Merge pull request 'Set up openresty' (#502) from feature/501-openresty into master
Reviewed-on: #502
This commit is contained in:
commit
266b17eb98
|
@ -26,8 +26,7 @@ knife[:automatic_attribute_whitelist] = %w[
|
|||
chef_packages
|
||||
]
|
||||
|
||||
knife[:default_attribute_whitelist] = []
|
||||
knife[:normal_attribute_whitelist] = ['knife_zero', 'kosmos_kvm', 'kosmos-ejabberd']
|
||||
knife[:override_attribute_whitelist] = []
|
||||
|
||||
knife[:allowed_normal_attributes] = ['knife_zero', 'kosmos_kvm', 'kosmos-ejabberd']
|
||||
# Added to /etc/chef/client.rb on node bootstrap
|
||||
# https://docs.chef.io/attribute_persistence/
|
||||
knife[:normal_attribute_allowlist] = ['knife_zero', 'kosmos_kvm', 'kosmos-ejabberd', 'openresty']
|
||||
knife[:allowed_normal_attributes] = ['knife_zero', 'kosmos_kvm', 'kosmos-ejabberd', 'openresty']
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
[submodule "site-cookbooks/postgresql"]
|
||||
path = site-cookbooks/postgresql
|
||||
url = git@github.com:67P/postgresql.git
|
||||
[submodule "site-cookbooks/openresty"]
|
||||
path = site-cookbooks/openresty
|
||||
url = https://github.com/67P/chef-openresty.git
|
||||
|
|
12
Berksfile
12
Berksfile
|
@ -2,10 +2,10 @@
|
|||
|
||||
source 'https://supermarket.chef.io'
|
||||
|
||||
cookbook 'elasticsearch', '~> 5.1.3'
|
||||
cookbook 'firewall', '~> 6.2.16'
|
||||
cookbook 'redisio', '~> 6.4.1'
|
||||
cookbook 'ruby_build', '~> 2.5.0'
|
||||
cookbook 'elasticsearch', '~> 5.1.3'
|
||||
cookbook 'firewall', '~> 6.2.16'
|
||||
cookbook 'redisio', '~> 6.4.1'
|
||||
cookbook 'ruby_build', '~> 2.5.0'
|
||||
|
||||
cookbook 'ipfs',
|
||||
git: 'https://gitea.kosmos.org/kosmos/ipfs-cookbook.git',
|
||||
|
@ -37,3 +37,7 @@ cookbook 'timezone_iii', '= 1.0.4'
|
|||
cookbook 'ulimit', '~> 1.0.0'
|
||||
cookbook 'users', '~> 5.3.1'
|
||||
cookbook 'zerotier', '~> 1.0.7'
|
||||
|
||||
# openresty dependency
|
||||
cookbook 'jemalloc', '~> 0.1.7'
|
||||
cookbook 'yum'
|
||||
|
|
|
@ -15,6 +15,7 @@ DEPENDENCIES
|
|||
revision: d7c25b6ce5fa490b6de3529fdc163fb64f1ece8a
|
||||
ref: v0.7.0
|
||||
java (~> 4.3.0)
|
||||
jemalloc (~> 0.1.7)
|
||||
logrotate (= 2.2.0)
|
||||
mediawiki
|
||||
git: https://github.com/67P/mediawiki-cookbook.git
|
||||
|
@ -33,6 +34,7 @@ DEPENDENCIES
|
|||
timezone_iii (= 1.0.4)
|
||||
ulimit (~> 1.0.0)
|
||||
users (~> 5.3.1)
|
||||
yum
|
||||
zerotier (~> 1.0.7)
|
||||
|
||||
GRAPH
|
||||
|
@ -65,6 +67,8 @@ GRAPH
|
|||
java (4.3.0)
|
||||
homebrew (>= 0.0.0)
|
||||
windows (>= 0.0.0)
|
||||
jemalloc (0.1.7)
|
||||
build-essential (>= 0.0.0)
|
||||
logrotate (2.2.0)
|
||||
mediawiki (0.5.0)
|
||||
apache2 (>= 0.0.0)
|
||||
|
@ -97,6 +101,7 @@ GRAPH
|
|||
ulimit (1.0.0)
|
||||
users (5.3.1)
|
||||
windows (7.0.2)
|
||||
yum (7.4.13)
|
||||
yum-epel (4.2.3)
|
||||
zerotier (1.0.7)
|
||||
ohai (>= 0.0.0)
|
||||
|
|
|
@ -306,6 +306,7 @@ GEM
|
|||
|
||||
PLATFORMS
|
||||
x86_64-darwin-18
|
||||
x86_64-darwin-19
|
||||
x86_64-linux
|
||||
|
||||
DEPENDENCIES
|
||||
|
|
|
@ -26,7 +26,7 @@ Vagrant.configure(2) do |config|
|
|||
ldap.vm.network "private_network", ip: "192.168.56.5"
|
||||
|
||||
ldap.vm.provision :chef_zero do |chef|
|
||||
chef.version = "17.10.0"
|
||||
chef.version = "18.2.7"
|
||||
chef.node_name = "vagrant-node-ldap"
|
||||
chef.arguments = "--chef-license accept"
|
||||
chef.cookbooks_path = ["cookbooks", "site-cookbooks"]
|
||||
|
@ -49,7 +49,7 @@ Vagrant.configure(2) do |config|
|
|||
# bitcoin.vm.synced_folder "../kredits/yap/", "/opt/yap"
|
||||
|
||||
bitcoin.vm.provision :chef_zero do |chef|
|
||||
chef.version = "15.13.8"
|
||||
chef.version = "18.2.7"
|
||||
chef.node_name = "vagrant-node-bitcoin"
|
||||
chef.arguments = "--chef-license accept"
|
||||
chef.cookbooks_path = ["cookbooks", "site-cookbooks"]
|
||||
|
@ -66,4 +66,27 @@ Vagrant.configure(2) do |config|
|
|||
end
|
||||
end
|
||||
|
||||
config.vm.define "openresty" do |openresty|
|
||||
openresty.vm.box = "bento/ubuntu-20.04"
|
||||
openresty.vm.network "forwarded_port", guest: 6379, host: 6379
|
||||
openresty.vm.network "private_network", ip: "192.168.56.7"
|
||||
|
||||
openresty.vm.provision :chef_zero do |chef|
|
||||
chef.version = "18.2.7"
|
||||
chef.node_name = "vagrant-openresty"
|
||||
chef.arguments = "--chef-license accept"
|
||||
chef.cookbooks_path = ["cookbooks", "site-cookbooks"]
|
||||
chef.data_bags_path = "data_bags"
|
||||
chef.roles_path = "roles"
|
||||
chef.nodes_path = "nodes"
|
||||
chef.environments_path = "environments"
|
||||
chef.encrypted_data_bag_secret_key_path = ".chef/encrypted_data_bag_secret"
|
||||
chef.environment = "development"
|
||||
|
||||
chef.add_recipe "kosmos-base"
|
||||
chef.add_role "openresty"
|
||||
chef.add_role "openresty_proxy"
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -0,0 +1,51 @@
|
|||
---
|
||||
driver:
|
||||
name: docker
|
||||
|
||||
provisioner:
|
||||
name: chef_solo
|
||||
log_level: info
|
||||
|
||||
platforms:
|
||||
- name: ubuntu-16.04-chef-12
|
||||
provisioner:
|
||||
product_name: chef
|
||||
install_strategy: once
|
||||
product_version: 12
|
||||
hostname: chef-12-ubuntu.local
|
||||
run_options:
|
||||
e:
|
||||
- LANGUAGE=en_US.UTF-8
|
||||
- LC_ALL=en_US.UTF-8
|
||||
- name: ubuntu-16.04-chef-latest
|
||||
provisioner:
|
||||
product_name: chef
|
||||
install_strategy: once
|
||||
product_version: latest
|
||||
hostname: chef-latest-ubuntu.local
|
||||
run_options:
|
||||
e:
|
||||
- LANGUAGE=en_US.UTF-8
|
||||
- LC_ALL=en_US.UTF-8
|
||||
- name: centos-7.5-chef-latest
|
||||
driver_config:
|
||||
image: centos/systemd
|
||||
run_command: /usr/sbin/init
|
||||
privileged: true
|
||||
provision_command:
|
||||
- sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
|
||||
- systemctl enable sshd.service
|
||||
provisioner:
|
||||
product_name: chef
|
||||
install_strategy: once
|
||||
product_version: latest
|
||||
hostname: chef-latest-centos.local
|
||||
run_options:
|
||||
e:
|
||||
- LANGUAGE=en_US.UTF-8
|
||||
- LC_ALL=en_US.UTF-8
|
||||
|
||||
suites:
|
||||
- name: default
|
||||
run_list:
|
||||
- recipe[jemalloc::default]
|
|
@ -0,0 +1,5 @@
|
|||
source 'https://rubygems.org'
|
||||
|
||||
gem 'berkshelf', '~> 6.3'
|
||||
gem 'test-kitchen', '~> 1.23'
|
||||
gem 'kitchen-docker', '~> 2.7'
|
|
@ -0,0 +1,13 @@
|
|||
Copyright (C) 2013 Panagiotis Papadomitsos
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
|
@ -0,0 +1,77 @@
|
|||
# jemalloc Chef Cookbook
|
||||
|
||||
![Tag Version](https://img.shields.io/github/tag/priestjim/chef-jemalloc.svg) [![Cookbook Version](https://img.shields.io/cookbook/v/jemalloc.svg)](https://supermarket.chef.io/cookbooks/jemalloc) [![Build Status](https://travis-ci.org/priestjim/chef-jemalloc.svg?branch=master)](https://travis-ci.org/priestjim/chef-jemalloc) [![GitHub issues](https://img.shields.io/github/issues/priestjim/chef-jemalloc.svg)](https://github.com/priestjim/chef-jemalloc/issues) [![GitHub license](https://img.shields.io/badge/license-Apache%202-blue.svg)](https://raw.githubusercontent.com/priestjim/chef-jemalloc/master/LICENSE)
|
||||
|
||||
This simple recipe configures, compiles and installs the memory allocation
|
||||
library `jemalloc` via source. jemalloc shines on high-request manycore
|
||||
threaded applications and is a cheap upgrade if your workloads happen to fall
|
||||
into this category.
|
||||
|
||||
## Requirements
|
||||
|
||||
### Platform
|
||||
|
||||
The following platforms are supported and tested using kitchen:
|
||||
|
||||
* Ubuntu 12.04, 12.10
|
||||
* CentOS 7
|
||||
|
||||
Other Debian and RHEL family distributions are assumed to work.
|
||||
|
||||
### Chef Server
|
||||
|
||||
The cookbook converges best on Chef installations >= 10.16.2
|
||||
|
||||
## Attributes
|
||||
|
||||
The following attributes are available on this cookbook:
|
||||
|
||||
* `node['jemalloc']['url']` and `node['jemalloc']['version']` - The version and URL that
|
||||
the library will be downloaded from
|
||||
* `node['jemalloc']['checksum']` - The SHA-256 checksum of the above file
|
||||
|
||||
In addition, the following configuration flags are available as switches
|
||||
|
||||
* `node['jemalloc']['configure']['lazy_lock']` - Enables lazy locking (locking on multi-threaded applications only)
|
||||
* `node['jemalloc']['configure']['xmalloc']` - Enables the `xmalloc` feature of jemalloc
|
||||
* `node['jemalloc']['configure']['dss']` - Enables `sbrk` along `mmap` for memory allocations
|
||||
* `node['jemalloc']['configure']['mremap']` - Enables the `mremap` feature of jemalloc
|
||||
* `node['jemalloc']['configure']['stats']` - Enables the statistics gathering features of jemalloc
|
||||
* `node['jemalloc']['configure']['profiling']` - Enables the code profiling features of jemalloc
|
||||
* `node['jemalloc']['configure']['valgrind']` - Enables valgrind support in jemalloc
|
||||
|
||||
Recipes
|
||||
=======
|
||||
|
||||
## default.rb
|
||||
|
||||
The default recipe downloads, compiles and installs the selected version of
|
||||
jemalloc.
|
||||
|
||||
Usage
|
||||
=====
|
||||
|
||||
Include the recipe on your node or role. Modify the
|
||||
attributes as required in your role to change how various
|
||||
configuration is applied per the attributes section above. In general,
|
||||
override attributes in the role should be used when changing
|
||||
attributes.
|
||||
|
||||
License and Author
|
||||
==================
|
||||
|
||||
- Author:: Panagiotis Papadomitsos (<pj@ezgr.net>)
|
||||
|
||||
Copyright 2013, Panagiotis Papadomitsos
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
|
@ -0,0 +1,5 @@
|
|||
# encoding: utf-8
|
||||
|
||||
require 'bundler'
|
||||
require 'bundler/setup'
|
||||
require 'berkshelf/thor'
|
|
@ -0,0 +1 @@
|
|||
0.1.7
|
|
@ -0,0 +1,33 @@
|
|||
#
|
||||
# Cookbook Name:: jemalloc
|
||||
# Attribute:: default
|
||||
#
|
||||
# Copyright (C) 2013 Panagiotis Papadomitsos
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
default['jemalloc']['version'] = '5.1.0'
|
||||
default['jemalloc']['url'] = "https://github.com/jemalloc/jemalloc/releases/download/#{node['jemalloc']['version']}/jemalloc-#{node['jemalloc']['version']}.tar.bz2"
|
||||
default['jemalloc']['checksum'] = '5396e61cc6103ac393136c309fae09e44d74743c86f90e266948c50f3dbb7268'
|
||||
|
||||
# Configure options
|
||||
default['jemalloc']['configure']['munmap'] = true
|
||||
default['jemalloc']['configure']['lazy_lock'] = true
|
||||
default['jemalloc']['configure']['xmalloc'] = false
|
||||
default['jemalloc']['configure']['dss'] = false
|
||||
default['jemalloc']['configure']['mremap'] = false
|
||||
|
||||
default['jemalloc']['configure']['stats'] = false
|
||||
default['jemalloc']['configure']['profiling'] = false
|
||||
default['jemalloc']['configure']['valgrind'] = false
|
|
@ -0,0 +1,96 @@
|
|||
# Put files/directories that should be ignored in this file when uploading
|
||||
# or sharing to the community site.
|
||||
# Lines that start with '# ' are comments.
|
||||
|
||||
# OS generated files #
|
||||
######################
|
||||
.DS_Store
|
||||
Icon?
