Use older Redis cookbook, install on bitcoin-2

cookbooks/redisio/CHANGELOG.md

@@ -1,26 +1,9 @@
 
 # redisio
 
-This file is used to list changes made in each version of the redisio cookbook.
-
-## 6.1.0 - *2021-09-15*
-
-- Add protected mode to sentinel configuration file
-
-## 6.0.0 - *2021-09-09*
-
-- Set unified_mode true for Chef 17+ support
-- Require Chef 15.3+ for unified_mode
-- Require Chef 16 for user_ulimit resource
-- Remove dependency on the ulimit cookbook
-- Switch from using the selinux_policy cookbook to the selinux cookbook
-  - The selinux_policy cookbook is now deprecated. The resources have been moved
-    to the selinux cookbook
-
 ## 5.0.0 - *2021-09-08*
 
 - resolved cookstyle error: attributes/default.rb:74:40 refactor: `Chef/Modernize/UseChefLanguageSystemdHelper`
-
 ## 4.3.2 - *2021-08-30*
 
 - Standardise files with files in sous-chefs/repo-management

cookbooks/redisio/README.md

@@ -413,8 +413,7 @@ The sentinel recipe's use their own attribute file.
 'logfile'                 => nil,
 'syslogenabled'           => 'yes',
 'syslogfacility'          => 'local0',
-'quorum_count'            => 2,
-'protected-mode'          => nil,
+'quorum_count'            => 2
 ```
 
 * `redisio['redisio']['sentinel']['manage_config']` - Should the cookbook manage the redis and redis sentinel config files.  This is best set to false when using redis_sentinel as it will write state into both configuration files.

cookbooks/redisio/attributes/default.rb

@@ -162,10 +162,3 @@ default['redisio']['bin_path'] = if node['redisio']['package_install']
                                  else
                                    '/usr/local/bin'
                                  end
-
-# Ulimit
-default['ulimit']['pam_su_template_cookbook'] = nil
-default['ulimit']['users'] = Mash.new
-default['ulimit']['security_limits_directory'] = '/etc/security/limits.d'
-default['ulimit']['ulimit_overriding_sudo_file_name'] = 'sudo'
-default['ulimit']['ulimit_overriding_sudo_file_cookbook'] = nil

cookbooks/redisio/attributes/redis_sentinel.rb

@@ -26,7 +26,6 @@ default['redisio']['sentinel_defaults'] = {
   'announce-port'           => nil,
   'notification-script'     => nil,
   'client-reconfig-script'  => nil,
-  'protected_mode'          => nil,
 }
 
 # Manage Sentinel Config File

cookbooks/redisio/files/sudo

@@ -1,8 +0,0 @@
-#%PAM-1.0
-
-auth       required   pam_env.so readenv=1 user_readenv=0
-auth       required   pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0
-session    required   pam_limits.so
-@include common-auth
-@include common-account
-@include common-session-noninteractive

cookbooks/redisio/metadata.json

@@ -16,7 +16,8 @@
     "ubuntu": ">= 0.0.0"
   },
   "dependencies": {
-    "selinux": ">= 0.0.0"
+    "ulimit": ">= 0.1.2",
+    "selinux_policy": ">= 2.2.0"
   },
   "providing": {
 
@@ -24,13 +25,13 @@
   "recipes": {
 
   },
-  "version": "6.1.0",
+  "version": "5.0.0",
   "source_url": "https://github.com/sous-chefs/redisio",
   "issues_url": "https://github.com/sous-chefs/redisio/issues",
   "privacy": false,
   "chef_versions": [
     [
-      ">= 16"
+      ">= 15.5"
     ]
   ],
   "ohai_versions": [

cookbooks/redisio/metadata.rb

@@ -3,10 +3,10 @@ maintainer        'Sous Chefs'
 maintainer_email  'help@sous-chefs.org'
 license           'Apache-2.0'
 description       'Installs and configures redis'
-version           '6.1.0'
+version           '5.0.0'
 source_url        'https://github.com/sous-chefs/redisio'
 issues_url        'https://github.com/sous-chefs/redisio/issues'
-chef_version      '>= 16'
+chef_version      '>= 15.5'
 
 %w(
   amazon
@@ -21,4 +21,5 @@ chef_version      '>= 16'
   supports os
 end
 
-depends 'selinux'
+depends 'ulimit', '>= 0.1.2'
+depends 'selinux_policy', '>= 2.2.0'

cookbooks/redisio/providers/sentinel.rb

@@ -151,8 +151,7 @@ def configure
           announce_ip:            current['announce-ip'],
