From a8948053d6849ec4d951fddd0a8e045f2db5160c Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Tue, 30 Nov 2021 09:53:33 -0600 Subject: [PATCH 01/86] Update LND to 0.14.1 closes #351 --- site-cookbooks/kosmos-bitcoin/attributes/default.rb | 2 +- site-cookbooks/kosmos-bitcoin/recipes/lnd.rb | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/site-cookbooks/kosmos-bitcoin/attributes/default.rb b/site-cookbooks/kosmos-bitcoin/attributes/default.rb index b727aa9..5d73674 100644 --- a/site-cookbooks/kosmos-bitcoin/attributes/default.rb +++ b/site-cookbooks/kosmos-bitcoin/attributes/default.rb @@ -38,7 +38,7 @@ node.default['c-lightning']['log_level'] = 'info' node.default['c-lightning']['public_ip'] = '148.251.237.73' node.default['lnd']['repo'] = 'https://github.com/lightningnetwork/lnd' -node.default['lnd']['revision'] = 'v0.13.1-beta' +node.default['lnd']['revision'] = 'v0.14.1-beta' node.default['lnd']['source_dir'] = '/opt/lnd' node.default['lnd']['lnd_dir'] = "/home/#{node['bitcoin']['username']}/.lnd" node.default['lnd']['alias'] = 'ln2.kosmos.org' diff --git a/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb b/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb index 47bbe7e..e800b31 100644 --- a/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb +++ b/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb @@ -4,6 +4,8 @@ # include_recipe "git" + +node.override['golang']['version'] = "1.17.4" include_recipe "golang" git node['lnd']['source_dir'] do From bbef38b6d6ead1447e59cb087ee9f9b9169d53c6 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Sat, 4 Dec 2021 19:57:19 -0600 Subject: [PATCH 02/86] Update golang cookbook --- Berksfile | 2 +- Berksfile.lock | 27 +- cookbooks/ark/CHANGELOG.md | 37 ++- cookbooks/ark/CONTRIBUTING.md | 2 - cookbooks/ark/LICENSE | 202 ++++++++++++ cookbooks/ark/README.md | 52 +-- cookbooks/ark/attributes/default.rb | 2 +- cookbooks/ark/chefignore | 115 +++++++ cookbooks/ark/kitchen.dokken.yml | 65 ++++ cookbooks/ark/kitchen.exec.yml | 14 + cookbooks/ark/libraries/resource_defaults.rb | 2 +- .../ark/libraries/sevenzip_command_builder.rb | 2 +- .../ark/libraries/tar_command_builder.rb | 2 +- cookbooks/ark/metadata.json | 50 ++- cookbooks/ark/metadata.rb | 38 ++- cookbooks/ark/recipes/default.rb | 2 +- cookbooks/ark/resources/default.rb | 7 +- cookbooks/golang/CHANGELOG.md | 30 ++ cookbooks/golang/CONTRIBUTING.md | 4 - cookbooks/golang/LICENSE | 201 ++++++++++++ cookbooks/golang/chefignore | 115 +++++++ cookbooks/golang/kitchen.dokken.yml | 55 ++++ cookbooks/golang/metadata.json | 44 ++- cookbooks/golang/metadata.rb | 6 +- cookbooks/golang/recipes/default.rb | 4 +- cookbooks/golang/resources/default.rb | 6 +- cookbooks/golang/resources/package.rb | 16 + cookbooks/mingw/CHANGELOG.md | 13 + cookbooks/mingw/CONTRIBUTING.md | 2 - cookbooks/mingw/LICENSE | 202 ++++++++++++ cookbooks/mingw/README.md | 2 +- cookbooks/mingw/chefignore | 115 +++++++ cookbooks/mingw/libraries/_helper.rb | 4 +- cookbooks/mingw/metadata.json | 37 ++- cookbooks/mingw/metadata.rb | 14 + cookbooks/mingw/recipes/default.rb | 2 +- cookbooks/mingw/resources/get.rb | 4 +- cookbooks/mingw/resources/msys2_package.rb | 24 +- cookbooks/mingw/resources/tdm_gcc.rb | 4 +- cookbooks/mysql/CHANGELOG.md | 7 + cookbooks/mysql/libraries/helpers.rb | 96 +++--- .../mysql/libraries/mysql_service_base.rb | 2 +- cookbooks/mysql/metadata.json | 2 +- cookbooks/mysql/metadata.rb | 2 +- cookbooks/nodejs/CHANGELOG.md | 8 + cookbooks/nodejs/metadata.json | 2 +- cookbooks/nodejs/metadata.rb | 2 +- cookbooks/php/CHANGELOG.md | 4 + cookbooks/php/attributes/default.rb | 3 +- cookbooks/php/metadata.json | 2 +- cookbooks/php/metadata.rb | 18 +- cookbooks/seven_zip/CHANGELOG.md | 104 ++++++ cookbooks/seven_zip/Gemfile | 8 - cookbooks/seven_zip/Gemfile.lock | 79 ----- cookbooks/seven_zip/README.md | 124 +++----- cookbooks/seven_zip/appveyor.yml | 42 --- cookbooks/seven_zip/attributes/default.rb | 31 -- cookbooks/seven_zip/chefignore | 117 ++++--- cookbooks/seven_zip/kitchen.exec.yml | 15 + cookbooks/seven_zip/libraries/matchers.rb | 33 -- cookbooks/seven_zip/metadata.json | 22 +- cookbooks/seven_zip/metadata.rb | 15 +- cookbooks/seven_zip/providers/archive.rb | 64 ---- cookbooks/seven_zip/recipes/default.rb | 24 -- cookbooks/seven_zip/resources/archive.rb | 115 +++++-- cookbooks/seven_zip/resources/tool.rb | 49 +-- cookbooks/windows/CHANGELOG.md | 43 +++ cookbooks/windows/README.md | 129 ++------ .../windows/libraries/registry_helper.rb | 14 +- cookbooks/windows/libraries/windows_helper.rb | 2 +- cookbooks/windows/metadata.json | 2 +- cookbooks/windows/metadata.rb | 5 +- cookbooks/windows/providers/dns.rb | 5 - cookbooks/windows/resources/certificate.rb | 301 ------------------ .../windows/resources/certificate_binding.rb | 3 +- cookbooks/windows/resources/dns.rb | 5 +- cookbooks/windows/resources/http_acl.rb | 2 +- cookbooks/windows/resources/schannel.rb | 39 +++ cookbooks/windows/resources/share.rb | 288 ----------------- cookbooks/windows/resources/user_privilege.rb | 6 +- cookbooks/windows/resources/zipfile.rb | 1 + cookbooks/yum-epel/CHANGELOG.md | 55 ++++ cookbooks/yum-epel/CONTRIBUTING.md | 2 - cookbooks/yum-epel/LICENSE | 202 ++++++++++++ cookbooks/yum-epel/README.md | 170 ++++------ cookbooks/yum-epel/attributes/default.rb | 36 ++- .../yum-epel/attributes/epel-debuginfo.rb | 15 +- .../attributes/epel-modular-debuginfo.rb | 8 + .../attributes/epel-modular-source.rb | 8 + cookbooks/yum-epel/attributes/epel-modular.rb | 8 + .../attributes/epel-next-debuginfo.rb | 11 + .../yum-epel/attributes/epel-next-source.rb | 11 + .../attributes/epel-next-testing-debuginfo.rb | 11 + .../attributes/epel-next-testing-source.rb | 11 + .../yum-epel/attributes/epel-next-testing.rb | 11 + cookbooks/yum-epel/attributes/epel-next.rb | 10 + .../attributes/epel-playground-debuginfo.rb | 8 + .../attributes/epel-playground-source.rb | 8 + .../yum-epel/attributes/epel-playground.rb | 8 + cookbooks/yum-epel/attributes/epel-source.rb | 15 +- .../attributes/epel-testing-debuginfo.rb | 15 +- .../epel-testing-modular-debuginfo.rb | 8 + .../attributes/epel-testing-modular-source.rb | 8 + .../attributes/epel-testing-modular.rb | 8 + .../attributes/epel-testing-source.rb | 15 +- cookbooks/yum-epel/attributes/epel-testing.rb | 15 +- cookbooks/yum-epel/attributes/epel.rb | 15 +- cookbooks/yum-epel/chefignore | 115 +++++++ cookbooks/yum-epel/kitchen.dokken.yml | 46 +++ cookbooks/yum-epel/libraries/helpers.rb | 46 +++ cookbooks/yum-epel/metadata.json | 42 ++- cookbooks/yum-epel/metadata.rb | 16 + cookbooks/yum-epel/recipes/default.rb | 2 +- cookbooks/yum/.foodcritic | 1 - cookbooks/yum/CHANGELOG.md | 35 ++ cookbooks/yum/CONTRIBUTING.md | 2 - cookbooks/yum/LICENSE | 202 ++++++++++++ cookbooks/yum/README.md | 88 ++--- cookbooks/yum/attributes/main.rb | 102 +++--- cookbooks/yum/chefignore | 115 +++++++ cookbooks/yum/kitchen.dokken.yml | 48 +++ cookbooks/yum/libraries/matchers.rb | 9 - cookbooks/yum/metadata.json | 43 ++- cookbooks/yum/metadata.rb | 17 + cookbooks/yum/recipes/default.rb | 2 +- cookbooks/yum/recipes/dnf_yum_compat.rb | 29 -- cookbooks/yum/resources/dnf_module.rb | 104 ++++++ cookbooks/yum/resources/globalconfig.rb | 213 ++++++++----- cookbooks/yum/templates/main.erb | 12 +- nodes/bitcoin-2.json | 2 +- 130 files changed, 3548 insertions(+), 1795 deletions(-) delete mode 100644 cookbooks/ark/CONTRIBUTING.md create mode 100644 cookbooks/ark/LICENSE create mode 100644 cookbooks/ark/chefignore create mode 100644 cookbooks/ark/kitchen.dokken.yml create mode 100644 cookbooks/ark/kitchen.exec.yml delete mode 100644 cookbooks/golang/CONTRIBUTING.md create mode 100644 cookbooks/golang/LICENSE create mode 100644 cookbooks/golang/chefignore create mode 100644 cookbooks/golang/kitchen.dokken.yml delete mode 100644 cookbooks/mingw/CONTRIBUTING.md create mode 100644 cookbooks/mingw/LICENSE create mode 100644 cookbooks/mingw/chefignore create mode 100644 cookbooks/mingw/metadata.rb create mode 100644 cookbooks/seven_zip/CHANGELOG.md delete mode 100644 cookbooks/seven_zip/Gemfile delete mode 100644 cookbooks/seven_zip/Gemfile.lock delete mode 100644 cookbooks/seven_zip/appveyor.yml delete mode 100644 cookbooks/seven_zip/attributes/default.rb create mode 100644 cookbooks/seven_zip/kitchen.exec.yml delete mode 100644 cookbooks/seven_zip/libraries/matchers.rb delete mode 100644 cookbooks/seven_zip/providers/archive.rb delete mode 100644 cookbooks/seven_zip/recipes/default.rb delete mode 100644 cookbooks/windows/resources/certificate.rb create mode 100644 cookbooks/windows/resources/schannel.rb delete mode 100644 cookbooks/windows/resources/share.rb delete mode 100644 cookbooks/yum-epel/CONTRIBUTING.md create mode 100644 cookbooks/yum-epel/LICENSE create mode 100644 cookbooks/yum-epel/attributes/epel-modular-debuginfo.rb create mode 100644 cookbooks/yum-epel/attributes/epel-modular-source.rb create mode 100644 cookbooks/yum-epel/attributes/epel-modular.rb create mode 100644 cookbooks/yum-epel/attributes/epel-next-debuginfo.rb create mode 100644 cookbooks/yum-epel/attributes/epel-next-source.rb create mode 100644 cookbooks/yum-epel/attributes/epel-next-testing-debuginfo.rb create mode 100644 cookbooks/yum-epel/attributes/epel-next-testing-source.rb create mode 100644 cookbooks/yum-epel/attributes/epel-next-testing.rb create mode 100644 cookbooks/yum-epel/attributes/epel-next.rb create mode 100644 cookbooks/yum-epel/attributes/epel-playground-debuginfo.rb create mode 100644 cookbooks/yum-epel/attributes/epel-playground-source.rb create mode 100644 cookbooks/yum-epel/attributes/epel-playground.rb create mode 100644 cookbooks/yum-epel/attributes/epel-testing-modular-debuginfo.rb create mode 100644 cookbooks/yum-epel/attributes/epel-testing-modular-source.rb create mode 100644 cookbooks/yum-epel/attributes/epel-testing-modular.rb create mode 100644 cookbooks/yum-epel/chefignore create mode 100644 cookbooks/yum-epel/kitchen.dokken.yml create mode 100644 cookbooks/yum-epel/libraries/helpers.rb create mode 100644 cookbooks/yum-epel/metadata.rb delete mode 100644 cookbooks/yum/.foodcritic delete mode 100644 cookbooks/yum/CONTRIBUTING.md create mode 100644 cookbooks/yum/LICENSE create mode 100644 cookbooks/yum/chefignore create mode 100644 cookbooks/yum/kitchen.dokken.yml delete mode 100644 cookbooks/yum/libraries/matchers.rb create mode 100644 cookbooks/yum/metadata.rb delete mode 100644 cookbooks/yum/recipes/dnf_yum_compat.rb create mode 100644 cookbooks/yum/resources/dnf_module.rb diff --git a/Berksfile b/Berksfile index 0faee3c..ff0f8be 100644 --- a/Berksfile +++ b/Berksfile @@ -52,5 +52,5 @@ cookbook 'ipfs', cookbook 'elasticsearch', '= 4.2.0' cookbook 'java', '~> 4.3.0' cookbook 'ulimit', '~> 1.0.0' -cookbook 'golang', '~> 4.1.0' +cookbook 'golang', '~> 5.3.1' cookbook 'zerotier', '~> 1.0.7' diff --git a/Berksfile.lock b/Berksfile.lock index 85f2083..9bf79bb 100644 --- a/Berksfile.lock +++ b/Berksfile.lock @@ -12,7 +12,7 @@ DEPENDENCIES elasticsearch (= 4.2.0) firewall (~> 2.6.3) git (~> 10.0.0) - golang (~> 4.1.0) + golang (~> 5.3.1) homebrew (= 3.0.0) hostname (= 0.4.2) hostsfile (~> 3.0.1) @@ -69,8 +69,8 @@ GRAPH poise-javascript (~> 1.0) poise-service (~> 1.0) apt (7.3.0) - ark (5.0.0) - seven_zip (>= 0.0.0) + ark (6.0.3) + seven_zip (>= 3.1) build-essential (8.2.1) mingw (>= 1.1) seven_zip (>= 0.0.0) @@ -89,8 +89,8 @@ GRAPH firewall (2.6.5) chef-sugar (>= 0.0.0) git (10.0.0) - golang (4.1.0) - ark (~> 5.0) + golang (5.3.1) + ark (>= 6.0) homebrew (3.0.0) hostname (0.4.2) hostsfile (>= 0.0.0) @@ -109,20 +109,20 @@ GRAPH apache2 (>= 0.0.0) nginx (>= 0.0.0) php (>= 0.0.0) - mingw (2.1.0) + mingw (2.1.3) seven_zip (>= 0.0.0) - mysql (8.7.3) + mysql (8.7.4) nginx (9.0.0) build-essential (>= 5.0) ohai (>= 4.1.0) yum-epel (>= 0.0.0) - nodejs (7.3.1) + nodejs (7.3.3) ark (>= 2.0.2) chocolatey (>= 3.0) ntp (3.4.0) ohai (5.2.5) openssl (8.5.5) - php (8.0.0) + php (8.0.1) yum-epel (>= 0.0.0) poise (2.8.2) poise-archive (1.5.0) @@ -155,13 +155,12 @@ GRAPH selinux_policy (>= 2.2.0) ulimit (>= 0.1.2) selinux_policy (2.4.3) - seven_zip (3.1.1) - windows (>= 0.0.0) + seven_zip (4.2.2) timezone_iii (1.0.4) ulimit (1.0.0) users (5.3.1) - windows (6.0.0) - yum (5.1.0) - yum-epel (3.3.0) + windows (7.0.2) + yum (7.2.0) + yum-epel (4.2.3) zerotier (1.0.7) ohai (>= 0.0.0) diff --git a/cookbooks/ark/CHANGELOG.md b/cookbooks/ark/CHANGELOG.md index 4e02c20..5513aa1 100644 --- a/cookbooks/ark/CHANGELOG.md +++ b/cookbooks/ark/CHANGELOG.md @@ -2,6 +2,40 @@ This file is used to list changes made in each version of the ark cookbook. +## 6.0.3 - *2021-08-30* + +- Standardise files with files in sous-chefs/repo-management + +## 6.0.2 - *2021-06-18* + +- Update location of test archive fixtures + +## 6.0.1 - *2021-06-01* + +- Standardise files with files in sous-chefs/repo-management + +## 6.0.0 - *2021-05-22* + +- Chef 17 updates: enable `unified_mode` on all resources +- Bump required Chef Infra Client to >= 15.3 +- Migrate to using `seven_zip_tool` resource directly and require `seven_zip` >= 3.1 +- Various ChefSpec fixes + +## 5.1.1 - *2021-04-29* + +- Added a version pin on seven_zip + +## 5.1.0 - *2021-01-24* + +- Sous Chefs Adoption +- Standardise files with files in sous-chefs/repo-management +- Cookstyle fixes +- Add integration testing for Windows and MacOS +- Remove testing for Amazon Linux 201x, CentOS 6 and Ubuntu 16.04 +- Fix ChefSpec tests +- Fix issues with `--strip-components` with the `:cherry_pick` action on MacOS +- Ensure `/etc/profile.d` exists on MacOS if `append_env_path` is used + ## 5.0.0 (2020-01-02) - Require Chef Infra Client 14+ and remove the need for the build_essential dependency - [@tas50](https://github.com/tas50) @@ -33,8 +67,9 @@ This file is used to list changes made in each version of the ark cookbook. - Rewrite of resource to custom resources. - Remove EOL platforms from testing. - Update zlib URL -- + ## 2.2.1 (2016-12-16) + - Use Ohai root_group attribute to avoid trying to set the group to root on BSD/macOS. - Add missing accessor for owner property diff --git a/cookbooks/ark/CONTRIBUTING.md b/cookbooks/ark/CONTRIBUTING.md deleted file mode 100644 index ef2f2b8..0000000 --- a/cookbooks/ark/CONTRIBUTING.md +++ /dev/null @@ -1,2 +0,0 @@ -Please refer to -https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD diff --git a/cookbooks/ark/LICENSE b/cookbooks/ark/LICENSE new file mode 100644 index 0000000..8f71f43 --- /dev/null +++ b/cookbooks/ark/LICENSE @@ -0,0 +1,202 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/cookbooks/ark/README.md b/cookbooks/ark/README.md index 35309a3..cda7620 100644 --- a/cookbooks/ark/README.md +++ b/cookbooks/ark/README.md @@ -1,6 +1,10 @@ # ark cookbook -[![Build Status](https://travis-ci.org/chef-cookbooks/ark.svg?branch=master)](https://travis-ci.org/chef-cookbooks/ark) [![Cookbook Version](https://img.shields.io/cookbook/v/ark.svg)](https://supermarket.chef.io/cookbooks/ark) +[![Cookbook Version](https://img.shields.io/cookbook/v/ark.svg)](https://supermarket.chef.io/cookbooks/ark) +[![CI State](https://github.com/sous-chefs/ark/workflows/ci/badge.svg)](https://github.com/sous-chefs/ark/actions?query=workflow%3Aci) +[![OpenCollective](https://opencollective.com/sous-chefs/backers/badge.svg)](#backers) +[![OpenCollective](https://opencollective.com/sous-chefs/sponsors/badge.svg)](#sponsors) +[![License](https://img.shields.io/badge/License-Apache%202.0-green.svg)](https://opensource.org/licenses/Apache-2.0) ## Overview @@ -27,6 +31,10 @@ By default, the ark will not run again if the `:path` is not empty. Ark provides For remote files ark supports URLs using the [remote_file](http://docs.chef.io/resource_remote_file.html) resource. Local files are accessed with the `file://` syntax. +## Maintainers + +This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks. If you’d like to know more please visit [sous-chefs.org](https://sous-chefs.org/) or come chat with us on the Chef Community Slack in [#sous-chefs](https://chefcommunity.slack.com/messages/C2V7B88SF). + ## Requirements ### Platforms @@ -269,29 +277,27 @@ You can also supply the file extension in case the file extension can not be det end ``` -## License & Authors +## Contributors -- Author: Philip (flip) Kromer - Infochimps, Inc([coders@infochimps.com](mailto:coders@infochimps.com)) -- Author: Bryan W. Berry ([bryan.berry@gmail.com](mailto:bryan.berry@gmail.com)) -- Author: Denis Barishev ([denis.barishev@gmail.com](mailto:denis.barishev@gmail.com)) -- Author: Sean OMeara ([someara@chef.io](mailto:someara@chef.io)) -- Author: John Bellone ([jbellone@bloomberg.net](mailto:jbellone@bloomberg.net)) -- Copyright: 2011, Philip (flip) Kromer - Infochimps, Inc -- Copyright: 2012, Bryan W. Berry -- Copyright: 2012, Denis Barishev -- Copyright: 2013-2017, Chef Software, Inc -- Copyright: 2014, Bloomberg L.P. +This project exists thanks to all the people who [contribute.](https://opencollective.com/sous-chefs/contributors.svg?width=890&button=false) -``` -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at +### Backers - http://www.apache.org/licenses/LICENSE-2.0 +Thank you to all our backers! -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -``` +![https://opencollective.com/sous-chefs#backers](https://opencollective.com/sous-chefs/backers.svg?width=600&avatarHeight=40) + +### Sponsors + +Support this project by becoming a sponsor. Your logo will show up here with a link to your website. + +![https://opencollective.com/sous-chefs/sponsor/0/website](https://opencollective.com/sous-chefs/sponsor/0/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/1/website](https://opencollective.com/sous-chefs/sponsor/1/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/2/website](https://opencollective.com/sous-chefs/sponsor/2/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/3/website](https://opencollective.com/sous-chefs/sponsor/3/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/4/website](https://opencollective.com/sous-chefs/sponsor/4/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/5/website](https://opencollective.com/sous-chefs/sponsor/5/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/6/website](https://opencollective.com/sous-chefs/sponsor/6/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/7/website](https://opencollective.com/sous-chefs/sponsor/7/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/8/website](https://opencollective.com/sous-chefs/sponsor/8/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/9/website](https://opencollective.com/sous-chefs/sponsor/9/avatar.svg?avatarHeight=100) diff --git a/cookbooks/ark/attributes/default.rb b/cookbooks/ark/attributes/default.rb index 10b3e01..9804aa5 100644 --- a/cookbooks/ark/attributes/default.rb +++ b/cookbooks/ark/attributes/default.rb @@ -31,7 +31,7 @@ pkgs = %w(libtool autoconf) unless platform_family?('mac_os_x') pkgs += %w(make) unless platform_family?('mac_os_x', 'freebsd') pkgs += %w(unzip rsync gcc) unless platform_family?('mac_os_x') pkgs += %w(autogen) unless platform_family?('rhel', 'fedora', 'mac_os_x', 'suse', 'amazon') -pkgs += %w(gtar) if platform?('freebsd') || platform?('smartos') +pkgs += %w(gtar) if platform?('freebsd', 'smartos') pkgs += %w(gmake) if platform?('freebsd') if platform_family?('rhel', 'suse', 'amazon') if node['platform_version'].to_i >= 7 diff --git a/cookbooks/ark/chefignore b/cookbooks/ark/chefignore new file mode 100644 index 0000000..cc170ea --- /dev/null +++ b/cookbooks/ark/chefignore @@ -0,0 +1,115 @@ +# Put files/directories that should be ignored in this file when uploading +# to a Chef Infra Server or Supermarket. +# Lines that start with '# ' are comments. + +# OS generated files # +###################### +.DS_Store +ehthumbs.db +Icon? +nohup.out +Thumbs.db +.envrc + +# EDITORS # +########### +.#* +.project +.settings +*_flymake +*_flymake.* +*.bak +*.sw[a-z] +*.tmproj +*~ +\#* +REVISION +TAGS* +tmtags +.vscode +.editorconfig + +## COMPILED ## +############## +*.class +*.com +*.dll +*.exe +*.o +*.pyc +*.so +*/rdoc/ +a.out +mkmf.log + +# Testing # +########### +.circleci/* +.codeclimate.yml +.delivery/* +.foodcritic +.kitchen* +.mdlrc +.overcommit.yml +.rspec +.rubocop.yml +.travis.yml +.watchr +.yamllint +azure-pipelines.yml +Dangerfile +examples/* +features/* +Guardfile +kitchen.yml* +mlc_config.json +Procfile +Rakefile +spec/* +test/* + +# SCM # +####### +.git +.gitattributes +.gitconfig +.github/* +.gitignore +.gitkeep +.gitmodules +.svn +*/.bzr/* +*/.git +*/.hg/* +*/.svn/* + +# Berkshelf # +############# +Berksfile +Berksfile.lock +cookbooks/* +tmp + +# Bundler # +########### +vendor/* +Gemfile +Gemfile.lock + +# Policyfile # +############## +Policyfile.rb +Policyfile.lock.json + +# Documentation # +############# +CODE_OF_CONDUCT* +CONTRIBUTING* +documentation/* +TESTING* +UPGRADING* + +# Vagrant # +########### +.vagrant +Vagrantfile diff --git a/cookbooks/ark/kitchen.dokken.yml b/cookbooks/ark/kitchen.dokken.yml new file mode 100644 index 0000000..92656f1 --- /dev/null +++ b/cookbooks/ark/kitchen.dokken.yml @@ -0,0 +1,65 @@ +driver: + name: dokken + privileged: true # because Docker and SystemD + chef_version: <%= ENV['CHEF_VERSION'] || 'current' %> + chef_license: accept-no-persist + +transport: + name: dokken + +provisioner: + name: dokken + +platforms: + - name: amazonlinux-2 + driver: + image: dokken/amazonlinux-2 + pid_one_command: /usr/lib/systemd/systemd + + - name: debian-9 + driver: + image: dokken/debian-9 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: debian-10 + driver: + image: dokken/debian-10 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: centos-7 + driver: + image: dokken/centos-7 + pid_one_command: /usr/lib/systemd/systemd + + - name: centos-8 + driver: + image: dokken/centos-8 + pid_one_command: /usr/lib/systemd/systemd + + - name: fedora-latest + driver: + image: dokken/fedora-latest + pid_one_command: /usr/lib/systemd/systemd + + - name: ubuntu-18.04 + driver: + image: dokken/ubuntu-18.04 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: ubuntu-20.04 + driver: + image: dokken/ubuntu-20.04 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: opensuse-leap-15 + driver: + image: dokken/opensuse-leap-15 + pid_one_command: /bin/systemd diff --git a/cookbooks/ark/kitchen.exec.yml b/cookbooks/ark/kitchen.exec.yml new file mode 100644 index 0000000..980f952 --- /dev/null +++ b/cookbooks/ark/kitchen.exec.yml @@ -0,0 +1,14 @@ +--- +driver: + name: exec + +transport: + name: exec + +provisioner: + name: chef_zero + deprecations_as_errors: true + +platforms: + - name: windows-latest + - name: macos-latest diff --git a/cookbooks/ark/libraries/resource_defaults.rb b/cookbooks/ark/libraries/resource_defaults.rb index 9b5ac76..a3ce9d9 100644 --- a/cookbooks/ark/libraries/resource_defaults.rb +++ b/cookbooks/ark/libraries/resource_defaults.rb @@ -104,7 +104,7 @@ module Ark def wmi_property_from_query(wmi_property, wmi_query) @wmi = ::WIN32OLE.connect('winmgmts://') result = @wmi.ExecQuery(wmi_query) - return nil unless result.each.count > 0 + return unless result.each.count > 0 result.each.next.send(wmi_property) end diff --git a/cookbooks/ark/libraries/sevenzip_command_builder.rb b/cookbooks/ark/libraries/sevenzip_command_builder.rb index 2482ac6..a1fe9da 100644 --- a/cookbooks/ark/libraries/sevenzip_command_builder.rb +++ b/cookbooks/ark/libraries/sevenzip_command_builder.rb @@ -42,7 +42,7 @@ module Ark end def sevenzip_binary - @tar_binary ||= "\"#{(node['ark']['sevenzip_binary'] || sevenzip_path_from_registry)}\"" + @tar_binary ||= "\"#{node['ark']['sevenzip_binary'] || sevenzip_path_from_registry}\"" end def sevenzip_path_from_registry diff --git a/cookbooks/ark/libraries/tar_command_builder.rb b/cookbooks/ark/libraries/tar_command_builder.rb index 291dbb9..19efa34 100644 --- a/cookbooks/ark/libraries/tar_command_builder.rb +++ b/cookbooks/ark/libraries/tar_command_builder.rb @@ -9,7 +9,7 @@ module Ark end def cherry_pick - "#{tar_binary} #{args} #{resource.release_file} -C #{resource.path} #{resource.creates}#{strip_args}" + "#{tar_binary} #{args} #{resource.release_file} -C #{resource.path}#{strip_args} #{resource.creates}" end def initialize(resource) diff --git a/cookbooks/ark/metadata.json b/cookbooks/ark/metadata.json index cdbcc1c..57b8645 100644 --- a/cookbooks/ark/metadata.json +++ b/cookbooks/ark/metadata.json @@ -1 +1,49 @@ -{"name":"ark","version":"5.0.0","description":"Provides a custom resource for installing runtime artifacts in a predictable fashion","long_description":"","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache-2.0","platforms":{"ubuntu":">= 0.0.0","debian":">= 0.0.0","redhat":">= 0.0.0","centos":">= 0.0.0","suse":">= 0.0.0","opensuse":">= 0.0.0","opensuseleap":">= 0.0.0","scientific":">= 0.0.0","oracle":">= 0.0.0","amazon":">= 0.0.0","windows":">= 0.0.0","mac_os_x":">= 0.0.0","smartos":">= 0.0.0","freebsd":">= 0.0.0"},"dependencies":{"seven_zip":">= 0.0.0"},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{},"source_url":"https://github.com/chef-cookbooks/ark","issues_url":"https://github.com/chef-cookbooks/ark/issues","chef_version":[[">= 14.0"]],"ohai_version":[]} \ No newline at end of file +{ + "name": "ark", + "description": "Provides a custom resource for installing runtime artifacts in a predictable fashion", + "long_description": "", + "maintainer": "Sous Chefs", + "maintainer_email": "help@sous-chefs.org", + "license": "Apache-2.0", + "platforms": { + "amazon": ">= 0.0.0", + "centos": ">= 0.0.0", + "debian": ">= 0.0.0", + "freebsd": ">= 0.0.0", + "mac_os_x": ">= 0.0.0", + "opensuse": ">= 0.0.0", + "opensuseleap": ">= 0.0.0", + "oracle": ">= 0.0.0", + "redhat": ">= 0.0.0", + "scientific": ">= 0.0.0", + "smartos": ">= 0.0.0", + "suse": ">= 0.0.0", + "ubuntu": ">= 0.0.0", + "windows": ">= 0.0.0" + }, + "dependencies": { + "seven_zip": ">= 3.1" + }, + "providing": { + + }, + "recipes": { + + }, + "version": "6.0.3", + "source_url": "https://github.com/sous-chefs/ark", + "issues_url": "https://github.com/sous-chefs/ark/issues", + "privacy": false, + "chef_versions": [ + [ + ">= 15.3" + ] + ], + "ohai_versions": [ + + ], + "gems": [ + + ], + "eager_load_libraries": true +} diff --git a/cookbooks/ark/metadata.rb b/cookbooks/ark/metadata.rb index 1f4bb50..3349b01 100644 --- a/cookbooks/ark/metadata.rb +++ b/cookbooks/ark/metadata.rb @@ -1,16 +1,26 @@ -name 'ark' -maintainer 'Chef Software, Inc.' -maintainer_email 'cookbooks@chef.io' -license 'Apache-2.0' -description 'Provides a custom resource for installing runtime artifacts in a predictable fashion' -version '5.0.0' +name 'ark' +maintainer 'Sous Chefs' +maintainer_email 'help@sous-chefs.org' +license 'Apache-2.0' +description 'Provides a custom resource for installing runtime artifacts in a predictable fashion' +version '6.0.3' +source_url 'https://github.com/sous-chefs/ark' +issues_url 'https://github.com/sous-chefs/ark/issues' +chef_version '>= 15.3' -%w(ubuntu debian redhat centos suse opensuse opensuseleap scientific oracle amazon windows mac_os_x smartos freebsd).each do |os| - supports os -end +supports 'amazon' +supports 'centos' +supports 'debian' +supports 'freebsd' +supports 'mac_os_x' +supports 'opensuse' +supports 'opensuseleap' +supports 'oracle' +supports 'redhat' +supports 'scientific' +supports 'smartos' +supports 'suse' +supports 'ubuntu' +supports 'windows' -depends 'seven_zip' # for windows os - -source_url 'https://github.com/chef-cookbooks/ark' -issues_url 'https://github.com/chef-cookbooks/ark/issues' -chef_version '>= 14.0' +depends 'seven_zip', '>= 3.1' # for windows os diff --git a/cookbooks/ark/recipes/default.rb b/cookbooks/ark/recipes/default.rb index cd3d43a..6a39413 100644 --- a/cookbooks/ark/recipes/default.rb +++ b/cookbooks/ark/recipes/default.rb @@ -20,4 +20,4 @@ package node['ark']['package_dependencies'] unless platform_family?('windows', 'mac_os_x') -include_recipe 'seven_zip' if platform_family?('windows') +seven_zip_tool 'ark' if platform_family?('windows') diff --git a/cookbooks/ark/resources/default.rb b/cookbooks/ark/resources/default.rb index 1551df2..262a535 100644 --- a/cookbooks/ark/resources/default.rb +++ b/cookbooks/ark/resources/default.rb @@ -25,7 +25,7 @@ property :url, String, required: true property :path, String property :full_path, String property :append_env_path, [true, false], default: false -property :checksum, regex: /^[a-zA-Z0-9]{64}$/, default: nil +property :checksum, String, regex: /^[a-zA-Z0-9]{64}$/ property :has_binaries, Array, default: [] property :creates, String property :release_file, String, default: '' @@ -46,6 +46,8 @@ property :autoconf_opts, Array, default: [] property :extension, String property :backup, [FalseClass, Integer], default: 5 +unified_mode true + ################# # action :install ################# @@ -105,6 +107,9 @@ action :install do to new_resource.path end + # This directory doesn't exist by default on MacOS + directory '/etc/profile.d' if platform_family?('mac_os_x') + # Add to path for interactive bash sessions template "/etc/profile.d/#{new_resource.name}.sh" do cookbook 'ark' diff --git a/cookbooks/golang/CHANGELOG.md b/cookbooks/golang/CHANGELOG.md index 0313261..97d8220 100644 --- a/cookbooks/golang/CHANGELOG.md +++ b/cookbooks/golang/CHANGELOG.md @@ -2,6 +2,36 @@ This file is used to list changes made in each version of golang. +## 5.3.1 - *2021-08-30* + +- Standardise files with files in sous-chefs/repo-management + +## 5.3.0 - *2021-07-15* + +- Fix `unified_mode` declaration +- Bump `ark` dependency to one with `unified_mode` set + +## 5.2.0 - *2021-06-04* + +- Update example package to adhere with modern Go standards + +## 5.1.0 - *2021-06-03* + +- Fix resource to use the correct path in GOPATH profile.d template + +## 5.0.1 - *2021-06-01* + +- Standardise files with files in sous-chefs/repo-management + +## 5.0.0 - *2021-05-21* + +- Require chef 15.3 or greater +- Use unified_mode for chef 17 support + +## 4.1.1 - *2021-02-03* + +- Use `node['golang']['scm']` and `node['golang']['scm_packages']` attributes in default recipe. + ## 4.1.0 - Create a custom resource to install Go from source or by downloading a package diff --git a/cookbooks/golang/CONTRIBUTING.md b/cookbooks/golang/CONTRIBUTING.md deleted file mode 100644 index a946aea..0000000 --- a/cookbooks/golang/CONTRIBUTING.md +++ /dev/null @@ -1,4 +0,0 @@ -# Contributing - -Please refer to -[https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD) diff --git a/cookbooks/golang/LICENSE b/cookbooks/golang/LICENSE new file mode 100644 index 0000000..1b22bef --- /dev/null +++ b/cookbooks/golang/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. \ No newline at end of file diff --git a/cookbooks/golang/chefignore b/cookbooks/golang/chefignore new file mode 100644 index 0000000..cc170ea --- /dev/null +++ b/cookbooks/golang/chefignore @@ -0,0 +1,115 @@ +# Put files/directories that should be ignored in this file when uploading +# to a Chef Infra Server or Supermarket. +# Lines that start with '# ' are comments. + +# OS generated files # +###################### +.DS_Store +ehthumbs.db +Icon? +nohup.out +Thumbs.db +.envrc + +# EDITORS # +########### +.#* +.project +.settings +*_flymake +*_flymake.* +*.bak +*.sw[a-z] +*.tmproj +*~ +\#* +REVISION +TAGS* +tmtags +.vscode +.editorconfig + +## COMPILED ## +############## +*.class +*.com +*.dll +*.exe +*.o +*.pyc +*.so +*/rdoc/ +a.out +mkmf.log + +# Testing # +########### +.circleci/* +.codeclimate.yml +.delivery/* +.foodcritic +.kitchen* +.mdlrc +.overcommit.yml +.rspec +.rubocop.yml +.travis.yml +.watchr +.yamllint +azure-pipelines.yml +Dangerfile +examples/* +features/* +Guardfile +kitchen.yml* +mlc_config.json +Procfile +Rakefile +spec/* +test/* + +# SCM # +####### +.git +.gitattributes +.gitconfig +.github/* +.gitignore +.gitkeep +.gitmodules +.svn +*/.bzr/* +*/.git +*/.hg/* +*/.svn/* + +# Berkshelf # +############# +Berksfile +Berksfile.lock +cookbooks/* +tmp + +# Bundler # +########### +vendor/* +Gemfile +Gemfile.lock + +# Policyfile # +############## +Policyfile.rb +Policyfile.lock.json + +# Documentation # +############# +CODE_OF_CONDUCT* +CONTRIBUTING* +documentation/* +TESTING* +UPGRADING* + +# Vagrant # +########### +.vagrant +Vagrantfile diff --git a/cookbooks/golang/kitchen.dokken.yml b/cookbooks/golang/kitchen.dokken.yml new file mode 100644 index 0000000..0d0f144 --- /dev/null +++ b/cookbooks/golang/kitchen.dokken.yml @@ -0,0 +1,55 @@ +--- +driver: + name: dokken + privileged: true + +transport: + name: dokken + +provisioner: + name: dokken + product_name: chef + product_version: <%= ENV['CHEF_VERSION'] || 'latest' %> + chef_license: accept-no-persist + install_strategy: once + +platforms: + - name: debian-9 + driver: + image: dokken/debian-9 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: debian-10 + driver: + image: dokken/debian-10 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: centos-7 + driver: + image: dokken/centos-7 + platform: rhel + pid_one_command: /usr/lib/systemd/systemd + + - name: centos-8 + driver: + image: dokken/centos-8 + platform: rhel + pid_one_command: /usr/lib/systemd/systemd + + - name: ubuntu-18.04 + driver: + image: dokken/ubuntu-18.04 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: ubuntu-20.04 + driver: + image: dokken/ubuntu-18.04 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update diff --git a/cookbooks/golang/metadata.json b/cookbooks/golang/metadata.json index 2c1c376..81185e6 100644 --- a/cookbooks/golang/metadata.json +++ b/cookbooks/golang/metadata.json @@ -1 +1,43 @@ -{"name":"golang","version":"4.1.0","description":"Installs go programming language","long_description":"","maintainer":"Sous Chefs","maintainer_email":"help@sous-chefs.org","license":"Apache-2.0","platforms":{"debian":">= 0.0.0","ubuntu":">= 0.0.0","redhat":">= 0.0.0","centos":">= 0.0.0","fedora":">= 0.0.0","amazon":">= 0.0.0","scientific":">= 0.0.0","oracle":">= 0.0.0"},"dependencies":{"ark":"~> 5.0"},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{},"source_url":"https://github.com/sous-chefs/golang","issues_url":"https://github.com/sous-chefs/golang/issues","chef_version":[[">= 14.0"]],"ohai_version":[]} \ No newline at end of file +{ + "name": "golang", + "description": "Installs go programming language", + "long_description": "", + "maintainer": "Sous Chefs", + "maintainer_email": "help@sous-chefs.org", + "license": "Apache-2.0", + "platforms": { + "debian": ">= 0.0.0", + "ubuntu": ">= 0.0.0", + "redhat": ">= 0.0.0", + "centos": ">= 0.0.0", + "fedora": ">= 0.0.0", + "amazon": ">= 0.0.0", + "scientific": ">= 0.0.0", + "oracle": ">= 0.0.0" + }, + "dependencies": { + "ark": ">= 6.0" + }, + "providing": { + + }, + "recipes": { + + }, + "version": "5.3.1", + "source_url": "https://github.com/sous-chefs/golang", + "issues_url": "https://github.com/sous-chefs/golang/issues", + "privacy": false, + "chef_versions": [ + [ + ">= 15.3" + ] + ], + "ohai_versions": [ + + ], + "gems": [ + + ], + "eager_load_libraries": true +} diff --git a/cookbooks/golang/metadata.rb b/cookbooks/golang/metadata.rb index 81e6bbb..5021107 100644 --- a/cookbooks/golang/metadata.rb +++ b/cookbooks/golang/metadata.rb @@ -5,8 +5,8 @@ license 'Apache-2.0' description 'Installs go programming language' source_url 'https://github.com/sous-chefs/golang' issues_url 'https://github.com/sous-chefs/golang/issues' -chef_version '>= 14.0' -version '4.1.0' +chef_version '>= 15.3' +version '5.3.1' supports 'debian' supports 'ubuntu' @@ -17,4 +17,4 @@ supports 'amazon' supports 'scientific' supports 'oracle' -depends 'ark', '~> 5.0' +depends 'ark', '>= 6.0' diff --git a/cookbooks/golang/recipes/default.rb b/cookbooks/golang/recipes/default.rb index 91cec2d..3fd64cc 100644 --- a/cookbooks/golang/recipes/default.rb +++ b/cookbooks/golang/recipes/default.rb @@ -2,7 +2,7 @@ # Cookbook:: golang # Recipe:: default # -# Copyright:: 2013, Alexander Rozhnov +# Copyright:: 2013-2021, Alexander Rozhnov # # Licensed under the Apache License, Version 2.0 (the "License"); you may not # use this file except in compliance with the License. You may obtain a copy @@ -21,6 +21,8 @@ golang 'Install go' do from_source node['golang']['from_source'] version node['golang']['version'] if node['golang']['version'] # go version source_version node['golang']['source_version'] if node['golang']['source_version'] # go version from source + scm node['golang']['scm'] + scm_packages node['golang']['scm_packages'] owner node['golang']['owner'] if node['golang']['owner'] group node['golang']['group'] if node['golang']['group'] end diff --git a/cookbooks/golang/resources/default.rb b/cookbooks/golang/resources/default.rb index 64c4d77..f3ad66d 100644 --- a/cookbooks/golang/resources/default.rb +++ b/cookbooks/golang/resources/default.rb @@ -2,7 +2,7 @@ # Cookbook:: golang # Resource:: default # -# Copyright:: 2020, Sous-chefs +# Copyright:: 2020-2021, Sous-chefs # # Licensed under the Apache License, Version 2.0 (the "License"); you may not # use this file except in compliance with the License. You may obtain a copy @@ -17,6 +17,8 @@ # under the License. # +unified_mode true + # Install golang by compiling from source property :from_source, [true, false], default: false @@ -99,7 +101,7 @@ action :install do source 'golang.sh.erb' mode new_resource.directory_mode variables gobin: new_resource.gobin, - gopath: new_resource.gobin, + gopath: new_resource.gopath, install_dir: new_resource.install_dir end diff --git a/cookbooks/golang/resources/package.rb b/cookbooks/golang/resources/package.rb index 4090444..8ef4e71 100644 --- a/cookbooks/golang/resources/package.rb +++ b/cookbooks/golang/resources/package.rb @@ -2,6 +2,22 @@ # Cookbook:: golang # Resource:: default # +# Copyright:: 2020-2021, Sous-chefs +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy +# of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +unified_mode true default_action :install diff --git a/cookbooks/mingw/CHANGELOG.md b/cookbooks/mingw/CHANGELOG.md index a1671ec..7235bbc 100644 --- a/cookbooks/mingw/CHANGELOG.md +++ b/cookbooks/mingw/CHANGELOG.md @@ -2,6 +2,19 @@ This file is used to list changes made in each version of the mingw cookbook. +## 2.1.3 - *2021-08-31* + +- Standardise files with files in sous-chefs/repo-management + +## 2.1.1 (2020-06-02) + +- Resolve cookstyle 5.8 warnings - [@tas50](https://github.com/tas50) +- Require Chef 12.15+ - [@tas50](https://github.com/tas50) +- Fix compatibility with Chef Infra Client 16 - [@xorimabot](https://github.com/xorimabot) + - resolved cookstyle error: resources/get.rb:26:1 warning: `ChefDeprecations/ResourceUsesOnlyResourceName` + - resolved cookstyle error: resources/msys2_package.rb:31:1 warning: `ChefDeprecations/ResourceUsesOnlyResourceName` + - resolved cookstyle error: resources/tdm_gcc.rb:26:1 warning: `ChefDeprecations/ResourceUsesOnlyResourceName` + ## 2.1.0 (2018-07-24) - refactor msys2 package source and checksum to attributes diff --git a/cookbooks/mingw/CONTRIBUTING.md b/cookbooks/mingw/CONTRIBUTING.md deleted file mode 100644 index ef2f2b8..0000000 --- a/cookbooks/mingw/CONTRIBUTING.md +++ /dev/null @@ -1,2 +0,0 @@ -Please refer to -https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD diff --git a/cookbooks/mingw/LICENSE b/cookbooks/mingw/LICENSE new file mode 100644 index 0000000..8f71f43 --- /dev/null +++ b/cookbooks/mingw/LICENSE @@ -0,0 +1,202 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/cookbooks/mingw/README.md b/cookbooks/mingw/README.md index 16da102..477040c 100644 --- a/cookbooks/mingw/README.md +++ b/cookbooks/mingw/README.md @@ -12,7 +12,7 @@ Installs a mingw/msys based compiler tools chain on windows. This is required fo ### Chef -- Chef 12.5+ +- Chef 12.15+ ### Cookbooks diff --git a/cookbooks/mingw/chefignore b/cookbooks/mingw/chefignore new file mode 100644 index 0000000..cc170ea --- /dev/null +++ b/cookbooks/mingw/chefignore @@ -0,0 +1,115 @@ +# Put files/directories that should be ignored in this file when uploading +# to a Chef Infra Server or Supermarket. +# Lines that start with '# ' are comments. + +# OS generated files # +###################### +.DS_Store +ehthumbs.db +Icon? +nohup.out +Thumbs.db +.envrc + +# EDITORS # +########### +.#* +.project +.settings +*_flymake +*_flymake.* +*.bak +*.sw[a-z] +*.tmproj +*~ +\#* +REVISION +TAGS* +tmtags +.vscode +.editorconfig + +## COMPILED ## +############## +*.class +*.com +*.dll +*.exe +*.o +*.pyc +*.so +*/rdoc/ +a.out +mkmf.log + +# Testing # +########### +.circleci/* +.codeclimate.yml +.delivery/* +.foodcritic +.kitchen* +.mdlrc +.overcommit.yml +.rspec +.rubocop.yml +.travis.yml +.watchr +.yamllint +azure-pipelines.yml +Dangerfile +examples/* +features/* +Guardfile +kitchen.yml* +mlc_config.json +Procfile +Rakefile +spec/* +test/* + +# SCM # +####### +.git +.gitattributes +.gitconfig +.github/* +.gitignore +.gitkeep +.gitmodules +.svn +*/.bzr/* +*/.git +*/.hg/* +*/.svn/* + +# Berkshelf # +############# +Berksfile +Berksfile.lock +cookbooks/* +tmp + +# Bundler # +########### +vendor/* +Gemfile +Gemfile.lock + +# Policyfile # +############## +Policyfile.rb +Policyfile.lock.json + +# Documentation # +############# +CODE_OF_CONDUCT* +CONTRIBUTING* +documentation/* +TESTING* +UPGRADING* + +# Vagrant # +########### +.vagrant +Vagrantfile diff --git a/cookbooks/mingw/libraries/_helper.rb b/cookbooks/mingw/libraries/_helper.rb index 4a90fa4..662faa2 100644 --- a/cookbooks/mingw/libraries/_helper.rb +++ b/cookbooks/mingw/libraries/_helper.rb @@ -2,7 +2,7 @@ # Cookbook:: mingw # Library:: _helper # -# Copyright:: 2016, Chef Software, Inc. +# Copyright:: 2016-2019, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -35,4 +35,4 @@ module Mingw end end -Chef::Resource.send(:include, Mingw::Helper) +Chef::Resource.include Mingw::Helper diff --git a/cookbooks/mingw/metadata.json b/cookbooks/mingw/metadata.json index b2cccf0..0d39c3b 100644 --- a/cookbooks/mingw/metadata.json +++ b/cookbooks/mingw/metadata.json @@ -1 +1,36 @@ -{"name":"mingw","version":"2.1.0","description":"Installs a mingw/msys based toolchain on windows","long_description":"# mingw Cookbook\n\n[![Cookbook Version](http://img.shields.io/cookbook/v/mingw.svg)][cookbook] [![Build Status](http://img.shields.io/travis/chef-cookbooks/mingw.svg?branch=master)][travis]\n\nInstalls a mingw/msys based compiler tools chain on windows. This is required for compiling C software from source.\n\n## Requirements\n\n### Platforms\n\n- Windows\n\n### Chef\n\n- Chef 12.5+\n\n### Cookbooks\n\n- seven_zip\n\n## Usage\n\nAdd this cookbook as a dependency to your cookbook in its `metadata.rb` and include the default recipe in one of your recipes.\n\n```ruby\n# metadata.rb\ndepends 'mingw'\n```\n\n```ruby\n# your recipe.rb\ninclude_recipe 'mingw::default'\n```\n\nUse the `msys2_package` resource in any recipe to fetch msys2 based packages. Use the `mingw_get` resource in any recipe to fetch mingw packages. Use the `mingw_tdm_gcc` resource to fetch a version of the TDM GCC compiler.\n\nBy default, you should prefer the msys2 packages as they are newer and better supported. C/C++ compilers on windows use various different exception formats and you need to pick the right one for your task. In the 32-bit world, you have SJLJ (set-jump/long-jump) based exception handling and DWARF-2 (shortened to DW2) based exception handling. SJLJ produces code that can happily throw exceptions across stack frames of code compiled by MSVC. DW2 involves more extensive metadata but produces code that cannot unwind MSVC generated stack-frames - hence you need to ensure that you don't have any code that throws across a \"system call\". Certain languages and runtimes have specific requirements as to the exception format supported. As an example, if you are building code for Rust, you will probably need a modern gcc from msys2 with DW2 support as that's what the panic/exception formatter in Rust depends on. In a 64-bit world, you may still use SJLJ but compilers all commonly support SEH (structured exception handling).\n\nOf course, to further complicate matters, different versions of different compilers support different exception handling. The default compilers that come with mingw_get are 32-bit only compilers and support DW2\\. The TDM compilers come in 3 flavors: a 32-bit only version with SJLJ support, a 32-bit only version with DW2 support and a \"multilib\" compiler which supports only SJLJ in 32-bit mode but can produce 64-bit SEH code. The standard library support varies drastically between these various compiler flavors (even within the same version). In msys2, you can install a mingw-w64 based compilers for either 32-bit DW2 support or 64-bit SEH support. If all this hurts your brain, I can only apologize.\n\n## Resources\n\n### msys2_package\n\n- ':install' - Installs an msys2 package using pacman.\n- ':remove' - Uninstalls any existing msys2 package.\n- ':upgrade' - Upgrades the specified package using pacman.\n\nAll options also automatically attempt to install a 64-bit based msys2 base file system at the root path specified. Note that you probably won't need a \"32-bit\" msys2 unless you are actually on a 32-bit only platform. You can still install both 32 and 64-bit compilers and libraries in a 64-bit msys2 base file system.\n\n#### Attributes\n\n- `node['msys2']['url']` - overrides the url from which to download the package.\n- `node['msys2']['checksum']` - overrides the checksum used to verify the downloaded package.\n\n#### Parameters\n\n- `package` - An msys2 pacman package (or meta-package) to fetch and install. You may use a legal package wild-card pattern here if you are installing. This is the name attribute.\n- `root` - The root directory where msys2 tools will be installed. This directory must not contain any spaces in order to pacify old posix tools and most Makefiles.\n\n#### Examples\n\nTo get the core msys2 developer tools in `C:\\msys2`\n\n```ruby\nmsys2_package 'base-devel' do\n root 'C:\\msys2'\nend\n```\n\n### mingw_get\n\n#### Actions\n\n- `:install` - Installs a mingw package from sourceforge using mingw-get.exe.\n- `:remove` - Uninstalls a mingw package.\n- `:upgrade` - Upgrades a mingw package (even to a lower version).\n\n#### Parameters\n\n- `package` - A mingw-get package (or meta-package) to fetch and install. You may use a legal package wild-card pattern here if you are installing. This is the name attribute.\n- `root` - The root directory where msys and mingw tools will be installed. This directory must not contain any spaces in order to pacify old posix tools and most Makefiles.\n\n#### Examples\n\nTo get the core msys developer tools in `C:\\mingw32`\n\n```ruby\nmingw_get 'msys-base=2013072300-msys-bin.meta' do\n root 'C:\\mingw32'\nend\n```\n\n### mingw_tdm_gcc\n\n#### Actions\n\n- `:install` - Installs the TDM compiler toolchain at the given path. This only gives you a compiler. If you need any support tooling such as make/grep/awk/bash etc., see `mingw_get`.\n\n#### Parameters\n\n- `flavor` - Either `:sjlj_32` or `:seh_sjlj_64`. TDM-64 is a 32/64-bit multi-lib \"cross-compiler\" toolchain that builds 64-bit by default. It uses structured exception handling (SEH) in 64-bit code and setjump-longjump exception handling (SJLJ) in 32-bit code. TDM-32 only builds 32-bit binaries and uses SJLJ.\n- `root` - The root directory where compiler tools and runtime will be installed. This directory must not contain any spaces in order to pacify old posix tools and most Makefiles.\n- `version` - The version of the compiler to fetch and install. This is the name attribute. Currently, '5.1.0' is supported.\n\n#### Examples\n\nTo get the 32-bit TDM GCC compiler in `C:\\mingw32`\n\n```ruby\nmingw_tdm_gcc '5.1.0' do\n flavor :sjlj_32\n root 'C:\\mingw32'\nend\n```\n\n## License & Authors\n\n**Author:** Cookbook Engineering Team ([cookbooks@chef.io](mailto:cookbooks@chef.io))\n\n**Copyright:** 2009-2016, Chef Software, Inc.\n\n```\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n\n[cookbook]: https://supermarket.chef.io/cookbooks/mingw\n[travis]: http://travis-ci.org/chef-cookbooks/mingw\n","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache-2.0","platforms":{"windows":">= 0.0.0"},"dependencies":{"seven_zip":">= 0.0.0"},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{},"source_url":"https://github.com/chef-cookbooks/mingw","issues_url":"https://github.com/chef-cookbooks/mingw/issues","chef_version":[[">= 12.5"]],"ohai_version":[]} \ No newline at end of file +{ + "name": "mingw", + "description": "Installs a mingw/msys based toolchain on windows", + "long_description": "", + "maintainer": "Chef Software, Inc.", + "maintainer_email": "cookbooks@chef.io", + "license": "Apache-2.0", + "platforms": { + "windows": ">= 0.0.0" + }, + "dependencies": { + "seven_zip": ">= 0.0.0" + }, + "providing": { + + }, + "recipes": { + + }, + "version": "2.1.3", + "source_url": "https://github.com/chef-cookbooks/mingw", + "issues_url": "https://github.com/chef-cookbooks/mingw/issues", + "privacy": false, + "chef_versions": [ + [ + ">= 12.15" + ] + ], + "ohai_versions": [ + + ], + "gems": [ + + ], + "eager_load_libraries": true +} diff --git a/cookbooks/mingw/metadata.rb b/cookbooks/mingw/metadata.rb new file mode 100644 index 0000000..4df13cd --- /dev/null +++ b/cookbooks/mingw/metadata.rb @@ -0,0 +1,14 @@ +name 'mingw' +maintainer 'Chef Software, Inc.' +maintainer_email 'cookbooks@chef.io' +license 'Apache-2.0' +description 'Installs a mingw/msys based toolchain on windows' +version '2.1.3' + +supports 'windows' + +depends 'seven_zip' + +source_url 'https://github.com/chef-cookbooks/mingw' +issues_url 'https://github.com/chef-cookbooks/mingw/issues' +chef_version '>= 12.15' diff --git a/cookbooks/mingw/recipes/default.rb b/cookbooks/mingw/recipes/default.rb index 33426f0..a766653 100644 --- a/cookbooks/mingw/recipes/default.rb +++ b/cookbooks/mingw/recipes/default.rb @@ -2,7 +2,7 @@ # Cookbook:: mingw # Recipe:: default # -# Copyright:: 2016, Chef Software, Inc. +# Copyright:: 2016-2019, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/cookbooks/mingw/resources/get.rb b/cookbooks/mingw/resources/get.rb index bd77efe..a102b0e 100644 --- a/cookbooks/mingw/resources/get.rb +++ b/cookbooks/mingw/resources/get.rb @@ -2,7 +2,7 @@ # Cookbook:: mingw # Resource:: get # -# Copyright:: 2016, Chef Software, Inc. +# Copyright:: 2016-2019, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,8 +23,6 @@ property :package, String, name_property: true property :root, String, required: true -resource_name :mingw_get - action_class do def mingw_do_action(action_cmd) seven_zip_archive "fetching mingw-get to #{win_friendly_path(root)}" do diff --git a/cookbooks/mingw/resources/msys2_package.rb b/cookbooks/mingw/resources/msys2_package.rb index ddad055..f4a5c0b 100644 --- a/cookbooks/mingw/resources/msys2_package.rb +++ b/cookbooks/mingw/resources/msys2_package.rb @@ -2,7 +2,7 @@ # Cookbook:: mingw # Resource:: msys2_package # -# Copyright:: 2016, Chef Software, Inc. +# Copyright:: 2016-2019, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,16 +19,16 @@ # Installs msys2 base system and installs/upgrades packages within in. # -# Where's the version flag? Where's idempotence you say? Well f*** you -# for trying to version your product. This is arch. They live on the edge. -# You never get anything but the latest version. And if that's broken... -# well that's your problem isn't it? And they don't believe in preserving -# older versions. Good luck! +# Where's the version flag? Where's idempotence you say? Well f*** you +# for trying to version your product. This is arch. They live on the edge. +# You never get anything but the latest version. And if that's broken... +# well that's your problem isn't it? And they don't believe in preserving +# older versions. Good luck! property :package, String, name_property: true property :root, String, required: true -resource_name :msys2_package +provides :msys2_package action_class do # @@ -97,7 +97,7 @@ action_class do cookbook 'mingw' end - # $HOME is using files from /etc/skel. The home-directory creation step + # $HOME is using files from /etc/skel. The home-directory creation step # will automatically be performed if other users log in - so if you wish # to globally modify user first time setup, edit /etc/skel or add # "post-setup" steps to /etc/post-install/ @@ -125,10 +125,10 @@ action :install do msys2_do_action("installing #{package}", "pacman -S --needed --noconfirm #{package}") end -# Package name is ignored. This is arch. Why would you ever upgrade a single -# package and its deps? That'll just break everything else that ever depended -# on a different version of that dep. Because arch is wonderful like that. -# So you only get the choice to move everything to latest or not... it's the +# Package name is ignored. This is arch. Why would you ever upgrade a single +# package and its deps? That'll just break everything else that ever depended +# on a different version of that dep. Because arch is wonderful like that. +# So you only get the choice to move everything to latest or not... it's the # most agile development possible! action :upgrade do msys2_do_action("upgrading #{package}", "pacman -Syu --noconfirm #{package}") diff --git a/cookbooks/mingw/resources/tdm_gcc.rb b/cookbooks/mingw/resources/tdm_gcc.rb index 085eee3..c30a70c 100644 --- a/cookbooks/mingw/resources/tdm_gcc.rb +++ b/cookbooks/mingw/resources/tdm_gcc.rb @@ -2,7 +2,7 @@ # Cookbook:: mingw # Resource:: tdm_gcc # -# Copyright:: 2016, Chef Software, Inc. +# Copyright:: 2016-2019, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,8 +23,6 @@ property :flavor, Symbol, is: [:sjlj_32, :seh_sjlj_64], default: :seh_sjlj_64 property :root, String, required: true property :version, String, is: ['5.1.0'], name_property: true -resource_name :mingw_tdm_gcc - tdm_gcc_64 = { 'http://iweb.dl.sourceforge.net/project/tdm-gcc/TDM-GCC%205%20series/5.1.0-tdm64-1/gcc-5.1.0-tdm64-1-core.tar.lzma' => '29393aac890847089ad1e93f81a28f6744b1609c00b25afca818f3903e42e4bd', diff --git a/cookbooks/mysql/CHANGELOG.md b/cookbooks/mysql/CHANGELOG.md index 2296313..8c7c3b6 100644 --- a/cookbooks/mysql/CHANGELOG.md +++ b/cookbooks/mysql/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## 8.7.4 - 2020-09-16 + +- resolved cookstyle error: spec/mysql_client_installation_package_spec.rb:4:48 warning: `ChefDeprecations/DeprecatedChefSpecPlatform` +- resolved cookstyle error: spec/mysql_server_installation_package_spec.rb:4:48 warning: `ChefDeprecations/DeprecatedChefSpecPlatform` +- Use mysql_test cookbook attributes for testing +- Cookstyle Bot Auto Corrections with Cookstyle 6.17.6 + ## 8.7.3 - 2020-07-22 - restore resource_name in mysql_service for Chef Infra Client < 16 diff --git a/cookbooks/mysql/libraries/helpers.rb b/cookbooks/mysql/libraries/helpers.rb index ac2340b..61435fc 100644 --- a/cookbooks/mysql/libraries/helpers.rb +++ b/cookbooks/mysql/libraries/helpers.rb @@ -3,48 +3,48 @@ module MysqlCookbook require 'shellwords' def el6? - return true if node['platform_family'] == 'rhel' && node['platform_version'].to_i == 6 + return true if platform_family?('rhel') && node['platform_version'].to_i == 6 false end def el7? - return true if node['platform_family'] == 'rhel' && node['platform_version'].to_i == 7 + return true if platform_family?('rhel') && node['platform_version'].to_i == 7 false end def fedora? - return true if node['platform_family'] == 'fedora' + return true if platform_family?('fedora') false end def suse? - return true if node['platform_family'] == 'suse' + return true if platform_family?('suse') false end def jessie? - return true if node['platform'] == 'debian' && node['platform_version'].to_i == 8 + return true if platform?('debian') && node['platform_version'].to_i == 8 false end def stretch? - return true if node['platform'] == 'debian' && node['platform_version'].to_i == 9 + return true if platform?('debian') && node['platform_version'].to_i == 9 false end def trusty? - return true if node['platform'] == 'ubuntu' && node['platform_version'] == '14.04' - return true if node['platform'] == 'linuxmint' && node['platform_version'] =~ /^17\.[0-9]$/ + return true if platform?('ubuntu') && node['platform_version'] == '14.04' + return true if platform?('linuxmint') && node['platform_version'] =~ /^17\.[0-9]$/ false end def xenial? - return true if node['platform'] == 'ubuntu' && node['platform_version'] == '16.04' + return true if platform?('ubuntu') && node['platform_version'] == '16.04' false end def bionic? - return true if node['platform'] == 'ubuntu' && node['platform_version'] == '18.04' + return true if platform?('ubuntu') && node['platform_version'] == '18.04' false end @@ -70,7 +70,7 @@ module MysqlCookbook # rhelish return '5.6' if el6? return '5.6' if el7? - return '5.6' if node['platform'] == 'amazon' + return '5.6' if platform?('amazon') # debian return '5.5' if jessie? @@ -81,7 +81,7 @@ module MysqlCookbook return '5.7' if bionic? # misc - return '5.6' if node['platform'] == 'freebsd' + return '5.6' if platform?('freebsd') return '5.7' if fedora? return '5.6' if suse? end @@ -105,25 +105,25 @@ module MysqlCookbook def default_client_package_name return %w(mysql mysql-devel) if major_version == '5.1' && el6? return %w(mysql mysql-devel) if el7? - return ['mysql55', 'mysql55-devel.x86_64'] if major_version == '5.5' && node['platform'] == 'amazon' - return ['mysql56', 'mysql56-devel.x86_64'] if major_version == '5.6' && node['platform'] == 'amazon' - return ['mysql57', 'mysql57-devel.x86_64'] if major_version == '5.7' && node['platform'] == 'amazon' - return ['mysql-client-5.5', 'libmysqlclient-dev'] if major_version == '5.5' && node['platform_family'] == 'debian' - return ['mysql-client-5.6', 'libmysqlclient-dev'] if major_version == '5.6' && node['platform_family'] == 'debian' - return ['mysql-client-5.7', 'libmysqlclient-dev'] if major_version == '5.7' && node['platform_family'] == 'debian' - return 'mysql-community-server-client' if major_version == '5.6' && node['platform_family'] == 'suse' + return ['mysql55', 'mysql55-devel.x86_64'] if major_version == '5.5' && platform?('amazon') + return ['mysql56', 'mysql56-devel.x86_64'] if major_version == '5.6' && platform?('amazon') + return ['mysql57', 'mysql57-devel.x86_64'] if major_version == '5.7' && platform?('amazon') + return ['mysql-client-5.5', 'libmysqlclient-dev'] if major_version == '5.5' && platform_family?('debian') + return ['mysql-client-5.6', 'libmysqlclient-dev'] if major_version == '5.6' && platform_family?('debian') + return ['mysql-client-5.7', 'libmysqlclient-dev'] if major_version == '5.7' && platform_family?('debian') + return 'mysql-community-server-client' if major_version == '5.6' && platform_family?('suse') %w(mysql-community-client mysql-community-devel) end def default_server_package_name return 'mysql-server' if major_version == '5.1' && el6? - return 'mysql55-server' if major_version == '5.5' && node['platform'] == 'amazon' - return 'mysql56-server' if major_version == '5.6' && node['platform'] == 'amazon' - return 'mysql57-server' if major_version == '5.7' && node['platform'] == 'amazon' - return 'mysql-server-5.5' if major_version == '5.5' && node['platform_family'] == 'debian' - return 'mysql-server-5.6' if major_version == '5.6' && node['platform_family'] == 'debian' - return 'mysql-server-5.7' if major_version == '5.7' && node['platform_family'] == 'debian' - return 'mysql-community-server' if major_version == '5.6' && node['platform_family'] == 'suse' + return 'mysql55-server' if major_version == '5.5' && platform?('amazon') + return 'mysql56-server' if major_version == '5.6' && platform?('amazon') + return 'mysql57-server' if major_version == '5.7' && platform?('amazon') + return 'mysql-server-5.5' if major_version == '5.5' && platform_family?('debian') + return 'mysql-server-5.6' if major_version == '5.6' && platform_family?('debian') + return 'mysql-server-5.7' if major_version == '5.7' && platform_family?('debian') + return 'mysql-community-server' if major_version == '5.6' && platform_family?