Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

add more cookbooks, clean up nginx

  • Loading branch information...
commit 5188996c13253bece4cc362ef20ce8ebce6b9c0e 1 parent ebef0cb
@jsierles authored
Showing with 989 additions and 163 deletions.
  1. +6 −0 chef/attributes/client.rb
  2. +4 −0 chef/attributes/server.rb
  3. +265 −0 chef/files/default/chef-api
  4. +12 −0 chef/metadata.rb
  5. +39 −0 chef/recipes/client.rb
  6. +16 −0 chef/recipes/rabbitmq.rb
  7. +119 −0 chef/recipes/server.rb
  8. +47 −0 chef/templates/default/chef-server-api-init.rb.erb
  9. +31 −0 chef/templates/default/chef-server-init.rb.erb
  10. +63 −0 chef/templates/default/chef-server-vhost.conf.erb
  11. +52 −0 chef/templates/default/chef-server-webui-init.rb.erb
  12. +5 −0 chef/templates/default/chef-solr-indexer-run.erb
  13. +11 −0 chef/templates/default/client.rb.erb
  14. +17 −0 chef/templates/default/config.ru.erb
  15. +7 −0 chef/templates/default/htpasswd.erb
  16. +52 −0 chef/templates/default/init.rb.erb
  17. +9 −0 chef/templates/default/merb-production.rb.erb
  18. +2 −0  chef/templates/default/port_chef.erb
  19. +2 −0  chef/templates/default/port_couchdb.erb
  20. +43 −0 chef/templates/default/server.rb.erb
  21. +2 −0  chef/templates/default/sv-chef-client-log-run.erb
  22. +4 −0 chef/templates/default/sv-chef-client-run.erb
  23. +3 −0  chef/templates/default/sv-chef-indexer-log-run.erb
  24. +3 −0  chef/templates/default/sv-chef-indexer-run.erb
  25. +2 −0  chef/templates/default/sv-chef-server-log-run.erb
  26. +4 −0 chef/templates/default/sv-chef-server-run.erb
  27. +2 −0  chef/templates/default/sv-chef-solr-indexer-log-run.erb
  28. +4 −0 chef/templates/default/sv-chef-solr-indexer-run.erb
  29. +2 −0  chef/templates/default/sv-chef-solr-log-run.erb
  30. +4 −0 chef/templates/default/sv-chef-solr-run.erb
  31. +3 −0  chef/templates/default/sv-stompserver-log-run.erb
  32. +3 −0  chef/templates/default/sv-stompserver-run.erb
  33. +6 −0 chef/templates/default/unicorn.conf.erb
  34. +4 −0 couchdb/attributes/couchdb.rb
  35. +4 −0 couchdb/metadata.rb
  36. +15 −0 couchdb/recipes/default.rb
  37. +19 −0 couchdb/templates/default/local.ini.erb
  38. +0 −86 nagios/files/default/plugins/check_mogilefs_bored_workers.rb
  39. +1 −54 nginx/recipes/default.rb
  40. +0 −23 nginx/recipes/proxy_frontend.rb
  41. +6 −0 openssl/attributes/default.rb
  42. +37 −0 openssl/definitions/ssl_cert.rb
  43. +4 −0 openssl/metadata.rb
  44. +28 −0 openssl/recipes/default.rb
  45. +12 −0 openssl/templates/default/cert-request.txt.erb
  46. +9 −0 rabbitmq/metadata.rb
  47. +6 −0 rabbitmq/recipes/default.rb
View
6 chef/attributes/client.rb
@@ -0,0 +1,6 @@
+default.chef[:client_version] = "0.10.8"
+default.chef[:client_path] = `which chef-client`.chomp
+default.chef[:client_interval] = "300"
+default.chef[:client_splay] = "20"
+default.chef[:client_log] = "/var/log/chef/client.log"
+default.chef[:client_enable] = false
View
4 chef/attributes/server.rb
@@ -0,0 +1,4 @@
+default.chef[:server_version] = "0.10.8"
+default.chef[:server_path] = "#{languages[:ruby][:gems_dir]}/gems/chef-server-#{chef[:server_version]}"
+default.chef[:server_api_path] = "#{languages[:ruby][:gems_dir]}/gems/chef-server-api-#{chef[:server_version]}"
+default.chef[:server_webui_path] = "#{languages[:ruby][:gems_dir]}/gems/chef-server-webui-#{chef[:server_version]}"
View
265 chef/files/default/chef-api
@@ -0,0 +1,265 @@
+#!/usr/bin/env ruby
+
+require 'rubygems'
+require 'thor'
+require 'chef'
+require 'chef/node'
+require 'chef/rest'
+
+# Please see the readme for overview documentation.
+#
+class JsonPrinter
+ attr_reader :buf, :indent
+
+ # ==== Arguments
+ # obj<Object>::
+ # The object to be rendered into JSON. This object and all of its
+ # associated objects must be either nil, true, false, a String, a Symbol,
+ # a Numeric, an Array, or a Hash.
+ #
+ # ==== Returns
+ # <String>::
+ # The pretty-printed JSON ecoding of the given <i>obj</i>. This string
+ # can be parsed by any compliant JSON parser without modification.
+ #
+ # ==== Examples
+ # See <tt>JsonPrinter</tt> docs.
+ #
+ def self.render(obj)
+ new(obj).buf
+ end
+
+
+ private
+
+ # Execute the JSON rendering of <i>obj</i>, storing the result in the
+ # <tt>buf</tt>.
+ #
+ def initialize(obj)
+ @buf = ""
+ @indent = ""
+ render(obj)
+ end
+
+ # Increase the indentation level.
+ #
+ def indent_out
+ @indent << " "
+ end
+
+ # Decrease the indendation level.
+ #
+ def indent_in
+ @indent.slice!(-1, 1)
+ end
+
+ # Append the given <i>str</i> to the <tt>buf</tt>.
+ #
+ def print(str)
+ @buf << str
+ end
+
+ # Recursive rendering method. Primitive values, like nil, true, false,
+ # numbers, symbols, and strings are converted to JSON and appended to the
+ # buffer. Enumerables are treated specially to generate pretty whitespace.
