Updated chef-server to make local installs easier

- Changed default install directory for osx to
  /usr/local/etc/cher
- Added configuration options for chef-server
  user and group
- Added a script that properly sets up rabbitmq
  to be run before standing up chef-server for
  the first time
- other small changes

chef-server/attributes/default.rb

@@ -24,39 +24,59 @@
   default["chef_server"]["run_path"]    = "/var/run/chef"
   default["chef_server"]["cache_path"]  = "/var/cache/chef"
   default["chef_server"]["backup_path"] = "/var/lib/chef/backup"
+  default["chef_server"]["conf_dir"]    = "/etc/chef"
+  default['chef_server']['log_dir']     = "/var/log/chef"
+  default['chef_server']['group']       = 'wheel'
 when "debian","ubuntu","redhat","centos","fedora"
   default["chef_server"]["init_style"]  = "init"
   default["chef_server"]["path"]        = "/var/lib/chef"
   default["chef_server"]["run_path"]    = "/var/run/chef"
   default["chef_server"]["cache_path"]  = "/var/cache/chef"
   default["chef_server"]["backup_path"] = "/var/lib/chef/backup"
+  default["chef_server"]["conf_dir"]    = "/etc/chef"
+  default['chef_server']['log_dir']     = "/var/log/chef"
+  default['chef_server']['group']       = 'wheel'
 when "openbsd","freebsd"
   default["chef_server"]["init_style"]  = "bsd"
   default["chef_server"]["path"]        = "/var/chef"
   default["chef_server"]["run_path"]    = "/var/run"
   default["chef_server"]["cache_path"]  = "/var/chef/cache"
   default["chef_server"]["backup_path"] = "/var/chef/backup"
+  default["chef_server"]["conf_dir"]    = "/etc/chef"
+  default['chef_server']['log_dir']     = "/var/log/chef"
+  default['chef_server']['group']       = 'wheel'
 when "mac_os_x"
+  #NOTE: these defaults assume that if you are deploying chef-server on OS X
+  # then you want it to be a dev environment.
+  default["chef_server"]["manage_user_action"] = "nothing"
   default["chef_server"]["init_style"]  = "procfile"
-  default["chef_server"]["path"]        = "/var/chef"
-  default["chef_server"]["run_path"]    = "/var/chef/pid"
-  default["chef_server"]["cache_path"]  = "/var/chef/cache"
-  default["chef_server"]["backup_path"] = "/var/chef/backup"
+  default["chef_server"]["path"]        = "/usr/local/var/chef"
+  default["chef_server"]["run_path"]    = "/usr/local/var/chef/pid"
+  default["chef_server"]["cache_path"]  = "/usr/local/var/chef/cache"
+  default["chef_server"]["backup_path"] = "/usr/local/var/chef/backup"
+  default["chef_server"]["conf_dir"]    = "/usr/local/etc/chef"
+  default["chef_server"]["log_dir"]     = "/usr/local/var/log/chef"
+  default['chef_server']['group']       = 'wheel'
 else
   default["chef_server"]["init_style"]  = "none"
   default["chef_server"]["path"]        = "/var/chef"
   default["chef_server"]["run_path"]    = "/var/run"
   default["chef_server"]["cache_path"]  = "/var/chef/cache"
   default["chef_server"]["backup_path"] = "/var/chef/backup"
+  default["chef_server"]["conf_dir"]    = "/etc/chef"
+  default['chef_server']['log_dir']     = "/var/log/chef"
+  default['chef_server']['group']       = 'root'
 end
 
 default['chef_server']['umask']           = "0022"
 default['chef_server']['url']             = "http://localhost:4000"
-default['chef_server']['log_dir']         = "/var/log/chef"
 default['chef_server']['api_port']        = "4000"
 default['chef_server']['webui_port']      = "4040"
 default['chef_server']['webui_enabled']   = false
 default['chef_server']['solr_heap_size']  = "256M"
 default['chef_server']['validation_client_name'] = "chef-validator"
 default['chef_server']['expander_nodes']  = 1
 default['chef_server']['amqp_pass']       = 'testing'
+default['chef_server']['user']            = 'chef'
+default['chef_server']['user_manage_action'] = 'create'
+default['chef_server']['user_shell']      = '/bin/sh'