('suse') 'mysql-community-server' end @@ -132,33 +132,33 @@ module MysqlCookbook end def run_dir - return "#{prefix_dir}/var/run/#{mysql_name}" if node['platform_family'] == 'rhel' - return "/run/#{mysql_name}" if node['platform_family'] == 'debian' + return "#{prefix_dir}/var/run/#{mysql_name}" if platform_family?('rhel') + return "/run/#{mysql_name}" if platform_family?('debian') "/var/run/#{mysql_name}" end def prefix_dir - return "/opt/mysql#{pkg_ver_string}" if node['platform_family'] == 'omnios' - return '/opt/local' if node['platform_family'] == 'smartos' + return "/opt/mysql#{pkg_ver_string}" if platform_family?('omnios') + return '/opt/local' if platform_family?('smartos') return "/opt/rh/#{scl_name}/root" if scl_package? end def scl_name - return unless node['platform_family'] == 'rhel' + return unless platform_family?('rhel') return 'mysql51' if version == '5.1' && node['platform_version'].to_i == 5 return 'mysql55' if version == '5.5' && node['platform_version'].to_i == 5 end def scl_package? - return unless node['platform_family'] == 'rhel' + return unless platform_family?('rhel') return true if version == '5.1' && node['platform_version'].to_i == 5 return true if version == '5.5' && node['platform_version'].to_i == 5 false end def etc_dir - return "/opt/mysql#{pkg_ver_string}/etc/#{mysql_name}" if node['platform_family'] == 'omnios' - return "#{prefix_dir}/etc/#{mysql_name}" if node['platform_family'] == 'smartos' + return "/opt/mysql#{pkg_ver_string}/etc/#{mysql_name}" if platform_family?('omnios') + return "#{prefix_dir}/etc/#{mysql_name}" if platform_family?('smartos') "#{prefix_dir}/etc/#{mysql_name}" end @@ -167,10 +167,10 @@ module MysqlCookbook end def system_service_name - return 'mysql51-mysqld' if node['platform_family'] == 'rhel' && scl_name == 'mysql51' - return 'mysql55-mysqld' if node['platform_family'] == 'rhel' && scl_name == 'mysql55' - return 'mysqld' if node['platform_family'] == 'rhel' - return 'mysqld' if node['platform_family'] == 'fedora' + return 'mysql51-mysqld' if platform_family?('rhel') && scl_name == 'mysql51' + return 'mysql55-mysqld' if platform_family?('rhel') && scl_name == 'mysql55' + return 'mysqld' if platform_family?('rhel') + return 'mysqld' if platform_family?('fedora') 'mysql' # not one of the above end @@ -191,7 +191,7 @@ module MysqlCookbook end def log_dir - return "/var/adm/log/#{mysql_name}" if node['platform_family'] == 'omnios' + return "/var/adm/log/#{mysql_name}" if platform_family?('omnios') "#{prefix_dir}/var/log/#{mysql_name}" end @@ -258,8 +258,8 @@ EOSQL end def mysql_install_db_bin - return "#{base_dir}/scripts/mysql_install_db" if node['platform_family'] == 'omnios' - return "#{prefix_dir}/bin/mysql_install_db" if node['platform_family'] == 'smartos' + return "#{base_dir}/scripts/mysql_install_db" if platform_family?('omnios') + return "#{prefix_dir}/bin/mysql_install_db" if platform_family?('smartos') 'mysql_install_db' end @@ -273,14 +273,14 @@ EOSQL end def mysqladmin_bin - return "#{prefix_dir}/bin/mysqladmin" if node['platform_family'] == 'smartos' + return "#{prefix_dir}/bin/mysqladmin" if platform_family?('smartos') return 'mysqladmin' if scl_package? "#{prefix_dir}/usr/bin/mysqladmin" end def mysqld_bin - return "#{prefix_dir}/libexec/mysqld" if node['platform_family'] == 'smartos' - return "#{base_dir}/bin/mysqld" if node['platform_family'] == 'omnios' + return "#{prefix_dir}/libexec/mysqld" if platform_family?('smartos') + return "#{base_dir}/bin/mysqld" if platform_family?('omnios') return '/usr/sbin/mysqld' if fedora? && v56plus return '/usr/libexec/mysqld' if fedora? return 'mysqld' if scl_package? @@ -289,14 +289,14 @@ EOSQL def mysql_systemd_start_pre return '/usr/bin/mysqld_pre_systemd' if v57plus && (el7? || fedora?) - return '/usr/bin/mysql-systemd-start pre' if node['platform_family'] == 'rhel' + return '/usr/bin/mysql-systemd-start pre' if platform_family?('rhel') return '/usr/lib/mysql/mysql-systemd-helper install' if suse? '/usr/share/mysql/mysql-systemd-start pre' end def mysql_systemd return "/usr/libexec/#{mysql_name}-wait-ready $MAINPID" if v57plus && (el7? || fedora?) - return '/usr/bin/mysql-systemd-start' if node['platform_family'] == 'rhel' + return '/usr/bin/mysql-systemd-start' if platform_family?('rhel') return '/usr/share/mysql/mysql-systemd-start' if v57plus "/usr/libexec/#{mysql_name}-wait-ready $MAINPID" end @@ -311,8 +311,8 @@ EOSQL end def mysqld_safe_bin - return "#{prefix_dir}/bin/mysqld_safe" if node['platform_family'] == 'smartos' - return "#{base_dir}/bin/mysqld_safe" if node['platform_family'] == 'omnios' + return "#{prefix_dir}/bin/mysqld_safe" if platform_family?('smartos') + return "#{base_dir}/bin/mysqld_safe" if platform_family?('omnios') return 'mysqld_safe' if scl_package? "#{prefix_dir}/usr/bin/mysqld_safe" end diff --git a/cookbooks/mysql/libraries/mysql_service_base.rb b/cookbooks/mysql/libraries/mysql_service_base.rb index 1e22d7e..883e8ef 100644 --- a/cookbooks/mysql/libraries/mysql_service_base.rb +++ b/cookbooks/mysql/libraries/mysql_service_base.rb @@ -123,7 +123,7 @@ module MysqlCookbook def configure_apparmor # Do not add these resource if inside a container # Only valid on Ubuntu - return if ::File.exist?('/.dockerenv') || ::File.exist?('/.dockerinit') || node['platform'] != 'ubuntu' + return if ::File.exist?('/.dockerenv') || ::File.exist?('/.dockerinit') || !platform?('ubuntu') # Apparmor package 'apparmor' do diff --git a/cookbooks/mysql/metadata.json b/cookbooks/mysql/metadata.json index e78d557..8409113 100644 --- a/cookbooks/mysql/metadata.json +++ b/cookbooks/mysql/metadata.json @@ -1 +1 @@ -{"name":"mysql","version":"8.7.3","description":"Provides mysql_service, mysql_config, and mysql_client resources","long_description":"","maintainer":"Sous Chefs","maintainer_email":"help@sous-chefs.org","license":"Apache-2.0","platforms":{"redhat":">= 6.0","centos":">= 6.0","scientific":">= 6.0","oracle":">= 6.0","amazon":">= 0.0.0","fedora":">= 0.0.0","debian":">= 7.0","ubuntu":">= 14.04","opensuseleap":">= 0.0.0","suse":">= 12.0"},"dependencies":{},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{},"source_url":"https://github.com/sous-chefs/mysql","issues_url":"https://github.com/sous-chefs/mysql/issues","chef_version":[[">= 12.7"]],"ohai_version":[]} \ No newline at end of file +{"name":"mysql","version":"8.7.4","description":"Provides mysql_service, mysql_config, and mysql_client resources","long_description":"","maintainer":"Sous Chefs","maintainer_email":"help@sous-chefs.org","license":"Apache-2.0","platforms":{"redhat":">= 6.0","centos":">= 6.0","scientific":">= 6.0","oracle":">= 6.0","amazon":">= 0.0.0","fedora":">= 0.0.0","debian":">= 7.0","ubuntu":">= 14.04","opensuseleap":">= 0.0.0","suse":">= 12.0"},"dependencies":{},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{},"source_url":"https://github.com/sous-chefs/mysql","issues_url":"https://github.com/sous-chefs/mysql/issues","chef_version":[[">= 12.7"]],"ohai_version":[]} \ No newline at end of file diff --git a/cookbooks/mysql/metadata.rb b/cookbooks/mysql/metadata.rb index 78a50fc..621d75f 100644 --- a/cookbooks/mysql/metadata.rb +++ b/cookbooks/mysql/metadata.rb @@ -6,7 +6,7 @@ description 'Provides mysql_service, mysql_config, and mysql_client resour source_url 'https://github.com/sous-chefs/mysql' issues_url 'https://github.com/sous-chefs/mysql/issues' chef_version '>= 12.7' -version '8.7.3' +version '8.7.4' %w(redhat centos scientific oracle).each do |el| supports el, '>= 6.0' diff --git a/cookbooks/nodejs/CHANGELOG.md b/cookbooks/nodejs/CHANGELOG.md index fb7fd29..e12da9f 100644 --- a/cookbooks/nodejs/CHANGELOG.md +++ b/cookbooks/nodejs/CHANGELOG.md @@ -1,5 +1,13 @@ # NodeJS Cookbook Changelog +## 7.3.3 - *2021-08-30* + +- Standardise files with files in sous-chefs/repo-management + +## 7.3.2 - *2021-06-01* + +- Standardise files with files in sous-chefs/repo-management + ## 7.3.1 - *2020-12-31* - resolved cookstyle error: attributes/packages.rb:15:55 convention: `Layout/TrailingEmptyLines` diff --git a/cookbooks/nodejs/metadata.json b/cookbooks/nodejs/metadata.json index 44a8dc0..e6c24a9 100644 --- a/cookbooks/nodejs/metadata.json +++ b/cookbooks/nodejs/metadata.json @@ -29,7 +29,7 @@ "recipes": { }, - "version": "7.3.1", + "version": "7.3.3", "source_url": "https://github.com/redguide/nodejs", "issues_url": "https://github.com/redguide/nodejs/issues", "privacy": false, diff --git a/cookbooks/nodejs/metadata.rb b/cookbooks/nodejs/metadata.rb index 17dd723..f22b592 100644 --- a/cookbooks/nodejs/metadata.rb +++ b/cookbooks/nodejs/metadata.rb @@ -6,7 +6,7 @@ description 'Installs/Configures node.js' source_url 'https://github.com/redguide/nodejs' issues_url 'https://github.com/redguide/nodejs/issues' chef_version '>= 14' -version '7.3.1' +version '7.3.3' depends 'ark', '>= 2.0.2' depends 'chocolatey', '>= 3.0' diff --git a/cookbooks/php/CHANGELOG.md b/cookbooks/php/CHANGELOG.md index ddc51ab..5b737fb 100644 --- a/cookbooks/php/CHANGELOG.md +++ b/cookbooks/php/CHANGELOG.md @@ -2,6 +2,10 @@ This file is used to list changes made in each version of the PHP cookbook. +## 8.0.1 (2020-11-12) + +- Prevent Apache from being pulled in as a dependency on Ubuntu 20.04 (#311) + ## 8.0.0 (2020-07-09) - Drop support for: diff --git a/cookbooks/php/attributes/default.rb b/cookbooks/php/attributes/default.rb index 3528620..d44617f 100644 --- a/cookbooks/php/attributes/default.rb +++ b/cookbooks/php/attributes/default.rb @@ -127,8 +127,7 @@ when 'debian' default['php']['checksum'] = 'a554a510190e726ebe7157fb00b4aceabdb50c679430510a3b93cbf5d7546e44' default['php']['conf_dir'] = '/etc/php/7.4/cli' default['php']['src_deps'] = %w(libbz2-dev libc-client2007e-dev libcurl4-gnutls-dev libfreetype6-dev libgmp3-dev libjpeg62-dev libkrb5-dev libmcrypt-dev libpng-dev libssl-dev pkg-config libxml2-dev libsqlite3-dev libonig-dev) - # Ubuntu >= 20.04 drops versions from the package names - default['php']['packages'] = %w(php-cgi php php-dev php-cli php-pear) + default['php']['packages'] = %w(php7.4-cgi php7.4 php7.4-dev php7.4-cli php-pear) default['php']['fpm_package'] = 'php7.4-fpm' default['php']['fpm_pooldir'] = '/etc/php/7.4/fpm/pool.d' default['php']['fpm_service'] = 'php7.4-fpm' diff --git a/cookbooks/php/metadata.json b/cookbooks/php/metadata.json index 5fa1158..be1a60d 100644 --- a/cookbooks/php/metadata.json +++ b/cookbooks/php/metadata.json @@ -1 +1 @@ -{"name":"php","version":"8.0.0","description":"Installs and maintains php and php modules","long_description":"","maintainer":"Sous Chefs","maintainer_email":"help@sous-chefs.org","license":"Apache-2.0","platforms":{"amazon":">= 2.0","centos":">= 7.0","debian":">= 9.0","oracle":">= 7.0","redhat":">= 7.0","scientific":">= 7.0","ubuntu":">= 16.04"},"dependencies":{"yum-epel":">= 0.0.0"},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{},"source_url":"https://github.com/sous-chefs/php","issues_url":"https://github.com/sous-chefs/php/issues","chef_version":[[">= 14.0"]],"ohai_version":[]} \ No newline at end of file +{"name":"php","version":"8.0.1","description":"Installs and maintains php and php modules","long_description":"","maintainer":"Sous Chefs","maintainer_email":"help@sous-chefs.org","license":"Apache-2.0","platforms":{"amazon":">= 2.0","centos":">= 7.0","debian":">= 9.0","oracle":">= 7.0","redhat":">= 7.0","scientific":">= 7.0","ubuntu":">= 16.04"},"dependencies":{"yum-epel":">= 0.0.0"},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{},"source_url":"https://github.com/sous-chefs/php","issues_url":"https://github.com/sous-chefs/php/issues","chef_version":[[">= 14.0"]],"ohai_version":[]} \ No newline at end of file diff --git a/cookbooks/php/metadata.rb b/cookbooks/php/metadata.rb index 112a8c9..e52e18d 100644 --- a/cookbooks/php/metadata.rb +++ b/cookbooks/php/metadata.rb @@ -1,12 +1,12 @@ -name 'php' -maintainer 'Sous Chefs' -maintainer_email 'help@sous-chefs.org' -license 'Apache-2.0' -description 'Installs and maintains php and php modules' -source_url 'https://github.com/sous-chefs/php' -issues_url 'https://github.com/sous-chefs/php/issues' -chef_version '>= 14.0' -version '8.0.0' +name 'php' +maintainer 'Sous Chefs' +maintainer_email 'help@sous-chefs.org' +license 'Apache-2.0' +description 'Installs and maintains php and php modules' +source_url 'https://github.com/sous-chefs/php' +issues_url 'https://github.com/sous-chefs/php/issues' +chef_version '>= 14.0' +version '8.0.1' depends 'yum-epel' diff --git a/cookbooks/seven_zip/CHANGELOG.md b/cookbooks/seven_zip/CHANGELOG.md new file mode 100644 index 0000000..c510f71 --- /dev/null +++ b/cookbooks/seven_zip/CHANGELOG.md @@ -0,0 +1,104 @@ +# CHANGELOG for seven_zip + +This file is used to list changes made in each version of seven_zip. + +## 4.2.2 - *2021-08-31* + +- Standardise files with files in sous-chefs/repo-management + +## 4.2.1 - *2021-06-07* + +- [CI] Change ActionsHub actions to main +- [CI] Change checkout action to v2 +- [CI] Change final step to an echo for faster final step + +## 4.2.0 - *2021-06-07* + +- Add remove action to seven_zip_tool + +## 4.1.1 - *2021-06-01* + +- Update delivery configuration + +## 4.1.0 - *2021-05-20* + +- Reduce Chef requirement to >= 15.3 + +## 4.0.0 - *2021-04-29* + +- Increase the supported version of Chef to Chef 16 + + This is inline with our support policies, allowing us to use the newest Chef features + +- Remove dependency on the deprecated Windows cookbook +- Convert to modern custom resources +- Remove the default recipe +- Remove default_spec as we no longer have a default recipe +- Use the Chef `execute` and `directory` resources rather than Ruby methods +- Pull Windows helpers from the Windows cookbook and fix them to work in this cookbook + + As the Windows cookbook is no longer maintained many of the methods we used were deprecated + in Ruby 2.7 but were never fixed. These methods have now been removed in Ruby 3.0 + +- Move resource documentation to the documentation/resource directory. +- Update README to reflect new usage + +## 3.2.0 - *2021-01-24* + +- Sous Chefs Adoption +- Standardise files with files in sous-chefs/repo-management +- Various Cookstyle fixes +- Migrate from ServerSpec to InSpec for integration testing +- Update to 7-Zip 19.00 + +## 3.1.2 + +- Update nokogiri from [1.8.2 to 1.8.5](https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-72433) + +## 3.1.1 + +- Fix deprecation warning regarding the use of `win_friendly_path` helper. + +## 3.1.0 + +- Having a simple resource to setup 7-zip allows other resources (since including a recipe inside a resource is not a good pattern) to use it to ensure that their prerequisites are installed before-hand. +- This resource leverage existing attributes as default values to keep backward compatibility. +- The `seven_zip::default` recipe's code has been refactored to just use this resource. + +## 3.0.0 + +- Support Chef 13, drop support for Chef 12. +- Upgrade to 7-Zip 18.05. +- Standardize testing environment across repos. (AppVeyor, Kitchen, Rake, etc.) +- Upgrade development dependencies. + +## 2.0.2 + +- Add timeout to extract action on `seven_zip` resource and configurable `default_extract_timeout` attribute. + +## 2.0.1 + +- [GH Issue 21 - NoMethodError: Undefined method or attribute kernel on node](https://github.com/daptiv/seven_zip/issues/21). + +## 2.0.0 + +- [Upgrade to 7-Zip 15.14](https://github.com/daptiv/seven_zip/pull/9). +- [7-Zip now installed to the default MSI location by default](https://github.com/daptiv/seven_zip/pull/11). +- [7z.exe is located using the Windows registry unless the home attribute is explicitly set](https://github.com/daptiv/seven_zip/pull/10). +- [7-Zip is only added to the Windows PATH if the syspath attribute is set](https://github.com/daptiv/seven_zip/pull/11). +- [Installation idempotence check was fixed](https://github.com/daptiv/seven_zip/pull/14), package name was corrected. +- [TravisCI build added](https://github.com/daptiv/seven_zip/pull/12). +- [ServerSpec tests added](https://github.com/daptiv/seven_zip/pull/9) +- [Document Archive LRWP](https://github.com/daptiv/seven_zip/pull/6) + +## 1.0.2 + +- [COOK-3476 - Upgrade to 7-zip 9.22](https://tickets.opscode.com/browse/COOK-3476) + +## 1.0.0 + +- initial release + +--- + +Refer to the [Markdown Syntax Guide](https://daringfireball.net/projects/markdown/syntax) for help with standard Markdown, and [Writing on GitHub](https://help.github.com/categories/writing-on-github/) for help with the GitHub dialect of Markdown. diff --git a/cookbooks/seven_zip/Gemfile b/cookbooks/seven_zip/Gemfile deleted file mode 100644 index b6ba658..0000000 --- a/cookbooks/seven_zip/Gemfile +++ /dev/null @@ -1,8 +0,0 @@ -source 'http://rubygems.org' - -gem 'cookstyle' -gem 'foodcritic' -gem 'rspec-expectations' -gem 'rspec-mocks' -gem 'rubocop' -gem 'stove' diff --git a/cookbooks/seven_zip/Gemfile.lock b/cookbooks/seven_zip/Gemfile.lock deleted file mode 100644 index 9a5c87f..0000000 --- a/cookbooks/seven_zip/Gemfile.lock +++ /dev/null @@ -1,79 +0,0 @@ -GEM - remote: http://rubygems.org/ - specs: - ast (2.4.0) - backports (3.11.3) - chef-api (0.8.0) - logify (~> 0.1) - mime-types - cookstyle (3.0.0) - rubocop (= 0.55.0) - cucumber-core (3.1.0) - backports (>= 3.8.0) - cucumber-tag_expressions (~> 1.1.0) - gherkin (>= 5.0.0) - cucumber-tag_expressions (1.1.1) - diff-lcs (1.3) - erubis (2.7.0) - ffi-yajl (2.3.1) - libyajl2 (~> 1.2) - foodcritic (13.1.1) - cucumber-core (>= 1.3) - erubis - ffi-yajl (~> 2.0) - nokogiri (>= 1.5, < 2.0) - rake - rufus-lru (~> 1.0) - treetop (~> 1.4) - gherkin (5.0.0) - libyajl2 (1.2.0) - logify (0.2.0) - mime-types (3.1) - mime-types-data (~> 3.2015) - mime-types-data (3.2016.0521) - mini_portile2 (2.3.0) - nokogiri (1.8.2) - mini_portile2 (~> 2.3.0) - parallel (1.12.1) - parser (2.5.1.0) - ast (~> 2.4.0) - polyglot (0.3.5) - powerpack (0.1.1) - rainbow (3.0.0) - rake (12.3.1) - rspec-expectations (3.7.0) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.7.0) - rspec-mocks (3.7.0) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.7.0) - rspec-support (3.7.1) - rubocop (0.55.0) - parallel (~> 1.10) - parser (>= 2.5) - powerpack (~> 0.1) - rainbow (>= 2.2.2, < 4.0) - ruby-progressbar (~> 1.7) - unicode-display_width (~> 1.0, >= 1.0.1) - ruby-progressbar (1.9.0) - rufus-lru (1.1.0) - stove (6.0.0) - chef-api (~> 0.5) - logify (~> 0.2) - treetop (1.6.10) - polyglot (~> 0.3) - unicode-display_width (1.3.2) - -PLATFORMS - ruby - -DEPENDENCIES - cookstyle - foodcritic - rspec-expectations - rspec-mocks - rubocop - stove - -BUNDLED WITH - 1.16.1 diff --git a/cookbooks/seven_zip/README.md b/cookbooks/seven_zip/README.md index 7e04831..f95a526 100644 --- a/cookbooks/seven_zip/README.md +++ b/cookbooks/seven_zip/README.md @@ -1,11 +1,21 @@ -[![Cookbook Version](http://img.shields.io/cookbook/v/seven_zip.svg)](https://supermarket.chef.io/cookbooks/seven_zip) -[![Build status](https://ci.appveyor.com/api/projects/status/y1lsnlkd2b3q6gfd/branch/master?svg=true)](https://ci.appveyor.com/project/ChefWindowsCookbooks65871/seven-zip/branch/master) - # seven_zip Cookbook + +[![Cookbook Version](https://img.shields.io/cookbook/v/seven_zip.svg)](https://supermarket.chef.io/cookbooks/seven_zip) +[![CI State](https://github.com/sous-chefs/seven_zip/workflows/ci/badge.svg)](https://github.com/sous-chefs/seven_zip/actions?query=workflow%3Aci) +[![OpenCollective](https://opencollective.com/sous-chefs/backers/badge.svg)](#backers) +[![OpenCollective](https://opencollective.com/sous-chefs/sponsors/badge.svg)](#sponsors) +[![License](https://img.shields.io/badge/License-Apache%202.0-green.svg)](https://opensource.org/licenses/Apache-2.0) + [7-Zip](http://www.7-zip.org/) is a file archiver with a high compression ratio. This cookbook installs the full 7-Zip suite of tools (GUI and CLI). This cookbook replaces the older [7-Zip cookbook](https://github.com/sneal/7-zip). -# Requirements +## Maintainers + +This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks. If you’d like to know more please visit [sous-chefs.org](https://sous-chefs.org/) or come chat with us on the Chef Community Slack in [#sous-chefs](https://chefcommunity.slack.com/messages/C2V7B88SF). + +## Requirements + ## Platforms + - Windows XP - Windows Vista - Windows 7 @@ -16,99 +26,37 @@ - Windows Server 2012 (R1, R2) ## Chef -- Chef >= 13.0 -## Cookbooks -- windows +- Chef >= 16.0 -# Attributes -## Optional +## Usage -| Key | Type | Description | Default | -|-----|------|-------------|---------| -| `['seven_zip']['home']` | String | 7-Zip installation directory. | | -| `['seven_zip']['syspath']` | Boolean | If true, adds 7-Zip directory to system PATH environment variable. | | -| `['seven_zip']['default_extract_timeout']` | Integer | The default timeout for an extract operation in seconds. This can be overridden by a resource attribute. | `600` | +## Resources -# Usage -## default +- [seven_zip_tool](https://github.com/sous-chefs/seven_zip/blob/master/documentation/resources/seven_zip_tool.md) +- [seven_zip_archive](https://github.com/sous-chefs/seven_zip/blob/master/documentation/resources/seven_zip_archive.md) -Add `seven_zip::default` to your run\_list which will download and install 7-Zip for the current Windows platform. +## Contributors -# Resource/Provider -## seven_zip_archive -Extracts a 7-Zip compatible archive (iso, zip, 7z, etc.) to the specified destination directory. +This project exists thanks to all the people who [contribute.](https://opencollective.com/sous-chefs/contributors.svg?width=890&button=false) -#### Actions -- `:extract` - Extract a 7-Zip compatible archive. +### Backers -#### Attribute Parameters -- `path` - Name attribute. The destination to extract to. -- `source` - The file path to the archive to extract. -- `overwrite` - Defaults to false. If true, the destination files will be overwritten. -- `checksum` - The archive file checksum. -- `timeout` - The extract action timeout in seconds, defaults to `node['seven_zip']['default_extract_timeout']`. +Thank you to all our backers! -#### Examples -Extract 7-Zip source files to `C:\seven_zip_source`. +![https://opencollective.com/sous-chefs#backers](https://opencollective.com/sous-chefs/backers.svg?width=600&avatarHeight=40) -```ruby -seven_zip_archive 'seven_zip_source' do - path 'C:\seven_zip_source' - source 'https://www.7-zip.org/a/7z1805-src.7z' - overwrite true - checksum 'd9acfcbbdcad078435586e00f73909358ed8d714d106e064dcba52fa73e75d83' - timeout 30 -end -``` +### Sponsors -## seven_zip_tool -Download and install 7-zip for the current Windows platform. +Support this project by becoming a sponsor. Your logo will show up here with a link to your website. -#### Actions -- `:install` - Installs 7-zip -- `:add_to_path` - Add 7-zip to the PATH - -#### Attribute Parameters -- `package` - The name of the package. -- `path` - The install directory of 7-zip. -- `source` - The source URL of the 7-zip package. -- `checksum` - The 7-zip package checksum. - -#### Examples -Install 7-zip in `C:\7z` and add it to the path. - -```ruby -seven_zip_tool '7z 15.14 install' do - action [:install, :add_to_path] - package '7-Zip 15.14' - path 'C:\7z' - source 'http://www.7-zip.org/a/7z1514.msi' - checksum 'eaf58e29941d8ca95045946949d75d9b5455fac167df979a7f8e4a6bf2d39680' -end -``` - -# Recipes -## default - -Installs 7-Zip and adds it to your system PATH. - -# License & Authors -- Author:: Seth Chisamore () -- Author:: Shawn Neal () - -```text -Copyright:: 2011-2016, Chef Software, Inc. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -``` +![https://opencollective.com/sous-chefs/sponsor/0/website](https://opencollective.com/sous-chefs/sponsor/0/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/1/website](https://opencollective.com/sous-chefs/sponsor/1/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/2/website](https://opencollective.com/sous-chefs/sponsor/2/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/3/website](https://opencollective.com/sous-chefs/sponsor/3/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/4/website](https://opencollective.com/sous-chefs/sponsor/4/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/5/website](https://opencollective.com/sous-chefs/sponsor/5/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/6/website](https://opencollective.com/sous-chefs/sponsor/6/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/7/website](https://opencollective.com/sous-chefs/sponsor/7/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/8/website](https://opencollective.com/sous-chefs/sponsor/8/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/9/website](https://opencollective.com/sous-chefs/sponsor/9/avatar.svg?avatarHeight=100) diff --git a/cookbooks/seven_zip/appveyor.yml b/cookbooks/seven_zip/appveyor.yml deleted file mode 100644 index 321b270..0000000 --- a/cookbooks/seven_zip/appveyor.yml +++ /dev/null @@ -1,42 +0,0 @@ -version: "3.1.1.{build}-{branch}" - -image: Visual Studio 2013 -platform: x64 - -environment: - machine_user: vagrant - machine_pass: vagrant - KITCHEN_YAML: .kitchen.appveyor.yml - -branches: - only: - - master - -# Do not build on tags (GitHub only) -skip_tags: true - -#faster cloning -clone_depth: 1 - -install: - - ps: (& cmd /c); iex (irm https://omnitruck.chef.io/install.ps1); Install-Project -Project chefdk -channel stable -version 3.10.1 - - ps: 'Get-CimInstance win32_operatingsystem -Property Caption, OSArchitecture, Version | fl Caption, OSArchitecture, Version' - - ps: $PSVersionTable - - c:\opscode\chefdk\bin\chef.bat exec ruby --version - - ps: secedit /export /cfg $env:temp/export.cfg - - ps: ((get-content $env:temp/export.cfg) -replace ('PasswordComplexity = 1', 'PasswordComplexity = 0')) | Out-File $env:temp/export.cfg - - ps: ((get-content $env:temp/export.cfg) -replace ('MinimumPasswordLength = 8', 'MinimumPasswordLength = 0')) | Out-File $env:temp/export.cfg - - ps: secedit /configure /db $env:windir/security/new.sdb /cfg $env:temp/export.cfg /areas SECURITYPOLICY - - ps: net user /add $env:machine_user $env:machine_pass - - ps: net localgroup administrators $env:machine_user /add - -build_script: - - ps: c:\opscode\chefdk\bin\chef.bat shell-init powershell | iex; cmd /c c:\opscode\chefdk\bin\chef.bat --version - -test_script: - - c:\opscode\chefdk\bin\cookstyle --version - - c:\opscode\chefdk\bin\chef.bat exec foodcritic --version - - c:\opscode\chefdk\bin\chef.bat exec rake - - c:\opscode\chefdk\bin\chef.bat exec kitchen verify - -deploy: off diff --git a/cookbooks/seven_zip/attributes/default.rb b/cookbooks/seven_zip/attributes/default.rb deleted file mode 100644 index 443a28b..0000000 --- a/cookbooks/seven_zip/attributes/default.rb +++ /dev/null @@ -1,31 +0,0 @@ -# -# Author:: Seth Chisamore () -# Cookbook:: seven_zip -# Attribute:: default -# -# Copyright:: 2011-2017, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -if node['kernel']['machine'] == 'x86_64' - default['seven_zip']['url'] = 'https://www.7-zip.org/a/7z1805-x64.msi' - default['seven_zip']['checksum'] = '898c1ca0015183fe2ba7d55cacf0a1dea35e873bf3f8090f362a6288c6ef08d7' - default['seven_zip']['package_name'] = '7-Zip 18.05 (x64 edition)' -else - default['seven_zip']['url'] = 'https://www.7-zip.org/a/7z1805.msi' - default['seven_zip']['checksum'] = 'c554238bee18a03d736525e06d9258c9ecf7f64ead7c6b0d1eb04db2c0de30d0' - default['seven_zip']['package_name'] = '7-Zip 18.05' -end - -default['seven_zip']['default_extract_timeout'] = 600 diff --git a/cookbooks/seven_zip/chefignore b/cookbooks/seven_zip/chefignore index 9c2bd55..cc170ea 100644 --- a/cookbooks/seven_zip/chefignore +++ b/cookbooks/seven_zip/chefignore @@ -1,73 +1,85 @@ +# Put files/directories that should be ignored in this file when uploading +# to a Chef Infra Server or Supermarket. +# Lines that start with '# ' are comments. + # OS generated files # ###################### .DS_Store +ehthumbs.db Icon? nohup.out -ehthumbs.db Thumbs.db - -# SASS # -######## -.sass-cache +.envrc # EDITORS # ########### -\#* .#* -*~ -*.sw[a-z] +.project +.settings +*_flymake +*_flymake.* *.bak +*.sw[a-z] +*.tmproj +*~ +\#* REVISION TAGS* tmtags -*_flymake.* -*_flymake -*.tmproj -.project -.settings -mkmf.log +.vscode +.editorconfig ## COMPILED ## ############## -a.out +*.class +*.com +*.dll +*.exe *.o *.pyc *.so -*.com -*.class -*.dll -*.exe */rdoc/ +a.out +mkmf.log # Testing # ########### -.watchr -.rspec -spec/* -spec/fixtures/* -test/* -features/* -examples/* -Guardfile -Procfile -.kitchen* -.rubocop.yml -spec/* -Rakefile -.travis.yml -.foodcritic +.circleci/* .codeclimate.yml +.delivery/* +.foodcritic +.kitchen* +.mdlrc +.overcommit.yml +.rspec +.rubocop.yml +.travis.yml +.watchr +.yamllint +azure-pipelines.yml +Dangerfile +examples/* +features/* +Guardfile +kitchen.yml* +mlc_config.json +Procfile +Rakefile +spec/* +test/* # SCM # ####### .git -*/.git -.gitignore -.gitmodules -.gitconfig .gitattributes +.gitconfig +.github/* +.gitignore +.gitkeep +.gitmodules .svn */.bzr/* +*/.git */.hg/* */.svn/* @@ -78,19 +90,24 @@ Berksfile.lock cookbooks/* tmp -# Cookbooks # -############# -CONTRIBUTING* -CHANGELOG* -TESTING* -MAINTAINERS.toml +# Bundler # +########### +vendor/* +Gemfile +Gemfile.lock -# Strainer # -############ -Colanderfile -Strainerfile -.colander -.strainer +# Policyfile # +############## +Policyfile.rb +Policyfile.lock.json + +# Documentation # +############# +CODE_OF_CONDUCT* +CONTRIBUTING* +documentation/* +TESTING* +UPGRADING* # Vagrant # ########### diff --git a/cookbooks/seven_zip/kitchen.exec.yml b/cookbooks/seven_zip/kitchen.exec.yml new file mode 100644 index 0000000..3ac4b93 --- /dev/null +++ b/cookbooks/seven_zip/kitchen.exec.yml @@ -0,0 +1,15 @@ +--- +driver: + name: exec + +transport: + name: exec + +provisioner: + name: chef_zero + enforce_idempotency: true + multiple_converge: 2 + deprecations_as_errors: true + +platforms: + - name: windows-latest diff --git a/cookbooks/seven_zip/libraries/matchers.rb b/cookbooks/seven_zip/libraries/matchers.rb deleted file mode 100644 index 6dd4dca..0000000 --- a/cookbooks/seven_zip/libraries/matchers.rb +++ /dev/null @@ -1,33 +0,0 @@ -# -# Author:: Shawn Neal () -# Cookbook:: visualstudio -# -# Copyright:: 2015-2017, Shawn Neal -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -if defined?(ChefSpec) - chefspec_version = Gem.loaded_specs['chefspec'].version - define_method = if chefspec_version < Gem::Version.new('4.1.0') - ChefSpec::Runner.method(:define_runner_method) - else - ChefSpec.method(:define_matcher) - end - - define_method.call :seven_zip_archive - - def extract_seven_zip_archive(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:seven_zip_archive, :extract, resource_name) - end -end diff --git a/cookbooks/seven_zip/metadata.json b/cookbooks/seven_zip/metadata.json index cf13785..24db485 100644 --- a/cookbooks/seven_zip/metadata.json +++ b/cookbooks/seven_zip/metadata.json @@ -1,32 +1,29 @@ { "name": "seven_zip", "description": "Installs/Configures 7-Zip", - "long_description": "[![Cookbook Version](http://img.shields.io/cookbook/v/seven_zip.svg)](https://supermarket.chef.io/cookbooks/seven_zip)\n[![Build status](https://ci.appveyor.com/api/projects/status/y1lsnlkd2b3q6gfd/branch/master?svg=true)](https://ci.appveyor.com/project/ChefWindowsCookbooks65871/seven-zip/branch/master)\n\n# seven_zip Cookbook\n[7-Zip](http://www.7-zip.org/) is a file archiver with a high compression ratio. This cookbook installs the full 7-Zip suite of tools (GUI and CLI). This cookbook replaces the older [7-Zip cookbook](https://github.com/sneal/7-zip).\n\n# Requirements\n## Platforms\n- Windows XP\n- Windows Vista\n- Windows 7\n- Windows 8, 8.1\n- Windows 10\n- Windows Server 2003 R2\n- Windows Server 2008 (R1, R2)\n- Windows Server 2012 (R1, R2)\n\n## Chef\n- Chef >= 13.0\n\n## Cookbooks\n- windows\n\n# Attributes\n## Optional\n\n| Key | Type | Description | Default |\n|-----|------|-------------|---------|\n| `['seven_zip']['home']` | String | 7-Zip installation directory. | |\n| `['seven_zip']['syspath']` | Boolean | If true, adds 7-Zip directory to system PATH environment variable. | |\n| `['seven_zip']['default_extract_timeout']` | Integer | The default timeout for an extract operation in seconds. This can be overridden by a resource attribute. | `600` |\n\n# Usage\n## default\n\nAdd `seven_zip::default` to your run\\_list which will download and install 7-Zip for the current Windows platform.\n\n# Resource/Provider\n## seven_zip_archive\nExtracts a 7-Zip compatible archive (iso, zip, 7z, etc.) to the specified destination directory.\n\n#### Actions\n- `:extract` - Extract a 7-Zip compatible archive.\n\n#### Attribute Parameters\n- `path` - Name attribute. The destination to extract to.\n- `source` - The file path to the archive to extract.\n- `overwrite` - Defaults to false. If true, the destination files will be overwritten.\n- `checksum` - The archive file checksum.\n- `timeout` - The extract action timeout in seconds, defaults to `node['seven_zip']['default_extract_timeout']`.\n\n#### Examples\nExtract 7-Zip source files to `C:\\seven_zip_source`.\n\n```ruby\nseven_zip_archive 'seven_zip_source' do\n path 'C:\\seven_zip_source'\n source 'https://www.7-zip.org/a/7z1805-src.7z'\n overwrite true\n checksum 'd9acfcbbdcad078435586e00f73909358ed8d714d106e064dcba52fa73e75d83'\n timeout 30\nend\n```\n\n## seven_zip_tool\nDownload and install 7-zip for the current Windows platform.\n\n#### Actions\n- `:install` - Installs 7-zip\n- `:add_to_path` - Add 7-zip to the PATH\n\n#### Attribute Parameters\n- `package` - The name of the package.\n- `path` - The install directory of 7-zip.\n- `source` - The source URL of the 7-zip package.\n- `checksum` - The 7-zip package checksum.\n\n#### Examples\nInstall 7-zip in `C:\\7z` and add it to the path.\n\n```ruby\nseven_zip_tool '7z 15.14 install' do\n action [:install, :add_to_path]\n package '7-Zip 15.14'\n path 'C:\\7z'\n source 'http://www.7-zip.org/a/7z1514.msi'\n checksum 'eaf58e29941d8ca95045946949d75d9b5455fac167df979a7f8e4a6bf2d39680'\nend\n```\n\n# Recipes\n## default\n\nInstalls 7-Zip and adds it to your system PATH.\n\n# License & Authors\n- Author:: Seth Chisamore ()\n- Author:: Shawn Neal ()\n\n```text\nCopyright:: 2011-2016, Chef Software, Inc.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n", - "maintainer": "Shawn Neal", - "maintainer_email": "sneal@sneal.net", + "long_description": "", + "maintainer": "Sous Chefs", + "maintainer_email": "help@sous-chefs.org", "license": "Apache-2.0", "platforms": { "windows": ">= 0.0.0" }, "dependencies": { - "windows": ">= 0.0.0" - }, - "providing": { }, - "attributes": { + "providing": { }, "recipes": { }, - "version": "3.1.1", - "source_url": "https://github.com/windowschefcookbooks/seven_zip", - "issues_url": "https://github.com/windowschefcookbooks/seven_zip/issues", + "version": "4.2.2", + "source_url": "https://github.com/sous-chefs/seven_zip", + "issues_url": "https://github.com/sous-chefs/seven_zip/issues", "privacy": false, "chef_versions": [ [ - ">= 13.0" + ">= 15.3" ] ], "ohai_versions": [ @@ -34,5 +31,6 @@ ], "gems": [ - ] + ], + "eager_load_libraries": true } diff --git a/cookbooks/seven_zip/metadata.rb b/cookbooks/seven_zip/metadata.rb index d840292..419af07 100644 --- a/cookbooks/seven_zip/metadata.rb +++ b/cookbooks/seven_zip/metadata.rb @@ -1,12 +1,11 @@ name 'seven_zip' -maintainer 'Shawn Neal' -maintainer_email 'sneal@sneal.net' -source_url 'https://github.com/windowschefcookbooks/seven_zip' -issues_url 'https://github.com/windowschefcookbooks/seven_zip/issues' -chef_version '>= 13.0' if respond_to?(:chef_version) +maintainer 'Sous Chefs' +maintainer_email 'help@sous-chefs.org' license 'Apache-2.0' description 'Installs/Configures 7-Zip' -long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) -version '3.1.1' +version '4.2.2' +source_url 'https://github.com/sous-chefs/seven_zip' +issues_url 'https://github.com/sous-chefs/seven_zip/issues' +chef_version '>= 15.3' + supports 'windows' -depends 'windows' diff --git a/cookbooks/seven_zip/providers/archive.rb b/cookbooks/seven_zip/providers/archive.rb deleted file mode 100644 index c935569..0000000 --- a/cookbooks/seven_zip/providers/archive.rb +++ /dev/null @@ -1,64 +0,0 @@ -# -# Author:: Shawn Neal () -# Cookbook:: seven_zip -# Provider:: archive -# -# Copyright:: 2013-2017, Daptiv Solutions LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -require 'fileutils' -require 'chef/mixin/shell_out' -require 'chef/util/path_helper' - -include Chef::Mixin::ShellOut -include Windows::Helper - -def whyrun_supported? - true -end - -action :extract do - converge_by("Extract #{@new_resource.source} => #{@new_resource.path} (overwrite=#{@new_resource.overwrite})") do - FileUtils.mkdir_p(@new_resource.path) unless Dir.exist?(@new_resource.path) - local_source = cached_file(@new_resource.source, @new_resource.checksum) - overwrite_file = @new_resource.overwrite ? ' -y' : ' -aos' - cmd = "\"#{seven_zip_exe}\" x" - cmd << overwrite_file - cmd << " -o\"#{Chef::Util::PathHelper.cleanpath(@new_resource.path)}\"" - cmd << " \"#{local_source}\"" - Chef::Log.debug(cmd) - shell_out!(cmd, timeout: extract_timeout) - end -end - -def seven_zip_exe - path = node['seven_zip']['home'] || seven_zip_exe_from_registry - Chef::Log.debug("Using 7-zip home: #{path}") - Chef::Util::PathHelper.cleanpath(::File.join(path, '7z.exe')) -end - -def seven_zip_exe_from_registry - require 'win32/registry' - # Read path from recommended Windows App Paths registry location - # docs: https://msdn.microsoft.com/en-us/library/windows/desktop/ee872121 - ::Win32::Registry::HKEY_LOCAL_MACHINE.open( - 'SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\7zFM.exe', - ::Win32::Registry::KEY_READ - ).read_s('Path') -end - -def extract_timeout - @new_resource.timeout || node['seven_zip']['default_extract_timeout'] -end diff --git a/cookbooks/seven_zip/recipes/default.rb b/cookbooks/seven_zip/recipes/default.rb deleted file mode 100644 index b013889..0000000 --- a/cookbooks/seven_zip/recipes/default.rb +++ /dev/null @@ -1,24 +0,0 @@ -# -# Author:: Seth Chisamore () -# Cookbook:: seven_zip -# Recipe:: default -# -# Copyright:: 2011-2017, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -# Install 7z and optionally add it to path -seven_zip_tool 'install seven_zip' do - action [:install, :add_to_path] if node['seven_zip']['syspath'] -end diff --git a/cookbooks/seven_zip/resources/archive.rb b/cookbooks/seven_zip/resources/archive.rb index 5558f14..25b5e94 100644 --- a/cookbooks/seven_zip/resources/archive.rb +++ b/cookbooks/seven_zip/resources/archive.rb @@ -1,29 +1,92 @@ -# -# Author:: Shawn Neal () -# Cookbook:: seven_zip -# Resource:: archive -# -# Copyright:: 2013-2017, Daptiv Solutions LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# +unified_mode true -default_action :extract +property :path, + String, + name_property: true, + description: 'Path to extract the archive.' -actions :extract +property :source, + String, + description: 'Source archive location.' -attribute :path, kind_of: String, name_attribute: true -attribute :source, kind_of: String -attribute :overwrite, kind_of: [TrueClass, FalseClass], default: false -attribute :checksum, kind_of: String -attribute :timeout, kind_of: Integer +property :overwrite, + [true, false], + default: false, + description: 'Whether to overwrite the destination files.' + +property :checksum, + String, + description: 'The checksum for the downloaded file.' + +property :timeout, + Integer, + default: 600, + description: 'Extract timeout in seconds.' + +action :extract do + directory new_resource.path + + local_source = cached_file(new_resource.source, new_resource.checksum) + + overwrite_file = new_resource.overwrite ? ' -y' : ' -aos' + + cmd = "\"#{seven_zip_exe}\" x" + cmd << overwrite_file + cmd << " -o\"#{Chef::Util::PathHelper.cleanpath(new_resource.path)}\"" + cmd << " \"#{local_source}\"" + + Chef::Log.debug(cmd) + + execute "extracting #{new_resource.source}" do + command cmd + timeout new_resource.timeout + end +end + +action_class do + # require 'chef/mixin/shell_out' + # include Chef::Mixin::ShellOut + + def seven_zip_exe + path = seven_zip_exe_from_registry + Chef::Log.debug("Using 7-zip home: #{path}") + Chef::Util::PathHelper.cleanpath(::File.join(path, '7z.exe')) + end + + def seven_zip_exe_from_registry + require 'win32/registry' + # Read path from recommended Windows App Paths registry location + # docs: https://msdn.microsoft.com/en-us/library/windows/desktop/ee872121 + ::Win32::Registry::HKEY_LOCAL_MACHINE.open( + 'SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\7zFM.exe', + ::Win32::Registry::KEY_READ + ).read_s('Path') + end + + # if a file is local it returns a windows friendly path version + # if a file is remote it caches it locally + def cached_file(source, checksum = nil) + if source =~ %r{^(file|ftp|http|https):\/\/} + uri = as_uri(source) + cache_file_path = "#{Chef::Config[:file_cache_path]}/#{::File.basename(::CGI.unescape(uri.path))}" + Chef::Log.debug("Caching a copy of file #{source} at #{cache_file_path}") + + remote_file cache_file_path do + source source + backup false + checksum checksum unless checksum.nil? + end + else + cache_file_path = source + end + + Chef::Util::PathHelper.cleanpath(cache_file_path) + end + + def as_uri(source) + URI.parse(source) + rescue URI::InvalidURIError + Chef::Log.warn("#{source} was an invalid URI. Trying to escape invalid characters") + URI.parse(URI.escape(source)) + end +end diff --git a/cookbooks/seven_zip/resources/tool.rb b/cookbooks/seven_zip/resources/tool.rb index 4e27965..58217aa 100644 --- a/cookbooks/seven_zip/resources/tool.rb +++ b/cookbooks/seven_zip/resources/tool.rb @@ -1,26 +1,23 @@ -# -# Author:: Annih () -# Cookbook:: seven_zip -# Resource:: tool -# -# Copyright:: 2018, Baptiste Courtois -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -property :package, ::String, default: lazy { node['seven_zip']['package_name'] } -property :source, ::String, default: lazy { node['seven_zip']['url'] } -property :checksum, [::NilClass, ::String], default: lazy { node['seven_zip']['checksum'] } -property :path, [::NilClass, ::String], default: lazy { node['seven_zip']['home'] } +unified_mode true + +property :package, + String, + description: 'Name of the package to install.', + default: node['kernel']['machine'] == 'x86_64' ? '7-Zip 19.00 (x64 edition)' : '7-Zip 19.00' + +property :source, + String, + description: 'Source URL of the package to install.', + default: node['kernel']['machine'] == 'x86_64' ? 'https://www.7-zip.org/a/7z1900-x64.msi' : 'https://www.7-zip.org/a/7z1900.msi' + +property :checksum, + String, + description: 'Checksum for the downloaded pacakge.', + default: node['kernel']['machine'] == 'x86_64' ? 'a7803233eedb6a4b59b3024ccf9292a6fffb94507dc998aa67c5b745d197a5dc' : 'b49d55a52bc0eab14947c8982c413d9be141c337da1368a24aa0484cbb5e89cd' + +property :path, + String, + description: 'Optional: path to install 7zip to.' action :install do windows_package new_resource.package do @@ -38,6 +35,12 @@ action :add_to_path do end end +action :remove do + windows_package new_resource.package do + action :remove + end +end + action_class do REG_PATH = 'SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\7zFM.exe'.freeze diff --git a/cookbooks/windows/CHANGELOG.md b/cookbooks/windows/CHANGELOG.md index d88694c..87793e7 100644 --- a/cookbooks/windows/CHANGELOG.md +++ b/cookbooks/windows/CHANGELOG.md @@ -2,6 +2,49 @@ This file is used to list changes made in each version of the windows cookbook. +## 7.0.2 (2020-09-10) + +- Resolve a typo in the user_privilege resource - [@tas50](https://github.com/tas50) +- Don't run delivery in Appveyor - [@tas50](https://github.com/tas50) + +## 7.0.1 (2020-09-10) + +- Remove testing of Windows 2008 R2 - [@tas50](https://github.com/tas50) +- Cookstyle 6.2.9 Fixes - [@xorimabot](https://github.com/xorimabot) +- Avoid deprcation warnings when using user_privilege resource on Chef >= - [@tas50](https://github.com/tas50) + +## Unreleased + +- resolved cookstyle error: libraries/registry_helper.rb:69:9 refactor: `ChefCorrectness/ChefApplicationFatal` +- resolved cookstyle error: libraries/registry_helper.rb:232:9 convention: `Style/RedundantReturn` +- resolved cookstyle error: libraries/registry_helper.rb:234:9 convention: `Style/RedundantReturn` +- resolved cookstyle error: libraries/registry_helper.rb:244:9 convention: `Style/RedundantReturn` +- resolved cookstyle error: libraries/registry_helper.rb:245:7 convention: `Style/EmptyElse` +- resolved cookstyle error: libraries/registry_helper.rb:246:9 convention: `Style/RedundantReturn` +- resolved cookstyle error: libraries/registry_helper.rb:272:9 convention: `Style/RedundantReturn` +- resolved cookstyle error: libraries/registry_helper.rb:274:9 convention: `Style/RedundantReturn` +- resolved cookstyle error: libraries/windows_helper.rb:165:14 warning: `Lint/SendWithMixinArgument` + +## 7.0.0 (2020-03-26) + +### Breaking Changes + +- This cookbook now requires Chef Infra Client 14.7 and later as it no longer includes the `windows_share` and `windows_certificate` resources that are now built into Chef Infra Client. + +### Other Changes + +- Remove list of actions in the dns resource - [@tas50](https://github.com/tas50) +- Don't set the guard_interpreter in powershell_script - [@tas50](https://github.com/tas50) +- Add windows_schannel resource (#619) - [@Xorima](https://github.com/Xorima) +- Remove desired_state: true from resources - [@tas50](https://github.com/tas50) +- The host_name property in the dns resource doesn't need to be a name property - [@tas50](https://github.com/tas50) +- Remove unnecessary include of the powershell mixin - [@tas50](https://github.com/tas50) + +## 6.0.1 (2019-10-01) + +- Update README.md for Windows cookbook suggesting core dns resources (#616) - [@NAshwini](https://github.com/NAshwini) +- Add a warning when using windows_zipfile resource as users should migrate to archive_file (#617) - [@NAshwini](https://github.com/NAshwini) + ## 6.0.0 (2019-04-25) ### Breaking Changes diff --git a/cookbooks/windows/README.md b/cookbooks/windows/README.md index b849fbf..637328d 100644 --- a/cookbooks/windows/README.md +++ b/cookbooks/windows/README.md @@ -8,83 +8,21 @@ Provides a set of Windows-specific resources to aid in the creation of cookbooks ### Platforms -- Windows 7 -- Windows Server 2008 R2 +- Windows 7 (EOL) +- Windows Server 2008 R2 (EOL) - Windows 8, 8.1 - Windows Server 2012 (R1, R2) - Windows Server 2016 ### Chef -- Chef 14+ +- Chef 14.7+ ## Resources -### Deprecated Resources Note - -As of Chef 14.7+ the windows_share and windows_certificate resources are now included in the Chef Client. If you are running Chef 14.7+ the resources in Chef client will take precedence over the resources in this cookbook. In November 2019 we will release a new major version of this cookbook that removes these resources. - -### windows_certificate - -`Note`: This resource is now included in Chef 14.7 and later. There is no need to depend on the Windows cookbook for this resource. - -Installs a certificate into the Windows certificate store from a file, and grants read-only access to the private key for designated accounts. Due to current limitations in WinRM, installing certificated remotely may not work if the operation requires a user profile. Operations on the local machine store should still work. - -#### Actions - -- `:create` - creates or updates a certificate. -- `:delete` - deletes a certificate. -- `:acl_add` - adds read-only entries to a certificate's private key ACL. -- `:verify` - logs whether or not a certificate is valid - -#### Properties - -- `source` - name attribute. The source file (for create and acl_add), thumbprint (for delete and acl_add) or subject (for delete). -- `pfx_password` - the password to access the source if it is a pfx file. -- `private_key_acl` - array of 'domain\account' entries to be granted read-only access to the certificate's private key. This is not idempotent. -- `store_name` - the certificate store to manipulate. One of: - - MY (Personal) - - CA (Intermediate Certification Authorities) - - ROOT (Trusted Root Certification Authorities) - - TRUSTEDPUBLISHER (Trusted Publishers) - - CLIENTAUTHISSUER (Client Authentication Issuers) - - REMOTE DESKTOP (Remote Desktop) - - TRUSTEDDEVICES (Trusted Devices) - - WEBHOSTING (Web Hosting) - - AUTHROOT (Third-Party Root Certification Authorities) - - TRUSTEDPEOPLE (Trusted People) - - SMARTCARDROOT (Smart Card Trusted Roots) - - TRUST (Enterprise Trust) - - DISALLOWED (Untrusted Certificates) -- `user_store` - if false (default) then use the local machine store; if true then use the current user's store. - -#### Examples - -```ruby -# Add PFX cert to local machine personal store and grant accounts read-only access to private key -windows_certificate "c:/test/mycert.pfx" do - pfx_password "password" - private_key_acl ["acme\fred", "pc\jane"] -end -``` - -```ruby -# Add cert to trusted intermediate store -windows_certificate "c:/test/mycert.cer" do - store_name "CA" -end -``` - -```ruby -# Remove all certificates matching the subject -windows_certificate "me.acme.com" do - action :delete -end -``` - ### windows_certificate_binding -Binds a certificate to an HTTP port in order to enable TLS communication. +Binds a certificate to an HTTP port to enable TLS communication. #### Actions @@ -135,6 +73,8 @@ end ### windows_dns +`Note`: This resource is now included in Chef 15 and later. If you are using newer versions of [windows](https://devblogs.microsoft.com/powershell/configuration-in-a-devops-world-windows-powershell-desired-state-configuration/) then should use the core [resource](https://github.com/chef/chef/blob/master/RELEASE_NOTES.md#windows_dns_record-resource) instead of windows_dns. + Configures A and CNAME records in Windows DNS. This requires the DNSCMD to be installed, which is done by adding the DNS role to the server or installing the Remote Server Admin Tools. #### Actions @@ -213,52 +153,19 @@ windows_http_acl 'http://+:50051/' do end ``` -### windows_share +### windows_schannel -`Note`: This resource is now included in Chef 14.7 and later. There is no need to depend on the Windows cookbook for this resource. - -Creates, modifies and removes Windows shares. All properties are idempotent. - -`Note`: This resource uses PowerShell cmdlets introduced in Windows 2012/8. +Used to configure the schannel security settings in windows, this is used by dotnet apps and PowerShell to be able to speak to tls 1.2 endpoints #### Actions -- `:create`: creates/modifies a share -- `:delete`: deletes a share +- `configure`: Configures the setting #### Properties property | type | default | description ------------------------ | ---------- | ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- -`share_name` | String | resource name | the share to assign to the share -`path` | String | | The path of the location of the folder to share. Required when creating. If the share already exists on a different path then it is deleted and re-created. -`description` | String | | description to be applied to the share -`full_users` | Array | [] | users which should have "Full control" permissions -`change_users` | Array | [] | Users are granted modify permission to access the share. -`read_users` | Array | [] | users which should have "Read" permissions -`temporary` | True/False | false | The lifetime of the new SMB share. A temporary share does not persist beyond the next restart of the computer -`scope_name` | String | '*' | The scope name of the share. -`ca_timeout` | Integer | 0 | The continuous availability time-out for the share. -`continuously_available` | True/False | false | Indicates that the share is continuously available. -`concurrent_user_limit` | Integer | 0 (unlimited) | The maximum number of concurrently connected users the share can accommodate -`encrypt_data` | True/False | false | Indicates that the share is encrypted. - -#### Examples - -```ruby -windows_share "foo" do - action :create - path "C:\\foo" - full_users ["DOMAIN_A\\some_user", "DOMAIN_B\\some_other_user"] - read_users ["DOMAIN_C\\Domain users"] -end -``` - -```ruby -windows_share "foo" do - action :delete -end -``` +`use_strong_crypto` | True, False | true | Enables or disables the setting ### windows_user_privilege @@ -345,7 +252,9 @@ SeTakeOwnershipPrivilege Take ownership of files or other objects ### windows_zipfile -Most version of Windows do not ship with native cli utility for managing compressed files. This resource provides a pure-ruby implementation for managing zip files. Be sure to use the `not_if` or `only_if` meta parameters to guard the resource for idempotence or action will be taken every Chef run. +`Note`: This resource has been deprecated as Chef Infra Client 15.0 shipped with a new archive_file resource, which natively handles multiple archive formats. Please update any cookbooks using this resource to instead use the `archive_file` resource: https://docs.chef.io/resource_archive_file.html + +Most versions of Windows do not ship with native cli utility for managing compressed files. This resource provides a pure-ruby implementation for managing zip files. Be sure to use the `not_if` or `only_if` meta parameters to guard the resource for idempotence or action will be taken every Chef run. #### Actions @@ -401,7 +310,7 @@ Returns a hash of all DisplayNames installed ```ruby # usage in a recipe -::Chef::Recipe.send(:include, Windows::Helper) +::Chef::DSL::Recipe.send(:include, Windows::Helper) hash_of_installed_packages = installed_packages ``` @@ -414,7 +323,7 @@ Download a file if a package isn't installed ```ruby # usage in a recipe to not download a file if package is already installed -::Chef::Recipe.send(:include, Windows::Helper) +::Chef::DSL::Recipe.send(:include, Windows::Helper) is_win_sdk_installed = is_package_installed?('Windows Software Development Kit') remote_file 'C:\windows\temp\windows_sdk.zip' do @@ -436,11 +345,11 @@ end ### Windows::VersionHelper -Helper that allows you to get information of the windows version running on your node. It leverages windows ohai from kernel.os_info, easy to mock and to use even on linux. +Helper that allows you to get information on the windows version running on your node. It leverages windows ohai from kernel.os_info, easy to mock and to use even on Linux. #### core_version? -Determines whether given node is running on a windows Core. +Determines whether the given node is running on a Windows Core. ```ruby if ::Windows::VersionHelper.core_version? node @@ -450,7 +359,7 @@ end #### workstation_version? -Determines whether given node is a windows workstation version (XP, Vista, 7, 8, 8.1, 10) +Determines whether the given node is a windows workstation version (XP, Vista, 7, 8, 8.1, 10) ```ruby if ::Windows::VersionHelper.workstation_version? node @@ -460,7 +369,7 @@ end #### server_version? -Determines whether given node is a windows server version (Server 2003, Server 2008, Server 2012, Server 2016) +Determines whether the given node is a windows server version (Server 2003, Server 2008, Server 2012, Server 2016) ```ruby if ::Windows::VersionHelper.server_version? node diff --git a/cookbooks/windows/libraries/registry_helper.rb b/cookbooks/windows/libraries/registry_helper.rb index 3ca2254..172061d 100644 --- a/cookbooks/windows/libraries/registry_helper.rb +++ b/cookbooks/windows/libraries/registry_helper.rb @@ -66,7 +66,7 @@ module Windows }[hkey] unless hive - Chef::Application.fatal!("Unsupported registry hive '#{hive_name}'") + raise("Unsupported registry hive '#{hive_name}'") end Chef::Log.debug("Registry hive resolved to #{hkey}") @@ -229,9 +229,9 @@ module Windows begin hive.open(key, ::Win32::Registry::Constants::KEY_READ | @@native_registry_constant) - return true + true rescue - return false + false ensure ensure_hive_unloaded(hive_loaded) end @@ -241,9 +241,7 @@ module Windows reg_key = "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\#{sid}" Chef::Log.debug("Looking for profile at #{reg_key}") if key_exists?(reg_key) - return get_value(reg_key, 'ProfileImagePath') - else - return nil + get_value(reg_key, 'ProfileImagePath') end end @@ -269,9 +267,9 @@ module Windows user_hive = path[0] if user_hive?(hive) - return key_exists?("#{hive_name}\\#{user_hive}") + key_exists?("#{hive_name}\\#{user_hive}") else - return true + true end end diff --git a/cookbooks/windows/libraries/windows_helper.rb b/cookbooks/windows/libraries/windows_helper.rb index 97ec431..5331576 100644 --- a/cookbooks/windows/libraries/windows_helper.rb +++ b/cookbooks/windows/libraries/windows_helper.rb @@ -162,4 +162,4 @@ module Windows end end -Chef::Recipe.send(:include, Windows::Helper) +Chef::Recipe.include Windows::Helper diff --git a/cookbooks/windows/metadata.json b/cookbooks/windows/metadata.json index 33a7cfd..4e7f067 100644 --- a/cookbooks/windows/metadata.json +++ b/cookbooks/windows/metadata.json @@ -1 +1 @@ -{"name":"windows","version":"6.0.0","description":"Provides a set of useful Windows-specific primitives.","long_description":"# Windows Cookbook\n\n[![Build status](https://ci.appveyor.com/api/projects/status/9x4uepmm1g4rktie/branch/master?svg=true)](https://ci.appveyor.com/project/ChefWindowsCookbooks/windows/branch/master) [![Cookbook Version](https://img.shields.io/cookbook/v/windows.svg)](https://supermarket.chef.io/cookbooks/windows)\n\nProvides a set of Windows-specific resources to aid in the creation of cookbooks/recipes targeting the Windows platform.\n\n## Requirements\n\n### Platforms\n\n- Windows 7\n- Windows Server 2008 R2\n- Windows 8, 8.1\n- Windows Server 2012 (R1, R2)\n- Windows Server 2016\n\n### Chef\n\n- Chef 14+\n\n## Resources\n\n### Deprecated Resources Note\n\nAs of Chef 14.7+ the windows_share and windows_certificate resources are now included in the Chef Client. If you are running Chef 14.7+ the resources in Chef client will take precedence over the resources in this cookbook. In November 2019 we will release a new major version of this cookbook that removes these resources.\n\n### windows_certificate\n\n`Note`: This resource is now included in Chef 14.7 and later. There is no need to depend on the Windows cookbook for this resource.\n\nInstalls a certificate into the Windows certificate store from a file, and grants read-only access to the private key for designated accounts. Due to current limitations in WinRM, installing certificated remotely may not work if the operation requires a user profile. Operations on the local machine store should still work.\n\n#### Actions\n\n- `:create` - creates or updates a certificate.\n- `:delete` - deletes a certificate.\n- `:acl_add` - adds read-only entries to a certificate's private key ACL.\n- `:verify` - logs whether or not a certificate is valid\n\n#### Properties\n\n- `source` - name attribute. The source file (for create and acl_add), thumbprint (for delete and acl_add) or subject (for delete).\n- `pfx_password` - the password to access the source if it is a pfx file.\n- `private_key_acl` - array of 'domain\\account' entries to be granted read-only access to the certificate's private key. This is not idempotent.\n- `store_name` - the certificate store to manipulate. One of:\n - MY (Personal)\n - CA (Intermediate Certification Authorities)\n - ROOT (Trusted Root Certification Authorities)\n - TRUSTEDPUBLISHER (Trusted Publishers)\n - CLIENTAUTHISSUER (Client Authentication Issuers)\n - REMOTE DESKTOP (Remote Desktop)\n - TRUSTEDDEVICES (Trusted Devices)\n - WEBHOSTING (Web Hosting)\n - AUTHROOT (Third-Party Root Certification Authorities)\n - TRUSTEDPEOPLE (Trusted People)\n - SMARTCARDROOT (Smart Card Trusted Roots)\n - TRUST (Enterprise Trust)\n - DISALLOWED (Untrusted Certificates)\n- `user_store` - if false (default) then use the local machine store; if true then use the current user's store.\n\n#### Examples\n\n```ruby\n# Add PFX cert to local machine personal store and grant accounts read-only access to private key\nwindows_certificate \"c:/test/mycert.pfx\" do\n pfx_password \"password\"\n private_key_acl [\"acme\\fred\", \"pc\\jane\"]\nend\n```\n\n```ruby\n# Add cert to trusted intermediate store\nwindows_certificate \"c:/test/mycert.cer\" do\n store_name \"CA\"\nend\n```\n\n```ruby\n# Remove all certificates matching the subject\nwindows_certificate \"me.acme.com\" do\n action :delete\nend\n```\n\n### windows_certificate_binding\n\nBinds a certificate to an HTTP port in order to enable TLS communication.