|
||||
nohup.out
|
||||
ehthumbs.db
|
||||
Thumbs.db
|
||||
|
||||
# SASS #
|
||||
########
|
||||
.sass-cache
|
||||
|
||||
# EDITORS #
|
||||
###########
|
||||
\#*
|
||||
.#*
|
||||
*~
|
||||
*.sw[a-z]
|
||||
*.bak
|
||||
REVISION
|
||||
TAGS*
|
||||
tmtags
|
||||
*_flymake.*
|
||||
*_flymake
|
||||
*.tmproj
|
||||
.project
|
||||
.settings
|
||||
mkmf.log
|
||||
|
||||
## COMPILED ##
|
||||
##############
|
||||
a.out
|
||||
*.o
|
||||
*.pyc
|
||||
*.so
|
||||
*.com
|
||||
*.class
|
||||
*.dll
|
||||
*.exe
|
||||
*/rdoc/
|
||||
|
||||
# Testing #
|
||||
###########
|
||||
.watchr
|
||||
.rspec
|
||||
spec/*
|
||||
spec/fixtures/*
|
||||
test/*
|
||||
features/*
|
||||
Guardfile
|
||||
Procfile
|
||||
|
||||
# SCM #
|
||||
#######
|
||||
.git
|
||||
*/.git
|
||||
.gitignore
|
||||
.gitmodules
|
||||
.gitconfig
|
||||
.gitattributes
|
||||
.svn
|
||||
*/.bzr/*
|
||||
*/.hg/*
|
||||
*/.svn/*
|
||||
|
||||
# Berkshelf #
|
||||
#############
|
||||
Berksfile
|
||||
Berksfile.lock
|
||||
cookbooks/*
|
||||
tmp
|
||||
|
||||
# Cookbooks #
|
||||
#############
|
||||
CONTRIBUTING
|
||||
CHANGELOG*
|
||||
|
||||
# Strainer #
|
||||
############
|
||||
Colanderfile
|
||||
Strainerfile
|
||||
.colander
|
||||
.strainer
|
||||
|
||||
# Vagrant #
|
||||
###########
|
||||
.vagrant
|
||||
Vagrantfile
|
||||
|
||||
# Travis #
|
||||
##########
|
||||
.travis.yml
|
|
@ -0,0 +1,55 @@
|
|||
{
|
||||
"name": "jemalloc",
|
||||
"description": "Installs and configures the jemalloc library",
|
||||
"long_description": "# jemalloc Chef Cookbook\n\n![Tag Version](https://img.shields.io/github/tag/priestjim/chef-jemalloc.svg) [![Cookbook Version](https://img.shields.io/cookbook/v/jemalloc.svg)](https://supermarket.chef.io/cookbooks/jemalloc) [![Build Status](https://travis-ci.org/priestjim/chef-jemalloc.svg?branch=master)](https://travis-ci.org/priestjim/chef-jemalloc) [![GitHub issues](https://img.shields.io/github/issues/priestjim/chef-jemalloc.svg)](https://github.com/priestjim/chef-jemalloc/issues) [![GitHub license](https://img.shields.io/badge/license-Apache%202-blue.svg)](https://raw.githubusercontent.com/priestjim/chef-jemalloc/master/LICENSE)\n\nThis simple recipe configures, compiles and installs the memory allocation\nlibrary `jemalloc` via source. jemalloc shines on high-request manycore\nthreaded applications and is a cheap upgrade if your workloads happen to fall\ninto this category.\n\n## Requirements\n\n### Platform\n\nThe following platforms are supported and tested using kitchen:\n\n* Ubuntu 12.04, 12.10\n* CentOS 7\n\nOther Debian and RHEL family distributions are assumed to work.\n\n### Chef Server\n\nThe cookbook converges best on Chef installations >= 10.16.2\n\n## Attributes\n\nThe following attributes are available on this cookbook:\n\n* `node['jemalloc']['url']` and `node['jemalloc']['version']` - The version and URL that\n the library will be downloaded from\n* `node['jemalloc']['checksum']` - The SHA-256 checksum of the above file\n\nIn addition, the following configuration flags are available as switches\n\n* `node['jemalloc']['configure']['lazy_lock']` - Enables lazy locking (locking on multi-threaded applications only)\n* `node['jemalloc']['configure']['xmalloc']` - Enables the `xmalloc` feature of jemalloc\n* `node['jemalloc']['configure']['dss']` - Enables `sbrk` along `mmap` for memory allocations\n* `node['jemalloc']['configure']['mremap']` - Enables the `mremap` feature of jemalloc\n* `node['jemalloc']['configure']['stats']` - Enables the statistics gathering features of jemalloc\n* `node['jemalloc']['configure']['profiling']` - Enables the code profiling features of jemalloc\n* `node['jemalloc']['configure']['valgrind']` - Enables valgrind support in jemalloc\n\nRecipes\n=======\n\n## default.rb\n\nThe default recipe downloads, compiles and installs the selected version of\njemalloc.\n\nUsage\n=====\n\nInclude the recipe on your node or role. Modify the\nattributes as required in your role to change how various\nconfiguration is applied per the attributes section above. In general,\noverride attributes in the role should be used when changing\nattributes.\n\nLicense and Author\n==================\n\n- Author:: Panagiotis Papadomitsos (<pj@ezgr.net>)\n\nCopyright 2013, Panagiotis Papadomitsos\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n",
|
||||
"maintainer": "Panagiotis Papadomitsos",
|
||||
"maintainer_email": "pj@ezgr.net",
|
||||
"license": "Apache 2.0",
|
||||
"platforms": {
|
||||
"ubuntu": ">= 12.04",
|
||||
"debian": ">= 6.0",
|
||||
"redhat": ">= 6.0",
|
||||
"scientific": ">= 6.0",
|
||||
"oracle": ">= 6.0"
|
||||
},
|
||||
"dependencies": {
|
||||
"build-essential": ">= 0.0.0"
|
||||
},
|
||||
"recommendations": {
|
||||
|
||||
},
|
||||
"suggestions": {
|
||||
|
||||
},
|
||||
"conflicting": {
|
||||
|
||||
},
|
||||
"providing": {
|
||||
|
||||
},
|
||||
"replacing": {
|
||||
|
||||
},
|
||||
"attributes": {
|
||||
|
||||
},
|
||||
"groupings": {
|
||||
|
||||
},
|
||||
"recipes": {
|
||||
"jemalloc": "Installs and configures the jemalloc library"
|
||||
},
|
||||
"version": "0.1.7",
|
||||
"source_url": "",
|
||||
"issues_url": "",
|
||||
"privacy": false,
|
||||
"chef_versions": [
|
||||
|
||||
],
|
||||
"ohai_versions": [
|
||||
|
||||
],
|
||||
"gems": [
|
||||
|
||||
]
|
||||
}
|
|
@ -0,0 +1,17 @@
|
|||
name 'jemalloc'
|
||||
maintainer 'Panagiotis Papadomitsos'
|
||||
maintainer_email 'pj@ezgr.net'
|
||||
license 'Apache 2.0'
|
||||
description 'Installs and configures the jemalloc library'
|
||||
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
|
||||
version IO.read(File.join(File.dirname(__FILE__), 'VERSION')).chomp rescue '0.1.0'
|
||||
|
||||
recipe 'jemalloc', 'Installs and configures the jemalloc library'
|
||||
|
||||
supports 'ubuntu', '>= 12.04'
|
||||
supports 'debian', '>= 6.0'
|
||||
supports 'redhat', '>= 6.0'
|
||||
supports 'scientific', '>= 6.0'
|
||||
supports 'oracle', '>= 6.0'
|
||||
|
||||
depends 'build-essential'
|
|
@ -0,0 +1,73 @@
|
|||
#
|
||||
# Cookbook Name:: jemalloc
|
||||
# Recipe:: default
|
||||
#
|
||||
# Copyright (C) 2013 Panagiotis Papadomitsos
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
include_recipe 'build-essential'
|
||||
|
||||
package 'bzip2' # For archive extraction
|
||||
|
||||
tmp = Chef::Config['file_cache_path'] || '/tmp'
|
||||
jem_filename = ::File.basename(node['jemalloc']['url'])
|
||||
jem_path = "#{tmp}/jemalloc-#{node['jemalloc']['version']}"
|
||||
jem_libdir = (platform_family?('rhel') && node['kernel']['machine'].eql?('x86_64')) ? '/usr/lib64' : '/usr/lib'
|
||||
|
||||
remote_file "#{tmp}/#{jem_filename}" do
|
||||
owner 'root'
|
||||
group 'root'
|
||||
mode 00644
|
||||
source node['jemalloc']['url']
|
||||
checksum node['jemalloc']['checksum']
|
||||
action :create
|
||||
end
|
||||
|
||||
execute 'extract-jemalloc' do
|
||||
user 'root'
|
||||
cwd(tmp)
|
||||
command "tar xjf #{tmp}/#{jem_filename}"
|
||||
not_if { ::File.directory?(jem_path)}
|
||||
end
|
||||
|
||||
bash 'compile-jemalloc' do
|
||||
user 'root'
|
||||
cwd jem_path
|
||||
code <<-EOH
|
||||
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --disable-debug \\
|
||||
#{'--enable-lazy-lock' if node['jemalloc']['configure']['lazy_lock']} \\
|
||||
#{'--enable-xmalloc' if node['jemalloc']['configure']['xmalloc']} \\
|
||||
#{'--enable-dss' if node['jemalloc']['configure']['dss']} \\
|
||||
#{'--enable-mremap' if node['jemalloc']['configure']['mremap']} \\
|
||||
#{'--disable-stats' unless node['jemalloc']['configure']['stats']} \\
|
||||
#{'--enable-prof ' if node['jemalloc']['configure']['profiling']} \\
|
||||
#{'--disable-valgrind' unless node['jemalloc']['configure']['valgrind']} &&
|
||||
make
|
||||
EOH
|
||||
not_if { ::File.exists?("#{jem_path}/lib/libjemalloc.so.2")}
|
||||
end
|
||||
|
||||
execute 'install-jemalloc' do
|
||||
command 'make install'
|
||||
cwd jem_path
|
||||
not_if { ::FileUtils.cmp("#{jem_path}/lib/libjemalloc.so.2", "#{jem_libdir}/libjemalloc.so.2") rescue false }
|
||||
action :run
|
||||
notifies :run, 'execute[jemalloc-ldconfig]'
|
||||
end
|
||||
|
||||
execute 'jemalloc-ldconfig' do
|
||||
command 'ldconfig'
|
||||
action :nothing
|
||||
end
|
|
@ -0,0 +1,5 @@
|
|||
config:
|
||||
ul-indent: false # MD007
|
||||
line-length: false # MD013
|
||||
no-duplicate-heading: false # MD024
|
||||
reference-links-images: false # MD052
|
|
@ -0,0 +1,461 @@
|
|||
# yum Cookbook CHANGELOG
|
||||
|
||||
This file is used to list changes made in each version of the yum cookbook.
|
||||
|
||||
## 7.4.13 - *2023-04-17*
|
||||
|
||||
## 7.4.12 - *2023-04-07*
|
||||
|
||||
Standardise files with files in sous-chefs/repo-management
|
||||
|
||||
## 7.4.11 - *2023-04-01*
|
||||
|
||||
## 7.4.10 - *2023-04-01*
|
||||
|
||||
Standardise files with files in sous-chefs/repo-management
|
||||
|
||||
## 7.4.9 - *2023-03-20*
|
||||
|
||||
Standardise files with files in sous-chefs/repo-management
|
||||
|
||||
## 7.4.8 - *2023-03-18*
|
||||
|
||||
- Update gaurav-nelson/github-action-markdown-link-check action to v1.0.15
|
||||
- Fix yaml
|
||||
|
||||
## 7.4.7 - *2023-03-15*
|
||||
|
||||
- Standardise files with files in sous-chefs/repo-management
|
||||
|
||||
## 7.4.6 - *2023-02-27*
|
||||
|
||||
- remove circleci
|
||||
|
||||
## 7.4.5 - *2023-02-23*
|
||||
|
||||
- Standardise files with files in sous-chefs/repo-management
|
||||
|
||||
## 7.4.4 - *2023-02-16*
|
||||
|
||||
- Standardise files with files in sous-chefs/repo-management
|
||||
|
||||
## 7.4.3 - *2023-02-15*
|
||||
|
||||
- Update Actions
|
||||
|
||||
## 7.4.2 - *2023-02-15*
|
||||
|
||||
- Standardise files with files in sous-chefs/repo-management
|
||||
|
||||
## 7.4.1 - *2022-12-08*
|
||||
|
||||
- Standardise files with files in sous-chefs/repo-management
|
||||
|
||||
## 7.4.0 - *2022-05-09*
|
||||
|
||||
- Add support for DNF property `best`
|
||||
- Add support for DNF property `skip_if_unavailable`
|
||||
- Add support for DNF property `excludepkgs`
|
||||
|
||||
## 7.3.2 - *2022-02-02*
|
||||
|
||||
## 7.3.1 - *2022-01-27*
|
||||
|
||||
- Add testing for Alma Linux and Rocky Linux
|
||||
- Remove testing for CentOS 8 (prefer Stream instead)
|
||||
|
||||
## 7.3.0 - *2022-01-07*
|
||||
|
||||
- Add `flush_cache` option to `dnf_module`
|
||||
|
||||
## 7.2.1 - *2021-12-21*
|
||||
|
||||
- Fix version comparison in `dnf_module` supported check
|
||||
|
||||
## 7.2.0 - *2021-09-29*
|
||||
|
||||
- Add `dnf_module` resource for managing DNF modules on RHEL 8+ / Fedora
|
||||
|
||||
## 7.1.0 - *2021-08-29*
|
||||
|
||||
- Add support for DNF (Yum v4) property `install_weak_deps` (#193)
|
||||
|
||||
## 7.0.1 - *2021-08-26*
|
||||
|
||||
- Standardise files with files in sous-chefs/repo-management (#191)
|
||||
|
||||
## 7.0.0 - *2021-08-13*
|
||||
|
||||
- Enable `unified_mode` for Chef 17 compatibility
|
||||
- Remove deprecated `dnf_yum_compat` recipe
|
||||
|
||||
## 6.1.1 - *2021-06-01*
|
||||
|
||||
## 6.1.0 - *2021-03-24*
|
||||
|
||||
- complete ip_resolve additions started in 6.0.0
|
||||
|
||||
## 6.0.0 - *2021-01-20*
|
||||
|
||||
- Sous Chefs Adoption
|
||||
- Cookstyle fixes
|
||||
- Various testing fixes
|
||||
- Standardise files with files in sous-chefs/repo-management
|
||||
- Adding proper distroverpkg assignment for Oracle Linux
|
||||
- Require 13+
|
||||
- Remove RHEL5 references
|
||||
- Mark `dnf_yum_compat` recipe deprecated
|
||||
- Add EL8 support
|
||||
|
||||
## 5.1.0 (2017-08-04)
|
||||
|
||||
- Avoid spec deprecation warnings
|
||||
- Use an empty string `releasever` to lock an Amazon Linux AMI to its current verison
|
||||
|
||||
## 5.0.1 (2017-04-06)
|
||||
|
||||
- Switch from Rake testing to Local Delivery
|
||||
- Rename kitchen-docker to kitchen-dokken
|
||||
- Update apache2 license string
|
||||
- use true/false vs. TrueClass and FalseClass in the resource
|
||||
|
||||
## 5.0.0 (2017-02-12)
|
||||
|
||||
### Breaking changes
|
||||
|
||||
- Removed the yum_repository resource and instead require chef-client 12.14 or later, which has the yum repository functionality built in. This resolves Chef 13 compatibility warnings for any cookbook with the yum cookbook.
|
||||
|
||||
### Other changes
|
||||
|
||||
- Convert yum_globalconfig from an LWRP to a custom resource
|
||||
|
||||
## 4.2.0 (2017-02-12)
|
||||
|
||||
- Make cache in the DNF compat recipe
|
||||
- Fix `fastestmirror_enabled`.
|
||||
- Require Chef 12.1 not 12.0
|
||||
- Convert to Inspec
|
||||
|
||||
## 4.1.0 (2016-10-21)
|
||||
|
||||
- Purge yum cache before removing a repo not after
|
||||
|
||||
## 4.0.0 (2016-09-06)
|
||||
|
||||
- Remove support for Chef 11
|
||||
|
||||
## 3.13.0 (2016-09-06)
|
||||
|
||||
- Add deprecation warning for add/remove actions, which were replaced with create/delete in Yum 3.0
|
||||
- Remove support for Chef 10
|
||||
|
||||
## v3.12.0 (2016-08-25)
|
||||
|
||||
- Fixing baseurl to support multiple urls
|
||||
- Modify releasever attribute for Amazon to match Amazon's default policy for releasever
|
||||
|
||||
## v3.11.0 (2016-06-01)
|
||||
|
||||
- Install yum at compile time in the dnf compatibility recipe
|
||||
- Add IBM zlinux as a supported platform in the metadata
|
||||
- Use cookstyle instead of rubocop to provide a consistent linting experience
|
||||
|
||||
## v3.10.0 (2016-02-04)
|
||||
|
||||
- Add a new sensitive attribute to the repository resource so prevent writing the diff of the config to Chef output / logs
|
||||
- Update testing dependencies and remove the Guardfile / Guard dependencies
|
||||
|
||||
## v3.9.0 (2016-01-14)
|
||||
|
||||
- Added dnf_yum_compat recipe to ensure yum is installed on Fedora systems for Chef package resource compatibility. This will no longer be necessary when native dnf package support ships in chef-client.
|
||||
|
||||
## v3.8.2 (2015-10-28)
|
||||
|
||||
- # 141 - Replace clean_headers with clean_metadata
|
||||
|
||||
## v3.8.1 (2015-10-28)
|
||||
|
||||
- Fixing up Chef13 deprecation warnings
|
||||
|
||||
## v3.8.0 (2015-10-13)
|
||||
|
||||
- adding clean_headers boolean property to yum_resource
|
||||
- restoring Chef 10 backwards compat for the sake of ChefSpec
|
||||
- (unique resource names needed to avoid cloning)
|
||||
- Fixing localpkg_gpgcheck values
|
||||
|
||||
## v3.7.1 (2015-09-08)
|
||||
|
||||
- # 135 - reverting "yum clean headers" as it breaks dnf compat
|
||||
|
||||
## v3.7.0 (2015-09-05)
|
||||
|
||||
- Adding deltarpm toggle
|
||||
- Cleaning 'headers' rather than 'all'
|
||||
|
||||
## v3.6.3 (2015-07-13)
|
||||
|
||||
- Normalizing sslverify option rendering behavior
|
||||
- Setting default value on the resource to nil
|
||||
- Explictly setting string to render in template if value is supplied
|
||||
- Behavior should default to "True", per man page
|
||||
|
||||
## v3.6.2 (2015-07-13)
|
||||
|
||||
- Adding -y to makecache, to import key when repo_gpgcheck = true.
|
||||
- Accepting Integer value for max_retries
|
||||
|
||||
## v3.6.1 (2015-06-04)
|
||||
|
||||
- Executing yum clean before makecache
|
||||
- Adding repo_gpgcheck
|
||||
|
||||
## v3.6.0 (2015-04-23)
|
||||
|
||||
- Adding "yum clean" before "yum makecache" in yum_repository :create
|
||||
- Adding why_run support to yum_globalconfig
|
||||
|
||||
## v3.5.4 (2015-04-07)
|
||||
|
||||
- Changing tolerant config line to stringified integer
|
||||
|
||||
## v3.5.3 (2015-01-16)
|
||||
|
||||
- Adding reposdir to globalconfig template
|
||||
|
||||
## v3.5.2 (2014-12-24)
|
||||
|
||||
- Fixing redhat-release detection for Redhat 7
|
||||
|
||||
## v3.5.1 (2014-11-24)
|
||||
|
||||
- Reverting management of ca-certificates because EL5 was broken
|
||||
|
||||
## v3.5.0 (2014-11-24)
|
||||
|
||||
- Adding management of ca-certificates package to yum_repository provider
|
||||
|
||||
## v3.4.1 (2014-10-29)
|
||||
|
||||
- Run yum-makecache only_if new_resource.enabled
|
||||
- Allow setting of reposdir in global yum config and man page
|
||||
- Change default 'obsoletes' behavior to match yum defaults
|
||||
|
||||
## v3.4.0 (2014-10-15)
|
||||
|
||||
- Dynamically generate the new_resource attributes
|
||||
|
||||
## v3.3.2 (2014-09-11)
|
||||
|
||||
- Fix globalconfig resource param for http_caching
|
||||
|
||||
## v3.3.1 (2014-09-04)
|
||||
|
||||
- Fix issue with sslverify if set to false
|
||||
- Add fancy badges
|
||||
|
||||
## v3.3.0 (2014-09-03)
|
||||
|
||||
- Adding tuning attributes for all supported resource parameters
|
||||
- Adding options hash parameter
|
||||
- Adding (real) rhel-6.5 and centos-7.0 to test-kitchen coverage
|
||||
- Updating regex for mirror_expire and mirrorlist_expire to include /^\d+[mhd]$/
|
||||
- Updating README so keepcache reflects reality (defaults to false)
|
||||
- Changing 'obsoletes' behavior in globalconfig resource to match
|
||||
- default behavior. (now defaults to nil, yum defaults to false)
|
||||
- Adding makecache action to repository resource
|
||||
- Adding mode parameter to repository resource. Defaults to '0644'.
