kosmos/chef
kosmos
/
chef
8
3
Fork 0
Code Issues 34 Pull Requests 2 Projects 1 Activity

Merge pull request 'Set up openresty' (#502) from feature/501-openresty into master 

Reviewed-on: #502
This commit is contained in:
Râu Cao 2023-07-25 11:24:39 +00:00
parent 7d9faf40d8 be072fb985
commit 266b17eb98
52 changed files with 10555 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
.chef/config.rb
View File

@ -26,8 +26,7 @@ knife[:automatic_attribute_whitelist] = %w[
chef_packages
]
knife[:default_attribute_whitelist] = []
knife[:normal_attribute_whitelist] = ['knife_zero', 'kosmos_kvm', 'kosmos-ejabberd']
knife[:override_attribute_whitelist] = []
knife[:allowed_normal_attributes] = ['knife_zero', 'kosmos_kvm', 'kosmos-ejabberd']
# Added to /etc/chef/client.rb on node bootstrap
# https://docs.chef.io/attribute_persistence/
knife[:normal_attribute_allowlist] = ['knife_zero', 'kosmos_kvm', 'kosmos-ejabberd', 'openresty']
knife[:allowed_normal_attributes] = ['knife_zero', 'kosmos_kvm', 'kosmos-ejabberd', 'openresty']

3
.gitmodules vendored
View File

@ -1,3 +1,6 @@
[submodule "site-cookbooks/postgresql"]
path = site-cookbooks/postgresql
url = git@github.com:67P/postgresql.git
[submodule "site-cookbooks/openresty"]
path = site-cookbooks/openresty
url = https://github.com/67P/chef-openresty.git

12
Berksfile
View File

@ -2,10 +2,10 @@
source 'https://supermarket.chef.io'
cookbook 'elasticsearch', '~> 5.1.3'
cookbook 'firewall', '~> 6.2.16'
cookbook 'redisio', '~> 6.4.1'
cookbook 'ruby_build', '~> 2.5.0'
cookbook 'elasticsearch', '~> 5.1.3'
cookbook 'firewall', '~> 6.2.16'
cookbook 'redisio', '~> 6.4.1'
cookbook 'ruby_build', '~> 2.5.0'
cookbook 'ipfs',
git: 'https://gitea.kosmos.org/kosmos/ipfs-cookbook.git',
@ -37,3 +37,7 @@ cookbook 'timezone_iii', '= 1.0.4'
cookbook 'ulimit', '~> 1.0.0'
cookbook 'users', '~> 5.3.1'
cookbook 'zerotier', '~> 1.0.7'
# openresty dependency
cookbook 'jemalloc', '~> 0.1.7'
cookbook 'yum'

5
Berksfile.lock
View File

@ -15,6 +15,7 @@ DEPENDENCIES
revision: d7c25b6ce5fa490b6de3529fdc163fb64f1ece8a
ref: v0.7.0
java (~> 4.3.0)
jemalloc (~> 0.1.7)
logrotate (= 2.2.0)
mediawiki
git: https://github.com/67P/mediawiki-cookbook.git
@ -33,6 +34,7 @@ DEPENDENCIES
timezone_iii (= 1.0.4)
ulimit (~> 1.0.0)
users (~> 5.3.1)
yum
zerotier (~> 1.0.7)
GRAPH
@ -65,6 +67,8 @@ GRAPH
java (4.3.0)
homebrew (>= 0.0.0)
windows (>= 0.0.0)
jemalloc (0.1.7)
build-essential (>= 0.0.0)
logrotate (2.2.0)
mediawiki (0.5.0)
apache2 (>= 0.0.0)
@ -97,6 +101,7 @@ GRAPH
ulimit (1.0.0)
users (5.3.1)
windows (7.0.2)
yum (7.4.13)
yum-epel (4.2.3)
zerotier (1.0.7)
ohai (>= 0.0.0)

1
Gemfile.lock
View File

@ -306,6 +306,7 @@ GEM
PLATFORMS
x86_64-darwin-18
x86_64-darwin-19
x86_64-linux
DEPENDENCIES

27
Vagrantfile vendored
View File

@ -26,7 +26,7 @@ Vagrant.configure(2) do |config|
ldap.vm.network "private_network", ip: "192.168.56.5"
ldap.vm.provision :chef_zero do |chef|
chef.version = "17.10.0"
chef.version = "18.2.7"
chef.node_name = "vagrant-node-ldap"
chef.arguments = "--chef-license accept"
chef.cookbooks_path = ["cookbooks", "site-cookbooks"]
@ -49,7 +49,7 @@ Vagrant.configure(2) do |config|
# bitcoin.vm.synced_folder "../kredits/yap/", "/opt/yap"
bitcoin.vm.provision :chef_zero do |chef|
chef.version = "15.13.8"
chef.version = "18.2.7"
chef.node_name = "vagrant-node-bitcoin"
chef.arguments = "--chef-license accept"
chef.cookbooks_path = ["cookbooks", "site-cookbooks"]
@ -66,4 +66,27 @@ Vagrant.configure(2) do |config|
end
end
config.vm.define "openresty" do |openresty|
openresty.vm.box = "bento/ubuntu-20.04"
openresty.vm.network "forwarded_port", guest: 6379, host: 6379
openresty.vm.network "private_network", ip: "192.168.56.7"
openresty.vm.provision :chef_zero do |chef|
chef.version = "18.2.7"
chef.node_name = "vagrant-openresty"
chef.arguments = "--chef-license accept"
chef.cookbooks_path = ["cookbooks", "site-cookbooks"]
chef.data_bags_path = "data_bags"
chef.roles_path = "roles"
chef.nodes_path = "nodes"
chef.environments_path = "environments"
chef.encrypted_data_bag_secret_key_path = ".chef/encrypted_data_bag_secret"
chef.environment = "development"
chef.add_recipe "kosmos-base"
chef.add_role "openresty"
chef.add_role "openresty_proxy"
end
end
end

51
cookbooks/jemalloc/.kitchen.yml Normal file
View File

@ -0,0 +1,51 @@
---
driver:
name: docker
provisioner:
name: chef_solo
log_level: info
platforms:
- name: ubuntu-16.04-chef-12
provisioner:
product_name: chef
install_strategy: once
product_version: 12
hostname: chef-12-ubuntu.local
run_options:
e:
- LANGUAGE=en_US.UTF-8
- LC_ALL=en_US.UTF-8
- name: ubuntu-16.04-chef-latest
provisioner:
product_name: chef
install_strategy: once
product_version: latest
hostname: chef-latest-ubuntu.local
run_options:
e:
- LANGUAGE=en_US.UTF-8
- LC_ALL=en_US.UTF-8
- name: centos-7.5-chef-latest
driver_config:
image: centos/systemd
run_command: /usr/sbin/init
privileged: true
provision_command:
- sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
- systemctl enable sshd.service
provisioner:
product_name: chef
install_strategy: once
product_version: latest
hostname: chef-latest-centos.local
run_options:
e:
- LANGUAGE=en_US.UTF-8
- LC_ALL=en_US.UTF-8
suites:
- name: default
run_list:
- recipe[jemalloc::default]

5
cookbooks/jemalloc/Gemfile Normal file
View File

@ -0,0 +1,5 @@
source 'https://rubygems.org'
gem 'berkshelf', '~> 6.3'
gem 'test-kitchen', '~> 1.23'
gem 'kitchen-docker', '~> 2.7'

13
cookbooks/jemalloc/LICENSE Normal file
View File

@ -0,0 +1,13 @@
Copyright (C) 2013 Panagiotis Papadomitsos
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

77
cookbooks/jemalloc/README.md Normal file
View File

@ -0,0 +1,77 @@
# jemalloc Chef Cookbook
![Tag Version](https://img.shields.io/github/tag/priestjim/chef-jemalloc.svg) [![Cookbook Version](https://img.shields.io/cookbook/v/jemalloc.svg)](https://supermarket.chef.io/cookbooks/jemalloc) [![Build Status](https://travis-ci.org/priestjim/chef-jemalloc.svg?branch=master)](https://travis-ci.org/priestjim/chef-jemalloc) [![GitHub issues](https://img.shields.io/github/issues/priestjim/chef-jemalloc.svg)](https://github.com/priestjim/chef-jemalloc/issues) [![GitHub license](https://img.shields.io/badge/license-Apache%202-blue.svg)](https://raw.githubusercontent.com/priestjim/chef-jemalloc/master/LICENSE)
This simple recipe configures, compiles and installs the memory allocation
library `jemalloc` via source. jemalloc shines on high-request manycore
threaded applications and is a cheap upgrade if your workloads happen to fall
into this category.
## Requirements
### Platform
The following platforms are supported and tested using kitchen:
* Ubuntu 12.04, 12.10
* CentOS 7
Other Debian and RHEL family distributions are assumed to work.
### Chef Server
The cookbook converges best on Chef installations >= 10.16.2
## Attributes
The following attributes are available on this cookbook:
* `node['jemalloc']['url']` and `node['jemalloc']['version']` - The version and URL that
the library will be downloaded from
* `node['jemalloc']['checksum']` - The SHA-256 checksum of the above file
In addition, the following configuration flags are available as switches
* `node['jemalloc']['configure']['lazy_lock']` - Enables lazy locking (locking on multi-threaded applications only)
* `node['jemalloc']['configure']['xmalloc']` - Enables the `xmalloc` feature of jemalloc
* `node['jemalloc']['configure']['dss']` - Enables `sbrk` along `mmap` for memory allocations
* `node['jemalloc']['configure']['mremap']` - Enables the `mremap` feature of jemalloc
* `node['jemalloc']['configure']['stats']` - Enables the statistics gathering features of jemalloc
* `node['jemalloc']['configure']['profiling']` - Enables the code profiling features of jemalloc
* `node['jemalloc']['configure']['valgrind']` - Enables valgrind support in jemalloc
Recipes
=======
## default.rb
The default recipe downloads, compiles and installs the selected version of
jemalloc.
Usage
=====
Include the recipe on your node or role. Modify the
attributes as required in your role to change how various
configuration is applied per the attributes section above. In general,
override attributes in the role should be used when changing
attributes.
License and Author
==================
- Author:: Panagiotis Papadomitsos (<pj@ezgr.net>)
Copyright 2013, Panagiotis Papadomitsos
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

5
cookbooks/jemalloc/Thorfile Normal file
View File

@ -0,0 +1,5 @@
# encoding: utf-8
require 'bundler'
require 'bundler/setup'
require 'berkshelf/thor'

1
cookbooks/jemalloc/VERSION Normal file
View File

@ -0,0 +1 @@
0.1.7

33
cookbooks/jemalloc/attributes/default.rb Normal file
View File

@ -0,0 +1,33 @@
#
# Cookbook Name:: jemalloc
# Attribute:: default
#
# Copyright (C) 2013 Panagiotis Papadomitsos
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
default['jemalloc']['version'] = '5.1.0'
default['jemalloc']['url'] = "https://github.com/jemalloc/jemalloc/releases/download/#{node['jemalloc']['version']}/jemalloc-#{node['jemalloc']['version']}.tar.bz2"
default['jemalloc']['checksum'] = '5396e61cc6103ac393136c309fae09e44d74743c86f90e266948c50f3dbb7268'
# Configure options
default['jemalloc']['configure']['munmap'] = true
default['jemalloc']['configure']['lazy_lock'] = true
default['jemalloc']['configure']['xmalloc'] = false
default['jemalloc']['configure']['dss'] = false
default['jemalloc']['configure']['mremap'] = false
default['jemalloc']['configure']['stats'] = false
default['jemalloc']['configure']['profiling'] = false
default['jemalloc']['configure']['valgrind'] = false

96
cookbooks/jemalloc/chefignore Normal file
View File

@ -0,0 +1,96 @@
# Put files/directories that should be ignored in this file when uploading
# or sharing to the community site.
# Lines that start with '# ' are comments.
# OS generated files #
######################
.DS_Store
Icon?
nohup.out
ehthumbs.db
Thumbs.db
# SASS #
########
.sass-cache
# EDITORS #
###########
\#*
.#*
*~
*.sw[a-z]
*.bak
REVISION
TAGS*
tmtags
*_flymake.*
*_flymake
*.tmproj
.project
.settings
mkmf.log
## COMPILED ##
##############
a.out
*.o
*.pyc
*.so
*.com
*.class
*.dll
*.exe
*/rdoc/
# Testing #
###########
.watchr
.rspec
spec/*
spec/fixtures/*
test/*
features/*
Guardfile
Procfile
# SCM #
#######
.git
*/.git
.gitignore
.gitmodules
.gitconfig
.gitattributes
.svn
*/.bzr/*
*/.hg/*
*/.svn/*
# Berkshelf #
#############
Berksfile
Berksfile.lock
cookbooks/*
tmp
# Cookbooks #
#############
CONTRIBUTING
CHANGELOG*
# Strainer #
############
Colanderfile
Strainerfile
.colander
.strainer
# Vagrant #
###########
.vagrant
Vagrantfile
# Travis #
##########
.travis.yml