\n\n#### Actions\n\n- `:create` - creates or updates a binding.\n- `:delete` - deletes a binding.\n\n#### Properties\n\n- `cert_name` - name attribute. The thumbprint(hash) or subject that identifies the certificate to be bound.\n- `name_kind` - indicates the type of cert_name. One of :subject (default) or :hash.\n- `address` - the address to bind against. Default is 0.0.0.0 (all IP addresses). One of:\n - IP v4 address `1.2.3.4`\n - IP v6 address `[::1]`\n - Host name `www.foo.com`\n- `port` - the port to bind against. Default is 443.\n- `app_id` - the GUID that defines the application that owns the binding. Default is the values used by IIS.\n- `store_name` - the store to locate the certificate in. One of:\n - MY (Personal)\n - CA (Intermediate Certification Authorities)\n - ROOT (Trusted Root Certification Authorities)\n - TRUSTEDPUBLISHER (Trusted Publishers)\n - CLIENTAUTHISSUER (Client Authentication Issuers)\n - REMOTE DESKTOP (Remote Desktop)\n - TRUSTEDDEVICES (Trusted Devices)\n - WEBHOSTING (Web Hosting)\n - AUTHROOT (Third-Party Root Certification Authorities)\n - TRUSTEDPEOPLE (Trusted People)\n - SMARTCARDROOT (Smart Card Trusted Roots)\n - TRUST (Enterprise Trust)\n\n#### Examples\n\n```ruby\n# Bind the first certificate matching the subject to the default TLS port\nwindows_certificate_binding \"me.acme.com\" do\nend\n```\n\n```ruby\n# Bind a cert from the CA store with the given hash to port 4334\nwindows_certificate_binding \"me.acme.com\" do\n cert_name \"d234567890a23f567c901e345bc8901d34567890\"\n name_kind :hash\n store_name \"CA\"\n port 4334\nend\n```\n\n### windows_dns\n\nConfigures A and CNAME records in Windows DNS. This requires the DNSCMD to be installed, which is done by adding the DNS role to the server or installing the Remote Server Admin Tools.\n\n#### Actions\n\n- :create: creates/updates the DNS entry\n- :delete: deletes the DNS entry\n\n#### Properties\n\n- host_name: name attribute. FQDN of the entry to act on.\n- dns_server: the DNS server to update. Default is local machine (.)\n- record_type: the type of record to create. One of A (default) or CNAME\n- target: for A records an array of IP addresses to associate with the host; for CNAME records the FQDN of the host to alias\n- ttl: if > 0 then set the time to live of the record\n\n#### Examples\n\n```ruby\n# Create A record linked to 2 addresses with a 10 minute ttl\nwindows_dns \"m1.chef.test\" do\n target ['10.9.8.7', '1.2.3.4']\n ttl 600\nend\n```\n\n```ruby\n# Delete records. target is mandatory although not used\nwindows_dns \"m1.chef.test\" do\n action :delete\n target []\nend\n```\n\n```ruby\n# Set an alias against the node in a role\nnodes = search( :node, \"role:my_service\" )\nwindows_dns \"myservice.chef.test\" do\n record_type 'CNAME'\n target nodes[0]['fqdn']\nend\n```\n\n### windows_http_acl\n\nSets the Access Control List for an http URL to grant non-admin accounts permission to open HTTP endpoints.\n\n#### Actions\n\n- `:create` - creates or updates the ACL for a URL.\n- `:delete` - deletes the ACL from a URL.\n\n#### Properties\n\n- `url` - the name of the url to be created/deleted.\n- `sddl` - the DACL string configuring all permissions to URL. Mandatory for create if user is not provided. Can't be use with `user`.\n- `user` - the name (domain\\user) of the user or group to be granted permission to the URL. Mandatory for create if sddl is not provided. Can't be use with `sddl`. Only one user or group can be granted permission so this replaces any previously defined entry. If you receive a parameter error your user may not exist.\n\n#### Examples\n\n```ruby\nwindows_http_acl 'http://+:50051/' do\n user 'pc\\\\fred'\nend\n```\n\n```ruby\n# Grant access to users \"NT SERVICE\\WinRM\" and \"NT SERVICE\\Wecsvc\" via sddl\nwindows_http_acl 'http://+:5985/' do\n sddl 'D:(A;;GX;;;S-1-5-80-569256582-2953403351-2909559716-1301513147-412116970)(A;;GX;;;S-1-5-80-4059739203-877974739-1245631912-527174227-2996563517)'\nend\n```\n\n```ruby\nwindows_http_acl 'http://+:50051/' do\n action :delete\nend\n```\n\n### windows_share\n\n`Note`: This resource is now included in Chef 14.7 and later. There is no need to depend on the Windows cookbook for this resource.\n\nCreates, modifies and removes Windows shares. All properties are idempotent.\n\n`Note`: This resource uses PowerShell cmdlets introduced in Windows 2012/8.\n\n#### Actions\n\n- `:create`: creates/modifies a share\n- `:delete`: deletes a share\n\n#### Properties\n\nproperty | type | default | description\n------------------------ | ---------- | ------------- | -----------------------------------------------------------------------------------------------------------------------------------------------------------\n`share_name` | String | resource name | the share to assign to the share\n`path` | String | | The path of the location of the folder to share. Required when creating. If the share already exists on a different path then it is deleted and re-created.\n`description` | String | | description to be applied to the share\n`full_users` | Array | [] | users which should have \"Full control\" permissions\n`change_users` | Array | [] | Users are granted modify permission to access the share.\n`read_users` | Array | [] | users which should have \"Read\" permissions\n`temporary` | True/False | false | The lifetime of the new SMB share. A temporary share does not persist beyond the next restart of the computer\n`scope_name` | String | '*' | The scope name of the share.\n`ca_timeout` | Integer | 0 | The continuous availability time-out for the share.\n`continuously_available` | True/False | false | Indicates that the share is continuously available.\n`concurrent_user_limit` | Integer | 0 (unlimited) | The maximum number of concurrently connected users the share can accommodate\n`encrypt_data` | True/False | false | Indicates that the share is encrypted.\n\n#### Examples\n\n```ruby\nwindows_share \"foo\" do\n action :create\n path \"C:\\\\foo\"\n full_users [\"DOMAIN_A\\\\some_user\", \"DOMAIN_B\\\\some_other_user\"]\n read_users [\"DOMAIN_C\\\\Domain users\"]\nend\n```\n\n```ruby\nwindows_share \"foo\" do\n action :delete\nend\n```\n\n### windows_user_privilege\n\nAdds the `principal` (User/Group) to the specified privileges (such as `Logon as a batch job` or `Logon as a Service`).\n\n#### Actions\n\n- `:add` - add the specified privileges to the `principal`\n- `:remove` - remove the specified privilege of the `principal`\n\n#### Properties\n\n- `principal` - Name attribute, Required, String. The user or group to be granted privileges.\n- `privilege` - Required, String/Array. The privilege(s) to be granted.\n\n#### Examples\n\nGrant the Administrator user the `Logon as a batch job` and `Logon as a service` privilege.\n\n```ruby\nwindows_user_privilege 'Administrator' do\n privilege %w(SeBatchLogonRight SeServiceLogonRight)\nend\n```\n\nRemove `Logon as a batch job` privilege of Administrator.\n\n```ruby\nwindows_user_privilege 'Administrator' do\n privilege %w(SeBatchLogonRight)\n action :remove\nend\n```\n\n#### Available Privileges\n\n```\nSeTrustedCredManAccessPrivilege Access Credential Manager as a trusted caller\nSeNetworkLogonRight Access this computer from the network\nSeTcbPrivilege Act as part of the operating system\nSeMachineAccountPrivilege Add workstations to domain\nSeIncreaseQuotaPrivilege Adjust memory quotas for a process\nSeInteractiveLogonRight Allow log on locally\nSeRemoteInteractiveLogonRight Allow log on through Remote Desktop Services\nSeBackupPrivilege Back up files and directories\nSeChangeNotifyPrivilege Bypass traverse checking\nSeSystemtimePrivilege Change the system time\nSeTimeZonePrivilege Change the time zone\nSeCreatePagefilePrivilege Create a pagefile\nSeCreateTokenPrivilege Create a token object\nSeCreateGlobalPrivilege Create global objects\nSeCreatePermanentPrivilege Create permanent shared objects\nSeCreateSymbolicLinkPrivilege Create symbolic links\nSeDebugPrivilege Debug programs\nSeDenyNetworkLogonRight Deny access this computer from the network\nSeDenyBatchLogonRight Deny log on as a batch job\nSeDenyServiceLogonRight Deny log on as a service\nSeDenyInteractiveLogonRight Deny log on locally\nSeDenyRemoteInteractiveLogonRight Deny log on through Remote Desktop Services\nSeEnableDelegationPrivilege Enable computer and user accounts to be trusted for delegation\nSeRemoteShutdownPrivilege Force shutdown from a remote system\nSeAuditPrivilege Generate security audits\nSeImpersonatePrivilege Impersonate a client after authentication\nSeIncreaseWorkingSetPrivilege Increase a process working set\nSeIncreaseBasePriorityPrivilege Increase scheduling priority\nSeLoadDriverPrivilege Load and unload device drivers\nSeLockMemoryPrivilege Lock pages in memory\nSeBatchLogonRight Log on as a batch job\nSeServiceLogonRight Log on as a service\nSeSecurityPrivilege Manage auditing and security log\nSeRelabelPrivilege Modify an object label\nSeSystemEnvironmentPrivilege Modify firmware environment values\nSeManageVolumePrivilege Perform volume maintenance tasks\nSeProfileSingleProcessPrivilege Profile single process\nSeSystemProfilePrivilege Profile system performance\nSeUnsolicitedInputPrivilege \"Read unsolicited input from a terminal device\"\nSeUndockPrivilege Remove computer from docking station\nSeAssignPrimaryTokenPrivilege Replace a process level token\nSeRestorePrivilege Restore files and directories\nSeShutdownPrivilege Shut down the system\nSeSyncAgentPrivilege Synchronize directory service data\nSeTakeOwnershipPrivilege Take ownership of files or other objects\n```\n\n### windows_zipfile\n\nMost version of Windows do not ship with native cli utility for managing compressed files. This resource provides a pure-ruby implementation for managing zip files. Be sure to use the `not_if` or `only_if` meta parameters to guard the resource for idempotence or action will be taken every Chef run.\n\n#### Actions\n\n- `:unzip` - unzip a compressed file\n- `:zip` - zip a directory (recursively)\n\n#### Properties\n\n- `path` - name attribute. The path where files will be (un)zipped to.\n- `source` - source of the zip file (either a URI or local path) for :unzip, or directory to be zipped for :zip.\n- `overwrite` - force an overwrite of the files if they already exist.\n- `checksum` - for :unzip, useful if source is remote, if the local file matches the SHA-256 checksum, Chef will not download it.\n\n#### Examples\n\nUnzip a remote zip file locally\n\n```ruby\nwindows_zipfile 'c:/bin' do\n source 'http://download.sysinternals.com/Files/SysinternalsSuite.zip'\n action :unzip\n not_if {::File.exists?('c:/bin/PsExec.exe')}\nend\n```\n\nUnzip a local zipfile\n\n```ruby\nwindows_zipfile 'c:/the_codez' do\n source 'c:/foo/baz/the_codez.zip'\n action :unzip\nend\n```\n\nCreate a local zipfile\n\n```ruby\nwindows_zipfile 'c:/foo/baz/the_codez.zip' do\n source 'c:/the_codez'\n action :zip\nend\n```\n\n## Libraries\n\n### WindowsHelper\n\nHelper that allows you to use helpful functions in windows\n\n#### installed_packages\n\nReturns a hash of all DisplayNames installed\n\n```ruby\n# usage in a recipe\n::Chef::Recipe.send(:include, Windows::Helper)\nhash_of_installed_packages = installed_packages\n```\n\n#### is_package_installed?\n\n- `package_name` - The name of the package you want to query to see if it is installed\n- `returns` - true if the package is installed, false if it the package is not installed\n\nDownload a file if a package isn't installed\n\n```ruby\n# usage in a recipe to not download a file if package is already installed\n::Chef::Recipe.send(:include, Windows::Helper)\nis_win_sdk_installed = is_package_installed?('Windows Software Development Kit')\n\nremote_file 'C:\\windows\\temp\\windows_sdk.zip' do\n source 'http://url_to_download/windows_sdk.zip'\n action :create_if_missing\n not_if {is_win_sdk_installed}\nend\n```\n\nDo something if a package is installed\n\n```ruby\n# usage in a provider\ninclude Windows::Helper\nif is_package_installed?('Windows Software Development Kit')\n # do something if package is installed\nend\n```\n\n### Windows::VersionHelper\n\nHelper that allows you to get information of the windows version running on your node. It leverages windows ohai from kernel.os_info, easy to mock and to use even on linux.\n\n#### core_version?\n\nDetermines whether given node is running on a windows Core.\n\n```ruby\nif ::Windows::VersionHelper.core_version? node\n fail 'Windows Core is not supported'\nend\n```\n\n#### workstation_version?\n\nDetermines whether given node is a windows workstation version (XP, Vista, 7, 8, 8.1, 10)\n\n```ruby\nif ::Windows::VersionHelper.workstation_version? node\n fail 'Only server version of windows are supported'\nend\n```\n\n#### server_version?\n\nDetermines whether given node is a windows server version (Server 2003, Server 2008, Server 2012, Server 2016)\n\n```ruby\nif ::Windows::VersionHelper.server_version? node\n puts 'Server version of windows are cool'\nend\n```\n\n#### nt_version\n\nDetermines NT version of the given node\n\n```ruby\ncase ::Windows::VersionHelper.nt_version node\n when '6.0' then 'Windows vista or Server 2008'\n when '6.1' then 'Windows 7 or Server 2008R2'\n when '6.2' then 'Windows 8 or Server 2012'\n when '6.3' then 'Windows 8.1 or Server 2012R2'\n when '10.0' then 'Windows 10'\nend\n```\n\n## Usage\n\nPlace an explicit dependency on this cookbook (using depends in the cookbook's metadata.rb) from any cookbook where you would like to use the Windows-specific resources/providers that ship with this cookbook.\n\n```ruby\ndepends 'windows'\n```\n\n## License & Authors\n\n- Author:: Seth Chisamore ([schisamo@chef.io](mailto:schisamo@chef.io))\n- Author:: Doug MacEachern ([dougm@vmware.com](mailto:dougm@vmware.com))\n- Author:: Paul Morton ([pmorton@biaprotect.com](mailto:pmorton@biaprotect.com))\n- Author:: Doug Ireton ([doug.ireton@nordstrom.com](mailto:doug.ireton@nordstrom.com))\n\n```text\nCopyright 2011-2018, Chef Software, Inc.\nCopyright 2010, VMware, Inc.\nCopyright 2011, Business Intelligence Associates, Inc\nCopyright 2012, Nordstrom, Inc.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache-2.0","platforms":{"windows":">= 0.0.0"},"dependencies":{},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{},"source_url":"https://github.com/chef-cookbooks/windows","issues_url":"https://github.com/chef-cookbooks/windows/issues","chef_version":[[">= 14"]],"ohai_version":[]} \ No newline at end of file +{"name":"windows","version":"7.0.2","description":"Provides a set of useful Windows-specific primitives.","long_description":"","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache-2.0","platforms":{"windows":">= 0.0.0"},"dependencies":{},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{},"source_url":"https://github.com/chef-cookbooks/windows","issues_url":"https://github.com/chef-cookbooks/windows/issues","chef_version":[[">= 14.7"]],"ohai_version":[]} \ No newline at end of file diff --git a/cookbooks/windows/metadata.rb b/cookbooks/windows/metadata.rb index f65f147..a29d628 100644 --- a/cookbooks/windows/metadata.rb +++ b/cookbooks/windows/metadata.rb @@ -3,9 +3,8 @@ maintainer 'Chef Software, Inc.' maintainer_email 'cookbooks@chef.io' license 'Apache-2.0' description 'Provides a set of useful Windows-specific primitives.' -long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) -version '6.0.0' +version '7.0.2' supports 'windows' source_url 'https://github.com/chef-cookbooks/windows' issues_url 'https://github.com/chef-cookbooks/windows/issues' -chef_version '>= 14' +chef_version '>= 14.7' diff --git a/cookbooks/windows/providers/dns.rb b/cookbooks/windows/providers/dns.rb index f6a8b31..fae9858 100644 --- a/cookbooks/windows/providers/dns.rb +++ b/cookbooks/windows/providers/dns.rb @@ -23,11 +23,6 @@ include Windows::Helper -# Support whyrun -def whyrun_supported? - true -end - action :create do if @current_resource.exists needs_change = (@new_resource.record_type != @current_resource.record_type) || diff --git a/cookbooks/windows/resources/certificate.rb b/cookbooks/windows/resources/certificate.rb deleted file mode 100644 index 4003fbb..0000000 --- a/cookbooks/windows/resources/certificate.rb +++ /dev/null @@ -1,301 +0,0 @@ -# -# Author:: Richard Lavey (richard.lavey@calastone.com) -# Cookbook:: windows -# Resource:: certificate -# -# Copyright:: 2015-2017, Calastone Ltd. -# Copyright:: 2018-2019, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -require 'chef/util/path_helper' - -chef_version_for_provides '< 14.7' if respond_to?(:chef_version_for_provides) -resource_name :windows_certificate - -property :source, String, name_property: true -property :pfx_password, String -property :private_key_acl, Array -property :store_name, String, default: 'MY', equal_to: ['TRUSTEDPUBLISHER', 'TrustedPublisher', 'CLIENTAUTHISSUER', 'REMOTE DESKTOP', 'ROOT', 'TRUSTEDDEVICES', 'WEBHOSTING', 'CA', 'AUTHROOT', 'TRUSTEDPEOPLE', 'MY', 'SMARTCARDROOT', 'TRUST', 'DISALLOWED'] -property :user_store, [TrueClass, FalseClass], default: false -property :cert_path, String -property :sensitive, [ TrueClass, FalseClass ], default: lazy { |r| r.pfx_password ? true : false } - -action :create do - load_gem - - # Extension of the certificate - ext = ::File.extname(new_resource.source) - cert_obj = fetch_cert_object(ext) # Fetch OpenSSL::X509::Certificate object - thumbprint = OpenSSL::Digest::SHA1.new(cert_obj.to_der).to_s # Fetch its thumbprint - - # Need to check if return value is Boolean:true - # If not then the given certificate should be added in certstore - if verify_cert(thumbprint) == true - Chef::Log.debug('Certificate is already present') - else - converge_by("Adding certificate #{new_resource.source} into Store #{new_resource.store_name}") do - if ext == '.pfx' - add_pfx_cert - else - add_cert(cert_obj) - end - end - end -end - -# acl_add is a modify-if-exists operation : not idempotent -action :acl_add do - if ::File.exist?(new_resource.source) - hash = '$cert.GetCertHashString()' - code_script = cert_script(false) - guard_script = cert_script(false) - else - # make sure we have no spaces in the hash string - hash = "\"#{new_resource.source.gsub(/\s/, '')}\"" - code_script = '' - guard_script = '' - end - code_script << acl_script(hash) - guard_script << cert_exists_script(hash) - - powershell_script "setting the acls on #{new_resource.source} in #{cert_location}\\#{new_resource.store_name}" do - guard_interpreter :powershell_script - convert_boolean_return true - code code_script - only_if guard_script - sensitive if new_resource.sensitive - end -end - -action :delete do - load_gem - - cert_obj = fetch_cert - if cert_obj - converge_by("Deleting certificate #{new_resource.source} from Store #{new_resource.store_name}") do - delete_cert - end - else - Chef::Log.debug('Certificate not found') - end -end - -action :fetch do - load_gem - - cert_obj = fetch_cert - if cert_obj - show_or_store_cert(cert_obj) - else - Chef::Log.debug('Certificate not found') - end -end - -action :verify do - load_gem - - out = verify_cert - if !!out == out - out = out ? 'Certificate is valid' : 'Certificate not valid' - end - Chef::Log.info(out.to_s) -end - -action_class do - require 'openssl' - - # load the gem and rescue a gem install if it fails to load - def load_gem - gem 'win32-certstore', '>= 0.2.4' - require 'win32-certstore' # until this is in core chef - rescue LoadError - Chef::Log.debug('Did not find win32-certstore >= 0.2.4 gem installed. Installing now') - chef_gem 'win32-certstore' do - compile_time true - action :upgrade - end - - require 'win32-certstore' - end - - def add_cert(cert_obj) - store = ::Win32::Certstore.open(new_resource.store_name) - store.add(cert_obj) - end - - def add_pfx_cert - store = ::Win32::Certstore.open(new_resource.store_name) - store.add_pfx(new_resource.source, new_resource.pfx_password) - end - - def delete_cert - store = ::Win32::Certstore.open(new_resource.store_name) - store.delete(new_resource.source) - end - - def fetch_cert - store = ::Win32::Certstore.open(new_resource.store_name) - store.get(new_resource.source) - end - - # Checks whether a certificate with the given thumbprint - # is already present and valid in certificate store - # If the certificate is not present, verify_cert returns a String: "Certificate not found" - # But if it is present but expired, it returns a Boolean: false - # Otherwise, it returns a Boolean: true - def verify_cert(thumbprint = new_resource.source) - store = ::Win32::Certstore.open(new_resource.store_name) - store.valid?(thumbprint) - end - - def show_or_store_cert(cert_obj) - if new_resource.cert_path - export_cert(cert_obj, new_resource.cert_path) - if ::File.size(new_resource.cert_path) > 0 - Chef::Log.info("Certificate export in #{new_resource.cert_path}") - else - ::File.delete(new_resource.cert_path) - end - else - Chef::Log.info(cert_obj.display) - end - end - - def export_cert(cert_obj, cert_path) - out_file = ::File.new(cert_path, 'w+') - case ::File.extname(cert_path) - when '.pem' - out_file.puts(cert_obj.to_pem) - when '.der' - out_file.puts(cert_obj.to_der) - when '.cer' - cert_out = powershell_out("openssl x509 -text -inform DER -in #{cert_obj.to_pem} -outform CER").stdout - out_file.puts(cert_out) - when '.crt' - cert_out = powershell_out("openssl x509 -text -inform DER -in #{cert_obj.to_pem} -outform CRT").stdout - out_file.puts(cert_out) - when '.pfx' - cert_out = powershell_out("openssl pkcs12 -export -nokeys -in #{cert_obj.to_pem} -outform PFX").stdout - out_file.puts(cert_out) - when '.p7b' - cert_out = powershell_out("openssl pkcs7 -export -nokeys -in #{cert_obj.to_pem} -outform P7B").stdout - out_file.puts(cert_out) - else - Chef::Log.info('Supported certificate format .pem, .der, .cer, .crt, .pfx and .p7b') - end - out_file.close - end - - def cert_location - @location ||= new_resource.user_store ? 'CurrentUser' : 'LocalMachine' - end - - def cert_script(persist) - cert_script = '$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2' - file = Chef::Util::PathHelper.cleanpath(new_resource.source) - cert_script << " \"#{file}\"" - if ::File.extname(file.downcase) == '.pfx' - cert_script << ", \"#{new_resource.pfx_password}\"" - if persist && new_resource.user_store - cert_script << ', ([System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet)' - elsif persist - cert_script << ', ([System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet -bor [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::MachineKeyset)' - end - end - cert_script << "\n" - end - - def cert_exists_script(hash) - <<-EOH -$hash = #{hash} -Test-Path "Cert:\\#{cert_location}\\#{new_resource.store_name}\\$hash" - EOH - end - - def within_store_script - inner_script = yield '$store' - <<-EOH -$store = New-Object System.Security.Cryptography.X509Certificates.X509Store "#{new_resource.store_name}", ([System.Security.Cryptography.X509Certificates.StoreLocation]::#{cert_location}) -$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite) -#{inner_script} -$store.Close() - EOH - end - - def acl_script(hash) - return '' if new_resource.private_key_acl.nil? || new_resource.private_key_acl.empty? - - # this PS came from http://blogs.technet.com/b/operationsguy/archive/2010/11/29/provide-access-to-private-keys-commandline-vs-powershell.aspx - # and from https://msdn.microsoft.com/en-us/library/windows/desktop/bb204778(v=vs.85).aspx - set_acl_script = <<-EOH -$hash = #{hash} -$storeCert = Get-ChildItem "cert:\\#{cert_location}\\#{new_resource.store_name}\\$hash" -if ($storeCert -eq $null) { throw 'no key exists.' } -$keyname = $storeCert.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName -if ($keyname -eq $null) { throw 'no private key exists.' } -if ($storeCert.PrivateKey.CspKeyContainerInfo.MachineKeyStore) -{ - $fullpath = "$Env:ProgramData\\Microsoft\\Crypto\\RSA\\MachineKeys\\$keyname" -} -else -{ - $currentUser = New-Object System.Security.Principal.NTAccount($Env:UserDomain, $Env:UserName) - $userSID = $currentUser.Translate([System.Security.Principal.SecurityIdentifier]).Value - $fullpath = "$Env:ProgramData\\Microsoft\\Crypto\\RSA\\$userSID\\$keyname" -} - EOH - new_resource.private_key_acl.each do |name| - set_acl_script << "$uname='#{name}'; icacls $fullpath /grant $uname`:RX\n" - end - set_acl_script - end - - # Method returns an OpenSSL::X509::Certificate object - # - # Based on its extension, the certificate contents are used to initialize - # PKCS12 (PFX), PKCS7 (P7B) objects which contains OpenSSL::X509::Certificate. - # - # @note Other then PEM, all the certificates are usually in binary format, and hence - # their contents are loaded by using File.binread - # - # @param ext [String] Extension of the certificate - # - # @return [OpenSSL::X509::Certificate] Object containing certificate's attributes - # - # @raise [OpenSSL::PKCS12::PKCS12Error] When incorrect password is provided for PFX certificate - # - def fetch_cert_object(ext) - contents = if binary_cert? - ::File.binread(new_resource.source) - else - ::File.read(new_resource.source) - end - - case ext - when '.pfx' - OpenSSL::PKCS12.new(contents, new_resource.pfx_password).certificate - when '.p7b' - OpenSSL::PKCS7.new(contents).certificates.first - else - OpenSSL::X509::Certificate.new(contents) - end - end - - # @return [Boolean] Whether the certificate file is binary encoded or not - # - def binary_cert? - powershell_out!("file -b --mime-encoding #{new_resource.source}").stdout.strip == 'binary' - end -end diff --git a/cookbooks/windows/resources/certificate_binding.rb b/cookbooks/windows/resources/certificate_binding.rb index df0aa44..5d908ec 100644 --- a/cookbooks/windows/resources/certificate_binding.rb +++ b/cookbooks/windows/resources/certificate_binding.rb @@ -19,7 +19,6 @@ # limitations under the License. # -include Chef::Mixin::PowershellOut include Windows::Helper property :cert_name, String, name_property: true @@ -28,7 +27,7 @@ property :address, String, default: '0.0.0.0' property :port, Integer, default: 443 property :app_id, String, default: '{4dc3e181-e14b-4a21-b022-59fc669b0914}' property :store_name, String, default: 'MY', equal_to: ['TRUSTEDPUBLISHER', 'CLIENTAUTHISSUER', 'REMOTE DESKTOP', 'ROOT', 'TRUSTEDDEVICES', 'WEBHOSTING', 'CA', 'AUTHROOT', 'TRUSTEDPEOPLE', 'MY', 'SMARTCARDROOT', 'TRUST'] -property :exists, [true, false], desired_state: true +property :exists, [true, false] load_current_value do |desired| mode = desired.address.match(/(\d+\.){3}\d+|\[.+\]/).nil? ? 'hostnameport' : 'ipport' diff --git a/cookbooks/windows/resources/dns.rb b/cookbooks/windows/resources/dns.rb index 35b0274..30149d4 100644 --- a/cookbooks/windows/resources/dns.rb +++ b/cookbooks/windows/resources/dns.rb @@ -1,6 +1,6 @@ # # Author:: Richard Lavey (richard.lavey@calastone.com) -# Cookbook Name:: windows +# Cookbook:: windows # Resource:: dns # # Copyright:: 2015, Calastone Ltd. @@ -18,10 +18,9 @@ # limitations under the License. # -actions :create, :delete default_action :create -attribute :host_name, kind_of: String, name_property: true, required: true +attribute :host_name, kind_of: String, required: true attribute :record_type, kind_of: String, default: 'A', regex: /^(?:A|CNAME)$/ attribute :dns_server, kind_of: String, default: '.' attribute :target, kind_of: [Array, String], required: true diff --git a/cookbooks/windows/resources/http_acl.rb b/cookbooks/windows/resources/http_acl.rb index c675043..b78f126 100644 --- a/cookbooks/windows/resources/http_acl.rb +++ b/cookbooks/windows/resources/http_acl.rb @@ -23,7 +23,7 @@ include Windows::Helper property :url, String, name_property: true property :user, String property :sddl, String -property :exists, [true, false], desired_state: true +property :exists, [true, false] # See https://msdn.microsoft.com/en-us/library/windows/desktop/cc307236%28v=vs.85%29.aspx for netsh info diff --git a/cookbooks/windows/resources/schannel.rb b/cookbooks/windows/resources/schannel.rb new file mode 100644 index 0000000..d608601 --- /dev/null +++ b/cookbooks/windows/resources/schannel.rb @@ -0,0 +1,39 @@ +# +# Author:: Jason Field (jason.field@calastone.com) +# Cookbook:: windows +# Resource:: schannel +# +# Copyright:: 2019, Calastone Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +property :use_strong_crypto, [true, false], default: true + +action :configure do + registry_key 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319' do + values [{ + name: 'SchUseStrongCrypto', + type: :dword, + data: new_resource.use_strong_crypto ? 1 : 0, + }] + end + + registry_key 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\.NETFramework\\v4.0.30319' do + values [{ + name: 'SchUseStrongCrypto', + type: :dword, + data: new_resource.use_strong_crypto ? 1 : 0, + }] + end +end diff --git a/cookbooks/windows/resources/share.rb b/cookbooks/windows/resources/share.rb deleted file mode 100644 index 9e5196b..0000000 --- a/cookbooks/windows/resources/share.rb +++ /dev/null @@ -1,288 +0,0 @@ -# -# Author:: Sölvi Páll Ásgeirsson () -# Author:: Richard Lavey (richard.lavey@calastone.com) -# Author:: Tim Smith (tsmith@chef.io) -# Cookbook:: windows -# Resource:: share -# -# Copyright:: 2014-2017, Sölvi Páll Ásgeirsson. -# Copyright:: 2018, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -chef_version_for_provides '< 14.7' if respond_to?(:chef_version_for_provides) -resource_name :windows_share - -require 'chef/json_compat' -require 'chef/util/path_helper' - -# Specifies a name for the SMB share. The name may be composed of any valid file name characters, but must be less than 80 characters long. The names pipe and mailslot are reserved for use by the computer. -property :share_name, String, name_property: true - -# Specifies the path of the location of the folder to share. The path must be fully qualified. Relative paths or paths that contain wildcard characters are not permitted. -property :path, String - -# Specifies an optional description of the SMB share. A description of the share is displayed by running the Get-SmbShare cmdlet. The description may not contain more than 256 characters. -property :description, String, default: '' - -# Specifies which accounts are granted full permission to access the share. Use a comma-separated list to specify multiple accounts. An account may not be specified more than once in the FullAccess, ChangeAccess, or ReadAccess parameter lists, but may be specified once in the FullAccess, ChangeAccess, or ReadAccess parameter list and once in the NoAccess parameter list. -property :full_users, Array, default: [], coerce: proc { |u| u.sort } - -# Specifies which users are granted modify permission to access the share -property :change_users, Array, default: [], coerce: proc { |u| u.sort } - -# Specifies which users are granted read permission to access the share. Multiple users can be specified by supplying a comma-separated list. -property :read_users, Array, default: [], coerce: proc { |u| u.sort } - -# Specifies the lifetime of the new SMB share. A temporary share does not persist beyond the next restart of the computer. By default, new SMB shares are persistent, and non-temporary. -property :temporary, [true, false], default: false - -# Specifies the scope name of the share. -property :scope_name, String, default: '*' - -# Specifies the continuous availability time-out for the share. -property :ca_timeout, Integer, default: 0 - -# Indicates that the share is continuously available. -property :continuously_available, [true, false], default: false - -# Specifies the caching mode of the offline files for the SMB share. -# property :caching_mode, String, equal_to: %w(None Manual Documents Programs BranchCache) - -# Specifies the maximum number of concurrently connected users that the new SMB share may accommodate. If this parameter is set to zero (0), then the number of users is unlimited. -property :concurrent_user_limit, Integer, default: 0 - -# Indicates that the share is encrypted. -property :encrypt_data, [true, false], default: false - -# Specifies which files and folders in the SMB share are visible to users. AccessBased: SMB does not the display the files and folders for a share to a user unless that user has rights to access the files and folders. By default, access-based enumeration is disabled for new SMB shares. Unrestricted: SMB displays files and folders to a user even when the user does not have permission to access the items. -# property :folder_enumeration_mode, String, equal_to: %(AccessBased Unrestricted) - -include Chef::Mixin::PowershellOut - -load_current_value do |desired| - # this command selects individual objects because EncryptData & CachingMode have underlying - # types that get converted to their Integer values by ConvertTo-Json & we need to make sure - # those get written out as strings - share_state_cmd = "Get-SmbShare -Name '#{desired.share_name}' | Select-Object Name,Path, Description, Temporary, CATimeout, ContinuouslyAvailable, ConcurrentUserLimit, EncryptData | ConvertTo-Json" - - Chef::Log.debug("Running '#{share_state_cmd}' to determine share state'") - ps_results = powershell_out(share_state_cmd) - - # detect a failure without raising and then set current_resource to nil - if ps_results.error? - Chef::Log.debug("Error fetching share state: #{ps_results.stderr}") - current_value_does_not_exist! - end - - Chef::Log.debug("The Get-SmbShare results were #{ps_results.stdout}") - results = Chef::JSONCompat.from_json(ps_results.stdout) - - path results['Path'] - description results['Description'] - temporary results['Temporary'] - ca_timeout results['CATimeout'] - continuously_available results['ContinuouslyAvailable'] - # caching_mode results['CachingMode'] - concurrent_user_limit results['ConcurrentUserLimit'] - encrypt_data results['EncryptData'] - # folder_enumeration_mode results['FolderEnumerationMode'] - - perm_state_cmd = %(Get-SmbShareAccess -Name "#{desired.share_name}" | Select-Object AccountName,AccessControlType,AccessRight | ConvertTo-Json) - - Chef::Log.debug("Running '#{perm_state_cmd}' to determine share permissions state'") - ps_perm_results = powershell_out(perm_state_cmd) - - # we raise here instead of warning like above because we'd only get here if the above Get-SmbShare - # command was successful and that continuing would leave us with 1/2 known state - raise "Could not determine #{desired.share_name} share permissions by running '#{perm_state_cmd}'" if ps_perm_results.error? - - Chef::Log.debug("The Get-SmbShareAccess results were #{ps_perm_results.stdout}") - - f_users, c_users, r_users = parse_permissions(ps_perm_results.stdout) - - full_users f_users - change_users c_users - read_users r_users -end - -def after_created - raise 'The windows_share resource relies on PowerShell cmdlets not present in Windows releases prior to 8/2012. Cannot continue!' if node['platform_version'].to_f < 6.3 -end - -# given the string output of Get-SmbShareAccess parse out -# arrays of full access users, change users, and read only users -def parse_permissions(results_string) - json_results = Chef::JSONCompat.from_json(results_string) - json_results = [json_results] unless json_results.is_a?(Array) # single result is not an array - - f_users = [] - c_users = [] - r_users = [] - - json_results.each do |perm| - next unless perm['AccessControlType'] == 0 # allow - case perm['AccessRight'] - when 0 then f_users << stripped_account(perm['AccountName']) # 0 full control - when 1 then c_users << stripped_account(perm['AccountName']) # 1 == change - when 2 then r_users << stripped_account(perm['AccountName']) # 2 == read - end - end - [f_users, c_users, r_users] -end - -# local names are returned from Get-SmbShareAccess in the full format MACHINE\\NAME -# but users of this resource would simply say NAME so we need to strip the values for comparison -def stripped_account(name) - name.slice!("#{node['hostname']}\\") - name -end - -action :create do - # we do this here instead of requiring the property because :delete doesn't need path set - raise 'No path property set' unless new_resource.path - - converge_if_changed do - # you can't actually change the path so you have to delete the old share first - if different_path? - Chef::Log.debug('The path has changed so we will delete and recreate share') - delete_share - create_share - elsif current_resource.nil? - # powershell cmdlet for create is different than updates - Chef::Log.debug('The current resource is nil so we will create a new share') - create_share - else - Chef::Log.debug('The current resource was not nil so we will update an existing share') - update_share - end - - # creating the share does not set permissions so we need to update - update_permissions - end -end - -action :delete do - if current_resource.nil? - Chef::Log.debug("#{new_resource.share_name} does not exist - nothing to do") - else - converge_by("delete #{new_resource.share_name}") do - delete_share - end - end -end - -action_class do - def different_path? - return false if current_resource.nil? # going from nil to something isn't different for our concerns - return false if current_resource.path == Chef::Util::PathHelper.cleanpath(new_resource.path) - true - end - - def delete_share - delete_command = "Remove-SmbShare -Name '#{new_resource.share_name}' -Force" - - Chef::Log.debug("Running '#{delete_command}' to remove the share") - powershell_out!(delete_command) - end - - def update_share - update_command = "Set-SmbShare -Name '#{new_resource.share_name}' -Description '#{new_resource.description}' -Force" - - Chef::Log.debug("Running '#{update_command}' to update the share") - powershell_out!(update_command) - end - - def create_share - raise "#{new_resource.path} is missing or not a directory. Shares cannot be created if the path doesn't first exist." unless ::File.directory? new_resource.path - - share_cmd = "New-SmbShare -Name '#{new_resource.share_name}' -Path '#{Chef::Util::PathHelper.cleanpath(new_resource.path)}' -Description '#{new_resource.description}' -ConcurrentUserLimit #{new_resource.concurrent_user_limit} -CATimeout #{new_resource.ca_timeout} -EncryptData:#{bool_string(new_resource.encrypt_data)} -ContinuouslyAvailable:#{bool_string(new_resource.continuously_available)}" - share_cmd << " -ScopeName #{new_resource.scope_name}" unless new_resource.scope_name == '*' # passing * causes the command to fail - share_cmd << " -Temporary:#{bool_string(new_resource.temporary)}" if new_resource.temporary # only set true - - Chef::Log.debug("Running '#{share_cmd}' to create the share") - powershell_out!(share_cmd) - - # New-SmbShare adds the "Everyone" user with read access no matter what so we need to remove it - # before we add our permissions - revoke_user_permissions(['Everyone']) - end - - # determine what users in the current state don't exist in the desired state - # users/groups will have their permissions updated with the same command that - # sets it, but removes must be performed with Revoke-SmbShareAccess - def users_to_revoke - @users_to_revoke ||= begin - # if the resource doesn't exist then nothing needs to be revoked - if current_resource.nil? - [] - else # if it exists then calculate the current to new resource diffs - (current_resource.full_users + current_resource.change_users + current_resource.read_users) - (new_resource.full_users + new_resource.change_users + new_resource.read_users) - end - end - end - - # update existing permissions on a share - def update_permissions - # revoke any users that had something, but now has nothing - revoke_user_permissions(users_to_revoke) unless users_to_revoke.empty? - - # set permissions for each of the permission types - %w(full read change).each do |perm_type| - # set permissions for a brand new share OR - # update permissions if the current state and desired state differ - next unless permissions_need_update?(perm_type) - grant_command = "Grant-SmbShareAccess -Name '#{new_resource.share_name}' -AccountName \"#{new_resource.send("#{perm_type}_users").join('","')}\" -Force -AccessRight #{perm_type}" - - Chef::Log.debug("Running '#{grant_command}' to update the share permissions") - powershell_out!(grant_command) - end - end - - # determine if permissions need to be updated. - # Brand new share with no permissions defined: no - # Brand new share with permissions defined: yes - # Existing share with differing permissions: yes - # - # @param [String] type the permissions type (Full, Read, or Change) - def permissions_need_update?(type) - property_name = "#{type}_users" - - # brand new share, but nothing to set - return false if current_resource.nil? && new_resource.send(property_name).empty? - - # brand new share with new permissions to set - return true if current_resource.nil? && !new_resource.send(property_name).empty? - - # there's a difference between the current and desired state - return true unless (new_resource.send(property_name) - current_resource.send(property_name)).empty? - - # anything else - false - end - - # revoke user permissions from a share - # @param [Array] users - def revoke_user_permissions(users) - revoke_command = "Revoke-SmbShareAccess -Name '#{new_resource.share_name}' -AccountName \"#{users.join('","')}\" -Force" - Chef::Log.debug("Running '#{revoke_command}' to revoke share permissions") - powershell_out!(revoke_command) - end - - # convert True/False into "$True" & "$False" - def bool_string(bool) - # bool ? 1 : 0 - bool ? '$true' : '$false' - end -end diff --git a/cookbooks/windows/resources/user_privilege.rb b/cookbooks/windows/resources/user_privilege.rb index 2264ded..e01888a 100644 --- a/cookbooks/windows/resources/user_privilege.rb +++ b/cookbooks/windows/resources/user_privilege.rb @@ -4,11 +4,13 @@ # Resource:: user_privilege # +chef_version_for_provides '< 16.0' if respond_to?(:chef_version_for_provides) + property :principal, String, name_property: true -property :privilege, [Array, String], required: true, coerce: proc { |v| [*v].sort } +property :privilege, [Array, String], required: true, coerce: proc { |v| Array(v).sort } action :add do - ([*new_resource.privilege] - [*current_resource.privilege]).each do |user_right| + new_resource.privilege - Array(current_resource.privilege).each do |user_right| converge_by("adding user privilege #{user_right}") do Chef::ReservedNames::Win32::Security.add_account_right(new_resource.principal, user_right) end diff --git a/cookbooks/windows/resources/zipfile.rb b/cookbooks/windows/resources/zipfile.rb index 424717b..f182b5a 100644 --- a/cookbooks/windows/resources/zipfile.rb +++ b/cookbooks/windows/resources/zipfile.rb @@ -116,6 +116,7 @@ action_class do def ensure_rubyzip_gem_installed require 'zip' + Chef::Log.warn('The windows_zipfile resource has been deprecated as Chef Infra Client 15.0 shipped with a new archive_file resource, which natively handles multiple archive formats. Please update any cookbooks using this resource to instead use the `archive_file` resource: https://docs.chef.io/resource_archive_file.html') rescue LoadError Chef::Log.info("Missing gem 'rubyzip'...installing now.") chef_gem 'rubyzip' do diff --git a/cookbooks/yum-epel/CHANGELOG.md b/cookbooks/yum-epel/CHANGELOG.md index 08b13d6..30780aa 100644 --- a/cookbooks/yum-epel/CHANGELOG.md +++ b/cookbooks/yum-epel/CHANGELOG.md @@ -2,6 +2,61 @@ This file is used to list changes made in each version of the yum-epel cookbook. +## 4.2.3 - *2021-11-03* + +- Rename helper method to `epel_8_repos` to not conflict with yum-centos + +## 4.2.2 - *2021-11-02* + +- Update documentation for epel on CentOS Stream + +## 4.2.1 - *2021-11-02* + +- Add epel and epel-debuginfo repos by default for CentOS Streams + +## 4.2.0 - *2021-11-02* + +- Add support for CentOS Stream 8 + +## 4.1.4 - *2021-08-30* + +- Standardise files with files in sous-chefs/repo-management + +## 4.1.3 - *2021-07-14* + +- Remove deprecated `failoverprorioty` setting + +## 4.1.2 - *2021-06-01* + +- Standardise files with files in sous-chefs/repo-management + +## 4.1.1 - *2021-01-24* + +- Fix support for Oracle Linux + +## 4.1.0 - *2021-01-14* + +- Sous Chefs Adoption + +## 4.0.1 (2021-01-04) + +- Return empty array on non-yum systems - [@ramereth](https://github.com/ramereth) + +## 4.0.0 (2020-12-15) + +- Cookstyle fixes - [@tas50](https://github.com/tas50) +- Switch all http URLs to HTTPS URLs - [@damacus](https://github.com/damacus) +- Switch gpgkey urls - [@knightorc](https://github.com/knightorc) +- Require Chef 12.15+ - [@tas50](https://github.com/tas50) +- Remove CentOS 6 / Amazon Linux 201X support/testing - [@ramereth](https://github.com/ramereth) +- Improve InSpec test by using yum.repo resource - [@ramereth](https://github.com/ramereth) +- Fix repo descriptions on Amazon Linux - [@ramereth](https://github.com/ramereth) +- Test all supported repos in new "all" suite - [@ramereth](https://github.com/ramereth) +- Ensure other epel repos are not enabled in default suite - [@ramereth](https://github.com/ramereth) +- Add various modular and playground repos for EL8 - [@ramereth](https://github.com/ramereth) +- Update README - [@ramereth](https://github.com/ramereth) +- Cleanup metadata.rb formatting - [@ramereth](https://github.com/ramereth) + ## 3.3.0 (2018-10-09) - Fix cookbook to work on all releases of Amazon Linux 2 diff --git a/cookbooks/yum-epel/CONTRIBUTING.md b/cookbooks/yum-epel/CONTRIBUTING.md deleted file mode 100644 index ef2f2b8..0000000 --- a/cookbooks/yum-epel/CONTRIBUTING.md +++ /dev/null @@ -1,2 +0,0 @@ -Please refer to -https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD diff --git a/cookbooks/yum-epel/LICENSE b/cookbooks/yum-epel/LICENSE new file mode 100644 index 0000000..8f71f43 --- /dev/null +++ b/cookbooks/yum-epel/LICENSE @@ -0,0 +1,202 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/cookbooks/yum-epel/README.md b/cookbooks/yum-epel/README.md index 734d106..bbd3312 100644 --- a/cookbooks/yum-epel/README.md +++ b/cookbooks/yum-epel/README.md @@ -1,10 +1,40 @@ # yum-epel Cookbook -[![Build Status](https://travis-ci.org/chef-cookbooks/yum-epel.svg?branch=master)](http://travis-ci.org/chef-cookbooks/yum-epel) [![Cookbook Version](https://img.shields.io/cookbook/v/yum-epel.svg)](https://supermarket.chef.io/cookbooks/yum-epel) +[![Cookbook Version](https://img.shields.io/cookbook/v/yum-epel.svg)](https://supermarket.chef.io/cookbooks/yum-epel) +[![CI State](https://github.com/sous-chefs/yum-epel/workflows/ci/badge.svg)](https://github.com/sous-chefs/yum-epel/actions?query=workflow%3Aci) +[![OpenCollective](https://opencollective.com/sous-chefs/backers/badge.svg)](#backers) +[![OpenCollective](https://opencollective.com/sous-chefs/sponsors/badge.svg)](#sponsors) +[![License](https://img.shields.io/badge/License-Apache%202.0-green.svg)](https://opensource.org/licenses/Apache-2.0) -Extra Packages for Enterprise Linux (or EPEL) is a Fedora Special Interest Group that creates, maintains, and manages a high quality set of additional packages for Enterprise Linux, including, but not limited to, Red Hat Enterprise Linux (RHEL), CentOS and Scientific Linux (SL), Oracle Linux (OL). +Extra Packages for Enterprise Linux (or EPEL) is a Fedora Special Interest Group that creates, maintains, and manages a high quality set of additional packages for Enterprise Linux, including, but not limited to, Red Hat Enterprise Linux (RHEL), CentOS , CentOS Stream and Scientific Linux (SL), Oracle Linux (OL). -The yum-epel cookbook takes over management of the default repositoryids shipped with epel-release. It allows attribute manipulation of `epel`, `epel-debuginfo`, `epel-source`, `epel-testing`, `epel-testing-debuginfo`, and `epel-testing-source`. +The yum-epel cookbook takes over management of the default repositoryids shipped with epel-release. + +Below is a table showing which repositoryids we manage that are shipped by default via the epel-release package: + +| Repo ID | EL 7 | EL 8 | CentOS Stream 8 | +| ------------------------------ | :--------------: | :--------------: | :--------------: | +| epel |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:| +| epel-debuginfo |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:| +| epel-modular | :x: |:heavy_check_mark:|:heavy_check_mark:| +| epel-modular-debuginfo | :x: |:heavy_check_mark:|:heavy_check_mark:| +| epel-modular-source | :x: |:heavy_check_mark:|:heavy_check_mark:| +| epel-next | :x: | :x: |:heavy_check_mark:| +| epel-next-debuginfo | :x: | :x: |:heavy_check_mark:| +| epel-next-source | :x: | :x: |:heavy_check_mark:| +| epel-next-testing | :x: | :x: |:heavy_check_mark:| +| epel-next-testing-debug | :x: | :x: |:heavy_check_mark:| +| epel-next-testing-source | :x: | :x: |:heavy_check_mark:| +| epel-playground | :x: |:heavy_check_mark:|:heavy_check_mark:| +| epel-playground-debuginfo | :x: |:heavy_check_mark:|:heavy_check_mark:| +| epel-playground-source | :x: |:heavy_check_mark:|:heavy_check_mark:| +| epel-source |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:| +| epel-testing |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:| +| epel-testing-debuginfo |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:| +| epel-testing-modular | :x: |:heavy_check_mark:|:heavy_check_mark:| +| epel-testing-modular-debuginfo | :x: |:heavy_check_mark:|:heavy_check_mark:| +| epel-testing-modular-source | :x: |:heavy_check_mark:|:heavy_check_mark:| +| epel-testing-source |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:| ## Requirements @@ -14,7 +44,11 @@ The yum-epel cookbook takes over management of the default repositoryids shipped ### Chef -- Chef 12.14+ +- Chef 12.15+ + +## Maintainers + +This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks. If you’d like to know more please visit [sous-chefs.org](https://sous-chefs.org/) or come chat with us on the Chef Community Slack in [#sous-chefs](https://chefcommunity.slack.com/messages/C2V7B88SF). ### Cookbooks @@ -22,100 +56,11 @@ The yum-epel cookbook takes over management of the default repositoryids shipped ## Attributes -The following attributes are set by default - -```ruby -default['yum-epel']['repos'] = %w( - epel - epel-debuginfo - epel-source - epel-testing - epel-testing-debuginfo - epel-testing-source -) -``` - -```ruby -default['yum']['epel']['repositoryid'] = 'epel' -default['yum']['epel']['description'] = 'Extra Packages for Enterprise Linux 6 - $basearch' -default['yum']['epel']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=$basearch' -default['yum']['epel']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' -default['yum']['epel']['failovermethod'] = 'priority' -default['yum']['epel']['gpgcheck'] = true -default['yum']['epel']['enabled'] = true -default['yum']['epel']['managed'] = true -``` - -```ruby -default['yum']['epel-debuginfo']['repositoryid'] = 'epel-debuginfo' -default['yum']['epel-debuginfo']['description'] = 'Extra Packages for Enterprise Linux 6 - $basearch - Debug' -default['yum']['epel-debuginfo']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch' -default['yum']['epel-debuginfo']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' -default['yum']['epel-debuginfo']['failovermethod'] = 'priority' -default['yum']['epel-debuginfo']['gpgcheck'] = true -default['yum']['epel-debuginfo']['enabled'] = false -default['yum']['epel-debuginfo']['managed'] = false -``` - -```ruby -default['yum']['epel-source']['repositoryid'] = 'epel-source' -default['yum']['epel-source']['description'] = 'Extra Packages for Enterprise Linux 6 - $basearch - Source' -default['yum']['epel-source']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-source-6&arch=$basearch' -default['yum']['epel-source']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' -default['yum']['epel-source']['failovermethod'] = 'priority' -default['yum']['epel-source']['gpgcheck'] = true -default['yum']['epel-source']['enabled'] = false -default['yum']['epel-source']['managed'] = false -``` - -```ruby -default['yum']['epel-testing']['repositoryid'] = 'epel-testing' -default['yum']['epel-testing']['description'] = 'Extra Packages for Enterprise Linux 6 - Testing - $basearch' -default['yum']['epel-testing']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=testing-epel6&arch=$basearch' -default['yum']['epel-testing']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6r' -default['yum']['epel-testing']['failovermethod'] = 'priority' -default['yum']['epel-testing']['gpgcheck'] = true -default['yum']['epel-testing']['enabled'] = false -default['yum']['epel-testing']['managed'] = false -``` - -```ruby -default['yum']['epel-testing-debuginfo']['repositoryid'] = 'epel-testing-debuginfo' -default['yum']['epel-testing-debuginfo']['description'] = 'Extra Packages for Enterprise Linux 6 - Testing - $basearch Debug' -default['yum']['epel-testing-debuginfo']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=testing-debug-epel6&arch=$basearch' -default['yum']['epel-testing-debuginfo']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' -default['yum']['epel-testing-debuginfo']['failovermethod'] = 'priority' -default['yum']['epel-testing-debuginfo']['gpgcheck'] = true -default['yum']['epel-testing-debuginfo']['enabled'] = false -default['yum']['epel-testing-debuginfo']['managed'] = false -``` - -```ruby -default['yum']['epel-testing-source']['repositoryid'] = 'epel-testing-source' -default['yum']['epel-testing-source']['description'] = 'Extra Packages for Enterprise Linux 6 - Testing - $basearch Source' -default['yum']['epel-testing-source']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=testing-source-epel6&arch=$basearch' -default['yum']['epel-testing-source']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' -default['yum']['epel-testing-source']['failovermethod'] = 'priority' -default['yum']['epel-testing-source']['gpgcheck'] = true -default['yum']['epel-testing-source']['enabled'] = false -default['yum']['epel-testing-source']['managed'] = false -``` +See individual repository attribute files for defaults. ## Recipes -- default - Walks through node attributes and feeds a yum_resource -- parameters. The following is an example a resource generated by the -- recipe during compilation. - -```ruby - yum_repository 'epel' do - mirrorlist 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=$basearch' - description 'Extra Packages for Enterprise Linux 5 - $basearch' - enabled true - gpgcheck true - gpgkey 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL' - end -``` +- `yum-epel::default` Generates `yum_repository` configs for the standard EPEL repositories. By default the `epel` repository is enabled. For CentOS Stream, the [epel-next](https://docs.fedoraproject.org/en-US/epel/#what_is_epel_next) repository is also enabled. ## Usage Example @@ -148,28 +93,33 @@ Point the epel repositories at an internally hosted server. ```ruby node.default['yum']['epel']['enabled'] = true node.default['yum']['epel']['mirrorlist'] = nil -node.default['yum']['epel']['baseurl'] = 'https://internal.example.com/centos/6/os/x86_64' +node.default['yum']['epel']['baseurl'] = 'https://internal.example.com/centos/7/os/x86_64' node.default['yum']['epel']['sslverify'] = false include_recipe 'yum-epel' ``` -## License & Authors +## Contributors -**Author:** Cookbook Engineering Team ([cookbooks@chef.io](mailto:cookbooks@chef.io)) +This project exists thanks to all the people who [contribute.](https://opencollective.com/sous-chefs/contributors.svg?width=890&button=false) -**Copyright:** 2011-2016, Chef Software, Inc. +### Backers -``` -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at +Thank you to all our backers! - http://www.apache.org/licenses/LICENSE-2.0 +![https://opencollective.com/sous-chefs#backers](https://opencollective.com/sous-chefs/backers.svg?width=600&avatarHeight=40) -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -``` +### Sponsors + +Support this project by becoming a sponsor. Your logo will show up here with a link to your website. + +![https://opencollective.com/sous-chefs/sponsor/0/website](https://opencollective.com/sous-chefs/sponsor/0/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/1/website](https://opencollective.com/sous-chefs/sponsor/1/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/2/website](https://opencollective.com/sous-chefs/sponsor/2/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/3/website](https://opencollective.com/sous-chefs/sponsor/3/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/4/website](https://opencollective.com/sous-chefs/sponsor/4/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/5/website](https://opencollective.com/sous-chefs/sponsor/5/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/6/website](https://opencollective.com/sous-chefs/sponsor/6/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/7/website](https://opencollective.com/sous-chefs/sponsor/7/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/8/website](https://opencollective.com/sous-chefs/sponsor/8/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/9/website](https://opencollective.com/sous-chefs/sponsor/9/avatar.svg?avatarHeight=100) diff --git a/cookbooks/yum-epel/attributes/default.rb b/cookbooks/yum-epel/attributes/default.rb index 960a280..31eca73 100644 --- a/cookbooks/yum-epel/attributes/default.rb +++ b/cookbooks/yum-epel/attributes/default.rb @@ -1,8 +1,28 @@ -default['yum-epel']['repos'] = %w( - epel - epel-debuginfo - epel-source - epel-testing - epel-testing-debuginfo - epel-testing-source -) +default['yum-epel']['repos'] = + value_for_platform( + %w(redhat centos oracle) => { + '>= 8.0' => epel_8_repos, + '~> 7.0' => + %w( + epel + epel-debuginfo + epel-source + epel-testing + epel-testing-debuginfo + epel-testing-source + ), + }, + 'amazon' => { + 'default' => + %w( + epel + epel-debuginfo + epel-source + epel-testing + epel-testing-debuginfo + epel-testing-source + ), + }, + # No-op on non-yum systems + 'default' => [] + ) diff --git a/cookbooks/yum-epel/attributes/epel-debuginfo.rb b/cookbooks/yum-epel/attributes/epel-debuginfo.rb index f95a9e4..01b9b1e 100644 --- a/cookbooks/yum-epel/attributes/epel-debuginfo.rb +++ b/cookbooks/yum-epel/attributes/epel-debuginfo.rb @@ -1,19 +1,14 @@ default['yum']['epel-debuginfo']['repositoryid'] = 'epel-debuginfo' -default['yum']['epel-debuginfo']['description'] = "Extra Packages for #{node['platform_version'].to_i} - $basearch - Debug" if platform?