|
||||
|
||||
## v3.2.4 (2014-08-20)
|
||||
|
||||
- # 82 - Adding a makecache parameter
|
||||
|
||||
## v3.2.2 (2014-06-11)
|
||||
|
||||
- # 77 - Parameter default to be Trueclass instead of "1"
|
||||
|
||||
- # 78 - add releasever parameter
|
||||
|
||||
## v3.2.0 (2014-04-09)
|
||||
|
||||
- [COOK-4510] - Adding username and password parameters to node attributes
|
||||
- [COOK-4518] - Fix Scientific Linux distroverpkg
|
||||
|
||||
## v3.1.6 (2014-03-27)
|
||||
|
||||
- [COOK-4463] - support multiple GPG keys
|
||||
- [COOK-4364] - yum_repository delete action fails
|
||||
|
||||
## v3.1.4 (2014-03-12)
|
||||
|
||||
- [COOK-4417] Expand test harness to encompass 32-bit boxes
|
||||
|
||||
## v3.1.2 (2014-02-23)
|
||||
|
||||
Fixing bugs around :delete action and cache clean Fixing specs to cover :remove and :delete aliasing properly Adding Travis-ci build matrix bits
|
||||
|
||||
## v3.1.0 (2014-02-13)
|
||||
|
||||
- Updating testing harness for integration testing on Travis-ci
|
||||
- Adding TESTING.md and Guardfile
|
||||
- PR #67 - Add skip_if_unvailable repository option
|
||||
- PR #64 - Fix validation of 'metadata_expire' option to match documentation
|
||||
- [COOK-3591] - removing node.name from repo template rendering
|
||||
- [COOK-4275] - Enhancements to yum cookbook
|
||||
- Adding full spec coverage
|
||||
- Adding support for custom source template to yum_repository
|
||||
|
||||
## v3.0.8 (2014-01-27)
|
||||
|
||||
Fixing typo in default.rb. yum_globalconfig now passes proxy attribute correctly.
|
||||
|
||||
## v3.0.6 (2014-01-27)
|
||||
|
||||
Updating default.rb to consume node['yum']['main']['proxy']
|
||||
|
||||
## v3.0.4 (2013-12-29)
|
||||
|
||||
### Bug
|
||||
|
||||
- **[COOK-4156](https://tickets.chef.io/browse/COOK-4156)** - yum cookbook creates a yum.conf with "cachefir" directive
|
||||
|
||||
## v3.0.2
|
||||
|
||||
Updating globalconfig provider for Chef 10 compatability
|
||||
|
||||
## v3.0.0
|
||||
|
||||
3.0.0 Major rewrite with breaking changes. Recipes broken out into individual cookbooks yum_key resource has been removed yum_repository resource now takes gpgkey as a URL directly yum_repository actions have been reduced to :create and :delete 'name' has been changed to repositoryid to avoid ambiguity chefspec test coverage gpgcheck is set to 'true' by default and must be explicitly disabled
|
||||
|
||||
## v2.4.4
|
||||
|
||||
Reverting to Ruby 1.8 hash syntax.
|
||||
|
||||
## v2.4.2
|
||||
|
||||
[COOK-3275] LWRP repository.rb :add method fails to create yum repo in some cases which causes :update to fail Amazon rhel
|
||||
|
||||
## v2.4.0
|
||||
|
||||
### Improvement
|
||||
|
||||
- [COOK-3025] - Allow per-repo proxy definitions
|
||||
|
||||
## v2.3.4
|
||||
|
||||
### Improvement
|
||||
|
||||
- **[COOK-3689](https://tickets.chef.io/browse/COOK-3689)** - Fix warnings about resource cloning
|
||||
- **[COOK-3574](https://tickets.chef.io/browse/COOK-3574)** - Add missing "description" field in metadata
|
||||
|
||||
## v2.3.2
|
||||
|
||||
### Bug
|
||||
|
||||
- **[COOK-3145](https://tickets.chef.io/browse/COOK-3145)** - Use correct download URL for epel `key_url`
|
||||
|
||||
## v2.3.0
|
||||
|
||||
### New Feature
|
||||
|
||||
- [COOK-2924]: Yum should allow type setting in repo file
|
||||
|
||||
## v2.2.4
|
||||
|
||||
### Bug
|
||||
|
||||
- [COOK-2360]: last commit to `yum_repository` changes previous behaviour
|
||||
- [COOK-3015]: Yum cookbook test minitest to fail
|
||||
|
||||
## v2.2.2
|
||||
|
||||
### Improvement
|
||||
|
||||
- [COOK-2741]: yum::elrepo
|
||||
- [COOK-2946]: update tests, test kitchen support in yum cookbook
|
||||
|
||||
### Bug
|
||||
|
||||
- [COOK-2639]: Yum cookbook - epel - always assumes url is a mirror list
|
||||
- [COOK-2663]: Yum should allow metadata_expire setting in repo file
|
||||
- [COOK-2751]: Update yum.ius_release version to 1.0-11
|
||||
|
||||
## v2.2.0
|
||||
|
||||
- [COOK-2189] - yum::ius failed on install (caused from rpm dependency)
|
||||
- [COOK-2196] - Make includepkgs and exclude configurable for each repos
|
||||
- [COOK-2244] - Allow configuring caching using attributes
|
||||
- [COOK-2399] - yum cookbook LWRPs fail FoodCritic
|
||||
- [COOK-2519] - Add priority option to Yum repo files
|
||||
- [COOK-2593] - allow integer or string for yum priority
|
||||
- [COOK-2643] - don't use conditional attribute for `yum_key` `remote_file`
|
||||
|
||||
## v2.1.0
|
||||
|
||||
- [COOK-2045] - add remi repository recipe
|
||||
- [COOK-2121] - add `:create` action to `yum_repository`
|
||||
|
||||
## v2.0.6
|
||||
|
||||
- [COOK-2037] - minor style fixes
|
||||
- [COOK-2038] - updated README
|
||||
|
||||
## v2.0.4
|
||||
|
||||
- [COOK-1908] - unable to install repoforge on CentOS 6 32 bit
|
||||
|
||||
## v2.0.2
|
||||
|
||||
- [COOK-1758] - Add default action for repository resource
|
||||
|
||||
## v2.0.0
|
||||
|
||||
This version changes the behavior of the EPEL recipe (most commonly used in other Chef cookbooks) on Amazon, and removes an attribute, `node['yum']['epel_release']`. See the README for details.
|
||||
|
||||
- [COOK-1772] - Simplify management of EPEL with LWRP
|
||||
|
||||
## v1.0.0
|
||||
|
||||
`mirrorlist` in the `yum_repository` LWRP must be set to the mirror list URI to use rather than setting it to true. See README.md.
|
||||
|
||||
- [COOK-1088] - use dl.fedoraproject.org for EPEL to prevent redirects
|
||||
- [COOK-1653] - fix mirrorlist
|
||||
- [COOK-1710] - support http proxy
|
||||
- [COOK-1722] - update IUS version
|
||||
|
||||
## v0.8.2
|
||||
|
||||
- [COOK-1521] - add :update action to `yum_repository`
|
||||
|
||||
## v0.8.0
|
||||
|
||||
- [COOK-1204] - Make 'add' default action for yum_repository
|
||||
- [COOK-1351] - option to not make the yum cache (via attribute)
|
||||
- [COOK-1353] - x86_64 centos path fixes
|
||||
- [COOK-1414] - recipe for repoforge
|
||||
|
||||
## v0.6.2
|
||||
|
||||
- Updated README to remove git diff artifacts.
|
||||
|
||||
## v0.6.0
|
||||
|
||||
- Default action for the yum_repository LWRP is now add.
|
||||
- [COOK-1227] - clear Chefs internal cache after adding new yum repo
|
||||
- [COOK-1262] - yum::epel should enable existing repo on Amazon Linux
|
||||
- [COOK-1272], [COOK-1302] - update RPM file for CentOS / RHEL 6
|
||||
- [COOK-1330] - update cookbook documentation on excludes for yum
|
||||
- [COOK-1346] - retry remote_file for EPEL in case we get an FTP mirror
|
||||
|
||||
## v0.5.2
|
||||
|
||||
- [COOK-825] - epel and ius `remote_file` should notify the `rpm_package` to install
|
||||
|
||||
## v0.5.0
|
||||
|
||||
- [COOK-675] - add recipe for handling EPEL repository
|
||||
- [COOK-722] - add recipe for handling IUS repository
|
||||
|
||||
## v.0.1.2
|
||||
|
||||
- Remove yum update in default recipe, that doesn't update caches, it updates packages installed.
|
|
@ -0,0 +1,202 @@
|
|||
Apache License
|
||||
Version 2.0, January 2004
|
||||
http://www.apache.org/licenses/
|
||||
|
||||
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
||||
|
||||
1. Definitions.
|
||||
|
||||
"License" shall mean the terms and conditions for use, reproduction,
|
||||
and distribution as defined by Sections 1 through 9 of this document.
|
||||
|
||||
"Licensor" shall mean the copyright owner or entity authorized by
|
||||
the copyright owner that is granting the License.
|
||||
|
||||
"Legal Entity" shall mean the union of the acting entity and all
|
||||
other entities that control, are controlled by, or are under common
|
||||
control with that entity. For the purposes of this definition,
|
||||
"control" means (i) the power, direct or indirect, to cause the
|
||||
direction or management of such entity, whether by contract or
|
||||
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
||||
outstanding shares, or (iii) beneficial ownership of such entity.
|
||||
|
||||
"You" (or "Your") shall mean an individual or Legal Entity
|
||||
exercising permissions granted by this License.
|
||||
|
||||
"Source" form shall mean the preferred form for making modifications,
|
||||
including but not limited to software source code, documentation
|
||||
source, and configuration files.
|
||||
|
||||
"Object" form shall mean any form resulting from mechanical
|
||||
transformation or translation of a Source form, including but
|
||||
not limited to compiled object code, generated documentation,
|
||||
and conversions to other media types.
|
||||
|
||||
"Work" shall mean the work of authorship, whether in Source or
|
||||
Object form, made available under the License, as indicated by a
|
||||
copyright notice that is included in or attached to the work
|
||||
(an example is provided in the Appendix below).
|
||||
|
||||
"Derivative Works" shall mean any work, whether in Source or Object
|
||||
form, that is based on (or derived from) the Work and for which the
|
||||
editorial revisions, annotations, elaborations, or other modifications
|
||||
represent, as a whole, an original work of authorship. For the purposes
|
||||
of this License, Derivative Works shall not include works that remain
|
||||
separable from, or merely link (or bind by name) to the interfaces of,
|
||||
the Work and Derivative Works thereof.
|
||||
|
||||
"Contribution" shall mean any work of authorship, including
|
||||
the original version of the Work and any modifications or additions
|
||||
to that Work or Derivative Works thereof, that is intentionally
|
||||
submitted to Licensor for inclusion in the Work by the copyright owner
|
||||
or by an individual or Legal Entity authorized to submit on behalf of
|
||||
the copyright owner. For the purposes of this definition, "submitted"
|
||||
means any form of electronic, verbal, or written communication sent
|
||||
to the Licensor or its representatives, including but not limited to
|
||||
communication on electronic mailing lists, source code control systems,
|
||||
and issue tracking systems that are managed by, or on behalf of, the
|
||||
Licensor for the purpose of discussing and improving the Work, but
|
||||
excluding communication that is conspicuously marked or otherwise
|
||||
designated in writing by the copyright owner as "Not a Contribution."
|
||||
|
||||
"Contributor" shall mean Licensor and any individual or Legal Entity
|
||||
on behalf of whom a Contribution has been received by Licensor and
|
||||
subsequently incorporated within the Work.
|
||||
|
||||
2. Grant of Copyright License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
copyright license to reproduce, prepare Derivative Works of,
|
||||
publicly display, publicly perform, sublicense, and distribute the
|
||||
Work and such Derivative Works in Source or Object form.
|
||||
|
||||
3. Grant of Patent License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
(except as stated in this section) patent license to make, have made,
|
||||
use, offer to sell, sell, import, and otherwise transfer the Work,
|
||||
where such license applies only to those patent claims licensable
|
||||
by such Contributor that are necessarily infringed by their
|
||||
Contribution(s) alone or by combination of their Contribution(s)
|
||||
with the Work to which such Contribution(s) was submitted. If You
|
||||
institute patent litigation against any entity (including a
|
||||
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
||||
or a Contribution incorporated within the Work constitutes direct
|
||||
or contributory patent infringement, then any patent licenses
|
||||
granted to You under this License for that Work shall terminate
|
||||
as of the date such litigation is filed.
|
||||
|
||||
4. Redistribution. You may reproduce and distribute copies of the
|
||||
Work or Derivative Works thereof in any medium, with or without
|
||||
modifications, and in Source or Object form, provided that You
|
||||
meet the following conditions:
|
||||
|
||||
(a) You must give any other recipients of the Work or
|
||||
Derivative Works a copy of this License; and
|
||||
|
||||
(b) You must cause any modified files to carry prominent notices
|
||||
stating that You changed the files; and
|
||||
|
||||
(c) You must retain, in the Source form of any Derivative Works
|
||||
that You distribute, all copyright, patent, trademark, and
|
||||
attribution notices from the Source form of the Work,
|
||||
excluding those notices that do not pertain to any part of
|
||||
the Derivative Works; and
|
||||
|
||||
(d) If the Work includes a "NOTICE" text file as part of its
|
||||
distribution, then any Derivative Works that You distribute must
|
||||
include a readable copy of the attribution notices contained
|
||||
within such NOTICE file, excluding those notices that do not
|
||||
pertain to any part of the Derivative Works, in at least one
|
||||
of the following places: within a NOTICE text file distributed
|
||||
as part of the Derivative Works; within the Source form or
|
||||
documentation, if provided along with the Derivative Works; or,
|
||||
within a display generated by the Derivative Works, if and
|
||||
wherever such third-party notices normally appear. The contents
|
||||
of the NOTICE file are for informational purposes only and
|
||||
do not modify the License. You may add Your own attribution
|
||||
notices within Derivative Works that You distribute, alongside
|
||||
or as an addendum to the NOTICE text from the Work, provided
|
||||
that such additional attribution notices cannot be construed
|
||||
as modifying the License.
|
||||
|
||||
You may add Your own copyright statement to Your modifications and
|
||||
may provide additional or different license terms and conditions
|
||||
for use, reproduction, or distribution of Your modifications, or
|
||||
for any such Derivative Works as a whole, provided Your use,
|
||||
reproduction, and distribution of the Work otherwise complies with
|
||||
the conditions stated in this License.
|
||||
|
||||
5. Submission of Contributions. Unless You explicitly state otherwise,
|
||||
any Contribution intentionally submitted for inclusion in the Work
|
||||
by You to the Licensor shall be under the terms and conditions of
|
||||
this License, without any additional terms or conditions.
|
||||
Notwithstanding the above, nothing herein shall supersede or modify
|
||||
the terms of any separate license agreement you may have executed
|
||||
with Licensor regarding such Contributions.
|
||||
|
||||
6. Trademarks. This License does not grant permission to use the trade
|
||||
names, trademarks, service marks, or product names of the Licensor,
|
||||
except as required for reasonable and customary use in describing the
|
||||
origin of the Work and reproducing the content of the NOTICE file.
|
||||
|
||||
7. Disclaimer of Warranty. Unless required by applicable law or
|
||||
agreed to in writing, Licensor provides the Work (and each
|
||||
Contributor provides its Contributions) on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
implied, including, without limitation, any warranties or conditions
|
||||
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
||||
PARTICULAR PURPOSE. You are solely responsible for determining the
|
||||
appropriateness of using or redistributing the Work and assume any
|
||||
risks associated with Your exercise of permissions under this License.
|
||||
|
||||
8. Limitation of Liability. In no event and under no legal theory,
|
||||
whether in tort (including negligence), contract, or otherwise,
|
||||
unless required by applicable law (such as deliberate and grossly
|
||||
negligent acts) or agreed to in writing, shall any Contributor be
|
||||
liable to You for damages, including any direct, indirect, special,
|
||||
incidental, or consequential damages of any character arising as a
|
||||
result of this License or out of the use or inability to use the
|
||||
Work (including but not limited to damages for loss of goodwill,
|
||||
work stoppage, computer failure or malfunction, or any and all
|
||||
other commercial damages or losses), even if such Contributor
|
||||
has been advised of the possibility of such damages.
|
||||
|
||||
9. Accepting Warranty or Additional Liability. While redistributing
|
||||
the Work or Derivative Works thereof, You may choose to offer,
|
||||
and charge a fee for, acceptance of support, warranty, indemnity,
|
||||
or other liability obligations and/or rights consistent with this
|
||||
License. However, in accepting such obligations, You may act only
|
||||
on Your own behalf and on Your sole responsibility, not on behalf
|
||||
of any other Contributor, and only if You agree to indemnify,
|
||||
defend, and hold each Contributor harmless for any liability
|
||||
incurred by, or claims asserted against, such Contributor by reason
|
||||
of your accepting any such warranty or additional liability.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
APPENDIX: How to apply the Apache License to your work.
