Skip to content
Browse files

Initial commit

  • Loading branch information...
0 parents commit 6a4157f7c3871bfbe27ad0ecca9e84c79f5cbba0 @trevrosen trevrosen committed
Showing with 284 additions and 0 deletions.
  1. +2 −0 .gitignore
  2. +5 −0 README.md
  3. +65 −0 Rakefile
  4. +19 −0 certificates/README.md
  5. +11 −0 chefignore
  6. +38 −0 config/rake.rb
  7. +54 −0 cookbooks/README.md
  8. +63 −0 data_bags/README.md
  9. +5 −0 environments/README.md
  10. +16 −0 roles/README.md
  11. +6 −0 solo-nodes/dev-builder.json
2 .gitignore
@@ -0,0 +1,2 @@
+.rake_test_cache
+
5 README.md
@@ -0,0 +1,5 @@
+# Metasploit Chef Cookbooks
+
+Contains cookbooks for creating build and test systems.
+
+Using [starter repo from OpsCode](https://github.com/opscode/chef-repo).
65 Rakefile
@@ -0,0 +1,65 @@
+#
+# Rakefile for Chef Server Repository
+#
+# Author:: Adam Jacob (<adam@opscode.com>)
+# Copyright:: Copyright (c) 2008 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'rubygems'
+require 'chef'
+require 'json'
+
+# Load constants from rake config file.
+require File.join(File.dirname(__FILE__), 'config', 'rake')
+
+# Detect the version control system and assign to $vcs. Used by the update
+# task in chef_repo.rake (below). The install task calls update, so this
+# is run whenever the repo is installed.
+#
+# Comment out these lines to skip the update.
+
+if File.directory?(File.join(TOPDIR, ".svn"))
+ $vcs = :svn
+elsif File.directory?(File.join(TOPDIR, ".git"))
+ $vcs = :git
+end
+
+# Load common, useful tasks from Chef.
+# rake -T to see the tasks this loads.
+
+load 'chef/tasks/chef_repo.rake'
+
+desc "Bundle a single cookbook for distribution"
+task :bundle_cookbook => [ :metadata ]
+task :bundle_cookbook, :cookbook do |t, args|
+ tarball_name = "#{args.cookbook}.tar.gz"
+ temp_dir = File.join(Dir.tmpdir, "chef-upload-cookbooks")
+ temp_cookbook_dir = File.join(temp_dir, args.cookbook)
+ tarball_dir = File.join(TOPDIR, "pkgs")
+ FileUtils.mkdir_p(tarball_dir)
+ FileUtils.mkdir(temp_dir)
+ FileUtils.mkdir(temp_cookbook_dir)
+
+ child_folders = [ "cookbooks/#{args.cookbook}", "site-cookbooks/#{args.cookbook}" ]
+ child_folders.each do |folder|
+ file_path = File.join(TOPDIR, folder, ".")
+ FileUtils.cp_r(file_path, temp_cookbook_dir) if File.directory?(file_path)
+ end
+
+ system("tar", "-C", temp_dir, "-cvzf", File.join(tarball_dir, tarball_name), "./#{args.cookbook}")
+
+ FileUtils.rm_rf temp_dir
+end
19 certificates/README.md
@@ -0,0 +1,19 @@
+Creating SSL certificates is a common task done in web application infrastructures, so a rake task is provided to generate certificates. These certificates are stored here by the ssl_cert task.
+
+Configure the values used in the SSL certificate by modifying `config/rake.rb`.
+
+To generate a certificate set for a new monitoring server, for example:
+
+ rake ssl_cert FQDN=monitoring.example.com
+
+Once the certificates are generated, copy them into the cookbook(s) where you want to use them.
+
+ cp certificates/monitoring.example.com.* cookbooks/COOKBOOK/files/default
+
+In the recipe for that cookbook, create a `cookbook_file` resource to configure a resource that puts them in place on the destination server.