chef-server/recipes/apache-proxy.rb

@@ -16,12 +16,13 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
+=begin
 root_group = value_for_platform(
   "openbsd" => { "default" => "wheel" },
   "freebsd" => { "default" => "wheel" },
   "default" => "root"
 )
+=end
 
 node['apache']['listen_ports'] << "443" unless node['apache']['listen_ports'].include?("443")
 if node['chef_server']['webui_enabled']
@@ -38,21 +39,22 @@
 include_recipe "apache2::mod_expires"
 include_recipe "apache2::mod_deflate"
 
-directory "/etc/chef/certificates" do
-  owner "chef"
-  group root_group
+directory "#{node['chef_server']['conf_dir']}/certificates" do
+  owner node['chef_server']['user']
+#  group root_group
+  group node['chef_server']['group']
   mode "700"
 end
 
 bash "Create SSL Certificates" do
-  cwd "/etc/chef/certificates"
+  cwd "#{node['chef_server']['conf_dir']}/certificates"
   code <<-EOH
   umask 077
   openssl genrsa 2048 > chef-server-proxy.key
   openssl req -subj "#{node['chef_server']['ssl_req']}" -new -x509 -nodes -sha1 -days 3650 -key chef-server-proxy.key > chef-server-proxy.crt
   cat chef-server-proxy.key chef-server-proxy.crt > chef-server-proxy.pem
   EOH
-  not_if { ::File.exists?("/etc/chef/certificates/chef-server-proxy.pem") }
+  not_if { ::File.exists?("#{node['chef_server']['conf_dir']}/certificates/chef-server-proxy.pem") }
 end
 
 web_app "chef-server-proxy" do

chef-server/recipes/nginx-proxy.rb

@@ -25,21 +25,21 @@
   "default" => "root"
 )
 
-directory "/etc/chef/certificates" do
-  owner "chef"
+directory "#{node['chef_server']['conf_dir']}/certificates" do
+  owner node['chef_server']['user']
   group root_group
   mode "700"
 end
 
 bash "Create SSL Certificates" do
-  cwd "/etc/chef/certificates"
+  cwd "#{node['chef_server']['conf_dir']}/certificates"
   code <<-EOH
   umask 077
   openssl genrsa 2048 > chef-server-proxy.key
   openssl req -subj "#{node['chef_server']['ssl_req']}" -new -x509 -nodes -sha1 -days 3650 -key chef-server-proxy.key > chef-server-proxy.crt
   cat chef-server-proxy.key chef-server-proxy.crt > chef-server-proxy.pem
   EOH
-  not_if { ::File.exists?("/etc/chef/certificates/chef-server-proxy.pem") }
+  not_if { ::File.exists?("#{node['chef_server']['conf_dir']}/certificates/chef-server-proxy.pem") }
 end
 
 template "#{node[:nginx][:dir]}/sites-available/chef_server_proxy.conf" do

chef-server/recipes/rabbitmq.rb

@@ -39,17 +39,21 @@ def debian_before_squeeze?
     version '1.7.2-1'
     action :install
   end
+elsif platform?("mac_os_x")
+  package "rabbitmq"
 else
   package "rabbitmq-server"
 end
 