+ #
+ def render(obj)
+ # We can't use a case statement here becuase "when Hash" doesn't work for
+ # ActiveSupport::OrderedHash - respond_to?(:values) is a more reliable
+ # indicator of hash-like behavior.
+ if NilClass === obj
+ print("null")
+
+ elsif TrueClass === obj
+ print("true")
+
+ elsif FalseClass === obj
+ print("false")
+
+ elsif String === obj
+ print(escape_json_string(obj))
+
+ elsif Symbol === obj
+ print("\"#{obj}\"")
+
+ elsif Numeric === obj
+ print(obj.to_s)
+
+ elsif Time === obj
+ print(obj.to_s)
+
+ elsif obj.respond_to?(:keys)
+ print("{")
+ indent_out
+ last_key = obj.keys.last
+ obj.each do |(key, val)|
+ render(key)
+ case val
+ when Hash, Array
+ indent_out
+ print(":\n#{indent}")
+ render(val)
+ indent_in
+ else
+ print(": ")
+ render(val)
+ end
+ print(",\n#{indent}") unless key == last_key
+ end
+ indent_in
+ print("}")
+
+ elsif Array === obj
+ print("[")
+ indent_out
+ last_index = obj.size - 1
+ obj.each_with_index do |elem, index|
+ render(elem)
+ print(",\n#{indent}") unless index == last_index
+ end
+ indent_in
+ print("]")
+
+ else
+ raise "unrenderable object: #{obj.inspect}"
+ end
+ end
+
+ # Special JSON character escape cases.
+ ESCAPED_CHARS = {
+ "\010" => '\b',
+ "\f" => '\f',
+ "\n" => '\n',
+ "\r" => '\r',
+ "\t" => '\t',
+ '"' => '\"',
+ '\\' => '\\\\',
+ '>' => '\u003E',
+ '<' => '\u003C',
+ '&' => '\u0026'}
+
+ # String#to_json extracted from ActiveSupport, using interpolation for speed.
+ #
+ def escape_json_string(str)
+ "\"#{
+ str.gsub(/[\010\f\n\r\t"\\><&]/) { |s| ESCAPED_CHARS[s] }.
+ gsub(/([\xC0-\xDF][\x80-\xBF]|
+ [\xE0-\xEF][\x80-\xBF]{2}|
+ [\xF0-\xF7][\x80-\xBF]{3})+/nx) do |s|
+ s.unpack("U*").pack("n*").unpack("H*")[0].gsub(/.{4}/, '\\\\u\&')
+ end
+ }\""
+ end
+end
+
+Chef::Config.from_file("/etc/chef/server.rb")
+
+API_USERNAME=ENV['CHEF_USERNAME']
+API_PASSWORD=ENV['CHEF_PASSWORD']
+
+raise StandardError, "Please set CHEF_USERNAME and CHEF_PASSWORD" unless ENV['CHEF_USERNAME'] && ENV['CHEF_PASSWORD']
+
+class Knife < Thor
+
+ desc "register", "Register an openid for an API user"
+ method_options :username => :required, :password => :required
+ def register
+ @rest = Chef::REST.new(Chef::Config[:registration_url])
+ @rest.register(options[:username], options[:password])
+ end
+
+
+ desc "add_recipe", "Add a recipe to a node"
+ method_options :recipe => :required, :after => :optional, :node => :required
+ def add_recipe
+ authenticate
+ node = @rest.get_rest("nodes/#{expand_node(options[:node])}")
+ node.recipes << options[:recipe] if !node.recipes.include?(options[:recipe])
+ @rest.put_rest("nodes/#{expand_node(options[:node])}", node)
+ list_recipes
+ end
+
+ desc "remove_recipe", "Remove a recipe from a node"
+ method_options :recipe => :required, :node => :required
+ def remove_recipe
+ authenticate
+ node = @rest.get_rest("nodes/#{expand_node(options[:node])}")
+ node.recipes.delete(options[:recipe]) if node.recipes.include?(options[:recipe])
+ @rest.put_rest("nodes/#{expand_node(options[:node])}", node)
+ list_recipes
+ end
+
+ desc "show_attr", "Display a node attribute"
+ method_options :node => :required, :attr => :required
+ def show_attr
+ authenticate
+ node = @rest.get_rest("nodes/#{expand_node(options[:node])}")
+ puts JsonPrinter.render(node[options[:attr]])
+ end
+
+ desc "edit_attr", "Display a node attribute"
+ method_options :node => :required, :attr => :required
+ def edit_attr
+ editor = ENV['EDITOR'] || "vi"
+ puts "Authenticating..."
+ authenticate
+ puts "Fetching node data for #{expand_node(options[:node])}..."
+ node = @rest.get_rest("nodes/#{expand_node(options[:node])}")
+ filename = "/tmp/.chef-#{node[:hostname]}"
+ File.open(filename, "w") {|f| f.write(JsonPrinter.render(node[options[:attr]])) }
+ system("#{editor} #{filename}") or raise StandardError, "Error communicating with #{editor}"
+ node[options[:attr]] = JSON.parse(File.read(filename))
+ puts "Storing node data for #{expand_node(options[:node])}..."
+ begin
+ retries = 5
+ @rest.put_rest("nodes/#{expand_node(options[:node])}", node)
+ rescue Net::HTTPFatalError
+ retry if (retries -= 1) > 0
+ end
+ puts "Done."