('amazon') - if node['platform_version'].to_i > 2010 - default['yum']['epel-debuginfo']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-debug-6&arch=$basearch' - default['yum']['epel-debuginfo']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' - else - default['yum']['epel-debuginfo']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-debug-7&arch=$basearch' - default['yum']['epel-debuginfo']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7' - end + default['yum']['epel-debuginfo']['description'] = 'Extra Packages for 7 - $basearch - Debug' + default['yum']['epel-debuginfo']['mirrorlist'] = 'https://mirrors.fedoraproject.org/mirrorlist?repo=epel-debug-7&arch=$basearch' + default['yum']['epel-debuginfo']['gpgkey'] = 'https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7' else - default['yum']['epel-debuginfo']['mirrorlist'] = "http://mirrors.fedoraproject.org/mirrorlist?repo=epel-debug-#{node['platform_version'].to_i}&arch=$basearch" + default['yum']['epel-debuginfo']['description'] = "Extra Packages for #{node['platform_version'].to_i} - $basearch - Debug" + default['yum']['epel-debuginfo']['mirrorlist'] = "https://mirrors.fedoraproject.org/mirrorlist?repo=epel-debug-#{node['platform_version'].to_i}&arch=$basearch" default['yum']['epel-debuginfo']['gpgkey'] = "https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-#{node['platform_version'].to_i}" end -default['yum']['epel-debuginfo']['failovermethod'] = 'priority' default['yum']['epel-debuginfo']['gpgcheck'] = true default['yum']['epel-debuginfo']['enabled'] = false default['yum']['epel-debuginfo']['managed'] = false diff --git a/cookbooks/yum-epel/attributes/epel-modular-debuginfo.rb b/cookbooks/yum-epel/attributes/epel-modular-debuginfo.rb new file mode 100644 index 0000000..04e9f52 --- /dev/null +++ b/cookbooks/yum-epel/attributes/epel-modular-debuginfo.rb @@ -0,0 +1,8 @@ +default['yum']['epel-modular-debuginfo']['repositoryid'] = 'epel-modular-debuginfo' +default['yum']['epel-modular-debuginfo']['description'] = 'Extra Packages for Enterprise Linux Modular $releasever - $basearch - Debug' +default['yum']['epel-modular-debuginfo']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=epel-modular-debug-$releasever&arch=$basearch&infra=$infra&content=$contentdir' +default['yum']['epel-modular-debuginfo']['gpgkey'] = 'https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8' +default['yum']['epel-modular-debuginfo']['gpgcheck'] = true +default['yum']['epel-modular-debuginfo']['enabled'] = false +default['yum']['epel-modular-debuginfo']['managed'] = false +default['yum']['epel-modular-debuginfo']['make_cache'] = true diff --git a/cookbooks/yum-epel/attributes/epel-modular-source.rb b/cookbooks/yum-epel/attributes/epel-modular-source.rb new file mode 100644 index 0000000..150e1eb --- /dev/null +++ b/cookbooks/yum-epel/attributes/epel-modular-source.rb @@ -0,0 +1,8 @@ +default['yum']['epel-modular-source']['repositoryid'] = 'epel-modular-source' +default['yum']['epel-modular-source']['description'] = 'Extra Packages for Enterprise Linux Modular $releasever - $basearch - Source' +default['yum']['epel-modular-source']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=epel-modular-source-$releasever&arch=$basearch&infra=$infra&content=$contentdir' +default['yum']['epel-modular-source']['gpgkey'] = 'https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8' +default['yum']['epel-modular-source']['gpgcheck'] = true +default['yum']['epel-modular-source']['enabled'] = false +default['yum']['epel-modular-source']['managed'] = false +default['yum']['epel-modular-source']['make_cache'] = true diff --git a/cookbooks/yum-epel/attributes/epel-modular.rb b/cookbooks/yum-epel/attributes/epel-modular.rb new file mode 100644 index 0000000..9fea914 --- /dev/null +++ b/cookbooks/yum-epel/attributes/epel-modular.rb @@ -0,0 +1,8 @@ +default['yum']['epel-modular']['repositoryid'] = 'epel-modular' +default['yum']['epel-modular']['description'] = 'Extra Packages for Enterprise Linux Modular $releasever - $basearch' +default['yum']['epel-modular']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=epel-modular-$releasever&arch=$basearch&infra=$infra&content=$contentdir' +default['yum']['epel-modular']['gpgkey'] = 'https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8' +default['yum']['epel-modular']['gpgcheck'] = true +default['yum']['epel-modular']['enabled'] = false +default['yum']['epel-modular']['managed'] = false +default['yum']['epel-modular']['make_cache'] = true diff --git a/cookbooks/yum-epel/attributes/epel-next-debuginfo.rb b/cookbooks/yum-epel/attributes/epel-next-debuginfo.rb new file mode 100644 index 0000000..dd43687 --- /dev/null +++ b/cookbooks/yum-epel/attributes/epel-next-debuginfo.rb @@ -0,0 +1,11 @@ +default['yum']['epel-next-debuginfo']['repositoryid'] = 'epel-next-debuginfo' +default['yum']['epel-next-debuginfo']['description'] = + "Extra Packages for #{node['platform_version'].to_i} - $basearch - Next - Debug" +default['yum']['epel-next-debuginfo']['mirrorlist'] = + "https://mirrors.fedoraproject.org/mirrorlist?repo=epel-next-debug-#{node['platform_version'].to_i}&arch=$basearch" +default['yum']['epel-next-debuginfo']['gpgkey'] = + "https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-#{node['platform_version'].to_i}" +default['yum']['epel-next-debuginfo']['gpgcheck'] = true +default['yum']['epel-next-debuginfo']['enabled'] = false +default['yum']['epel-next-debuginfo']['managed'] = false +default['yum']['epel-next-debuginfo']['make_cache'] = true diff --git a/cookbooks/yum-epel/attributes/epel-next-source.rb b/cookbooks/yum-epel/attributes/epel-next-source.rb new file mode 100644 index 0000000..e7c70a7 --- /dev/null +++ b/cookbooks/yum-epel/attributes/epel-next-source.rb @@ -0,0 +1,11 @@ +default['yum']['epel-next-source']['repositoryid'] = 'epel-next-source' +default['yum']['epel-next-source']['description'] = + "Extra Packages for #{node['platform_version'].to_i} $basearch - Next -Source" +default['yum']['epel-next-source']['mirrorlist'] = + "https://mirrors.fedoraproject.org/mirrorlist?repo=epel-next-source-#{node['platform_version'].to_i}&arch=$basearch" +default['yum']['epel-next-source']['gpgkey'] = + "https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-#{node['platform_version'].to_i}" +default['yum']['epel-next-source']['gpgcheck'] = true +default['yum']['epel-next-source']['enabled'] = false +default['yum']['epel-next-source']['managed'] = false +default['yum']['epel-next-source']['make_cache'] = true diff --git a/cookbooks/yum-epel/attributes/epel-next-testing-debuginfo.rb b/cookbooks/yum-epel/attributes/epel-next-testing-debuginfo.rb new file mode 100644 index 0000000..118b636 --- /dev/null +++ b/cookbooks/yum-epel/attributes/epel-next-testing-debuginfo.rb @@ -0,0 +1,11 @@ +default['yum']['epel-next-testing-debuginfo']['repositoryid'] = 'epel-next-testing-debuginfo' +default['yum']['epel-next-testing-debuginfo']['description'] = + "Extra Packages for #{node['platform_version'].to_i} - $basearch - Next - Testing Debug" +default['yum']['epel-next-testing-debuginfo']['mirrorlist'] = + "https://mirrors.fedoraproject.org/mirrorlist?repo=epel-testing-next-debug-#{node['platform_version'].to_i}&arch=$basearch" +default['yum']['epel-next-testing-debuginfo']['gpgkey'] = + "https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-#{node['platform_version'].to_i}" +default['yum']['epel-next-testing-debuginfo']['gpgcheck'] = true +default['yum']['epel-next-testing-debuginfo']['enabled'] = false +default['yum']['epel-next-testing-debuginfo']['managed'] = false +default['yum']['epel-next-testing-debuginfo']['make_cache'] = true diff --git a/cookbooks/yum-epel/attributes/epel-next-testing-source.rb b/cookbooks/yum-epel/attributes/epel-next-testing-source.rb new file mode 100644 index 0000000..8548e54 --- /dev/null +++ b/cookbooks/yum-epel/attributes/epel-next-testing-source.rb @@ -0,0 +1,11 @@ +default['yum']['epel-next-testing-source']['repositoryid'] = 'epel-next-testing-source' +default['yum']['epel-next-testing-source']['description'] = + "Extra Packages for #{node['platform_version'].to_i} - $basearch - Next - Testing Source" +default['yum']['epel-next-testing-source']['mirrorlist'] = + "https://mirrors.fedoraproject.org/mirrorlist?repo=testing-source-epel#{node['platform_version'].to_i}&arch=$basearch" +default['yum']['epel-next-testing-source']['gpgkey'] = + "https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-#{node['platform_version'].to_i}" +default['yum']['epel-next-testing-source']['gpgcheck'] = true +default['yum']['epel-next-testing-source']['enabled'] = false +default['yum']['epel-next-testing-source']['managed'] = false +default['yum']['epel-next-testing-source']['make_cache'] = true diff --git a/cookbooks/yum-epel/attributes/epel-next-testing.rb b/cookbooks/yum-epel/attributes/epel-next-testing.rb new file mode 100644 index 0000000..18476e3 --- /dev/null +++ b/cookbooks/yum-epel/attributes/epel-next-testing.rb @@ -0,0 +1,11 @@ +default['yum']['epel-next-testing']['repositoryid'] = 'epel-next-testing' +default['yum']['epel-next-testing']['description'] = + "Extra Packages for #{node['platform_version'].to_i} - $basearch - Next - Testing" +default['yum']['epel-next-testing']['mirrorlist'] = + "https://mirrors.fedoraproject.org/mirrorlist?repo=epel-testing-next-#{node['platform_version'].to_i}&arch=$basearch" +default['yum']['epel-next-testing']['gpgkey'] = + "https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-#{node['platform_version'].to_i}" +default['yum']['epel-next-testing']['gpgcheck'] = true +default['yum']['epel-next-testing']['enabled'] = false +default['yum']['epel-next-testing']['managed'] = false +default['yum']['epel-next-testing']['make_cache'] = true diff --git a/cookbooks/yum-epel/attributes/epel-next.rb b/cookbooks/yum-epel/attributes/epel-next.rb new file mode 100644 index 0000000..246f5a3 --- /dev/null +++ b/cookbooks/yum-epel/attributes/epel-next.rb @@ -0,0 +1,10 @@ +default['yum']['epel-next']['repositoryid'] = 'epel-next' +default['yum']['epel-next']['gpgcheck'] = true +default['yum']['epel-next']['description'] = 'Extra Packages for $releasever - Next - $basearch' +default['yum']['epel-next']['mirrorlist'] = + "https://mirrors.fedoraproject.org/mirrorlist?repo=epel-next-#{node['platform_version'].to_i}&arch=$basearch" +default['yum']['epel-next']['gpgkey'] = + "https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-#{node['platform_version'].to_i}" +default['yum']['epel-next']['enabled'] = true +default['yum']['epel-next']['managed'] = true +default['yum']['epel-next']['make_cache'] = true diff --git a/cookbooks/yum-epel/attributes/epel-playground-debuginfo.rb b/cookbooks/yum-epel/attributes/epel-playground-debuginfo.rb new file mode 100644 index 0000000..d823b83 --- /dev/null +++ b/cookbooks/yum-epel/attributes/epel-playground-debuginfo.rb @@ -0,0 +1,8 @@ +default['yum']['epel-playground-debuginfo']['repositoryid'] = 'epel-playground-debuginfo' +default['yum']['epel-playground-debuginfo']['description'] = 'Extra Packages for Enterprise Linux $releasever - Playground - $basearch - Debug' +default['yum']['epel-playground-debuginfo']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=playground-debug-epel$releasever&arch=$basearch&infra=$infra&content=$contentdir' +default['yum']['epel-playground-debuginfo']['gpgkey'] = 'https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8' +default['yum']['epel-playground-debuginfo']['gpgcheck'] = true +default['yum']['epel-playground-debuginfo']['enabled'] = false +default['yum']['epel-playground-debuginfo']['managed'] = false +default['yum']['epel-playground-debuginfo']['make_cache'] = true diff --git a/cookbooks/yum-epel/attributes/epel-playground-source.rb b/cookbooks/yum-epel/attributes/epel-playground-source.rb new file mode 100644 index 0000000..c0a0cb3 --- /dev/null +++ b/cookbooks/yum-epel/attributes/epel-playground-source.rb @@ -0,0 +1,8 @@ +default['yum']['epel-playground-source']['repositoryid'] = 'epel-playground-source' +default['yum']['epel-playground-source']['description'] = 'Extra Packages for Enterprise Linux $releasever - Playground - $basearch - Source' +default['yum']['epel-playground-source']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=playground-source-epel$releasever&arch=$basearch&infra=$infra&content=$contentdir' +default['yum']['epel-playground-source']['gpgkey'] = 'https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8' +default['yum']['epel-playground-source']['gpgcheck'] = true +default['yum']['epel-playground-source']['enabled'] = false +default['yum']['epel-playground-source']['managed'] = false +default['yum']['epel-playground-source']['make_cache'] = true diff --git a/cookbooks/yum-epel/attributes/epel-playground.rb b/cookbooks/yum-epel/attributes/epel-playground.rb new file mode 100644 index 0000000..3b78bb5 --- /dev/null +++ b/cookbooks/yum-epel/attributes/epel-playground.rb @@ -0,0 +1,8 @@ +default['yum']['epel-playground']['repositoryid'] = 'epel-playground' +default['yum']['epel-playground']['description'] = 'Extra Packages for Enterprise Linux $releasever - Playground - $basearch' +default['yum']['epel-playground']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=playground-epel$releasever&arch=$basearch&infra=$infra&content=$contentdir' +default['yum']['epel-playground']['gpgkey'] = 'https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8' +default['yum']['epel-playground']['gpgcheck'] = true +default['yum']['epel-playground']['enabled'] = false +default['yum']['epel-playground']['managed'] = false +default['yum']['epel-playground']['make_cache'] = true diff --git a/cookbooks/yum-epel/attributes/epel-source.rb b/cookbooks/yum-epel/attributes/epel-source.rb index 51975ba..6c89989 100644 --- a/cookbooks/yum-epel/attributes/epel-source.rb +++ b/cookbooks/yum-epel/attributes/epel-source.rb @@ -1,19 +1,14 @@ default['yum']['epel-source']['repositoryid'] = 'epel-source' -default['yum']['epel-source']['description'] = "Extra Packages for #{node['platform_version'].to_i} - $basearch - Source" if platform?('amazon') - if node['platform_version'].to_i > 2010 - default['yum']['epel-source']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-source-6&arch=$basearch' - default['yum']['epel-source']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' - else - default['yum']['epel-source']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-source-7&arch=$basearch' - default['yum']['epel-source']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7' - end + default['yum']['epel-source']['description'] = 'Extra Packages for 7 - $basearch - Source' + default['yum']['epel-source']['mirrorlist'] = 'https://mirrors.fedoraproject.org/mirrorlist?repo=epel-source-7&arch=$basearch' + default['yum']['epel-source']['gpgkey'] = 'https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7' else - default['yum']['epel-source']['mirrorlist'] = "http://mirrors.fedoraproject.org/mirrorlist?repo=epel-source-#{node['platform_version'].to_i}&arch=$basearch" + default['yum']['epel-source']['description'] = "Extra Packages for #{node['platform_version'].to_i} - $basearch - Source" + default['yum']['epel-source']['mirrorlist'] = "https://mirrors.fedoraproject.org/mirrorlist?repo=epel-source-#{node['platform_version'].to_i}&arch=$basearch" default['yum']['epel-source']['gpgkey'] = "https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-#{node['platform_version'].to_i}" end -default['yum']['epel-source']['failovermethod'] = 'priority' default['yum']['epel-source']['gpgcheck'] = true default['yum']['epel-source']['enabled'] = false default['yum']['epel-source']['managed'] = false diff --git a/cookbooks/yum-epel/attributes/epel-testing-debuginfo.rb b/cookbooks/yum-epel/attributes/epel-testing-debuginfo.rb index da874d3..4330c33 100644 --- a/cookbooks/yum-epel/attributes/epel-testing-debuginfo.rb +++ b/cookbooks/yum-epel/attributes/epel-testing-debuginfo.rb @@ -1,19 +1,14 @@ default['yum']['epel-testing-debuginfo']['repositoryid'] = 'epel-testing-debuginfo' -default['yum']['epel-testing-debuginfo']['description'] = "Extra Packages for #{node['platform_version'].to_i} - $basearch - Testing Debug" if platform?('amazon') - if node['platform_version'].to_i > 2010 - default['yum']['epel-testing-debuginfo']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=testing-debug-epel6&arch=$basearch' - default['yum']['epel-testing-debuginfo']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' - else - default['yum']['epel-testing-debuginfo']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=testing-debug-epel7&arch=$basearch' - default['yum']['epel-testing-debuginfo']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7' - end + default['yum']['epel-testing-debuginfo']['description'] = 'Extra Packages for 7 - $basearch - Testing Debug' + default['yum']['epel-testing-debuginfo']['mirrorlist'] = 'https://mirrors.fedoraproject.org/mirrorlist?repo=testing-debug-epel7&arch=$basearch' + default['yum']['epel-testing-debuginfo']['gpgkey'] = 'https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7' else - default['yum']['epel-testing-debuginfo']['mirrorlist'] = "http://mirrors.fedoraproject.org/mirrorlist?repo=testing-debug-epel#{node['platform_version'].to_i}&arch=$basearch" + default['yum']['epel-testing-debuginfo']['description'] = "Extra Packages for #{node['platform_version'].to_i} - $basearch - Testing Debug" + default['yum']['epel-testing-debuginfo']['mirrorlist'] = "https://mirrors.fedoraproject.org/mirrorlist?repo=testing-debug-epel#{node['platform_version'].to_i}&arch=$basearch" default['yum']['epel-testing-debuginfo']['gpgkey'] = "https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-#{node['platform_version'].to_i}" end -default['yum']['epel-testing-debuginfo']['failovermethod'] = 'priority' default['yum']['epel-testing-debuginfo']['gpgcheck'] = true default['yum']['epel-testing-debuginfo']['enabled'] = false default['yum']['epel-testing-debuginfo']['managed'] = false diff --git a/cookbooks/yum-epel/attributes/epel-testing-modular-debuginfo.rb b/cookbooks/yum-epel/attributes/epel-testing-modular-debuginfo.rb new file mode 100644 index 0000000..fa938de --- /dev/null +++ b/cookbooks/yum-epel/attributes/epel-testing-modular-debuginfo.rb @@ -0,0 +1,8 @@ +default['yum']['epel-testing-modular-debuginfo']['repositoryid'] = 'epel-testing-modular-debuginfo' +default['yum']['epel-testing-modular-debuginfo']['description'] = 'Extra Packages for Enterprise Linux Modular $releasever - Testing - $basearch - Debug' +default['yum']['epel-testing-modular-debuginfo']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=testing-modular-debug-epel$releasever&arch=$basearch&infra=$infra&content=$contentdir' +default['yum']['epel-testing-modular-debuginfo']['gpgkey'] = 'https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8' +default['yum']['epel-testing-modular-debuginfo']['gpgcheck'] = true +default['yum']['epel-testing-modular-debuginfo']['enabled'] = false +default['yum']['epel-testing-modular-debuginfo']['managed'] = false +default['yum']['epel-testing-modular-debuginfo']['make_cache'] = true diff --git a/cookbooks/yum-epel/attributes/epel-testing-modular-source.rb b/cookbooks/yum-epel/attributes/epel-testing-modular-source.rb new file mode 100644 index 0000000..4a4ae41 --- /dev/null +++ b/cookbooks/yum-epel/attributes/epel-testing-modular-source.rb @@ -0,0 +1,8 @@ +default['yum']['epel-testing-modular-source']['repositoryid'] = 'epel-testing-modular-source' +default['yum']['epel-testing-modular-source']['description'] = 'Extra Packages for Enterprise Linux Modular $releasever- Testing - $basearch - Source' +default['yum']['epel-testing-modular-source']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=testing-modular-source-epel$releasever&arch=$basearch&infra=$infra&content=$contentdir' +default['yum']['epel-testing-modular-source']['gpgkey'] = 'https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8' +default['yum']['epel-testing-modular-source']['gpgcheck'] = true +default['yum']['epel-testing-modular-source']['enabled'] = false +default['yum']['epel-testing-modular-source']['managed'] = false +default['yum']['epel-testing-modular-source']['make_cache'] = true diff --git a/cookbooks/yum-epel/attributes/epel-testing-modular.rb b/cookbooks/yum-epel/attributes/epel-testing-modular.rb new file mode 100644 index 0000000..a707c65 --- /dev/null +++ b/cookbooks/yum-epel/attributes/epel-testing-modular.rb @@ -0,0 +1,8 @@ +default['yum']['epel-testing-modular']['repositoryid'] = 'epel-testing-modular' +default['yum']['epel-testing-modular']['description'] = 'Extra Packages for Enterprise Linux Modular $releasever - Testing - $basearch' +default['yum']['epel-testing-modular']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=testing-modular-epel$releasever&arch=$basearch&infra=$infra&content=$contentdir' +default['yum']['epel-testing-modular']['gpgkey'] = 'https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8' +default['yum']['epel-testing-modular']['gpgcheck'] = true +default['yum']['epel-testing-modular']['enabled'] = false +default['yum']['epel-testing-modular']['managed'] = false +default['yum']['epel-testing-modular']['make_cache'] = true diff --git a/cookbooks/yum-epel/attributes/epel-testing-source.rb b/cookbooks/yum-epel/attributes/epel-testing-source.rb index 07bc64d..7da8d24 100644 --- a/cookbooks/yum-epel/attributes/epel-testing-source.rb +++ b/cookbooks/yum-epel/attributes/epel-testing-source.rb @@ -1,19 +1,14 @@ default['yum']['epel-testing-source']['repositoryid'] = 'epel-testing-source' -default['yum']['epel-testing-source']['description'] = "Extra Packages for #{node['platform_version'].to_i} - $basearch - Testing Source" if platform?('amazon') - if node['platform_version'].to_i > 2010 - default['yum']['epel-testing-source']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=testing-source-epel6&arch=$basearch' - default['yum']['epel-testing-source']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' - else - default['yum']['epel-testing-source']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=testing-source-epel7&arch=$basearch' - default['yum']['epel-testing-source']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7' - end + default['yum']['epel-testing-source']['description'] = 'Extra Packages for 7 - $basearch - Testing Source' + default['yum']['epel-testing-source']['mirrorlist'] = 'https://mirrors.fedoraproject.org/mirrorlist?repo=testing-source-epel7&arch=$basearch' + default['yum']['epel-testing-source']['gpgkey'] = 'https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7' else - default['yum']['epel-testing-source']['mirrorlist'] = "http://mirrors.fedoraproject.org/mirrorlist?repo=testing-source-epel#{node['platform_version'].to_i}&arch=$basearch" + default['yum']['epel-testing-source']['description'] = "Extra Packages for #{node['platform_version'].to_i} - $basearch - Testing Source" + default['yum']['epel-testing-source']['mirrorlist'] = "https://mirrors.fedoraproject.org/mirrorlist?repo=testing-source-epel#{node['platform_version'].to_i}&arch=$basearch" default['yum']['epel-testing-source']['gpgkey'] = "https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-#{node['platform_version'].to_i}" end -default['yum']['epel-testing-source']['failovermethod'] = 'priority' default['yum']['epel-testing-source']['gpgcheck'] = true default['yum']['epel-testing-source']['enabled'] = false default['yum']['epel-testing-source']['managed'] = false diff --git a/cookbooks/yum-epel/attributes/epel-testing.rb b/cookbooks/yum-epel/attributes/epel-testing.rb index 3fe52b8..ae3aa16 100644 --- a/cookbooks/yum-epel/attributes/epel-testing.rb +++ b/cookbooks/yum-epel/attributes/epel-testing.rb @@ -1,19 +1,14 @@ default['yum']['epel-testing']['repositoryid'] = 'epel-testing' -default['yum']['epel-testing']['description'] = "Extra Packages for #{node['platform_version'].to_i} - $basearch - Testing " if platform?('amazon') - if node['platform_version'].to_i > 2010 - default['yum']['epel-testing']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=testing-epel6&arch=$basearch' - default['yum']['epel-testing']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' - else - default['yum']['epel-testing']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=testing-epel7&arch=$basearch' - default['yum']['epel-testing']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7' - end + default['yum']['epel-testing']['description'] = 'Extra Packages for 7 - $basearch - Testing ' + default['yum']['epel-testing']['mirrorlist'] = 'https://mirrors.fedoraproject.org/mirrorlist?repo=testing-epel7&arch=$basearch' + default['yum']['epel-testing']['gpgkey'] = 'https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7' else - default['yum']['epel-testing']['mirrorlist'] = "http://mirrors.fedoraproject.org/mirrorlist?repo=testing-epel#{node['platform_version'].to_i}&arch=$basearch" + default['yum']['epel-testing']['description'] = "Extra Packages for #{node['platform_version'].to_i} - $basearch - Testing " + default['yum']['epel-testing']['mirrorlist'] = "https://mirrors.fedoraproject.org/mirrorlist?repo=testing-epel#{node['platform_version'].to_i}&arch=$basearch" default['yum']['epel-testing']['gpgkey'] = "https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-#{node['platform_version'].to_i}" end -default['yum']['epel-testing']['failovermethod'] = 'priority' default['yum']['epel-testing']['gpgcheck'] = true default['yum']['epel-testing']['enabled'] = false default['yum']['epel-testing']['managed'] = false diff --git a/cookbooks/yum-epel/attributes/epel.rb b/cookbooks/yum-epel/attributes/epel.rb index 5e99bca..119296d 100644 --- a/cookbooks/yum-epel/attributes/epel.rb +++ b/cookbooks/yum-epel/attributes/epel.rb @@ -1,5 +1,4 @@ default['yum']['epel']['repositoryid'] = 'epel' -default['yum']['epel']['description'] = "Extra Packages for #{node['platform_version'].to_i} - $basearch" default['yum']['epel']['gpgcheck'] = true case node['kernel']['machine'] when 'armv7l', 'armv7hl' @@ -10,19 +9,15 @@ when 's390x' default['yum']['epel']['gpgkey'] = 'https://kojipkgs.fedoraproject.org/rhel/rc/7/Server/s390x/os/RPM-GPG-KEY-redhat-release' else if platform?('amazon') - if node['platform_version'].to_i > 2010 - default['yum']['epel']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-6&arch=$basearch' - default['yum']['epel']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6' - else - default['yum']['epel']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-7&arch=$basearch' - default['yum']['epel']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7' - end + default['yum']['epel']['description'] = 'Extra Packages for 7 - $basearch' + default['yum']['epel']['mirrorlist'] = 'https://mirrors.fedoraproject.org/mirrorlist?repo=epel-7&arch=$basearch' + default['yum']['epel']['gpgkey'] = 'https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7' else - default['yum']['epel']['mirrorlist'] = "http://mirrors.fedoraproject.org/mirrorlist?repo=epel-#{node['platform_version'].to_i}&arch=$basearch" + default['yum']['epel']['description'] = "Extra Packages for #{node['platform_version'].to_i} - $basearch" + default['yum']['epel']['mirrorlist'] = "https://mirrors.fedoraproject.org/mirrorlist?repo=epel-#{node['platform_version'].to_i}&arch=$basearch" default['yum']['epel']['gpgkey'] = "https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-#{node['platform_version'].to_i}" end end -default['yum']['epel']['failovermethod'] = 'priority' default['yum']['epel']['enabled'] = true default['yum']['epel']['managed'] = true default['yum']['epel']['make_cache'] = true diff --git a/cookbooks/yum-epel/chefignore b/cookbooks/yum-epel/chefignore new file mode 100644 index 0000000..cc170ea --- /dev/null +++ b/cookbooks/yum-epel/chefignore @@ -0,0 +1,115 @@ +# Put files/directories that should be ignored in this file when uploading +# to a Chef Infra Server or Supermarket. +# Lines that start with '# ' are comments. + +# OS generated files # +###################### +.DS_Store +ehthumbs.db +Icon? +nohup.out +Thumbs.db +.envrc + +# EDITORS # +########### +.#* +.project +.settings +*_flymake +*_flymake.* +*.bak +*.sw[a-z] +*.tmproj +*~ +\#* +REVISION +TAGS* +tmtags +.vscode +.editorconfig + +## COMPILED ## +############## +*.class +*.com +*.dll +*.exe +*.o +*.pyc +*.so +*/rdoc/ +a.out +mkmf.log + +# Testing # +########### +.circleci/* +.codeclimate.yml +.delivery/* +.foodcritic +.kitchen* +.mdlrc +.overcommit.yml +.rspec +.rubocop.yml +.travis.yml +.watchr +.yamllint +azure-pipelines.yml +Dangerfile +examples/* +features/* +Guardfile +kitchen.yml* +mlc_config.json +Procfile +Rakefile +spec/* +test/* + +# SCM # +####### +.git +.gitattributes +.gitconfig +.github/* +.gitignore +.gitkeep +.gitmodules +.svn +*/.bzr/* +*/.git +*/.hg/* +*/.svn/* + +# Berkshelf # +############# +Berksfile +Berksfile.lock +cookbooks/* +tmp + +# Bundler # +########### +vendor/* +Gemfile +Gemfile.lock + +# Policyfile # +############## +Policyfile.rb +Policyfile.lock.json + +# Documentation # +############# +CODE_OF_CONDUCT* +CONTRIBUTING* +documentation/* +TESTING* +UPGRADING* + +# Vagrant # +########### +.vagrant +Vagrantfile diff --git a/cookbooks/yum-epel/kitchen.dokken.yml b/cookbooks/yum-epel/kitchen.dokken.yml new file mode 100644 index 0000000..00236db --- /dev/null +++ b/cookbooks/yum-epel/kitchen.dokken.yml @@ -0,0 +1,46 @@ +driver: + name: dokken + privileged: true # because Docker and SystemD + chef_version: <%= ENV['CHEF_VERSION'] || 'current' %> + chef_license: accept-no-persist + +transport: + name: dokken + +provisioner: + name: dokken + deprecations_as_errors: true + +verifier: + name: inspec + +platforms: + - name: amazonlinux-2 + driver: + image: dokken/amazonlinux-2 + pid_one_command: /usr/lib/systemd/systemd + + - name: centos-7 + driver: + image: dokken/centos-7 + pid_one_command: /usr/lib/systemd/systemd + + - name: centos-8 + driver: + image: dokken/centos-8 + pid_one_command: /usr/lib/systemd/systemd + + - name: centos-stream-8 + driver: + image: dokken/centos-stream-8 + pid_one_command: /usr/lib/systemd/systemd + + - name: oraclelinux-7 + driver: + image: dokken/oraclelinux-7 + pid_one_command: /usr/lib/systemd/systemd + + - name: oraclelinux-8 + driver: + image: dokken/oraclelinux-8 + pid_one_command: /usr/lib/systemd/systemd diff --git a/cookbooks/yum-epel/libraries/helpers.rb b/cookbooks/yum-epel/libraries/helpers.rb new file mode 100644 index 0000000..8898dad --- /dev/null +++ b/cookbooks/yum-epel/libraries/helpers.rb @@ -0,0 +1,46 @@ +module YumEpel + module Cookbook + module Helpers + def epel_8_repos + repos = %w( + epel + epel-debuginfo + epel-modular + epel-modular-debuginfo + epel-modular-source + epel-playground + epel-playground-debuginfo + epel-playground-source + epel-source + epel-testing + epel-testing-debuginfo + epel-testing-modular + epel-testing-modular-debuginfo + epel-testing-modular-source + epel-testing-source + ) + + repos.concat( + %w( + epel-next + epel-next-debuginfo + epel-next-source + epel-next-testing + epel-next-testing-debuginfo + epel-next-testing-source + ) + ) if yum_epel_centos_stream? + + repos + end + + private + + def yum_epel_centos_stream? + respond_to?(:centos_stream_platform?) && centos_stream_platform? + end + end + end +end +# Needed to used in attributes/ +Chef::Node.include ::YumEpel::Cookbook::Helpers diff --git a/cookbooks/yum-epel/metadata.json b/cookbooks/yum-epel/metadata.json index 399f0fd..674b1bb 100644 --- a/cookbooks/yum-epel/metadata.json +++ b/cookbooks/yum-epel/metadata.json @@ -1 +1,41 @@ -{"name":"yum-epel","version":"3.3.0","description":"Installs and configures the EPEL Yum repository","long_description":"# yum-epel Cookbook\n\n[![Build Status](https://travis-ci.org/chef-cookbooks/yum-epel.svg?branch=master)](http://travis-ci.org/chef-cookbooks/yum-epel) [![Cookbook Version](https://img.shields.io/cookbook/v/yum-epel.svg)](https://supermarket.chef.io/cookbooks/yum-epel)\n\nExtra Packages for Enterprise Linux (or EPEL) is a Fedora Special Interest Group that creates, maintains, and manages a high quality set of additional packages for Enterprise Linux, including, but not limited to, Red Hat Enterprise Linux (RHEL), CentOS and Scientific Linux (SL), Oracle Linux (OL).\n\nThe yum-epel cookbook takes over management of the default repositoryids shipped with epel-release. It allows attribute manipulation of `epel`, `epel-debuginfo`, `epel-source`, `epel-testing`, `epel-testing-debuginfo`, and `epel-testing-source`.\n\n## Requirements\n\n### Platforms\n\n- RHEL/CentOS and derivatives\n\n### Chef\n\n- Chef 12.14+\n\n### Cookbooks\n\n- none\n\n## Attributes\n\nThe following attributes are set by default\n\n```ruby\ndefault['yum-epel']['repos'] = %w(\n epel\n epel-debuginfo\n epel-source\n epel-testing\n epel-testing-debuginfo\n epel-testing-source\n)\n```\n\n```ruby\ndefault['yum']['epel']['repositoryid'] = 'epel'\ndefault['yum']['epel']['description'] = 'Extra Packages for Enterprise Linux 6 - $basearch'\ndefault['yum']['epel']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=$basearch'\ndefault['yum']['epel']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6'\ndefault['yum']['epel']['failovermethod'] = 'priority'\ndefault['yum']['epel']['gpgcheck'] = true\ndefault['yum']['epel']['enabled'] = true\ndefault['yum']['epel']['managed'] = true\n```\n\n```ruby\ndefault['yum']['epel-debuginfo']['repositoryid'] = 'epel-debuginfo'\ndefault['yum']['epel-debuginfo']['description'] = 'Extra Packages for Enterprise Linux 6 - $basearch - Debug'\ndefault['yum']['epel-debuginfo']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch'\ndefault['yum']['epel-debuginfo']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6'\ndefault['yum']['epel-debuginfo']['failovermethod'] = 'priority'\ndefault['yum']['epel-debuginfo']['gpgcheck'] = true\ndefault['yum']['epel-debuginfo']['enabled'] = false\ndefault['yum']['epel-debuginfo']['managed'] = false\n```\n\n```ruby\ndefault['yum']['epel-source']['repositoryid'] = 'epel-source'\ndefault['yum']['epel-source']['description'] = 'Extra Packages for Enterprise Linux 6 - $basearch - Source'\ndefault['yum']['epel-source']['mirrorlist'] = 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-source-6&arch=$basearch'\ndefault['yum']['epel-source']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6'\ndefault['yum']['epel-source']['failovermethod'] = 'priority'\ndefault['yum']['epel-source']['gpgcheck'] = true\ndefault['yum']['epel-source']['enabled'] = false\ndefault['yum']['epel-source']['managed'] = false\n```\n\n```ruby\ndefault['yum']['epel-testing']['repositoryid'] = 'epel-testing'\ndefault['yum']['epel-testing']['description'] = 'Extra Packages for Enterprise Linux 6 - Testing - $basearch'\ndefault['yum']['epel-testing']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=testing-epel6&arch=$basearch'\ndefault['yum']['epel-testing']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6r'\ndefault['yum']['epel-testing']['failovermethod'] = 'priority'\ndefault['yum']['epel-testing']['gpgcheck'] = true\ndefault['yum']['epel-testing']['enabled'] = false\ndefault['yum']['epel-testing']['managed'] = false\n```\n\n```ruby\ndefault['yum']['epel-testing-debuginfo']['repositoryid'] = 'epel-testing-debuginfo'\ndefault['yum']['epel-testing-debuginfo']['description'] = 'Extra Packages for Enterprise Linux 6 - Testing - $basearch Debug'\ndefault['yum']['epel-testing-debuginfo']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=testing-debug-epel6&arch=$basearch'\ndefault['yum']['epel-testing-debuginfo']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6'\ndefault['yum']['epel-testing-debuginfo']['failovermethod'] = 'priority'\ndefault['yum']['epel-testing-debuginfo']['gpgcheck'] = true\ndefault['yum']['epel-testing-debuginfo']['enabled'] = false\ndefault['yum']['epel-testing-debuginfo']['managed'] = false\n```\n\n```ruby\ndefault['yum']['epel-testing-source']['repositoryid'] = 'epel-testing-source'\ndefault['yum']['epel-testing-source']['description'] = 'Extra Packages for Enterprise Linux 6 - Testing - $basearch Source'\ndefault['yum']['epel-testing-source']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=testing-source-epel6&arch=$basearch'\ndefault['yum']['epel-testing-source']['gpgkey'] = 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6'\ndefault['yum']['epel-testing-source']['failovermethod'] = 'priority'\ndefault['yum']['epel-testing-source']['gpgcheck'] = true\ndefault['yum']['epel-testing-source']['enabled'] = false\ndefault['yum']['epel-testing-source']['managed'] = false\n```\n\n## Recipes\n\n- default - Walks through node attributes and feeds a yum_resource\n- parameters. The following is an example a resource generated by the\n- recipe during compilation.\n\n```ruby\n yum_repository 'epel' do\n mirrorlist 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=$basearch'\n description 'Extra Packages for Enterprise Linux 5 - $basearch'\n enabled true\n gpgcheck true\n gpgkey 'http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL'\n end\n```\n\n## Usage Example\n\nTo disable the epel repository through a Role or Environment definition\n\n```\ndefault_attributes(\n :yum => {\n :epel => {\n :enabled => {\n false\n }\n }\n }\n )\n```\n\nUncommonly used repositoryids are not managed by default. This is speeds up integration testing pipelines by avoiding yum-cache builds that nobody cares about. To enable the epel-testing repository with a wrapper cookbook, place the following in a recipe:\n\n```ruby\nnode.default['yum']['epel-testing']['enabled'] = true\nnode.default['yum']['epel-testing']['managed'] = true\ninclude_recipe 'yum-epel'\n```\n\n## More Examples\n\nPoint the epel repositories at an internally hosted server.\n\n```ruby\nnode.default['yum']['epel']['enabled'] = true\nnode.default['yum']['epel']['mirrorlist'] = nil\nnode.default['yum']['epel']['baseurl'] = 'https://internal.example.com/centos/6/os/x86_64'\nnode.default['yum']['epel']['sslverify'] = false\n\ninclude_recipe 'yum-epel'\n```\n\n## License & Authors\n\n**Author:** Cookbook Engineering Team ([cookbooks@chef.io](mailto:cookbooks@chef.io))\n\n**Copyright:** 2011-2016, Chef Software, Inc.\n\n```\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache-2.0","platforms":{"amazon":">= 0.0.0","centos":">= 0.0.0","oracle":">= 0.0.0","redhat":">= 0.0.0","scientific":">= 0.0.0","zlinux":">= 0.0.0"},"dependencies":{},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{},"source_url":"https://github.com/chef-cookbooks/yum-epel","issues_url":"https://github.com/chef-cookbooks/yum-epel/issues","chef_version":[[">= 12.14"]],"ohai_version":[]} \ No newline at end of file +{ + "name": "yum-epel", + "description": "Installs and configures the EPEL Yum repository", + "long_description": "", + "maintainer": "Sous Chefs", + "maintainer_email": "help@sous-chefs.org", + "license": "Apache-2.0", + "platforms": { + "amazon": ">= 0.0.0", + "centos": ">= 0.0.0", + "oracle": ">= 0.0.0", + "redhat": ">= 0.0.0", + "scientific": ">= 0.0.0", + "zlinux": ">= 0.0.0" + }, + "dependencies": { + + }, + "providing": { + + }, + "recipes": { + + }, + "version": "4.2.3", + "source_url": "https://github.com/sous-chefs/yum-epel", + "issues_url": "https://github.com/sous-chefs/yum-epel/issues", + "privacy": false, + "chef_versions": [ + [ + ">= 12.15" + ] + ], + "ohai_versions": [ + + ], + "gems": [ + + ], + "eager_load_libraries": true +} diff --git a/cookbooks/yum-epel/metadata.rb b/cookbooks/yum-epel/metadata.rb new file mode 100644 index 0000000..2414a7e --- /dev/null +++ b/cookbooks/yum-epel/metadata.rb @@ -0,0 +1,16 @@ +name 'yum-epel' +maintainer 'Sous Chefs' +maintainer_email 'help@sous-chefs.org' +license 'Apache-2.0' +description 'Installs and configures the EPEL Yum repository' +version '4.2.3' +source_url 'https://github.com/sous-chefs/yum-epel' +issues_url 'https://github.com/sous-chefs/yum-epel/issues' +chef_version '>= 12.15' + +supports 'amazon' +supports 'centos' +supports 'oracle' +supports 'redhat' +supports 'scientific' +supports 'zlinux' diff --git a/cookbooks/yum-epel/recipes/default.rb b/cookbooks/yum-epel/recipes/default.rb index 4ac475c..f8aa7ac 100644 --- a/cookbooks/yum-epel/recipes/default.rb +++ b/cookbooks/yum-epel/recipes/default.rb @@ -3,7 +3,7 @@ # Cookbook:: yum-epel # Recipe:: default # -# Copyright:: 2013-2017, Chef Software, Inc. +# Copyright:: 2013-2019, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/cookbooks/yum/.foodcritic b/cookbooks/yum/.foodcritic deleted file mode 100644 index b9f8767..0000000 --- a/cookbooks/yum/.foodcritic +++ /dev/null @@ -1 +0,0 @@ -~FC016 diff --git a/cookbooks/yum/CHANGELOG.md b/cookbooks/yum/CHANGELOG.md index c7dcf30..38ea170 100644 --- a/cookbooks/yum/CHANGELOG.md +++ b/cookbooks/yum/CHANGELOG.md @@ -2,6 +2,41 @@ This file is used to list changes made in each version of the yum cookbook. +## 7.2.0 - *2021-09-29* + +- Add `dnf_module` resource for managing DNF modules on RHEL 8+ / Fedora + +## 7.1.0 - *2021-08-29* + +- Add support for DNF (Yum v4) property `install_weak_deps` (#193) + +## 7.0.1 - *2021-08-26* + +- Standardise files with files in sous-chefs/repo-management (#191) + +## 7.0.0 - *2021-08-13* + +- Enable `unified_mode` for Chef 17 compatibility +- Remove deprecated `dnf_yum_compat` recipe + +## 6.1.1 - *2021-06-01* + +## 6.1.0 - *2021-03-24* + +- complete ip_resolve additions started in 6.0.0 + +## 6.0.0 - *2021-01-20* + +- Sous Chefs Adoption +- Cookstyle fixes +- Various testing fixes +- Standardise files with files in sous-chefs/repo-management +- Adding proper distroverpkg assignment for Oracle Linux +- Require 13+ +- Remove RHEL5 references +- Mark `dnf_yum_compat` recipe deprecated +- Add EL8 support + ## 5.1.0 (2017-08-04) - Avoid spec deprecation warnings diff --git a/cookbooks/yum/CONTRIBUTING.md b/cookbooks/yum/CONTRIBUTING.md deleted file mode 100644 index ef2f2b8..0000000 --- a/cookbooks/yum/CONTRIBUTING.md +++ /dev/null @@ -1,2 +0,0 @@ -Please refer to -https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD diff --git a/cookbooks/yum/LICENSE b/cookbooks/yum/LICENSE new file mode 100644 index 0000000..8f71f43 --- /dev/null +++ b/cookbooks/yum/LICENSE @@ -0,0 +1,202 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/cookbooks/yum/README.md b/cookbooks/yum/README.md index 1c00047..1c8ebc3 100644 --- a/cookbooks/yum/README.md +++ b/cookbooks/yum/README.md @@ -1,8 +1,16 @@ # yum Cookbook -[![Build Status](https://travis-ci.org/chef-cookbooks/yum.svg?branch=master)](http://travis-ci.org/chef-cookbooks/yum) [![Cookbook Version](https://img.shields.io/cookbook/v/yum.svg)](https://supermarket.chef.io/cookbooks/yum) +[![Cookbook Version](https://img.shields.io/cookbook/v/yum.svg)](https://supermarket.chef.io/cookbooks/yum) +[![CI State](https://github.com/sous-chefs/yum/workflows/ci/badge.svg)](https://github.com/sous-chefs/yum/actions?query=workflow%3Aci) +[![OpenCollective](https://opencollective.com/sous-chefs/backers/badge.svg)](#backers) +[![OpenCollective](https://opencollective.com/sous-chefs/sponsors/badge.svg)](#sponsors) +[![License](https://img.shields.io/badge/License-Apache%202.0-green.svg)](https://opensource.org/licenses/Apache-2.0) -The Yum cookbook exposes the `yum_globalconfig` resource which allows a user to control global yum behavior. This resources aims to allow the user to configure all options listed in the `yum.conf` man page, found at +The Yum cookbook exposes the `yum_globalconfig` resource which allows a user to control global yum behavior. This resources aims to allow the user to configure all options listed in the `yum.conf` man page, found at + +## Maintainers + +This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks. If you’d like to know more please visit [sous-chefs.org](https://sous-chefs.org/) or come chat with us on the Chef Community Slack in [#sous-chefs](https://chefcommunity.slack.com/messages/C2V7B88SF). ## Requirements @@ -13,7 +21,7 @@ The Yum cookbook exposes the `yum_globalconfig` resource which allows a user to ### Chef -- Chef 12.14+ +- Chef 15.3+ ### Cookbooks @@ -21,43 +29,12 @@ The Yum cookbook exposes the `yum_globalconfig` resource which allows a user to ## Resources -### yum_globalconfig +- [`yum_globalconfig`](documentation/yum_globalconfig.md) +- [`dnf_module`](documentation/dnf_module.md) -This renders a template with global yum configuration parameters. The default recipe uses it to render `/etc/yum.conf`. It is flexible enough to be used in other scenarios, such as building RPMs in isolation by modifying `installroot`. - -#### Example - -```ruby -yum_globalconfig '/my/chroot/etc/yum.conf' do - cachedir '/my/chroot/etc/yum.conf' - keepcache 'yes' - debuglevel '2' - installroot '/my/chroot' - action :create -end -``` - -#### Properties - -`yum_globalconfig` can take most of the same parameters as a `yum_repository`, plus more, too numerous to describe here. Below are a few of the more commonly used ones. For a complete list, please consult the `yum.conf` man page, found here: - -- `cachedir` - Directory where yum should store its cache and db files. The default is '/var/cache/yum'. -- `keepcache` - Either `true` or `false`. Determines whether or not yum keeps the cache of headers and packages after successful installation. Default is `false` -- `debuglevel` - Debug message output level. Practical range is 0-10\. Default is '2'. -- `exclude` - List of packages to exclude from updates or installs. This should be a space separated list. Shell globs using wildcards (eg. * and ?) are allowed. -- `installonlypkgs` = List of package provides that should only ever be installed, never updated. Kernels in particular fall into this category. Defaults to kernel, kernel-bigmem, kernel-enterprise, kernel-smp, kernel-debug, kernel-unsupported, kernel-source, kernel-devel, kernel-PAE, kernel-PAE-debug. -- `logfile` - Full directory and file name for where yum should write its log file. -- `exactarch` - Either `true` or `false`. Set to `true` to make 'yum update' only update the architectures of packages that you have installed. ie: with this enabled yum will not install an i686 package to update an x86_64 package. Default is `true` -- `gpgcheck` - Either `true` or `false`. This tells yum whether or not it should perform a GPG signature check on the packages gotten from this repository. - -### yum_repository - -This resource is now provided by chef-client 12.14 and later and has been removed from this cookbook. If you require this resource we highly recommend upgrading your chef-client, but if that is not an option you can pin the 4.X yum cookbook. - -## Recipes +## Recipes (deprecated) - `default` - Configures `yum_globalconfig[/etc/yum.conf]` with values found in node attributes at `node['yum']['main']` -- `dnf_yum_compat` - Installs the yum package using dnf on Fedora systems to provide support for the package resource in recipes. This is necessary on chef-client < 12.18\. This recipe should be 1st on a Fedora runlist ## Attributes @@ -106,26 +83,27 @@ Recipes from older versions of this cookbook have been moved individual cookbook Put `depends 'yum'` in your metadata.rb to gain access to the yum_repository resource. -## License & Authors +## Contributors -- Author:: Eric G. Wolfe -- Author:: Matt Ray ([matt@chef.io](mailto:matt@chef.io)) -- Author:: Joshua Timberman ([joshua@chef.io](mailto:joshua@chef.io)) -- Author:: Sean OMeara ([someara@chef.io](mailto:someara@chef.io)) +This project exists thanks to all the people who [contribute.](https://opencollective.com/sous-chefs/contributors.svg?width=890&button=false) -```text -Copyright:: 2011 Eric G. Wolfe -Copyright:: 2013-2017 Chef Software, Inc. +### Backers -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at +Thank you to all our backers! - http://www.apache.org/licenses/LICENSE-2.0 +![https://opencollective.com/sous-chefs#backers](https://opencollective.com/sous-chefs/backers.svg?width=600&avatarHeight=40) -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -``` +### Sponsors + +Support this project by becoming a sponsor. Your logo will show up here with a link to your website. + +![https://opencollective.com/sous-chefs/sponsor/0/website](https://opencollective.com/sous-chefs/sponsor/0/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/1/website](https://opencollective.com/sous-chefs/sponsor/1/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/2/website](https://opencollective.com/sous-chefs/sponsor/2/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/3/website](https://opencollective.com/sous-chefs/sponsor/3/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/4/website](https://opencollective.com/sous-chefs/sponsor/4/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/5/website](https://opencollective.com/sous-chefs/sponsor/5/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/6/website](https://opencollective.com/sous-chefs/sponsor/6/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/7/website](https://opencollective.com/sous-chefs/sponsor/7/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/8/website](https://opencollective.com/sous-chefs/sponsor/8/avatar.svg?avatarHeight=100) +![https://opencollective.com/sous-chefs/sponsor/9/website](https://opencollective.com/sous-chefs/sponsor/9/avatar.svg?avatarHeight=100) diff --git a/cookbooks/yum/attributes/main.rb b/cookbooks/yum/attributes/main.rb index 5ac4af7..3592fb8 100644 --- a/cookbooks/yum/attributes/main.rb +++ b/cookbooks/yum/attributes/main.rb @@ -1,11 +1,6 @@ -# http://linux.die.net/man/5/yum.conf -default['yum']['main']['cachedir'] = case node['platform_version'].to_i - when 5 - '/var/cache/yum' - else - '/var/cache/yum/$basearch/$releasever' - end +# http://man7.org/linux/man-pages/man5/yum.conf.5.html +default['yum']['main']['cachedir'] = '/var/cache/yum/$basearch/$releasever' default['yum']['main']['distroverpkg'] = case node['platform'] when 'amazon' 'system-release' @@ -13,55 +8,54 @@ default['yum']['main']['distroverpkg'] = case node['platform'] 'sl-release' when 'redhat' nil + when 'oracle' + 'oraclelinux-release' else "#{node['platform']}-release" end -# default["yum"]["main"]["releasever"] = nil # /.*/ -default['yum']['main']['releasever'] = case node['platform'] - when 'amazon' - 'latest' - end +default['yum']['main']['releasever'] = 'latest' if platform?('amazon') default['yum']['main']['alwaysprompt'] = nil # [true, false] default['yum']['main']['assumeyes'] = nil # [true, false] default['yum']['main']['bandwidth'] = nil # /^\d+$/ -default['yum']['main']['bugtracker_url'] = nil # /.*/ +default['yum']['main']['bugtracker_url'] = nil default['yum']['main']['clean_requirements_on_remove'] = nil # [true, false] default['yum']['main']['color'] = nil # %w{ always never } -default['yum']['main']['color_list_available_downgrade'] = nil # /.*/ -default['yum']['main']['color_list_available_install'] = nil # /.*/ -default['yum']['main']['color_list_available_reinstall'] = nil # /.*/ -default['yum']['main']['color_list_available_upgrade'] = nil # /.*/ -default['yum']['main']['color_list_installed_extra'] = nil # /.*/ -default['yum']['main']['color_list_installed_newer'] = nil # /.*/ -default['yum']['main']['color_list_installed_older'] = nil # /.*/ -default['yum']['main']['color_list_installed_reinstall'] = nil # /.*/ -default['yum']['main']['color_search_match'] = nil # /.*/ -default['yum']['main']['color_update_installed'] = nil # /.*/ -default['yum']['main']['color_update_local'] = nil # /.*/ -default['yum']['main']['color_update_remote'] = nil # /.*/ -default['yum']['main']['commands'] = nil # /.*/ +default['yum']['main']['color_list_available_downgrade'] = nil +default['yum']['main']['color_list_available_install'] = nil +default['yum']['main']['color_list_available_reinstall'] = nil +default['yum']['main']['color_list_available_upgrade'] = nil +default['yum']['main']['color_list_installed_extra'] = nil +default['yum']['main']['color_list_installed_newer'] = nil +default['yum']['main']['color_list_installed_older'] = nil +default['yum']['main']['color_list_installed_reinstall'] = nil +default['yum']['main']['color_search_match'] = nil +default['yum']['main']['color_update_installed'] = nil +default['yum']['main']['color_update_local'] = nil +default['yum']['main']['color_update_remote'] = nil +default['yum']['main']['commands'] = nil default['yum']['main']['deltarpm'] = nil # [true, false] default['yum']['main']['debuglevel'] = nil # /^\d+$/ default['yum']['main']['diskspacecheck'] = nil # [true, false] default['yum']['main']['enable_group_conditionals'] = nil # [true, false] default['yum']['main']['errorlevel'] = nil # /^\d+$/ default['yum']['main']['exactarch'] = nil # [true, false] -default['yum']['main']['exclude'] = nil # /.*/ +default['yum']['main']['exclude'] = nil default['yum']['main']['gpgcheck'] = true # [true, false] -default['yum']['main']['group_package_types'] = nil # /.*/ +default['yum']['main']['group_package_types'] = nil default['yum']['main']['groupremove_leaf_only'] = nil # [true, false] -default['yum']['main']['history_list_view'] = nil # /.*/ +default['yum']['main']['history_list_view'] = nil default['yum']['main']['history_record'] = nil # [true, false] -default['yum']['main']['history_record_packages'] = nil # /.*/ +default['yum']['main']['history_record_packages'] = nil default['yum']['main']['http_caching'] = nil # %w{ packages all none } +default['yum']['main']['ip_resolve'] = nil # %w{ 4 6 } default['yum']['main']['installonly_limit'] = nil # /\d+/, /keep/ -default['yum']['main']['installonlypkgs'] = nil # /.*/ -default['yum']['main']['installroot'] = nil # /.*/ +default['yum']['main']['installonlypkgs'] = nil +default['yum']['main']['installroot'] = nil default['yum']['main']['keepalive'] = nil # [true, false] default['yum']['main']['keepcache'] = false # [true, false] -default['yum']['main']['kernelpkgnames'] = nil # /.*/ +default['yum']['main']['kernelpkgnames'] = nil default['yum']['main']['localpkg_gpgcheck'] = false # [true,# false] -default['yum']['main']['logfile'] = '/var/log/yum.log' # /.*/ +default['yum']['main']['logfile'] = '/var/log/yum.log' default['yum']['main']['max_retries'] = nil # /^\d+$/ default['yum']['main']['mdpolicy'] = nil # %w{ packages all none } default['yum']['main']['metadata_expire'] = nil # /^\d+$/ @@ -69,35 +63,35 @@ default['yum']['main']['mirrorlist_expire'] = nil # /^\d+$/ default['yum']['main']['multilib_policy'] = nil # %w{ all best } default['yum']['main']['obsoletes'] = nil # [true, false] default['yum']['main']['overwrite_groups'] = nil # [true, false] -default['yum']['main']['password'] = nil # /.*/ -default['yum']['main']['path'] = '/etc/yum.conf' # /.*/ -default['yum']['main']['persistdir'] = nil # /.*/ -default['yum']['main']['pluginconfpath'] = nil # /.*/ -default['yum']['main']['pluginpath'] = nil # /.*/ +default['yum']['main']['password'] = nil +default['yum']['main']['path'] = '/etc/yum.conf' +default['yum']['main']['persistdir'] = nil +default['yum']['main']['pluginconfpath'] = nil +default['yum']['main']['pluginpath'] = nil default['yum']['main']['plugins'] = nil # [true, false] -default['yum']['main']['protected_multilib'] = nil # /.*/ -default['yum']['main']['protected_packages'] = nil # /.*/ -default['yum']['main']['proxy'] = nil # /.*/ -default['yum']['main']['proxy_password'] = nil # /.*/ -default['yum']['main']['proxy_username'] = nil # /.*/ -default['yum']['main']['password'] = nil # /.*/ +default['yum']['main']['protected_multilib'] = nil +default['yum']['main']['protected_packages'] = nil +default['yum']['main']['proxy'] = nil +default['yum']['main']['proxy_password'] = nil +default['yum']['main']['proxy_username'] = nil +default['yum']['main']['password'] = nil default['yum']['main']['recent'] = nil # /^\d+$/ default['yum']['main']['repo_gpgcheck'] = nil # [true, false] -default['yum']['main']['reposdir'] = nil # /.*/ +default['yum']['main']['reposdir'] = nil default['yum']['main']['reset_nice'] = nil # [true, false] default['yum']['main']['rpmverbosity'] = nil # %w{ info critical# emergency error warn debug } default['yum']['main']['showdupesfromrepos'] = nil # [true, false] default['yum']['main']['skip_broken'] = nil # [true, false] default['yum']['main']['ssl_check_cert_permissions'] = nil # [true, false] -default['yum']['main']['sslcacert'] = nil # /.*/ -default['yum']['main']['sslclientcert'] = nil # /.*/ -default['yum']['main']['sslclientkey'] = nil # /.*/ +default['yum']['main']['sslcacert'] = nil +default['yum']['main']['sslclientcert'] = nil +default['yum']['main']['sslclientkey'] = nil default['yum']['main']['sslverify'] = nil # [true, false] -default['yum']['main']['syslog_device'] = nil # /.*/ -default['yum']['main']['syslog_facility'] = nil # /.*/ -default['yum']['main']['syslog_ident'] = nil # /.*/ +default['yum']['main']['syslog_device'] = nil +default['yum']['main']['syslog_facility'] = nil +default['yum']['main']['syslog_ident'] = nil default['yum']['main']['throttle'] = nil # [/\d+k/, /\d+M/, /\d+G/] default['yum']['main']['timeout'] = nil # /\d+/ default['yum']['main']['tolerant'] = false -default['yum']['main']['tsflags'] = nil # /.*/ -default['yum']['main']['username'] = nil # /.*/ +default['yum']['main']['tsflags'] = nil +default['yum']['main']['username'] = nil diff --git a/cookbooks/yum/chefignore b/cookbooks/yum/chefignore new file mode 100644 index 0000000..cc170ea --- /dev/null +++ b/cookbooks/yum/chefignore @@ -0,0 +1,115 @@ +# Put files/directories that should be ignored in this file when uploading +# to a Chef Infra Server or Supermarket. +# Lines that start with '# ' are comments. + +# OS generated files # +###################### +.DS_Store +ehthumbs.db +Icon? +nohup.out +Thumbs.db +.envrc + +# EDITORS # +########### +.#* +.project +.settings +*_flymake +*_flymake.* +*.bak +*.sw[a-z] +*.tmproj +*~ +\#* +REVISION +TAGS* +tmtags +.vscode +.editorconfig + +## COMPILED ## +############## +*.class +*.com +*.dll +*.exe +*.o +*.pyc +*.so +*/rdoc/ +a.out +mkmf.log + +# Testing # +########### +.circleci/* +.codeclimate.yml +.delivery/* +.foodcritic +.kitchen* +.mdlrc +.overcommit.yml +.rspec +.rubocop.yml +.travis.yml +.watchr +.yamllint +azure-pipelines.yml +Dangerfile +examples/* +features/* +Guardfile +kitchen.yml* +mlc_config.json +Procfile +Rakefile +spec/* +test/* + +# SCM # +####### +.git +.gitattributes +.gitconfig +.github/* +.gitignore +.gitkeep +.gitmodules +.svn +*/.bzr/* +*/.git +*/.hg/* +*/.svn/* + +# Berkshelf # +############# +Berksfile +Berksfile.lock +cookbooks/* +tmp + +# Bundler # +########### +vendor/* +Gemfile +Gemfile.lock + +# Policyfile # +############## +Policyfile.rb +Policyfile.lock.json + +# Documentation # +############# +CODE_OF_CONDUCT* +CONTRIBUTING* +documentation/* +TESTING* +UPGRADING* + +# Vagrant # +########### +.vagrant +Vagrantfile diff --git a/cookbooks/yum/kitchen.dokken.yml b/cookbooks/yum/kitchen.dokken.yml new file mode 100644 index 0000000..9d2678f --- /dev/null +++ b/cookbooks/yum/kitchen.dokken.yml @@ -0,0 +1,48 @@ +--- +driver: + name: dokken + privileged: true # because Docker and SystemD/Upstart + +transport: + name: dokken + +provisioner: + name: dokken + chef_version: <%= ENV['CHEF_VERSION'] || 'current' %> + chef_license: accept-no-persist + +platforms: + - name: amazonlinux-2 + driver: + image: dokken/amazonlinux-2 + pid_one_command: /usr/lib/systemd/systemd + + - name: centos-7 + driver: + image: dokken/centos-7 + pid_one_command: /usr/lib/systemd/systemd + + - name: centos-8 + driver: + image: dokken/centos-8 + pid_one_command: /usr/lib/systemd/systemd + + - name: centos-stream-8 + driver: + image: dokken/centos-stream-8 + pid_one_command: /usr/lib/systemd/systemd + + - name: oraclelinux-7 + driver: + image: dokken/oraclelinux-7 + pid_one_command: /usr/lib/systemd/systemd + + - name: oraclelinux-8 + driver: + image: dokken/oraclelinux-8 + pid_one_command: /usr/lib/systemd/systemd + + - name: fedora-latest + driver: + image: dokken/fedora-latest + pid_one_command: /usr/lib/systemd/systemd diff --git a/cookbooks/yum/libraries/matchers.rb b/cookbooks/yum/libraries/matchers.rb deleted file mode 100644 index 220238a..0000000 --- a/cookbooks/yum/libraries/matchers.rb +++ /dev/null @@ -1,9 +0,0 @@ -if defined?