user privileges on database objects
+
+### Attribute Parameters
+
+- username: name attribute. Name of the database user
+- password: password for the user account
+- database_name: Name of the database to interact with
+- connection: hash of connection info. valid keys include :host, :port, :username, :password
+- privileges: array of database privileges to grant user. used by the :grant action. default is :all
+- host: host where user connections are allowed from. used by MySQL provider only. default is 'localhost'
+- table: table to grant privileges on. used by :grant action and MySQL provider only. default is '*' (all tables)
+
+### Providers
+
+- **Chef::Provider::Database::MysqlUser**: shortcut resource `mysql_database_user`
+- **Chef::Provider::Database::SqlServerUser**: shortcut resource `sql_server_database_user`
+
+### Examples
+
+ # create connection info as an external ruby hash
+ mysql_connection_info = {:host => "localhost", :username => 'root', :password => node['mysql']['server_root_password']}
+ sql_server_connection_info = {:host => "localhost", :port => node['sql_server']['port'], :username => 'sa', :password => node['sql_server']['server_sa_password']}
+
+ # create a mysql user but grant no priveleges
+ mysql_database_user 'disenfranchised' do
+ connection mysql_connection_info
+ password 'super_secret'
+ action :create
+ end
+
+ # do the same but pass the provider to the database resource
+ database_user 'disenfranchised' do
+ connection mysql_connection_info
+ password 'super_secret'
+ provider Chef::Provider::Database::MysqlUser
+ action :create
+ end
+
+ # create a sql server user but grant no priveleges
+ sql_server_database_user 'disenfranchised' do
+ connection sql_server_connection_info
+ password 'super_secret'
+ action :create
+ end
+
+ # drop a mysql user
+ mysql_database_user "foo_user" do
+ connection mysql_connection_info
+ action :drop
+ ends
+
+ # bulk drop sql server users
+ %w{ disenfranchised foo_user }.each do |user|
+ sql_server_database_user user do
+ connection sql_server_connection_info
+ action :drop
+ end
+ end
+
+ # grant select,update,insert privileges to all tables in foo db from all hosts
+ mysql_database_user 'foo_user' do
+ connection mysql_connection_info
+ password 'super_secret'
+ database_name 'foo'
+ host '%'
+ privileges [:select,:update,:insert]
+ action :grant
+ end
+
+ # grant all privelages on all databases/tables from localhost
+ mysql_database_user 'super_user' do
+ connection mysql_connection_info
+ password 'super_secret'
+ action :grant
+ end
+
+ # grant select,update,insert privileges to all tables in foo db
+ sql_server_database_user 'foo_user' do
+ connection sql_server_connection_info
+ password 'super_secret'
+ database_name 'foo'
+ privileges [:select,:update,:insert]
+ action :grant
+ end
+
+Recipes
+=======
+
+ebs\_volume
+-----------
+
+Loads the aws information from the data bag. Searches the applications data bag for the database master or slave role and checks that role is applied to the node. Loads the EBS information and the master information from data bags. Uses the aws cookbook LWRP, `aws_ebs_volume` to manage the volume.
+
+On a master node:
+* if we have an ebs volume already as stored in a data bag, attach it.
+* if we don't have the ebs information then create a new one and attach it.
+* store the volume information in a data bag via a ruby block.
+
+On a slave node:
+* use the master volume information to generate a snapshot.
+* create the new volume from the snapshot and attach it.
+
+Also on a master node, generate some configuration for running a snapshot via `chef-solo` from cron.
+
+On a new filesystem volume, create as XFS, then mount it in /mnt, and also bind-mount it to the mysql data directory (default /var/lib/mysql).
+
+master
+------
+
+This recipe no longer loads AWS specific information, and the database position for replication is no longer stored in a databag because the client might not have permission to write to the databag item. This may be handled in a different way at a future date.
+
+Searches the apps databag for applications, and for each one it will check that the specified database master role is set in both the databag and applied to the node's run list. Then, retrieves the passwords for `root`, `repl` and `debian` users and saves them to the node attributes. If the passwords are not found in the databag, it prints a message that they'll be generated by the mysql cookbook.