+ end
+
+ desc "list_recipes", "List a node's recipes"
+ method_options :node => :required
+ def list_recipes
+ authenticate
+ node = @rest.get_rest("nodes/#{expand_node(options[:node])}")
+ puts node.recipes.inspect
+ end
+
+ desc "delete_node", "Delete a node"
+ method_options :node => :required
+ def delete_node
+ authenticate
+ node = @rest.delete_rest("nodes/#{expand_node(options[:node])}")
+ end
+
+ desc "list_nodes", "Display chef nodes"
+ method_options :role => :optional, :cap => :boolean, :attribute => :optional
+
+ def list_nodes
+ authenticate
+ nodes = @rest.get_rest("search/node/entries?a=ipaddress,hostname")
+ attribute = options[:attribute] || nil
+ if options[:cap]
+ hostnames = nodes.collect {|n| "\"#{n[:hostname]}\"" }
+ puts "role :all, #{hostnames.join(", ")}"
+ else
+ puts "#{nodes.size} hosts"
+ nodes.each do |n|
+ puts "#{n[:ipaddress]} #{n[:hostname]} #{attribute ? attribute+":"+n[attribute.to_sym].inspect : ""}"
+ end
+ end
+ end
+
+ def authenticate
+ @rest = Chef::REST.new(Chef::Config[:registration_url])
+ @rest.authenticate(API_USERNAME, API_PASSWORD)
+ end
+end
+
+ def expand_node(name)
+ name + "_" + (ENV['CHEF_DOMAIN'] || `hostname -d`.chomp.gsub(".", "_"))
+ end
+
+Knife.start
View
12 chef/metadata.rb
@@ -0,0 +1,12 @@
+maintainer "Joshua Sierles"
+maintainer_email "joshua@diluvia.net"
+description "Configures chef"
+version "0.8"
+depends "logrotate"
+depends "apache2"
+depends "openssl"
+depends "couchdb"
+depends "unicorn"
+depends "ssl_certificates"
+depends "rabbitmq"
+depends "bluepill"
View
39 chef/recipes/client.rb
@@ -0,0 +1,39 @@
+include_recipe "logrotate"
+
+gem_package "chef" do
+ action :install
+ version node[:chef][:client_version]
+end
+
+template "/etc/chef/client.rb" do
+ mode 0644
+ source "client.rb.erb"
+ action :create
+end
+
+directory "/var/log/chef"
+
+logrotate "chef-client" do
+ rotate_count 5
+ files "/var/log/chef/*.log"
+end
+
+execute "Register client node with chef server" do
+ command "#{node[:chef][:client_path]} -t \`cat /etc/chef/validation_token\`"
+
+ only_if { File.exists?("/etc/chef/validation_token") }
+ not_if { File.exists?("/var/chef/cache/registration") }
+end
+
+execute "Remove the validation token" do
+ command "rm /etc/chef/validation_token"
+ only_if { File.exists? "/etc/chef/validation_token" }
+end
+
+if node[:chef][:client_enable]
+ runit_service "chef-client"
+
+ service "chef-client" do
+ action :enable
+ end
+end
View
16 chef/recipes/rabbitmq.rb
@@ -0,0 +1,16 @@
+include_recipe "rabbitmq"
+
+execute "rabbitmqctl add_vhost /chef" do
+ not_if "rabbitmqctl list_vhosts| grep /chef"
+end
+
+# create chef user
+execute "rabbitmqctl add_user chef testing" do
+ not_if "rabbitmqctl list_users |grep chef"
+end
+
+# grant the mapper user the ability to do anything with the /nanite vhost
+# the three regex's map to config, write, read permissions respectively
+execute 'rabbitmqctl set_permissions -p /chef chef ".*" ".*" ".*"' do
+ not_if 'rabbitmqctl list_user_permissions mapper|grep /nanite'
+end
View
119 chef/recipes/server.rb
@@ -0,0 +1,119 @@
+package "zlib1g-dev"
+package "libxml2-dev"
+package "sqlite3"
+package "libsqlite3-dev"
+
+include_recipe "chef::rabbitmq"
+include_recipe "openssl"
+include_recipe "bluepill"
+require_recipe "nginx"
+require_recipe "couchdb"
+require_recipe "unicorn"
+
+package "openjdk-6-jre"
+
+%w(chef-server chef-server-api chef-solr).each do |name|
+ gem_package name do
+ version node[:chef][:server_version]
+ end
+end
+
+user "chef" do
+ comment "Chef user"
+ gid "admin"
+ uid 8000
+ home "/var/chef"
+ shell "/bin/bash"
+end
+
+%w(/var/chef /etc/chef /var/log/chef /var/chef/openid /var/chef/ca /var/chef/cache /var/chef/pids /var/chef/sockets /var/chef/cookbooks
+ /var/chef/site-cookbooks /var/chef/cookbook-tarballs /var/chef/sandboxes /var/chef/checksums).each do |dir|
+ directory dir do
+ owner "chef"
+ group "admin"
+ mode 0775
+ end
+end
+
+directory "/etc/chef/certificates" do
+ owner "root"
+ group "root"
+ mode "700"
+end
+
+bluepill_service "chef-solr"
+bluepill_service "chef-solr-indexer"
+
+template "/etc/chef/server.rb" do
+ owner "chef"
+ group "admin"
+ mode 0664
+ source "server.rb.erb"
+ action :create
+end
+
+template "/etc/chef/client.rb" do
+ owner "chef"
+ group "admin"
+ mode 0664
+ source "client.rb.erb"
+ action :create
+end
+
+%w(chef-server-api chef-server-webui).each do |app|
+ unicorn_conf = "/etc/chef/#{app}.unicorn.conf.rb"
+ directory "/var/chef/#{app}"
+
+ template unicorn_conf do
+ source 'unicorn.conf.erb'
+ variables :worker_count => 2,
+ :socket_path => "/var/chef/sockets/#{app}.sock",
+ :pid_path => "/var/chef/pids/#{app}.pid"
+ owner "chef"
+ group "admin"
+ end
+ # unicorn setup
+
+ bluepill_monitor app do
+ cookbook 'unicorn'
+ source "bluepill.conf.erb"
+ env 'production'
+ app_root "/var/chef"
+ preload false
+ interval 30
+ user "chef"
+ group "admin"
+ memory_limit 250 # megabytes
+ cpu_limit 50 # percent
+ rack_config_path "#{node[:languages][:ruby][:gems_dir]}/gems/#{app}-#{node[:chef][:server_version]}/config.ru"
+ pid_path "/var/chef/pids/#{app}.pid"
+ unicorn_log_path "/var/log/chef/unicorn.log"
+ unicorn_config_path unicorn_conf
+ end
+end
+
+template "/etc/chef/server-vhost.conf" do
+ source 'chef-server-vhost.conf.erb'
+ action :create
+ owner "root"
+ group "www-data"
+ 0664
+ notifies :restart, resources(:service => "nginx")
+end
+
+ssl_cert "/etc/chef/certificates" do
+ fqdn "chef.#{node[:domain]}"
+end
+
+# install the wildcard cert for this domain
+ssl_certificate "*.#{node[:domain]}"
+
+nginx_site "chef-server" do
+ config_path "/etc/chef/server-vhost.conf"
+end
+
+cron "compact chef couchDB" do
+ command "curl -X POST http://localhost:5984/chef/_compact >> /var/log/cron.log 2>&1"
+ hour "5"
+ minute "0"
+end
View
47 chef/templates/default/chef-server-api-init.rb.erb
@@ -0,0 +1,47 @@
+#
+# ==== Standalone Chefserver configuration
+#
+# This configuration/environment file is only loaded by bin/slice, which can be
+# used during development of the slice. It has no effect on this slice being
+# loaded in a host application. To run your slice in standalone mode, just
+# run 'slice' from its directory. The 'slice' command is very similar to
+# the 'merb' command, and takes all the same options, including -i to drop
+# into an irb session for example.
