diff --git a/Vagrantfile b/Vagrantfile new file mode 100644 index 0000000..ec0f595 --- /dev/null +++ b/Vagrantfile @@ -0,0 +1,21 @@ +Vagrant::Config.run do |config| + config.vm.box_url = "http://vagrant-promet.s3.amazonaws.com/centos-63.box" + config.vm.box = "centos-63" + config.vm.host_name = "chefserver" + + config.vm.customize ["modifyvm", :id, "--memory", "1024"] + config.vm.network :hostonly, "33.33.33.3" + + config.vm.forward_port 4000, 4000 + config.vm.forward_port 4040, 4040 + config.vm.forward_port 443, 443 + + #config.vm.provision :chef_solo do |chef| + # chef.cookbooks_path = "cookbooks" + # chef.data_bags_path = "data_bags" + # chef.roles_path = "roles" + # chef.add_role("vagrant") + # chef.add_recipe "build-essential" + # chef.log_level = :debug + #end +end diff --git a/bootstrap.sh b/bootstrap.sh new file mode 100644 index 0000000..1d2f706 --- /dev/null +++ b/bootstrap.sh @@ -0,0 +1 @@ +chef-solo -c solo.rb -j chef.json diff --git a/chef.json b/chef.json new file mode 100644 index 0000000..a9d160e --- /dev/null +++ b/chef.json @@ -0,0 +1,15 @@ +{ + "chef_server": { + "server_url": "http://localhost:4000", + "webui_enabled": true, + "workers": 8, + "init_style": "init" + }, + "yum": { + "epel_release": "6-7" + }, + "run_list": [ + "recipe[chef-server::rubygems-install]", + "recipe[chef-server::nginx-proxy]" + ] +} diff --git a/cookbooks/apache2/README.md b/cookbooks/apache2/README.md new file mode 100644 index 0000000..c176252 --- /dev/null +++ b/cookbooks/apache2/README.md @@ -0,0 +1,398 @@ +Description +=========== + +This cookbook provides a complete Debian/Ubuntu style Apache HTTPD configuration. Non-Debian based distributions such as Red Hat/CentOS, ArchLinux and others supported by this cookbook will have a configuration that mimics Debian/Ubuntu style as it is easier to manage with Chef. + +Debian-style Apache configuration uses scripts to manage modules and sites (vhosts). The scripts are: + +* a2ensite +* a2dissite +* a2enmod +* a2dismod + +This cookbook ships with templates of these scripts for non Debian/Ubuntu platforms. The scripts are used in the __Definitions__ below. + +Requirements +============ + +## Cookbooks: + +This cookbook doesn't have direct dependencies on other cookbooks. Depending on your OS configuration and security policy, you may need additional recipes or cookbooks for this cookbook's recipes to converge on the node. In particular, the following Operating System nuances may affect the behavior: + +* apt cache outdated +* SELinux enabled +* IPtables +* Compile tools + +On Ubuntu/Debian, use Opscode's `apt` cookbook to ensure the package cache is updated so Chef can install packages, or consider putting apt-get in your bootstrap process or [knife bootstrap template](http://wiki.opscode.com/display/chef/Knife+Bootstrap). + +On RHEL, SELinux is enabled by default. The `selinux` cookbook contains a `permissive` recipe that can be used to set SELinux to "Permissive" state. + +The easiest but certainly not ideal way to deal with IPtables is of course to flush all rules. Opscode does provide an `iptables` cookbook but is migrating from the approach used there to a more robust solution utilizing a general "firewall" LWRP that would have an "iptables" provider. Alternately, you can use ufw, with Opscode's `ufw` and `firewall` cookbooks to set up rules. See those cookbooks' READMEs for documentation. + +Build/compile tools may not be installed on the system by default. Some recipes (e.g., `apache2::mode_auth_openid`) build the module from source. Use Opscode's `build-essential` cookbook to get essential build packages installed. + +## Platforms: + +* Debian +* Ubuntu +* Red Hat/CentOS/Scientific Linux/Fedora (RHEL Family) +* SUSE/OpenSUSE +* ArchLinux + +### Notes for RHEL Family: + +On Red Hat Enterprise Linux and derivatives, the EPEL repository may be necessary to install packages used in certain recipes. The `apache2::default` recipe, however, does not require any additional repositories. Opscode's `yum` cookbook contains a recipe to add the EPEL repository. See __Examples__ for more information. + +Attributes +========== + +This cookbook uses many attributes, broken up into a few different kinds. + +Platform specific +----------------- + +In order to support the broadest number of platforms, several attributes are determined based on the node's platform. See the attributes/default.rb file for default values in the case statement at the top of the file. + +* `node['apache']['dir']` - Location for the Apache configuration +* `node['apache']['log_dir']` - Location for Apache logs +* `node['apache']['user']` - User Apache runs as +* `node['apache']['group']` - Group Apache runs as +* `node['apache']['binary']` - Apache httpd server daemon +* `node['apache']['icondir']` - Location for icons +* `node['apache']['cache_dir']` - Location for cached files used by Apache itself or recipes +* `node['apache']['pid_file']` - Location of the PID file for Apache httpd +* `node['apache']['lib_dir']` - Location for shared libraries + +General settings +---------------- + +These are general settings used in recipes and templates. Default values are noted. + +* `node['apache']['listen_ports']` - Ports that httpd should listen on. Default is an array of ports 80 and 443. +* `node['apache']['contact']` - Value for ServerAdmin directive. Default "ops@example.com". +* `node['apache']['timeout']` - Value for the Timeout directive. Default is 300. +* `node['apache']['keepalive']` - Value for the KeepAlive directive. Default is On. +* `node['apache']['keepaliverequests']` - Value for MaxKeepAliveRequests. Default is 100. +* `node['apache']['keepalivetimeout']` - Value for the KeepAliveTimeout directive. Default is 5. +* `node['apache']['default_modules']` - Array of module names. Can take "mod_FOO" or "FOO" as names, where FOO is the apache module, e.g. "`mod_status`" or "`status`". + +The modules listed in `default_modules` will be included as recipes in `recipe[apache::default]`. + +Prefork attributes +------------------ + +Prefork attributes are used for tuning the Apache HTTPD prefork MPM configuration. + +* `node['apache']['prefork']['startservers']` - initial number of server processes to start. Default is 16. +* `node['apache']['prefork']['minspareservers']` - minimum number of spare server processes. Default 16. +* `node['apache']['prefork']['maxspareservers']` - maximum number of spare server processes. Default 32. +* `node['apache']['prefork']['serverlimit']` - upper limit on configurable server processes. Default 400. +* `node['apache']['prefork']['maxclients']` - Maximum number of simultaneous connections. +* `node['apache']['prefork']['maxrequestsperchild']` - Maximum number of request a child process will handle. Default 10000. + +Worker attributes +----------------- + +Worker attributes are used for tuning the Apache HTTPD worker MPM configuration. + +* `node['apache']['worker']['startservers']` - Initial number of server processes to start. Default 4 +* `node['apache']['worker']['maxclients']` - Maximum number of simultaneous connections. Default 1024. +* `node['apache']['worker']['minsparethreads]` - Minimum number of spare worker threads. Default 64 +* `node['apache']['worker']['maxsparethreads]` - Maximum number of spare worker threads. Default 192. +* `node['apache']['worker']['maxrequestsperchild']` - Maximum number of requests a child process will handle. + +mod\_auth\_openid attributes +---------------------------- + +The following attributes are in the `attributes/mod_auth_openid.rb` file. Like all Chef attributes files, they are loaded as well, but they're logistically unrelated to the others, being specific to the `mod_auth_openid` recipe. + +* `node['apache']['mod_auth_openid']['checksum']` - sha256sum of the tarball containing the source. +* `node['apache']['mod_auth_openid']['version']` - version of the `mod_auth_openid` to download. +* `node['apache']['mod_auth_openid']['cache_dir']` - the cache directory is where the sqlite3 database is stored. It is separate so it can be managed as a directory resource. +* `node['apache']['mod_auth_openid']['dblocation']` - filename of the sqlite3 database used for directive `AuthOpenIDDBLocation`, stored in the `cache_dir` by default. +* `node['apache']['mod_auth_openid']['configure_flags']` - optional array of configure flags passed to the `./configure` step in the compilation of the module. + +Recipes +======= + +Most of the recipes in the cookbook are for enabling Apache modules. Where additional configuration or behavior is used, it is documented below in more detail. + +The following recipes merely enable the specified module: `mod_alias`, `mod_basic`, `mod_digest`, `mod_authn_file`, `mod_authnz_ldap`, `mod_authz_default`, `mod_authz_groupfile`, `mod_authz_host`, `mod_authz_user`, `mod_autoindex`, `mod_cgi`, `mod_dav_fs`, `mod_dav_svn`, `mod_deflate`, `mod_dir`, `mod_env`, `mod_expires`, `mod_headers`, `mod_ldap`, `mod_log_config`, `mod_mime`, `mod_negotiation`, `mod_proxy`, `mod_proxy_ajp`, `mod_proxy_balancer`, `mod_proxy_connect`, `mod_proxy_http`, `mod_python`, `mod_rewrite`, `mod_setenvif`, `mod_status`, `mod_wsgi`, `mod_xsendfile`. + +On RHEL Family distributions, certain modules ship with a config file with the package. The recipes here may delete those configuration files to ensure they don't conflict with the settings from the cookbook, which will use per-module configuration in `/etc/httpd/mods-enabled`. + +default +------- + +The default recipe does a number of things to set up Apache HTTPd. It also includes a number of modules based on the attribute `node['apache']['default_modules']` as recipes. + +mod\_auth\_openid +----------------- + +**Changed via COOK-915** + +This recipe compiles the module from source. In addition to `build-essential`, some other packages are included for installation like the GNU C++ compiler and development headers. + +To use the module in your own cookbooks to authenticate systems using OpenIDs, specify an array of OpenIDs that are allowed to authenticate with the attribute `node['apache']['allowed_openids']`. Use the following in a vhost to protect with OpenID authentication: + + AuthType OpenID + require user <%= node['apache']['allowed_openids'].join(' ') %> + AuthOpenIDDBLocation <%= node['apache']['mod_auth_openid']['dblocation'] %> + +Change the DBLocation with the attribute as required; this file is in a different location than previous versions, see below. It should be a sane default for most platforms, though, see `attributes/mod_auth_openid.rb`. + +### Changes from COOK-915: + +* `AuthType OpenID` instead of `AuthOpenIDEnabled On`. +* `require user` instead of `AuthOpenIDUserProgram`. +* A bug(?) in `mod_auth_openid` causes it to segfault when attempting to update the database file if the containing directory is not writable by the HTTPD process owner (e.g., www-data), even if the file is writable. In order to not interfere with other settings from the default recipe in this cookbook, the db file is moved. + +mod\_fcgid +---------- + +Installs the fcgi package and enables the module. Requires EPEL on RHEL family. + +On RHEL family, this recipe will delete the fcgid.conf and on version 6+, create the /var/run/httpd/mod_fcgid` directory, which prevents the emergency error: + + [emerg] (2)No such file or directory: mod_fcgid: Can't create shared memory for size XX bytes + +mod\_php5 +-------- + +Simply installs the appropriate package on Debian, Ubuntu and ArchLinux. + +On Red Hat family distributions including Fedora, the php.conf that comes with the package is removed. On RHEL platforms less than v6, the `php53` package is used. + +mod\_ssl +-------- + +Besides installing and enabling `mod_ssl`, this recipe will append port 443 to the `node['apache']['listen_ports']` attribute array and update the ports.conf. + +god\_monitor +------------ + +Sets up a `god` monitor for Apache. External requirements are the `god` and `runit` cookbooks from Opscode. + +Definitions +=========== + +The cookbook provides a few definitions. At some point in the future these definitions may be refactored into lightweight resources and providers. + +apache\_conf +------------ + +Sets up configuration file for an Apache module from a template. The template should be in the same cookbook where the definition is used. This is used by the `apache_module` definition and is not often used directly. + +This will use a template resource to write the module's configuration file in the `mods-available` under the Apache configuration directory (`node['apache']['dir']`). This is a platform-dependent location. See __apache\_module__. + +### Parameters: + +* `name` - Name of the template. When used from the `apache_module`, it will use the same name as the module. + +### Examples: + +Create `#{node['apache']['dir']}/mods-available/alias.conf`. + + apache_conf "alias" + +apache\_module +-------------- + +Enable or disable an Apache module in `#{node['apache']['dir']}/mods-available` by calling `a2enmod` or `a2dismod` to manage the symbolic link in `#{node['apache']['dir']}/mods-enabled`. If the module has a configuration file, a template should be created in the cookbook where the definition is used. See __Examples__. + +### Parameters: + +* `name` - Name of the module enabled or disabled with the `a2enmod` or `a2dismod` scripts. +* `enable` - Default true, which uses `a2enmod` to enable the module. If false, the module will be disabled with `a2dismod`. +* `conf` - Default false. Set to true if the module has a config file, which will use `apache_conf` for the file. +* `filename` - specify the full name of the file, e.g. + +### Examples: + +Enable the ssl module, which also has a configuration template in `templates/default/ssl.conf.erb`. + + apache_module "ssl" do + conf true + end + +Enable the php5 module, which has a different filename than the module default: + + apache_module "php5" do + filename "libphp5.so" + end + +Disable a module: + + apache_module "disabled_module" do + enable false + end + +See the recipes directory for many more examples of `apache_module`. + +apache\_site +------------ + +Enable or disable a VirtualHost in `#{node['apache']['dir']}/sites-available` by calling a2ensite or a2dissite to manage the symbolic link in `#{node['apache']['dir']}/sites-enabled`. + +The template for the site must be managed as a separate resource. To combine the template with enabling a site, see `web_app`. + +### Parameters: + +* `name` - Name of the site. +* `enable` - Default true, which uses `a2ensite` to enable the site. If false, the site will be disabled with `a2dissite`. + +web\_app +-------- + +Manage a template resource for a VirtualHost site, and enable it with `apache_site`. This is commonly done for managing web applications such as Ruby on Rails, PHP or Django, and the default behavior reflects that. However it is flexible. + +This definition includes some recipes to make sure the system is configured to have Apache and some sane default modules: + +* `apache2` +* `apache2::mod_rewrite` +* `apache2::mod_deflate` +* `apache2::mod_headers` + +It will then configure the template (see __Parameters__ and __Examples__ below), and enable or disable the site per the `enable` parameter. + +### Parameters: + +Current parameters used by the definition: + +* `name` - The name of the site. The template will be written to `#{node['apache']['dir']}/sites-available/#{params[:name]}.conf` +* `cookbook` - Optional. Cookbook where the source template is. If this is not defined, Chef will use the named template in the cookbook where the definition is used. +* `template` - Default `web_app.conf.erb`, source template file. +* `enable` - Default true. Passed to the `apache_site` definition. + +Additional parameters can be defined when the definition is called in a recipe, see __Examples__. + +### Examples: + +All parameters are passed into the template. You can use whatever you like. The apache2 cookbook comes with a `web_app.conf.erb` template as an example. The following parameters are used in the template: + +* `server_name` - ServerName directive. +* `server_aliases` - ServerAlias directive. Must be an array of aliases. +* `docroot` - DocumentRoot directive. +* `application_name` - Used in RewriteLog directive. Will be set to the `name` parameter. + +To use the default web_app, for example: + + web_app "my_site" do + server_name node['hostname'] + server_aliases [node['fqdn'], "my-site.example.com"] + docroot "/srv/www/my_site" + end + +The parameters specified will be used as: + +* `@params[:server_name]` +* `@params[:server_aliases]` +* `@params[:docroot]` + +In the template. When you write your own, the `@` is significant. + +For more information about Definitions and parameters, see the [Chef Wiki](http://wiki.opscode.com/display/chef/Definitions) + +Usage +===== + +Using this cookbook is relatively straightforward. Add the desired recipes to the run list of a node, or create a role. Depending on your environment, you may have multiple roles that use different recipes from this cookbook. Adjust any attributes as desired. For example, to create a basic role for web servers that provide both HTTP and HTTPS: + + % cat roles/webserver.rb + name "webserver" + description "Systems that serve HTTP and HTTPS" + run_list( + "recipe[apache2]", + "recipe[apache2::mod_ssl]" + ) + default_attributes( + "apache2" => { + "listen_ports" => ["80", "443"] + } + ) + +For examples of using the definitions in your own recipes, see their respective sections above. + +Changes/Roadmap +=============== + +### v1.1.0: + +* [COOK-861] - Add `mod_perl` and apreq2 +* [COOK-941] - fix `mod_auth_openid` on FreeBSD +* [COOK-1021] - add a commented-out LoadModule directive to keep apxs happy +* [COOK-1022] - consistency for icondir attribute +* [COOK-1023] - fix platform test for attributes +* [COOK-1024] - fix a2enmod script so it runs cleanly on !bash +* [COOK-1026] - fix `error_log` location on FreeBSD + +### v1.0.8: + +* COOK-548 - directory resource doesn't have backup parameter + +### v1.0.6: + +* COOK-915 - update to `mod_auth_openid` version 0.6, see __Recipes/mod_auth_openid__ below. +* COOK-548 - Add support for FreeBSD. + +### v1.0.4: + +* COOK-859 - don't hardcode module paths + +### v1.0.2 + +* Tickets resolved in this release: COOK-788, COOK-782, COOK-780 + +### v1.0.0 + +* Red Hat family support is greatly improved, all recipes except `god_monitor` converge. +* Recipe `mod_auth_openid` now works on RHEL family distros +* Recipe `mod_php5` will now remove config from package on RHEL family so it doesn't conflict with the cookbook's. +* Added `php5.conf.erb` template for `mod_php5` recipe. +* Create the run state directory for `mod_fcgid` to prevent a startup error on RHEL version 6. +* New attribute `node['apache']['lib_dir']` to handle lib vs lib64 on RHEL family distributions. +* New attribute `node['apache']['group']`. +* Scientific Linux support added. +* Use a file resource instead of the generate-module-list executed perl script on RHEL family. +* "default" site can now be disabled. +* web_app now has an "enable" parameter. +* Support for dav_fs apache module. +* Tickets resolved in this release: COOK-754, COOK-753, COOK-665, COOK-624, COOK-579, COOK-519, COOK-518 +* Fix node references in template for a2dissite +* Use proper user and group attributes on files and templates. +* Replace the anemic README.rdoc with this new and improved superpowered README.md :). + +License and Authors +=================== + +Author:: Adam Jacob +Author:: Joshua Timberman +Author:: Bryan McLellan +Author:: Dave Esposito +Author:: David Abdemoulaie +Author:: Edmund Haselwanter +Author:: Eric Rochester +Author:: Jim Browne +Author:: Matthew Kent +Author:: Nathen Harvey +Author:: Ringo De Smet +Author:: Sean OMeara +Author:: Seth Chisamore +Author:: Gilles Devaux + +Copyright:: 2009-2011, Opscode, Inc +Copyright:: 2011, Atriso +Copyright:: 2011, CustomInk, LLC. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/cookbooks/apache2/attributes/default.rb b/cookbooks/apache2/attributes/default.rb new file mode 100644 index 0000000..ddee039 --- /dev/null +++ b/cookbooks/apache2/attributes/default.rb @@ -0,0 +1,139 @@ +# +# Cookbook Name:: apache2 +# Attributes:: apache +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +set[:apache][:root_group] = "root" + +# Where the various parts of apache are +case platform +when "redhat","centos","scientific","fedora","suse" + set[:apache][:package] = "httpd" + set[:apache][:dir] = "/etc/httpd" + set[:apache][:log_dir] = "/var/log/httpd" + set[:apache][:error_log] = "error.log" + set[:apache][:user] = "apache" + set[:apache][:group] = "apache" + set[:apache][:binary] = "/usr/sbin/httpd" + set[:apache][:icondir] = "/var/www/icons" + set[:apache][:cache_dir] = "/var/cache/httpd" + if node.platform_version.to_f >= 6 then + set[:apache][:pid_file] = "/var/run/httpd/httpd.pid" + else + set[:apache][:pid_file] = "/var/run/httpd.pid" + end + set[:apache][:lib_dir] = node[:kernel][:machine] =~ /^i[36]86$/ ? "/usr/lib/httpd" : "/usr/lib64/httpd" + set[:apache][:libexecdir] = "#{set[:apache][:lib_dir]}/modules" +when "debian","ubuntu" + set[:apache][:package] = "apache2" + set[:apache][:dir] = "/etc/apache2" + set[:apache][:log_dir] = "/var/log/apache2" + set[:apache][:error_log] = "error.log" + set[:apache][:user] = "www-data" + set[:apache][:group] = "www-data" + set[:apache][:binary] = "/usr/sbin/apache2" + set[:apache][:icondir] = "/usr/share/apache2/icons" + set[:apache][:cache_dir] = "/var/cache/apache2" + set[:apache][:pid_file] = "/var/run/apache2.pid" + set[:apache][:lib_dir] = "/usr/lib/apache2" + set[:apache][:libexecdir] = "#{set[:apache][:lib_dir]}/modules" +when "arch" + set[:apache][:package] = "apache" + set[:apache][:dir] = "/etc/httpd" + set[:apache][:log_dir] = "/var/log/httpd" + set[:apache][:error_log] = "error.log" + set[:apache][:user] = "http" + set[:apache][:group] = "http" + set[:apache][:binary] = "/usr/sbin/httpd" + set[:apache][:icondir] = "/usr/share/httpd/icons" + set[:apache][:cache_dir] = "/var/cache/httpd" + set[:apache][:pid_file] = "/var/run/httpd/httpd.pid" + set[:apache][:lib_dir] = "/usr/lib/httpd" + set[:apache][:libexecdir] = "#{set[:apache][:lib_dir]}/modules" +when "freebsd" + set[:apache][:package] = "apache22" + set[:apache][:dir] = "/usr/local/etc/apache22" + set[:apache][:log_dir] = "/var/log" + set[:apache][:error_log] = "httpd-error.log" + set[:apache][:root_group] = "wheel" + set[:apache][:user] = "www" + set[:apache][:group] = "www" + set[:apache][:binary] = "/usr/local/sbin/httpd" + set[:apache][:icondir] = "/usr/local/www/apache22/icons" + set[:apache][:cache_dir] = "/var/run/apache22" + set[:apache][:pid_file] = "/var/run/httpd.pid" + set[:apache][:lib_dir] = "/usr/local/libexec/apache22" + set[:apache][:libexecdir] = set[:apache][:lib_dir] +else + set[:apache][:dir] = "/etc/apache2" + set[:apache][:log_dir] = "/var/log/apache2" + set[:apache][:error_log] = "error.log" + set[:apache][:user] = "www-data" + set[:apache][:group] = "www-data" + set[:apache][:binary] = "/usr/sbin/apache2" + set[:apache][:icondir] = "/usr/share/apache2/icons" + set[:apache][:cache_dir] = "/var/cache/apache2" + set[:apache][:pid_file] = "logs/httpd.pid" + set[:apache][:lib_dir] = "/usr/lib/apache2" + set[:apache][:libexecdir] = "#{set[:apache][:lib_dir]}/modules" +end + +### +# These settings need the unless, since we want them to be tunable, +# and we don't want to override the tunings. +### + +# General settings +default[:apache][:listen_ports] = [ "80","443" ] +default[:apache][:contact] = "ops@example.com" +default[:apache][:timeout] = 300 +default[:apache][:keepalive] = "On" +default[:apache][:keepaliverequests] = 100 +default[:apache][:keepalivetimeout] = 5 + +# Security +default[:apache][:servertokens] = "Prod" +default[:apache][:serversignature] = "On" +default[:apache][:traceenable] = "On" + +# mod_auth_openids +default[:apache][:allowed_openids] = Array.new + +# Prefork Attributes +default[:apache][:prefork][:startservers] = 16 +default[:apache][:prefork][:minspareservers] = 16 +default[:apache][:prefork][:maxspareservers] = 32 +default[:apache][:prefork][:serverlimit] = 400 +default[:apache][:prefork][:maxclients] = 400 +default[:apache][:prefork][:maxrequestsperchild] = 10000 + +# Worker Attributes +default[:apache][:worker][:startservers] = 4 +default[:apache][:worker][:maxclients] = 1024 +default[:apache][:worker][:minsparethreads] = 64 +default[:apache][:worker][:maxsparethreads] = 192 +default[:apache][:worker][:threadsperchild] = 64 +default[:apache][:worker][:maxrequestsperchild] = 0 + +# Default modules to enable via include_recipe + +default['apache']['default_modules'] = %w{ + status alias auth_basic authn_file authz_default authz_groupfile authz_host authz_user autoindex + dir env mime negotiation setenvif +} + +default['apache']['default_modules'] << "log_config" if ["redhat", "centos", "scientific", "fedora", "suse", "arch", "freebsd"].include?(node.platform) diff --git a/cookbooks/apache2/attributes/mod_auth_openid.rb b/cookbooks/apache2/attributes/mod_auth_openid.rb new file mode 100644 index 0000000..6ecd819 --- /dev/null +++ b/cookbooks/apache2/attributes/mod_auth_openid.rb @@ -0,0 +1,32 @@ +# +# Author:: Joshua Timberman +# Copyright:: Copyright (c) 2011, Opscode, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +default['apache']['mod_auth_openid']['checksum'] = "79e7ca52511d1230" +default['apache']['mod_auth_openid']['version'] = "0.6" +default['apache']['mod_auth_openid']['cache_dir'] = "/var/cache/mod_auth_openid" +default['apache']['mod_auth_openid']['dblocation'] = "#{node['apache']['mod_auth_openid']['cache_dir']}/mod_auth_openid.db" + +case node[:platform] +when "freebsd" + default['apache']['mod_auth_openid']['configure_flags'] = [ + "CPPFLAGS=-I/usr/local/include", + "LDFLAGS=-I/usr/local/lib -lsqlite3" + ] +else + default['apache']['mod_auth_openid']['configure_flags'] = [] +end diff --git a/cookbooks/apache2/definitions/apache_conf.rb b/cookbooks/apache2/definitions/apache_conf.rb new file mode 100644 index 0000000..678915b --- /dev/null +++ b/cookbooks/apache2/definitions/apache_conf.rb @@ -0,0 +1,26 @@ +# +# Cookbook Name:: apache2 +# Definition:: apache_conf +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +define :apache_conf do + template "#{node[:apache][:dir]}/mods-available/#{params[:name]}.conf" do + source "mods/#{params[:name]}.conf.erb" + notifies :restart, resources(:service => "apache2") + mode 0644 + end +end diff --git a/cookbooks/apache2/definitions/apache_module.rb b/cookbooks/apache2/definitions/apache_module.rb new file mode 100644 index 0000000..236766f --- /dev/null +++ b/cookbooks/apache2/definitions/apache_module.rb @@ -0,0 +1,53 @@ +# +# Cookbook Name:: apache2 +# Definition:: apache_module +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +define :apache_module, :enable => true, :conf => false do + include_recipe "apache2" + + params[:filename] = params[:filename] || "mod_#{params[:name]}.so" + params[:module_path] = params[:module_path] || "#{node['apache']['libexecdir']}/#{params[:filename]}" + + if params[:conf] + apache_conf params[:name] + end + + if platform?("redhat", "centos", "scientific", "fedora", "arch", "suse" ) + file "#{node['apache']['dir']}/mods-available/#{params[:name]}.load" do + content "LoadModule #{params[:name]}_module #{params[:module_path]}\n" + mode 0644 + end + end + + if params[:enable] + execute "a2enmod #{params[:name]}" do + command "/usr/sbin/a2enmod #{params[:name]}" + notifies :restart, resources(:service => "apache2") + not_if do (File.symlink?("#{node[:apache][:dir]}/mods-enabled/#{params[:name]}.load") and + ((File.exists?("#{node[:apache][:dir]}/mods-available/#{params[:name]}.conf"))? + (File.symlink?("#{node[:apache][:dir]}/mods-enabled/#{params[:name]}.conf")):(true))) + end + end + else + execute "a2dismod #{params[:name]}" do + command "/usr/sbin/a2dismod #{params[:name]}" + notifies :restart, resources(:service => "apache2") + only_if do ::File.symlink?("#{node[:apache][:dir]}/mods-enabled/#{params[:name]}.load") end + end + end +end diff --git a/cookbooks/apache2/definitions/apache_site.rb b/cookbooks/apache2/definitions/apache_site.rb new file mode 100644 index 0000000..8e690e1 --- /dev/null +++ b/cookbooks/apache2/definitions/apache_site.rb @@ -0,0 +1,43 @@ +# +# Cookbook Name:: apache2 +# Definition:: apache_site +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +define :apache_site, :enable => true do + include_recipe "apache2" + + if params[:enable] + execute "a2ensite #{params[:name]}" do + command "/usr/sbin/a2ensite #{params[:name]}" + notifies :restart, resources(:service => "apache2") + not_if do + ::File.symlink?("#{node[:apache][:dir]}/sites-enabled/#{params[:name]}") or + ::File.symlink?("#{node[:apache][:dir]}/sites-enabled/000-#{params[:name]}") + end + only_if do ::File.exists?("#{node[:apache][:dir]}/sites-available/#{params[:name]}") end + end + else + execute "a2dissite #{params[:name]}" do + command "/usr/sbin/a2dissite #{params[:name]}" + notifies :restart, resources(:service => "apache2") + only_if do + ::File.symlink?("#{node[:apache][:dir]}/sites-enabled/#{params[:name]}") or + ::File.symlink?("#{node[:apache][:dir]}/sites-enabled/000-#{params[:name]}") + end + end + end +end diff --git a/cookbooks/apache2/definitions/web_app.rb b/cookbooks/apache2/definitions/web_app.rb new file mode 100644 index 0000000..818781d --- /dev/null +++ b/cookbooks/apache2/definitions/web_app.rb @@ -0,0 +1,49 @@ +# +# Cookbook Name:: apache2 +# Definition:: web_app +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +define :web_app, :template => "web_app.conf.erb", :enable => true do + + application_name = params[:name] + + include_recipe "apache2" + include_recipe "apache2::mod_rewrite" + include_recipe "apache2::mod_deflate" + include_recipe "apache2::mod_headers" + + template "#{node[:apache][:dir]}/sites-available/#{application_name}.conf" do + source params[:template] + owner "root" + group node[:apache][:root_group] + mode 0644 + if params[:cookbook] + cookbook params[:cookbook] + end + variables( + :application_name => application_name, + :params => params + ) + if ::File.exists?("#{node[:apache][:dir]}/sites-enabled/#{application_name}.conf") + notifies :reload, resources(:service => "apache2"), :delayed + end + end + + apache_site "#{params[:name]}.conf" do + enable params[:enable] + end +end diff --git a/cookbooks/apache2/files/default/apache2_module_conf_generate.pl b/cookbooks/apache2/files/default/apache2_module_conf_generate.pl new file mode 100644 index 0000000..83f849e --- /dev/null +++ b/cookbooks/apache2/files/default/apache2_module_conf_generate.pl @@ -0,0 +1,41 @@ +#!/usr/bin/perl + +=begin + +Generates Ubuntu style module.load files. + +./apache2_module_conf_generate.pl /usr/lib64/httpd/modules /etc/httpd/mods-available + +ARGV[0] is the apache modules directory, ARGV[1] is where you want 'em. + +=cut + +use File::Find; + +use strict; +use warnings; + +die "Must have '/path/to/modules' and '/path/to/modules.load'" + unless $ARGV[0] && $ARGV[1]; + +find( + { + wanted => sub { + return 1 if $File::Find::name !~ /\.so$/; + my $modfile = $_; + $modfile =~ /(lib|mod_)(.+)\.so$/; + my $modname = $2; + my $filename = "$ARGV[1]/$modname.load"; + unless ( -f $filename ) { + open( FILE, ">", $filename ) or die "Cannot open $filename"; + print FILE "LoadModule " . $modname . "_module $File::Find::name\n"; + close(FILE); + } + }, + follow => 1, + }, + $ARGV[0] +); + +exit 0; + diff --git a/cookbooks/apache2/metadata.rb b/cookbooks/apache2/metadata.rb new file mode 100644 index 0000000..a11ede3 --- /dev/null +++ b/cookbooks/apache2/metadata.rb @@ -0,0 +1,205 @@ +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +description "Installs and configures all aspects of apache2 using Debian style symlinks with helper definitions" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "1.1.0" +recipe "apache2", "Main Apache configuration" +recipe "apache2::mod_alias", "Apache module 'alias' with config file" +recipe "apache2::mod_apreq2", "Apache module 'apreq'" +recipe "apache2::mod_auth_basic", "Apache module 'auth_basic'" +recipe "apache2::mod_auth_digest", "Apache module 'auth_digest'" +recipe "apache2::mod_auth_openid", "Apache module 'authopenid'" +recipe "apache2::mod_authn_file", "Apache module 'authn_file'" +recipe "apache2::mod_authnz_ldap", "Apache module 'authnz_ldap'" +recipe "apache2::mod_authz_default", "Apache module 'authz_default'" +recipe "apache2::mod_authz_groupfile", "Apache module 'authz_groupfile'" +recipe "apache2::mod_authz_host", "Apache module 'authz_host'" +recipe "apache2::mod_authz_user", "Apache module 'authz_user'" +recipe "apache2::mod_autoindex", "Apache module 'autoindex' with config file" +recipe "apache2::mod_cgi", "Apache module 'cgi'" +recipe "apache2::mod_dav", "Apache module 'dav'" +recipe "apache2::mod_dav_svn", "Apache module 'dav_svn'" +recipe "apache2::mod_deflate", "Apache module 'deflate' with config file" +recipe "apache2::mod_dir", "Apache module 'dir' with config file" +recipe "apache2::mod_env", "Apache module 'env'" +recipe "apache2::mod_expires", "Apache module 'expires'" +recipe "apache2::mod_fcgid", "Apache module 'fcgid', package on ubuntu/debian, rhel/centos, compile source on suse; with config file" +recipe "apache2::mod_headers", "Apache module 'headers'" +recipe "apache2::mod_ldap", "Apache module 'ldap'" +recipe "apache2::mod_log_config", "Apache module 'log_config'" +recipe "apache2::mod_mime", "Apache module 'mime' with config file" +recipe "apache2::mod_negotiation", "Apache module 'negotiation' with config file" +recipe "apache2::mod_perl", "Apache module 'perl'" +recipe "apache2::mod_php5", "Apache module 'php5'" +recipe "apache2::mod_proxy", "Apache module 'proxy' with config file" +recipe "apache2::mod_proxy_ajp", "Apache module 'proxy_ajp'" +recipe "apache2::mod_proxy_balancer", "Apache module 'proxy_balancer'" +recipe "apache2::mod_proxy_connect", "Apache module 'proxy_connect'" +recipe "apache2::mod_proxy_http", "Apache module 'proxy_http'" +recipe "apache2::mod_python", "Apache module 'python'" +recipe "apache2::mod_rewrite", "Apache module 'rewrite'" +recipe "apache2::mod_setenvif", "Apache module 'setenvif' with config file" +recipe "apache2::mod_ssl", "Apache module 'ssl' with config file, adds port 443 to listen_ports" +recipe "apache2::mod_status", "Apache module 'status' with config file" +recipe "apache2::mod_xsendfile", "Apache module 'xsendfile'" + +%w{redhat centos scientific fedora debian ubuntu arch freebsd}.each do |os| + supports os +end + +attribute "apache", + :display_name => "Apache Hash", + :description => "Hash of Apache attributes", + :type => "hash" + +attribute "apache/dir", + :display_name => "Apache Directory", + :description => "Location for Apache configuration", + :default => "/etc/apache2" + +attribute "apache/log_dir", + :display_name => "Apache Log Directory", + :description => "Location for Apache logs", + :default => "/etc/apache2" + +attribute "apache/user", + :display_name => "Apache User", + :description => "User Apache runs as", + :default => "www-data" + +attribute "apache/binary", + :display_name => "Apache Binary", + :description => "Apache server daemon program", + :default => "/usr/sbin/apache2" + +attribute "apache/icondir", + :display_name => "Apache Icondir", + :description => "Directory location for icons", + :default => "/usr/share/apache2/icons" + +attribute "apache/listen_ports", + :display_name => "Apache Listen Ports", + :description => "Ports that Apache should listen on", + :type => "array", + :default => [ "80", "443" ] + +attribute "apache/contact", + :display_name => "Apache Contact", + :description => "Email address of webmaster", + :default => "ops@example.com" + +attribute "apache/timeout", + :display_name => "Apache Timeout", + :description => "Connection timeout value", + :default => "300" + +attribute "apache/keepalive", + :display_name => "Apache Keepalive", + :description => "HTTP persistent connections", + :default => "On" + +attribute "apache/keepaliverequests", + :display_name => "Apache Keepalive Requests", + :description => "Number of requests allowed on a persistent connection", + :default => "100" + +attribute "apache/keepalivetimeout", + :display_name => "Apache Keepalive Timeout", + :description => "Time to wait for requests on persistent connection", + :default => "5" + +attribute "apache/servertokens", + :display_name => "Apache Server Tokens", + :description => "Server response header", + :default => "Prod" + +attribute "apache/serversignature", + :display_name => "Apache Server Signature", + :description => "Configure footer on server-generated documents", + :default => "On" + +attribute "apache/traceenable", + :display_name => "Apache Trace Enable", + :description => "Determine behavior of TRACE requests", + :default => "On" + +attribute "apache/allowed_openids", + :display_name => "Apache Allowed OpenIDs", + :description => "Array of OpenIDs allowed to authenticate", + :default => "" + +attribute "apache/prefork", + :display_name => "Apache Prefork", + :description => "Hash of Apache prefork tuning attributes.", + :type => "hash" + +attribute "apache/prefork/startservers", + :display_name => "Apache Prefork MPM StartServers", + :description => "Number of MPM servers to start", + :default => "16" + +attribute "apache/prefork/minspareservers", + :display_name => "Apache Prefork MPM MinSpareServers", + :description => "Minimum number of spare server processes", + :default => "16" + +attribute "apache/prefork/maxspareservers", + :display_name => "Apache Prefork MPM MaxSpareServers", + :description => "Maximum number of spare server processes", + :default => "32" + +attribute "apache/prefork/serverlimit", + :display_name => "Apache Prefork MPM ServerLimit", + :description => "Upper limit on configurable server processes", + :default => "400" + +attribute "apache/prefork/maxclients", + :display_name => "Apache Prefork MPM MaxClients", + :description => "Maximum number of simultaneous connections", + :default => "400" + +attribute "apache/prefork/maxrequestsperchild", + :display_name => "Apache Prefork MPM MaxRequestsPerChild", + :description => "Maximum number of request a child process will handle", + :default => "10000" + +attribute "apache/worker", + :display_name => "Apache Worker", + :description => "Hash of Apache prefork tuning attributes.", + :type => "hash" + +attribute "apache/worker/startservers", + :display_name => "Apache Worker MPM StartServers", + :description => "Initial number of server processes to start", + :default => "4" + +attribute "apache/worker/maxclients", + :display_name => "Apache Worker MPM MaxClients", + :description => "Maximum number of simultaneous connections", + :default => "1024" + +attribute "apache/worker/minsparethreads", + :display_name => "Apache Worker MPM MinSpareThreads", + :description => "Minimum number of spare worker threads", + :default => "64" + +attribute "apache/worker/maxsparethreads", + :display_name => "Apache Worker MPM MaxSpareThreads", + :description => "Maximum number of spare worker threads", + :default => "192" + +attribute "apache/worker/threadsperchild", + :display_name => "Apache Worker MPM ThreadsPerChild", + :description => "Constant number of worker threads in each server process", + :default => "64" + +attribute "apache/worker/maxrequestsperchild", + :display_name => "Apache Worker MPM MaxRequestsPerChild", + :description => "Maximum number of request a child process will handle", + :default => "0" + +attribute "apache/default_modules", + :display_name => "Apache Default Modules", + :description => "Default modules to enable via recipes", + :default => "status alias auth_basic authn_file authz_default authz_groupfile authz_host authz_user autoindex dir env mime negotiation setenvif" diff --git a/cookbooks/apache2/recipes/default.rb b/cookbooks/apache2/recipes/default.rb new file mode 100644 index 0000000..0729899 --- /dev/null +++ b/cookbooks/apache2/recipes/default.rb @@ -0,0 +1,217 @@ +# +# Cookbook Name:: apache2 +# Recipe:: default +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +package "apache2" do + package_name node[:apache][:package] + action :install +end + +service "apache2" do + case node[:platform] + when "redhat","centos","scientific","fedora","suse" + service_name "httpd" + # If restarted/reloaded too quickly httpd has a habit of failing. + # This may happen with multiple recipes notifying apache to restart - like + # during the initial bootstrap. + restart_command "/sbin/service httpd restart && sleep 1" + reload_command "/sbin/service httpd reload && sleep 1" + when "debian","ubuntu" + service_name "apache2" + restart_command "/usr/sbin/invoke-rc.d apache2 restart && sleep 1" + reload_command "/usr/sbin/invoke-rc.d apache2 reload && sleep 1" + when "arch" + service_name "httpd" + when "freebsd" + service_name "apache22" + end + supports value_for_platform( + "debian" => { "4.0" => [ :restart, :reload ], "default" => [ :restart, :reload, :status ] }, + "ubuntu" => { "default" => [ :restart, :reload, :status ] }, + "redhat" => { "default" => [ :restart, :reload, :status ] }, + "centos" => { "default" => [ :restart, :reload, :status ] }, + "scientific" => { "default" => [ :restart, :reload, :status ] }, + "fedora" => { "default" => [ :restart, :reload, :status ] }, + "arch" => { "default" => [ :restart, :reload, :status ] }, + "suse" => { "default" => [ :restart, :reload, :status ] }, + "freebsd" => { "default" => [ :restart, :reload, :status ] }, + "default" => { "default" => [:restart, :reload ] } + ) + action :enable +end + +if platform?("redhat", "centos", "scientific", "fedora", "arch", "suse", "freebsd") + directory node[:apache][:log_dir] do + mode 0755 + action :create + end + + package "perl" unless node['languages']['perl'].attribute?('version') + + cookbook_file "/usr/local/bin/apache2_module_conf_generate.pl" do + source "apache2_module_conf_generate.pl" + mode 0755 + owner "root" + group node[:apache][:root_group] + end + + %w{sites-available sites-enabled mods-available mods-enabled}.each do |dir| + directory "#{node[:apache][:dir]}/#{dir}" do + mode 0755 + owner "root" + group node[:apache][:root_group] + action :create + end + end + + execute "generate-module-list" do + command "/usr/local/bin/apache2_module_conf_generate.pl #{node[:apache][:lib_dir]} #{node[:apache][:dir]}/mods-available" + action :run + end + + %w{a2ensite a2dissite a2enmod a2dismod}.each do |modscript| + template "/usr/sbin/#{modscript}" do + source "#{modscript}.erb" + mode 0755 + owner "root" + group node[:apache][:root_group] + end + end + + # installed by default on centos/rhel, remove in favour of mods-enabled + %w{ proxy_ajp auth_pam authz_ldap webalizer ssl welcome }.each do |f| + file "#{node[:apache][:dir]}/conf.d/#{f}.conf" do + action :delete + backup false + end + end + + # installed by default on centos/rhel, remove in favour of mods-enabled + file "#{node[:apache][:dir]}/conf.d/README" do + action :delete + backup false + end +end + +if platform?("freebsd") + file "#{node[:apache][:dir]}/Includes/no-accf.conf" do + action :delete + backup false + end + directory "#{node[:apache][:dir]}/Includes" do + action :delete + end + + %w{httpd-autoindex.conf httpd-dav.conf httpd-default.conf httpd-info.conf + httpd-languages.conf httpd-manual.conf httpd-mpm.conf + httpd-multilang-errordoc.conf httpd-ssl.conf httpd-userdir.conf + httpd-vhosts.conf}.each do |f| + file "#{node[:apache][:dir]}/extra/#{f}" do + action :delete + backup false + end + end + directory "#{node[:apache][:dir]}/extra" do + action :delete + end +end + +directory "#{node[:apache][:dir]}/ssl" do + action :create + mode 0755 + owner "root" + group node[:apache][:root_group] +end + +directory "#{node[:apache][:dir]}/conf.d" do + action :create + mode 0755 + owner "root" + group node[:apache][:root_group] +end + +directory node[:apache][:cache_dir] do + action :create + mode 0755 + owner "root" + group node[:apache][:root_group] +end + +template "apache2.conf" do + case node[:platform] + when "redhat", "centos", "scientific", "fedora", "arch" + path "#{node[:apache][:dir]}/conf/httpd.conf" + when "debian","ubuntu" + path "#{node[:apache][:dir]}/apache2.conf" + when "freebsd" + path "#{node[:apache][:dir]}/httpd.conf" + end + source "apache2.conf.erb" + owner "root" + group node[:apache][:root_group] + mode 0644 + notifies :restart, resources(:service => "apache2") +end + +template "security" do + path "#{node[:apache][:dir]}/conf.d/security" + source "security.erb" + owner "root" + group node[:apache][:root_group] + mode 0644 + backup false + notifies :restart, resources(:service => "apache2") +end + +template "charset" do + path "#{node[:apache][:dir]}/conf.d/charset" + source "charset.erb" + owner "root" + group node[:apache][:root_group] + mode 0644 + backup false + notifies :restart, resources(:service => "apache2") +end + +template "#{node[:apache][:dir]}/ports.conf" do + source "ports.conf.erb" + owner "root" + group node[:apache][:root_group] + variables :apache_listen_ports => node[:apache][:listen_ports].map{|p| p.to_i}.uniq + mode 0644 + notifies :restart, resources(:service => "apache2") +end + +template "#{node[:apache][:dir]}/sites-available/default" do + source "default-site.erb" + owner "root" + group node[:apache][:root_group] + mode 0644 + notifies :restart, resources(:service => "apache2") +end + +node['apache']['default_modules'].each do |mod| + recipe_name = mod =~ /^mod_/ ? mod : "mod_#{mod}" + include_recipe "apache2::#{recipe_name}" +end + +apache_site "default" if platform?("redhat", "centos", "scientific", "fedora") + +service "apache2" do + action :start +end diff --git a/cookbooks/apache2/recipes/god_monitor.rb b/cookbooks/apache2/recipes/god_monitor.rb new file mode 100644 index 0000000..b3c49eb --- /dev/null +++ b/cookbooks/apache2/recipes/god_monitor.rb @@ -0,0 +1,33 @@ +# +# Cookbook Name:: apache2 +# Recipe:: god_monitor +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_service = service "apache2" do + action :nothing +end + +start_command = apache_service.start_command +stop_command = apache_service.stop_command +restart_command = apache_service.restart_command + +god_monitor "apache2" do + config "apache2.god.erb" + start (start_command)?start_command : "/etc/init.d/#{apache_service.service_name} start" + restart (restart_command)?restart_command : "/etc/init.d/#{apache_service.service_name} restart" + stop (stop_command)?stop_command : "/etc/init.d/#{apache_service.service_name} stop" +end diff --git a/cookbooks/apache2/recipes/mod_alias.rb b/cookbooks/apache2/recipes/mod_alias.rb new file mode 100644 index 0000000..a4618ed --- /dev/null +++ b/cookbooks/apache2/recipes/mod_alias.rb @@ -0,0 +1,22 @@ +# +# Cookbook Name:: apache2 +# Recipe:: alias +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module "alias" do + conf true +end diff --git a/cookbooks/apache2/recipes/mod_apreq2.rb b/cookbooks/apache2/recipes/mod_apreq2.rb new file mode 100644 index 0000000..4b33926 --- /dev/null +++ b/cookbooks/apache2/recipes/mod_apreq2.rb @@ -0,0 +1,45 @@ +# +# Cookbook Name:: apache2 +# Recipe:: apreq2 +# +# modified from the python recipe by Jeremy Bingham +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +case node[:platform] + when "debian", "ubuntu" + package "libapache2-mod-apreq2" do + action :install + end + when "centos", "redhat", "fedora" + package "libapreq2" do + action :install + notifies :run, resources(:execute => "generate-module-list"), :immediately + end + # seems that the apreq lib is weirdly broken or something - it needs to be + # loaded as "apreq", but on RHEL & derivitatives the file needs a symbolic + # link to mod_apreq.so. + link "/usr/lib64/httpd/modules/mod_apreq.so" do + to "/usr/lib64/httpd/modules/mod_apreq2.so" + only_if "test -f /usr/lib64/httpd/modules/mod_apreq2.so" + end + link "/usr/lib/httpd/modules/mod_apreq.so" do + to "/usr/lib/httpd/modules/mod_apreq2.so" + only_if "test -f /usr/lib/httpd/modules/mod_apreq2.so" + end +end + +apache_module "apreq" diff --git a/cookbooks/apache2/recipes/mod_auth_basic.rb b/cookbooks/apache2/recipes/mod_auth_basic.rb new file mode 100644 index 0000000..d30264f --- /dev/null +++ b/cookbooks/apache2/recipes/mod_auth_basic.