+
+Then it adds the application databag database settings to a hash, to use later.
+
+Then it will iterate over the databases and create them with the `mysql_database` resource while adding privileges for application specific database users using the `mysql_database_user` resource.
+
+slave
+-----
+
+_TODO_: Retrieve the master status from a data bag, then start replication using a ruby block. The replication status needs to be handled in some other way for now since the master recipe above doesn't actually set it in the databag anymore.
+
+snapshot
+--------
+
+Run via Chef Solo. Retrieves the db snapshot configuration from the specified JSON file. Uses the `mysql_database` resource to lock and unlock tables, and does a filesystem freeze and EBS snapshot.
+
+Deprecated Recipes
+==================
+
+The following recipe is considered deprecated. It is kept for reference purposes.
+
+ebs\_backup
+-----------
+
+Older style of doing mysql snapshot and replication using Adam Jacob's [ec2_mysql](http://github.com/adamhjk/ec2_mysql) script and library.
+
+Data Bags
+=========
+
+This cookbook uses the apps data bag item for the specified application; see the `application` cookbook's README.md. It also creates data bag items in a bag named 'aws' for storing volume information. In order to interact with EC2, it expects aws to have a main item:
+
+ {
+ "id": "main",
+ "ec2_private_key": "private key as a string",
+ "ec2_cert": "certificate as a string",
+ "aws_account_id": "",
+ "aws_secret_access_key": "",
+ "aws_access_key_id": ""
+ }
+
+Note: with the Open Source Chef Server, the server using the database recipes must be an admin client or it will not be able to create data bag items. You can modify whether the client is admin by editing it with knife.
+
+ knife client edit <client_name>
+ {
+ ...
+ "admin": true
+ ...
+ }
+
+This is not required if the Chef Server is the Opscode Platform, instead use the ACL feature to modify access for the node to be able to update the data bag.
+
+Usage
+=====
+
+Aside from the application data bag (see the README in the application cookbook), create a role for the database master. Use a role.rb in your chef-repo, or create the role directly with knife.
+
+ % knife role show my_app_database_master -Fj
+ {
+ "name": "my_app_database_master",
+ "chef_type": "role",
+ "json_class": "Chef::Role",
+ "default_attributes": {
+ },
+ "description": "",
+ "run_list": [
+ "recipe[mysql::server]",
+ "recipe[database::master]"
+ ],
+ "override_attributes": {
+ }
+ }
+
+Create a `production` environment. This is also used in the `application` cookbook.
+
+ % knife environment show production -Fj
+ {
+ "name": "production",
+ "description": "",
+ "cookbook_versions": {
+ },
+ "json_class": "Chef::Environment",
+ "chef_type": "environment",
+ "default_attributes": {
+ },
+ "override_attributes": {
+ }
+ }
+
+
+The cookbook `my_app_database` is recommended to set up any application specific database resources such as configuration templates, trending monitors, etc. It is not required, but you would need to create it separately in `site-cookbooks`. Add it to the `my_app_database_master` role.
+
+Changes/Roadmap
+===============
+
+## Future
+
+* update `database::master` to work with any RDBMS provider (most likely keying off database adapter)
+
+## v1.0.0
+
+* [COOK-683] added `database` and `database_user` resources
+* [COOK-684] MySQL providers
+* [COOK-685] SQL Server providers
+* refactored `database::master` and `database::snapshot` recipes to leverage new resources
+
+## v0.99.1
+
+* Use Chef 0.10's `node.chef_environment` instead of `node['app_environment']`.
+
+License and Author
+==================
+
+Author:: Adam Jacob (<adam@opscode.com>)
+Author:: Joshua Timberman (<joshua@opscode.com>)
+Author:: AJ Christensen (<aj@opscode.com>)
+Author:: Seth Chisamore (<schisamo@opscode.com>)
+
+Copyright 2009-2011, Opscode, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
Oops, something went wrong.

0 comments on commit 38b459e

Please sign in to comment.