+#
+# The usual Merb configuration directives and init.rb setup methods apply,
+# including use_orm and before_app_loads/after_app_loads.
+#
+# If you need need different configurations for different environments you can
+# even create the specific environment file in config/environments/ just like
+# in a regular Merb application.
+#
+# In fact, a slice is no different from a normal # Merb application - it only
+# differs by the fact that seamlessly integrates into a so called 'host'
+# application, which in turn can override or finetune the slice implementation
+# code and views.
+#
+
+$: << File.join(File.dirname(__FILE__), "..", "..", "chef", "lib")
+require 'chef'
+
+merb_gems_version = " > 1.0"
+dependency "merb-assets", merb_gems_version
+dependency "merb-helpers", merb_gems_version
+dependency "chef", :immediate=>true unless defined?(Chef)
+
+Chef::Config.from_file("/etc/chef/server.rb")
+
+require 'rubygems'
+
+Merb::Config.use do |c|
+ c[:session_id_key] = '_chef_server_session_id'
+ c[:session_secret_key] = Chef::Config.manage_secret_key
+ c[:session_store] = 'cookie'
+ c[:exception_details] = true
+ c[:reload_classes] = true
+ c[:log_level] = Chef::Config[:log_level]
+ if Chef::Config[:log_location].kind_of?(String)
+ c[:log_file] = Chef::Config[:log_location]
+ end
+end
+
View
31 chef/templates/default/chef-server-init.rb.erb
@@ -0,0 +1,31 @@
+# Go to http://wiki.merbivore.com/pages/init-rb
+
+require 'config/dependencies.rb'
+unless defined?(Chef)
+ gem "chef", "=" + CHEF_SERVER_VERSION if CHEF_SERVER_VERSION
+ require 'chef'
+end
+
+Chef::Config.from_file("/etc/chef/server.rb")
+
+File.umask Chef::Config[:umask]
+
+use_test :rspec
+use_template_engine :haml
+
+Merb::Config.use do |c|
+ c[:use_mutex] = false
+ c[:fork_for_class_load] = false
+ c[:log_level] = Chef::Config[:log_level]
+ if Chef::Config[:log_location].kind_of?(String)
+ c[:log_file] = Chef::Config[:log_location]
+ end
+end
+
+Merb::BootLoader.before_app_loads do
+ # This will get executed after dependencies have been loaded but before your app's classes have loaded.
+end
+
+Merb::BootLoader.after_app_loads do
+ # This will get executed after your app's classes have been loaded. OpenID::Util.logger = Merb.logger
+end
View
63 chef/templates/default/chef-server-vhost.conf.erb
@@ -0,0 +1,63 @@
+upstream chef_server {
+ server unix:/var/chef/sockets/chef-server-api.sock;
+}
+
+server {
+ listen 443;
+ server_name chef.<%= @node[:domain] %> chef;
+ root <%= @node[:chef][:server_api_path]%>/public;
+
+ ssl on;
+ ssl_protocols SSLv3 TLSv1;
+ ssl_ciphers ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP;
+
+ ssl_certificate /etc/chef/certificates/chef.<%= @node[:domain] %>.crt;
+ ssl_certificate_key /etc/chef/certificates/chef.<%= @node[:domain] %>.key;
+
+ include /etc/nginx/helpers/headers.conf;
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-Proto https;
+
+ location / {
+ if (-f $request_filename) {
+ break;
+ }
+
+ if (!-f $request_filename) {
+ proxy_pass http://chef_server;
+ break;
+ }
+ }
+}
+
+upstream chef_webui {
+ server unix:/var/chef/sockets/chef-server-webui.sock;
+}
+
+server {
+ listen 444;
+ server_name chefui.<%= @node[:domain] %> chefui;
+ root <%= @node[:chef][:server_webui_path]%>/public;
+
+ ssl on;
+ ssl_protocols SSLv3 TLSv1;
+ ssl_ciphers ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP;
+
+ ssl_certificate /etc/chef/certificates/chef.<%= @node[:domain] %>.crt;
+ ssl_certificate_key /etc/chef/certificates/chef.<%= @node[:domain] %>.key;
+
+ include /etc/nginx/helpers/headers.conf;
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-Proto https;
+
+ location / {
+ if (-f $request_filename) {
+ break;
+ }
+
+ if (!-f $request_filename) {
+ proxy_pass http://chef_webui;
+ break;
+ }
+ }
+}
View
52 chef/templates/default/chef-server-webui-init.rb.erb
@@ -0,0 +1,52 @@
+#
+# ==== Standalone Chefserver configuration
+#
+# This configuration/environment file is only loaded by bin/slice, which can be
+# used during development of the slice. It has no effect on this slice being
+# loaded in a host application. To run your slice in standalone mode, just
+# run 'slice' from its directory. The 'slice' command is very similar to
+# the 'merb' command, and takes all the same options, including -i to drop
+# into an irb session for example.