           announce_port:          current['announce-port'],
           notification_script:    current['notification-script'],
-          client_reconfig_script: current['client-reconfig-script'],
-          protected_mode:         current['protected_mode']
+          client_reconfig_script: current['client-reconfig-script']
         )
         not_if { ::File.exist?("#{current['configdir']}/#{sentinel_name}.conf.breadcrumb") }
       end

cookbooks/redisio/recipes/configure.rb

@@ -1,5 +1,5 @@
 include_recipe 'redisio::default'
-include_recipe 'redisio::ulimit'
+include_recipe 'ulimit::default'
 
 redis = node['redisio']
 

cookbooks/redisio/recipes/default.rb

@@ -1,4 +1,14 @@
-apt_update
+# debian 6.0.x fails the build_essential recipe without an apt-get update prior to run
+if platform?('debian', 'ubuntu')
+  execute 'apt-get-update-periodic' do
+    command 'apt-get update'
+    ignore_failure true
+    only_if do
+      !File.exist?('/var/lib/apt/periodic/update-success-stamp') ||
+        File.mtime('/var/lib/apt/periodic/update-success-stamp') < Time.now - 86400
+    end
+  end
+end
 
 unless node['redisio']['package_install']
   include_recipe 'redisio::_install_prereqs'

cookbooks/redisio/recipes/install.rb

@@ -19,4 +19,4 @@ else
   end
 end
 
-include_recipe 'redisio::ulimit'
+include_recipe 'ulimit::default'

cookbooks/redisio/recipes/sentinel.rb

@@ -1,6 +1,6 @@
 include_recipe 'redisio::_install_prereqs'
 include_recipe 'redisio::install'
-include_recipe 'redisio::ulimit'
+include_recipe 'ulimit::default'
 
 redis = node['redisio']
 

cookbooks/redisio/recipes/ulimit.rb

@@ -1,25 +0,0 @@
-# Pulled from the now replaced ulimit cookbook
-# TODO: find a more tidy way to do this
-ulimit = node['ulimit']
-
-if platform_family?('debian')
-  template '/etc/pam.d/su' do
-    cookbook ulimit['pam_su_template_cookbook']
-  end
-
-  cookbook_file '/etc/pam.d/sudo' do
-    cookbook node['ulimit']['ulimit_overriding_sudo_file_cookbook']
-    source node['ulimit']['ulimit_overriding_sudo_file_name']
-    mode '0644'
-  end
-end
-
-if ulimit.key?('users')
-  ulimit['users'].each do |user, attributes|
-    user_ulimit user do
-      attributes.each do |a, v|
-        send(a.to_sym, v)
-      end
-    end
-  end
-end

cookbooks/redisio/resources/configure.rb

@@ -1,5 +1,5 @@
 actions :run
-unified_mode true
+
 default_action :run
 
 # Configuration attributes

cookbooks/redisio/resources/install.rb

@@ -1,5 +1,5 @@
 actions :run
-unified_mode true
+
 default_action :run
 
 # Installation attributes

cookbooks/redisio/resources/sentinel.rb

@@ -1,5 +1,5 @@
 actions :run
-unified_mode true
+
 default_action :run
 
 # Configuration attributes

cookbooks/redisio/templates/default/domain.erb

@@ -1,9 +0,0 @@
-<%
-  node.run_state[:ulimit][@domain].each do |item, entries|
-    entries.each do |type, value|
--%>
-<%= @domain %> <%= type %> <%= item %> <%= value %>
-<%
-    end
-  end
--%>

cookbooks/redisio/templates/default/sentinel.conf.erb

@@ -11,14 +11,10 @@ syslog-ident redis-<%= @name %>
 syslog-facility <%= @syslogfacility %>
 <%= "logfile #{@logfile}" unless @logfile.nil? %>
 
+# bind sentinel IP
 <% if @sentinel_bind %>
 bind <%=@sentinel_bind%>
 <% end %>
-
- <% if @protected_mode %>
-<%= "protected-mode #{@protected_mode}" %>
-<% end %>
-
 # port <sentinel-port>
 # The port that this sentinel instance will run on
 port <%=@sentinel_port%>

cookbooks/redisio/templates/default/su.erb

@@ -1,62 +0,0 @@
-#
-# The PAM configuration file for the Shadow `su' service
-#
-# This file modified by Chef to enable ulimit switching with `su`
-#
-
-# This allows root to su without passwords (normal operation)
-auth       sufficient pam_rootok.so
-
-# Uncomment this to force users to be a member of group root
-# before they can use `su'. You can also add "group=foo"
-# to the end of this line if you want to use a group other
