Initial commit

Vagrantfile

@@ -0,0 +1,21 @@
+Vagrant::Config.run do |config|
+  config.vm.box_url = "http://vagrant-promet.s3.amazonaws.com/centos-63.box"
+  config.vm.box = "centos-63"
+  config.vm.host_name = "chefserver"
+
+  config.vm.customize ["modifyvm", :id, "--memory", "1024"]
+  config.vm.network :hostonly, "33.33.33.3"
+
+  config.vm.forward_port 4000, 4000
+  config.vm.forward_port 4040, 4040
+  config.vm.forward_port 443, 443
+
+  #config.vm.provision :chef_solo do |chef|
+  #  chef.cookbooks_path = "cookbooks"
+  #  chef.data_bags_path = "data_bags"
+  #  chef.roles_path = "roles"
+  #  chef.add_role("vagrant")
+  #  chef.add_recipe "build-essential"
+  #  chef.log_level = :debug
+  #end
+end

bootstrap.sh

@@ -0,0 +1 @@
+chef-solo -c solo.rb -j chef.json

chef.json

@@ -0,0 +1,15 @@
+{
+  "chef_server": {
+    "server_url": "http://localhost:4000",
+    "webui_enabled": true,
+    "workers": 8,
+    "init_style": "init"
+  },
+  "yum": {
+     "epel_release": "6-7"
+  },
+  "run_list": [ 
+    "recipe[chef-server::rubygems-install]",
+    "recipe[chef-server::nginx-proxy]"
+   ]
+}