+#
+# The usual Merb configuration directives and init.rb setup methods apply,
+# including use_orm and before_app_loads/after_app_loads.
+#
+# If you need need different configurations for different environments you can
+# even create the specific environment file in config/environments/ just like
+# in a regular Merb application.
+#
+# In fact, a slice is no different from a normal # Merb application - it only
+# differs by the fact that seamlessly integrates into a so called 'host'
+# application, which in turn can override or finetune the slice implementation
+# code and views.
+#
+
+$: << File.join(File.dirname(__FILE__), "..", "..", "chef", "lib")
+require 'chef'
+
+merb_gems_version = " > 1.0"
+dependency "merb-haml", merb_gems_version
+dependency "merb-assets", merb_gems_version
+dependency "merb-helpers", merb_gems_version
+dependency "chef", :immediate=>true unless defined?(Chef)
+
+use_template_engine :haml
+
+Chef::Config.from_file("/etc/chef/server.rb")
+
+Merb::Config.use do |c|
+ # BUGBUG [cb] For some reason, this next line
+ # causes a merb slice to vomit around openid
+ #c[:fork_for_class_load] = false
+ c[:session_id_key] = '_chef_server_session_id'
+ c[:session_secret_key] = Chef::Config.manage_secret_key
+ c[:session_store] = 'cookie'
+ c[:exception_details] = true
+ c[:reload_classes] = true
+ c[:log_level] = Chef::Config[:log_level]
+ if Chef::Config[:log_location].kind_of?(String)
+ c[:log_file] = Chef::Config[:log_location]
+ end
+end
+
+# make sure to load the chef server config when using config.ru
View
5 chef/templates/default/chef-solr-indexer-run.erb
@@ -0,0 +1,5 @@
+#!/bin/sh
+PATH=/usr/local/bin:/usr/local/sbin:/bin:/sbin:/usr/bin:/usr/sbin<% if @node[:languages][:ruby][:gems_dir] %>:<%= @node[:languages][:ruby][:gems_dir] %>/bin<% end -%>
+exec 2>&1
+exec /usr/bin/env chef-solr-indexer
+
View
11 chef/templates/default/client.rb.erb
@@ -0,0 +1,11 @@
+#
+# Chef Server Config File
+#
+# Dynamically generated by Chef - local modifications will be replaced
+#
+
+log_level :info
+ssl_verify_mode :verify_none
+chef_server_url "https://chef.<%= @node[:domain]%>"
+
+Chef::Log::Formatter.show_time = false
View
17 chef/templates/default/config.ru.erb
@@ -0,0 +1,17 @@
+require 'rubygems'
+require 'merb-core'
+
+Merb::Config.setup(:merb_root => File.expand_path(File.dirname(__FILE__)),
+ :environment => ENV['RACK_ENV'], :init_file => File.dirname(__FILE__) / "config/init.rb")
+Merb.environment = "production" #Merb::Config[:environment]
+Merb.root = Merb::Config[:merb_root]
+Merb::BootLoader.run
+
+# Uncomment if your app is mounted at a suburi
+#if prefix = ::Merb::Config[:path_prefix]
+# use Merb::Rack::PathPrefix, prefix
+#end
+
+Chef::Config.from_file(File.join("/etc", "chef", "server.rb"))
+
+run Merb::Rack::Application.new
View
7 chef/templates/default/htpasswd.erb
@@ -0,0 +1,7 @@
+<% if !@entries.empty? %>
+ <% @entries.each do |entry| %>
+<% next if !user_is_in_role?(entry[:username]) %>
+# <%= entry[:comment] || entry[:username] %>
+<%=entry[:username] %>:<%=entry[:password]%>
+<% end %>
+<% end %>
View
52 chef/templates/default/init.rb.erb
@@ -0,0 +1,52 @@
+#
+# ==== Standalone Chefserver configuration
+#
+# This configuration/environment file is only loaded by bin/slice, which can be
+# used during development of the slice. It has no effect on this slice being
+# loaded in a host application. To run your slice in standalone mode, just
+# run 'slice' from its directory. The 'slice' command is very similar to
+# the 'merb' command, and takes all the same options, including -i to drop
+# into an irb session for example.
+#
+# The usual Merb configuration directives and init.rb setup methods apply,
+# including use_orm and before_app_loads/after_app_loads.
+#
+# If you need need different configurations for different environments you can
+# even create the specific environment file in config/environments/ just like
+# in a regular Merb application.
+#
+# In fact, a slice is no different from a normal # Merb application - it only
+# differs by the fact that seamlessly integrates into a so called 'host'
+# application, which in turn can override or finetune the slice implementation
+# code and views.
+#
+
+$: << File.join(File.dirname(__FILE__), "..", "..", "chef", "lib")
+require 'chef'
+
+merb_gems_version = " > 1.0"
+dependency "merb-haml", merb_gems_version
+dependency "merb-assets", merb_gems_version
+dependency "merb-helpers", merb_gems_version
+dependency "chef", :immediate=>true unless defined?(Chef)
+
+use_template_engine :haml
+
+Merb::Config.use do |c|
+ # BUGBUG [cb] For some reason, this next line
+ # causes a merb slice to vomit around openid
+ #c[:fork_for_class_load] = false
+ c[:session_id_key] = '_chef_server_session_id'
+ c[:session_secret_key] = Chef::Config.manage_secret_key
+ c[:session_store] = 'cookie'
+ c[:exception_details] = true
+ c[:reload_classes] = true
+ c[:log_level] = Chef::Config[:log_level]
+ if Chef::Config[:log_location].kind_of?(String)
+ c[:log_file] = Chef::Config[:log_location]
+ end
+end
+
+# make sure to load the chef server config when using config.ru
+
+Chef::Config.from_file("/etc/chef/server.rb")
View
9 chef/templates/default/merb-production.rb.erb
@@ -0,0 +1,9 @@
+Merb.logger.info("Loaded PRODUCTION Environment...")