-# than the default "root" (but this may have side effect of
-# denying "root" user, unless she's a member of "foo" or explicitly
-# permitted earlier by e.g. "sufficient pam_rootok.so").
-# (Replaces the `SU_WHEEL_ONLY' option from login.defs)
-# auth       required   pam_wheel.so
-
-# Uncomment this if you want wheel members to be able to
-# su without a password.
-# auth       sufficient pam_wheel.so trust
-
-# Uncomment this if you want members of a specific group to not
-# be allowed to use su at all.
-# auth       required   pam_wheel.so deny group=nosu
-
-# Uncomment and edit /etc/security/time.conf if you need to set
-# time restrainst on su usage.
-# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
-# as well as /etc/porttime)
-# account    requisite  pam_time.so
-
-# This module parses environment configuration file(s)
-# and also allows you to use an extended config
-# file /etc/security/pam_env.conf.
-#
-# parsing /etc/environment needs "readenv=1"
-session       required   pam_env.so readenv=1
-# locale variables are also kept into /etc/default/locale in etch
-# reading this file *in addition to /etc/environment* does not hurt
-session       required   pam_env.so readenv=1 envfile=/etc/default/locale
-
-# Defines the MAIL environment variable
-# However, userdel also needs MAIL_DIR and MAIL_FILE variables
-# in /etc/login.defs to make sure that removing a user
-# also removes the user's mail spool file.
-# See comments in /etc/login.defs
-#
-# "nopen" stands to avoid reporting new mail when su'ing to another user
-session    optional   pam_mail.so nopen
-
-# Sets up user limits, please uncomment and read /etc/security/limits.conf
-# to enable this functionality.
-# (Replaces the use of /etc/limits in old login)
-session    required   pam_limits.so
-
-# The standard Unix authentication modules, used with
-# NIS (man nsswitch) as well as normal /etc/passwd and
-# /etc/shadow entries.
-@include common-auth
-@include common-account
-@include common-session

cookbooks/redisio/templates/default/ulimit.erb

@@ -1,32 +0,0 @@
-# Limits settings for <%= @ulimit_user %>
-<% unless @filehandle_limit.nil? -%>
-<%= @ulimit_user -%> - nofile <%= @filehandle_limit %>
-<% else -%><% unless @filehandle_soft_limit.nil? -%><%= @ulimit_user -%> soft nofile <%= @filehandle_soft_limit %><% end -%>
-<% unless @filehandle_hard_limit.nil? -%><%= @ulimit_user -%> hard nofile <%= @filehandle_hard_limit %><% end -%>
-<% end -%>
-<% unless @process_limit.nil? -%>
-<%= @ulimit_user -%> - nproc <%= @process_limit %>
-<% else -%><% unless @process_soft_limit.nil? -%><%= @ulimit_user -%> soft nproc <%= @process_soft_limit %><% end -%>
-<% unless @process_hard_limit.nil? -%><%= @ulimit_user -%> hard nproc <%= @process_hard_limit %><% end -%>
-<% end -%>
-<% unless @memory_limit.nil? -%>
-<%= @ulimit_user -%> - memlock <%= @memory_limit %>
-<% end -%>
-<% unless @core_limit.nil? -%>
-<%= @ulimit_user -%> - core <%= @core_limit %>
-<% else -%><% unless @core_soft_limit.nil? -%><%= @ulimit_user -%> soft core <%= @core_soft_limit %><% end -%>
-<% unless @core_hard_limit.nil? -%><%= @ulimit_user -%> hard core <%= @core_hard_limit %><% end -%>
-<% end -%>
-<% unless @stack_limit.nil? -%>
-<%= @ulimit_user -%> - stack <%= @stack_limit %>
-<% else -%><% unless @stack_soft_limit.nil? -%><%= @ulimit_user -%> soft stack <%= @stack_soft_limit %><% end -%>
-<% unless @stack_hard_limit.nil? -%><%= @ulimit_user -%> hard stack <%= @stack_hard_limit %><% end -%>
-<% end -%>
-<% unless @rtprio_limit.nil? -%>
-<%= @ulimit_user -%> - rtprio <%= @rtprio_limit %>
-<% else -%><% unless @rtprio_soft_limit.nil? -%><%= @ulimit_user -%> soft rtprio <%= @rtprio_soft_limit %><% end -%>
-<% unless @rtprio_hard_limit.nil? -%><%= @ulimit_user -%> hard rtprio <%= @rtprio_hard_limit %><% end -%>
-<% end -%>
-<% unless @virt_limit.nil? -%>
-  <%= @ulimit_user -%> - as <%= @virt_limit %>
-<% end -%>