|
||||
|
||||
To apply the Apache License to your work, attach the following
|
||||
boilerplate notice, with the fields enclosed by brackets "{}"
|
||||
replaced with your own identifying information. (Don't include
|
||||
the brackets!) The text should be enclosed in the appropriate
|
||||
comment syntax for the file format. We also recommend that a
|
||||
file or class name and description of purpose be included on the
|
||||
same "printed page" as the copyright notice for easier
|
||||
identification within third-party archives.
|
||||
|
||||
Copyright {yyyy} {name of copyright owner}
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
|
|
@ -0,0 +1,109 @@
|
|||
# yum Cookbook
|
||||
|
||||
[![Cookbook Version](https://img.shields.io/cookbook/v/yum.svg)](https://supermarket.chef.io/cookbooks/yum)
|
||||
[![CI State](https://github.com/sous-chefs/yum/workflows/ci/badge.svg)](https://github.com/sous-chefs/yum/actions?query=workflow%3Aci)
|
||||
[![OpenCollective](https://opencollective.com/sous-chefs/backers/badge.svg)](#backers)
|
||||
[![OpenCollective](https://opencollective.com/sous-chefs/sponsors/badge.svg)](#sponsors)
|
||||
[![License](https://img.shields.io/badge/License-Apache%202.0-green.svg)](https://opensource.org/licenses/Apache-2.0)
|
||||
|
||||
The Yum cookbook exposes the `yum_globalconfig` resource which allows a user to control global yum behavior. This resources aims to allow the user to configure all options listed in the `yum.conf` man page, found at <http://man7.org/linux/man-pages/man5/yum.conf.5.html>
|
||||
|
||||
## Maintainers
|
||||
|
||||
This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks. If you’d like to know more please visit [sous-chefs.org](https://sous-chefs.org/) or come chat with us on the Chef Community Slack in [#sous-chefs](https://chefcommunity.slack.com/messages/C2V7B88SF).
|
||||
|
||||
## Requirements
|
||||
|
||||
### Platforms
|
||||
|
||||
- RHEL/CentOS and derivatives
|
||||
- Fedora
|
||||
|
||||
### Chef
|
||||
|
||||
- Chef 15.3+
|
||||
|
||||
### Cookbooks
|
||||
|
||||
- none
|
||||
|
||||
## Resources
|
||||
|
||||
- [`yum_globalconfig`](documentation/yum_globalconfig.md)
|
||||
- [`dnf_module`](documentation/dnf_module.md)
|
||||
|
||||
## Recipes (deprecated)
|
||||
|
||||
- `default` - Configures `yum_globalconfig[/etc/yum.conf]` with values found in node attributes at `node['yum']['main']`
|
||||
|
||||
## Attributes
|
||||
|
||||
The following attributes are set by default
|
||||
|
||||
```ruby
|
||||
default['yum']['main']['cachedir'] = '/var/cache/yum/$basearch/$releasever'
|
||||
default['yum']['main']['keepcache'] = false
|
||||
default['yum']['main']['debuglevel'] = nil
|
||||
default['yum']['main']['exclude'] = nil
|
||||
default['yum']['main']['logfile'] = '/var/log/yum.log'
|
||||
default['yum']['main']['exactarch'] = nil
|
||||
default['yum']['main']['obsoletes'] = nil
|
||||
default['yum']['main']['installonly_limit'] = nil
|
||||
default['yum']['main']['installonlypkgs'] = nil
|
||||
default['yum']['main']['installroot'] = nil
|
||||
```
|
||||
|
||||
For Amazon platform nodes, the default is to receive a continuous flow of updates,
|
||||
|
||||
```ruby
|
||||
default['yum']['main']['releasever'] = 'latest'
|
||||
```
|
||||
|
||||
To lock existing instances to the current version of the Amazon AMI,
|
||||
|
||||
```ruby
|
||||
default['yum']['main']['releasever'] = ''
|
||||
```
|
||||
|
||||
## Related Cookbooks
|
||||
|
||||
Recipes from older versions of this cookbook have been moved individual cookbooks. Recipes for managing platform yum configurations and installing specific repositories can be found in one (or more!) of the following cookbook.
|
||||
|
||||
- yum-centos
|
||||
- yum-fedora
|
||||
- yum-amazon
|
||||
- yum-epel
|
||||
- yum-elrepo
|
||||
- yum-repoforge
|
||||
- yum-ius
|
||||
- yum-percona
|
||||
- yum-pgdg
|
||||
|
||||
## Usage
|
||||
|
||||
Put `depends 'yum'` in your metadata.rb to gain access to the yum_repository resource.
|
||||
|
||||
## Contributors
|
||||
|
||||
This project exists thanks to all the people who [contribute.](https://opencollective.com/sous-chefs/contributors.svg?width=890&button=false)
|
||||
|
||||
### Backers
|
||||
|
||||
Thank you to all our backers!
|
||||
|
||||
![https://opencollective.com/sous-chefs#backers](https://opencollective.com/sous-chefs/backers.svg?width=600&avatarHeight=40)
|
||||
|
||||
### Sponsors
|
||||
|
||||
Support this project by becoming a sponsor. Your logo will show up here with a link to your website.
|
||||
|
||||
![https://opencollective.com/sous-chefs/sponsor/0/website](https://opencollective.com/sous-chefs/sponsor/0/avatar.svg?avatarHeight=100)
|
||||
![https://opencollective.com/sous-chefs/sponsor/1/website](https://opencollective.com/sous-chefs/sponsor/1/avatar.svg?avatarHeight=100)
|
||||
![https://opencollective.com/sous-chefs/sponsor/2/website](https://opencollective.com/sous-chefs/sponsor/2/avatar.svg?avatarHeight=100)
|
||||
![https://opencollective.com/sous-chefs/sponsor/3/website](https://opencollective.com/sous-chefs/sponsor/3/avatar.svg?avatarHeight=100)
|
||||
![https://opencollective.com/sous-chefs/sponsor/4/website](https://opencollective.com/sous-chefs/sponsor/4/avatar.svg?avatarHeight=100)
|
||||
![https://opencollective.com/sous-chefs/sponsor/5/website](https://opencollective.com/sous-chefs/sponsor/5/avatar.svg?avatarHeight=100)
|
||||
![https://opencollective.com/sous-chefs/sponsor/6/website](https://opencollective.com/sous-chefs/sponsor/6/avatar.svg?avatarHeight=100)
|
||||
![https://opencollective.com/sous-chefs/sponsor/7/website](https://opencollective.com/sous-chefs/sponsor/7/avatar.svg?avatarHeight=100)
|
||||
![https://opencollective.com/sous-chefs/sponsor/8/website](https://opencollective.com/sous-chefs/sponsor/8/avatar.svg?avatarHeight=100)
|
||||
![https://opencollective.com/sous-chefs/sponsor/9/website](https://opencollective.com/sous-chefs/sponsor/9/avatar.svg?avatarHeight=100)
|
|
@ -0,0 +1,100 @@
|
|||
# http://man7.org/linux/man-pages/man5/yum.conf.5.html
|
||||
|
||||
default['yum']['main']['cachedir'] = '/var/cache/yum/$basearch/$releasever'
|
||||
default['yum']['main']['distroverpkg'] = case node['platform']
|
||||
when 'amazon'
|
||||
'system-release'
|
||||
when 'scientific'
|
||||
'sl-release'
|
||||
when 'redhat'
|
||||
nil
|
||||
when 'oracle'
|
||||
'oraclelinux-release'
|
||||
else
|
||||
"#{node['platform']}-release"
|
||||
end
|
||||
default['yum']['main']['releasever'] = 'latest' if platform?('amazon')
|
||||
default['yum']['main']['alwaysprompt'] = nil # [true, false]
|
||||
default['yum']['main']['assumeyes'] = nil # [true, false]
|
||||
default['yum']['main']['bandwidth'] = nil # /^\d+$/
|
||||
default['yum']['main']['best'] = nil # [true, false]
|
||||
default['yum']['main']['bugtracker_url'] = nil
|
||||
default['yum']['main']['clean_requirements_on_remove'] = nil # [true, false]
|
||||
default['yum']['main']['color'] = nil # %w{ always never }
|
||||
default['yum']['main']['color_list_available_downgrade'] = nil
|
||||
default['yum']['main']['color_list_available_install'] = nil
|
||||
default['yum']['main']['color_list_available_reinstall'] = nil
|
||||
default['yum']['main']['color_list_available_upgrade'] = nil
|
||||
default['yum']['main']['color_list_installed_extra'] = nil
|
||||
default['yum']['main']['color_list_installed_newer'] = nil
|
||||
default['yum']['main']['color_list_installed_older'] = nil
|
||||
default['yum']['main']['color_list_installed_reinstall'] = nil
|
||||
default['yum']['main']['color_search_match'] = nil
|
||||
default['yum']['main']['color_update_installed'] = nil
|
||||
default['yum']['main']['color_update_local'] = nil
|
||||
default['yum']['main']['color_update_remote'] = nil
|
||||
default['yum']['main']['commands'] = nil
|
||||
default['yum']['main']['deltarpm'] = nil # [true, false]
|
||||
default['yum']['main']['debuglevel'] = nil # /^\d+$/
|
||||
default['yum']['main']['diskspacecheck'] = nil # [true, false]
|
||||
default['yum']['main']['enable_group_conditionals'] = nil # [true, false]
|
||||
default['yum']['main']['errorlevel'] = nil # /^\d+$/
|
||||
default['yum']['main']['exactarch'] = nil # [true, false]
|
||||
default['yum']['main']['exclude'] = nil
|
||||
default['yum']['main']['excludepkgs'] = nil
|
||||
default['yum']['main']['gpgcheck'] = true # [true, false]
|
||||
default['yum']['main']['group_package_types'] = nil
|
||||
default['yum']['main']['groupremove_leaf_only'] = nil # [true, false]
|
||||
default['yum']['main']['history_list_view'] = nil
|
||||
default['yum']['main']['history_record'] = nil # [true, false]
|
||||
default['yum']['main']['history_record_packages'] = nil
|
||||
default['yum']['main']['http_caching'] = nil # %w{ packages all none }
|
||||
default['yum']['main']['ip_resolve'] = nil # %w{ 4 6 }
|
||||
default['yum']['main']['installonly_limit'] = nil # /\d+/, /keep/
|
||||
default['yum']['main']['installonlypkgs'] = nil
|
||||
default['yum']['main']['installroot'] = nil
|
||||
default['yum']['main']['keepalive'] = nil # [true, false]
|
||||
default['yum']['main']['keepcache'] = false # [true, false]
|
||||
default['yum']['main']['kernelpkgnames'] = nil
|
||||
default['yum']['main']['localpkg_gpgcheck'] = false # [true,# false]
|
||||
default['yum']['main']['logfile'] = '/var/log/yum.log'
|
||||
default['yum']['main']['max_retries'] = nil # /^\d+$/
|
||||
default['yum']['main']['mdpolicy'] = nil # %w{ packages all none }
|
||||
default['yum']['main']['metadata_expire'] = nil # /^\d+$/
|
||||
default['yum']['main']['mirrorlist_expire'] = nil # /^\d+$/
|
||||
default['yum']['main']['multilib_policy'] = nil # %w{ all best }
|
||||
default['yum']['main']['obsoletes'] = nil # [true, false]
|
||||
default['yum']['main']['overwrite_groups'] = nil # [true, false]
|
||||
default['yum']['main']['password'] = nil
|
||||
default['yum']['main']['path'] = '/etc/yum.conf'
|
||||
default['yum']['main']['persistdir'] = nil
|
||||
default['yum']['main']['pluginconfpath'] = nil
|
||||
default['yum']['main']['pluginpath'] = nil
|
||||
default['yum']['main']['plugins'] = nil # [true, false]
|
||||
default['yum']['main']['protected_multilib'] = nil
|
||||
default['yum']['main']['protected_packages'] = nil
|
||||
default['yum']['main']['proxy'] = nil
|
||||
default['yum']['main']['proxy_password'] = nil
|
||||
default['yum']['main']['proxy_username'] = nil
|
||||
default['yum']['main']['password'] = nil
|
||||
default['yum']['main']['recent'] = nil # /^\d+$/
|
||||
default['yum']['main']['repo_gpgcheck'] = nil # [true, false]
|
||||
default['yum']['main']['reposdir'] = nil
|
||||
default['yum']['main']['reset_nice'] = nil # [true, false]
|
||||
default['yum']['main']['rpmverbosity'] = nil # %w{ info critical# emergency error warn debug }
|
||||
default['yum']['main']['showdupesfromrepos'] = nil # [true, false]
|
||||
default['yum']['main']['skip_broken'] = nil # [true, false]
|
||||
default['yum']['main']['skip_if_unavailable'] = nil # [true, false]
|
||||
default['yum']['main']['ssl_check_cert_permissions'] = nil # [true, false]
|
||||
default['yum']['main']['sslcacert'] = nil
|
||||
default['yum']['main']['sslclientcert'] = nil
|
||||
default['yum']['main']['sslclientkey'] = nil
|
||||
default['yum']['main']['sslverify'] = nil # [true, false]
|
||||
default['yum']['main']['syslog_device'] = nil
|
||||
default['yum']['main']['syslog_facility'] = nil
|
||||
default['yum']['main']['syslog_ident'] = nil
|
||||
default['yum']['main']['throttle'] = nil # [/\d+k/, /\d+M/, /\d+G/]
|
||||
default['yum']['main']['timeout'] = nil # /\d+/
|
||||
default['yum']['main']['tolerant'] = false
|
||||
default['yum']['main']['tsflags'] = nil
|
||||
default['yum']['main']['username'] = nil
|
|
@ -0,0 +1,115 @@
|
|||
# Put files/directories that should be ignored in this file when uploading
|
||||
# to a Chef Infra Server or Supermarket.
|
||||
# Lines that start with '# ' are comments.
|
||||
|
||||
# OS generated files #
|
||||
######################
|
||||
.DS_Store
|
||||
ehthumbs.db
|
||||
Icon?
|
||||
nohup.out
|
||||
Thumbs.db
|
||||
.envrc
|
||||
|
||||
# EDITORS #
|
||||
###########
|
||||
.#*
|
||||
.project
|
||||
.settings
|
||||
*_flymake
|
||||
*_flymake.*
|
||||
*.bak
|
||||
*.sw[a-z]
|
||||
*.tmproj
|
||||
*~
|
||||
\#*
|
||||
REVISION
|
||||
TAGS*
|
||||
tmtags
|
||||
.vscode
|
||||
.editorconfig
|
||||
|
||||
## COMPILED ##
|
||||
##############
|
||||
*.class
|
||||
*.com
|
||||
*.dll
|
||||
*.exe
|
||||
*.o
|
||||
*.pyc
|
||||
*.so
|
||||
*/rdoc/
|
||||
a.out
|
||||
mkmf.log
|
||||
|
||||
# Testing #
|
||||
###########
|
||||
.circleci/*
|
||||
.codeclimate.yml
|
||||
.delivery/*
|
||||
.foodcritic
|
||||
.kitchen*
|
||||
.mdlrc
|
||||
.overcommit.yml
|
||||
.rspec
|
||||
.rubocop.yml
|
||||
.travis.yml
|
||||
.watchr
|
||||
.yamllint
|
||||
azure-pipelines.yml
|
||||
Dangerfile
|
||||
examples/*
|
||||
features/*
|
||||
Guardfile
|
||||
kitchen*.yml
|
||||
mlc_config.json
|
||||
Procfile
|
||||
Rakefile
|
||||
spec/*
|
||||
test/*
|
||||
|
||||
# SCM #
|
||||
#######
|
||||
.git
|
||||
.gitattributes
|
||||
.gitconfig
|
||||
.github/*
|
||||
.gitignore
|
||||
.gitkeep
|
||||
.gitmodules
|
||||
.svn
|
||||
*/.bzr/*
|
||||
*/.git
|
||||
*/.hg/*
|
||||
*/.svn/*
|
||||
|
||||
# Berkshelf #
|
||||
#############
|
||||
Berksfile
|
||||
Berksfile.lock
|
||||
cookbooks/*
|
||||
tmp
|
||||
|
||||
# Bundler #
|
||||
###########
|
||||
vendor/*
|
||||
Gemfile
|
||||
Gemfile.lock
|
||||
|
||||
# Policyfile #
|
||||
##############
|
||||
Policyfile.rb
|
||||
Policyfile.lock.json
|
||||
|
||||
# Documentation #
|
||||
#############
|
||||
CODE_OF_CONDUCT*
|
||||
CONTRIBUTING*
|
||||
documentation/*
|
||||
TESTING*
|
||||
UPGRADING*
|
||||
|
||||
# Vagrant #
|
||||
###########
|
||||
.vagrant
|
||||
Vagrantfile
|
|
@ -0,0 +1,42 @@
|
|||
{
|
||||
"name": "yum",
|
||||
"description": "Configures various yum components on Red Hat-like systems",
|
||||
"long_description": "",
|
||||
"maintainer": "Sous Chefs",
|
||||
"maintainer_email": "help@sous-chefs.org",
|
||||
"license": "Apache-2.0",
|
||||
"platforms": {
|
||||
"amazon": ">= 0.0.0",
|
||||
"centos": ">= 0.0.0",
|
||||
"fedora": ">= 0.0.0",
|
||||
"oracle": ">= 0.0.0",
|
||||
"redhat": ">= 0.0.0",
|
||||
"scientific": ">= 0.0.0",
|
||||
"zlinux": ">= 0.0.0"
|
||||
},
|
||||
"dependencies": {
|
||||
|
||||
},
|
||||
"providing": {
|
||||
|
||||
},
|
||||
"recipes": {
|
||||
|
||||
},
|
||||
"version": "7.4.13",
|
||||
"source_url": "https://github.com/sous-chefs/yum",
|
||||
"issues_url": "https://github.com/sous-chefs/yum/issues",
|
||||
"privacy": false,
|
||||
"chef_versions": [
|
||||
[
|
||||
">= 15.3"
|
||||
]
|
||||
],
|
||||
"ohai_versions": [
|
||||
|
||||
],
|
||||
"gems": [
|
||||
|
||||
],
|
||||
"eager_load_libraries": true
|
||||
}
|
|
@ -0,0 +1,17 @@
|
|||
name 'yum'
|
||||
maintainer 'Sous Chefs'
|
||||
maintainer_email 'help@sous-chefs.org'
|
||||
license 'Apache-2.0'
|
||||
description 'Configures various yum components on Red Hat-like systems'
|
||||
version '7.4.13'
|
||||
source_url 'https://github.com/sous-chefs/yum'
|
||||
issues_url 'https://github.com/sous-chefs/yum/issues'
|
||||
chef_version '>= 15.3'
|
||||
|
||||
supports 'amazon'
|
||||
supports 'centos'
|
||||
supports 'fedora'
|
||||
supports 'oracle'
|
||||
supports 'redhat'
|
||||
supports 'scientific'
|
||||
supports 'zlinux'
|
|
@ -0,0 +1,26 @@
|
|||
#
|
||||
# Author:: Sean OMeara (<someara@chef.io>)
|
||||
# Author:: Joshua Timberman (<joshua@chef.io>)
|
||||
# Recipe:: yum::default
|
||||
#
|
||||
# Copyright:: 2013-2019, Chef Software, Inc (<legal@chef.io>)
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
yum_globalconfig '/etc/yum.conf' do
|
||||
node['yum']['main'].each do |config, value|
|
||||
send(config.to_sym, value) unless value.nil?