+Merb::Config.use { |c|
+ c[:exception_details] = false
+ c[:reload_classes] = false
+ c[:log_level] = :info
+ c[:log_file] = "/var/log/chef/server.log"
+ # or redirect logger using IO handle
+ # c[:log_stream] = Chef::Config.log_location
+}
View
2  chef/templates/default/port_chef.erb
@@ -0,0 +1,2 @@
+# Chef-server
+-A FWR -p tcp -m tcp --dport 4000:4001 -j ACCEPT
View
2  chef/templates/default/port_couchdb.erb
@@ -0,0 +1,2 @@
+# CouchDB
+-A FWR -p tcp -m tcp --dport 5984 -j ACCEPT
View
43 chef/templates/default/server.rb.erb
@@ -0,0 +1,43 @@
+#
+# Chef Server Config File
+#
+# Dynamically generated by Chef - local modifications will be replaced
+
+log_level :info
+log_location "/var/log/chef/server.log"
+# log to stdout since file logging seems to be busted
+verbose_logging true
+
+ssl_verify_mode :verify_none
+chef_server_url "https://chef.<%= @node[:domain]%>"
+
+signing_ca_path "/var/chef/ca"
+couchdb_database 'chef'
+
+cookbook_path [ "/var/chef/cookbooks", "/var/chef/site-cookbooks" ]
+
+file_cache_path "/var/chef/cache"
+node_path "/var/chef/nodes"
+openid_store_path "/var/chef/openid/store"
+openid_cstore_path "/var/chef/openid/cstore"
+search_index_path "/var/chef/search_index"
+role_path "/var/chef/roles"
+
+validation_client_name "chef-validator"
+validation_key "/etc/chef/validation.pem"
+client_key "/etc/chef/client.pem"
+web_ui_client_name "chef-webui"
+web_ui_key "/etc/chef/webui.pem"
+
+web_ui_admin_user_name "admin"
+web_ui_admin_default_password "<%= @node[:chef][:webui_default_password] %>"
+
+supportdir = "/var/chef/support"
+solr_jetty_path File.join(supportdir, "solr", "jetty")
+solr_data_path File.join(supportdir, "solr", "data")
+solr_home_path File.join(supportdir, "solr", "home")
+solr_heap_size "256M"
+
+umask 18
+
+Mixlib::Log::Formatter.show_time = false
View
2  chef/templates/default/sv-chef-client-log-run.erb
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec svlogd -tt ./main
View
4 chef/templates/default/sv-chef-client-run.erb
@@ -0,0 +1,4 @@
+#!/bin/sh
+PATH=/usr/local/bin:/usr/local/sbin:/bin:/sbin:/usr/bin:/usr/sbin<% if @node[:languages][:ruby][:gems_dir] %>:<%= @node[:languages][:ruby][:gems_dir] %>/bin<% end -%>
+exec 2>&1
+exec /usr/bin/env chef-client -i <%= @node[:chef][:client_interval] %> -s <%= @node[:chef][:client_splay] %> <% if @node[:chef][:client_log] != "STDOUT" then -%>-L <%= @node[:chef][:client_log] %><% end -%>
View
3  chef/templates/default/sv-chef-indexer-log-run.erb
@@ -0,0 +1,3 @@
+#!/bin/sh
+exec svlogd -tt ./main
+
View
3  chef/templates/default/sv-chef-indexer-run.erb
@@ -0,0 +1,3 @@
+#!/bin/sh
+exec 2>&1
+exec chpst -u chef -U chef <%= `which chef-indexer`.chomp %>
View
2  chef/templates/default/sv-chef-server-log-run.erb
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec svlogd -tt ./main
View
4 chef/templates/default/sv-chef-server-run.erb
@@ -0,0 +1,4 @@
+#!/bin/sh
+PATH=/usr/local/bin:/usr/local/sbin:/bin:/sbin:/usr/bin:/usr/sbin<% if @node[:languages][:ruby][:gems_dir] %>:<%= @node[:languages][:ruby][:gems_dir] %>/bin<% end -%>
+exec 2>&1
+exec /usr/bin/env chef-server -N -p<%= @node[:bootstrap][:chef][:server_port] %> -P <%= @node[:bootstrap][:chef][:run_path] %>/server.%s.pid
View
2  chef/templates/default/sv-chef-solr-indexer-log-run.erb
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec svlogd -tt ./main
View
4 chef/templates/default/sv-chef-solr-indexer-run.erb
@@ -0,0 +1,4 @@
+#!/bin/sh
+PATH=/usr/local/bin:/usr/local/sbin:/bin:/sbin:/usr/bin:/usr/sbin<% if @node[:languages][:ruby][:gems_dir] %>:<%= @node[:languages][:ruby][:gems_dir] %>/bin<% end -%>
+exec 2>&1
+exec /usr/bin/env chef-solr-indexer
View
2  chef/templates/default/sv-chef-solr-log-run.erb
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec svlogd -tt ./main
View
4 chef/templates/default/sv-chef-solr-run.erb
@@ -0,0 +1,4 @@
+#!/bin/sh
+PATH=/usr/local/bin:/usr/local/sbin:/bin:/sbin:/usr/bin:/usr/sbin<% if @node[:languages][:ruby][:gems_dir] %>:<%= @node[:languages][:ruby][:gems_dir] %>/bin<% end -%>
+exec 2>&1
+exec /usr/bin/env chef-solr
View
3  chef/templates/default/sv-stompserver-log-run.erb
@@ -0,0 +1,3 @@
+#!/bin/sh
+exec svlogd -tt ./main
+
View
3  chef/templates/default/sv-stompserver-run.erb
@@ -0,0 +1,3 @@
+#!/bin/sh
+exec 2>&1
+exec chpst -U chef <%= `which stompserver`.chomp %>
View
6 chef/templates/default/unicorn.conf.erb
@@ -0,0 +1,6 @@
+worker_processes <%= @worker_count %>