(ChefSpec) - def create_yum_globalconfig(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:yum_globalconfig, :create, resource_name) - end - - def delete_yum_globalconfig(resource_name) - ChefSpec::Matchers::ResourceMatcher.new(:yum_globalconfig, :delete, resource_name) - end -end diff --git a/cookbooks/yum/metadata.json b/cookbooks/yum/metadata.json index 44a7f68..c2b9d36 100644 --- a/cookbooks/yum/metadata.json +++ b/cookbooks/yum/metadata.json @@ -1 +1,42 @@ -{"name":"yum","version":"5.1.0","description":"Configures various yum components on Red Hat-like systems","long_description":"","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache-2.0","platforms":{"amazon":">= 0.0.0","centos":">= 0.0.0","fedora":">= 0.0.0","oracle":">= 0.0.0","redhat":">= 0.0.0","scientific":">= 0.0.0","zlinux":">= 0.0.0"},"dependencies":{},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{},"source_url":"https://github.com/chef-cookbooks/yum","issues_url":"https://github.com/chef-cookbooks/yum/issues","chef_version":[[">= 12.14"]],"ohai_version":[]} \ No newline at end of file +{ + "name": "yum", + "description": "Configures various yum components on Red Hat-like systems", + "long_description": "", + "maintainer": "Sous Chefs", + "maintainer_email": "help@sous-chefs.org", + "license": "Apache-2.0", + "platforms": { + "amazon": ">= 0.0.0", + "centos": ">= 0.0.0", + "fedora": ">= 0.0.0", + "oracle": ">= 0.0.0", + "redhat": ">= 0.0.0", + "scientific": ">= 0.0.0", + "zlinux": ">= 0.0.0" + }, + "dependencies": { + + }, + "providing": { + + }, + "recipes": { + + }, + "version": "7.2.0", + "source_url": "https://github.com/sous-chefs/yum", + "issues_url": "https://github.com/sous-chefs/yum/issues", + "privacy": false, + "chef_versions": [ + [ + ">= 15.3" + ] + ], + "ohai_versions": [ + + ], + "gems": [ + + ], + "eager_load_libraries": true +} diff --git a/cookbooks/yum/metadata.rb b/cookbooks/yum/metadata.rb new file mode 100644 index 0000000..4f6c382 --- /dev/null +++ b/cookbooks/yum/metadata.rb @@ -0,0 +1,17 @@ +name 'yum' +maintainer 'Sous Chefs' +maintainer_email 'help@sous-chefs.org' +license 'Apache-2.0' +description 'Configures various yum components on Red Hat-like systems' +version '7.2.0' +source_url 'https://github.com/sous-chefs/yum' +issues_url 'https://github.com/sous-chefs/yum/issues' +chef_version '>= 15.3' + +supports 'amazon' +supports 'centos' +supports 'fedora' +supports 'oracle' +supports 'redhat' +supports 'scientific' +supports 'zlinux' diff --git a/cookbooks/yum/recipes/default.rb b/cookbooks/yum/recipes/default.rb index e489fb2..76cd2b0 100644 --- a/cookbooks/yum/recipes/default.rb +++ b/cookbooks/yum/recipes/default.rb @@ -3,7 +3,7 @@ # Author:: Joshua Timberman () # Recipe:: yum::default # -# Copyright:: 2013-2017, Chef Software, Inc () +# Copyright:: 2013-2019, Chef Software, Inc () # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/cookbooks/yum/recipes/dnf_yum_compat.rb b/cookbooks/yum/recipes/dnf_yum_compat.rb deleted file mode 100644 index d88fecf..0000000 --- a/cookbooks/yum/recipes/dnf_yum_compat.rb +++ /dev/null @@ -1,29 +0,0 @@ -# -# Author:: Tim Smith () -# Recipe:: yum::fedora_yum_compat -# -# Copyright:: 2015-2017, Chef Software, Inc () -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -execute 'make yum cache' do - command 'yum makecache' - action :nothing -end - -execute 'install yum' do - command 'dnf install yum -y' - not_if { ::File.exist?('/var/lib/yum') } - action :nothing - notifies :run, 'execute[make yum cache]', :immediately -end.run_action(:run) diff --git a/cookbooks/yum/resources/dnf_module.rb b/cookbooks/yum/resources/dnf_module.rb new file mode 100644 index 0000000..e256d32 --- /dev/null +++ b/cookbooks/yum/resources/dnf_module.rb @@ -0,0 +1,104 @@ +resource_name :dnf_module +provides :dnf_module + +unified_mode true + +property :module_name, String, + name_property: true, + description: 'Name of the module to install' + +property :options, [String, Array], + coerce: proc { |x| Array(x) }, + default: [], + description: 'Any additional options to pass to DNF' + +action_class do + def supported? + (platform_family?('rhel') && node['platform_version'] >= 8) || platform?('fedora') + end + + def list_modules(type) + raw_output = shell_out!('dnf -q module list').stdout.split("\n") + raw_output.keep_if { |l| l.match? /\[#{type}\]/ } + raw_output.map { |l| "#{l.split[0]}:#{l.split[1]}" }[0..-2] # remove Hint: line from end + end + + def enabled_modules + # extract modules from the rest of the output -- the lines with [e] (for enabled) + list_modules('e') + end + + def disabled_modules + # extract modules from the rest of the output -- the lines with [x] (for disabled) + # disable disables all versions of the stream, so add entry without :version + dl = list_modules('x') + dl + dl.map { |m| m.split(':').first }.uniq + end + + def installed_modules + # extract modules from the rest of the output -- the lines with [i] (for installed) + list_modules('i') + end + + def opts + new_resource.options.join(' ') + end +end + +action :switch_to do + return unless supported? + + unless enabled_modules.include?(new_resource.module_name) + converge_by "switch to #{new_resource.module_name}" do + shell_out!("dnf -qy module switch-to #{opts} '#{new_resource.module_name}'") + end + end +end + +action :enable do + return unless supported? + + unless enabled_modules.include?(new_resource.module_name) + converge_by "enable #{new_resource.module_name}" do + shell_out!("dnf -qy module enable #{opts} '#{new_resource.module_name}'") + end + end +end + +action :disable do + return unless supported? + + unless disabled_modules.include?(new_resource.module_name) + converge_by "disable #{new_resource.module_name}" do + shell_out!("dnf -qy module disable #{opts} '#{new_resource.module_name}'") + end + end +end + +action :install do + return unless supported? + + unless installed_modules.include?(new_resource.module_name) + converge_by "install #{new_resource.module_name}" do + shell_out!("dnf -qy module install #{opts} '#{new_resource.module_name}'") + end + end +end + +action :remove do + return unless supported? + + if installed_modules.include?(new_resource.module_name) + converge_by "remove #{new_resource.module_name}" do + shell_out!("dnf -qy module remove #{opts} '#{new_resource.module_name}'") + end + end +end + +action :reset do + return unless supported? + + converge_by "reset #{new_resource.module_name}" do + shell_out!("dnf -qy module reset #{opts} '#{new_resource.module_name}'") + end +end diff --git a/cookbooks/yum/resources/globalconfig.rb b/cookbooks/yum/resources/globalconfig.rb index d294767..5049e79 100644 --- a/cookbooks/yum/resources/globalconfig.rb +++ b/cookbooks/yum/resources/globalconfig.rb @@ -3,7 +3,7 @@ # Resource:: repository # # Author:: Sean OMeara -# Copyright:: 2013-2017, Chef Software, Inc. +# Copyright:: 2013-2020, Chef Software, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,90 +18,137 @@ # limitations under the License. # -# http://linux.die.net/man/5/yum.conf -property :alwaysprompt, [true, false] -property :assumeyes, [true, false] -property :bandwidth, String, regex: /^\d+/ -property :bugtracker_url, String, regex: /.*/ -property :clean_requirements_on_remove, [true, false] -property :cachedir, String, regex: /.*/, default: '/var/cache/yum/$basearch/$releasever' -property :color, String, equal_to: %w(always never) -property :color_list_available_downgrade, String, regex: /.*/ -property :color_list_available_install, String, regex: /.*/ -property :color_list_available_reinstall, String, regex: /.*/ -property :color_list_available_upgrade, String, regex: /.*/ -property :color_list_installed_extra, String, regex: /.*/ -property :color_list_installed_newer, String, regex: /.*/ -property :color_list_installed_older, String, regex: /.*/ -property :color_list_installed_reinstall, String, regex: /.*/ -property :color_search_match, String, regex: /.*/ -property :color_update_installed, String, regex: /.*/ -property :color_update_local, String, regex: /.*/ -property :color_update_remote, String, regex: /.*/ -property :commands, String, regex: /.*/ -property :debuglevel, String, regex: /^\d+$/, default: '2' -property :deltarpm, [true, false] -property :diskspacecheck, [true, false] -property :distroverpkg, String, regex: /.*/ -property :enable_group_conditionals, [true, false] -property :errorlevel, String, regex: /^\d+$/ +# http://man7.org/linux/man-pages/man5/yum.conf.5.html + +unified_mode true + +property :alwaysprompt, [true, false], description: 'When true yum will not prompt for confirmation when the list of packages to be installed exactly matches those given on the command line. Unless assumeyes is enabled, it will prompt when additional packages need to be installed to fulfill dependencies regardless of this setting. Note that older versions of yum would also always prompt for package removal, and that is no longer true.' +property :assumeno, [true, false], description: "If yum would prompt for confirmation of critical actions, assume the user chose no. This is basically the same as doing 'echo | yum ...' but is a bit more usable. This option overrides assumeyes, but is still subject to alwaysprompt." +property :assumeyes, [true, false], description: 'Determines whether or not yum prompts for confirmation of critical actions.' +property :autocheck_running_kernel, [true, false], description: "Set this to false to disable the automatic checking of the running kernel against updateinfo ('yum updateinfo check-running-kernel'), in the 'check-update' and 'updateinfo summary' commands." +property :autosavets, [true, false], description: 'Should yum automatically save a transaction to a file when the transaction is solved but not run. Yum defaults to True' +property :bandwidth, String, regex: /^\d+/, description: "Use to specify the maximum available network bandwidth in bytes/second. Used with the throttle property. If throttle is a percentage and bandwidth is '0' then bandwidth throttling will be disabled. If throttle is expressed as a data rate (bytes/sec) then this option is ignored." +property :bugtracker_url, String, description: 'URL where bugs should be filed for yum. Configurable for local versions or distro-specific bugtrackers.' +property :cachedir, String, default: '/var/cache/yum/$basearch/$releasever', description: 'Directory where yum should store its cache and db files.' +property :cashe_root_dir, String, description: "Directory where yum would initialize the cashe, should almost certainly be left at the default. Yum's default is '/var/cache/CAShe'. Note that unlike all other configuration, this does not change with installroot, the reason is so that multiple install root can share the same data. See man cashe for more info." +property :check_config_file_age, [true, false], description: 'Specifies whether yum should auto metadata expire repos that are older than any of the configuration files that led to them (usually the yum.conf file and the foo.repo file).' +property :clean_requirements_on_remove, [true, false], description: "When removing packages (by removal, update or obsoletion) go through each package's dependencies. If any of them are no longer required by any other package then also mark them to be removed." +property :color, String, equal_to: %w(always never), description: 'Display colorized output automatically, depending on the output terminal' +property :color_list_available_downgrade, String +property :color_list_available_install, String +property :color_list_available_reinstall, String +property :color_list_available_upgrade, String +property :color_list_installed_extra, String +property :color_list_installed_newer, String +property :color_list_installed_older, String +property :color_list_installed_reinstall, String +property :color_search_match, String +property :color_update_installed, String +property :color_update_local, String +property :color_update_remote, String +property :commands, String, description: "List of functional commands to run if no functional commands are specified on the command line (eg. 'update foo bar baz quux'). None of the short options (eg. -y, -e, -d) are accepted for this option." +property :debuglevel, String, regex: /^\d+$/, default: '2', description: 'Debug message output level 0-10.' +property :deltarpm, [String, Integer], description: "When non-zero, delta-RPM files are used if available. The value specifies the maximum number of 'applydeltarpm' processes Yum will spawn, if the value is negative then yum works out how many cores you have and multiplies that by the value (cores=2, deltarpm=-2; 4 processes). (2 by default).\nNote that the 'applydeltarpm' process uses a significant amount of disk IO, so running too many instances can significantly slow down all disk IO including the downloads that yum is doing (thus. a too high value can make everything slower)." +property :deltarpm_metadata_percentage, String, description: "When the relative size of deltarpm metadata vs pkgs is larger than this, deltarpm metadata is not downloaded from the repo. Yum's default value is 100 (Deltarpm metadata must be smaller than the packages from the repo). Note that you can give values over 100, so 200 means that the metadata is required to be half the size of the packages. Use '0' to turn off this check, and always download metadata." +property :deltarpm_percentage, String, description: "When the relative size of delta vs pkg is larger than this, delta is not used. Yum's default value is 75 (Deltas must be at least 25% smaller than the pkg). Use '0' to turn off delta rpm processing. Local repositories (with file:// baseurl) have delta rpms turned off by default." +property :depsolve_loop_limit, Integer, description: "Set the number of times any attempt to depsolve before we just give up. This shouldn't be needed as yum should always solve or fail, however it has been observed that it can loop forever with very large system upgrades. Setting this to `0' (or " > ") makes yum try forever. Yum's default is '100'." +property :disable_excludes, [true, false], description: 'Permanently set the --disableexcludes command line option.' +property :diskspacecheck, [true, false], description: 'Set this to false to disable the checking for sufficient diskspace and inodes before a RPM transaction is run.' +property :distroverpkg, String, description: "The package used by yum to determine the 'version' of the distribution, this sets $releasever for use in config. files. This can be any installed package. Default is 'system-release(releasever)', 'redhat-release'. Yum will now look at the version provided by the provide, and if that is non-empty then will use the full V(-R), otherwise it uses the version of the package." +property :enable_group_conditionals, [true, false], description: 'Determines whether yum will allow the use of conditionals packages.' +property :errorlevel, String, regex: /^\d+$/, description: 'Error message output level 0-10.' property :exactarch, [true, false], default: true -property :exclude, String, regex: /.*/ -property :gpgcheck, [true, false], default: true -property :group_package_types, String, regex: /.*/ -property :groupremove_leaf_only, [true, false] -property :history_list_view, String, equal_to: %w(users commands single-user-commands) -property :history_record, [true, false] -property :history_record_packages, String, regex: /.*/ -property :http_caching, String, equal_to: %w(packages all none) -property :installonly_limit, String, regex: [/^\d+/, /keep/], default: '3' -property :installonlypkgs, String, regex: /.*/ -property :installroot, String, regex: /.*/ -property :keepalive, [true, false] -property :keepcache, [true, false], default: false -property :kernelpkgnames, String, regex: /.*/ -property :localpkg_gpgcheck, [true, false] -property :logfile, String, regex: /.*/, default: '/var/log/yum.log' -property :max_retries, String, regex: /^\d+$/ -property :mdpolicy, String, equal_to: %w(instant group:primary group:small group:main group:all) -property :metadata_expire, String, regex: [/^\d+$/, /^\d+[mhd]$/, /never/] -property :mirrorlist_expire, String, regex: /^\d+$/ -property :multilib_policy, String, equal_to: %w(all best) -property :obsoletes, [true, false] -property :overwrite_groups, [true, false] -property :password, String, regex: /.*/ -property :path, String, regex: /.*/, name_property: true -property :persistdir, String, regex: /.*/ -property :pluginconfpath, String, regex: /.*/ -property :pluginpath, String, regex: /.*/ -property :plugins, [true, false], default: true -property :protected_multilib, [true, false] -property :protected_packages, String, regex: /.*/ -property :proxy, String, regex: /.*/ -property :proxy_password, String, regex: /.*/ -property :proxy_username, String, regex: /.*/ -property :recent, String, regex: /^\d+$/ -property :releasever, String, regex: /.*/ -property :repo_gpgcheck, [true, false] -property :reposdir, String, regex: /.*/ -property :reset_nice, [true, false] -property :rpmverbosity, String, equal_to: %w(info critical emergency error warn debug) -property :showdupesfromrepos, [true, false] -property :skip_broken, [true, false] -property :ssl_check_cert_permissions, [true, false] -property :sslcacert, String, regex: /.*/ -property :sslclientcert, String, regex: /.*/ -property :sslclientkey, String, regex: /.*/ -property :sslverify, [true, false] -property :syslog_device, String, regex: /.*/ -property :syslog_facility, String, regex: /.*/ -property :syslog_ident, String, regex: /.*/ -property :throttle, String, regex: [/\d+k/, /\d+M/, /\d+G/] -property :timeout, String, regex: /^\d+$/ -property :tolerant, [true, false] -property :tsflags, String, regex: /.*/ -property :username, String, regex: /.*/ +property :exactarchlist, String, description: "List of packages that should never change archs in an update. That means, if a package has a newer version available which is for a different compatible arch, yum will not consider that version an update if the package name is in this list. For example, on x86_64, foo-1.x86_64 won't be updated to foo-2.i686 if foo is in this list. Kernels in particular fall into this category. Shell globs using wildcards (eg. * and ?) are allowed." +property :exclude, String, description: "List of packages to exclude from all repositories, so yum works as if that package was never in the repositories. This should be a space separated list. This is commonly used so a package isn't upgraded or installed accidentally, but can be used to remove packages in any way that 'yum list' will show packages. Shell globs using wildcards (eg. * and ?) are allowed." +property :exit_on_lock, [true, false], description: 'Should the yum client exit immediately when something else has the lock. Yum defaults to false' +property :fssnap_abort_on_errors, String, equal_to: %w(), description: "When fssnap_automatic_pre or fssnap_automatic_post is enabled, it's possible to specify which fssnap errors should make the transaction fail. Yum's default is 'any'.\n'broken-setup' - Abort current transaction if snapshot support is unavailable because lvm is missing or broken.\n'snapshot-failure' - Abort current transaction if creating a snapshot fails (e.g. there is not enough free space to make a snapshot).\n'any' - Abort current transaction if any of the above occurs.\n'none' - Never abort a transaction in case of errors." +property :fssnap_automatic_keep, Integer, description: "How many old snapshots should yum keep when trying to automatically create a new snapshot. Setting to 0 disables this feature. Yum's default is '1'" +property :fssnap_automatic_post, [true, false], description: 'Should yum try to automatically create a snapshot after it runs a transaction. Yum defaults to False' +property :fssnap_automatic_pre, [true, false], description: 'Should yum try to automatically create a snapshot before it runs a transaction. Yum defaults to False' +property :fssnap_devices, String, description: 'The origin LVM devices to use for snapshots. Wildcards and negation are allowed, first match (positive or negative) wins. Default is: !*/swap !*/lv_swap glob:/etc/yum/fssnap.d/*.conf' +property :fssnap_percentage, Integer, description: "The size of new snaphosts, expressed as a percentage of the old origin device. Any number between 1 and 100. Yum defaults to '100'." +property :ftp_disable_epsv, [true, false], description: 'This options disables Extended Passive Mode (the EPSV command) which does not work correctly on some buggy ftp servers.' +property :gpgcheck, [true, false], default: true, description: 'This tells yum whether or not it should perform a GPG signature check on packages. When this is set in the [main] section it sets the default for all repositories.' +property :group_command, String, equal_to: %w(simple compat objects), description: "Tells yum what to do for group install/upgrade/remove commands.\nSimple acts like you did yum group cmd $(repoquery --group --list group), so it is very easy to reason about what will happen. Alas. this is often not what people want to happen.\nCompat. works much like simple, except that when you run 'group upgrade' it actually runs 'group install' (this means that you get any new packages added to the group, but you also get packages added that were there before and you didn't want). \nObjects makes groups act like a real object, separate from the packages they contain. Yum keeps track of the groups you have installed, so 'group upgrade' will install new packages for the group but not install old ones. It also knows about group members that are installed but weren't installed as part of the group, and won't remove those on 'group remove'. Running 'yum upgrade' will also run 'yum group upgrade' (thus. adding new packages for all groups)." +property :group_package_types, String, description: "List of the following: optional, default, mandatory. Tells yum which type of packages in groups will be installed when 'groupinstall' is called." +property :groupremove_leaf_only, [true, false], description: "Used to determine yum's behaviour when the groupremove command is run. If groupremove_leaf_only is false (default) then all packages in the group will be removed. If groupremove_leaf_only is true then only those packages in the group that aren't required by another package will be removed." +property :history_list_view, String, equal_to: %w(users commands single-user-commands), description: "Which column of information to display in the 'yum history list' command." +property :history_record, [true, false], description: 'Should yum record history entries for transactions. This takes some disk space, and some extra time in the transactions. But it allows how to know a lot of information about what has happened before, and display it to the user with the history info/list/summary commands. yum also provides the history undo/redo commands.' +property :history_record_packages, String, description: 'This is a list of package names that should be recorded as having helped the transaction. yum plugins have an API to add themselves to this, so it should not normally be necessary to add packages here. Not that this is also used for the packages to look for in --version. Defaults to rpm, yum, yum-metadata-parser.' +property :http_caching, String, equal_to: %w(packages all none), description: "Determines how upstream HTTP caches are instructed to handle any HTTP downloads that Yum does. This option can take the following values: all' means that all HTTP downloads should be cached. 'packages' means that only RPM package downloads should be cached (but not repository metadata downloads). 'none' means that no HTTP downloads should be cached." +property :installonly_limit, String, regex: [/^\d+/, /keep/], default: '3', description: "Number of packages listed in installonlypkgs to keep installed at the same time. Setting to 0 disables this feature. Default is '0'. Note that this functionality used to be in the 'installonlyn' plugin, where this option was altered via tokeep. Note that as of version 3.2.24, yum will now look in the yumdb for a installonly attribute on installed packages. If that attribute is 'keep', then they will never be removed." +property :installonlypkgs, String, description: 'List of package provides that should only ever be installed, never updated. Kernels in particular fall into this category. Defaults to kernel, kernel-bigmem, kernel-enterprise, kernel-smp, kernel-modules, kernel-debug, kernel- unsupported, kernel-source, kernel-devel, kernel-PAE, kernel- PAE-debug.' +property :installroot, String, description: 'Specifies an alternative installroot, relative to which all packages will be installed.' +property :install_weak_deps, [true, false], description: "When this option is set to true and a new package is about to be installed, all packages linked by a weak dependency relation (i.e., Recommends or Supplements flags) with this package will be pulled into the transaction. Default is DNF's default of true." +property :ip_resolve, [String, Integer], equal_to: [4, '4', 6, '6'], description: "Determines how yum resolves host names. '4': resolve to IPv4 addresses only. '6': resolve to IPv6 addresses only." +property :keepalive, [true, false], description: 'Set whether HTTP keepalive should be used for HTTP/1.1 servers that support it. This can improve transfer speeds by using one connection when downloading multiple files from a repository.' +property :keepcache, [true, false], default: false, description: 'Determines whether or not yum keeps the cache of headers and packages after successful installation.' +property :kernelpkgnames, String, description: 'List of package names that are kernels. This is really only here for the updating of kernel packages and should be removed out in the yum 2.1 series.' +property :loadts_ignoremissing, [true, false], description: "Should the load-ts command ignore packages that are missing. This includes packages in the TS to be removed, which aren't installed, and packages in the TS to be added, which aren't available. If this is set to true, and an rpm is missing then loadts_ignorenewrpm is automatically set to true. Yum defaults to False." +property :loadts_ignorenewrpm, [true, false], description: 'Should the load-ts command ignore the future rpmdb version or abort if there is a mismatch between the TS file and what will happen on the current machine. Note that if loadts_ignorerpm is True, this option does nothing. Yum defaults to False' +property :loadts_ignorerpm, [true, false], description: 'Should the load-ts command ignore the rpmdb version (yum version nogroups) or abort if there is a mismatch between the TS file and the current machine. If this is set to true, then loadts_ignorenewrpm is automatically set to true. Yum defaults to False' +property :localpkg_gpgcheck, [true, false], description: 'This tells yum whether or not it should perform a GPG signature check on local packages (packages in a file, not in a repositoy).' +property :logfile, String, default: '/var/log/yum.log', description: 'Full directory and file name for where yum should write its log file.' +property :max_connections, String, regex: /^\d+/, description: 'The maximum number of simultaneous connections. This overrides the urlgrabber default of 5 connections. Note that there are also implicit per-mirror limits and the downloader honors these too.' +property :mddownloadpolicy, String, equal_to: %w(sqlite xml), description: "You can select which kinds of repodata you would prefer yum to download:\n'sqlite' - Download the .sqlite files, if available. This is currently slightly faster, once they are downloaded. However these files tend to be bigger, and thus. take longer to download. \n'xml' - Download the .XML files, which yum will do anyway as a fallback on the other options. These files tend to be smaller, but they require parsing/converting locally after download and some aditional checks are performed on them each time they are used." +property :mdpolicy, String, equal_to: %w(instant group:primary group:small group:main group:all), description: "You can select from different metadata download policies depending on how much data you want to download with the main repository metadata index. The advantages of downloading more metadata with the index is that you can't get into situations where you need to use that metadata later and the versions available aren't compatible (or the user lacks privileges) and that if the metadata is corrupt in any way yum will revert to the previous metadata.\n'instant' - Just download the new metadata index, this is roughly what yum always did, however it now does some checking on the index and reverts if it classifies it as bad.\n'group:primary' - Download the primary metadata with the index. This contains most of the package information and so is almost always required anyway.\n'group:small' - With the primary also download the updateinfo metadata, groups, and pkgtags. This is required for yum-security operations and it also used in the graphical clients. This file also tends to be significantly smaller than most others. This is the default. \n'group:main' - With the primary and updateinfo download the filelists metadata and the group metadata. The filelists data is required for operations like 'yum install /bin/bash', and also some dependency resolutions require it. The group data is used in some graphical clients and for group operations like 'yum grouplist Base'.\n'group:all' - Download all metadata listed in the index, currently the only one not listed above is the other metadata, which contains the changelog information which is used by yum-changelog. This is what 'yum makecache' uses." +property :metadata_expire, String, regex: [/^\d+$/, /^\d+[mhd]$/, /never/], description: "Time (in seconds) after which the metadata will expire. So that if the current metadata downloaded is less than this many seconds old then yum will not update the metadata against the repository. If you find that yum is not downloading information on updates as often as you would like lower the value of this option. You can also change from the default of using seconds to using days, hours or minutes by appending a d, h or m respectively. The default is 6 hours, to compliment yum-updatesd running once an hour. It's also possible to use the word 'never', meaning that the metadata will never expire. Note that when using a metalink file the metalink must always be newer than the metadata for the repository, due to the validation, so this timeout also applies to the metalink file." +property :metadata_expire_filter, String, equal_to: %w(never read-only:past read-only:present read-only:future), description: "Filter the metadata_expire time, allowing a trade of speed for accuracy if a command doesn't require it. Each yum command can specify that it requires a certain level of timeliness quality from the remote repos. from 'I\'m about to install/upgrade, so this better be current' to 'Anything that\'s available is good enough'. \n'never' - Nothing is filtered, always obey metadata_expire. \n'read-only:past' - Commands that only care about past\ information are filtered from metadata expiring. Eg. yum history info (if history needs to lookup anything about a previous transaction, then by definition the remote package was available in the past). \n'read-only:present' - Commands that are balanced between past and future. This is the default. Eg. yum list yum\n'read-only:future' - Commands that are likely to result in running other commands which will require the latest metadata. Eg. yum check-update\nNote that this option requires that all the enabled repositories be roughly the same freshness (meaning the cache age difference from one another is at most 5 days). Failing that, metadata_expire will always be obeyed, just like with 'never'.\nAlso note that this option does not override 'yum clean expire-cache'." +property :minrate, String, description: "This sets the low speed threshold in bytes per second. If the server is sending data slower than this for at least 'timeout' seconds, Yum aborts the connection." +property :mirrorlist_expire, String, regex: /^\d+$/, description: 'Time (in seconds) after which the mirrorlist locally cached will expire. If the current mirrorlist is less than this many seconds old then yum will not download another copy of the mirrorlist, it has the same extra format as metadata_expire. If you find that yum is not downloading the mirrorlists as often as you would like lower the value of this option.' +property :multilib_policy, String, equal_to: %w(all best), description: "The policy installation policy. Can be set to 'all' or 'best'. All means install all possible arches for any package you want to install. Therefore yum install foo will install foo.i386 and foo.x86_64 on x86_64, if it is available. Best means install the best arch for this platform, only. " +property :obsoletes, [true, false], description: "This option only has affect during an update. It enables yum's obsoletes processing logic. Useful when doing distribution level upgrades. See also the yum upgrade command documentation for more details" property :options, Hash +property :override_install_langs, [true, false], description: "This is a way to override rpm's _install_langs macro. without having to change it within rpm's macro file" +property :overwrite_groups, [true, false], description: "Used to determine yum's behaviour if two or more repositories offer the package groups with the same name. If overwrite_groups is true then the group packages of the last matching repository will be used. If overwrite_groups is false then the groups from all matching repositories will be merged together as one large group. Note that this option does not override remove_leaf_only, so enabling that option means this has almost no affect." +property :password, String, description: 'password to use with the username for basic authentication.' +property :path, String, name_property: true +property :persistdir, String, description: 'Directory where yum should store information that should persist over multiple runs.' +property :pluginconfpath, String, description: 'A list of directories where yum should look for plugin configuration files.' +property :pluginpath, String, description: 'A list of directories where yum should look for plugin modules.' +property :plugins, [true, false], default: true, description: 'Global switch to enable or disable yum plugins.' +property :protected_multilib, [true, false], description: 'This tells yum whether or not it should perform a check to make sure that multilib packages are the same version. For example, if this option is off (rpm behavior) then in some cases it might be possible for pkgA-1.x86_64 and pkgA-2.i386 to be installed at the same time. However this is very rarely desired. Install only packages, like the kernel, are exempt from this check.' +property :protected_packages, String, description: 'This is a list of packages that yum should never completely remove. They are protected via Obsoletes as well as user/plugin removals.' +property :proxy, String, description: 'URL to the proxy server that yum should use.' +property :proxy_password, String, description: 'The password for the specified proxy.' +property :proxy_username, String, description: 'The username for the specified proxy.' +property :query_install_excludes, [true, false], description: 'This applies the command line exclude option (only, not the configuration exclude above) to installed packages being shown in some query commands' +property :recent, String, regex: /^\d+$/, description: "Number of days back to look for 'recent' packages added to a repository." +property :recheck_installed_requires, [true, false], description: "When upgrading a package do we recheck any requirements that existed in the old package. Turning this on shouldn't do anything but slow yum depsolving down, however using rpm --nodeps etc. can break the rpmdb and then this will help." +property :releasever, String +property :remove_leaf_only, [true, false], description: "Used to determine yum's behaviour when a package is removed. If remove_leaf_only is false then packages, and their deps, will be removed. If remove_leaf_only is true then only those packages that aren't required by another package will be removed." +property :repo_gpgcheck, [true, false], description: 'This tells yum whether or not it should perform a GPG signature check on the repodata. When this is set in the [main] section it sets the default for all repositories.' +property :repopkgsremove_leaf_only, [true, false], description: "Used to determine yum's behaviour when the repo-pkg remove command is run. If repopkgremove_leaf_only is false then all packages in the repo. will be removed. If repopkgremove_leaf_only is true then only those packages in the repo. that aren't required by another package will be removed. Note that this option does not override remove_leaf_only, so enabling that option means this has almost no affect." +property :reposdir, String, description: "A list of directories where yum should look for .repo files which define repositories to use. Default is '/etc/yum/repos.d'. Each file in this directory should contain one or more repository sections as documented in [repository] options below. These will be merged with the repositories defined in /etc/yum/yum.conf to form the complete set of repositories that yum will use." +property :requires_policy, String, equal_to: %w(strong weak info), description: 'Strong means install just the needed requirements. Weak means also install any weak requirements. Info means install all requirements. This only happens on install/reinstall, upgrades/downgrades do not consult this at all. Note that yum will try to just drop weak and info requirements on errors.' +property :reset_nice, [true, false], description: 'If set to true then yum will try to reset the nice value to zero, before running an rpm transaction.' +property :retries, String, regex: /^\d+$/, description: "Set the number of times any attempt to retrieve a file should retry before returning an error. Setting this to '0' makes yum try forever." +property :rpmverbosity, String, equal_to: %w(info critical emergency error warn debug), description: 'Debug scriptlet output level.' +property :shell_exit_status, String, equal_to: %w(0 ?), description: "Determines the exit status that should be returned by `yum shell' when it terminates after reading the `exit' command or EOF. If ? is set, the exit status is that of the last command executed before `exit' (bash-like behavior). Yum defaults to 0." +property :showdupesfromrepos, [true, false], description: 'Set to true if you wish to show any duplicate packages from any repository, from package listings like the info or list commands. Set to false if you want only to see the newest packages from any repository.' +property :skip_broken, [true, false], description: 'Resolve depsolve problems by removing packages that are causing problems from the transaction.' +property :skip_missing_names_on_install, [true, false], description: "If set to False, 'yum install' will fail if it can't find any of the provided names (package, group, rpm file). Yum's default is true." +property :skip_missing_names_on_update, [true, false], description: "If set to False, 'yum update' will fail if it can't find any of the provided names (package, group, rpm file). It will also fail if the provided name is a package which is available, but not installed. Yum's default is true." +property :ssl_check_cert_permissions, [true, false], description: "Whether yum should check the permissions on the paths for the certificates on the repository (both remote and local). If we can't read any of the files then yum will force skip_if_unavailable to be true. This is most useful for non-root processes which use yum on repos. that have client cert files which are readable only by root." +property :sslcacert, String, description: 'Path to the directory containing the databases of the certificate authorities yum should use to verify SSL certificates.' +property :sslclientcert, String, description: 'Path to the SSL client certificate yum should use to connect to repos/remote sites.' +property :sslclientkey, String, description: 'Path to the SSL client key yum should use to connect to repos/remote sites.' +property :sslverify, [true, false], description: 'Should yum verify SSL certificates/hosts at all.' +property :syslog_device, String, description: 'Where to log syslog messages. Can be a local device (path) or a host:port string to use a remote syslog. If empty or points to a nonexistent device, syslog logging is disabled.' +property :syslog_facility, String, description: 'Facility name for syslog messages.' +property :syslog_ident, String, description: 'Identification (program name) for syslog messages.' +property :throttle, String, regex: [/\d+k/, /\d+M/, /\d+G/], description: "Enable bandwidth throttling for downloads. This option can be expressed as a absolute data rate in bytes/sec. An SI prefix (k, M or G) may be appended to the bandwidth value (eg. '5.5k' is 5.5 kilobytes/sec, '2M' is 2 Megabytes/sec)." +property :timeout, String, regex: /^\d+$/, description: 'Number of seconds to wait for a connection before timing out.' +property :tolerant, [true, false], description: "If enabled, yum will go slower, checking for things that shouldn't be possible making it more tolerant of external errors. Default to '0' (not tolerant)." +property :tsflags, String, description: "Comma or space separated list of transaction flags to pass to the rpm transaction set. These include 'noscripts', 'notriggers', 'nodocs', 'test', 'justdb' and 'nocontexts'. 'repackage' is also available but that does nothing with newer rpm versions. You can set all/any of them. However, if you don't know what these do in the context of an rpm transaction set you're best leaving it alone." +property :ui_repoid_vars, String, description: 'When a repository id is displayed, append these yum variables to the string if they are used in the baseurl/etc. Variables are appended in the order listed (and found).' +property :upgrade_group_objects_upgrade, [true, false], description: "Set this to false to disable the automatic running of 'group upgrade' when running the 'upgrade' command, and group_command is set to 'objects'." +property :upgrade_requirements_on_install, [true, false], description: "When installing/reinstalling/upgrading packages go through each package's installed dependencies and check for an update." +property :usercache, String, description: "Determines whether or not yum should store per-user cache in $TMPDIR. When set to '0', then whenever yum runs as a non-root user, --cacheonly is implied and system cache is used directly, and no new user cache is created in $TMPDIR. This can be used to prevent $TMPDIR from filling up if many users on the system often use yum and root tends to have up-to-date metadata that the users can rely on (they can still enable this feature with --setopt if they wish)." +property :username, String, description: 'username to use for basic authentication to a repo or really any url.' +property :usr_w_check, [true, false], description: "Set this to false to disable the checking for writability on /usr in the installroot (when going into the depsolving stage). Yum's default is true." + +alias_method :max_retries, :retries action :create do template new_resource.path do diff --git a/cookbooks/yum/templates/main.erb b/cookbooks/yum/templates/main.erb index 19e6710..28a163f 100644 --- a/cookbooks/yum/templates/main.erb +++ b/cookbooks/yum/templates/main.erb @@ -1,4 +1,4 @@ -# This file was generated by Chef +# This file was generated by Chef Infra Client # Do NOT modify this file by hand. [main] @@ -113,6 +113,16 @@ history_record_packages=<%= @config.history_record_packages %> <% if @config.http_caching %> http_caching=<%= @config.http_caching %> <% end %> +<% if @config.ip_resolve %> +ip_resolve=<%= @config.ip_resolve %> +<% end %> +<% unless @config.install_weak_deps.nil? %> +<% if @config.install_weak_deps %> +install_weak_deps=1 +<% else %> +install_weak_deps=0 +<% end %> +<% end %> <% if @config.installonly_limit %> installonly_limit=<%= @config.installonly_limit %> <% end %> diff --git a/nodes/bitcoin-2.json b/nodes/bitcoin-2.json index d4548b3..aaa9fcf 100644 --- a/nodes/bitcoin-2.json +++ b/nodes/bitcoin-2.json @@ -25,7 +25,7 @@ "kosmos-bitcoin::lnd", "kosmos-bitcoin::rtl", "kosmos-bitcoin::lndhub", - "kosmos-postgresql::hostsfile", + "kosmos_postgresql::hostsfile", "kosmos-bitcoin::dotnet", "kosmos-bitcoin::nbxplorer", "kosmos-bitcoin::btcpay", From 38756fd296199848daa4e65e440b62941acfde65 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Sun, 5 Dec 2021 16:11:09 -0600 Subject: [PATCH 03/86] Upgrade Mastodon to latest version Using a new branch with freshly added Kosmos changes on top of the upstream release code. --- nodes/mastodon-1.json | 4 ++-- site-cookbooks/kosmos-mastodon/attributes/default.rb | 2 ++ site-cookbooks/kosmos-mastodon/recipes/default.rb | 8 ++++---- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/nodes/mastodon-1.json b/nodes/mastodon-1.json index df0c363..3be877f 100644 --- a/nodes/mastodon-1.json +++ b/nodes/mastodon-1.json @@ -8,7 +8,7 @@ "automatic": { "fqdn": "mastodon-1", "os": "linux", - "os_version": "5.4.0-1031-kvm", + "os_version": "5.4.0-1050-kvm", "hostname": "mastodon-1", "ipaddress": "192.168.122.197", "roles": [ @@ -18,7 +18,7 @@ "recipes": [ "kosmos-base", "kosmos-base::default", - "kosmos-postgresql::hostsfile", + "kosmos_postgresql::hostsfile", "kosmos-mastodon", "kosmos-mastodon::default", "kosmos-mastodon::nginx", diff --git a/site-cookbooks/kosmos-mastodon/attributes/default.rb b/site-cookbooks/kosmos-mastodon/attributes/default.rb index 0a92707..0110dfc 100644 --- a/site-cookbooks/kosmos-mastodon/attributes/default.rb +++ b/site-cookbooks/kosmos-mastodon/attributes/default.rb @@ -1,3 +1,5 @@ +node.default["kosmos-mastodon"]["repo"] = "https://gitea.kosmos.org/kosmos/mastodon.git" +node.default["kosmos-mastodon"]["revision"] = "kosmos-production" node.default["kosmos-mastodon"]["directory"] = "/opt/mastodon" node.default["kosmos-mastodon"]["puma_port"] = 3000 node.default["kosmos-mastodon"]["streaming_port"] = 4000 diff --git a/site-cookbooks/kosmos-mastodon/recipes/default.rb b/site-cookbooks/kosmos-mastodon/recipes/default.rb index 37cf214..e37d03b 100644 --- a/site-cookbooks/kosmos-mastodon/recipes/default.rb +++ b/site-cookbooks/kosmos-mastodon/recipes/default.rb @@ -46,7 +46,7 @@ npm_package "yarn" do version "1.22.4" end -ruby_version = "2.6.6" +ruby_version = "2.7.2" execute "systemctl daemon-reload" do command "systemctl daemon-reload" @@ -106,8 +106,8 @@ application mastodon_path do git do user mastodon_user group mastodon_user - repository "https://gitea.kosmos.org/kosmos/mastodon.git" - revision "production" + repository node["kosmos-mastodon"]["repo"] + revision node["kosmos-mastodon"]["revision"] # Restart services on deployments notifies :restart, "application[#{mastodon_path}]", :delayed end @@ -153,7 +153,7 @@ application mastodon_path do end execute 'rake db:migrate' do - environment "RAILS_ENV" => "production", "HOME" => mastodon_path + environment "RAILS_ENV" => "production", "HOME" => mastodon_path#, "SKIP_POST_DEPLOYMENT_MIGRATIONS" => "true" user mastodon_user group mastodon_user cwd mastodon_path From a0de016e1c6bb2fb8a2fbb1bb358ee5a3f015359 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Sun, 5 Dec 2021 16:27:05 -0600 Subject: [PATCH 04/86] Add single sidekiq process for new scheduler queue --- .../kosmos-mastodon/recipes/default.rb | 16 ++++++++++++++++ ...stodon-sidekiq-scheduler.systemd.service.erb | 17 +++++++++++++++++ 2 files changed, 33 insertions(+) create mode 100644 site-cookbooks/kosmos-mastodon/templates/default/mastodon-sidekiq-scheduler.systemd.service.erb diff --git a/site-cookbooks/kosmos-mastodon/recipes/default.rb b/site-cookbooks/kosmos-mastodon/recipes/default.rb index e37d03b..ccb999d 100644 --- a/site-cookbooks/kosmos-mastodon/recipes/default.rb +++ b/site-cookbooks/kosmos-mastodon/recipes/default.rb @@ -77,6 +77,18 @@ template "/lib/systemd/system/mastodon-sidekiq.service" do notifies :restart, "service[mastodon-sidekiq]", :delayed end +# mastodon-sidekiq-scheduler service +# +template "/lib/systemd/system/mastodon-sidekiq-scheduler.service" do + source "mastodon-sidekiq-scheduler.systemd.service.erb" + variables user: mastodon_user, + app_dir: mastodon_path, + bundle_path: "/opt/ruby_build/builds/#{ruby_version}/bin/bundle", + sidekiq_threads: 1 + notifies :run, "execute[systemctl daemon-reload]", :immediately + notifies :restart, "service[mastodon-sidekiq-scheduler]", :delayed +end + # mastodon-streaming service # template "/lib/systemd/system/mastodon-streaming.service" do @@ -176,6 +188,10 @@ application mastodon_path do action [:enable, :start] end + service "mastodon-sidekiq-scheduler" do + action [:enable, :start] + end + service "mastodon-streaming" do action [:enable, :start] end diff --git a/site-cookbooks/kosmos-mastodon/templates/default/mastodon-sidekiq-scheduler.systemd.service.erb b/site-cookbooks/kosmos-mastodon/templates/default/mastodon-sidekiq-scheduler.systemd.service.erb new file mode 100644 index 0000000..238855d --- /dev/null +++ b/site-cookbooks/kosmos-mastodon/templates/default/mastodon-sidekiq-scheduler.systemd.service.erb @@ -0,0 +1,17 @@ +[Unit] +Description=mastodon-sidekiq-scheduler +Requires=redis-server.service +After=redis-server.service + +[Service] +Type=simple +User=<%= @user %> +WorkingDirectory=<%= @app_dir %> +Environment="RAILS_ENV=production" +Environment="LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libjemalloc.so.1" +ExecStart=<%= @bundle_path %> exec sidekiq -c <%= @sidekiq_threads %> -q scheduler +TimeoutSec=15 +Restart=always + +[Install] +WantedBy=multi-user.target From 0b80d490a8f0fc50bf81c4435b8d2abe4580097a Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Thu, 23 Dec 2021 13:04:50 +0100 Subject: [PATCH 05/86] Back up LND dir to S3 --- site-cookbooks/kosmos-bitcoin/recipes/lnd.rb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb b/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb index e800b31..8db4249 100644 --- a/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb +++ b/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb @@ -118,3 +118,8 @@ if node['bitcoin']['tor_enabled'] node.override['tor']['ControlPort'] = 9051 node.override['tor']['CookieAuthentication'] = true end + +unless node.chef_environment == 'development' + node.override['backup']['archives']['lnd'] = [node['lnd']['lnd_dir']] + include_recipe 'backup' +end From 57b5a244fa28e4b069141de2a6a9ced9e59cc401 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Thu, 23 Dec 2021 13:05:44 +0100 Subject: [PATCH 06/86] Remove superfluous license header --- site-cookbooks/backup/recipes/default.rb | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/site-cookbooks/backup/recipes/default.rb b/site-cookbooks/backup/recipes/default.rb index 564bcaf..f2b9fa2 100644 --- a/site-cookbooks/backup/recipes/default.rb +++ b/site-cookbooks/backup/recipes/default.rb @@ -2,26 +2,6 @@ # Cookbook Name:: backup # Recipe:: default # -# Copyright 2012, Appcache Ltd / 5apps.com -# -# Permission is hereby granted, free of charge, to any person obtaining -# a copy of this software and associated documentation files (the -# "Software"), to deal in the Software without restriction, including -# without limitation the rights to use, copy, modify, merge, publish, -# distribute, sublicense, and/or sell copies of the Software, and to -# permit persons to whom the Software is furnished to do so, subject to -# the following conditions: -# -# The above copyright notice and this permission notice shall be -# included in all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE -# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION -# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION -# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. build_essential 'backup gem' From 56f58f3a1bacc2781e6ae81779ce2fa91692bb07 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Thu, 23 Dec 2021 13:06:12 +0100 Subject: [PATCH 07/86] Install/configure AWS client --- .../kosmos-bitcoin/recipes/aws-client.rb | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 site-cookbooks/kosmos-bitcoin/recipes/aws-client.rb diff --git a/site-cookbooks/kosmos-bitcoin/recipes/aws-client.rb b/site-cookbooks/kosmos-bitcoin/recipes/aws-client.rb new file mode 100644 index 0000000..04e6d84 --- /dev/null +++ b/site-cookbooks/kosmos-bitcoin/recipes/aws-client.rb @@ -0,0 +1,29 @@ +# +# Cookbook:: kosmos-bitcoin +# Recipe:: aws-client +# + +package "awscli" + +directory "/root/.aws" + +credentials = Chef::EncryptedDataBagItem.load('credentials', 'backup') + +file "/root/.aws/config" do + mode "600" + content lazy { <<-EOF +[default] +region = #{credentials["s3_region"]} + EOF + } +end + +file "/root/.aws/credentials" do + mode "600" + content lazy { <<-EOF +[default] +aws_access_key_id = #{credentials["s3_access_key_id"]} +aws_secret_access_key = #{credentials["s3_secret_access_key"]} + EOF + } +end From 31f4a547a9d4e8a7450589877c163203462b9905 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Thu, 23 Dec 2021 13:06:32 +0100 Subject: [PATCH 08/86] Backup LND SCB to S3 on change closes #359 --- nodes/bitcoin-2.json | 9 ++-- .../kosmos-bitcoin/recipes/lnd-scb-s3.rb | 47 +++++++++++++++++++ .../templates/lnd-channel-backup-s3.sh.erb | 7 +++ 3 files changed, 60 insertions(+), 3 deletions(-) create mode 100644 site-cookbooks/kosmos-bitcoin/recipes/lnd-scb-s3.rb create mode 100644 site-cookbooks/kosmos-bitcoin/templates/lnd-channel-backup-s3.sh.erb diff --git a/nodes/bitcoin-2.json b/nodes/bitcoin-2.json index aaa9fcf..5340527 100644 --- a/nodes/bitcoin-2.json +++ b/nodes/bitcoin-2.json @@ -23,6 +23,7 @@ "kosmos-bitcoin::source", "kosmos-bitcoin::c-lightning", "kosmos-bitcoin::lnd", + "kosmos-bitcoin::lnd-scb-s3", "kosmos-bitcoin::rtl", "kosmos-bitcoin::lndhub", "kosmos_postgresql::hostsfile", @@ -48,6 +49,9 @@ "git::default", "git::package", "golang::default", + "backup::default", + "logrotate::default", + "kosmos-bitcoin::aws-client", "kosmos-nodejs::default", "nodejs::nodejs_from_package", "nodejs::repo", @@ -70,9 +74,7 @@ "nginx::commons_dir", "nginx::commons_script", "nginx::commons_conf", - "kosmos-nginx::firewall", - "backup::default", - "logrotate::default" + "kosmos-nginx::firewall" ], "platform": "ubuntu", "platform_version": "20.04", @@ -94,6 +96,7 @@ "recipe[kosmos-bitcoin::source]", "recipe[kosmos-bitcoin::c-lightning]", "recipe[kosmos-bitcoin::lnd]", + "recipe[kosmos-bitcoin::lnd-scb-s3]", "recipe[kosmos-bitcoin::rtl]", "recipe[kosmos-bitcoin::lndhub]", "role[btcpay]" diff --git a/site-cookbooks/kosmos-bitcoin/recipes/lnd-scb-s3.rb b/site-cookbooks/kosmos-bitcoin/recipes/lnd-scb-s3.rb new file mode 100644 index 0000000..25d794d --- /dev/null +++ b/site-cookbooks/kosmos-bitcoin/recipes/lnd-scb-s3.rb @@ -0,0 +1,47 @@ +# +# Cookbook:: kosmos-bitcoin +# Recipe:: lnd-scb-s3 +# +# Static Channel Backup for LND channel states +# + +include_recipe "kosmos-bitcoin::aws-client" + +package "inotify-tools" + +backup_script_path = "/opt/lnd-channel-backup-s3.sh" + +template backup_script_path do + source "lnd-channel-backup-s3.sh.erb" + mode '0740' + variables lnd_dir: node['lnd']['lnd_dir'], + bitcoin_network: node['bitcoin']['network'], + s3_bucket: node['backup']['s3']['bucket'], + s3_scb_dir: "#{node['name']}/lnd/#{node['bitcoin']['network']}" + notifies :restart, "systemd_unit[lnd-channel-backup.service]", :delayed +end + +systemd_unit 'lnd-channel-backup.service' do + content({ + Unit: { + Description: 'LND Static Channel Backup', + Documentation: ['https://gist.github.com/alexbosworth/2c5e185aedbdac45a03655b709e255a3'], + Requires: 'lnd.service', + After: 'lnd.service' + }, + Service: { + User: 'root', + Group: 'root', + Type: 'simple', + ExecStart: backup_script_path, + Restart: 'always', + RestartSec: 1 + }, + Install: { + WantedBy: 'multi-user.target' + } + }) + verify false + triggers_reload true + action [:create, :enable, :start] +end diff --git a/site-cookbooks/kosmos-bitcoin/templates/lnd-channel-backup-s3.sh.erb b/site-cookbooks/kosmos-bitcoin/templates/lnd-channel-backup-s3.sh.erb new file mode 100644 index 0000000..d5b1c80 --- /dev/null +++ b/site-cookbooks/kosmos-bitcoin/templates/lnd-channel-backup-s3.sh.erb @@ -0,0 +1,7 @@ +#!/bin/bash +set -xe -o pipefail + +while true; do + inotifywait <%= @lnd_dir %>/data/chain/bitcoin/<%= @bitcoin_network %>/channel.backup + aws s3 cp <%= @lnd_dir %>/data/chain/bitcoin/<%= @bitcoin_network %>/channel.backup "s3://<%= @s3_bucket %>/<%= @s3_scb_dir %>/channel.backup" +done From f6fe3bab0f6c72126cdb5ddff9ce457e5789257a Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Thu, 6 Jan 2022 08:12:42 -0600 Subject: [PATCH 09/86] Connect to IRC bouncer instead of directly Changes botka on libera to connect to a bouncer, which also uses SASL, in order to fix the connection issues and keep a stable connection with minimal maintenance. --- .../credentials/botka_irc-libera-chat.json | 58 ++++++++++++++----- .../recipes/botka_irc-libera-chat.rb | 21 +++---- 2 files changed, 54 insertions(+), 25 deletions(-) diff --git a/data_bags/credentials/botka_irc-libera-chat.json b/data_bags/credentials/botka_irc-libera-chat.json index 96547eb..f1676c4 100644 --- a/data_bags/credentials/botka_irc-libera-chat.json +++ b/data_bags/credentials/botka_irc-libera-chat.json @@ -1,37 +1,65 @@ { "id": "botka_irc-libera-chat", "rs_logger_token": { - "encrypted_data": "2CYA4uMDMcTA3/TnoUkZ/WoB573oFn5oZk6zJmgc0MwCjYlKxhOTO6JZV5NF\nrQh0b6DS\n", - "iv": "ZDSklJrhSJknQTGJ\n", - "auth_tag": "RZVkeuP7iu1a/HkeIyM9/Q==\n", + "encrypted_data": "K0totr/aUIZ/ArLHLsXOCtpmhYRyebJv5GOsYEgCo3s2ObdYOWsDEIkhj7ho\nf9fFwdii\n", + "iv": "zpdygbdrCqumn2Us\n", + "auth_tag": "xqjaUt8BjBPNNKas47gzmA==\n", "version": 3, "cipher": "aes-256-gcm" }, "nickserv_password": { - "encrypted_data": "NXPE0ouvPESbBVRDDg362LaHVfeOqo+BEh4PkE5XeA==\n", - "iv": "4iESOnvAyMLF2TNs\n", - "auth_tag": "PiJvYy++dZls1t+goXui2w==\n", + "encrypted_data": "QBKx59optTSTfhLAtZ1h0dcQD1Xh7/ornslRb4en1A==\n", + "iv": "DrpHZPcfac7Cq4wf\n", + "auth_tag": "CUI9Wf/EObL3CpEr8MfqLw==\n", + "version": 3, + "cipher": "aes-256-gcm" + }, + "znc_host": { + "encrypted_data": "U7n5uu39L6ShcnLY3iKuRsUZpI4NuZvBnBkqedc=\n", + "iv": "QFqfqQEjxmi1O12z\n", + "auth_tag": "uLXLy7AGt1/SarBx8QpWSw==\n", + "version": 3, + "cipher": "aes-256-gcm" + }, + "znc_port": { + "encrypted_data": "T2lZ6mXjUwlulpyqkM1VTBGf2zU/SBi+\n", + "iv": "BtF1HBLST3RmYk/s\n", + "auth_tag": "htf0Clo/9H5FWbTwFc4W8Q==\n", + "version": 3, + "cipher": "aes-256-gcm" + }, + "znc_user": { + "encrypted_data": "q/rGDx8G51/MlFr/fE29GyZmEC7e9OnSJK07yCABNw==\n", + "iv": "Lvj2yLTpWba1cOLT\n", + "auth_tag": "V43rrkVYDXmZ7csTKiQpJg==\n", + "version": 3, + "cipher": "aes-256-gcm" + }, + "znc_password": { + "encrypted_data": "0QZxtYSDiYEfXGm3rMsAmE2lUWa1P5X0L1d7jHIdPww=\n", + "iv": "+yICaeYVn1HtaVYS\n", + "auth_tag": "7qe/85sww2TCc31/l0Gszw==\n", "version": 3, "cipher": "aes-256-gcm" }, "gcm_api_key": { - "encrypted_data": "QaF+kUTZbx3fK9QXua9QPq0f8ACZbrj+FEvlcMiv9x469OMOxTHfL2+cF6X2\nyK+1zYtl8byiMdLmSQ==\n", - "iv": "whutD4hY4htiEePI\n", - "auth_tag": "EF19h8haFSNHsOM/oVkcRQ==\n", + "encrypted_data": "UnarSxLUWt9JUUxRH7yeeA1VKOvePwwCCPO1Vi0F6hl/1P8HOxpGp2O1a/1R\nC78KVFfi9vmLa2Gwlw==\n", + "iv": "C25lCAZeEiki0Ruq\n", + "auth_tag": "XhtL3J79PpltMLs6Y2xg9A==\n", "version": 3, "cipher": "aes-256-gcm" }, "vapid_public_key": { - "encrypted_data": "dw1LEyE/hksxM+H0ExgIWXgrhFYzFo/dmps4/ct8mG2Se0ukYJ7OI5uJYI1E\nUaaZ+feqK2nic0GsnkaY++SI4Us+RNGoOu0J67CWooy8KIVdGGmxHx/rOI2L\n9S9zbo+8TE3KYBWrHa2jyw==\n", - "iv": "PaqtzI+RgtL/VeKE\n", - "auth_tag": "BPQcLAEWN4cPlrTylfwD/Q==\n", + "encrypted_data": "LU7E8wwKSrJLzsM1yDl6MO/SiVQ600NWpLhZFO+cb5jfHGoU4x0Zvo9zKVle\nG+SGzvm+OM14ld2MTbHCCtSkHuIR+tO2lrDg19gnQRmHRrf4A8Vbhl7nQ33E\ntwKjo2UUTSYQGGeNbSAOHw==\n", + "iv": "ppveJZXb2+nFHOwP\n", + "auth_tag": "ZcY9O5NCenlWrp4zS9uSjQ==\n", "version": 3, "cipher": "aes-256-gcm" }, "vapid_private_key": { - "encrypted_data": "Czly/hPyXa529rlxe3Ab3ea/Hg53iSW3Mpz1d8Aimuojih9GhWWFytY8YH9T\nwAINhXw7toST5o3LLjQjPkk=\n", - "iv": "XZeA6abV1Fi9Q3wm\n", - "auth_tag": "02zb8q+WDLj+mF+bJRWXxQ==\n", + "encrypted_data": "69aGVRJOA4MjErS5uB4HG4Y4vw4ch6t6xe0AFN1Ir5a6uC7JULy5pTWpht/k\n5KWSJgynjYH405bIompkTMo=\n", + "iv": "zofy6sRjLVO2q/XD\n", + "auth_tag": "f79xkUJpaoYhcCLqA7WURQ==\n", "version": 3, "cipher": "aes-256-gcm" } diff --git a/site-cookbooks/kosmos-hubot/recipes/botka_irc-libera-chat.rb b/site-cookbooks/kosmos-hubot/recipes/botka_irc-libera-chat.rb index 5f569ec..00db622 100644 --- a/site-cookbooks/kosmos-hubot/recipes/botka_irc-libera-chat.rb +++ b/site-cookbooks/kosmos-hubot/recipes/botka_irc-libera-chat.rb @@ -17,7 +17,7 @@ include_recipe "kosmos-nodejs" include_recipe "kosmos-redis" application app_path do - data_bag = Chef::EncryptedDataBagItem.load('credentials', app_name) + credentials = Chef::EncryptedDataBagItem.load('credentials', app_name) owner app_user group app_group @@ -63,11 +63,12 @@ application app_path do environment: { "HUBOT_LOG_LEVEL" => node.chef_environment == "development" ? "debug" : "info", "HUBOT_IRC_USESSL" => "true", - "HUBOT_IRC_SERVER" => "irc.libera.chat", - "HUBOT_IRC_PORT" => "6697", + "HUBOT_IRC_SERVER" => credentials["znc_host"], + "HUBOT_IRC_PORT" => credentials["znc_port"], "HUBOT_IRC_NICK" => "botka", - "HUBOT_IRC_NICKSERV_USERNAME" => "botka", - "HUBOT_IRC_NICKSERV_PASSWORD" => data_bag['nickserv_password'], + "HUBOT_IRC_USERNAME" => credentials['znc_user'], + "HUBOT_IRC_PASSWORD" => credentials['znc_password'], + "HUBOT_IRC_REALNAME" => "botka (kosmos)", "HUBOT_IRC_ROOMS" => "#kosmos,#kosmos-dev,#kosmos-random,#remotestorage,#hackerbeach,#unhosted,#sockethub,#mastodon", "HUBOT_IRC_UNFLOOD" => "100", "HUBOT_RSS_PRINTSUMMARY" => "false", @@ -78,13 +79,13 @@ application app_path do "HUBOT_AUTH_ADMIN" => "bkero,raucao", "HUBOT_HELP_REPLY_IN_PRIVATE" => "true", "RS_LOGGER_USER" => "kosmos@5apps.com", - "RS_LOGGER_TOKEN" => data_bag['rs_logger_token'], - "RS_LOGGER_SERVER_NAME" => "freenode", + "RS_LOGGER_TOKEN" => credentials['rs_logger_token'], + "RS_LOGGER_SERVER_NAME" => "irc.libera.chat", "RS_LOGGER_PUBLIC" => "true", - "GCM_API_KEY" => data_bag['gcm_api_key'], + "GCM_API_KEY" => credentials['gcm_api_key'], "VAPID_SUBJECT" => "https://kosmos.org", - "VAPID_PUBLIC_KEY" => data_bag['vapid_public_key'], - "VAPID_PRIVATE_KEY" => data_bag['vapid_private_key'] + "VAPID_PUBLIC_KEY" => credentials['vapid_public_key'], + "VAPID_PRIVATE_KEY" => credentials['vapid_private_key'] } ) notifies :run, "execute[systemctl daemon-reload]", :delayed From 14cc2c0eb03702df7f34e039c2a607058a34f556 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Sat, 8 Jan 2022 16:38:01 -0600 Subject: [PATCH 10/86] Fix lndhub balances with on-chain topups Removes the bitcoind RPC config entirely, so lndhub only uses LND's transaction monitoring. The bitcoind integration is broken as is. --- site-cookbooks/kosmos-bitcoin/recipes/lndhub.rb | 6 +----- .../kosmos-bitcoin/templates/lndhub.config.js.erb | 3 --- 2 files changed, 1 insertion(+), 8 deletions(-) diff --git a/site-cookbooks/kosmos-bitcoin/recipes/lndhub.rb b/site-cookbooks/kosmos-bitcoin/recipes/lndhub.rb index c919ef7..1921279 100644 --- a/site-cookbooks/kosmos-bitcoin/recipes/lndhub.rb +++ b/site-cookbooks/kosmos-bitcoin/recipes/lndhub.rb @@ -11,7 +11,6 @@ app_dir = "/opt/#{app_name}" lnd_dir = node['lnd']['lnd_dir'] bitcoin_user = node['bitcoin']['username'] bitcoin_group = node['bitcoin']['usergroup'] -bitcoin_credentials = Chef::EncryptedDataBagItem.load('credentials', 'bitcoin') application app_dir do owner bitcoin_user @@ -46,10 +45,7 @@ application app_dir do owner bitcoin_user group bitcoin_group mode '0600' - variables bitcoin_rpc_host: node['bitcoin']['conf']['rpcbind'], - bitcoin_rpc_user: node['bitcoin']['conf']['rpcuser'], - bitcoin_rpc_pass: bitcoin_credentials["rpcpassword"], - lnd_rpc_host: '127.0.0.1:10009' + variables lnd_rpc_host: '127.0.0.1:10009' notifies :restart, "systemd_unit[lndhub.service]", :delayed end diff --git a/site-cookbooks/kosmos-bitcoin/templates/lndhub.config.js.erb b/site-cookbooks/kosmos-bitcoin/templates/lndhub.config.js.erb index 86933bf..99b7858 100644 --- a/site-cookbooks/kosmos-bitcoin/templates/lndhub.config.js.erb +++ b/site-cookbooks/kosmos-bitcoin/templates/lndhub.config.js.erb @@ -4,9 +4,6 @@ let config = { rateLimit: 200, forwardReserveFee: 0.01, // default 0.01 intraHubFee: 0.003, // default 0.003 - bitcoind: { - rpc: 'http://<%= @bitcoin_rpc_user %>:<%= @bitcoin_rpc_pass %>@<%= @bitcoin_rpc_host %>/wallet/wallet.dat', - }, redis: { port: 6379, host: '127.0.0.1', From 3d54f7052fea5b42324ef8b6c173ccce8df8cb35 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Wed, 5 Jan 2022 11:39:55 -0600 Subject: [PATCH 11/86] Upgrade c-lightning to 0.10.2 --- site-cookbooks/kosmos-bitcoin/attributes/default.