-service "rabbitmq-server" do
-  if platform?("centos","redhat","fedora")
-    start_command "/sbin/service rabbitmq-server start &> /dev/null"
-    stop_command "/sbin/service rabbitmq-server stop &> /dev/null"
+if not platform?("mac_os_x")
+  service "rabbitmq-server" do
+    if platform?("centos","redhat","fedora")
+      start_command "/sbin/service rabbitmq-server start &> /dev/null"
+      stop_command "/sbin/service rabbitmq-server stop &> /dev/null"
+    end
+    supports [ :restart, :status ]
+    action [ :enable, :start ]
   end
-  supports [ :restart, :status ]
-  action [ :enable, :start ]
 end
 
 # add a chef vhost to the queue

chef-server/recipes/rubygems-install.rb

@@ -21,16 +21,10 @@
 # limitations under the License.
 #
 
-root_group = value_for_platform(
-  "openbsd"  => { "default" => "wheel" },
-  "freebsd"  => { "default" => "wheel" },
-  "mac_os_x" => { "default" => "wheel" },
-  "default"  => "root"
-)
-
-user "chef" do
+user node['chef_server']['user'] do
+  action node['chef_server']['manage_user_action']
   system true
-  shell "/bin/sh"
+  shell node['chef_server']['user_shell']
   home node['chef_server']['path']
 end
 
@@ -105,63 +99,68 @@
   node['chef_server']['cache_path'],
   node['chef_server']['backup_path'],
   node['chef_server']['run_path'],
-  "/etc/chef"
+  node['chef_server']['conf_dir'],
 ]
 
+Chef::Log.info chef_dirs.inspect
+
 chef_dirs.each do |dir|
   directory dir do
-    owner "chef"
-    group root_group
+    owner node['chef_server']['user']
+    group node['chef_server']['group']
     mode 0755
   end
 end
 
 %w{ server solr }.each do |cfg|
-  template "/etc/chef/#{cfg}.rb" do
+  template "#{node['chef_server']['conf_dir']}/#{cfg}.rb" do
     source "#{cfg}.rb.erb"
-    owner "chef"
-    group root_group
+    owner node['chef_server']['user']
+    group node['chef_server']['group']
     mode 0600
   end
 
-  link "/etc/chef/webui.rb" do
-    to "/etc/chef/server.rb"
+  link "#{node['chef_server']['conf_dir']}/webui.rb" do
+    to "#{node['chef_server']['conf_dir']}/server.rb"
   end
 
-  link "/etc/chef/expander.rb" do
-    to "/etc/chef/solr.rb"
+  link "#{node['chef_server']['conf_dir']}/expander.rb" do
+    to "#{node['chef_server']['conf_dir']}/solr.rb"
   end
 end
 
 directory node['chef_server']['path'] do
-  owner "chef"
-  group root_group
+  owner node['chef_server']['user']
+  group node['chef_server']['group']
+  #group root_group
   mode 0755
 end
 
 %w{ cache search_index }.each do |dir|
   directory "#{node['chef_server']['path']}/#{dir}" do
-    owner "chef"
-    group root_group
+    owner node['chef_server']['user']
+    group node['chef_server']['group']
+    # group root_group
     mode 0755
   end
 end
 
-directory "/etc/chef/certificates" do
-  owner "chef"
-  group root_group
+directory "#{node['chef_server']['conf_dir']}/certificates" do
+  owner node['chef_server']['user']
+  group node['chef_server']['group']
+  #group root_group
   mode 0700
 end
 
 directory node['chef_server']['run_path'] do
-  owner "chef"
-  group root_group
+  owner node['chef_server']['user']
+  group node['chef_server']['group']
   mode 0755
 end
 
 # install solr
 execute "chef-solr-installer" do
-  command  "chef-solr-installer -c /etc/chef/solr.rb -u chef -g #{root_group}"
+  command  "chef-solr-installer -c #{node['chef_server']['conf_dir']}/solr.rb -u #{node['chef_server']['user']} -g #{node['chef_server']['group']}"
   path %w{ /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin /sbin /bin }
   not_if { ::File.exists?("#{node['chef_server']['path']}/solr/home") }
 end
@@ -189,8 +188,8 @@
 
   directory node['chef_server']['run_path'] do
     action :create
-    owner "chef"
-    group root_group
+    owner node['chef_server']['user']
+    group node['chef_server']['group']
     mode 0755
   end
 