+
+ cookbook_file '/etc/apache2/ssl/monitoring.example.com.pem'
+ owner 'root'
+ group 'root'
+ mode 0600
+ end
11 chefignore
@@ -0,0 +1,11 @@
+# Put files/directories that should be ignored in this file.
+# Lines that start with '# ' are comments.
+
+# emacs
+*~
+
+# vim
+*.sw[a-z]
+
+# subversion
+*/.svn/*
38 config/rake.rb
@@ -0,0 +1,38 @@
+# Configure the Rakefile's tasks.
+
+###
+# Company and SSL Details
+# Used with the ssl_cert task.
+###
+
+# The company name - used for SSL certificates, and in srvious other places
+COMPANY_NAME = "Example Com"
+
+# The Country Name to use for SSL Certificates
+SSL_COUNTRY_NAME = "US"
+
+# The State Name to use for SSL Certificates
+SSL_STATE_NAME = "Several"
+
+# The Locality Name for SSL - typically, the city
+SSL_LOCALITY_NAME = "Locality"
+
+# What department?
+SSL_ORGANIZATIONAL_UNIT_NAME = "Operations"
+
+# The SSL contact email address
+SSL_EMAIL_ADDRESS = "ops@example.com"
+
+# License for new Cookbooks
+# Can be :apachev2 or :none
+NEW_COOKBOOK_LICENSE = :apachev2
+
+###
+# Useful Extras (which you probably don't need to change)
+###
+
+# The top of the repository checkout
+TOPDIR = File.expand_path(File.join(File.dirname(__FILE__), ".."))
+
+# Where to store certificates generated with ssl_cert
+CADIR = File.expand_path(File.join(TOPDIR, "certificates"))
54 cookbooks/README.md
@@ -0,0 +1,54 @@
+This directory contains the cookbooks used to configure systems in your infrastructure with Chef.
+
+Knife needs to be configured to know where the cookbooks are located with the `cookbook_path` setting. If this is not set, then several cookbook operations will fail to work properly.
+
+ cookbook_path ["./cookbooks"]
+
+This setting tells knife to look for the cookbooks directory in the present working directory. This means the knife cookbook subcommands need to be run in the `chef-repo` directory itself. To make sure that the cookbooks can be found elsewhere inside the repository, use an absolute path. This is a Ruby file, so something like the following can be used:
+
+ current_dir = File.dirname(__FILE__)
+ cookbook_path ["#{current_dir}/../cookbooks"]
+
+Which will set `current_dir` to the location of the knife.rb file itself (e.g. `~/chef-repo/.chef/knife.rb`).
+
+Configure knife to use your preferred copyright holder, email contact and license. Add the following lines to `.chef/knife.rb`.
+
+ cookbook_copyright "Example, Com."
+ cookbook_email "cookbooks@example.com"
+ cookbook_license "apachev2"
+
+Supported values for `cookbook_license` are "apachev2", "mit","gplv2","gplv3", or "none". These settings are used to prefill comments in the default recipe, and the corresponding values in the metadata.rb. You are free to change the the comments in those files.
+
+Create new cookbooks in this directory with Knife.
+
+ knife cookbook create COOKBOOK
+
+This will create all the cookbook directory components. You don't need to use them all, and can delete the ones you don't need. It also creates a README file, metadata.rb and default recipe.
+
+You can also download cookbooks directly from the Opscode Cookbook Site. There are two subcommands to help with this depending on what your preference is.
+
+The first and recommended method is to use a vendor branch if you're using Git. This is automatically handled with Knife.
+
+ knife cookbook site install COOKBOOK
+
+This will:
+
+* Download the cookbook tarball from cookbooks.opscode.com.
+* Ensure its on the git master branch.
+* Checks for an existing vendor branch, and creates if it doesn't.
+* Checks out the vendor branch (chef-vendor-COOKBOOK).
+* Removes the existing (old) version.