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: auth_basic +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module "auth_basic" diff --git a/cookbooks/apache2/recipes/mod_auth_digest.rb b/cookbooks/apache2/recipes/mod_auth_digest.rb new file mode 100644 index 0000000..5aef926 --- /dev/null +++ b/cookbooks/apache2/recipes/mod_auth_digest.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: auth_digest +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module "auth_digest" diff --git a/cookbooks/apache2/recipes/mod_auth_openid.rb b/cookbooks/apache2/recipes/mod_auth_openid.rb new file mode 100644 index 0000000..68501e7 --- /dev/null +++ b/cookbooks/apache2/recipes/mod_auth_openid.rb @@ -0,0 +1,113 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_auth_openid +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +openid_dev_pkgs = value_for_platform( + ["ubuntu","debian"] => { "default" => %w{ g++ apache2-prefork-dev libopkele-dev libopkele3 } }, + ["centos","redhat","scientific","fedora"] => { + "default" => %w{ gcc-c++ httpd-devel curl-devel libtidy libtidy-devel sqlite-devel pcre-devel openssl-devel make } + }, + "arch" => { "default" => ["libopkele"] }, + "freebsd" => { "default" => %w{libopkele pcre sqlite3} } +) + +make_cmd = value_for_platform( + "freebsd" => { "default" => %w{gmake} }, + "default" => { "default" => %w{make} } +) + +case node[:platform] +when "arch" + include_recipe "pacman" + package "tidyhtml" +end + +openid_dev_pkgs.each do |pkg| + case node[:platform] + when "arch" + pacman_aur pkg do + action [:build, :install] + end + else + package pkg + end +end + +case node[:platform] +when "redhat", "centos", "scientific", "fedora" + remote_file "#{Chef::Config[:file_cache_path]}/libopkele-2.0.4.tar.gz" do + source "http://kin.klever.net/dist/libopkele-2.0.4.tar.gz" + mode 0644 + end + + bash "install libopkele" do + cwd "#{Chef::Config[:file_cache_path]}" + # Ruby 1.8.6 does not have rpartition, unfortunately + syslibdir = node[:apache][:lib_dir][0..node[:apache][:lib_dir].rindex("/")] + code <<-EOH + tar zxvf libopkele-2.0.4.tar.gz + cd libopkele-2.0.4 && ./configure --prefix=/usr --libdir=#{syslibdir} + #{make_cmd} && #{make_cmd} install + EOH + not_if { File.exists?("#{syslibdir}/libopkele.a") } + end +end + +_checksum = node['apache']['mod_auth_openid']['checksum'] +version = node['apache']['mod_auth_openid']['version'] +configure_flags = node['apache']['mod_auth_openid']['configure_flags'] + +remote_file "#{Chef::Config[:file_cache_path]}/mod_auth_openid-#{version}.tar.gz" do + source "http://butterfat.net/releases/mod_auth_openid/mod_auth_openid-#{version}.tar.gz" + mode 0644 + checksum _checksum +end + +bash "install mod_auth_openid" do + cwd Chef::Config[:file_cache_path] + code <<-EOH + tar zxvf mod_auth_openid-#{version}.tar.gz + cd mod_auth_openid-#{version} && ./configure #{configure_flags.join(' ')} + perl -pi -e "s/-i -a -n 'authopenid'/-i -n 'authopenid'/g" Makefile + #{make_cmd} && #{make_cmd} install + EOH + not_if { ::File.exists?("#{node['apache']['libexecdir']}/mod_auth_openid.so") } +end + +directory node[:apache][:mod_auth_openid][:cache_dir] do + owner node[:apache][:user] + group node[:apache][:group] + mode 0700 +end + +file node[:apache][:mod_auth_openid][:dblocation] do + owner node[:apache][:user] + group node[:apache][:group] + mode 0644 +end + +template "#{node[:apache][:dir]}/mods-available/authopenid.load" do + source "mods/authopenid.load.erb" + owner "root" + group node[:apache][:root_group] + mode 0644 +end + +apache_module "authopenid" do + filename "mod_auth_openid.so" +end diff --git a/cookbooks/apache2/recipes/mod_authn_file.rb b/cookbooks/apache2/recipes/mod_authn_file.rb new file mode 100644 index 0000000..872caa7 --- /dev/null +++ b/cookbooks/apache2/recipes/mod_authn_file.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: authn_file +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module "authn_file" diff --git a/cookbooks/apache2/recipes/mod_authnz_ldap.rb b/cookbooks/apache2/recipes/mod_authnz_ldap.rb new file mode 100644 index 0000000..0310d24 --- /dev/null +++ b/cookbooks/apache2/recipes/mod_authnz_ldap.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: authnz_ldap +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module "authnz_ldap" diff --git a/cookbooks/apache2/recipes/mod_authz_default.rb b/cookbooks/apache2/recipes/mod_authz_default.rb new file mode 100644 index 0000000..123536d --- /dev/null +++ b/cookbooks/apache2/recipes/mod_authz_default.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: authz_default +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module "authz_default" diff --git a/cookbooks/apache2/recipes/mod_authz_groupfile.rb b/cookbooks/apache2/recipes/mod_authz_groupfile.rb new file mode 100644 index 0000000..b2833b2 --- /dev/null +++ b/cookbooks/apache2/recipes/mod_authz_groupfile.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: authz_groupfile +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module "authz_groupfile" diff --git a/cookbooks/apache2/recipes/mod_authz_host.rb b/cookbooks/apache2/recipes/mod_authz_host.rb new file mode 100644 index 0000000..87c1a4b --- /dev/null +++ b/cookbooks/apache2/recipes/mod_authz_host.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: authz_host +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module "authz_host" diff --git a/cookbooks/apache2/recipes/mod_authz_user.rb b/cookbooks/apache2/recipes/mod_authz_user.rb new file mode 100644 index 0000000..8dd46df --- /dev/null +++ b/cookbooks/apache2/recipes/mod_authz_user.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: authz_user +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module "authz_user" diff --git a/cookbooks/apache2/recipes/mod_autoindex.rb b/cookbooks/apache2/recipes/mod_autoindex.rb new file mode 100644 index 0000000..622a66e --- /dev/null +++ b/cookbooks/apache2/recipes/mod_autoindex.rb @@ -0,0 +1,22 @@ +# +# Cookbook Name:: apache2 +# Recipe:: autoindex +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module "autoindex" do + conf true +end diff --git a/cookbooks/apache2/recipes/mod_cgi.rb b/cookbooks/apache2/recipes/mod_cgi.rb new file mode 100644 index 0000000..6c15a05 --- /dev/null +++ b/cookbooks/apache2/recipes/mod_cgi.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: cgi +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module "cgi" diff --git a/cookbooks/apache2/recipes/mod_dav.rb b/cookbooks/apache2/recipes/mod_dav.rb new file mode 100644 index 0000000..fef656a --- /dev/null +++ b/cookbooks/apache2/recipes/mod_dav.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: dav +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module "dav" diff --git a/cookbooks/apache2/recipes/mod_dav_fs.rb b/cookbooks/apache2/recipes/mod_dav_fs.rb new file mode 100644 index 0000000..6d0ef1d --- /dev/null +++ b/cookbooks/apache2/recipes/mod_dav_fs.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: dav_fs +# +# Copyright 2011, Atriso +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module "dav_fs" \ No newline at end of file diff --git a/cookbooks/apache2/recipes/mod_dav_svn.rb b/cookbooks/apache2/recipes/mod_dav_svn.rb new file mode 100644 index 0000000..ebf89b6 --- /dev/null +++ b/cookbooks/apache2/recipes/mod_dav_svn.rb @@ -0,0 +1,29 @@ +# +# Cookbook Name:: apache2 +# Recipe:: dav_svn +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +package "libapache2-svn" do + case node['platform'] + when "centos","redhat","scientific","fedora","suse" + package_name "mod_dav_svn" + else + package_name "libapache2-svn" + end +end + +apache_module "dav_svn" diff --git a/cookbooks/apache2/recipes/mod_deflate.rb b/cookbooks/apache2/recipes/mod_deflate.rb new file mode 100644 index 0000000..b568f30 --- /dev/null +++ b/cookbooks/apache2/recipes/mod_deflate.rb @@ -0,0 +1,22 @@ +# +# Cookbook Name:: apache2 +# Recipe:: deflate +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module "deflate" do + conf true +end diff --git a/cookbooks/apache2/recipes/mod_dir.rb b/cookbooks/apache2/recipes/mod_dir.rb new file mode 100644 index 0000000..9930c3a --- /dev/null +++ b/cookbooks/apache2/recipes/mod_dir.rb @@ -0,0 +1,22 @@ +# +# Cookbook Name:: apache2 +# Recipe:: dir +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module "dir" do + conf true +end diff --git a/cookbooks/apache2/recipes/mod_env.rb b/cookbooks/apache2/recipes/mod_env.rb new file mode 100644 index 0000000..d345503 --- /dev/null +++ b/cookbooks/apache2/recipes/mod_env.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: env +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module "env" diff --git a/cookbooks/apache2/recipes/mod_expires.rb b/cookbooks/apache2/recipes/mod_expires.rb new file mode 100644 index 0000000..9e5042e --- /dev/null +++ b/cookbooks/apache2/recipes/mod_expires.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: expires +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module "expires" diff --git a/cookbooks/apache2/recipes/mod_fcgid.rb b/cookbooks/apache2/recipes/mod_fcgid.rb new file mode 100644 index 0000000..5aac93c --- /dev/null +++ b/cookbooks/apache2/recipes/mod_fcgid.rb @@ -0,0 +1,54 @@ +# +# Cookbook Name:: apache2 +# Recipe:: fcgid +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +if platform?("debian", "ubuntu") + package "libapache2-mod-fcgid" +elsif platform?("redhat", "centos", "scientific", "fedora", "arch") + package "mod_fcgid" do + notifies :run, resources(:execute => "generate-module-list"), :immediately + end + + file "#{node[:apache][:dir]}/conf.d/fcgid.conf" do + action :delete + backup false + end + + if node['platform_version'].to_i >= 6 + directory "/var/run/httpd/mod_fcgid" do + recursive true + end + end +elsif platform?("suse") + apache_lib_path = node[:apache][:lib_dir] + + package "httpd-devel" + + bash "install-fcgid" do + code <<-EOH +(cd #{Chef::Config[:file_cache_path]}; wget http://superb-east.dl.sourceforge.net/sourceforge/mod-fcgid/mod_fcgid.2.2.tgz) +(cd #{Chef::Config[:file_cache_path]}; tar zxvf mod_fcgid.2.2.tgz) +(cd #{Chef::Config[:file_cache_path]}; perl -pi -e 's!/usr/local/apache2!#{apache_lib_path}!g' ./mod_fcgid.2.2/Makefile) +(cd #{Chef::Config[:file_cache_path]}/mod_fcgid.2.2; make install) +EOH + end +end + +apache_module "fcgid" do + conf true +end diff --git a/cookbooks/apache2/recipes/mod_headers.rb b/cookbooks/apache2/recipes/mod_headers.rb new file mode 100644 index 0000000..5e6b94d --- /dev/null +++ b/cookbooks/apache2/recipes/mod_headers.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: headers +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module "headers" diff --git a/cookbooks/apache2/recipes/mod_ldap.rb b/cookbooks/apache2/recipes/mod_ldap.rb new file mode 100644 index 0000000..0877694 --- /dev/null +++ b/cookbooks/apache2/recipes/mod_ldap.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: ldap +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module "ldap" diff --git a/cookbooks/apache2/recipes/mod_log_config.rb b/cookbooks/apache2/recipes/mod_log_config.rb new file mode 100644 index 0000000..26960f8 --- /dev/null +++ b/cookbooks/apache2/recipes/mod_log_config.rb @@ -0,0 +1,24 @@ +# +# Cookbook Name:: apache2 +# Recipe:: log_config +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +if platform?("redhat", "centos", "scientific", "fedora", "suse", "arch", "freebsd") + apache_module "log_config" +else + include_recipe "apache2" +end diff --git a/cookbooks/apache2/recipes/mod_mime.rb b/cookbooks/apache2/recipes/mod_mime.rb new file mode 100644 index 0000000..16aee1a --- /dev/null +++ b/cookbooks/apache2/recipes/mod_mime.rb @@ -0,0 +1,22 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mime +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module "mime" do + conf true +end diff --git a/cookbooks/apache2/recipes/mod_negotiation.rb b/cookbooks/apache2/recipes/mod_negotiation.rb new file mode 100644 index 0000000..348e11f --- /dev/null +++ b/cookbooks/apache2/recipes/mod_negotiation.rb @@ -0,0 +1,22 @@ +# +# Cookbook Name:: apache2 +# Recipe:: negotiation +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module "negotiation" do + conf true +end diff --git a/cookbooks/apache2/recipes/mod_perl.rb b/cookbooks/apache2/recipes/mod_perl.rb new file mode 100644 index 0000000..d23a664 --- /dev/null +++ b/cookbooks/apache2/recipes/mod_perl.rb @@ -0,0 +1,43 @@ +# +# Cookbook Name:: apache2 +# Recipe:: perl +# +# adapted from the mod_python recipe by Jeremy Bingham +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +case node[:platform] + when "debian", "ubuntu" + package "libapache2-mod-perl2" do + action :install + end + package "libapache2-request-perl" do + action :install + end + package "apache2-mpm-prefork" do + action :install + end + when "centos", "redhat", "fedora" + package "mod_perl" do + action :install + notifies :run, resources(:execute => "generate-module-list"), :immediately + end + package "perl-libapreq2" do + action :install + end +end + +apache_module "perl" diff --git a/cookbooks/apache2/recipes/mod_php5.rb b/cookbooks/apache2/recipes/mod_php5.rb new file mode 100644 index 0000000..14cbbef --- /dev/null +++ b/cookbooks/apache2/recipes/mod_php5.rb @@ -0,0 +1,78 @@ +# +# Cookbook Name:: apache2 +# Recipe:: php5 +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +case node[:platform] +when "debian", "ubuntu" + package "libapache2-mod-php5" do + action :install + end + +when "arch" + package "php-apache" do + action :install + notifies :run, resources(:execute => "generate-module-list"), :immediately + end + +when "redhat", "centos", "scientific" + package "php package" do + if node.platform_version.to_f < 6.0 + package_name "php53" + else + package_name "php" + end + action :install + notifies :run, resources(:execute => "generate-module-list"), :immediately + end + + # delete stock config + file "#{node[:apache][:dir]}/conf.d/php.conf" do + action :delete + end + + # replace with debian style config + template "#{node[:apache][:dir]}/mods-available/php5.conf" do + source "mods/php5.conf.erb" + notifies :restart, "service[apache2]" + end + +when "fedora" + package "php package" do + package_name "php" + action :install + notifies :run, resources(:execute => "generate-module-list"), :immediately + end + + # delete stock config + file "#{node[:apache][:dir]}/conf.d/php.conf" do + action :delete + end + + # replace with debian style config + template "#{node[:apache][:dir]}/mods-available/php5.conf" do + source "mods/php5.conf.erb" + notifies :restart, "service[apache2]" + end +end + +apache_module "php5" do + case node['platform'] + when "redhat","centos","scientific","fedora" + filename "libphp5.so" + end +end diff --git a/cookbooks/apache2/recipes/mod_proxy.rb b/cookbooks/apache2/recipes/mod_proxy.rb new file mode 100644 index 0000000..fff7627 --- /dev/null +++ b/cookbooks/apache2/recipes/mod_proxy.rb @@ -0,0 +1,22 @@ +# +# Cookbook Name:: apache2 +# Recipe:: proxy +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module "proxy" do + conf true +end diff --git a/cookbooks/apache2/recipes/mod_proxy_ajp.rb b/cookbooks/apache2/recipes/mod_proxy_ajp.rb new file mode 100644 index 0000000..617a2c2 --- /dev/null +++ b/cookbooks/apache2/recipes/mod_proxy_ajp.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: proxy +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module "proxy_ajp" diff --git a/cookbooks/apache2/recipes/mod_proxy_balancer.rb b/cookbooks/apache2/recipes/mod_proxy_balancer.rb new file mode 100644 index 0000000..dc62a71 --- /dev/null +++ b/cookbooks/apache2/recipes/mod_proxy_balancer.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: proxy +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module "proxy_balancer" diff --git a/cookbooks/apache2/recipes/mod_proxy_connect.rb b/cookbooks/apache2/recipes/mod_proxy_connect.rb new file mode 100644 index 0000000..f41954f --- /dev/null +++ b/cookbooks/apache2/recipes/mod_proxy_connect.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: proxy +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module "proxy_connect" diff --git a/cookbooks/apache2/recipes/mod_proxy_http.rb b/cookbooks/apache2/recipes/mod_proxy_http.rb new file mode 100644 index 0000000..ddff3ea --- /dev/null +++ b/cookbooks/apache2/recipes/mod_proxy_http.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: proxy_http +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module "proxy_http" diff --git a/cookbooks/apache2/recipes/mod_python.rb b/cookbooks/apache2/recipes/mod_python.rb new file mode 100644 index 0000000..f0e5a8b --- /dev/null +++ b/cookbooks/apache2/recipes/mod_python.rb @@ -0,0 +1,32 @@ +# +# Cookbook Name:: apache2 +# Recipe:: python +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +case node[:platform] + when "debian", "ubuntu" + package "libapache2-mod-python" do + action :install + end + when "redhat", "centos", "scientific", "fedora" + package "mod_python" do + action :install + notifies :run, resources(:execute => "generate-module-list"), :immediately + end +end + +apache_module "python" diff --git a/cookbooks/apache2/recipes/mod_rewrite.rb b/cookbooks/apache2/recipes/mod_rewrite.rb new file mode 100644 index 0000000..df388a6 --- /dev/null +++ b/cookbooks/apache2/recipes/mod_rewrite.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: rewrite +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module "rewrite" diff --git a/cookbooks/apache2/recipes/mod_setenvif.rb b/cookbooks/apache2/recipes/mod_setenvif.rb new file mode 100644 index 0000000..4048a5f --- /dev/null +++ b/cookbooks/apache2/recipes/mod_setenvif.rb @@ -0,0 +1,22 @@ +# +# Cookbook Name:: apache2 +# Recipe:: setenvif +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module "setenvif" do + conf true +end diff --git a/cookbooks/apache2/recipes/mod_ssl.rb b/cookbooks/apache2/recipes/mod_ssl.rb new file mode 100644 index 0000000..4192e1a --- /dev/null +++ b/cookbooks/apache2/recipes/mod_ssl.rb @@ -0,0 +1,43 @@ +# +# Cookbook Name:: apache2 +# Recipe:: ssl +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +if platform?("redhat", "centos", "scientific", "fedora") + package "mod_ssl" do + action :install + notifies :run, resources(:execute => "generate-module-list"), :immediately + end + + file "#{node[:apache][:dir]}/conf.d/ssl.conf" do + action :delete + backup false + end +end + +ports = node[:apache][:listen_ports].include?("443") ? node[:apache][:listen_ports] : [node[:apache][:listen_ports], "443"].flatten + +template "#{node[:apache][:dir]}/ports.conf" do + source "ports.conf.erb" + variables :apache_listen_ports => ports.map{|p| p.to_i}.uniq + notifies :restart, resources(:service => "apache2") + mode 0644 +end + +apache_module "ssl" do + conf true +end diff --git a/cookbooks/apache2/recipes/mod_status.rb b/cookbooks/apache2/recipes/mod_status.rb new file mode 100644 index 0000000..3e71727 --- /dev/null +++ b/cookbooks/apache2/recipes/mod_status.rb @@ -0,0 +1,22 @@ +# +# Cookbook Name:: apache2 +# Recipe:: status +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module "status" do + conf true +end diff --git a/cookbooks/apache2/recipes/mod_wsgi.rb b/cookbooks/apache2/recipes/mod_wsgi.rb new file mode 100644 index 0000000..95eda1d --- /dev/null +++ b/cookbooks/apache2/recipes/mod_wsgi.rb @@ -0,0 +1,27 @@ +# +# Cookbook Name:: apache2 +# Recipe:: python +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +case node[:platform] +when "debian","ubuntu" + package "libapache2-mod-wsgi" +when "redhat", "centos", "scientific", "fedora", "arch" + package "mod_wsgi" +end + +apache_module "wsgi" diff --git a/cookbooks/apache2/recipes/mod_xsendfile.rb b/cookbooks/apache2/recipes/mod_xsendfile.rb new file mode 100644 index 0000000..5c32f3e --- /dev/null +++ b/cookbooks/apache2/recipes/mod_xsendfile.rb @@ -0,0 +1,27 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_xsendfile +# +# Copyright 2011, CustomInk, LLC. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +case node['platform'] +when "debian","ubuntu" + package "libapache2-mod-xsendfile" +when "centos","redhat","scientific","fedora" + package "mod_xsendfile" +end + +apache_module "xsendfile" diff --git a/cookbooks/apache2/templates/default/a2dismod.erb b/cookbooks/apache2/templates/default/a2dismod.erb new file mode 100644 index 0000000..06fb6b3 --- /dev/null +++ b/cookbooks/apache2/templates/default/a2dismod.erb @@ -0,0 +1,22 @@ +#!/bin/sh -e + +SYSCONFDIR='<%= node[:apache][:dir] %>' + +if [ -z $1 ]; then + echo "Which module would you like to disable?" + echo -n "Your choices are: " + ls $SYSCONFDIR/mods-enabled/*.load | \ + sed -e "s,$SYSCONFDIR/mods-enabled/,,g" | sed -e 's/\.load$//g;' | xargs echo + echo -n "Module name? " + read MODNAME +else + MODNAME=$1 +fi + +if ! [ -e $SYSCONFDIR/mods-enabled/$MODNAME.load ]; then + echo "This module is already disabled, or does not exist!" + exit 1 +fi + +rm -f $SYSCONFDIR/mods-enabled/$MODNAME.* +echo "Module $MODNAME disabled; reload apache to fully disable." \ No newline at end of file diff --git a/cookbooks/apache2/templates/default/a2dissite.erb b/cookbooks/apache2/templates/default/a2dissite.erb new file mode 100644 index 0000000..69361ab --- /dev/null +++ b/cookbooks/apache2/templates/default/a2dissite.erb @@ -0,0 +1,29 @@ +#!/bin/sh -e + +SYSCONFDIR='<%= node[:apache][:dir] %>' + +if [ -z $1 ]; then + echo "Which site would you like to disable?" + echo -n "Your choices are: " + ls $SYSCONFDIR/sites-enabled/* | \ + sed -e "s,$SYSCONFDIR/sites-enabled/,,g" | xargs echo + echo -n "Site name? " + read SITENAME +else + SITENAME=$1 +fi + +if [ $SITENAME = "default" ]; then + PRIORITY="000" +fi + +if ! [ -e $SYSCONFDIR/sites-enabled/$SITENAME -o \ + -e $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME" ]; then + echo "This site is already disabled, or does not exist!" + exit 1 +fi + +if ! rm $SYSCONFDIR/sites-enabled/$SITENAME 2>/dev/null; then + rm -f $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME" +fi +echo "Site $SITENAME disabled; reload apache to disable." diff --git a/cookbooks/apache2/templates/default/a2enmod.erb b/cookbooks/apache2/templates/default/a2enmod.erb new file mode 100644 index 0000000..77dc7d6 --- /dev/null +++ b/cookbooks/apache2/templates/default/a2enmod.erb @@ -0,0 +1,37 @@ +#!/bin/sh -e + +SYSCONFDIR='<%= node[:apache][:dir] %>' + +if [ -z $1 ]; then + echo "Which module would you like to enable?" + echo -n "Your choices are: " + ls $SYSCONFDIR/mods-available/*.load | \ + sed -e "s,$SYSCONFDIR/mods-available/,,g" | sed -e 's/\.load$//g;' | xargs echo + echo -n "Module name? " + read MODNAME +else + MODNAME=$1 +fi + +#figure out if we're on a prefork or threaded mpm +if [ -x /usr/sbin/apache2 ]; then + PREFORK=`/usr/sbin/apache2 -l | grep prefork || true` +fi + +if [ -e $SYSCONFDIR/mods-enabled/$MODNAME.load -a -e $SYSCONFDIR/mods-enabled/$MODNAME.conf ]; then + echo "This module is already enabled!" + exit 0 +fi + +if ! [ -e $SYSCONFDIR/mods-available/$MODNAME.load ]; then + echo "This module does not exist!" + exit 1 +fi + +for i in conf load; do + if [ -e $SYSCONFDIR/mods-available/$MODNAME.$i -a ! -e $SYSCONFDIR/mods-enabled/$MODNAME.$i ]; then + ln -sf $SYSCONFDIR/mods-available/$MODNAME.$i $SYSCONFDIR/mods-enabled/$MODNAME.$i; + fi +done + +echo "Module $MODNAME installed; reload apache to enable." \ No newline at end of file diff --git a/cookbooks/apache2/templates/default/a2ensite.erb b/cookbooks/apache2/templates/default/a2ensite.erb new file mode 100644 index 0000000..4288869 --- /dev/null +++ b/cookbooks/apache2/templates/default/a2ensite.erb @@ -0,0 +1,38 @@ +#!/bin/sh -e + +SYSCONFDIR='<%= node[:apache][:dir] %>' + +if [ -z $1 ]; then + echo "Which site would you like to enable?" + echo -n "Your choices are: " + ls $SYSCONFDIR/sites-available/* | \ + sed -e "s,$SYSCONFDIR/sites-available/,,g" | xargs echo + echo -n "Site name? " + read SITENAME +else + SITENAME=$1 +fi + +if [ $SITENAME = "default" ]; then + PRIORITY="000" +fi + +if [ -e $SYSCONFDIR/sites-enabled/$SITENAME -o \ + -e $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME" ]; then + echo "This site is already enabled!" + exit 0 +fi + +if ! [ -e $SYSCONFDIR/sites-available/$SITENAME ]; then + echo "This site does not exist!" + exit 1 +fi + +if [ $SITENAME = "default" ]; then + ln -sf $SYSCONFDIR/sites-available/$SITENAME \ + $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME" +else + ln -sf $SYSCONFDIR/sites-available/$SITENAME $SYSCONFDIR/sites-enabled/$SITENAME +fi + +echo "Site $SITENAME installed; reload apache to enable." \ No newline at end of file diff --git a/cookbooks/apache2/templates/default/apache2.conf.erb b/cookbooks/apache2/templates/default/apache2.conf.erb new file mode 100644 index 0000000..164b07b --- /dev/null +++ b/cookbooks/apache2/templates/default/apache2.conf.erb @@ -0,0 +1,236 @@ +# +# Generated by Chef +# +# Based on the Ubuntu apache2.conf + +ServerRoot "<%= node[:apache][:dir] %>" + +# +# The accept serialization lock file MUST BE STORED ON A LOCAL DISK. +# +<% if node[:platform] == "debian" || node[:platform] == "ubuntu" -%> +LockFile /var/lock/apache2/accept.lock +<% elsif node[:platform] == "freebsd" -%> +LockFile /var/log/accept.lock +<% else %> +LockFile logs/accept.lock +<% end -%> + +# +# PidFile: The file in which the server should record its process +# identification number when it starts. +# +PidFile <%= node[:apache][:pid_file] %> + +# +# Timeout: The number of seconds before receives and sends time out. +# +Timeout <%= node[:apache][:timeout] %> + +# +# KeepAlive: Whether or not to allow persistent connections (more than +# one request per connection). Set to "Off" to deactivate. +# +KeepAlive <%= node[:apache][:keepalive] %> + +# +# MaxKeepAliveRequests: The maximum number of requests to allow +# during a persistent connection. Set to 0 to allow an unlimited amount. +# We recommend you leave this number high, for maximum performance. +# +MaxKeepAliveRequests <%= node[:apache][:keepaliverequests] %> + +# +# KeepAliveTimeout: Number of seconds to wait for the next request from the +# same client on the same connection. +# +KeepAliveTimeout <%= node[:apache][:keepalivetimeout] %> + +## +## Server-Pool Size Regulation (MPM specific) +## + +# prefork MPM +# StartServers: number of server processes to start +# MinSpareServers: minimum number of server processes which are kept spare +# MaxSpareServers: maximum number of server processes which are kept spare +# MaxClients: maximum number of server processes allowed to start +# MaxRequestsPerChild: maximum number of requests a server process serves + + StartServers <%= node[:apache][:prefork][:startservers] %> + MinSpareServers <%= node[:apache][:prefork][:minspareservers] %> + MaxSpareServers <%= node[:apache][:prefork][:maxspareservers] %> + ServerLimit <%= node[:apache][:prefork][:serverlimit] %> + MaxClients <%= node[:apache][:prefork][:maxclients] %> + MaxRequestsPerChild <%= node[:apache][:prefork][:maxrequestsperchild] %> + + +# worker MPM +# StartServers: initial number of server processes to start +# MaxClients: maximum number of simultaneous client connections +# MinSpareThreads: minimum number of worker threads which are kept spare +# MaxSpareThreads: maximum number of worker threads which are kept spare +# ThreadsPerChild: constant number of worker threads in each server process +# MaxRequestsPerChild: maximum number of requests a server process serves + + StartServers <%= node[:apache][:worker][:startservers] %> + MaxClients <%= node[:apache][:worker][:maxclients] %> + MinSpareThreads <%= node[:apache][:worker][:minsparethreads] %> + MaxSpareThreads <%= node[:apache][:worker][:maxsparethreads] %> + ThreadsPerChild <%= node[:apache][:worker][:threadsperchild] %> + MaxRequestsPerChild <%= node[:apache][:worker][:maxrequestsperchild] %> + + +User <%= node[:apache][:user] %> +Group <%= node[:apache][:group] %> + +# +# AccessFileName: The name of the file to look for in each directory +# for additional configuration directives. See also the AllowOverride +# directive. +# + +AccessFileName .htaccess + +# +# The following lines prevent .htaccess and .htpasswd files from being +# viewed by Web clients. +# + + Order allow,deny + Deny from all + + +# +# DefaultType is the default MIME type the server will use for a document +# if it cannot otherwise determine one, such as from filename extensions. +# If your server contains mostly text or HTML documents, "text/plain" is +# a good value. If most of your content is binary, such as applications +# or images, you may want to use "application/octet-stream" instead to +# keep browsers from trying to display binary files as though they are +# text. +# +DefaultType text/plain + + +# +# HostnameLookups: Log the names of clients or just their IP addresses +# e.g., www.apache.org (on) or 204.62.129.132 (off). +# The default is off because it'd be overall better for the net if people +# had to knowingly turn this feature on, since enabling it means that +# each client request will result in AT LEAST one lookup request to the +# nameserver. +# +HostnameLookups Off + +# ErrorLog: The location of the error log file. +# If you do not specify an ErrorLog directive within a +# container, error messages relating to that virtual host will be +# logged here. If you *do* define an error logfile for a +# container, that host's errors will be logged there and not here. +# +ErrorLog <%= node[:apache][:log_dir] %>/<%= node[:apache][:error_log] %> + +# +# LogLevel: Control the number of messages logged to the error_log. +# Possible values include: debug, info, notice, warn, error, crit, +# alert, emerg. +# +LogLevel warn + +# COOK-1021: Dummy LoadModule directive to aid module installations +#LoadModule dummy_module modules/mod_dummy.so + +# Include module configuration: +Include <%= node[:apache][:dir] %>/mods-enabled/*.load +Include <%= node[:apache][:dir] %>/mods-enabled/*.conf + +<% if node[:platform] == "freebsd" -%> + + AcceptFilter http none + AcceptFilter https none + +<% end %> + +# Include ports listing +Include <%= node[:apache][:dir] %>/ports.conf + +# +# The following directives define some format nicknames for use with +# a CustomLog directive (see below). +# +LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %b" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent +# + +# Customizable error responses come in three flavors: +# 1) plain text 2) local redirects 3) external redirects +# +# Some examples: +#ErrorDocument 500 "The server made a boo boo." +#ErrorDocument 404 /missing.html +#ErrorDocument 404 "/cgi-bin/missing_handler.pl" +#ErrorDocument 402 http://www.example.com/subscription_info.html +# + +# +# Putting this all together, we can internationalize error responses. +# +# We use Alias to redirect any /error/HTTP_.html.var response to +# our collection of by-error message multi-language collections. We use +# includes to substitute the appropriate text. +# +# You can modify the messages' appearance without changing any of the +# default HTTP_.html.var files by adding the line: +# +# Alias /error/include/ "/your/include/path/" +# +# which allows you to create your own set of files by starting with the +# /usr/share/apache2/error/include/ files and copying them to /your/include/path/, +# even on a per-VirtualHost basis. The default include files will display +# your Apache version number and your ServerAdmin email address regardless +# of the setting of ServerSignature. +# +# The internationalized error documents require mod_alias, mod_include +# and mod_negotiation. To activate them, uncomment the following 30 lines. + +# Alias /error/ "/usr/share/apache2/error/" +# +# +# AllowOverride None +# Options IncludesNoExec +# AddOutputFilter Includes html +# AddHandler type-map var +# Order allow,deny +# Allow from all +# LanguagePriority en cs de es fr it nl sv pt-br ro +# ForceLanguagePriority Prefer Fallback +# +# +# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var +# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var +# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var +# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var +# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var +# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var +# ErrorDocument 410 /error/HTTP_GONE.html.var +# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var +# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var +# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var +# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var +# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var +# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var +# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var +# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var +# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var +# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var + + + +# Include generic snippets of statements +Include <%= node[:apache][:dir] %>/conf.d/ + +# Include the virtual host configurations: +Include <%= node[:apache][:dir] %>/sites-enabled/ diff --git a/cookbooks/apache2/templates/default/apache2.god.erb b/cookbooks/apache2/templates/default/apache2.god.erb new file mode 100644 index 0000000..b7315e4 --- /dev/null +++ b/cookbooks/apache2/templates/default/apache2.god.erb @@ -0,0 +1,19 @@ +God.watch do |w| + w.name = "apache2" + w.interval = 30.seconds # default + w.start = "<%= @params[:start] %>" + w.stop = "/etc/init.d/httpd stop" + w.restart = "<%= @params[:restart] %>" + w.start_grace = 10.seconds + w.restart_grace = 10.seconds + w.pid_file = "/var/run/httpd.pid" + w.behavior(:clean_pid_file) + + w.start_if do |start| + start.condition(:process_running) do |c| + c.interval = 5.seconds + c.running = false + c.notify = 'admin' + end + end +end diff --git a/cookbooks/apache2/templates/default/charset.erb b/cookbooks/apache2/templates/default/charset.erb new file mode 100644 index 0000000..40d7198 --- /dev/null +++ b/cookbooks/apache2/templates/default/charset.erb @@ -0,0 +1,6 @@ +# Read the documentation before enabling AddDefaultCharset. +# In general, it is only a good idea if you know that all your files +# have this encoding. It will override any encoding given in the files +# in meta http-equiv or xml encoding tags. + +#AddDefaultCharset UTF-8 diff --git a/cookbooks/apache2/templates/default/default-site.erb b/cookbooks/apache2/templates/default/default-site.erb new file mode 100644 index 0000000..60d23d5 --- /dev/null +++ b/cookbooks/apache2/templates/default/default-site.erb @@ -0,0 +1,57 @@ + + ServerAdmin <%= node[:apache][:contact] %> + + DocumentRoot /var/www/ + + Options FollowSymLinks + AllowOverride None + + + Options Indexes FollowSymLinks MultiViews + AllowOverride None + Order allow,deny + allow from all + # This directive allows us to have apache2's default start page + # in /apache2-default/, but still have / go to the right place + #RedirectMatch ^/$ /apache2-default/ + + + ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ + + AllowOverride None + Options ExecCGI -MultiViews +SymLinksIfOwnerMatch + Order allow,deny + Allow from all + + + ErrorLog <%= node[:apache][:log_dir] %>/error.log + + # Possible values include: debug, info, notice, warn, error, crit, + # alert, emerg. + LogLevel warn + + CustomLog <%= node[:apache][:log_dir] %>/access.log combined + ServerSignature On + + Alias /doc/ "/usr/share/doc/" + + Options Indexes MultiViews FollowSymLinks + AllowOverride None + Order deny,allow + Deny from all + Allow from 127.0.0.0/255.0.0.0 ::1/128 + + + <% if %w{ redhat centos scientific fedora }.include?(node[:platform]) -%> + # + # This configuration file enables the default "Welcome" + # page if there is no default index page present for + # the root URL. To disable the Welcome page, comment + # out all the lines below. + # + + Options -Indexes + ErrorDocument 403 /error/noindex.html + + <% end -%> + diff --git a/cookbooks/apache2/templates/default/mods/README b/cookbooks/apache2/templates/default/mods/README new file mode 100644 index 0000000..df9f0bc --- /dev/null +++ b/cookbooks/apache2/templates/default/mods/README @@ -0,0 +1,2 @@ +These configs are taken from a Debian apache2.2-common 2.2.11-3 install. They +work on CentOS 5.3 with a few conditions using erb. diff --git a/cookbooks/apache2/templates/default/mods/alias.conf.erb b/cookbooks/apache2/templates/default/mods/alias.conf.erb new file mode 100644 index 0000000..83830f9 --- /dev/null +++ b/cookbooks/apache2/templates/default/mods/alias.conf.erb @@ -0,0 +1,24 @@ + +# +# Aliases: Add here as many aliases as you need (with no limit). The format is +# Alias fakename realname +# +# Note that if you include a trailing / on fakename then the server will +# require it to be present in the URL. So "/icons" isn't aliased in this +# example, only "/icons/". If the fakename is slash-terminated, then the +# realname must also be slash terminated, and if the fakename omits the +# trailing slash, the realname must also omit it. +# +# We include the /icons/ alias for FancyIndexed directory listings. If +# you do not use FancyIndexing, you may comment this out. +# +Alias /icons/ "<%= node[:apache][:icondir] %>/" + +"> + Options Indexes MultiViews + AllowOverride None + Order allow,deny + Allow from all + + + diff --git a/cookbooks/apache2/templates/default/mods/authopenid.load.erb b/cookbooks/apache2/templates/default/mods/authopenid.load.erb new file mode 100644 index 0000000..ed90043 --- /dev/null +++ b/cookbooks/apache2/templates/default/mods/authopenid.load.erb @@ -0,0 +1 @@ +LoadModule authopenid_module <%= node[:apache][:libexecdir] %>/mod_auth_openid.so diff --git a/cookbooks/apache2/templates/default/mods/autoindex.conf.erb b/cookbooks/apache2/templates/default/mods/autoindex.conf.erb new file mode 100644 index 0000000..3839093 --- /dev/null +++ b/cookbooks/apache2/templates/default/mods/autoindex.conf.erb @@ -0,0 +1,101 @@ + +# +# Directives controlling the display of server-generated directory listings. +# + +# +# IndexOptions: Controls the appearance of server-generated directory +# listings. +# Remove/replace the "Charset=UTF-8" if you don't use UTF-8 for your filenames. +# +IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* DescriptionWidth=* Charset=UTF-8 + +# +# AddIcon* directives tell the server which icon to show for different +# files or filename extensions. These are only displayed for +# FancyIndexed directories. +# +AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip x-bzip2 + +AddIconByType (TXT,/icons/text.gif) text/* +AddIconByType (IMG,/icons/image2.gif) image/* +AddIconByType (SND,/icons/sound2.gif) audio/* +AddIconByType (VID,/icons/movie.gif) video/* + +AddIcon /icons/binary.gif .bin .exe +AddIcon /icons/binhex.gif .hqx +AddIcon /icons/tar.gif .tar +AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv +AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip +AddIcon /icons/a.gif .ps .ai .eps +AddIcon /icons/layout.gif .html .shtml .htm .pdf +AddIcon /icons/text.gif .txt +AddIcon /icons/c.gif .c +AddIcon /icons/p.gif .pl .py +AddIcon /icons/f.gif .for +AddIcon /icons/dvi.gif .dvi +AddIcon /icons/uuencoded.gif .uu +AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl +AddIcon /icons/tex.gif .tex +# It's a suffix rule, so simply matching "core" matches "score" as well ! +AddIcon /icons/bomb.gif /core +AddIcon (SND,/icons/sound2.gif) .ogg +AddIcon (VID,/icons/movie.gif) .ogm + +AddIcon /icons/back.gif .. +AddIcon /icons/hand.right.gif README +AddIcon /icons/folder.gif ^^DIRECTORY^^ +AddIcon /icons/blank.gif ^^BLANKICON^^ + +# Default icons for OpenDocument format +AddIcon /icons/odf6odt-20x22.png .odt +AddIcon /icons/odf6ods-20x22.png .ods +AddIcon /icons/odf6odp-20x22.png .odp +AddIcon /icons/odf6odg-20x22.png .odg +AddIcon /icons/odf6odc-20x22.png .odc +AddIcon /icons/odf6odf-20x22.png .odf +AddIcon /icons/odf6odb-20x22.png .odb +AddIcon /icons/odf6odi-20x22.png .odi +AddIcon /icons/odf6odm-20x22.png .odm + +AddIcon /icons/odf6ott-20x22.png .ott +AddIcon /icons/odf6ots-20x22.png .ots +AddIcon /icons/odf6otp-20x22.png .otp +AddIcon /icons/odf6otg-20x22.png .otg +AddIcon /icons/odf6otc-20x22.png .otc +AddIcon /icons/odf6otf-20x22.png .otf +AddIcon /icons/odf6oti-20x22.png .oti +AddIcon /icons/odf6oth-20x22.png .oth + +# +# DefaultIcon is which icon to show for files which do not have an icon +# explicitly set. +# +DefaultIcon /icons/unknown.gif + +# +# AddDescription allows you to place a short description after a file in +# server-generated indexes. These are only displayed for FancyIndexed +# directories. +# Format: AddDescription "description" filename +# +#AddDescription "GZIP compressed document" .gz +#AddDescription "tar archive" .tar +#AddDescription "GZIP compressed tar archive" .tgz + +# +# ReadmeName is the name of the README file the server will look for by +# default, and append to directory listings. +# +# HeaderName is the name of a file which should be prepended to +# directory indexes. +ReadmeName README.html +HeaderName HEADER.html + +# +# IndexIgnore is a set of filenames which directory indexing should ignore +# and not include in the listing. Shell-style wildcarding is permitted. +# +IndexIgnore .??* *~ *# RCS CVS *,v *,t + + diff --git a/cookbooks/apache2/templates/default/mods/deflate.conf.erb b/cookbooks/apache2/templates/default/mods/deflate.conf.erb new file mode 100644 index 0000000..2e41975 --- /dev/null +++ b/cookbooks/apache2/templates/default/mods/deflate.conf.erb @@ -0,0 +1,16 @@ + + AddOutputFilterByType DEFLATE text/html + AddOutputFilterByType DEFLATE text/css + AddOutputFilterByType DEFLATE text/plain + AddOutputFilterByType DEFLATE text/xml + AddOutputFilterByType DEFLATE application/xhtml+xml + AddOutputFilterByType DEFLATE application/xml + AddOutputFilterByType DEFLATE image/svg+xml + AddOutputFilterByType DEFLATE application/rss+xml + AddOutputFilterByType DEFLATE application/atom_xml + AddOutputFilterByType DEFLATE application/javascript + AddOutputFilterByType DEFLATE application/x-javascript + AddOutputFilterByType DEFLATE application/x-httpd-php + AddOutputFilterByType DEFLATE application/x-httpd-fastphp + AddOutputFilterByType DEFLATE application/x-httpd-eruby + diff --git a/cookbooks/apache2/templates/default/mods/dir.conf.erb b/cookbooks/apache2/templates/default/mods/dir.conf.erb new file mode 100644 index 0000000..e16fcb3 --- /dev/null +++ b/cookbooks/apache2/templates/default/mods/dir.conf.erb @@ -0,0 +1,5 @@ + + + DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm + + diff --git a/cookbooks/apache2/templates/default/mods/fcgid.conf.erb b/cookbooks/apache2/templates/default/mods/fcgid.conf.erb new file mode 100644 index 0000000..46e6b71 --- /dev/null +++ b/cookbooks/apache2/templates/default/mods/fcgid.conf.erb @@ -0,0 +1,10 @@ + + AddHandler fcgid-script .fcgi + IPCConnectTimeout 20 + + +<% if %w{ redhat centos scientific fedora }.include?(node[:platform]) -%> +# Sane place to put sockets and shared memory file +SocketPath run/mod_fcgid +SharememPath run/mod_fcgid/fcgid_shm +<% end -%> diff --git a/cookbooks/apache2/templates/default/mods/mime.conf.erb b/cookbooks/apache2/templates/default/mods/mime.conf.erb new file mode 100644 index 0000000..0234535 --- /dev/null +++ b/cookbooks/apache2/templates/default/mods/mime.conf.erb @@ -0,0 +1,198 @@ + + +# +# TypesConfig points to the file containing the list of mappings from +# filename extension to MIME-type. +# +<% case node[:platform] -%> +<% when "arch" -%> +TypesConfig <%= node['apache']['dir'] %>/conf/mime.types +<% when "freebsd" -%> +TypesConfig <%= node['apache']['dir'] %>/mime.types +<% else -%> +TypesConfig /etc/mime.types +<% end -%> + +# +# AddType allows you to add to or override the MIME configuration +# file mime.types for specific file types. +# +#AddType application/x-gzip .tgz +# +# AddEncoding allows you to have certain browsers uncompress +# information on the fly. Note: Not all browsers support this. +# Despite the name similarity, the following Add* directives have +# nothing to do with the FancyIndexing customization directives above. +# +#AddEncoding x-compress .Z +#AddEncoding x-gzip .gz .tgz +#AddEncoding x-bzip2 .bz2 +# +# If the AddEncoding directives above are commented-out, then you +# probably should define those extensions to indicate media types: +# +AddType application/x-compress .Z +AddType application/x-gzip .gz .tgz +AddType application/x-bzip2 .bz2 + +# +# DefaultLanguage and AddLanguage allows you to specify the language of +# a document. You can then use content negotiation to give a browser a +# file in a language the user can understand. +# +# Specify a default language. This means that all data +# going out without a specific language tag (see below) will +# be marked with this one. You probably do NOT want to set +# this unless you are sure it is correct for all cases. +# +# * It is generally better to not mark a page as +# * being a certain language than marking it with the wrong +# * language! +# +# DefaultLanguage nl +# +# Note 1: The suffix does not have to be the same as the language +# keyword --- those with documents in Polish (whose net-standard +# language code is pl) may wish to use "AddLanguage pl .po" to +# avoid the ambiguity with the common suffix for perl scripts. +# +# Note 2: The example entries below illustrate that in some cases +# the two character 'Language' abbreviation is not identical to +# the two character 'Country' code for its country, +# E.g. 