55
cookbooks/jemalloc/metadata.json Normal file
View File

@ -0,0 +1,55 @@
{
"name": "jemalloc",
"description": "Installs and configures the jemalloc library",
"long_description": "# jemalloc Chef Cookbook\n\n![Tag Version](https://img.shields.io/github/tag/priestjim/chef-jemalloc.svg) [![Cookbook Version](https://img.shields.io/cookbook/v/jemalloc.svg)](https://supermarket.chef.io/cookbooks/jemalloc) [![Build Status](https://travis-ci.org/priestjim/chef-jemalloc.svg?branch=master)](https://travis-ci.org/priestjim/chef-jemalloc) [![GitHub issues](https://img.shields.io/github/issues/priestjim/chef-jemalloc.svg)](https://github.com/priestjim/chef-jemalloc/issues) [![GitHub license](https://img.shields.io/badge/license-Apache%202-blue.svg)](https://raw.githubusercontent.com/priestjim/chef-jemalloc/master/LICENSE)\n\nThis simple recipe configures, compiles and installs the memory allocation\nlibrary `jemalloc` via source. jemalloc shines on high-request manycore\nthreaded applications and is a cheap upgrade if your workloads happen to fall\ninto this category.\n\n## Requirements\n\n### Platform\n\nThe following platforms are supported and tested using kitchen:\n\n* Ubuntu 12.04, 12.10\n* CentOS 7\n\nOther Debian and RHEL family distributions are assumed to work.\n\n### Chef Server\n\nThe cookbook converges best on Chef installations >= 10.16.2\n\n## Attributes\n\nThe following attributes are available on this cookbook:\n\n* `node['jemalloc']['url']` and `node['jemalloc']['version']` - The version and URL that\n the library will be downloaded from\n* `node['jemalloc']['checksum']` - The SHA-256 checksum of the above file\n\nIn addition, the following configuration flags are available as switches\n\n* `node['jemalloc']['configure']['lazy_lock']` - Enables lazy locking (locking on multi-threaded applications only)\n* `node['jemalloc']['configure']['xmalloc']` - Enables the `xmalloc` feature of jemalloc\n* `node['jemalloc']['configure']['dss']` - Enables `sbrk` along `mmap` for memory allocations\n* `node['jemalloc']['configure']['mremap']` - Enables the `mremap` feature of jemalloc\n* `node['jemalloc']['configure']['stats']` - Enables the statistics gathering features of jemalloc\n* `node['jemalloc']['configure']['profiling']` - Enables the code profiling features of jemalloc\n* `node['jemalloc']['configure']['valgrind']` - Enables valgrind support in jemalloc\n\nRecipes\n=======\n\n## default.rb\n\nThe default recipe downloads, compiles and installs the selected version of\njemalloc.\n\nUsage\n=====\n\nInclude the recipe on your node or role. Modify the\nattributes as required in your role to change how various\nconfiguration is applied per the attributes section above. In general,\noverride attributes in the role should be used when changing\nattributes.\n\nLicense and Author\n==================\n\n- Author:: Panagiotis Papadomitsos (<pj@ezgr.net>)\n\nCopyright 2013, Panagiotis Papadomitsos\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n",
"maintainer": "Panagiotis Papadomitsos",
"maintainer_email": "pj@ezgr.net",
"license": "Apache 2.0",
"platforms": {
"ubuntu": ">= 12.04",
"debian": ">= 6.0",
"redhat": ">= 6.0",
"scientific": ">= 6.0",
"oracle": ">= 6.0"
},
"dependencies": {
"build-essential": ">= 0.0.0"
},
"recommendations": {
},
"suggestions": {
},
"conflicting": {
},
"providing": {
},
"replacing": {
},
"attributes": {
},
"groupings": {
},
"recipes": {
"jemalloc": "Installs and configures the jemalloc library"
},
"version": "0.1.7",
"source_url": "",
"issues_url": "",
"privacy": false,
"chef_versions": [
],
"ohai_versions": [
],
"gems": [
]
}

17
cookbooks/jemalloc/metadata.rb Normal file
View File

@ -0,0 +1,17 @@
name 'jemalloc'
maintainer 'Panagiotis Papadomitsos'
maintainer_email 'pj@ezgr.net'
license 'Apache 2.0'
description 'Installs and configures the jemalloc library'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version IO.read(File.join(File.dirname(__FILE__), 'VERSION')).chomp rescue '0.1.0'
recipe 'jemalloc', 'Installs and configures the jemalloc library'
supports 'ubuntu', '>= 12.04'
supports 'debian', '>= 6.0'
supports 'redhat', '>= 6.0'
supports 'scientific', '>= 6.0'
supports 'oracle', '>= 6.0'
depends 'build-essential'

73
cookbooks/jemalloc/recipes/default.rb Normal file
View File

@ -0,0 +1,73 @@
#
# Cookbook Name:: jemalloc
# Recipe:: default
#
# Copyright (C) 2013 Panagiotis Papadomitsos
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include_recipe 'build-essential'
package 'bzip2' # For archive extraction
tmp = Chef::Config['file_cache_path'] || '/tmp'
jem_filename = ::File.basename(node['jemalloc']['url'])
jem_path = "#{tmp}/jemalloc-#{node['jemalloc']['version']}"
jem_libdir = (platform_family?('rhel') && node['kernel']['machine'].eql?('x86_64')) ? '/usr/lib64' : '/usr/lib'
remote_file "#{tmp}/#{jem_filename}" do
owner 'root'
group 'root'
mode 00644
source node['jemalloc']['url']
checksum node['jemalloc']['checksum']
action :create
end
execute 'extract-jemalloc' do
user 'root'
cwd(tmp)
command "tar xjf #{tmp}/#{jem_filename}"
not_if { ::File.directory?(jem_path)}
end
bash 'compile-jemalloc' do
user 'root'
cwd jem_path
code <<-EOH
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --disable-debug \\
#{'--enable-lazy-lock' if node['jemalloc']['configure']['lazy_lock']} \\
#{'--enable-xmalloc' if node['jemalloc']['configure']['xmalloc']} \\
#{'--enable-dss' if node['jemalloc']['configure']['dss']} \\
#{'--enable-mremap' if node['jemalloc']['configure']['mremap']} \\
#{'--disable-stats' unless node['jemalloc']['configure']['stats']} \\
#{'--enable-prof ' if node['jemalloc']['configure']['profiling']} \\
#{'--disable-valgrind' unless node['jemalloc']['configure']['valgrind']} &&
make
EOH
not_if { ::File.exists?("#{jem_path}/lib/libjemalloc.so.2")}
end
execute 'install-jemalloc' do
command 'make install'
cwd jem_path
not_if { ::FileUtils.cmp("#{jem_path}/lib/libjemalloc.so.2", "#{jem_libdir}/libjemalloc.so.2") rescue false }
action :run
notifies :run, 'execute[jemalloc-ldconfig]'
end
execute 'jemalloc-ldconfig' do
command 'ldconfig'
action :nothing
end

5
cookbooks/yum/.markdownlint-cli2.yaml Normal file
View File

@ -0,0 +1,5 @@
config:
ul-indent: false # MD007
line-length: false # MD013
no-duplicate-heading: false # MD024
reference-links-images: false # MD052