+* Untars the cookbook tarball it downloaded in the first step.
+* Adds the cookbook files to the git index and commits.
+* Creates a tag for the version downloaded.
+* Checks out the master branch again.
+* Merges the cookbook into master.
+* Repeats the above for all the cookbooks dependencies, downloading them from the community site
+
+The last step will ensure that any local changes or modifications you have made to the cookbook are preserved, so you can keep your changes through upstream updates.
+
+If you're not using Git, use the site download subcommand to download the tarball.
+
+ knife cookbook site download COOKBOOK
+
+This creates the COOKBOOK.tar.gz from in the current directory (e.g., `~/chef-repo`). We recommend following a workflow similar to the above for your version control tool.
63 data_bags/README.md
@@ -0,0 +1,63 @@
+Data Bags
+---------
+
+This directory contains directories of the various data bags you create for your infrastructure. Each subdirectory corresponds to a data bag on the Chef Server, and contains JSON files of the items that go in the bag.
+
+First, create a directory for the data bag.
+
+ mkdir data_bags/BAG
+
+Then create the JSON files for items that will go into that bag.
+
+ $EDITOR data_bags/BAG/ITEM.json
+
+The JSON for the ITEM must contain a key named "id" with a value equal to "ITEM". For example,
+
+ {
+ "id": "foo"
+ }
+
+Next, create the data bag on the Chef Server.
+
+ knife data bag create BAG
+
+Then upload the items in the data bag's directory to the Chef Server.
+
+ knife data bag from file BAG ITEM.json
+
+
+Encrypted Data Bags
+-------------------
+
+Added in Chef 0.10, encrypted data bags allow you to encrypt the contents of your data bags. The content of attributes will no longer be searchable. To use encrypted data bags, first you must have or create a secret key.
+
+ openssl rand -base64 512 > secret_key
+
+You may use this secret_key to add items to a data bag during a create.
+
+ knife data bag create --secret-file secret_key passwords mysql
+
+You may also use it when adding ITEMs from files,
+
+ knife data bag create passwords
+ knife data bag from file passwords data_bags/passwords/mysql.json --secret-file secret_key
+
+The JSON for the ITEM must contain a key named "id" with a value equal to "ITEM" and the contents will be encrypted when uploaded. For example,
+
+ {
+ "id": "mysql",
+ "password": "abc123"
+ }
+
+Without the secret_key, the contents are encrypted.
+
+ knife data bag show passwords mysql
+ id: mysql
+ password: 2I0XUUve1TXEojEyeGsjhw==
+
+Use the secret_key to view the contents.
+
+ knife data bag show passwords mysql --secret-file secret_key
+ id: mysql
+ password: abc123
+
5 environments/README.md
@@ -0,0 +1,5 @@
+Requires Chef 0.10.0+.
+
+This directory is for Ruby DSL and JSON files for environments. For more information see the Chef wiki page:
+
+http://wiki.opscode.com/display/chef/Environments
16 roles/README.md
@@ -0,0 +1,16 @@
+Create roles here, in either the Role Ruby DSL (.rb) or JSON (.json) files. To install roles on the server, use knife.
+
+For example, create `roles/base_example.rb`:
+
+ name "base_example"
+ description "Example base role applied to all nodes."
+ # List of recipes and roles to apply. Requires Chef 0.8, earlier versions use 'recipes()'.
+ #run_list()
+ # Attributes applied if the node doesn't have it set already.
+ #default_attributes()
+ # Attributes applied no matter what the node has set already.
+ #override_attributes()
+
+Then upload it to the Chef Server:
+
+ knife role from file roles/base_example.rb
6 solo-nodes/dev-builder.json
@@ -0,0 +1,6 @@
+// Configuration for development environment used
+// in several build steps
+
+{
+ 'run_list' : ['recipe[rvm]']
+}

0 comments on commit 6a4157f

Please sign in to comment.
Something went wrong with that request. Please try again.