'Danmark/dk' versus 'Danish/da'. +# +# Note 3: In the case of 'ltz' we violate the RFC by using a three char +# specifier. There is 'work in progress' to fix this and get +# the reference data for rfc1766 cleaned up. +# +# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl) +# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de) +# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja) +# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn) +# Norwegian (no) - Polish (pl) - Portugese (pt) +# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv) +# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW) +# +AddLanguage ca .ca +AddLanguage cs .cz .cs +AddLanguage da .dk +AddLanguage de .de +AddLanguage el .el +AddLanguage en .en +AddLanguage eo .eo +# See README.Debian for Spanish +AddLanguage es .es +AddLanguage et .et +AddLanguage fr .fr +AddLanguage he .he +AddLanguage hr .hr +AddLanguage it .it +AddLanguage ja .ja +AddLanguage ko .ko +AddLanguage ltz .ltz +AddLanguage nl .nl +AddLanguage nn .nn +AddLanguage no .no +AddLanguage pl .po +AddLanguage pt .pt +AddLanguage pt-BR .pt-br +AddLanguage ru .ru +AddLanguage sv .sv +# See README.Debian for Turkish +AddLanguage tr .tr +AddLanguage zh-CN .zh-cn +AddLanguage zh-TW .zh-tw + +# +# Commonly used filename extensions to character sets. You probably +# want to avoid clashes with the language extensions, unless you +# are good at carefully testing your setup after each change. +# See http://www.iana.org/assignments/character-sets for the +# official list of charset names and their respective RFCs. +# +AddCharset us-ascii .ascii .us-ascii +AddCharset ISO-8859-1 .iso8859-1 .latin1 +AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen +AddCharset ISO-8859-3 .iso8859-3 .latin3 +AddCharset ISO-8859-4 .iso8859-4 .latin4 +AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru +AddCharset ISO-8859-6 .iso8859-6 .arb .arabic +AddCharset ISO-8859-7 .iso8859-7 .grk .greek +AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew +AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk +AddCharset ISO-8859-10 .iso8859-10 .latin6 +AddCharset ISO-8859-13 .iso8859-13 +AddCharset ISO-8859-14 .iso8859-14 .latin8 +AddCharset ISO-8859-15 .iso8859-15 .latin9 +AddCharset ISO-8859-16 .iso8859-16 .latin10 +AddCharset ISO-2022-JP .iso2022-jp .jis +AddCharset ISO-2022-KR .iso2022-kr .kis +AddCharset ISO-2022-CN .iso2022-cn .cis +AddCharset Big5 .Big5 .big5 .b5 +AddCharset cn-Big5 .cn-big5 +# For russian, more than one charset is used (depends on client, mostly): +AddCharset WINDOWS-1251 .cp-1251 .win-1251 +AddCharset CP866 .cp866 +AddCharset KOI8 .koi8 +AddCharset KOI8-E .koi8-e +AddCharset KOI8-r .koi8-r .koi8-ru +AddCharset KOI8-U .koi8-u +AddCharset KOI8-ru .koi8-uk .ua +AddCharset ISO-10646-UCS-2 .ucs2 +AddCharset ISO-10646-UCS-4 .ucs4 +AddCharset UTF-7 .utf7 +AddCharset UTF-8 .utf8 +AddCharset UTF-16 .utf16 +AddCharset UTF-16BE .utf16be +AddCharset UTF-16LE .utf16le +AddCharset UTF-32 .utf32 +AddCharset UTF-32BE .utf32be +AddCharset UTF-32LE .utf32le +AddCharset euc-cn .euc-cn +AddCharset euc-gb .euc-gb +AddCharset euc-jp .euc-jp +AddCharset euc-kr .euc-kr +#Not sure how euc-tw got in - IANA doesn't list it??? +AddCharset EUC-TW .euc-tw +AddCharset gb2312 .gb2312 .gb +AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2 +AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4 +AddCharset shift_jis .shift_jis .sjis + +# +# AddHandler allows you to map certain file extensions to "handlers": +# actions unrelated to filetype. These can be either built into the server +# or added with the Action directive (see below) +# +# To use CGI scripts outside of ScriptAliased directories: +# (You will also need to add "ExecCGI" to the "Options" directive.) +# +#AddHandler cgi-script .cgi + +# +# For files that include their own HTTP headers: +# +#AddHandler send-as-is asis + +# +# For server-parsed imagemap files: +# +#AddHandler imap-file map + +# +# For type maps (negotiated resources): +# (This is enabled by default to allow the Apache "It Worked" page +# to be distributed in multiple languages.) +# +AddHandler type-map var + +# +# Filters allow you to process content before it is sent to the client. +# +# To parse .shtml files for server-side includes (SSI): +# (You will also need to add "Includes" to the "Options" directive.) +# +AddType text/html .shtml +AddOutputFilter INCLUDES .shtml + + diff --git a/cookbooks/apache2/templates/default/mods/negotiation.conf.erb b/cookbooks/apache2/templates/default/mods/negotiation.conf.erb new file mode 100644 index 0000000..0e3455b --- /dev/null +++ b/cookbooks/apache2/templates/default/mods/negotiation.conf.erb @@ -0,0 +1,18 @@ + +# +# LanguagePriority allows you to give precedence to some languages +# in case of a tie during content negotiation. +# +# Just list the languages in decreasing order of preference. We have +# more or less alphabetized them here. You probably want to change this. +# +LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv tr zh-CN zh-TW + +# +# ForceLanguagePriority allows you to serve a result page rather than +# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback) +# [in case no accepted languages matched the available variants] +# +ForceLanguagePriority Prefer Fallback + + diff --git a/cookbooks/apache2/templates/default/mods/php5.conf.erb b/cookbooks/apache2/templates/default/mods/php5.conf.erb new file mode 100644 index 0000000..5d2f911 --- /dev/null +++ b/cookbooks/apache2/templates/default/mods/php5.conf.erb @@ -0,0 +1,16 @@ + + + SetHandler application/x-httpd-php + + + SetHandler application/x-httpd-php-source + + # To re-enable php in user directories comment the following lines + # (from to .) Do NOT set it to On as it + # prevents .htaccess files from disabling it. + + + php_admin_value engine Off + + + diff --git a/cookbooks/apache2/templates/default/mods/proxy.conf.erb b/cookbooks/apache2/templates/default/mods/proxy.conf.erb new file mode 100644 index 0000000..46407a1 --- /dev/null +++ b/cookbooks/apache2/templates/default/mods/proxy.conf.erb @@ -0,0 +1,19 @@ + + #turning ProxyRequests on and allowing proxying from all may allow + #spammers to use your proxy to send email. + + ProxyRequests Off + + + AddDefaultCharset off + Order deny,allow + Deny from all + #Allow from .example.com + + + # Enable/disable the handling of HTTP/1.1 "Via:" headers. + # ("Full" adds the server version; "Block" removes all outgoing Via: headers) + # Set to one of: Off | On | Full | Block + + ProxyVia On + diff --git a/cookbooks/apache2/templates/default/mods/setenvif.conf.erb b/cookbooks/apache2/templates/default/mods/setenvif.conf.erb new file mode 100644 index 0000000..6b7d6e2 --- /dev/null +++ b/cookbooks/apache2/templates/default/mods/setenvif.conf.erb @@ -0,0 +1,28 @@ + + +# +# The following directives modify normal HTTP response behavior to +# handle known problems with browser implementations. +# +BrowserMatch "Mozilla/2" nokeepalive +BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 +BrowserMatch "RealPlayer 4\.0" force-response-1.0 +BrowserMatch "Java/1\.0" force-response-1.0 +BrowserMatch "JDK/1\.0" force-response-1.0 + +# +# The following directive disables redirects on non-GET requests for +# a directory that does not include the trailing slash. This fixes a +# problem with Microsoft WebFolders which does not appropriately handle +# redirects for folders with DAV methods. +# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV. +# +BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully +BrowserMatch "MS FrontPage" redirect-carefully +BrowserMatch "^WebDrive" redirect-carefully +BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully +BrowserMatch "^gnome-vfs/1.0" redirect-carefully +BrowserMatch "^XML Spy" redirect-carefully +BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully + + diff --git a/cookbooks/apache2/templates/default/mods/ssl.conf.erb b/cookbooks/apache2/templates/default/mods/ssl.conf.erb new file mode 100644 index 0000000..153f618 --- /dev/null +++ b/cookbooks/apache2/templates/default/mods/ssl.conf.erb @@ -0,0 +1,76 @@ + +# +# Pseudo Random Number Generator (PRNG): +# Configure one or more sources to seed the PRNG of the SSL library. +# The seed data should be of good random quality. +# WARNING! On some platforms /dev/random blocks if not enough entropy +# is available. This means you then cannot use the /dev/random device +# because it would lead to very long connection times (as long as +# it requires to make more entropy available). But usually those +# platforms additionally provide a /dev/urandom device which doesn't +# block. So, if available, use this one instead. Read the mod_ssl User +# Manual for more details. +# +SSLRandomSeed startup builtin +SSLRandomSeed startup file:/dev/urandom 512 +SSLRandomSeed connect builtin +SSLRandomSeed connect file:/dev/urandom 512 + +## +## SSL Global Context +## +## All SSL configuration in this context applies both to +## the main server and all SSL-enabled virtual hosts. +## + +# +# Some MIME-types for downloading Certificates and CRLs +# +AddType application/x-x509-ca-cert .crt +AddType application/x-pkcs7-crl .crl + +# Pass Phrase Dialog: +# Configure the pass phrase gathering process. +# The filtering dialog program (`builtin' is a internal +# terminal dialog) has to provide the pass phrase on stdout. +SSLPassPhraseDialog builtin + +# Inter-Process Session Cache: +# Configure the SSL Session Cache: First the mechanism +# to use and second the expiring timeout (in seconds). +#SSLSessionCache dbm:/var/run/apache2/ssl_scache +<% if %w{ redhat centos scientific fedora }.include?(node[:platform]) -%> +SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) +<% elsif node[:platform] == "freebsd" -%> +SSLSessionCache shmcb:/var/run/ssl_scache(512000) +<% else -%> +SSLSessionCache shmcb:/var/run/apache2/ssl_scache +<% end -%> +SSLSessionCacheTimeout 300 + +# Semaphore: +# Configure the path to the mutual exclusion semaphore the +# SSL engine uses internally for inter-process synchronization. +<% if %w{ redhat centos scientific fedora }.include?(node[:platform]) -%> +SSLMutex default +<% elsif node[:platform] == "freebsd" -%> +SSLMutex file:/var/run/ssl_mutex +<% else -%> +SSLMutex file:/var/run/apache2/ssl_mutex +<% end -%> + +# SSL Cipher Suite: +# List the ciphers that the client is permitted to negotiate. +# See the mod_ssl documentation for a complete list. +# enable only secure ciphers: +SSLCipherSuite HIGH:MEDIUM:!ADH +# Use this instead if you want to allow cipher upgrades via SGC facility. +# In this case you also have to use something like +# SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 +# see http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html.en#upgradeenc +#SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL + +# enable only secure protocols: SSLv3 and TLSv1, but not SSLv2 +SSLProtocol all -SSLv2 + + diff --git a/cookbooks/apache2/templates/default/mods/status.conf.erb b/cookbooks/apache2/templates/default/mods/status.conf.erb new file mode 100644 index 0000000..679d111 --- /dev/null +++ b/cookbooks/apache2/templates/default/mods/status.conf.erb @@ -0,0 +1,16 @@ + +# +# Allow server status reports generated by mod_status, +# with the URL of http://servername/server-status +# Uncomment and change the ".example.com" to allow +# access from other hosts. +# + + SetHandler server-status + Order deny,allow + Deny from all + Allow from localhost ip6-localhost +# Allow from .example.com + + + diff --git a/cookbooks/apache2/templates/default/port_apache.erb b/cookbooks/apache2/templates/default/port_apache.erb new file mode 100644 index 0000000..f6078dd --- /dev/null +++ b/cookbooks/apache2/templates/default/port_apache.erb @@ -0,0 +1,2 @@ +# Port <%= @port %> +-A FWR -p tcp -m tcp --dport <%= @port %> -j ACCEPT \ No newline at end of file diff --git a/cookbooks/apache2/templates/default/ports.conf.erb b/cookbooks/apache2/templates/default/ports.conf.erb new file mode 100644 index 0000000..cc3631e --- /dev/null +++ b/cookbooks/apache2/templates/default/ports.conf.erb @@ -0,0 +1,6 @@ +#This file generated via template by Chef. +<% @apache_listen_ports.each do |port| -%> +Listen <%= port %> +NameVirtualHost *:<%= port %> + +<% end -%> diff --git a/cookbooks/apache2/templates/default/security.erb b/cookbooks/apache2/templates/default/security.erb new file mode 100644 index 0000000..70c97ad --- /dev/null +++ b/cookbooks/apache2/templates/default/security.erb @@ -0,0 +1,50 @@ +# +# Disable access to the entire file system except for the directories that +# are explicitly allowed later. +# +# This currently breaks the configurations that come with some web application +# Debian packages. It will be made the default for the release after lenny. +# +# +# AllowOverride None +# Order Deny,Allow +# Deny from all +# + + +# Changing the following options will not really affect the security of the +# server, but might make attacks slightly more difficult in some cases. + +# +# ServerTokens +# This directive configures what you return as the Server HTTP response +# Header. The default is 'Full' which sends information about the OS-Type +# and compiled in modules. +# Set to one of: Full | OS | Minimal | Minor | Major | Prod +# where Full conveys the most information, and Prod the least. +# +#ServerTokens Minimal +ServerTokens <%= node[:apache][:servertokens] %> + +# +# Optionally add a line containing the server version and virtual host +# name to server-generated pages (internal error documents, FTP directory +# listings, mod_status and mod_info output etc., but not CGI generated +# documents or custom error documents). +# Set to "EMail" to also include a mailto: link to the ServerAdmin. +# Set to one of: On | Off | EMail +# +#ServerSignature Off +ServerSignature <%= node[:apache][:serversignature] %> + +# +# Allow TRACE method +# +# Set to "extended" to also reflect the request body (only for testing and +# diagnostic purposes). +# +# Set to one of: On | Off | extended +# +#TraceEnable Off +TraceEnable <%= node[:apache][:traceenable] %> + diff --git a/cookbooks/apache2/templates/default/web_app.conf.erb b/cookbooks/apache2/templates/default/web_app.conf.erb new file mode 100644 index 0000000..6be3fc9 --- /dev/null +++ b/cookbooks/apache2/templates/default/web_app.conf.erb @@ -0,0 +1,43 @@ + + ServerName <%= @params[:server_name] %> + ServerAlias <% @params[:server_aliases].each do |a| %><%= "#{a}" %> <% end %> + DocumentRoot <%= @params[:docroot] %> + RewriteEngine On + + > + Options FollowSymLinks + AllowOverride None + Order allow,deny + Allow from all + + + + Options FollowSymLinks + AllowOverride None + + + + SetHandler server-status + + Order Deny,Allow + Deny from all + Allow from 127.0.0.1 + + + LogLevel info + ErrorLog <%= node[:apache][:log_dir] %>/<%= @params[:name] %>-error.log + CustomLog <%= node[:apache][:log_dir] %>/<%= @params[:name] %>-access.log combined + + RewriteEngine On + RewriteLog <%= node[:apache][:log_dir] %>/<%= @application_name %>-rewrite.log + RewriteLogLevel 0 + + # Canonical host, <%= @params[:server_name] %> + RewriteCond %{HTTP_HOST} !^<%= @params[:server_name] %> [NC] + RewriteCond %{HTTP_HOST} !^$ + RewriteRule ^/(.*)$ http://<%= @params[:server_name] %>/$1 [L,R=301] + + RewriteCond %{DOCUMENT_ROOT}/system/maintenance.html -f + RewriteCond %{SCRIPT_FILENAME} !maintenance.html + RewriteRule ^.*$ /system/maintenance.html [L] + \ No newline at end of file diff --git a/cookbooks/apt/README.md b/cookbooks/apt/README.md new file mode 100644 index 0000000..57bd572 --- /dev/null +++ b/cookbooks/apt/README.md @@ -0,0 +1,134 @@ +Description +=========== + +This cookbook includes recipes to execute apt-get update to ensure the local APT package cache is up to date. There are recipes for managing the apt-cacher-ng caching proxy and proxy clients. It also includes a LWRP for managing APT repositories in /etc/apt/sources.list.d. + +Recipes +======= + +default +------- + +This recipe installs the `update-notifier-common` package to provide the timestamp file used to only run `apt-get update` if the cache is less than one day old. + +This recipe should appear first in the run list of Debian or Ubuntu nodes to ensure that the package cache is up to date before managing any `package` resources with Chef. + +This recipe also sets up a local cache directory for preseeding packages. + +cacher-ng +--------- + +Installs the `apt-cacher-ng` package and service so the system can provide APT caching. You can check the usage report at http://{hostname}:3142/acng-report.html. The `cacher-ng` recipe includes the `cacher-client` recipe, so it helps seed itself. + +cacher-client +------------- +Configures the node to use the `apt-cacher-ng` server as a client. + +Resources/Providers +=================== + +This LWRP provides an easy way to manage additional APT repositories. Adding a new repository will notify running the `execute[apt-get-update]` resource. + +# Actions + +- :add: creates a repository file and builds the repository listing +- :remove: removes the repository file + +# Attribute Parameters + +- repo_name: name attribute. The name of the channel to discover +- uri: the base of the Debian distribution +- distribution: this is usually your release's codename...ie something like `karmic`, `lucid` or `maverick` +- components: package groupings..when it doubt use `main` +- deb_src: whether or not to add the repository as a source repo as well +- key_server: the GPG keyserver where the key for the repo should be retrieved +- key: if a `key_server` is provided, this is assumed to be the fingerprint, otherwise it is the URI to the GPG key for the repo + +# Examples + + # add the Zenoss repo + apt_repository "zenoss" do + uri "http://dev.zenoss.org/deb" + components ["main","stable"] + end + + # add the Nginx PPA; grab key from keyserver + apt_repository "nginx-php" do + uri "http://ppa.launchpad.net/nginx/php5/ubuntu" + distribution node['lsb']['codename'] + components ["main"] + keyserver "keyserver.ubuntu.com" + key "C300EE8C" + end + + # add the Cloudkick Repo + apt_repository "cloudkick" do + uri "http://packages.cloudkick.com/ubuntu" + distribution node['lsb']['codename'] + components ["main"] + key "http://packages.cloudkick.com/cloudkick.packages.key" + end + + # remove Zenoss repo + apt_repository "zenoss" do + action :remove + end + +Usage +===== + +Put `recipe[apt]` first in the run list. If you have other recipes that you want to use to configure how apt behaves, like new sources, notify the execute resource to run, e.g.: + + template "/etc/apt/sources.list.d/my_apt_sources.list" do + notifies :run, resources(:execute => "apt-get update"), :immediately + end + +The above will run during execution phase since it is a normal template resource, and should appear before other package resources that need the sources in the template. + +Put `recipe[apt::cacher-ng]` in the run_list for a server to provide APT caching and add `recipe[apt::cacher-client]` on the rest of the Debian-based nodes to take advantage of the caching server. + +Changes +======= + +## v1.3.2: + +* [COOK-1040] - actually run apt-get update w/ not_if + +## v1.3.0: + +* [COOK-533] - add support for deb and deb_src repos with apt_repository provider +* [COOK-593] - switched from apt-cacher to apt-cacher-ng to better support multiple distributions. +* [COOK-890] - Fix distribution for zenoss repo in apt README +* [COOK-891] - Make add the default action for `apt_repository` +* [COOK-947] - Add chef-solo support for recipe[apt::cacher-client]. + +## v1.2.2: + +* [COOK-804] - apt-get update resource in apt cookbook changed names + +## v1.2.0: + +* [COOK-136] - Limit apt-get update to one run per day unless notified. +* [COOK-471] - ignore failure on apt-get update +* [COOK-533] - add support for deb and `deb_src` repos with `apt_repository` + +License and Author +================== + +Author:: Joshua Timberman () +Author:: Matt Ray () +Author:: Seth Chisamore () + +Copyright 2009-2012 Opscode, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/cookbooks/apt/files/default/apt-proxy-v2.conf b/cookbooks/apt/files/default/apt-proxy-v2.conf new file mode 100644 index 0000000..6541f25 --- /dev/null +++ b/cookbooks/apt/files/default/apt-proxy-v2.conf @@ -0,0 +1,50 @@ +[DEFAULT] +;; All times are in seconds, but you can add a suffix +;; for minutes(m), hours(h) or days(d) + +;; commented out address so apt-proxy will listen on all IPs +;; address = 127.0.0.1 +port = 9999 +cache_dir = /var/cache/apt-proxy + +;; Control files (Packages/Sources/Contents) refresh rate +min_refresh_delay = 1s +complete_clientless_downloads = 1 + +;; Debugging settings. +debug = all:4 db:0 + +time = 30 +passive_ftp = on + +;;-------------------------------------------------------------- +;; Cache housekeeping + +cleanup_freq = 1d +max_age = 120d +max_versions = 3 + +;;--------------------------------------------------------------- +;; Backend servers +;; +;; Place each server in its own [section] + +[ubuntu] +; Ubuntu archive +backends = + http://us.archive.ubuntu.com/ubuntu + +[ubuntu-security] +; Ubuntu security updates +backends = http://security.ubuntu.com/ubuntu + +[debian] +;; Backend servers, in order of preference +backends = + http://debian.osuosl.org/debian/ + +[security] +;; Debian security archive +backends = + http://security.debian.org/debian-security + http://ftp2.de.debian.org/debian-security diff --git a/cookbooks/apt/metadata.rb b/cookbooks/apt/metadata.rb new file mode 100644 index 0000000..f00e68f --- /dev/null +++ b/cookbooks/apt/metadata.rb @@ -0,0 +1,13 @@ +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +description "Configures apt and apt services and an LWRP for managing apt repositories" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "1.3.2" +recipe "apt", "Runs apt-get update during compile phase and sets up preseed directories" +recipe "apt::cacher-ng", "Set up an apt-cacher-ng caching proxy" +recipe "apt::cacher-client", "Client for the apt::cacher-ng caching proxy" + +%w{ ubuntu debian }.each do |os| + supports os +end diff --git a/cookbooks/apt/providers/repository.rb b/cookbooks/apt/providers/repository.rb new file mode 100644 index 0000000..a12ce56 --- /dev/null +++ b/cookbooks/apt/providers/repository.rb @@ -0,0 +1,70 @@ +# +# Cookbook Name:: apt +# Provider:: repository +# +# Copyright 2010-2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +action :add do + unless ::File.exists?("/etc/apt/sources.list.d/#{new_resource.repo_name}-source.list") + Chef::Log.info "Adding #{new_resource.repo_name} repository to /etc/apt/sources.list.d/#{new_resource.repo_name}-source.list" + # add key + if new_resource.keyserver && new_resource.key + execute "install-key #{new_resource.key}" do + command "apt-key adv --keyserver #{new_resource.keyserver} --recv #{new_resource.key}" + action :nothing + end.run_action(:run) + elsif new_resource.key && (new_resource.key =~ /http/) + key_name = new_resource.key.split(/\//).last + remote_file "#{Chef::Config[:file_cache_path]}/#{key_name}" do + source new_resource.key + mode "0644" + action :nothing + end.run_action(:create) + execute "install-key #{key_name}" do + command "apt-key add #{Chef::Config[:file_cache_path]}/#{key_name}" + action :nothing + end.run_action(:run) + end + # build our listing + repo_info = "#{new_resource.uri} #{new_resource.distribution} #{new_resource.components.join(" ")}" + repository = "deb #{repo_info}\n" + repository += "deb-src #{repo_info}\n" if new_resource.deb_src + # write out the file, replace it if it already exists + file "/etc/apt/sources.list.d/#{new_resource.repo_name}-source.list" do + owner "root" + group "root" + mode 0644 + content repository + "\n" + action :nothing + end.run_action(:create) + execute "update package index" do + command "apt-get update" + ignore_failure true + action :nothing + end.run_action(:run) + new_resource.updated_by_last_action(true) + end +end + +action :remove do + if ::File.exists?("/etc/apt/sources.list.d/#{new_resource.repo_name}-source.list") + Chef::Log.info "Removing #{new_resource.repo_name} repository from /etc/apt/sources.list.d/" + file "/etc/apt/sources.list.d/#{new_resource.repo_name}-source.list" do + action :delete + end + new_resource.updated_by_last_action(true) + end +end diff --git a/cookbooks/apt/recipes/cacher-client.rb b/cookbooks/apt/recipes/cacher-client.rb new file mode 100644 index 0000000..f88e3ac --- /dev/null +++ b/cookbooks/apt/recipes/cacher-client.rb @@ -0,0 +1,55 @@ +# +# Cookbook Name:: apt +# Recipe:: cacher-client +# +# Copyright 2011, 2012 Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +#remove Acquire::http::Proxy lines from /etc/apt/apt.conf since we use 01proxy +#these are leftover from preseed installs +execute "Remove proxy from /etc/apt/apt.conf" do + command "sed --in-place '/^Acquire::http::Proxy/d' /etc/apt/apt.conf" + only_if "grep Acquire::http::Proxy /etc/apt/apt.conf" +end + +servers = [] +if Chef::Config['solo'] + if node['apt'] && node['apt']['cacher_ipaddress'] + cacher = Chef::Node.new + cacher.name(node['apt']['cacher_ipaddress']) + cacher.ipaddress(node['apt']['cacher_ipaddress']) + servers << cacher + end +else + servers += search(:node, 'recipes:apt\:\:cacher-ng') +end + +if servers.length > 0 + Chef::Log.info("apt-cacher-ng server found on #{servers[0]}.") + proxy = "Acquire::http::Proxy \"http://#{servers[0].ipaddress}:3142\";\n" + file "/etc/apt/apt.conf.d/01proxy" do + owner "root" + group "root" + mode "0644" + content proxy + action :create + end +else + Chef::Log.info("No apt-cacher-ng server found.") + file "/etc/apt/apt.conf.d/01proxy" do + action :delete + only_if {File.exists?("/etc/apt/apt.conf.d/01proxy")} + end +end diff --git a/cookbooks/apt/recipes/cacher-ng.rb b/cookbooks/apt/recipes/cacher-ng.rb new file mode 100644 index 0000000..031f0e0 --- /dev/null +++ b/cookbooks/apt/recipes/cacher-ng.rb @@ -0,0 +1,30 @@ +# +# Cookbook Name:: apt +# Recipe:: cacher-ng +# +# Copyright 2008-2012, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +package "apt-cacher-ng" do + action :install +end + +service "apt-cacher-ng" do + supports :restart => true, :status => false + action [ :enable, :start ] +end + +#this will help seed the proxy +include_recipe "apt::cacher-client" diff --git a/cookbooks/apt/recipes/default.rb b/cookbooks/apt/recipes/default.rb new file mode 100644 index 0000000..49cf5c8 --- /dev/null +++ b/cookbooks/apt/recipes/default.rb @@ -0,0 +1,56 @@ +# +# Cookbook Name:: apt +# Recipe:: default +# +# Copyright 2008-2011, Opscode, Inc. +# Copyright 2009, Bryan McLellan +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# Run apt-get update to create the stamp file +execute "apt-get-update" do + command "apt-get update" + ignore_failure true + not_if do ::File.exists?('/var/lib/apt/periodic/update-success-stamp') end +end + +# For other recipes to call to force an update +execute "apt-get update" do + command "apt-get update" + ignore_failure true + action :nothing +end + +# provides /var/lib/apt/periodic/update-success-stamp on apt-get update +package "update-notifier-common" do + notifies :run, resources(:execute => "apt-get-update"), :immediately +end + +execute "apt-get-update-periodic" do + command "apt-get update" + ignore_failure true + only_if do + File.exists?('/var/lib/apt/periodic/update-success-stamp') && + File.mtime('/var/lib/apt/periodic/update-success-stamp') < Time.now - 86400 + end +end + +%w{/var/cache/local /var/cache/local/preseeding}.each do |dirname| + directory dirname do + owner "root" + group "root" + mode 0644 + action :create + end +end diff --git a/cookbooks/apt/resources/repository.rb b/cookbooks/apt/resources/repository.rb new file mode 100644 index 0000000..e7f18db --- /dev/null +++ b/cookbooks/apt/resources/repository.rb @@ -0,0 +1,35 @@ +# +# Cookbook Name:: apt +# Resource:: repository +# +# Copyright 2010-2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +actions :add, :remove + +def initialize(*args) + super + @action = :add +end + +#name of the repo, used for source.list filename +attribute :repo_name, :kind_of => String, :name_attribute => true +attribute :uri, :kind_of => String +attribute :distribution, :kind_of => String +attribute :components, :kind_of => Array, :default => [] +#whether or not to add the repository as a source repo as well +attribute :deb_src, :default => false +attribute :keyserver, :kind_of => String, :default => nil +attribute :key, :kind_of => String, :default => nil diff --git a/cookbooks/bluepill/README.md b/cookbooks/bluepill/README.md new file mode 100644 index 0000000..128d8f8 --- /dev/null +++ b/cookbooks/bluepill/README.md @@ -0,0 +1,96 @@ +Description +=========== + +Installs bluepill RubyGem and configures it to manage services. Also includes a LWRP. + +Changes +======= + +## v1.0.0: + +* [COOK-943] - add init script for freebsd + +## v0.3.0: + +* [COOK-867] - enable bluepill service on RHEL family +* [COOK-550] - add freebsd support + +## v0.2.2: + +* Fixes COOK-524, COOK-632 + +Requirements +============ + +Bluepill is a pure Ruby service management tool/library, so this cookbook should work on any system. The attributes do set up paths based on FHS locations, see below. + +Attributes +========== + +Default locations for bluepill are in "FHS compliant" locations. + +* `node["bluepill"]["bin"]` - Path to bluepill program, default is 'bluepill' in the RubyGems binary directory. +* `node["bluepill"]["logfile"]` - Location of the bluepill log file, default "/var/log/bluepill.log". +* `node["bluepill"]["conf_dir"]` - Location of service config files (pills), default "/etc/bluepill". +* `node["bluepill"]["pid_dir"]` - Location of pidfiles, default "/var/run/bluepill" +* `node["bluepill"]["state_dir"]` - Location of state directory, default "/var/lib/bluepill" +* `node["bluepill"]["init_dir"]` - Location of init script directory, default selected by platform. + +Resources/Providers +=================== + +This cookbook contains an LWRP, `bluepill_service`. This can be used with the normal Chef service resource, by using the `provider` parameter, or by specifying the `bluepill_service` shortcut. These two resources are equivalent. + + service "my_app" do + provider bluepill_service + action [:enable, :load, :start] + end + + bluepill_service "my_app" do + action [:enable, :load, :start] + end + +The load action should probably always be specified, to ensure that if bluepill isn't running already it gets started. The + +The recipe using the service must contain a template resource for the pill and it must be named `my_app.pill.erb`, where `my_app` is the service name passed to the bluepill service resource. + +Usage +===== + +Be sure to include the bluepill recipe in the run list to ensure that the gem and bluepill-related directories are created. This will also make the cookbook available on the system and other cookbooks won't need to explicitly depend on it in the metadata. + +If the default directory locations in the attributes/default.rb aren't what you want, change them by setting them either in the attributes file itself, or create attributes in a role applied to any systems that will use bluepill. + +Example pill template resource and .erb file: + + template "/etc/bluepill/my_app" do + source "my_app.pill.erb" + end + + Bluepill.application("my_app") do |app| + app.process("my_app") do |process| + process.pid_file = "/var/run/my_app.pid" + process.start_command = "/usr/bin/my_app" + end + end + +See bluepill's documentation for more information on creating pill templates. + +License and Author +================== + +Author:: Joshua Timberman () + +Copyright 2010, Opscode, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/cookbooks/bluepill/attributes/default.rb b/cookbooks/bluepill/attributes/default.rb new file mode 100644 index 0000000..b31b503 --- /dev/null +++ b/cookbooks/bluepill/attributes/default.rb @@ -0,0 +1,36 @@ +# Cookbook Name:: bluepill +# Attributes:: default +# +# Copyright 2010, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +default["bluepill"]["bin"] = "#{languages[:ruby][:bin_dir]}/bluepill" +default["bluepill"]["logfile"] = "/var/log/bluepill.log" +default["bluepill"]["pid_dir"] = "/var/run/bluepill" +default["bluepill"]["state_dir"] = "/var/lib/bluepill" + +case platform +when "arch" + default["bluepill"]["init_dir"] = "/etc/rc.d" + default["bluepill"]["conf_dir"] = "/etc/bluepill" + default["bluepill"]["group"] = "root" +when "freebsd" + default["bluepill"]["init_dir"] = "/usr/local/etc/rc.d" + default["bluepill"]["conf_dir"] = "/usr/local/etc/bluepill" + default["bluepill"]["group"] = "wheel" +else + default["bluepill"]["init_dir"] = "/etc/init.d" + default["bluepill"]["conf_dir"] = "/etc/bluepill" + default["bluepill"]["group"] = "root" +end diff --git a/cookbooks/bluepill/metadata.rb b/cookbooks/bluepill/metadata.rb new file mode 100644 index 0000000..f78884e --- /dev/null +++ b/cookbooks/bluepill/metadata.rb @@ -0,0 +1,7 @@ +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +description "Installs bluepill gem and configures to manage services, includes bluepill_service LWRP" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "1.0.0" +recipe "bluepill::default", "Installs bluepill rubygem and set up management directories" diff --git a/cookbooks/bluepill/providers/service.rb b/cookbooks/bluepill/providers/service.rb new file mode 100644 index 0000000..36d9e1f --- /dev/null +++ b/cookbooks/bluepill/providers/service.rb @@ -0,0 +1,109 @@ +# +# Cookbook Name:: bluepill +# Provider:: service +# +# Copyright 2010, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'chef/mixin/command' +require 'chef/mixin/language' +include Chef::Mixin::Command + +action :enable do + config_file = "#{node['bluepill']['conf_dir']}/#{new_resource.service_name}.pill" + + unless @bp.enabled + link "#{node['bluepill']['init_dir']}/#{new_resource.service_name}" do + to node['bluepill']['bin'] + only_if { ::File.exists?(config_file) } + end + end + + case node['platform'] + when "centos", "redhat", "freebsd" + template "#{node["bluepill"]["init_dir"]}/bluepill-#{new_resource.service_name}" do + source "bluepill_init.erb" + cookbook "bluepill" + owner "root" + group node["bluepill"]["group"] + mode "0755" + variables( + :service_name => "#{new_resource.service_name}", + :config_file => config_file + ) + end + + service "bluepill-#{new_resource.service_name}" do + action [ :enable ] + end + end +end + +action :load do + unless @bp.running + execute "#{node['bluepill']['bin']} load #{node['bluepill']['conf_dir']}/#{new_resource.service_name}.pill" + end +end + +action :start do + unless @bp.running + execute "#{node['bluepill']['bin']} #{new_resource.service_name} start" + end +end + +action :disable do + if @bp.enabled + file "#{node['bluepill']['conf_dir']}/#{new_resource.service_name}.pill" do + action :delete + end + link "#{node['bluepill']['init_dir']}/#{new_resource.service_name}" do + action :delete + end + end +end + +action :stop do + if @bp.running + execute "#{node['bluepill']['bin']} #{new_resource.service_name} stop" + end +end + +action :restart do + if @bp.running + execute "#{node['bluepill']['bin']} #{new_resource.service_name} restart" + end +end + +def load_current_resource + @bp = Chef::Resource::BluepillService.new(new_resource.name) + @bp.service_name(new_resource.service_name) + + Chef::Log.debug("Checking status of service #{new_resource.service_name}") + + begin + if run_command_with_systems_locale(:command => "#{node['bluepill']['bin']} #{new_resource.service_name} status") == 0 + @bp.running(true) + end + rescue Chef::Exceptions::Exec + @bp.running(false) + nil + end + + if ::File.exists?("#{node['bluepill']['conf_dir']}/#{new_resource.service_name}.pill") && ::File.symlink?("#{node['bluepill']['init_dir']}/#{new_resource.service_name}") + @bp.enabled(true) + else + @bp.enabled(false) + end +end diff --git a/cookbooks/bluepill/recipes/default.rb b/cookbooks/bluepill/recipes/default.rb new file mode 100644 index 0000000..5938f39 --- /dev/null +++ b/cookbooks/bluepill/recipes/default.rb @@ -0,0 +1,33 @@ +# +# Cookbook Name:: bluepill +# Recipe:: default +# +# Copyright 2010, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +gem_package "i18n" +gem_package "bluepill" + +[ + node["bluepill"]["conf_dir"], + node["bluepill"]["pid_dir"], + node["bluepill"]["state_dir"] +].each do |dir| + directory dir do + recursive true + owner "root" + group node["bluepill"]["group"] + end +end diff --git a/cookbooks/bluepill/resources/service.rb b/cookbooks/bluepill/resources/service.rb new file mode 100644 index 0000000..0515d03 --- /dev/null +++ b/cookbooks/bluepill/resources/service.rb @@ -0,0 +1,26 @@ +# +# Cookbook Name:: bluepill +# Resource:: service +# +# Copyright 2010, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +actions :start, :stop, :enable, :disable, :load, :restart + +attribute :service_name, :name_attribute => true +attribute :enabled, :default => false +attribute :running, :default => false +attribute :variables, :kind_of => Hash +attribute :supports, :default => { :restart => true, :status => true } diff --git a/cookbooks/bluepill/templates/centos/bluepill_init.erb b/cookbooks/bluepill/templates/centos/bluepill_init.erb new file mode 100644 index 0000000..9c0e48b --- /dev/null +++ b/cookbooks/bluepill/templates/centos/bluepill_init.erb @@ -0,0 +1,31 @@ +#!/bin/sh +# +# Author: Jamie Winsor () +# +# chkconfig: 345 99 1 +# Provides: <%= @service_name %> +# Default-Start: 3 4 5 +# Default-Stop: 0 1 2 6 + +BLUEPILL_BIN=<%= node['bluepill']['bin'] %> +BLUEPILL_CONFIG=<%= @config_file %> +SERVICE_NAME=<%= @service_name %> + +case "$1" in + start) + echo "Loading bluepill configuration for $SERVICE_NAME " + $BLUEPILL_BIN load $BLUEPILL_CONFIG + ;; + stop) + $BLUEPILL_BIN $SERVICE_NAME stop + $BLUEPILL_BIN $SERVICE_NAME quit + ;; + restart) + $0 stop + $0 start + ;; + *) + echo "Usage: $0 {start|stop|restart}" + exit 1 + ;; +esac diff --git a/cookbooks/bluepill/templates/freebsd/bluepill_init.erb b/cookbooks/bluepill/templates/freebsd/bluepill_init.erb new file mode 100644 index 0000000..a85613f --- /dev/null +++ b/cookbooks/bluepill/templates/freebsd/bluepill_init.erb @@ -0,0 +1,31 @@ +#!/bin/sh +## +# PROVIDE: named +# REQUIRE: SERVERS cleanvar +# KEYWORD: shutdown +# + +. /etc/rc.subr + +name="<%= @service_name %>" +rcvar=`set_rcvar` + +# Set some defaults +<%= @service_name %>_enable=${<%= @service_name %>_enable:-"NO"} + +pidfile="/var/run/<%= @service_name %>.pid" +command="/usr/local/bin/bluepill" + +start_precmd="${command} load <%= node['bluepill']['conf_dir'] %>/<%= @service_name %>.pill" +start_cmd="${command} ${name} start" + +status_cmd="${command} ${name} status" + +stop_cmd="${command} ${name} stop" +stop_postcmd="${command} ${name} quit" + +load_rc_config ${name} + +PATH="${PATH}:/usr/local/bin" + +run_rc_command "$1" diff --git a/cookbooks/build-essential/README.md b/cookbooks/build-essential/README.md new file mode 100644 index 0000000..d75724d --- /dev/null +++ b/cookbooks/build-essential/README.md @@ -0,0 +1,24 @@ +DESCRIPTION +=========== + +Installs packages required for compiling C software from source. + +LICENSE AND AUTHOR +================== + +Author:: Joshua Timberman () +Author:: Seth Chisamore () + +Copyright 2009-2011, Opscode, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/cookbooks/build-essential/metadata.rb b/cookbooks/build-essential/metadata.rb new file mode 100644 index 0000000..e32d668 --- /dev/null +++ b/cookbooks/build-essential/metadata.rb @@ -0,0 +1,10 @@ +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +description "Installs C compiler / build tools" +version "1.0.0" +recipe "build-essential", "Installs C compiler and build tools on Linux" + +%w{ fedora redhat centos ubuntu debian }.each do |os| + supports os +end diff --git a/cookbooks/build-essential/recipes/default.rb b/cookbooks/build-essential/recipes/default.rb new file mode 100644 index 0000000..ccb9501 --- /dev/null +++ b/cookbooks/build-essential/recipes/default.rb @@ -0,0 +1,45 @@ +# +# Cookbook Name:: build-essential +# Recipe:: default +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +case node['platform'] +when "ubuntu","debian" + %w{build-essential binutils-doc}.each do |pkg| + package pkg do + action :install + end + end +when "centos","redhat","fedora" + %w{gcc gcc-c++ kernel-devel make}.each do |pkg| + package pkg do + action :install + end + end +end + +package "autoconf" do + action :install +end + +package "flex" do + action :install +end + +package "bison" do + action :install +end diff --git a/cookbooks/chef-client/README.md b/cookbooks/chef-client/README.md new file mode 100644 index 0000000..79dc8d6 --- /dev/null +++ b/cookbooks/chef-client/README.md @@ -0,0 +1,294 @@ +Description +=========== + +This cookbook is used to configure a system as a Chef Client. + +Requirements +============ + +Chef 0.9.12 or higher is required. + +Platforms +--------- + +The following platforms are supported by this cookbook, meaning that the recipes run on these platforms without error. + +* Debian +* Ubuntu +* Red Hat +* CentOS +* Fedora +* ArchLinux +* FreeBSD +* Mac OS X +* Mac OS X Server + +Opscode Cookbooks +----------------- + +Other cookbooks can be used with this cookbook but they are not explicitly required. The default settings in this cookbook do not require their use. The other cookbooks (on community.opsocde.com) are: + +* bluepill +* daemontools +* runit + +See __USAGE__ below. + +Attributes +========== + +* `node["chef_client"]["interval"]` - Sets `Chef::Config[:interval]` via command-line option for number of seconds between chef-client daemon runs. Default 1800. +* `node["chef_client"]["splay"]` - Sets `Chef::Config[:splay]` via command-line option for a random amount of seconds to add to interval. Default 20. +* `node["chef_client"]["log_dir"]` - Sets directory used in `Chef::Config[:log_location]` via command-line option to a location where chef-client should log output. Default "/var/log/chef". +* `node["chef_client"]["conf_dir"]` - Sets directory used via command-line option to a location where chef-client search for the client config file . Default "/etc/chef". +* `node["chef_client"]["bin"]` - Sets the full path to the `chef-client` binary. Mainly used to set a specific path if multiple versions of chef-client exist on a system or the bin has been installed in a non-sane path. Default "/usr/bin/chef-client" +* `node["chef_client"]["server_url"]` - Sets `Chef::Config[:chef_server_url]` in the config file to the Chef Server URI. Default "http://localhost:4000". See __USAGE__. +* `node["chef_client"]["validation_client_name"]` - Sets `Chef::Config[:validation_client_name]` in the config file to the name of the validation client. Default "chef-validator". See __USAGE__. +* `node["chef_client"]["init_style"]` - Sets up the client service based on the style of init system to use. Default is based on platform and falls back to "none". See __USAGE__. +* `node["chef_client"]["run_path"]` - Directory location where chef-client should write the PID file. Default based on platform, falls back to "/var/run". +* `node["chef_client"]["cache_path"]` - Directory location for `Chef::Config[:file_cache_path]` where chef-client will cache various files. Default is based on platform, falls back to "/var/chef/cache". +* `node["chef_client"]["backup_path"]` - Directory location for `Chef::Config[:file_backup_path]` where chef-client will backup templates and cookbook files. Default is based on platform, falls back to "/var/chef/backup". +* node["chef_client"]["cron"]["minute"] - The hour that chef-client will run as a cron task, only applicable if the you set "cron" as the "init_style" +* node["chef_client"]["cron"]["hour"] - The hour that chef-client will run as a cron task, only applicable if the you set "cron" as the "init_style" + + + +Recipes +======= + +This section describes the recipes in the cookbook and how to use them in your environment. + +config +------ + +Sets up the `/etc/chef/client.rb` config file from a template and reloads the configuration for the current chef-client run. + +service +------- + +Use this recipe on systems that should have a `chef-client` daemon running, such as when Knife bootstrap was used to install Chef on a new system. + +This recipe sets up the `chef-client` service depending on the `init_style` attribute (see above). The following init styles are supported: + +* init - uses the init script included in the chef gem, supported on debian and redhat family distributions. +* upstart - uses the upstart job included in the chef gem, supported on ubuntu. +* arch - uses the init script included in this cookbook for ArchLinux, supported on arch. +* runit - sets up the service under runit, supported on ubuntu, debian and gentoo. +* bluepill - sets up the service under bluepill. As bluepill is a pure ruby process monitor, this should work on any platform. +* daemontools -sets up the service under daemontools, supported on debian, ubuntu and arch +* bsd - prints a message about how to update BSD systems to enable the chef-client service, supported on Free/OpenBSD and OSX. + +default +------- + +Includes the `chef-client::service` recipe by default. + +delete_validation +----------------- + +Use this recipe to delete the validation certificate (default `/etc/chef/validation.pem`) when using a `chef-client` after the client has been validated and authorized to connect to the server. + +Beware if using this on your Chef Server. First copy the validation.pem certificate file to another location, such as your knife configuration directory (`~/.chef`) or [Chef Repository](http://wiki.opscode.com/display/chef/Chef+Repository). + +cron +---- + +Use this recipe to run chef-client as a cron job rather than as a +service. The cron job runs after random delay that is between 0 and 90 +seconds to ensure that the chef-clients don't attempt to connect to +the chef-server at the exact same time. You should set +node["chef_client"]["init_style"] = "none" when you use this mode but +it is not required. + + + +USAGE +===== + +Create a `base` role that will represent the base configuration for any system that includes managing aspects of the chef-client. Add recipes to the run list of the role, customize the attributes, and apply the role to nodes. For example, the following role (Ruby DSL) will set the init style to `init`, delete the validation certificate (as the client would already be authenticated) and set up the chef-client as a service using the init style. + + name "base" + description "Base role applied to all nodes" + override_attributes( + "chef_client" => { + "init_style" => "init" + } + ) + run_list( + "recipe[chef-client::delete_validation]", + "recipe[chef-client::config]", + "recipe[chef-client::service]" + ) + +The `chef-client::config` recipe is only required with init style `init` (default setting for the attribute on debian/redhat family platforms, because the init script doesn't include the `pid_file` option which is set in the config. + +The default Chef Server will be `http://localhost:4000` which is the `Chef::Config[:chef_server_url]` default value. To use the config recipe with the Opscode Platform, for example, add the following to the `override_attributes` + + override_attributes( + "chef_client" => { + "server_url" => "https://api.opscode.com/organizations/ORGNAME", + "validation_client_name" => "ORGNAME-validator" + } + ) + +Where ORGNAME is your Opscode Platform organization name. Be sure to add these attributes to the role if modifying per the section below. + +You can also set all of the `Chef::Config` http proxy related settings. By default Chef will not use a proxy. + + override_attributes( + "chef_client" => { + "http_proxy" => "http://proxy.vmware.com:3128", + "https_proxy" => "http://proxy.vmware.com:3128", + "http_proxy_user" => "my_username", + "http_proxy_pass" => "Awe_some_Pass_Word!", + "no_proxy" => "*.vmware.com,10.