461
cookbooks/yum/CHANGELOG.md Normal file
View File

@ -0,0 +1,461 @@
# yum Cookbook CHANGELOG
This file is used to list changes made in each version of the yum cookbook.
## 7.4.13 - *2023-04-17*
## 7.4.12 - *2023-04-07*
Standardise files with files in sous-chefs/repo-management
## 7.4.11 - *2023-04-01*
## 7.4.10 - *2023-04-01*
Standardise files with files in sous-chefs/repo-management
## 7.4.9 - *2023-03-20*
Standardise files with files in sous-chefs/repo-management
## 7.4.8 - *2023-03-18*
- Update gaurav-nelson/github-action-markdown-link-check action to v1.0.15
- Fix yaml
## 7.4.7 - *2023-03-15*
- Standardise files with files in sous-chefs/repo-management
## 7.4.6 - *2023-02-27*
- remove circleci
## 7.4.5 - *2023-02-23*
- Standardise files with files in sous-chefs/repo-management
## 7.4.4 - *2023-02-16*
- Standardise files with files in sous-chefs/repo-management
## 7.4.3 - *2023-02-15*
- Update Actions
## 7.4.2 - *2023-02-15*
- Standardise files with files in sous-chefs/repo-management
## 7.4.1 - *2022-12-08*
- Standardise files with files in sous-chefs/repo-management
## 7.4.0 - *2022-05-09*
- Add support for DNF property `best`
- Add support for DNF property `skip_if_unavailable`
- Add support for DNF property `excludepkgs`
## 7.3.2 - *2022-02-02*
## 7.3.1 - *2022-01-27*
- Add testing for Alma Linux and Rocky Linux
- Remove testing for CentOS 8 (prefer Stream instead)
## 7.3.0 - *2022-01-07*
- Add `flush_cache` option to `dnf_module`
## 7.2.1 - *2021-12-21*
- Fix version comparison in `dnf_module` supported check
## 7.2.0 - *2021-09-29*
- Add `dnf_module` resource for managing DNF modules on RHEL 8+ / Fedora
## 7.1.0 - *2021-08-29*
- Add support for DNF (Yum v4) property `install_weak_deps` (#193)
## 7.0.1 - *2021-08-26*
- Standardise files with files in sous-chefs/repo-management (#191)
## 7.0.0 - *2021-08-13*
- Enable `unified_mode` for Chef 17 compatibility
- Remove deprecated `dnf_yum_compat` recipe
## 6.1.1 - *2021-06-01*
## 6.1.0 - *2021-03-24*
- complete ip_resolve additions started in 6.0.0
## 6.0.0 - *2021-01-20*
- Sous Chefs Adoption
- Cookstyle fixes
- Various testing fixes
- Standardise files with files in sous-chefs/repo-management
- Adding proper distroverpkg assignment for Oracle Linux
- Require 13+
- Remove RHEL5 references
- Mark `dnf_yum_compat` recipe deprecated
- Add EL8 support
## 5.1.0 (2017-08-04)
- Avoid spec deprecation warnings
- Use an empty string `releasever` to lock an Amazon Linux AMI to its current verison
## 5.0.1 (2017-04-06)
- Switch from Rake testing to Local Delivery
- Rename kitchen-docker to kitchen-dokken
- Update apache2 license string
- use true/false vs. TrueClass and FalseClass in the resource
## 5.0.0 (2017-02-12)
### Breaking changes
- Removed the yum_repository resource and instead require chef-client 12.14 or later, which has the yum repository functionality built in. This resolves Chef 13 compatibility warnings for any cookbook with the yum cookbook.
### Other changes
- Convert yum_globalconfig from an LWRP to a custom resource
## 4.2.0 (2017-02-12)
- Make cache in the DNF compat recipe
- Fix `fastestmirror_enabled`.
- Require Chef 12.1 not 12.0
- Convert to Inspec
## 4.1.0 (2016-10-21)
- Purge yum cache before removing a repo not after
## 4.0.0 (2016-09-06)
- Remove support for Chef 11
## 3.13.0 (2016-09-06)
- Add deprecation warning for add/remove actions, which were replaced with create/delete in Yum 3.0
- Remove support for Chef 10
## v3.12.0 (2016-08-25)
- Fixing baseurl to support multiple urls
- Modify releasever attribute for Amazon to match Amazon's default policy for releasever
## v3.11.0 (2016-06-01)
- Install yum at compile time in the dnf compatibility recipe
- Add IBM zlinux as a supported platform in the metadata
- Use cookstyle instead of rubocop to provide a consistent linting experience
## v3.10.0 (2016-02-04)
- Add a new sensitive attribute to the repository resource so prevent writing the diff of the config to Chef output / logs
- Update testing dependencies and remove the Guardfile / Guard dependencies
## v3.9.0 (2016-01-14)
- Added dnf_yum_compat recipe to ensure yum is installed on Fedora systems for Chef package resource compatibility. This will no longer be necessary when native dnf package support ships in chef-client.
## v3.8.2 (2015-10-28)
- # 141 - Replace clean_headers with clean_metadata
## v3.8.1 (2015-10-28)
- Fixing up Chef13 deprecation warnings
## v3.8.0 (2015-10-13)
- adding clean_headers boolean property to yum_resource
- restoring Chef 10 backwards compat for the sake of ChefSpec
- (unique resource names needed to avoid cloning)
- Fixing localpkg_gpgcheck values
## v3.7.1 (2015-09-08)
- # 135 - reverting "yum clean headers" as it breaks dnf compat
## v3.7.0 (2015-09-05)
- Adding deltarpm toggle
- Cleaning 'headers' rather than 'all'
## v3.6.3 (2015-07-13)
- Normalizing sslverify option rendering behavior
- Setting default value on the resource to nil
- Explictly setting string to render in template if value is supplied
- Behavior should default to "True", per man page
## v3.6.2 (2015-07-13)
- Adding -y to makecache, to import key when repo_gpgcheck = true.
- Accepting Integer value for max_retries
## v3.6.1 (2015-06-04)
- Executing yum clean before makecache
- Adding repo_gpgcheck
## v3.6.0 (2015-04-23)
- Adding "yum clean" before "yum makecache" in yum_repository :create
- Adding why_run support to yum_globalconfig
## v3.5.4 (2015-04-07)
- Changing tolerant config line to stringified integer
## v3.5.3 (2015-01-16)
- Adding reposdir to globalconfig template
## v3.5.2 (2014-12-24)
- Fixing redhat-release detection for Redhat 7
## v3.5.1 (2014-11-24)
- Reverting management of ca-certificates because EL5 was broken
## v3.5.0 (2014-11-24)
- Adding management of ca-certificates package to yum_repository provider
## v3.4.1 (2014-10-29)
- Run yum-makecache only_if new_resource.enabled
- Allow setting of reposdir in global yum config and man page
- Change default 'obsoletes' behavior to match yum defaults
## v3.4.0 (2014-10-15)
- Dynamically generate the new_resource attributes
## v3.3.2 (2014-09-11)
- Fix globalconfig resource param for http_caching
## v3.3.1 (2014-09-04)
- Fix issue with sslverify if set to false
- Add fancy badges
## v3.3.0 (2014-09-03)
- Adding tuning attributes for all supported resource parameters
- Adding options hash parameter
- Adding (real) rhel-6.5 and centos-7.0 to test-kitchen coverage
- Updating regex for mirror_expire and mirrorlist_expire to include /^\d+[mhd]$/
- Updating README so keepcache reflects reality (defaults to false)
- Changing 'obsoletes' behavior in globalconfig resource to match
- default behavior. (now defaults to nil, yum defaults to false)
- Adding makecache action to repository resource
- Adding mode parameter to repository resource. Defaults to '0644'.
## v3.2.4 (2014-08-20)
- # 82 - Adding a makecache parameter
## v3.2.2 (2014-06-11)
- # 77 - Parameter default to be Trueclass instead of "1"
- # 78 - add releasever parameter
## v3.2.0 (2014-04-09)
- [COOK-4510] - Adding username and password parameters to node attributes
- [COOK-4518] - Fix Scientific Linux distroverpkg
## v3.1.6 (2014-03-27)
- [COOK-4463] - support multiple GPG keys
- [COOK-4364] - yum_repository delete action fails
## v3.1.4 (2014-03-12)
- [COOK-4417] Expand test harness to encompass 32-bit boxes
## v3.1.2 (2014-02-23)
Fixing bugs around :delete action and cache clean Fixing specs to cover :remove and :delete aliasing properly Adding Travis-ci build matrix bits
## v3.1.0 (2014-02-13)
- Updating testing harness for integration testing on Travis-ci
- Adding TESTING.md and Guardfile
- PR #67 - Add skip_if_unvailable repository option
- PR #64 - Fix validation of 'metadata_expire' option to match documentation
- [COOK-3591] - removing node.name from repo template rendering
- [COOK-4275] - Enhancements to yum cookbook
- Adding full spec coverage
- Adding support for custom source template to yum_repository
## v3.0.8 (2014-01-27)
Fixing typo in default.rb. yum_globalconfig now passes proxy attribute correctly.
## v3.0.6 (2014-01-27)
Updating default.rb to consume node['yum']['main']['proxy']
## v3.0.4 (2013-12-29)
### Bug
- **[COOK-4156](https://tickets.chef.io/browse/COOK-4156)** - yum cookbook creates a yum.conf with "cachefir" directive
## v3.0.2
Updating globalconfig provider for Chef 10 compatability
## v3.0.0
3.0.0 Major rewrite with breaking changes. Recipes broken out into individual cookbooks yum_key resource has been removed yum_repository resource now takes gpgkey as a URL directly yum_repository actions have been reduced to :create and :delete 'name' has been changed to repositoryid to avoid ambiguity chefspec test coverage gpgcheck is set to 'true' by default and must be explicitly disabled
## v2.4.4
Reverting to Ruby 1.8 hash syntax.
## v2.4.2
[COOK-3275] LWRP repository.rb :add method fails to create yum repo in some cases which causes :update to fail Amazon rhel
## v2.4.0
### Improvement
- [COOK-3025] - Allow per-repo proxy definitions
## v2.3.4
### Improvement
- **[COOK-3689](https://tickets.chef.io/browse/COOK-3689)** - Fix warnings about resource cloning
- **[COOK-3574](https://tickets.chef.io/browse/COOK-3574)** - Add missing "description" field in metadata
## v2.3.2
### Bug
- **[COOK-3145](https://tickets.chef.io/browse/COOK-3145)** - Use correct download URL for epel `key_url`
## v2.3.0
### New Feature
- [COOK-2924]: Yum should allow type setting in repo file
## v2.2.4
### Bug
- [COOK-2360]: last commit to `yum_repository` changes previous behaviour
- [COOK-3015]: Yum cookbook test minitest to fail
## v2.2.2
### Improvement
- [COOK-2741]: yum::elrepo
- [COOK-2946]: update tests, test kitchen support in yum cookbook
### Bug
- [COOK-2639]: Yum cookbook - epel - always assumes url is a mirror list
- [COOK-2663]: Yum should allow metadata_expire setting in repo file
- [COOK-2751]: Update yum.ius_release version to 1.0-11
## v2.2.0
- [COOK-2189] - yum::ius failed on install (caused from rpm dependency)
- [COOK-2196] - Make includepkgs and exclude configurable for each repos
- [COOK-2244] - Allow configuring caching using attributes
- [COOK-2399] - yum cookbook LWRPs fail FoodCritic
- [COOK-2519] - Add priority option to Yum repo files
- [COOK-2593] - allow integer or string for yum priority
- [COOK-2643] - don't use conditional attribute for `yum_key` `remote_file`
## v2.1.0
- [COOK-2045] - add remi repository recipe
- [COOK-2121] - add `:create` action to `yum_repository`
## v2.0.6
- [COOK-2037] - minor style fixes
- [COOK-2038] - updated README
## v2.0.4
- [COOK-1908] - unable to install repoforge on CentOS 6 32 bit
## v2.0.2
- [COOK-1758] - Add default action for repository resource
## v2.0.0
This version changes the behavior of the EPEL recipe (most commonly used in other Chef cookbooks) on Amazon, and removes an attribute, `node['yum']['epel_release']`. See the README for details.
- [COOK-1772] - Simplify management of EPEL with LWRP
## v1.0.0
`mirrorlist` in the `yum_repository` LWRP must be set to the mirror list URI to use rather than setting it to true. See README.md.
- [COOK-1088] - use dl.fedoraproject.org for EPEL to prevent redirects
- [COOK-1653] - fix mirrorlist
- [COOK-1710] - support http proxy
- [COOK-1722] - update IUS version
## v0.8.2
- [COOK-1521] - add :update action to `yum_repository`
## v0.8.0
- [COOK-1204] - Make 'add' default action for yum_repository
- [COOK-1351] - option to not make the yum cache (via attribute)
- [COOK-1353] - x86_64 centos path fixes
- [COOK-1414] - recipe for repoforge
## v0.6.2
- Updated README to remove git diff artifacts.
## v0.6.0
- Default action for the yum_repository LWRP is now add.
- [COOK-1227] - clear Chefs internal cache after adding new yum repo
- [COOK-1262] - yum::epel should enable existing repo on Amazon Linux
- [COOK-1272], [COOK-1302] - update RPM file for CentOS / RHEL 6
- [COOK-1330] - update cookbook documentation on excludes for yum
- [COOK-1346] - retry remote_file for EPEL in case we get an FTP mirror
## v0.5.2
- [COOK-825] - epel and ius `remote_file` should notify the `rpm_package` to install
## v0.5.0
- [COOK-675] - add recipe for handling EPEL repository
- [COOK-722] - add recipe for handling IUS repository
## v.0.1.2
- Remove yum update in default recipe, that doesn't update caches, it updates packages installed.

202
cookbooks/yum/LICENSE Normal file
View File

@ -0,0 +1,202 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright {yyyy} {name of copyright owner}
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

109
cookbooks/yum/README.md Normal file
View File

@ -0,0 +1,109 @@
# yum Cookbook
[![Cookbook Version](https://img.shields.io/cookbook/v/yum.svg)](https://supermarket.chef.io/cookbooks/yum)
[![CI State](https://github.com/sous-chefs/yum/workflows/ci/badge.svg)](https://github.com/sous-chefs/yum/actions?query=workflow%3Aci)
[![OpenCollective](https://opencollective.com/sous-chefs/backers/badge.svg)](#backers)
[![OpenCollective](https://opencollective.com/sous-chefs/sponsors/badge.svg)](#sponsors)
[![License](https://img.shields.io/badge/License-Apache%202.0-green.svg)](https://opensource.org/licenses/Apache-2.0)
The Yum cookbook exposes the `yum_globalconfig` resource which allows a user to control global yum behavior. This resources aims to allow the user to configure all options listed in the `yum.conf` man page, found at <http://man7.org/linux/man-pages/man5/yum.conf.5.html>
## Maintainers
This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks. If youd like to know more please visit [sous-chefs.org](https://sous-chefs.org/) or come chat with us on the Chef Community Slack in [#sous-chefs](https://chefcommunity.slack.com/messages/C2V7B88SF).
## Requirements
### Platforms
- RHEL/CentOS and derivatives
- Fedora
### Chef
- Chef 15.3+
### Cookbooks
- none
## Resources
- [`yum_globalconfig`](documentation/yum_globalconfig.md)
- [`dnf_module`](documentation/dnf_module.md)
## Recipes (deprecated)
- `default` - Configures `yum_globalconfig[/etc/yum.conf]` with values found in node attributes at `node['yum']['main']`
## Attributes
The following attributes are set by default
```ruby
default['yum']['main']['cachedir'] = '/var/cache/yum/$basearch/$releasever'
default['yum']['main']['keepcache'] = false
default['yum']['main']['debuglevel'] = nil
default['yum']['main']['exclude'] = nil
default['yum']['main']['logfile'] = '/var/log/yum.log'
default['yum']['main']['exactarch'] = nil
default['yum']['main']['obsoletes'] = nil
default['yum']['main']['installonly_limit'] = nil
default['yum']['main']['installonlypkgs'] = nil
default['yum']['main']['installroot'] = nil
```
For Amazon platform nodes, the default is to receive a continuous flow of updates,
```ruby
default['yum']['main']['releasever'] = 'latest'
```
To lock existing instances to the current version of the Amazon AMI,
```ruby
default['yum']['main']['releasever'] = ''
```
## Related Cookbooks
Recipes from older versions of this cookbook have been moved individual cookbooks. Recipes for managing platform yum configurations and installing specific repositories can be found in one (or more!) of the following cookbook.
- yum-centos
- yum-fedora
- yum-amazon
- yum-epel
- yum-elrepo
- yum-repoforge
- yum-ius
- yum-percona
- yum-pgdg
## Usage
Put `depends 'yum'` in your metadata.rb to gain access to the yum_repository resource.
## Contributors
This project exists thanks to all the people who [contribute.](https://opencollective.com/sous-chefs/contributors.svg?width=890&button=false)
### Backers
Thank you to all our backers!
![https://opencollective.com/sous-chefs#backers](https://opencollective.com/sous-chefs/backers.svg?width=600&avatarHeight=40)
### Sponsors
Support this project by becoming a sponsor. Your logo will show up here with a link to your website.
![https://opencollective.com/sous-chefs/sponsor/0/website](https://opencollective.com/sous-chefs/sponsor/0/avatar.svg?avatarHeight=100)
![https://opencollective.com/sous-chefs/sponsor/1/website](https://opencollective.com/sous-chefs/sponsor/1/avatar.svg?avatarHeight=100)
![https://opencollective.com/sous-chefs/sponsor/2/website](https://opencollective.com/sous-chefs/sponsor/2/avatar.svg?avatarHeight=100)
![https://opencollective.com/sous-chefs/sponsor/3/website](https://opencollective.com/sous-chefs/sponsor/3/avatar.svg?avatarHeight=100)
![https://opencollective.com/sous-chefs/sponsor/4/website](https://opencollective.com/sous-chefs/sponsor/4/avatar.svg?avatarHeight=100)
![https://opencollective.com/sous-chefs/sponsor/5/website](https://opencollective.com/sous-chefs/sponsor/5/avatar.svg?avatarHeight=100)
![https://opencollective.com/sous-chefs/sponsor/6/website](https://opencollective.com/sous-chefs/sponsor/6/avatar.svg?avatarHeight=100)
![https://opencollective.com/sous-chefs/sponsor/7/website](https://opencollective.com/sous-chefs/sponsor/7/avatar.svg?avatarHeight=100)
![https://opencollective.com/sous-chefs/sponsor/8/website](https://opencollective.com/sous-chefs/sponsor/8/avatar.svg?avatarHeight=100)
![https://opencollective.com/sous-chefs/sponsor/9/website](https://opencollective.com/sous-chefs/sponsor/9/avatar.svg?avatarHeight=100)