|
||||
end
|
||||
|
||||
action :create
|
||||
end
|
|
@ -0,0 +1,17 @@
|
|||
{
|
||||
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
||||
"extends": ["config:base"],
|
||||
"packageRules": [{
|
||||
"groupName": "Actions",
|
||||
"matchUpdateTypes": ["patch", "pin", "digest"],
|
||||
"automerge": true,
|
||||
"addLabels": ["Release: Patch", "Skip: Announcements"]
|
||||
},
|
||||
{
|
||||
"groupName": "Actions",
|
||||
"matchUpdateTypes": ["major"],
|
||||
"automerge": false,
|
||||
"addLabels": ["Release: Patch", "Skip: Announcements"]
|
||||
}
|
||||
]
|
||||
}
|
|
@ -0,0 +1,126 @@
|
|||
resource_name :dnf_module
|
||||
provides :dnf_module
|
||||
|
||||
unified_mode true
|
||||
|
||||
property :module_name, String,
|
||||
name_property: true,
|
||||
description: 'Name of the module to install'
|
||||
|
||||
property :options, [String, Array],
|
||||
coerce: proc { |x| Array(x) },
|
||||
default: [],
|
||||
description: 'Any additional options to pass to DNF'
|
||||
|
||||
property :flush_cache, [true, false],
|
||||
default: true,
|
||||
description: 'Whether to flush the Chef package cache after enabling the module'
|
||||
|
||||
action_class do
|
||||
def supported?
|
||||
(platform_family?('rhel') && node['platform_version'].to_i >= 8) || platform?('fedora')
|
||||
end
|
||||
|
||||
def list_modules(type)
|
||||
raw_output = shell_out!('dnf -q module list').stdout.split("\n")
|
||||
raw_output.keep_if { |l| l.match? /\[#{type}\]/ }
|
||||
raw_output.map { |l| "#{l.split[0]}:#{l.split[1]}" }[0..-2] # remove Hint: line from end
|
||||
end
|
||||
|
||||
def enabled_modules
|
||||
# extract modules from the rest of the output -- the lines with [e] (for enabled)
|
||||
list_modules('e')
|
||||
end
|
||||
|
||||
def disabled_modules
|
||||
# extract modules from the rest of the output -- the lines with [x] (for disabled)
|
||||
# disable disables all versions of the stream, so add entry without :version
|
||||
dl = list_modules('x')
|
||||
dl + dl.map { |m| m.split(':').first }.uniq
|
||||
end
|
||||
|
||||
def installed_modules
|
||||
# extract modules from the rest of the output -- the lines with [i] (for installed)
|
||||
list_modules('i')
|
||||
end
|
||||
|
||||
def opts
|
||||
new_resource.options.join(' ')
|
||||
end
|
||||
|
||||
def flush_dnf_cache
|
||||
# After switching to a new module installed during the Chef run, Chef's
|
||||
# internal package cache won't pick up on new module packages automatically,
|
||||
# so we need to reload that manually, much like after adding a new repo.
|
||||
# This isn't needed for modules available at the start of the Chef run.
|
||||
if new_resource.flush_cache
|
||||
package "flush package cache #{new_resource.module_name}" do
|
||||
action :flush_cache
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
action :switch_to do
|
||||
return unless supported?
|
||||
|
||||
unless enabled_modules.include?(new_resource.module_name)
|
||||
converge_by "switch to #{new_resource.module_name}" do
|
||||
shell_out!("dnf -qy module switch-to #{opts} '#{new_resource.module_name}'")
|
||||
end
|
||||
flush_dnf_cache
|
||||
end
|
||||
end
|
||||
|
||||
action :enable do
|
||||
return unless supported?
|
||||
|
||||
unless enabled_modules.include?(new_resource.module_name)
|
||||
converge_by "enable #{new_resource.module_name}" do
|
||||
shell_out!("dnf -qy module enable #{opts} '#{new_resource.module_name}'")
|
||||
end
|
||||
flush_dnf_cache
|
||||
end
|
||||
end
|
||||
|
||||
action :disable do
|
||||
return unless supported?
|
||||
|
||||
unless disabled_modules.include?(new_resource.module_name)
|
||||
converge_by "disable #{new_resource.module_name}" do
|
||||
shell_out!("dnf -qy module disable #{opts} '#{new_resource.module_name}'")
|
||||
end
|
||||
flush_dnf_cache
|
||||
end
|
||||
end
|
||||
|
||||
action :install do
|
||||
return unless supported?
|
||||
|
||||
unless installed_modules.include?(new_resource.module_name)
|
||||
converge_by "install #{new_resource.module_name}" do
|
||||
shell_out!("dnf -qy module install #{opts} '#{new_resource.module_name}'")
|
||||
end
|
||||
flush_dnf_cache
|
||||
end
|
||||
end
|
||||
|
||||
action :remove do
|
||||
return unless supported?
|
||||
|
||||
if installed_modules.include?(new_resource.module_name)
|
||||
converge_by "remove #{new_resource.module_name}" do
|
||||
shell_out!("dnf -qy module remove #{opts} '#{new_resource.module_name}'")
|
||||
end
|
||||
flush_dnf_cache
|
||||
end
|
||||
end
|
||||
|
||||
action :reset do
|
||||
return unless supported?
|
||||
|
||||
converge_by "reset #{new_resource.module_name}" do
|
||||
shell_out!("dnf -qy module reset #{opts} '#{new_resource.module_name}'")
|
||||
end
|
||||
flush_dnf_cache
|
||||
end
|
|
@ -0,0 +1,169 @@
|
|||
#
|
||||
# Cookbook:: yum
|
||||
# Resource:: repository
|
||||
#
|
||||
# Author:: Sean OMeara <someara@chef.io>
|
||||
# Copyright:: 2013-2020, Chef Software, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
# http://man7.org/linux/man-pages/man5/yum.conf.5.html
|
||||
|
||||
unified_mode true
|
||||
|
||||
property :alwaysprompt, [true, false], description: 'When true yum will not prompt for confirmation when the list of packages to be installed exactly matches those given on the command line. Unless assumeyes is enabled, it will prompt when additional packages need to be installed to fulfill dependencies regardless of this setting. Note that older versions of yum would also always prompt for package removal, and that is no longer true.'
|
||||
property :assumeno, [true, false], description: "If yum would prompt for confirmation of critical actions, assume the user chose no. This is basically the same as doing 'echo | yum ...' but is a bit more usable. This option overrides assumeyes, but is still subject to alwaysprompt."
|
||||
property :assumeyes, [true, false], description: 'Determines whether or not yum prompts for confirmation of critical actions.'
|
||||
property :autocheck_running_kernel, [true, false], description: "Set this to false to disable the automatic checking of the running kernel against updateinfo ('yum updateinfo check-running-kernel'), in the 'check-update' and 'updateinfo summary' commands."
|
||||
property :autosavets, [true, false], description: 'Should yum automatically save a transaction to a file when the transaction is solved but not run. Yum defaults to True'
|
||||
property :bandwidth, String, regex: /^\d+/, description: "Use to specify the maximum available network bandwidth in bytes/second. Used with the throttle property. If throttle is a percentage and bandwidth is '0' then bandwidth throttling will be disabled. If throttle is expressed as a data rate (bytes/sec) then this option is ignored."
|
||||
property :best, [true, false], description: 'If enabled, the solver will either use a package with the highest available version or fail'
|
||||
property :bugtracker_url, String, description: 'URL where bugs should be filed for yum. Configurable for local versions or distro-specific bugtrackers.'
|
||||
property :cachedir, String, default: '/var/cache/yum/$basearch/$releasever', description: 'Directory where yum should store its cache and db files.'
|
||||
property :cashe_root_dir, String, description: "Directory where yum would initialize the cashe, should almost certainly be left at the default. Yum's default is '/var/cache/CAShe'. Note that unlike all other configuration, this does not change with installroot, the reason is so that multiple install root can share the same data. See man cashe for more info."
|
||||
property :check_config_file_age, [true, false], description: 'Specifies whether yum should auto metadata expire repos that are older than any of the configuration files that led to them (usually the yum.conf file and the foo.repo file).'
|
||||
property :clean_requirements_on_remove, [true, false], description: "When removing packages (by removal, update or obsoletion) go through each package's dependencies. If any of them are no longer required by any other package then also mark them to be removed."
|
||||
property :color, String, equal_to: %w(always never), description: 'Display colorized output automatically, depending on the output terminal'
|
||||
property :color_list_available_downgrade, String
|
||||
property :color_list_available_install, String
|
||||
property :color_list_available_reinstall, String
|
||||
property :color_list_available_upgrade, String
|
||||
property :color_list_installed_extra, String
|
||||
property :color_list_installed_newer, String
|
||||
property :color_list_installed_older, String
|
||||
property :color_list_installed_reinstall, String
|
||||
property :color_search_match, String
|
||||
property :color_update_installed, String
|
||||
property :color_update_local, String
|
||||
property :color_update_remote, String
|
||||
property :commands, String, description: "List of functional commands to run if no functional commands are specified on the command line (eg. 'update foo bar baz quux'). None of the short options (eg. -y, -e, -d) are accepted for this option."
|
||||
property :debuglevel, String, regex: /^\d+$/, default: '2', description: 'Debug message output level 0-10.'
|
||||
property :deltarpm, [String, Integer], description: "When non-zero, delta-RPM files are used if available. The value specifies the maximum number of 'applydeltarpm' processes Yum will spawn, if the value is negative then yum works out how many cores you have and multiplies that by the value (cores=2, deltarpm=-2; 4 processes). (2 by default).\nNote that the 'applydeltarpm' process uses a significant amount of disk IO, so running too many instances can significantly slow down all disk IO including the downloads that yum is doing (thus. a too high value can make everything slower)."
|
||||
property :deltarpm_metadata_percentage, String, description: "When the relative size of deltarpm metadata vs pkgs is larger than this, deltarpm metadata is not downloaded from the repo. Yum's default value is 100 (Deltarpm metadata must be smaller than the packages from the repo). Note that you can give values over 100, so 200 means that the metadata is required to be half the size of the packages. Use '0' to turn off this check, and always download metadata."
|
||||
property :deltarpm_percentage, String, description: "When the relative size of delta vs pkg is larger than this, delta is not used. Yum's default value is 75 (Deltas must be at least 25% smaller than the pkg). Use '0' to turn off delta rpm processing. Local repositories (with file:// baseurl) have delta rpms turned off by default."
|
||||
property :depsolve_loop_limit, Integer, description: "Set the number of times any attempt to depsolve before we just give up. This shouldn't be needed as yum should always solve or fail, however it has been observed that it can loop forever with very large system upgrades. Setting this to `0' (or " > ") makes yum try forever. Yum's default is '100'."
|
||||
property :disable_excludes, [true, false], description: 'Permanently set the --disableexcludes command line option.'
|
||||
property :diskspacecheck, [true, false], description: 'Set this to false to disable the checking for sufficient diskspace and inodes before a RPM transaction is run.'
|
||||
property :distroverpkg, String, description: "The package used by yum to determine the 'version' of the distribution, this sets $releasever for use in config. files. This can be any installed package. Default is 'system-release(releasever)', 'redhat-release'. Yum will now look at the version provided by the provide, and if that is non-empty then will use the full V(-R), otherwise it uses the version of the package."
|
||||
property :enable_group_conditionals, [true, false], description: 'Determines whether yum will allow the use of conditionals packages.'
|
||||
property :errorlevel, String, regex: /^\d+$/, description: 'Error message output level 0-10.'
|
||||
property :exactarch, [true, false], default: true
|
||||
property :exactarchlist, String, description: "List of packages that should never change archs in an update. That means, if a package has a newer version available which is for a different compatible arch, yum will not consider that version an update if the package name is in this list. For example, on x86_64, foo-1.x86_64 won't be updated to foo-2.i686 if foo is in this list. Kernels in particular fall into this category. Shell globs using wildcards (eg. * and ?) are allowed."
|
||||
property :exclude, String, description: "List of packages to exclude from all repositories, so yum works as if that package was never in the repositories. This should be a space separated list. This is commonly used so a package isn't upgraded or installed accidentally, but can be used to remove packages in any way that 'yum list' will show packages. Shell globs using wildcards (eg. * and ?) are allowed."
|
||||
property :excludepkgs, String, description: 'Exclude packages from DNF specified by name or glob and separated by a comma. Can be disabled using disable_excludes.'
|
||||
property :exit_on_lock, [true, false], description: 'Should the yum client exit immediately when something else has the lock. Yum defaults to false'
|
||||
property :fssnap_abort_on_errors, String, equal_to: %w(), description: "When fssnap_automatic_pre or fssnap_automatic_post is enabled, it's possible to specify which fssnap errors should make the transaction fail. Yum's default is 'any'.\n'broken-setup' - Abort current transaction if snapshot support is unavailable because lvm is missing or broken.\n'snapshot-failure' - Abort current transaction if creating a snapshot fails (e.g. there is not enough free space to make a snapshot).\n'any' - Abort current transaction if any of the above occurs.\n'none' - Never abort a transaction in case of errors."
|
||||
property :fssnap_automatic_keep, Integer, description: "How many old snapshots should yum keep when trying to automatically create a new snapshot. Setting to 0 disables this feature. Yum's default is '1'"
|
||||
property :fssnap_automatic_post, [true, false], description: 'Should yum try to automatically create a snapshot after it runs a transaction. Yum defaults to False'
|
||||
property :fssnap_automatic_pre, [true, false], description: 'Should yum try to automatically create a snapshot before it runs a transaction. Yum defaults to False'
|
||||
property :fssnap_devices, String, description: 'The origin LVM devices to use for snapshots. Wildcards and negation are allowed, first match (positive or negative) wins. Default is: !*/swap !*/lv_swap glob:/etc/yum/fssnap.d/*.conf'
|
||||
property :fssnap_percentage, Integer, description: "The size of new snaphosts, expressed as a percentage of the old origin device. Any number between 1 and 100. Yum defaults to '100'."
|
||||
property :ftp_disable_epsv, [true, false], description: 'This options disables Extended Passive Mode (the EPSV command) which does not work correctly on some buggy ftp servers.'
|
||||
property :gpgcheck, [true, false], default: true, description: 'This tells yum whether or not it should perform a GPG signature check on packages. When this is set in the [main] section it sets the default for all repositories.'
|
||||
property :group_command, String, equal_to: %w(simple compat objects), description: "Tells yum what to do for group install/upgrade/remove commands.\nSimple acts like you did yum group cmd $(repoquery --group --list group), so it is very easy to reason about what will happen. Alas. this is often not what people want to happen.\nCompat. works much like simple, except that when you run 'group upgrade' it actually runs 'group install' (this means that you get any new packages added to the group, but you also get packages added that were there before and you didn't want). \nObjects makes groups act like a real object, separate from the packages they contain. Yum keeps track of the groups you have installed, so 'group upgrade' will install new packages for the group but not install old ones. It also knows about group members that are installed but weren't installed as part of the group, and won't remove those on 'group remove'. Running 'yum upgrade' will also run 'yum group upgrade' (thus. adding new packages for all groups)."
|
||||
property :group_package_types, String, description: "List of the following: optional, default, mandatory. Tells yum which type of packages in groups will be installed when 'groupinstall' is called."