+listen '<%= @socket_path %>', :backlog => 2048
+timeout 120
+pid "<%= @pid_path %>"
+stdout_path "/var/log/chef/unicorn.log"
+stderr_path "/var/log/chef/unicorn.log"
View
4 couchdb/attributes/couchdb.rb
@@ -0,0 +1,4 @@
+default.couchdb[:version] = "0.10.0-1ubuntu2"
+default.couchdb[:max_document_size] = "4294967296"
+default.couchdb[:port] = "5984"
+default.couchdb[:bind_address] = "127.0.0.1"
View
4 couchdb/metadata.rb
@@ -0,0 +1,4 @@
+maintainer "Joshua Sierles"
+maintainer_email "joshua@diluvia.net"
+description "Configures couchdb"
+version "0.1"
View
15 couchdb/recipes/default.rb
@@ -0,0 +1,15 @@
+package "couchdb" do
+ version node[:couchdb][:version]
+end
+
+service "couchdb" do
+ action :enable
+end
+
+template "/etc/couchdb/local.ini" do
+ notifies :restart, resources(:service => "couchdb")
+end
+
+service "couchdb" do
+ action :start
+end
View
19 couchdb/templates/default/local.ini.erb
@@ -0,0 +1,19 @@
+[couchdb]
+
+max_document_size = <%= @node[:couchdb][:max_document_size] %> ; bytes
+
+[httpd]
+port = <%= @node[:couchdb][:port] %>
+bind_address = <%= @node[:couchdb][:bind_address] %>
+
+[log]
+;level = debug
+
+[update_notification]
+;unique notifier name=/full/path/to/exe -with "cmd line arg"
+
+[couch_httpd_auth]
+;secret = replace this with a real secret
+
+[admins]
+;admin = mysecretpassword
View
86 nagios/files/default/plugins/check_mogilefs_bored_workers.rb
@@ -1,86 +0,0 @@
-#!/usr/bin/env ruby
-#
-# Nagios check for MogileFS bored query workers
-# Copyright 37signals, 2010
-# Author: John Williams (john@37signals.com)
-
-require 'rubygems'
-require 'choice'
-require 'net/telnet'
-
-EXIT_OK = 0
-EXIT_WARNING = 1
-EXIT_CRITICAL = 2
-EXIT_UNKNOWN = 3
-
-Choice.options do
- header ''
- header 'Specific options:'
-
- option :warn do
- short '-w'
- long '--warning=VALUE'
- desc 'Warning threshold'
- cast Integer
- end
-
- option :crit do
- short '-c'
- long '--critical=VALUE'
- desc 'Critical threshold'
- cast Integer
- end
-
- option :host do
- short '-h'
- long '--host=VALUE'
- desc 'MogileFS host'
- end
-
- option :port do
- short '-p'
- long '--port=VALUE'
- desc 'MogileFS port'
- end
-end
-
-c = Choice.choices
-
-if c[:crit]
-
- value = 0
-
- begin
- results = ""
- mogilefs = Net::Telnet::new("Host" => c[:host], "Port" => c[:port], "Telnetmode" => true, "Prompt" => /[$%#>] \z/n)
- results = mogilefs.cmd("String" => "!stats", "Match" => /./) { |r| results += r }
- mogilefs.close
- results.each_line do |line|
- if line.match "bored_queryworkers"
- value = line.split(" ").last.to_i
- end
- end
-
- rescue Exception => e
- puts "Error checking MogileFS: #{e.message}"
- exit(EXIT_UNKNOWN)
- end
-
- if value <= c[:crit]
- message = "MogileFS is CRITICAL: reports %d bored query workers"
- puts sprintf(message, value)
- exit(EXIT_CRITICAL)
- end
-
- if c[:warn] && value <= c[:warn]
- message = "MogileFS is WARNING: reports %d bored query workers"
- puts sprintf(message, value)
- exit(EXIT_WARNING)
- end
-
-else
- puts "Please provide a critical threshold"
- exit
-end
-
-puts sprintf("MogileFS is OK, reports %d bored query workers", value)
View
55 nginx/recipes/default.rb
@@ -1,25 +1,5 @@
package "nginx"
-# use this section for customized nginx packages
-
-# package "libossp-uuid16"
-# package "libperl5.10"
-# package "libgd2-noxpm"
-# package "libxslt1.1"
-# package "libgeoip1"
-#
-# nginx_filename = [node[:nginx][:package_name], node[:nginx][:version], node[:nginx][:architecture]].join("_")+".deb"
-#
-# dpkg_package node[:nginx][:package_name] do
-# source "/home/system/pkg/debs/#{nginx_filename}"
-# options "--force-confold"
-# end
-
-template "/etc/init.d/nginx" do
- source "init.sh.erb"
- mode 0755
-end
-
template "/etc/logrotate.d/nginx" do
source "logrotate.erb"
owner "root"
@@ -37,35 +17,6 @@
action :create
end
-directory "/var/spool/nginx" do
- owner "app"
- group "app"
-end
-
-directory "/var/spool/nginx/client_body" do
- owner node[:nginx][:user]
-end
-
-%w{nxensite nxdissite}.each do |nxscript|
- template "/usr/sbin/#{nxscript}" do
- source "#{nxscript}.erb"
- mode 0755
- owner "root"
- group "root"
- end
-end
-
-cookbook_file "#{node[:nginx][:dir]}/mime.types"
-
-template "nginx.conf" do
- path "#{node[:nginx][:dir]}/nginx.conf"
- source "nginx.conf.erb"
- owner "root"
- group "root"
- mode 0644
- notifies :reload, resources(:service => "nginx")
-end
-
directory "/etc/nginx/helpers"
# helpers to be included in your vhosts
@@ -84,8 +35,4 @@