100
cookbooks/yum/attributes/main.rb Normal file
View File

@ -0,0 +1,100 @@
# http://man7.org/linux/man-pages/man5/yum.conf.5.html
default['yum']['main']['cachedir'] = '/var/cache/yum/$basearch/$releasever'
default['yum']['main']['distroverpkg'] = case node['platform']
when 'amazon'
'system-release'
when 'scientific'
'sl-release'
when 'redhat'
nil
when 'oracle'
'oraclelinux-release'
else
"#{node['platform']}-release"
end
default['yum']['main']['releasever'] = 'latest' if platform?('amazon')
default['yum']['main']['alwaysprompt'] = nil # [true, false]
default['yum']['main']['assumeyes'] = nil # [true, false]
default['yum']['main']['bandwidth'] = nil # /^\d+$/
default['yum']['main']['best'] = nil # [true, false]
default['yum']['main']['bugtracker_url'] = nil
default['yum']['main']['clean_requirements_on_remove'] = nil # [true, false]
default['yum']['main']['color'] = nil # %w{ always never }
default['yum']['main']['color_list_available_downgrade'] = nil
default['yum']['main']['color_list_available_install'] = nil
default['yum']['main']['color_list_available_reinstall'] = nil
default['yum']['main']['color_list_available_upgrade'] = nil
default['yum']['main']['color_list_installed_extra'] = nil
default['yum']['main']['color_list_installed_newer'] = nil
default['yum']['main']['color_list_installed_older'] = nil
default['yum']['main']['color_list_installed_reinstall'] = nil
default['yum']['main']['color_search_match'] = nil
default['yum']['main']['color_update_installed'] = nil
default['yum']['main']['color_update_local'] = nil
default['yum']['main']['color_update_remote'] = nil
default['yum']['main']['commands'] = nil
default['yum']['main']['deltarpm'] = nil # [true, false]
default['yum']['main']['debuglevel'] = nil # /^\d+$/
default['yum']['main']['diskspacecheck'] = nil # [true, false]
default['yum']['main']['enable_group_conditionals'] = nil # [true, false]
default['yum']['main']['errorlevel'] = nil # /^\d+$/
default['yum']['main']['exactarch'] = nil # [true, false]
default['yum']['main']['exclude'] = nil
default['yum']['main']['excludepkgs'] = nil
default['yum']['main']['gpgcheck'] = true # [true, false]
default['yum']['main']['group_package_types'] = nil
default['yum']['main']['groupremove_leaf_only'] = nil # [true, false]
default['yum']['main']['history_list_view'] = nil
default['yum']['main']['history_record'] = nil # [true, false]
default['yum']['main']['history_record_packages'] = nil
default['yum']['main']['http_caching'] = nil # %w{ packages all none }
default['yum']['main']['ip_resolve'] = nil # %w{ 4 6 }
default['yum']['main']['installonly_limit'] = nil # /\d+/, /keep/
default['yum']['main']['installonlypkgs'] = nil
default['yum']['main']['installroot'] = nil
default['yum']['main']['keepalive'] = nil # [true, false]
default['yum']['main']['keepcache'] = false # [true, false]
default['yum']['main']['kernelpkgnames'] = nil
default['yum']['main']['localpkg_gpgcheck'] = false # [true,# false]
default['yum']['main']['logfile'] = '/var/log/yum.log'
default['yum']['main']['max_retries'] = nil # /^\d+$/
default['yum']['main']['mdpolicy'] = nil # %w{ packages all none }
default['yum']['main']['metadata_expire'] = nil # /^\d+$/
default['yum']['main']['mirrorlist_expire'] = nil # /^\d+$/
default['yum']['main']['multilib_policy'] = nil # %w{ all best }
default['yum']['main']['obsoletes'] = nil # [true, false]
default['yum']['main']['overwrite_groups'] = nil # [true, false]
default['yum']['main']['password'] = nil
default['yum']['main']['path'] = '/etc/yum.conf'
default['yum']['main']['persistdir'] = nil
default['yum']['main']['pluginconfpath'] = nil
default['yum']['main']['pluginpath'] = nil
default['yum']['main']['plugins'] = nil # [true, false]
default['yum']['main']['protected_multilib'] = nil
default['yum']['main']['protected_packages'] = nil
default['yum']['main']['proxy'] = nil
default['yum']['main']['proxy_password'] = nil
default['yum']['main']['proxy_username'] = nil
default['yum']['main']['password'] = nil
default['yum']['main']['recent'] = nil # /^\d+$/
default['yum']['main']['repo_gpgcheck'] = nil # [true, false]
default['yum']['main']['reposdir'] = nil
default['yum']['main']['reset_nice'] = nil # [true, false]
default['yum']['main']['rpmverbosity'] = nil # %w{ info critical# emergency error warn debug }
default['yum']['main']['showdupesfromrepos'] = nil # [true, false]
default['yum']['main']['skip_broken'] = nil # [true, false]
default['yum']['main']['skip_if_unavailable'] = nil # [true, false]
default['yum']['main']['ssl_check_cert_permissions'] = nil # [true, false]
default['yum']['main']['sslcacert'] = nil
default['yum']['main']['sslclientcert'] = nil
default['yum']['main']['sslclientkey'] = nil
default['yum']['main']['sslverify'] = nil # [true, false]
default['yum']['main']['syslog_device'] = nil
default['yum']['main']['syslog_facility'] = nil
default['yum']['main']['syslog_ident'] = nil
default['yum']['main']['throttle'] = nil # [/\d+k/, /\d+M/, /\d+G/]
default['yum']['main']['timeout'] = nil # /\d+/
default['yum']['main']['tolerant'] = false
default['yum']['main']['tsflags'] = nil
default['yum']['main']['username'] = nil

115
cookbooks/yum/chefignore Normal file
View File

@ -0,0 +1,115 @@
# Put files/directories that should be ignored in this file when uploading
# to a Chef Infra Server or Supermarket.
# Lines that start with '# ' are comments.
# OS generated files #
######################
.DS_Store
ehthumbs.db
Icon?
nohup.out
Thumbs.db
.envrc
# EDITORS #
###########
.#*
.project
.settings
*_flymake
*_flymake.*
*.bak
*.sw[a-z]
*.tmproj
*~
\#*
REVISION
TAGS*
tmtags
.vscode
.editorconfig
## COMPILED ##
##############
*.class
*.com
*.dll
*.exe
*.o
*.pyc
*.so
*/rdoc/
a.out
mkmf.log
# Testing #
###########
.circleci/*
.codeclimate.yml
.delivery/*
.foodcritic
.kitchen*
.mdlrc
.overcommit.yml
.rspec
.rubocop.yml
.travis.yml
.watchr
.yamllint
azure-pipelines.yml
Dangerfile
examples/*
features/*
Guardfile
kitchen*.yml
mlc_config.json
Procfile
Rakefile
spec/*
test/*
# SCM #
#######
.git
.gitattributes
.gitconfig
.github/*
.gitignore
.gitkeep
.gitmodules
.svn
*/.bzr/*
*/.git
*/.hg/*
*/.svn/*
# Berkshelf #
#############
Berksfile
Berksfile.lock
cookbooks/*
tmp
# Bundler #
###########
vendor/*
Gemfile
Gemfile.lock
# Policyfile #
##############
Policyfile.rb
Policyfile.lock.json
# Documentation #
#############
CODE_OF_CONDUCT*
CONTRIBUTING*
documentation/*
TESTING*
UPGRADING*
# Vagrant #
###########
.vagrant
Vagrantfile

42
cookbooks/yum/metadata.json Normal file
View File

@ -0,0 +1,42 @@
{
"name": "yum",
"description": "Configures various yum components on Red Hat-like systems",
"long_description": "",
"maintainer": "Sous Chefs",
"maintainer_email": "help@sous-chefs.org",
"license": "Apache-2.0",
"platforms": {
"amazon": ">= 0.0.0",
"centos": ">= 0.0.0",
"fedora": ">= 0.0.0",
"oracle": ">= 0.0.0",
"redhat": ">= 0.0.0",
"scientific": ">= 0.0.0",
"zlinux": ">= 0.0.0"
},
"dependencies": {
},
"providing": {
},
"recipes": {
},
"version": "7.4.13",
"source_url": "https://github.com/sous-chefs/yum",
"issues_url": "https://github.com/sous-chefs/yum/issues",
"privacy": false,
"chef_versions": [
[
">= 15.3"
]
],
"ohai_versions": [
],
"gems": [
],
"eager_load_libraries": true
}

17
cookbooks/yum/metadata.rb Normal file
View File

@ -0,0 +1,17 @@
name 'yum'
maintainer 'Sous Chefs'
maintainer_email 'help@sous-chefs.org'
license 'Apache-2.0'
description 'Configures various yum components on Red Hat-like systems'
version '7.4.13'
source_url 'https://github.com/sous-chefs/yum'
issues_url 'https://github.com/sous-chefs/yum/issues'
chef_version '>= 15.3'
supports 'amazon'
supports 'centos'
supports 'fedora'
supports 'oracle'
supports 'redhat'
supports 'scientific'
supports 'zlinux'

26
cookbooks/yum/recipes/default.rb Normal file
View File

@ -0,0 +1,26 @@
#
# Author:: Sean OMeara (<someara@chef.io>)
# Author:: Joshua Timberman (<joshua@chef.io>)
# Recipe:: yum::default
#
# Copyright:: 2013-2019, Chef Software, Inc (<legal@chef.io>)
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
yum_globalconfig '/etc/yum.conf' do
node['yum']['main'].each do |config, value|
send(config.to_sym, value) unless value.nil?
end
action :create
end

17
cookbooks/yum/renovate.json Normal file
View File

@ -0,0 +1,17 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": ["config:base"],
"packageRules": [{
"groupName": "Actions",
"matchUpdateTypes": ["patch", "pin", "digest"],
"automerge": true,
"addLabels": ["Release: Patch", "Skip: Announcements"]
},
{
"groupName": "Actions",
"matchUpdateTypes": ["major"],
"automerge": false,
"addLabels": ["Release: Patch", "Skip: Announcements"]
}
]
}

126
cookbooks/yum/resources/dnf_module.rb Normal file
View File

@ -0,0 +1,126 @@
resource_name :dnf_module
provides :dnf_module
unified_mode true
property :module_name, String,
name_property: true,
description: 'Name of the module to install'
property :options, [String, Array],
coerce: proc { |x| Array(x) },
default: [],
description: 'Any additional options to pass to DNF'
property :flush_cache, [true, false],
default: true,
description: 'Whether to flush the Chef package cache after enabling the module'
action_class do
def supported?
(platform_family?('rhel') && node['platform_version'].to_i >= 8) || platform?('fedora')
end
def list_modules(type)
raw_output = shell_out!('dnf -q module list').stdout.split("\n")
raw_output.keep_if { |l| l.match? /\[#{type}\]/ }
raw_output.map { |l| "#{l.split[0]}:#{l.split[1]}" }[0..-2] # remove Hint: line from end
end
def enabled_modules
# extract modules from the rest of the output -- the lines with [e] (for enabled)
list_modules('e')
end
def disabled_modules
# extract modules from the rest of the output -- the lines with [x] (for disabled)
# disable disables all versions of the stream, so add entry without :version
dl = list_modules('x')
dl + dl.map { |m| m.split(':').first }.uniq
end
def installed_modules
# extract modules from the rest of the output -- the lines with [i] (for installed)
list_modules('i')
end
def opts
new_resource.options.join(' ')
end
def flush_dnf_cache
# After switching to a new module installed during the Chef run, Chef's
# internal package cache won't pick up on new module packages automatically,
# so we need to reload that manually, much like after adding a new repo.
# This isn't needed for modules available at the start of the Chef run.
if new_resource.flush_cache
package "flush package cache #{new_resource.module_name}" do
action :flush_cache
end
end
end
end
action :switch_to do
return unless supported?
unless enabled_modules.include?(new_resource.module_name)
converge_by "switch to #{new_resource.module_name}" do
shell_out!("dnf -qy module switch-to #{opts} '#{new_resource.module_name}'")
end
flush_dnf_cache
end
end
action :enable do
return unless supported?
unless enabled_modules.include?(new_resource.module_name)
converge_by "enable #{new_resource.module_name}" do
shell_out!("dnf -qy module enable #{opts} '#{new_resource.module_name}'")
end
flush_dnf_cache
end
end
action :disable do
return unless supported?
unless disabled_modules.include?(new_resource.module_name)
converge_by "disable #{new_resource.module_name}" do
shell_out!("dnf -qy module disable #{opts} '#{new_resource.module_name}'")
end
flush_dnf_cache
end
end
action :install do
return unless supported?
unless installed_modules.include?(new_resource.module_name)
converge_by "install #{new_resource.module_name}" do
shell_out!("dnf -qy module install #{opts} '#{new_resource.module_name}'")
end
flush_dnf_cache
end
end
action :remove do
return unless supported?
if installed_modules.include?(new_resource.module_name)
converge_by "remove #{new_resource.module_name}" do
shell_out!("dnf -qy module remove #{opts} '#{new_resource.module_name}'")
end
flush_dnf_cache
end
end
action :reset do
return unless supported?
converge_by "reset #{new_resource.module_name}" do
shell_out!("dnf -qy module reset #{opts} '#{new_resource.module_name}'")
end
flush_dnf_cache
end