|
||||
property :groupremove_leaf_only, [true, false], description: "Used to determine yum's behaviour when the groupremove command is run. If groupremove_leaf_only is false (default) then all packages in the group will be removed. If groupremove_leaf_only is true then only those packages in the group that aren't required by another package will be removed."
|
||||
property :history_list_view, String, equal_to: %w(users commands single-user-commands), description: "Which column of information to display in the 'yum history list' command."
|
||||
property :history_record, [true, false], description: 'Should yum record history entries for transactions. This takes some disk space, and some extra time in the transactions. But it allows how to know a lot of information about what has happened before, and display it to the user with the history info/list/summary commands. yum also provides the history undo/redo commands.'
|
||||
property :history_record_packages, String, description: 'This is a list of package names that should be recorded as having helped the transaction. yum plugins have an API to add themselves to this, so it should not normally be necessary to add packages here. Not that this is also used for the packages to look for in --version. Defaults to rpm, yum, yum-metadata-parser.'
|
||||
property :http_caching, String, equal_to: %w(packages all none), description: "Determines how upstream HTTP caches are instructed to handle any HTTP downloads that Yum does. This option can take the following values: all' means that all HTTP downloads should be cached. 'packages' means that only RPM package downloads should be cached (but not repository metadata downloads). 'none' means that no HTTP downloads should be cached."
|
||||
property :installonly_limit, String, regex: [/^\d+/, /keep/], default: '3', description: "Number of packages listed in installonlypkgs to keep installed at the same time. Setting to 0 disables this feature. Default is '0'. Note that this functionality used to be in the 'installonlyn' plugin, where this option was altered via tokeep. Note that as of version 3.2.24, yum will now look in the yumdb for a installonly attribute on installed packages. If that attribute is 'keep', then they will never be removed."
|
||||
property :installonlypkgs, String, description: 'List of package provides that should only ever be installed, never updated. Kernels in particular fall into this category. Defaults to kernel, kernel-bigmem, kernel-enterprise, kernel-smp, kernel-modules, kernel-debug, kernel- unsupported, kernel-source, kernel-devel, kernel-PAE, kernel- PAE-debug.'
|
||||
property :installroot, String, description: 'Specifies an alternative installroot, relative to which all packages will be installed.'
|
||||
property :install_weak_deps, [true, false], description: "When this option is set to true and a new package is about to be installed, all packages linked by a weak dependency relation (i.e., Recommends or Supplements flags) with this package will be pulled into the transaction. Default is DNF's default of true."
|
||||
property :ip_resolve, [String, Integer], equal_to: [4, '4', 6, '6'], description: "Determines how yum resolves host names. '4': resolve to IPv4 addresses only. '6': resolve to IPv6 addresses only."
|
||||
property :keepalive, [true, false], description: 'Set whether HTTP keepalive should be used for HTTP/1.1 servers that support it. This can improve transfer speeds by using one connection when downloading multiple files from a repository.'
|
||||
property :keepcache, [true, false], default: false, description: 'Determines whether or not yum keeps the cache of headers and packages after successful installation.'
|
||||
property :kernelpkgnames, String, description: 'List of package names that are kernels. This is really only here for the updating of kernel packages and should be removed out in the yum 2.1 series.'
|
||||
property :loadts_ignoremissing, [true, false], description: "Should the load-ts command ignore packages that are missing. This includes packages in the TS to be removed, which aren't installed, and packages in the TS to be added, which aren't available. If this is set to true, and an rpm is missing then loadts_ignorenewrpm is automatically set to true. Yum defaults to False."
|
||||
property :loadts_ignorenewrpm, [true, false], description: 'Should the load-ts command ignore the future rpmdb version or abort if there is a mismatch between the TS file and what will happen on the current machine. Note that if loadts_ignorerpm is True, this option does nothing. Yum defaults to False'
|
||||
property :loadts_ignorerpm, [true, false], description: 'Should the load-ts command ignore the rpmdb version (yum version nogroups) or abort if there is a mismatch between the TS file and the current machine. If this is set to true, then loadts_ignorenewrpm is automatically set to true. Yum defaults to False'
|
||||
property :localpkg_gpgcheck, [true, false], description: 'This tells yum whether or not it should perform a GPG signature check on local packages (packages in a file, not in a repositoy).'
|
||||
property :logfile, String, default: '/var/log/yum.log', description: 'Full directory and file name for where yum should write its log file.'
|
||||
property :max_connections, String, regex: /^\d+/, description: 'The maximum number of simultaneous connections. This overrides the urlgrabber default of 5 connections. Note that there are also implicit per-mirror limits and the downloader honors these too.'
|
||||
property :mddownloadpolicy, String, equal_to: %w(sqlite xml), description: "You can select which kinds of repodata you would prefer yum to download:\n'sqlite' - Download the .sqlite files, if available. This is currently slightly faster, once they are downloaded. However these files tend to be bigger, and thus. take longer to download. \n'xml' - Download the .XML files, which yum will do anyway as a fallback on the other options. These files tend to be smaller, but they require parsing/converting locally after download and some aditional checks are performed on them each time they are used."
|
||||
property :mdpolicy, String, equal_to: %w(instant group:primary group:small group:main group:all), description: "You can select from different metadata download policies depending on how much data you want to download with the main repository metadata index. The advantages of downloading more metadata with the index is that you can't get into situations where you need to use that metadata later and the versions available aren't compatible (or the user lacks privileges) and that if the metadata is corrupt in any way yum will revert to the previous metadata.\n'instant' - Just download the new metadata index, this is roughly what yum always did, however it now does some checking on the index and reverts if it classifies it as bad.\n'group:primary' - Download the primary metadata with the index. This contains most of the package information and so is almost always required anyway.\n'group:small' - With the primary also download the updateinfo metadata, groups, and pkgtags. This is required for yum-security operations and it also used in the graphical clients. This file also tends to be significantly smaller than most others. This is the default. \n'group:main' - With the primary and updateinfo download the filelists metadata and the group metadata. The filelists data is required for operations like 'yum install /bin/bash', and also some dependency resolutions require it. The group data is used in some graphical clients and for group operations like 'yum grouplist Base'.\n'group:all' - Download all metadata listed in the index, currently the only one not listed above is the other metadata, which contains the changelog information which is used by yum-changelog. This is what 'yum makecache' uses."
|
||||
property :metadata_expire, String, regex: [/^\d+$/, /^\d+[mhd]$/, /never/], description: "Time (in seconds) after which the metadata will expire. So that if the current metadata downloaded is less than this many seconds old then yum will not update the metadata against the repository. If you find that yum is not downloading information on updates as often as you would like lower the value of this option. You can also change from the default of using seconds to using days, hours or minutes by appending a d, h or m respectively. The default is 6 hours, to compliment yum-updatesd running once an hour. It's also possible to use the word 'never', meaning that the metadata will never expire. Note that when using a metalink file the metalink must always be newer than the metadata for the repository, due to the validation, so this timeout also applies to the metalink file."
|
||||
property :metadata_expire_filter, String, equal_to: %w(never read-only:past read-only:present read-only:future), description: "Filter the metadata_expire time, allowing a trade of speed for accuracy if a command doesn't require it. Each yum command can specify that it requires a certain level of timeliness quality from the remote repos. from 'I\'m about to install/upgrade, so this better be current' to 'Anything that\'s available is good enough'. \n'never' - Nothing is filtered, always obey metadata_expire. \n'read-only:past' - Commands that only care about past\ information are filtered from metadata expiring. Eg. yum history info (if history needs to lookup anything about a previous transaction, then by definition the remote package was available in the past). \n'read-only:present' - Commands that are balanced between past and future. This is the default. Eg. yum list yum\n'read-only:future' - Commands that are likely to result in running other commands which will require the latest metadata. Eg. yum check-update\nNote that this option requires that all the enabled repositories be roughly the same freshness (meaning the cache age difference from one another is at most 5 days). Failing that, metadata_expire will always be obeyed, just like with 'never'.\nAlso note that this option does not override 'yum clean expire-cache'."
|
||||
property :minrate, String, description: "This sets the low speed threshold in bytes per second. If the server is sending data slower than this for at least 'timeout' seconds, Yum aborts the connection."
|
||||
property :mirrorlist_expire, String, regex: /^\d+$/, description: 'Time (in seconds) after which the mirrorlist locally cached will expire. If the current mirrorlist is less than this many seconds old then yum will not download another copy of the mirrorlist, it has the same extra format as metadata_expire. If you find that yum is not downloading the mirrorlists as often as you would like lower the value of this option.'
|
||||
property :multilib_policy, String, equal_to: %w(all best), description: "The policy installation policy. Can be set to 'all' or 'best'. All means install all possible arches for any package you want to install. Therefore yum install foo will install foo.i386 and foo.x86_64 on x86_64, if it is available. Best means install the best arch for this platform, only. "
|
||||
property :obsoletes, [true, false], description: "This option only has affect during an update. It enables yum's obsoletes processing logic. Useful when doing distribution level upgrades. See also the yum upgrade command documentation for more details"
|
||||
property :options, Hash
|
||||
property :override_install_langs, [true, false], description: "This is a way to override rpm's _install_langs macro. without having to change it within rpm's macro file"
|
||||
property :overwrite_groups, [true, false], description: "Used to determine yum's behaviour if two or more repositories offer the package groups with the same name. If overwrite_groups is true then the group packages of the last matching repository will be used. If overwrite_groups is false then the groups from all matching repositories will be merged together as one large group. Note that this option does not override remove_leaf_only, so enabling that option means this has almost no affect."
|
||||
property :password, String, description: 'password to use with the username for basic authentication.'
|
||||
property :path, String, name_property: true
|
||||
property :persistdir, String, description: 'Directory where yum should store information that should persist over multiple runs.'
|
||||
property :pluginconfpath, String, description: 'A list of directories where yum should look for plugin configuration files.'
|
||||
property :pluginpath, String, description: 'A list of directories where yum should look for plugin modules.'
|
||||
property :plugins, [true, false], default: true, description: 'Global switch to enable or disable yum plugins.'
|
||||
property :protected_multilib, [true, false], description: 'This tells yum whether or not it should perform a check to make sure that multilib packages are the same version. For example, if this option is off (rpm behavior) then in some cases it might be possible for pkgA-1.x86_64 and pkgA-2.i386 to be installed at the same time. However this is very rarely desired. Install only packages, like the kernel, are exempt from this check.'
|
||||
property :protected_packages, String, description: 'This is a list of packages that yum should never completely remove. They are protected via Obsoletes as well as user/plugin removals.'
|
||||
property :proxy, String, description: 'URL to the proxy server that yum should use.'
|
||||
property :proxy_password, String, description: 'The password for the specified proxy.'
|
||||
property :proxy_username, String, description: 'The username for the specified proxy.'
|
||||
property :query_install_excludes, [true, false], description: 'This applies the command line exclude option (only, not the configuration exclude above) to installed packages being shown in some query commands'
|
||||
property :recent, String, regex: /^\d+$/, description: "Number of days back to look for 'recent' packages added to a repository."
|
||||
property :recheck_installed_requires, [true, false], description: "When upgrading a package do we recheck any requirements that existed in the old package. Turning this on shouldn't do anything but slow yum depsolving down, however using rpm --nodeps etc. can break the rpmdb and then this will help."
|
||||
property :releasever, String
|
||||
property :remove_leaf_only, [true, false], description: "Used to determine yum's behaviour when a package is removed. If remove_leaf_only is false then packages, and their deps, will be removed. If remove_leaf_only is true then only those packages that aren't required by another package will be removed."
|
||||
property :repo_gpgcheck, [true, false], description: 'This tells yum whether or not it should perform a GPG signature check on the repodata. When this is set in the [main] section it sets the default for all repositories.'
|
||||
property :repopkgsremove_leaf_only, [true, false], description: "Used to determine yum's behaviour when the repo-pkg remove command is run. If repopkgremove_leaf_only is false then all packages in the repo. will be removed. If repopkgremove_leaf_only is true then only those packages in the repo. that aren't required by another package will be removed. Note that this option does not override remove_leaf_only, so enabling that option means this has almost no affect."
|
||||
property :reposdir, String, description: "A list of directories where yum should look for .repo files which define repositories to use. Default is '/etc/yum/repos.d'. Each file in this directory should contain one or more repository sections as documented in [repository] options below. These will be merged with the repositories defined in /etc/yum/yum.conf to form the complete set of repositories that yum will use."
|
||||
property :requires_policy, String, equal_to: %w(strong weak info), description: 'Strong means install just the needed requirements. Weak means also install any weak requirements. Info means install all requirements. This only happens on install/reinstall, upgrades/downgrades do not consult this at all. Note that yum will try to just drop weak and info requirements on errors.'
|
||||
property :reset_nice, [true, false], description: 'If set to true then yum will try to reset the nice value to zero, before running an rpm transaction.'
|
||||
property :retries, String, regex: /^\d+$/, description: "Set the number of times any attempt to retrieve a file should retry before returning an error. Setting this to '0' makes yum try forever."
|
||||
property :rpmverbosity, String, equal_to: %w(info critical emergency error warn debug), description: 'Debug scriptlet output level.'
|
||||
property :shell_exit_status, String, equal_to: %w(0 ?), description: "Determines the exit status that should be returned by `yum shell' when it terminates after reading the `exit' command or EOF. If ? is set, the exit status is that of the last command executed before `exit' (bash-like behavior). Yum defaults to 0."
|
||||
property :showdupesfromrepos, [true, false], description: 'Set to true if you wish to show any duplicate packages from any repository, from package listings like the info or list commands. Set to false if you want only to see the newest packages from any repository.'
|
||||
property :skip_broken, [true, false], description: 'Resolve depsolve problems by removing packages that are causing problems from the transaction.'
|
||||
property :skip_if_unavailable, [true, false], description: 'If enabled, DNF will continue running and disable any repository that could not be synchronized for any reason.'
|
||||
property :skip_missing_names_on_install, [true, false], description: "If set to False, 'yum install' will fail if it can't find any of the provided names (package, group, rpm file). Yum's default is true."
|
||||
property :skip_missing_names_on_update, [true, false], description: "If set to False, 'yum update' will fail if it can't find any of the provided names (package, group, rpm file). It will also fail if the provided name is a package which is available, but not installed. Yum's default is true."
|
||||
property :ssl_check_cert_permissions, [true, false], description: "Whether yum should check the permissions on the paths for the certificates on the repository (both remote and local). If we can't read any of the files then yum will force skip_if_unavailable to be true. This is most useful for non-root processes which use yum on repos. that have client cert files which are readable only by root."
|
||||
property :sslcacert, String, description: 'Path to the directory containing the databases of the certificate authorities yum should use to verify SSL certificates.'
|
||||
property :sslclientcert, String, description: 'Path to the SSL client certificate yum should use to connect to repos/remote sites.'
|
||||
property :sslclientkey, String, description: 'Path to the SSL client key yum should use to connect to repos/remote sites.'
|
||||
property :sslverify, [true, false], description: 'Should yum verify SSL certificates/hosts at all.'
|
||||
property :syslog_device, String, description: 'Where to log syslog messages. Can be a local device (path) or a host:port string to use a remote syslog. If empty or points to a nonexistent device, syslog logging is disabled.'
|
||||
property :syslog_facility, String, description: 'Facility name for syslog messages.'
|
||||
property :syslog_ident, String, description: 'Identification (program name) for syslog messages.'
|
||||
property :throttle, String, regex: [/\d+k/, /\d+M/, /\d+G/], description: "Enable bandwidth throttling for downloads. This option can be expressed as a absolute data rate in bytes/sec. An SI prefix (k, M or G) may be appended to the bandwidth value (eg. '5.5k' is 5.5 kilobytes/sec, '2M' is 2 Megabytes/sec)."
|
||||
property :timeout, String, regex: /^\d+$/, description: 'Number of seconds to wait for a connection before timing out.'
|
||||
property :tolerant, [true, false], description: "If enabled, yum will go slower, checking for things that shouldn't be possible making it more tolerant of external errors. Default to '0' (not tolerant)."
|
||||
property :tsflags, String, description: "Comma or space separated list of transaction flags to pass to the rpm transaction set. These include 'noscripts', 'notriggers', 'nodocs', 'test', 'justdb' and 'nocontexts'. 'repackage' is also available but that does nothing with newer rpm versions. You can set all/any of them. However, if you don't know what these do in the context of an rpm transaction set you're best leaving it alone."
|
||||
property :ui_repoid_vars, String, description: 'When a repository id is displayed, append these yum variables to the string if they are used in the baseurl/etc. Variables are appended in the order listed (and found).'
|
||||
property :upgrade_group_objects_upgrade, [true, false], description: "Set this to false to disable the automatic running of 'group upgrade' when running the 'upgrade' command, and group_command is set to 'objects'."
|
||||
property :upgrade_requirements_on_install, [true, false], description: "When installing/reinstalling/upgrading packages go through each package's installed dependencies and check for an update."
|
||||
property :usercache, String, description: "Determines whether or not yum should store per-user cache in $TMPDIR. When set to '0', then whenever yum runs as a non-root user, --cacheonly is implied and system cache is used directly, and no new user cache is created in $TMPDIR. This can be used to prevent $TMPDIR from filling up if many users on the system often use yum and root tends to have up-to-date metadata that the users can rely on (they can still enable this feature with --setopt if they wish)."
|
||||
property :username, String, description: 'username to use for basic authentication to a repo or really any url.'
|
||||
property :usr_w_check, [true, false], description: "Set this to false to disable the checking for writability on /usr in the installroot (when going into the depsolving stage). Yum's default is true."