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-cookbooks/kosmos-bitcoin/attributes/default.rb b/site-cookbooks/kosmos-bitcoin/attributes/default.rb index 5d73674..b89cfcc 100644 --- a/site-cookbooks/kosmos-bitcoin/attributes/default.rb +++ b/site-cookbooks/kosmos-bitcoin/attributes/default.rb @@ -29,7 +29,7 @@ node.default['bitcoin']['conf'] = { node.default['bitcoin']['tor_enabled'] = true node.default['c-lightning']['repo'] = 'https://github.com/ElementsProject/lightning' -node.default['c-lightning']['revision'] = 'v0.10.0' +node.default['c-lightning']['revision'] = 'v0.10.2' node.default['c-lightning']['source_dir'] = '/opt/c-lightning' node.default['c-lightning']['lightning_dir'] = "/home/#{node['bitcoin']['username']}/.lightning" node.default['c-lightning']['alias'] = 'ln3.kosmos.org' From 0e9a657090dd5aa4cd7fd8340061351d0899bae5 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Wed, 5 Jan 2022 11:40:09 -0600 Subject: [PATCH 12/86] Upgrade BTCPay to 1.3.7 --- site-cookbooks/kosmos-bitcoin/attributes/default.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-cookbooks/kosmos-bitcoin/attributes/default.rb b/site-cookbooks/kosmos-bitcoin/attributes/default.rb index b89cfcc..c6b2246 100644 --- a/site-cookbooks/kosmos-bitcoin/attributes/default.rb +++ b/site-cookbooks/kosmos-bitcoin/attributes/default.rb @@ -72,7 +72,7 @@ node.default['nbxplorer']['config_path'] = "/home/#{node['bitcoin']['username']} node.default['nbxplorer']['port'] = '24445' node.default['btcpay']['repo'] = 'https://github.com/btcpayserver/btcpayserver' -node.default['btcpay']['revision'] = 'v1.1.2' +node.default['btcpay']['revision'] = 'v1.3.7' node.default['btcpay']['source_dir'] = '/opt/btcpay' node.default['btcpay']['config_path'] = "/home/#{node['bitcoin']['username']}/.btcpayserver/Main/settings.config" node.default['btcpay']['log_path'] = "/home/#{node['bitcoin']['username']}/.btcpayserver/debug.log" From d53e1b538bf5224599be31bfbb47e61f4d78e44c Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Sat, 8 Jan 2022 17:16:45 -0600 Subject: [PATCH 13/86] Update nbxplorer to 2.2.18 --- site-cookbooks/kosmos-bitcoin/attributes/default.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-cookbooks/kosmos-bitcoin/attributes/default.rb b/site-cookbooks/kosmos-bitcoin/attributes/default.rb index c6b2246..ab4dceb 100644 --- a/site-cookbooks/kosmos-bitcoin/attributes/default.rb +++ b/site-cookbooks/kosmos-bitcoin/attributes/default.rb @@ -66,7 +66,7 @@ node.default['dotnet']['ms_packages_src_url'] = "https://packages.microsoft.com/ node.default['dotnet']['ms_packages_src_checksum'] = "4df5811c41fdded83eb9e2da9336a8dfa5594a79dc8a80133bd815f4f85b9991" node.default['nbxplorer']['repo'] = 'https://github.com/dgarage/NBXplorer' -node.default['nbxplorer']['revision'] = 'v2.1.52' +node.default['nbxplorer']['revision'] = 'v2.2.18' node.default['nbxplorer']['source_dir'] = '/opt/nbxplorer' node.default['nbxplorer']['config_path'] = "/home/#{node['bitcoin']['username']}/.nbxplorer/Main/settings.config" node.default['nbxplorer']['port'] = '24445' From a2c5295afdc5533377dc1d37447e93517b6d5878 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Fri, 19 Mar 2021 14:18:57 +0100 Subject: [PATCH 14/86] Create ejabberd-3 VM --- clients/ejabberd-3.json | 4 ++++ nodes/ejabberd-3.json | 52 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+) create mode 100644 clients/ejabberd-3.json create mode 100644 nodes/ejabberd-3.json diff --git a/clients/ejabberd-3.json b/clients/ejabberd-3.json new file mode 100644 index 0000000..061b8d6 --- /dev/null +++ b/clients/ejabberd-3.json @@ -0,0 +1,4 @@ +{ + "name": "ejabberd-3", + "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA14PSaCOKMDIIBbSZcmRw\nvVx95IYJ7kZGUwo8xsVJyf4o1+oKKGfvsjVBacP4DxMJ/+g58Sc/j9risD2d5Ke9\nJ93BIaspPB3bQf+w84AVDJIqvRAhbmcYEqCq1vnddXiSw5ZWplTX4dAVV8P2c++i\nb0Ork2cj1x1r/FdAgHnhuSh4HMtWyo6Zo7Uh63kX9Ag4CTAV+OPF5ZSxyQTVdL2E\n/5gomouxgxME6bnE6PmS1Abls10UARe7btT5eykW/weEIe/mJ4MLEGyqWe5bmZt2\nF4aaYdCsCNA3f6hehcCegeMkPxuG/2oSyk2TKT2c3UuAELA15rGM353Dr1hxbZoe\nRQIDAQAB\n-----END PUBLIC KEY-----\n" +} \ No newline at end of file diff --git a/nodes/ejabberd-3.json b/nodes/ejabberd-3.json new file mode 100644 index 0000000..9644195 --- /dev/null +++ b/nodes/ejabberd-3.json @@ -0,0 +1,52 @@ +{ + "name": "ejabberd-3", + "normal": { + "knife_zero": { + "host": "10.1.1.212" + } + }, + "automatic": { + "fqdn": "ejabberd-3", + "os": "linux", + "os_version": "5.4.0-1026-kvm", + "hostname": "ejabberd-3", + "ipaddress": "192.168.122.93", + "roles": [ + + ], + "recipes": [ + "kosmos-base", + "kosmos-base::default", + "apt::default", + "timezone_iii::default", + "timezone_iii::debian", + "ntp::default", + "ntp::apparmor", + "kosmos-base::systemd_emails", + "apt::unattended-upgrades", + "kosmos-base::firewall", + "kosmos-postfix::default", + "postfix::default", + "postfix::_common", + "postfix::_attributes", + "postfix::sasl_auth", + "hostname::default" + ], + "platform": "ubuntu", + "platform_version": "20.04", + "cloud": null, + "chef_packages": { + "ohai": { + "version": "15.12.0", + "ohai_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/ohai-15.12.0/lib/ohai" + }, + "chef": { + "version": "15.15.1", + "chef_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.15.1/lib" + } + } + }, + "run_list": [ + "recipe[kosmos-base]" + ] +} \ No newline at end of file From 14d83b43762fe21fb2c6ec1a57fe5312beb69df2 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Wed, 24 Mar 2021 15:29:10 +0100 Subject: [PATCH 15/86] Add ejabberd-4 VM --- clients/ejabberd-4.json | 4 ++++ nodes/ejabberd-4.json | 52 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+) create mode 100644 clients/ejabberd-4.json create mode 100644 nodes/ejabberd-4.json diff --git a/clients/ejabberd-4.json b/clients/ejabberd-4.json new file mode 100644 index 0000000..14b1eaa --- /dev/null +++ b/clients/ejabberd-4.json @@ -0,0 +1,4 @@ +{ + "name": "ejabberd-4", + "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6FuI13W2sft83OIWe59/\nYTfpTfKcYTCq5zAQEu87OYHHQeBAYo0W/g/qICh3qw0ie2QMPyggAezoeR5VQdLt\nkJq1X9AHqyX59YThzj7dLCCEKq+mAdriuKzNGu8eml4DRM3m+xw7jFzcwwrD8ECZ\nY+Kn7bcOtozx0mXpEm+cO2cOKmRQn0VJwAQSe6eW301iGmpR9et4hDqMjhiUiwaU\nWAqpsmP/JQMLAX2gLzwilD63VCQlcQCDq/D1m/N6bWb1L47zNAzwOCSYV92bGNDe\nRe+4gCVVLpfGWKbkjQFDraCmME7+O50WpbfowylF8gOzgl3AvnpC/LOSzT8VtMPr\nZQIDAQAB\n-----END PUBLIC KEY-----\n" +} \ No newline at end of file diff --git a/nodes/ejabberd-4.json b/nodes/ejabberd-4.json new file mode 100644 index 0000000..a0e516e --- /dev/null +++ b/nodes/ejabberd-4.json @@ -0,0 +1,52 @@ +{ + "name": "ejabberd-4", + "normal": { + "knife_zero": { + "host": "10.1.1.113" + } + }, + "automatic": { + "fqdn": "ejabberd-4", + "os": "linux", + "os_version": "5.4.0-1026-kvm", + "hostname": "ejabberd-4", + "ipaddress": "192.168.122.39", + "roles": [ + + ], + "recipes": [ + "kosmos-base", + "kosmos-base::default", + "apt::default", + "timezone_iii::default", + "timezone_iii::debian", + "ntp::default", + "ntp::apparmor", + "kosmos-base::systemd_emails", + "apt::unattended-upgrades", + "kosmos-base::firewall", + "kosmos-postfix::default", + "postfix::default", + "postfix::_common", + "postfix::_attributes", + "postfix::sasl_auth", + "hostname::default" + ], + "platform": "ubuntu", + "platform_version": "20.04", + "cloud": null, + "chef_packages": { + "ohai": { + "version": "15.12.0", + "ohai_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/ohai-15.12.0/lib/ohai" + }, + "chef": { + "version": "15.15.1", + "chef_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.15.1/lib" + } + } + }, + "run_list": [ + "recipe[kosmos-base]" + ] +} \ No newline at end of file From 024b4bf164183fad38b73f4c450fddcf8914b98c Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Tue, 18 Jan 2022 10:33:04 -0600 Subject: [PATCH 16/86] Fix typo --- site-cookbooks/kosmos-ejabberd/recipes/default.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-cookbooks/kosmos-ejabberd/recipes/default.rb b/site-cookbooks/kosmos-ejabberd/recipes/default.rb index 20181b6..5e1cdb5 100644 --- a/site-cookbooks/kosmos-ejabberd/recipes/default.rb +++ b/site-cookbooks/kosmos-ejabberd/recipes/default.rb @@ -66,7 +66,7 @@ ruby_block "configure ERLANG_NODE" do file = Chef::Util::FileEdit.new("/opt/ejabberd/conf/ejabberdctl.cfg") file.search_file_replace_line( %r{#ERLANG_NODE=ejabberd@localhost}, - "ERLAND_NODE=#{node['kosmos-ejabberd']['erlang_node']}" + "ERLANG_NODE=#{node['kosmos-ejabberd']['erlang_node']}" ) file.write_file end From 5b351036ba62d7b1ec9cf9ac19afece991de2f20 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Tue, 18 Jan 2022 11:16:23 -0600 Subject: [PATCH 17/86] Remove superfluous license header --- .../kosmos-ejabberd/recipes/default.rb | 21 ------------------- 1 file changed, 21 deletions(-) diff --git a/site-cookbooks/kosmos-ejabberd/recipes/default.rb b/site-cookbooks/kosmos-ejabberd/recipes/default.rb index 5e1cdb5..0c69d95 100644 --- a/site-cookbooks/kosmos-ejabberd/recipes/default.rb +++ b/site-cookbooks/kosmos-ejabberd/recipes/default.rb @@ -2,27 +2,6 @@ # Cookbook:: kosmos-ejabberd # Recipe:: default # -# The MIT License (MIT) -# -# Copyright:: 2019, Kosmos Developers -# -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to deal -# in the Software without restriction, including without limitation the rights -# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -# copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: -# -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -# THE SOFTWARE. ejabberd_credentials = data_bag_item("credentials", "ejabberd") From 74dd59ad0701f95d0c148bb569cac3aa63fcb422 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Tue, 18 Jan 2022 11:16:44 -0600 Subject: [PATCH 18/86] Write hostname-related configs for new ejabberd cluster --- site-cookbooks/kosmos-ejabberd/metadata.rb | 1 + .../kosmos-ejabberd/recipes/default.rb | 22 ++++++++++++++----- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/site-cookbooks/kosmos-ejabberd/metadata.rb b/site-cookbooks/kosmos-ejabberd/metadata.rb index 0131259..a47ac07 100644 --- a/site-cookbooks/kosmos-ejabberd/metadata.rb +++ b/site-cookbooks/kosmos-ejabberd/metadata.rb @@ -26,3 +26,4 @@ depends "kosmos_postgresql" depends "backup" depends "firewall" depends "tor-full" +depends "hostsfile" diff --git a/site-cookbooks/kosmos-ejabberd/recipes/default.rb b/site-cookbooks/kosmos-ejabberd/recipes/default.rb index 0c69d95..8ef2b26 100644 --- a/site-cookbooks/kosmos-ejabberd/recipes/default.rb +++ b/site-cookbooks/kosmos-ejabberd/recipes/default.rb @@ -29,15 +29,25 @@ file "/opt/ejabberd/.erlang.cookie" do content ejabberd_credentials['erlang_cookie'] end +ejabberd_nodes = search(:node, "role:ejabberd") + +ejabberd_nodes.each do |n| + ip_address = n["knife_zero"]["host"] + IPAddr.new ip_address + hostsfile_entry ip_address do + hostname n["hostname"] + action :create + end +rescue IPAddr::InvalidAddressError + next +end + +ejabberd_hostnames = ejabberd_nodes.map { |n| n["hostname"] } file "/opt/ejabberd/.hosts.erlang" do mode "0644" owner "ejabberd" group "ejabberd" - content <<-EOF -"andromeda.kosmos.org". -"centaurus.kosmos.org". -"draco.kosmos.org". - EOF + content ejabberd_hostnames.map{|h| "#{h}."}.join("\n") end ruby_block "configure ERLANG_NODE" do @@ -45,7 +55,7 @@ ruby_block "configure ERLANG_NODE" do file = Chef::Util::FileEdit.new("/opt/ejabberd/conf/ejabberdctl.cfg") file.search_file_replace_line( %r{#ERLANG_NODE=ejabberd@localhost}, - "ERLANG_NODE=#{node['kosmos-ejabberd']['erlang_node']}" + "ERLANG_NODE=ejabberd@#{node['name']}" ) file.write_file end From 62c95175ccd7828cd24a19685214be549c3c56ef Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Tue, 18 Jan 2022 11:23:57 -0600 Subject: [PATCH 19/86] Only allow ZeroTier connections for ejabberd cluster --- .../kosmos-ejabberd/recipes/firewall.rb | 24 ++----------------- 1 file changed, 2 insertions(+), 22 deletions(-) diff --git a/site-cookbooks/kosmos-ejabberd/recipes/firewall.rb b/site-cookbooks/kosmos-ejabberd/recipes/firewall.rb index 5d2ac3a..968da9b 100644 --- a/site-cookbooks/kosmos-ejabberd/recipes/firewall.rb +++ b/site-cookbooks/kosmos-ejabberd/recipes/firewall.rb @@ -2,28 +2,6 @@ # Cookbook:: kosmos-ejabberd # Recipe:: firewall # -# The MIT License (MIT) -# -# Copyright:: 2020, Kosmos Developers -# -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to deal -# in the Software without restriction, including without limitation the rights -# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -# copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: -# -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -# THE SOFTWARE. - include_recipe "kosmos-base::firewall" firewall_rule "ejabberd" do @@ -34,12 +12,14 @@ end firewall_rule 'ejabberd_cluster' do port [4369] + source "10.1.1.0/24" protocol :tcp command :allow end firewall_rule 'erlang_cluster' do port [4200..4210] + source "10.1.1.0/24" protocol :tcp command :allow end From 58736f05ee6e8503af9658b5d1210aff112779db Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Tue, 18 Jan 2022 11:51:37 -0600 Subject: [PATCH 20/86] Remove node configs for old ejabberd cluster --- clients/ejabberd-1.json | 4 --- clients/ejabberd-2.json | 4 --- nodes/ejabberd-1.json | 67 ----------------------------------------- nodes/ejabberd-2.json | 67 ----------------------------------------- 4 files changed, 142 deletions(-) delete mode 100644 clients/ejabberd-1.json delete mode 100644 clients/ejabberd-2.json delete mode 100644 nodes/ejabberd-1.json delete mode 100644 nodes/ejabberd-2.json diff --git a/clients/ejabberd-1.json b/clients/ejabberd-1.json deleted file mode 100644 index 1d6a89b..0000000 --- a/clients/ejabberd-1.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "name": "ejabberd-1", - "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtoVmQAEmmAWjjzi5X8Ia\n9sl2aH8Lh0AsckM0aE3hvw9lGfbNCPpYWrr0uh7R6/+13Z0OghrT3yDAZ+XfH39Y\nuGomazTzSMMOEofjepo+nXSgq4meFfX5vobYG7rpBdz1EsIT1bElHduItA2zsw9J\nFpXtGd4BjumMq1VykSTA+QaEE8byes/+groQTtXPqXf5gJMxyGlh4SU0MzmkGHaW\n8c9BPCQrV0CMiuGOGJ5mZ28HajbvSg3+bpgwThh3M5uQaQ6on1N2pvJuBypUySS6\nyc4TauocUcUsULYXq9wM8/rqDYsUah0PR0WSiOi90m5thGeBchFAmhdCvrS34FlR\nVQIDAQAB\n-----END PUBLIC KEY-----\n" -} \ No newline at end of file diff --git a/clients/ejabberd-2.json b/clients/ejabberd-2.json deleted file mode 100644 index 1d3e5f3..0000000 --- a/clients/ejabberd-2.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "name": "ejabberd-2", - "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAudueTsPYnRXRu/rmMGZe\nI7LdyrWKdY9FJaRhkXR5J9Yb8QnIcDS7ZXDJsVhyQW8pZ2DuaIs5dmGYvRtmx0ol\nqHTEel01Q3/xI1blJoq4uRm639PB5M9dSJ0w+s6P5zj7rbFKpvMBYxBSK6z+gXIc\n/L1ayJ6JOssX5/tEvcvx/d4GIxof/Q+puACAXawx7W88Wl7yYWdBQ78uTPHzuMyB\n8BRYz24tki/O1fa9JijW32d3EELD0EccI3iJ+/CR4BFEEM2QdDczY/Q6Ny7h7inH\n/TdU246nvtJIx7bAZHmDIDva8YPtL27RIOQ3JqBBe7prQP5Q9MBGPyCXWAglj99a\n6QIDAQAB\n-----END PUBLIC KEY-----\n" -} \ No newline at end of file diff --git a/nodes/ejabberd-1.json b/nodes/ejabberd-1.json deleted file mode 100644 index ade9b42..0000000 --- a/nodes/ejabberd-1.json +++ /dev/null @@ -1,67 +0,0 @@ -{ - "name": "ejabberd-1", - "normal": { - "knife_zero": { - "host": "10.1.1.166" - }, - "kosmos-ejabberd": { - "erlang_node": "ejabberd@draco.kosmos.org" - } - }, - "automatic": { - "fqdn": "ejabberd-1", - "os": "linux", - "os_version": "5.4.0-54-generic", - "hostname": "ejabberd-1", - "ipaddress": "192.168.122.62", - "roles": [ - "ejabberd", - "postgresql_client" - ], - "recipes": [ - "kosmos-base", - "kosmos-base::default", - "kosmos-postgresql::hostsfile", - "kosmos-ejabberd", - "kosmos-ejabberd::default", - "kosmos-ejabberd::letsencrypt", - "kosmos-ejabberd::backup", - "apt::default", - "timezone_iii::default", - "timezone_iii::debian", - "ntp::default", - "ntp::apparmor", - "kosmos-base::systemd_emails", - "apt::unattended-upgrades", - "kosmos-base::firewall", - "kosmos-postfix::default", - "postfix::default", - "postfix::_common", - "postfix::_attributes", - "postfix::sasl_auth", - "hostname::default", - "kosmos-ejabberd::firewall", - "tor-full::default", - "kosmos-base::letsencrypt", - "backup::default", - "logrotate::default" - ], - "platform": "ubuntu", - "platform_version": "20.04", - "cloud": null, - "chef_packages": { - "chef": { - "version": "15.14.0", - "chef_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.14.0/lib" - }, - "ohai": { - "version": "15.12.0", - "ohai_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/ohai-15.12.0/lib/ohai" - } - } - }, - "run_list": [ - "recipe[kosmos-base]", - "role[ejabberd]" - ] -} diff --git a/nodes/ejabberd-2.json b/nodes/ejabberd-2.json deleted file mode 100644 index cbb250b..0000000 --- a/nodes/ejabberd-2.json +++ /dev/null @@ -1,67 +0,0 @@ -{ - "name": "ejabberd-2", - "normal": { - "knife_zero": { - "host": "10.1.1.44" - }, - "kosmos-ejabberd": { - "erlang_node": "ejabberd@centaurus.kosmos.org" - } - }, - "automatic": { - "fqdn": "ejabberd-2", - "os": "linux", - "os_version": "5.4.0-54-generic", - "hostname": "ejabberd-2", - "ipaddress": "192.168.122.5", - "roles": [ - "ejabberd", - "postgresql_client" - ], - "recipes": [ - "kosmos-base", - "kosmos-base::default", - "kosmos-postgresql::hostsfile", - "kosmos-ejabberd", - "kosmos-ejabberd::default", - "kosmos-ejabberd::letsencrypt", - "kosmos-ejabberd::backup", - "apt::default", - "timezone_iii::default", - "timezone_iii::debian", - "ntp::default", - "ntp::apparmor", - "kosmos-base::systemd_emails", - "apt::unattended-upgrades", - "kosmos-base::firewall", - "kosmos-postfix::default", - "postfix::default", - "postfix::_common", - "postfix::_attributes", - "postfix::sasl_auth", - "hostname::default", - "kosmos-ejabberd::firewall", - "tor-full::default", - "kosmos-base::letsencrypt", - "backup::default", - "logrotate::default" - ], - "platform": "ubuntu", - "platform_version": "20.04", - "cloud": null, - "chef_packages": { - "chef": { - "version": "15.14.0", - "chef_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.14.0/lib" - }, - "ohai": { - "version": "15.12.0", - "ohai_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/ohai-15.12.0/lib/ohai" - } - } - }, - "run_list": [ - "recipe[kosmos-base]", - "role[ejabberd]" - ] -} From 6c8a98c52412b102210dc2aac0543e725aa6d625 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Tue, 18 Jan 2022 12:28:56 -0600 Subject: [PATCH 21/86] Run Chef with ejabberd role against new cluster nodes --- nodes/ejabberd-3.json | 33 +++++++++++++++++++++++---------- nodes/ejabberd-4.json | 33 +++++++++++++++++++++++---------- 2 files changed, 46 insertions(+), 20 deletions(-) diff --git a/nodes/ejabberd-3.json b/nodes/ejabberd-3.json index 9644195..8733ff7 100644 --- a/nodes/ejabberd-3.json +++ b/nodes/ejabberd-3.json @@ -8,15 +8,21 @@ "automatic": { "fqdn": "ejabberd-3", "os": "linux", - "os_version": "5.4.0-1026-kvm", + "os_version": "5.4.0-1051-kvm", "hostname": "ejabberd-3", "ipaddress": "192.168.122.93", "roles": [ - + "ejabberd", + "postgresql_client" ], "recipes": [ "kosmos-base", "kosmos-base::default", + "kosmos_postgresql::hostsfile", + "kosmos-ejabberd", + "kosmos-ejabberd::default", + "kosmos-ejabberd::letsencrypt", + "kosmos-ejabberd::backup", "apt::default", "timezone_iii::default", "timezone_iii::debian", @@ -30,23 +36,30 @@ "postfix::_common", "postfix::_attributes", "postfix::sasl_auth", - "hostname::default" + "hostname::default", + "kosmos-ejabberd::firewall", + "tor-full::default", + "kosmos-base::letsencrypt", + "backup::default", + "logrotate::default" ], "platform": "ubuntu", "platform_version": "20.04", "cloud": null, "chef_packages": { - "ohai": { - "version": "15.12.0", - "ohai_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/ohai-15.12.0/lib/ohai" - }, "chef": { - "version": "15.15.1", - "chef_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.15.1/lib" + "version": "17.9.26", + "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.9.26/lib", + "chef_effortless": null + }, + "ohai": { + "version": "17.9.1", + "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.9.1/lib/ohai" } } }, "run_list": [ - "recipe[kosmos-base]" + "recipe[kosmos-base]", + "role[ejabberd]" ] } \ No newline at end of file diff --git a/nodes/ejabberd-4.json b/nodes/ejabberd-4.json index a0e516e..2fbc4d9 100644 --- a/nodes/ejabberd-4.json +++ b/nodes/ejabberd-4.json @@ -8,15 +8,21 @@ "automatic": { "fqdn": "ejabberd-4", "os": "linux", - "os_version": "5.4.0-1026-kvm", + "os_version": "5.4.0-1051-kvm", "hostname": "ejabberd-4", "ipaddress": "192.168.122.39", "roles": [ - + "ejabberd", + "postgresql_client" ], "recipes": [ "kosmos-base", "kosmos-base::default", + "kosmos_postgresql::hostsfile", + "kosmos-ejabberd", + "kosmos-ejabberd::default", + "kosmos-ejabberd::letsencrypt", + "kosmos-ejabberd::backup", "apt::default", "timezone_iii::default", "timezone_iii::debian", @@ -30,23 +36,30 @@ "postfix::_common", "postfix::_attributes", "postfix::sasl_auth", - "hostname::default" + "hostname::default", + "kosmos-ejabberd::firewall", + "tor-full::default", + "kosmos-base::letsencrypt", + "backup::default", + "logrotate::default" ], "platform": "ubuntu", "platform_version": "20.04", "cloud": null, "chef_packages": { - "ohai": { - "version": "15.12.0", - "ohai_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/ohai-15.12.0/lib/ohai" - }, "chef": { - "version": "15.15.1", - "chef_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.15.1/lib" + "version": "17.9.26", + "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.9.26/lib", + "chef_effortless": null + }, + "ohai": { + "version": "17.9.1", + "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.9.1/lib/ohai" } } }, "run_list": [ - "recipe[kosmos-base]" + "recipe[kosmos-base]", + "role[ejabberd]" ] } \ No newline at end of file From 622fabe1512290d6cd0286cb5c033a7c724fbc30 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Wed, 19 Jan 2022 14:38:53 -0600 Subject: [PATCH 22/86] Use private IP for ejabberd TURN --- site-cookbooks/kosmos-ejabberd/recipes/default.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/site-cookbooks/kosmos-ejabberd/recipes/default.rb b/site-cookbooks/kosmos-ejabberd/recipes/default.rb index 8ef2b26..e94674e 100644 --- a/site-cookbooks/kosmos-ejabberd/recipes/default.rb +++ b/site-cookbooks/kosmos-ejabberd/recipes/default.rb @@ -148,8 +148,8 @@ hosts.each do |host| end akkounts_ip_addresses = [] -search(:node, "role:akkounts").each do |node| - akkounts_ip_addresses << node["knife_zero"]["host"] +search(:node, "role:akkounts").each do |n| + akkounts_ip_addresses << n["knife_zero"]["host"] end template "/opt/ejabberd/conf/ejabberd.yml" do @@ -159,7 +159,7 @@ template "/opt/ejabberd/conf/ejabberd.yml" do variables hosts: hosts, admin_users: admin_users, stun_auth_realm: "kosmos.org", - turn_ip_address: node['ipaddress'], + turn_ip_address: node["knife_zero"]["host"], turn_min_port: node["kosmos-ejabberd"]["turn_min_port"], turn_max_port: node["kosmos-ejabberd"]["turn_max_port"], akkounts_ip_addresses: akkounts_ip_addresses From 05dbf5211f6e8f397843c14597e410d5e4da0898 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Sun, 23 Jan 2022 12:15:04 -0600 Subject: [PATCH 23/86] Remove old ejabberd node --- clients/ejabberd-3.json | 4 --- nodes/ejabberd-3.json | 65 ----------------------------------------- 2 files changed, 69 deletions(-) delete mode 100644 clients/ejabberd-3.json delete mode 100644 nodes/ejabberd-3.json diff --git a/clients/ejabberd-3.json b/clients/ejabberd-3.json deleted file mode 100644 index 061b8d6..0000000 --- a/clients/ejabberd-3.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "name": "ejabberd-3", - "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA14PSaCOKMDIIBbSZcmRw\nvVx95IYJ7kZGUwo8xsVJyf4o1+oKKGfvsjVBacP4DxMJ/+g58Sc/j9risD2d5Ke9\nJ93BIaspPB3bQf+w84AVDJIqvRAhbmcYEqCq1vnddXiSw5ZWplTX4dAVV8P2c++i\nb0Ork2cj1x1r/FdAgHnhuSh4HMtWyo6Zo7Uh63kX9Ag4CTAV+OPF5ZSxyQTVdL2E\n/5gomouxgxME6bnE6PmS1Abls10UARe7btT5eykW/weEIe/mJ4MLEGyqWe5bmZt2\nF4aaYdCsCNA3f6hehcCegeMkPxuG/2oSyk2TKT2c3UuAELA15rGM353Dr1hxbZoe\nRQIDAQAB\n-----END PUBLIC KEY-----\n" -} \ No newline at end of file diff --git a/nodes/ejabberd-3.json b/nodes/ejabberd-3.json deleted file mode 100644 index 8733ff7..0000000 --- a/nodes/ejabberd-3.json +++ /dev/null @@ -1,65 +0,0 @@ -{ - "name": "ejabberd-3", - "normal": { - "knife_zero": { - "host": "10.1.1.212" - } - }, - "automatic": { - "fqdn": "ejabberd-3", - "os": "linux", - "os_version": "5.4.0-1051-kvm", - "hostname": "ejabberd-3", - "ipaddress": "192.168.122.93", - "roles": [ - "ejabberd", - "postgresql_client" - ], - "recipes": [ - "kosmos-base", - "kosmos-base::default", - "kosmos_postgresql::hostsfile", - "kosmos-ejabberd", - "kosmos-ejabberd::default", - "kosmos-ejabberd::letsencrypt", - "kosmos-ejabberd::backup", - "apt::default", - "timezone_iii::default", - "timezone_iii::debian", - "ntp::default", - "ntp::apparmor", - "kosmos-base::systemd_emails", - "apt::unattended-upgrades", - "kosmos-base::firewall", - "kosmos-postfix::default", - "postfix::default", - "postfix::_common", - "postfix::_attributes", - "postfix::sasl_auth", - "hostname::default", - "kosmos-ejabberd::firewall", - "tor-full::default", - "kosmos-base::letsencrypt", - "backup::default", - "logrotate::default" - ], - "platform": "ubuntu", - "platform_version": "20.04", - "cloud": null, - "chef_packages": { - "chef": { - "version": "17.9.26", - "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.9.26/lib", - "chef_effortless": null - }, - "ohai": { - "version": "17.9.1", - "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.9.1/lib/ohai" - } - } - }, - "run_list": [ - "recipe[kosmos-base]", - "role[ejabberd]" - ] -} \ No newline at end of file From 8509e0af58177b2f990cc8701c0aec109df3c3c2 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Sun, 23 Jan 2022 12:15:14 -0600 Subject: [PATCH 24/86] Add new ejabberd node --- clients/ejabberd-6.json | 4 +++ nodes/ejabberd-6.json | 65 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 69 insertions(+) create mode 100644 clients/ejabberd-6.json create mode 100644 nodes/ejabberd-6.json diff --git a/clients/ejabberd-6.json b/clients/ejabberd-6.json new file mode 100644 index 0000000..9b170e1 --- /dev/null +++ b/clients/ejabberd-6.json @@ -0,0 +1,4 @@ +{ + "name": "ejabberd-6", + "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqvGOanDqJOhf0xl/TYcs\nqYhhGz4ptFzxmfxiCMWbnbDcICBLHni28dJHhP2ggfUKOGcp+OIqiy783eRUrPsf\nnH9VmvTnz4NdXIB5J45FgBtfYiF9ZseaPL+ufTSCbZj7Ih3lzTAbO5Ug+UOj852B\nnnqH2Ht2jXMp2v3NW4gAG9QyRpr6P5cyVWBrMFExjuhNWg119tJv+33oGnflrNRi\njV3yGbRFRpqAomAVCr6DAA9SX/R8J3yKTky6MdRGrXKH/7eXH0ehDi33Y9Pyy9Ci\nkQX/JRHffuJeBF3Tndiojqdx81C6oIh2s/H3JMew/DdRxjzlPP4nemYWXv1/YVcS\nCwIDAQAB\n-----END PUBLIC KEY-----\n" +} \ No newline at end of file diff --git a/nodes/ejabberd-6.json b/nodes/ejabberd-6.json new file mode 100644 index 0000000..5e61d4a --- /dev/null +++ b/nodes/ejabberd-6.json @@ -0,0 +1,65 @@ +{ + "name": "ejabberd-6", + "normal": { + "knife_zero": { + "host": "10.1.1.145" + } + }, + "automatic": { + "fqdn": "ejabberd-6", + "os": "linux", + "os_version": "5.4.0-1049-kvm", + "hostname": "ejabberd-6", + "ipaddress": "192.168.122.248", + "roles": [ + "ejabberd", + "postgresql_client" + ], + "recipes": [ + "kosmos-base", + "kosmos-base::default", + "kosmos_postgresql::hostsfile", + "kosmos-ejabberd", + "kosmos-ejabberd::default", + "kosmos-ejabberd::letsencrypt", + "kosmos-ejabberd::backup", + "apt::default", + "timezone_iii::default", + "timezone_iii::debian", + "ntp::default", + "ntp::apparmor", + "kosmos-base::systemd_emails", + "apt::unattended-upgrades", + "kosmos-base::firewall", + "kosmos-postfix::default", + "postfix::default", + "postfix::_common", + "postfix::_attributes", + "postfix::sasl_auth", + "hostname::default", + "kosmos-ejabberd::firewall", + "tor-full::default", + "kosmos-base::letsencrypt", + "backup::default", + "logrotate::default" + ], + "platform": "ubuntu", + "platform_version": "20.04", + "cloud": null, + "chef_packages": { + "chef": { + "version": "17.9.26", + "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.9.26/lib", + "chef_effortless": null + }, + "ohai": { + "version": "17.9.1", + "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.9.1/lib/ohai" + } + } + }, + "run_list": [ + "recipe[kosmos-base]", + "role[ejabberd]" + ] +} \ No newline at end of file From 13ae9136682983fe286f5373a9e54e84623a2032 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Fri, 28 Jan 2022 17:31:14 -0600 Subject: [PATCH 25/86] Upgrade nbxplorer Needed a newer version of the .NET SDK as well. --- site-cookbooks/kosmos-bitcoin/attributes/default.rb | 2 +- site-cookbooks/kosmos-bitcoin/recipes/dotnet.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/site-cookbooks/kosmos-bitcoin/attributes/default.rb b/site-cookbooks/kosmos-bitcoin/attributes/default.rb index ab4dceb..5998b20 100644 --- a/site-cookbooks/kosmos-bitcoin/attributes/default.rb +++ b/site-cookbooks/kosmos-bitcoin/attributes/default.rb @@ -66,7 +66,7 @@ node.default['dotnet']['ms_packages_src_url'] = "https://packages.microsoft.com/ node.default['dotnet']['ms_packages_src_checksum'] = "4df5811c41fdded83eb9e2da9336a8dfa5594a79dc8a80133bd815f4f85b9991" node.default['nbxplorer']['repo'] = 'https://github.com/dgarage/NBXplorer' -node.default['nbxplorer']['revision'] = 'v2.2.18' +node.default['nbxplorer']['revision'] = 'v2.2.20' node.default['nbxplorer']['source_dir'] = '/opt/nbxplorer' node.default['nbxplorer']['config_path'] = "/home/#{node['bitcoin']['username']}/.nbxplorer/Main/settings.config" node.default['nbxplorer']['port'] = '24445' diff --git a/site-cookbooks/kosmos-bitcoin/recipes/dotnet.rb b/site-cookbooks/kosmos-bitcoin/recipes/dotnet.rb index 4af8314..462f6b9 100644 --- a/site-cookbooks/kosmos-bitcoin/recipes/dotnet.rb +++ b/site-cookbooks/kosmos-bitcoin/recipes/dotnet.rb @@ -30,4 +30,4 @@ execute 'apt_update' do action :nothing end -apt_package 'dotnet-sdk-3.1' +apt_package 'dotnet-sdk-6.0' From d9bb257f993ecf0f0df23cdc1baa30c5c5b872c7 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Fri, 28 Jan 2022 17:32:19 -0600 Subject: [PATCH 26/86] Move golang installation to own recipe Needed by more than one in the bitcoin cookbook now. --- site-cookbooks/kosmos-bitcoin/recipes/golang.rb | 13 +++++++++++++ site-cookbooks/kosmos-bitcoin/recipes/lnd.rb | 4 +--- 2 files changed, 14 insertions(+), 3 deletions(-) create mode 100644 site-cookbooks/kosmos-bitcoin/recipes/golang.rb diff --git a/site-cookbooks/kosmos-bitcoin/recipes/golang.rb b/site-cookbooks/kosmos-bitcoin/recipes/golang.rb new file mode 100644 index 0000000..b6ff84b --- /dev/null +++ b/site-cookbooks/kosmos-bitcoin/recipes/golang.rb @@ -0,0 +1,13 @@ +# +# Cookbook:: kosmos-bitcoin +# Recipe:: boltz +# +# Internal recipe for managing the Go installation in one place +# + +node.override['golang']['version'] = "1.17.4" +include_recipe "golang" + +link '/usr/local/bin/go' do + to '/usr/local/go/bin/go' +end diff --git a/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb b/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb index 8db4249..fd6549d 100644 --- a/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb +++ b/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb @@ -4,9 +4,7 @@ # include_recipe "git" - -node.override['golang']['version'] = "1.17.4" -include_recipe "golang" +include_recipe "kosmos-bitcoin::golang" git node['lnd']['source_dir'] do repository node['lnd']['repo'] From 87334de83a8a02e08d053852a58e0168bb1a271b Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Fri, 28 Jan 2022 17:33:10 -0600 Subject: [PATCH 27/86] Configure/install boltzd --- .../kosmos-bitcoin/attributes/default.rb | 11 +++ .../kosmos-bitcoin/recipes/boltz.rb | 87 +++++++++++++++++++ site-cookbooks/kosmos-bitcoin/recipes/lnd.rb | 2 +- .../kosmos-bitcoin/templates/boltz.toml.erb | 32 +++++++ 4 files changed, 131 insertions(+), 1 deletion(-) create mode 100644 site-cookbooks/kosmos-bitcoin/recipes/boltz.rb create mode 100644 site-cookbooks/kosmos-bitcoin/templates/boltz.toml.erb diff --git a/site-cookbooks/kosmos-bitcoin/attributes/default.rb b/site-cookbooks/kosmos-bitcoin/attributes/default.rb index 5998b20..3f90c20 100644 --- a/site-cookbooks/kosmos-bitcoin/attributes/default.rb +++ b/site-cookbooks/kosmos-bitcoin/attributes/default.rb @@ -52,6 +52,17 @@ node.default['lnd']['basefee'] = '1000' node.default['lnd']['feerate'] = '50' node.default['lnd']['auto_unlock'] = true # requires credentials/lnd data bag item +node.default['boltz']['repo'] = 'https://github.com/BoltzExchange/boltz-lnd.git' +node.default['boltz']['revision'] = 'v1.2.6' +node.default['boltz']['source_dir'] = '/opt/boltz' +node.default['boltz']['boltz_dir'] = "/home/#{node['bitcoin']['username']}/.boltz-lnd" +node.default['boltz']['grpc_host'] = '127.0.0.1' +node.default['boltz']['grpc_port'] = '9002' +node.default['boltz']['rest_disabled'] = 'false' +node.default['boltz']['rest_host'] = '127.0.0.1' +node.default['boltz']['rest_port'] = '9003' +node.default['boltz']['no_macaroons'] = 'false' + node.default['rtl']['repo'] = 'https://github.com/Ride-The-Lightning/RTL.git' node.default['rtl']['revision'] = 'v0.11.0' node.default['rtl']['host'] = '10.1.1.163' diff --git a/site-cookbooks/kosmos-bitcoin/recipes/boltz.rb b/site-cookbooks/kosmos-bitcoin/recipes/boltz.rb new file mode 100644 index 0000000..e090703 --- /dev/null +++ b/site-cookbooks/kosmos-bitcoin/recipes/boltz.rb @@ -0,0 +1,87 @@ +# +# Cookbook:: kosmos-bitcoin +# Recipe:: boltz +# + +include_recipe "git" +include_recipe "kosmos-bitcoin::golang" + +git node['boltz']['source_dir'] do + repository node['boltz']['repo'] + revision node['boltz']['revision'] + action :sync + notifies :run, 'bash[compile_and_install_boltz]', :immediately +end + +bash "compile_and_install_boltz" do + cwd node['boltz']['source_dir'] + code <<-EOH +go mod vendor && \ +make build && \ +make install + EOH + action :nothing + notifies :restart, "systemd_unit[boltzd.service]", :delayed +end + +bitcoin_user = node['bitcoin']['username'] +bitcoin_group = node['bitcoin']['usergroup'] +boltz_dir = node['boltz']['boltz_dir'] +lnd_dir = node['lnd']['lnd_dir'] + +directory boltz_dir do + owner bitcoin_user + group bitcoin_group + mode '0750' + action :create +end + +template "#{boltz_dir}/boltz.toml" do + source "boltz.toml.erb" + owner bitcoin_user + group bitcoin_group + mode '0640' + variables lnd_grpc_host: '127.0.0.1', + lnd_grpc_port: '10009', + lnd_macaroon_path: "#{lnd_dir}/data/chain/bitcoin/mainnet/admin.macaroon", + lnd_tlscert_path: "#{lnd_dir}/tls.cert", + boltz_config: node['boltz'] + notifies :restart, "systemd_unit[boltzd.service]", :delayed +end + +systemd_unit 'boltzd.service' do + content({ + Unit: { + Description: 'Boltz Daemon', + Documentation: ['https://lnd.docs.boltz.exchange'], + Requires: 'lnd.service', + After: 'lnd.service' + }, + Service: { + User: bitcoin_user, + Group: bitcoin_group, + Type: 'simple', + ExecStart: "/opt/boltz/boltzd", + Restart: 'always', + RestartSec: '30', + TimeoutSec: '240', + LimitNOFILE: '128000', + PrivateTmp: true, + ProtectSystem: 'full', + NoNewPrivileges: true, + PrivateDevices: true, + MemoryDenyWriteExecute: true + }, + Install: { + WantedBy: 'multi-user.target' + } + }) + verify false + triggers_reload true + action [:create, :enable, :start] +end + +unless node.chef_environment == 'development' + node.override['backup']['archives']['boltz'] = [node['boltz']['boltz_dir']] + include_recipe 'backup' +end diff --git a/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb b/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb index fd6549d..b3776bc 100644 --- a/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb +++ b/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb @@ -17,7 +17,7 @@ bash "compile_lnd" do cwd node['lnd']['source_dir'] code <<-EOH source /etc/profile.d/golang.sh - make clean && make && make install tags="signrpc walletrpc chainrpc invoicesrpc" + make clean && make && make install tags="signrpc walletrpc chainrpc invoicesrpc routerrpc" EOH action :nothing notifies :restart, "systemd_unit[lnd.service]", :delayed diff --git a/site-cookbooks/kosmos-bitcoin/templates/boltz.toml.erb b/site-cookbooks/kosmos-bitcoin/templates/boltz.toml.erb new file mode 100644 index 0000000..33a8fa7 --- /dev/null +++ b/site-cookbooks/kosmos-bitcoin/templates/boltz.toml.erb @@ -0,0 +1,32 @@ +[LND] +# Host of the gRPC interface of LND +host = "<%= @lnd_grpc_host %>" + +# Port of the gRPC interface of LND +port = <%= @lnd_grpc_port %> + +# Path to a macaroon file of LND +# The daemon needs to have permission to read various endpoints, generate addresses and pay invoices +macaroon = "<%= @lnd_macaroon_path %>" + +# Path to the TLS certificate of LND +certificate = "<%= @lnd_tlscert_path %>" + +[RPC] +# Host of the gRPC interface +host = "<%= @boltz_config['grpc_host'] %>" + +# Port of the gRPC interface +port = <%= @boltz_config['grpc_port'] %> + +# Whether the REST proxy for the gRPC interface should be disabled +restDisabled = <%= @boltz_config['rest_disabled'] %> + +# Host of the REST proxy +restHost = "<%= @boltz_config['rest_host'] %>" + +# Port of the REST proxy +restPort = <%= @boltz_config['rest_port'] %> + +# Whether the macaroon authentication for the gRPC and REST interface should be disabled +noMacaroons = <%= @boltz_config['no_macaroons'] %> From 90bd2dadb2dd8f735bd26b169fc7b73a8af10352 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Fri, 28 Jan 2022 17:33:22 -0600 Subject: [PATCH 28/86] Configure boltzd access for RTL --- site-cookbooks/kosmos-bitcoin/recipes/rtl.rb | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/site-cookbooks/kosmos-bitcoin/recipes/rtl.rb b/site-cookbooks/kosmos-bitcoin/recipes/rtl.rb index 31b619e..1a170a6 100644 --- a/site-cookbooks/kosmos-bitcoin/recipes/rtl.rb +++ b/site-cookbooks/kosmos-bitcoin/recipes/rtl.rb @@ -43,7 +43,13 @@ rtl_config = { } ], multiPassHashed: credentials["multiPassHashed"] -}.to_json +} + +if node['boltz'] + # TODO adapt for multi-node usage + rtl_config[:nodes][0][:Authentication][:boltzMacaroonPath] = "#{node['boltz']['boltz_dir']}/macaroons" + rtl_config[:nodes][0][:Settings][:boltzServerUrl] = "https://#{node['boltz']['rest_host']}:#{node['boltz']['rest_port']}" +end application rtl_dir do owner bitcoin_user @@ -65,7 +71,7 @@ application rtl_dir do owner bitcoin_user group bitcoin_group mode '0640' - content rtl_config + content rtl_config.to_json notifies :restart, "systemd_unit[rtl.service]", :delayed end From 471c23eb5be3531c304ab789260fea74346cb24e Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Fri, 28 Jan 2022 17:33:34 -0600 Subject: [PATCH 29/86] Update node config/state --- nodes/bitcoin-2.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nodes/bitcoin-2.json b/nodes/bitcoin-2.json index 5340527..3b80c1e 100644 --- a/nodes/bitcoin-2.json +++ b/nodes/bitcoin-2.json @@ -24,6 +24,7 @@ "kosmos-bitcoin::c-lightning", "kosmos-bitcoin::lnd", "kosmos-bitcoin::lnd-scb-s3", + "kosmos-bitcoin::boltz", "kosmos-bitcoin::rtl", "kosmos-bitcoin::lndhub", "kosmos_postgresql::hostsfile", @@ -48,6 +49,7 @@ "kosmos-bitcoin::firewall", "git::default", "git::package", + "kosmos-bitcoin::golang", "golang::default", "backup::default", "logrotate::default", @@ -97,6 +99,7 @@ "recipe[kosmos-bitcoin::c-lightning]", "recipe[kosmos-bitcoin::lnd]", "recipe[kosmos-bitcoin::lnd-scb-s3]", + "recipe[kosmos-bitcoin::boltz]", "recipe[kosmos-bitcoin::rtl]", "recipe[kosmos-bitcoin::lndhub]", "role[btcpay]" From 4462975e513ddfcda0fb8176e9b93ffa25869094 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Tue, 1 Feb 2022 12:47:37 -0600 Subject: [PATCH 30/86] Upgrade Gitea to 1.15.11 --- nodes/centaurus.kosmos.org.json | 2 +- site-cookbooks/kosmos_gitea/attributes/default.rb | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/nodes/centaurus.kosmos.org.json b/nodes/centaurus.kosmos.org.json index 325d48f..0cd9ebe 100644 --- a/nodes/centaurus.kosmos.org.json +++ b/nodes/centaurus.kosmos.org.json @@ -22,7 +22,7 @@ "kosmos-base::default", "kosmos_encfs", "kosmos_encfs::default", - "kosmos-postgresql::hostsfile", + "kosmos_postgresql::hostsfile", "kosmos_gitea", "kosmos_gitea::default", "kosmos_gitea::backup", diff --git a/site-cookbooks/kosmos_gitea/attributes/default.rb b/site-cookbooks/kosmos_gitea/attributes/default.rb index a2d7925..03c602b 100644 --- a/site-cookbooks/kosmos_gitea/attributes/default.rb +++ b/site-cookbooks/kosmos_gitea/attributes/default.rb @@ -1,6 +1,6 @@ -gitea_version = "1.15.6" +gitea_version = "1.15.11" node.default["kosmos_gitea"]["version"] = gitea_version node.default["kosmos_gitea"]["binary_url"] = "https://dl.gitea.io/gitea/#{gitea_version}/gitea-#{gitea_version}-linux-amd64" -node.default["kosmos_gitea"]["binary_checksum"] = "1b7473b5993e07b33fec58edbc1a90f15f040759ca4647e97317c33d5dfe58be" +node.default["kosmos_gitea"]["binary_checksum"] = "e2f62b67c311116fbf8e52b4c162dbd7684ce9c7f0370642c1d402fece43aa8f" node.default["kosmos_gitea"]["nginx"]["domain"] = "gitea.kosmos.org" node.default["kosmos_gitea"]["working_directory"] = "/var/lib/gitea" From dace2ddf79676d118bcca2495cfdc55255e88510 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Wed, 2 Feb 2022 17:31:13 -0600 Subject: [PATCH 31/86] Upgrade knife-zero for Ruby 3.0 Was failing with latest Chef DK. --- Gemfile | 2 +- Gemfile.lock | 118 ++++++++++++++++++++++++++++++++++++++------------- 2 files changed, 89 insertions(+), 31 deletions(-) diff --git a/Gemfile b/Gemfile index 6aafbc2..57224d2 100644 --- a/Gemfile +++ b/Gemfile @@ -1,3 +1,3 @@ source 'https://rubygems.org' -gem 'knife-zero' +gem 'knife-zero', '>= 2.4.2' diff --git a/Gemfile.lock b/Gemfile.lock index 73984d3..e998643 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,15 +1,38 @@ GEM remote: https://rubygems.org/ specs: - addressable (2.7.0) + addressable (2.8.0) public_suffix (>= 2.0.2, < 5.0) + aws-eventstream (1.2.0) + aws-partitions (1.551.0) + aws-sdk-core (3.125.6) + aws-eventstream (~> 1, >= 1.0.2) + aws-partitions (~> 1, >= 1.525.0) + aws-sigv4 (~> 1.1) + jmespath (~> 1.0) + aws-sdk-kms (1.53.0) + aws-sdk-core (~> 3, >= 3.125.0) + aws-sigv4 (~> 1.1) + aws-sdk-s3 (1.111.3) + aws-sdk-core (~> 3, >= 3.125.0) + aws-sdk-kms (~> 1) + aws-sigv4 (~> 1.4) + aws-sdk-secretsmanager (1.56.0) + aws-sdk-core (~> 3, >= 3.125.0) + aws-sigv4 (~> 1.1) + aws-sigv4 (1.4.0) + aws-eventstream (~> 1, >= 1.0.2) + bcrypt_pbkdf (1.1.0) builder (3.2.4) - chef (17.2.29) + chef (17.9.42) addressable - chef-config (= 17.2.29) - chef-utils (= 17.2.29) + aws-sdk-s3 (~> 1.91) + aws-sdk-secretsmanager (~> 1.46) + chef-config (= 17.9.42) + chef-utils (= 17.9.42) chef-vault chef-zero (>= 14.0.11) + corefoundation (~> 0.3.4) diff-lcs (>= 1.2.4, < 1.4.0) erubis (~> 2.7) ffi (>= 1.5.0) @@ -31,20 +54,21 @@ GEM train-core (~> 3.2, >= 3.2.28) train-winrm (>= 0.2.5) uuidtools (>= 2.1.5, < 3.0) - chef-config (17.2.29) + vault (~> 0.16) + chef-config (17.9.42) addressable - chef-utils (= 17.2.29) + chef-utils (= 17.9.42) fuzzyurl mixlib-config (>= 2.2.12, < 4.0) mixlib-shellout (>= 2.0, < 4.0) tomlrb (~> 1.2) - chef-telemetry (1.0.29) + chef-telemetry (1.1.1) chef-config concurrent-ruby (~> 1.0) - chef-utils (17.2.29) + chef-utils (17.9.42) concurrent-ruby - chef-vault (4.1.0) - chef-zero (15.0.4) + chef-vault (4.1.5) + chef-zero (15.0.11) ffi-yajl (~> 2.2) hashie (>= 2.0, < 5.0) mixlib-log (>= 2.0, < 4.0) @@ -53,10 +77,12 @@ GEM webrick coderay (1.1.3) concurrent-ruby (1.1.9) + corefoundation (0.3.10) + ffi (>= 1.15.0) diff-lcs (1.3) erubi (1.10.0) erubis (2.7.0) - faraday (1.4.2) + faraday (1.4.3) faraday-em_http (~> 1.0) faraday-em_synchrony (~> 1.0) faraday-excon (~> 1.1) @@ -68,11 +94,11 @@ GEM faraday-em_synchrony (1.0.0) faraday-excon (1.1.0) faraday-net_http (1.0.1) - faraday-net_http_persistent (1.1.0) - faraday_middleware (1.0.0) + faraday-net_http_persistent (1.2.0) + faraday_middleware (1.2.0) faraday (~> 1.0) - ffi (1.15.1) - ffi-libarchive (1.0.17) + ffi (1.15.5) + ffi-libarchive (1.1.3) ffi (~> 1.0) ffi-yajl (2.4.0) libyajl2 (>= 1.2) @@ -82,9 +108,10 @@ GEM gyoku (1.3.1) builder (>= 2.1.2) hashie (4.1.0) + highline (2.0.3) httpclient (2.8.3) iniparse (1.5.0) - inspec-core (4.37.25) + inspec-core (4.52.9) addressable (~> 2.4) chef-telemetry (~> 1.0, >= 1.0.8) faraday (>= 0.9.0, < 1.5) @@ -108,9 +135,33 @@ GEM tty-prompt (~> 0.17) tty-table (~> 0.10) ipaddress (0.8.3) - json (2.5.1) - knife-zero (2.3.2) + jmespath (1.5.0) + json (2.6.1) + knife (17.9.26) + bcrypt_pbkdf (~> 1.1) + chef (>= 17) + chef-config (>= 17) + chef-utils (>= 17) + chef-vault + erubis (~> 2.7) + ffi (>= 1.15) + ffi-yajl (~> 2.2) + highline (>= 1.6.9, < 3) + license-acceptance (>= 1.0.5, < 3) + mixlib-archive (>= 0.4, < 2.0) + mixlib-cli (>= 2.1.1, < 3.0) + net-ssh (>= 5.1, < 7) + net-ssh-multi (~> 1.2, >= 1.2.1) + ohai (~> 17.0) + pastel + train-core (~> 3.2, >= 3.2.28) + train-winrm (>= 0.2.5) + tty-prompt (~> 0.21) + tty-screen (~> 0.6) + tty-table (~> 0.11) + knife-zero (2.4.2) chef (>= 15.0) + knife (>= 17.0) libyajl2 (2.1.0) license-acceptance (2.1.13) pastel (~> 0.7) @@ -138,8 +189,13 @@ GEM net-sftp (3.0.0) net-ssh (>= 5.0.0, < 7.0.0) net-ssh (6.1.0) + net-ssh-gateway (2.0.0) + net-ssh (>= 4.0.0) + net-ssh-multi (1.2.1) + net-ssh (>= 2.6.5) + net-ssh-gateway (>= 1.2.0) nori (2.6.0) - ohai (17.1.0) + ohai (17.9.0) chef-config (>= 14.12, < 18) chef-utils (>= 16.0, < 18) ffi (~> 1.9) @@ -152,7 +208,7 @@ GEM plist (~> 3.1) train-core wmi-lite (~> 1.0) - parallel (1.20.1) + parallel (1.21.0) parslet (1.8.2) pastel (0.8.0) tty-color (~> 0.5) @@ -167,21 +223,21 @@ GEM rspec-core (~> 3.10.0) rspec-expectations (~> 3.10.0) rspec-mocks (~> 3.10.0) - rspec-core (3.10.1) + rspec-core (3.10.2) rspec-support (~> 3.10.0) - rspec-expectations (3.10.1) + rspec-expectations (3.10.2) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.10.0) rspec-its (1.3.0) rspec-core (>= 3.0.0) rspec-expectations (>= 3.0.0) - rspec-mocks (3.10.2) + rspec-mocks (3.10.3) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.10.0) - rspec-support (3.10.2) - ruby2_keywords (0.0.4) + rspec-support (3.10.3) + ruby2_keywords (0.0.5) rubyntlm (0.6.3) - rubyzip (2.3.0) + rubyzip (2.3.2) semverse (3.0.0) sslshake (1.3.1) strings (0.2.1) @@ -190,9 +246,9 @@ GEM unicode_utils (~> 1.4) strings-ansi (0.2.0) syslog-logger (1.6.8) - thor (1.1.0) + thor (1.2.1) tomlrb (1.3.0) - train-core (3.7.2) + train-core (3.8.7) addressable (~> 2.5) ffi (!= 1.13.0) json (>= 1.8, < 3.0) @@ -221,9 +277,11 @@ GEM pastel (~> 0.8) strings (~> 0.2.0) tty-screen (~> 0.8) - unicode-display_width (2.0.0) + unicode-display_width (2.1.0) unicode_utils (1.4.0) uuidtools (2.2.0) + vault (0.16.0) + aws-sigv4 webrick (1.7.0) winrm (2.3.6) builder (>= 2.1.2) @@ -251,7 +309,7 @@ PLATFORMS x86_64-linux DEPENDENCIES - knife-zero + knife-zero (>= 2.4.2) BUNDLED WITH 2.2.15 From 341806ec8a250add985bdfaef1b4ad8c72b74b09 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Thu, 10 Feb 2022 15:25:48 -0600 Subject: [PATCH 32/86] Update jemalloc binary path MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by Greg Karékinian --- .../templates/default/mastodon-sidekiq.systemd.service.erb | 2 +- .../templates/default/mastodon-web.systemd.service.erb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/site-cookbooks/kosmos-mastodon/templates/default/mastodon-sidekiq.systemd.service.erb b/site-cookbooks/kosmos-mastodon/templates/default/mastodon-sidekiq.systemd.service.erb index 1f5f491..e79ef2c 100644 --- a/site-cookbooks/kosmos-mastodon/templates/default/mastodon-sidekiq.systemd.service.erb +++ b/site-cookbooks/kosmos-mastodon/templates/default/mastodon-sidekiq.systemd.service.erb @@ -9,7 +9,7 @@ User=<%= @user %> WorkingDirectory=<%= @app_dir %> Environment="RAILS_ENV=production" Environment="DB_POOL=50" -Environment="LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libjemalloc.so.1" +Environment="LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libjemalloc.so.2" ExecStart=<%= @bundle_path %> exec sidekiq -c <%= @sidekiq_threads %> -q default -q mailers -q pull -q push TimeoutSec=15 Restart=always diff --git a/site-cookbooks/kosmos-mastodon/templates/default/mastodon-web.systemd.service.erb b/site-cookbooks/kosmos-mastodon/templates/default/mastodon-web.systemd.service.erb index 2fedefa..e6d3c44 100644 --- a/site-cookbooks/kosmos-mastodon/templates/default/mastodon-web.systemd.service.erb +++ b/site-cookbooks/kosmos-mastodon/templates/default/mastodon-web.systemd.service.erb @@ -10,7 +10,7 @@ PIDFile=<%= @app_dir %>/tmp/puma.pid WorkingDirectory=<%= @app_dir %> Environment="RAILS_ENV=production" Environment="PORT=3000" -Environment="LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libjemalloc.so.1" +Environment="LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libjemalloc.so.2" ExecStart=<%= @bundle_path %> exec puma -C config/puma.rb --pidfile <%= @app_dir %>/tmp/puma.pid ExecStop=<%= @bundle_path %> exec puma -C config/puma.rb --pidfile <%= @app_dir %>/tmp/puma.pid stop ExecReload=<%= @bundle_path %> exec pumactl -F config/puma.rb --pidfile <%= @app_dir %>/tmp/puma.pid phased-restart From b823ad5e593da708ff487b1c0678d3d713fae1a3 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Thu, 10 Feb 2022 15:27:02 -0600 Subject: [PATCH 33/86] Switch Mastodon cookbook to new Redis cookbook MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Also add new node config. refs #349 Co-authored-by Greg Karékinian --- clients/mastodon-2.json | 4 + nodes/mastodon-2.json | 90 +++++++++++++++++++ .../kosmos-mastodon/attributes/default.rb | 2 + site-cookbooks/kosmos-mastodon/metadata.rb | 2 +- .../kosmos-mastodon/recipes/default.rb | 3 +- ...odon-sidekiq-scheduler.systemd.service.erb | 6 +- .../mastodon-sidekiq.systemd.service.erb | 4 +- .../default/mastodon-web.systemd.service.erb | 4 +- 8 files changed, 106 insertions(+), 9 deletions(-) create mode 100644 clients/mastodon-2.json create mode 100644 nodes/mastodon-2.json diff --git a/clients/mastodon-2.json b/clients/mastodon-2.json new file mode 100644 index 0000000..ff3162b --- /dev/null +++ b/clients/mastodon-2.json @@ -0,0 +1,4 @@ +{ + "name": "mastodon-2", + "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA27a8h17CCQLP8JY59n+M\nURsrbeVvRi3yIUe1IklOlRSTy0L3Z37rFuSNC3dC9rKl/pHDKtorgeukxbFADXQx\nkta2LNX8gf09jCWsUdga5lWIbfOdtlCLRDG1MVEUSA0f6Sxdqr8RbjM2ch31T6Me\n5Z6DYdggwBujcPHwZC1AugI1wJ0T5XHY9f2MDs/XjNEdw3ThYbAdbl1e09ql6Gtg\nSVCa4RlLg/KICdLJtVOLkX6049/XRxi41I6xvu9tXsqgV3+bs8dYbeGLsTWmpPIv\naAUMcf/A5t4B2DVpnlXDytPqfvZQPD3aBVyfEJRGI1yD6Vi9zL3RyIhDQ/I7PMNI\naQIDAQAB\n-----END PUBLIC KEY-----\n" +} \ No newline at end of file diff --git a/nodes/mastodon-2.json b/nodes/mastodon-2.json new file mode 100644 index 0000000..8233528 --- /dev/null +++ b/nodes/mastodon-2.json @@ -0,0 +1,90 @@ +{ + "name": "mastodon-2", + "normal": { + "knife_zero": { + "host": "10.1.1.114" + } + }, + "automatic": { + "fqdn": "mastodon-2", + "os": "linux", + "os_version": "5.4.0-1049-kvm", + "hostname": "mastodon-2", + "ipaddress": "192.168.122.33", + "roles": [ + "mastodon", + "postgresql_client" + ], + "recipes": [ + "kosmos-base", + "kosmos-base::default", + "kosmos_postgresql::hostsfile", + "kosmos-mastodon", + "kosmos-mastodon::default", + "kosmos-mastodon::nginx", + "apt::default", + "timezone_iii::default", + "timezone_iii::debian", + "ntp::default", + "ntp::apparmor", + "kosmos-base::systemd_emails", + "apt::unattended-upgrades", + "kosmos-base::firewall", + "kosmos-postfix::default", + "postfix::default", + "postfix::_common", + "postfix::_attributes", + "postfix::sasl_auth", + "hostname::default", + "kosmos-nodejs::default", + "nodejs::nodejs_from_package", + "nodejs::repo", + "java::default", + "java::set_attributes_from_version", + "java::openjdk", + "java::notify", + "java::default_java_symlink", + "java::set_java_home", + "redisio::default", + "redisio::_install_prereqs", + "redisio::install", + "ulimit::default", + "redisio::disable_os_default", + "redisio::configure", + "redisio::enable", + "nodejs::npm", + "nodejs::install", + "kosmos-nginx::default", + "nginx::default", + "nginx::package", + "nginx::ohai_plugin", + "nginx::repo", + "nginx::commons", + "nginx::commons_dir", + "nginx::commons_script", + "nginx::commons_conf", + "kosmos-nginx::firewall", + "tor-full::default", + "git::default", + "git::package", + "kosmos-base::letsencrypt" + ], + "platform": "ubuntu", + "platform_version": "20.04", + "cloud": null, + "chef_packages": { + "ohai": { + "version": "15.12.0", + "ohai_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/ohai-15.12.0/lib/ohai" + }, + "chef": { + "version": "15.17.4", + "chef_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.17.4/lib" + } + } + }, + "run_list": [ + "recipe[kosmos-base]", + "role[mastodon]" + ] +} \ No newline at end of file diff --git a/site-cookbooks/kosmos-mastodon/attributes/default.rb b/site-cookbooks/kosmos-mastodon/attributes/default.rb index 0110dfc..e5fb368 100644 --- a/site-cookbooks/kosmos-mastodon/attributes/default.rb +++ b/site-cookbooks/kosmos-mastodon/attributes/default.rb @@ -9,6 +9,8 @@ node.default["kosmos-mastodon"]["sidekiq_threads"] = 25 # Allocate this amount of RAM to the Java heap for Elasticsearch node.default["kosmos-mastodon"]["elasticsearch"]["allocated_memory"] = "1536m" +node.override["redisio"]["version"] = "6.2.6" + node.override["tor"]["HiddenServices"]["mastodon"] = { "HiddenServicePorts" => ["80 127.0.0.1:80", "443 127.0.0.1:443"] } diff --git a/site-cookbooks/kosmos-mastodon/metadata.rb b/site-cookbooks/kosmos-mastodon/metadata.rb index 5885e4e..dc23b66 100644 --- a/site-cookbooks/kosmos-mastodon/metadata.rb +++ b/site-cookbooks/kosmos-mastodon/metadata.rb @@ -8,7 +8,7 @@ version '0.2.1' depends "kosmos-nginx" depends "kosmos-nodejs" -depends "kosmos-redis" +depends 'redisio' depends "poise-ruby-build" depends "application" depends "application_git" diff --git a/site-cookbooks/kosmos-mastodon/recipes/default.rb b/site-cookbooks/kosmos-mastodon/recipes/default.rb index ccb999d..5dcba8b 100644 --- a/site-cookbooks/kosmos-mastodon/recipes/default.rb +++ b/site-cookbooks/kosmos-mastodon/recipes/default.rb @@ -4,8 +4,9 @@ # include_recipe "kosmos-nodejs" -include_recipe "kosmos-redis" include_recipe "java" +include_recipe 'redisio::default' +include_recipe 'redisio::enable' elasticsearch_user 'elasticsearch' diff --git a/site-cookbooks/kosmos-mastodon/templates/default/mastodon-sidekiq-scheduler.systemd.service.erb b/site-cookbooks/kosmos-mastodon/templates/default/mastodon-sidekiq-scheduler.systemd.service.erb index 238855d..82d36f4 100644 --- a/site-cookbooks/kosmos-mastodon/templates/default/mastodon-sidekiq-scheduler.systemd.service.erb +++ b/site-cookbooks/kosmos-mastodon/templates/default/mastodon-sidekiq-scheduler.systemd.service.erb @@ -1,14 +1,14 @@ [Unit] Description=mastodon-sidekiq-scheduler -Requires=redis-server.service -After=redis-server.service +Requires=redis@6379.service +After=redis@6379.service [Service] Type=simple User=<%= @user %> WorkingDirectory=<%= @app_dir %> Environment="RAILS_ENV=production" -Environment="LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libjemalloc.so.1" +Environment="LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libjemalloc.so.2" ExecStart=<%= @bundle_path %> exec sidekiq -c <%= @sidekiq_threads %> -q scheduler TimeoutSec=15 Restart=always diff --git a/site-cookbooks/kosmos-mastodon/templates/default/mastodon-sidekiq.systemd.service.erb b/site-cookbooks/kosmos-mastodon/templates/default/mastodon-sidekiq.systemd.service.erb index e79ef2c..eea08fd 100644 --- a/site-cookbooks/kosmos-mastodon/templates/default/mastodon-sidekiq.systemd.service.erb +++ b/site-cookbooks/kosmos-mastodon/templates/default/mastodon-sidekiq.systemd.service.erb @@ -1,7 +1,7 @@ [Unit] Description=mastodon-sidekiq -Requires=redis-server.service -After=redis-server.service +Requires=redis@6379.service +After=redis@6379.service [Service] Type=simple diff --git a/site-cookbooks/kosmos-mastodon/templates/default/mastodon-web.systemd.service.erb b/site-cookbooks/kosmos-mastodon/templates/default/mastodon-web.systemd.service.erb index e6d3c44..59625d0 100644 --- a/site-cookbooks/kosmos-mastodon/templates/default/mastodon-web.systemd.service.erb +++ b/site-cookbooks/kosmos-mastodon/templates/default/mastodon-web.systemd.service.erb @@ -1,7 +1,7 @@ [Unit] Description=mastodon-web -Requires=redis-server.service -After=redis-server.service +Requires=redis@6379.service +After=redis@6379.service [Service] Type=simple From 22f5b8a66ce155f441d1d6a7e3bfe755f6966b4d Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Thu, 10 Feb 2022 15:32:25 -0600 Subject: [PATCH 34/86] Upgrade Gitea to 1.16.1 --- site-cookbooks/kosmos_gitea/attributes/default.