169
cookbooks/yum/resources/globalconfig.rb Normal file
View File

@ -0,0 +1,169 @@
#
# Cookbook:: yum
# Resource:: repository
#
# Author:: Sean OMeara <someara@chef.io>
# Copyright:: 2013-2020, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# http://man7.org/linux/man-pages/man5/yum.conf.5.html
unified_mode true
property :alwaysprompt, [true, false], description: 'When true yum will not prompt for confirmation when the list of packages to be installed exactly matches those given on the command line. Unless assumeyes is enabled, it will prompt when additional packages need to be installed to fulfill dependencies regardless of this setting. Note that older versions of yum would also always prompt for package removal, and that is no longer true.'
property :assumeno, [true, false], description: "If yum would prompt for confirmation of critical actions, assume the user chose no. This is basically the same as doing 'echo | yum ...' but is a bit more usable. This option overrides assumeyes, but is still subject to alwaysprompt."
property :assumeyes, [true, false], description: 'Determines whether or not yum prompts for confirmation of critical actions.'
property :autocheck_running_kernel, [true, false], description: "Set this to false to disable the automatic checking of the running kernel against updateinfo ('yum updateinfo check-running-kernel'), in the 'check-update' and 'updateinfo summary' commands."
property :autosavets, [true, false], description: 'Should yum automatically save a transaction to a file when the transaction is solved but not run. Yum defaults to True'
property :bandwidth, String, regex: /^\d+/, description: "Use to specify the maximum available network bandwidth in bytes/second. Used with the throttle property. If throttle is a percentage and bandwidth is '0' then bandwidth throttling will be disabled. If throttle is expressed as a data rate (bytes/sec) then this option is ignored."
property :best, [true, false], description: 'If enabled, the solver will either use a package with the highest available version or fail'
property :bugtracker_url, String, description: 'URL where bugs should be filed for yum. Configurable for local versions or distro-specific bugtrackers.'
property :cachedir, String, default: '/var/cache/yum/$basearch/$releasever', description: 'Directory where yum should store its cache and db files.'
property :cashe_root_dir, String, description: "Directory where yum would initialize the cashe, should almost certainly be left at the default. Yum's default is '/var/cache/CAShe'. Note that unlike all other configuration, this does not change with installroot, the reason is so that multiple install root can share the same data. See man cashe for more info."
property :check_config_file_age, [true, false], description: 'Specifies whether yum should auto metadata expire repos that are older than any of the configuration files that led to them (usually the yum.conf file and the foo.repo file).'
property :clean_requirements_on_remove, [true, false], description: "When removing packages (by removal, update or obsoletion) go through each package's dependencies. If any of them are no longer required by any other package then also mark them to be removed."
property :color, String, equal_to: %w(always never), description: 'Display colorized output automatically, depending on the output terminal'
property :color_list_available_downgrade, String
property :color_list_available_install, String
property :color_list_available_reinstall, String
property :color_list_available_upgrade, String
property :color_list_installed_extra, String
property :color_list_installed_newer, String
property :color_list_installed_older, String
property :color_list_installed_reinstall, String
property :color_search_match, String
property :color_update_installed, String
property :color_update_local, String
property :color_update_remote, String
property :commands, String, description: "List of functional commands to run if no functional commands are specified on the command line (eg. 'update foo bar baz quux'). None of the short options (eg. -y, -e, -d) are accepted for this option."
property :debuglevel, String, regex: /^\d+$/, default: '2', description: 'Debug message output level 0-10.'
property :deltarpm, [String, Integer], description: "When non-zero, delta-RPM files are used if available. The value specifies the maximum number of 'applydeltarpm' processes Yum will spawn, if the value is negative then yum works out how many cores you have and multiplies that by the value (cores=2, deltarpm=-2; 4 processes). (2 by default).\nNote that the 'applydeltarpm' process uses a significant amount of disk IO, so running too many instances can significantly slow down all disk IO including the downloads that yum is doing (thus. a too high value can make everything slower)."
property :deltarpm_metadata_percentage, String, description: "When the relative size of deltarpm metadata vs pkgs is larger than this, deltarpm metadata is not downloaded from the repo. Yum's default value is 100 (Deltarpm metadata must be smaller than the packages from the repo). Note that you can give values over 100, so 200 means that the metadata is required to be half the size of the packages. Use '0' to turn off this check, and always download metadata."
property :deltarpm_percentage, String, description: "When the relative size of delta vs pkg is larger than this, delta is not used. Yum's default value is 75 (Deltas must be at least 25% smaller than the pkg). Use '0' to turn off delta rpm processing. Local repositories (with file:// baseurl) have delta rpms turned off by default."
property :depsolve_loop_limit, Integer, description: "Set the number of times any attempt to depsolve before we just give up. This shouldn't be needed as yum should always solve or fail, however it has been observed that it can loop forever with very large system upgrades. Setting this to `0' (or " > ") makes yum try forever. Yum's default is '100'."
property :disable_excludes, [true, false], description: 'Permanently set the --disableexcludes command line option.'
property :diskspacecheck, [true, false], description: 'Set this to false to disable the checking for sufficient diskspace and inodes before a RPM transaction is run.'
property :distroverpkg, String, description: "The package used by yum to determine the 'version' of the distribution, this sets $releasever for use in config. files. This can be any installed package. Default is 'system-release(releasever)', 'redhat-release'. Yum will now look at the version provided by the provide, and if that is non-empty then will use the full V(-R), otherwise it uses the version of the package."
property :enable_group_conditionals, [true, false], description: 'Determines whether yum will allow the use of conditionals packages.'
property :errorlevel, String, regex: /^\d+$/, description: 'Error message output level 0-10.'
property :exactarch, [true, false], default: true
property :exactarchlist, String, description: "List of packages that should never change archs in an update. That means, if a package has a newer version available which is for a different compatible arch, yum will not consider that version an update if the package name is in this list. For example, on x86_64, foo-1.x86_64 won't be updated to foo-2.i686 if foo is in this list. Kernels in particular fall into this category. Shell globs using wildcards (eg. * and ?) are allowed."
property :exclude, String, description: "List of packages to exclude from all repositories, so yum works as if that package was never in the repositories. This should be a space separated list. This is commonly used so a package isn't upgraded or installed accidentally, but can be used to remove packages in any way that 'yum list' will show packages. Shell globs using wildcards (eg. * and ?) are allowed."
property :excludepkgs, String, description: 'Exclude packages from DNF specified by name or glob and separated by a comma. Can be disabled using disable_excludes.'
property :exit_on_lock, [true, false], description: 'Should the yum client exit immediately when something else has the lock. Yum defaults to false'
property :fssnap_abort_on_errors, String, equal_to: %w(), description: "When fssnap_automatic_pre or fssnap_automatic_post is enabled, it's possible to specify which fssnap errors should make the transaction fail. Yum's default is 'any'.\n'broken-setup' - Abort current transaction if snapshot support is unavailable because lvm is missing or broken.\n'snapshot-failure' - Abort current transaction if creating a snapshot fails (e.g. there is not enough free space to make a snapshot).\n'any' - Abort current transaction if any of the above occurs.\n'none' - Never abort a transaction in case of errors."
property :fssnap_automatic_keep, Integer, description: "How many old snapshots should yum keep when trying to automatically create a new snapshot. Setting to 0 disables this feature. Yum's default is '1'"
property :fssnap_automatic_post, [true, false], description: 'Should yum try to automatically create a snapshot after it runs a transaction. Yum defaults to False'
property :fssnap_automatic_pre, [true, false], description: 'Should yum try to automatically create a snapshot before it runs a transaction. Yum defaults to False'
property :fssnap_devices, String, description: 'The origin LVM devices to use for snapshots. Wildcards and negation are allowed, first match (positive or negative) wins. Default is: !*/swap !*/lv_swap glob:/etc/yum/fssnap.d/*.conf'
property :fssnap_percentage, Integer, description: "The size of new snaphosts, expressed as a percentage of the old origin device. Any number between 1 and 100. Yum defaults to '100'."
property :ftp_disable_epsv, [true, false], description: 'This options disables Extended Passive Mode (the EPSV command) which does not work correctly on some buggy ftp servers.'
property :gpgcheck, [true, false], default: true, description: 'This tells yum whether or not it should perform a GPG signature check on packages. When this is set in the [main] section it sets the default for all repositories.'
property :group_command, String, equal_to: %w(simple compat objects), description: "Tells yum what to do for group install/upgrade/remove commands.\nSimple acts like you did yum group cmd $(repoquery --group --list group), so it is very easy to reason about what will happen. Alas. this is often not what people want to happen.\nCompat. works much like simple, except that when you run 'group upgrade' it actually runs 'group install' (this means that you get any new packages added to the group, but you also get packages added that were there before and you didn't want). \nObjects makes groups act like a real object, separate from the packages they contain. Yum keeps track of the groups you have installed, so 'group upgrade' will install new packages for the group but not install old ones. It also knows about group members that are installed but weren't installed as part of the group, and won't remove those on 'group remove'. Running 'yum upgrade' will also run 'yum group upgrade' (thus. adding new packages for all groups)."
property :group_package_types, String, description: "List of the following: optional, default, mandatory. Tells yum which type of packages in groups will be installed when 'groupinstall' is called."
property :groupremove_leaf_only, [true, false], description: "Used to determine yum's behaviour when the groupremove command is run. If groupremove_leaf_only is false (default) then all packages in the group will be removed. If groupremove_leaf_only is true then only those packages in the group that aren't required by another package will be removed."
property :history_list_view, String, equal_to: %w(users commands single-user-commands), description: "Which column of information to display in the 'yum history list' command."
property :history_record, [true, false], description: 'Should yum record history entries for transactions. This takes some disk space, and some extra time in the transactions. But it allows how to know a lot of information about what has happened before, and display it to the user with the history info/list/summary commands. yum also provides the history undo/redo commands.'
property :history_record_packages, String, description: 'This is a list of package names that should be recorded as having helped the transaction. yum plugins have an API to add themselves to this, so it should not normally be necessary to add packages here. Not that this is also used for the packages to look for in --version. Defaults to rpm, yum, yum-metadata-parser.'
property :http_caching, String, equal_to: %w(packages all none), description: "Determines how upstream HTTP caches are instructed to handle any HTTP downloads that Yum does. This option can take the following values: all' means that all HTTP downloads should be cached. 'packages' means that only RPM package downloads should be cached (but not repository metadata downloads). 'none' means that no HTTP downloads should be cached."
property :installonly_limit, String, regex: [/^\d+/, /keep/], default: '3', description: "Number of packages listed in installonlypkgs to keep installed at the same time. Setting to 0 disables this feature. Default is '0'. Note that this functionality used to be in the 'installonlyn' plugin, where this option was altered via tokeep. Note that as of version 3.2.24, yum will now look in the yumdb for a installonly attribute on installed packages. If that attribute is 'keep', then they will never be removed."
property :installonlypkgs, String, description: 'List of package provides that should only ever be installed, never updated. Kernels in particular fall into this category. Defaults to kernel, kernel-bigmem, kernel-enterprise, kernel-smp, kernel-modules, kernel-debug, kernel- unsupported, kernel-source, kernel-devel, kernel-PAE, kernel- PAE-debug.'
property :installroot, String, description: 'Specifies an alternative installroot, relative to which all packages will be installed.'
property :install_weak_deps, [true, false], description: "When this option is set to true and a new package is about to be installed, all packages linked by a weak dependency relation (i.e., Recommends or Supplements flags) with this package will be pulled into the transaction. Default is DNF's default of true."
property :ip_resolve, [String, Integer], equal_to: [4, '4', 6, '6'], description: "Determines how yum resolves host names. '4': resolve to IPv4 addresses only. '6': resolve to IPv6 addresses only."
property :keepalive, [true, false], description: 'Set whether HTTP keepalive should be used for HTTP/1.1 servers that support it. This can improve transfer speeds by using one connection when downloading multiple files from a repository.'
property :keepcache, [true, false], default: false, description: 'Determines whether or not yum keeps the cache of headers and packages after successful installation.'
property :kernelpkgnames, String, description: 'List of package names that are kernels. This is really only here for the updating of kernel packages and should be removed out in the yum 2.1 series.'
property :loadts_ignoremissing, [true, false], description: "Should the load-ts command ignore packages that are missing. This includes packages in the TS to be removed, which aren't installed, and packages in the TS to be added, which aren't available. If this is set to true, and an rpm is missing then loadts_ignorenewrpm is automatically set to true. Yum defaults to False."
property :loadts_ignorenewrpm, [true, false], description: 'Should the load-ts command ignore the future rpmdb version or abort if there is a mismatch between the TS file and what will happen on the current machine. Note that if loadts_ignorerpm is True, this option does nothing. Yum defaults to False'
property :loadts_ignorerpm, [true, false], description: 'Should the load-ts command ignore the rpmdb version (yum version nogroups) or abort if there is a mismatch between the TS file and the current machine. If this is set to true, then loadts_ignorenewrpm is automatically set to true. Yum defaults to False'
property :localpkg_gpgcheck, [true, false], description: 'This tells yum whether or not it should perform a GPG signature check on local packages (packages in a file, not in a repositoy).'
property :logfile, String, default: '/var/log/yum.log', description: 'Full directory and file name for where yum should write its log file.'