cookbooks/apache2/attributes/default.rb

@@ -0,0 +1,139 @@
+#
+# Cookbook Name:: apache2
+# Attributes:: apache
+#
+# Copyright 2008-2009, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+set[:apache][:root_group]  = "root"
+
+# Where the various parts of apache are
+case platform
+when "redhat","centos","scientific","fedora","suse"
+  set[:apache][:package] = "httpd"
+  set[:apache][:dir]     = "/etc/httpd"
+  set[:apache][:log_dir] = "/var/log/httpd"
+  set[:apache][:error_log] = "error.log"
+  set[:apache][:user]    = "apache"
+  set[:apache][:group]   = "apache"
+  set[:apache][:binary]  = "/usr/sbin/httpd"
+  set[:apache][:icondir] = "/var/www/icons"
+  set[:apache][:cache_dir] = "/var/cache/httpd"
+  if node.platform_version.to_f >= 6 then
+    set[:apache][:pid_file] = "/var/run/httpd/httpd.pid"
+  else
+    set[:apache][:pid_file] = "/var/run/httpd.pid"
+  end
+  set[:apache][:lib_dir] = node[:kernel][:machine] =~ /^i[36]86$/ ? "/usr/lib/httpd" : "/usr/lib64/httpd"
+  set[:apache][:libexecdir] = "#{set[:apache][:lib_dir]}/modules"
+when "debian","ubuntu"
+  set[:apache][:package] = "apache2"
+  set[:apache][:dir]     = "/etc/apache2"
+  set[:apache][:log_dir] = "/var/log/apache2"
+  set[:apache][:error_log] = "error.log"
+  set[:apache][:user]    = "www-data"
+  set[:apache][:group]   = "www-data"
+  set[:apache][:binary]  = "/usr/sbin/apache2"
+  set[:apache][:icondir] = "/usr/share/apache2/icons"
+  set[:apache][:cache_dir] = "/var/cache/apache2"
+  set[:apache][:pid_file]  = "/var/run/apache2.pid"
+  set[:apache][:lib_dir] = "/usr/lib/apache2"
+  set[:apache][:libexecdir] = "#{set[:apache][:lib_dir]}/modules"
+when "arch"
+  set[:apache][:package] = "apache"
+  set[:apache][:dir]     = "/etc/httpd"
+  set[:apache][:log_dir] = "/var/log/httpd"
+  set[:apache][:error_log] = "error.log"
+  set[:apache][:user]    = "http"
+  set[:apache][:group]   = "http"
+  set[:apache][:binary]  = "/usr/sbin/httpd"
+  set[:apache][:icondir] = "/usr/share/httpd/icons"
+  set[:apache][:cache_dir] = "/var/cache/httpd"
+  set[:apache][:pid_file]  = "/var/run/httpd/httpd.pid"
+  set[:apache][:lib_dir] = "/usr/lib/httpd"
+  set[:apache][:libexecdir] = "#{set[:apache][:lib_dir]}/modules"
+when "freebsd"
+  set[:apache][:package] = "apache22"
+  set[:apache][:dir]     = "/usr/local/etc/apache22"
+  set[:apache][:log_dir] = "/var/log"
+  set[:apache][:error_log] = "httpd-error.log"
+  set[:apache][:root_group] = "wheel"
+  set[:apache][:user]    = "www"
+  set[:apache][:group]    = "www"
+  set[:apache][:binary]  = "/usr/local/sbin/httpd"
+  set[:apache][:icondir] = "/usr/local/www/apache22/icons"
+  set[:apache][:cache_dir] = "/var/run/apache22"
+  set[:apache][:pid_file]  = "/var/run/httpd.pid"
+  set[:apache][:lib_dir] = "/usr/local/libexec/apache22"
+  set[:apache][:libexecdir] = set[:apache][:lib_dir]
+else
+  set[:apache][:dir]     = "/etc/apache2"
+  set[:apache][:log_dir] = "/var/log/apache2"
+  set[:apache][:error_log] = "error.log"
+  set[:apache][:user]    = "www-data"
+  set[:apache][:group]   = "www-data"
+  set[:apache][:binary]  = "/usr/sbin/apache2"
+  set[:apache][:icondir] = "/usr/share/apache2/icons"
+  set[:apache][:cache_dir] = "/var/cache/apache2"
+  set[:apache][:pid_file]  = "logs/httpd.pid"
+  set[:apache][:lib_dir] = "/usr/lib/apache2"
+  set[:apache][:libexecdir] = "#{set[:apache][:lib_dir]}/modules"
+end
+
+###
+# These settings need the unless, since we want them to be tunable,
+# and we don't want to override the tunings.
+###
+
+# General settings
+default[:apache][:listen_ports] = [ "80","443" ]
+default[:apache][:contact] = "ops@example.com"
+default[:apache][:timeout] = 300
+default[:apache][:keepalive] = "On"
+default[:apache][:keepaliverequests] = 100
+default[:apache][:keepalivetimeout] = 5
+
+# Security
+default[:apache][:servertokens] = "Prod"
+default[:apache][:serversignature] = "On"
+default[:apache][:traceenable] = "On"
+
+# mod_auth_openids
+default[:apache][:allowed_openids] = Array.new
+
+# Prefork Attributes
+default[:apache][:prefork][:startservers] = 16
+default[:apache][:prefork][:minspareservers] = 16
+default[:apache][:prefork][:maxspareservers] = 32
+default[:apache][:prefork][:serverlimit] = 400
+default[:apache][:prefork][:maxclients] = 400
+default[:apache][:prefork][:maxrequestsperchild] = 10000
+
+# Worker Attributes
+default[:apache][:worker][:startservers] = 4
+default[:apache][:worker][:maxclients] = 1024
+default[:apache][:worker][:minsparethreads] = 64
+default[:apache][:worker][:maxsparethreads] = 192
+default[:apache][:worker][:threadsperchild] = 64
+default[:apache][:worker][:maxrequestsperchild] = 0
+
+# Default modules to enable via include_recipe
+
+default['apache']['default_modules'] = %w{
+  status alias auth_basic authn_file authz_default authz_groupfile authz_host authz_user autoindex
+  dir env mime negotiation setenvif
+}
+
+default['apache']['default_modules'] << "log_config" if ["redhat", "centos", "scientific", "fedora", "suse", "arch", "freebsd"].include?(node.platform)

cookbooks/apache2/attributes/mod_auth_openid.rb

@@ -0,0 +1,32 @@
+# 
+# Author:: Joshua Timberman <joshua@opscode.com>
+# Copyright:: Copyright (c) 2011, Opscode, Inc.
+# License:: Apache License, Version 2.0
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#    http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# 
+
+default['apache']['mod_auth_openid']['checksum'] = "79e7ca52511d1230"
+default['apache']['mod_auth_openid']['version']  = "0.6"
+default['apache']['mod_auth_openid']['cache_dir']  = "/var/cache/mod_auth_openid"
+default['apache']['mod_auth_openid']['dblocation'] = "#{node['apache']['mod_auth_openid']['cache_dir']}/mod_auth_openid.db"
+
+case node[:platform]
+when "freebsd"
+  default['apache']['mod_auth_openid']['configure_flags'] = [
+      "CPPFLAGS=-I/usr/local/include",
+      "LDFLAGS=-I/usr/local/lib -lsqlite3"
+    ]
+else
+  default['apache']['mod_auth_openid']['configure_flags'] = []
+end