*" + } + ) + +Alternate Init Styles +--------------------- + +The alternate init styles available are: + +* runit +* bluepill +* daemontools +* none -- should be specified if you are running chef-client as cron job + +For usage, see below. + +# Runit + +To use runit, download the cookbook from the cookbook site. + + knife cookbook site vendor runit -d + +Change the `init_style` to runit in the base role and add the runit recipe to the role's run list: + + name "base" + description "Base role applied to all nodes" + override_attributes( + "chef_client" => { + "init_style" => "runit" + } + ) + run_list( + "recipe[chef-client::delete_validation]", + "recipe[runit]", + "recipe[chef-client]" + ) + +The `chef-client` recipe will create the chef-client service configured with runit. The runit run script will be located in `/etc/sv/chef-client/run`. The output log will be in the runit service directory, `/etc/sv/chef-client/log/main/current`. + +# Bluepill + +To use bluepill, download the cookbook from the cookbook site. + + knife cookbook site vendor bluepill -d + +Change the `init_style` to runit in the base role and add the bluepill recipe to the role's run list: + + name "base" + description "Base role applied to all nodes" + override_attributes( + "chef_client" => { + "init_style" => "bluepill" + } + ) + run_list( + "recipe[chef-client::delete_validation]", + "recipe[bluepill]", + "recipe[chef-client]" + ) + +The `chef-client` recipe will create the chef-client service configured with bluepill. The bluepill "pill" will be located in `/etc/bluepill/chef-client.pill`. The output log will be to client.log file in the `node["chef_client"]["log_dir"]` location, `/var/log/chef/client` by default. + +# Daemontools + +To use daemontools, download the cookbook from the cookbook site. + + knife cookbook site vendor daemontools -d + +Change the `init_style` to runit in the base role and add the daemontools recipe to the role's run list: + + name "base" + description "Base role applied to all nodes" + override_attributes( + "chef_client" => { + "init_style" => "daemontools" + } + ) + run_list( + "recipe[chef-client::delete_validation]", + "recipe[daemontools]", + "recipe[chef-client]" + ) + +The `chef-client` recipe will create the chef-cilent service configured under daemontools. It uses the same sv run scripts as the runit recipe. The run script will be located in `/etc/sv/chef-client/run`. The output log will be in the daemontools service directory, `/etc/sv/chef-client/log/main/current`. + +Templates +========= + +chef-client.pill.erb +-------------------- + +Bluepill configuration for the chef-client service. + +client.rb.erb +------------- + +Configuration for the client, lands in directory specified by `node["chef_client"]["conf_dir"]` (`/etc/chef/client.rb` by default). + +`sv-chef-client-*run.erb` +------------------------- + +Runit and Daemontools run script for chef-client service and logs. + +Logs will be located in the `node["chef_client"]["log_dir"]`. + +Changes/Roadmap +=============== + +## 1.1.0: + +* [COOK-909] - trigger upstart on correct event +* [COOK-795] - add windows support with winsw +* [COOK-798] - added recipe to run chef-client as a cron job +* [COOK-986] - don't delete the validation.pem if chef-server recipe + is detected + +## 1.0.4: + +* [COOK-670] - Added Solaris service-installation support for chef-client cookbook. +* [COOK-781] - chef-client service recipe fails with chef 0.9.x + +## 1.0.2: + +* [CHEF-2491] init scripts should implement reload + +## 1.0.0: + +* [COOK-204] chef::client pid template doesn't match package expectations +* [COOK-491] service config/defaults should not be pulled from Chef gem +* [COOK-525] Tell bluepill to daemonize chef-client command +* [COOK-554] Typo in backup_path +* [COOK-609] chef-client cookbook fails if init_type is set to upstart and chef is installed from deb +* [COOK-635] Allow configuration of path to chef-client binary in init script + +License and Author +================== + +Author:: Joshua Timberman () +Author:: Seth Chisamore () +Copyright:: 2010-2011, Opscode, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and diff --git a/cookbooks/chef-client/attributes/default.rb b/cookbooks/chef-client/attributes/default.rb new file mode 100644 index 0000000..b16292a --- /dev/null +++ b/cookbooks/chef-client/attributes/default.rb @@ -0,0 +1,70 @@ +# +# Author:: Joshua Timberman () +# Author:: Seth Chisamore () +# Cookbook Name:: chef +# Attributes:: default +# +# Copyright 2008-2011, Opscode, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +require 'rbconfig' + +default["chef_client"]["interval"] = "1800" +default["chef_client"]["splay"] = "20" +default["chef_client"]["log_dir"] = "/var/log/chef" +default["chef_client"]["conf_dir"] = "/etc/chef" +default["chef_client"]["bin"] = "/usr/bin/chef-client" +default["chef_client"]["server_url"] = "http://localhost:4000" +default["chef_client"]["validation_client_name"] = "chef-validator" +default["chef_client"]["cron"] = { "minute" => "0", "hour" => "*/4" } + +case platform +when "arch" + default["chef_client"]["init_style"] = "arch" + default["chef_client"]["run_path"] = "/var/run/chef" + default["chef_client"]["cache_path"] = "/var/cache/chef" + default["chef_client"]["backup_path"] = "/var/lib/chef" +when "debian","ubuntu","redhat","centos","fedora" + default["chef_client"]["init_style"] = "init" + default["chef_client"]["run_path"] = "/var/run/chef" + default["chef_client"]["cache_path"] = "/var/cache/chef" + default["chef_client"]["backup_path"] = "/var/lib/chef" +when "openbsd","freebsd","mac_os_x","mac_os_x_server" + default["chef_client"]["init_style"] = "bsd" + default["chef_client"]["run_path"] = "/var/run" + default["chef_client"]["cache_path"] = "/var/chef/cache" + default["chef_client"]["backup_path"] = "/var/chef/backup" +when "openindiana","opensolaris","nexentacore","solaris2" + default["chef_client"]["init_style"] = "smf" + default["chef_client"]["run_path"] = "/var/run/chef" + default["chef_client"]["cache_path"] = "/var/chef/cache" + default["chef_client"]["backup_path"] = "/var/chef/backup" +when "windows" + default["chef_client"]["init_style"] = "winsw" + default["chef_client"]["run_path"] = "C:/var/run/chef" + default["chef_client"]["cache_path"] = "C:/var/chef/cache" + default["chef_client"]["backup_path"] = "C:/var/chef/backup" + default["chef_client"]["conf_dir"] = "C:/chef" + default["chef_client"]["bin"] = File.join(Gem.bindir, "chef-client") + #Required for minsw wrapper + default["chef_client"]["ruby_bin"] = File.join(RbConfig::CONFIG['bindir'], "ruby.exe") + default["chef_client"]["winsw_url"] = "http://maven.dyndns.org/2/com/sun/winsw/winsw/1.8/winsw-1.8-bin.exe" + default["chef_client"]["winsw_dir"] = "C:/chef/bin" + default["chef_client"]["winsw_exe"] = "chef-client.exe" +else + default["chef_client"]["init_style"] = "none" + default["chef_client"]["run_path"] = "/var/run" + default["chef_client"]["cache_path"] = "/var/chef/cache" + default["chef_client"]["backup_path"] = "/var/chef/backup" +end diff --git a/cookbooks/chef-client/metadata.rb b/cookbooks/chef-client/metadata.rb new file mode 100644 index 0000000..ba7dcbe --- /dev/null +++ b/cookbooks/chef-client/metadata.rb @@ -0,0 +1,15 @@ +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +description "Manages aspects of only chef-client" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "1.1.0" +recipe "chef-client", "Includes the service recipe by default." +recipe "chef-client::config", "Configures the client.rb from a template." +recipe "chef-client::service", "Sets up a client daemon to run periodically" +recipe "chef-client::delete_validation", "Deletes validation.pem after client registers" +recipe "chef-client::cron", "Runs chef-client as a cron job rather than as a service" + +%w{ ubuntu debian redhat centos fedora freebsd openbsd mac_os_x mac_os_x_server windows }.each do |os| + supports os +end diff --git a/cookbooks/chef-client/recipes/config.rb b/cookbooks/chef-client/recipes/config.rb new file mode 100644 index 0000000..982a616 --- /dev/null +++ b/cookbooks/chef-client/recipes/config.rb @@ -0,0 +1,53 @@ +# +# Author:: Joshua Timberman () +# Author:: Joshua Sierles () +# Author:: Seth Chisamore () +# Cookbook Name:: chef +# Recipe:: client +# +# Copyright 2008-2011, Opscode, Inc +# Copyright 2009, 37signals +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +root_group = value_for_platform( + ["openbsd", "freebsd", "mac_os_x", "mac_os_x_server"] => { "default" => "wheel" }, + "default" => "root" +) + +chef_node_name = Chef::Config[:node_name] == node["fqdn"] ? false : Chef::Config[:node_name] + +%w{run_path cache_path backup_path log_dir}.each do |key| + directory node['chef_client'][key] do + recursive true + owner "root" + group root_group + mode 0755 + end +end + +template "#{node["chef_client"]["conf_dir"]}/client.rb" do + source "client.rb.erb" + owner "root" + group root_group + mode 0644 + variables :chef_node_name => chef_node_name + notifies :create, "ruby_block[reload_client_config]" +end + +ruby_block "reload_client_config" do + block do + Chef::Config.from_file("#{node["chef_client"]["conf_dir"]}/client.rb") + end + action :nothing +end diff --git a/cookbooks/chef-client/recipes/cron.rb b/cookbooks/chef-client/recipes/cron.rb new file mode 100644 index 0000000..f313661 --- /dev/null +++ b/cookbooks/chef-client/recipes/cron.rb @@ -0,0 +1,83 @@ +# +# Author:: Joshua Timberman () +# Author:: Seth Chisamore () +# Author:: Bryan Berry () +# Cookbook Name:: chef-client +# Recipe:: cron +# +# Copyright 2009-2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +root_group = value_for_platform( + ["openbsd", "freebsd", "mac_os_x"] => { "default" => "wheel" }, + "default" => "root" + ) + +# COOK-635 account for alternate gem paths +# try to use the bin provided by the node attribute +if ::File.executable?(node["chef_client"]["bin"]) + client_bin = node["chef_client"]["bin"] + # search for the bin in some sane paths +elsif (chef_in_sane_path=Chef::Client::SANE_PATHS.map{|p| p="#{p}/chef-client";p if ::File.executable?(p)}.compact.first) && chef_in_sane_path + client_bin = chef_in_sane_path + # last ditch search for a bin in PATH +elsif (chef_in_path=%x{which chef-client}.chomp) && ::File.executable?(chef_in_path) + client_bin = chef_in_path +else + raise "Could not locate the chef-client bin in any known path. Please set the proper path by overriding node['chef_client']['bin'] in a role." +end + +%w{run_path cache_path backup_path log_dir}.each do |key| + directory node["chef_client"][key] do + recursive true + owner "root" + group root_group + mode 0755 + end +end + +dist_dir, conf_dir = value_for_platform( + ["ubuntu", "debian"] => { "default" => ["debian", "default"] }, + ["redhat", "centos", "fedora", "scientific", "amazon"] => { "default" => ["redhat", "sysconfig"]} + ) + +# let's create the service file so the :disable action doesn't fail +template "/etc/init.d/chef-client" do + source "#{dist_dir}/init.d/chef-client.erb" + mode 0755 + variables( + :client_bin => client_bin + ) +end + +template "/etc/#{conf_dir}/chef-client" do + source "#{dist_dir}/#{conf_dir}/chef-client.erb" + mode 0644 +end + +service "chef-client" do + supports :status => true, :restart => true + action [:disable, :stop] +end + +cron "chef-client" do + minute node['chef_client']['cron']['minute'] + hour node['chef_client']['cron']['hour'] + user "root" + shell "/bin/bash" + command "/bin/sleep `/usr/bin/expr $RANDOM \\% 90` &> /dev/null ; #{client_bin} &> /dev/null " +end + + diff --git a/cookbooks/chef-client/recipes/default.rb b/cookbooks/chef-client/recipes/default.rb new file mode 100644 index 0000000..b9f9cbb --- /dev/null +++ b/cookbooks/chef-client/recipes/default.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: chef-client +# Recipe:: default +# +# Copyright 2010, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "chef-client::service" diff --git a/cookbooks/chef-client/recipes/delete_validation.rb b/cookbooks/chef-client/recipes/delete_validation.rb new file mode 100644 index 0000000..b3c32f2 --- /dev/null +++ b/cookbooks/chef-client/recipes/delete_validation.rb @@ -0,0 +1,26 @@ +# +# Author:: Joshua Timberman +# Cookbook Name:: chef +# Recipe:: delete_validation +# +# Copyright 2010, Opscode, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +unless node[:recipes].include?("chef-server") + file Chef::Config[:validation_key] do + action :delete + backup false + only_if { ::File.exists?(Chef::Config[:client_key]) } + end +end diff --git a/cookbooks/chef-client/recipes/service.rb b/cookbooks/chef-client/recipes/service.rb new file mode 100644 index 0000000..f67b57d --- /dev/null +++ b/cookbooks/chef-client/recipes/service.rb @@ -0,0 +1,242 @@ +# +# Author:: Joshua Timberman () +# Author:: Seth Chisamore () +# Cookbook Name:: chef +# Recipe:: bootstrap_client +# +# Copyright 2009-2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +root_group = value_for_platform( + ["openbsd", "freebsd", "mac_os_x", "mac_os_x_server"] => { "default" => "wheel" }, + "default" => "root" +) + +# COOK-635 account for alternate gem paths +# try to use the bin provided by the node attribute +if ::File.executable?(node["chef_client"]["bin"]) + client_bin = node["chef_client"]["bin"] +# search for the bin in some sane paths +elsif Chef::Client.const_defined?('SANE_PATHS') && (chef_in_sane_path=Chef::Client::SANE_PATHS.map{|p| p="#{p}/chef-client";p if ::File.executable?(p)}.compact.first) && chef_in_sane_path + client_bin = chef_in_sane_path +# last ditch search for a bin in PATH +elsif (chef_in_path=%x{which chef-client}.chomp) && ::File.executable?(chef_in_path) + client_bin = chef_in_path +else + raise "Could not locate the chef-client bin in any known path. Please set the proper path by overriding node['chef_client']['bin'] in a role." +end + +%w{run_path cache_path backup_path log_dir}.each do |key| + directory node["chef_client"][key] do + recursive true + # Work-around for CHEF-2633 + unless node["platform"] == "windows" + owner "root" + group root_group + end + mode 0755 + end +end + +case node["chef_client"]["init_style"] +when "init" + + dist_dir, conf_dir = value_for_platform( + ["ubuntu", "debian"] => { "default" => ["debian", "default"] }, + ["redhat", "centos", "fedora", "scientific", "amazon"] => { "default" => ["redhat", "sysconfig"]} + ) + + template "/etc/init.d/chef-client" do + source "#{dist_dir}/init.d/chef-client.erb" + mode 0755 + variables( + :client_bin => client_bin + ) + notifies :restart, "service[chef-client]", :delayed + end + + template "/etc/#{conf_dir}/chef-client" do + source "#{dist_dir}/#{conf_dir}/chef-client.erb" + mode 0644 + notifies :restart, "service[chef-client]", :delayed + end + + service "chef-client" do + supports :status => true, :restart => true + action :enable + end + +when "smf" + local_path = ::File.join(Chef::Config[:file_cache_path], "/") + template "/lib/svc/method/chef-client" do + source "solaris/chef-client.erb" + owner "root" + group "root" + mode "0777" + notifies :restart, "service[chef-client]" + end + + template (local_path + "chef-client.xml") do + source "solaris/manifest.xml.erb" + owner "root" + group "root" + mode "0644" + notifies :run, "execute[load chef-client manifest]", :immediately + end + + execute "load chef-client manifest" do + action :nothing + command "svccfg import #{local_path}chef-client.xml" + notifies :restart, "service[chef-client]" + end + + service "chef-client" do + action [:enable, :start] + provider Chef::Provider::Service::Solaris + end + +when "upstart" + + case node["platform"] + when "ubuntu" + if (8.04..9.04).include?(node["platform_version"].to_f) + upstart_job_dir = "/etc/event.d" + upstart_job_suffix = "" + else + upstart_job_dir = "/etc/init" + upstart_job_suffix = ".conf" + end + end + + template "#{upstart_job_dir}/chef-client#{upstart_job_suffix}" do + source "debian/init/chef-client.conf.erb" + mode 0644 + variables( + :client_bin => client_bin + ) + notifies :restart, "service[chef-client]", :delayed + end + + service "chef-client" do + provider Chef::Provider::Service::Upstart + action [:enable,:start] + end + +when "arch" + + template "/etc/rc.d/chef-client" do + source "rc.d/chef-client.erb" + mode 0755 + variables( + :client_bin => client_bin + ) + notifies :restart, "service[chef-client]", :delayed + end + + template "/etc/conf.d/chef-client.conf" do + source "conf.d/chef-client.conf.erb" + mode 0644 + notifies :restart, "service[chef-client]", :delayed + end + + service "chef-client" do + action [:enable, :start] + end + +when "runit" + + include_recipe "runit" + runit_service "chef-client" + +when "bluepill" + + directory node["chef_client"]["run_path"] do + recursive true + owner "root" + group root_group + mode 0755 + end + + include_recipe "bluepill" + + template "#{node["bluepill"]["conf_dir"]}/chef-client.pill" do + source "chef-client.pill.erb" + mode 0644 + notifies :restart, "bluepill_service[chef-client]", :delayed + end + + bluepill_service "chef-client" do + action [:enable,:load,:start] + end + +when "daemontools" + + include_recipe "daemontools" + + directory "/etc/sv/chef-client" do + recursive true + owner "root" + group root_group + mode 0755 + end + + daemontools_service "chef-client" do + directory "/etc/sv/chef-client" + template "chef-client" + action [:enable,:start] + log true + end + +when "winsw" + + directory node["chef_client"]["winsw_dir"] do + action :create + end + + template "#{node["chef_client"]["winsw_dir"]}/chef-client.xml" do + source "chef-client.xml.erb" + notifies :run, "execute[restart chef-client using winsw wrapper]", :delayed + end + + winsw_path = File.join(node["chef_client"]["winsw_dir"], node["chef_client"]["winsw_exe"]) + remote_file winsw_path do + source node["chef_client"]["winsw_url"] + not_if { File.exists?(winsw_path) } + end + + # Work-around for CHEF-2541 + # Should be replaced by a service :restart action + # in Chef 0.10.6 + execute "restart chef-client using winsw wrapper" do + command "#{winsw_path} restart" + not_if { WMI::Win32_Service.find(:first, :conditions => {:name => "chef-client"}).nil? } + action :nothing + end + + execute "Install chef-client service using winsw" do + command "#{winsw_path} install" + only_if { WMI::Win32_Service.find(:first, :conditions => {:name => "chef-client"}).nil? } + end + + service "chef-client" do + action :start + end + +when "bsd" + log "You specified service style 'bsd'. You will need to set up your rc.local file." + log "Hint: chef-client -i #{node["chef_client"]["client_interval"]} -s #{node["chef_client"]["client_splay"]}" +else + log "Could not determine service init style, manual intervention required to start up the chef-client service." +end diff --git a/cookbooks/chef-client/templates/arch/conf.d/chef-client.conf.erb b/cookbooks/chef-client/templates/arch/conf.d/chef-client.conf.erb new file mode 100644 index 0000000..c1bcdb9 --- /dev/null +++ b/cookbooks/chef-client/templates/arch/conf.d/chef-client.conf.erb @@ -0,0 +1,5 @@ +LOGFILE=<%= node["chef_client"]["log_dir"] %>/client.log +CONFIG=<%= node["chef_client"]["conf_dir"] %>/client.rb +INTERVAL=<%= node["chef_client"]["interval"] %> +SPLAY=<%= node["chef_client"]["splay"] %> +CHEF_CLIENT_ARGS="-L $LOGFILE -d -c $CONFIG -i $INTERVAL -s $SPLAY" diff --git a/cookbooks/chef-client/templates/arch/rc.d/chef-client.erb b/cookbooks/chef-client/templates/arch/rc.d/chef-client.erb new file mode 100644 index 0000000..84f7314 --- /dev/null +++ b/cookbooks/chef-client/templates/arch/rc.d/chef-client.erb @@ -0,0 +1,76 @@ +#!/bin/bash +# +# Copyright (c) 2009-2010 Opscode, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +daemon_bin="<%= @client_bin %>" +daemon_name=$(basename $daemon_bin) +PIDF="<%= node["chef_client"]["run_path"] %>/$daemon_name.pid" + +. /etc/rc.conf +. /etc/rc.d/functions +. /etc/conf.d/$daemon_name.conf + +get_pid() { + pidof -o %PPID $daemon_name +} + +case "$1" in + start) + stat_busy "Starting $daemon_name" + PID=$(get_pid) + if [ -z "$PID" ]; then + [ -f $PIDF ] && rm -f $PIDF + $daemon_bin --pid $PIDF $CHEF_CLIENT_ARGS + if [ $? -gt 0 ]; then + stat_fail + exit 1 + else + echo $(get_pid) > $PIDF + add_daemon $daemon_name + stat_done + fi + else + stat_fail + exit 1 + fi + ;; + + stop) + stat_busy "Stopping $daemon_name daemon" + PID=$(get_pid) + [ ! -z "$PID" ] && kill $PID &> /dev/null + if [ $? -gt 0 ]; then + stat_fail + exit 1 + else + rm -f $PIDF &>/dev/null + rm_daemon $daemon_name + stat_done + fi + ;; + + restart) + $0 stop + sleep 3 + $0 start + ;; + status) + stat_busy "Checking $daemon_name status"; + ck_status $daemon_name + ;; + *) + echo "usage: $) {start|stop|restart|status}" +esac diff --git a/cookbooks/chef-client/templates/default/chef-client.pill.erb b/cookbooks/chef-client/templates/default/chef-client.pill.erb new file mode 100644 index 0000000..efbcf24 --- /dev/null +++ b/cookbooks/chef-client/templates/default/chef-client.pill.erb @@ -0,0 +1,14 @@ +Bluepill.application("chef-client") do |app| + + app.process("chef-client") do |process| + process.pid_file = "<%= node["chef_client"]["run_path"] %>/chef-client.pid" + process.working_dir = "/" + process.start_command = "env PATH=/usr/local/bin:/usr/local/sbin:/bin:/sbin:/usr/bin:/usr/sbin<% if node["languages"]["ruby"]["gems_dir"] %>:<%= node["languages"]["ruby"]["gems_dir"] %>/bin<% end -%> chef-client -i <%= node["chef_client"]["interval"] %> -s <%= node["chef_client"]["splay"] %> -P <%= node["chef_client"]["run_path"] %>/chef-client.pid" + process.stdout = process.stderr = "<%= node["chef_client"]["log_dir"] %>/client.log" + process.start_grace_time = 5.seconds + process.stop_grace_time = 5.seconds + process.restart_grace_time = 30.seconds + process.daemonize = true + end + +end diff --git a/cookbooks/chef-client/templates/default/client.rb.erb b/cookbooks/chef-client/templates/default/client.rb.erb new file mode 100644 index 0000000..cc6797d --- /dev/null +++ b/cookbooks/chef-client/templates/default/client.rb.erb @@ -0,0 +1,36 @@ +log_level :info +log_location STDOUT + +<% if Chef::Config.has_key?(:chef_server_url) -%> +chef_server_url "<%= Chef::Config[:chef_server_url] %>" +<% else -%> +chef_server_url "<%= node["chef_client"]["server_url"] %>" +<% end -%> +validation_client_name "<%= node["chef_client"]["validation_client_name"] %>" +<% if @chef_node_name -%> +node_name "<%= @chef_node_name %>" +<% else -%> +# Using default node name +<% end -%> + +file_backup_path "<%= node["chef_client"]["backup_path"] %>" +file_cache_path "<%= node["chef_client"]["cache_path"] %>" +<% unless %w{ runit bluepill daemontools }.include?(node["chef_client"]["init_style"]) -%> + +pid_file "<%= node["chef_client"]["run_path"] %>/client.pid" +<% end -%> +<%= "http_proxy \"#{node["chef_client"]["http_proxy"]}\"\n" unless node["chef_client"]["http_proxy"].nil? -%> +<%= "https_proxy \"#{node["chef_client"]["https_proxy"]}\"\n" unless node["chef_client"]["https_proxy"].nil? -%> +<%= "http_proxy_user \"#{node["chef_client"]["http_proxy_user"]}\"\n" unless node["chef_client"]["http_proxy_user"].nil? -%> +<%= "http_proxy_pass \"#{node["chef_client"]["http_proxy_pass"]}\"\n" unless node["chef_client"]["http_proxy_pass"].nil? -%> +<%= "no_proxy \"#{node["chef_client"]["no_proxy"]}\"\n" unless node["chef_client"]["no_proxy"].nil? -%> +<% unless node["chef_client"]["http_proxy"].nil? -%> + +# set the proxy env variable so rubygems works correctly +ENV['http_proxy'] = "<%= node["chef_client"]["http_proxy"] %>" +ENV['HTTP_PROXY'] = "<%= node["chef_client"]["http_proxy"] %>" +<% end -%> +<% if node.attribute?("ohai") && node["ohai"].attribute?("plugin_path") -%> + +Ohai::Config[:plugin_path] << "<%= node["ohai"]["plugin_path"] %>" +<% end -%> \ No newline at end of file diff --git a/cookbooks/chef-client/templates/default/debian/default/chef-client.erb b/cookbooks/chef-client/templates/default/debian/default/chef-client.erb new file mode 100644 index 0000000..6c84e6c --- /dev/null +++ b/cookbooks/chef-client/templates/default/debian/default/chef-client.erb @@ -0,0 +1,4 @@ +LOGFILE=<%= node["chef_client"]["log_dir"] %>/client.log +CONFIG=<%= node["chef_client"]["conf_dir"] %>/client.rb +INTERVAL=<%= node["chef_client"]["interval"] %> +SPLAY=<%= node["chef_client"]["splay"] %> diff --git a/cookbooks/chef-client/templates/default/debian/init.d/chef-client.erb b/cookbooks/chef-client/templates/default/debian/init.d/chef-client.erb new file mode 100644 index 0000000..4c2e1d2 --- /dev/null +++ b/cookbooks/chef-client/templates/default/debian/init.d/chef-client.erb @@ -0,0 +1,185 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: chef-client +# Required-Start: $remote_fs $network +# Required-Stop: $remote_fs $network +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start a chef-client. +### END INIT INFO +# +# Copyright (c) 2009-2010 Opscode, Inc, +# +# chef-client Startup script for chef-client. +# chkconfig: - 99 02 +# description: starts up chef-client in daemon mode. + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=<%= @client_bin %> +NAME=chef-client +DESC=chef-client +PIDFILE=<%= node["chef_client"]["run_path"] %>/client.pid + +test -x $DAEMON || exit 0 + +. /lib/lsb/init-functions + +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +if [ ! -d /var/run/chef ]; then + mkdir /var/run/chef +fi + +DAEMON_OPTS="-d -P $PIDFILE -L $LOGFILE -c $CONFIG -i $INTERVAL -s $SPLAY" + +running_pid() { + pid=$1 + name=$2 + [ -z "$pid" ] && return 1 + [ ! -d /proc/$pid ] && return 1 + cmd=`awk '/Name:/ {print $2}' /proc/$pid/status` + [ "$cmd" != "$name" ] && return 1 + return 0 +} + +running() { + [ ! -f "$PIDFILE" ] && return 1 + pid=`cat $PIDFILE` + running_pid $pid $NAME || return 1 + return 0 +} + +start_server() { + if [ -z "$DAEMONUSER" ] ; then + start_daemon -p $PIDFILE $DAEMON $DAEMON_OPTS + errcode=$? + else + start-stop-daemon --start --quiet --pidfile $PIDFILE \ + --chuid $DAEMONUSER \ + --exec $DAEMON -- $DAEMON_OPTS + errcode=$? + fi + return $errcode +} + +stop_server() { + if [ -z "$DAEMONUSER" ] ; then + killproc -p $PIDFILE $DAEMON + errcode=$? + else + start-stop-daemon --stop --quiet --pidfile $PIDFILE \ + --user $DAEMONUSER \ + --exec $DAEMON + errcode=$? + fi + return $errcode +} + +reload_server() { + if [ -z "$DAEMONUSER" ] ; then + killproc -p $PIDFILE $DAEMON -HUP + errcode=$? + else + start-stop-daemon --stop --signal HUP --quiet --pidfile $PIDFILE \ + --user $DAEMONUSER \ + --exec $DAEMON + errcode=$? + fi + return $errcode +} + +force_stop() { + [ ! -e "$PIDFILE" ] && return + if running ; then + /bin/kill -15 $pid + sleep "$DIETIME"s + if running ; then + /bin/kill -9 $pid + sleep "$DIETIME"s + if running ; then + echo "Cannot kill $NAME (pid=$pid)!" + exit 1 + fi + fi + fi + rm -f $PIDFILE +} + +case "$1" in + start) + log_daemon_msg "Starting $DESC " "$NAME" + if running ; then + log_progress_msg "apparently already running" + log_end_msg 0 + exit 0 + fi + if start_server ; then + [ -n "$STARTTIME" ] && sleep $STARTTIME # Wait some time + if running ; then + log_end_msg 0 + else + log_end_msg 1 + fi + else + log_end_msg 1 + fi + ;; + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + if running ; then + errcode=0 + stop_server || errcode=$? + log_end_msg $errcode + else + log_progress_msg "apparently not running" + log_end_msg 0 + exit 0 + fi + ;; + force-stop) + $0 stop + if running; then + log_daemon_msg "Stopping (force) $DESC" "$NAME" + errcode=0 + force_stop || errcode=$? + log_end_msg $errcode + fi + ;; + restart|force-reload) + log_daemon_msg "Restarting $DESC" "$NAME" + errcode=0 + stop_server || errcode=$? + [ -n "$DIETIME" ] && sleep $DIETIME + start_server || errcode=$? + [ -n "$STARTTIME" ] && sleep $STARTTIME + running || errcode=$? + log_end_msg $errcode + ;; + status) + log_daemon_msg "Checking status of $DESC" "$NAME" + if running ; then + log_progress_msg "running" + log_end_msg 0 + else + log_progress_msg "apparently not running" + log_end_msg 1 + exit 3 + fi + ;; + reload) + if running; then + log_daemon_msg "Reloading $DESC" "$NAME" + errcode=0 + reload_server || errcode=$? + log_end_msg $errcode + fi + ;; + *) + N=/etc/init.d/$NAME + echo "Usage: $N {start|stop|force-stop|restart|force-reload|status}" >&2 + exit 1 + ;; +esac + +exit 0 + diff --git a/cookbooks/chef-client/templates/default/debian/init/chef-client.conf.erb b/cookbooks/chef-client/templates/default/debian/init/chef-client.conf.erb new file mode 100644 index 0000000..3433d92 --- /dev/null +++ b/cookbooks/chef-client/templates/default/debian/init/chef-client.conf.erb @@ -0,0 +1,17 @@ +# chef-client - Chef Configuration Management Client +# +# Chef Client provides the Chef configuration management daemon + +description "Chef Client" + +start on net-device-up +stop on runlevel [!2345] + +respawn +respawn limit 5 30 + +pre-start script + test -x <%= @client_bin %> || { stop; exit 0; } +end script + +exec <%= @client_bin %> -i <%= node["chef_client"]["interval"] %> -L <%= node["chef_client"]["log_dir"] %>/client.log diff --git a/cookbooks/chef-client/templates/default/redhat/init.d/chef-client.erb b/cookbooks/chef-client/templates/default/redhat/init.d/chef-client.erb new file mode 100644 index 0000000..a9ddf76 --- /dev/null +++ b/cookbooks/chef-client/templates/default/redhat/init.d/chef-client.erb @@ -0,0 +1,110 @@ +#!/bin/bash +# +# chef-client Startup script for the Chef client +# +# chkconfig: - 98 02 +# description: Client component of the Chef systems integration framework. + +### BEGIN INIT INFO +# Provides: chef-client +# Required-Start: $local_fs $network $remote_fs +# Required-Stop: $local_fs $network $remote_fs +# Should-Start: $named $time +# Should-Stop: $named $time +# Short-Description: Startup script for the Chef client +# Description: Client component of the Chef systems integration framework. +### END INIT INFO + +# Source function library +. /etc/init.d/functions + +exec="<%= @client_bin %>" +prog="chef-client" + +[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog + +config=${CONFIG-/etc/chef/client.rb} +pidfile=${PIDFILE-/var/run/chef/client.pid} +lockfile=${LOCKFILE-/var/lock/subsys/$prog} +logfile=${LOGFILE-/var/log/chef/client.log} +interval=${INTERVAL-1800} +splay=${SPLAY-20} +options=${OPTIONS-} + +start() { + [ -x $exec ] || exit 5 + [ -f $config ] || exit 6 + echo -n $"Starting $prog: " + daemon chef-client -d -c "$config" -L "$logfile" -P "$pidfile" -i "$interval" -s "$splay" "$options" + retval=$? + echo + [ $retval -eq 0 ] && touch $lockfile + return $retval +} + +stop() { + echo -n $"Stopping $prog: " + killproc -p $pidfile chef-client + retval=$? + echo + [ $retval -eq 0 ] && rm -f $lockfile + return $retval +} + +restart () { + stop + start +} + +reload() { + echo -n $"Reloading $prog: " + killproc -p $pidfile chef-client -HUP + retval=$? + echo + return $retval +} + +force_reload() { + restart +} + +rh_status() { + # run checks to determine if the service is running or use generic status + status -p $pidfile $prog +} + +rh_status_q() { + rh_status >/dev/null 2>&1 +} + +case "$1" in + start) + rh_status_q && exit 0 + $1 + ;; + stop) + rh_status_q || exit 0 + $1 + ;; + restart) + $1 + ;; + reload) + rh_status_q || exit 7 + $1 + ;; + force-reload) + force_reload + ;; + status) + rh_status + ;; + condrestart|try-restart) + rh_status_q || exit 0 + restart + ;; + *) + echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" + exit 2 +esac +exit $? diff --git a/cookbooks/chef-client/templates/default/redhat/sysconfig/chef-client.erb b/cookbooks/chef-client/templates/default/redhat/sysconfig/chef-client.erb new file mode 100644 index 0000000..d6ee493 --- /dev/null +++ b/cookbooks/chef-client/templates/default/redhat/sysconfig/chef-client.erb @@ -0,0 +1,15 @@ +# Configuration file for the chef-client service + +CONFIG=<%= node["chef_client"]["conf_dir"] %>/client.rb +PIDFILE=<%= node["chef_client"]["run_path"] %>/client.pid +#LOCKFILE=/var/lock/subsys/chef-client +LOGFILE=<%= node["chef_client"]["log_dir"] %>/client.log +# Sleep interval between runs. +# This value is in seconds. +INTERVAL=<%= node["chef_client"]["interval"] %> +# Maximum amount of random delay before starting a run. Prevents every client +# from contacting the server at the exact same time. +# This value is in seconds. +SPLAY=<%= node["chef_client"]["splay"] %> +# Any additional chef-client options. +#OPTIONS= diff --git a/cookbooks/chef-client/templates/default/solaris/chef-client.erb b/cookbooks/chef-client/templates/default/solaris/chef-client.erb new file mode 100644 index 0000000..376cd3e --- /dev/null +++ b/cookbooks/chef-client/templates/default/solaris/chef-client.erb @@ -0,0 +1,78 @@ +#!/bin/bash +#################################################################### +# COOKBOOK NAME: chef-client +# RECIPE: default +# DESCRIPTION: chef-client start/stop script for Solaris SMF +# +#################################################################### +# (C)2011 DigiTar, All Rights Reserved +# Distributed under the BSD License +# +# Redistribution and use in source and binary forms, with or without modification, +# are permitted provided that the following conditions are met: +# +# * Redistributions of source code must retain the above copyright notice, +# this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright notice, +# this list of conditions and the following disclaimer in the documentation +# and/or other materials provided with the distribution. +# * Neither the name of DigiTar nor the names of its contributors may be +# used to endorse or promote products derived from this software without +# specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY +# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT +# SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH +# DAMAGE. +# +#################################################################### + +. /lib/svc/share/smf_include.sh + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/bin/chef-client +NAME=chef-client +DESC=chef-client +PIDFILE=<%= node["chef_client"]["run_path"] %>/client.pid +LOGFILE=<%= node["chef_client"]["log_dir"] %>/client.log +CONFIG=<%= node["chef_client"]["conf_dir"] %>/client.rb +INTERVAL=<%= node["chef_client"]["interval"] %> +SPLAY=<%= node["chef_client"]["splay"] %> + +DAEMON_OPTS="-d -P $PIDFILE -L $LOGFILE -c $CONFIG -i $INTERVAL -s $SPLAY" + +if [ ! -d <%= node["chef_client"]["run_path"] %> ]; then + mkdir <%= node["chef_client"]["run_path"] %> +fi + +case "$1" in +'start') +$DAEMON $DAEMON_OPTS +;; + +'stop') +kill `cat $PIDFILE` +;; + +'refresh') +kill -1 `cat $PIDFILE` +;; + +'restart') +kill `cat $PIDFILE` +$DAEMON $DAEMON_OPTS +;; + +*) +echo $"Usage: $0 (start|stop|restart|refresh)" +exit 1 +;; + +esac +exit $SMF_EXIT_OK diff --git a/cookbooks/chef-client/templates/default/solaris/manifest.xml.erb b/cookbooks/chef-client/templates/default/solaris/manifest.xml.erb new file mode 100644 index 0000000..02e5a13 --- /dev/null +++ b/cookbooks/chef-client/templates/default/solaris/manifest.xml.erb @@ -0,0 +1,103 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/cookbooks/chef-client/templates/default/sv-chef-client-log-run.erb b/cookbooks/chef-client/templates/default/sv-chef-client-log-run.erb new file mode 100644 index 0000000..a79a518 --- /dev/null +++ b/cookbooks/chef-client/templates/default/sv-chef-client-log-run.erb @@ -0,0 +1,2 @@ +#!/bin/sh +exec svlogd -tt ./main diff --git a/cookbooks/chef-client/templates/default/sv-chef-client-run.erb b/cookbooks/chef-client/templates/default/sv-chef-client-run.erb new file mode 100644 index 0000000..a054a5e --- /dev/null +++ b/cookbooks/chef-client/templates/default/sv-chef-client-run.erb @@ -0,0 +1,4 @@ +#!/bin/sh +PATH=/usr/local/bin:/usr/local/sbin:/bin:/sbin:/usr/bin:/usr/sbin<% if node["languages"]["ruby"]["gems_dir"] %>:<%= node["languages"]["ruby"]["gems_dir"] %>/bin<% end -%> +exec 2>&1 +exec /usr/bin/env chef-client -i <%= node["chef_client"]["interval"] %> -s <%= node["chef_client"]["splay"] %> diff --git a/cookbooks/chef-client/templates/windows/chef-client.xml.erb b/cookbooks/chef-client/templates/windows/chef-client.xml.erb new file mode 100644 index 0000000..83849de --- /dev/null +++ b/cookbooks/chef-client/templates/windows/chef-client.xml.erb @@ -0,0 +1,38 @@ + + + + + chef-client + Chef-client Service for Windows + This service runs chef-client. Configuration of this service is managed by the chef-client cookbook. + <%= node["chef_client"]["ruby_bin"] %> + <%= node["chef_client"]["bin"] %> -L "<%= File.join(node["chef_client"]["log_dir"], "client.log") %>" -c "<%= File.join(node["chef_client"]["conf_dir"], "client.rb") %>" -i <%= node["chef_client"]["interval"] %> -s <%= node["chef_client"]["splay"] %> + rotate + <%= node["chef_client"]["log_dir"] %> + diff --git a/cookbooks/chef-server/README.md b/cookbooks/chef-server/README.md new file mode 100644 index 0000000..ebfaa2e --- /dev/null +++ b/cookbooks/chef-server/README.md @@ -0,0 +1,358 @@ +IMPORTANT CHANGES +================= + +Please note the following important changes to the Chef cookbook(s) that coincide with the 0.10 release of Chef. + +Cookbook Renaming +----------------- + +The cookbook formerly known as 'chef' has been split into two cookbooks: + +* chef-client +* chef-server + +So users have a clearer distinction about where to find recipes for managing Chef itself. The `chef` cookbook will still be available for backwards compatibility reasons. + +Attributes +---------- + +The attributes are namespaced between using `chef_client` and `chef_server`. Several attributes have been renamed completely. See the attributes section below. + +Paths +----- + +Path default values are selected by Platform according to the various distributions "best practice" preference. For example, major Linux distributions use the Filesystem Hierarchy Standard, which the attributes attempt to mimic. See the various platform specific path attributes in the attributes section. + +Init Style +---------- + +The default init style is chosen based on the platform. See the usage section on choosing an init style below. + +Recipes +------- + +The recipes in the chef cookbook that are now in chef-server: + + chef::bootstrap_server -> chef-server::rubygems-install + chef::server -> chef-server::default + chef::server_proxy -> chef-server::apache-proxy + +See the recipes section below. + +DESCRIPTION +=========== + +This cookbook is used to configure a system to be a Chef Server. It has a few recipes, please read the recipes section below for information on what each one is used for. + +REQUIREMENTS +============ + +Chef 0.10.0 or later is required. For earlier versions of Chef, see the `chef` cookbook, version 0.99.0. + +Platform +-------- + +The Chef Server will work on a variety of platforms, however a Ubuntu or Debian is recommended when performing a RubyGems installation. Other platforms may work but are not as well tested. + +The `chef-server::default` recipe will work on any platform running the Chef Server, as it only compacts the CouchDB / views. + +See: + +* http://wiki.opscode.com/display/chef/Installing+Chef+Server+using+Chef+Solo + +Note that CentOS 5 is known to not work due to issues with Ruby. + +Cookbooks +--------- + +The chef-server cookbook requires the following cookbooks from Opscode. Some are required for various init style options (bluepill, runit, daemontools): + +* apt +* apache2 +* runit +* couchdb +* chef-client +* chef-server +* openssl +* gecode +* java +* xml +* zlib +* erlang +* bluepill +* daemontools +* ucspi-tcp +* build-essential + +ATTRIBUTES +========== + +The attributes used by this cookbook are under the `chef_server` namespace. + +When using the rubygems-install recipe, set the desired attributes using a JSON file. See __RUBYGEMS_INSTALLATION__ for more information. + +Platform Specific Attributes +---------------------------- + +The following attributes are chosen based on the platform and set accordingly. See the attributes/default.rb for default values by platform. The following platforms are supported: + +* arch +* debian +* ubuntu +* redhat +* centos +* fedora +* openbsd +* freebsd +* mac\_os\_x + +### init\_style + +This attribute is used by the `chef-server::rubygems-install` recipe. This specifies the type of init system used on the Chef Server. The attributes file will choose an init style based on the platform, but this can be overriden by specifying an alternate value. + +Automatically determined values: + +* arch - ArchLinux, and uses the appropriate rc.d and conf.d scripts out of the `chef` gem. +* init - Debian, Ubuntu, Red Hat, CentOS and Fedora. Uses the appropriate /etc/default, /etc/sysconfig and /etc/init.d files out of the `chef` gem. +* bsd - OpenBSD, FreeBSD and Mac OS X, does not actually set up any system startup daemon, but provides a log message for the administrator of further hints. + +The following alternate init styles are available as well. + +* runit - sets up the daemons and logging in /etc/sv/SERVICE with Opscode's `runit` cookbook. +* daemontools - sets up the daemons and logging in /etc/sv/SERVICE with Opscode's `daemontools` cookbook. +* bluepill - sets up the daemons in /etc/bluepill/SERVICE with Opscode's `bluepill` cookbook. + +This cookbook does not yet support Upstart for Ubuntu/Debian, but that is planned for a future release, and will be specified via this attribute. + +### path + +Used for the `chef` user's home directory. + +### run\_path + +Location for PID files on systems using init scripts. + +If `init_style` is `init`, this is used, and should match what the init script itself uses for the PID files. + +### cache\_path + +Location where the client will cache cookbooks and other data. Corresponds to `Chef::Config[:file_cache_path]` configuration value. + +### backup\_path + +Location where backups of files replaced by Chef (template, `cookbook_file`, etc), corresponds to the `Chef::Config[:file_backup_path]` location. + +Non-platform Specific Attributes +-------------------------------- + +### umask + +Sets the umask for files created by the server process via `Chef::Config[:umask]` in `/etc/chef/server.rb` + +### url + +Full URI for the Chef Server. Used by `Chef::Config[:chef_server_url]` configuration setting. Default is http://localhost:4000. If running chef-solr on a separate machine, configure it to the appropriate network accessible URL (e.g., http://chef.example.com:4000). + +### log\_dir + +Location where logs should be stored when initializing services via init scripts. Not used if init style is runit, daemontools or bluepill. + +### api\_port + +Port for the Server API service to listen on. Default `4000`. + +### webui\_port + +Port for the Server WebUI service to listen on. Default `4040`. + +### webui\_enabled + +As of version 0.8.x+, the WebUI part of the Chef Server is optional, and disabled by default. To enable it, set this to true. + +### solr\_heap\_size + +Sets the amount of memory for the SOLR heap, default 256M. + +### validation\_client\_name + +Set the name of the special client used to validate new clients. Default `chef-validator`. + +### expander\_nodes + +Number of nodes to start up for the chef-expander (replacement for chef-solr-indexer in 0.10). Default is 1. + +Server Proxy Attributes +----------------------- + +The following attributes are used by the `apache-proxy.rb` recipe, and are stored in the `apache-proxy.rb` attributes file. They are under the `node['chef_server']` attribute space. + +doc\_root +--------- + +DocumentRoot for the WebUI. Also gets set in the vhost for the API, but it is not used since the vhost merely proxies to the server on port 4000. + +ssl\_req +-------- + +This attribute can be used to set up a self-signed SSL certificate automatically using OpenSSL. Fields: + +* C: country (two letter code) +* ST: state/province +* L: locality or city +* O: organization +* OU: organizational unit +* CN: canonical name, usually the fully qualified domain name of the server (FQDN) +* emailAddress: contact email address + +This attribute should be a single string, fields separated by /. + +css\_expire\_hours +------------------ + +Sets expiration time for CSS in the WebUI. + +js\_expire\_hours +----------------- + +Sets expiration time for JavaScript in the WebUI. + +api\_server\_name +----------------- + +VirtualHost server name for the API. + +api\_port +--------- + +Port for the API's HTTPS proxy. + +api\_aliases +------------ + +VirtualHost server aliases for the API. + +webui\_server\_name +----------------- + +VirtualHost server name for the webui. + +webui\_port +--------- + +Port for the WebUI HTTPS proxy. + +webui\_aliases +------------ + +VirtualHost server alaises for the webui. + +RECIPES AND USAGE +================= + +This section describes the recipes in the cookbook and how to use them in your environment. This is focused on the Chef Server itself. To set up a Chef Server that will also be a Chef Client to itself, see the `chef-client` cookbook. + +default +------- + +Since the Chef Server itself typically runs the CouchDB service for the data store, the recipe will do a compaction on the Chef database and all the views associated with the Chef Server. These compactions only occur if the database/view size is more than 100Mb. It will use the configured CouchDB URL, which is `http://localhost:5984` by default. The actual value used for the CouchDB server is from the `Chef::Config[:couchdb_url]`, so this can be dynamically changed in the /etc/chef/server.rb config file. + +apache-proxy +------------ + +This recipe sets up an Apache2 VirtualHost to proxy HTTPS for the Chef Server API and WebUI. + +The API will be proxied on port 443. If the WebUI is enabled, it will be proxied on port 444. The recipe dynamically creates the OpenSSL certificate based on the `node['chef_server']['ssl_req']` attribute. It uses additional configuration for Apache to improve performance of the webui. The virtual host template is `chef_server.conf.erb`. The DocumentRoot setting is used for the WebUI, but not the API, and is set with the attribute `node['chef_server']['doc_root']`. + +rubygems-install +---------------- + +ONLY FOR RUBYGEMS INSTALLATIONS. Do not use this recipe if you installed Chef from packages for your platform. + +Use this recipe to "bootstrap" a system to become a Chef Server. This recipe does the following: + +* Creates a `chef` user. +* Installs CouchDB from package or source depending on the platform. +* Installs Java for the `chef-solr` search engine. +* Installs RabbitMQ with the `chef-server::rabbitmq` recipe for the chef-expander consumer. +* Installs Gecode with the `gecode` cookbook. On Debian/Ubuntu, Opscode's APT repository will be used. On other platforms, Gecode will be installed from source, which can take a long time. +* Installs all the Server-related RubyGems. +* Creates the server configuration file `/etc/chef/server.rb` based on the configuration passed via JSON. +* Creates the chef-solr configuration file, `/etc/chef/solr.rb`. +* Sets up the `chef-server`, `chef-solr`, `chef-expander` services depending on the `init_style` attribute (see above). + +Minimal JSON to use for the server configuration: + + { + "chef_server": { + "url": "http://localhost.localdomain:4000", + }, + "run_list": "recipe[chef-server::rubygems-install]" + } + +Note that the `chef-server-webui` is optional and can be enabled if desired. + + { + "chef_server": { + "url": "http://localhost.localdomain:4000", + "webui_enabled": true + }, + "run_list": "recipe[chef-server::rubygems-install]" + } + +For more information see [Bootstrap Chef RubyGems Installation](http://wiki.opscode.com/display/chef/Bootstrap+Chef+RubyGems+Installation) on the Chef Wiki and the attributes section above. + +TEMPLATES +========= + +chef\_server.conf.erb +--------------------- + +VirtualHost file used by Apache2 in the `chef-server::apache-proxy` recipe. + +server.rb.erb +------------- + +Configuration for the server and server components used in the `chef-server::rubygems-install` recipe. + +solr.rb.erb +----------- + +Configuration for chef-solr used in the `chef-server::rubygems-install` recipe. + +sv-\*run.erb +------------- + +Runit and daemontools "run" scripts for the services configured when `node['chef_server']['init_style']` is "runit" or "daemontools". + +\*.pill.erb +----------- + +Bluepill "pill" files for the services configured when `node['chef_server']['init_style']` is "bluepill". + +Changes +======= + +## v0.99.12: + +* [COOK-757] - compact all the views +* [COOK-969] - `server_name` and `server_aliases` as configurable attributes on `chef_server::nginx-proxy` and `chef_server::apache-proxy` + +LICENSE AND AUTHORS +=================== + +* Author: Joshua Timberman +* Author: Joshua Sierles + +* Copyright 2008-2012, Opscode, Inc +* Copyright 2009, 37signals + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and diff --git a/cookbooks/chef-server/attributes/default.rb b/cookbooks/chef-server/attributes/default.rb new file mode 100644 index 0000000..91c537b --- /dev/null +++ b/cookbooks/chef-server/attributes/default.rb @@ -0,0 +1,55 @@ +# +# Author:: Joshua Timberman +# Cookbook Name:: chef-server +# Attributes:: default +# +# Copyright 2008-2011, Opscode, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +case platform +when "arch" + default["chef_server"]["init_style"] = "arch" + default["chef_server"]["path"] = "/var/lib/chef" + default["chef_server"]["run_path"] = "/var/run/chef" + default["chef_server"]["cache_path"] = "/var/cache/chef" + default["chef_server"]["backup_path"] = "/var/lib/chef/backup" +when "debian","ubuntu","redhat","centos","fedora" + default["chef_server"]["init_style"] = "init" + default["chef_server"]["path"] = "/var/lib/chef" + default["chef_server"]["run_path"] = "/var/run/chef" + default["chef_server"]["cache_path"] = "/var/cache/chef" + default["chef_server"]["backup_path"] = "/var/lib/chef/backup" +when "openbsd","freebsd","mac_os_x" + default["chef_server"]["init_style"] = "bsd" + default["chef_server"]["path"] = "/var/chef" + default["chef_server"]["run_path"] = "/var/run" + default["chef_server"]["cache_path"] = "/var/chef/cache" + default["chef_server"]["backup_path"] = "/var/chef/backup" +else + default["chef_server"]["init_style"] = "none" + default["chef_server"]["path"] = "/var/chef" + default["chef_server"]["run_path"] = "/var/run" + default["chef_server"]["cache_path"] = "/var/chef/cache" + default["chef_server"]["backup_path"] = "/var/chef/backup" +end + +default['chef_server']['umask'] = "0022" +default['chef_server']['url'] = "http://localhost:4000" +default['chef_server']['log_dir'] = "/var/log/chef" +default['chef_server']['api_port'] = "4000" +default['chef_server']['webui_port'] = "4040" +default['chef_server']['webui_enabled'] = false +default['chef_server']['solr_heap_size'] = "256M" +default['chef_server']['validation_client_name'] = "chef-validator" +default['chef_server']['expander_nodes'] = 1 diff --git a/cookbooks/chef-server/attributes/server_proxy.rb b/cookbooks/chef-server/attributes/server_proxy.rb new file mode 100644 index 0000000..f31fc86 --- /dev/null +++ b/cookbooks/chef-server/attributes/server_proxy.rb @@ -0,0 +1,43 @@ +# +# Author:: David Abdemoulaie +# Cookbook Name:: chef-server +# Attributes:: server_proxy +# +# Copyright 2009, David Abdemoulaie +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +include_attribute "apache2" +include_attribute "chef-server" + +default['chef_server']['doc_root'] = "#{node['languages']['ruby']['gems_dir']}/gems/chef-server-webui-#{node['chef_packages']['chef']['version']}/public" +default['chef_server']['ssl_req'] = "/C=US/ST=Several/L=Locality/O=Example/OU=Operations/CN=chef-server-proxy/emailAddress=root@localhost" +default['chef_server']['proxy']['css_expire_hours'] = "120" +default['chef_server']['proxy']['js_expire_hours'] = "24" +default['chef_server']['proxy']['api_server_name'] = "localhost" +default['chef_server']['proxy']['api_port'] = 443 +default['chef_server']['proxy']['api_aliases'] = [ + node['hostname'], + node['fqdn'], + 'chef-server-proxy', + "chef.