property :max_connections, String, regex: /^\d+/, description: 'The maximum number of simultaneous connections. This overrides the urlgrabber default of 5 connections. Note that there are also implicit per-mirror limits and the downloader honors these too.'
property :mddownloadpolicy, String, equal_to: %w(sqlite xml), description: "You can select which kinds of repodata you would prefer yum to download:\n'sqlite' - Download the .sqlite files, if available. This is currently slightly faster, once they are downloaded. However these files tend to be bigger, and thus. take longer to download. \n'xml' - Download the .XML files, which yum will do anyway as a fallback on the other options. These files tend to be smaller, but they require parsing/converting locally after download and some aditional checks are performed on them each time they are used."
property :mdpolicy, String, equal_to: %w(instant group:primary group:small group:main group:all), description: "You can select from different metadata download policies depending on how much data you want to download with the main repository metadata index. The advantages of downloading more metadata with the index is that you can't get into situations where you need to use that metadata later and the versions available aren't compatible (or the user lacks privileges) and that if the metadata is corrupt in any way yum will revert to the previous metadata.\n'instant' - Just download the new metadata index, this is roughly what yum always did, however it now does some checking on the index and reverts if it classifies it as bad.\n'group:primary' - Download the primary metadata with the index. This contains most of the package information and so is almost always required anyway.\n'group:small' - With the primary also download the updateinfo metadata, groups, and pkgtags. This is required for yum-security operations and it also used in the graphical clients. This file also tends to be significantly smaller than most others. This is the default. \n'group:main' - With the primary and updateinfo download the filelists metadata and the group metadata. The filelists data is required for operations like 'yum install /bin/bash', and also some dependency resolutions require it. The group data is used in some graphical clients and for group operations like 'yum grouplist Base'.\n'group:all' - Download all metadata listed in the index, currently the only one not listed above is the other metadata, which contains the changelog information which is used by yum-changelog. This is what 'yum makecache' uses."
property :metadata_expire, String, regex: [/^\d+$/, /^\d+[mhd]$/, /never/], description: "Time (in seconds) after which the metadata will expire. So that if the current metadata downloaded is less than this many seconds old then yum will not update the metadata against the repository. If you find that yum is not downloading information on updates as often as you would like lower the value of this option. You can also change from the default of using seconds to using days, hours or minutes by appending a d, h or m respectively. The default is 6 hours, to compliment yum-updatesd running once an hour. It's also possible to use the word 'never', meaning that the metadata will never expire. Note that when using a metalink file the metalink must always be newer than the metadata for the repository, due to the validation, so this timeout also applies to the metalink file."
property :metadata_expire_filter, String, equal_to: %w(never read-only:past read-only:present read-only:future), description: "Filter the metadata_expire time, allowing a trade of speed for accuracy if a command doesn't require it. Each yum command can specify that it requires a certain level of timeliness quality from the remote repos. from 'I\'m about to install/upgrade, so this better be current' to 'Anything that\'s available is good enough'. \n'never' - Nothing is filtered, always obey metadata_expire. \n'read-only:past' - Commands that only care about past\ information are filtered from metadata expiring. Eg. yum history info (if history needs to lookup anything about a previous transaction, then by definition the remote package was available in the past). \n'read-only:present' - Commands that are balanced between past and future. This is the default. Eg. yum list yum\n'read-only:future' - Commands that are likely to result in running other commands which will require the latest metadata. Eg. yum check-update\nNote that this option requires that all the enabled repositories be roughly the same freshness (meaning the cache age difference from one another is at most 5 days). Failing that, metadata_expire will always be obeyed, just like with 'never'.\nAlso note that this option does not override 'yum clean expire-cache'."
property :minrate, String, description: "This sets the low speed threshold in bytes per second. If the server is sending data slower than this for at least 'timeout' seconds, Yum aborts the connection."
property :mirrorlist_expire, String, regex: /^\d+$/, description: 'Time (in seconds) after which the mirrorlist locally cached will expire. If the current mirrorlist is less than this many seconds old then yum will not download another copy of the mirrorlist, it has the same extra format as metadata_expire. If you find that yum is not downloading the mirrorlists as often as you would like lower the value of this option.'
property :multilib_policy, String, equal_to: %w(all best), description: "The policy installation policy. Can be set to 'all' or 'best'. All means install all possible arches for any package you want to install. Therefore yum install foo will install foo.i386 and foo.x86_64 on x86_64, if it is available. Best means install the best arch for this platform, only. "
property :obsoletes, [true, false], description: "This option only has affect during an update. It enables yum's obsoletes processing logic. Useful when doing distribution level upgrades. See also the yum upgrade command documentation for more details"
property :options, Hash
property :override_install_langs, [true, false], description: "This is a way to override rpm's _install_langs macro. without having to change it within rpm's macro file"
property :overwrite_groups, [true, false], description: "Used to determine yum's behaviour if two or more repositories offer the package groups with the same name. If overwrite_groups is true then the group packages of the last matching repository will be used. If overwrite_groups is false then the groups from all matching repositories will be merged together as one large group. Note that this option does not override remove_leaf_only, so enabling that option means this has almost no affect."
property :password, String, description: 'password to use with the username for basic authentication.'
property :path, String, name_property: true
property :persistdir, String, description: 'Directory where yum should store information that should persist over multiple runs.'
property :pluginconfpath, String, description: 'A list of directories where yum should look for plugin configuration files.'
property :pluginpath, String, description: 'A list of directories where yum should look for plugin modules.'
property :plugins, [true, false], default: true, description: 'Global switch to enable or disable yum plugins.'
property :protected_multilib, [true, false], description: 'This tells yum whether or not it should perform a check to make sure that multilib packages are the same version. For example, if this option is off (rpm behavior) then in some cases it might be possible for pkgA-1.x86_64 and pkgA-2.i386 to be installed at the same time. However this is very rarely desired. Install only packages, like the kernel, are exempt from this check.'
property :protected_packages, String, description: 'This is a list of packages that yum should never completely remove. They are protected via Obsoletes as well as user/plugin removals.'
property :proxy, String, description: 'URL to the proxy server that yum should use.'
property :proxy_password, String, description: 'The password for the specified proxy.'
property :proxy_username, String, description: 'The username for the specified proxy.'
property :query_install_excludes, [true, false], description: 'This applies the command line exclude option (only, not the configuration exclude above) to installed packages being shown in some query commands'
property :recent, String, regex: /^\d+$/, description: "Number of days back to look for 'recent' packages added to a repository."
property :recheck_installed_requires, [true, false], description: "When upgrading a package do we recheck any requirements that existed in the old package. Turning this on shouldn't do anything but slow yum depsolving down, however using rpm --nodeps etc. can break the rpmdb and then this will help."
property :releasever, String
property :remove_leaf_only, [true, false], description: "Used to determine yum's behaviour when a package is removed. If remove_leaf_only is false then packages, and their deps, will be removed. If remove_leaf_only is true then only those packages that aren't required by another package will be removed."
property :repo_gpgcheck, [true, false], description: 'This tells yum whether or not it should perform a GPG signature check on the repodata. When this is set in the [main] section it sets the default for all repositories.'
property :repopkgsremove_leaf_only, [true, false], description: "Used to determine yum's behaviour when the repo-pkg remove command is run. If repopkgremove_leaf_only is false then all packages in the repo. will be removed. If repopkgremove_leaf_only is true then only those packages in the repo. that aren't required by another package will be removed. Note that this option does not override remove_leaf_only, so enabling that option means this has almost no affect."
property :reposdir, String, description: "A list of directories where yum should look for .repo files which define repositories to use. Default is '/etc/yum/repos.d'. Each file in this directory should contain one or more repository sections as documented in [repository] options below. These will be merged with the repositories defined in /etc/yum/yum.conf to form the complete set of repositories that yum will use."
property :requires_policy, String, equal_to: %w(strong weak info), description: 'Strong means install just the needed requirements. Weak means also install any weak requirements. Info means install all requirements. This only happens on install/reinstall, upgrades/downgrades do not consult this at all. Note that yum will try to just drop weak and info requirements on errors.'
property :reset_nice, [true, false], description: 'If set to true then yum will try to reset the nice value to zero, before running an rpm transaction.'
property :retries, String, regex: /^\d+$/, description: "Set the number of times any attempt to retrieve a file should retry before returning an error. Setting this to '0' makes yum try forever."
property :rpmverbosity, String, equal_to: %w(info critical emergency error warn debug), description: 'Debug scriptlet output level.'
property :shell_exit_status, String, equal_to: %w(0 ?), description: "Determines the exit status that should be returned by `yum shell' when it terminates after reading the `exit' command or EOF. If ? is set, the exit status is that of the last command executed before `exit' (bash-like behavior). Yum defaults to 0."
property :showdupesfromrepos, [true, false], description: 'Set to true if you wish to show any duplicate packages from any repository, from package listings like the info or list commands. Set to false if you want only to see the newest packages from any repository.'
property :skip_broken, [true, false], description: 'Resolve depsolve problems by removing packages that are causing problems from the transaction.'
property :skip_if_unavailable, [true, false], description: 'If enabled, DNF will continue running and disable any repository that could not be synchronized for any reason.'
property :skip_missing_names_on_install, [true, false], description: "If set to False, 'yum install' will fail if it can't find any of the provided names (package, group, rpm file). Yum's default is true."
property :skip_missing_names_on_update, [true, false], description: "If set to False, 'yum update' will fail if it can't find any of the provided names (package, group, rpm file). It will also fail if the provided name is a package which is available, but not installed. Yum's default is true."
property :ssl_check_cert_permissions, [true, false], description: "Whether yum should check the permissions on the paths for the certificates on the repository (both remote and local). If we can't read any of the files then yum will force skip_if_unavailable to be true. This is most useful for non-root processes which use yum on repos. that have client cert files which are readable only by root."
property :sslcacert, String, description: 'Path to the directory containing the databases of the certificate authorities yum should use to verify SSL certificates.'
property :sslclientcert, String, description: 'Path to the SSL client certificate yum should use to connect to repos/remote sites.'
property :sslclientkey, String, description: 'Path to the SSL client key yum should use to connect to repos/remote sites.'
property :sslverify, [true, false], description: 'Should yum verify SSL certificates/hosts at all.'
property :syslog_device, String, description: 'Where to log syslog messages. Can be a local device (path) or a host:port string to use a remote syslog. If empty or points to a nonexistent device, syslog logging is disabled.'
property :syslog_facility, String, description: 'Facility name for syslog messages.'
property :syslog_ident, String, description: 'Identification (program name) for syslog messages.'
property :throttle, String, regex: [/\d+k/, /\d+M/, /\d+G/], description: "Enable bandwidth throttling for downloads. This option can be expressed as a absolute data rate in bytes/sec. An SI prefix (k, M or G) may be appended to the bandwidth value (eg. '5.5k' is 5.5 kilobytes/sec, '2M' is 2 Megabytes/sec)."
property :timeout, String, regex: /^\d+$/, description: 'Number of seconds to wait for a connection before timing out.'
property :tolerant, [true, false], description: "If enabled, yum will go slower, checking for things that shouldn't be possible making it more tolerant of external errors. Default to '0' (not tolerant)."
property :tsflags, String, description: "Comma or space separated list of transaction flags to pass to the rpm transaction set. These include 'noscripts', 'notriggers', 'nodocs', 'test', 'justdb' and 'nocontexts'. 'repackage' is also available but that does nothing with newer rpm versions. You can set all/any of them. However, if you don't know what these do in the context of an rpm transaction set you're best leaving it alone."
property :ui_repoid_vars, String, description: 'When a repository id is displayed, append these yum variables to the string if they are used in the baseurl/etc. Variables are appended in the order listed (and found).'
property :upgrade_group_objects_upgrade, [true, false], description: "Set this to false to disable the automatic running of 'group upgrade' when running the 'upgrade' command, and group_command is set to 'objects'."
property :upgrade_requirements_on_install, [true, false], description: "When installing/reinstalling/upgrading packages go through each package's installed dependencies and check for an update."
property :usercache, String, description: "Determines whether or not yum should store per-user cache in $TMPDIR. When set to '0', then whenever yum runs as a non-root user, --cacheonly is implied and system cache is used directly, and no new user cache is created in $TMPDIR. This can be used to prevent $TMPDIR from filling up if many users on the system often use yum and root tends to have up-to-date metadata that the users can rely on (they can still enable this feature with --setopt if they wish)."
property :username, String, description: 'username to use for basic authentication to a repo or really any url.'
property :usr_w_check, [true, false], description: "Set this to false to disable the checking for writability on /usr in the installroot (when going into the depsolving stage). Yum's default is true."
alias_method :max_retries, :retries
action :create do
template new_resource.path do
source 'main.erb'
cookbook 'yum'
mode '0644'
variables(config: new_resource)
end
end
action :delete do
file new_resource.path do
action :delete
end
end