|
||||
|
||||
alias_method :max_retries, :retries
|
||||
|
||||
action :create do
|
||||
template new_resource.path do
|
||||
source 'main.erb'
|
||||
cookbook 'yum'
|
||||
mode '0644'
|
||||
variables(config: new_resource)
|
||||
end
|
||||
end
|
||||
|
||||
action :delete do
|
||||
file new_resource.path do
|
||||
action :delete
|
||||
end
|
||||
end
|
|
@ -0,0 +1,295 @@
|
|||
# This file was generated by Chef Infra Client
|
||||
# Do NOT modify this file by hand.
|
||||
|
||||
[main]
|
||||
<% if @config.alwaysprompt %>
|
||||
alwaysprompt=<%= @config.alwaysprompt %>
|
||||
<% end %>
|
||||
<% if @config.assumeyes %>
|
||||
assumeyes=<%= @config.assumeyes %>
|
||||
<% end %>
|
||||
<% if @config.bandwidth %>
|
||||
bandwidth=<%= @config.bandwidth %>
|
||||
<% end %>
|
||||
<% unless @config.best.nil? %>
|
||||
best=<%= @config.best %>
|
||||
<% end %>
|
||||
<% if @config.bugtracker_url %>
|
||||
bugtracker_url=<%= @config.bugtracker_url %>
|
||||
<% end %>
|
||||
<% if @config.cachedir %>
|
||||
cachedir=<%= @config.cachedir %>
|
||||
<% end %>
|
||||
<% if @config.clean_requirements_on_remove %>
|
||||
clean_requirements_on_remove=<%= @config.clean_requirements_on_remove %>
|
||||
<% end %>
|
||||
<% if @config.color %>
|
||||
color=<%= @config.color %>
|
||||
<% end %>
|
||||
<% if @config.color_list_available_downgrade %>
|
||||
color_list_available_downgrade=<%= @config.color_list_available_downgrade %>
|
||||
<% end %>
|
||||
<% if @config.color_list_available_install %>
|
||||
color_list_available_install=<%= @config.color_list_available_install %>
|
||||
<% end %>
|
||||
<% if @config.color_list_available_reinstall %>
|
||||
color_list_available_reinstall=<%= @config.color_list_available_reinstall %>
|
||||
<% end %>
|
||||
<% if @config.color_list_available_upgrade %>
|
||||
color_list_available_upgrade=<%= @config.color_list_available_upgrade %>
|
||||
<% end %>
|
||||
<% if @config.color_list_installed_extra %>
|
||||
color_list_installed_extra=<%= @config.color_list_installed_extra %>
|
||||
<% end %>
|
||||
<% if @config.color_list_installed_newer %>
|
||||
color_list_installed_newer=<%= @config.color_list_installed_newer %>
|
||||
<% end %>
|
||||
<% if @config.color_list_installed_older %>
|
||||
color_list_installed_older=<%= @config.color_list_installed_older %>
|
||||
<% end %>
|
||||
<% if @config.color_list_installed_reinstall %>
|
||||
color_list_installed_reinstall=<%= @config.color_list_installed_reinstall %>
|
||||
<% end %>
|
||||
<% if @config.color_search_match %>
|
||||
color_search_match=<%= @config.color_search_match %>
|
||||
<% end %>
|
||||
<% if @config.color_update_installed %>
|
||||
color_update_installed=<%= @config.color_update_installed %>
|
||||
<% end %>
|
||||
<% if @config.color_update_local %>
|
||||
color_update_local=<%= @config.color_update_local %>
|
||||
<% end %>
|
||||
<% if @config.color_update_remote %>
|
||||
color_update_remote=<%= @config.color_update_remote %>
|
||||
<% end %>
|
||||
<% if @config.commands %>
|
||||
commands=<%= @config.commands %>
|
||||
<% end %>
|
||||
<% if @config.debuglevel %>
|
||||
debuglevel=<%= @config.debuglevel %>
|
||||
<% end %>
|
||||
<% if @config.deltarpm == true %>
|
||||
deltarpm=1
|
||||
<% elsif @config.deltarpm == false %>
|
||||
deltarpm=0
|
||||
<% end %>
|
||||
<% if @config.diskspacecheck %>
|
||||
diskspacecheck=<%= @config.diskspacecheck %>
|
||||
<% end %>
|
||||
<% if @config.distroverpkg %>
|
||||
distroverpkg=<%= @config.distroverpkg %>
|
||||
<% end %>
|
||||
<% if @config.enable_group_conditionals %>
|
||||
enable_group_conditionals=1
|
||||
<% end %>
|
||||
<% if @config.errorlevel %>
|
||||
errorlevel=<%= @config.errorlevel %>
|
||||
<% end %>
|
||||
<% if @config.exactarch %>
|
||||
exactarch=1
|
||||
<% else %>
|
||||
exactarch=0
|
||||
<% end %>
|
||||
<% if @config.exclude %>
|
||||
exclude=<%= @config.exclude %>
|
||||
<% end %>
|
||||
<% if @config.excludepkgs %>
|
||||
excludepkgs=<%= @config.excludepkgs %>
|
||||
<% end %>
|
||||
<% if @config.gpgcheck %>
|
||||
gpgcheck=1
|
||||
<% else %>
|
||||
gpgcheck=0
|
||||
<% end %>
|
||||
<% if @config.group_package_types %>
|
||||
group_package_types=<%= @config.group_package_types %>
|
||||
<% end %>
|
||||
<% if @config.groupremove_leaf_only %>
|
||||
groupremove_leaf_only=<%= @config.groupremove_leaf_only %>
|
||||
<% end %>
|
||||
<% if @config.history_list_view %>
|
||||
history_list_view=<%= @config.history_list_view %>
|
||||
<% end %>
|
||||
<% if @config.history_record %>
|
||||
history_record=<%= @config.history_record %>
|
||||
<% end %>
|
||||
<% if @config.history_record_packages %>
|
||||
history_record_packages=<%= @config.history_record_packages %>
|
||||
<% end %>
|
||||
<% if @config.http_caching %>
|
||||
http_caching=<%= @config.http_caching %>
|
||||
<% end %>
|
||||
<% if @config.ip_resolve %>
|
||||
ip_resolve=<%= @config.ip_resolve %>
|
||||
<% end %>
|
||||
<% unless @config.install_weak_deps.nil? %>
|
||||
<% if @config.install_weak_deps %>
|
||||
install_weak_deps=1
|
||||
<% else %>
|
||||
install_weak_deps=0
|
||||
<% end %>
|
||||
<% end %>
|
||||
<% if @config.installonly_limit %>
|
||||
installonly_limit=<%= @config.installonly_limit %>
|
||||
<% end %>
|
||||
<% if @config.installonlypkgs %>
|
||||
installonlypkgs=<%= @config.installonlypkgs %>
|
||||
<% end %>
|
||||
<% if @config.installroot %>
|
||||
installroot=<%= @config.installroot %>
|
||||
<% end %>
|
||||
<% if @config.keepalive %>
|
||||
keepalive=<%= @config.keepalive %>
|
||||
<% end %>
|
||||
<% if @config.keepcache %>
|
||||
keepcache=1
|
||||
<% else %>
|
||||
keepcache=0
|
||||
<% end %>
|
||||
<% if @config.kernelpkgnames %>
|
||||
kernelpkgnames=<%= @config.kernelpkgnames %>
|
||||
<% end %>
|
||||
<% if @config.localpkg_gpgcheck %>
|
||||
localpkg_gpgcheck=1
|
||||
<% else %>
|
||||
localpkg_gpgcheck=0
|
||||
<% end %>
|
||||
<% if @config.logfile %>
|
||||
logfile=<%= @config.logfile %>
|
||||
<% end %>
|
||||
<% if @config.max_retries %>
|
||||
max_retries=<%= @config.max_retries %>
|
||||
<% end %>
|
||||
<% if @config.mdpolicy %>
|
||||
mdpolicy=<%= @config.mdpolicy %>
|
||||
<% end %>
|
||||
<% if @config.metadata_expire %>
|
||||
metadata_expire=<%= @config.metadata_expire %>
|
||||
<% end %>
|
||||
<% if @config.mirrorlist_expire %>
|
||||
mirrorlist_expire=<%= @config.mirrorlist_expire %>
|
||||
<% end %>
|
||||
<% if @config.multilib_policy %>
|
||||
multilib_policy=<%= @config.multilib_policy %>
|
||||
<% end %>
|
||||
<% if @config.obsoletes == false %>
|
||||
obsoletes=0
|
||||
<% else %>
|
||||
obsoletes=1
|
||||
<% end %>
|
||||
<% if @config.overwrite_groups %>
|
||||
overwrite_groups=<%= @config.overwrite_groups %>
|
||||
<% end %>
|
||||
<% if @config.password %>
|
||||
password=<%= @config.password %>
|
||||
<% end %>
|
||||
<% if @config.persistdir %>
|
||||
persistdir=<%= @config.persistdir %>
|
||||
<% end %>
|
||||
<% if @config.pluginconfpath %>
|
||||
pluginconfpath=<%= @config.pluginconfpath %>
|
||||
<% end %>
|
||||
<% if @config.pluginpath %>
|
||||
pluginpath=<%= @config.pluginpath %>
|
||||
<% end %>
|
||||
<% if @config.plugins %>
|
||||
plugins=1
|
||||
<% else %>
|
||||
plugins=0
|
||||
<% end %>
|
||||
<% if @config.protected_multilib %>
|
||||
protected_multilib=<%= @config.protected_multilib %>
|
||||
<% end %>
|
||||
<% if @config.protected_packages %>
|
||||
protected_packages=<%= @config.protected_packages %>
|
||||
<% end %>
|
||||
<% if @config.proxy %>
|
||||
proxy=<%= @config.proxy %>
|
||||
<% end %>
|
||||
<% if @config.proxy_password %>
|
||||
proxy_password=<%= @config.proxy_password %>
|
||||
<% end %>
|
||||
<% if @config.proxy_username %>
|
||||
proxy_username=<%= @config.proxy_username %>
|
||||
<% end %>
|
||||
<% if @config.recent %>
|
||||
recent=<%= @config.recent %>
|
||||
<% end %>
|
||||
<% if @config.releasever && @config.releasever.length > 0 %>
|
||||
releasever=<%= @config.releasever %>
|
||||
<% end %>
|
||||
<% if @config.repo_gpgcheck %>
|
||||
repo_gpgcheck=<%= @config.repo_gpgcheck %>
|
||||
<% end %>
|
||||
<% if @config.reposdir %>
|
||||
reposdir=<%= @config.reposdir %>
|
||||
<% end %>
|
||||
<% if @config.reset_nice %>
|
||||
reset_nice=<%= @config.reset_nice %>
|
||||
<% end %>
|
||||
<% if @config.rpmverbosity %>
|
||||
rpmverbosity=<%= @config.rpmverbosity %>
|
||||
<% end %>
|
||||
<% if @config.showdupesfromrepos %>
|
||||
showdupesfromrepos=<%= @config.showdupesfromrepos %>
|
||||
<% end %>
|
||||
<% if @config.skip_broken %>
|
||||
skip_broken=<%= @config.skip_broken %>
|
||||
<% end %>
|
||||
<% unless @config.skip_if_unavailable.nil? %>
|
||||
skip_if_unavailable=<%= @config.skip_if_unavailable %>
|
||||
<% end %>
|
||||
<% if @config.ssl_check_cert_permissions %>
|
||||
ssl_check_cert_permissions=<%= @config.ssl_check_cert_permissions %>
|
||||
<% end %>
|
||||
<% if @config.sslcacert %>
|
||||
sslcacert=<%= @config.sslcacert %>
|
||||
<% end %>
|
||||
<% if @config.sslclientcert %>
|
||||
sslclientcert=<%= @config.sslclientcert %>
|
||||
<% end %>
|
||||
<% if @config.sslclientkey %>
|
||||
sslclientkey=<%= @config.sslclientkey %>
|
||||
<% end %>
|
||||
<% unless @config.sslverify.nil? %>
|
||||
sslverify=<%= ( @config.sslverify ) ? 'true' : 'false' %>
|
||||
<% end %>
|
||||
<% if @config.syslog_device %>
|
||||
syslog_device=<%= @config.syslog_device %>
|
||||
<% end %>
|
||||
<% if @config.syslog_facility %>
|
||||
syslog_facility=<%= @config.syslog_facility %>
|
||||
<% end %>
|
||||
<% if @config.syslog_ident %>
|
||||
syslog_ident=<%= @config.syslog_ident %>
|
||||
<% end %>
|
||||
<% if @config.throttle %>
|
||||
throttle=<%= @config.throttle %>
|
||||
<% end %>
|
||||
<% if @config.timeout %>
|
||||
timeout=<%= @config.timeout %>
|
||||
<% end %>
|
||||
<% if @config.tolerant %>
|
||||
tolerant=<%= ( @config.tolerant ) ? '1' : '0' %>
|
||||
<% end %>
|
||||
<% if @config.tsflags %>
|
||||
tsflags=<%= @config.tsflags %>
|
||||
<% end %>
|
||||
<% if @config.username %>
|
||||
username=<%= @config.username %>
|
||||
<% end %>
|
||||
<% if @config.options -%>
|
||||
<% @config.options.each do |key, value| -%>
|
||||
<%= key %>=<%=
|
||||
case value
|
||||
when Array
|
||||
value.join("\n ")
|
||||
when TrueClass
|
||||
'1'
|
||||
when FalseClass
|
||||
'0'
|
||||
else
|
||||
value
|
||||
end %>
|
||||
<% end -%>
|
||||
<% end -%>
|
|
@ -4,6 +4,9 @@
|
|||
"json_class": "Chef::Environment",
|
||||
"chef_type": "environment",
|
||||
"default_attributes": {
|
||||
"openresty": {
|
||||
"try_aio": false
|
||||
}
|
||||
},
|
||||
"override_attributes": {
|
||||
"kosmos-mastodon": {
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
{
|
||||
"name": "draco.kosmos.org",
|
||||
"chef_environment": "production",
|
||||
"normal": {
|
||||
"knife_zero": {
|
||||
"host": "10.1.1.167"
|
||||
|
@ -8,6 +9,9 @@
|
|||
"backup": {
|
||||
"schedule": "0/3:55"
|
||||
}
|
||||
},
|
||||
"openresty": {
|
||||
"listen_ip": "148.251.237.111"
|
||||
}
|
||||
},
|
||||
"automatic": {
|
||||
|
@ -17,7 +21,8 @@
|
|||
"hostname": "draco",
|
||||
"ipaddress": "148.251.237.73",
|
||||
"roles": [
|
||||
|
||||
"openresty_proxy",
|
||||
"openresty"
|
||||
],
|
||||
"recipes": [
|
||||
"kosmos-base",
|
||||
|
@ -30,7 +35,10 @@
|
|||
"kosmos-ipfs::firewall_swarm",
|
||||
"kosmos-bitcoin::firewall",
|
||||
"kosmos_zerotier::firewall",
|
||||
"kosmos-nginx::firewall",
|
||||
"kosmos_openresty",
|
||||
"kosmos_openresty::default",
|
||||
"kosmos_openresty::firewall",
|
||||
"kosmos_assets::nginx_site",
|
||||
"sockethub::firewall",
|
||||
"apt::default",
|
||||
"timezone_iii::default",
|
||||
|
@ -47,19 +55,30 @@
|
|||
"postfix::sasl_auth",
|
||||
"hostname::default",
|
||||
"firewall::default",
|
||||
"chef-sugar::default"
|
||||
"openresty::apt_package",
|
||||
"openresty::ohai_plugin",
|
||||
"openresty::commons_user",
|
||||
"openresty::commons_dir",
|
||||
"openresty::commons_script",
|
||||
"openresty::commons_conf",
|
||||
"logrotate::default",
|
||||
"openresty::luarocks",
|
||||
"git::default",
|
||||
"git::package",
|
||||
"kosmos-base::letsencrypt"
|
||||
],
|
||||
"platform": "ubuntu",
|
||||
"platform_version": "20.04",
|
||||
"cloud": null,
|
||||
"chef_packages": {
|
||||
"ohai": {
|
||||
"version": "15.12.0",
|
||||
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/ohai-15.12.0/lib/ohai"
|
||||
},
|
||||
"chef": {
|
||||
"version": "15.17.4",
|
||||
"chef_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.17.4/lib"
|
||||
"version": "18.2.7",
|
||||
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.2.7/lib",
|
||||
"chef_effortless": null
|
||||
},
|
||||
"ohai": {
|
||||
"version": "18.1.4",
|
||||
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.4/lib/ohai"
|
||||
}
|
||||
}
|
||||
},
|
||||
|
@ -72,7 +91,7 @@
|
|||
"recipe[kosmos-ipfs::firewall_swarm]",
|
||||
"recipe[kosmos-bitcoin::firewall]",
|
||||
"recipe[kosmos_zerotier::firewall]",
|
||||
"recipe[kosmos-nginx::firewall]",
|
||||
"role[openresty_proxy]",
|
||||
"recipe[sockethub::firewall]"
|
||||
]
|
||||
}
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,17 @@
|
|||
name "openresty"
|
||||
|
||||
development_run_list = %w(
|
||||
kosmos_openresty::default
|
||||
kosmos_openresty::hello_world
|
||||
)
|
||||
|
||||
default_run_list = %w(
|
||||
kosmos_openresty::default
|
||||
kosmos_openresty::firewall
|
||||
)
|
||||
|
||||
env_run_lists(
|
||||
'_default' => default_run_list,
|
||||
'development' => development_run_list,
|
||||
'production' => default_run_list
|
||||
)
|
|
@ -0,0 +1,54 @@
|
|||
name "openresty_proxy"
|
||||
|
||||
override_attributes(
|
||||
'openresty' => {
|
||||
'server_names_hash_bucket_size' => 128
|
||||
},
|
||||
'tor' => {
|
||||
'HiddenServices' => {
|
||||
'web' => {
|
||||
'HiddenServicePorts' => ['80 127.0.0.1:80', '443 127.0.0.1:443']
|
||||
}
|
||||
}
|
||||
}
|
||||
)
|
||||
|
||||
development_run_list = %w(
|
||||
role[openresty]
|
||||
kosmos_assets::nginx_site
|
||||
)
|
||||
|
||||
default_run_list = %w(
|
||||
role[openresty]
|
||||
tor-full
|
||||
kosmos_assets::nginx_site
|
||||
kosmos_discourse::nginx
|
||||
kosmos_drone::nginx
|
||||
kosmos_garage::default
|
||||
kosmos_garage::firewall_rpc
|
||||
kosmos_garage::nginx_web
|
||||
kosmos_gitea::nginx
|
||||
kosmos_rsk::nginx_testnet
|
||||
kosmos_rsk::nginx_mainnet
|
||||
kosmos_website::default
|
||||
kosmos-akkounts::nginx
|
||||
kosmos-akkounts::nginx_api
|
||||
kosmos-bitcoin::nginx_lndhub
|
||||
kosmos-ejabberd::nginx
|
||||
kosmos-hubot::nginx_botka_irc-libera-chat
|
||||
kosmos-hubot::nginx_hal8000_xmpp
|
||||
kosmos-ipfs::nginx_public_gateway
|
||||
kosmos-mastodon::nginx
|
||||
remotestorage_discourse::nginx
|
||||
)
|
||||
|
||||
production_run_list = %w(
|
||||
role[openresty]
|
||||
kosmos_assets::nginx_site
|
||||
)
|
||||
|
||||
env_run_lists(
|
||||
'_default' => default_run_list,
|
||||
'development' => development_run_list,
|
||||
'production' => production_run_list
|
||||
)
|
|
@ -52,16 +52,17 @@ end
|
|||
end
|
||||
end
|
||||
|
||||
# TODO check if nginx is installed/running on the node
|
||||
file "/etc/letsencrypt/renewal-hooks/deploy/nginx" do
|
||||
content <<-EOF
|
||||
#!/usr/bin/env bash
|
||||
# Reloading nginx is enough to read the new certificates
|
||||
systemctl reload nginx
|
||||
EOF
|
||||
mode 0755
|
||||
owner "root"
|
||||
group "root"
|
||||
if node.run_list.roles.include?("openresty_proxy")
|
||||
file "/etc/letsencrypt/renewal-hooks/post/openresty" do
|
||||
content <<-EOF
|
||||
#!/usr/bin/env bash
|
||||
# Reloading openresty is enough to read the new certificates
|
||||
systemctl reload openresty
|
||||
EOF
|
||||
mode 0755
|
||||
owner "root"
|
||||
group "root"
|
||||
end
|
||||
end
|
||||
|
||||
# include_recipe 'kosmos-base::systemd_emails'
|
||||
|
|
|
@ -0,0 +1,50 @@
|
|||
resource_name :tls_cert_for
|
||||
provides :tls_cert_for
|
||||
|
||||
property :domain, [String, Array], name_property: true
|
||||
property :auth, [String, NilClass], default: nil
|
||||
|
||||
default_action :create
|
||||
|
||||
def initialize(*args)
|
||||
super
|
||||
|
||||
@run_context.include_recipe 'kosmos-base::letsencrypt'
|
||||
end
|
||||
|
||||
action :create do
|
||||
domains = Array(new_resource.domain)
|
||||
|
||||
case new_resource.auth
|
||||
when "gandi_dns"
|
||||
gandi_api_data_bag_item = data_bag_item('credentials', 'gandi_api_5apps')
|
||||
|
||||
hook_path = "/root/gandi_dns_certbot_hook.sh"
|
||||
template hook_path do
|
||||
cookbook "kosmos-base"
|
||||
variables gandi_api_key: gandi_api_data_bag_item["key"]