#{node['domain']}" +] + +default['chef_server']['proxy']['webui_server_name'] = "localhost" +default['chef_server']['proxy']['webui_port'] = 444 +default['chef_server']['proxy']['webui_aliases'] = [ + node['hostname'], + node['fqdn'], + 'chef-server-proxy', + "chef.#{node['domain']}" +] diff --git a/cookbooks/chef-server/metadata.rb b/cookbooks/chef-server/metadata.rb new file mode 100644 index 0000000..4ccb911 --- /dev/null +++ b/cookbooks/chef-server/metadata.rb @@ -0,0 +1,18 @@ +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +description "Installs and configures Chef Server" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "0.99.12" +recipe "chef-server", "Compacts the Chef Server CouchDB." +recipe "chef-server::rubygems-install", "Set up rubygem installed chef server." +recipe "chef-server::apache-proxy", "Configures Apache2 proxy for API and WebUI" +recipe "chef-server::nginx-proxy", "Configures NGINX proxy for API and WebUI" + +%w{ ubuntu debian redhat centos fedora freebsd openbsd }.each do |os| + supports os +end + +%w{ runit bluepill daemontools couchdb apache2 nginx openssl zlib xml java gecode }.each do |cb| + depends cb +end diff --git a/cookbooks/chef-server/recipes/apache-proxy.rb b/cookbooks/chef-server/recipes/apache-proxy.rb new file mode 100644 index 0000000..c4d2382 --- /dev/null +++ b/cookbooks/chef-server/recipes/apache-proxy.rb @@ -0,0 +1,67 @@ +# +# Author:: Joshua Timberman +# Cookbook Name:: chef-server +# Recipe:: apache-proxy +# +# Copyright 2009-2011, Opscode, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +root_group = value_for_platform( + "openbsd" => { "default" => "wheel" }, + "freebsd" => { "default" => "wheel" }, + "default" => "root" +) + +node['apache']['listen_ports'] << "443" unless node['apache']['listen_ports'].include?("443") +if node['chef_server']['webui_enabled'] + node['apache']['listen_ports'] << "444" unless node['apache']['listen_ports'].include?("444") +end + +include_recipe "apache2" +include_recipe "apache2::mod_ssl" +include_recipe "apache2::mod_proxy" +include_recipe "apache2::mod_proxy_http" +include_recipe "apache2::mod_proxy_balancer" +include_recipe "apache2::mod_rewrite" +include_recipe "apache2::mod_headers" +include_recipe "apache2::mod_expires" +include_recipe "apache2::mod_deflate" + +directory "/etc/chef/certificates" do + owner "chef" + group root_group + mode "700" +end + +bash "Create SSL Certificates" do + cwd "/etc/chef/certificates" + code <<-EOH + umask 077 + openssl genrsa 2048 > chef-server-proxy.key + openssl req -subj "#{node['chef_server']['ssl_req']}" -new -x509 -nodes -sha1 -days 3650 -key chef-server-proxy.key > chef-server-proxy.crt + cat chef-server-proxy.key chef-server-proxy.crt > chef-server-proxy.pem + EOH + not_if { ::File.exists?("/etc/chef/certificates/chef-server-proxy.pem") } +end + +web_app "chef-server-proxy" do + template "chef_server.conf.erb" + api_server_name node['chef_server']['proxy']['api_server_name'] + api_server_aliases node['chef_server']['proxy']['api_aliases'] + api_port node['chef_server']['proxy']['api_port'] + webui_server_name node['chef_server']['proxy']['webui_server_name'] + webui_server_aliases node['chef_server']['proxy']['webui_aliases'] + webui_port node['chef_server']['proxy']['webui_port'] + log_dir node['apache']['log_dir'] +end diff --git a/cookbooks/chef-server/recipes/default.rb b/cookbooks/chef-server/recipes/default.rb new file mode 100644 index 0000000..f9dfe88 --- /dev/null +++ b/cookbooks/chef-server/recipes/default.rb @@ -0,0 +1,52 @@ +# +# Author:: Joshua Timberman +# Author:: Joshua Sierles +# Cookbook Name:: chef-server +# Recipe:: default +# +# Copyright 2008-2011, Opscode, Inc +# Copyright 2009, 37signals +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +require 'open-uri' + +http_request "compact chef couchDB" do + action :post + url "#{Chef::Config[:couchdb_url]}/chef/_compact" + only_if do + begin + open("#{Chef::Config[:couchdb_url]}/chef") + JSON::parse(open("#{Chef::Config[:couchdb_url]}/chef").read)["disk_size"] > 100_000_000 + rescue OpenURI::HTTPError + nil + end + end +end + +%w(nodes roles registrations clients data_bags data_bag_items users checksums cookbooks sandboxes environments id_map).each do |view| + + http_request "compact chef couchDB view #{view}" do + action :post + url "#{Chef::Config[:couchdb_url]}/chef/_compact/#{view}" + only_if do + begin + open("#{Chef::Config[:couchdb_url]}/chef/_design/#{view}/_info") + JSON::parse(open("#{Chef::Config[:couchdb_url]}/chef/_design/#{view}/_info").read)["view_index"]["disk_size"] > 100_000_000 + rescue OpenURI::HTTPError + nil + end + end + end + +end diff --git a/cookbooks/chef-server/recipes/nginx-proxy.rb b/cookbooks/chef-server/recipes/nginx-proxy.rb new file mode 100644 index 0000000..ed7de19 --- /dev/null +++ b/cookbooks/chef-server/recipes/nginx-proxy.rb @@ -0,0 +1,61 @@ +# +# Author:: Jamie Winsor +# Cookbook Name:: chef-server +# Recipe:: nginx-proxy +# +# Copyright 2009-2011, Opscode, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +include_recipe "nginx" + +root_group = value_for_platform( + "openbsd" => { "default" => "wheel" }, + "freebsd" => { "default" => "wheel" }, + "default" => "root" +) + +directory "/etc/chef/certificates" do + owner "chef" + group root_group + mode "700" +end + +bash "Create SSL Certificates" do + cwd "/etc/chef/certificates" + code <<-EOH + umask 077 + openssl genrsa 2048 > chef-server-proxy.key + openssl req -subj "#{node['chef_server']['ssl_req']}" -new -x509 -nodes -sha1 -days 3650 -key chef-server-proxy.key > chef-server-proxy.crt + cat chef-server-proxy.key chef-server-proxy.crt > chef-server-proxy.pem + EOH + not_if { ::File.exists?("/etc/chef/certificates/chef-server-proxy.pem") } +end + +template "#{node[:nginx][:dir]}/sites-available/chef_server_proxy.conf" do + source "chef_server.nginx.conf.erb" + owner "root" + group "root" + mode "0644" + notifies :restart, "service[nginx]" + variables( + :api_server_name => node['chef_server']['proxy']['api_server_name'], + :api_aliases => node['chef_server']['proxy']['api_aliases'], + :api_port => node['chef_server']['proxy']['api_port'], + :webui_server_name => node['chef_server']['proxy']['webui_server_name'], + :webui_aliases => node['chef_server']['proxy']['webui_aliases'], + :webui_port => node['chef_server']['proxy']['webui_port'] + ) +end + +nginx_site "chef_server_proxy.conf" diff --git a/cookbooks/chef-server/recipes/rabbitmq.rb b/cookbooks/chef-server/recipes/rabbitmq.rb new file mode 100644 index 0000000..372e84f --- /dev/null +++ b/cookbooks/chef-server/recipes/rabbitmq.rb @@ -0,0 +1,69 @@ +# +# Author:: Daniel DeLeo +# Author:: Joshua Timberman +# +# Cookbook Name:: rabbitmq +# Recipe:: chef +# +# Copyright 2009, Daniel DeLeo +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +def debian_before_squeeze? + platform?("debian") && (node.platform_version.to_f < 5.0 || (node.platform_version.to_f == 5.0 && node.platform_version !~ /.*sid/ )) +end + +if (platform?("ubuntu") && node.platform_version.to_f <= 9.10) || debian_before_squeeze? + include_recipe("erlang") + + rabbitmq_dpkg_path = ::File.join(Chef::Config[:file_cache_path], "/", "rabbitmq-server_1.7.2-1_all.deb") + + remote_file(rabbitmq_dpkg_path) do + checksum "ea2bbbb41f6d539884498bbdb5c7d3984643127dbdad5e9f7c28ec9df76b1355" + source "http://mirror.rabbitmq.com/releases/rabbitmq-server/v1.7.2/rabbitmq-server_1.7.2-1_all.deb" + end + + dpkg_package(rabbitmq_dpkg_path) do + source rabbitmq_dpkg_path + version '1.7.2-1' + action :install + end +else + package "rabbitmq-server" +end + +service "rabbitmq-server" do + if platform?("centos","redhat","fedora") + start_command "/sbin/service rabbitmq-server start &> /dev/null" + stop_command "/sbin/service rabbitmq-server stop &> /dev/null" + end + supports [ :restart, :status ] + action [ :enable, :start ] +end + +# add a chef vhost to the queue +execute "rabbitmqctl add_vhost /chef" do + not_if "rabbitmqctl list_vhosts| grep /chef" +end + +# create chef user for the queue +execute "rabbitmqctl add_user chef testing" do + not_if "rabbitmqctl list_users |grep chef" +end + +# grant the mapper user the ability to do anything with the /chef vhost +# the three regex's map to config, write, read permissions respectively +execute 'rabbitmqctl set_permissions -p /chef chef ".*" ".*" ".*"' do + not_if 'rabbitmqctl list_user_permissions chef|grep /chef' +end diff --git a/cookbooks/chef-server/recipes/rubygems-install.rb b/cookbooks/chef-server/recipes/rubygems-install.rb new file mode 100644 index 0000000..e3c4d19 --- /dev/null +++ b/cookbooks/chef-server/recipes/rubygems-install.rb @@ -0,0 +1,268 @@ +# +# Author:: Joshua Timberman +# Author:: Joshua Sierles +# +# Cookbook Name:: chef +# Recipe:: bootstrap_server +# +# Copyright 2009-2010, Opscode, Inc. +# Copyright 2009, 37signals +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +root_group = value_for_platform( + "openbsd" => { "default" => "wheel" }, + "freebsd" => { "default" => "wheel" }, + "default" => "root" +) + +user "chef" do + system true + shell "/bin/sh" + home node['chef_server']['path'] +end + +case node['platform'] +when "ubuntu" + + if node['platform_version'].to_f >= 9.10 + include_recipe "couchdb" + elsif node['platform_version'].to_f >= 8.10 + include_recipe "couchdb::source" + end + + include_recipe "java" + include_recipe "chef-server::rabbitmq" + include_recipe "gecode" + +when "debian" + if node['platform_version'].to_f >= 6.0 || node['platform_version'] =~ /.*sid/ + include_recipe "couchdb" + else + include_recipe "couchdb::source" + end + + include_recipe "java" + include_recipe "chef-server::rabbitmq" + include_recipe "gecode" + +when "centos","redhat","fedora" + + include_recipe "couchdb" + include_recipe "java" + include_recipe "chef-server::rabbitmq" + include_recipe "gecode" + +else + + log("Unknown platform for CouchDB. Manual installation of CouchDB required.") + log("Unknown platform for RabbitMQ. Manual installation of RabbitMQ required.") + log("Unknown platform for Java. Manual installation of Java required.") + log("Unknown platform for gecode. Manual installation of gecode required.") + log("Components that rely on these packages being installed may fail to start.") + +end + +include_recipe "zlib" +include_recipe "xml" + +server_gems = %w{ chef-server-api chef-solr chef-expander } +server_services = %w{ chef-solr chef-expander chef-server } + +if node['chef_server']['webui_enabled'] + server_gems << "chef-server-webui" + server_services << "chef-server-webui" +end + +server_gems.each do |gem| + gem_package gem do + version node['chef_packages']['chef']['version'] + end +end + +chef_dirs = [ + node['chef_server']['log_dir'], + node['chef_server']['path'], + node['chef_server']['cache_path'], + node['chef_server']['backup_path'], + node['chef_server']['run_path'], + "/etc/chef" +] + +chef_dirs.each do |dir| + directory dir do + owner "chef" + group root_group + mode 0755 + end +end + +%w{ server solr }.each do |cfg| + template "/etc/chef/#{cfg}.rb" do + source "#{cfg}.rb.erb" + owner "chef" + group root_group + mode 0600 + end + + link "/etc/chef/webui.rb" do + to "/etc/chef/server.rb" + end + + link "/etc/chef/expander.rb" do + to "/etc/chef/solr.rb" + end +end + +directory node['chef_server']['path'] do + owner "chef" + group root_group + mode 0755 +end + +%w{ cache search_index }.each do |dir| + directory "#{node['chef_server']['path']}/#{dir}" do + owner "chef" + group root_group + mode 0755 + end +end + +directory "/etc/chef/certificates" do + owner "chef" + group root_group + mode 0700 +end + +directory node['chef_server']['run_path'] do + owner "chef" + group root_group + mode 0755 +end + +# install solr +execute "chef-solr-installer" do + command "chef-solr-installer -c /etc/chef/solr.rb -u chef -g #{root_group}" + path %w{ /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin /sbin /bin } + not_if { ::File.exists?("#{node['chef_server']['path']}/solr/home") } +end + +case node['chef_server']['init_style'] +when "runit" + + include_recipe "runit" + + server_services.each do |svc| + runit_service svc + end + + service "chef-server" do + restart_command "sv int chef-server" + end + + if node['chef_server']['webui_enabled'] + service "chef-server-webui" do + restart_command "sv int chef-server-webui" + end + end + +when "init" + + directory node['chef_server']['run_path'] do + action :create + owner "chef" + group root_group + mode 0755 + end + + dist_dir = value_for_platform( + ["ubuntu", "debian"] => { "default" => "debian" }, + ["redhat", "centos", "fedora"] => { "default" => "redhat"} + ) + + conf_dir = value_for_platform( + ["ubuntu", "debian"] => { "default" => "default" }, + ["redhat", "centos", "fedora"] => { "default" => "sysconfig"} + ) + + chef_version = node['chef_packages']['chef']['version'] + gems_dir = node['languages']['ruby']['gems_dir'] + + server_services.each do |svc| + init_content = IO.read("#{gems_dir}/gems/chef-#{chef_version}/distro/#{dist_dir}/etc/init.d/#{svc}") + conf_content = IO.read("#{gems_dir}/gems/chef-#{chef_version}/distro/#{dist_dir}/etc/#{conf_dir}/#{svc}") + + file "/etc/init.d/#{svc}" do + content init_content + mode 0755 + end + + file "/etc/#{conf_dir}/#{svc}" do + content conf_content + mode 0644 + end + + link "/usr/sbin/#{svc}" do + to "#{node['languages']['ruby']['bin_dir']}/#{svc}" + end + + service "#{svc}" do + supports :status => true + action [ :enable, :start ] + end + end + +when "upstart" + + log "This recipe does not yet support configuring services with Upstart." + +when "bluepill" + + include_recipe "bluepill" + + server_services.each do |svc| + template "#{node['bluepill']['conf_dir']}/#{svc}.pill" do + source "#{svc}.pill.erb" + mode 0644 + end + + bluepill_service svc do + action [:enable,:load,:start] + end + end + +when "daemontools" + + include_recipe "daemontools" + + server_services.each do |svc| + daemontools_service svc do + template svc + log true + action [:enable, :start] + end + end + +when "bsd" + + log("You specified service style 'bsd'. You will need to set up your rc.local file for chef-expander, chef-solr and chef-server.") + log("chef-expander startup command: chef-expander -d -n #{node['chef_server']['expander_nodes']}") + log("chef-solr startup command: chef-solr -d") + log("chef-server startup command: chef-server -d -N -p #{node['chef_server']['api_port']} -e production -P #{node['chef_server']['run_path']}/server.%s.pid") + +else + + log("Could not determine service init style, manual intervention required to set up server services.") + +end diff --git a/cookbooks/chef-server/templates/default/chef-expander.pill.erb b/cookbooks/chef-server/templates/default/chef-expander.pill.erb new file mode 100644 index 0000000..dc9e2b8 --- /dev/null +++ b/cookbooks/chef-server/templates/default/chef-expander.pill.erb @@ -0,0 +1,15 @@ +Bluepill.application("chef-expander") do |app| + app.process("chef-expander") do |process| + process.pid_file = "<%= node['chef_server']['run_path'] %>/chef-expander.pid" + process.working_dir = "<%= node['chef_server']['path'] %>" + process.start_command = "chef-expander" + process.daemonize = true + process.stdout = process.stderr = "<%= node['chef_server']['log_dir'] %>/expander.log" + process.start_grace_time = 5.seconds + process.stop_grace_time = 5.seconds + process.restart_grace_time = 30.seconds + process.environment = { + 'PATH' => "/usr/local/bin:/usr/local/sbin:/bin:/sbin:/usr/bin:/usr/sbin<% if node['languages']['ruby']['gems_dir'] %>:<%= node['languages']['ruby']['gems_dir'] %>/bin<% end -%>:$PATH" + } + end +end diff --git a/cookbooks/chef-server/templates/default/chef-server-webui.pill.erb b/cookbooks/chef-server/templates/default/chef-server-webui.pill.erb new file mode 100644 index 0000000..ace4cb2 --- /dev/null +++ b/cookbooks/chef-server/templates/default/chef-server-webui.pill.erb @@ -0,0 +1,15 @@ +Bluepill.application("chef-server-webui") do |app| + app.process("chef-server-webui") do |process| + process.pid_file = "<%= node['chef_server']['run_path'] %>/chef-server-webui.pid" + process.working_dir = "<%= node['chef_server']['path'] %>" + process.start_command = "chef-server-webui -N -p <%= node['chef_server']['webui_port'] %> -e production" + process.daemonize = true + process.stdout = process.stderr = "<%= node['chef_server']['log_dir'] %>/server-webui.log" + process.start_grace_time = 5.seconds + process.stop_grace_time = 5.seconds + process.restart_grace_time = 30.seconds + process.environment = { + 'PATH' => "/usr/local/bin:/usr/local/sbin:/bin:/sbin:/usr/bin:/usr/sbin<% if node['languages']['ruby']['gems_dir'] %>:<%= node['languages']['ruby']['gems_dir'] %>/bin<% end -%>:$PATH" + } + end +end diff --git a/cookbooks/chef-server/templates/default/chef-server.pill.erb b/cookbooks/chef-server/templates/default/chef-server.pill.erb new file mode 100644 index 0000000..31e7ee3 --- /dev/null +++ b/cookbooks/chef-server/templates/default/chef-server.pill.erb @@ -0,0 +1,15 @@ +Bluepill.application("chef-server") do |app| + app.process("chef-server") do |process| + process.pid_file = "<%= node['chef_server']['run_path'] %>/chef-server.pid" + process.working_dir = "<%= node['chef_server']['path'] %>" + process.start_command = "chef-server -N -p <%= node['chef_server']['api_port'] %> -e production" + process.daemonize = true + process.stdout = process.stderr = "<%= node['chef_server']['log_dir'] %>/server.log" + process.start_grace_time = 5.seconds + process.stop_grace_time = 5.seconds + process.restart_grace_time = 30.seconds + process.environment = { + 'PATH' => "/usr/local/bin:/usr/local/sbin:/bin:/sbin:/usr/bin:/usr/sbin<% if node['languages']['ruby']['gems_dir'] %>:<%= node['languages']['ruby']['gems_dir'] %>/bin<% end -%>:$PATH" + } + end +end diff --git a/cookbooks/chef-server/templates/default/chef-solr.pill.erb b/cookbooks/chef-server/templates/default/chef-solr.pill.erb new file mode 100644 index 0000000..85e0f8e --- /dev/null +++ b/cookbooks/chef-server/templates/default/chef-solr.pill.erb @@ -0,0 +1,15 @@ +Bluepill.application("chef-solr") do |app| + app.process("chef-solr") do |process| + process.pid_file = "<%= node['chef_server']['run_path'] %>/chef-solr.pid" + process.working_dir = "<%= node['chef_server']['path'] %>" + process.start_command = "chef-solr" + process.daemonize = true + process.stdout = process.stderr = "<%= node['chef_server']['log_dir'] %>/solr.log" + process.start_grace_time = 5.seconds + process.stop_grace_time = 5.seconds + process.restart_grace_time = 30.seconds + process.environment = { + 'PATH' => "/usr/local/bin:/usr/local/sbin:/bin:/sbin:/usr/bin:/usr/sbin<% if node['languages']['ruby']['gems_dir'] %>:<%= node['languages']['ruby']['gems_dir'] %>/bin<% end -%>:$PATH" + } + end +end diff --git a/cookbooks/chef-server/templates/default/chef_server.conf.erb b/cookbooks/chef-server/templates/default/chef_server.conf.erb new file mode 100644 index 0000000..6d4efda --- /dev/null +++ b/cookbooks/chef-server/templates/default/chef_server.conf.erb @@ -0,0 +1,71 @@ +# Server Proxy for API +> + ServerName <%= @params[:api_server_name] %> + ServerAlias <% @params[:api_server_aliases].each do |a| %><%= "#{a}" %> <% end %> + + DocumentRoot <%= node['chef_server']['doc_root'] %> + + ExpiresActive On + ExpiresByType text/css "access plus <%= node['chef_server']['proxy']['css_expire_hours'] %> hours" + ExpiresByType text/javascript "access plus <%= node['chef_server']['proxy']['js_expire_hours'] %> hours" + ExpiresByType application/x-javascript "access plus <%= node['chef_server']['proxy']['js_expire_hours'] %> hours" + ExpiresByType application/javascript "access plus <%= node['chef_server']['proxy']['js_expire_hours'] %> hours" + + + BalancerMember http://127.0.0.1:<%= node['chef_server']['api_port'] %> + ProxySet maxattempts=2 + Order deny,allow + Allow from all + + + LogLevel info + ErrorLog <%= @params[:log_dir] %>/<%= @params[:name] %>-error.log + CustomLog <%= @params[:log_dir] %>/<%= @params[:name] %>-access.log combined + + SSLEngine On + SSLCertificateFile /etc/chef/certificates/chef-server-proxy.pem + SSLCertificateKeyFile /etc/chef/certificates/chef-server-proxy.pem + + RequestHeader set X_FORWARDED_PROTO 'https' + + RewriteEngine On + RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f + RewriteRule ^/(.*)$ balancer://chef_server%{REQUEST_URI} [P,QSA,L] + + +<% if node['chef_server']['webui_enabled'] -%> +# Server Proxy for WebUI +> + ServerName <%= @params[:webui_server_name] %> + ServerAlias <% @params[:webui_server_aliases].each do |a| %><%= "#{a}" %> <% end %> + + DocumentRoot <%= node['chef_server']['doc_root'] %> + + ExpiresActive On + ExpiresByType text/css "access plus <%= node['chef_server']['proxy']['css_expire_hours'] %> hours" + ExpiresByType text/javascript "access plus <%= node['chef_server']['proxy']['js_expire_hours'] %> hours" + ExpiresByType application/x-javascript "access plus <%= node['chef_server']['proxy']['js_expire_hours'] %> hours" + ExpiresByType application/javascript "access plus <%= node['chef_server']['proxy']['js_expire_hours'] %> hours" + + + BalancerMember http://127.0.0.1:<%= node['chef_server']['webui_port'] %> + ProxySet maxattempts=2 + Order deny,allow + Allow from all + + + LogLevel info + ErrorLog <%= @params[:log_dir] %>/<%= @params[:name] %>-error.log + CustomLog <%= @params[:log_dir] %>/<%= @params[:name] %>-access.log combined + + SSLEngine On + SSLCertificateFile /etc/chef/certificates/chef-server-proxy.pem + SSLCertificateKeyFile /etc/chef/certificates/chef-server-proxy.pem + + RequestHeader set X_FORWARDED_PROTO 'https' + + RewriteEngine On + RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f + RewriteRule ^/(.*)$ balancer://chef_server%{REQUEST_URI} [P,QSA,L] + +<% end -%> diff --git a/cookbooks/chef-server/templates/default/chef_server.nginx.conf.erb b/cookbooks/chef-server/templates/default/chef_server.nginx.conf.erb new file mode 100644 index 0000000..1e47a9e --- /dev/null +++ b/cookbooks/chef-server/templates/default/chef_server.nginx.conf.erb @@ -0,0 +1,86 @@ +upstream chef_server { + server 127.0.0.1:<%= node['chef_server']['api_port'] %> fail_timeout=0; +} + +upstream chef_server_webui { + server 127.0.0.1:<%= node['chef_server']['webui_port'] %> fail_timeout=0; +} + +server { + listen <%= @api_port %> ssl; + ssl_certificate /etc/chef/certificates/chef-server-proxy.pem; + ssl_certificate_key /etc/chef/certificates/chef-server-proxy.pem; + server_name <%= @api_server_name %>; + access_log <%= node[:nginx][:log_dir] %>/chef-server.access.log; + error_log <%= node[:nginx][:log_dir] %>/chef-server.error.log warn; + + root <%= node['chef_server']['doc_root'] %>; + + location @chef_server { + proxy_set_header X-Forwarded-Proto https; + proxy_set_header Host $http_host; + + proxy_pass http://chef_server; + } + + location / { + try_files $uri @chef_server; + } +} + +<% if @api_aliases && @api_aliases.length > 0 %> +server { + server_name <%= @api_aliases.join(' ') %>; + access_log <%= node[:nginx][:log_dir] %>/chef-server.access.log; + error_log <%= node[:nginx][:log_dir] %>/chef-server.error.log warn; + + rewrite ^(.+)$ https://<%= @api_server_name %>$1 permanent; +} + +<% end %> +<% if node['chef_server']['webui_enabled'] -%> +server { + listen <%= @webui_port %> ssl; + ssl_certificate /etc/chef/certificates/chef-server-proxy.pem; + ssl_certificate_key /etc/chef/certificates/chef-server-proxy.pem; + server_name <%= @webui_server_name %>; + access_log <%= node[:nginx][:log_dir] %>/chef-server.access.log; + error_log <%= node[:nginx][:log_dir] %>/chef-server.error.log warn; + + root <%= node['chef_server']['doc_root'] %>; + + location @chef_server_webui { + proxy_set_header X-Forwarded-Proto https; + proxy_set_header Host $http_host; + + proxy_pass http://chef_server_webui; + } + + location ~ ^.+\.css$ { + expires <%= node['chef_server']['proxy']['css_expire_hours'] %>h; + + try_files $uri @chef_server_webui; + } + + location ~ ^.+\.js$ { + expires <%= node['chef_server']['proxy']['js_expire_hours'] %>h; + + try_files $uri @chef_server_webui; + } + + location / { + try_files $uri @chef_server_webui; + } +} + +<% if @webui_aliases && @webui_aliases.length > 0 %> +server { + server_name <%= @webui_aliases.join(' ') %>; + access_log <%= node[:nginx][:log_dir] %>/chef-server.access.log; + error_log <%= node[:nginx][:log_dir] %>/chef-server.error.log warn; + + rewrite ^(.+)$ https://<%= @webui_server_name %>$1 permanent; +} + +<% end %> +<% end -%> diff --git a/cookbooks/chef-server/templates/default/server.rb.erb b/cookbooks/chef-server/templates/default/server.rb.erb new file mode 100644 index 0000000..72ea12a --- /dev/null +++ b/cookbooks/chef-server/templates/default/server.rb.erb @@ -0,0 +1,34 @@ +# +# Chef Server Config File +# +# Dynamically generated by Chef - local modifications will be replaced + +log_level :info +log_location STDOUT +chef_server_url "<%= node['chef_server']['url'] %>" +file_cache_path "<%= node['chef_server']['cache_path'] %>" +sandbox_path "<%= node['chef_server']['cache_path'] %>/sandboxes" +checksum_path "<%= node['chef_server']['path'] %>/cookbook_index" +node_path "<%= node['chef_server']['path'] %>/node" +cookbook_tarball_path "<%= node['chef_server']['path']%>/cookbook-tarballs" + +validation_client_name "<%= node['chef_server']['validation_client_name'] %>" + +<% if node['chef_server']['webui_enabled'] -%> +web_ui_admin_user_name "admin" + +<% end -%> +supportdir = "<%= node['chef_server']['path'] %>" +solr_jetty_path File.join(supportdir, "solr", "jetty") +solr_data_path File.join(supportdir, "solr", "data") +solr_home_path File.join(supportdir, "solr", "home") +solr_heap_size "<%= node['chef_server']['solr_heap_size'] %>" + +solr_url "http://localhost:8983" + +umask <%= node['chef_server']['umask'] %> + +signing_ca_cert "/etc/chef/certificates/cert.pem" +signing_ca_key "/etc/chef/certificates/key.pem" +signing_ca_user "chef" +signing_ca_group "chef" diff --git a/cookbooks/chef-server/templates/default/solr.rb.erb b/cookbooks/chef-server/templates/default/solr.rb.erb new file mode 100644 index 0000000..648b771 --- /dev/null +++ b/cookbooks/chef-server/templates/default/solr.rb.erb @@ -0,0 +1,16 @@ +# +# Chef SOLR Config File +# +# Dynamically generated by Chef - local modifications will be replaced + +log_location STDOUT + +supportdir = "<%= node['chef_server']['path'] %>" +solr_jetty_path File.join(supportdir, "solr", "jetty") +solr_data_path File.join(supportdir, "solr", "data") +solr_home_path File.join(supportdir, "solr", "home") +solr_heap_size "<%= node['chef_server']['solr_heap_size'] %>" + +solr_url "http://localhost:8983" + +amqp_pass "testing" diff --git a/cookbooks/chef-server/templates/default/sv-chef-expander-log-run.erb b/cookbooks/chef-server/templates/default/sv-chef-expander-log-run.erb new file mode 100644 index 0000000..a79a518 --- /dev/null +++ b/cookbooks/chef-server/templates/default/sv-chef-expander-log-run.erb @@ -0,0 +1,2 @@ +#!/bin/sh +exec svlogd -tt ./main diff --git a/cookbooks/chef-server/templates/default/sv-chef-expander-run.erb b/cookbooks/chef-server/templates/default/sv-chef-expander-run.erb new file mode 100644 index 0000000..f6dafc2 --- /dev/null +++ b/cookbooks/chef-server/templates/default/sv-chef-expander-run.erb @@ -0,0 +1,4 @@ +#!/bin/sh +PATH=/usr/local/bin:/usr/local/sbin:/bin:/sbin:/usr/bin:/usr/sbin<% if node['languages']['ruby']['gems_dir'] %>:<%= node['languages']['ruby']['gems_dir'] %>/bin<% end -%> +exec 2>&1 +exec /usr/bin/env chef-expander -n <%= node['chef_server']['expander_nodes'] %> diff --git a/cookbooks/chef-server/templates/default/sv-chef-server-log-run.erb b/cookbooks/chef-server/templates/default/sv-chef-server-log-run.erb new file mode 100644 index 0000000..a79a518 --- /dev/null +++ b/cookbooks/chef-server/templates/default/sv-chef-server-log-run.erb @@ -0,0 +1,2 @@ +#!/bin/sh +exec svlogd -tt ./main diff --git a/cookbooks/chef-server/templates/default/sv-chef-server-run.erb b/cookbooks/chef-server/templates/default/sv-chef-server-run.erb new file mode 100644 index 0000000..e522064 --- /dev/null +++ b/cookbooks/chef-server/templates/default/sv-chef-server-run.erb @@ -0,0 +1,4 @@ +#!/bin/sh +PATH=/usr/local/bin:/usr/local/sbin:/bin:/sbin:/usr/bin:/usr/sbin<% if node['languages']['ruby']['gems_dir'] %>:<%= node['languages']['ruby']['gems_dir'] %>/bin<% end -%> +exec 2>&1 +exec /usr/bin/env chef-server -N -p <%= node['chef_server']['api_port'] %> -e production -P <%= node['chef_server']['run_path'] %>/server.%s.pid diff --git a/cookbooks/chef-server/templates/default/sv-chef-server-webui-log-run.erb b/cookbooks/chef-server/templates/default/sv-chef-server-webui-log-run.erb new file mode 100644 index 0000000..a79a518 --- /dev/null +++ b/cookbooks/chef-server/templates/default/sv-chef-server-webui-log-run.erb @@ -0,0 +1,2 @@ +#!/bin/sh +exec svlogd -tt ./main diff --git a/cookbooks/chef-server/templates/default/sv-chef-server-webui-run.erb b/cookbooks/chef-server/templates/default/sv-chef-server-webui-run.erb new file mode 100644 index 0000000..ce202b1 --- /dev/null +++ b/cookbooks/chef-server/templates/default/sv-chef-server-webui-run.erb @@ -0,0 +1,4 @@ +#!/bin/sh +PATH=/usr/local/bin:/usr/local/sbin:/bin:/sbin:/usr/bin:/usr/sbin<% if node['languages']['ruby']['gems_dir'] %>:<%= node['languages']['ruby']['gems_dir'] %>/bin<% end -%> +exec 2>&1 +exec /usr/bin/env chef-server-webui -N -p <%= node['chef_server']['webui_port'] %> -e production -P <%= node['chef_server']['run_path'] %>/server-webui.%s.pid diff --git a/cookbooks/chef-server/templates/default/sv-chef-solr-log-run.erb b/cookbooks/chef-server/templates/default/sv-chef-solr-log-run.erb new file mode 100644 index 0000000..a79a518 --- /dev/null +++ b/cookbooks/chef-server/templates/default/sv-chef-solr-log-run.erb @@ -0,0 +1,2 @@ +#!/bin/sh +exec svlogd -tt ./main diff --git a/cookbooks/chef-server/templates/default/sv-chef-solr-run.erb b/cookbooks/chef-server/templates/default/sv-chef-solr-run.erb new file mode 100644 index 0000000..97cfd2e --- /dev/null +++ b/cookbooks/chef-server/templates/default/sv-chef-solr-run.erb @@ -0,0 +1,4 @@ +#!/bin/sh +PATH=/usr/local/bin:/usr/local/sbin:/bin:/sbin:/usr/bin:/usr/sbin<% if node['languages']['ruby']['gems_dir'] %>:<%= node['languages']['ruby']['gems_dir'] %>/bin<% end -%> +exec 2>&1 +exec /usr/bin/env chef-solr diff --git a/cookbooks/chef/README.md b/cookbooks/chef/README.md new file mode 100644 index 0000000..4f83615 --- /dev/null +++ b/cookbooks/chef/README.md @@ -0,0 +1,398 @@ +IMPORTANT CHANGES - version 0.99.9 +================================== + +In the interest of user experience and clarity of intention, this cookbook is deprecated. It has been split into two cookbooks. For compatibility reasons, it will depend on the cookbooks it is split into and use the recipes from those cookbooks where applicable. + +* chef-client: All the client related configuration/setup. +* chef-server: All the server related configuration/setup. + +DESCRIPTION +=========== + +This cookbook is used to configure the system to be a Chef Client or a Chef Server. It is a complex cookbook, please read this entire document to understand how it works. For more information on how Chef itself works, see the [Chef Wiki](http://wiki.opscode.com) + +REQUIREMENTS +============ + +Chef 0.8.16 or later is required. + +Chef 0.9.0 or later is required to use the `chef.init_style` attribute value `init`, in order to have the init scripts available. + +Platform +-------- + +If using this cookbook to manage a Chef Server system that was installed from Debian/Ubuntu packages, note that in the packages, the configuration files are split up for server.rb, solr.rb and webui.rb, and the `chef::server` recipe may not work as desired. + +A recent version of Ubuntu or Debian is recommended for the Chef Server. + +* Ubuntu 9.10/10.04 +* Debian testing/unstable + +These versions have newer versions of CouchDB and RabbitMQ packaged. + +`chef::client` is tested on Ubuntu 8.04+, Debian 5.0, CentOS 5.x, Fedora 10+, OpenBSD 4.6, FreeBSD 7.1 and Gentoo. + +`chef::bootstrap_client` is tested on the above. OpenSolaris 11 is also tested, but there's a bug in Ohai that requires some manual intervention (OHAI-122). + +`chef::server` is tested on Ubuntu 8.04+, Debian 5.0. + +`chef::bootstrap_server` is tested on Ubuntu 8.04+, Debian 5.0. + +Client +------ + +`runit` cookbook is suggested for RubyGems installation. No other cookbooks are required for clients. + +Server +------ + +The `chef::bootstrap_server` recipe uses the following other cookbooks from Opscode. + +* couchdb +* `rabbitmq_chef` +* openssl +* zlib +* xml +* java + +The `chef::server_proxy` recipe uses the following cookbook: + +* apache2 + +ATTRIBUTES +========== + +The attributes for configuring the `chef` cookbook are under the `chef` namespace on the node, i.e., `@node[:chef]` or `@node.chef`. + +When using the bootstrap recipe, set the desired attributes using a JSON file. See "BOOTSTRAPPING" for examples. + +umask +----- + +Sets the umask for files created by the server process via `Chef::Config[:umask]` in `/etc/chef/server.rb` + +`url_type` +---------- + +Set up the URLs the client should connect to with this. Default is `http`, which tells the client to connect to `http://server:4000`. If you set up your chef-server to use an SSL front-end for example with `chef::server_proxy`, set this to `https` for clients and the URLs will be `https://server/`. + +By default the only URL config setting for Chef 0.8.x+ is `Chef::Config[:chef_server_url]`. The other older URLs are still supported so you can split out the various functions of the Chef Server, but configuration of those is outside the scope of this cookbook. + +`init_style` +------------ + +Specifies the init style to use. Possible values: + +* runit - uses runit to set up the service. Logs will be in `/etc/sv/chef-client/log/main`. Default value for this attribute. +* init - uses init scripts that are included in the `chef` gem. Logs will be in `/var/log/chef`. Only usable with debian/ubuntu and red hat family distributions. +* daemontools - uses daemontools to set up the service. Logs will be in `/etc/sv/chef-client/log/main`. +* bluepill - uses bluepill to set up the service. +* bsd - Prints a message with the chef-client command to use in rc.local. + +If your platform doesn't have a `runit` package or if the cookbook doesn't detect it, but you still want to use runit, set `init_style` to `none` and install runit separately. You may need to configure the runit services separately. + +Using the `init` value for this attribute will retrieve the init scripts that are distributed with the Chef gem. + +This cookbook does not yet support Upstart for Ubuntu/Debian, but that is planned for a future release, and will be specified via this attribute. + +path +---- + +This is the base location where Chef will store data and other artifacts. Default `/srv/chef` for RubyGems installed systems. If using Chef packages for your platform, the location preference varies. The default on Debian and Red Hat based systems is a filesystem hiearchy standard (FHS) suggestion. Some other locations you may consider, by platform: + +Debian and Red Hat based Linux distros (Ubuntu, CentOS, Fedora, etc): + +* `/var/lib/chef` + +Any BSD and Gentoo: + +* `/var/chef` + +`run_path` +---------- + +Location for pidfiles on systems using init scripts. Default `/var/run/chef`. + +If `init_style` is `init`, this is used, and should match what the init script itself uses for the PID files. + +`cache_path` +------------ + +Location where the client will cache cookbooks and other data. Default is `cache` underneath the `chef[:path]` location. Linux distributions adhering to the FHS prefer `/var/cache/chef` instead. + +Base directory for data that is easily regenerated such as cookbook tarballs (`Chef::Config[:cookbook_tarballs]`) on the server, downloaded cookbooks on the client, etc. See the config templates. + +`backup_path` +------------- + +Location where backups of files, corresponds to the `file_backup_path` location. Defaults to `backup` under `chef[:path]` location. Set to `false` to use the old behavior which stores the backup files in the same directory as the target. + +FHS location suggestion: `/var/lib/chef/backup`. + +`serve_path` +------------ + +Used by the Chef server as the base location to "serve" cookbooks, roles and other assets. Default is `/srv/chef`. + +`server_version` +---------------- + +Version of Chef to install for the server. Used by the `server_proxy` recipe to set the location of the DocumentRoot of the WebUI. Automatically determined via ohai's `chef_packages[:chef][:version]` by default. + +`client_version` +---------------- + +Version of Chef to install for the client. Used to display a log message about the location of the init scripts when `init_style` is `init`, and can be used to upgrade `chef` gem with the `chef::bootstrap_client` recipe. Automatically determined via ohai's `chef_packages[:chef][:version]` by default. + +`client_interval` +----------------- + +Number of seconds to run chef-client periodically. Default `1800` (30 minutes). + +`client_splay` +-------------- + +Splay interval to randomly add to interval. Default `20`. + +`log_dir` +--------- + +When `init_style` is `init`, this directory needs to be created. The default is `/var/log/chef`. + +`client_log`, `indexer_log`, `server_log` +----------------------------------------- + +These options are deprecated to reduce complexity and potential confusion. + +`server_port` +------------- + +Port for the Server API service to listen on. Default `4000`. + +`webui_port` +------------ + +Port for the Server WebUI service to listen on. Default `4040`. + +`webui_enabled` +--------------- + +As of version 0.8.x+, the WebUI part of the Chef Server is optional, and disabled by default. To enable it, set this to true. + +`server_fqdn` +------------- + +Fully qualified domain name of the server. Default is `chef.domain` where domain is detected by Ohai. You should configure a DNS entry for your Chef Server. + +On servers, this specifies the URL the server expects to use by default `Chef::Config[:chef_server_url]`, plus it is used in the `server_ssl_req` as the canonical name (CN) and in `server_proxy` for the vhost name. + +On clients, this specifies the URL the client uses to connect to the server as `Chef::Config[:chef_server_url]`. + +`server_url` +------------ + +Full URI for the Chef Server. Used for `chef_server_url` config setting. The default value combines the attributes `chef.url_type`, `chef.server_fqdn` and `chef.server_port`, creating for example "http://chef.example.com:4000". If you are using the Opscode Platform, set this to "https://api.opscode.com/organizations/ORGNAME", where ORGNAME is your organization's simple string name. + +SERVER PROXY +------------ + +The following attributes are used by the `server_proxy.rb` recipe, and are stored in the `server_proxy.rb` attributes file. + +`doc_root` +---------- + +DocumentRoot for the WebUI. Also gets set in the vhost for the API, but it is not used since the vhost merely proxies to the server on port 4000. + +`server_ssl_req` +---------------- + +Used by the `server_proxy` recipe, this attribute can be used to set up a self-signed SSL certificate automatically using OpenSSL. Fields: + +* C: country (two letter code) +* ST: state/province +* L: locality or city +* O: organization +* OU: organizational unit +* CN: canonical name, usually the fully qualified domain name of the server (FQDN) +* emailAddress: contact email address + +This attribute is now in the `server_proxy.rb` attributes file, as it is specific to that context. + +`server_proxy.css_expire_hours` +------------------------------- + +Sets expiration time for CSS in the WebUI. + +`server_proxy.js_expire_hours` +------------------------------ + +Sets expiration time for JavaScript in the WebUI. + +RECIPES AND USAGE +================= + +This section describes the recipes in the cookbook and how to use them in your environment. + +BOOTSTRAPPING +------------- + +The first two recipes described are for "bootstrapping" a system to be a Chef Client or Chef Server, respectively. Only use these recipes with RubyGems installations of Chef. + +These recipes are typically used with chef-solo using a JSON file of attributes and a run list, and a solo config file. For more information see [Bootstrap Chef RubyGems Installation](http://wiki.opscode.com/display/chef/Bootstrap+Chef+RubyGems+Installation) on the Chef Wiki. + +`bootstrap_client` +------------------ + +ONLY FOR RUBYGEMS INSTALLATIONS. Do not use this recipe if you installed Chef from packages for your platform. + +Use this recipe to "bootstrap" a client so it can connect to a Chef Server. This recipe does the following: + +* Ensures the gem installed matches the version desired (`client_version` attribute). +* Includes the `chef::client_service` recipe to ensure that `chef-client` is running as a service. +* Sets up some directories for Chef to use. +* Creates the client configuration file `/etc/chef/client.rb` based on the configuration passed via JSON. + +For configuring a new client to connect to the Opscode Platform: + + { + "chef": { + "server_url": "https://api.opscode.com/organizations/ORGNAME" + }, + "run_list": "recipe[chef::bootstrap_client]" + } + +For configuring a new client to connect to a local Chef Server: + + { + "chef": { + "server_url": "http://chef.example.com:4000" + }, + "run_list": "recipe[chef::bootstrap_client]" + } + +This is the minimal JSON to use for the client configuration. See the ATTRIBUTES section above for more options. + +`bootstrap_server` +------------------ + +ONLY FOR RUBYGEMS INSTALLATIONS. Do not use this recipe if you installed Chef from packages for your platform. + +Use this recipe to "bootstrap" a system to become a Chef Server. This recipe does the following: + +* Includes the `chef::bootstrap_client` recipe to configure itself to be its own client. +* Installs CouchDB from package or source depending on the platform. +* Installs Java for the `chef-solr` search engine. +* Installs RabbitMQ (`rabbitmq_chef` cookbook) for the `chef-solr-indexer` consumer. +* Installs all the Server-related Gems. +* Creates the server configuration file `/etc/chef/server.rb` based on the configuration passed via JSON. +* Sets up some directories for the server to use. +* Sets up the `chef-server`, `chef-solr`, `chef-solr-indexer` services depending on the `init_style` attribute (see above). + +Minimal JSON to use for the server configuration: + + { + "chef": { + "server_url": "http://localhost.localdomain:4000", + }, + "run_list": "recipe[chef::bootstrap_server]" + } + +Note that the `chef-server-webui` is optional and can be enabled if desired by adding this to the JSON under "chef": + + "webui_enabled": true + +client +------ + +The client recipe is used to manage the configuration of an already-installed and configured Chef client. It can be used after a RubyGems installation bootstrap (per above), or with clients that were installed from platform packaging. + +The recipe itself manages the `/etc/chef/client.rb` config file based on the attributes in this cookbook. When the client config is updated, the recipe will also reread the configuration during the Chef run, so the current Chef run can be dynamically changed. + +This recipe does not manage the `chef-client` service. It is assumed to have been set up and started from the `bootstrap_client` recipe above, or from OS / distribution packaging. The `chef-client` service should not be restarted as a result of `/etc/chef/client.rb` changing, as that can cause the current process running the client to be restarted, having unpredictable results. + +`client_service` +---------------- + +Use this recipe on systems that should have a `chef-client` daemon running, such as when Knife bootstrap was used to install Chef on a new system. + +This recipe sets up the `chef-client` service depending on the `init_style` attribute (see above). It is included by the `chef::bootstrap_client` recipe. + +default +------- + +There is no spoon :-). + +`delete_validation` +------------------- + +Use this recipe to delete the validation certificate (default `/etc/chef/validation.pem`) when using a `chef-client` after the client has been validated and authorized to connect to the server. + +Beware if using this on your Chef Server. First copy the validation.pem certificate file to another location, such as your knife configuration directory (`~/.chef`) or [Chef Repository](http://wiki.opscode.com/display/chef/Chef+Repository). + +server +------ + +The server recipe includes the `chef::client` recipe above. + +The recipe itself manages the services and the Server config file `/etc/chef/server.rb`. See above under Platform requirements for cavaet when running Chef Server installed via Debian/Ubuntu packages. Changes to the recipe to manage additional templates may be required. + +The following services are managed: + +* chef-solr +* chef-solr-indexer +* chef-server +* chef-webui (if installed) + +Changes to the `/etc/chef/server.rb` will trigger a restart of these services. + +Since the Chef Server itself typically runs the CouchDB service for the data store, the recipe will do a compaction on the Chef database and all the views associated with the Chef Server. These compactions only occur if the database/view size is more than 100Mb. It will use the configured CouchDB URL, which is `http://localhost:5984` by default. The actual value used for the CouchDB server is from the `Chef::Config[:couchdb_url]`, so this can be dynamically changed. + +`server_proxy` +-------------- + +This recipe sets up an Apache2 VirtualHost to proxy HTTPS for the Chef Server API and WebUI. + +The API will be proxied on port 443. If the `chef-serer-webui` is installed, it will be proxied on port 444. The recipe dynamically creates the OpenSSL certificate based on the `chef.server_ssl_req` attribute. It uses some additional configuration for Apache to improve performance of the webui. The virtual host template is `chef_server.conf.erb`. The DocumentRoot setting is used for the WebUI, but not the API, and is set with the attribute `chef.doc_root`. + +TEMPLATES +========= + +`chef_server.conf.erb` +---------------------- + +VirtualHost file used by Apache2 in the `chef::server_proxy` recipe. + +client.rb.erb +------------- + +Configuration for the client, lands in `/etc/chef/client.rb`. + +server.rb.erb +------------- + +Configuration for the server and server components, lands in `/etc/chef/server.rb`. See above regarding Debian/Ubuntu packaging config files when using packages to install Chef. + +`sv-*run.erb` +------------- + +Various runit "run" scripts for the Chef services that get configured when `init_style` is "runit". + +LICENSE AND AUTHORS +=================== + +* Author: Joshua Timberman +* Author: Joshua Sierles + +* Copyright 2008-2010, Opscode, Inc +* Copyright 2009, 37signals + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and diff --git a/cookbooks/chef/attributes/default.rb b/cookbooks/chef/attributes/default.rb new file mode 100644 index 0000000..3eeac3b --- /dev/null +++ b/cookbooks/chef/attributes/default.rb @@ -0,0 +1,50 @@ +# +# Author:: Joshua Timberman +# Cookbook Name:: chef +# Attributes:: default +# +# Copyright 2008-2010, Opscode, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +default[:chef][:umask] = "0022" +default[:chef][:url_type] = "http" +default[:chef][:init_style] = "runit" + +case platform +when "openbsd","freebsd" + default[:chef][:path] = "/var/chef" + default[:chef][:run_path] = "/var/run" + default[:chef][:cache_path] = "/var/chef/cache" + default[:chef][:serve_path] = "/var/chef" +else + default[:chef][:path] = "/srv/chef" + default[:chef][:serve_path] = "/srv/chef" + default[:chef][:run_path] = "#{chef[:path]}/run" + default[:chef][:cache_path] = "#{chef[:path]}/cache" + default[:chef][:backup_path] = "#{chef[:path]}/backup" +end + +default[:chef][:server_version] = node.chef_packages.chef[:version] +default[:chef][:client_version] = node.chef_packages.chef[:version] +default[:chef][:client_interval] = "1800" +default[:chef][:client_splay] = "20" +default[:chef][:log_dir] = "/var/log/chef" +default[:chef][:server_port] = "4000" +default[:chef][:webui_port] = "4040" +default[:chef][:webui_enabled] = false +default[:chef][:solr_heap_size] = "256M" +default[:chef][:validation_client_name] = "chef-validator" + +default[:chef][:server_fqdn] = node.has_key?