295
cookbooks/yum/templates/main.erb Normal file
View File

@ -0,0 +1,295 @@
# This file was generated by Chef Infra Client
# Do NOT modify this file by hand.
[main]
<% if @config.alwaysprompt %>
alwaysprompt=<%= @config.alwaysprompt %>
<% end %>
<% if @config.assumeyes %>
assumeyes=<%= @config.assumeyes %>
<% end %>
<% if @config.bandwidth %>
bandwidth=<%= @config.bandwidth %>
<% end %>
<% unless @config.best.nil? %>
best=<%= @config.best %>
<% end %>
<% if @config.bugtracker_url %>
bugtracker_url=<%= @config.bugtracker_url %>
<% end %>
<% if @config.cachedir %>
cachedir=<%= @config.cachedir %>
<% end %>
<% if @config.clean_requirements_on_remove %>
clean_requirements_on_remove=<%= @config.clean_requirements_on_remove %>
<% end %>
<% if @config.color %>
color=<%= @config.color %>
<% end %>
<% if @config.color_list_available_downgrade %>
color_list_available_downgrade=<%= @config.color_list_available_downgrade %>
<% end %>
<% if @config.color_list_available_install %>
color_list_available_install=<%= @config.color_list_available_install %>
<% end %>
<% if @config.color_list_available_reinstall %>
color_list_available_reinstall=<%= @config.color_list_available_reinstall %>
<% end %>
<% if @config.color_list_available_upgrade %>
color_list_available_upgrade=<%= @config.color_list_available_upgrade %>
<% end %>
<% if @config.color_list_installed_extra %>
color_list_installed_extra=<%= @config.color_list_installed_extra %>
<% end %>
<% if @config.color_list_installed_newer %>
color_list_installed_newer=<%= @config.color_list_installed_newer %>
<% end %>
<% if @config.color_list_installed_older %>
color_list_installed_older=<%= @config.color_list_installed_older %>
<% end %>
<% if @config.color_list_installed_reinstall %>
color_list_installed_reinstall=<%= @config.color_list_installed_reinstall %>
<% end %>
<% if @config.color_search_match %>
color_search_match=<%= @config.color_search_match %>
<% end %>
<% if @config.color_update_installed %>
color_update_installed=<%= @config.color_update_installed %>
<% end %>
<% if @config.color_update_local %>
color_update_local=<%= @config.color_update_local %>
<% end %>
<% if @config.color_update_remote %>
color_update_remote=<%= @config.color_update_remote %>
<% end %>
<% if @config.commands %>
commands=<%= @config.commands %>
<% end %>
<% if @config.debuglevel %>
debuglevel=<%= @config.debuglevel %>
<% end %>
<% if @config.deltarpm == true %>
deltarpm=1
<% elsif @config.deltarpm == false %>
deltarpm=0
<% end %>
<% if @config.diskspacecheck %>
diskspacecheck=<%= @config.diskspacecheck %>
<% end %>
<% if @config.distroverpkg %>
distroverpkg=<%= @config.distroverpkg %>
<% end %>
<% if @config.enable_group_conditionals %>
enable_group_conditionals=1
<% end %>
<% if @config.errorlevel %>
errorlevel=<%= @config.errorlevel %>
<% end %>
<% if @config.exactarch %>
exactarch=1
<% else %>
exactarch=0
<% end %>
<% if @config.exclude %>
exclude=<%= @config.exclude %>
<% end %>
<% if @config.excludepkgs %>
excludepkgs=<%= @config.excludepkgs %>
<% end %>
<% if @config.gpgcheck %>
gpgcheck=1
<% else %>
gpgcheck=0
<% end %>
<% if @config.group_package_types %>
group_package_types=<%= @config.group_package_types %>
<% end %>
<% if @config.groupremove_leaf_only %>
groupremove_leaf_only=<%= @config.groupremove_leaf_only %>
<% end %>
<% if @config.history_list_view %>
history_list_view=<%= @config.history_list_view %>
<% end %>
<% if @config.history_record %>
history_record=<%= @config.history_record %>
<% end %>
<% if @config.history_record_packages %>
history_record_packages=<%= @config.history_record_packages %>
<% end %>
<% if @config.http_caching %>
http_caching=<%= @config.http_caching %>
<% end %>
<% if @config.ip_resolve %>
ip_resolve=<%= @config.ip_resolve %>
<% end %>
<% unless @config.install_weak_deps.nil? %>
<% if @config.install_weak_deps %>
install_weak_deps=1
<% else %>
install_weak_deps=0
<% end %>
<% end %>
<% if @config.installonly_limit %>
installonly_limit=<%= @config.installonly_limit %>
<% end %>
<% if @config.installonlypkgs %>
installonlypkgs=<%= @config.installonlypkgs %>
<% end %>
<% if @config.installroot %>
installroot=<%= @config.installroot %>
<% end %>
<% if @config.keepalive %>
keepalive=<%= @config.keepalive %>
<% end %>
<% if @config.keepcache %>
keepcache=1
<% else %>
keepcache=0
<% end %>
<% if @config.kernelpkgnames %>
kernelpkgnames=<%= @config.kernelpkgnames %>
<% end %>
<% if @config.localpkg_gpgcheck %>
localpkg_gpgcheck=1
<% else %>
localpkg_gpgcheck=0
<% end %>
<% if @config.logfile %>
logfile=<%= @config.logfile %>
<% end %>
<% if @config.max_retries %>
max_retries=<%= @config.max_retries %>
<% end %>
<% if @config.mdpolicy %>
mdpolicy=<%= @config.mdpolicy %>
<% end %>
<% if @config.metadata_expire %>
metadata_expire=<%= @config.metadata_expire %>
<% end %>
<% if @config.mirrorlist_expire %>
mirrorlist_expire=<%= @config.mirrorlist_expire %>
<% end %>
<% if @config.multilib_policy %>
multilib_policy=<%= @config.multilib_policy %>
<% end %>
<% if @config.obsoletes == false %>
obsoletes=0
<% else %>
obsoletes=1
<% end %>
<% if @config.overwrite_groups %>
overwrite_groups=<%= @config.overwrite_groups %>
<% end %>
<% if @config.password %>
password=<%= @config.password %>
<% end %>
<% if @config.persistdir %>
persistdir=<%= @config.persistdir %>
<% end %>
<% if @config.pluginconfpath %>
pluginconfpath=<%= @config.pluginconfpath %>
<% end %>
<% if @config.pluginpath %>
pluginpath=<%= @config.pluginpath %>
<% end %>
<% if @config.plugins %>
plugins=1
<% else %>
plugins=0
<% end %>
<% if @config.protected_multilib %>
protected_multilib=<%= @config.protected_multilib %>
<% end %>
<% if @config.protected_packages %>
protected_packages=<%= @config.protected_packages %>
<% end %>
<% if @config.proxy %>
proxy=<%= @config.proxy %>
<% end %>
<% if @config.proxy_password %>
proxy_password=<%= @config.proxy_password %>
<% end %>
<% if @config.proxy_username %>
proxy_username=<%= @config.proxy_username %>
<% end %>
<% if @config.recent %>
recent=<%= @config.recent %>
<% end %>
<% if @config.releasever && @config.releasever.length > 0 %>
releasever=<%= @config.releasever %>
<% end %>
<% if @config.repo_gpgcheck %>
repo_gpgcheck=<%= @config.repo_gpgcheck %>
<% end %>
<% if @config.reposdir %>
reposdir=<%= @config.reposdir %>
<% end %>
<% if @config.reset_nice %>
reset_nice=<%= @config.reset_nice %>
<% end %>
<% if @config.rpmverbosity %>
rpmverbosity=<%= @config.rpmverbosity %>
<% end %>
<% if @config.showdupesfromrepos %>
showdupesfromrepos=<%= @config.showdupesfromrepos %>
<% end %>
<% if @config.skip_broken %>
skip_broken=<%= @config.skip_broken %>
<% end %>
<% unless @config.skip_if_unavailable.nil? %>
skip_if_unavailable=<%= @config.skip_if_unavailable %>
<% end %>
<% if @config.ssl_check_cert_permissions %>
ssl_check_cert_permissions=<%= @config.ssl_check_cert_permissions %>
<% end %>
<% if @config.sslcacert %>
sslcacert=<%= @config.sslcacert %>
<% end %>
<% if @config.sslclientcert %>
sslclientcert=<%= @config.sslclientcert %>
<% end %>
<% if @config.sslclientkey %>
sslclientkey=<%= @config.sslclientkey %>
<% end %>
<% unless @config.sslverify.nil? %>
sslverify=<%= ( @config.sslverify ) ? 'true' : 'false' %>
<% end %>
<% if @config.syslog_device %>
syslog_device=<%= @config.syslog_device %>
<% end %>
<% if @config.syslog_facility %>
syslog_facility=<%= @config.syslog_facility %>
<% end %>
<% if @config.syslog_ident %>
syslog_ident=<%= @config.syslog_ident %>
<% end %>
<% if @config.throttle %>
throttle=<%= @config.throttle %>
<% end %>
<% if @config.timeout %>
timeout=<%= @config.timeout %>
<% end %>
<% if @config.tolerant %>
tolerant=<%= ( @config.tolerant ) ? '1' : '0' %>
<% end %>
<% if @config.tsflags %>
tsflags=<%= @config.tsflags %>
<% end %>
<% if @config.username %>
username=<%= @config.username %>
<% end %>
<% if @config.options -%>
<% @config.options.each do |key, value| -%>
<%= key %>=<%=
case value
when Array
value.join("\n ")
when TrueClass
'1'
when FalseClass
'0'
else
value
end %>
<% end -%>
<% end -%>

3
environments/development.json
View File

@ -4,6 +4,9 @@
"json_class": "Chef::Environment",
"chef_type": "environment",
"default_attributes": {
"openresty": {
"try_aio": false
}
},
"override_attributes": {
"kosmos-mastodon": {

39
nodes/draco.kosmos.org.json
View File

@ -1,5 +1,6 @@
{
"name": "draco.kosmos.org",
"chef_environment": "production",
"normal": {
"knife_zero": {
"host": "10.1.1.167"
@ -8,6 +9,9 @@
"backup": {
"schedule": "0/3:55"
}
},
"openresty": {
"listen_ip": "148.251.237.111"
}
},
"automatic": {
@ -17,7 +21,8 @@
"hostname": "draco",
"ipaddress": "148.251.237.73",
"roles": [
"openresty_proxy",
"openresty"
],
"recipes": [
"kosmos-base",
@ -30,7 +35,10 @@
"kosmos-ipfs::firewall_swarm",
"kosmos-bitcoin::firewall",
"kosmos_zerotier::firewall",
"kosmos-nginx::firewall",
"kosmos_openresty",
"kosmos_openresty::default",
"kosmos_openresty::firewall",
"kosmos_assets::nginx_site",
"sockethub::firewall",
"apt::default",
"timezone_iii::default",
@ -47,19 +55,30 @@
"postfix::sasl_auth",
"hostname::default",
"firewall::default",
"chef-sugar::default"
"openresty::apt_package",
"openresty::ohai_plugin",
"openresty::commons_user",
"openresty::commons_dir",
"openresty::commons_script",
"openresty::commons_conf",
"logrotate::default",
"openresty::luarocks",
"git::default",
"git::package",
"kosmos-base::letsencrypt"
],
"platform": "ubuntu",
"platform_version": "20.04",
"cloud": null,
"chef_packages": {
"ohai": {
"version": "15.12.0",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/ohai-15.12.0/lib/ohai"
},
"chef": {
"version": "15.17.4",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.17.4/lib"
"version": "18.2.7",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.2.7/lib",
"chef_effortless": null
},
"ohai": {
"version": "18.1.4",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.4/lib/ohai"
}
}
},
@ -72,7 +91,7 @@
"recipe[kosmos-ipfs::firewall_swarm]",
"recipe[kosmos-bitcoin::firewall]",
"recipe[kosmos_zerotier::firewall]",
"recipe[kosmos-nginx::firewall]",
"role[openresty_proxy]",
"recipe[sockethub::firewall]"
]
}

7933
nodes/vagrant-openresty.json Normal file
View File

File diff suppressed because it is too large Load Diff

17
roles/openresty.rb Normal file
View File

@ -0,0 +1,17 @@
name "openresty"
development_run_list = %w(
kosmos_openresty::default
kosmos_openresty::hello_world
)
default_run_list = %w(
kosmos_openresty::default
kosmos_openresty::firewall
)
env_run_lists(
'_default' => default_run_list,
'development' => development_run_list,
'production' => default_run_list
)