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/site-cookbooks/kosmos_gitea/attributes/default.rb b/site-cookbooks/kosmos_gitea/attributes/default.rb index 03c602b..a8b66f4 100644 --- a/site-cookbooks/kosmos_gitea/attributes/default.rb +++ b/site-cookbooks/kosmos_gitea/attributes/default.rb @@ -1,6 +1,6 @@ -gitea_version = "1.15.11" +gitea_version = "1.16.1" node.default["kosmos_gitea"]["version"] = gitea_version node.default["kosmos_gitea"]["binary_url"] = "https://dl.gitea.io/gitea/#{gitea_version}/gitea-#{gitea_version}-linux-amd64" -node.default["kosmos_gitea"]["binary_checksum"] = "e2f62b67c311116fbf8e52b4c162dbd7684ce9c7f0370642c1d402fece43aa8f" +node.default["kosmos_gitea"]["binary_checksum"] = "f03f3a3c4dccc2219351cde5c9af372715b2ec3e88a821779702bc6f38084c97" node.default["kosmos_gitea"]["nginx"]["domain"] = "gitea.kosmos.org" node.default["kosmos_gitea"]["working_directory"] = "/var/lib/gitea" From c337ad9e401182506f1390e47b1418114d0e0365 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Thu, 10 Feb 2022 15:33:23 -0600 Subject: [PATCH 35/86] Remove obsolete node configs --- clients/postgres-3.json | 4 --- nodes/postgres-3.json | 56 ----------------------------------------- 2 files changed, 60 deletions(-) delete mode 100644 clients/postgres-3.json delete mode 100644 nodes/postgres-3.json diff --git a/clients/postgres-3.json b/clients/postgres-3.json deleted file mode 100644 index 6537c2e..0000000 --- a/clients/postgres-3.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "name": "postgres-3", - "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPsFwxISCjy38kw78N2I\nhkxK6S0uARkPggE+OP7jWwZqHtnz1O+ZUbM/o9i/dWgm0Xl+hQ6grPtjS57VzXJq\nlwsVDGTkyb5T6wAcZao/koQbA9ZABknLH/ra52gny+7j3b2q5RIdyhddTYZwsbIG\n9y2BfcUW0Z1mPVkR2NxzFloj0ulsrJs6/5GhqbREqPz5BsyBJlwFsREK2Dy6m2nm\nVMp+GIQlRdhy/D09s/BZ/Ejwe8D3tv3jJT5CRXkndwa5qIc96E1uzRQpyyKvXZDK\nYvUdQwniW4EBNHEo/se+OqP+Du/M1dReX6aTq9axbhKiVWoD3FtMVtGqE3uf/i4I\n0QIDAQAB\n-----END PUBLIC KEY-----\n" -} \ No newline at end of file diff --git a/nodes/postgres-3.json b/nodes/postgres-3.json deleted file mode 100644 index 71ee87f..0000000 --- a/nodes/postgres-3.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "name": "postgres-3", - "normal": { - "knife_zero": { - "host": "10.1.1.115" - } - }, - "automatic": { - "fqdn": "postgres-3", - "os": "linux", - "os_version": "5.4.0-64-generic", - "hostname": "postgres-3", - "ipaddress": "192.168.122.96", - "roles": [ - "postgresql_replica" - ], - "recipes": [ - "kosmos-base", - "kosmos-base::default", - "kosmos-postgresql::hostsfile", - "kosmos-postgresql::replica", - "kosmos-postgresql::firewall", - "apt::default", - "timezone_iii::default", - "timezone_iii::debian", - "ntp::default", - "ntp::apparmor", - "kosmos-base::systemd_emails", - "apt::unattended-upgrades", - "kosmos-base::firewall", - "kosmos-postfix::default", - "postfix::default", - "postfix::_common", - "postfix::_attributes", - "postfix::sasl_auth", - "hostname::default" - ], - "platform": "ubuntu", - "platform_version": "20.04", - "cloud": null, - "chef_packages": { - "chef": { - "version": "15.15.1", - "chef_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.15.1/lib" - }, - "ohai": { - "version": "15.12.0", - "ohai_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/ohai-15.12.0/lib/ohai" - } - } - }, - "run_list": [ - "recipe[kosmos-base]", - "role[postgresql_replica]" - ] -} \ No newline at end of file From a1f723d52e7e37295c4a578227c4a4e44016ebd2 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Thu, 10 Feb 2022 15:34:12 -0600 Subject: [PATCH 36/86] Deploy zerotier-2 VM on fornax --- clients/zerotier-2.json | 4 +++ nodes/zerotier-2.json | 57 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 61 insertions(+) create mode 100644 clients/zerotier-2.json create mode 100644 nodes/zerotier-2.json diff --git a/clients/zerotier-2.json b/clients/zerotier-2.json new file mode 100644 index 0000000..910153a --- /dev/null +++ b/clients/zerotier-2.json @@ -0,0 +1,4 @@ +{ + "name": "zerotier-2", + "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsild7NcktO5yVR3Uw0yA\negHFToXHaJMIR1z0WrfHgklHf27lRnWRHOiNjnR6SbsvKIT1MBntg4/mQgotah+n\npo6cKF+0pvUih+hOSBZ6+WwjRf5LxJTaj/R0e2j0Gig6PlDV3yWz8+2AB6gObVcb\nKOQT1w6p+T+S9t6Hv/E0Z8CJW+7ZXDZBvjKTg4kYb47P0J5704wATf38EcVAOuoa\nJsUJoE+dTygx2QUG78eiEYqVDgBak00MA7MpFI/yPrzfn4tjSO1aY2/vy1PyG0Zq\nfgAhuFNZPWQwxMvYsK68gFxfmfwsEn0iJOFh0rPCKYWgOCxzkMLk2z7ppCmNd+H6\nNQIDAQAB\n-----END PUBLIC KEY-----\n" +} \ No newline at end of file diff --git a/nodes/zerotier-2.json b/nodes/zerotier-2.json new file mode 100644 index 0000000..c4faee8 --- /dev/null +++ b/nodes/zerotier-2.json @@ -0,0 +1,57 @@ +{ + "name": "zerotier-2", + "normal": { + "knife_zero": { + "host": "192.168.122.214" + } + }, + "automatic": { + "fqdn": "zerotier-2", + "os": "linux", + "os_version": "5.4.0-1026-kvm", + "hostname": "zerotier-2", + "ipaddress": "192.168.122.214", + "roles": [ + "zerotier_controller" + ], + "recipes": [ + "kosmos-base", + "kosmos-base::default", + "kosmos_zerotier::controller", + "kosmos_zerotier::firewall", + "kosmos_zerotier::zncui", + "apt::default", + "timezone_iii::default", + "timezone_iii::debian", + "ntp::default", + "ntp::apparmor", + "kosmos-base::systemd_emails", + "apt::unattended-upgrades", + "kosmos-base::firewall", + "kosmos-postfix::default", + "postfix::default", + "postfix::_common", + "postfix::_attributes", + "postfix::sasl_auth", + "hostname::default" + ], + "platform": "ubuntu", + "platform_version": "20.04", + "cloud": null, + "chef_packages": { + "chef": { + "version": "17.9.46", + "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.9.46/lib", + "chef_effortless": null + }, + "ohai": { + "version": "17.9.0", + "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.9.0/lib/ohai" + } + } + }, + "run_list": [ + "recipe[kosmos-base]", + "role[zerotier_controller]" + ] +} \ No newline at end of file From 935eff3b84b720a53bd87673ac141de1197eef71 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Thu, 10 Feb 2022 15:34:28 -0600 Subject: [PATCH 37/86] Deploy zerotier-3 on DO Changes the firewall config to allow the control UI to be reached from all connected networks. --- clients/zerotier-3.json | 4 ++ nodes/zerotier-3.json | 67 +++++++++++++++++++ .../kosmos_zerotier/attributes/default.rb | 2 +- .../kosmos_zerotier/recipes/zncui.rb | 14 ++-- 4 files changed, 80 insertions(+), 7 deletions(-) create mode 100644 clients/zerotier-3.json create mode 100644 nodes/zerotier-3.json diff --git a/clients/zerotier-3.json b/clients/zerotier-3.json new file mode 100644 index 0000000..9371dce --- /dev/null +++ b/clients/zerotier-3.json @@ -0,0 +1,4 @@ +{ + "name": "zerotier-3", + "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA70y96zXq3XiMlJhLM5Tm\nCzRiZjwqCBN1fKOoihZpsgXHtqDfYd+5BTyafAKTpzVpAZ7HJp+X4da8T/rb+Pym\nu0PrREXJSXGdWjKIgvsTVUtT51ZFYWtqbpu2l43wh57KCt7Q57JRgKTPyNbHJS0Z\ngrB6fifvQMfzFMf+WKK4X7Z6VXFP1r2cwzRvywC4/d3ZSbJ4fP3g+nnl1623Pxfc\n/BkqyaDeRt2dBEa5I8+OvFkKC8muU99fWR/gPZkkWD4pFNwLPLnPfgdk3bUd7tjN\n/0ardVX9lRJog1CjXCHaUG9aq+WFrtr/tfW+kLff/P7k00E5zplqq9Oz6VUvRMmu\nNQIDAQAB\n-----END PUBLIC KEY-----\n" +} \ No newline at end of file diff --git a/nodes/zerotier-3.json b/nodes/zerotier-3.json new file mode 100644 index 0000000..e4421c4 --- /dev/null +++ b/nodes/zerotier-3.json @@ -0,0 +1,67 @@ +{ + "name": "zerotier-3", + "normal": { + "knife_zero": { + "host": "165.232.88.175" + } + }, + "automatic": { + "fqdn": "zerotier-3", + "os": "linux", + "os_version": "5.4.0-99-generic", + "hostname": "zerotier-3", + "ipaddress": "165.232.88.175", + "roles": [ + "zerotier_controller" + ], + "recipes": [ + "kosmos_zerotier::controller", + "kosmos_zerotier::firewall", + "kosmos_zerotier::zncui", + "kosmos-base", + "kosmos-base::default", + "kosmos-base::firewall", + "apt::default", + "timezone_iii::default", + "timezone_iii::debian", + "ntp::default", + "ntp::apparmor", + "kosmos-base::systemd_emails", + "apt::unattended-upgrades", + "kosmos-postfix::default", + "postfix::default", + "postfix::_common", + "postfix::_attributes", + "postfix::sasl_auth", + "hostname::default" + ], + "platform": "ubuntu", + "platform_version": "20.04", + "cloud": { + "public_ipv4_addrs": [ + "165.232.88.175" + ], + "local_ipv4_addrs": [ + "10.133.0.2" + ], + "provider": "digital_ocean", + "public_ipv4": "165.232.88.175", + "local_ipv4": "10.133.0.2" + }, + "chef_packages": { + "chef": { + "version": "17.9.46", + "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.9.46/lib", + "chef_effortless": null + }, + "ohai": { + "version": "17.9.0", + "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.9.0/lib/ohai" + } + } + }, + "run_list": [ + "role[zerotier_controller]", + "recipe[kosmos-base]" + ] +} \ No newline at end of file diff --git a/site-cookbooks/kosmos_zerotier/attributes/default.rb b/site-cookbooks/kosmos_zerotier/attributes/default.rb index 5031534..2f221f3 100644 --- a/site-cookbooks/kosmos_zerotier/attributes/default.rb +++ b/site-cookbooks/kosmos_zerotier/attributes/default.rb @@ -3,4 +3,4 @@ node.default['kosmos_zerotier']['server_port'] = 9993 node.default['ztncui']['version'] = '0.6.6' node.default['ztncui']['checksum'] = 'fa83679266a571c10e13b11293ebfb9d1c3515019f2af1e7dd066b5a37411018' node.default['ztncui']['http_all_interfaces'] = true -node.default['ztncui']['http_allow_access_from'] = '10.1.1.0/24' +node.default['ztncui']['http_allow_access_from'] = ['10.1.1.0/24','10.2.2.0/24'] diff --git a/site-cookbooks/kosmos_zerotier/recipes/zncui.rb b/site-cookbooks/kosmos_zerotier/recipes/zncui.rb index 06c54ce..080a96e 100644 --- a/site-cookbooks/kosmos_zerotier/recipes/zncui.rb +++ b/site-cookbooks/kosmos_zerotier/recipes/zncui.rb @@ -28,11 +28,13 @@ end include_recipe 'kosmos-base::firewall' -if node['ztncui']['http_allow_access_from'] - firewall_rule 'zncui_http' do - port 3000 - protocol :tcp - command :allow - source node['ztncui']['http_allow_access_from'] +if ip_addresses = node['ztncui']['http_allow_access_from'] + ip_addresses.each_with_index do |ip_address, i| + firewall_rule "zncui_http_#{i}" do + port 3000 + protocol :tcp + command :allow + source ip_address + end end end From 18161832ef9b3251170bc3981ce550abeeab736a Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Thu, 10 Feb 2022 16:59:58 -0600 Subject: [PATCH 38/86] Deploy new nodejs VM (nodejs-3) --- clients/nodejs-3.json | 4 ++ nodes/nodejs-3.json | 86 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 90 insertions(+) create mode 100644 clients/nodejs-3.json create mode 100644 nodes/nodejs-3.json diff --git a/clients/nodejs-3.json b/clients/nodejs-3.json new file mode 100644 index 0000000..17558de --- /dev/null +++ b/clients/nodejs-3.json @@ -0,0 +1,4 @@ +{ + "name": "nodejs-3", + "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqP7aGx+S9Mdt6xmaGnJ\nfNWWQsg4BvLiP1qtVt3VRrcXF2cy1bhgfnmqoBqnDk4bGlRoTzF+rSOw284+O2UQ\ntUlsBRos4TOyGfbYHehF12Re6NX51K9LHwaprr3eN5h08wLI8pjVrRJlbce8pHST\nXQ/CZvU+CBg43LE08cXr5kRmhnZrgh70g7zTO8+1E6y74r1LEh77Ar4uaaB5jXw7\n6o9TyfaA1HgyqvfYbH+9KPrJfMX/DeLrYPMI3IG/j3fzDUQQ8o9Pb5B+G1Apl+I+\nsTcgWRei5u06aZHLMMd8MMo4O1yUhbt05kxfVhlDGUDWBdi3cvsMf95t6MNdz/eq\niwIDAQAB\n-----END PUBLIC KEY-----\n" +} \ No newline at end of file diff --git a/nodes/nodejs-3.json b/nodes/nodejs-3.json new file mode 100644 index 0000000..5bf6228 --- /dev/null +++ b/nodes/nodejs-3.json @@ -0,0 +1,86 @@ +{ + "name": "nodejs-3", + "normal": { + "knife_zero": { + "host": "10.1.1.13" + } + }, + "automatic": { + "fqdn": "nodejs-3", + "os": "linux", + "os_version": "5.4.0-1049-kvm", + "hostname": "nodejs-3", + "ipaddress": "192.168.122.85", + "roles": [ + "kredits_github", + "sockethub" + ], + "recipes": [ + "kosmos-base", + "kosmos-base::default", + "kosmos-hubot::botka_irc-libera-chat", + "kredits-github", + "kredits-github::default", + "kredits-github::nginx", + "sockethub", + "sockethub::default", + "sockethub::proxy", + "apt::default", + "timezone_iii::default", + "timezone_iii::debian", + "ntp::default", + "ntp::apparmor", + "kosmos-base::systemd_emails", + "apt::unattended-upgrades", + "kosmos-base::firewall", + "kosmos-postfix::default", + "postfix::default", + "postfix::_common", + "postfix::_attributes", + "postfix::sasl_auth", + "hostname::default", + "kosmos-nodejs::default", + "nodejs::nodejs_from_package", + "nodejs::repo", + "kosmos-redis::default", + "redis::server", + "redis::default", + "backup::default", + "logrotate::default", + "kosmos-hubot::_user", + "kosmos-base::letsencrypt", + "kosmos-nginx::default", + "nginx::default", + "nginx::package", + "nginx::ohai_plugin", + "nginx::repo", + "nginx::commons", + "nginx::commons_dir", + "nginx::commons_script", + "nginx::commons_conf", + "kosmos-nginx::firewall", + "nodejs::npm", + "nodejs::install", + "sockethub::_firewall" + ], + "platform": "ubuntu", + "platform_version": "20.04", + "cloud": null, + "chef_packages": { + "ohai": { + "version": "15.12.0", + "ohai_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/ohai-15.12.0/lib/ohai" + }, + "chef": { + "version": "15.17.4", + "chef_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.17.4/lib" + } + } + }, + "run_list": [ + "recipe[kosmos-base]", + "recipe[kosmos-hubot::botka_irc-libera-chat]", + "role[kredits_github]", + "role[sockethub]" + ] +} \ No newline at end of file From a710182c398c7b914f7b3ab184d83731ebfb2380 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Thu, 10 Feb 2022 17:00:19 -0600 Subject: [PATCH 39/86] Add missing user recipe import to botka recipe --- site-cookbooks/kosmos-hubot/recipes/botka_irc-libera-chat.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/site-cookbooks/kosmos-hubot/recipes/botka_irc-libera-chat.rb b/site-cookbooks/kosmos-hubot/recipes/botka_irc-libera-chat.rb index 00db622..144e7f5 100644 --- a/site-cookbooks/kosmos-hubot/recipes/botka_irc-libera-chat.rb +++ b/site-cookbooks/kosmos-hubot/recipes/botka_irc-libera-chat.rb @@ -15,6 +15,7 @@ end include_recipe "kosmos-nodejs" include_recipe "kosmos-redis" +include_recipe "kosmos-hubot::_user" application app_path do credentials = Chef::EncryptedDataBagItem.load('credentials', app_name) From 03c7940f1c02491caeff6d1d7be164b658b6bad2 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Sat, 12 Feb 2022 10:53:45 -0600 Subject: [PATCH 40/86] Fix Webhooks for Drone not working in Gitea 1.16 By default, only external requests are allowed: https://github.com/go-gitea/gitea/pull/17482 --- site-cookbooks/kosmos_gitea/attributes/default.rb | 6 ++++++ site-cookbooks/kosmos_gitea/recipes/default.rb | 3 ++- site-cookbooks/kosmos_gitea/templates/default/app.ini.erb | 5 +++++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/site-cookbooks/kosmos_gitea/attributes/default.rb b/site-cookbooks/kosmos_gitea/attributes/default.rb index a8b66f4..7a6b5d0 100644 --- a/site-cookbooks/kosmos_gitea/attributes/default.rb +++ b/site-cookbooks/kosmos_gitea/attributes/default.rb @@ -4,3 +4,9 @@ node.default["kosmos_gitea"]["binary_url"] = "https://dl.gitea.io/gitea/#{gitea_ node.default["kosmos_gitea"]["binary_checksum"] = "f03f3a3c4dccc2219351cde5c9af372715b2ec3e88a821779702bc6f38084c97" node.default["kosmos_gitea"]["nginx"]["domain"] = "gitea.kosmos.org" node.default["kosmos_gitea"]["working_directory"] = "/var/lib/gitea" + +node.default["kosmos_gitea"]["config"] = { + "webhook": { + "allowed_host_list" => "external,127.0.1.1" + } +} diff --git a/site-cookbooks/kosmos_gitea/recipes/default.rb b/site-cookbooks/kosmos_gitea/recipes/default.rb index 9a2bddf..c059fa3 100644 --- a/site-cookbooks/kosmos_gitea/recipes/default.rb +++ b/site-cookbooks/kosmos_gitea/recipes/default.rb @@ -90,7 +90,8 @@ template "#{config_directory}/app.ini" do postgresql_password: gitea_data_bag_item["postgresql_password"], smtp_host: smtp_credentials["relayhost"], smtp_user: smtp_credentials["user_name"], - smtp_password: smtp_credentials["password"] + smtp_password: smtp_credentials["password"], + config: node["kosmos_gitea"]["config"] notifies :restart, "service[gitea]", :delayed end diff --git a/site-cookbooks/kosmos_gitea/templates/default/app.ini.erb b/site-cookbooks/kosmos_gitea/templates/default/app.ini.erb index e013a0d..1d43c86 100644 --- a/site-cookbooks/kosmos_gitea/templates/default/app.ini.erb +++ b/site-cookbooks/kosmos_gitea/templates/default/app.ini.erb @@ -85,3 +85,8 @@ ALLOWED_TYPES = image/gif|image/jpeg|image/png|application/zip|application/gzip MAX_SIZE = 10 ; ; Max number of files per upload. Defaults to 5 MAX_FILES = 5 + +<% if c = @config["webhook"] %> +[webhook] +<% if c["allowed_host_list"] %>ALLOWED_HOST_LIST = <%= c["allowed_host_list"] %><% end %> +<% end %> From 3c7cc1a13300919cc476766686249b1d5c17fea8 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Sat, 12 Feb 2022 10:57:26 -0600 Subject: [PATCH 41/86] Update node status --- nodes/centaurus.kosmos.org.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nodes/centaurus.kosmos.org.json b/nodes/centaurus.kosmos.org.json index 0cd9ebe..44d05a7 100644 --- a/nodes/centaurus.kosmos.org.json +++ b/nodes/centaurus.kosmos.org.json @@ -8,7 +8,7 @@ "automatic": { "fqdn": "centaurus.kosmos.org", "os": "linux", - "os_version": "5.4.0-42-generic", + "os_version": "5.4.0-99-generic", "hostname": "centaurus", "ipaddress": "78.46.59.98", "roles": [ From e46c8b3e819ebc3014ca3c4958ec2da30e0ee8c0 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Sat, 12 Feb 2022 10:58:15 -0600 Subject: [PATCH 42/86] Put Vagrant IP in new VirtualBox default allowed range --- Vagrantfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Vagrantfile b/Vagrantfile index 4cf5ee3..f73c803 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -39,7 +39,7 @@ Vagrant.configure(2) do |config| # Create a private network, which allows host-only access to the machine # using a specific IP. - # config.vm.network "private_network", ip: "192.168.33.10" + config.vm.network "private_network", ip: "192.168.56.5" # Create a public network, which generally matched to bridged network. # Bridged networks make the machine appear as another physical device on From 7a8fb1bc7843a15501122ccfbf1ce5031ecd9795 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Thu, 17 Feb 2022 13:02:10 -0600 Subject: [PATCH 43/86] Add new Discourse VM --- clients/discourse-1.json | 4 +++ nodes/discourse-1.json | 53 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 57 insertions(+) create mode 100644 clients/discourse-1.json create mode 100644 nodes/discourse-1.json diff --git a/clients/discourse-1.json b/clients/discourse-1.json new file mode 100644 index 0000000..404ea0c --- /dev/null +++ b/clients/discourse-1.json @@ -0,0 +1,4 @@ +{ + "name": "discourse-1", + "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxJBhKUtTcmjP8eG4aLNF\n9UfNU9lRIFhfywjFJjtXoYdNaUatZHE3s1HKND0SjJs5BRQbZBEKLxTHCgnPZD4U\nlRgZ65JtHwi+JNM6ac4TQm5JYKA++KxX7FtOiJV6oGX6foNoFVHrGi+fhTlLE9hL\npHRQWTpM8ErpUEj3VHez+k6KT1Mr3QO5T9L5kqu1BdTYwtyfXJE0VfyDKz/rwrvc\ngPvZd167p8YCTu/rWLG9X8tag+ySUR9cmlEn5sCsBLmq56Zurf0VIe/0tuGPI8DP\nAVc4dIXHsfGuKLwBfFPSDy9YbI7F8gbaD05UnUVn60IWPmWsE19K/iIc/OnJZwRO\nkQIDAQAB\n-----END PUBLIC KEY-----\n" +} \ No newline at end of file diff --git a/nodes/discourse-1.json b/nodes/discourse-1.json new file mode 100644 index 0000000..e0d1024 --- /dev/null +++ b/nodes/discourse-1.json @@ -0,0 +1,53 @@ +{ + "name": "discourse-1", + "normal": { + "knife_zero": { + "host": "10.1.1.20" + } + }, + "automatic": { + "fqdn": "discourse-1", + "os": "linux", + "os_version": "5.4.0-1049-kvm", + "hostname": "discourse-1", + "ipaddress": "192.168.122.148", + "roles": [ + + ], + "recipes": [ + "kosmos-base", + "kosmos-base::default", + "apt::default", + "timezone_iii::default", + "timezone_iii::debian", + "ntp::default", + "ntp::apparmor", + "kosmos-base::systemd_emails", + "apt::unattended-upgrades", + "kosmos-base::firewall", + "kosmos-postfix::default", + "postfix::default", + "postfix::_common", + "postfix::_attributes", + "postfix::sasl_auth", + "hostname::default" + ], + "platform": "ubuntu", + "platform_version": "20.04", + "cloud": null, + "chef_packages": { + "chef": { + "version": "17.9.46", + "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.9.46/lib", + "chef_effortless": null + }, + "ohai": { + "version": "17.9.0", + "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.9.0/lib/ohai" + } + } + }, + "run_list": [ + "recipe[kosmos-base]" + ] +} \ No newline at end of file From e8f46db49ce50622846da13910833b67a773579b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= Date: Fri, 18 Feb 2022 18:14:33 +0100 Subject: [PATCH 44/86] Extract the nginx config for discourse to a recipe Get the upstream servers automatically from Chef nodes --- .../kosmos_discourse/recipes/default.rb | 40 ------------------- .../kosmos_discourse/recipes/nginx.rb | 32 +++++++++++++++ .../kosmos_discourse/templates/nginx_conf.erb | 4 +- 3 files changed, 35 insertions(+), 41 deletions(-) create mode 100644 site-cookbooks/kosmos_discourse/recipes/nginx.rb diff --git a/site-cookbooks/kosmos_discourse/recipes/default.rb b/site-cookbooks/kosmos_discourse/recipes/default.rb index 5e65960..de204a8 100644 --- a/site-cookbooks/kosmos_discourse/recipes/default.rb +++ b/site-cookbooks/kosmos_discourse/recipes/default.rb @@ -2,30 +2,8 @@ # Cookbook:: kosmos_discourse # Recipe:: default # -# The MIT License (MIT) -# -# Copyright:: 2020, Kosmos Developers -# -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to deal -# in the Software without restriction, including without limitation the rights -# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -# copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: -# -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -# THE SOFTWARE. package "docker-compose" -domain = "community.kosmos.org" deploy_path = "/opt/discourse" repo = "https://github.com/discourse/discourse_docker" @@ -54,21 +32,3 @@ systemd_unit "discourse.service" do }}) action [:create, :enable] end - -template "#{node['nginx']['dir']}/sites-available/#{domain}" do - source "nginx_conf.erb" - owner 'www-data' - mode 0640 - variables server_name: domain, - ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem", - ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem", - upstream_port: 3001 - - notifies :reload, 'service[nginx]', :delayed -end - -nginx_site domain do - action :enable -end - -nginx_certbot_site domain diff --git a/site-cookbooks/kosmos_discourse/recipes/nginx.rb b/site-cookbooks/kosmos_discourse/recipes/nginx.rb new file mode 100644 index 0000000..9621fa6 --- /dev/null +++ b/site-cookbooks/kosmos_discourse/recipes/nginx.rb @@ -0,0 +1,32 @@ +# +# Cookbook:: kosmos_discourse +# Recipe:: nginx +# + +domain = "community.kosmos.org" + +upstream_ip_addresses = [] +search(:node, "role:discourse").each do |n| + upstream_ip_addresses << n["knife_zero"]["host"] +end +# No Discourse host, stop here +return if upstream_ip_addresses.empty? + +template "#{node['nginx']['dir']}/sites-available/#{domain}" do + source "nginx_conf.erb" + owner 'www-data' + mode 0640 + variables server_name: domain, + ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem", + ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem", + upstream_port: 3001, + upstream_ip_addresses: upstream_ip_addresses + + notifies :reload, 'service[nginx]', :delayed +end + +nginx_site domain do + action :enable +end + +nginx_certbot_site domain diff --git a/site-cookbooks/kosmos_discourse/templates/nginx_conf.erb b/site-cookbooks/kosmos_discourse/templates/nginx_conf.erb index a1d639c..6d7427d 100644 --- a/site-cookbooks/kosmos_discourse/templates/nginx_conf.erb +++ b/site-cookbooks/kosmos_discourse/templates/nginx_conf.erb @@ -1,6 +1,8 @@ # Generated by Chef upstream _discourse { - server localhost:<%= @upstream_port %>; + <% @upstream_ip_addresses.each do |upstream_ip_address| -%> + server <%= upstream_ip_address %>:<%= @upstream_port %>; + <% end -%> } <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%> From 79f623de4ee502f70b77cf04ac024dcd1753cb29 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= Date: Fri, 18 Feb 2022 18:15:33 +0100 Subject: [PATCH 45/86] Prepare fornax and discourse-1 for the discourse migration --- nodes/discourse-1.json | 5 +++-- nodes/fornax.kosmos.org.json | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/nodes/discourse-1.json b/nodes/discourse-1.json index e0d1024..d030b2b 100644 --- a/nodes/discourse-1.json +++ b/nodes/discourse-1.json @@ -48,6 +48,7 @@ } }, "run_list": [ - "recipe[kosmos-base]" + "recipe[kosmos-base]", + "role[discourse]" ] -} \ No newline at end of file +} diff --git a/nodes/fornax.kosmos.org.json b/nodes/fornax.kosmos.org.json index 853710e..2a4d048 100644 --- a/nodes/fornax.kosmos.org.json +++ b/nodes/fornax.kosmos.org.json @@ -49,6 +49,7 @@ }, "run_list": [ "recipe[kosmos-base]", - "recipe[kosmos_kvm::host]" + "recipe[kosmos_kvm::host]", + "recipe[kosmos_discourse::nginx]" ] -} \ No newline at end of file +} From 163b12efbc192ec80392dd6154c18923516db541 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Fri, 18 Feb 2022 12:22:15 -0600 Subject: [PATCH 46/86] Add firewall rule for Discourse --- site-cookbooks/kosmos_discourse/metadata.rb | 1 + site-cookbooks/kosmos_discourse/recipes/default.rb | 9 +++++++++ 2 files changed, 10 insertions(+) diff --git a/site-cookbooks/kosmos_discourse/metadata.rb b/site-cookbooks/kosmos_discourse/metadata.rb index 76a2e83..d8aa80e 100644 --- a/site-cookbooks/kosmos_discourse/metadata.rb +++ b/site-cookbooks/kosmos_discourse/metadata.rb @@ -8,3 +8,4 @@ version '0.1.0' chef_version '>= 14.0' depends "kosmos-nginx" +depends 'firewall' diff --git a/site-cookbooks/kosmos_discourse/recipes/default.rb b/site-cookbooks/kosmos_discourse/recipes/default.rb index de204a8..b60c210 100644 --- a/site-cookbooks/kosmos_discourse/recipes/default.rb +++ b/site-cookbooks/kosmos_discourse/recipes/default.rb @@ -32,3 +32,12 @@ systemd_unit "discourse.service" do }}) action [:create, :enable] end + +include_recipe 'firewall' + +firewall_rule 'discourse' do + port [3001] + source "10.1.1.0/24" + protocol :tcp + command :allow +end From 910817a7d4ddba82d2678f08ba47808422bdb75d Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Fri, 18 Feb 2022 12:23:14 -0600 Subject: [PATCH 47/86] Create certbot site before normal site --- site-cookbooks/kosmos_discourse/recipes/nginx.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/site-cookbooks/kosmos_discourse/recipes/nginx.rb b/site-cookbooks/kosmos_discourse/recipes/nginx.rb index 9621fa6..3f7602d 100644 --- a/site-cookbooks/kosmos_discourse/recipes/nginx.rb +++ b/site-cookbooks/kosmos_discourse/recipes/nginx.rb @@ -12,6 +12,8 @@ end # No Discourse host, stop here return if upstream_ip_addresses.empty? +nginx_certbot_site domain + template "#{node['nginx']['dir']}/sites-available/#{domain}" do source "nginx_conf.erb" owner 'www-data' @@ -28,5 +30,3 @@ end nginx_site domain do action :enable end - -nginx_certbot_site domain From 5b2ae82ce6bf185bc8e25c0863a8c596fa496fb6 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Fri, 18 Feb 2022 12:23:37 -0600 Subject: [PATCH 48/86] Remove obsolete IP from nginx config --- site-cookbooks/kosmos_discourse/templates/nginx_conf.erb | 1 - 1 file changed, 1 deletion(-) diff --git a/site-cookbooks/kosmos_discourse/templates/nginx_conf.erb b/site-cookbooks/kosmos_discourse/templates/nginx_conf.erb index 6d7427d..9db6621 100644 --- a/site-cookbooks/kosmos_discourse/templates/nginx_conf.erb +++ b/site-cookbooks/kosmos_discourse/templates/nginx_conf.erb @@ -18,7 +18,6 @@ server { # Send real IP to the Docker container set_real_ip_from 127.0.0.1; - set_real_ip_from 172.17.0.1; real_ip_header X-Forwarded-For; client_max_body_size 20M; From 31631ddc4adf27ed41fee64eea704659d09c3985 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= Date: Fri, 18 Feb 2022 19:39:04 +0100 Subject: [PATCH 49/86] Add missing recipe --- site-cookbooks/kosmos_discourse/recipes/nginx.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/site-cookbooks/kosmos_discourse/recipes/nginx.rb b/site-cookbooks/kosmos_discourse/recipes/nginx.rb index 3f7602d..9bd3b4c 100644 --- a/site-cookbooks/kosmos_discourse/recipes/nginx.rb +++ b/site-cookbooks/kosmos_discourse/recipes/nginx.rb @@ -3,6 +3,8 @@ # Recipe:: nginx # +include_recipe "kosmos-nginx" + domain = "community.kosmos.org" upstream_ip_addresses = [] From 7582cafb77dd3777d2d04a9250cb93e6ca16a90f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= Date: Fri, 18 Feb 2022 19:42:43 +0100 Subject: [PATCH 50/86] Explicitly install snapd package It was not installed on fornax for example --- site-cookbooks/kosmos-nginx/resources/nginx_certbot_site.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/site-cookbooks/kosmos-nginx/resources/nginx_certbot_site.rb b/site-cookbooks/kosmos-nginx/resources/nginx_certbot_site.rb index 8dc974e..05adb45 100644 --- a/site-cookbooks/kosmos-nginx/resources/nginx_certbot_site.rb +++ b/site-cookbooks/kosmos-nginx/resources/nginx_certbot_site.rb @@ -9,6 +9,8 @@ property :site, String action :create do return if node.chef_environment == "development" + package "snapd" + domain = new_resource.domain site = new_resource.site || domain root_directory = "/var/www/#{domain}" From 98547088f1d8a7062515fb90c642d5040cbfc3ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= Date: Fri, 18 Feb 2022 19:58:59 +0100 Subject: [PATCH 51/86] Add the zerotier IP for fornax --- nodes/fornax.kosmos.org.json | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/nodes/fornax.kosmos.org.json b/nodes/fornax.kosmos.org.json index 2a4d048..cb290db 100644 --- a/nodes/fornax.kosmos.org.json +++ b/nodes/fornax.kosmos.org.json @@ -2,7 +2,7 @@ "name": "fornax.kosmos.org", "normal": { "knife_zero": { - "host": "fornax.kosmos.org" + "host": "10.1.1.187" } }, "automatic": { @@ -18,10 +18,12 @@ "kosmos-base", "kosmos-base::default", "kosmos_kvm::host", + "kosmos_discourse::nginx", "apt::default", "timezone_iii::default", "timezone_iii::debian", "ntp::default", + "ntp::apparmor", "kosmos-base::systemd_emails", "apt::unattended-upgrades", "kosmos-base::firewall", @@ -30,7 +32,18 @@ "postfix::_common", "postfix::_attributes", "postfix::sasl_auth", - "hostname::default" + "hostname::default", + "kosmos-nginx::default", + "nginx::default", + "nginx::package", + "nginx::ohai_plugin", + "nginx::repo", + "nginx::commons", + "nginx::commons_dir", + "nginx::commons_script", + "nginx::commons_conf", + "kosmos-nginx::firewall", + "kosmos-base::letsencrypt" ], "platform": "ubuntu", "platform_version": "20.04", From 58f2544a9e54841c36c39c396503414129309691 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= Date: Fri, 18 Feb 2022 19:59:17 +0100 Subject: [PATCH 52/86] Remove the discourse role from centaurus --- nodes/centaurus.kosmos.org.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/nodes/centaurus.kosmos.org.json b/nodes/centaurus.kosmos.org.json index 44d05a7..c617ef4 100644 --- a/nodes/centaurus.kosmos.org.json +++ b/nodes/centaurus.kosmos.org.json @@ -83,7 +83,6 @@ "recipe[kosmos-base]", "recipe[kosmos_encfs]", "role[gitea]", - "role[discourse]", "role[drone]", "recipe[kosmos_assets::nginx_site]", "recipe[kosmos_kvm::host]", @@ -92,4 +91,4 @@ "recipe[kosmos_zerotier::firewall]", "recipe[sockethub::_firewall]" ] -} \ No newline at end of file +} From ee6bde5b2347285aee72c9ff1475b1f42d6b9f1d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= Date: Fri, 18 Feb 2022 20:00:18 +0100 Subject: [PATCH 53/86] Update discourse-1 node after running Chef --- nodes/discourse-1.json | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/nodes/discourse-1.json b/nodes/discourse-1.json index d030b2b..e2cad15 100644 --- a/nodes/discourse-1.json +++ b/nodes/discourse-1.json @@ -8,15 +8,17 @@ "automatic": { "fqdn": "discourse-1", "os": "linux", - "os_version": "5.4.0-1049-kvm", + "os_version": "5.4.0-1055-kvm", "hostname": "discourse-1", "ipaddress": "192.168.122.148", "roles": [ - + "discourse" ], "recipes": [ "kosmos-base", "kosmos-base::default", + "kosmos_discourse", + "kosmos_discourse::default", "apt::default", "timezone_iii::default", "timezone_iii::debian", @@ -30,7 +32,9 @@ "postfix::_common", "postfix::_attributes", "postfix::sasl_auth", - "hostname::default" + "hostname::default", + "firewall::default", + "chef-sugar::default" ], "platform": "ubuntu", "platform_version": "20.04", From dc5813a8bb39c8bd25eebc1f0bb61a586e398485 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Fri, 18 Feb 2022 13:18:43 -0600 Subject: [PATCH 54/86] Remove old zerotier VM config --- clients/zerotier-1.json | 4 --- nodes/zerotier-1.json | 56 ----------------------------------------- 2 files changed, 60 deletions(-) delete mode 100644 clients/zerotier-1.json delete mode 100644 nodes/zerotier-1.json diff --git a/clients/zerotier-1.json b/clients/zerotier-1.json deleted file mode 100644 index f493753..0000000 --- a/clients/zerotier-1.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "name": "zerotier-1", - "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx59liuiEXuAykaiQhjvO\nMimzWH2MOE/GdfPdlGG0IupDtGbDgpsu6lHB/Tc8ct+SEsj55KuamEmUew3EzWRQ\ngVWAPjWtlk6gqVlpU+8eJjTAxT1vaEOvetzliPDNzRBk1AAzS0IkMQwPAIqOD2Vm\nz+QDrTiEFNnbKyBDQ54uY9jBtEgTHgzZyc9KHTjcodJu/oCmOuO0ieTtMS4CDWVl\no2auyABpXX6PzW3hFvH/GB0IlVC5IBa7XS6JrbIFbZCvoAYf/egcQUTToNiKH45e\n2tPZbFpOt955zwInKTioW+Ak3qVVEPvCZ9IBTN7jZkSQuP4Ob5SA4+IbDJcXGulG\nZQIDAQAB\n-----END PUBLIC KEY-----\n" -} \ No newline at end of file diff --git a/nodes/zerotier-1.json b/nodes/zerotier-1.json deleted file mode 100644 index 13454ae..0000000 --- a/nodes/zerotier-1.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "name": "zerotier-1", - "normal": { - "knife_zero": { - "host": "10.1.1.147" - } - }, - "automatic": { - "fqdn": "zerotier-1", - "os": "linux", - "os_version": "5.4.0-1028-kvm", - "hostname": "zerotier-1", - "ipaddress": "192.168.122.72", - "roles": [ - "zerotier_controller" - ], - "recipes": [ - "kosmos-base", - "kosmos-base::default", - "kosmos_zerotier::controller", - "kosmos_zerotier::firewall", - "kosmos_zerotier::zncui", - "apt::default", - "timezone_iii::default", - "timezone_iii::debian", - "ntp::default", - "ntp::apparmor", - "kosmos-base::systemd_emails", - "apt::unattended-upgrades", - "kosmos-base::firewall", - "kosmos-postfix::default", - "postfix::default", - "postfix::_common", - "postfix::_attributes", - "postfix::sasl_auth", - "hostname::default" - ], - "platform": "ubuntu", - "platform_version": "20.04", - "cloud": null, - "chef_packages": { - "chef": { - "version": "15.14.0", - "chef_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.14.0/lib" - }, - "ohai": { - "version": "15.12.0", - "ohai_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/ohai-15.12.0/lib/ohai" - } - } - }, - "run_list": [ - "recipe[kosmos-base]", - "role[zerotier_controller]" - ] -} \ No newline at end of file From 74083256f4b8002c24e07f2e74c92fe09b3d3ada Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Fri, 18 Feb 2022 13:19:42 -0600 Subject: [PATCH 55/86] Update zerotier-2 host --- nodes/zerotier-2.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nodes/zerotier-2.json b/nodes/zerotier-2.json index c4faee8..02dd22f 100644 --- a/nodes/zerotier-2.json +++ b/nodes/zerotier-2.json @@ -2,7 +2,7 @@ "name": "zerotier-2", "normal": { "knife_zero": { - "host": "192.168.122.214" + "host": "10.1.1.147" } }, "automatic": { @@ -54,4 +54,4 @@ "recipe[kosmos-base]", "role[zerotier_controller]" ] -} \ No newline at end of file +} From e9c5286b24b0e108dfef6508c8d71c74d2796b36 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Sat, 19 Feb 2022 11:52:48 -0600 Subject: [PATCH 56/86] Deploy new akkounts Requires a newer version of Ruby. --- nodes/akkounts-1.json | 3 ++- site-cookbooks/kosmos-akkounts/recipes/default.rb | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/nodes/akkounts-1.json b/nodes/akkounts-1.json index 1168a2d..c509f58 100644 --- a/nodes/akkounts-1.json +++ b/nodes/akkounts-1.json @@ -8,7 +8,7 @@ "automatic": { "fqdn": "akkounts-1", "os": "linux", - "os_version": "5.4.0-90-generic", + "os_version": "5.4.0-100-generic", "hostname": "akkounts-1", "ipaddress": "192.168.122.160", "roles": [ @@ -56,6 +56,7 @@ "nginx::commons_script", "nginx::commons_conf", "kosmos-nginx::firewall", + "poise-git::default", "git::default", "git::package", "kosmos-base::letsencrypt" diff --git a/site-cookbooks/kosmos-akkounts/recipes/default.rb b/site-cookbooks/kosmos-akkounts/recipes/default.rb index 9b736aa..efc1d20 100644 --- a/site-cookbooks/kosmos-akkounts/recipes/default.rb +++ b/site-cookbooks/kosmos-akkounts/recipes/default.rb @@ -27,7 +27,7 @@ npm_package "yarn" do version "1.22.4" end -ruby_version = "2.6.6" +ruby_version = "2.7.5" bundle_path = "/opt/ruby_build/builds/#{ruby_version}/bin/bundle" rails_env = node.chef_environment == "development" ? "development" : "production" From 227e4a4665c00483155393dda38ef3b0d8e47e22 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Sat, 26 Feb 2022 09:47:31 -0600 Subject: [PATCH 57/86] Update node info --- nodes/akkounts-1.json | 1 - 1 file changed, 1 deletion(-) diff --git a/nodes/akkounts-1.json b/nodes/akkounts-1.json index c509f58..9b85cab 100644 --- a/nodes/akkounts-1.json +++ b/nodes/akkounts-1.json @@ -56,7 +56,6 @@ "nginx::commons_script", "nginx::commons_conf", "kosmos-nginx::firewall", - "poise-git::default", "git::default", "git::package", "kosmos-base::letsencrypt" From 1586fd536a7f64f82f059b54924155ef39ddb5a7 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Sun, 27 Feb 2022 13:09:17 -0600 Subject: [PATCH 58/86] Remove superfluous license header --- site-cookbooks/sockethub/recipes/_firewall.rb | 21 ------------------- site-cookbooks/sockethub/recipes/default.rb | 21 ------------------- site-cookbooks/sockethub/recipes/proxy.rb | 21 ------------------- 3 files changed, 63 deletions(-) diff --git a/site-cookbooks/sockethub/recipes/_firewall.rb b/site-cookbooks/sockethub/recipes/_firewall.rb index dd61637..809d5a9 100644 --- a/site-cookbooks/sockethub/recipes/_firewall.rb +++ b/site-cookbooks/sockethub/recipes/_firewall.rb @@ -2,27 +2,6 @@ # Cookbook Name:: sockethub # Recipe:: _firewall # -# The MIT License (MIT) -# -# Copyright:: 2019, Kosmos Developers -# -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to deal -# in the Software without restriction, including without limitation the rights -# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -# copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: -# -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -# THE SOFTWARE. unless node.chef_environment == "development" include_recipe "kosmos-base::firewall" diff --git a/site-cookbooks/sockethub/recipes/default.rb b/site-cookbooks/sockethub/recipes/default.rb index 59f6412..eaf9568 100644 --- a/site-cookbooks/sockethub/recipes/default.rb +++ b/site-cookbooks/sockethub/recipes/default.rb @@ -2,27 +2,6 @@ # Cookbook Name:: sockethub # Recipe:: default # -# The MIT License (MIT) -# -# Copyright:: 2019, Kosmos Developers -# -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to deal -# in the Software without restriction, including without limitation the rights -# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -# copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: -# -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -# THE SOFTWARE. include_recipe 'kosmos-nodejs' include_recipe 'kosmos-redis' diff --git a/site-cookbooks/sockethub/recipes/proxy.rb b/site-cookbooks/sockethub/recipes/proxy.rb index 29c753c..7d2ff76 100644 --- a/site-cookbooks/sockethub/recipes/proxy.rb +++ b/site-cookbooks/sockethub/recipes/proxy.rb @@ -2,27 +2,6 @@ # Cookbook Name:: sockethub # Recipe:: proxy # -# The MIT License (MIT) -# -# Copyright:: 2019, Kosmos Developers -# -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to deal -# in the Software without restriction, including without limitation the rights -# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -# copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: -# -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -# THE SOFTWARE. include_recipe 'sockethub::_firewall' include_recipe 'kosmos-nginx' From b9775a26e49d486cc6c46456c97f0cc349fa47aa Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Sun, 27 Feb 2022 13:09:42 -0600 Subject: [PATCH 59/86] Rename sockethub firewall recipe Not just used internally anymore. --- nodes/nodejs-3.json | 2 +- site-cookbooks/sockethub/recipes/_firewall.rb | 3 +-- site-cookbooks/sockethub/recipes/firewall.rb | 14 ++++++++++++++ site-cookbooks/sockethub/recipes/proxy.rb | 2 +- 4 files changed, 17 insertions(+), 4 deletions(-) create mode 100644 site-cookbooks/sockethub/recipes/firewall.rb diff --git a/nodes/nodejs-3.json b/nodes/nodejs-3.json index 5bf6228..91f821a 100644 --- a/nodes/nodejs-3.json +++ b/nodes/nodejs-3.json @@ -61,7 +61,7 @@ "kosmos-nginx::firewall", "nodejs::npm", "nodejs::install", - "sockethub::_firewall" + "sockethub::firewall" ], "platform": "ubuntu", "platform_version": "20.04", diff --git a/site-cookbooks/sockethub/recipes/_firewall.rb b/site-cookbooks/sockethub/recipes/_firewall.rb index 809d5a9..08f58b0 100644 --- a/site-cookbooks/sockethub/recipes/_firewall.rb +++ b/site-cookbooks/sockethub/recipes/_firewall.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: sockethub -# Recipe:: _firewall +# Recipe:: firewall # unless node.chef_environment == "development" @@ -12,4 +12,3 @@ unless node.chef_environment == "development" command :allow end end - diff --git a/site-cookbooks/sockethub/recipes/firewall.rb b/site-cookbooks/sockethub/recipes/firewall.rb new file mode 100644 index 0000000..08f58b0 --- /dev/null +++ b/site-cookbooks/sockethub/recipes/firewall.rb @@ -0,0 +1,14 @@ +# +# Cookbook Name:: sockethub +# Recipe:: firewall +# + +unless node.chef_environment == "development" + include_recipe "kosmos-base::firewall" + + firewall_rule 'sockethub' do + port node['sockethub']['external_port'].to_i + protocol :tcp + command :allow + end +end diff --git a/site-cookbooks/sockethub/recipes/proxy.rb b/site-cookbooks/sockethub/recipes/proxy.rb index 7d2ff76..a62b5fd 100644 --- a/site-cookbooks/sockethub/recipes/proxy.rb +++ b/site-cookbooks/sockethub/recipes/proxy.rb @@ -3,7 +3,7 @@ # Recipe:: proxy # -include_recipe 'sockethub::_firewall' +include_recipe 'sockethub::firewall' include_recipe 'kosmos-nginx' include_recipe "kosmos-base::letsencrypt" From 2e8004b37a46a614092fa48f81f658981468c56f Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Sun, 27 Feb 2022 13:10:00 -0600 Subject: [PATCH 60/86] Add sockethub::firewall to draco, update node info --- nodes/draco.kosmos.org.json | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/nodes/draco.kosmos.org.json b/nodes/draco.kosmos.org.json index c461387..cd07a03 100644 --- a/nodes/draco.kosmos.org.json +++ b/nodes/draco.kosmos.org.json @@ -12,16 +12,13 @@ "hostname": "draco", "ipaddress": "148.251.237.73", "roles": [ - "postgresql_primary" + ], "recipes": [ "kosmos-base", "kosmos-base::default", "kosmos_encfs", "kosmos_encfs::default", - "kosmos-postgresql", - "kosmos-postgresql::default", - "kosmos-postgresql::firewall_replicas", "kosmos_kvm::host", "kosmos-ejabberd::firewall", "kosmos-ipfs::firewall_swarm", @@ -29,10 +26,12 @@ "kosmos-bitcoin::firewall", "kosmos_zerotier::firewall", "kosmos-nginx::firewall", + "sockethub::firewall", "apt::default", "timezone_iii::default", "timezone_iii::debian", "ntp::default", + "ntp::apparmor", "kosmos-base::systemd_emails", "apt::unattended-upgrades", "kosmos-base::firewall", @@ -43,8 +42,7 @@ "postfix::sasl_auth", "hostname::default", "firewall::default", - "chef-sugar::default", - "build-essential::default" + "chef-sugar::default" ], "platform": "ubuntu", "platform_version": "20.04", @@ -69,6 +67,7 @@ "recipe[kosmos-ipfs::firewall_public_gateway]", "recipe[kosmos-bitcoin::firewall]", "recipe[kosmos_zerotier::firewall]", - "recipe[kosmos-nginx::firewall]" + "recipe[kosmos-nginx::firewall]", + "recipe[sockethub::firewall]" ] -} +} \ No newline at end of file From f50e7874baa08d48068439bd6177e876e6a71954 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Sun, 27 Feb 2022 16:08:40 -0600 Subject: [PATCH 61/86] Remove old sockethub firewall recipe --- site-cookbooks/sockethub/recipes/_firewall.rb | 14 -------------- 1 file changed, 14 deletions(-) delete mode 100644 site-cookbooks/sockethub/recipes/_firewall.rb diff --git a/site-cookbooks/sockethub/recipes/_firewall.rb b/site-cookbooks/sockethub/recipes/_firewall.rb deleted file mode 100644 index 08f58b0..0000000 --- a/site-cookbooks/sockethub/recipes/_firewall.rb +++ /dev/null @@ -1,14 +0,0 @@ -# -# Cookbook Name:: sockethub -# Recipe:: firewall -# - -unless node.chef_environment == "development" - include_recipe "kosmos-base::firewall" - - firewall_rule 'sockethub' do - port node['sockethub']['external_port'].to_i - protocol :tcp - command :allow - end -end From a091e07c7212e1afaefc1be3317b5d974c9d62c7 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Wed, 2 Mar 2022 09:54:01 -0600 Subject: [PATCH 62/86] Deploy Kosmos LndHub fork with lnurl-pay additions --- site-cookbooks/kosmos-bitcoin/attributes/default.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-cookbooks/kosmos-bitcoin/attributes/default.rb b/site-cookbooks/kosmos-bitcoin/attributes/default.rb index 3f90c20..53eac47 100644 --- a/site-cookbooks/kosmos-bitcoin/attributes/default.rb +++ b/site-cookbooks/kosmos-bitcoin/attributes/default.rb @@ -68,7 +68,7 @@ node.default['rtl']['revision'] = 'v0.11.0' node.default['rtl']['host'] = '10.1.1.163' node.default['rtl']['port'] = '3000' -node.default['lndhub']['repo'] = 'https://github.com/bumi/LndHub.git' +node.default['lndhub']['repo'] = 'https://gitea.kosmos.org/kosmos/lndhub.git' node.default['lndhub']['revision'] = 'master' node.default['lndhub']['port'] = '3023' node.default['lndhub']['domain'] = 'lndhub.kosmos.org' From 13c7774433441baa6895e6c01629243bf8c07167 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Sun, 27 Feb 2022 12:54:59 -0600 Subject: [PATCH 63/86] Upgrade RSKj to 3.2.0 --- site-cookbooks/kosmos_rsk/attributes/default.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-cookbooks/kosmos_rsk/attributes/default.rb b/site-cookbooks/kosmos_rsk/attributes/default.rb index 608edad..591c6e4 100644 --- a/site-cookbooks/kosmos_rsk/attributes/default.rb +++ b/site-cookbooks/kosmos_rsk/attributes/default.rb @@ -1,2 +1,2 @@ -node.default['rskj']['version'] = '3.0.1~focal' +node.default['rskj']['version'] = '3.2.0~focal' node.default['rskj']['network'] = 'testnet' From c25e3632af37f65dab231df74f9847720e1cbc21 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Thu, 3 Mar 2022 21:42:35 -0600 Subject: [PATCH 64/86] Upgrade RTL --- site-cookbooks/kosmos-bitcoin/attributes/default.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-cookbooks/kosmos-bitcoin/attributes/default.rb b/site-cookbooks/kosmos-bitcoin/attributes/default.rb index 53eac47..39756a5 100644 --- a/site-cookbooks/kosmos-bitcoin/attributes/default.rb +++ b/site-cookbooks/kosmos-bitcoin/attributes/default.rb @@ -64,7 +64,7 @@ node.default['boltz']['rest_port'] = '9003' node.default['boltz']['no_macaroons'] = 'false' node.default['rtl']['repo'] = 'https://github.com/Ride-The-Lightning/RTL.git' -node.default['rtl']['revision'] = 'v0.11.0' +node.default['rtl']['revision'] = 'v0.12.1' node.default['rtl']['host'] = '10.1.1.163' node.default['rtl']['port'] = '3000' From 23e49134e7661a5cc19ca4dd8881b5d2992430ac Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Sat, 12 Mar 2022 14:42:03 -0600 Subject: [PATCH 65/86] Remove superfluous license headers --- .../kosmos-nginx/recipes/default.rb | 21 ------------------- site-cookbooks/kosmos_gitea/recipes/backup.rb | 21 +------------------ site-cookbooks/kosmos_gitea/recipes/pg_db.rb | 1 - 3 files changed, 1 insertion(+), 42 deletions(-) diff --git a/site-cookbooks/kosmos-nginx/recipes/default.rb b/site-cookbooks/kosmos-nginx/recipes/default.rb index c01301e..118795a 100644 --- a/site-cookbooks/kosmos-nginx/recipes/default.rb +++ b/site-cookbooks/kosmos-nginx/recipes/default.rb @@ -2,27 +2,6 @@ # Cookbook Name:: kosmos-nginx # Recipe:: default # -# The MIT License (MIT) -# -# Copyright:: 2019, Kosmos Developers -# -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to deal -# in the Software without restriction, including without limitation the rights -# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -# copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: -# -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -# THE SOFTWARE. node.override['nginx']['default_site_enabled'] = false node.override['nginx']['server_tokens'] = 'off' diff --git a/site-cookbooks/kosmos_gitea/recipes/backup.rb b/site-cookbooks/kosmos_gitea/recipes/backup.rb index 83704f2..f363577 100644 --- a/site-cookbooks/kosmos_gitea/recipes/backup.rb +++ b/site-cookbooks/kosmos_gitea/recipes/backup.rb @@ -4,26 +4,7 @@ # # The MIT License (MIT) # -# Copyright:: 2020, Kosmos Developers -# -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to deal -# in the Software without restriction, including without limitation the rights -# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -# copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: -# -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -# THE SOFTWARE. -# + unless node.chef_environment == "development" # backup the data dir and the config files node.override["backup"]["archives"]["gitea"] = [node["kosmos_gitea"]["working_directory"]] diff --git a/site-cookbooks/kosmos_gitea/recipes/pg_db.rb b/site-cookbooks/kosmos_gitea/recipes/pg_db.rb index 2cf4d19..2c2ce2c 100644 --- a/site-cookbooks/kosmos_gitea/recipes/pg_db.rb +++ b/site-cookbooks/kosmos_gitea/recipes/pg_db.rb @@ -2,7 +2,6 @@ # Cookbook:: kosmos_gitea # Recipe:: pg_db # -# Copyright:: 2020, Kosmos Developers, All Rights Reserved. gitea_data_bag_item = data_bag_item("credentials", "gitea") From a1b07dfb9e17bfdb1492b35641a118d4d4052e71 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Sat, 12 Mar 2022 14:43:44 -0600 Subject: [PATCH 66/86] Adapt Gitea recipes for new VM setup --- nodes/postgres-2.json | 1 + roles/postgresql_primary.rb | 1 + .../kosmos_gitea/attributes/default.rb | 5 +- site-cookbooks/kosmos_gitea/metadata.rb | 1 + .../kosmos_gitea/recipes/default.rb | 33 ++---------- site-cookbooks/kosmos_gitea/recipes/nginx.rb | 52 +++++++++++++++++++ .../templates/default/app.ini.erb | 4 -- .../templates/default/nginx_conf_ssh.erb | 8 +++ .../{nginx_conf.erb => nginx_conf_web.erb} | 8 +-- 9 files changed, 75 insertions(+), 38 deletions(-) create mode 100644 site-cookbooks/kosmos_gitea/recipes/nginx.rb create mode 100644 site-cookbooks/kosmos_gitea/templates/default/nginx_conf_ssh.erb rename site-cookbooks/kosmos_gitea/templates/default/{nginx_conf.erb => nginx_conf_web.erb} (82%) diff --git a/nodes/postgres-2.json b/nodes/postgres-2.json index 89bcc85..8e02a66 100644 --- a/nodes/postgres-2.json +++ b/nodes/postgres-2.json @@ -19,6 +19,7 @@ "kosmos-base::default", "kosmos_postgresql::primary", "kosmos_postgresql::firewall", + "kosmos_gitea::pg_db", "apt::default", "timezone_iii::default", "timezone_iii::debian", diff --git a/roles/postgresql_primary.rb b/roles/postgresql_primary.rb index 58ef4b7..9124bc5 100644 --- a/roles/postgresql_primary.rb +++ b/roles/postgresql_primary.rb @@ -3,4 +3,5 @@ name "postgresql_primary" run_list %w( kosmos_postgresql::primary kosmos_postgresql::firewall + kosmos_gitea::pg_db ) diff --git a/site-cookbooks/kosmos_gitea/attributes/default.rb b/site-cookbooks/kosmos_gitea/attributes/default.rb index 7a6b5d0..0495d7e 100644 --- a/site-cookbooks/kosmos_gitea/attributes/default.rb +++ b/site-cookbooks/kosmos_gitea/attributes/default.rb @@ -1,9 +1,10 @@ -gitea_version = "1.16.1" +gitea_version = "1.16.3" node.default["kosmos_gitea"]["version"] = gitea_version node.default["kosmos_gitea"]["binary_url"] = "https://dl.gitea.io/gitea/#{gitea_version}/gitea-#{gitea_version}-linux-amd64" -node.default["kosmos_gitea"]["binary_checksum"] = "f03f3a3c4dccc2219351cde5c9af372715b2ec3e88a821779702bc6f38084c97" +node.default["kosmos_gitea"]["binary_checksum"] = "626c7da554efcfd3abd88b0355e3adf55d7f0941a01e058b2d4f5923d0d5b7c3" node.default["kosmos_gitea"]["nginx"]["domain"] = "gitea.kosmos.org" node.default["kosmos_gitea"]["working_directory"] = "/var/lib/gitea" +node.default["kosmos_gitea"]["port"] = 3000 node.default["kosmos_gitea"]["config"] = { "webhook": { diff --git a/site-cookbooks/kosmos_gitea/metadata.rb b/site-cookbooks/kosmos_gitea/metadata.rb index 6b690ce..27947c3 100644 --- a/site-cookbooks/kosmos_gitea/metadata.rb +++ b/site-cookbooks/kosmos_gitea/metadata.rb @@ -19,6 +19,7 @@ chef_version '>= 14.0' # # source_url 'https://github.com//kosmos_gitea' +depends "firewall" depends "kosmos-nginx" depends "kosmos_postgresql" depends "backup" diff --git a/site-cookbooks/kosmos_gitea/recipes/default.rb b/site-cookbooks/kosmos_gitea/recipes/default.rb index c059fa3..eebab81 100644 --- a/site-cookbooks/kosmos_gitea/recipes/default.rb +++ b/site-cookbooks/kosmos_gitea/recipes/default.rb @@ -3,9 +3,6 @@ # Recipe:: default # -include_recipe "kosmos-nginx" - -domain = node["kosmos_gitea"]["nginx"]["domain"] working_directory = node["kosmos_gitea"]["working_directory"] git_home_directory = "/home/git" repository_root_directory = "#{git_home_directory}/gitea-repositories" @@ -63,15 +60,6 @@ directory config_directory do mode "0750" end -# Copy the self-signed root certificate to the system certificate store. Gitea -# will find it there automatically -postgresql_data_bag_item = data_bag_item('credentials', 'postgresql') -root_cert_path = "/etc/ssl/certs/root.kosmos.org.crt" -file root_cert_path do - content postgresql_data_bag_item['ssl_root_cert'] - mode "0644" -end - template "#{config_directory}/app.ini" do source "app.ini.erb" owner "git" @@ -119,20 +107,9 @@ service "gitea" do action [:enable, :start] end -template "#{node['nginx']['dir']}/sites-available/#{domain}" do - source "nginx_conf.erb" - owner 'www-data' - mode 0640 - variables server_name: domain, - ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem", - ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem", - upstream_port: 3000 - - notifies :reload, 'service[nginx]', :delayed +firewall_rule 'gitea' do + port [node["kosmos_gitea"]["port"]] + source "10.1.1.0/24" + protocol :tcp + command :allow end - -nginx_site domain do - action :enable -end - -nginx_certbot_site domain diff --git a/site-cookbooks/kosmos_gitea/recipes/nginx.rb b/site-cookbooks/kosmos_gitea/recipes/nginx.rb new file mode 100644 index 0000000..20bd979 --- /dev/null +++ b/site-cookbooks/kosmos_gitea/recipes/nginx.rb @@ -0,0 +1,52 @@ +# +# Cookbook:: kosmos_gitea +# Recipe:: nginx +# + +include_recipe "kosmos-nginx" + +domain = node["kosmos_gitea"]["nginx"]["domain"] + +# upstream_ip_addresses = [] +# search(:node, "role:gitea").each do |n| +# upstream_ip_addresses << n["knife_zero"]["host"] +# end +begin + upstream_ip_address = search(:node, "role:gitea").first["knife_zero"]["host"] +rescue + Chef::Log.warn('No server with "gitea" role. Stopping here.') + return +end + +nginx_certbot_site domain + +template "#{node['nginx']['dir']}/sites-available/#{domain}" do + source "nginx_conf_web.erb" + owner 'www-data' + mode 0640 + variables server_name: domain, + ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem", + ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem", + upstream_host: upstream_ip_address, + upstream_port: node["kosmos_gitea"]["port"] + + notifies :reload, 'service[nginx]', :delayed +end + +nginx_site domain do + action :enable +end + +template "#{node['nginx']['dir']}/streams-available/ssh" do + source "nginx_conf_ssh.erb" + owner 'www-data' + mode 0640 + variables domain: domain, + upstream_host: upstream_ip_address + + notifies :reload, 'service[nginx]', :delayed +end + +nginx_stream "ssh" do + action :enable +end diff --git a/site-cookbooks/kosmos_gitea/templates/default/app.ini.erb b/site-cookbooks/kosmos_gitea/templates/default/app.ini.erb index 1d43c86..ce9ae23 100644 --- a/site-cookbooks/kosmos_gitea/templates/default/app.ini.erb +++ b/site-cookbooks/kosmos_gitea/templates/default/app.ini.erb @@ -44,10 +44,6 @@ FROM = gitea@kosmos.org USER = <%= @smtp_user %> PASSWD = <%= @smtp_password %> -[oauth2] -JWT_SECRET = <%= @jwt_secret %> -JWT_SIGNING_ALGORITHM = HS256 - [security] INTERNAL_TOKEN = <%= @internal_token %> INSTALL_LOCK = true diff --git a/site-cookbooks/kosmos_gitea/templates/default/nginx_conf_ssh.erb b/site-cookbooks/kosmos_gitea/templates/default/nginx_conf_ssh.erb new file mode 100644 index 0000000..085f7ff --- /dev/null +++ b/site-cookbooks/kosmos_gitea/templates/default/nginx_conf_ssh.erb @@ -0,0 +1,8 @@ +upstream _gitea_ssh { + server <%= @upstream_host %>:22; +} + +server { + listen 148.251.83.201:22; + proxy_pass _gitea_ssh; +} diff --git a/site-cookbooks/kosmos_gitea/templates/default/nginx_conf.erb b/site-cookbooks/kosmos_gitea/templates/default/nginx_conf_web.erb similarity index 82% rename from site-cookbooks/kosmos_gitea/templates/default/nginx_conf.erb rename to site-cookbooks/kosmos_gitea/templates/default/nginx_conf_web.erb index 7965156..1476976 100644 --- a/site-cookbooks/kosmos_gitea/templates/default/nginx_conf.erb +++ b/site-cookbooks/kosmos_gitea/templates/default/nginx_conf_web.erb @@ -1,6 +1,6 @@ # Generated by Chef -upstream _gitea { - server localhost:<%= @upstream_port %>; +upstream _gitea_web { + server <%= @upstream_host %>:<%= @upstream_port %>; } server { @@ -26,14 +26,14 @@ server { location ~ ^/(avatars|repo-avatars)/.