@@ -266,7 +265,9 @@
 
   gem_package "foreman"
 
-  procfiles = [ "/etc/chef/Procfile-chef-backend", "/etc/chef/Procfile-chef-server" ]
+  procfiles = [ "#{node['chef_server']['conf_dir']}/Procfile-chef-backend",
+                "#{node['chef_server']['conf_dir']}/Procfile-chef-server",
+                "#{node['chef_server']['conf_dir']}/setup-chef-server.sh" ]
   procfiles.each do |procfile_path|
     template procfile_path do
       source      "#{File.basename(procfile_path)}.erb"
@@ -276,7 +277,8 @@
   end
 
   msg = "\nLaunch chef server with\n\n"
-  msg << procfiles.map{|pf| "sudo -u chef foreman start -f #{pf}" }.join(" & sleep 2\n")
+  msg << procfiles.map{|pf| "sudo -u #{node['chef_server']['user']} foreman start -f #{pf}" }.join(" & sleep 2\n")
+  msg << "\n(sudo unnecessary if you are #{node['chef_server']['user']})"
   msg << "\n"
   log(msg)
 

chef-server/templates/default/Procfile-chef-server.erb

@@ -1,4 +1,5 @@
-chef_solr:      chef-solr           -c /etc/chef/solr.rb -l info
-chef_expander:  chef-expander       -c /etc/chef/solr.rb -l info -n <%= @chef_server['expander_nodes'] %>
-chef_server:    chef-server         -N -p <%= @chef_server['api_port']   %> -e production -P <%= @chef_server['run_path'] %>/chef-server.%s.pid
-chef_webui:     chef-server-webui   -N -p <%= @chef_server['webui_port'] %> -e production -P <%= @chef_server['run_path'] %>/chef-server-webui.%s.pid
+chef_solr:      chef-solr           -c <%= @chef_server['conf_dir'] %>/solr.rb -l info
+chef_expander:  chef-expander       -c <%= @chef_server['conf_dir'] %>/expander.rb -l info -n <%= @chef_server['expander_nodes'] %>
+chef_server:    chef-server         -N -p <%= @chef_server['api_port']   %> -e production -P <%= @chef_server['run_path'] %>/chef-server.%s.pid -C <%= @chef_server['conf_dir'] %>/server.rb
+chef_webui:     chef-server-webui   -N -p <%= @chef_server['webui_port'] %> -e production -P <%= @chef_server['run_path'] %>/chef-server-webui.%s.pid -C <%= @chef_server['conf_dir'] %>/webui.rb
+

chef-server/templates/default/chef_server.conf.erb

@@ -23,8 +23,8 @@
   CustomLog <%= @params[:log_dir] %>/<%= @params[:name] %>-access.log combined
 
   SSLEngine On
-  SSLCertificateFile /etc/chef/certificates/chef-server-proxy.pem
-  SSLCertificateKeyFile /etc/chef/certificates/chef-server-proxy.pem
+  SSLCertificateFile <%= node['chef_server']['conf_dir'] %>/certificates/chef-server-proxy.pem
+  SSLCertificateKeyFile <%= node['chef_server']['conf_dir'] %>/certificates/chef-server-proxy.pem
 
   RequestHeader set X_FORWARDED_PROTO 'https'
 
@@ -59,8 +59,8 @@
   CustomLog <%= @params[:log_dir] %>/<%= @params[:name] %>-access.log combined
 
   SSLEngine On
-  SSLCertificateFile /etc/chef/certificates/chef-server-proxy.pem
-  SSLCertificateKeyFile /etc/chef/certificates/chef-server-proxy.pem
+  SSLCertificateFile <%= node['chef_server']['conf_dir'] %>/certificates/chef-server-proxy.pem
+  SSLCertificateKeyFile <%= node['chef_server']['conf_dir'] %>/certificates/chef-server-proxy.pem
 