service "nginx" do
action [ :enable, :start ]
-end
-
-nginx_site "default" do
- enable false
-end
+end
View
23 nginx/recipes/proxy_frontend.rb
@@ -1,23 +0,0 @@
-require_recipe "nginx"
-
-node[:nginx][:proxy_frontends] = {}
-
-search(:apps) do |app|
- next unless app[:environments] &&
- app[:environments]['staging'] &&
- app[:environments]['staging'][:ssl_vhosts] &&
- node[:active_applications].keys.include?(app['id'])
-
- app[:environments]['staging'][:ssl_vhosts].each do |domain, vhost_vip_octet|
- ssl_certificate domain
- node[:nginx][:proxy_frontends][domain] = {
- :certificate => domain =~ /\*\.(.+)/ ? "#{$1}_wildcard" : domain
- }
- end
-end
-
-template "/etc/nginx/sites-available/proxy_frontend" do
- source "proxy_frontend.conf.erb"
-end
-
-nginx_site "proxy_frontend"
View
6 openssl/attributes/default.rb
@@ -0,0 +1,6 @@
+openssl.default[:country_name] = "DE"
+openssl.default[:state_name] = "DE"
+openssl.default[:locality_name] = "Karlsruhe"
+openssl.default[:company_name] = "Sauspiel"
+openssl.default[:organizational_unit_name] = "Operations"
+openssl.default[:email_address] = "sysadmin@sauspiel.de"
View
37 openssl/definitions/ssl_cert.rb
@@ -0,0 +1,37 @@
+define :ssl_cert, :fqdn => "chef.example.com" do
+
+ destdir = params[:name]
+ fqdn = params[:fqdn]
+ fqdn =~ /^(.+?)\.(.+)$/
+ hostname = $1
+ domain = $2
+
+ directory destdir
+
+ execute "generate SSL key" do
+ command "cd #{destdir} && openssl genrsa 2048 > #{fqdn}.key && chmod 644 #{fqdn}.key"
+ not_if { File.exists? "#{destdir}/#{fqdn}.key"}
+ end
+
+ template "/tmp/#{fqdn}.ssl-conf" do
+ variables(:fqdn => params[:fqdn])
+ cookbook "openssl"
+ source "cert-request.txt.erb"
+ end
+
+ execute "generate SSL CRT" do
+ command "cd #{destdir} && openssl req -config '/tmp/#{fqdn}.ssl-conf' -new -x509 -nodes -sha1 -days 3650 -key #{fqdn}.key > #{fqdn}.crt"
+ not_if { File.exists? "#{destdir}/#{fqdn}.crt"}
+ end
+
+ execute "Generate SSL Info" do
+ command "cd #{destdir} && openssl x509 -noout -fingerprint -text < #{fqdn}.crt > #{fqdn}.info"
+ not_if { File.exists? "#{destdir}/#{fqdn}.info"}
+ end
+
+ execute "Generate SSL PEM" do
+ command "cd #{destdir} && cat #{fqdn}.crt #{fqdn}.key > #{fqdn}.pem && chmod 644 #{fqdn}.pem"
+ not_if { File.exists? "#{destdir}/#{fqdn}.pem"}
+ end
+
+end
View
4 openssl/metadata.rb
@@ -0,0 +1,4 @@
+maintainer "37signals"
+maintainer_email "sysadmins@37signals.com"
+description "Configures openssl"
+version "0.1"
View
28 openssl/recipes/default.rb
@@ -0,0 +1,28 @@
+#
+# Cookbook Name:: openssl
+# Recipe:: default
+#
+# Copyright 2009, 37signals
+#
+# All rights reserved - Do Not Redistribute
+#
+
+dpkg_package "libssl0.9.8_0.9.8k-7ubuntu8.1" do
+ source "/home/system/pkg/debs/openssl/libssl0.9.8_0.9.8k-7ubuntu8.1_amd64.deb"
+ not_if "dpkg-query -l libssl-* | grep 0.9.8k-7ubuntu8.1"
+end
+
+dpkg_package "libssl0.9.8-dbg_0.9.8k-7ubuntu8.1" do
+ source "/home/system/pkg/debs/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.1_amd64.deb"
+ not_if "dpkg-query -l libssl-* | grep 0.9.8k-7ubuntu8.1"
+end
+
+dpkg_package "libssl-dev_0.9.8k-7ubuntu8.1" do
+ source "/home/system/pkg/debs/openssl/libssl-dev_0.9.8k-7ubuntu8.1_amd64.deb"
+ not_if "dpkg-query -l libssl-* | grep 0.9.8k-7ubuntu8.1"
+end
+
+dpkg_package "openssl_0.9.8k-7ubuntu8.1" do
+ source "/home/system/pkg/debs/openssl/openssl_0.9.8k-7ubuntu8.1_amd64.deb"
+ not_if "dpkg-query -l openssl* | grep 0.9.8k-7ubuntu8.1"
+end
View
12 openssl/templates/default/cert-request.txt.erb
@@ -0,0 +1,12 @@
+[ req ]
+distinguished_name = req_distinguished_name
+prompt = no
+
+[ req_distinguished_name ]
+C = <%= @node[:openssl][:country_name] %>
+ST = <%= @node[:openssl][:state_name] %>
+L = <%= @node[:openssl][:locality_name]%>
+O = <%= @node[:openssl][:company_name]%>
+OU = <%= @node[:openssl][:organizational_unit_name]%>
+CN = <%= @fqdn %>
+emailAddress = <%= @node[:openssl][:email_address] %>
View
9 rabbitmq/metadata.rb
@@ -0,0 +1,9 @@
+maintainer "Opscode, Inc."
+maintainer_email "cookbooks@opscode.com"
+license "Apache 2.0"
+description "Installs the RabbitMQ AMQP Broker"
+version "0.8"
+
+%w{ centos redhat fedora ubuntu debian }.each do |os|
+ supports os
+end
View
6 rabbitmq/recipes/default.rb
@@ -0,0 +1,6 @@
+package "rabbitmq-server"
+
+service "rabbitmq-server" do
+ supports [ :restart, :status ]
+ action [ :enable, :start ]
+end
Please sign in to comment.
Something went wrong with that request. Please try again.