*$ { proxy_buffers 1024 8k; - proxy_pass http://_gitea; + proxy_pass http://_gitea_web; proxy_http_version 1.1; expires 30d; } location / { proxy_buffers 1024 8k; - proxy_pass http://_gitea; + proxy_pass http://_gitea_web; proxy_http_version 1.1; } } From f35fb638d12bf388f8275a498161162661b5189c Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Sat, 12 Mar 2022 14:45:11 -0600 Subject: [PATCH 67/86] Adapt Drone recipes for VM setup, use PostgreSQL --- data_bags/credentials/drone.json | 25 +++++++----- nodes/postgres-2.json | 1 + roles/drone.rb | 1 + roles/postgresql_primary.rb | 1 + .../kosmos_drone/attributes/default.rb | 2 + site-cookbooks/kosmos_drone/metadata.rb | 1 + .../kosmos_drone/recipes/default.rb | 38 +++++++++---------- site-cookbooks/kosmos_drone/recipes/nginx.rb | 32 ++++++++++++++++ site-cookbooks/kosmos_drone/recipes/pg_db.rb | 16 ++++++++ .../templates/docker-compose.yml.erb | 4 +- .../kosmos_drone/templates/nginx_conf.erb | 4 +- 11 files changed, 94 insertions(+), 31 deletions(-) create mode 100644 site-cookbooks/kosmos_drone/attributes/default.rb create mode 100644 site-cookbooks/kosmos_drone/recipes/nginx.rb create mode 100644 site-cookbooks/kosmos_drone/recipes/pg_db.rb diff --git a/data_bags/credentials/drone.json b/data_bags/credentials/drone.json index d499634..1b587ba 100644 --- a/data_bags/credentials/drone.json +++ b/data_bags/credentials/drone.json @@ -1,23 +1,30 @@ { "id": "drone", "client_id": { - "encrypted_data": "PHC6f0UJwuaxnhMhxUVhHMqauCu9aYDp3IFqVzsxEoEodKhg8pgTWS14T5E7\nVm4xlcR/CuLcOA==\n", - "iv": "on4hNp3g6pLsvfTE\n", - "auth_tag": "ytx40h2fsBHhDpyhwKbHog==\n", + "encrypted_data": "z2cWhmP46/LuBPslGiuEzRIZGbta+nAkfi2XaX0q4PA0SeWoTz3rX9P6XCaz\nDdjP/3RyN98sww==\n", + "iv": "2SOtcpBRCZC9YI+D\n", + "auth_tag": "C9PnsL3QsRBOKw1/k/p/mg==\n", "version": 3, "cipher": "aes-256-gcm" }, "client_secret": { - "encrypted_data": "HAKFqsrbL447wgropHz2rgHmyRl3G2d24svTT+TYMI0jtQFTQPZLxNZkl3ki\n42n7baNrfXN3IJeQRyxyihw0\n", - "iv": "pmdiLiFgSPNNP7dl\n", - "auth_tag": "4j98l+lZ0k4mLioJHS5VJw==\n", + "encrypted_data": "9s33F5MmjEaUA+7ASxYMK5f23y1HffsV9b5rO4ezlisI3K/B/MgdBZeiIDs7\nanknoytcnRJiLNUlud6ohJ4s\n", + "iv": "Vou+sM/jeOZc/VwJ\n", + "auth_tag": "f2EPlHD2JDmSlSf3eu9WFg==\n", "version": 3, "cipher": "aes-256-gcm" }, "rpc_secret": { - "encrypted_data": "ll4f3ECLQTgJj47aeqnP0Ci1ncMYTwwFw1J46Qx3gPloA2YGPwlfa82Uck1k\neSHCTSNW\n", - "iv": "hP5Iq9zOjELUb9d8\n", - "auth_tag": "WJlme717tpgbWPcXwFzyvQ==\n", + "encrypted_data": "VkvdD+8FTjPSfJANVPWkWGMjBU7xyqDOS2uH84fAijqkg0sS+lBej4VohHsL\nntuPAcOo\n", + "iv": "Uod5WEkE2FXYnhVq\n", + "auth_tag": "N8+wPuN/EXO5L57+uG0gsw==\n", + "version": 3, + "cipher": "aes-256-gcm" + }, + "postgresql_password": { + "encrypted_data": "DMH34mpij84Pkalr3rcuPcp2ofiIZ6ONvDRchGbxyuJ2\n", + "iv": "o9IDDyjp4aDB2/FB\n", + "auth_tag": "rgLP7dQ4n6C1hHuG5t5sxw==\n", "version": 3, "cipher": "aes-256-gcm" } diff --git a/nodes/postgres-2.json b/nodes/postgres-2.json index 8e02a66..8d7953a 100644 --- a/nodes/postgres-2.json +++ b/nodes/postgres-2.json @@ -20,6 +20,7 @@ "kosmos_postgresql::primary", "kosmos_postgresql::firewall", "kosmos_gitea::pg_db", + "kosmos_drone::pg_db", "apt::default", "timezone_iii::default", "timezone_iii::debian", diff --git a/roles/drone.rb b/roles/drone.rb index 4ee08ac..4c39b2c 100644 --- a/roles/drone.rb +++ b/roles/drone.rb @@ -1,5 +1,6 @@ name "drone" run_list %w( + role[postgresql_client] kosmos_drone::default ) diff --git a/roles/postgresql_primary.rb b/roles/postgresql_primary.rb index 9124bc5..7126cb2 100644 --- a/roles/postgresql_primary.rb +++ b/roles/postgresql_primary.rb @@ -4,4 +4,5 @@ run_list %w( kosmos_postgresql::primary kosmos_postgresql::firewall kosmos_gitea::pg_db + kosmos_drone::pg_db ) diff --git a/site-cookbooks/kosmos_drone/attributes/default.rb b/site-cookbooks/kosmos_drone/attributes/default.rb new file mode 100644 index 0000000..ceb7564 --- /dev/null +++ b/site-cookbooks/kosmos_drone/attributes/default.rb @@ -0,0 +1,2 @@ +node.default["kosmos_drone"]["domain"] = "drone.kosmos.org" +node.default["kosmos_drone"]["upstream_port"] = 80 diff --git a/site-cookbooks/kosmos_drone/metadata.rb b/site-cookbooks/kosmos_drone/metadata.rb index 5c14444..e0ef895 100644 --- a/site-cookbooks/kosmos_drone/metadata.rb +++ b/site-cookbooks/kosmos_drone/metadata.rb @@ -7,5 +7,6 @@ long_description 'Installs/Configures kosmos_drone' version '0.1.0' chef_version '>= 14.0' +depends "firewall" depends "kosmos-nginx" depends "kosmos_gitea" diff --git a/site-cookbooks/kosmos_drone/recipes/default.rb b/site-cookbooks/kosmos_drone/recipes/default.rb index a0a2017..8e34e9a 100644 --- a/site-cookbooks/kosmos_drone/recipes/default.rb +++ b/site-cookbooks/kosmos_drone/recipes/default.rb @@ -4,10 +4,17 @@ # package "docker-compose" -domain = "drone.kosmos.org" deploy_path = "/opt/drone" -upstream_port = 3002 credentials = data_bag_item("credentials", "drone") +drone_credentials = data_bag_item('credentials', 'drone') + +postgres_config = { + username: "drone", + password: drone_credentials["postgresql_password"], + host: "pg.kosmos.local", + port: 5432, + database: "drone" +} directory deploy_path do action :create @@ -17,13 +24,15 @@ template "#{deploy_path}/docker-compose.yml" do source "docker-compose.yml.erb" sensitive true mode 0640 - variables upstream_port: upstream_port, - domain: domain, + variables domain: node["kosmos_drone"]["domain"], + upstream_port: node["kosmos_drone"]["upstream_port"], gitea_server: "https://#{node["kosmos_gitea"]["nginx"]["domain"]}", client_id: credentials['client_id'], client_secret: credentials['client_secret'], rpc_secret: credentials['rpc_secret'], + postgres: postgres_config, max_procs: 4 + notifies :restart, "systemd_unit[drone.service]", :delayed end systemd_unit "drone.service" do @@ -45,20 +54,9 @@ systemd_unit "drone.service" do action [:create, :enable, :start] end -template "#{node['nginx']['dir']}/sites-available/#{domain}" do - source "nginx_conf.erb" - owner 'www-data' - mode 0640 - variables server_name: domain, - ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem", - ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem", - upstream_port: upstream_port - - notifies :reload, 'service[nginx]', :delayed +firewall_rule 'drone' do + port [node["kosmos_drone"]["upstream_port"]] + source "10.1.1.0/24" + protocol :tcp + command :allow end - -nginx_site domain do - action :enable -end - -nginx_certbot_site domain diff --git a/site-cookbooks/kosmos_drone/recipes/nginx.rb b/site-cookbooks/kosmos_drone/recipes/nginx.rb new file mode 100644 index 0000000..fffe902 --- /dev/null +++ b/site-cookbooks/kosmos_drone/recipes/nginx.rb @@ -0,0 +1,32 @@ +# +# Cookbook:: kosmos_drone +# Recipe:: nginx +# + +domain = node["kosmos_drone"]["domain"] + +upstream_ip_addresses = [] +search(:node, "role:drone").each do |n| + upstream_ip_addresses << n["knife_zero"]["host"] +end +# No Discourse host, stop here +return if upstream_ip_addresses.empty? + +nginx_certbot_site domain + +template "#{node['nginx']['dir']}/sites-available/#{domain}" do + source "nginx_conf.erb" + owner 'www-data' + mode 0640 + variables server_name: domain, + upstream_ip_addresses: upstream_ip_addresses, + upstream_port: node["kosmos_drone"]["upstream_port"], + ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem", + ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem" + + notifies :reload, 'service[nginx]', :delayed +end + +nginx_site domain do + action :enable +end diff --git a/site-cookbooks/kosmos_drone/recipes/pg_db.rb b/site-cookbooks/kosmos_drone/recipes/pg_db.rb new file mode 100644 index 0000000..7b2e39d --- /dev/null +++ b/site-cookbooks/kosmos_drone/recipes/pg_db.rb @@ -0,0 +1,16 @@ +# +# Cookbook:: kosmos_drone +# Recipe:: pg_db +# + +drone_credentials = data_bag_item("credentials", "drone") + +postgresql_user "drone" do + action :create + password drone_credentials["postgresql_password"] +end + +postgresql_database "drone" do + owner "drone" + action :create +end diff --git a/site-cookbooks/kosmos_drone/templates/docker-compose.yml.erb b/site-cookbooks/kosmos_drone/templates/docker-compose.yml.erb index 049a061..3089196 100644 --- a/site-cookbooks/kosmos_drone/templates/docker-compose.yml.erb +++ b/site-cookbooks/kosmos_drone/templates/docker-compose.yml.erb @@ -2,7 +2,7 @@ version: '3' services: drone-server: - image: drone/drone:2.5 + image: drone/drone:2.11 ports: - "<%= @upstream_port %>:80" @@ -17,6 +17,8 @@ services: - DRONE_SERVER_HOST=<%= @domain %> - DRONE_SERVER_PROTO=https # required for the Redirect URI to be built correctly - DRONE_RPC_SECRET=<%= @rpc_secret %> + - DRONE_DATABASE_DRIVER=postgres + - DRONE_DATABASE_DATASOURCE=postgres://<%= @postgres[:username] %>:<%= @postgres[:password] %>@<%= @postgres[:host] %>:<%= @postgres[:port] %>/<%= @postgres[:database] %>?sslmode=disable drone-runner: image: drone/drone-runner-docker:1.8 diff --git a/site-cookbooks/kosmos_drone/templates/nginx_conf.erb b/site-cookbooks/kosmos_drone/templates/nginx_conf.erb index 4226de7..f9e1dfa 100644 --- a/site-cookbooks/kosmos_drone/templates/nginx_conf.erb +++ b/site-cookbooks/kosmos_drone/templates/nginx_conf.erb @@ -1,7 +1,9 @@ <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%> # Generated by Chef upstream _drone { - server localhost:<%= @upstream_port %>; + <% @upstream_ip_addresses.each do |upstream_ip_address| -%> + server <%= upstream_ip_address %>:<%= @upstream_port %>; + <% end -%> } server { From 9187985acc578ca1c7c1dda1c22e2e5ce0f32195 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Sat, 12 Mar 2022 14:47:06 -0600 Subject: [PATCH 68/86] Move Gitea and Drone to new VMs --- clients/drone-1.json | 4 +++ clients/gitea-1.json | 4 +++ nodes/centaurus.kosmos.org.json | 9 +---- nodes/drone-1.json | 58 +++++++++++++++++++++++++++++++ nodes/fornax.kosmos.org.json | 8 +++-- nodes/gitea-1.json | 61 +++++++++++++++++++++++++++++++++ 6 files changed, 134 insertions(+), 10 deletions(-) create mode 100644 clients/drone-1.json create mode 100644 clients/gitea-1.json create mode 100644 nodes/drone-1.json create mode 100644 nodes/gitea-1.json diff --git a/clients/drone-1.json b/clients/drone-1.json new file mode 100644 index 0000000..f2fc607 --- /dev/null +++ b/clients/drone-1.json @@ -0,0 +1,4 @@ +{ + "name": "drone-1", + "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0DLEt7jfKPH7X7pBknG3\nWoB6Q6Vffl6Q0GRxQiMJ1uRC79dulKH097CYfLzIXFZD9gRRP4K78vW5BA2spXVV\nn3qrak9JT6BGgdFrkBEdMNGZyz814aMiyhPZrQUrmIzyH8R04xZgv7UH86qdNQ5p\nPeIXS7gU7/0PmwRgEBiM1KLq+Kba6pYdGefKqxx5D59xweH+yE+rbd5ac9xn2GP7\nyOiZoG2sMuksq7d3O4SeTS2lBAmG5IeiP2iWvHWpZD48PTr78ItkTgIbaqZU2PXV\ng+2OcJPTel5xISooe5FvW8gdpC9SYoBPvgJuJ6czc1+LdUSK7pE7577eAJNDlh+H\nRwIDAQAB\n-----END PUBLIC KEY-----\n" +} \ No newline at end of file diff --git a/clients/gitea-1.json b/clients/gitea-1.json new file mode 100644 index 0000000..c210a98 --- /dev/null +++ b/clients/gitea-1.json @@ -0,0 +1,4 @@ +{ + "name": "gitea-1", + "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0bp4I/f5dLL22GRHanLV\nw57sNBEWT3Vx32B24hScKNP5nYDW0dIRkt1c7SLEpe+diNgyIwk7JlI20Vl+oaVo\njdCpmHSB18yXxQT2Ub6aI8ApwFLECVA6SckekcwxLJc/oGRMB52PonI8opJOVbPa\nF+heZ5NNDiMvn3E8qODdMWSjDiJNSVLJgsCPFHAt32aJgLaXQTqG5lrmltaamscW\njGlFqiBJw/5saCkKBPdPwdX4RcDqvGX1FdE1LVB42cskv8CrnvEVFLBxKXAhAr6s\nNhOhenzLGHpy58tNoUoUw3v4WiPRtcnlNxeSVG5LKkjaK04f2oxeZx3SiSU/1naY\nkwIDAQAB\n-----END PUBLIC KEY-----\n" +} \ No newline at end of file diff --git a/nodes/centaurus.kosmos.org.json b/nodes/centaurus.kosmos.org.json index c617ef4..fcc9c55 100644 --- a/nodes/centaurus.kosmos.org.json +++ b/nodes/centaurus.kosmos.org.json @@ -14,7 +14,6 @@ "roles": [ "gitea", "postgresql_client", - "discourse", "drone" ], "recipes": [ @@ -26,8 +25,6 @@ "kosmos_gitea", "kosmos_gitea::default", "kosmos_gitea::backup", - "kosmos_discourse", - "kosmos_discourse::default", "kosmos_drone", "kosmos_drone::default", "kosmos_assets::nginx_site", @@ -36,7 +33,6 @@ "kosmos_website", "kosmos_website::default", "kosmos_zerotier::firewall", - "sockethub::_firewall", "apt::default", "timezone_iii::default", "timezone_iii::debian", @@ -82,13 +78,10 @@ "run_list": [ "recipe[kosmos-base]", "recipe[kosmos_encfs]", - "role[gitea]", - "role[drone]", "recipe[kosmos_assets::nginx_site]", "recipe[kosmos_kvm::host]", "recipe[kosmos-ejabberd::firewall]", "recipe[kosmos_website::default]", - "recipe[kosmos_zerotier::firewall]", - "recipe[sockethub::_firewall]" + "recipe[kosmos_zerotier::firewall]" ] } diff --git a/nodes/drone-1.json b/nodes/drone-1.json new file mode 100644 index 0000000..5ad5474 --- /dev/null +++ b/nodes/drone-1.json @@ -0,0 +1,58 @@ +{ + "name": "drone-1", + "normal": { + "knife_zero": { + "host": "10.1.1.128" + } + }, + "automatic": { + "fqdn": "drone-1", + "os": "linux", + "os_version": "5.4.0-1058-kvm", + "hostname": "drone-1", + "ipaddress": "192.168.122.200", + "roles": [ + "drone", + "postgresql_client" + ], + "recipes": [ + "kosmos-base", + "kosmos-base::default", + "kosmos_postgresql::hostsfile", + "kosmos_drone", + "kosmos_drone::default", + "apt::default", + "timezone_iii::default", + "timezone_iii::debian", + "ntp::default", + "ntp::apparmor", + "kosmos-base::systemd_emails", + "apt::unattended-upgrades", + "kosmos-base::firewall", + "kosmos-postfix::default", + "postfix::default", + "postfix::_common", + "postfix::_attributes", + "postfix::sasl_auth", + "hostname::default" + ], + "platform": "ubuntu", + "platform_version": "20.04", + "cloud": null, + "chef_packages": { + "chef": { + "version": "17.9.52", + "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.9.52/lib", + "chef_effortless": null + }, + "ohai": { + "version": "17.9.0", + "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.9.0/lib/ohai" + } + } + }, + "run_list": [ + "recipe[kosmos-base]", + "role[drone]" + ] +} \ No newline at end of file diff --git a/nodes/fornax.kosmos.org.json b/nodes/fornax.kosmos.org.json index cb290db..aa4a52b 100644 --- a/nodes/fornax.kosmos.org.json +++ b/nodes/fornax.kosmos.org.json @@ -19,6 +19,8 @@ "kosmos-base::default", "kosmos_kvm::host", "kosmos_discourse::nginx", + "kosmos_gitea::nginx", + "kosmos_drone::nginx", "apt::default", "timezone_iii::default", "timezone_iii::debian", @@ -63,6 +65,8 @@ "run_list": [ "recipe[kosmos-base]", "recipe[kosmos_kvm::host]", - "recipe[kosmos_discourse::nginx]" + "recipe[kosmos_discourse::nginx]", + "recipe[kosmos_gitea::nginx]", + "recipe[kosmos_drone::nginx]" ] -} +} \ No newline at end of file diff --git a/nodes/gitea-1.json b/nodes/gitea-1.json new file mode 100644 index 0000000..e3ec3a2 --- /dev/null +++ b/nodes/gitea-1.json @@ -0,0 +1,61 @@ +{ + "name": "gitea-1", + "normal": { + "knife_zero": { + "host": "10.1.1.36" + } + }, + "automatic": { + "fqdn": "gitea-1", + "os": "linux", + "os_version": "5.4.0-1058-kvm", + "hostname": "gitea-1", + "ipaddress": "192.168.122.218", + "roles": [ + "gitea", + "postgresql_client" + ], + "recipes": [ + "kosmos-base", + "kosmos-base::default", + "kosmos_postgresql::hostsfile", + "kosmos_gitea", + "kosmos_gitea::default", + "kosmos_gitea::backup", + "apt::default", + "timezone_iii::default", + "timezone_iii::debian", + "ntp::default", + "ntp::apparmor", + "kosmos-base::systemd_emails", + "apt::unattended-upgrades", + "kosmos-base::firewall", + "kosmos-postfix::default", + "postfix::default", + "postfix::_common", + "postfix::_attributes", + "postfix::sasl_auth", + "hostname::default", + "backup::default", + "logrotate::default" + ], + "platform": "ubuntu", + "platform_version": "20.04", + "cloud": null, + "chef_packages": { + "chef": { + "version": "17.9.52", + "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.9.52/lib", + "chef_effortless": null + }, + "ohai": { + "version": "17.9.0", + "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.9.0/lib/ohai" + } + } + }, + "run_list": [ + "recipe[kosmos-base]", + "role[gitea]" + ] +} \ No newline at end of file From b270a2c1fd55263ea023bb0552cf079b3324db80 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Sat, 12 Mar 2022 15:05:16 -0600 Subject: [PATCH 69/86] Add database secret for Drone CI closes #388 --- data_bags/credentials/drone.json | 31 ++++++++++++------- .../kosmos_drone/recipes/default.rb | 1 + .../templates/docker-compose.yml.erb | 1 + 3 files changed, 21 insertions(+), 12 deletions(-) diff --git a/data_bags/credentials/drone.json b/data_bags/credentials/drone.json index 1b587ba..b6ce84d 100644 --- a/data_bags/credentials/drone.json +++ b/data_bags/credentials/drone.json @@ -1,30 +1,37 @@ { "id": "drone", "client_id": { - "encrypted_data": "z2cWhmP46/LuBPslGiuEzRIZGbta+nAkfi2XaX0q4PA0SeWoTz3rX9P6XCaz\nDdjP/3RyN98sww==\n", - "iv": "2SOtcpBRCZC9YI+D\n", - "auth_tag": "C9PnsL3QsRBOKw1/k/p/mg==\n", + "encrypted_data": "bfwxBJt+xNihifwXmjWK3dMDCcjZ1XgiWvqvK0Dj3zd8ZuDRZUwt++xdr/bT\n1wwz1i3udaxZqQ==\n", + "iv": "0Bioz/6QbDo5w8Ay\n", + "auth_tag": "lF8gragaEIrfR1g+Ka1Wnw==\n", "version": 3, "cipher": "aes-256-gcm" }, "client_secret": { - "encrypted_data": "9s33F5MmjEaUA+7ASxYMK5f23y1HffsV9b5rO4ezlisI3K/B/MgdBZeiIDs7\nanknoytcnRJiLNUlud6ohJ4s\n", - "iv": "Vou+sM/jeOZc/VwJ\n", - "auth_tag": "f2EPlHD2JDmSlSf3eu9WFg==\n", + "encrypted_data": "1TKFuk54DqP/5kAPIfjI2PNriOIJ0NdwV2ETZdF1O7Gt55WXvHSTupQLu0NG\nQkrSXXqdgDKvW2/P+d1W0NTQ\n", + "iv": "nBqEog1s/Z2cHnqU\n", + "auth_tag": "yBjz6GQ6K6bowih970e37w==\n", "version": 3, "cipher": "aes-256-gcm" }, "rpc_secret": { - "encrypted_data": "VkvdD+8FTjPSfJANVPWkWGMjBU7xyqDOS2uH84fAijqkg0sS+lBej4VohHsL\nntuPAcOo\n", - "iv": "Uod5WEkE2FXYnhVq\n", - "auth_tag": "N8+wPuN/EXO5L57+uG0gsw==\n", + "encrypted_data": "KBJHpfjw6aEuMoOJevkNRFA6NVF8w4cAxRsPRchN+qlLXPT1Kxql2uug8c0P\n1DdKeaZq\n", + "iv": "qj9C1PqC1OlDX6YR\n", + "auth_tag": "vgI5nxBEYnhwgJATykISJA==\n", + "version": 3, + "cipher": "aes-256-gcm" + }, + "database_secret": { + "encrypted_data": "W+tSV89+1Ue/sNm6+dOW06jFGrmPTt4RVR8A0GUJXZhGbqBBie3jWNW3ZeKg\nfEQTYP1j\n", + "iv": "Of9fVasrPT7451HD\n", + "auth_tag": "fuY65GQr4s3vR6E3OuZdzQ==\n", "version": 3, "cipher": "aes-256-gcm" }, "postgresql_password": { - "encrypted_data": "DMH34mpij84Pkalr3rcuPcp2ofiIZ6ONvDRchGbxyuJ2\n", - "iv": "o9IDDyjp4aDB2/FB\n", - "auth_tag": "rgLP7dQ4n6C1hHuG5t5sxw==\n", + "encrypted_data": "KqoUOOkqBy9Sfrg5THVWyOdgd21aDjXlEqxVhX1OIcsv\n", + "iv": "iPDmnzOO1TWA1bO1\n", + "auth_tag": "8o+0nRewMEGeoH5/ZfGUuQ==\n", "version": 3, "cipher": "aes-256-gcm" } diff --git a/site-cookbooks/kosmos_drone/recipes/default.rb b/site-cookbooks/kosmos_drone/recipes/default.rb index 8e34e9a..787e010 100644 --- a/site-cookbooks/kosmos_drone/recipes/default.rb +++ b/site-cookbooks/kosmos_drone/recipes/default.rb @@ -30,6 +30,7 @@ template "#{deploy_path}/docker-compose.yml" do client_id: credentials['client_id'], client_secret: credentials['client_secret'], rpc_secret: credentials['rpc_secret'], + database_secret: credentials['database_secret'], postgres: postgres_config, max_procs: 4 notifies :restart, "systemd_unit[drone.service]", :delayed diff --git a/site-cookbooks/kosmos_drone/templates/docker-compose.yml.erb b/site-cookbooks/kosmos_drone/templates/docker-compose.yml.erb index 3089196..0457342 100644 --- a/site-cookbooks/kosmos_drone/templates/docker-compose.yml.erb +++ b/site-cookbooks/kosmos_drone/templates/docker-compose.yml.erb @@ -19,6 +19,7 @@ services: - DRONE_RPC_SECRET=<%= @rpc_secret %> - DRONE_DATABASE_DRIVER=postgres - DRONE_DATABASE_DATASOURCE=postgres://<%= @postgres[:username] %>:<%= @postgres[:password] %>@<%= @postgres[:host] %>:<%= @postgres[:port] %>/<%= @postgres[:database] %>?sslmode=disable + - DRONE_DATABASE_SECRET=<%= @database_secret %> drone-runner: image: drone/drone-runner-docker:1.8 From 0a953070fe9bd61df9cd70a7aa1703b24d845dea Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Sat, 12 Mar 2022 15:37:38 -0600 Subject: [PATCH 70/86] Create nginx_proxy role Used to configure hosts entries in the Gitea and Drone VMs, as well as the allowed webhooks config for Gitea. --- nodes/fornax.kosmos.org.json | 6 ++--- roles/nginx_proxy.rb | 13 ++++++++++ .../kosmos_drone/recipes/default.rb | 17 ++++++++++++- .../kosmos_gitea/recipes/default.rb | 25 +++++++++++++++++-- 4 files changed, 54 insertions(+), 7 deletions(-) create mode 100644 roles/nginx_proxy.rb diff --git a/nodes/fornax.kosmos.org.json b/nodes/fornax.kosmos.org.json index aa4a52b..4068c68 100644 --- a/nodes/fornax.kosmos.org.json +++ b/nodes/fornax.kosmos.org.json @@ -65,8 +65,6 @@ "run_list": [ "recipe[kosmos-base]", "recipe[kosmos_kvm::host]", - "recipe[kosmos_discourse::nginx]", - "recipe[kosmos_gitea::nginx]", - "recipe[kosmos_drone::nginx]" + "role[nginx_proxy]" ] -} \ No newline at end of file +} diff --git a/roles/nginx_proxy.rb b/roles/nginx_proxy.rb new file mode 100644 index 0000000..0c94bc8 --- /dev/null +++ b/roles/nginx_proxy.rb @@ -0,0 +1,13 @@ +name "nginx_proxy" + +default_run_list = %w( + kosmos_discourse::nginx + kosmos_gitea::nginx + kosmos_drone::nginx +) + +env_run_lists( + '_default' => default_run_list, + 'development' => [], + 'production' => default_run_list +) diff --git a/site-cookbooks/kosmos_drone/recipes/default.rb b/site-cookbooks/kosmos_drone/recipes/default.rb index 787e010..8df676f 100644 --- a/site-cookbooks/kosmos_drone/recipes/default.rb +++ b/site-cookbooks/kosmos_drone/recipes/default.rb @@ -55,9 +55,24 @@ systemd_unit "drone.service" do action [:create, :enable, :start] end +nginx_proxy_ip_addresses = [] +search(:node, "role:nginx_proxy").each do |node| + nginx_proxy_ip_addresses << node["knife_zero"]["host"] +end + +nginx_proxy_ip_addresses.each do |ip_address| + IPAddr.new ip_address + hostsfile_entry ip_address do + hostname 'gitea.kosmos.org' + action :create + end +rescue IPAddr::InvalidAddressError + next +end + firewall_rule 'drone' do port [node["kosmos_drone"]["upstream_port"]] - source "10.1.1.0/24" + source "10.1.1.0/24" # TODO only allow nginx proxy IPs protocol :tcp command :allow end diff --git a/site-cookbooks/kosmos_gitea/recipes/default.rb b/site-cookbooks/kosmos_gitea/recipes/default.rb index eebab81..9f35e27 100644 --- a/site-cookbooks/kosmos_gitea/recipes/default.rb +++ b/site-cookbooks/kosmos_gitea/recipes/default.rb @@ -60,6 +60,27 @@ directory config_directory do mode "0750" end +nginx_proxy_ip_addresses = [] +search(:node, "role:nginx_proxy").each do |node| + nginx_proxy_ip_addresses << node["knife_zero"]["host"] +end + +node.default["kosmos_gitea"]["config"] = { + "webhook": { + "allowed_host_list" => "external,#{nginx_proxy_ip_addresses.join(",")}" + } +} + +nginx_proxy_ip_addresses.each do |ip_address| + IPAddr.new ip_address + hostsfile_entry ip_address do + hostname 'drone.kosmos.org' + action :create + end +rescue IPAddr::InvalidAddressError + next +end + template "#{config_directory}/app.ini" do source "app.ini.erb" owner "git" @@ -79,7 +100,7 @@ template "#{config_directory}/app.ini" do smtp_host: smtp_credentials["relayhost"], smtp_user: smtp_credentials["user_name"], smtp_password: smtp_credentials["password"], - config: node["kosmos_gitea"]["config"] + config: node.default["kosmos_gitea"]["config"] notifies :restart, "service[gitea]", :delayed end @@ -109,7 +130,7 @@ end firewall_rule 'gitea' do port [node["kosmos_gitea"]["port"]] - source "10.1.1.0/24" + source "10.1.1.0/24" # TODO only allow nginx proxy IPs protocol :tcp command :allow end From e1560ba12a8e878e80a852886605182f79fd1d9b Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Sat, 12 Mar 2022 15:40:22 -0600 Subject: [PATCH 71/86] Fix copypasta --- site-cookbooks/kosmos_gitea/recipes/default.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-cookbooks/kosmos_gitea/recipes/default.rb b/site-cookbooks/kosmos_gitea/recipes/default.rb index 9f35e27..3b4a621 100644 --- a/site-cookbooks/kosmos_gitea/recipes/default.rb +++ b/site-cookbooks/kosmos_gitea/recipes/default.rb @@ -100,7 +100,7 @@ template "#{config_directory}/app.ini" do smtp_host: smtp_credentials["relayhost"], smtp_user: smtp_credentials["user_name"], smtp_password: smtp_credentials["password"], - config: node.default["kosmos_gitea"]["config"] + config: node["kosmos_gitea"]["config"] notifies :restart, "service[gitea]", :delayed end From 9c34e824849ed0aa0b8266862f84c90e99286726 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Thu, 17 Mar 2022 13:02:56 -0600 Subject: [PATCH 72/86] Remove obsolete hosts entries for Gitea and Drone They should use normal DNS --- site-cookbooks/kosmos_drone/recipes/default.rb | 15 --------------- site-cookbooks/kosmos_gitea/recipes/default.rb | 10 ---------- 2 files changed, 25 deletions(-) diff --git a/site-cookbooks/kosmos_drone/recipes/default.rb b/site-cookbooks/kosmos_drone/recipes/default.rb index 8df676f..1eec1d2 100644 --- a/site-cookbooks/kosmos_drone/recipes/default.rb +++ b/site-cookbooks/kosmos_drone/recipes/default.rb @@ -55,21 +55,6 @@ systemd_unit "drone.service" do action [:create, :enable, :start] end -nginx_proxy_ip_addresses = [] -search(:node, "role:nginx_proxy").each do |node| - nginx_proxy_ip_addresses << node["knife_zero"]["host"] -end - -nginx_proxy_ip_addresses.each do |ip_address| - IPAddr.new ip_address - hostsfile_entry ip_address do - hostname 'gitea.kosmos.org' - action :create - end -rescue IPAddr::InvalidAddressError - next -end - firewall_rule 'drone' do port [node["kosmos_drone"]["upstream_port"]] source "10.1.1.0/24" # TODO only allow nginx proxy IPs diff --git a/site-cookbooks/kosmos_gitea/recipes/default.rb b/site-cookbooks/kosmos_gitea/recipes/default.rb index 3b4a621..9d334ef 100644 --- a/site-cookbooks/kosmos_gitea/recipes/default.rb +++ b/site-cookbooks/kosmos_gitea/recipes/default.rb @@ -71,16 +71,6 @@ node.default["kosmos_gitea"]["config"] = { } } -nginx_proxy_ip_addresses.each do |ip_address| - IPAddr.new ip_address - hostsfile_entry ip_address do - hostname 'drone.kosmos.org' - action :create - end -rescue IPAddr::InvalidAddressError - next -end - template "#{config_directory}/app.ini" do source "app.ini.erb" owner "git" From 4cd0149f7616259dc29bbfd628a9c6c48902cbff Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Thu, 17 Mar 2022 14:27:50 -0600 Subject: [PATCH 73/86] Move static sites from centaurus to fornax/LB --- nodes/centaurus.kosmos.org.json | 4 ---- nodes/fornax.kosmos.org.json | 11 ++++++++--- roles/nginx_proxy.rb | 4 +++- site-cookbooks/kosmos_website/metadata.rb | 1 + site-cookbooks/kosmos_website/recipes/default.rb | 1 + 5 files changed, 13 insertions(+), 8 deletions(-) diff --git a/nodes/centaurus.kosmos.org.json b/nodes/centaurus.kosmos.org.json index fcc9c55..580a566 100644 --- a/nodes/centaurus.kosmos.org.json +++ b/nodes/centaurus.kosmos.org.json @@ -77,11 +77,7 @@ }, "run_list": [ "recipe[kosmos-base]", - "recipe[kosmos_encfs]", - "recipe[kosmos_assets::nginx_site]", "recipe[kosmos_kvm::host]", - "recipe[kosmos-ejabberd::firewall]", - "recipe[kosmos_website::default]", "recipe[kosmos_zerotier::firewall]" ] } diff --git a/nodes/fornax.kosmos.org.json b/nodes/fornax.kosmos.org.json index 4068c68..e4965b7 100644 --- a/nodes/fornax.kosmos.org.json +++ b/nodes/fornax.kosmos.org.json @@ -12,15 +12,18 @@ "hostname": "fornax", "ipaddress": "148.251.83.201", "roles": [ - + "nginx_proxy" ], "recipes": [ "kosmos-base", "kosmos-base::default", "kosmos_kvm::host", + "kosmos_assets::nginx_site", "kosmos_discourse::nginx", - "kosmos_gitea::nginx", "kosmos_drone::nginx", + "kosmos_gitea::nginx", + "kosmos_website", + "kosmos_website::default", "apt::default", "timezone_iii::default", "timezone_iii::debian", @@ -45,6 +48,8 @@ "nginx::commons_script", "nginx::commons_conf", "kosmos-nginx::firewall", + "git::default", + "git::package", "kosmos-base::letsencrypt" ], "platform": "ubuntu", @@ -67,4 +72,4 @@ "recipe[kosmos_kvm::host]", "role[nginx_proxy]" ] -} +} \ No newline at end of file diff --git a/roles/nginx_proxy.rb b/roles/nginx_proxy.rb index 0c94bc8..8b428e2 100644 --- a/roles/nginx_proxy.rb +++ b/roles/nginx_proxy.rb @@ -1,9 +1,11 @@ name "nginx_proxy" default_run_list = %w( + kosmos_assets::nginx_site kosmos_discourse::nginx - kosmos_gitea::nginx kosmos_drone::nginx + kosmos_gitea::nginx + kosmos_website::default ) env_run_lists( diff --git a/site-cookbooks/kosmos_website/metadata.rb b/site-cookbooks/kosmos_website/metadata.rb index a828211..bf45804 100644 --- a/site-cookbooks/kosmos_website/metadata.rb +++ b/site-cookbooks/kosmos_website/metadata.rb @@ -8,3 +8,4 @@ version '1.0.0' chef_version '>= 15.10' if respond_to?(:chef_version) depends "kosmos-nginx" +depends 'git' diff --git a/site-cookbooks/kosmos_website/recipes/default.rb b/site-cookbooks/kosmos_website/recipes/default.rb index 903809a..d90cd94 100644 --- a/site-cookbooks/kosmos_website/recipes/default.rb +++ b/site-cookbooks/kosmos_website/recipes/default.rb @@ -4,6 +4,7 @@ # include_recipe "kosmos-nginx" +include_recipe "git" domain = node["kosmos_website"]["domain"] From f17dd53f699e1a5f666781220fc72e46537c4daf Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Thu, 17 Mar 2022 14:28:13 -0600 Subject: [PATCH 74/86] Include Stream configs in Nginx config if missing --- site-cookbooks/kosmos-nginx/recipes/default.rb | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/site-cookbooks/kosmos-nginx/recipes/default.rb b/site-cookbooks/kosmos-nginx/recipes/default.rb index 118795a..e601ce2 100644 --- a/site-cookbooks/kosmos-nginx/recipes/default.rb +++ b/site-cookbooks/kosmos-nginx/recipes/default.rb @@ -65,3 +65,17 @@ end unless node.chef_environment == "development" include_recipe "kosmos-nginx::firewall" end + +ruby_block "nginx configuration" do + block do + file = Chef::Util::FileEdit.new("/etc/nginx/nginx.conf") + file.insert_line_if_no_match(/stream {/, <<-EOF +stream { + include /etc/nginx/streams-enabled/*; +} + EOF + ) + file.write_file + end + notifies :reload, 'ohai[reload_nginx]', :immediately +end From 8e28d39acd6103ef8f41aafab6112d87af7a19c3 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Fri, 18 Mar 2022 11:47:04 -0600 Subject: [PATCH 75/86] Remove superfluous license header --- .../kosmos-nodejs/recipes/default.rb | 21 ------------------- 1 file changed, 21 deletions(-) diff --git a/site-cookbooks/kosmos-nodejs/recipes/default.rb b/site-cookbooks/kosmos-nodejs/recipes/default.rb index de8e58a..f336c53 100644 --- a/site-cookbooks/kosmos-nodejs/recipes/default.rb +++ b/site-cookbooks/kosmos-nodejs/recipes/default.rb @@ -2,27 +2,6 @@ # Cookbook Name:: kosmos-nodejs # Recipe:: default # -# The MIT License (MIT) -# -# Copyright:: 2019, Kosmos Developers -# -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to deal -# in the Software without restriction, including without limitation the rights -# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -# copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: -# -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -# THE SOFTWARE. node.override["nodejs"]["repo"] = "https://deb.nodesource.com/node_12.x" # Allows upgrading From d5268167b58cd0ed6069027399332a50e5a56d58 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Fri, 18 Mar 2022 11:47:23 -0600 Subject: [PATCH 76/86] Upgrade node.js from 12 to 14 everywhere --- site-cookbooks/kosmos-nodejs/recipes/default.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-cookbooks/kosmos-nodejs/recipes/default.rb b/site-cookbooks/kosmos-nodejs/recipes/default.rb index f336c53..5257605 100644 --- a/site-cookbooks/kosmos-nodejs/recipes/default.rb +++ b/site-cookbooks/kosmos-nodejs/recipes/default.rb @@ -3,7 +3,7 @@ # Recipe:: default # -node.override["nodejs"]["repo"] = "https://deb.nodesource.com/node_12.x" +node.override["nodejs"]["repo"] = "https://deb.nodesource.com/node_14.x" # Allows upgrading node.override["nodejs"]["package_action"]["nodejs"] = :upgrade include_recipe "nodejs::nodejs_from_package" From b6bd8ee6cd454b59120c22d4461f9f0a5146a195 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Fri, 18 Mar 2022 11:47:51 -0600 Subject: [PATCH 77/86] Upgrade Sockethub to latest alpha --- roles/sockethub.rb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/sockethub.rb b/roles/sockethub.rb index 277bd23..27d7584 100644 --- a/roles/sockethub.rb +++ b/roles/sockethub.rb @@ -1,5 +1,9 @@ name "sockethub" +default_attributes 'sockethub' => { + 'version' => '5.0.0-alpha.1' +} + run_list %w( sockethub::default sockethub::proxy From 71dda86d9418c20bb3c19c0986f4ed9e7c28a8ae Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Tue, 22 Mar 2022 16:21:29 -0600 Subject: [PATCH 78/86] Remove obsolete license header --- .../kosmos-base/recipes/firewall.rb | 21 ------------------- 1 file changed, 21 deletions(-) diff --git a/site-cookbooks/kosmos-base/recipes/firewall.rb b/site-cookbooks/kosmos-base/recipes/firewall.rb index 96dd212..c9bc7d9 100644 --- a/site-cookbooks/kosmos-base/recipes/firewall.rb +++ b/site-cookbooks/kosmos-base/recipes/firewall.rb @@ -2,27 +2,6 @@ # Cookbook Name:: kosmos-base # Recipe:: firewall # -# The MIT License (MIT) -# -# Copyright:: 2019, Kosmos Developers -# -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to deal -# in the Software without restriction, including without limitation the rights -# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -# copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: -# -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -# THE SOFTWARE. # enable default firewall firewall 'default' From eabb6ab40470cfa016e39dc9fa90470cc38f0612 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Tue, 22 Mar 2022 16:23:26 -0600 Subject: [PATCH 79/86] Switch more cookbooks from kosmos-redis to redisio refs #349 --- site-cookbooks/kosmos-hubot/metadata.rb | 2 +- site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb | 3 ++- .../kosmos-hubot/recipes/botka_irc-libera-chat.rb | 3 ++- site-cookbooks/kosmos-hubot/recipes/default.rb | 3 ++- site-cookbooks/kosmos-hubot/recipes/hal8000.rb | 3 ++- site-cookbooks/kosmos-hubot/recipes/hal8000_xmpp.rb | 3 ++- .../templates/default/nodejs.systemd.service.erb | 4 ++-- site-cookbooks/sockethub/metadata.rb | 4 ++-- site-cookbooks/sockethub/recipes/default.rb | 7 ++++--- 9 files changed, 19 insertions(+), 13 deletions(-) diff --git a/site-cookbooks/kosmos-hubot/metadata.rb b/site-cookbooks/kosmos-hubot/metadata.rb index a325be4..b2094c9 100644 --- a/site-cookbooks/kosmos-hubot/metadata.rb +++ b/site-cookbooks/kosmos-hubot/metadata.rb @@ -7,8 +7,8 @@ long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) version '0.2.0' depends 'kosmos-nodejs' -depends 'kosmos-redis' depends 'firewall' depends 'application_javascript' depends 'kosmos-ipfs' depends 'git' +depends 'redisio' diff --git a/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb b/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb index bb00c33..16cd272 100644 --- a/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb +++ b/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb @@ -12,8 +12,9 @@ build_essential app_name do compile_time true end +include_recipe 'redisio::default' +include_recipe 'redisio::enable' include_recipe "kosmos-nodejs" -include_recipe "kosmos-redis" application app_path do data_bag = Chef::EncryptedDataBagItem.load('credentials', app_name) diff --git a/site-cookbooks/kosmos-hubot/recipes/botka_irc-libera-chat.rb b/site-cookbooks/kosmos-hubot/recipes/botka_irc-libera-chat.rb index 144e7f5..d30ad9d 100644 --- a/site-cookbooks/kosmos-hubot/recipes/botka_irc-libera-chat.rb +++ b/site-cookbooks/kosmos-hubot/recipes/botka_irc-libera-chat.rb @@ -13,8 +13,9 @@ build_essential app_name do compile_time true end +include_recipe 'redisio::default' +include_recipe 'redisio::enable' include_recipe "kosmos-nodejs" -include_recipe "kosmos-redis" include_recipe "kosmos-hubot::_user" application app_path do diff --git a/site-cookbooks/kosmos-hubot/recipes/default.rb b/site-cookbooks/kosmos-hubot/recipes/default.rb index 3a787b3..bd18edc 100644 --- a/site-cookbooks/kosmos-hubot/recipes/default.rb +++ b/site-cookbooks/kosmos-hubot/recipes/default.rb @@ -3,8 +3,9 @@ # Recipe:: default # +include_recipe 'redisio::default' +include_recipe 'redisio::enable' include_recipe "kosmos-nodejs" -include_recipe "kosmos-redis" include_recipe "kosmos-hubot::_user" include_recipe "kosmos-hubot::hal8000" diff --git a/site-cookbooks/kosmos-hubot/recipes/hal8000.rb b/site-cookbooks/kosmos-hubot/recipes/hal8000.rb index b8d461d..20a5983 100644 --- a/site-cookbooks/kosmos-hubot/recipes/hal8000.rb +++ b/site-cookbooks/kosmos-hubot/recipes/hal8000.rb @@ -7,8 +7,9 @@ build_essential 'hal8000' do compile_time true end +include_recipe 'redisio::default' +include_recipe 'redisio::enable' include_recipe "kosmos-nodejs" -include_recipe "kosmos-redis" include_recipe "kosmos-hubot::_user" unless node.chef_environment == "development" diff --git a/site-cookbooks/kosmos-hubot/recipes/hal8000_xmpp.rb b/site-cookbooks/kosmos-hubot/recipes/hal8000_xmpp.rb index 15fbb3f..818ff6e 100644 --- a/site-cookbooks/kosmos-hubot/recipes/hal8000_xmpp.rb +++ b/site-cookbooks/kosmos-hubot/recipes/hal8000_xmpp.rb @@ -12,8 +12,9 @@ build_essential app_name do compile_time true end +include_recipe 'redisio::default' +include_recipe 'redisio::enable' include_recipe "kosmos-nodejs" -include_recipe "kosmos-redis" include_recipe "kosmos-hubot::_user" # Needed for hubot-kredits diff --git a/site-cookbooks/kosmos-hubot/templates/default/nodejs.systemd.service.erb b/site-cookbooks/kosmos-hubot/templates/default/nodejs.systemd.service.erb index 8e27347..b254622 100644 --- a/site-cookbooks/kosmos-hubot/templates/default/nodejs.systemd.service.erb +++ b/site-cookbooks/kosmos-hubot/templates/default/nodejs.systemd.service.erb @@ -1,8 +1,8 @@ [Unit] Description=Start nodejs app <% unless @without_redis %> -Requires=redis-server.service -After=redis-server.service +Requires=redis@6379.service +After=redis@6379.service <% end %> [Service] diff --git a/site-cookbooks/sockethub/metadata.rb b/site-cookbooks/sockethub/metadata.rb index db2d286..def42c4 100644 --- a/site-cookbooks/sockethub/metadata.rb +++ b/site-cookbooks/sockethub/metadata.rb @@ -6,7 +6,7 @@ description 'Installs/Configures sockethub' long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) version '0.2.0' -depends 'kosmos-redis' +depends 'firewall' +depends 'redisio' depends 'kosmos-nodejs' depends 'kosmos-nginx' -depends 'firewall' diff --git a/site-cookbooks/sockethub/recipes/default.rb b/site-cookbooks/sockethub/recipes/default.rb index eaf9568..e258718 100644 --- a/site-cookbooks/sockethub/recipes/default.rb +++ b/site-cookbooks/sockethub/recipes/default.rb @@ -3,8 +3,9 @@ # Recipe:: default # +include_recipe 'redisio::default' +include_recipe 'redisio::enable' include_recipe 'kosmos-nodejs' -include_recipe 'kosmos-redis' user = "sockethub" group = "sockethub" @@ -46,8 +47,8 @@ systemd_unit "sockethub_nodejs.service" do content <<-EOF [Unit] Description=Start sockethub -Requires=redis-server.service -After=redis-server.service +Requires=redis@6379.service +After=redis@6379.service [Service] ExecStart=#{entry} From ac1414e24ee1319fd91e2259fd42ae34d03fedfb Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Tue, 22 Mar 2022 16:24:14 -0600 Subject: [PATCH 80/86] Open alternative SSH port on KVM hosts --- site-cookbooks/kosmos_kvm/recipes/host.rb | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/site-cookbooks/kosmos_kvm/recipes/host.rb b/site-cookbooks/kosmos_kvm/recipes/host.rb index 1d611bd..ef1f1a5 100644 --- a/site-cookbooks/kosmos_kvm/recipes/host.rb +++ b/site-cookbooks/kosmos_kvm/recipes/host.rb @@ -24,3 +24,9 @@ cookbook_file "/usr/local/sbin/create_vm" do source "create_vm" mode "0750" end + +firewall_rule 'ssh-alt-port' do + port [2222] + protocol :tcp + command :allow +end From bb8467b6abab12265f11be9347065f1be209c3a3 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Tue, 22 Mar 2022 16:24:40 -0600 Subject: [PATCH 81/86] Switch Discourse deploy branch from `master` to `main` --- site-cookbooks/kosmos_discourse/recipes/default.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-cookbooks/kosmos_discourse/recipes/default.rb b/site-cookbooks/kosmos_discourse/recipes/default.rb index b60c210..a313f44 100644 --- a/site-cookbooks/kosmos_discourse/recipes/default.rb +++ b/site-cookbooks/kosmos_discourse/recipes/default.rb @@ -10,7 +10,7 @@ repo = "https://github.com/discourse/discourse_docker" git deploy_path do repository repo - revision "master" + revision "main" end systemd_unit "discourse.service" do From f758c74b5fe33b2d3d75e094b2ac268a2dcce95c Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Tue, 22 Mar 2022 16:25:50 -0600 Subject: [PATCH 82/86] Rebuild broken VMs on fornax --- clients/discourse-2.json | 4 + clients/ejabberd-7.json | 4 + clients/gitea-2.json | 4 + clients/mastodon-3.json | 4 + clients/nodejs-4.json | 4 + clients/rsk-mainnet-2.json | 4 + clients/rsk-testnet-3.json | 4 + nodes/{discourse-1.json => discourse-2.json} | 18 ++-- nodes/{ejabberd-6.json => ejabberd-7.json} | 20 ++--- nodes/{gitea-1.json => gitea-2.json} | 10 +-- nodes/mastodon-1.json | 88 ------------------- nodes/{mastodon-2.json => mastodon-3.json} | 13 +-- nodes/nodejs-2.json | 85 ------------------ nodes/{nodejs-3.json => nodejs-4.json} | 24 ++--- ...{rsk-mainnet-1.json => rsk-mainnet-2.json} | 20 ++--- ...{rsk-testnet-2.json => rsk-testnet-3.json} | 20 ++--- 16 files changed, 92 insertions(+), 234 deletions(-) create mode 100644 clients/discourse-2.json create mode 100644 clients/ejabberd-7.json create mode 100644 clients/gitea-2.json create mode 100644 clients/mastodon-3.json create mode 100644 clients/nodejs-4.json create mode 100644 clients/rsk-mainnet-2.json create mode 100644 clients/rsk-testnet-3.json rename nodes/{discourse-1.json => discourse-2.json} (83%) rename nodes/{ejabberd-6.json => ejabberd-7.json} (82%) rename nodes/{gitea-1.json => gitea-2.json} (90%) delete mode 100644 nodes/mastodon-1.json rename nodes/{mastodon-2.json => mastodon-3.json} (91%) delete mode 100644 nodes/nodejs-2.json rename nodes/{nodejs-3.json => nodejs-4.json} (83%) rename nodes/{rsk-mainnet-1.json => rsk-mainnet-2.json} (83%) rename nodes/{rsk-testnet-2.json => rsk-testnet-3.json} (83%) diff --git a/clients/discourse-2.json b/clients/discourse-2.json new file mode 100644 index 0000000..f970f8b --- /dev/null +++ b/clients/discourse-2.json @@ -0,0 +1,4 @@ +{ + "name": "discourse-2", + "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwinJNGMUzUdrZwx/ZCkU\nxZRnuWqZHXHdZtkEG6beMY1sB/PpGknLgcfTjhh4FR/5hIXqBcVdUj3DZiTmhd8o\n0QpEkJPNKd08PN12CyShPwCcIA1KTqsCsNys+bp6Wff84JClAe/Oza6DonoRmhqO\ncFxSQcscuv8a6Gc/1X/aySmS01hwL+r9p0VZBEPNKEObgJXHsGIIbajlxgq037X/\n2/IsIk2etXTUSWPJLxNKSXzxC3l4Izw4NfvUgipByPTeJQ2YAVxbvrDEqquBGk5S\nll/mlF+fKX0QvUhm7sdLiSy++rHc8R1ny+4LnR1gAOscYMuLbDbpJnW0Rc0GEJOL\nVwIDAQAB\n-----END PUBLIC KEY-----\n" +} \ No newline at end of file diff --git a/clients/ejabberd-7.json b/clients/ejabberd-7.json new file mode 100644 index 0000000..219eb8a --- /dev/null +++ b/clients/ejabberd-7.json @@ -0,0 +1,4 @@ +{ + "name": "ejabberd-7", + "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHfqcI/6w58gLwDFCKxw\n0TeKFOf4MFBnmUGsWyi8BEskkjh4QEDc4pUFeiVuEADFyBfCnALWh004nKhiwamc\nECybfAKlJryoQQEcYZC6H4rZf3SW7xPLk12X00YySNroYM50PM5Ly/G7MI9a669g\n6HNOgn1MYIEh8unpsAHjfKpx72bNutRYKKvBDaHXNvlJ459Jr8HNpERFk8IeaGcF\n4BKqf/MNxkQHOfy7R4ETXeLUBrgD13SmLbs6mM3lXS6IgkoeFyAvAPP4ZgwgiJ6w\nqIKsX4cRt8xnJJ+MTNBX4oc0f9+Gu8bUpr2JZ8tcwq3GUgDjv+JSJpk/uDzzbQUe\nIwIDAQAB\n-----END PUBLIC KEY-----\n" +} \ No newline at end of file diff --git a/clients/gitea-2.json b/clients/gitea-2.json new file mode 100644 index 0000000..44c8a58 --- /dev/null +++ b/clients/gitea-2.json @@ -0,0 +1,4 @@ +{ + "name": "gitea-2", + "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7MKbO2vvX7TD1cFKjITh\ntvsf6hgAQRcu7F0kiekx15aC3VLnRgsB9A6SXySVrqvhq/vOSTXZsIC62IQi4Oks\nhhtAA/uvwcOmZ7JkMi0vJ3Ary94dTsg/L8i/0/k2V/D4FRKTV4414wSkpglFGLhl\nvbZ6P17LrqfyAzNJwIDzwd9d6cvt4a0qxvuxbTOHkBuY8tpyGdNzhg6fATadxbBa\nRASEVFb+xqxG3K+8zRmaCFyYqmSPS/8liVVbLPAeUlK6pDyQ5g4T37E5o+CpWfPF\nkBgYw/hHQe6zt1Z4wNJ6mb8YIN/l9kFF3EE99laYxp9Ua7ffrZkRgw12C5Yrn3N6\noQIDAQAB\n-----END PUBLIC KEY-----\n" +} \ No newline at end of file diff --git a/clients/mastodon-3.json b/clients/mastodon-3.json new file mode 100644 index 0000000..e78fe4a --- /dev/null +++ b/clients/mastodon-3.json @@ -0,0 +1,4 @@ +{ + "name": "mastodon-3", + "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArBsrwKV1RtDfw/5y/L2N\n/x7UL2q6G4JypcD5Q8/aDQOTaGuTR+4RCup+Zcn2wzpdGnX6IzS7cy4/LqMoR2pB\nq8K1FZOXvcCtwsBqsyGWiFdy5aLXy2CkHhTRbkwOLPyb1rBy+qPCBdr055BPZUWm\nTfJaxTmph+Z1J+INz0YndYxz3iKET2V99OP27D7tUdZ7yPgMDbDJWqVxPdYrmAUr\n3QLpmYWsYlmPKhpTAXlvbvzE5vgh5EC8RGfhfYRpacc6QdwbahtxMQAV9+1S2+Vj\nntHfB6PSnYwewUHs9MMn8e33KmNlOZdMAVlyJymBZ4pNceC44vxvZYElp077A6tN\nFwIDAQAB\n-----END PUBLIC KEY-----\n" +} \ No newline at end of file diff --git a/clients/nodejs-4.json b/clients/nodejs-4.json new file mode 100644 index 0000000..fec110c --- /dev/null +++ b/clients/nodejs-4.json @@ -0,0 +1,4 @@ +{ + "name": "nodejs-4", + "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwIlB6swdT/Z7tRx/Sm24\n/ro3Jotpsi0DiNS6i7BA1fH0OdbX5CRel62jGC1Nja9QCY8aBd00E8u7KPCuK3iY\n5aA7v91sxWZ7nbXdSwBawaNsTZAe4rMaEkA74INpq7TOvLzHcmDcgRbo+MC2Nw3T\nl0mCOaWkUWFaukTLN8zBldzEbYxztKsaL+b2TbevnSCaPkdD9WmDbmjrUiWTlnpE\nDidMjZ9rp+PcODyjlvwka1yJCoPFoN/+ZL4yXxo49tJ2kbrxSh4tdDZqiZwnajRb\n4SAuRCaHTASDSmZ1Dj0ET/miXuvy6Jgvt06eSMPDKvb+84Dk8zLf4CW6DaE2TfX4\nzwIDAQAB\n-----END PUBLIC KEY-----\n" +} \ No newline at end of file diff --git a/clients/rsk-mainnet-2.json b/clients/rsk-mainnet-2.json new file mode 100644 index 0000000..d55d353 --- /dev/null +++ b/clients/rsk-mainnet-2.json @@ -0,0 +1,4 @@ +{ + "name": "rsk-mainnet-2", + "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1cuvB3l7sBKJXqjhTih\nQloXteYOr/cQ24R5xUDnHZpCzM75khBjf9ZIX5fskManQ7MI4oFHAaKF6sCWT9QQ\nnL3ON0rCX8wDwBJpKY3iFisAK7f86GO5qkG2ovwG4wO1x69eKX52w33xGpPLPrmw\nBhFv+KfT56KZ3NCvDIQ6tew9VJ3g2V2zUtlL7xZIcdkgTXB06Ec8gbtoCAD3MVUQ\noxMCn+CK6QIAHGxpLIFEv5Y4hNRJ3+0RSuQikhhFzd7P2swnUgDSxDpbfoShroCC\neDw29sapOkQ+PwiHo2Zy8Qtr5m1ToGIhh8l1f/k2vi0Vf2xWVaTjbaeePEDMy9Fd\nKQIDAQAB\n-----END PUBLIC KEY-----\n" +} \ No newline at end of file diff --git a/clients/rsk-testnet-3.json b/clients/rsk-testnet-3.json new file mode 100644 index 0000000..2fad7b5 --- /dev/null +++ b/clients/rsk-testnet-3.json @@ -0,0 +1,4 @@ +{ + "name": "rsk-testnet-3", + "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxbo3GccgPZp8UWhb9l2w\n+o6Qe5s4Tf/1TMOw3ppLw+IGCZhq9LEe8s8kngbBX7dMywbyDuf8vLXwvAHFKvC+\nx4XOXq0r9xDX8ujTCfqJxiSYk1KTyqM4lmi7qno7F9/Nwo7h3HuVbpkT752ojf+/\nDCSXwHL+uHlF6z3jKZ8iYBRHFrWmudh8bOm6lVsp/Iv4pQ/btZf8W5zULlk/Z6lT\nb6GS538Lnaoeu7wPCf/awL5GBg9findY3oS1lsEE+PfAu6SAHmbJcItMkrON7Esd\ng9xtwsjX1VICpJhOSkVS1nmRfYohELVJMdiKSLq+b5UskscbCjkRGY6GAPH8cVGg\nSQIDAQAB\n-----END PUBLIC KEY-----\n" +} \ No newline at end of file diff --git a/nodes/discourse-1.json b/nodes/discourse-2.json similarity index 83% rename from nodes/discourse-1.json rename to nodes/discourse-2.json index e2cad15..4b8a773 100644 --- a/nodes/discourse-1.json +++ b/nodes/discourse-2.json @@ -1,16 +1,16 @@ { - "name": "discourse-1", + "name": "discourse-2", "normal": { "knife_zero": { - "host": "10.1.1.20" + "host": "10.1.1.35" } }, "automatic": { - "fqdn": "discourse-1", + "fqdn": "discourse-2", "os": "linux", - "os_version": "5.4.0-1055-kvm", - "hostname": "discourse-1", - "ipaddress": "192.168.122.148", + "os_version": "5.4.0-1058-kvm", + "hostname": "discourse-2", + "ipaddress": "192.168.122.104", "roles": [ "discourse" ], @@ -41,8 +41,8 @@ "cloud": null, "chef_packages": { "chef": { - "version": "17.9.46", - "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.9.46/lib", + "version": "17.9.52", + "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.9.52/lib", "chef_effortless": null }, "ohai": { @@ -55,4 +55,4 @@ "recipe[kosmos-base]", "role[discourse]" ] -} +} \ No newline at end of file diff --git a/nodes/ejabberd-6.json b/nodes/ejabberd-7.json similarity index 82% rename from nodes/ejabberd-6.json rename to nodes/ejabberd-7.json index 5e61d4a..3bcd9e5 100644 --- a/nodes/ejabberd-6.json +++ b/nodes/ejabberd-7.json @@ -1,16 +1,16 @@ { - "name": "ejabberd-6", + "name": "ejabberd-7", "normal": { "knife_zero": { - "host": "10.1.1.145" + "host": "10.1.1.132" } }, "automatic": { - "fqdn": "ejabberd-6", + "fqdn": "ejabberd-7", "os": "linux", - "os_version": "5.4.0-1049-kvm", - "hostname": "ejabberd-6", - "ipaddress": "192.168.122.248", + "os_version": "5.4.0-1058-kvm", + "hostname": "ejabberd-7", + "ipaddress": "192.168.122.25", "roles": [ "ejabberd", "postgresql_client" @@ -48,13 +48,13 @@ "cloud": null, "chef_packages": { "chef": { - "version": "17.9.26", - "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.9.26/lib", + "version": "17.9.52", + "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.9.52/lib", "chef_effortless": null }, "ohai": { - "version": "17.9.1", - "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.9.1/lib/ohai" + "version": "17.9.0", + "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.9.0/lib/ohai" } } }, diff --git a/nodes/gitea-1.json b/nodes/gitea-2.json similarity index 90% rename from nodes/gitea-1.json rename to nodes/gitea-2.json index e3ec3a2..e0dcafb 100644 --- a/nodes/gitea-1.json +++ b/nodes/gitea-2.json @@ -1,16 +1,16 @@ { - "name": "gitea-1", + "name": "gitea-2", "normal": { "knife_zero": { - "host": "10.1.1.36" + "host": "10.1.1.21" } }, "automatic": { - "fqdn": "gitea-1", + "fqdn": "gitea-2", "os": "linux", "os_version": "5.4.0-1058-kvm", - "hostname": "gitea-1", - "ipaddress": "192.168.122.218", + "hostname": "gitea-2", + "ipaddress": "192.168.122.189", "roles": [ "gitea", "postgresql_client" diff --git a/nodes/mastodon-1.json b/nodes/mastodon-1.json deleted file mode 100644 index 3be877f..0000000 --- a/nodes/mastodon-1.json +++ /dev/null @@ -1,88 +0,0 @@ -{ - "name": "mastodon-1", - "normal": { - "knife_zero": { - "host": "10.1.1.156" - } - }, - "automatic": { - "fqdn": "mastodon-1", - "os": "linux", - "os_version": "5.4.0-1050-kvm", - "hostname": "mastodon-1", - "ipaddress": "192.168.122.197", - "roles": [ - "mastodon", - "postgresql_client" - ], - "recipes": [ - "kosmos-base", - "kosmos-base::default", - "kosmos_postgresql::hostsfile", - "kosmos-mastodon", - "kosmos-mastodon::default", - "kosmos-mastodon::nginx", - "apt::default", - "timezone_iii::default", - "timezone_iii::debian", - "ntp::default", - "ntp::apparmor", - "kosmos-base::systemd_emails", - "apt::unattended-upgrades", - "kosmos-base::firewall", - "kosmos-postfix::default", - "postfix::default", - "postfix::_common", - "postfix::_attributes", - "postfix::sasl_auth", - "hostname::default", - "kosmos-nodejs::default", - "nodejs::nodejs_from_package", - "nodejs::repo", - "kosmos-redis::default", - "redis::server", - "redis::default", - "backup::default", - "logrotate::default", - "java::default", - "java::set_attributes_from_version", - "java::openjdk", - "java::notify", - "java::default_java_symlink", - "java::set_java_home", - "nodejs::npm", - "nodejs::install", - "kosmos-nginx::default", - "nginx::default", - "nginx::package", - "nginx::ohai_plugin", - "nginx::repo", - "nginx::commons", - "nginx::commons_dir", - "nginx::commons_script", - "nginx::commons_conf", - "kosmos-nginx::firewall", - "tor-full::default", - "git::default", - "git::package", - "kosmos-base::letsencrypt" - ], - "platform": "ubuntu", - "platform_version": "20.04", - "cloud": null, - "chef_packages": { - "ohai": { - "version": "15.12.0", - "ohai_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/ohai-15.12.0/lib/ohai" - }, - "chef": { - "version": "15.14.0", - "chef_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.14.0/lib" - } - } - }, - "run_list": [ - "recipe[kosmos-base]", - "role[mastodon]" - ] -} \ No newline at end of file diff --git a/nodes/mastodon-2.json b/nodes/mastodon-3.json similarity index 91% rename from nodes/mastodon-2.json rename to nodes/mastodon-3.json index 8233528..293bcd3 100644 --- a/nodes/mastodon-2.json +++ b/nodes/mastodon-3.json @@ -1,16 +1,16 @@ { - "name": "mastodon-2", + "name": "mastodon-3", "normal": { "knife_zero": { - "host": "10.1.1.114" + "host": "10.1.1.30" } }, "automatic": { - "fqdn": "mastodon-2", + "fqdn": "mastodon-3", "os": "linux", - "os_version": "5.4.0-1049-kvm", - "hostname": "mastodon-2", - "ipaddress": "192.168.122.33", + "os_version": "5.4.0-1058-kvm", + "hostname": "mastodon-3", + "ipaddress": "192.168.122.161", "roles": [ "mastodon", "postgresql_client" @@ -65,6 +65,7 @@ "nginx::commons_conf", "kosmos-nginx::firewall", "tor-full::default", + "poise-git::default", "git::default", "git::package", "kosmos-base::letsencrypt" diff --git a/nodes/nodejs-2.json b/nodes/nodejs-2.json deleted file mode 100644 index 67f0e7d..0000000 --- a/nodes/nodejs-2.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "name": "nodejs-2", - "normal": { - "knife_zero": { - "host": "10.1.1.229" - } - }, - "automatic": { - "fqdn": "nodejs-2", - "os": "linux", - "os_version": "5.4.0-1049-kvm", - "hostname": "nodejs-2", - "ipaddress": "192.168.122.243", - "roles": [ - "kredits_github", - "sockethub" - ], - "recipes": [ - "kosmos-base", - "kosmos-base::default", - "kosmos-hubot::botka_irc-libera-chat", - "kredits-github", - "kredits-github::default", - "kredits-github::nginx", - "sockethub", - "sockethub::default", - "sockethub::proxy", - "apt::default", - "timezone_iii::default", - "timezone_iii::debian", - "ntp::default", - "ntp::apparmor", - "kosmos-base::systemd_emails", - "apt::unattended-upgrades", - "kosmos-base::firewall", - "kosmos-postfix::default", - "postfix::default", - "postfix::_common", - "postfix::_attributes", - "postfix::sasl_auth", - "hostname::default", - "kosmos-nodejs::default", - "nodejs::nodejs_from_package", - "nodejs::repo", - "kosmos-redis::default", - "redis::server", - "redis::default", - "backup::default", - "logrotate::default", - "kosmos-base::letsencrypt", - "kosmos-nginx::default", - "nginx::default", - "nginx::package", - "nginx::ohai_plugin", - "nginx::repo", - "nginx::commons", - "nginx::commons_dir", - "nginx::commons_script", - "nginx::commons_conf", - "kosmos-nginx::firewall", - "nodejs::npm", - "nodejs::install", - "sockethub::_firewall" - ], - "platform": "ubuntu", - "platform_version": "20.04", - "cloud": null, - "chef_packages": { - "ohai": { - "version": "15.12.0", - "ohai_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/ohai-15.12.0/lib/ohai" - }, - "chef": { - "version": "15.14.0", - "chef_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.14.0/lib" - } - } - }, - "run_list": [ - "recipe[kosmos-base]", - "recipe[kosmos-hubot::botka_irc-libera-chat]", - "role[kredits_github]", - "role[sockethub]" - ] -} \ No newline at end of file diff --git a/nodes/nodejs-3.json b/nodes/nodejs-4.json similarity index 83% rename from nodes/nodejs-3.json rename to nodes/nodejs-4.json index 91f821a..4cca5ad 100644 --- a/nodes/nodejs-3.json +++ b/nodes/nodejs-4.json @@ -1,16 +1,16 @@ { - "name": "nodejs-3", + "name": "nodejs-4", "normal": { "knife_zero": { - "host": "10.1.1.13" + "host": "10.1.1.138" } }, "automatic": { - "fqdn": "nodejs-3", + "fqdn": "nodejs-4", "os": "linux", - "os_version": "5.4.0-1049-kvm", - "hostname": "nodejs-3", - "ipaddress": "192.168.122.85", + "os_version": "5.4.0-1058-kvm", + "hostname": "nodejs-4", + "ipaddress": "192.168.122.106", "roles": [ "kredits_github", "sockethub" @@ -39,14 +39,16 @@ "postfix::_attributes", "postfix::sasl_auth", "hostname::default", + "redisio::default", + "redisio::_install_prereqs", + "redisio::install", + "ulimit::default", + "redisio::disable_os_default", + "redisio::configure", + "redisio::enable", "kosmos-nodejs::default", "nodejs::nodejs_from_package", "nodejs::repo", - "kosmos-redis::default", - "redis::server", - "redis::default", - "backup::default", - "logrotate::default", "kosmos-hubot::_user", "kosmos-base::letsencrypt", "kosmos-nginx::default", diff --git a/nodes/rsk-mainnet-1.json b/nodes/rsk-mainnet-2.json similarity index 83% rename from nodes/rsk-mainnet-1.json rename to nodes/rsk-mainnet-2.json index 1509a4c..b24ba39 100644 --- a/nodes/rsk-mainnet-1.json +++ b/nodes/rsk-mainnet-2.json @@ -1,16 +1,16 @@ { - "name": "rsk-mainnet-1", + "name": "rsk-mainnet-2", "normal": { "knife_zero": { - "host": "10.1.1.137" + "host": "10.1.1.75" } }, "automatic": { - "fqdn": "rsk-mainnet-1", + "fqdn": "rsk-mainnet-2", "os": "linux", - "os_version": "5.4.0-1048-kvm", - "hostname": "rsk-mainnet-1", - "ipaddress": "192.168.122.233", + "os_version": "5.4.0-1058-kvm", + "hostname": "rsk-mainnet-2", + "ipaddress": "192.168.122.208", "roles": [ "rskj_mainnet" ], @@ -53,13 +53,13 @@ "cloud": null, "chef_packages": { "chef": { - "version": "17.6.18", - "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.6.18/lib", + "version": "17.9.52", + "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.9.52/lib", "chef_effortless": null }, "ohai": { - "version": "17.6.0", - "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.6.0/lib/ohai" + "version": "17.9.0", + "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.9.0/lib/ohai" } } }, diff --git a/nodes/rsk-testnet-2.json b/nodes/rsk-testnet-3.json similarity index 83% rename from nodes/rsk-testnet-2.json rename to nodes/rsk-testnet-3.json index 4258baf..34af5d9 100644 --- a/nodes/rsk-testnet-2.json +++ b/nodes/rsk-testnet-3.json @@ -1,16 +1,16 @@ { - "name": "rsk-testnet-2", + "name": "rsk-testnet-3", "normal": { "knife_zero": { - "host": "10.1.1.214" + "host": "10.1.1.175" } }, "automatic": { - "fqdn": "rsk-testnet-2", + "fqdn": "rsk-testnet-3", "os": "linux", - "os_version": "5.4.0-1048-kvm", - "hostname": "rsk-testnet-2", - "ipaddress": "192.168.122.29", + "os_version": "5.4.0-1058-kvm", + "hostname": "rsk-testnet-3", + "ipaddress": "192.168.122.231", "roles": [ "rskj_testnet" ], @@ -53,13 +53,13 @@ "cloud": null, "chef_packages": { "chef": { - "version": "17.6.18", - "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.6.18/lib", + "version": "17.9.52", + "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.9.52/lib", "chef_effortless": null }, "ohai": { - "version": "17.6.0", - "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.6.0/lib/ohai" + "version": "17.9.0", + "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.9.0/lib/ohai" } } }, From 8f4d11b317a15922b92bdc9ffa0b5ed4107a76e3 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Mon, 11 Apr 2022 12:31:00 +0200 Subject: [PATCH 83/86] Add cron job for deleting repo archives --- site-cookbooks/kosmos_gitea/recipes/default.rb | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/site-cookbooks/kosmos_gitea/recipes/default.rb b/site-cookbooks/kosmos_gitea/recipes/default.rb index 9d334ef..f7f3a62 100644 --- a/site-cookbooks/kosmos_gitea/recipes/default.rb +++ b/site-cookbooks/kosmos_gitea/recipes/default.rb @@ -124,3 +124,10 @@ firewall_rule 'gitea' do protocol :tcp command :allow end + +# Hack-fix until we can disable auto-generation of archives +# TODO https://gitea.kosmos.org/kosmos/chef/issues/395 +cron 'delete auto-generated repo file archives' do + minute '*/15' + command 'rm -rf /var/lib/gitea/data/repo-archive/* >/dev/null 2>&1' +end From 994e5873d6bd32db985cb384fe824351749c4aeb Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Mon, 11 Apr 2022 12:50:44 +0200 Subject: [PATCH 84/86] Upgrade Gitea to 1.16.5 Also add our hack-fix cron job to the recipe, so it doesn't get lost when creating new VMs or otherwise. --- site-cookbooks/kosmos_gitea/attributes/default.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/site-cookbooks/kosmos_gitea/attributes/default.rb b/site-cookbooks/kosmos_gitea/attributes/default.rb index 0495d7e..4ee223d 100644 --- a/site-cookbooks/kosmos_gitea/attributes/default.rb +++ b/site-cookbooks/kosmos_gitea/attributes/default.rb @@ -1,7 +1,7 @@ -gitea_version = "1.16.3" +gitea_version = "1.16.5" node.default["kosmos_gitea"]["version"] = gitea_version node.default["kosmos_gitea"]["binary_url"] = "https://dl.gitea.io/gitea/#{gitea_version}/gitea-#{gitea_version}-linux-amd64" -node.default["kosmos_gitea"]["binary_checksum"] = "626c7da554efcfd3abd88b0355e3adf55d7f0941a01e058b2d4f5923d0d5b7c3" +node.default["kosmos_gitea"]["binary_checksum"] = "c0fb4107dc4debf08e6e27fd3383e06dc232ccb410123179c7ae8d7cec60765f" node.default["kosmos_gitea"]["nginx"]["domain"] = "gitea.kosmos.org" node.default["kosmos_gitea"]["working_directory"] = "/var/lib/gitea" node.default["kosmos_gitea"]["port"] = 3000 From a633834a1b7253ab96a81cceb4ccddf6759b4942 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Mon, 18 Apr 2022 10:42:47 +0200 Subject: [PATCH 85/86] Change rate limit for LndHub API --- site-cookbooks/kosmos-bitcoin/templates/lndhub.config.js.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/site-cookbooks/kosmos-bitcoin/templates/lndhub.config.js.erb b/site-cookbooks/kosmos-bitcoin/templates/lndhub.config.js.erb index 99b7858..3dd929d 100644 --- a/site-cookbooks/kosmos-bitcoin/templates/lndhub.config.js.erb +++ b/site-cookbooks/kosmos-bitcoin/templates/lndhub.config.js.erb @@ -1,7 +1,7 @@ let config = { enableUpdateDescribeGraph: false, - postRateLimit: 100, - rateLimit: 200, + postRateLimit: 10000, + rateLimit: 10000, forwardReserveFee: 0.01, // default 0.01 intraHubFee: 0.003, // default 0.003 redis: { From 71f9b06d28a519f5402a4e3e660eaa7423b24c2d Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Tue, 19 Apr 2022 14:08:02 +0200 Subject: [PATCH 86/86] Tor improvements for bitcoin cookbook --- site-cookbooks/kosmos-bitcoin/recipes/lnd.rb | 6 ++---- site-cookbooks/kosmos-bitcoin/templates/lnd.conf.erb | 8 ++++++++ 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb b/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb index b3776bc..a6d932c 100644 --- a/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb +++ b/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb @@ -62,6 +62,7 @@ template "#{lnd_dir}/lnd.conf" do lnd_feerate: node['lnd']['feerate'], lnd_dir: lnd_dir, auto_unlock: node['lnd']['auto_unlock'], + tor_enabled: node['bitcoin']['tor_enabled'], bitcoin_datadir: node['bitcoin']['datadir'], bitcoin_rpc_user: node['bitcoin']['conf']['rpcuser'], bitcoin_rpc_password: bitcoin_credentials["rpcpassword"], @@ -71,9 +72,6 @@ template "#{lnd_dir}/lnd.conf" do notifies :restart, "systemd_unit[lnd.service]", :delayed end -exec_flags = "" -exec_flags += "--tor.active --tor.v3" if node['bitcoin']['tor_enabled'] - systemd_unit 'lnd.service' do content({ Unit: { @@ -86,7 +84,7 @@ systemd_unit 'lnd.service' do User: bitcoin_user, Group: bitcoin_group, Type: 'simple', - ExecStart: "/opt/go/bin/lnd #{exec_flags}", + ExecStart: "/opt/go/bin/lnd", Restart: 'always', RestartSec: '30', TimeoutSec: '240', diff --git a/site-cookbooks/kosmos-bitcoin/templates/lnd.conf.erb b/site-cookbooks/kosmos-bitcoin/templates/lnd.conf.erb index 57c7caf..45b6b9e 100644 --- a/site-cookbooks/kosmos-bitcoin/templates/lnd.conf.erb +++ b/site-cookbooks/kosmos-bitcoin/templates/lnd.conf.erb @@ -25,3 +25,11 @@ bitcoind.rpcuser=<%= @bitcoin_rpc_user %> bitcoind.rpcpass=<%= @bitcoin_rpc_password %> bitcoind.zmqpubrawblock=<%= @bitcoin_zmqpubrawblock %> bitcoind.zmqpubrawtx=<%= @bitcoin_zmqpubrawtx %> + +<% if @tor_enabled %> +[tor] +tor.active=true +tor.v3=true +tor.streamisolation=false +tor.skip-proxy-for-clearnet-targets=true +<% end %>