   RequestHeader set X_FORWARDED_PROTO 'https'
 

chef-server/templates/default/chef_server.nginx.conf.erb

@@ -8,8 +8,8 @@ upstream chef_server_webui {
 
 server {
   listen <%= @api_port %> ssl;
-  ssl_certificate /etc/chef/certificates/chef-server-proxy.pem;
-  ssl_certificate_key /etc/chef/certificates/chef-server-proxy.pem;
+  ssl_certificate <%= node['chef_server']['conf_dir'] %>/certificates/chef-server-proxy.pem;
+  ssl_certificate_key <%= node['chef_server']['conf_dir'] %>/certificates/chef-server-proxy.pem;
   server_name <%= @api_server_name %>;
   access_log <%= node[:nginx][:log_dir] %>/chef-server.access.log;
   error_log <%= node[:nginx][:log_dir] %>/chef-server.error.log warn;
@@ -41,8 +41,8 @@ server {
 <% if node['chef_server']['webui_enabled'] -%>
 server {
   listen <%= @webui_port %> ssl;
-  ssl_certificate /etc/chef/certificates/chef-server-proxy.pem;
-  ssl_certificate_key /etc/chef/certificates/chef-server-proxy.pem;
+  ssl_certificate <%= node['chef_server']['conf_dir'] %>/certificates/chef-server-proxy.pem;
+  ssl_certificate_key <%= node['chef_server']['conf_dir'] %>/certificates/chef-server-proxy.pem;
   server_name <%= @webui_server_name %>;
   access_log <%= node[:nginx][:log_dir] %>/chef-server.access.log;
   error_log <%= node[:nginx][:log_dir] %>/chef-server.error.log warn;

chef-server/templates/default/server.rb.erb

@@ -8,16 +8,21 @@ log_location            STDOUT
 chef_server_url         "<%= node['chef_server']['url'] %>"
 
 file_cache_path         "<%= node['chef_server']['cache_path'] %>"
+file_backup_path        "<%= node['chef_server']['backup_path'] %>"
 sandbox_path            "<%= node['chef_server']['cache_path'] %>/sandboxes"
 checksum_path           "<%= node['chef_server']['path'] %>/cookbook_index"
 node_path               "<%= node['chef_server']['path'] %>/node"
 cookbook_tarball_path   "<%= node['chef_server']['path']%>/cookbook-tarballs"
 
 validation_client_name  "<%= node['chef_server']['validation_client_name'] %>"
+validation_key          "<%= node['chef_server']['conf_dir'] %>/validation.pem"
+
 
 <% if node['chef_server']['webui_enabled'] -%>
-web_ui_admin_user_name  "admin"
+  web_ui_key              "<%= node['chef_server']['conf_dir'] %>/webui.pem"
+  web_ui_admin_user_name  "admin"
 <% end -%>
+
 supportdir = "<%= node['chef_server']['path'] %>"
 solr_jetty_path File.join(supportdir, "solr", "jetty")
 solr_data_path  File.join(supportdir, "solr", "data")
@@ -30,7 +35,7 @@ amqp_pass               "testing"
 umask <%= node['chef_server']['umask'] %>
 
 ssl_verify_mode         :verify_none
-signing_ca_cert         "/etc/chef/certificates/cert.pem"
-signing_ca_key          "/etc/chef/certificates/key.pem"
-signing_ca_user         "chef"
-signing_ca_group        "chef"
+signing_ca_cert         "<%= node['chef_server']['conf_dir'] %>/certificates/cert.pem"
+signing_ca_key          "<%= node['chef_server']['conf_dir'] %>/certificates/key.pem"
+signing_ca_user         "<%= node['chef_server']['user'] %>"
+signing_ca_group        "<%= node['chef_server']['group'] %>"