54
roles/openresty_proxy.rb Normal file
View File

@ -0,0 +1,54 @@
name "openresty_proxy"
override_attributes(
'openresty' => {
'server_names_hash_bucket_size' => 128
},
'tor' => {
'HiddenServices' => {
'web' => {
'HiddenServicePorts' => ['80 127.0.0.1:80', '443 127.0.0.1:443']
}
}
}
)
development_run_list = %w(
role[openresty]
kosmos_assets::nginx_site
)
default_run_list = %w(
role[openresty]
tor-full
kosmos_assets::nginx_site
kosmos_discourse::nginx
kosmos_drone::nginx
kosmos_garage::default
kosmos_garage::firewall_rpc
kosmos_garage::nginx_web
kosmos_gitea::nginx
kosmos_rsk::nginx_testnet
kosmos_rsk::nginx_mainnet
kosmos_website::default
kosmos-akkounts::nginx
kosmos-akkounts::nginx_api
kosmos-bitcoin::nginx_lndhub
kosmos-ejabberd::nginx
kosmos-hubot::nginx_botka_irc-libera-chat
kosmos-hubot::nginx_hal8000_xmpp
kosmos-ipfs::nginx_public_gateway
kosmos-mastodon::nginx
remotestorage_discourse::nginx
)
production_run_list = %w(
role[openresty]
kosmos_assets::nginx_site
)
env_run_lists(
'_default' => default_run_list,
'development' => development_run_list,
'production' => production_run_list
)

21
site-cookbooks/kosmos-base/recipes/letsencrypt.rb
View File

@ -52,16 +52,17 @@ end
end
end
# TODO check if nginx is installed/running on the node
file "/etc/letsencrypt/renewal-hooks/deploy/nginx" do
content <<-EOF
#!/usr/bin/env bash
# Reloading nginx is enough to read the new certificates
systemctl reload nginx
EOF
mode 0755
owner "root"
group "root"
if node.run_list.roles.include?("openresty_proxy")
file "/etc/letsencrypt/renewal-hooks/post/openresty" do
content <<-EOF
#!/usr/bin/env bash
# Reloading openresty is enough to read the new certificates
systemctl reload openresty
EOF
mode 0755
owner "root"
group "root"
end
end
# include_recipe 'kosmos-base::systemd_emails'

50
site-cookbooks/kosmos-base/resources/tls_cert_for.rb Normal file
View File

@ -0,0 +1,50 @@
resource_name :tls_cert_for
provides :tls_cert_for
property :domain, [String, Array], name_property: true
property :auth, [String, NilClass], default: nil
default_action :create
def initialize(*args)
super
@run_context.include_recipe 'kosmos-base::letsencrypt'
end
action :create do
domains = Array(new_resource.domain)
case new_resource.auth
when "gandi_dns"
gandi_api_data_bag_item = data_bag_item('credentials', 'gandi_api_5apps')
hook_path = "/root/gandi_dns_certbot_hook.sh"
template hook_path do
cookbook "kosmos-base"
variables gandi_api_key: gandi_api_data_bag_item["key"]
mode 0770
end
# Generate a Let's Encrypt cert (only if no cert has been generated before).
# The systemd timer will take care of renewing
execute "letsencrypt cert for #{domains.join(', ')}" do
command <<-CMD
certbot certonly --manual -n \
--preferred-challenges dns \
--manual-public-ip-logging-ok \
--agree-tos \
--manual-auth-hook '#{hook_path} auth' \
--manual-cleanup-hook '#{hook_path} cleanup' \
--deploy-hook /etc/letsencrypt/renewal-hooks/post/openresty \
--email ops@kosmos.org \
#{domains.map {|d| "-d #{d}" }.join(" ")}
CMD
not_if do
::File.exist?("/etc/letsencrypt/live/#{domains.first}/fullchain.pem")
end
end
else
# regular http auth
end
end

63
site-cookbooks/kosmos-base/templates/default/gandi_dns_certbot_hook.sh.erb Executable file
View File

@ -0,0 +1,63 @@
#!/usr/bin/env bash
#
set -euf -o pipefail
# ************** USAGE **************
#
# Example usage (with this hook file saved in /root/):
#
# sudo su -
# certbot certonly --manual --preferred-challenges dns --manual-public-ip-logging-ok --agree-tos -d "5apps.com" -d muc.5apps.com -d "xmpp.5apps.com" \
# --manual-auth-hook "/root/letsencrypt_hook.sh auth" --manual-cleanup-hook "/root/letsencrypt_hook.sh cleanup"
#
# This hook requires configuration, continue reading.
#
# ************** CONFIGURATION **************
#
# GANDI_API_KEY: Your Gandi Live API key
#
# PROVIDER_UPDATE_DELAY:
# How many seconds to wait after updating your DNS records. This may be required,
# depending on how slow your DNS host is to begin serving new DNS records after updating
# them via the API. 30 seconds is a safe default, but some providers can be very slow
# (e.g. Linode).
#
# Defaults to 30 seconds.
#
GANDI_API_KEY="<%= @gandi_api_key %>"
PROVIDER_UPDATE_DELAY=2
regex='.*\.(.*\..*)'
if [[ $CERTBOT_DOMAIN =~ $regex ]]
then
DOMAIN="${BASH_REMATCH[1]}"
else
DOMAIN="${CERTBOT_DOMAIN}"
fi
# To be invoked via Certbot's --manual-auth-hook
function auth {
curl -s -D- -H "Content-Type: application/json" \
-H "X-Api-Key: ${GANDI_API_KEY}" \
-d "{\"rrset_name\": \"_acme-challenge.${CERTBOT_DOMAIN}.\",
\"rrset_type\": \"TXT\",
\"rrset_ttl\": 3600,
\"rrset_values\": [\"${CERTBOT_VALIDATION}\"]}" \
"https://dns.api.gandi.net/api/v5/domains/${DOMAIN}/records"
sleep ${PROVIDER_UPDATE_DELAY}
}
# To be invoked via Certbot's --manual-cleanup-hook
function cleanup {
curl -s -X DELETE -H "Content-Type: application/json" \
-H "X-Api-Key: ${GANDI_API_KEY}" \
https://dns.api.gandi.net/api/v5/domains/${DOMAIN}/records/_acme-challenge.${CERTBOT_DOMAIN}./TXT
}
HANDLER=$1; shift;
if [ -n "$(type -t $HANDLER)" ] && [ "$(type -t $HANDLER)" = function ]; then
$HANDLER "$@"
fi

3
site-cookbooks/kosmos_assets/metadata.rb
View File

@ -7,4 +7,5 @@ long_description 'Configures static asset Web hosting'
version '1.0.0'
chef_version '>= 15.10' if respond_to?(:chef_version)
depends "kosmos-nginx"
depends "kosmos-base"
depends "kosmos_openresty"

34
site-cookbooks/kosmos_assets/recipes/nginx_site.rb
View File

@ -1,38 +1,36 @@
#
# Cookbook:: kosmos_assets
# Recipe:: nginx_site
# Recipe:: openresty_site
#
include_recipe "kosmos-nginx"
include_recipe "git"
include_recipe "kosmos_openresty"
domain = node["kosmos_assets"]["domain"]
nginx_certbot_site domain
tls_cert_for domain do
auth "gandi_dns"
action :create
end
directory "/var/www/#{domain}/site" do
user node["nginx"]["user"]
group node["nginx"]["group"]
user node["openresty"]["user"]
group node["openresty"]["group"]
mode "0755"
recursive true
end
git "/var/www/#{domain}/site" do
user node["nginx"]["user"]
group node["nginx"]["group"]
user node["openresty"]["user"]
group node["openresty"]["group"]
repository node["kosmos_assets"]["repo"]
revision node["kosmos_assets"]["revision"]
action :sync
end
template "#{node["nginx"]["dir"]}/sites-available/#{domain}" do
source "nginx_conf_assets.erb"
owner node["nginx"]["user"]
mode 0640
openresty_site domain do
template "nginx_conf_assets.erb"
variables domain: domain,
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem"
notifies :reload, "service[nginx]", :delayed
end
nginx_site domain do
action :enable
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem"
end

5
site-cookbooks/kosmos_assets/templates/nginx_conf_assets.erb
View File

@ -2,13 +2,14 @@
# Generated by Chef
server {
listen 443 ssl http2;
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
listen [::]:443 ssl http2;
server_name <%= @domain %>;
root /var/www/<%= @domain %>/site;
access_log off;
access_log <%= node['openresty']['log_dir'] %>/<%= @domain %>.access.log;
error_log <%= node['openresty']['log_dir'] %>/<%= @domain %>.error.log;
gzip_static on;
gzip_comp_level 5;

25
site-cookbooks/kosmos_openresty/.gitignore vendored Normal file
View File

@ -0,0 +1,25 @@
.vagrant
*~
*#
.#*
\#*#
.*.sw[a-z]
*.un~
# Bundler
Gemfile.lock
gems.locked
bin/*
.bundle/*
# test kitchen
.kitchen/
kitchen.local.yml
# Chef Infra
Berksfile.lock
.zero-knife.rb
Policyfile.lock.json
.idea/

5
site-cookbooks/kosmos_openresty/CHANGELOG.md Normal file
View File

@ -0,0 +1,5 @@
# kosmos_openresty CHANGELOG
## 0.1.0
Initial release.

21
site-cookbooks/kosmos_openresty/LICENSE Normal file
View File

@ -0,0 +1,21 @@
The MIT License (MIT)
Copyright (c) 2023 Kosmos
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

4
site-cookbooks/kosmos_openresty/README.md Normal file
View File

@ -0,0 +1,4 @@
# kosmos_openresty
Wrapper cookbook for our fork of the openresty cookbook. It adds support for
installing from the package using the official apt repository.

115
site-cookbooks/kosmos_openresty/chefignore Normal file
View File

@ -0,0 +1,115 @@
# Put files/directories that should be ignored in this file when uploading
# to a Chef Infra Server or Supermarket.
# Lines that start with '# ' are comments.
# OS generated files #
######################
.DS_Store
ehthumbs.db
Icon?
nohup.out
Thumbs.db
.envrc
# EDITORS #
###########
.#*
.project
.settings
*_flymake
*_flymake.*
*.bak
*.sw[a-z]
*.tmproj
*~
\#*
REVISION
TAGS*
tmtags
.vscode
.editorconfig
## COMPILED ##
##############
*.class
*.com
*.dll
*.exe
*.o
*.pyc
*.so
*/rdoc/
a.out
mkmf.log
# Testing #
###########
.circleci/*
.codeclimate.yml
.delivery/*
.foodcritic
.kitchen*
.mdlrc
.overcommit.yml
.rspec
.rubocop.yml
.travis.yml
.watchr
.yamllint
azure-pipelines.yml
Dangerfile
examples/*
features/*
Guardfile
kitchen.yml*
mlc_config.json
Procfile
Rakefile
spec/*
test/*
# SCM #
#######
.git
.gitattributes
.gitconfig
.github/*
.gitignore
.gitkeep
.gitmodules
.svn
*/.bzr/*
*/.git
*/.hg/*
*/.svn/*
# Berkshelf #
#############
Berksfile
Berksfile.lock
cookbooks/*
tmp
# Bundler #
###########
vendor/*
Gemfile
Gemfile.lock
# Policyfile #
##############
Policyfile.rb
Policyfile.lock.json
# Documentation #
#############
CODE_OF_CONDUCT*
CONTRIBUTING*
documentation/*
TESTING*
UPGRADING*
# Vagrant #
###########
.vagrant
Vagrantfile

10
site-cookbooks/kosmos_openresty/metadata.rb Normal file
View File

@ -0,0 +1,10 @@
name 'kosmos_openresty'
maintainer 'Kosmos'
maintainer_email 'mail@kosmos.org'
license 'MIT'
description 'Installs/Configures openresty'
version '0.1.0'
chef_version '>= 18.0'
depends 'kosmos-base'
depends 'openresty'

7
site-cookbooks/kosmos_openresty/recipes/default.rb Normal file
View File

@ -0,0 +1,7 @@
#
# Cookbook:: kosmos_openresty
# Recipe:: default
#
# Install openresty from official packages
include_recipe 'openresty::apt_package'

11
site-cookbooks/kosmos_openresty/recipes/firewall.rb Normal file
View File

@ -0,0 +1,11 @@
#
# Cookbook Name:: kosmos_openresty
# Recipe:: firewall
include_recipe "kosmos-base::firewall"
firewall_rule "http/https" do
port [80, 443]
protocol :tcp
command :allow
end

10
site-cookbooks/kosmos_openresty/recipes/hello_world.rb Normal file
View File

@ -0,0 +1,10 @@
#
# Cookbook:: kosmos_openresty
# Recipe:: hello_world
#
openresty_site 'hello_world' do
template 'hello_world.conf.erb'
redirect_http false
action :enable
end

9
site-cookbooks/kosmos_openresty/templates/hello_world.conf.erb Normal file
View File

@ -0,0 +1,9 @@
server {
listen 80 reuseport;
location / {
default_type text/plain;
content_by_lua_block {
ngx.say("Hello World")
}
}
}

1
site-cookbooks/openresty Submodule

@ -0,0 +1 @@
Subproject commit 867046cbd1e120f7b2cb842114dcc725cdf0c2b2