|
||||
mode 0770
|
||||
end
|
||||
|
||||
# Generate a Let's Encrypt cert (only if no cert has been generated before).
|
||||
# The systemd timer will take care of renewing
|
||||
execute "letsencrypt cert for #{domains.join(', ')}" do
|
||||
command <<-CMD
|
||||
certbot certonly --manual -n \
|
||||
--preferred-challenges dns \
|
||||
--manual-public-ip-logging-ok \
|
||||
--agree-tos \
|
||||
--manual-auth-hook '#{hook_path} auth' \
|
||||
--manual-cleanup-hook '#{hook_path} cleanup' \
|
||||
--deploy-hook /etc/letsencrypt/renewal-hooks/post/openresty \
|
||||
--email ops@kosmos.org \
|
||||
#{domains.map {|d| "-d #{d}" }.join(" ")}
|
||||
CMD
|
||||
not_if do
|
||||
::File.exist?("/etc/letsencrypt/live/#{domains.first}/fullchain.pem")
|
||||
end
|
||||
end
|
||||
else
|
||||
# regular http auth
|
||||
end
|
||||
end
|
|
@ -0,0 +1,63 @@
|
|||
#!/usr/bin/env bash
|
||||
#
|
||||
|
||||
set -euf -o pipefail
|
||||
|
||||
# ************** USAGE **************
|
||||
#
|
||||
# Example usage (with this hook file saved in /root/):
|
||||
#
|
||||
# sudo su -
|
||||
# certbot certonly --manual --preferred-challenges dns --manual-public-ip-logging-ok --agree-tos -d "5apps.com" -d muc.5apps.com -d "xmpp.5apps.com" \
|
||||
# --manual-auth-hook "/root/letsencrypt_hook.sh auth" --manual-cleanup-hook "/root/letsencrypt_hook.sh cleanup"
|
||||
#
|
||||
# This hook requires configuration, continue reading.
|
||||
#
|
||||
# ************** CONFIGURATION **************
|
||||
#
|
||||
# GANDI_API_KEY: Your Gandi Live API key
|
||||
#
|
||||
# PROVIDER_UPDATE_DELAY:
|
||||
# How many seconds to wait after updating your DNS records. This may be required,
|
||||
# depending on how slow your DNS host is to begin serving new DNS records after updating
|
||||
# them via the API. 30 seconds is a safe default, but some providers can be very slow
|
||||
# (e.g. Linode).
|
||||
#
|
||||
# Defaults to 30 seconds.
|
||||
#
|
||||
GANDI_API_KEY="<%= @gandi_api_key %>"
|
||||
PROVIDER_UPDATE_DELAY=2
|
||||
|
||||
regex='.*\.(.*\..*)'
|
||||
if [[ $CERTBOT_DOMAIN =~ $regex ]]
|
||||
then
|
||||
DOMAIN="${BASH_REMATCH[1]}"
|
||||
else
|
||||
DOMAIN="${CERTBOT_DOMAIN}"
|
||||
fi
|
||||
|
||||
# To be invoked via Certbot's --manual-auth-hook
|
||||
function auth {
|
||||
curl -s -D- -H "Content-Type: application/json" \
|
||||
-H "X-Api-Key: ${GANDI_API_KEY}" \
|
||||
-d "{\"rrset_name\": \"_acme-challenge.${CERTBOT_DOMAIN}.\",
|
||||
\"rrset_type\": \"TXT\",
|
||||
\"rrset_ttl\": 3600,
|
||||
\"rrset_values\": [\"${CERTBOT_VALIDATION}\"]}" \
|
||||
"https://dns.api.gandi.net/api/v5/domains/${DOMAIN}/records"
|
||||
|
||||
|
||||
sleep ${PROVIDER_UPDATE_DELAY}
|
||||
}
|
||||
|
||||
# To be invoked via Certbot's --manual-cleanup-hook
|
||||
function cleanup {
|
||||
curl -s -X DELETE -H "Content-Type: application/json" \
|
||||
-H "X-Api-Key: ${GANDI_API_KEY}" \
|
||||
https://dns.api.gandi.net/api/v5/domains/${DOMAIN}/records/_acme-challenge.${CERTBOT_DOMAIN}./TXT
|
||||
}
|
||||
|
||||
HANDLER=$1; shift;
|
||||
if [ -n "$(type -t $HANDLER)" ] && [ "$(type -t $HANDLER)" = function ]; then
|
||||
$HANDLER "$@"
|
||||
fi
|
|
@ -7,4 +7,5 @@ long_description 'Configures static asset Web hosting'
|
|||
version '1.0.0'
|
||||
chef_version '>= 15.10' if respond_to?(:chef_version)
|
||||
|
||||
depends "kosmos-nginx"
|
||||
depends "kosmos-base"
|
||||
depends "kosmos_openresty"
|
||||
|
|
|
@ -1,38 +1,36 @@
|
|||
#
|
||||
# Cookbook:: kosmos_assets
|
||||
# Recipe:: nginx_site
|
||||
# Recipe:: openresty_site
|
||||
#
|
||||
|
||||
include_recipe "kosmos-nginx"
|
||||
include_recipe "git"
|
||||
include_recipe "kosmos_openresty"
|
||||
|
||||
domain = node["kosmos_assets"]["domain"]
|
||||
|
||||
nginx_certbot_site domain
|
||||
tls_cert_for domain do
|
||||
auth "gandi_dns"
|
||||
action :create
|
||||
end
|
||||
|
||||
directory "/var/www/#{domain}/site" do
|
||||
user node["nginx"]["user"]
|
||||
group node["nginx"]["group"]
|
||||
user node["openresty"]["user"]
|
||||
group node["openresty"]["group"]
|
||||
mode "0755"
|
||||
recursive true
|
||||
end
|
||||
|
||||
git "/var/www/#{domain}/site" do
|
||||
user node["nginx"]["user"]
|
||||
group node["nginx"]["group"]
|
||||
user node["openresty"]["user"]
|
||||
group node["openresty"]["group"]
|
||||
repository node["kosmos_assets"]["repo"]
|
||||
revision node["kosmos_assets"]["revision"]
|
||||
action :sync
|
||||
end
|
||||
|
||||
template "#{node["nginx"]["dir"]}/sites-available/#{domain}" do
|
||||
source "nginx_conf_assets.erb"
|
||||
owner node["nginx"]["user"]
|
||||
mode 0640
|
||||
openresty_site domain do
|
||||
template "nginx_conf_assets.erb"
|
||||
variables domain: domain,
|
||||
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
|
||||
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem"
|
||||
notifies :reload, "service[nginx]", :delayed
|
||||
end
|
||||
|
||||
nginx_site domain do
|
||||
action :enable
|
||||
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
|
||||
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem"
|
||||
end
|
||||
|
|
|
@ -2,13 +2,14 @@
|
|||
# Generated by Chef
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name <%= @domain %>;
|
||||
|
||||
root /var/www/<%= @domain %>/site;
|
||||
|
||||
access_log off;
|
||||
access_log <%= node['openresty']['log_dir'] %>/<%= @domain %>.access.log;
|
||||
error_log <%= node['openresty']['log_dir'] %>/<%= @domain %>.error.log;
|
||||
gzip_static on;
|
||||
gzip_comp_level 5;
|
||||
|
||||
|
|
|
@ -0,0 +1,25 @@
|
|||
.vagrant
|
||||
*~
|
||||
*#
|
||||
.#*
|
||||
\#*#
|
||||
.*.sw[a-z]
|
||||
*.un~
|
||||
|
||||
# Bundler
|
||||
Gemfile.lock
|
||||
gems.locked
|
||||
bin/*
|
||||
.bundle/*
|
||||
|
||||
# test kitchen
|
||||
.kitchen/
|
||||
kitchen.local.yml
|
||||
|
||||
# Chef Infra
|
||||
Berksfile.lock
|
||||
.zero-knife.rb
|
||||
Policyfile.lock.json
|
||||
|
||||
.idea/
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
# kosmos_openresty CHANGELOG
|
||||
|
||||
## 0.1.0
|
||||
|
||||
Initial release.
|
|
@ -0,0 +1,21 @@
|
|||
The MIT License (MIT)
|
||||
|
||||
Copyright (c) 2023 Kosmos
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in
|
||||
all copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
THE SOFTWARE.
|
|
@ -0,0 +1,4 @@
|
|||
# kosmos_openresty
|
||||
|
||||
Wrapper cookbook for our fork of the openresty cookbook. It adds support for
|
||||
installing from the package using the official apt repository.
|
|
@ -0,0 +1,115 @@
|
|||
# Put files/directories that should be ignored in this file when uploading
|
||||
# to a Chef Infra Server or Supermarket.
|
||||
# Lines that start with '# ' are comments.
|
||||
|
||||
# OS generated files #
|
||||
######################
|
||||
.DS_Store
|
||||
ehthumbs.db
|
||||
Icon?
|
||||
nohup.out
|
||||
Thumbs.db
|
||||
.envrc
|
||||
|
||||
# EDITORS #
|
||||
###########
|
||||
.#*
|
||||
.project
|
||||
.settings
|
||||
*_flymake
|
||||
*_flymake.*
|
||||
*.bak
|
||||
*.sw[a-z]
|
||||
*.tmproj
|
||||
*~
|
||||
\#*
|
||||
REVISION
|
||||
TAGS*
|
||||
tmtags
|
||||
.vscode
|
||||
.editorconfig
|
||||
|
||||
## COMPILED ##
|
||||
##############
|
||||
*.class
|
||||
*.com
|
||||
*.dll
|
||||
*.exe
|
||||
*.o
|
||||
*.pyc
|
||||
*.so
|
||||
*/rdoc/
|
||||
a.out
|
||||
mkmf.log
|
||||
|
||||
# Testing #
|
||||
###########
|
||||
.circleci/*
|
||||
.codeclimate.yml
|
||||
.delivery/*
|
||||
.foodcritic
|
||||
.kitchen*
|
||||
.mdlrc
|
||||
.overcommit.yml
|
||||
.rspec
|
||||
.rubocop.yml
|
||||
.travis.yml
|
||||
.watchr
|
||||
.yamllint
|
||||
azure-pipelines.yml
|
||||
Dangerfile
|
||||
examples/*
|
||||
features/*
|
||||
Guardfile
|
||||
kitchen.yml*
|
||||
mlc_config.json
|
||||
Procfile
|
||||
Rakefile
|
||||
spec/*
|
||||
test/*
|
||||
|
||||
# SCM #
|
||||
#######
|
||||
.git
|
||||
.gitattributes
|
||||
.gitconfig
|
||||
.github/*
|
||||
.gitignore
|
||||
.gitkeep
|
||||
.gitmodules
|
||||
.svn
|
||||
*/.bzr/*
|
||||
*/.git
|
||||
*/.hg/*
|
||||
*/.svn/*
|
||||
|
||||
# Berkshelf #
|
||||
#############
|
||||
Berksfile
|
||||
Berksfile.lock
|
||||
cookbooks/*
|
||||
tmp
|
||||
|
||||
# Bundler #
|
||||
###########
|
||||
vendor/*
|
||||
Gemfile
|
||||
Gemfile.lock
|
||||
|
||||
# Policyfile #
|
||||
##############
|
||||
Policyfile.rb
|
||||
Policyfile.lock.json
|
||||
|
||||
# Documentation #
|
||||
#############
|
||||
CODE_OF_CONDUCT*
|
||||
CONTRIBUTING*
|
||||
documentation/*
|
||||
TESTING*
|
||||
UPGRADING*
|
||||
|
||||
# Vagrant #
|
||||
###########
|
||||
.vagrant
|
||||
Vagrantfile
|
|
@ -0,0 +1,10 @@
|
|||
name 'kosmos_openresty'
|
||||
maintainer 'Kosmos'
|
||||
maintainer_email 'mail@kosmos.org'
|
||||
license 'MIT'
|
||||
description 'Installs/Configures openresty'
|
||||
version '0.1.0'
|
||||
chef_version '>= 18.0'
|
||||
|
||||
depends 'kosmos-base'
|
||||
depends 'openresty'
|
|
@ -0,0 +1,7 @@
|
|||
#
|
||||
# Cookbook:: kosmos_openresty
|
||||
# Recipe:: default
|
||||
#
|
||||
|
||||
# Install openresty from official packages
|
||||
include_recipe 'openresty::apt_package'
|
|
@ -0,0 +1,11 @@
|
|||
#
|
||||
# Cookbook Name:: kosmos_openresty
|
||||
# Recipe:: firewall
|
||||
|
||||
include_recipe "kosmos-base::firewall"
|
||||
|
||||
firewall_rule "http/https" do
|
||||
port [80, 443]
|
||||
protocol :tcp
|
||||
command :allow
|
||||
end
|
|
@ -0,0 +1,10 @@
|
|||
#
|
||||
# Cookbook:: kosmos_openresty
|
||||
# Recipe:: hello_world
|
||||
#
|
||||
|
||||
openresty_site 'hello_world' do
|
||||
template 'hello_world.conf.erb'
|
||||
redirect_http false
|
||||
action :enable
|
||||
end
|
|
@ -0,0 +1,9 @@
|
|||
server {
|
||||
listen 80 reuseport;
|
||||
location / {
|
||||
default_type text/plain;
|
||||
content_by_lua_block {
|
||||
ngx.say("Hello World")
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1 @@
|
|||
Subproject commit 867046cbd1e120f7b2cb842114dcc725cdf0c2b2
|
Loading…
Reference in New Issue