(:domain) ? "chef.#{domain}" : "chef" +default[:chef][:server_url] = "#{node.chef.url_type}://#{node.chef.server_fqdn}:#{node.chef.server_port}" diff --git a/cookbooks/chef/attributes/server_proxy.rb b/cookbooks/chef/attributes/server_proxy.rb new file mode 100644 index 0000000..ef50ba6 --- /dev/null +++ b/cookbooks/chef/attributes/server_proxy.rb @@ -0,0 +1,29 @@ +# +# Author:: David Abdemoulaie +# Cookbook Name:: chef +# Attributes:: server_proxy +# +# Copyright 2009, David Abdemoulaie +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +include_attribute "apache2" +include_attribute "chef" + +default[:chef][:doc_root] = "#{languages[:ruby][:gems_dir]}/gems/chef-server-webui-#{chef[:server_version]}/public" + +default[:chef][:server_ssl_req] = "/C=US/ST=Several/L=Locality/O=Example/OU=Operations/" + + "CN=#{node.chef.server_fqdn}/emailAddress=ops@#{node.chef.server_fqdn}" + +default[:chef][:server_proxy][:css_expire_hours] = "120" +default[:chef][:server_proxy][:js_expire_hours] = "24" diff --git a/cookbooks/chef/metadata.rb b/cookbooks/chef/metadata.rb new file mode 100644 index 0000000..2fb60f7 --- /dev/null +++ b/cookbooks/chef/metadata.rb @@ -0,0 +1,22 @@ +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +description "Installs and configures Chef for chef-client and chef-server" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "0.99.9" +recipe "chef", "Default recipe is empty, use one of the other recipes." +recipe "chef::client", "Sets up a client to talk to a chef-server" +recipe "chef::client_service", "Sets up a client daemon to run periodically" +recipe "chef::bootstrap_client", "Set up rubygem installed chef client" +recipe "chef::delete_validation", "Deletes validation.pem after client registers" +recipe "chef::server", "Configures a chef API server as a merb application" +recipe "chef::bootstrap_server", "Set up rubygem installed chef server" +recipe "chef::server_proxy", "Configures Apache2 proxy for API and WebUI" + +%w{ ubuntu debian redhat centos fedora freebsd openbsd }.each do |os| + supports os +end + +%w{ runit bluepill daemontools couchdb apache2 openssl zlib xml java chef-server chef-client }.each do |cb| + depends cb +end diff --git a/cookbooks/chef/recipes/bootstrap_client.rb b/cookbooks/chef/recipes/bootstrap_client.rb new file mode 100644 index 0000000..ec7f575 --- /dev/null +++ b/cookbooks/chef/recipes/bootstrap_client.rb @@ -0,0 +1,22 @@ +# +# Author:: Joshua Timberman +# Cookbook Name:: chef +# Recipe:: bootstrap_client +# +# Copyright 2009-2010, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +Chef::Log.warn("The chef::bootstrap_client recipe has been deprecated. Use 'knife bootstrap' to bootstrap new systems to be chef clients.") +Chef::Log.warn("See 'knife help bootstrap' for more information from the knife bootstrap man page.") diff --git a/cookbooks/chef/recipes/bootstrap_server.rb b/cookbooks/chef/recipes/bootstrap_server.rb new file mode 100644 index 0000000..d04e312 --- /dev/null +++ b/cookbooks/chef/recipes/bootstrap_server.rb @@ -0,0 +1,41 @@ +# +# Author:: Joshua Timberman +# Author:: Joshua Sierles +# +# Cookbook Name:: chef +# Recipe:: bootstrap_server +# +# Copyright 2009-2010, Opscode, Inc. +# Copyright 2009, 37signals +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +Chef::Log.warn("This recipe is deprecated. It has been replaced by chef-server::rubygems-install.") +Chef::Log.warn("Including the chef-server::rubygems-install recipe now.") + +node.set['chef_server']['init_style'] = node['chef']['init_style'] +node.set['chef_server']['path'] = node['chef']['path'] +node.set['chef_server']['run_path'] = node['chef']['run_path'] +node.set['chef_server']['cache_path'] = node['chef']['cache_path'] +node.set['chef_server']['backup_path'] = node['chef']['backup_path'] +node.set['chef_server']['umask'] = node['chef']['umask'] +node.set['chef_server']['url'] = node['chef']['server_url'] +node.set['chef_server']['log_dir'] = node['chef']['log_dir'] +node.set['chef_server']['api_port'] = node['chef']['server_port'] +node.set['chef_server']['webui_port'] = node['chef']['webui_port'] +node.set['chef_server']['webui_enabled'] = node['chef']['webui_enabled'] +node.set['chef_server']['solr_heap_size'] = node['chef']['solr_heap_size'] +node.set['chef_server']['validation_client_name'] = node['chef']['validation_client_name'] + +include_recipe "chef-server::rubygems-install" diff --git a/cookbooks/chef/recipes/client.rb b/cookbooks/chef/recipes/client.rb new file mode 100644 index 0000000..6a4da39 --- /dev/null +++ b/cookbooks/chef/recipes/client.rb @@ -0,0 +1,37 @@ +# +# Author:: Joshua Timberman +# Author:: Joshua Sierles +# Cookbook Name:: chef +# Recipe:: client +# +# Copyright 2008-2010, Opscode, Inc +# Copyright 2009, 37signals +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +Chef::Log.warn("The chef::client recipe is deprecated. It is replaced by the chef-client::config recipe.") +Chef::Log.warn("Including the chef-client::config recipe now.") + +node.set['chef_client']['init_style'] = node['chef']['init_style'] +node.set['chef_client']['path'] = node['chef']['path'] +node.set['chef_client']['run_path'] = node['chef']['run_path'] +node.set['chef_client']['cache_path'] = node['chef']['cache_path'] +node.set['chef_client']['backup_path'] = node['chef']['backup_path'] +node.set['chef_client']['umask'] = node['chef']['umask'] +node.set['chef_client']['server_url'] = node['chef']['server_url'] +node.set['chef_client']['log_dir'] = node['chef']['log_dir'] +node.set['chef_client']['validation_client_name'] = node['chef']['validation_client_name'] +node.set['chef_client']['interval'] = node['chef']['interval'] +node.set['chef_client']['splay'] = node['chef']['splay'] + +include_recipe "chef-client::config" diff --git a/cookbooks/chef/recipes/client_service.rb b/cookbooks/chef/recipes/client_service.rb new file mode 100644 index 0000000..f37de4b --- /dev/null +++ b/cookbooks/chef/recipes/client_service.rb @@ -0,0 +1,36 @@ +# +# Author:: Joshua Timberman +# Cookbook Name:: chef +# Recipe:: bootstrap_client +# +# Copyright 2009-2010, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +Chef::Log.warn("This recipe is deprecated. It has been replaced by chef-client::service.") +Chef::Log.warn("Including the chef-client::service recipe now.") + +node.set['chef_client']['init_style'] = node['chef']['init_style'] +node.set['chef_client']['path'] = node['chef']['path'] +node.set['chef_client']['run_path'] = node['chef']['run_path'] +node.set['chef_client']['cache_path'] = node['chef']['cache_path'] +node.set['chef_client']['backup_path'] = node['chef']['backup_path'] +node.set['chef_client']['umask'] = node['chef']['umask'] +node.set['chef_client']['server_url'] = node['chef']['server_url'] +node.set['chef_client']['log_dir'] = node['chef']['log_dir'] +node.set['chef_client']['validation_client_name'] = node['chef']['validation_client_name'] +node.set['chef_client']['interval'] = node['chef']['interval'] +node.set['chef_client']['splay'] = node['chef']['splay'] + +include_recipe "chef-client::service" diff --git a/cookbooks/chef/recipes/default.rb b/cookbooks/chef/recipes/default.rb new file mode 100644 index 0000000..e69de29 diff --git a/cookbooks/chef/recipes/delete_validation.rb b/cookbooks/chef/recipes/delete_validation.rb new file mode 100644 index 0000000..2598371 --- /dev/null +++ b/cookbooks/chef/recipes/delete_validation.rb @@ -0,0 +1,23 @@ +# +# Author:: Joshua Timberman +# Cookbook Name:: chef +# Recipe:: delete_validation +# +# Copyright 2010, Opscode, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +Chef::Log.warn("The chef::delete_validation recipe is deprecated. It has been replaced with chef-client::delete_validation.") +Chef::Log.warn("Including the chef-client::delete_validation recipe now.") + +include_recipe "chef-client::delete_validation" diff --git a/cookbooks/chef/recipes/server.rb b/cookbooks/chef/recipes/server.rb new file mode 100644 index 0000000..74430cd --- /dev/null +++ b/cookbooks/chef/recipes/server.rb @@ -0,0 +1,41 @@ +# +# Author:: Joshua Timberman +# Author:: Joshua Sierles +# Cookbook Name:: chef +# Recipe:: server +# +# Copyright 2008-2009, Opscode, Inc +# Copyright 2009, 37signals +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +Chef::Log.warn("The chef::server recipe is deprecated. It is replaced by the chef-server recipe.") +Chef::Log.warn("Including the chef-server recipe now.") + +node.set['chef_server']['init_style'] = node['chef']['init_style'] +node.set['chef_server']['path'] = node['chef']['path'] +node.set['chef_server']['run_path'] = node['chef']['run_path'] +node.set['chef_server']['cache_path'] = node['chef']['cache_path'] +node.set['chef_server']['backup_path'] = node['chef']['backup_path'] +node.set['chef_server']['umask'] = node['chef']['umask'] +node.set['chef_server']['url'] = node['chef']['server_url'] +node.set['chef_server']['log_dir'] = node['chef']['log_dir'] +node.set['chef_server']['api_port'] = node['chef']['server_port'] +node.set['chef_server']['webui_port'] = node['chef']['webui_port'] +node.set['chef_server']['webui_enabled'] = node['chef']['webui_enabled'] +node.set['chef_server']['solr_heap_size'] = node['chef']['solr_heap_size'] +node.set['chef_server']['validation_client_name'] = node['chef']['validation_client_name'] +node.set['chef_server']['doc_root'] = node['chef']['doc_root'] +node.set['chef_server']['ssl_req'] = node['chef']['server_ssl_req'] + +include_recipe "chef-server" diff --git a/cookbooks/chef/recipes/server_proxy.rb b/cookbooks/chef/recipes/server_proxy.rb new file mode 100644 index 0000000..9faf624 --- /dev/null +++ b/cookbooks/chef/recipes/server_proxy.rb @@ -0,0 +1,41 @@ +# +# Author:: Joshua Timberman +# Cookbook Name:: chef +# Recipe:: server_proxy +# +# Copyright 2009, Opscode, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +Chef::Log.warn("The chef::server_proxy recipe is deprecated. It is replaced by the chef-server::apache-proxy recipe.") +Chef::Log.warn("Including the chef-server::apache-proxy recipe now.") + +node.set['chef_server']['init_style'] = node['chef']['init_style'] +node.set['chef_server']['path'] = node['chef']['path'] +node.set['chef_server']['run_path'] = node['chef']['run_path'] +node.set['chef_server']['cache_path'] = node['chef']['cache_path'] +node.set['chef_server']['backup_path'] = node['chef']['backup_path'] +node.set['chef_server']['umask'] = node['chef']['umask'] +node.set['chef_server']['url'] = node['chef']['server_url'] +node.set['chef_server']['log_dir'] = node['chef']['log_dir'] +node.set['chef_server']['api_port'] = node['chef']['server_port'] +node.set['chef_server']['webui_port'] = node['chef']['webui_port'] +node.set['chef_server']['webui_enabled'] = node['chef']['webui_enabled'] +node.set['chef_server']['solr_heap_size'] = node['chef']['solr_heap_size'] +node.set['chef_server']['validation_client_name'] = node['chef']['validation_client_name'] +node.set['chef_server']['doc_root'] = node['chef']['doc_root'] +node.set['chef_server']['ssl_req'] = node['chef']['server_ssl_req'] +node.set['chef_server']['proxy']['css_expire_hours'] = node['chef']['proxy']['css_expire_hours'] +node.set['chef_server']['proxy']['js_expire_hours'] = node['chef']['proxy']['js_expire_hours'] + +include_recipe "chef-server::apache-proxy" diff --git a/cookbooks/couchdb/README.md b/cookbooks/couchdb/README.md new file mode 100644 index 0000000..970e794 --- /dev/null +++ b/cookbooks/couchdb/README.md @@ -0,0 +1,68 @@ +DESCRIPTION +=========== + +Installs and configures CouchDB. Optionally can install CouchDB from sources. + +REQUIREMENTS +============ + +Requires a platform that can install Erlang from distribution packages. + +## Platform + +Tested on Debian 5+, Ubuntu 8.10+, OpenBSD and FreeBSD. + +Also works on Red Hat, CentOS and Fedora, requires the EPEL yum repository. + +## Cookbooks + +* erlang + +ATTRIBUTES +========== + +Cookbook attributes are named under the `couch_db` keyspace. The attributes specified in the cookbook are used in the `couchdb::source` recipe only. + +* `node['couch_db']['src_checksum']` - sha256sum of the default version of couchdb to download +* `node['couch_db']['src_version']` - default version of couchdb to download, used in the full URL to download. +* `node['couch_db']['src_mirror']` - full URL to download. + +RECIPES +======= + +default +------- + +Installs the couchdb package, creates the data directory and starts the couchdb service. + +source +------ + +Downloads the CouchDB source from the Apache project site, plus development dependencies. Then builds the binaries for installation, creates a user and directories, then sets up the couchdb service. Uses the init script provided in the cookbook. + +Changes +======= + +## v1.0.0: + +* create group for couchdb + +LICENSE AND AUTHOR +================== + +Author:: Joshua Timberman () + +Copyright 2009-2011, Opscode, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + diff --git a/cookbooks/couchdb/attributes/default.rb b/cookbooks/couchdb/attributes/default.rb new file mode 100644 index 0000000..4e7d915 --- /dev/null +++ b/cookbooks/couchdb/attributes/default.rb @@ -0,0 +1,22 @@ +# +# Author:: Joshua Timberman +# Cookbook Name:: couchdb +# Attributes:: couchdb +# +# Copyright 2010, Opscode, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set['couch_db']['src_checksum'] = "6ef82a7ba0f132d55af7cc78b30658d5b3a4f7be3f449308c8d7fa2ad473677c" +set['couch_db']['src_version'] = "1.0.2" +set['couch_db']['src_mirror'] = "http://archive.apache.org/dist/couchdb/#{node['couch_db']['src_version']}/apache-couchdb-#{node['couch_db']['src_version']}.tar.gz" diff --git a/cookbooks/couchdb/files/default/couchdb.init b/cookbooks/couchdb/files/default/couchdb.init new file mode 100644 index 0000000..85414e7 --- /dev/null +++ b/cookbooks/couchdb/files/default/couchdb.init @@ -0,0 +1,168 @@ +#!/bin/sh -e + +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +### BEGIN INIT INFO +# Provides: couchdb +# Required-Start: $local_fs $remote_fs +# Required-Stop: $local_fs $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Apache CouchDB init script +# Description: Apache CouchDB init script for the database server. +### END INIT INFO + +SCRIPT_OK=0 +SCRIPT_ERROR=1 + +DESCRIPTION="database server" +NAME=couchdb +SCRIPT_NAME=`basename $0` +COUCHDB=/usr/local/bin/couchdb +CONFIGURATION_FILE=/usr/local/etc/default/couchdb +RUN_DIR=/usr/local/var/run/couchdb +LSB_LIBRARY=/lib/lsb/init-functions + +if test ! -x $COUCHDB; then + exit $SCRIPT_ERROR +fi + +if test -r $CONFIGURATION_FILE; then + . $CONFIGURATION_FILE +fi + +log_daemon_msg () { + # Dummy function to be replaced by LSB library. + + echo $@ +} + +log_end_msg () { + # Dummy function to be replaced by LSB library. + + if test "$1" != "0"; then + echo "Error with $DESCRIPTION: $NAME" + fi + return $1 +} + +if test -r $LSB_LIBRARY; then + . $LSB_LIBRARY +fi + +start_couchdb () { + # Start Apache CouchDB as a background process. + + command="$COUCHDB -b" + if test -n "$COUCHDB_STDOUT_FILE"; then + command="$command -o $COUCHDB_STDOUT_FILE" + fi + if test -n "$COUCHDB_STDERR_FILE"; then + command="$command -e $COUCHDB_STDERR_FILE" + fi + if test -n "$COUCHDB_RESPAWN_TIMEOUT"; then + command="$command -r $COUCHDB_RESPAWN_TIMEOUT" + fi + if test -n "$COUCHDB_OPTIONS"; then + command="$command $COUCHDB_OPTIONS" + fi + mkdir -p "$RUN_DIR" + if test -n "$COUCHDB_USER"; then + chown $COUCHDB_USER "$RUN_DIR" + if su $COUCHDB_USER -c "$command" > /dev/null; then + return $SCRIPT_OK + else + return $SCRIPT_ERROR + fi + else + if $command > /dev/null; then + return $SCRIPT_OK + else + return $SCRIPT_ERROR + fi + fi +} + +stop_couchdb () { + # Stop the running Apache CouchDB process. + + command="$COUCHDB -d" + if test -n "$COUCHDB_OPTIONS"; then + command="$command $COUCHDB_OPTIONS" + fi + if test -n "$COUCHDB_USER"; then + if su $COUCHDB_USER -c "$command" > /dev/null; then + return $SCRIPT_OK + else + return $SCRIPT_ERROR + fi + else + if $command > /dev/null; then + return $SCRIPT_OK + else + return $SCRIPT_ERROR + fi + fi +} + +display_status () { + # Display the status of the running Apache CouchDB process. + + $COUCHDB -s +} + +parse_script_option_list () { + # Parse arguments passed to the script and take appropriate action. + + case "$1" in + start) + log_daemon_msg "Starting $DESCRIPTION" $NAME + if start_couchdb; then + log_end_msg $SCRIPT_OK + else + log_end_msg $SCRIPT_ERROR + fi + ;; + stop) + log_daemon_msg "Stopping $DESCRIPTION" $NAME + if stop_couchdb; then + log_end_msg $SCRIPT_OK + else + log_end_msg $SCRIPT_ERROR + fi + ;; + restart|force-reload) + log_daemon_msg "Restarting $DESCRIPTION" $NAME + if stop_couchdb; then + if start_couchdb; then + log_end_msg $SCRIPT_OK + else + log_end_msg $SCRIPT_ERROR + fi + else + log_end_msg $SCRIPT_ERROR + fi + ;; + status) + display_status + ;; + *) + cat << EOF >&2 +Usage: $SCRIPT_NAME {start|stop|restart|force-reload|status} +EOF + exit $SCRIPT_ERROR + ;; + esac +} + +parse_script_option_list $@ diff --git a/cookbooks/couchdb/metadata.rb b/cookbooks/couchdb/metadata.rb new file mode 100644 index 0000000..88b30ce --- /dev/null +++ b/cookbooks/couchdb/metadata.rb @@ -0,0 +1,24 @@ +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +description "Installs CouchDB package and starts service" +long_description <<-EOH +Installs the CouchDB package if it is available from an package repository on +the node. If the package repository is not available, CouchDB needs to be +installed via some other method, either a backported package, or compiled +directly from source. CouchDB is available on Red Hat-based systems through +the EPEL Yum Repository. +EOH +version "1.0.0" +depends "erlang" +recipe "couchdb", "Installs and configures CouchDB package" +recipe "couchdb::source", "Installs and configures CouchDB from source" + +supports "ubuntu", ">= 8.10" # for package in APT +supports "debian", ">= 5.0" # for package in APT +supports "openbsd" +supports "freebsd" + +%w{ rhel centos fedora }.each do |os| + supports os # requires EPEL Yum Repository +end diff --git a/cookbooks/couchdb/recipes/default.rb b/cookbooks/couchdb/recipes/default.rb new file mode 100644 index 0000000..c69c0bb --- /dev/null +++ b/cookbooks/couchdb/recipes/default.rb @@ -0,0 +1,64 @@ +# +# Author:: Joshua Timberman +# Cookbook Name:: couchdb +# Recipe:: default +# +# Copyright 2008-2009, Opscode, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +include_recipe "erlang" + +case node['platform'] +when "redhat","centos","fedora","amazon" + group "couchdb" do + system true + end + + user "couchdb" do + comment "Couchdb Database Server" + gid "couchdb" + shell "/bin/bash" + home "/var/lib/couchdb" + system true + end +end + +package "couchdb" do + package_name value_for_platform( + "openbsd" => { "default" => "apache-couchdb" }, + "gentoo" => { "default" => "dev-db/couchdb" }, + "default" => "couchdb" + ) +end + +directory "/var/lib/couchdb" do + owner "couchdb" + group "couchdb" + recursive true + path value_for_platform( + "openbsd" => { "default" => "/var/couchdb" }, + "freebsd" => { "default" => "/var/couchdb" }, + "gentoo" => { "default" => "/var/couchdb" }, + "default" => "/var/lib/couchdb" + ) +end + +service "couchdb" do + if platform?("centos","redhat","fedora") + start_command "/sbin/service couchdb start &> /dev/null" + stop_command "/sbin/service couchdb stop &> /dev/null" + end + supports [ :restart, :status ] + action [ :enable, :start ] +end diff --git a/cookbooks/couchdb/recipes/source.rb b/cookbooks/couchdb/recipes/source.rb new file mode 100644 index 0000000..f0febc1 --- /dev/null +++ b/cookbooks/couchdb/recipes/source.rb @@ -0,0 +1,93 @@ +# +# Author:: Joshua Timberman +# Cookbook Name:: couchdb +# Recipe:: source +# +# Copyright 2010, Opscode, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +if node['platform'] == "ubuntu" && node['platform_version'].to_f == 8.04 + log "Ubuntu 8.04 does not supply sufficient development libraries via APT to install CouchDB #{node['couch_db']['src_version']} from source." + return +end + +include_recipe "erlang" + +couchdb_tar_gz = File.join(Chef::Config[:file_cache_path], "/", "apache-couchdb-#{node['couch_db']['src_version']}.tar.gz") +compile_flags = String.new +dev_pkgs = Array.new + +case node['platform'] +when "debian", "ubuntu" + + dev_pkgs << "libicu-dev" + dev_pkgs << "libcurl4-openssl-dev" + dev_pkgs << value_for_platform( + "debian" => { "default" => "libmozjs-dev" }, + "ubuntu" => { + "9.04" => "libmozjs-dev", + "9.10" => "libmozjs-dev", + "default" => "xulrunner-dev" + } + ) + + dev_pkgs.each do |pkg| + package pkg + end + + if node['platform_version'].to_f >= 10.04 + compile_flags = "--with-js-lib=/usr/lib/xulrunner-devel-1.9.2.8/lib --with-js-include=/usr/lib/xulrunner-devel-1.9.2.8/include" + end +end + +remote_file couchdb_tar_gz do + checksum node['couch_db']['src_checksum'] + source node['couch_db']['src_mirror'] +end + +bash "install couchdb #{node['couch_db']['src_version']}" do + cwd Chef::Config[:file_cache_path] + code <<-EOH + tar -zxf #{couchdb_tar_gz} + cd apache-couchdb-#{node['couch_db']['src_version']} && ./configure #{compile_flags} && make && make install + EOH + not_if { ::FileTest.exists?("/usr/local/bin/couchdb") } +end + +user "couchdb" do + home "/usr/local/var/lib/couchdb" + comment "CouchDB Administrator" + supports :manage_home => false + system true +end + +%w{ var/lib/couchdb var/log/couchdb var/run etc/couchdb }.each do |dir| + directory "/usr/local/#{dir}" do + owner "couchdb" + group "couchdb" + mode "0770" + end +end + +cookbook_file "/etc/init.d/couchdb" do + source "couchdb.init" + owner "root" + group "root" + mode "0755" +end + +service "couchdb" do + supports [ :restart, :status ] + action [:enable, :start] +end diff --git a/cookbooks/couchdb/templates/default/port_couchdb.erb b/cookbooks/couchdb/templates/default/port_couchdb.erb new file mode 100644 index 0000000..a11f8aa --- /dev/null +++ b/cookbooks/couchdb/templates/default/port_couchdb.erb @@ -0,0 +1,2 @@ +# CouchDB +-A FWR -p tcp -m tcp --dport 5984 -j ACCEPT \ No newline at end of file diff --git a/cookbooks/daemontools/README.md b/cookbooks/daemontools/README.md new file mode 100644 index 0000000..f9b42c3 --- /dev/null +++ b/cookbooks/daemontools/README.md @@ -0,0 +1,43 @@ +Description +=========== + +Installs DJB's Daemontools and includes a service LWRP. + +Requirements +============ + +Should work on ArchLinux, Debian and Ubuntu. May work on Red Hat family distributions. + +Requires build-essential and ucspi-tcp cookbooks. + +Attributes +========== + +* `node[:daemontools][:bin_dir]` - Sets the location of the binaries for daemontools, default is selected by platform, or '/usr/local/bin' as a fallback. + +Resource/Provider +================= + +This cookbook includes an LWRP for managing daemontools services. + +Usage +===== + +License and Author +================== + +Author: Joshua Timberman () + +Copyright 2010, Opscode, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/cookbooks/daemontools/attributes/default.rb b/cookbooks/daemontools/attributes/default.rb new file mode 100644 index 0000000..4d484cd --- /dev/null +++ b/cookbooks/daemontools/attributes/default.rb @@ -0,0 +1,42 @@ +# +# Cookbook Name:: daemontools +# Attributes:: default +# +# Copyright 2010, Opscode, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +case platform +when "ubuntu" + if platform_version.to_f >= 9.04 + set[:daemontools][:bin_dir] = "/usr/bin" + set[:daemontools][:service_dir] = "/etc/service" + else + set[:daemontools][:bin_dir] = "/usr/local/bin" + set[:daemontools][:service_dir] = "/etc/service" + end +when "debian" + if platform_version.to_f >= 5.0 + set[:daemontools][:bin_dir] = "/usr/bin" + set[:daemontools][:service_dir] = "/etc/service" + else + set[:daemontools][:bin_dir] = "/usr/local/bin" + set[:daemontools][:service_dir] = "/etc/service" + end +when "arch" + set[:daemontools][:bin_dir] = "/usr/sbin" + set[:daemontools][:service_dir] = "/etc/service" +else + set[:daemontools][:bin_dir] = "/usr/local/bin" + set[:daemontools][:service_dir] = "/etc/service" +end diff --git a/cookbooks/daemontools/files/arch/PKGBUILD b/cookbooks/daemontools/files/arch/PKGBUILD new file mode 100644 index 0000000..f5fc903 --- /dev/null +++ b/cookbooks/daemontools/files/arch/PKGBUILD @@ -0,0 +1,36 @@ +# Contributor: jianingy + +pkgname=daemontools +pkgrel=4 +pkgver=0.76 +pkgdesc="daemontools is a collection of tools for managing UNIX services." +arch=(i686 x86_64) +url="http://cr.yp.to/daemontools.html" +license=('public domain') +depends=('pacman>=3.1.0') +backups=('/etc/inittab') +install=daemontools.install +source=( + "http://cr.yp.to/daemontools/$pkgname-$pkgver.tar.gz" + 'daemontools-0.76.errno.patch' + 'daemontools-0.76.svscanboot-path-fix.patch' +) +md5sums=( + '1871af2453d6e464034968a0fbcb2bfc' + '1ab80be37239e920542425baa8f1c5b9' + '1854f01aed93f0fd1577db2da51f1935' +) +sha1sums=( + '70a1be67e7dbe0192a887905846acc99ad5ce5b7' + 'ee5b43b333dae9ee3ad0d2f9aeb9c1e2537f0978' + '5fd9c45aab2e9bd83e71440092dfb0e2482bfb4f' +) + +build() { + cd $srcdir/admin/$pkgname-$pkgver || exit 1 + patch -p1 < $srcdir/daemontools-0.76.errno.patch || exit 1 + patch -p1 < $srcdir/daemontools-0.76.svscanboot-path-fix.patch || exit 1 + package/compile || exit 1 + mkdir -pv $pkgdir/usr/sbin $pkgdir/etc/service || exit 1 + cp -a command/* $pkgdir/usr/sbin || exit 1 +} diff --git a/cookbooks/daemontools/files/arch/daemontools-0.76.svscanboot-path-fix.patch b/cookbooks/daemontools/files/arch/daemontools-0.76.svscanboot-path-fix.patch new file mode 100644 index 0000000..bb4ddc9 --- /dev/null +++ b/cookbooks/daemontools/files/arch/daemontools-0.76.svscanboot-path-fix.patch @@ -0,0 +1,13 @@ +diff -Nur daemontools-0.76.old/src/svscanboot.sh daemontools-0.76/src/svscanboot.sh +--- daemontools-0.76.old/src/svscanboot.sh 2001-07-13 00:49:49.000000000 +0800 ++++ daemontools-0.76/src/svscanboot.sh 2009-11-07 23:46:47.000000000 +0800 +@@ -5,7 +5,7 @@ + exec >/dev/null + exec 2>/dev/null + +-/command/svc -dx /service/* /service/*/log ++/usr/sbin/svc -dx /etc/service/* /etc/service/*/log + +-env - PATH=$PATH svscan /service 2>&1 | \ ++env - PATH=$PATH svscan /etc/service 2>&1 | \ + env - PATH=$PATH readproctitle service errors: ................................................................................................................................................................................................................................................................................................................................................................................................................ diff --git a/cookbooks/daemontools/metadata.rb b/cookbooks/daemontools/metadata.rb new file mode 100644 index 0000000..1f6e03d --- /dev/null +++ b/cookbooks/daemontools/metadata.rb @@ -0,0 +1,15 @@ +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +description "Installs/Configures daemontools" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "0.9.0" +recipe "daemontools", "Installs daemontools by source or package depending on platform" + +%w{ build-essential ucspi-tcp }.each do |cb| + depends cb +end + +%w{ debian ubuntu arch }.each do |os| + supports os +end diff --git a/cookbooks/daemontools/providers/service.rb b/cookbooks/daemontools/providers/service.rb new file mode 100644 index 0000000..537f8d7 --- /dev/null +++ b/cookbooks/daemontools/providers/service.rb @@ -0,0 +1,191 @@ +# +# Cookbook Name:: daemontools +# Provider:: service +# +# Copyright 2010, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'chef/mixin/command' +require 'chef/mixin/language' +include Chef::Mixin::Command + +def load_current_resource + @svc = Chef::Resource::DaemontoolsService.new(new_resource.name) + @svc.service_name(new_resource.service_name) + + Chef::Log.debug("Checking status of service #{new_resource.service_name}") + + begin + if run_command_with_systems_locale(:command => "svok #{new_resource.directory}") == 0 + @svc.running(true) + end + rescue Chef::Exceptions::Exec + @svc.running(false) + nil + end + + if ::File.symlink?("#{node['daemontools']['service_dir']}/#{new_resource.service_name}") && ::File.exists?("#{node['daemontools']['service_dir']}/#{new_resource.service_name}/run") + @svc.enabled(true) + else + @svc.enabled(false) + end +end + +action :enable do + unless @svc.enabled + directory new_resource.directory do + owner new_resource.owner + group new_resource.group + mode 0755 + end + + if new_resource.template + template "#{new_resource.directory}/run" do + source "sv-#{new_resource.template}-run.erb" + cookbook new_resource.cookbook if new_resource.cookbook + owner new_resource.owner + group new_resource.group + mode 0755 + variables :variables => new_resource.variables unless new_resource.variables.empty? + end + if new_resource.log + directory "#{new_resource.directory}/log" do + owner new_resource.owner + group new_resource.group + mode 0755 + end + template "#{new_resource.directory}/log/run" do + source "sv-#{new_resource.template}-log-run.erb" + cookbook new_resource.cookbook if new_resource.cookbook + owner new_resource.owner + group new_resource.group + mode 0755 + end + end + if new_resource.finish + template "#{new_resource.directory}/finish" do + source "sv-#{new_resource.template}-finish.erb" + cookbook new_resource.cookbook if new_resource.cookbook + owner new_resource.owner + group new_resource.group + mode 0755 + end + end + end + + unless new_resource.env.empty? + directory "#{new_resource.directory}/env" do + owner new_resource.owner + group new_resource.group + mode 0755 + end + new_resource.env.each do |var, value| + file "#{new_resource.directory}/env/#{var}" do + content value + owner new_resource.owner + group new_resource.group + mode 0644 + end + end + end + + link"#{node['daemontools']['service_dir']}/#{new_resource.service_name}" do + to new_resource.directory + end + end +end + +action :start do + unless @svc.running + execute "svc -u #{new_resource.service_name}" + end +end + +action :disable do + if @svc.enabled + link "#{node['daemontools']['service_dir']}/#{new_resource.service_name}" do + action :delete + end + execute "svc -dx . log" do + cwd new_resource.directory + end + end +end + +action :stop do + if @svc.running + execute "svc -p #{node['daemontools']['service_dir']}/#{new_resource.service_name}" + end +end + +action :restart do + if @svc.running + execute "svc -t #{node['daemontools']['service_dir']}/#{new_resource.service_name}" + end +end + +action :up do + if @svc.running + execute "svc -u #{node['daemontools']['service_dir']}/#{new_resource.service_name}" + end +end + +action :once do + if @svc.running + execute "svc -o #{node['daemontools']['service_dir']}/#{new_resource.service_name}" + end +end + +action :pause do + if @svc.running + execute "svc -p #{node['daemontools']['service_dir']}/#{new_resource.service_name}" + end +end + +action :cont do + if @svc.running + execute "svc -c #{node['daemontools']['service_dir']}/#{new_resource.service_name}" + end +end + +action :hup do + if @svc.running + execute "svc -h #{node['daemontools']['service_dir']}/#{new_resource.service_name}" + end +end + +action :alrm do + if @svc.running + execute "svc -a #{node['daemontools']['service_dir']}/#{new_resource.service_name}" + end +end + +action :int do + if @svc.running + execute "svc -i #{node['daemontools']['service_dir']}/#{new_resource.service_name}" + end +end + +action :term do + if @svc.running + execute "svc -t #{node['daemontools']['service_dir']}/#{new_resource.service_name}" + end +end + +action :kill do + if @svc.running + execute "svc -k #{node['daemontools']['service_dir']}/#{new_resource.service_name}" + end +end diff --git a/cookbooks/daemontools/recipes/default.rb b/cookbooks/daemontools/recipes/default.rb new file mode 100644 index 0000000..ce196b6 --- /dev/null +++ b/cookbooks/daemontools/recipes/default.rb @@ -0,0 +1,70 @@ +# +# Cookbook Name:: daemontools +# Recipe:: source +# +# Copyright 2010, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "build-essential" +include_recipe "ucspi-tcp" + +installation_method = value_for_platform( + "arch" => { "default" => "aur" }, + "debian" => { "4.0" => "source", "default" => "package" }, + "ubuntu" => { + "6.06" => "source", + "6.10" => "source", + "7.04" => "source", + "7.10" => "source", + "8.04" => "source", + "8.10" => "source", + "default" => "package" + }, + "default" => { "default" => "source" } +) + +case installation_method +when "package" + package "daemontools" do + action :install + end + case node[:platform] + when "debian","ubuntu" + package "daemontools-run" do + action :install + end + end +when "aur" + pacman_aur "daemontools" do + patches ["daemontools-0.76.svscanboot-path-fix.patch"] + pkgbuild_src true + action [:build,:install] + end +when "source" + bash "install_daemontools" do + user "root" + cwd "/tmp" + code <<-EOH + (cd /tmp; wget http://cr.yp.to/daemontools/daemontools-0.76.tar.gz) + (cd /tmp; tar zxvf daemontools-0.76.tar.gz) + (cd /tmp/admin/daemontools-0.76; perl -pi -e 's/extern int errno;/\#include /' src/error.h) + (cd /tmp/admin/daemontools-0.76; package/compile) + (cd /tmp/admin/daemontools-0.76; mv command/* #{node[:daemontools][:bin_dir]}) + EOH + only_if {::File.exists?("#{node[:daemontools][:bin_dir]}/svscan")} + end +else + Chef::Log.info("Could not find a method to install Daemon Tools for platform #{node[:platform]}, version #{node[:platform_version]}") +end diff --git a/cookbooks/daemontools/resources/service.rb b/cookbooks/daemontools/resources/service.rb new file mode 100644 index 0000000..b9b07b0 --- /dev/null +++ b/cookbooks/daemontools/resources/service.rb @@ -0,0 +1,44 @@ +# +# Cookbook Name:: daemontools +# Resource:: service +# +# Copyright 2010, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# -u: Up. If the service is not running, start it. If the service stops, restart it. +# -d: Down. If the service is running, send it a TERM signal and then a CONT signal. After it stops, do not restart it. +# -o: Once. If the service is not running, start it. Do not restart it if it stops. +# -p: Pause. Send the service a STOP signal. +# -c: Continue. Send the service a CONT signal. +# -h: Hangup. Send the service a HUP signal. +# -a: Alarm. Send the service an ALRM signal. +# -i: Interrupt. Send the service an INT signal. +# -t: Terminate. Send the service a TERM signal. +# -k: Kill. Send the service a KILL signal. + +actions :start, :stop, :status, :restart, :up, :down, :once, :pause, :cont, :hup, :alrm, :int, :term, :kill, :enable, :disable + +attribute :service_name, :name_attribute => true +attribute :directory, :kind_of => String, :required => true +attribute :template, :kind_of => [String, FalseClass], :default => :service_name +attribute :cookbook, :kind_of => String +attribute :enabled, :default => false +attribute :running, :default => false +attribute :variables, :kind_of => Hash, :default => {} +attribute :owner, :regex => Chef::Config[:user_valid_regex] +attribute :group, :regex => Chef::Config[:group_valid_regex] +attribute :finish, :kind_of => [TrueClass, FalseClass] +attribute :log, :kind_of => [TrueClass, FalseClass] +attribute :env, :kind_of => Hash, :default => {} diff --git a/cookbooks/erlang/README.md b/cookbooks/erlang/README.md new file mode 100644 index 0000000..9cffa94 --- /dev/null +++ b/cookbooks/erlang/README.md @@ -0,0 +1,36 @@ +Description +=========== +Manages installation of erlang packages. For Debian/Ubuntu this means the distro version of 'erlang'. For RHEL/CentOS this means following the recommendation of RabbitMQ.com and adds an updated version of erlang and access to the EPEL Yum repository. + +http://www.rabbitmq.com/server.html + +Requirements +============ +Platform +-------- +Tested with Ubuntu 10.04 and CentOS 5.6. + +Recipes +======= +default +------- +Manages installation of erlang packages. + +License and Author +================== + +Author: Matt Ray () + +Copyright 2011, Opscode, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/cookbooks/erlang/attributes/default.rb b/cookbooks/erlang/attributes/default.rb new file mode 100644 index 0000000..f084f8c --- /dev/null +++ b/cookbooks/erlang/attributes/default.rb @@ -0,0 +1 @@ +default[:erlang][:gui_tools] = false diff --git a/cookbooks/erlang/metadata.rb b/cookbooks/erlang/metadata.rb new file mode 100644 index 0000000..117a41c --- /dev/null +++ b/cookbooks/erlang/metadata.rb @@ -0,0 +1,12 @@ +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +description "Installs erlang, optionally install GUI tools." +version "0.9.0" +depends "yum", ">= 0.5.0" + +recipe "erlang", "Installs erlang" + +%w{ ubuntu debian redhat centos scientific }.each do |os| + supports os +end diff --git a/cookbooks/erlang/recipes/default.rb b/cookbooks/erlang/recipes/default.rb new file mode 100644 index 0000000..0a7ead5 --- /dev/null +++ b/cookbooks/erlang/recipes/default.rb @@ -0,0 +1,39 @@ +# Cookbook Name:: erlang +# Recipe:: default +# Author:: Joe Williams +# Author:: Matt Ray +# +# Copyright 2008-2009, Joe Williams +# Copyright 2011, Opscode Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +case node[:platform] +when "debian", "ubuntu" + erlpkg = node[:erlang][:gui_tools] ? "erlang" : "erlang-nox" + package erlpkg + package "erlang-dev" +when "redhat", "centos", "scientific" + include_recipe "yum::epel" + yum_repository "erlang" do + name "EPELErlangrepo" + url "http://repos.fedorapeople.org/repos/peter/erlang/epel-5Server/$basearch" + description "Updated erlang yum repository for RedHat / Centos 5.x - #{node['kernel']['machine']}" + action :add + only_if { node[:platform_version].to_f >= 5.0 && node[:platform_version].to_f < 6.0 } + end + package "erlang" +else + package "erlang" +end diff --git a/cookbooks/gecode b/cookbooks/gecode new file mode 160000 index 0000000..464d159 --- /dev/null +++ b/cookbooks/gecode @@ -0,0 +1 @@ +Subproject commit 464d159cd97c62d285b49bae0c6b6bf1bc9e1c77 diff --git a/cookbooks/java/README.md b/cookbooks/java/README.md new file mode 100644 index 0000000..6577b1d --- /dev/null +++ b/cookbooks/java/README.md @@ -0,0 +1,187 @@ +Description +=========== + +Installs a Java. Uses OpenJDK by default but supports installation of Oracle's JDK. + +This cookbook also provides the `java_ark` LWRP which other java +cookbooks can use to install java-related applications from binary +packages. + +The `java_ark` LWPR may move to its own cookbook at some point in the +future as its functionality is useful for other purposes. + +Requirements +============ + +Platform +-------- + +* Debian, Ubuntu +* CentOS, Red Hat, Fedora, Scientific, Amazon +* ArchLinux +* FreeBSD + +Attributes +========== + +See `attributes/default.rb` for default values. + +* `node["java"]["install_flavor"]` - Flavor of JVM you would like installed (`oracle` or `openjdk`), default `openjdk`. +* `node['java']['java_home']` - Default location of the "`$JAVA_HOME`". +* `node['java']['tarball']` - name of the tarball to retrieve from your corporate repository default `jdk1.6.0_29_i386.tar.gz` +* `node['java']['tarball_checksum']` - checksum for the tarball, if you use a different tarball, you also need to create a new sha256 checksum +* `node['java']['jdk']` - version and architecture specific attributes + for setting the URL on Oracle's site for the JDK, and the checksum + of the .tar.gz. + +Recipes +======= + +default +------- + +Include the default recipe in a run list, to get `java`. By default +the `openjdk` flavor of Java is installed, but this can be changed by +using the `install_flavor` attribute. + +OpenJDK is the default because of licensing changes made upstream by +Oracle. See notes on the `oracle` recipe below. + +openjdk +------- + +This recipe installs the `openjdk` flavor of Java. + +oracle +------ + +This recipe installs the `oracle` flavor of Java. This recipe does not +use distribution packages as Oracle changed the licensing terms with +JDK 1.6u27 and prohibited the practice for both the debian and EL worlds. + +For both debian and centos/rhel, this recipe pulls the binary +distribution from the Oracle website, and installs it in the default +JAVA_HOME for each distribution. For debian/ubuntu, this is +/usr/lib/jvm/default-java. For Centos/RHEL, this is /usr/lib/jvm/java + +After putting the binaries in place, the oracle recipe updates +/usr/bin/java to point to the installed JDK using the +`update-alternatives` script + +oracle_i386 +----------- + +This recipe installs the 32-bit Java virtual machine without setting +it as the default. This can be useful if you have applications on the +same machine that require different versions of the JVM. + +Resources/Providers +=================== + +This LWRP provides an easy way to manage java applications. It uses +the LWRP arkive (deliberately misspelled). It is an arkive and not an +"archive" because the `java_ark` lwrp is not the same as a java +archive or "jar". Essentially, you provide the `java_ark` with the URL +to a tarball and the commands within the extracted result that you +want symlinked to /usr/bin/ + +The `java_ark` LWPR may move to its own cookbook at some point in the +future as its functionality is useful for other purposes. + +By default, the extracted directory is extracted to +`app_root/extracted_dir_name` and symlinked to `app_root/default` + +# Actions + +- `:install`: extracts the tarball and makes necessary symlinks +- `:remove`: removes the tarball and run update-alternatives for all + symlinked `bin_cmds` + +# Attribute Parameters + +- `url`: path to tarball, .tar.gz, .bin (oracle-specific), and .zip + currently supported +- `checksum`: sha256 checksum, not used for security but avoid + redownloading the archive on each chef-client run +- `app_home`: the default for installations of this type of + application, for example, `/usr/lib/tomcat/default`. If your + application is not set to the default, it will be placed at the same + level in the directory hierarchy but the directory name will be + `app_root/extracted_directory_name + "_alt"` +- `app_home_mode`: file mode for app_home, is an integer +- `bin_cmds`: array of binary commands that should be symlinked to + /usr/bin, examples are mvn, java, javac, etc. These cmds must be in + the bin/ subdirectory of the extracted folder. Will be ignored if this + java_ark is not the default +- `owner`: owner of extracted directory, set to "root" by default +- `default`: whether this the default installation of this package, + boolean true or false + + +# Examples + + # install jdk6 from Oracle + java_ark "jdk" do + url 'http://download.oracle.com/otn-pub/java/jdk/6u29-b11/jdk-6u29-linux-x64.bin' + checksum 'a8603fa62045ce2164b26f7c04859cd548ffe0e33bfc979d9fa73df42e3b3365' + app_home '/usr/local/java/default' + bin_cmds ["java", "javac"] + action :install + end + + # installs maven2 + java_ark "maven2" do + url "http://www.apache.org/dist/maven/binaries/apache-maven-2.2.1-bin.tar.gz" + checksum "b9a36559486a862abfc7fb2064fd1429f20333caae95ac51215d06d72c02d376" + app_home "/usr/local/maven/default" + bin_cmds ["mvn"] + action :install + end + +Usage +===== + +Simply include the `java` recipe where ever you would like Java installed. + +To install Oracle flavored Java on Debian or Ubuntu override the `node['java']['install_flavor']` attribute with in role: + + name "java" + description "Install Oracle Java on Ubuntu" + override_attributes( + "java" => { + "install_flavor" => "oracle" + } + ) + run_list( + "recipe[java]" + ) + +Changes +======= + +## v1.4.0: + +* [COOK-858] - numerous updates: handle jdk6 and 7, switch from sun to + oracle, make openjdk default, add `java_ark` LWRP. +* [COOK-942] - FreeBSD support +* [COOK-520] - ArchLinux support + +License and Author +================== + +Author:: Seth Chisamore () +Author:: Bryan W. Berry () + +Copyright:: 2008-2012, Opscode, Inc + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/cookbooks/java/attributes/default.rb b/cookbooks/java/attributes/default.rb new file mode 100644 index 0000000..93d4b3d --- /dev/null +++ b/cookbooks/java/attributes/default.rb @@ -0,0 +1,52 @@ +# +# Author:: Seth Chisamore () +# Cookbook Name:: java +# Attributes:: ark +# +# Copyright 2010, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# default jdk attributes +default['java']['install_flavor'] = "openjdk" +default['java']['jdk_version'] = '6' +default['java']['arch'] = kernel['machine'] =~ /x86_64/ ? "x86_64" : "i586" + +case platform +when "centos","redhat","fedora" + default['java']['java_home'] = "/usr/lib/jvm/java" +when "freebsd" + default['java']['java_home'] = "/usr/local/openjdk#{java['jdk_version']}" +when "arch" + default['java']['java_home'] = "//usr/lib/jvm/java-#{java['jdk_version']}-openjdk" +else + default['java']['java_home'] = "/usr/lib/jvm/default-java" +end + +# jdk6 attributes +# x86_64 +default['java']['jdk']['6']['x86_64']['url'] = 'http://download.oracle.com/otn-pub/java/jdk/6u30-b12/jdk-6u30-linux-x64.bin' +default['java']['jdk']['6']['x86_64']['checksum'] = '928220f4e46c5dabef0440791c48023945629d8a23998e072157e04960d8a759' + +# i586 +default['java']['jdk']['6']['i586']['url'] = 'http://download.oracle.com/otn-pub/java/jdk/6u30-b12/jdk-6u30-linux-i586.bin' +default['java']['jdk']['6']['i586']['checksum'] = 'b551be83a690bc9fec0107d9aa4f828cd47e150fa54cbedbfa8f80c99e2f18b5' + +# jdk7 attributes +# x86_64 +default['java']['jdk']['7']['x86_64']['url'] = 'http://download.oracle.com/otn-pub/java/jdk/7u2-b13/jdk-7u2-linux-x64.tar.gz' +default['java']['jdk']['7']['x86_64']['checksum'] = '411a204122c5e45876d6edae1a031b718c01e6175833740b406e8aafc37bc82d' + +# i586 +default['java']['jdk']['7']['i586']['url'] = 'http://download.oracle.com/otn-pub/java/jdk/7u2-b13/jdk-7u2-linux-i586.tar.gz' +default['java']['jdk']['7']['i586']['checksum'] = '74faad48fef2c368276dbd1fd6c02520b0e9ebdcb1621916c1af345fc3ba65d1' diff --git a/cookbooks/java/metadata.rb b/cookbooks/java/metadata.rb new file mode 100644 index 0000000..c07261c --- /dev/null +++ b/cookbooks/java/metadata.rb @@ -0,0 +1,16 @@ +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +description "Installs Java runtime." +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "1.4.0" + +recipe "java", "Installs Java runtime" +recipe "java::openjdk", "Installs the OpenJDK flavor of Java" +recipe "java::oracle", "Installs the Oracle flavor of Java" +recipe "java::oracle_i386", "Installs the 32-bit jvm without setting it as the default" + + +%w{ debian ubuntu centos redhat scientific fedora amazon arch freebsd }.each do |os| + supports os +end diff --git a/cookbooks/java/providers/ark.rb b/cookbooks/java/providers/ark.rb new file mode 100644 index 0000000..f1c6c4e --- /dev/null +++ b/cookbooks/java/providers/ark.rb @@ -0,0 +1,158 @@ +# +# Author:: Bryan W. Berry () +# Cookbook Name:: java +# Provider:: ark +# +# Copyright 2011, Bryan w. Berry +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +def parse_app_dir_name url + file_name = url.split('/')[-1] + # funky logic to parse oracle's non-standard naming convention + # for jdk1.6 + if file_name =~ /^(jre|jdk).