cookbooks/apache2/definitions/apache_conf.rb

@@ -0,0 +1,26 @@
+#
+# Cookbook Name:: apache2
+# Definition:: apache_conf
+#
+# Copyright 2008-2009, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+define :apache_conf do
+  template "#{node[:apache][:dir]}/mods-available/#{params[:name]}.conf" do
+    source "mods/#{params[:name]}.conf.erb"
+    notifies :restart, resources(:service => "apache2")
+    mode 0644
+  end
+end

cookbooks/apache2/definitions/apache_module.rb

@@ -0,0 +1,53 @@
+#
+# Cookbook Name:: apache2
+# Definition:: apache_module
+#
+# Copyright 2008-2009, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+define :apache_module, :enable => true, :conf => false do
+  include_recipe "apache2"
+
+  params[:filename] = params[:filename] || "mod_#{params[:name]}.so"
+  params[:module_path] = params[:module_path] || "#{node['apache']['libexecdir']}/#{params[:filename]}"
+
+  if params[:conf]
+    apache_conf params[:name]
+  end
+
+  if platform?("redhat", "centos", "scientific", "fedora", "arch", "suse" )
+    file "#{node['apache']['dir']}/mods-available/#{params[:name]}.load" do
+      content "LoadModule #{params[:name]}_module #{params[:module_path]}\n"
+      mode 0644
+    end
+  end
+
+  if params[:enable]
+    execute "a2enmod #{params[:name]}" do
+      command "/usr/sbin/a2enmod #{params[:name]}"
+      notifies :restart, resources(:service => "apache2")
+      not_if do (File.symlink?("#{node[:apache][:dir]}/mods-enabled/#{params[:name]}.load") and
+            ((File.exists?("#{node[:apache][:dir]}/mods-available/#{params[:name]}.conf"))?
+              (File.symlink?("#{node[:apache][:dir]}/mods-enabled/#{params[:name]}.conf")):(true)))
+      end
+    end
+  else
+    execute "a2dismod #{params[:name]}" do
+      command "/usr/sbin/a2dismod #{params[:name]}"
+      notifies :restart, resources(:service => "apache2")
+      only_if do ::File.symlink?("#{node[:apache][:dir]}/mods-enabled/#{params[:name]}.load") end
+    end
+  end
+end

cookbooks/apache2/definitions/apache_site.rb

@@ -0,0 +1,43 @@
+#
+# Cookbook Name:: apache2
+# Definition:: apache_site
+#
+# Copyright 2008-2009, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+define :apache_site, :enable => true do
+  include_recipe "apache2"
+
+  if params[:enable]
+    execute "a2ensite #{params[:name]}" do
+      command "/usr/sbin/a2ensite #{params[:name]}"
+      notifies :restart, resources(:service => "apache2")
+      not_if do
+        ::File.symlink?("#{node[:apache][:dir]}/sites-enabled/#{params[:name]}") or
+          ::File.symlink?("#{node[:apache][:dir]}/sites-enabled/000-#{params[:name]}")
+      end
+      only_if do ::File.exists?("#{node[:apache][:dir]}/sites-available/#{params[:name]}") end
+    end
+  else
+    execute "a2dissite #{params[:name]}" do
+      command "/usr/sbin/a2dissite #{params[:name]}"
+      notifies :restart, resources(:service => "apache2")
+      only_if do
+        ::File.symlink?("#{node[:apache][:dir]}/sites-enabled/#{params[:name]}") or
+          ::File.symlink?("#{node[:apache][:dir]}/sites-enabled/000-#{params[:name]}")
+      end
+    end
+  end
+end

cookbooks/apache2/definitions/web_app.rb

@@ -0,0 +1,49 @@
+#
+# Cookbook Name:: apache2
+# Definition:: web_app
+#
+# Copyright 2008-2009, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+define :web_app, :template => "web_app.conf.erb", :enable => true do
+
+  application_name = params[:name]
+
+  include_recipe "apache2"
+  include_recipe "apache2::mod_rewrite"
+  include_recipe "apache2::mod_deflate"
+  include_recipe "apache2::mod_headers"
+
+  template "#{node[:apache][:dir]}/sites-available/#{application_name}.conf" do
+    source params[:template]
+    owner "root"
+    group node[:apache][:root_group]
+    mode 0644
+    if params[:cookbook]
+      cookbook params[:cookbook]
+    end
+    variables(
+      :application_name => application_name,
+      :params => params
+    )
+    if ::File.exists?("#{node[:apache][:dir]}/sites-enabled/#{application_name}.conf")
+      notifies :reload, resources(:service => "apache2"), :delayed
+    end
+  end
+
+  apache_site "#{params[:name]}.conf" do
+    enable params[:enable]
+  end
+end