*$/ + major_num = file_name.scan(/\d/)[0] + update_num = file_name.scan(/\d+/)[1] + # pad a single digit number with a zero + if update_num.length < 2 + update_num = "0" + update_num + end + package_name = file_name.scan(/[a-z]+/)[0] + app_dir_name = "#{package_name}1.#{major_num}.0_#{update_num}" + else + app_dir_name = file_name.split(/(.tar.gz|.zip)/)[0] + app_dir_name = app_dir_name.split("-bin")[0] + end + [app_dir_name, file_name] +end + +action :install do + app_dir_name, tarball_name = parse_app_dir_name(new_resource.url) + app_root = new_resource.app_home.split('/')[0..-2].join('/') + app_dir = app_root + '/' + app_dir_name + + unless new_resource.default + Chef::Log.debug("processing alternate jdk") + app_dir = app_dir + "_alt" + app_home = app_dir + else + app_home = new_resource.app_home + end + + unless ::File.exists?(app_dir) + Chef::Log.info "Adding #{new_resource.name} to #{app_dir}" + require 'fileutils' + + unless ::File.exists?(app_root) + FileUtils.mkdir app_root, :mode => new_resource.app_home_mode + FileUtils.chown new_resource.owner, new_resource.owner, app_root + end + + r = remote_file "#{Chef::Config[:file_cache_path]}/#{tarball_name}" do + source new_resource.url + checksum new_resource.checksum + mode 0755 + action :nothing + end + r.run_action(:create_if_missing) + + require 'tmpdir' + + tmpdir = Dir.mktmpdir + case tarball_name + when /^.*\.bin/ + cmd = Chef::ShellOut.new( + %Q[ cd "#{tmpdir}"; + cp "#{Chef::Config[:file_cache_path]}/#{tarball_name}" . ; + bash ./#{tarball_name} -noregister + ] ).run_command + unless cmd.exitstatus == 0 + Chef::Application.fatal!("Failed to extract file #{tarball_name}!") + end + when /^.*\.zip/ + cmd = Chef::ShellOut.new( + %Q[ unzip "#{Chef::Config[:file_cache_path]}/#{tarball_name}" -d "#{tmpdir}" ] + ).run_command + unless cmd.exitstatus == 0 + Chef::Application.fatal!("Failed to extract file #{tarball_name}!") + end + when /^.*\.tar.gz/ + cmd = Chef::ShellOut.new( + %Q[ tar xvzf "#{Chef::Config[:file_cache_path]}/#{tarball_name}" -C "#{tmpdir}" ] + ).run_command + unless cmd.exitstatus == 0 + Chef::Application.fatal!("Failed to extract file #{tarball_name}!") + end + end + + cmd = Chef::ShellOut.new( + %Q[ mv "#{tmpdir}/#{app_dir_name}" "#{app_dir}" ] + ).run_command + unless cmd.exitstatus == 0 + Chef::Application.fatal!(%Q[ Command \' mv "#{tmpdir}/#{app_dir_name}" "#{app_dir}" \' failed ]) + end + FileUtils.rm_r tmpdir + new_resource.updated_by_last_action(true) + end + + #update-alternatives + if new_resource.default + Chef::Log.debug "app_home is #{app_home} and app_dir is #{app_dir}" + current_link = ::File.symlink?(app_home) ? ::File.readlink(app_home) : nil + if current_link != app_dir + Chef::Log.debug "symlinking #{app_dir} to #{app_home}" + FileUtils.rm_f app_home + FileUtils.ln_sf app_dir, app_home + end + if new_resource.bin_cmds + new_resource.bin_cmds.each do |cmd| + if ::File.exists? "/usr/bin/#{cmd}" + current_bin_link = ::File.readlink("/usr/bin/#{cmd}") + else + current_bin_link = false + end + should_be_link = "#{app_home}/bin/#{cmd}" + if current_bin_link != should_be_link + cmd = Chef::ShellOut.new( + %Q[ update-alternatives --install /usr/bin/#{cmd} #{cmd} #{app_home}/bin/#{cmd} 1; + update-alternatives --set #{cmd} #{app_home}/bin/#{cmd} ] + ).run_command + unless cmd.exitstatus == 0 + Chef::Application.fatal!(%Q[ update alternatives failed ]) + end + end + end + end + end +end + +action :remove do + app_dir_name, tarball_name = parse_app_dir_name(new_resource.url) + app_root = new_resource.app_home.split('/')[0..-2].join('/') + app_dir = app_root + '/' + app_dir_name + + if ::File.exists?(app_dir) + new_resource.bin_cmds.each do |cmd| + cmd = execute "update_alternatives" do + command "update-alternatives --remove #{cmd} #{app_dir} " + returns [0,2] + action :nothing + end + cmd.run_action(:run) + end + Chef::Log.info "Removing #{new_resource.name} at #{app_dir}" + FileUtils.rm_rf app_dir + new_resource.updated_by_last_action(true) + end +end diff --git a/cookbooks/java/recipes/default.rb b/cookbooks/java/recipes/default.rb new file mode 100644 index 0000000..5b41dae --- /dev/null +++ b/cookbooks/java/recipes/default.rb @@ -0,0 +1,21 @@ +# +# Author:: Seth Chisamore () +# Cookbook Name:: java +# Recipe:: default +# +# Copyright 2008-2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "java::#{node['java']['install_flavor']}" diff --git a/cookbooks/java/recipes/openjdk.rb b/cookbooks/java/recipes/openjdk.rb new file mode 100644 index 0000000..ff211bb --- /dev/null +++ b/cookbooks/java/recipes/openjdk.rb @@ -0,0 +1,83 @@ +# Author:: Bryan W. Berry () +# Author:: Seth Chisamore () +# Cookbook Name:: java +# Recipe:: openjdk +# +# Copyright 2010-2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +version = node['java']['jdk_version'] +java_home = node['java']['java_home'] +java_home_parent = File.dirname java_home +jdk_home = "" + +pkgs = value_for_platform( + ["centos","redhat","fedora"] => { + "default" => ["java-1.#{version}.0-openjdk","java-1.#{version}.0-openjdk-devel"] + }, + ["arch","freebsd"] => { + "default" => ["openjdk#{version}"] + }, + "default" => ["openjdk-#{version}-jdk"] + ) + +# done by special request for rberger +ruby_block "set-env-java-home" do + block do + ENV["JAVA_HOME"] = java_home + end +end + +if platform?("ubuntu","debian","redhat","centos","fedora","scientific","amazon") + ruby_block "update-java-alternatives" do + block do + if platform?("ubuntu", "debian") and version == 6 + run_context = Chef::RunContext.new(node, {}) + r = Chef::Resource::Execute.new("update-java-alternatives", run_context) + r.command "update-java-alternatives -s java-6-openjdk" + r.returns [0,2] + r.run_action(:create) + else + # have to do this on ubuntu for version 7 because Ubuntu does + # not currently set jdk 7 as the default jvm on installation + require "fileutils" + arch = node['kernel']['machine'] =~ /x86_64/ ? "x86_64" : "i386" + Chef::Log.debug("glob is #{java_home_parent}/java*#{version}*openjdk*") + jdk_home = Dir.glob("#{java_home_parent}/java*#{version}*openjdk{,[-\.]#{arch}}")[0] + Chef::Log.debug("jdk_home is #{jdk_home}") + # delete the symlink if it already exists + if File.exists? java_home + FileUtils.rm_f java_home + end + FileUtils.ln_sf jdk_home, java_home + + cmd = Chef::ShellOut.new( + %Q[ update-alternatives --install /usr/bin/java java #{java_home}/bin/java 1; + update-alternatives --set java #{java_home}/bin/java ] + ).run_command + unless cmd.exitstatus == 0 or cmd.exitstatus == 2 + Chef::Application.fatal!("Failed to update-alternatives for openjdk!") + end + end + end + action :nothing + end +end + +pkgs.each do |pkg| + package pkg do + action :install + notifies :create, "ruby_block[update-java-alternatives]" if platform?("ubuntu","debian","redhat","centos","fedora","scientific","amazon") + end +end diff --git a/cookbooks/java/recipes/oracle.rb b/cookbooks/java/recipes/oracle.rb new file mode 100644 index 0000000..cf4426d --- /dev/null +++ b/cookbooks/java/recipes/oracle.rb @@ -0,0 +1,52 @@ +# +# Author:: Bryan W. Berry () +# Cookbook Name:: java +# Recipe:: oracle +# +# Copyright 2011, Bryan w. Berry +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +java_home = node['java']["java_home"] +arch = node['java']['arch'] +jdk_version = node['java']['jdk_version'] + +#convert version number to a string if it isn't already +if jdk_version.instance_of? Fixnum + jdk_version = jdk_version.to_s +end + +case jdk_version +when "6" + tarball_url = node['java']['jdk']['6'][arch]['url'] + tarball_checksum = node['java']['jdk']['6'][arch]['checksum'] +when "7" + tarball_url = node['java']['jdk']['7'][arch]['url'] + tarball_checksum = node['java']['jdk']['7'][arch]['checksum'] +end + +ruby_block "set-env-java-home" do + block do + ENV["JAVA_HOME"] = java_home + end +end + +java_ark "jdk" do + url tarball_url + checksum tarball_checksum + app_home java_home + bin_cmds ["java"] + action :install +end + diff --git a/cookbooks/java/recipes/oracle_i386.rb b/cookbooks/java/recipes/oracle_i386.rb new file mode 100644 index 0000000..192766a --- /dev/null +++ b/cookbooks/java/recipes/oracle_i386.rb @@ -0,0 +1,48 @@ +# +# Author:: Bryan W. Berry () +# Cookbook Name:: java +# Recipe:: oracle_i386 +# +# Copyright 2010-2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +java_home = node['java']["java_home"] + +case node['java']['jdk_version'] +when "6" + tarball_url = node['java']['jdk']['6']['i586']['url'] + tarball_checksum = node['java']['jdk']['6']['i586']['checksum'] +when "7" + tarball_url = node['java']['jdk']['7']['i586']['url'] + tarball_checksum = node['java']['jdk']['7']['i586']['checksum'] +end + +ruby_block "set-env-java-home" do + block do + ENV["JAVA_HOME"] = java_home + end +end + +yum_package "glibc" do + arch "i686" +# provider Chef::Provider::Package::Yum +end + +java_ark "jdk-alt" do + url tarball_url + checksum tarball_checksum + app_home java_home + default false + action :install +end diff --git a/cookbooks/java/resources/ark.rb b/cookbooks/java/resources/ark.rb new file mode 100644 index 0000000..77c8e84 --- /dev/null +++ b/cookbooks/java/resources/ark.rb @@ -0,0 +1,37 @@ +# +# Author:: Bryan W. Berry () +# Cookbook Name:: java +# Resource:: ark +# +# Copyright 2011, Bryan w. Berry +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +actions :install, :remove + +attribute :url, :regex => /^http:\/\/.*(tar.gz|bin|zip)$/, :default => nil +attribute :mirrorlist, :kind_of => Array, :default => nil +attribute :checksum, :regex => /^[a-zA-Z0-9]{64}$/, :default => nil +attribute :app_home, :kind_of => String, :default => nil +attribute :app_home_mode, :kind_of => Integer, :default => 0755 +attribute :bin_cmds, :kind_of => Array, :default => nil +attribute :owner, :default => "root" +attribute :default, :equal_to => [true, false], :default => true + +# we have to set default for the supports attribute +# in initializer since it is a 'reserved' attribute name +def initialize(*args) + super + @action = :install + @supports = {:report => true, :exception => true} +end diff --git a/cookbooks/nginx/README.md b/cookbooks/nginx/README.md new file mode 100644 index 0000000..7ff46ec --- /dev/null +++ b/cookbooks/nginx/README.md @@ -0,0 +1,91 @@ +Description +=========== + +Installs nginx from package OR source code and sets up configuration handling similar to Debian's Apache2 scripts. + +Requirements +============ + +Cookbooks +--------- + +* build-essential (for nginx::source) +* runit (for nginx::source) + +Platform +-------- + +Debian or Ubuntu though may work where 'build-essential' works, but other platforms are untested. + +Attributes +========== + +All node attributes are set under the `nginx` namespace. + +* version - sets the version to install. +* dir - configuration dir. +* `log_dir` - where logs go. +* user - user to run as. +* binary - path to nginx binary. +* gzip - all attributes under the `gzip` namespace configure the gzip module. +* keepalive - whether to use keepalive. +* `keepalive_timeout` - set the keepalive timeout. +* `worker_processes` - number of workers to spawn. +* `worker_connections` - number of connections per worker. +* `server_names_hash_bucket_size` + +The following attributes are set at the 'normal' node level via the `nginx::source` recipe. + +* `install_path` - for nginx::source, sets the --prefix installation. +* `src_binary` - for nginx::source, sets the binary location. +* `configure_flags` - for nginx::source, an array of flags to use for compilation. + +Usage +===== + +Provides two ways to install and configure nginx. + +* Install via native package (nginx::default) +* Install via compiled source (nginx::source) + +Both recipes implement configuration handling similar to the Debian Apache2 site enable/disable. + +There's some redundancy in that the config handling hasn't been separated from the installation method (yet), so use only one of the recipes. + +Some of the attributes mentioned above are only set in the `nginx::source` recipe. They can be overridden by setting them via a role in `override_attributes`. + +Changes +======= + +## v0.100.0: + +* [COOK-818] - add "application/json" per RFC. +* [COOK-870] - bluepill init style support +* [COOK-957] - Compress application/javascript. +* [COOK-981] - Add reload support to NGINX service + +## v0.99.2: + +* [COOK-809] - attribute to disable access logging +* [COOK-772] - update nginx download source location + +License and Author +================== + +Author:: Joshua Timberman () +Author:: Adam Jacob () +Author:: AJ Christensen () + +Copyright:: 2008-2011, Opscode, Inc + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/cookbooks/nginx/attributes/default.rb b/cookbooks/nginx/attributes/default.rb new file mode 100644 index 0000000..e6d2de1 --- /dev/null +++ b/cookbooks/nginx/attributes/default.rb @@ -0,0 +1,65 @@ +# +# Cookbook Name:: nginx +# Attributes:: default +# +# Author:: Adam Jacob () +# Author:: Joshua Timberman () +# +# Copyright 2009-2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +default[:nginx][:version] = "0.8.54" + +case platform +when "debian","ubuntu" + default[:nginx][:dir] = "/etc/nginx" + default[:nginx][:log_dir] = "/var/log/nginx" + default[:nginx][:user] = "www-data" + default[:nginx][:binary] = "/usr/sbin/nginx" + default[:nginx][:init_style] = "runit" +else + default[:nginx][:dir] = "/etc/nginx" + default[:nginx][:log_dir] = "/var/log/nginx" + default[:nginx][:user] = "www-data" + default[:nginx][:binary] = "/usr/sbin/nginx" + default[:nginx][:init_style] = "init" +end + +default[:nginx][:pid] = "/var/run/nginx.pid" + +default[:nginx][:gzip] = "on" +default[:nginx][:gzip_http_version] = "1.0" +default[:nginx][:gzip_comp_level] = "2" +default[:nginx][:gzip_proxied] = "any" +default[:nginx][:gzip_types] = [ + "text/plain", + "text/html", + "text/css", + "application/x-javascript", + "text/xml", + "application/xml", + "application/xml+rss", + "text/javascript", + "application/javascript", + "application/json" +] + +default[:nginx][:keepalive] = "on" +default[:nginx][:keepalive_timeout] = 65 +default[:nginx][:worker_processes] = cpu[:total] +default[:nginx][:worker_connections] = 2048 +default[:nginx][:server_names_hash_bucket_size] = 64 + +default[:nginx][:disable_access_log] = false diff --git a/cookbooks/nginx/definitions/nginx_site.rb b/cookbooks/nginx/definitions/nginx_site.rb new file mode 100644 index 0000000..9b6e4e1 --- /dev/null +++ b/cookbooks/nginx/definitions/nginx_site.rb @@ -0,0 +1,35 @@ +# +# Cookbook Name:: nginx +# Definition:: nginx_site +# Author:: AJ Christensen +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +define :nginx_site, :enable => true do + if params[:enable] + execute "nxensite #{params[:name]}" do + command "/usr/sbin/nxensite #{params[:name]}" + notifies :reload, resources(:service => "nginx") + not_if do ::File.symlink?("#{node[:nginx][:dir]}/sites-enabled/#{params[:name]}") end + end + else + execute "nxdissite #{params[:name]}" do + command "/usr/sbin/nxdissite #{params[:name]}" + notifies :reload, resources(:service => "nginx") + only_if do ::File.symlink?("#{node[:nginx][:dir]}/sites-enabled/#{params[:name]}") end + end + end +end diff --git a/cookbooks/nginx/files/default/mime.types b/cookbooks/nginx/files/default/mime.types new file mode 100644 index 0000000..0ba964e --- /dev/null +++ b/cookbooks/nginx/files/default/mime.types @@ -0,0 +1,73 @@ +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/x-javascript js; + application/json json; + application/atom+xml atom; + application/rss+xml rss; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/png png; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + image/svg+xml svg; + + application/java-archive jar war ear; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.ms-excel xls; + application/vnd.ms-powerpoint ppt; + application/vnd.wap.wmlc wmlc; + application/vnd.wap.xhtml+xml xhtml; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream eot; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mpeg mpeg mpg; + video/quicktime mov; + video/x-flv flv; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} diff --git a/cookbooks/nginx/metadata.rb b/cookbooks/nginx/metadata.rb new file mode 100644 index 0000000..18f63d0 --- /dev/null +++ b/cookbooks/nginx/metadata.rb @@ -0,0 +1,89 @@ +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +description "Installs and configures nginx" +version "0.100.0" + +recipe "nginx", "Installs nginx package and sets up configuration with Debian apache style with sites-enabled/sites-available" +recipe "nginx::source", "Installs nginx from source and sets up configuration with Debian apache style with sites-enabled/sites-available" + +%w{ ubuntu debian centos redhat fedora }.each do |os| + supports os +end + +%w{ build-essential runit bluepill }.each do |cb| + depends cb +end + +attribute "nginx/dir", + :display_name => "Nginx Directory", + :description => "Location of nginx configuration files", + :default => "/etc/nginx" + +attribute "nginx/log_dir", + :display_name => "Nginx Log Directory", + :description => "Location for nginx logs", + :default => "/var/log/nginx" + +attribute "nginx/user", + :display_name => "Nginx User", + :description => "User nginx will run as", + :default => "www-data" + +attribute "nginx/binary", + :display_name => "Nginx Binary", + :description => "Location of the nginx server binary", + :default => "/usr/sbin/nginx" + +attribute "nginx/gzip", + :display_name => "Nginx Gzip", + :description => "Whether gzip is enabled", + :default => "on" + +attribute "nginx/gzip_http_version", + :display_name => "Nginx Gzip HTTP Version", + :description => "Version of HTTP Gzip", + :default => "1.0" + +attribute "nginx/gzip_comp_level", + :display_name => "Nginx Gzip Compression Level", + :description => "Amount of compression to use", + :default => "2" + +attribute "nginx/gzip_proxied", + :display_name => "Nginx Gzip Proxied", + :description => "Whether gzip is proxied", + :default => "any" + +attribute "nginx/gzip_types", + :display_name => "Nginx Gzip Types", + :description => "Supported MIME-types for gzip", + :type => "array", + :default => [ "text/plain", "text/html", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript" ] + +attribute "nginx/keepalive", + :display_name => "Nginx Keepalive", + :description => "Whether to enable keepalive", + :default => "on" + +attribute "nginx/keepalive_timeout", + :display_name => "Nginx Keepalive Timeout", + :default => "65" + +attribute "nginx/worker_processes", + :display_name => "Nginx Worker Processes", + :description => "Number of worker processes", + :default => "1" + +attribute "nginx/worker_connections", + :display_name => "Nginx Worker Connections", + :description => "Number of connections per worker", + :default => "1024" + +attribute "nginx/server_names_hash_bucket_size", + :display_name => "Nginx Server Names Hash Bucket Size", + :default => "64" + +attribute "nginx/disable_access_log", + :display_name => "Disable Access Log", + :default => "false" diff --git a/cookbooks/nginx/recipes/default.rb b/cookbooks/nginx/recipes/default.rb new file mode 100644 index 0000000..d551ce3 --- /dev/null +++ b/cookbooks/nginx/recipes/default.rb @@ -0,0 +1,57 @@ +# +# Cookbook Name:: nginx +# Recipe:: default +# Author:: AJ Christensen +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +package "nginx" + +directory node[:nginx][:log_dir] do + mode 0755 + owner node[:nginx][:user] + action :create +end + +%w{nxensite nxdissite}.each do |nxscript| + template "/usr/sbin/#{nxscript}" do + source "#{nxscript}.erb" + mode 0755 + owner "root" + group "root" + end +end + +template "nginx.conf" do + path "#{node[:nginx][:dir]}/nginx.conf" + source "nginx.conf.erb" + owner "root" + group "root" + mode 0644 + notifies :reload, "service[nginx]" +end + +template "#{node[:nginx][:dir]}/sites-available/default" do + source "default-site.erb" + owner "root" + group "root" + mode 0644 +end + +service "nginx" do + supports :status => true, :restart => true, :reload => true + action [ :enable, :start ] +end diff --git a/cookbooks/nginx/recipes/source.rb b/cookbooks/nginx/recipes/source.rb new file mode 100644 index 0000000..e9fc5f0 --- /dev/null +++ b/cookbooks/nginx/recipes/source.rb @@ -0,0 +1,172 @@ +# +# Cookbook Name:: nginx +# Recipe:: source +# +# Author:: Adam Jacob () +# Author:: Joshua Timberman () +# +# Copyright 2009-2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "build-essential" + +packages = value_for_platform( + ["centos","redhat","fedora"] => {'default' => ['pcre-devel', 'openssl-devel']}, + "default" => ['libpcre3', 'libpcre3-dev', 'libssl-dev'] + ) + +packages.each do |devpkg| + package devpkg +end + +nginx_version = node[:nginx][:version] + +node.set[:nginx][:install_path] = "/opt/nginx-#{nginx_version}" +node.set[:nginx][:src_binary] = "#{node[:nginx][:install_path]}/sbin/nginx" +node.set[:nginx][:daemon_disable] = true +node.set[:nginx][:configure_flags] = [ + "--prefix=#{node[:nginx][:install_path]}", + "--conf-path=#{node[:nginx][:dir]}/nginx.conf", + "--with-http_ssl_module", + "--with-http_gzip_static_module" +] + +configure_flags = node[:nginx][:configure_flags].join(" ") + +remote_file "#{Chef::Config[:file_cache_path]}/nginx-#{nginx_version}.tar.gz" do + source "http://nginx.org/download/nginx-#{nginx_version}.tar.gz" + action :create_if_missing +end + +bash "compile_nginx_source" do + cwd Chef::Config[:file_cache_path] + code <<-EOH + tar zxf nginx-#{nginx_version}.tar.gz + cd nginx-#{nginx_version} && ./configure #{configure_flags} + make && make install + EOH + creates node[:nginx][:src_binary] + notifies :restart, "service[nginx]" +end + +user node[:nginx][:user] do + system true + shell "/bin/false" + home "/var/www" +end + +directory node[:nginx][:log_dir] do + mode 0755 + owner node[:nginx][:user] + action :create +end + +directory node[:nginx][:dir] do + owner "root" + group "root" + mode "0755" +end + +case node[:nginx][:init_style] +when "runit" + include_recipe "runit" + + runit_service "nginx" + + service "nginx" do + supports :status => true, :restart => true, :reload => true + reload_command "[[ -f #{node[:nginx][:pid]} ]] && kill -HUP `cat #{node[:nginx][:pid]}` || true" + end +when "bluepill" + include_recipe "bluepill" + + template "#{node['bluepill']['conf_dir']}/nginx.pill" do + source "nginx.pill.erb" + mode 0644 + variables( + :working_dir => node[:nginx][:install_path], + :src_binary => node[:nginx][:src_binary], + :nginx_dir => node[:nginx][:dir], + :log_dir => node[:nginx][:log_dir], + :pid => node[:nginx][:pid] + ) + end + + bluepill_service "nginx" do + action [ :enable, :load ] + end + + service "nginx" do + supports :status => true, :restart => true, :reload => true + reload_command "[[ -f #{node[:nginx][:pid]} ]] && kill -HUP `cat #{node[:nginx][:pid]}` || true" + action :nothing + end +else + #install init db script + template "/etc/init.d/nginx" do + source "nginx.init.erb" + owner "root" + group "root" + mode "0755" + end + + #install sysconfig file (not really needed but standard) + template "/etc/sysconfig/nginx" do + source "nginx.sysconfig.erb" + owner "root" + group "root" + mode "0644" + end + + #register service + service "nginx" do + supports :status => true, :restart => true, :reload => true + action :enable + end +end + +%w{ sites-available sites-enabled conf.d }.each do |dir| + directory "#{node[:nginx][:dir]}/#{dir}" do + owner "root" + group "root" + mode "0755" + end +end + +%w{nxensite nxdissite}.each do |nxscript| + template "/usr/sbin/#{nxscript}" do + source "#{nxscript}.erb" + mode "0755" + owner "root" + group "root" + end +end + +template "nginx.conf" do + path "#{node[:nginx][:dir]}/nginx.conf" + source "nginx.conf.erb" + owner "root" + group "root" + mode "0644" + notifies :reload, resources(:service => "nginx"), :immediately +end + +cookbook_file "#{node[:nginx][:dir]}/mime.types" do + source "mime.types" + owner "root" + group "root" + mode "0644" + notifies :reload, resources(:service => "nginx"), :immediately +end diff --git a/cookbooks/nginx/templates/default/default-site.erb b/cookbooks/nginx/templates/default/default-site.erb new file mode 100644 index 0000000..5177e48 --- /dev/null +++ b/cookbooks/nginx/templates/default/default-site.erb @@ -0,0 +1,11 @@ +server { + listen 80; + server_name <%= node[:hostname] %>; + + access_log <%= node[:nginx][:log_dir] %>/localhost.access.log; + + location / { + root /var/www/nginx-default; + index index.html index.htm; + } +} diff --git a/cookbooks/nginx/templates/default/nginx.conf.erb b/cookbooks/nginx/templates/default/nginx.conf.erb new file mode 100644 index 0000000..2607da4 --- /dev/null +++ b/cookbooks/nginx/templates/default/nginx.conf.erb @@ -0,0 +1,42 @@ +user <%= node[:nginx][:user] %>; +worker_processes <%= node[:nginx][:worker_processes] %>; +<% if node[:nginx][:daemon_disable] -%> +daemon off; +<% end -%> + +error_log <%= node[:nginx][:log_dir] %>/error.log; +pid <%= node[:nginx][:pid] %>; + +events { + worker_connections <%= node[:nginx][:worker_connections] %>; +} + +http { + include <%= node[:nginx][:dir] %>/mime.types; + default_type application/octet-stream; + + <% unless node[:nginx][:disable_access_log] -%> + access_log <%= node[:nginx][:log_dir] %>/access.log; + <% end %> + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + + <% if node[:nginx][:keepalive] == "on" %> + keepalive_timeout <%= node[:nginx][:keepalive_timeout] %>; + <% end %> + + gzip <%= node[:nginx][:gzip] %>; + <% if node[:nginx][:gzip] == "on" %> + gzip_http_version <%= node[:nginx][:gzip_http_version] %>; + gzip_comp_level <%= node[:nginx][:gzip_comp_level] %>; + gzip_proxied <%= node[:nginx][:gzip_proxied] %>; + gzip_types <%= node[:nginx][:gzip_types].join(' ') %>; + <% end %> + + server_names_hash_bucket_size <%= node[:nginx][:server_names_hash_bucket_size] %>; + + include <%= node[:nginx][:dir] %>/conf.d/*.conf; + include <%= node[:nginx][:dir] %>/sites-enabled/*; +} diff --git a/cookbooks/nginx/templates/default/nginx.init.erb b/cookbooks/nginx/templates/default/nginx.init.erb new file mode 100644 index 0000000..20db455 --- /dev/null +++ b/cookbooks/nginx/templates/default/nginx.init.erb @@ -0,0 +1,92 @@ +#!/bin/sh +# +# nginx +# +# chkconfig: - 57 47 +# description: nginx +# processname: nginx +# config: /etc/sysconfig/nginx +# + +# Source function library. +. /etc/rc.d/init.d/functions + +# Source networking configuration. +. /etc/sysconfig/network + +# Check that networking is up. +[ "$NETWORKING" = "no" ] && exit +exec=<%= node[:nginx][:src_binary] %> +prog=$(basename $exec) + +# default options, overruled by items in sysconfig +NGINX_GLOBAL="" + +[ -e /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx + +lockfile=/var/lock/subsys/nginx + +start() { + [ -x $exec ] || exit 5 + echo -n $"Starting $prog: " + # if not running, start it up here, usually something like "daemon $exec" + options="" + if [ "${NGINX_GLOBAL}" != "" ]; then + options="-g ${NGINX_GLOBAL}" + fi + $exec $options + retval=$? + echo + [ $retval -eq 0 ] && touch $lockfile + return $retval +} + +stop() { + echo -n $"Stopping $prog: " + $exec -s stop + retval=$? + echo + [ $retval -eq 0 ] && rm -f $lockfile + return $retval +} + +restart() { + stop + start +} + +reload() { + echo -n $"Reloading $prog: " + $exec -s reload + retval=$? + echo + [ $retval -eq 0 ] && rm -f $lockfile + return $retval +} + +# See how we were called. +case "$1" in + start) + start + ;; + stop) + stop + ;; + status) + status nginx + ;; + restart) + restart + ;; + reload|force-reload) + reload + ;; + condrestart) + [ -f $lockfile ] && restart || : + ;; + *) + echo $"Usage: $0 {start|stop|status|restart|reload|force-reload|condrestart}" + exit 1 +esac + +exit $? \ No newline at end of file diff --git a/cookbooks/nginx/templates/default/nginx.pill.erb b/cookbooks/nginx/templates/default/nginx.pill.erb new file mode 100644 index 0000000..09a047a --- /dev/null +++ b/cookbooks/nginx/templates/default/nginx.pill.erb @@ -0,0 +1,15 @@ +Bluepill.application("nginx", :log_file => "<%= @log_dir %>/bluepill-nginx.log") do |app| + app.process("nginx") do |process| + process.pid_file = "<%= @pid %>" + process.working_dir = "<%= @working_dir %>" + process.start_command = "<%= @src_binary %> -c <%= @nginx_dir %>/nginx.conf" + process.stop_command = "kill -QUIT {{PID}}" + process.restart_command = "kill -HUP {{PID}}" + process.daemonize = true + process.stdout = process.stderr = "<%= @log_dir %>/nginx.log" + + process.monitor_children do |child_process| + child_process.stop_command = "kill -QUIT {{PID}}" + end + end +end diff --git a/cookbooks/nginx/templates/default/nginx.sysconfig.erb b/cookbooks/nginx/templates/default/nginx.sysconfig.erb new file mode 100644 index 0000000..55438c6 --- /dev/null +++ b/cookbooks/nginx/templates/default/nginx.sysconfig.erb @@ -0,0 +1 @@ +NGINX_GLOBAL=<%= node[:nginx][:global] %> \ No newline at end of file diff --git a/cookbooks/nginx/templates/default/nxdissite.erb b/cookbooks/nginx/templates/default/nxdissite.erb new file mode 100644 index 0000000..c8ad090 --- /dev/null +++ b/cookbooks/nginx/templates/default/nxdissite.erb @@ -0,0 +1,29 @@ +#!/bin/sh -e + +SYSCONFDIR='<%= node[:nginx][:dir] %>' + +if [ -z $1 ]; then + echo "Which site would you like to disable?" + echo -n "Your choices are: " + ls $SYSCONFDIR/sites-enabled/* | \ + sed -e "s,$SYSCONFDIR/sites-enabled/,,g" | xargs echo + echo -n "Site name? " + read SITENAME +else + SITENAME=$1 +fi + +if [ $SITENAME = "default" ]; then + PRIORITY="000" +fi + +if ! [ -e $SYSCONFDIR/sites-enabled/$SITENAME -o \ + -e $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME" ]; then + echo "This site is already disabled, or does not exist!" + exit 1 +fi + +if ! rm $SYSCONFDIR/sites-enabled/$SITENAME 2>/dev/null; then + rm -f $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME" +fi +echo "Site $SITENAME disabled; reload nginx to disable." diff --git a/cookbooks/nginx/templates/default/nxensite.erb b/cookbooks/nginx/templates/default/nxensite.erb new file mode 100644 index 0000000..e684d21 --- /dev/null +++ b/cookbooks/nginx/templates/default/nxensite.erb @@ -0,0 +1,38 @@ +#!/bin/sh -e + +SYSCONFDIR='<%= node[:nginx][:dir] %>' + +if [ -z $1 ]; then + echo "Which site would you like to enable?" + echo -n "Your choices are: " + ls $SYSCONFDIR/sites-available/* | \ + sed -e "s,$SYSCONFDIR/sites-available/,,g" | xargs echo + echo -n "Site name? " + read SITENAME +else + SITENAME=$1 +fi + +if [ $SITENAME = "default" ]; then + PRIORITY="000" +fi + +if [ -e $SYSCONFDIR/sites-enabled/$SITENAME -o \ + -e $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME" ]; then + echo "This site is already enabled!" + exit 0 +fi + +if ! [ -e $SYSCONFDIR/sites-available/$SITENAME ]; then + echo "This site does not exist!" + exit 1 +fi + +if [ $SITENAME = "default" ]; then + ln -sf $SYSCONFDIR/sites-available/$SITENAME \ + $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME" +else + ln -sf $SYSCONFDIR/sites-available/$SITENAME $SYSCONFDIR/sites-enabled/$SITENAME +fi + +echo "Site $SITENAME installed; reload nginx to enable." diff --git a/cookbooks/nginx/templates/default/sv-nginx-log-run.erb b/cookbooks/nginx/templates/default/sv-nginx-log-run.erb new file mode 100644 index 0000000..a79a518 --- /dev/null +++ b/cookbooks/nginx/templates/default/sv-nginx-log-run.erb @@ -0,0 +1,2 @@ +#!/bin/sh +exec svlogd -tt ./main diff --git a/cookbooks/nginx/templates/default/sv-nginx-run.erb b/cookbooks/nginx/templates/default/sv-nginx-run.erb new file mode 100644 index 0000000..e4d1f4f --- /dev/null +++ b/cookbooks/nginx/templates/default/sv-nginx-run.erb @@ -0,0 +1,3 @@ +#!/bin/sh +exec 2>&1 +exec <%= node[:nginx][:src_binary] %> -c <%= node[:nginx][:dir] %>/nginx.conf diff --git a/cookbooks/openssl/README.md b/cookbooks/openssl/README.md new file mode 100644 index 0000000..cc40a8f --- /dev/null +++ b/cookbooks/openssl/README.md @@ -0,0 +1,37 @@ +Description +==== + +Provide a library method to generate secure random passwords in recipes. + +Requirements +==== + +Works on any platform with OpenSSL Ruby bindings installed, which are a requirement for Chef anyway. + +Usage +==== + +Most often this will be used to generate a secure password for an attribute. + + include Opscode::OpenSSL::Password + + set_unless[:my_password] = secure_password + +License and Author +==== + +Author:: Joshua Timberman () + +Copyright:: 2009-2011, Opscode, Inc + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/cookbooks/openssl/libraries/secure_password.rb b/cookbooks/openssl/libraries/secure_password.rb new file mode 100644 index 0000000..e5fd638 --- /dev/null +++ b/cookbooks/openssl/libraries/secure_password.rb @@ -0,0 +1,37 @@ +# +# Cookbook Name:: openssl +# Library:: secure_password +# Author:: Joshua Timberman +# +# Copyright 2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'openssl' + +module Opscode + module OpenSSL + module Password + def secure_password + pw = String.new + + while pw.length < 20 + pw << ::OpenSSL::Random.random_bytes(1).gsub(/\W/, '') + end + + pw + end + end + end +end diff --git a/cookbooks/openssl/metadata.rb b/cookbooks/openssl/metadata.rb new file mode 100644 index 0000000..2d7d8f2 --- /dev/null +++ b/cookbooks/openssl/metadata.rb @@ -0,0 +1,8 @@ +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +description "Provides a library with a method for generating secure random passwords." +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "1.0.0" + +recipe "openssl", "Empty, this cookbook provides a library, see README.md" diff --git a/cookbooks/openssl/recipes/default.rb b/cookbooks/openssl/recipes/default.rb new file mode 100644 index 0000000..9850a28 --- /dev/null +++ b/cookbooks/openssl/recipes/default.rb @@ -0,0 +1,19 @@ +# +# Cookbook Name:: openssl +# Recipe:: default +# +# Copyright 2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + diff --git a/cookbooks/rabbitmq/README.md b/cookbooks/rabbitmq/README.md new file mode 100644 index 0000000..35e924d --- /dev/null +++ b/cookbooks/rabbitmq/README.md @@ -0,0 +1,93 @@ +Description +=========== +This is a cookbook for managing RabbitMQ with Chef. It uses the default settings, but can also be configured via attributes. + +Recipes +======= +default +------- +Installs `rabbitmq-server` from RabbitMQ.com's APT repository or the RPM directly (there is no yum repo). The distribution-provided versions were quite old and newer features were needed. + +Cluster recipe is now combined with default. Recipe will now auto-cluster. Set the :cluster attribute to true, :cluster_disk_nodes array of `node@host` strings that describe which you want to be disk nodes and then set an alphanumeric string for the :erlang_cookie. + +To enable SSL turn :ssl to true and set the paths to your cacert, cert and key files. + +Resources/Providers +=================== +There are 2 LWRPs for interacting with RabbitMQ. + +user +---- +Adds and deletes users, fairly simplistic permissions management. + +- `:add` adds a `user` with a `password` +- `:delete` deletes a `user` +- `:set_permissions` sets the `permissions` for a `user`, `vhost` is optional +- `:clear_permissions` clears the permissions for a `user` + +### Examples +``` ruby +rabbitmq_user "guest" do + action :delete +end + +rabbitmq_user "nova" do + password "sekret" + action :add +end + +rabbitmq_user "nova" do + vhost "/nova" + permissions "\".*\" \".*\" \".*\"" + action :set_permissions +end +``` + +vhost +----- +Adds and deletes vhosts. + +- `:add` adds a `vhost` +- `:delete` deletes a `vhost` + +### Example +``` ruby +rabbitmq_vhost "/nova" do + action :add +end +``` + +Limitations +=========== +For an already running cluster, these actions still require manual intervention: +- changing the :erlang_cookie +- turning :cluster from true to false + +The rabbitmq::chef recipe was only used for the chef-server cookbook and has been moved to chef-server::rabbitmq. + +Changes +======= + +## v1.3.2: +* [COOK-585] - manage rabbitmq-server service + +License and Author +================== + +Author:: Benjamin Black +Author:: Daniel DeLeo +Author:: Matt Ray + +Copyright:: 2009-2011 Opscode, Inc + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/cookbooks/rabbitmq/attributes/default.rb b/cookbooks/rabbitmq/attributes/default.rb new file mode 100644 index 0000000..51d1116 --- /dev/null +++ b/cookbooks/rabbitmq/attributes/default.rb @@ -0,0 +1,28 @@ +# being nil, the rabbitmq defaults will be used +default[:rabbitmq][:nodename] = nil +default[:rabbitmq][:address] = nil +default[:rabbitmq][:port] = nil +default[:rabbitmq][:config] = nil +default[:rabbitmq][:logdir] = nil +default[:rabbitmq][:mnesiadir] = nil + +# config file location +# http://www.rabbitmq.com/configure.html#define-environment-variables +# "The .config extension is automatically appended by the Erlang runtime." +default[:rabbitmq][:config] = "/etc/rabbitmq/rabbitmq" + +# rabbitmq.config defaults +default[:rabbitmq][:default_user] = 'guest' +default[:rabbitmq][:default_pass] = 'guest' + +#clustering +default[:rabbitmq][:cluster] = false +default[:rabbitmq][:cluster_disk_nodes] = [] +default[:rabbitmq][:erlang_cookie] = 'AnyAlphaNumericStringWillDo' + +#ssl +default[:rabbitmq][:ssl] = false +default[:rabbitmq][:ssl_port] = '5671' +default[:rabbitmq][:ssl_cacert] = '/path/to/cacert.pem' +default[:rabbitmq][:ssl_cert] = '/path/to/cert.pem' +default[:rabbitmq][:ssl_key] = '/path/to/key.pem' diff --git a/cookbooks/rabbitmq/metadata.rb b/cookbooks/rabbitmq/metadata.rb new file mode 100644 index 0000000..502aec3 --- /dev/null +++ b/cookbooks/rabbitmq/metadata.rb @@ -0,0 +1,65 @@ +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +description "Installs and configures RabbitMQ server" +version "1.3.2" +recipe "rabbitmq", "Install and configure RabbitMQ" +recipe "rabbitmq::cluster", "Set up RabbitMQ clustering." +depends "apt", ">= 1.1" +depends "yum", ">= 0.5.0" +depends "erlang", ">= 0.9" + +%w{ubuntu debian redhat centos scientific}.each do |os| + supports os +end + +attribute "rabbitmq", + :display_name => "RabbitMQ", + :description => "Hash of RabbitMQ attributes", + :type => "hash" + +attribute "rabbitmq/nodename", + :display_name => "RabbitMQ Erlang node name", + :description => "The Erlang node name for this server.", + :default => "node[:hostname]" + +attribute "rabbitmq/address", + :display_name => "RabbitMQ server IP address", + :description => "IP address to bind." + +attribute "rabbitmq/port", + :display_name => "RabbitMQ server port", + :description => "TCP port to bind." + +attribute "rabbitmq/config", + :display_name => "RabbitMQ config file to load", + :description => "Path to the rabbitmq.config file, if any." + +attribute "rabbitmq/logdir", + :display_name => "RabbitMQ log directory", + :description => "Path to the directory for log files." + +attribute "rabbitmq/mnesiadir", + :display_name => "RabbitMQ Mnesia database directory", + :description => "Path to the directory for Mnesia database files." + +attribute "rabbitmq/cluster", + :display_name => "RabbitMQ clustering", + :description => "Whether to activate clustering.", + :default => "no" + +attribute "rabbitmq/cluster_config", + :display_name => "RabbitMQ clustering configuration file", + :description => "Path to the clustering configuration file, if cluster is yes.", + :default => "/etc/rabbitmq/rabbitmq_cluster.config" + +attribute "rabbitmq/cluster_disk_nodes", + :display_name => "RabbitMQ cluster disk nodes", + :description => "Array of member Erlang nodenames for the disk-based storage nodes in the cluster.", + :default => [], + :type => "array" + +attribute "rabbitmq/erlang_cookie", + :display_name => "RabbitMQ Erlang cookie", + :description => "Access cookie for clustering nodes. There is no default." + diff --git a/cookbooks/rabbitmq/providers/user.rb b/cookbooks/rabbitmq/providers/user.rb new file mode 100644 index 0000000..bb1b3ca --- /dev/null +++ b/cookbooks/rabbitmq/providers/user.rb @@ -0,0 +1,66 @@ +# +# Cookbook Name:: rabbitmq +# Provider:: user +# +# Copyright 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +action :add do + execute "rabbitmqctl add_user #{new_resource.user} #{new_resource.password}" do + not_if "rabbitmqctl list_users | grep #{new_resource.user}" + Chef::Log.info "Adding RabbitMQ user '#{new_resource.user}'." + new_resource.updated_by_last_action(true) + end +end + +action :delete do + execute "rabbitmqctl delete_user #{new_resource.user}" do + only_if "rabbitmqctl list_users | grep #{new_resource.user}" + Chef::Log.info "Deleting RabbitMQ user '#{new_resource.user}'." + new_resource.updated_by_last_action(true) + end +end + +action :set_permissions do + if new_resource.vhost + execute "rabbitmqctl set_permissions -p #{new_resource.vhost} #{new_resource.user} #{new_resource.permissions}" do + not_if "rabbitmqctl list_user_permissions | grep #{new_resource.user}" + Chef::Log.info "Setting RabbitMQ user permissions for '#{new_resource.user}' on vhost #{new_resource.vhost}." + new_resource.updated_by_last_action(true) + end + else + execute "rabbitmqctl set_permissions #{new_resource.user} #{new_resource.permissions}" do + not_if "rabbitmqctl list_user_permissions | grep #{new_resource.user}" + Chef::Log.info "Setting RabbitMQ user permissions for '#{new_resource.user}'." + new_resource.updated_by_last_action(true) + end + end +end + +action :clear_permissions do + if new_resource.vhost + execute "rabbitmqctl clear_permissions -p #{new_resource.vhost} #{new_resource.user}" do + only_if "rabbitmqctl list_user_permissions | grep #{new_resource.user}" + Chef::Log.info "Clearing RabbitMQ user permissions for '#{new_resource.user}' from vhost #{new_resource.vhost}." + new_resource.updated_by_last_action(true) + end + else + execute "rabbitmqctl clear_permissions #{new_resource.user}" do + only_if "rabbitmqctl list_user_permissions | grep #{new_resource.user}" + Chef::Log.info "Clearing RabbitMQ user permissions for '#{new_resource.user}'." + new_resource.updated_by_last_action(true) + end + end +end diff --git a/cookbooks/rabbitmq/providers/vhost.rb b/cookbooks/rabbitmq/providers/vhost.rb new file mode 100644 index 0000000..96f069a --- /dev/null +++ b/cookbooks/rabbitmq/providers/vhost.rb @@ -0,0 +1,34 @@ +# +# Cookbook Name:: rabbitmq +# Provider:: vhost +# +# Copyright 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +action :add do + execute "rabbitmqctl add_vhost #{new_resource.vhost}" do + not_if "rabbitmqctl list_vhosts | grep #{new_resource.vhost}" + Chef::Log.info "Adding RabbitMQ vhost '#{new_resource.vhost}'." + new_resource.updated_by_last_action(true) + end +end + +action :delete do + execute "rabbitmqctl delete_vhost #{new_resource.vhost}" do + only_if "rabbitmqctl list_vhosts | grep #{new_resource.vhost}" + Chef::Log.info "Deleting RabbitMQ vhost '#{new_resource.vhost}'." + new_resource.updated_by_last_action(true) + end +end diff --git a/cookbooks/rabbitmq/recipes/default.rb b/cookbooks/rabbitmq/recipes/default.rb new file mode 100644 index 0000000..a84c5d9 --- /dev/null +++ b/cookbooks/rabbitmq/recipes/default.rb @@ -0,0 +1,87 @@ +# +# Cookbook Name:: rabbitmq +# Recipe:: default +# +# Copyright 2009, Benjamin Black +# Copyright 2009-2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# rabbitmq-server is not well-behaved as far as managed services goes +# we'll need to add a LWRP for calling rabbitmqctl stop +# while still using /etc/init.d/rabbitmq-server start +# because of this we just put the rabbitmq-env.conf in place and let it rip + +directory "/etc/rabbitmq/" do + owner "root" + group "root" + mode 0755 + action :create +end + +template "/etc/rabbitmq/rabbitmq-env.conf" do + source "rabbitmq-env.conf.erb" + owner "root" + group "root" + mode 0644 + notifies :restart, "service[rabbitmq-server]" +end + +case node[:platform] +when "debian", "ubuntu" + # use the RabbitMQ repository instead of Ubuntu or Debian's + # because there are very useful features in the newer versions + apt_repository "rabbitmq" do + uri "http://www.rabbitmq.com/debian/" + distribution "testing" + components ["main"] + key "http://www.rabbitmq.com/rabbitmq-signing-key-public.asc" + action :add + end + package "rabbitmq-server" +when "redhat", "centos", "scientific" + remote_file "/tmp/rabbitmq-server-2.6.1-1.noarch.rpm" do + source "https://www.rabbitmq.com/releases/rabbitmq-server/v2.6.1/rabbitmq-server-2.6.1-1.noarch.rpm" + action :create_if_missing + end + rpm_package "/tmp/rabbitmq-server-2.6.1-1.noarch.rpm" do + action :install + end +end + +if node[:rabbitmq][:cluster] + # If this already exists, don't do anything + # Changing the cookie will stil have to be a manual process + template "/var/lib/rabbitmq/.erlang.cookie" do + source "doterlang.cookie.erb" + owner "rabbitmq" + group "rabbitmq" + mode 0400 + not_if { File.exists? "/var/lib/rabbitmq/.erlang.cookie" } + end +end + +template "/etc/rabbitmq/rabbitmq.config" do + source "rabbitmq.config.erb" + owner "root" + group "root" + mode 0644 + notifies :restart, "service[rabbitmq-server]" +end + +service "rabbitmq-server" do + stop_command "/usr/sbin/rabbitmqctl stop" + supports :status => true, :restart => true + action [ :enable, :start ] +end diff --git a/cookbooks/rabbitmq/resources/user.rb b/cookbooks/rabbitmq/resources/user.rb new file mode 100644 index 0000000..64fda96 --- /dev/null +++ b/cookbooks/rabbitmq/resources/user.rb @@ -0,0 +1,25 @@ +# +# Cookbook Name:: rabbitmq +# Resource:: user +# +# Copyright 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +actions :add, :delete, :set_permissions, :clear_permissions + +attribute :user, :kind_of => String, :name_attribute => true +attribute :password, :kind_of => String +attribute :vhost, :kind_of => String +attribute :permissions, :kind_of => String diff --git a/cookbooks/rabbitmq/resources/vhost.rb b/cookbooks/rabbitmq/resources/vhost.rb new file mode 100644 index 0000000..8acbb85 --- /dev/null +++ b/cookbooks/rabbitmq/resources/vhost.rb @@ -0,0 +1,22 @@ +# +# Cookbook Name:: rabbitmq +# Resource:: vhost +# +# Copyright 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +actions :add, :delete + +attribute :vhost, :kind_of => String, :name_attribute => true diff --git a/cookbooks/rabbitmq/templates/default/doterlang.cookie.erb b/cookbooks/rabbitmq/templates/default/doterlang.cookie.erb new file mode 100644 index 0000000..80be847 --- /dev/null +++ b/cookbooks/rabbitmq/templates/default/doterlang.cookie.erb @@ -0,0 +1 @@ +<%= node[:rabbitmq][:erlang_cookie] %> \ No newline at end of file diff --git a/cookbooks/rabbitmq/templates/default/rabbitmq-env.conf.erb b/cookbooks/rabbitmq/templates/default/rabbitmq-env.conf.erb new file mode 100644 index 0000000..cce6243 --- /dev/null +++ b/cookbooks/rabbitmq/templates/default/rabbitmq-env.conf.erb @@ -0,0 +1,10 @@ +### +# Generated by Chef +### + +<% if node[:rabbitmq][:nodename] -%>NODENAME=<%= node[:rabbitmq][:nodename] %><% end %> +<% if node[:rabbitmq][:address] -%>NODE_IP_ADDRESS=<%= node[:rabbitmq][:address] %><% end %> +<% if node[:rabbitmq][:port] -%>NODE_PORT=<%= node[:rabbitmq][:port] %><% end %> +<% if node[:rabbitmq][:config] -%>CONFIG_FILE=<%= node[:rabbitmq][:config] %><% end %> +<% if node[:rabbitmq][:logdir] -%>LOG_BASE=<%= node[:rabbitmq][:logdir] %><% end %> +<% if node[:rabbitmq][:mnesiadir] -%>MNESIA_BASE=<%= node[:rabbitmq][:mnesiadir] %><% end %> diff --git a/cookbooks/rabbitmq/templates/default/rabbitmq.config.erb b/cookbooks/rabbitmq/templates/default/rabbitmq.config.erb new file mode 100644 index 0000000..9619082 --- /dev/null +++ b/cookbooks/rabbitmq/templates/default/rabbitmq.config.erb @@ -0,0 +1,21 @@ +%%% +%% Generated by Chef +%%% + +[ + {rabbit, [ +<% if node[:rabbitmq][:cluster] && node[:rabbitmq][:cluster_disk_nodes] -%> + {cluster_nodes, [<%= node[:rabbitmq][:cluster_disk_nodes].map{|n| "\'#{n}\'"}.join(',') %>]}, +<% end %> +<% if node[:rabbitmq][:ssl] -%> + {ssl_listeners, [<%= node[:rabbitmq][:ssl_port] %>]}, + {ssl_options, [{cacertfile,"<%= node[:rabbitmq][:ssl_cacert] %>"}, + {certfile,"<%= node[:rabbitmq][:ssl_cert] %>"}, + {keyfile,"<%= node[:rabbitmq][:ssl_key] %>"}, + {verify,verify_none}, + {fail_if_no_peer_cert,false}]}, +<% end %> + {default_user, <<"<%= node[:rabbitmq][:default_user] %>">>}, + {default_pass, <<"<%= node[:rabbitmq][:default_pass] %>">>} + ]} +]. \ No newline at end of file diff --git a/cookbooks/runit/README.md b/cookbooks/runit/README.md new file mode 100644 index 0000000..14906a4 --- /dev/null +++ b/cookbooks/runit/README.md @@ -0,0 +1,236 @@ +Description +=========== + +Installs runit and provides `runit_service` definition for managing new +services under runit. + +This cookbook does not use runit to replace system init, nor are there +plans to do so. + +For more information about runit: + +* http://smarden.org/runit/ + +Changes +======= + +## v0.14.2 + +Roadmap +------- + +* [CHEF-154] - implement lwrp for runit service + +Requirements +============ + +## Platform: + +* Debian/Ubuntu +* Gentoo + +Attributes +========== + +See `attributes/default.rb` for defaults. + +* `node['runit']['sv_bin']` - Full path to the `sv` binary. +* `node['runit']['chpst_bin']` - Full path to the `chpst` binary. +* `node['runit']['service_dir']` - Full path to the default "services" + directory where enabled services are linked. +* `node['runit']['sv_dir']` - Full path to the directory where the + service lives, which gets linked to `service_dir`. + +Recipes +======= + +default +------- + +Installs and sets up runit on the system. Assumes a package +installation, so native package must exist. This recipe will make sure +that the runsvdir process gets started, ensures that inittab is +updated with the SV entry. The package will be preseeded on +ubuntu/debian signal init, otherwise the appropriate action is chosen +to notify the runsvdir command. + +Older versions of Ubuntu (<= 10.04) are supported, but support may be +removed in a future version. + +Definitions +=========== + +The definition in this cookbook will be deprecated by an LWRP in a +future version. See __Roadmap__. + +runit\_service +-------------- + +This definition includes `recipe[runit]` to ensure it is installed +first. As LWRPs cannot use `include_recipe`, this will not be +available in future versions, so runit will need to be in a role or +node run list. + +Sets up a new service to be managed and supervised by runit. It will +be created in the `node['runit']['sv_dir']` unless otherwise specified +in the `directory` parameter (see below). + +### Parameters: + +* `name` - Name of the service. This will be used in the template file + names (see __Usage__), as well as the name of the service resource + created in the definition. +* `directory` - the directory where the service's configuration and + scripts should be located. Default is `node['runit']['sv_dir']`. +* `only_if` - unused, will be removed in a future version (won't be + present in lwrp). Default is false. +* `finish_script` - if true, a finish script should be created. + Default is false. For more information see: [Description of runsv](http://smarden.org/runit/runsv.8.html). +* `control` - Array of signals to create a control directory with + control scripts (e.g., `sv-SERVICE-control-SIGNAL.erb`, where + SERVICE is the name parameter for the service name, and SIGNAL is + the Unix signal to send. Default is an empty array. For more + information see: + [Customize Control](http://smarden.org/runit/runsv.8.html) +* `run_restart` - if true, the service resource will subscribe to + changes to the run script and restart itself when it is modified. + Default is true. +* `active_directory` - used for user-specific services. Default is + `node['runit']['service_dir']`. +* `owner` - userid of the owner for the service's files, and should be + used in the run template with chpst to ensure the service runs as + that user. Default is root. +* `group` - groupid of the group for the service's files, and should + be used in the run template with chpst to ensure the service runs as + that group. Default is root. +* `template_name` - specify an alternate name for the templates + instead of basing them on the name parameter. Default is the name parameter. +* `log_template_name` - specify an alternate name for the runit log template + instead of basing them on the template_name parameter. Default is the + template_name parameter. +* `control_template_names` - specify alternate names for runit control signal + templates instead of basing them on the template_name parameter. Default + is the template_name parameter. +* `finish_script_template_name` - specify an altername for the finish script + template. Default is the template_name parameter +* `start_command` - The command used to start the service in + conjunction with the `sv` command and the `service_dir` name. + Default is `start`. +* `stop_command` - The command used to stop the service in conjunction + with the `sv` command and the `service_dir` name. Default is `stop`. +* `restart_command` - The command used to restart the service in + conjunction with the `sv` command and the `service_dir` name. You + may need to modify this to send an alternate signal to restart the + service depending on the nature of the process. Default is `restart` +* `status_command` - The command used to check status for the service in + conjunction with the `sv` command and the `service_dir` name. This + is used by chef when checking the current resource state in managing + the service. Default is `status`. +* `options` - a Hash of variables to pass into the run and log/run + templates with the template resource `variables` parameter. + Available inside the template(s) as `@options`. Default is an empty Hash. +* `env` - + +### Examples: + +Create templates for `sv-myservice-run.erb` and +`sv-myservice-log-run.erb` that have the commands for starting +myservice and its logger. + + runit_service "myservice" + +See __Usage__ for expanded examples. + +Resources/Providers +=================== + +None yet. See __Roadmap__. + +Usage +===== + +To get runit installed on supported platforms, use `recipe[runit]`. +Once it is installed, use the `runit_service` definition to set up +services to be managed by runit. Do note that once +[CHEF-154](http://tickets.opscode.com/browse/CHEF-154) is implemented, +some of the usage/implementation here will change. In order to use the +`runit_service` definition, two templates must be created for the +service, `cookbook_name/templates/default/sv-SERVICE-run.erb` and +`cookbook_name/templates/default/sv-SERVICE-log-run.erb`. Replace +`SERVICE` with the name of the service you're managing. For more usage, +see __Examples__. + +Examples +-------- + +We'll set up `chef-client` to run as a service under runit, such as is +done in the `chef-client` cookbook. This example will be more simple +than in that cookbook. First, create the required run template, +`chef-client/templates/default/sv-chef-client-run.erb`. + + #!/bin/sh + exec 2>&1 + exec /usr/bin/env chef-client -i 1800 -s 30 + +Then create the required log/run template, +`chef-client/templates/default/sv-chef-client-run.erb`. + + #!/bin/sh + exec svlogd -tt ./main + +__Note__ This will cause output of the running process to go to +`/etc/sv/chef-client/log/main/current`. + +Finally, set up the service in the `chef-client` recipe with: + + runit_service "chef-client" + +Next, let's set up memcached with some additional options. First, the +`memcached/templates/default/sv-memcached-run.erb` template: + + #!/bin/sh + exec 2>&1 + exec chpst -u <%= @options[:user] %> /usr/bin/memcached -v -m <%= @options[:memory] %> -p <%= @options[:port] %> + +Note that the script uses chpst (which comes with runit) to set the +user option, then starts memcached on the specified memory and port +(see below). + +The log/run template, +`memcached/templates/default/sv-memcached-log-run.erb`: + + #!/bin/sh + exec svlogd -tt ./main + +Finally, the `runit_service` in our recipe: + + runit_service "memcached" do + options({ + :memory => node[:memcached][:memory], + :port => node[:memcached][:port], + :user => node[:memcached][:user]}.merge(params) + ) + end + +This is where the user, port and memory options used in the run +template are used. + +License and Author +================== + +Author:: Adam Jacob +Author:: Joshua Timberman + +Copyright:: 2008-2011, Opscode, Inc + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/cookbooks/runit/attributes/default.rb b/cookbooks/runit/attributes/default.rb new file mode 100644 index 0000000..143b420 --- /dev/null +++ b/cookbooks/runit/attributes/default.rb @@ -0,0 +1,31 @@ +# +# Cookbook Name:: runit +# Attribute File:: sv_bin +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +case platform +when "ubuntu","debian" + set[:runit][:sv_bin] = "/usr/bin/sv" + set[:runit][:chpst_bin] = "/usr/bin/chpst" + set[:runit][:service_dir] = "/etc/service" + set[:runit][:sv_dir] = "/etc/sv" +when "gentoo" + set[:runit][:sv_bin] = "/usr/bin/sv" + set[:runit][:chpst_bin] = "/usr/bin/chpst" + set[:runit][:service_dir] = "/etc/service" + set[:runit][:sv_dir] = "/var/service" +end diff --git a/cookbooks/runit/definitions/runit_service.rb b/cookbooks/runit/definitions/runit_service.rb new file mode 100644 index 0000000..72bc50d --- /dev/null +++ b/cookbooks/runit/definitions/runit_service.rb @@ -0,0 +1,164 @@ +# +# Cookbook Name:: runit +# Definition:: runit_service +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +define :runit_service, :directory => nil, :only_if => false, :finish_script => false, :control => [], :run_restart => true, :active_directory => nil, :owner => "root", :group => "root", :template_name => nil, :log_template_name => nil, :control_template_names => {}, :finish_script_template_name => nil, :start_command => "start", :stop_command => "stop", :restart_command => "restart", :status_command => "status", :options => Hash.new, :env => Hash.new do + include_recipe "runit" + + params[:directory] ||= node[:runit][:sv_dir] + params[:active_directory] ||= node[:runit][:service_dir] + params[:template_name] ||= params[:name] + params[:log_template_name] ||= params[:template_name] + params[:control].each do |signal| + params[:control_template_names][signal] ||= params[:template_name] + end + params[:finish_script_template_name] ||= params[:template_name] + + sv_dir_name = "#{params[:directory]}/#{params[:name]}" + service_dir_name = "#{params[:active_directory]}/#{params[:name]}" + params[:options].merge!(:env_dir => "#{sv_dir_name}/env") unless params[:env].empty? + + directory sv_dir_name do + owner params[:owner] + group params[:group] + mode 0755 + action :create + end + + directory "#{sv_dir_name}/log" do + owner params[:owner] + group params[:group] + mode 0755 + action :create + end + + directory "#{sv_dir_name}/log/main" do + owner params[:owner] + group params[:group] + mode 0755 + action :create + end + + template "#{sv_dir_name}/run" do + owner params[:owner] + group params[:group] + mode 0755 + source "sv-#{params[:template_name]}-run.erb" + cookbook params[:cookbook] if params[:cookbook] + if params[:options].respond_to?(:has_key?) + variables :options => params[:options] + end + end + + template "#{sv_dir_name}/log/run" do + owner params[:owner] + group params[:group] + mode 0755 + source "sv-#{params[:log_template_name]}-log-run.erb" + cookbook params[:cookbook] if params[:cookbook] + if params[:options].respond_to?(:has_key?) + variables :options => params[:options] + end + end + + unless params[:env].empty? + directory "#{sv_dir_name}/env" do + mode 0755 + action :create + end + + params[:env].each do |var, value| + file "#{sv_dir_name}/env/#{var}" do + content value + end + end + end + + if params[:finish_script] + template "#{sv_dir_name}/finish" do + owner params[:owner] + group params[:group] + mode 0755 + source "sv-#{params[:finish_script_template_name]}-finish.erb" + cookbook params[:cookbook] if params[:cookbook] + if params[:options].respond_to?(:has_key?) + variables :options => params[:options] + end + end + end + + unless params[:control].empty? + directory "#{sv_dir_name}/control" do + owner params[:owner] + group params[:group] + mode 0755 + action :create + end + + params[:control].each do |signal| + template "#{sv_dir_name}/control/#{signal}" do + owner params[:owner] + group params[:group] + mode 0755 + source "sv-#{params[:control_template_names][signal]}-control-#{signal}.erb" + cookbook params[:cookbook] if params[:cookbook] + if params[:options].respond_to?(:has_key?) + variables :options => params[:options] + end + end + end + end + + if params[:active_directory] == node[:runit][:service_dir] + link "/etc/init.d/#{params[:name]}" do + to node[:runit][:sv_bin] + end + end + + unless node[:platform] == "gentoo" + link service_dir_name do + to sv_dir_name + end + end + + ruby_block "supervise_#{params[:name]}_sleep" do + block do + Chef::Log.debug("Waiting until named pipe #{sv_dir_name}/supervise/ok exists.") + (1..10).each {|i| sleep 1 unless ::FileTest.pipe?("#{sv_dir_name}/supervise/ok") } + end + not_if { FileTest.pipe?("#{sv_dir_name}/supervise/ok") } + end + + service params[:name] do + control_cmd = node[:runit][:sv_bin] + if params[:owner] + control_cmd = "#{node[:runit][:chpst_bin]} -u #{params[:owner]} #{control_cmd}" + end + provider Chef::Provider::Service::Init + supports :restart => true, :status => true + start_command "#{control_cmd} #{params[:start_command]} #{service_dir_name}" + stop_command "#{control_cmd} #{params[:stop_command]} #{service_dir_name}" + restart_command "#{control_cmd} #{params[:restart_command]} #{service_dir_name}" + status_command "#{control_cmd} #{params[:status_command]} #{service_dir_name}" + if params[:run_restart] + subscribes :restart, resources(:template => "#{sv_dir_name}/run"), :delayed + end + action :nothing + end + +end diff --git a/cookbooks/runit/files/default/runit.seed b/cookbooks/runit/files/default/runit.seed new file mode 100644 index 0000000..6492920 --- /dev/null +++ b/cookbooks/runit/files/default/runit.seed @@ -0,0 +1 @@ +runit runit/signalinit boolean true diff --git a/cookbooks/runit/files/default/runsvdir b/cookbooks/runit/files/default/runsvdir new file mode 100644 index 0000000..e69de29 diff --git a/cookbooks/runit/files/ubuntu-6.10/runsvdir b/cookbooks/runit/files/ubuntu-6.10/runsvdir new file mode 100644 index 0000000..4040e34 --- /dev/null +++ b/cookbooks/runit/files/ubuntu-6.10/runsvdir @@ -0,0 +1,6 @@ +start on runlevel-2 +start on runlevel-3 +start on runlevel-4 +start on runlevel-5 +stop on shutdown +respawn /usr/sbin/runsvdir-start diff --git a/cookbooks/runit/files/ubuntu-7.04/runsvdir b/cookbooks/runit/files/ubuntu-7.04/runsvdir new file mode 100644 index 0000000..ee173c9 --- /dev/null +++ b/cookbooks/runit/files/ubuntu-7.04/runsvdir @@ -0,0 +1,7 @@ +start on runlevel 2 +start on runlevel 3 +start on runlevel 4 +start on runlevel 5 +stop on shutdown +respawn +exec /usr/sbin/runsvdir-start diff --git a/cookbooks/runit/files/ubuntu-7.10/runsvdir b/cookbooks/runit/files/ubuntu-7.10/runsvdir new file mode 100644 index 0000000..ee173c9 --- /dev/null +++ b/cookbooks/runit/files/ubuntu-7.10/runsvdir @@ -0,0 +1,7 @@ +start on runlevel 2 +start on runlevel 3 +start on runlevel 4 +start on runlevel 5 +stop on shutdown +respawn +exec /usr/sbin/runsvdir-start diff --git a/cookbooks/runit/files/ubuntu-8.04/runsvdir b/cookbooks/runit/files/ubuntu-8.04/runsvdir new file mode 100644 index 0000000..ee173c9 --- /dev/null +++ b/cookbooks/runit/files/ubuntu-8.04/runsvdir @@ -0,0 +1,7 @@ +start on runlevel 2 +start on runlevel 3 +start on runlevel 4 +start on runlevel 5 +stop on shutdown +respawn +exec /usr/sbin/runsvdir-start diff --git a/cookbooks/runit/metadata.rb b/cookbooks/runit/metadata.rb new file mode 100644 index 0000000..c748b93 --- /dev/null +++ b/cookbooks/runit/metadata.rb @@ -0,0 +1,37 @@ +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +description "Installs runit and provides runit_service definition" +version "0.14.2" + +recipe "runit", "Installs and configures runit" + +%w{ ubuntu debian gentoo }.each do |os| + supports os +end + +attribute "runit", + :display_name => "Runit", + :description => "Hash of runit attributes", + :type => "hash" + +attribute "runit/sv_bin", + :display_name => "Runit sv bin", + :description => "Location of the sv binary", + :default => "/usr/bin/sv" + +attribute "runit/chpst_bin", + :display_name => "Runit chpst bin", + :description => "Location of the chpst binary", + :default => "/usr/bin/chpst" + +attribute "runit/service_dir", + :display_name => "Runit service directory", + :description => "Symlinks to services managed under runit", + :default => "/etc/service" + +attribute "runit/sv_dir", + :display_name => "Runit sv directory", + :description => "Location of services managed by runit", + :default => "/etc/sv" + diff --git a/cookbooks/runit/recipes/default.rb b/cookbooks/runit/recipes/default.rb new file mode 100644 index 0000000..25f818e --- /dev/null +++ b/cookbooks/runit/recipes/default.rb @@ -0,0 +1,72 @@ +# +# Cookbook Name:: runit +# Recipe:: default +# +# Copyright 2008-2010, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +case node[:platform] +when "debian","ubuntu", "gentoo" + execute "start-runsvdir" do + command value_for_platform( + "debian" => { "default" => "runsvdir-start" }, + "ubuntu" => { "default" => "start runsvdir" }, + "gentoo" => { "default" => "/etc/init.d/runit-start start" } + ) + action :nothing + end + + execute "runit-hup-init" do + command "telinit q" + only_if "grep ^SV /etc/inittab" + action :nothing + end + + if platform? "gentoo" + template "/etc/init.d/runit-start" do + source "runit-start.sh.erb" + mode 0755 + end + end + + package "runit" do + action :install + if platform?("ubuntu", "debian") + response_file "runit.seed" + end + notifies value_for_platform( + "debian" => { "4.0" => :run, "default" => :nothing }, + "ubuntu" => { + "default" => :nothing, + "9.04" => :run, + "8.10" => :run, + "8.04" => :run }, + "gentoo" => { "default" => :run } + ), resources(:execute => "start-runsvdir"), :immediately + notifies value_for_platform( + "debian" => { "squeeze/sid" => :run, "default" => :nothing }, + "default" => :nothing + ), resources(:execute => "runit-hup-init"), :immediately + end + + if node[:platform] =~ /ubuntu/i && node[:platform_version].to_f <= 8.04 + cookbook_file "/etc/event.d/runsvdir" do + source "runsvdir" + mode 0644 + notifies :run, resources(:execute => "start-runsvdir"), :immediately + only_if do ::File.directory?("/etc/event.d") end + end + end +end diff --git a/cookbooks/runit/templates/gentoo/runit-start.sh.erb b/cookbooks/runit/templates/gentoo/runit-start.sh.erb new file mode 100644 index 0000000..a6c11b3 --- /dev/null +++ b/cookbooks/runit/templates/gentoo/runit-start.sh.erb @@ -0,0 +1,32 @@ +#!/sbin/runscript +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: $ + +depend() { + after net +} + +start() { + ebegin "Starting runsvdir" + start-stop-daemon --start --exec /usr/bin/runsvdir \ + --background --make-pidfile \ + --pidfile /var/run/runsvdir.pid -- <%= node.runit.sv_dir %> + eend $? +} + +stop() { + local ret1 ret2 + ebegin "Stopping runsvdir" + start-stop-daemon --stop --oknodo --pidfile /var/run/runsvdir.pid + ret1=$? + eend ${ret1} + + ebegin "Stopping services and logging" + sv shutdown -w 10 <%= node.runit.sv_dir %>/* + ret2=$? + eend ${ret2} + + return $((ret1+ret2)) +} + diff --git a/cookbooks/ucspi-tcp/README.md b/cookbooks/ucspi-tcp/README.md new file mode 100644 index 0000000..f7db0db --- /dev/null +++ b/cookbooks/ucspi-tcp/README.md @@ -0,0 +1,35 @@ +Description +=========== + +Installs DJB's ucspi-tcp software. + +Requirements +============ + +Should work on ArchLinux, Debian and Ubuntu. Source installation may work on Red Hat family distributions. + +Requires build-essential cookbook. + +Usage +===== + +Include the ucspi-tcp recipe in the run list. The recipe will automatically detect the platform and attempt to install based on what should be available. + +License and Author +================== + +Author: Joshua Timberman () + +Copyright 2010, Opscode, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/cookbooks/ucspi-tcp/attributes/default.rb b/cookbooks/ucspi-tcp/attributes/default.rb new file mode 100644 index 0000000..dca3514 --- /dev/null +++ b/cookbooks/ucspi-tcp/attributes/default.rb @@ -0,0 +1,37 @@ +# +# Cookbook Name:: ucspi-tcp +# Attribute:: default +# +# Copyright 2010, Opscode, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +case platform +when "ubuntu" + if platform_version.to_f >= 9.04 + set[:ucspi][:bin_dir] = "/usr/bin" + else + set[:ucspi][:bin_dir] = "/usr/local/bin" + end +when "debian" + if platform_version.to_f >= 5.0 + set[:ucspi][:bin_dir] = "/usr/bin" + else + set[:ucspi][:bin_dir] = "/usr/local/bin" + end +when "arch" + set[:ucspi][:bin_dir] = "/usr/bin" +else + set[:ucspi][:bin_dir] = "/usr/local/bin" +end diff --git a/cookbooks/ucspi-tcp/metadata.rb b/cookbooks/ucspi-tcp/metadata.rb new file mode 100644 index 0000000..d62fab5 --- /dev/null +++ b/cookbooks/ucspi-tcp/metadata.rb @@ -0,0 +1,16 @@ +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +description "Installs ucspi-tcp" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "1.0.0" + +recipe "ucspi-tcp", "Installs ucspi-tcp" + +%w{ build-essential }.each do |cb| + depends cb +end + +%w{ ubuntu debian centos rhel arch }.each do |os| + supports os +end diff --git a/cookbooks/ucspi-tcp/recipes/default.rb b/cookbooks/ucspi-tcp/recipes/default.rb new file mode 100644 index 0000000..a4a8481 --- /dev/null +++ b/cookbooks/ucspi-tcp/recipes/default.rb @@ -0,0 +1,59 @@ +# +# Cookbook Name:: ucspi-tcp +# Recipe:: default +# +# Copyright 2010, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "build-essential" + +installation_method = value_for_platform( + "arch" => { "default" => "aur" }, + "debian" => { "4.0" => "source", "default" => "package" }, + "ubuntu" => { + "6.06" => "source", + "6.10" => "source", + "7.04" => "source", + "7.10" => "source", + "8.04" => "source", + "default" => "package" + }, + "default" => { "default" => "source" } +) + +case installation_method +when "package" + package "ucspi-tcp" do + action :install + end +when "aur" + pacman_aur "ucspi-tcp" do + action [:build,:install] + end +when "source" + bash "install_ucspi" do + user "root" + cwd "/tmp" + code <<-EOH + (cd /tmp; wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz) + (cd /tmp; tar zxvf ucspi-tcp-0.88.tar.gz) + (cd /tmp/ucspi-tcp-0.88; perl -pi -e 's/extern int errno;/\#include /' error.h) + (cd /tmp/ucspi-tcp-0.88; make setup check) + EOH + not_if { ::File.exists?("#{node[:ucspi][:bin_dir]}/tcpserver") } + end +else + Chef::Log.info("Could not find an installation method for platform #{node[:platform]}, version #{node[:platform_version]}") +end diff --git a/cookbooks/xml/README.md b/cookbooks/xml/README.md new file mode 100644 index 0000000..077ebe5 --- /dev/null +++ b/cookbooks/xml/README.md @@ -0,0 +1,35 @@ +Description +==== + +Installs development package for libxml. + +Requirements +==== + +Debian, Ubuntu, CentOS, Red Hat, Scientific, Fedora, SUSE. + +Changes +==== + +## v1.0.2: + +* [COOK-953] - Add FreeBSD support +* [COOK-775] - Add Amazon Linux support + +License and Author +==== + +Author:: Joshua Timberman () +Copyright:: 2009-2011, Opscode, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/cookbooks/xml/metadata.rb b/cookbooks/xml/metadata.rb new file mode 100644 index 0000000..311ffb8 --- /dev/null +++ b/cookbooks/xml/metadata.rb @@ -0,0 +1,12 @@ +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +description "Installs xml" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "1.0.2" + +recipe "xml", "Installs libxml development packages" + +%w{ centos redhat scientific suse fedora amazon ubuntu debian freebsd }.each do |os| + supports os +end diff --git a/cookbooks/xml/recipes/default.rb b/cookbooks/xml/recipes/default.rb new file mode 100644 index 0000000..879e345 --- /dev/null +++ b/cookbooks/xml/recipes/default.rb @@ -0,0 +1,28 @@ +# +# Cookbook Name:: xml +# Recipe:: default +# +# Copyright 2010, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +pkg_name = value_for_platform( + [ "centos", "redhat", "scientific", "suse", "fedora", "amazon" ] => { "default" => "libxml2-devel" }, + [ "freebsd" ] => { "default" => "libxml2" }, + "default" => 'libxml2-dev' +) + +package "libxml-devel" do + package_name pkg_name +end diff --git a/cookbooks/yum/README.md b/cookbooks/yum/README.md new file mode 100644 index 0000000..4208b32 --- /dev/null +++ b/cookbooks/yum/README.md @@ -0,0 +1,153 @@ +Description +=========== + +Configures various YUM components on Red Hat-like systems. Includes LWRP for managing repositories and their GPG keys. + +Based on the work done by Eric Wolfe and Charles Duffy on the yumrepo cookbook. http://github.com/atomic-penguin/cookbooks/tree/yumrepo/yumrepo + +Changes +======= + +## v0.5.2: + +* [COOK-825] - epel and ius `remote_file` should notify the `rpm_package` to install + +## v0.5.0: + +* [COOK-675] - add recipe for handling EPEL repository +* [COOK-722] - add recipe for handling IUS repository + +## v.0.1.2: + +* Remove yum update in default recipe, that doesn't update caches, it updates packages installed. + +Requirements +============ +RHEL, CentOS or Scientific Linux 5.x or newer. It has not been tested on other platforms or earlier versions. RHEL 6 support is untested (testing and patches are welcome). + +Attributes +========== + +* `node['yum']['epel_release']` - Set the epel release version based on `node['platform_version']`. +* `node['yum']['ius_release']` - Set the IUS release to install. + +Recipes +======= + +default +------- +The default recipe runs `yum update` during the Compile Phase of the Chef run to ensure that the system's package cache is updated with the latest. It is recommended that this recipe appear first in a node's run list (directly or through a role) to ensure that when installing packages, Chef will be able to download the latest version available on the remote YUM repository. + +yum +--- +Manages the configuration of the `/etc/yum.conf` via attributes. + +epel +---- + +Installs the EPEL repository via RPM. Uses the `node['yum']['epel_release']` attribute to select the right version of the repository package to install. Also uses the node's platform version (as an integer) for the major release of EL. + +ius +---- + +Installs the [IUS Community repositories](http://iuscommunity.org/Repos) via RPM. Uses the `node['yum']['ius_release']` attribute to select the right versino of the package to install. + +The IUS repository requires EPEL, and the recipe includes `yum::epel` to install this. + +Resources/Providers +=================== + +key +--- +This LWRP handles importing GPG keys for YUM repositories. Keys can be imported by the `url` parameter or placed in `/etc/pki/rpm-gpg/` by a recipe and then installed with the LWRP without passing the URL. + +# Actions +- :add: installs the GPG key into `/etc/pki/rpm-gpg/` +- :remove: removes the GPG key from `/etc/pki/rpm-gpg/` + +# Attribute Parameters + +- key: name attribute. The name of the GPG key to install. +- url: if the key needs to be downloaded, the URL providing the download. + +# Example + +``` ruby +# add the Zenoss GPG key +yum_key "RPM-GPG-KEY-zenoss" do + url "http://dev.zenoss.com/yum/RPM-GPG-KEY-zenoss" + action :add +end + +# remove Zenoss GPG key +yum_key "RPM-GPG-KEY-zenoss" do + action :remove +end +``` + +repository +---------- +This LWRP provides an easy way to manage additional YUM repositories. GPG keys can be managed with the `key` LWRP. + +# Actions + +- :add: creates a repository file and builds the repository listing +- :remove: removes the repository file + +# Attribute Parameters + +- repo_name: name attribute. The name of the channel to discover +- description. The description of the repository +- url: The URL providing the packages +- mirrorlist: Default is `false`, if `true` the `url` is considered a list of mirrors +- key: Optional, the name of the GPG key file installed by the `key` LWRP. + +- enabled: Default is `1`, set to `0` if the repository is disabled. +- type: Optional, alternate type of repository +- failovermethod: Optional, failovermethod +- bootstrapurl: Optional, bootstrapurl + +# Example + +``` ruby +# add the Zenoss repository +yum_repository "zenoss" do + name "Zenoss Stable repo" + url "http://dev.zenoss.com/yum/stable/" + key "RPM-GPG-KEY-zenoss" + action :add +end + +# remove Zenoss repo +yum_repository "zenoss" do + action :remove +end +``` + +Usage +===== + +Put `recipe[yum]` first in the run list to ensure `yum update` is run before other recipes. You can manage GPG keys either with cookbook_file in a recipe if you want to package it with a cookbook or use the `url` parameter of the `key` LWRP. + +License and Author +================== + +Author:: Eric G. Wolfe +Author:: Matt Ray () +Author:: Joshua Timberman () + +Copyright:: 2010 Tippr Inc. +Copyright:: 2011 Eric G. Wolfe +Copyright:: 2011 Opscode, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/cookbooks/yum/attributes/default.rb b/cookbooks/yum/attributes/default.rb new file mode 100644 index 0000000..93570fc --- /dev/null +++ b/cookbooks/yum/attributes/default.rb @@ -0,0 +1,33 @@ +# +# Cookbook Name:: yum +# Attributes:: default +# +# Copyright 2011, Eric G. Wolfe +# Copyright 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# Example: override.yum.exclude = "kernel* compat-glibc*" +default[:yum][:exclude] +default[:yum][:installonlypkgs] + +default['yum']['epel_release'] = case node['platform_version'].to_i + when 6 + "6-5" + when 5 + "5-4" + when 4 + "4-10" + end +default['yum']['ius_release'] = '1.0-8' diff --git a/cookbooks/yum/metadata.rb b/cookbooks/yum/metadata.rb new file mode 100644 index 0000000..1e07d07 --- /dev/null +++ b/cookbooks/yum/metadata.rb @@ -0,0 +1,21 @@ +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "0.5.2" +recipe "yum", "Runs 'yum update' during compile phase" +recipe "yum::yum", "manages yum configuration" + +%w{ redhat centos scientific }.each do |os| + supports os, ">= 5.0" +end + +attribute "yum/exclude", + :display_name => "yum.conf exclude", + :description => "List of packages to exclude from updates or installs. This should be a space separated list. Shell globs using wildcards (eg. * and ?) are allowed.", + :required => "optional" + +attribute "yum/installonlypkgs", + :display_name => "yum.conf installonlypkgs", + :description => "List of packages that should only ever be installed, never updated. Kernels in particular fall into this category. Defaults to kernel, kernel-smp, kernel-bigmem, kernel-enterprise, kernel-debug, kernel-unsupported.", + :required => "optional" diff --git a/cookbooks/yum/providers/key.rb b/cookbooks/yum/providers/key.rb new file mode 100644 index 0000000..1e8bcfb --- /dev/null +++ b/cookbooks/yum/providers/key.rb @@ -0,0 +1,74 @@ +# +# Cookbook Name:: yum +# Provider:: key +# +# Copyright 2010, Tippr Inc. +# Copyright 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +action :add do + unless ::File.exists?("/etc/pki/rpm-gpg/#{new_resource.key}") + Chef::Log.info "Adding #{new_resource.key} GPG key to /etc/pki/rpm-gpg/" + + if node[:platform_version].to_i <= 5 + package "gnupg" + elsif node[:platform_version].to_i >= 6 + package "gnupg2" + end + + execute "rpm --import /etc/pki/rpm-gpg/#{new_resource.key}" do + action :nothing + not_if <<-EOH + function packagenames_for_keyfile() { + local filename="$1" + gpg \ + --with-fingerprint \ + --with-colons \ + --fixed-list-mode \ + "$filename" \ + | gawk -F: '/^pub/ { print tolower(sprintf("gpg-pubkey-%s-%x\\n", substr($5, length($5)-8+1), $6)) }' + } + + for pkgname in $(packagenames_for_keyfile "/etc/pki/rpm-gpg/#{new_resource.key}"); do + if [[ $pkgname ]] && ! rpm -q $pkgname ; then + exit 1; + fi; + done + + exit 0 + EOH + end + + #download the file if necessary + if new_resource.url + remote_file "/etc/pki/rpm-gpg/#{new_resource.key}" do + source new_resource.url + mode "0644" + notifies :run, resources(:execute => "rpm --import /etc/pki/rpm-gpg/#{new_resource.key}"), :immediately + end + end + + end +end + +action :remove do + if ::File.exists?("/etc/pki/rpm-gpg/#{new_resource.key}") + Chef::Log.info "Removing #{new_resource.key} key from /etc/pki/rpm-gpg/" + file "/etc/pki/rpm-gpg/#{new_resource.key}" do + action :delete + end + new_resource.updated_by_last_action(true) + end +end diff --git a/cookbooks/yum/providers/repository.rb b/cookbooks/yum/providers/repository.rb new file mode 100644 index 0000000..f80e346 --- /dev/null +++ b/cookbooks/yum/providers/repository.rb @@ -0,0 +1,65 @@ +# +# Cookbook Name:: yum +# Provider:: repository +# +# Copyright 2010, Tippr Inc. +# Copyright 2011, Opscode, Inc.. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# note that deletion does not remove GPG keys, either from the repo or +# /etc/pki/rpm-gpg; this is a design decision. + +action :add do + unless ::File.exists?("/etc/yum.repos.d/#{new_resource.repo_name}.repo") + Chef::Log.info "Adding #{new_resource.repo_name} repository to /etc/yum.repos.d/#{new_resource.repo_name}.repo" + #import the gpg key. If it needs to be downloaded or imported from a cookbook + #that can be done in the calling recipe + if new_resource.key then + yum_key new_resource.key + end + #get the metadata + execute "yum -q makecache" do + action :nothing + end + #write out the file + template "/etc/yum.repos.d/#{new_resource.repo_name}.repo" do + cookbook "yum" + source "repo.erb" + mode "0644" + variables({ + :repo_name => new_resource.repo_name, + :description => new_resource.description, + :url => new_resource.url, + :mirrorlist => new_resource.mirrorlist, + :key => new_resource.key, + :enabled => new_resource.enabled, + :type => new_resource.type, + :failovermethod => new_resource.failovermethod, + :bootstrapurl => new_resource.bootstrapurl + }) + notifies :run, resources(:execute => "yum -q makecache"), :immediately + end + end +end + +action :remove do + if ::File.exists?("/etc/yum.repos.d/#{new_resource.repo_name}.repo") + Chef::Log.info "Removing #{new_resource.repo_name} repository from /etc/yum.repos.d/" + file "/etc/yum.repos.d/#{new_resource.repo_name}.repo" do + action :delete + end + new_resource.updated_by_last_action(true) + end +end diff --git a/cookbooks/yum/recipes/default.rb b/cookbooks/yum/recipes/default.rb new file mode 100644 index 0000000..9bc90f2 --- /dev/null +++ b/cookbooks/yum/recipes/default.rb @@ -0,0 +1,18 @@ +# +# Cookbook Name:: yum +# Recipe:: default +# +# Copyright 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# diff --git a/cookbooks/yum/recipes/epel.rb b/cookbooks/yum/recipes/epel.rb new file mode 100644 index 0000000..171bc47 --- /dev/null +++ b/cookbooks/yum/recipes/epel.rb @@ -0,0 +1,41 @@ +# +# Author:: Joshua Timberman () +# Cookbook Name:: yum +# Recipe:: epel +# +# Copyright:: Copyright (c) 2011 Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +major = node['platform_version'].to_i +epel = node['yum']['epel_release'] + +# If rpm installation from a URL supported 302's, we'd just use that. +# Instead, we get to remote_file then rpm_package. + +remote_file "#{Chef::Config[:file_cache_path]}/epel-release-#{epel}.noarch.rpm" do + source "http://download.fedoraproject.org/pub/epel/#{major}/i386/epel-release-#{epel}.noarch.rpm" + not_if "rpm -qa | egrep -qx 'epel-release-#{epel}(|.noarch)'" + notifies :install, "rpm_package[epel-release]", :immediately +end + +rpm_package "epel-release" do + source "#{Chef::Config[:file_cache_path]}/epel-release-#{epel}.noarch.rpm" + only_if {::File.exists?("#{Chef::Config[:file_cache_path]}/epel-release-#{epel}.noarch.rpm")} + action :nothing +end + +file "epel-release-cleanup" do + path "#{Chef::Config[:file_cache_path]}/epel-release-#{epel}.noarch.rpm" + action :delete +end diff --git a/cookbooks/yum/recipes/ius.rb b/cookbooks/yum/recipes/ius.rb new file mode 100644 index 0000000..b597956 --- /dev/null +++ b/cookbooks/yum/recipes/ius.rb @@ -0,0 +1,40 @@ +# +# Author:: Joshua Timberman () +# Cookbook Name:: yum +# Recipe:: ius +# +# Copyright:: Copyright (c) 2011 Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +include_recipe "yum::epel" + +major = node['platform_version'].to_i +ius = node['yum']['ius_release'] + +remote_file "#{Chef::Config[:file_cache_path]}/ius-release-#{ius}.ius.el#{major}.noarch.rpm" do + source "http://dl.iuscommunity.org/pub/ius/stable/Redhat/#{major}/i386/ius-release-#{ius}.ius.el#{major}.noarch.rpm" + not_if "rpm -qa | grep -q '^ius-release-#{ius}'" + notifies :install, "rpm_package[ius-release]", :immediately +end + +rpm_package "ius-release" do + source "#{Chef::Config[:file_cache_path]}/ius-release-#{ius}.ius.el#{major}.noarch.rpm" + only_if {::File.exists?("#{Chef::Config[:file_cache_path]}/ius-release-#{ius}.ius.el#{major}.noarch.rpm")} + action :nothing +end + +file "ius-release-cleanup" do + path "#{Chef::Config[:file_cache_path]}/ius-release-#{ius}.ius.el#{major}.noarch.rpm" + action :delete +end diff --git a/cookbooks/yum/recipes/yum.rb b/cookbooks/yum/recipes/yum.rb new file mode 100644 index 0000000..584a2ba --- /dev/null +++ b/cookbooks/yum/recipes/yum.rb @@ -0,0 +1,23 @@ +# +# Cookbook Name:: yum +# Recipe:: yum +# +# Copyright 2011, Eric G. Wolfe +# Copyright 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +template "/etc/yum.conf" do + source "yum-rhel#{node[:platform_version].to_i}.conf.erb" +end diff --git a/cookbooks/yum/resources/key.rb b/cookbooks/yum/resources/key.rb new file mode 100644 index 0000000..2556a44 --- /dev/null +++ b/cookbooks/yum/resources/key.rb @@ -0,0 +1,23 @@ +# +# Cookbook Name:: yum +# Resource:: key +# +# Copyright 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +actions :add, :remove + +attribute :key, :kind_of => String, :name_attribute => true +attribute :url, :kind_of => String, :default => nil diff --git a/cookbooks/yum/resources/repository.rb b/cookbooks/yum/resources/repository.rb new file mode 100644 index 0000000..3cf8abf --- /dev/null +++ b/cookbooks/yum/resources/repository.rb @@ -0,0 +1,31 @@ +# +# Cookbook Name:: yum +# Resource:: repository +# +# Copyright 2011, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +actions :add, :remove + +#name of the repo, used for .repo filename +attribute :repo_name, :kind_of => String, :name_attribute => true +attribute :description, :kind_of => String #long description +attribute :url, :kind_of => String +attribute :mirrorlist, :default => false +attribute :key, :kind_of => String, :default => nil +attribute :enabled, :default => 1 +attribute :type, :kind_of => String, :default => nil +attribute :failovermethod, :kind_of => String, :default => nil +attribute :bootstrapurl, :kind_of => String, :default => nil diff --git a/cookbooks/yum/templates/default/repo.erb b/cookbooks/yum/templates/default/repo.erb new file mode 100644 index 0000000..520b511 --- /dev/null +++ b/cookbooks/yum/templates/default/repo.erb @@ -0,0 +1,25 @@ +# Generated by Chef for <%= node[:fqdn] %> +# Local modifications will be overwritten. +[<%= @repo_name %>] +name=<%= @description %> +<% if @type %> +type=<%= @type %> +<% end %> +<% if @mirrorlist %> +mirrorlist=<%= @url %> +<% else %> +baseurl=<%= @url %> +<% end %> +<% if @key %> +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/<%= @key %> +<% else %> +gpgcheck=0 +<% end %> +enabled=<%= @enabled %> +<% if @failovermethod %> +failovermethod=<%= @failovermethod %> +<% end %> +<% if @bootstrapurl %> +bootstrapurl=<%= @bootstrapurl %> +<% end %> diff --git a/cookbooks/yum/templates/default/yum-rhel5.conf.erb b/cookbooks/yum/templates/default/yum-rhel5.conf.erb new file mode 100644 index 0000000..467d378 --- /dev/null +++ b/cookbooks/yum/templates/default/yum-rhel5.conf.erb @@ -0,0 +1,28 @@ +# Generated by Chef for <%= node[:fqdn] %> +# Local modifications will be overwritten. +[main] +cachedir=/var/cache/yum +keepcache=0 +debuglevel=2 +logfile=/var/log/yum.log +distroverpkg=redhat-release +tolerant=1 +exactarch=1 +obsoletes=1 +gpgcheck=1 +plugins=1 +<%- if node[:yum][:exclude] %> +exclude=<%= node[:yum][:exclude].join(" ") %> +<%- end %> +<%- if node[:yum][:installonlypkgs] %> +installonlypkgs=<%= node[:yum][:installonlypkgs].join(" ") %> +<%- end %> + +# Note: yum-RHN-plugin doesn't honor this. +metadata_expire=1h + +# Default. +# installonly_limit = 3 + +# PUT YOUR REPOS HERE OR IN separate files named file.repo +# in /etc/yum.repos.d diff --git a/cookbooks/yum/templates/default/yum-rhel6.conf.erb b/cookbooks/yum/templates/default/yum-rhel6.conf.erb new file mode 100644 index 0000000..a5afb56 --- /dev/null +++ b/cookbooks/yum/templates/default/yum-rhel6.conf.erb @@ -0,0 +1,31 @@ +# Generated by Chef for <%= node[:fqdn] %> +# Local modifications will be overwritten. +[main] +cachedir=/var/cache/yum/$basearch/$releasever +keepcache=0 +debuglevel=2 +logfile=/var/log/yum.log +exactarch=1 +obsoletes=1 +gpgcheck=1 +plugins=1 +installonly_limit=3 +<%- if node[:yum][:exclude] %> +exclude=<%= node[:yum][:exclude].join(" ") %> +<%- end %> +<%- if node[:yum][:installonlypkgs] %> +installonlypkgs=<%= node[:yum][:installonlypkgs].join(" ") %> +<%- end %> + +# This is the default, if you make this bigger yum won't see if the metadata +# is newer on the remote and so you'll "gain" the bandwidth of not having to +# download the new metadata and "pay" for it by yum not having correct +# information. +# It is esp. important, to have correct metadata, for distributions like +# Fedora which don't keep old packages around. If you don't like this checking +# interupting your command line usage, it's much better to have something +# manually check the metadata once an hour (yum-updatesd will do this). +# metadata_expire=90m + +# PUT YOUR REPOS HERE OR IN separate files named file.repo +# in /etc/yum.repos.d diff --git a/cookbooks/zlib/README.md b/cookbooks/zlib/README.md new file mode 100644 index 0000000..7de94a9 --- /dev/null +++ b/cookbooks/zlib/README.md @@ -0,0 +1,27 @@ +Description +==== + +Installs development package for zlib. + +Requirements +==== + +Debian, Ubuntu, CentOS, Red Hat, Scientific, Fedora, SUSE. + +License and Author +==== + +Author:: Joshua Timberman () +Copyright:: 2009-2011, Opscode, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/cookbooks/zlib/metadata.rb b/cookbooks/zlib/metadata.rb new file mode 100644 index 0000000..a4c2c5f --- /dev/null +++ b/cookbooks/zlib/metadata.rb @@ -0,0 +1,12 @@ +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +description "Installs zlib" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "1.0.0" + +recipe "zlib", "Installs zlib development package" + +%w{ centos redhat scientific suse fedora ubuntu debian }.each do |os| + supports os +end diff --git a/cookbooks/zlib/recipes/default.rb b/cookbooks/zlib/recipes/default.rb new file mode 100644 index 0000000..ce03df5 --- /dev/null +++ b/cookbooks/zlib/recipes/default.rb @@ -0,0 +1,25 @@ +# +# Cookbook Name:: zlib +# Recipe:: default +# +# Copyright 2010, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +package "zlib-devel" do + package_name value_for_platform( + [ "centos", "redhat", "scientific", "suse", "fedora" ] => { "default" => "zlib-devel" }, + "default" => 'zlib1g-dev' + ) +end diff --git a/ruby.sh b/ruby.sh new file mode 100644 index 0000000..bf06e30 --- /dev/null +++ b/ruby.sh @@ -0,0 +1,10 @@ +yum install -y ruby.x86_64 ruby-devel.x86_64 gcc.x86_64 gcc-c++.x86_64 automake autoconf make.x86_6 + +wget http://production.cf.rubygems.org/rubygems/rubygems-1.6.2.tgz +cd /tmp +tar zxf rubygems-1.6.2.tgz +cd rubygems-1.6.2 +ruby setup.rb --no-format-executable + +gem install ohai --no-rdoc --no-ri +gem install chef --no-rdoc --no-ri diff --git a/solo.rb b/solo.rb new file mode 100644 index 0000000..a5c8edf --- /dev/null +++ b/solo.rb @@ -0,0 +1,2 @@ +file_cache_path "/tmp/chef-solo" +cookbook_path "/vagrant/cookbooks"